From aac0d9c948f1775ab28f9a1052ea9b16295ca356 Mon Sep 17 00:00:00 2001
From: j <j@j.local>
Date: Sat, 25 Oct 2014 13:07:57 -0500
Subject: [PATCH 001/304] Linux - update mac convert.py to be cleaner and
 support latest 10.10

---
 tools/mac/convert.py | 148 ++++++-------------------------------------
 1 file changed, 21 insertions(+), 127 deletions(-)

diff --git a/tools/mac/convert.py b/tools/mac/convert.py
index 6c12f7ae9..398c03c51 100644
--- a/tools/mac/convert.py
+++ b/tools/mac/convert.py
@@ -419,20 +419,14 @@ def convert_file(mac_file, outfile):
     AT_type( {0x0000008b}
     '''
 
-    level1_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{5}(\w+)\s')
-    level2_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{9}(\w+)\s')
-    level3_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{13}(\w+)\s')
-    level4_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{17}(\w+)\s')
-    level5_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{21}(\w+)\s')
-    level6_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{25}(\w+)\s')
-    level7_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{29}(\w+)\s')
-    level8_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{33}(\w+)\s')
-    level9_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{37}(\w+)\s')
-    level10_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{41}(\w+)\s')
-    level11_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{45}(\w+)\s')
-    level12_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{49}(\w+)\s')
-    level13_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{53}(\w+)\s')
-    level14_re = re.compile(r'^(0x[0-9a-fA-F]+):\s{57}(\w+)\s')
+    # skip the first (entry 0)
+    re_compiles = ["<BAD COMPILE>"]
+    parse_depth = 27
+    string_idx  = 5
+    for i in range(1, parse_depth):       
+        s = r'^(0x[0-9a-fA-F]+):\s{' + "%d" % string_idx  + r'}(\w+)\s'
+        re_compiles.append(re.compile(s))
+        string_idx = string_idx + 4
     
     at_re     = re.compile(r'^\s+(\w+)\((.+)')
 
@@ -440,7 +434,6 @@ def convert_file(mac_file, outfile):
     dontbreak = 0
 
     for line in mac_file.readlines():
-
         if len(line) < 2:
             outfile.write("\n")
             level = 0
@@ -469,120 +462,22 @@ def convert_file(mac_file, outfile):
 
         # new declaration
         if level == 0:
-            m = level1_re.match(line)
-            t = level2_re.match(line)
-            r = level3_re.match(line)
-            f = level4_re.match(line)
-            z = level5_re.match(line)
-            s = level6_re.match(line)
-            y = level7_re.match(line)
-            b = level8_re.match(line)
-            j = level9_re.match(line)
-            a = level10_re.match(line)
-            c = level11_re.match(line)
-            d = level12_re.match(line)
-            e = level13_re.match(line)
-            g = level14_re.match(line)            
-
-            if m:
-                (id, name) = m.groups()
-                id = "%d" % int(id, 16)
-                level = 1
-
-                write_line(outfile, 1, id, name)
-
-            elif t:
-                (id, name) = t.groups()
-                id = "%d" % int(id, 16)
-                level = 1
-                
-                write_line(outfile, 2, id, name)
-            
-            elif r:
-                (id, name) = r.groups()
-                id = "%d" % int(id, 16)           
-                level = 1
-                
-                write_line(outfile, 3, id, name)
-
-            elif f:
-                (id, name) = f.groups()
-                id = "%d" % int(id, 16)
-                level = 1
-
-                write_line(outfile, 4, id, name)
-
-            elif z:
-                (id, name) = z.groups()    
-                level = 1
-                id = "%d" % int(id, 16)
-
-                write_line(outfile, 5, id, name)
-    
-            elif s:
-                (id, name) = s.groups()
-                id = "%d" % int(id, 16)
-                level = 1
-            
-                write_line(outfile, 6, id, name)
-
-            elif y:
-                (id, name) = y.groups()
-                id = "%d" % int(id, 16)
-                level = 1
-           
-                write_line(outfile, 7, id, name)
-            
-            elif b:
-                (id, name) = b.groups()
-                id = "%d" % int(id, 16)
-                level = 1
-
-                write_line(outfile, 8, id, name)
-
-            elif j:
-                (id, name) = j.groups()
-                id = "%d" % int(id, 16)
-                level = 1
-
-                write_line(outfile, 9, id, name)
-
-            elif a:
-                (id, name) = a.groups()
-                id = "%d" % int(id, 16)
-                level = 1
+            line_wrote = False
+            for check_idx in range(1, parse_depth):
+                re_check = re_compiles[check_idx]
                 
-                write_line(outfile, 10, id, name)
+                matchobj = re_check.match(line)
+                if matchobj:
+                    (id, name) = matchobj.groups()
 
-            elif c:
-                (id, name) = c.groups()
-                id = "%d" % int(id, 16)
-                level = 1
-                
-                write_line(outfile, 11, id, name)
-
-            elif d:
-                (id, name) = d.groups()
-                id = "%d" % int(id, 16)
-                level = 1
-                
-                write_line(outfile, 12, id, name)
-
-            elif e:
-                (id, name) = e.groups()
-                id = "%d" % int(id, 16)
-                level = 1
-                
-                write_line(outfile, 13, id, name)
+                    id = "%d" % int(id, 16)
+                    level = 1
 
-            elif g:
-                (id, name) = g.groups()
-                id = "%d" % int(id, 16)
-                level = 1
-        
-                write_line(outfile, 14, id, name)
+                    write_line(outfile, check_idx, id, name)
+                    line_wrote = True
+                    break
 
-            else:
+            if not line_wrote:
                 print "State machine broken! level 0! %s" % line
                 sys.exit(1)
 
@@ -590,8 +485,7 @@ def convert_file(mac_file, outfile):
         #                AT_xxxx
         #                blank
         elif level == 1:
-                        
-            m = level2_re.match(line)
+            m = re_compiles[2].match(line)
             a = at_re.match(line)
             if m:
                 (id, name) = m.groups()

From 678d310fdac7f3fe3268cd7324dedeb1fce35302 Mon Sep 17 00:00:00 2001
From: KevTheHermit <kevthehermit@gmail.com>
Date: Fri, 6 May 2016 16:11:12 +0100
Subject: [PATCH 002/304] Add Unified Output to Notepad plugin

---
 volatility/plugins/notepad.py | 45 +++++++++++++++++++++++++++++++----
 1 file changed, 41 insertions(+), 4 deletions(-)

diff --git a/volatility/plugins/notepad.py b/volatility/plugins/notepad.py
index 84e583757..ba7b87048 100644
--- a/volatility/plugins/notepad.py
+++ b/volatility/plugins/notepad.py
@@ -23,6 +23,7 @@
 import volatility.obj as obj
 import volatility.utils as utils
 import volatility.plugins.taskmods as taskmods
+from volatility.renderers import TreeGrid
 
 #--------------------------------------------------------------------------------
 # object classes 
@@ -181,6 +182,42 @@ def is_valid_profile(profile):
         return (profile.metadata.get('os', 'unknown') == 'windows' and
                 profile.metadata.get('major', 0) == 5)
 
+    def unified_output(self, data):
+        return TreeGrid([("Process", str),
+                         ("PID", int),
+                         ("Text", str),
+                         ], self.generator(data))
+
+    def generator(self, data):
+        for task in data:
+            # only looking for notepad
+            if str(task.ImageFileName).lower() != "notepad.exe":
+                continue
+            process_id = task.UniqueProcessId
+
+            entry_size = task.obj_vm.profile.get_obj_size("_HEAP_ENTRY")
+            heap = task.Peb.ProcessHeap.dereference_as("_HEAP")
+
+            for segment in heap.segments():
+                for entry in segment.heap_entries():
+
+                    # the extra heap data is present
+                    if "extra" not in str(entry.Flags):
+                        continue
+
+                    text = obj.Object("String",
+                                      offset=entry.obj_offset + entry_size,
+                                      vm=task.get_process_address_space(),
+                                      length=entry.Size * entry_size,
+                                      encoding="utf16")
+
+                    if not text or len(text) == 0:
+                        continue
+                    else:
+                        display_text = text
+
+            yield(0, ['notepad.exe', int(process_id), str(display_text)])
+
     def render_text(self, outfd, data):
         for task in data:
 
@@ -200,10 +237,10 @@ def render_text(self, outfd, data):
                         continue 
 
                     text = obj.Object("String", 
-                                     offset = entry.obj_offset + entry_size, 
-                                     vm = task.get_process_address_space(),
-                                     length = entry.Size * entry_size, 
-                                     encoding = "utf16")
+                                      offset=entry.obj_offset + entry_size,
+                                      vm=task.get_process_address_space(),
+                                      length=entry.Size * entry_size,
+                                      encoding="utf16")
 
                     if not text or len(text) == 0:
                         continue 

From ce30e392f0b038986d7101d9af2ae0c490eadc97 Mon Sep 17 00:00:00 2001
From: Bridgey the Geek <bridgeythegeek@users.noreply.github.com>
Date: Sat, 21 May 2016 14:33:08 +0100
Subject: [PATCH 003/304] Added --pid option to windows plugin

Added --pid option to windows plugin in order to facilitate only outputting windows objects for specific processes.
---
 volatility/plugins/gui/windows.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/volatility/plugins/gui/windows.py b/volatility/plugins/gui/windows.py
index 8d4f469c9..97e37b27b 100644
--- a/volatility/plugins/gui/windows.py
+++ b/volatility/plugins/gui/windows.py
@@ -18,6 +18,7 @@
 # along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
 #
 
+import volatility.plugins.common as common
 import volatility.plugins.gui.messagehooks as messagehooks
 
 class WinTree(messagehooks.MessageHooks):
@@ -42,8 +43,21 @@ def render_text(self, outfd, data):
 
 class Windows(messagehooks.MessageHooks):
     """Print Desktop Windows (verbose details)"""
+    
+    def __init__(self, config, *args, **kwargs):
+        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
+
+        # Filter specific processes
+        config.add_option('PID', short_option='p', default=None,
+                          help='Operate on these Process IDs (comma-separated)',
+                          action='store', type='str')
 
     def render_text(self, outfd, data):
+    
+        if self._config.PID:
+            wanted_pids = [int(pid) for pid in self._config.PID.split(',')]
+        else:
+            wanted_pids = None
 
         for winsta, atom_tables in data:
             for desktop in winsta.desktops():
@@ -51,6 +65,11 @@ def render_text(self, outfd, data):
                 outfd.write("Window context: {0}\\{1}\\{2}\n\n".format(
                     winsta.dwSessionId, winsta.Name, desktop.Name))
                 for wnd, _level in desktop.windows(desktop.DeskInfo.spwnd):
+                
+                    # Is this a process we want?
+                    if wanted_pids and not wnd.Process.UniqueProcessId in wanted_pids:
+                        continue
+
                     outfd.write("Window Handle: #{0:x} at {1:#x}, Name: {2}\n".format(
                         wnd.head.h, wnd.obj_offset, str(wnd.strName or '')
                     ))

From 05c63014e142bb51efc9bbdaffa50059c0329514 Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Mon, 1 Aug 2016 10:18:58 -0700
Subject: [PATCH 004/304] making LoadTime all macb

---
 volatility/plugins/timeliner.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/timeliner.py b/volatility/plugins/timeliner.py
index 81e6e4a4e..a0f9a2afb 100644
--- a/volatility/plugins/timeliner.py
+++ b/volatility/plugins/timeliner.py
@@ -356,7 +356,7 @@ def calculate(self):
                     yield self.getoutput(line2, mod.get_debug_directory().TimeDateStamp, body = body)
                 if hasattr(mod, "LoadTime") and "LoadTime" in self._config.TYPE:
                     temp = line.replace("[{0}PE HEADER ".format(self._config.MACHINE), "[{0}DLL LOADTIME ".format(self._config.MACHINE))
-                    yield self.getoutput(temp, mod.TimeDateStamp, end = mod.LoadTime, body = body)
+                    yield self.getoutput(temp, mod.LoadTime, body = body)
 
         # Get Sockets and Evtlogs XP/2k3 only
         if version[0] == 5:

From 1ab2a13016345ffaea11eb12d31d385a5ff08b71 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Sat, 13 Aug 2016 10:30:19 -0500
Subject: [PATCH 005/304] add a couple of missing big page table offsets for
 6.3 and 6.4

---
 volatility/plugins/bigpagepools.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index 5aabb40f8..bf12ee0d9 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168]],
             (6, 4, '32bit') : [[-168, -164]],
         }
 
@@ -80,7 +80,7 @@ def modification(self, profile):
                 if m.get('build', 0) == 9601:
                     distance = [[-5192, -5200], [-5224, -5232]]
                 else:
-                    distance = [[-5200, -5176], [-5224, -5232]]
+                    distance = [[-5200, -5176], [-5224, -5232], [-5192, -5200]]
 
         profile.merge_overlay({
             'VOLATILITY_MAGIC': [ None, {

From 4da0673e05bcc93742fb79665341b4d0e9c3254f Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 13 Aug 2016 21:36:55 -0500
Subject: [PATCH 006/304] Mac - Add plugins from DFRWS 2015

---
 volatility/plugins/mac/check_fop.py         | 131 ++++++++++++++
 volatility/plugins/mac/classes.py           | 108 +++++++++++
 volatility/plugins/mac/devfs.py             |  88 +++++++++
 volatility/plugins/mac/interest_handlers.py | 188 ++++++++++++++++++++
 volatility/plugins/mac/kevents.py           | 131 ++++++++++++++
 volatility/plugins/mac/timers.py            |  99 +++++++++++
 volatility/plugins/mac/vfsevents.py         |  76 ++++++++
 7 files changed, 821 insertions(+)
 create mode 100644 volatility/plugins/mac/check_fop.py
 create mode 100644 volatility/plugins/mac/classes.py
 create mode 100644 volatility/plugins/mac/devfs.py
 create mode 100644 volatility/plugins/mac/interest_handlers.py
 create mode 100644 volatility/plugins/mac/kevents.py
 create mode 100644 volatility/plugins/mac/timers.py
 create mode 100644 volatility/plugins/mac/vfsevents.py

diff --git a/volatility/plugins/mac/check_fop.py b/volatility/plugins/mac/check_fop.py
new file mode 100644
index 000000000..c869e6231
--- /dev/null
+++ b/volatility/plugins/mac/check_fop.py
@@ -0,0 +1,131 @@
+# Volatility
+# Copyright (C) 2007-2013 Volatility Foundation
+#
+# This file is part of Volatility.
+#
+# Volatility is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Volatility is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+@author:       Andrew Case
+@license:      GNU General Public License 2.0
+@contact:      atcuno@gmail.com
+@organization: 
+"""
+import volatility.obj   as obj
+import volatility.utils as utils
+import volatility.debug as debug
+
+import volatility.plugins.mac.common as common
+
+class mac_check_fop(common.AbstractMacCommand):
+    """ Validate File Operation Pointers """
+
+    def _walk_vfstbllist(self, kaddr_info):
+        table_size_ptr = self.addr_space.profile.get_symbol("_maxvfsconf")
+
+        if table_size_ptr == None:
+            table_size_ptr = self.addr_space.profile.get_symbol("_maxvfsslots")
+
+        table_size = obj.Object("unsigned int", offset = table_size_ptr, vm = self.addr_space)
+
+        table_ptr = self.addr_space.profile.get_symbol("_vfstbllist")
+        table = obj.Object(theType = "Array", targetType = "vfstable", offset = table_ptr, count = table_size, vm = self.addr_space) 
+        vfs_op_members = self.profile.types['vfsops'].keywords["members"].keys()
+        vfs_op_members.remove("vfs_reserved")
+
+        for vfs in table:
+            if not vfs.is_valid():
+                continue
+
+            name = self.addr_space.read(vfs.vfc_name.obj_offset, 16)
+            if name:
+                idx = name.find("\x00")
+                if idx != -1:
+                    name = name[:idx]
+            else:
+                name = "<INVALID NAME>"
+
+            if name == "<unassigned>":
+                break
+
+            ops = vfs.vfc_vfsops
+
+            for member in vfs_op_members:
+                ptr = ops.__getattr__(member).v()
+
+                if ptr == 0:
+                    continue
+                
+                (module, handler_sym) = common.get_handler_name(kaddr_info, ptr)
+
+                yield (vfs.v(), name, ptr, module, handler_sym)
+
+    def _walk_opv_desc(self, kaddr_info):
+        table_addr = self.addr_space.profile.get_symbol("_vfs_opv_descs")
+
+        table = obj.Object(targetType = "unsigned long", theType = "Array", count = 32, vm = self.addr_space, offset = table_addr)
+
+        for desc in table:
+            if desc.v() == 0:
+                break
+
+            table_name = self.addr_space.profile.get_symbol_by_address("kernel", desc.v())
+            if not table_name:
+                table_name = "<unknown table>"
+
+            vnodeopv_desc = obj.Object("vnodeopv_desc", offset = desc.v(), vm = self.addr_space)
+
+            vdesc_arr = obj.Object(theType = "Array", targetType = "vnodeopv_entry_desc", offset = vnodeopv_desc.opv_desc_ops, count = 64, vm = self.addr_space)
+
+            for vdesc in vdesc_arr: 
+                ptr = vdesc.opve_impl.v()
+                if ptr == 0:
+                    break
+
+                name = self.addr_space.read(vdesc.opve_op.vdesc_name.v(), 64)
+                if name:
+                    idx = name.find("\x00")
+                    if idx != -1:
+                        name = name[:idx]
+                else:
+                    name = "<INVALID NAME>"
+                    
+                name = table_name + "/" + name
+
+                (module, handler_sym) = common.get_handler_name(kaddr_info, ptr)
+
+                yield (vdesc.v(), name, ptr, module, handler_sym)  
+
+    def calculate(self):
+        common.set_plugin_members(self)
+        
+        kaddr_info = common.get_handler_name_addrs(self)
+
+        funcs = [self._walk_opv_desc, self._walk_vfstbllist]
+
+        for func in funcs:
+            for (vfs_ptr, name, ptr, module, handler_sym) in func(kaddr_info):
+                yield (vfs_ptr, name, ptr, module, handler_sym) 
+    
+    def render_text(self, outfd, data):
+        self.table_header(outfd, [("Offset", "[addrpad]"),
+                          ("Name", "48"),
+                          ("Handler", "[addrpad]"),
+                          ("Module", "32"),
+                          ("Handler Sym", "")])
+
+        for (vfs_addr, name, handler, module, handler_sym) in data:
+            self.table_row(outfd, vfs_addr, name, handler, module, handler_sym)
+
diff --git a/volatility/plugins/mac/classes.py b/volatility/plugins/mac/classes.py
new file mode 100644
index 000000000..bf62ce1bd
--- /dev/null
+++ b/volatility/plugins/mac/classes.py
@@ -0,0 +1,108 @@
+# Volatility
+# Copyright (C) 2007-2013 Volatility Foundation
+#
+# This file is part of Volatility.
+#
+# Volatility is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Volatility is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+@author:       Andrew Case
+@license:      GNU General Public License 2.0
+@contact:      atcuno@gmail.com
+@organization: 
+"""
+import volatility.obj   as obj
+import volatility.utils as utils
+import volatility.debug as debug
+
+import volatility.plugins.mac.common as common
+
+class mac_kernel_classes(common.AbstractMacCommand):
+    """ Lists loaded c++ classes in the kernel """
+
+    def _struct_or_class(self, type_name):
+        """Return the name of a structure or class. 
+
+        More recent versions of OSX define some types as 
+        classes instead of structures, so the naming is
+        a little different.   
+        """
+        if self.addr_space.profile.vtypes.has_key(type_name):
+            return type_name
+        else:
+            return type_name + "_class"
+   
+    def calculate(self):
+        common.set_plugin_members(self)
+        
+        kaddr_info = common.get_handler_name_addrs(self)
+
+        dict_ptr_addr = common.get_cpp_sym("sAllClassesDict", self.addr_space.profile)     
+        dict_addr = obj.Object("unsigned long", offset = dict_ptr_addr, vm = self.addr_space)
+
+        fdict = obj.Object(self._struct_or_class("OSDictionary"), offset = dict_addr.v(), vm = self.addr_space)
+        
+        ents = obj.Object('Array', offset = fdict.dictionary, 
+                          vm = self.addr_space, 
+                          targetType = self._struct_or_class("dictEntry"), 
+                          count = fdict.count)
+
+        for ent in ents:
+            if ent == None or not ent.is_valid():
+                continue
+            
+            class_name = str(ent.key.dereference_as(self._struct_or_class("OSString")))
+           
+            osmeta = obj.Object(self._struct_or_class("OSMetaClass"), offset = ent.value.v(), vm = self.addr_space)
+
+            cname = str(osmeta.className.dereference_as(self._struct_or_class("OSString")))
+            
+            offset = 0
+
+            if hasattr(osmeta, "metaClass"):
+                arr_start = osmeta.metaClass.v()
+            else:
+                arr_start = obj.Object("Pointer", offset = osmeta.obj_offset, vm = self.addr_space)
+
+            vptr = obj.Object("unsigned long", offset = arr_start, vm = self.addr_space)
+            while vptr != 0:
+                (module, handler_sym) = common.get_handler_name(kaddr_info, vptr)
+
+                yield (cname, vptr, module, handler_sym)
+                
+                offset = offset + vptr.size()
+
+                vptr = obj.Object("unsigned long", offset = arr_start + offset, vm = self.addr_space)
+    
+    def render_text(self, outfd, data):
+        self.table_header(outfd, [("Class", "48"),
+                                  ("Address", "[addrpad]"),
+                                  ("Module", "48"),
+                                  ("Handler", "")])
+
+        for (cname, vptr, module, handler_sym) in data:
+            self.table_row(outfd, cname, vptr, module, handler_sym) 
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/volatility/plugins/mac/devfs.py b/volatility/plugins/mac/devfs.py
new file mode 100644
index 000000000..a83449550
--- /dev/null
+++ b/volatility/plugins/mac/devfs.py
@@ -0,0 +1,88 @@
+# Volatility
+# Copyright (C) 2007-2013 Volatility Foundation
+#
+# This file is part of Volatility.
+#
+# Volatility is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Volatility is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+@author:       Andrew Case
+@license:      GNU General Public License 2.0
+@contact:      atcuno@gmail.com
+@organization: 
+"""
+
+import volatility.obj as obj
+import volatility.plugins.mac.common as common
+import volatility.plugins.mac.list_files as mac_list_files
+
+class mac_devfs(common.AbstractMacCommand):
+    """ Lists files in the file cache """
+
+    def calculate(self):
+        common.set_plugin_members(self)
+
+        nchrdev_addr = self.addr_space.profile.get_symbol("_nchrdev")
+        nchrdev = obj.Object("unsigned int", offset = nchrdev_addr, vm = self.addr_space)
+
+        cdevsw_addr = self.addr_space.profile.get_symbol("_cdevsw")
+        cdevsw = obj.Object(theType = "Array", targetType = "cdevsw", offset = cdevsw_addr, vm = self.addr_space, count = nchrdev)
+
+        kaddr_info = common.get_handler_name_addrs(self)
+
+        op_members = self.profile.types['cdevsw'].keywords["members"].keys()
+        
+        op_members.remove('d_ttys')
+        op_members.remove('d_type')
+
+        files = mac_list_files.mac_list_files(self._config).calculate()
+        for vnode, path in files:
+            if vnode.v_type.v() not in [3, 4]:
+                continue
+
+            if path.startswith("/Macintosh HD"):
+                path = path[13:]
+
+            dn = vnode.v_data.dereference_as("devnode") 
+ 
+            dev   = dn.dn_typeinfo.dev
+            major = (dev >> 24) & 0xff
+
+            if not (0 <= major <= nchrdev):
+                continue
+        
+            cdev = cdevsw[major]
+           
+            for member in op_members:
+                ptr = cdev.__getattr__(member).v()
+        
+                if ptr != 0: 
+                    (module, handler_sym) = common.get_handler_name(kaddr_info, ptr)
+
+                    yield (cdev.v(), path, member, ptr, module, handler_sym)
+
+    def render_text(self, outfd, data):
+        self.table_header(outfd, [("Offset (V)", "[addrpad]"), 
+                                  ("Path", "16"),
+                                  ("Member", "16"),
+                                  ("Handler", "[addrpad]"),
+                                  ("Module",  "32"),
+                                  ("Handler", "")])
+
+        for (cdev, path, member, handler, module, sym) in data:
+            self.table_row(outfd, cdev, path, member, handler, module, sym)
+
+
+ 
diff --git a/volatility/plugins/mac/interest_handlers.py b/volatility/plugins/mac/interest_handlers.py
new file mode 100644
index 000000000..eb962c11d
--- /dev/null
+++ b/volatility/plugins/mac/interest_handlers.py
@@ -0,0 +1,188 @@
+# Volatility
+# Copyright (C) 2007-2013 Volatility Foundation
+#
+# This file is part of Volatility.
+#
+# Volatility is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Volatility is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+@author:       Andrew Case
+@license:      GNU General Public License 2.0
+@contact:      atcuno@gmail.com
+@organization: 
+"""
+import volatility.obj   as obj
+import volatility.utils as utils
+import volatility.debug as debug
+
+import volatility.plugins.mac.common as common
+
+kaddr_info = None
+
+class mac_interest_handlers(common.AbstractMacCommand):
+    """ Lists IOKit Interest Handlers """
+
+    def _struct_or_class(self, type_name):
+        """Return the name of a structure or class. 
+
+        More recent versions of OSX define some types as 
+        classes instead of structures, so the naming is
+        a little different.   
+        """
+        if self.addr_space.profile.vtypes.has_key(type_name):
+            return type_name
+        else:
+            return type_name + "_class"
+   
+    def parse_properties(self, fdict):
+        props = {}
+
+        ents = obj.Object('Array', offset = fdict.dictionary, 
+                          vm = self.addr_space, 
+                          targetType = self._struct_or_class("dictEntry"), 
+                          count = fdict.count)
+
+        # walk the current set of notifications
+        for ent in ents:
+            if ent == None or not ent.is_valid():
+                continue
+
+            key = str(ent.key.dereference_as(self._struct_or_class("OSString")))
+            val = ent.value
+ 
+            props[key] = val
+    
+        return props
+
+    def walk_reg_entry(self, reg_addr):
+        regroot = obj.Object(self._struct_or_class("IORegistryEntry"), offset = reg_addr, vm = self.addr_space)
+        
+        fdict = regroot.fRegistryTable
+
+        props = self.parse_properties(regroot.fPropertyTable)
+
+        ents = obj.Object('Array', offset = fdict.dictionary, 
+                          vm = self.addr_space, 
+                          targetType = self._struct_or_class("dictEntry"), 
+                          count = fdict.count)
+
+        keys     = []
+        children = []
+        current_name = ""
+        device_mem = False
+
+        for ent in ents:
+            if ent == None or not ent.is_valid():
+                continue
+            
+            key = str(ent.key.dereference_as(self._struct_or_class("OSString")))
+            
+            keys.append(key)
+          
+            if key == "IODeviceMemory":
+                current_name = str(ent.value.dereference_as(self._struct_or_class("OSString")))
+                device_mem = True
+ 
+            if key == "IOName" and device_mem == False:
+                current_name = str(ent.value.dereference_as(self._struct_or_class("OSString")))
+
+            if key == "IOServiceChildLinks":
+                children.append(ent.value)
+
+        if current_name == "":
+            if "IOClass" in props:
+                addr = props["IOClass"]
+                s = obj.Object(self._struct_or_class("OSString"), offset = addr, vm = self.addr_space)
+                current_name = "IOCLass: %s" % str(s)
+
+        if current_name == "":
+            serv = obj.Object(self._struct_or_class("IOService"), offset = reg_addr, vm = self.addr_space)
+            buf  = self.addr_space.read(serv.pwrMgt.Name, 128)           
+            if buf:
+                idx = buf.find("\x00")
+                if idx != -1:
+                    buf = buf[:idx]
+
+                current_name = buf
+
+        prop_string = "".join(["%s=%x, " % (k,v) for (k,v) in props.items()])
+
+        #print "%-20s | %s | %s" % (current_name, keys, prop_string)
+
+        offset = self.addr_space.profile.get_obj_offset(self._struct_or_class("_IOServiceInterestNotifier"), "chain")
+
+        for (k, v) in props.items():
+            if k.find("nterest") != -1:
+                cmd = obj.Object(self._struct_or_class("IOCommand"), offset = v, vm = self.addr_space)
+                notifier_ptr = cmd.fCommandChain.next
+                first_ptr = notifier_ptr
+
+                last = 0
+
+                while notifier_ptr.is_valid() and notifier_ptr != last:
+                    notifier = obj.Object(self._struct_or_class("_IOServiceInterestNotifier"), offset = notifier_ptr - offset, vm = self.addr_space)
+
+                    if not notifier.handler.is_valid():
+                        break
+   
+                    last = notifier_ptr
+                    notifier_ptr = notifier.chain.next
+
+                    if notifier_ptr == first_ptr:
+                        break
+
+                    handler = notifier.handler.v()
+
+                    (module, handler_sym) = common.get_handler_name(kaddr_info, handler)
+
+                    yield k, handler, module, handler_sym          
+ 
+        for child in children: 
+            for k, handler, module, handler_sym in self.walk_child_links(child):
+                yield k, handler, module, handler_sym
+
+    def walk_child_links(self, addr):
+        val = obj.Object(self._struct_or_class("OSArray"), offset = addr, vm = self.addr_space)
+
+        arr_ptr = val.array
+        cnt = val.count
+
+        arr = obj.Object(theType = "Array", targetType = "Pointer", offset = arr_ptr, count = cnt, vm = self.addr_space)
+
+        for a in arr:
+            for key, handler, module, handler_sym in self.walk_reg_entry(a):
+                yield key, handler, module, handler_sym
+            
+    def calculate(self):
+        common.set_plugin_members(self)
+        
+        global kaddr_info
+        kaddr_info = common.get_handler_name_addrs(self)
+
+        regroot_addr = common.get_cpp_sym("gRegistryRoot", self.addr_space.profile)
+        p = obj.Object("Pointer", offset = regroot_addr, vm = self.addr_space)
+
+        for key, handler, module, handler_sym in self.walk_reg_entry(p):
+            yield key, handler, module, handler_sym 
+
+    def render_text(self, outfd, data):
+        self.table_header(outfd, [("Interest", "24"),
+                          ("Handler", "[addrpad]"),
+                          ("Module", "32"),
+                          ("Symbol", "")])
+
+        for key, handler, module, handler_sym in data:
+            self.table_row(outfd, key, handler, module, handler_sym)
+
diff --git a/volatility/plugins/mac/kevents.py b/volatility/plugins/mac/kevents.py
new file mode 100644
index 000000000..607b8b4ab
--- /dev/null
+++ b/volatility/plugins/mac/kevents.py
@@ -0,0 +1,131 @@
+# Volatility
+# Copyright (C) 2007-2013 Volatility Foundation
+#
+# This file is part of Volatility.
+#
+# Volatility is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Volatility is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+@author:       Andrew Case
+@license:      GNU General Public License 2.0
+@contact:      atcuno@gmail.com
+@organization: 
+"""
+import volatility.obj as obj
+import volatility.plugins.mac.common as common
+import volatility.plugins.mac.pstasks as pstasks
+
+class mac_kevents(common.AbstractMacCommand):
+    """ Show parent/child relationship of processes """
+
+    def _walk_karray(self, address, count):
+        arr = obj.Object(theType = "Array", targetType = "klist", offset = address, vm = self.addr_space, count = count) 
+
+        for klist in arr:
+                kn = klist.slh_first
+
+                while kn.is_valid():
+                    yield kn
+ 
+                    kn = kn.kn_link.sle_next
+ 
+    def calculate(self):
+        common.set_plugin_members(self)
+   
+        for task in pstasks.mac_tasks(self._config).calculate():
+            fdp = task.p_fd
+    
+            # for (i = 0; i < fdp->fd_knlistsize; i++) {
+            #    kn = SLIST_FIRST(&fdp->fd_knlist[i]);
+            for kn in self._walk_karray(fdp.fd_knlist, fdp.fd_knlistsize):
+                yield task, kn
+            
+            # if (fdp->fd_knhashmask != 0) {
+            #    for (i = 0; i < (int)fdp->fd_knhashmask + 1; i++) {
+            #        kn = SLIST_FIRST(&fdp->fd_knhash[i]);
+            mask = fdp.fd_knhashmask             
+            if mask != 0:
+                for kn in self._walk_karray(fdp.fd_knhash, mask + 1):
+                    yield task, kn
+
+
+            kn = task.p_klist.slh_first
+            while kn.is_valid():
+                
+                yield task, kn
+
+                kn = kn.kn_link.sle_next
+
+    def _get_flags(self, fflags, filters): 
+        context = ""
+
+        if fflags != 0:
+            for (flag, idx) in filters:
+                if fflags & idx == idx:
+                    context = context + flag + ", "   
+
+            if len(context) > 2 and context[-2:] == ", ":
+                context = context[:-2]                     
+
+        return context
+
+    def render_text(self, outfd, data):
+        event_types = ["INVALID EVENT", "EVFILT_READ", "EVFILT_WRITE", "EVFILT_AIO", "EVFILT_VNODE", "EVFILT_PROC", "EVFILT_SIGNAL"]
+        event_types = event_types + ["EVFILT_TIMER", "EVFILT_MACHPORT", "EVFILT_FS", "EVFILT_USER", "INVALID EVENT", "EVFILT_VM"]
+                
+        vnode_filt = [("NOTE_DELETE", 1), ("NOTE_WRITE", 2), ("NOTE_EXTEND", 4), ("NOTE_ATTRIB", 8)]
+        vnode_filt = vnode_filt + [("NOTE_LINK", 0x10), ("NOTE_RENAME", 0x20), ("NOTE_REVOKE", 0x40)]          
+ 
+        proc_filt  = [("NOTE_EXIT", 0x80000000), ("NOTE_EXITSTATUS", 0x04000000), ("NOTE_FORK", 0x40000000)]
+        proc_filt  = proc_filt + [("NOTE_EXEC", 0x20000000), ("NOTE_SIGNAL", 0x08000000), ("NOTE_REAP", 0x10000000)]
+
+        time_filt = [("NOTE_SECONDS", 1), ("NOTE_USECONDS", 2), ("NOTE_NSECONDS", 4), ("NOTE_ABSOLUTE", 8)]
+
+        self.table_header(outfd, [("Offset", "[addrpad]"),
+                          ("Name", "20"),
+                          ("Pid", "8"),
+                          ("Ident", "6"),
+                          ("Filter", "20"),
+                          ("Context", ""),])
+
+        for task, kn in data:
+            filt_idx = kn.kn_kevent.filter * -1
+            if 0 < filt_idx < len(event_types):
+                fname = event_types[filt_idx]
+            else:
+                continue
+
+            context = ""    
+            fflags  = kn.kn_sfflags
+
+            # EVFILT_VNODE
+            if filt_idx == 4:
+                context = self._get_flags(fflags, vnode_filt)
+ 
+            # EVFILT_PROC
+            elif filt_idx == 5:
+                context = self._get_flags(fflags, proc_filt) 
+
+            elif filt_idx == 7:
+                context = self._get_flags(fflags, time_filt) 
+
+            self.table_row(outfd, kn.v(), str(task.p_comm), task.p_pid, kn.kn_kevent.ident, fname, context)   
+
+
+
+
+
+
+
diff --git a/volatility/plugins/mac/timers.py b/volatility/plugins/mac/timers.py
new file mode 100644
index 000000000..b2747dbb4
--- /dev/null
+++ b/volatility/plugins/mac/timers.py
@@ -0,0 +1,99 @@
+# Volatility
+# Copyright (C) 2007-2013 Volatility Foundation
+#
+# This file is part of Volatility.
+#
+# Volatility is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Volatility is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+@author:       Andrew Case
+@license:      GNU General Public License 2.0
+@contact:      atcuno@gmail.com
+@organization: 
+"""
+import volatility.obj as obj
+import volatility.plugins.mac.common as common
+
+class mac_timers(common.AbstractMacCommand):
+    """ Reports timers set by kernel drivers """
+
+    def calculate(self):
+        common.set_plugin_members(self)
+
+        kaddr_info = common.get_handler_name_addrs(self)
+
+        real_ncpus = obj.Object("int", offset = self.addr_space.profile.get_symbol("_real_ncpus"), vm = self.addr_space)
+        
+        ptr = self.addr_space.profile.get_symbol("_cpu_data_ptr")
+        cpu_data_ptrs = obj.Object(theType = 'Array', offset = ptr, vm = self.addr_space, targetType = "unsigned long long", count = real_ncpus)
+        
+        for i in range(real_ncpus):
+            cpu_data = obj.Object('cpu_data', offset = cpu_data_ptrs[i], vm = self.addr_space)
+
+            c = cpu_data.rtclock_timer
+            q = c.queue
+            
+            ent = q.head.next
+            first = ent
+            seen = {}
+
+            while ent.is_valid():
+                seen[ent.v()] = 1
+
+                timer = obj.Object("call_entry", offset = ent.v(), vm = self.addr_space)
+                  
+                func = timer.func.v()
+
+                if func < 0x1000 or func == 0xffffffff00000000:
+                    break
+
+                (module, handler_sym) = common.get_handler_name(kaddr_info, func)
+                
+                if hasattr(timer, "entry_time"):
+                    entry_time = timer.entry_time.v()
+                else:
+                    entry_time = -1
+                
+                yield func, timer.param0, timer.param1, timer.deadline, entry_time, module, handler_sym       
+         
+                ent = timer.q_link.next
+
+                if ent == first or ent.v() in seen:
+                    break
+
+
+    def render_text(self, outfd, data):
+        self.table_header(outfd, [("Function", "[addrpad]"), 
+                                  ("Param 0", "[addrpad]"), 
+                                  ("Param 1", "[addrpad]"),
+                                  ("Deadline", "16"),
+                                  ("Entry Time", "16"),
+                                  ("Module", "16"),
+                                  ("Symbol", ""),
+                                 ])
+
+        for func, p0, p1, deadline, entry_time, module, sym in data:
+            self.table_row(outfd, func, p0, p1, deadline, entry_time, module, sym)
+
+
+
+
+
+
+
+
+
+
+
diff --git a/volatility/plugins/mac/vfsevents.py b/volatility/plugins/mac/vfsevents.py
new file mode 100644
index 000000000..c220117bb
--- /dev/null
+++ b/volatility/plugins/mac/vfsevents.py
@@ -0,0 +1,76 @@
+# Volatility
+# Copyright (C) 2007-2013 Volatility Foundation
+#
+# This file is part of Volatility.
+#
+# Volatility is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Volatility is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+@author:       Andrew Case
+@license:      GNU General Public License 2.0
+@contact:      atcuno@gmail.com
+@organization: 
+"""
+import volatility.obj   as obj
+import volatility.debug as debug
+import volatility.plugins.mac.common as common
+
+class mac_vfsevents(common.AbstractMacCommand):
+    """ Lists processes filtering file system events """
+
+    def calculate(self):
+        common.set_plugin_members(self)
+
+        if not self.addr_space.profile.obj_has_member("fs_event_watcher", "proc_name"):
+            debug.error("This plugin only supports OS X >= 10.8.2. Please file a bug if you are running against a version matching this criteria.")
+
+        event_types = ["CREATE_FILE", "DELETE", "STAT_CHANGED", "RENAME", "CONTENT_MODIFIED", "EXCHANGE", "FINDER_INFO_CHANGED", "CREATE_DIR", "CHOWN"]
+        event_types = event_types + ["XATTR_MODIFIED", "XATTR_REMOVED", "DOCID_CREATED", "DOCID_CHANGED"]
+
+        table_addr = self.addr_space.profile.get_symbol("_watcher_table")
+    
+        arr = obj.Object(theType = "Array", targetType = "Pointer", count = 8, vm = self.addr_space, offset = table_addr)
+
+        for watcher_addr in arr:
+            if not watcher_addr.is_valid():
+                continue
+
+            watcher = watcher_addr.dereference_as("fs_event_watcher")
+
+            name = self.addr_space.read(watcher.proc_name.obj_offset, 33)
+            if name:
+                idx = name.find("\x00")
+                if idx != -1:
+                    name = name[:idx]
+
+            events = ""
+            event_arr = obj.Object(theType = "Array", targetType = "unsigned char", offset = watcher.event_list.v(), count = 13, vm = self.addr_space)
+            for (i, event) in enumerate(event_arr):
+                if event == 1:
+                    events = events + event_types[i] + ", "  
+
+            if len(events) and events[-1] == " " and events[-2] == ",":
+                events = events[:-2]
+
+            yield watcher_addr, name, watcher.pid, events
+
+    def render_text(self, outfd, data):
+        self.table_header(outfd, [("Offset", "[addrpad]"),
+                          ("Name", "20"),
+                          ("Pid", "8"),
+                          ("Events", "")])
+        
+        for (addr, name, pid, events) in data:
+            self.table_row(outfd, addr, name, pid, events)

From 62adbb1e9d6625b8c5f362a1e9f40185caeeb4de Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Tue, 31 May 2016 23:20:03 -0400
Subject: [PATCH 007/304] amd64.py:get_available_pages() optimize parsing of
 page tables

- read each level with a single baselayer read() call
- parse all entries with a single struct.unpack() call
---
 volatility/plugins/addrspaces/amd64.py | 55 ++++++++++++++++++--------
 1 file changed, 39 insertions(+), 16 deletions(-)

diff --git a/volatility/plugins/addrspaces/amd64.py b/volatility/plugins/addrspaces/amd64.py
index 5e54668a7..b9ddf21c8 100644
--- a/volatility/plugins/addrspaces/amd64.py
+++ b/volatility/plugins/addrspaces/amd64.py
@@ -254,16 +254,31 @@ def get_available_pages(self, with_pte = False):
         are accessible.
         '''
 
+        # read the full pml4
+        pml4 = self.base.read(self.dtb & 0xffffffffff000, 0x200 * 8)
+        if pml4 is None:
+            return
+
+        # unpack all entries
+        pml4_entries = struct.unpack('<512Q', pml4)
         for pml4e in range(0, 0x200):
             vaddr = pml4e << 39
-            pml4e_value = self.get_pml4e(vaddr)
+            pml4e_value = pml4_entries[pml4e]
             if not self.entry_present(pml4e_value):
                 continue
+
+            pdpt_base = (pml4e_value & 0xffffffffff000)
+            pdpt = self.base.read(pdpt_base, 0x200 * 8)
+            if pdpt is None:
+                continue
+
+            pdpt_entries = struct.unpack('<512Q', pdpt)
             for pdpte in range(0, 0x200):
                 vaddr = (pml4e << 39) | (pdpte << 30)
-                pdpte_value = self.get_pdpi(vaddr, pml4e_value)
+                pdpte_value = pdpt_entries[pdpte]
                 if not self.entry_present(pdpte_value):
                     continue
+
                 if self.page_size_flag(pdpte_value):
                     if with_pte: 
                         yield (pdpte_value, vaddr, 0x40000000)
@@ -271,26 +286,34 @@ def get_available_pages(self, with_pte = False):
                         yield (vaddr, 0x40000000)
                     continue
 
-                pgd_curr = self.pdba_base(pdpte_value)
-                for j in range(0, ptrs_per_pae_pgd):
-                    soffset = vaddr + (j * ptrs_per_pae_pgd * ptrs_per_pae_pte * 8)
-                    entry = self.read_long_long_phys(pgd_curr)
-                    pgd_curr = pgd_curr + 8
+                pd_base = self.pdba_base(pdpte_value)
+                pd = self.base.read(pd_base, 0x200 * 8)
+                if pd is None:
+                    continue
+
+                pd_entries = struct.unpack('<512Q', pd)
+                for j in range(0, 0x200):
+                    soffset = (j * 0x200 * 0x200 * 8)
+                    entry = pd_entries[j]
                     if self.entry_present(entry) and self.page_size_flag(entry):
                         if with_pte: 
-                            yield (entry, soffset, 0x200000)
+                            yield (entry, vaddr + soffset, 0x200000)
                         else:
-                            yield (soffset, 0x200000)
+                            yield (vaddr + soffset, 0x200000)
+
                     elif self.entry_present(entry):
-                        pte_curr = entry & 0xFFFFFFFFFF000
-                        for k in range(0, ptrs_per_pae_pte):
-                            pte_entry = self.read_long_long_phys(pte_curr)
-                            pte_curr = pte_curr + 8
-                            if self.entry_present(pte_entry):
+                        pt_base = entry & 0xFFFFFFFFFF000
+                        pt = self.base.read(pt_base, 0x200 * 8)
+                        if pt is None:
+                            continue
+                        pt_entries = struct.unpack('<512Q', pt)
+                        for k in range(0, 0x200):
+                            pt_entry = pt_entries[k]
+                            if self.entry_present(pt_entry):
                                 if with_pte:
-                                    yield (pte_entry, soffset + k * 0x1000, 0x1000)
+                                    yield (pt_entry, vaddr + soffset + k * 0x1000, 0x1000)
                                 else:
-                                    yield (soffset + k * 0x1000, 0x1000)
+                                    yield (vaddr + soffset + k * 0x1000, 0x1000)
 
     @classmethod
     def address_mask(cls, addr):

From fadddc621b32181398f057b1fb21dc28010041e4 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Sun, 10 Jul 2016 00:09:26 -0400
Subject: [PATCH 008/304] added latest win10 profiles

---
 volatility/plugins/overlays/windows/win10.py  |    18 +
 .../windows/win10_x64_1AC738FB_vtypes.py      | 13258 ++++++++++++++++
 .../windows/win10_x86_44B89EEA_vtypes.py      | 12767 +++++++++++++++
 3 files changed, 26043 insertions(+)
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_1AC738FB_vtypes.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x86_44B89EEA_vtypes.py

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 818136ec6..c8dae58a2 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -335,6 +335,15 @@ class Win10x64(obj.Profile):
     _md_build = 9841
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_vtypes'
 
+class Win10x64_1AC738FB(obj.Profile):
+    """ A Profile for Windows 10 x64 from PDB 1AC738FB"""
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 10240
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_1AC738FB_vtypes'
+
 class Win10x86(obj.Profile):
     """ A Profile for Windows 10 x86 """
     _md_memory_model = '32bit'
@@ -343,3 +352,12 @@ class Win10x86(obj.Profile):
     _md_minor = 4
     _md_build = 9841
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_vtypes'
+
+class Win10x86_44B89EEA(obj.Profile):
+    """ A Profile for Windows 10 x86 from PDB 44B89EEA"""
+    _md_memory_model = '32bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 10240
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_44B89EEA_vtypes'
diff --git a/volatility/plugins/overlays/windows/win10_x64_1AC738FB_vtypes.py b/volatility/plugins/overlays/windows/win10_x64_1AC738FB_vtypes.py
new file mode 100644
index 000000000..19868e643
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_1AC738FB_vtypes.py
@@ -0,0 +1,13258 @@
+ntkrnlmp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'Reserved12' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'Reserved8' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1080' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1080']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1098' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_109a' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_1098']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_109a']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['pointer64', ['void']]]],
+    'SystemReserved1' : [ 0x190, ['array', 38, ['pointer64', ['void']]]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0x18, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned short']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_1108' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1108']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x6a80, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x6900, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IdleState' : [ 0x23, ['unsigned char']],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'ProcessorState' : [ 0x40, ['_KPROCESSOR_STATE']],
+    'CpuType' : [ 0x5f0, ['unsigned char']],
+    'CpuID' : [ 0x5f1, ['unsigned char']],
+    'CpuStep' : [ 0x5f2, ['unsigned short']],
+    'CpuStepping' : [ 0x5f2, ['unsigned char']],
+    'CpuModel' : [ 0x5f3, ['unsigned char']],
+    'MHz' : [ 0x5f4, ['unsigned long']],
+    'HalReserved' : [ 0x5f8, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x638, ['unsigned short']],
+    'MajorVersion' : [ 0x63a, ['unsigned short']],
+    'BuildType' : [ 0x63c, ['unsigned char']],
+    'CpuVendor' : [ 0x63d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x63e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x63f, ['unsigned char']],
+    'ParentNode' : [ 0x640, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0x648, ['unsigned long long']],
+    'Group' : [ 0x650, ['unsigned char']],
+    'GroupIndex' : [ 0x651, ['unsigned char']],
+    'PrcbPad05' : [ 0x652, ['array', 2, ['unsigned char']]],
+    'InitialApicId' : [ 0x654, ['unsigned long']],
+    'ScbOffset' : [ 0x658, ['unsigned long']],
+    'ApicMask' : [ 0x65c, ['unsigned long']],
+    'AcpiReserved' : [ 0x660, ['pointer64', ['void']]],
+    'CFlushSize' : [ 0x668, ['unsigned long']],
+    'PrcbPad10' : [ 0x66c, ['unsigned long']],
+    'LockQueue' : [ 0x670, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x780, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x880, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0x1480, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x2080, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PrcbPad20' : [ 0x2c80, ['unsigned long long']],
+    'DeferredReadyListHead' : [ 0x2c88, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2c90, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2c94, ['long']],
+    'MmTransitionCount' : [ 0x2c98, ['long']],
+    'MmDemandZeroCount' : [ 0x2c9c, ['long']],
+    'MmPageReadCount' : [ 0x2ca0, ['long']],
+    'MmPageReadIoCount' : [ 0x2ca4, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x2ca8, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x2cac, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x2cb0, ['long']],
+    'MmMappedWriteIoCount' : [ 0x2cb4, ['long']],
+    'KeSystemCalls' : [ 0x2cb8, ['unsigned long']],
+    'KeContextSwitches' : [ 0x2cbc, ['unsigned long']],
+    'LdtSelector' : [ 0x2cc0, ['unsigned short']],
+    'PrcbPad40' : [ 0x2cc2, ['unsigned short']],
+    'CcFastReadNoWait' : [ 0x2cc4, ['unsigned long']],
+    'CcFastReadWait' : [ 0x2cc8, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x2ccc, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x2cd0, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x2cd4, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x2cd8, ['unsigned long']],
+    'IoReadOperationCount' : [ 0x2cdc, ['long']],
+    'IoWriteOperationCount' : [ 0x2ce0, ['long']],
+    'IoOtherOperationCount' : [ 0x2ce4, ['long']],
+    'IoReadTransferCount' : [ 0x2ce8, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x2cf0, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x2cf8, ['_LARGE_INTEGER']],
+    'PacketBarrier' : [ 0x2d00, ['long']],
+    'TargetCount' : [ 0x2d04, ['long']],
+    'IpiFrozen' : [ 0x2d08, ['unsigned long']],
+    'IsrDpcStats' : [ 0x2d10, ['pointer64', ['void']]],
+    'DeviceInterrupts' : [ 0x2d18, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x2d1c, ['long']],
+    'InterruptLastCount' : [ 0x2d20, ['unsigned long']],
+    'InterruptRate' : [ 0x2d24, ['unsigned long']],
+    'PrcbPad41' : [ 0x2d28, ['array', 22, ['unsigned long']]],
+    'DpcData' : [ 0x2d80, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2dd0, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2dd8, ['long']],
+    'DpcRequestRate' : [ 0x2ddc, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x2de0, ['unsigned long']],
+    'DpcLastCount' : [ 0x2de4, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x2de8, ['unsigned char']],
+    'QuantumEnd' : [ 0x2de9, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x2dea, ['unsigned char']],
+    'IdleSchedule' : [ 0x2deb, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x2dec, ['long']],
+    'DpcRequestSlot' : [ 0x2dec, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x2dec, ['short']],
+    'ThreadDpcState' : [ 0x2dee, ['short']],
+    'DpcNormalProcessingActive' : [ 0x2dec, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x2dec, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x2dec, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x2dec, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x2dec, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x2dec, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x2dec, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x2dec, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x2dec, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x2dec, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2df0, ['unsigned long']],
+    'LastTick' : [ 0x2df4, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2df8, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2dfc, ['unsigned long']],
+    'InterruptObject' : [ 0x2e00, ['array', 256, ['pointer64', ['void']]]],
+    'TimerTable' : [ 0x3600, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x5800, ['_KGATE']],
+    'PrcbPad52' : [ 0x5818, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x5820, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x5860, ['long']],
+    'PrcbPad60' : [ 0x5864, ['array', 2, ['unsigned char']]],
+    'NmiActive' : [ 0x5866, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x5868, ['long']],
+    'DpcWatchdogCount' : [ 0x586c, ['long']],
+    'KeSpinLockOrdering' : [ 0x5870, ['long']],
+    'PrcbPad70' : [ 0x5874, ['array', 1, ['unsigned long']]],
+    'CachedPtes' : [ 0x5878, ['pointer64', ['void']]],
+    'WaitListHead' : [ 0x5880, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x5890, ['unsigned long long']],
+    'ReadySummary' : [ 0x5898, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x589c, ['long']],
+    'QueueIndex' : [ 0x58a0, ['unsigned long']],
+    'PrcbPad75' : [ 0x58a4, ['array', 3, ['unsigned long']]],
+    'TimerExpirationDpc' : [ 0x58b0, ['_KDPC']],
+    'ScbQueue' : [ 0x58f0, ['_RTL_RB_TREE']],
+    'DispatcherReadyListHead' : [ 0x5900, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x5b00, ['unsigned long']],
+    'KernelTime' : [ 0x5b04, ['unsigned long']],
+    'UserTime' : [ 0x5b08, ['unsigned long']],
+    'DpcTime' : [ 0x5b0c, ['unsigned long']],
+    'InterruptTime' : [ 0x5b10, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x5b14, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x5b18, ['unsigned char']],
+    'GroupSchedulingOverQuota' : [ 0x5b19, ['unsigned char']],
+    'DeepSleep' : [ 0x5b1a, ['unsigned char']],
+    'PrcbPad80' : [ 0x5b1b, ['array', 5, ['unsigned char']]],
+    'DpcTimeCount' : [ 0x5b20, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x5b24, ['unsigned long']],
+    'PeriodicCount' : [ 0x5b28, ['unsigned long']],
+    'PeriodicBias' : [ 0x5b2c, ['unsigned long']],
+    'AvailableTime' : [ 0x5b30, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x5b34, ['unsigned long']],
+    'StartCycles' : [ 0x5b38, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x5b40, ['unsigned long long']],
+    'TaggedCycles' : [ 0x5b48, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x5b58, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x5b60, ['unsigned long long']],
+    'PrcbPad81' : [ 0x5b68, ['array', 29, ['unsigned long']]],
+    'MmSpinLockOrdering' : [ 0x5bdc, ['long']],
+    'PageColor' : [ 0x5be0, ['unsigned long']],
+    'NodeColor' : [ 0x5be4, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x5be8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x5bec, ['unsigned long']],
+    'PrcbPad83' : [ 0x5bf0, ['unsigned long']],
+    'CycleTime' : [ 0x5bf8, ['unsigned long long']],
+    'Cycles' : [ 0x5c00, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad84' : [ 0x5c40, ['array', 16, ['unsigned long']]],
+    'CcFastMdlReadNoWait' : [ 0x5c80, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x5c84, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x5c88, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x5c8c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x5c90, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x5c94, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x5c98, ['unsigned long']],
+    'CcPinReadWait' : [ 0x5c9c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x5ca0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x5ca4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x5ca8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x5cac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x5cb0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x5cb4, ['unsigned long']],
+    'CcDataPages' : [ 0x5cb8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x5cbc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x5cc0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x5cc4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x5cc8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x5ccc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x5cd0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x5cd4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x5cd8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x5cdc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x5ce0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x5ce4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x5ce8, ['long']],
+    'MmCacheReadCount' : [ 0x5cec, ['long']],
+    'MmCacheIoCount' : [ 0x5cf0, ['long']],
+    'PrcbPad91' : [ 0x5cf4, ['array', 3, ['unsigned long']]],
+    'PowerState' : [ 0x5d00, ['_PROCESSOR_POWER_STATE']],
+    'ScbList' : [ 0x5ed0, ['_LIST_ENTRY']],
+    'PrcbPad92' : [ 0x5ee0, ['array', 7, ['unsigned long']]],
+    'KeAlignmentFixupCount' : [ 0x5efc, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x5f00, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x5f40, ['_KTIMER']],
+    'Cache' : [ 0x5f80, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x5fbc, ['unsigned long']],
+    'CachedCommit' : [ 0x5fc0, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x5fc4, ['unsigned long']],
+    'HyperPte' : [ 0x5fc8, ['pointer64', ['void']]],
+    'WheaInfo' : [ 0x5fd0, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x5fd8, ['pointer64', ['void']]],
+    'InterruptObjectPool' : [ 0x5fe0, ['_SLIST_HEADER']],
+    'HypercallPageList' : [ 0x5ff0, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x6000, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x6008, ['pointer64', ['void']]],
+    'StatisticsPage' : [ 0x6010, ['pointer64', ['unsigned long long']]],
+    'PackageProcessorSet' : [ 0x6018, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x60c0, ['unsigned long long']],
+    'SharedReadyQueue' : [ 0x60c8, ['pointer64', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x60d0, ['unsigned long']],
+    'ScanSiblingIndex' : [ 0x60d4, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x60d8, ['unsigned long long']],
+    'ScanSiblingMask' : [ 0x60e0, ['unsigned long long']],
+    'LLCMask' : [ 0x60e8, ['unsigned long long']],
+    'CacheProcessorMask' : [ 0x60f0, ['array', 5, ['unsigned long long']]],
+    'ProcessorProfileControlArea' : [ 0x6118, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x6120, ['pointer64', ['void']]],
+    'PrcbPad94' : [ 0x6128, ['array', 11, ['unsigned long long']]],
+    'SynchCounters' : [ 0x6180, ['_SYNCH_COUNTERS']],
+    'PteBitCache' : [ 0x6238, ['unsigned long long']],
+    'PteBitOffset' : [ 0x6240, ['unsigned long']],
+    'FsCounters' : [ 0x6248, ['_FILESYSTEM_DISK_COUNTERS']],
+    'VendorString' : [ 0x6258, ['array', 13, ['unsigned char']]],
+    'PrcbPad100' : [ 0x6265, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x6268, ['unsigned long long']],
+    'PrcbPad110' : [ 0x6270, ['unsigned long']],
+    'UpdateSignature' : [ 0x6278, ['_LARGE_INTEGER']],
+    'Context' : [ 0x6280, ['pointer64', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x6288, ['unsigned long']],
+    'ExtendedState' : [ 0x6290, ['pointer64', ['_XSAVE_AREA']]],
+    'IsrStack' : [ 0x6298, ['pointer64', ['void']]],
+    'EntropyTimingState' : [ 0x62a0, ['_KENTROPY_TIMING_STATE']],
+    'AbSelfIoBoostsList' : [ 0x63f0, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x63f8, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x6400, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x6440, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x6494, ['_IOP_IRP_STACK_PROFILER']],
+    'LocalSharedReadyQueue' : [ 0x6500, ['_KSHARED_READY_QUEUE']],
+    'TimerExpirationTrace' : [ 0x6760, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x6860, ['unsigned long']],
+    'ExSaPageArray' : [ 0x6868, ['pointer64', ['void']]],
+    'Mailbox' : [ 0x6880, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestMailbox' : [ 0x68c0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KFLOATING_SAVE' : [ 0x4, {
+    'Dummy' : [ 0x0, ['unsigned long']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0x2d8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long']],
+    'Spare0' : [ 0x44, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x48, ['unsigned long long']],
+    'Affinity' : [ 0x50, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x110, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x1b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x1b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x1b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'DeepFreeze' : [ 0x1b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x1b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x1b8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SpareFlags0' : [ 0x1b8, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x1b8, ['BitField', dict(start_bit = 8, end_bit = 28, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x1b8, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x1b8, ['long']],
+    'BasePriority' : [ 0x1bc, ['unsigned char']],
+    'QuantumReset' : [ 0x1bd, ['unsigned char']],
+    'Visited' : [ 0x1be, ['unsigned char']],
+    'Flags' : [ 0x1bf, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x1c0, ['array', 20, ['unsigned long']]],
+    'IdealNode' : [ 0x210, ['array', 20, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x238, ['unsigned short']],
+    'Spare1' : [ 0x23a, ['unsigned short']],
+    'StackCount' : [ 0x23c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x240, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x250, ['unsigned long long']],
+    'ContextSwitches' : [ 0x258, ['unsigned long long']],
+    'SchedulingGroup' : [ 0x260, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'FreezeCount' : [ 0x268, ['unsigned long']],
+    'KernelTime' : [ 0x26c, ['unsigned long']],
+    'UserTime' : [ 0x270, ['unsigned long']],
+    'LdtFreeSelectorHint' : [ 0x274, ['unsigned short']],
+    'LdtTableLength' : [ 0x276, ['unsigned short']],
+    'LdtSystemDescriptor' : [ 0x278, ['_KGDTENTRY64']],
+    'LdtBaseAddress' : [ 0x288, ['pointer64', ['void']]],
+    'LdtProcessLock' : [ 0x290, ['_FAST_MUTEX']],
+    'InstrumentationCallback' : [ 0x2c8, ['pointer64', ['void']]],
+    'SecurePid' : [ 0x2d0, ['unsigned long long']],
+} ],
+  '_KTHREAD' : [ 0x5d8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'StackBase' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'CycleTime' : [ 0x48, ['unsigned long long']],
+    'CurrentRunTime' : [ 0x50, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
+    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
+    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x71, ['unsigned char']],
+    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x74, ['long']],
+    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlagsSpare0' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CommitFailTerminateRequest' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x78, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x78, ['BitField', dict(start_bit = 19, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x78, ['long']],
+    'Tag' : [ 0x7c, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x7d, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x7f, ['unsigned char']],
+    'SystemCallNumber' : [ 0x80, ['unsigned long']],
+    'Spare10' : [ 0x84, ['unsigned long']],
+    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
+    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x98, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0xc3, ['unsigned char']],
+    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
+    'WaitStatus' : [ 0xc8, ['long long']],
+    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xf0, ['pointer64', ['void']]],
+    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
+    'Timer' : [ 0x100, ['_KTIMER']],
+    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
+    'ContextSwitches' : [ 0x154, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
+    'State' : [ 0x184, ['unsigned char']],
+    'Spare13' : [ 0x185, ['unsigned char']],
+    'WaitIrql' : [ 0x186, ['unsigned char']],
+    'WaitMode' : [ 0x187, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
+    'WaitTime' : [ 0x1b4, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1e4, ['short']],
+    'SpecialApcDisable' : [ 0x1e6, ['short']],
+    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
+    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
+    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
+    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
+    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
+    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
+    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'TebMappedLowVa' : [ 0x200, ['pointer64', ['void']]],
+    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x218, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x21c, ['long']],
+    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
+    'PreviousMode' : [ 0x232, ['unsigned char']],
+    'BasePriority' : [ 0x233, ['unsigned char']],
+    'PriorityDecrement' : [ 0x234, ['unsigned char']],
+    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x235, ['unsigned char']],
+    'AdjustReason' : [ 0x236, ['unsigned char']],
+    'AdjustIncrement' : [ 0x237, ['unsigned char']],
+    'AffinityVersion' : [ 0x238, ['unsigned long long']],
+    'Affinity' : [ 0x240, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x240, ['array', 10, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x24a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x24b, ['unsigned char']],
+    'IdealProcessor' : [ 0x24c, ['unsigned long']],
+    'NpxState' : [ 0x250, ['unsigned long long']],
+    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x283, ['unsigned char']],
+    'SuspendCount' : [ 0x284, ['unsigned char']],
+    'Saturation' : [ 0x285, ['unsigned char']],
+    'SListFaultCount' : [ 0x286, ['unsigned short']],
+    'SchedulerApc' : [ 0x288, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x289, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x28b, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x28c, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
+    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
+    'UserTime' : [ 0x2dc, ['unsigned long']],
+    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x318, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x319, ['unsigned char']],
+    'Spare20' : [ 0x31a, ['unsigned short']],
+    'SecureThreadCookie' : [ 0x31c, ['unsigned long']],
+    'LockEntries' : [ 0x320, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x568, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x570, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x580, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x584, ['long']],
+    'KeReferenceCount' : [ 0x588, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x58a, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x58b, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x58c, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x590, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x590, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x598, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x5a0, ['long long']],
+    'WriteOperationCount' : [ 0x5a8, ['long long']],
+    'OtherOperationCount' : [ 0x5b0, ['long long']],
+    'ReadTransferCount' : [ 0x5b8, ['long long']],
+    'WriteTransferCount' : [ 0x5c0, ['long long']],
+    'OtherTransferCount' : [ 0x5c8, ['long long']],
+    'QueuedScb' : [ 0x5d0, ['pointer64', ['_KSCB']]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x30, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'ActualLimit' : [ 0x8, ['unsigned long long']],
+    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_1269' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'HeaderX64' : [ 0x0, ['__unnamed_1269']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x100, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long long']],
+    'IdleSmtSet' : [ 0x8, ['unsigned long long']],
+    'IdleCpuSet' : [ 0x10, ['unsigned long long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long long']],
+    'IdleConstrainedSet' : [ 0x48, ['unsigned long long']],
+    'NonParkedSet' : [ 0x50, ['unsigned long long']],
+    'ParkLock' : [ 0x58, ['long']],
+    'Seed' : [ 0x5c, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x88, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x88, ['array', 10, ['unsigned char']]],
+    'NodeNumber' : [ 0x92, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x94, ['unsigned short']],
+    'Stride' : [ 0x96, ['unsigned char']],
+    'Spare0' : [ 0x97, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x98, ['unsigned long long']],
+    'ProximityId' : [ 0xa0, ['unsigned long']],
+    'Lowest' : [ 0xa4, ['unsigned long']],
+    'Highest' : [ 0xa8, ['unsigned long']],
+    'MaximumProcessors' : [ 0xac, ['unsigned char']],
+    'Flags' : [ 0xad, ['_flags']],
+    'Spare10' : [ 0xae, ['unsigned char']],
+    'HeteroSets' : [ 0xb0, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+} ],
+  '_ENODE' : [ 0x540, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'ExWorkQueues' : [ 0x100, ['array', 8, ['pointer64', ['_EX_WORK_QUEUE']]]],
+    'ExWorkQueue' : [ 0x140, ['_EX_WORK_QUEUE']],
+    'ExpThreadSetManagerEvent' : [ 0x410, ['_KEVENT']],
+    'ExpDeadlockTimer' : [ 0x428, ['_KTIMER']],
+    'ExpThreadReaperEvent' : [ 0x468, ['_KEVENT']],
+    'WaitBlocks' : [ 0x480, ['array', 3, ['_KWAIT_BLOCK']]],
+    'ExpWorkerThreadBalanceManagerPtr' : [ 0x510, ['pointer64', ['_ETHREAD']]],
+    'ExpWorkerSeed' : [ 0x518, ['unsigned long']],
+    'ExWorkerFullInit' : [ 0x51c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerStructInit' : [ 0x51c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExWorkerFlags' : [ 0x51c, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long long']],
+    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x2c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
+    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x4, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'VolatileLowValue' : [ 0x0, ['long long']],
+    'LowValue' : [ 0x0, ['long long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x8, ['long long']],
+    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
+    'RefCountField' : [ 0x0, ['long long']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
+    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+    'Spare2' : [ 0xc, ['unsigned long']],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_135c' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_135c']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xe0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_EPROCESS' : [ 0x788, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x2d8, ['_EX_PUSH_LOCK']],
+    'RundownProtect' : [ 0x2e0, ['_EX_RUNDOWN_REF']],
+    'UniqueProcessId' : [ 0x2e8, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x2f0, ['_LIST_ENTRY']],
+    'Flags2' : [ 0x300, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x304, ['unsigned long']],
+    'CreateReported' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x304, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ControlFlowGuardEnabled' : [ 0x304, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x304, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x304, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x304, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0x304, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x304, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x304, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x304, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x304, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x304, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x304, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x304, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x304, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0x304, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x304, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x304, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x304, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x304, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0x304, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x304, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x304, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x304, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x304, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0x308, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x320, ['array', 2, ['unsigned long long']]],
+    'PeakVirtualSize' : [ 0x330, ['unsigned long long']],
+    'VirtualSize' : [ 0x338, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x340, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x350, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x350, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x350, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Token' : [ 0x358, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0x360, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x368, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x370, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x378, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x380, ['pointer64', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x388, ['pointer64', ['_EJOB']]],
+    'CloneRoot' : [ 0x390, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x398, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x3a0, ['unsigned long long']],
+    'Win32Process' : [ 0x3a8, ['pointer64', ['void']]],
+    'Job' : [ 0x3b0, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x3b8, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x3c0, ['pointer64', ['void']]],
+    'Cookie' : [ 0x3c8, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x3d0, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x3d8, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x3e0, ['pointer64', ['void']]],
+    'LdtInformation' : [ 0x3e8, ['pointer64', ['void']]],
+    'OwnerProcessId' : [ 0x3f0, ['unsigned long long']],
+    'Peb' : [ 0x3f8, ['pointer64', ['_PEB']]],
+    'Session' : [ 0x400, ['pointer64', ['void']]],
+    'AweInfo' : [ 0x408, ['pointer64', ['void']]],
+    'QuotaBlock' : [ 0x410, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x418, ['pointer64', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x420, ['pointer64', ['void']]],
+    'WoW64Process' : [ 0x428, ['pointer64', ['_EWOW64PROCESS']]],
+    'DeviceMap' : [ 0x430, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x438, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x440, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x448, ['pointer64', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x450, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x45f, ['unsigned char']],
+    'SecurityPort' : [ 0x460, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x468, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x470, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x480, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x488, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x498, ['unsigned long']],
+    'ImagePathHash' : [ 0x49c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x4a0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x4a4, ['long']],
+    'PrefetchTrace' : [ 0x4a8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x4b0, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x4b8, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x4c0, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x4c8, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x4d0, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x4d8, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x4e0, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x4e8, ['unsigned long long']],
+    'CommitCharge' : [ 0x4f0, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x4f8, ['unsigned long long']],
+    'Vm' : [ 0x500, ['_MMSUPPORT']],
+    'MmProcessLinks' : [ 0x5f8, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x608, ['unsigned long']],
+    'ExitStatus' : [ 0x60c, ['long']],
+    'VadRoot' : [ 0x610, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x618, ['pointer64', ['void']]],
+    'VadCount' : [ 0x620, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x628, ['unsigned long long']],
+    'VadPhysicalPagesLimit' : [ 0x630, ['unsigned long long']],
+    'AlpcContext' : [ 0x638, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x658, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x668, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x670, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x674, ['unsigned long']],
+    'ExitTime' : [ 0x678, ['_LARGE_INTEGER']],
+    'InvertedFunctionTable' : [ 0x680, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
+    'InvertedFunctionTableLock' : [ 0x688, ['_EX_PUSH_LOCK']],
+    'ActiveThreadsHighWatermark' : [ 0x690, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x694, ['unsigned long']],
+    'ThreadListLock' : [ 0x698, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x6a0, ['pointer64', ['void']]],
+    'Spare0' : [ 0x6a8, ['unsigned long long']],
+    'SignatureLevel' : [ 0x6b0, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x6b1, ['unsigned char']],
+    'Protection' : [ 0x6b2, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x6b3, ['unsigned char']],
+    'Flags3' : [ 0x6b4, ['unsigned long']],
+    'Minimal' : [ 0x6b4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x6b4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x6b4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x6b4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Crashed' : [ 0x6b4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x6b4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x6b4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x6b4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x6b4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6b4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'InPrivate' : [ 0x6b4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x6b4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x6b4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x6b4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x6b8, ['long']],
+    'SvmData' : [ 0x6c0, ['pointer64', ['void']]],
+    'SvmProcessLock' : [ 0x6c8, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x6d0, ['unsigned long long']],
+    'SvmProcessDeviceListHead' : [ 0x6d8, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x6e8, ['unsigned long long']],
+    'DiskCounters' : [ 0x6f0, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x6f8, ['pointer64', ['void']]],
+    'TrustletIdentity' : [ 0x700, ['unsigned long long']],
+    'KeepAliveCounter' : [ 0x708, ['unsigned long']],
+    'NoWakeKeepAliveCounter' : [ 0x70c, ['unsigned long']],
+    'HighPriorityFaultsAllowed' : [ 0x710, ['unsigned long']],
+    'EnergyValues' : [ 0x718, ['pointer64', ['_PROCESS_ENERGY_VALUES']]],
+    'VmContext' : [ 0x720, ['pointer64', ['void']]],
+    'SequenceNumber' : [ 0x728, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x730, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x738, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x740, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x748, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x750, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x750, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x758, ['unsigned long long']],
+    'SharedCommitLock' : [ 0x760, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x768, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x778, ['unsigned long long']],
+    'DefaultCpuSets' : [ 0x780, ['unsigned long long']],
+    'AllowedCpuSetsIndirect' : [ 0x778, ['pointer64', ['unsigned long long']]],
+    'DefaultCpuSetsIndirect' : [ 0x780, ['pointer64', ['unsigned long long']]],
+} ],
+  '_EWOW64PROCESS' : [ 0x10, {
+    'Peb' : [ 0x0, ['pointer64', ['void']]],
+    'Machine' : [ 0x8, ['unsigned short']],
+} ],
+  '_ETHREAD' : [ 0x7c0, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x5d8, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x5e0, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x5e0, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x5f0, ['pointer64', ['void']]],
+    'PostBlockList' : [ 0x5f8, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x5f8, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x600, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x608, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x608, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x608, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x610, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x618, ['_LIST_ENTRY']],
+    'Cid' : [ 0x628, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x638, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x638, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x658, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x660, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x670, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x678, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x680, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x688, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x690, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x6a0, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x6a8, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x6b0, ['unsigned long']],
+    'MmLockOrdering' : [ 0x6b4, ['long']],
+    'CmLockOrdering' : [ 0x6b8, ['long']],
+    'CrossThreadFlags' : [ 0x6bc, ['unsigned long']],
+    'Terminated' : [ 0x6bc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x6bc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x6bc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x6bc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x6bc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x6bc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x6bc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x6bc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x6bc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x6bc, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x6bc, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x6bc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x6bc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6bc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x6bc, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x6c0, ['unsigned long']],
+    'ActiveExWorker' : [ 0x6c0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x6c0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x6c0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x6c0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x6c0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x6c0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x6c0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x6c0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x6c4, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x6c4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x6c4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x6c4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x6c4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x6c4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x6c4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x6c4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x6c4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x6c5, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x6c5, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x6c8, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x6c9, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x6ca, ['unsigned char']],
+    'LockOrderState' : [ 0x6cb, ['unsigned char']],
+    'AlpcMessageId' : [ 0x6d0, ['unsigned long long']],
+    'AlpcMessage' : [ 0x6d8, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x6d8, ['unsigned long']],
+    'ExitStatus' : [ 0x6e0, ['long']],
+    'AlpcWaitListEntry' : [ 0x6e8, ['_LIST_ENTRY']],
+    'CacheManagerCount' : [ 0x6f8, ['unsigned long']],
+    'IoBoostCount' : [ 0x6fc, ['unsigned long']],
+    'BoostList' : [ 0x700, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x710, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x720, ['unsigned long long']],
+    'IrpListLock' : [ 0x728, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x730, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x738, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x740, ['pointer64', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x748, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x750, ['pointer64', ['void']]],
+    'KernelStackReference' : [ 0x758, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x760, ['pointer64', ['void']]],
+    'WorkingOnBehalfClient' : [ 0x768, ['pointer64', ['void']]],
+    'PropertySet' : [ 0x770, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x788, ['pointer64', ['void']]],
+    'UserFsBase' : [ 0x790, ['unsigned long']],
+    'UserGsBase' : [ 0x798, ['unsigned long long']],
+    'EnergyValues' : [ 0x7a0, ['pointer64', ['_THREAD_ENERGY_VALUES']]],
+    'CmCellReferences' : [ 0x7a8, ['unsigned long']],
+    'SelectedCpuSets' : [ 0x7b0, ['unsigned long long']],
+    'SelectedCpuSetsIndirect' : [ 0x7b0, ['pointer64', ['unsigned long long']]],
+    'Silo' : [ 0x7b8, ['pointer64', ['_EJOB']]],
+} ],
+  '__unnamed_13c5' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13cb' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13cd' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13cb']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13d6' : [ 0x58, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13d8' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_13d6']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_13c5']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_13cd']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_13d8']],
+} ],
+  '__unnamed_13df' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13e3' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13e7' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13e9' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13ed' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13ef' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_13f1' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13f3' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13f5' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13f7' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13fb' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsDataCopyInformation', 13: 'FileFsMetadataSizeInformation', 14: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13fd' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13ff' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1401' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1403' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1405' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1409' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_140d' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1411' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1415' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_1419' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_141d' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1421' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1423' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1425' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_1429' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_142d' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1431' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_1435' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_1439' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1441' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_1445' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1447' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1449' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_144b' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_13df']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13e3']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13e7']],
+    'Read' : [ 0x0, ['__unnamed_13e9']],
+    'Write' : [ 0x0, ['__unnamed_13e9']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13ed']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13ef']],
+    'QueryFile' : [ 0x0, ['__unnamed_13f1']],
+    'SetFile' : [ 0x0, ['__unnamed_13f3']],
+    'QueryEa' : [ 0x0, ['__unnamed_13f5']],
+    'SetEa' : [ 0x0, ['__unnamed_13f7']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13fb']],
+    'SetVolume' : [ 0x0, ['__unnamed_13fb']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13fd']],
+    'LockControl' : [ 0x0, ['__unnamed_13ff']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1401']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1403']],
+    'SetSecurity' : [ 0x0, ['__unnamed_1405']],
+    'MountVolume' : [ 0x0, ['__unnamed_1409']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_1409']],
+    'Scsi' : [ 0x0, ['__unnamed_140d']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1411']],
+    'SetQuota' : [ 0x0, ['__unnamed_13f7']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1415']],
+    'QueryInterface' : [ 0x0, ['__unnamed_1419']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_141d']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1421']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1423']],
+    'SetLock' : [ 0x0, ['__unnamed_1425']],
+    'QueryId' : [ 0x0, ['__unnamed_1429']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_142d']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1431']],
+    'WaitWake' : [ 0x0, ['__unnamed_1435']],
+    'PowerSequence' : [ 0x0, ['__unnamed_1439']],
+    'Power' : [ 0x0, ['__unnamed_1441']],
+    'StartDevice' : [ 0x0, ['__unnamed_1445']],
+    'WMI' : [ 0x0, ['__unnamed_1447']],
+    'Others' : [ 0x0, ['__unnamed_1449']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_144b']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1461' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_1461']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x28, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x20, ['pointer64', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x528, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
+    'TotalProcesses' : [ 0xd4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
+    'LimitFlags' : [ 0x100, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
+    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
+    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
+    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
+    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
+    'SessionId' : [ 0x1e0, ['unsigned long']],
+    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
+    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
+    'JobTotalMemoryLimit' : [ 0x250, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x258, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x260, ['unsigned long long']],
+    'EffectiveAffinity' : [ 0x268, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x310, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x318, ['unsigned long long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x320, ['unsigned long long']],
+    'EffectiveProcessMemoryLimit' : [ 0x328, ['unsigned long long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x338, ['pointer64', ['_EJOB']]],
+    'EffectiveDiskIoRateLimitJob' : [ 0x340, ['pointer64', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x348, ['pointer64', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x350, ['pointer64', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x358, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x35c, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x360, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x364, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x368, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x36c, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x370, ['unsigned char']],
+    'PriorityClass' : [ 0x371, ['unsigned char']],
+    'NestingDepth' : [ 0x372, ['unsigned char']],
+    'Reserved1' : [ 0x373, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x374, ['unsigned long']],
+    'WakeChannel' : [ 0x378, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x378, ['_PS_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x3b0, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x3b8, ['unsigned long']],
+    'OwnedHighEdgeFilters' : [ 0x3bc, ['unsigned long']],
+    'NotificationLink' : [ 0x3c0, ['pointer64', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x3c8, ['unsigned long long']],
+    'NotificationInfo' : [ 0x3d0, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x3d8, ['pointer64', ['void']]],
+    'NotificationPacket' : [ 0x3e0, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x3e8, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x3f0, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x3f8, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x400, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x408, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x418, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x428, ['pointer64', ['_EJOB']]],
+    'RootJob' : [ 0x430, ['pointer64', ['_EJOB']]],
+    'IteratorListHead' : [ 0x438, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x448, ['unsigned long long']],
+    'Ancestors' : [ 0x450, ['pointer64', ['pointer64', ['_EJOB']]]],
+    'SessionObject' : [ 0x450, ['pointer64', ['void']]],
+    'Accounting' : [ 0x458, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x4a8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x4ac, ['unsigned long']],
+    'SequenceNumber' : [ 0x4b0, ['unsigned long']],
+    'TimerListLock' : [ 0x4b8, ['unsigned long long']],
+    'TimerListHead' : [ 0x4c0, ['_LIST_ENTRY']],
+    'ContainerId' : [ 0x4d0, ['_GUID']],
+    'Container' : [ 0x4e0, ['pointer64', ['_SILO_CONTEXT']]],
+    'PropertySet' : [ 0x4e8, ['_PS_PROPERTY_SET']],
+    'NetRateControl' : [ 0x500, ['pointer64', ['_JOB_NET_RATE_CONTROL']]],
+    'IoRateControl' : [ 0x508, ['pointer64', ['_JOB_IO_RATE_CONTROL']]],
+    'JobFlags' : [ 0x510, ['unsigned long']],
+    'CloseDone' : [ 0x510, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x510, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x510, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x510, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x510, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x510, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x510, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x510, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x510, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x510, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x510, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x510, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x510, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x510, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x510, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x510, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x510, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x510, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x510, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x510, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x510, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x510, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x510, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x510, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'SpareJobFlags' : [ 0x510, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+    'EffectiveHighEdgeFilters' : [ 0x514, ['unsigned long']],
+    'EnergyValues' : [ 0x518, ['pointer64', ['_PROCESS_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x520, ['unsigned long long']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x70, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x60, ['pointer64', ['void']]],
+    'UserContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'Oplock' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '_TlgProvider_t' : [ 0x40, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+    'AnnotationFunc' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_164b' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_164b']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0x10, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x8, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0xc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
+    'WaiterPriority' : [ 0x1b, ['unsigned char']],
+    'SharedWaiters' : [ 0x20, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_1683' : [ 0x8, {
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
+    'WsIndex' : [ 0x0, ['unsigned long long']],
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer64', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_1687' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'ShortFlags' : [ 0x2, ['unsigned short']],
+    'VolatileShortFlags' : [ 0x2, ['unsigned short']],
+} ],
+  '__unnamed_1689' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY']],
+    'e2' : [ 0x0, ['__unnamed_1687']],
+} ],
+  '__unnamed_1695' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'Channel' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 50, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 52, native_type='unsigned long long')]],
+    'FileOnly' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_1683']],
+    'PteAddress' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x8, ['pointer64', ['void']]],
+    'PteLong' : [ 0x8, ['unsigned long long']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'u2' : [ 0x18, ['_MIPFNBLINK']],
+    'u3' : [ 0x20, ['__unnamed_1689']],
+    'NodeBlinkLow' : [ 0x24, ['unsigned short']],
+    'Unused' : [ 0x26, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'VaType' : [ 0x26, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ViewCount' : [ 0x27, ['unsigned char']],
+    'NodeFlinkLow' : [ 0x27, ['unsigned char']],
+    'u4' : [ 0x28, ['__unnamed_1695']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x60, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'MiVaUnused', 1: 'MiVaSessionSpace', 2: 'MiVaProcessSpace', 3: 'MiVaBootLoaded', 4: 'MiVaPfnDatabase', 5: 'MiVaNonPagedPool', 6: 'MiVaPagedPool', 7: 'MiVaSpecialPoolPaged', 8: 'MiVaSystemCache', 9: 'MiVaSystemPtes', 10: 'MiVaHal', 11: 'MiVaSessionGlobalSpace', 12: 'MiVaDriverImages', 13: 'MiVaSpecialPoolNonPaged', 14: 'MiVaMaximumType', 15: 'MiVaSystemPtesLarge'})]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x30, ['unsigned long long']],
+    'GlobalPushLock' : [ 0x30, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'Vm' : [ 0x38, ['pointer64', ['_MMSUPPORT']]],
+    'TotalSystemPtes' : [ 0x40, ['unsigned long long']],
+    'Hint' : [ 0x48, ['unsigned long long']],
+    'CachedPtes' : [ 0x50, ['pointer64', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x58, ['unsigned long long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x50, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer64', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0x18, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x20, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x28, ['unsigned long long']],
+    'NumberOfReferences' : [ 0x30, ['unsigned long long']],
+    'CloneHeader' : [ 0x38, ['pointer64', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x40, ['unsigned long long']],
+    'NestingLevel' : [ 0x48, ['unsigned long long']],
+} ],
+  '__unnamed_16c7' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_16c7']],
+} ],
+  '_MMWSL' : [ 0x350, {
+    'FirstFree' : [ 0x0, ['unsigned long long']],
+    'FirstDynamic' : [ 0x8, ['unsigned long long']],
+    'LastEntry' : [ 0x10, ['unsigned long long']],
+    'NextSlot' : [ 0x18, ['unsigned long long']],
+    'LastInitializedWsle' : [ 0x20, ['unsigned long long']],
+    'NextAgingSlot' : [ 0x28, ['unsigned long long']],
+    'NextAccessClearingSlot' : [ 0x30, ['unsigned long long']],
+    'LastAccessClearingRemainder' : [ 0x38, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x3c, ['unsigned long']],
+    'WsleSize' : [ 0x40, ['unsigned long']],
+    'NonDirectCount' : [ 0x48, ['unsigned long long']],
+    'LowestPagableAddress' : [ 0x50, ['pointer64', ['void']]],
+    'NonDirectHash' : [ 0x58, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x60, ['pointer64', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x68, ['pointer64', ['_MMWSLE_HASH']]],
+    'ActiveWsleCounts' : [ 0x70, ['array', 16, ['unsigned long long']]],
+    'ActiveWsles' : [ 0xf0, ['array', 16, ['_MI_ACTIVE_WSLE_LISTHEAD']]],
+    'Wsle' : [ 0x1f0, ['pointer64', ['_MMWSLE']]],
+    'UserVaInfo' : [ 0x1f8, ['_MI_USER_VA_INFO']],
+} ],
+  '_MMSUPPORT' : [ 0xf8, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'ExitOutswapGate' : [ 0x8, ['pointer64', ['_KGATE']]],
+    'AccessLog' : [ 0x10, ['pointer64', ['void']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 7, ['unsigned long long']]],
+    'MinimumWorkingSetSize' : [ 0x60, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x68, ['unsigned long long']],
+    'WorkingSetLeafPrivateSize' : [ 0x70, ['unsigned long long']],
+    'WorkingSetSize' : [ 0x78, ['unsigned long long']],
+    'WorkingSetPrivateSize' : [ 0x80, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0x88, ['unsigned long long']],
+    'ChargedWslePages' : [ 0x90, ['unsigned long long']],
+    'ActualWslePages' : [ 0x98, ['unsigned long long']],
+    'WorkingSetSizeOverhead' : [ 0xa0, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0xa8, ['unsigned long long']],
+    'HardFaultCount' : [ 0xb0, ['unsigned long']],
+    'PartitionId' : [ 0xb4, ['unsigned short']],
+    'Pad0' : [ 0xb6, ['unsigned short']],
+    'VmWorkingSetList' : [ 0xb8, ['pointer64', ['_MMWSL']]],
+    'NextPageColor' : [ 0xc0, ['unsigned short']],
+    'LastTrimStamp' : [ 0xc2, ['unsigned short']],
+    'PageFaultCount' : [ 0xc4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0xc8, ['unsigned long long']],
+    'Reserved0' : [ 0xd0, ['unsigned long long']],
+    'Flags' : [ 0xd8, ['_MMSUPPORT_FLAGS']],
+    'ReleasedCommitDebt' : [ 0xe0, ['unsigned long long']],
+    'WsSwapSupport' : [ 0xe8, ['pointer64', ['void']]],
+    'CommitReAcquireFailSupport' : [ 0xf0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_16e3' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+} ],
+  '__unnamed_16e7' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x48, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_16e3']],
+    'u2' : [ 0x38, ['__unnamed_16e7']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_16ec' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_16ef' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS2']],
+} ],
+  '__unnamed_16f9' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 25, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_16fb' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_16f9']],
+} ],
+  '_CONTROL_AREA' : [ 0x78, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_16ec']],
+    'u1' : [ 0x3c, ['__unnamed_16ef']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_16fb']],
+    'LockedPages' : [ 0x68, ['unsigned long long']],
+    'FileObjectLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1709' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_170c' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
+    'StartingVpn' : [ 0x18, ['unsigned long']],
+    'EndingVpn' : [ 0x1c, ['unsigned long']],
+    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
+    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
+    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
+    'SpareNT64VadUChar' : [ 0x23, ['unsigned char']],
+    'ReferenceCount' : [ 0x24, ['long']],
+    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x30, ['__unnamed_1709']],
+    'u1' : [ 0x34, ['__unnamed_170c']],
+    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MI_PARTITION' : [ 0x2740, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0x158, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x430, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x4c0, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x640, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0x1380, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0x1400, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0x1468, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x15f0, ['pointer64', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x15f8, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0x1640, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPAGING_FILE' : [ 0x120, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
+    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x40, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x50, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x60, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x70, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x78, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x7c, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x80, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x84, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x88, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x8c, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x90, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0xa0, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0xb0, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0xc0, ['pointer64', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0xc8, ['unsigned long']],
+    'HybridPriority' : [ 0xc8, ['unsigned long']],
+    'PageFileNumber' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0xce, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0xce, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0xcf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0xcf, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0xd0, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0xd4, ['unsigned long']],
+    'PageHash' : [ 0xd8, ['pointer64', ['unsigned long']]],
+    'FileHandle' : [ 0xe0, ['pointer64', ['void']]],
+    'Lock' : [ 0xe8, ['unsigned long long']],
+    'LockOwner' : [ 0xf0, ['pointer64', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0xf8, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x100, ['pointer64', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x108, ['_RTL_BALANCED_NODE']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x68, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CMP_SILO_CONTEXT' : [ 0x20, {
+    'LockEntryHead' : [ 0x0, ['_LIST_ENTRY']],
+    'LockListUnderCleanup' : [ 0x10, ['unsigned char']],
+    'ContextLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1756' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapForLoaderHive', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpMapHiveImage', 8: '_HvpRecoverData', 9: '_CmpValidateHiveSecurityDescriptors', 10: '_HvpEnlistBinInMap', 11: '_CmCheckRegistry', 12: '_CmRegistryIO', 13: '_CmCheckRegistry2', 14: '_CmpCheckKey', 15: '_CmpCheckValueList', 16: '_HvCheckHive', 17: '_HvCheckBin', 18: '_HvpGetLogEntryDirtyVector', 19: '_HvpReadLogEntryHeader', 20: '_HvpReadLogEntry', 21: '_CmpMountPreloadedHives', 22: '_CmpLoadHiveThread'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1759' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_175b' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_175f' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1761' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_1765' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_1769' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_176b' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'RecoverableIndex' : [ 0xc, ['unsigned long']],
+    'Locations' : [ 0x10, ['array', 8, ['__unnamed_1756']]],
+    'RecoverableLocations' : [ 0x70, ['array', 8, ['__unnamed_1756']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_1759']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_175b']],
+    'CheckKey' : [ 0xf0, ['__unnamed_175f']],
+    'CheckValueList' : [ 0x110, ['__unnamed_1761']],
+    'CheckHive' : [ 0x128, ['__unnamed_1765']],
+    'CheckHive1' : [ 0x138, ['__unnamed_1765']],
+    'CheckBin' : [ 0x148, ['__unnamed_1769']],
+    'RecoverData' : [ 0x158, ['__unnamed_176b']],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0xc, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 38, ['unsigned long']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 38, ['unsigned long long']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x260, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ReadySummary' : [ 0x8, ['unsigned long']],
+    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
+    'Span' : [ 0x250, ['unsigned char']],
+    'LowProcIndex' : [ 0x251, ['unsigned char']],
+    'QueueIndex' : [ 0x252, ['unsigned char']],
+    'ProcCount' : [ 0x253, ['unsigned char']],
+    'ScanOwner' : [ 0x254, ['unsigned char']],
+    'Spare' : [ 0x255, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x258, ['unsigned long long']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'Spare1' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
+    'OutputLength' : [ 0xe0, ['unsigned long long']],
+    'Spare2' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'TimeStampCKCL' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'TimeStampKlog' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'Fill4' : [ 0x18c, ['unsigned long']],
+} ],
+  '__unnamed_1866' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1868' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_186c' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['unsigned short']]],
+} ],
+  '_DEVICE_NODE' : [ 0x2c8, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x58, ['long']],
+    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
+    'FxActivationCount' : [ 0x78, ['long']],
+    'FxSleepCount' : [ 0x7c, ['long']],
+    'Plugin' : [ 0x80, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x88, ['unsigned long']],
+    'CurrentPowerState' : [ 0x8c, ['_POWER_STATE']],
+    'Notify' : [ 0x90, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xf8, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0x118, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0x128, ['unsigned long']],
+    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x134, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
+    'CompletionStatus' : [ 0x188, ['long']],
+    'Flags' : [ 0x18c, ['unsigned long']],
+    'UserFlags' : [ 0x190, ['unsigned long']],
+    'Problem' : [ 0x194, ['unsigned long']],
+    'ProblemStatus' : [ 0x198, ['long']],
+    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x1c4, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
+    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
+    'OverUsed1' : [ 0x210, ['__unnamed_1866']],
+    'OverUsed2' : [ 0x218, ['__unnamed_1868']],
+    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x230, ['unsigned long']],
+    'DockInfo' : [ 0x238, ['__unnamed_186c']],
+    'DisableableDepends' : [ 0x258, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
+    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x290, ['long']],
+    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
+    'ContainerID' : [ 0x298, ['_GUID']],
+    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x2c0, ['unsigned long']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
+    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x68, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
+    'InterruptContext' : [ 0x58, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KAFFINITY_EX' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1969' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1969']],
+} ],
+  '__unnamed_1970' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1970']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x18, ['pointer64', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PullDefault', 1: 'PullUp', 2: 'PullDown', 3: 'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'IoRestrictionNone', 1: 'IoRestrictionInputOnly', 2: 'IoRestrictionOutputOnly', 3: 'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x20, ['pointer64', ['unsigned short']]],
+    'PinCount' : [ 0x28, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x2a, ['unsigned char']],
+    'ResourceSourceName' : [ 0x30, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x40, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x30, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'SlaveAddress' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x28, ['unsigned long']],
+    'RxBufferSize' : [ 0x2c, ['unsigned short']],
+    'TxBufferSize' : [ 0x2e, ['unsigned short']],
+    'Parity' : [ 0x30, ['unsigned char']],
+    'LinesInUse' : [ 0x31, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'DataBitLength' : [ 0x2c, ['unsigned char']],
+    'Phase' : [ 0x2d, ['unsigned char']],
+    'Polarity' : [ 0x2e, ['unsigned char']],
+    'DeviceSelection' : [ 0x30, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x1c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x18, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x20, ['pointer64', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x28, ['pointer64', ['void']]],
+    'Accounting' : [ 0x30, ['pointer64', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0xb30, {
+    'Name' : [ 0x0, ['pointer64', ['unsigned short']]],
+    'Id' : [ 0x8, ['unsigned char']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Priority' : [ 0x20, ['unsigned char']],
+    'Settings' : [ 0x28, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0xb08, ['unsigned long long']],
+    'Count' : [ 0xb10, ['unsigned long long']],
+    'MaxDuration' : [ 0xb18, ['unsigned long long']],
+    'MinDuration' : [ 0xb20, ['unsigned long long']],
+    'TotalDuration' : [ 0xb28, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0x570, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfBoostPolicy' : [ 0x2c, ['unsigned long']],
+    'PerfBoostMode' : [ 0x30, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x34, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x38, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x3c, ['unsigned long']],
+    'AutonomousPreference' : [ 0x40, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x41, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x43, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x45, ['unsigned char']],
+    'ParkingPerfState' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x48, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x49, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x4a, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x4b, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x4c, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x4d, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x4e, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x50, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x54, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x58, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x5a, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x5c, ['unsigned char']],
+    'IdleDisabled' : [ 0x5d, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x60, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x64, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x65, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x66, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x67, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x68, ['array', 640, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x2e8, ['array', 640, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0x568, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0x569, ['unsigned char']],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0xd0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x20, ['unsigned long long']],
+    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0xc0, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x210, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
+    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
+    'Event' : [ 0x158, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
+    'WritesInProgress' : [ 0x204, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x208, ['unsigned long']],
+} ],
+  '__unnamed_1a53' : [ 0x10, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_1a53']],
+    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '__unnamed_1a77' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_1a79' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1a7b' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_1a7d' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1a7f' : [ 0x30, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_1a83' : [ 0x58, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'PrefetchList' : [ 0x20, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x28, ['unsigned long']],
+    'Mdl' : [ 0x30, ['pointer64', ['_MDL']]],
+    'IoStatusBlock' : [ 0x38, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x40, ['pointer64', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x48, ['pointer64', ['_EPROCESS']]],
+    'RequestorMode' : [ 0x50, ['unsigned char']],
+    'NestingLevel' : [ 0x54, ['unsigned long']],
+} ],
+  '__unnamed_1a85' : [ 0x58, {
+    'Read' : [ 0x0, ['__unnamed_1a77']],
+    'Write' : [ 0x0, ['__unnamed_1a79']],
+    'Event' : [ 0x0, ['__unnamed_1a7b']],
+    'Notification' : [ 0x0, ['__unnamed_1a7d']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1a7f']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1a83']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x70, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_1a85']],
+    'Function' : [ 0x68, ['unsigned char']],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
+    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x90, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x298, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x90, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
+    'Signature' : [ 0x98, ['unsigned long']],
+    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
+    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
+    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x100, ['unsigned long long']],
+    'AlignMask' : [ 0x108, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
+    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
+    'FrontEndHeap' : [ 0x170, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x178, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x17a, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0x17b, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0x180, ['pointer64', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0x188, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0x18a, ['array', 129, ['unsigned char']]],
+    'Counters' : [ 0x210, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x288, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1af3' : [ 0x68, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x68, {
+    'Lock' : [ 0x0, ['__unnamed_1af3']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1b46' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1b48' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b46']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1b4a' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1b4c' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1b4a']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_1b48']],
+    'u2' : [ 0x4, ['__unnamed_1b4c']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x30, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_1b67' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1b69' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1b67']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x30, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_1b69']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1b7b' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b7d' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b7b']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_1b7d']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1b86' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b88' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b86']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_1b88']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1b8e' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b90' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b8e']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_1b90']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1bae' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bb0' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bae']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1d8, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0xd0, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0xe8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xf8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xf8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0x100, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0x148, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x150, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0x168, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0x170, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x178, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x180, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x190, ['long']],
+    'ReferenceNo' : [ 0x194, ['long']],
+    'ReferenceNoWait' : [ 0x198, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0x1a0, ['__unnamed_1bb0']],
+    'TargetQueuePort' : [ 0x1a8, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x1b0, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x1b8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x1c0, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x1c4, ['unsigned long']],
+    'PendingQueueLength' : [ 0x1c8, ['unsigned long']],
+    'DirectQueueLength' : [ 0x1cc, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x1d0, ['unsigned long']],
+    'WaitQueueLength' : [ 0x1d4, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x28, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x48, ['unsigned long long']],
+    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x58, ['pointer64', ['void']]],
+    'ListSize' : [ 0x60, ['unsigned long long']],
+    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x70, ['unsigned long long']],
+    'Data' : [ 0x78, ['pointer64', ['void']]],
+    'DataSize' : [ 0x80, ['unsigned long long']],
+    'BitmapLimit' : [ 0x88, ['unsigned long']],
+    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
+    'AttributeFlags' : [ 0x94, ['unsigned long']],
+    'AttributeSize' : [ 0x98, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0xd8, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xc0, ['unsigned long']],
+    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x18, ['long']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1b48']],
+    'u2' : [ 0x4, ['__unnamed_1b4c']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1bd6' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bd8' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bd6']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x108, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'u1' : [ 0x28, ['__unnamed_1bd8']],
+    'SequenceNo' : [ 0x2c, ['long']],
+    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
+    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x48, ['long']],
+    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xa8, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xb0, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xb8, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xc0, ['pointer64', ['_ETHREAD']]],
+    'WakeReference' : [ 0xc8, ['pointer64', ['void']]],
+    'ExtensionBuffer' : [ 0xd0, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0xd8, ['unsigned long long']],
+    'PortMessage' : [ 0xe0, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x40, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x28, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'TotalLength' : [ 0x34, ['unsigned short']],
+    'Type' : [ 0x36, ['unsigned short']],
+    'DataInfoOffset' : [ 0x38, ['unsigned short']],
+    'SignalCompletion' : [ 0x3a, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x3b, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x30, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ObjectType' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x40, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x38, ['_KALPC_DIRECT_EVENT']],
+} ],
+  '__unnamed_1c1c' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c1e' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c1c']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_1c1e']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x8, {
+    'Event' : [ 0x0, ['unsigned long long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x30, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
+    'ActivityId' : [ 0x10, ['_GUID']],
+    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x20, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x20, ['pointer64', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x28, ['long long']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x50, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xc0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x78, ['pointer64', ['void']]],
+    'Override' : [ 0x80, ['unsigned char']],
+    'QueryOnly' : [ 0x81, ['unsigned char']],
+    'DeleteOnly' : [ 0x82, ['unsigned char']],
+    'FullAttributes' : [ 0x83, ['unsigned char']],
+    'LocalFileObject' : [ 0x88, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x90, ['unsigned long']],
+    'AccessMode' : [ 0x94, ['unsigned char']],
+    'DriverCreateContext' : [ 0x98, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1ce5' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1ce5']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer64', ['unsigned short']]],
+    'LogFileName' : [ 0x40, ['pointer64', ['unsigned short']]],
+    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x110, ['unsigned long']],
+    'BuffersLost' : [ 0x114, ['unsigned long']],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x390, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'ErrorMarker' : [ 0x1c, ['unsigned long']],
+    'SizeMask' : [ 0x20, ['unsigned long']],
+    'GetCpuClock' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'FailureReason' : [ 0x3c, ['unsigned long']],
+    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x58, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x70, ['_LIST_ENTRY']],
+    'ProviderBinaryList' : [ 0x80, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x90, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x90, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x98, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0xa8, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0xb8, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xc8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xd8, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'FlushThreshold' : [ 0xe4, ['unsigned long']],
+    'ByteOffset' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xf0, ['unsigned long']],
+    'BuffersAvailable' : [ 0xf4, ['long']],
+    'NumberOfBuffers' : [ 0xf8, ['long']],
+    'MaximumBuffers' : [ 0xfc, ['unsigned long']],
+    'EventsLost' : [ 0x100, ['unsigned long']],
+    'PeakBuffersCount' : [ 0x104, ['long']],
+    'BuffersWritten' : [ 0x108, ['unsigned long']],
+    'LogBuffersLost' : [ 0x10c, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0x110, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0x114, ['unsigned long']],
+    'SequencePtr' : [ 0x118, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x120, ['unsigned long']],
+    'InstanceGuid' : [ 0x124, ['_GUID']],
+    'MaximumFileSize' : [ 0x134, ['unsigned long']],
+    'FileCounter' : [ 0x138, ['long']],
+    'PoolType' : [ 0x13c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x140, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0x150, ['long']],
+    'ProviderInfoSize' : [ 0x154, ['unsigned long']],
+    'Consumers' : [ 0x158, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x168, ['unsigned long']],
+    'TransitionConsumer' : [ 0x170, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x178, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x180, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x190, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x198, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x1a0, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x1a8, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x1b0, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1b8, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1c0, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1d0, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1d8, ['_KEVENT']],
+    'FlushEvent' : [ 0x1f0, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x208, ['_KTIMER']],
+    'LoggerDpc' : [ 0x248, ['_KDPC']],
+    'LoggerMutex' : [ 0x288, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2c8, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2c8, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2d0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x318, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x320, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x328, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x330, ['pointer64', ['void']]],
+    'BufferSequenceNumber' : [ 0x338, ['long long']],
+    'Flags' : [ 0x340, ['unsigned long']],
+    'Persistent' : [ 0x340, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x340, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x340, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x340, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x340, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x340, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x340, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x340, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x340, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x340, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x340, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x340, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x340, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x340, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x340, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'SpareFlags1' : [ 0x340, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x340, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x340, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x340, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x344, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x344, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x344, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x344, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x344, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x344, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x344, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x344, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x344, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x344, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x348, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x358, ['pointer64', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x360, ['pointer64', ['_ETW_PMC_SUPPORT']]],
+    'WinRtProviderBinaryList' : [ 0x368, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x378, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x380, ['_DISALLOWED_GUIDS']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x28, {
+    'Source' : [ 0x0, ['array', -16, ['Enumeration', dict(target = 'long', choices = {0: 'ProfileTime', 1: 'ProfileAlignmentFixup', 2: 'ProfileTotalIssues', 3: 'ProfilePipelineDry', 4: 'ProfileLoadInstructions', 5: 'ProfilePipelineFrozen', 6: 'ProfileBranchInstructions', 7: 'ProfileTotalNonissues', 8: 'ProfileDcacheMisses', 9: 'ProfileIcacheMisses', 10: 'ProfileCacheMisses', 11: 'ProfileBranchMispredictions', 12: 'ProfileStoreInstructions', 13: 'ProfileFpInstructions', 14: 'ProfileIntegerInstructions', 15: 'Profile2Issue', 16: 'Profile3Issue', 17: 'Profile4Issue', 18: 'ProfileSpecialInstructions', 19: 'ProfileTotalCycles', 20: 'ProfileIcacheIssues', 21: 'ProfileDcacheAccesses', 22: 'ProfileMemoryBarrierCycles', 23: 'ProfileLoadLinkedIssues', 24: 'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x10, ['unsigned long']],
+    'HookId' : [ 0x14, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x1c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x20, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0x13a8, {
+    'EtwpSecurityProviderGuidEntry' : [ 0x0, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x190, ['array', 64, ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'WmipLoggerContext' : [ 0x390, ['array', 64, ['pointer64', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x590, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0x1390, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0x13a0, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0x13a1, ['unsigned char']],
+    'EtwpSecurityProviderPID' : [ 0x13a4, ['unsigned long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x18, {
+    'RunRefs' : [ 0x0, ['pointer64', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x8, ['pointer64', ['void']]],
+    'RunRefSize' : [ 0x10, ['unsigned long']],
+    'Number' : [ 0x14, ['unsigned long']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x480, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc8, ['unsigned long']],
+    'TokenInUse' : [ 0xcc, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
+    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
+    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x310, ['pointer64', ['void']]],
+    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x320, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_LOWBOX_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
+    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
+    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x470, ['pointer64', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'VariablePart' : [ 0x478, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0xb0, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x30, ['pointer64', ['void']]],
+    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
+    'LowBoxHandlesTable' : [ 0x58, ['_SEP_LOWBOX_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x80, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0xa0, ['pointer64', ['_EJOB']]],
+    'SiblingAuthId' : [ 0xa8, ['_LUID']],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare' : [ 0x1c, ['unsigned long']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved' : [ 0x1a, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
+    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_REVOCATION_INFO' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x10, ['pointer64', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'Padding1' : [ 0x18, ['array', 4, ['unsigned char']]],
+    'Padding2' : [ 0x1c, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0x18, ['unsigned long']],
+    'HashIndex' : [ 0x1c, ['unsigned short']],
+    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
+    'LockedExclusive' : [ 0x1f, ['unsigned char']],
+    'LockStateSignature' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x158, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x138, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'SessionId' : [ 0x140, ['unsigned long']],
+    'NamespaceEntry' : [ 0x148, ['pointer64', ['void']]],
+    'Flags' : [ 0x150, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x2e0, {
+    'SystemDeviceMap' : [ 0x0, ['pointer64', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x8, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x80, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_DEVICE_MAP' : [ 0x40, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0x18, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x428, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x10, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
+    'ErrorCount' : [ 0x18, ['long']],
+    'RecordCount' : [ 0x1c, ['unsigned long']],
+    'RecordLength' : [ 0x20, ['unsigned long']],
+    'PoolTag' : [ 0x24, ['unsigned long']],
+    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x38, ['pointer64', ['void']]],
+    'SectionCount' : [ 0x40, ['unsigned long']],
+    'SectionLength' : [ 0x44, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
+    'TotalErrors' : [ 0x54, ['unsigned long']],
+    'Deferred' : [ 0x58, ['unsigned char']],
+    'Descriptor' : [ 0x59, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x10, ['unsigned long']],
+    'ProcessorNumber' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x1c, ['long']],
+    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'ConnectLock' : [ 0x8, ['_KEVENT']],
+    'LineMasked' : [ 0x20, ['unsigned char']],
+    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long long']],
+    'WorkQueue' : [ 0x20, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
+    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
+    'AcceptAcpiNotification' : [ 0x70, ['pointer64', ['void']]],
+    'WorkOrderCount' : [ 0x78, ['unsigned long']],
+    'WorkOrders' : [ 0x80, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x180, {
+    'DeleteSubsectionCleanup' : [ 0x0, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x18, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x30, ['unsigned long long']],
+    'DereferenceSegmentHeader' : [ 0x38, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x68, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x78, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0xb8, ['unsigned char']],
+    'DeleteOnCloseCount' : [ 0xbc, ['unsigned long']],
+    'UnusedSegmentList' : [ 0xc0, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0xd0, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0xe0, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0xf0, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'SegmentListLock' : [ 0x140, ['long']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x150, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x108, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x20, ['unsigned short']],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Reserved1' : [ 0x2, ['unsigned char']],
+    'Timer2Reserved2' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x190, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long long']],
+    'Guid' : [ 0x18, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['pointer64', ['_ETW_FILTER_HEADER']]],
+    'HostSilo' : [ 0x178, ['unsigned char']],
+    'Lock' : [ 0x180, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x188, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_HEAP_COUNTERS' : [ 0x78, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x50, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
+    'LastPolledSize' : [ 0x70, ['unsigned long long']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0x1100, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x8, ['unsigned long long']],
+    'NumberOfPhysicalPages' : [ 0x10, ['unsigned long long']],
+    'NumberOfPagingFiles' : [ 0x18, ['unsigned long']],
+    'PagingFile' : [ 0x20, ['array', 16, ['pointer64', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0xc0, ['unsigned long long']],
+    'ResidentAvailablePages' : [ 0x100, ['unsigned long long']],
+    'TotalCommittedPages' : [ 0x108, ['unsigned long long']],
+    'ModifiedPageListHead' : [ 0x140, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x180, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x1a8, ['unsigned long long']],
+    'TotalPagesForPagingFile' : [ 0x1b0, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x1b8, ['unsigned long long']],
+    'ProcessLockedFilePages' : [ 0x1c0, ['unsigned long long']],
+    'ChargeCommitmentFailures' : [ 0x1c8, ['array', 4, ['unsigned long']]],
+    'PageTableBitmapPages' : [ 0x1d8, ['unsigned long long']],
+    'PageFileTraceIndex' : [ 0x1e0, ['long']],
+    'PageFileTraces' : [ 0x1e8, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x20, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x118, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x100, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x108, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x110, ['unsigned long long']],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_MI_ACTIVE_WSLE_LISTHEAD' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x68, ['unsigned char']],
+    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'QueryRemoveDevice', 1: 'CancelRemoveDevice', 2: 'RemoveDevice', 3: 'SurpriseRemoveDevice', 4: 'EjectDevice', 5: 'RemoveFailedDevice', 6: 'RemoveUnstartedFailedDevice', 7: 'MaxDeviceDeleteType'})]],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0x180, {
+    'Latency' : [ 0x0, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x4, ['unsigned long']],
+    'VetoAccounting' : [ 0x8, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x30, ['unsigned char']],
+    'Platform' : [ 0x31, ['unsigned char']],
+    'DependencyListCount' : [ 0x34, ['unsigned long']],
+    'Processors' : [ 0x38, ['_KAFFINITY_EX']],
+    'Name' : [ 0xe0, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0xf0, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0xf8, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x100, ['unsigned long long']],
+    'RefCount' : [ 0x140, ['long']],
+    'CacheAlign0' : [ 0x140, ['array', 64, ['unsigned char']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x48, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x58, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'AppContainerNumber' : [ 0x30, ['unsigned long']],
+    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
+    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
+    'SecurityAttributes' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x10, {
+    'Key' : [ 0x0, ['pointer64', ['void']]],
+    'Index' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x20, ['long']],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'FloppyMedia' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['unsigned long long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Pattern' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x50, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 1, ['_GUID']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x30, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x18, ['_KEVENT']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x38, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_CM_KEY_BODY' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KtmTrans' : [ 0x38, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x10, ['unsigned char']],
+    'BlockState' : [ 0x11, ['unsigned char']],
+    'WaitKey' : [ 0x12, ['unsigned short']],
+    'SpareLong' : [ 0x14, ['long']],
+    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
+    'Object' : [ 0x20, ['pointer64', ['void']]],
+    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+} ],
+  '__unnamed_1ed8' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_1eda' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_1ed8']],
+    'Private' : [ 0x0, ['__unnamed_1eda']],
+} ],
+  '_KTIMER2' : [ 0x88, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x18, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x58, ['long long']],
+    'Callback' : [ 0x60, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x68, ['pointer64', ['void']]],
+    'DisableCallback' : [ 0x70, ['pointer64', ['void']]],
+    'DisableContext' : [ 0x78, ['pointer64', ['void']]],
+    'AbsoluteSystemTime' : [ 0x80, ['unsigned char']],
+    'TypeFlags' : [ 0x81, ['unsigned char']],
+    'Unused' : [ 0x81, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x81, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x81, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x81, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x81, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x82, ['array', 2, ['unsigned char']]],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SubsectionMappedDirect' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'Abandoned' : [ 0x30, ['unsigned char']],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x18, {
+    'DynamicRelocations' : [ 0x0, ['pointer64', ['void']]],
+    'SecurityContext' : [ 0x8, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x10, ['unsigned long long']],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 28, native_type='unsigned long long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x418, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'ForceIdle' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ReasonFlags' : [ 0x24, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x28, ['unsigned long long']],
+    'PreviousStatus' : [ 0x30, ['long']],
+    'PreviousCancelReason' : [ 0x34, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x38, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0xe0, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x188, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x190, ['pointer64', ['void']]],
+    'IdleExecute' : [ 0x198, ['pointer64', ['void']]],
+    'IdlePreselect' : [ 0x1a0, ['pointer64', ['void']]],
+    'IdleTest' : [ 0x1a8, ['pointer64', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x1b0, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x1b8, ['pointer64', ['void']]],
+    'IdleCancel' : [ 0x1c0, ['pointer64', ['void']]],
+    'IdleIsHalted' : [ 0x1c8, ['pointer64', ['void']]],
+    'IdleInitiateWake' : [ 0x1d0, ['pointer64', ['void']]],
+    'PrepareInfo' : [ 0x1d8, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0x230, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0x2d8, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0x2e0, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0x2e8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0x2f8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0x308, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x320, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x28, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0x18, ['unsigned char']],
+    'BlocksDrips' : [ 0x19, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x1c, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x20, ['pointer64', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_PEB' : [ 0x7a0, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['void']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'SparePvoid0' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pUnused' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['pointer64', ['void']]]],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x98, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned short']],
+    'Flags' : [ 0x5a, ['unsigned char']],
+    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x8, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x8, ['unsigned long long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'RunningDeAllocs' : [ 0x44, ['long']],
+    'TotalBigPages' : [ 0x48, ['long']],
+    'ThreadsProcessingDeferrals' : [ 0x4c, ['long']],
+    'TotalBytes' : [ 0x50, ['unsigned long long']],
+    'PoolIndex' : [ 0x80, ['unsigned long']],
+    'TotalPages' : [ 0xc0, ['long']],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'PendingFreeDepth' : [ 0x108, ['long']],
+    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x50, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
+    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x88, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x10, ['unsigned long long']],
+    'ItemCount' : [ 0x18, ['long']],
+    'Dpc' : [ 0x20, ['_KDPC']],
+    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0x100, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
+    'ActiveCount' : [ 0x66, ['unsigned short']],
+    'InternalState' : [ 0x68, ['long']],
+    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x74, ['unsigned long']],
+    'DispatchCount' : [ 0x78, ['unsigned long']],
+    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x90, ['pointer64', ['void']]],
+    'ServiceThread' : [ 0x98, ['pointer64', ['_KTHREAD']]],
+    'ConnectionData' : [ 0xa0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0xa8, ['pointer64', ['void']]],
+    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xf0, ['pointer64', ['void']]],
+    'Padding' : [ 0xf8, ['array', 8, ['unsigned char']]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x98, {
+    'FileName' : [ 0x0, ['pointer64', ['unsigned short']]],
+    'BaseName' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+    'FilePath' : [ 0x88, ['_UNICODE_STRING']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1fa4' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: 'WheaErrSrcStateStopped', 2: 'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_1fa4']],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x2d0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Node' : [ 0x2b0, ['pointer64', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x2b8, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x2bc, ['unsigned long']],
+    'ThreadCount' : [ 0x2c0, ['long']],
+    'MinThreads' : [ 0x2c4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x2c4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x2c8, ['long']],
+    'QueueIndex' : [ 0x2cc, ['Enumeration', dict(target = 'long', choices = {0: 'ExPoolUntrusted', 1: 'ExPoolTrusted', 8: 'ExPoolMax'})]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ZeroNonCachedByConverting' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ZeroWriteCombinedByConverting' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'Width8Bits', 1: 'Width16Bits', 2: 'Width32Bits', 3: 'Width64Bits', 4: 'WidthNoWrap', 5: 'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'Compatible', 1: 'TypeA', 2: 'TypeB', 3: 'TypeC', 4: 'TypeF', 5: 'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_IO_WORKITEM' : [ 0x58, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'WorkingOnBehalfClient' : [ 0x38, ['pointer64', ['void']]],
+    'Type' : [ 0x40, ['unsigned long']],
+    'ActivityId' : [ 0x44, ['_GUID']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MMWSLE_HASH' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long long']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x88, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x40, ['_KDPC']],
+    'WorkOrder' : [ 0x80, ['pointer64', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'SecureInfo' : [ 0x10, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP_EX']],
+    'InPageSupport' : [ 0x10, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x10, ['pointer64', ['_MI_LARGEPAGE_MEMORY_INFO']]],
+    'CreatingThread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'PebTeb' : [ 0x10, ['_MI_SUB64K_FREE_RANGES']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Luid' : [ 0x20, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x28, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x30, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x18, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MIPFNBLINK' : [ 0x8, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 62, native_type='unsigned long long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+    'Lock' : [ 0x0, ['long long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x18, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long long']],
+    'NumberOfProcessReferences' : [ 0x8, ['unsigned long long']],
+    'ClonePtes' : [ 0x10, ['pointer64', ['_MMCLONE_BLOCK']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xb8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'ArgumentStatus' : [ 0x14, ['long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'Lock' : [ 0x44, ['unsigned long']],
+    'Cancel' : [ 0x48, ['unsigned char']],
+    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x58, ['_GUID']],
+    'Data' : [ 0x68, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PS_WAKE_INFORMATION' : [ 0x38, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 5, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x30, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x48, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x8, {
+    'Head' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_RTL_BITMAP_EX' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0xd40, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer64', ['_MMPFNLIST']]]],
+    'FreePageSlist' : [ 0x10, ['array', 2, ['pointer64', ['_SLIST_HEADER']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x280, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x500, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x780, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x7c0, ['_MMPFNLIST']],
+    'PageLocationList' : [ 0x7e8, ['array', 8, ['pointer64', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x828, ['array', 8, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x848, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x9c8, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x9e8, ['unsigned long']],
+    'LastDecayHandUpdateTime' : [ 0x9f0, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x9f8, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0xa40, ['unsigned long long']],
+    'AvailablePageWaitStates' : [ 0xa48, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'LowMemoryThreshold' : [ 0xaa8, ['unsigned long long']],
+    'HighMemoryThreshold' : [ 0xab0, ['unsigned long long']],
+    'TransitionPrivatePages' : [ 0xac0, ['unsigned long long']],
+    'StandbyListDiscard' : [ 0xac8, ['unsigned long']],
+    'FreeListDiscard' : [ 0xacc, ['unsigned char']],
+    'RebuildLargePagesInitialized' : [ 0xacd, ['unsigned char']],
+    'RebuildLargePagesItem' : [ 0xad0, ['_MI_REBUILD_LARGE_PAGES']],
+    'AddMemoryNotifyList' : [ 0xcf8, ['_LIST_ENTRY']],
+    'MirrorListLocks' : [ 0xd08, ['pointer64', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x128, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Delete' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'DelayedDeref' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DelayedClose' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Parking' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyHash' : [ 0x10, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x10, ['unsigned long']],
+    'NextHash' : [ 0x18, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x20, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x28, ['unsigned long']],
+    'KcbPushlock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x38, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x38, ['long']],
+    'SlotHint' : [ 0x40, ['unsigned long']],
+    'ParentKcb' : [ 0x48, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x50, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x60, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x70, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x70, ['unsigned long']],
+    'SubKeyCount' : [ 0x70, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x78, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x88, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xb0, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xb2, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xb4, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb8, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_KLOCK_ENTRY' : [ 0x60, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0x18, ['unsigned long']],
+    'EntryOffset' : [ 0x18, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0x19, ['unsigned char']],
+    'WaitingBit' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0x1a, ['unsigned char']],
+    'AcquiredBit' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0x1b, ['unsigned char']],
+    'HeadNodeBit' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'SpareFlags' : [ 0x1c, ['unsigned long']],
+    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
+    'InTreeByte' : [ 0x27, ['unsigned char']],
+    'SessionState' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+    'SessionPad' : [ 0x2c, ['unsigned long']],
+    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
+    'EntryLock' : [ 0x50, ['unsigned long long']],
+    'AllBoosts' : [ 0x58, ['unsigned short']],
+    'IoBoost' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'CpuBoostsBitmap' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x5a, ['unsigned short']],
+    'SparePad' : [ 0x5c, ['unsigned short']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 24, native_type='unsigned long long')]],
+    'LocalPartition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2080' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x108, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_2080']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
+    'ByteCount' : [ 0x88, ['unsigned long']],
+    'ChargedPages' : [ 0x8c, ['unsigned long']],
+    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'Partition' : [ 0xc0, ['pointer64', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xd0, ['_MDL']],
+    'Page' : [ 0x100, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long long']],
+    'TotalCommitLimitMaximum' : [ 0x8, ['unsigned long long']],
+    'Popups' : [ 0x10, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x18, ['unsigned long long']],
+    'HighCommitThreshold' : [ 0x20, ['unsigned long long']],
+    'EventLock' : [ 0x28, ['unsigned long long']],
+    'SystemCommitReserve' : [ 0x30, ['unsigned long long']],
+    'OverCommit' : [ 0x40, ['unsigned long long']],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x28, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['unsigned long']],
+    'NonPagedFrees' : [ 0x8, ['unsigned long']],
+    'NonPagedBytes' : [ 0x10, ['unsigned long long']],
+    'PagedAllocs' : [ 0x18, ['unsigned long']],
+    'PagedFrees' : [ 0x1c, ['unsigned long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x50, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'CycleTime' : [ 0x10, ['unsigned long long']],
+    'ContextSwitches' : [ 0x18, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x20, ['long long']],
+    'WriteOperationCount' : [ 0x28, ['long long']],
+    'OtherOperationCount' : [ 0x30, ['long long']],
+    'ReadTransferCount' : [ 0x38, ['long long']],
+    'WriteTransferCount' : [ 0x40, ['long long']],
+    'OtherTransferCount' : [ 0x48, ['long long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x1d0, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x28, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x30, ['unsigned char']],
+    'PepWokenTransition' : [ 0x31, ['unsigned char']],
+    'Class' : [ 0x32, ['unsigned char']],
+    'TargetIdleState' : [ 0x34, ['unsigned long']],
+    'IdlePolicy' : [ 0x38, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x40, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x48, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower', 3: 'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xdc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xe0, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0xe8, ['long']],
+    'FFHThrottleStateInfo' : [ 0xf0, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x110, ['_KDPC']],
+    'PerfActionMask' : [ 0x150, ['long']],
+    'HvIdleCheck' : [ 0x158, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x168, ['pointer64', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x170, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x178, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x180, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x188, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x190, ['pointer64', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x198, ['unsigned char']],
+    'HvTargetState' : [ 0x199, ['unsigned char']],
+    'Parked' : [ 0x19a, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x19c, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x1a0, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x1a4, ['unsigned long']],
+    'RelativePerformance' : [ 0x1a8, ['unsigned long']],
+    'Utility' : [ 0x1ac, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x1b0, ['unsigned long']],
+    'SnapTimeLast' : [ 0x1b8, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x1b8, ['unsigned long long']],
+    'ActiveTime' : [ 0x1c0, ['unsigned long long']],
+    'TotalTime' : [ 0x1c8, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMPFNENTRY' : [ 0x2, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Priority' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0x40, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x20, {
+    'CompletionRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'RequestorMode' : [ 0x18, ['unsigned char']],
+    'NestingLevel' : [ 0x1c, ['unsigned long']],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_CMHIVE' : [ 0x17a8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0xa68, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0xa98, ['_LIST_ENTRY']],
+    'HiveList' : [ 0xaa8, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0xab8, ['_LIST_ENTRY']],
+    'FailedUnloadList' : [ 0xac8, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0xad8, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0xae0, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0xaf0, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0xaf8, ['unsigned long']],
+    'DeletedKcbTable' : [ 0xb00, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0xb08, ['unsigned long']],
+    'Identity' : [ 0xb0c, ['unsigned long']],
+    'HiveLock' : [ 0xb10, ['pointer64', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0xb18, ['pointer64', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0xb20, ['pointer64', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0xb28, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0xb38, ['unsigned long']],
+    'FlushLogEntry' : [ 0xb40, ['pointer64', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0xb48, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0xb4c, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0xb50, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0xb58, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0xb68, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0xb70, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0xb78, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0xb80, ['pointer64', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0xb88, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0xb90, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0xb94, ['unsigned long']],
+    'ActualFileSize' : [ 0xb98, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0xba0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0xbb0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0xbc0, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0xbd0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0xbe0, ['unsigned long']],
+    'SecurityCacheSize' : [ 0xbe4, ['unsigned long']],
+    'SecurityHitHint' : [ 0xbe8, ['long']],
+    'SecurityCache' : [ 0xbf0, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0xbf8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xff8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x1000, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0x1008, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x1010, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x1018, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x1020, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0x1048, ['unsigned char']],
+    'GrowOffset' : [ 0x104c, ['unsigned long']],
+    'KcbConvertListHead' : [ 0x1050, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0x1060, ['pointer64', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0x1068, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x14f0, ['unsigned long']],
+    'TrustClassEntry' : [ 0x14f8, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x1508, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x1510, ['unsigned long long']],
+    'CmRm' : [ 0x1518, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x1520, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x1524, ['long']],
+    'CreatorOwner' : [ 0x1528, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0x1530, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x1538, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x1540, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x1558, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x1570, ['unsigned long']],
+    'FlushActive' : [ 0x1570, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0x1570, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0x1570, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x1570, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x1574, ['unsigned long']],
+    'ReferenceCount' : [ 0x1578, ['long']],
+    'UnloadHistoryIndex' : [ 0x157c, ['long']],
+    'UnloadHistory' : [ 0x1580, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0x1780, ['unsigned long']],
+    'UnaccessedStart' : [ 0x1784, ['unsigned long']],
+    'UnaccessedEnd' : [ 0x1788, ['unsigned long']],
+    'LoadedKeyCount' : [ 0x178c, ['unsigned long']],
+    'HandleClosePending' : [ 0x1790, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0x1798, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0x17a0, ['unsigned char']],
+    'FailedUnload' : [ 0x17a1, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
+    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
+    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
+    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
+    'AvailableHistory' : [ 0x30, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'HitCount' : [ 0x18, ['unsigned long long']],
+    'LastActivationTime' : [ 0x20, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x28, ['unsigned long long']],
+    'CsActivationTime' : [ 0x30, ['unsigned long long']],
+    'CsActiveTime' : [ 0x38, ['unsigned long long']],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderZero', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderVsmMemory', 30: 'LoaderFirmwareCode', 31: 'LoaderFirmwareData', 32: 'LoaderFirmwareReserved', 33: 'LoaderEnclaveMemory', 34: 'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x408, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x20, ['unsigned char']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xa8, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+} ],
+  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
+    'CurrentSize' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'Epoch' : [ 0x8, ['unsigned long']],
+    'Overflow' : [ 0xc, ['unsigned char']],
+    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x100, {
+    'DriverInit' : [ 0x0, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x8, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x10, ['pointer64', ['void']]],
+    'AddDevice' : [ 0x18, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x20, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x18, {
+    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x10, ['unsigned long']],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x10, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x90, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
+    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
+    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsFlags' : [ 0x50, ['unsigned long']],
+    'TebSelector' : [ 0x88, ['unsigned short']],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_ETIMER' : [ 0x138, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x40, ['unsigned long long']],
+    'TimerApc' : [ 0x48, ['_KAPC']],
+    'TimerDpc' : [ 0xa0, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Period' : [ 0xf0, ['unsigned long']],
+    'TimerFlags' : [ 0xf4, ['unsigned char']],
+    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0xf5, ['unsigned char']],
+    'Spare2' : [ 0xf6, ['unsigned short']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x128, ['unsigned long long']],
+    'CoalescingWindow' : [ 0x130, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x90, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'Count' : [ 0x28, ['unsigned long long']],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'StackTrace' : [ 0x40, ['array', 8, ['pointer64', ['void']]]],
+    'Who' : [ 0x80, ['unsigned long']],
+    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_EXHANDLE' : [ 0x8, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_2155' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_2155']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x150, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['unsigned short']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x120, ['unsigned char']],
+    'TransactionEvent' : [ 0x128, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x130, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x138, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x140, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x148, ['pointer64', ['void']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x1bc0, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x100, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x380, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x440, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x4d0, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x530, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x600, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x8c0, ['_MI_COMBINE_STATE']],
+    'Partitions' : [ 0xa60, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0xac0, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0xb40, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0xc00, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0xc80, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0xdc0, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0xe80, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x1000, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x1060, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x10b0, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x1180, ['_MI_SYSTEM_TRIM_STATE']],
+    'ResTrack' : [ 0x11c0, ['_MI_RESAVAIL_TRACKER']],
+    'Cookie' : [ 0x1540, ['unsigned long long']],
+    'ZeroingDisabled' : [ 0x1548, ['long']],
+    'BootRegistryRuns' : [ 0x1550, ['pointer64', ['pointer64', ['void']]]],
+    'FullyInitialized' : [ 0x1558, ['unsigned char']],
+    'SafeBooted' : [ 0x1559, ['unsigned char']],
+    'LargePfnBitMap' : [ 0x1560, ['_RTL_BITMAP_EX']],
+    'TraceLogging' : [ 0x1570, ['pointer64', ['_TlgProvider_t']]],
+    'Vs' : [ 0x1580, ['_MI_VISIBLE_STATE']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0x18, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x8, ['_PPM_SELECTION_MENU']],
+} ],
+  '__unnamed_21cf' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_21d1' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_21cf']],
+} ],
+  '__unnamed_21d3' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_21d1']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_21d3']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0x640, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x50, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x68, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0xa0, ['unsigned long long']],
+    'SizeOfPagedPoolInPages' : [ 0xa8, ['unsigned long long']],
+    'SystemPteInfo' : [ 0xb0, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0x110, ['unsigned long long']],
+    'BootCommit' : [ 0x118, ['unsigned long long']],
+    'MdlPagesAllocated' : [ 0x120, ['unsigned long long']],
+    'SystemPageTableCommit' : [ 0x128, ['unsigned long long']],
+    'SpecialPagesInUse' : [ 0x130, ['unsigned long long']],
+    'WsOverheadPages' : [ 0x138, ['unsigned long long']],
+    'VadBitmapPages' : [ 0x140, ['unsigned long long']],
+    'ProcessCommit' : [ 0x148, ['unsigned long long']],
+    'SharedCommit' : [ 0x150, ['unsigned long long']],
+    'DriverCommit' : [ 0x158, ['long']],
+    'SystemWs' : [ 0x180, ['array', 3, ['_MMSUPPORT']]],
+    'MapCacheFailures' : [ 0x468, ['unsigned long']],
+    'PagefileHashPages' : [ 0x470, ['unsigned long long']],
+    'PteHeader' : [ 0x478, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x590, ['pointer64', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x598, ['array', 14, ['unsigned long long']]],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_HMAP_TABLE' : [ 0x5000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '_SEP_LOWBOX_HANDLES_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'HandleCount' : [ 0x28, ['unsigned long']],
+    'Handles' : [ 0x30, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x58, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'ProcCap' : [ 0x10, ['unsigned long']],
+    'ProcFloor' : [ 0x14, ['unsigned long']],
+    'PlatformCap' : [ 0x18, ['unsigned long']],
+    'ThermalCap' : [ 0x1c, ['unsigned long']],
+    'LimitReasons' : [ 0x20, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x28, ['unsigned long long']],
+    'TargetPercent' : [ 0x30, ['unsigned long']],
+    'SelectedPercent' : [ 0x34, ['unsigned long']],
+    'SelectedFrequency' : [ 0x38, ['unsigned long']],
+    'PreviousFrequency' : [ 0x3c, ['unsigned long']],
+    'PreviousPercent' : [ 0x40, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x44, ['unsigned long']],
+    'SelectedState' : [ 0x48, ['unsigned long long']],
+    'Force' : [ 0x50, ['unsigned char']],
+} ],
+  '__unnamed_21ef' : [ 0x20, {
+    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
+    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
+    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_21f2' : [ 0x10, {
+    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0xf8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x30, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x78, ['_KDPC']],
+    'MinorFunction' : [ 0xb8, ['unsigned char']],
+    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'PowerState' : [ 0xc0, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
+    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0xd0, ['unsigned char']],
+    'NotifyPEP' : [ 0xd1, ['unsigned char']],
+    'Device' : [ 0xd8, ['__unnamed_21ef']],
+    'System' : [ 0xd8, ['__unnamed_21f2']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xb8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'ProbeRaises' : [ 0x38, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x78, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'WsLinear' : [ 0x88, ['unsigned long']],
+    'PageHashErrors' : [ 0x8c, ['unsigned long']],
+    'CheckZeroCount' : [ 0x90, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x94, ['long']],
+    'BadPagesDetected' : [ 0x98, ['long']],
+    'ScrubPasses' : [ 0x9c, ['long']],
+    'ScrubBadPagesFound' : [ 0xa0, ['long']],
+    'UserViewFailures' : [ 0xa4, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0xa8, ['unsigned long']],
+    'ResavailFailures' : [ 0xac, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xb4, ['unsigned char']],
+    'InitFailure' : [ 0xb5, ['unsigned char']],
+    'StopBadMaps' : [ 0xb6, ['unsigned char']],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_MI_USER_VA_INFO' : [ 0x158, {
+    'NumberOfCommittedPageTables' : [ 0x0, ['unsigned long']],
+    'HighestTopDownAllocationAddress' : [ 0x8, ['pointer64', ['void']]],
+    'VadCell' : [ 0x10, ['array', 2, ['_MI_VAD_ALLOCATION_CELL']]],
+    'VadBitMapCommitment' : [ 0x60, ['unsigned long']],
+    'MaximumLastVadBit' : [ 0x64, ['unsigned long']],
+    'VadsBeingDeleted' : [ 0x68, ['long']],
+    'NumberOfDebugEnclaves' : [ 0x6c, ['long']],
+    'PhysicalMappingCount' : [ 0x70, ['unsigned long long']],
+    'LastVadDeletionEvent' : [ 0x78, ['pointer64', ['_KEVENT']]],
+    'SubVadRanges' : [ 0x80, ['array', 3, ['_LIST_ENTRY']]],
+    'NumaAware' : [ 0xb0, ['unsigned char']],
+    'CloneNestingLevel' : [ 0xb8, ['unsigned long long']],
+    'PrivateFixupVadCount' : [ 0xc0, ['unsigned long long']],
+    'CfgBitMap' : [ 0xc8, ['array', 2, ['_MI_CFG_BITMAP_INFO']]],
+    'CommittedPageTableBufferForTopLevel' : [ 0xf8, ['array', 8, ['unsigned long']]],
+    'CommittedPageTableBitmaps' : [ 0x118, ['array', 3, ['_RTL_BITMAP']]],
+    'PageTableBitmapPages' : [ 0x148, ['array', 3, ['unsigned long']]],
+} ],
+  '_PROC_FEEDBACK' : [ 0x90, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
+    'UnscaledTime' : [ 0x30, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x38, ['long long']],
+    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
+    'UserTimeLast' : [ 0x60, ['unsigned long']],
+    'KernelTimeLast' : [ 0x64, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x68, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x70, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x78, ['unsigned long long']],
+    'StallTime' : [ 0x80, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x88, ['unsigned char']],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x38, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0x18, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_220f' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2213' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2215' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2217' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2219' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_221b' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_221d' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_221f' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2221' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2223' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2225' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2227' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_220f']],
+    'Memory' : [ 0x0, ['__unnamed_220f']],
+    'Interrupt' : [ 0x0, ['__unnamed_2213']],
+    'Dma' : [ 0x0, ['__unnamed_2215']],
+    'DmaV3' : [ 0x0, ['__unnamed_2217']],
+    'Generic' : [ 0x0, ['__unnamed_220f']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2219']],
+    'BusNumber' : [ 0x0, ['__unnamed_221b']],
+    'ConfigData' : [ 0x0, ['__unnamed_221d']],
+    'Memory40' : [ 0x0, ['__unnamed_221f']],
+    'Memory48' : [ 0x0, ['__unnamed_2221']],
+    'Memory64' : [ 0x0, ['__unnamed_2223']],
+    'Connection' : [ 0x0, ['__unnamed_2225']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_2227']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x348, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+    'State' : [ 0x40, ['unsigned char']],
+    'Flags' : [ 0x41, ['unsigned char']],
+    'Removing' : [ 0x42, ['unsigned char']],
+    'Mode' : [ 0x43, ['unsigned char']],
+    'PendingMode' : [ 0x44, ['unsigned char']],
+    'ActivePoint' : [ 0x45, ['unsigned char']],
+    'PendingActivePoint' : [ 0x46, ['unsigned char']],
+    'Critical' : [ 0x47, ['unsigned char']],
+    'ThermalStandby' : [ 0x48, ['unsigned char']],
+    'OverThrottled' : [ 0x49, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x4c, ['long']],
+    'Throttle' : [ 0x50, ['long']],
+    'PendingThrottle' : [ 0x54, ['long']],
+    'ThrottleReasons' : [ 0x58, ['unsigned long']],
+    'LastTime' : [ 0x60, ['unsigned long long']],
+    'SampleRate' : [ 0x68, ['unsigned long']],
+    'LastTemp' : [ 0x6c, ['unsigned long']],
+    'PassiveTimer' : [ 0x70, ['_KTIMER']],
+    'PassiveDpc' : [ 0xb0, ['_KDPC']],
+    'Info' : [ 0xf0, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0x148, ['_LARGE_INTEGER']],
+    'Policy' : [ 0x150, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0x168, ['unsigned char']],
+    'LastActiveStartTime' : [ 0x170, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x178, ['unsigned long long']],
+    'WorkItem' : [ 0x180, ['_WORK_QUEUE_ITEM']],
+    'Lock' : [ 0x1a0, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x1b0, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x1c8, ['_KEVENT']],
+    'InstanceId' : [ 0x1e0, ['unsigned long']],
+    'TelemetryTracker' : [ 0x1e8, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x338, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_REBUILD_LARGE_PAGES' : [ 0x228, {
+    'Active' : [ 0x0, ['long']],
+    'Timer' : [ 0x4, ['array', 64, ['array', 4, ['_MI_REBUILD_LARGE_PAGE_COUNTDOWN']]]],
+    'WorkItem' : [ 0x208, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_HHIVE' : [ 0xa68, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x28, ['pointer64', ['void']]],
+    'FileRead' : [ 0x30, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x38, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x40, ['pointer64', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x48, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x58, ['unsigned long']],
+    'DirtyAlloc' : [ 0x5c, ['unsigned long']],
+    'UnreconciledVector' : [ 0x60, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x70, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x74, ['unsigned long']],
+    'Cluster' : [ 0x78, ['unsigned long']],
+    'Flat' : [ 0x7c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x7c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SystemCacheBacked' : [ 0x7c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x7c, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x7d, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x80, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x84, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x88, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x8c, ['unsigned long']],
+    'HiveFlags' : [ 0x90, ['unsigned long']],
+    'CurrentLog' : [ 0x94, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x98, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x9c, ['unsigned long']],
+    'CurrentLogOffset' : [ 0xa0, ['unsigned long']],
+    'MinimumLogSequence' : [ 0xa4, ['unsigned long']],
+    'LogFileSizeCap' : [ 0xa8, ['unsigned long']],
+    'LogDataPresent' : [ 0xac, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0xae, ['unsigned char']],
+    'BaseBlockDirty' : [ 0xaf, ['unsigned char']],
+    'LastLogSwapTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0xb8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0xb8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0xb8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0xb8, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0xba, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0xbc, ['unsigned long']],
+    'StorageTypeCount' : [ 0xc0, ['unsigned long']],
+    'Version' : [ 0xc4, ['unsigned long']],
+    'ViewMap' : [ 0xc8, ['_HVIEW_MAP']],
+    'Storage' : [ 0x578, ['array', 2, ['_DUAL']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x48, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkFilter' : [ 0x28, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'EventIdFilter' : [ 0x30, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x38, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x40, ['pointer64', ['_EVENT_FILTER_HEADER']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_CM_TRANS' : [ 0xa8, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KtmTrans' : [ 0x30, ['pointer64', ['void']]],
+    'CmRm' : [ 0x38, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x40, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x48, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x50, ['_GUID']],
+    'StartLsn' : [ 0x60, ['unsigned long long']],
+    'TransState' : [ 0x68, ['unsigned long']],
+    'HiveCount' : [ 0x6c, ['unsigned long']],
+    'HiveArray' : [ 0x70, ['array', 7, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x150, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 20, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb0, ['array', 20, ['unsigned long long']]],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_HVIEW_MAP' : [ 0x4b0, {
+    'MappedLength' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Directory' : [ 0x18, ['pointer64', ['_HVIEW_MAP_DIRECTORY']]],
+    'PagesCharged' : [ 0x20, ['unsigned long']],
+    'PinLog' : [ 0x28, ['_HVIEW_MAP_PIN_LOG']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_HVIEW_MAP_DIRECTORY' : [ 0x400, {
+    'Tables' : [ 0x0, ['array', 128, ['pointer64', ['_HVIEW_MAP_TABLE']]]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '__unnamed_229f' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_22a1' : [ 0x20, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_229f']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x38, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'u1' : [ 0x10, ['__unnamed_22a1']],
+    'VerifiedData' : [ 0x30, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '__unnamed_22aa' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22ac' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22ae' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22b0' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_22b2' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_22b4' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22b6' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_22b8' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22ba' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_22bc' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_22aa']],
+    'TargetDevice' : [ 0x0, ['__unnamed_22ac']],
+    'InstallDevice' : [ 0x0, ['__unnamed_22ac']],
+    'CustomNotification' : [ 0x0, ['__unnamed_22ae']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_22b0']],
+    'PowerNotification' : [ 0x0, ['__unnamed_22b2']],
+    'VetoNotification' : [ 0x0, ['__unnamed_22b4']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_22b6']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_22b8']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_22ba']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_22ac']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_22ac']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'DeviceInstanceStartedEvent', 12: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_22bc']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x58, {
+    'Context' : [ 0x0, ['pointer64', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x4c, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x50, ['unsigned long']],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '__unnamed_22d8' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_22d8']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x8, ['unsigned long long']],
+    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0xa8, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NodeGraph' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x10, ['pointer64', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaLastRangeIndex' : [ 0x18, ['unsigned long']],
+    'NumaMemoryRanges' : [ 0x20, ['pointer64', ['_HAL_NODE_RANGE']]],
+    'NumaTableCaptured' : [ 0x28, ['unsigned char']],
+    'NodeShift' : [ 0x29, ['unsigned char']],
+    'ChannelMemoryRanges' : [ 0x30, ['pointer64', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'ChannelShift' : [ 0x38, ['unsigned char']],
+    'SecondLevelCacheSize' : [ 0x3c, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x40, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x44, ['unsigned long']],
+    'AllMainMemoryMustBeCached' : [ 0x48, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x50, ['unsigned long long']],
+    'SecondaryColorMask' : [ 0x58, ['unsigned long']],
+    'SecondaryColors' : [ 0x5c, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x60, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x64, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x68, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x6c, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x70, ['unsigned long long']],
+    'ZeroCostCounts' : [ 0x78, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'PrimaryPfns' : [ 0x98, ['unsigned long long']],
+    'HighestPossiblePhysicalPage' : [ 0xa0, ['unsigned long long']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
+} ],
+  '__unnamed_231c' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_231c']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5b0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xe0, ['_CONTEXT']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x10, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x2c0, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long long']],
+    'AvailableSystemCacheVa' : [ 0x8, ['unsigned long long']],
+    'DynamicBitMapSystemPtes' : [ 0x10, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapDriverImages' : [ 0x60, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapPagedPool' : [ 0x100, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSpecialPool' : [ 0x150, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSystemCache' : [ 0x1a0, ['_MI_DYNAMIC_BITMAP']],
+    'WorkingSetListHashStart' : [ 0x1f0, ['pointer64', ['_MMWSLE_HASH']]],
+    'WorkingSetListHashEnd' : [ 0x1f8, ['pointer64', ['_MMWSLE_HASH']]],
+    'WorkingSetListIndirectHashStart' : [ 0x200, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
+    'FreeSystemCacheVa' : [ 0x208, ['_KEVENT']],
+    'SystemVaLock' : [ 0x220, ['unsigned long long']],
+    'DeleteKvaLock' : [ 0x228, ['long']],
+    'FreeSystemCache' : [ 0x230, ['_MI_PTE_CHAIN_HEAD']],
+    'SystemCacheViewLock' : [ 0x248, ['unsigned long long']],
+    'UnusableWsles' : [ 0x250, ['array', 5, ['unsigned long long']]],
+    'PossibleWsles' : [ 0x278, ['array', 5, ['unsigned long long']]],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
+    'DirtyPages' : [ 0x0, ['unsigned long long']],
+    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
+    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x118, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x10, ['unsigned long']],
+    'InDebugger' : [ 0x14, ['long']],
+    'Pfns' : [ 0x18, ['array', 32, ['pointer64', ['void']]]],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x60, {
+    'ColorSeed' : [ 0x0, ['unsigned long']],
+    'CloneDereferenceEvent' : [ 0x8, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x20, ['_SLIST_HEADER']],
+    'SystemDllBase' : [ 0x30, ['pointer64', ['void']]],
+    'RotatingUniprocessorNumber' : [ 0x38, ['long']],
+    'CriticalSectionTimeout' : [ 0x40, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x48, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMWSLENTRY' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'HighActiveFlink' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'HighActiveBlink' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_COUNTDOWN' : [ 0x2, {
+    'SecondsLeft' : [ 0x0, ['unsigned char']],
+    'SecondsAssigned' : [ 0x1, ['unsigned char']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['unsigned long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
+    'NodeTargetCount' : [ 0x38, ['long']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_PEB32' : [ 0x460, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'SparePvoid0' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['unsigned long']],
+    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
+    'FlsBitmap' : [ 0x218, ['unsigned long']],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pUnused' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['LIST_ENTRY32']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['unsigned long']]],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x10, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_MI_SESSION_STATE' : [ 0x88, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'CodePageEdited' : [ 0x20, ['unsigned char']],
+    'DynamicVaBitBuffer' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'DynamicVaBitBufferPages' : [ 0x30, ['unsigned long long']],
+    'DynamicPoolBitBuffer' : [ 0x38, ['pointer64', ['unsigned long']]],
+    'DynamicVaStart' : [ 0x40, ['pointer64', ['void']]],
+    'DynamicPtesBitBuffer' : [ 0x48, ['pointer64', ['unsigned long']]],
+    'IdLock' : [ 0x50, ['_EX_PUSH_LOCK']],
+    'DetachTimeStamp' : [ 0x58, ['unsigned long']],
+    'LeaderProcess' : [ 0x60, ['pointer64', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x70, ['pointer64', ['_MMWSL']]],
+    'WsHashStart' : [ 0x78, ['pointer64', ['_MMWSLE_HASH']]],
+    'WsHashEnd' : [ 0x80, ['pointer64', ['_MMWSLE_HASH']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+  '_MMSESSION' : [ 0x20, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x8, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x10, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x18, ['unsigned long']],
+    'BitmapFailures' : [ 0x1c, ['unsigned long']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x260, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x250, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x258, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x8, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_23a3' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0x158, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_23a3']],
+    'ReferenceCount' : [ 0x8, ['unsigned long long']],
+    'ParentPartition' : [ 0x10, ['pointer64', ['_MI_PARTITION']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeInformation' : [ 0x28, ['pointer64', ['_MI_NODE_INFORMATION']]],
+    'MdlPhysicalMemoryBlock' : [ 0x30, ['pointer64', ['_MDL']]],
+    'MemoryNodeRuns' : [ 0x38, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x40, ['unsigned long long']],
+    'PfnUnmapWorkItem' : [ 0x48, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapActive' : [ 0x68, ['unsigned char']],
+    'PfnUnmapCount' : [ 0x70, ['unsigned long long']],
+    'PfnUnmapWaitList' : [ 0x78, ['pointer64', ['void']]],
+    'MemoryRuns' : [ 0x80, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x88, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0xa0, ['array', 5, ['pointer64', ['void']]]],
+    'PartitionObject' : [ 0xc8, ['pointer64', ['void']]],
+    'PartitionObjectHandle' : [ 0xd0, ['pointer64', ['void']]],
+    'DynamicMemoryPushLock' : [ 0xd8, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0xe0, ['long']],
+    'TemporaryMemoryEvent' : [ 0xe8, ['_KEVENT']],
+    'MemoryEvents' : [ 0x100, ['array', 11, ['pointer64', ['_KEVENT']]]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x2d0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x60, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0xc0, ['unsigned long long']],
+    'NumberOfMappedMdlsInUse' : [ 0xc8, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0xcc, ['unsigned long']],
+    'MappedFileHeader' : [ 0xd0, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0xf8, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0xf9, ['unsigned char']],
+    'TransitionInserted' : [ 0xfa, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0xfc, ['long']],
+    'LastMappedWriteError' : [ 0x100, ['long']],
+    'MappedFileWriteSucceeded' : [ 0x104, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0x108, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0x10c, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0x110, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0x128, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0x130, ['unsigned long long']],
+    'ModifiedPageWriterEvent' : [ 0x138, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0x150, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0x168, ['long']],
+    'WriteAllMappedPages' : [ 0x16c, ['long']],
+    'MappedPageWriterEvent' : [ 0x170, ['_KEVENT']],
+    'ModWriteData' : [ 0x188, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x1c8, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x1e0, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x208, ['pointer64', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x210, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x218, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x238, ['unsigned long']],
+    'ClusterWritesDisabled' : [ 0x23c, ['array', 2, ['long']]],
+    'NotifyStoreMemoryConditions' : [ 0x248, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x260, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x264, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x268, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x270, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x290, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x298, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x2b8, ['long']],
+    'WorkingSetSwapLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x2c8, ['long']],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_KPRIQUEUE' : [ 0x2b0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x298, ['unsigned long']],
+    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_23c0' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x538, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long long']]],
+    'LargePages' : [ 0x10, ['array', 2, ['array', 2, ['array', 4, ['_LIST_ENTRY']]]]],
+    'LargePagesCount' : [ 0x110, ['array', 2, ['array', 2, ['array', 4, ['unsigned long long']]]]],
+    'StandbyPageList' : [ 0x190, ['array', 4, ['array', 8, ['_MMPFNLIST_SHORT']]]],
+    'FreeCount' : [ 0x490, ['array', 2, ['unsigned long long']]],
+    'TotalPages' : [ 0x4a0, ['array', 4, ['unsigned long long']]],
+    'TotalPagesEntireNode' : [ 0x4c0, ['unsigned long long']],
+    'MmShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'Color' : [ 0x4cc, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x4d0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'Flags' : [ 0x510, ['__unnamed_23c0']],
+    'NodeLock' : [ 0x518, ['_EX_PUSH_LOCK']],
+    'ChannelStatus' : [ 0x520, ['unsigned char']],
+    'ChannelOrdering' : [ 0x521, ['array', 4, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x525, ['array', 4, ['unsigned char']]],
+    'PowerAttribute' : [ 0x529, ['array', 4, ['unsigned char']]],
+    'LargePageLock' : [ 0x530, ['unsigned long long']],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_WAITING_IRP' : [ 0x38, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'Information' : [ 0x30, ['unsigned long']],
+    'BreakAllRH' : [ 0x34, ['unsigned char']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x8, ['pointer64', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x240, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'SchedulingGroupList' : [ 0x28, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x28, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x38, ['pointer64', ['_KDPC']]],
+    'ChildList' : [ 0x40, ['_LIST_ENTRY']],
+    'Parent' : [ 0x50, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned long long')]],
+    'ExecutePrivilege' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
+    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x28, ['unsigned char']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+} ],
+  '__unnamed_23f3' : [ 0x8, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_SECTION' : [ 0x40, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u1' : [ 0x28, ['__unnamed_23f3']],
+    'SizeOfSection' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_16ec']],
+    'InitialPageProtection' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x3c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SECTION_STATE' : [ 0x280, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionExtendLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'SectionExtendSetLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'SectionBasedRoot' : [ 0x18, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'UnusedSubsectionPagedPool' : [ 0x28, ['unsigned long long']],
+    'UnusedSegmentForceFree' : [ 0x30, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x34, ['unsigned long']],
+    'HighSectionBase' : [ 0x38, ['pointer64', ['void']]],
+    'PhysicalSubsection' : [ 0x40, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0xb0, ['_CONTROL_AREA']],
+    'DanglingExtentsPages' : [ 0x128, ['pointer64', ['_MMPFN']]],
+    'DanglingExtentsLock' : [ 0x130, ['long']],
+    'DanglingExtentsWorkItem' : [ 0x138, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsWorkerActive' : [ 0x158, ['unsigned char']],
+    'PageFileSectionHead' : [ 0x160, ['_RTL_AVL_TREE']],
+    'PageFileSectionListSpinLock' : [ 0x168, ['long']],
+    'SharedSegmentCharges' : [ 0x170, ['_MI_CROSS_PARTITION_CHARGES']],
+    'SharedPageCombineCharges' : [ 0x198, ['_MI_CROSS_PARTITION_CHARGES']],
+    'ImageBias' : [ 0x1c0, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0x1c8, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0x1d0, ['_RTL_BITMAP']],
+    'ImageBias64Low' : [ 0x1e0, ['unsigned long']],
+    'ImageBias64High' : [ 0x1e4, ['unsigned long']],
+    'ImageBitMap64Low' : [ 0x1e8, ['_RTL_BITMAP']],
+    'ImageBitMap64High' : [ 0x1f8, ['_RTL_BITMAP']],
+    'ImageBitMapWow64Dll' : [ 0x208, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0x218, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x220, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0x228, ['unsigned long long']],
+    'LostDataFiles' : [ 0x230, ['unsigned long']],
+    'LostDataPages' : [ 0x234, ['unsigned long']],
+    'ImageFailureReason' : [ 0x238, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x240, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x248, ['pointer64', ['_CONTROL_AREA']]],
+    'CfgBitMapSection64' : [ 0x250, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea64' : [ 0x258, ['pointer64', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x260, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x264, ['long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_2400' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2402' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2404' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2406' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_2404']],
+    'Translated' : [ 0x0, ['__unnamed_2402']],
+} ],
+  '__unnamed_2408' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_240a' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_240c' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_240e' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2410' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2412' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2414' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2416' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_2400']],
+    'Port' : [ 0x0, ['__unnamed_2400']],
+    'Interrupt' : [ 0x0, ['__unnamed_2402']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2406']],
+    'Memory' : [ 0x0, ['__unnamed_2400']],
+    'Dma' : [ 0x0, ['__unnamed_2408']],
+    'DmaV3' : [ 0x0, ['__unnamed_240a']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2219']],
+    'BusNumber' : [ 0x0, ['__unnamed_240c']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_240e']],
+    'Memory40' : [ 0x0, ['__unnamed_2410']],
+    'Memory48' : [ 0x0, ['__unnamed_2412']],
+    'Memory64' : [ 0x0, ['__unnamed_2414']],
+    'Connection' : [ 0x0, ['__unnamed_2225']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2416']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_241e' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_241e']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
+    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
+    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'SizeOfTable' : [ 0x14, ['unsigned long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x38, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'FirstPteForPagedPool' : [ 0x18, ['pointer64', ['_MMPTE']]],
+    'MaximumSize' : [ 0x20, ['unsigned long long']],
+    'PagedPoolHint' : [ 0x28, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x30, ['unsigned long long']],
+} ],
+  '__unnamed_2430' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x8, ['__unnamed_2430']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x18, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0x10, ['pointer64', ['unsigned long']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0x188, {
+    'Partition' : [ 0x0, ['pointer64', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0x18, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x40, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x48, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x58, ['unsigned long long']],
+    'CombinePageListHeads' : [ 0x60, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0x160, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_DEVICE' : [ 0x278, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DevNode' : [ 0x30, ['pointer64', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x50, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x58, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x68, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x70, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0xa8, ['pointer64', ['void']]],
+    'AcpiLink' : [ 0xb0, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0xc0, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0xd0, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0xf0, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x110, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0x148, ['unsigned long long']],
+    'IdleTimer' : [ 0x150, ['_KTIMER']],
+    'IdleDpc' : [ 0x190, ['_KDPC']],
+    'IdleTimeout' : [ 0x1d0, ['unsigned long long']],
+    'IdleStamp' : [ 0x1d8, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x1e0, ['array', 2, ['pointer64', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x1f0, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x1f8, ['array', 2, ['pointer64', ['void']]]],
+    'NextIrpCallerContext' : [ 0x208, ['array', 2, ['pointer64', ['void']]]],
+    'IrpCompleteEvent' : [ 0x218, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x230, ['pointer64', ['void']]],
+    'Accounting' : [ 0x238, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x268, ['unsigned long']],
+    'ComponentCount' : [ 0x26c, ['unsigned long']],
+    'Components' : [ 0x270, ['pointer64', ['pointer64', ['_POP_FX_COMPONENT']]]],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2458' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_245a' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2458']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x60, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x40, ['pointer64', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x48, ['_LIST_ENTRY']],
+    'Specific' : [ 0x58, ['__unnamed_245a']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x1a0, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+    'CrossPartition' : [ 0x18, ['_MI_PAGE_COMBINING_SUPPORT']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x30, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long long']],
+    'BadPagesDetected' : [ 0x8, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
+    'ScrubPasses' : [ 0x10, ['long']],
+    'ScrubBadPagesFound' : [ 0x14, ['long']],
+    'PageHashErrors' : [ 0x18, ['unsigned long']],
+    'FeatureBits' : [ 0x20, ['unsigned long long']],
+    'TimeZoneId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x68, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '_DELAY_ACK_FO' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x28, {
+    'CurrentCharges' : [ 0x0, ['unsigned long long']],
+    'ChargeFailures' : [ 0x8, ['unsigned long long']],
+    'ChargePeak' : [ 0x10, ['unsigned long long']],
+    'ChargeMinimum' : [ 0x18, ['unsigned long long']],
+    'ChargeMaximum' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x38, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long long']],
+    'TrimInProgressCount' : [ 0x8, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x10, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x28, ['array', 3, ['unsigned long']]],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SpareUlong' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_RESAVAIL_TRACKER' : [ 0x380, {
+    'AllocateKernelStack' : [ 0x0, ['unsigned long long']],
+    'AllocateGrowKernelStack' : [ 0x8, ['unsigned long long']],
+    'FreeKernelStack' : [ 0x10, ['unsigned long long']],
+    'FreeKernelStackError' : [ 0x18, ['unsigned long long']],
+    'FreeGrowKernelStackError' : [ 0x20, ['unsigned long long']],
+    'AllocateCreateProcess' : [ 0x28, ['unsigned long long']],
+    'FreeCreateProcessError' : [ 0x30, ['unsigned long long']],
+    'FreeDeleteProcess' : [ 0x38, ['unsigned long long']],
+    'FreeCleanProcess' : [ 0x40, ['unsigned long long']],
+    'FreeCleanProcessError' : [ 0x48, ['unsigned long long']],
+    'AllocateAddProcessWsMetaPage' : [ 0x50, ['unsigned long long']],
+    'AllocateWsIncrease' : [ 0x58, ['unsigned long long']],
+    'FreeWsIncreaseError' : [ 0x60, ['unsigned long long']],
+    'FreeWsIncreaseErrorMax' : [ 0x68, ['unsigned long long']],
+    'FreeWsDecrease' : [ 0x70, ['unsigned long long']],
+    'AllocateWorkingSetPage' : [ 0x78, ['unsigned long long']],
+    'FreeWorkingSetPageError' : [ 0x80, ['unsigned long long']],
+    'FreeDeletePteRange' : [ 0x88, ['unsigned long long']],
+    'AllocatePageTablesForProcessMetadata' : [ 0x90, ['unsigned long long']],
+    'FreePageTablesForProcessMetadataError2' : [ 0x98, ['unsigned long long']],
+    'AllocatePageTablesForSystem' : [ 0xa0, ['unsigned long long']],
+    'FreePageTablesExcess' : [ 0xa8, ['unsigned long long']],
+    'FreeSystemVaPageTables' : [ 0xb0, ['unsigned long long']],
+    'FreeSessionVaPageTables' : [ 0xb8, ['unsigned long long']],
+    'AllocateCreateSession' : [ 0xc0, ['unsigned long long']],
+    'FreeSessionWsDereference' : [ 0xc8, ['unsigned long long']],
+    'FreeSessionDereference' : [ 0xd0, ['unsigned long long']],
+    'AllocateLockedSessionImage' : [ 0xd8, ['unsigned long long']],
+    'FreeLockedSessionImage' : [ 0xe0, ['unsigned long long']],
+    'FreeSessionImageConversion' : [ 0xe8, ['unsigned long long']],
+    'AllocateWsAdjustPageTable' : [ 0xf0, ['unsigned long long']],
+    'FreeWsAdjustPageTable' : [ 0xf8, ['unsigned long long']],
+    'FreeWsAdjustPageTableError' : [ 0x100, ['unsigned long long']],
+    'AllocateNoLowMemory' : [ 0x108, ['unsigned long long']],
+    'AllocatePagedPoolLockedDown' : [ 0x110, ['unsigned long long']],
+    'FreePagedPoolLockedDown' : [ 0x118, ['unsigned long long']],
+    'AllocateSystemBitmaps' : [ 0x120, ['unsigned long long']],
+    'FreeSystemBitmapsError' : [ 0x128, ['unsigned long long']],
+    'AllocateForMdl' : [ 0x130, ['unsigned long long']],
+    'FreeFromMdl' : [ 0x138, ['unsigned long long']],
+    'AllocateForMdlPartition' : [ 0x140, ['unsigned long long']],
+    'FreeFromMdlPartition' : [ 0x148, ['unsigned long long']],
+    'FreeMdlExcess' : [ 0x150, ['unsigned long long']],
+    'AllocateExpansionNonPagedPool' : [ 0x158, ['unsigned long long']],
+    'FreeExpansionNonPagedPool' : [ 0x160, ['unsigned long long']],
+    'AllocateVad' : [ 0x168, ['unsigned long long']],
+    'RemoveVad' : [ 0x170, ['unsigned long long']],
+    'FreeVad' : [ 0x178, ['unsigned long long']],
+    'AllocateContiguous' : [ 0x180, ['unsigned long long']],
+    'FreeContiguousPages' : [ 0x188, ['unsigned long long']],
+    'FreeContiguousError' : [ 0x190, ['unsigned long long']],
+    'FreeLargePageMemory' : [ 0x198, ['unsigned long long']],
+    'AllocateSystemWsles' : [ 0x1a0, ['unsigned long long']],
+    'FreeSystemWsles' : [ 0x1a8, ['unsigned long long']],
+    'AllocateSystemInitWs' : [ 0x1b0, ['unsigned long long']],
+    'AllocateSessionInitWs' : [ 0x1b8, ['unsigned long long']],
+    'FreeSessionInitWsError' : [ 0x1c0, ['unsigned long long']],
+    'AllocateSystemImage' : [ 0x1c8, ['unsigned long long']],
+    'AllocateSystemImageLoad' : [ 0x1d0, ['unsigned long long']],
+    'AllocateSessionSharedImage' : [ 0x1d8, ['unsigned long long']],
+    'FreeSystemImageInitCode' : [ 0x1e0, ['unsigned long long']],
+    'FreeSystemImageLargePageConversion' : [ 0x1e8, ['unsigned long long']],
+    'FreeSystemImageError' : [ 0x1f0, ['unsigned long long']],
+    'FreeSystemImageLoadExcess' : [ 0x1f8, ['unsigned long long']],
+    'FreeUnloadSystemImage' : [ 0x200, ['unsigned long long']],
+    'FreeReloadBootImageLarge' : [ 0x208, ['unsigned long long']],
+    'FreeIndependent' : [ 0x210, ['unsigned long long']],
+    'AllocateHotRemove' : [ 0x218, ['unsigned long long']],
+    'FreeHotAdd' : [ 0x220, ['unsigned long long']],
+    'AllocateBoot' : [ 0x228, ['unsigned long long']],
+    'FreeLoaderBlock' : [ 0x230, ['unsigned long long']],
+    'AllocateNonPagedSpecialPool' : [ 0x238, ['unsigned long long']],
+    'FreeNonPagedSpecialPoolError' : [ 0x240, ['unsigned long long']],
+    'FreeNonPagedSpecialPool' : [ 0x248, ['unsigned long long']],
+    'AllocateSharedSegmentPage' : [ 0x250, ['unsigned long long']],
+    'FreeSharedSegmentPage' : [ 0x258, ['unsigned long long']],
+    'AllocateZeroPage' : [ 0x260, ['unsigned long long']],
+    'FreeZeroPage' : [ 0x268, ['unsigned long long']],
+    'AllocateForPo' : [ 0x270, ['unsigned long long']],
+    'AllocateForPoForce' : [ 0x278, ['unsigned long long']],
+    'FreeForPo' : [ 0x280, ['unsigned long long']],
+    'AllocateThreadHardFaultBehavior' : [ 0x288, ['unsigned long long']],
+    'FreeThreadHardFaultBehavior' : [ 0x290, ['unsigned long long']],
+    'ObtainFaultCharges' : [ 0x298, ['unsigned long long']],
+    'FreeFaultCharges' : [ 0x2a0, ['unsigned long long']],
+    'AllocateStoreCharges' : [ 0x2a8, ['unsigned long long']],
+    'FreeStoreCharges' : [ 0x2b0, ['unsigned long long']],
+    'ObtainLockedPageCharge' : [ 0x2c0, ['unsigned long long']],
+    'FreeLockedPageCharge' : [ 0x300, ['unsigned long long']],
+    'AllocateStore' : [ 0x308, ['unsigned long long']],
+    'FreeStore' : [ 0x310, ['unsigned long long']],
+    'AllocateSystemImageProtos' : [ 0x318, ['unsigned long long']],
+    'FreeSystemImageProtos' : [ 0x320, ['unsigned long long']],
+    'AllocateModWriterCharge' : [ 0x328, ['unsigned long long']],
+    'FreeModWriterCharge' : [ 0x330, ['unsigned long long']],
+    'AllocateMappedWriterCharge' : [ 0x338, ['unsigned long long']],
+    'FreeMappedWriterCharge' : [ 0x340, ['unsigned long long']],
+    'AllocateRegistryCharges' : [ 0x348, ['unsigned long long']],
+    'FreeRegistryCharges' : [ 0x350, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x38, ['long']],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x10, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x8, ['long']],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '__unnamed_24ce' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_24d0' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_24d2' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_24d4' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_24ce']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_24d0']],
+    'Raw' : [ 0x0, ['__unnamed_24d2']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DirtyVectorModified', 1: 'DirtyDataCaptureStart', 2: 'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0xc, ['__unnamed_24d4']],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0x1a0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x10, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x40, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x70, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedBitMapMaximum' : [ 0xb0, ['unsigned long long']],
+    'DynamicBitMapNonPagedPool' : [ 0xb8, ['_MI_DYNAMIC_BITMAP']],
+    'NonPagedPoolLowestPage' : [ 0x108, ['unsigned long long']],
+    'NonPagedPoolHighestPage' : [ 0x110, ['unsigned long long']],
+    'AllocatedNonPagedPool' : [ 0x118, ['unsigned long long']],
+    'PartialLargePoolRegions' : [ 0x120, ['unsigned long long']],
+    'PagesInPartialLargePoolRegions' : [ 0x128, ['unsigned long long']],
+    'CachedNonPagedPoolCount' : [ 0x130, ['unsigned long long']],
+    'NonPagedPoolSpinLock' : [ 0x138, ['unsigned long long']],
+    'CachedNonPagedPool' : [ 0x140, ['pointer64', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x148, ['pointer64', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x150, ['pointer64', ['void']]],
+    'NonPagedBitMap' : [ 0x158, ['array', 3, ['_RTL_BITMAP_EX']]],
+    'NonPagedHint' : [ 0x188, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LockState' : [ 0x0, ['pointer64', ['void']]],
+    'SessionState' : [ 0x8, ['pointer64', ['void']]],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'SessionPad' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_24e4' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x80, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_24e4']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'EvictionThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x28, ['_KEVENT']],
+    'EvictFlushCompleteEvent' : [ 0x40, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x60, ['_SLIST_HEADER']],
+    'EvictFlushLock' : [ 0x70, ['long']],
+    'ModifiedWriteFailedBitmap' : [ 0x78, ['pointer64', ['_RTL_BITMAP']]],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x10, ['unsigned long']],
+    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['unsigned long']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x30, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Vad' : [ 0x20, ['pointer64', ['_MMVAD_SHORT']]],
+    'SubListIndex' : [ 0x28, ['unsigned short']],
+    'Hint' : [ 0x2a, ['unsigned short']],
+    'SetBits' : [ 0x2c, ['unsigned long']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
+    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '__unnamed_2522' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x110, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x58, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x68, ['array', 3, ['__unnamed_2522']]],
+    'WakeAlarmPaused' : [ 0xb0, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb8, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc0, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x28, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPending' : [ 0x2a, ['unsigned char']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['unsigned short']]],
+    'DriverName' : [ 0x50, ['pointer64', ['unsigned short']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e0, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x18, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0x10, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x28, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0x18, ['_RTL_BITMAP']],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x28, {
+    'NextEntry' : [ 0x0, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x410, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
+    'ProcessGroupId' : [ 0x408, ['unsigned long']],
+    'LoaderThreads' : [ 0x40c, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_LOCK_HEADER' : [ 0x20, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x8, ['unsigned long long']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+    'Valid' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MMSECTION_FLAGS2' : [ 0x4, {
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'NumberOfChildViews' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xe0, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+    'Xcr0' : [ 0xd8, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_PEB64' : [ 0x7a0, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'SparePvoid0' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['unsigned long long']],
+    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
+    'FlsBitmap' : [ 0x338, ['unsigned long long']],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pUnused' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['LIST_ENTRY64']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['unsigned long long']]],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MSUBSECTION' : [ 0x70, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x38, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_25ee' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x1f40, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_25ee']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
+    'NonPagablePages' : [ 0x28, ['unsigned long long']],
+    'CommittedPages' : [ 0x30, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x58, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x68, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x70, ['unsigned long']],
+    'AttachCount' : [ 0x74, ['unsigned long']],
+    'AttachGate' : [ 0x78, ['_KGATE']],
+    'WsListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0xc0, ['array', 21, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xb40, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xb60, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xb98, ['_MMSUPPORT']],
+    'Wsle' : [ 0xc90, ['pointer64', ['_MMWSLE']]],
+    'DriverUnload' : [ 0xc98, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PagedPool' : [ 0xcc0, ['_POOL_DESCRIPTOR']],
+    'PageDirectory' : [ 0x1e00, ['_MMPTE']],
+    'SessionVaLock' : [ 0x1e08, ['_EX_PUSH_LOCK']],
+    'DynamicVaBitMap' : [ 0x1e10, ['_RTL_BITMAP']],
+    'DynamicVaHint' : [ 0x1e20, ['unsigned long']],
+    'SpecialPool' : [ 0x1e28, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1e78, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x1e80, ['long']],
+    'PagedPoolPdeCount' : [ 0x1e84, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1e88, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1e8c, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1e90, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1ef0, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1ef8, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x1f00, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1f08, ['unsigned long long']],
+    'IoState' : [ 0x1f10, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1f14, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1f18, ['_KEVENT']],
+    'ServerSilo' : [ 0x1f30, ['pointer64', ['_EJOB']]],
+    'CreateTime' : [ 0x1f38, ['unsigned long long']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x60, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x20, ['unsigned long long']],
+    'ActualExpansion' : [ 0x28, ['unsigned long long']],
+    'Event' : [ 0x30, ['_KEVENT']],
+    'InProgress' : [ 0x48, ['long']],
+    'u' : [ 0x4c, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+    'ActiveEntry' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'AttemptForCantExtend' : [ 0x58, ['unsigned char']],
+    'PageFileContract' : [ 0x59, ['unsigned char']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '__unnamed_25ff' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_2603' : [ 0x8, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x88, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x40, ['__unnamed_25ff']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u4' : [ 0x78, ['__unnamed_2603']],
+    'FileObject' : [ 0x80, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x8, ['long long']],
+    'SidCount' : [ 0x10, ['unsigned long']],
+    'SidValuesStart' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x60, {
+    'PartitionLock' : [ 0x0, ['unsigned long long']],
+    'PartitionIdLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x10, ['unsigned long long']],
+    'PartitionList' : [ 0x18, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x30, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x40, ['array', 1, ['pointer64', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x48, ['pointer64', ['pointer64', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x50, ['unsigned long long']],
+    'CrossPartitionDenials' : [ 0x58, ['unsigned long']],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x20, ['unsigned char']],
+    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
+    'OplockState' : [ 0x90, ['unsigned long']],
+    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
+} ],
+  '_MI_LARGEPAGE_MEMORY_INFO' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ColoredPageInfoBase' : [ 0x10, ['pointer64', ['_COLORED_PAGE_INFO']]],
+    'PagesNeedZeroing' : [ 0x18, ['unsigned long']],
+    'LargeImageBias' : [ 0x1c, ['unsigned char']],
+    'Spare' : [ 0x1d, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x20, ['unsigned long long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x90, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Foreground' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'WindowInformation' : [ 0x68, ['unsigned long']],
+    'PixelArea' : [ 0x6c, ['unsigned long']],
+    'PixelReportTimestamp' : [ 0x70, ['long long']],
+    'PixelTime' : [ 0x78, ['unsigned long long']],
+    'ForegroundReportTimestamp' : [ 0x80, ['long long']],
+    'ForegroundTime' : [ 0x88, ['unsigned long long']],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x98, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x8, ['unsigned long long']],
+    'DummyPagePfn' : [ 0x10, ['pointer64', ['_MMPFN']]],
+    'DummyPage' : [ 0x18, ['unsigned long long']],
+    'PageOfZeroes' : [ 0x20, ['unsigned long long']],
+    'ZeroMapping' : [ 0x28, ['pointer64', ['void']]],
+    'OnesMapping' : [ 0x30, ['pointer64', ['void']]],
+    'BitmapGapFrames' : [ 0x38, ['array', 4, ['unsigned long long']]],
+    'PfnGapFrames' : [ 0x58, ['array', 4, ['unsigned long long']]],
+    'PageTableOfZeroes' : [ 0x78, ['unsigned long long']],
+    'PdeOfZeroes' : [ 0x80, ['_MMPTE']],
+    'PageTableOfOnes' : [ 0x88, ['unsigned long long']],
+    'PdeOfOnes' : [ 0x90, ['_MMPTE']],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_MMPFNLIST_SHORT' : [ 0x18, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Flink' : [ 0x8, ['unsigned long long']],
+    'Blink' : [ 0x10, ['unsigned long long']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_MI_VAD_ALLOCATION_CELL' : [ 0x28, {
+    'AllocationBitMap' : [ 0x0, ['_RTL_BITMAP']],
+    'BitMapHint' : [ 0x10, ['unsigned long']],
+    'LastAllocationSize' : [ 0x14, ['unsigned long']],
+    'LastAllocationSizeHint' : [ 0x18, ['unsigned long']],
+    'LowestBottomUpVadBit' : [ 0x1c, ['unsigned long']],
+    'LowestBottomUpAllocationAddress' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x28, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
+    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
+    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2647' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x78, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x20, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x28, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x30, ['unsigned long long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x38, ['unsigned long long']],
+    'MdlHack' : [ 0x40, ['__unnamed_2647']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x190, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'ProcessorCount' : [ 0xc0, ['unsigned long']],
+    'Class' : [ 0xc4, ['unsigned char']],
+    'Spare' : [ 0xc5, ['array', 3, ['unsigned char']]],
+    'Processors' : [ 0xc8, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0xd0, ['pointer64', ['void']]],
+    'TimeWindowHandler' : [ 0xd8, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0xe0, ['pointer64', ['void']]],
+    'BoostModeHandler' : [ 0xe8, ['pointer64', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0xf0, ['pointer64', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0xf8, ['pointer64', ['void']]],
+    'AutonomousModeHandler' : [ 0x100, ['pointer64', ['void']]],
+    'ReinitializeHandler' : [ 0x108, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x110, ['pointer64', ['void']]],
+    'PerfControlHandler' : [ 0x118, ['pointer64', ['void']]],
+    'MaxFrequency' : [ 0x120, ['unsigned long']],
+    'NominalFrequency' : [ 0x124, ['unsigned long']],
+    'MaxPercent' : [ 0x128, ['unsigned long']],
+    'MinPerfPercent' : [ 0x12c, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x130, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x138, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x140, ['unsigned long long']],
+    'Coordination' : [ 0x148, ['unsigned char']],
+    'HardPlatformCap' : [ 0x149, ['unsigned char']],
+    'AffinitizeControl' : [ 0x14a, ['unsigned char']],
+    'EfficientThrottle' : [ 0x14b, ['unsigned char']],
+    'AutonomousMode' : [ 0x14c, ['unsigned char']],
+    'SelectedPercent' : [ 0x150, ['unsigned long']],
+    'SelectedFrequency' : [ 0x154, ['unsigned long']],
+    'DesiredPercent' : [ 0x158, ['unsigned long']],
+    'MaxPolicyPercent' : [ 0x15c, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x160, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0x164, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0x168, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x16c, ['unsigned long']],
+    'TolerancePercent' : [ 0x170, ['unsigned long']],
+    'SelectedState' : [ 0x178, ['unsigned long long']],
+    'PerfChangeTime' : [ 0x180, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x188, ['unsigned long']],
+    'Force' : [ 0x18c, ['unsigned char']],
+    'ProvideGuidance' : [ 0x18d, ['unsigned char']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_TABLE' : [ 0x800, {
+    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x8, ['pointer64', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x10, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_RELATION_LIST' : [ 0x10, {
+    'DeviceObjectList' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x8, ['unsigned char']],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MI_STANDBY_STATE' : [ 0xc0, {
+    'TransitionSharedPages' : [ 0x0, ['unsigned long long']],
+    'TransitionSharedPagesPeak' : [ 0x8, ['array', 3, ['unsigned long long']]],
+    'FirstDecayPage' : [ 0x20, ['unsigned long long']],
+    'PfnDecayFreeSList' : [ 0x30, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x40, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x48, ['_KDPC']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'Enabled' : [ 0x8, ['unsigned long']],
+    'DisableAccessLogging' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'MinLoggingPriority' : [ 0x30, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x18, {
+    'QueueHead' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueTail' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x10, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0x40, ['_RTL_BITMAP']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
+    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x18, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '__unnamed_2691' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2695' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_2691']],
+    'Bits' : [ 0x4, ['__unnamed_2695']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'DataLow' : [ 0x0, ['long long']],
+    'DataHigh' : [ 0x8, ['long long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_FAST_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x80, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x10, ['short']],
+    'SpecialApcDisable' : [ 0x12, ['short']],
+    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
+    'Irql' : [ 0x14, ['unsigned char']],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_DYNAMIC_FUNCTION_TABLE' : [ 0x58, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
+    'MinimumAddress' : [ 0x20, ['unsigned long long']],
+    'MaximumAddress' : [ 0x28, ['unsigned long long']],
+    'BaseAddress' : [ 0x30, ['unsigned long long']],
+    'Callback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['unsigned short']]],
+    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'RF_SORTED', 1: 'RF_UNSORTED', 2: 'RF_CALLBACK', 3: 'RF_KERNEL_DYNAMIC'})]],
+    'EntryCount' : [ 0x54, ['unsigned long']],
+} ],
+  '_SEP_LOWBOX_HANDLES_TABLE' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_26b7' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_26b9' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_26b7']],
+    'Button' : [ 0x10, ['__unnamed_26b9']],
+} ],
+  '_KDPC_DATA' : [ 0x28, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_KSCB' : [ 0x198, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x70, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x70, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x70, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x70, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x70, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare1' : [ 0x70, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x71, ['unsigned char']],
+    'ReadySummary' : [ 0x72, ['unsigned short']],
+    'Rank' : [ 0x74, ['unsigned long']],
+    'ReadyListHead' : [ 0x78, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0x178, ['_RTL_RB_TREE']],
+    'Parent' : [ 0x188, ['pointer64', ['_KSCB']]],
+    'Root' : [ 0x190, ['pointer64', ['_KSCB']]],
+} ],
+  '__unnamed_26c8' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_26c9' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_26c8']],
+    'Merged' : [ 0x10, ['__unnamed_26c9']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x68, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x18, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x1c, ['long']],
+    'FirstReservedZeroingPte' : [ 0x20, ['pointer64', ['_MMPTE']]],
+    'RebalanceZeroFreeWorkItem' : [ 0x28, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x48, ['long']],
+    'Gate' : [ 0x50, ['_KGATE']],
+} ],
+  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
+    'BeginAddress' : [ 0x0, ['unsigned long']],
+    'EndAddress' : [ 0x4, ['unsigned long']],
+    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
+    'UnwindData' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_26d8' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_26d8']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Processors' : [ 0x8, ['unsigned long']],
+    'ActiveProcessors' : [ 0xc, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_26f0' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_26f2' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_26f0']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x110, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_26f2']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'PoolPageHeaders' : [ 0x30, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x40, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x50, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x54, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x5c, ['unsigned long']],
+    'PagedBytes' : [ 0x60, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x70, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x80, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x84, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x88, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x8c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x90, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x94, ['unsigned long']],
+    'LockedBytes' : [ 0x98, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xa0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xc0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xd0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xe8, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0xf8, ['unsigned long']],
+    'ExecutePageProtections' : [ 0xfc, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x100, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x104, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x108, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x58, {
+    'Sibling' : [ 0x0, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x78, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
+    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
+    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned long']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0xc0, {
+    'FixupLock' : [ 0x0, ['long']],
+    'FixupList' : [ 0x8, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x18, ['_KMUTANT']],
+    'FirstLoadEver' : [ 0x50, ['unsigned char']],
+    'LargePageAll' : [ 0x51, ['unsigned char']],
+    'LastPage' : [ 0x58, ['unsigned long long']],
+    'LargePageList' : [ 0x60, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x70, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x80, ['array', 2, ['pointer64', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x90, ['unsigned long long']],
+    'PageCounts' : [ 0x98, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0xa8, ['_EX_PUSH_LOCK']],
+    'ErrataPte' : [ 0xb0, ['pointer64', ['_MMPTE']]],
+    'ErrataPteMapped' : [ 0xb8, ['unsigned long']],
+} ],
+  '_PTE_TRACKER' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x4, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'IsInTempBin' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2724' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x10, ['pointer64', ['void']]],
+    'ExceptionTableSize' : [ 0x18, ['unsigned long']],
+    'GpValue' : [ 0x20, ['pointer64', ['void']]],
+    'NonPagedDebugInfo' : [ 0x28, ['pointer64', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'u1' : [ 0x6e, ['__unnamed_2724']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x7c, ['unsigned long']],
+    'CoverageSection' : [ 0x80, ['pointer64', ['void']]],
+    'LoadedImports' : [ 0x88, ['pointer64', ['void']]],
+    'Spare' : [ 0x90, ['pointer64', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x98, ['unsigned long']],
+    'TimeDateStamp' : [ 0x9c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
+    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'Scaling' : [ 0x22, ['unsigned char']],
+    'Context' : [ 0x28, ['unsigned long long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x50, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x8, ['long']],
+    'PrefetchSeekThreshold' : [ 0xc, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x30, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x34, ['unsigned long']],
+    'DelayPageFaults' : [ 0x38, ['long']],
+    'FileCompressionBoundary' : [ 0x3c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x40, ['unsigned char']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x28, {
+    'BlockOffset' : [ 0x0, ['unsigned long long']],
+    'PermanentBinAddress' : [ 0x8, ['unsigned long long']],
+    'TemporaryBinAddress' : [ 0x10, ['unsigned long long']],
+    'TemporaryBinRundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+    'MemAlloc' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x28, ['unsigned char']],
+    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x400, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x270, ['unsigned long']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2753' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2756' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x1b0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Event' : [ 0x20, ['_KEVENT']],
+    'CollidedEvent' : [ 0x38, ['_KEVENT']],
+    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
+    'ApcState' : [ 0x68, ['_KAPC_STATE']],
+    'Thread' : [ 0x98, ['pointer64', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0xa0, ['pointer64', ['_MMPFN']]],
+    'PteContents' : [ 0xa8, ['_MMPTE']],
+    'WaitCount' : [ 0xb0, ['long']],
+    'ByteCount' : [ 0xb4, ['unsigned long']],
+    'u3' : [ 0xb8, ['__unnamed_2753']],
+    'u1' : [ 0xbc, ['__unnamed_2756']],
+    'FilePointer' : [ 0xc0, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xc8, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0xc8, ['pointer64', ['_SUBSECTION']]],
+    'Autoboost' : [ 0xd0, ['pointer64', ['void']]],
+    'FaultingAddress' : [ 0xd8, ['pointer64', ['void']]],
+    'PointerPte' : [ 0xe0, ['pointer64', ['_MMPTE']]],
+    'BasePte' : [ 0xe8, ['pointer64', ['_MMPTE']]],
+    'Pfn' : [ 0xf0, ['pointer64', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0xf8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0x100, ['_MDL']],
+    'Page' : [ 0x130, ['array', 16, ['unsigned long long']]],
+    'FlowThrough' : [ 0x130, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x20, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'PaddingFor16ByteAlignment' : [ 0x8, ['unsigned long long']],
+    'CloneCommitCount' : [ 0x10, ['unsigned long long']],
+    'u1' : [ 0x10, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0x18, ['unsigned long long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1', 19: 'NotifyTransportRelationsChange', 20: 'NotifyEjectionRelationsChange', 21: 'ConfigureDevice', 22: 'ConfigureDeviceClass', 23: 'ConfigureDeviceExtensions', 24: 'ConfigureDeviceReset'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+    'ActivityId' : [ 0x38, ['_GUID']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'LowboxNumber' : [ 0x28, ['unsigned long']],
+    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x20, ['pointer64', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x28, ['long']],
+    'Active' : [ 0x2c, ['long']],
+    'FreeWhenDone' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_CFG_BITMAP_INFO' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'RegionSize' : [ 0x8, ['unsigned long long']],
+    'BitmapVad' : [ 0x10, ['pointer64', ['_MMVAD']]],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x80, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x48, ['pointer64', ['_ETHREAD']]],
+    'MirroringActive' : [ 0x50, ['unsigned long']],
+    'MirrorBitMaps' : [ 0x58, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'CrashDumpPte' : [ 0x78, ['pointer64', ['_MMPTE']]],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x30, ['pointer64', ['void']]],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'Index' : [ 0x60, ['unsigned short']],
+    'Flags' : [ 0x62, ['unsigned char']],
+    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'EnableMask' : [ 0x63, ['unsigned char']],
+    'GroupEnableMask' : [ 0x64, ['unsigned char']],
+    'UseDescriptorType' : [ 0x65, ['unsigned char']],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_HVIEW_MAP_PIN_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x40, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x3c, ['unsigned long']],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x60, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x8, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 59, native_type='unsigned long long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x118, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x90, ['pointer64', ['void']]],
+    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0xb0, ['pointer64', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
+    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
+    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0xf8, ['unsigned long long']],
+    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
+    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: 'LoadReasonStaticDependency', 1: 'LoadReasonStaticForwarderDependency', 2: 'LoadReasonDynamicForwarderDependency', 3: 'LoadReasonDelayloadDependency', 4: 'LoadReasonDynamicLoad', 5: 'LoadReasonAsImageLoad', 6: 'LoadReasonAsDataLoad', -1: 'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
+    'ReferenceCount' : [ 0x114, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'AllStacksInUse' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_DRIVER_VA' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'Hint' : [ 0x20, ['unsigned long']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x50, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0x18, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x1c, ['unsigned long']],
+    'LowestLink' : [ 0x20, ['unsigned long']],
+    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
+    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'LdrModulesPlaceHolder', 1: 'LdrModulesMapping', 2: 'LdrModulesMapped', 3: 'LdrModulesWaitingForDependencies', 4: 'LdrModulesSnapping', 5: 'LdrModulesSnapped', 6: 'LdrModulesCondensed', 7: 'LdrModulesReadyToInit', 8: 'LdrModulesInitializing', 9: 'LdrModulesReadyToRun', '\xfb': 'LdrModulesMerged', '\xfd': 'LdrModulesSnapError', '\xfc': 'LdrModulesInitError', -1: 'LdrModulesUnloading', '\xfe': 'LdrModulesUnloaded'})]],
+    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x48, ['unsigned long']],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1d0, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x1a8, ['_LIST_ENTRY']],
+    'Status' : [ 0x1b8, ['long']],
+    'FailedDevice' : [ 0x1c0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1c8, ['unsigned char']],
+    'Cancelled' : [ 0x1c9, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1ca, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1cb, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x10, {
+    'PreferredMask' : [ 0x0, ['unsigned long long']],
+    'AvailableMask' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '__unnamed_27d1' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_27d3' : [ 0x4, {
+    'NumberOfChildViews' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_27d5' : [ 0x4, {
+    'AlignmentNoAccessPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0x18, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0x18, ['pointer64', ['_MI_SUBSECTION_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0x18, ['pointer64', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x20, ['__unnamed_27d1']],
+    'StartingSector' : [ 0x24, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x28, ['unsigned long']],
+    'PtesInSubsection' : [ 0x2c, ['unsigned long']],
+    'u1' : [ 0x30, ['__unnamed_27d3']],
+    'UnusedPtes' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u2' : [ 0x34, ['__unnamed_27d5']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0xf8, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xa8, ['_UNICODE_STRING']],
+    'Latency' : [ 0xb8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xbc, ['unsigned long']],
+    'Power' : [ 0xc0, ['unsigned long']],
+    'StateFlags' : [ 0xc4, ['unsigned long']],
+    'VetoAccounting' : [ 0xc8, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0xf0, ['unsigned char']],
+    'InterruptsEnabled' : [ 0xf1, ['unsigned char']],
+    'Interruptible' : [ 0xf2, ['unsigned char']],
+    'ContextRetained' : [ 0xf3, ['unsigned char']],
+    'CacheCoherent' : [ 0xf4, ['unsigned char']],
+    'WakesSpuriously' : [ 0xf5, ['unsigned char']],
+    'PlatformOnly' : [ 0xf6, ['unsigned char']],
+    'NoCState' : [ 0xf7, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'DeadPteTrackerSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x10, ['unsigned long long']],
+    'MdlTrackerLookaside' : [ 0x40, ['_NPAGED_LOOKASIDE_LIST']],
+    'PteTrackingBitmap' : [ 0xc0, ['_RTL_BITMAP_EX']],
+    'CachedPteHeads' : [ 0xd0, ['pointer64', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xd8, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPages' : [ 0x138, ['unsigned char']],
+    'QueuedStacks' : [ 0x140, ['_SLIST_HEADER']],
+    'StackGrowthFailures' : [ 0x150, ['unsigned long']],
+    'TrackPtesAborted' : [ 0x154, ['unsigned char']],
+    'AdjustCounter' : [ 0x155, ['unsigned char']],
+    'QueuedStacksWorkItem' : [ 0x158, ['_MI_QUEUED_DEADSTACK_WORKITEM']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x18, ['long']],
+    'HighWaterMark' : [ 0x1c, ['unsigned long']],
+    'Reserved' : [ 0x20, ['array', 8, ['unsigned long']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2805' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x20, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
+    'NodeCount' : [ 0x8, ['unsigned long long']],
+    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x18, ['unsigned long']],
+    'u1' : [ 0x1c, ['__unnamed_2805']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned char']],
+    'DripsRequiredState' : [ 0xc, ['unsigned long']],
+    'Level' : [ 0x10, ['long']],
+    'ActiveStamp' : [ 0x18, ['long long']],
+    'CsActiveTime' : [ 0x20, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x28, ['long long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x38, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ISR_THUNK' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x2b0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x100, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x60, ['long']],
+    'ActiveEvent' : [ 0x68, ['_KEVENT']],
+    'IdleLock' : [ 0x80, ['unsigned long long']],
+    'IdleConditionComplete' : [ 0x88, ['long']],
+    'IdleStateComplete' : [ 0x8c, ['long']],
+    'IdleStamp' : [ 0x90, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x98, ['unsigned long']],
+    'IdleStateCount' : [ 0x9c, ['unsigned long']],
+    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
+    'ProviderCount' : [ 0xac, ['unsigned long']],
+    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
+    'DependentCount' : [ 0xbc, ['unsigned long']],
+    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0xf8, ['pointer64', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x38, {
+    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
+    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
+    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
+    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
+    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
+    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
+    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PROVIDER_BINARY_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x10, ['unsigned char']],
+    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0x14, ['unsigned long']],
+    'DebugId' : [ 0x18, ['_CVDD']],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'StackLimitHits' : [ 0x8038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
+    'TotalReleases' : [ 0x8048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
+    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
+    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8168, ['long']],
+    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: 'BugcheckStackLimits', 1: 'DPCStackLimits', 2: 'ExpandedStackLimits', 3: 'NormalStackLimits', 4: 'Win32kStackLimits', 5: 'SwapBusyStackLimits', 6: 'IsrStackLimits', 7: 'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
+    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x40, {
+    'PagesLoad' : [ 0x0, ['long long']],
+    'PagesAverage' : [ 0x8, ['unsigned long long']],
+    'AverageAvailablePages' : [ 0x10, ['unsigned long long']],
+    'PagesWritten' : [ 0x18, ['unsigned long long']],
+    'WritesIssued' : [ 0x20, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x24, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x28, ['unsigned long']],
+    'WriteBurstCount' : [ 0x2c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x30, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x38, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x3e, ['unsigned short']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_UOW' : [ 0x60, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x50, ['unsigned long']],
+    'OldValueCell' : [ 0x50, ['unsigned long']],
+    'NewValueCell' : [ 0x54, ['unsigned long']],
+    'UserFlags' : [ 0x50, ['unsigned long']],
+    'LastWriteTime' : [ 0x50, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x50, ['unsigned long']],
+    'OldChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x58, ['unsigned long']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2880' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2882' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2880']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2882']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_2897' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_2897']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_HVIEW_MAP_ENTRY' : [ 0x20, {
+    'ViewStart' : [ 0x0, ['pointer64', ['void']]],
+    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Bcb' : [ 0x8, ['pointer64', ['void']]],
+    'PinnedPages' : [ 0x10, ['unsigned long long']],
+    'Size' : [ 0x18, ['unsigned long']],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Lock' : [ 0x20, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x38, ['pointer64', ['void']]],
+    'Enabled' : [ 0x40, ['unsigned char']],
+    'ActiveEngaged' : [ 0x41, ['unsigned char']],
+    'ThrottleLimit' : [ 0x42, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x43, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x48, ['pointer64', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Interface' : [ 0x58, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'HashKey' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x520, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x508, ['unsigned long']],
+    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x510, ['unsigned long']],
+    'YieldCount' : [ 0x514, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COLORED_PAGE_INFO' : [ 0x18, {
+    'BeingZeroed' : [ 0x0, ['long']],
+    'Processor' : [ 0x4, ['unsigned long']],
+    'PagesQueued' : [ 0x8, ['unsigned long long']],
+    'PfnAllocation' : [ 0x10, ['pointer64', ['_MMPFN']]],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_MI_POOL_STATE' : [ 0xf8, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long long']],
+    'NonPagedPoolSListMaximum' : [ 0x8, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x18, ['unsigned long long']],
+    'BadPoolHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x28, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x2c, ['unsigned char']],
+    'PoolFailures' : [ 0x30, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x54, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x80, ['unsigned long long']],
+    'HighPagedPoolThreshold' : [ 0x88, ['unsigned long long']],
+    'PagedPoolSListMaximum' : [ 0x90, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x94, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0xa8, ['unsigned long long']],
+    'SpecialPoolRejected' : [ 0xb0, ['array', 9, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0xd8, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0xe0, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0xe4, ['unsigned long']],
+    'TotalPagedPoolQuota' : [ 0xe8, ['unsigned long long']],
+    'TotalNonPagedPoolQuota' : [ 0xf0, ['unsigned long long']],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x13c, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'OffloadedAudio' : [ 0x12d, ['unsigned char']],
+    'NonOffloadedAudio' : [ 0x12e, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12f, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsUserAwaySetting' : [ 0x134, ['unsigned char']],
+    'WiFiInStandby' : [ 0x138, ['unsigned long']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_DEFERRED_WRITE' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2911' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2913' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2911']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2913']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x58, {
+    'IoPfnLock' : [ 0x0, ['unsigned long long']],
+    'IoPfnRoot' : [ 0x8, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x20, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x30, ['unsigned long']],
+    'IoCacheStats' : [ 0x38, ['_MI_IO_CACHE_STATS']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_VF_AVL_TABLE' : [ 0xc0, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['long']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DeviceNode' : [ 0x30, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '__unnamed_292f' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2931' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_2937' : [ 0x10, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer64', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_293b' : [ 0x10, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x8, ['unsigned char']],
+} ],
+  '__unnamed_293d' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_292f']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2931']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2937']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_293b']],
+    'Others' : [ 0x0, ['__unnamed_293d']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
+    'Function' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long long']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x78, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x70, ['pointer64', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x38, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ActiveCooling' : [ 0x28, ['pointer64', ['void']]],
+    'PassiveCooling' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x28, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_PROC_PERF_CHECK' : [ 0xc0, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'Snap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'TempSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'TaggedThreadPercent' : [ 0xb8, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0xba, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0xbb, ['unsigned char']],
+} ],
+  '__unnamed_2956' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2958' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_295a' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_2956']],
+    'Interrupt' : [ 0x0, ['__unnamed_2958']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_2958']],
+    'Sci' : [ 0x0, ['__unnamed_2958']],
+    'Nmi' : [ 0x0, ['__unnamed_2958']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_295a']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x1d0, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'VerifyKernelPhaseOnResume' : [ 0x3, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x4, ['unsigned char']],
+    'InitializationFinished' : [ 0x5, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x30, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x50, ['unsigned long']],
+    'ClonedPageCount' : [ 0x58, ['unsigned long long']],
+    'CurrentMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x68, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x70, ['unsigned long long']],
+    'LoaderMdl' : [ 0x78, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x80, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x88, ['unsigned long long']],
+    'IoPages' : [ 0x90, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x98, ['unsigned long']],
+    'CurrentMcb' : [ 0xa0, ['pointer64', ['void']]],
+    'DumpStack' : [ 0xa8, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0xb0, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0xb8, ['unsigned long']],
+    'Status' : [ 0xbc, ['long']],
+    'GraphicsProc' : [ 0xc0, ['unsigned long']],
+    'MemoryImage' : [ 0xc8, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0xd8, ['pointer64', ['_MDL']]],
+    'SiLogOffset' : [ 0xe0, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0xe8, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0xf0, ['pointer64', ['void']]],
+    'ResumeContext' : [ 0xf8, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0x100, ['unsigned long']],
+    'SecurePages' : [ 0x104, ['unsigned long']],
+    'ProcessorCount' : [ 0x108, ['unsigned long']],
+    'ProcessorContext' : [ 0x110, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0x118, ['pointer64', ['unsigned char']]],
+    'ProdConsSize' : [ 0x120, ['unsigned long']],
+    'MaxDataPages' : [ 0x124, ['unsigned long']],
+    'ExtraBuffer' : [ 0x128, ['pointer64', ['void']]],
+    'ExtraBufferSize' : [ 0x130, ['unsigned long long']],
+    'ExtraMapVa' : [ 0x138, ['pointer64', ['void']]],
+    'BitlockerKeyPFN' : [ 0x140, ['unsigned long long']],
+    'IoInfo' : [ 0x148, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x1b8, ['pointer64', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x1c0, ['unsigned long long']],
+    'HardwareConfigurationSignature' : [ 0x1c8, ['unsigned long']],
+    'IumEnabled' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0xa0, {
+    'Component' : [ 0x0, ['pointer64', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x8, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x30, ['pointer64', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x38, ['unsigned long']],
+    'LastChangeStamp' : [ 0x40, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x48, ['unsigned char']],
+    'PepRegistered' : [ 0x49, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x4a, ['unsigned char']],
+    'RequestDriverContext' : [ 0x50, ['pointer64', ['void']]],
+    'WorkOrder' : [ 0x58, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x90, ['unsigned long']],
+    'Sets' : [ 0x98, ['pointer64', ['_POP_FX_PERF_SET']]],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'MpnId' : [ 0x8, ['unsigned short']],
+    'Node' : [ 0xa, ['unsigned short']],
+    'Channel' : [ 0xc, ['unsigned short']],
+    'IsPowerManageable' : [ 0xe, ['unsigned char']],
+    'DeepPowerState' : [ 0xf, ['unsigned char']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x178, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
+    'PointersLength' : [ 0x118, ['unsigned long']],
+    'ModulePrefix' : [ 0x120, ['pointer64', ['unsigned short']]],
+    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x138, ['_STRING']],
+    'ProgMsg' : [ 0x148, ['_STRING']],
+    'DoneMsg' : [ 0x158, ['_STRING']],
+    'FileObject' : [ 0x168, ['pointer64', ['void']]],
+    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
+    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
+    'Code' : [ 0x20, ['unsigned long']],
+    'Parameter1' : [ 0x28, ['unsigned long long']],
+    'Parameter2' : [ 0x30, ['unsigned long long']],
+    'Parameter3' : [ 0x38, ['unsigned long long']],
+    'Parameter4' : [ 0x40, ['unsigned long long']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x48, {
+    'ViewOffset' : [ 0x0, ['unsigned long']],
+    'Pinned' : [ 0x4, ['unsigned char']],
+    'PinMask' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_299a' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_299a']],
+} ],
+  '__unnamed_299e' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_299e']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_SUBSECTION_WAIT_BLOCK' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_SUBSECTION_WAIT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x3b0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long long']],
+    'HiberFlags' : [ 0x38, ['unsigned char']],
+    'spare' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'NoFreePages' : [ 0x48, ['unsigned long']],
+    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
+    'WakeCheck' : [ 0x50, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
+    'FirstSecureRestorePage' : [ 0x60, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x68, ['unsigned long long']],
+    'FirstKernelRestorePage' : [ 0x70, ['unsigned long long']],
+    'FirstChecksumRestorePage' : [ 0x78, ['unsigned long long']],
+    'NoChecksumEntries' : [ 0x80, ['unsigned long long']],
+    'PerfInfo' : [ 0x88, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x268, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x270, ['array', 1, ['unsigned long long']]],
+    'SiLogOffset' : [ 0x278, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x27c, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x280, ['array', 24, ['unsigned long long']]],
+    'NotUsed' : [ 0x340, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x344, ['unsigned long']],
+    'ResumeContextPages' : [ 0x348, ['unsigned long']],
+    'Hiberboot' : [ 0x34c, ['unsigned char']],
+    'HvCr3' : [ 0x350, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x358, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x360, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x368, ['unsigned long long']],
+    'BootFlags' : [ 0x370, ['unsigned long long']],
+    'HalEntryPointPhysical' : [ 0x378, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x380, ['unsigned long long']],
+    'BitlockerKeyPfns' : [ 0x388, ['array', 4, ['unsigned long long']]],
+    'HardwareSignature' : [ 0x3a8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned short']],
+    'Flags' : [ 0x16, ['unsigned short']],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1e0, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x48, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x4c, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x50, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x58, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x60, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x68, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x78, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x80, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xc8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xd0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xd8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xe0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xe8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0xf0, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0xf8, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x100, ['unsigned long long']],
+    'IoBoundedness' : [ 0x108, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x110, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x118, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x120, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x128, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x130, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x138, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x140, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x148, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x150, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x158, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x160, ['unsigned long long']],
+    'AnimationStart' : [ 0x168, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x170, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x178, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x180, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x188, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x190, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x198, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1a0, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1a8, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1b0, ['unsigned long long']],
+    'BytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'PagesWritten' : [ 0x1c0, ['unsigned long']],
+    'FileRuns' : [ 0x1c4, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1c8, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1cc, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1d0, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1d8, ['unsigned long long']],
+} ],
+  '_MI_QUEUED_DEADSTACK_WORKITEM' : [ 0x28, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x38, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long long']]],
+    'InitialInPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x10, ['pointer64', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['_RTL_BALANCED_NODE']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
+    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
+    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'CopyTicks' : [ 0x20, ['unsigned long long']],
+    'CompressTicks' : [ 0x28, ['unsigned long long']],
+    'BytesCopied' : [ 0x30, ['unsigned long long']],
+    'PagesProcessed' : [ 0x38, ['unsigned long long']],
+    'DecompressTicks' : [ 0x40, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x78, ['unsigned long']],
+    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x20, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_MI_DYNAMIC_BITMAP' : [ 0x50, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'MaximumSize' : [ 0x10, ['unsigned long long']],
+    'Hint' : [ 0x18, ['unsigned long long']],
+    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
+    'SizeTopDown' : [ 0x28, ['unsigned long long']],
+    'HintTopDown' : [ 0x30, ['unsigned long long']],
+    'BaseVaTopDown' : [ 0x38, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+    'Vm' : [ 0x48, ['pointer64', ['_MMSUPPORT']]],
+} ],
+  '_POP_IO_INFO' : [ 0x70, {
+    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'IoReady', 1: 'IoPending', 2: 'IoDone'})]],
+    'IoStartCount' : [ 0x10, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
+    'RequestSize' : [ 0x28, ['unsigned long long']],
+    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x38, ['unsigned long long']],
+    'Buffer' : [ 0x40, ['pointer64', ['void']]],
+    'AsyncCapable' : [ 0x48, ['unsigned char']],
+    'BytesToRead' : [ 0x50, ['unsigned long long']],
+    'Pages' : [ 0x58, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x60, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x68, ['unsigned short']],
+} ],
+  '_LDRP_CSLIST' : [ 0x8, {
+    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer64', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '__unnamed_29dd' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_29df' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29e2' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_29e6' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'ApicDestinationModePhysical', 2: 'ApicDestinationModeLogicalFlat', 3: 'ApicDestinationModeLogicalClustered', 4: 'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x58, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptTypeControllerInput', 1: 'InterruptTypeXapicMessage', 2: 'InterruptTypeHypertransport', 3: 'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x38, ['__unnamed_29dd']],
+    'HvDeviceId' : [ 0x40, ['unsigned long long']],
+    'XapicMessage' : [ 0x48, ['__unnamed_29df']],
+    'Hypertransport' : [ 0x48, ['__unnamed_29e2']],
+    'GenericMessage' : [ 0x48, ['__unnamed_29df']],
+    'MessageRequest' : [ 0x48, ['__unnamed_29e6']],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_29f4' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['pointer64', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_29f6' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x30, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'Unit' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateUnitOther', 1: 'PoFxPerfStateUnitFrequency', 2: 'PoFxPerfStateUnitBandwidth', 3: 'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateTypeDiscrete', 1: 'PoFxPerfStateTypeRange', 2: 'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x20, ['__unnamed_29f4']],
+    'Range' : [ 0x20, ['__unnamed_29f6']],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2a07' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a09' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2a0b' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2a07']],
+    'Gpt' : [ 0x0, ['__unnamed_2a09']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
+    'HiberResume' : [ 0x6a, ['unsigned char']],
+    'Reserved1' : [ 0x6b, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_2a0b']],
+    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
+    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
+    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x20, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long long']],
+    'ActiveCacheMatch' : [ 0x8, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x14, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x30, ['unsigned short']],
+    'ReplyIndex' : [ 0x32, ['unsigned short']],
+    'Flags' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_KDPC_LIST' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x178, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'EtwNotificationTypeNoReply', 2: 'EtwNotificationTypeLegacyEnable', 3: 'EtwNotificationTypeEnable', 4: 'EtwNotificationTypePrivateLogger', 5: 'EtwNotificationTypePerflib', 6: 'EtwNotificationTypeAudio', 7: 'EtwNotificationTypeSession', 8: 'EtwNotificationTypeReserved', 9: 'EtwNotificationTypeCredentialUI', 10: 'EtwNotificationTypeInProcSession', 11: 'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '__unnamed_2a42' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a44' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2a42']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2a47' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a49' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2a47']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2a44']],
+    'HighPart' : [ 0x4, ['__unnamed_2a49']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '__unnamed_2a57' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x30, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SessionId' : [ 0x18, ['unsigned long']],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x20, ['pointer64', ['_MMPTE']]],
+    'u2' : [ 0x28, ['__unnamed_2a57']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2a5d' : [ 0x8, {
+    'MessageAddressLow' : [ 0x0, ['unsigned long']],
+    'MessageData' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+} ],
+  '__unnamed_2a5f' : [ 0x8, {
+    'RemappedFormat' : [ 0x0, ['_ULARGE_INTEGER']],
+    'Msi' : [ 0x0, ['__unnamed_2a5d']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_2a5f']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x8, ['pointer64', ['unsigned short']]],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+} ],
+}
diff --git a/volatility/plugins/overlays/windows/win10_x86_44B89EEA_vtypes.py b/volatility/plugins/overlays/windows/win10_x86_44B89EEA_vtypes.py
new file mode 100644
index 000000000..c81b1a604
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_44B89EEA_vtypes.py
@@ -0,0 +1,12767 @@
+ntkrpamp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'Reserved12' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'Reserved8' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_107d' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_107d']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1081' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1081']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_109c' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_109e' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_109c']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x4, ['pointer', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x8, ['pointer', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0xc, ['pointer', ['void']]],
+    'RaceDll' : [ 0x10, ['pointer', ['void']]],
+    'ActivationContext' : [ 0x14, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x18, ['pointer', ['void']]],
+    'u' : [ 0x1c, ['__unnamed_109e']],
+    'CallbackPriority' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x24, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x1c, ['pointer', ['void']]],
+    'ClientId' : [ 0x20, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['pointer', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x30, ['pointer', ['_PEB']]],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['pointer', ['void']]],
+    'Win32ThreadInfo' : [ 0x40, ['pointer', ['void']]],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['pointer', ['void']]],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['pointer', ['void']]]],
+    'SystemReserved1' : [ 0x10c, ['array', 38, ['pointer', ['void']]]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['pointer', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['pointer', ['void']]],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['pointer', ['void']]],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['pointer', ['void']]]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['pointer', ['void']]],
+    'glSectionInfo' : [ 0xbe0, ['pointer', ['void']]],
+    'glSection' : [ 0xbe4, ['pointer', ['void']]],
+    'glTable' : [ 0xbe8, ['pointer', ['void']]],
+    'glCurrentRC' : [ 0xbec, ['pointer', ['void']]],
+    'glContext' : [ 0xbf0, ['pointer', ['void']]],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['pointer', ['void']]],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['pointer', ['void']]]],
+    'TlsLinks' : [ 0xf10, ['_LIST_ENTRY']],
+    'Vdm' : [ 0xf18, ['pointer', ['void']]],
+    'ReservedForNtRpc' : [ 0xf1c, ['pointer', ['void']]],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['pointer', ['void']]]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['pointer', ['void']]]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['pointer', ['void']]],
+    'PerflibData' : [ 0xf64, ['pointer', ['void']]],
+    'EtwTraceData' : [ 0xf68, ['pointer', ['void']]],
+    'WinSockData' : [ 0xf6c, ['pointer', ['void']]],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['pointer', ['void']]],
+    'ReservedForOle' : [ 0xf80, ['pointer', ['void']]],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['pointer', ['void']]],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['pointer', ['void']]],
+    'TlsExpansionSlots' : [ 0xf94, ['pointer', ['pointer', ['void']]]],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['pointer', ['void']]],
+    'pShimData' : [ 0xfa4, ['pointer', ['void']]],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['pointer', ['void']]],
+    'ActiveFrame' : [ 0xfb0, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0xfb4, ['pointer', ['void']]],
+    'PreferredLanguages' : [ 0xfb8, ['pointer', ['void']]],
+    'UserPrefLanguages' : [ 0xfbc, ['pointer', ['void']]],
+    'MergedPrefLanguages' : [ 0xfc0, ['pointer', ['void']]],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['pointer', ['void']]],
+    'TxnScopeExitCallback' : [ 0xfd0, ['pointer', ['void']]],
+    'TxnScopeContext' : [ 0xfd4, ['pointer', ['void']]],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['pointer', ['void']]],
+    'ReservedForWdf' : [ 0xfe4, ['pointer', ['void']]],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x8, {
+    'Flink' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x4, {
+    'Next' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0xc, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0xc, {
+    'ChainHead' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x14, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0xc, ['pointer', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x24, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned short']]],
+} ],
+  '_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS' : [ 0xf8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0xc, {
+    'Children' : [ 0x0, ['array', 2, ['pointer', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x4, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x4a20, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'Used_ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Used_StackBase' : [ 0x4, ['pointer', ['void']]],
+    'MxCsr' : [ 0x8, ['unsigned long']],
+    'TssCopy' : [ 0xc, ['pointer', ['void']]],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'SetMemberCopy' : [ 0x14, ['unsigned long']],
+    'Used_Self' : [ 0x18, ['pointer', ['void']]],
+    'SelfPcr' : [ 0x1c, ['pointer', ['_KPCR']]],
+    'Prcb' : [ 0x20, ['pointer', ['_KPRCB']]],
+    'Irql' : [ 0x24, ['unsigned char']],
+    'IRR' : [ 0x28, ['unsigned long']],
+    'IrrActive' : [ 0x2c, ['unsigned long']],
+    'IDR' : [ 0x30, ['unsigned long']],
+    'KdVersionBlock' : [ 0x34, ['pointer', ['void']]],
+    'IDT' : [ 0x38, ['pointer', ['_KIDTENTRY']]],
+    'GDT' : [ 0x3c, ['pointer', ['_KGDTENTRY']]],
+    'TSS' : [ 0x40, ['pointer', ['_KTSS']]],
+    'MajorVersion' : [ 0x44, ['unsigned short']],
+    'MinorVersion' : [ 0x46, ['unsigned short']],
+    'SetMember' : [ 0x48, ['unsigned long']],
+    'StallScaleFactor' : [ 0x4c, ['unsigned long']],
+    'SpareUnused' : [ 0x50, ['unsigned char']],
+    'Number' : [ 0x51, ['unsigned char']],
+    'Spare0' : [ 0x52, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x53, ['unsigned char']],
+    'VdmAlert' : [ 0x54, ['unsigned long']],
+    'KernelReserved' : [ 0x58, ['array', 14, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0x90, ['unsigned long']],
+    'HalReserved' : [ 0x94, ['array', 16, ['unsigned long']]],
+    'InterruptMode' : [ 0xd4, ['unsigned long']],
+    'Spare1' : [ 0xd8, ['unsigned char']],
+    'KernelReserved2' : [ 0xdc, ['array', 17, ['unsigned long']]],
+    'PrcbData' : [ 0x120, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x4900, {
+    'MinorVersion' : [ 0x0, ['unsigned short']],
+    'MajorVersion' : [ 0x2, ['unsigned short']],
+    'CurrentThread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'NextThread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'IdleThread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'LegacyNumber' : [ 0x10, ['unsigned char']],
+    'NestingLevel' : [ 0x11, ['unsigned char']],
+    'BuildType' : [ 0x12, ['unsigned short']],
+    'CpuType' : [ 0x14, ['unsigned char']],
+    'CpuID' : [ 0x15, ['unsigned char']],
+    'CpuStep' : [ 0x16, ['unsigned short']],
+    'CpuStepping' : [ 0x16, ['unsigned char']],
+    'CpuModel' : [ 0x17, ['unsigned char']],
+    'ProcessorState' : [ 0x18, ['_KPROCESSOR_STATE']],
+    'ParentNode' : [ 0x338, ['pointer', ['_KNODE']]],
+    'PriorityState' : [ 0x33c, ['pointer', ['unsigned char']]],
+    'KernelReserved' : [ 0x340, ['array', 14, ['unsigned long']]],
+    'HalReserved' : [ 0x378, ['array', 16, ['unsigned long']]],
+    'CFlushSize' : [ 0x3b8, ['unsigned long']],
+    'CoresPerPhysicalProcessor' : [ 0x3bc, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x3bd, ['unsigned char']],
+    'CpuVendor' : [ 0x3be, ['unsigned char']],
+    'PrcbPad0' : [ 0x3bf, ['array', 1, ['unsigned char']]],
+    'MHz' : [ 0x3c0, ['unsigned long']],
+    'GroupIndex' : [ 0x3c4, ['unsigned char']],
+    'Group' : [ 0x3c5, ['unsigned char']],
+    'PrcbPad05' : [ 0x3c6, ['array', 2, ['unsigned char']]],
+    'GroupSetMember' : [ 0x3c8, ['unsigned long']],
+    'Number' : [ 0x3cc, ['unsigned long']],
+    'ClockOwner' : [ 0x3d0, ['unsigned char']],
+    'PendingTickFlags' : [ 0x3d1, ['unsigned char']],
+    'PendingTick' : [ 0x3d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x3d1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PrcbPad10' : [ 0x3d2, ['array', 70, ['unsigned char']]],
+    'LockQueue' : [ 0x418, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'InterruptCount' : [ 0x4a0, ['unsigned long']],
+    'KernelTime' : [ 0x4a4, ['unsigned long']],
+    'UserTime' : [ 0x4a8, ['unsigned long']],
+    'DpcTime' : [ 0x4ac, ['unsigned long']],
+    'DpcTimeCount' : [ 0x4b0, ['unsigned long']],
+    'InterruptTime' : [ 0x4b4, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4b8, ['unsigned long']],
+    'PageColor' : [ 0x4bc, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4c0, ['unsigned char']],
+    'NodeColor' : [ 0x4c1, ['unsigned char']],
+    'DeepSleep' : [ 0x4c2, ['unsigned char']],
+    'PrcbPad20' : [ 0x4c3, ['array', 5, ['unsigned char']]],
+    'NodeShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x4cc, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4d0, ['unsigned long']],
+    'PrcbPad21' : [ 0x4d4, ['array', 3, ['unsigned long']]],
+    'CcFastReadNoWait' : [ 0x4e0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x4e4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x4e8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x4ec, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x4f0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x4f4, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x4f8, ['long']],
+    'IoReadOperationCount' : [ 0x4fc, ['long']],
+    'IoWriteOperationCount' : [ 0x500, ['long']],
+    'IoOtherOperationCount' : [ 0x504, ['long']],
+    'IoReadTransferCount' : [ 0x508, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x510, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x518, ['_LARGE_INTEGER']],
+    'CcFastMdlReadNoWait' : [ 0x520, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x524, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x528, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x52c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x530, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x534, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x538, ['unsigned long']],
+    'CcPinReadWait' : [ 0x53c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x540, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x544, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x548, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x54c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x550, ['unsigned long']],
+    'CcDataFlushes' : [ 0x554, ['unsigned long']],
+    'CcDataPages' : [ 0x558, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x55c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x560, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x564, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x568, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x56c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x570, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x574, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x578, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x57c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x580, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x584, ['unsigned long']],
+    'KeAlignmentFixupCount' : [ 0x588, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x58c, ['unsigned long']],
+    'KeSystemCalls' : [ 0x590, ['unsigned long']],
+    'AvailableTime' : [ 0x594, ['unsigned long']],
+    'PrcbPad22' : [ 0x598, ['array', 2, ['unsigned long']]],
+    'PPLookasideList' : [ 0x5a0, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x620, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0xf20, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x1820, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x2120, ['long']],
+    'ReverseStall' : [ 0x2124, ['long']],
+    'IpiFrame' : [ 0x2128, ['pointer', ['void']]],
+    'PrcbPad3' : [ 0x212c, ['array', 52, ['unsigned char']]],
+    'CurrentPacket' : [ 0x2160, ['array', 3, ['pointer', ['void']]]],
+    'TargetSet' : [ 0x216c, ['unsigned long']],
+    'WorkerRoutine' : [ 0x2170, ['pointer', ['void']]],
+    'IpiFrozen' : [ 0x2174, ['unsigned long']],
+    'PrcbPad4' : [ 0x2178, ['array', 40, ['unsigned char']]],
+    'RequestSummary' : [ 0x21a0, ['unsigned long']],
+    'TargetCount' : [ 0x21a4, ['long']],
+    'PrcbPad50' : [ 0x21a8, ['array', 40, ['unsigned char']]],
+    'InterruptLastCount' : [ 0x21d0, ['unsigned long']],
+    'InterruptRate' : [ 0x21d4, ['unsigned long']],
+    'DeviceInterrupts' : [ 0x21d8, ['unsigned long']],
+    'IsrDpcStats' : [ 0x21dc, ['pointer', ['void']]],
+    'DpcData' : [ 0x21e0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2210, ['pointer', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2214, ['long']],
+    'DpcRequestRate' : [ 0x2218, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x221c, ['unsigned long']],
+    'DpcLastCount' : [ 0x2220, ['unsigned long']],
+    'PrcbLock' : [ 0x2224, ['unsigned long']],
+    'DpcGate' : [ 0x2228, ['_KGATE']],
+    'IdleState' : [ 0x2238, ['unsigned char']],
+    'QuantumEnd' : [ 0x2239, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x223a, ['unsigned char']],
+    'IdleSchedule' : [ 0x223b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x223c, ['long']],
+    'DpcRequestSlot' : [ 0x223c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x223c, ['short']],
+    'ThreadDpcState' : [ 0x223e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x223c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x223c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x223c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x223c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x223c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x223c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x223c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x223c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x223c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x223c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2240, ['unsigned long']],
+    'LastTick' : [ 0x2244, ['unsigned long']],
+    'PeriodicCount' : [ 0x2248, ['unsigned long']],
+    'PeriodicBias' : [ 0x224c, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2250, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2254, ['unsigned long']],
+    'GroupSchedulingOverQuota' : [ 0x2258, ['unsigned char']],
+    'ThreadDpcEnable' : [ 0x2259, ['unsigned char']],
+    'PrcbPad41' : [ 0x225a, ['array', 2, ['unsigned char']]],
+    'TimerTable' : [ 0x2260, ['_KTIMER_TABLE']],
+    'CallDpc' : [ 0x3aa0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x3ac0, ['long']],
+    'PrcbPad6' : [ 0x3ac4, ['array', 4, ['unsigned char']]],
+    'DpcWatchdogPeriod' : [ 0x3ac8, ['long']],
+    'DpcWatchdogCount' : [ 0x3acc, ['long']],
+    'KeSpinLockOrdering' : [ 0x3ad0, ['long']],
+    'PrcbPad70' : [ 0x3ad4, ['array', 1, ['unsigned long']]],
+    'QueueIndex' : [ 0x3ad8, ['unsigned long']],
+    'DeferredReadyListHead' : [ 0x3adc, ['_SINGLE_LIST_ENTRY']],
+    'ReadySummary' : [ 0x3ae0, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x3ae4, ['long']],
+    'WaitLock' : [ 0x3ae8, ['unsigned long']],
+    'WaitListHead' : [ 0x3aec, ['_LIST_ENTRY']],
+    'ScbOffset' : [ 0x3af4, ['unsigned long']],
+    'StartCycles' : [ 0x3af8, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x3b00, ['unsigned long long']],
+    'TaggedCycles' : [ 0x3b08, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x3b18, ['unsigned long long']],
+    'CycleTime' : [ 0x3b20, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x3b28, ['unsigned long long']],
+    'HighCycleTime' : [ 0x3b30, ['unsigned long']],
+    'Cycles' : [ 0x3b38, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad71' : [ 0x3b78, ['array', 10, ['unsigned long']]],
+    'DispatcherReadyListHead' : [ 0x3ba0, ['array', 32, ['_LIST_ENTRY']]],
+    'ChainedInterruptList' : [ 0x3ca0, ['pointer', ['void']]],
+    'LookasideIrpFloat' : [ 0x3ca4, ['long']],
+    'ScbQueue' : [ 0x3ca8, ['_RTL_RB_TREE']],
+    'ScbList' : [ 0x3cb0, ['_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x3cb8, ['long']],
+    'MmCopyOnWriteCount' : [ 0x3cbc, ['long']],
+    'MmTransitionCount' : [ 0x3cc0, ['long']],
+    'MmCacheTransitionCount' : [ 0x3cc4, ['long']],
+    'MmDemandZeroCount' : [ 0x3cc8, ['long']],
+    'MmPageReadCount' : [ 0x3ccc, ['long']],
+    'MmPageReadIoCount' : [ 0x3cd0, ['long']],
+    'MmCacheReadCount' : [ 0x3cd4, ['long']],
+    'MmCacheIoCount' : [ 0x3cd8, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x3cdc, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x3ce0, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x3ce4, ['long']],
+    'MmMappedWriteIoCount' : [ 0x3ce8, ['long']],
+    'CachedCommit' : [ 0x3cec, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x3cf0, ['unsigned long']],
+    'HyperPte' : [ 0x3cf4, ['pointer', ['void']]],
+    'PrcbPad8' : [ 0x3cf8, ['array', 4, ['unsigned char']]],
+    'VendorString' : [ 0x3cfc, ['array', 13, ['unsigned char']]],
+    'InitialApicId' : [ 0x3d09, ['unsigned char']],
+    'LogicalProcessorsPerPhysicalProcessor' : [ 0x3d0a, ['unsigned char']],
+    'PrcbPad9' : [ 0x3d0b, ['array', 1, ['unsigned char']]],
+    'FeatureBits' : [ 0x3d10, ['unsigned long long']],
+    'UpdateSignature' : [ 0x3d18, ['_LARGE_INTEGER']],
+    'IsrTime' : [ 0x3d20, ['unsigned long long']],
+    'PrcbPad90' : [ 0x3d28, ['array', 2, ['unsigned long']]],
+    'PowerState' : [ 0x3d30, ['_PROCESSOR_POWER_STATE']],
+    'PrcbPad91' : [ 0x3eb0, ['array', 17, ['unsigned long']]],
+    'DpcWatchdogDpc' : [ 0x3ef4, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x3f18, ['_KTIMER']],
+    'HypercallPageList' : [ 0x3f40, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x3f48, ['pointer', ['void']]],
+    'VirtualApicAssist' : [ 0x3f4c, ['pointer', ['void']]],
+    'StatisticsPage' : [ 0x3f50, ['pointer', ['unsigned long long']]],
+    'Cache' : [ 0x3f54, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x3f90, ['unsigned long']],
+    'PackageProcessorSet' : [ 0x3f94, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x3fa0, ['unsigned long']],
+    'SharedReadyQueue' : [ 0x3fa4, ['pointer', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x3fa8, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x3fac, ['unsigned long']],
+    'ScanSiblingMask' : [ 0x3fb0, ['unsigned long']],
+    'LLCMask' : [ 0x3fb4, ['unsigned long']],
+    'CacheProcessorMask' : [ 0x3fb8, ['array', 5, ['unsigned long']]],
+    'ScanSiblingIndex' : [ 0x3fcc, ['unsigned long']],
+    'WheaInfo' : [ 0x3fd0, ['pointer', ['void']]],
+    'EtwSupport' : [ 0x3fd4, ['pointer', ['void']]],
+    'InterruptObjectPool' : [ 0x3fd8, ['_SLIST_HEADER']],
+    'PrcbPad92' : [ 0x3fe0, ['array', 3, ['unsigned long']]],
+    'PteBitCache' : [ 0x3fec, ['unsigned long']],
+    'PteBitOffset' : [ 0x3ff0, ['unsigned long']],
+    'PrcbPad93' : [ 0x3ff4, ['unsigned long']],
+    'ProcessorProfileControlArea' : [ 0x3ff8, ['pointer', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x3ffc, ['pointer', ['void']]],
+    'TimerExpirationDpc' : [ 0x4000, ['_KDPC']],
+    'SynchCounters' : [ 0x4020, ['_SYNCH_COUNTERS']],
+    'FsCounters' : [ 0x40d8, ['_FILESYSTEM_DISK_COUNTERS']],
+    'Context' : [ 0x40e8, ['pointer', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x40ec, ['unsigned long']],
+    'ExtendedState' : [ 0x40f0, ['pointer', ['_XSAVE_AREA']]],
+    'EntropyTimingState' : [ 0x40f4, ['_KENTROPY_TIMING_STATE']],
+    'IsrStack' : [ 0x421c, ['pointer', ['void']]],
+    'VectorToInterruptObject' : [ 0x4220, ['array', 208, ['pointer', ['_KINTERRUPT']]]],
+    'AbSelfIoBoostsList' : [ 0x4560, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x4564, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x4568, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x4588, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x45dc, ['_IOP_IRP_STACK_PROFILER']],
+    'TimerExpirationTrace' : [ 0x4630, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x4730, ['unsigned long']],
+    'ExSaPageArray' : [ 0x4734, ['pointer', ['void']]],
+    'PrcbPad100' : [ 0x4738, ['array', 10, ['unsigned long']]],
+    'LocalSharedReadyQueue' : [ 0x4760, ['_KSHARED_READY_QUEUE']],
+    'PrcbPad95' : [ 0x4894, ['array', 12, ['unsigned char']]],
+    'Mailbox' : [ 0x48a0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'PrcbPad' : [ 0x48a4, ['array', 60, ['unsigned char']]],
+    'RequestMailbox' : [ 0x48e0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KAPC' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x14, ['pointer', ['void']]],
+    'RundownRoutine' : [ 0x18, ['pointer', ['void']]],
+    'NormalRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Reserved' : [ 0x14, ['array', 3, ['pointer', ['void']]]],
+    'NormalContext' : [ 0x20, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x24, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x28, ['pointer', ['void']]],
+    'ApcStateIndex' : [ 0x2c, ['unsigned char']],
+    'ApcMode' : [ 0x2d, ['unsigned char']],
+    'Inserted' : [ 0x2e, ['unsigned char']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0xa8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x18, ['unsigned long']],
+    'LdtDescriptor' : [ 0x1c, ['_KGDTENTRY']],
+    'Int21Descriptor' : [ 0x24, ['_KIDTENTRY']],
+    'ThreadListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x34, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x38, ['unsigned long long']],
+    'Affinity' : [ 0x40, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x4c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x54, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x58, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x64, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x64, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x64, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'DeepFreeze' : [ 0x64, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x64, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x64, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SpareFlags0' : [ 0x64, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x64, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x64, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x64, ['long']],
+    'BasePriority' : [ 0x68, ['unsigned char']],
+    'QuantumReset' : [ 0x69, ['unsigned char']],
+    'Visited' : [ 0x6a, ['unsigned char']],
+    'Flags' : [ 0x6b, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x6c, ['array', 1, ['unsigned long']]],
+    'IdealNode' : [ 0x70, ['array', 1, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x72, ['unsigned short']],
+    'Spare1' : [ 0x74, ['unsigned short']],
+    'IopmOffset' : [ 0x76, ['unsigned short']],
+    'SchedulingGroup' : [ 0x78, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'StackCount' : [ 0x7c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x80, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x88, ['unsigned long long']],
+    'ContextSwitches' : [ 0x90, ['unsigned long long']],
+    'FreezeCount' : [ 0x98, ['unsigned long']],
+    'KernelTime' : [ 0x9c, ['unsigned long']],
+    'UserTime' : [ 0xa0, ['unsigned long']],
+    'VdmTrapcHandler' : [ 0xa4, ['pointer', ['void']]],
+} ],
+  '_KTHREAD' : [ 0x348, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x10, ['pointer', ['void']]],
+    'QuantumTarget' : [ 0x18, ['unsigned long long']],
+    'InitialStack' : [ 0x20, ['pointer', ['void']]],
+    'StackLimit' : [ 0x24, ['pointer', ['void']]],
+    'StackBase' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLock' : [ 0x2c, ['unsigned long']],
+    'CycleTime' : [ 0x30, ['unsigned long long']],
+    'HighCycleTime' : [ 0x38, ['unsigned long']],
+    'ServiceTable' : [ 0x3c, ['pointer', ['void']]],
+    'CurrentRunTime' : [ 0x40, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x44, ['unsigned long']],
+    'KernelStack' : [ 0x48, ['pointer', ['void']]],
+    'StateSaveArea' : [ 0x4c, ['pointer', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x50, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x54, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x55, ['unsigned char']],
+    'Alerted' : [ 0x56, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x58, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x58, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x58, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x58, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x58, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x58, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x58, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x58, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x58, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x58, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x58, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x58, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x58, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x58, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x58, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x58, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x58, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x58, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x58, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x58, ['long']],
+    'AutoAlignment' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlagsSpare0' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GuiThread' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x5c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x5c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x5c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x5c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x5c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x5c, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x5c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x5c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CommitFailTerminateRequest' : [ 0x5c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x5c, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x5c, ['BitField', dict(start_bit = 19, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x5c, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x5c, ['long']],
+    'Tag' : [ 0x60, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x61, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x63, ['unsigned char']],
+    'SystemCallNumber' : [ 0x64, ['unsigned long']],
+    'FirstArgument' : [ 0x68, ['pointer', ['void']]],
+    'TrapFrame' : [ 0x6c, ['pointer', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x70, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x70, ['array', 23, ['unsigned char']]],
+    'Priority' : [ 0x87, ['unsigned char']],
+    'UserIdealProcessor' : [ 0x88, ['unsigned long']],
+    'ContextSwitches' : [ 0x8c, ['unsigned long']],
+    'State' : [ 0x90, ['unsigned char']],
+    'Spare12' : [ 0x91, ['unsigned char']],
+    'WaitIrql' : [ 0x92, ['unsigned char']],
+    'WaitMode' : [ 0x93, ['unsigned char']],
+    'WaitStatus' : [ 0x94, ['long']],
+    'WaitBlockList' : [ 0x98, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0x9c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x9c, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xa4, ['pointer', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xa8, ['pointer', ['void']]],
+    'RelativeTimerBias' : [ 0xb0, ['unsigned long long']],
+    'Timer' : [ 0xb8, ['_KTIMER']],
+    'WaitBlock' : [ 0xe0, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill8' : [ 0xe0, ['array', 20, ['unsigned char']]],
+    'ThreadCounters' : [ 0xf4, ['pointer', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0xe0, ['array', 44, ['unsigned char']]],
+    'XStateSave' : [ 0x10c, ['pointer', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0xe0, ['array', 68, ['unsigned char']]],
+    'Win32Thread' : [ 0x124, ['pointer', ['void']]],
+    'WaitBlockFill11' : [ 0xe0, ['array', 88, ['unsigned char']]],
+    'WaitTime' : [ 0x138, ['unsigned long']],
+    'KernelApcDisable' : [ 0x13c, ['short']],
+    'SpecialApcDisable' : [ 0x13e, ['short']],
+    'CombinedApcDisable' : [ 0x13c, ['unsigned long']],
+    'QueueListEntry' : [ 0x140, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x148, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x148, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x148, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x14c, ['long']],
+    'Process' : [ 0x150, ['pointer', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x154, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x154, ['array', 6, ['unsigned char']]],
+    'PreviousMode' : [ 0x15a, ['unsigned char']],
+    'BasePriority' : [ 0x15b, ['unsigned char']],
+    'PriorityDecrement' : [ 0x15c, ['unsigned char']],
+    'ForegroundBoost' : [ 0x15c, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x15c, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x15d, ['unsigned char']],
+    'AdjustReason' : [ 0x15e, ['unsigned char']],
+    'AdjustIncrement' : [ 0x15f, ['unsigned char']],
+    'AffinityVersion' : [ 0x160, ['unsigned long']],
+    'Affinity' : [ 0x164, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x164, ['array', 6, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x16a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x16b, ['unsigned char']],
+    'IdealProcessor' : [ 0x16c, ['unsigned long']],
+    'Spare15' : [ 0x170, ['array', 1, ['unsigned long']]],
+    'SavedApcState' : [ 0x174, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x174, ['array', 23, ['unsigned char']]],
+    'WaitReason' : [ 0x18b, ['unsigned char']],
+    'SuspendCount' : [ 0x18c, ['unsigned char']],
+    'Saturation' : [ 0x18d, ['unsigned char']],
+    'SListFaultCount' : [ 0x18e, ['unsigned short']],
+    'SchedulerApc' : [ 0x190, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x190, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x191, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x190, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x193, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x190, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x194, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x190, ['array', 36, ['unsigned char']]],
+    'WaitPrcb' : [ 0x1b4, ['pointer', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x190, ['array', 40, ['unsigned char']]],
+    'LegoData' : [ 0x1b8, ['pointer', ['void']]],
+    'SchedulerApcFill5' : [ 0x190, ['array', 47, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x1bf, ['unsigned char']],
+    'UserTime' : [ 0x1c0, ['unsigned long']],
+    'SuspendEvent' : [ 0x1c4, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x1d4, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x1dc, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x1e4, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x1e5, ['unsigned char']],
+    'Spare20' : [ 0x1e6, ['unsigned short']],
+    'LockEntries' : [ 0x1e8, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x308, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x30c, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x310, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x320, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x324, ['long']],
+    'KeReferenceCount' : [ 0x328, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x32a, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x32b, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x32c, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x330, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x330, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x334, ['unsigned long']],
+    'QueuedScb' : [ 0x338, ['pointer', ['_KSCB']]],
+    'NpxState' : [ 0x340, ['unsigned long long']],
+} ],
+  '_KSTACK_CONTROL' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'ActualLimit' : [ 0x4, ['unsigned long']],
+    'StackExpansion' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousTrapFrame' : [ 0x8, ['pointer', ['_KTRAP_FRAME']]],
+    'PreviousExceptionList' : [ 0xc, ['pointer', ['void']]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Event' : [ 0xc, ['_KEVENT']],
+    'OldIrql' : [ 0x1c, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_SLIST_HEADER' : [ 0x8, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x4, ['unsigned short']],
+    'CpuId' : [ 0x6, ['unsigned short']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x48, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['unsigned long']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['_FAST_MUTEX']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer', ['void']]],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Parameter' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer', ['void']]],
+    'DeleteContext' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x8, {
+    'P' : [ 0x0, ['pointer', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x4, ['pointer', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x100, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long']],
+    'IdleSmtSet' : [ 0x4, ['unsigned long']],
+    'IdleCpuSet' : [ 0x8, ['unsigned long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long']],
+    'IdleConstrainedSet' : [ 0x44, ['unsigned long']],
+    'NonParkedSet' : [ 0x48, ['unsigned long']],
+    'ParkLock' : [ 0x4c, ['long']],
+    'Seed' : [ 0x50, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x84, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x84, ['array', 6, ['unsigned char']]],
+    'NodeNumber' : [ 0x8a, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x8c, ['unsigned short']],
+    'Stride' : [ 0x8e, ['unsigned char']],
+    'Spare0' : [ 0x8f, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x90, ['unsigned long']],
+    'ProximityId' : [ 0x94, ['unsigned long']],
+    'Lowest' : [ 0x98, ['unsigned long']],
+    'Highest' : [ 0x9c, ['unsigned long']],
+    'MaximumProcessors' : [ 0xa0, ['unsigned char']],
+    'Flags' : [ 0xa1, ['_flags']],
+    'Spare10' : [ 0xa2, ['unsigned char']],
+    'HeteroSets' : [ 0xa4, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+} ],
+  '_ENODE' : [ 0x380, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'ExWorkQueues' : [ 0x100, ['array', 8, ['pointer', ['_EX_WORK_QUEUE']]]],
+    'ExWorkQueue' : [ 0x120, ['_EX_WORK_QUEUE']],
+    'ExpThreadSetManagerEvent' : [ 0x2d8, ['_KEVENT']],
+    'ExpDeadlockTimer' : [ 0x2e8, ['_KTIMER']],
+    'ExpThreadReaperEvent' : [ 0x310, ['_KEVENT']],
+    'WaitBlocks' : [ 0x320, ['array', 3, ['_KWAIT_BLOCK']]],
+    'ExpWorkerThreadBalanceManagerPtr' : [ 0x368, ['pointer', ['_ETHREAD']]],
+    'ExpWorkerSeed' : [ 0x36c, ['unsigned long']],
+    'ExWorkerFullInit' : [ 0x370, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerStructInit' : [ 0x370, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExWorkerFlags' : [ 0x370, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE' : [ 0x5c, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long']],
+    'QuotaProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x10, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'StrictFIFO' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x1c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x1c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x24, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x28, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x28, ['array', 20, ['unsigned char']]],
+    'DebugInfo' : [ 0x3c, ['pointer', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x4, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'VolatileLowValue' : [ 0x0, ['long']],
+    'LowValue' : [ 0x0, ['long']],
+    'InfoTable' : [ 0x0, ['pointer', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x4, ['long']],
+    'NextFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x4, ['_EXHANDLE']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'RefCountField' : [ 0x4, ['long']],
+    'GrantedAccessBits' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'ProtectFromClose' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'RefCnt' : [ 0x4, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_FAST_REF' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1336' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0x74, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'AuxData' : [ 0x30, ['pointer', ['void']]],
+    'Privileges' : [ 0x34, ['__unnamed_1336']],
+    'AuditPrivileges' : [ 0x60, ['unsigned char']],
+    'ObjectName' : [ 0x64, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x6c, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xc4, {
+    'PrivilegesUsed' : [ 0x0, ['pointer', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x4, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x14, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x18, ['unsigned long']],
+    'TransactionId' : [ 0x1c, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x30, ['pointer', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x34, ['pointer', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x38, ['pointer', ['void']]],
+    'SDLock' : [ 0x3c, ['pointer', ['void']]],
+    'AccessReasons' : [ 0x40, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xc0, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x458, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x348, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x350, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x350, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x358, ['pointer', ['void']]],
+    'PostBlockList' : [ 0x35c, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x35c, ['pointer', ['void']]],
+    'StartAddress' : [ 0x360, ['pointer', ['void']]],
+    'TerminationPort' : [ 0x364, ['pointer', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x364, ['pointer', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x364, ['pointer', ['void']]],
+    'ActiveTimerListLock' : [ 0x368, ['unsigned long']],
+    'ActiveTimerListHead' : [ 0x36c, ['_LIST_ENTRY']],
+    'Cid' : [ 0x374, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x37c, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x37c, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x390, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x394, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x39c, ['unsigned long']],
+    'DeviceToVerify' : [ 0x3a0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x3a4, ['pointer', ['void']]],
+    'LegacyPowerObject' : [ 0x3a8, ['pointer', ['void']]],
+    'ThreadListEntry' : [ 0x3ac, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x3b4, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x3b8, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x3bc, ['unsigned long']],
+    'MmLockOrdering' : [ 0x3c0, ['long']],
+    'CmLockOrdering' : [ 0x3c4, ['long']],
+    'CrossThreadFlags' : [ 0x3c8, ['unsigned long']],
+    'Terminated' : [ 0x3c8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x3c8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x3c8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x3c8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x3c8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x3c8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x3c8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x3c8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x3c8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x3c8, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x3c8, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x3c8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x3c8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x3c8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x3c8, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x3cc, ['unsigned long']],
+    'ActiveExWorker' : [ 0x3cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x3cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x3cc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x3cc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x3cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x3cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x3cc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x3cc, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x3d0, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x3d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x3d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x3d0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x3d0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x3d0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x3d0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x3d0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x3d0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x3d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x3d1, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x3d4, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x3d5, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x3d6, ['unsigned char']],
+    'LockOrderState' : [ 0x3d7, ['unsigned char']],
+    'AlpcMessageId' : [ 0x3d8, ['unsigned long']],
+    'AlpcMessage' : [ 0x3dc, ['pointer', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x3dc, ['unsigned long']],
+    'ExitStatus' : [ 0x3e0, ['long']],
+    'AlpcWaitListEntry' : [ 0x3e4, ['_LIST_ENTRY']],
+    'CacheManagerCount' : [ 0x3ec, ['unsigned long']],
+    'IoBoostCount' : [ 0x3f0, ['unsigned long']],
+    'BoostList' : [ 0x3f4, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x3fc, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x404, ['unsigned long']],
+    'IrpListLock' : [ 0x408, ['unsigned long']],
+    'ReservedForSynchTracking' : [ 0x40c, ['pointer', ['void']]],
+    'CmCallbackListHead' : [ 0x410, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x414, ['pointer', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x418, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x41c, ['pointer', ['void']]],
+    'KernelStackReference' : [ 0x420, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x424, ['pointer', ['void']]],
+    'WorkingOnBehalfClient' : [ 0x428, ['pointer', ['void']]],
+    'PropertySet' : [ 0x42c, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x438, ['pointer', ['void']]],
+    'UserFsBase' : [ 0x43c, ['unsigned long']],
+    'UserGsBase' : [ 0x440, ['unsigned long']],
+    'EnergyValues' : [ 0x444, ['pointer', ['_THREAD_ENERGY_VALUES']]],
+    'CmCellReferences' : [ 0x448, ['unsigned long']],
+    'SelectedCpuSets' : [ 0x44c, ['unsigned long']],
+    'SelectedCpuSetsIndirect' : [ 0x44c, ['pointer', ['unsigned long']]],
+    'Silo' : [ 0x450, ['pointer', ['_EJOB']]],
+} ],
+  '_EPROCESS' : [ 0x370, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0xa8, ['_EX_PUSH_LOCK']],
+    'RundownProtect' : [ 0xac, ['_EX_RUNDOWN_REF']],
+    'VdmObjects' : [ 0xb0, ['pointer', ['void']]],
+    'UniqueProcessId' : [ 0xb4, ['pointer', ['void']]],
+    'ActiveProcessLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'Flags2' : [ 0xc0, ['unsigned long']],
+    'JobNotReallyActive' : [ 0xc0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0xc0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0xc0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0xc0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0xc0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0xc0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0xc0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0xc0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0xc0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0xc0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0xc0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0xc0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0xc0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0xc0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0xc0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0xc0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0xc0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0xc0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0xc0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0xc0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0xc0, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0xc0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0xc0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0xc0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0xc0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0xc0, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0xc0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0xc0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'CreateReported' : [ 0xc4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0xc4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0xc4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0xc4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ControlFlowGuardEnabled' : [ 0xc4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0xc4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0xc4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0xc4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0xc4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0xc4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0xc4, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0xc4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0xc4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0xc4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0xc4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0xc4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0xc4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0xc4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0xc4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0xc4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0xc4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0xc4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0xc4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0xc4, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0xc4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0xc4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0xc4, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0xc4, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0xc4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0xc8, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0xd0, ['array', 2, ['unsigned long']]],
+    'ProcessQuotaPeak' : [ 0xd8, ['array', 2, ['unsigned long']]],
+    'PeakVirtualSize' : [ 0xe0, ['unsigned long']],
+    'VirtualSize' : [ 0xe4, ['unsigned long']],
+    'SessionProcessLinks' : [ 0xe8, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0xf0, ['pointer', ['void']]],
+    'ExceptionPortValue' : [ 0xf0, ['unsigned long']],
+    'ExceptionPortState' : [ 0xf0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Token' : [ 0xf4, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0xf8, ['unsigned long']],
+    'AddressCreationLock' : [ 0xfc, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x100, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x104, ['pointer', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x108, ['pointer', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x10c, ['pointer', ['_EJOB']]],
+    'CloneRoot' : [ 0x110, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x114, ['unsigned long']],
+    'NumberOfLockedPages' : [ 0x118, ['unsigned long']],
+    'Win32Process' : [ 0x11c, ['pointer', ['void']]],
+    'Job' : [ 0x120, ['pointer', ['_EJOB']]],
+    'SectionObject' : [ 0x124, ['pointer', ['void']]],
+    'SectionBaseAddress' : [ 0x128, ['pointer', ['void']]],
+    'Cookie' : [ 0x12c, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x130, ['pointer', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x134, ['pointer', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x138, ['pointer', ['void']]],
+    'LdtInformation' : [ 0x13c, ['pointer', ['void']]],
+    'OwnerProcessId' : [ 0x140, ['unsigned long']],
+    'Peb' : [ 0x144, ['pointer', ['_PEB']]],
+    'Session' : [ 0x148, ['pointer', ['void']]],
+    'AweInfo' : [ 0x14c, ['pointer', ['void']]],
+    'QuotaBlock' : [ 0x150, ['pointer', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x154, ['pointer', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x158, ['pointer', ['void']]],
+    'PaeTop' : [ 0x15c, ['pointer', ['void']]],
+    'DeviceMap' : [ 0x160, ['pointer', ['void']]],
+    'EtwDataSource' : [ 0x164, ['pointer', ['void']]],
+    'PageDirectoryPte' : [ 0x168, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x170, ['pointer', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x174, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x183, ['unsigned char']],
+    'SecurityPort' : [ 0x184, ['pointer', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x188, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x18c, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x194, ['pointer', ['void']]],
+    'ThreadListHead' : [ 0x198, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x1a0, ['unsigned long']],
+    'ImagePathHash' : [ 0x1a4, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x1a8, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x1ac, ['long']],
+    'PrefetchTrace' : [ 0x1b0, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x1b4, ['pointer', ['void']]],
+    'ReadOperationCount' : [ 0x1b8, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x1c0, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x1c8, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x1d0, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x1e8, ['unsigned long']],
+    'CommitCharge' : [ 0x1ec, ['unsigned long']],
+    'CommitChargePeak' : [ 0x1f0, ['unsigned long']],
+    'Vm' : [ 0x1f4, ['_MMSUPPORT']],
+    'MmProcessLinks' : [ 0x274, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x27c, ['unsigned long']],
+    'ExitStatus' : [ 0x280, ['long']],
+    'VadRoot' : [ 0x284, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x288, ['pointer', ['void']]],
+    'VadCount' : [ 0x28c, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x290, ['unsigned long']],
+    'VadPhysicalPagesLimit' : [ 0x294, ['unsigned long']],
+    'AlpcContext' : [ 0x298, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x2a8, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x2b0, ['pointer', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x2b4, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x2b8, ['unsigned long']],
+    'ExitTime' : [ 0x2c0, ['_LARGE_INTEGER']],
+    'ActiveThreadsHighWatermark' : [ 0x2c8, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x2cc, ['unsigned long']],
+    'ThreadListLock' : [ 0x2d0, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x2d4, ['pointer', ['void']]],
+    'Spare0' : [ 0x2d8, ['unsigned long']],
+    'SignatureLevel' : [ 0x2dc, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x2dd, ['unsigned char']],
+    'Protection' : [ 0x2de, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x2df, ['unsigned char']],
+    'Flags3' : [ 0x2e0, ['unsigned long']],
+    'Minimal' : [ 0x2e0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x2e0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x2e0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x2e0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Crashed' : [ 0x2e0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x2e0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x2e0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x2e0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x2e0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x2e0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'InPrivate' : [ 0x2e0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x2e0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x2e0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x2e0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x2e4, ['long']],
+    'SvmData' : [ 0x2e8, ['pointer', ['void']]],
+    'SvmProcessLock' : [ 0x2ec, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x2f0, ['unsigned long']],
+    'SvmProcessDeviceListHead' : [ 0x2f4, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x300, ['unsigned long long']],
+    'DiskCounters' : [ 0x308, ['pointer', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x30c, ['pointer', ['void']]],
+    'KeepAliveCounter' : [ 0x310, ['unsigned long']],
+    'NoWakeKeepAliveCounter' : [ 0x314, ['unsigned long']],
+    'HighPriorityFaultsAllowed' : [ 0x318, ['unsigned long']],
+    'InstrumentationCallback' : [ 0x31c, ['pointer', ['void']]],
+    'EnergyValues' : [ 0x320, ['pointer', ['_PROCESS_ENERGY_VALUES']]],
+    'VmContext' : [ 0x324, ['pointer', ['void']]],
+    'SequenceNumber' : [ 0x328, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x330, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x338, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x340, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x348, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x350, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x350, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x358, ['unsigned long']],
+    'SharedCommitLock' : [ 0x35c, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x360, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x368, ['unsigned long']],
+    'DefaultCpuSets' : [ 0x36c, ['unsigned long']],
+    'AllowedCpuSetsIndirect' : [ 0x368, ['pointer', ['unsigned long']]],
+    'DefaultCpuSetsIndirect' : [ 0x36c, ['pointer', ['unsigned long']]],
+} ],
+  '__unnamed_1390' : [ 0x4, {
+    'MasterIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1396' : [ 0x8, {
+    'UserApcRoutine' : [ 0x0, ['pointer', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer', ['void']]],
+    'UserApcContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1398' : [ 0x8, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_1396']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13a1' : [ 0x2c, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer', ['void']]]],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x14, ['pointer', ['unsigned char']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x20, ['pointer', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x20, ['unsigned long']],
+    'OriginalFileObject' : [ 0x24, ['pointer', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '__unnamed_13a3' : [ 0x30, {
+    'Overlay' : [ 0x0, ['__unnamed_13a1']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IRP' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x4, ['pointer', ['_MDL']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AssociatedIrp' : [ 0xc, ['__unnamed_1390']],
+    'ThreadListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x18, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x20, ['unsigned char']],
+    'PendingReturned' : [ 0x21, ['unsigned char']],
+    'StackCount' : [ 0x22, ['unsigned char']],
+    'CurrentLocation' : [ 0x23, ['unsigned char']],
+    'Cancel' : [ 0x24, ['unsigned char']],
+    'CancelIrql' : [ 0x25, ['unsigned char']],
+    'ApcEnvironment' : [ 0x26, ['unsigned char']],
+    'AllocationFlags' : [ 0x27, ['unsigned char']],
+    'UserIosb' : [ 0x28, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x2c, ['pointer', ['_KEVENT']]],
+    'Overlay' : [ 0x30, ['__unnamed_1398']],
+    'CancelRoutine' : [ 0x38, ['pointer', ['void']]],
+    'UserBuffer' : [ 0x3c, ['pointer', ['void']]],
+    'Tail' : [ 0x40, ['__unnamed_13a3']],
+} ],
+  '__unnamed_13aa' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'FileAttributes' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'EaLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13ae' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13b2' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13b4' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13b8' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13ba' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13bc' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13be' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0xc, ['unsigned char']],
+    'AdvanceOnly' : [ 0xd, ['unsigned char']],
+    'ClusterCount' : [ 0xc, ['unsigned long']],
+    'DeleteHandle' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13c0' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x4, ['pointer', ['void']]],
+    'EaListLength' : [ 0x8, ['unsigned long']],
+    'EaIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13c2' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13c6' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsDataCopyInformation', 13: 'FileFsMetadataSizeInformation', 14: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13c8' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'FsControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13cb' : [ 0x10, {
+    'Length' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13cd' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'IoControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13cf' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13d1' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_13d5' : [ 0x8, {
+    'Vpb' : [ 0x0, ['pointer', ['_VPB']]],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_13d9' : [ 0x4, {
+    'Srb' : [ 0x0, ['pointer', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_13dd' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x4, ['pointer', ['void']]],
+    'SidList' : [ 0x8, ['pointer', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13e1' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_13e5' : [ 0x10, {
+    'InterfaceType' : [ 0x0, ['pointer', ['_GUID']]],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned short']],
+    'Interface' : [ 0x8, ['pointer', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13e9' : [ 0x4, {
+    'Capabilities' : [ 0x0, ['pointer', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_13ed' : [ 0x4, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_13ef' : [ 0x10, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['void']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+    'Length' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13f1' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_13f5' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_13f9' : [ 0x8, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13fd' : [ 0x8, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_1401' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_1405' : [ 0x4, {
+    'PowerSequence' : [ 0x0, ['pointer', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_140d' : [ 0x10, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x8, ['_POWER_STATE']],
+    'ShutdownType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_1411' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x4, ['pointer', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1413' : [ 0x10, {
+    'ProviderId' : [ 0x0, ['unsigned long']],
+    'DataPath' : [ 0x4, ['pointer', ['void']]],
+    'BufferSize' : [ 0x8, ['unsigned long']],
+    'Buffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1415' : [ 0x10, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1417' : [ 0x10, {
+    'Create' : [ 0x0, ['__unnamed_13aa']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13ae']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13b2']],
+    'Read' : [ 0x0, ['__unnamed_13b4']],
+    'Write' : [ 0x0, ['__unnamed_13b4']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13b8']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13ba']],
+    'QueryFile' : [ 0x0, ['__unnamed_13bc']],
+    'SetFile' : [ 0x0, ['__unnamed_13be']],
+    'QueryEa' : [ 0x0, ['__unnamed_13c0']],
+    'SetEa' : [ 0x0, ['__unnamed_13c2']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13c6']],
+    'SetVolume' : [ 0x0, ['__unnamed_13c6']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13c8']],
+    'LockControl' : [ 0x0, ['__unnamed_13cb']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_13cd']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_13cf']],
+    'SetSecurity' : [ 0x0, ['__unnamed_13d1']],
+    'MountVolume' : [ 0x0, ['__unnamed_13d5']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_13d5']],
+    'Scsi' : [ 0x0, ['__unnamed_13d9']],
+    'QueryQuota' : [ 0x0, ['__unnamed_13dd']],
+    'SetQuota' : [ 0x0, ['__unnamed_13c2']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_13e1']],
+    'QueryInterface' : [ 0x0, ['__unnamed_13e5']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_13e9']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_13ed']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_13ef']],
+    'SetLock' : [ 0x0, ['__unnamed_13f1']],
+    'QueryId' : [ 0x0, ['__unnamed_13f5']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_13f9']],
+    'UsageNotification' : [ 0x0, ['__unnamed_13fd']],
+    'WaitWake' : [ 0x0, ['__unnamed_1401']],
+    'PowerSequence' : [ 0x0, ['__unnamed_1405']],
+    'Power' : [ 0x0, ['__unnamed_140d']],
+    'StartDevice' : [ 0x0, ['__unnamed_1411']],
+    'WMI' : [ 0x0, ['__unnamed_1413']],
+    'Others' : [ 0x0, ['__unnamed_1415']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x24, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x4, ['__unnamed_1417']],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_142d' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x14, ['pointer', ['_IRP']]],
+    'Timer' : [ 0x18, ['pointer', ['_IO_TIMER']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Characteristics' : [ 0x20, ['unsigned long']],
+    'Vpb' : [ 0x24, ['pointer', ['_VPB']]],
+    'DeviceExtension' : [ 0x28, ['pointer', ['void']]],
+    'DeviceType' : [ 0x2c, ['unsigned long']],
+    'StackSize' : [ 0x30, ['unsigned char']],
+    'Queue' : [ 0x34, ['__unnamed_142d']],
+    'AlignmentRequirement' : [ 0x5c, ['unsigned long']],
+    'DeviceQueue' : [ 0x60, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0x74, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x94, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x98, ['pointer', ['void']]],
+    'DeviceLock' : [ 0x9c, ['_KEVENT']],
+    'SectorSize' : [ 0xac, ['unsigned short']],
+    'Spare1' : [ 0xae, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0xb0, ['pointer', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0xb4, ['pointer', ['void']]],
+} ],
+  '_KDPC' : [ 0x20, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x8, ['unsigned long']],
+    'DeferredRoutine' : [ 0xc, ['pointer', ['void']]],
+    'DeferredContext' : [ 0x10, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x14, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x18, ['pointer', ['void']]],
+    'DpcData' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x14, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x4, ['pointer', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x8, ['pointer', ['void']]],
+    'TxnParameters' : [ 0xc, ['pointer', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x10, ['pointer', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x2f8, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x20, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0x60, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0x68, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0x78, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0x80, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0x88, ['unsigned long']],
+    'TotalProcesses' : [ 0x8c, ['unsigned long']],
+    'ActiveProcesses' : [ 0x90, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0x94, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0x98, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xa0, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xa8, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0xac, ['unsigned long']],
+    'LimitFlags' : [ 0xb0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xb4, ['unsigned long']],
+    'Affinity' : [ 0xb8, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0xc4, ['pointer', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0xc8, ['pointer', ['void']]],
+    'UIRestrictionsClass' : [ 0xcc, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0xd0, ['unsigned long']],
+    'CompletionPort' : [ 0xd4, ['pointer', ['void']]],
+    'CompletionKey' : [ 0xd8, ['pointer', ['void']]],
+    'CompletionCount' : [ 0xe0, ['unsigned long long']],
+    'SessionId' : [ 0xe8, ['unsigned long']],
+    'SchedulingClass' : [ 0xec, ['unsigned long']],
+    'ReadOperationCount' : [ 0xf0, ['unsigned long long']],
+    'WriteOperationCount' : [ 0xf8, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x100, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x108, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x110, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x118, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x120, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x148, ['unsigned long']],
+    'JobMemoryLimit' : [ 0x14c, ['unsigned long']],
+    'JobTotalMemoryLimit' : [ 0x150, ['unsigned long']],
+    'PeakProcessMemoryUsed' : [ 0x154, ['unsigned long']],
+    'PeakJobMemoryUsed' : [ 0x158, ['unsigned long']],
+    'EffectiveAffinity' : [ 0x15c, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x168, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x170, ['unsigned long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x174, ['unsigned long']],
+    'EffectiveProcessMemoryLimit' : [ 0x178, ['unsigned long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x17c, ['pointer', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x180, ['pointer', ['_EJOB']]],
+    'EffectiveDiskIoRateLimitJob' : [ 0x184, ['pointer', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x188, ['pointer', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x18c, ['pointer', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x190, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x194, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x198, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x19c, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x1a0, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x1a4, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x1a8, ['unsigned char']],
+    'PriorityClass' : [ 0x1a9, ['unsigned char']],
+    'NestingDepth' : [ 0x1aa, ['unsigned char']],
+    'Reserved1' : [ 0x1ab, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x1ac, ['unsigned long']],
+    'WakeChannel' : [ 0x1b0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x1b0, ['_PS_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x1e8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x1f0, ['unsigned long']],
+    'OwnedHighEdgeFilters' : [ 0x1f4, ['unsigned long']],
+    'NotificationLink' : [ 0x1f8, ['pointer', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x200, ['unsigned long long']],
+    'NotificationInfo' : [ 0x208, ['pointer', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x20c, ['pointer', ['void']]],
+    'NotificationPacket' : [ 0x210, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x214, ['pointer', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x218, ['pointer', ['void']]],
+    'ReadyTime' : [ 0x220, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x228, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x22c, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x234, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x23c, ['pointer', ['_EJOB']]],
+    'RootJob' : [ 0x240, ['pointer', ['_EJOB']]],
+    'IteratorListHead' : [ 0x244, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x24c, ['unsigned long']],
+    'Ancestors' : [ 0x250, ['pointer', ['pointer', ['_EJOB']]]],
+    'SessionObject' : [ 0x250, ['pointer', ['void']]],
+    'Accounting' : [ 0x258, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x2a8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x2ac, ['unsigned long']],
+    'SequenceNumber' : [ 0x2b0, ['unsigned long']],
+    'TimerListLock' : [ 0x2b4, ['unsigned long']],
+    'TimerListHead' : [ 0x2b8, ['_LIST_ENTRY']],
+    'ContainerId' : [ 0x2c0, ['_GUID']],
+    'Container' : [ 0x2d0, ['pointer', ['_SILO_CONTEXT']]],
+    'PropertySet' : [ 0x2d4, ['_PS_PROPERTY_SET']],
+    'NetRateControl' : [ 0x2e0, ['pointer', ['_JOB_NET_RATE_CONTROL']]],
+    'IoRateControl' : [ 0x2e4, ['pointer', ['_JOB_IO_RATE_CONTROL']]],
+    'JobFlags' : [ 0x2e8, ['unsigned long']],
+    'CloseDone' : [ 0x2e8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x2e8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x2e8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x2e8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x2e8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x2e8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x2e8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x2e8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x2e8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x2e8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x2e8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x2e8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x2e8, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x2e8, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x2e8, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x2e8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x2e8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x2e8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x2e8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x2e8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x2e8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x2e8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x2e8, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x2e8, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x2e8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x2e8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x2e8, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x2e8, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x2e8, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x2e8, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'SpareJobFlags' : [ 0x2e8, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+    'EffectiveHighEdgeFilters' : [ 0x2ec, ['unsigned long']],
+    'EnergyValues' : [ 0x2f0, ['pointer', ['_PROCESS_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x2f4, ['unsigned long']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MDL']]],
+    'Size' : [ 0x4, ['short']],
+    'MdlFlags' : [ 0x6, ['short']],
+    'Process' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0xc, ['pointer', ['void']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'ByteCount' : [ 0x14, ['unsigned long']],
+    'ByteOffset' : [ 0x18, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x68, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x5c, ['pointer', ['void']]],
+    'UserContext' : [ 0x60, ['pointer', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0x80, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x8, ['pointer', ['_VPB']]],
+    'FsContext' : [ 0xc, ['pointer', ['void']]],
+    'FsContext2' : [ 0x10, ['pointer', ['void']]],
+    'SectionObjectPointer' : [ 0x14, ['pointer', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x18, ['pointer', ['void']]],
+    'FinalStatus' : [ 0x1c, ['long']],
+    'RelatedFileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x24, ['unsigned char']],
+    'DeletePending' : [ 0x25, ['unsigned char']],
+    'ReadAccess' : [ 0x26, ['unsigned char']],
+    'WriteAccess' : [ 0x27, ['unsigned char']],
+    'DeleteAccess' : [ 0x28, ['unsigned char']],
+    'SharedRead' : [ 0x29, ['unsigned char']],
+    'SharedWrite' : [ 0x2a, ['unsigned char']],
+    'SharedDelete' : [ 0x2b, ['unsigned char']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x40, ['unsigned long']],
+    'Busy' : [ 0x44, ['unsigned long']],
+    'LastLock' : [ 0x48, ['pointer', ['void']]],
+    'Lock' : [ 0x4c, ['_KEVENT']],
+    'Event' : [ 0x5c, ['_KEVENT']],
+    'CompletionContext' : [ 0x6c, ['pointer', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0x70, ['unsigned long']],
+    'IrpList' : [ 0x74, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x4, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x38, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0x8, ['unsigned long']],
+    'CurrentFileIndex' : [ 0x8, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+    'FirstFileEntry' : [ 0x28, ['pointer', ['unsigned long']]],
+    'Process' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer', ['unsigned long']]],
+    'LastPageFrameEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0xc, ['pointer', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x10, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x28, ['pointer', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x2c, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x38, ['pointer', ['pointer', ['void']]]],
+    'Oplock' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedForRemote' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedContext' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_iobuf' : [ 0x20, {
+    '_ptr' : [ 0x0, ['pointer', ['unsigned char']]],
+    '_cnt' : [ 0x4, ['long']],
+    '_base' : [ 0x8, ['pointer', ['unsigned char']]],
+    '_flag' : [ 0xc, ['long']],
+    '_file' : [ 0x10, ['long']],
+    '_charbuf' : [ 0x14, ['long']],
+    '_bufsiz' : [ 0x18, ['long']],
+    '_tmpfname' : [ 0x1c, ['pointer', ['unsigned char']]],
+} ],
+  '_TlgProvider_t' : [ 0x30, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x4, ['pointer', ['unsigned short']]],
+    'KeywordAny' : [ 0x8, ['unsigned long long']],
+    'KeywordAll' : [ 0x10, ['unsigned long long']],
+    'RegHandle' : [ 0x18, ['unsigned long long']],
+    'EnableCallback' : [ 0x20, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x24, ['pointer', ['void']]],
+    'AnnotationFunc' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_1618' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'HighLow' : [ 0x0, ['_MMPTE_HIGHLOW']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_1618']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0xc, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x4, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0x8, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x8, ['pointer', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'ReservedLowFlags' : [ 0xe, ['unsigned char']],
+    'WaiterPriority' : [ 0xf, ['unsigned char']],
+    'SharedWaiters' : [ 0x10, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x18, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0xc, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x14, {
+    'Total' : [ 0x0, ['unsigned long']],
+    'ListName' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x8, ['unsigned long']],
+    'Blink' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_1650' : [ 0x4, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'WsIndex' : [ 0x0, ['unsigned long']],
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_1654' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'ShortFlags' : [ 0x2, ['unsigned short']],
+    'VolatileShortFlags' : [ 0x2, ['unsigned short']],
+} ],
+  '__unnamed_1656' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY']],
+    'e2' : [ 0x0, ['__unnamed_1654']],
+} ],
+  '__unnamed_165b' : [ 0x4, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 27, native_type='unsigned long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPFN' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_1650']],
+    'PteAddress' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x4, ['pointer', ['void']]],
+    'PteLong' : [ 0x4, ['unsigned long']],
+    'OriginalPte' : [ 0x8, ['_MMPTE']],
+    'u2' : [ 0x10, ['_MIPFNBLINK']],
+    'u3' : [ 0x14, ['__unnamed_1656']],
+    'u4' : [ 0x18, ['__unnamed_165b']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x34, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'BasePte' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'VaType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'MiVaUnused', 1: 'MiVaSessionSpace', 2: 'MiVaProcessSpace', 3: 'MiVaBootLoaded', 4: 'MiVaPfnDatabase', 5: 'MiVaNonPagedPool', 6: 'MiVaPagedPool', 7: 'MiVaSpecialPoolPaged', 8: 'MiVaSystemCache', 9: 'MiVaSystemPtes', 10: 'MiVaHal', 11: 'MiVaSessionGlobalSpace', 12: 'MiVaDriverImages', 13: 'MiVaSpecialPoolNonPaged', 14: 'MiVaPagedProtoPool', 15: 'MiVaMaximumType', 16: 'MiVaSystemPtesLarge'})]],
+    'FailureCount' : [ 0x14, ['pointer', ['unsigned long']]],
+    'PteFailures' : [ 0x18, ['unsigned long']],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'GlobalPushLock' : [ 0x1c, ['pointer', ['_EX_PUSH_LOCK']]],
+    'Vm' : [ 0x20, ['pointer', ['_MMSUPPORT']]],
+    'TotalSystemPtes' : [ 0x24, ['unsigned long']],
+    'Hint' : [ 0x28, ['unsigned long']],
+    'CachedPtes' : [ 0x2c, ['pointer', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x30, ['unsigned long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x30, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0xc, ['pointer', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x10, ['pointer', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x14, ['unsigned long']],
+    'NumberOfReferences' : [ 0x18, ['unsigned long']],
+    'CloneHeader' : [ 0x1c, ['pointer', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x20, ['unsigned long']],
+    'NestingLevel' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_168b' : [ 0x4, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_168b']],
+} ],
+  '_MMWSL' : [ 0xe48, {
+    'FirstFree' : [ 0x0, ['unsigned long']],
+    'FirstDynamic' : [ 0x4, ['unsigned long']],
+    'LastEntry' : [ 0x8, ['unsigned long']],
+    'NextSlot' : [ 0xc, ['unsigned long']],
+    'LastInitializedWsle' : [ 0x10, ['unsigned long']],
+    'NextAgingSlot' : [ 0x14, ['unsigned long']],
+    'NextAccessClearingSlot' : [ 0x18, ['unsigned long']],
+    'LastAccessClearingRemainder' : [ 0x1c, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x20, ['unsigned long']],
+    'WsleSize' : [ 0x24, ['unsigned long']],
+    'NonDirectCount' : [ 0x28, ['unsigned long']],
+    'LowestPagableAddress' : [ 0x2c, ['pointer', ['void']]],
+    'NonDirectHash' : [ 0x30, ['pointer', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x34, ['pointer', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x38, ['pointer', ['_MMWSLE_HASH']]],
+    'ActiveWsleCounts' : [ 0x3c, ['array', 16, ['unsigned long']]],
+    'ActiveWsles' : [ 0x7c, ['array', 16, ['_MI_ACTIVE_WSLE_LISTHEAD']]],
+    'Wsle' : [ 0xfc, ['pointer', ['_MMWSLE']]],
+    'UserVaInfo' : [ 0x100, ['_MI_USER_VA_INFO']],
+} ],
+  '_MMSUPPORT' : [ 0x80, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'ExitOutswapGate' : [ 0x4, ['pointer', ['_KGATE']]],
+    'AccessLog' : [ 0x8, ['pointer', ['void']]],
+    'WorkingSetExpansionLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x14, ['array', 7, ['unsigned long']]],
+    'MinimumWorkingSetSize' : [ 0x30, ['unsigned long']],
+    'WorkingSetLeafSize' : [ 0x34, ['unsigned long']],
+    'WorkingSetLeafPrivateSize' : [ 0x38, ['unsigned long']],
+    'WorkingSetSize' : [ 0x3c, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x40, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x44, ['unsigned long']],
+    'ChargedWslePages' : [ 0x48, ['unsigned long']],
+    'ActualWslePages' : [ 0x4c, ['unsigned long']],
+    'WorkingSetSizeOverhead' : [ 0x50, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x54, ['unsigned long']],
+    'HardFaultCount' : [ 0x58, ['unsigned long']],
+    'VmWorkingSetList' : [ 0x5c, ['pointer', ['_MMWSL']]],
+    'NextPageColor' : [ 0x60, ['unsigned short']],
+    'LastTrimStamp' : [ 0x62, ['unsigned short']],
+    'PageFaultCount' : [ 0x64, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x68, ['unsigned long']],
+    'Reserved0' : [ 0x6c, ['unsigned long']],
+    'Flags' : [ 0x70, ['_MMSUPPORT_FLAGS']],
+    'ReleasedCommitDebt' : [ 0x74, ['unsigned long']],
+    'WsSwapSupport' : [ 0x78, ['pointer', ['void']]],
+    'CommitReAcquireFailSupport' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '__unnamed_16a6' : [ 0x4, {
+    'ImageCommitment' : [ 0x0, ['unsigned long']],
+    'CreatingProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+} ],
+  '__unnamed_16aa' : [ 0x4, {
+    'ImageInformation' : [ 0x0, ['pointer', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x20, ['__unnamed_16a6']],
+    'u2' : [ 0x24, ['__unnamed_16aa']],
+    'PrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_16af' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_16b9' : [ 0xc, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 25, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_16bb' : [ 0xc, {
+    'e2' : [ 0x0, ['__unnamed_16b9']],
+} ],
+  '_CONTROL_AREA' : [ 0x50, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'ListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0xc, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x10, ['unsigned long']],
+    'NumberOfMappedViews' : [ 0x14, ['unsigned long']],
+    'NumberOfUserReferences' : [ 0x18, ['unsigned long']],
+    'u' : [ 0x1c, ['__unnamed_16af']],
+    'FilePointer' : [ 0x20, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x24, ['long']],
+    'ModifiedWriteCount' : [ 0x28, ['unsigned long']],
+    'WaitList' : [ 0x2c, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x30, ['__unnamed_16bb']],
+    'LockedPages' : [ 0x40, ['unsigned long long']],
+    'FileObjectLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_16d0' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_16d3' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x28, {
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'NextVad' : [ 0x0, ['pointer', ['_MMVAD_SHORT']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x1c, ['__unnamed_16d0']],
+    'u1' : [ 0x20, ['__unnamed_16d3']],
+    'EventList' : [ 0x24, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MI_PARTITION' : [ 0x18c0, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0xb8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x288, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x300, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x400, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0xb80, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0xc00, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0xc40, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0xd18, ['pointer', ['void']]],
+    'WorkingSetExpansionHead' : [ 0xd1c, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0xd40, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_MM_STORE_KEY' : [ 0x4, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 28, native_type='unsigned long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireKey' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPAGING_FILE' : [ 0xa8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'MinimumSize' : [ 0x8, ['unsigned long']],
+    'FreeSpace' : [ 0xc, ['unsigned long']],
+    'PeakUsage' : [ 0x10, ['unsigned long']],
+    'HighestPage' : [ 0x14, ['unsigned long']],
+    'FreeReservationSpace' : [ 0x18, ['unsigned long']],
+    'File' : [ 0x1c, ['pointer', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x20, ['array', 2, ['pointer', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x28, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x30, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x38, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x3c, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x40, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x44, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x48, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x4c, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x50, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x54, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0x5c, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0x64, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0x6c, ['pointer', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0x70, ['unsigned long']],
+    'HybridPriority' : [ 0x70, ['unsigned long']],
+    'PageFileNumber' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x76, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x76, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0x77, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0x77, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0x78, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0x7c, ['unsigned long']],
+    'PageHash' : [ 0x80, ['pointer', ['unsigned long']]],
+    'FileHandle' : [ 0x84, ['pointer', ['void']]],
+    'Lock' : [ 0x88, ['unsigned long']],
+    'LockOwner' : [ 0x8c, ['pointer', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0x90, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x94, ['pointer', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x98, ['_RTL_BALANCED_NODE']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x68, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CMP_SILO_CONTEXT' : [ 0x10, {
+    'LockEntryHead' : [ 0x0, ['_LIST_ENTRY']],
+    'LockListUnderCleanup' : [ 0x8, ['unsigned char']],
+    'ContextLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_171e' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapForLoaderHive', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpMapHiveImage', 8: '_HvpRecoverData', 9: '_CmpValidateHiveSecurityDescriptors', 10: '_HvpEnlistBinInMap', 11: '_CmCheckRegistry', 12: '_CmRegistryIO', 13: '_CmCheckRegistry2', 14: '_CmpCheckKey', 15: '_CmpCheckValueList', 16: '_HvCheckHive', 17: '_HvCheckBin', 18: '_HvpGetLogEntryDirtyVector', 19: '_HvpReadLogEntryHeader', 20: '_HvpReadLogEntry', 21: '_CmpMountPreloadedHives', 22: '_CmpLoadHiveThread'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1721' : [ 0xc, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x4, ['pointer', ['void']]],
+    'Status' : [ 0x8, ['long']],
+} ],
+  '__unnamed_1723' : [ 0x4, {
+    'CheckStack' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1727' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x4, ['pointer', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x8, ['pointer', ['void']]],
+    'Index' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1729' : [ 0x10, {
+    'List' : [ 0x0, ['pointer', ['_CELL_DATA']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Cell' : [ 0x8, ['unsigned long']],
+    'CellPoint' : [ 0xc, ['pointer', ['_CELL_DATA']]],
+} ],
+  '__unnamed_172d' : [ 0xc, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer', ['_HBIN']]],
+} ],
+  '__unnamed_1731' : [ 0x8, {
+    'Bin' : [ 0x0, ['pointer', ['_HBIN']]],
+    'CellPoint' : [ 0x4, ['pointer', ['_HCELL']]],
+} ],
+  '__unnamed_1733' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x120, {
+    'Hive' : [ 0x0, ['pointer', ['_HHIVE']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'RecoverableIndex' : [ 0x8, ['unsigned long']],
+    'Locations' : [ 0xc, ['array', 8, ['__unnamed_171e']]],
+    'RecoverableLocations' : [ 0x6c, ['array', 8, ['__unnamed_171e']]],
+    'RegistryIO' : [ 0xcc, ['__unnamed_1721']],
+    'CheckRegistry2' : [ 0xd8, ['__unnamed_1723']],
+    'CheckKey' : [ 0xdc, ['__unnamed_1727']],
+    'CheckValueList' : [ 0xec, ['__unnamed_1729']],
+    'CheckHive' : [ 0xfc, ['__unnamed_172d']],
+    'CheckHive1' : [ 0x108, ['__unnamed_172d']],
+    'CheckBin' : [ 0x114, ['__unnamed_1731']],
+    'RecoverData' : [ 0x11c, ['__unnamed_1733']],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x8, ['unsigned long']],
+    'Counters' : [ 0xc, ['pointer', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x8, {
+    'Data' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0xc, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 38, ['unsigned long']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 38, ['unsigned long long']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x1840, {
+    'TimerExpiry' : [ 0x0, ['array', 16, ['pointer', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x40, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Entry' : [ 0x4, ['_LIST_ENTRY']],
+    'Time' : [ 0x10, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x20, {
+    'Reserved1' : [ 0x0, ['long long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+    'Prev' : [ 0xc, ['pointer', ['_XSTATE_SAVE']]],
+    'Reserved3' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Thread' : [ 0x14, ['pointer', ['_KTHREAD']]],
+    'Reserved4' : [ 0x18, ['pointer', ['void']]],
+    'Level' : [ 0x1c, ['unsigned char']],
+    'XStateContext' : [ 0x0, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x134, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'ReadySummary' : [ 0x4, ['unsigned long']],
+    'ReadyListHead' : [ 0x8, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x108, ['array', 32, ['unsigned char']]],
+    'Span' : [ 0x128, ['unsigned char']],
+    'LowProcIndex' : [ 0x129, ['unsigned char']],
+    'QueueIndex' : [ 0x12a, ['unsigned char']],
+    'ProcCount' : [ 0x12b, ['unsigned char']],
+    'ScanOwner' : [ 0x12c, ['unsigned char']],
+    'Spare' : [ 0x12d, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x130, ['unsigned long']],
+} ],
+  '_KAFFINITY_EX' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0xc, {
+    'Affinity' : [ 0x0, ['pointer', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x4, ['unsigned long']],
+    'CurrentIndex' : [ 0x8, ['unsigned short']],
+} ],
+  '__unnamed_1841' : [ 0x4, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1843' : [ 0x4, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1847' : [ 0x10, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0xc, ['pointer', ['unsigned short']]],
+} ],
+  '_DEVICE_NODE' : [ 0x1cc, {
+    'Sibling' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x2c, ['long']],
+    'FxRemoveEvent' : [ 0x30, ['_KEVENT']],
+    'FxActivationCount' : [ 0x40, ['long']],
+    'FxSleepCount' : [ 0x44, ['long']],
+    'Plugin' : [ 0x48, ['pointer', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x4c, ['unsigned long']],
+    'CurrentPowerState' : [ 0x50, ['_POWER_STATE']],
+    'Notify' : [ 0x54, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x90, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0xa0, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0xa8, ['unsigned long']],
+    'State' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0xb0, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0xb4, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x104, ['unsigned long']],
+    'CompletionStatus' : [ 0x108, ['long']],
+    'Flags' : [ 0x10c, ['unsigned long']],
+    'UserFlags' : [ 0x110, ['unsigned long']],
+    'Problem' : [ 0x114, ['unsigned long']],
+    'ProblemStatus' : [ 0x118, ['long']],
+    'ResourceList' : [ 0x11c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x120, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x124, ['pointer', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x128, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x130, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x134, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x138, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x13c, ['unsigned short']],
+    'RemovalPolicy' : [ 0x13e, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x13f, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x140, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x148, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x150, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x158, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x15a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x15c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x15e, ['unsigned short']],
+    'OverUsed1' : [ 0x160, ['__unnamed_1841']],
+    'OverUsed2' : [ 0x164, ['__unnamed_1843']],
+    'BootResources' : [ 0x168, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x16c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x170, ['unsigned long']],
+    'DockInfo' : [ 0x174, ['__unnamed_1847']],
+    'DisableableDepends' : [ 0x184, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x188, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x190, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x198, ['unsigned long']],
+    'PreviousParent' : [ 0x19c, ['pointer', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x1a0, ['long']],
+    'NumaNodeIndex' : [ 0x1a4, ['unsigned long']],
+    'ContainerID' : [ 0x1a8, ['_GUID']],
+    'OverrideFlags' : [ 0x1b8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x1bc, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x1c0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x1c4, ['pointer', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x1c8, ['unsigned long']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x38, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x2c, ['pointer', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x30, ['pointer', ['unsigned long long']]],
+    'EnableLevel' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x2c, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x8, ['unsigned long']],
+    'CompletedList' : [ 0xc, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x14, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x28, ['unsigned long']],
+} ],
+  '_KSEMAPHORE' : [ 0x14, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x10, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x38, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x8, ['unsigned long']],
+    'Dope' : [ 0xc, ['pointer', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x10, ['unsigned long']],
+    'DeviceNode' : [ 0x14, ['pointer', ['void']]],
+    'AttachedTo' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x1c, ['long']],
+    'StartIoKey' : [ 0x20, ['long']],
+    'StartIoFlags' : [ 0x24, ['unsigned long']],
+    'Vpb' : [ 0x28, ['pointer', ['_VPB']]],
+    'DependencyNode' : [ 0x2c, ['pointer', ['void']]],
+    'InterruptContext' : [ 0x30, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0xc, {
+    'Mask' : [ 0x0, ['unsigned long']],
+    'Group' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['array', 3, ['unsigned short']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0xc, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x28, {
+    'PhysicalDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'AllocationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0xc, ['unsigned long']],
+    'Position' : [ 0x10, ['unsigned long']],
+    'ResourceRequirements' : [ 0x14, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x18, ['pointer', ['void']]],
+    'ResourceAssignment' : [ 0x1c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x20, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x24, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1941' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1941']],
+} ],
+  '__unnamed_1948' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1948']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_X86_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x14, ['pointer', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x30, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PullDefault', 1: 'PullUp', 2: 'PullDown', 3: 'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'IoRestrictionNone', 1: 'IoRestrictionInputOnly', 2: 'IoRestrictionOutputOnly', 3: 'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x1c, ['pointer', ['unsigned short']]],
+    'PinCount' : [ 0x20, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x22, ['unsigned char']],
+    'ResourceSourceName' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x28, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x20, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'SlaveAddress' : [ 0x1c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x18, ['unsigned long']],
+    'RxBufferSize' : [ 0x1c, ['unsigned short']],
+    'TxBufferSize' : [ 0x1e, ['unsigned short']],
+    'Parity' : [ 0x20, ['unsigned char']],
+    'LinesInUse' : [ 0x21, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'DataBitLength' : [ 0x1c, ['unsigned char']],
+    'Phase' : [ 0x1d, ['unsigned char']],
+    'Polarity' : [ 0x1e, ['unsigned char']],
+    'DeviceSelection' : [ 0x20, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x100, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x14, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x18, ['pointer', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x1c, ['pointer', ['void']]],
+    'Accounting' : [ 0x20, ['pointer', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_POP_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x1a8, {
+    'Name' : [ 0x0, ['pointer', ['unsigned short']]],
+    'Id' : [ 0x4, ['unsigned char']],
+    'Guid' : [ 0x8, ['_GUID']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Priority' : [ 0x1c, ['unsigned char']],
+    'Settings' : [ 0x20, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x180, ['unsigned long long']],
+    'Count' : [ 0x188, ['unsigned long long']],
+    'MaxDuration' : [ 0x190, ['unsigned long long']],
+    'MinDuration' : [ 0x198, ['unsigned long long']],
+    'TotalDuration' : [ 0x1a0, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xb0, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfBoostPolicy' : [ 0x2c, ['unsigned long']],
+    'PerfBoostMode' : [ 0x30, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x34, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x38, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x3c, ['unsigned long']],
+    'AutonomousPreference' : [ 0x40, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x41, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x43, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x45, ['unsigned char']],
+    'ParkingPerfState' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x48, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x49, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x4a, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x4b, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x4c, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x4d, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x4e, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x50, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x54, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x58, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x5a, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x5c, ['unsigned char']],
+    'IdleDisabled' : [ 0x5d, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x60, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x64, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x65, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x66, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x67, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x68, ['array', 32, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x88, ['array', 32, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xa8, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xa9, ['unsigned char']],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x90, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x14, ['unsigned long']],
+    'LogHandleContext' : [ 0x18, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0x84, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0x88, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x178, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x28, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x30, ['array', 4, ['pointer', ['_VACB']]]],
+    'Vacbs' : [ 0x40, ['pointer', ['pointer', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x44, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x4c, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'Flags' : [ 0x60, ['unsigned long']],
+    'Status' : [ 0x64, ['long']],
+    'Mbcb' : [ 0x68, ['pointer', ['_MBCB']]],
+    'Section' : [ 0x6c, ['pointer', ['void']]],
+    'CreateEvent' : [ 0x70, ['pointer', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0x74, ['pointer', ['_KEVENT']]],
+    'PagesToWrite' : [ 0x78, ['unsigned long']],
+    'BeyondLastFlush' : [ 0x80, ['long long']],
+    'Callbacks' : [ 0x88, ['pointer', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0x8c, ['pointer', ['void']]],
+    'PrivateList' : [ 0x90, ['_LIST_ENTRY']],
+    'V1' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0xa0, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0xa8, ['unsigned long']],
+    'LazyWritePassCount' : [ 0xac, ['unsigned long']],
+    'UninitializeEvent' : [ 0xb0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0xb4, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0xd8, ['_LARGE_INTEGER']],
+    'Event' : [ 0xe0, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0xf8, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x160, ['pointer', ['void']]],
+    'VolumeCacheMap' : [ 0x164, ['pointer', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x168, ['unsigned long']],
+    'WritesInProgress' : [ 0x16c, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x170, ['unsigned long']],
+} ],
+  '__unnamed_1a2d' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x8, ['__unnamed_1a2d']],
+    'ArrayHead' : [ 0x10, ['pointer', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '__unnamed_1a52' : [ 0x4, {
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_1a54' : [ 0x4, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1a56' : [ 0x4, {
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+} ],
+  '__unnamed_1a58' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1a5a' : [ 0x1c, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x4, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x8, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_1a5e' : [ 0x38, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'PrefetchList' : [ 0x18, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x1c, ['unsigned long']],
+    'Mdl' : [ 0x20, ['pointer', ['_MDL']]],
+    'IoStatusBlock' : [ 0x24, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'RequestorMode' : [ 0x30, ['unsigned char']],
+    'NestingLevel' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_1a60' : [ 0x38, {
+    'Read' : [ 0x0, ['__unnamed_1a52']],
+    'Write' : [ 0x0, ['__unnamed_1a54']],
+    'Event' : [ 0x0, ['__unnamed_1a56']],
+    'Notification' : [ 0x0, ['__unnamed_1a58']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1a5a']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1a5e']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x48, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x8, ['__unnamed_1a60']],
+    'Function' : [ 0x40, ['unsigned char']],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x18, {
+    'Callback' : [ 0x0, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0x4, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x68, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x8, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0xc, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x18, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x40, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x44, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x48, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x50, ['pointer', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x54, ['unsigned long']],
+    'LastLWTimeStamp' : [ 0x58, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x60, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0x88, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x18, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x20, ['long long']],
+    'BitmapRange1' : [ 0x28, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x48, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x68, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x8, ['long long']],
+    'FirstDirtyPage' : [ 0x10, ['unsigned long']],
+    'LastDirtyPage' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'Bitmap' : [ 0x1c, ['pointer', ['unsigned long']]],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x10, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x8, ['pointer', ['void']]],
+    'VacbLevelsAllocated' : [ 0xc, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x24, {
+    'ExtendedLookup' : [ 0x0, ['pointer', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x4, ['unsigned long']],
+    'ExtraItem' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x10, ['unsigned long']],
+    'BaseIndex' : [ 0x14, ['unsigned long']],
+    'ListHead' : [ 0x18, ['pointer', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'ListHints' : [ 0x20, ['pointer', ['pointer', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x248, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+    'Flags' : [ 0x40, ['unsigned long']],
+    'ForceFlags' : [ 0x44, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x48, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x4c, ['unsigned long']],
+    'Encoding' : [ 0x50, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x58, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x5c, ['unsigned long']],
+    'Signature' : [ 0x60, ['unsigned long']],
+    'SegmentReserve' : [ 0x64, ['unsigned long']],
+    'SegmentCommit' : [ 0x68, ['unsigned long']],
+    'DeCommitFreeBlockThreshold' : [ 0x6c, ['unsigned long']],
+    'DeCommitTotalFreeThreshold' : [ 0x70, ['unsigned long']],
+    'TotalFreeSize' : [ 0x74, ['unsigned long']],
+    'MaximumAllocationSize' : [ 0x78, ['unsigned long']],
+    'ProcessHeapsListIndex' : [ 0x7c, ['unsigned short']],
+    'HeaderValidateLength' : [ 0x7e, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0x80, ['pointer', ['void']]],
+    'NextAvailableTagIndex' : [ 0x84, ['unsigned short']],
+    'MaximumTagIndex' : [ 0x86, ['unsigned short']],
+    'TagEntries' : [ 0x88, ['pointer', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0x8c, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x94, ['unsigned long']],
+    'AlignMask' : [ 0x98, ['unsigned long']],
+    'VirtualAllocdBlocks' : [ 0x9c, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0xa4, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0xac, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0xb0, ['unsigned long']],
+    'BlocksIndex' : [ 0xb4, ['pointer', ['void']]],
+    'UCRIndex' : [ 0xb8, ['pointer', ['void']]],
+    'PseudoTagEntries' : [ 0xbc, ['pointer', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0xc0, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0xc8, ['pointer', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0xcc, ['pointer', ['void']]],
+    'FrontEndHeap' : [ 0xd0, ['pointer', ['void']]],
+    'FrontHeapLockCount' : [ 0xd4, ['unsigned short']],
+    'FrontEndHeapType' : [ 0xd6, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0xd7, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0xd8, ['pointer', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0xdc, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0xde, ['array', 257, ['unsigned char']]],
+    'Counters' : [ 0x1e0, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x23c, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1ace' : [ 0x38, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x38, {
+    'Lock' : [ 0x0, ['__unnamed_1ace']],
+} ],
+  '_HEAP_ENTRY' : [ 0x8, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x40, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x20, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x8, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x10, ['unsigned long']],
+    'ReserveSize' : [ 0x14, ['unsigned long']],
+    'BusyBlock' : [ 0x18, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x10, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+    'FreeList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1b21' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1b23' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b21']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1b25' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1b27' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1b25']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1b23']],
+    'u2' : [ 0x4, ['__unnamed_1b27']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x20, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x14, ['pointer', ['void']]],
+    'DestroyProcedure' : [ 0x18, ['pointer', ['void']]],
+    'UsualSize' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_1b44' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1b46' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1b44']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x18, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'u1' : [ 0x8, ['__unnamed_1b46']],
+    'ResourceId' : [ 0x9, ['unsigned char']],
+    'CachedReferences' : [ 0xa, ['short']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Pad' : [ 0x10, ['unsigned long']],
+    'Lock' : [ 0x14, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1b5a' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b5c' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b5a']],
+} ],
+  '_KALPC_SECTION' : [ 0x28, {
+    'SectionObject' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'HandleTable' : [ 0x8, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0xc, ['pointer', ['void']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x14, ['pointer', ['_ALPC_PORT']]],
+    'u1' : [ 0x18, ['__unnamed_1b5c']],
+    'NumberOfRegions' : [ 0x1c, ['unsigned long']],
+    'RegionListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1b65' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b67' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b65']],
+} ],
+  '_KALPC_REGION' : [ 0x30, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x8, ['pointer', ['_KALPC_SECTION']]],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ViewSize' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_1b67']],
+    'NumberOfViews' : [ 0x1c, ['unsigned long']],
+    'ViewListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x28, ['pointer', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x2c, ['pointer', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1b6d' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b6f' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b6d']],
+} ],
+  '_KALPC_VIEW' : [ 0x34, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x8, ['pointer', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'Address' : [ 0x14, ['pointer', ['void']]],
+    'Size' : [ 0x18, ['unsigned long']],
+    'SecureViewHandle' : [ 0x1c, ['pointer', ['void']]],
+    'WriteAccessHandle' : [ 0x20, ['pointer', ['void']]],
+    'u1' : [ 0x24, ['__unnamed_1b6f']],
+    'NumberOfOwnerMessages' : [ 0x28, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x28, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x4, ['pointer', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0xc, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x14, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x24, ['pointer', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1b8c' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b8e' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b8c']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x11c, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x10, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x14, ['pointer', ['void']]],
+    'CompletionPacketLookaside' : [ 0x18, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x1c, ['pointer', ['void']]],
+    'StaticSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x60, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0x74, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0x7c, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0x80, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0x8c, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0x94, ['pointer', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'PortAttributes' : [ 0x98, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0xc4, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0xd0, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0xd4, ['pointer', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0xd8, ['pointer', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0xdc, ['pointer', ['void']]],
+    'CanceledQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0xe8, ['long']],
+    'ReferenceNo' : [ 0xec, ['long']],
+    'ReferenceNoWait' : [ 0xf0, ['pointer', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0xf4, ['__unnamed_1b8e']],
+    'TargetQueuePort' : [ 0xf8, ['pointer', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0xfc, ['pointer', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x100, ['pointer', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x104, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x108, ['unsigned long']],
+    'PendingQueueLength' : [ 0x10c, ['unsigned long']],
+    'DirectQueueLength' : [ 0x110, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x114, ['unsigned long']],
+    'WaitQueueLength' : [ 0x118, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x58, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x10, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x14, ['pointer', ['void']]],
+    'UserLimit' : [ 0x18, ['pointer', ['void']]],
+    'DataUserVa' : [ 0x1c, ['pointer', ['void']]],
+    'SystemVa' : [ 0x20, ['pointer', ['void']]],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'Header' : [ 0x28, ['pointer', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x2c, ['pointer', ['void']]],
+    'ListSize' : [ 0x30, ['unsigned long']],
+    'Bitmap' : [ 0x34, ['pointer', ['void']]],
+    'BitmapSize' : [ 0x38, ['unsigned long']],
+    'Data' : [ 0x3c, ['pointer', ['void']]],
+    'DataSize' : [ 0x40, ['unsigned long']],
+    'BitmapLimit' : [ 0x44, ['unsigned long']],
+    'BitmapNextHint' : [ 0x48, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x4c, ['unsigned long']],
+    'AttributeFlags' : [ 0x50, ['unsigned long']],
+    'AttributeSize' : [ 0x54, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ObjectName' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x10, ['pointer', ['void']]],
+    'SecurityQualityOfService' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0x90, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x10, ['pointer', ['void']]],
+    'Index' : [ 0x14, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x18, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x1c, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x20, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x24, ['unsigned long']],
+    'TypeInfo' : [ 0x28, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0x84, ['unsigned long']],
+    'CallbackList' : [ 0x88, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x14, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1bb1' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bb3' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bb1']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x90, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'u1' : [ 0x14, ['__unnamed_1bb3']],
+    'SequenceNo' : [ 0x18, ['long']],
+    'QuotaProcess' : [ 0x1c, ['pointer', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x1c, ['pointer', ['void']]],
+    'CancelSequencePort' : [ 0x20, ['pointer', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x24, ['pointer', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x28, ['long']],
+    'CancelListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x34, ['pointer', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x38, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0x58, ['pointer', ['void']]],
+    'CommunicationInfo' : [ 0x5c, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0x60, ['pointer', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0x64, ['pointer', ['_ETHREAD']]],
+    'WakeReference' : [ 0x68, ['pointer', ['void']]],
+    'ExtensionBuffer' : [ 0x6c, ['pointer', ['void']]],
+    'ExtensionBufferSize' : [ 0x70, ['unsigned long']],
+    'PortMessage' : [ 0x78, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x24, {
+    'PortObject' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'Message' : [ 0x4, ['pointer', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'TargetPort' : [ 0x10, ['pointer', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x14, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalLength' : [ 0x1c, ['unsigned short']],
+    'Type' : [ 0x1e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x20, ['unsigned short']],
+    'SignalCompletion' : [ 0x22, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x23, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x4, ['unsigned long']],
+    'ViewBase' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x14, {
+    'OwnerPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x4, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Message' : [ 0xc, ['pointer', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x20, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ObjectType' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x20, {
+    'ClientContext' : [ 0x0, ['pointer', ['void']]],
+    'ServerContext' : [ 0x4, ['pointer', ['void']]],
+    'PortContext' : [ 0x8, ['pointer', ['void']]],
+    'CancelPortContext' : [ 0xc, ['pointer', ['void']]],
+    'SecurityData' : [ 0x10, ['pointer', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x14, ['pointer', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x18, ['pointer', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x1c, ['_KALPC_DIRECT_EVENT']],
+} ],
+  '__unnamed_1bf6' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bf8' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bf6']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x50, {
+    'HandleTable' : [ 0x0, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x4, ['pointer', ['void']]],
+    'OwningProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x10, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x4c, ['__unnamed_1bf8']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x4, {
+    'Event' : [ 0x0, ['unsigned long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x8, ['unsigned long']],
+    'KeyContext' : [ 0xc, ['pointer', ['void']]],
+    'ApcContext' : [ 0x10, ['pointer', ['void']]],
+    'IoStatus' : [ 0x14, ['long']],
+    'IoStatusInformation' : [ 0x18, ['unsigned long']],
+    'MiniPacketCallback' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Allocated' : [ 0x24, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x28, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer', ['void']]],
+    'ActivityId' : [ 0xc, ['_GUID']],
+    'Timestamp' : [ 0x1c, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x1c, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x1c, ['pointer', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x20, ['long long']],
+} ],
+  '_DRIVER_OBJECT' : [ 0xa8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DriverStart' : [ 0xc, ['pointer', ['void']]],
+    'DriverSize' : [ 0x10, ['unsigned long']],
+    'DriverSection' : [ 0x14, ['pointer', ['void']]],
+    'DriverExtension' : [ 0x18, ['pointer', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x1c, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x28, ['pointer', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x2c, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x30, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x34, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x38, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x14, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0xc, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x28, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+    'FoIoPriorityHint' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0x78, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x8, ['long']],
+    'Information' : [ 0xc, ['unsigned long']],
+    'ParseCheck' : [ 0x10, ['unsigned long']],
+    'RelatedFileObject' : [ 0x14, ['pointer', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x18, ['pointer', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x28, ['unsigned long']],
+    'FileAttributes' : [ 0x2c, ['unsigned short']],
+    'ShareAccess' : [ 0x2e, ['unsigned short']],
+    'EaBuffer' : [ 0x30, ['pointer', ['void']]],
+    'EaLength' : [ 0x34, ['unsigned long']],
+    'Options' : [ 0x38, ['unsigned long']],
+    'Disposition' : [ 0x3c, ['unsigned long']],
+    'BasicInformation' : [ 0x40, ['pointer', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x44, ['pointer', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x4c, ['pointer', ['void']]],
+    'Override' : [ 0x50, ['unsigned char']],
+    'QueryOnly' : [ 0x51, ['unsigned char']],
+    'DeleteOnly' : [ 0x52, ['unsigned char']],
+    'FullAttributes' : [ 0x53, ['unsigned char']],
+    'LocalFileObject' : [ 0x54, ['pointer', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x58, ['unsigned long']],
+    'AccessMode' : [ 0x5c, ['unsigned char']],
+    'DriverCreateContext' : [ 0x60, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1cc1' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x110, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1cc1']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer', ['unsigned short']]],
+    'LogFileName' : [ 0x3c, ['pointer', ['unsigned short']]],
+    'TimeZone' : [ 0x40, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0xf8, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x108, ['unsigned long']],
+    'BuffersLost' : [ 0x10c, ['unsigned long']],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x288, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 1, ['unsigned long']]],
+    'ErrorMarker' : [ 0x18, ['unsigned long']],
+    'SizeMask' : [ 0x1c, ['unsigned long']],
+    'GetCpuClock' : [ 0x20, ['pointer', ['void']]],
+    'LoggerThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x28, ['long']],
+    'FailureReason' : [ 0x2c, ['unsigned long']],
+    'BufferQueue' : [ 0x30, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x3c, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x48, ['_LIST_ENTRY']],
+    'ProviderBinaryList' : [ 0x50, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x58, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x58, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x5c, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x64, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x6c, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0x74, ['_UNICODE_STRING']],
+    'ClockType' : [ 0x7c, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0x80, ['unsigned long']],
+    'FlushTimer' : [ 0x84, ['unsigned long']],
+    'FlushThreshold' : [ 0x88, ['unsigned long']],
+    'ByteOffset' : [ 0x90, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0x98, ['unsigned long']],
+    'BuffersAvailable' : [ 0x9c, ['long']],
+    'NumberOfBuffers' : [ 0xa0, ['long']],
+    'MaximumBuffers' : [ 0xa4, ['unsigned long']],
+    'EventsLost' : [ 0xa8, ['unsigned long']],
+    'PeakBuffersCount' : [ 0xac, ['long']],
+    'BuffersWritten' : [ 0xb0, ['unsigned long']],
+    'LogBuffersLost' : [ 0xb4, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xb8, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xbc, ['unsigned long']],
+    'SequencePtr' : [ 0xc0, ['pointer', ['long']]],
+    'LocalSequence' : [ 0xc4, ['unsigned long']],
+    'InstanceGuid' : [ 0xc8, ['_GUID']],
+    'MaximumFileSize' : [ 0xd8, ['unsigned long']],
+    'FileCounter' : [ 0xdc, ['long']],
+    'PoolType' : [ 0xe0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0xe8, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0xf8, ['long']],
+    'ProviderInfoSize' : [ 0xfc, ['unsigned long']],
+    'Consumers' : [ 0x100, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x108, ['unsigned long']],
+    'TransitionConsumer' : [ 0x10c, ['pointer', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x110, ['pointer', ['void']]],
+    'RealtimeLogfileName' : [ 0x114, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x120, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x128, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x130, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x138, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x140, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x148, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x150, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x160, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x164, ['_KEVENT']],
+    'FlushEvent' : [ 0x174, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x188, ['_KTIMER']],
+    'LoggerDpc' : [ 0x1b0, ['_KDPC']],
+    'LoggerMutex' : [ 0x1d0, ['_KMUTANT']],
+    'LoggerLock' : [ 0x1f0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x1f4, ['unsigned long']],
+    'BufferListPushLock' : [ 0x1f4, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x1f8, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x234, ['pointer', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x238, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x240, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x248, ['pointer', ['void']]],
+    'BufferSequenceNumber' : [ 0x250, ['long long']],
+    'Flags' : [ 0x258, ['unsigned long']],
+    'Persistent' : [ 0x258, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x258, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x258, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x258, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x258, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x258, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x258, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x258, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x258, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x258, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x258, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x258, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x258, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x258, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x258, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'SpareFlags1' : [ 0x258, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x258, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x258, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x258, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x25c, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x25c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x25c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x25c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x25c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x25c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x25c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x25c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x25c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x25c, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x260, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x268, ['pointer', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x26c, ['pointer', ['_ETW_PMC_SUPPORT']]],
+    'WinRtProviderBinaryList' : [ 0x270, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x278, ['pointer', ['pointer', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x27c, ['_DISALLOWED_GUIDS']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x24, {
+    'Source' : [ 0x0, ['array', -16, ['Enumeration', dict(target = 'long', choices = {0: 'ProfileTime', 1: 'ProfileAlignmentFixup', 2: 'ProfileTotalIssues', 3: 'ProfilePipelineDry', 4: 'ProfileLoadInstructions', 5: 'ProfilePipelineFrozen', 6: 'ProfileBranchInstructions', 7: 'ProfileTotalNonissues', 8: 'ProfileDcacheMisses', 9: 'ProfileIcacheMisses', 10: 'ProfileCacheMisses', 11: 'ProfileBranchMispredictions', 12: 'ProfileStoreInstructions', 13: 'ProfileFpInstructions', 14: 'ProfileIntegerInstructions', 15: 'Profile2Issue', 16: 'Profile3Issue', 17: 'Profile4Issue', 18: 'ProfileSpecialInstructions', 19: 'ProfileTotalCycles', 20: 'ProfileIcacheIssues', 21: 'ProfileDcacheAccesses', 22: 'ProfileMemoryBarrierCycles', 23: 'ProfileLoadLinkedIssues', 24: 'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x10, ['unsigned long']],
+    'HookId' : [ 0x14, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x1c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x20, ['array', 1, ['pointer', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0xa80, {
+    'EtwpSecurityProviderGuidEntry' : [ 0x0, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x168, ['array', 64, ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'WmipLoggerContext' : [ 0x268, ['array', 64, ['pointer', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x368, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0xa68, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0xa78, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0xa79, ['unsigned char']],
+    'EtwpSecurityProviderPID' : [ 0xa7c, ['unsigned long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x10, {
+    'RunRefs' : [ 0x0, ['pointer', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x4, ['pointer', ['void']]],
+    'RunRefSize' : [ 0x8, ['unsigned long']],
+    'Number' : [ 0xc, ['unsigned long']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x298, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x34, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x94, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x98, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0x9c, ['pointer', ['void']]],
+    'DynamicPart' : [ 0xa0, ['pointer', ['unsigned long']]],
+    'DefaultDacl' : [ 0xa4, ['pointer', ['_ACL']]],
+    'TokenType' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xb0, ['unsigned long']],
+    'TokenInUse' : [ 0xb4, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xb8, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xbc, ['unsigned long']],
+    'LogonSession' : [ 0xc0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xc4, ['_LUID']],
+    'SidHash' : [ 0xcc, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x154, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x1dc, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x1e0, ['pointer', ['void']]],
+    'Capabilities' : [ 0x1e4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x1e8, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x1ec, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x274, ['pointer', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x278, ['pointer', ['_SEP_LOWBOX_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x27c, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x280, ['pointer', ['void']]],
+    'TrustLinkedToken' : [ 0x284, ['pointer', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x288, ['pointer', ['void']]],
+    'TokenSidValues' : [ 0x28c, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x290, ['pointer', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'VariablePart' : [ 0x294, ['unsigned long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x64, {
+    'Next' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x4, ['_LUID']],
+    'BuddyLogonId' : [ 0xc, ['_LUID']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'pDeviceMap' : [ 0x1c, ['pointer', ['_DEVICE_MAP']]],
+    'Token' : [ 0x20, ['pointer', ['void']]],
+    'AccountName' : [ 0x24, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x2c, ['_UNICODE_STRING']],
+    'LowBoxHandlesTable' : [ 0x34, ['_SEP_LOWBOX_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x40, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x44, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x48, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0x58, ['pointer', ['_EJOB']]],
+    'SiblingAuthId' : [ 0x5c, ['_LUID']],
+} ],
+  '_OBJECT_HEADER' : [ 0x20, {
+    'PointerCount' : [ 0x0, ['long']],
+    'HandleCount' : [ 0x4, ['long']],
+    'NextToFree' : [ 0x4, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0xc, ['unsigned char']],
+    'TraceFlags' : [ 0xd, ['unsigned char']],
+    'DbgRefTrace' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0xe, ['unsigned char']],
+    'Flags' : [ 0xf, ['unsigned char']],
+    'NewObject' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0xf, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0xf, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0xf, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0xf, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectCreateInfo' : [ 0x10, ['pointer', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x10, ['pointer', ['void']]],
+    'SecurityDescriptor' : [ 0x14, ['pointer', ['void']]],
+    'Body' : [ 0x18, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x10, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x8, {
+    'ExclusiveProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x8, {
+    'HandleCountDataBase' : [ 0x0, ['pointer', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x10, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x4, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0xc, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x10, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x8, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x8, {
+    'SecurityDescriptor' : [ 0x0, ['pointer', ['void']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_REVOCATION_INFO' : [ 0x10, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x8, ['pointer', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'Padding1' : [ 0xc, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x18, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'EntryLink' : [ 0x8, ['pointer', ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0xc, ['unsigned long']],
+    'HashIndex' : [ 0x10, ['unsigned short']],
+    'DirectoryLocked' : [ 0x12, ['unsigned char']],
+    'LockedExclusive' : [ 0x13, ['unsigned char']],
+    'LockStateSignature' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0xac, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x94, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x98, ['pointer', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x9c, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'SessionId' : [ 0xa0, ['unsigned long']],
+    'NamespaceEntry' : [ 0xa4, ['pointer', ['void']]],
+    'Flags' : [ 0xa8, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x1a4, {
+    'SystemDeviceMap' : [ 0x0, ['pointer', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x4, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x74, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_DEVICE_MAP' : [ 0x34, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x4, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x8, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'DriveMap' : [ 0x10, ['unsigned long']],
+    'DriveType' : [ 0x14, ['array', 32, ['unsigned char']]],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0xc, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x4, ['pointer', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x8, ['pointer', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x418, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x8, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0xc, ['unsigned long']],
+    'ErrorCount' : [ 0x10, ['long']],
+    'RecordCount' : [ 0x14, ['unsigned long']],
+    'RecordLength' : [ 0x18, ['unsigned long']],
+    'PoolTag' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x24, ['pointer', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x28, ['pointer', ['void']]],
+    'SectionCount' : [ 0x2c, ['unsigned long']],
+    'SectionLength' : [ 0x30, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x38, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x40, ['unsigned long']],
+    'TotalErrors' : [ 0x44, ['unsigned long']],
+    'Deferred' : [ 0x48, ['unsigned char']],
+    'Descriptor' : [ 0x49, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xe4, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'ProcessorNumber' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x14, ['long']],
+    'ErrorSource' : [ 0x18, ['pointer', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x1c, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x1c, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'ConnectLock' : [ 0x4, ['_KEVENT']],
+    'LineMasked' : [ 0x14, ['unsigned char']],
+    'InterruptList' : [ 0x18, ['pointer', ['_KINTERRUPT']]],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x4, {
+    'ImpersonationData' : [ 0x0, ['unsigned long']],
+    'ImpersonationToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x4, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer', ['_VI_POOL_ENTRY']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'WorkQueue' : [ 0x18, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x40, ['pointer', ['void']]],
+    'AcceptProcessorNotification' : [ 0x44, ['pointer', ['void']]],
+    'AcceptAcpiNotification' : [ 0x48, ['pointer', ['void']]],
+    'WorkOrderCount' : [ 0x4c, ['unsigned long']],
+    'WorkOrders' : [ 0x50, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x30, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x4, ['unsigned long']],
+    'SenderPort' : [ 0x8, ['pointer', ['void']]],
+    'RepliedToThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'PortContext' : [ 0x10, ['pointer', ['void']]],
+    'Request' : [ 0x18, ['_PORT_MESSAGE']],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x2c, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long']],
+    'MemoryBandwidth' : [ 0x14, ['unsigned long']],
+    'MaxPoolUsage' : [ 0x18, ['unsigned long']],
+    'MaxSectionSize' : [ 0x1c, ['unsigned long']],
+    'MaxViewSize' : [ 0x20, ['unsigned long']],
+    'MaxTotalSectionSize' : [ 0x24, ['unsigned long']],
+    'DupObjectTypes' : [ 0x28, ['unsigned long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x100, {
+    'DeleteSubsectionCleanup' : [ 0x0, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x10, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x20, ['unsigned long']],
+    'DereferenceSegmentHeader' : [ 0x24, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x40, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x48, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0x70, ['unsigned char']],
+    'DeleteOnCloseCount' : [ 0x74, ['unsigned long']],
+    'UnusedSegmentList' : [ 0x78, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0x80, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0x88, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0x90, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0xa0, ['_SINGLE_LIST_ENTRY']],
+    'SegmentListLock' : [ 0xc0, ['long']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x128, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x104, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x124, ['unsigned long']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0xc, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x10, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x14, ['unsigned short']],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x10, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Processor' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Reserved1' : [ 0x2, ['unsigned char']],
+    'Timer2Reserved2' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Instrumented' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x168, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x8, ['long']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'RegListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x24, ['pointer', ['void']]],
+    'LastEnable' : [ 0x28, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x28, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x38, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x58, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x158, ['pointer', ['_ETW_FILTER_HEADER']]],
+    'HostSilo' : [ 0x15c, ['unsigned char']],
+    'Lock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x164, ['pointer', ['_ETHREAD']]],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x10, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'DontUse0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'PointerProtoPte' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'WaitResponse' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+} ],
+  '_HEAP_COUNTERS' : [ 0x5c, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long']],
+    'TotalMemoryCommitted' : [ 0x4, ['unsigned long']],
+    'TotalMemoryLargeUCR' : [ 0x8, ['unsigned long']],
+    'TotalSizeInVirtualBlocks' : [ 0xc, ['unsigned long']],
+    'TotalSegments' : [ 0x10, ['unsigned long']],
+    'TotalUCRs' : [ 0x14, ['unsigned long']],
+    'CommittOps' : [ 0x18, ['unsigned long']],
+    'DeCommitOps' : [ 0x1c, ['unsigned long']],
+    'LockAcquires' : [ 0x20, ['unsigned long']],
+    'LockCollisions' : [ 0x24, ['unsigned long']],
+    'CommitRate' : [ 0x28, ['unsigned long']],
+    'DecommittRate' : [ 0x2c, ['unsigned long']],
+    'CommitFailures' : [ 0x30, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x34, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x38, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x3c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x40, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x44, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x48, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x4c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x50, ['unsigned long']],
+    'HighWatermarkSize' : [ 0x54, ['unsigned long']],
+    'LastPolledSize' : [ 0x58, ['unsigned long']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0xb80, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long']],
+    'HighestPhysicalPage' : [ 0x4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x8, ['unsigned long']],
+    'NumberOfPagingFiles' : [ 0xc, ['unsigned long']],
+    'PagingFile' : [ 0x10, ['array', 16, ['pointer', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0x80, ['unsigned long']],
+    'ResidentAvailablePages' : [ 0xc0, ['unsigned long']],
+    'TotalCommittedPages' : [ 0xc4, ['unsigned long']],
+    'ModifiedPageListHead' : [ 0x100, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x140, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x154, ['unsigned long']],
+    'TotalPagesForPagingFile' : [ 0x158, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x15c, ['unsigned long']],
+    'ProcessLockedFilePages' : [ 0x160, ['unsigned long']],
+    'ChargeCommitmentFailures' : [ 0x164, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x174, ['long']],
+    'PageFileTraces' : [ 0x178, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x10, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x8c, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x80, ['unsigned long']],
+    'NumberOfEntries' : [ 0x84, ['unsigned long']],
+    'NumberOfEntriesPeak' : [ 0x88, ['unsigned long']],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0xc, ['pointer', ['void']]],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_MI_ACTIVE_WSLE_LISTHEAD' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x44, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x18, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x1c, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x20, ['pointer', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Lock' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x2c, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x30, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x31, ['unsigned char']],
+    'LightestSleepState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x38, ['pointer', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x3c, ['unsigned char']],
+    'DeleteType' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'QueryRemoveDevice', 1: 'CancelRemoveDevice', 2: 'RemoveDevice', 3: 'SurpriseRemoveDevice', 4: 'EjectDevice', 5: 'RemoveFailedDevice', 6: 'RemoveUnstartedFailedDevice', 7: 'MaxDeviceDeleteType'})]],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0xc0, {
+    'Latency' : [ 0x0, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x4, ['unsigned long']],
+    'VetoAccounting' : [ 0x8, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x20, ['unsigned char']],
+    'Platform' : [ 0x21, ['unsigned char']],
+    'DependencyListCount' : [ 0x24, ['unsigned long']],
+    'Processors' : [ 0x28, ['_KAFFINITY_EX']],
+    'Name' : [ 0x34, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0x3c, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x40, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x48, ['unsigned long long']],
+    'RefCount' : [ 0x80, ['long']],
+    'CacheAlign0' : [ 0x80, ['array', 64, ['unsigned char']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x38, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x30, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x38, {
+    'SidHash' : [ 0x0, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x8, ['pointer', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0xc, ['_LUID']],
+    'TokenType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x1c, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'AppContainerNumber' : [ 0x24, ['unsigned long']],
+    'PackageSid' : [ 0x28, ['pointer', ['void']]],
+    'CapabilitiesHash' : [ 0x2c, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x30, ['pointer', ['void']]],
+    'SecurityAttributes' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x8, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x4, ['unsigned long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x8, {
+    'Key' : [ 0x0, ['pointer', ['void']]],
+    'Index' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x1c, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x10, ['long']],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'WatchdogTimerInfo' : [ 0x18, ['pointer', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'FloppyMedia' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x10, {
+    'Va' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'Pattern' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0x8, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0x8, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0xc, ['unsigned long']],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x50, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 1, ['_GUID']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x10, ['_KEVENT']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x1c, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x4, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x8, ['pointer', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_CM_KEY_BODY' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x8, ['pointer', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0xc, ['pointer', ['void']]],
+    'KeyBodyList' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x18, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KtmTrans' : [ 0x1c, ['pointer', ['void']]],
+    'KtmUow' : [ 0x20, ['pointer', ['_GUID']]],
+    'ContextListHead' : [ 0x24, ['_LIST_ENTRY']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x18, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x8, ['unsigned char']],
+    'BlockState' : [ 0x9, ['unsigned char']],
+    'WaitKey' : [ 0xa, ['unsigned short']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0xc, ['pointer', ['_KQUEUE']]],
+    'Object' : [ 0x10, ['pointer', ['void']]],
+    'SparePtr' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+} ],
+  '__unnamed_1ea3' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_1ea5' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_1ea3']],
+    'Private' : [ 0x0, ['__unnamed_1ea5']],
+} ],
+  '_KTIMER2' : [ 0x58, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x10, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x28, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x38, ['long long']],
+    'Callback' : [ 0x40, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x44, ['pointer', ['void']]],
+    'DisableCallback' : [ 0x48, ['pointer', ['void']]],
+    'DisableContext' : [ 0x4c, ['pointer', ['void']]],
+    'AbsoluteSystemTime' : [ 0x50, ['unsigned char']],
+    'TypeFlags' : [ 0x51, ['unsigned char']],
+    'Unused' : [ 0x51, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x51, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x51, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x51, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x51, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x52, ['array', 2, ['unsigned char']]],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x10, {
+    'IssueType' : [ 0x0, ['unsigned long']],
+    'Address' : [ 0x4, ['pointer', ['void']]],
+    'Parameters' : [ 0x8, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SubsectionMappedDirect' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x8, {
+    'ExceptionRecord' : [ 0x0, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x4, ['pointer', ['_CONTEXT']]],
+} ],
+  '_KMUTANT' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x18, ['pointer', ['_KTHREAD']]],
+    'Abandoned' : [ 0x1c, ['unsigned char']],
+    'ApcDisable' : [ 0x1d, ['unsigned char']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x1c, {
+    'ObjectHeader' : [ 0x0, ['pointer', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x18, ['unsigned short']],
+    'MaxStacks' : [ 0x1a, ['unsigned short']],
+    'StackInfo' : [ 0x1c, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0xc, {
+    'DynamicRelocations' : [ 0x0, ['pointer', ['void']]],
+    'SecurityContext' : [ 0x4, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x8, ['unsigned long']],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x130, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x8, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0xc, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x10, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x98, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x120, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x124, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x128, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x12c, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x40, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'TagIndex' : [ 0xc, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xe, ['unsigned short']],
+    'TagName' : [ 0x10, ['array', 24, ['wchar']]],
+} ],
+  '_MMPTE_HIGHLOW' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x4, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 12, native_type='unsigned long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_NT_TIB' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x4, ['pointer', ['void']]],
+    'StackLimit' : [ 0x8, ['pointer', ['void']]],
+    'SubSystemTib' : [ 0xc, ['pointer', ['void']]],
+    'FiberData' : [ 0x10, ['pointer', ['void']]],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['pointer', ['void']]],
+    'Self' : [ 0x18, ['pointer', ['_NT_TIB']]],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x140, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'ForceIdle' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ReasonFlags' : [ 0x24, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x28, ['unsigned long long']],
+    'PreviousStatus' : [ 0x30, ['long']],
+    'PreviousCancelReason' : [ 0x34, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x38, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0x44, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x50, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x54, ['pointer', ['void']]],
+    'IdleExecute' : [ 0x58, ['pointer', ['void']]],
+    'IdlePreselect' : [ 0x5c, ['pointer', ['void']]],
+    'IdleTest' : [ 0x60, ['pointer', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x64, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x68, ['pointer', ['void']]],
+    'IdleCancel' : [ 0x6c, ['pointer', ['void']]],
+    'IdleIsHalted' : [ 0x70, ['pointer', ['void']]],
+    'IdleInitiateWake' : [ 0x74, ['pointer', ['void']]],
+    'PrepareInfo' : [ 0x78, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0xc8, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0xd4, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0xd8, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0xdc, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0xe4, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0xec, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0xfc, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x18, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0xc, ['unsigned char']],
+    'BlocksDrips' : [ 0xd, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x10, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x14, ['pointer', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_PEB' : [ 0x460, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['pointer', ['void']]],
+    'ImageBaseAddress' : [ 0x8, ['pointer', ['void']]],
+    'Ldr' : [ 0xc, ['pointer', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x10, ['pointer', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x14, ['pointer', ['void']]],
+    'ProcessHeap' : [ 0x18, ['pointer', ['void']]],
+    'FastPebLock' : [ 0x1c, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x20, ['pointer', ['void']]],
+    'IFEOKey' : [ 0x24, ['pointer', ['void']]],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['pointer', ['void']]],
+    'UserSharedInfoPtr' : [ 0x2c, ['pointer', ['void']]],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['pointer', ['void']]],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['pointer', ['void']]],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['pointer', ['void']]],
+    'SparePvoid0' : [ 0x50, ['pointer', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x54, ['pointer', ['pointer', ['void']]]],
+    'AnsiCodePageData' : [ 0x58, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x5c, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x60, ['pointer', ['void']]],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['pointer', ['pointer', ['void']]]],
+    'GdiSharedHandleTable' : [ 0x94, ['pointer', ['void']]],
+    'ProcessStarterHelper' : [ 0x98, ['pointer', ['void']]],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['pointer', ['void']]],
+    'TlsExpansionBitmap' : [ 0x150, ['pointer', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['pointer', ['void']]],
+    'AppCompatInfo' : [ 0x1ec, ['pointer', ['void']]],
+    'CSDVersion' : [ 0x1f0, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x1f8, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x200, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x204, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['pointer', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x210, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x218, ['pointer', ['void']]],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['pointer', ['void']]],
+    'WerShipAssertPtr' : [ 0x234, ['pointer', ['void']]],
+    'pUnused' : [ 0x238, ['pointer', ['void']]],
+    'pImageHeaderHash' : [ 0x23c, ['pointer', ['void']]],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['pointer', ['void']]]],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x54, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x8, ['pointer', ['void']]],
+    'ProcessObject' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x10, ['pointer', ['void']]],
+    'RealtimeConnectContext' : [ 0x14, ['pointer', ['void']]],
+    'DisconnectEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x1c, ['pointer', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x20, ['pointer', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x24, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x28, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x2c, ['unsigned long']],
+    'LoggerId' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned char']],
+    'ShutDownRequested' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x34, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x40, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x44, ['unsigned long']],
+    'UserPagesReused' : [ 0x48, ['unsigned long']],
+    'EventsLostCount' : [ 0x4c, ['pointer', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x50, ['pointer', ['unsigned long']]],
+} ],
+  '__unnamed_1f0b' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_1f10' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1f12' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_1f0b']],
+    'Bits' : [ 0x0, ['__unnamed_1f10']],
+} ],
+  '_KGDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_1f12']],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x4, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x4, ['unsigned long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'RunningDeAllocs' : [ 0x44, ['long']],
+    'TotalBigPages' : [ 0x48, ['long']],
+    'ThreadsProcessingDeferrals' : [ 0x4c, ['long']],
+    'TotalBytes' : [ 0x50, ['unsigned long']],
+    'PoolIndex' : [ 0x80, ['unsigned long']],
+    'TotalPages' : [ 0xc0, ['long']],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'PendingFreeDepth' : [ 0x104, ['long']],
+    'ListHeads' : [ 0x140, ['array', 512, ['_LIST_ENTRY']]],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0xc, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x28, {
+    'DriverObject' : [ 0x0, ['pointer', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x4, ['pointer', ['void']]],
+    'Count' : [ 0x8, ['unsigned long']],
+    'ServiceKeyName' : [ 0xc, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x14, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x18, ['pointer', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x1c, ['pointer', ['void']]],
+    'DvCallbacks' : [ 0x20, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x44, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['long']],
+    'Dpc' : [ 0x10, ['_KDPC']],
+    'WorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x2c, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x8, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x14, ['pointer', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x18, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x18, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0xb0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0xc, ['pointer', ['void']]],
+    'MessageServiceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'MessageIndex' : [ 0x14, ['unsigned long']],
+    'ServiceContext' : [ 0x18, ['pointer', ['void']]],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'TickCount' : [ 0x20, ['unsigned long']],
+    'ActualLock' : [ 0x24, ['pointer', ['unsigned long']]],
+    'DispatchAddress' : [ 0x28, ['pointer', ['void']]],
+    'Vector' : [ 0x2c, ['unsigned long']],
+    'Irql' : [ 0x30, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x31, ['unsigned char']],
+    'FloatingSave' : [ 0x32, ['unsigned char']],
+    'Connected' : [ 0x33, ['unsigned char']],
+    'Number' : [ 0x34, ['unsigned long']],
+    'ShareVector' : [ 0x38, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x39, ['unsigned char']],
+    'ActiveCount' : [ 0x3a, ['unsigned short']],
+    'InternalState' : [ 0x3c, ['long']],
+    'Mode' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x48, ['unsigned long']],
+    'DispatchCount' : [ 0x4c, ['unsigned long']],
+    'PassiveEvent' : [ 0x50, ['pointer', ['_KEVENT']]],
+    'DisconnectData' : [ 0x54, ['pointer', ['void']]],
+    'ServiceThread' : [ 0x58, ['pointer', ['_KTHREAD']]],
+    'ConnectionData' : [ 0x5c, ['pointer', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0x60, ['pointer', ['void']]],
+    'IsrDpcStats' : [ 0x68, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xa8, ['pointer', ['void']]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x18, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x4, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0xc, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x60, {
+    'FileName' : [ 0x0, ['pointer', ['unsigned short']]],
+    'BaseName' : [ 0x4, ['pointer', ['unsigned short']]],
+    'RegRootName' : [ 0x8, ['pointer', ['unsigned short']]],
+    'CmHive' : [ 0xc, ['pointer', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x10, ['unsigned long']],
+    'CmHiveFlags' : [ 0x14, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x18, ['unsigned long']],
+    'CmHive2' : [ 0x1c, ['pointer', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x20, ['unsigned char']],
+    'ThreadFinished' : [ 0x21, ['unsigned char']],
+    'ThreadStarted' : [ 0x22, ['unsigned char']],
+    'Allocate' : [ 0x23, ['unsigned char']],
+    'WinPERequired' : [ 0x24, ['unsigned char']],
+    'StartEvent' : [ 0x28, ['_KEVENT']],
+    'FinishedEvent' : [ 0x38, ['_KEVENT']],
+    'MountLock' : [ 0x48, ['_KEVENT']],
+    'FilePath' : [ 0x58, ['_UNICODE_STRING']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x1000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer', ['_HMAP_TABLE']]]],
+} ],
+  '_CONTEXT' : [ 0x2cc, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+    'Dr0' : [ 0x4, ['unsigned long']],
+    'Dr1' : [ 0x8, ['unsigned long']],
+    'Dr2' : [ 0xc, ['unsigned long']],
+    'Dr3' : [ 0x10, ['unsigned long']],
+    'Dr6' : [ 0x14, ['unsigned long']],
+    'Dr7' : [ 0x18, ['unsigned long']],
+    'FloatSave' : [ 0x1c, ['_FLOATING_SAVE_AREA']],
+    'SegGs' : [ 0x8c, ['unsigned long']],
+    'SegFs' : [ 0x90, ['unsigned long']],
+    'SegEs' : [ 0x94, ['unsigned long']],
+    'SegDs' : [ 0x98, ['unsigned long']],
+    'Edi' : [ 0x9c, ['unsigned long']],
+    'Esi' : [ 0xa0, ['unsigned long']],
+    'Ebx' : [ 0xa4, ['unsigned long']],
+    'Edx' : [ 0xa8, ['unsigned long']],
+    'Ecx' : [ 0xac, ['unsigned long']],
+    'Eax' : [ 0xb0, ['unsigned long']],
+    'Ebp' : [ 0xb4, ['unsigned long']],
+    'Eip' : [ 0xb8, ['unsigned long']],
+    'SegCs' : [ 0xbc, ['unsigned long']],
+    'EFlags' : [ 0xc0, ['unsigned long']],
+    'Esp' : [ 0xc4, ['unsigned long']],
+    'SegSs' : [ 0xc8, ['unsigned long']],
+    'ExtendedRegisters' : [ 0xcc, ['array', 512, ['unsigned char']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x10, {
+    'Handles' : [ 0x0, ['pointer', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1f74' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: 'WheaErrSrcStateStopped', 2: 'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_1f74']],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x8, {
+    'Port' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x1b8, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Node' : [ 0x19c, ['pointer', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x1a0, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x1a4, ['unsigned long']],
+    'ThreadCount' : [ 0x1a8, ['long']],
+    'MinThreads' : [ 0x1ac, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x1ac, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x1b0, ['long']],
+    'QueueIndex' : [ 0x1b4, ['Enumeration', dict(target = 'long', choices = {0: 'ExPoolUntrusted', 1: 'ExPoolTrusted', 8: 'ExPoolMax'})]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x100, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 62, ['pointer', ['void']]]],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'CallingAddress' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long']],
+    'Tag' : [ 0xc, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x50, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x20, ['_KTIMER']],
+    'ScanActive' : [ 0x48, ['unsigned char']],
+    'OtherWork' : [ 0x49, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x4a, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x4b, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x4c, ['unsigned char']],
+    'PendingPowerScan' : [ 0x4d, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x4e, ['unsigned char']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x44, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer', ['unsigned char']]],
+    'DataPortMapped' : [ 0xc, ['unsigned char']],
+    'AddressPort' : [ 0x10, ['pointer', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x14, ['unsigned char']],
+    'CommandPort' : [ 0x18, ['pointer', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x1c, ['unsigned char']],
+    'NextSlotNumber' : [ 0x20, ['unsigned long']],
+    'DeviceList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x2c, ['pointer', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x30, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x38, ['unsigned long']],
+    'SystemPowerState' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'Width8Bits', 1: 'Width16Bits', 2: 'Width32Bits', 3: 'Width64Bits', 4: 'WidthNoWrap', 5: 'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'Compatible', 1: 'TypeA', 2: 'TypeB', 3: 'TypeC', 4: 'TypeF', 5: 'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x8, {
+    'Sid' : [ 0x0, ['pointer', ['void']]],
+    'Attributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_IO_WORKITEM' : [ 0x34, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x10, ['pointer', ['void']]],
+    'IoObject' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'WorkingOnBehalfClient' : [ 0x1c, ['pointer', ['void']]],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ActivityId' : [ 0x24, ['_GUID']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MMWSLE_HASH' : [ 0x4, {
+    'Index' : [ 0x0, ['unsigned long']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x50, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x28, ['_KDPC']],
+    'WorkOrder' : [ 0x48, ['pointer', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x24, {
+    'Next' : [ 0x0, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'SecureInfo' : [ 0x8, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'InPageSupport' : [ 0x8, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x8, ['pointer', ['_MI_LARGEPAGE_MEMORY_INFO']]],
+    'CreatingThread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'PebTeb' : [ 0x8, ['_MI_SUB64K_FREE_RANGES']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x18, {
+    'AllocAddress' : [ 0x0, ['unsigned long']],
+    'AllocTag' : [ 0x4, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x8, ['unsigned long']],
+    'ReAllocTag' : [ 0xc, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x10, ['unsigned long']],
+    'FreeTag' : [ 0x14, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0xc, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x8, ['pointer', ['void']]],
+    'CallersCaller' : [ 0xc, ['pointer', ['void']]],
+    'CallCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Luid' : [ 0x10, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x18, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x20, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MIPFNBLINK' : [ 0x4, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 28, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x0, ['long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x8, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'Flags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0x6, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'OldIrql' : [ 0x4, ['unsigned char']],
+    'NewIrql' : [ 0x5, ['unsigned char']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'TickCount' : [ 0x8, ['unsigned long']],
+    'StackTrace' : [ 0xc, ['array', 5, ['pointer', ['void']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0xc, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long']],
+    'NumberOfProcessReferences' : [ 0x4, ['unsigned long']],
+    'ClonePtes' : [ 0x8, ['pointer', ['_MMCLONE_BLOCK']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'LowboxMap' : [ 0xc, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_PEB_LDR_DATA' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer', ['void']]],
+    'InLoadOrderModuleList' : [ 0xc, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x14, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x24, ['pointer', ['void']]],
+    'ShutdownInProgress' : [ 0x28, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x88, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x8, ['unsigned long']],
+    'ArgumentStatus' : [ 0xc, ['long']],
+    'CallerEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'Callback' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'VetoType' : [ 0x1c, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x20, ['pointer', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x24, ['unsigned long']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'Cancel' : [ 0x2c, ['unsigned char']],
+    'Parent' : [ 0x30, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x34, ['_GUID']],
+    'Data' : [ 0x44, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PS_WAKE_INFORMATION' : [ 0x38, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 5, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x30, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x8, ['pointer', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x14, ['pointer', ['_ETHREAD']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'AtomicLinks' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x4, {
+    'Head' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0x780, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer', ['_MMPFNLIST']]]],
+    'FreePageSlist' : [ 0x8, ['array', 2, ['pointer', ['_SLIST_HEADER']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x1c0, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x200, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x340, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x480, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x4c0, ['_MMPFNLIST']],
+    'PageLocationList' : [ 0x4d4, ['array', 8, ['pointer', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x4f4, ['array', 8, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x514, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x614, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x624, ['unsigned long']],
+    'LastDecayHandUpdateTime' : [ 0x628, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x630, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0x680, ['unsigned long']],
+    'AvailablePageWaitStates' : [ 0x684, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'LowMemoryThreshold' : [ 0x6c0, ['unsigned long']],
+    'HighMemoryThreshold' : [ 0x6c4, ['unsigned long']],
+    'TransitionPrivatePages' : [ 0x700, ['unsigned long']],
+    'StandbyListDiscard' : [ 0x704, ['unsigned long']],
+    'FreeListDiscard' : [ 0x708, ['unsigned char']],
+    'RebuildLargePagesInitialized' : [ 0x709, ['unsigned char']],
+    'RebuildLargePagesItem' : [ 0x70c, ['_MI_REBUILD_LARGE_PAGES']],
+    'AddMemoryNotifyList' : [ 0x740, ['_LIST_ENTRY']],
+    'MirrorListLocks' : [ 0x748, ['pointer', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0xa0, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Delete' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'DelayedDeref' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DelayedClose' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Parking' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyHash' : [ 0xc, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0xc, ['unsigned long']],
+    'NextHash' : [ 0x10, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x14, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+    'KcbPushlock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x20, ['pointer', ['_KTHREAD']]],
+    'SharedCount' : [ 0x20, ['long']],
+    'SlotHint' : [ 0x24, ['unsigned long']],
+    'ParentKcb' : [ 0x28, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x2c, ['pointer', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x34, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x3c, ['pointer', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x3c, ['unsigned long']],
+    'SubKeyCount' : [ 0x3c, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x48, ['array', 4, ['pointer', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0x60, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0x62, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0x64, ['unsigned long']],
+    'KcbUserFlags' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KCBUoWListHead' : [ 0x6c, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0x74, ['_LIST_ENTRY']],
+    'Stolen' : [ 0x74, ['pointer', ['unsigned char']]],
+    'TransKCBOwner' : [ 0x7c, ['pointer', ['_CM_TRANS']]],
+    'KCBLock' : [ 0x80, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x88, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x90, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x98, ['pointer', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x9c, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_KLOCK_ENTRY' : [ 0x30, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0xc, ['unsigned long']],
+    'EntryOffset' : [ 0xc, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0xd, ['unsigned char']],
+    'WaitingBit' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0xe, ['unsigned char']],
+    'AcquiredBit' : [ 0xe, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0xf, ['unsigned char']],
+    'HeadNodeBit' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x10, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x10, ['pointer', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x10, ['unsigned char']],
+    'Reserved' : [ 0x11, ['array', 2, ['unsigned char']]],
+    'InTreeByte' : [ 0x13, ['unsigned char']],
+    'SessionState' : [ 0x14, ['pointer', ['void']]],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'OwnerTree' : [ 0x18, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x20, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x18, ['unsigned char']],
+    'EntryLock' : [ 0x28, ['unsigned long']],
+    'AllBoosts' : [ 0x2c, ['unsigned short']],
+    'IoBoost' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'CpuBoostsBitmap' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2e, ['unsigned short']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2041' : [ 0x8, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x8, ['__unnamed_2041']],
+    'Irp' : [ 0x10, ['pointer', ['_IRP']]],
+    'u1' : [ 0x14, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x18, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x1c, ['_KAPC']],
+    'ByteCount' : [ 0x4c, ['unsigned long']],
+    'ChargedPages' : [ 0x50, ['unsigned long']],
+    'PagingFile' : [ 0x54, ['pointer', ['_MMPAGING_FILE']]],
+    'File' : [ 0x58, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x5c, ['pointer', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x60, ['pointer', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'Partition' : [ 0x78, ['pointer', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0x7c, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x80, ['_MDL']],
+    'Page' : [ 0x9c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long']],
+    'TotalCommitLimitMaximum' : [ 0x4, ['unsigned long']],
+    'Popups' : [ 0x8, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x10, ['unsigned long']],
+    'HighCommitThreshold' : [ 0x14, ['unsigned long']],
+    'EventLock' : [ 0x18, ['unsigned long']],
+    'SystemCommitReserve' : [ 0x1c, ['unsigned long']],
+    'OverCommit' : [ 0x40, ['unsigned long']],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x1c, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['unsigned long']],
+    'NonPagedFrees' : [ 0x8, ['unsigned long']],
+    'NonPagedBytes' : [ 0xc, ['unsigned long']],
+    'PagedAllocs' : [ 0x10, ['unsigned long']],
+    'PagedFrees' : [ 0x14, ['unsigned long']],
+    'PagedBytes' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer', ['void']]],
+    'Pointer1' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x50, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'CycleTime' : [ 0x10, ['unsigned long long']],
+    'ContextSwitches' : [ 0x18, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x20, ['long long']],
+    'WriteOperationCount' : [ 0x28, ['long long']],
+    'OtherOperationCount' : [ 0x30, ['long long']],
+    'ReadTransferCount' : [ 0x38, ['long long']],
+    'WriteTransferCount' : [ 0x40, ['long long']],
+    'OtherTransferCount' : [ 0x48, ['long long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x180, {
+    'IdleStates' : [ 0x0, ['pointer', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x4, ['pointer', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x20, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x28, ['unsigned char']],
+    'PepWokenTransition' : [ 0x29, ['unsigned char']],
+    'Class' : [ 0x2a, ['unsigned char']],
+    'TargetIdleState' : [ 0x2c, ['unsigned long']],
+    'IdlePolicy' : [ 0x30, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x38, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x40, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower', 3: 'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xcc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xd0, ['unsigned long']],
+    'WmiInterfaceEnabled' : [ 0xd4, ['long']],
+    'FFHThrottleStateInfo' : [ 0xd8, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0xf8, ['_KDPC']],
+    'PerfActionMask' : [ 0x118, ['long']],
+    'HvIdleCheck' : [ 0x120, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x130, ['pointer', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x134, ['pointer', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x138, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x13c, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x140, ['pointer', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x144, ['pointer', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x148, ['unsigned char']],
+    'HvTargetState' : [ 0x149, ['unsigned char']],
+    'Parked' : [ 0x14a, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x14c, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x150, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x154, ['unsigned long']],
+    'RelativePerformance' : [ 0x158, ['unsigned long']],
+    'Utility' : [ 0x15c, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x160, ['unsigned long']],
+    'SnapTimeLast' : [ 0x168, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x168, ['unsigned long long']],
+    'ActiveTime' : [ 0x170, ['unsigned long long']],
+    'TotalTime' : [ 0x178, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMPFNENTRY' : [ 0x2, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Priority' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0x40, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x20, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x14, {
+    'CompletionRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'RequestorMode' : [ 0xc, ['unsigned char']],
+    'NestingLevel' : [ 0x10, ['unsigned long']],
+} ],
+  '_KTSS' : [ 0x20ac, {
+    'Backlink' : [ 0x0, ['unsigned short']],
+    'Reserved0' : [ 0x2, ['unsigned short']],
+    'Esp0' : [ 0x4, ['unsigned long']],
+    'Ss0' : [ 0x8, ['unsigned short']],
+    'Reserved1' : [ 0xa, ['unsigned short']],
+    'NotUsed1' : [ 0xc, ['array', 4, ['unsigned long']]],
+    'CR3' : [ 0x1c, ['unsigned long']],
+    'Eip' : [ 0x20, ['unsigned long']],
+    'EFlags' : [ 0x24, ['unsigned long']],
+    'Eax' : [ 0x28, ['unsigned long']],
+    'Ecx' : [ 0x2c, ['unsigned long']],
+    'Edx' : [ 0x30, ['unsigned long']],
+    'Ebx' : [ 0x34, ['unsigned long']],
+    'Esp' : [ 0x38, ['unsigned long']],
+    'Ebp' : [ 0x3c, ['unsigned long']],
+    'Esi' : [ 0x40, ['unsigned long']],
+    'Edi' : [ 0x44, ['unsigned long']],
+    'Es' : [ 0x48, ['unsigned short']],
+    'Reserved2' : [ 0x4a, ['unsigned short']],
+    'Cs' : [ 0x4c, ['unsigned short']],
+    'Reserved3' : [ 0x4e, ['unsigned short']],
+    'Ss' : [ 0x50, ['unsigned short']],
+    'Reserved4' : [ 0x52, ['unsigned short']],
+    'Ds' : [ 0x54, ['unsigned short']],
+    'Reserved5' : [ 0x56, ['unsigned short']],
+    'Fs' : [ 0x58, ['unsigned short']],
+    'Reserved6' : [ 0x5a, ['unsigned short']],
+    'Gs' : [ 0x5c, ['unsigned short']],
+    'Reserved7' : [ 0x5e, ['unsigned short']],
+    'LDT' : [ 0x60, ['unsigned short']],
+    'Reserved8' : [ 0x62, ['unsigned short']],
+    'Flags' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+    'IoMaps' : [ 0x68, ['array', 1, ['_KiIoAccessMap']]],
+    'IntDirectionMap' : [ 0x208c, ['array', 32, ['unsigned char']]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_CMHIVE' : [ 0xf20, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x6f0, ['array', 6, ['pointer', ['void']]]],
+    'NotifyList' : [ 0x708, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x710, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x718, ['_LIST_ENTRY']],
+    'FailedUnloadList' : [ 0x720, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x728, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0x72c, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0x734, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x738, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x73c, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x740, ['unsigned long']],
+    'Identity' : [ 0x744, ['unsigned long']],
+    'HiveLock' : [ 0x748, ['pointer', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0x74c, ['pointer', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0x750, ['pointer', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0x754, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x75c, ['unsigned long']],
+    'FlushLogEntry' : [ 0x760, ['pointer', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0x764, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x768, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x76c, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x770, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x778, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x77c, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x780, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x784, ['pointer', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x788, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0x78c, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0x790, ['unsigned long']],
+    'ActualFileSize' : [ 0x798, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x7a0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x7b0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x7b8, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x7c0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x7c8, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x7cc, ['unsigned long']],
+    'SecurityHitHint' : [ 0x7d0, ['long']],
+    'SecurityCache' : [ 0x7d4, ['pointer', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x7d8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0x9d8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x9dc, ['pointer', ['pointer', ['_KEVENT']]]],
+    'RootKcb' : [ 0x9e0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x9e4, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x9e8, ['pointer', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x9ec, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0xa00, ['unsigned char']],
+    'GrowOffset' : [ 0xa04, ['unsigned long']],
+    'KcbConvertListHead' : [ 0xa08, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0xa10, ['pointer', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0xa14, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0xc9c, ['unsigned long']],
+    'TrustClassEntry' : [ 0xca0, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0xca8, ['unsigned long long']],
+    'UnreconciledTime' : [ 0xcb0, ['unsigned long long']],
+    'CmRm' : [ 0xcb8, ['pointer', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0xcbc, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0xcc0, ['long']],
+    'CreatorOwner' : [ 0xcc4, ['pointer', ['_KTHREAD']]],
+    'RundownThread' : [ 0xcc8, ['pointer', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0xcd0, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0xcd8, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0xce4, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0xcf0, ['unsigned long']],
+    'FlushActive' : [ 0xcf0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0xcf0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0xcf0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0xcf0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0xcf4, ['unsigned long']],
+    'ReferenceCount' : [ 0xcf8, ['long']],
+    'UnloadHistoryIndex' : [ 0xcfc, ['long']],
+    'UnloadHistory' : [ 0xd00, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0xf00, ['unsigned long']],
+    'UnaccessedStart' : [ 0xf04, ['unsigned long']],
+    'UnaccessedEnd' : [ 0xf08, ['unsigned long']],
+    'LoadedKeyCount' : [ 0xf0c, ['unsigned long']],
+    'HandleClosePending' : [ 0xf10, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0xf14, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0xf18, ['unsigned char']],
+    'FailedUnload' : [ 0xf19, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_KIDTENTRY' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'Access' : [ 0x4, ['unsigned short']],
+    'ExtendedOffset' : [ 0x6, ['unsigned short']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x28, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long']],
+    'DirtyPageThresholdTop' : [ 0x4, ['unsigned long']],
+    'DirtyPageThresholdBottom' : [ 0x8, ['unsigned long']],
+    'DirtyPageTarget' : [ 0xc, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x10, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x18, ['unsigned long long']],
+    'AvailableHistory' : [ 0x20, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x10, ['pointer', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x14, ['pointer', ['void']]],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0xc, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x4, ['pointer', ['void']]],
+    'DataLength' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'HitCount' : [ 0x10, ['unsigned long long']],
+    'LastActivationTime' : [ 0x18, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x20, ['unsigned long long']],
+    'CsActivationTime' : [ 0x28, ['unsigned long long']],
+    'CsActiveTime' : [ 0x30, ['unsigned long long']],
+} ],
+  '_IMAGE_OPTIONAL_HEADER' : [ 0xe0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'ImageBase' : [ 0x1c, ['unsigned long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long']],
+    'SizeOfStackCommit' : [ 0x4c, ['unsigned long']],
+    'SizeOfHeapReserve' : [ 0x50, ['unsigned long']],
+    'SizeOfHeapCommit' : [ 0x54, ['unsigned long']],
+    'LoaderFlags' : [ 0x58, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x5c, ['unsigned long']],
+    'DataDirectory' : [ 0x60, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'ActiveCount' : [ 0x8, ['unsigned long']],
+    'PendingNullCount' : [ 0xc, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x10, ['unsigned long']],
+    'PendingDelete' : [ 0x14, ['unsigned long']],
+    'FreeListHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x1c, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x20, ['pointer', ['void']]],
+    'Entry' : [ 0x24, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_TERMINATION_PORT' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderZero', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderVsmMemory', 30: 'LoaderFirmwareCode', 31: 'LoaderFirmwareData', 32: 'LoaderFirmwareReserved', 33: 'LoaderEnclaveMemory', 34: 'LoaderMaximum'})]],
+    'BasePage' : [ 0xc, ['unsigned long']],
+    'PageCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x8, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x4, ['pointer', ['pointer', ['_CM_KCB_UOW']]]],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x408, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x4c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['unsigned long']],
+    'SamplingPeriod' : [ 0x10, ['unsigned long']],
+    'CurrentTemperature' : [ 0x14, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x14, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'HashTable' : [ 0xc, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x10, ['unsigned char']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0x8c, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long']],
+    'NonPagedBytes' : [ 0x54, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x5c, ['unsigned long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x60, ['unsigned long']],
+    'SessionTrims' : [ 0x64, ['unsigned long']],
+    'OptionChanges' : [ 0x68, ['unsigned long']],
+    'VerifyMode' : [ 0x6c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x70, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x78, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x7c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x80, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x84, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x88, ['unsigned long']],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x80, {
+    'DriverInit' : [ 0x0, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x4, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x8, ['pointer', ['void']]],
+    'AddDevice' : [ 0xc, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x10, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0xc, {
+    'ActiveThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'WaitList' : [ 0x4, ['pointer', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x8, ['unsigned long']],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x24, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x8, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0xc, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x4, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_OWNER_ENTRY' : [ 0x8, {
+    'OwnerThread' : [ 0x0, ['unsigned long']],
+    'IoPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0xb8, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'TimerApc' : [ 0x2c, ['_KAPC']],
+    'TimerDpc' : [ 0x5c, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0x7c, ['_LIST_ENTRY']],
+    'Period' : [ 0x84, ['unsigned long']],
+    'TimerFlags' : [ 0x88, ['unsigned char']],
+    'ApcAssociated' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0x88, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0x88, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0x89, ['unsigned char']],
+    'Spare2' : [ 0x8a, ['unsigned short']],
+    'WakeReason' : [ 0x8c, ['pointer', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x98, ['pointer', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x9c, ['_LIST_ENTRY']],
+    'DueTime' : [ 0xa8, ['unsigned long long']],
+    'CoalescingWindow' : [ 0xb0, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0xc, {
+    'ChainLink' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x4c, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0xc, ['pointer', ['_MDL']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'StackTrace' : [ 0x24, ['array', 8, ['pointer', ['void']]]],
+    'Who' : [ 0x44, ['unsigned long']],
+    'Process' : [ 0x48, ['pointer', ['_EPROCESS']]],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_EXHANDLE' : [ 0x4, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2119' : [ 0x4, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2119']],
+    'EndVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x288, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0xa8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x4, ['pointer', ['_KEVENT']]],
+    'Name' : [ 0x8, ['pointer', ['unsigned short']]],
+    'OrderingName' : [ 0xc, ['pointer', ['unsigned short']]],
+    'ResourceType' : [ 0x10, ['long']],
+    'Allocation' : [ 0x14, ['pointer', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x18, ['pointer', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x1c, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x24, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x2c, ['long']],
+    'Interface' : [ 0x30, ['pointer', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x34, ['unsigned long']],
+    'AllocationStack' : [ 0x38, ['pointer', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x3c, ['pointer', ['void']]],
+    'PackResource' : [ 0x40, ['pointer', ['void']]],
+    'UnpackResource' : [ 0x44, ['pointer', ['void']]],
+    'ScoreRequirement' : [ 0x48, ['pointer', ['void']]],
+    'TestAllocation' : [ 0x4c, ['pointer', ['void']]],
+    'RetestAllocation' : [ 0x50, ['pointer', ['void']]],
+    'CommitAllocation' : [ 0x54, ['pointer', ['void']]],
+    'RollbackAllocation' : [ 0x58, ['pointer', ['void']]],
+    'BootAllocation' : [ 0x5c, ['pointer', ['void']]],
+    'QueryArbitrate' : [ 0x60, ['pointer', ['void']]],
+    'QueryConflict' : [ 0x64, ['pointer', ['void']]],
+    'AddReserved' : [ 0x68, ['pointer', ['void']]],
+    'StartArbiter' : [ 0x6c, ['pointer', ['void']]],
+    'PreprocessEntry' : [ 0x70, ['pointer', ['void']]],
+    'AllocateEntry' : [ 0x74, ['pointer', ['void']]],
+    'GetNextAllocationRange' : [ 0x78, ['pointer', ['void']]],
+    'FindSuitableRange' : [ 0x7c, ['pointer', ['void']]],
+    'AddAllocation' : [ 0x80, ['pointer', ['void']]],
+    'BacktrackAllocation' : [ 0x84, ['pointer', ['void']]],
+    'OverrideConflict' : [ 0x88, ['pointer', ['void']]],
+    'InitializeRangeList' : [ 0x8c, ['pointer', ['void']]],
+    'TransactionInProgress' : [ 0x90, ['unsigned char']],
+    'TransactionEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'Extension' : [ 0x98, ['pointer', ['void']]],
+    'BusDeviceObject' : [ 0x9c, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0xa0, ['pointer', ['void']]],
+    'ConflictCallback' : [ 0xa4, ['pointer', ['void']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x3cc0, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x500, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x640, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x6ac, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x16e8, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x1758, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1800, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x2cc0, ['_MI_COMBINE_STATE']],
+    'Partitions' : [ 0x2cd8, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x2d10, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x2d58, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x2e00, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x2e80, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x2f40, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x2fc0, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x3140, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x3178, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x31b0, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x3200, ['_MI_SYSTEM_TRIM_STATE']],
+    'ResTrack' : [ 0x3240, ['_MI_RESAVAIL_TRACKER']],
+    'Cookie' : [ 0x3440, ['unsigned long']],
+    'ZeroingDisabled' : [ 0x3444, ['long']],
+    'BootRegistryRuns' : [ 0x3448, ['pointer', ['pointer', ['void']]]],
+    'FullyInitialized' : [ 0x344c, ['unsigned char']],
+    'SafeBooted' : [ 0x344d, ['unsigned char']],
+    'LargePfnBitMap' : [ 0x3450, ['_RTL_BITMAP']],
+    'PfnBitMap' : [ 0x3458, ['_RTL_BITMAP']],
+    'TraceLogging' : [ 0x3460, ['pointer', ['_TlgProvider_t']]],
+    'Vs' : [ 0x3480, ['_MI_VISIBLE_STATE']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x10, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x8, ['unsigned long']],
+    'Inserted' : [ 0xc, ['unsigned char']],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0xc, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x4, ['_PPM_SELECTION_MENU']],
+} ],
+  '__unnamed_2193' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2195' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2193']],
+} ],
+  '__unnamed_2197' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_2195']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2197']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0x840, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x48, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x50, ['pointer', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x54, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x70, ['unsigned long']],
+    'SizeOfPagedPoolInPages' : [ 0x74, ['unsigned long']],
+    'SystemPteInfo' : [ 0x78, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0xac, ['unsigned long']],
+    'BootCommit' : [ 0xb0, ['unsigned long']],
+    'MdlPagesAllocated' : [ 0xb4, ['unsigned long']],
+    'SystemPageTableCommit' : [ 0xb8, ['unsigned long']],
+    'SpecialPagesInUse' : [ 0xbc, ['unsigned long']],
+    'WsOverheadPages' : [ 0xc0, ['unsigned long']],
+    'VadBitmapPages' : [ 0xc4, ['unsigned long']],
+    'ProcessCommit' : [ 0xc8, ['unsigned long']],
+    'SharedCommit' : [ 0xcc, ['unsigned long']],
+    'DriverCommit' : [ 0xd0, ['long']],
+    'SystemWs' : [ 0x100, ['array', 3, ['_MMSUPPORT']]],
+    'MapCacheFailures' : [ 0x280, ['unsigned long']],
+    'PagefileHashPages' : [ 0x284, ['unsigned long']],
+    'PteHeader' : [ 0x288, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x314, ['pointer', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x318, ['array', 15, ['unsigned long']]],
+    'SystemVaType' : [ 0x354, ['array', 1024, ['unsigned char']]],
+    'SystemVaTypeCountFailures' : [ 0x754, ['array', 15, ['unsigned long']]],
+    'SystemVaTypeCountLimit' : [ 0x790, ['array', 15, ['unsigned long']]],
+    'SystemVaTypeCountPeak' : [ 0x7cc, ['array', 15, ['unsigned long']]],
+    'SystemAvailableVa' : [ 0x808, ['unsigned long']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_HMAP_TABLE' : [ 0x2800, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '_SEP_LOWBOX_HANDLES_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'HandleCount' : [ 0x14, ['unsigned long']],
+    'Handles' : [ 0x18, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x50, {
+    'Prcb' : [ 0x0, ['pointer', ['_KPRCB']]],
+    'PerfContext' : [ 0x4, ['unsigned long']],
+    'ProcCap' : [ 0x8, ['unsigned long']],
+    'ProcFloor' : [ 0xc, ['unsigned long']],
+    'PlatformCap' : [ 0x10, ['unsigned long']],
+    'ThermalCap' : [ 0x14, ['unsigned long']],
+    'LimitReasons' : [ 0x18, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x20, ['unsigned long long']],
+    'TargetPercent' : [ 0x28, ['unsigned long']],
+    'SelectedPercent' : [ 0x2c, ['unsigned long']],
+    'SelectedFrequency' : [ 0x30, ['unsigned long']],
+    'PreviousFrequency' : [ 0x34, ['unsigned long']],
+    'PreviousPercent' : [ 0x38, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x3c, ['unsigned long']],
+    'SelectedState' : [ 0x40, ['unsigned long long']],
+    'Force' : [ 0x48, ['unsigned char']],
+} ],
+  '__unnamed_21b4' : [ 0x10, {
+    'CallerCompletion' : [ 0x0, ['pointer', ['void']]],
+    'CallerContext' : [ 0x4, ['pointer', ['void']]],
+    'CallerDevice' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0xc, ['unsigned char']],
+} ],
+  '__unnamed_21b7' : [ 0x8, {
+    'NotifyDevice' : [ 0x0, ['pointer', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x4, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x18, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x20, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'MinorFunction' : [ 0x68, ['unsigned char']],
+    'PowerStateType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'PowerState' : [ 0x70, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0x74, ['unsigned char']],
+    'FxDevice' : [ 0x78, ['pointer', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0x7c, ['unsigned char']],
+    'NotifyPEP' : [ 0x7d, ['unsigned char']],
+    'Device' : [ 0x80, ['__unnamed_21b4']],
+    'System' : [ 0x80, ['__unnamed_21b7']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xa8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'ProbeRaises' : [ 0x28, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x68, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x70, ['array', 2, ['unsigned long']]],
+    'WsLinear' : [ 0x78, ['unsigned long']],
+    'PageHashErrors' : [ 0x7c, ['unsigned long']],
+    'CheckZeroCount' : [ 0x80, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x84, ['long']],
+    'BadPagesDetected' : [ 0x88, ['long']],
+    'ScrubPasses' : [ 0x8c, ['long']],
+    'ScrubBadPagesFound' : [ 0x90, ['long']],
+    'UserViewFailures' : [ 0x94, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0x98, ['unsigned long']],
+    'ResavailFailures' : [ 0x9c, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xa4, ['unsigned char']],
+    'InitFailure' : [ 0xa5, ['unsigned char']],
+    'StopBadMaps' : [ 0xa6, ['unsigned char']],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_MI_USER_VA_INFO' : [ 0xd48, {
+    'NumberOfCommittedPageTables' : [ 0x0, ['unsigned long']],
+    'HighestTopDownAllocationAddress' : [ 0x4, ['pointer', ['void']]],
+    'VadCell' : [ 0x8, ['array', 2, ['_MI_VAD_ALLOCATION_CELL']]],
+    'VadBitMapCommitment' : [ 0x40, ['unsigned long']],
+    'MaximumLastVadBit' : [ 0x44, ['unsigned long']],
+    'VadsBeingDeleted' : [ 0x48, ['long']],
+    'NumberOfDebugEnclaves' : [ 0x4c, ['long']],
+    'PhysicalMappingCount' : [ 0x50, ['unsigned long']],
+    'LastVadDeletionEvent' : [ 0x54, ['pointer', ['_KEVENT']]],
+    'SubVadRanges' : [ 0x58, ['array', 1, ['_LIST_ENTRY']]],
+    'NumaAware' : [ 0x60, ['unsigned char']],
+    'CloneNestingLevel' : [ 0x68, ['unsigned long long']],
+    'PrivateFixupVadCount' : [ 0x70, ['unsigned long']],
+    'CfgBitMap' : [ 0x74, ['array', 1, ['_MI_CFG_BITMAP_INFO']]],
+    'CommittedPageTableBufferForTopLevel' : [ 0x80, ['array', 48, ['unsigned long']]],
+    'CommittedPageTableBitmaps' : [ 0x140, ['array', 1, ['_RTL_BITMAP']]],
+    'UsedPageTableEntries' : [ 0x148, ['array', 1536, ['unsigned short']]],
+} ],
+  '_PROC_FEEDBACK' : [ 0x88, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x20, ['unsigned long long']],
+    'UnscaledTime' : [ 0x28, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x30, ['long long']],
+    'ScaledTime' : [ 0x38, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x48, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x50, ['unsigned long long']],
+    'UserTimeLast' : [ 0x58, ['unsigned long']],
+    'KernelTimeLast' : [ 0x5c, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x60, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x68, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x80, ['unsigned char']],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x20, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0xc, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_21d7' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_21db' : [ 0x14, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_21dd' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_21df' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_21e1' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_21e3' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_21e5' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_21e7' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_21e9' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_21eb' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_21ed' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_21ef' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_21d7']],
+    'Memory' : [ 0x0, ['__unnamed_21d7']],
+    'Interrupt' : [ 0x0, ['__unnamed_21db']],
+    'Dma' : [ 0x0, ['__unnamed_21dd']],
+    'DmaV3' : [ 0x0, ['__unnamed_21df']],
+    'Generic' : [ 0x0, ['__unnamed_21d7']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_21e1']],
+    'BusNumber' : [ 0x0, ['__unnamed_21e3']],
+    'ConfigData' : [ 0x0, ['__unnamed_21e5']],
+    'Memory40' : [ 0x0, ['__unnamed_21e7']],
+    'Memory48' : [ 0x0, ['__unnamed_21e9']],
+    'Memory64' : [ 0x0, ['__unnamed_21eb']],
+    'Connection' : [ 0x0, ['__unnamed_21ed']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_21ef']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x2c0, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+    'State' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+    'Removing' : [ 0x22, ['unsigned char']],
+    'Mode' : [ 0x23, ['unsigned char']],
+    'PendingMode' : [ 0x24, ['unsigned char']],
+    'ActivePoint' : [ 0x25, ['unsigned char']],
+    'PendingActivePoint' : [ 0x26, ['unsigned char']],
+    'Critical' : [ 0x27, ['unsigned char']],
+    'ThermalStandby' : [ 0x28, ['unsigned char']],
+    'OverThrottled' : [ 0x29, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x2c, ['long']],
+    'Throttle' : [ 0x30, ['long']],
+    'PendingThrottle' : [ 0x34, ['long']],
+    'ThrottleReasons' : [ 0x38, ['unsigned long']],
+    'LastTime' : [ 0x40, ['unsigned long long']],
+    'SampleRate' : [ 0x48, ['unsigned long']],
+    'LastTemp' : [ 0x4c, ['unsigned long']],
+    'PassiveTimer' : [ 0x50, ['_KTIMER']],
+    'PassiveDpc' : [ 0x78, ['_KDPC']],
+    'Info' : [ 0x98, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'Policy' : [ 0xf8, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0x110, ['unsigned char']],
+    'LastActiveStartTime' : [ 0x118, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x120, ['unsigned long long']],
+    'WorkItem' : [ 0x128, ['_WORK_QUEUE_ITEM']],
+    'Lock' : [ 0x138, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x140, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x150, ['_KEVENT']],
+    'InstanceId' : [ 0x160, ['unsigned long']],
+    'TelemetryTracker' : [ 0x168, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x2b8, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0xc, {
+    'NextPage' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'VerifierEntry' : [ 0x4, ['pointer', ['void']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_REBUILD_LARGE_PAGES' : [ 0x34, {
+    'Active' : [ 0x0, ['long']],
+    'Timer' : [ 0x4, ['array', 16, ['array', 1, ['_MI_REBUILD_LARGE_PAGE_COUNTDOWN']]]],
+    'WorkItem' : [ 0x24, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0x80, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0xc, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x2c, ['unsigned long']],
+    'TraceDb' : [ 0x30, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_HHIVE' : [ 0x6f0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x4, ['pointer', ['void']]],
+    'ReleaseCellRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Allocate' : [ 0xc, ['pointer', ['void']]],
+    'Free' : [ 0x10, ['pointer', ['void']]],
+    'FileWrite' : [ 0x14, ['pointer', ['void']]],
+    'FileRead' : [ 0x18, ['pointer', ['void']]],
+    'HiveLoadFailure' : [ 0x1c, ['pointer', ['void']]],
+    'BaseBlock' : [ 0x20, ['pointer', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x24, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x2c, ['unsigned long']],
+    'DirtyAlloc' : [ 0x30, ['unsigned long']],
+    'UnreconciledVector' : [ 0x34, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x3c, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x40, ['unsigned long']],
+    'Cluster' : [ 0x44, ['unsigned long']],
+    'Flat' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SystemCacheBacked' : [ 0x48, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x49, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x4c, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x50, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x54, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x58, ['unsigned long']],
+    'HiveFlags' : [ 0x5c, ['unsigned long']],
+    'CurrentLog' : [ 0x60, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x64, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x68, ['unsigned long']],
+    'CurrentLogOffset' : [ 0x6c, ['unsigned long']],
+    'MinimumLogSequence' : [ 0x70, ['unsigned long']],
+    'LogFileSizeCap' : [ 0x74, ['unsigned long']],
+    'LogDataPresent' : [ 0x78, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0x7a, ['unsigned char']],
+    'BaseBlockDirty' : [ 0x7b, ['unsigned char']],
+    'LastLogSwapTime' : [ 0x80, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0x88, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0x88, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0x88, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0x88, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0x8a, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0x8c, ['unsigned long']],
+    'StorageTypeCount' : [ 0x90, ['unsigned long']],
+    'Version' : [ 0x94, ['unsigned long']],
+    'ViewMap' : [ 0x98, ['_HVIEW_MAP']],
+    'Storage' : [ 0x3b8, ['array', 2, ['_DUAL']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x24, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x4, ['pointer', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x8, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0xc, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x10, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkFilter' : [ 0x14, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'EventIdFilter' : [ 0x18, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x1c, ['pointer', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x20, ['pointer', ['_EVENT_FILTER_HEADER']]],
+} ],
+  '_CM_WORKITEM' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x8, ['unsigned long']],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Parameter' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_CM_TRANS' : [ 0x68, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KtmTrans' : [ 0x18, ['pointer', ['void']]],
+    'CmRm' : [ 0x1c, ['pointer', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x20, ['pointer', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x24, ['pointer', ['void']]],
+    'KtmUow' : [ 0x28, ['_GUID']],
+    'StartLsn' : [ 0x38, ['unsigned long long']],
+    'TransState' : [ 0x40, ['unsigned long']],
+    'HiveCount' : [ 0x44, ['unsigned long']],
+    'HiveArray' : [ 0x48, ['array', 7, ['pointer', ['_CMHIVE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'Stamp' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x150, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 20, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb0, ['array', 20, ['unsigned long long']]],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x2c, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ProbeMode' : [ 0x8, ['unsigned char']],
+    'PagedPoolCharge' : [ 0xc, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x10, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x14, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x18, ['pointer', ['void']]],
+    'SecurityQos' : [ 0x1c, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x20, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_HVIEW_MAP' : [ 0x320, {
+    'MappedLength' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'Directory' : [ 0xc, ['pointer', ['_HVIEW_MAP_DIRECTORY']]],
+    'PagesCharged' : [ 0x10, ['unsigned long']],
+    'PinLog' : [ 0x18, ['_HVIEW_MAP_PIN_LOG']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_HVIEW_MAP_DIRECTORY' : [ 0x200, {
+    'Tables' : [ 0x0, ['array', 128, ['pointer', ['_HVIEW_MAP_TABLE']]]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x8, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x4, ['array', 1, ['pointer', ['void']]]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0xc, {
+    'DataSectionObject' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['void']]],
+    'ImageSectionObject' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_VF_BTS_DATA_MANAGEMENT_AREA' : [ 0x34, {
+    'BTSBufferBase' : [ 0x0, ['pointer', ['void']]],
+    'BTSIndex' : [ 0x4, ['pointer', ['void']]],
+    'BTSMax' : [ 0x8, ['pointer', ['void']]],
+    'BTSInterruptThreshold' : [ 0xc, ['pointer', ['void']]],
+    'PEBSBufferBase' : [ 0x10, ['pointer', ['void']]],
+    'PEBSIndex' : [ 0x14, ['pointer', ['void']]],
+    'PEBSMax' : [ 0x18, ['pointer', ['void']]],
+    'PEBSInterruptThreshold' : [ 0x1c, ['pointer', ['void']]],
+    'PEBSCounterReset' : [ 0x20, ['array', 2, ['pointer', ['void']]]],
+    'Reserved' : [ 0x28, ['array', 12, ['unsigned char']]],
+} ],
+  '_FLOATING_SAVE_AREA' : [ 0x70, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+    'Spare0' : [ 0x6c, ['unsigned long']],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '__unnamed_226c' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_226e' : [ 0x10, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_226c']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x1c, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'u1' : [ 0x8, ['__unnamed_226e']],
+    'VerifiedData' : [ 0x18, ['pointer', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_RTL_BITMAP' : [ 0x8, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '__unnamed_2279' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_227b' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_227d' : [ 0x8, {
+    'NotificationStructure' : [ 0x0, ['pointer', ['void']]],
+    'DeviceId' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_227f' : [ 0x4, {
+    'Notification' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_2281' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2283' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2285' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2287' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2289' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_228b' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_2279']],
+    'TargetDevice' : [ 0x0, ['__unnamed_227b']],
+    'InstallDevice' : [ 0x0, ['__unnamed_227b']],
+    'CustomNotification' : [ 0x0, ['__unnamed_227d']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_227f']],
+    'PowerNotification' : [ 0x0, ['__unnamed_2281']],
+    'VetoNotification' : [ 0x0, ['__unnamed_2283']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_2285']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_2287']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_2289']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_227b']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_227b']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x44, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'DeviceInstanceStartedEvent', 12: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalSize' : [ 0x1c, ['unsigned long']],
+    'DeviceObject' : [ 0x20, ['pointer', ['void']]],
+    'u' : [ 0x24, ['__unnamed_228b']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x8, ['unsigned long']],
+    'Unloads' : [ 0xc, ['unsigned long']],
+    'BaseName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x88, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x8, ['array', 32, ['unsigned long']]],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Reserved2' : [ 0x14, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer', ['void']]],
+    'Reserved3' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x50, {
+    'Context' : [ 0x0, ['pointer', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x44, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x4c, ['unsigned long']],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 8, ['_M128A']]],
+    'Reserved4' : [ 0x120, ['array', 224, ['unsigned char']]],
+} ],
+  '__unnamed_22a7' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_22a7']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'BusExtension' : [ 0x4, ['pointer', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['unsigned long']],
+    'RealKcb' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x14, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Busy' : [ 0x10, ['unsigned char']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0x78, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NodeGraph' : [ 0x4, ['pointer', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x8, ['pointer', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaLastRangeIndex' : [ 0xc, ['unsigned long']],
+    'NumaMemoryRanges' : [ 0x10, ['pointer', ['_HAL_NODE_RANGE']]],
+    'NumaTableCaptured' : [ 0x14, ['unsigned char']],
+    'NodeShift' : [ 0x15, ['unsigned char']],
+    'ChannelMemoryRanges' : [ 0x18, ['pointer', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'ChannelShift' : [ 0x1c, ['unsigned char']],
+    'SecondLevelCacheSize' : [ 0x20, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x24, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x28, ['unsigned long']],
+    'AllMainMemoryMustBeCached' : [ 0x2c, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x30, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x34, ['unsigned long']],
+    'SecondaryColors' : [ 0x38, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x3c, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x40, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x44, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x48, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x4c, ['unsigned long']],
+    'ZeroCostCounts' : [ 0x50, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'HighestPossiblePhysicalPage' : [ 0x70, ['unsigned long']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer', ['void']]],
+    'OpenProcedure' : [ 0x34, ['pointer', ['void']]],
+    'CloseProcedure' : [ 0x38, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x3c, ['pointer', ['void']]],
+    'ParseProcedure' : [ 0x40, ['pointer', ['void']]],
+    'SecurityProcedure' : [ 0x44, ['pointer', ['void']]],
+    'QueryNameProcedure' : [ 0x48, ['pointer', ['void']]],
+    'OkayToCloseProcedure' : [ 0x4c, ['pointer', ['void']]],
+    'WaitObjectFlagMask' : [ 0x50, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x54, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x56, ['unsigned short']],
+} ],
+  '__unnamed_22e8' : [ 0x4, {
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_22e8']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x8, {
+    'NextExtension' : [ 0x0, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x8, {
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x14c0, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long']],
+    'SystemVaBias' : [ 0x4, ['unsigned long']],
+    'SystemAvailableVaLow' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+    'HyperSpaceEnd' : [ 0x10, ['pointer', ['void']]],
+    'HyperSpaceEndPte' : [ 0x14, ['pointer', ['_MMPTE']]],
+    'SystemRangeStart' : [ 0x18, ['pointer', ['void']]],
+    'SystemCachePdeCount' : [ 0x1c, ['array', 1024, ['unsigned char']]],
+    'SystemCacheReverseMaps' : [ 0x41c, ['array', 1024, ['pointer', ['void']]]],
+    'WorkingSetListHashStart' : [ 0x141c, ['pointer', ['_MMWSLE_HASH']]],
+    'WorkingSetListHashEnd' : [ 0x1420, ['pointer', ['_MMWSLE_HASH']]],
+    'WorkingSetListIndirectHashStart' : [ 0x1424, ['pointer', ['_MMWSLE_NONDIRECT_HASH']]],
+    'FreeSystemCacheVa' : [ 0x1428, ['_KEVENT']],
+    'SystemVaLock' : [ 0x1438, ['unsigned long']],
+    'DeleteKvaLock' : [ 0x143c, ['long']],
+    'FreeSystemCache' : [ 0x1440, ['_MI_PTE_CHAIN_HEAD']],
+    'SystemCacheViewLock' : [ 0x1458, ['unsigned long']],
+    'UnusableWsles' : [ 0x145c, ['array', 5, ['unsigned long']]],
+    'PossibleWsles' : [ 0x1470, ['array', 5, ['unsigned long']]],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0xc, {
+    'DirtyPages' : [ 0x0, ['unsigned long']],
+    'DirtyPagesLastScan' : [ 0x4, ['unsigned long']],
+    'DirtyPagesScheduledLastScan' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x10, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'StackLimit' : [ 0x4, ['unsigned long']],
+    'KernelStack' : [ 0x8, ['unsigned long']],
+    'InitialStack' : [ 0xc, ['unsigned long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x90, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x8, ['unsigned long']],
+    'InDebugger' : [ 0xc, ['long']],
+    'Pfns' : [ 0x10, ['array', 32, ['pointer', ['void']]]],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x70, {
+    'ColorSeed' : [ 0x0, ['unsigned long']],
+    'CloneDereferenceEvent' : [ 0x4, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x18, ['_SLIST_HEADER']],
+    'SystemDllBase' : [ 0x20, ['pointer', ['void']]],
+    'RotatingUniprocessorNumber' : [ 0x24, ['long']],
+    'CriticalSectionTimeout' : [ 0x28, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x30, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x38, ['pointer', ['_MMPTE']]],
+    'FreePaeEntries' : [ 0x3c, ['unsigned long']],
+    'FirstFreePae' : [ 0x40, ['_PAE_ENTRY']],
+    'AllocatedPaePages' : [ 0x60, ['long']],
+    'PaeLock' : [ 0x64, ['unsigned long']],
+    'PaeEntrySList' : [ 0x68, ['_SLIST_HEADER']],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x24, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x28, ['unsigned long']],
+    'Alternatives' : [ 0x2c, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x30, ['unsigned short']],
+    'RangeAttributes' : [ 0x32, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x33, ['unsigned char']],
+    'WorkSpace' : [ 0x34, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMWSLENTRY' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_COUNTDOWN' : [ 0x2, {
+    'SecondsLeft' : [ 0x0, ['unsigned char']],
+    'SecondsAssigned' : [ 0x1, ['unsigned char']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x4, ['unsigned long']],
+    'RequestPacket' : [ 0x8, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x18, ['pointer', ['long']]],
+    'NodeTargetCount' : [ 0x1c, ['long']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x8, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_VPB' : [ 0x58, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'VolumeLabel' : [ 0x18, ['array', 32, ['wchar']]],
+} ],
+  '_MI_SESSION_STATE' : [ 0x1038, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'CodePageEdited' : [ 0x14, ['unsigned char']],
+    'VaReferenceCount' : [ 0x18, ['array', 1024, ['long']]],
+    'DynamicPtesBitBuffer' : [ 0x1018, ['pointer', ['unsigned long']]],
+    'IdLock' : [ 0x101c, ['_EX_PUSH_LOCK']],
+    'DetachTimeStamp' : [ 0x1020, ['unsigned long']],
+    'LeaderProcess' : [ 0x1024, ['pointer', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x1028, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x102c, ['pointer', ['_MMWSL']]],
+    'WsHashStart' : [ 0x1030, ['pointer', ['_MMWSLE_HASH']]],
+    'WsHashEnd' : [ 0x1034, ['pointer', ['_MMWSLE_HASH']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+  '_MMSESSION' : [ 0x14, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x4, ['pointer', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0xc, ['unsigned long']],
+    'BitmapFailures' : [ 0x10, ['unsigned long']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x130, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x12c, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x10, {
+    'ClientToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x8, ['pointer', ['void']]],
+    'ProcessAuditId' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x4, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_KiIoAccessMap' : [ 0x2024, {
+    'DirectionMap' : [ 0x0, ['array', 32, ['unsigned char']]],
+    'IoMap' : [ 0x20, ['array', 8196, ['unsigned char']]],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x40, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0xc, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x1c, ['unsigned long']],
+    'AccessBufferList' : [ 0x20, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x28, ['long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x30, ['long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Entry' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_236d' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0xb8, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_236d']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+    'ParentPartition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'NodeInformation' : [ 0x18, ['pointer', ['_MI_NODE_INFORMATION']]],
+    'MdlPhysicalMemoryBlock' : [ 0x1c, ['pointer', ['_MDL']]],
+    'MemoryNodeRuns' : [ 0x20, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x24, ['unsigned long']],
+    'PfnUnmapWorkItem' : [ 0x28, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapActive' : [ 0x38, ['unsigned char']],
+    'PfnUnmapCount' : [ 0x3c, ['unsigned long']],
+    'PfnUnmapWaitList' : [ 0x40, ['pointer', ['void']]],
+    'MemoryRuns' : [ 0x44, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x48, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x58, ['array', 5, ['pointer', ['void']]]],
+    'PartitionObject' : [ 0x6c, ['pointer', ['void']]],
+    'PartitionObjectHandle' : [ 0x70, ['pointer', ['void']]],
+    'DynamicMemoryPushLock' : [ 0x74, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0x78, ['long']],
+    'TemporaryMemoryEvent' : [ 0x7c, ['_KEVENT']],
+    'MemoryEvents' : [ 0x8c, ['array', 11, ['pointer', ['_KEVENT']]]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x1d0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x38, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0x70, ['unsigned long']],
+    'NumberOfMappedMdlsInUse' : [ 0x74, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0x78, ['unsigned long']],
+    'MappedFileHeader' : [ 0x7c, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0x94, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0x95, ['unsigned char']],
+    'TransitionInserted' : [ 0x96, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0x98, ['long']],
+    'LastMappedWriteError' : [ 0x9c, ['long']],
+    'MappedFileWriteSucceeded' : [ 0xa0, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0xa4, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xa8, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0xac, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0xbc, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0xc0, ['unsigned long']],
+    'ModifiedPageWriterEvent' : [ 0xc4, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0xd4, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0xe4, ['long']],
+    'WriteAllMappedPages' : [ 0xe8, ['long']],
+    'MappedPageWriterEvent' : [ 0xec, ['_KEVENT']],
+    'ModWriteData' : [ 0x100, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x130, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x140, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x158, ['pointer', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x15c, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x160, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x170, ['unsigned long']],
+    'ClusterWritesDisabled' : [ 0x174, ['array', 2, ['long']]],
+    'NotifyStoreMemoryConditions' : [ 0x17c, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x18c, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x190, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x194, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x198, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x1a8, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x1b0, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x1c0, ['long']],
+    'WorkingSetSwapLock' : [ 0x1c4, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x1c8, ['long']],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_KPRIQUEUE' : [ 0x19c, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x110, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x190, ['unsigned long']],
+    'ThreadListHead' : [ 0x194, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2385' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x68, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long']]],
+    'LargePages' : [ 0x8, ['array', 2, ['array', 2, ['array', 1, ['_LIST_ENTRY']]]]],
+    'LargePagesCount' : [ 0x28, ['array', 2, ['array', 2, ['array', 1, ['unsigned long']]]]],
+    'FreeCount' : [ 0x38, ['array', 2, ['unsigned long']]],
+    'TotalPages' : [ 0x40, ['array', 1, ['unsigned long']]],
+    'TotalPagesEntireNode' : [ 0x44, ['unsigned long']],
+    'MmShiftedColor' : [ 0x48, ['unsigned long']],
+    'Color' : [ 0x4c, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x50, ['array', 1, ['array', 2, ['unsigned long']]]],
+    'Flags' : [ 0x58, ['__unnamed_2385']],
+    'NodeLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'ChannelStatus' : [ 0x60, ['unsigned char']],
+    'ChannelOrdering' : [ 0x61, ['array', 1, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x62, ['array', 1, ['unsigned char']]],
+    'PowerAttribute' : [ 0x63, ['array', 1, ['unsigned char']]],
+    'LargePageLock' : [ 0x64, ['unsigned long']],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_WAITING_IRP' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'CompletionRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'Information' : [ 0x18, ['unsigned long']],
+    'BreakAllRH' : [ 0x1c, ['unsigned char']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x4, ['pointer', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x10, {
+    'SharedExportThunks' : [ 0x0, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x4, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x8, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0xc, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x140, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'SchedulingGroupList' : [ 0x28, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x28, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x30, ['pointer', ['_KDPC']]],
+    'ChildList' : [ 0x34, ['_LIST_ENTRY']],
+    'Parent' : [ 0x3c, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x40, ['array', 1, ['_KSCB']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x18, {
+    'SourceProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x4, ['pointer', ['void']]],
+    'Object' : [ 0x8, ['pointer', ['void']]],
+    'TargetAccess' : [ 0xc, ['unsigned long']],
+    'ObjectInfo' : [ 0x10, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x18, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'Irp' : [ 0xc, ['pointer', ['_IRP']]],
+    'Device' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x14, ['unsigned char']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+} ],
+  '__unnamed_23b6' : [ 0x4, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_SECTION' : [ 0x28, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u1' : [ 0x14, ['__unnamed_23b6']],
+    'SizeOfSection' : [ 0x18, ['unsigned long long']],
+    'u' : [ 0x20, ['__unnamed_16af']],
+    'InitialPageProtection' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x24, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SECTION_STATE' : [ 0x140, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionExtendLock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'SectionExtendSetLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'SectionBasedRoot' : [ 0xc, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'UnusedSubsectionPagedPool' : [ 0x14, ['unsigned long']],
+    'UnusedSegmentForceFree' : [ 0x18, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x1c, ['unsigned long']],
+    'HighSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'PhysicalSubsection' : [ 0x24, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0x68, ['_CONTROL_AREA']],
+    'DanglingExtentsPages' : [ 0xb8, ['pointer', ['_MMPFN']]],
+    'DanglingExtentsLock' : [ 0xbc, ['long']],
+    'DanglingExtentsWorkItem' : [ 0xc0, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsWorkerActive' : [ 0xd0, ['unsigned char']],
+    'PageFileSectionHead' : [ 0xd4, ['_RTL_AVL_TREE']],
+    'PageFileSectionListSpinLock' : [ 0xd8, ['long']],
+    'ImageBias' : [ 0xdc, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0xe4, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0xec, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0xf0, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0xf4, ['unsigned long']],
+    'LostDataFiles' : [ 0xf8, ['unsigned long']],
+    'LostDataPages' : [ 0xfc, ['unsigned long']],
+    'ImageFailureReason' : [ 0x100, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x104, ['pointer', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x108, ['pointer', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x10c, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x110, ['long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_23c2' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23c4' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23c6' : [ 0xc, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23c8' : [ 0xc, {
+    'Raw' : [ 0x0, ['__unnamed_23c6']],
+    'Translated' : [ 0x0, ['__unnamed_23c4']],
+} ],
+  '__unnamed_23ca' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23cc' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_23ce' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23d0' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23d2' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23d4' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23d6' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23d8' : [ 0xc, {
+    'Generic' : [ 0x0, ['__unnamed_23c2']],
+    'Port' : [ 0x0, ['__unnamed_23c2']],
+    'Interrupt' : [ 0x0, ['__unnamed_23c4']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_23c8']],
+    'Memory' : [ 0x0, ['__unnamed_23c2']],
+    'Dma' : [ 0x0, ['__unnamed_23ca']],
+    'DmaV3' : [ 0x0, ['__unnamed_23cc']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_21e1']],
+    'BusNumber' : [ 0x0, ['__unnamed_23ce']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_23d0']],
+    'Memory40' : [ 0x0, ['__unnamed_23d2']],
+    'Memory48' : [ 0x0, ['__unnamed_23d4']],
+    'Memory64' : [ 0x0, ['__unnamed_23d6']],
+    'Connection' : [ 0x0, ['__unnamed_21ed']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_23d8']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_23e0' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_23e0']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x4, {
+    'ReserveDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x1c, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x4, ['_RTL_BITMAP']],
+    'FirstPteForPagedPool' : [ 0xc, ['pointer', ['_MMPTE']]],
+    'MaximumSize' : [ 0x10, ['unsigned long']],
+    'PagedPoolHint' : [ 0x14, ['unsigned long']],
+    'AllocatedPagedPool' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_23ec' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x54, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x4, ['__unnamed_23ec']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x10, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0xc, ['pointer', ['unsigned long']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PAE_ENTRY' : [ 0x20, {
+    'PteEntry' : [ 0x0, ['array', 4, ['_MMPTE']]],
+    'PaeEntry' : [ 0x0, ['_PAE_PAGEINFO']],
+    'NextPae' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0xd8, {
+    'Partition' : [ 0x0, ['pointer', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x4, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0xc, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x20, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x24, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x2c, ['unsigned long']],
+    'CombinePageListHeads' : [ 0x30, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0xb0, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x8, {
+    'p' : [ 0x0, ['pointer', ['void']]],
+    'RangeSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_DEVICE' : [ 0x188, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DevNode' : [ 0x1c, ['pointer', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x20, ['pointer', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x24, ['pointer', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x28, ['pointer', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x2c, ['pointer', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x30, ['pointer', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x38, ['pointer', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x3c, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0x58, ['pointer', ['void']]],
+    'AcpiLink' : [ 0x5c, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0x64, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0x6c, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x84, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x9c, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0xb8, ['unsigned long']],
+    'IdleTimer' : [ 0xc0, ['_KTIMER']],
+    'IdleDpc' : [ 0xe8, ['_KDPC']],
+    'IdleTimeout' : [ 0x108, ['unsigned long long']],
+    'IdleStamp' : [ 0x110, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x118, ['array', 2, ['pointer', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x120, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x128, ['array', 2, ['pointer', ['void']]]],
+    'NextIrpCallerContext' : [ 0x130, ['array', 2, ['pointer', ['void']]]],
+    'IrpCompleteEvent' : [ 0x138, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x148, ['pointer', ['void']]],
+    'Accounting' : [ 0x150, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x178, ['unsigned long']],
+    'ComponentCount' : [ 0x17c, ['unsigned long']],
+    'Components' : [ 0x180, ['pointer', ['pointer', ['_POP_FX_COMPONENT']]]],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2418' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_241a' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2418']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x44, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x30, ['pointer', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x34, ['_LIST_ENTRY']],
+    'Specific' : [ 0x3c, ['__unnamed_241a']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x18, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x1c, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ListHead' : [ 0x14, ['_LIST_ENTRY']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long']],
+    'BadPagesDetected' : [ 0x4, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x8, ['long']],
+    'ScrubPasses' : [ 0xc, ['long']],
+    'ScrubBadPagesFound' : [ 0x10, ['long']],
+    'PageHashErrors' : [ 0x14, ['unsigned long']],
+    'FeatureBits' : [ 0x18, ['unsigned long long']],
+    'TimeZoneId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x28, ['pointer', ['void']]],
+    'ExceptionChainTerminator' : [ 0x2c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'ExceptionChainTerminatorRecord' : [ 0x30, ['_EXCEPTION_REGISTRATION_RECORD']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x38, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0xc, ['pointer', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x10, ['pointer', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x14, ['pointer', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x18, ['pointer', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x1c, ['pointer', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x20, ['pointer', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x24, ['pointer', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x28, ['pointer', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x2c, ['pointer', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x30, ['pointer', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_KENLISTMENT' : [ 0x168, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x4, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x18, ['_GUID']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NextSameTx' : [ 0x48, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x50, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x58, ['pointer', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0x5c, ['pointer', ['_KTRANSACTION']]],
+    'State' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0x64, ['unsigned long']],
+    'NotificationMask' : [ 0x68, ['unsigned long']],
+    'Key' : [ 0x6c, ['pointer', ['void']]],
+    'KeyRefCount' : [ 0x70, ['unsigned long']],
+    'RecoveryInformation' : [ 0x74, ['pointer', ['void']]],
+    'RecoveryInformationLength' : [ 0x78, ['unsigned long']],
+    'DynamicNameInformation' : [ 0x7c, ['pointer', ['void']]],
+    'DynamicNameInformationLength' : [ 0x80, ['unsigned long']],
+    'FinalNotification' : [ 0x84, ['pointer', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0x88, ['pointer', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0x8c, ['pointer', ['void']]],
+    'SubordinateTxHandle' : [ 0x90, ['pointer', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x94, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0xa4, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0xb4, ['_GUID']],
+    'NextHistory' : [ 0xc4, ['unsigned long']],
+    'History' : [ 0xc8, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ArbiterHandler' : [ 0x10, ['pointer', ['void']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_DELAY_ACK_FO' : [ 0xc, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x4, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x28, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long']],
+    'TrimInProgressCount' : [ 0x4, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x8, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x18, ['array', 3, ['unsigned long']]],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SpareUlong' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_RESAVAIL_TRACKER' : [ 0x200, {
+    'AllocateKernelStack' : [ 0x0, ['unsigned long']],
+    'AllocateGrowKernelStack' : [ 0x4, ['unsigned long']],
+    'FreeKernelStack' : [ 0x8, ['unsigned long']],
+    'FreeKernelStackError' : [ 0xc, ['unsigned long']],
+    'FreeGrowKernelStackError' : [ 0x10, ['unsigned long']],
+    'AllocateCreateProcess' : [ 0x14, ['unsigned long']],
+    'FreeCreateProcessError' : [ 0x18, ['unsigned long']],
+    'FreeDeleteProcess' : [ 0x1c, ['unsigned long']],
+    'FreeCleanProcess' : [ 0x20, ['unsigned long']],
+    'FreeCleanProcessError' : [ 0x24, ['unsigned long']],
+    'AllocateAddProcessWsMetaPage' : [ 0x28, ['unsigned long']],
+    'AllocateWsIncrease' : [ 0x2c, ['unsigned long']],
+    'FreeWsIncreaseError' : [ 0x30, ['unsigned long']],
+    'FreeWsIncreaseErrorMax' : [ 0x34, ['unsigned long']],
+    'FreeWsDecrease' : [ 0x38, ['unsigned long']],
+    'AllocateWorkingSetPage' : [ 0x3c, ['unsigned long']],
+    'FreeWorkingSetPageError' : [ 0x40, ['unsigned long']],
+    'FreeDeletePteRange' : [ 0x44, ['unsigned long']],
+    'AllocatePageTablesForProcessMetadata' : [ 0x48, ['unsigned long']],
+    'FreePageTablesForProcessMetadataError2' : [ 0x4c, ['unsigned long']],
+    'AllocatePageTablesForSystem' : [ 0x50, ['unsigned long']],
+    'FreePageTablesExcess' : [ 0x54, ['unsigned long']],
+    'FreeSystemVaPageTables' : [ 0x58, ['unsigned long']],
+    'FreeSessionVaPageTables' : [ 0x5c, ['unsigned long']],
+    'AllocateCreateSession' : [ 0x60, ['unsigned long']],
+    'FreeSessionWsDereference' : [ 0x64, ['unsigned long']],
+    'FreeSessionDereference' : [ 0x68, ['unsigned long']],
+    'AllocateLockedSessionImage' : [ 0x6c, ['unsigned long']],
+    'FreeLockedSessionImage' : [ 0x70, ['unsigned long']],
+    'FreeSessionImageConversion' : [ 0x74, ['unsigned long']],
+    'AllocateWsAdjustPageTable' : [ 0x78, ['unsigned long']],
+    'FreeWsAdjustPageTable' : [ 0x7c, ['unsigned long']],
+    'FreeWsAdjustPageTableError' : [ 0x80, ['unsigned long']],
+    'AllocateNoLowMemory' : [ 0x84, ['unsigned long']],
+    'AllocatePagedPoolLockedDown' : [ 0x88, ['unsigned long']],
+    'FreePagedPoolLockedDown' : [ 0x8c, ['unsigned long']],
+    'AllocateSystemBitmaps' : [ 0x90, ['unsigned long']],
+    'FreeSystemBitmapsError' : [ 0x94, ['unsigned long']],
+    'AllocateForMdl' : [ 0x98, ['unsigned long']],
+    'FreeFromMdl' : [ 0x9c, ['unsigned long']],
+    'AllocateForMdlPartition' : [ 0xa0, ['unsigned long']],
+    'FreeFromMdlPartition' : [ 0xa4, ['unsigned long']],
+    'FreeMdlExcess' : [ 0xa8, ['unsigned long']],
+    'AllocateExpansionNonPagedPool' : [ 0xac, ['unsigned long']],
+    'FreeExpansionNonPagedPool' : [ 0xb0, ['unsigned long']],
+    'AllocateVad' : [ 0xb4, ['unsigned long']],
+    'RemoveVad' : [ 0xb8, ['unsigned long']],
+    'FreeVad' : [ 0xbc, ['unsigned long']],
+    'AllocateContiguous' : [ 0xc0, ['unsigned long']],
+    'FreeContiguousPages' : [ 0xc4, ['unsigned long']],
+    'FreeContiguousError' : [ 0xc8, ['unsigned long']],
+    'FreeLargePageMemory' : [ 0xcc, ['unsigned long']],
+    'AllocateSystemWsles' : [ 0xd0, ['unsigned long']],
+    'FreeSystemWsles' : [ 0xd4, ['unsigned long']],
+    'AllocateSystemInitWs' : [ 0xd8, ['unsigned long']],
+    'AllocateSessionInitWs' : [ 0xdc, ['unsigned long']],
+    'FreeSessionInitWsError' : [ 0xe0, ['unsigned long']],
+    'AllocateSystemImage' : [ 0xe4, ['unsigned long']],
+    'AllocateSystemImageLoad' : [ 0xe8, ['unsigned long']],
+    'AllocateSessionSharedImage' : [ 0xec, ['unsigned long']],
+    'FreeSystemImageInitCode' : [ 0xf0, ['unsigned long']],
+    'FreeSystemImageLargePageConversion' : [ 0xf4, ['unsigned long']],
+    'FreeSystemImageError' : [ 0xf8, ['unsigned long']],
+    'FreeSystemImageLoadExcess' : [ 0xfc, ['unsigned long']],
+    'FreeUnloadSystemImage' : [ 0x100, ['unsigned long']],
+    'FreeReloadBootImageLarge' : [ 0x104, ['unsigned long']],
+    'FreeIndependent' : [ 0x108, ['unsigned long']],
+    'AllocateHotRemove' : [ 0x10c, ['unsigned long']],
+    'FreeHotAdd' : [ 0x110, ['unsigned long']],
+    'AllocateBoot' : [ 0x114, ['unsigned long']],
+    'FreeLoaderBlock' : [ 0x118, ['unsigned long']],
+    'AllocateNonPagedSpecialPool' : [ 0x11c, ['unsigned long']],
+    'FreeNonPagedSpecialPoolError' : [ 0x120, ['unsigned long']],
+    'FreeNonPagedSpecialPool' : [ 0x124, ['unsigned long']],
+    'AllocateSharedSegmentPage' : [ 0x128, ['unsigned long']],
+    'FreeSharedSegmentPage' : [ 0x12c, ['unsigned long']],
+    'AllocateZeroPage' : [ 0x130, ['unsigned long']],
+    'FreeZeroPage' : [ 0x134, ['unsigned long']],
+    'AllocateForPo' : [ 0x138, ['unsigned long']],
+    'AllocateForPoForce' : [ 0x13c, ['unsigned long']],
+    'FreeForPo' : [ 0x140, ['unsigned long']],
+    'AllocateThreadHardFaultBehavior' : [ 0x144, ['unsigned long']],
+    'FreeThreadHardFaultBehavior' : [ 0x148, ['unsigned long']],
+    'ObtainFaultCharges' : [ 0x14c, ['unsigned long']],
+    'FreeFaultCharges' : [ 0x150, ['unsigned long']],
+    'AllocateStoreCharges' : [ 0x154, ['unsigned long']],
+    'FreeStoreCharges' : [ 0x158, ['unsigned long']],
+    'ObtainLockedPageCharge' : [ 0x180, ['unsigned long']],
+    'FreeLockedPageCharge' : [ 0x1c0, ['unsigned long']],
+    'AllocateStore' : [ 0x1c4, ['unsigned long']],
+    'FreeStore' : [ 0x1c8, ['unsigned long']],
+    'AllocateSystemImageProtos' : [ 0x1cc, ['unsigned long']],
+    'FreeSystemImageProtos' : [ 0x1d0, ['unsigned long']],
+    'AllocateModWriterCharge' : [ 0x1d4, ['unsigned long']],
+    'FreeModWriterCharge' : [ 0x1d8, ['unsigned long']],
+    'AllocateMappedWriterCharge' : [ 0x1dc, ['unsigned long']],
+    'FreeMappedWriterCharge' : [ 0x1e0, ['unsigned long']],
+    'AllocateRegistryCharges' : [ 0x1e4, ['unsigned long']],
+    'FreeRegistryCharges' : [ 0x1e8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x18, {
+    'DebugInfo' : [ 0x0, ['pointer', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x4, ['long']],
+    'RecursionCount' : [ 0x8, ['long']],
+    'OwningThread' : [ 0xc, ['pointer', ['void']]],
+    'LockSemaphore' : [ 0x10, ['pointer', ['void']]],
+    'SpinCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'Context' : [ 0xc, ['pointer', ['void']]],
+    'CompletionState' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x14, ['unsigned long']],
+    'Status' : [ 0x18, ['long']],
+    'Information' : [ 0x1c, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x4, ['long']],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x10, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x4, ['unsigned long']],
+    'Run' : [ 0x8, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '__unnamed_248d' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_248f' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2491' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2493' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_248d']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_248f']],
+    'Raw' : [ 0x0, ['__unnamed_2491']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x28, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'Operation' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'DirtyVectorModified', 1: 'DirtyDataCaptureStart', 2: 'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0x8, ['__unnamed_2493']],
+    'Stack' : [ 0x10, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0xb0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x8, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x20, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x38, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedPoolLowestPage' : [ 0x68, ['unsigned long']],
+    'NonPagedPoolHighestPage' : [ 0x6c, ['unsigned long']],
+    'AllocatedNonPagedPool' : [ 0x70, ['unsigned long']],
+    'PartialLargePoolRegions' : [ 0x74, ['unsigned long']],
+    'PagesInPartialLargePoolRegions' : [ 0x78, ['unsigned long']],
+    'CachedNonPagedPoolCount' : [ 0x7c, ['unsigned long']],
+    'NonPagedPoolSpinLock' : [ 0x80, ['unsigned long']],
+    'CachedNonPagedPool' : [ 0x84, ['pointer', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x88, ['pointer', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x8c, ['pointer', ['void']]],
+    'NonPagedBitMap' : [ 0x90, ['array', 3, ['_RTL_BITMAP']]],
+    'NonPagedHint' : [ 0xa8, ['array', 2, ['unsigned long']]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x8, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 31, native_type='unsigned long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x0, ['pointer', ['void']]],
+    'SessionState' : [ 0x4, ['pointer', ['void']]],
+    'SessionId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_24a5' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x50, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_24a5']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'EvictionThread' : [ 0x1c, ['pointer', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x20, ['_KEVENT']],
+    'EvictFlushCompleteEvent' : [ 0x30, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x40, ['_SLIST_HEADER']],
+    'EvictFlushLock' : [ 0x48, ['long']],
+    'ModifiedWriteFailedBitmap' : [ 0x4c, ['pointer', ['_RTL_BITMAP']]],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x28, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x8, ['unsigned long']],
+    'SyncCallback' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'DeviceContext' : [ 0x14, ['pointer', ['void']]],
+    'NumberOfMapRegisters' : [ 0x18, ['unsigned long']],
+    'DeviceObject' : [ 0x1c, ['pointer', ['void']]],
+    'CurrentIrp' : [ 0x20, ['pointer', ['void']]],
+    'BufferChainingDpc' : [ 0x24, ['pointer', ['_KDPC']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x10, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x4, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0xc, ['unsigned short']],
+    'Name' : [ 0xe, ['array', 1, ['wchar']]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x48, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ZeroNonCachedByConverting' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ZeroWriteCombinedByConverting' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x1c, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP']],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Vad' : [ 0x10, ['pointer', ['_MMVAD_SHORT']]],
+    'SubListIndex' : [ 0x14, ['unsigned short']],
+    'Hint' : [ 0x16, ['unsigned short']],
+    'SetBits' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x30, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x1c, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x20, ['unsigned long']],
+    'Counters' : [ 0x24, ['array', 2, ['unsigned long']]],
+} ],
+  '_KTIMER' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x10, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x20, ['pointer', ['_KDPC']]],
+    'Period' : [ 0x24, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0xc, ['pointer', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x14, ['unsigned long']],
+    'Buckets' : [ 0x18, ['array', 1, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '__unnamed_24e2' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x108, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x34, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x38, ['pointer', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x40, ['unsigned long long']],
+    'SleepTime' : [ 0x48, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x50, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x60, ['array', 3, ['__unnamed_24e2']]],
+    'WakeAlarmPaused' : [ 0xa8, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb0, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xb8, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_HASH' : [ 0x10, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x8, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0xc, ['unsigned long']],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_KAPC_STATE' : [ 0x18, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x10, ['pointer', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x14, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x15, ['unsigned char']],
+    'UserApcPending' : [ 0x16, ['unsigned char']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x8, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x10, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x1c, ['unsigned char']],
+    'DeviceObject' : [ 0x20, ['pointer', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x24, ['pointer', ['unsigned short']]],
+    'DriverName' : [ 0x28, ['pointer', ['unsigned short']]],
+    'ChildCount' : [ 0x2c, ['unsigned long']],
+    'ActiveChild' : [ 0x30, ['unsigned long']],
+    'ParentCount' : [ 0x34, ['unsigned long']],
+    'ActiveParent' : [ 0x38, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x4, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x24, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x10, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e0, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x4, {
+    'PageHashes' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0x70, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x4, ['pointer', ['void']]],
+    'FastIoRead' : [ 0x8, ['pointer', ['void']]],
+    'FastIoWrite' : [ 0xc, ['pointer', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x10, ['pointer', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x14, ['pointer', ['void']]],
+    'FastIoLock' : [ 0x18, ['pointer', ['void']]],
+    'FastIoUnlockSingle' : [ 0x1c, ['pointer', ['void']]],
+    'FastIoUnlockAll' : [ 0x20, ['pointer', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x24, ['pointer', ['void']]],
+    'FastIoDeviceControl' : [ 0x28, ['pointer', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x2c, ['pointer', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x30, ['pointer', ['void']]],
+    'FastIoDetachDevice' : [ 0x34, ['pointer', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x38, ['pointer', ['void']]],
+    'AcquireForModWrite' : [ 0x3c, ['pointer', ['void']]],
+    'MdlRead' : [ 0x40, ['pointer', ['void']]],
+    'MdlReadComplete' : [ 0x44, ['pointer', ['void']]],
+    'PrepareMdlWrite' : [ 0x48, ['pointer', ['void']]],
+    'MdlWriteComplete' : [ 0x4c, ['pointer', ['void']]],
+    'FastIoReadCompressed' : [ 0x50, ['pointer', ['void']]],
+    'FastIoWriteCompressed' : [ 0x54, ['pointer', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0x58, ['pointer', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0x5c, ['pointer', ['void']]],
+    'FastIoQueryOpen' : [ 0x60, ['pointer', ['void']]],
+    'ReleaseForModWrite' : [ 0x64, ['pointer', ['void']]],
+    'AcquireForCcFlush' : [ 0x68, ['pointer', ['void']]],
+    'ReleaseForCcFlush' : [ 0x6c, ['pointer', ['void']]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x38, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x8, ['unsigned char']],
+    'ArbiterInterface' : [ 0xc, ['pointer', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x10, ['pointer', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x1c, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x24, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x2c, ['_LIST_ENTRY']],
+    'State' : [ 0x34, ['unsigned char']],
+    'ResourcesChanged' : [ 0x35, ['unsigned char']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Group' : [ 0x8, ['pointer', ['void']]],
+    'Sacl' : [ 0xc, ['pointer', ['_ACL']]],
+    'Dacl' : [ 0x10, ['pointer', ['_ACL']]],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x10, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0xc, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0xc, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0xc, ['_RTL_BITMAP']],
+} ],
+  '_KQUEUE' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x18, ['unsigned long']],
+    'MaximumCount' : [ 0x1c, ['unsigned long']],
+    'ThreadListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x14, {
+    'NextEntry' : [ 0x0, ['pointer', ['void']]],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x2a4, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer', ['void']]],
+    'ConsoleFlags' : [ 0x14, ['unsigned long']],
+    'StandardInput' : [ 0x18, ['pointer', ['void']]],
+    'StandardOutput' : [ 0x1c, ['pointer', ['void']]],
+    'StandardError' : [ 0x20, ['pointer', ['void']]],
+    'CurrentDirectory' : [ 0x24, ['_CURDIR']],
+    'DllPath' : [ 0x30, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x38, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x40, ['_UNICODE_STRING']],
+    'Environment' : [ 0x48, ['pointer', ['void']]],
+    'StartingX' : [ 0x4c, ['unsigned long']],
+    'StartingY' : [ 0x50, ['unsigned long']],
+    'CountX' : [ 0x54, ['unsigned long']],
+    'CountY' : [ 0x58, ['unsigned long']],
+    'CountCharsX' : [ 0x5c, ['unsigned long']],
+    'CountCharsY' : [ 0x60, ['unsigned long']],
+    'FillAttribute' : [ 0x64, ['unsigned long']],
+    'WindowFlags' : [ 0x68, ['unsigned long']],
+    'ShowWindowFlags' : [ 0x6c, ['unsigned long']],
+    'WindowTitle' : [ 0x70, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0x78, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0x80, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0x88, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0x90, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x290, ['unsigned long']],
+    'EnvironmentVersion' : [ 0x294, ['unsigned long']],
+    'PackageDependencyData' : [ 0x298, ['pointer', ['void']]],
+    'ProcessGroupId' : [ 0x29c, ['unsigned long']],
+    'LoaderThreads' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x8, {
+    'BasePage' : [ 0x0, ['unsigned long']],
+    'PageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x14, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x10, ['unsigned char']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x10, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x4, ['pointer', ['void']]],
+    'AcquireForReadAhead' : [ 0x8, ['pointer', ['void']]],
+    'ReleaseFromReadAhead' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_RTL_RANGE' : [ 0x20, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer', ['void']]],
+    'Owner' : [ 0x14, ['pointer', ['void']]],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'Flags' : [ 0x19, ['unsigned char']],
+} ],
+  '_LOCK_HEADER' : [ 0x10, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Lock' : [ 0x8, ['unsigned long']],
+    'Valid' : [ 0xc, ['unsigned long']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MSUBSECTION' : [ 0x44, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x28, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x34, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x3c, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x40, ['unsigned long']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x4, {
+    'ImageFileName' : [ 0x0, ['pointer', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x8, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x4, ['unsigned long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x40, {
+    'Address' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0xc, ['array', 13, ['pointer', ['void']]]],
+} ],
+  '__unnamed_259c' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x2000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_259c']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x18, ['unsigned long']],
+    'NonPagablePages' : [ 0x1c, ['unsigned long']],
+    'CommittedPages' : [ 0x20, ['unsigned long']],
+    'PagedPoolStart' : [ 0x24, ['pointer', ['void']]],
+    'PagedPoolEnd' : [ 0x28, ['pointer', ['void']]],
+    'SessionObject' : [ 0x2c, ['pointer', ['void']]],
+    'SessionObjectHandle' : [ 0x30, ['pointer', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x34, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x44, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x48, ['unsigned long']],
+    'AttachCount' : [ 0x4c, ['unsigned long']],
+    'AttachGate' : [ 0x50, ['_KGATE']],
+    'WsListEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0x80, ['array', 24, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xc80, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xc94, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xcb0, ['_MMSUPPORT']],
+    'Wsle' : [ 0xd30, ['pointer', ['_MMWSLE']]],
+    'DriverUnload' : [ 0xd34, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PagedPool' : [ 0xd40, ['_POOL_DESCRIPTOR']],
+    'PageTables' : [ 0x1e80, ['pointer', ['_MMPTE']]],
+    'PagedPoolBitBuffer' : [ 0x1e84, ['array', 32, ['unsigned long']]],
+    'SpecialPool' : [ 0x1f08, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1f50, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x1f54, ['long']],
+    'PagedPoolPdeCount' : [ 0x1f58, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1f5c, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1f60, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1f64, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1f98, ['pointer', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1f9c, ['unsigned long']],
+    'PoolTrackBigPages' : [ 0x1fa0, ['pointer', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1fa4, ['unsigned long']],
+    'IoState' : [ 0x1fa8, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1fac, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1fb0, ['_KEVENT']],
+    'ServerSilo' : [ 0x1fc0, ['pointer', ['_EJOB']]],
+    'CreateTime' : [ 0x1fc8, ['unsigned long long']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x38, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x4, ['_LIST_ENTRY']],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x10, ['unsigned long']],
+    'ActualExpansion' : [ 0x14, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'InProgress' : [ 0x28, ['long']],
+    'u' : [ 0x2c, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+    'ActiveEntry' : [ 0x30, ['pointer', ['pointer', ['void']]]],
+    'AttemptForCantExtend' : [ 0x34, ['unsigned char']],
+    'PageFileContract' : [ 0x35, ['unsigned char']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '__unnamed_25ad' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_25b1' : [ 0x4, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x4c, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x28, ['__unnamed_25ad']],
+    'Subsection' : [ 0x2c, ['pointer', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x30, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x34, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x38, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x40, ['pointer', ['_EPROCESS']]],
+    'u4' : [ 0x44, ['__unnamed_25b1']],
+    'FileObject' : [ 0x48, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x10, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'SidCount' : [ 0x8, ['unsigned long']],
+    'SidValuesStart' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x38, {
+    'PartitionLock' : [ 0x0, ['unsigned long']],
+    'PartitionIdLock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x8, ['unsigned long long']],
+    'PartitionList' : [ 0x10, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x18, ['pointer', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x1c, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x24, ['array', 1, ['pointer', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x28, ['pointer', ['pointer', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x2c, ['unsigned long']],
+    'CrossPartitionDenials' : [ 0x30, ['unsigned long']],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_CM_RM' : [ 0x58, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x10, ['pointer', ['void']]],
+    'Tm' : [ 0x14, ['pointer', ['void']]],
+    'RmHandle' : [ 0x18, ['pointer', ['void']]],
+    'KtmRm' : [ 0x1c, ['pointer', ['void']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'ContainerNum' : [ 0x24, ['unsigned long']],
+    'ContainerSize' : [ 0x28, ['unsigned long long']],
+    'CmHive' : [ 0x30, ['pointer', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x34, ['pointer', ['void']]],
+    'MarshallingContext' : [ 0x38, ['pointer', ['void']]],
+    'RmFlags' : [ 0x3c, ['unsigned long']],
+    'LogStartStatus1' : [ 0x40, ['long']],
+    'LogStartStatus2' : [ 0x44, ['long']],
+    'BaseLsn' : [ 0x48, ['unsigned long long']],
+    'RmLock' : [ 0x50, ['pointer', ['_ERESOURCE']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0x50, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x10, ['unsigned char']],
+    'IrpOplocksR' : [ 0x14, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x1c, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x24, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x2c, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x34, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x3c, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x44, ['pointer', ['_GUID']]],
+    'OplockState' : [ 0x48, ['unsigned long']],
+    'FastMutex' : [ 0x4c, ['pointer', ['_FAST_MUTEX']]],
+} ],
+  '_MI_LARGEPAGE_MEMORY_INFO' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ColoredPageInfoBase' : [ 0x8, ['pointer', ['_COLORED_PAGE_INFO']]],
+    'PagesNeedZeroing' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x8, {
+    'Process' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'HandleCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x90, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Foreground' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'WindowInformation' : [ 0x68, ['unsigned long']],
+    'PixelArea' : [ 0x6c, ['unsigned long']],
+    'PixelReportTimestamp' : [ 0x70, ['long long']],
+    'PixelTime' : [ 0x78, ['unsigned long long']],
+    'ForegroundReportTimestamp' : [ 0x80, ['long long']],
+    'ForegroundTime' : [ 0x88, ['unsigned long long']],
+} ],
+  '_CLIENT_ID' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['pointer', ['void']]],
+    'UniqueThread' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x2c, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x4, ['unsigned long']],
+    'DummyPagePfn' : [ 0x8, ['pointer', ['_MMPFN']]],
+    'DummyPage' : [ 0xc, ['unsigned long']],
+    'PageOfZeroes' : [ 0x10, ['unsigned long']],
+    'ZeroMapping' : [ 0x14, ['pointer', ['void']]],
+    'OnesMapping' : [ 0x18, ['pointer', ['void']]],
+    'BitmapGapFrames' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'PfnGapFrames' : [ 0x24, ['array', 2, ['unsigned long']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0x80, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer', ['void']]],
+    'ThreadOwner' : [ 0xc, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x20, ['array', 8, ['pointer', ['void']]]],
+    'LastAcquireTrace' : [ 0x40, ['array', 8, ['pointer', ['void']]]],
+    'LastReleaseTrace' : [ 0x60, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x3c, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0xc, ['pointer', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x10, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x11, ['unsigned char']],
+    'ServerIsRemote' : [ 0x12, ['unsigned char']],
+    'ClientTokenControl' : [ 0x14, ['_TOKEN_CONTROL']],
+} ],
+  '_MI_VAD_ALLOCATION_CELL' : [ 0x1c, {
+    'AllocationBitMap' : [ 0x0, ['_RTL_BITMAP']],
+    'BitMapHint' : [ 0x8, ['unsigned long']],
+    'LastAllocationSize' : [ 0xc, ['unsigned long']],
+    'LastAllocationSizeHint' : [ 0x10, ['unsigned long']],
+    'LowestBottomUpVadBit' : [ 0x14, ['unsigned long']],
+    'LowestBottomUpAllocationAddress' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x18, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x8, ['pointer', ['void']]],
+    'SessionViewVa' : [ 0x8, ['pointer', ['void']]],
+    'VadsProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'Type' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SectionOffset' : [ 0x10, ['unsigned long long']],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x10, {
+    'SecurityQos' : [ 0x0, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x4, ['pointer', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x8, ['unsigned long']],
+    'FullCreateOptions' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_25f2' : [ 0x20, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x1c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x50, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long']],
+    'ModifiedPagesTotal' : [ 0x1c, ['unsigned long']],
+    'ModifiedPagefilePages' : [ 0x20, ['unsigned long']],
+    'ModifiedNoWritePages' : [ 0x24, ['unsigned long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x28, ['unsigned long']],
+    'MdlHack' : [ 0x2c, ['__unnamed_25f2']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x8, ['pointer', ['_KPRCB']]],
+    'Members' : [ 0xc, ['_KAFFINITY_EX']],
+    'ProcessorCount' : [ 0x18, ['unsigned long']],
+    'Class' : [ 0x1c, ['unsigned char']],
+    'Spare' : [ 0x1d, ['array', 3, ['unsigned char']]],
+    'Processors' : [ 0x20, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0x24, ['pointer', ['void']]],
+    'TimeWindowHandler' : [ 0x28, ['pointer', ['void']]],
+    'BoostPolicyHandler' : [ 0x2c, ['pointer', ['void']]],
+    'BoostModeHandler' : [ 0x30, ['pointer', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0x34, ['pointer', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x38, ['pointer', ['void']]],
+    'AutonomousModeHandler' : [ 0x3c, ['pointer', ['void']]],
+    'ReinitializeHandler' : [ 0x40, ['pointer', ['void']]],
+    'PerfSelectionHandler' : [ 0x44, ['pointer', ['void']]],
+    'PerfControlHandler' : [ 0x48, ['pointer', ['void']]],
+    'MaxFrequency' : [ 0x4c, ['unsigned long']],
+    'NominalFrequency' : [ 0x50, ['unsigned long']],
+    'MaxPercent' : [ 0x54, ['unsigned long']],
+    'MinPerfPercent' : [ 0x58, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x5c, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x60, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x68, ['unsigned long long']],
+    'Coordination' : [ 0x70, ['unsigned char']],
+    'HardPlatformCap' : [ 0x71, ['unsigned char']],
+    'AffinitizeControl' : [ 0x72, ['unsigned char']],
+    'EfficientThrottle' : [ 0x73, ['unsigned char']],
+    'AutonomousMode' : [ 0x74, ['unsigned char']],
+    'SelectedPercent' : [ 0x78, ['unsigned long']],
+    'SelectedFrequency' : [ 0x7c, ['unsigned long']],
+    'DesiredPercent' : [ 0x80, ['unsigned long']],
+    'MaxPolicyPercent' : [ 0x84, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x88, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0x8c, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0x90, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x94, ['unsigned long']],
+    'TolerancePercent' : [ 0x98, ['unsigned long']],
+    'SelectedState' : [ 0xa0, ['unsigned long long']],
+    'PerfChangeTime' : [ 0xa8, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0xb0, ['unsigned long']],
+    'Force' : [ 0xb4, ['unsigned char']],
+    'ProvideGuidance' : [ 0xb5, ['unsigned char']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_TABLE' : [ 0x600, {
+    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0x50, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Type' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0xa0, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x20, ['array', 128, ['unsigned char']]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0xc, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x4, ['pointer', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x8, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_RELATION_LIST' : [ 0x8, {
+    'DeviceObjectList' : [ 0x0, ['pointer', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x4, ['unsigned char']],
+} ],
+  '_IO_TIMER' : [ 0x18, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x4, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x80, {
+    'TransitionSharedPages' : [ 0x0, ['unsigned long']],
+    'TransitionSharedPagesPeak' : [ 0x4, ['array', 3, ['unsigned long']]],
+    'FirstDecayPage' : [ 0x10, ['unsigned long']],
+    'PfnDecayFreeSList' : [ 0x18, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x24, ['_KDPC']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'Enabled' : [ 0x4, ['unsigned long']],
+    'DisableAccessLogging' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'MinLoggingPriority' : [ 0x18, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0xc, {
+    'QueueHead' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'QueueTail' : [ 0x4, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x48, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long']],
+    'SpecialPoolPdes' : [ 0x3c, ['_RTL_BITMAP']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x4, {
+    'LogHandleContext' : [ 0x0, ['pointer', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x10, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x4, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x8, ['pointer', ['unsigned long']]],
+    'Conflicts' : [ 0xc, ['pointer', ['pointer', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x10, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0xc, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x4c, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x4, ['_KMUTANT']],
+    'Lock' : [ 0x24, ['_FAST_MUTEX']],
+    'List' : [ 0x44, ['_LIST_ENTRY']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x40, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x8, ['short']],
+    'SpecialApcDisable' : [ 0xa, ['short']],
+    'CombinedApcDisable' : [ 0x8, ['unsigned long']],
+    'Irql' : [ 0xc, ['unsigned char']],
+    'StackTrace' : [ 0x10, ['array', 12, ['pointer', ['void']]]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x10, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x8, ['_PO_IRP_QUEUE']],
+} ],
+  '_SEP_LOWBOX_HANDLES_TABLE' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x4, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2657' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2659' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x10, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0xc, ['__unnamed_2657']],
+    'Button' : [ 0xc, ['__unnamed_2659']],
+} ],
+  '_KDPC_DATA' : [ 0x18, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x8, ['unsigned long']],
+    'DpcQueueDepth' : [ 0xc, ['long']],
+    'DpcCount' : [ 0x10, ['unsigned long']],
+    'ActiveDpc' : [ 0x14, ['pointer', ['_KDPC']]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_KSCB' : [ 0xf8, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x50, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare1' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x5d, ['unsigned char']],
+    'ReadySummary' : [ 0x5e, ['unsigned short']],
+    'Rank' : [ 0x60, ['unsigned long']],
+    'ReadyListHead' : [ 0x64, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0xe4, ['_RTL_RB_TREE']],
+    'Parent' : [ 0xec, ['pointer', ['_KSCB']]],
+    'Root' : [ 0xf0, ['pointer', ['_KSCB']]],
+} ],
+  '__unnamed_2668' : [ 0x8, {
+    'UserData' : [ 0x0, ['pointer', ['void']]],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_2669' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2668']],
+    'Merged' : [ 0x10, ['__unnamed_2669']],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'PublicFlags' : [ 0x19, ['unsigned char']],
+    'PrivateFlags' : [ 0x1a, ['unsigned short']],
+    'ListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x4, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x8, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x40, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x10, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x14, ['long']],
+    'FirstReservedZeroingPte' : [ 0x18, ['pointer', ['_MMPTE']]],
+    'RebalanceZeroFreeWorkItem' : [ 0x1c, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x2c, ['long']],
+    'Gate' : [ 0x30, ['_KGATE']],
+} ],
+  '__unnamed_2676' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_2676']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x4, ['_LIST_ENTRY']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Processors' : [ 0x4, ['unsigned long']],
+    'ActiveProcessors' : [ 0x8, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x10, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_268e' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2690' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_268e']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0xa8, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x4, ['pointer', ['void']]],
+    'EtwHandlesListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_2690']],
+    'Signature' : [ 0x14, ['unsigned long']],
+    'PoolPageHeaders' : [ 0x18, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x20, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x28, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x2c, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x30, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x34, ['unsigned long']],
+    'PagedBytes' : [ 0x38, ['unsigned long']],
+    'NonPagedBytes' : [ 0x3c, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x40, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x44, ['unsigned long']],
+    'RaiseIrqls' : [ 0x48, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x4c, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x50, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x54, ['unsigned long']],
+    'AllocationsFailed' : [ 0x58, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x5c, ['unsigned long']],
+    'LockedBytes' : [ 0x60, ['unsigned long']],
+    'PeakLockedBytes' : [ 0x64, ['unsigned long']],
+    'MappedLockedBytes' : [ 0x68, ['unsigned long']],
+    'PeakMappedLockedBytes' : [ 0x6c, ['unsigned long']],
+    'MappedIoSpaceBytes' : [ 0x70, ['unsigned long']],
+    'PeakMappedIoSpaceBytes' : [ 0x74, ['unsigned long']],
+    'PagesForMdlBytes' : [ 0x78, ['unsigned long']],
+    'PeakPagesForMdlBytes' : [ 0x7c, ['unsigned long']],
+    'ContiguousMemoryBytes' : [ 0x80, ['unsigned long']],
+    'PeakContiguousMemoryBytes' : [ 0x84, ['unsigned long']],
+    'ContiguousMemoryListHead' : [ 0x88, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x2c, {
+    'Sibling' : [ 0x0, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long']],
+    'PipelinedReadAheadRequestSize' : [ 0x54, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x58, ['unsigned long']],
+    'PrivateLinks' : [ 0x5c, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned long']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0x6c, {
+    'FixupLock' : [ 0x0, ['long']],
+    'FixupList' : [ 0x4, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0xc, ['_KMUTANT']],
+    'FirstLoadEver' : [ 0x2c, ['unsigned char']],
+    'LargePageAll' : [ 0x2d, ['unsigned char']],
+    'LastPage' : [ 0x30, ['unsigned long']],
+    'LargePageList' : [ 0x34, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x3c, ['pointer', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x40, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x44, ['array', 2, ['pointer', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x4c, ['unsigned long']],
+    'PageCounts' : [ 0x50, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0x60, ['_EX_PUSH_LOCK']],
+    'ErrataPte' : [ 0x64, ['pointer', ['_MMPTE']]],
+    'ErrataPteMapped' : [ 0x68, ['unsigned long']],
+} ],
+  '_PTE_TRACKER' : [ 0x44, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'Count' : [ 0xc, ['unsigned long']],
+    'SystemVa' : [ 0x10, ['pointer', ['void']]],
+    'StartVa' : [ 0x14, ['pointer', ['void']]],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'IoMapping' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x24, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x24, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x24, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x24, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x28, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x4, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'IsInTempBin' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0xc, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_26c2' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0x5c, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x8, ['pointer', ['void']]],
+    'ExceptionTableSize' : [ 0xc, ['unsigned long']],
+    'GpValue' : [ 0x10, ['pointer', ['void']]],
+    'NonPagedDebugInfo' : [ 0x14, ['pointer', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'LoadCount' : [ 0x38, ['unsigned short']],
+    'u1' : [ 0x3a, ['__unnamed_26c2']],
+    'SectionPointer' : [ 0x3c, ['pointer', ['void']]],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x44, ['unsigned long']],
+    'CoverageSection' : [ 0x48, ['pointer', ['void']]],
+    'LoadedImports' : [ 0x4c, ['pointer', ['void']]],
+    'Spare' : [ 0x50, ['pointer', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x54, ['unsigned long']],
+    'TimeDateStamp' : [ 0x58, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x28, {
+    'InstantaneousRead' : [ 0x0, ['pointer', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'Scaling' : [ 0x22, ['unsigned char']],
+    'Context' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x38, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x4, ['long']],
+    'PrefetchSeekThreshold' : [ 0x8, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x24, ['unsigned long']],
+    'DelayPageFaults' : [ 0x28, ['long']],
+    'FileCompressionBoundary' : [ 0x2c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x30, ['unsigned char']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x14, {
+    'BlockOffset' : [ 0x0, ['unsigned long']],
+    'PermanentBinAddress' : [ 0x4, ['unsigned long']],
+    'TemporaryBinAddress' : [ 0x8, ['unsigned long']],
+    'TemporaryBinRundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+    'MemAlloc' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x1c, {
+    'HashLink' : [ 0x0, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x4, ['unsigned short']],
+    'Atom' : [ 0x6, ['unsigned short']],
+    'Reference' : [ 0x8, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x18, ['unsigned char']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x400, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_DUAL' : [ 0x19c, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x4, ['pointer', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x8, ['pointer', ['_HMAP_TABLE']]],
+    'Guard' : [ 0xc, ['unsigned long']],
+    'FreeDisplay' : [ 0x10, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x190, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x198, ['unsigned long']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x4, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_26f1' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_26f4' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0xf8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'CollidedEvent' : [ 0x20, ['_KEVENT']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ApcState' : [ 0x40, ['_KAPC_STATE']],
+    'Thread' : [ 0x58, ['pointer', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0x5c, ['pointer', ['_MMPFN']]],
+    'PteContents' : [ 0x60, ['_MMPTE']],
+    'WaitCount' : [ 0x68, ['long']],
+    'ByteCount' : [ 0x6c, ['unsigned long']],
+    'u3' : [ 0x70, ['__unnamed_26f1']],
+    'u1' : [ 0x74, ['__unnamed_26f4']],
+    'FilePointer' : [ 0x78, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x7c, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x7c, ['pointer', ['_SUBSECTION']]],
+    'Autoboost' : [ 0x80, ['pointer', ['void']]],
+    'FaultingAddress' : [ 0x84, ['pointer', ['void']]],
+    'PointerPte' : [ 0x88, ['pointer', ['_MMPTE']]],
+    'BasePte' : [ 0x8c, ['pointer', ['_MMPTE']]],
+    'Pfn' : [ 0x90, ['pointer', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x98, ['_MDL']],
+    'Page' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'FlowThrough' : [ 0xb4, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x8, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'Node' : [ 0x4, ['unsigned long']],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x10, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CloneCommitCount' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0x8, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1', 19: 'NotifyTransportRelationsChange', 20: 'NotifyEjectionRelationsChange', 21: 'ConfigureDevice', 22: 'ConfigureDeviceClass', 23: 'ConfigureDeviceExtensions', 24: 'ConfigureDeviceReset'})]],
+    'ReorderingBarrier' : [ 0x10, ['unsigned char']],
+    'RequestArgument' : [ 0x14, ['unsigned long']],
+    'CompletionEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x1c, ['pointer', ['long']]],
+    'ActivityId' : [ 0x20, ['_GUID']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'LowboxNumber' : [ 0x14, ['unsigned long']],
+    'AtomTable' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x20, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x14, ['long']],
+    'Active' : [ 0x18, ['long']],
+    'FreeWhenDone' : [ 0x1c, ['unsigned char']],
+} ],
+  '_MI_CFG_BITMAP_INFO' : [ 0xc, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'RegionSize' : [ 0x4, ['unsigned long']],
+    'BitmapVad' : [ 0x8, ['pointer', ['_MMVAD']]],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x48, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'ResumeItem' : [ 0xc, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'MirroringActive' : [ 0x30, ['unsigned long']],
+    'MirrorBitMaps' : [ 0x34, ['array', 2, ['_RTL_BITMAP']]],
+    'CrashDumpPte' : [ 0x44, ['pointer', ['_MMPTE']]],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x30, {
+    'TransferAddress' : [ 0x0, ['pointer', ['void']]],
+    'ZeroBits' : [ 0x4, ['unsigned long']],
+    'MaximumStackSize' : [ 0x8, ['unsigned long']],
+    'CommittedStackSize' : [ 0xc, ['unsigned long']],
+    'SubSystemType' : [ 0x10, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x14, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x16, ['unsigned short']],
+    'SubSystemVersion' : [ 0x14, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x18, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x1a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x18, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x1c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x1e, ['unsigned short']],
+    'Machine' : [ 0x20, ['unsigned short']],
+    'ImageContainsCode' : [ 0x22, ['unsigned char']],
+    'ImageFlags' : [ 0x23, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x23, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x23, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x23, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x23, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x23, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x23, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x23, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x24, ['unsigned long']],
+    'ImageFileSize' : [ 0x28, ['unsigned long']],
+    'CheckSum' : [ 0x2c, ['unsigned long']],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x3c, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x8, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x10, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x14, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x18, ['pointer', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x18, ['array', 4, ['pointer', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x18, ['pointer', ['void']]],
+    'SessionId' : [ 0x1c, ['unsigned long']],
+    'Process' : [ 0x28, ['pointer', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['void']]],
+    'Callback' : [ 0x2c, ['pointer', ['void']]],
+    'Index' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned char']],
+    'DbgKernelRegistration' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgUserRegistration' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgReplyRegistration' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DbgClassicRegistration' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'DbgSessionSpaceRegistration' : [ 0x32, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DbgModernRegistration' : [ 0x32, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DbgClosed' : [ 0x32, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DbgInserted' : [ 0x32, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'EnableMask' : [ 0x33, ['unsigned char']],
+    'GroupEnableMask' : [ 0x34, ['unsigned char']],
+    'UseDescriptorType' : [ 0x35, ['unsigned char']],
+    'Traits' : [ 0x38, ['pointer', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0xa4, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x4, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x8, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x18, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'ServerSectionBase' : [ 0x24, ['pointer', ['void']]],
+    'PortContext' : [ 0x28, ['pointer', ['void']]],
+    'ClientThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x3c, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0x78, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0x80, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MappingProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0x8c, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0x8e, ['unsigned short']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'WaitEvent' : [ 0x94, ['_KEVENT']],
+} ],
+  '_HVIEW_MAP_PIN_LOG' : [ 0x308, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x8, ['unsigned long']],
+    'Alternatives' : [ 0xc, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'WorkSpace' : [ 0x1c, ['long']],
+    'InterfaceType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x24, ['unsigned long']],
+    'BusNumber' : [ 0x28, ['unsigned long']],
+    'Assignment' : [ 0x2c, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x30, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x40, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x3c, ['unsigned long']],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'Traits' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x58, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x4, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x34, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'PackagedBinary' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x34, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x34, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x34, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x34, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x34, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x34, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x34, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x34, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x34, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x34, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x34, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x34, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x34, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x34, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x34, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x34, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x34, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x34, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x34, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x34, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x38, ['unsigned short']],
+    'TlsIndex' : [ 0x3a, ['unsigned short']],
+    'HashLinks' : [ 0x3c, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x48, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x4c, ['pointer', ['void']]],
+    'DdagNode' : [ 0x50, ['pointer', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0x54, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0x5c, ['pointer', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0x60, ['pointer', ['void']]],
+    'SwitchBackContext' : [ 0x64, ['pointer', ['void']]],
+    'BaseAddressIndexNode' : [ 0x68, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0x74, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0x80, ['unsigned long']],
+    'LoadTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x90, ['unsigned long']],
+    'LoadReason' : [ 0x94, ['Enumeration', dict(target = 'long', choices = {0: 'LoadReasonStaticDependency', 1: 'LoadReasonStaticForwarderDependency', 2: 'LoadReasonDynamicForwarderDependency', 3: 'LoadReasonDelayloadDependency', 4: 'LoadReasonDynamicLoad', 5: 'LoadReasonAsImageLoad', 6: 'LoadReasonAsDataLoad', -1: 'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x98, ['unsigned long']],
+    'ReferenceCount' : [ 0x9c, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x18, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x8, ['long']],
+    'Misses' : [ 0xc, ['unsigned long']],
+    'MissesLast' : [ 0x10, ['unsigned long']],
+    'AllStacksInUse' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_DRIVER_VA' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'Hint' : [ 0x10, ['unsigned long']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x2c, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x8, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0xc, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x10, ['unsigned long']],
+    'LowestLink' : [ 0x14, ['unsigned long']],
+    'Dependencies' : [ 0x18, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x1c, ['_LDRP_CSLIST']],
+    'State' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'LdrModulesPlaceHolder', 1: 'LdrModulesMapping', 2: 'LdrModulesMapped', 3: 'LdrModulesWaitingForDependencies', 4: 'LdrModulesSnapping', 5: 'LdrModulesSnapped', 6: 'LdrModulesCondensed', 7: 'LdrModulesReadyToInit', 8: 'LdrModulesInitializing', 9: 'LdrModulesReadyToRun', '\xfb': 'LdrModulesMerged', '\xfd': 'LdrModulesSnapError', '\xfc': 'LdrModulesInitError', -1: 'LdrModulesUnloading', '\xfe': 'LdrModulesUnloaded'})]],
+    'CondenseLink' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x28, ['unsigned long']],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x104, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x14, ['pointer', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x18, ['pointer', ['_KSEMAPHORE']]],
+    'Order' : [ 0x1c, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0xec, ['_LIST_ENTRY']],
+    'Status' : [ 0xf4, ['long']],
+    'FailedDevice' : [ 0xf8, ['pointer', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0xfc, ['unsigned char']],
+    'Cancelled' : [ 0xfd, ['unsigned char']],
+    'IgnoreErrors' : [ 0xfe, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0xff, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x100, ['unsigned char']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x8, {
+    'PreferredMask' : [ 0x0, ['unsigned long']],
+    'AvailableMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x8, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'CallerType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x8, ['unsigned long']],
+    'DevicePathOffset' : [ 0xc, ['unsigned long']],
+    'ReasonOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '__unnamed_276f' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_2771' : [ 0x4, {
+    'NumberOfChildViews' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2773' : [ 0x4, {
+    'AlignmentNoAccessPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SUBSECTION' : [ 0x28, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0xc, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0xc, ['pointer', ['_MI_SUBSECTION_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0xc, ['pointer', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x10, ['__unnamed_276f']],
+    'StartingSector' : [ 0x14, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x18, ['unsigned long']],
+    'PtesInSubsection' : [ 0x1c, ['unsigned long']],
+    'u1' : [ 0x20, ['__unnamed_2771']],
+    'UnusedPtes' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u2' : [ 0x24, ['__unnamed_2773']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x4, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x8, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x14, ['unsigned long']],
+    'PagingCount' : [ 0x18, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x1c, ['unsigned char']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x44, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xc, ['_UNICODE_STRING']],
+    'Latency' : [ 0x14, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x18, ['unsigned long']],
+    'Power' : [ 0x1c, ['unsigned long']],
+    'StateFlags' : [ 0x20, ['unsigned long']],
+    'VetoAccounting' : [ 0x24, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0x3c, ['unsigned char']],
+    'InterruptsEnabled' : [ 0x3d, ['unsigned char']],
+    'Interruptible' : [ 0x3e, ['unsigned char']],
+    'ContextRetained' : [ 0x3f, ['unsigned char']],
+    'CacheCoherent' : [ 0x40, ['unsigned char']],
+    'WakesSpuriously' : [ 0x41, ['unsigned char']],
+    'PlatformOnly' : [ 0x42, ['unsigned char']],
+    'NoCState' : [ 0x43, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x154, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'State' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x1c, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x3c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x50, ['_GUID']],
+    'NotificationQueue' : [ 0x60, ['_KQUEUE']],
+    'NotificationMutex' : [ 0x88, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0xa8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xb0, ['unsigned long']],
+    'NotificationRoutine' : [ 0xb4, ['pointer', ['void']]],
+    'Key' : [ 0xb8, ['pointer', ['void']]],
+    'ProtocolListHead' : [ 0xbc, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0xc4, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0xcc, ['_LIST_ENTRY']],
+    'Tm' : [ 0xd4, ['pointer', ['_KTM']]],
+    'Description' : [ 0xd8, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0xe0, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x140, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'DeadPteTrackerSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x8, ['unsigned long']],
+    'MdlTrackerLookaside' : [ 0x40, ['_NPAGED_LOOKASIDE_LIST']],
+    'PteTrackingBitmap' : [ 0x100, ['_RTL_BITMAP']],
+    'CachedPteHeads' : [ 0x108, ['pointer', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0x10c, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPages' : [ 0x140, ['unsigned char']],
+    'QueuedStacks' : [ 0x148, ['_SLIST_HEADER']],
+    'StackGrowthFailures' : [ 0x150, ['unsigned long']],
+    'TrackPtesAborted' : [ 0x154, ['unsigned char']],
+    'AdjustCounter' : [ 0x155, ['unsigned char']],
+    'QueuedStacksWorkItem' : [ 0x158, ['_MI_QUEUED_DEADSTACK_WORKITEM']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x34, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x8, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0xc, ['long']],
+    'HighWaterMark' : [ 0x10, ['unsigned long']],
+    'Reserved' : [ 0x14, ['array', 8, ['unsigned long']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_27a3' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x14, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long']],
+    'NodeCount' : [ 0x4, ['unsigned long']],
+    'Tables' : [ 0x8, ['pointer', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0xc, ['unsigned long']],
+    'u1' : [ 0x10, ['__unnamed_27a3']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['unsigned char']],
+    'DripsRequiredState' : [ 0x8, ['unsigned long']],
+    'Level' : [ 0xc, ['long']],
+    'ActiveStamp' : [ 0x10, ['long long']],
+    'CsActiveTime' : [ 0x18, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x20, ['long long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x20, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Link' : [ 0x14, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x1c, ['pointer', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x19c, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0xc0, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x14, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x30, ['pointer', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x34, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x3c, ['long']],
+    'ActiveEvent' : [ 0x40, ['_KEVENT']],
+    'IdleLock' : [ 0x50, ['unsigned long']],
+    'IdleConditionComplete' : [ 0x54, ['long']],
+    'IdleStateComplete' : [ 0x58, ['long']],
+    'IdleStamp' : [ 0x60, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x68, ['unsigned long']],
+    'IdleStateCount' : [ 0x6c, ['unsigned long']],
+    'IdleStates' : [ 0x70, ['pointer', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0x74, ['unsigned long']],
+    'ProviderCount' : [ 0x78, ['unsigned long']],
+    'Providers' : [ 0x7c, ['pointer', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0x80, ['unsigned long']],
+    'DependentCount' : [ 0x84, ['unsigned long']],
+    'Dependents' : [ 0x88, ['pointer', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0x90, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0xb8, ['pointer', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x1c, {
+    'ComponentActive' : [ 0x0, ['pointer', ['void']]],
+    'ComponentIdle' : [ 0x4, ['pointer', ['void']]],
+    'ComponentIdleState' : [ 0x8, ['pointer', ['void']]],
+    'DevicePowerRequired' : [ 0xc, ['pointer', ['void']]],
+    'DevicePowerNotRequired' : [ 0x10, ['pointer', ['void']]],
+    'PowerControl' : [ 0x14, ['pointer', ['void']]],
+    'ComponentCriticalTransition' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PROVIDER_BINARY_ENTRY' : [ 0x2c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x8, ['unsigned char']],
+    'Spare' : [ 0x9, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0xc, ['unsigned long']],
+    'DebugId' : [ 0x10, ['_CVDD']],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x40f0, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x14, ['unsigned long']],
+    'ResourceAddressRange' : [ 0x18, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x2010, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x2014, ['unsigned long']],
+    'ThreadAddressRange' : [ 0x2018, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x4010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x4014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x4018, ['unsigned long']],
+    'NodesSearched' : [ 0x401c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x4020, ['unsigned long']],
+    'SequenceNumber' : [ 0x4024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x4028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x402c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x4030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x4034, ['unsigned long']],
+    'StackLimitHits' : [ 0x4038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x403c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x4040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x4044, ['unsigned long']],
+    'TotalReleases' : [ 0x4048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x404c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x4050, ['unsigned long']],
+    'Instigator' : [ 0x4054, ['pointer', ['void']]],
+    'NumberOfParticipants' : [ 0x4058, ['unsigned long']],
+    'Participant' : [ 0x405c, ['array', 32, ['pointer', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x40dc, ['long']],
+    'StackType' : [ 0x40e0, ['Enumeration', dict(target = 'long', choices = {0: 'BugcheckStackLimits', 1: 'DPCStackLimits', 2: 'ExpandedStackLimits', 3: 'NormalStackLimits', 4: 'Win32kStackLimits', 5: 'SwapBusyStackLimits', 6: 'IsrStackLimits', 7: 'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x40e4, ['unsigned long']],
+    'StackHighLimit' : [ 0x40e8, ['unsigned long']],
+} ],
+  '_KTM' : [ 0x238, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x4, ['_KMUTANT']],
+    'State' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x28, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x3c, ['_GUID']],
+    'Flags' : [ 0x4c, ['unsigned long']],
+    'VolatileFlags' : [ 0x50, ['unsigned long']],
+    'LogFileName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x5c, ['pointer', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0x60, ['pointer', ['void']]],
+    'LogManagementContext' : [ 0x64, ['pointer', ['void']]],
+    'Transactions' : [ 0x68, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0xc8, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x128, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x148, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x150, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x158, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x178, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x180, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x188, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x190, ['pointer', ['void']]],
+    'TmRm' : [ 0x194, ['pointer', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x198, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x1b8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x1c0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x1d0, ['_ERESOURCE']],
+    'LogFlags' : [ 0x208, ['unsigned long']],
+    'LogFullStatus' : [ 0x20c, ['long']],
+    'RecoveryStatus' : [ 0x210, ['long']],
+    'LastCheckBaseLsn' : [ 0x218, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x220, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x228, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x30, {
+    'PagesLoad' : [ 0x0, ['long']],
+    'PagesAverage' : [ 0x4, ['unsigned long']],
+    'AverageAvailablePages' : [ 0x8, ['unsigned long']],
+    'PagesWritten' : [ 0xc, ['unsigned long']],
+    'WritesIssued' : [ 0x10, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x14, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x18, ['unsigned long']],
+    'WriteBurstCount' : [ 0x1c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x20, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x28, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x2e, ['unsigned short']],
+} ],
+  '_VF_BTS_RECORD' : [ 0xc, {
+    'JumpedFrom' : [ 0x0, ['pointer', ['void']]],
+    'JumpedTo' : [ 0x4, ['pointer', ['void']]],
+    'Unused1' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Predicted' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Unused2' : [ 0x8, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_KTRANSACTION' : [ 0x1e0, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'Mutex' : [ 0x14, ['_KMUTANT']],
+    'TreeTx' : [ 0x34, ['pointer', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x38, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x4c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0x60, ['_GUID']],
+    'State' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0x74, ['unsigned long']],
+    'EnlistmentHead' : [ 0x78, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x80, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0x84, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0x88, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0x8c, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0x90, ['unsigned long']],
+    'PendingResponses' : [ 0x94, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0x98, ['pointer', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xa0, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0xb0, ['pointer', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0xb4, ['pointer', ['void']]],
+    'IsolationLevel' : [ 0xb8, ['unsigned long']],
+    'IsolationFlags' : [ 0xbc, ['unsigned long']],
+    'Timeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'Description' : [ 0xc8, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0xd0, ['pointer', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0xd4, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0xe4, ['_KDPC']],
+    'RollbackTimer' : [ 0x108, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x130, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x138, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x13c, ['pointer', ['_KTM']]],
+    'CommitReservation' : [ 0x140, ['long long']],
+    'TransactionHistory' : [ 0x148, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x198, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x19c, ['pointer', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x1a0, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x1a4, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x1c4, ['pointer', ['void']]],
+    'PendingPromotionCount' : [ 0x1c8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x1cc, ['_KEVENT']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_UOW' : [ 0x38, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x8, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0xc, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x18, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x1c, ['pointer', ['_CM_TRANS']]],
+    'UoWState' : [ 0x20, ['unsigned long']],
+    'ActionType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x30, ['unsigned long']],
+    'OldValueCell' : [ 0x30, ['unsigned long']],
+    'NewValueCell' : [ 0x34, ['unsigned long']],
+    'UserFlags' : [ 0x30, ['unsigned long']],
+    'LastWriteTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x30, ['unsigned long']],
+    'OldChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x34, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x34, ['unsigned long']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x320, {
+    'ContextFrame' : [ 0x0, ['_CONTEXT']],
+    'SpecialRegisters' : [ 0x2cc, ['_KSPECIAL_REGISTERS']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x10, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'DueTickCount' : [ 0xc, ['unsigned long']],
+    'Inserted' : [ 0x10, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x11, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_281d' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_281f' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_281d']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_281f']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x2c, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'RealRefCount' : [ 0x14, ['unsigned long']],
+    'Descriptor' : [ 0x18, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_CM_NAME_HASH' : [ 0xc, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'Name' : [ 0xa, ['array', 1, ['wchar']]],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x8, {
+    'CurrentIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'PendingIrpList' : [ 0x4, ['pointer', ['_IRP']]],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_2834' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0x6c, {
+    'Parent' : [ 0x0, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x4, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0xc, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'Root' : [ 0x1c, ['pointer', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x20, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x24, ['__unnamed_2834']],
+    'ChildrenCount' : [ 0x28, ['long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'ParentStackTrace' : [ 0x4c, ['array', 8, ['pointer', ['void']]]],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0x60, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x38, ['_KMUTANT']],
+    'LinksOffset' : [ 0x58, ['unsigned short']],
+    'GuidOffset' : [ 0x5a, ['unsigned short']],
+    'Expired' : [ 0x5c, ['unsigned char']],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x10, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x4, ['pointer', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x8, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x4, ['pointer', ['_HHIVE']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_HVIEW_MAP_ENTRY' : [ 0x18, {
+    'ViewStart' : [ 0x0, ['pointer', ['void']]],
+    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Bcb' : [ 0x4, ['pointer', ['void']]],
+    'PinnedPages' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x8, {
+    'Stream' : [ 0x0, ['pointer', ['void']]],
+    'Detail' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x48, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x1c, ['pointer', ['void']]],
+    'Enabled' : [ 0x20, ['unsigned char']],
+    'ActiveEngaged' : [ 0x21, ['unsigned char']],
+    'ThrottleLimit' : [ 0x22, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x23, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x24, ['pointer', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x28, ['pointer', ['_KEVENT']]],
+    'Interface' : [ 0x2c, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'HashKey' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x8, {
+    'Start' : [ 0x0, ['pointer', ['unsigned char']]],
+    'End' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x18, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x18, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x14, ['pointer', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x14, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x8, ['pointer', ['void']]],
+    'Key' : [ 0xc, ['unsigned long']],
+    'BindingProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x204, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'HashTable' : [ 0x4, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x38, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x2c, ['array', 3, ['unsigned long']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x14, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x10, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COLORED_PAGE_INFO' : [ 0x10, {
+    'BeingZeroed' : [ 0x0, ['long']],
+    'Processor' : [ 0x4, ['unsigned long']],
+    'PagesQueued' : [ 0x8, ['unsigned long']],
+    'PfnAllocation' : [ 0xc, ['pointer', ['_MMPFN']]],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x8, ['pointer', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_MI_POOL_STATE' : [ 0x4e8, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolSListMaximum' : [ 0x4, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x10, ['unsigned long']],
+    'BadPoolHead' : [ 0x14, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x18, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x1c, ['unsigned char']],
+    'PoolFailures' : [ 0x20, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x44, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x70, ['unsigned long']],
+    'HighPagedPoolThreshold' : [ 0x74, ['unsigned long']],
+    'SpecialPoolPdesMax' : [ 0x78, ['long']],
+    'NonPagedPoolNodes' : [ 0x7c, ['array', 1024, ['unsigned char']]],
+    'PagedProtoPoolInfo' : [ 0x47c, ['_MM_PAGED_POOL_INFO']],
+    'PagedPoolSListMaximum' : [ 0x498, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x49c, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0x4ac, ['unsigned long']],
+    'SpecialPoolRejected' : [ 0x4b0, ['array', 9, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0x4d4, ['unsigned long']],
+    'SpecialPoolPdes' : [ 0x4d8, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0x4dc, ['unsigned long']],
+    'TotalPagedPoolQuota' : [ 0x4e0, ['unsigned long']],
+    'TotalNonPagedPoolQuota' : [ 0x4e4, ['unsigned long']],
+} ],
+  '_STACK_TABLE' : [ 0x8040, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x4, ['array', 16, ['pointer', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x44, ['array', 16381, ['unsigned short']]],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x13c, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'OffloadedAudio' : [ 0x12d, ['unsigned char']],
+    'NonOffloadedAudio' : [ 0x12e, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12f, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsUserAwaySetting' : [ 0x134, ['unsigned char']],
+    'WiFiInStandby' : [ 0x138, ['unsigned long']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_DEFERRED_WRITE' : [ 0x24, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x8, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'PostRoutine' : [ 0x18, ['pointer', ['void']]],
+    'Context1' : [ 0x1c, ['pointer', ['void']]],
+    'Context2' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_28a5' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_28a7' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_28a5']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_28a7']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x34, {
+    'IoPfnLock' : [ 0x0, ['unsigned long']],
+    'IoPfnRoot' : [ 0x4, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x10, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x18, ['unsigned long']],
+    'IoCacheStats' : [ 0x1c, ['_MI_IO_CACHE_STATS']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x4, ['pointer', ['_ARBITER_ORDERING']]],
+} ],
+  '_VF_AVL_TABLE' : [ 0x80, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x38, ['pointer', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x3c, ['pointer', ['void']]],
+    'Lock' : [ 0x40, ['long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['long']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DeviceNode' : [ 0x1c, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '__unnamed_28c3' : [ 0x8, {
+    'EndingOffset' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x4, ['pointer', ['pointer', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_28c5' : [ 0x4, {
+    'ResourceToRelease' : [ 0x0, ['pointer', ['_ERESOURCE']]],
+} ],
+  '__unnamed_28cb' : [ 0xc, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_28cf' : [ 0x8, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x4, ['unsigned char']],
+} ],
+  '__unnamed_28d1' : [ 0x14, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+    'Argument5' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x14, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_28c3']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_28c5']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_28cb']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_28cf']],
+    'Others' : [ 0x0, ['__unnamed_28d1']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x4, {
+    'Function' : [ 0x0, ['pointer', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x78, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x70, ['pointer', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x4, ['unsigned long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ActiveCooling' : [ 0x14, ['pointer', ['void']]],
+    'PassiveCooling' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x18, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Next' : [ 0x14, ['pointer', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_PROC_PERF_CHECK' : [ 0xc0, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'Snap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'TempSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'TaggedThreadPercent' : [ 0xb8, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0xba, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0xbb, ['unsigned char']],
+} ],
+  '__unnamed_28ea' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_28ec' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_28ee' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_28ea']],
+    'Interrupt' : [ 0x0, ['__unnamed_28ec']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_28ec']],
+    'Sci' : [ 0x0, ['__unnamed_28ec']],
+    'Nmi' : [ 0x0, ['__unnamed_28ec']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_28ee']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x140, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'VerifyKernelPhaseOnResume' : [ 0x3, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x4, ['unsigned char']],
+    'InitializationFinished' : [ 0x5, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x28, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x30, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x38, ['unsigned long']],
+    'ClonedPageCount' : [ 0x40, ['unsigned long long']],
+    'CurrentMap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x4c, ['pointer', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x50, ['unsigned long']],
+    'LoaderMdl' : [ 0x54, ['pointer', ['_MDL']]],
+    'AllocatedMdl' : [ 0x58, ['pointer', ['_MDL']]],
+    'PagesOut' : [ 0x60, ['unsigned long long']],
+    'IoPages' : [ 0x68, ['pointer', ['void']]],
+    'IoPagesCount' : [ 0x6c, ['unsigned long']],
+    'CurrentMcb' : [ 0x70, ['pointer', ['void']]],
+    'DumpStack' : [ 0x74, ['pointer', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x78, ['pointer', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0x7c, ['unsigned long']],
+    'Status' : [ 0x80, ['long']],
+    'GraphicsProc' : [ 0x84, ['unsigned long']],
+    'MemoryImage' : [ 0x88, ['pointer', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0x8c, ['pointer', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0x90, ['pointer', ['_MDL']]],
+    'SiLogOffset' : [ 0x94, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0x98, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0x9c, ['pointer', ['void']]],
+    'ResumeContext' : [ 0xa0, ['pointer', ['void']]],
+    'ResumeContextPages' : [ 0xa4, ['unsigned long']],
+    'ProcessorCount' : [ 0xa8, ['unsigned long']],
+    'ProcessorContext' : [ 0xac, ['pointer', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0xb0, ['pointer', ['unsigned char']]],
+    'ProdConsSize' : [ 0xb4, ['unsigned long']],
+    'MaxDataPages' : [ 0xb8, ['unsigned long']],
+    'ExtraBuffer' : [ 0xbc, ['pointer', ['void']]],
+    'ExtraBufferSize' : [ 0xc0, ['unsigned long']],
+    'ExtraMapVa' : [ 0xc4, ['pointer', ['void']]],
+    'BitlockerKeyPFN' : [ 0xc8, ['unsigned long']],
+    'IoInfo' : [ 0xd0, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x130, ['pointer', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x134, ['unsigned long']],
+    'HardwareConfigurationSignature' : [ 0x138, ['unsigned long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x40, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x8, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0x60, {
+    'Component' : [ 0x0, ['pointer', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x4, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x14, ['pointer', ['void']]],
+    'Flags' : [ 0x18, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x1c, ['pointer', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x20, ['unsigned long']],
+    'LastChangeStamp' : [ 0x28, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x30, ['unsigned char']],
+    'PepRegistered' : [ 0x31, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x32, ['unsigned char']],
+    'RequestDriverContext' : [ 0x34, ['pointer', ['void']]],
+    'WorkOrder' : [ 0x38, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x54, ['unsigned long']],
+    'Sets' : [ 0x58, ['pointer', ['_POP_FX_PERF_SET']]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0xc, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'MpnId' : [ 0x4, ['unsigned short']],
+    'Node' : [ 0x6, ['unsigned short']],
+    'Channel' : [ 0x8, ['unsigned short']],
+    'IsPowerManageable' : [ 0xa, ['unsigned char']],
+    'DeepPowerState' : [ 0xb, ['unsigned char']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x100, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0xc0, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0xc8, ['pointer', ['void']]],
+    'PointersLength' : [ 0xcc, ['unsigned long']],
+    'ModulePrefix' : [ 0xd0, ['pointer', ['unsigned short']]],
+    'DriverList' : [ 0xd4, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0xdc, ['_STRING']],
+    'ProgMsg' : [ 0xe4, ['_STRING']],
+    'DoneMsg' : [ 0xec, ['_STRING']],
+    'FileObject' : [ 0xf4, ['pointer', ['void']]],
+    'UsageType' : [ 0xf8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_PAE_PAGEINFO' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'PageFrameNumber' : [ 0x8, ['unsigned long']],
+    'EntriesInUse' : [ 0xc, ['unsigned long']],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x4, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x24, {
+    'InitiatingThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ThreadId' : [ 0x8, ['pointer', ['void']]],
+    'ProcessId' : [ 0xc, ['pointer', ['void']]],
+    'Code' : [ 0x10, ['unsigned long']],
+    'Parameter1' : [ 0x14, ['unsigned long']],
+    'Parameter2' : [ 0x18, ['unsigned long']],
+    'Parameter3' : [ 0x1c, ['unsigned long']],
+    'Parameter4' : [ 0x20, ['unsigned long']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x20, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0xc, ['unsigned long']],
+    'CollectMultiple' : [ 0x10, ['unsigned char']],
+    'Buffer' : [ 0x14, ['pointer', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x30, {
+    'ViewOffset' : [ 0x0, ['unsigned long']],
+    'Pinned' : [ 0x4, ['unsigned char']],
+    'PinMask' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer', ['_KTHREAD']]],
+    'Stack' : [ 0x14, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '__unnamed_292e' : [ 0x10, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x10, {
+    'Parameters' : [ 0x0, ['__unnamed_292e']],
+} ],
+  '__unnamed_2932' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2932']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_SUBSECTION_WAIT_BLOCK' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_MI_SUBSECTION_WAIT_BLOCK']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x310, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long']],
+    'PageSize' : [ 0x14, ['unsigned long']],
+    'SystemTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x20, ['unsigned long long']],
+    'FeatureFlags' : [ 0x28, ['unsigned long long']],
+    'HiberFlags' : [ 0x30, ['unsigned char']],
+    'spare' : [ 0x31, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x34, ['unsigned long']],
+    'HiberVa' : [ 0x38, ['unsigned long']],
+    'NoFreePages' : [ 0x3c, ['unsigned long']],
+    'FreeMapCheck' : [ 0x40, ['unsigned long']],
+    'WakeCheck' : [ 0x44, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x48, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x50, ['unsigned long']],
+    'FirstKernelRestorePage' : [ 0x54, ['unsigned long']],
+    'FirstChecksumRestorePage' : [ 0x58, ['unsigned long']],
+    'NoChecksumEntries' : [ 0x60, ['unsigned long long']],
+    'PerfInfo' : [ 0x68, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x248, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x24c, ['array', 1, ['unsigned long']]],
+    'SiLogOffset' : [ 0x250, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x254, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x258, ['array', 24, ['unsigned long']]],
+    'NotUsed' : [ 0x2b8, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x2bc, ['unsigned long']],
+    'ResumeContextPages' : [ 0x2c0, ['unsigned long']],
+    'Hiberboot' : [ 0x2c4, ['unsigned char']],
+    'HvCr3' : [ 0x2c8, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x2d0, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x2d8, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x2e0, ['unsigned long long']],
+    'BootFlags' : [ 0x2e8, ['unsigned long long']],
+    'HalEntryPointPhysical' : [ 0x2f0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x2f8, ['unsigned long']],
+    'BitlockerKeyPfns' : [ 0x2fc, ['array', 4, ['unsigned long']]],
+    'HardwareSignature' : [ 0x30c, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x10, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['unsigned short']],
+} ],
+  '_CURDIR' : [ 0xc, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1e0, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x48, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x4c, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x50, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x58, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x60, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x68, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x78, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x80, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xc8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xd0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xd8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xe0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xe8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0xf0, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0xf8, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x100, ['unsigned long long']],
+    'IoBoundedness' : [ 0x108, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x110, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x118, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x120, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x128, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x130, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x138, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x140, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x148, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x150, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x158, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x160, ['unsigned long long']],
+    'AnimationStart' : [ 0x168, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x170, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x178, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x180, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x188, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x190, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x198, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1a0, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1a8, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1b0, ['unsigned long long']],
+    'BytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'PagesWritten' : [ 0x1c0, ['unsigned long']],
+    'FileRuns' : [ 0x1c4, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1c8, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1cc, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1d0, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1d8, ['unsigned long long']],
+} ],
+  '_MI_QUEUED_DEADSTACK_WORKITEM' : [ 0x14, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x10, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0xc, ['unsigned char']],
+    'Reserved' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_FREE_DISPLAY' : [ 0x10, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x1c, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'InitialInPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x8, ['pointer', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0xc, ['unsigned long']],
+    'Node' : [ 0x10, ['_RTL_BALANCED_NODE']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x70, {
+    'UncompressedData' : [ 0x0, ['pointer', ['unsigned char']]],
+    'MappingVa' : [ 0x4, ['pointer', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x8, ['pointer', ['void']]],
+    'CompressedDataBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'CompressTicks' : [ 0x18, ['unsigned long long']],
+    'BytesCopied' : [ 0x20, ['unsigned long long']],
+    'PagesProcessed' : [ 0x28, ['unsigned long long']],
+    'DecompressTicks' : [ 0x30, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x38, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x40, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x68, ['unsigned long']],
+    'HuffCompressCount' : [ 0x6c, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x18, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_POP_IO_INFO' : [ 0x60, {
+    'DumpMdl' : [ 0x0, ['pointer', ['_MDL']]],
+    'IoStatus' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'IoReady', 1: 'IoPending', 2: 'IoDone'})]],
+    'IoStartCount' : [ 0x8, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x10, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x18, ['unsigned long long']],
+    'RequestSize' : [ 0x20, ['unsigned long long']],
+    'IoLocation' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x30, ['unsigned long long']],
+    'Buffer' : [ 0x38, ['pointer', ['void']]],
+    'AsyncCapable' : [ 0x3c, ['unsigned char']],
+    'BytesToRead' : [ 0x40, ['unsigned long long']],
+    'Pages' : [ 0x48, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x50, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x58, ['unsigned short']],
+} ],
+  '_LDRP_CSLIST' : [ 0x4, {
+    'Tail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x4, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x8, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+    'ContentionCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x1c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x1e, ['unsigned short']],
+} ],
+  '__unnamed_296f' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2971' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2974' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_2978' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'ApicDestinationModePhysical', 2: 'ApicDestinationModeLogicalFlat', 3: 'ApicDestinationModeLogicalClustered', 4: 'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x50, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptTypeControllerInput', 1: 'InterruptTypeXapicMessage', 2: 'InterruptTypeHypertransport', 3: 'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'TargetProcessors' : [ 0x14, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x20, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x30, ['__unnamed_296f']],
+    'HvDeviceId' : [ 0x38, ['unsigned long long']],
+    'XapicMessage' : [ 0x40, ['__unnamed_2971']],
+    'Hypertransport' : [ 0x40, ['__unnamed_2974']],
+    'GenericMessage' : [ 0x40, ['__unnamed_2971']],
+    'MessageRequest' : [ 0x40, ['__unnamed_2978']],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2986' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x4, ['pointer', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_2988' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x28, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x8, ['unsigned long long']],
+    'Unit' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateUnitOther', 1: 'PoFxPerfStateUnitFrequency', 2: 'PoFxPerfStateUnitBandwidth', 3: 'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateTypeDiscrete', 1: 'PoFxPerfStateTypeRange', 2: 'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x18, ['__unnamed_2986']],
+    'Range' : [ 0x18, ['__unnamed_2988']],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2999' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_299b' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_299d' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2999']],
+    'Gpt' : [ 0x0, ['__unnamed_299b']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0xc0, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer', ['void']]],
+    'CommonBuffer' : [ 0xc, ['array', 2, ['pointer', ['void']]]],
+    'PhysicalAddress' : [ 0x18, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x28, ['pointer', ['void']]],
+    'OpenRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'WriteRoutine' : [ 0x30, ['pointer', ['void']]],
+    'FinishRoutine' : [ 0x34, ['pointer', ['void']]],
+    'AdapterObject' : [ 0x38, ['pointer', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x3c, ['pointer', ['void']]],
+    'PortConfiguration' : [ 0x40, ['pointer', ['void']]],
+    'CrashDump' : [ 0x44, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x45, ['unsigned char']],
+    'HiberResume' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x47, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x48, ['unsigned long']],
+    'CommonBufferSize' : [ 0x4c, ['unsigned long']],
+    'TargetAddress' : [ 0x50, ['pointer', ['void']]],
+    'WritePendingRoutine' : [ 0x54, ['pointer', ['void']]],
+    'PartitionStyle' : [ 0x58, ['unsigned long']],
+    'DiskInfo' : [ 0x5c, ['__unnamed_299d']],
+    'ReadRoutine' : [ 0x6c, ['pointer', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0x70, ['pointer', ['void']]],
+    'LogSectionTruncateSize' : [ 0x74, ['unsigned long']],
+    'Parameters' : [ 0x78, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xb8, ['pointer', ['void']]],
+    'DumpNotifyRoutine' : [ 0xbc, ['pointer', ['void']]],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x18, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long']],
+    'ActiveCacheMatch' : [ 0x4, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0x8, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x14, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x8, ['pointer', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0xc, ['pointer', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x10, ['pointer', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x14, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned short']],
+    'ReplyIndex' : [ 0x1a, ['unsigned short']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x10, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_KDPC_LIST' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x4, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0xd0, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x4, ['pointer', ['pointer', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x8, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x18, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x28, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x10, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x18, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'EtwNotificationTypeNoReply', 2: 'EtwNotificationTypeLegacyEnable', 3: 'EtwNotificationTypeEnable', 4: 'EtwNotificationTypePrivateLogger', 5: 'EtwNotificationTypePerflib', 6: 'EtwNotificationTypeAudio', 7: 'EtwNotificationTypeSession', 8: 'EtwNotificationTypeReserved', 9: 'EtwNotificationTypeCredentialUI', 10: 'EtwNotificationTypeInProcSession', 11: 'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '__unnamed_29d2' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_29d4' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_29d2']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_29d7' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_29d9' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_29d7']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_29d4']],
+    'HighPart' : [ 0x4, ['__unnamed_29d9']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x2c, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x28, ['long']],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x4, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['pointer', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '__unnamed_29e7' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x18, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer', ['void']]],
+    'SessionId' : [ 0xc, ['unsigned long']],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+    'u2' : [ 0x14, ['__unnamed_29e7']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_29ed' : [ 0x8, {
+    'MessageAddressLow' : [ 0x0, ['unsigned long']],
+    'MessageData' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+} ],
+  '__unnamed_29ef' : [ 0x8, {
+    'RemappedFormat' : [ 0x0, ['_ULARGE_INTEGER']],
+    'Msi' : [ 0x0, ['__unnamed_29ed']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_29ef']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0x54, {
+    'Cr0' : [ 0x0, ['unsigned long']],
+    'Cr2' : [ 0x4, ['unsigned long']],
+    'Cr3' : [ 0x8, ['unsigned long']],
+    'Cr4' : [ 0xc, ['unsigned long']],
+    'KernelDr0' : [ 0x10, ['unsigned long']],
+    'KernelDr1' : [ 0x14, ['unsigned long']],
+    'KernelDr2' : [ 0x18, ['unsigned long']],
+    'KernelDr3' : [ 0x1c, ['unsigned long']],
+    'KernelDr6' : [ 0x20, ['unsigned long']],
+    'KernelDr7' : [ 0x24, ['unsigned long']],
+    'Gdtr' : [ 0x28, ['_DESCRIPTOR']],
+    'Idtr' : [ 0x30, ['_DESCRIPTOR']],
+    'Tr' : [ 0x38, ['unsigned short']],
+    'Ldtr' : [ 0x3a, ['unsigned short']],
+    'Xcr0' : [ 0x3c, ['unsigned long long']],
+    'ExceptionList' : [ 0x44, ['unsigned long']],
+    'Reserved' : [ 0x48, ['array', 3, ['unsigned long']]],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0xc, {
+    'Previous' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x4, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x4, ['pointer', ['unsigned short']]],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x10, ['pointer', ['void']]],
+    'WhichOrderedElement' : [ 0x14, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x18, ['unsigned long']],
+    'DepthOfTree' : [ 0x1c, ['unsigned long']],
+    'RestartKey' : [ 0x20, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x24, ['unsigned long']],
+    'CompareRoutine' : [ 0x28, ['pointer', ['void']]],
+    'AllocateRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'FreeRoutine' : [ 0x30, ['pointer', ['void']]],
+    'TableContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_DESCRIPTOR' : [ 0x8, {
+    'Pad' : [ 0x0, ['unsigned short']],
+    'Limit' : [ 0x2, ['unsigned short']],
+    'Base' : [ 0x4, ['unsigned long']],
+} ],
+}

From 883e317a364d30957d1f4e7a3adb2ef63fbfac67 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Wed, 10 Aug 2016 13:04:07 -0400
Subject: [PATCH 009/304] win10.py: fix _OBJECT_HEADER and _POOL_HEADER for
 recent versions

---
 volatility/plugins/overlays/windows/win10.py | 106 ++++++++++++++++++-
 1 file changed, 105 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index c8dae58a2..aa033d3e6 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -317,6 +317,63 @@ def is_valid(self):
         54: 'DxgkSharedSwapChainObject',
         }
 
+class _OBJECT_HEADER_10_1AC738FB(_OBJECT_HEADER_10):
+
+    type_map = {
+        2: 'Type',
+        3: 'Directory',
+        4: 'SymbolicLink',
+        5: 'Token',
+        6: 'Job',
+        7: 'Process',
+        8: 'Thread',
+        9: 'UserApcReserve',
+        10: 'IoCompletionReserve',
+        11: 'DebugObject',
+        12: 'Event',
+        13: 'Mutant',
+        14: 'Callback',
+        15: 'Semaphore',
+        16: 'Timer',
+        17: 'IRTimer',
+        18: 'Profile',
+        19: 'KeyedEvent',
+        20: 'WindowStation',
+        21: 'Desktop',
+        22: 'Composition',
+        23: 'RawInputManager',
+        24: 'TpWorkerFactory',
+        25: 'Adapter',
+        26: 'Controller',
+        27: 'Device',
+        28: 'Driver',
+        29: 'IoCompletion',
+        30: 'WaitCompletionPacket',
+        31: 'File',
+        32: 'TmTm',
+        33: 'TmTx',
+        34: 'TmRm',
+        35: 'TmEn',
+        36: 'Section',
+        37: 'Session',
+        38: 'Partition',
+        39: 'Key',
+        40: 'ALPC Port',
+        41: 'PowerRequest',
+        42: 'WmiGuid',
+        43: 'EtwRegistration',
+        44: 'EtwConsumer',
+        45: 'DmaAdapter',
+        46: 'DmaDomain',
+        47: 'PcwObject',
+        48: 'FilterConnectionPort',
+        49: 'FilterCommunicationPort',
+        50: 'NetworkNamespace',
+        51: 'DxgkSharedResource',
+        52: 'DxgkSharedSyncObject',
+        53: 'DxgkSharedSwapChainObject',
+        }
+
 class Win10ObjectHeader(obj.ProfileModification):
     before = ["Win8ObjectClasses"]
     conditions = {'os': lambda x: x == 'windows',
@@ -324,7 +381,54 @@ class Win10ObjectHeader(obj.ProfileModification):
                   'minor': lambda x: x == 4}
 
     def modification(self, profile):
-        profile.object_classes.update({"_OBJECT_HEADER": _OBJECT_HEADER_10})
+
+        metadata = profile.metadata
+        build = metadata.get("build", 0)
+
+        if build == 10240:
+            header = _OBJECT_HEADER_10_1AC738FB
+        else:
+            header = _OBJECT_HEADER_10
+
+        profile.object_classes.update({"_OBJECT_HEADER": header})
+
+class Win10PoolHeader(obj.ProfileModification):
+    before = ['WindowsOverlay']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x == 10240}
+
+    def modification(self, profile):
+
+        meta = profile.metadata
+        memory_model = meta.get("memory_model", "32bit")
+
+        if memory_model == "32bit":
+            pool_types = {'_POOL_HEADER' : [ 0x8, {
+                'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+                'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+                'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+                'PoolType' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+                'Ulong1' : [ 0x0, ['unsigned long']],
+                'PoolTag' : [ 0x4, ['unsigned long']],
+                'AllocatorBackTraceIndex' : [ 0x4, ['unsigned short']],
+                'PoolTagHash' : [ 0x6, ['unsigned short']],
+                }]}
+        else:
+            pool_types = {'_POOL_HEADER' : [ 0x10, {
+                 'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+                 'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+                 'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+                 'PoolType' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+                 'Ulong1' : [ 0x0, ['unsigned long']],
+                 'PoolTag' : [ 0x4, ['unsigned long']],
+                 'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+                 'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+                 'PoolTagHash' : [ 0xa, ['unsigned short']],
+                 }]}
+
+        profile.vtypes.update(pool_types)
 
 class Win10x64(obj.Profile):
     """ A Profile for Windows 10 x64 """

From aa1834632a6910ea6a44851732a764a972299735 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Wed, 10 Aug 2016 13:05:45 -0400
Subject: [PATCH 010/304] win32/tasks.py: only yield KDBGs that are valid

---
 volatility/win32/tasks.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/volatility/win32/tasks.py b/volatility/win32/tasks.py
index 84947d6a5..7ff371b56 100644
--- a/volatility/win32/tasks.py
+++ b/volatility/win32/tasks.py
@@ -53,10 +53,12 @@ def get_kdbg(addr_space):
         if kdbg.is_valid():
             return kdbg
 
-    kdbg = obj.VolMagic(addr_space).KDBG.v()
+    kdbg_magic = obj.VolMagic(addr_space).KDBG
 
-    if kdbg.is_valid():
-        return kdbg
+    for kdbg in kdbg_magic.get_suggestions():
+
+        if kdbg.is_valid():
+            return kdbg
 
     # skip the KPCR backup method for x64 
     memmode = addr_space.profile.metadata.get('memory_model', '32bit')

From d00496bd23f059ec878dae4a18d84b2bce1e45ee Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Wed, 10 Aug 2016 13:06:51 -0400
Subject: [PATCH 011/304] win8_kdbg.py: limit search to addresses above
 0xf80000000000

---
 volatility/plugins/overlays/windows/win8_kdbg.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/volatility/plugins/overlays/windows/win8_kdbg.py b/volatility/plugins/overlays/windows/win8_kdbg.py
index 26eee04b6..302d8d481 100644
--- a/volatility/plugins/overlays/windows/win8_kdbg.py
+++ b/volatility/plugins/overlays/windows/win8_kdbg.py
@@ -221,6 +221,9 @@ def generate_suggestions(self):
             current_offset = max(range_start, current_offset)
             range_end = range_start + range_size
 
+            if current_offset < 0xf80000000000:
+                continue
+
             while (current_offset < range_end):
                 # Figure out how much data to read
                 l = min(constants.SCAN_BLOCKSIZE + overlap, range_end - current_offset)

From d69519361400767334c1684293295804ae5db961 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Wed, 10 Aug 2016 15:59:45 -0400
Subject: [PATCH 012/304] amd64.py: refactor OS-specific code

Migrate away from dynamic checks on each call to entry_present()
to an inheritance-based scheme.
---
 volatility/plugins/addrspaces/amd64.py | 66 +++++++++++++++++++-------
 1 file changed, 49 insertions(+), 17 deletions(-)

diff --git a/volatility/plugins/addrspaces/amd64.py b/volatility/plugins/addrspaces/amd64.py
index b9ddf21c8..33def0aa6 100644
--- a/volatility/plugins/addrspaces/amd64.py
+++ b/volatility/plugins/addrspaces/amd64.py
@@ -67,23 +67,7 @@ class AMD64PagedMemory(paged.AbstractWritablePagedMemory):
     _longlong_struct = struct.Struct("<Q")
 
     def entry_present(self, entry):
-        if entry:
-            if (entry & 1):
-                return True
-
-            arch = self.profile.metadata.get('os', 'Unknown').lower()
-
-            # The page is in transition and not a prototype.
-            # Thus, we will treat it as present.
-            if arch == "windows" and ((entry & (1 << 11)) and not (entry & (1 << 10))):
-                return True
-
-            # Linux pages that have had mprotect(...PROT_NONE) called on them
-            # have the present bit cleared and global bit set
-            if arch == "linux" and (entry & (1 << 8)):
-                return True
-
-        return False
+        return entry and (entry & 1)
 
     def page_size_flag(self, entry):
         if (entry & (1 << 7)) == (1 << 7):
@@ -318,3 +302,51 @@ def get_available_pages(self, with_pte = False):
     @classmethod
     def address_mask(cls, addr):
         return addr & 0xffffffffffff
+
+class WindowsAMD64PagedMemory(AMD64PagedMemory):
+    """Windows-specific AMD 64-bit address space.
+
+    This class is a specialized version of AMD64PagedMemory that leverages
+    Windows-specific paging logic.
+    """
+    order = 55
+
+    def is_valid_profile(self, profile):
+        '''
+        This method checks to make sure the address space is being
+        used with a Windows profile.
+        '''
+
+        valid = AMD64PagedMemory.is_valid_profile(self, profile)
+        return valid and profile.metadata.get('os', 'Unknown').lower() == 'windows'
+
+    def entry_present(self, entry):
+        present = AMD64PagedMemory.entry_present(self, entry)
+
+        # The page is in transition and not a prototype.
+        # Thus, we will treat it as present.
+        return present or ((entry & (1 << 11)) and not (entry & (1 << 10)))
+
+class LinuxAMD64PagedMemory(AMD64PagedMemory):
+    """Linux-specific AMD 64-bit address space.
+
+    This class is a specialized version of AMD64PagedMemory that leverages
+    Linux-specific paging logic.
+    """
+    order = 55
+
+    def is_valid_profile(self, profile):
+        '''
+        This method checks to make sure the address space is being
+        used with a Linux profile.
+        '''
+
+        valid = AMD64PagedMemory.is_valid_profile(self, profile)
+        return valid and profile.metadata.get('os', 'Unknown').lower() == 'linux'
+
+    def entry_present(self, entry):
+        present = AMD64PagedMemory.entry_present(self, entry)
+
+        # Linux pages that have had mprotect(...PROT_NONE) called on them
+        # have the present bit cleared and global bit set
+        return present or (entry & (1 << 8))

From 6b9349b9f84b32ea7c19b8ab372e7a93efef926a Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Thu, 11 Aug 2016 00:03:55 -0400
Subject: [PATCH 013/304] amd64.py: optionally skip consecutive PD/PT entries
 that are the same

Created new class Win10AMD64PagedMemory for Windows 10 and later
that engages the skipping logic.
---
 volatility/plugins/addrspaces/amd64.py | 32 ++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/volatility/plugins/addrspaces/amd64.py b/volatility/plugins/addrspaces/amd64.py
index 33def0aa6..6c6b6bc5f 100644
--- a/volatility/plugins/addrspaces/amd64.py
+++ b/volatility/plugins/addrspaces/amd64.py
@@ -65,6 +65,7 @@ class AMD64PagedMemory(paged.AbstractWritablePagedMemory):
     minimum_size = 0x1000
     alignment_gcd = 0x1000
     _longlong_struct = struct.Struct("<Q")
+    skip_duplicate_entries = False
 
     def entry_present(self, entry):
         return entry and (entry & 1)
@@ -276,9 +277,15 @@ def get_available_pages(self, with_pte = False):
                     continue
 
                 pd_entries = struct.unpack('<512Q', pd)
+                prev_pd_entry = None
                 for j in range(0, 0x200):
                     soffset = (j * 0x200 * 0x200 * 8)
+
                     entry = pd_entries[j]
+                    if self.skip_duplicate_entries and entry == prev_pd_entry:
+                        continue
+                    prev_pd_entry = entry
+
                     if self.entry_present(entry) and self.page_size_flag(entry):
                         if with_pte: 
                             yield (entry, vaddr + soffset, 0x200000)
@@ -291,8 +298,13 @@ def get_available_pages(self, with_pte = False):
                         if pt is None:
                             continue
                         pt_entries = struct.unpack('<512Q', pt)
+                        prev_pt_entry = None
                         for k in range(0, 0x200):
                             pt_entry = pt_entries[k]
+                            if self.skip_duplicate_entries and pt_entry == prev_pt_entry:
+                                continue
+                            prev_pt_entry = pt_entry
+
                             if self.entry_present(pt_entry):
                                 if with_pte:
                                     yield (pt_entry, vaddr + soffset + k * 0x1000, 0x1000)
@@ -327,6 +339,26 @@ def entry_present(self, entry):
         # Thus, we will treat it as present.
         return present or ((entry & (1 << 11)) and not (entry & (1 << 10)))
 
+class Win10AMD64PagedMemory(WindowsAMD64PagedMemory):
+    """Windows 10-specific AMD 64-bit address space.
+
+    This class is used to filter out large sections of kernel mappings that are
+    duplicates in recent versions of Windows 10.
+    """
+    order = 53
+    skip_duplicate_entries = True
+
+    def is_valid_profile(self, profile):
+        '''
+        This address space should only be used with recent Windows 10 profiles
+        '''
+
+        valid = WindowsAMD64PagedMemory.is_valid_profile(self, profile)
+        major = profile.metadata.get('major', 0)
+        minor = profile.metadata.get('minor', 0)
+        return valid and major >= 6 and minor >= 4
+
+
 class LinuxAMD64PagedMemory(AMD64PagedMemory):
     """Linux-specific AMD 64-bit address space.
 

From 2f08afca0e4d58fe17e6ee9392233107cca885a7 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 19 Aug 2016 08:39:51 -0500
Subject: [PATCH 014/304] update readme

---
 README.txt | 103 ++++++++++++++++++++++++++++++-----------------------
 1 file changed, 59 insertions(+), 44 deletions(-)

diff --git a/README.txt b/README.txt
index 35dcc0ccb..12a01105a 100644
--- a/README.txt
+++ b/README.txt
@@ -135,63 +135,69 @@ Quick Start
 $ python vol.py --info
 Volatility Foundation Volatility Framework 2.5
 
-Profiles
---------
-VistaSP0x64                - A Profile for Windows Vista SP0 x64
-VistaSP0x86                - A Profile for Windows Vista SP0 x86
-VistaSP1x64                - A Profile for Windows Vista SP1 x64
-VistaSP1x86                - A Profile for Windows Vista SP1 x86
-VistaSP2x64                - A Profile for Windows Vista SP2 x64
-VistaSP2x86                - A Profile for Windows Vista SP2 x86
-Win10x64                   - A Profile for Windows 10 x64
-Win10x86                   - A Profile for Windows 10 x86
-Win2003SP0x86              - A Profile for Windows 2003 SP0 x86
-Win2003SP1x64              - A Profile for Windows 2003 SP1 x64
-Win2003SP1x86              - A Profile for Windows 2003 SP1 x86
-Win2003SP2x64              - A Profile for Windows 2003 SP2 x64
-Win2003SP2x86              - A Profile for Windows 2003 SP2 x86
-Win2008R2SP0x64            - A Profile for Windows 2008 R2 SP0 x64
-Win2008R2SP1x64            - A Profile for Windows 2008 R2 SP1 x64
-Win2008SP1x64              - A Profile for Windows 2008 SP1 x64
-Win2008SP1x86              - A Profile for Windows 2008 SP1 x86
-Win2008SP2x64              - A Profile for Windows 2008 SP2 x64
-Win2008SP2x86              - A Profile for Windows 2008 SP2 x86
-Win2012R2x64               - A Profile for Windows Server 2012 R2 x64
-Win2012x64                 - A Profile for Windows Server 2012 x64
-Win7SP0x64                 - A Profile for Windows 7 SP0 x64
-Win7SP0x86                 - A Profile for Windows 7 SP0 x86
-Win7SP1x64                 - A Profile for Windows 7 SP1 x64
-Win7SP1x86                 - A Profile for Windows 7 SP1 x86
-Win81U1x64                 - A Profile for Windows 8.1 Update 1 x64
-Win81U1x86                 - A Profile for Windows 8.1 Update 1 x86
-Win8SP0x64                 - A Profile for Windows 8 x64
-Win8SP0x86                 - A Profile for Windows 8 x86
-Win8SP1x64                 - A Profile for Windows 8.1 x64
-Win8SP1x86                 - A Profile for Windows 8.1 x86
-WinXPSP1x64                - A Profile for Windows XP SP1 x64
-WinXPSP2x64                - A Profile for Windows XP SP2 x64
-WinXPSP2x86                - A Profile for Windows XP SP2 x86
-WinXPSP3x86                - A Profile for Windows XP SP3 x86
-
 Address Spaces
 --------------
 AMD64PagedMemory              - Standard AMD 64-bit address space.
-ArmAddressSpace               - Address space for ARM processors       
+ArmAddressSpace               - Address space for ARM processors
 FileAddressSpace              - This is a direct file AS.
 HPAKAddressSpace              - This AS supports the HPAK format
 IA32PagedMemory               - Standard IA-32 paging address space.
 IA32PagedMemoryPae            - This class implements the IA-32 PAE paging address space. It is responsible
 LimeAddressSpace              - Address space for Lime
-MachOAddressSpace             - Address space for Mach-O files to support atc-ny memory reader
+LinuxAMD64PagedMemory         - Linux-specific AMD 64-bit address space.
+MachOAddressSpace             - Address space for mach-o files to support atc-ny memory reader
 OSXPmemELF                    - This AS supports VirtualBox ELF64 coredump format
 QemuCoreDumpElf               - This AS supports Qemu ELF32 and ELF64 coredump format
 VMWareAddressSpace            - This AS supports VMware snapshot (VMSS) and saved state (VMSS) files
 VMWareMetaAddressSpace        - This AS supports the VMEM format with VMSN/VMSS metadata
 VirtualBoxCoreDumpElf64       - This AS supports VirtualBox ELF64 coredump format
-WindowsCrashDumpSpace32       - This AS supports Windows Crash Dump format
-WindowsCrashDumpSpace64       - This AS supports Windows Crash Dump format
+Win10AMD64PagedMemory         - Windows 10-specific AMD 64-bit address space.
+WindowsAMD64PagedMemory       - Windows-specific AMD 64-bit address space.
+WindowsCrashDumpSpace32       - This AS supports windows Crash Dump format
+WindowsCrashDumpSpace64       - This AS supports windows Crash Dump format
 WindowsCrashDumpSpace64BitMap - This AS supports Windows BitMap Crash Dump format
-WindowsHiberFileSpace32       - This is a hibernate address space for Windows hibernation files.
+WindowsHiberFileSpace32       - This is a hibernate address space for windows hibernation files.
+
+Profiles
+--------
+LinuxRedHat62x64  - A Profile for Linux RedHat62 x64
+VistaSP0x64       - A Profile for Windows Vista SP0 x64
+VistaSP0x86       - A Profile for Windows Vista SP0 x86
+VistaSP1x64       - A Profile for Windows Vista SP1 x64
+VistaSP1x86       - A Profile for Windows Vista SP1 x86
+VistaSP2x64       - A Profile for Windows Vista SP2 x64
+VistaSP2x86       - A Profile for Windows Vista SP2 x86
+Win10x64          - A Profile for Windows 10 x64
+Win10x64_1AC738FB - A Profile for Windows 10 x64 from PDB 1AC738FB
+Win10x86          - A Profile for Windows 10 x86
+Win10x86_44B89EEA - A Profile for Windows 10 x86 from PDB 44B89EEA
+Win2003SP0x86     - A Profile for Windows 2003 SP0 x86
+Win2003SP1x64     - A Profile for Windows 2003 SP1 x64
+Win2003SP1x86     - A Profile for Windows 2003 SP1 x86
+Win2003SP2x64     - A Profile for Windows 2003 SP2 x64
+Win2003SP2x86     - A Profile for Windows 2003 SP2 x86
+Win2008R2SP0x64   - A Profile for Windows 2008 R2 SP0 x64
+Win2008R2SP1x64   - A Profile for Windows 2008 R2 SP1 x64
+Win2008SP1x64     - A Profile for Windows 2008 SP1 x64
+Win2008SP1x86     - A Profile for Windows 2008 SP1 x86
+Win2008SP2x64     - A Profile for Windows 2008 SP2 x64
+Win2008SP2x86     - A Profile for Windows 2008 SP2 x86
+Win2012R2x64      - A Profile for Windows Server 2012 R2 x64
+Win2012x64        - A Profile for Windows Server 2012 x64
+Win7SP0x64        - A Profile for Windows 7 SP0 x64
+Win7SP0x86        - A Profile for Windows 7 SP0 x86
+Win7SP1x64        - A Profile for Windows 7 SP1 x64
+Win7SP1x86        - A Profile for Windows 7 SP1 x86
+Win81U1x64        - A Profile for Windows 8.1 Update 1 x64
+Win81U1x86        - A Profile for Windows 8.1 Update 1 x86
+Win8SP0x64        - A Profile for Windows 8 x64
+Win8SP0x86        - A Profile for Windows 8 x86
+Win8SP1x64        - A Profile for Windows 8.1 x64
+Win8SP1x86        - A Profile for Windows 8.1 x86
+WinXPSP1x64       - A Profile for Windows XP SP1 x64
+WinXPSP2x64       - A Profile for Windows XP SP2 x64
+WinXPSP2x86       - A Profile for Windows XP SP2 x86
+WinXPSP3x86       - A Profile for Windows XP SP3 x86
 
 Plugins
 -------
@@ -221,6 +227,7 @@ driverscan                 - Pool scanner for driver objects
 dumpcerts                  - Dump RSA private and public SSL keys
 dumpfiles                  - Extract memory mapped and cached files
 dumpregistry               - Dumps registry files out to disk
+editbox                    - Displays information about Edit controls. (Listbox experimental.)
 envars                     - Display process environment variables
 eventhooks                 - Print details on windows event hooks
 evtlogs                    - Extract Windows Event Logs (XP/2003 only)
@@ -304,6 +311,7 @@ linux_psaux                - Gathers processes along with full command line and
 linux_psenv                - Gathers processes along with their static environment variables
 linux_pslist               - Gather active tasks by walking the task_struct->task list
 linux_pslist_cache         - Gather tasks from the kmem_cache
+linux_psscan               - Scan physical memory for processes
 linux_pstree               - Shows the parent/child relationship between processes
 linux_psxview              - Find hidden processes with various process listings
 linux_recover_filesystem   - Recovers the entire cached file system from memory
@@ -326,6 +334,7 @@ mac_bash                   - Recover bash history from bash process memory
 mac_bash_env               - Recover bash's environment variables
 mac_bash_hash              - Recover bash hash table from bash process memory
 mac_calendar               - Gets calendar events from Calendar.app
+mac_check_fop              - Validate File Operation Pointers
 mac_check_mig_table        - Lists entires in the kernel's MIG table
 mac_check_syscall_shadow   - Looks for shadow system call tables
 mac_check_syscalls         - Checks to see if system call table entries are hooked
@@ -336,14 +345,18 @@ mac_contacts               - Gets contact names from Contacts.app
 mac_dead_procs             - Prints terminated/de-allocated processes
 mac_dead_sockets           - Prints terminated/de-allocated network sockets
 mac_dead_vnodes            - Lists freed vnode structures
+mac_devfs                  - Lists files in the file cache
 mac_dmesg                  - Prints the kernel debug buffer
 mac_dump_file              - Dumps a specified file
 mac_dump_maps              - Dumps memory ranges of process(es), optionally including pages in compressed swap
 mac_dyld_maps              - Gets memory maps of processes from dyld data structures
 mac_find_aslr_shift        - Find the ASLR shift value for 10.8+ images
-mac_get_profile            - Automatically detect Mac profiles       
+mac_get_profile            - Automatically detect Mac profiles
 mac_ifconfig               - Lists network interface information for all devices
+mac_interest_handlers      - Lists IOKit Interest Handlers
 mac_ip_filters             - Reports any hooked IP filters
+mac_kernel_classes         - Lists loaded c++ classes in the kernel
+mac_kevents                - Show parent/child relationship of processes
 mac_keychaindump           - Recovers possbile keychain keys. Use chainbreaker to open related keychain files
 mac_ldrmodules             - Compares the output of proc maps with the list of libraries from libdl
 mac_librarydump            - Dumps the executable of a process
@@ -384,8 +397,10 @@ mac_strings                - Match physical offsets to virtual addresses (may ta
 mac_tasks                  - List Active Tasks
 mac_threads                - List Process Threads
 mac_threads_simple         - Lists threads along with their start time and priority
+mac_timers                 - Reports timers set by kernel drivers
 mac_trustedbsd             - Lists malicious trustedbsd policies
 mac_version                - Prints the Mac version
+mac_vfsevents              - Lists processes filtering file system events
 mac_volshell               - Shell in the memory image
 mac_yarascan               - Scan memory for yara signatures
 machoinfo                  - Dump Mach-O file format information

From b1c5abf5d25f78874accc62a7a075c7e007ee598 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 19 Aug 2016 09:23:06 -0500
Subject: [PATCH 015/304] update auditpol for win10

---
 volatility/plugins/registry/auditpol.py | 61 ++++++++++++++++++++++++-
 1 file changed, 60 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/registry/auditpol.py b/volatility/plugins/registry/auditpol.py
index 01e996af9..b9fbe6097 100644
--- a/volatility/plugins/registry/auditpol.py
+++ b/volatility/plugins/registry/auditpol.py
@@ -183,6 +183,24 @@
     } ],
 }
 
+auditpol_type_win8 = {
+    'AuditPolData8' : [ None, {
+        'Logon': [22, ['Enumeration', dict(target = 'unsigned short', choices = {0x00: "Not Logged", 0x01: "S", 0x02: "F", 0x03: "S/F"})]],
+        'Logoff': [24, ['Enumeration', dict(target = 'unsigned short', choices = {0x00: "Not Logged", 0x01: "S", 0x02: "F", 0x03: "S/F"})]],
+        'Sensitive': [70, ['Enumeration', dict(target = 'unsigned short', choices = {0x00: "Not Logged", 0x01: "S", 0x02: "F", 0x03: "S/F"})]],
+        'ProcessCreation': [76, ['Enumeration', dict(target = 'unsigned short', choices = {0x00: "Not Logged", 0x01: "S", 0x02: "F", 0x03: "S/F"})]],
+ }],
+}
+
+auditpol_type_win10 = {
+    'AuditPolData10' : [ None, {
+        'Logon': [0x16, ['Enumeration', dict(target = 'unsigned short', choices = {0x00: "Not Logged", 0x01: "S", 0x02: "F", 0x03: "S/F"})]],
+        'Logoff': [0x18, ['Enumeration', dict(target = 'unsigned short', choices = {0x00: "Not Logged", 0x01: "S", 0x02: "F", 0x03: "S/F"})]],
+        'Sensitive': [0x48, ['Enumeration', dict(target = 'unsigned short', choices = {0x00: "Not Logged", 0x01: "S", 0x02: "F", 0x03: "S/F"})]],
+        'ProcessCreation': [0x4e, ['Enumeration', dict(target = 'unsigned short', choices = {0x00: "Not Logged", 0x01: "S", 0x02: "F", 0x03: "S/F"})]],
+ }],
+}
+
 # this are not used, but left here since they are more descriptive
 class AuditPolDataXP(obj.CType):
     def __str__(self):
@@ -239,6 +257,19 @@ def __str__(self):
 
         return msg
 
+class AuditPolData8(obj.CType):
+    def __str__(self):
+        msg = "\nLogon: {0}\n\tLogoff: {1}\n\tSensitive Privilegs: {2}\n\tProcess Creation: {3}\n\t".format(
+                    self.Logon, self.Logoff, self.Sensitive, self.ProcessCreation)
+  
+        return msg
+
+class AuditPolData10(obj.CType):
+    def __str__(self):
+        msg = "\nLogon: {0}\n\tLogoff: {1}\n\tSensitive Privilegs: {2}\n\tProcess Creation: {3}\n\t".format(
+                    self.Logon, self.Logoff, self.Sensitive, self.ProcessCreation)
+  
+        return msg
 
 class AuditPolData7(obj.CType):
     def __str__(self):
@@ -317,6 +348,28 @@ def modification(self, profile):
         })
         profile.vtypes.update(auditpol_type_win7)
 
+class AudipolWin8(obj.ProfileModification):
+    before = ['WindowsObjectClasses']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 2 or x == 3 }
+    def modification(self, profile):
+        profile.object_classes.update({
+            'AuditPolData8': AuditPolData8,
+        })
+        profile.vtypes.update(auditpol_type_win8)
+
+class AudipolWin10(obj.ProfileModification):
+    before = ['WindowsObjectClasses']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x >= 4}
+    def modification(self, profile):
+        profile.object_classes.update({
+            'AuditPolData10': AuditPolData10,
+        })
+        profile.vtypes.update(auditpol_type_win10)
+
 
 class Auditpol(common.AbstractWindowsCommand):
     """Prints out the Audit Policies from HKLM\\SECURITY\\Policy\\PolAdtEv"""
@@ -343,14 +396,20 @@ def calculate(self):
 
         version = (addr_space.profile.metadata.get('major', 0),
                    addr_space.profile.metadata.get('minor', 0))
+
         for value, data_raw in regapi.reg_yield_values('security', 'Policy\\PolAdtEv', thetype = 'REG_NONE'):
             bufferas = addrspace.BufferAddressSpace(self._config, data = data_raw)
             if version <= (5, 1):
                 ap = obj.Object("AuditPolDataXP", offset = 0, vm = bufferas)
             elif version <= (6, 0):
                 ap = obj.Object("AuditPolDataVista", offset = 0, vm = bufferas)
-            else:
+            elif version == (6, 1):
                 ap = obj.Object("AuditPolData7", offset = 0, vm = bufferas)
+            elif version == (6, 2) or version == (6, 3):     
+                ap = obj.Object("AuditPolData8", offset = 0, vm = bufferas)
+            else:
+                ap = obj.Object("AuditPolData10", offset = 0, vm = bufferas)
+                
             if ap == None:
                 debug.error("No AuditPol data found")
 

From 2800d33105873c89714ad44430111c93cd484ba8 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 19 Aug 2016 09:24:28 -0500
Subject: [PATCH 016/304] remove private profile from readme

---
 README.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.txt b/README.txt
index 12a01105a..51ea50816 100644
--- a/README.txt
+++ b/README.txt
@@ -160,7 +160,6 @@ WindowsHiberFileSpace32       - This is a hibernate address space for windows hi
 
 Profiles
 --------
-LinuxRedHat62x64  - A Profile for Linux RedHat62 x64
 VistaSP0x64       - A Profile for Windows Vista SP0 x64
 VistaSP0x86       - A Profile for Windows Vista SP0 x86
 VistaSP1x64       - A Profile for Windows Vista SP1 x64

From 14de62ea986ae79779c9c28af08300383d22f779 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Sat, 20 Aug 2016 16:53:41 -0500
Subject: [PATCH 017/304] add an assertion to the hiber AS to make sure the
 first table page is <= 10. this prevents volatility from going off the deep
 end when an incorrect profile is supplied (i.e. WinXP instead of Win7 or vice
 versa)

---
 volatility/plugins/addrspaces/hibernate.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/addrspaces/hibernate.py b/volatility/plugins/addrspaces/hibernate.py
index b9044ab79..e67a0ba3b 100644
--- a/volatility/plugins/addrspaces/hibernate.py
+++ b/volatility/plugins/addrspaces/hibernate.py
@@ -93,7 +93,9 @@ def __init__(self, base, config, **kwargs):
         PROC_PAGE = volmag.HibrProcPage.v()
 
         # Check it's definitely a hibernation file
-        self.as_assert(self._get_first_table_page() is not None, "No xpress signature found")
+        pageno = self._get_first_table_page()
+        self.as_assert(pageno is not None, "No xpress signature found")
+        self.as_assert(pageno <= 10, "Bad profile for PO_MEMORY_RANGE")
 
         # Extract processor state
         self.ProcState = obj.Object("_KPROCESSOR_STATE", PROC_PAGE * 4096, base)

From 676b14e0caebd1232488f27600aa2d6079b0ff54 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 29 Aug 2016 05:54:37 -0500
Subject: [PATCH 018/304] Windows - add support for IE DEST records

---
 volatility/plugins/iehistory.py | 113 +++++++++++++++++++++++++-------
 1 file changed, 88 insertions(+), 25 deletions(-)

diff --git a/volatility/plugins/iehistory.py b/volatility/plugins/iehistory.py
index 5a9ee1b90..a4042a588 100644
--- a/volatility/plugins/iehistory.py
+++ b/volatility/plugins/iehistory.py
@@ -32,8 +32,15 @@ class _URL_RECORD(obj.CType):
     """A class for URL and LEAK records"""
 
     def is_valid(self):
-        return obj.CType.is_valid(self) and self.Length > 0 and self.Length < 32768
+        ret = False
+        
+        if obj.CType.is_valid(self) and self.Length > 0 and self.Length < 32768:
+            if not str(self.LastModified).startswith("1970-01-01") and str(self.LastModified) != "-": 
+                if not str(self.LastAccessed).startswith("1970-01-01") and str(self.LastAccessed) != "-": 
+                    ret = True
 
+        return ret
+         
     @property
     def Length(self):
         return self.m('Length') * 0x80
@@ -45,6 +52,42 @@ def has_data(self):
                 and not self.Url.split(":")[0] 
                 in ["PrivacIE", "ietld", "iecompat", "Visited"])
 
+class _DEST_RECORD(obj.CType):
+   
+    def is_valid(self):
+        ret = False
+
+        if obj.CType.is_valid(self) and self.LastModified.is_valid() and self.LastAccessed.is_valid():
+             if not str(self.LastModified).startswith("1970-01-01") and str(self.LastModified) != "-": 
+                if not str(self.LastAccessed).startswith("1970-01-01") and str(self.LastAccessed) != "-":  
+                    if 1999 < self.LastModified.as_datetime().year < 2075 and 1999 < self.LastAccessed.as_datetime().year < 2075 and self.URLStart.is_valid():
+                        ret = True
+        return ret
+ 
+    def url_and_title(self):
+        url_buf = self.obj_vm.zread(self.URLStart.obj_offset, 4096)
+
+        url   = ""
+        title = ""
+
+        # look for where url ends
+        idx = url_buf.find("\x00\x00")
+        if idx > 0:
+            idx = idx + 2
+            tmpurl = url_buf[:idx]
+            for u in tmpurl:
+                if 31 < ord(u) < 127:
+                    url = url + u
+
+            idx2 = url_buf[idx:].find("\x00\x00")
+            if idx2 > 0:
+                tmptitle = url_buf[idx:idx+idx2+2]
+                for t in tmptitle:
+                    if 31 < ord(t) < 127:
+                        title = title + t
+
+        return url, title
+
 class IEHistoryVTypes(obj.ProfileModification):
     """Apply structures for IE history parsing"""
     
@@ -70,11 +113,19 @@ def modification(self, profile):
             'Length' : [ 0x4, ['unsigned int']], 
             'Url' : [ 0x10, ['String', dict(length = 4096)]], 
             }],
+            '_DEST_RECORD' : [None, {
+            'Signature' : [ 0, ['String', dict(length = 4)]], 
+            'LastModified' : [ 28, ['WinTimeStamp', dict(is_utc = True)]], 
+            'LastAccessed' : [ 36, ['WinTimeStamp', dict(is_utc = True)]], 
+            'URLStart'     : [ 94, ['unsigned char']], 
+            }],
+
         })
             
         profile.object_classes.update({
             '_URL_RECORD' : _URL_RECORD, 
             '_REDR_RECORD': _URL_RECORD,
+            '_DEST_RECORD' : _DEST_RECORD,
         })
 
 class IEHistory(taskmods.DllList):
@@ -91,28 +142,27 @@ def __init__(self, config, *args, **kwargs):
 
     @staticmethod
     def is_valid_profile(profile):
-        version = (profile.metadata.get('major', 0), 
-                  profile.metadata.get('minor', 0))
-
-        return (profile.metadata.get('os', 'unknown') == 'windows' 
-                and version < (6, 2))
+        return profile.metadata.get('os', 'unknown') == 'windows' 
 
     def calculate(self):
         ## Select the tags to scan for. Always find visited URLs,
         ## but make freed and redirected records optional. 
-        tags = ["URL "]
+        tags = ["URL ", "DEST"]
         if self._config.LEAK:
             tags.append("LEAK")
         if self._config.REDR:
             tags.append("REDR")
             
+        tags = ["DEST"]
+
         ## Define the record type based on the tag
         tag_records = {
             "URL " : "_URL_RECORD", 
             "LEAK" : "_URL_RECORD", 
-            "REDR" : "_REDR_RECORD"}
+            "REDR" : "_REDR_RECORD",
+            "DEST" : "_DEST_RECORD"}
  
-        vad_filter = lambda x : hasattr(x, 'ControlArea') and str(x.FileObject.FileName or '').endswith("index.dat")
+        vad_filter = lambda x : (hasattr(x, 'ControlArea') and str(x.FileObject.FileName or '').endswith("index.dat")) or (x.VadFlags.Protection.v() == 4)  
 
         ## Enumerate processes based on the --pid and --offset 
         for proc in taskmods.DllList(self._config).calculate():
@@ -123,7 +173,7 @@ def calculate(self):
             for hit in proc.search_process_memory(tags, vad_filter = vad_filter):
                 ## Get a preview of the data to see what tag was detected 
                 tag = ps_as.read(hit, 4)
-                
+
                 ## Create the appropriate object type based on the tag 
                 record = obj.Object(tag_records[tag], offset = hit, vm = ps_as)
                 if record.is_valid():
@@ -186,21 +236,34 @@ def generator(self, data):
 
     def render_text(self, outfd, data):
         for process, record in data:
-            outfd.write("*" * 50 + "\n")
-            outfd.write("Process: {0} {1}\n".format(process.UniqueProcessId, process.ImageFileName))
-            outfd.write("Cache type \"{0}\" at {1:#x}\n".format(record.Signature, record.obj_offset))
-            outfd.write("Record length: {0:#x}\n".format(record.Length))
-            outfd.write("Location: {0}\n".format(record.Url))
-            ## Extended fields are available for these records 
-            if record.obj_name == "_URL_RECORD":
-                outfd.write("Last modified: {0}\n".format(record.LastModified))
-                outfd.write("Last accessed: {0}\n".format(record.LastAccessed))
-                outfd.write("File Offset: {0:#x}, Data Offset: {1:#x}, Data Length: {2:#x}\n".format(record.Length, record.FileOffset, record.DataOffset, record.DataSize))
-                if record.FileOffset > 0:
-                    outfd.write("File: {0}\n".format(record.File))
-                if record.has_data():
-                    outfd.write("Data: {0}\n".format(record.Data))
-                    
+            if record.obj_name == "_DEST_RECORD":
+                url, title = record.url_and_title()
+
+                if len(url) > 4:
+                    outfd.write("*" * 50 + "\n")
+                    outfd.write("Process: {0} {1}\n".format(process.UniqueProcessId, process.ImageFileName))
+                    outfd.write("Cache type \"{0}\" at {1:#x}\n".format(record.Signature, record.obj_offset))
+                    outfd.write("Last modified: {0}\n".format(record.LastModified))
+                    outfd.write("Last accessed: {0}\n".format(record.LastAccessed))
+                    outfd.write("URL: {0}\n".format(url)) 
+                    if len(title) > 4:
+                        outfd.write("Title: {0}\n".format(title)) 
+            else:
+                outfd.write("*" * 50 + "\n")
+                outfd.write("Process: {0} {1}\n".format(process.UniqueProcessId, process.ImageFileName))
+                outfd.write("Cache type \"{0}\" at {1:#x}\n".format(record.Signature, record.obj_offset))
+                outfd.write("Record length: {0:#x}\n".format(record.Length))
+                outfd.write("Location: {0}\n".format(record.Url))
+                ## Extended fields are available for these records 
+                if record.obj_name == "_URL_RECORD":
+                    outfd.write("Last modified: {0}\n".format(record.LastModified))
+                    outfd.write("Last accessed: {0}\n".format(record.LastAccessed))
+                    outfd.write("File Offset: {0:#x}, Data Offset: {1:#x}, Data Length: {2:#x}\n".format(record.Length, record.FileOffset, record.DataOffset, record.DataSize))
+                    if record.FileOffset > 0:
+                        outfd.write("File: {0}\n".format(record.File))
+                    if record.has_data():
+                        outfd.write("Data: {0}\n".format(record.Data))
+ 
     def render_csv(self, outfd, data):
         for process, record in data:
             if record.obj_name == "_URL_RECORD":

From b87d2a4ec3edc86b9d4d165b1d0fa9f4131c6ebb Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Tue, 30 Aug 2016 10:32:20 -0400
Subject: [PATCH 019/304] getsids: fixing missing backslashes

---
 volatility/plugins/getsids.py | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/volatility/plugins/getsids.py b/volatility/plugins/getsids.py
index 852913c3c..ed755863c 100644
--- a/volatility/plugins/getsids.py
+++ b/volatility/plugins/getsids.py
@@ -108,19 +108,19 @@ def find_sid_re(sid_string, sid_re_list):
   'S-1-5-32-550': 'Print Operators',
   'S-1-5-32-551': 'Backup Operators',
   'S-1-5-32-552': 'Replicators',
-  'S-1-5-32-554': 'BUILTIN\Pre-Windows 2000 Compatible Access',
-  'S-1-5-32-555': 'BUILTIN\Remote Desktop Users',
-  'S-1-5-32-556': 'BUILTIN\Network Configuration Operators',
-  'S-1-5-32-557': 'BUILTIN\Incoming Forest Trust Builders',
-  'S-1-5-32-558': 'BUILTIN\Performance Monitor Users',
-  'S-1-5-32-559': 'BUILTIN\Performance Log Users',
-  'S-1-5-32-560': 'BUILTIN\Windows Authorization Access Group',
-  'S-1-5-32-561': 'BUILTIN\Terminal Server License Servers',
-  'S-1-5-32-562': 'BUILTIN\Distributed COM Users',
-  'S-1-5-32-568': 'BUILTIN\IIS IUSRS',
+  'S-1-5-32-554': 'BUILTIN\\Pre-Windows 2000 Compatible Access',
+  'S-1-5-32-555': 'BUILTIN\\Remote Desktop Users',
+  'S-1-5-32-556': 'BUILTIN\\Network Configuration Operators',
+  'S-1-5-32-557': 'BUILTIN\\Incoming Forest Trust Builders',
+  'S-1-5-32-558': 'BUILTIN\\Performance Monitor Users',
+  'S-1-5-32-559': 'BUILTIN\\Performance Log Users',
+  'S-1-5-32-560': 'BUILTIN\\Windows Authorization Access Group',
+  'S-1-5-32-561': 'BUILTIN\\Terminal Server License Servers',
+  'S-1-5-32-562': 'BUILTIN\\Distributed COM Users',
+  'S-1-5-32-568': 'BUILTIN\\IIS IUSRS',
   'S-1-5-32-569': 'Cryptographic Operators',
-  'S-1-5-32-573': 'BUILTIN\Event Log Readers',
-  'S-1-5-32-574': 'BUILTIN\Certificate Service DCOM Access',
+  'S-1-5-32-573': 'BUILTIN\\Event Log Readers',
+  'S-1-5-32-574': 'BUILTIN\\Certificate Service DCOM Access',
   'S-1-5-33': 'Write Restricted',
   'S-1-5-64-10': 'NTLM Authentication',
   'S-1-5-64-14': 'SChannel Authentication',

From af075f8fff8cbb284f5b3661b45d11c517f6cdc0 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Thu, 1 Sep 2016 03:23:39 -0500
Subject: [PATCH 020/304] Windows - update svcscan to print the executable that
 runs on service launch failure

---
 volatility/plugins/malware/svcscan.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/malware/svcscan.py b/volatility/plugins/malware/svcscan.py
index 0bf4c0570..6c91e07b2 100644
--- a/volatility/plugins/malware/svcscan.py
+++ b/volatility/plugins/malware/svcscan.py
@@ -436,11 +436,16 @@ def get_service_info(regapi):
 
             path_value = ""
             dll_value = ""
+            failure_value = ""
 
             image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey)
             if image_path:
                 path_value = utils.remove_unprintable(image_path)
 
+            failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey)
+            if failure_path:
+                failure_value = utils.remove_unprintable(failure_path)
+
             for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
                 if rootkey.Name == "Parameters":
                     service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
@@ -448,7 +453,7 @@ def get_service_info(regapi):
                         dll_value = utils.remove_unprintable(service_dll)
                     break
 
-            info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value)
+            info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value)
 
         return info
 
@@ -464,7 +469,8 @@ def unified_output(self, data):
                        ("State", str),
                        ("BinaryPath", str),
                        ("ServiceDll", str),
-                       ("ImagePath", str)],
+                       ("ImagePath", str),
+                       ("FailureCommand", str)],
                         self.generator(data)) 
 
         return TreeGrid([("Offset", Address),
@@ -496,7 +502,8 @@ def generator(self, data):
                         str(rec.State),
                         str(rec.Binary or ""),
                         str(vals[0] if vals else ""),
-                        str(vals[1] if vals else "")])  
+                        str(vals[1] if vals else ""), 
+                        str(vals[2] if vals else "")])  
             else:
                 yield (0, [Address(rec.obj_offset),
                         int(rec.Order),
@@ -531,5 +538,6 @@ def render_text(self, outfd, data):
                 if vals:
                     outfd.write("ServiceDll: {0}\n".format(vals[0]))
                     outfd.write("ImagePath: {0}\n".format(vals[1]))
+                    outfd.write("FailureCommand: {0}\n".format(vals[2]))
 
             outfd.write("\n")

From 3399683aee4a4b7dcb3f20556271c0c570cfd918 Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Tue, 6 Sep 2016 14:36:12 -0400
Subject: [PATCH 021/304] fixing typo in issue #325

Thanks, Wyatt!
---
 tools/mac/mac_create_all_profiles.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/mac/mac_create_all_profiles.py b/tools/mac/mac_create_all_profiles.py
index 9e0b30520..241521179 100644
--- a/tools/mac/mac_create_all_profiles.py
+++ b/tools/mac/mac_create_all_profiles.py
@@ -135,7 +135,7 @@ def main():
         elif version.startswith("10.10"):
             osx_name = "Yosemite"
             profile_runs.append((full_path, "x86_64", osx_name, version, build))
-        elif version.startwith("10.11"):
+        elif version.startswith("10.11"):
             osx_name = "ElCapitan"
             profile_runs.append((full_path, "x86_64", osx_name, version, build))
 

From 6e51c593ead725400c633e08d65271d9e1073fd1 Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Tue, 6 Sep 2016 14:39:46 -0400
Subject: [PATCH 022/304] adding new windows 10 profile

---
 volatility/plugins/overlays/windows/win10.py  |    13 +-
 .../windows/win10_x64_DDA2B209_vtypes.py      | 13258 ++++++++++++++++
 2 files changed, 13269 insertions(+), 2 deletions(-)
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_DDA2B209_vtypes.py

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index aa033d3e6..2626127fb 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -385,7 +385,7 @@ def modification(self, profile):
         metadata = profile.metadata
         build = metadata.get("build", 0)
 
-        if build == 10240:
+        if build >= 10240:
             header = _OBJECT_HEADER_10_1AC738FB
         else:
             header = _OBJECT_HEADER_10
@@ -397,7 +397,7 @@ class Win10PoolHeader(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows',
                   'major': lambda x: x == 6,
                   'minor': lambda x: x == 4,
-                  'build': lambda x: x == 10240}
+                  'build': lambda x: x >= 10240}
 
     def modification(self, profile):
 
@@ -448,6 +448,15 @@ class Win10x64_1AC738FB(obj.Profile):
     _md_build = 10240
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_1AC738FB_vtypes'
 
+class Win10x64_DDA2B209(obj.Profile):
+    """ A Profile for Windows 10 x64 from PDB DDA2B209"""
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 10241
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_DDA2B209_vtypes'
+
 class Win10x86(obj.Profile):
     """ A Profile for Windows 10 x86 """
     _md_memory_model = '32bit'
diff --git a/volatility/plugins/overlays/windows/win10_x64_DDA2B209_vtypes.py b/volatility/plugins/overlays/windows/win10_x64_DDA2B209_vtypes.py
new file mode 100644
index 000000000..19868e643
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_DDA2B209_vtypes.py
@@ -0,0 +1,13258 @@
+ntkrnlmp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'Reserved12' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'Reserved8' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1080' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1080']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1098' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_109a' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_1098']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_109a']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['pointer64', ['void']]]],
+    'SystemReserved1' : [ 0x190, ['array', 38, ['pointer64', ['void']]]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0x18, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned short']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_1108' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1108']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x6a80, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x6900, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IdleState' : [ 0x23, ['unsigned char']],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'ProcessorState' : [ 0x40, ['_KPROCESSOR_STATE']],
+    'CpuType' : [ 0x5f0, ['unsigned char']],
+    'CpuID' : [ 0x5f1, ['unsigned char']],
+    'CpuStep' : [ 0x5f2, ['unsigned short']],
+    'CpuStepping' : [ 0x5f2, ['unsigned char']],
+    'CpuModel' : [ 0x5f3, ['unsigned char']],
+    'MHz' : [ 0x5f4, ['unsigned long']],
+    'HalReserved' : [ 0x5f8, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x638, ['unsigned short']],
+    'MajorVersion' : [ 0x63a, ['unsigned short']],
+    'BuildType' : [ 0x63c, ['unsigned char']],
+    'CpuVendor' : [ 0x63d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x63e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x63f, ['unsigned char']],
+    'ParentNode' : [ 0x640, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0x648, ['unsigned long long']],
+    'Group' : [ 0x650, ['unsigned char']],
+    'GroupIndex' : [ 0x651, ['unsigned char']],
+    'PrcbPad05' : [ 0x652, ['array', 2, ['unsigned char']]],
+    'InitialApicId' : [ 0x654, ['unsigned long']],
+    'ScbOffset' : [ 0x658, ['unsigned long']],
+    'ApicMask' : [ 0x65c, ['unsigned long']],
+    'AcpiReserved' : [ 0x660, ['pointer64', ['void']]],
+    'CFlushSize' : [ 0x668, ['unsigned long']],
+    'PrcbPad10' : [ 0x66c, ['unsigned long']],
+    'LockQueue' : [ 0x670, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x780, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x880, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0x1480, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x2080, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PrcbPad20' : [ 0x2c80, ['unsigned long long']],
+    'DeferredReadyListHead' : [ 0x2c88, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2c90, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2c94, ['long']],
+    'MmTransitionCount' : [ 0x2c98, ['long']],
+    'MmDemandZeroCount' : [ 0x2c9c, ['long']],
+    'MmPageReadCount' : [ 0x2ca0, ['long']],
+    'MmPageReadIoCount' : [ 0x2ca4, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x2ca8, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x2cac, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x2cb0, ['long']],
+    'MmMappedWriteIoCount' : [ 0x2cb4, ['long']],
+    'KeSystemCalls' : [ 0x2cb8, ['unsigned long']],
+    'KeContextSwitches' : [ 0x2cbc, ['unsigned long']],
+    'LdtSelector' : [ 0x2cc0, ['unsigned short']],
+    'PrcbPad40' : [ 0x2cc2, ['unsigned short']],
+    'CcFastReadNoWait' : [ 0x2cc4, ['unsigned long']],
+    'CcFastReadWait' : [ 0x2cc8, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x2ccc, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x2cd0, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x2cd4, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x2cd8, ['unsigned long']],
+    'IoReadOperationCount' : [ 0x2cdc, ['long']],
+    'IoWriteOperationCount' : [ 0x2ce0, ['long']],
+    'IoOtherOperationCount' : [ 0x2ce4, ['long']],
+    'IoReadTransferCount' : [ 0x2ce8, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x2cf0, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x2cf8, ['_LARGE_INTEGER']],
+    'PacketBarrier' : [ 0x2d00, ['long']],
+    'TargetCount' : [ 0x2d04, ['long']],
+    'IpiFrozen' : [ 0x2d08, ['unsigned long']],
+    'IsrDpcStats' : [ 0x2d10, ['pointer64', ['void']]],
+    'DeviceInterrupts' : [ 0x2d18, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x2d1c, ['long']],
+    'InterruptLastCount' : [ 0x2d20, ['unsigned long']],
+    'InterruptRate' : [ 0x2d24, ['unsigned long']],
+    'PrcbPad41' : [ 0x2d28, ['array', 22, ['unsigned long']]],
+    'DpcData' : [ 0x2d80, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2dd0, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2dd8, ['long']],
+    'DpcRequestRate' : [ 0x2ddc, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x2de0, ['unsigned long']],
+    'DpcLastCount' : [ 0x2de4, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x2de8, ['unsigned char']],
+    'QuantumEnd' : [ 0x2de9, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x2dea, ['unsigned char']],
+    'IdleSchedule' : [ 0x2deb, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x2dec, ['long']],
+    'DpcRequestSlot' : [ 0x2dec, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x2dec, ['short']],
+    'ThreadDpcState' : [ 0x2dee, ['short']],
+    'DpcNormalProcessingActive' : [ 0x2dec, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x2dec, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x2dec, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x2dec, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x2dec, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x2dec, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x2dec, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x2dec, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x2dec, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x2dec, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2df0, ['unsigned long']],
+    'LastTick' : [ 0x2df4, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2df8, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2dfc, ['unsigned long']],
+    'InterruptObject' : [ 0x2e00, ['array', 256, ['pointer64', ['void']]]],
+    'TimerTable' : [ 0x3600, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x5800, ['_KGATE']],
+    'PrcbPad52' : [ 0x5818, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x5820, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x5860, ['long']],
+    'PrcbPad60' : [ 0x5864, ['array', 2, ['unsigned char']]],
+    'NmiActive' : [ 0x5866, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x5868, ['long']],
+    'DpcWatchdogCount' : [ 0x586c, ['long']],
+    'KeSpinLockOrdering' : [ 0x5870, ['long']],
+    'PrcbPad70' : [ 0x5874, ['array', 1, ['unsigned long']]],
+    'CachedPtes' : [ 0x5878, ['pointer64', ['void']]],
+    'WaitListHead' : [ 0x5880, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x5890, ['unsigned long long']],
+    'ReadySummary' : [ 0x5898, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x589c, ['long']],
+    'QueueIndex' : [ 0x58a0, ['unsigned long']],
+    'PrcbPad75' : [ 0x58a4, ['array', 3, ['unsigned long']]],
+    'TimerExpirationDpc' : [ 0x58b0, ['_KDPC']],
+    'ScbQueue' : [ 0x58f0, ['_RTL_RB_TREE']],
+    'DispatcherReadyListHead' : [ 0x5900, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x5b00, ['unsigned long']],
+    'KernelTime' : [ 0x5b04, ['unsigned long']],
+    'UserTime' : [ 0x5b08, ['unsigned long']],
+    'DpcTime' : [ 0x5b0c, ['unsigned long']],
+    'InterruptTime' : [ 0x5b10, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x5b14, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x5b18, ['unsigned char']],
+    'GroupSchedulingOverQuota' : [ 0x5b19, ['unsigned char']],
+    'DeepSleep' : [ 0x5b1a, ['unsigned char']],
+    'PrcbPad80' : [ 0x5b1b, ['array', 5, ['unsigned char']]],
+    'DpcTimeCount' : [ 0x5b20, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x5b24, ['unsigned long']],
+    'PeriodicCount' : [ 0x5b28, ['unsigned long']],
+    'PeriodicBias' : [ 0x5b2c, ['unsigned long']],
+    'AvailableTime' : [ 0x5b30, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x5b34, ['unsigned long']],
+    'StartCycles' : [ 0x5b38, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x5b40, ['unsigned long long']],
+    'TaggedCycles' : [ 0x5b48, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x5b58, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x5b60, ['unsigned long long']],
+    'PrcbPad81' : [ 0x5b68, ['array', 29, ['unsigned long']]],
+    'MmSpinLockOrdering' : [ 0x5bdc, ['long']],
+    'PageColor' : [ 0x5be0, ['unsigned long']],
+    'NodeColor' : [ 0x5be4, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x5be8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x5bec, ['unsigned long']],
+    'PrcbPad83' : [ 0x5bf0, ['unsigned long']],
+    'CycleTime' : [ 0x5bf8, ['unsigned long long']],
+    'Cycles' : [ 0x5c00, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad84' : [ 0x5c40, ['array', 16, ['unsigned long']]],
+    'CcFastMdlReadNoWait' : [ 0x5c80, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x5c84, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x5c88, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x5c8c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x5c90, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x5c94, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x5c98, ['unsigned long']],
+    'CcPinReadWait' : [ 0x5c9c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x5ca0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x5ca4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x5ca8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x5cac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x5cb0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x5cb4, ['unsigned long']],
+    'CcDataPages' : [ 0x5cb8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x5cbc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x5cc0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x5cc4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x5cc8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x5ccc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x5cd0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x5cd4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x5cd8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x5cdc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x5ce0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x5ce4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x5ce8, ['long']],
+    'MmCacheReadCount' : [ 0x5cec, ['long']],
+    'MmCacheIoCount' : [ 0x5cf0, ['long']],
+    'PrcbPad91' : [ 0x5cf4, ['array', 3, ['unsigned long']]],
+    'PowerState' : [ 0x5d00, ['_PROCESSOR_POWER_STATE']],
+    'ScbList' : [ 0x5ed0, ['_LIST_ENTRY']],
+    'PrcbPad92' : [ 0x5ee0, ['array', 7, ['unsigned long']]],
+    'KeAlignmentFixupCount' : [ 0x5efc, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x5f00, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x5f40, ['_KTIMER']],
+    'Cache' : [ 0x5f80, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x5fbc, ['unsigned long']],
+    'CachedCommit' : [ 0x5fc0, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x5fc4, ['unsigned long']],
+    'HyperPte' : [ 0x5fc8, ['pointer64', ['void']]],
+    'WheaInfo' : [ 0x5fd0, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x5fd8, ['pointer64', ['void']]],
+    'InterruptObjectPool' : [ 0x5fe0, ['_SLIST_HEADER']],
+    'HypercallPageList' : [ 0x5ff0, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x6000, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x6008, ['pointer64', ['void']]],
+    'StatisticsPage' : [ 0x6010, ['pointer64', ['unsigned long long']]],
+    'PackageProcessorSet' : [ 0x6018, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x60c0, ['unsigned long long']],
+    'SharedReadyQueue' : [ 0x60c8, ['pointer64', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x60d0, ['unsigned long']],
+    'ScanSiblingIndex' : [ 0x60d4, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x60d8, ['unsigned long long']],
+    'ScanSiblingMask' : [ 0x60e0, ['unsigned long long']],
+    'LLCMask' : [ 0x60e8, ['unsigned long long']],
+    'CacheProcessorMask' : [ 0x60f0, ['array', 5, ['unsigned long long']]],
+    'ProcessorProfileControlArea' : [ 0x6118, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x6120, ['pointer64', ['void']]],
+    'PrcbPad94' : [ 0x6128, ['array', 11, ['unsigned long long']]],
+    'SynchCounters' : [ 0x6180, ['_SYNCH_COUNTERS']],
+    'PteBitCache' : [ 0x6238, ['unsigned long long']],
+    'PteBitOffset' : [ 0x6240, ['unsigned long']],
+    'FsCounters' : [ 0x6248, ['_FILESYSTEM_DISK_COUNTERS']],
+    'VendorString' : [ 0x6258, ['array', 13, ['unsigned char']]],
+    'PrcbPad100' : [ 0x6265, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x6268, ['unsigned long long']],
+    'PrcbPad110' : [ 0x6270, ['unsigned long']],
+    'UpdateSignature' : [ 0x6278, ['_LARGE_INTEGER']],
+    'Context' : [ 0x6280, ['pointer64', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x6288, ['unsigned long']],
+    'ExtendedState' : [ 0x6290, ['pointer64', ['_XSAVE_AREA']]],
+    'IsrStack' : [ 0x6298, ['pointer64', ['void']]],
+    'EntropyTimingState' : [ 0x62a0, ['_KENTROPY_TIMING_STATE']],
+    'AbSelfIoBoostsList' : [ 0x63f0, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x63f8, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x6400, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x6440, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x6494, ['_IOP_IRP_STACK_PROFILER']],
+    'LocalSharedReadyQueue' : [ 0x6500, ['_KSHARED_READY_QUEUE']],
+    'TimerExpirationTrace' : [ 0x6760, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x6860, ['unsigned long']],
+    'ExSaPageArray' : [ 0x6868, ['pointer64', ['void']]],
+    'Mailbox' : [ 0x6880, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestMailbox' : [ 0x68c0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KFLOATING_SAVE' : [ 0x4, {
+    'Dummy' : [ 0x0, ['unsigned long']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0x2d8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long']],
+    'Spare0' : [ 0x44, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x48, ['unsigned long long']],
+    'Affinity' : [ 0x50, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x110, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x1b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x1b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x1b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'DeepFreeze' : [ 0x1b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x1b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x1b8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SpareFlags0' : [ 0x1b8, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x1b8, ['BitField', dict(start_bit = 8, end_bit = 28, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x1b8, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x1b8, ['long']],
+    'BasePriority' : [ 0x1bc, ['unsigned char']],
+    'QuantumReset' : [ 0x1bd, ['unsigned char']],
+    'Visited' : [ 0x1be, ['unsigned char']],
+    'Flags' : [ 0x1bf, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x1c0, ['array', 20, ['unsigned long']]],
+    'IdealNode' : [ 0x210, ['array', 20, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x238, ['unsigned short']],
+    'Spare1' : [ 0x23a, ['unsigned short']],
+    'StackCount' : [ 0x23c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x240, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x250, ['unsigned long long']],
+    'ContextSwitches' : [ 0x258, ['unsigned long long']],
+    'SchedulingGroup' : [ 0x260, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'FreezeCount' : [ 0x268, ['unsigned long']],
+    'KernelTime' : [ 0x26c, ['unsigned long']],
+    'UserTime' : [ 0x270, ['unsigned long']],
+    'LdtFreeSelectorHint' : [ 0x274, ['unsigned short']],
+    'LdtTableLength' : [ 0x276, ['unsigned short']],
+    'LdtSystemDescriptor' : [ 0x278, ['_KGDTENTRY64']],
+    'LdtBaseAddress' : [ 0x288, ['pointer64', ['void']]],
+    'LdtProcessLock' : [ 0x290, ['_FAST_MUTEX']],
+    'InstrumentationCallback' : [ 0x2c8, ['pointer64', ['void']]],
+    'SecurePid' : [ 0x2d0, ['unsigned long long']],
+} ],
+  '_KTHREAD' : [ 0x5d8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'StackBase' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'CycleTime' : [ 0x48, ['unsigned long long']],
+    'CurrentRunTime' : [ 0x50, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
+    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
+    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x71, ['unsigned char']],
+    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x74, ['long']],
+    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlagsSpare0' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CommitFailTerminateRequest' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x78, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x78, ['BitField', dict(start_bit = 19, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x78, ['long']],
+    'Tag' : [ 0x7c, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x7d, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x7f, ['unsigned char']],
+    'SystemCallNumber' : [ 0x80, ['unsigned long']],
+    'Spare10' : [ 0x84, ['unsigned long']],
+    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
+    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x98, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0xc3, ['unsigned char']],
+    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
+    'WaitStatus' : [ 0xc8, ['long long']],
+    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xf0, ['pointer64', ['void']]],
+    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
+    'Timer' : [ 0x100, ['_KTIMER']],
+    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
+    'ContextSwitches' : [ 0x154, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
+    'State' : [ 0x184, ['unsigned char']],
+    'Spare13' : [ 0x185, ['unsigned char']],
+    'WaitIrql' : [ 0x186, ['unsigned char']],
+    'WaitMode' : [ 0x187, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
+    'WaitTime' : [ 0x1b4, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1e4, ['short']],
+    'SpecialApcDisable' : [ 0x1e6, ['short']],
+    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
+    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
+    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
+    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
+    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
+    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
+    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'TebMappedLowVa' : [ 0x200, ['pointer64', ['void']]],
+    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x218, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x21c, ['long']],
+    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
+    'PreviousMode' : [ 0x232, ['unsigned char']],
+    'BasePriority' : [ 0x233, ['unsigned char']],
+    'PriorityDecrement' : [ 0x234, ['unsigned char']],
+    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x235, ['unsigned char']],
+    'AdjustReason' : [ 0x236, ['unsigned char']],
+    'AdjustIncrement' : [ 0x237, ['unsigned char']],
+    'AffinityVersion' : [ 0x238, ['unsigned long long']],
+    'Affinity' : [ 0x240, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x240, ['array', 10, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x24a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x24b, ['unsigned char']],
+    'IdealProcessor' : [ 0x24c, ['unsigned long']],
+    'NpxState' : [ 0x250, ['unsigned long long']],
+    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x283, ['unsigned char']],
+    'SuspendCount' : [ 0x284, ['unsigned char']],
+    'Saturation' : [ 0x285, ['unsigned char']],
+    'SListFaultCount' : [ 0x286, ['unsigned short']],
+    'SchedulerApc' : [ 0x288, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x289, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x28b, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x28c, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
+    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
+    'UserTime' : [ 0x2dc, ['unsigned long']],
+    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x318, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x319, ['unsigned char']],
+    'Spare20' : [ 0x31a, ['unsigned short']],
+    'SecureThreadCookie' : [ 0x31c, ['unsigned long']],
+    'LockEntries' : [ 0x320, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x568, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x570, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x580, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x584, ['long']],
+    'KeReferenceCount' : [ 0x588, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x58a, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x58b, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x58c, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x590, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x590, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x598, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x5a0, ['long long']],
+    'WriteOperationCount' : [ 0x5a8, ['long long']],
+    'OtherOperationCount' : [ 0x5b0, ['long long']],
+    'ReadTransferCount' : [ 0x5b8, ['long long']],
+    'WriteTransferCount' : [ 0x5c0, ['long long']],
+    'OtherTransferCount' : [ 0x5c8, ['long long']],
+    'QueuedScb' : [ 0x5d0, ['pointer64', ['_KSCB']]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x30, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'ActualLimit' : [ 0x8, ['unsigned long long']],
+    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_1269' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'HeaderX64' : [ 0x0, ['__unnamed_1269']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x100, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long long']],
+    'IdleSmtSet' : [ 0x8, ['unsigned long long']],
+    'IdleCpuSet' : [ 0x10, ['unsigned long long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long long']],
+    'IdleConstrainedSet' : [ 0x48, ['unsigned long long']],
+    'NonParkedSet' : [ 0x50, ['unsigned long long']],
+    'ParkLock' : [ 0x58, ['long']],
+    'Seed' : [ 0x5c, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x88, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x88, ['array', 10, ['unsigned char']]],
+    'NodeNumber' : [ 0x92, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x94, ['unsigned short']],
+    'Stride' : [ 0x96, ['unsigned char']],
+    'Spare0' : [ 0x97, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x98, ['unsigned long long']],
+    'ProximityId' : [ 0xa0, ['unsigned long']],
+    'Lowest' : [ 0xa4, ['unsigned long']],
+    'Highest' : [ 0xa8, ['unsigned long']],
+    'MaximumProcessors' : [ 0xac, ['unsigned char']],
+    'Flags' : [ 0xad, ['_flags']],
+    'Spare10' : [ 0xae, ['unsigned char']],
+    'HeteroSets' : [ 0xb0, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+} ],
+  '_ENODE' : [ 0x540, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'ExWorkQueues' : [ 0x100, ['array', 8, ['pointer64', ['_EX_WORK_QUEUE']]]],
+    'ExWorkQueue' : [ 0x140, ['_EX_WORK_QUEUE']],
+    'ExpThreadSetManagerEvent' : [ 0x410, ['_KEVENT']],
+    'ExpDeadlockTimer' : [ 0x428, ['_KTIMER']],
+    'ExpThreadReaperEvent' : [ 0x468, ['_KEVENT']],
+    'WaitBlocks' : [ 0x480, ['array', 3, ['_KWAIT_BLOCK']]],
+    'ExpWorkerThreadBalanceManagerPtr' : [ 0x510, ['pointer64', ['_ETHREAD']]],
+    'ExpWorkerSeed' : [ 0x518, ['unsigned long']],
+    'ExWorkerFullInit' : [ 0x51c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerStructInit' : [ 0x51c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExWorkerFlags' : [ 0x51c, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long long']],
+    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x2c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
+    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x4, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'VolatileLowValue' : [ 0x0, ['long long']],
+    'LowValue' : [ 0x0, ['long long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x8, ['long long']],
+    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
+    'RefCountField' : [ 0x0, ['long long']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
+    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+    'Spare2' : [ 0xc, ['unsigned long']],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_135c' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_135c']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xe0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_EPROCESS' : [ 0x788, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x2d8, ['_EX_PUSH_LOCK']],
+    'RundownProtect' : [ 0x2e0, ['_EX_RUNDOWN_REF']],
+    'UniqueProcessId' : [ 0x2e8, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x2f0, ['_LIST_ENTRY']],
+    'Flags2' : [ 0x300, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x304, ['unsigned long']],
+    'CreateReported' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x304, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ControlFlowGuardEnabled' : [ 0x304, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x304, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x304, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x304, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0x304, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x304, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x304, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x304, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x304, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x304, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x304, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x304, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x304, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0x304, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x304, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x304, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x304, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x304, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0x304, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x304, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x304, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x304, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x304, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0x308, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x320, ['array', 2, ['unsigned long long']]],
+    'PeakVirtualSize' : [ 0x330, ['unsigned long long']],
+    'VirtualSize' : [ 0x338, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x340, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x350, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x350, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x350, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Token' : [ 0x358, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0x360, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x368, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x370, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x378, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x380, ['pointer64', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x388, ['pointer64', ['_EJOB']]],
+    'CloneRoot' : [ 0x390, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x398, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x3a0, ['unsigned long long']],
+    'Win32Process' : [ 0x3a8, ['pointer64', ['void']]],
+    'Job' : [ 0x3b0, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x3b8, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x3c0, ['pointer64', ['void']]],
+    'Cookie' : [ 0x3c8, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x3d0, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x3d8, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x3e0, ['pointer64', ['void']]],
+    'LdtInformation' : [ 0x3e8, ['pointer64', ['void']]],
+    'OwnerProcessId' : [ 0x3f0, ['unsigned long long']],
+    'Peb' : [ 0x3f8, ['pointer64', ['_PEB']]],
+    'Session' : [ 0x400, ['pointer64', ['void']]],
+    'AweInfo' : [ 0x408, ['pointer64', ['void']]],
+    'QuotaBlock' : [ 0x410, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x418, ['pointer64', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x420, ['pointer64', ['void']]],
+    'WoW64Process' : [ 0x428, ['pointer64', ['_EWOW64PROCESS']]],
+    'DeviceMap' : [ 0x430, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x438, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x440, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x448, ['pointer64', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x450, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x45f, ['unsigned char']],
+    'SecurityPort' : [ 0x460, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x468, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x470, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x480, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x488, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x498, ['unsigned long']],
+    'ImagePathHash' : [ 0x49c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x4a0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x4a4, ['long']],
+    'PrefetchTrace' : [ 0x4a8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x4b0, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x4b8, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x4c0, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x4c8, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x4d0, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x4d8, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x4e0, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x4e8, ['unsigned long long']],
+    'CommitCharge' : [ 0x4f0, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x4f8, ['unsigned long long']],
+    'Vm' : [ 0x500, ['_MMSUPPORT']],
+    'MmProcessLinks' : [ 0x5f8, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x608, ['unsigned long']],
+    'ExitStatus' : [ 0x60c, ['long']],
+    'VadRoot' : [ 0x610, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x618, ['pointer64', ['void']]],
+    'VadCount' : [ 0x620, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x628, ['unsigned long long']],
+    'VadPhysicalPagesLimit' : [ 0x630, ['unsigned long long']],
+    'AlpcContext' : [ 0x638, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x658, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x668, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x670, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x674, ['unsigned long']],
+    'ExitTime' : [ 0x678, ['_LARGE_INTEGER']],
+    'InvertedFunctionTable' : [ 0x680, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
+    'InvertedFunctionTableLock' : [ 0x688, ['_EX_PUSH_LOCK']],
+    'ActiveThreadsHighWatermark' : [ 0x690, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x694, ['unsigned long']],
+    'ThreadListLock' : [ 0x698, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x6a0, ['pointer64', ['void']]],
+    'Spare0' : [ 0x6a8, ['unsigned long long']],
+    'SignatureLevel' : [ 0x6b0, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x6b1, ['unsigned char']],
+    'Protection' : [ 0x6b2, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x6b3, ['unsigned char']],
+    'Flags3' : [ 0x6b4, ['unsigned long']],
+    'Minimal' : [ 0x6b4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x6b4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x6b4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x6b4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Crashed' : [ 0x6b4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x6b4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x6b4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x6b4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x6b4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6b4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'InPrivate' : [ 0x6b4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x6b4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x6b4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x6b4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x6b8, ['long']],
+    'SvmData' : [ 0x6c0, ['pointer64', ['void']]],
+    'SvmProcessLock' : [ 0x6c8, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x6d0, ['unsigned long long']],
+    'SvmProcessDeviceListHead' : [ 0x6d8, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x6e8, ['unsigned long long']],
+    'DiskCounters' : [ 0x6f0, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x6f8, ['pointer64', ['void']]],
+    'TrustletIdentity' : [ 0x700, ['unsigned long long']],
+    'KeepAliveCounter' : [ 0x708, ['unsigned long']],
+    'NoWakeKeepAliveCounter' : [ 0x70c, ['unsigned long']],
+    'HighPriorityFaultsAllowed' : [ 0x710, ['unsigned long']],
+    'EnergyValues' : [ 0x718, ['pointer64', ['_PROCESS_ENERGY_VALUES']]],
+    'VmContext' : [ 0x720, ['pointer64', ['void']]],
+    'SequenceNumber' : [ 0x728, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x730, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x738, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x740, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x748, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x750, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x750, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x758, ['unsigned long long']],
+    'SharedCommitLock' : [ 0x760, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x768, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x778, ['unsigned long long']],
+    'DefaultCpuSets' : [ 0x780, ['unsigned long long']],
+    'AllowedCpuSetsIndirect' : [ 0x778, ['pointer64', ['unsigned long long']]],
+    'DefaultCpuSetsIndirect' : [ 0x780, ['pointer64', ['unsigned long long']]],
+} ],
+  '_EWOW64PROCESS' : [ 0x10, {
+    'Peb' : [ 0x0, ['pointer64', ['void']]],
+    'Machine' : [ 0x8, ['unsigned short']],
+} ],
+  '_ETHREAD' : [ 0x7c0, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x5d8, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x5e0, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x5e0, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x5f0, ['pointer64', ['void']]],
+    'PostBlockList' : [ 0x5f8, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x5f8, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x600, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x608, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x608, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x608, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x610, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x618, ['_LIST_ENTRY']],
+    'Cid' : [ 0x628, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x638, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x638, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x658, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x660, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x670, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x678, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x680, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x688, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x690, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x6a0, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x6a8, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x6b0, ['unsigned long']],
+    'MmLockOrdering' : [ 0x6b4, ['long']],
+    'CmLockOrdering' : [ 0x6b8, ['long']],
+    'CrossThreadFlags' : [ 0x6bc, ['unsigned long']],
+    'Terminated' : [ 0x6bc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x6bc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x6bc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x6bc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x6bc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x6bc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x6bc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x6bc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x6bc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x6bc, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x6bc, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x6bc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x6bc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6bc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x6bc, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x6c0, ['unsigned long']],
+    'ActiveExWorker' : [ 0x6c0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x6c0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x6c0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x6c0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x6c0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x6c0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x6c0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x6c0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x6c4, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x6c4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x6c4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x6c4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x6c4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x6c4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x6c4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x6c4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x6c4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x6c5, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x6c5, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x6c8, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x6c9, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x6ca, ['unsigned char']],
+    'LockOrderState' : [ 0x6cb, ['unsigned char']],
+    'AlpcMessageId' : [ 0x6d0, ['unsigned long long']],
+    'AlpcMessage' : [ 0x6d8, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x6d8, ['unsigned long']],
+    'ExitStatus' : [ 0x6e0, ['long']],
+    'AlpcWaitListEntry' : [ 0x6e8, ['_LIST_ENTRY']],
+    'CacheManagerCount' : [ 0x6f8, ['unsigned long']],
+    'IoBoostCount' : [ 0x6fc, ['unsigned long']],
+    'BoostList' : [ 0x700, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x710, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x720, ['unsigned long long']],
+    'IrpListLock' : [ 0x728, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x730, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x738, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x740, ['pointer64', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x748, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x750, ['pointer64', ['void']]],
+    'KernelStackReference' : [ 0x758, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x760, ['pointer64', ['void']]],
+    'WorkingOnBehalfClient' : [ 0x768, ['pointer64', ['void']]],
+    'PropertySet' : [ 0x770, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x788, ['pointer64', ['void']]],
+    'UserFsBase' : [ 0x790, ['unsigned long']],
+    'UserGsBase' : [ 0x798, ['unsigned long long']],
+    'EnergyValues' : [ 0x7a0, ['pointer64', ['_THREAD_ENERGY_VALUES']]],
+    'CmCellReferences' : [ 0x7a8, ['unsigned long']],
+    'SelectedCpuSets' : [ 0x7b0, ['unsigned long long']],
+    'SelectedCpuSetsIndirect' : [ 0x7b0, ['pointer64', ['unsigned long long']]],
+    'Silo' : [ 0x7b8, ['pointer64', ['_EJOB']]],
+} ],
+  '__unnamed_13c5' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13cb' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13cd' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13cb']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13d6' : [ 0x58, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13d8' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_13d6']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_13c5']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_13cd']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_13d8']],
+} ],
+  '__unnamed_13df' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13e3' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13e7' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13e9' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13ed' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13ef' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_13f1' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13f3' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13f5' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13f7' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13fb' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsDataCopyInformation', 13: 'FileFsMetadataSizeInformation', 14: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13fd' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13ff' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1401' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1403' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1405' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1409' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_140d' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1411' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1415' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_1419' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_141d' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1421' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1423' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1425' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_1429' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_142d' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1431' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_1435' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_1439' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1441' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_1445' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1447' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1449' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_144b' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_13df']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13e3']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13e7']],
+    'Read' : [ 0x0, ['__unnamed_13e9']],
+    'Write' : [ 0x0, ['__unnamed_13e9']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13ed']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13ef']],
+    'QueryFile' : [ 0x0, ['__unnamed_13f1']],
+    'SetFile' : [ 0x0, ['__unnamed_13f3']],
+    'QueryEa' : [ 0x0, ['__unnamed_13f5']],
+    'SetEa' : [ 0x0, ['__unnamed_13f7']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13fb']],
+    'SetVolume' : [ 0x0, ['__unnamed_13fb']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13fd']],
+    'LockControl' : [ 0x0, ['__unnamed_13ff']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1401']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1403']],
+    'SetSecurity' : [ 0x0, ['__unnamed_1405']],
+    'MountVolume' : [ 0x0, ['__unnamed_1409']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_1409']],
+    'Scsi' : [ 0x0, ['__unnamed_140d']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1411']],
+    'SetQuota' : [ 0x0, ['__unnamed_13f7']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1415']],
+    'QueryInterface' : [ 0x0, ['__unnamed_1419']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_141d']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1421']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1423']],
+    'SetLock' : [ 0x0, ['__unnamed_1425']],
+    'QueryId' : [ 0x0, ['__unnamed_1429']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_142d']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1431']],
+    'WaitWake' : [ 0x0, ['__unnamed_1435']],
+    'PowerSequence' : [ 0x0, ['__unnamed_1439']],
+    'Power' : [ 0x0, ['__unnamed_1441']],
+    'StartDevice' : [ 0x0, ['__unnamed_1445']],
+    'WMI' : [ 0x0, ['__unnamed_1447']],
+    'Others' : [ 0x0, ['__unnamed_1449']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_144b']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1461' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_1461']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x28, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x20, ['pointer64', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x528, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
+    'TotalProcesses' : [ 0xd4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
+    'LimitFlags' : [ 0x100, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
+    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
+    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
+    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
+    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
+    'SessionId' : [ 0x1e0, ['unsigned long']],
+    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
+    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
+    'JobTotalMemoryLimit' : [ 0x250, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x258, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x260, ['unsigned long long']],
+    'EffectiveAffinity' : [ 0x268, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x310, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x318, ['unsigned long long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x320, ['unsigned long long']],
+    'EffectiveProcessMemoryLimit' : [ 0x328, ['unsigned long long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x338, ['pointer64', ['_EJOB']]],
+    'EffectiveDiskIoRateLimitJob' : [ 0x340, ['pointer64', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x348, ['pointer64', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x350, ['pointer64', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x358, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x35c, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x360, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x364, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x368, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x36c, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x370, ['unsigned char']],
+    'PriorityClass' : [ 0x371, ['unsigned char']],
+    'NestingDepth' : [ 0x372, ['unsigned char']],
+    'Reserved1' : [ 0x373, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x374, ['unsigned long']],
+    'WakeChannel' : [ 0x378, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x378, ['_PS_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x3b0, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x3b8, ['unsigned long']],
+    'OwnedHighEdgeFilters' : [ 0x3bc, ['unsigned long']],
+    'NotificationLink' : [ 0x3c0, ['pointer64', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x3c8, ['unsigned long long']],
+    'NotificationInfo' : [ 0x3d0, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x3d8, ['pointer64', ['void']]],
+    'NotificationPacket' : [ 0x3e0, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x3e8, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x3f0, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x3f8, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x400, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x408, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x418, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x428, ['pointer64', ['_EJOB']]],
+    'RootJob' : [ 0x430, ['pointer64', ['_EJOB']]],
+    'IteratorListHead' : [ 0x438, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x448, ['unsigned long long']],
+    'Ancestors' : [ 0x450, ['pointer64', ['pointer64', ['_EJOB']]]],
+    'SessionObject' : [ 0x450, ['pointer64', ['void']]],
+    'Accounting' : [ 0x458, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x4a8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x4ac, ['unsigned long']],
+    'SequenceNumber' : [ 0x4b0, ['unsigned long']],
+    'TimerListLock' : [ 0x4b8, ['unsigned long long']],
+    'TimerListHead' : [ 0x4c0, ['_LIST_ENTRY']],
+    'ContainerId' : [ 0x4d0, ['_GUID']],
+    'Container' : [ 0x4e0, ['pointer64', ['_SILO_CONTEXT']]],
+    'PropertySet' : [ 0x4e8, ['_PS_PROPERTY_SET']],
+    'NetRateControl' : [ 0x500, ['pointer64', ['_JOB_NET_RATE_CONTROL']]],
+    'IoRateControl' : [ 0x508, ['pointer64', ['_JOB_IO_RATE_CONTROL']]],
+    'JobFlags' : [ 0x510, ['unsigned long']],
+    'CloseDone' : [ 0x510, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x510, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x510, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x510, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x510, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x510, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x510, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x510, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x510, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x510, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x510, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x510, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x510, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x510, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x510, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x510, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x510, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x510, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x510, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x510, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x510, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x510, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x510, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x510, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'SpareJobFlags' : [ 0x510, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+    'EffectiveHighEdgeFilters' : [ 0x514, ['unsigned long']],
+    'EnergyValues' : [ 0x518, ['pointer64', ['_PROCESS_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x520, ['unsigned long long']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x70, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x60, ['pointer64', ['void']]],
+    'UserContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'Oplock' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '_TlgProvider_t' : [ 0x40, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+    'AnnotationFunc' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_164b' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_164b']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0x10, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x8, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0xc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
+    'WaiterPriority' : [ 0x1b, ['unsigned char']],
+    'SharedWaiters' : [ 0x20, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_1683' : [ 0x8, {
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
+    'WsIndex' : [ 0x0, ['unsigned long long']],
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer64', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_1687' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'ShortFlags' : [ 0x2, ['unsigned short']],
+    'VolatileShortFlags' : [ 0x2, ['unsigned short']],
+} ],
+  '__unnamed_1689' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY']],
+    'e2' : [ 0x0, ['__unnamed_1687']],
+} ],
+  '__unnamed_1695' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'Channel' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 50, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 52, native_type='unsigned long long')]],
+    'FileOnly' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_1683']],
+    'PteAddress' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x8, ['pointer64', ['void']]],
+    'PteLong' : [ 0x8, ['unsigned long long']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'u2' : [ 0x18, ['_MIPFNBLINK']],
+    'u3' : [ 0x20, ['__unnamed_1689']],
+    'NodeBlinkLow' : [ 0x24, ['unsigned short']],
+    'Unused' : [ 0x26, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'VaType' : [ 0x26, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ViewCount' : [ 0x27, ['unsigned char']],
+    'NodeFlinkLow' : [ 0x27, ['unsigned char']],
+    'u4' : [ 0x28, ['__unnamed_1695']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x60, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'MiVaUnused', 1: 'MiVaSessionSpace', 2: 'MiVaProcessSpace', 3: 'MiVaBootLoaded', 4: 'MiVaPfnDatabase', 5: 'MiVaNonPagedPool', 6: 'MiVaPagedPool', 7: 'MiVaSpecialPoolPaged', 8: 'MiVaSystemCache', 9: 'MiVaSystemPtes', 10: 'MiVaHal', 11: 'MiVaSessionGlobalSpace', 12: 'MiVaDriverImages', 13: 'MiVaSpecialPoolNonPaged', 14: 'MiVaMaximumType', 15: 'MiVaSystemPtesLarge'})]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x30, ['unsigned long long']],
+    'GlobalPushLock' : [ 0x30, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'Vm' : [ 0x38, ['pointer64', ['_MMSUPPORT']]],
+    'TotalSystemPtes' : [ 0x40, ['unsigned long long']],
+    'Hint' : [ 0x48, ['unsigned long long']],
+    'CachedPtes' : [ 0x50, ['pointer64', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x58, ['unsigned long long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x50, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer64', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0x18, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x20, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x28, ['unsigned long long']],
+    'NumberOfReferences' : [ 0x30, ['unsigned long long']],
+    'CloneHeader' : [ 0x38, ['pointer64', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x40, ['unsigned long long']],
+    'NestingLevel' : [ 0x48, ['unsigned long long']],
+} ],
+  '__unnamed_16c7' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_16c7']],
+} ],
+  '_MMWSL' : [ 0x350, {
+    'FirstFree' : [ 0x0, ['unsigned long long']],
+    'FirstDynamic' : [ 0x8, ['unsigned long long']],
+    'LastEntry' : [ 0x10, ['unsigned long long']],
+    'NextSlot' : [ 0x18, ['unsigned long long']],
+    'LastInitializedWsle' : [ 0x20, ['unsigned long long']],
+    'NextAgingSlot' : [ 0x28, ['unsigned long long']],
+    'NextAccessClearingSlot' : [ 0x30, ['unsigned long long']],
+    'LastAccessClearingRemainder' : [ 0x38, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x3c, ['unsigned long']],
+    'WsleSize' : [ 0x40, ['unsigned long']],
+    'NonDirectCount' : [ 0x48, ['unsigned long long']],
+    'LowestPagableAddress' : [ 0x50, ['pointer64', ['void']]],
+    'NonDirectHash' : [ 0x58, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x60, ['pointer64', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x68, ['pointer64', ['_MMWSLE_HASH']]],
+    'ActiveWsleCounts' : [ 0x70, ['array', 16, ['unsigned long long']]],
+    'ActiveWsles' : [ 0xf0, ['array', 16, ['_MI_ACTIVE_WSLE_LISTHEAD']]],
+    'Wsle' : [ 0x1f0, ['pointer64', ['_MMWSLE']]],
+    'UserVaInfo' : [ 0x1f8, ['_MI_USER_VA_INFO']],
+} ],
+  '_MMSUPPORT' : [ 0xf8, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'ExitOutswapGate' : [ 0x8, ['pointer64', ['_KGATE']]],
+    'AccessLog' : [ 0x10, ['pointer64', ['void']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 7, ['unsigned long long']]],
+    'MinimumWorkingSetSize' : [ 0x60, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x68, ['unsigned long long']],
+    'WorkingSetLeafPrivateSize' : [ 0x70, ['unsigned long long']],
+    'WorkingSetSize' : [ 0x78, ['unsigned long long']],
+    'WorkingSetPrivateSize' : [ 0x80, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0x88, ['unsigned long long']],
+    'ChargedWslePages' : [ 0x90, ['unsigned long long']],
+    'ActualWslePages' : [ 0x98, ['unsigned long long']],
+    'WorkingSetSizeOverhead' : [ 0xa0, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0xa8, ['unsigned long long']],
+    'HardFaultCount' : [ 0xb0, ['unsigned long']],
+    'PartitionId' : [ 0xb4, ['unsigned short']],
+    'Pad0' : [ 0xb6, ['unsigned short']],
+    'VmWorkingSetList' : [ 0xb8, ['pointer64', ['_MMWSL']]],
+    'NextPageColor' : [ 0xc0, ['unsigned short']],
+    'LastTrimStamp' : [ 0xc2, ['unsigned short']],
+    'PageFaultCount' : [ 0xc4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0xc8, ['unsigned long long']],
+    'Reserved0' : [ 0xd0, ['unsigned long long']],
+    'Flags' : [ 0xd8, ['_MMSUPPORT_FLAGS']],
+    'ReleasedCommitDebt' : [ 0xe0, ['unsigned long long']],
+    'WsSwapSupport' : [ 0xe8, ['pointer64', ['void']]],
+    'CommitReAcquireFailSupport' : [ 0xf0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_16e3' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+} ],
+  '__unnamed_16e7' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x48, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_16e3']],
+    'u2' : [ 0x38, ['__unnamed_16e7']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_16ec' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_16ef' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS2']],
+} ],
+  '__unnamed_16f9' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 25, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_16fb' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_16f9']],
+} ],
+  '_CONTROL_AREA' : [ 0x78, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_16ec']],
+    'u1' : [ 0x3c, ['__unnamed_16ef']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_16fb']],
+    'LockedPages' : [ 0x68, ['unsigned long long']],
+    'FileObjectLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1709' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_170c' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
+    'StartingVpn' : [ 0x18, ['unsigned long']],
+    'EndingVpn' : [ 0x1c, ['unsigned long']],
+    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
+    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
+    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
+    'SpareNT64VadUChar' : [ 0x23, ['unsigned char']],
+    'ReferenceCount' : [ 0x24, ['long']],
+    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x30, ['__unnamed_1709']],
+    'u1' : [ 0x34, ['__unnamed_170c']],
+    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MI_PARTITION' : [ 0x2740, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0x158, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x430, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x4c0, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x640, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0x1380, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0x1400, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0x1468, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x15f0, ['pointer64', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x15f8, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0x1640, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPAGING_FILE' : [ 0x120, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
+    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x40, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x50, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x60, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x70, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x78, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x7c, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x80, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x84, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x88, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x8c, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x90, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0xa0, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0xb0, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0xc0, ['pointer64', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0xc8, ['unsigned long']],
+    'HybridPriority' : [ 0xc8, ['unsigned long']],
+    'PageFileNumber' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0xce, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0xce, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0xcf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0xcf, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0xd0, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0xd4, ['unsigned long']],
+    'PageHash' : [ 0xd8, ['pointer64', ['unsigned long']]],
+    'FileHandle' : [ 0xe0, ['pointer64', ['void']]],
+    'Lock' : [ 0xe8, ['unsigned long long']],
+    'LockOwner' : [ 0xf0, ['pointer64', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0xf8, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x100, ['pointer64', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x108, ['_RTL_BALANCED_NODE']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x68, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CMP_SILO_CONTEXT' : [ 0x20, {
+    'LockEntryHead' : [ 0x0, ['_LIST_ENTRY']],
+    'LockListUnderCleanup' : [ 0x10, ['unsigned char']],
+    'ContextLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1756' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapForLoaderHive', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpMapHiveImage', 8: '_HvpRecoverData', 9: '_CmpValidateHiveSecurityDescriptors', 10: '_HvpEnlistBinInMap', 11: '_CmCheckRegistry', 12: '_CmRegistryIO', 13: '_CmCheckRegistry2', 14: '_CmpCheckKey', 15: '_CmpCheckValueList', 16: '_HvCheckHive', 17: '_HvCheckBin', 18: '_HvpGetLogEntryDirtyVector', 19: '_HvpReadLogEntryHeader', 20: '_HvpReadLogEntry', 21: '_CmpMountPreloadedHives', 22: '_CmpLoadHiveThread'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1759' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_175b' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_175f' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1761' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_1765' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_1769' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_176b' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'RecoverableIndex' : [ 0xc, ['unsigned long']],
+    'Locations' : [ 0x10, ['array', 8, ['__unnamed_1756']]],
+    'RecoverableLocations' : [ 0x70, ['array', 8, ['__unnamed_1756']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_1759']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_175b']],
+    'CheckKey' : [ 0xf0, ['__unnamed_175f']],
+    'CheckValueList' : [ 0x110, ['__unnamed_1761']],
+    'CheckHive' : [ 0x128, ['__unnamed_1765']],
+    'CheckHive1' : [ 0x138, ['__unnamed_1765']],
+    'CheckBin' : [ 0x148, ['__unnamed_1769']],
+    'RecoverData' : [ 0x158, ['__unnamed_176b']],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0xc, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 38, ['unsigned long']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 38, ['unsigned long long']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x260, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ReadySummary' : [ 0x8, ['unsigned long']],
+    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
+    'Span' : [ 0x250, ['unsigned char']],
+    'LowProcIndex' : [ 0x251, ['unsigned char']],
+    'QueueIndex' : [ 0x252, ['unsigned char']],
+    'ProcCount' : [ 0x253, ['unsigned char']],
+    'ScanOwner' : [ 0x254, ['unsigned char']],
+    'Spare' : [ 0x255, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x258, ['unsigned long long']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'Spare1' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
+    'OutputLength' : [ 0xe0, ['unsigned long long']],
+    'Spare2' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'TimeStampCKCL' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'TimeStampKlog' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'Fill4' : [ 0x18c, ['unsigned long']],
+} ],
+  '__unnamed_1866' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1868' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_186c' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['unsigned short']]],
+} ],
+  '_DEVICE_NODE' : [ 0x2c8, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x58, ['long']],
+    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
+    'FxActivationCount' : [ 0x78, ['long']],
+    'FxSleepCount' : [ 0x7c, ['long']],
+    'Plugin' : [ 0x80, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x88, ['unsigned long']],
+    'CurrentPowerState' : [ 0x8c, ['_POWER_STATE']],
+    'Notify' : [ 0x90, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xf8, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0x118, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0x128, ['unsigned long']],
+    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x134, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
+    'CompletionStatus' : [ 0x188, ['long']],
+    'Flags' : [ 0x18c, ['unsigned long']],
+    'UserFlags' : [ 0x190, ['unsigned long']],
+    'Problem' : [ 0x194, ['unsigned long']],
+    'ProblemStatus' : [ 0x198, ['long']],
+    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x1c4, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
+    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
+    'OverUsed1' : [ 0x210, ['__unnamed_1866']],
+    'OverUsed2' : [ 0x218, ['__unnamed_1868']],
+    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x230, ['unsigned long']],
+    'DockInfo' : [ 0x238, ['__unnamed_186c']],
+    'DisableableDepends' : [ 0x258, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
+    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x290, ['long']],
+    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
+    'ContainerID' : [ 0x298, ['_GUID']],
+    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x2c0, ['unsigned long']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
+    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x68, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
+    'InterruptContext' : [ 0x58, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KAFFINITY_EX' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1969' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1969']],
+} ],
+  '__unnamed_1970' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1970']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x18, ['pointer64', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PullDefault', 1: 'PullUp', 2: 'PullDown', 3: 'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'IoRestrictionNone', 1: 'IoRestrictionInputOnly', 2: 'IoRestrictionOutputOnly', 3: 'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x20, ['pointer64', ['unsigned short']]],
+    'PinCount' : [ 0x28, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x2a, ['unsigned char']],
+    'ResourceSourceName' : [ 0x30, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x40, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x30, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'SlaveAddress' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x28, ['unsigned long']],
+    'RxBufferSize' : [ 0x2c, ['unsigned short']],
+    'TxBufferSize' : [ 0x2e, ['unsigned short']],
+    'Parity' : [ 0x30, ['unsigned char']],
+    'LinesInUse' : [ 0x31, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'DataBitLength' : [ 0x2c, ['unsigned char']],
+    'Phase' : [ 0x2d, ['unsigned char']],
+    'Polarity' : [ 0x2e, ['unsigned char']],
+    'DeviceSelection' : [ 0x30, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x1c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x18, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x20, ['pointer64', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x28, ['pointer64', ['void']]],
+    'Accounting' : [ 0x30, ['pointer64', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0xb30, {
+    'Name' : [ 0x0, ['pointer64', ['unsigned short']]],
+    'Id' : [ 0x8, ['unsigned char']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Priority' : [ 0x20, ['unsigned char']],
+    'Settings' : [ 0x28, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0xb08, ['unsigned long long']],
+    'Count' : [ 0xb10, ['unsigned long long']],
+    'MaxDuration' : [ 0xb18, ['unsigned long long']],
+    'MinDuration' : [ 0xb20, ['unsigned long long']],
+    'TotalDuration' : [ 0xb28, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0x570, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfBoostPolicy' : [ 0x2c, ['unsigned long']],
+    'PerfBoostMode' : [ 0x30, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x34, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x38, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x3c, ['unsigned long']],
+    'AutonomousPreference' : [ 0x40, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x41, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x43, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x45, ['unsigned char']],
+    'ParkingPerfState' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x48, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x49, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x4a, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x4b, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x4c, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x4d, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x4e, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x50, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x54, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x58, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x5a, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x5c, ['unsigned char']],
+    'IdleDisabled' : [ 0x5d, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x60, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x64, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x65, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x66, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x67, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x68, ['array', 640, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x2e8, ['array', 640, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0x568, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0x569, ['unsigned char']],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0xd0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x20, ['unsigned long long']],
+    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0xc0, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x210, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
+    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
+    'Event' : [ 0x158, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
+    'WritesInProgress' : [ 0x204, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x208, ['unsigned long']],
+} ],
+  '__unnamed_1a53' : [ 0x10, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_1a53']],
+    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '__unnamed_1a77' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_1a79' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1a7b' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_1a7d' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1a7f' : [ 0x30, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_1a83' : [ 0x58, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'PrefetchList' : [ 0x20, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x28, ['unsigned long']],
+    'Mdl' : [ 0x30, ['pointer64', ['_MDL']]],
+    'IoStatusBlock' : [ 0x38, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x40, ['pointer64', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x48, ['pointer64', ['_EPROCESS']]],
+    'RequestorMode' : [ 0x50, ['unsigned char']],
+    'NestingLevel' : [ 0x54, ['unsigned long']],
+} ],
+  '__unnamed_1a85' : [ 0x58, {
+    'Read' : [ 0x0, ['__unnamed_1a77']],
+    'Write' : [ 0x0, ['__unnamed_1a79']],
+    'Event' : [ 0x0, ['__unnamed_1a7b']],
+    'Notification' : [ 0x0, ['__unnamed_1a7d']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1a7f']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1a83']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x70, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_1a85']],
+    'Function' : [ 0x68, ['unsigned char']],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
+    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x90, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x298, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x90, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
+    'Signature' : [ 0x98, ['unsigned long']],
+    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
+    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
+    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x100, ['unsigned long long']],
+    'AlignMask' : [ 0x108, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
+    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
+    'FrontEndHeap' : [ 0x170, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x178, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x17a, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0x17b, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0x180, ['pointer64', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0x188, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0x18a, ['array', 129, ['unsigned char']]],
+    'Counters' : [ 0x210, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x288, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1af3' : [ 0x68, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x68, {
+    'Lock' : [ 0x0, ['__unnamed_1af3']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1b46' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1b48' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b46']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1b4a' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1b4c' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1b4a']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_1b48']],
+    'u2' : [ 0x4, ['__unnamed_1b4c']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x30, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_1b67' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1b69' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1b67']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x30, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_1b69']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1b7b' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b7d' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b7b']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_1b7d']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1b86' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b88' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b86']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_1b88']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1b8e' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b90' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b8e']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_1b90']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1bae' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bb0' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bae']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1d8, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0xd0, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0xe8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xf8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xf8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0x100, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0x148, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x150, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0x168, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0x170, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x178, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x180, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x190, ['long']],
+    'ReferenceNo' : [ 0x194, ['long']],
+    'ReferenceNoWait' : [ 0x198, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0x1a0, ['__unnamed_1bb0']],
+    'TargetQueuePort' : [ 0x1a8, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x1b0, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x1b8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x1c0, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x1c4, ['unsigned long']],
+    'PendingQueueLength' : [ 0x1c8, ['unsigned long']],
+    'DirectQueueLength' : [ 0x1cc, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x1d0, ['unsigned long']],
+    'WaitQueueLength' : [ 0x1d4, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x28, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x48, ['unsigned long long']],
+    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x58, ['pointer64', ['void']]],
+    'ListSize' : [ 0x60, ['unsigned long long']],
+    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x70, ['unsigned long long']],
+    'Data' : [ 0x78, ['pointer64', ['void']]],
+    'DataSize' : [ 0x80, ['unsigned long long']],
+    'BitmapLimit' : [ 0x88, ['unsigned long']],
+    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
+    'AttributeFlags' : [ 0x94, ['unsigned long']],
+    'AttributeSize' : [ 0x98, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0xd8, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xc0, ['unsigned long']],
+    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x18, ['long']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1b48']],
+    'u2' : [ 0x4, ['__unnamed_1b4c']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1bd6' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bd8' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bd6']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x108, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'u1' : [ 0x28, ['__unnamed_1bd8']],
+    'SequenceNo' : [ 0x2c, ['long']],
+    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
+    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x48, ['long']],
+    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xa8, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xb0, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xb8, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xc0, ['pointer64', ['_ETHREAD']]],
+    'WakeReference' : [ 0xc8, ['pointer64', ['void']]],
+    'ExtensionBuffer' : [ 0xd0, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0xd8, ['unsigned long long']],
+    'PortMessage' : [ 0xe0, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x40, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x28, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'TotalLength' : [ 0x34, ['unsigned short']],
+    'Type' : [ 0x36, ['unsigned short']],
+    'DataInfoOffset' : [ 0x38, ['unsigned short']],
+    'SignalCompletion' : [ 0x3a, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x3b, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x30, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ObjectType' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x40, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x38, ['_KALPC_DIRECT_EVENT']],
+} ],
+  '__unnamed_1c1c' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c1e' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c1c']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_1c1e']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x8, {
+    'Event' : [ 0x0, ['unsigned long long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x30, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
+    'ActivityId' : [ 0x10, ['_GUID']],
+    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x20, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x20, ['pointer64', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x28, ['long long']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x50, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xc0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x78, ['pointer64', ['void']]],
+    'Override' : [ 0x80, ['unsigned char']],
+    'QueryOnly' : [ 0x81, ['unsigned char']],
+    'DeleteOnly' : [ 0x82, ['unsigned char']],
+    'FullAttributes' : [ 0x83, ['unsigned char']],
+    'LocalFileObject' : [ 0x88, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x90, ['unsigned long']],
+    'AccessMode' : [ 0x94, ['unsigned char']],
+    'DriverCreateContext' : [ 0x98, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1ce5' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1ce5']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer64', ['unsigned short']]],
+    'LogFileName' : [ 0x40, ['pointer64', ['unsigned short']]],
+    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x110, ['unsigned long']],
+    'BuffersLost' : [ 0x114, ['unsigned long']],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x390, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'ErrorMarker' : [ 0x1c, ['unsigned long']],
+    'SizeMask' : [ 0x20, ['unsigned long']],
+    'GetCpuClock' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'FailureReason' : [ 0x3c, ['unsigned long']],
+    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x58, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x70, ['_LIST_ENTRY']],
+    'ProviderBinaryList' : [ 0x80, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x90, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x90, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x98, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0xa8, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0xb8, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xc8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xd8, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'FlushThreshold' : [ 0xe4, ['unsigned long']],
+    'ByteOffset' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xf0, ['unsigned long']],
+    'BuffersAvailable' : [ 0xf4, ['long']],
+    'NumberOfBuffers' : [ 0xf8, ['long']],
+    'MaximumBuffers' : [ 0xfc, ['unsigned long']],
+    'EventsLost' : [ 0x100, ['unsigned long']],
+    'PeakBuffersCount' : [ 0x104, ['long']],
+    'BuffersWritten' : [ 0x108, ['unsigned long']],
+    'LogBuffersLost' : [ 0x10c, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0x110, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0x114, ['unsigned long']],
+    'SequencePtr' : [ 0x118, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x120, ['unsigned long']],
+    'InstanceGuid' : [ 0x124, ['_GUID']],
+    'MaximumFileSize' : [ 0x134, ['unsigned long']],
+    'FileCounter' : [ 0x138, ['long']],
+    'PoolType' : [ 0x13c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x140, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0x150, ['long']],
+    'ProviderInfoSize' : [ 0x154, ['unsigned long']],
+    'Consumers' : [ 0x158, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x168, ['unsigned long']],
+    'TransitionConsumer' : [ 0x170, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x178, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x180, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x190, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x198, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x1a0, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x1a8, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x1b0, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1b8, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1c0, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1d0, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1d8, ['_KEVENT']],
+    'FlushEvent' : [ 0x1f0, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x208, ['_KTIMER']],
+    'LoggerDpc' : [ 0x248, ['_KDPC']],
+    'LoggerMutex' : [ 0x288, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2c8, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2c8, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2d0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x318, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x320, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x328, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x330, ['pointer64', ['void']]],
+    'BufferSequenceNumber' : [ 0x338, ['long long']],
+    'Flags' : [ 0x340, ['unsigned long']],
+    'Persistent' : [ 0x340, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x340, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x340, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x340, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x340, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x340, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x340, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x340, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x340, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x340, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x340, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x340, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x340, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x340, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x340, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'SpareFlags1' : [ 0x340, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x340, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x340, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x340, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x344, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x344, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x344, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x344, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x344, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x344, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x344, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x344, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x344, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x344, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x348, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x358, ['pointer64', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x360, ['pointer64', ['_ETW_PMC_SUPPORT']]],
+    'WinRtProviderBinaryList' : [ 0x368, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x378, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x380, ['_DISALLOWED_GUIDS']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x28, {
+    'Source' : [ 0x0, ['array', -16, ['Enumeration', dict(target = 'long', choices = {0: 'ProfileTime', 1: 'ProfileAlignmentFixup', 2: 'ProfileTotalIssues', 3: 'ProfilePipelineDry', 4: 'ProfileLoadInstructions', 5: 'ProfilePipelineFrozen', 6: 'ProfileBranchInstructions', 7: 'ProfileTotalNonissues', 8: 'ProfileDcacheMisses', 9: 'ProfileIcacheMisses', 10: 'ProfileCacheMisses', 11: 'ProfileBranchMispredictions', 12: 'ProfileStoreInstructions', 13: 'ProfileFpInstructions', 14: 'ProfileIntegerInstructions', 15: 'Profile2Issue', 16: 'Profile3Issue', 17: 'Profile4Issue', 18: 'ProfileSpecialInstructions', 19: 'ProfileTotalCycles', 20: 'ProfileIcacheIssues', 21: 'ProfileDcacheAccesses', 22: 'ProfileMemoryBarrierCycles', 23: 'ProfileLoadLinkedIssues', 24: 'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x10, ['unsigned long']],
+    'HookId' : [ 0x14, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x1c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x20, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0x13a8, {
+    'EtwpSecurityProviderGuidEntry' : [ 0x0, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x190, ['array', 64, ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'WmipLoggerContext' : [ 0x390, ['array', 64, ['pointer64', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x590, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0x1390, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0x13a0, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0x13a1, ['unsigned char']],
+    'EtwpSecurityProviderPID' : [ 0x13a4, ['unsigned long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x18, {
+    'RunRefs' : [ 0x0, ['pointer64', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x8, ['pointer64', ['void']]],
+    'RunRefSize' : [ 0x10, ['unsigned long']],
+    'Number' : [ 0x14, ['unsigned long']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x480, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc8, ['unsigned long']],
+    'TokenInUse' : [ 0xcc, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
+    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
+    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x310, ['pointer64', ['void']]],
+    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x320, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_LOWBOX_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
+    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
+    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x470, ['pointer64', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'VariablePart' : [ 0x478, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0xb0, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x30, ['pointer64', ['void']]],
+    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
+    'LowBoxHandlesTable' : [ 0x58, ['_SEP_LOWBOX_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x80, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0xa0, ['pointer64', ['_EJOB']]],
+    'SiblingAuthId' : [ 0xa8, ['_LUID']],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare' : [ 0x1c, ['unsigned long']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved' : [ 0x1a, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
+    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_REVOCATION_INFO' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x10, ['pointer64', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'Padding1' : [ 0x18, ['array', 4, ['unsigned char']]],
+    'Padding2' : [ 0x1c, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0x18, ['unsigned long']],
+    'HashIndex' : [ 0x1c, ['unsigned short']],
+    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
+    'LockedExclusive' : [ 0x1f, ['unsigned char']],
+    'LockStateSignature' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x158, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x138, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'SessionId' : [ 0x140, ['unsigned long']],
+    'NamespaceEntry' : [ 0x148, ['pointer64', ['void']]],
+    'Flags' : [ 0x150, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x2e0, {
+    'SystemDeviceMap' : [ 0x0, ['pointer64', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x8, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x80, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_DEVICE_MAP' : [ 0x40, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0x18, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x428, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x10, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
+    'ErrorCount' : [ 0x18, ['long']],
+    'RecordCount' : [ 0x1c, ['unsigned long']],
+    'RecordLength' : [ 0x20, ['unsigned long']],
+    'PoolTag' : [ 0x24, ['unsigned long']],
+    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x38, ['pointer64', ['void']]],
+    'SectionCount' : [ 0x40, ['unsigned long']],
+    'SectionLength' : [ 0x44, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
+    'TotalErrors' : [ 0x54, ['unsigned long']],
+    'Deferred' : [ 0x58, ['unsigned char']],
+    'Descriptor' : [ 0x59, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x10, ['unsigned long']],
+    'ProcessorNumber' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x1c, ['long']],
+    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'ConnectLock' : [ 0x8, ['_KEVENT']],
+    'LineMasked' : [ 0x20, ['unsigned char']],
+    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long long']],
+    'WorkQueue' : [ 0x20, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
+    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
+    'AcceptAcpiNotification' : [ 0x70, ['pointer64', ['void']]],
+    'WorkOrderCount' : [ 0x78, ['unsigned long']],
+    'WorkOrders' : [ 0x80, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x180, {
+    'DeleteSubsectionCleanup' : [ 0x0, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x18, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x30, ['unsigned long long']],
+    'DereferenceSegmentHeader' : [ 0x38, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x68, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x78, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0xb8, ['unsigned char']],
+    'DeleteOnCloseCount' : [ 0xbc, ['unsigned long']],
+    'UnusedSegmentList' : [ 0xc0, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0xd0, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0xe0, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0xf0, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'SegmentListLock' : [ 0x140, ['long']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x150, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x108, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x20, ['unsigned short']],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Reserved1' : [ 0x2, ['unsigned char']],
+    'Timer2Reserved2' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x190, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long long']],
+    'Guid' : [ 0x18, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['pointer64', ['_ETW_FILTER_HEADER']]],
+    'HostSilo' : [ 0x178, ['unsigned char']],
+    'Lock' : [ 0x180, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x188, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_HEAP_COUNTERS' : [ 0x78, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x50, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
+    'LastPolledSize' : [ 0x70, ['unsigned long long']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0x1100, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x8, ['unsigned long long']],
+    'NumberOfPhysicalPages' : [ 0x10, ['unsigned long long']],
+    'NumberOfPagingFiles' : [ 0x18, ['unsigned long']],
+    'PagingFile' : [ 0x20, ['array', 16, ['pointer64', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0xc0, ['unsigned long long']],
+    'ResidentAvailablePages' : [ 0x100, ['unsigned long long']],
+    'TotalCommittedPages' : [ 0x108, ['unsigned long long']],
+    'ModifiedPageListHead' : [ 0x140, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x180, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x1a8, ['unsigned long long']],
+    'TotalPagesForPagingFile' : [ 0x1b0, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x1b8, ['unsigned long long']],
+    'ProcessLockedFilePages' : [ 0x1c0, ['unsigned long long']],
+    'ChargeCommitmentFailures' : [ 0x1c8, ['array', 4, ['unsigned long']]],
+    'PageTableBitmapPages' : [ 0x1d8, ['unsigned long long']],
+    'PageFileTraceIndex' : [ 0x1e0, ['long']],
+    'PageFileTraces' : [ 0x1e8, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x20, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x118, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x100, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x108, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x110, ['unsigned long long']],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_MI_ACTIVE_WSLE_LISTHEAD' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x68, ['unsigned char']],
+    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'QueryRemoveDevice', 1: 'CancelRemoveDevice', 2: 'RemoveDevice', 3: 'SurpriseRemoveDevice', 4: 'EjectDevice', 5: 'RemoveFailedDevice', 6: 'RemoveUnstartedFailedDevice', 7: 'MaxDeviceDeleteType'})]],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0x180, {
+    'Latency' : [ 0x0, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x4, ['unsigned long']],
+    'VetoAccounting' : [ 0x8, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x30, ['unsigned char']],
+    'Platform' : [ 0x31, ['unsigned char']],
+    'DependencyListCount' : [ 0x34, ['unsigned long']],
+    'Processors' : [ 0x38, ['_KAFFINITY_EX']],
+    'Name' : [ 0xe0, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0xf0, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0xf8, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x100, ['unsigned long long']],
+    'RefCount' : [ 0x140, ['long']],
+    'CacheAlign0' : [ 0x140, ['array', 64, ['unsigned char']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x48, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x58, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'AppContainerNumber' : [ 0x30, ['unsigned long']],
+    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
+    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
+    'SecurityAttributes' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x10, {
+    'Key' : [ 0x0, ['pointer64', ['void']]],
+    'Index' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x20, ['long']],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'FloppyMedia' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['unsigned long long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Pattern' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x50, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 1, ['_GUID']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x30, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x18, ['_KEVENT']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x38, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_CM_KEY_BODY' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KtmTrans' : [ 0x38, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x10, ['unsigned char']],
+    'BlockState' : [ 0x11, ['unsigned char']],
+    'WaitKey' : [ 0x12, ['unsigned short']],
+    'SpareLong' : [ 0x14, ['long']],
+    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
+    'Object' : [ 0x20, ['pointer64', ['void']]],
+    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+} ],
+  '__unnamed_1ed8' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_1eda' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_1ed8']],
+    'Private' : [ 0x0, ['__unnamed_1eda']],
+} ],
+  '_KTIMER2' : [ 0x88, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x18, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x58, ['long long']],
+    'Callback' : [ 0x60, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x68, ['pointer64', ['void']]],
+    'DisableCallback' : [ 0x70, ['pointer64', ['void']]],
+    'DisableContext' : [ 0x78, ['pointer64', ['void']]],
+    'AbsoluteSystemTime' : [ 0x80, ['unsigned char']],
+    'TypeFlags' : [ 0x81, ['unsigned char']],
+    'Unused' : [ 0x81, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x81, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x81, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x81, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x81, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x82, ['array', 2, ['unsigned char']]],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SubsectionMappedDirect' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'Abandoned' : [ 0x30, ['unsigned char']],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x18, {
+    'DynamicRelocations' : [ 0x0, ['pointer64', ['void']]],
+    'SecurityContext' : [ 0x8, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x10, ['unsigned long long']],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 28, native_type='unsigned long long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x418, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'ForceIdle' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ReasonFlags' : [ 0x24, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x28, ['unsigned long long']],
+    'PreviousStatus' : [ 0x30, ['long']],
+    'PreviousCancelReason' : [ 0x34, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x38, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0xe0, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x188, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x190, ['pointer64', ['void']]],
+    'IdleExecute' : [ 0x198, ['pointer64', ['void']]],
+    'IdlePreselect' : [ 0x1a0, ['pointer64', ['void']]],
+    'IdleTest' : [ 0x1a8, ['pointer64', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x1b0, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x1b8, ['pointer64', ['void']]],
+    'IdleCancel' : [ 0x1c0, ['pointer64', ['void']]],
+    'IdleIsHalted' : [ 0x1c8, ['pointer64', ['void']]],
+    'IdleInitiateWake' : [ 0x1d0, ['pointer64', ['void']]],
+    'PrepareInfo' : [ 0x1d8, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0x230, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0x2d8, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0x2e0, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0x2e8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0x2f8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0x308, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x320, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x28, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0x18, ['unsigned char']],
+    'BlocksDrips' : [ 0x19, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x1c, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x20, ['pointer64', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_PEB' : [ 0x7a0, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['void']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'SparePvoid0' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pUnused' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['pointer64', ['void']]]],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x98, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned short']],
+    'Flags' : [ 0x5a, ['unsigned char']],
+    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x8, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x8, ['unsigned long long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'RunningDeAllocs' : [ 0x44, ['long']],
+    'TotalBigPages' : [ 0x48, ['long']],
+    'ThreadsProcessingDeferrals' : [ 0x4c, ['long']],
+    'TotalBytes' : [ 0x50, ['unsigned long long']],
+    'PoolIndex' : [ 0x80, ['unsigned long']],
+    'TotalPages' : [ 0xc0, ['long']],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'PendingFreeDepth' : [ 0x108, ['long']],
+    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x50, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
+    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x88, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x10, ['unsigned long long']],
+    'ItemCount' : [ 0x18, ['long']],
+    'Dpc' : [ 0x20, ['_KDPC']],
+    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0x100, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
+    'ActiveCount' : [ 0x66, ['unsigned short']],
+    'InternalState' : [ 0x68, ['long']],
+    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x74, ['unsigned long']],
+    'DispatchCount' : [ 0x78, ['unsigned long']],
+    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x90, ['pointer64', ['void']]],
+    'ServiceThread' : [ 0x98, ['pointer64', ['_KTHREAD']]],
+    'ConnectionData' : [ 0xa0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0xa8, ['pointer64', ['void']]],
+    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xf0, ['pointer64', ['void']]],
+    'Padding' : [ 0xf8, ['array', 8, ['unsigned char']]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x98, {
+    'FileName' : [ 0x0, ['pointer64', ['unsigned short']]],
+    'BaseName' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+    'FilePath' : [ 0x88, ['_UNICODE_STRING']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1fa4' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: 'WheaErrSrcStateStopped', 2: 'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_1fa4']],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x2d0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Node' : [ 0x2b0, ['pointer64', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x2b8, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x2bc, ['unsigned long']],
+    'ThreadCount' : [ 0x2c0, ['long']],
+    'MinThreads' : [ 0x2c4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x2c4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x2c8, ['long']],
+    'QueueIndex' : [ 0x2cc, ['Enumeration', dict(target = 'long', choices = {0: 'ExPoolUntrusted', 1: 'ExPoolTrusted', 8: 'ExPoolMax'})]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ZeroNonCachedByConverting' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ZeroWriteCombinedByConverting' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'Width8Bits', 1: 'Width16Bits', 2: 'Width32Bits', 3: 'Width64Bits', 4: 'WidthNoWrap', 5: 'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'Compatible', 1: 'TypeA', 2: 'TypeB', 3: 'TypeC', 4: 'TypeF', 5: 'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_IO_WORKITEM' : [ 0x58, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'WorkingOnBehalfClient' : [ 0x38, ['pointer64', ['void']]],
+    'Type' : [ 0x40, ['unsigned long']],
+    'ActivityId' : [ 0x44, ['_GUID']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MMWSLE_HASH' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long long']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x88, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x40, ['_KDPC']],
+    'WorkOrder' : [ 0x80, ['pointer64', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'SecureInfo' : [ 0x10, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP_EX']],
+    'InPageSupport' : [ 0x10, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x10, ['pointer64', ['_MI_LARGEPAGE_MEMORY_INFO']]],
+    'CreatingThread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'PebTeb' : [ 0x10, ['_MI_SUB64K_FREE_RANGES']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Luid' : [ 0x20, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x28, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x30, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x18, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MIPFNBLINK' : [ 0x8, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 62, native_type='unsigned long long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+    'Lock' : [ 0x0, ['long long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x18, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long long']],
+    'NumberOfProcessReferences' : [ 0x8, ['unsigned long long']],
+    'ClonePtes' : [ 0x10, ['pointer64', ['_MMCLONE_BLOCK']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xb8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'ArgumentStatus' : [ 0x14, ['long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'Lock' : [ 0x44, ['unsigned long']],
+    'Cancel' : [ 0x48, ['unsigned char']],
+    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x58, ['_GUID']],
+    'Data' : [ 0x68, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PS_WAKE_INFORMATION' : [ 0x38, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 5, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x30, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x48, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x8, {
+    'Head' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_RTL_BITMAP_EX' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0xd40, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer64', ['_MMPFNLIST']]]],
+    'FreePageSlist' : [ 0x10, ['array', 2, ['pointer64', ['_SLIST_HEADER']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x280, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x500, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x780, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x7c0, ['_MMPFNLIST']],
+    'PageLocationList' : [ 0x7e8, ['array', 8, ['pointer64', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x828, ['array', 8, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x848, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x9c8, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x9e8, ['unsigned long']],
+    'LastDecayHandUpdateTime' : [ 0x9f0, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x9f8, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0xa40, ['unsigned long long']],
+    'AvailablePageWaitStates' : [ 0xa48, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'LowMemoryThreshold' : [ 0xaa8, ['unsigned long long']],
+    'HighMemoryThreshold' : [ 0xab0, ['unsigned long long']],
+    'TransitionPrivatePages' : [ 0xac0, ['unsigned long long']],
+    'StandbyListDiscard' : [ 0xac8, ['unsigned long']],
+    'FreeListDiscard' : [ 0xacc, ['unsigned char']],
+    'RebuildLargePagesInitialized' : [ 0xacd, ['unsigned char']],
+    'RebuildLargePagesItem' : [ 0xad0, ['_MI_REBUILD_LARGE_PAGES']],
+    'AddMemoryNotifyList' : [ 0xcf8, ['_LIST_ENTRY']],
+    'MirrorListLocks' : [ 0xd08, ['pointer64', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x128, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Delete' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'DelayedDeref' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DelayedClose' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Parking' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyHash' : [ 0x10, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x10, ['unsigned long']],
+    'NextHash' : [ 0x18, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x20, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x28, ['unsigned long']],
+    'KcbPushlock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x38, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x38, ['long']],
+    'SlotHint' : [ 0x40, ['unsigned long']],
+    'ParentKcb' : [ 0x48, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x50, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x60, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x70, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x70, ['unsigned long']],
+    'SubKeyCount' : [ 0x70, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x78, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x88, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xb0, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xb2, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xb4, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb8, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_KLOCK_ENTRY' : [ 0x60, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0x18, ['unsigned long']],
+    'EntryOffset' : [ 0x18, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0x19, ['unsigned char']],
+    'WaitingBit' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0x1a, ['unsigned char']],
+    'AcquiredBit' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0x1b, ['unsigned char']],
+    'HeadNodeBit' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'SpareFlags' : [ 0x1c, ['unsigned long']],
+    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
+    'InTreeByte' : [ 0x27, ['unsigned char']],
+    'SessionState' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+    'SessionPad' : [ 0x2c, ['unsigned long']],
+    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
+    'EntryLock' : [ 0x50, ['unsigned long long']],
+    'AllBoosts' : [ 0x58, ['unsigned short']],
+    'IoBoost' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'CpuBoostsBitmap' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x5a, ['unsigned short']],
+    'SparePad' : [ 0x5c, ['unsigned short']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 24, native_type='unsigned long long')]],
+    'LocalPartition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2080' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x108, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_2080']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
+    'ByteCount' : [ 0x88, ['unsigned long']],
+    'ChargedPages' : [ 0x8c, ['unsigned long']],
+    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'Partition' : [ 0xc0, ['pointer64', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xd0, ['_MDL']],
+    'Page' : [ 0x100, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long long']],
+    'TotalCommitLimitMaximum' : [ 0x8, ['unsigned long long']],
+    'Popups' : [ 0x10, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x18, ['unsigned long long']],
+    'HighCommitThreshold' : [ 0x20, ['unsigned long long']],
+    'EventLock' : [ 0x28, ['unsigned long long']],
+    'SystemCommitReserve' : [ 0x30, ['unsigned long long']],
+    'OverCommit' : [ 0x40, ['unsigned long long']],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x28, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['unsigned long']],
+    'NonPagedFrees' : [ 0x8, ['unsigned long']],
+    'NonPagedBytes' : [ 0x10, ['unsigned long long']],
+    'PagedAllocs' : [ 0x18, ['unsigned long']],
+    'PagedFrees' : [ 0x1c, ['unsigned long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x50, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'CycleTime' : [ 0x10, ['unsigned long long']],
+    'ContextSwitches' : [ 0x18, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x20, ['long long']],
+    'WriteOperationCount' : [ 0x28, ['long long']],
+    'OtherOperationCount' : [ 0x30, ['long long']],
+    'ReadTransferCount' : [ 0x38, ['long long']],
+    'WriteTransferCount' : [ 0x40, ['long long']],
+    'OtherTransferCount' : [ 0x48, ['long long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x1d0, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x28, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x30, ['unsigned char']],
+    'PepWokenTransition' : [ 0x31, ['unsigned char']],
+    'Class' : [ 0x32, ['unsigned char']],
+    'TargetIdleState' : [ 0x34, ['unsigned long']],
+    'IdlePolicy' : [ 0x38, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x40, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x48, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower', 3: 'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xdc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xe0, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0xe8, ['long']],
+    'FFHThrottleStateInfo' : [ 0xf0, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x110, ['_KDPC']],
+    'PerfActionMask' : [ 0x150, ['long']],
+    'HvIdleCheck' : [ 0x158, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x168, ['pointer64', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x170, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x178, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x180, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x188, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x190, ['pointer64', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x198, ['unsigned char']],
+    'HvTargetState' : [ 0x199, ['unsigned char']],
+    'Parked' : [ 0x19a, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x19c, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x1a0, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x1a4, ['unsigned long']],
+    'RelativePerformance' : [ 0x1a8, ['unsigned long']],
+    'Utility' : [ 0x1ac, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x1b0, ['unsigned long']],
+    'SnapTimeLast' : [ 0x1b8, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x1b8, ['unsigned long long']],
+    'ActiveTime' : [ 0x1c0, ['unsigned long long']],
+    'TotalTime' : [ 0x1c8, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMPFNENTRY' : [ 0x2, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Priority' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0x40, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x20, {
+    'CompletionRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'RequestorMode' : [ 0x18, ['unsigned char']],
+    'NestingLevel' : [ 0x1c, ['unsigned long']],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_CMHIVE' : [ 0x17a8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0xa68, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0xa98, ['_LIST_ENTRY']],
+    'HiveList' : [ 0xaa8, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0xab8, ['_LIST_ENTRY']],
+    'FailedUnloadList' : [ 0xac8, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0xad8, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0xae0, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0xaf0, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0xaf8, ['unsigned long']],
+    'DeletedKcbTable' : [ 0xb00, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0xb08, ['unsigned long']],
+    'Identity' : [ 0xb0c, ['unsigned long']],
+    'HiveLock' : [ 0xb10, ['pointer64', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0xb18, ['pointer64', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0xb20, ['pointer64', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0xb28, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0xb38, ['unsigned long']],
+    'FlushLogEntry' : [ 0xb40, ['pointer64', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0xb48, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0xb4c, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0xb50, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0xb58, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0xb68, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0xb70, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0xb78, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0xb80, ['pointer64', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0xb88, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0xb90, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0xb94, ['unsigned long']],
+    'ActualFileSize' : [ 0xb98, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0xba0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0xbb0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0xbc0, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0xbd0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0xbe0, ['unsigned long']],
+    'SecurityCacheSize' : [ 0xbe4, ['unsigned long']],
+    'SecurityHitHint' : [ 0xbe8, ['long']],
+    'SecurityCache' : [ 0xbf0, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0xbf8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xff8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x1000, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0x1008, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x1010, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x1018, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x1020, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0x1048, ['unsigned char']],
+    'GrowOffset' : [ 0x104c, ['unsigned long']],
+    'KcbConvertListHead' : [ 0x1050, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0x1060, ['pointer64', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0x1068, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x14f0, ['unsigned long']],
+    'TrustClassEntry' : [ 0x14f8, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x1508, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x1510, ['unsigned long long']],
+    'CmRm' : [ 0x1518, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x1520, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x1524, ['long']],
+    'CreatorOwner' : [ 0x1528, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0x1530, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x1538, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x1540, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x1558, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x1570, ['unsigned long']],
+    'FlushActive' : [ 0x1570, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0x1570, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0x1570, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x1570, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x1574, ['unsigned long']],
+    'ReferenceCount' : [ 0x1578, ['long']],
+    'UnloadHistoryIndex' : [ 0x157c, ['long']],
+    'UnloadHistory' : [ 0x1580, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0x1780, ['unsigned long']],
+    'UnaccessedStart' : [ 0x1784, ['unsigned long']],
+    'UnaccessedEnd' : [ 0x1788, ['unsigned long']],
+    'LoadedKeyCount' : [ 0x178c, ['unsigned long']],
+    'HandleClosePending' : [ 0x1790, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0x1798, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0x17a0, ['unsigned char']],
+    'FailedUnload' : [ 0x17a1, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
+    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
+    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
+    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
+    'AvailableHistory' : [ 0x30, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'HitCount' : [ 0x18, ['unsigned long long']],
+    'LastActivationTime' : [ 0x20, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x28, ['unsigned long long']],
+    'CsActivationTime' : [ 0x30, ['unsigned long long']],
+    'CsActiveTime' : [ 0x38, ['unsigned long long']],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderZero', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderVsmMemory', 30: 'LoaderFirmwareCode', 31: 'LoaderFirmwareData', 32: 'LoaderFirmwareReserved', 33: 'LoaderEnclaveMemory', 34: 'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x408, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x20, ['unsigned char']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xa8, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+} ],
+  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
+    'CurrentSize' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'Epoch' : [ 0x8, ['unsigned long']],
+    'Overflow' : [ 0xc, ['unsigned char']],
+    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x100, {
+    'DriverInit' : [ 0x0, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x8, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x10, ['pointer64', ['void']]],
+    'AddDevice' : [ 0x18, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x20, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x18, {
+    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x10, ['unsigned long']],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x10, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x90, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
+    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
+    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsFlags' : [ 0x50, ['unsigned long']],
+    'TebSelector' : [ 0x88, ['unsigned short']],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_ETIMER' : [ 0x138, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x40, ['unsigned long long']],
+    'TimerApc' : [ 0x48, ['_KAPC']],
+    'TimerDpc' : [ 0xa0, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Period' : [ 0xf0, ['unsigned long']],
+    'TimerFlags' : [ 0xf4, ['unsigned char']],
+    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0xf5, ['unsigned char']],
+    'Spare2' : [ 0xf6, ['unsigned short']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x128, ['unsigned long long']],
+    'CoalescingWindow' : [ 0x130, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x90, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'Count' : [ 0x28, ['unsigned long long']],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'StackTrace' : [ 0x40, ['array', 8, ['pointer64', ['void']]]],
+    'Who' : [ 0x80, ['unsigned long']],
+    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_EXHANDLE' : [ 0x8, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_2155' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_2155']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x150, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['unsigned short']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x120, ['unsigned char']],
+    'TransactionEvent' : [ 0x128, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x130, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x138, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x140, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x148, ['pointer64', ['void']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x1bc0, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x100, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x380, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x440, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x4d0, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x530, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x600, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x8c0, ['_MI_COMBINE_STATE']],
+    'Partitions' : [ 0xa60, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0xac0, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0xb40, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0xc00, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0xc80, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0xdc0, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0xe80, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x1000, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x1060, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x10b0, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x1180, ['_MI_SYSTEM_TRIM_STATE']],
+    'ResTrack' : [ 0x11c0, ['_MI_RESAVAIL_TRACKER']],
+    'Cookie' : [ 0x1540, ['unsigned long long']],
+    'ZeroingDisabled' : [ 0x1548, ['long']],
+    'BootRegistryRuns' : [ 0x1550, ['pointer64', ['pointer64', ['void']]]],
+    'FullyInitialized' : [ 0x1558, ['unsigned char']],
+    'SafeBooted' : [ 0x1559, ['unsigned char']],
+    'LargePfnBitMap' : [ 0x1560, ['_RTL_BITMAP_EX']],
+    'TraceLogging' : [ 0x1570, ['pointer64', ['_TlgProvider_t']]],
+    'Vs' : [ 0x1580, ['_MI_VISIBLE_STATE']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0x18, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x8, ['_PPM_SELECTION_MENU']],
+} ],
+  '__unnamed_21cf' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_21d1' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_21cf']],
+} ],
+  '__unnamed_21d3' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_21d1']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_21d3']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0x640, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x50, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x68, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0xa0, ['unsigned long long']],
+    'SizeOfPagedPoolInPages' : [ 0xa8, ['unsigned long long']],
+    'SystemPteInfo' : [ 0xb0, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0x110, ['unsigned long long']],
+    'BootCommit' : [ 0x118, ['unsigned long long']],
+    'MdlPagesAllocated' : [ 0x120, ['unsigned long long']],
+    'SystemPageTableCommit' : [ 0x128, ['unsigned long long']],
+    'SpecialPagesInUse' : [ 0x130, ['unsigned long long']],
+    'WsOverheadPages' : [ 0x138, ['unsigned long long']],
+    'VadBitmapPages' : [ 0x140, ['unsigned long long']],
+    'ProcessCommit' : [ 0x148, ['unsigned long long']],
+    'SharedCommit' : [ 0x150, ['unsigned long long']],
+    'DriverCommit' : [ 0x158, ['long']],
+    'SystemWs' : [ 0x180, ['array', 3, ['_MMSUPPORT']]],
+    'MapCacheFailures' : [ 0x468, ['unsigned long']],
+    'PagefileHashPages' : [ 0x470, ['unsigned long long']],
+    'PteHeader' : [ 0x478, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x590, ['pointer64', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x598, ['array', 14, ['unsigned long long']]],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_HMAP_TABLE' : [ 0x5000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '_SEP_LOWBOX_HANDLES_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'HandleCount' : [ 0x28, ['unsigned long']],
+    'Handles' : [ 0x30, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x58, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'ProcCap' : [ 0x10, ['unsigned long']],
+    'ProcFloor' : [ 0x14, ['unsigned long']],
+    'PlatformCap' : [ 0x18, ['unsigned long']],
+    'ThermalCap' : [ 0x1c, ['unsigned long']],
+    'LimitReasons' : [ 0x20, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x28, ['unsigned long long']],
+    'TargetPercent' : [ 0x30, ['unsigned long']],
+    'SelectedPercent' : [ 0x34, ['unsigned long']],
+    'SelectedFrequency' : [ 0x38, ['unsigned long']],
+    'PreviousFrequency' : [ 0x3c, ['unsigned long']],
+    'PreviousPercent' : [ 0x40, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x44, ['unsigned long']],
+    'SelectedState' : [ 0x48, ['unsigned long long']],
+    'Force' : [ 0x50, ['unsigned char']],
+} ],
+  '__unnamed_21ef' : [ 0x20, {
+    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
+    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
+    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_21f2' : [ 0x10, {
+    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0xf8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x30, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x78, ['_KDPC']],
+    'MinorFunction' : [ 0xb8, ['unsigned char']],
+    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'PowerState' : [ 0xc0, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
+    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0xd0, ['unsigned char']],
+    'NotifyPEP' : [ 0xd1, ['unsigned char']],
+    'Device' : [ 0xd8, ['__unnamed_21ef']],
+    'System' : [ 0xd8, ['__unnamed_21f2']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xb8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'ProbeRaises' : [ 0x38, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x78, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'WsLinear' : [ 0x88, ['unsigned long']],
+    'PageHashErrors' : [ 0x8c, ['unsigned long']],
+    'CheckZeroCount' : [ 0x90, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x94, ['long']],
+    'BadPagesDetected' : [ 0x98, ['long']],
+    'ScrubPasses' : [ 0x9c, ['long']],
+    'ScrubBadPagesFound' : [ 0xa0, ['long']],
+    'UserViewFailures' : [ 0xa4, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0xa8, ['unsigned long']],
+    'ResavailFailures' : [ 0xac, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xb4, ['unsigned char']],
+    'InitFailure' : [ 0xb5, ['unsigned char']],
+    'StopBadMaps' : [ 0xb6, ['unsigned char']],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_MI_USER_VA_INFO' : [ 0x158, {
+    'NumberOfCommittedPageTables' : [ 0x0, ['unsigned long']],
+    'HighestTopDownAllocationAddress' : [ 0x8, ['pointer64', ['void']]],
+    'VadCell' : [ 0x10, ['array', 2, ['_MI_VAD_ALLOCATION_CELL']]],
+    'VadBitMapCommitment' : [ 0x60, ['unsigned long']],
+    'MaximumLastVadBit' : [ 0x64, ['unsigned long']],
+    'VadsBeingDeleted' : [ 0x68, ['long']],
+    'NumberOfDebugEnclaves' : [ 0x6c, ['long']],
+    'PhysicalMappingCount' : [ 0x70, ['unsigned long long']],
+    'LastVadDeletionEvent' : [ 0x78, ['pointer64', ['_KEVENT']]],
+    'SubVadRanges' : [ 0x80, ['array', 3, ['_LIST_ENTRY']]],
+    'NumaAware' : [ 0xb0, ['unsigned char']],
+    'CloneNestingLevel' : [ 0xb8, ['unsigned long long']],
+    'PrivateFixupVadCount' : [ 0xc0, ['unsigned long long']],
+    'CfgBitMap' : [ 0xc8, ['array', 2, ['_MI_CFG_BITMAP_INFO']]],
+    'CommittedPageTableBufferForTopLevel' : [ 0xf8, ['array', 8, ['unsigned long']]],
+    'CommittedPageTableBitmaps' : [ 0x118, ['array', 3, ['_RTL_BITMAP']]],
+    'PageTableBitmapPages' : [ 0x148, ['array', 3, ['unsigned long']]],
+} ],
+  '_PROC_FEEDBACK' : [ 0x90, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
+    'UnscaledTime' : [ 0x30, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x38, ['long long']],
+    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
+    'UserTimeLast' : [ 0x60, ['unsigned long']],
+    'KernelTimeLast' : [ 0x64, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x68, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x70, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x78, ['unsigned long long']],
+    'StallTime' : [ 0x80, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x88, ['unsigned char']],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x38, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0x18, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_220f' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2213' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2215' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2217' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2219' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_221b' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_221d' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_221f' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2221' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2223' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2225' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2227' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_220f']],
+    'Memory' : [ 0x0, ['__unnamed_220f']],
+    'Interrupt' : [ 0x0, ['__unnamed_2213']],
+    'Dma' : [ 0x0, ['__unnamed_2215']],
+    'DmaV3' : [ 0x0, ['__unnamed_2217']],
+    'Generic' : [ 0x0, ['__unnamed_220f']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2219']],
+    'BusNumber' : [ 0x0, ['__unnamed_221b']],
+    'ConfigData' : [ 0x0, ['__unnamed_221d']],
+    'Memory40' : [ 0x0, ['__unnamed_221f']],
+    'Memory48' : [ 0x0, ['__unnamed_2221']],
+    'Memory64' : [ 0x0, ['__unnamed_2223']],
+    'Connection' : [ 0x0, ['__unnamed_2225']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_2227']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x348, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+    'State' : [ 0x40, ['unsigned char']],
+    'Flags' : [ 0x41, ['unsigned char']],
+    'Removing' : [ 0x42, ['unsigned char']],
+    'Mode' : [ 0x43, ['unsigned char']],
+    'PendingMode' : [ 0x44, ['unsigned char']],
+    'ActivePoint' : [ 0x45, ['unsigned char']],
+    'PendingActivePoint' : [ 0x46, ['unsigned char']],
+    'Critical' : [ 0x47, ['unsigned char']],
+    'ThermalStandby' : [ 0x48, ['unsigned char']],
+    'OverThrottled' : [ 0x49, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x4c, ['long']],
+    'Throttle' : [ 0x50, ['long']],
+    'PendingThrottle' : [ 0x54, ['long']],
+    'ThrottleReasons' : [ 0x58, ['unsigned long']],
+    'LastTime' : [ 0x60, ['unsigned long long']],
+    'SampleRate' : [ 0x68, ['unsigned long']],
+    'LastTemp' : [ 0x6c, ['unsigned long']],
+    'PassiveTimer' : [ 0x70, ['_KTIMER']],
+    'PassiveDpc' : [ 0xb0, ['_KDPC']],
+    'Info' : [ 0xf0, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0x148, ['_LARGE_INTEGER']],
+    'Policy' : [ 0x150, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0x168, ['unsigned char']],
+    'LastActiveStartTime' : [ 0x170, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x178, ['unsigned long long']],
+    'WorkItem' : [ 0x180, ['_WORK_QUEUE_ITEM']],
+    'Lock' : [ 0x1a0, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x1b0, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x1c8, ['_KEVENT']],
+    'InstanceId' : [ 0x1e0, ['unsigned long']],
+    'TelemetryTracker' : [ 0x1e8, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x338, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_REBUILD_LARGE_PAGES' : [ 0x228, {
+    'Active' : [ 0x0, ['long']],
+    'Timer' : [ 0x4, ['array', 64, ['array', 4, ['_MI_REBUILD_LARGE_PAGE_COUNTDOWN']]]],
+    'WorkItem' : [ 0x208, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_HHIVE' : [ 0xa68, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x28, ['pointer64', ['void']]],
+    'FileRead' : [ 0x30, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x38, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x40, ['pointer64', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x48, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x58, ['unsigned long']],
+    'DirtyAlloc' : [ 0x5c, ['unsigned long']],
+    'UnreconciledVector' : [ 0x60, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x70, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x74, ['unsigned long']],
+    'Cluster' : [ 0x78, ['unsigned long']],
+    'Flat' : [ 0x7c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x7c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SystemCacheBacked' : [ 0x7c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x7c, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x7d, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x80, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x84, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x88, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x8c, ['unsigned long']],
+    'HiveFlags' : [ 0x90, ['unsigned long']],
+    'CurrentLog' : [ 0x94, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x98, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x9c, ['unsigned long']],
+    'CurrentLogOffset' : [ 0xa0, ['unsigned long']],
+    'MinimumLogSequence' : [ 0xa4, ['unsigned long']],
+    'LogFileSizeCap' : [ 0xa8, ['unsigned long']],
+    'LogDataPresent' : [ 0xac, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0xae, ['unsigned char']],
+    'BaseBlockDirty' : [ 0xaf, ['unsigned char']],
+    'LastLogSwapTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0xb8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0xb8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0xb8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0xb8, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0xba, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0xbc, ['unsigned long']],
+    'StorageTypeCount' : [ 0xc0, ['unsigned long']],
+    'Version' : [ 0xc4, ['unsigned long']],
+    'ViewMap' : [ 0xc8, ['_HVIEW_MAP']],
+    'Storage' : [ 0x578, ['array', 2, ['_DUAL']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x48, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkFilter' : [ 0x28, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'EventIdFilter' : [ 0x30, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x38, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x40, ['pointer64', ['_EVENT_FILTER_HEADER']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_CM_TRANS' : [ 0xa8, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KtmTrans' : [ 0x30, ['pointer64', ['void']]],
+    'CmRm' : [ 0x38, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x40, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x48, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x50, ['_GUID']],
+    'StartLsn' : [ 0x60, ['unsigned long long']],
+    'TransState' : [ 0x68, ['unsigned long']],
+    'HiveCount' : [ 0x6c, ['unsigned long']],
+    'HiveArray' : [ 0x70, ['array', 7, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x150, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 20, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb0, ['array', 20, ['unsigned long long']]],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_HVIEW_MAP' : [ 0x4b0, {
+    'MappedLength' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Directory' : [ 0x18, ['pointer64', ['_HVIEW_MAP_DIRECTORY']]],
+    'PagesCharged' : [ 0x20, ['unsigned long']],
+    'PinLog' : [ 0x28, ['_HVIEW_MAP_PIN_LOG']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_HVIEW_MAP_DIRECTORY' : [ 0x400, {
+    'Tables' : [ 0x0, ['array', 128, ['pointer64', ['_HVIEW_MAP_TABLE']]]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '__unnamed_229f' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_22a1' : [ 0x20, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_229f']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x38, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'u1' : [ 0x10, ['__unnamed_22a1']],
+    'VerifiedData' : [ 0x30, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '__unnamed_22aa' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22ac' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22ae' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22b0' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_22b2' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_22b4' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22b6' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_22b8' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22ba' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_22bc' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_22aa']],
+    'TargetDevice' : [ 0x0, ['__unnamed_22ac']],
+    'InstallDevice' : [ 0x0, ['__unnamed_22ac']],
+    'CustomNotification' : [ 0x0, ['__unnamed_22ae']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_22b0']],
+    'PowerNotification' : [ 0x0, ['__unnamed_22b2']],
+    'VetoNotification' : [ 0x0, ['__unnamed_22b4']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_22b6']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_22b8']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_22ba']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_22ac']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_22ac']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'DeviceInstanceStartedEvent', 12: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_22bc']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x58, {
+    'Context' : [ 0x0, ['pointer64', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x4c, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x50, ['unsigned long']],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '__unnamed_22d8' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_22d8']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x8, ['unsigned long long']],
+    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0xa8, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NodeGraph' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x10, ['pointer64', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaLastRangeIndex' : [ 0x18, ['unsigned long']],
+    'NumaMemoryRanges' : [ 0x20, ['pointer64', ['_HAL_NODE_RANGE']]],
+    'NumaTableCaptured' : [ 0x28, ['unsigned char']],
+    'NodeShift' : [ 0x29, ['unsigned char']],
+    'ChannelMemoryRanges' : [ 0x30, ['pointer64', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'ChannelShift' : [ 0x38, ['unsigned char']],
+    'SecondLevelCacheSize' : [ 0x3c, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x40, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x44, ['unsigned long']],
+    'AllMainMemoryMustBeCached' : [ 0x48, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x50, ['unsigned long long']],
+    'SecondaryColorMask' : [ 0x58, ['unsigned long']],
+    'SecondaryColors' : [ 0x5c, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x60, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x64, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x68, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x6c, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x70, ['unsigned long long']],
+    'ZeroCostCounts' : [ 0x78, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'PrimaryPfns' : [ 0x98, ['unsigned long long']],
+    'HighestPossiblePhysicalPage' : [ 0xa0, ['unsigned long long']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
+} ],
+  '__unnamed_231c' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_231c']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5b0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xe0, ['_CONTEXT']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x10, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x2c0, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long long']],
+    'AvailableSystemCacheVa' : [ 0x8, ['unsigned long long']],
+    'DynamicBitMapSystemPtes' : [ 0x10, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapDriverImages' : [ 0x60, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapPagedPool' : [ 0x100, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSpecialPool' : [ 0x150, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSystemCache' : [ 0x1a0, ['_MI_DYNAMIC_BITMAP']],
+    'WorkingSetListHashStart' : [ 0x1f0, ['pointer64', ['_MMWSLE_HASH']]],
+    'WorkingSetListHashEnd' : [ 0x1f8, ['pointer64', ['_MMWSLE_HASH']]],
+    'WorkingSetListIndirectHashStart' : [ 0x200, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
+    'FreeSystemCacheVa' : [ 0x208, ['_KEVENT']],
+    'SystemVaLock' : [ 0x220, ['unsigned long long']],
+    'DeleteKvaLock' : [ 0x228, ['long']],
+    'FreeSystemCache' : [ 0x230, ['_MI_PTE_CHAIN_HEAD']],
+    'SystemCacheViewLock' : [ 0x248, ['unsigned long long']],
+    'UnusableWsles' : [ 0x250, ['array', 5, ['unsigned long long']]],
+    'PossibleWsles' : [ 0x278, ['array', 5, ['unsigned long long']]],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
+    'DirtyPages' : [ 0x0, ['unsigned long long']],
+    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
+    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x118, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x10, ['unsigned long']],
+    'InDebugger' : [ 0x14, ['long']],
+    'Pfns' : [ 0x18, ['array', 32, ['pointer64', ['void']]]],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x60, {
+    'ColorSeed' : [ 0x0, ['unsigned long']],
+    'CloneDereferenceEvent' : [ 0x8, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x20, ['_SLIST_HEADER']],
+    'SystemDllBase' : [ 0x30, ['pointer64', ['void']]],
+    'RotatingUniprocessorNumber' : [ 0x38, ['long']],
+    'CriticalSectionTimeout' : [ 0x40, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x48, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMWSLENTRY' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'HighActiveFlink' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'HighActiveBlink' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_COUNTDOWN' : [ 0x2, {
+    'SecondsLeft' : [ 0x0, ['unsigned char']],
+    'SecondsAssigned' : [ 0x1, ['unsigned char']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['unsigned long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
+    'NodeTargetCount' : [ 0x38, ['long']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_PEB32' : [ 0x460, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'SparePvoid0' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['unsigned long']],
+    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
+    'FlsBitmap' : [ 0x218, ['unsigned long']],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pUnused' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['LIST_ENTRY32']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['unsigned long']]],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x10, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_MI_SESSION_STATE' : [ 0x88, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'CodePageEdited' : [ 0x20, ['unsigned char']],
+    'DynamicVaBitBuffer' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'DynamicVaBitBufferPages' : [ 0x30, ['unsigned long long']],
+    'DynamicPoolBitBuffer' : [ 0x38, ['pointer64', ['unsigned long']]],
+    'DynamicVaStart' : [ 0x40, ['pointer64', ['void']]],
+    'DynamicPtesBitBuffer' : [ 0x48, ['pointer64', ['unsigned long']]],
+    'IdLock' : [ 0x50, ['_EX_PUSH_LOCK']],
+    'DetachTimeStamp' : [ 0x58, ['unsigned long']],
+    'LeaderProcess' : [ 0x60, ['pointer64', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x70, ['pointer64', ['_MMWSL']]],
+    'WsHashStart' : [ 0x78, ['pointer64', ['_MMWSLE_HASH']]],
+    'WsHashEnd' : [ 0x80, ['pointer64', ['_MMWSLE_HASH']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+  '_MMSESSION' : [ 0x20, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x8, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x10, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x18, ['unsigned long']],
+    'BitmapFailures' : [ 0x1c, ['unsigned long']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x260, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x250, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x258, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x8, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_23a3' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0x158, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_23a3']],
+    'ReferenceCount' : [ 0x8, ['unsigned long long']],
+    'ParentPartition' : [ 0x10, ['pointer64', ['_MI_PARTITION']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeInformation' : [ 0x28, ['pointer64', ['_MI_NODE_INFORMATION']]],
+    'MdlPhysicalMemoryBlock' : [ 0x30, ['pointer64', ['_MDL']]],
+    'MemoryNodeRuns' : [ 0x38, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x40, ['unsigned long long']],
+    'PfnUnmapWorkItem' : [ 0x48, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapActive' : [ 0x68, ['unsigned char']],
+    'PfnUnmapCount' : [ 0x70, ['unsigned long long']],
+    'PfnUnmapWaitList' : [ 0x78, ['pointer64', ['void']]],
+    'MemoryRuns' : [ 0x80, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x88, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0xa0, ['array', 5, ['pointer64', ['void']]]],
+    'PartitionObject' : [ 0xc8, ['pointer64', ['void']]],
+    'PartitionObjectHandle' : [ 0xd0, ['pointer64', ['void']]],
+    'DynamicMemoryPushLock' : [ 0xd8, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0xe0, ['long']],
+    'TemporaryMemoryEvent' : [ 0xe8, ['_KEVENT']],
+    'MemoryEvents' : [ 0x100, ['array', 11, ['pointer64', ['_KEVENT']]]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x2d0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x60, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0xc0, ['unsigned long long']],
+    'NumberOfMappedMdlsInUse' : [ 0xc8, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0xcc, ['unsigned long']],
+    'MappedFileHeader' : [ 0xd0, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0xf8, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0xf9, ['unsigned char']],
+    'TransitionInserted' : [ 0xfa, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0xfc, ['long']],
+    'LastMappedWriteError' : [ 0x100, ['long']],
+    'MappedFileWriteSucceeded' : [ 0x104, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0x108, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0x10c, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0x110, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0x128, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0x130, ['unsigned long long']],
+    'ModifiedPageWriterEvent' : [ 0x138, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0x150, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0x168, ['long']],
+    'WriteAllMappedPages' : [ 0x16c, ['long']],
+    'MappedPageWriterEvent' : [ 0x170, ['_KEVENT']],
+    'ModWriteData' : [ 0x188, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x1c8, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x1e0, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x208, ['pointer64', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x210, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x218, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x238, ['unsigned long']],
+    'ClusterWritesDisabled' : [ 0x23c, ['array', 2, ['long']]],
+    'NotifyStoreMemoryConditions' : [ 0x248, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x260, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x264, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x268, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x270, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x290, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x298, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x2b8, ['long']],
+    'WorkingSetSwapLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x2c8, ['long']],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_KPRIQUEUE' : [ 0x2b0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x298, ['unsigned long']],
+    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_23c0' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x538, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long long']]],
+    'LargePages' : [ 0x10, ['array', 2, ['array', 2, ['array', 4, ['_LIST_ENTRY']]]]],
+    'LargePagesCount' : [ 0x110, ['array', 2, ['array', 2, ['array', 4, ['unsigned long long']]]]],
+    'StandbyPageList' : [ 0x190, ['array', 4, ['array', 8, ['_MMPFNLIST_SHORT']]]],
+    'FreeCount' : [ 0x490, ['array', 2, ['unsigned long long']]],
+    'TotalPages' : [ 0x4a0, ['array', 4, ['unsigned long long']]],
+    'TotalPagesEntireNode' : [ 0x4c0, ['unsigned long long']],
+    'MmShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'Color' : [ 0x4cc, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x4d0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'Flags' : [ 0x510, ['__unnamed_23c0']],
+    'NodeLock' : [ 0x518, ['_EX_PUSH_LOCK']],
+    'ChannelStatus' : [ 0x520, ['unsigned char']],
+    'ChannelOrdering' : [ 0x521, ['array', 4, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x525, ['array', 4, ['unsigned char']]],
+    'PowerAttribute' : [ 0x529, ['array', 4, ['unsigned char']]],
+    'LargePageLock' : [ 0x530, ['unsigned long long']],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_WAITING_IRP' : [ 0x38, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'Information' : [ 0x30, ['unsigned long']],
+    'BreakAllRH' : [ 0x34, ['unsigned char']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x8, ['pointer64', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x240, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'SchedulingGroupList' : [ 0x28, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x28, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x38, ['pointer64', ['_KDPC']]],
+    'ChildList' : [ 0x40, ['_LIST_ENTRY']],
+    'Parent' : [ 0x50, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned long long')]],
+    'ExecutePrivilege' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
+    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x28, ['unsigned char']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+} ],
+  '__unnamed_23f3' : [ 0x8, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_SECTION' : [ 0x40, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u1' : [ 0x28, ['__unnamed_23f3']],
+    'SizeOfSection' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_16ec']],
+    'InitialPageProtection' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x3c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SECTION_STATE' : [ 0x280, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionExtendLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'SectionExtendSetLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'SectionBasedRoot' : [ 0x18, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'UnusedSubsectionPagedPool' : [ 0x28, ['unsigned long long']],
+    'UnusedSegmentForceFree' : [ 0x30, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x34, ['unsigned long']],
+    'HighSectionBase' : [ 0x38, ['pointer64', ['void']]],
+    'PhysicalSubsection' : [ 0x40, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0xb0, ['_CONTROL_AREA']],
+    'DanglingExtentsPages' : [ 0x128, ['pointer64', ['_MMPFN']]],
+    'DanglingExtentsLock' : [ 0x130, ['long']],
+    'DanglingExtentsWorkItem' : [ 0x138, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsWorkerActive' : [ 0x158, ['unsigned char']],
+    'PageFileSectionHead' : [ 0x160, ['_RTL_AVL_TREE']],
+    'PageFileSectionListSpinLock' : [ 0x168, ['long']],
+    'SharedSegmentCharges' : [ 0x170, ['_MI_CROSS_PARTITION_CHARGES']],
+    'SharedPageCombineCharges' : [ 0x198, ['_MI_CROSS_PARTITION_CHARGES']],
+    'ImageBias' : [ 0x1c0, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0x1c8, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0x1d0, ['_RTL_BITMAP']],
+    'ImageBias64Low' : [ 0x1e0, ['unsigned long']],
+    'ImageBias64High' : [ 0x1e4, ['unsigned long']],
+    'ImageBitMap64Low' : [ 0x1e8, ['_RTL_BITMAP']],
+    'ImageBitMap64High' : [ 0x1f8, ['_RTL_BITMAP']],
+    'ImageBitMapWow64Dll' : [ 0x208, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0x218, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x220, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0x228, ['unsigned long long']],
+    'LostDataFiles' : [ 0x230, ['unsigned long']],
+    'LostDataPages' : [ 0x234, ['unsigned long']],
+    'ImageFailureReason' : [ 0x238, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x240, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x248, ['pointer64', ['_CONTROL_AREA']]],
+    'CfgBitMapSection64' : [ 0x250, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea64' : [ 0x258, ['pointer64', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x260, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x264, ['long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_2400' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2402' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2404' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2406' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_2404']],
+    'Translated' : [ 0x0, ['__unnamed_2402']],
+} ],
+  '__unnamed_2408' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_240a' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_240c' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_240e' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2410' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2412' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2414' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2416' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_2400']],
+    'Port' : [ 0x0, ['__unnamed_2400']],
+    'Interrupt' : [ 0x0, ['__unnamed_2402']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2406']],
+    'Memory' : [ 0x0, ['__unnamed_2400']],
+    'Dma' : [ 0x0, ['__unnamed_2408']],
+    'DmaV3' : [ 0x0, ['__unnamed_240a']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2219']],
+    'BusNumber' : [ 0x0, ['__unnamed_240c']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_240e']],
+    'Memory40' : [ 0x0, ['__unnamed_2410']],
+    'Memory48' : [ 0x0, ['__unnamed_2412']],
+    'Memory64' : [ 0x0, ['__unnamed_2414']],
+    'Connection' : [ 0x0, ['__unnamed_2225']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2416']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_241e' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_241e']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
+    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
+    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'SizeOfTable' : [ 0x14, ['unsigned long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x38, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'FirstPteForPagedPool' : [ 0x18, ['pointer64', ['_MMPTE']]],
+    'MaximumSize' : [ 0x20, ['unsigned long long']],
+    'PagedPoolHint' : [ 0x28, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x30, ['unsigned long long']],
+} ],
+  '__unnamed_2430' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x8, ['__unnamed_2430']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x18, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0x10, ['pointer64', ['unsigned long']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0x188, {
+    'Partition' : [ 0x0, ['pointer64', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0x18, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x40, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x48, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x58, ['unsigned long long']],
+    'CombinePageListHeads' : [ 0x60, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0x160, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_DEVICE' : [ 0x278, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DevNode' : [ 0x30, ['pointer64', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x50, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x58, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x68, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x70, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0xa8, ['pointer64', ['void']]],
+    'AcpiLink' : [ 0xb0, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0xc0, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0xd0, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0xf0, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x110, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0x148, ['unsigned long long']],
+    'IdleTimer' : [ 0x150, ['_KTIMER']],
+    'IdleDpc' : [ 0x190, ['_KDPC']],
+    'IdleTimeout' : [ 0x1d0, ['unsigned long long']],
+    'IdleStamp' : [ 0x1d8, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x1e0, ['array', 2, ['pointer64', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x1f0, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x1f8, ['array', 2, ['pointer64', ['void']]]],
+    'NextIrpCallerContext' : [ 0x208, ['array', 2, ['pointer64', ['void']]]],
+    'IrpCompleteEvent' : [ 0x218, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x230, ['pointer64', ['void']]],
+    'Accounting' : [ 0x238, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x268, ['unsigned long']],
+    'ComponentCount' : [ 0x26c, ['unsigned long']],
+    'Components' : [ 0x270, ['pointer64', ['pointer64', ['_POP_FX_COMPONENT']]]],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2458' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_245a' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2458']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x60, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x40, ['pointer64', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x48, ['_LIST_ENTRY']],
+    'Specific' : [ 0x58, ['__unnamed_245a']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x1a0, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+    'CrossPartition' : [ 0x18, ['_MI_PAGE_COMBINING_SUPPORT']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x30, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long long']],
+    'BadPagesDetected' : [ 0x8, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
+    'ScrubPasses' : [ 0x10, ['long']],
+    'ScrubBadPagesFound' : [ 0x14, ['long']],
+    'PageHashErrors' : [ 0x18, ['unsigned long']],
+    'FeatureBits' : [ 0x20, ['unsigned long long']],
+    'TimeZoneId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x68, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '_DELAY_ACK_FO' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x28, {
+    'CurrentCharges' : [ 0x0, ['unsigned long long']],
+    'ChargeFailures' : [ 0x8, ['unsigned long long']],
+    'ChargePeak' : [ 0x10, ['unsigned long long']],
+    'ChargeMinimum' : [ 0x18, ['unsigned long long']],
+    'ChargeMaximum' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x38, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long long']],
+    'TrimInProgressCount' : [ 0x8, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x10, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x28, ['array', 3, ['unsigned long']]],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SpareUlong' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_RESAVAIL_TRACKER' : [ 0x380, {
+    'AllocateKernelStack' : [ 0x0, ['unsigned long long']],
+    'AllocateGrowKernelStack' : [ 0x8, ['unsigned long long']],
+    'FreeKernelStack' : [ 0x10, ['unsigned long long']],
+    'FreeKernelStackError' : [ 0x18, ['unsigned long long']],
+    'FreeGrowKernelStackError' : [ 0x20, ['unsigned long long']],
+    'AllocateCreateProcess' : [ 0x28, ['unsigned long long']],
+    'FreeCreateProcessError' : [ 0x30, ['unsigned long long']],
+    'FreeDeleteProcess' : [ 0x38, ['unsigned long long']],
+    'FreeCleanProcess' : [ 0x40, ['unsigned long long']],
+    'FreeCleanProcessError' : [ 0x48, ['unsigned long long']],
+    'AllocateAddProcessWsMetaPage' : [ 0x50, ['unsigned long long']],
+    'AllocateWsIncrease' : [ 0x58, ['unsigned long long']],
+    'FreeWsIncreaseError' : [ 0x60, ['unsigned long long']],
+    'FreeWsIncreaseErrorMax' : [ 0x68, ['unsigned long long']],
+    'FreeWsDecrease' : [ 0x70, ['unsigned long long']],
+    'AllocateWorkingSetPage' : [ 0x78, ['unsigned long long']],
+    'FreeWorkingSetPageError' : [ 0x80, ['unsigned long long']],
+    'FreeDeletePteRange' : [ 0x88, ['unsigned long long']],
+    'AllocatePageTablesForProcessMetadata' : [ 0x90, ['unsigned long long']],
+    'FreePageTablesForProcessMetadataError2' : [ 0x98, ['unsigned long long']],
+    'AllocatePageTablesForSystem' : [ 0xa0, ['unsigned long long']],
+    'FreePageTablesExcess' : [ 0xa8, ['unsigned long long']],
+    'FreeSystemVaPageTables' : [ 0xb0, ['unsigned long long']],
+    'FreeSessionVaPageTables' : [ 0xb8, ['unsigned long long']],
+    'AllocateCreateSession' : [ 0xc0, ['unsigned long long']],
+    'FreeSessionWsDereference' : [ 0xc8, ['unsigned long long']],
+    'FreeSessionDereference' : [ 0xd0, ['unsigned long long']],
+    'AllocateLockedSessionImage' : [ 0xd8, ['unsigned long long']],
+    'FreeLockedSessionImage' : [ 0xe0, ['unsigned long long']],
+    'FreeSessionImageConversion' : [ 0xe8, ['unsigned long long']],
+    'AllocateWsAdjustPageTable' : [ 0xf0, ['unsigned long long']],
+    'FreeWsAdjustPageTable' : [ 0xf8, ['unsigned long long']],
+    'FreeWsAdjustPageTableError' : [ 0x100, ['unsigned long long']],
+    'AllocateNoLowMemory' : [ 0x108, ['unsigned long long']],
+    'AllocatePagedPoolLockedDown' : [ 0x110, ['unsigned long long']],
+    'FreePagedPoolLockedDown' : [ 0x118, ['unsigned long long']],
+    'AllocateSystemBitmaps' : [ 0x120, ['unsigned long long']],
+    'FreeSystemBitmapsError' : [ 0x128, ['unsigned long long']],
+    'AllocateForMdl' : [ 0x130, ['unsigned long long']],
+    'FreeFromMdl' : [ 0x138, ['unsigned long long']],
+    'AllocateForMdlPartition' : [ 0x140, ['unsigned long long']],
+    'FreeFromMdlPartition' : [ 0x148, ['unsigned long long']],
+    'FreeMdlExcess' : [ 0x150, ['unsigned long long']],
+    'AllocateExpansionNonPagedPool' : [ 0x158, ['unsigned long long']],
+    'FreeExpansionNonPagedPool' : [ 0x160, ['unsigned long long']],
+    'AllocateVad' : [ 0x168, ['unsigned long long']],
+    'RemoveVad' : [ 0x170, ['unsigned long long']],
+    'FreeVad' : [ 0x178, ['unsigned long long']],
+    'AllocateContiguous' : [ 0x180, ['unsigned long long']],
+    'FreeContiguousPages' : [ 0x188, ['unsigned long long']],
+    'FreeContiguousError' : [ 0x190, ['unsigned long long']],
+    'FreeLargePageMemory' : [ 0x198, ['unsigned long long']],
+    'AllocateSystemWsles' : [ 0x1a0, ['unsigned long long']],
+    'FreeSystemWsles' : [ 0x1a8, ['unsigned long long']],
+    'AllocateSystemInitWs' : [ 0x1b0, ['unsigned long long']],
+    'AllocateSessionInitWs' : [ 0x1b8, ['unsigned long long']],
+    'FreeSessionInitWsError' : [ 0x1c0, ['unsigned long long']],
+    'AllocateSystemImage' : [ 0x1c8, ['unsigned long long']],
+    'AllocateSystemImageLoad' : [ 0x1d0, ['unsigned long long']],
+    'AllocateSessionSharedImage' : [ 0x1d8, ['unsigned long long']],
+    'FreeSystemImageInitCode' : [ 0x1e0, ['unsigned long long']],
+    'FreeSystemImageLargePageConversion' : [ 0x1e8, ['unsigned long long']],
+    'FreeSystemImageError' : [ 0x1f0, ['unsigned long long']],
+    'FreeSystemImageLoadExcess' : [ 0x1f8, ['unsigned long long']],
+    'FreeUnloadSystemImage' : [ 0x200, ['unsigned long long']],
+    'FreeReloadBootImageLarge' : [ 0x208, ['unsigned long long']],
+    'FreeIndependent' : [ 0x210, ['unsigned long long']],
+    'AllocateHotRemove' : [ 0x218, ['unsigned long long']],
+    'FreeHotAdd' : [ 0x220, ['unsigned long long']],
+    'AllocateBoot' : [ 0x228, ['unsigned long long']],
+    'FreeLoaderBlock' : [ 0x230, ['unsigned long long']],
+    'AllocateNonPagedSpecialPool' : [ 0x238, ['unsigned long long']],
+    'FreeNonPagedSpecialPoolError' : [ 0x240, ['unsigned long long']],
+    'FreeNonPagedSpecialPool' : [ 0x248, ['unsigned long long']],
+    'AllocateSharedSegmentPage' : [ 0x250, ['unsigned long long']],
+    'FreeSharedSegmentPage' : [ 0x258, ['unsigned long long']],
+    'AllocateZeroPage' : [ 0x260, ['unsigned long long']],
+    'FreeZeroPage' : [ 0x268, ['unsigned long long']],
+    'AllocateForPo' : [ 0x270, ['unsigned long long']],
+    'AllocateForPoForce' : [ 0x278, ['unsigned long long']],
+    'FreeForPo' : [ 0x280, ['unsigned long long']],
+    'AllocateThreadHardFaultBehavior' : [ 0x288, ['unsigned long long']],
+    'FreeThreadHardFaultBehavior' : [ 0x290, ['unsigned long long']],
+    'ObtainFaultCharges' : [ 0x298, ['unsigned long long']],
+    'FreeFaultCharges' : [ 0x2a0, ['unsigned long long']],
+    'AllocateStoreCharges' : [ 0x2a8, ['unsigned long long']],
+    'FreeStoreCharges' : [ 0x2b0, ['unsigned long long']],
+    'ObtainLockedPageCharge' : [ 0x2c0, ['unsigned long long']],
+    'FreeLockedPageCharge' : [ 0x300, ['unsigned long long']],
+    'AllocateStore' : [ 0x308, ['unsigned long long']],
+    'FreeStore' : [ 0x310, ['unsigned long long']],
+    'AllocateSystemImageProtos' : [ 0x318, ['unsigned long long']],
+    'FreeSystemImageProtos' : [ 0x320, ['unsigned long long']],
+    'AllocateModWriterCharge' : [ 0x328, ['unsigned long long']],
+    'FreeModWriterCharge' : [ 0x330, ['unsigned long long']],
+    'AllocateMappedWriterCharge' : [ 0x338, ['unsigned long long']],
+    'FreeMappedWriterCharge' : [ 0x340, ['unsigned long long']],
+    'AllocateRegistryCharges' : [ 0x348, ['unsigned long long']],
+    'FreeRegistryCharges' : [ 0x350, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x38, ['long']],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x10, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x8, ['long']],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '__unnamed_24ce' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_24d0' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_24d2' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_24d4' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_24ce']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_24d0']],
+    'Raw' : [ 0x0, ['__unnamed_24d2']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DirtyVectorModified', 1: 'DirtyDataCaptureStart', 2: 'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0xc, ['__unnamed_24d4']],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0x1a0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x10, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x40, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x70, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedBitMapMaximum' : [ 0xb0, ['unsigned long long']],
+    'DynamicBitMapNonPagedPool' : [ 0xb8, ['_MI_DYNAMIC_BITMAP']],
+    'NonPagedPoolLowestPage' : [ 0x108, ['unsigned long long']],
+    'NonPagedPoolHighestPage' : [ 0x110, ['unsigned long long']],
+    'AllocatedNonPagedPool' : [ 0x118, ['unsigned long long']],
+    'PartialLargePoolRegions' : [ 0x120, ['unsigned long long']],
+    'PagesInPartialLargePoolRegions' : [ 0x128, ['unsigned long long']],
+    'CachedNonPagedPoolCount' : [ 0x130, ['unsigned long long']],
+    'NonPagedPoolSpinLock' : [ 0x138, ['unsigned long long']],
+    'CachedNonPagedPool' : [ 0x140, ['pointer64', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x148, ['pointer64', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x150, ['pointer64', ['void']]],
+    'NonPagedBitMap' : [ 0x158, ['array', 3, ['_RTL_BITMAP_EX']]],
+    'NonPagedHint' : [ 0x188, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LockState' : [ 0x0, ['pointer64', ['void']]],
+    'SessionState' : [ 0x8, ['pointer64', ['void']]],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'SessionPad' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_24e4' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x80, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_24e4']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'EvictionThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x28, ['_KEVENT']],
+    'EvictFlushCompleteEvent' : [ 0x40, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x60, ['_SLIST_HEADER']],
+    'EvictFlushLock' : [ 0x70, ['long']],
+    'ModifiedWriteFailedBitmap' : [ 0x78, ['pointer64', ['_RTL_BITMAP']]],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x10, ['unsigned long']],
+    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['unsigned long']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x30, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Vad' : [ 0x20, ['pointer64', ['_MMVAD_SHORT']]],
+    'SubListIndex' : [ 0x28, ['unsigned short']],
+    'Hint' : [ 0x2a, ['unsigned short']],
+    'SetBits' : [ 0x2c, ['unsigned long']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
+    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '__unnamed_2522' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x110, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x58, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x68, ['array', 3, ['__unnamed_2522']]],
+    'WakeAlarmPaused' : [ 0xb0, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb8, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc0, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x28, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPending' : [ 0x2a, ['unsigned char']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['unsigned short']]],
+    'DriverName' : [ 0x50, ['pointer64', ['unsigned short']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e0, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x18, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0x10, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x28, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0x18, ['_RTL_BITMAP']],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x28, {
+    'NextEntry' : [ 0x0, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x410, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
+    'ProcessGroupId' : [ 0x408, ['unsigned long']],
+    'LoaderThreads' : [ 0x40c, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_LOCK_HEADER' : [ 0x20, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x8, ['unsigned long long']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+    'Valid' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MMSECTION_FLAGS2' : [ 0x4, {
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'NumberOfChildViews' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xe0, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+    'Xcr0' : [ 0xd8, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_PEB64' : [ 0x7a0, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'SparePvoid0' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['unsigned long long']],
+    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
+    'FlsBitmap' : [ 0x338, ['unsigned long long']],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pUnused' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['LIST_ENTRY64']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['unsigned long long']]],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MSUBSECTION' : [ 0x70, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x38, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_25ee' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x1f40, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_25ee']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
+    'NonPagablePages' : [ 0x28, ['unsigned long long']],
+    'CommittedPages' : [ 0x30, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x58, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x68, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x70, ['unsigned long']],
+    'AttachCount' : [ 0x74, ['unsigned long']],
+    'AttachGate' : [ 0x78, ['_KGATE']],
+    'WsListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0xc0, ['array', 21, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xb40, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xb60, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xb98, ['_MMSUPPORT']],
+    'Wsle' : [ 0xc90, ['pointer64', ['_MMWSLE']]],
+    'DriverUnload' : [ 0xc98, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PagedPool' : [ 0xcc0, ['_POOL_DESCRIPTOR']],
+    'PageDirectory' : [ 0x1e00, ['_MMPTE']],
+    'SessionVaLock' : [ 0x1e08, ['_EX_PUSH_LOCK']],
+    'DynamicVaBitMap' : [ 0x1e10, ['_RTL_BITMAP']],
+    'DynamicVaHint' : [ 0x1e20, ['unsigned long']],
+    'SpecialPool' : [ 0x1e28, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1e78, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x1e80, ['long']],
+    'PagedPoolPdeCount' : [ 0x1e84, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1e88, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1e8c, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1e90, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1ef0, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1ef8, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x1f00, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1f08, ['unsigned long long']],
+    'IoState' : [ 0x1f10, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1f14, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1f18, ['_KEVENT']],
+    'ServerSilo' : [ 0x1f30, ['pointer64', ['_EJOB']]],
+    'CreateTime' : [ 0x1f38, ['unsigned long long']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x60, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x20, ['unsigned long long']],
+    'ActualExpansion' : [ 0x28, ['unsigned long long']],
+    'Event' : [ 0x30, ['_KEVENT']],
+    'InProgress' : [ 0x48, ['long']],
+    'u' : [ 0x4c, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+    'ActiveEntry' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'AttemptForCantExtend' : [ 0x58, ['unsigned char']],
+    'PageFileContract' : [ 0x59, ['unsigned char']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '__unnamed_25ff' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_2603' : [ 0x8, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x88, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x40, ['__unnamed_25ff']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u4' : [ 0x78, ['__unnamed_2603']],
+    'FileObject' : [ 0x80, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x8, ['long long']],
+    'SidCount' : [ 0x10, ['unsigned long']],
+    'SidValuesStart' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x60, {
+    'PartitionLock' : [ 0x0, ['unsigned long long']],
+    'PartitionIdLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x10, ['unsigned long long']],
+    'PartitionList' : [ 0x18, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x30, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x40, ['array', 1, ['pointer64', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x48, ['pointer64', ['pointer64', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x50, ['unsigned long long']],
+    'CrossPartitionDenials' : [ 0x58, ['unsigned long']],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x20, ['unsigned char']],
+    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
+    'OplockState' : [ 0x90, ['unsigned long']],
+    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
+} ],
+  '_MI_LARGEPAGE_MEMORY_INFO' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ColoredPageInfoBase' : [ 0x10, ['pointer64', ['_COLORED_PAGE_INFO']]],
+    'PagesNeedZeroing' : [ 0x18, ['unsigned long']],
+    'LargeImageBias' : [ 0x1c, ['unsigned char']],
+    'Spare' : [ 0x1d, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x20, ['unsigned long long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x90, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Foreground' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'WindowInformation' : [ 0x68, ['unsigned long']],
+    'PixelArea' : [ 0x6c, ['unsigned long']],
+    'PixelReportTimestamp' : [ 0x70, ['long long']],
+    'PixelTime' : [ 0x78, ['unsigned long long']],
+    'ForegroundReportTimestamp' : [ 0x80, ['long long']],
+    'ForegroundTime' : [ 0x88, ['unsigned long long']],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x98, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x8, ['unsigned long long']],
+    'DummyPagePfn' : [ 0x10, ['pointer64', ['_MMPFN']]],
+    'DummyPage' : [ 0x18, ['unsigned long long']],
+    'PageOfZeroes' : [ 0x20, ['unsigned long long']],
+    'ZeroMapping' : [ 0x28, ['pointer64', ['void']]],
+    'OnesMapping' : [ 0x30, ['pointer64', ['void']]],
+    'BitmapGapFrames' : [ 0x38, ['array', 4, ['unsigned long long']]],
+    'PfnGapFrames' : [ 0x58, ['array', 4, ['unsigned long long']]],
+    'PageTableOfZeroes' : [ 0x78, ['unsigned long long']],
+    'PdeOfZeroes' : [ 0x80, ['_MMPTE']],
+    'PageTableOfOnes' : [ 0x88, ['unsigned long long']],
+    'PdeOfOnes' : [ 0x90, ['_MMPTE']],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_MMPFNLIST_SHORT' : [ 0x18, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Flink' : [ 0x8, ['unsigned long long']],
+    'Blink' : [ 0x10, ['unsigned long long']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_MI_VAD_ALLOCATION_CELL' : [ 0x28, {
+    'AllocationBitMap' : [ 0x0, ['_RTL_BITMAP']],
+    'BitMapHint' : [ 0x10, ['unsigned long']],
+    'LastAllocationSize' : [ 0x14, ['unsigned long']],
+    'LastAllocationSizeHint' : [ 0x18, ['unsigned long']],
+    'LowestBottomUpVadBit' : [ 0x1c, ['unsigned long']],
+    'LowestBottomUpAllocationAddress' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x28, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
+    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
+    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2647' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x78, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x20, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x28, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x30, ['unsigned long long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x38, ['unsigned long long']],
+    'MdlHack' : [ 0x40, ['__unnamed_2647']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x190, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'ProcessorCount' : [ 0xc0, ['unsigned long']],
+    'Class' : [ 0xc4, ['unsigned char']],
+    'Spare' : [ 0xc5, ['array', 3, ['unsigned char']]],
+    'Processors' : [ 0xc8, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0xd0, ['pointer64', ['void']]],
+    'TimeWindowHandler' : [ 0xd8, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0xe0, ['pointer64', ['void']]],
+    'BoostModeHandler' : [ 0xe8, ['pointer64', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0xf0, ['pointer64', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0xf8, ['pointer64', ['void']]],
+    'AutonomousModeHandler' : [ 0x100, ['pointer64', ['void']]],
+    'ReinitializeHandler' : [ 0x108, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x110, ['pointer64', ['void']]],
+    'PerfControlHandler' : [ 0x118, ['pointer64', ['void']]],
+    'MaxFrequency' : [ 0x120, ['unsigned long']],
+    'NominalFrequency' : [ 0x124, ['unsigned long']],
+    'MaxPercent' : [ 0x128, ['unsigned long']],
+    'MinPerfPercent' : [ 0x12c, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x130, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x138, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x140, ['unsigned long long']],
+    'Coordination' : [ 0x148, ['unsigned char']],
+    'HardPlatformCap' : [ 0x149, ['unsigned char']],
+    'AffinitizeControl' : [ 0x14a, ['unsigned char']],
+    'EfficientThrottle' : [ 0x14b, ['unsigned char']],
+    'AutonomousMode' : [ 0x14c, ['unsigned char']],
+    'SelectedPercent' : [ 0x150, ['unsigned long']],
+    'SelectedFrequency' : [ 0x154, ['unsigned long']],
+    'DesiredPercent' : [ 0x158, ['unsigned long']],
+    'MaxPolicyPercent' : [ 0x15c, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x160, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0x164, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0x168, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x16c, ['unsigned long']],
+    'TolerancePercent' : [ 0x170, ['unsigned long']],
+    'SelectedState' : [ 0x178, ['unsigned long long']],
+    'PerfChangeTime' : [ 0x180, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x188, ['unsigned long']],
+    'Force' : [ 0x18c, ['unsigned char']],
+    'ProvideGuidance' : [ 0x18d, ['unsigned char']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_TABLE' : [ 0x800, {
+    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x8, ['pointer64', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x10, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_RELATION_LIST' : [ 0x10, {
+    'DeviceObjectList' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x8, ['unsigned char']],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MI_STANDBY_STATE' : [ 0xc0, {
+    'TransitionSharedPages' : [ 0x0, ['unsigned long long']],
+    'TransitionSharedPagesPeak' : [ 0x8, ['array', 3, ['unsigned long long']]],
+    'FirstDecayPage' : [ 0x20, ['unsigned long long']],
+    'PfnDecayFreeSList' : [ 0x30, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x40, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x48, ['_KDPC']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'Enabled' : [ 0x8, ['unsigned long']],
+    'DisableAccessLogging' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'MinLoggingPriority' : [ 0x30, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x18, {
+    'QueueHead' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueTail' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x10, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0x40, ['_RTL_BITMAP']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
+    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x18, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '__unnamed_2691' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2695' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_2691']],
+    'Bits' : [ 0x4, ['__unnamed_2695']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'DataLow' : [ 0x0, ['long long']],
+    'DataHigh' : [ 0x8, ['long long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_FAST_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x80, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x10, ['short']],
+    'SpecialApcDisable' : [ 0x12, ['short']],
+    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
+    'Irql' : [ 0x14, ['unsigned char']],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_DYNAMIC_FUNCTION_TABLE' : [ 0x58, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
+    'MinimumAddress' : [ 0x20, ['unsigned long long']],
+    'MaximumAddress' : [ 0x28, ['unsigned long long']],
+    'BaseAddress' : [ 0x30, ['unsigned long long']],
+    'Callback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['unsigned short']]],
+    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'RF_SORTED', 1: 'RF_UNSORTED', 2: 'RF_CALLBACK', 3: 'RF_KERNEL_DYNAMIC'})]],
+    'EntryCount' : [ 0x54, ['unsigned long']],
+} ],
+  '_SEP_LOWBOX_HANDLES_TABLE' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_26b7' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_26b9' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_26b7']],
+    'Button' : [ 0x10, ['__unnamed_26b9']],
+} ],
+  '_KDPC_DATA' : [ 0x28, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_KSCB' : [ 0x198, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x70, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x70, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x70, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x70, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x70, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare1' : [ 0x70, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x71, ['unsigned char']],
+    'ReadySummary' : [ 0x72, ['unsigned short']],
+    'Rank' : [ 0x74, ['unsigned long']],
+    'ReadyListHead' : [ 0x78, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0x178, ['_RTL_RB_TREE']],
+    'Parent' : [ 0x188, ['pointer64', ['_KSCB']]],
+    'Root' : [ 0x190, ['pointer64', ['_KSCB']]],
+} ],
+  '__unnamed_26c8' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_26c9' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_26c8']],
+    'Merged' : [ 0x10, ['__unnamed_26c9']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x68, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x18, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x1c, ['long']],
+    'FirstReservedZeroingPte' : [ 0x20, ['pointer64', ['_MMPTE']]],
+    'RebalanceZeroFreeWorkItem' : [ 0x28, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x48, ['long']],
+    'Gate' : [ 0x50, ['_KGATE']],
+} ],
+  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
+    'BeginAddress' : [ 0x0, ['unsigned long']],
+    'EndAddress' : [ 0x4, ['unsigned long']],
+    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
+    'UnwindData' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_26d8' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_26d8']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Processors' : [ 0x8, ['unsigned long']],
+    'ActiveProcessors' : [ 0xc, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_26f0' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_26f2' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_26f0']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x110, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_26f2']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'PoolPageHeaders' : [ 0x30, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x40, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x50, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x54, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x5c, ['unsigned long']],
+    'PagedBytes' : [ 0x60, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x70, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x80, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x84, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x88, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x8c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x90, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x94, ['unsigned long']],
+    'LockedBytes' : [ 0x98, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xa0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xc0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xd0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xe8, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0xf8, ['unsigned long']],
+    'ExecutePageProtections' : [ 0xfc, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x100, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x104, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x108, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x58, {
+    'Sibling' : [ 0x0, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x78, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
+    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
+    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned long']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0xc0, {
+    'FixupLock' : [ 0x0, ['long']],
+    'FixupList' : [ 0x8, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x18, ['_KMUTANT']],
+    'FirstLoadEver' : [ 0x50, ['unsigned char']],
+    'LargePageAll' : [ 0x51, ['unsigned char']],
+    'LastPage' : [ 0x58, ['unsigned long long']],
+    'LargePageList' : [ 0x60, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x70, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x80, ['array', 2, ['pointer64', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x90, ['unsigned long long']],
+    'PageCounts' : [ 0x98, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0xa8, ['_EX_PUSH_LOCK']],
+    'ErrataPte' : [ 0xb0, ['pointer64', ['_MMPTE']]],
+    'ErrataPteMapped' : [ 0xb8, ['unsigned long']],
+} ],
+  '_PTE_TRACKER' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x4, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'IsInTempBin' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2724' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x10, ['pointer64', ['void']]],
+    'ExceptionTableSize' : [ 0x18, ['unsigned long']],
+    'GpValue' : [ 0x20, ['pointer64', ['void']]],
+    'NonPagedDebugInfo' : [ 0x28, ['pointer64', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'u1' : [ 0x6e, ['__unnamed_2724']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x7c, ['unsigned long']],
+    'CoverageSection' : [ 0x80, ['pointer64', ['void']]],
+    'LoadedImports' : [ 0x88, ['pointer64', ['void']]],
+    'Spare' : [ 0x90, ['pointer64', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x98, ['unsigned long']],
+    'TimeDateStamp' : [ 0x9c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
+    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'Scaling' : [ 0x22, ['unsigned char']],
+    'Context' : [ 0x28, ['unsigned long long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x50, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x8, ['long']],
+    'PrefetchSeekThreshold' : [ 0xc, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x30, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x34, ['unsigned long']],
+    'DelayPageFaults' : [ 0x38, ['long']],
+    'FileCompressionBoundary' : [ 0x3c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x40, ['unsigned char']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x28, {
+    'BlockOffset' : [ 0x0, ['unsigned long long']],
+    'PermanentBinAddress' : [ 0x8, ['unsigned long long']],
+    'TemporaryBinAddress' : [ 0x10, ['unsigned long long']],
+    'TemporaryBinRundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+    'MemAlloc' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x28, ['unsigned char']],
+    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x400, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x270, ['unsigned long']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2753' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2756' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x1b0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Event' : [ 0x20, ['_KEVENT']],
+    'CollidedEvent' : [ 0x38, ['_KEVENT']],
+    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
+    'ApcState' : [ 0x68, ['_KAPC_STATE']],
+    'Thread' : [ 0x98, ['pointer64', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0xa0, ['pointer64', ['_MMPFN']]],
+    'PteContents' : [ 0xa8, ['_MMPTE']],
+    'WaitCount' : [ 0xb0, ['long']],
+    'ByteCount' : [ 0xb4, ['unsigned long']],
+    'u3' : [ 0xb8, ['__unnamed_2753']],
+    'u1' : [ 0xbc, ['__unnamed_2756']],
+    'FilePointer' : [ 0xc0, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xc8, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0xc8, ['pointer64', ['_SUBSECTION']]],
+    'Autoboost' : [ 0xd0, ['pointer64', ['void']]],
+    'FaultingAddress' : [ 0xd8, ['pointer64', ['void']]],
+    'PointerPte' : [ 0xe0, ['pointer64', ['_MMPTE']]],
+    'BasePte' : [ 0xe8, ['pointer64', ['_MMPTE']]],
+    'Pfn' : [ 0xf0, ['pointer64', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0xf8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0x100, ['_MDL']],
+    'Page' : [ 0x130, ['array', 16, ['unsigned long long']]],
+    'FlowThrough' : [ 0x130, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x20, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'PaddingFor16ByteAlignment' : [ 0x8, ['unsigned long long']],
+    'CloneCommitCount' : [ 0x10, ['unsigned long long']],
+    'u1' : [ 0x10, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0x18, ['unsigned long long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1', 19: 'NotifyTransportRelationsChange', 20: 'NotifyEjectionRelationsChange', 21: 'ConfigureDevice', 22: 'ConfigureDeviceClass', 23: 'ConfigureDeviceExtensions', 24: 'ConfigureDeviceReset'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+    'ActivityId' : [ 0x38, ['_GUID']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'LowboxNumber' : [ 0x28, ['unsigned long']],
+    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x20, ['pointer64', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x28, ['long']],
+    'Active' : [ 0x2c, ['long']],
+    'FreeWhenDone' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_CFG_BITMAP_INFO' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'RegionSize' : [ 0x8, ['unsigned long long']],
+    'BitmapVad' : [ 0x10, ['pointer64', ['_MMVAD']]],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x80, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x48, ['pointer64', ['_ETHREAD']]],
+    'MirroringActive' : [ 0x50, ['unsigned long']],
+    'MirrorBitMaps' : [ 0x58, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'CrashDumpPte' : [ 0x78, ['pointer64', ['_MMPTE']]],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x30, ['pointer64', ['void']]],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'Index' : [ 0x60, ['unsigned short']],
+    'Flags' : [ 0x62, ['unsigned char']],
+    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'EnableMask' : [ 0x63, ['unsigned char']],
+    'GroupEnableMask' : [ 0x64, ['unsigned char']],
+    'UseDescriptorType' : [ 0x65, ['unsigned char']],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_HVIEW_MAP_PIN_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x40, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x3c, ['unsigned long']],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x60, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x8, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 59, native_type='unsigned long long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x118, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x90, ['pointer64', ['void']]],
+    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0xb0, ['pointer64', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
+    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
+    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0xf8, ['unsigned long long']],
+    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
+    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: 'LoadReasonStaticDependency', 1: 'LoadReasonStaticForwarderDependency', 2: 'LoadReasonDynamicForwarderDependency', 3: 'LoadReasonDelayloadDependency', 4: 'LoadReasonDynamicLoad', 5: 'LoadReasonAsImageLoad', 6: 'LoadReasonAsDataLoad', -1: 'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
+    'ReferenceCount' : [ 0x114, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'AllStacksInUse' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_DRIVER_VA' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'Hint' : [ 0x20, ['unsigned long']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x50, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0x18, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x1c, ['unsigned long']],
+    'LowestLink' : [ 0x20, ['unsigned long']],
+    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
+    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'LdrModulesPlaceHolder', 1: 'LdrModulesMapping', 2: 'LdrModulesMapped', 3: 'LdrModulesWaitingForDependencies', 4: 'LdrModulesSnapping', 5: 'LdrModulesSnapped', 6: 'LdrModulesCondensed', 7: 'LdrModulesReadyToInit', 8: 'LdrModulesInitializing', 9: 'LdrModulesReadyToRun', '\xfb': 'LdrModulesMerged', '\xfd': 'LdrModulesSnapError', '\xfc': 'LdrModulesInitError', -1: 'LdrModulesUnloading', '\xfe': 'LdrModulesUnloaded'})]],
+    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x48, ['unsigned long']],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1d0, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x1a8, ['_LIST_ENTRY']],
+    'Status' : [ 0x1b8, ['long']],
+    'FailedDevice' : [ 0x1c0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1c8, ['unsigned char']],
+    'Cancelled' : [ 0x1c9, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1ca, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1cb, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x10, {
+    'PreferredMask' : [ 0x0, ['unsigned long long']],
+    'AvailableMask' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '__unnamed_27d1' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_27d3' : [ 0x4, {
+    'NumberOfChildViews' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_27d5' : [ 0x4, {
+    'AlignmentNoAccessPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0x18, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0x18, ['pointer64', ['_MI_SUBSECTION_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0x18, ['pointer64', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x20, ['__unnamed_27d1']],
+    'StartingSector' : [ 0x24, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x28, ['unsigned long']],
+    'PtesInSubsection' : [ 0x2c, ['unsigned long']],
+    'u1' : [ 0x30, ['__unnamed_27d3']],
+    'UnusedPtes' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u2' : [ 0x34, ['__unnamed_27d5']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0xf8, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xa8, ['_UNICODE_STRING']],
+    'Latency' : [ 0xb8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xbc, ['unsigned long']],
+    'Power' : [ 0xc0, ['unsigned long']],
+    'StateFlags' : [ 0xc4, ['unsigned long']],
+    'VetoAccounting' : [ 0xc8, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0xf0, ['unsigned char']],
+    'InterruptsEnabled' : [ 0xf1, ['unsigned char']],
+    'Interruptible' : [ 0xf2, ['unsigned char']],
+    'ContextRetained' : [ 0xf3, ['unsigned char']],
+    'CacheCoherent' : [ 0xf4, ['unsigned char']],
+    'WakesSpuriously' : [ 0xf5, ['unsigned char']],
+    'PlatformOnly' : [ 0xf6, ['unsigned char']],
+    'NoCState' : [ 0xf7, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'DeadPteTrackerSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x10, ['unsigned long long']],
+    'MdlTrackerLookaside' : [ 0x40, ['_NPAGED_LOOKASIDE_LIST']],
+    'PteTrackingBitmap' : [ 0xc0, ['_RTL_BITMAP_EX']],
+    'CachedPteHeads' : [ 0xd0, ['pointer64', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xd8, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPages' : [ 0x138, ['unsigned char']],
+    'QueuedStacks' : [ 0x140, ['_SLIST_HEADER']],
+    'StackGrowthFailures' : [ 0x150, ['unsigned long']],
+    'TrackPtesAborted' : [ 0x154, ['unsigned char']],
+    'AdjustCounter' : [ 0x155, ['unsigned char']],
+    'QueuedStacksWorkItem' : [ 0x158, ['_MI_QUEUED_DEADSTACK_WORKITEM']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x18, ['long']],
+    'HighWaterMark' : [ 0x1c, ['unsigned long']],
+    'Reserved' : [ 0x20, ['array', 8, ['unsigned long']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2805' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x20, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
+    'NodeCount' : [ 0x8, ['unsigned long long']],
+    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x18, ['unsigned long']],
+    'u1' : [ 0x1c, ['__unnamed_2805']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned char']],
+    'DripsRequiredState' : [ 0xc, ['unsigned long']],
+    'Level' : [ 0x10, ['long']],
+    'ActiveStamp' : [ 0x18, ['long long']],
+    'CsActiveTime' : [ 0x20, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x28, ['long long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x38, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ISR_THUNK' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x2b0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x100, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x60, ['long']],
+    'ActiveEvent' : [ 0x68, ['_KEVENT']],
+    'IdleLock' : [ 0x80, ['unsigned long long']],
+    'IdleConditionComplete' : [ 0x88, ['long']],
+    'IdleStateComplete' : [ 0x8c, ['long']],
+    'IdleStamp' : [ 0x90, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x98, ['unsigned long']],
+    'IdleStateCount' : [ 0x9c, ['unsigned long']],
+    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
+    'ProviderCount' : [ 0xac, ['unsigned long']],
+    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
+    'DependentCount' : [ 0xbc, ['unsigned long']],
+    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0xf8, ['pointer64', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x38, {
+    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
+    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
+    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
+    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
+    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
+    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
+    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PROVIDER_BINARY_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x10, ['unsigned char']],
+    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0x14, ['unsigned long']],
+    'DebugId' : [ 0x18, ['_CVDD']],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'StackLimitHits' : [ 0x8038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
+    'TotalReleases' : [ 0x8048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
+    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
+    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8168, ['long']],
+    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: 'BugcheckStackLimits', 1: 'DPCStackLimits', 2: 'ExpandedStackLimits', 3: 'NormalStackLimits', 4: 'Win32kStackLimits', 5: 'SwapBusyStackLimits', 6: 'IsrStackLimits', 7: 'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
+    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x40, {
+    'PagesLoad' : [ 0x0, ['long long']],
+    'PagesAverage' : [ 0x8, ['unsigned long long']],
+    'AverageAvailablePages' : [ 0x10, ['unsigned long long']],
+    'PagesWritten' : [ 0x18, ['unsigned long long']],
+    'WritesIssued' : [ 0x20, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x24, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x28, ['unsigned long']],
+    'WriteBurstCount' : [ 0x2c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x30, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x38, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x3e, ['unsigned short']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_UOW' : [ 0x60, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x50, ['unsigned long']],
+    'OldValueCell' : [ 0x50, ['unsigned long']],
+    'NewValueCell' : [ 0x54, ['unsigned long']],
+    'UserFlags' : [ 0x50, ['unsigned long']],
+    'LastWriteTime' : [ 0x50, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x50, ['unsigned long']],
+    'OldChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x58, ['unsigned long']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2880' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2882' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2880']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2882']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_2897' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_2897']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_HVIEW_MAP_ENTRY' : [ 0x20, {
+    'ViewStart' : [ 0x0, ['pointer64', ['void']]],
+    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Bcb' : [ 0x8, ['pointer64', ['void']]],
+    'PinnedPages' : [ 0x10, ['unsigned long long']],
+    'Size' : [ 0x18, ['unsigned long']],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Lock' : [ 0x20, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x38, ['pointer64', ['void']]],
+    'Enabled' : [ 0x40, ['unsigned char']],
+    'ActiveEngaged' : [ 0x41, ['unsigned char']],
+    'ThrottleLimit' : [ 0x42, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x43, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x48, ['pointer64', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Interface' : [ 0x58, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'HashKey' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x520, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x508, ['unsigned long']],
+    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x510, ['unsigned long']],
+    'YieldCount' : [ 0x514, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COLORED_PAGE_INFO' : [ 0x18, {
+    'BeingZeroed' : [ 0x0, ['long']],
+    'Processor' : [ 0x4, ['unsigned long']],
+    'PagesQueued' : [ 0x8, ['unsigned long long']],
+    'PfnAllocation' : [ 0x10, ['pointer64', ['_MMPFN']]],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_MI_POOL_STATE' : [ 0xf8, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long long']],
+    'NonPagedPoolSListMaximum' : [ 0x8, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x18, ['unsigned long long']],
+    'BadPoolHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x28, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x2c, ['unsigned char']],
+    'PoolFailures' : [ 0x30, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x54, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x80, ['unsigned long long']],
+    'HighPagedPoolThreshold' : [ 0x88, ['unsigned long long']],
+    'PagedPoolSListMaximum' : [ 0x90, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x94, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0xa8, ['unsigned long long']],
+    'SpecialPoolRejected' : [ 0xb0, ['array', 9, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0xd8, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0xe0, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0xe4, ['unsigned long']],
+    'TotalPagedPoolQuota' : [ 0xe8, ['unsigned long long']],
+    'TotalNonPagedPoolQuota' : [ 0xf0, ['unsigned long long']],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x13c, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'OffloadedAudio' : [ 0x12d, ['unsigned char']],
+    'NonOffloadedAudio' : [ 0x12e, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12f, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsUserAwaySetting' : [ 0x134, ['unsigned char']],
+    'WiFiInStandby' : [ 0x138, ['unsigned long']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_DEFERRED_WRITE' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2911' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2913' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2911']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2913']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x58, {
+    'IoPfnLock' : [ 0x0, ['unsigned long long']],
+    'IoPfnRoot' : [ 0x8, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x20, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x30, ['unsigned long']],
+    'IoCacheStats' : [ 0x38, ['_MI_IO_CACHE_STATS']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_VF_AVL_TABLE' : [ 0xc0, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['long']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DeviceNode' : [ 0x30, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '__unnamed_292f' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2931' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_2937' : [ 0x10, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer64', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_293b' : [ 0x10, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x8, ['unsigned char']],
+} ],
+  '__unnamed_293d' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_292f']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2931']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2937']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_293b']],
+    'Others' : [ 0x0, ['__unnamed_293d']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
+    'Function' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long long']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x78, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x70, ['pointer64', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x38, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ActiveCooling' : [ 0x28, ['pointer64', ['void']]],
+    'PassiveCooling' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x28, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_PROC_PERF_CHECK' : [ 0xc0, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'Snap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'TempSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'TaggedThreadPercent' : [ 0xb8, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0xba, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0xbb, ['unsigned char']],
+} ],
+  '__unnamed_2956' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2958' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_295a' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_2956']],
+    'Interrupt' : [ 0x0, ['__unnamed_2958']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_2958']],
+    'Sci' : [ 0x0, ['__unnamed_2958']],
+    'Nmi' : [ 0x0, ['__unnamed_2958']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_295a']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x1d0, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'VerifyKernelPhaseOnResume' : [ 0x3, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x4, ['unsigned char']],
+    'InitializationFinished' : [ 0x5, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x30, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x50, ['unsigned long']],
+    'ClonedPageCount' : [ 0x58, ['unsigned long long']],
+    'CurrentMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x68, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x70, ['unsigned long long']],
+    'LoaderMdl' : [ 0x78, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x80, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x88, ['unsigned long long']],
+    'IoPages' : [ 0x90, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x98, ['unsigned long']],
+    'CurrentMcb' : [ 0xa0, ['pointer64', ['void']]],
+    'DumpStack' : [ 0xa8, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0xb0, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0xb8, ['unsigned long']],
+    'Status' : [ 0xbc, ['long']],
+    'GraphicsProc' : [ 0xc0, ['unsigned long']],
+    'MemoryImage' : [ 0xc8, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0xd8, ['pointer64', ['_MDL']]],
+    'SiLogOffset' : [ 0xe0, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0xe8, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0xf0, ['pointer64', ['void']]],
+    'ResumeContext' : [ 0xf8, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0x100, ['unsigned long']],
+    'SecurePages' : [ 0x104, ['unsigned long']],
+    'ProcessorCount' : [ 0x108, ['unsigned long']],
+    'ProcessorContext' : [ 0x110, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0x118, ['pointer64', ['unsigned char']]],
+    'ProdConsSize' : [ 0x120, ['unsigned long']],
+    'MaxDataPages' : [ 0x124, ['unsigned long']],
+    'ExtraBuffer' : [ 0x128, ['pointer64', ['void']]],
+    'ExtraBufferSize' : [ 0x130, ['unsigned long long']],
+    'ExtraMapVa' : [ 0x138, ['pointer64', ['void']]],
+    'BitlockerKeyPFN' : [ 0x140, ['unsigned long long']],
+    'IoInfo' : [ 0x148, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x1b8, ['pointer64', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x1c0, ['unsigned long long']],
+    'HardwareConfigurationSignature' : [ 0x1c8, ['unsigned long']],
+    'IumEnabled' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0xa0, {
+    'Component' : [ 0x0, ['pointer64', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x8, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x30, ['pointer64', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x38, ['unsigned long']],
+    'LastChangeStamp' : [ 0x40, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x48, ['unsigned char']],
+    'PepRegistered' : [ 0x49, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x4a, ['unsigned char']],
+    'RequestDriverContext' : [ 0x50, ['pointer64', ['void']]],
+    'WorkOrder' : [ 0x58, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x90, ['unsigned long']],
+    'Sets' : [ 0x98, ['pointer64', ['_POP_FX_PERF_SET']]],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'MpnId' : [ 0x8, ['unsigned short']],
+    'Node' : [ 0xa, ['unsigned short']],
+    'Channel' : [ 0xc, ['unsigned short']],
+    'IsPowerManageable' : [ 0xe, ['unsigned char']],
+    'DeepPowerState' : [ 0xf, ['unsigned char']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x178, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
+    'PointersLength' : [ 0x118, ['unsigned long']],
+    'ModulePrefix' : [ 0x120, ['pointer64', ['unsigned short']]],
+    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x138, ['_STRING']],
+    'ProgMsg' : [ 0x148, ['_STRING']],
+    'DoneMsg' : [ 0x158, ['_STRING']],
+    'FileObject' : [ 0x168, ['pointer64', ['void']]],
+    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
+    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
+    'Code' : [ 0x20, ['unsigned long']],
+    'Parameter1' : [ 0x28, ['unsigned long long']],
+    'Parameter2' : [ 0x30, ['unsigned long long']],
+    'Parameter3' : [ 0x38, ['unsigned long long']],
+    'Parameter4' : [ 0x40, ['unsigned long long']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x48, {
+    'ViewOffset' : [ 0x0, ['unsigned long']],
+    'Pinned' : [ 0x4, ['unsigned char']],
+    'PinMask' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_299a' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_299a']],
+} ],
+  '__unnamed_299e' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_299e']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_SUBSECTION_WAIT_BLOCK' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_SUBSECTION_WAIT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x3b0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long long']],
+    'HiberFlags' : [ 0x38, ['unsigned char']],
+    'spare' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'NoFreePages' : [ 0x48, ['unsigned long']],
+    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
+    'WakeCheck' : [ 0x50, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
+    'FirstSecureRestorePage' : [ 0x60, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x68, ['unsigned long long']],
+    'FirstKernelRestorePage' : [ 0x70, ['unsigned long long']],
+    'FirstChecksumRestorePage' : [ 0x78, ['unsigned long long']],
+    'NoChecksumEntries' : [ 0x80, ['unsigned long long']],
+    'PerfInfo' : [ 0x88, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x268, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x270, ['array', 1, ['unsigned long long']]],
+    'SiLogOffset' : [ 0x278, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x27c, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x280, ['array', 24, ['unsigned long long']]],
+    'NotUsed' : [ 0x340, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x344, ['unsigned long']],
+    'ResumeContextPages' : [ 0x348, ['unsigned long']],
+    'Hiberboot' : [ 0x34c, ['unsigned char']],
+    'HvCr3' : [ 0x350, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x358, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x360, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x368, ['unsigned long long']],
+    'BootFlags' : [ 0x370, ['unsigned long long']],
+    'HalEntryPointPhysical' : [ 0x378, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x380, ['unsigned long long']],
+    'BitlockerKeyPfns' : [ 0x388, ['array', 4, ['unsigned long long']]],
+    'HardwareSignature' : [ 0x3a8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned short']],
+    'Flags' : [ 0x16, ['unsigned short']],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1e0, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x48, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x4c, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x50, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x58, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x60, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x68, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x78, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x80, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xc8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xd0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xd8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xe0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xe8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0xf0, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0xf8, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x100, ['unsigned long long']],
+    'IoBoundedness' : [ 0x108, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x110, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x118, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x120, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x128, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x130, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x138, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x140, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x148, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x150, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x158, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x160, ['unsigned long long']],
+    'AnimationStart' : [ 0x168, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x170, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x178, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x180, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x188, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x190, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x198, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1a0, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1a8, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1b0, ['unsigned long long']],
+    'BytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'PagesWritten' : [ 0x1c0, ['unsigned long']],
+    'FileRuns' : [ 0x1c4, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1c8, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1cc, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1d0, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1d8, ['unsigned long long']],
+} ],
+  '_MI_QUEUED_DEADSTACK_WORKITEM' : [ 0x28, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x38, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long long']]],
+    'InitialInPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x10, ['pointer64', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['_RTL_BALANCED_NODE']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
+    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
+    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'CopyTicks' : [ 0x20, ['unsigned long long']],
+    'CompressTicks' : [ 0x28, ['unsigned long long']],
+    'BytesCopied' : [ 0x30, ['unsigned long long']],
+    'PagesProcessed' : [ 0x38, ['unsigned long long']],
+    'DecompressTicks' : [ 0x40, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x78, ['unsigned long']],
+    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x20, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_MI_DYNAMIC_BITMAP' : [ 0x50, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'MaximumSize' : [ 0x10, ['unsigned long long']],
+    'Hint' : [ 0x18, ['unsigned long long']],
+    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
+    'SizeTopDown' : [ 0x28, ['unsigned long long']],
+    'HintTopDown' : [ 0x30, ['unsigned long long']],
+    'BaseVaTopDown' : [ 0x38, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+    'Vm' : [ 0x48, ['pointer64', ['_MMSUPPORT']]],
+} ],
+  '_POP_IO_INFO' : [ 0x70, {
+    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'IoReady', 1: 'IoPending', 2: 'IoDone'})]],
+    'IoStartCount' : [ 0x10, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
+    'RequestSize' : [ 0x28, ['unsigned long long']],
+    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x38, ['unsigned long long']],
+    'Buffer' : [ 0x40, ['pointer64', ['void']]],
+    'AsyncCapable' : [ 0x48, ['unsigned char']],
+    'BytesToRead' : [ 0x50, ['unsigned long long']],
+    'Pages' : [ 0x58, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x60, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x68, ['unsigned short']],
+} ],
+  '_LDRP_CSLIST' : [ 0x8, {
+    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer64', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '__unnamed_29dd' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_29df' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29e2' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_29e6' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'ApicDestinationModePhysical', 2: 'ApicDestinationModeLogicalFlat', 3: 'ApicDestinationModeLogicalClustered', 4: 'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x58, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptTypeControllerInput', 1: 'InterruptTypeXapicMessage', 2: 'InterruptTypeHypertransport', 3: 'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x38, ['__unnamed_29dd']],
+    'HvDeviceId' : [ 0x40, ['unsigned long long']],
+    'XapicMessage' : [ 0x48, ['__unnamed_29df']],
+    'Hypertransport' : [ 0x48, ['__unnamed_29e2']],
+    'GenericMessage' : [ 0x48, ['__unnamed_29df']],
+    'MessageRequest' : [ 0x48, ['__unnamed_29e6']],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_29f4' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['pointer64', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_29f6' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x30, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'Unit' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateUnitOther', 1: 'PoFxPerfStateUnitFrequency', 2: 'PoFxPerfStateUnitBandwidth', 3: 'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateTypeDiscrete', 1: 'PoFxPerfStateTypeRange', 2: 'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x20, ['__unnamed_29f4']],
+    'Range' : [ 0x20, ['__unnamed_29f6']],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2a07' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a09' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2a0b' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2a07']],
+    'Gpt' : [ 0x0, ['__unnamed_2a09']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
+    'HiberResume' : [ 0x6a, ['unsigned char']],
+    'Reserved1' : [ 0x6b, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_2a0b']],
+    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
+    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
+    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x20, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long long']],
+    'ActiveCacheMatch' : [ 0x8, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x14, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x30, ['unsigned short']],
+    'ReplyIndex' : [ 0x32, ['unsigned short']],
+    'Flags' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_KDPC_LIST' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x178, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'EtwNotificationTypeNoReply', 2: 'EtwNotificationTypeLegacyEnable', 3: 'EtwNotificationTypeEnable', 4: 'EtwNotificationTypePrivateLogger', 5: 'EtwNotificationTypePerflib', 6: 'EtwNotificationTypeAudio', 7: 'EtwNotificationTypeSession', 8: 'EtwNotificationTypeReserved', 9: 'EtwNotificationTypeCredentialUI', 10: 'EtwNotificationTypeInProcSession', 11: 'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '__unnamed_2a42' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a44' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2a42']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2a47' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a49' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2a47']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2a44']],
+    'HighPart' : [ 0x4, ['__unnamed_2a49']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '__unnamed_2a57' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x30, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SessionId' : [ 0x18, ['unsigned long']],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x20, ['pointer64', ['_MMPTE']]],
+    'u2' : [ 0x28, ['__unnamed_2a57']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2a5d' : [ 0x8, {
+    'MessageAddressLow' : [ 0x0, ['unsigned long']],
+    'MessageData' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+} ],
+  '__unnamed_2a5f' : [ 0x8, {
+    'RemappedFormat' : [ 0x0, ['_ULARGE_INTEGER']],
+    'Msi' : [ 0x0, ['__unnamed_2a5d']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_2a5f']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x8, ['pointer64', ['unsigned short']]],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+} ],
+}

From b808995ce55086274537c092433221795dc2bd21 Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Wed, 7 Sep 2016 10:11:16 -0400
Subject: [PATCH 023/304] readme update

---
 README.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.txt b/README.txt
index 51ea50816..ac4cdbba2 100644
--- a/README.txt
+++ b/README.txt
@@ -168,6 +168,7 @@ VistaSP2x64       - A Profile for Windows Vista SP2 x64
 VistaSP2x86       - A Profile for Windows Vista SP2 x86
 Win10x64          - A Profile for Windows 10 x64
 Win10x64_1AC738FB - A Profile for Windows 10 x64 from PDB 1AC738FB
+Win10x64_DDA2B209 - A Profile for Windows 10 x64 from PDB DDA2B209
 Win10x86          - A Profile for Windows 10 x86
 Win10x86_44B89EEA - A Profile for Windows 10 x86 from PDB 44B89EEA
 Win2003SP0x86     - A Profile for Windows 2003 SP0 x86

From 1a60a710342a5d0186b6afa1d3359234febbc48c Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Wed, 7 Sep 2016 17:44:08 -0400
Subject: [PATCH 024/304] reverting 6e51c593ead725400c633e08d65271d9e1073fd1

---
 README.txt                                    |     1 -
 volatility/plugins/overlays/windows/win10.py  |    13 +-
 .../windows/win10_x64_DDA2B209_vtypes.py      | 13258 ----------------
 3 files changed, 2 insertions(+), 13270 deletions(-)
 delete mode 100644 volatility/plugins/overlays/windows/win10_x64_DDA2B209_vtypes.py

diff --git a/README.txt b/README.txt
index ac4cdbba2..51ea50816 100644
--- a/README.txt
+++ b/README.txt
@@ -168,7 +168,6 @@ VistaSP2x64       - A Profile for Windows Vista SP2 x64
 VistaSP2x86       - A Profile for Windows Vista SP2 x86
 Win10x64          - A Profile for Windows 10 x64
 Win10x64_1AC738FB - A Profile for Windows 10 x64 from PDB 1AC738FB
-Win10x64_DDA2B209 - A Profile for Windows 10 x64 from PDB DDA2B209
 Win10x86          - A Profile for Windows 10 x86
 Win10x86_44B89EEA - A Profile for Windows 10 x86 from PDB 44B89EEA
 Win2003SP0x86     - A Profile for Windows 2003 SP0 x86
diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 2626127fb..aa033d3e6 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -385,7 +385,7 @@ def modification(self, profile):
         metadata = profile.metadata
         build = metadata.get("build", 0)
 
-        if build >= 10240:
+        if build == 10240:
             header = _OBJECT_HEADER_10_1AC738FB
         else:
             header = _OBJECT_HEADER_10
@@ -397,7 +397,7 @@ class Win10PoolHeader(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows',
                   'major': lambda x: x == 6,
                   'minor': lambda x: x == 4,
-                  'build': lambda x: x >= 10240}
+                  'build': lambda x: x == 10240}
 
     def modification(self, profile):
 
@@ -448,15 +448,6 @@ class Win10x64_1AC738FB(obj.Profile):
     _md_build = 10240
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_1AC738FB_vtypes'
 
-class Win10x64_DDA2B209(obj.Profile):
-    """ A Profile for Windows 10 x64 from PDB DDA2B209"""
-    _md_memory_model = '64bit'
-    _md_os = 'windows'
-    _md_major = 6
-    _md_minor = 4
-    _md_build = 10241
-    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_DDA2B209_vtypes'
-
 class Win10x86(obj.Profile):
     """ A Profile for Windows 10 x86 """
     _md_memory_model = '32bit'
diff --git a/volatility/plugins/overlays/windows/win10_x64_DDA2B209_vtypes.py b/volatility/plugins/overlays/windows/win10_x64_DDA2B209_vtypes.py
deleted file mode 100644
index 19868e643..000000000
--- a/volatility/plugins/overlays/windows/win10_x64_DDA2B209_vtypes.py
+++ /dev/null
@@ -1,13258 +0,0 @@
-ntkrnlmp_types = {
-  'LIST_ENTRY64' : [ 0x10, {
-    'Flink' : [ 0x0, ['unsigned long long']],
-    'Blink' : [ 0x8, ['unsigned long long']],
-} ],
-  'LIST_ENTRY32' : [ 0x8, {
-    'Flink' : [ 0x0, ['unsigned long']],
-    'Blink' : [ 0x4, ['unsigned long']],
-} ],
-  '_KUSER_SHARED_DATA' : [ 0x708, {
-    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
-    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
-    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
-    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
-    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
-    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
-    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
-    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
-    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
-    'CryptoExponent' : [ 0x23c, ['unsigned long']],
-    'TimeZoneId' : [ 0x240, ['unsigned long']],
-    'LargePageMinimum' : [ 0x244, ['unsigned long']],
-    'AitSamplingValue' : [ 0x248, ['unsigned long']],
-    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
-    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
-    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
-    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
-    'NtBuildNumber' : [ 0x260, ['unsigned long']],
-    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
-    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
-    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
-    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
-    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
-    'NtMinorVersion' : [ 0x270, ['unsigned long']],
-    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
-    'Reserved1' : [ 0x2b4, ['unsigned long']],
-    'Reserved3' : [ 0x2b8, ['unsigned long']],
-    'TimeSlip' : [ 0x2bc, ['unsigned long']],
-    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
-    'BootId' : [ 0x2c4, ['unsigned long']],
-    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
-    'SuiteMask' : [ 0x2d0, ['unsigned long']],
-    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
-    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
-    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
-    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
-    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
-    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
-    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
-    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
-    'DismountCount' : [ 0x2dc, ['unsigned long']],
-    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
-    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
-    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
-    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
-    'Reserved12' : [ 0x2ed, ['array', 3, ['unsigned char']]],
-    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
-    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
-    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
-    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
-    'QpcFrequency' : [ 0x300, ['long long']],
-    'SystemCall' : [ 0x308, ['unsigned long']],
-    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
-    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
-    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
-    'TickCountQuad' : [ 0x320, ['unsigned long long']],
-    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
-    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
-    'Cookie' : [ 0x330, ['unsigned long']],
-    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
-    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
-    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
-    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
-    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
-    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
-    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
-    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
-    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
-    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
-    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
-    'Reserved8' : [ 0x37c, ['unsigned long']],
-    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
-    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
-    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
-    'Reserved4' : [ 0x3a8, ['unsigned long long']],
-    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
-    'QpcBias' : [ 0x3b8, ['unsigned long long']],
-    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
-    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
-    'Reserved9' : [ 0x3c5, ['unsigned char']],
-    'QpcData' : [ 0x3c6, ['unsigned short']],
-    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
-    'QpcShift' : [ 0x3c7, ['unsigned char']],
-    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
-    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
-    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
-} ],
-  '__unnamed_1080' : [ 0x8, {
-    'LowPart' : [ 0x0, ['unsigned long']],
-    'HighPart' : [ 0x4, ['unsigned long']],
-} ],
-  '_ULARGE_INTEGER' : [ 0x8, {
-    'LowPart' : [ 0x0, ['unsigned long']],
-    'HighPart' : [ 0x4, ['unsigned long']],
-    'u' : [ 0x0, ['__unnamed_1080']],
-    'QuadPart' : [ 0x0, ['unsigned long long']],
-} ],
-  '__unnamed_1098' : [ 0x4, {
-    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '__unnamed_109a' : [ 0x4, {
-    'Flags' : [ 0x0, ['unsigned long']],
-    's' : [ 0x0, ['__unnamed_1098']],
-} ],
-  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
-    'Version' : [ 0x0, ['unsigned long']],
-    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
-    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
-    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
-    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
-    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
-    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
-    'u' : [ 0x38, ['__unnamed_109a']],
-    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_COUNT'})]],
-    'Size' : [ 0x40, ['unsigned long']],
-} ],
-  '_TEB' : [ 0x1838, {
-    'NtTib' : [ 0x0, ['_NT_TIB']],
-    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
-    'ClientId' : [ 0x40, ['_CLIENT_ID']],
-    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
-    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
-    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
-    'LastErrorValue' : [ 0x68, ['unsigned long']],
-    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
-    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
-    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
-    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
-    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
-    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
-    'CurrentLocale' : [ 0x108, ['unsigned long']],
-    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
-    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['pointer64', ['void']]]],
-    'SystemReserved1' : [ 0x190, ['array', 38, ['pointer64', ['void']]]],
-    'ExceptionCode' : [ 0x2c0, ['long']],
-    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
-    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
-    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
-    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
-    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
-    'TxFsContext' : [ 0x2e8, ['unsigned long']],
-    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
-    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
-    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
-    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
-    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
-    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
-    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
-    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
-    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
-    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
-    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
-    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
-    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
-    'glSection' : [ 0x1230, ['pointer64', ['void']]],
-    'glTable' : [ 0x1238, ['pointer64', ['void']]],
-    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
-    'glContext' : [ 0x1248, ['pointer64', ['void']]],
-    'LastStatusValue' : [ 0x1250, ['unsigned long']],
-    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
-    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
-    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
-    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
-    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
-    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
-    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
-    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
-    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
-    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
-    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
-    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
-    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
-    'ActivityId' : [ 0x1710, ['_GUID']],
-    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
-    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
-    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
-    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
-    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
-    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
-    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
-    'ReservedPad0' : [ 0x1744, ['unsigned char']],
-    'ReservedPad1' : [ 0x1745, ['unsigned char']],
-    'ReservedPad2' : [ 0x1746, ['unsigned char']],
-    'IdealProcessor' : [ 0x1747, ['unsigned char']],
-    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
-    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
-    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
-    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
-    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
-    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
-    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
-    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
-    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
-    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
-    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
-    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
-    'MuiGeneration' : [ 0x1798, ['unsigned long']],
-    'IsImpersonating' : [ 0x179c, ['unsigned long']],
-    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
-    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
-    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
-    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
-    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
-    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
-    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
-    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
-    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
-    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
-    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
-    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
-    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
-    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
-    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
-    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
-    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
-    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
-    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
-    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
-    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
-    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
-    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
-    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
-    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
-    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
-    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
-    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
-    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
-    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
-    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
-    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
-    'LockCount' : [ 0x1808, ['unsigned long']],
-    'WowTebOffset' : [ 0x180c, ['long']],
-    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
-    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
-    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
-    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
-} ],
-  '_LIST_ENTRY' : [ 0x10, {
-    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
-    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
-} ],
-  '_SINGLE_LIST_ENTRY' : [ 0x8, {
-    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
-} ],
-  '_RTL_SPLAY_LINKS' : [ 0x18, {
-    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
-    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
-    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
-} ],
-  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
-    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
-    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
-    'Signature' : [ 0x10, ['unsigned long long']],
-} ],
-  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
-    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
-    'CurEntry' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
-    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
-    'BucketIndex' : [ 0x20, ['unsigned long']],
-} ],
-  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
-    'Flags' : [ 0x0, ['unsigned long']],
-    'Shift' : [ 0x4, ['unsigned long']],
-    'TableSize' : [ 0x8, ['unsigned long']],
-    'Pivot' : [ 0xc, ['unsigned long']],
-    'DivisorMask' : [ 0x10, ['unsigned long']],
-    'NumEntries' : [ 0x14, ['unsigned long']],
-    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
-    'NumEnumerators' : [ 0x1c, ['unsigned long']],
-    'Directory' : [ 0x20, ['pointer64', ['void']]],
-} ],
-  '_UNICODE_STRING' : [ 0x10, {
-    'Length' : [ 0x0, ['unsigned short']],
-    'MaximumLength' : [ 0x2, ['unsigned short']],
-    'Buffer' : [ 0x8, ['pointer64', ['unsigned short']]],
-} ],
-  '_STRING' : [ 0x10, {
-    'Length' : [ 0x0, ['unsigned short']],
-    'MaximumLength' : [ 0x2, ['unsigned short']],
-    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
-} ],
-  '__unnamed_1108' : [ 0x8, {
-    'LowPart' : [ 0x0, ['unsigned long']],
-    'HighPart' : [ 0x4, ['long']],
-} ],
-  '_LARGE_INTEGER' : [ 0x8, {
-    'LowPart' : [ 0x0, ['unsigned long']],
-    'HighPart' : [ 0x4, ['long']],
-    'u' : [ 0x0, ['__unnamed_1108']],
-    'QuadPart' : [ 0x0, ['long long']],
-} ],
-  '_RTL_BITMAP' : [ 0x10, {
-    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
-    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
-} ],
-  '_LUID' : [ 0x8, {
-    'LowPart' : [ 0x0, ['unsigned long']],
-    'HighPart' : [ 0x4, ['long']],
-} ],
-  '_IMAGE_NT_HEADERS64' : [ 0x108, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
-    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
-} ],
-  '_IMAGE_DOS_HEADER' : [ 0x40, {
-    'e_magic' : [ 0x0, ['unsigned short']],
-    'e_cblp' : [ 0x2, ['unsigned short']],
-    'e_cp' : [ 0x4, ['unsigned short']],
-    'e_crlc' : [ 0x6, ['unsigned short']],
-    'e_cparhdr' : [ 0x8, ['unsigned short']],
-    'e_minalloc' : [ 0xa, ['unsigned short']],
-    'e_maxalloc' : [ 0xc, ['unsigned short']],
-    'e_ss' : [ 0xe, ['unsigned short']],
-    'e_sp' : [ 0x10, ['unsigned short']],
-    'e_csum' : [ 0x12, ['unsigned short']],
-    'e_ip' : [ 0x14, ['unsigned short']],
-    'e_cs' : [ 0x16, ['unsigned short']],
-    'e_lfarlc' : [ 0x18, ['unsigned short']],
-    'e_ovno' : [ 0x1a, ['unsigned short']],
-    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
-    'e_oemid' : [ 0x24, ['unsigned short']],
-    'e_oeminfo' : [ 0x26, ['unsigned short']],
-    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
-    'e_lfanew' : [ 0x3c, ['long']],
-} ],
-  '_RTL_RB_TREE' : [ 0x10, {
-    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
-    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
-} ],
-  '_RTL_BALANCED_NODE' : [ 0x18, {
-    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
-    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
-    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
-    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
-    'ParentValue' : [ 0x10, ['unsigned long long']],
-} ],
-  '_RTL_AVL_TREE' : [ 0x8, {
-    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
-} ],
-  '_GUID' : [ 0x10, {
-    'Data1' : [ 0x0, ['unsigned long']],
-    'Data2' : [ 0x4, ['unsigned short']],
-    'Data3' : [ 0x6, ['unsigned short']],
-    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
-} ],
-  '_KPCR' : [ 0x6a80, {
-    'NtTib' : [ 0x0, ['_NT_TIB']],
-    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
-    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
-    'UserRsp' : [ 0x10, ['unsigned long long']],
-    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
-    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
-    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
-    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
-    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
-    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
-    'Irql' : [ 0x50, ['unsigned char']],
-    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
-    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
-    'Fill0' : [ 0x53, ['unsigned char']],
-    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
-    'MajorVersion' : [ 0x60, ['unsigned short']],
-    'MinorVersion' : [ 0x62, ['unsigned short']],
-    'StallScaleFactor' : [ 0x64, ['unsigned long']],
-    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
-    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
-    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
-    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
-    'Unused2' : [ 0x100, ['unsigned long']],
-    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
-    'Unused3' : [ 0x110, ['pointer64', ['void']]],
-    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
-    'Prcb' : [ 0x180, ['_KPRCB']],
-} ],
-  '_KPRCB' : [ 0x6900, {
-    'MxCsr' : [ 0x0, ['unsigned long']],
-    'LegacyNumber' : [ 0x4, ['unsigned char']],
-    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
-    'InterruptRequest' : [ 0x6, ['unsigned char']],
-    'IdleHalt' : [ 0x7, ['unsigned char']],
-    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
-    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
-    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
-    'NestingLevel' : [ 0x20, ['unsigned char']],
-    'ClockOwner' : [ 0x21, ['unsigned char']],
-    'PendingTickFlags' : [ 0x22, ['unsigned char']],
-    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'IdleState' : [ 0x23, ['unsigned char']],
-    'Number' : [ 0x24, ['unsigned long']],
-    'RspBase' : [ 0x28, ['unsigned long long']],
-    'PrcbLock' : [ 0x30, ['unsigned long long']],
-    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
-    'ProcessorState' : [ 0x40, ['_KPROCESSOR_STATE']],
-    'CpuType' : [ 0x5f0, ['unsigned char']],
-    'CpuID' : [ 0x5f1, ['unsigned char']],
-    'CpuStep' : [ 0x5f2, ['unsigned short']],
-    'CpuStepping' : [ 0x5f2, ['unsigned char']],
-    'CpuModel' : [ 0x5f3, ['unsigned char']],
-    'MHz' : [ 0x5f4, ['unsigned long']],
-    'HalReserved' : [ 0x5f8, ['array', 8, ['unsigned long long']]],
-    'MinorVersion' : [ 0x638, ['unsigned short']],
-    'MajorVersion' : [ 0x63a, ['unsigned short']],
-    'BuildType' : [ 0x63c, ['unsigned char']],
-    'CpuVendor' : [ 0x63d, ['unsigned char']],
-    'CoresPerPhysicalProcessor' : [ 0x63e, ['unsigned char']],
-    'LogicalProcessorsPerCore' : [ 0x63f, ['unsigned char']],
-    'ParentNode' : [ 0x640, ['pointer64', ['_KNODE']]],
-    'GroupSetMember' : [ 0x648, ['unsigned long long']],
-    'Group' : [ 0x650, ['unsigned char']],
-    'GroupIndex' : [ 0x651, ['unsigned char']],
-    'PrcbPad05' : [ 0x652, ['array', 2, ['unsigned char']]],
-    'InitialApicId' : [ 0x654, ['unsigned long']],
-    'ScbOffset' : [ 0x658, ['unsigned long']],
-    'ApicMask' : [ 0x65c, ['unsigned long']],
-    'AcpiReserved' : [ 0x660, ['pointer64', ['void']]],
-    'CFlushSize' : [ 0x668, ['unsigned long']],
-    'PrcbPad10' : [ 0x66c, ['unsigned long']],
-    'LockQueue' : [ 0x670, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
-    'PPLookasideList' : [ 0x780, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
-    'PPNxPagedLookasideList' : [ 0x880, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
-    'PPNPagedLookasideList' : [ 0x1480, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
-    'PPPagedLookasideList' : [ 0x2080, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
-    'PrcbPad20' : [ 0x2c80, ['unsigned long long']],
-    'DeferredReadyListHead' : [ 0x2c88, ['_SINGLE_LIST_ENTRY']],
-    'MmPageFaultCount' : [ 0x2c90, ['long']],
-    'MmCopyOnWriteCount' : [ 0x2c94, ['long']],
-    'MmTransitionCount' : [ 0x2c98, ['long']],
-    'MmDemandZeroCount' : [ 0x2c9c, ['long']],
-    'MmPageReadCount' : [ 0x2ca0, ['long']],
-    'MmPageReadIoCount' : [ 0x2ca4, ['long']],
-    'MmDirtyPagesWriteCount' : [ 0x2ca8, ['long']],
-    'MmDirtyWriteIoCount' : [ 0x2cac, ['long']],
-    'MmMappedPagesWriteCount' : [ 0x2cb0, ['long']],
-    'MmMappedWriteIoCount' : [ 0x2cb4, ['long']],
-    'KeSystemCalls' : [ 0x2cb8, ['unsigned long']],
-    'KeContextSwitches' : [ 0x2cbc, ['unsigned long']],
-    'LdtSelector' : [ 0x2cc0, ['unsigned short']],
-    'PrcbPad40' : [ 0x2cc2, ['unsigned short']],
-    'CcFastReadNoWait' : [ 0x2cc4, ['unsigned long']],
-    'CcFastReadWait' : [ 0x2cc8, ['unsigned long']],
-    'CcFastReadNotPossible' : [ 0x2ccc, ['unsigned long']],
-    'CcCopyReadNoWait' : [ 0x2cd0, ['unsigned long']],
-    'CcCopyReadWait' : [ 0x2cd4, ['unsigned long']],
-    'CcCopyReadNoWaitMiss' : [ 0x2cd8, ['unsigned long']],
-    'IoReadOperationCount' : [ 0x2cdc, ['long']],
-    'IoWriteOperationCount' : [ 0x2ce0, ['long']],
-    'IoOtherOperationCount' : [ 0x2ce4, ['long']],
-    'IoReadTransferCount' : [ 0x2ce8, ['_LARGE_INTEGER']],
-    'IoWriteTransferCount' : [ 0x2cf0, ['_LARGE_INTEGER']],
-    'IoOtherTransferCount' : [ 0x2cf8, ['_LARGE_INTEGER']],
-    'PacketBarrier' : [ 0x2d00, ['long']],
-    'TargetCount' : [ 0x2d04, ['long']],
-    'IpiFrozen' : [ 0x2d08, ['unsigned long']],
-    'IsrDpcStats' : [ 0x2d10, ['pointer64', ['void']]],
-    'DeviceInterrupts' : [ 0x2d18, ['unsigned long']],
-    'LookasideIrpFloat' : [ 0x2d1c, ['long']],
-    'InterruptLastCount' : [ 0x2d20, ['unsigned long']],
-    'InterruptRate' : [ 0x2d24, ['unsigned long']],
-    'PrcbPad41' : [ 0x2d28, ['array', 22, ['unsigned long']]],
-    'DpcData' : [ 0x2d80, ['array', 2, ['_KDPC_DATA']]],
-    'DpcStack' : [ 0x2dd0, ['pointer64', ['void']]],
-    'MaximumDpcQueueDepth' : [ 0x2dd8, ['long']],
-    'DpcRequestRate' : [ 0x2ddc, ['unsigned long']],
-    'MinimumDpcRate' : [ 0x2de0, ['unsigned long']],
-    'DpcLastCount' : [ 0x2de4, ['unsigned long']],
-    'ThreadDpcEnable' : [ 0x2de8, ['unsigned char']],
-    'QuantumEnd' : [ 0x2de9, ['unsigned char']],
-    'DpcRoutineActive' : [ 0x2dea, ['unsigned char']],
-    'IdleSchedule' : [ 0x2deb, ['unsigned char']],
-    'DpcRequestSummary' : [ 0x2dec, ['long']],
-    'DpcRequestSlot' : [ 0x2dec, ['array', 2, ['short']]],
-    'NormalDpcState' : [ 0x2dec, ['short']],
-    'ThreadDpcState' : [ 0x2dee, ['short']],
-    'DpcNormalProcessingActive' : [ 0x2dec, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'DpcNormalProcessingRequested' : [ 0x2dec, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'DpcNormalThreadSignal' : [ 0x2dec, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'DpcNormalTimerExpiration' : [ 0x2dec, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'DpcNormalDpcPresent' : [ 0x2dec, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'DpcNormalLocalInterrupt' : [ 0x2dec, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'DpcNormalSpare' : [ 0x2dec, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
-    'DpcThreadActive' : [ 0x2dec, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'DpcThreadRequested' : [ 0x2dec, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'DpcThreadSpare' : [ 0x2dec, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
-    'LastTimerHand' : [ 0x2df0, ['unsigned long']],
-    'LastTick' : [ 0x2df4, ['unsigned long']],
-    'ClockInterrupts' : [ 0x2df8, ['unsigned long']],
-    'ReadyScanTick' : [ 0x2dfc, ['unsigned long']],
-    'InterruptObject' : [ 0x2e00, ['array', 256, ['pointer64', ['void']]]],
-    'TimerTable' : [ 0x3600, ['_KTIMER_TABLE']],
-    'DpcGate' : [ 0x5800, ['_KGATE']],
-    'PrcbPad52' : [ 0x5818, ['pointer64', ['void']]],
-    'CallDpc' : [ 0x5820, ['_KDPC']],
-    'ClockKeepAlive' : [ 0x5860, ['long']],
-    'PrcbPad60' : [ 0x5864, ['array', 2, ['unsigned char']]],
-    'NmiActive' : [ 0x5866, ['unsigned short']],
-    'DpcWatchdogPeriod' : [ 0x5868, ['long']],
-    'DpcWatchdogCount' : [ 0x586c, ['long']],
-    'KeSpinLockOrdering' : [ 0x5870, ['long']],
-    'PrcbPad70' : [ 0x5874, ['array', 1, ['unsigned long']]],
-    'CachedPtes' : [ 0x5878, ['pointer64', ['void']]],
-    'WaitListHead' : [ 0x5880, ['_LIST_ENTRY']],
-    'WaitLock' : [ 0x5890, ['unsigned long long']],
-    'ReadySummary' : [ 0x5898, ['unsigned long']],
-    'AffinitizedSelectionMask' : [ 0x589c, ['long']],
-    'QueueIndex' : [ 0x58a0, ['unsigned long']],
-    'PrcbPad75' : [ 0x58a4, ['array', 3, ['unsigned long']]],
-    'TimerExpirationDpc' : [ 0x58b0, ['_KDPC']],
-    'ScbQueue' : [ 0x58f0, ['_RTL_RB_TREE']],
-    'DispatcherReadyListHead' : [ 0x5900, ['array', 32, ['_LIST_ENTRY']]],
-    'InterruptCount' : [ 0x5b00, ['unsigned long']],
-    'KernelTime' : [ 0x5b04, ['unsigned long']],
-    'UserTime' : [ 0x5b08, ['unsigned long']],
-    'DpcTime' : [ 0x5b0c, ['unsigned long']],
-    'InterruptTime' : [ 0x5b10, ['unsigned long']],
-    'AdjustDpcThreshold' : [ 0x5b14, ['unsigned long']],
-    'DebuggerSavedIRQL' : [ 0x5b18, ['unsigned char']],
-    'GroupSchedulingOverQuota' : [ 0x5b19, ['unsigned char']],
-    'DeepSleep' : [ 0x5b1a, ['unsigned char']],
-    'PrcbPad80' : [ 0x5b1b, ['array', 5, ['unsigned char']]],
-    'DpcTimeCount' : [ 0x5b20, ['unsigned long']],
-    'DpcTimeLimit' : [ 0x5b24, ['unsigned long']],
-    'PeriodicCount' : [ 0x5b28, ['unsigned long']],
-    'PeriodicBias' : [ 0x5b2c, ['unsigned long']],
-    'AvailableTime' : [ 0x5b30, ['unsigned long']],
-    'KeExceptionDispatchCount' : [ 0x5b34, ['unsigned long']],
-    'StartCycles' : [ 0x5b38, ['unsigned long long']],
-    'TaggedCyclesStart' : [ 0x5b40, ['unsigned long long']],
-    'TaggedCycles' : [ 0x5b48, ['array', 2, ['unsigned long long']]],
-    'GenerationTarget' : [ 0x5b58, ['unsigned long long']],
-    'AffinitizedCycles' : [ 0x5b60, ['unsigned long long']],
-    'PrcbPad81' : [ 0x5b68, ['array', 29, ['unsigned long']]],
-    'MmSpinLockOrdering' : [ 0x5bdc, ['long']],
-    'PageColor' : [ 0x5be0, ['unsigned long']],
-    'NodeColor' : [ 0x5be4, ['unsigned long']],
-    'NodeShiftedColor' : [ 0x5be8, ['unsigned long']],
-    'SecondaryColorMask' : [ 0x5bec, ['unsigned long']],
-    'PrcbPad83' : [ 0x5bf0, ['unsigned long']],
-    'CycleTime' : [ 0x5bf8, ['unsigned long long']],
-    'Cycles' : [ 0x5c00, ['array', 4, ['array', 2, ['unsigned long long']]]],
-    'PrcbPad84' : [ 0x5c40, ['array', 16, ['unsigned long']]],
-    'CcFastMdlReadNoWait' : [ 0x5c80, ['unsigned long']],
-    'CcFastMdlReadWait' : [ 0x5c84, ['unsigned long']],
-    'CcFastMdlReadNotPossible' : [ 0x5c88, ['unsigned long']],
-    'CcMapDataNoWait' : [ 0x5c8c, ['unsigned long']],
-    'CcMapDataWait' : [ 0x5c90, ['unsigned long']],
-    'CcPinMappedDataCount' : [ 0x5c94, ['unsigned long']],
-    'CcPinReadNoWait' : [ 0x5c98, ['unsigned long']],
-    'CcPinReadWait' : [ 0x5c9c, ['unsigned long']],
-    'CcMdlReadNoWait' : [ 0x5ca0, ['unsigned long']],
-    'CcMdlReadWait' : [ 0x5ca4, ['unsigned long']],
-    'CcLazyWriteHotSpots' : [ 0x5ca8, ['unsigned long']],
-    'CcLazyWriteIos' : [ 0x5cac, ['unsigned long']],
-    'CcLazyWritePages' : [ 0x5cb0, ['unsigned long']],
-    'CcDataFlushes' : [ 0x5cb4, ['unsigned long']],
-    'CcDataPages' : [ 0x5cb8, ['unsigned long']],
-    'CcLostDelayedWrites' : [ 0x5cbc, ['unsigned long']],
-    'CcFastReadResourceMiss' : [ 0x5cc0, ['unsigned long']],
-    'CcCopyReadWaitMiss' : [ 0x5cc4, ['unsigned long']],
-    'CcFastMdlReadResourceMiss' : [ 0x5cc8, ['unsigned long']],
-    'CcMapDataNoWaitMiss' : [ 0x5ccc, ['unsigned long']],
-    'CcMapDataWaitMiss' : [ 0x5cd0, ['unsigned long']],
-    'CcPinReadNoWaitMiss' : [ 0x5cd4, ['unsigned long']],
-    'CcPinReadWaitMiss' : [ 0x5cd8, ['unsigned long']],
-    'CcMdlReadNoWaitMiss' : [ 0x5cdc, ['unsigned long']],
-    'CcMdlReadWaitMiss' : [ 0x5ce0, ['unsigned long']],
-    'CcReadAheadIos' : [ 0x5ce4, ['unsigned long']],
-    'MmCacheTransitionCount' : [ 0x5ce8, ['long']],
-    'MmCacheReadCount' : [ 0x5cec, ['long']],
-    'MmCacheIoCount' : [ 0x5cf0, ['long']],
-    'PrcbPad91' : [ 0x5cf4, ['array', 3, ['unsigned long']]],
-    'PowerState' : [ 0x5d00, ['_PROCESSOR_POWER_STATE']],
-    'ScbList' : [ 0x5ed0, ['_LIST_ENTRY']],
-    'PrcbPad92' : [ 0x5ee0, ['array', 7, ['unsigned long']]],
-    'KeAlignmentFixupCount' : [ 0x5efc, ['unsigned long']],
-    'DpcWatchdogDpc' : [ 0x5f00, ['_KDPC']],
-    'DpcWatchdogTimer' : [ 0x5f40, ['_KTIMER']],
-    'Cache' : [ 0x5f80, ['array', 5, ['_CACHE_DESCRIPTOR']]],
-    'CacheCount' : [ 0x5fbc, ['unsigned long']],
-    'CachedCommit' : [ 0x5fc0, ['unsigned long']],
-    'CachedResidentAvailable' : [ 0x5fc4, ['unsigned long']],
-    'HyperPte' : [ 0x5fc8, ['pointer64', ['void']]],
-    'WheaInfo' : [ 0x5fd0, ['pointer64', ['void']]],
-    'EtwSupport' : [ 0x5fd8, ['pointer64', ['void']]],
-    'InterruptObjectPool' : [ 0x5fe0, ['_SLIST_HEADER']],
-    'HypercallPageList' : [ 0x5ff0, ['_SLIST_HEADER']],
-    'HypercallCachedPages' : [ 0x6000, ['pointer64', ['void']]],
-    'VirtualApicAssist' : [ 0x6008, ['pointer64', ['void']]],
-    'StatisticsPage' : [ 0x6010, ['pointer64', ['unsigned long long']]],
-    'PackageProcessorSet' : [ 0x6018, ['_KAFFINITY_EX']],
-    'SharedReadyQueueMask' : [ 0x60c0, ['unsigned long long']],
-    'SharedReadyQueue' : [ 0x60c8, ['pointer64', ['_KSHARED_READY_QUEUE']]],
-    'SharedQueueScanOwner' : [ 0x60d0, ['unsigned long']],
-    'ScanSiblingIndex' : [ 0x60d4, ['unsigned long']],
-    'CoreProcessorSet' : [ 0x60d8, ['unsigned long long']],
-    'ScanSiblingMask' : [ 0x60e0, ['unsigned long long']],
-    'LLCMask' : [ 0x60e8, ['unsigned long long']],
-    'CacheProcessorMask' : [ 0x60f0, ['array', 5, ['unsigned long long']]],
-    'ProcessorProfileControlArea' : [ 0x6118, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
-    'ProfileEventIndexAddress' : [ 0x6120, ['pointer64', ['void']]],
-    'PrcbPad94' : [ 0x6128, ['array', 11, ['unsigned long long']]],
-    'SynchCounters' : [ 0x6180, ['_SYNCH_COUNTERS']],
-    'PteBitCache' : [ 0x6238, ['unsigned long long']],
-    'PteBitOffset' : [ 0x6240, ['unsigned long']],
-    'FsCounters' : [ 0x6248, ['_FILESYSTEM_DISK_COUNTERS']],
-    'VendorString' : [ 0x6258, ['array', 13, ['unsigned char']]],
-    'PrcbPad100' : [ 0x6265, ['array', 3, ['unsigned char']]],
-    'FeatureBits' : [ 0x6268, ['unsigned long long']],
-    'PrcbPad110' : [ 0x6270, ['unsigned long']],
-    'UpdateSignature' : [ 0x6278, ['_LARGE_INTEGER']],
-    'Context' : [ 0x6280, ['pointer64', ['_CONTEXT']]],
-    'ContextFlagsInit' : [ 0x6288, ['unsigned long']],
-    'ExtendedState' : [ 0x6290, ['pointer64', ['_XSAVE_AREA']]],
-    'IsrStack' : [ 0x6298, ['pointer64', ['void']]],
-    'EntropyTimingState' : [ 0x62a0, ['_KENTROPY_TIMING_STATE']],
-    'AbSelfIoBoostsList' : [ 0x63f0, ['_SINGLE_LIST_ENTRY']],
-    'AbPropagateBoostsList' : [ 0x63f8, ['_SINGLE_LIST_ENTRY']],
-    'AbDpc' : [ 0x6400, ['_KDPC']],
-    'IoIrpStackProfilerCurrent' : [ 0x6440, ['_IOP_IRP_STACK_PROFILER']],
-    'IoIrpStackProfilerPrevious' : [ 0x6494, ['_IOP_IRP_STACK_PROFILER']],
-    'LocalSharedReadyQueue' : [ 0x6500, ['_KSHARED_READY_QUEUE']],
-    'TimerExpirationTrace' : [ 0x6760, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
-    'TimerExpirationTraceCount' : [ 0x6860, ['unsigned long']],
-    'ExSaPageArray' : [ 0x6868, ['pointer64', ['void']]],
-    'Mailbox' : [ 0x6880, ['pointer64', ['_REQUEST_MAILBOX']]],
-    'RequestMailbox' : [ 0x68c0, ['array', 1, ['_REQUEST_MAILBOX']]],
-} ],
-  '_KFLOATING_SAVE' : [ 0x4, {
-    'Dummy' : [ 0x0, ['unsigned long']],
-} ],
-  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
-    'Next' : [ 0x0, ['unsigned long']],
-} ],
-  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
-    'Version' : [ 0x0, ['unsigned long']],
-    'Reserved' : [ 0x4, ['unsigned long']],
-    'NoWakeTolerance' : [ 0x8, ['long long']],
-} ],
-  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
-    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
-    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
-} ],
-  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
-    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
-    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
-} ],
-  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
-    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
-    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
-    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
-    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
-} ],
-  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
-    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
-} ],
-  '_KPROCESS' : [ 0x2d8, {
-    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
-    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
-    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
-    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
-    'ProcessLock' : [ 0x40, ['unsigned long']],
-    'Spare0' : [ 0x44, ['unsigned long']],
-    'DeepFreezeStartTime' : [ 0x48, ['unsigned long long']],
-    'Affinity' : [ 0x50, ['_KAFFINITY_EX']],
-    'ReadyListHead' : [ 0xf8, ['_LIST_ENTRY']],
-    'SwapListEntry' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
-    'ActiveProcessors' : [ 0x110, ['_KAFFINITY_EX']],
-    'AutoAlignment' : [ 0x1b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
-    'DisableBoost' : [ 0x1b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
-    'DisableQuantum' : [ 0x1b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
-    'DeepFreeze' : [ 0x1b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'TimerVirtualization' : [ 0x1b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'CheckStackExtents' : [ 0x1b8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'SpareFlags0' : [ 0x1b8, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned long')]],
-    'ActiveGroupsMask' : [ 0x1b8, ['BitField', dict(start_bit = 8, end_bit = 28, native_type='unsigned long')]],
-    'ReservedFlags' : [ 0x1b8, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='long')]],
-    'ProcessFlags' : [ 0x1b8, ['long']],
-    'BasePriority' : [ 0x1bc, ['unsigned char']],
-    'QuantumReset' : [ 0x1bd, ['unsigned char']],
-    'Visited' : [ 0x1be, ['unsigned char']],
-    'Flags' : [ 0x1bf, ['_KEXECUTE_OPTIONS']],
-    'ThreadSeed' : [ 0x1c0, ['array', 20, ['unsigned long']]],
-    'IdealNode' : [ 0x210, ['array', 20, ['unsigned short']]],
-    'IdealGlobalNode' : [ 0x238, ['unsigned short']],
-    'Spare1' : [ 0x23a, ['unsigned short']],
-    'StackCount' : [ 0x23c, ['_KSTACK_COUNT']],
-    'ProcessListEntry' : [ 0x240, ['_LIST_ENTRY']],
-    'CycleTime' : [ 0x250, ['unsigned long long']],
-    'ContextSwitches' : [ 0x258, ['unsigned long long']],
-    'SchedulingGroup' : [ 0x260, ['pointer64', ['_KSCHEDULING_GROUP']]],
-    'FreezeCount' : [ 0x268, ['unsigned long']],
-    'KernelTime' : [ 0x26c, ['unsigned long']],
-    'UserTime' : [ 0x270, ['unsigned long']],
-    'LdtFreeSelectorHint' : [ 0x274, ['unsigned short']],
-    'LdtTableLength' : [ 0x276, ['unsigned short']],
-    'LdtSystemDescriptor' : [ 0x278, ['_KGDTENTRY64']],
-    'LdtBaseAddress' : [ 0x288, ['pointer64', ['void']]],
-    'LdtProcessLock' : [ 0x290, ['_FAST_MUTEX']],
-    'InstrumentationCallback' : [ 0x2c8, ['pointer64', ['void']]],
-    'SecurePid' : [ 0x2d0, ['unsigned long long']],
-} ],
-  '_KTHREAD' : [ 0x5d8, {
-    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
-    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
-    'QuantumTarget' : [ 0x20, ['unsigned long long']],
-    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
-    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
-    'StackBase' : [ 0x38, ['pointer64', ['void']]],
-    'ThreadLock' : [ 0x40, ['unsigned long long']],
-    'CycleTime' : [ 0x48, ['unsigned long long']],
-    'CurrentRunTime' : [ 0x50, ['unsigned long']],
-    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
-    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
-    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
-    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
-    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
-    'Running' : [ 0x71, ['unsigned char']],
-    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
-    'AutoBoostActive' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'SuspendSchedulerApcWait' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
-    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
-    'MiscFlags' : [ 0x74, ['long']],
-    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'ThreadFlagsSpare0' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'CommitFailTerminateRequest' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'ProcessStackCountDecremented' : [ 0x78, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'ThreadFlagsSpare' : [ 0x78, ['BitField', dict(start_bit = 19, end_bit = 24, native_type='unsigned long')]],
-    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
-    'ThreadFlags' : [ 0x78, ['long']],
-    'Tag' : [ 0x7c, ['unsigned char']],
-    'SystemHeteroCpuPolicy' : [ 0x7d, ['unsigned char']],
-    'UserHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
-    'ExplicitSystemHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'Spare0' : [ 0x7f, ['unsigned char']],
-    'SystemCallNumber' : [ 0x80, ['unsigned long']],
-    'Spare10' : [ 0x84, ['unsigned long']],
-    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
-    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
-    'ApcState' : [ 0x98, ['_KAPC_STATE']],
-    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
-    'Priority' : [ 0xc3, ['unsigned char']],
-    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
-    'WaitStatus' : [ 0xc8, ['long long']],
-    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
-    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
-    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
-    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
-    'Teb' : [ 0xf0, ['pointer64', ['void']]],
-    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
-    'Timer' : [ 0x100, ['_KTIMER']],
-    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
-    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
-    'ContextSwitches' : [ 0x154, ['unsigned long']],
-    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
-    'State' : [ 0x184, ['unsigned char']],
-    'Spare13' : [ 0x185, ['unsigned char']],
-    'WaitIrql' : [ 0x186, ['unsigned char']],
-    'WaitMode' : [ 0x187, ['unsigned char']],
-    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
-    'WaitTime' : [ 0x1b4, ['unsigned long']],
-    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
-    'KernelApcDisable' : [ 0x1e4, ['short']],
-    'SpecialApcDisable' : [ 0x1e6, ['short']],
-    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
-    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
-    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
-    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
-    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
-    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
-    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
-    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
-    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
-    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
-    'TebMappedLowVa' : [ 0x200, ['pointer64', ['void']]],
-    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
-    'NextProcessor' : [ 0x218, ['unsigned long']],
-    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
-    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'QueuePriority' : [ 0x21c, ['long']],
-    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
-    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
-    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
-    'PreviousMode' : [ 0x232, ['unsigned char']],
-    'BasePriority' : [ 0x233, ['unsigned char']],
-    'PriorityDecrement' : [ 0x234, ['unsigned char']],
-    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
-    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
-    'Preempted' : [ 0x235, ['unsigned char']],
-    'AdjustReason' : [ 0x236, ['unsigned char']],
-    'AdjustIncrement' : [ 0x237, ['unsigned char']],
-    'AffinityVersion' : [ 0x238, ['unsigned long long']],
-    'Affinity' : [ 0x240, ['_GROUP_AFFINITY']],
-    'AffinityFill' : [ 0x240, ['array', 10, ['unsigned char']]],
-    'ApcStateIndex' : [ 0x24a, ['unsigned char']],
-    'WaitBlockCount' : [ 0x24b, ['unsigned char']],
-    'IdealProcessor' : [ 0x24c, ['unsigned long']],
-    'NpxState' : [ 0x250, ['unsigned long long']],
-    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
-    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
-    'WaitReason' : [ 0x283, ['unsigned char']],
-    'SuspendCount' : [ 0x284, ['unsigned char']],
-    'Saturation' : [ 0x285, ['unsigned char']],
-    'SListFaultCount' : [ 0x286, ['unsigned short']],
-    'SchedulerApc' : [ 0x288, ['_KAPC']],
-    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
-    'ResourceIndex' : [ 0x289, ['unsigned char']],
-    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
-    'QuantumReset' : [ 0x28b, ['unsigned char']],
-    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
-    'KernelTime' : [ 0x28c, ['unsigned long']],
-    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
-    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
-    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
-    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
-    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
-    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
-    'UserTime' : [ 0x2dc, ['unsigned long']],
-    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
-    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
-    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
-    'AbEntrySummary' : [ 0x318, ['unsigned char']],
-    'AbWaitEntryCount' : [ 0x319, ['unsigned char']],
-    'Spare20' : [ 0x31a, ['unsigned short']],
-    'SecureThreadCookie' : [ 0x31c, ['unsigned long']],
-    'LockEntries' : [ 0x320, ['array', 6, ['_KLOCK_ENTRY']]],
-    'PropagateBoostsEntry' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
-    'IoSelfBoostsEntry' : [ 0x568, ['_SINGLE_LIST_ENTRY']],
-    'PriorityFloorCounts' : [ 0x570, ['array', 16, ['unsigned char']]],
-    'PriorityFloorSummary' : [ 0x580, ['unsigned long']],
-    'AbCompletedIoBoostCount' : [ 0x584, ['long']],
-    'KeReferenceCount' : [ 0x588, ['short']],
-    'AbOrphanedEntrySummary' : [ 0x58a, ['unsigned char']],
-    'AbOwnedEntryCount' : [ 0x58b, ['unsigned char']],
-    'ForegroundLossTime' : [ 0x58c, ['unsigned long']],
-    'GlobalForegroundListEntry' : [ 0x590, ['_LIST_ENTRY']],
-    'ForegroundDpcStackListEntry' : [ 0x590, ['_SINGLE_LIST_ENTRY']],
-    'InGlobalForegroundList' : [ 0x598, ['unsigned long long']],
-    'ReadOperationCount' : [ 0x5a0, ['long long']],
-    'WriteOperationCount' : [ 0x5a8, ['long long']],
-    'OtherOperationCount' : [ 0x5b0, ['long long']],
-    'ReadTransferCount' : [ 0x5b8, ['long long']],
-    'WriteTransferCount' : [ 0x5c0, ['long long']],
-    'OtherTransferCount' : [ 0x5c8, ['long long']],
-    'QueuedScb' : [ 0x5d0, ['pointer64', ['_KSCB']]],
-} ],
-  '_KSTACK_CONTROL' : [ 0x30, {
-    'StackBase' : [ 0x0, ['unsigned long long']],
-    'ActualLimit' : [ 0x8, ['unsigned long long']],
-    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
-} ],
-  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
-    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
-    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
-} ],
-  '_FAST_MUTEX' : [ 0x38, {
-    'Count' : [ 0x0, ['long']],
-    'Owner' : [ 0x8, ['pointer64', ['void']]],
-    'Contention' : [ 0x10, ['unsigned long']],
-    'Event' : [ 0x18, ['_KEVENT']],
-    'OldIrql' : [ 0x30, ['unsigned long']],
-} ],
-  '_KEVENT' : [ 0x18, {
-    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
-} ],
-  '__unnamed_1269' : [ 0x10, {
-    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
-    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
-    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
-    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_SLIST_HEADER' : [ 0x10, {
-    'Alignment' : [ 0x0, ['unsigned long long']],
-    'Region' : [ 0x8, ['unsigned long long']],
-    'HeaderX64' : [ 0x0, ['__unnamed_1269']],
-} ],
-  '_LOOKASIDE_LIST_EX' : [ 0x60, {
-    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
-} ],
-  '_SLIST_ENTRY' : [ 0x10, {
-    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
-} ],
-  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
-    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
-} ],
-  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
-    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
-} ],
-  '_IO_STATUS_BLOCK' : [ 0x10, {
-    'Status' : [ 0x0, ['long']],
-    'Pointer' : [ 0x0, ['pointer64', ['void']]],
-    'Information' : [ 0x8, ['unsigned long long']],
-} ],
-  '_QUAD' : [ 0x8, {
-    'UseThisFieldToCopy' : [ 0x0, ['long long']],
-    'DoNotUseThisField' : [ 0x0, ['double']],
-} ],
-  '_WORK_QUEUE_ITEM' : [ 0x20, {
-    'List' : [ 0x0, ['_LIST_ENTRY']],
-    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
-    'Parameter' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
-    'Version' : [ 0x0, ['unsigned long']],
-    'Reserved' : [ 0x4, ['unsigned long']],
-    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
-    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
-} ],
-  '_EX_PUSH_LOCK' : [ 0x8, {
-    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
-    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
-    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
-    'Value' : [ 0x0, ['unsigned long long']],
-    'Ptr' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '_PP_LOOKASIDE_LIST' : [ 0x10, {
-    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
-    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
-} ],
-  '_GENERAL_LOOKASIDE' : [ 0x80, {
-    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
-    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-    'Depth' : [ 0x10, ['unsigned short']],
-    'MaximumDepth' : [ 0x12, ['unsigned short']],
-    'TotalAllocates' : [ 0x14, ['unsigned long']],
-    'AllocateMisses' : [ 0x18, ['unsigned long']],
-    'AllocateHits' : [ 0x18, ['unsigned long']],
-    'TotalFrees' : [ 0x1c, ['unsigned long']],
-    'FreeMisses' : [ 0x20, ['unsigned long']],
-    'FreeHits' : [ 0x20, ['unsigned long']],
-    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
-    'Tag' : [ 0x28, ['unsigned long']],
-    'Size' : [ 0x2c, ['unsigned long']],
-    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
-    'Allocate' : [ 0x30, ['pointer64', ['void']]],
-    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
-    'Free' : [ 0x38, ['pointer64', ['void']]],
-    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
-    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
-    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
-    'LastAllocateHits' : [ 0x54, ['unsigned long']],
-    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
-} ],
-  '_KNODE' : [ 0x100, {
-    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long long']],
-    'IdleSmtSet' : [ 0x8, ['unsigned long long']],
-    'IdleCpuSet' : [ 0x10, ['unsigned long long']],
-    'DeepIdleSet' : [ 0x40, ['unsigned long long']],
-    'IdleConstrainedSet' : [ 0x48, ['unsigned long long']],
-    'NonParkedSet' : [ 0x50, ['unsigned long long']],
-    'ParkLock' : [ 0x58, ['long']],
-    'Seed' : [ 0x5c, ['unsigned long']],
-    'SiblingMask' : [ 0x80, ['unsigned long']],
-    'Affinity' : [ 0x88, ['_GROUP_AFFINITY']],
-    'AffinityFill' : [ 0x88, ['array', 10, ['unsigned char']]],
-    'NodeNumber' : [ 0x92, ['unsigned short']],
-    'PrimaryNodeNumber' : [ 0x94, ['unsigned short']],
-    'Stride' : [ 0x96, ['unsigned char']],
-    'Spare0' : [ 0x97, ['unsigned char']],
-    'SharedReadyQueueLeaders' : [ 0x98, ['unsigned long long']],
-    'ProximityId' : [ 0xa0, ['unsigned long']],
-    'Lowest' : [ 0xa4, ['unsigned long']],
-    'Highest' : [ 0xa8, ['unsigned long']],
-    'MaximumProcessors' : [ 0xac, ['unsigned char']],
-    'Flags' : [ 0xad, ['_flags']],
-    'Spare10' : [ 0xae, ['unsigned char']],
-    'HeteroSets' : [ 0xb0, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
-} ],
-  '_ENODE' : [ 0x540, {
-    'Ncb' : [ 0x0, ['_KNODE']],
-    'ExWorkQueues' : [ 0x100, ['array', 8, ['pointer64', ['_EX_WORK_QUEUE']]]],
-    'ExWorkQueue' : [ 0x140, ['_EX_WORK_QUEUE']],
-    'ExpThreadSetManagerEvent' : [ 0x410, ['_KEVENT']],
-    'ExpDeadlockTimer' : [ 0x428, ['_KTIMER']],
-    'ExpThreadReaperEvent' : [ 0x468, ['_KEVENT']],
-    'WaitBlocks' : [ 0x480, ['array', 3, ['_KWAIT_BLOCK']]],
-    'ExpWorkerThreadBalanceManagerPtr' : [ 0x510, ['pointer64', ['_ETHREAD']]],
-    'ExpWorkerSeed' : [ 0x518, ['unsigned long']],
-    'ExWorkerFullInit' : [ 0x51c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ExWorkerStructInit' : [ 0x51c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'ExWorkerFlags' : [ 0x51c, ['unsigned long']],
-} ],
-  '_HANDLE_TABLE' : [ 0x80, {
-    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
-    'ExtraInfoPages' : [ 0x4, ['long']],
-    'TableCode' : [ 0x8, ['unsigned long long']],
-    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
-    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
-    'UniqueProcessId' : [ 0x28, ['unsigned long']],
-    'Flags' : [ 0x2c, ['unsigned long']],
-    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x2c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
-    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
-    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
-    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
-    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
-} ],
-  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x4, {
-    'AuditMask' : [ 0x0, ['unsigned long']],
-} ],
-  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
-    'VolatileLowValue' : [ 0x0, ['long long']],
-    'LowValue' : [ 0x0, ['long long']],
-    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
-    'HighValue' : [ 0x8, ['long long']],
-    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
-    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
-    'RefCountField' : [ 0x0, ['long long']],
-    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
-    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
-    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
-    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
-    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
-    'Spare1' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
-    'Spare2' : [ 0xc, ['unsigned long']],
-} ],
-  '_EX_FAST_REF' : [ 0x8, {
-    'Object' : [ 0x0, ['pointer64', ['void']]],
-    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
-    'Value' : [ 0x0, ['unsigned long long']],
-} ],
-  '__unnamed_135c' : [ 0x2c, {
-    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
-    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
-} ],
-  '_ACCESS_STATE' : [ 0xa0, {
-    'OperationID' : [ 0x0, ['_LUID']],
-    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
-    'GenerateAudit' : [ 0x9, ['unsigned char']],
-    'GenerateOnClose' : [ 0xa, ['unsigned char']],
-    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
-    'Flags' : [ 0xc, ['unsigned long']],
-    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
-    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
-    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
-    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
-    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
-    'AuxData' : [ 0x48, ['pointer64', ['void']]],
-    'Privileges' : [ 0x50, ['__unnamed_135c']],
-    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
-    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
-    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
-} ],
-  '_AUX_ACCESS_DATA' : [ 0xe0, {
-    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
-    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
-    'AccessesToAudit' : [ 0x18, ['unsigned long']],
-    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
-    'TransactionId' : [ 0x20, ['_GUID']],
-    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
-    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
-    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
-    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
-    'SDLock' : [ 0x50, ['pointer64', ['void']]],
-    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
-    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
-} ],
-  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
-    'HandleAttributes' : [ 0x0, ['unsigned long']],
-    'GrantedAccess' : [ 0x4, ['unsigned long']],
-} ],
-  '_EPROCESS' : [ 0x788, {
-    'Pcb' : [ 0x0, ['_KPROCESS']],
-    'ProcessLock' : [ 0x2d8, ['_EX_PUSH_LOCK']],
-    'RundownProtect' : [ 0x2e0, ['_EX_RUNDOWN_REF']],
-    'UniqueProcessId' : [ 0x2e8, ['pointer64', ['void']]],
-    'ActiveProcessLinks' : [ 0x2f0, ['_LIST_ENTRY']],
-    'Flags2' : [ 0x300, ['unsigned long']],
-    'JobNotReallyActive' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'AccountingFolded' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'NewProcessReported' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'ExitProcessReported' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'ReportCommitChanges' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'LastReportMemory' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'ForceWakeCharge' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'CrossSessionCreate' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'NeedsHandleRundown' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'RefTraceEnabled' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'DisableDynamicCode' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'EmptyJobEvaluated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'DefaultPagePriority' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
-    'PrimaryTokenFrozen' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'ProcessVerifierTarget' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'StackRandomizationDisabled' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'AffinityPermanent' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'AffinityUpdateEnable' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
-    'PropagateNode' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
-    'ExplicitAffinity' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
-    'ProcessExecutionState' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
-    'DisallowStrippedImages' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
-    'HighEntropyASLREnabled' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
-    'ExtensionPointDisable' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
-    'ForceRelocateImages' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
-    'ProcessStateChangeRequest' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
-    'ProcessStateChangeInProgress' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
-    'DisallowWin32kSystemCalls' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'Flags' : [ 0x304, ['unsigned long']],
-    'CreateReported' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'NoDebugInherit' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'ProcessExiting' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'ProcessDelete' : [ 0x304, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'ControlFlowGuardEnabled' : [ 0x304, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'VmDeleted' : [ 0x304, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'OutswapEnabled' : [ 0x304, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'Outswapped' : [ 0x304, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'FailFastOnCommitFail' : [ 0x304, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'Wow64VaSpace4Gb' : [ 0x304, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'AddressSpaceInitialized' : [ 0x304, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
-    'SetTimerResolution' : [ 0x304, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'BreakOnTermination' : [ 0x304, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'DeprioritizeViews' : [ 0x304, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'WriteWatch' : [ 0x304, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'ProcessInSession' : [ 0x304, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'OverrideAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'HasAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'LaunchPrefetched' : [ 0x304, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
-    'Background' : [ 0x304, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
-    'VmTopDown' : [ 0x304, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
-    'ImageNotifyDone' : [ 0x304, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
-    'PdeUpdateNeeded' : [ 0x304, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
-    'VdmAllowed' : [ 0x304, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
-    'ProcessRundown' : [ 0x304, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
-    'ProcessInserted' : [ 0x304, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
-    'DefaultIoPriority' : [ 0x304, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
-    'ProcessSelfDelete' : [ 0x304, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
-    'SetTimerResolutionLink' : [ 0x304, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'CreateTime' : [ 0x308, ['_LARGE_INTEGER']],
-    'ProcessQuotaUsage' : [ 0x310, ['array', 2, ['unsigned long long']]],
-    'ProcessQuotaPeak' : [ 0x320, ['array', 2, ['unsigned long long']]],
-    'PeakVirtualSize' : [ 0x330, ['unsigned long long']],
-    'VirtualSize' : [ 0x338, ['unsigned long long']],
-    'SessionProcessLinks' : [ 0x340, ['_LIST_ENTRY']],
-    'ExceptionPortData' : [ 0x350, ['pointer64', ['void']]],
-    'ExceptionPortValue' : [ 0x350, ['unsigned long long']],
-    'ExceptionPortState' : [ 0x350, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
-    'Token' : [ 0x358, ['_EX_FAST_REF']],
-    'WorkingSetPage' : [ 0x360, ['unsigned long long']],
-    'AddressCreationLock' : [ 0x368, ['_EX_PUSH_LOCK']],
-    'PageTableCommitmentLock' : [ 0x370, ['_EX_PUSH_LOCK']],
-    'RotateInProgress' : [ 0x378, ['pointer64', ['_ETHREAD']]],
-    'ForkInProgress' : [ 0x380, ['pointer64', ['_ETHREAD']]],
-    'CommitChargeJob' : [ 0x388, ['pointer64', ['_EJOB']]],
-    'CloneRoot' : [ 0x390, ['_RTL_AVL_TREE']],
-    'NumberOfPrivatePages' : [ 0x398, ['unsigned long long']],
-    'NumberOfLockedPages' : [ 0x3a0, ['unsigned long long']],
-    'Win32Process' : [ 0x3a8, ['pointer64', ['void']]],
-    'Job' : [ 0x3b0, ['pointer64', ['_EJOB']]],
-    'SectionObject' : [ 0x3b8, ['pointer64', ['void']]],
-    'SectionBaseAddress' : [ 0x3c0, ['pointer64', ['void']]],
-    'Cookie' : [ 0x3c8, ['unsigned long']],
-    'WorkingSetWatch' : [ 0x3d0, ['pointer64', ['_PAGEFAULT_HISTORY']]],
-    'Win32WindowStation' : [ 0x3d8, ['pointer64', ['void']]],
-    'InheritedFromUniqueProcessId' : [ 0x3e0, ['pointer64', ['void']]],
-    'LdtInformation' : [ 0x3e8, ['pointer64', ['void']]],
-    'OwnerProcessId' : [ 0x3f0, ['unsigned long long']],
-    'Peb' : [ 0x3f8, ['pointer64', ['_PEB']]],
-    'Session' : [ 0x400, ['pointer64', ['void']]],
-    'AweInfo' : [ 0x408, ['pointer64', ['void']]],
-    'QuotaBlock' : [ 0x410, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
-    'ObjectTable' : [ 0x418, ['pointer64', ['_HANDLE_TABLE']]],
-    'DebugPort' : [ 0x420, ['pointer64', ['void']]],
-    'WoW64Process' : [ 0x428, ['pointer64', ['_EWOW64PROCESS']]],
-    'DeviceMap' : [ 0x430, ['pointer64', ['void']]],
-    'EtwDataSource' : [ 0x438, ['pointer64', ['void']]],
-    'PageDirectoryPte' : [ 0x440, ['unsigned long long']],
-    'ImageFilePointer' : [ 0x448, ['pointer64', ['_FILE_OBJECT']]],
-    'ImageFileName' : [ 0x450, ['array', 15, ['unsigned char']]],
-    'PriorityClass' : [ 0x45f, ['unsigned char']],
-    'SecurityPort' : [ 0x460, ['pointer64', ['void']]],
-    'SeAuditProcessCreationInfo' : [ 0x468, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
-    'JobLinks' : [ 0x470, ['_LIST_ENTRY']],
-    'HighestUserAddress' : [ 0x480, ['pointer64', ['void']]],
-    'ThreadListHead' : [ 0x488, ['_LIST_ENTRY']],
-    'ActiveThreads' : [ 0x498, ['unsigned long']],
-    'ImagePathHash' : [ 0x49c, ['unsigned long']],
-    'DefaultHardErrorProcessing' : [ 0x4a0, ['unsigned long']],
-    'LastThreadExitStatus' : [ 0x4a4, ['long']],
-    'PrefetchTrace' : [ 0x4a8, ['_EX_FAST_REF']],
-    'LockedPagesList' : [ 0x4b0, ['pointer64', ['void']]],
-    'ReadOperationCount' : [ 0x4b8, ['_LARGE_INTEGER']],
-    'WriteOperationCount' : [ 0x4c0, ['_LARGE_INTEGER']],
-    'OtherOperationCount' : [ 0x4c8, ['_LARGE_INTEGER']],
-    'ReadTransferCount' : [ 0x4d0, ['_LARGE_INTEGER']],
-    'WriteTransferCount' : [ 0x4d8, ['_LARGE_INTEGER']],
-    'OtherTransferCount' : [ 0x4e0, ['_LARGE_INTEGER']],
-    'CommitChargeLimit' : [ 0x4e8, ['unsigned long long']],
-    'CommitCharge' : [ 0x4f0, ['unsigned long long']],
-    'CommitChargePeak' : [ 0x4f8, ['unsigned long long']],
-    'Vm' : [ 0x500, ['_MMSUPPORT']],
-    'MmProcessLinks' : [ 0x5f8, ['_LIST_ENTRY']],
-    'ModifiedPageCount' : [ 0x608, ['unsigned long']],
-    'ExitStatus' : [ 0x60c, ['long']],
-    'VadRoot' : [ 0x610, ['_RTL_AVL_TREE']],
-    'VadHint' : [ 0x618, ['pointer64', ['void']]],
-    'VadCount' : [ 0x620, ['unsigned long long']],
-    'VadPhysicalPages' : [ 0x628, ['unsigned long long']],
-    'VadPhysicalPagesLimit' : [ 0x630, ['unsigned long long']],
-    'AlpcContext' : [ 0x638, ['_ALPC_PROCESS_CONTEXT']],
-    'TimerResolutionLink' : [ 0x658, ['_LIST_ENTRY']],
-    'TimerResolutionStackRecord' : [ 0x668, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
-    'RequestedTimerResolution' : [ 0x670, ['unsigned long']],
-    'SmallestTimerResolution' : [ 0x674, ['unsigned long']],
-    'ExitTime' : [ 0x678, ['_LARGE_INTEGER']],
-    'InvertedFunctionTable' : [ 0x680, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
-    'InvertedFunctionTableLock' : [ 0x688, ['_EX_PUSH_LOCK']],
-    'ActiveThreadsHighWatermark' : [ 0x690, ['unsigned long']],
-    'LargePrivateVadCount' : [ 0x694, ['unsigned long']],
-    'ThreadListLock' : [ 0x698, ['_EX_PUSH_LOCK']],
-    'WnfContext' : [ 0x6a0, ['pointer64', ['void']]],
-    'Spare0' : [ 0x6a8, ['unsigned long long']],
-    'SignatureLevel' : [ 0x6b0, ['unsigned char']],
-    'SectionSignatureLevel' : [ 0x6b1, ['unsigned char']],
-    'Protection' : [ 0x6b2, ['_PS_PROTECTION']],
-    'HangCount' : [ 0x6b3, ['unsigned char']],
-    'Flags3' : [ 0x6b4, ['unsigned long']],
-    'Minimal' : [ 0x6b4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ReplacingPageRoot' : [ 0x6b4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'DisableNonSystemFonts' : [ 0x6b4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'AuditNonSystemFontLoading' : [ 0x6b4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'Crashed' : [ 0x6b4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'JobVadsAreTracked' : [ 0x6b4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'VadTrackingDisabled' : [ 0x6b4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'AuxiliaryProcess' : [ 0x6b4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'SubsystemProcess' : [ 0x6b4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'IndirectCpuSets' : [ 0x6b4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'InPrivate' : [ 0x6b4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'ProhibitRemoteImageMap' : [ 0x6b4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'ProhibitLowILImageMap' : [ 0x6b4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'SignatureMitigationOptIn' : [ 0x6b4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'DeviceAsid' : [ 0x6b8, ['long']],
-    'SvmData' : [ 0x6c0, ['pointer64', ['void']]],
-    'SvmProcessLock' : [ 0x6c8, ['_EX_PUSH_LOCK']],
-    'SvmLock' : [ 0x6d0, ['unsigned long long']],
-    'SvmProcessDeviceListHead' : [ 0x6d8, ['_LIST_ENTRY']],
-    'LastFreezeInterruptTime' : [ 0x6e8, ['unsigned long long']],
-    'DiskCounters' : [ 0x6f0, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
-    'PicoContext' : [ 0x6f8, ['pointer64', ['void']]],
-    'TrustletIdentity' : [ 0x700, ['unsigned long long']],
-    'KeepAliveCounter' : [ 0x708, ['unsigned long']],
-    'NoWakeKeepAliveCounter' : [ 0x70c, ['unsigned long']],
-    'HighPriorityFaultsAllowed' : [ 0x710, ['unsigned long']],
-    'EnergyValues' : [ 0x718, ['pointer64', ['_PROCESS_ENERGY_VALUES']]],
-    'VmContext' : [ 0x720, ['pointer64', ['void']]],
-    'SequenceNumber' : [ 0x728, ['unsigned long long']],
-    'CreateInterruptTime' : [ 0x730, ['unsigned long long']],
-    'CreateUnbiasedInterruptTime' : [ 0x738, ['unsigned long long']],
-    'TotalUnbiasedFrozenTime' : [ 0x740, ['unsigned long long']],
-    'LastAppStateUpdateTime' : [ 0x748, ['unsigned long long']],
-    'LastAppStateUptime' : [ 0x750, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
-    'LastAppState' : [ 0x750, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
-    'SharedCommitCharge' : [ 0x758, ['unsigned long long']],
-    'SharedCommitLock' : [ 0x760, ['_EX_PUSH_LOCK']],
-    'SharedCommitLinks' : [ 0x768, ['_LIST_ENTRY']],
-    'AllowedCpuSets' : [ 0x778, ['unsigned long long']],
-    'DefaultCpuSets' : [ 0x780, ['unsigned long long']],
-    'AllowedCpuSetsIndirect' : [ 0x778, ['pointer64', ['unsigned long long']]],
-    'DefaultCpuSetsIndirect' : [ 0x780, ['pointer64', ['unsigned long long']]],
-} ],
-  '_EWOW64PROCESS' : [ 0x10, {
-    'Peb' : [ 0x0, ['pointer64', ['void']]],
-    'Machine' : [ 0x8, ['unsigned short']],
-} ],
-  '_ETHREAD' : [ 0x7c0, {
-    'Tcb' : [ 0x0, ['_KTHREAD']],
-    'CreateTime' : [ 0x5d8, ['_LARGE_INTEGER']],
-    'ExitTime' : [ 0x5e0, ['_LARGE_INTEGER']],
-    'KeyedWaitChain' : [ 0x5e0, ['_LIST_ENTRY']],
-    'ChargeOnlySession' : [ 0x5f0, ['pointer64', ['void']]],
-    'PostBlockList' : [ 0x5f8, ['_LIST_ENTRY']],
-    'ForwardLinkShadow' : [ 0x5f8, ['pointer64', ['void']]],
-    'StartAddress' : [ 0x600, ['pointer64', ['void']]],
-    'TerminationPort' : [ 0x608, ['pointer64', ['_TERMINATION_PORT']]],
-    'ReaperLink' : [ 0x608, ['pointer64', ['_ETHREAD']]],
-    'KeyedWaitValue' : [ 0x608, ['pointer64', ['void']]],
-    'ActiveTimerListLock' : [ 0x610, ['unsigned long long']],
-    'ActiveTimerListHead' : [ 0x618, ['_LIST_ENTRY']],
-    'Cid' : [ 0x628, ['_CLIENT_ID']],
-    'KeyedWaitSemaphore' : [ 0x638, ['_KSEMAPHORE']],
-    'AlpcWaitSemaphore' : [ 0x638, ['_KSEMAPHORE']],
-    'ClientSecurity' : [ 0x658, ['_PS_CLIENT_SECURITY_CONTEXT']],
-    'IrpList' : [ 0x660, ['_LIST_ENTRY']],
-    'TopLevelIrp' : [ 0x670, ['unsigned long long']],
-    'DeviceToVerify' : [ 0x678, ['pointer64', ['_DEVICE_OBJECT']]],
-    'Win32StartAddress' : [ 0x680, ['pointer64', ['void']]],
-    'LegacyPowerObject' : [ 0x688, ['pointer64', ['void']]],
-    'ThreadListEntry' : [ 0x690, ['_LIST_ENTRY']],
-    'RundownProtect' : [ 0x6a0, ['_EX_RUNDOWN_REF']],
-    'ThreadLock' : [ 0x6a8, ['_EX_PUSH_LOCK']],
-    'ReadClusterSize' : [ 0x6b0, ['unsigned long']],
-    'MmLockOrdering' : [ 0x6b4, ['long']],
-    'CmLockOrdering' : [ 0x6b8, ['long']],
-    'CrossThreadFlags' : [ 0x6bc, ['unsigned long']],
-    'Terminated' : [ 0x6bc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ThreadInserted' : [ 0x6bc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'HideFromDebugger' : [ 0x6bc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'ActiveImpersonationInfo' : [ 0x6bc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'HardErrorsAreDisabled' : [ 0x6bc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'BreakOnTermination' : [ 0x6bc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'SkipCreationMsg' : [ 0x6bc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'SkipTerminationMsg' : [ 0x6bc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'CopyTokenOnOpen' : [ 0x6bc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'ThreadIoPriority' : [ 0x6bc, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
-    'ThreadPagePriority' : [ 0x6bc, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
-    'RundownFail' : [ 0x6bc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'UmsForceQueueTermination' : [ 0x6bc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'IndirectCpuSets' : [ 0x6bc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'ReservedCrossThreadFlags' : [ 0x6bc, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
-    'SameThreadPassiveFlags' : [ 0x6c0, ['unsigned long']],
-    'ActiveExWorker' : [ 0x6c0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'MemoryMaker' : [ 0x6c0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'StoreLockThread' : [ 0x6c0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'ClonedThread' : [ 0x6c0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'KeyedEventInUse' : [ 0x6c0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'SelfTerminate' : [ 0x6c0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'RespectIoPriority' : [ 0x6c0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'ReservedSameThreadPassiveFlags' : [ 0x6c0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
-    'SameThreadApcFlags' : [ 0x6c4, ['unsigned long']],
-    'OwnsProcessAddressSpaceExclusive' : [ 0x6c4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'OwnsProcessAddressSpaceShared' : [ 0x6c4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'HardFaultBehavior' : [ 0x6c4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'StartAddressInvalid' : [ 0x6c4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'EtwCalloutActive' : [ 0x6c4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'SuppressSymbolLoad' : [ 0x6c4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'Prefetching' : [ 0x6c4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'OwnsVadExclusive' : [ 0x6c4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'SystemPagePriorityActive' : [ 0x6c5, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'SystemPagePriority' : [ 0x6c5, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
-    'CacheManagerActive' : [ 0x6c8, ['unsigned char']],
-    'DisablePageFaultClustering' : [ 0x6c9, ['unsigned char']],
-    'ActiveFaultCount' : [ 0x6ca, ['unsigned char']],
-    'LockOrderState' : [ 0x6cb, ['unsigned char']],
-    'AlpcMessageId' : [ 0x6d0, ['unsigned long long']],
-    'AlpcMessage' : [ 0x6d8, ['pointer64', ['void']]],
-    'AlpcReceiveAttributeSet' : [ 0x6d8, ['unsigned long']],
-    'ExitStatus' : [ 0x6e0, ['long']],
-    'AlpcWaitListEntry' : [ 0x6e8, ['_LIST_ENTRY']],
-    'CacheManagerCount' : [ 0x6f8, ['unsigned long']],
-    'IoBoostCount' : [ 0x6fc, ['unsigned long']],
-    'BoostList' : [ 0x700, ['_LIST_ENTRY']],
-    'DeboostList' : [ 0x710, ['_LIST_ENTRY']],
-    'BoostListLock' : [ 0x720, ['unsigned long long']],
-    'IrpListLock' : [ 0x728, ['unsigned long long']],
-    'ReservedForSynchTracking' : [ 0x730, ['pointer64', ['void']]],
-    'CmCallbackListHead' : [ 0x738, ['_SINGLE_LIST_ENTRY']],
-    'ActivityId' : [ 0x740, ['pointer64', ['_GUID']]],
-    'SeLearningModeListHead' : [ 0x748, ['_SINGLE_LIST_ENTRY']],
-    'VerifierContext' : [ 0x750, ['pointer64', ['void']]],
-    'KernelStackReference' : [ 0x758, ['unsigned long']],
-    'AdjustedClientToken' : [ 0x760, ['pointer64', ['void']]],
-    'WorkingOnBehalfClient' : [ 0x768, ['pointer64', ['void']]],
-    'PropertySet' : [ 0x770, ['_PS_PROPERTY_SET']],
-    'PicoContext' : [ 0x788, ['pointer64', ['void']]],
-    'UserFsBase' : [ 0x790, ['unsigned long']],
-    'UserGsBase' : [ 0x798, ['unsigned long long']],
-    'EnergyValues' : [ 0x7a0, ['pointer64', ['_THREAD_ENERGY_VALUES']]],
-    'CmCellReferences' : [ 0x7a8, ['unsigned long']],
-    'SelectedCpuSets' : [ 0x7b0, ['unsigned long long']],
-    'SelectedCpuSetsIndirect' : [ 0x7b0, ['pointer64', ['unsigned long long']]],
-    'Silo' : [ 0x7b8, ['pointer64', ['_EJOB']]],
-} ],
-  '__unnamed_13c5' : [ 0x8, {
-    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
-    'IrpCount' : [ 0x0, ['long']],
-    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '__unnamed_13cb' : [ 0x10, {
-    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
-    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
-    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '__unnamed_13cd' : [ 0x10, {
-    'AsynchronousParameters' : [ 0x0, ['__unnamed_13cb']],
-    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
-} ],
-  '__unnamed_13d6' : [ 0x58, {
-    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
-    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
-    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
-    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
-    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
-    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
-    'PacketType' : [ 0x40, ['unsigned long']],
-    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
-    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
-} ],
-  '__unnamed_13d8' : [ 0x58, {
-    'Overlay' : [ 0x0, ['__unnamed_13d6']],
-    'Apc' : [ 0x0, ['_KAPC']],
-    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '_IRP' : [ 0xd0, {
-    'Type' : [ 0x0, ['short']],
-    'Size' : [ 0x2, ['unsigned short']],
-    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
-    'Reserved' : [ 0x6, ['unsigned short']],
-    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
-    'Flags' : [ 0x10, ['unsigned long']],
-    'AssociatedIrp' : [ 0x18, ['__unnamed_13c5']],
-    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
-    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
-    'RequestorMode' : [ 0x40, ['unsigned char']],
-    'PendingReturned' : [ 0x41, ['unsigned char']],
-    'StackCount' : [ 0x42, ['unsigned char']],
-    'CurrentLocation' : [ 0x43, ['unsigned char']],
-    'Cancel' : [ 0x44, ['unsigned char']],
-    'CancelIrql' : [ 0x45, ['unsigned char']],
-    'ApcEnvironment' : [ 0x46, ['unsigned char']],
-    'AllocationFlags' : [ 0x47, ['unsigned char']],
-    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
-    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
-    'Overlay' : [ 0x58, ['__unnamed_13cd']],
-    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
-    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
-    'Tail' : [ 0x78, ['__unnamed_13d8']],
-} ],
-  '__unnamed_13df' : [ 0x20, {
-    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
-    'Options' : [ 0x8, ['unsigned long']],
-    'FileAttributes' : [ 0x10, ['unsigned short']],
-    'ShareAccess' : [ 0x12, ['unsigned short']],
-    'EaLength' : [ 0x18, ['unsigned long']],
-} ],
-  '__unnamed_13e3' : [ 0x20, {
-    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
-    'Options' : [ 0x8, ['unsigned long']],
-    'Reserved' : [ 0x10, ['unsigned short']],
-    'ShareAccess' : [ 0x12, ['unsigned short']],
-    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
-} ],
-  '__unnamed_13e7' : [ 0x20, {
-    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
-    'Options' : [ 0x8, ['unsigned long']],
-    'Reserved' : [ 0x10, ['unsigned short']],
-    'ShareAccess' : [ 0x12, ['unsigned short']],
-    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
-} ],
-  '__unnamed_13e9' : [ 0x18, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'Key' : [ 0x8, ['unsigned long']],
-    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
-} ],
-  '__unnamed_13ed' : [ 0x20, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
-    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
-    'FileIndex' : [ 0x18, ['unsigned long']],
-} ],
-  '__unnamed_13ef' : [ 0x10, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'CompletionFilter' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_13f1' : [ 0x10, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
-} ],
-  '__unnamed_13f3' : [ 0x20, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
-    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
-    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
-    'AdvanceOnly' : [ 0x19, ['unsigned char']],
-    'ClusterCount' : [ 0x18, ['unsigned long']],
-    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '__unnamed_13f5' : [ 0x20, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'EaList' : [ 0x8, ['pointer64', ['void']]],
-    'EaListLength' : [ 0x10, ['unsigned long']],
-    'EaIndex' : [ 0x18, ['unsigned long']],
-} ],
-  '__unnamed_13f7' : [ 0x4, {
-    'Length' : [ 0x0, ['unsigned long']],
-} ],
-  '__unnamed_13fb' : [ 0x10, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsDataCopyInformation', 13: 'FileFsMetadataSizeInformation', 14: 'FileFsMaximumInformation'})]],
-} ],
-  '__unnamed_13fd' : [ 0x20, {
-    'OutputBufferLength' : [ 0x0, ['unsigned long']],
-    'InputBufferLength' : [ 0x8, ['unsigned long']],
-    'FsControlCode' : [ 0x10, ['unsigned long']],
-    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '__unnamed_13ff' : [ 0x18, {
-    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
-    'Key' : [ 0x8, ['unsigned long']],
-    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
-} ],
-  '__unnamed_1401' : [ 0x20, {
-    'OutputBufferLength' : [ 0x0, ['unsigned long']],
-    'InputBufferLength' : [ 0x8, ['unsigned long']],
-    'IoControlCode' : [ 0x10, ['unsigned long']],
-    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '__unnamed_1403' : [ 0x10, {
-    'SecurityInformation' : [ 0x0, ['unsigned long']],
-    'Length' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_1405' : [ 0x10, {
-    'SecurityInformation' : [ 0x0, ['unsigned long']],
-    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '__unnamed_1409' : [ 0x10, {
-    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
-    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
-} ],
-  '__unnamed_140d' : [ 0x8, {
-    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
-} ],
-  '__unnamed_1411' : [ 0x20, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'StartSid' : [ 0x8, ['pointer64', ['void']]],
-    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
-    'SidListLength' : [ 0x18, ['unsigned long']],
-} ],
-  '__unnamed_1415' : [ 0x4, {
-    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
-} ],
-  '__unnamed_1419' : [ 0x20, {
-    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
-    'Size' : [ 0x8, ['unsigned short']],
-    'Version' : [ 0xa, ['unsigned short']],
-    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
-    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '__unnamed_141d' : [ 0x8, {
-    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
-} ],
-  '__unnamed_1421' : [ 0x8, {
-    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
-} ],
-  '__unnamed_1423' : [ 0x20, {
-    'WhichSpace' : [ 0x0, ['unsigned long']],
-    'Buffer' : [ 0x8, ['pointer64', ['void']]],
-    'Offset' : [ 0x10, ['unsigned long']],
-    'Length' : [ 0x18, ['unsigned long']],
-} ],
-  '__unnamed_1425' : [ 0x1, {
-    'Lock' : [ 0x0, ['unsigned char']],
-} ],
-  '__unnamed_1429' : [ 0x4, {
-    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
-} ],
-  '__unnamed_142d' : [ 0x10, {
-    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
-    'LocaleId' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_1431' : [ 0x10, {
-    'InPath' : [ 0x0, ['unsigned char']],
-    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
-    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
-} ],
-  '__unnamed_1435' : [ 0x4, {
-    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-} ],
-  '__unnamed_1439' : [ 0x8, {
-    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
-} ],
-  '__unnamed_1441' : [ 0x20, {
-    'SystemContext' : [ 0x0, ['unsigned long']],
-    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
-    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
-    'State' : [ 0x10, ['_POWER_STATE']],
-    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
-} ],
-  '__unnamed_1445' : [ 0x10, {
-    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
-    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
-} ],
-  '__unnamed_1447' : [ 0x20, {
-    'ProviderId' : [ 0x0, ['unsigned long long']],
-    'DataPath' : [ 0x8, ['pointer64', ['void']]],
-    'BufferSize' : [ 0x10, ['unsigned long']],
-    'Buffer' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '__unnamed_1449' : [ 0x20, {
-    'Argument1' : [ 0x0, ['pointer64', ['void']]],
-    'Argument2' : [ 0x8, ['pointer64', ['void']]],
-    'Argument3' : [ 0x10, ['pointer64', ['void']]],
-    'Argument4' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '__unnamed_144b' : [ 0x20, {
-    'Create' : [ 0x0, ['__unnamed_13df']],
-    'CreatePipe' : [ 0x0, ['__unnamed_13e3']],
-    'CreateMailslot' : [ 0x0, ['__unnamed_13e7']],
-    'Read' : [ 0x0, ['__unnamed_13e9']],
-    'Write' : [ 0x0, ['__unnamed_13e9']],
-    'QueryDirectory' : [ 0x0, ['__unnamed_13ed']],
-    'NotifyDirectory' : [ 0x0, ['__unnamed_13ef']],
-    'QueryFile' : [ 0x0, ['__unnamed_13f1']],
-    'SetFile' : [ 0x0, ['__unnamed_13f3']],
-    'QueryEa' : [ 0x0, ['__unnamed_13f5']],
-    'SetEa' : [ 0x0, ['__unnamed_13f7']],
-    'QueryVolume' : [ 0x0, ['__unnamed_13fb']],
-    'SetVolume' : [ 0x0, ['__unnamed_13fb']],
-    'FileSystemControl' : [ 0x0, ['__unnamed_13fd']],
-    'LockControl' : [ 0x0, ['__unnamed_13ff']],
-    'DeviceIoControl' : [ 0x0, ['__unnamed_1401']],
-    'QuerySecurity' : [ 0x0, ['__unnamed_1403']],
-    'SetSecurity' : [ 0x0, ['__unnamed_1405']],
-    'MountVolume' : [ 0x0, ['__unnamed_1409']],
-    'VerifyVolume' : [ 0x0, ['__unnamed_1409']],
-    'Scsi' : [ 0x0, ['__unnamed_140d']],
-    'QueryQuota' : [ 0x0, ['__unnamed_1411']],
-    'SetQuota' : [ 0x0, ['__unnamed_13f7']],
-    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1415']],
-    'QueryInterface' : [ 0x0, ['__unnamed_1419']],
-    'DeviceCapabilities' : [ 0x0, ['__unnamed_141d']],
-    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1421']],
-    'ReadWriteConfig' : [ 0x0, ['__unnamed_1423']],
-    'SetLock' : [ 0x0, ['__unnamed_1425']],
-    'QueryId' : [ 0x0, ['__unnamed_1429']],
-    'QueryDeviceText' : [ 0x0, ['__unnamed_142d']],
-    'UsageNotification' : [ 0x0, ['__unnamed_1431']],
-    'WaitWake' : [ 0x0, ['__unnamed_1435']],
-    'PowerSequence' : [ 0x0, ['__unnamed_1439']],
-    'Power' : [ 0x0, ['__unnamed_1441']],
-    'StartDevice' : [ 0x0, ['__unnamed_1445']],
-    'WMI' : [ 0x0, ['__unnamed_1447']],
-    'Others' : [ 0x0, ['__unnamed_1449']],
-} ],
-  '_IO_STACK_LOCATION' : [ 0x48, {
-    'MajorFunction' : [ 0x0, ['unsigned char']],
-    'MinorFunction' : [ 0x1, ['unsigned char']],
-    'Flags' : [ 0x2, ['unsigned char']],
-    'Control' : [ 0x3, ['unsigned char']],
-    'Parameters' : [ 0x8, ['__unnamed_144b']],
-    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
-    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
-    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
-    'Context' : [ 0x40, ['pointer64', ['void']]],
-} ],
-  '__unnamed_1461' : [ 0x48, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
-} ],
-  '_DEVICE_OBJECT' : [ 0x150, {
-    'Type' : [ 0x0, ['short']],
-    'Size' : [ 0x2, ['unsigned short']],
-    'ReferenceCount' : [ 0x4, ['long']],
-    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
-    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
-    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
-    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
-    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
-    'Flags' : [ 0x30, ['unsigned long']],
-    'Characteristics' : [ 0x34, ['unsigned long']],
-    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
-    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
-    'DeviceType' : [ 0x48, ['unsigned long']],
-    'StackSize' : [ 0x4c, ['unsigned char']],
-    'Queue' : [ 0x50, ['__unnamed_1461']],
-    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
-    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
-    'Dpc' : [ 0xc8, ['_KDPC']],
-    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
-    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
-    'DeviceLock' : [ 0x118, ['_KEVENT']],
-    'SectorSize' : [ 0x130, ['unsigned short']],
-    'Spare1' : [ 0x132, ['unsigned short']],
-    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
-    'Reserved' : [ 0x140, ['pointer64', ['void']]],
-} ],
-  '_KDPC' : [ 0x40, {
-    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
-    'Type' : [ 0x0, ['unsigned char']],
-    'Importance' : [ 0x1, ['unsigned char']],
-    'Number' : [ 0x2, ['unsigned short']],
-    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
-    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
-    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
-    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
-    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
-    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
-    'DpcData' : [ 0x38, ['pointer64', ['void']]],
-} ],
-  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x28, {
-    'Size' : [ 0x0, ['short']],
-    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
-    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
-    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
-    'SiloContext' : [ 0x20, ['pointer64', ['_EJOB']]],
-} ],
-  '_EJOB' : [ 0x528, {
-    'Event' : [ 0x0, ['_KEVENT']],
-    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
-    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
-    'JobLock' : [ 0x38, ['_ERESOURCE']],
-    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
-    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
-    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
-    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
-    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
-    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
-    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
-    'TotalProcesses' : [ 0xd4, ['unsigned long']],
-    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
-    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
-    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
-    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
-    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
-    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
-    'LimitFlags' : [ 0x100, ['unsigned long']],
-    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
-    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
-    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
-    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
-    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
-    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
-    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
-    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
-    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
-    'SessionId' : [ 0x1e0, ['unsigned long']],
-    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
-    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
-    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
-    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
-    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
-    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
-    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
-    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
-    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
-    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
-    'JobTotalMemoryLimit' : [ 0x250, ['unsigned long long']],
-    'PeakProcessMemoryUsed' : [ 0x258, ['unsigned long long']],
-    'PeakJobMemoryUsed' : [ 0x260, ['unsigned long long']],
-    'EffectiveAffinity' : [ 0x268, ['_KAFFINITY_EX']],
-    'EffectivePerProcessUserTimeLimit' : [ 0x310, ['_LARGE_INTEGER']],
-    'EffectiveMinimumWorkingSetSize' : [ 0x318, ['unsigned long long']],
-    'EffectiveMaximumWorkingSetSize' : [ 0x320, ['unsigned long long']],
-    'EffectiveProcessMemoryLimit' : [ 0x328, ['unsigned long long']],
-    'EffectiveProcessMemoryLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
-    'EffectivePerProcessUserTimeLimitJob' : [ 0x338, ['pointer64', ['_EJOB']]],
-    'EffectiveDiskIoRateLimitJob' : [ 0x340, ['pointer64', ['_EJOB']]],
-    'EffectiveNetIoRateLimitJob' : [ 0x348, ['pointer64', ['_EJOB']]],
-    'EffectiveHeapAttributionJob' : [ 0x350, ['pointer64', ['_EJOB']]],
-    'EffectiveLimitFlags' : [ 0x358, ['unsigned long']],
-    'EffectiveSchedulingClass' : [ 0x35c, ['unsigned long']],
-    'EffectiveFreezeCount' : [ 0x360, ['unsigned long']],
-    'EffectiveBackgroundCount' : [ 0x364, ['unsigned long']],
-    'EffectiveSwapCount' : [ 0x368, ['unsigned long']],
-    'EffectiveNotificationLimitCount' : [ 0x36c, ['unsigned long']],
-    'EffectivePriorityClass' : [ 0x370, ['unsigned char']],
-    'PriorityClass' : [ 0x371, ['unsigned char']],
-    'NestingDepth' : [ 0x372, ['unsigned char']],
-    'Reserved1' : [ 0x373, ['array', 1, ['unsigned char']]],
-    'CompletionFilter' : [ 0x374, ['unsigned long']],
-    'WakeChannel' : [ 0x378, ['_WNF_STATE_NAME']],
-    'WakeInfo' : [ 0x378, ['_PS_WAKE_INFORMATION']],
-    'WakeFilter' : [ 0x3b0, ['_JOBOBJECT_WAKE_FILTER']],
-    'LowEdgeLatchFilter' : [ 0x3b8, ['unsigned long']],
-    'OwnedHighEdgeFilters' : [ 0x3bc, ['unsigned long']],
-    'NotificationLink' : [ 0x3c0, ['pointer64', ['_EJOB']]],
-    'CurrentJobMemoryUsed' : [ 0x3c8, ['unsigned long long']],
-    'NotificationInfo' : [ 0x3d0, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
-    'NotificationInfoQuotaReference' : [ 0x3d8, ['pointer64', ['void']]],
-    'NotificationPacket' : [ 0x3e0, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
-    'CpuRateControl' : [ 0x3e8, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
-    'EffectiveSchedulingGroup' : [ 0x3f0, ['pointer64', ['void']]],
-    'ReadyTime' : [ 0x3f8, ['unsigned long long']],
-    'MemoryLimitsLock' : [ 0x400, ['_EX_PUSH_LOCK']],
-    'SiblingJobLinks' : [ 0x408, ['_LIST_ENTRY']],
-    'ChildJobListHead' : [ 0x418, ['_LIST_ENTRY']],
-    'ParentJob' : [ 0x428, ['pointer64', ['_EJOB']]],
-    'RootJob' : [ 0x430, ['pointer64', ['_EJOB']]],
-    'IteratorListHead' : [ 0x438, ['_LIST_ENTRY']],
-    'AncestorCount' : [ 0x448, ['unsigned long long']],
-    'Ancestors' : [ 0x450, ['pointer64', ['pointer64', ['_EJOB']]]],
-    'SessionObject' : [ 0x450, ['pointer64', ['void']]],
-    'Accounting' : [ 0x458, ['_EPROCESS_VALUES']],
-    'ShadowActiveProcessCount' : [ 0x4a8, ['unsigned long']],
-    'ActiveAuxiliaryProcessCount' : [ 0x4ac, ['unsigned long']],
-    'SequenceNumber' : [ 0x4b0, ['unsigned long']],
-    'TimerListLock' : [ 0x4b8, ['unsigned long long']],
-    'TimerListHead' : [ 0x4c0, ['_LIST_ENTRY']],
-    'ContainerId' : [ 0x4d0, ['_GUID']],
-    'Container' : [ 0x4e0, ['pointer64', ['_SILO_CONTEXT']]],
-    'PropertySet' : [ 0x4e8, ['_PS_PROPERTY_SET']],
-    'NetRateControl' : [ 0x500, ['pointer64', ['_JOB_NET_RATE_CONTROL']]],
-    'IoRateControl' : [ 0x508, ['pointer64', ['_JOB_IO_RATE_CONTROL']]],
-    'JobFlags' : [ 0x510, ['unsigned long']],
-    'CloseDone' : [ 0x510, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'MultiGroup' : [ 0x510, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'OutstandingNotification' : [ 0x510, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'NotificationInProgress' : [ 0x510, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'UILimits' : [ 0x510, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'CpuRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'OwnCpuRateControl' : [ 0x510, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'Terminating' : [ 0x510, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'WorkingSetLock' : [ 0x510, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'JobFrozen' : [ 0x510, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'Background' : [ 0x510, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'WakeNotificationAllocated' : [ 0x510, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'WakeNotificationEnabled' : [ 0x510, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'WakeNotificationPending' : [ 0x510, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'LimitNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'ZeroCountNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'CycleTimeNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'CycleTimeNotificationPending' : [ 0x510, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'TimersVirtualized' : [ 0x510, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'JobSwapped' : [ 0x510, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
-    'ViolationDetected' : [ 0x510, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
-    'EmptyJobNotified' : [ 0x510, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
-    'NoSystemCharge' : [ 0x510, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
-    'DropNoWakeCharges' : [ 0x510, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
-    'NoWakeChargePolicyDecided' : [ 0x510, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
-    'NetRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
-    'OwnNetRateControl' : [ 0x510, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
-    'IoRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
-    'OwnIoRateControl' : [ 0x510, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
-    'DisallowNewProcesses' : [ 0x510, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
-    'SpareJobFlags' : [ 0x510, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
-    'EffectiveHighEdgeFilters' : [ 0x514, ['unsigned long']],
-    'EnergyValues' : [ 0x518, ['pointer64', ['_PROCESS_ENERGY_VALUES']]],
-    'SharedCommitCharge' : [ 0x520, ['unsigned long long']],
-} ],
-  '_IO_PRIORITY_INFO' : [ 0x10, {
-    'Size' : [ 0x0, ['unsigned long']],
-    'ThreadPriority' : [ 0x4, ['unsigned long']],
-    'PagePriority' : [ 0x8, ['unsigned long']],
-    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
-} ],
-  '_MDL' : [ 0x30, {
-    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
-    'Size' : [ 0x8, ['short']],
-    'MdlFlags' : [ 0xa, ['short']],
-    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
-    'Reserved' : [ 0xe, ['unsigned short']],
-    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
-    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
-    'StartVa' : [ 0x20, ['pointer64', ['void']]],
-    'ByteCount' : [ 0x28, ['unsigned long']],
-    'ByteOffset' : [ 0x2c, ['unsigned long']],
-} ],
-  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
-    'Ptr' : [ 0x0, ['unsigned long long']],
-    'Size' : [ 0x8, ['unsigned long']],
-    'Reserved' : [ 0xc, ['unsigned long']],
-    'Type' : [ 0xc, ['unsigned char']],
-    'Reserved1' : [ 0xd, ['unsigned char']],
-    'Reserved2' : [ 0xe, ['unsigned short']],
-} ],
-  '_EVENT_DESCRIPTOR' : [ 0x10, {
-    'Id' : [ 0x0, ['unsigned short']],
-    'Version' : [ 0x2, ['unsigned char']],
-    'Channel' : [ 0x3, ['unsigned char']],
-    'Level' : [ 0x4, ['unsigned char']],
-    'Opcode' : [ 0x5, ['unsigned char']],
-    'Task' : [ 0x6, ['unsigned short']],
-    'Keyword' : [ 0x8, ['unsigned long long']],
-} ],
-  '_EVENT_RECORD' : [ 0x70, {
-    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
-    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
-    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
-    'UserDataLength' : [ 0x56, ['unsigned short']],
-    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
-    'UserData' : [ 0x60, ['pointer64', ['void']]],
-    'UserContext' : [ 0x68, ['pointer64', ['void']]],
-} ],
-  '_PERFINFO_GROUPMASK' : [ 0x20, {
-    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
-} ],
-  '_FILE_OBJECT' : [ 0xd8, {
-    'Type' : [ 0x0, ['short']],
-    'Size' : [ 0x2, ['short']],
-    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
-    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
-    'FsContext' : [ 0x18, ['pointer64', ['void']]],
-    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
-    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
-    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
-    'FinalStatus' : [ 0x38, ['long']],
-    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
-    'LockOperation' : [ 0x48, ['unsigned char']],
-    'DeletePending' : [ 0x49, ['unsigned char']],
-    'ReadAccess' : [ 0x4a, ['unsigned char']],
-    'WriteAccess' : [ 0x4b, ['unsigned char']],
-    'DeleteAccess' : [ 0x4c, ['unsigned char']],
-    'SharedRead' : [ 0x4d, ['unsigned char']],
-    'SharedWrite' : [ 0x4e, ['unsigned char']],
-    'SharedDelete' : [ 0x4f, ['unsigned char']],
-    'Flags' : [ 0x50, ['unsigned long']],
-    'FileName' : [ 0x58, ['_UNICODE_STRING']],
-    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
-    'Waiters' : [ 0x70, ['unsigned long']],
-    'Busy' : [ 0x74, ['unsigned long']],
-    'LastLock' : [ 0x78, ['pointer64', ['void']]],
-    'Lock' : [ 0x80, ['_KEVENT']],
-    'Event' : [ 0x98, ['_KEVENT']],
-    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
-    'IrpListLock' : [ 0xb8, ['unsigned long long']],
-    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
-    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
-} ],
-  '_EX_RUNDOWN_REF' : [ 0x8, {
-    'Count' : [ 0x0, ['unsigned long long']],
-    'Ptr' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
-    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
-    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
-    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
-    'CreateTime' : [ 0x10, ['unsigned long long']],
-    'EmptyTime' : [ 0x18, ['unsigned long long']],
-    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
-    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
-    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
-    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
-    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
-    'SessionId' : [ 0x40, ['unsigned long']],
-    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
-    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
-} ],
-  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'Version' : [ 0x4, ['unsigned long']],
-    'Length' : [ 0x8, ['unsigned long']],
-    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
-    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
-    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
-    'ErrorSourceId' : [ 0x18, ['unsigned long']],
-    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
-    'NotifyType' : [ 0x20, ['_GUID']],
-    'Context' : [ 0x30, ['unsigned long long']],
-    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
-    'Reserved1' : [ 0x3c, ['unsigned long']],
-    'DataOffset' : [ 0x40, ['unsigned long']],
-    'DataLength' : [ 0x44, ['unsigned long']],
-    'PshedDataOffset' : [ 0x48, ['unsigned long']],
-    'PshedDataLength' : [ 0x4c, ['unsigned long']],
-} ],
-  '_WHEA_ERROR_RECORD' : [ 0xc8, {
-    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
-    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
-} ],
-  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
-    'SectionOffset' : [ 0x0, ['unsigned long']],
-    'SectionLength' : [ 0x4, ['unsigned long']],
-    'Revision' : [ 0x8, ['_WHEA_REVISION']],
-    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
-    'Reserved' : [ 0xb, ['unsigned char']],
-    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
-    'SectionType' : [ 0x10, ['_GUID']],
-    'FRUId' : [ 0x20, ['_GUID']],
-    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
-    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
-} ],
-  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
-    'NodeTypeCode' : [ 0x0, ['short']],
-    'NodeByteSize' : [ 0x2, ['short']],
-    'Flags' : [ 0x4, ['unsigned char']],
-    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
-    'Flags2' : [ 0x6, ['unsigned char']],
-    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
-    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
-    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
-    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
-    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
-    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
-    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
-    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
-    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
-    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
-    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
-    'Oplock' : [ 0x58, ['pointer64', ['void']]],
-    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
-    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
-} ],
-  '_iobuf' : [ 0x30, {
-    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
-    '_cnt' : [ 0x8, ['long']],
-    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
-    '_flag' : [ 0x18, ['long']],
-    '_file' : [ 0x1c, ['long']],
-    '_charbuf' : [ 0x20, ['long']],
-    '_bufsiz' : [ 0x24, ['long']],
-    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
-} ],
-  '_TlgProvider_t' : [ 0x40, {
-    'LevelPlus1' : [ 0x0, ['unsigned long']],
-    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
-    'KeywordAny' : [ 0x10, ['unsigned long long']],
-    'KeywordAll' : [ 0x18, ['unsigned long long']],
-    'RegHandle' : [ 0x20, ['unsigned long long']],
-    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
-    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
-    'AnnotationFunc' : [ 0x38, ['pointer64', ['void']]],
-} ],
-  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
-    'Ptr' : [ 0x0, ['unsigned long long']],
-    'Size' : [ 0x8, ['unsigned long']],
-    'Type' : [ 0xc, ['unsigned long']],
-} ],
-  '_TlgProviderMetadata_t' : [ 0x13, {
-    'Type' : [ 0x0, ['unsigned char']],
-    'ProviderId' : [ 0x1, ['_GUID']],
-    'RemainingSize' : [ 0x11, ['unsigned short']],
-} ],
-  '_SID' : [ 0xc, {
-    'Revision' : [ 0x0, ['unsigned char']],
-    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
-    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
-    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
-} ],
-  '__unnamed_164b' : [ 0x8, {
-    'Long' : [ 0x0, ['unsigned long long']],
-    'VolatileLong' : [ 0x0, ['unsigned long long']],
-    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
-    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
-    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
-    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
-    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
-    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
-    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
-    'List' : [ 0x0, ['_MMPTE_LIST']],
-} ],
-  '_MMPTE' : [ 0x8, {
-    'u' : [ 0x0, ['__unnamed_164b']],
-} ],
-  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0x10, {
-    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
-    'State' : [ 0x8, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
-    'Stats' : [ 0xc, ['unsigned long']],
-} ],
-  '_ERESOURCE' : [ 0x68, {
-    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
-    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
-    'ActiveCount' : [ 0x18, ['short']],
-    'Flag' : [ 0x1a, ['unsigned short']],
-    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
-    'WaiterPriority' : [ 0x1b, ['unsigned char']],
-    'SharedWaiters' : [ 0x20, ['_KWAIT_CHAIN']],
-    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['_KEVENT']]],
-    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
-    'ActiveEntries' : [ 0x40, ['unsigned long']],
-    'ContentionCount' : [ 0x44, ['unsigned long']],
-    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
-    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
-    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
-    'Address' : [ 0x58, ['pointer64', ['void']]],
-    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
-    'SpinLock' : [ 0x60, ['unsigned long long']],
-} ],
-  '_MI_CACHED_PTE' : [ 0x8, {
-    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
-    'PteIndex' : [ 0x4, ['unsigned long']],
-    'Long' : [ 0x0, ['long long']],
-} ],
-  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
-    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
-    'OldIrql' : [ 0x10, ['unsigned char']],
-} ],
-  '_MMPFNLIST' : [ 0x28, {
-    'Total' : [ 0x0, ['unsigned long long']],
-    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
-    'Flink' : [ 0x10, ['unsigned long long']],
-    'Blink' : [ 0x18, ['unsigned long long']],
-    'Lock' : [ 0x20, ['unsigned long long']],
-} ],
-  '__unnamed_1683' : [ 0x8, {
-    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
-    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
-    'WsIndex' : [ 0x0, ['unsigned long long']],
-    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
-    'Next' : [ 0x0, ['pointer64', ['void']]],
-    'VolatileNext' : [ 0x0, ['pointer64', ['void']]],
-    'KernelStackOwner' : [ 0x0, ['pointer64', ['_KTHREAD']]],
-    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-} ],
-  '__unnamed_1687' : [ 0x4, {
-    'ReferenceCount' : [ 0x0, ['unsigned short']],
-    'ShortFlags' : [ 0x2, ['unsigned short']],
-    'VolatileShortFlags' : [ 0x2, ['unsigned short']],
-} ],
-  '__unnamed_1689' : [ 0x4, {
-    'ReferenceCount' : [ 0x0, ['unsigned short']],
-    'e1' : [ 0x2, ['_MMPFNENTRY']],
-    'e2' : [ 0x0, ['__unnamed_1687']],
-} ],
-  '__unnamed_1695' : [ 0x8, {
-    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
-    'Channel' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
-    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
-    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
-    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 50, native_type='unsigned long long')]],
-    'Spare' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 52, native_type='unsigned long long')]],
-    'FileOnly' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
-    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
-    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 57, native_type='unsigned long long')]],
-    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
-    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
-    'EntireField' : [ 0x0, ['unsigned long long']],
-} ],
-  '_MMPFN' : [ 0x30, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
-    'u1' : [ 0x0, ['__unnamed_1683']],
-    'PteAddress' : [ 0x8, ['pointer64', ['_MMPTE']]],
-    'VolatilePteAddress' : [ 0x8, ['pointer64', ['void']]],
-    'PteLong' : [ 0x8, ['unsigned long long']],
-    'OriginalPte' : [ 0x10, ['_MMPTE']],
-    'u2' : [ 0x18, ['_MIPFNBLINK']],
-    'u3' : [ 0x20, ['__unnamed_1689']],
-    'NodeBlinkLow' : [ 0x24, ['unsigned short']],
-    'Unused' : [ 0x26, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
-    'VaType' : [ 0x26, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
-    'ViewCount' : [ 0x27, ['unsigned char']],
-    'NodeFlinkLow' : [ 0x27, ['unsigned char']],
-    'u4' : [ 0x28, ['__unnamed_1695']],
-} ],
-  '_MI_SYSTEM_PTE_TYPE' : [ 0x60, {
-    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
-    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
-    'Flags' : [ 0x18, ['unsigned long']],
-    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'MiVaUnused', 1: 'MiVaSessionSpace', 2: 'MiVaProcessSpace', 3: 'MiVaBootLoaded', 4: 'MiVaPfnDatabase', 5: 'MiVaNonPagedPool', 6: 'MiVaPagedPool', 7: 'MiVaSpecialPoolPaged', 8: 'MiVaSystemCache', 9: 'MiVaSystemPtes', 10: 'MiVaHal', 11: 'MiVaSessionGlobalSpace', 12: 'MiVaDriverImages', 13: 'MiVaSpecialPoolNonPaged', 14: 'MiVaMaximumType', 15: 'MiVaSystemPtesLarge'})]],
-    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
-    'PteFailures' : [ 0x28, ['unsigned long']],
-    'SpinLock' : [ 0x30, ['unsigned long long']],
-    'GlobalPushLock' : [ 0x30, ['pointer64', ['_EX_PUSH_LOCK']]],
-    'Vm' : [ 0x38, ['pointer64', ['_MMSUPPORT']]],
-    'TotalSystemPtes' : [ 0x40, ['unsigned long long']],
-    'Hint' : [ 0x48, ['unsigned long long']],
-    'CachedPtes' : [ 0x50, ['pointer64', ['_MI_CACHED_PTES']]],
-    'TotalFreeSystemPtes' : [ 0x58, ['unsigned long long']],
-} ],
-  '_MMCLONE_DESCRIPTOR' : [ 0x50, {
-    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
-    'Next' : [ 0x0, ['pointer64', ['_MMCLONE_DESCRIPTOR']]],
-    'StartingCloneBlock' : [ 0x18, ['pointer64', ['_MMCLONE_BLOCK']]],
-    'EndingCloneBlock' : [ 0x20, ['pointer64', ['_MMCLONE_BLOCK']]],
-    'NumberOfPtes' : [ 0x28, ['unsigned long long']],
-    'NumberOfReferences' : [ 0x30, ['unsigned long long']],
-    'CloneHeader' : [ 0x38, ['pointer64', ['_MMCLONE_HEADER']]],
-    'NonPagedPoolQuotaCharge' : [ 0x40, ['unsigned long long']],
-    'NestingLevel' : [ 0x48, ['unsigned long long']],
-} ],
-  '__unnamed_16c7' : [ 0x8, {
-    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
-    'Long' : [ 0x0, ['unsigned long long']],
-    'e1' : [ 0x0, ['_MMWSLENTRY']],
-    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
-} ],
-  '_MMWSLE' : [ 0x8, {
-    'u1' : [ 0x0, ['__unnamed_16c7']],
-} ],
-  '_MMWSL' : [ 0x350, {
-    'FirstFree' : [ 0x0, ['unsigned long long']],
-    'FirstDynamic' : [ 0x8, ['unsigned long long']],
-    'LastEntry' : [ 0x10, ['unsigned long long']],
-    'NextSlot' : [ 0x18, ['unsigned long long']],
-    'LastInitializedWsle' : [ 0x20, ['unsigned long long']],
-    'NextAgingSlot' : [ 0x28, ['unsigned long long']],
-    'NextAccessClearingSlot' : [ 0x30, ['unsigned long long']],
-    'LastAccessClearingRemainder' : [ 0x38, ['unsigned long']],
-    'LastAgingRemainder' : [ 0x3c, ['unsigned long']],
-    'WsleSize' : [ 0x40, ['unsigned long']],
-    'NonDirectCount' : [ 0x48, ['unsigned long long']],
-    'LowestPagableAddress' : [ 0x50, ['pointer64', ['void']]],
-    'NonDirectHash' : [ 0x58, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
-    'HashTableStart' : [ 0x60, ['pointer64', ['_MMWSLE_HASH']]],
-    'HighestPermittedHashAddress' : [ 0x68, ['pointer64', ['_MMWSLE_HASH']]],
-    'ActiveWsleCounts' : [ 0x70, ['array', 16, ['unsigned long long']]],
-    'ActiveWsles' : [ 0xf0, ['array', 16, ['_MI_ACTIVE_WSLE_LISTHEAD']]],
-    'Wsle' : [ 0x1f0, ['pointer64', ['_MMWSLE']]],
-    'UserVaInfo' : [ 0x1f8, ['_MI_USER_VA_INFO']],
-} ],
-  '_MMSUPPORT' : [ 0xf8, {
-    'WorkingSetLock' : [ 0x0, ['long']],
-    'ExitOutswapGate' : [ 0x8, ['pointer64', ['_KGATE']]],
-    'AccessLog' : [ 0x10, ['pointer64', ['void']]],
-    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
-    'AgeDistribution' : [ 0x28, ['array', 7, ['unsigned long long']]],
-    'MinimumWorkingSetSize' : [ 0x60, ['unsigned long long']],
-    'WorkingSetLeafSize' : [ 0x68, ['unsigned long long']],
-    'WorkingSetLeafPrivateSize' : [ 0x70, ['unsigned long long']],
-    'WorkingSetSize' : [ 0x78, ['unsigned long long']],
-    'WorkingSetPrivateSize' : [ 0x80, ['unsigned long long']],
-    'MaximumWorkingSetSize' : [ 0x88, ['unsigned long long']],
-    'ChargedWslePages' : [ 0x90, ['unsigned long long']],
-    'ActualWslePages' : [ 0x98, ['unsigned long long']],
-    'WorkingSetSizeOverhead' : [ 0xa0, ['unsigned long long']],
-    'PeakWorkingSetSize' : [ 0xa8, ['unsigned long long']],
-    'HardFaultCount' : [ 0xb0, ['unsigned long']],
-    'PartitionId' : [ 0xb4, ['unsigned short']],
-    'Pad0' : [ 0xb6, ['unsigned short']],
-    'VmWorkingSetList' : [ 0xb8, ['pointer64', ['_MMWSL']]],
-    'NextPageColor' : [ 0xc0, ['unsigned short']],
-    'LastTrimStamp' : [ 0xc2, ['unsigned short']],
-    'PageFaultCount' : [ 0xc4, ['unsigned long']],
-    'TrimmedPageCount' : [ 0xc8, ['unsigned long long']],
-    'Reserved0' : [ 0xd0, ['unsigned long long']],
-    'Flags' : [ 0xd8, ['_MMSUPPORT_FLAGS']],
-    'ReleasedCommitDebt' : [ 0xe0, ['unsigned long long']],
-    'WsSwapSupport' : [ 0xe8, ['pointer64', ['void']]],
-    'CommitReAcquireFailSupport' : [ 0xf0, ['pointer64', ['void']]],
-} ],
-  '__unnamed_16e3' : [ 0x8, {
-    'ImageCommitment' : [ 0x0, ['unsigned long long']],
-    'CreatingProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
-} ],
-  '__unnamed_16e7' : [ 0x8, {
-    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
-    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '_SEGMENT' : [ 0x48, {
-    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
-    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
-    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
-    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
-    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
-    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
-    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
-    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
-    'u1' : [ 0x30, ['__unnamed_16e3']],
-    'u2' : [ 0x38, ['__unnamed_16e7']],
-    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
-} ],
-  '__unnamed_16ec' : [ 0x4, {
-    'LongFlags' : [ 0x0, ['unsigned long']],
-    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
-} ],
-  '__unnamed_16ef' : [ 0x4, {
-    'LongFlags' : [ 0x0, ['unsigned long']],
-    'Flags' : [ 0x0, ['_MMSECTION_FLAGS2']],
-} ],
-  '__unnamed_16f9' : [ 0x10, {
-    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
-    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
-    'WritableUserReferences' : [ 0x4, ['long']],
-    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
-    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 25, native_type='unsigned long')]],
-    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
-    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
-    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
-    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
-    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
-    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
-    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
-} ],
-  '__unnamed_16fb' : [ 0x10, {
-    'e2' : [ 0x0, ['__unnamed_16f9']],
-} ],
-  '_CONTROL_AREA' : [ 0x78, {
-    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
-    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
-    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
-    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
-    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
-    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
-    'u' : [ 0x38, ['__unnamed_16ec']],
-    'u1' : [ 0x3c, ['__unnamed_16ef']],
-    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
-    'ControlAreaLock' : [ 0x48, ['long']],
-    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
-    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
-    'u2' : [ 0x58, ['__unnamed_16fb']],
-    'LockedPages' : [ 0x68, ['unsigned long long']],
-    'FileObjectLock' : [ 0x70, ['_EX_PUSH_LOCK']],
-} ],
-  '__unnamed_1709' : [ 0x4, {
-    'LongFlags' : [ 0x0, ['unsigned long']],
-    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
-} ],
-  '__unnamed_170c' : [ 0x4, {
-    'LongFlags1' : [ 0x0, ['unsigned long']],
-    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
-} ],
-  '_MMVAD_SHORT' : [ 0x40, {
-    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
-    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
-    'StartingVpn' : [ 0x18, ['unsigned long']],
-    'EndingVpn' : [ 0x1c, ['unsigned long']],
-    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
-    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
-    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
-    'SpareNT64VadUChar' : [ 0x23, ['unsigned char']],
-    'ReferenceCount' : [ 0x24, ['long']],
-    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
-    'u' : [ 0x30, ['__unnamed_1709']],
-    'u1' : [ 0x34, ['__unnamed_170c']],
-    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
-} ],
-  '_MI_PARTITION' : [ 0x2740, {
-    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
-    'Modwriter' : [ 0x158, ['_MI_PARTITION_MODWRITES']],
-    'Store' : [ 0x430, ['_MI_PARTITION_STORES']],
-    'Segments' : [ 0x4c0, ['_MI_PARTITION_SEGMENTS']],
-    'PageLists' : [ 0x640, ['_MI_PARTITION_PAGE_LISTS']],
-    'Commit' : [ 0x1380, ['_MI_PARTITION_COMMIT']],
-    'Zeroing' : [ 0x1400, ['_MI_PARTITION_ZEROING']],
-    'PageCombine' : [ 0x1468, ['_MI_PAGE_COMBINING_SUPPORT']],
-    'WorkingSetControl' : [ 0x15f0, ['pointer64', ['void']]],
-    'WorkingSetExpansionHead' : [ 0x15f8, ['_MMWORKING_SET_EXPANSION_HEAD']],
-    'Vp' : [ 0x1640, ['_MI_VISIBLE_PARTITION']],
-} ],
-  '_MM_STORE_KEY' : [ 0x8, {
-    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
-    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
-    'EntireKey' : [ 0x0, ['unsigned long long']],
-} ],
-  '_MMPAGING_FILE' : [ 0x120, {
-    'Size' : [ 0x0, ['unsigned long long']],
-    'MaximumSize' : [ 0x8, ['unsigned long long']],
-    'MinimumSize' : [ 0x10, ['unsigned long long']],
-    'FreeSpace' : [ 0x18, ['unsigned long long']],
-    'PeakUsage' : [ 0x20, ['unsigned long long']],
-    'HighestPage' : [ 0x28, ['unsigned long long']],
-    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
-    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
-    'Entry' : [ 0x40, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
-    'PfnsToFree' : [ 0x50, ['_SLIST_HEADER']],
-    'PageFileName' : [ 0x60, ['_UNICODE_STRING']],
-    'Bitmaps' : [ 0x70, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
-    'AllocationBitmapHint' : [ 0x78, ['unsigned long']],
-    'LargestAllocationCluster' : [ 0x7c, ['unsigned long']],
-    'RefreshAllocationCluster' : [ 0x80, ['unsigned long']],
-    'LastRefreshAllocationCluster' : [ 0x84, ['unsigned long']],
-    'ReservedClusterSizeAggregate' : [ 0x88, ['unsigned long']],
-    'MaximumRunLengthInBitmaps' : [ 0x8c, ['unsigned long']],
-    'BitmapsCacheLengthTree' : [ 0x90, ['_RTL_RB_TREE']],
-    'BitmapsCacheLocationTree' : [ 0xa0, ['_RTL_RB_TREE']],
-    'BitmapsCacheFreeList' : [ 0xb0, ['_LIST_ENTRY']],
-    'BitmapsCacheEntries' : [ 0xc0, ['pointer64', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
-    'ToBeEvictedCount' : [ 0xc8, ['unsigned long']],
-    'HybridPriority' : [ 0xc8, ['unsigned long']],
-    'PageFileNumber' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
-    'WsSwapPagefile' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
-    'NoReservations' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
-    'VirtualStorePagefile' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
-    'SwapSupported' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
-    'NodeInserted' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
-    'StackNotified' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
-    'Spare0' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 15, native_type='unsigned short')]],
-    'AdriftMdls' : [ 0xce, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'Spare1' : [ 0xce, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
-    'IgnoreReservations' : [ 0xcf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'Spare2' : [ 0xcf, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
-    'PageHashPages' : [ 0xd0, ['unsigned long']],
-    'PageHashPagesPeak' : [ 0xd4, ['unsigned long']],
-    'PageHash' : [ 0xd8, ['pointer64', ['unsigned long']]],
-    'FileHandle' : [ 0xe0, ['pointer64', ['void']]],
-    'Lock' : [ 0xe8, ['unsigned long long']],
-    'LockOwner' : [ 0xf0, ['pointer64', ['_ETHREAD']]],
-    'FlowThroughReadRoot' : [ 0xf8, ['_RTL_AVL_TREE']],
-    'Partition' : [ 0x100, ['pointer64', ['_MI_PARTITION']]],
-    'FileObjectNode' : [ 0x108, ['_RTL_BALANCED_NODE']],
-} ],
-  'tagSWITCH_CONTEXT' : [ 0x68, {
-    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
-    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
-} ],
-  '_CMP_SILO_CONTEXT' : [ 0x20, {
-    'LockEntryHead' : [ 0x0, ['_LIST_ENTRY']],
-    'LockListUnderCleanup' : [ 0x10, ['unsigned char']],
-    'ContextLock' : [ 0x18, ['_EX_PUSH_LOCK']],
-} ],
-  '__unnamed_1756' : [ 0xc, {
-    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapForLoaderHive', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpMapHiveImage', 8: '_HvpRecoverData', 9: '_CmpValidateHiveSecurityDescriptors', 10: '_HvpEnlistBinInMap', 11: '_CmCheckRegistry', 12: '_CmRegistryIO', 13: '_CmCheckRegistry2', 14: '_CmpCheckKey', 15: '_CmpCheckValueList', 16: '_HvCheckHive', 17: '_HvCheckBin', 18: '_HvpGetLogEntryDirtyVector', 19: '_HvpReadLogEntryHeader', 20: '_HvpReadLogEntry', 21: '_CmpMountPreloadedHives', 22: '_CmpLoadHiveThread'})]],
-    'Status' : [ 0x4, ['long']],
-    'Point' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_1759' : [ 0x18, {
-    'Action' : [ 0x0, ['unsigned long']],
-    'Handle' : [ 0x8, ['pointer64', ['void']]],
-    'Status' : [ 0x10, ['long']],
-} ],
-  '__unnamed_175b' : [ 0x8, {
-    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '__unnamed_175f' : [ 0x20, {
-    'Cell' : [ 0x0, ['unsigned long']],
-    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
-    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
-    'Index' : [ 0x18, ['unsigned long']],
-} ],
-  '__unnamed_1761' : [ 0x18, {
-    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
-    'Index' : [ 0x8, ['unsigned long']],
-    'Cell' : [ 0xc, ['unsigned long']],
-    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
-} ],
-  '__unnamed_1765' : [ 0x10, {
-    'Space' : [ 0x0, ['unsigned long']],
-    'MapPoint' : [ 0x4, ['unsigned long']],
-    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
-} ],
-  '__unnamed_1769' : [ 0x10, {
-    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
-    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
-} ],
-  '__unnamed_176b' : [ 0x4, {
-    'FileOffset' : [ 0x0, ['unsigned long']],
-} ],
-  '_HIVE_LOAD_FAILURE' : [ 0x160, {
-    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
-    'Index' : [ 0x8, ['unsigned long']],
-    'RecoverableIndex' : [ 0xc, ['unsigned long']],
-    'Locations' : [ 0x10, ['array', 8, ['__unnamed_1756']]],
-    'RecoverableLocations' : [ 0x70, ['array', 8, ['__unnamed_1756']]],
-    'RegistryIO' : [ 0xd0, ['__unnamed_1759']],
-    'CheckRegistry2' : [ 0xe8, ['__unnamed_175b']],
-    'CheckKey' : [ 0xf0, ['__unnamed_175f']],
-    'CheckValueList' : [ 0x110, ['__unnamed_1761']],
-    'CheckHive' : [ 0x128, ['__unnamed_1765']],
-    'CheckHive1' : [ 0x138, ['__unnamed_1765']],
-    'CheckBin' : [ 0x148, ['__unnamed_1769']],
-    'RecoverData' : [ 0x158, ['__unnamed_176b']],
-} ],
-  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
-    'Id' : [ 0x0, ['unsigned short']],
-    'StructIndex' : [ 0x2, ['unsigned short']],
-    'Offset' : [ 0x4, ['unsigned short']],
-    'Size' : [ 0x6, ['unsigned short']],
-} ],
-  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
-    'Version' : [ 0x0, ['unsigned long']],
-    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
-    'CounterCount' : [ 0x10, ['unsigned long']],
-    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
-    'Callback' : [ 0x20, ['pointer64', ['void']]],
-    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
-} ],
-  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
-    'IdleTime' : [ 0x0, ['unsigned long long']],
-    'AvailableTime' : [ 0x8, ['unsigned long long']],
-    'UserTime' : [ 0x10, ['unsigned long long']],
-    'KernelTime' : [ 0x18, ['unsigned long long']],
-    'Interrupts' : [ 0x20, ['unsigned long']],
-    'DpcTime' : [ 0x28, ['unsigned long long']],
-    'InterruptTime' : [ 0x30, ['unsigned long long']],
-    'ClockInterrupts' : [ 0x38, ['unsigned long']],
-    'DpcCount' : [ 0x3c, ['unsigned long']],
-    'DpcRate' : [ 0x40, ['unsigned long']],
-    'C1Time' : [ 0x48, ['unsigned long long']],
-    'C2Time' : [ 0x50, ['unsigned long long']],
-    'C3Time' : [ 0x58, ['unsigned long long']],
-    'C1Transitions' : [ 0x60, ['unsigned long long']],
-    'C2Transitions' : [ 0x68, ['unsigned long long']],
-    'C3Transitions' : [ 0x70, ['unsigned long long']],
-    'StallTime' : [ 0x78, ['unsigned long long']],
-    'ParkingStatus' : [ 0x80, ['unsigned long']],
-    'CurrentFrequency' : [ 0x84, ['unsigned long']],
-    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
-    'StateFlags' : [ 0x8c, ['unsigned long']],
-    'NominalThroughput' : [ 0x90, ['unsigned long']],
-    'ActiveThroughput' : [ 0x94, ['unsigned long']],
-    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
-    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
-    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
-    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
-    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
-    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
-} ],
-  '_PCW_DATA' : [ 0x10, {
-    'Data' : [ 0x0, ['pointer64', ['void']]],
-    'Size' : [ 0x8, ['unsigned long']],
-} ],
-  '_SYNCH_COUNTERS' : [ 0xb8, {
-    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
-    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
-    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
-    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
-    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
-    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
-    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
-    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
-    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
-    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
-    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
-    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
-    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
-    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
-    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
-    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
-    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
-    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
-    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
-    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
-    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
-    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
-    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
-    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
-    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
-    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
-    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
-    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
-    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
-    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
-    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
-    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
-    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
-    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
-    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
-    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
-    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
-    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
-    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
-    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
-    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
-    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
-    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
-    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
-    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
-    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
-} ],
-  '_ETW_PERF_COUNTERS' : [ 0x18, {
-    'TotalActiveSessions' : [ 0x0, ['long']],
-    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
-    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
-    'TotalGuidsEnabled' : [ 0xc, ['long']],
-    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
-    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
-} ],
-  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
-    'BufferMemoryPagedPool' : [ 0x0, ['long']],
-    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
-    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
-    'EventsLost' : [ 0x10, ['long']],
-    'NumConsumers' : [ 0x14, ['long']],
-} ],
-  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
-    'FsBytesRead' : [ 0x0, ['unsigned long long']],
-    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
-} ],
-  '_THERMAL_ZONE_COUNTERS' : [ 0xc, {
-    'Temperature' : [ 0x0, ['unsigned long']],
-    'ThrottleLimit' : [ 0x4, ['unsigned long']],
-    'ThrottleReasons' : [ 0x8, ['unsigned long']],
-} ],
-  '_TEB32' : [ 0x1000, {
-    'NtTib' : [ 0x0, ['_NT_TIB32']],
-    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
-    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
-    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
-    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
-    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
-    'LastErrorValue' : [ 0x34, ['unsigned long']],
-    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
-    'CsrClientThread' : [ 0x3c, ['unsigned long']],
-    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
-    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
-    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
-    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
-    'CurrentLocale' : [ 0xc4, ['unsigned long']],
-    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
-    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
-    'SystemReserved1' : [ 0x10c, ['array', 38, ['unsigned long']]],
-    'ExceptionCode' : [ 0x1a4, ['long']],
-    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
-    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
-    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
-    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
-    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
-    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
-    'TxFsContext' : [ 0x1d0, ['unsigned long']],
-    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
-    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
-    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
-    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
-    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
-    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
-    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
-    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
-    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
-    'glReserved2' : [ 0xbdc, ['unsigned long']],
-    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
-    'glSection' : [ 0xbe4, ['unsigned long']],
-    'glTable' : [ 0xbe8, ['unsigned long']],
-    'glCurrentRC' : [ 0xbec, ['unsigned long']],
-    'glContext' : [ 0xbf0, ['unsigned long']],
-    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
-    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
-    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
-    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
-    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
-    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
-    'Vdm' : [ 0xf18, ['unsigned long']],
-    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
-    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
-    'HardErrorMode' : [ 0xf28, ['unsigned long']],
-    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
-    'ActivityId' : [ 0xf50, ['_GUID']],
-    'SubProcessTag' : [ 0xf60, ['unsigned long']],
-    'PerflibData' : [ 0xf64, ['unsigned long']],
-    'EtwTraceData' : [ 0xf68, ['unsigned long']],
-    'WinSockData' : [ 0xf6c, ['unsigned long']],
-    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
-    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
-    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
-    'ReservedPad0' : [ 0xf74, ['unsigned char']],
-    'ReservedPad1' : [ 0xf75, ['unsigned char']],
-    'ReservedPad2' : [ 0xf76, ['unsigned char']],
-    'IdealProcessor' : [ 0xf77, ['unsigned char']],
-    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
-    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
-    'ReservedForOle' : [ 0xf80, ['unsigned long']],
-    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
-    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
-    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
-    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
-    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
-    'MuiGeneration' : [ 0xf98, ['unsigned long']],
-    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
-    'NlsCache' : [ 0xfa0, ['unsigned long']],
-    'pShimData' : [ 0xfa4, ['unsigned long']],
-    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
-    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
-    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
-    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
-    'FlsData' : [ 0xfb4, ['unsigned long']],
-    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
-    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
-    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
-    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
-    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
-    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
-    'SameTebFlags' : [ 0xfca, ['unsigned short']],
-    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
-    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
-    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
-    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
-    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
-    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
-    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
-    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
-    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
-    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
-    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
-    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
-    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
-    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
-    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
-    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
-    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
-    'LockCount' : [ 0xfd8, ['unsigned long']],
-    'WowTebOffset' : [ 0xfdc, ['long']],
-    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
-    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
-    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
-    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
-} ],
-  '_TEB64' : [ 0x1838, {
-    'NtTib' : [ 0x0, ['_NT_TIB64']],
-    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
-    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
-    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
-    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
-    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
-    'LastErrorValue' : [ 0x68, ['unsigned long']],
-    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
-    'CsrClientThread' : [ 0x70, ['unsigned long long']],
-    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
-    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
-    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
-    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
-    'CurrentLocale' : [ 0x108, ['unsigned long']],
-    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
-    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
-    'SystemReserved1' : [ 0x190, ['array', 38, ['unsigned long long']]],
-    'ExceptionCode' : [ 0x2c0, ['long']],
-    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
-    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
-    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
-    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
-    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
-    'TxFsContext' : [ 0x2e8, ['unsigned long']],
-    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
-    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
-    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
-    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
-    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
-    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
-    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
-    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
-    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
-    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
-    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
-    'glReserved2' : [ 0x1220, ['unsigned long long']],
-    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
-    'glSection' : [ 0x1230, ['unsigned long long']],
-    'glTable' : [ 0x1238, ['unsigned long long']],
-    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
-    'glContext' : [ 0x1248, ['unsigned long long']],
-    'LastStatusValue' : [ 0x1250, ['unsigned long']],
-    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
-    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
-    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
-    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
-    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
-    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
-    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
-    'Vdm' : [ 0x1690, ['unsigned long long']],
-    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
-    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
-    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
-    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
-    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
-    'ActivityId' : [ 0x1710, ['_GUID']],
-    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
-    'PerflibData' : [ 0x1728, ['unsigned long long']],
-    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
-    'WinSockData' : [ 0x1738, ['unsigned long long']],
-    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
-    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
-    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
-    'ReservedPad0' : [ 0x1744, ['unsigned char']],
-    'ReservedPad1' : [ 0x1745, ['unsigned char']],
-    'ReservedPad2' : [ 0x1746, ['unsigned char']],
-    'IdealProcessor' : [ 0x1747, ['unsigned char']],
-    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
-    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
-    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
-    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
-    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
-    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
-    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
-    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
-    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
-    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
-    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
-    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
-    'MuiGeneration' : [ 0x1798, ['unsigned long']],
-    'IsImpersonating' : [ 0x179c, ['unsigned long']],
-    'NlsCache' : [ 0x17a0, ['unsigned long long']],
-    'pShimData' : [ 0x17a8, ['unsigned long long']],
-    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
-    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
-    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
-    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
-    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
-    'FlsData' : [ 0x17c8, ['unsigned long long']],
-    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
-    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
-    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
-    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
-    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
-    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
-    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
-    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
-    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
-    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
-    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
-    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
-    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
-    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
-    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
-    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
-    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
-    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
-    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
-    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
-    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
-    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
-    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
-    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
-    'LockCount' : [ 0x1808, ['unsigned long']],
-    'WowTebOffset' : [ 0x180c, ['long']],
-    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
-    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
-    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
-    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
-} ],
-  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
-    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
-    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
-    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
-    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
-    'AsUINT64' : [ 0x0, ['unsigned long long']],
-    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
-    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
-    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
-    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
-    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
-    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
-    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
-    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
-    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
-    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
-    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
-    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long long')]],
-    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
-    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
-    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
-    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
-    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
-    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
-    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
-    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
-    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
-    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
-    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
-    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
-    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
-    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
-    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
-    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
-    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
-    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
-    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
-    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
-    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
-    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_KTIMER_TABLE' : [ 0x2200, {
-    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
-    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
-} ],
-  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
-    'Lock' : [ 0x0, ['unsigned long long']],
-    'Entry' : [ 0x8, ['_LIST_ENTRY']],
-    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
-} ],
-  '_XSTATE_SAVE' : [ 0x38, {
-    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
-    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
-    'Level' : [ 0x10, ['unsigned char']],
-    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
-} ],
-  '_XSAVE_AREA' : [ 0x240, {
-    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
-    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
-} ],
-  '_KSHARED_READY_QUEUE' : [ 0x260, {
-    'Lock' : [ 0x0, ['unsigned long long']],
-    'ReadySummary' : [ 0x8, ['unsigned long']],
-    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
-    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
-    'Span' : [ 0x250, ['unsigned char']],
-    'LowProcIndex' : [ 0x251, ['unsigned char']],
-    'QueueIndex' : [ 0x252, ['unsigned char']],
-    'ProcCount' : [ 0x253, ['unsigned char']],
-    'ScanOwner' : [ 0x254, ['unsigned char']],
-    'Spare' : [ 0x255, ['array', 3, ['unsigned char']]],
-    'Affinity' : [ 0x258, ['unsigned long long']],
-} ],
-  '_KEXCEPTION_FRAME' : [ 0x140, {
-    'P1Home' : [ 0x0, ['unsigned long long']],
-    'P2Home' : [ 0x8, ['unsigned long long']],
-    'P3Home' : [ 0x10, ['unsigned long long']],
-    'P4Home' : [ 0x18, ['unsigned long long']],
-    'P5' : [ 0x20, ['unsigned long long']],
-    'Spare1' : [ 0x28, ['unsigned long long']],
-    'Xmm6' : [ 0x30, ['_M128A']],
-    'Xmm7' : [ 0x40, ['_M128A']],
-    'Xmm8' : [ 0x50, ['_M128A']],
-    'Xmm9' : [ 0x60, ['_M128A']],
-    'Xmm10' : [ 0x70, ['_M128A']],
-    'Xmm11' : [ 0x80, ['_M128A']],
-    'Xmm12' : [ 0x90, ['_M128A']],
-    'Xmm13' : [ 0xa0, ['_M128A']],
-    'Xmm14' : [ 0xb0, ['_M128A']],
-    'Xmm15' : [ 0xc0, ['_M128A']],
-    'TrapFrame' : [ 0xd0, ['unsigned long long']],
-    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
-    'OutputLength' : [ 0xe0, ['unsigned long long']],
-    'Spare2' : [ 0xe8, ['unsigned long long']],
-    'MxCsr' : [ 0xf0, ['unsigned long long']],
-    'Rbp' : [ 0xf8, ['unsigned long long']],
-    'Rbx' : [ 0x100, ['unsigned long long']],
-    'Rdi' : [ 0x108, ['unsigned long long']],
-    'Rsi' : [ 0x110, ['unsigned long long']],
-    'R12' : [ 0x118, ['unsigned long long']],
-    'R13' : [ 0x120, ['unsigned long long']],
-    'R14' : [ 0x128, ['unsigned long long']],
-    'R15' : [ 0x130, ['unsigned long long']],
-    'Return' : [ 0x138, ['unsigned long long']],
-} ],
-  '_KTRAP_FRAME' : [ 0x190, {
-    'P1Home' : [ 0x0, ['unsigned long long']],
-    'P2Home' : [ 0x8, ['unsigned long long']],
-    'P3Home' : [ 0x10, ['unsigned long long']],
-    'P4Home' : [ 0x18, ['unsigned long long']],
-    'P5' : [ 0x20, ['unsigned long long']],
-    'PreviousMode' : [ 0x28, ['unsigned char']],
-    'PreviousIrql' : [ 0x29, ['unsigned char']],
-    'FaultIndicator' : [ 0x2a, ['unsigned char']],
-    'ExceptionActive' : [ 0x2b, ['unsigned char']],
-    'MxCsr' : [ 0x2c, ['unsigned long']],
-    'Rax' : [ 0x30, ['unsigned long long']],
-    'Rcx' : [ 0x38, ['unsigned long long']],
-    'Rdx' : [ 0x40, ['unsigned long long']],
-    'R8' : [ 0x48, ['unsigned long long']],
-    'R9' : [ 0x50, ['unsigned long long']],
-    'R10' : [ 0x58, ['unsigned long long']],
-    'R11' : [ 0x60, ['unsigned long long']],
-    'GsBase' : [ 0x68, ['unsigned long long']],
-    'GsSwap' : [ 0x68, ['unsigned long long']],
-    'Xmm0' : [ 0x70, ['_M128A']],
-    'Xmm1' : [ 0x80, ['_M128A']],
-    'Xmm2' : [ 0x90, ['_M128A']],
-    'Xmm3' : [ 0xa0, ['_M128A']],
-    'Xmm4' : [ 0xb0, ['_M128A']],
-    'Xmm5' : [ 0xc0, ['_M128A']],
-    'FaultAddress' : [ 0xd0, ['unsigned long long']],
-    'ContextRecord' : [ 0xd0, ['unsigned long long']],
-    'TimeStampCKCL' : [ 0xd0, ['unsigned long long']],
-    'Dr0' : [ 0xd8, ['unsigned long long']],
-    'Dr1' : [ 0xe0, ['unsigned long long']],
-    'Dr2' : [ 0xe8, ['unsigned long long']],
-    'Dr3' : [ 0xf0, ['unsigned long long']],
-    'Dr6' : [ 0xf8, ['unsigned long long']],
-    'Dr7' : [ 0x100, ['unsigned long long']],
-    'DebugControl' : [ 0x108, ['unsigned long long']],
-    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
-    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
-    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
-    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
-    'SegDs' : [ 0x130, ['unsigned short']],
-    'SegEs' : [ 0x132, ['unsigned short']],
-    'SegFs' : [ 0x134, ['unsigned short']],
-    'SegGs' : [ 0x136, ['unsigned short']],
-    'TrapFrame' : [ 0x138, ['unsigned long long']],
-    'Rbx' : [ 0x140, ['unsigned long long']],
-    'Rdi' : [ 0x148, ['unsigned long long']],
-    'Rsi' : [ 0x150, ['unsigned long long']],
-    'Rbp' : [ 0x158, ['unsigned long long']],
-    'ErrorCode' : [ 0x160, ['unsigned long long']],
-    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
-    'TimeStampKlog' : [ 0x160, ['unsigned long long']],
-    'Rip' : [ 0x168, ['unsigned long long']],
-    'SegCs' : [ 0x170, ['unsigned short']],
-    'Fill0' : [ 0x172, ['unsigned char']],
-    'Logging' : [ 0x173, ['unsigned char']],
-    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
-    'EFlags' : [ 0x178, ['unsigned long']],
-    'Fill2' : [ 0x17c, ['unsigned long']],
-    'Rsp' : [ 0x180, ['unsigned long long']],
-    'SegSs' : [ 0x188, ['unsigned short']],
-    'Fill3' : [ 0x18a, ['unsigned short']],
-    'Fill4' : [ 0x18c, ['unsigned long']],
-} ],
-  '__unnamed_1866' : [ 0x8, {
-    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
-    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
-    'Information' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '__unnamed_1868' : [ 0x8, {
-    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
-} ],
-  '__unnamed_186c' : [ 0x20, {
-    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
-    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
-    'SerialNumber' : [ 0x18, ['pointer64', ['unsigned short']]],
-} ],
-  '_DEVICE_NODE' : [ 0x2c8, {
-    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
-    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
-    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
-    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
-    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
-    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
-    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
-    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
-    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
-    'FxDeviceLock' : [ 0x58, ['long']],
-    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
-    'FxActivationCount' : [ 0x78, ['long']],
-    'FxSleepCount' : [ 0x7c, ['long']],
-    'Plugin' : [ 0x80, ['pointer64', ['_POP_FX_PLUGIN']]],
-    'Level' : [ 0x88, ['unsigned long']],
-    'CurrentPowerState' : [ 0x8c, ['_POWER_STATE']],
-    'Notify' : [ 0x90, ['_PO_DEVICE_NOTIFY']],
-    'PoIrpManager' : [ 0xf8, ['_PO_IRP_MANAGER']],
-    'UniqueId' : [ 0x118, ['_UNICODE_STRING']],
-    'PowerFlags' : [ 0x128, ['unsigned long']],
-    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
-    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
-    'StateHistory' : [ 0x134, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
-    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
-    'CompletionStatus' : [ 0x188, ['long']],
-    'Flags' : [ 0x18c, ['unsigned long']],
-    'UserFlags' : [ 0x190, ['unsigned long']],
-    'Problem' : [ 0x194, ['unsigned long']],
-    'ProblemStatus' : [ 0x198, ['long']],
-    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
-    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
-    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
-    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
-    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
-    'BusNumber' : [ 0x1c4, ['unsigned long']],
-    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
-    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
-    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
-    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
-    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
-    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
-    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
-    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
-    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
-    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
-    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
-    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
-    'OverUsed1' : [ 0x210, ['__unnamed_1866']],
-    'OverUsed2' : [ 0x218, ['__unnamed_1868']],
-    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
-    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
-    'CapabilityFlags' : [ 0x230, ['unsigned long']],
-    'DockInfo' : [ 0x238, ['__unnamed_186c']],
-    'DisableableDepends' : [ 0x258, ['unsigned long']],
-    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
-    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
-    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
-    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
-    'DeletedChildren' : [ 0x290, ['long']],
-    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
-    'ContainerID' : [ 0x298, ['_GUID']],
-    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
-    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
-    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
-    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
-    'StateFlags' : [ 0x2c0, ['unsigned long']],
-} ],
-  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
-    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
-    'Logger' : [ 0x8, ['unsigned long long']],
-    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
-    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
-    'Flags' : [ 0x20, ['unsigned long']],
-    'IsEnabled' : [ 0x24, ['unsigned long']],
-    'Level' : [ 0x28, ['unsigned char']],
-    'Reserve' : [ 0x29, ['unsigned char']],
-    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
-    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
-    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
-    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
-} ],
-  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
-    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
-    'DispatchedCount' : [ 0x10, ['unsigned long']],
-    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
-    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
-    'SpinLock' : [ 0x48, ['unsigned long long']],
-} ],
-  '_KSEMAPHORE' : [ 0x20, {
-    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
-    'Limit' : [ 0x18, ['long']],
-} ],
-  '_DEVOBJ_EXTENSION' : [ 0x68, {
-    'Type' : [ 0x0, ['short']],
-    'Size' : [ 0x2, ['unsigned short']],
-    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
-    'PowerFlags' : [ 0x10, ['unsigned long']],
-    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
-    'ExtensionFlags' : [ 0x20, ['unsigned long']],
-    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
-    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
-    'StartIoCount' : [ 0x38, ['long']],
-    'StartIoKey' : [ 0x3c, ['long']],
-    'StartIoFlags' : [ 0x40, ['unsigned long']],
-    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
-    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
-    'InterruptContext' : [ 0x58, ['pointer64', ['void']]],
-    'VerifierContext' : [ 0x60, ['pointer64', ['void']]],
-} ],
-  '_GROUP_AFFINITY' : [ 0x10, {
-    'Mask' : [ 0x0, ['unsigned long long']],
-    'Group' : [ 0x8, ['unsigned short']],
-    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
-} ],
-  '_KAFFINITY_EX' : [ 0xa8, {
-    'Count' : [ 0x0, ['unsigned short']],
-    'Size' : [ 0x2, ['unsigned short']],
-    'Reserved' : [ 0x4, ['unsigned long']],
-    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
-} ],
-  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
-    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
-    'DeviceCount' : [ 0x4, ['unsigned long']],
-    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
-} ],
-  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
-    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
-    'Flags' : [ 0x8, ['unsigned long']],
-    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
-    'Priority' : [ 0x10, ['unsigned long']],
-    'Position' : [ 0x14, ['unsigned long']],
-    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
-    'ReqList' : [ 0x20, ['pointer64', ['void']]],
-    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
-    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
-    'Status' : [ 0x38, ['long']],
-} ],
-  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
-    'ListSize' : [ 0x0, ['unsigned long']],
-    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
-    'BusNumber' : [ 0x8, ['unsigned long']],
-    'SlotNumber' : [ 0xc, ['unsigned long']],
-    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
-    'AlternativeLists' : [ 0x1c, ['unsigned long']],
-    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
-} ],
-  '_EXCEPTION_RECORD64' : [ 0x98, {
-    'ExceptionCode' : [ 0x0, ['long']],
-    'ExceptionFlags' : [ 0x4, ['unsigned long']],
-    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
-    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
-    'NumberParameters' : [ 0x18, ['unsigned long']],
-    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
-    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
-} ],
-  '_EXCEPTION_RECORD32' : [ 0x50, {
-    'ExceptionCode' : [ 0x0, ['long']],
-    'ExceptionFlags' : [ 0x4, ['unsigned long']],
-    'ExceptionRecord' : [ 0x8, ['unsigned long']],
-    'ExceptionAddress' : [ 0xc, ['unsigned long']],
-    'NumberParameters' : [ 0x10, ['unsigned long']],
-    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
-} ],
-  '_DBGKM_EXCEPTION64' : [ 0xa0, {
-    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
-    'FirstChance' : [ 0x98, ['unsigned long']],
-} ],
-  '_DBGKM_EXCEPTION32' : [ 0x54, {
-    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
-    'FirstChance' : [ 0x50, ['unsigned long']],
-} ],
-  '_X86_KTRAP_FRAME' : [ 0x8c, {
-    'DbgEbp' : [ 0x0, ['unsigned long']],
-    'DbgEip' : [ 0x4, ['unsigned long']],
-    'DbgArgMark' : [ 0x8, ['unsigned long']],
-    'DbgArgPointer' : [ 0xc, ['unsigned long']],
-    'TempSegCs' : [ 0x10, ['unsigned long']],
-    'TempEsp' : [ 0x14, ['unsigned long']],
-    'Dr0' : [ 0x18, ['unsigned long']],
-    'Dr1' : [ 0x1c, ['unsigned long']],
-    'Dr2' : [ 0x20, ['unsigned long']],
-    'Dr3' : [ 0x24, ['unsigned long']],
-    'Dr6' : [ 0x28, ['unsigned long']],
-    'Dr7' : [ 0x2c, ['unsigned long']],
-    'SegGs' : [ 0x30, ['unsigned long']],
-    'SegEs' : [ 0x34, ['unsigned long']],
-    'SegDs' : [ 0x38, ['unsigned long']],
-    'Edx' : [ 0x3c, ['unsigned long']],
-    'Ecx' : [ 0x40, ['unsigned long']],
-    'Eax' : [ 0x44, ['unsigned long']],
-    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
-    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
-    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
-    'ExceptionList' : [ 0x4c, ['unsigned long']],
-    'SegFs' : [ 0x50, ['unsigned long']],
-    'Edi' : [ 0x54, ['unsigned long']],
-    'Esi' : [ 0x58, ['unsigned long']],
-    'Ebx' : [ 0x5c, ['unsigned long']],
-    'Ebp' : [ 0x60, ['unsigned long']],
-    'ErrCode' : [ 0x64, ['unsigned long']],
-    'Eip' : [ 0x68, ['unsigned long']],
-    'SegCs' : [ 0x6c, ['unsigned long']],
-    'EFlags' : [ 0x70, ['unsigned long']],
-    'HardwareEsp' : [ 0x74, ['unsigned long']],
-    'HardwareSegSs' : [ 0x78, ['unsigned long']],
-    'V86Es' : [ 0x7c, ['unsigned long']],
-    'V86Ds' : [ 0x80, ['unsigned long']],
-    'V86Fs' : [ 0x84, ['unsigned long']],
-    'V86Gs' : [ 0x88, ['unsigned long']],
-} ],
-  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
-    'DbgEbp' : [ 0x0, ['unsigned long']],
-    'DbgEip' : [ 0x4, ['unsigned long']],
-    'DbgArgMark' : [ 0x8, ['unsigned long']],
-    'TempSegCs' : [ 0xc, ['unsigned short']],
-    'Logging' : [ 0xe, ['unsigned char']],
-    'FrameType' : [ 0xf, ['unsigned char']],
-    'TempEsp' : [ 0x10, ['unsigned long']],
-    'Dr0' : [ 0x14, ['unsigned long']],
-    'Dr1' : [ 0x18, ['unsigned long']],
-    'Dr2' : [ 0x1c, ['unsigned long']],
-    'Dr3' : [ 0x20, ['unsigned long']],
-    'Dr6' : [ 0x24, ['unsigned long']],
-    'Dr7' : [ 0x28, ['unsigned long']],
-    'SegGs' : [ 0x2c, ['unsigned long']],
-    'SegEs' : [ 0x30, ['unsigned long']],
-    'SegDs' : [ 0x34, ['unsigned long']],
-    'Edx' : [ 0x38, ['unsigned long']],
-    'Ecx' : [ 0x3c, ['unsigned long']],
-    'Eax' : [ 0x40, ['unsigned long']],
-    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
-    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
-    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
-    'MxCsr' : [ 0x48, ['unsigned long']],
-    'ExceptionList' : [ 0x4c, ['unsigned long']],
-    'SegFs' : [ 0x50, ['unsigned long']],
-    'Edi' : [ 0x54, ['unsigned long']],
-    'Esi' : [ 0x58, ['unsigned long']],
-    'Ebx' : [ 0x5c, ['unsigned long']],
-    'Ebp' : [ 0x60, ['unsigned long']],
-    'ErrCode' : [ 0x64, ['unsigned long']],
-    'Eip' : [ 0x68, ['unsigned long']],
-    'SegCs' : [ 0x6c, ['unsigned long']],
-    'EFlags' : [ 0x70, ['unsigned long']],
-    'HardwareEsp' : [ 0x74, ['unsigned long']],
-    'HardwareSegSs' : [ 0x78, ['unsigned long']],
-    'V86Es' : [ 0x7c, ['unsigned long']],
-    'V86Ds' : [ 0x80, ['unsigned long']],
-    'V86Fs' : [ 0x84, ['unsigned long']],
-    'V86Gs' : [ 0x88, ['unsigned long']],
-} ],
-  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
-    'PathNameLength' : [ 0x0, ['unsigned long']],
-    'BaseOfDll' : [ 0x8, ['unsigned long long']],
-    'ProcessId' : [ 0x10, ['unsigned long long']],
-    'CheckSum' : [ 0x18, ['unsigned long']],
-    'SizeOfImage' : [ 0x1c, ['unsigned long']],
-    'UnloadSymbols' : [ 0x20, ['unsigned char']],
-} ],
-  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
-    'PathNameLength' : [ 0x0, ['unsigned long']],
-    'BaseOfDll' : [ 0x4, ['unsigned long']],
-    'ProcessId' : [ 0x8, ['unsigned long']],
-    'CheckSum' : [ 0xc, ['unsigned long']],
-    'SizeOfImage' : [ 0x10, ['unsigned long']],
-    'UnloadSymbols' : [ 0x14, ['unsigned char']],
-} ],
-  '_DBGKD_READ_MEMORY64' : [ 0x10, {
-    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
-    'TransferCount' : [ 0x8, ['unsigned long']],
-    'ActualBytesRead' : [ 0xc, ['unsigned long']],
-} ],
-  '_DBGKD_READ_MEMORY32' : [ 0xc, {
-    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
-    'TransferCount' : [ 0x4, ['unsigned long']],
-    'ActualBytesRead' : [ 0x8, ['unsigned long']],
-} ],
-  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
-    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
-    'TransferCount' : [ 0x8, ['unsigned long']],
-    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
-} ],
-  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
-    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
-    'TransferCount' : [ 0x4, ['unsigned long']],
-    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
-} ],
-  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
-    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
-    'BreakPointHandle' : [ 0x8, ['unsigned long']],
-} ],
-  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
-    'BreakPointAddress' : [ 0x0, ['unsigned long']],
-    'BreakPointHandle' : [ 0x4, ['unsigned long']],
-} ],
-  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
-    'IoAddress' : [ 0x0, ['unsigned long long']],
-    'DataSize' : [ 0x8, ['unsigned long']],
-    'DataValue' : [ 0xc, ['unsigned long']],
-} ],
-  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
-    'DataSize' : [ 0x0, ['unsigned long']],
-    'IoAddress' : [ 0x4, ['unsigned long']],
-    'DataValue' : [ 0x8, ['unsigned long']],
-} ],
-  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
-    'DataSize' : [ 0x0, ['unsigned long']],
-    'InterfaceType' : [ 0x4, ['unsigned long']],
-    'BusNumber' : [ 0x8, ['unsigned long']],
-    'AddressSpace' : [ 0xc, ['unsigned long']],
-    'IoAddress' : [ 0x10, ['unsigned long long']],
-    'DataValue' : [ 0x18, ['unsigned long']],
-} ],
-  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
-    'DataSize' : [ 0x0, ['unsigned long']],
-    'InterfaceType' : [ 0x4, ['unsigned long']],
-    'BusNumber' : [ 0x8, ['unsigned long']],
-    'AddressSpace' : [ 0xc, ['unsigned long']],
-    'IoAddress' : [ 0x10, ['unsigned long']],
-    'DataValue' : [ 0x14, ['unsigned long']],
-} ],
-  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
-    'SpecialCall' : [ 0x0, ['unsigned long']],
-} ],
-  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
-    'SpecialCall' : [ 0x0, ['unsigned long long']],
-} ],
-  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
-    'BreakpointAddress' : [ 0x0, ['unsigned long']],
-    'Flags' : [ 0x4, ['unsigned long']],
-} ],
-  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
-    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
-    'Flags' : [ 0x8, ['unsigned long']],
-} ],
-  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
-    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
-    'Flags' : [ 0x8, ['unsigned long']],
-    'Calls' : [ 0xc, ['unsigned long']],
-    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
-    'MinInstructions' : [ 0x14, ['unsigned long']],
-    'MaxInstructions' : [ 0x18, ['unsigned long']],
-    'TotalInstructions' : [ 0x1c, ['unsigned long']],
-} ],
-  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
-    'BreakpointAddress' : [ 0x0, ['unsigned long']],
-    'Flags' : [ 0x4, ['unsigned long']],
-    'Calls' : [ 0x8, ['unsigned long']],
-    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
-    'MinInstructions' : [ 0x10, ['unsigned long']],
-    'MaxInstructions' : [ 0x14, ['unsigned long']],
-    'TotalInstructions' : [ 0x18, ['unsigned long']],
-} ],
-  '__unnamed_1969' : [ 0x28, {
-    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
-    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
-    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
-    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
-    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
-    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
-    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
-    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
-    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
-    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
-    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
-    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
-    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
-    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
-    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
-    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
-    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
-    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
-    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
-    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
-    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
-    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
-    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
-    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
-    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
-} ],
-  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
-    'ApiNumber' : [ 0x0, ['unsigned long']],
-    'ProcessorLevel' : [ 0x4, ['unsigned short']],
-    'Processor' : [ 0x6, ['unsigned short']],
-    'ReturnStatus' : [ 0x8, ['long']],
-    'u' : [ 0x10, ['__unnamed_1969']],
-} ],
-  '__unnamed_1970' : [ 0x28, {
-    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
-    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
-    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
-    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
-    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
-    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
-    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
-    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
-    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
-    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
-    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
-    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
-    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
-    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
-    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
-    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
-    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
-    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
-    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
-    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
-    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
-    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
-} ],
-  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
-    'ApiNumber' : [ 0x0, ['unsigned long']],
-    'ProcessorLevel' : [ 0x4, ['unsigned short']],
-    'Processor' : [ 0x6, ['unsigned short']],
-    'ReturnStatus' : [ 0x8, ['long']],
-    'u' : [ 0xc, ['__unnamed_1970']],
-} ],
-  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
-    'Msr' : [ 0x0, ['unsigned long']],
-    'DataValueLow' : [ 0x4, ['unsigned long']],
-    'DataValueHigh' : [ 0x8, ['unsigned long']],
-} ],
-  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
-    'BreakPointCount' : [ 0x0, ['unsigned long']],
-    'ContinueStatus' : [ 0x4, ['long']],
-} ],
-  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
-    'SearchAddress' : [ 0x0, ['unsigned long long']],
-    'FoundAddress' : [ 0x0, ['unsigned long long']],
-    'SearchLength' : [ 0x8, ['unsigned long long']],
-    'PatternLength' : [ 0x10, ['unsigned long']],
-} ],
-  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
-    'BreakPointHandle' : [ 0x0, ['unsigned long']],
-} ],
-  '_DBGKD_CONTINUE' : [ 0x4, {
-    'ContinueStatus' : [ 0x0, ['long']],
-} ],
-  '_DBGKD_CONTINUE2' : [ 0x20, {
-    'ContinueStatus' : [ 0x0, ['long']],
-    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
-    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
-} ],
-  '_PEP_ACPI_RESOURCE' : [ 0x48, {
-    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
-    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
-    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
-    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
-    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
-    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
-    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
-    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
-} ],
-  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
-    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
-    'Information' : [ 0x4, ['unsigned char']],
-    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
-    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
-    'Alignment' : [ 0x18, ['unsigned long']],
-    'Length' : [ 0x1c, ['unsigned long']],
-} ],
-  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x20, {
-    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
-    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
-    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
-    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
-    'Count' : [ 0x10, ['unsigned char']],
-    'Pins' : [ 0x18, ['pointer64', ['unsigned long']]],
-} ],
-  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x48, {
-    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
-    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
-    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
-    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
-    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PullDefault', 1: 'PullUp', 2: 'PullDown', 3: 'PullNone'})]],
-    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'IoRestrictionNone', 1: 'IoRestrictionInputOnly', 2: 'IoRestrictionOutputOnly', 3: 'IoRestrictionNoneAndPreserve'})]],
-    'DriveStrength' : [ 0x18, ['unsigned short']],
-    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
-    'PinTable' : [ 0x20, ['pointer64', ['unsigned short']]],
-    'PinCount' : [ 0x28, ['unsigned short']],
-    'ResourceSourceIndex' : [ 0x2a, ['unsigned char']],
-    'ResourceSourceName' : [ 0x30, ['pointer64', ['_UNICODE_STRING']]],
-    'VendorData' : [ 0x38, ['pointer64', ['unsigned char']]],
-    'VendorDataLength' : [ 0x40, ['unsigned short']],
-} ],
-  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x30, {
-    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
-    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
-    'SlaveAddress' : [ 0x2c, ['unsigned short']],
-} ],
-  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x38, {
-    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
-    'BaudRate' : [ 0x28, ['unsigned long']],
-    'RxBufferSize' : [ 0x2c, ['unsigned short']],
-    'TxBufferSize' : [ 0x2e, ['unsigned short']],
-    'Parity' : [ 0x30, ['unsigned char']],
-    'LinesInUse' : [ 0x31, ['unsigned char']],
-} ],
-  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x38, {
-    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
-    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
-    'DataBitLength' : [ 0x2c, ['unsigned char']],
-    'Phase' : [ 0x2d, ['unsigned char']],
-    'Polarity' : [ 0x2e, ['unsigned char']],
-    'DeviceSelection' : [ 0x30, ['unsigned short']],
-} ],
-  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
-    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
-    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
-    'ResourceFlags' : [ 0x8, ['unsigned char']],
-    'GeneralFlags' : [ 0x9, ['unsigned char']],
-    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
-    'RevisionId' : [ 0xb, ['unsigned char']],
-    'Reserved' : [ 0xc, ['unsigned char']],
-    'Granularity' : [ 0x10, ['unsigned long long']],
-    'MinimumAddress' : [ 0x18, ['unsigned long long']],
-    'MaximumAddress' : [ 0x20, ['unsigned long long']],
-    'TranslationAddress' : [ 0x28, ['unsigned long long']],
-    'AddressLength' : [ 0x30, ['unsigned long long']],
-    'TypeAttribute' : [ 0x38, ['unsigned long long']],
-    'DescriptorName' : [ 0x40, ['pointer64', ['_UNICODE_STRING']]],
-} ],
-  '_PPM_PLATFORM_STATES' : [ 0x1c0, {
-    'StateCount' : [ 0x0, ['unsigned long']],
-    'InterfaceVersion' : [ 0x4, ['unsigned long']],
-    'ProcessorCount' : [ 0x8, ['unsigned long']],
-    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
-    'IdleTest' : [ 0x10, ['pointer64', ['void']]],
-    'IdlePreExecute' : [ 0x18, ['pointer64', ['void']]],
-    'IdleComplete' : [ 0x20, ['pointer64', ['void']]],
-    'QueryPlatformStateResidency' : [ 0x28, ['pointer64', ['void']]],
-    'Accounting' : [ 0x30, ['pointer64', ['_PLATFORM_IDLE_ACCOUNTING']]],
-    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
-} ],
-  '_CPU_INFO' : [ 0x10, {
-    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
-    'Eax' : [ 0x0, ['unsigned long']],
-    'Ebx' : [ 0x4, ['unsigned long']],
-    'Ecx' : [ 0x8, ['unsigned long']],
-    'Edx' : [ 0xc, ['unsigned long']],
-} ],
-  '_POP_PPM_PROFILE' : [ 0xb30, {
-    'Name' : [ 0x0, ['pointer64', ['unsigned short']]],
-    'Id' : [ 0x8, ['unsigned char']],
-    'Guid' : [ 0xc, ['_GUID']],
-    'Flags' : [ 0x1c, ['unsigned long']],
-    'Priority' : [ 0x20, ['unsigned char']],
-    'Settings' : [ 0x28, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
-    'StartTime' : [ 0xb08, ['unsigned long long']],
-    'Count' : [ 0xb10, ['unsigned long long']],
-    'MaxDuration' : [ 0xb18, ['unsigned long long']],
-    'MinDuration' : [ 0xb20, ['unsigned long long']],
-    'TotalDuration' : [ 0xb28, ['unsigned long long']],
-} ],
-  '_PPM_ENGINE_SETTINGS' : [ 0x570, {
-    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
-    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
-    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
-    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
-    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
-    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
-    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
-    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
-    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
-    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
-    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
-    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
-    'PerfBoostPolicy' : [ 0x2c, ['unsigned long']],
-    'PerfBoostMode' : [ 0x30, ['unsigned long']],
-    'PerfReductionTolerance' : [ 0x34, ['unsigned long']],
-    'EnergyPerfPreference' : [ 0x38, ['unsigned long']],
-    'AutonomousActivityWindow' : [ 0x3c, ['unsigned long']],
-    'AutonomousPreference' : [ 0x40, ['unsigned char']],
-    'LatencyHintPerf' : [ 0x41, ['array', 2, ['unsigned char']]],
-    'LatencyHintUnpark' : [ 0x43, ['array', 2, ['unsigned char']]],
-    'DutyCycling' : [ 0x45, ['unsigned char']],
-    'ParkingPerfState' : [ 0x46, ['array', 2, ['unsigned char']]],
-    'DistributeUtility' : [ 0x48, ['unsigned char']],
-    'CoreParkingOverUtilizationThreshold' : [ 0x49, ['unsigned char']],
-    'CoreParkingConcurrencyThreshold' : [ 0x4a, ['unsigned char']],
-    'CoreParkingHeadroomThreshold' : [ 0x4b, ['unsigned char']],
-    'CoreParkingDistributionThreshold' : [ 0x4c, ['unsigned char']],
-    'CoreParkingDecreasePolicy' : [ 0x4d, ['unsigned char']],
-    'CoreParkingIncreasePolicy' : [ 0x4e, ['unsigned char']],
-    'CoreParkingDecreaseTime' : [ 0x50, ['unsigned long']],
-    'CoreParkingIncreaseTime' : [ 0x54, ['unsigned long']],
-    'CoreParkingMinCores' : [ 0x58, ['array', 2, ['unsigned char']]],
-    'CoreParkingMaxCores' : [ 0x5a, ['array', 2, ['unsigned char']]],
-    'AllowScaling' : [ 0x5c, ['unsigned char']],
-    'IdleDisabled' : [ 0x5d, ['unsigned char']],
-    'IdleTimeCheck' : [ 0x60, ['unsigned long']],
-    'IdleDemotePercent' : [ 0x64, ['unsigned char']],
-    'IdlePromotePercent' : [ 0x65, ['unsigned char']],
-    'HeteroDecreaseTime' : [ 0x66, ['unsigned char']],
-    'HeteroIncreaseTime' : [ 0x67, ['unsigned char']],
-    'HeteroDecreaseThreshold' : [ 0x68, ['array', 640, ['unsigned char']]],
-    'HeteroIncreaseThreshold' : [ 0x2e8, ['array', 640, ['unsigned char']]],
-    'Class0FloorPerformance' : [ 0x568, ['unsigned char']],
-    'Class1InitialPerformance' : [ 0x569, ['unsigned char']],
-} ],
-  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
-    'Value' : [ 0x0, ['long']],
-    'Value2' : [ 0x4, ['long']],
-    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
-    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
-    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_POP_FX_PERF_FLAGS' : [ 0x4, {
-    'Value' : [ 0x0, ['long']],
-    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
-    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
-    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
-    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
-    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
-    'Value' : [ 0x0, ['long']],
-    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_POP_RW_LOCK' : [ 0x10, {
-    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
-    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
-} ],
-  '_VOLUME_CACHE_MAP' : [ 0xd0, {
-    'NodeTypeCode' : [ 0x0, ['short']],
-    'NodeByteCode' : [ 0x2, ['short']],
-    'UseCount' : [ 0x4, ['unsigned long']],
-    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
-    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
-    'DirtyPages' : [ 0x20, ['unsigned long long']],
-    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
-    'Flags' : [ 0xc0, ['unsigned long']],
-    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
-    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
-} ],
-  '_SHARED_CACHE_MAP' : [ 0x210, {
-    'NodeTypeCode' : [ 0x0, ['short']],
-    'NodeByteSize' : [ 0x2, ['short']],
-    'OpenCount' : [ 0x4, ['unsigned long']],
-    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
-    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
-    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
-    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
-    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
-    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
-    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
-    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
-    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
-    'DirtyPages' : [ 0x70, ['unsigned long']],
-    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
-    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
-    'Flags' : [ 0x98, ['unsigned long']],
-    'Status' : [ 0x9c, ['long']],
-    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
-    'Section' : [ 0xa8, ['pointer64', ['void']]],
-    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
-    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
-    'PagesToWrite' : [ 0xc0, ['unsigned long']],
-    'BeyondLastFlush' : [ 0xc8, ['long long']],
-    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
-    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
-    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
-    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
-    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
-    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
-    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
-    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
-    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
-    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
-    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
-    'Event' : [ 0x158, ['_KEVENT']],
-    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
-    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
-    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
-    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
-    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
-    'WritesInProgress' : [ 0x204, ['unsigned long']],
-    'AsyncReadRequestCount' : [ 0x208, ['unsigned long']],
-} ],
-  '__unnamed_1a53' : [ 0x10, {
-    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
-    'ActiveCount' : [ 0x0, ['unsigned short']],
-    'Links' : [ 0x0, ['_LIST_ENTRY']],
-} ],
-  '_VACB' : [ 0x28, {
-    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
-    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
-    'Overlay' : [ 0x10, ['__unnamed_1a53']],
-    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
-} ],
-  '__unnamed_1a77' : [ 0x8, {
-    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
-} ],
-  '__unnamed_1a79' : [ 0x8, {
-    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
-} ],
-  '__unnamed_1a7b' : [ 0x8, {
-    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
-} ],
-  '__unnamed_1a7d' : [ 0x4, {
-    'Reason' : [ 0x0, ['unsigned long']],
-} ],
-  '__unnamed_1a7f' : [ 0x30, {
-    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
-    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
-    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
-    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
-} ],
-  '__unnamed_1a83' : [ 0x58, {
-    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
-    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
-    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
-    'Length' : [ 0x18, ['unsigned long']],
-    'PrefetchList' : [ 0x20, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
-    'PrefetchPagePriority' : [ 0x28, ['unsigned long']],
-    'Mdl' : [ 0x30, ['pointer64', ['_MDL']]],
-    'IoStatusBlock' : [ 0x38, ['pointer64', ['_IO_STATUS_BLOCK']]],
-    'CallbackContext' : [ 0x40, ['pointer64', ['_CC_ASYNC_READ_CONTEXT']]],
-    'OriginatingProcess' : [ 0x48, ['pointer64', ['_EPROCESS']]],
-    'RequestorMode' : [ 0x50, ['unsigned char']],
-    'NestingLevel' : [ 0x54, ['unsigned long']],
-} ],
-  '__unnamed_1a85' : [ 0x58, {
-    'Read' : [ 0x0, ['__unnamed_1a77']],
-    'Write' : [ 0x0, ['__unnamed_1a79']],
-    'Event' : [ 0x0, ['__unnamed_1a7b']],
-    'Notification' : [ 0x0, ['__unnamed_1a7d']],
-    'LowPriWrite' : [ 0x0, ['__unnamed_1a7f']],
-    'AsyncRead' : [ 0x0, ['__unnamed_1a83']],
-} ],
-  '_WORK_QUEUE_ENTRY' : [ 0x70, {
-    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
-    'Parameters' : [ 0x10, ['__unnamed_1a85']],
-    'Function' : [ 0x68, ['unsigned char']],
-} ],
-  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
-    'Callback' : [ 0x0, ['pointer64', ['void']]],
-    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
-    'Links' : [ 0x20, ['_LIST_ENTRY']],
-} ],
-  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
-    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
-    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
-    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
-    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
-    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
-    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
-    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
-    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
-    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
-    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
-    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
-    'Flags' : [ 0x90, ['unsigned long']],
-} ],
-  '_MBCB' : [ 0xc0, {
-    'NodeTypeCode' : [ 0x0, ['short']],
-    'NodeIsInZone' : [ 0x2, ['short']],
-    'PagesToWrite' : [ 0x4, ['unsigned long']],
-    'DirtyPages' : [ 0x8, ['unsigned long']],
-    'Reserved' : [ 0xc, ['unsigned long']],
-    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
-    'ResumeWritePage' : [ 0x20, ['long long']],
-    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
-    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
-    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
-    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
-} ],
-  '_BITMAP_RANGE' : [ 0x30, {
-    'Links' : [ 0x0, ['_LIST_ENTRY']],
-    'BasePage' : [ 0x10, ['long long']],
-    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
-    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
-    'DirtyPages' : [ 0x20, ['unsigned long']],
-    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
-} ],
-  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
-    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
-    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
-    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
-} ],
-  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
-    'Reference' : [ 0x0, ['long']],
-    'SpecialReference' : [ 0x4, ['long']],
-} ],
-  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
-    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
-    'Event' : [ 0x8, ['_KEVENT']],
-} ],
-  '_HEAP_LIST_LOOKUP' : [ 0x38, {
-    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
-    'ArraySize' : [ 0x8, ['unsigned long']],
-    'ExtraItem' : [ 0xc, ['unsigned long']],
-    'ItemCount' : [ 0x10, ['unsigned long']],
-    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
-    'BaseIndex' : [ 0x18, ['unsigned long']],
-    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
-    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
-    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
-} ],
-  '_HEAP' : [ 0x298, {
-    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
-    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
-    'SegmentSignature' : [ 0x10, ['unsigned long']],
-    'SegmentFlags' : [ 0x14, ['unsigned long']],
-    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
-    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
-    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
-    'NumberOfPages' : [ 0x38, ['unsigned long']],
-    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
-    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
-    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
-    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
-    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
-    'Reserved' : [ 0x5a, ['unsigned short']],
-    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
-    'Flags' : [ 0x70, ['unsigned long']],
-    'ForceFlags' : [ 0x74, ['unsigned long']],
-    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
-    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
-    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
-    'Interceptor' : [ 0x90, ['unsigned long']],
-    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
-    'Signature' : [ 0x98, ['unsigned long']],
-    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
-    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
-    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
-    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
-    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
-    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
-    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
-    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
-    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
-    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
-    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
-    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
-    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
-    'AlignRound' : [ 0x100, ['unsigned long long']],
-    'AlignMask' : [ 0x108, ['unsigned long long']],
-    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
-    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
-    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
-    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
-    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
-    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
-    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
-    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
-    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
-    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
-    'FrontEndHeap' : [ 0x170, ['pointer64', ['void']]],
-    'FrontHeapLockCount' : [ 0x178, ['unsigned short']],
-    'FrontEndHeapType' : [ 0x17a, ['unsigned char']],
-    'RequestedFrontEndHeapType' : [ 0x17b, ['unsigned char']],
-    'FrontEndHeapUsageData' : [ 0x180, ['pointer64', ['unsigned short']]],
-    'FrontEndHeapMaximumIndex' : [ 0x188, ['unsigned short']],
-    'FrontEndHeapStatusBitmap' : [ 0x18a, ['array', 129, ['unsigned char']]],
-    'Counters' : [ 0x210, ['_HEAP_COUNTERS']],
-    'TuningParameters' : [ 0x288, ['_HEAP_TUNING_PARAMETERS']],
-} ],
-  '__unnamed_1af3' : [ 0x68, {
-    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
-    'Resource' : [ 0x0, ['_ERESOURCE']],
-} ],
-  '_HEAP_LOCK' : [ 0x68, {
-    'Lock' : [ 0x0, ['__unnamed_1af3']],
-} ],
-  '_HEAP_ENTRY' : [ 0x10, {
-    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
-    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
-    'Size' : [ 0x8, ['unsigned short']],
-    'Flags' : [ 0xa, ['unsigned char']],
-    'SmallTagIndex' : [ 0xb, ['unsigned char']],
-    'SubSegmentCode' : [ 0x8, ['unsigned long']],
-    'PreviousSize' : [ 0xc, ['unsigned short']],
-    'SegmentOffset' : [ 0xe, ['unsigned char']],
-    'LFHFlags' : [ 0xe, ['unsigned char']],
-    'UnusedBytes' : [ 0xf, ['unsigned char']],
-    'CompactHeader' : [ 0x8, ['unsigned long long']],
-    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
-    'Reserved' : [ 0x0, ['pointer64', ['void']]],
-    'FunctionIndex' : [ 0x8, ['unsigned short']],
-    'ContextValue' : [ 0xa, ['unsigned short']],
-    'InterceptorValue' : [ 0x8, ['unsigned long']],
-    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
-    'EntryOffset' : [ 0xe, ['unsigned char']],
-    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
-    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
-    'Code1' : [ 0x8, ['unsigned long']],
-    'Code2' : [ 0xc, ['unsigned short']],
-    'Code3' : [ 0xe, ['unsigned char']],
-    'Code4' : [ 0xf, ['unsigned char']],
-    'Code234' : [ 0xc, ['unsigned long']],
-    'AgregateCode' : [ 0x8, ['unsigned long long']],
-} ],
-  '_HEAP_SEGMENT' : [ 0x70, {
-    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
-    'SegmentSignature' : [ 0x10, ['unsigned long']],
-    'SegmentFlags' : [ 0x14, ['unsigned long']],
-    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
-    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
-    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
-    'NumberOfPages' : [ 0x38, ['unsigned long']],
-    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
-    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
-    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
-    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
-    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
-    'Reserved' : [ 0x5a, ['unsigned short']],
-    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
-} ],
-  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
-    'Entry' : [ 0x0, ['_LIST_ENTRY']],
-    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
-    'CommitSize' : [ 0x20, ['unsigned long long']],
-    'ReserveSize' : [ 0x28, ['unsigned long long']],
-    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
-} ],
-  '_HEAP_FREE_ENTRY' : [ 0x20, {
-    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
-    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
-    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
-    'Size' : [ 0x8, ['unsigned short']],
-    'Flags' : [ 0xa, ['unsigned char']],
-    'SmallTagIndex' : [ 0xb, ['unsigned char']],
-    'SubSegmentCode' : [ 0x8, ['unsigned long']],
-    'PreviousSize' : [ 0xc, ['unsigned short']],
-    'SegmentOffset' : [ 0xe, ['unsigned char']],
-    'LFHFlags' : [ 0xe, ['unsigned char']],
-    'UnusedBytes' : [ 0xf, ['unsigned char']],
-    'CompactHeader' : [ 0x8, ['unsigned long long']],
-    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
-    'Reserved' : [ 0x0, ['pointer64', ['void']]],
-    'FunctionIndex' : [ 0x8, ['unsigned short']],
-    'ContextValue' : [ 0xa, ['unsigned short']],
-    'InterceptorValue' : [ 0x8, ['unsigned long']],
-    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
-    'EntryOffset' : [ 0xe, ['unsigned char']],
-    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
-    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
-    'Code1' : [ 0x8, ['unsigned long']],
-    'Code2' : [ 0xc, ['unsigned short']],
-    'Code3' : [ 0xe, ['unsigned char']],
-    'Code4' : [ 0xf, ['unsigned char']],
-    'Code234' : [ 0xc, ['unsigned long']],
-    'AgregateCode' : [ 0x8, ['unsigned long long']],
-    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
-} ],
-  '__unnamed_1b46' : [ 0x4, {
-    'DataLength' : [ 0x0, ['short']],
-    'TotalLength' : [ 0x2, ['short']],
-} ],
-  '__unnamed_1b48' : [ 0x4, {
-    's1' : [ 0x0, ['__unnamed_1b46']],
-    'Length' : [ 0x0, ['unsigned long']],
-} ],
-  '__unnamed_1b4a' : [ 0x4, {
-    'Type' : [ 0x0, ['short']],
-    'DataInfoOffset' : [ 0x2, ['short']],
-} ],
-  '__unnamed_1b4c' : [ 0x4, {
-    's2' : [ 0x0, ['__unnamed_1b4a']],
-    'ZeroInit' : [ 0x0, ['unsigned long']],
-} ],
-  '_PORT_MESSAGE' : [ 0x28, {
-    'u1' : [ 0x0, ['__unnamed_1b48']],
-    'u2' : [ 0x4, ['__unnamed_1b4c']],
-    'ClientId' : [ 0x8, ['_CLIENT_ID']],
-    'DoNotUseThisField' : [ 0x8, ['double']],
-    'MessageId' : [ 0x18, ['unsigned long']],
-    'ClientViewSize' : [ 0x20, ['unsigned long long']],
-    'CallbackId' : [ 0x20, ['unsigned long']],
-} ],
-  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
-    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
-    'ValidAttributes' : [ 0x4, ['unsigned long']],
-} ],
-  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
-    'Object' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '_BLOB_TYPE' : [ 0x30, {
-    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
-    'PoolTag' : [ 0x4, ['unsigned long']],
-    'LookasideIndex' : [ 0x8, ['unsigned long']],
-    'Flags' : [ 0xc, ['unsigned long']],
-    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
-    'DeleteProcedure' : [ 0x18, ['pointer64', ['void']]],
-    'DestroyProcedure' : [ 0x20, ['pointer64', ['void']]],
-    'UsualSize' : [ 0x28, ['unsigned long long']],
-} ],
-  '__unnamed_1b67' : [ 0x1, {
-    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-} ],
-  '__unnamed_1b69' : [ 0x1, {
-    's1' : [ 0x0, ['__unnamed_1b67']],
-    'Flags' : [ 0x0, ['unsigned char']],
-} ],
-  '_BLOB' : [ 0x30, {
-    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
-    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
-    'u1' : [ 0x10, ['__unnamed_1b69']],
-    'ResourceId' : [ 0x11, ['unsigned char']],
-    'CachedReferences' : [ 0x12, ['short']],
-    'ReferenceCount' : [ 0x18, ['long long']],
-    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
-} ],
-  '__unnamed_1b7b' : [ 0x4, {
-    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-} ],
-  '__unnamed_1b7d' : [ 0x4, {
-    's1' : [ 0x0, ['__unnamed_1b7b']],
-} ],
-  '_KALPC_SECTION' : [ 0x48, {
-    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
-    'Size' : [ 0x8, ['unsigned long long']],
-    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
-    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
-    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
-    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
-    'u1' : [ 0x30, ['__unnamed_1b7d']],
-    'NumberOfRegions' : [ 0x34, ['unsigned long']],
-    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
-} ],
-  '__unnamed_1b86' : [ 0x4, {
-    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-} ],
-  '__unnamed_1b88' : [ 0x4, {
-    's1' : [ 0x0, ['__unnamed_1b86']],
-} ],
-  '_KALPC_REGION' : [ 0x58, {
-    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
-    'Offset' : [ 0x18, ['unsigned long long']],
-    'Size' : [ 0x20, ['unsigned long long']],
-    'ViewSize' : [ 0x28, ['unsigned long long']],
-    'u1' : [ 0x30, ['__unnamed_1b88']],
-    'NumberOfViews' : [ 0x34, ['unsigned long']],
-    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
-    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
-    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
-} ],
-  '__unnamed_1b8e' : [ 0x4, {
-    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-} ],
-  '__unnamed_1b90' : [ 0x4, {
-    's1' : [ 0x0, ['__unnamed_1b8e']],
-} ],
-  '_KALPC_VIEW' : [ 0x60, {
-    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
-    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
-    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
-    'Address' : [ 0x28, ['pointer64', ['void']]],
-    'Size' : [ 0x30, ['unsigned long long']],
-    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
-    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
-    'u1' : [ 0x48, ['__unnamed_1b90']],
-    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
-    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
-} ],
-  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
-    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
-    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
-    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
-    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
-    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
-    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
-} ],
-  '__unnamed_1bae' : [ 0x4, {
-    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
-    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-} ],
-  '__unnamed_1bb0' : [ 0x4, {
-    's1' : [ 0x0, ['__unnamed_1bae']],
-    'State' : [ 0x0, ['unsigned long']],
-} ],
-  '_ALPC_PORT' : [ 0x1d8, {
-    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
-    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
-    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
-    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
-    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
-    'PortContext' : [ 0x38, ['pointer64', ['void']]],
-    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
-    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
-    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
-    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
-    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
-    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
-    'DirectQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
-    'DirectQueue' : [ 0xd0, ['_LIST_ENTRY']],
-    'WaitQueueLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
-    'WaitQueue' : [ 0xe8, ['_LIST_ENTRY']],
-    'Semaphore' : [ 0xf8, ['pointer64', ['_KSEMAPHORE']]],
-    'DummyEvent' : [ 0xf8, ['pointer64', ['_KEVENT']]],
-    'PortAttributes' : [ 0x100, ['_ALPC_PORT_ATTRIBUTES']],
-    'ResourceListLock' : [ 0x148, ['_EX_PUSH_LOCK']],
-    'ResourceListHead' : [ 0x150, ['_LIST_ENTRY']],
-    'PortObjectLock' : [ 0x160, ['_EX_PUSH_LOCK']],
-    'CompletionList' : [ 0x168, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
-    'CallbackObject' : [ 0x170, ['pointer64', ['_CALLBACK_OBJECT']]],
-    'CallbackContext' : [ 0x178, ['pointer64', ['void']]],
-    'CanceledQueue' : [ 0x180, ['_LIST_ENTRY']],
-    'SequenceNo' : [ 0x190, ['long']],
-    'ReferenceNo' : [ 0x194, ['long']],
-    'ReferenceNoWait' : [ 0x198, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
-    'u1' : [ 0x1a0, ['__unnamed_1bb0']],
-    'TargetQueuePort' : [ 0x1a8, ['pointer64', ['_ALPC_PORT']]],
-    'TargetSequencePort' : [ 0x1b0, ['pointer64', ['_ALPC_PORT']]],
-    'CachedMessage' : [ 0x1b8, ['pointer64', ['_KALPC_MESSAGE']]],
-    'MainQueueLength' : [ 0x1c0, ['unsigned long']],
-    'LargeMessageQueueLength' : [ 0x1c4, ['unsigned long']],
-    'PendingQueueLength' : [ 0x1c8, ['unsigned long']],
-    'DirectQueueLength' : [ 0x1cc, ['unsigned long']],
-    'CanceledQueueLength' : [ 0x1d0, ['unsigned long']],
-    'WaitQueueLength' : [ 0x1d4, ['unsigned long']],
-} ],
-  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
-    'Entry' : [ 0x0, ['_LIST_ENTRY']],
-    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
-    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
-    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
-    'UserVa' : [ 0x28, ['pointer64', ['void']]],
-    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
-    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
-    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
-    'TotalSize' : [ 0x48, ['unsigned long long']],
-    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
-    'List' : [ 0x58, ['pointer64', ['void']]],
-    'ListSize' : [ 0x60, ['unsigned long long']],
-    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
-    'BitmapSize' : [ 0x70, ['unsigned long long']],
-    'Data' : [ 0x78, ['pointer64', ['void']]],
-    'DataSize' : [ 0x80, ['unsigned long long']],
-    'BitmapLimit' : [ 0x88, ['unsigned long']],
-    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
-    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
-    'AttributeFlags' : [ 0x94, ['unsigned long']],
-    'AttributeSize' : [ 0x98, ['unsigned long']],
-} ],
-  '_OBJECT_ATTRIBUTES' : [ 0x30, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
-    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
-    'Attributes' : [ 0x18, ['unsigned long']],
-    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
-    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
-} ],
-  '_OBJECT_TYPE' : [ 0xd8, {
-    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
-    'Name' : [ 0x10, ['_UNICODE_STRING']],
-    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
-    'Index' : [ 0x28, ['unsigned char']],
-    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
-    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
-    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
-    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
-    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
-    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
-    'Key' : [ 0xc0, ['unsigned long']],
-    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
-} ],
-  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
-    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
-    'DesiredReferenceNo' : [ 0x18, ['long']],
-} ],
-  '_PORT_MESSAGE32' : [ 0x18, {
-    'u1' : [ 0x0, ['__unnamed_1b48']],
-    'u2' : [ 0x4, ['__unnamed_1b4c']],
-    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
-    'DoNotUseThisField' : [ 0x8, ['double']],
-    'MessageId' : [ 0x10, ['unsigned long']],
-    'ClientViewSize' : [ 0x14, ['unsigned long']],
-    'CallbackId' : [ 0x14, ['unsigned long']],
-} ],
-  '__unnamed_1bd6' : [ 0x4, {
-    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
-    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
-    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-} ],
-  '__unnamed_1bd8' : [ 0x4, {
-    's1' : [ 0x0, ['__unnamed_1bd6']],
-    'State' : [ 0x0, ['unsigned long']],
-} ],
-  '_KALPC_MESSAGE' : [ 0x108, {
-    'Entry' : [ 0x0, ['_LIST_ENTRY']],
-    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
-    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
-    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
-    'u1' : [ 0x28, ['__unnamed_1bd8']],
-    'SequenceNo' : [ 0x2c, ['long']],
-    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
-    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
-    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
-    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
-    'CancelSequenceNo' : [ 0x48, ['long']],
-    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
-    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
-    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
-    'DataUserVa' : [ 0xa8, ['pointer64', ['void']]],
-    'CommunicationInfo' : [ 0xb0, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
-    'ConnectionPort' : [ 0xb8, ['pointer64', ['_ALPC_PORT']]],
-    'ServerThread' : [ 0xc0, ['pointer64', ['_ETHREAD']]],
-    'WakeReference' : [ 0xc8, ['pointer64', ['void']]],
-    'ExtensionBuffer' : [ 0xd0, ['pointer64', ['void']]],
-    'ExtensionBufferSize' : [ 0xd8, ['unsigned long long']],
-    'PortMessage' : [ 0xe0, ['_PORT_MESSAGE']],
-} ],
-  '_ALPC_DISPATCH_CONTEXT' : [ 0x40, {
-    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
-    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
-    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
-    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
-    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
-    'DirectEvent' : [ 0x28, ['_KALPC_DIRECT_EVENT']],
-    'Flags' : [ 0x30, ['unsigned long']],
-    'TotalLength' : [ 0x34, ['unsigned short']],
-    'Type' : [ 0x36, ['unsigned short']],
-    'DataInfoOffset' : [ 0x38, ['unsigned short']],
-    'SignalCompletion' : [ 0x3a, ['unsigned char']],
-    'PostedToCompletionList' : [ 0x3b, ['unsigned char']],
-} ],
-  '_REMOTE_PORT_VIEW' : [ 0x18, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'ViewSize' : [ 0x8, ['unsigned long long']],
-    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
-} ],
-  '_KALPC_RESERVE' : [ 0x28, {
-    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
-    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
-    'Handle' : [ 0x10, ['pointer64', ['void']]],
-    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
-    'Active' : [ 0x20, ['long']],
-} ],
-  '_KALPC_HANDLE_DATA' : [ 0x30, {
-    'Flags' : [ 0x0, ['unsigned long']],
-    'ObjectType' : [ 0x4, ['unsigned long']],
-    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
-} ],
-  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x40, {
-    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
-    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
-    'PortContext' : [ 0x10, ['pointer64', ['void']]],
-    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
-    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
-    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
-    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
-    'DirectEvent' : [ 0x38, ['_KALPC_DIRECT_EVENT']],
-} ],
-  '__unnamed_1c1c' : [ 0x4, {
-    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-} ],
-  '__unnamed_1c1e' : [ 0x4, {
-    's1' : [ 0x0, ['__unnamed_1c1c']],
-} ],
-  '_KALPC_SECURITY_DATA' : [ 0x70, {
-    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
-    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
-    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
-    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
-    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
-    'u1' : [ 0x68, ['__unnamed_1c1e']],
-} ],
-  '_KALPC_DIRECT_EVENT' : [ 0x8, {
-    'Event' : [ 0x0, ['unsigned long long']],
-    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'PacketType' : [ 0x10, ['unsigned long']],
-    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
-    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
-    'IoStatus' : [ 0x28, ['long']],
-    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
-    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
-    'Context' : [ 0x40, ['pointer64', ['void']]],
-    'Allocated' : [ 0x48, ['unsigned char']],
-} ],
-  '_IOP_IRP_EXTENSION' : [ 0x30, {
-    'ExtensionFlags' : [ 0x0, ['unsigned short']],
-    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
-    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
-    'TypesAllocated' : [ 0x2, ['unsigned short']],
-    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
-    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
-    'ActivityId' : [ 0x10, ['_GUID']],
-    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
-    'ZeroingOffset' : [ 0x20, ['unsigned long']],
-    'FsTrackOffsetBlob' : [ 0x20, ['pointer64', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
-    'FsTrackedOffset' : [ 0x28, ['long long']],
-} ],
-  '_DRIVER_OBJECT' : [ 0x150, {
-    'Type' : [ 0x0, ['short']],
-    'Size' : [ 0x2, ['short']],
-    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
-    'Flags' : [ 0x10, ['unsigned long']],
-    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
-    'DriverSize' : [ 0x20, ['unsigned long']],
-    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
-    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
-    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
-    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
-    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
-    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
-    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
-    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
-    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
-} ],
-  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
-    'Buffer' : [ 0x0, ['pointer64', ['void']]],
-    'Alignment' : [ 0x0, ['unsigned long long']],
-} ],
-  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
-    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
-    'Flags' : [ 0x2, ['unsigned short']],
-    'DeviceNameLength' : [ 0x4, ['unsigned short']],
-    'Reserved' : [ 0x6, ['unsigned short']],
-    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
-    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
-} ],
-  '_ECP_LIST' : [ 0x18, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'Flags' : [ 0x4, ['unsigned long']],
-    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
-} ],
-  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x50, {
-    'FoExtFlags' : [ 0x0, ['unsigned long']],
-    'FoExtPerTypeExtension' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
-    'FoIoPriorityHint' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
-} ],
-  '_OPEN_PACKET' : [ 0xc0, {
-    'Type' : [ 0x0, ['short']],
-    'Size' : [ 0x2, ['short']],
-    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
-    'FinalStatus' : [ 0x10, ['long']],
-    'Information' : [ 0x18, ['unsigned long long']],
-    'ParseCheck' : [ 0x20, ['unsigned long']],
-    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
-    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
-    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
-    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
-    'CreateOptions' : [ 0x40, ['unsigned long']],
-    'FileAttributes' : [ 0x44, ['unsigned short']],
-    'ShareAccess' : [ 0x46, ['unsigned short']],
-    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
-    'EaLength' : [ 0x50, ['unsigned long']],
-    'Options' : [ 0x54, ['unsigned long']],
-    'Disposition' : [ 0x58, ['unsigned long']],
-    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
-    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
-    'CreateFileType' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
-    'MailslotOrPipeParameters' : [ 0x78, ['pointer64', ['void']]],
-    'Override' : [ 0x80, ['unsigned char']],
-    'QueryOnly' : [ 0x81, ['unsigned char']],
-    'DeleteOnly' : [ 0x82, ['unsigned char']],
-    'FullAttributes' : [ 0x83, ['unsigned char']],
-    'LocalFileObject' : [ 0x88, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
-    'InternalFlags' : [ 0x90, ['unsigned long']],
-    'AccessMode' : [ 0x94, ['unsigned char']],
-    'DriverCreateContext' : [ 0x98, ['_IO_DRIVER_CREATE_CONTEXT']],
-} ],
-  '_ETW_SYSTEMTIME' : [ 0x10, {
-    'Year' : [ 0x0, ['unsigned short']],
-    'Month' : [ 0x2, ['unsigned short']],
-    'DayOfWeek' : [ 0x4, ['unsigned short']],
-    'Day' : [ 0x6, ['unsigned short']],
-    'Hour' : [ 0x8, ['unsigned short']],
-    'Minute' : [ 0xa, ['unsigned short']],
-    'Second' : [ 0xc, ['unsigned short']],
-    'Milliseconds' : [ 0xe, ['unsigned short']],
-} ],
-  '_TIME_FIELDS' : [ 0x10, {
-    'Year' : [ 0x0, ['short']],
-    'Month' : [ 0x2, ['short']],
-    'Day' : [ 0x4, ['short']],
-    'Hour' : [ 0x6, ['short']],
-    'Minute' : [ 0x8, ['short']],
-    'Second' : [ 0xa, ['short']],
-    'Milliseconds' : [ 0xc, ['short']],
-    'Weekday' : [ 0xe, ['short']],
-} ],
-  '__unnamed_1ce5' : [ 0x4, {
-    'MajorVersion' : [ 0x0, ['unsigned char']],
-    'MinorVersion' : [ 0x1, ['unsigned char']],
-    'SubVersion' : [ 0x2, ['unsigned char']],
-    'SubMinorVersion' : [ 0x3, ['unsigned char']],
-} ],
-  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
-    'BufferSize' : [ 0x0, ['unsigned long']],
-    'Version' : [ 0x4, ['unsigned long']],
-    'VersionDetail' : [ 0x4, ['__unnamed_1ce5']],
-    'ProviderVersion' : [ 0x8, ['unsigned long']],
-    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
-    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
-    'TimerResolution' : [ 0x18, ['unsigned long']],
-    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
-    'LogFileMode' : [ 0x20, ['unsigned long']],
-    'BuffersWritten' : [ 0x24, ['unsigned long']],
-    'LogInstanceGuid' : [ 0x28, ['_GUID']],
-    'StartBuffers' : [ 0x28, ['unsigned long']],
-    'PointerSize' : [ 0x2c, ['unsigned long']],
-    'EventsLost' : [ 0x30, ['unsigned long']],
-    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
-    'LoggerName' : [ 0x38, ['pointer64', ['unsigned short']]],
-    'LogFileName' : [ 0x40, ['pointer64', ['unsigned short']]],
-    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
-    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
-    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
-    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
-    'ReservedFlags' : [ 0x110, ['unsigned long']],
-    'BuffersLost' : [ 0x114, ['unsigned long']],
-} ],
-  '_WMI_LOGGER_CONTEXT' : [ 0x390, {
-    'LoggerId' : [ 0x0, ['unsigned long']],
-    'BufferSize' : [ 0x4, ['unsigned long']],
-    'MaximumEventSize' : [ 0x8, ['unsigned long']],
-    'LoggerMode' : [ 0xc, ['unsigned long']],
-    'AcceptNewEvents' : [ 0x10, ['long']],
-    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
-    'ErrorMarker' : [ 0x1c, ['unsigned long']],
-    'SizeMask' : [ 0x20, ['unsigned long']],
-    'GetCpuClock' : [ 0x28, ['pointer64', ['void']]],
-    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
-    'LoggerStatus' : [ 0x38, ['long']],
-    'FailureReason' : [ 0x3c, ['unsigned long']],
-    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
-    'OverflowQueue' : [ 0x58, ['_ETW_BUFFER_QUEUE']],
-    'GlobalList' : [ 0x70, ['_LIST_ENTRY']],
-    'ProviderBinaryList' : [ 0x80, ['_LIST_ENTRY']],
-    'BatchedBufferList' : [ 0x90, ['pointer64', ['_WMI_BUFFER_HEADER']]],
-    'CurrentBuffer' : [ 0x90, ['_EX_FAST_REF']],
-    'LoggerName' : [ 0x98, ['_UNICODE_STRING']],
-    'LogFileName' : [ 0xa8, ['_UNICODE_STRING']],
-    'LogFilePattern' : [ 0xb8, ['_UNICODE_STRING']],
-    'NewLogFileName' : [ 0xc8, ['_UNICODE_STRING']],
-    'ClockType' : [ 0xd8, ['unsigned long']],
-    'LastFlushedBuffer' : [ 0xdc, ['unsigned long']],
-    'FlushTimer' : [ 0xe0, ['unsigned long']],
-    'FlushThreshold' : [ 0xe4, ['unsigned long']],
-    'ByteOffset' : [ 0xe8, ['_LARGE_INTEGER']],
-    'MinimumBuffers' : [ 0xf0, ['unsigned long']],
-    'BuffersAvailable' : [ 0xf4, ['long']],
-    'NumberOfBuffers' : [ 0xf8, ['long']],
-    'MaximumBuffers' : [ 0xfc, ['unsigned long']],
-    'EventsLost' : [ 0x100, ['unsigned long']],
-    'PeakBuffersCount' : [ 0x104, ['long']],
-    'BuffersWritten' : [ 0x108, ['unsigned long']],
-    'LogBuffersLost' : [ 0x10c, ['unsigned long']],
-    'RealTimeBuffersDelivered' : [ 0x110, ['unsigned long']],
-    'RealTimeBuffersLost' : [ 0x114, ['unsigned long']],
-    'SequencePtr' : [ 0x118, ['pointer64', ['long']]],
-    'LocalSequence' : [ 0x120, ['unsigned long']],
-    'InstanceGuid' : [ 0x124, ['_GUID']],
-    'MaximumFileSize' : [ 0x134, ['unsigned long']],
-    'FileCounter' : [ 0x138, ['long']],
-    'PoolType' : [ 0x13c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
-    'ReferenceTime' : [ 0x140, ['_ETW_REF_CLOCK']],
-    'CollectionOn' : [ 0x150, ['long']],
-    'ProviderInfoSize' : [ 0x154, ['unsigned long']],
-    'Consumers' : [ 0x158, ['_LIST_ENTRY']],
-    'NumConsumers' : [ 0x168, ['unsigned long']],
-    'TransitionConsumer' : [ 0x170, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
-    'RealtimeLogfileHandle' : [ 0x178, ['pointer64', ['void']]],
-    'RealtimeLogfileName' : [ 0x180, ['_UNICODE_STRING']],
-    'RealtimeWriteOffset' : [ 0x190, ['_LARGE_INTEGER']],
-    'RealtimeReadOffset' : [ 0x198, ['_LARGE_INTEGER']],
-    'RealtimeLogfileSize' : [ 0x1a0, ['_LARGE_INTEGER']],
-    'RealtimeLogfileUsage' : [ 0x1a8, ['unsigned long long']],
-    'RealtimeMaximumFileSize' : [ 0x1b0, ['unsigned long long']],
-    'RealtimeBuffersSaved' : [ 0x1b8, ['unsigned long']],
-    'RealtimeReferenceTime' : [ 0x1c0, ['_ETW_REF_CLOCK']],
-    'NewRTEventsLost' : [ 0x1d0, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
-    'LoggerEvent' : [ 0x1d8, ['_KEVENT']],
-    'FlushEvent' : [ 0x1f0, ['_KEVENT']],
-    'FlushTimeOutTimer' : [ 0x208, ['_KTIMER']],
-    'LoggerDpc' : [ 0x248, ['_KDPC']],
-    'LoggerMutex' : [ 0x288, ['_KMUTANT']],
-    'LoggerLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
-    'BufferListSpinLock' : [ 0x2c8, ['unsigned long long']],
-    'BufferListPushLock' : [ 0x2c8, ['_EX_PUSH_LOCK']],
-    'ClientSecurityContext' : [ 0x2d0, ['_SECURITY_CLIENT_CONTEXT']],
-    'TokenAccessInformation' : [ 0x318, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
-    'SecurityDescriptor' : [ 0x320, ['_EX_FAST_REF']],
-    'StartTime' : [ 0x328, ['_LARGE_INTEGER']],
-    'LogFileHandle' : [ 0x330, ['pointer64', ['void']]],
-    'BufferSequenceNumber' : [ 0x338, ['long long']],
-    'Flags' : [ 0x340, ['unsigned long']],
-    'Persistent' : [ 0x340, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'AutoLogger' : [ 0x340, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'FsReady' : [ 0x340, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'RealTime' : [ 0x340, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'Wow' : [ 0x340, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'KernelTrace' : [ 0x340, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'NoMoreEnable' : [ 0x340, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'StackTracing' : [ 0x340, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'ErrorLogged' : [ 0x340, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'RealtimeLoggerContextFreed' : [ 0x340, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'PebsTracing' : [ 0x340, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'PmcCounters' : [ 0x340, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'PageAlignBuffers' : [ 0x340, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'StackLookasideListAllocated' : [ 0x340, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'SecurityTrace' : [ 0x340, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'SpareFlags1' : [ 0x340, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'SystemLoggerIndex' : [ 0x340, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
-    'StackCaching' : [ 0x340, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
-    'SpareFlags2' : [ 0x340, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
-    'RequestFlag' : [ 0x344, ['unsigned long']],
-    'DbgRequestNewFile' : [ 0x344, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'DbgRequestUpdateFile' : [ 0x344, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'DbgRequestFlush' : [ 0x344, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'DbgRequestDisableRealtime' : [ 0x344, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'DbgRequestDisconnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'DbgRequestConnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'DbgRequestNotifyConsumer' : [ 0x344, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'DbgRequestUpdateHeader' : [ 0x344, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'DbgRequestDeferredFlush' : [ 0x344, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'DbgRequestDeferredFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'DbgRequestFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'DbgRequestUpdateDebugger' : [ 0x344, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'DbgSpareRequestFlags' : [ 0x344, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
-    'HookIdMap' : [ 0x348, ['_RTL_BITMAP']],
-    'StackCache' : [ 0x358, ['pointer64', ['_ETW_STACK_CACHE']]],
-    'PmcData' : [ 0x360, ['pointer64', ['_ETW_PMC_SUPPORT']]],
-    'WinRtProviderBinaryList' : [ 0x368, ['_LIST_ENTRY']],
-    'ScratchArray' : [ 0x378, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
-    'DisallowedGuids' : [ 0x380, ['_DISALLOWED_GUIDS']],
-} ],
-  '_ETW_PMC_SUPPORT' : [ 0x28, {
-    'Source' : [ 0x0, ['array', -16, ['Enumeration', dict(target = 'long', choices = {0: 'ProfileTime', 1: 'ProfileAlignmentFixup', 2: 'ProfileTotalIssues', 3: 'ProfilePipelineDry', 4: 'ProfileLoadInstructions', 5: 'ProfilePipelineFrozen', 6: 'ProfileBranchInstructions', 7: 'ProfileTotalNonissues', 8: 'ProfileDcacheMisses', 9: 'ProfileIcacheMisses', 10: 'ProfileCacheMisses', 11: 'ProfileBranchMispredictions', 12: 'ProfileStoreInstructions', 13: 'ProfileFpInstructions', 14: 'ProfileIntegerInstructions', 15: 'Profile2Issue', 16: 'Profile3Issue', 17: 'Profile4Issue', 18: 'ProfileSpecialInstructions', 19: 'ProfileTotalCycles', 20: 'ProfileIcacheIssues', 21: 'ProfileDcacheAccesses', 22: 'ProfileMemoryBarrierCycles', 23: 'ProfileLoadLinkedIssues', 24: 'ProfileMaximum'})]]],
-    'HookIdCount' : [ 0x10, ['unsigned long']],
-    'HookId' : [ 0x14, ['array', 4, ['unsigned short']]],
-    'CountersCount' : [ 0x1c, ['unsigned long']],
-    'ProcessorCtrs' : [ 0x20, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
-} ],
-  '_ETW_SILODRIVERSTATE' : [ 0x13a8, {
-    'EtwpSecurityProviderGuidEntry' : [ 0x0, ['_ETW_GUID_ENTRY']],
-    'EtwpLoggerRundown' : [ 0x190, ['array', 64, ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
-    'WmipLoggerContext' : [ 0x390, ['array', 64, ['pointer64', ['_WMI_LOGGER_CONTEXT']]]],
-    'EtwpGuidHashTable' : [ 0x590, ['array', 64, ['_ETW_HASH_BUCKET']]],
-    'EtwpSecurityLoggers' : [ 0x1390, ['array', 8, ['unsigned short']]],
-    'EtwpSecurityProviderEnableMask' : [ 0x13a0, ['unsigned char']],
-    'EtwpShutdownInProgress' : [ 0x13a1, ['unsigned char']],
-    'EtwpSecurityProviderPID' : [ 0x13a4, ['unsigned long']],
-} ],
-  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x18, {
-    'RunRefs' : [ 0x0, ['pointer64', ['_EX_RUNDOWN_REF']]],
-    'PoolToFree' : [ 0x8, ['pointer64', ['void']]],
-    'RunRefSize' : [ 0x10, ['unsigned long']],
-    'Number' : [ 0x14, ['unsigned long']],
-} ],
-  '_ETW_LOGGER_HANDLE' : [ 0x1, {
-    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
-} ],
-  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
-    'Luid' : [ 0x0, ['_LUID']],
-    'Attributes' : [ 0x8, ['unsigned long']],
-} ],
-  '_TOKEN' : [ 0x480, {
-    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
-    'TokenId' : [ 0x10, ['_LUID']],
-    'AuthenticationId' : [ 0x18, ['_LUID']],
-    'ParentTokenId' : [ 0x20, ['_LUID']],
-    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
-    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
-    'ModifiedId' : [ 0x38, ['_LUID']],
-    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
-    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
-    'SessionId' : [ 0x78, ['unsigned long']],
-    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
-    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
-    'VariableLength' : [ 0x84, ['unsigned long']],
-    'DynamicCharged' : [ 0x88, ['unsigned long']],
-    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
-    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
-    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
-    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
-    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
-    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
-    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
-    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
-    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
-    'TokenFlags' : [ 0xc8, ['unsigned long']],
-    'TokenInUse' : [ 0xcc, ['unsigned char']],
-    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
-    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
-    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
-    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
-    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
-    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
-    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
-    'Package' : [ 0x310, ['pointer64', ['void']]],
-    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
-    'CapabilityCount' : [ 0x320, ['unsigned long']],
-    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
-    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
-    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_LOWBOX_HANDLES_ENTRY']]],
-    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
-    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
-    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
-    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
-    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
-    'IndexEntry' : [ 0x470, ['pointer64', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
-    'VariablePart' : [ 0x478, ['unsigned long long']],
-} ],
-  '_SEP_LOGON_SESSION_REFERENCES' : [ 0xb0, {
-    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
-    'LogonId' : [ 0x8, ['_LUID']],
-    'BuddyLogonId' : [ 0x10, ['_LUID']],
-    'ReferenceCount' : [ 0x18, ['long long']],
-    'Flags' : [ 0x20, ['unsigned long']],
-    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
-    'Token' : [ 0x30, ['pointer64', ['void']]],
-    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
-    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
-    'LowBoxHandlesTable' : [ 0x58, ['_SEP_LOWBOX_HANDLES_TABLE']],
-    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
-    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
-    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
-    'RevocationBlock' : [ 0x80, ['_OB_HANDLE_REVOCATION_BLOCK']],
-    'ServerSilo' : [ 0xa0, ['pointer64', ['_EJOB']]],
-    'SiblingAuthId' : [ 0xa8, ['_LUID']],
-} ],
-  '_OBJECT_HEADER' : [ 0x38, {
-    'PointerCount' : [ 0x0, ['long long']],
-    'HandleCount' : [ 0x8, ['long long']],
-    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
-    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
-    'TypeIndex' : [ 0x18, ['unsigned char']],
-    'TraceFlags' : [ 0x19, ['unsigned char']],
-    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'InfoMask' : [ 0x1a, ['unsigned char']],
-    'Flags' : [ 0x1b, ['unsigned char']],
-    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'Spare' : [ 0x1c, ['unsigned long']],
-    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
-    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
-    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
-    'Body' : [ 0x30, ['_QUAD']],
-} ],
-  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
-    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
-    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
-    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
-    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
-    'Reserved' : [ 0x18, ['unsigned long long']],
-} ],
-  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
-    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
-    'Reserved' : [ 0x8, ['unsigned long long']],
-} ],
-  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
-    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
-    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
-} ],
-  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
-    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
-    'Name' : [ 0x8, ['_UNICODE_STRING']],
-    'ReferenceCount' : [ 0x18, ['long']],
-} ],
-  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
-    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
-    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
-    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
-    'Reserved' : [ 0x1a, ['unsigned short']],
-} ],
-  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
-    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
-    'Reserved' : [ 0x8, ['unsigned long long']],
-} ],
-  '_OBJECT_HEADER_HANDLE_REVOCATION_INFO' : [ 0x20, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'RevocationBlock' : [ 0x10, ['pointer64', ['_OB_HANDLE_REVOCATION_BLOCK']]],
-    'Padding1' : [ 0x18, ['array', 4, ['unsigned char']]],
-    'Padding2' : [ 0x1c, ['array', 4, ['unsigned char']]],
-} ],
-  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
-    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
-    'Object' : [ 0x8, ['pointer64', ['void']]],
-    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
-    'HashValue' : [ 0x18, ['unsigned long']],
-    'HashIndex' : [ 0x1c, ['unsigned short']],
-    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
-    'LockedExclusive' : [ 0x1f, ['unsigned char']],
-    'LockStateSignature' : [ 0x20, ['unsigned long']],
-} ],
-  '_OBJECT_DIRECTORY' : [ 0x158, {
-    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
-    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
-    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
-    'ShadowDirectory' : [ 0x138, ['pointer64', ['_OBJECT_DIRECTORY']]],
-    'SessionId' : [ 0x140, ['unsigned long']],
-    'NamespaceEntry' : [ 0x148, ['pointer64', ['void']]],
-    'Flags' : [ 0x150, ['unsigned long']],
-} ],
-  '_OBP_SILODRIVERSTATE' : [ 0x2e0, {
-    'SystemDeviceMap' : [ 0x0, ['pointer64', ['_DEVICE_MAP']]],
-    'SystemDosDeviceState' : [ 0x8, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
-    'DeviceMapLock' : [ 0x78, ['_EX_PUSH_LOCK']],
-    'PrivateNamespaceLookupTable' : [ 0x80, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
-} ],
-  '_DEVICE_MAP' : [ 0x40, {
-    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
-    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
-    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
-    'ReferenceCount' : [ 0x18, ['long']],
-    'DriveMap' : [ 0x1c, ['unsigned long']],
-    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
-} ],
-  '_WHEAP_INFO_BLOCK' : [ 0x18, {
-    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
-    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
-    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
-} ],
-  '_WHEAP_ERROR_SOURCE' : [ 0x428, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'FailedAllocations' : [ 0x10, ['unsigned long']],
-    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
-    'ErrorCount' : [ 0x18, ['long']],
-    'RecordCount' : [ 0x1c, ['unsigned long']],
-    'RecordLength' : [ 0x20, ['unsigned long']],
-    'PoolTag' : [ 0x24, ['unsigned long']],
-    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
-    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
-    'Context' : [ 0x38, ['pointer64', ['void']]],
-    'SectionCount' : [ 0x40, ['unsigned long']],
-    'SectionLength' : [ 0x44, ['unsigned long']],
-    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
-    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
-    'TotalErrors' : [ 0x54, ['unsigned long']],
-    'Deferred' : [ 0x58, ['unsigned char']],
-    'Descriptor' : [ 0x59, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
-} ],
-  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
-    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'Length' : [ 0x10, ['unsigned long']],
-    'ProcessorNumber' : [ 0x14, ['unsigned long']],
-    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
-    'InUse' : [ 0x1c, ['long']],
-    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
-    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
-} ],
-  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
-    'SpinLock' : [ 0x0, ['unsigned long long']],
-    'ConnectLock' : [ 0x8, ['_KEVENT']],
-    'LineMasked' : [ 0x20, ['unsigned char']],
-    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
-} ],
-  '_WNF_STATE_NAME' : [ 0x8, {
-    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
-} ],
-  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
-    'ImpersonationData' : [ 0x0, ['unsigned long long']],
-    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
-    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
-    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
-} ],
-  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
-    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
-    'AlphaControlSet' : [ 0x0, ['unsigned long']],
-    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
-    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
-    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
-    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
-    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
-    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
-} ],
-  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
-    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
-} ],
-  '_POP_FX_PLUGIN' : [ 0xb8, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'Version' : [ 0x10, ['unsigned long']],
-    'Flags' : [ 0x18, ['unsigned long long']],
-    'WorkQueue' : [ 0x20, ['_KQUEUE']],
-    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
-    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
-    'AcceptAcpiNotification' : [ 0x70, ['pointer64', ['void']]],
-    'WorkOrderCount' : [ 0x78, ['unsigned long']],
-    'WorkOrders' : [ 0x80, ['array', 1, ['_POP_FX_WORK_ORDER']]],
-} ],
-  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
-    'Continue' : [ 0x0, ['unsigned long']],
-    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
-    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
-} ],
-  '_LPCP_MESSAGE' : [ 0x50, {
-    'Entry' : [ 0x0, ['_LIST_ENTRY']],
-    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-    'Reserved0' : [ 0x8, ['unsigned long']],
-    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
-    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
-    'PortContext' : [ 0x20, ['pointer64', ['void']]],
-    'Request' : [ 0x28, ['_PORT_MESSAGE']],
-} ],
-  '_HARDWARE_PTE' : [ 0x8, {
-    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
-    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
-    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
-    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
-    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
-    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
-    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
-    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
-    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
-    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
-    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
-    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
-    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
-    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
-    'Flags' : [ 0x0, ['unsigned long']],
-    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
-    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
-    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
-    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
-    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
-    'MaxViewSize' : [ 0x30, ['unsigned long long']],
-    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
-    'DupObjectTypes' : [ 0x40, ['unsigned long']],
-    'Reserved' : [ 0x44, ['unsigned long']],
-} ],
-  '_MI_PARTITION_SEGMENTS' : [ 0x180, {
-    'DeleteSubsectionCleanup' : [ 0x0, ['_KEVENT']],
-    'UnusedSegmentCleanup' : [ 0x18, ['_KEVENT']],
-    'SubsectionDeletePtes' : [ 0x30, ['unsigned long long']],
-    'DereferenceSegmentHeader' : [ 0x38, ['_MMDEREFERENCE_SEGMENT_HEADER']],
-    'DeleteOnCloseList' : [ 0x68, ['_LIST_ENTRY']],
-    'DeleteOnCloseTimer' : [ 0x78, ['_KTIMER']],
-    'DeleteOnCloseTimerActive' : [ 0xb8, ['unsigned char']],
-    'DeleteOnCloseCount' : [ 0xbc, ['unsigned long']],
-    'UnusedSegmentList' : [ 0xc0, ['_LIST_ENTRY']],
-    'UnusedSubsectionList' : [ 0xd0, ['_LIST_ENTRY']],
-    'DeleteSubsectionList' : [ 0xe0, ['_LIST_ENTRY']],
-    'ControlAreaDeleteEvent' : [ 0xf0, ['_KEVENT']],
-    'ControlAreaDeleteList' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
-    'SegmentListLock' : [ 0x140, ['long']],
-} ],
-  '_KSTACK_COUNT' : [ 0x4, {
-    'Value' : [ 0x0, ['long']],
-    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
-    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
-    'Version' : [ 0x0, ['unsigned char']],
-    'DataCount' : [ 0x1, ['unsigned char']],
-    'SemanticType' : [ 0x2, ['unsigned char']],
-    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
-    'AttributeType' : [ 0x0, ['unsigned long']],
-} ],
-  '_KENTROPY_TIMING_STATE' : [ 0x150, {
-    'EntropyCount' : [ 0x0, ['unsigned long']],
-    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
-    'Dpc' : [ 0x108, ['_KDPC']],
-    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
-} ],
-  '_HEAP_UNPACKED_ENTRY' : [ 0x10, {
-    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
-    'Size' : [ 0x8, ['unsigned short']],
-    'Flags' : [ 0xa, ['unsigned char']],
-    'SmallTagIndex' : [ 0xb, ['unsigned char']],
-    'SubSegmentCode' : [ 0x8, ['unsigned long']],
-    'PreviousSize' : [ 0xc, ['unsigned short']],
-    'SegmentOffset' : [ 0xe, ['unsigned char']],
-    'LFHFlags' : [ 0xe, ['unsigned char']],
-    'UnusedBytes' : [ 0xf, ['unsigned char']],
-    'CompactHeader' : [ 0x8, ['unsigned long long']],
-} ],
-  '_PEP_ACPI_SPB_RESOURCE' : [ 0x28, {
-    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
-    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
-    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
-    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
-    'ResourceSourceName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
-    'VendorData' : [ 0x18, ['pointer64', ['unsigned char']]],
-    'VendorDataLength' : [ 0x20, ['unsigned short']],
-} ],
-  '_DISPATCHER_HEADER' : [ 0x18, {
-    'Lock' : [ 0x0, ['long']],
-    'LockNV' : [ 0x0, ['long']],
-    'Type' : [ 0x0, ['unsigned char']],
-    'Signalling' : [ 0x1, ['unsigned char']],
-    'Size' : [ 0x2, ['unsigned char']],
-    'Reserved1' : [ 0x3, ['unsigned char']],
-    'TimerType' : [ 0x0, ['unsigned char']],
-    'TimerControlFlags' : [ 0x1, ['unsigned char']],
-    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
-    'Hand' : [ 0x2, ['unsigned char']],
-    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
-    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
-    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'Timer2Type' : [ 0x0, ['unsigned char']],
-    'Timer2Flags' : [ 0x1, ['unsigned char']],
-    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
-    'Timer2Reserved1' : [ 0x2, ['unsigned char']],
-    'Timer2Reserved2' : [ 0x3, ['unsigned char']],
-    'QueueType' : [ 0x0, ['unsigned char']],
-    'QueueControlFlags' : [ 0x1, ['unsigned char']],
-    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
-    'QueueSize' : [ 0x2, ['unsigned char']],
-    'QueueReserved' : [ 0x3, ['unsigned char']],
-    'ThreadType' : [ 0x0, ['unsigned char']],
-    'ThreadReserved' : [ 0x1, ['unsigned char']],
-    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
-    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
-    'DebugActive' : [ 0x3, ['unsigned char']],
-    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
-    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'MutantType' : [ 0x0, ['unsigned char']],
-    'MutantSize' : [ 0x1, ['unsigned char']],
-    'DpcActive' : [ 0x2, ['unsigned char']],
-    'MutantReserved' : [ 0x3, ['unsigned char']],
-    'SignalState' : [ 0x4, ['long']],
-    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
-} ],
-  '_ETW_GUID_ENTRY' : [ 0x190, {
-    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
-    'RefCount' : [ 0x10, ['long long']],
-    'Guid' : [ 0x18, ['_GUID']],
-    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
-    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
-    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
-    'MatchId' : [ 0x40, ['unsigned long long']],
-    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
-    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
-    'FilterData' : [ 0x170, ['pointer64', ['_ETW_FILTER_HEADER']]],
-    'HostSilo' : [ 0x178, ['unsigned char']],
-    'Lock' : [ 0x180, ['_EX_PUSH_LOCK']],
-    'LockOwner' : [ 0x188, ['pointer64', ['_ETHREAD']]],
-} ],
-  '_VI_POOL_ENTRY' : [ 0x20, {
-    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
-    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
-    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
-} ],
-  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
-    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
-    'FileOffset' : [ 0x0, ['unsigned long long']],
-    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
-    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
-    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
-    'WaitReason' : [ 0x8, ['unsigned long']],
-    'WaitResponse' : [ 0xc, ['unsigned long']],
-    'Gate' : [ 0x10, ['_KGATE']],
-} ],
-  '_HEAP_COUNTERS' : [ 0x78, {
-    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
-    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
-    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
-    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
-    'TotalSegments' : [ 0x20, ['unsigned long']],
-    'TotalUCRs' : [ 0x24, ['unsigned long']],
-    'CommittOps' : [ 0x28, ['unsigned long']],
-    'DeCommitOps' : [ 0x2c, ['unsigned long']],
-    'LockAcquires' : [ 0x30, ['unsigned long']],
-    'LockCollisions' : [ 0x34, ['unsigned long']],
-    'CommitRate' : [ 0x38, ['unsigned long']],
-    'DecommittRate' : [ 0x3c, ['unsigned long']],
-    'CommitFailures' : [ 0x40, ['unsigned long']],
-    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
-    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
-    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
-    'HeapPollInterval' : [ 0x50, ['unsigned long']],
-    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
-    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
-    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
-    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
-    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
-    'LastPolledSize' : [ 0x70, ['unsigned long long']],
-} ],
-  '_TraceLoggingMetadata_t' : [ 0x10, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'Size' : [ 0x4, ['unsigned short']],
-    'Version' : [ 0x6, ['unsigned char']],
-    'Flags' : [ 0x7, ['unsigned char']],
-    'Magic' : [ 0x8, ['unsigned long long']],
-} ],
-  '_MI_VISIBLE_PARTITION' : [ 0x1100, {
-    'LowestPhysicalPage' : [ 0x0, ['unsigned long long']],
-    'HighestPhysicalPage' : [ 0x8, ['unsigned long long']],
-    'NumberOfPhysicalPages' : [ 0x10, ['unsigned long long']],
-    'NumberOfPagingFiles' : [ 0x18, ['unsigned long']],
-    'PagingFile' : [ 0x20, ['array', 16, ['pointer64', ['_MMPAGING_FILE']]]],
-    'AvailablePages' : [ 0xc0, ['unsigned long long']],
-    'ResidentAvailablePages' : [ 0x100, ['unsigned long long']],
-    'TotalCommittedPages' : [ 0x108, ['unsigned long long']],
-    'ModifiedPageListHead' : [ 0x140, ['_MMPFNLIST']],
-    'ModifiedNoWritePageListHead' : [ 0x180, ['_MMPFNLIST']],
-    'TotalCommitLimit' : [ 0x1a8, ['unsigned long long']],
-    'TotalPagesForPagingFile' : [ 0x1b0, ['unsigned long long']],
-    'VadPhysicalPages' : [ 0x1b8, ['unsigned long long']],
-    'ProcessLockedFilePages' : [ 0x1c0, ['unsigned long long']],
-    'ChargeCommitmentFailures' : [ 0x1c8, ['array', 4, ['unsigned long']]],
-    'PageTableBitmapPages' : [ 0x1d8, ['unsigned long long']],
-    'PageFileTraceIndex' : [ 0x1e0, ['long']],
-    'PageFileTraces' : [ 0x1e8, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
-} ],
-  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x20, {
-    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
-    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
-    'Rundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
-} ],
-  '_SYSPTES_HEADER' : [ 0x118, {
-    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
-    'Count' : [ 0x100, ['unsigned long long']],
-    'NumberOfEntries' : [ 0x108, ['unsigned long long']],
-    'NumberOfEntriesPeak' : [ 0x110, ['unsigned long long']],
-} ],
-  '_EXCEPTION_RECORD' : [ 0x98, {
-    'ExceptionCode' : [ 0x0, ['long']],
-    'ExceptionFlags' : [ 0x4, ['unsigned long']],
-    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
-    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
-    'NumberParameters' : [ 0x18, ['unsigned long']],
-    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
-} ],
-  '_MI_ACTIVE_WSLE_LISTHEAD' : [ 0x10, {
-    'Flink' : [ 0x0, ['unsigned long long']],
-    'Blink' : [ 0x8, ['unsigned long long']],
-} ],
-  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
-    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
-    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
-    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
-    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
-    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
-    'Problem' : [ 0x54, ['unsigned long']],
-    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
-    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
-    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
-    'DequeuePending' : [ 0x68, ['unsigned char']],
-    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'QueryRemoveDevice', 1: 'CancelRemoveDevice', 2: 'RemoveDevice', 3: 'SurpriseRemoveDevice', 4: 'EjectDevice', 5: 'RemoveFailedDevice', 6: 'RemoveUnstartedFailedDevice', 7: 'MaxDeviceDeleteType'})]],
-} ],
-  '_PPM_PLATFORM_STATE' : [ 0x180, {
-    'Latency' : [ 0x0, ['unsigned long']],
-    'BreakEvenDuration' : [ 0x4, ['unsigned long']],
-    'VetoAccounting' : [ 0x8, ['_PPM_VETO_ACCOUNTING']],
-    'TransitionDebugger' : [ 0x30, ['unsigned char']],
-    'Platform' : [ 0x31, ['unsigned char']],
-    'DependencyListCount' : [ 0x34, ['unsigned long']],
-    'Processors' : [ 0x38, ['_KAFFINITY_EX']],
-    'Name' : [ 0xe0, ['_UNICODE_STRING']],
-    'DependencyLists' : [ 0xf0, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
-    'Synchronization' : [ 0xf8, ['_PPM_COORDINATED_SYNCHRONIZATION']],
-    'EnterTime' : [ 0x100, ['unsigned long long']],
-    'RefCount' : [ 0x140, ['long']],
-    'CacheAlign0' : [ 0x140, ['array', 64, ['unsigned char']]],
-} ],
-  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x48, {
-    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
-    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
-} ],
-  '_TOKEN_ACCESS_INFORMATION' : [ 0x58, {
-    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
-    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
-    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
-    'AuthenticationId' : [ 0x18, ['_LUID']],
-    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
-    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
-    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
-    'Flags' : [ 0x2c, ['unsigned long']],
-    'AppContainerNumber' : [ 0x30, ['unsigned long']],
-    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
-    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
-    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
-    'SecurityAttributes' : [ 0x50, ['pointer64', ['void']]],
-} ],
-  '_CELL_DATA' : [ 0x50, {
-    'u' : [ 0x0, ['_u']],
-} ],
-  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
-    'PrivilegeCount' : [ 0x0, ['unsigned long']],
-    'Control' : [ 0x4, ['unsigned long']],
-    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
-} ],
-  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
-    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
-    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
-} ],
-  '_MMWSLE_NONDIRECT_HASH' : [ 0x10, {
-    'Key' : [ 0x0, ['pointer64', ['void']]],
-    'Index' : [ 0x8, ['unsigned long long']],
-} ],
-  '_POP_FX_WORK_ORDER' : [ 0x38, {
-    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
-    'WorkCount' : [ 0x20, ['long']],
-    'Context' : [ 0x28, ['pointer64', ['void']]],
-    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
-} ],
-  '_SEGMENT_FLAGS' : [ 0x4, {
-    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
-    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
-    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
-    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
-    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
-    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
-    'Short0' : [ 0x0, ['unsigned short']],
-    'FloppyMedia' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
-    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'UChar1' : [ 0x2, ['unsigned char']],
-    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
-    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
-    'UChar2' : [ 0x3, ['unsigned char']],
-} ],
-  '_KAPC' : [ 0x58, {
-    'Type' : [ 0x0, ['unsigned char']],
-    'SpareByte0' : [ 0x1, ['unsigned char']],
-    'Size' : [ 0x2, ['unsigned char']],
-    'SpareByte1' : [ 0x3, ['unsigned char']],
-    'SpareLong0' : [ 0x4, ['unsigned long']],
-    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
-    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
-    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
-    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
-    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
-    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
-    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
-    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
-    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
-    'ApcStateIndex' : [ 0x50, ['unsigned char']],
-    'ApcMode' : [ 0x51, ['unsigned char']],
-    'Inserted' : [ 0x52, ['unsigned char']],
-} ],
-  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
-    'InterruptTime' : [ 0x0, ['unsigned long long']],
-    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
-} ],
-  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
-    'Va' : [ 0x0, ['unsigned long long']],
-    'Key' : [ 0x8, ['unsigned long']],
-    'Pattern' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
-    'PoolType' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
-    'SlushSize' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
-    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
-} ],
-  'tagSWITCH_CONTEXT_DATA' : [ 0x50, {
-    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
-    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
-    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
-    'guPlatform' : [ 0x18, ['_GUID']],
-    'guMinPlatform' : [ 0x28, ['_GUID']],
-    'ulContextSource' : [ 0x38, ['unsigned long']],
-    'ulElementCount' : [ 0x3c, ['unsigned long']],
-    'guElements' : [ 0x40, ['array', 1, ['_GUID']]],
-} ],
-  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x30, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'Count' : [ 0x4, ['long']],
-    'Items' : [ 0x8, ['_LIST_ENTRY']],
-    'InsertLock' : [ 0x18, ['_KEVENT']],
-} ],
-  '_ETW_HASH_BUCKET' : [ 0x38, {
-    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
-    'BucketLock' : [ 0x30, ['_EX_PUSH_LOCK']],
-} ],
-  '_TEB_ACTIVE_FRAME' : [ 0x18, {
-    'Flags' : [ 0x0, ['unsigned long']],
-    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
-    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
-} ],
-  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
-    'NextEntryOffset' : [ 0x0, ['unsigned long']],
-    'SidLength' : [ 0x4, ['unsigned long']],
-    'Sid' : [ 0x8, ['_SID']],
-} ],
-  '_ACCESS_REASONS' : [ 0x80, {
-    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
-} ],
-  '_CM_KEY_BODY' : [ 0x58, {
-    'Type' : [ 0x0, ['unsigned long']],
-    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
-    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
-    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
-    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
-    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
-    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
-    'KtmTrans' : [ 0x38, ['pointer64', ['void']]],
-    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
-    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
-} ],
-  '_KWAIT_BLOCK' : [ 0x30, {
-    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'WaitType' : [ 0x10, ['unsigned char']],
-    'BlockState' : [ 0x11, ['unsigned char']],
-    'WaitKey' : [ 0x12, ['unsigned short']],
-    'SpareLong' : [ 0x14, ['long']],
-    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
-    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
-    'Object' : [ 0x20, ['pointer64', ['void']]],
-    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
-} ],
-  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
-    'Continue' : [ 0x0, ['unsigned long']],
-    'TraceFlag' : [ 0x4, ['unsigned long']],
-    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
-    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
-} ],
-  '_MMPTE_PROTOTYPE' : [ 0x8, {
-    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
-    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
-    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
-    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
-    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
-    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
-    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
-} ],
-  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
-    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
-    'AsULONG' : [ 0x0, ['unsigned long']],
-} ],
-  '_THERMAL_INFORMATION_EX' : [ 0x58, {
-    'ThermalStamp' : [ 0x0, ['unsigned long']],
-    'ThermalConstant1' : [ 0x4, ['unsigned long']],
-    'ThermalConstant2' : [ 0x8, ['unsigned long']],
-    'SamplingPeriod' : [ 0xc, ['unsigned long']],
-    'CurrentTemperature' : [ 0x10, ['unsigned long']],
-    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
-    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
-    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
-    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
-    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
-    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
-    'MinimumThrottle' : [ 0x50, ['unsigned long']],
-    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
-} ],
-  '__unnamed_1ed8' : [ 0x4, {
-    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
-    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-} ],
-  '__unnamed_1eda' : [ 0x4, {
-    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
-    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
-} ],
-  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
-    'File' : [ 0x0, ['__unnamed_1ed8']],
-    'Private' : [ 0x0, ['__unnamed_1eda']],
-} ],
-  '_KTIMER2' : [ 0x88, {
-    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
-    'RbNodes' : [ 0x18, ['array', 2, ['_RTL_BALANCED_NODE']]],
-    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
-    'DueTime' : [ 0x48, ['array', 2, ['unsigned long long']]],
-    'Period' : [ 0x58, ['long long']],
-    'Callback' : [ 0x60, ['pointer64', ['void']]],
-    'CallbackContext' : [ 0x68, ['pointer64', ['void']]],
-    'DisableCallback' : [ 0x70, ['pointer64', ['void']]],
-    'DisableContext' : [ 0x78, ['pointer64', ['void']]],
-    'AbsoluteSystemTime' : [ 0x80, ['unsigned char']],
-    'TypeFlags' : [ 0x81, ['unsigned char']],
-    'Unused' : [ 0x81, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'IdleResilient' : [ 0x81, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'HighResolution' : [ 0x81, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'NoWake' : [ 0x81, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'Unused1' : [ 0x81, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
-    'CollectionIndex' : [ 0x82, ['array', 2, ['unsigned char']]],
-} ],
-  '_VI_VERIFIER_ISSUE' : [ 0x20, {
-    'IssueType' : [ 0x0, ['unsigned long long']],
-    'Address' : [ 0x8, ['pointer64', ['void']]],
-    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
-} ],
-  '_MMSUBSECTION_FLAGS' : [ 0x4, {
-    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
-    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
-    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
-    'SubsectionMappedDirect' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
-    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
-    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
-} ],
-  '_EXCEPTION_POINTERS' : [ 0x10, {
-    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
-    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
-} ],
-  '_KMUTANT' : [ 0x38, {
-    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
-    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
-    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
-    'Abandoned' : [ 0x30, ['unsigned char']],
-    'ApcDisable' : [ 0x31, ['unsigned char']],
-} ],
-  '_OBJECT_REF_INFO' : [ 0x28, {
-    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
-    'NextRef' : [ 0x8, ['pointer64', ['void']]],
-    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
-    'NextPos' : [ 0x20, ['unsigned short']],
-    'MaxStacks' : [ 0x22, ['unsigned short']],
-    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
-} ],
-  '_HBIN' : [ 0x20, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'FileOffset' : [ 0x4, ['unsigned long']],
-    'Size' : [ 0x8, ['unsigned long']],
-    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
-    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
-    'Spare' : [ 0x1c, ['unsigned long']],
-} ],
-  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x18, {
-    'DynamicRelocations' : [ 0x0, ['pointer64', ['void']]],
-    'SecurityContext' : [ 0x8, ['_IMAGE_SECURITY_CONTEXT']],
-    'StrongImageReference' : [ 0x10, ['unsigned long long']],
-} ],
-  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
-    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
-    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
-    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
-    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
-    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
-    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
-    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
-    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
-    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
-    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
-} ],
-  '_HEAP_TAG_ENTRY' : [ 0x48, {
-    'Allocs' : [ 0x0, ['unsigned long']],
-    'Frees' : [ 0x4, ['unsigned long']],
-    'Size' : [ 0x8, ['unsigned long long']],
-    'TagIndex' : [ 0x10, ['unsigned short']],
-    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
-    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
-} ],
-  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
-    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
-    'EffectiveOnly' : [ 0x9, ['unsigned char']],
-} ],
-  '_MMWSLE_FREE_ENTRY' : [ 0x8, {
-    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 28, native_type='unsigned long long')]],
-    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_NT_TIB' : [ 0x38, {
-    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
-    'StackBase' : [ 0x8, ['pointer64', ['void']]],
-    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
-    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
-    'FiberData' : [ 0x20, ['pointer64', ['void']]],
-    'Version' : [ 0x20, ['unsigned long']],
-    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
-    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
-} ],
-  '_LEARNING_MODE_DATA' : [ 0x8, {
-    'Settings' : [ 0x0, ['unsigned long']],
-    'Enabled' : [ 0x4, ['unsigned char']],
-    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
-} ],
-  '_WHEA_REVISION' : [ 0x2, {
-    'MinorRevision' : [ 0x0, ['unsigned char']],
-    'MajorRevision' : [ 0x1, ['unsigned char']],
-    'AsUSHORT' : [ 0x0, ['unsigned short']],
-} ],
-  '_PPM_IDLE_STATES' : [ 0x418, {
-    'InterfaceVersion' : [ 0x0, ['unsigned char']],
-    'ForceIdle' : [ 0x1, ['unsigned char']],
-    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
-    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
-    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
-    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
-    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
-    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
-    'TargetState' : [ 0xc, ['unsigned long']],
-    'ActualState' : [ 0x10, ['unsigned long']],
-    'OldState' : [ 0x14, ['unsigned long']],
-    'OverrideIndex' : [ 0x18, ['unsigned long']],
-    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
-    'Type' : [ 0x20, ['unsigned long']],
-    'ReasonFlags' : [ 0x24, ['unsigned short']],
-    'InitiateWakeStamp' : [ 0x28, ['unsigned long long']],
-    'PreviousStatus' : [ 0x30, ['long']],
-    'PreviousCancelReason' : [ 0x34, ['unsigned long']],
-    'PrimaryProcessorMask' : [ 0x38, ['_KAFFINITY_EX']],
-    'SecondaryProcessorMask' : [ 0xe0, ['_KAFFINITY_EX']],
-    'IdlePrepare' : [ 0x188, ['pointer64', ['void']]],
-    'IdlePreExecute' : [ 0x190, ['pointer64', ['void']]],
-    'IdleExecute' : [ 0x198, ['pointer64', ['void']]],
-    'IdlePreselect' : [ 0x1a0, ['pointer64', ['void']]],
-    'IdleTest' : [ 0x1a8, ['pointer64', ['void']]],
-    'IdleAvailabilityCheck' : [ 0x1b0, ['pointer64', ['void']]],
-    'IdleComplete' : [ 0x1b8, ['pointer64', ['void']]],
-    'IdleCancel' : [ 0x1c0, ['pointer64', ['void']]],
-    'IdleIsHalted' : [ 0x1c8, ['pointer64', ['void']]],
-    'IdleInitiateWake' : [ 0x1d0, ['pointer64', ['void']]],
-    'PrepareInfo' : [ 0x1d8, ['_PROCESSOR_IDLE_PREPARE_INFO']],
-    'DeepIdleSnapshot' : [ 0x230, ['_KAFFINITY_EX']],
-    'Tracing' : [ 0x2d8, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
-    'CoordinatedTracing' : [ 0x2e0, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
-    'ProcessorMenu' : [ 0x2e8, ['_PPM_SELECTION_MENU']],
-    'CoordinatedMenu' : [ 0x2f8, ['_PPM_SELECTION_MENU']],
-    'CoordinatedSelection' : [ 0x308, ['_PPM_COORDINATED_SELECTION']],
-    'State' : [ 0x320, ['array', 1, ['_PPM_IDLE_STATE']]],
-} ],
-  '_PPM_VETO_ACCOUNTING' : [ 0x28, {
-    'VetoPresent' : [ 0x0, ['long']],
-    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
-    'CsAccountingBlocks' : [ 0x18, ['unsigned char']],
-    'BlocksDrips' : [ 0x19, ['unsigned char']],
-    'PreallocatedVetoCount' : [ 0x1c, ['unsigned long']],
-    'PreallocatedVetoList' : [ 0x20, ['pointer64', ['_PPM_VETO_ENTRY']]],
-} ],
-  '_PEB' : [ 0x7a0, {
-    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
-    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
-    'BeingDebugged' : [ 0x2, ['unsigned char']],
-    'BitField' : [ 0x3, ['unsigned char']],
-    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
-    'Mutant' : [ 0x8, ['pointer64', ['void']]],
-    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
-    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
-    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
-    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
-    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
-    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
-    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['void']]],
-    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
-    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
-    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
-    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
-    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
-    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
-    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
-    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
-    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
-    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
-    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
-    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
-    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
-    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
-    'SparePvoid0' : [ 0x90, ['pointer64', ['void']]],
-    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
-    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
-    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
-    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
-    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
-    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
-    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
-    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
-    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
-    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
-    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
-    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
-    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
-    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
-    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
-    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
-    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
-    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
-    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
-    'OSMajorVersion' : [ 0x118, ['unsigned long']],
-    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
-    'OSBuildNumber' : [ 0x120, ['unsigned short']],
-    'OSCSDVersion' : [ 0x122, ['unsigned short']],
-    'OSPlatformId' : [ 0x124, ['unsigned long']],
-    'ImageSubsystem' : [ 0x128, ['unsigned long']],
-    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
-    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
-    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
-    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
-    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
-    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
-    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
-    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
-    'SessionId' : [ 0x2c0, ['unsigned long']],
-    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
-    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
-    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
-    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
-    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
-    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
-    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
-    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
-    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
-    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
-    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
-    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
-    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
-    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
-    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
-    'FlsHighIndex' : [ 0x350, ['unsigned long']],
-    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
-    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
-    'pUnused' : [ 0x368, ['pointer64', ['void']]],
-    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
-    'TracingFlags' : [ 0x378, ['unsigned long']],
-    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
-    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
-    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
-    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
-    'TppWorkerpList' : [ 0x390, ['_LIST_ENTRY']],
-    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['pointer64', ['void']]]],
-} ],
-  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
-    'Address' : [ 0x20, ['pointer64', ['void']]],
-    'Size' : [ 0x28, ['unsigned long long']],
-} ],
-  '_ETW_REALTIME_CONSUMER' : [ 0x98, {
-    'Links' : [ 0x0, ['_LIST_ENTRY']],
-    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
-    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
-    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
-    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
-    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
-    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
-    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
-    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
-    'BuffersLost' : [ 0x50, ['unsigned long']],
-    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
-    'LoggerId' : [ 0x58, ['unsigned short']],
-    'Flags' : [ 0x5a, ['unsigned char']],
-    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
-    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
-    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
-    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
-    'UserPagesReused' : [ 0x80, ['unsigned long']],
-    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
-    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
-} ],
-  '_POOL_DESCRIPTOR' : [ 0x1140, {
-    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
-    'PagedLock' : [ 0x8, ['_FAST_MUTEX']],
-    'NonPagedLock' : [ 0x8, ['unsigned long long']],
-    'RunningAllocs' : [ 0x40, ['long']],
-    'RunningDeAllocs' : [ 0x44, ['long']],
-    'TotalBigPages' : [ 0x48, ['long']],
-    'ThreadsProcessingDeferrals' : [ 0x4c, ['long']],
-    'TotalBytes' : [ 0x50, ['unsigned long long']],
-    'PoolIndex' : [ 0x80, ['unsigned long']],
-    'TotalPages' : [ 0xc0, ['long']],
-    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
-    'PendingFreeDepth' : [ 0x108, ['long']],
-    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
-} ],
-  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
-    'Policy' : [ 0x0, ['unsigned long']],
-} ],
-  '_BLOB_COUNTERS' : [ 0x8, {
-    'CreatedObjects' : [ 0x0, ['unsigned long']],
-    'DeletedObjects' : [ 0x4, ['unsigned long']],
-} ],
-  '_KGATE' : [ 0x18, {
-    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
-} ],
-  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'Revision' : [ 0x4, ['_WHEA_REVISION']],
-    'SignatureEnd' : [ 0x6, ['unsigned long']],
-    'SectionCount' : [ 0xa, ['unsigned short']],
-    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
-    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
-    'Length' : [ 0x14, ['unsigned long']],
-    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
-    'PlatformId' : [ 0x20, ['_GUID']],
-    'PartitionId' : [ 0x30, ['_GUID']],
-    'CreatorId' : [ 0x40, ['_GUID']],
-    'NotifyType' : [ 0x50, ['_GUID']],
-    'RecordId' : [ 0x60, ['unsigned long long']],
-    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
-    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
-    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
-} ],
-  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
-    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
-    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
-    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
-} ],
-  '_DRIVER_EXTENSION' : [ 0x50, {
-    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
-    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
-    'Count' : [ 0x10, ['unsigned long']],
-    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
-    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
-    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
-    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
-    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
-    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
-} ],
-  '_PRIVILEGE_SET' : [ 0x14, {
-    'PrivilegeCount' : [ 0x0, ['unsigned long']],
-    'Control' : [ 0x4, ['unsigned long']],
-    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
-} ],
-  '_WHEAP_WORK_QUEUE' : [ 0x88, {
-    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
-    'ListLock' : [ 0x10, ['unsigned long long']],
-    'ItemCount' : [ 0x18, ['long']],
-    'Dpc' : [ 0x20, ['_KDPC']],
-    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
-    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
-} ],
-  '_CM_NOTIFY_BLOCK' : [ 0x58, {
-    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
-    'PostList' : [ 0x10, ['_LIST_ENTRY']],
-    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
-    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
-    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
-    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
-    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
-} ],
-  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
-    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
-    'SizeOfImage' : [ 0x4, ['unsigned long']],
-} ],
-  '_KINTERRUPT' : [ 0x100, {
-    'Type' : [ 0x0, ['short']],
-    'Size' : [ 0x2, ['short']],
-    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
-    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
-    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
-    'MessageIndex' : [ 0x28, ['unsigned long']],
-    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
-    'SpinLock' : [ 0x38, ['unsigned long long']],
-    'TickCount' : [ 0x40, ['unsigned long']],
-    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
-    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
-    'Vector' : [ 0x58, ['unsigned long']],
-    'Irql' : [ 0x5c, ['unsigned char']],
-    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
-    'FloatingSave' : [ 0x5e, ['unsigned char']],
-    'Connected' : [ 0x5f, ['unsigned char']],
-    'Number' : [ 0x60, ['unsigned long']],
-    'ShareVector' : [ 0x64, ['unsigned char']],
-    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
-    'ActiveCount' : [ 0x66, ['unsigned short']],
-    'InternalState' : [ 0x68, ['long']],
-    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
-    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
-    'ServiceCount' : [ 0x74, ['unsigned long']],
-    'DispatchCount' : [ 0x78, ['unsigned long']],
-    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
-    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
-    'DisconnectData' : [ 0x90, ['pointer64', ['void']]],
-    'ServiceThread' : [ 0x98, ['pointer64', ['_KTHREAD']]],
-    'ConnectionData' : [ 0xa0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
-    'IntTrackEntry' : [ 0xa8, ['pointer64', ['void']]],
-    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
-    'RedirectObject' : [ 0xf0, ['pointer64', ['void']]],
-    'Padding' : [ 0xf8, ['array', 8, ['unsigned char']]],
-} ],
-  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
-    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
-    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
-    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
-    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
-} ],
-  '_IMAGE_FILE_HEADER' : [ 0x14, {
-    'Machine' : [ 0x0, ['unsigned short']],
-    'NumberOfSections' : [ 0x2, ['unsigned short']],
-    'TimeDateStamp' : [ 0x4, ['unsigned long']],
-    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
-    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
-    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
-    'Characteristics' : [ 0x12, ['unsigned short']],
-} ],
-  '_MMEXTEND_INFO' : [ 0x10, {
-    'CommittedSize' : [ 0x0, ['unsigned long long']],
-    'ReferenceCount' : [ 0x8, ['unsigned long']],
-} ],
-  '_STRING64' : [ 0x10, {
-    'Length' : [ 0x0, ['unsigned short']],
-    'MaximumLength' : [ 0x2, ['unsigned short']],
-    'Buffer' : [ 0x8, ['unsigned long long']],
-} ],
-  '_HIVE_LIST_ENTRY' : [ 0x98, {
-    'FileName' : [ 0x0, ['pointer64', ['unsigned short']]],
-    'BaseName' : [ 0x8, ['pointer64', ['unsigned short']]],
-    'RegRootName' : [ 0x10, ['pointer64', ['unsigned short']]],
-    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
-    'HHiveFlags' : [ 0x20, ['unsigned long']],
-    'CmHiveFlags' : [ 0x24, ['unsigned long']],
-    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
-    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
-    'HiveMounted' : [ 0x38, ['unsigned char']],
-    'ThreadFinished' : [ 0x39, ['unsigned char']],
-    'ThreadStarted' : [ 0x3a, ['unsigned char']],
-    'Allocate' : [ 0x3b, ['unsigned char']],
-    'WinPERequired' : [ 0x3c, ['unsigned char']],
-    'StartEvent' : [ 0x40, ['_KEVENT']],
-    'FinishedEvent' : [ 0x58, ['_KEVENT']],
-    'MountLock' : [ 0x70, ['_KEVENT']],
-    'FilePath' : [ 0x88, ['_UNICODE_STRING']],
-} ],
-  '_HMAP_DIRECTORY' : [ 0x2000, {
-    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
-} ],
-  '_CONTEXT' : [ 0x4d0, {
-    'P1Home' : [ 0x0, ['unsigned long long']],
-    'P2Home' : [ 0x8, ['unsigned long long']],
-    'P3Home' : [ 0x10, ['unsigned long long']],
-    'P4Home' : [ 0x18, ['unsigned long long']],
-    'P5Home' : [ 0x20, ['unsigned long long']],
-    'P6Home' : [ 0x28, ['unsigned long long']],
-    'ContextFlags' : [ 0x30, ['unsigned long']],
-    'MxCsr' : [ 0x34, ['unsigned long']],
-    'SegCs' : [ 0x38, ['unsigned short']],
-    'SegDs' : [ 0x3a, ['unsigned short']],
-    'SegEs' : [ 0x3c, ['unsigned short']],
-    'SegFs' : [ 0x3e, ['unsigned short']],
-    'SegGs' : [ 0x40, ['unsigned short']],
-    'SegSs' : [ 0x42, ['unsigned short']],
-    'EFlags' : [ 0x44, ['unsigned long']],
-    'Dr0' : [ 0x48, ['unsigned long long']],
-    'Dr1' : [ 0x50, ['unsigned long long']],
-    'Dr2' : [ 0x58, ['unsigned long long']],
-    'Dr3' : [ 0x60, ['unsigned long long']],
-    'Dr6' : [ 0x68, ['unsigned long long']],
-    'Dr7' : [ 0x70, ['unsigned long long']],
-    'Rax' : [ 0x78, ['unsigned long long']],
-    'Rcx' : [ 0x80, ['unsigned long long']],
-    'Rdx' : [ 0x88, ['unsigned long long']],
-    'Rbx' : [ 0x90, ['unsigned long long']],
-    'Rsp' : [ 0x98, ['unsigned long long']],
-    'Rbp' : [ 0xa0, ['unsigned long long']],
-    'Rsi' : [ 0xa8, ['unsigned long long']],
-    'Rdi' : [ 0xb0, ['unsigned long long']],
-    'R8' : [ 0xb8, ['unsigned long long']],
-    'R9' : [ 0xc0, ['unsigned long long']],
-    'R10' : [ 0xc8, ['unsigned long long']],
-    'R11' : [ 0xd0, ['unsigned long long']],
-    'R12' : [ 0xd8, ['unsigned long long']],
-    'R13' : [ 0xe0, ['unsigned long long']],
-    'R14' : [ 0xe8, ['unsigned long long']],
-    'R15' : [ 0xf0, ['unsigned long long']],
-    'Rip' : [ 0xf8, ['unsigned long long']],
-    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
-    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
-    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
-    'Xmm0' : [ 0x1a0, ['_M128A']],
-    'Xmm1' : [ 0x1b0, ['_M128A']],
-    'Xmm2' : [ 0x1c0, ['_M128A']],
-    'Xmm3' : [ 0x1d0, ['_M128A']],
-    'Xmm4' : [ 0x1e0, ['_M128A']],
-    'Xmm5' : [ 0x1f0, ['_M128A']],
-    'Xmm6' : [ 0x200, ['_M128A']],
-    'Xmm7' : [ 0x210, ['_M128A']],
-    'Xmm8' : [ 0x220, ['_M128A']],
-    'Xmm9' : [ 0x230, ['_M128A']],
-    'Xmm10' : [ 0x240, ['_M128A']],
-    'Xmm11' : [ 0x250, ['_M128A']],
-    'Xmm12' : [ 0x260, ['_M128A']],
-    'Xmm13' : [ 0x270, ['_M128A']],
-    'Xmm14' : [ 0x280, ['_M128A']],
-    'Xmm15' : [ 0x290, ['_M128A']],
-    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
-    'VectorControl' : [ 0x4a0, ['unsigned long long']],
-    'DebugControl' : [ 0x4a8, ['unsigned long long']],
-    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
-    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
-    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
-    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
-} ],
-  '_ALPC_HANDLE_TABLE' : [ 0x18, {
-    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
-    'TotalHandles' : [ 0x8, ['unsigned long']],
-    'Flags' : [ 0xc, ['unsigned long']],
-    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
-} ],
-  '__unnamed_1fa4' : [ 0x3a4, {
-    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
-    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
-    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
-    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
-    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
-    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
-    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
-    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
-    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
-    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
-} ],
-  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'Version' : [ 0x4, ['unsigned long']],
-    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
-    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: 'WheaErrSrcStateStopped', 2: 'WheaErrSrcStateStarted'})]],
-    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
-    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
-    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
-    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
-    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
-    'Flags' : [ 0x24, ['unsigned long']],
-    'Info' : [ 0x28, ['__unnamed_1fa4']],
-} ],
-  '_MMPTE_HARDWARE' : [ 0x8, {
-    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
-    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
-    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
-    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
-    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
-    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
-    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
-    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
-    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
-    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
-    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
-    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
-    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
-    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
-    'Port' : [ 0x0, ['pointer64', ['void']]],
-    'Key' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '_EX_WORK_QUEUE' : [ 0x2d0, {
-    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
-    'Node' : [ 0x2b0, ['pointer64', ['_ENODE']]],
-    'WorkItemsProcessed' : [ 0x2b8, ['unsigned long']],
-    'WorkItemsProcessedLastPass' : [ 0x2bc, ['unsigned long']],
-    'ThreadCount' : [ 0x2c0, ['long']],
-    'MinThreads' : [ 0x2c4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
-    'TryFailed' : [ 0x2c4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'MaxThreads' : [ 0x2c8, ['long']],
-    'QueueIndex' : [ 0x2cc, ['Enumeration', dict(target = 'long', choices = {0: 'ExPoolUntrusted', 1: 'ExPoolTrusted', 8: 'ExPoolMax'})]],
-} ],
-  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
-    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
-    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
-    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
-} ],
-  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
-    'Flags' : [ 0x0, ['unsigned long']],
-    'ActivityId' : [ 0x4, ['unsigned long']],
-    'IoTracking' : [ 0x8, ['unsigned long']],
-} ],
-  '_DBGKD_SET_CONTEXT' : [ 0x4, {
-    'ContextFlags' : [ 0x0, ['unsigned long']],
-} ],
-  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
-    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
-    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
-    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
-    'Tag' : [ 0x18, ['unsigned long long']],
-} ],
-  '_MI_FLAGS' : [ 0x4, {
-    'EntireFlags' : [ 0x0, ['long']],
-    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
-    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'ZeroNonCachedByConverting' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'ZeroWriteCombinedByConverting' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
-    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
-} ],
-  '_INTERFACE' : [ 0x20, {
-    'Size' : [ 0x0, ['unsigned short']],
-    'Version' : [ 0x2, ['unsigned short']],
-    'Context' : [ 0x8, ['pointer64', ['void']]],
-    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
-    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '_ACL' : [ 0x8, {
-    'AclRevision' : [ 0x0, ['unsigned char']],
-    'Sbz1' : [ 0x1, ['unsigned char']],
-    'AclSize' : [ 0x2, ['unsigned short']],
-    'AceCount' : [ 0x4, ['unsigned short']],
-    'Sbz2' : [ 0x6, ['unsigned short']],
-} ],
-  '_PS_PROPERTY_SET' : [ 0x18, {
-    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
-    'Lock' : [ 0x10, ['unsigned long long']],
-} ],
-  '_LAZY_WRITER' : [ 0x88, {
-    'ScanDpc' : [ 0x0, ['_KDPC']],
-    'ScanTimer' : [ 0x40, ['_KTIMER']],
-    'ScanActive' : [ 0x80, ['unsigned char']],
-    'OtherWork' : [ 0x81, ['unsigned char']],
-    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
-    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
-    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
-    'PendingPowerScan' : [ 0x85, ['unsigned char']],
-    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
-} ],
-  '_PI_BUS_EXTENSION' : [ 0x70, {
-    'Flags' : [ 0x0, ['unsigned long']],
-    'NumberCSNs' : [ 0x4, ['unsigned char']],
-    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
-    'DataPortMapped' : [ 0x10, ['unsigned char']],
-    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
-    'AddrPortMapped' : [ 0x20, ['unsigned char']],
-    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
-    'CmdPortMapped' : [ 0x30, ['unsigned char']],
-    'NextSlotNumber' : [ 0x34, ['unsigned long']],
-    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
-    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
-    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
-    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
-    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
-    'BusNumber' : [ 0x60, ['unsigned long']],
-    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
-} ],
-  '_DEVICE_DESCRIPTION' : [ 0x40, {
-    'Version' : [ 0x0, ['unsigned long']],
-    'Master' : [ 0x4, ['unsigned char']],
-    'ScatterGather' : [ 0x5, ['unsigned char']],
-    'DemandMode' : [ 0x6, ['unsigned char']],
-    'AutoInitialize' : [ 0x7, ['unsigned char']],
-    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
-    'IgnoreCount' : [ 0x9, ['unsigned char']],
-    'Reserved1' : [ 0xa, ['unsigned char']],
-    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
-    'BusNumber' : [ 0xc, ['unsigned long']],
-    'DmaChannel' : [ 0x10, ['unsigned long']],
-    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
-    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'Width8Bits', 1: 'Width16Bits', 2: 'Width32Bits', 3: 'Width64Bits', 4: 'WidthNoWrap', 5: 'MaximumDmaWidth'})]],
-    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'Compatible', 1: 'TypeA', 2: 'TypeB', 3: 'TypeC', 4: 'TypeF', 5: 'MaximumDmaSpeed'})]],
-    'MaximumLength' : [ 0x20, ['unsigned long']],
-    'DmaPort' : [ 0x24, ['unsigned long']],
-    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
-    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
-    'DmaRequestLine' : [ 0x30, ['unsigned long']],
-    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
-} ],
-  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
-    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
-    'AccessRights' : [ 0x0, ['unsigned char']],
-} ],
-  '_SID_AND_ATTRIBUTES' : [ 0x10, {
-    'Sid' : [ 0x0, ['pointer64', ['void']]],
-    'Attributes' : [ 0x8, ['unsigned long']],
-} ],
-  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
-    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
-} ],
-  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
-    'BytesRead' : [ 0x0, ['unsigned long long']],
-    'BytesWritten' : [ 0x8, ['unsigned long long']],
-    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
-    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
-    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
-} ],
-  '_IO_WORKITEM' : [ 0x58, {
-    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
-    'Routine' : [ 0x20, ['pointer64', ['void']]],
-    'IoObject' : [ 0x28, ['pointer64', ['void']]],
-    'Context' : [ 0x30, ['pointer64', ['void']]],
-    'WorkingOnBehalfClient' : [ 0x38, ['pointer64', ['void']]],
-    'Type' : [ 0x40, ['unsigned long']],
-    'ActivityId' : [ 0x44, ['_GUID']],
-} ],
-  '_MMVAD_FLAGS' : [ 0x4, {
-    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
-    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
-    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
-    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
-    'Spare' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_MMWSLE_HASH' : [ 0x8, {
-    'Index' : [ 0x0, ['unsigned long long']],
-} ],
-  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
-    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
-    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
-} ],
-  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
-    'PushImm' : [ 0x0, ['unsigned char']],
-    'Vector' : [ 0x1, ['unsigned char']],
-    'PushRbp' : [ 0x2, ['unsigned char']],
-    'JmpOp' : [ 0x3, ['unsigned char']],
-    'JmpOffset' : [ 0x4, ['long']],
-} ],
-  '_STRING32' : [ 0x8, {
-    'Length' : [ 0x0, ['unsigned short']],
-    'MaximumLength' : [ 0x2, ['unsigned short']],
-    'Buffer' : [ 0x4, ['unsigned long']],
-} ],
-  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x88, {
-    'Timer' : [ 0x0, ['_KTIMER']],
-    'Dpc' : [ 0x40, ['_KDPC']],
-    'WorkOrder' : [ 0x80, ['pointer64', ['_POP_FX_WORK_ORDER']]],
-} ],
-  '_MI_VAD_EVENT_BLOCK' : [ 0x40, {
-    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
-    'WaitReason' : [ 0x8, ['unsigned long']],
-    'Gate' : [ 0x10, ['_KGATE']],
-    'SecureInfo' : [ 0x10, ['_MMADDRESS_LIST']],
-    'BitMap' : [ 0x10, ['_RTL_BITMAP_EX']],
-    'InPageSupport' : [ 0x10, ['pointer64', ['_MMINPAGE_SUPPORT']]],
-    'LargePage' : [ 0x10, ['pointer64', ['_MI_LARGEPAGE_MEMORY_INFO']]],
-    'CreatingThread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
-    'PebTeb' : [ 0x10, ['_MI_SUB64K_FREE_RANGES']],
-} ],
-  '_DBGKD_FILL_MEMORY' : [ 0x10, {
-    'Address' : [ 0x0, ['unsigned long long']],
-    'Length' : [ 0x8, ['unsigned long']],
-    'Flags' : [ 0xc, ['unsigned short']],
-    'PatternLength' : [ 0xe, ['unsigned short']],
-} ],
-  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
-    'AllocAddress' : [ 0x0, ['unsigned long long']],
-    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
-    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
-    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
-    'FreeAddress' : [ 0x20, ['unsigned long long']],
-    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
-} ],
-  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
-    'Allocs' : [ 0x0, ['unsigned long']],
-    'Frees' : [ 0x4, ['unsigned long']],
-    'Size' : [ 0x8, ['unsigned long long']],
-} ],
-  '_CALL_HASH_ENTRY' : [ 0x28, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
-    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
-    'CallCount' : [ 0x20, ['unsigned long']],
-} ],
-  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x38, {
-    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
-    'ReferenceCount' : [ 0x18, ['long long']],
-    'Luid' : [ 0x20, ['unsigned long long']],
-    'IndexIntoGlobalSingletonTable' : [ 0x28, ['unsigned long long']],
-    'MarkedForDeletion' : [ 0x30, ['unsigned char']],
-} ],
-  '_KTIMER2_COLLECTION' : [ 0x18, {
-    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
-    'NextDueTime' : [ 0x10, ['unsigned long long']],
-} ],
-  '_MIPFNBLINK' : [ 0x8, {
-    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
-    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
-    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
-    'Unused' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 62, native_type='unsigned long long')]],
-    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
-    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
-    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
-    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
-    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
-    'EntireField' : [ 0x0, ['unsigned long long']],
-    'Lock' : [ 0x0, ['long long']],
-    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
-    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
-    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_VF_TRACKER_STAMP' : [ 0x10, {
-    'Thread' : [ 0x0, ['pointer64', ['void']]],
-    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
-    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
-    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
-    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
-} ],
-  '_VI_TRACK_IRQL' : [ 0x38, {
-    'Thread' : [ 0x0, ['pointer64', ['void']]],
-    'OldIrql' : [ 0x8, ['unsigned char']],
-    'NewIrql' : [ 0x9, ['unsigned char']],
-    'Processor' : [ 0xa, ['unsigned short']],
-    'TickCount' : [ 0xc, ['unsigned long']],
-    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
-} ],
-  '_MMCLONE_HEADER' : [ 0x18, {
-    'NumberOfPtes' : [ 0x0, ['unsigned long long']],
-    'NumberOfProcessReferences' : [ 0x8, ['unsigned long long']],
-    'ClonePtes' : [ 0x10, ['pointer64', ['_MMCLONE_BLOCK']]],
-} ],
-  '_SESSION_LOWBOX_MAP' : [ 0x40, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'SessionId' : [ 0x10, ['unsigned long']],
-    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
-} ],
-  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
-    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
-} ],
-  '_PEB_LDR_DATA' : [ 0x58, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'Initialized' : [ 0x4, ['unsigned char']],
-    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
-    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
-    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
-    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
-    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
-    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
-    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
-} ],
-  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xb8, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'Argument' : [ 0x10, ['unsigned long']],
-    'ArgumentStatus' : [ 0x14, ['long']],
-    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
-    'Callback' : [ 0x20, ['pointer64', ['void']]],
-    'Context' : [ 0x28, ['pointer64', ['void']]],
-    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
-    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
-    'RefCount' : [ 0x40, ['unsigned long']],
-    'Lock' : [ 0x44, ['unsigned long']],
-    'Cancel' : [ 0x48, ['unsigned char']],
-    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
-    'ActivityId' : [ 0x58, ['_GUID']],
-    'Data' : [ 0x68, ['_PLUGPLAY_EVENT_BLOCK']],
-} ],
-  '_HEAP_STOP_ON_TAG' : [ 0x4, {
-    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
-    'TagIndex' : [ 0x0, ['unsigned short']],
-    'HeapIndex' : [ 0x2, ['unsigned short']],
-} ],
-  '_PS_WAKE_INFORMATION' : [ 0x38, {
-    'NotificationChannel' : [ 0x0, ['unsigned long long']],
-    'WakeCounters' : [ 0x8, ['array', 5, ['unsigned long long']]],
-    'NoWakeCounter' : [ 0x30, ['unsigned long long']],
-} ],
-  '_RH_OP_CONTEXT' : [ 0x48, {
-    'Links' : [ 0x0, ['_LIST_ENTRY']],
-    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
-    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
-    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
-    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
-    'Flags' : [ 0x30, ['unsigned long']],
-    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
-} ],
-  '_DBGKD_GET_CONTEXT' : [ 0x4, {
-    'Unused' : [ 0x0, ['unsigned long']],
-} ],
-  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
-    'Flags' : [ 0x0, ['unsigned long']],
-    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
-} ],
-  '_KWAIT_CHAIN' : [ 0x8, {
-    'Head' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-} ],
-  '_ISRDPCSTATS' : [ 0x40, {
-    'IsrTime' : [ 0x0, ['unsigned long long']],
-    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
-    'IsrCount' : [ 0x10, ['unsigned long long']],
-    'DpcTime' : [ 0x18, ['unsigned long long']],
-    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
-    'DpcCount' : [ 0x28, ['unsigned long long']],
-    'IsrActive' : [ 0x30, ['unsigned char']],
-    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
-} ],
-  '_RTL_BITMAP_EX' : [ 0x10, {
-    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
-    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
-} ],
-  '_MI_PARTITION_PAGE_LISTS' : [ 0xd40, {
-    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer64', ['_MMPFNLIST']]]],
-    'FreePageSlist' : [ 0x10, ['array', 2, ['pointer64', ['_SLIST_HEADER']]]],
-    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
-    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
-    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
-    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
-    'ModifiedPageListNoReservation' : [ 0x240, ['_MMPFNLIST']],
-    'ModifiedPageListByReservation' : [ 0x280, ['array', 16, ['_MMPFNLIST']]],
-    'MappedPageListHead' : [ 0x500, ['array', 16, ['_MMPFNLIST']]],
-    'BadPageListHead' : [ 0x780, ['_MMPFNLIST']],
-    'EnclavePageListHead' : [ 0x7c0, ['_MMPFNLIST']],
-    'PageLocationList' : [ 0x7e8, ['array', 8, ['pointer64', ['_MMPFNLIST']]]],
-    'StandbyRepurposedByPriority' : [ 0x828, ['array', 8, ['unsigned long']]],
-    'MappedPageListHeadEvent' : [ 0x848, ['array', 16, ['_KEVENT']]],
-    'DecayClusterTimerHeads' : [ 0x9c8, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
-    'DecayHand' : [ 0x9e8, ['unsigned long']],
-    'LastDecayHandUpdateTime' : [ 0x9f0, ['unsigned long long']],
-    'LastChanceLdwContext' : [ 0x9f8, ['_MI_LDW_WORK_CONTEXT']],
-    'AvailableEventsLock' : [ 0xa40, ['unsigned long long']],
-    'AvailablePageWaitStates' : [ 0xa48, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
-    'LowMemoryThreshold' : [ 0xaa8, ['unsigned long long']],
-    'HighMemoryThreshold' : [ 0xab0, ['unsigned long long']],
-    'TransitionPrivatePages' : [ 0xac0, ['unsigned long long']],
-    'StandbyListDiscard' : [ 0xac8, ['unsigned long']],
-    'FreeListDiscard' : [ 0xacc, ['unsigned char']],
-    'RebuildLargePagesInitialized' : [ 0xacd, ['unsigned char']],
-    'RebuildLargePagesItem' : [ 0xad0, ['_MI_REBUILD_LARGE_PAGES']],
-    'AddMemoryNotifyList' : [ 0xcf8, ['_LIST_ENTRY']],
-    'MirrorListLocks' : [ 0xd08, ['pointer64', ['void']]],
-} ],
-  '_XSTATE_CONFIGURATION' : [ 0x330, {
-    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
-    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
-    'Size' : [ 0x10, ['unsigned long']],
-    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
-    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
-    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
-    'AllFeatureSize' : [ 0x228, ['unsigned long']],
-    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
-} ],
-  '_CM_KEY_CONTROL_BLOCK' : [ 0x128, {
-    'RefCount' : [ 0x0, ['unsigned long']],
-    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
-    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'Delete' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
-    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
-    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
-    'DelayedDeref' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'DelayedClose' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'Parking' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'KeyHash' : [ 0x10, ['_CM_KEY_HASH']],
-    'ConvKey' : [ 0x10, ['unsigned long']],
-    'NextHash' : [ 0x18, ['pointer64', ['_CM_KEY_HASH']]],
-    'KeyHive' : [ 0x20, ['pointer64', ['_HHIVE']]],
-    'KeyCell' : [ 0x28, ['unsigned long']],
-    'KcbPushlock' : [ 0x30, ['_EX_PUSH_LOCK']],
-    'Owner' : [ 0x38, ['pointer64', ['_KTHREAD']]],
-    'SharedCount' : [ 0x38, ['long']],
-    'SlotHint' : [ 0x40, ['unsigned long']],
-    'ParentKcb' : [ 0x48, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
-    'NameBlock' : [ 0x50, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
-    'CachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
-    'ValueCache' : [ 0x60, ['_CACHED_CHILD_LIST']],
-    'IndexHint' : [ 0x70, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
-    'HashKey' : [ 0x70, ['unsigned long']],
-    'SubKeyCount' : [ 0x70, ['unsigned long']],
-    'KeyBodyListHead' : [ 0x78, ['_LIST_ENTRY']],
-    'FreeListEntry' : [ 0x78, ['_LIST_ENTRY']],
-    'KeyBodyArray' : [ 0x88, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
-    'KcbLastWriteTime' : [ 0xa8, ['_LARGE_INTEGER']],
-    'KcbMaxNameLen' : [ 0xb0, ['unsigned short']],
-    'KcbMaxValueNameLen' : [ 0xb2, ['unsigned short']],
-    'KcbMaxValueDataLen' : [ 0xb4, ['unsigned long']],
-    'KcbUserFlags' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
-    'KcbVirtControlFlags' : [ 0xb8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
-    'KcbDebug' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
-    'Flags' : [ 0xb8, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
-    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
-    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
-    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
-    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
-    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
-    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
-    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
-    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
-    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
-    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
-} ],
-  '_KLOCK_ENTRY' : [ 0x60, {
-    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
-    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-    'EntryFlags' : [ 0x18, ['unsigned long']],
-    'EntryOffset' : [ 0x18, ['unsigned char']],
-    'ThreadLocalFlags' : [ 0x19, ['unsigned char']],
-    'WaitingBit' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'Spare0' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
-    'AcquiredByte' : [ 0x1a, ['unsigned char']],
-    'AcquiredBit' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'CrossThreadFlags' : [ 0x1b, ['unsigned char']],
-    'HeadNodeBit' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'IoPriorityBit' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'Spare1' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
-    'StaticState' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
-    'AllFlags' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
-    'SpareFlags' : [ 0x1c, ['unsigned long']],
-    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
-    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
-    'CrossThreadReleasableAndBusyByte' : [ 0x20, ['unsigned char']],
-    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
-    'InTreeByte' : [ 0x27, ['unsigned char']],
-    'SessionState' : [ 0x28, ['pointer64', ['void']]],
-    'SessionId' : [ 0x28, ['unsigned long']],
-    'SessionPad' : [ 0x2c, ['unsigned long']],
-    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
-    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
-    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
-    'EntryLock' : [ 0x50, ['unsigned long long']],
-    'AllBoosts' : [ 0x58, ['unsigned short']],
-    'IoBoost' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'CpuBoostsBitmap' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
-    'IoNormalPriorityWaiterCount' : [ 0x5a, ['unsigned short']],
-    'SparePad' : [ 0x5c, ['unsigned short']],
-} ],
-  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
-    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
-    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
-} ],
-  '_MMPTE_SOFTWARE' : [ 0x8, {
-    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
-    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
-    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
-    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
-    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
-    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
-    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 24, native_type='unsigned long long')]],
-    'LocalPartition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
-    'Unused' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
-    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '__unnamed_2080' : [ 0x10, {
-    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
-} ],
-  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x108, {
-    'Links' : [ 0x0, ['_LIST_ENTRY']],
-    'u' : [ 0x10, ['__unnamed_2080']],
-    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
-    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
-    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
-    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
-    'ByteCount' : [ 0x88, ['unsigned long']],
-    'ChargedPages' : [ 0x8c, ['unsigned long']],
-    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
-    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
-    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
-    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
-    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
-    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
-    'Partition' : [ 0xc0, ['pointer64', ['_MI_PARTITION']]],
-    'PointerMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
-    'Mdl' : [ 0xd0, ['_MDL']],
-    'Page' : [ 0x100, ['array', 1, ['unsigned long long']]],
-} ],
-  '_MI_PARTITION_COMMIT' : [ 0x80, {
-    'PeakCommitment' : [ 0x0, ['unsigned long long']],
-    'TotalCommitLimitMaximum' : [ 0x8, ['unsigned long long']],
-    'Popups' : [ 0x10, ['array', 2, ['long']]],
-    'LowCommitThreshold' : [ 0x18, ['unsigned long long']],
-    'HighCommitThreshold' : [ 0x20, ['unsigned long long']],
-    'EventLock' : [ 0x28, ['unsigned long long']],
-    'SystemCommitReserve' : [ 0x30, ['unsigned long long']],
-    'OverCommit' : [ 0x40, ['unsigned long long']],
-} ],
-  '_NT_TIB32' : [ 0x1c, {
-    'ExceptionList' : [ 0x0, ['unsigned long']],
-    'StackBase' : [ 0x4, ['unsigned long']],
-    'StackLimit' : [ 0x8, ['unsigned long']],
-    'SubSystemTib' : [ 0xc, ['unsigned long']],
-    'FiberData' : [ 0x10, ['unsigned long']],
-    'Version' : [ 0x10, ['unsigned long']],
-    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
-    'Self' : [ 0x18, ['unsigned long']],
-} ],
-  '_CM_RESOURCE_LIST' : [ 0x28, {
-    'Count' : [ 0x0, ['unsigned long']],
-    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
-} ],
-  '_TOKEN_PRIVILEGES' : [ 0x10, {
-    'PrivilegeCount' : [ 0x0, ['unsigned long']],
-    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
-} ],
-  '_POOL_TRACKER_TABLE' : [ 0x28, {
-    'Key' : [ 0x0, ['long']],
-    'NonPagedAllocs' : [ 0x4, ['unsigned long']],
-    'NonPagedFrees' : [ 0x8, ['unsigned long']],
-    'NonPagedBytes' : [ 0x10, ['unsigned long long']],
-    'PagedAllocs' : [ 0x18, ['unsigned long']],
-    'PagedFrees' : [ 0x1c, ['unsigned long']],
-    'PagedBytes' : [ 0x20, ['unsigned long long']],
-} ],
-  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
-    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
-    'BusNumber' : [ 0x4, ['unsigned long']],
-    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
-} ],
-  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
-    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
-    'AsULONG' : [ 0x0, ['unsigned long']],
-} ],
-  '_WMI_BUFFER_HEADER' : [ 0x48, {
-    'BufferSize' : [ 0x0, ['unsigned long']],
-    'SavedOffset' : [ 0x4, ['unsigned long']],
-    'CurrentOffset' : [ 0x8, ['unsigned long']],
-    'ReferenceCount' : [ 0xc, ['long']],
-    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
-    'SequenceNumber' : [ 0x18, ['long long']],
-    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
-    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
-    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
-    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
-    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
-    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStateMaximum'})]],
-    'Offset' : [ 0x30, ['unsigned long']],
-    'BufferFlag' : [ 0x34, ['unsigned short']],
-    'BufferType' : [ 0x36, ['unsigned short']],
-    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
-    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
-    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
-    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
-    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
-} ],
-  '_NT_TIB64' : [ 0x38, {
-    'ExceptionList' : [ 0x0, ['unsigned long long']],
-    'StackBase' : [ 0x8, ['unsigned long long']],
-    'StackLimit' : [ 0x10, ['unsigned long long']],
-    'SubSystemTib' : [ 0x18, ['unsigned long long']],
-    'FiberData' : [ 0x20, ['unsigned long long']],
-    'Version' : [ 0x20, ['unsigned long']],
-    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
-    'Self' : [ 0x30, ['unsigned long long']],
-} ],
-  '_POWER_SEQUENCE' : [ 0xc, {
-    'SequenceD1' : [ 0x0, ['unsigned long']],
-    'SequenceD2' : [ 0x4, ['unsigned long']],
-    'SequenceD3' : [ 0x8, ['unsigned long']],
-} ],
-  '_EPROCESS_VALUES' : [ 0x50, {
-    'KernelTime' : [ 0x0, ['unsigned long long']],
-    'UserTime' : [ 0x8, ['unsigned long long']],
-    'CycleTime' : [ 0x10, ['unsigned long long']],
-    'ContextSwitches' : [ 0x18, ['unsigned long long']],
-    'ReadOperationCount' : [ 0x20, ['long long']],
-    'WriteOperationCount' : [ 0x28, ['long long']],
-    'OtherOperationCount' : [ 0x30, ['long long']],
-    'ReadTransferCount' : [ 0x38, ['long long']],
-    'WriteTransferCount' : [ 0x40, ['long long']],
-    'OtherTransferCount' : [ 0x48, ['long long']],
-} ],
-  '_PROCESSOR_POWER_STATE' : [ 0x1d0, {
-    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
-    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
-    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
-    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
-    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
-    'IdleTimeExpiration' : [ 0x28, ['unsigned long long']],
-    'NonInterruptibleTransition' : [ 0x30, ['unsigned char']],
-    'PepWokenTransition' : [ 0x31, ['unsigned char']],
-    'Class' : [ 0x32, ['unsigned char']],
-    'TargetIdleState' : [ 0x34, ['unsigned long']],
-    'IdlePolicy' : [ 0x38, ['_PROC_IDLE_POLICY']],
-    'Synchronization' : [ 0x40, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
-    'PerfFeedback' : [ 0x48, ['_PROC_FEEDBACK']],
-    'Hypervisor' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower', 3: 'ProcHypervisorHvCounters'})]],
-    'LastSysTime' : [ 0xdc, ['unsigned long']],
-    'WmiDispatchPtr' : [ 0xe0, ['unsigned long long']],
-    'WmiInterfaceEnabled' : [ 0xe8, ['long']],
-    'FFHThrottleStateInfo' : [ 0xf0, ['_PPM_FFH_THROTTLE_STATE_INFO']],
-    'PerfActionDpc' : [ 0x110, ['_KDPC']],
-    'PerfActionMask' : [ 0x150, ['long']],
-    'HvIdleCheck' : [ 0x158, ['_PROC_IDLE_SNAP']],
-    'PerfCheck' : [ 0x168, ['pointer64', ['_PROC_PERF_CHECK']]],
-    'Domain' : [ 0x170, ['pointer64', ['_PROC_PERF_DOMAIN']]],
-    'PerfConstraint' : [ 0x178, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
-    'Concurrency' : [ 0x180, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
-    'Load' : [ 0x188, ['pointer64', ['_PROC_PERF_LOAD']]],
-    'PerfHistory' : [ 0x190, ['pointer64', ['_PROC_PERF_HISTORY']]],
-    'GuaranteedPerformancePercent' : [ 0x198, ['unsigned char']],
-    'HvTargetState' : [ 0x199, ['unsigned char']],
-    'Parked' : [ 0x19a, ['unsigned char']],
-    'LatestPerformancePercent' : [ 0x19c, ['unsigned long']],
-    'AveragePerformancePercent' : [ 0x1a0, ['unsigned long']],
-    'LatestAffinitizedPercent' : [ 0x1a4, ['unsigned long']],
-    'RelativePerformance' : [ 0x1a8, ['unsigned long']],
-    'Utility' : [ 0x1ac, ['unsigned long']],
-    'AffinitizedUtility' : [ 0x1b0, ['unsigned long']],
-    'SnapTimeLast' : [ 0x1b8, ['unsigned long long']],
-    'EnergyConsumed' : [ 0x1b8, ['unsigned long long']],
-    'ActiveTime' : [ 0x1c0, ['unsigned long long']],
-    'TotalTime' : [ 0x1c8, ['unsigned long long']],
-} ],
-  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
-    'Sequence' : [ 0x0, ['unsigned long']],
-    'Index' : [ 0x4, ['unsigned short']],
-    'NumTraces' : [ 0x6, ['unsigned short']],
-    'Tag' : [ 0x8, ['unsigned long']],
-} ],
-  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
-    'Continue' : [ 0x0, ['unsigned long']],
-    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
-    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
-} ],
-  '_MMPFNENTRY' : [ 0x2, {
-    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
-    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
-    'Priority' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
-    'OnProtectedStandby' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'InPageError' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'SystemChargedPage' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'RemovalRequested' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'ParityError' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-} ],
-  '_THREAD_ENERGY_VALUES' : [ 0x40, {
-    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
-} ],
-  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
-    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
-    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
-    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
-    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
-} ],
-  '_CC_ASYNC_READ_CONTEXT' : [ 0x20, {
-    'CompletionRoutine' : [ 0x0, ['pointer64', ['void']]],
-    'Context' : [ 0x8, ['pointer64', ['void']]],
-    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
-    'RequestorMode' : [ 0x18, ['unsigned char']],
-    'NestingLevel' : [ 0x1c, ['unsigned long']],
-} ],
-  '_TOKEN_SOURCE' : [ 0x10, {
-    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
-    'SourceIdentifier' : [ 0x8, ['_LUID']],
-} ],
-  '_CMHIVE' : [ 0x17a8, {
-    'Hive' : [ 0x0, ['_HHIVE']],
-    'FileHandles' : [ 0xa68, ['array', 6, ['pointer64', ['void']]]],
-    'NotifyList' : [ 0xa98, ['_LIST_ENTRY']],
-    'HiveList' : [ 0xaa8, ['_LIST_ENTRY']],
-    'PreloadedHiveList' : [ 0xab8, ['_LIST_ENTRY']],
-    'FailedUnloadList' : [ 0xac8, ['_LIST_ENTRY']],
-    'HiveRundown' : [ 0xad8, ['_EX_RUNDOWN_REF']],
-    'ParseCacheEntries' : [ 0xae0, ['_LIST_ENTRY']],
-    'KcbCacheTable' : [ 0xaf0, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
-    'KcbCacheTableSize' : [ 0xaf8, ['unsigned long']],
-    'DeletedKcbTable' : [ 0xb00, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
-    'DeletedKcbTableSize' : [ 0xb08, ['unsigned long']],
-    'Identity' : [ 0xb0c, ['unsigned long']],
-    'HiveLock' : [ 0xb10, ['pointer64', ['_FAST_MUTEX']]],
-    'WriterLock' : [ 0xb18, ['pointer64', ['_FAST_MUTEX']]],
-    'FlusherLock' : [ 0xb20, ['pointer64', ['_ERESOURCE']]],
-    'FlushDirtyVector' : [ 0xb28, ['_RTL_BITMAP']],
-    'FlushDirtyVectorSize' : [ 0xb38, ['unsigned long']],
-    'FlushLogEntry' : [ 0xb40, ['pointer64', ['unsigned char']]],
-    'FlushLogEntrySize' : [ 0xb48, ['unsigned long']],
-    'FlushHiveTruncated' : [ 0xb4c, ['unsigned long']],
-    'FlushBaseBlockDirty' : [ 0xb50, ['unsigned char']],
-    'CapturedUnreconciledVector' : [ 0xb58, ['_RTL_BITMAP']],
-    'CapturedUnreconciledVectorSize' : [ 0xb68, ['unsigned long']],
-    'UnreconciledOffsetArray' : [ 0xb70, ['pointer64', ['CMP_OFFSET_ARRAY']]],
-    'UnreconciledOffsetArrayCount' : [ 0xb78, ['unsigned long']],
-    'UnreconciledBaseBlock' : [ 0xb80, ['pointer64', ['_HBASE_BLOCK']]],
-    'SecurityLock' : [ 0xb88, ['_EX_PUSH_LOCK']],
-    'UseCount' : [ 0xb90, ['unsigned long']],
-    'LastShrinkHiveSize' : [ 0xb94, ['unsigned long']],
-    'ActualFileSize' : [ 0xb98, ['_LARGE_INTEGER']],
-    'LogFileSizes' : [ 0xba0, ['array', 2, ['_LARGE_INTEGER']]],
-    'FileFullPath' : [ 0xbb0, ['_UNICODE_STRING']],
-    'FileUserName' : [ 0xbc0, ['_UNICODE_STRING']],
-    'HiveRootPath' : [ 0xbd0, ['_UNICODE_STRING']],
-    'SecurityCount' : [ 0xbe0, ['unsigned long']],
-    'SecurityCacheSize' : [ 0xbe4, ['unsigned long']],
-    'SecurityHitHint' : [ 0xbe8, ['long']],
-    'SecurityCache' : [ 0xbf0, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
-    'SecurityHash' : [ 0xbf8, ['array', 64, ['_LIST_ENTRY']]],
-    'UnloadEventCount' : [ 0xff8, ['unsigned long']],
-    'UnloadEventArray' : [ 0x1000, ['pointer64', ['pointer64', ['_KEVENT']]]],
-    'RootKcb' : [ 0x1008, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
-    'Frozen' : [ 0x1010, ['unsigned char']],
-    'UnloadWorkItem' : [ 0x1018, ['pointer64', ['_CM_WORKITEM']]],
-    'UnloadWorkItemHolder' : [ 0x1020, ['_CM_WORKITEM']],
-    'GrowOnlyMode' : [ 0x1048, ['unsigned char']],
-    'GrowOffset' : [ 0x104c, ['unsigned long']],
-    'KcbConvertListHead' : [ 0x1050, ['_LIST_ENTRY']],
-    'CellRemapArray' : [ 0x1060, ['pointer64', ['_CM_CELL_REMAP_BLOCK']]],
-    'DirtyVectorLog' : [ 0x1068, ['_CM_DIRTY_VECTOR_LOG']],
-    'Flags' : [ 0x14f0, ['unsigned long']],
-    'TrustClassEntry' : [ 0x14f8, ['_LIST_ENTRY']],
-    'DirtyTime' : [ 0x1508, ['unsigned long long']],
-    'UnreconciledTime' : [ 0x1510, ['unsigned long long']],
-    'CmRm' : [ 0x1518, ['pointer64', ['_CM_RM']]],
-    'CmRmInitFailPoint' : [ 0x1520, ['unsigned long']],
-    'CmRmInitFailStatus' : [ 0x1524, ['long']],
-    'CreatorOwner' : [ 0x1528, ['pointer64', ['_KTHREAD']]],
-    'RundownThread' : [ 0x1530, ['pointer64', ['_KTHREAD']]],
-    'LastWriteTime' : [ 0x1538, ['_LARGE_INTEGER']],
-    'FlushQueue' : [ 0x1540, ['_HIVE_WRITE_WAIT_QUEUE']],
-    'ReconcileQueue' : [ 0x1558, ['_HIVE_WRITE_WAIT_QUEUE']],
-    'FlushFlags' : [ 0x1570, ['unsigned long']],
-    'FlushActive' : [ 0x1570, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ReconcileActive' : [ 0x1570, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'PrimaryFilePurged' : [ 0x1570, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'DiskFileBad' : [ 0x1570, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'PrimaryFileSizeBeforeLastFlush' : [ 0x1574, ['unsigned long']],
-    'ReferenceCount' : [ 0x1578, ['long']],
-    'UnloadHistoryIndex' : [ 0x157c, ['long']],
-    'UnloadHistory' : [ 0x1580, ['array', 128, ['unsigned long']]],
-    'BootStart' : [ 0x1780, ['unsigned long']],
-    'UnaccessedStart' : [ 0x1784, ['unsigned long']],
-    'UnaccessedEnd' : [ 0x1788, ['unsigned long']],
-    'LoadedKeyCount' : [ 0x178c, ['unsigned long']],
-    'HandleClosePending' : [ 0x1790, ['unsigned long']],
-    'HandleClosePendingEvent' : [ 0x1798, ['_EX_PUSH_LOCK']],
-    'FinalFlushSucceeded' : [ 0x17a0, ['unsigned char']],
-    'FailedUnload' : [ 0x17a1, ['unsigned char']],
-} ],
-  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
-    'Address' : [ 0x0, ['unsigned long long']],
-    'Reserved' : [ 0x8, ['unsigned long long']],
-    'AddressSpace' : [ 0x10, ['unsigned long']],
-    'Flags' : [ 0x14, ['unsigned long']],
-} ],
-  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
-    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
-    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
-    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
-    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
-    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
-    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
-    'AvailableHistory' : [ 0x30, ['unsigned long']],
-} ],
-  'DOCK_INTERFACE' : [ 0x30, {
-    'Size' : [ 0x0, ['unsigned short']],
-    'Version' : [ 0x2, ['unsigned short']],
-    'Context' : [ 0x8, ['pointer64', ['void']]],
-    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
-    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
-    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
-    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
-} ],
-  'CMP_OFFSET_ARRAY' : [ 0x18, {
-    'FileOffset' : [ 0x0, ['unsigned long']],
-    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
-    'DataLength' : [ 0x10, ['unsigned long']],
-} ],
-  '_MMSUPPORT_FLAGS' : [ 0x4, {
-    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
-    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
-    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
-    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
-    'MemoryPriority' : [ 0x2, ['unsigned char']],
-    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
-} ],
-  '_PPM_VETO_ENTRY' : [ 0x40, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'VetoReason' : [ 0x10, ['unsigned long']],
-    'ReferenceCount' : [ 0x14, ['unsigned long']],
-    'HitCount' : [ 0x18, ['unsigned long long']],
-    'LastActivationTime' : [ 0x20, ['unsigned long long']],
-    'TotalActiveTime' : [ 0x28, ['unsigned long long']],
-    'CsActivationTime' : [ 0x30, ['unsigned long long']],
-    'CsActiveTime' : [ 0x38, ['unsigned long long']],
-} ],
-  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
-    'Magic' : [ 0x0, ['unsigned short']],
-    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
-    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
-    'SizeOfCode' : [ 0x4, ['unsigned long']],
-    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
-    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
-    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
-    'BaseOfCode' : [ 0x14, ['unsigned long']],
-    'ImageBase' : [ 0x18, ['unsigned long long']],
-    'SectionAlignment' : [ 0x20, ['unsigned long']],
-    'FileAlignment' : [ 0x24, ['unsigned long']],
-    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
-    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
-    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
-    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
-    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
-    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
-    'Win32VersionValue' : [ 0x34, ['unsigned long']],
-    'SizeOfImage' : [ 0x38, ['unsigned long']],
-    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
-    'CheckSum' : [ 0x40, ['unsigned long']],
-    'Subsystem' : [ 0x44, ['unsigned short']],
-    'DllCharacteristics' : [ 0x46, ['unsigned short']],
-    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
-    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
-    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
-    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
-    'LoaderFlags' : [ 0x68, ['unsigned long']],
-    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
-    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
-} ],
-  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
-    'Lock' : [ 0x0, ['unsigned long long']],
-    'Size' : [ 0x8, ['unsigned long']],
-    'ActiveCount' : [ 0xc, ['unsigned long']],
-    'PendingNullCount' : [ 0x10, ['unsigned long']],
-    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
-    'PendingDelete' : [ 0x18, ['unsigned long']],
-    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
-    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
-    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
-    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
-} ],
-  '_TERMINATION_PORT' : [ 0x10, {
-    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
-    'Port' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderZero', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderVsmMemory', 30: 'LoaderFirmwareCode', 31: 'LoaderFirmwareData', 32: 'LoaderFirmwareReserved', 33: 'LoaderEnclaveMemory', 34: 'LoaderMaximum'})]],
-    'BasePage' : [ 0x18, ['unsigned long long']],
-    'PageCount' : [ 0x20, ['unsigned long long']],
-} ],
-  '_CM_INTENT_LOCK' : [ 0x10, {
-    'OwnerCount' : [ 0x0, ['unsigned long']],
-    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
-} ],
-  '_PROC_IDLE_ACCOUNTING' : [ 0x408, {
-    'StateCount' : [ 0x0, ['unsigned long']],
-    'TotalTransitions' : [ 0x4, ['unsigned long']],
-    'ResetCount' : [ 0x8, ['unsigned long']],
-    'AbortCount' : [ 0xc, ['unsigned long']],
-    'StartTime' : [ 0x10, ['unsigned long long']],
-    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
-    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
-    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
-} ],
-  '_THERMAL_INFORMATION' : [ 0x58, {
-    'ThermalStamp' : [ 0x0, ['unsigned long']],
-    'ThermalConstant1' : [ 0x4, ['unsigned long']],
-    'ThermalConstant2' : [ 0x8, ['unsigned long']],
-    'Processors' : [ 0x10, ['unsigned long long']],
-    'SamplingPeriod' : [ 0x18, ['unsigned long']],
-    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
-    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
-    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
-    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
-    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
-} ],
-  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
-    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
-    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
-    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
-    'Active' : [ 0x20, ['unsigned char']],
-} ],
-  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
-    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
-    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
-    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
-    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
-    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
-    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
-    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
-    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
-} ],
-  '_GDI_TEB_BATCH' : [ 0x4e8, {
-    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
-    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'HDC' : [ 0x8, ['unsigned long long']],
-    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
-} ],
-  '_MM_DRIVER_VERIFIER_DATA' : [ 0xa8, {
-    'Level' : [ 0x0, ['unsigned long']],
-    'RaiseIrqls' : [ 0x4, ['unsigned long']],
-    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
-    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
-    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
-    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
-    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
-    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
-    'TrimRequests' : [ 0x20, ['unsigned long']],
-    'Trims' : [ 0x24, ['unsigned long']],
-    'AllocationsFailed' : [ 0x28, ['unsigned long']],
-    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
-    'Loads' : [ 0x30, ['unsigned long']],
-    'Unloads' : [ 0x34, ['unsigned long']],
-    'UnTrackedPool' : [ 0x38, ['unsigned long']],
-    'UserTrims' : [ 0x3c, ['unsigned long']],
-    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
-    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
-    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
-    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
-    'PagedBytes' : [ 0x50, ['unsigned long long']],
-    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
-    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
-    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
-    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
-    'SessionTrims' : [ 0x74, ['unsigned long']],
-    'OptionChanges' : [ 0x78, ['unsigned long']],
-    'VerifyMode' : [ 0x7c, ['unsigned long']],
-    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
-    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
-    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
-    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
-    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
-    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
-} ],
-  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
-    'CurrentSize' : [ 0x0, ['unsigned long']],
-    'MaximumSize' : [ 0x4, ['unsigned long']],
-    'Epoch' : [ 0x8, ['unsigned long']],
-    'Overflow' : [ 0xc, ['unsigned char']],
-    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
-} ],
-  '_VF_DRIVER_IO_CALLBACKS' : [ 0x100, {
-    'DriverInit' : [ 0x0, ['pointer64', ['void']]],
-    'DriverStartIo' : [ 0x8, ['pointer64', ['void']]],
-    'DriverUnload' : [ 0x10, ['pointer64', ['void']]],
-    'AddDevice' : [ 0x18, ['pointer64', ['void']]],
-    'MajorFunction' : [ 0x20, ['array', 28, ['pointer64', ['void']]]],
-} ],
-  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x18, {
-    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
-    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
-    'OwnerBoosted' : [ 0x10, ['unsigned long']],
-} ],
-  '_VI_FAULT_TRACE' : [ 0x48, {
-    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
-    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
-} ],
-  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x10, {
-    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
-} ],
-  '_GENERIC_MAPPING' : [ 0x10, {
-    'GenericRead' : [ 0x0, ['unsigned long']],
-    'GenericWrite' : [ 0x4, ['unsigned long']],
-    'GenericExecute' : [ 0x8, ['unsigned long']],
-    'GenericAll' : [ 0xc, ['unsigned long']],
-} ],
-  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
-    'CountEntries' : [ 0x0, ['unsigned long']],
-    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
-} ],
-  '_UMS_CONTROL_BLOCK' : [ 0x90, {
-    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
-    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
-    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
-    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
-    'UmsQueue' : [ 0x20, ['_KQUEUE']],
-    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
-    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
-    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
-    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
-    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
-    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
-    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
-    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
-    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'UmsFlags' : [ 0x50, ['unsigned long']],
-    'TebSelector' : [ 0x88, ['unsigned short']],
-} ],
-  '_OWNER_ENTRY' : [ 0x10, {
-    'OwnerThread' : [ 0x0, ['unsigned long long']],
-    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
-    'TableSize' : [ 0x8, ['unsigned long']],
-} ],
-  '_KSYSTEM_TIME' : [ 0xc, {
-    'LowPart' : [ 0x0, ['unsigned long']],
-    'High1Time' : [ 0x4, ['long']],
-    'High2Time' : [ 0x8, ['long']],
-} ],
-  '_ETIMER' : [ 0x138, {
-    'KeTimer' : [ 0x0, ['_KTIMER']],
-    'Lock' : [ 0x40, ['unsigned long long']],
-    'TimerApc' : [ 0x48, ['_KAPC']],
-    'TimerDpc' : [ 0xa0, ['_KDPC']],
-    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
-    'Period' : [ 0xf0, ['unsigned long']],
-    'TimerFlags' : [ 0xf4, ['unsigned char']],
-    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
-    'DueTimeType' : [ 0xf5, ['unsigned char']],
-    'Spare2' : [ 0xf6, ['unsigned short']],
-    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
-    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
-    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
-    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
-    'DueTime' : [ 0x128, ['unsigned long long']],
-    'CoalescingWindow' : [ 0x130, ['unsigned long']],
-} ],
-  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
-    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
-    'Object' : [ 0x8, ['pointer64', ['void']]],
-    'HashValue' : [ 0x10, ['unsigned long']],
-} ],
-  '_LOCK_TRACKER' : [ 0x90, {
-    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
-    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
-    'StartVa' : [ 0x20, ['pointer64', ['void']]],
-    'Count' : [ 0x28, ['unsigned long long']],
-    'Offset' : [ 0x30, ['unsigned long']],
-    'Length' : [ 0x34, ['unsigned long']],
-    'Page' : [ 0x38, ['unsigned long long']],
-    'StackTrace' : [ 0x40, ['array', 8, ['pointer64', ['void']]]],
-    'Who' : [ 0x80, ['unsigned long']],
-    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
-} ],
-  '_MI_CACHED_PTES' : [ 0x48, {
-    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
-    'CachedPteCount' : [ 0x40, ['long']],
-} ],
-  '_EXHANDLE' : [ 0x8, {
-    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
-    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
-    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
-    'Value' : [ 0x0, ['unsigned long long']],
-} ],
-  '__unnamed_2155' : [ 0x8, {
-    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
-    'FlagsLong' : [ 0x0, ['unsigned long']],
-    'StartVa' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '_MMADDRESS_LIST' : [ 0x10, {
-    'u1' : [ 0x0, ['__unnamed_2155']],
-    'EndVa' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
-    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'Value' : [ 0x0, ['unsigned long']],
-} ],
-  '_XSTATE_FEATURE' : [ 0x8, {
-    'Offset' : [ 0x0, ['unsigned long']],
-    'Size' : [ 0x4, ['unsigned long']],
-} ],
-  '_DBGKD_CONTEXT_EX' : [ 0xc, {
-    'Offset' : [ 0x0, ['unsigned long']],
-    'ByteCount' : [ 0x4, ['unsigned long']],
-    'BytesCopied' : [ 0x8, ['unsigned long']],
-} ],
-  '_CM_DIRTY_VECTOR_LOG' : [ 0x488, {
-    'Next' : [ 0x0, ['unsigned long']],
-    'Size' : [ 0x4, ['unsigned long']],
-    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
-} ],
-  '_ARBITER_INSTANCE' : [ 0x150, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
-    'Name' : [ 0x10, ['pointer64', ['unsigned short']]],
-    'OrderingName' : [ 0x18, ['pointer64', ['unsigned short']]],
-    'ResourceType' : [ 0x20, ['long']],
-    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
-    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
-    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
-    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
-    'ReferenceCount' : [ 0x58, ['long']],
-    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
-    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
-    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
-    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
-    'PackResource' : [ 0x80, ['pointer64', ['void']]],
-    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
-    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
-    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
-    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
-    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
-    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
-    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
-    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
-    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
-    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
-    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
-    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
-    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
-    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
-    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
-    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
-    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
-    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
-    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
-    'TransactionInProgress' : [ 0x120, ['unsigned char']],
-    'TransactionEvent' : [ 0x128, ['pointer64', ['_KEVENT']]],
-    'Extension' : [ 0x130, ['pointer64', ['void']]],
-    'BusDeviceObject' : [ 0x138, ['pointer64', ['_DEVICE_OBJECT']]],
-    'ConflictCallbackContext' : [ 0x140, ['pointer64', ['void']]],
-    'ConflictCallback' : [ 0x148, ['pointer64', ['void']]],
-} ],
-  '_MMVAD_FLAGS1' : [ 0x4, {
-    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
-    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_MI_SYSTEM_INFORMATION' : [ 0x1bc0, {
-    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
-    'Sections' : [ 0x100, ['_MI_SECTION_STATE']],
-    'SystemImages' : [ 0x380, ['_MI_SYSTEM_IMAGE_STATE']],
-    'Sessions' : [ 0x440, ['_MI_SESSION_STATE']],
-    'Processes' : [ 0x4d0, ['_MI_PROCESS_STATE']],
-    'Hardware' : [ 0x530, ['_MI_HARDWARE_STATE']],
-    'SystemVa' : [ 0x600, ['_MI_SYSTEM_VA_STATE']],
-    'PageCombines' : [ 0x8c0, ['_MI_COMBINE_STATE']],
-    'Partitions' : [ 0xa60, ['_MI_PARTITION_STATE']],
-    'Shutdowns' : [ 0xac0, ['_MI_SHUTDOWN_STATE']],
-    'Errors' : [ 0xb40, ['_MI_ERROR_STATE']],
-    'AccessLog' : [ 0xc00, ['_MI_ACCESS_LOG_STATE']],
-    'Debugger' : [ 0xc80, ['_MI_DEBUGGER_STATE']],
-    'Standby' : [ 0xdc0, ['_MI_STANDBY_STATE']],
-    'SystemPtes' : [ 0xe80, ['_MI_SYSTEM_PTE_STATE']],
-    'IoPages' : [ 0x1000, ['_MI_IO_PAGE_STATE']],
-    'PagingIo' : [ 0x1060, ['_MI_PAGING_IO_STATE']],
-    'CommonPages' : [ 0x10b0, ['_MI_COMMON_PAGE_STATE']],
-    'Trims' : [ 0x1180, ['_MI_SYSTEM_TRIM_STATE']],
-    'ResTrack' : [ 0x11c0, ['_MI_RESAVAIL_TRACKER']],
-    'Cookie' : [ 0x1540, ['unsigned long long']],
-    'ZeroingDisabled' : [ 0x1548, ['long']],
-    'BootRegistryRuns' : [ 0x1550, ['pointer64', ['pointer64', ['void']]]],
-    'FullyInitialized' : [ 0x1558, ['unsigned char']],
-    'SafeBooted' : [ 0x1559, ['unsigned char']],
-    'LargePfnBitMap' : [ 0x1560, ['_RTL_BITMAP_EX']],
-    'TraceLogging' : [ 0x1570, ['pointer64', ['_TlgProvider_t']]],
-    'Vs' : [ 0x1580, ['_MI_VISIBLE_STATE']],
-} ],
-  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
-    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'SortKey' : [ 0x10, ['unsigned long']],
-    'Inserted' : [ 0x14, ['unsigned char']],
-} ],
-  '_PPM_SELECTION_DEPENDENCY' : [ 0x18, {
-    'Processor' : [ 0x0, ['unsigned long']],
-    'Menu' : [ 0x8, ['_PPM_SELECTION_MENU']],
-} ],
-  '__unnamed_21cf' : [ 0x4, {
-    'UserData' : [ 0x0, ['unsigned long']],
-    'Next' : [ 0x0, ['unsigned long']],
-} ],
-  '__unnamed_21d1' : [ 0x4, {
-    'u' : [ 0x0, ['__unnamed_21cf']],
-} ],
-  '__unnamed_21d3' : [ 0x4, {
-    'NewCell' : [ 0x0, ['__unnamed_21d1']],
-} ],
-  '_HCELL' : [ 0x8, {
-    'Size' : [ 0x0, ['long']],
-    'u' : [ 0x4, ['__unnamed_21d3']],
-} ],
-  '_MI_VISIBLE_STATE' : [ 0x640, {
-    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
-    'SessionWsList' : [ 0x50, ['_LIST_ENTRY']],
-    'SessionIdBitmap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
-    'PagedPoolInfo' : [ 0x68, ['_MM_PAGED_POOL_INFO']],
-    'MaximumNonPagedPoolInPages' : [ 0xa0, ['unsigned long long']],
-    'SizeOfPagedPoolInPages' : [ 0xa8, ['unsigned long long']],
-    'SystemPteInfo' : [ 0xb0, ['_MI_SYSTEM_PTE_TYPE']],
-    'NonPagedPoolCommit' : [ 0x110, ['unsigned long long']],
-    'BootCommit' : [ 0x118, ['unsigned long long']],
-    'MdlPagesAllocated' : [ 0x120, ['unsigned long long']],
-    'SystemPageTableCommit' : [ 0x128, ['unsigned long long']],
-    'SpecialPagesInUse' : [ 0x130, ['unsigned long long']],
-    'WsOverheadPages' : [ 0x138, ['unsigned long long']],
-    'VadBitmapPages' : [ 0x140, ['unsigned long long']],
-    'ProcessCommit' : [ 0x148, ['unsigned long long']],
-    'SharedCommit' : [ 0x150, ['unsigned long long']],
-    'DriverCommit' : [ 0x158, ['long']],
-    'SystemWs' : [ 0x180, ['array', 3, ['_MMSUPPORT']]],
-    'MapCacheFailures' : [ 0x468, ['unsigned long']],
-    'PagefileHashPages' : [ 0x470, ['unsigned long long']],
-    'PteHeader' : [ 0x478, ['_SYSPTES_HEADER']],
-    'SessionSpecialPool' : [ 0x590, ['pointer64', ['_MI_SPECIAL_POOL']]],
-    'SystemVaTypeCount' : [ 0x598, ['array', 14, ['unsigned long long']]],
-} ],
-  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
-    'Type' : [ 0x0, ['unsigned short']],
-    'Reserved' : [ 0x2, ['unsigned char']],
-    'Enabled' : [ 0x3, ['unsigned char']],
-    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
-    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
-    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
-    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
-    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
-    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
-    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
-    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
-} ],
-  '_HMAP_TABLE' : [ 0x5000, {
-    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
-} ],
-  '_SEP_LOWBOX_HANDLES_ENTRY' : [ 0x38, {
-    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
-    'ReferenceCount' : [ 0x18, ['long long']],
-    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
-    'HandleCount' : [ 0x28, ['unsigned long']],
-    'Handles' : [ 0x30, ['pointer64', ['pointer64', ['void']]]],
-} ],
-  '_PROC_PERF_CONSTRAINT' : [ 0x58, {
-    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
-    'PerfContext' : [ 0x8, ['unsigned long long']],
-    'ProcCap' : [ 0x10, ['unsigned long']],
-    'ProcFloor' : [ 0x14, ['unsigned long']],
-    'PlatformCap' : [ 0x18, ['unsigned long']],
-    'ThermalCap' : [ 0x1c, ['unsigned long']],
-    'LimitReasons' : [ 0x20, ['unsigned long']],
-    'PlatformCapStartTime' : [ 0x28, ['unsigned long long']],
-    'TargetPercent' : [ 0x30, ['unsigned long']],
-    'SelectedPercent' : [ 0x34, ['unsigned long']],
-    'SelectedFrequency' : [ 0x38, ['unsigned long']],
-    'PreviousFrequency' : [ 0x3c, ['unsigned long']],
-    'PreviousPercent' : [ 0x40, ['unsigned long']],
-    'LatestFrequencyPercent' : [ 0x44, ['unsigned long']],
-    'SelectedState' : [ 0x48, ['unsigned long long']],
-    'Force' : [ 0x50, ['unsigned char']],
-} ],
-  '__unnamed_21ef' : [ 0x20, {
-    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
-    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
-    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
-    'SystemWake' : [ 0x18, ['unsigned char']],
-} ],
-  '__unnamed_21f2' : [ 0x10, {
-    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
-    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
-} ],
-  '_POP_IRP_DATA' : [ 0xf8, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
-    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
-    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
-    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
-    'WatchdogStart' : [ 0x30, ['unsigned long long']],
-    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
-    'WatchdogDpc' : [ 0x78, ['_KDPC']],
-    'MinorFunction' : [ 0xb8, ['unsigned char']],
-    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
-    'PowerState' : [ 0xc0, ['_POWER_STATE']],
-    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
-    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
-    'SystemTransition' : [ 0xd0, ['unsigned char']],
-    'NotifyPEP' : [ 0xd1, ['unsigned char']],
-    'Device' : [ 0xd8, ['__unnamed_21ef']],
-    'System' : [ 0xd8, ['__unnamed_21f2']],
-} ],
-  '_MI_ERROR_STATE' : [ 0xb8, {
-    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
-    'ProbeRaises' : [ 0x38, ['_MI_PROBE_RAISE_TRACKER']],
-    'ForcedCommits' : [ 0x78, ['_MI_FORCED_COMMITS']],
-    'WsleFailures' : [ 0x80, ['array', 2, ['unsigned long']]],
-    'WsLinear' : [ 0x88, ['unsigned long']],
-    'PageHashErrors' : [ 0x8c, ['unsigned long']],
-    'CheckZeroCount' : [ 0x90, ['unsigned long']],
-    'ZeroedPageSingleBitErrorsDetected' : [ 0x94, ['long']],
-    'BadPagesDetected' : [ 0x98, ['long']],
-    'ScrubPasses' : [ 0x9c, ['long']],
-    'ScrubBadPagesFound' : [ 0xa0, ['long']],
-    'UserViewFailures' : [ 0xa4, ['unsigned long']],
-    'UserViewCollisionFailures' : [ 0xa8, ['unsigned long']],
-    'ResavailFailures' : [ 0xac, ['_MI_RESAVAIL_FAILURES']],
-    'PendingBadPages' : [ 0xb4, ['unsigned char']],
-    'InitFailure' : [ 0xb5, ['unsigned char']],
-    'StopBadMaps' : [ 0xb6, ['unsigned char']],
-} ],
-  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
-    'VirtualAddress' : [ 0x0, ['unsigned long']],
-    'Size' : [ 0x4, ['unsigned long']],
-} ],
-  '_DEVICE_CAPABILITIES' : [ 0x40, {
-    'Size' : [ 0x0, ['unsigned short']],
-    'Version' : [ 0x2, ['unsigned short']],
-    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
-    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
-    'Address' : [ 0x8, ['unsigned long']],
-    'UINumber' : [ 0xc, ['unsigned long']],
-    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
-    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
-    'D1Latency' : [ 0x34, ['unsigned long']],
-    'D2Latency' : [ 0x38, ['unsigned long']],
-    'D3Latency' : [ 0x3c, ['unsigned long']],
-} ],
-  '_MI_USER_VA_INFO' : [ 0x158, {
-    'NumberOfCommittedPageTables' : [ 0x0, ['unsigned long']],
-    'HighestTopDownAllocationAddress' : [ 0x8, ['pointer64', ['void']]],
-    'VadCell' : [ 0x10, ['array', 2, ['_MI_VAD_ALLOCATION_CELL']]],
-    'VadBitMapCommitment' : [ 0x60, ['unsigned long']],
-    'MaximumLastVadBit' : [ 0x64, ['unsigned long']],
-    'VadsBeingDeleted' : [ 0x68, ['long']],
-    'NumberOfDebugEnclaves' : [ 0x6c, ['long']],
-    'PhysicalMappingCount' : [ 0x70, ['unsigned long long']],
-    'LastVadDeletionEvent' : [ 0x78, ['pointer64', ['_KEVENT']]],
-    'SubVadRanges' : [ 0x80, ['array', 3, ['_LIST_ENTRY']]],
-    'NumaAware' : [ 0xb0, ['unsigned char']],
-    'CloneNestingLevel' : [ 0xb8, ['unsigned long long']],
-    'PrivateFixupVadCount' : [ 0xc0, ['unsigned long long']],
-    'CfgBitMap' : [ 0xc8, ['array', 2, ['_MI_CFG_BITMAP_INFO']]],
-    'CommittedPageTableBufferForTopLevel' : [ 0xf8, ['array', 8, ['unsigned long']]],
-    'CommittedPageTableBitmaps' : [ 0x118, ['array', 3, ['_RTL_BITMAP']]],
-    'PageTableBitmapPages' : [ 0x148, ['array', 3, ['unsigned long']]],
-} ],
-  '_PROC_FEEDBACK' : [ 0x90, {
-    'Lock' : [ 0x0, ['unsigned long long']],
-    'CyclesLast' : [ 0x8, ['unsigned long long']],
-    'CyclesActive' : [ 0x10, ['unsigned long long']],
-    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
-    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
-    'UnscaledTime' : [ 0x30, ['unsigned long long']],
-    'UnaccountedTime' : [ 0x38, ['long long']],
-    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
-    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
-    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
-    'UserTimeLast' : [ 0x60, ['unsigned long']],
-    'KernelTimeLast' : [ 0x64, ['unsigned long']],
-    'IdleGenerationNumberLast' : [ 0x68, ['unsigned long long']],
-    'HvActiveTimeLast' : [ 0x70, ['unsigned long long']],
-    'StallCyclesLast' : [ 0x78, ['unsigned long long']],
-    'StallTime' : [ 0x80, ['unsigned long long']],
-    'KernelTimesIndex' : [ 0x88, ['unsigned char']],
-} ],
-  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x38, {
-    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
-    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'LocationTreeNode' : [ 0x18, ['_RTL_BALANCED_NODE']],
-    'StartingIndex' : [ 0x30, ['unsigned long']],
-    'Length' : [ 0x34, ['unsigned long']],
-} ],
-  '__unnamed_220f' : [ 0x18, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'Alignment' : [ 0x4, ['unsigned long']],
-    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
-    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
-} ],
-  '__unnamed_2213' : [ 0x18, {
-    'MinimumVector' : [ 0x0, ['unsigned long']],
-    'MaximumVector' : [ 0x4, ['unsigned long']],
-    'AffinityPolicy' : [ 0x8, ['unsigned short']],
-    'Group' : [ 0xa, ['unsigned short']],
-    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
-    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
-} ],
-  '__unnamed_2215' : [ 0x8, {
-    'MinimumChannel' : [ 0x0, ['unsigned long']],
-    'MaximumChannel' : [ 0x4, ['unsigned long']],
-} ],
-  '__unnamed_2217' : [ 0x10, {
-    'RequestLine' : [ 0x0, ['unsigned long']],
-    'Reserved' : [ 0x4, ['unsigned long']],
-    'Channel' : [ 0x8, ['unsigned long']],
-    'TransferWidth' : [ 0xc, ['unsigned long']],
-} ],
-  '__unnamed_2219' : [ 0xc, {
-    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
-} ],
-  '__unnamed_221b' : [ 0x10, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'MinBusNumber' : [ 0x4, ['unsigned long']],
-    'MaxBusNumber' : [ 0x8, ['unsigned long']],
-    'Reserved' : [ 0xc, ['unsigned long']],
-} ],
-  '__unnamed_221d' : [ 0xc, {
-    'Priority' : [ 0x0, ['unsigned long']],
-    'Reserved1' : [ 0x4, ['unsigned long']],
-    'Reserved2' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_221f' : [ 0x18, {
-    'Length40' : [ 0x0, ['unsigned long']],
-    'Alignment40' : [ 0x4, ['unsigned long']],
-    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
-    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
-} ],
-  '__unnamed_2221' : [ 0x18, {
-    'Length48' : [ 0x0, ['unsigned long']],
-    'Alignment48' : [ 0x4, ['unsigned long']],
-    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
-    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
-} ],
-  '__unnamed_2223' : [ 0x18, {
-    'Length64' : [ 0x0, ['unsigned long']],
-    'Alignment64' : [ 0x4, ['unsigned long']],
-    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
-    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
-} ],
-  '__unnamed_2225' : [ 0xc, {
-    'Class' : [ 0x0, ['unsigned char']],
-    'Type' : [ 0x1, ['unsigned char']],
-    'Reserved1' : [ 0x2, ['unsigned char']],
-    'Reserved2' : [ 0x3, ['unsigned char']],
-    'IdLowPart' : [ 0x4, ['unsigned long']],
-    'IdHighPart' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_2227' : [ 0x18, {
-    'Port' : [ 0x0, ['__unnamed_220f']],
-    'Memory' : [ 0x0, ['__unnamed_220f']],
-    'Interrupt' : [ 0x0, ['__unnamed_2213']],
-    'Dma' : [ 0x0, ['__unnamed_2215']],
-    'DmaV3' : [ 0x0, ['__unnamed_2217']],
-    'Generic' : [ 0x0, ['__unnamed_220f']],
-    'DevicePrivate' : [ 0x0, ['__unnamed_2219']],
-    'BusNumber' : [ 0x0, ['__unnamed_221b']],
-    'ConfigData' : [ 0x0, ['__unnamed_221d']],
-    'Memory40' : [ 0x0, ['__unnamed_221f']],
-    'Memory48' : [ 0x0, ['__unnamed_2221']],
-    'Memory64' : [ 0x0, ['__unnamed_2223']],
-    'Connection' : [ 0x0, ['__unnamed_2225']],
-} ],
-  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
-    'Option' : [ 0x0, ['unsigned char']],
-    'Type' : [ 0x1, ['unsigned char']],
-    'ShareDisposition' : [ 0x2, ['unsigned char']],
-    'Spare1' : [ 0x3, ['unsigned char']],
-    'Flags' : [ 0x4, ['unsigned short']],
-    'Spare2' : [ 0x6, ['unsigned short']],
-    'u' : [ 0x8, ['__unnamed_2227']],
-} ],
-  '_POP_THERMAL_ZONE' : [ 0x348, {
-    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
-    'Notification' : [ 0x18, ['pointer64', ['void']]],
-    'Name' : [ 0x20, ['_UNICODE_STRING']],
-    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
-    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
-    'State' : [ 0x40, ['unsigned char']],
-    'Flags' : [ 0x41, ['unsigned char']],
-    'Removing' : [ 0x42, ['unsigned char']],
-    'Mode' : [ 0x43, ['unsigned char']],
-    'PendingMode' : [ 0x44, ['unsigned char']],
-    'ActivePoint' : [ 0x45, ['unsigned char']],
-    'PendingActivePoint' : [ 0x46, ['unsigned char']],
-    'Critical' : [ 0x47, ['unsigned char']],
-    'ThermalStandby' : [ 0x48, ['unsigned char']],
-    'OverThrottled' : [ 0x49, ['unsigned char']],
-    'HighPrecisionThrottle' : [ 0x4c, ['long']],
-    'Throttle' : [ 0x50, ['long']],
-    'PendingThrottle' : [ 0x54, ['long']],
-    'ThrottleReasons' : [ 0x58, ['unsigned long']],
-    'LastTime' : [ 0x60, ['unsigned long long']],
-    'SampleRate' : [ 0x68, ['unsigned long']],
-    'LastTemp' : [ 0x6c, ['unsigned long']],
-    'PassiveTimer' : [ 0x70, ['_KTIMER']],
-    'PassiveDpc' : [ 0xb0, ['_KDPC']],
-    'Info' : [ 0xf0, ['_THERMAL_INFORMATION_EX']],
-    'InfoLastUpdateTime' : [ 0x148, ['_LARGE_INTEGER']],
-    'Policy' : [ 0x150, ['_THERMAL_POLICY']],
-    'PolicyDriver' : [ 0x168, ['unsigned char']],
-    'LastActiveStartTime' : [ 0x170, ['unsigned long long']],
-    'LastPassiveStartTime' : [ 0x178, ['unsigned long long']],
-    'WorkItem' : [ 0x180, ['_WORK_QUEUE_ITEM']],
-    'Lock' : [ 0x1a0, ['_POP_RW_LOCK']],
-    'ZoneStopped' : [ 0x1b0, ['_KEVENT']],
-    'TemperatureUpdated' : [ 0x1c8, ['_KEVENT']],
-    'InstanceId' : [ 0x1e0, ['unsigned long']],
-    'TelemetryTracker' : [ 0x1e8, ['_POP_THERMAL_TELEMETRY_TRACKER']],
-    'Description' : [ 0x338, ['_UNICODE_STRING']],
-} ],
-  '_MMPTE_LIST' : [ 0x8, {
-    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long long')]],
-    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
-    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
-    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
-    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
-    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
-    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
-    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
-    'Signature' : [ 0x10, ['unsigned long long']],
-} ],
-  '_MI_REBUILD_LARGE_PAGES' : [ 0x228, {
-    'Active' : [ 0x0, ['long']],
-    'Timer' : [ 0x4, ['array', 64, ['array', 4, ['_MI_REBUILD_LARGE_PAGE_COUNTDOWN']]]],
-    'WorkItem' : [ 0x208, ['_WORK_QUEUE_ITEM']],
-} ],
-  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
-    'RefCount' : [ 0x0, ['long']],
-    'TableSize' : [ 0x4, ['unsigned long']],
-    'BitMaskFlags' : [ 0x8, ['unsigned long']],
-    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
-    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
-    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
-} ],
-  '_HHIVE' : [ 0xa68, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
-    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
-    'Allocate' : [ 0x18, ['pointer64', ['void']]],
-    'Free' : [ 0x20, ['pointer64', ['void']]],
-    'FileWrite' : [ 0x28, ['pointer64', ['void']]],
-    'FileRead' : [ 0x30, ['pointer64', ['void']]],
-    'HiveLoadFailure' : [ 0x38, ['pointer64', ['void']]],
-    'BaseBlock' : [ 0x40, ['pointer64', ['_HBASE_BLOCK']]],
-    'DirtyVector' : [ 0x48, ['_RTL_BITMAP']],
-    'DirtyCount' : [ 0x58, ['unsigned long']],
-    'DirtyAlloc' : [ 0x5c, ['unsigned long']],
-    'UnreconciledVector' : [ 0x60, ['_RTL_BITMAP']],
-    'UnreconciledCount' : [ 0x70, ['unsigned long']],
-    'BaseBlockAlloc' : [ 0x74, ['unsigned long']],
-    'Cluster' : [ 0x78, ['unsigned long']],
-    'Flat' : [ 0x7c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'ReadOnly' : [ 0x7c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'SystemCacheBacked' : [ 0x7c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'Reserved' : [ 0x7c, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
-    'DirtyFlag' : [ 0x7d, ['unsigned char']],
-    'HvBinHeadersUse' : [ 0x80, ['unsigned long']],
-    'HvFreeCellsUse' : [ 0x84, ['unsigned long']],
-    'HvUsedCellsUse' : [ 0x88, ['unsigned long']],
-    'CmUsedCellsUse' : [ 0x8c, ['unsigned long']],
-    'HiveFlags' : [ 0x90, ['unsigned long']],
-    'CurrentLog' : [ 0x94, ['unsigned long']],
-    'CurrentLogSequence' : [ 0x98, ['unsigned long']],
-    'CurrentLogMinimumSequence' : [ 0x9c, ['unsigned long']],
-    'CurrentLogOffset' : [ 0xa0, ['unsigned long']],
-    'MinimumLogSequence' : [ 0xa4, ['unsigned long']],
-    'LogFileSizeCap' : [ 0xa8, ['unsigned long']],
-    'LogDataPresent' : [ 0xac, ['array', 2, ['unsigned char']]],
-    'PrimaryFileValid' : [ 0xae, ['unsigned char']],
-    'BaseBlockDirty' : [ 0xaf, ['unsigned char']],
-    'LastLogSwapTime' : [ 0xb0, ['_LARGE_INTEGER']],
-    'FirstLogFile' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
-    'SecondLogFile' : [ 0xb8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
-    'HeaderRecovered' : [ 0xb8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
-    'LegacyRecoveryIndicated' : [ 0xb8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
-    'RecoveryInformationReserved' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
-    'RecoveryInformation' : [ 0xb8, ['unsigned short']],
-    'LogEntriesRecovered' : [ 0xba, ['array', 2, ['unsigned char']]],
-    'RefreshCount' : [ 0xbc, ['unsigned long']],
-    'StorageTypeCount' : [ 0xc0, ['unsigned long']],
-    'Version' : [ 0xc4, ['unsigned long']],
-    'ViewMap' : [ 0xc8, ['_HVIEW_MAP']],
-    'Storage' : [ 0x578, ['array', 2, ['_DUAL']]],
-} ],
-  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
-    'Type' : [ 0x0, ['unsigned short']],
-    'Enabled' : [ 0x2, ['unsigned char']],
-} ],
-  '_ETW_FILTER_HEADER' : [ 0x48, {
-    'FilterFlags' : [ 0x0, ['long']],
-    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
-    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
-    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
-    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
-    'StackWalkFilter' : [ 0x28, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
-    'EventIdFilter' : [ 0x30, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
-    'PayloadFilter' : [ 0x38, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
-    'ProviderSideFilter' : [ 0x40, ['pointer64', ['_EVENT_FILTER_HEADER']]],
-} ],
-  '_CM_WORKITEM' : [ 0x28, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'Private' : [ 0x10, ['unsigned long']],
-    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
-    'Parameter' : [ 0x20, ['pointer64', ['void']]],
-} ],
-  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
-    'RefCount' : [ 0x0, ['long']],
-    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
-} ],
-  '_CM_TRANS' : [ 0xa8, {
-    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
-    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
-    'KtmTrans' : [ 0x30, ['pointer64', ['void']]],
-    'CmRm' : [ 0x38, ['pointer64', ['_CM_RM']]],
-    'KtmEnlistmentObject' : [ 0x40, ['pointer64', ['_KENLISTMENT']]],
-    'KtmEnlistmentHandle' : [ 0x48, ['pointer64', ['void']]],
-    'KtmUow' : [ 0x50, ['_GUID']],
-    'StartLsn' : [ 0x60, ['unsigned long long']],
-    'TransState' : [ 0x68, ['unsigned long']],
-    'HiveCount' : [ 0x6c, ['unsigned long']],
-    'HiveArray' : [ 0x70, ['array', 7, ['pointer64', ['_CMHIVE']]]],
-} ],
-  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
-    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
-    'AsULONG' : [ 0x0, ['unsigned long']],
-} ],
-  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
-    'Version' : [ 0x0, ['unsigned short']],
-    'Revision' : [ 0x2, ['unsigned short']],
-    'Count' : [ 0x4, ['unsigned long']],
-    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
-} ],
-  '_RTL_RANGE_LIST' : [ 0x20, {
-    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
-    'Flags' : [ 0x10, ['unsigned long']],
-    'Count' : [ 0x14, ['unsigned long']],
-    'Stamp' : [ 0x18, ['unsigned long']],
-} ],
-  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
-    'Bias' : [ 0x0, ['long']],
-    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
-    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
-    'StandardBias' : [ 0x54, ['long']],
-    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
-    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
-    'DaylightBias' : [ 0xa8, ['long']],
-} ],
-  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x150, {
-    'AccountingDisabled' : [ 0x0, ['unsigned char']],
-    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
-    'TotalPassiveTime' : [ 0x10, ['array', 20, ['unsigned long long']]],
-    'PassiveTimeSnap' : [ 0xb0, ['array', 20, ['unsigned long long']]],
-} ],
-  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
-    'Attributes' : [ 0x0, ['unsigned long']],
-    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
-    'ProbeMode' : [ 0x10, ['unsigned char']],
-    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
-    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
-    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
-    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
-    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
-    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
-} ],
-  '_HVIEW_MAP' : [ 0x4b0, {
-    'MappedLength' : [ 0x0, ['unsigned long']],
-    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
-    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
-    'Directory' : [ 0x18, ['pointer64', ['_HVIEW_MAP_DIRECTORY']]],
-    'PagesCharged' : [ 0x20, ['unsigned long']],
-    'PinLog' : [ 0x28, ['_HVIEW_MAP_PIN_LOG']],
-} ],
-  '_TRACE_ENABLE_INFO' : [ 0x20, {
-    'IsEnabled' : [ 0x0, ['unsigned long']],
-    'Level' : [ 0x4, ['unsigned char']],
-    'Reserved1' : [ 0x5, ['unsigned char']],
-    'LoggerId' : [ 0x6, ['unsigned short']],
-    'EnableProperty' : [ 0x8, ['unsigned long']],
-    'Reserved2' : [ 0xc, ['unsigned long']],
-    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
-    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
-} ],
-  '_DISALLOWED_GUIDS' : [ 0x10, {
-    'Count' : [ 0x0, ['unsigned short']],
-    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
-} ],
-  '_HVIEW_MAP_DIRECTORY' : [ 0x400, {
-    'Tables' : [ 0x0, ['array', 128, ['pointer64', ['_HVIEW_MAP_TABLE']]]],
-} ],
-  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
-    'StackDepth' : [ 0x0, ['unsigned long']],
-    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
-} ],
-  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
-    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
-    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
-    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
-} ],
-  '_SEP_AUDIT_POLICY' : [ 0x1f, {
-    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
-    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
-} ],
-  '__unnamed_229f' : [ 0x4, {
-    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '__unnamed_22a1' : [ 0x20, {
-    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
-    'Flags' : [ 0x0, ['__unnamed_229f']],
-} ],
-  '_VF_TARGET_DRIVER' : [ 0x38, {
-    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE']],
-    'u1' : [ 0x10, ['__unnamed_22a1']],
-    'VerifiedData' : [ 0x30, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
-} ],
-  '__unnamed_22aa' : [ 0x14, {
-    'ClassGuid' : [ 0x0, ['_GUID']],
-    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
-} ],
-  '__unnamed_22ac' : [ 0x2, {
-    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
-} ],
-  '__unnamed_22ae' : [ 0x10, {
-    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
-    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
-} ],
-  '__unnamed_22b0' : [ 0x8, {
-    'Notification' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '__unnamed_22b2' : [ 0x8, {
-    'NotificationCode' : [ 0x0, ['unsigned long']],
-    'NotificationData' : [ 0x4, ['unsigned long']],
-} ],
-  '__unnamed_22b4' : [ 0x8, {
-    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
-    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
-} ],
-  '__unnamed_22b6' : [ 0x10, {
-    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
-} ],
-  '__unnamed_22b8' : [ 0x2, {
-    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
-} ],
-  '__unnamed_22ba' : [ 0x20, {
-    'PowerSettingGuid' : [ 0x0, ['_GUID']],
-    'Flags' : [ 0x10, ['unsigned long']],
-    'SessionId' : [ 0x14, ['unsigned long']],
-    'DataLength' : [ 0x18, ['unsigned long']],
-    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
-} ],
-  '__unnamed_22bc' : [ 0x20, {
-    'DeviceClass' : [ 0x0, ['__unnamed_22aa']],
-    'TargetDevice' : [ 0x0, ['__unnamed_22ac']],
-    'InstallDevice' : [ 0x0, ['__unnamed_22ac']],
-    'CustomNotification' : [ 0x0, ['__unnamed_22ae']],
-    'ProfileNotification' : [ 0x0, ['__unnamed_22b0']],
-    'PowerNotification' : [ 0x0, ['__unnamed_22b2']],
-    'VetoNotification' : [ 0x0, ['__unnamed_22b4']],
-    'BlockedDriverNotification' : [ 0x0, ['__unnamed_22b6']],
-    'InvalidIDNotification' : [ 0x0, ['__unnamed_22b8']],
-    'PowerSettingNotification' : [ 0x0, ['__unnamed_22ba']],
-    'PropertyChangeNotification' : [ 0x0, ['__unnamed_22ac']],
-    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_22ac']],
-} ],
-  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
-    'EventGuid' : [ 0x0, ['_GUID']],
-    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'DeviceInstanceStartedEvent', 12: 'MaxPlugEventCategory'})]],
-    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
-    'Flags' : [ 0x20, ['unsigned long']],
-    'TotalSize' : [ 0x24, ['unsigned long']],
-    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
-    'u' : [ 0x30, ['__unnamed_22bc']],
-} ],
-  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
-    'Links' : [ 0x0, ['_LIST_ENTRY']],
-    'Loads' : [ 0x10, ['unsigned long']],
-    'Unloads' : [ 0x14, ['unsigned long']],
-    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
-} ],
-  '_MMPTE_TIMESTAMP' : [ 0x8, {
-    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
-    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
-    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
-    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
-    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
-    'SidCount' : [ 0x0, ['unsigned long']],
-    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
-    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
-} ],
-  '_XSTATE_CONTEXT' : [ 0x20, {
-    'Mask' : [ 0x0, ['unsigned long long']],
-    'Length' : [ 0x8, ['unsigned long']],
-    'Reserved1' : [ 0xc, ['unsigned long']],
-    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
-    'Buffer' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x58, {
-    'Context' : [ 0x0, ['pointer64', ['void']]],
-    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
-    'DependencyCount' : [ 0x38, ['unsigned long']],
-    'DependencyUsed' : [ 0x3c, ['unsigned long']],
-    'DependencyArray' : [ 0x40, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
-    'PlatformIdleStateIndex' : [ 0x48, ['unsigned long']],
-    'ProcessorIdleStateIndex' : [ 0x4c, ['unsigned long']],
-    'IdleSelectFailureMask' : [ 0x50, ['unsigned long']],
-} ],
-  '_XSAVE_FORMAT' : [ 0x200, {
-    'ControlWord' : [ 0x0, ['unsigned short']],
-    'StatusWord' : [ 0x2, ['unsigned short']],
-    'TagWord' : [ 0x4, ['unsigned char']],
-    'Reserved1' : [ 0x5, ['unsigned char']],
-    'ErrorOpcode' : [ 0x6, ['unsigned short']],
-    'ErrorOffset' : [ 0x8, ['unsigned long']],
-    'ErrorSelector' : [ 0xc, ['unsigned short']],
-    'Reserved2' : [ 0xe, ['unsigned short']],
-    'DataOffset' : [ 0x10, ['unsigned long']],
-    'DataSelector' : [ 0x14, ['unsigned short']],
-    'Reserved3' : [ 0x16, ['unsigned short']],
-    'MxCsr' : [ 0x18, ['unsigned long']],
-    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
-    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
-    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
-    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
-} ],
-  '__unnamed_22d8' : [ 0x1, {
-    'AsUCHAR' : [ 0x0, ['unsigned char']],
-    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
-    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
-} ],
-  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
-    'Revision' : [ 0x0, ['unsigned long']],
-    'MaxThrottle' : [ 0x4, ['unsigned char']],
-    'MinThrottle' : [ 0x5, ['unsigned char']],
-    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
-    'Spare' : [ 0x7, ['unsigned char']],
-    'Flags' : [ 0x7, ['__unnamed_22d8']],
-    'TimeCheck' : [ 0x8, ['unsigned long']],
-    'IncreaseTime' : [ 0xc, ['unsigned long']],
-    'DecreaseTime' : [ 0x10, ['unsigned long']],
-    'IncreasePercent' : [ 0x14, ['unsigned long']],
-    'DecreasePercent' : [ 0x18, ['unsigned long']],
-} ],
-  '_BUS_EXTENSION_LIST' : [ 0x10, {
-    'Next' : [ 0x0, ['pointer64', ['void']]],
-    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
-} ],
-  '_CACHED_CHILD_LIST' : [ 0x10, {
-    'Count' : [ 0x0, ['unsigned long']],
-    'ValueList' : [ 0x8, ['unsigned long long']],
-    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
-} ],
-  '_KDEVICE_QUEUE' : [ 0x28, {
-    'Type' : [ 0x0, ['short']],
-    'Size' : [ 0x2, ['short']],
-    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
-    'Lock' : [ 0x18, ['unsigned long long']],
-    'Busy' : [ 0x20, ['unsigned char']],
-    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
-    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
-} ],
-  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
-    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
-    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
-    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
-    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
-    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
-    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
-    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
-    'ContextAsUlong' : [ 0x0, ['unsigned long']],
-} ],
-  '_MI_HARDWARE_STATE' : [ 0xa8, {
-    'NodeMask' : [ 0x0, ['unsigned long']],
-    'NodeGraph' : [ 0x8, ['pointer64', ['unsigned short']]],
-    'SystemNodeInformation' : [ 0x10, ['pointer64', ['_MI_SYSTEM_NODE_INFORMATION']]],
-    'NumaLastRangeIndex' : [ 0x18, ['unsigned long']],
-    'NumaMemoryRanges' : [ 0x20, ['pointer64', ['_HAL_NODE_RANGE']]],
-    'NumaTableCaptured' : [ 0x28, ['unsigned char']],
-    'NodeShift' : [ 0x29, ['unsigned char']],
-    'ChannelMemoryRanges' : [ 0x30, ['pointer64', ['_HAL_CHANNEL_MEMORY_RANGES']]],
-    'ChannelShift' : [ 0x38, ['unsigned char']],
-    'SecondLevelCacheSize' : [ 0x3c, ['unsigned long']],
-    'FirstLevelCacheSize' : [ 0x40, ['unsigned long']],
-    'PhysicalAddressBits' : [ 0x44, ['unsigned long']],
-    'AllMainMemoryMustBeCached' : [ 0x48, ['unsigned char']],
-    'TotalPagesAllowed' : [ 0x50, ['unsigned long long']],
-    'SecondaryColorMask' : [ 0x58, ['unsigned long']],
-    'SecondaryColors' : [ 0x5c, ['unsigned long']],
-    'FlushTbForAttributeChange' : [ 0x60, ['unsigned long']],
-    'FlushCacheForAttributeChange' : [ 0x64, ['unsigned long']],
-    'FlushCacheForPageAttributeChange' : [ 0x68, ['unsigned long']],
-    'CacheFlushPromoteThreshold' : [ 0x6c, ['unsigned long']],
-    'FlushTbThreshold' : [ 0x70, ['unsigned long long']],
-    'ZeroCostCounts' : [ 0x78, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
-    'PrimaryPfns' : [ 0x98, ['unsigned long long']],
-    'HighestPossiblePhysicalPage' : [ 0xa0, ['unsigned long long']],
-} ],
-  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
-    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
-    'BtsIndex' : [ 0x8, ['unsigned long long']],
-    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
-    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
-    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
-    'PebsIndex' : [ 0x28, ['unsigned long long']],
-    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
-    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
-    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
-    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
-    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
-    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
-} ],
-  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
-    'Length' : [ 0x0, ['unsigned short']],
-    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
-    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
-    'InvalidAttributes' : [ 0x8, ['unsigned long']],
-    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
-    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
-    'RetainAccess' : [ 0x20, ['unsigned long']],
-    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
-    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
-    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
-    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
-    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
-    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
-    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
-    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
-    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
-    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
-    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
-    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
-    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
-    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
-} ],
-  '__unnamed_231c' : [ 0x8, {
-    'Long' : [ 0x0, ['unsigned long long']],
-    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
-} ],
-  '_MI_DECAY_TIMER_LINK' : [ 0x8, {
-    'u1' : [ 0x0, ['__unnamed_231c']],
-} ],
-  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x18, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'DeviceNode' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
-} ],
-  '_KPROCESSOR_STATE' : [ 0x5b0, {
-    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
-    'ContextFrame' : [ 0xe0, ['_CONTEXT']],
-} ],
-  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
-    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
-    'fAllowContextUpdate' : [ 0x8, ['long']],
-    'fEnableTrace' : [ 0xc, ['long']],
-    'EtwHandle' : [ 0x10, ['unsigned long long']],
-} ],
-  '_IO_CLIENT_EXTENSION' : [ 0x10, {
-    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
-    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
-    'ProcessorNumber' : [ 0x0, ['unsigned char']],
-    'Alignment' : [ 0x1, ['unsigned char']],
-    'ProcessorIndex' : [ 0x0, ['unsigned short']],
-    'LoggerId' : [ 0x2, ['unsigned short']],
-} ],
-  '_HEAP_EXTENDED_ENTRY' : [ 0x10, {
-    'Reserved' : [ 0x0, ['pointer64', ['void']]],
-    'FunctionIndex' : [ 0x8, ['unsigned short']],
-    'ContextValue' : [ 0xa, ['unsigned short']],
-    'InterceptorValue' : [ 0x8, ['unsigned long']],
-    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
-    'EntryOffset' : [ 0xe, ['unsigned char']],
-    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
-} ],
-  '_MI_SYSTEM_VA_STATE' : [ 0x2c0, {
-    'SystemTablesLock' : [ 0x0, ['unsigned long long']],
-    'AvailableSystemCacheVa' : [ 0x8, ['unsigned long long']],
-    'DynamicBitMapSystemPtes' : [ 0x10, ['_MI_DYNAMIC_BITMAP']],
-    'DynamicBitMapDriverImages' : [ 0x60, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
-    'DynamicBitMapPagedPool' : [ 0x100, ['_MI_DYNAMIC_BITMAP']],
-    'DynamicBitMapSpecialPool' : [ 0x150, ['_MI_DYNAMIC_BITMAP']],
-    'DynamicBitMapSystemCache' : [ 0x1a0, ['_MI_DYNAMIC_BITMAP']],
-    'WorkingSetListHashStart' : [ 0x1f0, ['pointer64', ['_MMWSLE_HASH']]],
-    'WorkingSetListHashEnd' : [ 0x1f8, ['pointer64', ['_MMWSLE_HASH']]],
-    'WorkingSetListIndirectHashStart' : [ 0x200, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
-    'FreeSystemCacheVa' : [ 0x208, ['_KEVENT']],
-    'SystemVaLock' : [ 0x220, ['unsigned long long']],
-    'DeleteKvaLock' : [ 0x228, ['long']],
-    'FreeSystemCache' : [ 0x230, ['_MI_PTE_CHAIN_HEAD']],
-    'SystemCacheViewLock' : [ 0x248, ['unsigned long long']],
-    'UnusableWsles' : [ 0x250, ['array', 5, ['unsigned long long']]],
-    'PossibleWsles' : [ 0x278, ['array', 5, ['unsigned long long']]],
-} ],
-  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
-    'DirtyPages' : [ 0x0, ['unsigned long long']],
-    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
-    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
-} ],
-  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
-    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
-    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
-    'BreakPointHandle' : [ 0x10, ['unsigned long']],
-    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
-    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
-} ],
-  '_PROC_IDLE_SNAP' : [ 0x10, {
-    'Time' : [ 0x0, ['unsigned long long']],
-    'Idle' : [ 0x8, ['unsigned long long']],
-} ],
-  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
-    'StackBase' : [ 0x0, ['unsigned long long']],
-    'StackLimit' : [ 0x8, ['unsigned long long']],
-    'KernelStack' : [ 0x10, ['unsigned long long']],
-    'InitialStack' : [ 0x18, ['unsigned long long']],
-} ],
-  '_KEXECUTE_OPTIONS' : [ 0x1, {
-    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'ExecuteOptions' : [ 0x0, ['unsigned char']],
-    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
-} ],
-  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
-    'Present' : [ 0x0, ['unsigned long long']],
-    'Enabled' : [ 0x8, ['unsigned long long']],
-    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
-} ],
-  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
-    'Type' : [ 0x0, ['unsigned short']],
-    'Enabled' : [ 0x2, ['unsigned char']],
-    'NumberOfBanks' : [ 0x3, ['unsigned char']],
-    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
-    'MCG_Capability' : [ 0x8, ['unsigned long long']],
-    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
-    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
-} ],
-  '_MI_DEBUGGER_STATE' : [ 0x118, {
-    'TransientWrite' : [ 0x0, ['unsigned char']],
-    'CodePageEdited' : [ 0x1, ['unsigned char']],
-    'DebugPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
-    'PoisonedTb' : [ 0x10, ['unsigned long']],
-    'InDebugger' : [ 0x14, ['long']],
-    'Pfns' : [ 0x18, ['array', 32, ['pointer64', ['void']]]],
-} ],
-  '_MI_PROCESS_STATE' : [ 0x60, {
-    'ColorSeed' : [ 0x0, ['unsigned long']],
-    'CloneDereferenceEvent' : [ 0x8, ['_KEVENT']],
-    'CloneProtosSListHead' : [ 0x20, ['_SLIST_HEADER']],
-    'SystemDllBase' : [ 0x30, ['pointer64', ['void']]],
-    'RotatingUniprocessorNumber' : [ 0x38, ['long']],
-    'CriticalSectionTimeout' : [ 0x40, ['_LARGE_INTEGER']],
-    'ProcessList' : [ 0x48, ['_LIST_ENTRY']],
-    'SharedUserDataPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
-} ],
-  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
-    'Start' : [ 0x0, ['unsigned long long']],
-    'End' : [ 0x8, ['unsigned long long']],
-    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
-    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
-    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
-    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
-    'AlternativeCount' : [ 0x30, ['unsigned long']],
-    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
-    'Flags' : [ 0x40, ['unsigned short']],
-    'RangeAttributes' : [ 0x42, ['unsigned char']],
-    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
-    'WorkSpace' : [ 0x48, ['unsigned long long']],
-} ],
-  '_VACB_ARRAY_HEADER' : [ 0x10, {
-    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
-    'MappingCount' : [ 0x4, ['unsigned long']],
-    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
-    'Reserved' : [ 0xc, ['unsigned long']],
-} ],
-  '_MMWSLENTRY' : [ 0x8, {
-    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
-    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
-    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long long')]],
-    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long long')]],
-    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
-    'HighActiveFlink' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
-    'HighActiveBlink' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
-    'Unused' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
-    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
-    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
-    'LidPresent' : [ 0x2, ['unsigned char']],
-    'SystemS1' : [ 0x3, ['unsigned char']],
-    'SystemS2' : [ 0x4, ['unsigned char']],
-    'SystemS3' : [ 0x5, ['unsigned char']],
-    'SystemS4' : [ 0x6, ['unsigned char']],
-    'SystemS5' : [ 0x7, ['unsigned char']],
-    'HiberFilePresent' : [ 0x8, ['unsigned char']],
-    'FullWake' : [ 0x9, ['unsigned char']],
-    'VideoDimPresent' : [ 0xa, ['unsigned char']],
-    'ApmPresent' : [ 0xb, ['unsigned char']],
-    'UpsPresent' : [ 0xc, ['unsigned char']],
-    'ThermalControl' : [ 0xd, ['unsigned char']],
-    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
-    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
-    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
-    'FastSystemS4' : [ 0x11, ['unsigned char']],
-    'Hiberboot' : [ 0x12, ['unsigned char']],
-    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
-    'AoAc' : [ 0x14, ['unsigned char']],
-    'DiskSpinDown' : [ 0x15, ['unsigned char']],
-    'HiberFileType' : [ 0x16, ['unsigned char']],
-    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
-    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
-    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
-    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
-    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
-    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-} ],
-  '_MI_REBUILD_LARGE_PAGE_COUNTDOWN' : [ 0x2, {
-    'SecondsLeft' : [ 0x0, ['unsigned char']],
-    'SecondsAssigned' : [ 0x1, ['unsigned char']],
-} ],
-  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
-    'Partition' : [ 0x0, ['unsigned long']],
-} ],
-  '_REQUEST_MAILBOX' : [ 0x40, {
-    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
-    'RequestSummary' : [ 0x8, ['unsigned long long']],
-    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
-    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
-    'NodeTargetCount' : [ 0x38, ['long']],
-} ],
-  '_DBGKD_GET_VERSION32' : [ 0x28, {
-    'MajorVersion' : [ 0x0, ['unsigned short']],
-    'MinorVersion' : [ 0x2, ['unsigned short']],
-    'ProtocolVersion' : [ 0x4, ['unsigned short']],
-    'Flags' : [ 0x6, ['unsigned short']],
-    'KernBase' : [ 0x8, ['unsigned long']],
-    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
-    'MachineType' : [ 0x10, ['unsigned short']],
-    'ThCallbackStack' : [ 0x12, ['unsigned short']],
-    'NextCallback' : [ 0x14, ['unsigned short']],
-    'FramePointer' : [ 0x16, ['unsigned short']],
-    'KiCallUserMode' : [ 0x18, ['unsigned long']],
-    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
-    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
-    'DebuggerDataList' : [ 0x24, ['unsigned long']],
-} ],
-  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
-    'Type' : [ 0x0, ['unsigned short']],
-    'Enabled' : [ 0x2, ['unsigned char']],
-    'NumberOfBanks' : [ 0x3, ['unsigned char']],
-    'Reserved' : [ 0x4, ['unsigned long']],
-    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
-    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
-} ],
-  '_WHEA_TIMESTAMP' : [ 0x8, {
-    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
-    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
-    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
-    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
-    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
-    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
-    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
-    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
-    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
-} ],
-  '_PEB32' : [ 0x460, {
-    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
-    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
-    'BeingDebugged' : [ 0x2, ['unsigned char']],
-    'BitField' : [ 0x3, ['unsigned char']],
-    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'Mutant' : [ 0x4, ['unsigned long']],
-    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
-    'Ldr' : [ 0xc, ['unsigned long']],
-    'ProcessParameters' : [ 0x10, ['unsigned long']],
-    'SubSystemData' : [ 0x14, ['unsigned long']],
-    'ProcessHeap' : [ 0x18, ['unsigned long']],
-    'FastPebLock' : [ 0x1c, ['unsigned long']],
-    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
-    'IFEOKey' : [ 0x24, ['unsigned long']],
-    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
-    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
-    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
-    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
-    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
-    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
-    'ApiSetMap' : [ 0x38, ['unsigned long']],
-    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
-    'TlsBitmap' : [ 0x40, ['unsigned long']],
-    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
-    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
-    'SparePvoid0' : [ 0x50, ['unsigned long']],
-    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
-    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
-    'OemCodePageData' : [ 0x5c, ['unsigned long']],
-    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
-    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
-    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
-    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
-    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
-    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
-    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
-    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
-    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
-    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
-    'ProcessHeaps' : [ 0x90, ['unsigned long']],
-    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
-    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
-    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
-    'LoaderLock' : [ 0xa0, ['unsigned long']],
-    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
-    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
-    'OSBuildNumber' : [ 0xac, ['unsigned short']],
-    'OSCSDVersion' : [ 0xae, ['unsigned short']],
-    'OSPlatformId' : [ 0xb0, ['unsigned long']],
-    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
-    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
-    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
-    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
-    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
-    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
-    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
-    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
-    'SessionId' : [ 0x1d4, ['unsigned long']],
-    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
-    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
-    'pShimData' : [ 0x1e8, ['unsigned long']],
-    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
-    'CSDVersion' : [ 0x1f0, ['_STRING32']],
-    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
-    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
-    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
-    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
-    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
-    'FlsCallback' : [ 0x20c, ['unsigned long']],
-    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
-    'FlsBitmap' : [ 0x218, ['unsigned long']],
-    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
-    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
-    'WerRegistrationData' : [ 0x230, ['unsigned long']],
-    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
-    'pUnused' : [ 0x238, ['unsigned long']],
-    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
-    'TracingFlags' : [ 0x240, ['unsigned long']],
-    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
-    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
-    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
-    'TppWorkerpList' : [ 0x254, ['LIST_ENTRY32']],
-    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['unsigned long']]],
-} ],
-  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x10, {
-    'Validation' : [ 0x0, ['unsigned short']],
-    'Flags' : [ 0x2, ['unsigned short']],
-    'TrackedOffsetCallback' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '_VPB' : [ 0x60, {
-    'Type' : [ 0x0, ['short']],
-    'Size' : [ 0x2, ['short']],
-    'Flags' : [ 0x4, ['unsigned short']],
-    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
-    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
-    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
-    'SerialNumber' : [ 0x18, ['unsigned long']],
-    'ReferenceCount' : [ 0x1c, ['unsigned long']],
-    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
-} ],
-  '_MI_SESSION_STATE' : [ 0x88, {
-    'SystemSession' : [ 0x0, ['_MMSESSION']],
-    'CodePageEdited' : [ 0x20, ['unsigned char']],
-    'DynamicVaBitBuffer' : [ 0x28, ['pointer64', ['unsigned long']]],
-    'DynamicVaBitBufferPages' : [ 0x30, ['unsigned long long']],
-    'DynamicPoolBitBuffer' : [ 0x38, ['pointer64', ['unsigned long']]],
-    'DynamicVaStart' : [ 0x40, ['pointer64', ['void']]],
-    'DynamicPtesBitBuffer' : [ 0x48, ['pointer64', ['unsigned long']]],
-    'IdLock' : [ 0x50, ['_EX_PUSH_LOCK']],
-    'DetachTimeStamp' : [ 0x58, ['unsigned long']],
-    'LeaderProcess' : [ 0x60, ['pointer64', ['_EPROCESS']]],
-    'InitializeLock' : [ 0x68, ['_EX_PUSH_LOCK']],
-    'WorkingSetList' : [ 0x70, ['pointer64', ['_MMWSL']]],
-    'WsHashStart' : [ 0x78, ['pointer64', ['_MMWSLE_HASH']]],
-    'WsHashEnd' : [ 0x80, ['pointer64', ['_MMWSLE_HASH']]],
-} ],
-  '_CACHE_DESCRIPTOR' : [ 0xc, {
-    'Level' : [ 0x0, ['unsigned char']],
-    'Associativity' : [ 0x1, ['unsigned char']],
-    'LineSize' : [ 0x2, ['unsigned short']],
-    'Size' : [ 0x4, ['unsigned long']],
-    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
-} ],
-  '_MMSESSION' : [ 0x20, {
-    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
-    'SystemSpaceViewLockPointer' : [ 0x8, ['pointer64', ['_EX_PUSH_LOCK']]],
-    'ViewRoot' : [ 0x10, ['_RTL_AVL_TREE']],
-    'ViewCount' : [ 0x18, ['unsigned long']],
-    'BitmapFailures' : [ 0x1c, ['unsigned long']],
-} ],
-  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
-    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
-    'TotalIrps' : [ 0x50, ['unsigned long']],
-} ],
-  '_FILE_BASIC_INFORMATION' : [ 0x28, {
-    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
-    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
-    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
-    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
-    'FileAttributes' : [ 0x20, ['unsigned long']],
-} ],
-  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x260, {
-    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
-    'Lock' : [ 0x250, ['_EX_PUSH_LOCK']],
-    'NumberOfPrivateSpaces' : [ 0x258, ['unsigned long']],
-} ],
-  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
-    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
-    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
-    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
-    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '_MI_DECAY_TIMER_LINKAGE' : [ 0x8, {
-    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
-    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
-    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_EVENT_HEADER' : [ 0x50, {
-    'Size' : [ 0x0, ['unsigned short']],
-    'HeaderType' : [ 0x2, ['unsigned short']],
-    'Flags' : [ 0x4, ['unsigned short']],
-    'EventProperty' : [ 0x6, ['unsigned short']],
-    'ThreadId' : [ 0x8, ['unsigned long']],
-    'ProcessId' : [ 0xc, ['unsigned long']],
-    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
-    'ProviderId' : [ 0x18, ['_GUID']],
-    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
-    'KernelTime' : [ 0x38, ['unsigned long']],
-    'UserTime' : [ 0x3c, ['unsigned long']],
-    'ProcessorTime' : [ 0x38, ['unsigned long long']],
-    'ActivityId' : [ 0x40, ['_GUID']],
-} ],
-  '_PF_KERNEL_GLOBALS' : [ 0x60, {
-    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
-    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
-    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
-    'AccessBufferMax' : [ 0x28, ['unsigned long']],
-    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
-    'StreamSequenceNumber' : [ 0x50, ['long']],
-    'Flags' : [ 0x54, ['unsigned long']],
-    'ScenarioPrefetchCount' : [ 0x58, ['long']],
-} ],
-  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
-    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
-    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
-    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
-} ],
-  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
-    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
-} ],
-  '__unnamed_23a3' : [ 0x4, {
-    'LongFlags' : [ 0x0, ['unsigned long']],
-    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
-} ],
-  '_MI_PARTITION_CORE' : [ 0x158, {
-    'PartitionId' : [ 0x0, ['unsigned short']],
-    'u' : [ 0x4, ['__unnamed_23a3']],
-    'ReferenceCount' : [ 0x8, ['unsigned long long']],
-    'ParentPartition' : [ 0x10, ['pointer64', ['_MI_PARTITION']]],
-    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
-    'NodeInformation' : [ 0x28, ['pointer64', ['_MI_NODE_INFORMATION']]],
-    'MdlPhysicalMemoryBlock' : [ 0x30, ['pointer64', ['_MDL']]],
-    'MemoryNodeRuns' : [ 0x38, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
-    'MemoryBlockReferences' : [ 0x40, ['unsigned long long']],
-    'PfnUnmapWorkItem' : [ 0x48, ['_WORK_QUEUE_ITEM']],
-    'PfnUnmapActive' : [ 0x68, ['unsigned char']],
-    'PfnUnmapCount' : [ 0x70, ['unsigned long long']],
-    'PfnUnmapWaitList' : [ 0x78, ['pointer64', ['void']]],
-    'MemoryRuns' : [ 0x80, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
-    'ExitEvent' : [ 0x88, ['_KEVENT']],
-    'SystemThreadHandles' : [ 0xa0, ['array', 5, ['pointer64', ['void']]]],
-    'PartitionObject' : [ 0xc8, ['pointer64', ['void']]],
-    'PartitionObjectHandle' : [ 0xd0, ['pointer64', ['void']]],
-    'DynamicMemoryPushLock' : [ 0xd8, ['_EX_PUSH_LOCK']],
-    'DynamicMemoryLock' : [ 0xe0, ['long']],
-    'TemporaryMemoryEvent' : [ 0xe8, ['_KEVENT']],
-    'MemoryEvents' : [ 0x100, ['array', 11, ['pointer64', ['_KEVENT']]]],
-} ],
-  '_MI_PARTITION_MODWRITES' : [ 0x2d0, {
-    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
-    'PageFileContract' : [ 0x60, ['_MMPAGE_FILE_EXPANSION']],
-    'NumberOfMappedMdls' : [ 0xc0, ['unsigned long long']],
-    'NumberOfMappedMdlsInUse' : [ 0xc8, ['long']],
-    'NumberOfMappedMdlsInUsePeak' : [ 0xcc, ['unsigned long']],
-    'MappedFileHeader' : [ 0xd0, ['_MMMOD_WRITER_LISTHEAD']],
-    'NeedMappedMdl' : [ 0xf8, ['unsigned char']],
-    'NeedPageFileMdl' : [ 0xf9, ['unsigned char']],
-    'TransitionInserted' : [ 0xfa, ['unsigned char']],
-    'LastModifiedWriteError' : [ 0xfc, ['long']],
-    'LastMappedWriteError' : [ 0x100, ['long']],
-    'MappedFileWriteSucceeded' : [ 0x104, ['unsigned long']],
-    'MappedWriteBurstCount' : [ 0x108, ['unsigned long']],
-    'LowPriorityModWritesOutstanding' : [ 0x10c, ['unsigned long']],
-    'BoostModWriteIoPriorityEvent' : [ 0x110, ['_KEVENT']],
-    'ModifiedWriterThreadPriority' : [ 0x128, ['long']],
-    'ModifiedPagesLowPriorityGoal' : [ 0x130, ['unsigned long long']],
-    'ModifiedPageWriterEvent' : [ 0x138, ['_KEVENT']],
-    'ModifiedWriterExitedEvent' : [ 0x150, ['_KEVENT']],
-    'WriteAllPagefilePages' : [ 0x168, ['long']],
-    'WriteAllMappedPages' : [ 0x16c, ['long']],
-    'MappedPageWriterEvent' : [ 0x170, ['_KEVENT']],
-    'ModWriteData' : [ 0x188, ['_MI_MODWRITE_DATA']],
-    'RescanPageFilesEvent' : [ 0x1c8, ['_KEVENT']],
-    'PagingFileHeader' : [ 0x1e0, ['_MMMOD_WRITER_LISTHEAD']],
-    'ModifiedPageWriterThread' : [ 0x208, ['pointer64', ['_ETHREAD']]],
-    'ModifiedPageWriterRundown' : [ 0x210, ['_EX_RUNDOWN_REF']],
-    'PagefileScanWorkItem' : [ 0x218, ['_WORK_QUEUE_ITEM']],
-    'PagefileScanCount' : [ 0x238, ['unsigned long']],
-    'ClusterWritesDisabled' : [ 0x23c, ['array', 2, ['long']]],
-    'NotifyStoreMemoryConditions' : [ 0x248, ['_KEVENT']],
-    'DelayMappedWrite' : [ 0x260, ['unsigned char']],
-    'PagefileReservationsEnabled' : [ 0x264, ['unsigned long']],
-    'PageFileCreationLock' : [ 0x268, ['_EX_PUSH_LOCK']],
-    'TrimPagefileWorkItem' : [ 0x270, ['_WORK_QUEUE_ITEM']],
-    'LastTrimPagefileTime' : [ 0x290, ['unsigned long long']],
-    'WsSwapPagefileContractWorkItem' : [ 0x298, ['_WORK_QUEUE_ITEM']],
-    'WsSwapPageFileContractionInProgress' : [ 0x2b8, ['long']],
-    'WorkingSetSwapLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
-    'WorkingSetInswapLock' : [ 0x2c8, ['long']],
-} ],
-  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
-    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
-} ],
-  '_KPRIQUEUE' : [ 0x2b0, {
-    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
-    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
-    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
-    'MaximumCount' : [ 0x298, ['unsigned long']],
-    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
-} ],
-  '__unnamed_23c0' : [ 0x4, {
-    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_MI_NODE_INFORMATION' : [ 0x538, {
-    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long long']]],
-    'LargePages' : [ 0x10, ['array', 2, ['array', 2, ['array', 4, ['_LIST_ENTRY']]]]],
-    'LargePagesCount' : [ 0x110, ['array', 2, ['array', 2, ['array', 4, ['unsigned long long']]]]],
-    'StandbyPageList' : [ 0x190, ['array', 4, ['array', 8, ['_MMPFNLIST_SHORT']]]],
-    'FreeCount' : [ 0x490, ['array', 2, ['unsigned long long']]],
-    'TotalPages' : [ 0x4a0, ['array', 4, ['unsigned long long']]],
-    'TotalPagesEntireNode' : [ 0x4c0, ['unsigned long long']],
-    'MmShiftedColor' : [ 0x4c8, ['unsigned long']],
-    'Color' : [ 0x4cc, ['unsigned long']],
-    'ChannelFreeCount' : [ 0x4d0, ['array', 4, ['array', 2, ['unsigned long long']]]],
-    'Flags' : [ 0x510, ['__unnamed_23c0']],
-    'NodeLock' : [ 0x518, ['_EX_PUSH_LOCK']],
-    'ChannelStatus' : [ 0x520, ['unsigned char']],
-    'ChannelOrdering' : [ 0x521, ['array', 4, ['unsigned char']]],
-    'LockedChannelOrdering' : [ 0x525, ['array', 4, ['unsigned char']]],
-    'PowerAttribute' : [ 0x529, ['array', 4, ['unsigned char']]],
-    'LargePageLock' : [ 0x530, ['unsigned long long']],
-} ],
-  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
-    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
-    'Handler' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '_WAITING_IRP' : [ 0x38, {
-    'Links' : [ 0x0, ['_LIST_ENTRY']],
-    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
-    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
-    'Context' : [ 0x20, ['pointer64', ['void']]],
-    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
-    'Information' : [ 0x30, ['unsigned long']],
-    'BreakAllRH' : [ 0x34, ['unsigned char']],
-} ],
-  '_ETW_FILTER_PID' : [ 0x24, {
-    'Count' : [ 0x0, ['unsigned long']],
-    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
-} ],
-  '_PPM_SELECTION_MENU' : [ 0x10, {
-    'Count' : [ 0x0, ['unsigned long']],
-    'Entries' : [ 0x8, ['pointer64', ['_PPM_SELECTION_MENU_ENTRY']]],
-} ],
-  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
-    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
-    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
-    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
-    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
-} ],
-  '_KSCHEDULING_GROUP' : [ 0x240, {
-    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
-    'RelativeWeight' : [ 0x8, ['unsigned long']],
-    'ChildMinRate' : [ 0xc, ['unsigned long']],
-    'ChildMinWeight' : [ 0x10, ['unsigned long']],
-    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
-    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
-    'NotificationCycles' : [ 0x20, ['long long']],
-    'SchedulingGroupList' : [ 0x28, ['_LIST_ENTRY']],
-    'Sibling' : [ 0x28, ['_LIST_ENTRY']],
-    'NotificationDpc' : [ 0x38, ['pointer64', ['_KDPC']]],
-    'ChildList' : [ 0x40, ['_LIST_ENTRY']],
-    'Parent' : [ 0x50, ['pointer64', ['_KSCHEDULING_GROUP']]],
-    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
-} ],
-  '_ETW_REF_CLOCK' : [ 0x10, {
-    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
-    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
-} ],
-  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
-    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
-    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
-    'Object' : [ 0x10, ['pointer64', ['void']]],
-    'TargetAccess' : [ 0x18, ['unsigned long']],
-    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
-    'HandleAttributes' : [ 0x20, ['unsigned long']],
-} ],
-  '_MMPTE_SUBSECTION' : [ 0x8, {
-    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
-    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
-    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
-    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned long long')]],
-    'ExecutePrivilege' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
-    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
-} ],
-  '_POWER_STATE' : [ 0x4, {
-    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
-} ],
-  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x10, {
-    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
-} ],
-  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
-    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
-    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
-    'Static' : [ 0x28, ['unsigned char']],
-} ],
-  '_POP_POLICY_DEVICE' : [ 0x40, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
-    'Notification' : [ 0x18, ['pointer64', ['void']]],
-    'Name' : [ 0x20, ['_UNICODE_STRING']],
-    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
-    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
-} ],
-  '__unnamed_23f3' : [ 0x8, {
-    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
-    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
-    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-} ],
-  '_SECTION' : [ 0x40, {
-    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
-    'StartingVpn' : [ 0x18, ['unsigned long long']],
-    'EndingVpn' : [ 0x20, ['unsigned long long']],
-    'u1' : [ 0x28, ['__unnamed_23f3']],
-    'SizeOfSection' : [ 0x30, ['unsigned long long']],
-    'u' : [ 0x38, ['__unnamed_16ec']],
-    'InitialPageProtection' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
-    'SessionId' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
-    'NoValidationNeeded' : [ 0x3c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_MI_SECTION_STATE' : [ 0x280, {
-    'SectionObjectPointersLock' : [ 0x0, ['long']],
-    'SectionExtendLock' : [ 0x8, ['_EX_PUSH_LOCK']],
-    'SectionExtendSetLock' : [ 0x10, ['_EX_PUSH_LOCK']],
-    'SectionBasedRoot' : [ 0x18, ['_RTL_AVL_TREE']],
-    'SectionBasedLock' : [ 0x20, ['_EX_PUSH_LOCK']],
-    'UnusedSubsectionPagedPool' : [ 0x28, ['unsigned long long']],
-    'UnusedSegmentForceFree' : [ 0x30, ['unsigned long']],
-    'DataSectionProtectionMask' : [ 0x34, ['unsigned long']],
-    'HighSectionBase' : [ 0x38, ['pointer64', ['void']]],
-    'PhysicalSubsection' : [ 0x40, ['_MSUBSECTION']],
-    'PhysicalControlArea' : [ 0xb0, ['_CONTROL_AREA']],
-    'DanglingExtentsPages' : [ 0x128, ['pointer64', ['_MMPFN']]],
-    'DanglingExtentsLock' : [ 0x130, ['long']],
-    'DanglingExtentsWorkItem' : [ 0x138, ['_WORK_QUEUE_ITEM']],
-    'DanglingExtentsWorkerActive' : [ 0x158, ['unsigned char']],
-    'PageFileSectionHead' : [ 0x160, ['_RTL_AVL_TREE']],
-    'PageFileSectionListSpinLock' : [ 0x168, ['long']],
-    'SharedSegmentCharges' : [ 0x170, ['_MI_CROSS_PARTITION_CHARGES']],
-    'SharedPageCombineCharges' : [ 0x198, ['_MI_CROSS_PARTITION_CHARGES']],
-    'ImageBias' : [ 0x1c0, ['unsigned long']],
-    'RelocateBitmapsLock' : [ 0x1c8, ['_EX_PUSH_LOCK']],
-    'ImageBitMap' : [ 0x1d0, ['_RTL_BITMAP']],
-    'ImageBias64Low' : [ 0x1e0, ['unsigned long']],
-    'ImageBias64High' : [ 0x1e4, ['unsigned long']],
-    'ImageBitMap64Low' : [ 0x1e8, ['_RTL_BITMAP']],
-    'ImageBitMap64High' : [ 0x1f8, ['_RTL_BITMAP']],
-    'ImageBitMapWow64Dll' : [ 0x208, ['_RTL_BITMAP']],
-    'ApiSetSection' : [ 0x218, ['pointer64', ['void']]],
-    'ApiSetSchema' : [ 0x220, ['pointer64', ['void']]],
-    'ApiSetSchemaSize' : [ 0x228, ['unsigned long long']],
-    'LostDataFiles' : [ 0x230, ['unsigned long']],
-    'LostDataPages' : [ 0x234, ['unsigned long']],
-    'ImageFailureReason' : [ 0x238, ['unsigned long']],
-    'CfgBitMapSection32' : [ 0x240, ['pointer64', ['_SECTION']]],
-    'CfgBitMapControlArea32' : [ 0x248, ['pointer64', ['_CONTROL_AREA']]],
-    'CfgBitMapSection64' : [ 0x250, ['pointer64', ['_SECTION']]],
-    'CfgBitMapControlArea64' : [ 0x258, ['pointer64', ['_CONTROL_AREA']]],
-    'ImageCfgFailure' : [ 0x260, ['unsigned long']],
-    'ImageValidationFailed' : [ 0x264, ['long']],
-} ],
-  '_MI_PARTITION_FLAGS' : [ 0x4, {
-    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-} ],
-  '__unnamed_2400' : [ 0xc, {
-    'Start' : [ 0x0, ['_LARGE_INTEGER']],
-    'Length' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_2402' : [ 0x10, {
-    'Level' : [ 0x0, ['unsigned short']],
-    'Group' : [ 0x2, ['unsigned short']],
-    'Vector' : [ 0x4, ['unsigned long']],
-    'Affinity' : [ 0x8, ['unsigned long long']],
-} ],
-  '__unnamed_2404' : [ 0x10, {
-    'Group' : [ 0x0, ['unsigned short']],
-    'MessageCount' : [ 0x2, ['unsigned short']],
-    'Vector' : [ 0x4, ['unsigned long']],
-    'Affinity' : [ 0x8, ['unsigned long long']],
-} ],
-  '__unnamed_2406' : [ 0x10, {
-    'Raw' : [ 0x0, ['__unnamed_2404']],
-    'Translated' : [ 0x0, ['__unnamed_2402']],
-} ],
-  '__unnamed_2408' : [ 0xc, {
-    'Channel' : [ 0x0, ['unsigned long']],
-    'Port' : [ 0x4, ['unsigned long']],
-    'Reserved1' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_240a' : [ 0xc, {
-    'Channel' : [ 0x0, ['unsigned long']],
-    'RequestLine' : [ 0x4, ['unsigned long']],
-    'TransferWidth' : [ 0x8, ['unsigned char']],
-    'Reserved1' : [ 0x9, ['unsigned char']],
-    'Reserved2' : [ 0xa, ['unsigned char']],
-    'Reserved3' : [ 0xb, ['unsigned char']],
-} ],
-  '__unnamed_240c' : [ 0xc, {
-    'Start' : [ 0x0, ['unsigned long']],
-    'Length' : [ 0x4, ['unsigned long']],
-    'Reserved' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_240e' : [ 0xc, {
-    'DataSize' : [ 0x0, ['unsigned long']],
-    'Reserved1' : [ 0x4, ['unsigned long']],
-    'Reserved2' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_2410' : [ 0xc, {
-    'Start' : [ 0x0, ['_LARGE_INTEGER']],
-    'Length40' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_2412' : [ 0xc, {
-    'Start' : [ 0x0, ['_LARGE_INTEGER']],
-    'Length48' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_2414' : [ 0xc, {
-    'Start' : [ 0x0, ['_LARGE_INTEGER']],
-    'Length64' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_2416' : [ 0x10, {
-    'Generic' : [ 0x0, ['__unnamed_2400']],
-    'Port' : [ 0x0, ['__unnamed_2400']],
-    'Interrupt' : [ 0x0, ['__unnamed_2402']],
-    'MessageInterrupt' : [ 0x0, ['__unnamed_2406']],
-    'Memory' : [ 0x0, ['__unnamed_2400']],
-    'Dma' : [ 0x0, ['__unnamed_2408']],
-    'DmaV3' : [ 0x0, ['__unnamed_240a']],
-    'DevicePrivate' : [ 0x0, ['__unnamed_2219']],
-    'BusNumber' : [ 0x0, ['__unnamed_240c']],
-    'DeviceSpecificData' : [ 0x0, ['__unnamed_240e']],
-    'Memory40' : [ 0x0, ['__unnamed_2410']],
-    'Memory48' : [ 0x0, ['__unnamed_2412']],
-    'Memory64' : [ 0x0, ['__unnamed_2414']],
-    'Connection' : [ 0x0, ['__unnamed_2225']],
-} ],
-  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
-    'Type' : [ 0x0, ['unsigned char']],
-    'ShareDisposition' : [ 0x1, ['unsigned char']],
-    'Flags' : [ 0x2, ['unsigned short']],
-    'u' : [ 0x4, ['__unnamed_2416']],
-} ],
-  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
-    'PaddingAmount' : [ 0x0, ['unsigned long']],
-} ],
-  '__unnamed_241e' : [ 0x4, {
-    'PhysicalAddress' : [ 0x0, ['unsigned long']],
-    'VirtualSize' : [ 0x0, ['unsigned long']],
-} ],
-  '_IMAGE_SECTION_HEADER' : [ 0x28, {
-    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
-    'Misc' : [ 0x8, ['__unnamed_241e']],
-    'VirtualAddress' : [ 0xc, ['unsigned long']],
-    'SizeOfRawData' : [ 0x10, ['unsigned long']],
-    'PointerToRawData' : [ 0x14, ['unsigned long']],
-    'PointerToRelocations' : [ 0x18, ['unsigned long']],
-    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
-    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
-    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
-    'Characteristics' : [ 0x24, ['unsigned long']],
-} ],
-  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
-    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
-    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
-    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
-    'SizeOfImage' : [ 0x10, ['unsigned long']],
-    'SizeOfTable' : [ 0x14, ['unsigned long']],
-} ],
-  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
-    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
-} ],
-  '_MM_PAGED_POOL_INFO' : [ 0x38, {
-    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
-    'PagedPoolAllocationMap' : [ 0x8, ['_RTL_BITMAP_EX']],
-    'FirstPteForPagedPool' : [ 0x18, ['pointer64', ['_MMPTE']]],
-    'MaximumSize' : [ 0x20, ['unsigned long long']],
-    'PagedPoolHint' : [ 0x28, ['unsigned long long']],
-    'AllocatedPagedPool' : [ 0x30, ['unsigned long long']],
-} ],
-  '__unnamed_2430' : [ 0x50, {
-    'CellData' : [ 0x0, ['_CELL_DATA']],
-    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
-} ],
-  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
-    'CellIndex' : [ 0x0, ['unsigned long']],
-    'Data' : [ 0x8, ['__unnamed_2430']],
-} ],
-  '_PPM_COORDINATED_SELECTION' : [ 0x18, {
-    'MaximumStates' : [ 0x0, ['unsigned long']],
-    'SelectedStates' : [ 0x4, ['unsigned long']],
-    'DefaultSelection' : [ 0x8, ['unsigned long']],
-    'Selection' : [ 0x10, ['pointer64', ['unsigned long']]],
-} ],
-  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
-    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
-} ],
-  '_MI_PAGE_COMBINING_SUPPORT' : [ 0x188, {
-    'Partition' : [ 0x0, ['pointer64', ['_MI_PARTITION']]],
-    'ArbitraryPfnMapList' : [ 0x8, ['_LIST_ENTRY']],
-    'FreeCombinePoolItem' : [ 0x18, ['_MI_COMBINE_WORKITEM']],
-    'CombiningThreadCount' : [ 0x40, ['unsigned long']],
-    'CombinePageFreeList' : [ 0x48, ['_LIST_ENTRY']],
-    'CombineFreeListLock' : [ 0x58, ['unsigned long long']],
-    'CombinePageListHeads' : [ 0x60, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
-    'PageCombineStats' : [ 0x160, ['_MI_PAGE_COMBINE_STATISTICS']],
-} ],
-  '_VF_AVL_TREE_NODE' : [ 0x10, {
-    'p' : [ 0x0, ['pointer64', ['void']]],
-    'RangeSize' : [ 0x8, ['unsigned long long']],
-} ],
-  '_POP_FX_DEVICE' : [ 0x278, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
-    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
-    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
-    'PowerReqCall' : [ 0x24, ['long']],
-    'PowerNotReqCall' : [ 0x28, ['long']],
-    'DevNode' : [ 0x30, ['pointer64', ['_DEVICE_NODE']]],
-    'DpmContext' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
-    'Plugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
-    'PluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
-    'AcpiPlugin' : [ 0x50, ['pointer64', ['_POP_FX_PLUGIN']]],
-    'AcpiPluginHandle' : [ 0x58, ['pointer64', ['PEPHANDLE__']]],
-    'DeviceObject' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
-    'TargetDevice' : [ 0x68, ['pointer64', ['_DEVICE_OBJECT']]],
-    'Callbacks' : [ 0x70, ['_POP_FX_DRIVER_CALLBACKS']],
-    'DriverContext' : [ 0xa8, ['pointer64', ['void']]],
-    'AcpiLink' : [ 0xb0, ['_LIST_ENTRY']],
-    'DeviceId' : [ 0xc0, ['_UNICODE_STRING']],
-    'RemoveLock' : [ 0xd0, ['_IO_REMOVE_LOCK']],
-    'AcpiRemoveLock' : [ 0xf0, ['_IO_REMOVE_LOCK']],
-    'WorkOrder' : [ 0x110, ['_POP_FX_WORK_ORDER']],
-    'IdleLock' : [ 0x148, ['unsigned long long']],
-    'IdleTimer' : [ 0x150, ['_KTIMER']],
-    'IdleDpc' : [ 0x190, ['_KDPC']],
-    'IdleTimeout' : [ 0x1d0, ['unsigned long long']],
-    'IdleStamp' : [ 0x1d8, ['unsigned long long']],
-    'NextIrpDeviceObject' : [ 0x1e0, ['array', 2, ['pointer64', ['_DEVICE_OBJECT']]]],
-    'NextIrpPowerState' : [ 0x1f0, ['array', 2, ['_POWER_STATE']]],
-    'NextIrpCallerCompletion' : [ 0x1f8, ['array', 2, ['pointer64', ['void']]]],
-    'NextIrpCallerContext' : [ 0x208, ['array', 2, ['pointer64', ['void']]]],
-    'IrpCompleteEvent' : [ 0x218, ['_KEVENT']],
-    'PowerOnDumpDeviceCallback' : [ 0x230, ['pointer64', ['void']]],
-    'Accounting' : [ 0x238, ['_POP_FX_ACCOUNTING']],
-    'Flags' : [ 0x268, ['unsigned long']],
-    'ComponentCount' : [ 0x26c, ['unsigned long']],
-    'Components' : [ 0x270, ['pointer64', ['pointer64', ['_POP_FX_COMPONENT']]]],
-} ],
-  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
-    'AsULong' : [ 0x0, ['unsigned long']],
-    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '__unnamed_2458' : [ 0x8, {
-    'IdleTime' : [ 0x0, ['unsigned long']],
-    'NonIdleTime' : [ 0x4, ['unsigned long']],
-} ],
-  '__unnamed_245a' : [ 0x8, {
-    'Disk' : [ 0x0, ['__unnamed_2458']],
-} ],
-  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x60, {
-    'IdleCount' : [ 0x0, ['unsigned long']],
-    'BusyCount' : [ 0x4, ['unsigned long']],
-    'BusyReference' : [ 0x8, ['unsigned long']],
-    'TotalBusyCount' : [ 0xc, ['unsigned long']],
-    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
-    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
-    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
-    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
-    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
-    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
-    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
-    'CoolingExtension' : [ 0x40, ['pointer64', ['_POP_COOLING_EXTENSION']]],
-    'Volume' : [ 0x48, ['_LIST_ENTRY']],
-    'Specific' : [ 0x58, ['__unnamed_245a']],
-} ],
-  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
-    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
-    'AllocateFromCount' : [ 0x8, ['unsigned long']],
-    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
-} ],
-  '_PROCESSOR_NUMBER' : [ 0x4, {
-    'Group' : [ 0x0, ['unsigned short']],
-    'Number' : [ 0x2, ['unsigned char']],
-    'Reserved' : [ 0x3, ['unsigned char']],
-} ],
-  '_MI_COMBINE_STATE' : [ 0x1a0, {
-    'ActiveSpinLock' : [ 0x0, ['long']],
-    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
-    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
-    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
-    'CrossPartition' : [ 0x18, ['_MI_PAGE_COMBINING_SUPPORT']],
-} ],
-  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x30, {
-    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
-    'ListHead' : [ 0x20, ['_LIST_ENTRY']],
-} ],
-  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
-    'BadPageCount' : [ 0x0, ['unsigned long long']],
-    'BadPagesDetected' : [ 0x8, ['long']],
-    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
-    'ScrubPasses' : [ 0x10, ['long']],
-    'ScrubBadPagesFound' : [ 0x14, ['long']],
-    'PageHashErrors' : [ 0x18, ['unsigned long']],
-    'FeatureBits' : [ 0x20, ['unsigned long long']],
-    'TimeZoneId' : [ 0x28, ['unsigned long']],
-    'Flags' : [ 0x2c, ['_MI_FLAGS']],
-    'VsmConnection' : [ 0x30, ['pointer64', ['void']]],
-} ],
-  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
-    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
-    'AsUCHAR' : [ 0x0, ['unsigned char']],
-} ],
-  '_FS_FILTER_CALLBACKS' : [ 0x68, {
-    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
-    'Reserved' : [ 0x4, ['unsigned long']],
-    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
-    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
-    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
-    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
-    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
-    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
-    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
-    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
-    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
-    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
-    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
-    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
-} ],
-  '_KENLISTMENT' : [ 0x1e0, {
-    'cookie' : [ 0x0, ['unsigned long']],
-    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
-    'EnlistmentId' : [ 0x30, ['_GUID']],
-    'Mutex' : [ 0x40, ['_KMUTANT']],
-    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
-    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
-    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
-    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
-    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
-    'Flags' : [ 0xac, ['unsigned long']],
-    'NotificationMask' : [ 0xb0, ['unsigned long']],
-    'Key' : [ 0xb8, ['pointer64', ['void']]],
-    'KeyRefCount' : [ 0xc0, ['unsigned long']],
-    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
-    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
-    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
-    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
-    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
-    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
-    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
-    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
-    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
-    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
-    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
-    'NextHistory' : [ 0x138, ['unsigned long']],
-    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
-} ],
-  '_ARBITER_INTERFACE' : [ 0x30, {
-    'Size' : [ 0x0, ['unsigned short']],
-    'Version' : [ 0x2, ['unsigned short']],
-    'Context' : [ 0x8, ['pointer64', ['void']]],
-    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
-    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
-    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
-    'Flags' : [ 0x28, ['unsigned long']],
-} ],
-  '_DELAY_ACK_FO' : [ 0x18, {
-    'Links' : [ 0x0, ['_LIST_ENTRY']],
-    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
-} ],
-  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
-    'Continue' : [ 0x0, ['unsigned long']],
-    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
-    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
-} ],
-  '_DEVICE_RELATIONS' : [ 0x10, {
-    'Count' : [ 0x0, ['unsigned long']],
-    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
-} ],
-  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
-    'Magic' : [ 0x0, ['unsigned short']],
-    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
-    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
-    'SizeOfCode' : [ 0x4, ['unsigned long']],
-    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
-    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
-    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
-    'BaseOfCode' : [ 0x14, ['unsigned long']],
-    'BaseOfData' : [ 0x18, ['unsigned long']],
-    'BaseOfBss' : [ 0x1c, ['unsigned long']],
-    'GprMask' : [ 0x20, ['unsigned long']],
-    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
-    'GpValue' : [ 0x34, ['unsigned long']],
-} ],
-  '_MI_CROSS_PARTITION_CHARGES' : [ 0x28, {
-    'CurrentCharges' : [ 0x0, ['unsigned long long']],
-    'ChargeFailures' : [ 0x8, ['unsigned long long']],
-    'ChargePeak' : [ 0x10, ['unsigned long long']],
-    'ChargeMinimum' : [ 0x18, ['unsigned long long']],
-    'ChargeMaximum' : [ 0x20, ['unsigned long long']],
-} ],
-  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x38, {
-    'BugCheckCode' : [ 0x0, ['unsigned long']],
-    'Active' : [ 0x4, ['long']],
-    'Data' : [ 0x8, ['unsigned long']],
-    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
-    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
-} ],
-  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
-    'StartMagic' : [ 0x0, ['unsigned long long']],
-    'TotalSize' : [ 0x8, ['unsigned long']],
-    'ListOffset' : [ 0xc, ['unsigned long']],
-    'ListSize' : [ 0x10, ['unsigned long']],
-    'BitmapOffset' : [ 0x14, ['unsigned long']],
-    'BitmapSize' : [ 0x18, ['unsigned long']],
-    'DataOffset' : [ 0x1c, ['unsigned long']],
-    'DataSize' : [ 0x20, ['unsigned long']],
-    'AttributeFlags' : [ 0x24, ['unsigned long']],
-    'AttributeSize' : [ 0x28, ['unsigned long']],
-    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
-    'LastMessageId' : [ 0x48, ['unsigned long']],
-    'LastCallbackId' : [ 0x4c, ['unsigned long']],
-    'PostCount' : [ 0x80, ['unsigned long']],
-    'ReturnCount' : [ 0xc0, ['unsigned long']],
-    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
-    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
-    'EndMagic' : [ 0x148, ['unsigned long long']],
-} ],
-  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
-    'Characteristics' : [ 0x0, ['unsigned long']],
-    'TimeDateStamp' : [ 0x4, ['unsigned long']],
-    'MajorVersion' : [ 0x8, ['unsigned short']],
-    'MinorVersion' : [ 0xa, ['unsigned short']],
-    'Type' : [ 0xc, ['unsigned long']],
-    'SizeOfData' : [ 0x10, ['unsigned long']],
-    'AddressOfRawData' : [ 0x14, ['unsigned long']],
-    'PointerToRawData' : [ 0x18, ['unsigned long']],
-} ],
-  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
-    'Type' : [ 0x0, ['unsigned short']],
-    'Enabled' : [ 0x2, ['unsigned char']],
-    'Reserved' : [ 0x3, ['unsigned char']],
-    'BusNumber' : [ 0x4, ['unsigned long']],
-    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
-    'DeviceControl' : [ 0xc, ['unsigned short']],
-    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
-    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
-    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
-    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
-    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
-} ],
-  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
-    'ExpansionLock' : [ 0x0, ['unsigned long long']],
-    'TrimInProgressCount' : [ 0x8, ['long']],
-    'PeriodicWorkingSetEvent' : [ 0x10, ['_KEVENT']],
-    'TrimAllPageFaultCount' : [ 0x28, ['array', 3, ['unsigned long']]],
-} ],
-  '_ETW_WMITRACE_WORK' : [ 0xf0, {
-    'LoggerId' : [ 0x0, ['unsigned long']],
-    'SpareUlong' : [ 0x4, ['unsigned long']],
-    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
-    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
-    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
-    'MinBuffers' : [ 0xd0, ['unsigned long']],
-    'MaxBuffers' : [ 0xd4, ['unsigned long']],
-    'BufferSize' : [ 0xd8, ['unsigned long']],
-    'Mode' : [ 0xdc, ['unsigned long']],
-    'FlushTimer' : [ 0xe0, ['unsigned long']],
-    'MatchAny' : [ 0x8, ['unsigned long long']],
-    'MatchAll' : [ 0x10, ['unsigned long long']],
-    'EnableProperty' : [ 0x18, ['unsigned long']],
-    'Guid' : [ 0x1c, ['_GUID']],
-    'Level' : [ 0x2c, ['unsigned char']],
-    'Status' : [ 0xe8, ['long']],
-} ],
-  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
-    'NativeSum' : [ 0x0, ['unsigned long long']],
-    'CachedSum' : [ 0x8, ['unsigned long long']],
-} ],
-  '_CHILD_LIST' : [ 0x8, {
-    'Count' : [ 0x0, ['unsigned long']],
-    'List' : [ 0x4, ['unsigned long']],
-} ],
-  '_IO_RESOURCE_LIST' : [ 0x28, {
-    'Version' : [ 0x0, ['unsigned short']],
-    'Revision' : [ 0x2, ['unsigned short']],
-    'Count' : [ 0x4, ['unsigned long']],
-    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
-} ],
-  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
-    'Continue' : [ 0x0, ['unsigned long']],
-    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
-    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
-} ],
-  '_MI_RESAVAIL_TRACKER' : [ 0x380, {
-    'AllocateKernelStack' : [ 0x0, ['unsigned long long']],
-    'AllocateGrowKernelStack' : [ 0x8, ['unsigned long long']],
-    'FreeKernelStack' : [ 0x10, ['unsigned long long']],
-    'FreeKernelStackError' : [ 0x18, ['unsigned long long']],
-    'FreeGrowKernelStackError' : [ 0x20, ['unsigned long long']],
-    'AllocateCreateProcess' : [ 0x28, ['unsigned long long']],
-    'FreeCreateProcessError' : [ 0x30, ['unsigned long long']],
-    'FreeDeleteProcess' : [ 0x38, ['unsigned long long']],
-    'FreeCleanProcess' : [ 0x40, ['unsigned long long']],
-    'FreeCleanProcessError' : [ 0x48, ['unsigned long long']],
-    'AllocateAddProcessWsMetaPage' : [ 0x50, ['unsigned long long']],
-    'AllocateWsIncrease' : [ 0x58, ['unsigned long long']],
-    'FreeWsIncreaseError' : [ 0x60, ['unsigned long long']],
-    'FreeWsIncreaseErrorMax' : [ 0x68, ['unsigned long long']],
-    'FreeWsDecrease' : [ 0x70, ['unsigned long long']],
-    'AllocateWorkingSetPage' : [ 0x78, ['unsigned long long']],
-    'FreeWorkingSetPageError' : [ 0x80, ['unsigned long long']],
-    'FreeDeletePteRange' : [ 0x88, ['unsigned long long']],
-    'AllocatePageTablesForProcessMetadata' : [ 0x90, ['unsigned long long']],
-    'FreePageTablesForProcessMetadataError2' : [ 0x98, ['unsigned long long']],
-    'AllocatePageTablesForSystem' : [ 0xa0, ['unsigned long long']],
-    'FreePageTablesExcess' : [ 0xa8, ['unsigned long long']],
-    'FreeSystemVaPageTables' : [ 0xb0, ['unsigned long long']],
-    'FreeSessionVaPageTables' : [ 0xb8, ['unsigned long long']],
-    'AllocateCreateSession' : [ 0xc0, ['unsigned long long']],
-    'FreeSessionWsDereference' : [ 0xc8, ['unsigned long long']],
-    'FreeSessionDereference' : [ 0xd0, ['unsigned long long']],
-    'AllocateLockedSessionImage' : [ 0xd8, ['unsigned long long']],
-    'FreeLockedSessionImage' : [ 0xe0, ['unsigned long long']],
-    'FreeSessionImageConversion' : [ 0xe8, ['unsigned long long']],
-    'AllocateWsAdjustPageTable' : [ 0xf0, ['unsigned long long']],
-    'FreeWsAdjustPageTable' : [ 0xf8, ['unsigned long long']],
-    'FreeWsAdjustPageTableError' : [ 0x100, ['unsigned long long']],
-    'AllocateNoLowMemory' : [ 0x108, ['unsigned long long']],
-    'AllocatePagedPoolLockedDown' : [ 0x110, ['unsigned long long']],
-    'FreePagedPoolLockedDown' : [ 0x118, ['unsigned long long']],
-    'AllocateSystemBitmaps' : [ 0x120, ['unsigned long long']],
-    'FreeSystemBitmapsError' : [ 0x128, ['unsigned long long']],
-    'AllocateForMdl' : [ 0x130, ['unsigned long long']],
-    'FreeFromMdl' : [ 0x138, ['unsigned long long']],
-    'AllocateForMdlPartition' : [ 0x140, ['unsigned long long']],
-    'FreeFromMdlPartition' : [ 0x148, ['unsigned long long']],
-    'FreeMdlExcess' : [ 0x150, ['unsigned long long']],
-    'AllocateExpansionNonPagedPool' : [ 0x158, ['unsigned long long']],
-    'FreeExpansionNonPagedPool' : [ 0x160, ['unsigned long long']],
-    'AllocateVad' : [ 0x168, ['unsigned long long']],
-    'RemoveVad' : [ 0x170, ['unsigned long long']],
-    'FreeVad' : [ 0x178, ['unsigned long long']],
-    'AllocateContiguous' : [ 0x180, ['unsigned long long']],
-    'FreeContiguousPages' : [ 0x188, ['unsigned long long']],
-    'FreeContiguousError' : [ 0x190, ['unsigned long long']],
-    'FreeLargePageMemory' : [ 0x198, ['unsigned long long']],
-    'AllocateSystemWsles' : [ 0x1a0, ['unsigned long long']],
-    'FreeSystemWsles' : [ 0x1a8, ['unsigned long long']],
-    'AllocateSystemInitWs' : [ 0x1b0, ['unsigned long long']],
-    'AllocateSessionInitWs' : [ 0x1b8, ['unsigned long long']],
-    'FreeSessionInitWsError' : [ 0x1c0, ['unsigned long long']],
-    'AllocateSystemImage' : [ 0x1c8, ['unsigned long long']],
-    'AllocateSystemImageLoad' : [ 0x1d0, ['unsigned long long']],
-    'AllocateSessionSharedImage' : [ 0x1d8, ['unsigned long long']],
-    'FreeSystemImageInitCode' : [ 0x1e0, ['unsigned long long']],
-    'FreeSystemImageLargePageConversion' : [ 0x1e8, ['unsigned long long']],
-    'FreeSystemImageError' : [ 0x1f0, ['unsigned long long']],
-    'FreeSystemImageLoadExcess' : [ 0x1f8, ['unsigned long long']],
-    'FreeUnloadSystemImage' : [ 0x200, ['unsigned long long']],
-    'FreeReloadBootImageLarge' : [ 0x208, ['unsigned long long']],
-    'FreeIndependent' : [ 0x210, ['unsigned long long']],
-    'AllocateHotRemove' : [ 0x218, ['unsigned long long']],
-    'FreeHotAdd' : [ 0x220, ['unsigned long long']],
-    'AllocateBoot' : [ 0x228, ['unsigned long long']],
-    'FreeLoaderBlock' : [ 0x230, ['unsigned long long']],
-    'AllocateNonPagedSpecialPool' : [ 0x238, ['unsigned long long']],
-    'FreeNonPagedSpecialPoolError' : [ 0x240, ['unsigned long long']],
-    'FreeNonPagedSpecialPool' : [ 0x248, ['unsigned long long']],
-    'AllocateSharedSegmentPage' : [ 0x250, ['unsigned long long']],
-    'FreeSharedSegmentPage' : [ 0x258, ['unsigned long long']],
-    'AllocateZeroPage' : [ 0x260, ['unsigned long long']],
-    'FreeZeroPage' : [ 0x268, ['unsigned long long']],
-    'AllocateForPo' : [ 0x270, ['unsigned long long']],
-    'AllocateForPoForce' : [ 0x278, ['unsigned long long']],
-    'FreeForPo' : [ 0x280, ['unsigned long long']],
-    'AllocateThreadHardFaultBehavior' : [ 0x288, ['unsigned long long']],
-    'FreeThreadHardFaultBehavior' : [ 0x290, ['unsigned long long']],
-    'ObtainFaultCharges' : [ 0x298, ['unsigned long long']],
-    'FreeFaultCharges' : [ 0x2a0, ['unsigned long long']],
-    'AllocateStoreCharges' : [ 0x2a8, ['unsigned long long']],
-    'FreeStoreCharges' : [ 0x2b0, ['unsigned long long']],
-    'ObtainLockedPageCharge' : [ 0x2c0, ['unsigned long long']],
-    'FreeLockedPageCharge' : [ 0x300, ['unsigned long long']],
-    'AllocateStore' : [ 0x308, ['unsigned long long']],
-    'FreeStore' : [ 0x310, ['unsigned long long']],
-    'AllocateSystemImageProtos' : [ 0x318, ['unsigned long long']],
-    'FreeSystemImageProtos' : [ 0x320, ['unsigned long long']],
-    'AllocateModWriterCharge' : [ 0x328, ['unsigned long long']],
-    'FreeModWriterCharge' : [ 0x330, ['unsigned long long']],
-    'AllocateMappedWriterCharge' : [ 0x338, ['unsigned long long']],
-    'FreeMappedWriterCharge' : [ 0x340, ['unsigned long long']],
-    'AllocateRegistryCharges' : [ 0x348, ['unsigned long long']],
-    'FreeRegistryCharges' : [ 0x350, ['unsigned long long']],
-} ],
-  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
-    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
-    'AsULONG' : [ 0x0, ['unsigned long']],
-} ],
-  '_XSAVE_AREA_HEADER' : [ 0x40, {
-    'Mask' : [ 0x0, ['unsigned long long']],
-    'CompactionMask' : [ 0x8, ['unsigned long long']],
-    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
-} ],
-  '_RTL_CRITICAL_SECTION' : [ 0x28, {
-    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
-    'LockCount' : [ 0x8, ['long']],
-    'RecursionCount' : [ 0xc, ['long']],
-    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
-    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
-    'SpinCount' : [ 0x20, ['unsigned long long']],
-} ],
-  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x40, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
-    'Context' : [ 0x18, ['pointer64', ['void']]],
-    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
-    'IrpPended' : [ 0x24, ['unsigned long']],
-    'Status' : [ 0x28, ['long']],
-    'Information' : [ 0x30, ['pointer64', ['void']]],
-    'ReferenceCount' : [ 0x38, ['long']],
-} ],
-  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x10, {
-    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
-    'Lock' : [ 0x8, ['long']],
-} ],
-  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
-    'NumberOfRuns' : [ 0x0, ['unsigned long']],
-    'NumberOfPages' : [ 0x8, ['unsigned long long']],
-    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
-} ],
-  '_KTSS64' : [ 0x68, {
-    'Reserved0' : [ 0x0, ['unsigned long']],
-    'Rsp0' : [ 0x4, ['unsigned long long']],
-    'Rsp1' : [ 0xc, ['unsigned long long']],
-    'Rsp2' : [ 0x14, ['unsigned long long']],
-    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
-    'Reserved1' : [ 0x5c, ['unsigned long long']],
-    'Reserved2' : [ 0x64, ['unsigned short']],
-    'IoMapBase' : [ 0x66, ['unsigned short']],
-} ],
-  '__unnamed_24ce' : [ 0x8, {
-    'Start' : [ 0x0, ['unsigned long']],
-    'Length' : [ 0x4, ['unsigned long']],
-} ],
-  '__unnamed_24d0' : [ 0x8, {
-    'RangeCount' : [ 0x0, ['unsigned long']],
-    'SetBitCount' : [ 0x4, ['unsigned long']],
-} ],
-  '__unnamed_24d2' : [ 0x8, {
-    'Context1' : [ 0x0, ['unsigned long']],
-    'Context2' : [ 0x4, ['unsigned long']],
-} ],
-  '__unnamed_24d4' : [ 0x8, {
-    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_24ce']],
-    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_24d0']],
-    'Raw' : [ 0x0, ['__unnamed_24d2']],
-} ],
-  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x48, {
-    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
-    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DirtyVectorModified', 1: 'DirtyDataCaptureStart', 2: 'DirtyDataCaptureEnd'})]],
-    'Data' : [ 0xc, ['__unnamed_24d4']],
-    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
-} ],
-  '_MI_SYSTEM_NODE_INFORMATION' : [ 0x1a0, {
-    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
-    'NonPagedPoolSListHead' : [ 0x10, ['array', 3, ['_SLIST_HEADER']]],
-    'NonPagedPoolSListHeadNx' : [ 0x40, ['array', 3, ['_SLIST_HEADER']]],
-    'CachedKernelStacks' : [ 0x70, ['array', 2, ['_CACHED_KSTACK_LIST']]],
-    'NonPagedBitMapMaximum' : [ 0xb0, ['unsigned long long']],
-    'DynamicBitMapNonPagedPool' : [ 0xb8, ['_MI_DYNAMIC_BITMAP']],
-    'NonPagedPoolLowestPage' : [ 0x108, ['unsigned long long']],
-    'NonPagedPoolHighestPage' : [ 0x110, ['unsigned long long']],
-    'AllocatedNonPagedPool' : [ 0x118, ['unsigned long long']],
-    'PartialLargePoolRegions' : [ 0x120, ['unsigned long long']],
-    'PagesInPartialLargePoolRegions' : [ 0x128, ['unsigned long long']],
-    'CachedNonPagedPoolCount' : [ 0x130, ['unsigned long long']],
-    'NonPagedPoolSpinLock' : [ 0x138, ['unsigned long long']],
-    'CachedNonPagedPool' : [ 0x140, ['pointer64', ['_MMPFN']]],
-    'NonPagedPoolFirstVa' : [ 0x148, ['pointer64', ['void']]],
-    'NonPagedPoolLastVa' : [ 0x150, ['pointer64', ['void']]],
-    'NonPagedBitMap' : [ 0x158, ['array', 3, ['_RTL_BITMAP_EX']]],
-    'NonPagedHint' : [ 0x188, ['array', 2, ['unsigned long long']]],
-} ],
-  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
-    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
-    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
-    'LockState' : [ 0x0, ['pointer64', ['void']]],
-    'SessionState' : [ 0x8, ['pointer64', ['void']]],
-    'SessionId' : [ 0x8, ['unsigned long']],
-    'SessionPad' : [ 0xc, ['unsigned long']],
-} ],
-  '__unnamed_24e4' : [ 0x4, {
-    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
-    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
-    'Long' : [ 0x0, ['long']],
-} ],
-  '_MI_PARTITION_STORES' : [ 0x80, {
-    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_24e4']],
-    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
-    'Registered' : [ 0x8, ['unsigned long']],
-    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
-    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
-    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
-    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
-    'EvictionThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
-    'EvictEvent' : [ 0x28, ['_KEVENT']],
-    'EvictFlushCompleteEvent' : [ 0x40, ['_KEVENT']],
-    'WriteSupportSListHead' : [ 0x60, ['_SLIST_HEADER']],
-    'EvictFlushLock' : [ 0x70, ['long']],
-    'ModifiedWriteFailedBitmap' : [ 0x78, ['pointer64', ['_RTL_BITMAP']]],
-} ],
-  '_EVENT_FILTER_HEADER' : [ 0x18, {
-    'Id' : [ 0x0, ['unsigned short']],
-    'Version' : [ 0x2, ['unsigned char']],
-    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
-    'InstanceId' : [ 0x8, ['unsigned long long']],
-    'Size' : [ 0x10, ['unsigned long']],
-    'NextOffset' : [ 0x14, ['unsigned long']],
-} ],
-  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
-    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
-    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'NumberOfChannels' : [ 0x10, ['unsigned long']],
-    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
-    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
-    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
-    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
-    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
-    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
-    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
-} ],
-  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
-    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
-    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
-    'ConvKey' : [ 0x8, ['unsigned long']],
-    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
-    'NameLength' : [ 0x18, ['unsigned short']],
-    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
-} ],
-  '_u' : [ 0x50, {
-    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
-    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
-    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
-    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
-    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
-    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
-    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
-} ],
-  '_HBASE_BLOCK' : [ 0x1000, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'Sequence1' : [ 0x4, ['unsigned long']],
-    'Sequence2' : [ 0x8, ['unsigned long']],
-    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
-    'Major' : [ 0x14, ['unsigned long']],
-    'Minor' : [ 0x18, ['unsigned long']],
-    'Type' : [ 0x1c, ['unsigned long']],
-    'Format' : [ 0x20, ['unsigned long']],
-    'RootCell' : [ 0x24, ['unsigned long']],
-    'Length' : [ 0x28, ['unsigned long']],
-    'Cluster' : [ 0x2c, ['unsigned long']],
-    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
-    'RmId' : [ 0x70, ['_GUID']],
-    'LogId' : [ 0x80, ['_GUID']],
-    'Flags' : [ 0x90, ['unsigned long']],
-    'TmId' : [ 0x94, ['_GUID']],
-    'GuidSignature' : [ 0xa4, ['unsigned long']],
-    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
-    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
-    'CheckSum' : [ 0x1fc, ['unsigned long']],
-    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
-    'ThawTmId' : [ 0xfc8, ['_GUID']],
-    'ThawRmId' : [ 0xfd8, ['_GUID']],
-    'ThawLogId' : [ 0xfe8, ['_GUID']],
-    'BootType' : [ 0xff8, ['unsigned long']],
-    'BootRecover' : [ 0xffc, ['unsigned long']],
-} ],
-  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
-    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
-    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-    'Depth' : [ 0x10, ['unsigned short']],
-    'MaximumDepth' : [ 0x12, ['unsigned short']],
-    'TotalAllocates' : [ 0x14, ['unsigned long']],
-    'AllocateMisses' : [ 0x18, ['unsigned long']],
-    'AllocateHits' : [ 0x18, ['unsigned long']],
-    'TotalFrees' : [ 0x1c, ['unsigned long']],
-    'FreeMisses' : [ 0x20, ['unsigned long']],
-    'FreeHits' : [ 0x20, ['unsigned long']],
-    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
-    'Tag' : [ 0x28, ['unsigned long']],
-    'Size' : [ 0x2c, ['unsigned long']],
-    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
-    'Allocate' : [ 0x30, ['pointer64', ['void']]],
-    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
-    'Free' : [ 0x38, ['pointer64', ['void']]],
-    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
-    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
-    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
-    'LastAllocateHits' : [ 0x54, ['unsigned long']],
-    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
-} ],
-  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
-    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
-    'Signature' : [ 0x10, ['unsigned long long']],
-} ],
-  '_MI_SUB64K_FREE_RANGES' : [ 0x30, {
-    'BitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
-    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
-    'Vad' : [ 0x20, ['pointer64', ['_MMVAD_SHORT']]],
-    'SubListIndex' : [ 0x28, ['unsigned short']],
-    'Hint' : [ 0x2a, ['unsigned short']],
-    'SetBits' : [ 0x2c, ['unsigned long']],
-} ],
-  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
-    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
-    'LoggerId' : [ 0x8, ['unsigned short']],
-    'Level' : [ 0xa, ['unsigned char']],
-    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
-} ],
-  '_M128A' : [ 0x10, {
-    'Low' : [ 0x0, ['unsigned long long']],
-    'High' : [ 0x8, ['long long']],
-} ],
-  '_HEAP_LOOKASIDE' : [ 0x40, {
-    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
-    'Depth' : [ 0x10, ['unsigned short']],
-    'MaximumDepth' : [ 0x12, ['unsigned short']],
-    'TotalAllocates' : [ 0x14, ['unsigned long']],
-    'AllocateMisses' : [ 0x18, ['unsigned long']],
-    'TotalFrees' : [ 0x1c, ['unsigned long']],
-    'FreeMisses' : [ 0x20, ['unsigned long']],
-    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
-    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
-    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
-} ],
-  '_KTIMER' : [ 0x40, {
-    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
-    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
-    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
-    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
-    'Processor' : [ 0x38, ['unsigned long']],
-    'Period' : [ 0x3c, ['unsigned long']],
-} ],
-  '_RTL_ATOM_TABLE' : [ 0x28, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'ReferenceCount' : [ 0x4, ['long']],
-    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
-    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
-    'Flags' : [ 0x18, ['unsigned long']],
-    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
-    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
-} ],
-  '__unnamed_2522' : [ 0x18, {
-    'RequestedTime' : [ 0x0, ['unsigned long long']],
-    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
-    'TimerInfo' : [ 0x10, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
-} ],
-  '_POP_POWER_ACTION' : [ 0x110, {
-    'Updates' : [ 0x0, ['unsigned char']],
-    'State' : [ 0x1, ['unsigned char']],
-    'Shutdown' : [ 0x2, ['unsigned char']],
-    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
-    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'Flags' : [ 0xc, ['unsigned long']],
-    'Status' : [ 0x10, ['long']],
-    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
-    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
-    'IrpMinor' : [ 0x1c, ['unsigned char']],
-    'Waking' : [ 0x1d, ['unsigned char']],
-    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
-    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
-    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
-    'WakeTime' : [ 0x48, ['unsigned long long']],
-    'SleepTime' : [ 0x50, ['unsigned long long']],
-    'WakeFirstUnattendedTime' : [ 0x58, ['unsigned long long']],
-    'WakeAlarmSignaled' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
-    'WakeAlarm' : [ 0x68, ['array', 3, ['__unnamed_2522']]],
-    'WakeAlarmPaused' : [ 0xb0, ['unsigned char']],
-    'WakeAlarmLastTime' : [ 0xb8, ['unsigned long long']],
-    'FilteredCapabilities' : [ 0xc0, ['SYSTEM_POWER_CAPABILITIES']],
-} ],
-  '_CM_KEY_VALUE' : [ 0x18, {
-    'Signature' : [ 0x0, ['unsigned short']],
-    'NameLength' : [ 0x2, ['unsigned short']],
-    'DataLength' : [ 0x4, ['unsigned long']],
-    'Data' : [ 0x8, ['unsigned long']],
-    'Type' : [ 0xc, ['unsigned long']],
-    'Flags' : [ 0x10, ['unsigned short']],
-    'Spare' : [ 0x12, ['unsigned short']],
-    'Name' : [ 0x14, ['array', 1, ['wchar']]],
-} ],
-  '_CM_KEY_HASH' : [ 0x20, {
-    'ConvKey' : [ 0x0, ['unsigned long']],
-    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
-    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
-    'KeyCell' : [ 0x18, ['unsigned long']],
-} ],
-  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
-    'Type' : [ 0x0, ['unsigned short']],
-    'Enabled' : [ 0x2, ['unsigned char']],
-    'Reserved' : [ 0x3, ['unsigned char']],
-} ],
-  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
-    'ProcessorIndex' : [ 0x0, ['unsigned long']],
-    'ExpectedState' : [ 0x4, ['unsigned char']],
-    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
-    'LooseDependency' : [ 0x6, ['unsigned char']],
-} ],
-  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
-    'TraceFlag' : [ 0x0, ['unsigned long']],
-    'Dr7' : [ 0x4, ['unsigned long long']],
-    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
-    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
-} ],
-  '_KAPC_STATE' : [ 0x30, {
-    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
-    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
-    'InProgressFlags' : [ 0x28, ['unsigned char']],
-    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'KernelApcPending' : [ 0x29, ['unsigned char']],
-    'UserApcPending' : [ 0x2a, ['unsigned char']],
-} ],
-  '_PO_DEVICE_NOTIFY' : [ 0x68, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
-    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
-    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
-    'OrderLevel' : [ 0x38, ['unsigned char']],
-    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
-    'DeviceName' : [ 0x48, ['pointer64', ['unsigned short']]],
-    'DriverName' : [ 0x50, ['pointer64', ['unsigned short']]],
-    'ChildCount' : [ 0x58, ['unsigned long']],
-    'ActiveChild' : [ 0x5c, ['unsigned long']],
-    'ParentCount' : [ 0x60, ['unsigned long']],
-    'ActiveParent' : [ 0x64, ['unsigned long']],
-} ],
-  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
-    'Cell' : [ 0x0, ['unsigned long']],
-    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
-} ],
-  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
-    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
-    'Operation' : [ 0x4, ['unsigned char']],
-    'Reserved' : [ 0x5, ['unsigned char']],
-    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
-    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
-    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
-} ],
-  '_GDI_TEB_BATCH32' : [ 0x4e0, {
-    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
-    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'HDC' : [ 0x4, ['unsigned long']],
-    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
-} ],
-  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
-    'Type' : [ 0x0, ['unsigned short']],
-    'Enabled' : [ 0x2, ['unsigned char']],
-    'Reserved' : [ 0x3, ['unsigned char']],
-    'BusNumber' : [ 0x4, ['unsigned long']],
-    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
-    'DeviceControl' : [ 0xc, ['unsigned short']],
-    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
-    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
-    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
-    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
-    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
-    'RootErrorCommand' : [ 0x20, ['unsigned long']],
-} ],
-  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e0, {
-    'TotalTime' : [ 0x0, ['unsigned long long']],
-    'CancelCount' : [ 0x8, ['unsigned long']],
-    'FailureCount' : [ 0xc, ['unsigned long']],
-    'SuccessCount' : [ 0x10, ['unsigned long']],
-    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
-    'MinTime' : [ 0x18, ['unsigned long long']],
-    'MaxTime' : [ 0x20, ['unsigned long long']],
-    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
-    'IdleTimeBuckets' : [ 0xa0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
-} ],
-  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
-    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
-    'Value' : [ 0x0, ['unsigned long long']],
-    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
-    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
-    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_KENLISTMENT_HISTORY' : [ 0x8, {
-    'Notification' : [ 0x0, ['unsigned long']],
-    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
-} ],
-  '_FAST_IO_DISPATCH' : [ 0xe0, {
-    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
-    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
-    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
-    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
-    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
-    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
-    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
-    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
-    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
-    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
-    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
-    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
-    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
-    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
-    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
-    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
-    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
-    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
-    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
-    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
-    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
-    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
-    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
-    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
-    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
-    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
-    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
-    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
-} ],
-  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
-    'SelectedState' : [ 0x0, ['unsigned long']],
-    'VetoedStates' : [ 0x4, ['unsigned long']],
-    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
-} ],
-  '_KIDTENTRY64' : [ 0x10, {
-    'OffsetLow' : [ 0x0, ['unsigned short']],
-    'Selector' : [ 0x2, ['unsigned short']],
-    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
-    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
-    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
-    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
-    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
-    'OffsetMiddle' : [ 0x6, ['unsigned short']],
-    'OffsetHigh' : [ 0x8, ['unsigned long']],
-    'Reserved1' : [ 0xc, ['unsigned long']],
-    'Alignment' : [ 0x0, ['unsigned long long']],
-} ],
-  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
-    'OldCell' : [ 0x0, ['unsigned long']],
-    'NewCell' : [ 0x4, ['unsigned long']],
-} ],
-  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
-    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
-    'ResourceType' : [ 0x10, ['unsigned char']],
-    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
-    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
-    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
-    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
-    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
-    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
-    'State' : [ 0x68, ['unsigned char']],
-    'ResourcesChanged' : [ 0x69, ['unsigned char']],
-} ],
-  '_SECURITY_DESCRIPTOR' : [ 0x28, {
-    'Revision' : [ 0x0, ['unsigned char']],
-    'Sbz1' : [ 0x1, ['unsigned char']],
-    'Control' : [ 0x2, ['unsigned short']],
-    'Owner' : [ 0x8, ['pointer64', ['void']]],
-    'Group' : [ 0x10, ['pointer64', ['void']]],
-    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
-    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
-} ],
-  '_MODWRITER_FLAGS' : [ 0x4, {
-    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
-    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-} ],
-  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
-    'Flink' : [ 0x0, ['_MMPTE']],
-    'Blink' : [ 0x8, ['_MMPTE']],
-    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
-} ],
-  '_PPM_SELECTION_MENU_ENTRY' : [ 0x18, {
-    'StrictDependency' : [ 0x0, ['unsigned char']],
-    'InitiatingState' : [ 0x1, ['unsigned char']],
-    'DependentState' : [ 0x2, ['unsigned char']],
-    'StateIndex' : [ 0x4, ['unsigned long']],
-    'Dependencies' : [ 0x8, ['unsigned long']],
-    'DependencyList' : [ 0x10, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
-} ],
-  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x28, {
-    'RefCount' : [ 0x0, ['unsigned long']],
-    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
-    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
-    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
-    'EvictedBitmap' : [ 0x18, ['_RTL_BITMAP']],
-} ],
-  '_KQUEUE' : [ 0x40, {
-    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
-    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
-    'CurrentCount' : [ 0x28, ['unsigned long']],
-    'MaximumCount' : [ 0x2c, ['unsigned long']],
-    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
-} ],
-  '_MI_COMBINE_WORKITEM' : [ 0x28, {
-    'NextEntry' : [ 0x0, ['pointer64', ['void']]],
-    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
-} ],
-  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x410, {
-    'MaximumLength' : [ 0x0, ['unsigned long']],
-    'Length' : [ 0x4, ['unsigned long']],
-    'Flags' : [ 0x8, ['unsigned long']],
-    'DebugFlags' : [ 0xc, ['unsigned long']],
-    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
-    'ConsoleFlags' : [ 0x18, ['unsigned long']],
-    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
-    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
-    'StandardError' : [ 0x30, ['pointer64', ['void']]],
-    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
-    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
-    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
-    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
-    'Environment' : [ 0x80, ['pointer64', ['void']]],
-    'StartingX' : [ 0x88, ['unsigned long']],
-    'StartingY' : [ 0x8c, ['unsigned long']],
-    'CountX' : [ 0x90, ['unsigned long']],
-    'CountY' : [ 0x94, ['unsigned long']],
-    'CountCharsX' : [ 0x98, ['unsigned long']],
-    'CountCharsY' : [ 0x9c, ['unsigned long']],
-    'FillAttribute' : [ 0xa0, ['unsigned long']],
-    'WindowFlags' : [ 0xa4, ['unsigned long']],
-    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
-    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
-    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
-    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
-    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
-    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
-    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
-    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
-    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
-    'ProcessGroupId' : [ 0x408, ['unsigned long']],
-    'LoaderThreads' : [ 0x40c, ['unsigned long']],
-} ],
-  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
-    'BasePage' : [ 0x0, ['unsigned long long']],
-    'PageCount' : [ 0x8, ['unsigned long long']],
-} ],
-  '_RTL_SRWLOCK' : [ 0x8, {
-    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
-    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
-    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
-    'Value' : [ 0x0, ['unsigned long long']],
-    'Ptr' : [ 0x0, ['pointer64', ['void']]],
-} ],
-  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
-    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
-    'Expired' : [ 0x20, ['unsigned char']],
-} ],
-  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
-    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
-    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
-    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
-    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '_PROC_PERF_LOAD' : [ 0x2, {
-    'BusyPercentage' : [ 0x0, ['unsigned char']],
-    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
-} ],
-  '_RTL_RANGE' : [ 0x28, {
-    'Start' : [ 0x0, ['unsigned long long']],
-    'End' : [ 0x8, ['unsigned long long']],
-    'UserData' : [ 0x10, ['pointer64', ['void']]],
-    'Owner' : [ 0x18, ['pointer64', ['void']]],
-    'Attributes' : [ 0x20, ['unsigned char']],
-    'Flags' : [ 0x21, ['unsigned char']],
-} ],
-  '_LOCK_HEADER' : [ 0x20, {
-    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
-    'Count' : [ 0x8, ['unsigned long long']],
-    'Lock' : [ 0x10, ['unsigned long long']],
-    'Valid' : [ 0x18, ['unsigned long']],
-} ],
-  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
-    'Type' : [ 0x0, ['unsigned short']],
-    'Enabled' : [ 0x2, ['unsigned char']],
-    'Reserved' : [ 0x3, ['unsigned char']],
-} ],
-  '_MMSECTION_FLAGS2' : [ 0x4, {
-    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
-    'NumberOfChildViews' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_KSPECIAL_REGISTERS' : [ 0xe0, {
-    'Cr0' : [ 0x0, ['unsigned long long']],
-    'Cr2' : [ 0x8, ['unsigned long long']],
-    'Cr3' : [ 0x10, ['unsigned long long']],
-    'Cr4' : [ 0x18, ['unsigned long long']],
-    'KernelDr0' : [ 0x20, ['unsigned long long']],
-    'KernelDr1' : [ 0x28, ['unsigned long long']],
-    'KernelDr2' : [ 0x30, ['unsigned long long']],
-    'KernelDr3' : [ 0x38, ['unsigned long long']],
-    'KernelDr6' : [ 0x40, ['unsigned long long']],
-    'KernelDr7' : [ 0x48, ['unsigned long long']],
-    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
-    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
-    'Tr' : [ 0x70, ['unsigned short']],
-    'Ldtr' : [ 0x72, ['unsigned short']],
-    'MxCsr' : [ 0x74, ['unsigned long']],
-    'DebugControl' : [ 0x78, ['unsigned long long']],
-    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
-    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
-    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
-    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
-    'Cr8' : [ 0xa0, ['unsigned long long']],
-    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
-    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
-    'MsrStar' : [ 0xb8, ['unsigned long long']],
-    'MsrLStar' : [ 0xc0, ['unsigned long long']],
-    'MsrCStar' : [ 0xc8, ['unsigned long long']],
-    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
-    'Xcr0' : [ 0xd8, ['unsigned long long']],
-} ],
-  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
-    'Revision' : [ 0x0, ['unsigned long']],
-    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
-    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
-    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
-    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'Reserved' : [ 0x2c, ['unsigned long']],
-    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
-    'IdleTimeout' : [ 0x3c, ['unsigned long']],
-    'IdleSensitivity' : [ 0x40, ['unsigned char']],
-    'DynamicThrottle' : [ 0x41, ['unsigned char']],
-    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
-    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'WinLogonFlags' : [ 0x50, ['unsigned long']],
-    'Spare3' : [ 0x54, ['unsigned long']],
-    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
-    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
-    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
-    'VideoTimeout' : [ 0xc0, ['unsigned long']],
-    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
-    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
-    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
-    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
-    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
-    'ForcedThrottle' : [ 0xda, ['unsigned char']],
-    'MinThrottle' : [ 0xdb, ['unsigned char']],
-    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
-} ],
-  '_PEB64' : [ 0x7a0, {
-    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
-    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
-    'BeingDebugged' : [ 0x2, ['unsigned char']],
-    'BitField' : [ 0x3, ['unsigned char']],
-    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
-    'Mutant' : [ 0x8, ['unsigned long long']],
-    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
-    'Ldr' : [ 0x18, ['unsigned long long']],
-    'ProcessParameters' : [ 0x20, ['unsigned long long']],
-    'SubSystemData' : [ 0x28, ['unsigned long long']],
-    'ProcessHeap' : [ 0x30, ['unsigned long long']],
-    'FastPebLock' : [ 0x38, ['unsigned long long']],
-    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
-    'IFEOKey' : [ 0x48, ['unsigned long long']],
-    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
-    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
-    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
-    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
-    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
-    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
-    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
-    'ApiSetMap' : [ 0x68, ['unsigned long long']],
-    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
-    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
-    'TlsBitmap' : [ 0x78, ['unsigned long long']],
-    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
-    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
-    'SparePvoid0' : [ 0x90, ['unsigned long long']],
-    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
-    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
-    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
-    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
-    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
-    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
-    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
-    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
-    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
-    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
-    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
-    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
-    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
-    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
-    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
-    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
-    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
-    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
-    'LoaderLock' : [ 0x110, ['unsigned long long']],
-    'OSMajorVersion' : [ 0x118, ['unsigned long']],
-    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
-    'OSBuildNumber' : [ 0x120, ['unsigned short']],
-    'OSCSDVersion' : [ 0x122, ['unsigned short']],
-    'OSPlatformId' : [ 0x124, ['unsigned long']],
-    'ImageSubsystem' : [ 0x128, ['unsigned long']],
-    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
-    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
-    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
-    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
-    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
-    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
-    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
-    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
-    'SessionId' : [ 0x2c0, ['unsigned long']],
-    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
-    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
-    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
-    'pShimData' : [ 0x2d8, ['unsigned long long']],
-    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
-    'CSDVersion' : [ 0x2e8, ['_STRING64']],
-    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
-    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
-    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
-    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
-    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
-    'FlsCallback' : [ 0x320, ['unsigned long long']],
-    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
-    'FlsBitmap' : [ 0x338, ['unsigned long long']],
-    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
-    'FlsHighIndex' : [ 0x350, ['unsigned long']],
-    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
-    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
-    'pUnused' : [ 0x368, ['unsigned long long']],
-    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
-    'TracingFlags' : [ 0x378, ['unsigned long']],
-    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
-    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
-    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
-    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
-    'TppWorkerpList' : [ 0x390, ['LIST_ENTRY64']],
-    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['unsigned long long']]],
-} ],
-  '_PS_PROTECTION' : [ 0x1, {
-    'Level' : [ 0x0, ['unsigned char']],
-    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
-    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
-} ],
-  '_MSUBSECTION' : [ 0x70, {
-    'Core' : [ 0x0, ['_SUBSECTION']],
-    'SubsectionNode' : [ 0x38, ['_RTL_BALANCED_NODE']],
-    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
-    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
-    'NumberOfPfnReferences' : [ 0x68, ['unsigned long']],
-} ],
-  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
-    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
-} ],
-  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
-    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
-    'TagIndex' : [ 0x2, ['unsigned short']],
-    'Settable' : [ 0x8, ['unsigned long long']],
-    'ZeroInit' : [ 0x0, ['unsigned long long']],
-    'ZeroInit1' : [ 0x8, ['unsigned long long']],
-} ],
-  '_VF_POOL_TRACE' : [ 0x80, {
-    'Address' : [ 0x0, ['pointer64', ['void']]],
-    'Size' : [ 0x8, ['unsigned long long']],
-    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
-    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
-} ],
-  '__unnamed_25ee' : [ 0x4, {
-    'LongFlags' : [ 0x0, ['unsigned long']],
-    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
-} ],
-  '_MM_SESSION_SPACE' : [ 0x1f40, {
-    'ReferenceCount' : [ 0x0, ['long']],
-    'u' : [ 0x4, ['__unnamed_25ee']],
-    'SessionId' : [ 0x8, ['unsigned long']],
-    'ProcessReferenceToSession' : [ 0xc, ['long']],
-    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
-    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
-    'NonPagablePages' : [ 0x28, ['unsigned long long']],
-    'CommittedPages' : [ 0x30, ['unsigned long long']],
-    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
-    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
-    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
-    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
-    'SessionPoolAllocationFailures' : [ 0x58, ['array', 4, ['unsigned long']]],
-    'ImageTree' : [ 0x68, ['_RTL_AVL_TREE']],
-    'LocaleId' : [ 0x70, ['unsigned long']],
-    'AttachCount' : [ 0x74, ['unsigned long']],
-    'AttachGate' : [ 0x78, ['_KGATE']],
-    'WsListEntry' : [ 0x90, ['_LIST_ENTRY']],
-    'Lookaside' : [ 0xc0, ['array', 21, ['_GENERAL_LOOKASIDE']]],
-    'Session' : [ 0xb40, ['_MMSESSION']],
-    'PagedPoolInfo' : [ 0xb60, ['_MM_PAGED_POOL_INFO']],
-    'Vm' : [ 0xb98, ['_MMSUPPORT']],
-    'Wsle' : [ 0xc90, ['pointer64', ['_MMWSLE']]],
-    'DriverUnload' : [ 0xc98, ['_MI_SESSION_DRIVER_UNLOAD']],
-    'PagedPool' : [ 0xcc0, ['_POOL_DESCRIPTOR']],
-    'PageDirectory' : [ 0x1e00, ['_MMPTE']],
-    'SessionVaLock' : [ 0x1e08, ['_EX_PUSH_LOCK']],
-    'DynamicVaBitMap' : [ 0x1e10, ['_RTL_BITMAP']],
-    'DynamicVaHint' : [ 0x1e20, ['unsigned long']],
-    'SpecialPool' : [ 0x1e28, ['_MI_SPECIAL_POOL']],
-    'SessionPteLock' : [ 0x1e78, ['_EX_PUSH_LOCK']],
-    'PoolBigEntriesInUse' : [ 0x1e80, ['long']],
-    'PagedPoolPdeCount' : [ 0x1e84, ['unsigned long']],
-    'SpecialPoolPdeCount' : [ 0x1e88, ['unsigned long']],
-    'DynamicSessionPdeCount' : [ 0x1e8c, ['unsigned long']],
-    'SystemPteInfo' : [ 0x1e90, ['_MI_SYSTEM_PTE_TYPE']],
-    'PoolTrackTableExpansion' : [ 0x1ef0, ['pointer64', ['void']]],
-    'PoolTrackTableExpansionSize' : [ 0x1ef8, ['unsigned long long']],
-    'PoolTrackBigPages' : [ 0x1f00, ['pointer64', ['void']]],
-    'PoolTrackBigPagesSize' : [ 0x1f08, ['unsigned long long']],
-    'IoState' : [ 0x1f10, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
-    'IoStateSequence' : [ 0x1f14, ['unsigned long']],
-    'IoNotificationEvent' : [ 0x1f18, ['_KEVENT']],
-    'ServerSilo' : [ 0x1f30, ['pointer64', ['_EJOB']]],
-    'CreateTime' : [ 0x1f38, ['unsigned long long']],
-} ],
-  '_MMPAGE_FILE_EXPANSION' : [ 0x60, {
-    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
-    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
-    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
-    'RequestedExpansionSize' : [ 0x20, ['unsigned long long']],
-    'ActualExpansion' : [ 0x28, ['unsigned long long']],
-    'Event' : [ 0x30, ['_KEVENT']],
-    'InProgress' : [ 0x48, ['long']],
-    'u' : [ 0x4c, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
-    'ActiveEntry' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
-    'AttemptForCantExtend' : [ 0x58, ['unsigned char']],
-    'PageFileContract' : [ 0x59, ['unsigned char']],
-} ],
-  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
-    'BankNumber' : [ 0x0, ['unsigned char']],
-    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
-    'StatusDataFormat' : [ 0x2, ['unsigned char']],
-    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
-    'ControlMsr' : [ 0x4, ['unsigned long']],
-    'StatusMsr' : [ 0x8, ['unsigned long']],
-    'AddressMsr' : [ 0xc, ['unsigned long']],
-    'MiscMsr' : [ 0x10, ['unsigned long']],
-    'ControlData' : [ 0x14, ['unsigned long long']],
-} ],
-  '__unnamed_25ff' : [ 0x4, {
-    'LongFlags2' : [ 0x0, ['unsigned long']],
-    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
-} ],
-  '__unnamed_2603' : [ 0x8, {
-    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
-    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
-} ],
-  '_MMVAD' : [ 0x88, {
-    'Core' : [ 0x0, ['_MMVAD_SHORT']],
-    'u2' : [ 0x40, ['__unnamed_25ff']],
-    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
-    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
-    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
-    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
-    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
-    'u4' : [ 0x78, ['__unnamed_2603']],
-    'FileObject' : [ 0x80, ['pointer64', ['_FILE_OBJECT']]],
-} ],
-  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
-    'BlockLength' : [ 0x0, ['unsigned long']],
-    'ReferenceCount' : [ 0x8, ['long long']],
-    'SidCount' : [ 0x10, ['unsigned long']],
-    'SidValuesStart' : [ 0x18, ['unsigned long long']],
-} ],
-  '_MI_PARTITION_STATE' : [ 0x60, {
-    'PartitionLock' : [ 0x0, ['unsigned long long']],
-    'PartitionIdLock' : [ 0x8, ['_EX_PUSH_LOCK']],
-    'InitialPartitionIdBits' : [ 0x10, ['unsigned long long']],
-    'PartitionList' : [ 0x18, ['_LIST_ENTRY']],
-    'PartitionIdBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
-    'InitialPartitionIdBitmap' : [ 0x30, ['_RTL_BITMAP']],
-    'TempPartitionPointers' : [ 0x40, ['array', 1, ['pointer64', ['_MI_PARTITION']]]],
-    'Partition' : [ 0x48, ['pointer64', ['pointer64', ['_MI_PARTITION']]]],
-    'TotalPagesInChildPartitions' : [ 0x50, ['unsigned long long']],
-    'CrossPartitionDenials' : [ 0x58, ['unsigned long']],
-} ],
-  '_MMMOD_WRITER_LISTHEAD' : [ 0x28, {
-    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
-    'Gate' : [ 0x10, ['_KGATE']],
-    'Event' : [ 0x10, ['_KEVENT']],
-} ],
-  '_CM_RM' : [ 0x88, {
-    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
-    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
-    'Tm' : [ 0x28, ['pointer64', ['void']]],
-    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
-    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
-    'RefCount' : [ 0x40, ['unsigned long']],
-    'ContainerNum' : [ 0x44, ['unsigned long']],
-    'ContainerSize' : [ 0x48, ['unsigned long long']],
-    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
-    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
-    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
-    'RmFlags' : [ 0x68, ['unsigned long']],
-    'LogStartStatus1' : [ 0x6c, ['long']],
-    'LogStartStatus2' : [ 0x70, ['long']],
-    'BaseLsn' : [ 0x78, ['unsigned long long']],
-    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
-} ],
-  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
-    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
-    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
-    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
-    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
-    'WaiterPriority' : [ 0x20, ['unsigned char']],
-    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
-    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
-    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
-    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
-    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
-    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
-    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
-    'OplockState' : [ 0x90, ['unsigned long']],
-    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
-} ],
-  '_MI_LARGEPAGE_MEMORY_INFO' : [ 0x28, {
-    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
-    'ColoredPageInfoBase' : [ 0x10, ['pointer64', ['_COLORED_PAGE_INFO']]],
-    'PagesNeedZeroing' : [ 0x18, ['unsigned long']],
-    'LargeImageBias' : [ 0x1c, ['unsigned char']],
-    'Spare' : [ 0x1d, ['array', 3, ['unsigned char']]],
-    'ActualImageViewSize' : [ 0x20, ['unsigned long long']],
-} ],
-  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
-    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
-    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
-    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_PROCESS_ENERGY_VALUES' : [ 0x90, {
-    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
-    'DiskEnergy' : [ 0x40, ['unsigned long long']],
-    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
-    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
-    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
-    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
-    'Foreground' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'WindowInformation' : [ 0x68, ['unsigned long']],
-    'PixelArea' : [ 0x6c, ['unsigned long']],
-    'PixelReportTimestamp' : [ 0x70, ['long long']],
-    'PixelTime' : [ 0x78, ['unsigned long long']],
-    'ForegroundReportTimestamp' : [ 0x80, ['long long']],
-    'ForegroundTime' : [ 0x88, ['unsigned long long']],
-} ],
-  '_CLIENT_ID' : [ 0x10, {
-    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
-    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
-    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
-    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
-    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
-    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
-    'Node' : [ 0x20, ['unsigned short']],
-    'Card' : [ 0x22, ['unsigned short']],
-    'Module' : [ 0x24, ['unsigned short']],
-    'Bank' : [ 0x26, ['unsigned short']],
-    'Device' : [ 0x28, ['unsigned short']],
-    'Row' : [ 0x2a, ['unsigned short']],
-    'Column' : [ 0x2c, ['unsigned short']],
-    'BitPosition' : [ 0x2e, ['unsigned short']],
-    'RequesterId' : [ 0x30, ['unsigned long long']],
-    'ResponderId' : [ 0x38, ['unsigned long long']],
-    'TargetId' : [ 0x40, ['unsigned long long']],
-    'ErrorType' : [ 0x48, ['unsigned char']],
-} ],
-  '_MI_COMMON_PAGE_STATE' : [ 0x98, {
-    'PageOfOnesPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
-    'PageOfOnes' : [ 0x8, ['unsigned long long']],
-    'DummyPagePfn' : [ 0x10, ['pointer64', ['_MMPFN']]],
-    'DummyPage' : [ 0x18, ['unsigned long long']],
-    'PageOfZeroes' : [ 0x20, ['unsigned long long']],
-    'ZeroMapping' : [ 0x28, ['pointer64', ['void']]],
-    'OnesMapping' : [ 0x30, ['pointer64', ['void']]],
-    'BitmapGapFrames' : [ 0x38, ['array', 4, ['unsigned long long']]],
-    'PfnGapFrames' : [ 0x58, ['array', 4, ['unsigned long long']]],
-    'PageTableOfZeroes' : [ 0x78, ['unsigned long long']],
-    'PdeOfZeroes' : [ 0x80, ['_MMPTE']],
-    'PageTableOfOnes' : [ 0x88, ['unsigned long long']],
-    'PdeOfOnes' : [ 0x90, ['_MMPTE']],
-} ],
-  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
-    'Flags' : [ 0x0, ['unsigned char']],
-    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
-    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-} ],
-  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
-    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
-    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
-    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
-    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
-    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
-    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
-    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
-    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
-    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
-    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
-    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
-} ],
-  '_MMPFNLIST_SHORT' : [ 0x18, {
-    'Total' : [ 0x0, ['unsigned long long']],
-    'Flink' : [ 0x8, ['unsigned long long']],
-    'Blink' : [ 0x10, ['unsigned long long']],
-} ],
-  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
-    'BusDataType' : [ 0x0, ['unsigned long']],
-    'BusNumber' : [ 0x4, ['unsigned long']],
-    'SlotNumber' : [ 0x8, ['unsigned long']],
-    'Offset' : [ 0xc, ['unsigned long']],
-    'Length' : [ 0x10, ['unsigned long']],
-} ],
-  '_MMSECTION_FLAGS' : [ 0x4, {
-    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
-    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
-    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
-    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
-    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
-    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
-    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
-    'Spare' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
-    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
-    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
-    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
-    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
-    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
-    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
-} ],
-  '_MI_VAD_ALLOCATION_CELL' : [ 0x28, {
-    'AllocationBitMap' : [ 0x0, ['_RTL_BITMAP']],
-    'BitMapHint' : [ 0x10, ['unsigned long']],
-    'LastAllocationSize' : [ 0x14, ['unsigned long']],
-    'LastAllocationSizeHint' : [ 0x18, ['unsigned long']],
-    'LowestBottomUpVadBit' : [ 0x1c, ['unsigned long']],
-    'LowestBottomUpAllocationAddress' : [ 0x20, ['pointer64', ['void']]],
-} ],
-  '_MI_REVERSE_VIEW_MAP' : [ 0x28, {
-    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
-    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
-    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
-    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
-    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
-    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
-    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'SectionOffset' : [ 0x20, ['unsigned long long']],
-} ],
-  '_IO_SECURITY_CONTEXT' : [ 0x18, {
-    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
-    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
-    'DesiredAccess' : [ 0x10, ['unsigned long']],
-    'FullCreateOptions' : [ 0x14, ['unsigned long']],
-} ],
-  '__unnamed_2647' : [ 0x38, {
-    'Mdl' : [ 0x0, ['_MDL']],
-    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
-} ],
-  '_MI_PAGEFILE_TRACES' : [ 0x78, {
-    'Status' : [ 0x0, ['long']],
-    'PartitionId' : [ 0x4, ['unsigned short']],
-    'Priority' : [ 0x6, ['unsigned char']],
-    'IrpPriority' : [ 0x7, ['unsigned char']],
-    'ReservationWrite' : [ 0x8, ['unsigned char']],
-    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
-    'AvailablePages' : [ 0x18, ['unsigned long long']],
-    'ModifiedPagesTotal' : [ 0x20, ['unsigned long long']],
-    'ModifiedPagefilePages' : [ 0x28, ['unsigned long long']],
-    'ModifiedNoWritePages' : [ 0x30, ['unsigned long long']],
-    'ModifiedPagefileNoReservationPages' : [ 0x38, ['unsigned long long']],
-    'MdlHack' : [ 0x40, ['__unnamed_2647']],
-} ],
-  '_PROC_PERF_DOMAIN' : [ 0x190, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
-    'Members' : [ 0x18, ['_KAFFINITY_EX']],
-    'ProcessorCount' : [ 0xc0, ['unsigned long']],
-    'Class' : [ 0xc4, ['unsigned char']],
-    'Spare' : [ 0xc5, ['array', 3, ['unsigned char']]],
-    'Processors' : [ 0xc8, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
-    'GetFFHThrottleState' : [ 0xd0, ['pointer64', ['void']]],
-    'TimeWindowHandler' : [ 0xd8, ['pointer64', ['void']]],
-    'BoostPolicyHandler' : [ 0xe0, ['pointer64', ['void']]],
-    'BoostModeHandler' : [ 0xe8, ['pointer64', ['void']]],
-    'EnergyPerfPreferenceHandler' : [ 0xf0, ['pointer64', ['void']]],
-    'AutonomousActivityWindowHandler' : [ 0xf8, ['pointer64', ['void']]],
-    'AutonomousModeHandler' : [ 0x100, ['pointer64', ['void']]],
-    'ReinitializeHandler' : [ 0x108, ['pointer64', ['void']]],
-    'PerfSelectionHandler' : [ 0x110, ['pointer64', ['void']]],
-    'PerfControlHandler' : [ 0x118, ['pointer64', ['void']]],
-    'MaxFrequency' : [ 0x120, ['unsigned long']],
-    'NominalFrequency' : [ 0x124, ['unsigned long']],
-    'MaxPercent' : [ 0x128, ['unsigned long']],
-    'MinPerfPercent' : [ 0x12c, ['unsigned long']],
-    'MinThrottlePercent' : [ 0x130, ['unsigned long']],
-    'MinimumRelativePerformance' : [ 0x138, ['unsigned long long']],
-    'NominalRelativePerformance' : [ 0x140, ['unsigned long long']],
-    'Coordination' : [ 0x148, ['unsigned char']],
-    'HardPlatformCap' : [ 0x149, ['unsigned char']],
-    'AffinitizeControl' : [ 0x14a, ['unsigned char']],
-    'EfficientThrottle' : [ 0x14b, ['unsigned char']],
-    'AutonomousMode' : [ 0x14c, ['unsigned char']],
-    'SelectedPercent' : [ 0x150, ['unsigned long']],
-    'SelectedFrequency' : [ 0x154, ['unsigned long']],
-    'DesiredPercent' : [ 0x158, ['unsigned long']],
-    'MaxPolicyPercent' : [ 0x15c, ['unsigned long']],
-    'MinPolicyPercent' : [ 0x160, ['unsigned long']],
-    'ConstrainedMaxPercent' : [ 0x164, ['unsigned long']],
-    'ConstrainedMinPercent' : [ 0x168, ['unsigned long']],
-    'GuaranteedPercent' : [ 0x16c, ['unsigned long']],
-    'TolerancePercent' : [ 0x170, ['unsigned long']],
-    'SelectedState' : [ 0x178, ['unsigned long long']],
-    'PerfChangeTime' : [ 0x180, ['unsigned long long']],
-    'PerfChangeIntervalCount' : [ 0x188, ['unsigned long']],
-    'Force' : [ 0x18c, ['unsigned char']],
-    'ProvideGuidance' : [ 0x18d, ['unsigned char']],
-} ],
-  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
-    'TraceFlag' : [ 0x0, ['unsigned long']],
-    'Dr7' : [ 0x4, ['unsigned long']],
-    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
-    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
-} ],
-  '_HVIEW_MAP_TABLE' : [ 0x800, {
-    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
-} ],
-  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
-    'ClientId' : [ 0x0, ['_CLIENT_ID']],
-    'Handle' : [ 0x10, ['pointer64', ['void']]],
-    'Type' : [ 0x18, ['unsigned long']],
-    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
-} ],
-  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
-    'Type' : [ 0x0, ['unsigned short']],
-    'Enabled' : [ 0x2, ['unsigned char']],
-    'Reserved' : [ 0x3, ['unsigned char']],
-} ],
-  '_DUMMY_FILE_OBJECT' : [ 0x110, {
-    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
-    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
-} ],
-  '_TRIAGE_9F_PNP' : [ 0x18, {
-    'Signature' : [ 0x0, ['unsigned short']],
-    'Revision' : [ 0x2, ['unsigned short']],
-    'CompletionQueue' : [ 0x8, ['pointer64', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
-    'DelayedWorkQueue' : [ 0x10, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
-} ],
-  '_RELATION_LIST' : [ 0x10, {
-    'DeviceObjectList' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT_LIST']]],
-    'Sorted' : [ 0x8, ['unsigned char']],
-} ],
-  '_IO_TIMER' : [ 0x30, {
-    'Type' : [ 0x0, ['short']],
-    'TimerFlag' : [ 0x2, ['short']],
-    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
-    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
-    'Context' : [ 0x20, ['pointer64', ['void']]],
-    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
-} ],
-  '_MI_STANDBY_STATE' : [ 0xc0, {
-    'TransitionSharedPages' : [ 0x0, ['unsigned long long']],
-    'TransitionSharedPagesPeak' : [ 0x8, ['array', 3, ['unsigned long long']]],
-    'FirstDecayPage' : [ 0x20, ['unsigned long long']],
-    'PfnDecayFreeSList' : [ 0x30, ['_SLIST_HEADER']],
-    'PfnRepurposeLog' : [ 0x40, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
-    'AllocatePfnRepurposeDpc' : [ 0x48, ['_KDPC']],
-} ],
-  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
-    'CcAccessLog' : [ 0x0, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
-    'Enabled' : [ 0x8, ['unsigned long']],
-    'DisableAccessLogging' : [ 0x10, ['_WORK_QUEUE_ITEM']],
-    'MinLoggingPriority' : [ 0x30, ['unsigned long']],
-    'AccessLoggingLock' : [ 0x40, ['unsigned long long']],
-} ],
-  '_ETW_BUFFER_QUEUE' : [ 0x18, {
-    'QueueHead' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
-    'QueueTail' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
-    'QueueEntry' : [ 0x10, ['_SINGLE_LIST_ENTRY']],
-} ],
-  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
-    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
-    'AllocateFromCount' : [ 0x8, ['unsigned long']],
-    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
-} ],
-  '_MI_SPECIAL_POOL' : [ 0x50, {
-    'Lock' : [ 0x0, ['unsigned long long']],
-    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
-    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
-    'PagesInUse' : [ 0x38, ['unsigned long long']],
-    'SpecialPoolPdes' : [ 0x40, ['_RTL_BITMAP']],
-} ],
-  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
-    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
-} ],
-  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
-    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
-    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
-    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
-    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
-} ],
-  '_POP_CURRENT_BROADCAST' : [ 0x18, {
-    'InProgress' : [ 0x0, ['unsigned char']],
-    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
-    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
-    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
-} ],
-  'PEPHANDLE__' : [ 0x4, {
-    'unused' : [ 0x0, ['long']],
-} ],
-  '__unnamed_2691' : [ 0x4, {
-    'BaseMiddle' : [ 0x0, ['unsigned char']],
-    'Flags1' : [ 0x1, ['unsigned char']],
-    'Flags2' : [ 0x2, ['unsigned char']],
-    'BaseHigh' : [ 0x3, ['unsigned char']],
-} ],
-  '__unnamed_2695' : [ 0x4, {
-    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
-    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
-    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
-    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
-    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
-    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
-    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
-    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
-    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_KGDTENTRY64' : [ 0x10, {
-    'LimitLow' : [ 0x0, ['unsigned short']],
-    'BaseLow' : [ 0x2, ['unsigned short']],
-    'Bytes' : [ 0x4, ['__unnamed_2691']],
-    'Bits' : [ 0x4, ['__unnamed_2695']],
-    'BaseUpper' : [ 0x8, ['unsigned long']],
-    'MustBeZero' : [ 0xc, ['unsigned long']],
-    'DataLow' : [ 0x0, ['long long']],
-    'DataHigh' : [ 0x8, ['long long']],
-} ],
-  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
-    'Status' : [ 0x0, ['long']],
-    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
-    'Lock' : [ 0x40, ['_FAST_MUTEX']],
-    'List' : [ 0x78, ['_LIST_ENTRY']],
-} ],
-  '_IOV_IRP_TRACE' : [ 0x80, {
-    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
-    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
-    'KernelApcDisable' : [ 0x10, ['short']],
-    'SpecialApcDisable' : [ 0x12, ['short']],
-    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
-    'Irql' : [ 0x14, ['unsigned char']],
-    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
-} ],
-  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
-    'MailslotQuota' : [ 0x0, ['unsigned long']],
-    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
-    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
-    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
-} ],
-  '_PO_IRP_MANAGER' : [ 0x20, {
-    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
-    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
-} ],
-  '_DYNAMIC_FUNCTION_TABLE' : [ 0x58, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
-    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
-    'MinimumAddress' : [ 0x20, ['unsigned long long']],
-    'MaximumAddress' : [ 0x28, ['unsigned long long']],
-    'BaseAddress' : [ 0x30, ['unsigned long long']],
-    'Callback' : [ 0x38, ['pointer64', ['void']]],
-    'Context' : [ 0x40, ['pointer64', ['void']]],
-    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['unsigned short']]],
-    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'RF_SORTED', 1: 'RF_UNSORTED', 2: 'RF_CALLBACK', 3: 'RF_KERNEL_DYNAMIC'})]],
-    'EntryCount' : [ 0x54, ['unsigned long']],
-} ],
-  '_SEP_LOWBOX_HANDLES_TABLE' : [ 0x10, {
-    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
-    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
-} ],
-  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
-    'EnableLogging' : [ 0x0, ['unsigned char']],
-    'MismatchCount' : [ 0x4, ['unsigned long']],
-    'Initialized' : [ 0x8, ['unsigned char']],
-    'LastValue' : [ 0x10, ['unsigned long long']],
-    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
-} ],
-  '_PROC_IDLE_POLICY' : [ 0x6, {
-    'PromotePercent' : [ 0x0, ['unsigned char']],
-    'DemotePercent' : [ 0x1, ['unsigned char']],
-    'PromotePercentBase' : [ 0x2, ['unsigned char']],
-    'DemotePercentBase' : [ 0x3, ['unsigned char']],
-    'AllowScaling' : [ 0x4, ['unsigned char']],
-    'ForceLightIdle' : [ 0x5, ['unsigned char']],
-} ],
-  '_CLIENT_ID64' : [ 0x10, {
-    'UniqueProcess' : [ 0x0, ['unsigned long long']],
-    'UniqueThread' : [ 0x8, ['unsigned long long']],
-} ],
-  '__unnamed_26b7' : [ 0x4, {
-    'PercentLevel' : [ 0x0, ['unsigned long']],
-} ],
-  '__unnamed_26b9' : [ 0x4, {
-    'Type' : [ 0x0, ['unsigned long']],
-} ],
-  '_POP_ACTION_TRIGGER' : [ 0x18, {
-    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyDeviceMax'})]],
-    'Flags' : [ 0x4, ['unsigned long']],
-    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
-    'Battery' : [ 0x10, ['__unnamed_26b7']],
-    'Button' : [ 0x10, ['__unnamed_26b9']],
-} ],
-  '_KDPC_DATA' : [ 0x28, {
-    'DpcList' : [ 0x0, ['_KDPC_LIST']],
-    'DpcLock' : [ 0x10, ['unsigned long long']],
-    'DpcQueueDepth' : [ 0x18, ['long']],
-    'DpcCount' : [ 0x1c, ['unsigned long']],
-    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
-} ],
-  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
-    'NamedPipeType' : [ 0x0, ['unsigned long']],
-    'ReadMode' : [ 0x4, ['unsigned long']],
-    'CompletionMode' : [ 0x8, ['unsigned long']],
-    'MaximumInstances' : [ 0xc, ['unsigned long']],
-    'InboundQuota' : [ 0x10, ['unsigned long']],
-    'OutboundQuota' : [ 0x14, ['unsigned long']],
-    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
-    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
-} ],
-  '_CM_BIG_DATA' : [ 0x8, {
-    'Signature' : [ 0x0, ['unsigned short']],
-    'Count' : [ 0x2, ['unsigned short']],
-    'List' : [ 0x4, ['unsigned long']],
-} ],
-  '_KSCB' : [ 0x198, {
-    'GenerationCycles' : [ 0x0, ['unsigned long long']],
-    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
-    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
-    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
-    'LongTermCycles' : [ 0x20, ['unsigned long long']],
-    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
-    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
-    'ReadyTime' : [ 0x38, ['unsigned long long']],
-    'InsertTime' : [ 0x40, ['unsigned long long']],
-    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
-    'QueueNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
-    'Inserted' : [ 0x70, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'MaxOverQuota' : [ 0x70, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'MinOverQuota' : [ 0x70, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'RankBias' : [ 0x70, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'SoftCap' : [ 0x70, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'Spare1' : [ 0x70, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
-    'Depth' : [ 0x71, ['unsigned char']],
-    'ReadySummary' : [ 0x72, ['unsigned short']],
-    'Rank' : [ 0x74, ['unsigned long']],
-    'ReadyListHead' : [ 0x78, ['array', 16, ['_LIST_ENTRY']]],
-    'ChildScbQueue' : [ 0x178, ['_RTL_RB_TREE']],
-    'Parent' : [ 0x188, ['pointer64', ['_KSCB']]],
-    'Root' : [ 0x190, ['pointer64', ['_KSCB']]],
-} ],
-  '__unnamed_26c8' : [ 0x10, {
-    'UserData' : [ 0x0, ['pointer64', ['void']]],
-    'Owner' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '__unnamed_26c9' : [ 0x10, {
-    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
-} ],
-  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
-    'Start' : [ 0x0, ['unsigned long long']],
-    'End' : [ 0x8, ['unsigned long long']],
-    'Allocated' : [ 0x10, ['__unnamed_26c8']],
-    'Merged' : [ 0x10, ['__unnamed_26c9']],
-    'Attributes' : [ 0x20, ['unsigned char']],
-    'PublicFlags' : [ 0x21, ['unsigned char']],
-    'PrivateFlags' : [ 0x22, ['unsigned short']],
-    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
-} ],
-  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
-    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
-    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
-} ],
-  '_PROC_PERF_HISTORY' : [ 0x24, {
-    'Count' : [ 0x0, ['unsigned long']],
-    'Slot' : [ 0x4, ['unsigned long']],
-    'UtilityTotal' : [ 0x8, ['unsigned long']],
-    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
-    'FrequencyTotal' : [ 0x10, ['unsigned long']],
-    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
-    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
-} ],
-  '_MI_PARTITION_ZEROING' : [ 0x68, {
-    'PageEvent' : [ 0x0, ['_KEVENT']],
-    'ThreadActive' : [ 0x18, ['unsigned char']],
-    'ZeroFreePageSlistMinimum' : [ 0x1c, ['long']],
-    'FirstReservedZeroingPte' : [ 0x20, ['pointer64', ['_MMPTE']]],
-    'RebalanceZeroFreeWorkItem' : [ 0x28, ['_WORK_QUEUE_ITEM']],
-    'ThreadCount' : [ 0x48, ['long']],
-    'Gate' : [ 0x50, ['_KGATE']],
-} ],
-  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
-    'BeginAddress' : [ 0x0, ['unsigned long']],
-    'EndAddress' : [ 0x4, ['unsigned long']],
-    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
-    'UnwindData' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_26d8' : [ 0x2, {
-    'AsUSHORT' : [ 0x0, ['unsigned short']],
-    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
-} ],
-  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
-    'Revision' : [ 0x0, ['unsigned short']],
-    'Flags' : [ 0x2, ['__unnamed_26d8']],
-    'PolicyCount' : [ 0x4, ['unsigned long']],
-    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
-} ],
-  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
-    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
-    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
-    'Flags' : [ 0x18, ['unsigned long']],
-    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
-    'StackId' : [ 0x20, ['unsigned long']],
-} ],
-  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
-    'Flags' : [ 0x0, ['unsigned short']],
-    'Length' : [ 0x2, ['unsigned short']],
-    'TimeStamp' : [ 0x4, ['unsigned long']],
-    'DosPath' : [ 0x8, ['_STRING']],
-} ],
-  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
-    'AsLong' : [ 0x0, ['long']],
-    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
-    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
-    'Lock' : [ 0x0, ['unsigned long long']],
-    'Processors' : [ 0x8, ['unsigned long']],
-    'ActiveProcessors' : [ 0xc, ['unsigned long']],
-    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
-    'TotalTime' : [ 0x18, ['unsigned long long']],
-    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
-} ],
-  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
-    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
-    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
-    'ServiceTag' : [ 0x10, ['unsigned long']],
-    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
-    'ReasonSize' : [ 0x18, ['unsigned long long']],
-} ],
-  '__unnamed_26f0' : [ 0x4, {
-    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '__unnamed_26f2' : [ 0x4, {
-    'Flags' : [ 0x0, ['__unnamed_26f0']],
-    'Whole' : [ 0x0, ['unsigned long']],
-} ],
-  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x110, {
-    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
-    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
-    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
-    'u1' : [ 0x20, ['__unnamed_26f2']],
-    'Signature' : [ 0x28, ['unsigned long long']],
-    'PoolPageHeaders' : [ 0x30, ['_SLIST_HEADER']],
-    'PoolTrackers' : [ 0x40, ['_SLIST_HEADER']],
-    'CurrentPagedPoolAllocations' : [ 0x50, ['unsigned long']],
-    'CurrentNonPagedPoolAllocations' : [ 0x54, ['unsigned long']],
-    'PeakPagedPoolAllocations' : [ 0x58, ['unsigned long']],
-    'PeakNonPagedPoolAllocations' : [ 0x5c, ['unsigned long']],
-    'PagedBytes' : [ 0x60, ['unsigned long long']],
-    'NonPagedBytes' : [ 0x68, ['unsigned long long']],
-    'PeakPagedBytes' : [ 0x70, ['unsigned long long']],
-    'PeakNonPagedBytes' : [ 0x78, ['unsigned long long']],
-    'RaiseIrqls' : [ 0x80, ['unsigned long']],
-    'AcquireSpinLocks' : [ 0x84, ['unsigned long']],
-    'SynchronizeExecutions' : [ 0x88, ['unsigned long']],
-    'AllocationsWithNoTag' : [ 0x8c, ['unsigned long']],
-    'AllocationsFailed' : [ 0x90, ['unsigned long']],
-    'AllocationsFailedDeliberately' : [ 0x94, ['unsigned long']],
-    'LockedBytes' : [ 0x98, ['unsigned long long']],
-    'PeakLockedBytes' : [ 0xa0, ['unsigned long long']],
-    'MappedLockedBytes' : [ 0xa8, ['unsigned long long']],
-    'PeakMappedLockedBytes' : [ 0xb0, ['unsigned long long']],
-    'MappedIoSpaceBytes' : [ 0xb8, ['unsigned long long']],
-    'PeakMappedIoSpaceBytes' : [ 0xc0, ['unsigned long long']],
-    'PagesForMdlBytes' : [ 0xc8, ['unsigned long long']],
-    'PeakPagesForMdlBytes' : [ 0xd0, ['unsigned long long']],
-    'ContiguousMemoryBytes' : [ 0xd8, ['unsigned long long']],
-    'PeakContiguousMemoryBytes' : [ 0xe0, ['unsigned long long']],
-    'ContiguousMemoryListHead' : [ 0xe8, ['_LIST_ENTRY']],
-    'ExecutePoolTypes' : [ 0xf8, ['unsigned long']],
-    'ExecutePageProtections' : [ 0xfc, ['unsigned long']],
-    'ExecutePageMappings' : [ 0x100, ['unsigned long']],
-    'ExecuteWriteSections' : [ 0x104, ['unsigned long']],
-    'SectionAlignmentFailures' : [ 0x108, ['unsigned long']],
-} ],
-  '_TRIAGE_DEVICE_NODE' : [ 0x58, {
-    'Sibling' : [ 0x0, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
-    'Child' : [ 0x8, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
-    'Parent' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
-    'LastChild' : [ 0x18, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
-    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
-    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
-    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
-    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
-    'FxDevice' : [ 0x50, ['pointer64', ['_TRIAGE_POP_FX_DEVICE']]],
-} ],
-  '_PRIVATE_CACHE_MAP' : [ 0x78, {
-    'NodeTypeCode' : [ 0x0, ['short']],
-    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
-    'ReadAheadMask' : [ 0x4, ['unsigned long']],
-    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
-    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
-    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
-    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
-    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
-    'SequentialReadCount' : [ 0x30, ['unsigned long']],
-    'ReadAheadLength' : [ 0x34, ['unsigned long']],
-    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
-    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
-    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
-    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
-    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
-    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
-    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
-    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
-} ],
-  '_CM_KEY_NODE' : [ 0x50, {
-    'Signature' : [ 0x0, ['unsigned short']],
-    'Flags' : [ 0x2, ['unsigned short']],
-    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
-    'AccessBits' : [ 0xc, ['unsigned long']],
-    'Parent' : [ 0x10, ['unsigned long']],
-    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
-    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
-    'ValueList' : [ 0x24, ['_CHILD_LIST']],
-    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
-    'Security' : [ 0x2c, ['unsigned long']],
-    'Class' : [ 0x30, ['unsigned long']],
-    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
-    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
-    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
-    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
-    'MaxClassLen' : [ 0x38, ['unsigned long']],
-    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
-    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
-    'WorkVar' : [ 0x44, ['unsigned long']],
-    'NameLength' : [ 0x48, ['unsigned short']],
-    'ClassLength' : [ 0x4a, ['unsigned short']],
-    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
-} ],
-  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
-    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
-    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
-    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
-    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
-    'AsUSHORT' : [ 0x0, ['unsigned short']],
-} ],
-  '_MI_SYSTEM_IMAGE_STATE' : [ 0xc0, {
-    'FixupLock' : [ 0x0, ['long']],
-    'FixupList' : [ 0x8, ['_LIST_ENTRY']],
-    'LoadLock' : [ 0x18, ['_KMUTANT']],
-    'FirstLoadEver' : [ 0x50, ['unsigned char']],
-    'LargePageAll' : [ 0x51, ['unsigned char']],
-    'LastPage' : [ 0x58, ['unsigned long long']],
-    'LargePageList' : [ 0x60, ['_LIST_ENTRY']],
-    'BeingDeleted' : [ 0x70, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]],
-    'MappingRangesPushLock' : [ 0x78, ['_EX_PUSH_LOCK']],
-    'MappingRanges' : [ 0x80, ['array', 2, ['pointer64', ['_MI_DRIVER_VA']]]],
-    'PageCount' : [ 0x90, ['unsigned long long']],
-    'PageCounts' : [ 0x98, ['_MM_SYSTEM_PAGE_COUNTS']],
-    'CollidedLock' : [ 0xa8, ['_EX_PUSH_LOCK']],
-    'ErrataPte' : [ 0xb0, ['pointer64', ['_MMPTE']]],
-    'ErrataPteMapped' : [ 0xb8, ['unsigned long']],
-} ],
-  '_PTE_TRACKER' : [ 0x80, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
-    'Count' : [ 0x18, ['unsigned long long']],
-    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
-    'StartVa' : [ 0x28, ['pointer64', ['void']]],
-    'Offset' : [ 0x30, ['unsigned long']],
-    'Length' : [ 0x34, ['unsigned long']],
-    'Page' : [ 0x38, ['unsigned long long']],
-    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
-    'GuardPte' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'Spare' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
-    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
-} ],
-  '_HV_GET_CELL_CONTEXT' : [ 0x4, {
-    'Cell' : [ 0x0, ['unsigned long']],
-    'IsInTempBin' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_KTHREAD_COUNTERS' : [ 0x1a8, {
-    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
-    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
-    'Flags' : [ 0x10, ['unsigned long']],
-    'ContextSwitches' : [ 0x14, ['unsigned long']],
-    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
-    'HardwareCounters' : [ 0x20, ['unsigned long long']],
-    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
-} ],
-  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
-    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
-    'Flags' : [ 0x10, ['unsigned long']],
-} ],
-  '__unnamed_2724' : [ 0x2, {
-    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
-    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
-    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
-    'EntireField' : [ 0x0, ['unsigned short']],
-} ],
-  '_KLDR_DATA_TABLE_ENTRY' : [ 0xa0, {
-    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
-    'ExceptionTable' : [ 0x10, ['pointer64', ['void']]],
-    'ExceptionTableSize' : [ 0x18, ['unsigned long']],
-    'GpValue' : [ 0x20, ['pointer64', ['void']]],
-    'NonPagedDebugInfo' : [ 0x28, ['pointer64', ['_NON_PAGED_DEBUG_INFO']]],
-    'DllBase' : [ 0x30, ['pointer64', ['void']]],
-    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
-    'SizeOfImage' : [ 0x40, ['unsigned long']],
-    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
-    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
-    'Flags' : [ 0x68, ['unsigned long']],
-    'LoadCount' : [ 0x6c, ['unsigned short']],
-    'u1' : [ 0x6e, ['__unnamed_2724']],
-    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
-    'CheckSum' : [ 0x78, ['unsigned long']],
-    'CoverageSectionSize' : [ 0x7c, ['unsigned long']],
-    'CoverageSection' : [ 0x80, ['pointer64', ['void']]],
-    'LoadedImports' : [ 0x88, ['pointer64', ['void']]],
-    'Spare' : [ 0x90, ['pointer64', ['void']]],
-    'SizeOfImageNotRounded' : [ 0x98, ['unsigned long']],
-    'TimeDateStamp' : [ 0x9c, ['unsigned long']],
-} ],
-  '_DBGKD_GET_VERSION64' : [ 0x28, {
-    'MajorVersion' : [ 0x0, ['unsigned short']],
-    'MinorVersion' : [ 0x2, ['unsigned short']],
-    'ProtocolVersion' : [ 0x4, ['unsigned char']],
-    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
-    'Flags' : [ 0x6, ['unsigned short']],
-    'MachineType' : [ 0x8, ['unsigned short']],
-    'MaxPacketType' : [ 0xa, ['unsigned char']],
-    'MaxStateChange' : [ 0xb, ['unsigned char']],
-    'MaxManipulate' : [ 0xc, ['unsigned char']],
-    'Simulation' : [ 0xd, ['unsigned char']],
-    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
-    'KernBase' : [ 0x10, ['unsigned long long']],
-    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
-    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
-} ],
-  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
-    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
-    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
-    'LastActualCount' : [ 0x8, ['unsigned long long']],
-    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
-    'CachedValue' : [ 0x18, ['unsigned long']],
-    'Affinitized' : [ 0x20, ['unsigned char']],
-    'Differential' : [ 0x21, ['unsigned char']],
-    'Scaling' : [ 0x22, ['unsigned char']],
-    'Context' : [ 0x28, ['unsigned long long']],
-} ],
-  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
-    'AsLong' : [ 0x0, ['long']],
-    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
-    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
-    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
-    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
-    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_MI_PAGING_IO_STATE' : [ 0x50, {
-    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
-    'PageFileHeadSpinLock' : [ 0x8, ['long']],
-    'PrefetchSeekThreshold' : [ 0xc, ['long']],
-    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
-    'InPageSupportSListMinimum' : [ 0x30, ['array', 2, ['unsigned char']]],
-    'InPageSinglePages' : [ 0x34, ['unsigned long']],
-    'DelayPageFaults' : [ 0x38, ['long']],
-    'FileCompressionBoundary' : [ 0x3c, ['unsigned long']],
-    'MdlsAdjusted' : [ 0x40, ['unsigned char']],
-} ],
-  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
-    'Count' : [ 0x0, ['unsigned long']],
-    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
-} ],
-  '_MI_FORCED_COMMITS' : [ 0x8, {
-    'Regular' : [ 0x0, ['unsigned long']],
-    'Wrap' : [ 0x4, ['unsigned long']],
-} ],
-  '_HMAP_ENTRY' : [ 0x28, {
-    'BlockOffset' : [ 0x0, ['unsigned long long']],
-    'PermanentBinAddress' : [ 0x8, ['unsigned long long']],
-    'TemporaryBinAddress' : [ 0x10, ['unsigned long long']],
-    'TemporaryBinRundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
-    'MemAlloc' : [ 0x20, ['unsigned long']],
-} ],
-  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
-    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
-    'HandleIndex' : [ 0x8, ['unsigned short']],
-    'Atom' : [ 0xa, ['unsigned short']],
-    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
-    'NameLength' : [ 0x28, ['unsigned char']],
-    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
-} ],
-  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x400, {
-    'ResetCount' : [ 0x0, ['unsigned long']],
-    'StateCount' : [ 0x4, ['unsigned long']],
-    'DeepSleepCount' : [ 0x8, ['unsigned long']],
-    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
-    'StartTime' : [ 0x10, ['unsigned long long']],
-    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
-} ],
-  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
-    'Length' : [ 0x0, ['unsigned short']],
-    'TxFsContext' : [ 0x2, ['unsigned short']],
-    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '_DUAL' : [ 0x278, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
-    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
-    'Guard' : [ 0x18, ['unsigned long']],
-    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
-    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
-    'FreeSummary' : [ 0x270, ['unsigned long']],
-} ],
-  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
-    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
-    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '__unnamed_2753' : [ 0x4, {
-    'ImagePteOffset' : [ 0x0, ['unsigned long']],
-    'TossPage' : [ 0x0, ['unsigned long']],
-} ],
-  '__unnamed_2756' : [ 0x4, {
-    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
-    'LongFlags' : [ 0x0, ['unsigned long']],
-} ],
-  '_MMINPAGE_SUPPORT' : [ 0x1b0, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
-    'Event' : [ 0x20, ['_KEVENT']],
-    'CollidedEvent' : [ 0x38, ['_KEVENT']],
-    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
-    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
-    'ApcState' : [ 0x68, ['_KAPC_STATE']],
-    'Thread' : [ 0x98, ['pointer64', ['_ETHREAD']]],
-    'LockedProtoPfn' : [ 0xa0, ['pointer64', ['_MMPFN']]],
-    'PteContents' : [ 0xa8, ['_MMPTE']],
-    'WaitCount' : [ 0xb0, ['long']],
-    'ByteCount' : [ 0xb4, ['unsigned long']],
-    'u3' : [ 0xb8, ['__unnamed_2753']],
-    'u1' : [ 0xbc, ['__unnamed_2756']],
-    'FilePointer' : [ 0xc0, ['pointer64', ['_FILE_OBJECT']]],
-    'ControlArea' : [ 0xc8, ['pointer64', ['_CONTROL_AREA']]],
-    'Subsection' : [ 0xc8, ['pointer64', ['_SUBSECTION']]],
-    'Autoboost' : [ 0xd0, ['pointer64', ['void']]],
-    'FaultingAddress' : [ 0xd8, ['pointer64', ['void']]],
-    'PointerPte' : [ 0xe0, ['pointer64', ['_MMPTE']]],
-    'BasePte' : [ 0xe8, ['pointer64', ['_MMPTE']]],
-    'Pfn' : [ 0xf0, ['pointer64', ['_MMPFN']]],
-    'PrefetchMdl' : [ 0xf8, ['pointer64', ['_MDL']]],
-    'Mdl' : [ 0x100, ['_MDL']],
-    'Page' : [ 0x130, ['array', 16, ['unsigned long long']]],
-    'FlowThrough' : [ 0x130, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
-} ],
-  '_HAL_NODE_RANGE' : [ 0x10, {
-    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
-    'Node' : [ 0x8, ['unsigned long']],
-} ],
-  '_MMCLONE_BLOCK' : [ 0x20, {
-    'ProtoPte' : [ 0x0, ['_MMPTE']],
-    'PaddingFor16ByteAlignment' : [ 0x8, ['unsigned long long']],
-    'CloneCommitCount' : [ 0x10, ['unsigned long long']],
-    'u1' : [ 0x10, ['_MI_CLONE_BLOCK_FLAGS']],
-    'CloneRefCount' : [ 0x18, ['unsigned long long']],
-} ],
-  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
-    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
-} ],
-  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x48, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
-    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1', 19: 'NotifyTransportRelationsChange', 20: 'NotifyEjectionRelationsChange', 21: 'ConfigureDevice', 22: 'ConfigureDeviceClass', 23: 'ConfigureDeviceExtensions', 24: 'ConfigureDeviceReset'})]],
-    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
-    'RequestArgument' : [ 0x20, ['unsigned long long']],
-    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
-    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
-    'ActivityId' : [ 0x38, ['_GUID']],
-} ],
-  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
-    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
-    'ReferenceCount' : [ 0x18, ['long long']],
-    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
-    'LowboxNumber' : [ 0x28, ['unsigned long']],
-    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
-} ],
-  '_MI_LDW_WORK_CONTEXT' : [ 0x38, {
-    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
-    'FileObject' : [ 0x20, ['pointer64', ['_FILE_OBJECT']]],
-    'ErrorStatus' : [ 0x28, ['long']],
-    'Active' : [ 0x2c, ['long']],
-    'FreeWhenDone' : [ 0x30, ['unsigned char']],
-} ],
-  '_MI_CFG_BITMAP_INFO' : [ 0x18, {
-    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
-    'RegionSize' : [ 0x8, ['unsigned long long']],
-    'BitmapVad' : [ 0x10, ['pointer64', ['_MMVAD']]],
-} ],
-  '_COUNTER_READING' : [ 0x18, {
-    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
-    'Index' : [ 0x4, ['unsigned long']],
-    'Start' : [ 0x8, ['unsigned long long']],
-    'Total' : [ 0x10, ['unsigned long long']],
-} ],
-  '_MI_SHUTDOWN_STATE' : [ 0x80, {
-    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
-    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
-    'SystemShutdown' : [ 0x4, ['unsigned long']],
-    'ShutdownFlushInProgress' : [ 0x8, ['long']],
-    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
-    'MirrorHoldsPfn' : [ 0x48, ['pointer64', ['_ETHREAD']]],
-    'MirroringActive' : [ 0x50, ['unsigned long']],
-    'MirrorBitMaps' : [ 0x58, ['array', 2, ['_RTL_BITMAP_EX']]],
-    'CrashDumpPte' : [ 0x78, ['pointer64', ['_MMPTE']]],
-} ],
-  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
-    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
-    'ZeroBits' : [ 0x8, ['unsigned long']],
-    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
-    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
-    'SubSystemType' : [ 0x20, ['unsigned long']],
-    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
-    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
-    'SubSystemVersion' : [ 0x24, ['unsigned long']],
-    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
-    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
-    'OperatingSystemVersion' : [ 0x28, ['unsigned long']],
-    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
-    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
-    'Machine' : [ 0x30, ['unsigned short']],
-    'ImageContainsCode' : [ 0x32, ['unsigned char']],
-    'ImageFlags' : [ 0x33, ['unsigned char']],
-    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'ComPlusPrefer32bit' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
-    'LoaderFlags' : [ 0x34, ['unsigned long']],
-    'ImageFileSize' : [ 0x38, ['unsigned long']],
-    'CheckSum' : [ 0x3c, ['unsigned long']],
-} ],
-  '_ETW_REG_ENTRY' : [ 0x70, {
-    'RegList' : [ 0x0, ['_LIST_ENTRY']],
-    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
-    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
-    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
-    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
-    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
-    'Caller' : [ 0x30, ['pointer64', ['void']]],
-    'SessionId' : [ 0x38, ['unsigned long']],
-    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
-    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
-    'Callback' : [ 0x58, ['pointer64', ['void']]],
-    'Index' : [ 0x60, ['unsigned short']],
-    'Flags' : [ 0x62, ['unsigned char']],
-    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'EnableMask' : [ 0x63, ['unsigned char']],
-    'GroupEnableMask' : [ 0x64, ['unsigned char']],
-    'UseDescriptorType' : [ 0x65, ['unsigned char']],
-    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
-} ],
-  '_LPCP_PORT_OBJECT' : [ 0x100, {
-    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
-    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
-    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
-    'Creator' : [ 0x30, ['_CLIENT_ID']],
-    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
-    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
-    'PortContext' : [ 0x50, ['pointer64', ['void']]],
-    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
-    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
-    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
-    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
-    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
-    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
-    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
-    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
-    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
-    'Flags' : [ 0xe4, ['unsigned long']],
-    'WaitEvent' : [ 0xe8, ['_KEVENT']],
-} ],
-  '_HVIEW_MAP_PIN_LOG' : [ 0x488, {
-    'Next' : [ 0x0, ['unsigned long']],
-    'Size' : [ 0x4, ['unsigned long']],
-    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
-} ],
-  '_ARBITER_LIST_ENTRY' : [ 0x60, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'AlternativeCount' : [ 0x10, ['unsigned long']],
-    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
-    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
-    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
-    'Flags' : [ 0x2c, ['unsigned long']],
-    'WorkSpace' : [ 0x30, ['long long']],
-    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
-    'SlotNumber' : [ 0x3c, ['unsigned long']],
-    'BusNumber' : [ 0x40, ['unsigned long']],
-    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
-    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
-    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
-} ],
-  '_MI_PROBE_RAISE_TRACKER' : [ 0x40, {
-    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
-    'FaultFailed' : [ 0x4, ['unsigned long']],
-    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
-    'LargePageFailed' : [ 0xc, ['unsigned long']],
-    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
-    'BadPageLocation' : [ 0x14, ['unsigned long']],
-    'InsufficientCharge' : [ 0x18, ['unsigned long']],
-    'PageTableCharge' : [ 0x1c, ['unsigned long']],
-    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
-    'NoIoReference' : [ 0x24, ['unsigned long']],
-    'ProbeFailed' : [ 0x28, ['unsigned long']],
-    'PteIsZero' : [ 0x2c, ['unsigned long']],
-    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
-    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
-    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
-    'EnclavePageFailed' : [ 0x3c, ['unsigned long']],
-} ],
-  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
-    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
-    'ReferenceCount' : [ 0x18, ['unsigned long']],
-    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
-} ],
-  '_INTERRUPT_CONNECTION_DATA' : [ 0x60, {
-    'Count' : [ 0x0, ['unsigned long']],
-    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
-} ],
-  '_MI_CLONE_BLOCK_FLAGS' : [ 0x8, {
-    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 59, native_type='unsigned long long')]],
-    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_LDR_DATA_TABLE_ENTRY' : [ 0x118, {
-    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
-    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
-    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
-    'DllBase' : [ 0x30, ['pointer64', ['void']]],
-    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
-    'SizeOfImage' : [ 0x40, ['unsigned long']],
-    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
-    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
-    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
-    'Flags' : [ 0x68, ['unsigned long']],
-    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
-    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'LoadConfigProcessed' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
-    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
-    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
-    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
-    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
-    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
-    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
-    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
-    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
-    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
-    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
-    'TlsIndex' : [ 0x6e, ['unsigned short']],
-    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
-    'TimeDateStamp' : [ 0x80, ['unsigned long']],
-    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
-    'Lock' : [ 0x90, ['pointer64', ['void']]],
-    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
-    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
-    'LoadContext' : [ 0xb0, ['pointer64', ['_LDRP_LOAD_CONTEXT']]],
-    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
-    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
-    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
-    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
-    'OriginalBase' : [ 0xf8, ['unsigned long long']],
-    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
-    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
-    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: 'LoadReasonStaticDependency', 1: 'LoadReasonStaticForwarderDependency', 2: 'LoadReasonDynamicForwarderDependency', 3: 'LoadReasonDelayloadDependency', 4: 'LoadReasonDynamicLoad', 5: 'LoadReasonAsImageLoad', 6: 'LoadReasonAsDataLoad', -1: 'LoadReasonUnknown'})]],
-    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
-    'ReferenceCount' : [ 0x114, ['unsigned long']],
-} ],
-  '_CACHED_KSTACK_LIST' : [ 0x20, {
-    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
-    'MinimumFree' : [ 0x10, ['long']],
-    'Misses' : [ 0x14, ['unsigned long']],
-    'MissesLast' : [ 0x18, ['unsigned long']],
-    'AllStacksInUse' : [ 0x1c, ['unsigned long']],
-} ],
-  '_MMINPAGE_FLAGS' : [ 0x4, {
-    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
-    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
-    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
-    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
-    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
-    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
-    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
-    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
-} ],
-  '_MI_DRIVER_VA' : [ 0x28, {
-    'Next' : [ 0x0, ['pointer64', ['_MI_DRIVER_VA']]],
-    'PointerPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
-    'BitMap' : [ 0x10, ['_RTL_BITMAP']],
-    'Hint' : [ 0x20, ['unsigned long']],
-} ],
-  '_LDR_DDAG_NODE' : [ 0x50, {
-    'Modules' : [ 0x0, ['_LIST_ENTRY']],
-    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
-    'LoadCount' : [ 0x18, ['unsigned long']],
-    'LoadWhileUnloadingCount' : [ 0x1c, ['unsigned long']],
-    'LowestLink' : [ 0x20, ['unsigned long']],
-    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
-    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
-    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'LdrModulesPlaceHolder', 1: 'LdrModulesMapping', 2: 'LdrModulesMapped', 3: 'LdrModulesWaitingForDependencies', 4: 'LdrModulesSnapping', 5: 'LdrModulesSnapped', 6: 'LdrModulesCondensed', 7: 'LdrModulesReadyToInit', 8: 'LdrModulesInitializing', 9: 'LdrModulesReadyToRun', '\xfb': 'LdrModulesMerged', '\xfd': 'LdrModulesSnapError', '\xfc': 'LdrModulesInitError', -1: 'LdrModulesUnloading', '\xfe': 'LdrModulesUnloaded'})]],
-    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
-    'PreorderNumber' : [ 0x48, ['unsigned long']],
-} ],
-  '_POP_DEVICE_SYS_STATE' : [ 0x1d0, {
-    'IrpMinor' : [ 0x0, ['unsigned char']],
-    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-    'SpinLock' : [ 0x8, ['unsigned long long']],
-    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
-    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
-    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
-    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
-    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
-    'Pending' : [ 0x1a8, ['_LIST_ENTRY']],
-    'Status' : [ 0x1b8, ['long']],
-    'FailedDevice' : [ 0x1c0, ['pointer64', ['_DEVICE_OBJECT']]],
-    'Waking' : [ 0x1c8, ['unsigned char']],
-    'Cancelled' : [ 0x1c9, ['unsigned char']],
-    'IgnoreErrors' : [ 0x1ca, ['unsigned char']],
-    'IgnoreNotImplemented' : [ 0x1cb, ['unsigned char']],
-    'TimeRefreshLockAcquired' : [ 0x1cc, ['unsigned char']],
-} ],
-  '_KHETERO_PROCESSOR_SET' : [ 0x10, {
-    'PreferredMask' : [ 0x0, ['unsigned long long']],
-    'AvailableMask' : [ 0x8, ['unsigned long long']],
-} ],
-  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
-    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
-    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
-} ],
-  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
-    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
-    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
-    'Size' : [ 0x0, ['unsigned long long']],
-    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
-    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
-    'ProcessId' : [ 0x18, ['unsigned long']],
-    'ServiceTag' : [ 0x1c, ['unsigned long']],
-    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
-    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
-    'ReasonOffset' : [ 0x20, ['unsigned long long']],
-} ],
-  '_KWAIT_CHAIN_ENTRY' : [ 0x20, {
-    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-    'Event' : [ 0x8, ['_KEVENT']],
-} ],
-  '__unnamed_27d1' : [ 0x4, {
-    'LongFlags' : [ 0x0, ['unsigned long']],
-    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
-} ],
-  '__unnamed_27d3' : [ 0x4, {
-    'NumberOfChildViews' : [ 0x0, ['unsigned long']],
-} ],
-  '__unnamed_27d5' : [ 0x4, {
-    'AlignmentNoAccessPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
-    'DirtyPages' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_SUBSECTION' : [ 0x38, {
-    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
-    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
-    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
-    'GlobalPerSessionHead' : [ 0x18, ['_RTL_AVL_TREE']],
-    'CreationWaitList' : [ 0x18, ['pointer64', ['_MI_SUBSECTION_WAIT_BLOCK']]],
-    'SessionDriverProtos' : [ 0x18, ['pointer64', ['_MI_PER_SESSION_PROTOS']]],
-    'u' : [ 0x20, ['__unnamed_27d1']],
-    'StartingSector' : [ 0x24, ['unsigned long']],
-    'NumberOfFullSectors' : [ 0x28, ['unsigned long']],
-    'PtesInSubsection' : [ 0x2c, ['unsigned long']],
-    'u1' : [ 0x30, ['__unnamed_27d3']],
-    'UnusedPtes' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
-    'DirtyPages' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'u2' : [ 0x34, ['__unnamed_27d5']],
-} ],
-  '_CLIENT_ID32' : [ 0x8, {
-    'UniqueProcess' : [ 0x0, ['unsigned long']],
-    'UniqueThread' : [ 0x4, ['unsigned long']],
-} ],
-  '_CM_KEY_INDEX' : [ 0x8, {
-    'Signature' : [ 0x0, ['unsigned short']],
-    'Count' : [ 0x2, ['unsigned short']],
-    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
-} ],
-  '_VI_DEADLOCK_THREAD' : [ 0x38, {
-    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
-    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
-    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
-    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
-    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
-    'NodeCount' : [ 0x28, ['unsigned long']],
-    'PagingCount' : [ 0x2c, ['unsigned long']],
-    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
-} ],
-  '_PPM_IDLE_STATE' : [ 0xf8, {
-    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
-    'Name' : [ 0xa8, ['_UNICODE_STRING']],
-    'Latency' : [ 0xb8, ['unsigned long']],
-    'BreakEvenDuration' : [ 0xbc, ['unsigned long']],
-    'Power' : [ 0xc0, ['unsigned long']],
-    'StateFlags' : [ 0xc4, ['unsigned long']],
-    'VetoAccounting' : [ 0xc8, ['_PPM_VETO_ACCOUNTING']],
-    'StateType' : [ 0xf0, ['unsigned char']],
-    'InterruptsEnabled' : [ 0xf1, ['unsigned char']],
-    'Interruptible' : [ 0xf2, ['unsigned char']],
-    'ContextRetained' : [ 0xf3, ['unsigned char']],
-    'CacheCoherent' : [ 0xf4, ['unsigned char']],
-    'WakesSpuriously' : [ 0xf5, ['unsigned char']],
-    'PlatformOnly' : [ 0xf6, ['unsigned char']],
-    'NoCState' : [ 0xf7, ['unsigned char']],
-} ],
-  '_KRESOURCEMANAGER' : [ 0x250, {
-    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
-    'cookie' : [ 0x18, ['unsigned long']],
-    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
-    'Flags' : [ 0x20, ['unsigned long']],
-    'Mutex' : [ 0x28, ['_KMUTANT']],
-    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
-    'RmId' : [ 0x88, ['_GUID']],
-    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
-    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
-    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
-    'EnlistmentCount' : [ 0x120, ['unsigned long']],
-    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
-    'Key' : [ 0x130, ['pointer64', ['void']]],
-    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
-    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
-    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
-    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
-    'Description' : [ 0x170, ['_UNICODE_STRING']],
-    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
-    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
-} ],
-  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
-    'DeadPteTrackerSListHead' : [ 0x0, ['_SLIST_HEADER']],
-    'PteTrackerLock' : [ 0x10, ['unsigned long long']],
-    'MdlTrackerLookaside' : [ 0x40, ['_NPAGED_LOOKASIDE_LIST']],
-    'PteTrackingBitmap' : [ 0xc0, ['_RTL_BITMAP_EX']],
-    'CachedPteHeads' : [ 0xd0, ['pointer64', ['_MI_CACHED_PTES']]],
-    'SystemViewPteInfo' : [ 0xd8, ['_MI_SYSTEM_PTE_TYPE']],
-    'KernelStackPages' : [ 0x138, ['unsigned char']],
-    'QueuedStacks' : [ 0x140, ['_SLIST_HEADER']],
-    'StackGrowthFailures' : [ 0x150, ['unsigned long']],
-    'TrackPtesAborted' : [ 0x154, ['unsigned char']],
-    'AdjustCounter' : [ 0x155, ['unsigned char']],
-    'QueuedStacksWorkItem' : [ 0x158, ['_MI_QUEUED_DEADSTACK_WORKITEM']],
-} ],
-  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
-    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
-    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
-    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
-    'HandleCount' : [ 0x18, ['long']],
-    'HighWaterMark' : [ 0x1c, ['unsigned long']],
-    'Reserved' : [ 0x20, ['array', 8, ['unsigned long']]],
-} ],
-  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
-    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
-    'AsULONG' : [ 0x0, ['unsigned long']],
-} ],
-  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
-    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
-    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
-    'Size' : [ 0x2, ['unsigned short']],
-    'PredicateCount' : [ 0x4, ['unsigned short']],
-    'Reserved' : [ 0x6, ['unsigned short']],
-    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
-    'ProviderGuid' : [ 0x10, ['_GUID']],
-    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
-    'EachEventTableLength' : [ 0x22, ['unsigned short']],
-    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
-    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
-    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
-    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
-    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
-    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
-    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
-    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
-    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
-} ],
-  '_GDI_TEB_BATCH64' : [ 0x4e8, {
-    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
-    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'HDC' : [ 0x8, ['unsigned long long']],
-    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
-} ],
-  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
-    'Value' : [ 0x0, ['unsigned long long']],
-    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
-    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
-    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
-    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
-    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
-    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
-    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
-    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
-    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
-    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
-    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
-    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
-    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
-    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
-    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
-    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
-    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
-    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
-    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
-    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
-    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
-    'Spare' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '__unnamed_2805' : [ 0x4, {
-    'NodeSize' : [ 0x0, ['unsigned long']],
-    'UseLookaside' : [ 0x0, ['unsigned long']],
-} ],
-  '_VF_AVL_TREE' : [ 0x20, {
-    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
-    'NodeCount' : [ 0x8, ['unsigned long long']],
-    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
-    'TablesNo' : [ 0x18, ['unsigned long']],
-    'u1' : [ 0x1c, ['__unnamed_2805']],
-} ],
-  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
-    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
-    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
-    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
-    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
-    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
-    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
-    'FileAttributes' : [ 0x30, ['unsigned long']],
-} ],
-  '_POP_FX_ACCOUNTING' : [ 0x30, {
-    'Lock' : [ 0x0, ['unsigned long long']],
-    'Active' : [ 0x8, ['unsigned char']],
-    'DripsRequiredState' : [ 0xc, ['unsigned long']],
-    'Level' : [ 0x10, ['long']],
-    'ActiveStamp' : [ 0x18, ['long long']],
-    'CsActiveTime' : [ 0x20, ['unsigned long long']],
-    'CriticalActiveTime' : [ 0x28, ['long long']],
-} ],
-  '_MI_RESUME_WORKITEM' : [ 0x38, {
-    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
-    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
-} ],
-  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
-    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
-    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
-    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
-    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
-    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
-    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
-    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
-    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
-    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
-    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
-    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
-    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
-    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
-    'ValidBits' : [ 0x0, ['unsigned long long']],
-} ],
-  '_POP_TRIGGER_WAIT' : [ 0x38, {
-    'Event' : [ 0x0, ['_KEVENT']],
-    'Status' : [ 0x18, ['long']],
-    'Link' : [ 0x20, ['_LIST_ENTRY']],
-    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
-} ],
-  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
-    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
-    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
-    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
-    'AsUSHORT' : [ 0x0, ['unsigned short']],
-} ],
-  '_ISR_THUNK' : [ 0x8, {
-    'PushImm' : [ 0x0, ['unsigned char']],
-    'Vector' : [ 0x1, ['unsigned char']],
-    'PushRbp' : [ 0x2, ['unsigned char']],
-    'JmpOp' : [ 0x3, ['unsigned char']],
-    'JmpOffset' : [ 0x4, ['long']],
-} ],
-  '_TRIAGE_EX_WORK_QUEUE' : [ 0x2b0, {
-    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
-} ],
-  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
-    'TagIndex' : [ 0x0, ['unsigned short']],
-    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
-} ],
-  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
-    'Utility' : [ 0x0, ['unsigned short']],
-    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
-    'Frequency' : [ 0x4, ['unsigned char']],
-    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
-} ],
-  '_POP_FX_COMPONENT' : [ 0x100, {
-    'Id' : [ 0x0, ['_GUID']],
-    'Index' : [ 0x10, ['unsigned long']],
-    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
-    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
-    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
-    'Resident' : [ 0x60, ['long']],
-    'ActiveEvent' : [ 0x68, ['_KEVENT']],
-    'IdleLock' : [ 0x80, ['unsigned long long']],
-    'IdleConditionComplete' : [ 0x88, ['long']],
-    'IdleStateComplete' : [ 0x8c, ['long']],
-    'IdleStamp' : [ 0x90, ['unsigned long long']],
-    'CurrentIdleState' : [ 0x98, ['unsigned long']],
-    'IdleStateCount' : [ 0x9c, ['unsigned long']],
-    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
-    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
-    'ProviderCount' : [ 0xac, ['unsigned long']],
-    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
-    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
-    'DependentCount' : [ 0xbc, ['unsigned long']],
-    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
-    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
-    'Performance' : [ 0xf8, ['pointer64', ['_POP_FX_PERF_INFO']]],
-} ],
-  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
-    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
-    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '_POP_FX_DRIVER_CALLBACKS' : [ 0x38, {
-    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
-    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
-    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
-    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
-    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
-    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
-    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
-} ],
-  '_PROVIDER_BINARY_ENTRY' : [ 0x38, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'ConsumersNotified' : [ 0x10, ['unsigned char']],
-    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
-    'DebugIdSize' : [ 0x14, ['unsigned long']],
-    'DebugId' : [ 0x18, ['_CVDD']],
-} ],
-  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
-    'TimeAcquire' : [ 0x0, ['long long']],
-    'TimeRelease' : [ 0x8, ['long long']],
-    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
-    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
-    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
-    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
-    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
-    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
-    'AllocationFailures' : [ 0x8010, ['unsigned long']],
-    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
-    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
-    'NodesSearched' : [ 0x801c, ['unsigned long']],
-    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
-    'SequenceNumber' : [ 0x8024, ['unsigned long']],
-    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
-    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
-    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
-    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
-    'StackLimitHits' : [ 0x8038, ['unsigned long']],
-    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
-    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
-    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
-    'TotalReleases' : [ 0x8048, ['unsigned long']],
-    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
-    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
-    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
-    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
-    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
-    'ChildrenCountWatermark' : [ 0x8168, ['long']],
-    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: 'BugcheckStackLimits', 1: 'DPCStackLimits', 2: 'ExpandedStackLimits', 3: 'NormalStackLimits', 4: 'Win32kStackLimits', 5: 'SwapBusyStackLimits', 6: 'IsrStackLimits', 7: 'MaximumStackLimits'})]],
-    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
-    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
-} ],
-  '_KTM' : [ 0x3c0, {
-    'cookie' : [ 0x0, ['unsigned long']],
-    'Mutex' : [ 0x8, ['_KMUTANT']],
-    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
-    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
-    'TmIdentity' : [ 0x70, ['_GUID']],
-    'Flags' : [ 0x80, ['unsigned long']],
-    'VolatileFlags' : [ 0x84, ['unsigned long']],
-    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
-    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
-    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
-    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
-    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
-    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
-    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
-    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
-    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
-    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
-    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
-    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
-    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
-    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
-    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
-    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
-    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
-    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
-    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
-    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
-    'LogFlags' : [ 0x378, ['unsigned long']],
-    'LogFullStatus' : [ 0x37c, ['long']],
-    'RecoveryStatus' : [ 0x380, ['long']],
-    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
-    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
-    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
-} ],
-  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
-    'SystemCodePage' : [ 0x0, ['unsigned long']],
-    'SystemDriverPage' : [ 0x4, ['unsigned long']],
-    'TotalSystemCodePages' : [ 0x8, ['long']],
-    'TotalSystemDriverPages' : [ 0xc, ['long']],
-} ],
-  '_MI_MODWRITE_DATA' : [ 0x40, {
-    'PagesLoad' : [ 0x0, ['long long']],
-    'PagesAverage' : [ 0x8, ['unsigned long long']],
-    'AverageAvailablePages' : [ 0x10, ['unsigned long long']],
-    'PagesWritten' : [ 0x18, ['unsigned long long']],
-    'WritesIssued' : [ 0x20, ['unsigned long']],
-    'IgnoredReservationsCount' : [ 0x24, ['unsigned long']],
-    'FreedReservationsCount' : [ 0x28, ['unsigned long']],
-    'WriteBurstCount' : [ 0x2c, ['unsigned long']],
-    'IgnoreReservationsStartTime' : [ 0x30, ['unsigned long long']],
-    'ReservationClusterInfo' : [ 0x38, ['_MI_RESERVATION_CLUSTER_INFO']],
-    'IgnoreReservations' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'Spare' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
-    'Spare1' : [ 0x3e, ['unsigned short']],
-} ],
-  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
-    'CancelCount' : [ 0x0, ['unsigned long']],
-    'FailureCount' : [ 0x4, ['unsigned long']],
-    'SuccessCount' : [ 0x8, ['unsigned long']],
-    'MaxTime' : [ 0x10, ['unsigned long long']],
-    'MinTime' : [ 0x18, ['unsigned long long']],
-    'TotalTime' : [ 0x20, ['unsigned long long']],
-    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
-    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
-    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
-} ],
-  '_KTRANSACTION' : [ 0x2d8, {
-    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
-    'cookie' : [ 0x18, ['unsigned long']],
-    'Mutex' : [ 0x20, ['_KMUTANT']],
-    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
-    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
-    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
-    'UOW' : [ 0xb0, ['_GUID']],
-    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
-    'Flags' : [ 0xc4, ['unsigned long']],
-    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
-    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
-    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
-    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
-    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
-    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
-    'PendingResponses' : [ 0xec, ['unsigned long']],
-    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
-    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
-    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
-    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
-    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
-    'IsolationLevel' : [ 0x120, ['unsigned long']],
-    'IsolationFlags' : [ 0x124, ['unsigned long']],
-    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
-    'Description' : [ 0x130, ['_UNICODE_STRING']],
-    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
-    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
-    'RollbackDpc' : [ 0x168, ['_KDPC']],
-    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
-    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
-    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
-    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
-    'CommitReservation' : [ 0x208, ['long long']],
-    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
-    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
-    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
-    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
-    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
-    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
-    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
-    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
-} ],
-  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
-    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
-    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
-    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
-    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
-    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
-    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_CM_KCB_UOW' : [ 0x60, {
-    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
-    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
-    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
-    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
-    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
-    'UoWState' : [ 0x40, ['unsigned long']],
-    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
-    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
-    'ChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
-    'VolatileKeyCell' : [ 0x50, ['unsigned long']],
-    'OldValueCell' : [ 0x50, ['unsigned long']],
-    'NewValueCell' : [ 0x54, ['unsigned long']],
-    'UserFlags' : [ 0x50, ['unsigned long']],
-    'LastWriteTime' : [ 0x50, ['_LARGE_INTEGER']],
-    'TxSecurityCell' : [ 0x50, ['unsigned long']],
-    'OldChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
-    'NewChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
-    'OtherChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
-    'ThisVolatileKeyCell' : [ 0x58, ['unsigned long']],
-} ],
-  '_MMPTE_TRANSITION' : [ 0x8, {
-    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
-    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
-    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
-    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
-    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
-    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
-    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
-    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
-    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
-    'TotalTime' : [ 0x0, ['unsigned long long']],
-    'IdleTime' : [ 0x8, ['unsigned long long']],
-    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
-    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
-    'OverrideState' : [ 0x20, ['unsigned long']],
-    'TimeCheck' : [ 0x24, ['unsigned long']],
-    'PromotePercent' : [ 0x28, ['unsigned char']],
-    'DemotePercent' : [ 0x29, ['unsigned char']],
-    'Parked' : [ 0x2a, ['unsigned char']],
-    'Interruptible' : [ 0x2b, ['unsigned char']],
-    'PlatformIdle' : [ 0x2c, ['unsigned char']],
-    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
-} ],
-  '_KREQUEST_PACKET' : [ 0x20, {
-    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
-    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
-} ],
-  '_VF_WATCHDOG_IRP' : [ 0x20, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
-    'DueTickCount' : [ 0x18, ['unsigned long']],
-    'Inserted' : [ 0x1c, ['unsigned char']],
-    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
-    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
-} ],
-  '_MMVAD_FLAGS2' : [ 0x4, {
-    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
-    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
-    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
-    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
-    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
-    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
-    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
-    'Spare' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_flags' : [ 0x1, {
-    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
-    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
-    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
-} ],
-  '__unnamed_2880' : [ 0x8, {
-    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
-    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
-    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '__unnamed_2882' : [ 0x8, {
-    's1' : [ 0x0, ['__unnamed_2880']],
-    'Value' : [ 0x0, ['long long']],
-} ],
-  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
-    'u1' : [ 0x0, ['__unnamed_2882']],
-} ],
-  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
-    'Cell' : [ 0x0, ['unsigned long']],
-    'ConvKey' : [ 0x4, ['unsigned long']],
-    'List' : [ 0x8, ['_LIST_ENTRY']],
-    'DescriptorLength' : [ 0x18, ['unsigned long']],
-    'RealRefCount' : [ 0x1c, ['unsigned long']],
-    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
-} ],
-  '_CM_NAME_HASH' : [ 0x18, {
-    'ConvKey' : [ 0x0, ['unsigned long']],
-    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
-    'NameLength' : [ 0x10, ['unsigned short']],
-    'Name' : [ 0x12, ['array', 1, ['wchar']]],
-} ],
-  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
-    'TotalTime' : [ 0x0, ['unsigned long long']],
-    'MinTime' : [ 0x8, ['unsigned long long']],
-    'MaxTime' : [ 0x10, ['unsigned long long']],
-    'Count' : [ 0x18, ['unsigned long']],
-} ],
-  '_PO_IRP_QUEUE' : [ 0x10, {
-    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
-    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
-} ],
-  '_MMSECURE_FLAGS' : [ 0x4, {
-    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
-} ],
-  '__unnamed_2897' : [ 0x4, {
-    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
-    'Whole' : [ 0x0, ['unsigned long']],
-} ],
-  '_VI_DEADLOCK_NODE' : [ 0xd0, {
-    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
-    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
-    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
-    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
-    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
-    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
-    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
-    'u1' : [ 0x48, ['__unnamed_2897']],
-    'ChildrenCount' : [ 0x4c, ['long']],
-    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
-    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
-} ],
-  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
-    'TimeCheck' : [ 0x0, ['unsigned long']],
-    'DemotePercent' : [ 0x4, ['unsigned char']],
-    'PromotePercent' : [ 0x5, ['unsigned char']],
-    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
-} ],
-  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
-    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
-    'Mutex' : [ 0x68, ['_KMUTANT']],
-    'LinksOffset' : [ 0xa0, ['unsigned short']],
-    'GuidOffset' : [ 0xa2, ['unsigned short']],
-    'Expired' : [ 0xa4, ['unsigned char']],
-} ],
-  '_LPCP_PORT_QUEUE' : [ 0x20, {
-    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
-    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
-    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
-} ],
-  '_CM_KEY_REFERENCE' : [ 0x10, {
-    'KeyCell' : [ 0x0, ['unsigned long']],
-    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
-} ],
-  'SYSTEM_POWER_LEVEL' : [ 0x18, {
-    'Enable' : [ 0x0, ['unsigned char']],
-    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
-    'BatteryLevel' : [ 0x4, ['unsigned long']],
-    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
-    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
-} ],
-  '_HVIEW_MAP_ENTRY' : [ 0x20, {
-    'ViewStart' : [ 0x0, ['pointer64', ['void']]],
-    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Bcb' : [ 0x8, ['pointer64', ['void']]],
-    'PinnedPages' : [ 0x10, ['unsigned long long']],
-    'Size' : [ 0x18, ['unsigned long']],
-} ],
-  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
-    'Stream' : [ 0x0, ['pointer64', ['void']]],
-    'Detail' : [ 0x8, ['unsigned long']],
-} ],
-  '_POP_COOLING_EXTENSION' : [ 0x90, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'RequestListHead' : [ 0x10, ['_LIST_ENTRY']],
-    'Lock' : [ 0x20, ['_POP_RW_LOCK']],
-    'DeviceObject' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
-    'NotificationEntry' : [ 0x38, ['pointer64', ['void']]],
-    'Enabled' : [ 0x40, ['unsigned char']],
-    'ActiveEngaged' : [ 0x41, ['unsigned char']],
-    'ThrottleLimit' : [ 0x42, ['unsigned char']],
-    'UpdatingToCurrent' : [ 0x43, ['unsigned char']],
-    'RemovalFlushEvent' : [ 0x48, ['pointer64', ['_KEVENT']]],
-    'PnpFlushEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
-    'Interface' : [ 0x58, ['_THERMAL_COOLING_INTERFACE']],
-} ],
-  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
-    'FieldIndex' : [ 0x0, ['unsigned short']],
-    'CompareOp' : [ 0x2, ['unsigned short']],
-    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
-} ],
-  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
-    'Reserved1' : [ 0x0, ['unsigned short']],
-    'ExtType' : [ 0x2, ['unsigned short']],
-    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
-    'DataSize' : [ 0x6, ['unsigned short']],
-    'DataPtr' : [ 0x8, ['unsigned long long']],
-} ],
-  '_CM_INDEX' : [ 0x8, {
-    'Cell' : [ 0x0, ['unsigned long']],
-    'NameHint' : [ 0x4, ['array', 4, ['unsigned char']]],
-    'HashKey' : [ 0x4, ['unsigned long']],
-} ],
-  '_VF_ADDRESS_RANGE' : [ 0x10, {
-    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
-    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
-} ],
-  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
-    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
-    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
-    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
-    'Flags' : [ 0x1c, ['unsigned long']],
-} ],
-  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
-    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
-    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
-} ],
-  '_THERMAL_POLICY' : [ 0x18, {
-    'Version' : [ 0x0, ['unsigned long']],
-    'WaitForUpdate' : [ 0x4, ['unsigned char']],
-    'Hibernate' : [ 0x5, ['unsigned char']],
-    'Critical' : [ 0x6, ['unsigned char']],
-    'ThermalStandby' : [ 0x7, ['unsigned char']],
-    'ActivationReasons' : [ 0x8, ['unsigned long']],
-    'PassiveLimit' : [ 0xc, ['unsigned long']],
-    'ActiveLevel' : [ 0x10, ['unsigned long']],
-    'OverThrottled' : [ 0x14, ['unsigned char']],
-} ],
-  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
-    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
-    'Port' : [ 0x10, ['pointer64', ['void']]],
-    'Key' : [ 0x18, ['unsigned long long']],
-    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
-} ],
-  '_VF_TRACKER' : [ 0x10, {
-    'TrackerFlags' : [ 0x0, ['unsigned long']],
-    'TrackerSize' : [ 0x4, ['unsigned long']],
-    'TrackerIndex' : [ 0x8, ['unsigned long']],
-    'TraceDepth' : [ 0xc, ['unsigned long']],
-} ],
-  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
-    'SpinLock' : [ 0x0, ['unsigned long long']],
-    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
-} ],
-  '_RTL_UMS_CONTEXT' : [ 0x520, {
-    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-    'Context' : [ 0x10, ['_CONTEXT']],
-    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
-    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
-    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'Flags' : [ 0x4f0, ['long']],
-    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
-    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
-    'ContextLock' : [ 0x4f8, ['unsigned long long']],
-    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
-    'SwitchCount' : [ 0x508, ['unsigned long']],
-    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
-    'MixedYieldCount' : [ 0x510, ['unsigned long']],
-    'YieldCount' : [ 0x514, ['unsigned long']],
-} ],
-  '_ARBITER_ALTERNATIVE' : [ 0x40, {
-    'Minimum' : [ 0x0, ['unsigned long long']],
-    'Maximum' : [ 0x8, ['unsigned long long']],
-    'Length' : [ 0x10, ['unsigned long long']],
-    'Alignment' : [ 0x18, ['unsigned long long']],
-    'Priority' : [ 0x20, ['long']],
-    'Flags' : [ 0x24, ['unsigned long']],
-    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
-    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
-} ],
-  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x20, {
-    'Event' : [ 0x0, ['_KEVENT']],
-    'EventSets' : [ 0x18, ['unsigned long']],
-} ],
-  '_WHEA_ERROR_STATUS' : [ 0x8, {
-    'ErrorStatus' : [ 0x0, ['unsigned long long']],
-    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
-    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
-    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
-    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
-    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
-    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
-    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
-    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
-    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
-    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
-} ],
-  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
-    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
-    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
-    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
-    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
-    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
-    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
-} ],
-  '_COLORED_PAGE_INFO' : [ 0x18, {
-    'BeingZeroed' : [ 0x0, ['long']],
-    'Processor' : [ 0x4, ['unsigned long']],
-    'PagesQueued' : [ 0x8, ['unsigned long long']],
-    'PfnAllocation' : [ 0x10, ['pointer64', ['_MMPFN']]],
-} ],
-  '_TRIAGE_9F_POWER' : [ 0x20, {
-    'Signature' : [ 0x0, ['unsigned short']],
-    'Revision' : [ 0x2, ['unsigned short']],
-    'IrpList' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
-    'ThreadList' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
-    'DelayedWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
-} ],
-  '_MI_POOL_STATE' : [ 0xf8, {
-    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long long']],
-    'NonPagedPoolSListMaximum' : [ 0x8, ['array', 3, ['unsigned long']]],
-    'AllocatedNonPagedPool' : [ 0x18, ['unsigned long long']],
-    'BadPoolHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
-    'HighEventSets' : [ 0x28, ['unsigned long']],
-    'HighEventSetsValid' : [ 0x2c, ['unsigned char']],
-    'PoolFailures' : [ 0x30, ['array', 3, ['array', 3, ['unsigned long']]]],
-    'PoolFailureReasons' : [ 0x54, ['_MI_POOL_FAILURE_REASONS']],
-    'LowPagedPoolThreshold' : [ 0x80, ['unsigned long long']],
-    'HighPagedPoolThreshold' : [ 0x88, ['unsigned long long']],
-    'PagedPoolSListMaximum' : [ 0x90, ['unsigned long']],
-    'PreemptiveTrims' : [ 0x94, ['array', 4, ['unsigned long']]],
-    'SpecialPagesInUsePeak' : [ 0xa8, ['unsigned long long']],
-    'SpecialPoolRejected' : [ 0xb0, ['array', 9, ['unsigned long']]],
-    'SpecialPagesNonPaged' : [ 0xd8, ['unsigned long long']],
-    'SpecialPoolPdes' : [ 0xe0, ['long']],
-    'SessionSpecialPoolPdesMax' : [ 0xe4, ['unsigned long']],
-    'TotalPagedPoolQuota' : [ 0xe8, ['unsigned long long']],
-    'TotalNonPagedPoolQuota' : [ 0xf0, ['unsigned long long']],
-} ],
-  '_STACK_TABLE' : [ 0x8088, {
-    'NumStackTraces' : [ 0x0, ['unsigned short']],
-    'TraceCapacity' : [ 0x2, ['unsigned short']],
-    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
-    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
-} ],
-  '_POP_POWER_SETTING_VALUES' : [ 0x13c, {
-    'StructureSize' : [ 0x0, ['unsigned long']],
-    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
-    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
-    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
-    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
-    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
-    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
-    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
-    'DisableFastS4' : [ 0xfc, ['unsigned char']],
-    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
-    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
-    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
-    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
-    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
-    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
-    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
-    'AlsOffset' : [ 0x118, ['unsigned long']],
-    'AlsEnabled' : [ 0x11c, ['unsigned long']],
-    'EsBrightness' : [ 0x120, ['unsigned long']],
-    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
-    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
-    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
-    'OffloadedAudio' : [ 0x12d, ['unsigned char']],
-    'NonOffloadedAudio' : [ 0x12e, ['unsigned char']],
-    'FullscreenVideoPlayback' : [ 0x12f, ['unsigned char']],
-    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
-    'EsUserAwaySetting' : [ 0x134, ['unsigned char']],
-    'WiFiInStandby' : [ 0x138, ['unsigned long']],
-} ],
-  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
-    'Count' : [ 0x0, ['unsigned long']],
-    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
-} ],
-  '_TOKEN_CONTROL' : [ 0x28, {
-    'TokenId' : [ 0x0, ['_LUID']],
-    'AuthenticationId' : [ 0x8, ['_LUID']],
-    'ModifiedId' : [ 0x10, ['_LUID']],
-    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
-} ],
-  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
-    'P1Home' : [ 0x0, ['unsigned long long']],
-    'P2Home' : [ 0x8, ['unsigned long long']],
-    'P3Home' : [ 0x10, ['unsigned long long']],
-    'P4Home' : [ 0x18, ['unsigned long long']],
-    'StackTop' : [ 0x20, ['pointer64', ['void']]],
-    'StackSize' : [ 0x28, ['unsigned long long']],
-    'RspOffset' : [ 0x30, ['unsigned long long']],
-    'Rip' : [ 0x38, ['unsigned long long']],
-    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
-    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
-    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
-    'Flags' : [ 0x48, ['unsigned long long']],
-    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
-    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
-    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
-    'Return' : [ 0x68, ['unsigned long long']],
-} ],
-  '_DEFERRED_WRITE' : [ 0x48, {
-    'NodeTypeCode' : [ 0x0, ['short']],
-    'NodeByteSize' : [ 0x2, ['short']],
-    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
-    'BytesToWrite' : [ 0x10, ['unsigned long']],
-    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
-    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
-    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
-    'Context1' : [ 0x38, ['pointer64', ['void']]],
-    'Context2' : [ 0x40, ['pointer64', ['void']]],
-} ],
-  '__unnamed_2911' : [ 0x4, {
-    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
-    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '__unnamed_2913' : [ 0x4, {
-    'bits' : [ 0x0, ['__unnamed_2911']],
-    'AsULONG' : [ 0x0, ['unsigned long']],
-} ],
-  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
-    'u' : [ 0x0, ['__unnamed_2913']],
-} ],
-  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
-    'Wrap' : [ 0x0, ['unsigned long']],
-    'NoCharge' : [ 0x4, ['unsigned long']],
-} ],
-  '_MI_IO_PAGE_STATE' : [ 0x58, {
-    'IoPfnLock' : [ 0x0, ['unsigned long long']],
-    'IoPfnRoot' : [ 0x8, ['array', 3, ['_RTL_AVL_TREE']]],
-    'UnusedCachedMaps' : [ 0x20, ['_LIST_ENTRY']],
-    'OldestCacheFlushTimeStamp' : [ 0x30, ['unsigned long']],
-    'IoCacheStats' : [ 0x38, ['_MI_IO_CACHE_STATS']],
-} ],
-  '_ARBITER_ORDERING_LIST' : [ 0x10, {
-    'Count' : [ 0x0, ['unsigned short']],
-    'Maximum' : [ 0x2, ['unsigned short']],
-    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
-} ],
-  '_VF_AVL_TABLE' : [ 0xc0, {
-    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
-    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
-    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
-    'Lock' : [ 0x80, ['long']],
-} ],
-  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
-    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
-    'AsUCHAR' : [ 0x0, ['unsigned char']],
-} ],
-  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
-    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
-} ],
-  '_TRIAGE_POP_FX_DEVICE' : [ 0x38, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
-    'IrpData' : [ 0x18, ['pointer64', ['_TRIAGE_POP_IRP_DATA']]],
-    'Status' : [ 0x20, ['long']],
-    'PowerReqCall' : [ 0x24, ['long']],
-    'PowerNotReqCall' : [ 0x28, ['long']],
-    'DeviceNode' : [ 0x30, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
-} ],
-  '__unnamed_292f' : [ 0x10, {
-    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
-    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
-} ],
-  '__unnamed_2931' : [ 0x8, {
-    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
-} ],
-  '__unnamed_2937' : [ 0x10, {
-    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
-    'PageProtection' : [ 0x4, ['unsigned long']],
-    'OutputInformation' : [ 0x8, ['pointer64', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
-} ],
-  '__unnamed_293b' : [ 0x10, {
-    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
-    'SafeToRecurse' : [ 0x8, ['unsigned char']],
-} ],
-  '__unnamed_293d' : [ 0x28, {
-    'Argument1' : [ 0x0, ['pointer64', ['void']]],
-    'Argument2' : [ 0x8, ['pointer64', ['void']]],
-    'Argument3' : [ 0x10, ['pointer64', ['void']]],
-    'Argument4' : [ 0x18, ['pointer64', ['void']]],
-    'Argument5' : [ 0x20, ['pointer64', ['void']]],
-} ],
-  '_FS_FILTER_PARAMETERS' : [ 0x28, {
-    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_292f']],
-    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2931']],
-    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2937']],
-    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_293b']],
-    'Others' : [ 0x0, ['__unnamed_293d']],
-} ],
-  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
-    'Function' : [ 0x0, ['pointer64', ['void']]],
-    'FunctionValue' : [ 0x0, ['unsigned long long']],
-} ],
-  '_PPM_SELECTION_STATISTICS' : [ 0x78, {
-    'SelectedCount' : [ 0x0, ['unsigned long long']],
-    'VetoCount' : [ 0x8, ['unsigned long long']],
-    'PreVetoCount' : [ 0x10, ['unsigned long long']],
-    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
-    'LatencyCount' : [ 0x20, ['unsigned long long']],
-    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
-    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
-    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
-    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
-    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
-    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
-    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
-    'NoCStateCount' : [ 0x60, ['unsigned long long']],
-    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
-    'PreVetoAccounting' : [ 0x70, ['pointer64', ['_PPM_VETO_ACCOUNTING']]],
-} ],
-  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
-    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
-    'ServiceTag' : [ 0x8, ['unsigned long']],
-} ],
-  '_COMPRESSED_DATA_INFO' : [ 0xc, {
-    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
-    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
-    'ChunkShift' : [ 0x3, ['unsigned char']],
-    'ClusterShift' : [ 0x4, ['unsigned char']],
-    'Reserved' : [ 0x5, ['unsigned char']],
-    'NumberOfChunks' : [ 0x6, ['unsigned short']],
-    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
-} ],
-  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
-    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
-    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
-    'PagesCombined' : [ 0x10, ['unsigned long long']],
-    'CombineScanCount' : [ 0x18, ['unsigned long']],
-    'CombinedBlocksInUse' : [ 0x1c, ['long']],
-    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
-} ],
-  '_THERMAL_COOLING_INTERFACE' : [ 0x38, {
-    'Size' : [ 0x0, ['unsigned short']],
-    'Version' : [ 0x2, ['unsigned short']],
-    'Context' : [ 0x8, ['pointer64', ['void']]],
-    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
-    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
-    'Flags' : [ 0x20, ['unsigned long']],
-    'ActiveCooling' : [ 0x28, ['pointer64', ['void']]],
-    'PassiveCooling' : [ 0x30, ['pointer64', ['void']]],
-} ],
-  '_HIVE_WAIT_PACKET' : [ 0x28, {
-    'WakeEvent' : [ 0x0, ['_KEVENT']],
-    'Status' : [ 0x18, ['long']],
-    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
-} ],
-  '_PROC_PERF_CHECK' : [ 0xc0, {
-    'LastActive' : [ 0x0, ['unsigned long long']],
-    'LastTime' : [ 0x8, ['unsigned long long']],
-    'LastStall' : [ 0x10, ['unsigned long long']],
-    'Snap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
-    'TempSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
-    'TaggedThreadPercent' : [ 0xb8, ['array', 2, ['unsigned char']]],
-    'Class0FloorPerfSelection' : [ 0xba, ['unsigned char']],
-    'Class1MinimumPerfSelection' : [ 0xbb, ['unsigned char']],
-} ],
-  '__unnamed_2956' : [ 0x4, {
-    'PollInterval' : [ 0x0, ['unsigned long']],
-} ],
-  '__unnamed_2958' : [ 0x18, {
-    'PollInterval' : [ 0x0, ['unsigned long']],
-    'Vector' : [ 0x4, ['unsigned long']],
-    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
-    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
-    'ErrorThreshold' : [ 0x10, ['unsigned long']],
-    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
-} ],
-  '__unnamed_295a' : [ 0x18, {
-    'Polled' : [ 0x0, ['__unnamed_2956']],
-    'Interrupt' : [ 0x0, ['__unnamed_2958']],
-    'LocalInterrupt' : [ 0x0, ['__unnamed_2958']],
-    'Sci' : [ 0x0, ['__unnamed_2958']],
-    'Nmi' : [ 0x0, ['__unnamed_2958']],
-} ],
-  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
-    'Type' : [ 0x0, ['unsigned char']],
-    'Length' : [ 0x1, ['unsigned char']],
-    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
-    'u' : [ 0x4, ['__unnamed_295a']],
-} ],
-  '_POP_HIBER_CONTEXT' : [ 0x1d0, {
-    'Reset' : [ 0x0, ['unsigned char']],
-    'HiberFlags' : [ 0x1, ['unsigned char']],
-    'WroteHiberFile' : [ 0x2, ['unsigned char']],
-    'VerifyKernelPhaseOnResume' : [ 0x3, ['unsigned char']],
-    'KernelPhaseVerificationActive' : [ 0x4, ['unsigned char']],
-    'InitializationFinished' : [ 0x5, ['unsigned char']],
-    'NextTableLockHeld' : [ 0x8, ['long']],
-    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
-    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
-    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
-    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
-    'MapFrozen' : [ 0x1c, ['unsigned char']],
-    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
-    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
-    'BootPhaseMap' : [ 0x30, ['_RTL_BITMAP']],
-    'ClonedRanges' : [ 0x40, ['_LIST_ENTRY']],
-    'ClonedRangeCount' : [ 0x50, ['unsigned long']],
-    'ClonedPageCount' : [ 0x58, ['unsigned long long']],
-    'CurrentMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
-    'NextCloneRange' : [ 0x68, ['pointer64', ['_LIST_ENTRY']]],
-    'NextPreserve' : [ 0x70, ['unsigned long long']],
-    'LoaderMdl' : [ 0x78, ['pointer64', ['_MDL']]],
-    'AllocatedMdl' : [ 0x80, ['pointer64', ['_MDL']]],
-    'PagesOut' : [ 0x88, ['unsigned long long']],
-    'IoPages' : [ 0x90, ['pointer64', ['void']]],
-    'IoPagesCount' : [ 0x98, ['unsigned long']],
-    'CurrentMcb' : [ 0xa0, ['pointer64', ['void']]],
-    'DumpStack' : [ 0xa8, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
-    'WakeState' : [ 0xb0, ['pointer64', ['_KPROCESSOR_STATE']]],
-    'IoProgress' : [ 0xb8, ['unsigned long']],
-    'Status' : [ 0xbc, ['long']],
-    'GraphicsProc' : [ 0xc0, ['unsigned long']],
-    'MemoryImage' : [ 0xc8, ['pointer64', ['PO_MEMORY_IMAGE']]],
-    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
-    'BootLoaderLogMdl' : [ 0xd8, ['pointer64', ['_MDL']]],
-    'SiLogOffset' : [ 0xe0, ['unsigned long']],
-    'FirmwareRuntimeInformationMdl' : [ 0xe8, ['pointer64', ['_MDL']]],
-    'FirmwareRuntimeInformationVa' : [ 0xf0, ['pointer64', ['void']]],
-    'ResumeContext' : [ 0xf8, ['pointer64', ['void']]],
-    'ResumeContextPages' : [ 0x100, ['unsigned long']],
-    'SecurePages' : [ 0x104, ['unsigned long']],
-    'ProcessorCount' : [ 0x108, ['unsigned long']],
-    'ProcessorContext' : [ 0x110, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
-    'ProdConsBuffer' : [ 0x118, ['pointer64', ['unsigned char']]],
-    'ProdConsSize' : [ 0x120, ['unsigned long']],
-    'MaxDataPages' : [ 0x124, ['unsigned long']],
-    'ExtraBuffer' : [ 0x128, ['pointer64', ['void']]],
-    'ExtraBufferSize' : [ 0x130, ['unsigned long long']],
-    'ExtraMapVa' : [ 0x138, ['pointer64', ['void']]],
-    'BitlockerKeyPFN' : [ 0x140, ['unsigned long long']],
-    'IoInfo' : [ 0x148, ['_POP_IO_INFO']],
-    'IoChecksums' : [ 0x1b8, ['pointer64', ['unsigned short']]],
-    'IoChecksumsSize' : [ 0x1c0, ['unsigned long long']],
-    'HardwareConfigurationSignature' : [ 0x1c8, ['unsigned long']],
-    'IumEnabled' : [ 0x1cc, ['unsigned char']],
-} ],
-  '_OBJECT_REF_TRACE' : [ 0x80, {
-    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
-} ],
-  '_CVDD' : [ 0x1c, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'NB10' : [ 0x0, ['_NB10']],
-    'RsDs' : [ 0x0, ['_RSDS']],
-} ],
-  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
-    'Name' : [ 0x0, ['_UNICODE_STRING']],
-} ],
-  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
-    'Type' : [ 0x0, ['unsigned short']],
-    'Enabled' : [ 0x2, ['unsigned char']],
-    'Reserved' : [ 0x3, ['unsigned char']],
-    'BusNumber' : [ 0x4, ['unsigned long']],
-    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
-    'DeviceControl' : [ 0xc, ['unsigned short']],
-    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
-    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
-    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
-    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
-    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
-    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
-    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
-    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
-} ],
-  '_POP_FX_PERF_INFO' : [ 0xa0, {
-    'Component' : [ 0x0, ['pointer64', ['_POP_FX_COMPONENT']]],
-    'CompletedEvent' : [ 0x8, ['_KEVENT']],
-    'ComponentPerfState' : [ 0x20, ['pointer64', ['void']]],
-    'Flags' : [ 0x28, ['_POP_FX_PERF_FLAGS']],
-    'LastChange' : [ 0x30, ['pointer64', ['_PO_FX_PERF_STATE_CHANGE']]],
-    'LastChangeCount' : [ 0x38, ['unsigned long']],
-    'LastChangeStamp' : [ 0x40, ['unsigned long long']],
-    'LastChangeNominal' : [ 0x48, ['unsigned char']],
-    'PepRegistered' : [ 0x49, ['unsigned char']],
-    'QueryOnIdleStates' : [ 0x4a, ['unsigned char']],
-    'RequestDriverContext' : [ 0x50, ['pointer64', ['void']]],
-    'WorkOrder' : [ 0x58, ['_POP_FX_WORK_ORDER']],
-    'SetsCount' : [ 0x90, ['unsigned long']],
-    'Sets' : [ 0x98, ['pointer64', ['_POP_FX_PERF_SET']]],
-} ],
-  '_KDESCRIPTOR' : [ 0x10, {
-    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
-    'Limit' : [ 0x6, ['unsigned short']],
-    'Base' : [ 0x8, ['pointer64', ['void']]],
-} ],
-  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0x10, {
-    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
-    'MpnId' : [ 0x8, ['unsigned short']],
-    'Node' : [ 0xa, ['unsigned short']],
-    'Channel' : [ 0xc, ['unsigned short']],
-    'IsPowerManageable' : [ 0xe, ['unsigned char']],
-    'DeepPowerState' : [ 0xf, ['unsigned char']],
-} ],
-  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
-    'CounterMask' : [ 0x0, ['unsigned long long']],
-    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
-} ],
-  '_DUMP_STACK_CONTEXT' : [ 0x178, {
-    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
-    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
-    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
-    'PointersLength' : [ 0x118, ['unsigned long']],
-    'ModulePrefix' : [ 0x120, ['pointer64', ['unsigned short']]],
-    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
-    'InitMsg' : [ 0x138, ['_STRING']],
-    'ProgMsg' : [ 0x148, ['_STRING']],
-    'DoneMsg' : [ 0x158, ['_STRING']],
-    'FileObject' : [ 0x168, ['pointer64', ['void']]],
-    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
-} ],
-  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
-    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
-    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
-    'NumberOfLinks' : [ 0x10, ['unsigned long']],
-    'DeletePending' : [ 0x14, ['unsigned char']],
-    'Directory' : [ 0x15, ['unsigned char']],
-} ],
-  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
-    'Count' : [ 0x0, ['unsigned short']],
-    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
-} ],
-  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
-    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
-    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
-    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
-    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
-    'Code' : [ 0x20, ['unsigned long']],
-    'Parameter1' : [ 0x28, ['unsigned long long']],
-    'Parameter2' : [ 0x30, ['unsigned long long']],
-    'Parameter3' : [ 0x38, ['unsigned long long']],
-    'Parameter4' : [ 0x40, ['unsigned long long']],
-} ],
-  '_NB10' : [ 0x14, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'Offset' : [ 0x4, ['unsigned long']],
-    'TimeStamp' : [ 0x8, ['unsigned long']],
-    'Age' : [ 0xc, ['unsigned long']],
-    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
-} ],
-  '_PCW_MASK_INFORMATION' : [ 0x28, {
-    'CounterMask' : [ 0x0, ['unsigned long long']],
-    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
-    'InstanceId' : [ 0x10, ['unsigned long']],
-    'CollectMultiple' : [ 0x14, ['unsigned char']],
-    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
-    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
-} ],
-  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
-    'Revision' : [ 0x0, ['unsigned char']],
-    'Sbz1' : [ 0x1, ['unsigned char']],
-    'Control' : [ 0x2, ['unsigned short']],
-    'Owner' : [ 0x4, ['unsigned long']],
-    'Group' : [ 0x8, ['unsigned long']],
-    'Sacl' : [ 0xc, ['unsigned long']],
-    'Dacl' : [ 0x10, ['unsigned long']],
-} ],
-  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
-    'StructureSize' : [ 0x0, ['unsigned long']],
-    'SizeReturned' : [ 0x4, ['unsigned long']],
-    'Flags' : [ 0x8, ['unsigned long']],
-    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
-} ],
-  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x48, {
-    'ViewOffset' : [ 0x0, ['unsigned long']],
-    'Pinned' : [ 0x4, ['unsigned char']],
-    'PinMask' : [ 0x8, ['unsigned long long']],
-    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
-    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
-} ],
-  '__unnamed_299a' : [ 0x20, {
-    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
-    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
-    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
-    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
-    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
-    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
-    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
-} ],
-  '_ARBITER_PARAMETERS' : [ 0x20, {
-    'Parameters' : [ 0x0, ['__unnamed_299a']],
-} ],
-  '__unnamed_299e' : [ 0x8, {
-    'idxRecord' : [ 0x0, ['unsigned long']],
-    'cidContainer' : [ 0x4, ['unsigned long']],
-} ],
-  '_CLS_LSN' : [ 0x8, {
-    'offset' : [ 0x0, ['__unnamed_299e']],
-    'ullOffset' : [ 0x0, ['unsigned long long']],
-} ],
-  '_MI_SUBSECTION_WAIT_BLOCK' : [ 0x20, {
-    'Next' : [ 0x0, ['pointer64', ['_MI_SUBSECTION_WAIT_BLOCK']]],
-    'Gate' : [ 0x8, ['_KGATE']],
-} ],
-  'POWER_ACTION_POLICY' : [ 0xc, {
-    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
-    'Flags' : [ 0x4, ['unsigned long']],
-    'EventCode' : [ 0x8, ['unsigned long']],
-} ],
-  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
-    'Value' : [ 0x0, ['unsigned long']],
-    'Weight' : [ 0x0, ['unsigned short']],
-    'MinRate' : [ 0x0, ['unsigned short']],
-    'MaxRate' : [ 0x2, ['unsigned short']],
-    'AllFlags' : [ 0x4, ['unsigned long']],
-    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_RSDS' : [ 0x1c, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'Guid' : [ 0x4, ['_GUID']],
-    'Age' : [ 0x14, ['unsigned long']],
-    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
-} ],
-  'PO_MEMORY_IMAGE' : [ 0x3b0, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'ImageType' : [ 0x4, ['unsigned long']],
-    'CheckSum' : [ 0x8, ['unsigned long']],
-    'LengthSelf' : [ 0xc, ['unsigned long']],
-    'PageSelf' : [ 0x10, ['unsigned long long']],
-    'PageSize' : [ 0x18, ['unsigned long']],
-    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
-    'InterruptTime' : [ 0x28, ['unsigned long long']],
-    'FeatureFlags' : [ 0x30, ['unsigned long long']],
-    'HiberFlags' : [ 0x38, ['unsigned char']],
-    'spare' : [ 0x39, ['array', 3, ['unsigned char']]],
-    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
-    'HiberVa' : [ 0x40, ['unsigned long long']],
-    'NoFreePages' : [ 0x48, ['unsigned long']],
-    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
-    'WakeCheck' : [ 0x50, ['unsigned long']],
-    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
-    'FirstSecureRestorePage' : [ 0x60, ['unsigned long long']],
-    'FirstBootRestorePage' : [ 0x68, ['unsigned long long']],
-    'FirstKernelRestorePage' : [ 0x70, ['unsigned long long']],
-    'FirstChecksumRestorePage' : [ 0x78, ['unsigned long long']],
-    'NoChecksumEntries' : [ 0x80, ['unsigned long long']],
-    'PerfInfo' : [ 0x88, ['_PO_HIBER_PERF']],
-    'FirmwareRuntimeInformationPages' : [ 0x268, ['unsigned long']],
-    'FirmwareRuntimeInformation' : [ 0x270, ['array', 1, ['unsigned long long']]],
-    'SiLogOffset' : [ 0x278, ['unsigned long']],
-    'NoBootLoaderLogPages' : [ 0x27c, ['unsigned long']],
-    'BootLoaderLogPages' : [ 0x280, ['array', 24, ['unsigned long long']]],
-    'NotUsed' : [ 0x340, ['unsigned long']],
-    'ResumeContextCheck' : [ 0x344, ['unsigned long']],
-    'ResumeContextPages' : [ 0x348, ['unsigned long']],
-    'Hiberboot' : [ 0x34c, ['unsigned char']],
-    'HvCr3' : [ 0x350, ['unsigned long long']],
-    'HvEntryPoint' : [ 0x358, ['unsigned long long']],
-    'HvReservedTransitionAddress' : [ 0x360, ['unsigned long long']],
-    'HvReservedTransitionAddressSize' : [ 0x368, ['unsigned long long']],
-    'BootFlags' : [ 0x370, ['unsigned long long']],
-    'HalEntryPointPhysical' : [ 0x378, ['unsigned long long']],
-    'HighestPhysicalPage' : [ 0x380, ['unsigned long long']],
-    'BitlockerKeyPfns' : [ 0x388, ['array', 4, ['unsigned long long']]],
-    'HardwareSignature' : [ 0x3a8, ['unsigned long']],
-} ],
-  'BATTERY_REPORTING_SCALE' : [ 0x8, {
-    'Granularity' : [ 0x0, ['unsigned long']],
-    'Capacity' : [ 0x4, ['unsigned long']],
-} ],
-  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
-    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
-    'LowBoxID' : [ 0x10, ['unsigned long']],
-    'ReferenceCount' : [ 0x14, ['unsigned short']],
-    'Flags' : [ 0x16, ['unsigned short']],
-} ],
-  '_CURDIR' : [ 0x18, {
-    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
-    'Handle' : [ 0x10, ['pointer64', ['void']]],
-} ],
-  '_PO_HIBER_PERF' : [ 0x1e0, {
-    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
-    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
-    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
-    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
-    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
-    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
-    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
-    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
-    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
-    'POSTTime' : [ 0x48, ['unsigned long']],
-    'ResumeBootMgrTime' : [ 0x4c, ['unsigned long']],
-    'BootmgrUserInputTime' : [ 0x50, ['unsigned long']],
-    'ResumeAppTicks' : [ 0x58, ['unsigned long long']],
-    'ResumeAppStartTimestamp' : [ 0x60, ['unsigned long long']],
-    'ResumeLibraryInitTicks' : [ 0x68, ['unsigned long long']],
-    'ResumeInitTicks' : [ 0x70, ['unsigned long long']],
-    'ResumeRestoreImageStartTimestamp' : [ 0x78, ['unsigned long long']],
-    'ResumeHiberFileTicks' : [ 0x80, ['unsigned long long']],
-    'ResumeIoTicks' : [ 0x88, ['unsigned long long']],
-    'ResumeDecompressTicks' : [ 0x90, ['unsigned long long']],
-    'ResumeAllocateTicks' : [ 0x98, ['unsigned long long']],
-    'ResumeUserInOutTicks' : [ 0xa0, ['unsigned long long']],
-    'ResumeMapTicks' : [ 0xa8, ['unsigned long long']],
-    'ResumeUnmapTicks' : [ 0xb0, ['unsigned long long']],
-    'ResumeChecksumTicks' : [ 0xb8, ['unsigned long long']],
-    'ResumeChecksumIoTicks' : [ 0xc0, ['unsigned long long']],
-    'ResumeKernelSwitchTimestamp' : [ 0xc8, ['unsigned long long']],
-    'WriteLogDataTimestamp' : [ 0xd0, ['unsigned long long']],
-    'KernelReturnFromHandler' : [ 0xd8, ['unsigned long long']],
-    'TimeStampCounterAtSwitchTime' : [ 0xe0, ['unsigned long long']],
-    'HalTscOffset' : [ 0xe8, ['unsigned long long']],
-    'HvlTscOffset' : [ 0xf0, ['unsigned long long']],
-    'SleeperThreadEnd' : [ 0xf8, ['unsigned long long']],
-    'KernelReturnSystemPowerStateTimestamp' : [ 0x100, ['unsigned long long']],
-    'IoBoundedness' : [ 0x108, ['unsigned long long']],
-    'KernelDecompressTicks' : [ 0x110, ['unsigned long long']],
-    'KernelIoTicks' : [ 0x118, ['unsigned long long']],
-    'KernelCopyTicks' : [ 0x120, ['unsigned long long']],
-    'ReadCheckCount' : [ 0x128, ['unsigned long long']],
-    'KernelInitTicks' : [ 0x130, ['unsigned long long']],
-    'KernelResumeHiberFileTicks' : [ 0x138, ['unsigned long long']],
-    'KernelIoCpuTicks' : [ 0x140, ['unsigned long long']],
-    'KernelSharedBufferTicks' : [ 0x148, ['unsigned long long']],
-    'KernelAnimationTicks' : [ 0x150, ['unsigned long long']],
-    'KernelChecksumTicks' : [ 0x158, ['unsigned long long']],
-    'KernelChecksumIoTicks' : [ 0x160, ['unsigned long long']],
-    'AnimationStart' : [ 0x168, ['_LARGE_INTEGER']],
-    'AnimationStop' : [ 0x170, ['_LARGE_INTEGER']],
-    'DeviceResumeTime' : [ 0x178, ['unsigned long']],
-    'SecurePagesProcessed' : [ 0x180, ['unsigned long long']],
-    'BootPagesProcessed' : [ 0x188, ['unsigned long long']],
-    'KernelPagesProcessed' : [ 0x190, ['unsigned long long']],
-    'BootBytesWritten' : [ 0x198, ['unsigned long long']],
-    'KernelBytesWritten' : [ 0x1a0, ['unsigned long long']],
-    'BootPagesWritten' : [ 0x1a8, ['unsigned long long']],
-    'KernelPagesWritten' : [ 0x1b0, ['unsigned long long']],
-    'BytesWritten' : [ 0x1b8, ['unsigned long long']],
-    'PagesWritten' : [ 0x1c0, ['unsigned long']],
-    'FileRuns' : [ 0x1c4, ['unsigned long']],
-    'NoMultiStageResumeReason' : [ 0x1c8, ['unsigned long']],
-    'MaxHuffRatio' : [ 0x1cc, ['unsigned long']],
-    'AdjustedTotalResumeTime' : [ 0x1d0, ['unsigned long long']],
-    'ResumeCompleteTimestamp' : [ 0x1d8, ['unsigned long long']],
-} ],
-  '_MI_QUEUED_DEADSTACK_WORKITEM' : [ 0x28, {
-    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
-    'Active' : [ 0x20, ['long']],
-} ],
-  '_POP_FX_PROVIDER' : [ 0x8, {
-    'Index' : [ 0x0, ['unsigned long']],
-    'Activating' : [ 0x4, ['unsigned char']],
-} ],
-  '_RTL_BALANCED_LINKS' : [ 0x20, {
-    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
-    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
-    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
-    'Balance' : [ 0x18, ['unsigned char']],
-    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
-} ],
-  '_FREE_DISPLAY' : [ 0x18, {
-    'RealVectorSize' : [ 0x0, ['unsigned long']],
-    'Hint' : [ 0x4, ['unsigned long']],
-    'Display' : [ 0x8, ['_RTL_BITMAP']],
-} ],
-  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x38, {
-    'Page' : [ 0x0, ['array', 1, ['unsigned long long']]],
-    'InitialInPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
-    'PagingFile' : [ 0x10, ['pointer64', ['_MMPAGING_FILE']]],
-    'PageFileOffset' : [ 0x18, ['unsigned long long']],
-    'Node' : [ 0x20, ['_RTL_BALANCED_NODE']],
-} ],
-  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
-    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
-    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
-    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
-    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
-    'CopyTicks' : [ 0x20, ['unsigned long long']],
-    'CompressTicks' : [ 0x28, ['unsigned long long']],
-    'BytesCopied' : [ 0x30, ['unsigned long long']],
-    'PagesProcessed' : [ 0x38, ['unsigned long long']],
-    'DecompressTicks' : [ 0x40, ['unsigned long long']],
-    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
-    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
-    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
-    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
-    'CompressCount' : [ 0x78, ['unsigned long']],
-    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
-} ],
-  '_IO_REMOVE_LOCK' : [ 0x20, {
-    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
-} ],
-  '_MI_DYNAMIC_BITMAP' : [ 0x50, {
-    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
-    'MaximumSize' : [ 0x10, ['unsigned long long']],
-    'Hint' : [ 0x18, ['unsigned long long']],
-    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
-    'SizeTopDown' : [ 0x28, ['unsigned long long']],
-    'HintTopDown' : [ 0x30, ['unsigned long long']],
-    'BaseVaTopDown' : [ 0x38, ['pointer64', ['void']]],
-    'SpinLock' : [ 0x40, ['unsigned long long']],
-    'Vm' : [ 0x48, ['pointer64', ['_MMSUPPORT']]],
-} ],
-  '_POP_IO_INFO' : [ 0x70, {
-    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
-    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'IoReady', 1: 'IoPending', 2: 'IoDone'})]],
-    'IoStartCount' : [ 0x10, ['unsigned long long']],
-    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
-    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
-    'RequestSize' : [ 0x28, ['unsigned long long']],
-    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
-    'FileOffset' : [ 0x38, ['unsigned long long']],
-    'Buffer' : [ 0x40, ['pointer64', ['void']]],
-    'AsyncCapable' : [ 0x48, ['unsigned char']],
-    'BytesToRead' : [ 0x50, ['unsigned long long']],
-    'Pages' : [ 0x58, ['unsigned long']],
-    'HighestChecksumIndex' : [ 0x60, ['unsigned long long']],
-    'PreviousChecksum' : [ 0x68, ['unsigned short']],
-} ],
-  '_LDRP_CSLIST' : [ 0x8, {
-    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
-} ],
-  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
-    'Signature' : [ 0x0, ['unsigned short']],
-    'Flags' : [ 0x2, ['unsigned short']],
-    'Size' : [ 0x4, ['unsigned long']],
-    'Machine' : [ 0x8, ['unsigned short']],
-    'Characteristics' : [ 0xa, ['unsigned short']],
-    'TimeDateStamp' : [ 0xc, ['unsigned long']],
-    'CheckSum' : [ 0x10, ['unsigned long']],
-    'SizeOfImage' : [ 0x14, ['unsigned long']],
-    'ImageBase' : [ 0x18, ['unsigned long long']],
-} ],
-  '_POP_FX_PERF_SET' : [ 0x20, {
-    'PerfSet' : [ 0x0, ['pointer64', ['_PO_FX_COMPONENT_PERF_SET']]],
-    'CurrentPerf' : [ 0x8, ['unsigned long long']],
-    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
-    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
-} ],
-  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
-    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
-    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
-    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
-    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
-    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
-    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
-    'AsUSHORT' : [ 0x0, ['unsigned short']],
-} ],
-  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
-    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
-    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
-    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
-    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
-    'Type' : [ 0x0, ['unsigned short']],
-    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
-    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
-    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
-    'EntryCount' : [ 0x20, ['unsigned long']],
-    'ContentionCount' : [ 0x24, ['unsigned long']],
-    'Flags' : [ 0x28, ['unsigned long']],
-    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
-    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
-} ],
-  '__unnamed_29dd' : [ 0x8, {
-    'Gsiv' : [ 0x0, ['unsigned long']],
-    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '__unnamed_29df' : [ 0x10, {
-    'Address' : [ 0x0, ['_LARGE_INTEGER']],
-    'DataPayload' : [ 0x8, ['unsigned long']],
-} ],
-  '__unnamed_29e2' : [ 0x8, {
-    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
-} ],
-  '__unnamed_29e6' : [ 0x4, {
-    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'ApicDestinationModePhysical', 2: 'ApicDestinationModeLogicalFlat', 3: 'ApicDestinationModeLogicalClustered', 4: 'ApicDestinationModeUnknown'})]],
-} ],
-  '_INTERRUPT_VECTOR_DATA' : [ 0x58, {
-    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptTypeControllerInput', 1: 'InterruptTypeXapicMessage', 2: 'InterruptTypeHypertransport', 3: 'InterruptTypeMessageRequest'})]],
-    'Vector' : [ 0x4, ['unsigned long']],
-    'Irql' : [ 0x8, ['unsigned char']],
-    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
-    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
-    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
-    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
-    'ControllerInput' : [ 0x38, ['__unnamed_29dd']],
-    'HvDeviceId' : [ 0x40, ['unsigned long long']],
-    'XapicMessage' : [ 0x48, ['__unnamed_29df']],
-    'Hypertransport' : [ 0x48, ['__unnamed_29e2']],
-    'GenericMessage' : [ 0x48, ['__unnamed_29df']],
-    'MessageRequest' : [ 0x48, ['__unnamed_29e6']],
-} ],
-  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
-    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
-    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
-    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
-    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
-    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
-    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
-} ],
-  '_POP_FX_DEPENDENT' : [ 0x8, {
-    'Index' : [ 0x0, ['unsigned long']],
-    'ProviderIndex' : [ 0x4, ['unsigned long']],
-} ],
-  '__unnamed_29f4' : [ 0x10, {
-    'Count' : [ 0x0, ['unsigned long']],
-    'States' : [ 0x8, ['pointer64', ['_PO_FX_PERF_STATE']]],
-} ],
-  '__unnamed_29f6' : [ 0x10, {
-    'Minimum' : [ 0x0, ['unsigned long long']],
-    'Maximum' : [ 0x8, ['unsigned long long']],
-} ],
-  '_PO_FX_COMPONENT_PERF_SET' : [ 0x30, {
-    'Name' : [ 0x0, ['_UNICODE_STRING']],
-    'Flags' : [ 0x10, ['unsigned long long']],
-    'Unit' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateUnitOther', 1: 'PoFxPerfStateUnitFrequency', 2: 'PoFxPerfStateUnitBandwidth', 3: 'PoFxPerfStateUnitMaximum'})]],
-    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateTypeDiscrete', 1: 'PoFxPerfStateTypeRange', 2: 'PoFxPerfStateTypeMaximum'})]],
-    'Discrete' : [ 0x20, ['__unnamed_29f4']],
-    'Range' : [ 0x20, ['__unnamed_29f6']],
-} ],
-  '_XPF_MCE_FLAGS' : [ 0x4, {
-    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
-    'AsULONG' : [ 0x0, ['unsigned long']],
-} ],
-  '__unnamed_2a07' : [ 0x8, {
-    'Signature' : [ 0x0, ['unsigned long']],
-    'CheckSum' : [ 0x4, ['unsigned long']],
-} ],
-  '__unnamed_2a09' : [ 0x10, {
-    'DiskId' : [ 0x0, ['_GUID']],
-} ],
-  '__unnamed_2a0b' : [ 0x10, {
-    'Mbr' : [ 0x0, ['__unnamed_2a07']],
-    'Gpt' : [ 0x0, ['__unnamed_2a09']],
-} ],
-  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
-    'Length' : [ 0x0, ['unsigned long']],
-    'Reserved' : [ 0x4, ['unsigned long']],
-    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
-    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
-    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
-    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
-    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
-    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
-    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
-    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
-    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
-    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
-    'CrashDump' : [ 0x68, ['unsigned char']],
-    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
-    'HiberResume' : [ 0x6a, ['unsigned char']],
-    'Reserved1' : [ 0x6b, ['unsigned char']],
-    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
-    'CommonBufferSize' : [ 0x70, ['unsigned long']],
-    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
-    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
-    'PartitionStyle' : [ 0x88, ['unsigned long']],
-    'DiskInfo' : [ 0x8c, ['__unnamed_2a0b']],
-    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
-    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
-    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
-    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
-    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
-    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
-} ],
-  '_MI_IO_CACHE_STATS' : [ 0x20, {
-    'UnusedBlocks' : [ 0x0, ['unsigned long long']],
-    'ActiveCacheMatch' : [ 0x8, ['unsigned long']],
-    'ActiveCacheOverride' : [ 0xc, ['unsigned long']],
-    'UnmappedCacheFlush' : [ 0x10, ['unsigned long']],
-    'UnmappedCacheMatch' : [ 0x14, ['unsigned long']],
-    'UnmappedCacheConflict' : [ 0x18, ['unsigned long']],
-} ],
-  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
-    'Residency' : [ 0x0, ['unsigned long long']],
-    'TransitionCount' : [ 0x8, ['unsigned long long']],
-} ],
-  '_ETW_QUEUE_ENTRY' : [ 0x38, {
-    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
-    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
-    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
-    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
-    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
-    'RegIndex' : [ 0x30, ['unsigned short']],
-    'ReplyIndex' : [ 0x32, ['unsigned short']],
-    'Flags' : [ 0x34, ['unsigned long']],
-} ],
-  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
-    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
-    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
-    'EntireInfo' : [ 0x0, ['long']],
-} ],
-  '_TRIAGE_POP_IRP_DATA' : [ 0x20, {
-    'Link' : [ 0x0, ['_LIST_ENTRY']],
-    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
-    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
-} ],
-  '_KDPC_LIST' : [ 0x10, {
-    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
-} ],
-  '_CM_KEY_SECURITY' : [ 0x28, {
-    'Signature' : [ 0x0, ['unsigned short']],
-    'Reserved' : [ 0x2, ['unsigned short']],
-    'Flink' : [ 0x4, ['unsigned long']],
-    'Blink' : [ 0x8, ['unsigned long']],
-    'ReferenceCount' : [ 0xc, ['unsigned long']],
-    'DescriptorLength' : [ 0x10, ['unsigned long']],
-    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
-} ],
-  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x178, {
-    'Locked' : [ 0x0, ['unsigned char']],
-    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
-    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
-} ],
-  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
-    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
-    'PriorityTooLow' : [ 0x4, ['unsigned long']],
-    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
-    'PagedNoPtes' : [ 0xc, ['unsigned long']],
-    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
-    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
-    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
-    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
-    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
-    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
-    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
-} ],
-  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
-    'Removed' : [ 0x0, ['unsigned char']],
-    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
-    'IoCount' : [ 0x4, ['long']],
-    'RemoveEvent' : [ 0x8, ['_KEVENT']],
-} ],
-  '_POP_FX_IDLE_STATE' : [ 0x18, {
-    'TransitionLatency' : [ 0x0, ['unsigned long long']],
-    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
-    'NominalPower' : [ 0x10, ['unsigned long']],
-} ],
-  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
-    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
-    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
-    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
-    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
-    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
-    'AsUSHORT' : [ 0x0, ['unsigned short']],
-} ],
-  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
-    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
-    'Start' : [ 0x8, ['unsigned long long']],
-    'End' : [ 0x10, ['unsigned long long']],
-} ],
-  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
-    'DeviceCount' : [ 0x0, ['unsigned long']],
-    'ActiveCount' : [ 0x4, ['unsigned long']],
-    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
-    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
-    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
-    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
-} ],
-  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
-    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'EtwNotificationTypeNoReply', 2: 'EtwNotificationTypeLegacyEnable', 3: 'EtwNotificationTypeEnable', 4: 'EtwNotificationTypePrivateLogger', 5: 'EtwNotificationTypePerflib', 6: 'EtwNotificationTypeAudio', 7: 'EtwNotificationTypeSession', 8: 'EtwNotificationTypeReserved', 9: 'EtwNotificationTypeCredentialUI', 10: 'EtwNotificationTypeInProcSession', 11: 'EtwNotificationTypeMax'})]],
-    'NotificationSize' : [ 0x4, ['unsigned long']],
-    'RefCount' : [ 0x8, ['long']],
-    'ReplyRequested' : [ 0xc, ['unsigned char']],
-    'ReplyIndex' : [ 0x10, ['unsigned long']],
-    'Timeout' : [ 0x10, ['unsigned long']],
-    'ReplyCount' : [ 0x14, ['unsigned long']],
-    'NotifyeeCount' : [ 0x14, ['unsigned long']],
-    'ReplyHandle' : [ 0x18, ['unsigned long long']],
-    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
-    'RegIndex' : [ 0x18, ['unsigned long']],
-    'TargetPID' : [ 0x20, ['unsigned long']],
-    'SourcePID' : [ 0x24, ['unsigned long']],
-    'DestinationGuid' : [ 0x28, ['_GUID']],
-    'SourceGuid' : [ 0x38, ['_GUID']],
-} ],
-  '__unnamed_2a42' : [ 0x4, {
-    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
-    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
-    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
-    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
-    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
-    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
-    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
-    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
-    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '__unnamed_2a44' : [ 0x4, {
-    'bits' : [ 0x0, ['__unnamed_2a42']],
-    'AsULONG' : [ 0x0, ['unsigned long']],
-} ],
-  '__unnamed_2a47' : [ 0x4, {
-    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
-    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
-    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
-    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-} ],
-  '__unnamed_2a49' : [ 0x4, {
-    'bits' : [ 0x0, ['__unnamed_2a47']],
-    'AsULONG' : [ 0x0, ['unsigned long']],
-} ],
-  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
-    'LowPart' : [ 0x0, ['__unnamed_2a44']],
-    'HighPart' : [ 0x4, ['__unnamed_2a49']],
-} ],
-  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
-    'Size' : [ 0x0, ['unsigned short']],
-    'Version' : [ 0x2, ['unsigned short']],
-    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
-    'ContextSwitches' : [ 0x8, ['unsigned long']],
-    'HwCountersCount' : [ 0xc, ['unsigned long']],
-    'UpdateCount' : [ 0x10, ['unsigned long long']],
-    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
-    'HardwareCounters' : [ 0x20, ['unsigned long long']],
-    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
-    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
-} ],
-  '_ETW_REPLY_QUEUE' : [ 0x48, {
-    'Queue' : [ 0x0, ['_KQUEUE']],
-    'EventsLost' : [ 0x40, ['long']],
-} ],
-  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
-    'Time' : [ 0x0, ['unsigned long long']],
-    'Active' : [ 0x8, ['unsigned long long']],
-    'Stall' : [ 0x10, ['unsigned long long']],
-    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
-    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
-    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
-    'CyclesActive' : [ 0x30, ['unsigned long long']],
-    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
-    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
-} ],
-  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
-    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
-} ],
-  '__unnamed_2a57' : [ 0x4, {
-    'ReferenceCount' : [ 0x0, ['unsigned long']],
-    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
-} ],
-  '_MI_PER_SESSION_PROTOS' : [ 0x30, {
-    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
-    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
-    'DriverAddress' : [ 0x0, ['pointer64', ['void']]],
-    'SessionId' : [ 0x18, ['unsigned long']],
-    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
-    'SubsectionBase' : [ 0x20, ['pointer64', ['_MMPTE']]],
-    'u2' : [ 0x28, ['__unnamed_2a57']],
-} ],
-  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
-    'Set' : [ 0x0, ['unsigned long']],
-    'StateIndex' : [ 0x8, ['unsigned long']],
-    'StateValue' : [ 0x8, ['unsigned long long']],
-} ],
-  '__unnamed_2a5d' : [ 0x8, {
-    'MessageAddressLow' : [ 0x0, ['unsigned long']],
-    'MessageData' : [ 0x4, ['unsigned short']],
-    'Reserved' : [ 0x6, ['unsigned short']],
-} ],
-  '__unnamed_2a5f' : [ 0x8, {
-    'RemappedFormat' : [ 0x0, ['_ULARGE_INTEGER']],
-    'Msi' : [ 0x0, ['__unnamed_2a5d']],
-} ],
-  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
-    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
-    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
-    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
-    'u' : [ 0x8, ['__unnamed_2a5f']],
-} ],
-  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
-    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
-    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
-    'Flags' : [ 0x10, ['unsigned long']],
-} ],
-  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
-    'Length' : [ 0x0, ['unsigned short']],
-    'String' : [ 0x8, ['pointer64', ['unsigned short']]],
-} ],
-  '_ARBITER_ORDERING' : [ 0x10, {
-    'Start' : [ 0x0, ['unsigned long long']],
-    'End' : [ 0x8, ['unsigned long long']],
-} ],
-  '_RTL_AVL_TABLE' : [ 0x68, {
-    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
-    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
-    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
-    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
-    'DepthOfTree' : [ 0x30, ['unsigned long']],
-    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
-    'DeleteCount' : [ 0x40, ['unsigned long']],
-    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
-    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
-    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
-    'TableContext' : [ 0x60, ['pointer64', ['void']]],
-} ],
-  '_KTRANSACTION_HISTORY' : [ 0x8, {
-    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
-    'Payload' : [ 0x4, ['unsigned long']],
-} ],
-  '_PO_FX_PERF_STATE' : [ 0x10, {
-    'Value' : [ 0x0, ['unsigned long long']],
-    'Context' : [ 0x8, ['pointer64', ['void']]],
-} ],
-}

From 5089b9ac5b3f6def98d478642ebde1c099fbf851 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Thu, 8 Sep 2016 15:30:40 -0400
Subject: [PATCH 025/304] win10: add 14393 profile

---
 volatility/plugins/overlays/windows/win10.py  |    11 +-
 .../windows/win10_x64_DD08DD42_vtypes.py      | 13679 ++++++++++++++++
 2 files changed, 13689 insertions(+), 1 deletion(-)
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_DD08DD42_vtypes.py

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index aa033d3e6..ac21afe60 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -385,7 +385,7 @@ def modification(self, profile):
         metadata = profile.metadata
         build = metadata.get("build", 0)
 
-        if build == 10240:
+        if build >= 10240:
             header = _OBJECT_HEADER_10_1AC738FB
         else:
             header = _OBJECT_HEADER_10
@@ -448,6 +448,15 @@ class Win10x64_1AC738FB(obj.Profile):
     _md_build = 10240
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_1AC738FB_vtypes'
 
+class Win10x64_DD08DD42(obj.Profile):
+    """ A Profile for Windows 10 x64 from PDB DD08DD42"""
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 14393
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_DD08DD42_vtypes'
+
 class Win10x86(obj.Profile):
     """ A Profile for Windows 10 x86 """
     _md_memory_model = '32bit'
diff --git a/volatility/plugins/overlays/windows/win10_x64_DD08DD42_vtypes.py b/volatility/plugins/overlays/windows/win10_x64_DD08DD42_vtypes.py
new file mode 100644
index 000000000..f168265f2
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_DD08DD42_vtypes.py
@@ -0,0 +1,13679 @@
+ntkrnlmp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'Reserved8' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1080' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1080']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1098' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_109a' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_1098']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_109a']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['pointer64', ['void']]]],
+    'SystemReserved1' : [ 0x190, ['array', 37, ['pointer64', ['void']]]],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0x18, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_110a' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_110a']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x6a80, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x6900, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IdleState' : [ 0x23, ['unsigned char']],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'ProcessorState' : [ 0x40, ['_KPROCESSOR_STATE']],
+    'CpuType' : [ 0x5f0, ['unsigned char']],
+    'CpuID' : [ 0x5f1, ['unsigned char']],
+    'CpuStep' : [ 0x5f2, ['unsigned short']],
+    'CpuStepping' : [ 0x5f2, ['unsigned char']],
+    'CpuModel' : [ 0x5f3, ['unsigned char']],
+    'MHz' : [ 0x5f4, ['unsigned long']],
+    'HalReserved' : [ 0x5f8, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x638, ['unsigned short']],
+    'MajorVersion' : [ 0x63a, ['unsigned short']],
+    'BuildType' : [ 0x63c, ['unsigned char']],
+    'CpuVendor' : [ 0x63d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x63e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x63f, ['unsigned char']],
+    'ParentNode' : [ 0x640, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0x648, ['unsigned long long']],
+    'Group' : [ 0x650, ['unsigned char']],
+    'GroupIndex' : [ 0x651, ['unsigned char']],
+    'PrcbPad05' : [ 0x652, ['array', 2, ['unsigned char']]],
+    'InitialApicId' : [ 0x654, ['unsigned long']],
+    'ScbOffset' : [ 0x658, ['unsigned long']],
+    'ApicMask' : [ 0x65c, ['unsigned long']],
+    'AcpiReserved' : [ 0x660, ['pointer64', ['void']]],
+    'CFlushSize' : [ 0x668, ['unsigned long']],
+    'PrcbPad10' : [ 0x66c, ['unsigned long']],
+    'LockQueue' : [ 0x670, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x780, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x880, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0x1480, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x2080, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PrcbPad20' : [ 0x2c80, ['unsigned long long']],
+    'DeferredReadyListHead' : [ 0x2c88, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2c90, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2c94, ['long']],
+    'MmTransitionCount' : [ 0x2c98, ['long']],
+    'MmDemandZeroCount' : [ 0x2c9c, ['long']],
+    'MmPageReadCount' : [ 0x2ca0, ['long']],
+    'MmPageReadIoCount' : [ 0x2ca4, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x2ca8, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x2cac, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x2cb0, ['long']],
+    'MmMappedWriteIoCount' : [ 0x2cb4, ['long']],
+    'KeSystemCalls' : [ 0x2cb8, ['unsigned long']],
+    'KeContextSwitches' : [ 0x2cbc, ['unsigned long']],
+    'LdtSelector' : [ 0x2cc0, ['unsigned short']],
+    'PrcbPad40' : [ 0x2cc2, ['unsigned short']],
+    'CcFastReadNoWait' : [ 0x2cc4, ['unsigned long']],
+    'CcFastReadWait' : [ 0x2cc8, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x2ccc, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x2cd0, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x2cd4, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x2cd8, ['unsigned long']],
+    'IoReadOperationCount' : [ 0x2cdc, ['long']],
+    'IoWriteOperationCount' : [ 0x2ce0, ['long']],
+    'IoOtherOperationCount' : [ 0x2ce4, ['long']],
+    'IoReadTransferCount' : [ 0x2ce8, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x2cf0, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x2cf8, ['_LARGE_INTEGER']],
+    'PacketBarrier' : [ 0x2d00, ['long']],
+    'TargetCount' : [ 0x2d04, ['long']],
+    'IpiFrozen' : [ 0x2d08, ['unsigned long']],
+    'IsrDpcStats' : [ 0x2d10, ['pointer64', ['void']]],
+    'DeviceInterrupts' : [ 0x2d18, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x2d1c, ['long']],
+    'InterruptLastCount' : [ 0x2d20, ['unsigned long']],
+    'InterruptRate' : [ 0x2d24, ['unsigned long']],
+    'LastNonHrTimerExpiration' : [ 0x2d28, ['unsigned long long']],
+    'PrcbPad41' : [ 0x2d30, ['array', 20, ['unsigned long']]],
+    'DpcData' : [ 0x2d80, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2dd0, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2dd8, ['long']],
+    'DpcRequestRate' : [ 0x2ddc, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x2de0, ['unsigned long']],
+    'DpcLastCount' : [ 0x2de4, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x2de8, ['unsigned char']],
+    'QuantumEnd' : [ 0x2de9, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x2dea, ['unsigned char']],
+    'IdleSchedule' : [ 0x2deb, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x2dec, ['long']],
+    'DpcRequestSlot' : [ 0x2dec, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x2dec, ['short']],
+    'ThreadDpcState' : [ 0x2dee, ['short']],
+    'DpcNormalProcessingActive' : [ 0x2dec, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x2dec, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x2dec, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x2dec, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x2dec, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x2dec, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x2dec, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x2dec, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x2dec, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x2dec, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2df0, ['unsigned long']],
+    'LastTick' : [ 0x2df4, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2df8, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2dfc, ['unsigned long']],
+    'InterruptObject' : [ 0x2e00, ['array', 256, ['pointer64', ['void']]]],
+    'TimerTable' : [ 0x3600, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x5800, ['_KGATE']],
+    'PrcbPad52' : [ 0x5818, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x5820, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x5860, ['long']],
+    'PrcbPad60' : [ 0x5864, ['array', 2, ['unsigned char']]],
+    'NmiActive' : [ 0x5866, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x5868, ['long']],
+    'DpcWatchdogCount' : [ 0x586c, ['long']],
+    'KeSpinLockOrdering' : [ 0x5870, ['long']],
+    'PrcbPad70' : [ 0x5874, ['array', 1, ['unsigned long']]],
+    'CachedPtes' : [ 0x5878, ['pointer64', ['void']]],
+    'WaitListHead' : [ 0x5880, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x5890, ['unsigned long long']],
+    'ReadySummary' : [ 0x5898, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x589c, ['long']],
+    'QueueIndex' : [ 0x58a0, ['unsigned long']],
+    'PrcbPad75' : [ 0x58a4, ['array', 3, ['unsigned long']]],
+    'TimerExpirationDpc' : [ 0x58b0, ['_KDPC']],
+    'ScbQueue' : [ 0x58f0, ['_RTL_RB_TREE']],
+    'DispatcherReadyListHead' : [ 0x5900, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x5b00, ['unsigned long']],
+    'KernelTime' : [ 0x5b04, ['unsigned long']],
+    'UserTime' : [ 0x5b08, ['unsigned long']],
+    'DpcTime' : [ 0x5b0c, ['unsigned long']],
+    'InterruptTime' : [ 0x5b10, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x5b14, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x5b18, ['unsigned char']],
+    'GroupSchedulingOverQuota' : [ 0x5b19, ['unsigned char']],
+    'DeepSleep' : [ 0x5b1a, ['unsigned char']],
+    'PrcbPad80' : [ 0x5b1b, ['array', 5, ['unsigned char']]],
+    'DpcTimeCount' : [ 0x5b20, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x5b24, ['unsigned long']],
+    'PeriodicCount' : [ 0x5b28, ['unsigned long']],
+    'PeriodicBias' : [ 0x5b2c, ['unsigned long']],
+    'AvailableTime' : [ 0x5b30, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x5b34, ['unsigned long']],
+    'StartCycles' : [ 0x5b38, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x5b40, ['unsigned long long']],
+    'TaggedCycles' : [ 0x5b48, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x5b58, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x5b60, ['unsigned long long']],
+    'PrcbPad81' : [ 0x5b68, ['array', 29, ['unsigned long']]],
+    'MmSpinLockOrdering' : [ 0x5bdc, ['long']],
+    'PageColor' : [ 0x5be0, ['unsigned long']],
+    'NodeColor' : [ 0x5be4, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x5be8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x5bec, ['unsigned long']],
+    'PrcbPad83' : [ 0x5bf0, ['unsigned long']],
+    'CycleTime' : [ 0x5bf8, ['unsigned long long']],
+    'Cycles' : [ 0x5c00, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad84' : [ 0x5c40, ['array', 16, ['unsigned long']]],
+    'CcFastMdlReadNoWait' : [ 0x5c80, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x5c84, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x5c88, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x5c8c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x5c90, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x5c94, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x5c98, ['unsigned long']],
+    'CcPinReadWait' : [ 0x5c9c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x5ca0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x5ca4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x5ca8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x5cac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x5cb0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x5cb4, ['unsigned long']],
+    'CcDataPages' : [ 0x5cb8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x5cbc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x5cc0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x5cc4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x5cc8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x5ccc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x5cd0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x5cd4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x5cd8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x5cdc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x5ce0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x5ce4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x5ce8, ['long']],
+    'MmCacheReadCount' : [ 0x5cec, ['long']],
+    'MmCacheIoCount' : [ 0x5cf0, ['long']],
+    'PrcbPad91' : [ 0x5cf4, ['array', 3, ['unsigned long']]],
+    'PowerState' : [ 0x5d00, ['_PROCESSOR_POWER_STATE']],
+    'ScbList' : [ 0x5ed0, ['_LIST_ENTRY']],
+    'PrcbPad92' : [ 0x5ee0, ['array', 7, ['unsigned long']]],
+    'KeAlignmentFixupCount' : [ 0x5efc, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x5f00, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x5f40, ['_KTIMER']],
+    'Cache' : [ 0x5f80, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x5fbc, ['unsigned long']],
+    'CachedCommit' : [ 0x5fc0, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x5fc4, ['unsigned long']],
+    'HyperPte' : [ 0x5fc8, ['pointer64', ['void']]],
+    'WheaInfo' : [ 0x5fd0, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x5fd8, ['pointer64', ['void']]],
+    'InterruptObjectPool' : [ 0x5fe0, ['_SLIST_HEADER']],
+    'HypercallPageList' : [ 0x5ff0, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x6000, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x6008, ['pointer64', ['void']]],
+    'StatisticsPage' : [ 0x6010, ['pointer64', ['unsigned long long']]],
+    'PackageProcessorSet' : [ 0x6018, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x60c0, ['unsigned long long']],
+    'SharedReadyQueue' : [ 0x60c8, ['pointer64', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x60d0, ['unsigned long']],
+    'ScanSiblingIndex' : [ 0x60d4, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x60d8, ['unsigned long long']],
+    'ScanSiblingMask' : [ 0x60e0, ['unsigned long long']],
+    'LLCMask' : [ 0x60e8, ['unsigned long long']],
+    'CacheProcessorMask' : [ 0x60f0, ['array', 5, ['unsigned long long']]],
+    'ProcessorProfileControlArea' : [ 0x6118, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x6120, ['pointer64', ['void']]],
+    'PrcbPad94' : [ 0x6128, ['array', 11, ['unsigned long long']]],
+    'SynchCounters' : [ 0x6180, ['_SYNCH_COUNTERS']],
+    'PteBitCache' : [ 0x6238, ['unsigned long long']],
+    'PteBitOffset' : [ 0x6240, ['unsigned long']],
+    'FsCounters' : [ 0x6248, ['_FILESYSTEM_DISK_COUNTERS']],
+    'VendorString' : [ 0x6258, ['array', 13, ['unsigned char']]],
+    'PrcbPad100' : [ 0x6265, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x6268, ['unsigned long long']],
+    'PrcbPad110' : [ 0x6270, ['unsigned long']],
+    'UpdateSignature' : [ 0x6278, ['_LARGE_INTEGER']],
+    'Context' : [ 0x6280, ['pointer64', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x6288, ['unsigned long']],
+    'ExtendedState' : [ 0x6290, ['pointer64', ['_XSAVE_AREA']]],
+    'IsrStack' : [ 0x6298, ['pointer64', ['void']]],
+    'EntropyTimingState' : [ 0x62a0, ['_KENTROPY_TIMING_STATE']],
+    'AbSelfIoBoostsList' : [ 0x63f0, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x63f8, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x6400, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x6440, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x6494, ['_IOP_IRP_STACK_PROFILER']],
+    'LocalSharedReadyQueue' : [ 0x6500, ['_KSHARED_READY_QUEUE']],
+    'TimerExpirationTrace' : [ 0x6760, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x6860, ['unsigned long']],
+    'ExSaPageArray' : [ 0x6868, ['pointer64', ['void']]],
+    'Mailbox' : [ 0x6880, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestMailbox' : [ 0x68c0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KFLOATING_SAVE' : [ 0x4, {
+    'Dummy' : [ 0x0, ['unsigned long']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0x2d8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long']],
+    'Spare0' : [ 0x44, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x48, ['unsigned long long']],
+    'Affinity' : [ 0x50, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x110, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x1b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x1b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x1b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'DeepFreeze' : [ 0x1b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x1b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x1b8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SpareFlags0' : [ 0x1b8, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x1b8, ['BitField', dict(start_bit = 8, end_bit = 28, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x1b8, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x1b8, ['long']],
+    'BasePriority' : [ 0x1bc, ['unsigned char']],
+    'QuantumReset' : [ 0x1bd, ['unsigned char']],
+    'Visited' : [ 0x1be, ['unsigned char']],
+    'Flags' : [ 0x1bf, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x1c0, ['array', 20, ['unsigned long']]],
+    'IdealNode' : [ 0x210, ['array', 20, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x238, ['unsigned short']],
+    'Spare1' : [ 0x23a, ['unsigned short']],
+    'StackCount' : [ 0x23c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x240, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x250, ['unsigned long long']],
+    'ContextSwitches' : [ 0x258, ['unsigned long long']],
+    'SchedulingGroup' : [ 0x260, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'FreezeCount' : [ 0x268, ['unsigned long']],
+    'KernelTime' : [ 0x26c, ['unsigned long']],
+    'UserTime' : [ 0x270, ['unsigned long']],
+    'LdtFreeSelectorHint' : [ 0x274, ['unsigned short']],
+    'LdtTableLength' : [ 0x276, ['unsigned short']],
+    'LdtSystemDescriptor' : [ 0x278, ['_KGDTENTRY64']],
+    'LdtBaseAddress' : [ 0x288, ['pointer64', ['void']]],
+    'LdtProcessLock' : [ 0x290, ['_FAST_MUTEX']],
+    'InstrumentationCallback' : [ 0x2c8, ['pointer64', ['void']]],
+    'SecurePid' : [ 0x2d0, ['unsigned long long']],
+} ],
+  '_KTHREAD' : [ 0x5e0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'StackBase' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'CycleTime' : [ 0x48, ['unsigned long long']],
+    'CurrentRunTime' : [ 0x50, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
+    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
+    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x71, ['unsigned char']],
+    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x74, ['long']],
+    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlagsSpare0' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CommitFailTerminateRequest' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x78, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x78, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x78, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x78, ['long']],
+    'Tag' : [ 0x7c, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x7d, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x7f, ['unsigned char']],
+    'SystemCallNumber' : [ 0x80, ['unsigned long']],
+    'Spare10' : [ 0x84, ['unsigned long']],
+    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
+    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x98, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0xc3, ['unsigned char']],
+    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
+    'WaitStatus' : [ 0xc8, ['long long']],
+    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xf0, ['pointer64', ['void']]],
+    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
+    'Timer' : [ 0x100, ['_KTIMER']],
+    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
+    'ContextSwitches' : [ 0x154, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
+    'State' : [ 0x184, ['unsigned char']],
+    'Spare13' : [ 0x185, ['unsigned char']],
+    'WaitIrql' : [ 0x186, ['unsigned char']],
+    'WaitMode' : [ 0x187, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
+    'WaitTime' : [ 0x1b4, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1e4, ['short']],
+    'SpecialApcDisable' : [ 0x1e6, ['short']],
+    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
+    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
+    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
+    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
+    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
+    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
+    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'TebMappedLowVa' : [ 0x200, ['pointer64', ['void']]],
+    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x218, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x21c, ['long']],
+    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
+    'PreviousMode' : [ 0x232, ['unsigned char']],
+    'BasePriority' : [ 0x233, ['unsigned char']],
+    'PriorityDecrement' : [ 0x234, ['unsigned char']],
+    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x235, ['unsigned char']],
+    'AdjustReason' : [ 0x236, ['unsigned char']],
+    'AdjustIncrement' : [ 0x237, ['unsigned char']],
+    'AffinityVersion' : [ 0x238, ['unsigned long long']],
+    'Affinity' : [ 0x240, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x240, ['array', 10, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x24a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x24b, ['unsigned char']],
+    'IdealProcessor' : [ 0x24c, ['unsigned long']],
+    'NpxState' : [ 0x250, ['unsigned long long']],
+    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x283, ['unsigned char']],
+    'SuspendCount' : [ 0x284, ['unsigned char']],
+    'Saturation' : [ 0x285, ['unsigned char']],
+    'SListFaultCount' : [ 0x286, ['unsigned short']],
+    'SchedulerApc' : [ 0x288, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x289, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x28b, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x28c, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
+    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
+    'UserTime' : [ 0x2dc, ['unsigned long']],
+    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x318, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x319, ['unsigned char']],
+    'Spare20' : [ 0x31a, ['unsigned short']],
+    'SecureThreadCookie' : [ 0x31c, ['unsigned long']],
+    'LockEntries' : [ 0x320, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x568, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x570, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x580, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x584, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x588, ['long']],
+    'KeReferenceCount' : [ 0x58c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x58e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x58f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x590, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x598, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x598, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x5a0, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x5a8, ['long long']],
+    'WriteOperationCount' : [ 0x5b0, ['long long']],
+    'OtherOperationCount' : [ 0x5b8, ['long long']],
+    'ReadTransferCount' : [ 0x5c0, ['long long']],
+    'WriteTransferCount' : [ 0x5c8, ['long long']],
+    'OtherTransferCount' : [ 0x5d0, ['long long']],
+    'QueuedScb' : [ 0x5d8, ['pointer64', ['_KSCB']]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x30, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'ActualLimit' : [ 0x8, ['unsigned long long']],
+    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_1269' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'HeaderX64' : [ 0x0, ['__unnamed_1269']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x140, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long long']],
+    'IdleSmtSet' : [ 0x8, ['unsigned long long']],
+    'IdleCpuSet' : [ 0x10, ['unsigned long long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long long']],
+    'IdleConstrainedSet' : [ 0x48, ['unsigned long long']],
+    'NonParkedSet' : [ 0x50, ['unsigned long long']],
+    'ParkLock' : [ 0x58, ['long']],
+    'Seed' : [ 0x5c, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x88, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x88, ['array', 10, ['unsigned char']]],
+    'NodeNumber' : [ 0x92, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x94, ['unsigned short']],
+    'Stride' : [ 0x96, ['unsigned char']],
+    'Spare0' : [ 0x97, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x98, ['unsigned long long']],
+    'ProximityId' : [ 0xa0, ['unsigned long']],
+    'Lowest' : [ 0xa4, ['unsigned long']],
+    'Highest' : [ 0xa8, ['unsigned long']],
+    'MaximumProcessors' : [ 0xac, ['unsigned char']],
+    'Flags' : [ 0xad, ['_flags']],
+    'Spare10' : [ 0xae, ['unsigned char']],
+    'HeteroSets' : [ 0xb0, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+} ],
+  '_ENODE' : [ 0x840, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'ExWorkQueues' : [ 0x140, ['array', 8, ['pointer64', ['_EX_WORK_QUEUE']]]],
+    'ExWorkQueue' : [ 0x180, ['_EX_WORK_QUEUE']],
+    'IoWorkQueue' : [ 0x450, ['_EX_WORK_QUEUE']],
+    'ExpThreadSetManagerEvent' : [ 0x720, ['_KEVENT']],
+    'ExpDeadlockTimer' : [ 0x738, ['_KTIMER']],
+    'ExpThreadReaperEvent' : [ 0x778, ['_KEVENT']],
+    'WaitBlocks' : [ 0x790, ['array', 3, ['_KWAIT_BLOCK']]],
+    'ExpWorkerThreadBalanceManagerPtr' : [ 0x820, ['pointer64', ['_ETHREAD']]],
+    'ExpWorkerSeed' : [ 0x828, ['unsigned long']],
+    'ExWorkerFullInit' : [ 0x82c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerStructInit' : [ 0x82c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExWorkerFlags' : [ 0x82c, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long long']],
+    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x2c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
+    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'VolatileLowValue' : [ 0x0, ['long long']],
+    'LowValue' : [ 0x0, ['long long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x8, ['long long']],
+    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
+    'RefCountField' : [ 0x0, ['long long']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
+    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+    'Spare2' : [ 0xc, ['unsigned long']],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_135b' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_135b']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xe0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_EPROCESS' : [ 0x7b0, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x2d8, ['_EX_PUSH_LOCK']],
+    'RundownProtect' : [ 0x2e0, ['_EX_RUNDOWN_REF']],
+    'UniqueProcessId' : [ 0x2e8, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x2f0, ['_LIST_ENTRY']],
+    'Flags2' : [ 0x300, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x304, ['unsigned long']],
+    'CreateReported' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x304, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ControlFlowGuardEnabled' : [ 0x304, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x304, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x304, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x304, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0x304, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x304, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x304, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x304, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x304, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x304, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x304, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x304, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x304, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0x304, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x304, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x304, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x304, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x304, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0x304, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x304, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x304, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x304, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x304, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0x308, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x320, ['array', 2, ['unsigned long long']]],
+    'PeakVirtualSize' : [ 0x330, ['unsigned long long']],
+    'VirtualSize' : [ 0x338, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x340, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x350, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x350, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x350, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Token' : [ 0x358, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0x360, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x368, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x370, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x378, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x380, ['pointer64', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x388, ['pointer64', ['_EJOB']]],
+    'CloneRoot' : [ 0x390, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x398, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x3a0, ['unsigned long long']],
+    'Win32Process' : [ 0x3a8, ['pointer64', ['void']]],
+    'Job' : [ 0x3b0, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x3b8, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x3c0, ['pointer64', ['void']]],
+    'Cookie' : [ 0x3c8, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x3d0, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x3d8, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x3e0, ['pointer64', ['void']]],
+    'LdtInformation' : [ 0x3e8, ['pointer64', ['void']]],
+    'OwnerProcessId' : [ 0x3f0, ['unsigned long long']],
+    'Peb' : [ 0x3f8, ['pointer64', ['_PEB']]],
+    'Session' : [ 0x400, ['pointer64', ['_MM_SESSION_SPACE']]],
+    'AweInfo' : [ 0x408, ['pointer64', ['void']]],
+    'QuotaBlock' : [ 0x410, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x418, ['pointer64', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x420, ['pointer64', ['void']]],
+    'WoW64Process' : [ 0x428, ['pointer64', ['_EWOW64PROCESS']]],
+    'DeviceMap' : [ 0x430, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x438, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x440, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x448, ['pointer64', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x450, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x45f, ['unsigned char']],
+    'SecurityPort' : [ 0x460, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x468, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x470, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x480, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x488, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x498, ['unsigned long']],
+    'ImagePathHash' : [ 0x49c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x4a0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x4a4, ['long']],
+    'PrefetchTrace' : [ 0x4a8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x4b0, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x4b8, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x4c0, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x4c8, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x4d0, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x4d8, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x4e0, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x4e8, ['unsigned long long']],
+    'CommitCharge' : [ 0x4f0, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x4f8, ['unsigned long long']],
+    'Vm' : [ 0x500, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x608, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x618, ['unsigned long']],
+    'ExitStatus' : [ 0x61c, ['long']],
+    'VadRoot' : [ 0x620, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x628, ['pointer64', ['void']]],
+    'VadCount' : [ 0x630, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x638, ['unsigned long long']],
+    'VadPhysicalPagesLimit' : [ 0x640, ['unsigned long long']],
+    'AlpcContext' : [ 0x648, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x668, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x678, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x680, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x684, ['unsigned long']],
+    'ExitTime' : [ 0x688, ['_LARGE_INTEGER']],
+    'InvertedFunctionTable' : [ 0x690, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
+    'InvertedFunctionTableLock' : [ 0x698, ['_EX_PUSH_LOCK']],
+    'ActiveThreadsHighWatermark' : [ 0x6a0, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x6a4, ['unsigned long']],
+    'ThreadListLock' : [ 0x6a8, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x6b0, ['pointer64', ['void']]],
+    'Spare0' : [ 0x6b8, ['unsigned long long']],
+    'SignatureLevel' : [ 0x6c0, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x6c1, ['unsigned char']],
+    'Protection' : [ 0x6c2, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x6c3, ['unsigned char']],
+    'Flags3' : [ 0x6c4, ['unsigned long']],
+    'Minimal' : [ 0x6c4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x6c4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x6c4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x6c4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Crashed' : [ 0x6c4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x6c4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x6c4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x6c4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x6c4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6c4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'InPrivate' : [ 0x6c4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x6c4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x6c4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x6c4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x6c4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x6c4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x6c4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x6c4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x6c4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AutomaticallyOverrideChildProcessPolicy' : [ 0x6c4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x6c4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x6c4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x6c4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x6c8, ['long']],
+    'SvmData' : [ 0x6d0, ['pointer64', ['void']]],
+    'SvmProcessLock' : [ 0x6d8, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x6e0, ['unsigned long long']],
+    'SvmProcessDeviceListHead' : [ 0x6e8, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x6f8, ['unsigned long long']],
+    'DiskCounters' : [ 0x700, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x708, ['pointer64', ['void']]],
+    'TrustletIdentity' : [ 0x710, ['unsigned long long']],
+    'KeepAliveCounter' : [ 0x718, ['unsigned long']],
+    'NoWakeKeepAliveCounter' : [ 0x71c, ['unsigned long']],
+    'HighPriorityFaultsAllowed' : [ 0x720, ['unsigned long']],
+    'EnergyValues' : [ 0x728, ['pointer64', ['_PROCESS_ENERGY_VALUES']]],
+    'VmContext' : [ 0x730, ['pointer64', ['void']]],
+    'SequenceNumber' : [ 0x738, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x740, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x748, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x750, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x758, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x760, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x760, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x768, ['unsigned long long']],
+    'SharedCommitLock' : [ 0x770, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x778, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x788, ['unsigned long long']],
+    'DefaultCpuSets' : [ 0x790, ['unsigned long long']],
+    'AllowedCpuSetsIndirect' : [ 0x788, ['pointer64', ['unsigned long long']]],
+    'DefaultCpuSetsIndirect' : [ 0x790, ['pointer64', ['unsigned long long']]],
+    'DiskIoAttribution' : [ 0x798, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x7a0, ['unsigned long']],
+    'DxgProcess' : [ 0x7a8, ['pointer64', ['void']]],
+} ],
+  '_EWOW64PROCESS' : [ 0x10, {
+    'Peb' : [ 0x0, ['pointer64', ['void']]],
+    'Machine' : [ 0x8, ['unsigned short']],
+} ],
+  '_ETHREAD' : [ 0x7e0, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x5e0, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x5e8, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x5e8, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x5f8, ['pointer64', ['void']]],
+    'PostBlockList' : [ 0x600, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x600, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x608, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x610, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x610, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x610, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x618, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x620, ['_LIST_ENTRY']],
+    'Cid' : [ 0x630, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x640, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x640, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x660, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x668, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x678, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x680, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x688, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x690, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x698, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x6a8, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x6b0, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x6b8, ['unsigned long']],
+    'MmLockOrdering' : [ 0x6bc, ['long']],
+    'CrossThreadFlags' : [ 0x6c0, ['unsigned long']],
+    'Terminated' : [ 0x6c0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x6c0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x6c0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x6c0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x6c0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x6c0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x6c0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x6c0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x6c0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x6c0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x6c0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x6c0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x6c0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6c0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x6c0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x6c0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x6c0, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x6c4, ['unsigned long']],
+    'ActiveExWorker' : [ 0x6c4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x6c4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x6c4, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x6c4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x6c4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x6c4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x6c4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x6c4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x6c4, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x6c8, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x6c8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x6c8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x6c8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x6c8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x6c8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x6c8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x6c8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x6c8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x6c9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x6c9, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x6cc, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x6cd, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x6ce, ['unsigned char']],
+    'LockOrderState' : [ 0x6cf, ['unsigned char']],
+    'AlpcMessageId' : [ 0x6d0, ['unsigned long long']],
+    'AlpcMessage' : [ 0x6d8, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x6d8, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x6e0, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x6f0, ['long']],
+    'CacheManagerCount' : [ 0x6f4, ['unsigned long']],
+    'IoBoostCount' : [ 0x6f8, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x6fc, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x700, ['unsigned long']],
+    'BoostList' : [ 0x708, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x718, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x728, ['unsigned long long']],
+    'IrpListLock' : [ 0x730, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x738, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x740, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x748, ['pointer64', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x750, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x758, ['pointer64', ['void']]],
+    'KernelStackReference' : [ 0x760, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x768, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x770, ['pointer64', ['void']]],
+    'PropertySet' : [ 0x778, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x790, ['pointer64', ['void']]],
+    'UserFsBase' : [ 0x798, ['unsigned long long']],
+    'UserGsBase' : [ 0x7a0, ['unsigned long long']],
+    'EnergyValues' : [ 0x7a8, ['pointer64', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x7b0, ['pointer64', ['void']]],
+    'SelectedCpuSets' : [ 0x7b8, ['unsigned long long']],
+    'SelectedCpuSetsIndirect' : [ 0x7b8, ['pointer64', ['unsigned long long']]],
+    'Silo' : [ 0x7c0, ['pointer64', ['_EJOB']]],
+    'ThreadName' : [ 0x7c8, ['pointer64', ['_UNICODE_STRING']]],
+    'SetContextState' : [ 0x7d0, ['pointer64', ['_CONTEXT']]],
+    'ReadyTime' : [ 0x7d8, ['unsigned long']],
+} ],
+  '__unnamed_13c7' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13cd' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13cf' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13cd']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13d8' : [ 0x58, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13da' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_13d8']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_13c7']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_13cf']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_13da']],
+} ],
+  '__unnamed_13e1' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13e5' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13e9' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13eb' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13ef' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13f1' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_13f3' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13f5' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13f7' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13f9' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13fd' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsDataCopyInformation', 13: 'FileFsMetadataSizeInformation', 14: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13ff' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1401' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1403' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1405' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1407' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_140b' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_140f' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1413' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1417' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_141b' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_141f' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1423' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1425' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1427' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_142b' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_142f' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1433' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_1437' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_143b' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1443' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_1447' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1449' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_144b' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_144d' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_13e1']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13e5']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13e9']],
+    'Read' : [ 0x0, ['__unnamed_13eb']],
+    'Write' : [ 0x0, ['__unnamed_13eb']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13ef']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13f1']],
+    'QueryFile' : [ 0x0, ['__unnamed_13f3']],
+    'SetFile' : [ 0x0, ['__unnamed_13f5']],
+    'QueryEa' : [ 0x0, ['__unnamed_13f7']],
+    'SetEa' : [ 0x0, ['__unnamed_13f9']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13fd']],
+    'SetVolume' : [ 0x0, ['__unnamed_13fd']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13ff']],
+    'LockControl' : [ 0x0, ['__unnamed_1401']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1403']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1405']],
+    'SetSecurity' : [ 0x0, ['__unnamed_1407']],
+    'MountVolume' : [ 0x0, ['__unnamed_140b']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_140b']],
+    'Scsi' : [ 0x0, ['__unnamed_140f']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1413']],
+    'SetQuota' : [ 0x0, ['__unnamed_13f9']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1417']],
+    'QueryInterface' : [ 0x0, ['__unnamed_141b']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_141f']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1423']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1425']],
+    'SetLock' : [ 0x0, ['__unnamed_1427']],
+    'QueryId' : [ 0x0, ['__unnamed_142b']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_142f']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1433']],
+    'WaitWake' : [ 0x0, ['__unnamed_1437']],
+    'PowerSequence' : [ 0x0, ['__unnamed_143b']],
+    'Power' : [ 0x0, ['__unnamed_1443']],
+    'StartDevice' : [ 0x0, ['__unnamed_1447']],
+    'WMI' : [ 0x0, ['__unnamed_1449']],
+    'Others' : [ 0x0, ['__unnamed_144b']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_144d']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1463' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_1463']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x28, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x20, ['pointer64', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x5c8, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
+    'TotalProcesses' : [ 0xd4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
+    'LimitFlags' : [ 0x100, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
+    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
+    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
+    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
+    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
+    'SessionId' : [ 0x1e0, ['unsigned long']],
+    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
+    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
+    'JobTotalMemoryLimit' : [ 0x250, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x258, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x260, ['unsigned long long']],
+    'EffectiveAffinity' : [ 0x268, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x310, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x318, ['unsigned long long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x320, ['unsigned long long']],
+    'EffectiveProcessMemoryLimit' : [ 0x328, ['unsigned long long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x338, ['pointer64', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x340, ['pointer64', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x348, ['pointer64', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x350, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x354, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x358, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x35c, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x360, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x364, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x368, ['unsigned char']],
+    'PriorityClass' : [ 0x369, ['unsigned char']],
+    'NestingDepth' : [ 0x36a, ['unsigned char']],
+    'Reserved1' : [ 0x36b, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x36c, ['unsigned long']],
+    'WakeChannel' : [ 0x370, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x370, ['_PS_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x3a8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x3b0, ['unsigned long']],
+    'OwnedHighEdgeFilters' : [ 0x3b4, ['unsigned long']],
+    'NotificationLink' : [ 0x3b8, ['pointer64', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x3c0, ['unsigned long long']],
+    'NotificationInfo' : [ 0x3c8, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x3d0, ['pointer64', ['void']]],
+    'NotificationPacket' : [ 0x3d8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x3e0, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x3e8, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x3f0, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x3f8, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x400, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x410, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x420, ['pointer64', ['_EJOB']]],
+    'ParentSilo' : [ 0x428, ['pointer64', ['_EJOB']]],
+    'RootJob' : [ 0x430, ['pointer64', ['_EJOB']]],
+    'IteratorListHead' : [ 0x438, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x448, ['unsigned long long']],
+    'Ancestors' : [ 0x450, ['pointer64', ['pointer64', ['_EJOB']]]],
+    'SessionObject' : [ 0x450, ['pointer64', ['void']]],
+    'TimerListLock' : [ 0x458, ['unsigned long long']],
+    'TimerListHead' : [ 0x460, ['_LIST_ENTRY']],
+    'Accounting' : [ 0x470, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x4c8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x4cc, ['unsigned long']],
+    'SequenceNumber' : [ 0x4d0, ['unsigned long']],
+    'JobId' : [ 0x4d4, ['unsigned long']],
+    'ContainerId' : [ 0x4d8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x4e8, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x4f0, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x508, ['pointer64', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x510, ['pointer64', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x518, ['unsigned long']],
+    'CloseDone' : [ 0x518, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x518, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x518, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x518, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x518, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x518, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x518, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x518, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x518, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x518, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x518, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x518, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x518, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x518, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x518, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x518, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x518, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x518, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x518, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x518, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x518, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x518, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x518, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Spare' : [ 0x518, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EffectiveHighEdgeFilters' : [ 0x51c, ['unsigned long']],
+    'EnergyValues' : [ 0x520, ['pointer64', ['_PROCESS_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x528, ['unsigned long long']],
+    'WakeRoot' : [ 0x530, ['pointer64', ['_EJOB']]],
+    'DiskIoAttributionUserRefCount' : [ 0x538, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x53c, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x540, ['pointer64', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x540, ['pointer64', ['_EJOB']]],
+    'GlobalIoControl' : [ 0x548, ['_PS_IO_CONTROL_ENTRY']],
+    'VolumeIoControlLock' : [ 0x580, ['long']],
+    'VolumeIoControlTree' : [ 0x588, ['_RTL_RB_TREE']],
+    'IoControlLock' : [ 0x598, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x5a0, ['unsigned long long']],
+    'RundownWorkItem' : [ 0x5a8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x70, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x60, ['pointer64', ['void']]],
+    'UserContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'Oplock' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '_TlgProvider_t' : [ 0x40, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+    'AnnotationFunc' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_164d' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_164d']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0x10, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x8, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0xc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
+    'WaiterPriority' : [ 0x1b, ['unsigned char']],
+    'SharedWaiters' : [ 0x20, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x50, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer64', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0x18, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x20, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x28, ['unsigned long long']],
+    'NumberOfReferences' : [ 0x30, ['unsigned long long']],
+    'CloneHeader' : [ 0x38, ['pointer64', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x40, ['unsigned long long']],
+    'NestingLevel' : [ 0x48, ['unsigned long long']],
+} ],
+  '__unnamed_168d' : [ 0x8, {
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
+    'WsIndex' : [ 0x0, ['unsigned long long']],
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer64', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_1692' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_1694' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1696' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_1692']],
+    'e4' : [ 0x0, ['__unnamed_1694']],
+} ],
+  '__unnamed_16a2' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'Channel' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 50, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 52, native_type='unsigned long long')]],
+    'FileOnly' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_168d']],
+    'PteAddress' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x8, ['pointer64', ['void']]],
+    'PteLong' : [ 0x8, ['unsigned long long']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'u2' : [ 0x18, ['_MIPFNBLINK']],
+    'u3' : [ 0x20, ['__unnamed_1696']],
+    'NodeBlinkLow' : [ 0x24, ['unsigned short']],
+    'Unused' : [ 0x26, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'VaType' : [ 0x26, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ViewCount' : [ 0x27, ['unsigned char']],
+    'NodeFlinkLow' : [ 0x27, ['unsigned char']],
+    'u4' : [ 0x28, ['__unnamed_16a2']],
+} ],
+  '__unnamed_16aa' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_16aa']],
+} ],
+  '_MMWSL_SHARED' : [ 0x60, {
+    'FirstFree' : [ 0x0, ['unsigned long long']],
+    'FirstDynamic' : [ 0x8, ['unsigned long long']],
+    'LastEntry' : [ 0x10, ['unsigned long long']],
+    'LastInitializedWsle' : [ 0x18, ['unsigned long long']],
+    'WsleSize' : [ 0x20, ['unsigned long']],
+    'NonDirectCount' : [ 0x28, ['unsigned long long']],
+    'LowestPagableAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NonDirectHash' : [ 0x38, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x40, ['pointer64', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x48, ['pointer64', ['_MMWSLE_HASH']]],
+    'Wsle' : [ 0x50, ['pointer64', ['_MMWSLE']]],
+} ],
+  '__unnamed_16bd' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+} ],
+  '__unnamed_16c1' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x48, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_16bd']],
+    'u2' : [ 0x38, ['__unnamed_16c1']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_16c6' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_16c9' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS2']],
+} ],
+  '__unnamed_16d3' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 25, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_16d5' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_16d3']],
+} ],
+  '__unnamed_16d7' : [ 0x8, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SpareImage' : [ 0x0, ['unsigned long long']],
+} ],
+  '_CONTROL_AREA' : [ 0x80, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_16c6']],
+    'u1' : [ 0x3c, ['__unnamed_16c9']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_16d5']],
+    'FileObjectLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x70, ['unsigned long long']],
+    'u3' : [ 0x78, ['__unnamed_16d7']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x68, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'MiVaUnused', 1: 'MiVaSessionSpace', 2: 'MiVaProcessSpace', 3: 'MiVaBootLoaded', 4: 'MiVaPfnDatabase', 5: 'MiVaNonPagedPool', 6: 'MiVaPagedPool', 7: 'MiVaSpecialPoolPaged', 8: 'MiVaSystemCache', 9: 'MiVaSystemPtes', 10: 'MiVaHal', 11: 'MiVaSessionGlobalSpace', 12: 'MiVaDriverImages', 13: 'MiVaSpecialPoolNonPaged', 14: 'MiVaMaximumType', 15: 'MiVaSystemPtesLarge'})]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x30, ['unsigned long long']],
+    'GlobalPushLock' : [ 0x30, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'Vm' : [ 0x38, ['pointer64', ['_MMSUPPORT_INSTANCE']]],
+    'TotalSystemPtes' : [ 0x40, ['unsigned long long']],
+    'Hint' : [ 0x48, ['unsigned long long']],
+    'LowestBitEverAllocated' : [ 0x50, ['unsigned long long']],
+    'CachedPtes' : [ 0x58, ['pointer64', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x60, ['unsigned long long']],
+} ],
+  '__unnamed_16f1' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_16f4' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
+    'StartingVpn' : [ 0x18, ['unsigned long']],
+    'EndingVpn' : [ 0x1c, ['unsigned long']],
+    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
+    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
+    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
+    'SpareNT64VadUChar' : [ 0x23, ['unsigned char']],
+    'ReferenceCount' : [ 0x24, ['long']],
+    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x30, ['__unnamed_16f1']],
+    'u1' : [ 0x34, ['__unnamed_16f4']],
+    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HHIVE' : [ 0xa68, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x28, ['pointer64', ['void']]],
+    'FileRead' : [ 0x30, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x38, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x40, ['pointer64', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x48, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x58, ['unsigned long']],
+    'DirtyAlloc' : [ 0x5c, ['unsigned long']],
+    'UnreconciledVector' : [ 0x60, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x70, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x74, ['unsigned long']],
+    'Cluster' : [ 0x78, ['unsigned long']],
+    'Flat' : [ 0x7c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x7c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SystemCacheBacked' : [ 0x7c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x7c, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x7d, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x80, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x84, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x88, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x8c, ['unsigned long']],
+    'HiveFlags' : [ 0x90, ['unsigned long']],
+    'CurrentLog' : [ 0x94, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x98, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x9c, ['unsigned long']],
+    'CurrentLogOffset' : [ 0xa0, ['unsigned long']],
+    'MinimumLogSequence' : [ 0xa4, ['unsigned long']],
+    'LogFileSizeCap' : [ 0xa8, ['unsigned long']],
+    'LogDataPresent' : [ 0xac, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0xae, ['unsigned char']],
+    'BaseBlockDirty' : [ 0xaf, ['unsigned char']],
+    'LastLogSwapTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0xb8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0xb8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0xb8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0xb8, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0xba, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0xbc, ['unsigned long']],
+    'StorageTypeCount' : [ 0xc0, ['unsigned long']],
+    'Version' : [ 0xc4, ['unsigned long']],
+    'ViewMap' : [ 0xc8, ['_HVIEW_MAP']],
+    'Storage' : [ 0x578, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x128, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x18, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x20, ['unsigned long']],
+    'KcbPushlock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x30, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x30, ['long']],
+    'DelayedDeref' : [ 0x38, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x38, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x38, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x39, ['unsigned char']],
+    'LayerHeight' : [ 0x3a, ['short']],
+    'SlotHint' : [ 0x3c, ['unsigned long']],
+    'ParentKcb' : [ 0x40, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x48, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x50, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x58, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x68, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x68, ['unsigned long']],
+    'SubKeyCount' : [ 0x68, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x70, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x80, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xa8, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xaa, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xac, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Spare3' : [ 0xb4, ['unsigned long']],
+    'LayerInfo' : [ 0xb8, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0x120, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x120, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x68, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1762' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapForLoaderHive', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpMapHiveImage', 8: '_HvpRecoverData', 9: '_CmpValidateHiveSecurityDescriptors', 10: '_HvpEnlistBinInMap', 11: '_CmCheckRegistry', 12: '_CmRegistryIO', 13: '_CmCheckRegistry2', 14: '_CmpCheckKey', 15: '_CmpCheckValueList', 16: '_HvCheckHive', 17: '_HvCheckBin', 18: '_HvpGetLogEntryDirtyVector', 19: '_HvpReadLogEntryHeader', 20: '_HvpReadLogEntry', 21: '_CmpMountPreloadedHives', 22: '_CmpLoadHiveThread'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1765' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1767' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1769' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_176b' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_176f' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_1773' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_1775' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'RecoverableIndex' : [ 0xc, ['unsigned long']],
+    'Locations' : [ 0x10, ['array', 8, ['__unnamed_1762']]],
+    'RecoverableLocations' : [ 0x70, ['array', 8, ['__unnamed_1762']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_1765']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_1767']],
+    'CheckKey' : [ 0xf0, ['__unnamed_1769']],
+    'CheckValueList' : [ 0x110, ['__unnamed_176b']],
+    'CheckHive' : [ 0x128, ['__unnamed_176f']],
+    'CheckHive1' : [ 0x138, ['__unnamed_176f']],
+    'CheckBin' : [ 0x148, ['__unnamed_1773']],
+    'RecoverData' : [ 0x158, ['__unnamed_1775']],
+} ],
+  '_CM_KCB_UOW' : [ 0x78, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ParentUoW' : [ 0x50, ['pointer64', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x58, ['unsigned long']],
+    'OldValueCell' : [ 0x58, ['unsigned long']],
+    'NewValueCell' : [ 0x5c, ['unsigned long']],
+    'UserFlags' : [ 0x58, ['unsigned long']],
+    'LastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x58, ['unsigned long']],
+    'OldChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x60, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x60, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x68, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x68, ['pointer64', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x70, ['pointer64', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x70, ['pointer64', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0xb0, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x30, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x30, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x30, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x30, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x30, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x30, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x30, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x30, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x30, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x30, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x30, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x30, ['unsigned long']],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x40, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x48, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x50, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x58, ['_GUID']],
+    'StartLsn' : [ 0x68, ['unsigned long long']],
+    'HiveCount' : [ 0x70, ['unsigned long']],
+    'HiveArray' : [ 0x78, ['array', 7, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0xc, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 36, ['unsigned long']]],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 37, ['unsigned long long']]],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x260, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ReadySummary' : [ 0x8, ['unsigned long']],
+    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
+    'Span' : [ 0x250, ['unsigned char']],
+    'LowProcIndex' : [ 0x251, ['unsigned char']],
+    'QueueIndex' : [ 0x252, ['unsigned char']],
+    'ProcCount' : [ 0x253, ['unsigned char']],
+    'ScanOwner' : [ 0x254, ['unsigned char']],
+    'Spare' : [ 0x255, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x258, ['unsigned long long']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'Spare1' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
+    'OutputLength' : [ 0xe0, ['unsigned long long']],
+    'Spare2' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'TimeStampCKCL' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'TimeStampKlog' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'Fill4' : [ 0x18c, ['unsigned long']],
+} ],
+  '__unnamed_18a0' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_18a2' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_18a6' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x2d0, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x58, ['long']],
+    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
+    'FxActivationCount' : [ 0x78, ['long']],
+    'FxSleepCount' : [ 0x7c, ['long']],
+    'Plugin' : [ 0x80, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x88, ['unsigned long']],
+    'CurrentPowerState' : [ 0x8c, ['_POWER_STATE']],
+    'Notify' : [ 0x90, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xf8, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0x118, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0x128, ['unsigned long']],
+    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x134, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
+    'CompletionStatus' : [ 0x188, ['long']],
+    'Flags' : [ 0x18c, ['unsigned long']],
+    'UserFlags' : [ 0x190, ['unsigned long']],
+    'Problem' : [ 0x194, ['unsigned long']],
+    'ProblemStatus' : [ 0x198, ['long']],
+    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x1c4, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
+    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
+    'OverUsed1' : [ 0x210, ['__unnamed_18a0']],
+    'OverUsed2' : [ 0x218, ['__unnamed_18a2']],
+    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x230, ['unsigned long']],
+    'DockInfo' : [ 0x238, ['__unnamed_18a6']],
+    'DisableableDepends' : [ 0x258, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
+    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x290, ['long']],
+    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
+    'ContainerID' : [ 0x298, ['_GUID']],
+    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x2c0, ['unsigned long']],
+    'RebalanceContext' : [ 0x2c8, ['pointer64', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
+    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x68, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
+    'InterruptContext' : [ 0x58, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KAFFINITY_EX' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_19a9' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_19a9']],
+} ],
+  '__unnamed_19b0' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_19b0']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x18, ['pointer64', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PullDefault', 1: 'PullUp', 2: 'PullDown', 3: 'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'IoRestrictionNone', 1: 'IoRestrictionInputOnly', 2: 'IoRestrictionOutputOnly', 3: 'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x20, ['pointer64', ['unsigned short']]],
+    'PinCount' : [ 0x28, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x2a, ['unsigned char']],
+    'ResourceSourceName' : [ 0x30, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x40, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x30, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'SlaveAddress' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x28, ['unsigned long']],
+    'RxBufferSize' : [ 0x2c, ['unsigned short']],
+    'TxBufferSize' : [ 0x2e, ['unsigned short']],
+    'Parity' : [ 0x30, ['unsigned char']],
+    'LinesInUse' : [ 0x31, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'DataBitLength' : [ 0x2c, ['unsigned char']],
+    'Phase' : [ 0x2d, ['unsigned char']],
+    'Polarity' : [ 0x2e, ['unsigned char']],
+    'DeviceSelection' : [ 0x30, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x1c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x18, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x20, ['pointer64', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x28, ['pointer64', ['void']]],
+    'Accounting' : [ 0x30, ['pointer64', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0xb30, {
+    'Name' : [ 0x0, ['pointer64', ['wchar']]],
+    'Id' : [ 0x8, ['unsigned char']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Priority' : [ 0x20, ['unsigned char']],
+    'Settings' : [ 0x28, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0xb08, ['unsigned long long']],
+    'Count' : [ 0xb10, ['unsigned long long']],
+    'MaxDuration' : [ 0xb18, ['unsigned long long']],
+    'MinDuration' : [ 0xb20, ['unsigned long long']],
+    'TotalDuration' : [ 0xb28, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0x570, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfBoostPolicy' : [ 0x2c, ['unsigned long']],
+    'PerfBoostMode' : [ 0x30, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x34, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x38, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x3c, ['unsigned long']],
+    'AutonomousPreference' : [ 0x40, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x41, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x43, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x45, ['unsigned char']],
+    'ParkingPerfState' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x48, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x49, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x4a, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x4b, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x4c, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x4d, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x4e, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x50, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x54, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x58, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x5a, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x5c, ['unsigned char']],
+    'IdleDisabled' : [ 0x5d, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x60, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x64, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x65, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x66, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x67, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x68, ['array', 640, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x2e8, ['array', 640, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0x568, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0x569, ['unsigned char']],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x430, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x2e0, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x300, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x350, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x358, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x360, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x368, ['pointer64', ['void']]],
+    'HardErrorState' : [ 0x370, ['unsigned long']],
+    'WnfSiloState' : [ 0x378, ['_WNF_SILODRIVERSTATE']],
+    'ApiSetSection' : [ 0x3b0, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x3b8, ['pointer64', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x3c0, ['unsigned char']],
+    'SiloRootDirectoryName' : [ 0x3c8, ['_UNICODE_STRING']],
+    'Storage' : [ 0x3d8, ['pointer64', ['_PSP_STORAGE']]],
+    'State' : [ 0x3e0, ['Enumeration', dict(target = 'long', choices = {0: 'SERVERSILO_INITING', 1: 'SERVERSILO_STARTED', 2: 'SERVERSILO_SHUTTING_DOWN', 3: 'SERVERSILO_TERMINATING', 4: 'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x3e4, ['long']],
+    'DeleteEvent' : [ 0x3e8, ['pointer64', ['_KEVENT']]],
+    'UserSharedData' : [ 0x3f0, ['_SILO_USER_SHARED_DATA']],
+    'TerminateWorkItem' : [ 0x410, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0xd0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x20, ['unsigned long long']],
+    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0xc0, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x210, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
+    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
+    'Event' : [ 0x158, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
+    'WritesInProgress' : [ 0x204, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x208, ['unsigned long']],
+} ],
+  '__unnamed_1aa8' : [ 0x10, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_1aa8']],
+    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '__unnamed_1acc' : [ 0x10, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1ace' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1ad0' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_1ad2' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1ad4' : [ 0x30, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_1ad8' : [ 0x68, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'PrefetchList' : [ 0x20, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x28, ['unsigned long']],
+    'Mdl' : [ 0x30, ['pointer64', ['_MDL']]],
+    'IoStatusBlock' : [ 0x38, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x40, ['pointer64', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x48, ['pointer64', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x50, ['pointer64', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x58, ['pointer64', ['void']]],
+    'RequestorMode' : [ 0x60, ['unsigned char']],
+    'NestingLevel' : [ 0x64, ['unsigned long']],
+} ],
+  '__unnamed_1ada' : [ 0x68, {
+    'Read' : [ 0x0, ['__unnamed_1acc']],
+    'Write' : [ 0x0, ['__unnamed_1ace']],
+    'Event' : [ 0x0, ['__unnamed_1ad0']],
+    'Notification' : [ 0x0, ['__unnamed_1ad2']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1ad4']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1ad8']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x80, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_1ada']],
+    'Function' : [ 0x78, ['unsigned char']],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
+    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x90, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x2a0, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x90, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
+    'Signature' : [ 0x98, ['unsigned long']],
+    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
+    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
+    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x100, ['unsigned long long']],
+    'AlignMask' : [ 0x108, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
+    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
+    'StackTraceInitVar' : [ 0x170, ['_RTL_RUN_ONCE']],
+    'FrontEndHeap' : [ 0x178, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x180, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x182, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0x183, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0x188, ['pointer64', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0x190, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0x192, ['array', 129, ['unsigned char']]],
+    'Counters' : [ 0x218, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x290, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1b49' : [ 0x68, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x68, {
+    'Lock' : [ 0x0, ['__unnamed_1b49']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1b9c' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1b9e' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b9c']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1ba0' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1ba2' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1ba0']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_1b9e']],
+    'u2' : [ 0x4, ['__unnamed_1ba2']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x30, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_1bbd' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1bbf' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1bbd']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x30, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_1bbf']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1bd1' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bd3' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bd1']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_1bd3']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1bdc' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bde' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bdc']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_1bde']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1be4' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_1be6' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1be4']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_1be6']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1c04' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c06' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c04']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1d8, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0xd0, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0xe8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xf8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xf8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0x100, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0x148, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x150, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0x168, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0x170, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x178, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x180, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x190, ['long']],
+    'ReferenceNo' : [ 0x194, ['long']],
+    'ReferenceNoWait' : [ 0x198, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0x1a0, ['__unnamed_1c06']],
+    'TargetQueuePort' : [ 0x1a8, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x1b0, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x1b8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x1c0, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x1c4, ['unsigned long']],
+    'PendingQueueLength' : [ 0x1c8, ['unsigned long']],
+    'DirectQueueLength' : [ 0x1cc, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x1d0, ['unsigned long']],
+    'WaitQueueLength' : [ 0x1d4, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x28, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x48, ['unsigned long long']],
+    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x58, ['pointer64', ['void']]],
+    'ListSize' : [ 0x60, ['unsigned long long']],
+    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x70, ['unsigned long long']],
+    'Data' : [ 0x78, ['pointer64', ['void']]],
+    'DataSize' : [ 0x80, ['unsigned long long']],
+    'BitmapLimit' : [ 0x88, ['unsigned long']],
+    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
+    'AttributeFlags' : [ 0x94, ['unsigned long']],
+    'AttributeSize' : [ 0x98, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0xd8, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xc0, ['unsigned long']],
+    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x18, ['long']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1b9e']],
+    'u2' : [ 0x4, ['__unnamed_1ba2']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1c2c' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c2e' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c2c']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x110, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'u1' : [ 0x28, ['__unnamed_1c2e']],
+    'SequenceNo' : [ 0x2c, ['long']],
+    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
+    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x48, ['long']],
+    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xb0, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xb8, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xc0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xc8, ['pointer64', ['_ETHREAD']]],
+    'WakeReference' : [ 0xd0, ['pointer64', ['void']]],
+    'ExtensionBuffer' : [ 0xd8, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0xe0, ['unsigned long long']],
+    'PortMessage' : [ 0xe8, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x40, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x28, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'TotalLength' : [ 0x34, ['unsigned short']],
+    'Type' : [ 0x36, ['unsigned short']],
+    'DataInfoOffset' : [ 0x38, ['unsigned short']],
+    'SignalCompletion' : [ 0x3a, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x3b, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x30, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x48, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x38, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x40, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_1c73' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c75' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c73']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_1c75']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x8, {
+    'Event' : [ 0x0, ['unsigned long long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x38, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
+    'DiskIoAttributionHandle' : [ 0x10, ['unsigned long long']],
+    'ActivityId' : [ 0x18, ['_GUID']],
+    'Timestamp' : [ 0x28, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x28, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x28, ['pointer64', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x30, ['long long']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x50, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xc0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x78, ['pointer64', ['void']]],
+    'Override' : [ 0x80, ['unsigned char']],
+    'QueryOnly' : [ 0x81, ['unsigned char']],
+    'DeleteOnly' : [ 0x82, ['unsigned char']],
+    'FullAttributes' : [ 0x83, ['unsigned char']],
+    'LocalFileObject' : [ 0x88, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x90, ['unsigned long']],
+    'AccessMode' : [ 0x94, ['unsigned char']],
+    'DriverCreateContext' : [ 0x98, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1d3b' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1d3b']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer64', ['wchar']]],
+    'LogFileName' : [ 0x40, ['pointer64', ['wchar']]],
+    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x110, ['unsigned long']],
+    'BuffersLost' : [ 0x114, ['unsigned long']],
+} ],
+  '_RTL_HASH_TABLE' : [ 0x10, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x10, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0x18, {
+    'Hash' : [ 0x0, ['pointer64', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x8, ['pointer64', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x10, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x18, {
+    'Table' : [ 0x0, ['pointer64', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x8, ['unsigned long']],
+    'EntryMax' : [ 0xc, ['unsigned long']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x8, {
+    'Key' : [ 0x0, ['unsigned long long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x10, {
+    'QueueTail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStatePendingCompression', 5: 'EtwBufferStateCompressed', 6: 'EtwBufferStatePlaceholder', 7: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x440, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'ErrorMarker' : [ 0x1c, ['unsigned long']],
+    'SizeMask' : [ 0x20, ['unsigned long']],
+    'GetCpuClock' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'FailureReason' : [ 0x3c, ['unsigned long']],
+    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x50, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x60, ['_LIST_ENTRY']],
+    'ProviderBinaryList' : [ 0x70, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x80, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x80, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x98, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0xa8, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xb8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xc8, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xcc, ['unsigned long']],
+    'FlushTimer' : [ 0xd0, ['unsigned long']],
+    'FlushThreshold' : [ 0xd4, ['unsigned long']],
+    'ByteOffset' : [ 0xd8, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xe0, ['unsigned long']],
+    'BuffersAvailable' : [ 0xe4, ['long']],
+    'NumberOfBuffers' : [ 0xe8, ['long']],
+    'MaximumBuffers' : [ 0xec, ['unsigned long']],
+    'EventsLost' : [ 0xf0, ['unsigned long']],
+    'PeakBuffersCount' : [ 0xf4, ['long']],
+    'BuffersWritten' : [ 0xf8, ['unsigned long']],
+    'LogBuffersLost' : [ 0xfc, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0x100, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0x104, ['unsigned long']],
+    'SequencePtr' : [ 0x108, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x110, ['unsigned long']],
+    'InstanceGuid' : [ 0x114, ['_GUID']],
+    'MaximumFileSize' : [ 0x124, ['unsigned long']],
+    'FileCounter' : [ 0x128, ['long']],
+    'PoolType' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x130, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0x140, ['long']],
+    'ProviderInfoSize' : [ 0x144, ['unsigned long']],
+    'Consumers' : [ 0x148, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x158, ['unsigned long']],
+    'TransitionConsumer' : [ 0x160, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x168, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x170, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x180, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x188, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x190, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x198, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x1a0, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1a8, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1b0, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1c8, ['_KEVENT']],
+    'FlushEvent' : [ 0x1e0, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x1f8, ['_KTIMER']],
+    'LoggerDpc' : [ 0x238, ['_KDPC']],
+    'LoggerMutex' : [ 0x278, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2b0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2b8, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2b8, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2c0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x308, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x310, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x318, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x320, ['pointer64', ['void']]],
+    'BufferSequenceNumber' : [ 0x328, ['long long']],
+    'Flags' : [ 0x330, ['unsigned long']],
+    'Persistent' : [ 0x330, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x330, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x330, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x330, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x330, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x330, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x330, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x330, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x330, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x330, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x330, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x330, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x330, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x330, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x330, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'SpareFlags1' : [ 0x330, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x330, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x330, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x330, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x334, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x334, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x334, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x334, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x334, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x334, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x334, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x334, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x334, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x334, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x334, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x334, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x334, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x334, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x338, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x348, ['pointer64', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x350, ['pointer64', ['_ETW_PMC_SUPPORT']]],
+    'WinRtProviderBinaryList' : [ 0x358, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x368, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x370, ['_DISALLOWED_GUIDS']],
+    'SoftRestartContext' : [ 0x380, ['pointer64', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x388, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x390, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x3b0, ['long']],
+    'CompressionLock' : [ 0x3b8, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x3c0, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x3c8, ['pointer64', ['void']]],
+    'CompressionOn' : [ 0x3d0, ['long']],
+    'CompressionRatioGuess' : [ 0x3d4, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x3d8, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x3dc, ['Enumeration', dict(target = 'long', choices = {0: 'EtwCompressionModeRestart', 1: 'EtwCompressionModeNoDisable', 2: 'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x3e0, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x3e8, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x428, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x430, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x438, ['_LARGE_INTEGER']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x28, {
+    'Source' : [ 0x0, ['array', -16, ['Enumeration', dict(target = 'long', choices = {0: 'ProfileTime', 1: 'ProfileAlignmentFixup', 2: 'ProfileTotalIssues', 3: 'ProfilePipelineDry', 4: 'ProfileLoadInstructions', 5: 'ProfilePipelineFrozen', 6: 'ProfileBranchInstructions', 7: 'ProfileTotalNonissues', 8: 'ProfileDcacheMisses', 9: 'ProfileIcacheMisses', 10: 'ProfileCacheMisses', 11: 'ProfileBranchMispredictions', 12: 'ProfileStoreInstructions', 13: 'ProfileFpInstructions', 14: 'ProfileIntegerInstructions', 15: 'Profile2Issue', 16: 'Profile3Issue', 17: 'Profile4Issue', 18: 'ProfileSpecialInstructions', 19: 'ProfileTotalCycles', 20: 'ProfileIcacheIssues', 21: 'ProfileDcacheAccesses', 22: 'ProfileMemoryBarrierCycles', 23: 'ProfileLoadLinkedIssues', 24: 'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x10, ['unsigned long']],
+    'HookId' : [ 0x14, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x1c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x20, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0x13a8, {
+    'EtwpSecurityProviderGuidEntry' : [ 0x0, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x190, ['array', 64, ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'WmipLoggerContext' : [ 0x390, ['array', 64, ['pointer64', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x590, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0x1390, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0x13a0, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0x13a1, ['unsigned char']],
+    'EtwpSecurityProviderPID' : [ 0x13a4, ['unsigned long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x18, {
+    'RunRefs' : [ 0x0, ['pointer64', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x8, ['pointer64', ['void']]],
+    'RunRefSize' : [ 0x10, ['unsigned long']],
+    'Number' : [ 0x14, ['unsigned long']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x488, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc8, ['unsigned long']],
+    'TokenInUse' : [ 0xcc, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
+    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
+    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x310, ['pointer64', ['void']]],
+    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x320, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_LOWBOX_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
+    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
+    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x470, ['pointer64', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x478, ['pointer64', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'VariablePart' : [ 0x480, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0xc0, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x30, ['pointer64', ['void']]],
+    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
+    'LowBoxHandlesTable' : [ 0x58, ['_SEP_LOWBOX_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x80, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0xa0, ['pointer64', ['_EJOB']]],
+    'SiblingAuthId' : [ 0xa8, ['_LUID']],
+    'TokenList' : [ 0xb0, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved2' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved1' : [ 0x1a, ['unsigned short']],
+    'Reserved2' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
+    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x10, {
+    'Footer' : [ 0x0, ['pointer64', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x30, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x20, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x10, {
+    'Context1' : [ 0x0, ['pointer64', ['void']]],
+    'Context2' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x10, ['pointer64', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0x18, ['unsigned char']],
+    'Padding1' : [ 0x19, ['array', 3, ['unsigned char']]],
+    'Padding2' : [ 0x1c, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0x18, ['unsigned long']],
+    'HashIndex' : [ 0x1c, ['unsigned short']],
+    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
+    'LockedExclusive' : [ 0x1f, ['unsigned char']],
+    'LockStateSignature' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x158, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x138, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'SessionId' : [ 0x140, ['unsigned long']],
+    'NamespaceEntry' : [ 0x148, ['pointer64', ['void']]],
+    'Flags' : [ 0x150, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x2e0, {
+    'SystemDeviceMap' : [ 0x0, ['pointer64', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x8, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x80, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0x18, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x428, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x10, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
+    'ErrorCount' : [ 0x18, ['long']],
+    'RecordCount' : [ 0x1c, ['unsigned long']],
+    'RecordLength' : [ 0x20, ['unsigned long']],
+    'PoolTag' : [ 0x24, ['unsigned long']],
+    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x38, ['pointer64', ['void']]],
+    'SectionCount' : [ 0x40, ['unsigned long']],
+    'SectionLength' : [ 0x44, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
+    'TotalErrors' : [ 0x54, ['unsigned long']],
+    'Deferred' : [ 0x58, ['unsigned char']],
+    'Descriptor' : [ 0x59, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x10, ['unsigned long']],
+    'ProcessorNumber' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x1c, ['long']],
+    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x20, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x18, ['long']],
+    'HighWaterMark' : [ 0x1c, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x28, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x400, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_1f02' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x4000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_1f02']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
+    'NonPagablePages' : [ 0x28, ['unsigned long long']],
+    'CommittedPages' : [ 0x30, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x58, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x68, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x70, ['unsigned long']],
+    'AttachCount' : [ 0x74, ['unsigned long']],
+    'AttachGate' : [ 0x78, ['_KGATE']],
+    'WsListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0xc0, ['array', 21, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xb40, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xb60, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xbc0, ['_MMSUPPORT_FULL']],
+    'AggregateSessionWs' : [ 0xd00, ['_MMSUPPORT_AGGREGATION']],
+    'DriverUnload' : [ 0xd20, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PagedPool' : [ 0xd40, ['_POOL_DESCRIPTOR']],
+    'PageDirectory' : [ 0x1e80, ['_MMPTE']],
+    'SessionVaLock' : [ 0x1e88, ['_EX_PUSH_LOCK']],
+    'DynamicVaBitMap' : [ 0x1e90, ['_RTL_BITMAP']],
+    'DynamicVaHint' : [ 0x1ea0, ['unsigned long']],
+    'SpecialPool' : [ 0x1ea8, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1ef8, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x1f00, ['long']],
+    'PagedPoolPdeCount' : [ 0x1f04, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1f08, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1f0c, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1f10, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1f78, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1f80, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x1f88, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1f90, ['unsigned long long']],
+    'IoState' : [ 0x1f98, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1f9c, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1fa0, ['_KEVENT']],
+    'ServerSilo' : [ 0x1fb8, ['pointer64', ['_EJOB']]],
+    'CreateTime' : [ 0x1fc0, ['unsigned long long']],
+    'PoolTags' : [ 0x2000, ['array', 8192, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x260, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x250, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x258, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeFlags2' : [ 0x3, ['unsigned char']],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'ParseProcedureEx' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x60, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0x18, ['unsigned long']],
+    'EntryOffset' : [ 0x18, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0x19, ['unsigned char']],
+    'WaitingBit' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0x1a, ['unsigned char']],
+    'AcquiredBit' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0x1b, ['unsigned char']],
+    'HeadNodeBit' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'SpareFlags' : [ 0x1c, ['unsigned long']],
+    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
+    'InTreeByte' : [ 0x27, ['unsigned char']],
+    'SessionState' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+    'SessionPad' : [ 0x2c, ['unsigned long']],
+    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
+    'EntryLock' : [ 0x50, ['unsigned long long']],
+    'AllBoosts' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x58, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x5a, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'SparePad' : [ 0x5c, ['unsigned long']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x78, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x50, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
+    'LastPolledSize' : [ 0x70, ['unsigned long long']],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
+    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_1f6b' : [ 0x20, {
+    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
+    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
+    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_1f6e' : [ 0x10, {
+    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0xf8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x30, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x78, ['_KDPC']],
+    'MinorFunction' : [ 0xb8, ['unsigned char']],
+    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'PowerState' : [ 0xc0, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
+    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0xd0, ['unsigned char']],
+    'NotifyPEP' : [ 0xd1, ['unsigned char']],
+    'Device' : [ 0xd8, ['__unnamed_1f6b']],
+    'System' : [ 0xd8, ['__unnamed_1f6e']],
+} ],
+  '_SEP_LOWBOX_HANDLES_TABLE' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x28, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['unsigned long']],
+    'NonPagedFrees' : [ 0x8, ['unsigned long']],
+    'NonPagedBytes' : [ 0x10, ['unsigned long long']],
+    'PagedAllocs' : [ 0x18, ['unsigned long']],
+    'PagedFrees' : [ 0x1c, ['unsigned long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x418, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'ForceIdle' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ReasonFlags' : [ 0x24, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x28, ['unsigned long long']],
+    'PreviousStatus' : [ 0x30, ['long']],
+    'PreviousCancelReason' : [ 0x34, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x38, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0xe0, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x188, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x190, ['pointer64', ['void']]],
+    'IdleExecute' : [ 0x198, ['pointer64', ['void']]],
+    'IdlePreselect' : [ 0x1a0, ['pointer64', ['void']]],
+    'IdleTest' : [ 0x1a8, ['pointer64', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x1b0, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x1b8, ['pointer64', ['void']]],
+    'IdleCancel' : [ 0x1c0, ['pointer64', ['void']]],
+    'IdleIsHalted' : [ 0x1c8, ['pointer64', ['void']]],
+    'IdleInitiateWake' : [ 0x1d0, ['pointer64', ['void']]],
+    'PrepareInfo' : [ 0x1d8, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0x230, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0x2d8, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0x2e0, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0x2e8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0x2f8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0x308, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x320, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x38, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1fb5' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: 'WheaErrSrcStateStopped', 2: 'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_1fb5']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x120, {
+    'ProcessCid' : [ 0x0, ['pointer64', ['void']]],
+    'ThreadCid' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x20, ['unsigned long']],
+    'CreateTrace' : [ 0x28, ['array', 30, ['unsigned long long']]],
+    'Count' : [ 0x118, ['long']],
+    'CaptureCount' : [ 0x11c, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x240, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x48, ['pointer64', ['_KDPC']]],
+    'ChildList' : [ 0x50, ['_LIST_ENTRY']],
+    'Parent' : [ 0x60, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x20, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x8, ['unsigned long long']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+    'Valid' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x18, {
+    'IdealMask' : [ 0x0, ['unsigned long long']],
+    'PreferredMask' : [ 0x8, ['unsigned long long']],
+    'AvailableMask' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMSESSION' : [ 0x20, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x8, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x10, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x18, ['unsigned long']],
+    'BitmapFailures' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x20, {
+    'CompletionRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'RequestorMode' : [ 0x18, ['unsigned char']],
+    'NestingLevel' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
+    'DirtyPages' : [ 0x0, ['unsigned long long']],
+    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
+    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_DEVICE_MAP' : [ 0x48, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x40, ['pointer64', ['_EJOB']]],
+} ],
+  '_RTL_BITMAP_EX' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned long long')]],
+    'ExecutePrivilege' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x8, ['pointer64', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x10, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x18, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0x40, ['_RTL_BITMAP']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_PROVIDER_BINARY_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x10, ['unsigned char']],
+    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0x14, ['unsigned long']],
+    'DebugId' : [ 0x18, ['_CVDD']],
+} ],
+  '_MMWSLENTRY' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'HighActiveFlink' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'HighActiveBlink' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PS_PROPERTY_SET' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x2b0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0x40, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMWSLE_HASH' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x88, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x10, ['unsigned long long']],
+    'ItemCount' : [ 0x18, ['long']],
+    'Dpc' : [ 0x20, ['_KDPC']],
+    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x8, {
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXHANDLE' : [ 0x8, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_FAST_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['wchar']]],
+    'DriverName' : [ 0x50, ['pointer64', ['wchar']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x270, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'SecureInfo' : [ 0x10, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP_EX']],
+    'InPageSupport' : [ 0x10, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x10, ['_MI_LARGEPAGE_IMAGE_INFO']],
+    'CreatingThread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'PebTeb' : [ 0x10, ['_MI_SUB64K_FREE_RANGES']],
+} ],
+  '__unnamed_20a4' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_20a6' : [ 0x4, {
+    'NumberOfChildViews' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_20a8' : [ 0x4, {
+    'AlignmentNoAccessPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0x18, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0x18, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0x18, ['pointer64', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x20, ['__unnamed_20a4']],
+    'StartingSector' : [ 0x24, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x28, ['unsigned long']],
+    'PtesInSubsection' : [ 0x2c, ['unsigned long']],
+    'u1' : [ 0x30, ['__unnamed_20a6']],
+    'UnusedPtes' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u2' : [ 0x34, ['__unnamed_20a8']],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['unsigned long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
+    'NodeTargetCount' : [ 0x38, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x10, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x50, {
+    'LsaProcessHandle' : [ 0x0, ['pointer64', ['void']]],
+    'LsaCommandPortHandle' : [ 0x8, ['pointer64', ['void']]],
+    'SepRmThreadHandle' : [ 0x10, ['pointer64', ['void']]],
+    'RmCommandPortHandle' : [ 0x18, ['pointer64', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x20, ['pointer64', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x28, ['pointer64', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x30, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x38, ['pointer64', ['void']]],
+    'RmViewPortMemory' : [ 0x40, ['pointer64', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x48, ['long']],
+    'LsaCommandPortActive' : [ 0x4c, ['unsigned char']],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x30, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x10, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0x18, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x38, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'FirstPteForPagedPool' : [ 0x18, ['pointer64', ['_MMPTE']]],
+    'MaximumSize' : [ 0x20, ['unsigned long long']],
+    'PagedPoolHint' : [ 0x28, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x30, ['unsigned long long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0xf8, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xa8, ['_UNICODE_STRING']],
+    'Latency' : [ 0xb8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xbc, ['unsigned long']],
+    'Power' : [ 0xc0, ['unsigned long']],
+    'StateFlags' : [ 0xc4, ['unsigned long']],
+    'VetoAccounting' : [ 0xc8, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0xf0, ['unsigned char']],
+    'InterruptsEnabled' : [ 0xf1, ['unsigned char']],
+    'Interruptible' : [ 0xf2, ['unsigned char']],
+    'ContextRetained' : [ 0xf3, ['unsigned char']],
+    'CacheCoherent' : [ 0xf4, ['unsigned char']],
+    'WakesSpuriously' : [ 0xf5, ['unsigned char']],
+    'PlatformOnly' : [ 0xf6, ['unsigned char']],
+    'NoCState' : [ 0xf7, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x8, ['unsigned long long']],
+    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_20dc' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_20de' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_20dc']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x120, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_20de']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'PoolPageHeaders' : [ 0x30, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x40, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x50, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x54, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x5c, ['unsigned long']],
+    'PagedBytes' : [ 0x60, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x70, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x80, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x84, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x88, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x8c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x90, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x94, ['unsigned long']],
+    'LockedBytes' : [ 0x98, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xa0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xc0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xd0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xe8, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0xf8, ['unsigned long']],
+    'ExecutePageProtections' : [ 0xfc, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x100, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x104, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x108, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0x10c, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x110, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Luid' : [ 0x20, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x28, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x18, {
+    'DynamicRelocations' : [ 0x0, ['pointer64', ['void']]],
+    'SecurityContext' : [ 0x8, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderZero', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderVsmMemory', 30: 'LoaderFirmwareCode', 31: 'LoaderFirmwareData', 32: 'LoaderFirmwareReserved', 33: 'LoaderEnclaveMemory', 34: 'LoaderFirmwareKsr', 35: 'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x38, {
+    'ScopeMap' : [ 0x0, ['pointer64', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x8, ['pointer64', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x10, ['pointer64', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x18, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x20, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x28, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x30, ['long long']],
+} ],
+  '_DELAY_ACK_FO' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Reserved1' : [ 0x2, ['unsigned char']],
+    'Timer2Reserved2' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x20, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
+    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
+    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
+    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
+    'AvailableHistory' : [ 0x30, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x90, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'Count' : [ 0x28, ['unsigned long long']],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'StackTrace' : [ 0x40, ['array', 8, ['pointer64', ['void']]]],
+    'Who' : [ 0x80, ['unsigned long']],
+    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_MMSECTION_FLAGS2' : [ 0x4, {
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'NumberOfChildViews' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2130' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2132' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2130']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2132']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x90, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Foreground' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DesktopVisible' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'WindowInformation' : [ 0x68, ['unsigned short']],
+    'CompositorRendered' : [ 0x6a, ['unsigned short']],
+    'DirtyGenerated' : [ 0x6c, ['unsigned short']],
+    'DirtyPropagated' : [ 0x6e, ['unsigned short']],
+    'DesktopVisibilityReportTimestamp' : [ 0x70, ['long long']],
+    'DesktopVisibleTime' : [ 0x78, ['unsigned long long']],
+    'ForegroundReportTimestamp' : [ 0x80, ['long long']],
+    'ForegroundTime' : [ 0x88, ['unsigned long long']],
+} ],
+  '_MMCLONE_HEADER' : [ 0x18, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long long']],
+    'NumberOfProcessReferences' : [ 0x8, ['unsigned long long']],
+    'ClonePtes' : [ 0x10, ['pointer64', ['_MMCLONE_BLOCK']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x1ec0, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x100, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x380, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x440, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x4e0, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x540, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x640, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x940, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0xae0, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0xaf0, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0xb50, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0xbd0, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0xcc0, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0xd40, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0xe80, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0xf40, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x1100, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x1170, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x11c0, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x1280, ['_MI_SYSTEM_TRIM_STATE']],
+    'ResTrack' : [ 0x12c0, ['_MI_RESAVAIL_TRACKER']],
+    'Cookie' : [ 0x1640, ['unsigned long long']],
+    'ZeroingDisabled' : [ 0x1648, ['long']],
+    'BootRegistryRuns' : [ 0x1650, ['pointer64', ['pointer64', ['void']]]],
+    'FullyInitialized' : [ 0x1658, ['unsigned char']],
+    'SafeBooted' : [ 0x1659, ['unsigned char']],
+    'TraceLogging' : [ 0x1660, ['pointer64', ['_TlgProvider_t']]],
+    'Vs' : [ 0x1680, ['_MI_VISIBLE_STATE']],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 28, native_type='unsigned long long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x30, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x18, ['_KEVENT']],
+} ],
+  '__unnamed_2160' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2162' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2160']],
+} ],
+  '__unnamed_2164' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_2162']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2164']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_216c' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_216c']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MI_LARGEPAGE_IMAGE_INFO' : [ 0x10, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2179' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x28, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
+    'NodeCount' : [ 0x8, ['unsigned long long']],
+    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x18, ['unsigned long']],
+    'UseSessionId' : [ 0x1c, ['unsigned char']],
+    'u1' : [ 0x20, ['__unnamed_2179']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x20, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x18, ['unsigned char']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x108, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0xc0, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x60, {
+    'ColorSeed' : [ 0x0, ['unsigned long']],
+    'CloneDereferenceEvent' : [ 0x8, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x20, ['_SLIST_HEADER']],
+    'SystemDllBase' : [ 0x30, ['pointer64', ['void']]],
+    'RotatingUniprocessorNumber' : [ 0x38, ['long']],
+    'CriticalSectionTimeout' : [ 0x40, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x48, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+} ],
+  '_MMSUPPORT_AGGREGATION' : [ 0x20, {
+    'PageFaultCount' : [ 0x0, ['unsigned long']],
+    'WorkingSetSize' : [ 0x8, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x10, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x78, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
+    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
+    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x190, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long long']],
+    'Guid' : [ 0x18, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['pointer64', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x178, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x180, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x188, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x150, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['wchar']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['wchar']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x120, ['unsigned char']],
+    'TransactionEvent' : [ 0x128, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x130, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x138, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x140, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x148, ['pointer64', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0xc0, {
+    'FixupLock' : [ 0x0, ['long']],
+    'FixupList' : [ 0x8, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x18, ['_KMUTANT']],
+    'FirstLoadEver' : [ 0x50, ['unsigned char']],
+    'LargePageAll' : [ 0x51, ['unsigned char']],
+    'LastPage' : [ 0x58, ['unsigned long long']],
+    'LargePageList' : [ 0x60, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x70, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x80, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x90, ['array', 2, ['pointer64', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0xa0, ['unsigned long long']],
+    'PageCounts' : [ 0xa8, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SlatKernelCodeProtected' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x68, ['unsigned char']],
+    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'QueryRemoveDevice', 1: 'CancelRemoveDevice', 2: 'RemoveDevice', 3: 'SurpriseRemoveDevice', 4: 'EjectDevice', 5: 'RemoveFailedDevice', 6: 'RemoveUnstartedFailedDevice', 7: 'MaxDeviceDeleteType'})]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x10, ['unsigned long']],
+    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x2d0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Node' : [ 0x2b0, ['pointer64', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x2b8, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x2bc, ['unsigned long']],
+    'ThreadCount' : [ 0x2c0, ['long']],
+    'MinThreads' : [ 0x2c4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x2c4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x2c8, ['long']],
+    'QueueIndex' : [ 0x2cc, ['Enumeration', dict(target = 'long', choices = {0: 'ExPoolUntrusted', 1: 'IoPoolUntrusted', 2: 'ExPoolTrusted', 8: 'ExPoolMax'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x8, {
+    'Head' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x100, {
+    'DriverInit' : [ 0x0, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x8, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x10, ['pointer64', ['void']]],
+    'AddDevice' : [ 0x18, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x20, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x60, {
+    'PartitionLock' : [ 0x0, ['unsigned long long']],
+    'PartitionIdLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x10, ['unsigned long long']],
+    'PartitionList' : [ 0x18, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x30, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x40, ['array', 1, ['pointer64', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x48, ['pointer64', ['pointer64', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x50, ['unsigned long long']],
+    'CrossPartitionDenials' : [ 0x58, ['unsigned long']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x358, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+    'State' : [ 0x40, ['unsigned char']],
+    'Flags' : [ 0x41, ['unsigned char']],
+    'Removing' : [ 0x42, ['unsigned char']],
+    'Mode' : [ 0x43, ['unsigned char']],
+    'PendingMode' : [ 0x44, ['unsigned char']],
+    'ActivePoint' : [ 0x45, ['unsigned char']],
+    'PendingActivePoint' : [ 0x46, ['unsigned char']],
+    'Critical' : [ 0x47, ['unsigned char']],
+    'ThermalStandby' : [ 0x48, ['unsigned char']],
+    'OverThrottled' : [ 0x49, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x4c, ['long']],
+    'Throttle' : [ 0x50, ['long']],
+    'PendingThrottle' : [ 0x54, ['long']],
+    'ThrottleReasons' : [ 0x58, ['unsigned long']],
+    'LastTime' : [ 0x60, ['unsigned long long']],
+    'SampleRate' : [ 0x68, ['unsigned long']],
+    'LastTemp' : [ 0x6c, ['unsigned long']],
+    'PassiveTimer' : [ 0x70, ['_KTIMER']],
+    'PassiveDpc' : [ 0xb0, ['_KDPC']],
+    'Info' : [ 0xf0, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0x148, ['_LARGE_INTEGER']],
+    'Policy' : [ 0x150, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0x168, ['unsigned char']],
+    'LastActiveStartTime' : [ 0x170, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x178, ['unsigned long long']],
+    'WorkItem' : [ 0x180, ['_WORK_QUEUE_ITEM']],
+    'Lock' : [ 0x1a0, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x1b0, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x1c8, ['_KEVENT']],
+    'InstanceId' : [ 0x1e0, ['unsigned long']],
+    'TelemetryTracker' : [ 0x1e8, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x348, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x8, ['long long']],
+    'SidCount' : [ 0x10, ['unsigned long']],
+    'SidValuesStart' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
+    'Function' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_2278' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_227a' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_2278']],
+    'Private' : [ 0x0, ['__unnamed_227a']],
+} ],
+  '_CM_TRANS_PTR' : [ 0x8, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'TransPtr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x38, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x10, ['unsigned long long']],
+    'VolumeKey' : [ 0x18, ['unsigned long long']],
+    'Rundown' : [ 0x20, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x28, ['pointer64', ['void']]],
+    'VolumeIoAttribution' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x8, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x8, ['unsigned long long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x48, ['unsigned long long']],
+    'BigPagesAllocated' : [ 0x50, ['unsigned long long']],
+    'BytesAllocated' : [ 0x58, ['unsigned long long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x88, ['unsigned long long']],
+    'BigPagesDeallocated' : [ 0x90, ['unsigned long long']],
+    'BytesDeallocated' : [ 0x98, ['unsigned long long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+    'PoolTypeCopy' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'ThreadsProcessingDeferrals' : [ 0x108, ['long']],
+    'PendingFreeDepth' : [ 0x10c, ['long']],
+    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '__unnamed_22ec' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_22ee' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_22ec']],
+    'Button' : [ 0x10, ['__unnamed_22ee']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
+    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x88, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x18, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x58, ['long long']],
+    'Callback' : [ 0x60, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x68, ['pointer64', ['void']]],
+    'DisableCallback' : [ 0x70, ['pointer64', ['void']]],
+    'DisableContext' : [ 0x78, ['pointer64', ['void']]],
+    'AbsoluteSystemTime' : [ 0x80, ['unsigned char']],
+    'TypeFlags' : [ 0x81, ['unsigned char']],
+    'Unused' : [ 0x81, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x81, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x81, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x81, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x81, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x82, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0xa0, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'CodePageEdited' : [ 0x20, ['unsigned char']],
+    'DynamicPoolBitBuffer' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'DynamicVaBitBuffer' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'DynamicVaBitBufferPages' : [ 0x38, ['unsigned long long']],
+    'DynamicVaStart' : [ 0x40, ['pointer64', ['void']]],
+    'ImageVaStart' : [ 0x48, ['pointer64', ['void']]],
+    'DynamicPtesBitBuffer' : [ 0x50, ['pointer64', ['unsigned long']]],
+    'IdLock' : [ 0x58, ['_EX_PUSH_LOCK']],
+    'DetachTimeStamp' : [ 0x60, ['unsigned long']],
+    'LeaderProcess' : [ 0x68, ['pointer64', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x78, ['pointer64', ['_MMWSL_FULL']]],
+    'WsHashStart' : [ 0x80, ['pointer64', ['_MMWSLE_HASH']]],
+    'WsHashEnd' : [ 0x88, ['pointer64', ['_MMWSLE_HASH']]],
+    'SessionBase' : [ 0x90, ['pointer64', ['void']]],
+    'SessionCore' : [ 0x98, ['pointer64', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'AccessMask' : [ 0x20, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x280, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionExtendLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'SectionExtendSetLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'SectionBasedRoot' : [ 0x18, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'UnusedSubsectionPagedPool' : [ 0x28, ['unsigned long long']],
+    'UnusedSegmentForceFree' : [ 0x30, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x34, ['unsigned long']],
+    'HighSectionBase' : [ 0x38, ['pointer64', ['void']]],
+    'PhysicalSubsection' : [ 0x40, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0xb0, ['_CONTROL_AREA']],
+    'DanglingExtentsPages' : [ 0x130, ['pointer64', ['_MMPFN']]],
+    'DanglingExtentsLock' : [ 0x138, ['long']],
+    'DanglingExtentsWorkItem' : [ 0x140, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsWorkerActive' : [ 0x160, ['unsigned char']],
+    'PageFileSectionHead' : [ 0x168, ['_RTL_AVL_TREE']],
+    'PageFileSectionListSpinLock' : [ 0x170, ['long']],
+    'SharedSegmentCharges' : [ 0x178, ['_MI_CROSS_PARTITION_CHARGES']],
+    'SharedPageCombineCharges' : [ 0x1a0, ['_MI_CROSS_PARTITION_CHARGES']],
+    'ImageBias' : [ 0x1c8, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0x1d0, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0x1d8, ['_RTL_BITMAP']],
+    'ImageBias64Low' : [ 0x1e8, ['unsigned long']],
+    'ImageBias64High' : [ 0x1ec, ['unsigned long']],
+    'ImageBitMap64Low' : [ 0x1f0, ['_RTL_BITMAP']],
+    'ImageBitMap64High' : [ 0x200, ['_RTL_BITMAP']],
+    'ImageBitMapWow64Dll' : [ 0x210, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0x220, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x228, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0x230, ['unsigned long long']],
+    'LostDataFiles' : [ 0x238, ['unsigned long']],
+    'LostDataPages' : [ 0x23c, ['unsigned long']],
+    'ImageFailureReason' : [ 0x240, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x248, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x250, ['pointer64', ['_CONTROL_AREA']]],
+    'CfgBitMapSection64' : [ 0x258, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea64' : [ 0x260, ['pointer64', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x268, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x26c, ['long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x28, ['unsigned char']],
+    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x50, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkFilter' : [ 0x28, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'EventIdFilter' : [ 0x30, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x38, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x40, ['pointer64', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x48, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 24, native_type='unsigned long long')]],
+    'LocalPartition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xb0, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0xa4, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xa8, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x7a0, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'SparePvoid0' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pUnused' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['pointer64', ['void']]]],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_2366' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_236b' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_2366']],
+    'Bits' : [ 0x4, ['__unnamed_236b']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'DataLow' : [ 0x0, ['long long']],
+    'DataHigh' : [ 0x8, ['long long']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x30, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Vad' : [ 0x20, ['pointer64', ['_MMVAD_SHORT']]],
+    'SubListIndex' : [ 0x28, ['unsigned short']],
+    'Hint' : [ 0x2a, ['unsigned short']],
+    'SetBits' : [ 0x2c, ['unsigned long']],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x20, {
+    'SystemLogonSession' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x10, ['pointer64', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_SEP_LOWBOX_HANDLES_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'HandleCount' : [ 0x28, ['unsigned long']],
+    'Handles' : [ 0x30, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '__unnamed_2385' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2388' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x1b0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Event' : [ 0x20, ['_KEVENT']],
+    'CollidedEvent' : [ 0x38, ['_KEVENT']],
+    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
+    'ApcState' : [ 0x68, ['_KAPC_STATE']],
+    'Thread' : [ 0x98, ['pointer64', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0xa0, ['pointer64', ['_MMPFN']]],
+    'PteContents' : [ 0xa8, ['_MMPTE']],
+    'WaitCount' : [ 0xb0, ['long']],
+    'ByteCount' : [ 0xb4, ['unsigned long']],
+    'u3' : [ 0xb8, ['__unnamed_2385']],
+    'u1' : [ 0xbc, ['__unnamed_2388']],
+    'FilePointer' : [ 0xc0, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xc8, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0xc8, ['pointer64', ['_SUBSECTION']]],
+    'Autoboost' : [ 0xd0, ['pointer64', ['void']]],
+    'FaultingAddress' : [ 0xd8, ['pointer64', ['void']]],
+    'PointerPte' : [ 0xe0, ['pointer64', ['_MMPTE']]],
+    'BasePte' : [ 0xe8, ['pointer64', ['_MMPTE']]],
+    'Pfn' : [ 0xf0, ['pointer64', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0xf8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0x100, ['_MDL']],
+    'Page' : [ 0x130, ['array', 16, ['unsigned long long']]],
+    'FlowThrough' : [ 0x130, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x20, {
+    'BaseKcb' : [ 0x0, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x8, ['long']],
+    'ClonedKcbListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1', 19: 'NotifyTransportRelationsChange', 20: 'NotifyEjectionRelationsChange', 21: 'ConfigureDevice', 22: 'ConfigureDeviceClass', 23: 'ConfigureDeviceExtensions', 24: 'ConfigureDeviceReset'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+    'ActivityId' : [ 0x38, ['_GUID']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0x180, {
+    'Latency' : [ 0x0, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x4, ['unsigned long']],
+    'VetoAccounting' : [ 0x8, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x30, ['unsigned char']],
+    'Platform' : [ 0x31, ['unsigned char']],
+    'DependencyListCount' : [ 0x34, ['unsigned long']],
+    'Processors' : [ 0x38, ['_KAFFINITY_EX']],
+    'Name' : [ 0xe0, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0xf0, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0xf8, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x100, ['unsigned long long']],
+    'RefCount' : [ 0x140, ['long']],
+    'CacheAlign0' : [ 0x140, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'LowboxNumber' : [ 0x28, ['unsigned long']],
+    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x8, ['pointer64', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_MI_PARTITION' : [ 0x2780, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0x160, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x430, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x4c0, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x640, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0x1180, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0x1200, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0x1260, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x13e8, ['pointer64', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x13f0, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0x1400, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x58, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x38, ['pointer64', ['_ETHREAD']]],
+    'Type' : [ 0x40, ['unsigned long']],
+    'ActivityId' : [ 0x44, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_PS_WAKE_INFORMATION' : [ 0x38, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 5, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x30, ['unsigned long long']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_CMHIVE' : [ 0x17a8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0xa68, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0xa98, ['_LIST_ENTRY']],
+    'HiveList' : [ 0xaa8, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0xab8, ['_LIST_ENTRY']],
+    'FailedUnloadList' : [ 0xac8, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0xad8, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0xae0, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0xaf0, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0xaf8, ['unsigned long']],
+    'DeletedKcbTable' : [ 0xb00, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0xb08, ['unsigned long']],
+    'Identity' : [ 0xb0c, ['unsigned long']],
+    'HiveLock' : [ 0xb10, ['pointer64', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0xb18, ['pointer64', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0xb20, ['pointer64', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0xb28, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0xb38, ['unsigned long']],
+    'FlushLogEntry' : [ 0xb40, ['pointer64', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0xb48, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0xb4c, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0xb50, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0xb58, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0xb68, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0xb70, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0xb78, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0xb80, ['pointer64', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0xb88, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0xb90, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0xb94, ['unsigned long']],
+    'ActualFileSize' : [ 0xb98, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0xba0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0xbb0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0xbc0, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0xbd0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0xbe0, ['unsigned long']],
+    'SecurityCacheSize' : [ 0xbe4, ['unsigned long']],
+    'SecurityHitHint' : [ 0xbe8, ['long']],
+    'SecurityCache' : [ 0xbf0, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0xbf8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xff8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x1000, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0x1008, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x1010, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x1018, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x1020, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0x1048, ['unsigned char']],
+    'GrowOffset' : [ 0x104c, ['unsigned long']],
+    'KcbConvertListHead' : [ 0x1050, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0x1060, ['pointer64', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0x1068, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x14f0, ['unsigned long']],
+    'TrustClassEntry' : [ 0x14f8, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x1508, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x1510, ['unsigned long long']],
+    'CmRm' : [ 0x1518, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x1520, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x1524, ['long']],
+    'CreatorOwner' : [ 0x1528, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0x1530, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x1538, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x1540, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x1558, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x1570, ['unsigned long']],
+    'FlushActive' : [ 0x1570, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0x1570, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0x1570, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x1570, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x1574, ['unsigned long']],
+    'ReferenceCount' : [ 0x1578, ['long']],
+    'UnloadHistoryIndex' : [ 0x157c, ['long']],
+    'UnloadHistory' : [ 0x1580, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0x1780, ['unsigned long']],
+    'UnaccessedStart' : [ 0x1784, ['unsigned long']],
+    'UnaccessedEnd' : [ 0x1788, ['unsigned long']],
+    'LoadedKeyCount' : [ 0x178c, ['unsigned long']],
+    'HandleClosePending' : [ 0x1790, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0x1798, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0x17a0, ['unsigned char']],
+    'FailedUnload' : [ 0x17a1, ['unsigned char']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5b0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xe0, ['_CONTEXT']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x28, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPending' : [ 0x2a, ['unsigned char']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0xb40, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer64', ['_MMPFNLIST']]]],
+    'FreePageSlist' : [ 0x10, ['array', 2, ['pointer64', ['_SLIST_HEADER']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x280, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x500, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x780, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x7c0, ['_MMPFNLIST']],
+    'PageLocationList' : [ 0x7e8, ['array', 8, ['pointer64', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x828, ['array', 8, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x848, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x9c8, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x9e8, ['unsigned long']],
+    'LastDecayHandUpdateTime' : [ 0x9f0, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x9f8, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0xa40, ['unsigned long long']],
+    'AvailablePageWaitStates' : [ 0xa48, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'LowMemoryThreshold' : [ 0xaa8, ['unsigned long long']],
+    'HighMemoryThreshold' : [ 0xab0, ['unsigned long long']],
+    'TransitionPrivatePages' : [ 0xac0, ['unsigned long long']],
+    'StandbyListDiscard' : [ 0xac8, ['unsigned long']],
+    'FreeListDiscard' : [ 0xacc, ['unsigned char']],
+    'MirrorListLocks' : [ 0xad0, ['pointer64', ['void']]],
+    'LargePfnBitMapsReady' : [ 0xad8, ['unsigned char']],
+    'LargePfnBitMap' : [ 0xae0, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'LargePfnBitMapLock' : [ 0xb00, ['unsigned long long']],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '__unnamed_2436' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2438' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_243a' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_2436']],
+    'Interrupt' : [ 0x0, ['__unnamed_2438']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_2438']],
+    'Sci' : [ 0x0, ['__unnamed_2438']],
+    'Nmi' : [ 0x0, ['__unnamed_2438']],
+    'Sea' : [ 0x0, ['__unnamed_2438']],
+    'Sei' : [ 0x0, ['__unnamed_2438']],
+    'Gsiv' : [ 0x0, ['__unnamed_2438']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_243a']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
+    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x2b0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x298, ['unsigned long']],
+    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_KSCB' : [ 0x1a8, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x70, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x70, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x70, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x70, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x70, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x70, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x70, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x71, ['unsigned char']],
+    'ReadySummary' : [ 0x72, ['unsigned short']],
+    'Rank' : [ 0x74, ['unsigned long']],
+    'ShareRank' : [ 0x78, ['pointer64', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x80, ['unsigned long']],
+    'ReadyListHead' : [ 0x88, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0x188, ['_RTL_RB_TREE']],
+    'Parent' : [ 0x198, ['pointer64', ['_KSCB']]],
+    'Root' : [ 0x1a0, ['pointer64', ['_KSCB']]],
+} ],
+  '__unnamed_2458' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x10, ['pointer64', ['void']]],
+    'ExceptionTableSize' : [ 0x18, ['unsigned long']],
+    'GpValue' : [ 0x20, ['pointer64', ['void']]],
+    'NonPagedDebugInfo' : [ 0x28, ['pointer64', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'u1' : [ 0x6e, ['__unnamed_2458']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x7c, ['unsigned long']],
+    'CoverageSection' : [ 0x80, ['pointer64', ['void']]],
+    'LoadedImports' : [ 0x88, ['pointer64', ['void']]],
+    'Spare' : [ 0x90, ['pointer64', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x98, ['unsigned long']],
+    'TimeDateStamp' : [ 0x9c, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long long']],
+    'TrimInProgressCount' : [ 0x8, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x10, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x28, ['array', 3, ['unsigned long']]],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'Abandoned' : [ 0x30, ['unsigned char']],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'Enabled' : [ 0x8, ['unsigned long']],
+    'DisableAccessLogging' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'MinLoggingPriority' : [ 0x30, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_HMAP_TABLE' : [ 0x5000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_248a' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_248c' : [ 0x20, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_248a']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x40, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0x18, ['__unnamed_248c']],
+    'VerifiedData' : [ 0x38, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x28, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
+    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
+    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x18, {
+    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x10, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x1c0, {
+    'DeadPteTrackerSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x10, ['unsigned long long']],
+    'MdlTrackerLookaside' : [ 0x40, ['_NPAGED_LOOKASIDE_LIST']],
+    'PteTrackingBitmap' : [ 0xc0, ['_RTL_BITMAP_EX']],
+    'CachedPteHeads' : [ 0xd0, ['pointer64', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xd8, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPages' : [ 0x140, ['unsigned char']],
+    'QueuedStacks' : [ 0x150, ['_SLIST_HEADER']],
+    'StackGrowthFailures' : [ 0x160, ['unsigned long']],
+    'TrackPtesAborted' : [ 0x164, ['unsigned char']],
+    'AdjustCounter' : [ 0x165, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x168, ['long']],
+    'ReservedMappingTree' : [ 0x170, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x178, ['pointer64', ['_MMPFN']]],
+    'QueuedStacksWorkItem' : [ 0x180, ['_MI_QUEUED_DEADSTACK_WORKITEM']],
+} ],
+  '__unnamed_249e' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0x160, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_249e']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0x10, ['unsigned long long']],
+    'ParentPartition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'ListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'NodeInformation' : [ 0x30, ['pointer64', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x38, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x40, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x48, ['unsigned long long']],
+    'PfnUnmapWorkItem' : [ 0x50, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapActive' : [ 0x70, ['unsigned char']],
+    'PfnUnmapCount' : [ 0x78, ['unsigned long long']],
+    'PfnUnmapWaitList' : [ 0x80, ['pointer64', ['void']]],
+    'MemoryRuns' : [ 0x88, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x90, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0xa8, ['array', 5, ['pointer64', ['void']]]],
+    'PartitionObject' : [ 0xd0, ['pointer64', ['void']]],
+    'PartitionObjectHandle' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicMemoryPushLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0xe8, ['long']],
+    'TemporaryMemoryEvent' : [ 0xf0, ['_KEVENT']],
+    'MemoryEvents' : [ 0x108, ['array', 11, ['pointer64', ['_KEVENT']]]],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '__unnamed_24ad' : [ 0x8, {
+    'InstancedWorkingSet' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0xc0, {
+    'NextPageColor' : [ 0x0, ['unsigned short']],
+    'LastTrimStamp' : [ 0x2, ['unsigned short']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long long']],
+    'VmWorkingSetList' : [ 0x10, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 7, ['unsigned long long']]],
+    'ExitOutswapGate' : [ 0x60, ['pointer64', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x68, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x70, ['unsigned long long']],
+    'WorkingSetLeafPrivateSize' : [ 0x78, ['unsigned long long']],
+    'WorkingSetSize' : [ 0x80, ['unsigned long long']],
+    'WorkingSetPrivateSize' : [ 0x88, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0x90, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0x98, ['unsigned long long']],
+    'HardFaultCount' : [ 0xa0, ['unsigned long']],
+    'PartitionId' : [ 0xa4, ['unsigned short']],
+    'Pad0' : [ 0xa6, ['unsigned short']],
+    'u1' : [ 0xa8, ['__unnamed_24ad']],
+    'Reserved0' : [ 0xb0, ['unsigned long long']],
+    'Flags' : [ 0xb8, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x10, ['unsigned char']],
+    'BlockState' : [ 0x11, ['unsigned char']],
+    'WaitKey' : [ 0x12, ['unsigned short']],
+    'SpareLong' : [ 0x14, ['long']],
+    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
+    'Object' : [ 0x20, ['pointer64', ['void']]],
+    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x18, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0x10, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'AcquiredRundown' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+} ],
+  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
+    'CurrentSize' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'Epoch' : [ 0x8, ['unsigned long']],
+    'Overflow' : [ 0xc, ['unsigned char']],
+    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long long']],
+    'WorkQueue' : [ 0x20, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
+    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
+    'AcceptAcpiNotification' : [ 0x70, ['pointer64', ['void']]],
+    'WorkOrderCount' : [ 0x78, ['unsigned long']],
+    'WorkOrders' : [ 0x80, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x30, ['pointer64', ['void']]],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'Index' : [ 0x60, ['unsigned short']],
+    'Flags' : [ 0x62, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x62, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'EnableMask' : [ 0x64, ['unsigned char']],
+    'GroupEnableMask' : [ 0x65, ['unsigned char']],
+    'UseDescriptorType' : [ 0x66, ['unsigned char']],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x300, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long long']],
+    'AvailableSystemCacheVa' : [ 0x8, ['unsigned long long']],
+    'DynamicBitMapSystemPtes' : [ 0x10, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapDriverImages' : [ 0x60, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapPagedPool' : [ 0x100, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSpecialPool' : [ 0x150, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSystemCache' : [ 0x1a0, ['_MI_DYNAMIC_BITMAP']],
+    'SystemVaAssignment' : [ 0x1f0, ['array', 8, ['unsigned long']]],
+    'SystemVaAssignmentHint' : [ 0x210, ['unsigned long']],
+    'HyperSpaceEnd' : [ 0x218, ['pointer64', ['void']]],
+    'WorkingSetListHashStart' : [ 0x220, ['pointer64', ['_MMWSLE_HASH']]],
+    'WorkingSetListHashEnd' : [ 0x228, ['pointer64', ['_MMWSLE_HASH']]],
+    'WorkingSetListIndirectHashStart' : [ 0x230, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
+    'FreeSystemCacheVa' : [ 0x238, ['_KEVENT']],
+    'SystemVaLock' : [ 0x250, ['unsigned long long']],
+    'DeleteKvaLock' : [ 0x258, ['long']],
+    'FreeSystemCache' : [ 0x260, ['_MI_PTE_CHAIN_HEAD']],
+    'SystemCacheViewLock' : [ 0x278, ['unsigned long long']],
+    'SystemCacheInitLock' : [ 0x280, ['_EX_PUSH_LOCK']],
+    'UnusableWsles' : [ 0x288, ['array', 5, ['unsigned long long']]],
+    'PossibleWsles' : [ 0x2b0, ['array', 5, ['unsigned long long']]],
+    'SystemWs' : [ 0x2d8, ['array', 3, ['pointer64', ['_MMSUPPORT_INSTANCE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x48, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'ReleasedCommitDebt' : [ 0x8, ['unsigned long long']],
+    'ResetPagesRepurposedCount' : [ 0x10, ['unsigned long long']],
+    'WsSwapSupport' : [ 0x18, ['pointer64', ['void']]],
+    'CommitReleaseContext' : [ 0x20, ['pointer64', ['void']]],
+    'AccessLog' : [ 0x28, ['pointer64', ['void']]],
+    'ChargedWslePages' : [ 0x30, ['unsigned long long']],
+    'ActualWslePages' : [ 0x38, ['unsigned long long']],
+    'WorkingSetSizeOverhead' : [ 0x40, ['unsigned long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x20, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'PaddingFor16ByteAlignment' : [ 0x8, ['unsigned long long']],
+    'CloneCommitCount' : [ 0x10, ['unsigned long long']],
+    'u1' : [ 0x10, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0x18, ['unsigned long long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_2537' : [ 0x8, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_SECTION' : [ 0x40, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u1' : [ 0x28, ['__unnamed_2537']],
+    'SizeOfSection' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_16c6']],
+    'InitialPageProtection' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x3c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xb8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'ArgumentStatus' : [ 0x14, ['long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'Lock' : [ 0x44, ['unsigned long']],
+    'Cancel' : [ 0x48, ['unsigned char']],
+    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x58, ['_GUID']],
+    'Data' : [ 0x68, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x20, ['pointer64', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x28, ['long']],
+    'Active' : [ 0x2c, ['long']],
+    'FreeWhenDone' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x118, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x10, ['unsigned long']],
+    'InDebugger' : [ 0x14, ['long']],
+    'Pfns' : [ 0x18, ['array', 32, ['pointer64', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LockState' : [ 0x0, ['pointer64', ['void']]],
+    'SessionState' : [ 0x8, ['pointer64', ['void']]],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'SessionPad' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_ETIMER' : [ 0x138, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x40, ['unsigned long long']],
+    'TimerApc' : [ 0x48, ['_KAPC']],
+    'TimerDpc' : [ 0xa0, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Period' : [ 0xf0, ['unsigned long']],
+    'TimerFlags' : [ 0xf4, ['unsigned char']],
+    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0xf5, ['unsigned char']],
+    'Spare2' : [ 0xf6, ['unsigned short']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x128, ['unsigned long long']],
+    'CoalescingWindow' : [ 0x130, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x80, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x48, ['pointer64', ['_ETHREAD']]],
+    'MirroringActive' : [ 0x50, ['unsigned long']],
+    'MirrorBitMaps' : [ 0x58, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'CrashDumpPte' : [ 0x78, ['pointer64', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x1d0, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x28, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x30, ['unsigned char']],
+    'PepWokenTransition' : [ 0x31, ['unsigned char']],
+    'EfficiencyClass' : [ 0x32, ['unsigned char']],
+    'SchedulingClass' : [ 0x33, ['unsigned char']],
+    'TargetIdleState' : [ 0x34, ['unsigned long']],
+    'IdlePolicy' : [ 0x38, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x40, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x48, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower', 3: 'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xdc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xe0, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0xe8, ['long']],
+    'FFHThrottleStateInfo' : [ 0xf0, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x110, ['_KDPC']],
+    'PerfActionMask' : [ 0x150, ['long']],
+    'HvIdleCheck' : [ 0x158, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x168, ['pointer64', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x170, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x178, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x180, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x188, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x190, ['pointer64', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x198, ['unsigned char']],
+    'HvTargetState' : [ 0x199, ['unsigned char']],
+    'Parked' : [ 0x19a, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x19c, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x1a0, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x1a4, ['unsigned long']],
+    'RelativePerformance' : [ 0x1a8, ['unsigned long']],
+    'Utility' : [ 0x1ac, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x1b0, ['unsigned long']],
+    'SnapTimeLast' : [ 0x1b8, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x1b8, ['unsigned long long']],
+    'ActiveTime' : [ 0x1c0, ['unsigned long long']],
+    'TotalTime' : [ 0x1c8, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x180, {
+    'DeleteSubsectionCleanup' : [ 0x0, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x18, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x30, ['unsigned long long']],
+    'DereferenceSegmentHeader' : [ 0x38, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x68, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x78, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0xb8, ['unsigned char']],
+    'DeleteOnCloseCount' : [ 0xbc, ['unsigned long']],
+    'UnusedSegmentList' : [ 0xc0, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0xd0, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0xe0, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0xf0, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'SegmentListLock' : [ 0x140, ['long']],
+    'ControlAreaCount' : [ 0x148, ['long long']],
+} ],
+  '_MI_RESAVAIL_TRACKER' : [ 0x380, {
+    'AllocateKernelStack' : [ 0x0, ['unsigned long long']],
+    'AllocateGrowKernelStack' : [ 0x8, ['unsigned long long']],
+    'FreeKernelStack' : [ 0x10, ['unsigned long long']],
+    'FreeKernelStackError' : [ 0x18, ['unsigned long long']],
+    'FreeGrowKernelStackError' : [ 0x20, ['unsigned long long']],
+    'AllocateCreateProcess' : [ 0x28, ['unsigned long long']],
+    'FreeCreateProcessError' : [ 0x30, ['unsigned long long']],
+    'FreeDeleteProcess' : [ 0x38, ['unsigned long long']],
+    'FreeCleanProcess' : [ 0x40, ['unsigned long long']],
+    'FreeCleanProcessError' : [ 0x48, ['unsigned long long']],
+    'AllocateWsIncrease' : [ 0x50, ['unsigned long long']],
+    'FreeWsIncreaseError' : [ 0x58, ['unsigned long long']],
+    'FreeWsIncreaseErrorMax' : [ 0x60, ['unsigned long long']],
+    'FreeWsDecrease' : [ 0x68, ['unsigned long long']],
+    'AllocateWorkingSetPage' : [ 0x70, ['unsigned long long']],
+    'FreeWorkingSetPageError' : [ 0x78, ['unsigned long long']],
+    'FreeDeletePteRange' : [ 0x80, ['unsigned long long']],
+    'AllocatePageTablesForProcessMetadata' : [ 0x88, ['unsigned long long']],
+    'AllocatePageTablesForSystem' : [ 0x90, ['unsigned long long']],
+    'FreePageTablesExcess' : [ 0x98, ['unsigned long long']],
+    'FreeSystemVaPageTables' : [ 0xa0, ['unsigned long long']],
+    'FreeSessionVaPageTables' : [ 0xa8, ['unsigned long long']],
+    'AllocateCreateSession' : [ 0xb0, ['unsigned long long']],
+    'FreeSessionWsDereference' : [ 0xb8, ['unsigned long long']],
+    'FreeSessionDereference' : [ 0xc0, ['unsigned long long']],
+    'AllocateLockedSessionImage' : [ 0xc8, ['unsigned long long']],
+    'FreeLockedSessionImage' : [ 0xd0, ['unsigned long long']],
+    'FreeSessionImageConversion' : [ 0xd8, ['unsigned long long']],
+    'AllocateWsAdjustPageTable' : [ 0xe0, ['unsigned long long']],
+    'FreeWsAdjustPageTable' : [ 0xe8, ['unsigned long long']],
+    'FreeWsAdjustPageTableError' : [ 0xf0, ['unsigned long long']],
+    'AllocateNoLowMemory' : [ 0xf8, ['unsigned long long']],
+    'AllocatePagedPoolLockedDown' : [ 0x100, ['unsigned long long']],
+    'FreePagedPoolLockedDown' : [ 0x108, ['unsigned long long']],
+    'AllocateSystemBitmaps' : [ 0x110, ['unsigned long long']],
+    'FreeSystemBitmapsError' : [ 0x118, ['unsigned long long']],
+    'AllocateForMdl' : [ 0x120, ['unsigned long long']],
+    'FreeFromMdl' : [ 0x128, ['unsigned long long']],
+    'AllocateForMdlPartition' : [ 0x130, ['unsigned long long']],
+    'FreeFromMdlPartition' : [ 0x138, ['unsigned long long']],
+    'FreeMdlExcess' : [ 0x140, ['unsigned long long']],
+    'AllocateExpansionNonPagedPool' : [ 0x148, ['unsigned long long']],
+    'FreeExpansionNonPagedPool' : [ 0x150, ['unsigned long long']],
+    'AllocateVad' : [ 0x158, ['unsigned long long']],
+    'RemoveVad' : [ 0x160, ['unsigned long long']],
+    'FreeVad' : [ 0x168, ['unsigned long long']],
+    'AllocateContiguous' : [ 0x170, ['unsigned long long']],
+    'FreeContiguousPages' : [ 0x178, ['unsigned long long']],
+    'FreeContiguousError' : [ 0x180, ['unsigned long long']],
+    'FreeLargePageMemory' : [ 0x188, ['unsigned long long']],
+    'AllocateSystemWsles' : [ 0x190, ['unsigned long long']],
+    'FreeSystemWsles' : [ 0x198, ['unsigned long long']],
+    'AllocateSystemInitWs' : [ 0x1a0, ['unsigned long long']],
+    'AllocateSessionInitWs' : [ 0x1a8, ['unsigned long long']],
+    'FreeSessionInitWsError' : [ 0x1b0, ['unsigned long long']],
+    'AllocateSystemImage' : [ 0x1b8, ['unsigned long long']],
+    'AllocateSystemImageLoad' : [ 0x1c0, ['unsigned long long']],
+    'AllocateSessionSharedImage' : [ 0x1c8, ['unsigned long long']],
+    'FreeSystemImageInitCode' : [ 0x1d0, ['unsigned long long']],
+    'FreeSystemImageLargePageConversion' : [ 0x1d8, ['unsigned long long']],
+    'FreeSystemImageError' : [ 0x1e0, ['unsigned long long']],
+    'FreeSystemImageLoadExcess' : [ 0x1e8, ['unsigned long long']],
+    'FreeUnloadSystemImage' : [ 0x1f0, ['unsigned long long']],
+    'FreeReloadBootImageLarge' : [ 0x1f8, ['unsigned long long']],
+    'FreeIndependent' : [ 0x200, ['unsigned long long']],
+    'AllocateHotRemove' : [ 0x208, ['unsigned long long']],
+    'FreeHotAdd' : [ 0x210, ['unsigned long long']],
+    'AllocateBoot' : [ 0x218, ['unsigned long long']],
+    'FreeLoaderBlock' : [ 0x220, ['unsigned long long']],
+    'AllocateNonPagedSpecialPool' : [ 0x228, ['unsigned long long']],
+    'FreeNonPagedSpecialPoolError' : [ 0x230, ['unsigned long long']],
+    'FreeNonPagedSpecialPool' : [ 0x238, ['unsigned long long']],
+    'AllocateSharedSegmentPage' : [ 0x240, ['unsigned long long']],
+    'FreeSharedSegmentPage' : [ 0x248, ['unsigned long long']],
+    'AllocateZeroPage' : [ 0x250, ['unsigned long long']],
+    'FreeZeroPage' : [ 0x258, ['unsigned long long']],
+    'AllocateForPo' : [ 0x260, ['unsigned long long']],
+    'AllocateForPoForce' : [ 0x268, ['unsigned long long']],
+    'FreeForPo' : [ 0x270, ['unsigned long long']],
+    'AllocateThreadHardFaultBehavior' : [ 0x278, ['unsigned long long']],
+    'FreeThreadHardFaultBehavior' : [ 0x280, ['unsigned long long']],
+    'ObtainFaultCharges' : [ 0x288, ['unsigned long long']],
+    'FreeFaultCharges' : [ 0x290, ['unsigned long long']],
+    'AllocateStoreCharges' : [ 0x298, ['unsigned long long']],
+    'FreeStoreCharges' : [ 0x2a0, ['unsigned long long']],
+    'ObtainLockedPageCharge' : [ 0x2c0, ['unsigned long long']],
+    'FreeLockedPageCharge' : [ 0x300, ['unsigned long long']],
+    'AllocateStore' : [ 0x308, ['unsigned long long']],
+    'FreeStore' : [ 0x310, ['unsigned long long']],
+    'AllocateSystemImageProtos' : [ 0x318, ['unsigned long long']],
+    'FreeSystemImageProtos' : [ 0x320, ['unsigned long long']],
+    'AllocateModWriterCharge' : [ 0x328, ['unsigned long long']],
+    'FreeModWriterCharge' : [ 0x330, ['unsigned long long']],
+    'AllocateMappedWriterCharge' : [ 0x338, ['unsigned long long']],
+    'FreeMappedWriterCharge' : [ 0x340, ['unsigned long long']],
+    'AllocateRegistryCharges' : [ 0x348, ['unsigned long long']],
+    'FreeRegistryCharges' : [ 0x350, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x18, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_POP_FX_DEVICE' : [ 0x278, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DevNode' : [ 0x30, ['pointer64', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x50, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x58, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x68, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x70, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0xa8, ['pointer64', ['void']]],
+    'AcpiLink' : [ 0xb0, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0xc0, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0xd0, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0xf0, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x110, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0x148, ['unsigned long long']],
+    'IdleTimer' : [ 0x150, ['_KTIMER']],
+    'IdleDpc' : [ 0x190, ['_KDPC']],
+    'IdleTimeout' : [ 0x1d0, ['unsigned long long']],
+    'IdleStamp' : [ 0x1d8, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x1e0, ['array', 2, ['pointer64', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x1f0, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x1f8, ['array', 2, ['pointer64', ['void']]]],
+    'NextIrpCallerContext' : [ 0x208, ['array', 2, ['pointer64', ['void']]]],
+    'IrpCompleteEvent' : [ 0x218, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x230, ['pointer64', ['void']]],
+    'Accounting' : [ 0x238, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x268, ['unsigned long']],
+    'ComponentCount' : [ 0x26c, ['unsigned long']],
+    'Components' : [ 0x270, ['pointer64', ['pointer64', ['_POP_FX_COMPONENT']]]],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x80, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x10, ['short']],
+    'SpecialApcDisable' : [ 0x12, ['short']],
+    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
+    'Irql' : [ 0x14, ['unsigned char']],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x8, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 59, native_type='unsigned long long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_QUEUED_DEADSTACK_WORKITEM' : [ 0x28, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x10, {
+    'Key' : [ 0x0, ['pointer64', ['void']]],
+    'Index' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Processors' : [ 0x8, ['unsigned long']],
+    'ActiveProcessors' : [ 0xc, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0xc0, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['long']],
+} ],
+  '__unnamed_25dc' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_25de' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_25dc']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x60, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x40, ['pointer64', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x48, ['_LIST_ENTRY']],
+    'Specific' : [ 0x58, ['__unnamed_25de']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x38, ['long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x160, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb8, ['array', 21, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0x1380, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x8, ['unsigned long long']],
+    'NumberOfPhysicalPages' : [ 0x10, ['unsigned long long']],
+    'NumberOfPagingFiles' : [ 0x18, ['unsigned long']],
+    'PagingFile' : [ 0x20, ['array', 16, ['pointer64', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0xc0, ['unsigned long long']],
+    'ResidentAvailablePages' : [ 0x100, ['unsigned long long']],
+    'PartitionWs' : [ 0x140, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x200, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'SystemCacheInitialized' : [ 0x3a0, ['unsigned char']],
+    'TotalCommittedPages' : [ 0x3a8, ['unsigned long long']],
+    'ModifiedPageListHead' : [ 0x3c0, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x400, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x428, ['unsigned long long']],
+    'TotalPagesForPagingFile' : [ 0x430, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x438, ['unsigned long long']],
+    'ProcessLockedFilePages' : [ 0x440, ['unsigned long long']],
+    'ChargeCommitmentFailures' : [ 0x448, ['array', 4, ['unsigned long']]],
+    'PageTableBitmapPages' : [ 0x458, ['unsigned long long']],
+    'PageFileTraceIndex' : [ 0x460, ['long']],
+    'PageFileTraces' : [ 0x468, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x58, {
+    'Context' : [ 0x0, ['pointer64', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x4c, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x50, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x70, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'RebalanceReasonUnknown', 1: 'RebalanceReasonRequirementsChanged', 2: 'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'RebalanceFailureNone', 1: 'RebalanceFailureDisabled', 2: 'RebalanceFailureNoMemory', 3: 'RebalanceFailureQueryStopUnexpectedVeto', 4: 'RebalanceFailureNoRequirements', 5: 'RebalanceFailureNoCandidates', 6: 'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x20, ['unsigned char']],
+    'TriggerRoot' : [ 0x28, ['pointer64', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x30, ['unsigned char']],
+    'BeginTime' : [ 0x38, ['unsigned long long']],
+    'VetoNode' : [ 0x40, ['array', 2, ['pointer64', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x50, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceQueryRebalanceSucceeded', 1: 'DeviceQueryStopFailed', 2: 'DeviceFailedGetNewResourceRequirement', 3: 'DeviceInUnexpectedState', 4: 'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x58, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x28, {
+    'BlockOffset' : [ 0x0, ['unsigned long long']],
+    'PermanentBinAddress' : [ 0x8, ['unsigned long long']],
+    'TemporaryBinAddress' : [ 0x10, ['unsigned long long']],
+    'TemporaryBinRundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+    'MemAlloc' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_2642' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x110, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x58, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x68, ['array', 3, ['__unnamed_2642']]],
+    'WakeAlarmPaused' : [ 0xb0, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb8, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc0, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_WNF_LOCK' : [ 0x8, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_ISR_THUNK' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KINTERRUPT' : [ 0x100, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
+    'ActiveCount' : [ 0x66, ['unsigned short']],
+    'InternalState' : [ 0x68, ['long']],
+    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x74, ['unsigned long']],
+    'DispatchCount' : [ 0x78, ['unsigned long']],
+    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x90, ['pointer64', ['void']]],
+    'ServiceThread' : [ 0x98, ['pointer64', ['_KTHREAD']]],
+    'ConnectionData' : [ 0xa0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0xa8, ['pointer64', ['void']]],
+    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xf0, ['pointer64', ['void']]],
+    'Padding' : [ 0xf8, ['array', 8, ['unsigned char']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x60, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x18, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x1c, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x40, ['long']],
+    'Gate' : [ 0x48, ['_KGATE']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x38, {
+    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
+    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
+    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
+    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
+    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
+    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
+    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_WAITING_IRP' : [ 0x38, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'Information' : [ 0x30, ['unsigned long']],
+    'BreakAllRH' : [ 0x34, ['unsigned char']],
+} ],
+  '_MI_DYNAMIC_BITMAP' : [ 0x50, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'MaximumSize' : [ 0x10, ['unsigned long long']],
+    'Hint' : [ 0x18, ['unsigned long long']],
+    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
+    'SizeTopDown' : [ 0x28, ['unsigned long long']],
+    'HintTopDown' : [ 0x30, ['unsigned long long']],
+    'BaseVaTopDown' : [ 0x38, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+    'Vm' : [ 0x48, ['pointer64', ['_MMSUPPORT_INSTANCE']]],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x90, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
+    'UnscaledTime' : [ 0x30, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x38, ['long long']],
+    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
+    'UserTimeLast' : [ 0x60, ['unsigned long']],
+    'KernelTimeLast' : [ 0x64, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x68, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x70, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x78, ['unsigned long long']],
+    'StallTime' : [ 0x80, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x88, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
+    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'Scaling' : [ 0x22, ['unsigned char']],
+    'Context' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'Hint' : [ 0x20, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_PEB64' : [ 0x7a0, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'SparePvoid0' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['unsigned long long']],
+    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
+    'FlsBitmap' : [ 0x338, ['unsigned long long']],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pUnused' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['LIST_ENTRY64']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['unsigned long long']]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned short']],
+    'Flags' : [ 0x5a, ['unsigned char']],
+    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
+    'SiloState' : [ 0x98, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x1d0, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x30, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x50, ['unsigned long']],
+    'ClonedPageCount' : [ 0x58, ['unsigned long long']],
+    'CurrentMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x68, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x70, ['unsigned long long']],
+    'LoaderMdl' : [ 0x78, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x80, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x88, ['unsigned long long']],
+    'IoPages' : [ 0x90, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x98, ['unsigned long']],
+    'CurrentMcb' : [ 0xa0, ['pointer64', ['void']]],
+    'DumpStack' : [ 0xa8, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0xb0, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0xb8, ['unsigned long']],
+    'Status' : [ 0xbc, ['long']],
+    'GraphicsProc' : [ 0xc0, ['unsigned long']],
+    'MemoryImage' : [ 0xc8, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0xd8, ['pointer64', ['_MDL']]],
+    'SiLogOffset' : [ 0xe0, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0xe8, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0xf0, ['pointer64', ['void']]],
+    'ResumeContext' : [ 0xf8, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0x100, ['unsigned long']],
+    'SecurePages' : [ 0x104, ['unsigned long']],
+    'ProcessorCount' : [ 0x108, ['unsigned long']],
+    'ProcessorContext' : [ 0x110, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0x118, ['pointer64', ['unsigned char']]],
+    'ProdConsSize' : [ 0x120, ['unsigned long']],
+    'MaxDataPages' : [ 0x124, ['unsigned long']],
+    'ExtraBuffer' : [ 0x128, ['pointer64', ['void']]],
+    'ExtraBufferSize' : [ 0x130, ['unsigned long long']],
+    'ExtraMapVa' : [ 0x138, ['pointer64', ['void']]],
+    'BitlockerKeyPFN' : [ 0x140, ['unsigned long long']],
+    'IoInfo' : [ 0x148, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x1b8, ['pointer64', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x1c0, ['unsigned long long']],
+    'HardwareConfigurationSignature' : [ 0x1c8, ['unsigned long']],
+    'IumEnabled' : [ 0x1cc, ['unsigned char']],
+} ],
+  '__unnamed_26c2' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_26c2']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_26c9' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_26c9']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long long']],
+    'TotalCommitLimitMaximum' : [ 0x8, ['unsigned long long']],
+    'Popups' : [ 0x10, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x18, ['unsigned long long']],
+    'HighCommitThreshold' : [ 0x20, ['unsigned long long']],
+    'EventLock' : [ 0x28, ['unsigned long long']],
+    'SystemCommitReserve' : [ 0x30, ['unsigned long long']],
+    'OverCommit' : [ 0x40, ['unsigned long long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x58, {
+    'Sibling' : [ 0x0, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
+    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
+    'Code' : [ 0x20, ['unsigned long']],
+    'Parameter1' : [ 0x28, ['unsigned long long']],
+    'Parameter2' : [ 0x30, ['unsigned long long']],
+    'Parameter3' : [ 0x38, ['unsigned long long']],
+    'Parameter4' : [ 0x40, ['unsigned long long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'StackLimitHits' : [ 0x8038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
+    'TotalReleases' : [ 0x8048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
+    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
+    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8168, ['long']],
+    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: 'BugcheckStackLimits', 1: 'DPCStackLimits', 2: 'ExpandedStackLimits', 3: 'NormalStackLimits', 4: 'Win32kStackLimits', 5: 'SwapBusyStackLimits', 6: 'IsrStackLimits', 7: 'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
+    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x3c8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long long']],
+    'HiberFlags' : [ 0x38, ['unsigned char']],
+    'spare' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'NoFreePages' : [ 0x48, ['unsigned long']],
+    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
+    'WakeCheck' : [ 0x50, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
+    'FirstSecureRestorePage' : [ 0x60, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x68, ['unsigned long long']],
+    'FirstKernelRestorePage' : [ 0x70, ['unsigned long long']],
+    'FirstChecksumRestorePage' : [ 0x78, ['unsigned long long']],
+    'NoChecksumEntries' : [ 0x80, ['unsigned long long']],
+    'PerfInfo' : [ 0x88, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x270, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x278, ['array', 1, ['unsigned long long']]],
+    'SiLogOffset' : [ 0x280, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x284, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x288, ['array', 24, ['unsigned long long']]],
+    'NotUsed' : [ 0x348, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x34c, ['unsigned long']],
+    'ResumeContextPages' : [ 0x350, ['unsigned long']],
+    'Hiberboot' : [ 0x354, ['unsigned char']],
+    'HvCr3' : [ 0x358, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x360, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x368, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x370, ['unsigned long long']],
+    'BootFlags' : [ 0x378, ['unsigned long long']],
+    'HalEntryPointPhysical' : [ 0x380, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x388, ['unsigned long long']],
+    'BitlockerKeyPfns' : [ 0x390, ['array', 4, ['unsigned long long']]],
+    'HardwareSignature' : [ 0x3b0, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x3b8, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x3c0, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x3c4, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x3c5, ['unsigned char']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x50, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x8, ['long']],
+    'PrefetchSeekThreshold' : [ 0xc, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x30, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x34, ['unsigned long']],
+    'DelayPageFaults' : [ 0x38, ['long']],
+    'FileCompressionBoundary' : [ 0x3c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x40, ['unsigned char']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0xc0, {
+    'TransitionSharedPages' : [ 0x0, ['unsigned long long']],
+    'TransitionSharedPagesPeak' : [ 0x8, ['array', 3, ['unsigned long long']]],
+    'FirstDecayPage' : [ 0x20, ['unsigned long long']],
+    'PfnDecayFreeSList' : [ 0x30, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x40, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x48, ['_KDPC']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x8, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x150, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x108, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x38, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long long']]],
+    'InitialInPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x10, ['pointer64', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x1a0, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+    'CrossPartition' : [ 0x18, ['_MI_PAGE_COMBINING_SUPPORT']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_PTE_TRACKER' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x28, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0x18, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0x120, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
+    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x40, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x50, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x60, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x70, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x78, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x7c, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x80, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x84, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x88, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x8c, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x90, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0xa0, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0xb0, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0xc0, ['pointer64', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0xc8, ['unsigned long']],
+    'HybridPriority' : [ 0xc8, ['unsigned long']],
+    'PageFileNumber' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0xce, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0xce, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0xcf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0xcf, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0xd0, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0xd4, ['unsigned long']],
+    'PageHash' : [ 0xd8, ['pointer64', ['unsigned long']]],
+    'FileHandle' : [ 0xe0, ['pointer64', ['void']]],
+    'Lock' : [ 0xe8, ['unsigned long long']],
+    'LockOwner' : [ 0xf0, ['pointer64', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0xf8, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x100, ['pointer64', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x108, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_HVIEW_MAP' : [ 0x4b0, {
+    'MappedLength' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Directory' : [ 0x18, ['pointer64', ['_HVIEW_MAP_DIRECTORY']]],
+    'PagesCharged' : [ 0x20, ['unsigned long']],
+    'PinLog' : [ 0x28, ['_HVIEW_MAP_PIN_LOG']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x20, ['long']],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned short']],
+    'Flags' : [ 0x16, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x10, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x30, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x20, ['unsigned long']],
+    'ModuleSize' : [ 0x24, ['unsigned long']],
+    'Offset' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_2770' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2772' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2770']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2772']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_RELATION_LIST' : [ 0x10, {
+    'DeviceObjectList' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x8, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x10, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x50, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 1, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x70, {
+    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'IoReady', 1: 'IoPending', 2: 'IoDone'})]],
+    'IoStartCount' : [ 0x10, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
+    'RequestSize' : [ 0x28, ['unsigned long long']],
+    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x38, ['unsigned long long']],
+    'Buffer' : [ 0x40, ['pointer64', ['void']]],
+    'AsyncCapable' : [ 0x48, ['unsigned char']],
+    'BytesToRead' : [ 0x50, ['unsigned long long']],
+    'Pages' : [ 0x58, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x60, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x68, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x58, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'AppContainerNumber' : [ 0x30, ['unsigned long']],
+    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
+    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
+    'SecurityAttributes' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x1a0, {
+    'NextSlot' : [ 0x0, ['unsigned long long']],
+    'NextAgingSlot' : [ 0x8, ['unsigned long long']],
+    'NextAccessClearingSlot' : [ 0x10, ['unsigned long long']],
+    'LastAccessClearingRemainder' : [ 0x18, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x1c, ['unsigned long']],
+    'ActiveWsleCounts' : [ 0x20, ['array', 16, ['unsigned long long']]],
+    'ActiveWsles' : [ 0xa0, ['array', 16, ['_MI_ACTIVE_WSLE_LISTHEAD']]],
+} ],
+  '_MIPFNBLINK' : [ 0x8, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 62, native_type='unsigned long long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+    'Lock' : [ 0x0, ['long long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x18, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0x10, ['pointer64', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '__unnamed_27b3' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x78, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x20, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x28, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x30, ['unsigned long long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x38, ['unsigned long long']],
+    'MdlHack' : [ 0x40, ['__unnamed_27b3']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['unsigned long long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Pattern' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_27c0' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_27c0']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '__unnamed_27d1' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_27d4' : [ 0x8, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x88, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x40, ['__unnamed_27d1']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u4' : [ 0x78, ['__unnamed_27d4']],
+    'FileObject' : [ 0x80, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x408, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x90, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
+    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
+    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsFlags' : [ 0x50, ['unsigned long']],
+    'TebSelector' : [ 0x88, ['unsigned short']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x120, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x90, ['pointer64', ['void']]],
+    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0xb0, ['pointer64', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
+    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
+    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0xf8, ['unsigned long long']],
+    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
+    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: 'LoadReasonStaticDependency', 1: 'LoadReasonStaticForwarderDependency', 2: 'LoadReasonDynamicForwarderDependency', 3: 'LoadReasonDelayloadDependency', 4: 'LoadReasonDynamicLoad', 5: 'LoadReasonAsImageLoad', 6: 'LoadReasonAsDataLoad', -1: 'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
+    'ReferenceCount' : [ 0x114, ['unsigned long']],
+    'DependentLoadFlags' : [ 0x118, ['unsigned long']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x18, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x10, ['unsigned long long']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x2d0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x60, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0xc0, ['unsigned long long']],
+    'NumberOfMappedMdlsInUse' : [ 0xc8, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0xcc, ['unsigned long']],
+    'MappedFileHeader' : [ 0xd0, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0xf8, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0xf9, ['unsigned char']],
+    'TransitionInserted' : [ 0xfa, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0xfc, ['long']],
+    'LastMappedWriteError' : [ 0x100, ['long']],
+    'MappedFileWriteSucceeded' : [ 0x104, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0x108, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0x10c, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0x110, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0x128, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0x130, ['unsigned long long']],
+    'ModifiedPageWriterEvent' : [ 0x138, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0x150, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0x168, ['long']],
+    'WriteAllMappedPages' : [ 0x16c, ['long']],
+    'MappedPageWriterEvent' : [ 0x170, ['_KEVENT']],
+    'ModWriteData' : [ 0x188, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x1c8, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x1e0, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x208, ['pointer64', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x210, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x218, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x238, ['unsigned long']],
+    'ClusterWritesDisabled' : [ 0x23c, ['array', 2, ['long']]],
+    'NotifyStoreMemoryConditions' : [ 0x248, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x260, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x264, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x268, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x270, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x290, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x298, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x2b8, ['long']],
+    'WorkingSetSwapLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x2c8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer64', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SubsectionMappedDirect' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'Width8Bits', 1: 'Width16Bits', 2: 'Width32Bits', 3: 'Width64Bits', 4: 'WidthNoWrap', 5: 'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'Compatible', 1: 'TypeA', 2: 'TypeB', 3: 'TypeC', 4: 'TypeF', 5: 'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned char']],
+    'DripsRequiredState' : [ 0xc, ['unsigned long']],
+    'Level' : [ 0x10, ['long']],
+    'ActiveStamp' : [ 0x18, ['long long']],
+    'CsActiveTime' : [ 0x20, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x28, ['long long']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+} ],
+  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
+    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
+    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'SizeOfTable' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x48, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x78, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x70, ['pointer64', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '__unnamed_285d' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x90, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_285d']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'EvictionThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x28, ['_KEVENT']],
+    'EvictFlushCompleteEvent' : [ 0x40, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x60, ['_SLIST_HEADER']],
+    'EvictFlushLock' : [ 0x70, ['long']],
+    'ModifiedWriteFailedBitmap' : [ 0x78, ['pointer64', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x80, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x100, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x60, ['long']],
+    'ActiveEvent' : [ 0x68, ['_KEVENT']],
+    'IdleLock' : [ 0x80, ['unsigned long long']],
+    'IdleConditionComplete' : [ 0x88, ['long']],
+    'IdleStateComplete' : [ 0x8c, ['long']],
+    'IdleStamp' : [ 0x90, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x98, ['unsigned long']],
+    'IdleStateCount' : [ 0x9c, ['unsigned long']],
+    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
+    'ProviderCount' : [ 0xac, ['unsigned long']],
+    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
+    'DependentCount' : [ 0xbc, ['unsigned long']],
+    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0xf8, ['pointer64', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_DYNAMIC_FUNCTION_TABLE' : [ 0x70, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
+    'MinimumAddress' : [ 0x20, ['unsigned long long']],
+    'MaximumAddress' : [ 0x28, ['unsigned long long']],
+    'BaseAddress' : [ 0x30, ['unsigned long long']],
+    'Callback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['wchar']]],
+    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'RF_SORTED', 1: 'RF_UNSORTED', 2: 'RF_CALLBACK', 3: 'RF_KERNEL_DYNAMIC'})]],
+    'EntryCount' : [ 0x54, ['unsigned long']],
+    'TreeNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x60, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x20, ['unsigned long long']],
+    'ActualExpansion' : [ 0x28, ['unsigned long long']],
+    'Event' : [ 0x30, ['_KEVENT']],
+    'InProgress' : [ 0x48, ['long']],
+    'u' : [ 0x4c, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+    'ActiveEntry' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'AttemptForCantExtend' : [ 0x58, ['unsigned char']],
+    'PageFileContract' : [ 0x59, ['unsigned char']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_HVIEW_MAP_PIN_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x20, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2891' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_2891']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_MI_POOL_STATE' : [ 0xf8, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long long']],
+    'NonPagedPoolSListMaximum' : [ 0x8, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x18, ['unsigned long long']],
+    'BadPoolHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x28, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x2c, ['unsigned char']],
+    'PoolFailures' : [ 0x30, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x54, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x80, ['unsigned long long']],
+    'HighPagedPoolThreshold' : [ 0x88, ['unsigned long long']],
+    'PagedPoolSListMaximum' : [ 0x90, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x94, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0xa8, ['unsigned long long']],
+    'SpecialPoolRejected' : [ 0xb0, ['array', 9, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0xd8, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0xe0, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0xe4, ['unsigned long']],
+    'TotalPagedPoolQuota' : [ 0xe8, ['unsigned long long']],
+    'TotalNonPagedPoolQuota' : [ 0xf0, ['unsigned long long']],
+} ],
+  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
+    'BeginAddress' : [ 0x0, ['unsigned long']],
+    'EndAddress' : [ 0x4, ['unsigned long']],
+    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
+    'UnwindData' : [ 0x8, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'ConnectLock' : [ 0x8, ['_KEVENT']],
+    'LineMasked' : [ 0x20, ['unsigned char']],
+    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0x18, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x8, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0x100, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NodeGraph' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x10, ['pointer64', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaLastRangeIndex' : [ 0x18, ['unsigned long']],
+    'NumaMemoryRanges' : [ 0x20, ['pointer64', ['_HAL_NODE_RANGE']]],
+    'NumaTableCaptured' : [ 0x28, ['unsigned char']],
+    'NodeShift' : [ 0x29, ['unsigned char']],
+    'ChannelMemoryRanges' : [ 0x30, ['pointer64', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'ChannelShift' : [ 0x38, ['unsigned char']],
+    'SecondLevelCacheSize' : [ 0x3c, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x40, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x44, ['unsigned long']],
+    'AllMainMemoryMustBeCached' : [ 0x48, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x50, ['unsigned long long']],
+    'SecondaryColorMask' : [ 0x58, ['unsigned long']],
+    'SecondaryColors' : [ 0x5c, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x60, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x64, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x68, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x6c, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x70, ['unsigned long long']],
+    'OptimalZeroingAttribute' : [ 0x78, ['array', 4, ['array', -16, ['Enumeration', dict(target = 'long', choices = {0: 'MiNonCached', 1: 'MiCached', 2: 'MiWriteCombined', 3: 'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0xb8, ['unsigned char']],
+    'ZeroCostCounts' : [ 0xc0, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'PrimaryPfns' : [ 0xe0, ['unsigned long long']],
+    'HighestPossiblePhysicalPage' : [ 0xe8, ['unsigned long long']],
+    'EnclaveRegions' : [ 0xf0, ['_RTL_AVL_TREE']],
+    'VsmKernelPageCount' : [ 0xf8, ['unsigned long long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x28, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0x18, ['unsigned char']],
+    'BlocksDrips' : [ 0x19, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x1c, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x20, ['pointer64', ['_PPM_VETO_ENTRY']]],
+} ],
+  '__unnamed_28be' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_28be']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x118, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x100, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x108, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x110, ['unsigned long long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xb8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'ProbeRaises' : [ 0x38, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x78, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'WsLinear' : [ 0x88, ['unsigned long']],
+    'PageHashErrors' : [ 0x8c, ['unsigned long']],
+    'CheckZeroCount' : [ 0x90, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x94, ['long']],
+    'BadPagesDetected' : [ 0x98, ['long']],
+    'ScrubPasses' : [ 0x9c, ['long']],
+    'ScrubBadPagesFound' : [ 0xa0, ['long']],
+    'UserViewFailures' : [ 0xa4, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0xa8, ['unsigned long']],
+    'ResavailFailures' : [ 0xac, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xb4, ['unsigned char']],
+    'InitFailure' : [ 0xb5, ['unsigned char']],
+    'StopBadMaps' : [ 0xb6, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x190, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'ProcessorCount' : [ 0xc0, ['unsigned long']],
+    'EfficiencyClass' : [ 0xc4, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0xc5, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0xc6, ['unsigned char']],
+    'Spare' : [ 0xc7, ['unsigned char']],
+    'Processors' : [ 0xc8, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0xd0, ['pointer64', ['void']]],
+    'TimeWindowHandler' : [ 0xd8, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0xe0, ['pointer64', ['void']]],
+    'BoostModeHandler' : [ 0xe8, ['pointer64', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0xf0, ['pointer64', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0xf8, ['pointer64', ['void']]],
+    'AutonomousModeHandler' : [ 0x100, ['pointer64', ['void']]],
+    'ReinitializeHandler' : [ 0x108, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x110, ['pointer64', ['void']]],
+    'PerfControlHandler' : [ 0x118, ['pointer64', ['void']]],
+    'MaxFrequency' : [ 0x120, ['unsigned long']],
+    'NominalFrequency' : [ 0x124, ['unsigned long']],
+    'MaxPercent' : [ 0x128, ['unsigned long']],
+    'MinPerfPercent' : [ 0x12c, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x130, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x138, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x140, ['unsigned long long']],
+    'Coordination' : [ 0x148, ['unsigned char']],
+    'HardPlatformCap' : [ 0x149, ['unsigned char']],
+    'AffinitizeControl' : [ 0x14a, ['unsigned char']],
+    'EfficientThrottle' : [ 0x14b, ['unsigned char']],
+    'AutonomousMode' : [ 0x14c, ['unsigned char']],
+    'SelectedPercent' : [ 0x150, ['unsigned long']],
+    'SelectedFrequency' : [ 0x154, ['unsigned long']],
+    'DesiredPercent' : [ 0x158, ['unsigned long']],
+    'MaxPolicyPercent' : [ 0x15c, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x160, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0x164, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0x168, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x16c, ['unsigned long']],
+    'TolerancePercent' : [ 0x170, ['unsigned long']],
+    'SelectedState' : [ 0x178, ['unsigned long long']],
+    'PerfChangeTime' : [ 0x180, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x188, ['unsigned long']],
+    'Force' : [ 0x18c, ['unsigned char']],
+    'ProvideGuidance' : [ 0x18d, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0xa8, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x8, ['unsigned long long']],
+    'DummyPagePfn' : [ 0x10, ['pointer64', ['_MMPFN']]],
+    'DummyPage' : [ 0x18, ['unsigned long long']],
+    'PageOfZeroes' : [ 0x20, ['unsigned long long']],
+    'ZeroMapping' : [ 0x28, ['pointer64', ['void']]],
+    'OnesMapping' : [ 0x30, ['pointer64', ['void']]],
+    'ZeroCrc' : [ 0x38, ['unsigned long long']],
+    'OnesCrc' : [ 0x40, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x48, ['array', 4, ['unsigned long long']]],
+    'PfnGapFrames' : [ 0x68, ['array', 4, ['unsigned long long']]],
+    'PageTableOfZeroes' : [ 0x88, ['unsigned long long']],
+    'PdeOfZeroes' : [ 0x90, ['_MMPTE']],
+    'PageTableOfOnes' : [ 0x98, ['unsigned long long']],
+    'PdeOfOnes' : [ 0xa0, ['_MMPTE']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x10, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SpareUlong' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Lock' : [ 0x20, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x38, ['pointer64', ['void']]],
+    'Enabled' : [ 0x40, ['unsigned char']],
+    'ActiveEngaged' : [ 0x41, ['unsigned char']],
+    'ThrottleLimit' : [ 0x42, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x43, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x48, ['pointer64', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Interface' : [ 0x58, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '__unnamed_28f1' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x8, ['__unnamed_28f1']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x10, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+    'PoolTagHash' : [ 0xa, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x13c, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'OffloadedAudio' : [ 0x12d, ['unsigned char']],
+    'NonOffloadedAudio' : [ 0x12e, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12f, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_2904' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_2904']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x88, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x40, ['_KDPC']],
+    'WorkOrder' : [ 0x80, ['pointer64', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '__unnamed_2919' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_2919']],
+} ],
+  '__unnamed_291d' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2921' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2923' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2925' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2927' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_2929' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_292b' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_292d' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_292f' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2931' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2933' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2935' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_291d']],
+    'Memory' : [ 0x0, ['__unnamed_291d']],
+    'Interrupt' : [ 0x0, ['__unnamed_2921']],
+    'Dma' : [ 0x0, ['__unnamed_2923']],
+    'DmaV3' : [ 0x0, ['__unnamed_2925']],
+    'Generic' : [ 0x0, ['__unnamed_291d']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2927']],
+    'BusNumber' : [ 0x0, ['__unnamed_2929']],
+    'ConfigData' : [ 0x0, ['__unnamed_292b']],
+    'Memory40' : [ 0x0, ['__unnamed_292d']],
+    'Memory48' : [ 0x0, ['__unnamed_292f']],
+    'Memory64' : [ 0x0, ['__unnamed_2931']],
+    'Connection' : [ 0x0, ['__unnamed_2933']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_2935']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x50, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
+    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x30, ['unsigned short']],
+    'ReplyIndex' : [ 0x32, ['unsigned short']],
+    'Flags' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x60, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '__unnamed_2959' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x108, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_2959']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
+    'ByteCount' : [ 0x88, ['unsigned long']],
+    'ChargedPages' : [ 0x8c, ['unsigned long']],
+    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'Partition' : [ 0xc0, ['pointer64', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xd0, ['_MDL']],
+    'Page' : [ 0x100, ['array', 1, ['unsigned long long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x20, ['unsigned char']],
+    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
+    'OplockState' : [ 0x90, ['unsigned long']],
+    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
+} ],
+  '__unnamed_2962' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2963' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2962']],
+    'Merged' : [ 0x10, ['__unnamed_2963']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2967' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2969' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_296b' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_296d' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_296b']],
+    'Translated' : [ 0x0, ['__unnamed_2969']],
+} ],
+  '__unnamed_296f' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2971' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_2973' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2975' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2977' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2979' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_297b' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_297d' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_2967']],
+    'Port' : [ 0x0, ['__unnamed_2967']],
+    'Interrupt' : [ 0x0, ['__unnamed_2969']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_296d']],
+    'Memory' : [ 0x0, ['__unnamed_2967']],
+    'Dma' : [ 0x0, ['__unnamed_296f']],
+    'DmaV3' : [ 0x0, ['__unnamed_2971']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2927']],
+    'BusNumber' : [ 0x0, ['__unnamed_2973']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_2975']],
+    'Memory40' : [ 0x0, ['__unnamed_2977']],
+    'Memory48' : [ 0x0, ['__unnamed_2979']],
+    'Memory64' : [ 0x0, ['__unnamed_297b']],
+    'Connection' : [ 0x0, ['__unnamed_2933']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_297d']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0x840, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x50, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x68, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0xa0, ['unsigned long long']],
+    'SizeOfPagedPoolInPages' : [ 0xa8, ['unsigned long long']],
+    'SystemPteInfo' : [ 0xb0, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0x118, ['unsigned long long']],
+    'BootCommit' : [ 0x120, ['unsigned long long']],
+    'MdlPagesAllocated' : [ 0x128, ['unsigned long long']],
+    'SystemPageTableCommit' : [ 0x130, ['unsigned long long']],
+    'SpecialPagesInUse' : [ 0x138, ['unsigned long long']],
+    'WsOverheadPages' : [ 0x140, ['unsigned long long']],
+    'VadBitmapPages' : [ 0x148, ['unsigned long long']],
+    'ProcessCommit' : [ 0x150, ['unsigned long long']],
+    'SharedCommit' : [ 0x158, ['unsigned long long']],
+    'DriverCommit' : [ 0x160, ['long']],
+    'SystemWs' : [ 0x180, ['array', 3, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x4c0, ['_MMSUPPORT_SHARED']],
+    'AggregateSystemWs' : [ 0x540, ['array', 1, ['_MMSUPPORT_AGGREGATION']]],
+    'SystemCacheSharedWorkingSetList' : [ 0x560, ['_MMWSL_SHARED']],
+    'MapCacheFailures' : [ 0x5c0, ['unsigned long']],
+    'PagefileHashPages' : [ 0x5c8, ['unsigned long long']],
+    'PteHeader' : [ 0x5d0, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x6e8, ['pointer64', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x6f0, ['array', 14, ['unsigned long long']]],
+    'SystemVaRegions' : [ 0x760, ['array', 14, ['_MI_SYSTEM_VA_ASSIGNMENT']]],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xe0, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+    'Xcr0' : [ 0xd8, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x48, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x70, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x38, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0xc0, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'Snap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'TempSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'TaggedThreadPercent' : [ 0xb8, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0xba, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0xbb, ['unsigned char']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_PEB32' : [ 0x460, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'SparePvoid0' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['unsigned long']],
+    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
+    'FlsBitmap' : [ 0x218, ['unsigned long']],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pUnused' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['LIST_ENTRY32']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['unsigned long']]],
+} ],
+  '_MMWSL_FULL' : [ 0x200, {
+    'Instance' : [ 0x0, ['_MMWSL_INSTANCE']],
+    'Shared' : [ 0x1a0, ['_MMWSL_SHARED']],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1d0, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x1a8, ['_LIST_ENTRY']],
+    'Status' : [ 0x1b8, ['long']],
+    'FailedDevice' : [ 0x1c0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1c8, ['unsigned char']],
+    'Cancelled' : [ 0x1c9, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1ca, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1cb, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x98, {
+    'FileName' : [ 0x0, ['pointer64', ['wchar']]],
+    'BaseName' : [ 0x8, ['pointer64', ['wchar']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['wchar']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+    'FilePath' : [ 0x88, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x178, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'HitCount' : [ 0x18, ['unsigned long long']],
+    'LastActivationTime' : [ 0x20, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x28, ['unsigned long long']],
+    'CsActivationTime' : [ 0x30, ['unsigned long long']],
+    'CsActiveTime' : [ 0x38, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x38, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x20, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x30, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_29e8' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x890, {
+    'LargePageFreeCount' : [ 0x0, ['array', 3, ['array', 2, ['unsigned long long']]]],
+    'LargePages' : [ 0x30, ['array', 3, ['array', 2, ['array', 2, ['array', 4, ['_LIST_ENTRY']]]]]],
+    'LargePagesCount' : [ 0x330, ['array', 3, ['array', 2, ['array', 2, ['array', 4, ['unsigned long long']]]]]],
+    'LargePageRebuildTimer' : [ 0x4b0, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'StandbyPageList' : [ 0x4e0, ['array', 4, ['array', 8, ['_MMPFNLIST_SHORT']]]],
+    'FreeCount' : [ 0x7e0, ['array', 2, ['unsigned long long']]],
+    'TotalPages' : [ 0x7f0, ['array', 4, ['unsigned long long']]],
+    'TotalPagesEntireNode' : [ 0x810, ['unsigned long long']],
+    'MmShiftedColor' : [ 0x818, ['unsigned long']],
+    'Color' : [ 0x81c, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x820, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'Flags' : [ 0x860, ['__unnamed_29e8']],
+    'NodeLock' : [ 0x868, ['_EX_PUSH_LOCK']],
+    'ZeroThreadHugeMapLock' : [ 0x870, ['unsigned long long']],
+    'ChannelStatus' : [ 0x878, ['unsigned char']],
+    'ChannelOrdering' : [ 0x879, ['array', 4, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x87d, ['array', 4, ['unsigned char']]],
+    'PowerAttribute' : [ 0x881, ['array', 4, ['unsigned char']]],
+    'LargePageLock' : [ 0x888, ['unsigned long long']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['long']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DeviceNode' : [ 0x30, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0x1a0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x10, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x40, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x70, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedBitMapMaximum' : [ 0xb0, ['unsigned long long']],
+    'DynamicBitMapNonPagedPool' : [ 0xb8, ['_MI_DYNAMIC_BITMAP']],
+    'NonPagedPoolLowestPage' : [ 0x108, ['unsigned long long']],
+    'NonPagedPoolHighestPage' : [ 0x110, ['unsigned long long']],
+    'AllocatedNonPagedPool' : [ 0x118, ['unsigned long long']],
+    'PartialLargePoolRegions' : [ 0x120, ['unsigned long long']],
+    'PagesInPartialLargePoolRegions' : [ 0x128, ['unsigned long long']],
+    'CachedNonPagedPoolCount' : [ 0x130, ['unsigned long long']],
+    'NonPagedPoolSpinLock' : [ 0x138, ['unsigned long long']],
+    'CachedNonPagedPool' : [ 0x140, ['pointer64', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x148, ['pointer64', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x150, ['pointer64', ['void']]],
+    'NonPagedBitMap' : [ 0x158, ['array', 3, ['_RTL_BITMAP_EX']]],
+    'NonPagedHint' : [ 0x188, ['array', 2, ['unsigned long long']]],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0x188, {
+    'Partition' : [ 0x0, ['pointer64', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0x18, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x40, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x48, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x58, ['unsigned long long']],
+    'CombinePageListHeads' : [ 0x60, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0x160, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long long']],
+    'BadPagesDetected' : [ 0x8, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
+    'ScrubPasses' : [ 0x10, ['long']],
+    'ScrubBadPagesFound' : [ 0x14, ['long']],
+    'PageHashErrors' : [ 0x18, ['unsigned long']],
+    'FeatureBits' : [ 0x20, ['unsigned long long']],
+    'TimeZoneId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_MI_ACTIVE_WSLE_LISTHEAD' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x30, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x20, ['unsigned char']],
+    'RebuildActive' : [ 0x21, ['unsigned char']],
+    'NextPassDelta' : [ 0x22, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x23, ['unsigned char']],
+    'SequenceNumber' : [ 0x24, ['unsigned long']],
+    'WaitList' : [ 0x28, ['pointer64', ['_MI_LARGE_PAGE_REBUILD_WAIT_BLOCK']]],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x68, {
+    'IoPfnLock' : [ 0x0, ['unsigned long long']],
+    'IoPfnRoot' : [ 0x8, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x20, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x30, ['unsigned long']],
+    'IoCacheStats' : [ 0x38, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x60, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x28, {
+    'CurrentCharges' : [ 0x0, ['unsigned long long']],
+    'ChargeFailures' : [ 0x8, ['unsigned long long']],
+    'ChargePeak' : [ 0x10, ['unsigned long long']],
+    'ChargeMinimum' : [ 0x18, ['unsigned long long']],
+    'ChargeMaximum' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_2a29' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x30, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SessionId' : [ 0x18, ['unsigned long']],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x20, ['pointer64', ['_MMPTE']]],
+    'u2' : [ 0x28, ['__unnamed_2a29']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x40, {
+    'PagesLoad' : [ 0x0, ['long long']],
+    'PagesAverage' : [ 0x8, ['unsigned long long']],
+    'AverageAvailablePages' : [ 0x10, ['unsigned long long']],
+    'PagesWritten' : [ 0x18, ['unsigned long long']],
+    'WritesIssued' : [ 0x20, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x24, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x28, ['unsigned long']],
+    'WriteBurstCount' : [ 0x2c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x30, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x38, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x3e, ['unsigned short']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1e8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xd8, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe0, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xe8, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf0, ['unsigned long long']],
+    'HvlTscOffset' : [ 0xf8, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x100, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x108, ['unsigned long long']],
+    'IoBoundedness' : [ 0x110, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x118, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x120, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x128, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x130, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x138, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x140, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x148, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x150, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x158, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x160, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x168, ['unsigned long long']],
+    'AnimationStart' : [ 0x170, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x178, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x180, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x188, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x190, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1a0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1a8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1c0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1c8, ['unsigned long']],
+    'FileRuns' : [ 0x1cc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1d0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1d4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1d8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1e0, ['unsigned long long']],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x40, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '__unnamed_2a4f' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a51' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a54' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_2a58' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'ApicDestinationModePhysical', 2: 'ApicDestinationModeLogicalFlat', 3: 'ApicDestinationModeLogicalClustered', 4: 'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x58, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptTypeControllerInput', 1: 'InterruptTypeXapicMessage', 2: 'InterruptTypeHypertransport', 3: 'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x38, ['__unnamed_2a4f']],
+    'HvDeviceId' : [ 0x40, ['unsigned long long']],
+    'XapicMessage' : [ 0x48, ['__unnamed_2a51']],
+    'Hypertransport' : [ 0x48, ['__unnamed_2a54']],
+    'GenericMessage' : [ 0x48, ['__unnamed_2a51']],
+    'MessageRequest' : [ 0x48, ['__unnamed_2a58']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x50, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0x18, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x1c, ['unsigned long']],
+    'LowestLink' : [ 0x20, ['unsigned long']],
+    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
+    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'LdrModulesPlaceHolder', 1: 'LdrModulesMapping', 2: 'LdrModulesMapped', 3: 'LdrModulesWaitingForDependencies', 4: 'LdrModulesSnapping', 5: 'LdrModulesSnapped', 6: 'LdrModulesCondensed', 7: 'LdrModulesReadyToInit', 8: 'LdrModulesInitializing', 9: 'LdrModulesReadyToRun', '\xfb': 'LdrModulesMerged', '\xfd': 'LdrModulesSnapError', '\xfc': 'LdrModulesInitError', -1: 'LdrModulesUnloading', '\xfe': 'LdrModulesUnloaded'})]],
+    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x48, ['unsigned long']],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x178, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
+    'PointersLength' : [ 0x118, ['unsigned long']],
+    'ModulePrefix' : [ 0x120, ['pointer64', ['wchar']]],
+    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x138, ['_STRING']],
+    'ProgMsg' : [ 0x148, ['_STRING']],
+    'DoneMsg' : [ 0x158, ['_STRING']],
+    'FileObject' : [ 0x168, ['pointer64', ['void']]],
+    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x38, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0x18, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x520, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x508, ['unsigned long']],
+    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x510, ['unsigned long']],
+    'YieldCount' : [ 0x514, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x38, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2a80' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2a82' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2a84' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2a86' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2a88' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a8a' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2a8c' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2a8e' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2a90' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_2a92' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_2a80']],
+    'TargetDevice' : [ 0x0, ['__unnamed_2a82']],
+    'InstallDevice' : [ 0x0, ['__unnamed_2a82']],
+    'CustomNotification' : [ 0x0, ['__unnamed_2a84']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_2a86']],
+    'PowerNotification' : [ 0x0, ['__unnamed_2a88']],
+    'VetoNotification' : [ 0x0, ['__unnamed_2a8a']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_2a8c']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_2a8e']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_2a90']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_2a82']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_2a82']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'DeviceInstanceStartedEvent', 12: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_2a92']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  '_HVIEW_MAP_DIRECTORY' : [ 0x400, {
+    'Tables' : [ 0x0, ['array', 128, ['pointer64', ['_HVIEW_MAP_TABLE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'AllStacksInUse' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'MpnId' : [ 0x8, ['unsigned short']],
+    'Node' : [ 0xa, ['unsigned short']],
+    'Channel' : [ 0xc, ['unsigned short']],
+    'IsPowerManageable' : [ 0xe, ['unsigned char']],
+    'DeepPowerState' : [ 0xf, ['unsigned char']],
+} ],
+  '_MI_LARGE_PAGE_REBUILD_WAIT_BLOCK' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_LARGE_PAGE_REBUILD_WAIT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x58, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'ProcCap' : [ 0x10, ['unsigned long']],
+    'ProcFloor' : [ 0x14, ['unsigned long']],
+    'PlatformCap' : [ 0x18, ['unsigned long']],
+    'ThermalCap' : [ 0x1c, ['unsigned long']],
+    'LimitReasons' : [ 0x20, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x28, ['unsigned long long']],
+    'TargetPercent' : [ 0x30, ['unsigned long']],
+    'SelectedPercent' : [ 0x34, ['unsigned long']],
+    'SelectedFrequency' : [ 0x38, ['unsigned long']],
+    'PreviousFrequency' : [ 0x3c, ['unsigned long']],
+    'PreviousPercent' : [ 0x40, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x44, ['unsigned long']],
+    'SelectedState' : [ 0x48, ['unsigned long long']],
+    'Force' : [ 0x50, ['unsigned char']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e0, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x410, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
+    'ProcessGroupId' : [ 0x408, ['unsigned long']],
+    'LoaderThreads' : [ 0x40c, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x28, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long long']],
+    'ActiveCacheMatch' : [ 0x8, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x14, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x1c, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_2ad8' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2ada' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2adc' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2ad8']],
+    'Gpt' : [ 0x0, ['__unnamed_2ada']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
+    'HiberResume' : [ 0x6a, ['unsigned char']],
+    'Reserved1' : [ 0x6b, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_2adc']],
+    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
+    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
+    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x38, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ActiveCooling' : [ 0x28, ['pointer64', ['void']]],
+    'PassiveCooling' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0xa0, {
+    'Component' : [ 0x0, ['pointer64', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x8, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x30, ['pointer64', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x38, ['unsigned long']],
+    'LastChangeStamp' : [ 0x40, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x48, ['unsigned char']],
+    'PepRegistered' : [ 0x49, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x4a, ['unsigned char']],
+    'RequestDriverContext' : [ 0x50, ['pointer64', ['void']]],
+    'WorkOrder' : [ 0x58, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x90, ['unsigned long']],
+    'Sets' : [ 0x98, ['pointer64', ['_POP_FX_PERF_SET']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNLIST_SHORT' : [ 0x18, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Flink' : [ 0x8, ['unsigned long long']],
+    'Blink' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_2b0b' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b0d' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b0f' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b11' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2b0b']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_2b0d']],
+    'Raw' : [ 0x0, ['__unnamed_2b0f']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DirtyVectorModified', 1: 'DirtyDataCaptureStart', 2: 'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0xc, ['__unnamed_2b11']],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x10, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x8, ['long']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x28, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0x18, ['_RTL_BITMAP']],
+} ],
+  '_MI_SYSTEM_VA_ASSIGNMENT' : [ 0x10, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2b21' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2b23' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2b21']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2b26' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2b28' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2b26']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2b23']],
+    'HighPart' : [ 0x4, ['__unnamed_2b28']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
+    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
+    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'CopyTicks' : [ 0x20, ['unsigned long long']],
+    'CompressTicks' : [ 0x28, ['unsigned long long']],
+    'BytesCopied' : [ 0x30, ['unsigned long long']],
+    'PagesProcessed' : [ 0x38, ['unsigned long long']],
+    'DecompressTicks' : [ 0x40, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x78, ['unsigned long']],
+    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x48, {
+    'ViewOffset' : [ 0x0, ['unsigned long']],
+    'Pinned' : [ 0x4, ['unsigned char']],
+    'PinMask' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x28, {
+    'NextEntry' : [ 0x0, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x18, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HVIEW_MAP_TABLE' : [ 0x800, {
+    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
+} ],
+  '_LDRP_CSLIST' : [ 0x8, {
+    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'EtwNotificationTypeNoReply', 2: 'EtwNotificationTypeLegacyEnable', 3: 'EtwNotificationTypeEnable', 4: 'EtwNotificationTypePrivateLogger', 5: 'EtwNotificationTypePerflib', 6: 'EtwNotificationTypeAudio', 7: 'EtwNotificationTypeSession', 8: 'EtwNotificationTypeReserved', 9: 'EtwNotificationTypeCredentialUI', 10: 'EtwNotificationTypeInProcSession', 11: 'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x68, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer64', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_ENTRY' : [ 0x20, {
+    'ViewStart' : [ 0x0, ['pointer64', ['void']]],
+    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Bcb' : [ 0x8, ['pointer64', ['void']]],
+    'PinnedPages' : [ 0x10, ['unsigned long long']],
+    'Size' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_2b7a' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['pointer64', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_2b7c' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x30, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'Unit' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateUnitOther', 1: 'PoFxPerfStateUnitFrequency', 2: 'PoFxPerfStateUnitBandwidth', 3: 'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateTypeDiscrete', 1: 'PoFxPerfStateTypeRange', 2: 'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x20, ['__unnamed_2b7a']],
+    'Range' : [ 0x20, ['__unnamed_2b7c']],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2b82' : [ 0x8, {
+    'MessageAddressLow' : [ 0x0, ['unsigned long']],
+    'MessageData' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+} ],
+  '__unnamed_2b84' : [ 0x8, {
+    'RemappedFormat' : [ 0x0, ['_ULARGE_INTEGER']],
+    'Msi' : [ 0x0, ['__unnamed_2b82']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_2b84']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2b8a' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2b8c' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_2b92' : [ 0x10, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer64', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_2b96' : [ 0x10, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x8, ['unsigned char']],
+} ],
+  '__unnamed_2b98' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2b8a']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2b8c']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2b92']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_2b96']],
+    'Others' : [ 0x0, ['__unnamed_2b98']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+}

From 5b68c5b0f43ab14117a82c65ddca9b9f189c0248 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Sat, 10 Sep 2016 23:36:15 -0400
Subject: [PATCH 026/304] win10: add 14393 profile for x86

---
 volatility/plugins/overlays/windows/win10.py  |     9 +
 .../windows/win10_x86_9619274A_vtypes.py      | 13166 ++++++++++++++++
 2 files changed, 13175 insertions(+)
 create mode 100644 volatility/plugins/overlays/windows/win10_x86_9619274A_vtypes.py

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index ac21afe60..cb8f9b748 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -474,3 +474,12 @@ class Win10x86_44B89EEA(obj.Profile):
     _md_minor = 4
     _md_build = 10240
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_44B89EEA_vtypes'
+
+class Win10x86_9619274A(obj.Profile):
+    """ A Profile for Windows 10 x86 from PDB 9619274A"""
+    _md_memory_model = '32bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 14393
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_9619274A_vtypes'
diff --git a/volatility/plugins/overlays/windows/win10_x86_9619274A_vtypes.py b/volatility/plugins/overlays/windows/win10_x86_9619274A_vtypes.py
new file mode 100644
index 000000000..63a6cf4b2
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_9619274A_vtypes.py
@@ -0,0 +1,13166 @@
+ntkrpamp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'Reserved8' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_107d' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_107d']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1081' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1081']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_109c' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_109e' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_109c']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x4, ['pointer', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x8, ['pointer', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0xc, ['pointer', ['void']]],
+    'RaceDll' : [ 0x10, ['pointer', ['void']]],
+    'ActivationContext' : [ 0x14, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x18, ['pointer', ['void']]],
+    'u' : [ 0x1c, ['__unnamed_109e']],
+    'CallbackPriority' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x24, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x1c, ['pointer', ['void']]],
+    'ClientId' : [ 0x20, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['pointer', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x30, ['pointer', ['_PEB']]],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['pointer', ['void']]],
+    'Win32ThreadInfo' : [ 0x40, ['pointer', ['void']]],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['pointer', ['void']]],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['pointer', ['void']]]],
+    'SystemReserved1' : [ 0x10c, ['array', 36, ['pointer', ['void']]]],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['pointer', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['pointer', ['void']]],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['pointer', ['void']]],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['pointer', ['void']]]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['pointer', ['void']]],
+    'glSectionInfo' : [ 0xbe0, ['pointer', ['void']]],
+    'glSection' : [ 0xbe4, ['pointer', ['void']]],
+    'glTable' : [ 0xbe8, ['pointer', ['void']]],
+    'glCurrentRC' : [ 0xbec, ['pointer', ['void']]],
+    'glContext' : [ 0xbf0, ['pointer', ['void']]],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['pointer', ['void']]],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['pointer', ['void']]]],
+    'TlsLinks' : [ 0xf10, ['_LIST_ENTRY']],
+    'Vdm' : [ 0xf18, ['pointer', ['void']]],
+    'ReservedForNtRpc' : [ 0xf1c, ['pointer', ['void']]],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['pointer', ['void']]]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['pointer', ['void']]]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['pointer', ['void']]],
+    'PerflibData' : [ 0xf64, ['pointer', ['void']]],
+    'EtwTraceData' : [ 0xf68, ['pointer', ['void']]],
+    'WinSockData' : [ 0xf6c, ['pointer', ['void']]],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['pointer', ['void']]],
+    'ReservedForOle' : [ 0xf80, ['pointer', ['void']]],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['pointer', ['void']]],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['pointer', ['void']]],
+    'TlsExpansionSlots' : [ 0xf94, ['pointer', ['pointer', ['void']]]],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['pointer', ['void']]],
+    'pShimData' : [ 0xfa4, ['pointer', ['void']]],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['pointer', ['void']]],
+    'ActiveFrame' : [ 0xfb0, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0xfb4, ['pointer', ['void']]],
+    'PreferredLanguages' : [ 0xfb8, ['pointer', ['void']]],
+    'UserPrefLanguages' : [ 0xfbc, ['pointer', ['void']]],
+    'MergedPrefLanguages' : [ 0xfc0, ['pointer', ['void']]],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['pointer', ['void']]],
+    'TxnScopeExitCallback' : [ 0xfd0, ['pointer', ['void']]],
+    'TxnScopeContext' : [ 0xfd4, ['pointer', ['void']]],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['pointer', ['void']]],
+    'ReservedForWdf' : [ 0xfe4, ['pointer', ['void']]],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x8, {
+    'Flink' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x4, {
+    'Next' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0xc, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0xc, {
+    'ChainHead' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x14, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0xc, ['pointer', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x24, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS' : [ 0xf8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0xc, {
+    'Children' : [ 0x0, ['array', 2, ['pointer', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x4, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x4a20, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'Used_ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Used_StackBase' : [ 0x4, ['pointer', ['void']]],
+    'MxCsr' : [ 0x8, ['unsigned long']],
+    'TssCopy' : [ 0xc, ['pointer', ['void']]],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'SetMemberCopy' : [ 0x14, ['unsigned long']],
+    'Used_Self' : [ 0x18, ['pointer', ['void']]],
+    'SelfPcr' : [ 0x1c, ['pointer', ['_KPCR']]],
+    'Prcb' : [ 0x20, ['pointer', ['_KPRCB']]],
+    'Irql' : [ 0x24, ['unsigned char']],
+    'IRR' : [ 0x28, ['unsigned long']],
+    'IrrActive' : [ 0x2c, ['unsigned long']],
+    'IDR' : [ 0x30, ['unsigned long']],
+    'KdVersionBlock' : [ 0x34, ['pointer', ['void']]],
+    'IDT' : [ 0x38, ['pointer', ['_KIDTENTRY']]],
+    'GDT' : [ 0x3c, ['pointer', ['_KGDTENTRY']]],
+    'TSS' : [ 0x40, ['pointer', ['_KTSS']]],
+    'MajorVersion' : [ 0x44, ['unsigned short']],
+    'MinorVersion' : [ 0x46, ['unsigned short']],
+    'SetMember' : [ 0x48, ['unsigned long']],
+    'StallScaleFactor' : [ 0x4c, ['unsigned long']],
+    'SpareUnused' : [ 0x50, ['unsigned char']],
+    'Number' : [ 0x51, ['unsigned char']],
+    'Spare0' : [ 0x52, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x53, ['unsigned char']],
+    'VdmAlert' : [ 0x54, ['unsigned long']],
+    'KernelReserved' : [ 0x58, ['array', 14, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0x90, ['unsigned long']],
+    'HalReserved' : [ 0x94, ['array', 16, ['unsigned long']]],
+    'InterruptMode' : [ 0xd4, ['unsigned long']],
+    'Spare1' : [ 0xd8, ['unsigned char']],
+    'KernelReserved2' : [ 0xdc, ['array', 17, ['unsigned long']]],
+    'PrcbData' : [ 0x120, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x4900, {
+    'MinorVersion' : [ 0x0, ['unsigned short']],
+    'MajorVersion' : [ 0x2, ['unsigned short']],
+    'CurrentThread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'NextThread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'IdleThread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'LegacyNumber' : [ 0x10, ['unsigned char']],
+    'NestingLevel' : [ 0x11, ['unsigned char']],
+    'BuildType' : [ 0x12, ['unsigned short']],
+    'CpuType' : [ 0x14, ['unsigned char']],
+    'CpuID' : [ 0x15, ['unsigned char']],
+    'CpuStep' : [ 0x16, ['unsigned short']],
+    'CpuStepping' : [ 0x16, ['unsigned char']],
+    'CpuModel' : [ 0x17, ['unsigned char']],
+    'ProcessorState' : [ 0x18, ['_KPROCESSOR_STATE']],
+    'ParentNode' : [ 0x338, ['pointer', ['_KNODE']]],
+    'PriorityState' : [ 0x33c, ['pointer', ['unsigned char']]],
+    'KernelReserved' : [ 0x340, ['array', 14, ['unsigned long']]],
+    'HalReserved' : [ 0x378, ['array', 16, ['unsigned long']]],
+    'CFlushSize' : [ 0x3b8, ['unsigned long']],
+    'CoresPerPhysicalProcessor' : [ 0x3bc, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x3bd, ['unsigned char']],
+    'CpuVendor' : [ 0x3be, ['unsigned char']],
+    'PrcbPad0' : [ 0x3bf, ['array', 1, ['unsigned char']]],
+    'MHz' : [ 0x3c0, ['unsigned long']],
+    'GroupIndex' : [ 0x3c4, ['unsigned char']],
+    'Group' : [ 0x3c5, ['unsigned char']],
+    'PrcbPad05' : [ 0x3c6, ['array', 2, ['unsigned char']]],
+    'GroupSetMember' : [ 0x3c8, ['unsigned long']],
+    'Number' : [ 0x3cc, ['unsigned long']],
+    'ClockOwner' : [ 0x3d0, ['unsigned char']],
+    'PendingTickFlags' : [ 0x3d1, ['unsigned char']],
+    'PendingTick' : [ 0x3d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x3d1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PrcbPad10' : [ 0x3d2, ['array', 70, ['unsigned char']]],
+    'LockQueue' : [ 0x418, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'InterruptCount' : [ 0x4a0, ['unsigned long']],
+    'KernelTime' : [ 0x4a4, ['unsigned long']],
+    'UserTime' : [ 0x4a8, ['unsigned long']],
+    'DpcTime' : [ 0x4ac, ['unsigned long']],
+    'DpcTimeCount' : [ 0x4b0, ['unsigned long']],
+    'InterruptTime' : [ 0x4b4, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4b8, ['unsigned long']],
+    'PageColor' : [ 0x4bc, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4c0, ['unsigned char']],
+    'NodeColor' : [ 0x4c1, ['unsigned char']],
+    'DeepSleep' : [ 0x4c2, ['unsigned char']],
+    'PrcbPad20' : [ 0x4c3, ['array', 5, ['unsigned char']]],
+    'NodeShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x4cc, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4d0, ['unsigned long']],
+    'PrcbPad21' : [ 0x4d4, ['array', 3, ['unsigned long']]],
+    'CcFastReadNoWait' : [ 0x4e0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x4e4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x4e8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x4ec, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x4f0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x4f4, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x4f8, ['long']],
+    'IoReadOperationCount' : [ 0x4fc, ['long']],
+    'IoWriteOperationCount' : [ 0x500, ['long']],
+    'IoOtherOperationCount' : [ 0x504, ['long']],
+    'IoReadTransferCount' : [ 0x508, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x510, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x518, ['_LARGE_INTEGER']],
+    'CcFastMdlReadNoWait' : [ 0x520, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x524, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x528, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x52c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x530, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x534, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x538, ['unsigned long']],
+    'CcPinReadWait' : [ 0x53c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x540, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x544, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x548, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x54c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x550, ['unsigned long']],
+    'CcDataFlushes' : [ 0x554, ['unsigned long']],
+    'CcDataPages' : [ 0x558, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x55c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x560, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x564, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x568, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x56c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x570, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x574, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x578, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x57c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x580, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x584, ['unsigned long']],
+    'KeAlignmentFixupCount' : [ 0x588, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x58c, ['unsigned long']],
+    'KeSystemCalls' : [ 0x590, ['unsigned long']],
+    'AvailableTime' : [ 0x594, ['unsigned long']],
+    'PrcbPad22' : [ 0x598, ['array', 2, ['unsigned long']]],
+    'PPLookasideList' : [ 0x5a0, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x620, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0xf20, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x1820, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x2120, ['long']],
+    'ReverseStall' : [ 0x2124, ['long']],
+    'IpiFrame' : [ 0x2128, ['pointer', ['void']]],
+    'PrcbPad3' : [ 0x212c, ['array', 52, ['unsigned char']]],
+    'CurrentPacket' : [ 0x2160, ['array', 3, ['pointer', ['void']]]],
+    'TargetSet' : [ 0x216c, ['unsigned long']],
+    'WorkerRoutine' : [ 0x2170, ['pointer', ['void']]],
+    'IpiFrozen' : [ 0x2174, ['unsigned long']],
+    'PrcbPad4' : [ 0x2178, ['array', 40, ['unsigned char']]],
+    'RequestSummary' : [ 0x21a0, ['unsigned long']],
+    'TargetCount' : [ 0x21a4, ['long']],
+    'LastNonHrTimerExpiration' : [ 0x21a8, ['unsigned long long']],
+    'PrcbPad50' : [ 0x21b0, ['array', 32, ['unsigned char']]],
+    'InterruptLastCount' : [ 0x21d0, ['unsigned long']],
+    'InterruptRate' : [ 0x21d4, ['unsigned long']],
+    'DeviceInterrupts' : [ 0x21d8, ['unsigned long']],
+    'IsrDpcStats' : [ 0x21dc, ['pointer', ['void']]],
+    'DpcData' : [ 0x21e0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2210, ['pointer', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2214, ['long']],
+    'DpcRequestRate' : [ 0x2218, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x221c, ['unsigned long']],
+    'DpcLastCount' : [ 0x2220, ['unsigned long']],
+    'PrcbLock' : [ 0x2224, ['unsigned long']],
+    'DpcGate' : [ 0x2228, ['_KGATE']],
+    'IdleState' : [ 0x2238, ['unsigned char']],
+    'QuantumEnd' : [ 0x2239, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x223a, ['unsigned char']],
+    'IdleSchedule' : [ 0x223b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x223c, ['long']],
+    'DpcRequestSlot' : [ 0x223c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x223c, ['short']],
+    'ThreadDpcState' : [ 0x223e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x223c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x223c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x223c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x223c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x223c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x223c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x223c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x223c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x223c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x223c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2240, ['unsigned long']],
+    'LastTick' : [ 0x2244, ['unsigned long']],
+    'PeriodicCount' : [ 0x2248, ['unsigned long']],
+    'PeriodicBias' : [ 0x224c, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2250, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2254, ['unsigned long']],
+    'GroupSchedulingOverQuota' : [ 0x2258, ['unsigned char']],
+    'ThreadDpcEnable' : [ 0x2259, ['unsigned char']],
+    'PrcbPad41' : [ 0x225a, ['array', 2, ['unsigned char']]],
+    'TimerTable' : [ 0x2260, ['_KTIMER_TABLE']],
+    'CallDpc' : [ 0x3aa0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x3ac0, ['long']],
+    'PrcbPad6' : [ 0x3ac4, ['array', 4, ['unsigned char']]],
+    'DpcWatchdogPeriod' : [ 0x3ac8, ['long']],
+    'DpcWatchdogCount' : [ 0x3acc, ['long']],
+    'KeSpinLockOrdering' : [ 0x3ad0, ['long']],
+    'PrcbPad70' : [ 0x3ad4, ['array', 1, ['unsigned long']]],
+    'QueueIndex' : [ 0x3ad8, ['unsigned long']],
+    'DeferredReadyListHead' : [ 0x3adc, ['_SINGLE_LIST_ENTRY']],
+    'ReadySummary' : [ 0x3ae0, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x3ae4, ['long']],
+    'WaitLock' : [ 0x3ae8, ['unsigned long']],
+    'WaitListHead' : [ 0x3aec, ['_LIST_ENTRY']],
+    'ScbOffset' : [ 0x3af4, ['unsigned long']],
+    'StartCycles' : [ 0x3af8, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x3b00, ['unsigned long long']],
+    'TaggedCycles' : [ 0x3b08, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x3b18, ['unsigned long long']],
+    'CycleTime' : [ 0x3b20, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x3b28, ['unsigned long long']],
+    'HighCycleTime' : [ 0x3b30, ['unsigned long']],
+    'Cycles' : [ 0x3b38, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad71' : [ 0x3b78, ['array', 10, ['unsigned long']]],
+    'DispatcherReadyListHead' : [ 0x3ba0, ['array', 32, ['_LIST_ENTRY']]],
+    'ChainedInterruptList' : [ 0x3ca0, ['pointer', ['void']]],
+    'LookasideIrpFloat' : [ 0x3ca4, ['long']],
+    'ScbQueue' : [ 0x3ca8, ['_RTL_RB_TREE']],
+    'ScbList' : [ 0x3cb0, ['_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x3cb8, ['long']],
+    'MmCopyOnWriteCount' : [ 0x3cbc, ['long']],
+    'MmTransitionCount' : [ 0x3cc0, ['long']],
+    'MmCacheTransitionCount' : [ 0x3cc4, ['long']],
+    'MmDemandZeroCount' : [ 0x3cc8, ['long']],
+    'MmPageReadCount' : [ 0x3ccc, ['long']],
+    'MmPageReadIoCount' : [ 0x3cd0, ['long']],
+    'MmCacheReadCount' : [ 0x3cd4, ['long']],
+    'MmCacheIoCount' : [ 0x3cd8, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x3cdc, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x3ce0, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x3ce4, ['long']],
+    'MmMappedWriteIoCount' : [ 0x3ce8, ['long']],
+    'CachedCommit' : [ 0x3cec, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x3cf0, ['unsigned long']],
+    'HyperPte' : [ 0x3cf4, ['pointer', ['void']]],
+    'PrcbPad8' : [ 0x3cf8, ['array', 4, ['unsigned char']]],
+    'VendorString' : [ 0x3cfc, ['array', 13, ['unsigned char']]],
+    'InitialApicId' : [ 0x3d09, ['unsigned char']],
+    'LogicalProcessorsPerPhysicalProcessor' : [ 0x3d0a, ['unsigned char']],
+    'PrcbPad9' : [ 0x3d0b, ['array', 1, ['unsigned char']]],
+    'FeatureBits' : [ 0x3d10, ['unsigned long long']],
+    'UpdateSignature' : [ 0x3d18, ['_LARGE_INTEGER']],
+    'IsrTime' : [ 0x3d20, ['unsigned long long']],
+    'PrcbPad90' : [ 0x3d28, ['array', 2, ['unsigned long']]],
+    'PowerState' : [ 0x3d30, ['_PROCESSOR_POWER_STATE']],
+    'PrcbPad91' : [ 0x3eb0, ['array', 17, ['unsigned long']]],
+    'DpcWatchdogDpc' : [ 0x3ef4, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x3f18, ['_KTIMER']],
+    'HypercallPageList' : [ 0x3f40, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x3f48, ['pointer', ['void']]],
+    'VirtualApicAssist' : [ 0x3f4c, ['pointer', ['void']]],
+    'StatisticsPage' : [ 0x3f50, ['pointer', ['unsigned long long']]],
+    'Cache' : [ 0x3f54, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x3f90, ['unsigned long']],
+    'PackageProcessorSet' : [ 0x3f94, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x3fa0, ['unsigned long']],
+    'SharedReadyQueue' : [ 0x3fa4, ['pointer', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x3fa8, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x3fac, ['unsigned long']],
+    'ScanSiblingMask' : [ 0x3fb0, ['unsigned long']],
+    'LLCMask' : [ 0x3fb4, ['unsigned long']],
+    'CacheProcessorMask' : [ 0x3fb8, ['array', 5, ['unsigned long']]],
+    'ScanSiblingIndex' : [ 0x3fcc, ['unsigned long']],
+    'WheaInfo' : [ 0x3fd0, ['pointer', ['void']]],
+    'EtwSupport' : [ 0x3fd4, ['pointer', ['void']]],
+    'InterruptObjectPool' : [ 0x3fd8, ['_SLIST_HEADER']],
+    'PrcbPad92' : [ 0x3fe0, ['array', 3, ['unsigned long']]],
+    'PteBitCache' : [ 0x3fec, ['unsigned long']],
+    'PteBitOffset' : [ 0x3ff0, ['unsigned long']],
+    'PrcbPad93' : [ 0x3ff4, ['unsigned long']],
+    'ProcessorProfileControlArea' : [ 0x3ff8, ['pointer', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x3ffc, ['pointer', ['void']]],
+    'TimerExpirationDpc' : [ 0x4000, ['_KDPC']],
+    'SynchCounters' : [ 0x4020, ['_SYNCH_COUNTERS']],
+    'FsCounters' : [ 0x40d8, ['_FILESYSTEM_DISK_COUNTERS']],
+    'Context' : [ 0x40e8, ['pointer', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x40ec, ['unsigned long']],
+    'ExtendedState' : [ 0x40f0, ['pointer', ['_XSAVE_AREA']]],
+    'EntropyTimingState' : [ 0x40f4, ['_KENTROPY_TIMING_STATE']],
+    'IsrStack' : [ 0x421c, ['pointer', ['void']]],
+    'VectorToInterruptObject' : [ 0x4220, ['array', 208, ['pointer', ['_KINTERRUPT']]]],
+    'AbSelfIoBoostsList' : [ 0x4560, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x4564, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x4568, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x4588, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x45dc, ['_IOP_IRP_STACK_PROFILER']],
+    'TimerExpirationTrace' : [ 0x4630, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x4730, ['unsigned long']],
+    'ExSaPageArray' : [ 0x4734, ['pointer', ['void']]],
+    'PrcbPad100' : [ 0x4738, ['array', 10, ['unsigned long']]],
+    'LocalSharedReadyQueue' : [ 0x4760, ['_KSHARED_READY_QUEUE']],
+    'PrcbPad95' : [ 0x4894, ['array', 12, ['unsigned char']]],
+    'Mailbox' : [ 0x48a0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'PrcbPad' : [ 0x48a4, ['array', 60, ['unsigned char']]],
+    'RequestMailbox' : [ 0x48e0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KAPC' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x14, ['pointer', ['void']]],
+    'RundownRoutine' : [ 0x18, ['pointer', ['void']]],
+    'NormalRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Reserved' : [ 0x14, ['array', 3, ['pointer', ['void']]]],
+    'NormalContext' : [ 0x20, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x24, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x28, ['pointer', ['void']]],
+    'ApcStateIndex' : [ 0x2c, ['unsigned char']],
+    'ApcMode' : [ 0x2d, ['unsigned char']],
+    'Inserted' : [ 0x2e, ['unsigned char']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0xa8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x18, ['unsigned long']],
+    'LdtDescriptor' : [ 0x1c, ['_KGDTENTRY']],
+    'Int21Descriptor' : [ 0x24, ['_KIDTENTRY']],
+    'ThreadListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x34, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x38, ['unsigned long long']],
+    'Affinity' : [ 0x40, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x4c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x54, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x58, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x64, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x64, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x64, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'DeepFreeze' : [ 0x64, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x64, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x64, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SpareFlags0' : [ 0x64, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x64, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x64, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x64, ['long']],
+    'BasePriority' : [ 0x68, ['unsigned char']],
+    'QuantumReset' : [ 0x69, ['unsigned char']],
+    'Visited' : [ 0x6a, ['unsigned char']],
+    'Flags' : [ 0x6b, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x6c, ['array', 1, ['unsigned long']]],
+    'IdealNode' : [ 0x70, ['array', 1, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x72, ['unsigned short']],
+    'Spare1' : [ 0x74, ['unsigned short']],
+    'IopmOffset' : [ 0x76, ['unsigned short']],
+    'SchedulingGroup' : [ 0x78, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'StackCount' : [ 0x7c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x80, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x88, ['unsigned long long']],
+    'ContextSwitches' : [ 0x90, ['unsigned long long']],
+    'FreezeCount' : [ 0x98, ['unsigned long']],
+    'KernelTime' : [ 0x9c, ['unsigned long']],
+    'UserTime' : [ 0xa0, ['unsigned long']],
+    'VdmTrapcHandler' : [ 0xa4, ['pointer', ['void']]],
+} ],
+  '_KTHREAD' : [ 0x348, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x10, ['pointer', ['void']]],
+    'QuantumTarget' : [ 0x18, ['unsigned long long']],
+    'InitialStack' : [ 0x20, ['pointer', ['void']]],
+    'StackLimit' : [ 0x24, ['pointer', ['void']]],
+    'StackBase' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLock' : [ 0x2c, ['unsigned long']],
+    'CycleTime' : [ 0x30, ['unsigned long long']],
+    'HighCycleTime' : [ 0x38, ['unsigned long']],
+    'ServiceTable' : [ 0x3c, ['pointer', ['void']]],
+    'CurrentRunTime' : [ 0x40, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x44, ['unsigned long']],
+    'KernelStack' : [ 0x48, ['pointer', ['void']]],
+    'StateSaveArea' : [ 0x4c, ['pointer', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x50, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x54, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x55, ['unsigned char']],
+    'Alerted' : [ 0x56, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x58, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x58, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x58, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x58, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x58, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x58, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x58, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x58, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x58, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x58, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x58, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x58, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x58, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x58, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x58, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x58, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x58, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x58, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x58, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x58, ['long']],
+    'AutoAlignment' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlagsSpare0' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GuiThread' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x5c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x5c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x5c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x5c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x5c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x5c, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x5c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x5c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CommitFailTerminateRequest' : [ 0x5c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x5c, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x5c, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x5c, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x5c, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x5c, ['long']],
+    'Tag' : [ 0x60, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x61, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x63, ['unsigned char']],
+    'SystemCallNumber' : [ 0x64, ['unsigned long']],
+    'FirstArgument' : [ 0x68, ['pointer', ['void']]],
+    'TrapFrame' : [ 0x6c, ['pointer', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x70, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x70, ['array', 23, ['unsigned char']]],
+    'Priority' : [ 0x87, ['unsigned char']],
+    'UserIdealProcessor' : [ 0x88, ['unsigned long']],
+    'ContextSwitches' : [ 0x8c, ['unsigned long']],
+    'State' : [ 0x90, ['unsigned char']],
+    'Spare12' : [ 0x91, ['unsigned char']],
+    'WaitIrql' : [ 0x92, ['unsigned char']],
+    'WaitMode' : [ 0x93, ['unsigned char']],
+    'WaitStatus' : [ 0x94, ['long']],
+    'WaitBlockList' : [ 0x98, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0x9c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x9c, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xa4, ['pointer', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xa8, ['pointer', ['void']]],
+    'RelativeTimerBias' : [ 0xb0, ['unsigned long long']],
+    'Timer' : [ 0xb8, ['_KTIMER']],
+    'WaitBlock' : [ 0xe0, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill8' : [ 0xe0, ['array', 20, ['unsigned char']]],
+    'ThreadCounters' : [ 0xf4, ['pointer', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0xe0, ['array', 44, ['unsigned char']]],
+    'XStateSave' : [ 0x10c, ['pointer', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0xe0, ['array', 68, ['unsigned char']]],
+    'Win32Thread' : [ 0x124, ['pointer', ['void']]],
+    'WaitBlockFill11' : [ 0xe0, ['array', 88, ['unsigned char']]],
+    'WaitTime' : [ 0x138, ['unsigned long']],
+    'KernelApcDisable' : [ 0x13c, ['short']],
+    'SpecialApcDisable' : [ 0x13e, ['short']],
+    'CombinedApcDisable' : [ 0x13c, ['unsigned long']],
+    'QueueListEntry' : [ 0x140, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x148, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x148, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x148, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x14c, ['long']],
+    'Process' : [ 0x150, ['pointer', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x154, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x154, ['array', 6, ['unsigned char']]],
+    'PreviousMode' : [ 0x15a, ['unsigned char']],
+    'BasePriority' : [ 0x15b, ['unsigned char']],
+    'PriorityDecrement' : [ 0x15c, ['unsigned char']],
+    'ForegroundBoost' : [ 0x15c, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x15c, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x15d, ['unsigned char']],
+    'AdjustReason' : [ 0x15e, ['unsigned char']],
+    'AdjustIncrement' : [ 0x15f, ['unsigned char']],
+    'AffinityVersion' : [ 0x160, ['unsigned long']],
+    'Affinity' : [ 0x164, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x164, ['array', 6, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x16a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x16b, ['unsigned char']],
+    'IdealProcessor' : [ 0x16c, ['unsigned long']],
+    'Spare15' : [ 0x170, ['array', 1, ['unsigned long']]],
+    'SavedApcState' : [ 0x174, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x174, ['array', 23, ['unsigned char']]],
+    'WaitReason' : [ 0x18b, ['unsigned char']],
+    'SuspendCount' : [ 0x18c, ['unsigned char']],
+    'Saturation' : [ 0x18d, ['unsigned char']],
+    'SListFaultCount' : [ 0x18e, ['unsigned short']],
+    'SchedulerApc' : [ 0x190, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x190, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x191, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x190, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x193, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x190, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x194, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x190, ['array', 36, ['unsigned char']]],
+    'WaitPrcb' : [ 0x1b4, ['pointer', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x190, ['array', 40, ['unsigned char']]],
+    'LegoData' : [ 0x1b8, ['pointer', ['void']]],
+    'SchedulerApcFill5' : [ 0x190, ['array', 47, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x1bf, ['unsigned char']],
+    'UserTime' : [ 0x1c0, ['unsigned long']],
+    'SuspendEvent' : [ 0x1c4, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x1d4, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x1dc, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x1e4, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x1e5, ['unsigned char']],
+    'Spare20' : [ 0x1e6, ['unsigned short']],
+    'LockEntries' : [ 0x1e8, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x308, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x30c, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x310, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x320, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x324, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x328, ['long']],
+    'KeReferenceCount' : [ 0x32c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x32e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x32f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x330, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x334, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x334, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x338, ['unsigned long']],
+    'QueuedScb' : [ 0x33c, ['pointer', ['_KSCB']]],
+    'NpxState' : [ 0x340, ['unsigned long long']],
+} ],
+  '_KSTACK_CONTROL' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'ActualLimit' : [ 0x4, ['unsigned long']],
+    'StackExpansion' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousTrapFrame' : [ 0x8, ['pointer', ['_KTRAP_FRAME']]],
+    'PreviousExceptionList' : [ 0xc, ['pointer', ['void']]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Event' : [ 0xc, ['_KEVENT']],
+    'OldIrql' : [ 0x1c, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_SLIST_HEADER' : [ 0x8, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x4, ['unsigned short']],
+    'CpuId' : [ 0x6, ['unsigned short']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x48, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['unsigned long']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['_FAST_MUTEX']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer', ['void']]],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Parameter' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer', ['void']]],
+    'DeleteContext' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x8, {
+    'P' : [ 0x0, ['pointer', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x4, ['pointer', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x100, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long']],
+    'IdleSmtSet' : [ 0x4, ['unsigned long']],
+    'IdleCpuSet' : [ 0x8, ['unsigned long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long']],
+    'IdleConstrainedSet' : [ 0x44, ['unsigned long']],
+    'NonParkedSet' : [ 0x48, ['unsigned long']],
+    'ParkLock' : [ 0x4c, ['long']],
+    'Seed' : [ 0x50, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x84, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x84, ['array', 6, ['unsigned char']]],
+    'NodeNumber' : [ 0x8a, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x8c, ['unsigned short']],
+    'Stride' : [ 0x8e, ['unsigned char']],
+    'Spare0' : [ 0x8f, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x90, ['unsigned long']],
+    'ProximityId' : [ 0x94, ['unsigned long']],
+    'Lowest' : [ 0x98, ['unsigned long']],
+    'Highest' : [ 0x9c, ['unsigned long']],
+    'MaximumProcessors' : [ 0xa0, ['unsigned char']],
+    'Flags' : [ 0xa1, ['_flags']],
+    'Spare10' : [ 0xa2, ['unsigned char']],
+    'HeteroSets' : [ 0xa4, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+} ],
+  '_ENODE' : [ 0x540, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'ExWorkQueues' : [ 0x100, ['array', 8, ['pointer', ['_EX_WORK_QUEUE']]]],
+    'ExWorkQueue' : [ 0x120, ['_EX_WORK_QUEUE']],
+    'IoWorkQueue' : [ 0x2d8, ['_EX_WORK_QUEUE']],
+    'ExpThreadSetManagerEvent' : [ 0x490, ['_KEVENT']],
+    'ExpDeadlockTimer' : [ 0x4a0, ['_KTIMER']],
+    'ExpThreadReaperEvent' : [ 0x4c8, ['_KEVENT']],
+    'WaitBlocks' : [ 0x4d8, ['array', 3, ['_KWAIT_BLOCK']]],
+    'ExpWorkerThreadBalanceManagerPtr' : [ 0x520, ['pointer', ['_ETHREAD']]],
+    'ExpWorkerSeed' : [ 0x524, ['unsigned long']],
+    'ExWorkerFullInit' : [ 0x528, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerStructInit' : [ 0x528, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExWorkerFlags' : [ 0x528, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long']],
+    'QuotaProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x10, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'StrictFIFO' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x1c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x1c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x24, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 20, ['unsigned char']]],
+    'DebugInfo' : [ 0x54, ['pointer', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'VolatileLowValue' : [ 0x0, ['long']],
+    'LowValue' : [ 0x0, ['long']],
+    'InfoTable' : [ 0x0, ['pointer', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x4, ['long']],
+    'NextFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x4, ['_EXHANDLE']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'RefCountField' : [ 0x4, ['long']],
+    'GrantedAccessBits' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'ProtectFromClose' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'RefCnt' : [ 0x4, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_FAST_REF' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1337' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0x74, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'AuxData' : [ 0x30, ['pointer', ['void']]],
+    'Privileges' : [ 0x34, ['__unnamed_1337']],
+    'AuditPrivileges' : [ 0x60, ['unsigned char']],
+    'ObjectName' : [ 0x64, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x6c, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xc4, {
+    'PrivilegesUsed' : [ 0x0, ['pointer', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x4, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x14, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x18, ['unsigned long']],
+    'TransactionId' : [ 0x1c, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x30, ['pointer', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x34, ['pointer', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x38, ['pointer', ['void']]],
+    'SDLock' : [ 0x3c, ['pointer', ['void']]],
+    'AccessReasons' : [ 0x40, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xc0, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x460, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x348, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x350, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x350, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x358, ['pointer', ['void']]],
+    'PostBlockList' : [ 0x35c, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x35c, ['pointer', ['void']]],
+    'StartAddress' : [ 0x360, ['pointer', ['void']]],
+    'TerminationPort' : [ 0x364, ['pointer', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x364, ['pointer', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x364, ['pointer', ['void']]],
+    'ActiveTimerListLock' : [ 0x368, ['unsigned long']],
+    'ActiveTimerListHead' : [ 0x36c, ['_LIST_ENTRY']],
+    'Cid' : [ 0x374, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x37c, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x37c, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x390, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x394, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x39c, ['unsigned long']],
+    'DeviceToVerify' : [ 0x3a0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x3a4, ['pointer', ['void']]],
+    'LegacyPowerObject' : [ 0x3a8, ['pointer', ['void']]],
+    'ThreadListEntry' : [ 0x3ac, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x3b4, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x3b8, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x3bc, ['unsigned long']],
+    'MmLockOrdering' : [ 0x3c0, ['long']],
+    'CrossThreadFlags' : [ 0x3c4, ['unsigned long']],
+    'Terminated' : [ 0x3c4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x3c4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x3c4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x3c4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x3c4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x3c4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x3c4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x3c4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x3c4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x3c4, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x3c4, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x3c4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x3c4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x3c4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x3c4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x3c4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x3c4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x3c8, ['unsigned long']],
+    'ActiveExWorker' : [ 0x3c8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x3c8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x3c8, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x3c8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x3c8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x3c8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x3c8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x3c8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x3c8, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x3cc, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x3cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x3cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x3cc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x3cc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x3cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x3cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x3cc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x3cc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x3cd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x3cd, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x3d0, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x3d1, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x3d2, ['unsigned char']],
+    'LockOrderState' : [ 0x3d3, ['unsigned char']],
+    'AlpcMessageId' : [ 0x3d4, ['unsigned long']],
+    'AlpcMessage' : [ 0x3d8, ['pointer', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x3d8, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x3dc, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x3e4, ['long']],
+    'CacheManagerCount' : [ 0x3e8, ['unsigned long']],
+    'IoBoostCount' : [ 0x3ec, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x3f0, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x3f4, ['unsigned long']],
+    'BoostList' : [ 0x3f8, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x400, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x408, ['unsigned long']],
+    'IrpListLock' : [ 0x40c, ['unsigned long']],
+    'ReservedForSynchTracking' : [ 0x410, ['pointer', ['void']]],
+    'CmCallbackListHead' : [ 0x414, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x418, ['pointer', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x41c, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x420, ['pointer', ['void']]],
+    'KernelStackReference' : [ 0x424, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x428, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x42c, ['pointer', ['void']]],
+    'PropertySet' : [ 0x430, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x43c, ['pointer', ['void']]],
+    'UserFsBase' : [ 0x440, ['unsigned long']],
+    'UserGsBase' : [ 0x444, ['unsigned long']],
+    'EnergyValues' : [ 0x448, ['pointer', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x44c, ['pointer', ['void']]],
+    'SelectedCpuSets' : [ 0x450, ['unsigned long']],
+    'SelectedCpuSetsIndirect' : [ 0x450, ['pointer', ['unsigned long']]],
+    'Silo' : [ 0x454, ['pointer', ['_EJOB']]],
+    'ThreadName' : [ 0x458, ['pointer', ['_UNICODE_STRING']]],
+    'ReadyTime' : [ 0x45c, ['unsigned long']],
+} ],
+  '_EPROCESS' : [ 0x388, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0xa8, ['_EX_PUSH_LOCK']],
+    'RundownProtect' : [ 0xac, ['_EX_RUNDOWN_REF']],
+    'VdmObjects' : [ 0xb0, ['pointer', ['void']]],
+    'UniqueProcessId' : [ 0xb4, ['pointer', ['void']]],
+    'ActiveProcessLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'Flags2' : [ 0xc0, ['unsigned long']],
+    'JobNotReallyActive' : [ 0xc0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0xc0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0xc0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0xc0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0xc0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0xc0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0xc0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0xc0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0xc0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0xc0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0xc0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0xc0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0xc0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0xc0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0xc0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0xc0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0xc0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0xc0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0xc0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0xc0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0xc0, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0xc0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0xc0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0xc0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0xc0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0xc0, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0xc0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0xc0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'CreateReported' : [ 0xc4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0xc4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0xc4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0xc4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ControlFlowGuardEnabled' : [ 0xc4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0xc4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0xc4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0xc4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0xc4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0xc4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0xc4, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0xc4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0xc4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0xc4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0xc4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0xc4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0xc4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0xc4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0xc4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0xc4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0xc4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0xc4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0xc4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0xc4, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0xc4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0xc4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0xc4, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0xc4, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0xc4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0xc8, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0xd0, ['array', 2, ['unsigned long']]],
+    'ProcessQuotaPeak' : [ 0xd8, ['array', 2, ['unsigned long']]],
+    'PeakVirtualSize' : [ 0xe0, ['unsigned long']],
+    'VirtualSize' : [ 0xe4, ['unsigned long']],
+    'SessionProcessLinks' : [ 0xe8, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0xf0, ['pointer', ['void']]],
+    'ExceptionPortValue' : [ 0xf0, ['unsigned long']],
+    'ExceptionPortState' : [ 0xf0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Token' : [ 0xf4, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0xf8, ['unsigned long']],
+    'AddressCreationLock' : [ 0xfc, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x100, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x104, ['pointer', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x108, ['pointer', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x10c, ['pointer', ['_EJOB']]],
+    'CloneRoot' : [ 0x110, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x114, ['unsigned long']],
+    'NumberOfLockedPages' : [ 0x118, ['unsigned long']],
+    'Win32Process' : [ 0x11c, ['pointer', ['void']]],
+    'Job' : [ 0x120, ['pointer', ['_EJOB']]],
+    'SectionObject' : [ 0x124, ['pointer', ['void']]],
+    'SectionBaseAddress' : [ 0x128, ['pointer', ['void']]],
+    'Cookie' : [ 0x12c, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x130, ['pointer', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x134, ['pointer', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x138, ['pointer', ['void']]],
+    'LdtInformation' : [ 0x13c, ['pointer', ['void']]],
+    'OwnerProcessId' : [ 0x140, ['unsigned long']],
+    'Peb' : [ 0x144, ['pointer', ['_PEB']]],
+    'Session' : [ 0x148, ['pointer', ['_MM_SESSION_SPACE']]],
+    'AweInfo' : [ 0x14c, ['pointer', ['void']]],
+    'QuotaBlock' : [ 0x150, ['pointer', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x154, ['pointer', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x158, ['pointer', ['void']]],
+    'PaeTop' : [ 0x15c, ['pointer', ['void']]],
+    'DeviceMap' : [ 0x160, ['pointer', ['void']]],
+    'EtwDataSource' : [ 0x164, ['pointer', ['void']]],
+    'PageDirectoryPte' : [ 0x168, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x170, ['pointer', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x174, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x183, ['unsigned char']],
+    'SecurityPort' : [ 0x184, ['pointer', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x188, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x18c, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x194, ['pointer', ['void']]],
+    'ThreadListHead' : [ 0x198, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x1a0, ['unsigned long']],
+    'ImagePathHash' : [ 0x1a4, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x1a8, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x1ac, ['long']],
+    'PrefetchTrace' : [ 0x1b0, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x1b4, ['pointer', ['void']]],
+    'ReadOperationCount' : [ 0x1b8, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x1c0, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x1c8, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x1d0, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x1e8, ['unsigned long']],
+    'CommitCharge' : [ 0x1ec, ['unsigned long']],
+    'CommitChargePeak' : [ 0x1f0, ['unsigned long']],
+    'Vm' : [ 0x1f4, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x27c, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x284, ['unsigned long']],
+    'ExitStatus' : [ 0x288, ['long']],
+    'VadRoot' : [ 0x28c, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x290, ['pointer', ['void']]],
+    'VadCount' : [ 0x294, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x298, ['unsigned long']],
+    'VadPhysicalPagesLimit' : [ 0x29c, ['unsigned long']],
+    'AlpcContext' : [ 0x2a0, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x2b0, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x2b8, ['pointer', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x2bc, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x2c0, ['unsigned long']],
+    'ExitTime' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'ActiveThreadsHighWatermark' : [ 0x2d0, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x2d4, ['unsigned long']],
+    'ThreadListLock' : [ 0x2d8, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x2dc, ['pointer', ['void']]],
+    'Spare0' : [ 0x2e0, ['unsigned long']],
+    'SignatureLevel' : [ 0x2e4, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x2e5, ['unsigned char']],
+    'Protection' : [ 0x2e6, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x2e7, ['unsigned char']],
+    'Flags3' : [ 0x2e8, ['unsigned long']],
+    'Minimal' : [ 0x2e8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x2e8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x2e8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x2e8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Crashed' : [ 0x2e8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x2e8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x2e8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x2e8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x2e8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x2e8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'InPrivate' : [ 0x2e8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x2e8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x2e8, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x2e8, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x2e8, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x2e8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x2e8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x2e8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x2e8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AutomaticallyOverrideChildProcessPolicy' : [ 0x2e8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x2e8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x2e8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x2e8, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x2ec, ['long']],
+    'SvmData' : [ 0x2f0, ['pointer', ['void']]],
+    'SvmProcessLock' : [ 0x2f4, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x2f8, ['unsigned long']],
+    'SvmProcessDeviceListHead' : [ 0x2fc, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x308, ['unsigned long long']],
+    'DiskCounters' : [ 0x310, ['pointer', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x314, ['pointer', ['void']]],
+    'KeepAliveCounter' : [ 0x318, ['unsigned long']],
+    'NoWakeKeepAliveCounter' : [ 0x31c, ['unsigned long']],
+    'HighPriorityFaultsAllowed' : [ 0x320, ['unsigned long']],
+    'InstrumentationCallback' : [ 0x324, ['pointer', ['void']]],
+    'EnergyValues' : [ 0x328, ['pointer', ['_PROCESS_ENERGY_VALUES']]],
+    'VmContext' : [ 0x32c, ['pointer', ['void']]],
+    'SequenceNumber' : [ 0x330, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x338, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x340, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x348, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x350, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x358, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x358, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x360, ['unsigned long']],
+    'SharedCommitLock' : [ 0x364, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x368, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x370, ['unsigned long']],
+    'DefaultCpuSets' : [ 0x374, ['unsigned long']],
+    'AllowedCpuSetsIndirect' : [ 0x370, ['pointer', ['unsigned long']]],
+    'DefaultCpuSetsIndirect' : [ 0x374, ['pointer', ['unsigned long']]],
+    'DiskIoAttribution' : [ 0x378, ['pointer', ['void']]],
+    'ReadyTime' : [ 0x37c, ['unsigned long']],
+    'DxgProcess' : [ 0x380, ['pointer', ['void']]],
+} ],
+  '__unnamed_1394' : [ 0x4, {
+    'MasterIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_139a' : [ 0x8, {
+    'UserApcRoutine' : [ 0x0, ['pointer', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer', ['void']]],
+    'UserApcContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_139c' : [ 0x8, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_139a']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13a5' : [ 0x2c, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer', ['void']]]],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x14, ['pointer', ['unsigned char']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x20, ['pointer', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x20, ['unsigned long']],
+    'OriginalFileObject' : [ 0x24, ['pointer', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '__unnamed_13a7' : [ 0x30, {
+    'Overlay' : [ 0x0, ['__unnamed_13a5']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IRP' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x4, ['pointer', ['_MDL']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AssociatedIrp' : [ 0xc, ['__unnamed_1394']],
+    'ThreadListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x18, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x20, ['unsigned char']],
+    'PendingReturned' : [ 0x21, ['unsigned char']],
+    'StackCount' : [ 0x22, ['unsigned char']],
+    'CurrentLocation' : [ 0x23, ['unsigned char']],
+    'Cancel' : [ 0x24, ['unsigned char']],
+    'CancelIrql' : [ 0x25, ['unsigned char']],
+    'ApcEnvironment' : [ 0x26, ['unsigned char']],
+    'AllocationFlags' : [ 0x27, ['unsigned char']],
+    'UserIosb' : [ 0x28, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x2c, ['pointer', ['_KEVENT']]],
+    'Overlay' : [ 0x30, ['__unnamed_139c']],
+    'CancelRoutine' : [ 0x38, ['pointer', ['void']]],
+    'UserBuffer' : [ 0x3c, ['pointer', ['void']]],
+    'Tail' : [ 0x40, ['__unnamed_13a7']],
+} ],
+  '__unnamed_13ae' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'FileAttributes' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'EaLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13b2' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13b6' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13b8' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13bc' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13be' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13c0' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13c2' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0xc, ['unsigned char']],
+    'AdvanceOnly' : [ 0xd, ['unsigned char']],
+    'ClusterCount' : [ 0xc, ['unsigned long']],
+    'DeleteHandle' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13c4' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x4, ['pointer', ['void']]],
+    'EaListLength' : [ 0x8, ['unsigned long']],
+    'EaIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13c6' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13ca' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsDataCopyInformation', 13: 'FileFsMetadataSizeInformation', 14: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13cc' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'FsControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13cf' : [ 0x10, {
+    'Length' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13d1' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'IoControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13d3' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13d5' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_13d9' : [ 0x8, {
+    'Vpb' : [ 0x0, ['pointer', ['_VPB']]],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_13dd' : [ 0x4, {
+    'Srb' : [ 0x0, ['pointer', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_13e1' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x4, ['pointer', ['void']]],
+    'SidList' : [ 0x8, ['pointer', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13e5' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_13e9' : [ 0x10, {
+    'InterfaceType' : [ 0x0, ['pointer', ['_GUID']]],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned short']],
+    'Interface' : [ 0x8, ['pointer', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13ed' : [ 0x4, {
+    'Capabilities' : [ 0x0, ['pointer', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_13f1' : [ 0x4, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_13f3' : [ 0x10, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['void']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+    'Length' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13f5' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_13f9' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_13fd' : [ 0x8, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1401' : [ 0x8, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_1405' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_1409' : [ 0x4, {
+    'PowerSequence' : [ 0x0, ['pointer', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1411' : [ 0x10, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x8, ['_POWER_STATE']],
+    'ShutdownType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_1415' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x4, ['pointer', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1417' : [ 0x10, {
+    'ProviderId' : [ 0x0, ['unsigned long']],
+    'DataPath' : [ 0x4, ['pointer', ['void']]],
+    'BufferSize' : [ 0x8, ['unsigned long']],
+    'Buffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1419' : [ 0x10, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_141b' : [ 0x10, {
+    'Create' : [ 0x0, ['__unnamed_13ae']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13b2']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13b6']],
+    'Read' : [ 0x0, ['__unnamed_13b8']],
+    'Write' : [ 0x0, ['__unnamed_13b8']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13bc']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13be']],
+    'QueryFile' : [ 0x0, ['__unnamed_13c0']],
+    'SetFile' : [ 0x0, ['__unnamed_13c2']],
+    'QueryEa' : [ 0x0, ['__unnamed_13c4']],
+    'SetEa' : [ 0x0, ['__unnamed_13c6']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13ca']],
+    'SetVolume' : [ 0x0, ['__unnamed_13ca']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13cc']],
+    'LockControl' : [ 0x0, ['__unnamed_13cf']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_13d1']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_13d3']],
+    'SetSecurity' : [ 0x0, ['__unnamed_13d5']],
+    'MountVolume' : [ 0x0, ['__unnamed_13d9']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_13d9']],
+    'Scsi' : [ 0x0, ['__unnamed_13dd']],
+    'QueryQuota' : [ 0x0, ['__unnamed_13e1']],
+    'SetQuota' : [ 0x0, ['__unnamed_13c6']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_13e5']],
+    'QueryInterface' : [ 0x0, ['__unnamed_13e9']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_13ed']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_13f1']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_13f3']],
+    'SetLock' : [ 0x0, ['__unnamed_13f5']],
+    'QueryId' : [ 0x0, ['__unnamed_13f9']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_13fd']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1401']],
+    'WaitWake' : [ 0x0, ['__unnamed_1405']],
+    'PowerSequence' : [ 0x0, ['__unnamed_1409']],
+    'Power' : [ 0x0, ['__unnamed_1411']],
+    'StartDevice' : [ 0x0, ['__unnamed_1415']],
+    'WMI' : [ 0x0, ['__unnamed_1417']],
+    'Others' : [ 0x0, ['__unnamed_1419']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x24, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x4, ['__unnamed_141b']],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_1431' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x14, ['pointer', ['_IRP']]],
+    'Timer' : [ 0x18, ['pointer', ['_IO_TIMER']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Characteristics' : [ 0x20, ['unsigned long']],
+    'Vpb' : [ 0x24, ['pointer', ['_VPB']]],
+    'DeviceExtension' : [ 0x28, ['pointer', ['void']]],
+    'DeviceType' : [ 0x2c, ['unsigned long']],
+    'StackSize' : [ 0x30, ['unsigned char']],
+    'Queue' : [ 0x34, ['__unnamed_1431']],
+    'AlignmentRequirement' : [ 0x5c, ['unsigned long']],
+    'DeviceQueue' : [ 0x60, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0x74, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x94, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x98, ['pointer', ['void']]],
+    'DeviceLock' : [ 0x9c, ['_KEVENT']],
+    'SectorSize' : [ 0xac, ['unsigned short']],
+    'Spare1' : [ 0xae, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0xb0, ['pointer', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0xb4, ['pointer', ['void']]],
+} ],
+  '_KDPC' : [ 0x20, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x8, ['unsigned long']],
+    'DeferredRoutine' : [ 0xc, ['pointer', ['void']]],
+    'DeferredContext' : [ 0x10, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x14, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x18, ['pointer', ['void']]],
+    'DpcData' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x14, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x4, ['pointer', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x8, ['pointer', ['void']]],
+    'TxnParameters' : [ 0xc, ['pointer', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x10, ['pointer', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x358, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x20, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0x60, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0x68, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0x78, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0x80, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0x88, ['unsigned long']],
+    'TotalProcesses' : [ 0x8c, ['unsigned long']],
+    'ActiveProcesses' : [ 0x90, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0x94, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0x98, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xa0, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xa8, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0xac, ['unsigned long']],
+    'LimitFlags' : [ 0xb0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xb4, ['unsigned long']],
+    'Affinity' : [ 0xb8, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0xc4, ['pointer', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0xc8, ['pointer', ['void']]],
+    'UIRestrictionsClass' : [ 0xcc, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0xd0, ['unsigned long']],
+    'CompletionPort' : [ 0xd4, ['pointer', ['void']]],
+    'CompletionKey' : [ 0xd8, ['pointer', ['void']]],
+    'CompletionCount' : [ 0xe0, ['unsigned long long']],
+    'SessionId' : [ 0xe8, ['unsigned long']],
+    'SchedulingClass' : [ 0xec, ['unsigned long']],
+    'ReadOperationCount' : [ 0xf0, ['unsigned long long']],
+    'WriteOperationCount' : [ 0xf8, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x100, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x108, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x110, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x118, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x120, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x148, ['unsigned long']],
+    'JobMemoryLimit' : [ 0x14c, ['unsigned long']],
+    'JobTotalMemoryLimit' : [ 0x150, ['unsigned long']],
+    'PeakProcessMemoryUsed' : [ 0x154, ['unsigned long']],
+    'PeakJobMemoryUsed' : [ 0x158, ['unsigned long']],
+    'EffectiveAffinity' : [ 0x15c, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x168, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x170, ['unsigned long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x174, ['unsigned long']],
+    'EffectiveProcessMemoryLimit' : [ 0x178, ['unsigned long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x17c, ['pointer', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x180, ['pointer', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x184, ['pointer', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x188, ['pointer', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x18c, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x190, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x194, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x198, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x19c, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x1a0, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x1a4, ['unsigned char']],
+    'PriorityClass' : [ 0x1a5, ['unsigned char']],
+    'NestingDepth' : [ 0x1a6, ['unsigned char']],
+    'Reserved1' : [ 0x1a7, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x1a8, ['unsigned long']],
+    'WakeChannel' : [ 0x1b0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x1b0, ['_PS_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x1e8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x1f0, ['unsigned long']],
+    'OwnedHighEdgeFilters' : [ 0x1f4, ['unsigned long']],
+    'NotificationLink' : [ 0x1f8, ['pointer', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x200, ['unsigned long long']],
+    'NotificationInfo' : [ 0x208, ['pointer', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x20c, ['pointer', ['void']]],
+    'NotificationPacket' : [ 0x210, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x214, ['pointer', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x218, ['pointer', ['void']]],
+    'ReadyTime' : [ 0x220, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x228, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x22c, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x234, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x23c, ['pointer', ['_EJOB']]],
+    'ParentSilo' : [ 0x240, ['pointer', ['_EJOB']]],
+    'RootJob' : [ 0x244, ['pointer', ['_EJOB']]],
+    'IteratorListHead' : [ 0x248, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x250, ['unsigned long']],
+    'Ancestors' : [ 0x254, ['pointer', ['pointer', ['_EJOB']]]],
+    'SessionObject' : [ 0x254, ['pointer', ['void']]],
+    'TimerListLock' : [ 0x258, ['unsigned long']],
+    'TimerListHead' : [ 0x25c, ['_LIST_ENTRY']],
+    'Accounting' : [ 0x268, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x2c0, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x2c4, ['unsigned long']],
+    'SequenceNumber' : [ 0x2c8, ['unsigned long']],
+    'JobId' : [ 0x2cc, ['unsigned long']],
+    'ContainerId' : [ 0x2d0, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x2e0, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x2e4, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x2f0, ['pointer', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x2f4, ['pointer', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x2f8, ['unsigned long']],
+    'CloseDone' : [ 0x2f8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x2f8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x2f8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x2f8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x2f8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x2f8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x2f8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x2f8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x2f8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x2f8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x2f8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x2f8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x2f8, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x2f8, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x2f8, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x2f8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x2f8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x2f8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x2f8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x2f8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x2f8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x2f8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x2f8, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x2f8, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x2f8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x2f8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x2f8, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x2f8, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x2f8, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x2f8, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x2f8, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Spare' : [ 0x2f8, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EffectiveHighEdgeFilters' : [ 0x2fc, ['unsigned long']],
+    'EnergyValues' : [ 0x300, ['pointer', ['_PROCESS_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x304, ['unsigned long']],
+    'WakeRoot' : [ 0x308, ['pointer', ['_EJOB']]],
+    'DiskIoAttributionUserRefCount' : [ 0x30c, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x310, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x314, ['pointer', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x314, ['pointer', ['_EJOB']]],
+    'GlobalIoControl' : [ 0x318, ['_PS_IO_CONTROL_ENTRY']],
+    'VolumeIoControlLock' : [ 0x334, ['long']],
+    'VolumeIoControlTree' : [ 0x338, ['_RTL_RB_TREE']],
+    'IoControlLock' : [ 0x340, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x344, ['unsigned long']],
+    'RundownWorkItem' : [ 0x348, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MDL']]],
+    'Size' : [ 0x4, ['short']],
+    'MdlFlags' : [ 0x6, ['short']],
+    'Process' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0xc, ['pointer', ['void']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'ByteCount' : [ 0x14, ['unsigned long']],
+    'ByteOffset' : [ 0x18, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x68, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x5c, ['pointer', ['void']]],
+    'UserContext' : [ 0x60, ['pointer', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0x80, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x8, ['pointer', ['_VPB']]],
+    'FsContext' : [ 0xc, ['pointer', ['void']]],
+    'FsContext2' : [ 0x10, ['pointer', ['void']]],
+    'SectionObjectPointer' : [ 0x14, ['pointer', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x18, ['pointer', ['void']]],
+    'FinalStatus' : [ 0x1c, ['long']],
+    'RelatedFileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x24, ['unsigned char']],
+    'DeletePending' : [ 0x25, ['unsigned char']],
+    'ReadAccess' : [ 0x26, ['unsigned char']],
+    'WriteAccess' : [ 0x27, ['unsigned char']],
+    'DeleteAccess' : [ 0x28, ['unsigned char']],
+    'SharedRead' : [ 0x29, ['unsigned char']],
+    'SharedWrite' : [ 0x2a, ['unsigned char']],
+    'SharedDelete' : [ 0x2b, ['unsigned char']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x40, ['unsigned long']],
+    'Busy' : [ 0x44, ['unsigned long']],
+    'LastLock' : [ 0x48, ['pointer', ['void']]],
+    'Lock' : [ 0x4c, ['_KEVENT']],
+    'Event' : [ 0x5c, ['_KEVENT']],
+    'CompletionContext' : [ 0x6c, ['pointer', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0x70, ['unsigned long']],
+    'IrpList' : [ 0x74, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x4, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x38, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0x8, ['unsigned long']],
+    'CurrentFileIndex' : [ 0x8, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+    'FirstFileEntry' : [ 0x28, ['pointer', ['unsigned long']]],
+    'Process' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer', ['unsigned long']]],
+    'LastPageFrameEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0xc, ['pointer', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x10, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x28, ['pointer', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x2c, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x38, ['pointer', ['pointer', ['void']]]],
+    'Oplock' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedForRemote' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedContext' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_iobuf' : [ 0x20, {
+    '_ptr' : [ 0x0, ['pointer', ['unsigned char']]],
+    '_cnt' : [ 0x4, ['long']],
+    '_base' : [ 0x8, ['pointer', ['unsigned char']]],
+    '_flag' : [ 0xc, ['long']],
+    '_file' : [ 0x10, ['long']],
+    '_charbuf' : [ 0x14, ['long']],
+    '_bufsiz' : [ 0x18, ['long']],
+    '_tmpfname' : [ 0x1c, ['pointer', ['unsigned char']]],
+} ],
+  '_TlgProvider_t' : [ 0x30, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x4, ['pointer', ['unsigned short']]],
+    'KeywordAny' : [ 0x8, ['unsigned long long']],
+    'KeywordAll' : [ 0x10, ['unsigned long long']],
+    'RegHandle' : [ 0x18, ['unsigned long long']],
+    'EnableCallback' : [ 0x20, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x24, ['pointer', ['void']]],
+    'AnnotationFunc' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_161c' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'HighLow' : [ 0x0, ['_MMPTE_HIGHLOW']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_161c']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0xc, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x4, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0x8, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x8, ['pointer', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'ReservedLowFlags' : [ 0xe, ['unsigned char']],
+    'WaiterPriority' : [ 0xf, ['unsigned char']],
+    'SharedWaiters' : [ 0x10, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x18, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0xc, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x14, {
+    'Total' : [ 0x0, ['unsigned long']],
+    'ListName' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x8, ['unsigned long']],
+    'Blink' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x30, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0xc, ['pointer', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x10, ['pointer', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x14, ['unsigned long']],
+    'NumberOfReferences' : [ 0x18, ['unsigned long']],
+    'CloneHeader' : [ 0x1c, ['pointer', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x20, ['unsigned long']],
+    'NestingLevel' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_165f' : [ 0x4, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'WsIndex' : [ 0x0, ['unsigned long']],
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_1664' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_1666' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1668' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_1664']],
+    'e4' : [ 0x0, ['__unnamed_1666']],
+} ],
+  '__unnamed_166d' : [ 0x4, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 27, native_type='unsigned long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPFN' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_165f']],
+    'PteAddress' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x4, ['pointer', ['void']]],
+    'PteLong' : [ 0x4, ['unsigned long']],
+    'OriginalPte' : [ 0x8, ['_MMPTE']],
+    'u2' : [ 0x10, ['_MIPFNBLINK']],
+    'u3' : [ 0x14, ['__unnamed_1668']],
+    'u4' : [ 0x18, ['__unnamed_166d']],
+} ],
+  '__unnamed_1675' : [ 0x4, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_1675']],
+} ],
+  '_MMWSL_SHARED' : [ 0x40, {
+    'FirstFree' : [ 0x0, ['unsigned long']],
+    'FirstDynamic' : [ 0x4, ['unsigned long']],
+    'LastEntry' : [ 0x8, ['unsigned long']],
+    'LastInitializedWsle' : [ 0xc, ['unsigned long']],
+    'WsleSize' : [ 0x10, ['unsigned long']],
+    'NonDirectCount' : [ 0x14, ['unsigned long']],
+    'LowestPagableAddress' : [ 0x18, ['pointer', ['void']]],
+    'NonDirectHash' : [ 0x1c, ['pointer', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x20, ['pointer', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x24, ['pointer', ['_MMWSLE_HASH']]],
+    'Wsle' : [ 0x30, ['pointer', ['_MMWSLE']]],
+} ],
+  '__unnamed_1688' : [ 0x4, {
+    'ImageCommitment' : [ 0x0, ['unsigned long']],
+    'CreatingProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+} ],
+  '__unnamed_168c' : [ 0x4, {
+    'ImageInformation' : [ 0x0, ['pointer', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x20, ['__unnamed_1688']],
+    'u2' : [ 0x24, ['__unnamed_168c']],
+    'PrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_1691' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_169b' : [ 0xc, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 25, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_169d' : [ 0xc, {
+    'e2' : [ 0x0, ['__unnamed_169b']],
+} ],
+  '__unnamed_16a1' : [ 0x4, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+    'SpareImage' : [ 0x0, ['unsigned long']],
+} ],
+  '_CONTROL_AREA' : [ 0x50, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'ListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0xc, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x10, ['unsigned long']],
+    'NumberOfMappedViews' : [ 0x14, ['unsigned long']],
+    'NumberOfUserReferences' : [ 0x18, ['unsigned long']],
+    'u' : [ 0x1c, ['__unnamed_1691']],
+    'FilePointer' : [ 0x20, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x24, ['long']],
+    'ModifiedWriteCount' : [ 0x28, ['unsigned long']],
+    'WaitList' : [ 0x2c, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x30, ['__unnamed_169d']],
+    'FileObjectLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x40, ['unsigned long long']],
+    'u3' : [ 0x48, ['__unnamed_16a1']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x38, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'BasePte' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'VaType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'MiVaUnused', 1: 'MiVaSessionSpace', 2: 'MiVaProcessSpace', 3: 'MiVaBootLoaded', 4: 'MiVaPfnDatabase', 5: 'MiVaNonPagedPool', 6: 'MiVaPagedPool', 7: 'MiVaSpecialPoolPaged', 8: 'MiVaSystemCache', 9: 'MiVaSystemPtes', 10: 'MiVaHal', 11: 'MiVaSessionGlobalSpace', 12: 'MiVaDriverImages', 13: 'MiVaSpecialPoolNonPaged', 14: 'MiVaPagedProtoPool', 15: 'MiVaMaximumType', 16: 'MiVaSystemPtesLarge'})]],
+    'FailureCount' : [ 0x14, ['pointer', ['unsigned long']]],
+    'PteFailures' : [ 0x18, ['unsigned long']],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'GlobalPushLock' : [ 0x1c, ['pointer', ['_EX_PUSH_LOCK']]],
+    'Vm' : [ 0x20, ['pointer', ['_MMSUPPORT_INSTANCE']]],
+    'TotalSystemPtes' : [ 0x24, ['unsigned long']],
+    'Hint' : [ 0x28, ['unsigned long']],
+    'LowestBitEverAllocated' : [ 0x2c, ['unsigned long']],
+    'CachedPtes' : [ 0x30, ['pointer', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_16c2' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_16c5' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x28, {
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'NextVad' : [ 0x0, ['pointer', ['_MMVAD_SHORT']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x1c, ['__unnamed_16c2']],
+    'u1' : [ 0x20, ['__unnamed_16c5']],
+    'EventList' : [ 0x24, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x4, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 28, native_type='unsigned long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireKey' : [ 0x0, ['unsigned long']],
+} ],
+  '_HHIVE' : [ 0x6f0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x4, ['pointer', ['void']]],
+    'ReleaseCellRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Allocate' : [ 0xc, ['pointer', ['void']]],
+    'Free' : [ 0x10, ['pointer', ['void']]],
+    'FileWrite' : [ 0x14, ['pointer', ['void']]],
+    'FileRead' : [ 0x18, ['pointer', ['void']]],
+    'HiveLoadFailure' : [ 0x1c, ['pointer', ['void']]],
+    'BaseBlock' : [ 0x20, ['pointer', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x24, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x2c, ['unsigned long']],
+    'DirtyAlloc' : [ 0x30, ['unsigned long']],
+    'UnreconciledVector' : [ 0x34, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x3c, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x40, ['unsigned long']],
+    'Cluster' : [ 0x44, ['unsigned long']],
+    'Flat' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SystemCacheBacked' : [ 0x48, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x49, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x4c, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x50, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x54, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x58, ['unsigned long']],
+    'HiveFlags' : [ 0x5c, ['unsigned long']],
+    'CurrentLog' : [ 0x60, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x64, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x68, ['unsigned long']],
+    'CurrentLogOffset' : [ 0x6c, ['unsigned long']],
+    'MinimumLogSequence' : [ 0x70, ['unsigned long']],
+    'LogFileSizeCap' : [ 0x74, ['unsigned long']],
+    'LogDataPresent' : [ 0x78, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0x7a, ['unsigned char']],
+    'BaseBlockDirty' : [ 0x7b, ['unsigned char']],
+    'LastLogSwapTime' : [ 0x80, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0x88, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0x88, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0x88, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0x88, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0x8a, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0x8c, ['unsigned long']],
+    'StorageTypeCount' : [ 0x90, ['unsigned long']],
+    'Version' : [ 0x94, ['unsigned long']],
+    'ViewMap' : [ 0x98, ['_HVIEW_MAP']],
+    'Storage' : [ 0x3b8, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0xa8, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0xc, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0x14, ['unsigned long']],
+    'KcbPushlock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x1c, ['pointer', ['_KTHREAD']]],
+    'SharedCount' : [ 0x1c, ['long']],
+    'DelayedDeref' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x20, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x20, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x21, ['unsigned char']],
+    'LayerHeight' : [ 0x22, ['short']],
+    'SlotHint' : [ 0x24, ['unsigned long']],
+    'ParentKcb' : [ 0x28, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x2c, ['pointer', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x34, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x3c, ['pointer', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x3c, ['unsigned long']],
+    'SubKeyCount' : [ 0x3c, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x48, ['array', 4, ['pointer', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0x60, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0x62, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0x64, ['unsigned long']],
+    'KcbUserFlags' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'LayerInfo' : [ 0x6c, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'KCBUoWListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'Stolen' : [ 0x78, ['pointer', ['unsigned char']]],
+    'TransKCBOwner' : [ 0x80, ['pointer', ['_CM_TRANS']]],
+    'KCBLock' : [ 0x84, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x8c, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x94, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x9c, ['pointer', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0xa0, ['pointer', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0xa0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0xa0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x68, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x8, ['pointer', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0xc, ['pointer', ['void']]],
+    'KeyBodyList' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x18, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x20, ['pointer', ['_GUID']]],
+    'ContextListHead' : [ 0x24, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1730' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapForLoaderHive', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpMapHiveImage', 8: '_HvpRecoverData', 9: '_CmpValidateHiveSecurityDescriptors', 10: '_HvpEnlistBinInMap', 11: '_CmCheckRegistry', 12: '_CmRegistryIO', 13: '_CmCheckRegistry2', 14: '_CmpCheckKey', 15: '_CmpCheckValueList', 16: '_HvCheckHive', 17: '_HvCheckBin', 18: '_HvpGetLogEntryDirtyVector', 19: '_HvpReadLogEntryHeader', 20: '_HvpReadLogEntry', 21: '_CmpMountPreloadedHives', 22: '_CmpLoadHiveThread'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1733' : [ 0xc, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x4, ['pointer', ['void']]],
+    'Status' : [ 0x8, ['long']],
+} ],
+  '__unnamed_1735' : [ 0x4, {
+    'CheckStack' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1737' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x4, ['pointer', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x8, ['pointer', ['void']]],
+    'Index' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1739' : [ 0x10, {
+    'List' : [ 0x0, ['pointer', ['_CELL_DATA']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Cell' : [ 0x8, ['unsigned long']],
+    'CellPoint' : [ 0xc, ['pointer', ['_CELL_DATA']]],
+} ],
+  '__unnamed_173d' : [ 0xc, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer', ['_HBIN']]],
+} ],
+  '__unnamed_1741' : [ 0x8, {
+    'Bin' : [ 0x0, ['pointer', ['_HBIN']]],
+    'CellPoint' : [ 0x4, ['pointer', ['_HCELL']]],
+} ],
+  '__unnamed_1743' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x120, {
+    'Hive' : [ 0x0, ['pointer', ['_HHIVE']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'RecoverableIndex' : [ 0x8, ['unsigned long']],
+    'Locations' : [ 0xc, ['array', 8, ['__unnamed_1730']]],
+    'RecoverableLocations' : [ 0x6c, ['array', 8, ['__unnamed_1730']]],
+    'RegistryIO' : [ 0xcc, ['__unnamed_1733']],
+    'CheckRegistry2' : [ 0xd8, ['__unnamed_1735']],
+    'CheckKey' : [ 0xdc, ['__unnamed_1737']],
+    'CheckValueList' : [ 0xec, ['__unnamed_1739']],
+    'CheckHive' : [ 0xfc, ['__unnamed_173d']],
+    'CheckHive1' : [ 0x108, ['__unnamed_173d']],
+    'CheckBin' : [ 0x114, ['__unnamed_1741']],
+    'RecoverData' : [ 0x11c, ['__unnamed_1743']],
+} ],
+  '_CM_KCB_UOW' : [ 0x40, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x8, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0xc, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x18, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x1c, ['pointer', ['_CM_TRANS']]],
+    'UoWState' : [ 0x20, ['unsigned long']],
+    'ActionType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ParentUoW' : [ 0x2c, ['pointer', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x30, ['unsigned long']],
+    'OldValueCell' : [ 0x30, ['unsigned long']],
+    'NewValueCell' : [ 0x34, ['unsigned long']],
+    'UserFlags' : [ 0x30, ['unsigned long']],
+    'LastWriteTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x30, ['unsigned long']],
+    'OldChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x34, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x34, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x38, ['pointer', ['void']]],
+    'SecurityData' : [ 0x38, ['pointer', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x38, ['pointer', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x38, ['pointer', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x3c, ['pointer', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x3c, ['pointer', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0x68, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x18, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x18, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x18, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x18, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x18, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x18, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x18, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x18, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x18, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x18, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x18, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x18, ['unsigned long']],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x20, ['pointer', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x24, ['pointer', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x28, ['pointer', ['void']]],
+    'KtmUow' : [ 0x2c, ['_GUID']],
+    'StartLsn' : [ 0x40, ['unsigned long long']],
+    'HiveCount' : [ 0x48, ['unsigned long']],
+    'HiveArray' : [ 0x4c, ['array', 7, ['pointer', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x8, ['unsigned long']],
+    'Counters' : [ 0xc, ['pointer', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x8, {
+    'Data' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0xc, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 36, ['unsigned long']]],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 37, ['unsigned long long']]],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x1840, {
+    'TimerExpiry' : [ 0x0, ['array', 16, ['pointer', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x40, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Entry' : [ 0x4, ['_LIST_ENTRY']],
+    'Time' : [ 0x10, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x20, {
+    'Reserved1' : [ 0x0, ['long long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+    'Prev' : [ 0xc, ['pointer', ['_XSTATE_SAVE']]],
+    'Reserved3' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Thread' : [ 0x14, ['pointer', ['_KTHREAD']]],
+    'Reserved4' : [ 0x18, ['pointer', ['void']]],
+    'Level' : [ 0x1c, ['unsigned char']],
+    'XStateContext' : [ 0x0, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x134, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'ReadySummary' : [ 0x4, ['unsigned long']],
+    'ReadyListHead' : [ 0x8, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x108, ['array', 32, ['unsigned char']]],
+    'Span' : [ 0x128, ['unsigned char']],
+    'LowProcIndex' : [ 0x129, ['unsigned char']],
+    'QueueIndex' : [ 0x12a, ['unsigned char']],
+    'ProcCount' : [ 0x12b, ['unsigned char']],
+    'ScanOwner' : [ 0x12c, ['unsigned char']],
+    'Spare' : [ 0x12d, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x130, ['unsigned long']],
+} ],
+  '_KAFFINITY_EX' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0xc, {
+    'Affinity' : [ 0x0, ['pointer', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x4, ['unsigned long']],
+    'CurrentIndex' : [ 0x8, ['unsigned short']],
+} ],
+  '__unnamed_1880' : [ 0x4, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1882' : [ 0x4, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1886' : [ 0x10, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0xc, ['pointer', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x1d0, {
+    'Sibling' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x2c, ['long']],
+    'FxRemoveEvent' : [ 0x30, ['_KEVENT']],
+    'FxActivationCount' : [ 0x40, ['long']],
+    'FxSleepCount' : [ 0x44, ['long']],
+    'Plugin' : [ 0x48, ['pointer', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x4c, ['unsigned long']],
+    'CurrentPowerState' : [ 0x50, ['_POWER_STATE']],
+    'Notify' : [ 0x54, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x90, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0xa0, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0xa8, ['unsigned long']],
+    'State' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0xb0, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0xb4, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x104, ['unsigned long']],
+    'CompletionStatus' : [ 0x108, ['long']],
+    'Flags' : [ 0x10c, ['unsigned long']],
+    'UserFlags' : [ 0x110, ['unsigned long']],
+    'Problem' : [ 0x114, ['unsigned long']],
+    'ProblemStatus' : [ 0x118, ['long']],
+    'ResourceList' : [ 0x11c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x120, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x124, ['pointer', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x128, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x130, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x134, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x138, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x13c, ['unsigned short']],
+    'RemovalPolicy' : [ 0x13e, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x13f, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x140, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x148, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x150, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x158, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x15a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x15c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x15e, ['unsigned short']],
+    'OverUsed1' : [ 0x160, ['__unnamed_1880']],
+    'OverUsed2' : [ 0x164, ['__unnamed_1882']],
+    'BootResources' : [ 0x168, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x16c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x170, ['unsigned long']],
+    'DockInfo' : [ 0x174, ['__unnamed_1886']],
+    'DisableableDepends' : [ 0x184, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x188, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x190, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x198, ['unsigned long']],
+    'PreviousParent' : [ 0x19c, ['pointer', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x1a0, ['long']],
+    'NumaNodeIndex' : [ 0x1a4, ['unsigned long']],
+    'ContainerID' : [ 0x1a8, ['_GUID']],
+    'OverrideFlags' : [ 0x1b8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x1bc, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x1c0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x1c4, ['pointer', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x1c8, ['unsigned long']],
+    'RebalanceContext' : [ 0x1cc, ['pointer', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x38, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x2c, ['pointer', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x30, ['pointer', ['unsigned long long']]],
+    'EnableLevel' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x2c, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x8, ['unsigned long']],
+    'CompletedList' : [ 0xc, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x14, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x28, ['unsigned long']],
+} ],
+  '_KSEMAPHORE' : [ 0x14, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x10, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x38, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x8, ['unsigned long']],
+    'Dope' : [ 0xc, ['pointer', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x10, ['unsigned long']],
+    'DeviceNode' : [ 0x14, ['pointer', ['void']]],
+    'AttachedTo' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x1c, ['long']],
+    'StartIoKey' : [ 0x20, ['long']],
+    'StartIoFlags' : [ 0x24, ['unsigned long']],
+    'Vpb' : [ 0x28, ['pointer', ['_VPB']]],
+    'DependencyNode' : [ 0x2c, ['pointer', ['void']]],
+    'InterruptContext' : [ 0x30, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0xc, {
+    'Mask' : [ 0x0, ['unsigned long']],
+    'Group' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['array', 3, ['unsigned short']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0xc, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x28, {
+    'PhysicalDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'AllocationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0xc, ['unsigned long']],
+    'Position' : [ 0x10, ['unsigned long']],
+    'ResourceRequirements' : [ 0x14, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x18, ['pointer', ['void']]],
+    'ResourceAssignment' : [ 0x1c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x20, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x24, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1986' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1986']],
+} ],
+  '__unnamed_198d' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_198d']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_X86_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x14, ['pointer', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x30, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PullDefault', 1: 'PullUp', 2: 'PullDown', 3: 'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'IoRestrictionNone', 1: 'IoRestrictionInputOnly', 2: 'IoRestrictionOutputOnly', 3: 'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x1c, ['pointer', ['unsigned short']]],
+    'PinCount' : [ 0x20, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x22, ['unsigned char']],
+    'ResourceSourceName' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x28, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x20, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'SlaveAddress' : [ 0x1c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x18, ['unsigned long']],
+    'RxBufferSize' : [ 0x1c, ['unsigned short']],
+    'TxBufferSize' : [ 0x1e, ['unsigned short']],
+    'Parity' : [ 0x20, ['unsigned char']],
+    'LinesInUse' : [ 0x21, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'DataBitLength' : [ 0x1c, ['unsigned char']],
+    'Phase' : [ 0x1d, ['unsigned char']],
+    'Polarity' : [ 0x1e, ['unsigned char']],
+    'DeviceSelection' : [ 0x20, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x100, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x14, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x18, ['pointer', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x1c, ['pointer', ['void']]],
+    'Accounting' : [ 0x20, ['pointer', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_POP_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x1a8, {
+    'Name' : [ 0x0, ['pointer', ['wchar']]],
+    'Id' : [ 0x4, ['unsigned char']],
+    'Guid' : [ 0x8, ['_GUID']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Priority' : [ 0x1c, ['unsigned char']],
+    'Settings' : [ 0x20, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x180, ['unsigned long long']],
+    'Count' : [ 0x188, ['unsigned long long']],
+    'MaxDuration' : [ 0x190, ['unsigned long long']],
+    'MinDuration' : [ 0x198, ['unsigned long long']],
+    'TotalDuration' : [ 0x1a0, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xb0, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfBoostPolicy' : [ 0x2c, ['unsigned long']],
+    'PerfBoostMode' : [ 0x30, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x34, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x38, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x3c, ['unsigned long']],
+    'AutonomousPreference' : [ 0x40, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x41, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x43, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x45, ['unsigned char']],
+    'ParkingPerfState' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x48, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x49, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x4a, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x4b, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x4c, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x4d, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x4e, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x50, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x54, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x58, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x5a, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x5c, ['unsigned char']],
+    'IdleDisabled' : [ 0x5d, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x60, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x64, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x65, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x66, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x67, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x68, ['array', 32, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x88, ['array', 32, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xa8, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xa9, ['unsigned char']],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x288, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x1a4, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x1b8, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x1e8, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x1ec, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x1f0, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x1f4, ['pointer', ['void']]],
+    'HardErrorState' : [ 0x1f8, ['unsigned long']],
+    'WnfSiloState' : [ 0x200, ['_WNF_SILODRIVERSTATE']],
+    'ApiSetSection' : [ 0x230, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x234, ['pointer', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x238, ['unsigned char']],
+    'SiloRootDirectoryName' : [ 0x23c, ['_UNICODE_STRING']],
+    'Storage' : [ 0x244, ['pointer', ['_PSP_STORAGE']]],
+    'State' : [ 0x248, ['Enumeration', dict(target = 'long', choices = {0: 'SERVERSILO_INITING', 1: 'SERVERSILO_STARTED', 2: 'SERVERSILO_SHUTTING_DOWN', 3: 'SERVERSILO_TERMINATING', 4: 'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x24c, ['long']],
+    'DeleteEvent' : [ 0x250, ['pointer', ['_KEVENT']]],
+    'UserSharedData' : [ 0x258, ['_SILO_USER_SHARED_DATA']],
+    'TerminateWorkItem' : [ 0x278, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x90, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x14, ['unsigned long']],
+    'LogHandleContext' : [ 0x18, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0x84, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0x88, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x178, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x28, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x30, ['array', 4, ['pointer', ['_VACB']]]],
+    'Vacbs' : [ 0x40, ['pointer', ['pointer', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x44, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x4c, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'Flags' : [ 0x60, ['unsigned long']],
+    'Status' : [ 0x64, ['long']],
+    'Mbcb' : [ 0x68, ['pointer', ['_MBCB']]],
+    'Section' : [ 0x6c, ['pointer', ['void']]],
+    'CreateEvent' : [ 0x70, ['pointer', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0x74, ['pointer', ['_KEVENT']]],
+    'PagesToWrite' : [ 0x78, ['unsigned long']],
+    'BeyondLastFlush' : [ 0x80, ['long long']],
+    'Callbacks' : [ 0x88, ['pointer', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0x8c, ['pointer', ['void']]],
+    'PrivateList' : [ 0x90, ['_LIST_ENTRY']],
+    'V1' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0xa0, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0xa8, ['unsigned long']],
+    'LazyWritePassCount' : [ 0xac, ['unsigned long']],
+    'UninitializeEvent' : [ 0xb0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0xb4, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0xd8, ['_LARGE_INTEGER']],
+    'Event' : [ 0xe0, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0xf8, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x160, ['pointer', ['void']]],
+    'VolumeCacheMap' : [ 0x164, ['pointer', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x168, ['unsigned long']],
+    'WritesInProgress' : [ 0x16c, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x170, ['unsigned long']],
+} ],
+  '__unnamed_1a86' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x8, ['__unnamed_1a86']],
+    'ArrayHead' : [ 0x10, ['pointer', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '__unnamed_1aab' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1aad' : [ 0x4, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1aaf' : [ 0x4, {
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+} ],
+  '__unnamed_1ab1' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1ab3' : [ 0x1c, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x4, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x8, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_1ab7' : [ 0x40, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'PrefetchList' : [ 0x18, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x1c, ['unsigned long']],
+    'Mdl' : [ 0x20, ['pointer', ['_MDL']]],
+    'IoStatusBlock' : [ 0x24, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x34, ['pointer', ['void']]],
+    'RequestorMode' : [ 0x38, ['unsigned char']],
+    'NestingLevel' : [ 0x3c, ['unsigned long']],
+} ],
+  '__unnamed_1ab9' : [ 0x40, {
+    'Read' : [ 0x0, ['__unnamed_1aab']],
+    'Write' : [ 0x0, ['__unnamed_1aad']],
+    'Event' : [ 0x0, ['__unnamed_1aaf']],
+    'Notification' : [ 0x0, ['__unnamed_1ab1']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1ab3']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1ab7']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x50, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x8, ['__unnamed_1ab9']],
+    'Function' : [ 0x48, ['unsigned char']],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x18, {
+    'Callback' : [ 0x0, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0x4, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x68, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x8, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0xc, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x18, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x40, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x44, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x48, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x50, ['pointer', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x54, ['unsigned long']],
+    'LastLWTimeStamp' : [ 0x58, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x60, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0x88, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x18, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x20, ['long long']],
+    'BitmapRange1' : [ 0x28, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x48, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x68, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x8, ['long long']],
+    'FirstDirtyPage' : [ 0x10, ['unsigned long']],
+    'LastDirtyPage' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'Bitmap' : [ 0x1c, ['pointer', ['unsigned long']]],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x10, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x8, ['pointer', ['void']]],
+    'VacbLevelsAllocated' : [ 0xc, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x24, {
+    'ExtendedLookup' : [ 0x0, ['pointer', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x4, ['unsigned long']],
+    'ExtraItem' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x10, ['unsigned long']],
+    'BaseIndex' : [ 0x14, ['unsigned long']],
+    'ListHead' : [ 0x18, ['pointer', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'ListHints' : [ 0x20, ['pointer', ['pointer', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x248, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+    'Flags' : [ 0x40, ['unsigned long']],
+    'ForceFlags' : [ 0x44, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x48, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x4c, ['unsigned long']],
+    'Encoding' : [ 0x50, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x58, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x5c, ['unsigned long']],
+    'Signature' : [ 0x60, ['unsigned long']],
+    'SegmentReserve' : [ 0x64, ['unsigned long']],
+    'SegmentCommit' : [ 0x68, ['unsigned long']],
+    'DeCommitFreeBlockThreshold' : [ 0x6c, ['unsigned long']],
+    'DeCommitTotalFreeThreshold' : [ 0x70, ['unsigned long']],
+    'TotalFreeSize' : [ 0x74, ['unsigned long']],
+    'MaximumAllocationSize' : [ 0x78, ['unsigned long']],
+    'ProcessHeapsListIndex' : [ 0x7c, ['unsigned short']],
+    'HeaderValidateLength' : [ 0x7e, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0x80, ['pointer', ['void']]],
+    'NextAvailableTagIndex' : [ 0x84, ['unsigned short']],
+    'MaximumTagIndex' : [ 0x86, ['unsigned short']],
+    'TagEntries' : [ 0x88, ['pointer', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0x8c, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x94, ['unsigned long']],
+    'AlignMask' : [ 0x98, ['unsigned long']],
+    'VirtualAllocdBlocks' : [ 0x9c, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0xa4, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0xac, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0xb0, ['unsigned long']],
+    'BlocksIndex' : [ 0xb4, ['pointer', ['void']]],
+    'UCRIndex' : [ 0xb8, ['pointer', ['void']]],
+    'PseudoTagEntries' : [ 0xbc, ['pointer', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0xc0, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0xc8, ['pointer', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0xcc, ['pointer', ['void']]],
+    'StackTraceInitVar' : [ 0xd0, ['_RTL_RUN_ONCE']],
+    'FrontEndHeap' : [ 0xd4, ['pointer', ['void']]],
+    'FrontHeapLockCount' : [ 0xd8, ['unsigned short']],
+    'FrontEndHeapType' : [ 0xda, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0xdb, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0xdc, ['pointer', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0xe0, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0xe2, ['array', 257, ['unsigned char']]],
+    'Counters' : [ 0x1e4, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x240, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1b28' : [ 0x38, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x38, {
+    'Lock' : [ 0x0, ['__unnamed_1b28']],
+} ],
+  '_HEAP_ENTRY' : [ 0x8, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x40, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x20, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x8, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x10, ['unsigned long']],
+    'ReserveSize' : [ 0x14, ['unsigned long']],
+    'BusyBlock' : [ 0x18, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x10, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+    'FreeList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1b7b' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1b7d' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b7b']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1b7f' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1b81' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1b7f']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1b7d']],
+    'u2' : [ 0x4, ['__unnamed_1b81']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x20, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x14, ['pointer', ['void']]],
+    'DestroyProcedure' : [ 0x18, ['pointer', ['void']]],
+    'UsualSize' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_1b9e' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1ba0' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1b9e']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x18, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'u1' : [ 0x8, ['__unnamed_1ba0']],
+    'ResourceId' : [ 0x9, ['unsigned char']],
+    'CachedReferences' : [ 0xa, ['short']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Pad' : [ 0x10, ['unsigned long']],
+    'Lock' : [ 0x14, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1bb4' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bb6' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bb4']],
+} ],
+  '_KALPC_SECTION' : [ 0x28, {
+    'SectionObject' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'HandleTable' : [ 0x8, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0xc, ['pointer', ['void']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x14, ['pointer', ['_ALPC_PORT']]],
+    'u1' : [ 0x18, ['__unnamed_1bb6']],
+    'NumberOfRegions' : [ 0x1c, ['unsigned long']],
+    'RegionListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1bbf' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bc1' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bbf']],
+} ],
+  '_KALPC_REGION' : [ 0x30, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x8, ['pointer', ['_KALPC_SECTION']]],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ViewSize' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_1bc1']],
+    'NumberOfViews' : [ 0x1c, ['unsigned long']],
+    'ViewListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x28, ['pointer', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x2c, ['pointer', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1bc7' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bc9' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bc7']],
+} ],
+  '_KALPC_VIEW' : [ 0x34, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x8, ['pointer', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'Address' : [ 0x14, ['pointer', ['void']]],
+    'Size' : [ 0x18, ['unsigned long']],
+    'SecureViewHandle' : [ 0x1c, ['pointer', ['void']]],
+    'WriteAccessHandle' : [ 0x20, ['pointer', ['void']]],
+    'u1' : [ 0x24, ['__unnamed_1bc9']],
+    'NumberOfOwnerMessages' : [ 0x28, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x28, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x4, ['pointer', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0xc, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x14, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x24, ['pointer', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1be6' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1be8' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1be6']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x11c, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x10, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x14, ['pointer', ['void']]],
+    'CompletionPacketLookaside' : [ 0x18, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x1c, ['pointer', ['void']]],
+    'StaticSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x60, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0x74, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0x7c, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0x80, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0x8c, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0x94, ['pointer', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'PortAttributes' : [ 0x98, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0xc4, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0xd0, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0xd4, ['pointer', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0xd8, ['pointer', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0xdc, ['pointer', ['void']]],
+    'CanceledQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0xe8, ['long']],
+    'ReferenceNo' : [ 0xec, ['long']],
+    'ReferenceNoWait' : [ 0xf0, ['pointer', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0xf4, ['__unnamed_1be8']],
+    'TargetQueuePort' : [ 0xf8, ['pointer', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0xfc, ['pointer', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x100, ['pointer', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x104, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x108, ['unsigned long']],
+    'PendingQueueLength' : [ 0x10c, ['unsigned long']],
+    'DirectQueueLength' : [ 0x110, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x114, ['unsigned long']],
+    'WaitQueueLength' : [ 0x118, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x58, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x10, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x14, ['pointer', ['void']]],
+    'UserLimit' : [ 0x18, ['pointer', ['void']]],
+    'DataUserVa' : [ 0x1c, ['pointer', ['void']]],
+    'SystemVa' : [ 0x20, ['pointer', ['void']]],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'Header' : [ 0x28, ['pointer', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x2c, ['pointer', ['void']]],
+    'ListSize' : [ 0x30, ['unsigned long']],
+    'Bitmap' : [ 0x34, ['pointer', ['void']]],
+    'BitmapSize' : [ 0x38, ['unsigned long']],
+    'Data' : [ 0x3c, ['pointer', ['void']]],
+    'DataSize' : [ 0x40, ['unsigned long']],
+    'BitmapLimit' : [ 0x44, ['unsigned long']],
+    'BitmapNextHint' : [ 0x48, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x4c, ['unsigned long']],
+    'AttributeFlags' : [ 0x50, ['unsigned long']],
+    'AttributeSize' : [ 0x54, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ObjectName' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x10, ['pointer', ['void']]],
+    'SecurityQualityOfService' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0x90, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x10, ['pointer', ['void']]],
+    'Index' : [ 0x14, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x18, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x1c, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x20, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x24, ['unsigned long']],
+    'TypeInfo' : [ 0x28, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0x84, ['unsigned long']],
+    'CallbackList' : [ 0x88, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x14, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1c0b' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c0d' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c0b']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x98, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'u1' : [ 0x14, ['__unnamed_1c0d']],
+    'SequenceNo' : [ 0x18, ['long']],
+    'QuotaProcess' : [ 0x1c, ['pointer', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x1c, ['pointer', ['void']]],
+    'CancelSequencePort' : [ 0x20, ['pointer', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x24, ['pointer', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x28, ['long']],
+    'CancelListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x34, ['pointer', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x38, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0x60, ['pointer', ['void']]],
+    'CommunicationInfo' : [ 0x64, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0x68, ['pointer', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0x6c, ['pointer', ['_ETHREAD']]],
+    'WakeReference' : [ 0x70, ['pointer', ['void']]],
+    'ExtensionBuffer' : [ 0x74, ['pointer', ['void']]],
+    'ExtensionBufferSize' : [ 0x78, ['unsigned long']],
+    'PortMessage' : [ 0x80, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x24, {
+    'PortObject' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'Message' : [ 0x4, ['pointer', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'TargetPort' : [ 0x10, ['pointer', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x14, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalLength' : [ 0x1c, ['unsigned short']],
+    'Type' : [ 0x1e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x20, ['unsigned short']],
+    'SignalCompletion' : [ 0x22, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x23, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x4, ['unsigned long']],
+    'ViewBase' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x14, {
+    'OwnerPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x4, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Message' : [ 0xc, ['pointer', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x24, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x28, {
+    'ClientContext' : [ 0x0, ['pointer', ['void']]],
+    'ServerContext' : [ 0x4, ['pointer', ['void']]],
+    'PortContext' : [ 0x8, ['pointer', ['void']]],
+    'CancelPortContext' : [ 0xc, ['pointer', ['void']]],
+    'SecurityData' : [ 0x10, ['pointer', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x14, ['pointer', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x18, ['pointer', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x1c, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x20, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_1c51' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c53' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c51']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x50, {
+    'HandleTable' : [ 0x0, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x4, ['pointer', ['void']]],
+    'OwningProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x10, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x4c, ['__unnamed_1c53']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x4, {
+    'Event' : [ 0x0, ['unsigned long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x8, ['unsigned long']],
+    'KeyContext' : [ 0xc, ['pointer', ['void']]],
+    'ApcContext' : [ 0x10, ['pointer', ['void']]],
+    'IoStatus' : [ 0x14, ['long']],
+    'IoStatusInformation' : [ 0x18, ['unsigned long']],
+    'MiniPacketCallback' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Allocated' : [ 0x24, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x2c, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer', ['void']]],
+    'DiskIoAttributionHandle' : [ 0xc, ['unsigned long']],
+    'ActivityId' : [ 0x10, ['_GUID']],
+    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x20, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x20, ['pointer', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x24, ['long long']],
+} ],
+  '_DRIVER_OBJECT' : [ 0xa8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DriverStart' : [ 0xc, ['pointer', ['void']]],
+    'DriverSize' : [ 0x10, ['unsigned long']],
+    'DriverSection' : [ 0x14, ['pointer', ['void']]],
+    'DriverExtension' : [ 0x18, ['pointer', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x1c, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x28, ['pointer', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x2c, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x30, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x34, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x38, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x14, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0xc, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x28, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+    'FoIoPriorityHint' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0x78, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x8, ['long']],
+    'Information' : [ 0xc, ['unsigned long']],
+    'ParseCheck' : [ 0x10, ['unsigned long']],
+    'RelatedFileObject' : [ 0x14, ['pointer', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x18, ['pointer', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x28, ['unsigned long']],
+    'FileAttributes' : [ 0x2c, ['unsigned short']],
+    'ShareAccess' : [ 0x2e, ['unsigned short']],
+    'EaBuffer' : [ 0x30, ['pointer', ['void']]],
+    'EaLength' : [ 0x34, ['unsigned long']],
+    'Options' : [ 0x38, ['unsigned long']],
+    'Disposition' : [ 0x3c, ['unsigned long']],
+    'BasicInformation' : [ 0x40, ['pointer', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x44, ['pointer', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x4c, ['pointer', ['void']]],
+    'Override' : [ 0x50, ['unsigned char']],
+    'QueryOnly' : [ 0x51, ['unsigned char']],
+    'DeleteOnly' : [ 0x52, ['unsigned char']],
+    'FullAttributes' : [ 0x53, ['unsigned char']],
+    'LocalFileObject' : [ 0x54, ['pointer', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x58, ['unsigned long']],
+    'AccessMode' : [ 0x5c, ['unsigned char']],
+    'DriverCreateContext' : [ 0x60, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1d1b' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x110, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1d1b']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer', ['wchar']]],
+    'LogFileName' : [ 0x3c, ['pointer', ['wchar']]],
+    'TimeZone' : [ 0x40, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0xf8, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x108, ['unsigned long']],
+    'BuffersLost' : [ 0x10c, ['unsigned long']],
+} ],
+  '_RTL_HASH_TABLE' : [ 0xc, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x8, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0xc, {
+    'Hash' : [ 0x0, ['pointer', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x4, ['pointer', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x10, {
+    'Table' : [ 0x0, ['pointer', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x4, ['unsigned long']],
+    'EntryMax' : [ 0x8, ['unsigned long']],
+    'EntryCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x4, {
+    'Key' : [ 0x0, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x8, {
+    'QueueTail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStatePendingCompression', 5: 'EtwBufferStateCompressed', 6: 'EtwBufferStatePlaceholder', 7: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer', ['void']]],
+    'Pointer1' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x2f0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 1, ['unsigned long']]],
+    'ErrorMarker' : [ 0x18, ['unsigned long']],
+    'SizeMask' : [ 0x1c, ['unsigned long']],
+    'GetCpuClock' : [ 0x20, ['pointer', ['void']]],
+    'LoggerThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x28, ['long']],
+    'FailureReason' : [ 0x2c, ['unsigned long']],
+    'BufferQueue' : [ 0x30, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x38, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x40, ['_LIST_ENTRY']],
+    'ProviderBinaryList' : [ 0x48, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x50, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x50, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x5c, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x64, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0x6c, ['_UNICODE_STRING']],
+    'ClockType' : [ 0x74, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0x78, ['unsigned long']],
+    'FlushTimer' : [ 0x7c, ['unsigned long']],
+    'FlushThreshold' : [ 0x80, ['unsigned long']],
+    'ByteOffset' : [ 0x88, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0x90, ['unsigned long']],
+    'BuffersAvailable' : [ 0x94, ['long']],
+    'NumberOfBuffers' : [ 0x98, ['long']],
+    'MaximumBuffers' : [ 0x9c, ['unsigned long']],
+    'EventsLost' : [ 0xa0, ['unsigned long']],
+    'PeakBuffersCount' : [ 0xa4, ['long']],
+    'BuffersWritten' : [ 0xa8, ['unsigned long']],
+    'LogBuffersLost' : [ 0xac, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xb0, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xb4, ['unsigned long']],
+    'SequencePtr' : [ 0xb8, ['pointer', ['long']]],
+    'LocalSequence' : [ 0xbc, ['unsigned long']],
+    'InstanceGuid' : [ 0xc0, ['_GUID']],
+    'MaximumFileSize' : [ 0xd0, ['unsigned long']],
+    'FileCounter' : [ 0xd4, ['long']],
+    'PoolType' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0xe0, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0xf0, ['long']],
+    'ProviderInfoSize' : [ 0xf4, ['unsigned long']],
+    'Consumers' : [ 0xf8, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x100, ['unsigned long']],
+    'TransitionConsumer' : [ 0x104, ['pointer', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x108, ['pointer', ['void']]],
+    'RealtimeLogfileName' : [ 0x10c, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x118, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x120, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x128, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x130, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x138, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x140, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x148, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x158, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x15c, ['_KEVENT']],
+    'FlushEvent' : [ 0x16c, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x180, ['_KTIMER']],
+    'LoggerDpc' : [ 0x1a8, ['_KDPC']],
+    'LoggerMutex' : [ 0x1c8, ['_KMUTANT']],
+    'LoggerLock' : [ 0x1e8, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x1ec, ['unsigned long']],
+    'BufferListPushLock' : [ 0x1ec, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x1f0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x22c, ['pointer', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x230, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x238, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x240, ['pointer', ['void']]],
+    'BufferSequenceNumber' : [ 0x248, ['long long']],
+    'Flags' : [ 0x250, ['unsigned long']],
+    'Persistent' : [ 0x250, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x250, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x250, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x250, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x250, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x250, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x250, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x250, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x250, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x250, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x250, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x250, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x250, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x250, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x250, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'SpareFlags1' : [ 0x250, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x250, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x250, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x250, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x254, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x254, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x254, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x254, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x254, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x254, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x254, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x254, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x254, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x254, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x254, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x254, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x254, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x254, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x258, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x260, ['pointer', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x264, ['pointer', ['_ETW_PMC_SUPPORT']]],
+    'WinRtProviderBinaryList' : [ 0x268, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x270, ['pointer', ['pointer', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x274, ['_DISALLOWED_GUIDS']],
+    'SoftRestartContext' : [ 0x27c, ['pointer', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x280, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x284, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x294, ['long']],
+    'CompressionLock' : [ 0x298, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x29c, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x2a0, ['pointer', ['void']]],
+    'CompressionOn' : [ 0x2a4, ['long']],
+    'CompressionRatioGuess' : [ 0x2a8, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x2ac, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x2b0, ['Enumeration', dict(target = 'long', choices = {0: 'EtwCompressionModeRestart', 1: 'EtwCompressionModeNoDisable', 2: 'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x2b4, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x2b8, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x2d8, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x2e0, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x2e8, ['_LARGE_INTEGER']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x24, {
+    'Source' : [ 0x0, ['array', -16, ['Enumeration', dict(target = 'long', choices = {0: 'ProfileTime', 1: 'ProfileAlignmentFixup', 2: 'ProfileTotalIssues', 3: 'ProfilePipelineDry', 4: 'ProfileLoadInstructions', 5: 'ProfilePipelineFrozen', 6: 'ProfileBranchInstructions', 7: 'ProfileTotalNonissues', 8: 'ProfileDcacheMisses', 9: 'ProfileIcacheMisses', 10: 'ProfileCacheMisses', 11: 'ProfileBranchMispredictions', 12: 'ProfileStoreInstructions', 13: 'ProfileFpInstructions', 14: 'ProfileIntegerInstructions', 15: 'Profile2Issue', 16: 'Profile3Issue', 17: 'Profile4Issue', 18: 'ProfileSpecialInstructions', 19: 'ProfileTotalCycles', 20: 'ProfileIcacheIssues', 21: 'ProfileDcacheAccesses', 22: 'ProfileMemoryBarrierCycles', 23: 'ProfileLoadLinkedIssues', 24: 'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x10, ['unsigned long']],
+    'HookId' : [ 0x14, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x1c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x20, ['array', 1, ['pointer', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0xa80, {
+    'EtwpSecurityProviderGuidEntry' : [ 0x0, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x168, ['array', 64, ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'WmipLoggerContext' : [ 0x268, ['array', 64, ['pointer', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x368, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0xa68, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0xa78, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0xa79, ['unsigned char']],
+    'EtwpSecurityProviderPID' : [ 0xa7c, ['unsigned long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x10, {
+    'RunRefs' : [ 0x0, ['pointer', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x4, ['pointer', ['void']]],
+    'RunRefSize' : [ 0x8, ['unsigned long']],
+    'Number' : [ 0xc, ['unsigned long']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x2a0, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x34, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x94, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x98, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0x9c, ['pointer', ['void']]],
+    'DynamicPart' : [ 0xa0, ['pointer', ['unsigned long']]],
+    'DefaultDacl' : [ 0xa4, ['pointer', ['_ACL']]],
+    'TokenType' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xb0, ['unsigned long']],
+    'TokenInUse' : [ 0xb4, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xb8, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xbc, ['unsigned long']],
+    'LogonSession' : [ 0xc0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xc4, ['_LUID']],
+    'SidHash' : [ 0xcc, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x154, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x1dc, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x1e0, ['pointer', ['void']]],
+    'Capabilities' : [ 0x1e4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x1e8, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x1ec, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x274, ['pointer', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x278, ['pointer', ['_SEP_LOWBOX_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x27c, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x280, ['pointer', ['void']]],
+    'TrustLinkedToken' : [ 0x284, ['pointer', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x288, ['pointer', ['void']]],
+    'TokenSidValues' : [ 0x28c, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x290, ['pointer', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x294, ['pointer', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'VariablePart' : [ 0x298, ['unsigned long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x6c, {
+    'Next' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x4, ['_LUID']],
+    'BuddyLogonId' : [ 0xc, ['_LUID']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'pDeviceMap' : [ 0x1c, ['pointer', ['_DEVICE_MAP']]],
+    'Token' : [ 0x20, ['pointer', ['void']]],
+    'AccountName' : [ 0x24, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x2c, ['_UNICODE_STRING']],
+    'LowBoxHandlesTable' : [ 0x34, ['_SEP_LOWBOX_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x40, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x44, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x48, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0x58, ['pointer', ['_EJOB']]],
+    'SiblingAuthId' : [ 0x5c, ['_LUID']],
+    'TokenList' : [ 0x64, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x20, {
+    'PointerCount' : [ 0x0, ['long']],
+    'HandleCount' : [ 0x4, ['long']],
+    'NextToFree' : [ 0x4, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0xc, ['unsigned char']],
+    'TraceFlags' : [ 0xd, ['unsigned char']],
+    'DbgRefTrace' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0xe, ['unsigned char']],
+    'Flags' : [ 0xf, ['unsigned char']],
+    'NewObject' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0xf, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0xf, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0xf, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0xf, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectCreateInfo' : [ 0x10, ['pointer', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x10, ['pointer', ['void']]],
+    'SecurityDescriptor' : [ 0x14, ['pointer', ['void']]],
+    'Body' : [ 0x18, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x10, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x8, {
+    'ExclusiveProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x8, {
+    'HandleCountDataBase' : [ 0x0, ['pointer', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x10, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x4, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0xc, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x10, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x8, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0xc, ['unsigned short']],
+    'Reserved1' : [ 0xe, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x8, {
+    'SecurityDescriptor' : [ 0x0, ['pointer', ['void']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x8, {
+    'Footer' : [ 0x0, ['pointer', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x18, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x10, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x8, {
+    'Context1' : [ 0x0, ['pointer', ['void']]],
+    'Context2' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x10, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x8, ['pointer', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0xc, ['unsigned char']],
+    'Padding1' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x18, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'EntryLink' : [ 0x8, ['pointer', ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0xc, ['unsigned long']],
+    'HashIndex' : [ 0x10, ['unsigned short']],
+    'DirectoryLocked' : [ 0x12, ['unsigned char']],
+    'LockedExclusive' : [ 0x13, ['unsigned char']],
+    'LockStateSignature' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0xac, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x94, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x98, ['pointer', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x9c, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'SessionId' : [ 0xa0, ['unsigned long']],
+    'NamespaceEntry' : [ 0xa4, ['pointer', ['void']]],
+    'Flags' : [ 0xa8, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x1a4, {
+    'SystemDeviceMap' : [ 0x0, ['pointer', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x4, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x74, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0xc, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x4, ['pointer', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x8, ['pointer', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x418, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x8, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0xc, ['unsigned long']],
+    'ErrorCount' : [ 0x10, ['long']],
+    'RecordCount' : [ 0x14, ['unsigned long']],
+    'RecordLength' : [ 0x18, ['unsigned long']],
+    'PoolTag' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x24, ['pointer', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x28, ['pointer', ['void']]],
+    'SectionCount' : [ 0x2c, ['unsigned long']],
+    'SectionLength' : [ 0x30, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x38, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x40, ['unsigned long']],
+    'TotalErrors' : [ 0x44, ['unsigned long']],
+    'Deferred' : [ 0x48, ['unsigned char']],
+    'Descriptor' : [ 0x49, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xe4, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'ProcessorNumber' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x14, ['long']],
+    'ErrorSource' : [ 0x18, ['pointer', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x1c, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x20, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0xc, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x10, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x14, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x8, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0xc, ['long']],
+    'HighWaterMark' : [ 0x10, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x18, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x8, ['unsigned long']],
+    'DpcQueueDepth' : [ 0xc, ['long']],
+    'DpcCount' : [ 0x10, ['unsigned long']],
+    'ActiveDpc' : [ 0x14, ['pointer', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x400, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_1edf' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x5000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_1edf']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x18, ['unsigned long']],
+    'NonPagablePages' : [ 0x1c, ['unsigned long']],
+    'CommittedPages' : [ 0x20, ['unsigned long']],
+    'PagedPoolStart' : [ 0x24, ['pointer', ['void']]],
+    'PagedPoolEnd' : [ 0x28, ['pointer', ['void']]],
+    'SessionObject' : [ 0x2c, ['pointer', ['void']]],
+    'SessionObjectHandle' : [ 0x30, ['pointer', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x34, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x44, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x48, ['unsigned long']],
+    'AttachCount' : [ 0x4c, ['unsigned long']],
+    'AttachGate' : [ 0x50, ['_KGATE']],
+    'WsListEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0x80, ['array', 24, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xc80, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xc94, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xcc0, ['_MMSUPPORT_FULL']],
+    'DriverUnload' : [ 0xd48, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PagedPool' : [ 0xd80, ['_POOL_DESCRIPTOR']],
+    'PageTables' : [ 0x1ec0, ['pointer', ['_MMPTE']]],
+    'PagedPoolBitBuffer' : [ 0x1ec4, ['array', 32, ['unsigned long']]],
+    'SpecialPool' : [ 0x1f48, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1f90, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x1f94, ['long']],
+    'PagedPoolPdeCount' : [ 0x1f98, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1f9c, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1fa0, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1fa4, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1fdc, ['pointer', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1fe0, ['unsigned long']],
+    'PoolTrackBigPages' : [ 0x1fe4, ['pointer', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1fe8, ['unsigned long']],
+    'IoState' : [ 0x1fec, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1ff0, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1ff4, ['_KEVENT']],
+    'ServerSilo' : [ 0x2004, ['pointer', ['_EJOB']]],
+    'CreateTime' : [ 0x2008, ['unsigned long long']],
+    'PoolTags' : [ 0x3000, ['array', 8192, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x130, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x12c, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeFlags2' : [ 0x3, ['unsigned char']],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer', ['void']]],
+    'OpenProcedure' : [ 0x34, ['pointer', ['void']]],
+    'CloseProcedure' : [ 0x38, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x3c, ['pointer', ['void']]],
+    'ParseProcedure' : [ 0x40, ['pointer', ['void']]],
+    'ParseProcedureEx' : [ 0x40, ['pointer', ['void']]],
+    'SecurityProcedure' : [ 0x44, ['pointer', ['void']]],
+    'QueryNameProcedure' : [ 0x48, ['pointer', ['void']]],
+    'OkayToCloseProcedure' : [ 0x4c, ['pointer', ['void']]],
+    'WaitObjectFlagMask' : [ 0x50, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x54, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x56, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x30, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0xc, ['unsigned long']],
+    'EntryOffset' : [ 0xc, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0xd, ['unsigned char']],
+    'WaitingBit' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0xe, ['unsigned char']],
+    'AcquiredBit' : [ 0xe, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0xf, ['unsigned char']],
+    'HeadNodeBit' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x10, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x10, ['pointer', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x10, ['unsigned char']],
+    'Reserved' : [ 0x11, ['array', 2, ['unsigned char']]],
+    'InTreeByte' : [ 0x13, ['unsigned char']],
+    'SessionState' : [ 0x14, ['pointer', ['void']]],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'OwnerTree' : [ 0x18, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x20, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x18, ['unsigned char']],
+    'EntryLock' : [ 0x28, ['unsigned long']],
+    'AllBoosts' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x2c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2e, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2e, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2e, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x40, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'TagIndex' : [ 0xc, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xe, ['unsigned short']],
+    'TagName' : [ 0x10, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x5c, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long']],
+    'TotalMemoryCommitted' : [ 0x4, ['unsigned long']],
+    'TotalMemoryLargeUCR' : [ 0x8, ['unsigned long']],
+    'TotalSizeInVirtualBlocks' : [ 0xc, ['unsigned long']],
+    'TotalSegments' : [ 0x10, ['unsigned long']],
+    'TotalUCRs' : [ 0x14, ['unsigned long']],
+    'CommittOps' : [ 0x18, ['unsigned long']],
+    'DeCommitOps' : [ 0x1c, ['unsigned long']],
+    'LockAcquires' : [ 0x20, ['unsigned long']],
+    'LockCollisions' : [ 0x24, ['unsigned long']],
+    'CommitRate' : [ 0x28, ['unsigned long']],
+    'DecommittRate' : [ 0x2c, ['unsigned long']],
+    'CommitFailures' : [ 0x30, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x34, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x38, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x3c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x40, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x44, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x48, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x4c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x50, ['unsigned long']],
+    'HighWatermarkSize' : [ 0x54, ['unsigned long']],
+    'LastPolledSize' : [ 0x58, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0xc, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x18, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'Irp' : [ 0xc, ['pointer', ['_IRP']]],
+    'Device' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x14, ['unsigned char']],
+} ],
+  '__unnamed_1f48' : [ 0x10, {
+    'CallerCompletion' : [ 0x0, ['pointer', ['void']]],
+    'CallerContext' : [ 0x4, ['pointer', ['void']]],
+    'CallerDevice' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0xc, ['unsigned char']],
+} ],
+  '__unnamed_1f4b' : [ 0x8, {
+    'NotifyDevice' : [ 0x0, ['pointer', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x4, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x18, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x20, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'MinorFunction' : [ 0x68, ['unsigned char']],
+    'PowerStateType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'PowerState' : [ 0x70, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0x74, ['unsigned char']],
+    'FxDevice' : [ 0x78, ['pointer', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0x7c, ['unsigned char']],
+    'NotifyPEP' : [ 0x7d, ['unsigned char']],
+    'Device' : [ 0x80, ['__unnamed_1f48']],
+    'System' : [ 0x80, ['__unnamed_1f4b']],
+} ],
+  '_SEP_LOWBOX_HANDLES_TABLE' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x4, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CLIENT_ID' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['pointer', ['void']]],
+    'UniqueThread' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x1c, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['unsigned long']],
+    'NonPagedFrees' : [ 0x8, ['unsigned long']],
+    'NonPagedBytes' : [ 0xc, ['unsigned long']],
+    'PagedAllocs' : [ 0x10, ['unsigned long']],
+    'PagedFrees' : [ 0x14, ['unsigned long']],
+    'PagedBytes' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_STACK_TABLE' : [ 0x8040, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x4, ['array', 16, ['pointer', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x44, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x140, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'ForceIdle' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ReasonFlags' : [ 0x24, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x28, ['unsigned long long']],
+    'PreviousStatus' : [ 0x30, ['long']],
+    'PreviousCancelReason' : [ 0x34, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x38, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0x44, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x50, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x54, ['pointer', ['void']]],
+    'IdleExecute' : [ 0x58, ['pointer', ['void']]],
+    'IdlePreselect' : [ 0x5c, ['pointer', ['void']]],
+    'IdleTest' : [ 0x60, ['pointer', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x64, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x68, ['pointer', ['void']]],
+    'IdleCancel' : [ 0x6c, ['pointer', ['void']]],
+    'IdleIsHalted' : [ 0x70, ['pointer', ['void']]],
+    'IdleInitiateWake' : [ 0x74, ['pointer', ['void']]],
+    'PrepareInfo' : [ 0x78, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0xc8, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0xd4, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0xd8, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0xdc, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0xe4, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0xec, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0xfc, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x1c, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1f96' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: 'WheaErrSrcStateStopped', 2: 'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_1f96']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0x80, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer', ['void']]],
+    'ThreadOwner' : [ 0xc, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x20, ['array', 8, ['pointer', ['void']]]],
+    'LastAcquireTrace' : [ 0x40, ['array', 8, ['pointer', ['void']]]],
+    'LastReleaseTrace' : [ 0x60, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x9c, {
+    'ProcessCid' : [ 0x0, ['pointer', ['void']]],
+    'ThreadCid' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x18, ['unsigned long']],
+    'CreateTrace' : [ 0x1c, ['array', 30, ['unsigned long']]],
+    'Count' : [ 0x94, ['long']],
+    'CaptureCount' : [ 0x98, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0xa0, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x20, ['array', 128, ['unsigned char']]],
+} ],
+  '_VF_BTS_DATA_MANAGEMENT_AREA' : [ 0x34, {
+    'BTSBufferBase' : [ 0x0, ['pointer', ['void']]],
+    'BTSIndex' : [ 0x4, ['pointer', ['void']]],
+    'BTSMax' : [ 0x8, ['pointer', ['void']]],
+    'BTSInterruptThreshold' : [ 0xc, ['pointer', ['void']]],
+    'PEBSBufferBase' : [ 0x10, ['pointer', ['void']]],
+    'PEBSIndex' : [ 0x14, ['pointer', ['void']]],
+    'PEBSMax' : [ 0x18, ['pointer', ['void']]],
+    'PEBSInterruptThreshold' : [ 0x1c, ['pointer', ['void']]],
+    'PEBSCounterReset' : [ 0x20, ['array', 2, ['pointer', ['void']]]],
+    'Reserved' : [ 0x28, ['array', 12, ['unsigned char']]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x180, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x40, ['pointer', ['_KDPC']]],
+    'ChildList' : [ 0x44, ['_LIST_ENTRY']],
+    'Parent' : [ 0x4c, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x8, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x4, ['pointer', ['pointer', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x130, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x8, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0xc, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x10, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x98, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x120, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x124, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x128, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x12c, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x4, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x8, ['pointer', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x10, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Lock' : [ 0x8, ['unsigned long']],
+    'Valid' : [ 0xc, ['unsigned long']],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0xc, {
+    'IdealMask' : [ 0x0, ['unsigned long']],
+    'PreferredMask' : [ 0x4, ['unsigned long']],
+    'AvailableMask' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMSESSION' : [ 0x14, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x4, ['pointer', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0xc, ['unsigned long']],
+    'BitmapFailures' : [ 0x10, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x14, {
+    'CompletionRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'RequestorMode' : [ 0xc, ['unsigned char']],
+    'NestingLevel' : [ 0x10, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0xc, {
+    'DirtyPages' : [ 0x0, ['unsigned long']],
+    'DirtyPagesLastScan' : [ 0x4, ['unsigned long']],
+    'DirtyPagesScheduledLastScan' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0xc, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x8, {
+    'Sid' : [ 0x0, ['pointer', ['void']]],
+    'Attributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_MAP' : [ 0x38, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x4, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x8, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'DriveMap' : [ 0x10, ['unsigned long']],
+    'DriveType' : [ 0x14, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x34, ['pointer', ['_EJOB']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0xc, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x4, ['pointer', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x8, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x10, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0xc, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x10, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x4, ['unsigned long']],
+    'Run' : [ 0x8, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0xc, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x4, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x8, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x8, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x4, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x30, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x4, ['unsigned long']],
+    'SenderPort' : [ 0x8, ['pointer', ['void']]],
+    'RepliedToThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'PortContext' : [ 0x10, ['pointer', ['void']]],
+    'Request' : [ 0x18, ['_PORT_MESSAGE']],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x48, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long']],
+    'SpecialPoolPdes' : [ 0x3c, ['_RTL_BITMAP']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x20, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0xc, ['unsigned long']],
+    'CollectMultiple' : [ 0x10, ['unsigned char']],
+    'Buffer' : [ 0x14, ['pointer', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x1c, {
+    'ObjectHeader' : [ 0x0, ['pointer', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x18, ['unsigned short']],
+    'MaxStacks' : [ 0x1a, ['unsigned short']],
+    'StackInfo' : [ 0x1c, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_PROVIDER_BINARY_ENTRY' : [ 0x2c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x8, ['unsigned char']],
+    'Spare' : [ 0x9, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0xc, ['unsigned long']],
+    'DebugId' : [ 0x10, ['_CVDD']],
+} ],
+  '_MMWSLENTRY' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PS_PROPERTY_SET' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['unsigned long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x19c, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_VF_BTS_RECORD' : [ 0xc, {
+    'JumpedFrom' : [ 0x0, ['pointer', ['void']]],
+    'JumpedTo' : [ 0x4, ['pointer', ['void']]],
+    'Unused1' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Predicted' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Unused2' : [ 0x8, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x2c, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long']],
+    'MemoryBandwidth' : [ 0x14, ['unsigned long']],
+    'MaxPoolUsage' : [ 0x18, ['unsigned long']],
+    'MaxSectionSize' : [ 0x1c, ['unsigned long']],
+    'MaxViewSize' : [ 0x20, ['unsigned long']],
+    'MaxTotalSectionSize' : [ 0x24, ['unsigned long']],
+    'DupObjectTypes' : [ 0x28, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0x40, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMWSLE_HASH' : [ 0x4, {
+    'Index' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x44, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['long']],
+    'Dpc' : [ 0x10, ['_KDPC']],
+    'WorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0xc, ['pointer', ['void']]],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x4, {
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXHANDLE' : [ 0x4, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Group' : [ 0x8, ['pointer', ['void']]],
+    'Sacl' : [ 0xc, ['pointer', ['_ACL']]],
+    'Dacl' : [ 0x10, ['pointer', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x4c, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x4, ['_KMUTANT']],
+    'Lock' : [ 0x24, ['_FAST_MUTEX']],
+    'List' : [ 0x44, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x8, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x10, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x1c, ['unsigned char']],
+    'DeviceObject' : [ 0x20, ['pointer', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x24, ['pointer', ['wchar']]],
+    'DriverName' : [ 0x28, ['pointer', ['wchar']]],
+    'ChildCount' : [ 0x2c, ['unsigned long']],
+    'ActiveChild' : [ 0x30, ['unsigned long']],
+    'ParentCount' : [ 0x34, ['unsigned long']],
+    'ActiveParent' : [ 0x38, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x19c, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x4, ['pointer', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x8, ['pointer', ['_HMAP_TABLE']]],
+    'Guard' : [ 0xc, ['unsigned long']],
+    'FreeDisplay' : [ 0x10, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x190, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x198, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x24, {
+    'Next' : [ 0x0, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'SecureInfo' : [ 0x8, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'InPageSupport' : [ 0x8, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x8, ['_MI_LARGEPAGE_IMAGE_INFO']],
+    'CreatingThread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'PebTeb' : [ 0x8, ['_MI_SUB64K_FREE_RANGES']],
+} ],
+  '__unnamed_2084' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_2086' : [ 0x4, {
+    'NumberOfChildViews' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2088' : [ 0x4, {
+    'AlignmentNoAccessPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SUBSECTION' : [ 0x28, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0xc, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0xc, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0xc, ['pointer', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x10, ['__unnamed_2084']],
+    'StartingSector' : [ 0x14, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x18, ['unsigned long']],
+    'PtesInSubsection' : [ 0x1c, ['unsigned long']],
+    'u1' : [ 0x20, ['__unnamed_2086']],
+    'UnusedPtes' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u2' : [ 0x24, ['__unnamed_2088']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x4, ['unsigned long']],
+    'RequestPacket' : [ 0x8, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x18, ['pointer', ['long']]],
+    'NodeTargetCount' : [ 0x1c, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x4, ['_LIST_ENTRY']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0xc, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x4, ['pointer', ['void']]],
+    'DataLength' : [ 0x8, ['unsigned long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x8, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x18, {
+    'AllocAddress' : [ 0x0, ['unsigned long']],
+    'AllocTag' : [ 0x4, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x8, ['unsigned long']],
+    'ReAllocTag' : [ 0xc, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x10, ['unsigned long']],
+    'FreeTag' : [ 0x14, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x30, {
+    'LsaProcessHandle' : [ 0x0, ['pointer', ['void']]],
+    'LsaCommandPortHandle' : [ 0x4, ['pointer', ['void']]],
+    'SepRmThreadHandle' : [ 0x8, ['pointer', ['void']]],
+    'RmCommandPortHandle' : [ 0xc, ['pointer', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x10, ['pointer', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x14, ['pointer', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x20, ['pointer', ['void']]],
+    'RmViewPortMemory' : [ 0x24, ['pointer', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x28, ['long']],
+    'LsaCommandPortActive' : [ 0x2c, ['unsigned char']],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x18, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x8, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0xc, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x58, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x10, ['pointer', ['void']]],
+    'Tm' : [ 0x14, ['pointer', ['void']]],
+    'RmHandle' : [ 0x18, ['pointer', ['void']]],
+    'KtmRm' : [ 0x1c, ['pointer', ['void']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'ContainerNum' : [ 0x24, ['unsigned long']],
+    'ContainerSize' : [ 0x28, ['unsigned long long']],
+    'CmHive' : [ 0x30, ['pointer', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x34, ['pointer', ['void']]],
+    'MarshallingContext' : [ 0x38, ['pointer', ['void']]],
+    'RmFlags' : [ 0x3c, ['unsigned long']],
+    'LogStartStatus1' : [ 0x40, ['long']],
+    'LogStartStatus2' : [ 0x44, ['long']],
+    'BaseLsn' : [ 0x48, ['unsigned long long']],
+    'RmLock' : [ 0x50, ['pointer', ['_ERESOURCE']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x1c, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x4, ['_RTL_BITMAP']],
+    'FirstPteForPagedPool' : [ 0xc, ['pointer', ['_MMPTE']]],
+    'MaximumSize' : [ 0x10, ['unsigned long']],
+    'PagedPoolHint' : [ 0x14, ['unsigned long']],
+    'AllocatedPagedPool' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x44, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xc, ['_UNICODE_STRING']],
+    'Latency' : [ 0x14, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x18, ['unsigned long']],
+    'Power' : [ 0x1c, ['unsigned long']],
+    'StateFlags' : [ 0x20, ['unsigned long']],
+    'VetoAccounting' : [ 0x24, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0x3c, ['unsigned char']],
+    'InterruptsEnabled' : [ 0x3d, ['unsigned char']],
+    'Interruptible' : [ 0x3e, ['unsigned char']],
+    'ContextRetained' : [ 0x3f, ['unsigned char']],
+    'CacheCoherent' : [ 0x40, ['unsigned char']],
+    'WakesSpuriously' : [ 0x41, ['unsigned char']],
+    'PlatformOnly' : [ 0x42, ['unsigned char']],
+    'NoCState' : [ 0x43, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['unsigned long']],
+    'RealKcb' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_20b9' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_20bb' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_20b9']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0xb0, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x4, ['pointer', ['void']]],
+    'EtwHandlesListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_20bb']],
+    'Signature' : [ 0x14, ['unsigned long']],
+    'PoolPageHeaders' : [ 0x18, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x20, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x28, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x2c, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x30, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x34, ['unsigned long']],
+    'PagedBytes' : [ 0x38, ['unsigned long']],
+    'NonPagedBytes' : [ 0x3c, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x40, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x44, ['unsigned long']],
+    'RaiseIrqls' : [ 0x48, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x4c, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x50, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x54, ['unsigned long']],
+    'AllocationsFailed' : [ 0x58, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x5c, ['unsigned long']],
+    'LockedBytes' : [ 0x60, ['unsigned long']],
+    'PeakLockedBytes' : [ 0x64, ['unsigned long']],
+    'MappedLockedBytes' : [ 0x68, ['unsigned long']],
+    'PeakMappedLockedBytes' : [ 0x6c, ['unsigned long']],
+    'MappedIoSpaceBytes' : [ 0x70, ['unsigned long']],
+    'PeakMappedIoSpaceBytes' : [ 0x74, ['unsigned long']],
+    'PagesForMdlBytes' : [ 0x78, ['unsigned long']],
+    'PeakPagesForMdlBytes' : [ 0x7c, ['unsigned long']],
+    'ContiguousMemoryBytes' : [ 0x80, ['unsigned long']],
+    'PeakContiguousMemoryBytes' : [ 0x84, ['unsigned long']],
+    'ContiguousMemoryListHead' : [ 0x88, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0xa4, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xa8, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Luid' : [ 0x10, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x18, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x20, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0xc, {
+    'DynamicRelocations' : [ 0x0, ['pointer', ['void']]],
+    'SecurityContext' : [ 0x4, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x8, ['unsigned long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderZero', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderVsmMemory', 30: 'LoaderFirmwareCode', 31: 'LoaderFirmwareData', 32: 'LoaderFirmwareReserved', 33: 'LoaderEnclaveMemory', 34: 'LoaderFirmwareKsr', 35: 'LoaderMaximum'})]],
+    'BasePage' : [ 0xc, ['unsigned long']],
+    'PageCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x30, {
+    'ScopeMap' : [ 0x0, ['pointer', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x4, ['pointer', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x8, ['pointer', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x10, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x18, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x20, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x28, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x8, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_DELAY_ACK_FO' : [ 0xc, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x10, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Processor' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Reserved1' : [ 0x2, ['unsigned char']],
+    'Timer2Reserved2' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Instrumented' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x10, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x28, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long']],
+    'DirtyPageThresholdTop' : [ 0x4, ['unsigned long']],
+    'DirtyPageThresholdBottom' : [ 0x8, ['unsigned long']],
+    'DirtyPageTarget' : [ 0xc, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x10, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x18, ['unsigned long long']],
+    'AvailableHistory' : [ 0x20, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x4c, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0xc, ['pointer', ['_MDL']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'StackTrace' : [ 0x24, ['array', 8, ['pointer', ['void']]]],
+    'Who' : [ 0x44, ['unsigned long']],
+    'Process' : [ 0x48, ['pointer', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x2cc, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+    'Dr0' : [ 0x4, ['unsigned long']],
+    'Dr1' : [ 0x8, ['unsigned long']],
+    'Dr2' : [ 0xc, ['unsigned long']],
+    'Dr3' : [ 0x10, ['unsigned long']],
+    'Dr6' : [ 0x14, ['unsigned long']],
+    'Dr7' : [ 0x18, ['unsigned long']],
+    'FloatSave' : [ 0x1c, ['_FLOATING_SAVE_AREA']],
+    'SegGs' : [ 0x8c, ['unsigned long']],
+    'SegFs' : [ 0x90, ['unsigned long']],
+    'SegEs' : [ 0x94, ['unsigned long']],
+    'SegDs' : [ 0x98, ['unsigned long']],
+    'Edi' : [ 0x9c, ['unsigned long']],
+    'Esi' : [ 0xa0, ['unsigned long']],
+    'Ebx' : [ 0xa4, ['unsigned long']],
+    'Edx' : [ 0xa8, ['unsigned long']],
+    'Ecx' : [ 0xac, ['unsigned long']],
+    'Eax' : [ 0xb0, ['unsigned long']],
+    'Ebp' : [ 0xb4, ['unsigned long']],
+    'Eip' : [ 0xb8, ['unsigned long']],
+    'SegCs' : [ 0xbc, ['unsigned long']],
+    'EFlags' : [ 0xc0, ['unsigned long']],
+    'Esp' : [ 0xc4, ['unsigned long']],
+    'SegSs' : [ 0xc8, ['unsigned long']],
+    'ExtendedRegisters' : [ 0xcc, ['array', 512, ['unsigned char']]],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0x80, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0xc, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x2c, ['unsigned long']],
+    'TraceDb' : [ 0x30, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x10, {
+    'Handles' : [ 0x0, ['pointer', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x10, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_2107' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2109' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2107']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2109']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x90, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Foreground' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DesktopVisible' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'WindowInformation' : [ 0x68, ['unsigned short']],
+    'CompositorRendered' : [ 0x6a, ['unsigned short']],
+    'DirtyGenerated' : [ 0x6c, ['unsigned short']],
+    'DirtyPropagated' : [ 0x6e, ['unsigned short']],
+    'DesktopVisibilityReportTimestamp' : [ 0x70, ['long long']],
+    'DesktopVisibleTime' : [ 0x78, ['unsigned long long']],
+    'ForegroundReportTimestamp' : [ 0x80, ['long long']],
+    'ForegroundTime' : [ 0x88, ['unsigned long long']],
+} ],
+  '_MMCLONE_HEADER' : [ 0xc, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long']],
+    'NumberOfProcessReferences' : [ 0x4, ['unsigned long']],
+    'ClonePtes' : [ 0x8, ['pointer', ['_MMCLONE_BLOCK']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x3d80, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x500, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x640, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x6ac, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x16f0, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x1760, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1840, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x2d00, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0x2d18, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0x2d20, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x2d58, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x2da0, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x2e80, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x2f00, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x2fc0, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x3040, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x31c0, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x3200, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x3238, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x3280, ['_MI_SYSTEM_TRIM_STATE']],
+    'ResTrack' : [ 0x32c0, ['_MI_RESAVAIL_TRACKER']],
+    'Cookie' : [ 0x34c0, ['unsigned long']],
+    'ZeroingDisabled' : [ 0x34c4, ['long']],
+    'BootRegistryRuns' : [ 0x34c8, ['pointer', ['pointer', ['void']]]],
+    'FullyInitialized' : [ 0x34cc, ['unsigned char']],
+    'SafeBooted' : [ 0x34cd, ['unsigned char']],
+    'PfnBitMap' : [ 0x34d0, ['_RTL_BITMAP']],
+    'TraceLogging' : [ 0x34d8, ['pointer', ['_TlgProvider_t']]],
+    'Vs' : [ 0x3500, ['_MI_VISIBLE_STATE']],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x4, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 12, native_type='unsigned long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x10, ['_KEVENT']],
+} ],
+  '__unnamed_2136' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2138' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2136']],
+} ],
+  '__unnamed_213a' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_2138']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_213a']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x1000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_2142' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_2142']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x8, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_LARGEPAGE_IMAGE_INFO' : [ 0x8, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_214f' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x18, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long']],
+    'NodeCount' : [ 0x4, ['unsigned long']],
+    'Tables' : [ 0x8, ['pointer', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0xc, ['unsigned long']],
+    'UseSessionId' : [ 0x10, ['unsigned char']],
+    'u1' : [ 0x14, ['__unnamed_214f']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x20, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x18, ['unsigned char']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x10, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x4, ['pointer', ['void']]],
+    'AcquireForReadAhead' : [ 0x8, ['pointer', ['void']]],
+    'ReleaseFromReadAhead' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x88, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0x64, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x70, {
+    'ColorSeed' : [ 0x0, ['unsigned long']],
+    'CloneDereferenceEvent' : [ 0x4, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x18, ['_SLIST_HEADER']],
+    'SystemDllBase' : [ 0x20, ['pointer', ['void']]],
+    'RotatingUniprocessorNumber' : [ 0x24, ['long']],
+    'CriticalSectionTimeout' : [ 0x28, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x30, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x38, ['pointer', ['_MMPTE']]],
+    'FreePaeEntries' : [ 0x3c, ['unsigned long']],
+    'FirstFreePae' : [ 0x40, ['_PAE_ENTRY']],
+    'AllocatedPaePages' : [ 0x60, ['long']],
+    'PaeLock' : [ 0x64, ['unsigned long']],
+    'PaeEntrySList' : [ 0x68, ['_SLIST_HEADER']],
+} ],
+  '_KIDTENTRY' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'Access' : [ 0x4, ['unsigned short']],
+    'ExtendedOffset' : [ 0x6, ['unsigned short']],
+} ],
+  '_IO_TIMER' : [ 0x18, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x4, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x8, {
+    'ExceptionRecord' : [ 0x0, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x4, ['pointer', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long']],
+    'PipelinedReadAheadRequestSize' : [ 0x54, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x58, ['unsigned long']],
+    'PrivateLinks' : [ 0x5c, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x48, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x168, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x8, ['long']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'RegListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x24, ['pointer', ['void']]],
+    'LastEnable' : [ 0x28, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x28, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x38, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x58, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x158, ['pointer', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x15c, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x164, ['pointer', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0xa8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x4, ['pointer', ['_KEVENT']]],
+    'Name' : [ 0x8, ['pointer', ['wchar']]],
+    'OrderingName' : [ 0xc, ['pointer', ['wchar']]],
+    'ResourceType' : [ 0x10, ['long']],
+    'Allocation' : [ 0x14, ['pointer', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x18, ['pointer', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x1c, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x24, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x2c, ['long']],
+    'Interface' : [ 0x30, ['pointer', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x34, ['unsigned long']],
+    'AllocationStack' : [ 0x38, ['pointer', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x3c, ['pointer', ['void']]],
+    'PackResource' : [ 0x40, ['pointer', ['void']]],
+    'UnpackResource' : [ 0x44, ['pointer', ['void']]],
+    'ScoreRequirement' : [ 0x48, ['pointer', ['void']]],
+    'TestAllocation' : [ 0x4c, ['pointer', ['void']]],
+    'RetestAllocation' : [ 0x50, ['pointer', ['void']]],
+    'CommitAllocation' : [ 0x54, ['pointer', ['void']]],
+    'RollbackAllocation' : [ 0x58, ['pointer', ['void']]],
+    'BootAllocation' : [ 0x5c, ['pointer', ['void']]],
+    'QueryArbitrate' : [ 0x60, ['pointer', ['void']]],
+    'QueryConflict' : [ 0x64, ['pointer', ['void']]],
+    'AddReserved' : [ 0x68, ['pointer', ['void']]],
+    'StartArbiter' : [ 0x6c, ['pointer', ['void']]],
+    'PreprocessEntry' : [ 0x70, ['pointer', ['void']]],
+    'AllocateEntry' : [ 0x74, ['pointer', ['void']]],
+    'GetNextAllocationRange' : [ 0x78, ['pointer', ['void']]],
+    'FindSuitableRange' : [ 0x7c, ['pointer', ['void']]],
+    'AddAllocation' : [ 0x80, ['pointer', ['void']]],
+    'BacktrackAllocation' : [ 0x84, ['pointer', ['void']]],
+    'OverrideConflict' : [ 0x88, ['pointer', ['void']]],
+    'InitializeRangeList' : [ 0x8c, ['pointer', ['void']]],
+    'TransactionInProgress' : [ 0x90, ['unsigned char']],
+    'TransactionEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'Extension' : [ 0x98, ['pointer', ['void']]],
+    'BusDeviceObject' : [ 0x9c, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0xa0, ['pointer', ['void']]],
+    'ConflictCallback' : [ 0xa4, ['pointer', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x3c, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0xc, ['pointer', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x10, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x11, ['unsigned char']],
+    'ServerIsRemote' : [ 0x12, ['unsigned char']],
+    'ClientTokenControl' : [ 0x14, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x40, {
+    'Address' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0xc, ['array', 13, ['pointer', ['void']]]],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0x6c, {
+    'FixupLock' : [ 0x0, ['long']],
+    'FixupList' : [ 0x4, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0xc, ['_KMUTANT']],
+    'FirstLoadEver' : [ 0x2c, ['unsigned char']],
+    'LargePageAll' : [ 0x2d, ['unsigned char']],
+    'LastPage' : [ 0x30, ['unsigned long']],
+    'LargePageList' : [ 0x34, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x3c, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x44, ['pointer', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x4c, ['array', 2, ['pointer', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x54, ['unsigned long']],
+    'PageCounts' : [ 0x58, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x24, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x44, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x18, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x1c, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x20, ['pointer', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Lock' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x2c, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x30, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x31, ['unsigned char']],
+    'LightestSleepState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x38, ['pointer', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x3c, ['unsigned char']],
+    'DeleteType' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'QueryRemoveDevice', 1: 'CancelRemoveDevice', 2: 'RemoveDevice', 3: 'SurpriseRemoveDevice', 4: 'EjectDevice', 5: 'RemoveFailedDevice', 6: 'RemoveUnstartedFailedDevice', 7: 'MaxDeviceDeleteType'})]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x24, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x8, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'PostRoutine' : [ 0x18, ['pointer', ['void']]],
+    'Context1' : [ 0x1c, ['pointer', ['void']]],
+    'Context2' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x18, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x4, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0xc, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x28, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x8, ['unsigned long']],
+    'SyncCallback' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'DeviceContext' : [ 0x14, ['pointer', ['void']]],
+    'NumberOfMapRegisters' : [ 0x18, ['unsigned long']],
+    'DeviceObject' : [ 0x1c, ['pointer', ['void']]],
+    'CurrentIrp' : [ 0x20, ['pointer', ['void']]],
+    'BufferChainingDpc' : [ 0x24, ['pointer', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x1b8, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Node' : [ 0x19c, ['pointer', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x1a0, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x1a4, ['unsigned long']],
+    'ThreadCount' : [ 0x1a8, ['long']],
+    'MinThreads' : [ 0x1ac, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x1ac, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x1b0, ['long']],
+    'QueueIndex' : [ 0x1b4, ['Enumeration', dict(target = 'long', choices = {0: 'ExPoolUntrusted', 1: 'IoPoolUntrusted', 2: 'ExPoolTrusted', 8: 'ExPoolMax'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x4, {
+    'Head' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'ActiveCount' : [ 0x8, ['unsigned long']],
+    'PendingNullCount' : [ 0xc, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x10, ['unsigned long']],
+    'PendingDelete' : [ 0x14, ['unsigned long']],
+    'FreeListHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x1c, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x20, ['pointer', ['void']]],
+    'Entry' : [ 0x24, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x80, {
+    'DriverInit' : [ 0x0, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x4, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x8, ['pointer', ['void']]],
+    'AddDevice' : [ 0xc, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x10, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x38, {
+    'PartitionLock' : [ 0x0, ['unsigned long']],
+    'PartitionIdLock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x8, ['unsigned long long']],
+    'PartitionList' : [ 0x10, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x18, ['pointer', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x1c, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x24, ['array', 1, ['pointer', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x28, ['pointer', ['pointer', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x2c, ['unsigned long']],
+    'CrossPartitionDenials' : [ 0x30, ['unsigned long']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x2d0, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+    'State' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+    'Removing' : [ 0x22, ['unsigned char']],
+    'Mode' : [ 0x23, ['unsigned char']],
+    'PendingMode' : [ 0x24, ['unsigned char']],
+    'ActivePoint' : [ 0x25, ['unsigned char']],
+    'PendingActivePoint' : [ 0x26, ['unsigned char']],
+    'Critical' : [ 0x27, ['unsigned char']],
+    'ThermalStandby' : [ 0x28, ['unsigned char']],
+    'OverThrottled' : [ 0x29, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x2c, ['long']],
+    'Throttle' : [ 0x30, ['long']],
+    'PendingThrottle' : [ 0x34, ['long']],
+    'ThrottleReasons' : [ 0x38, ['unsigned long']],
+    'LastTime' : [ 0x40, ['unsigned long long']],
+    'SampleRate' : [ 0x48, ['unsigned long']],
+    'LastTemp' : [ 0x4c, ['unsigned long']],
+    'PassiveTimer' : [ 0x50, ['_KTIMER']],
+    'PassiveDpc' : [ 0x78, ['_KDPC']],
+    'Info' : [ 0x98, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'Policy' : [ 0xf8, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0x110, ['unsigned char']],
+    'LastActiveStartTime' : [ 0x118, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x120, ['unsigned long long']],
+    'WorkItem' : [ 0x128, ['_WORK_QUEUE_ITEM']],
+    'Lock' : [ 0x138, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x140, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x150, ['_KEVENT']],
+    'InstanceId' : [ 0x160, ['unsigned long']],
+    'TelemetryTracker' : [ 0x168, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x2c8, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'BusExtension' : [ 0x4, ['pointer', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x10, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'SidCount' : [ 0x8, ['unsigned long']],
+    'SidValuesStart' : [ 0xc, ['unsigned long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'DontUse0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'PointerProtoPte' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x4, {
+    'Function' : [ 0x0, ['pointer', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_224d' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_224f' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_224d']],
+    'Private' : [ 0x0, ['__unnamed_224f']],
+} ],
+  '_CM_TRANS_PTR' : [ 0x4, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'TransPtr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x10, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x8, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0xc, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0x70, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x4, ['pointer', ['void']]],
+    'FastIoRead' : [ 0x8, ['pointer', ['void']]],
+    'FastIoWrite' : [ 0xc, ['pointer', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x10, ['pointer', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x14, ['pointer', ['void']]],
+    'FastIoLock' : [ 0x18, ['pointer', ['void']]],
+    'FastIoUnlockSingle' : [ 0x1c, ['pointer', ['void']]],
+    'FastIoUnlockAll' : [ 0x20, ['pointer', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x24, ['pointer', ['void']]],
+    'FastIoDeviceControl' : [ 0x28, ['pointer', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x2c, ['pointer', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x30, ['pointer', ['void']]],
+    'FastIoDetachDevice' : [ 0x34, ['pointer', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x38, ['pointer', ['void']]],
+    'AcquireForModWrite' : [ 0x3c, ['pointer', ['void']]],
+    'MdlRead' : [ 0x40, ['pointer', ['void']]],
+    'MdlReadComplete' : [ 0x44, ['pointer', ['void']]],
+    'PrepareMdlWrite' : [ 0x48, ['pointer', ['void']]],
+    'MdlWriteComplete' : [ 0x4c, ['pointer', ['void']]],
+    'FastIoReadCompressed' : [ 0x50, ['pointer', ['void']]],
+    'FastIoWriteCompressed' : [ 0x54, ['pointer', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0x58, ['pointer', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0x5c, ['pointer', ['void']]],
+    'FastIoQueryOpen' : [ 0x60, ['pointer', ['void']]],
+    'ReleaseForModWrite' : [ 0x64, ['pointer', ['void']]],
+    'AcquireForCcFlush' : [ 0x68, ['pointer', ['void']]],
+    'ReleaseForCcFlush' : [ 0x6c, ['pointer', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x1c, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x8, ['unsigned long']],
+    'VolumeKey' : [ 0xc, ['unsigned long']],
+    'Rundown' : [ 0x10, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x14, ['pointer', ['void']]],
+    'VolumeIoAttribution' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x8, {
+    'Port' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x8, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'Flags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0x6, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x4, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x4, ['unsigned long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x44, ['unsigned long']],
+    'BigPagesAllocated' : [ 0x48, ['unsigned long']],
+    'BytesAllocated' : [ 0x4c, ['unsigned long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x84, ['unsigned long']],
+    'BigPagesDeallocated' : [ 0x88, ['unsigned long']],
+    'BytesDeallocated' : [ 0x8c, ['unsigned long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+    'PoolTypeCopy' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'ThreadsProcessingDeferrals' : [ 0x104, ['long']],
+    'PendingFreeDepth' : [ 0x108, ['long']],
+    'ListHeads' : [ 0x140, ['array', 512, ['_LIST_ENTRY']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER' : [ 0xe0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'ImageBase' : [ 0x1c, ['unsigned long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long']],
+    'SizeOfStackCommit' : [ 0x4c, ['unsigned long']],
+    'SizeOfHeapReserve' : [ 0x50, ['unsigned long']],
+    'SizeOfHeapCommit' : [ 0x54, ['unsigned long']],
+    'LoaderFlags' : [ 0x58, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x5c, ['unsigned long']],
+    'DataDirectory' : [ 0x60, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x4, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x8, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x14, ['unsigned long']],
+    'PagingCount' : [ 0x18, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x1c, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '__unnamed_22c1' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_22c3' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x10, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0xc, ['__unnamed_22c1']],
+    'Button' : [ 0xc, ['__unnamed_22c3']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0xc, ['pointer', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x14, ['unsigned long']],
+    'Buckets' : [ 0x18, ['array', 1, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x58, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x10, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x28, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x38, ['long long']],
+    'Callback' : [ 0x40, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x44, ['pointer', ['void']]],
+    'DisableCallback' : [ 0x48, ['pointer', ['void']]],
+    'DisableContext' : [ 0x4c, ['pointer', ['void']]],
+    'AbsoluteSystemTime' : [ 0x50, ['unsigned char']],
+    'TypeFlags' : [ 0x51, ['unsigned char']],
+    'Unused' : [ 0x51, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x51, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x51, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x51, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x51, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x52, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x1044, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'CodePageEdited' : [ 0x14, ['unsigned char']],
+    'DynamicPoolBitBuffer' : [ 0x18, ['pointer', ['unsigned long']]],
+    'VaReferenceCount' : [ 0x1c, ['array', 1024, ['long']]],
+    'DynamicPtesBitBuffer' : [ 0x101c, ['pointer', ['unsigned long']]],
+    'IdLock' : [ 0x1020, ['_EX_PUSH_LOCK']],
+    'DetachTimeStamp' : [ 0x1024, ['unsigned long']],
+    'LeaderProcess' : [ 0x1028, ['pointer', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x102c, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x1030, ['pointer', ['_MMWSL_FULL']]],
+    'WsHashStart' : [ 0x1034, ['pointer', ['_MMWSLE_HASH']]],
+    'WsHashEnd' : [ 0x1038, ['pointer', ['_MMWSLE_HASH']]],
+    'SessionBase' : [ 0x103c, ['pointer', ['void']]],
+    'SessionCore' : [ 0x1040, ['pointer', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'AccessMask' : [ 0x18, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x140, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionExtendLock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'SectionExtendSetLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'SectionBasedRoot' : [ 0xc, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'UnusedSubsectionPagedPool' : [ 0x14, ['unsigned long']],
+    'UnusedSegmentForceFree' : [ 0x18, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x1c, ['unsigned long']],
+    'HighSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'PhysicalSubsection' : [ 0x24, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0x68, ['_CONTROL_AREA']],
+    'DanglingExtentsPages' : [ 0xb8, ['pointer', ['_MMPFN']]],
+    'DanglingExtentsLock' : [ 0xbc, ['long']],
+    'DanglingExtentsWorkItem' : [ 0xc0, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsWorkerActive' : [ 0xd0, ['unsigned char']],
+    'PageFileSectionHead' : [ 0xd4, ['_RTL_AVL_TREE']],
+    'PageFileSectionListSpinLock' : [ 0xd8, ['long']],
+    'ImageBias' : [ 0xdc, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0xe4, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0xec, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0xf0, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0xf4, ['unsigned long']],
+    'LostDataFiles' : [ 0xf8, ['unsigned long']],
+    'LostDataPages' : [ 0xfc, ['unsigned long']],
+    'ImageFailureReason' : [ 0x100, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x104, ['pointer', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x108, ['pointer', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x10c, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x110, ['long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x1c, {
+    'HashLink' : [ 0x0, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x4, ['unsigned short']],
+    'Atom' : [ 0x6, ['unsigned short']],
+    'Reference' : [ 0x8, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x18, ['unsigned char']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'WaitResponse' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x18, {
+    'DebugInfo' : [ 0x0, ['pointer', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x4, ['long']],
+    'RecursionCount' : [ 0x8, ['long']],
+    'OwningThread' : [ 0xc, ['pointer', ['void']]],
+    'LockSemaphore' : [ 0x10, ['pointer', ['void']]],
+    'SpinCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x38, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x8, ['unsigned char']],
+    'ArbiterInterface' : [ 0xc, ['pointer', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x10, ['pointer', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x1c, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x24, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x2c, ['_LIST_ENTRY']],
+    'State' : [ 0x34, ['unsigned char']],
+    'ResourcesChanged' : [ 0x35, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x28, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x4, ['pointer', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x8, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0xc, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x10, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkFilter' : [ 0x14, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'EventIdFilter' : [ 0x18, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x1c, ['pointer', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x20, ['pointer', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x24, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0x94, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long']],
+    'NonPagedBytes' : [ 0x54, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x5c, ['unsigned long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x60, ['unsigned long']],
+    'SessionTrims' : [ 0x64, ['unsigned long']],
+    'OptionChanges' : [ 0x68, ['unsigned long']],
+    'VerifyMode' : [ 0x6c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x70, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x78, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x7c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x80, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x84, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x88, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0x8c, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x90, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x460, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['pointer', ['void']]],
+    'ImageBaseAddress' : [ 0x8, ['pointer', ['void']]],
+    'Ldr' : [ 0xc, ['pointer', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x10, ['pointer', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x14, ['pointer', ['void']]],
+    'ProcessHeap' : [ 0x18, ['pointer', ['void']]],
+    'FastPebLock' : [ 0x1c, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x20, ['pointer', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x24, ['pointer', ['void']]],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['pointer', ['void']]],
+    'UserSharedInfoPtr' : [ 0x2c, ['pointer', ['void']]],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['pointer', ['_SLIST_HEADER']]],
+    'ApiSetMap' : [ 0x38, ['pointer', ['void']]],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['pointer', ['void']]],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['pointer', ['void']]],
+    'SparePvoid0' : [ 0x50, ['pointer', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x54, ['pointer', ['pointer', ['void']]]],
+    'AnsiCodePageData' : [ 0x58, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x5c, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x60, ['pointer', ['void']]],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['pointer', ['pointer', ['void']]]],
+    'GdiSharedHandleTable' : [ 0x94, ['pointer', ['void']]],
+    'ProcessStarterHelper' : [ 0x98, ['pointer', ['void']]],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['pointer', ['void']]],
+    'TlsExpansionBitmap' : [ 0x150, ['pointer', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['pointer', ['void']]],
+    'AppCompatInfo' : [ 0x1ec, ['pointer', ['void']]],
+    'CSDVersion' : [ 0x1f0, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x1f8, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x200, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x204, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['pointer', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x210, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x218, ['pointer', ['void']]],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['pointer', ['void']]],
+    'WerShipAssertPtr' : [ 0x234, ['pointer', ['void']]],
+    'pUnused' : [ 0x238, ['pointer', ['void']]],
+    'pImageHeaderHash' : [ 0x23c, ['pointer', ['void']]],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['pointer', ['void']]]],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x8, ['unsigned long']],
+    'Unloads' : [ 0xc, ['unsigned long']],
+    'BaseName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x10, {
+    'IssueType' : [ 0x0, ['unsigned long']],
+    'Address' : [ 0x4, ['pointer', ['void']]],
+    'Parameters' : [ 0x8, ['array', 2, ['unsigned long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x14, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Busy' : [ 0x10, ['unsigned char']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x24, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x28, ['unsigned long']],
+    'Alternatives' : [ 0x2c, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x30, ['unsigned short']],
+    'RangeAttributes' : [ 0x32, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x33, ['unsigned char']],
+    'WorkSpace' : [ 0x34, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x8, {
+    'BasePage' : [ 0x0, ['unsigned long']],
+    'PageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_233f' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2344' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2346' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_233f']],
+    'Bits' : [ 0x0, ['__unnamed_2344']],
+} ],
+  '_KGDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_2346']],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x1c, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP']],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Vad' : [ 0x10, ['pointer', ['_MMVAD_SHORT']]],
+    'SubListIndex' : [ 0x14, ['unsigned short']],
+    'Hint' : [ 0x16, ['unsigned short']],
+    'SetBits' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x10, {
+    'SystemLogonSession' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x4, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x8, ['pointer', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_SEP_LOWBOX_HANDLES_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'HandleCount' : [ 0x14, ['unsigned long']],
+    'Handles' : [ 0x18, ['pointer', ['pointer', ['void']]]],
+} ],
+  '__unnamed_2352' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2355' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0xf8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'CollidedEvent' : [ 0x20, ['_KEVENT']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ApcState' : [ 0x40, ['_KAPC_STATE']],
+    'Thread' : [ 0x58, ['pointer', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0x5c, ['pointer', ['_MMPFN']]],
+    'PteContents' : [ 0x60, ['_MMPTE']],
+    'WaitCount' : [ 0x68, ['long']],
+    'ByteCount' : [ 0x6c, ['unsigned long']],
+    'u3' : [ 0x70, ['__unnamed_2352']],
+    'u1' : [ 0x74, ['__unnamed_2355']],
+    'FilePointer' : [ 0x78, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x7c, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x7c, ['pointer', ['_SUBSECTION']]],
+    'Autoboost' : [ 0x80, ['pointer', ['void']]],
+    'FaultingAddress' : [ 0x84, ['pointer', ['void']]],
+    'PointerPte' : [ 0x88, ['pointer', ['_MMPTE']]],
+    'BasePte' : [ 0x8c, ['pointer', ['_MMPTE']]],
+    'Pfn' : [ 0x90, ['pointer', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x98, ['_MDL']],
+    'Page' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'FlowThrough' : [ 0xb4, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x10, {
+    'BaseKcb' : [ 0x0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x4, ['long']],
+    'ClonedKcbListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1', 19: 'NotifyTransportRelationsChange', 20: 'NotifyEjectionRelationsChange', 21: 'ConfigureDevice', 22: 'ConfigureDeviceClass', 23: 'ConfigureDeviceExtensions', 24: 'ConfigureDeviceReset'})]],
+    'ReorderingBarrier' : [ 0x10, ['unsigned char']],
+    'RequestArgument' : [ 0x14, ['unsigned long']],
+    'CompletionEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x1c, ['pointer', ['long']]],
+    'ActivityId' : [ 0x20, ['_GUID']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0xc0, {
+    'Latency' : [ 0x0, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x4, ['unsigned long']],
+    'VetoAccounting' : [ 0x8, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x20, ['unsigned char']],
+    'Platform' : [ 0x21, ['unsigned char']],
+    'DependencyListCount' : [ 0x24, ['unsigned long']],
+    'Processors' : [ 0x28, ['_KAFFINITY_EX']],
+    'Name' : [ 0x34, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0x3c, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x40, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x48, ['unsigned long long']],
+    'RefCount' : [ 0x80, ['long']],
+    'CacheAlign0' : [ 0x80, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer', ['void']]],
+    'InLoadOrderModuleList' : [ 0xc, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x14, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x24, ['pointer', ['void']]],
+    'ShutdownInProgress' : [ 0x28, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'LowboxNumber' : [ 0x14, ['unsigned long']],
+    'AtomTable' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x4, ['pointer', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_MI_PARTITION' : [ 0x1a00, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0xc0, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x290, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x300, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x400, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0xb80, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0xc00, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0xc40, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0xd18, ['pointer', ['void']]],
+    'WorkingSetExpansionHead' : [ 0xd1c, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0xd40, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_MMPTE_HIGHLOW' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0xb0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0xc, ['pointer', ['void']]],
+    'MessageServiceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'MessageIndex' : [ 0x14, ['unsigned long']],
+    'ServiceContext' : [ 0x18, ['pointer', ['void']]],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'TickCount' : [ 0x20, ['unsigned long']],
+    'ActualLock' : [ 0x24, ['pointer', ['unsigned long']]],
+    'DispatchAddress' : [ 0x28, ['pointer', ['void']]],
+    'Vector' : [ 0x2c, ['unsigned long']],
+    'Irql' : [ 0x30, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x31, ['unsigned char']],
+    'FloatingSave' : [ 0x32, ['unsigned char']],
+    'Connected' : [ 0x33, ['unsigned char']],
+    'Number' : [ 0x34, ['unsigned long']],
+    'ShareVector' : [ 0x38, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x39, ['unsigned char']],
+    'ActiveCount' : [ 0x3a, ['unsigned short']],
+    'InternalState' : [ 0x3c, ['long']],
+    'Mode' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x48, ['unsigned long']],
+    'DispatchCount' : [ 0x4c, ['unsigned long']],
+    'PassiveEvent' : [ 0x50, ['pointer', ['_KEVENT']]],
+    'DisconnectData' : [ 0x54, ['pointer', ['void']]],
+    'ServiceThread' : [ 0x58, ['pointer', ['_KTHREAD']]],
+    'ConnectionData' : [ 0x5c, ['pointer', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0x60, ['pointer', ['void']]],
+    'IsrDpcStats' : [ 0x68, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xa8, ['pointer', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x34, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x10, ['pointer', ['void']]],
+    'IoObject' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x1c, ['pointer', ['_ETHREAD']]],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ActivityId' : [ 0x24, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_PS_WAKE_INFORMATION' : [ 0x38, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 5, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x30, ['unsigned long long']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x44, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer', ['unsigned char']]],
+    'DataPortMapped' : [ 0xc, ['unsigned char']],
+    'AddressPort' : [ 0x10, ['pointer', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x14, ['unsigned char']],
+    'CommandPort' : [ 0x18, ['pointer', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x1c, ['unsigned char']],
+    'NextSlotNumber' : [ 0x20, ['unsigned long']],
+    'DeviceList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x2c, ['pointer', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x30, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x38, ['unsigned long']],
+    'SystemPowerState' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_CMHIVE' : [ 0xf20, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x6f0, ['array', 6, ['pointer', ['void']]]],
+    'NotifyList' : [ 0x708, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x710, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x718, ['_LIST_ENTRY']],
+    'FailedUnloadList' : [ 0x720, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x728, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0x72c, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0x734, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x738, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x73c, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x740, ['unsigned long']],
+    'Identity' : [ 0x744, ['unsigned long']],
+    'HiveLock' : [ 0x748, ['pointer', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0x74c, ['pointer', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0x750, ['pointer', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0x754, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x75c, ['unsigned long']],
+    'FlushLogEntry' : [ 0x760, ['pointer', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0x764, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x768, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x76c, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x770, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x778, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x77c, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x780, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x784, ['pointer', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x788, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0x78c, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0x790, ['unsigned long']],
+    'ActualFileSize' : [ 0x798, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x7a0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x7b0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x7b8, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x7c0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x7c8, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x7cc, ['unsigned long']],
+    'SecurityHitHint' : [ 0x7d0, ['long']],
+    'SecurityCache' : [ 0x7d4, ['pointer', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x7d8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0x9d8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x9dc, ['pointer', ['pointer', ['_KEVENT']]]],
+    'RootKcb' : [ 0x9e0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x9e4, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x9e8, ['pointer', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x9ec, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0xa00, ['unsigned char']],
+    'GrowOffset' : [ 0xa04, ['unsigned long']],
+    'KcbConvertListHead' : [ 0xa08, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0xa10, ['pointer', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0xa14, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0xc9c, ['unsigned long']],
+    'TrustClassEntry' : [ 0xca0, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0xca8, ['unsigned long long']],
+    'UnreconciledTime' : [ 0xcb0, ['unsigned long long']],
+    'CmRm' : [ 0xcb8, ['pointer', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0xcbc, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0xcc0, ['long']],
+    'CreatorOwner' : [ 0xcc4, ['pointer', ['_KTHREAD']]],
+    'RundownThread' : [ 0xcc8, ['pointer', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0xcd0, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0xcd8, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0xce4, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0xcf0, ['unsigned long']],
+    'FlushActive' : [ 0xcf0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0xcf0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0xcf0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0xcf0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0xcf4, ['unsigned long']],
+    'ReferenceCount' : [ 0xcf8, ['long']],
+    'UnloadHistoryIndex' : [ 0xcfc, ['long']],
+    'UnloadHistory' : [ 0xd00, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0xf00, ['unsigned long']],
+    'UnaccessedStart' : [ 0xf04, ['unsigned long']],
+    'UnaccessedEnd' : [ 0xf08, ['unsigned long']],
+    'LoadedKeyCount' : [ 0xf0c, ['unsigned long']],
+    'HandleClosePending' : [ 0xf10, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0xf14, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0xf18, ['unsigned char']],
+    'FailedUnload' : [ 0xf19, ['unsigned char']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KAPC_STATE' : [ 0x18, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x10, ['pointer', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x14, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x15, ['unsigned char']],
+    'UserApcPending' : [ 0x16, ['unsigned char']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x10, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x8, ['unsigned long']],
+    'Inserted' : [ 0xc, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0xc, {
+    'DataSectionObject' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['void']]],
+    'ImageSectionObject' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0x780, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer', ['_MMPFNLIST']]]],
+    'FreePageSlist' : [ 0x8, ['array', 2, ['pointer', ['_SLIST_HEADER']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x1c0, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x200, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x340, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x480, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x4c0, ['_MMPFNLIST']],
+    'PageLocationList' : [ 0x4d4, ['array', 8, ['pointer', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x4f4, ['array', 8, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x514, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x614, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x624, ['unsigned long']],
+    'LastDecayHandUpdateTime' : [ 0x628, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x630, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0x680, ['unsigned long']],
+    'AvailablePageWaitStates' : [ 0x684, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'LowMemoryThreshold' : [ 0x6c0, ['unsigned long']],
+    'HighMemoryThreshold' : [ 0x6c4, ['unsigned long']],
+    'TransitionPrivatePages' : [ 0x700, ['unsigned long']],
+    'StandbyListDiscard' : [ 0x704, ['unsigned long']],
+    'FreeListDiscard' : [ 0x708, ['unsigned char']],
+    'MirrorListLocks' : [ 0x70c, ['pointer', ['void']]],
+    'LargePfnBitMapsReady' : [ 0x710, ['unsigned char']],
+    'LargePfnBitMap' : [ 0x714, ['array', 1, ['_RTL_BITMAP']]],
+    'LargePfnBitMapLock' : [ 0x740, ['unsigned long']],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '__unnamed_23fd' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_23ff' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2401' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_23fd']],
+    'Interrupt' : [ 0x0, ['__unnamed_23ff']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_23ff']],
+    'Sci' : [ 0x0, ['__unnamed_23ff']],
+    'Nmi' : [ 0x0, ['__unnamed_23ff']],
+    'Sea' : [ 0x0, ['__unnamed_23ff']],
+    'Sei' : [ 0x0, ['__unnamed_23ff']],
+    'Gsiv' : [ 0x0, ['__unnamed_23ff']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_2401']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x4, {
+    'LogHandleContext' : [ 0x0, ['pointer', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x19c, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x110, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x190, ['unsigned long']],
+    'ThreadListHead' : [ 0x194, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x2c, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'RealRefCount' : [ 0x14, ['unsigned long']],
+    'Descriptor' : [ 0x18, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_KSCB' : [ 0x100, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x50, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x5d, ['unsigned char']],
+    'ReadySummary' : [ 0x5e, ['unsigned short']],
+    'Rank' : [ 0x60, ['unsigned long']],
+    'ShareRank' : [ 0x64, ['pointer', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x68, ['unsigned long']],
+    'ReadyListHead' : [ 0x6c, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0xec, ['_RTL_RB_TREE']],
+    'Parent' : [ 0xf4, ['pointer', ['_KSCB']]],
+    'Root' : [ 0xf8, ['pointer', ['_KSCB']]],
+} ],
+  '__unnamed_241e' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0x5c, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x8, ['pointer', ['void']]],
+    'ExceptionTableSize' : [ 0xc, ['unsigned long']],
+    'GpValue' : [ 0x10, ['pointer', ['void']]],
+    'NonPagedDebugInfo' : [ 0x14, ['pointer', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'LoadCount' : [ 0x38, ['unsigned short']],
+    'u1' : [ 0x3a, ['__unnamed_241e']],
+    'SectionPointer' : [ 0x3c, ['pointer', ['void']]],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x44, ['unsigned long']],
+    'CoverageSection' : [ 0x48, ['pointer', ['void']]],
+    'LoadedImports' : [ 0x4c, ['pointer', ['void']]],
+    'Spare' : [ 0x50, ['pointer', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x54, ['unsigned long']],
+    'TimeDateStamp' : [ 0x58, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_KTSS' : [ 0x20ac, {
+    'Backlink' : [ 0x0, ['unsigned short']],
+    'Reserved0' : [ 0x2, ['unsigned short']],
+    'Esp0' : [ 0x4, ['unsigned long']],
+    'Ss0' : [ 0x8, ['unsigned short']],
+    'Reserved1' : [ 0xa, ['unsigned short']],
+    'NotUsed1' : [ 0xc, ['array', 4, ['unsigned long']]],
+    'CR3' : [ 0x1c, ['unsigned long']],
+    'Eip' : [ 0x20, ['unsigned long']],
+    'EFlags' : [ 0x24, ['unsigned long']],
+    'Eax' : [ 0x28, ['unsigned long']],
+    'Ecx' : [ 0x2c, ['unsigned long']],
+    'Edx' : [ 0x30, ['unsigned long']],
+    'Ebx' : [ 0x34, ['unsigned long']],
+    'Esp' : [ 0x38, ['unsigned long']],
+    'Ebp' : [ 0x3c, ['unsigned long']],
+    'Esi' : [ 0x40, ['unsigned long']],
+    'Edi' : [ 0x44, ['unsigned long']],
+    'Es' : [ 0x48, ['unsigned short']],
+    'Reserved2' : [ 0x4a, ['unsigned short']],
+    'Cs' : [ 0x4c, ['unsigned short']],
+    'Reserved3' : [ 0x4e, ['unsigned short']],
+    'Ss' : [ 0x50, ['unsigned short']],
+    'Reserved4' : [ 0x52, ['unsigned short']],
+    'Ds' : [ 0x54, ['unsigned short']],
+    'Reserved5' : [ 0x56, ['unsigned short']],
+    'Fs' : [ 0x58, ['unsigned short']],
+    'Reserved6' : [ 0x5a, ['unsigned short']],
+    'Gs' : [ 0x5c, ['unsigned short']],
+    'Reserved7' : [ 0x5e, ['unsigned short']],
+    'LDT' : [ 0x60, ['unsigned short']],
+    'Reserved8' : [ 0x62, ['unsigned short']],
+    'Flags' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+    'IoMaps' : [ 0x68, ['array', 1, ['_KiIoAccessMap']]],
+    'IntDirectionMap' : [ 0x208c, ['array', 32, ['unsigned char']]],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long']],
+    'TrimInProgressCount' : [ 0x4, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x8, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x18, ['array', 3, ['unsigned long']]],
+} ],
+  '_KMUTANT' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x18, ['pointer', ['_KTHREAD']]],
+    'Abandoned' : [ 0x1c, ['unsigned char']],
+    'ApcDisable' : [ 0x1d, ['unsigned char']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x4, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x168, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x4, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x18, ['_GUID']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NextSameTx' : [ 0x48, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x50, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x58, ['pointer', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0x5c, ['pointer', ['_KTRANSACTION']]],
+    'State' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0x64, ['unsigned long']],
+    'NotificationMask' : [ 0x68, ['unsigned long']],
+    'Key' : [ 0x6c, ['pointer', ['void']]],
+    'KeyRefCount' : [ 0x70, ['unsigned long']],
+    'RecoveryInformation' : [ 0x74, ['pointer', ['void']]],
+    'RecoveryInformationLength' : [ 0x78, ['unsigned long']],
+    'DynamicNameInformation' : [ 0x7c, ['pointer', ['void']]],
+    'DynamicNameInformationLength' : [ 0x80, ['unsigned long']],
+    'FinalNotification' : [ 0x84, ['pointer', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0x88, ['pointer', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0x8c, ['pointer', ['void']]],
+    'SubordinateTxHandle' : [ 0x90, ['pointer', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x94, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0xa4, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0xb4, ['_GUID']],
+    'NextHistory' : [ 0xc4, ['unsigned long']],
+    'History' : [ 0xc8, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'Enabled' : [ 0x4, ['unsigned long']],
+    'DisableAccessLogging' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'MinLoggingPriority' : [ 0x18, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long']],
+} ],
+  '_HMAP_TABLE' : [ 0x2800, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_2454' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2456' : [ 0x10, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_2454']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x20, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0xc, ['__unnamed_2456']],
+    'VerifiedData' : [ 0x1c, ['pointer', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x10, {
+    'SecurityQos' : [ 0x0, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x4, ['pointer', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x8, ['unsigned long']],
+    'FullCreateOptions' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x18, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x8, ['pointer', ['void']]],
+    'SessionViewVa' : [ 0x8, ['pointer', ['void']]],
+    'VadsProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'Type' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SectionOffset' : [ 0x10, ['unsigned long long']],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0xc, {
+    'ActiveThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'WaitList' : [ 0x4, ['pointer', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'DeadPteTrackerSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x8, ['unsigned long']],
+    'MdlTrackerLookaside' : [ 0x40, ['_NPAGED_LOOKASIDE_LIST']],
+    'PteTrackingBitmap' : [ 0x100, ['_RTL_BITMAP']],
+    'CachedPteHeads' : [ 0x108, ['pointer', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0x10c, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPages' : [ 0x144, ['unsigned char']],
+    'QueuedStacks' : [ 0x148, ['_SLIST_HEADER']],
+    'StackGrowthFailures' : [ 0x150, ['unsigned long']],
+    'TrackPtesAborted' : [ 0x154, ['unsigned char']],
+    'AdjustCounter' : [ 0x155, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x158, ['long']],
+    'ReservedMappingTree' : [ 0x15c, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x160, ['pointer', ['_MMPFN']]],
+    'QueuedStacksWorkItem' : [ 0x164, ['_MI_QUEUED_DEADSTACK_WORKITEM']],
+} ],
+  '__unnamed_2468' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0xbc, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2468']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'ParentPartition' : [ 0x10, ['pointer', ['_MI_PARTITION']]],
+    'ListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'NodeInformation' : [ 0x1c, ['pointer', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x20, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x24, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x28, ['unsigned long']],
+    'PfnUnmapWorkItem' : [ 0x2c, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapActive' : [ 0x3c, ['unsigned char']],
+    'PfnUnmapCount' : [ 0x40, ['unsigned long']],
+    'PfnUnmapWaitList' : [ 0x44, ['pointer', ['void']]],
+    'MemoryRuns' : [ 0x48, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x4c, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x5c, ['array', 5, ['pointer', ['void']]]],
+    'PartitionObject' : [ 0x70, ['pointer', ['void']]],
+    'PartitionObjectHandle' : [ 0x74, ['pointer', ['void']]],
+    'DynamicMemoryPushLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0x7c, ['long']],
+    'TemporaryMemoryEvent' : [ 0x80, ['_KEVENT']],
+    'MemoryEvents' : [ 0x90, ['array', 11, ['pointer', ['_KEVENT']]]],
+} ],
+  '__unnamed_2475' : [ 0x4, {
+    'InstancedWorkingSet' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0x64, {
+    'NextPageColor' : [ 0x0, ['unsigned short']],
+    'LastTrimStamp' : [ 0x2, ['unsigned short']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long']],
+    'VmWorkingSetList' : [ 0xc, ['pointer', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x18, ['array', 7, ['unsigned long']]],
+    'ExitOutswapGate' : [ 0x34, ['pointer', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x38, ['unsigned long']],
+    'WorkingSetLeafSize' : [ 0x3c, ['unsigned long']],
+    'WorkingSetLeafPrivateSize' : [ 0x40, ['unsigned long']],
+    'WorkingSetSize' : [ 0x44, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x48, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x4c, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x50, ['unsigned long']],
+    'HardFaultCount' : [ 0x54, ['unsigned long']],
+    'u1' : [ 0x58, ['__unnamed_2475']],
+    'Reserved0' : [ 0x5c, ['unsigned long']],
+    'Flags' : [ 0x60, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x18, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x8, ['unsigned char']],
+    'BlockState' : [ 0x9, ['unsigned char']],
+    'WaitKey' : [ 0xa, ['unsigned short']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0xc, ['pointer', ['_KQUEUE']]],
+    'Object' : [ 0x10, ['pointer', ['void']]],
+    'SparePtr' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x10, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0xc, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x58, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'VolumeLabel' : [ 0x18, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'AcquiredRundown' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'WorkQueue' : [ 0x18, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x40, ['pointer', ['void']]],
+    'AcceptProcessorNotification' : [ 0x44, ['pointer', ['void']]],
+    'AcceptAcpiNotification' : [ 0x48, ['pointer', ['void']]],
+    'WorkOrderCount' : [ 0x4c, ['unsigned long']],
+    'WorkOrders' : [ 0x50, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NT_TIB' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x4, ['pointer', ['void']]],
+    'StackLimit' : [ 0x8, ['pointer', ['void']]],
+    'SubSystemTib' : [ 0xc, ['pointer', ['void']]],
+    'FiberData' : [ 0x10, ['pointer', ['void']]],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['pointer', ['void']]],
+    'Self' : [ 0x18, ['pointer', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x3c, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x8, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x10, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x14, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x18, ['pointer', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x18, ['array', 4, ['pointer', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x18, ['pointer', ['void']]],
+    'SessionId' : [ 0x1c, ['unsigned long']],
+    'Process' : [ 0x28, ['pointer', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['void']]],
+    'Callback' : [ 0x2c, ['pointer', ['void']]],
+    'Index' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x32, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x32, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x32, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x32, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x32, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'EnableMask' : [ 0x34, ['unsigned char']],
+    'GroupEnableMask' : [ 0x35, ['unsigned char']],
+    'UseDescriptorType' : [ 0x36, ['unsigned char']],
+    'Traits' : [ 0x38, ['pointer', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x14c0, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long']],
+    'SystemVaBias' : [ 0x4, ['unsigned long']],
+    'SystemAvailableVaLow' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+    'HyperSpaceEndPte' : [ 0x10, ['pointer', ['_MMPTE']]],
+    'SystemRangeStart' : [ 0x14, ['pointer', ['void']]],
+    'SystemCachePdeCount' : [ 0x18, ['array', 1024, ['unsigned char']]],
+    'SystemCacheReverseMaps' : [ 0x418, ['array', 1024, ['pointer', ['void']]]],
+    'HyperSpaceEnd' : [ 0x1418, ['pointer', ['void']]],
+    'WorkingSetListHashStart' : [ 0x141c, ['pointer', ['_MMWSLE_HASH']]],
+    'WorkingSetListHashEnd' : [ 0x1420, ['pointer', ['_MMWSLE_HASH']]],
+    'WorkingSetListIndirectHashStart' : [ 0x1424, ['pointer', ['_MMWSLE_NONDIRECT_HASH']]],
+    'FreeSystemCacheVa' : [ 0x1428, ['_KEVENT']],
+    'SystemVaLock' : [ 0x1438, ['unsigned long']],
+    'DeleteKvaLock' : [ 0x143c, ['long']],
+    'FreeSystemCache' : [ 0x1440, ['_MI_PTE_CHAIN_HEAD']],
+    'SystemCacheViewLock' : [ 0x1458, ['unsigned long']],
+    'SystemCacheInitLock' : [ 0x145c, ['_EX_PUSH_LOCK']],
+    'UnusableWsles' : [ 0x1460, ['array', 5, ['unsigned long']]],
+    'PossibleWsles' : [ 0x1474, ['array', 5, ['unsigned long']]],
+    'SystemWs' : [ 0x1488, ['array', 3, ['pointer', ['_MMSUPPORT_INSTANCE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x24, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'ReleasedCommitDebt' : [ 0x4, ['unsigned long']],
+    'ResetPagesRepurposedCount' : [ 0x8, ['unsigned long']],
+    'WsSwapSupport' : [ 0xc, ['pointer', ['void']]],
+    'CommitReleaseContext' : [ 0x10, ['pointer', ['void']]],
+    'AccessLog' : [ 0x14, ['pointer', ['void']]],
+    'ChargedWslePages' : [ 0x18, ['unsigned long']],
+    'ActualWslePages' : [ 0x1c, ['unsigned long']],
+    'WorkingSetSizeOverhead' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x4, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x4, {
+    'ImpersonationData' : [ 0x0, ['unsigned long']],
+    'ImpersonationToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x4, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x8, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x10, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x8, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PAE_ENTRY' : [ 0x20, {
+    'PteEntry' : [ 0x0, ['array', 4, ['_MMPTE']]],
+    'PaeEntry' : [ 0x0, ['_PAE_PAGEINFO']],
+    'NextPae' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x10, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CloneCommitCount' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0x8, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_24fb' : [ 0x4, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_SECTION' : [ 0x28, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u1' : [ 0x14, ['__unnamed_24fb']],
+    'SizeOfSection' : [ 0x18, ['unsigned long long']],
+    'u' : [ 0x20, ['__unnamed_1691']],
+    'InitialPageProtection' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x24, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x88, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x8, ['unsigned long']],
+    'ArgumentStatus' : [ 0xc, ['long']],
+    'CallerEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'Callback' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'VetoType' : [ 0x1c, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x20, ['pointer', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x24, ['unsigned long']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'Cancel' : [ 0x2c, ['unsigned char']],
+    'Parent' : [ 0x30, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x34, ['_GUID']],
+    'Data' : [ 0x44, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x8, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x4, ['array', 1, ['pointer', ['void']]]],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x20, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x14, ['long']],
+    'Active' : [ 0x18, ['long']],
+    'FreeWhenDone' : [ 0x1c, ['unsigned char']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x90, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x8, ['unsigned long']],
+    'InDebugger' : [ 0xc, ['long']],
+    'Pfns' : [ 0x10, ['array', 32, ['pointer', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x8, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 31, native_type='unsigned long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x0, ['pointer', ['void']]],
+    'SessionState' : [ 0x4, ['pointer', ['void']]],
+    'SessionId' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x20, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer', ['void']]],
+    'Owner' : [ 0x14, ['pointer', ['void']]],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'Flags' : [ 0x19, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x10, {
+    'ClientToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x8, ['pointer', ['void']]],
+    'ProcessAuditId' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_ETIMER' : [ 0xb8, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'TimerApc' : [ 0x2c, ['_KAPC']],
+    'TimerDpc' : [ 0x5c, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0x7c, ['_LIST_ENTRY']],
+    'Period' : [ 0x84, ['unsigned long']],
+    'TimerFlags' : [ 0x88, ['unsigned char']],
+    'ApcAssociated' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0x88, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0x88, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0x89, ['unsigned char']],
+    'Spare2' : [ 0x8a, ['unsigned short']],
+    'WakeReason' : [ 0x8c, ['pointer', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x98, ['pointer', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x9c, ['_LIST_ENTRY']],
+    'DueTime' : [ 0xa8, ['unsigned long long']],
+    'CoalescingWindow' : [ 0xb0, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x48, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'ResumeItem' : [ 0xc, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'MirroringActive' : [ 0x30, ['unsigned long']],
+    'MirrorBitMaps' : [ 0x34, ['array', 2, ['_RTL_BITMAP']]],
+    'CrashDumpPte' : [ 0x44, ['pointer', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'OldIrql' : [ 0x4, ['unsigned char']],
+    'NewIrql' : [ 0x5, ['unsigned char']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'TickCount' : [ 0x8, ['unsigned long']],
+    'StackTrace' : [ 0xc, ['array', 5, ['pointer', ['void']]]],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x8, {
+    'OwnerThread' : [ 0x0, ['unsigned long']],
+    'IoPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Entry' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x4, {
+    'ImageFileName' : [ 0x0, ['pointer', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x180, {
+    'IdleStates' : [ 0x0, ['pointer', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x4, ['pointer', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x20, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x28, ['unsigned char']],
+    'PepWokenTransition' : [ 0x29, ['unsigned char']],
+    'EfficiencyClass' : [ 0x2a, ['unsigned char']],
+    'SchedulingClass' : [ 0x2b, ['unsigned char']],
+    'TargetIdleState' : [ 0x2c, ['unsigned long']],
+    'IdlePolicy' : [ 0x30, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x38, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x40, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower', 3: 'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xcc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xd0, ['unsigned long']],
+    'WmiInterfaceEnabled' : [ 0xd4, ['long']],
+    'FFHThrottleStateInfo' : [ 0xd8, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0xf8, ['_KDPC']],
+    'PerfActionMask' : [ 0x118, ['long']],
+    'HvIdleCheck' : [ 0x120, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x130, ['pointer', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x134, ['pointer', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x138, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x13c, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x140, ['pointer', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x144, ['pointer', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x148, ['unsigned char']],
+    'HvTargetState' : [ 0x149, ['unsigned char']],
+    'Parked' : [ 0x14a, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x14c, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x150, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x154, ['unsigned long']],
+    'RelativePerformance' : [ 0x158, ['unsigned long']],
+    'Utility' : [ 0x15c, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x160, ['unsigned long']],
+    'SnapTimeLast' : [ 0x168, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x168, ['unsigned long long']],
+    'ActiveTime' : [ 0x170, ['unsigned long long']],
+    'TotalTime' : [ 0x178, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x100, {
+    'DeleteSubsectionCleanup' : [ 0x0, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x10, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x20, ['unsigned long']],
+    'DereferenceSegmentHeader' : [ 0x24, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x40, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x48, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0x70, ['unsigned char']],
+    'DeleteOnCloseCount' : [ 0x74, ['unsigned long']],
+    'UnusedSegmentList' : [ 0x78, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0x80, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0x88, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0x90, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0xa0, ['_SINGLE_LIST_ENTRY']],
+    'SegmentListLock' : [ 0xc0, ['long']],
+    'ControlAreaCount' : [ 0xc8, ['long long']],
+} ],
+  '_KiIoAccessMap' : [ 0x2024, {
+    'DirectionMap' : [ 0x0, ['array', 32, ['unsigned char']]],
+    'IoMap' : [ 0x20, ['array', 8196, ['unsigned char']]],
+} ],
+  '_MI_RESAVAIL_TRACKER' : [ 0x200, {
+    'AllocateKernelStack' : [ 0x0, ['unsigned long']],
+    'AllocateGrowKernelStack' : [ 0x4, ['unsigned long']],
+    'FreeKernelStack' : [ 0x8, ['unsigned long']],
+    'FreeKernelStackError' : [ 0xc, ['unsigned long']],
+    'FreeGrowKernelStackError' : [ 0x10, ['unsigned long']],
+    'AllocateCreateProcess' : [ 0x14, ['unsigned long']],
+    'FreeCreateProcessError' : [ 0x18, ['unsigned long']],
+    'FreeDeleteProcess' : [ 0x1c, ['unsigned long']],
+    'FreeCleanProcess' : [ 0x20, ['unsigned long']],
+    'FreeCleanProcessError' : [ 0x24, ['unsigned long']],
+    'AllocateWsIncrease' : [ 0x28, ['unsigned long']],
+    'FreeWsIncreaseError' : [ 0x2c, ['unsigned long']],
+    'FreeWsIncreaseErrorMax' : [ 0x30, ['unsigned long']],
+    'FreeWsDecrease' : [ 0x34, ['unsigned long']],
+    'AllocateWorkingSetPage' : [ 0x38, ['unsigned long']],
+    'FreeWorkingSetPageError' : [ 0x3c, ['unsigned long']],
+    'FreeDeletePteRange' : [ 0x40, ['unsigned long']],
+    'AllocatePageTablesForProcessMetadata' : [ 0x44, ['unsigned long']],
+    'AllocatePageTablesForSystem' : [ 0x48, ['unsigned long']],
+    'FreePageTablesExcess' : [ 0x4c, ['unsigned long']],
+    'FreeSystemVaPageTables' : [ 0x50, ['unsigned long']],
+    'FreeSessionVaPageTables' : [ 0x54, ['unsigned long']],
+    'AllocateCreateSession' : [ 0x58, ['unsigned long']],
+    'FreeSessionWsDereference' : [ 0x5c, ['unsigned long']],
+    'FreeSessionDereference' : [ 0x60, ['unsigned long']],
+    'AllocateLockedSessionImage' : [ 0x64, ['unsigned long']],
+    'FreeLockedSessionImage' : [ 0x68, ['unsigned long']],
+    'FreeSessionImageConversion' : [ 0x6c, ['unsigned long']],
+    'AllocateWsAdjustPageTable' : [ 0x70, ['unsigned long']],
+    'FreeWsAdjustPageTable' : [ 0x74, ['unsigned long']],
+    'FreeWsAdjustPageTableError' : [ 0x78, ['unsigned long']],
+    'AllocateNoLowMemory' : [ 0x7c, ['unsigned long']],
+    'AllocatePagedPoolLockedDown' : [ 0x80, ['unsigned long']],
+    'FreePagedPoolLockedDown' : [ 0x84, ['unsigned long']],
+    'AllocateSystemBitmaps' : [ 0x88, ['unsigned long']],
+    'FreeSystemBitmapsError' : [ 0x8c, ['unsigned long']],
+    'AllocateForMdl' : [ 0x90, ['unsigned long']],
+    'FreeFromMdl' : [ 0x94, ['unsigned long']],
+    'AllocateForMdlPartition' : [ 0x98, ['unsigned long']],
+    'FreeFromMdlPartition' : [ 0x9c, ['unsigned long']],
+    'FreeMdlExcess' : [ 0xa0, ['unsigned long']],
+    'AllocateExpansionNonPagedPool' : [ 0xa4, ['unsigned long']],
+    'FreeExpansionNonPagedPool' : [ 0xa8, ['unsigned long']],
+    'AllocateVad' : [ 0xac, ['unsigned long']],
+    'RemoveVad' : [ 0xb0, ['unsigned long']],
+    'FreeVad' : [ 0xb4, ['unsigned long']],
+    'AllocateContiguous' : [ 0xb8, ['unsigned long']],
+    'FreeContiguousPages' : [ 0xbc, ['unsigned long']],
+    'FreeContiguousError' : [ 0xc0, ['unsigned long']],
+    'FreeLargePageMemory' : [ 0xc4, ['unsigned long']],
+    'AllocateSystemWsles' : [ 0xc8, ['unsigned long']],
+    'FreeSystemWsles' : [ 0xcc, ['unsigned long']],
+    'AllocateSystemInitWs' : [ 0xd0, ['unsigned long']],
+    'AllocateSessionInitWs' : [ 0xd4, ['unsigned long']],
+    'FreeSessionInitWsError' : [ 0xd8, ['unsigned long']],
+    'AllocateSystemImage' : [ 0xdc, ['unsigned long']],
+    'AllocateSystemImageLoad' : [ 0xe0, ['unsigned long']],
+    'AllocateSessionSharedImage' : [ 0xe4, ['unsigned long']],
+    'FreeSystemImageInitCode' : [ 0xe8, ['unsigned long']],
+    'FreeSystemImageLargePageConversion' : [ 0xec, ['unsigned long']],
+    'FreeSystemImageError' : [ 0xf0, ['unsigned long']],
+    'FreeSystemImageLoadExcess' : [ 0xf4, ['unsigned long']],
+    'FreeUnloadSystemImage' : [ 0xf8, ['unsigned long']],
+    'FreeReloadBootImageLarge' : [ 0xfc, ['unsigned long']],
+    'FreeIndependent' : [ 0x100, ['unsigned long']],
+    'AllocateHotRemove' : [ 0x104, ['unsigned long']],
+    'FreeHotAdd' : [ 0x108, ['unsigned long']],
+    'AllocateBoot' : [ 0x10c, ['unsigned long']],
+    'FreeLoaderBlock' : [ 0x110, ['unsigned long']],
+    'AllocateNonPagedSpecialPool' : [ 0x114, ['unsigned long']],
+    'FreeNonPagedSpecialPoolError' : [ 0x118, ['unsigned long']],
+    'FreeNonPagedSpecialPool' : [ 0x11c, ['unsigned long']],
+    'AllocateSharedSegmentPage' : [ 0x120, ['unsigned long']],
+    'FreeSharedSegmentPage' : [ 0x124, ['unsigned long']],
+    'AllocateZeroPage' : [ 0x128, ['unsigned long']],
+    'FreeZeroPage' : [ 0x12c, ['unsigned long']],
+    'AllocateForPo' : [ 0x130, ['unsigned long']],
+    'AllocateForPoForce' : [ 0x134, ['unsigned long']],
+    'FreeForPo' : [ 0x138, ['unsigned long']],
+    'AllocateThreadHardFaultBehavior' : [ 0x13c, ['unsigned long']],
+    'FreeThreadHardFaultBehavior' : [ 0x140, ['unsigned long']],
+    'ObtainFaultCharges' : [ 0x144, ['unsigned long']],
+    'FreeFaultCharges' : [ 0x148, ['unsigned long']],
+    'AllocateStoreCharges' : [ 0x14c, ['unsigned long']],
+    'FreeStoreCharges' : [ 0x150, ['unsigned long']],
+    'ObtainLockedPageCharge' : [ 0x180, ['unsigned long']],
+    'FreeLockedPageCharge' : [ 0x1c0, ['unsigned long']],
+    'AllocateStore' : [ 0x1c4, ['unsigned long']],
+    'FreeStore' : [ 0x1c8, ['unsigned long']],
+    'AllocateSystemImageProtos' : [ 0x1cc, ['unsigned long']],
+    'FreeSystemImageProtos' : [ 0x1d0, ['unsigned long']],
+    'AllocateModWriterCharge' : [ 0x1d4, ['unsigned long']],
+    'FreeModWriterCharge' : [ 0x1d8, ['unsigned long']],
+    'AllocateMappedWriterCharge' : [ 0x1dc, ['unsigned long']],
+    'FreeMappedWriterCharge' : [ 0x1e0, ['unsigned long']],
+    'AllocateRegistryCharges' : [ 0x1e4, ['unsigned long']],
+    'FreeRegistryCharges' : [ 0x1e8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x14, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x154, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'State' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x1c, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x3c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x50, ['_GUID']],
+    'NotificationQueue' : [ 0x60, ['_KQUEUE']],
+    'NotificationMutex' : [ 0x88, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0xa8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xb0, ['unsigned long']],
+    'NotificationRoutine' : [ 0xb4, ['pointer', ['void']]],
+    'Key' : [ 0xb8, ['pointer', ['void']]],
+    'ProtocolListHead' : [ 0xbc, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0xc4, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0xcc, ['_LIST_ENTRY']],
+    'Tm' : [ 0xd4, ['pointer', ['_KTM']]],
+    'Description' : [ 0xd8, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0xe0, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x140, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_POP_FX_DEVICE' : [ 0x188, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DevNode' : [ 0x1c, ['pointer', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x20, ['pointer', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x24, ['pointer', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x28, ['pointer', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x2c, ['pointer', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x30, ['pointer', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x38, ['pointer', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x3c, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0x58, ['pointer', ['void']]],
+    'AcpiLink' : [ 0x5c, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0x64, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0x6c, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x84, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x9c, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0xb8, ['unsigned long']],
+    'IdleTimer' : [ 0xc0, ['_KTIMER']],
+    'IdleDpc' : [ 0xe8, ['_KDPC']],
+    'IdleTimeout' : [ 0x108, ['unsigned long long']],
+    'IdleStamp' : [ 0x110, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x118, ['array', 2, ['pointer', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x120, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x128, ['array', 2, ['pointer', ['void']]]],
+    'NextIrpCallerContext' : [ 0x130, ['array', 2, ['pointer', ['void']]]],
+    'IrpCompleteEvent' : [ 0x138, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x148, ['pointer', ['void']]],
+    'Accounting' : [ 0x150, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x178, ['unsigned long']],
+    'ComponentCount' : [ 0x17c, ['unsigned long']],
+    'Components' : [ 0x180, ['pointer', ['pointer', ['_POP_FX_COMPONENT']]]],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x40, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x8, ['short']],
+    'SpecialApcDisable' : [ 0xa, ['short']],
+    'CombinedApcDisable' : [ 0x8, ['unsigned long']],
+    'Irql' : [ 0xc, ['unsigned char']],
+    'StackTrace' : [ 0x10, ['array', 12, ['pointer', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x4, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_QUEUED_DEADSTACK_WORKITEM' : [ 0x14, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x8, {
+    'Key' : [ 0x0, ['pointer', ['void']]],
+    'Index' : [ 0x4, ['unsigned long']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Processors' : [ 0x4, ['unsigned long']],
+    'ActiveProcessors' : [ 0x8, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x8, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x4, ['unsigned long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0x80, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x38, ['pointer', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x3c, ['pointer', ['void']]],
+    'Lock' : [ 0x40, ['long']],
+} ],
+  '_FLOATING_SAVE_AREA' : [ 0x70, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+    'Spare0' : [ 0x6c, ['unsigned long']],
+} ],
+  '__unnamed_25a7' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_25a9' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_25a7']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x44, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x30, ['pointer', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x34, ['_LIST_ENTRY']],
+    'Specific' : [ 0x3c, ['__unnamed_25a9']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0xc, {
+    'ChainLink' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'Context' : [ 0xc, ['pointer', ['void']]],
+    'CompletionState' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x14, ['unsigned long']],
+    'Status' : [ 0x18, ['long']],
+    'Information' : [ 0x1c, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x4, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer', ['_VI_POOL_ENTRY']]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x4, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0xa4, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x4, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x8, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x18, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'ServerSectionBase' : [ 0x24, ['pointer', ['void']]],
+    'PortContext' : [ 0x28, ['pointer', ['void']]],
+    'ClientThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x3c, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0x78, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0x80, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MappingProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0x8c, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0x8e, ['unsigned short']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'WaitEvent' : [ 0x94, ['_KEVENT']],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x10, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x4, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0xc, ['unsigned short']],
+    'Name' : [ 0xe, ['array', 1, ['wchar']]],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_RTL_SRWLOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x100, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 62, ['pointer', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x10, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x4, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x8, ['pointer', ['unsigned long']]],
+    'Conflicts' : [ 0xc, ['pointer', ['pointer', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x160, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb8, ['array', 21, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0xcc0, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long']],
+    'HighestPhysicalPage' : [ 0x4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x8, ['unsigned long']],
+    'NumberOfPagingFiles' : [ 0xc, ['unsigned long']],
+    'PagingFile' : [ 0x10, ['array', 16, ['pointer', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0x80, ['unsigned long']],
+    'ResidentAvailablePages' : [ 0xc0, ['unsigned long']],
+    'PartitionWs' : [ 0x100, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x164, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'SystemCacheInitialized' : [ 0x238, ['unsigned char']],
+    'TotalCommittedPages' : [ 0x23c, ['unsigned long']],
+    'ModifiedPageListHead' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x280, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x294, ['unsigned long']],
+    'TotalPagesForPagingFile' : [ 0x298, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x29c, ['unsigned long']],
+    'ProcessLockedFilePages' : [ 0x2a0, ['unsigned long']],
+    'ChargeCommitmentFailures' : [ 0x2a4, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x2b4, ['long']],
+    'PageFileTraces' : [ 0x2b8, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x8, {
+    'Process' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'HandleCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x10, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x50, {
+    'Context' : [ 0x0, ['pointer', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x44, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x4c, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x50, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'RebalanceReasonUnknown', 1: 'RebalanceReasonRequirementsChanged', 2: 'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'RebalanceFailureNone', 1: 'RebalanceFailureDisabled', 2: 'RebalanceFailureNoMemory', 3: 'RebalanceFailureQueryStopUnexpectedVeto', 4: 'RebalanceFailureNoRequirements', 5: 'RebalanceFailureNoCandidates', 6: 'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x1c, ['unsigned char']],
+    'TriggerRoot' : [ 0x20, ['pointer', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x24, ['unsigned char']],
+    'BeginTime' : [ 0x28, ['unsigned long long']],
+    'VetoNode' : [ 0x30, ['array', 2, ['pointer', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x38, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceQueryRebalanceSucceeded', 1: 'DeviceQueryStopFailed', 2: 'DeviceFailedGetNewResourceRequirement', 3: 'DeviceInUnexpectedState', 4: 'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x40, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x14, {
+    'BlockOffset' : [ 0x0, ['unsigned long']],
+    'PermanentBinAddress' : [ 0x4, ['unsigned long']],
+    'TemporaryBinAddress' : [ 0x8, ['unsigned long']],
+    'TemporaryBinRundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+    'MemAlloc' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_260c' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x108, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x34, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x38, ['pointer', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x40, ['unsigned long long']],
+    'SleepTime' : [ 0x48, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x50, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x60, ['array', 3, ['__unnamed_260c']]],
+    'WakeAlarmPaused' : [ 0xa8, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb0, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xb8, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'Stamp' : [ 0x10, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_WNF_LOCK' : [ 0x4, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x3c, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x10, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x14, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x28, ['long']],
+    'Gate' : [ 0x2c, ['_KGATE']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x10, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'StackLimit' : [ 0x4, ['unsigned long']],
+    'KernelStack' : [ 0x8, ['unsigned long']],
+    'InitialStack' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x1c, {
+    'ComponentActive' : [ 0x0, ['pointer', ['void']]],
+    'ComponentIdle' : [ 0x4, ['pointer', ['void']]],
+    'ComponentIdleState' : [ 0x8, ['pointer', ['void']]],
+    'DevicePowerRequired' : [ 0xc, ['pointer', ['void']]],
+    'DevicePowerNotRequired' : [ 0x10, ['pointer', ['void']]],
+    'PowerControl' : [ 0x14, ['pointer', ['void']]],
+    'ComponentCriticalTransition' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_WAITING_IRP' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'CompletionRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'Information' : [ 0x18, ['unsigned long']],
+    'BreakAllRH' : [ 0x1c, ['unsigned char']],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x88, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x20, ['unsigned long long']],
+    'UnscaledTime' : [ 0x28, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x30, ['long long']],
+    'ScaledTime' : [ 0x38, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x48, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x50, ['unsigned long long']],
+    'UserTimeLast' : [ 0x58, ['unsigned long']],
+    'KernelTimeLast' : [ 0x5c, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x60, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x68, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x80, ['unsigned char']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x320, {
+    'ContextFrame' : [ 0x0, ['_CONTEXT']],
+    'SpecialRegisters' : [ 0x2cc, ['_KSPECIAL_REGISTERS']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x28, {
+    'InstantaneousRead' : [ 0x0, ['pointer', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'Scaling' : [ 0x22, ['unsigned char']],
+    'Context' : [ 0x24, ['unsigned long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'Hint' : [ 0x10, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x58, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x8, ['pointer', ['void']]],
+    'ProcessObject' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x10, ['pointer', ['void']]],
+    'RealtimeConnectContext' : [ 0x14, ['pointer', ['void']]],
+    'DisconnectEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x1c, ['pointer', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x20, ['pointer', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x24, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x28, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x2c, ['unsigned long']],
+    'LoggerId' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned char']],
+    'ShutDownRequested' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x34, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x40, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x44, ['unsigned long']],
+    'UserPagesReused' : [ 0x48, ['unsigned long']],
+    'EventsLostCount' : [ 0x4c, ['pointer', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x50, ['pointer', ['unsigned long']]],
+    'SiloState' : [ 0x54, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_PAE_PAGEINFO' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'PageFrameNumber' : [ 0x8, ['unsigned long']],
+    'EntriesInUse' : [ 0xc, ['unsigned long']],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x140, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x28, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x30, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x38, ['unsigned long']],
+    'ClonedPageCount' : [ 0x40, ['unsigned long long']],
+    'CurrentMap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x4c, ['pointer', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x50, ['unsigned long']],
+    'LoaderMdl' : [ 0x54, ['pointer', ['_MDL']]],
+    'AllocatedMdl' : [ 0x58, ['pointer', ['_MDL']]],
+    'PagesOut' : [ 0x60, ['unsigned long long']],
+    'IoPages' : [ 0x68, ['pointer', ['void']]],
+    'IoPagesCount' : [ 0x6c, ['unsigned long']],
+    'CurrentMcb' : [ 0x70, ['pointer', ['void']]],
+    'DumpStack' : [ 0x74, ['pointer', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x78, ['pointer', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0x7c, ['unsigned long']],
+    'Status' : [ 0x80, ['long']],
+    'GraphicsProc' : [ 0x84, ['unsigned long']],
+    'MemoryImage' : [ 0x88, ['pointer', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0x8c, ['pointer', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0x90, ['pointer', ['_MDL']]],
+    'SiLogOffset' : [ 0x94, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0x98, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0x9c, ['pointer', ['void']]],
+    'ResumeContext' : [ 0xa0, ['pointer', ['void']]],
+    'ResumeContextPages' : [ 0xa4, ['unsigned long']],
+    'ProcessorCount' : [ 0xa8, ['unsigned long']],
+    'ProcessorContext' : [ 0xac, ['pointer', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0xb0, ['pointer', ['unsigned char']]],
+    'ProdConsSize' : [ 0xb4, ['unsigned long']],
+    'MaxDataPages' : [ 0xb8, ['unsigned long']],
+    'ExtraBuffer' : [ 0xbc, ['pointer', ['void']]],
+    'ExtraBufferSize' : [ 0xc0, ['unsigned long']],
+    'ExtraMapVa' : [ 0xc4, ['pointer', ['void']]],
+    'BitlockerKeyPFN' : [ 0xc8, ['unsigned long']],
+    'IoInfo' : [ 0xd0, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x130, ['pointer', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x134, ['unsigned long']],
+    'HardwareConfigurationSignature' : [ 0x138, ['unsigned long']],
+} ],
+  '__unnamed_2673' : [ 0x4, {
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_2673']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_267a' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0x6c, {
+    'Parent' : [ 0x0, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x4, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0xc, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'Root' : [ 0x1c, ['pointer', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x20, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x24, ['__unnamed_267a']],
+    'ChildrenCount' : [ 0x28, ['long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'ParentStackTrace' : [ 0x4c, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x8, {
+    'p' : [ 0x0, ['pointer', ['void']]],
+    'RangeSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long']],
+    'TotalCommitLimitMaximum' : [ 0x4, ['unsigned long']],
+    'Popups' : [ 0x8, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x10, ['unsigned long']],
+    'HighCommitThreshold' : [ 0x14, ['unsigned long']],
+    'EventLock' : [ 0x18, ['unsigned long']],
+    'SystemCommitReserve' : [ 0x1c, ['unsigned long']],
+    'OverCommit' : [ 0x40, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x2c, {
+    'Sibling' : [ 0x0, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'CallerType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x8, ['unsigned long']],
+    'DevicePathOffset' : [ 0xc, ['unsigned long']],
+    'ReasonOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x38, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x2c, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x24, {
+    'InitiatingThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ThreadId' : [ 0x8, ['pointer', ['void']]],
+    'ProcessId' : [ 0xc, ['pointer', ['void']]],
+    'Code' : [ 0x10, ['unsigned long']],
+    'Parameter1' : [ 0x14, ['unsigned long']],
+    'Parameter2' : [ 0x18, ['unsigned long']],
+    'Parameter3' : [ 0x1c, ['unsigned long']],
+    'Parameter4' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x2c, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ProbeMode' : [ 0x8, ['unsigned char']],
+    'PagedPoolCharge' : [ 0xc, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x10, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x14, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x18, ['pointer', ['void']]],
+    'SecurityQos' : [ 0x1c, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x20, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x40f0, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x14, ['unsigned long']],
+    'ResourceAddressRange' : [ 0x18, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x2010, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x2014, ['unsigned long']],
+    'ThreadAddressRange' : [ 0x2018, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x4010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x4014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x4018, ['unsigned long']],
+    'NodesSearched' : [ 0x401c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x4020, ['unsigned long']],
+    'SequenceNumber' : [ 0x4024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x4028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x402c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x4030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x4034, ['unsigned long']],
+    'StackLimitHits' : [ 0x4038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x403c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x4040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x4044, ['unsigned long']],
+    'TotalReleases' : [ 0x4048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x404c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x4050, ['unsigned long']],
+    'Instigator' : [ 0x4054, ['pointer', ['void']]],
+    'NumberOfParticipants' : [ 0x4058, ['unsigned long']],
+    'Participant' : [ 0x405c, ['array', 32, ['pointer', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x40dc, ['long']],
+    'StackType' : [ 0x40e0, ['Enumeration', dict(target = 'long', choices = {0: 'BugcheckStackLimits', 1: 'DPCStackLimits', 2: 'ExpandedStackLimits', 3: 'NormalStackLimits', 4: 'Win32kStackLimits', 5: 'SwapBusyStackLimits', 6: 'IsrStackLimits', 7: 'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x40e4, ['unsigned long']],
+    'StackHighLimit' : [ 0x40e8, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x10, ['pointer', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x14, ['pointer', ['void']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x328, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long']],
+    'PageSize' : [ 0x14, ['unsigned long']],
+    'SystemTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x20, ['unsigned long long']],
+    'FeatureFlags' : [ 0x28, ['unsigned long long']],
+    'HiberFlags' : [ 0x30, ['unsigned char']],
+    'spare' : [ 0x31, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x34, ['unsigned long']],
+    'HiberVa' : [ 0x38, ['unsigned long']],
+    'NoFreePages' : [ 0x3c, ['unsigned long']],
+    'FreeMapCheck' : [ 0x40, ['unsigned long']],
+    'WakeCheck' : [ 0x44, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x48, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x50, ['unsigned long']],
+    'FirstKernelRestorePage' : [ 0x54, ['unsigned long']],
+    'FirstChecksumRestorePage' : [ 0x58, ['unsigned long']],
+    'NoChecksumEntries' : [ 0x60, ['unsigned long long']],
+    'PerfInfo' : [ 0x68, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x250, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x254, ['array', 1, ['unsigned long']]],
+    'SiLogOffset' : [ 0x258, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x25c, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x260, ['array', 24, ['unsigned long']]],
+    'NotUsed' : [ 0x2c0, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x2c4, ['unsigned long']],
+    'ResumeContextPages' : [ 0x2c8, ['unsigned long']],
+    'Hiberboot' : [ 0x2cc, ['unsigned char']],
+    'HvCr3' : [ 0x2d0, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x2d8, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x2e0, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x2e8, ['unsigned long long']],
+    'BootFlags' : [ 0x2f0, ['unsigned long long']],
+    'HalEntryPointPhysical' : [ 0x2f8, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x300, ['unsigned long']],
+    'BitlockerKeyPfns' : [ 0x304, ['array', 4, ['unsigned long']]],
+    'HardwareSignature' : [ 0x314, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x318, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x320, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x324, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x325, ['unsigned char']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x10, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x20, ['pointer', ['_KDPC']]],
+    'Period' : [ 0x24, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x4, {
+    'PageHashes' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x8, ['unsigned long']],
+    'Alternatives' : [ 0xc, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'WorkSpace' : [ 0x1c, ['long']],
+    'InterfaceType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x24, ['unsigned long']],
+    'BusNumber' : [ 0x28, ['unsigned long']],
+    'Assignment' : [ 0x2c, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x30, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x38, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x4, ['long']],
+    'PrefetchSeekThreshold' : [ 0x8, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x24, ['unsigned long']],
+    'DelayPageFaults' : [ 0x28, ['long']],
+    'FileCompressionBoundary' : [ 0x2c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x80, {
+    'TransitionSharedPages' : [ 0x0, ['unsigned long']],
+    'TransitionSharedPagesPeak' : [ 0x4, ['array', 3, ['unsigned long']]],
+    'FirstDecayPage' : [ 0x10, ['unsigned long']],
+    'PfnDecayFreeSList' : [ 0x18, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x24, ['_KDPC']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x4, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x128, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x104, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x124, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x8, ['pointer', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x1c, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'InitialInPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x8, ['pointer', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0xc, ['unsigned long']],
+    'Node' : [ 0x10, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x18, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0x50, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Type' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_PTE_TRACKER' : [ 0x44, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'Count' : [ 0xc, ['unsigned long']],
+    'SystemVa' : [ 0x10, ['pointer', ['void']]],
+    'StartVa' : [ 0x14, ['pointer', ['void']]],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'IoMapping' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x24, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x24, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x24, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x24, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x28, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x18, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Next' : [ 0x14, ['pointer', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0xc, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0xa8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'MinimumSize' : [ 0x8, ['unsigned long']],
+    'FreeSpace' : [ 0xc, ['unsigned long']],
+    'PeakUsage' : [ 0x10, ['unsigned long']],
+    'HighestPage' : [ 0x14, ['unsigned long']],
+    'FreeReservationSpace' : [ 0x18, ['unsigned long']],
+    'File' : [ 0x1c, ['pointer', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x20, ['array', 2, ['pointer', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x28, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x30, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x38, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x3c, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x40, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x44, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x48, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x4c, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x50, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x54, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0x5c, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0x64, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0x6c, ['pointer', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0x70, ['unsigned long']],
+    'HybridPriority' : [ 0x70, ['unsigned long']],
+    'PageFileNumber' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x76, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x76, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0x77, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0x77, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0x78, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0x7c, ['unsigned long']],
+    'PageHash' : [ 0x80, ['pointer', ['unsigned long']]],
+    'FileHandle' : [ 0x84, ['pointer', ['void']]],
+    'Lock' : [ 0x88, ['unsigned long']],
+    'LockOwner' : [ 0x8c, ['pointer', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0x90, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x94, ['pointer', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x98, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x88, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x8, ['array', 32, ['unsigned long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HVIEW_MAP' : [ 0x320, {
+    'MappedLength' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'Directory' : [ 0xc, ['pointer', ['_HVIEW_MAP_DIRECTORY']]],
+    'PagesCharged' : [ 0x10, ['unsigned long']],
+    'PinLog' : [ 0x18, ['_HVIEW_MAP_PIN_LOG']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x1c, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x10, ['long']],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'WatchdogTimerInfo' : [ 0x18, ['pointer', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x10, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x8, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x4, ['_RTL_AVL_TREE']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x28, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x18, ['unsigned long']],
+    'ModuleSize' : [ 0x1c, ['unsigned long']],
+    'Offset' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_2721' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2723' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2721']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2723']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x204, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'HashTable' : [ 0x4, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_RELATION_LIST' : [ 0x8, {
+    'DeviceObjectList' : [ 0x0, ['pointer', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x4, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x8, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x4, ['pointer', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x50, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 1, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'LowboxMap' : [ 0xc, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x60, {
+    'DumpMdl' : [ 0x0, ['pointer', ['_MDL']]],
+    'IoStatus' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'IoReady', 1: 'IoPending', 2: 'IoDone'})]],
+    'IoStartCount' : [ 0x8, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x10, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x18, ['unsigned long long']],
+    'RequestSize' : [ 0x20, ['unsigned long long']],
+    'IoLocation' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x30, ['unsigned long long']],
+    'Buffer' : [ 0x38, ['pointer', ['void']]],
+    'AsyncCapable' : [ 0x3c, ['unsigned char']],
+    'BytesToRead' : [ 0x40, ['unsigned long long']],
+    'Pages' : [ 0x48, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x50, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x58, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x38, {
+    'SidHash' : [ 0x0, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x8, ['pointer', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0xc, ['_LUID']],
+    'TokenType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x1c, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'AppContainerNumber' : [ 0x24, ['unsigned long']],
+    'PackageSid' : [ 0x28, ['pointer', ['void']]],
+    'CapabilitiesHash' : [ 0x2c, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x30, ['pointer', ['void']]],
+    'SecurityAttributes' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0xd4, {
+    'NextSlot' : [ 0x0, ['unsigned long']],
+    'NextAgingSlot' : [ 0x4, ['unsigned long']],
+    'NextAccessClearingSlot' : [ 0x8, ['unsigned long']],
+    'LastAccessClearingRemainder' : [ 0xc, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x10, ['unsigned long']],
+    'ActiveWsleCounts' : [ 0x14, ['array', 16, ['unsigned long']]],
+    'ActiveWsles' : [ 0x54, ['array', 16, ['_MI_ACTIVE_WSLE_LISTHEAD']]],
+} ],
+  '_MIPFNBLINK' : [ 0x4, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 28, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x0, ['long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x1c, {
+    'SourceProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x4, ['pointer', ['void']]],
+    'Object' : [ 0x8, ['pointer', ['void']]],
+    'TargetAccess' : [ 0xc, ['unsigned long']],
+    'ObjectInfo' : [ 0x10, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x10, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0xc, ['pointer', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x14, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x8, ['pointer', ['void']]],
+    'Key' : [ 0xc, ['unsigned long']],
+    'BindingProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+} ],
+  '__unnamed_275f' : [ 0x20, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x1c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x50, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long']],
+    'ModifiedPagesTotal' : [ 0x1c, ['unsigned long']],
+    'ModifiedPagefilePages' : [ 0x20, ['unsigned long']],
+    'ModifiedNoWritePages' : [ 0x24, ['unsigned long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x28, ['unsigned long']],
+    'MdlHack' : [ 0x2c, ['__unnamed_275f']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x10, {
+    'Va' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'Pattern' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0x8, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0x8, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_276c' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_276c']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x30, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x1c, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x20, ['unsigned long']],
+    'Counters' : [ 0x24, ['array', 2, ['unsigned long']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x4, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '__unnamed_277d' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_2780' : [ 0x4, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x4c, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x28, ['__unnamed_277d']],
+    'Subsection' : [ 0x2c, ['pointer', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x30, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x34, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x38, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x40, ['pointer', ['_EPROCESS']]],
+    'u4' : [ 0x44, ['__unnamed_2780']],
+    'FileObject' : [ 0x48, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x408, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_KTM' : [ 0x238, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x4, ['_KMUTANT']],
+    'State' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x28, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x3c, ['_GUID']],
+    'Flags' : [ 0x4c, ['unsigned long']],
+    'VolatileFlags' : [ 0x50, ['unsigned long']],
+    'LogFileName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x5c, ['pointer', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0x60, ['pointer', ['void']]],
+    'LogManagementContext' : [ 0x64, ['pointer', ['void']]],
+    'Transactions' : [ 0x68, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0xc8, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x128, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x148, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x150, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x158, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x178, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x180, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x188, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x190, ['pointer', ['void']]],
+    'TmRm' : [ 0x194, ['pointer', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x198, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x1b8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x1c0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x1d0, ['_ERESOURCE']],
+    'LogFlags' : [ 0x208, ['unsigned long']],
+    'LogFullStatus' : [ 0x20c, ['long']],
+    'RecoveryStatus' : [ 0x210, ['long']],
+    'LastCheckBaseLsn' : [ 0x218, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x220, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x228, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x8, {
+    'CurrentIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'PendingIrpList' : [ 0x4, ['pointer', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x2c, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x8, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x14, ['pointer', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x18, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x18, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0xa8, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x34, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'PackagedBinary' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x34, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x34, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x34, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x34, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x34, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x34, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x34, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x34, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x34, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x34, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x34, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x34, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x34, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x34, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x34, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x34, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x34, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x34, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x34, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x34, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x38, ['unsigned short']],
+    'TlsIndex' : [ 0x3a, ['unsigned short']],
+    'HashLinks' : [ 0x3c, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x48, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x4c, ['pointer', ['void']]],
+    'DdagNode' : [ 0x50, ['pointer', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0x54, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0x5c, ['pointer', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0x60, ['pointer', ['void']]],
+    'SwitchBackContext' : [ 0x64, ['pointer', ['void']]],
+    'BaseAddressIndexNode' : [ 0x68, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0x74, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0x80, ['unsigned long']],
+    'LoadTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x90, ['unsigned long']],
+    'LoadReason' : [ 0x94, ['Enumeration', dict(target = 'long', choices = {0: 'LoadReasonStaticDependency', 1: 'LoadReasonStaticForwarderDependency', 2: 'LoadReasonDynamicForwarderDependency', 3: 'LoadReasonDelayloadDependency', 4: 'LoadReasonDynamicLoad', 5: 'LoadReasonAsImageLoad', 6: 'LoadReasonAsDataLoad', -1: 'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x98, ['unsigned long']],
+    'ReferenceCount' : [ 0x9c, ['unsigned long']],
+    'DependentLoadFlags' : [ 0xa0, ['unsigned long']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'DueTickCount' : [ 0xc, ['unsigned long']],
+    'Inserted' : [ 0x10, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x11, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x12, ['unsigned short']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x1d0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x38, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0x70, ['unsigned long']],
+    'NumberOfMappedMdlsInUse' : [ 0x74, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0x78, ['unsigned long']],
+    'MappedFileHeader' : [ 0x7c, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0x94, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0x95, ['unsigned char']],
+    'TransitionInserted' : [ 0x96, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0x98, ['long']],
+    'LastMappedWriteError' : [ 0x9c, ['long']],
+    'MappedFileWriteSucceeded' : [ 0xa0, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0xa4, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xa8, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0xac, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0xbc, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0xc0, ['unsigned long']],
+    'ModifiedPageWriterEvent' : [ 0xc4, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0xd4, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0xe4, ['long']],
+    'WriteAllMappedPages' : [ 0xe8, ['long']],
+    'MappedPageWriterEvent' : [ 0xec, ['_KEVENT']],
+    'ModWriteData' : [ 0x100, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x130, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x140, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x158, ['pointer', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x15c, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x160, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x170, ['unsigned long']],
+    'ClusterWritesDisabled' : [ 0x174, ['array', 2, ['long']]],
+    'NotifyStoreMemoryConditions' : [ 0x17c, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x18c, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x190, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x194, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x198, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x1a8, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x1b0, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x1c0, ['long']],
+    'WorkingSetSwapLock' : [ 0x1c4, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x1c8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SubsectionMappedDirect' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x10, ['pointer', ['void']]],
+    'WhichOrderedElement' : [ 0x14, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x18, ['unsigned long']],
+    'DepthOfTree' : [ 0x1c, ['unsigned long']],
+    'RestartKey' : [ 0x20, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x24, ['unsigned long']],
+    'CompareRoutine' : [ 0x28, ['pointer', ['void']]],
+    'AllocateRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'FreeRoutine' : [ 0x30, ['pointer', ['void']]],
+    'TableContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x4, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x8, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+    'ContentionCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x1c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x1e, ['unsigned short']],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'Width8Bits', 1: 'Width16Bits', 2: 'Width32Bits', 3: 'Width64Bits', 4: 'WidthNoWrap', 5: 'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'Compatible', 1: 'TypeA', 2: 'TypeB', 3: 'TypeC', 4: 'TypeF', 5: 'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['unsigned char']],
+    'DripsRequiredState' : [ 0x8, ['unsigned long']],
+    'Level' : [ 0xc, ['long']],
+    'ActiveStamp' : [ 0x10, ['long long']],
+    'CsActiveTime' : [ 0x18, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x20, ['long long']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x38, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x30, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x78, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x70, ['pointer', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '__unnamed_2800' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x58, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_2800']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'EvictionThread' : [ 0x1c, ['pointer', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x20, ['_KEVENT']],
+    'EvictFlushCompleteEvent' : [ 0x30, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x40, ['_SLIST_HEADER']],
+    'EvictFlushLock' : [ 0x48, ['long']],
+    'ModifiedWriteFailedBitmap' : [ 0x4c, ['pointer', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x50, ['pointer', ['_EPROCESS']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0xc0, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x14, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x30, ['pointer', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x34, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x3c, ['long']],
+    'ActiveEvent' : [ 0x40, ['_KEVENT']],
+    'IdleLock' : [ 0x50, ['unsigned long']],
+    'IdleConditionComplete' : [ 0x54, ['long']],
+    'IdleStateComplete' : [ 0x58, ['long']],
+    'IdleStamp' : [ 0x60, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x68, ['unsigned long']],
+    'IdleStateCount' : [ 0x6c, ['unsigned long']],
+    'IdleStates' : [ 0x70, ['pointer', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0x74, ['unsigned long']],
+    'ProviderCount' : [ 0x78, ['unsigned long']],
+    'Providers' : [ 0x7c, ['pointer', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0x80, ['unsigned long']],
+    'DependentCount' : [ 0x84, ['unsigned long']],
+    'Dependents' : [ 0x88, ['pointer', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0x90, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0xb8, ['pointer', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 8, ['_M128A']]],
+    'Reserved4' : [ 0x120, ['array', 224, ['unsigned char']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x38, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x4, ['_LIST_ENTRY']],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x10, ['unsigned long']],
+    'ActualExpansion' : [ 0x14, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'InProgress' : [ 0x28, ['long']],
+    'u' : [ 0x2c, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+    'ActiveEntry' : [ 0x30, ['pointer', ['pointer', ['void']]]],
+    'AttemptForCantExtend' : [ 0x34, ['unsigned char']],
+    'PageFileContract' : [ 0x35, ['unsigned char']],
+} ],
+  '_LAZY_WRITER' : [ 0x50, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x20, ['_KTIMER']],
+    'ScanActive' : [ 0x48, ['unsigned char']],
+    'OtherWork' : [ 0x49, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x4a, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x4b, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x4c, ['unsigned char']],
+    'PendingPowerScan' : [ 0x4d, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x4e, ['unsigned char']],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Reserved2' : [ 0x14, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer', ['void']]],
+    'Reserved3' : [ 0x1c, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_PIN_LOG' : [ 0x308, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x18, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x8, {
+    'Stream' : [ 0x0, ['pointer', ['void']]],
+    'Detail' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_282e' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_282e']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_MI_POOL_STATE' : [ 0x4e8, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolSListMaximum' : [ 0x4, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x10, ['unsigned long']],
+    'BadPoolHead' : [ 0x14, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x18, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x1c, ['unsigned char']],
+    'PoolFailures' : [ 0x20, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x44, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x70, ['unsigned long']],
+    'HighPagedPoolThreshold' : [ 0x74, ['unsigned long']],
+    'SpecialPoolPdesMax' : [ 0x78, ['long']],
+    'NonPagedPoolNodes' : [ 0x7c, ['array', 1024, ['unsigned char']]],
+    'PagedProtoPoolInfo' : [ 0x47c, ['_MM_PAGED_POOL_INFO']],
+    'PagedPoolSListMaximum' : [ 0x498, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x49c, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0x4ac, ['unsigned long']],
+    'SpecialPoolRejected' : [ 0x4b0, ['array', 9, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0x4d4, ['unsigned long']],
+    'SpecialPoolPdes' : [ 0x4d8, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0x4dc, ['unsigned long']],
+    'TotalPagedPoolQuota' : [ 0x4e0, ['unsigned long']],
+    'TotalNonPagedPoolQuota' : [ 0x4e4, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x30, {
+    'TransferAddress' : [ 0x0, ['pointer', ['void']]],
+    'ZeroBits' : [ 0x4, ['unsigned long']],
+    'MaximumStackSize' : [ 0x8, ['unsigned long']],
+    'CommittedStackSize' : [ 0xc, ['unsigned long']],
+    'SubSystemType' : [ 0x10, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x14, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x16, ['unsigned short']],
+    'SubSystemVersion' : [ 0x14, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x18, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x1a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x18, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x1c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x1e, ['unsigned short']],
+    'Machine' : [ 0x20, ['unsigned short']],
+    'ImageContainsCode' : [ 0x22, ['unsigned char']],
+    'ImageFlags' : [ 0x23, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x23, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x23, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x23, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x23, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x23, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x23, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x23, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x24, ['unsigned long']],
+    'ImageFileSize' : [ 0x28, ['unsigned long']],
+    'CheckSum' : [ 0x2c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x1c, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'ConnectLock' : [ 0x4, ['_KEVENT']],
+    'LineMasked' : [ 0x14, ['unsigned char']],
+    'InterruptList' : [ 0x18, ['pointer', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0xc, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x4, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_CM_WORKITEM' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x8, ['unsigned long']],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Parameter' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x4, ['pointer', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0xc8, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NodeGraph' : [ 0x4, ['pointer', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x8, ['pointer', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaLastRangeIndex' : [ 0xc, ['unsigned long']],
+    'NumaMemoryRanges' : [ 0x10, ['pointer', ['_HAL_NODE_RANGE']]],
+    'NumaTableCaptured' : [ 0x14, ['unsigned char']],
+    'NodeShift' : [ 0x15, ['unsigned char']],
+    'ChannelMemoryRanges' : [ 0x18, ['pointer', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'ChannelShift' : [ 0x1c, ['unsigned char']],
+    'SecondLevelCacheSize' : [ 0x20, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x24, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x28, ['unsigned long']],
+    'AllMainMemoryMustBeCached' : [ 0x2c, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x30, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x34, ['unsigned long']],
+    'SecondaryColors' : [ 0x38, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x3c, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x40, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x44, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x48, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x4c, ['unsigned long']],
+    'OptimalZeroingAttribute' : [ 0x50, ['array', 4, ['array', -16, ['Enumeration', dict(target = 'long', choices = {0: 'MiNonCached', 1: 'MiCached', 2: 'MiWriteCombined', 3: 'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0x90, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x98, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'HighestPossiblePhysicalPage' : [ 0xb8, ['unsigned long']],
+    'EnclaveRegions' : [ 0xbc, ['_RTL_AVL_TREE']],
+    'VsmKernelPageCount' : [ 0xc0, ['unsigned long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x18, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0xc, ['unsigned char']],
+    'BlocksDrips' : [ 0xd, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x10, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x14, ['pointer', ['_PPM_VETO_ENTRY']]],
+} ],
+  '__unnamed_2859' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2859']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x8c, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x80, ['unsigned long']],
+    'NumberOfEntries' : [ 0x84, ['unsigned long']],
+    'NumberOfEntriesPeak' : [ 0x88, ['unsigned long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xa8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'ProbeRaises' : [ 0x28, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x68, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x70, ['array', 2, ['unsigned long']]],
+    'WsLinear' : [ 0x78, ['unsigned long']],
+    'PageHashErrors' : [ 0x7c, ['unsigned long']],
+    'CheckZeroCount' : [ 0x80, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x84, ['long']],
+    'BadPagesDetected' : [ 0x88, ['long']],
+    'ScrubPasses' : [ 0x8c, ['long']],
+    'ScrubBadPagesFound' : [ 0x90, ['long']],
+    'UserViewFailures' : [ 0x94, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0x98, ['unsigned long']],
+    'ResavailFailures' : [ 0x9c, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xa4, ['unsigned char']],
+    'InitFailure' : [ 0xa5, ['unsigned char']],
+    'StopBadMaps' : [ 0xa6, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x8, ['pointer', ['_KPRCB']]],
+    'Members' : [ 0xc, ['_KAFFINITY_EX']],
+    'ProcessorCount' : [ 0x18, ['unsigned long']],
+    'EfficiencyClass' : [ 0x1c, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0x1d, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0x1e, ['unsigned char']],
+    'Spare' : [ 0x1f, ['unsigned char']],
+    'Processors' : [ 0x20, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0x24, ['pointer', ['void']]],
+    'TimeWindowHandler' : [ 0x28, ['pointer', ['void']]],
+    'BoostPolicyHandler' : [ 0x2c, ['pointer', ['void']]],
+    'BoostModeHandler' : [ 0x30, ['pointer', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0x34, ['pointer', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x38, ['pointer', ['void']]],
+    'AutonomousModeHandler' : [ 0x3c, ['pointer', ['void']]],
+    'ReinitializeHandler' : [ 0x40, ['pointer', ['void']]],
+    'PerfSelectionHandler' : [ 0x44, ['pointer', ['void']]],
+    'PerfControlHandler' : [ 0x48, ['pointer', ['void']]],
+    'MaxFrequency' : [ 0x4c, ['unsigned long']],
+    'NominalFrequency' : [ 0x50, ['unsigned long']],
+    'MaxPercent' : [ 0x54, ['unsigned long']],
+    'MinPerfPercent' : [ 0x58, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x5c, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x60, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x68, ['unsigned long long']],
+    'Coordination' : [ 0x70, ['unsigned char']],
+    'HardPlatformCap' : [ 0x71, ['unsigned char']],
+    'AffinitizeControl' : [ 0x72, ['unsigned char']],
+    'EfficientThrottle' : [ 0x73, ['unsigned char']],
+    'AutonomousMode' : [ 0x74, ['unsigned char']],
+    'SelectedPercent' : [ 0x78, ['unsigned long']],
+    'SelectedFrequency' : [ 0x7c, ['unsigned long']],
+    'DesiredPercent' : [ 0x80, ['unsigned long']],
+    'MaxPolicyPercent' : [ 0x84, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x88, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0x8c, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0x90, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x94, ['unsigned long']],
+    'TolerancePercent' : [ 0x98, ['unsigned long']],
+    'SelectedState' : [ 0xa0, ['unsigned long long']],
+    'PerfChangeTime' : [ 0xa8, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0xb0, ['unsigned long']],
+    'Force' : [ 0xb4, ['unsigned char']],
+    'ProvideGuidance' : [ 0xb5, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x40, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x4, ['unsigned long']],
+    'DummyPagePfn' : [ 0x8, ['pointer', ['_MMPFN']]],
+    'DummyPage' : [ 0xc, ['unsigned long']],
+    'PageOfZeroes' : [ 0x10, ['unsigned long']],
+    'ZeroMapping' : [ 0x14, ['pointer', ['void']]],
+    'OnesMapping' : [ 0x18, ['pointer', ['void']]],
+    'ZeroCrc' : [ 0x20, ['unsigned long long']],
+    'OnesCrc' : [ 0x28, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x30, ['array', 2, ['unsigned long']]],
+    'PfnGapFrames' : [ 0x38, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x10, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0xc, ['unsigned char']],
+    'Reserved' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x8, {
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SpareUlong' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x48, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x1c, ['pointer', ['void']]],
+    'Enabled' : [ 0x20, ['unsigned char']],
+    'ActiveEngaged' : [ 0x21, ['unsigned char']],
+    'ThrottleLimit' : [ 0x22, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x23, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x24, ['pointer', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x28, ['pointer', ['_KEVENT']]],
+    'Interface' : [ 0x2c, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '__unnamed_2890' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x54, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x4, ['__unnamed_2890']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x14, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x10, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x8, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'AllocatorBackTraceIndex' : [ 0x4, ['unsigned short']],
+    'PoolTagHash' : [ 0x6, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x13c, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'OffloadedAudio' : [ 0x12d, ['unsigned char']],
+    'NonOffloadedAudio' : [ 0x12e, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12f, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_28a3' : [ 0x4, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_28a3']],
+    'EndVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x50, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x28, ['_KDPC']],
+    'WorkOrder' : [ 0x48, ['pointer', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ArbiterHandler' : [ 0x10, ['pointer', ['void']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_28b8' : [ 0x10, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x10, {
+    'Parameters' : [ 0x0, ['__unnamed_28b8']],
+} ],
+  '__unnamed_28bc' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_28c0' : [ 0x14, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_28c2' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_28c4' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_28c6' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_28c8' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_28ca' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_28cc' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_28ce' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_28d0' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_28d2' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_28d4' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_28bc']],
+    'Memory' : [ 0x0, ['__unnamed_28bc']],
+    'Interrupt' : [ 0x0, ['__unnamed_28c0']],
+    'Dma' : [ 0x0, ['__unnamed_28c2']],
+    'DmaV3' : [ 0x0, ['__unnamed_28c4']],
+    'Generic' : [ 0x0, ['__unnamed_28bc']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_28c6']],
+    'BusNumber' : [ 0x0, ['__unnamed_28c8']],
+    'ConfigData' : [ 0x0, ['__unnamed_28ca']],
+    'Memory40' : [ 0x0, ['__unnamed_28cc']],
+    'Memory48' : [ 0x0, ['__unnamed_28ce']],
+    'Memory64' : [ 0x0, ['__unnamed_28d0']],
+    'Connection' : [ 0x0, ['__unnamed_28d2']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_28d4']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x28, {
+    'DriverObject' : [ 0x0, ['pointer', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x4, ['pointer', ['void']]],
+    'Count' : [ 0x8, ['unsigned long']],
+    'ServiceKeyName' : [ 0xc, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x14, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x18, ['pointer', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x1c, ['pointer', ['void']]],
+    'DvCallbacks' : [ 0x20, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'Traits' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x8, ['pointer', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0xc, ['pointer', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x10, ['pointer', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x14, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned short']],
+    'ReplyIndex' : [ 0x1a, ['unsigned short']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x58, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x4, {
+    'ReserveDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '__unnamed_28f8' : [ 0x8, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x8, ['__unnamed_28f8']],
+    'Irp' : [ 0x10, ['pointer', ['_IRP']]],
+    'u1' : [ 0x14, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x18, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x1c, ['_KAPC']],
+    'ByteCount' : [ 0x4c, ['unsigned long']],
+    'ChargedPages' : [ 0x50, ['unsigned long']],
+    'PagingFile' : [ 0x54, ['pointer', ['_MMPAGING_FILE']]],
+    'File' : [ 0x58, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x5c, ['pointer', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x60, ['pointer', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'Partition' : [ 0x78, ['pointer', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0x7c, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x80, ['_MDL']],
+    'Page' : [ 0x9c, ['array', 1, ['unsigned long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0x50, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x10, ['unsigned char']],
+    'IrpOplocksR' : [ 0x14, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x1c, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x24, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x2c, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x34, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x3c, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x44, ['pointer', ['_GUID']]],
+    'OplockState' : [ 0x48, ['unsigned long']],
+    'FastMutex' : [ 0x4c, ['pointer', ['_FAST_MUTEX']]],
+} ],
+  '__unnamed_2901' : [ 0x8, {
+    'UserData' : [ 0x0, ['pointer', ['void']]],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_2902' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2901']],
+    'Merged' : [ 0x10, ['__unnamed_2902']],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'PublicFlags' : [ 0x19, ['unsigned char']],
+    'PrivateFlags' : [ 0x1a, ['unsigned short']],
+    'ListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2906' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2908' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_290a' : [ 0xc, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_290c' : [ 0xc, {
+    'Raw' : [ 0x0, ['__unnamed_290a']],
+    'Translated' : [ 0x0, ['__unnamed_2908']],
+} ],
+  '__unnamed_290e' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2910' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_2912' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2914' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2916' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2918' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_291a' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_291c' : [ 0xc, {
+    'Generic' : [ 0x0, ['__unnamed_2906']],
+    'Port' : [ 0x0, ['__unnamed_2906']],
+    'Interrupt' : [ 0x0, ['__unnamed_2908']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_290c']],
+    'Memory' : [ 0x0, ['__unnamed_2906']],
+    'Dma' : [ 0x0, ['__unnamed_290e']],
+    'DmaV3' : [ 0x0, ['__unnamed_2910']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_28c6']],
+    'BusNumber' : [ 0x0, ['__unnamed_2912']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_2914']],
+    'Memory40' : [ 0x0, ['__unnamed_2916']],
+    'Memory48' : [ 0x0, ['__unnamed_2918']],
+    'Memory64' : [ 0x0, ['__unnamed_291a']],
+    'Connection' : [ 0x0, ['__unnamed_28d2']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_291c']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x40, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0x880, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x48, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x50, ['pointer', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x54, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x70, ['unsigned long']],
+    'SizeOfPagedPoolInPages' : [ 0x74, ['unsigned long']],
+    'SystemPteInfo' : [ 0x78, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0xb0, ['unsigned long']],
+    'BootCommit' : [ 0xb4, ['unsigned long']],
+    'MdlPagesAllocated' : [ 0xb8, ['unsigned long']],
+    'SystemPageTableCommit' : [ 0xbc, ['unsigned long']],
+    'SpecialPagesInUse' : [ 0xc0, ['unsigned long']],
+    'WsOverheadPages' : [ 0xc4, ['unsigned long']],
+    'VadBitmapPages' : [ 0xc8, ['unsigned long']],
+    'ProcessCommit' : [ 0xcc, ['unsigned long']],
+    'SharedCommit' : [ 0xd0, ['unsigned long']],
+    'DriverCommit' : [ 0xd4, ['long']],
+    'SystemWs' : [ 0x100, ['array', 3, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x2c0, ['_MMSUPPORT_SHARED']],
+    'MapCacheFailures' : [ 0x2e4, ['unsigned long']],
+    'PagefileHashPages' : [ 0x2e8, ['unsigned long']],
+    'PteHeader' : [ 0x2ec, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x378, ['pointer', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x37c, ['array', 15, ['unsigned long']]],
+    'SystemVaType' : [ 0x3b8, ['array', 1024, ['unsigned char']]],
+    'SystemVaTypeCountFailures' : [ 0x7b8, ['array', 15, ['unsigned long']]],
+    'SystemVaTypeCountLimit' : [ 0x7f4, ['array', 15, ['unsigned long']]],
+    'SystemVaTypeCountPeak' : [ 0x830, ['array', 15, ['unsigned long']]],
+    'SystemAvailableVa' : [ 0x86c, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0x54, {
+    'Cr0' : [ 0x0, ['unsigned long']],
+    'Cr2' : [ 0x4, ['unsigned long']],
+    'Cr3' : [ 0x8, ['unsigned long']],
+    'Cr4' : [ 0xc, ['unsigned long']],
+    'KernelDr0' : [ 0x10, ['unsigned long']],
+    'KernelDr1' : [ 0x14, ['unsigned long']],
+    'KernelDr2' : [ 0x18, ['unsigned long']],
+    'KernelDr3' : [ 0x1c, ['unsigned long']],
+    'KernelDr6' : [ 0x20, ['unsigned long']],
+    'KernelDr7' : [ 0x24, ['unsigned long']],
+    'Gdtr' : [ 0x28, ['_DESCRIPTOR']],
+    'Idtr' : [ 0x30, ['_DESCRIPTOR']],
+    'Tr' : [ 0x38, ['unsigned short']],
+    'Ldtr' : [ 0x3a, ['unsigned short']],
+    'Xcr0' : [ 0x3c, ['unsigned long long']],
+    'ExceptionList' : [ 0x44, ['unsigned long']],
+    'Reserved' : [ 0x48, ['array', 3, ['unsigned long']]],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x8, ['pointer', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x14, ['pointer', ['_ETHREAD']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'AtomicLinks' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x44, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x28, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x34, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x3c, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x40, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0xc0, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'Snap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'TempSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'TaggedThreadPercent' : [ 0xb8, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0xba, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0xbb, ['unsigned char']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_MMWSL_FULL' : [ 0x120, {
+    'Instance' : [ 0x0, ['_MMWSL_INSTANCE']],
+    'Shared' : [ 0xe0, ['_MMWSL_SHARED']],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x104, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x14, ['pointer', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x18, ['pointer', ['_KSEMAPHORE']]],
+    'Order' : [ 0x1c, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0xec, ['_LIST_ENTRY']],
+    'Status' : [ 0xf4, ['long']],
+    'FailedDevice' : [ 0xf8, ['pointer', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0xfc, ['unsigned char']],
+    'Cancelled' : [ 0xfd, ['unsigned char']],
+    'IgnoreErrors' : [ 0xfe, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0xff, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x100, ['unsigned char']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x4c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['unsigned long']],
+    'SamplingPeriod' : [ 0x10, ['unsigned long']],
+    'CurrentTemperature' : [ 0x14, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x60, {
+    'FileName' : [ 0x0, ['pointer', ['wchar']]],
+    'BaseName' : [ 0x4, ['pointer', ['wchar']]],
+    'RegRootName' : [ 0x8, ['pointer', ['wchar']]],
+    'CmHive' : [ 0xc, ['pointer', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x10, ['unsigned long']],
+    'CmHiveFlags' : [ 0x14, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x18, ['unsigned long']],
+    'CmHive2' : [ 0x1c, ['pointer', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x20, ['unsigned char']],
+    'ThreadFinished' : [ 0x21, ['unsigned char']],
+    'ThreadStarted' : [ 0x22, ['unsigned char']],
+    'Allocate' : [ 0x23, ['unsigned char']],
+    'WinPERequired' : [ 0x24, ['unsigned char']],
+    'StartEvent' : [ 0x28, ['_KEVENT']],
+    'FinishedEvent' : [ 0x38, ['_KEVENT']],
+    'MountLock' : [ 0x48, ['_KEVENT']],
+    'FilePath' : [ 0x58, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0xd0, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x4, ['pointer', ['pointer', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x8, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'HitCount' : [ 0x10, ['unsigned long long']],
+    'LastActivationTime' : [ 0x18, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x20, ['unsigned long long']],
+    'CsActivationTime' : [ 0x28, ['unsigned long long']],
+    'CsActiveTime' : [ 0x30, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x28, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x14, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'HashTable' : [ 0xc, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x1c, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ListHead' : [ 0x14, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2978' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0xbc, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['array', 2, ['unsigned long']]]],
+    'LargePages' : [ 0x10, ['array', 2, ['array', 2, ['array', 2, ['array', 1, ['_LIST_ENTRY']]]]]],
+    'LargePagesCount' : [ 0x50, ['array', 2, ['array', 2, ['array', 2, ['array', 1, ['unsigned long']]]]]],
+    'LargePageRebuildTimer' : [ 0x70, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'FreeCount' : [ 0x8c, ['array', 2, ['unsigned long']]],
+    'TotalPages' : [ 0x94, ['array', 1, ['unsigned long']]],
+    'TotalPagesEntireNode' : [ 0x98, ['unsigned long']],
+    'MmShiftedColor' : [ 0x9c, ['unsigned long']],
+    'Color' : [ 0xa0, ['unsigned long']],
+    'ChannelFreeCount' : [ 0xa4, ['array', 1, ['array', 2, ['unsigned long']]]],
+    'Flags' : [ 0xac, ['__unnamed_2978']],
+    'NodeLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'ChannelStatus' : [ 0xb4, ['unsigned char']],
+    'ChannelOrdering' : [ 0xb5, ['array', 1, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0xb6, ['array', 1, ['unsigned char']]],
+    'PowerAttribute' : [ 0xb7, ['array', 1, ['unsigned char']]],
+    'LargePageLock' : [ 0xb8, ['unsigned long']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['long']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DeviceNode' : [ 0x1c, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x10, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x4, ['pointer', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x40, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0xc, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x1c, ['unsigned long']],
+    'AccessBufferList' : [ 0x20, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x28, ['long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x30, ['long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x8, ['pointer', ['void']]],
+    'CallersCaller' : [ 0xc, ['pointer', ['void']]],
+    'CallCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0xc, {
+    'Previous' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x4, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x10, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0xb0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x8, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x20, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x38, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedPoolLowestPage' : [ 0x68, ['unsigned long']],
+    'NonPagedPoolHighestPage' : [ 0x6c, ['unsigned long']],
+    'AllocatedNonPagedPool' : [ 0x70, ['unsigned long']],
+    'PartialLargePoolRegions' : [ 0x74, ['unsigned long']],
+    'PagesInPartialLargePoolRegions' : [ 0x78, ['unsigned long']],
+    'CachedNonPagedPoolCount' : [ 0x7c, ['unsigned long']],
+    'NonPagedPoolSpinLock' : [ 0x80, ['unsigned long']],
+    'CachedNonPagedPool' : [ 0x84, ['pointer', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x88, ['pointer', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x8c, ['pointer', ['void']]],
+    'NonPagedBitMap' : [ 0x90, ['array', 3, ['_RTL_BITMAP']]],
+    'NonPagedHint' : [ 0xa8, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0xd8, {
+    'Partition' : [ 0x0, ['pointer', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x4, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0xc, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x20, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x24, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x2c, ['unsigned long']],
+    'CombinePageListHeads' : [ 0x30, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0xb0, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long']],
+    'BadPagesDetected' : [ 0x4, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x8, ['long']],
+    'ScrubPasses' : [ 0xc, ['long']],
+    'ScrubBadPagesFound' : [ 0x10, ['long']],
+    'PageHashErrors' : [ 0x14, ['unsigned long']],
+    'FeatureBits' : [ 0x18, ['unsigned long long']],
+    'TimeZoneId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x28, ['pointer', ['void']]],
+    'ExceptionChainTerminator' : [ 0x2c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'ExceptionChainTerminatorRecord' : [ 0x30, ['_EXCEPTION_REGISTRATION_RECORD']],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x10, {
+    'SharedExportThunks' : [ 0x0, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x4, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x8, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0xc, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_MI_ACTIVE_WSLE_LISTHEAD' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x1c, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x10, ['unsigned char']],
+    'RebuildActive' : [ 0x11, ['unsigned char']],
+    'NextPassDelta' : [ 0x12, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x13, ['unsigned char']],
+    'SequenceNumber' : [ 0x14, ['unsigned long']],
+    'WaitList' : [ 0x18, ['pointer', ['_MI_LARGE_PAGE_REBUILD_WAIT_BLOCK']]],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x40, {
+    'IoPfnLock' : [ 0x0, ['unsigned long']],
+    'IoPfnRoot' : [ 0x4, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x10, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x18, ['unsigned long']],
+    'IoCacheStats' : [ 0x1c, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x3c, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x2c, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x28, ['long']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_29b8' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x18, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer', ['void']]],
+    'SessionId' : [ 0xc, ['unsigned long']],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+    'u2' : [ 0x14, ['__unnamed_29b8']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x30, {
+    'PagesLoad' : [ 0x0, ['long']],
+    'PagesAverage' : [ 0x4, ['unsigned long']],
+    'AverageAvailablePages' : [ 0x8, ['unsigned long']],
+    'PagesWritten' : [ 0xc, ['unsigned long']],
+    'WritesIssued' : [ 0x10, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x14, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x18, ['unsigned long']],
+    'WriteBurstCount' : [ 0x1c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x20, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x28, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x2e, ['unsigned short']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1e8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xd8, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe0, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xe8, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf0, ['unsigned long long']],
+    'HvlTscOffset' : [ 0xf8, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x100, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x108, ['unsigned long long']],
+    'IoBoundedness' : [ 0x110, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x118, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x120, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x128, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x130, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x138, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x140, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x148, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x150, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x158, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x160, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x168, ['unsigned long long']],
+    'AnimationStart' : [ 0x170, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x178, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x180, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x188, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x190, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1a0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1a8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1c0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1c8, ['unsigned long']],
+    'FileRuns' : [ 0x1cc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1d0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1d4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1d8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1e0, ['unsigned long long']],
+} ],
+  '_KTRANSACTION' : [ 0x1e0, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'Mutex' : [ 0x14, ['_KMUTANT']],
+    'TreeTx' : [ 0x34, ['pointer', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x38, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x4c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0x60, ['_GUID']],
+    'State' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0x74, ['unsigned long']],
+    'EnlistmentHead' : [ 0x78, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x80, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0x84, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0x88, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0x8c, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0x90, ['unsigned long']],
+    'PendingResponses' : [ 0x94, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0x98, ['pointer', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xa0, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0xb0, ['pointer', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0xb4, ['pointer', ['void']]],
+    'IsolationLevel' : [ 0xb8, ['unsigned long']],
+    'IsolationFlags' : [ 0xbc, ['unsigned long']],
+    'Timeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'Description' : [ 0xc8, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0xd0, ['pointer', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0xd4, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0xe4, ['_KDPC']],
+    'RollbackTimer' : [ 0x108, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x130, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x138, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x13c, ['pointer', ['_KTM']]],
+    'CommitReservation' : [ 0x140, ['long long']],
+    'TransactionHistory' : [ 0x148, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x198, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x19c, ['pointer', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x1a0, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x1a4, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x1c4, ['pointer', ['void']]],
+    'PendingPromotionCount' : [ 0x1c8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x1cc, ['_KEVENT']],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x40, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0x60, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x38, ['_KMUTANT']],
+    'LinksOffset' : [ 0x58, ['unsigned short']],
+    'GuidOffset' : [ 0x5a, ['unsigned short']],
+    'Expired' : [ 0x5c, ['unsigned char']],
+} ],
+  '__unnamed_29de' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_29e0' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29e3' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_29e7' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'ApicDestinationModePhysical', 2: 'ApicDestinationModeLogicalFlat', 3: 'ApicDestinationModeLogicalClustered', 4: 'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x50, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptTypeControllerInput', 1: 'InterruptTypeXapicMessage', 2: 'InterruptTypeHypertransport', 3: 'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'TargetProcessors' : [ 0x14, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x20, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x30, ['__unnamed_29de']],
+    'HvDeviceId' : [ 0x38, ['unsigned long long']],
+    'XapicMessage' : [ 0x40, ['__unnamed_29e0']],
+    'Hypertransport' : [ 0x40, ['__unnamed_29e3']],
+    'GenericMessage' : [ 0x40, ['__unnamed_29e0']],
+    'MessageRequest' : [ 0x40, ['__unnamed_29e7']],
+} ],
+  '_CM_NAME_HASH' : [ 0xc, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'Name' : [ 0xa, ['array', 1, ['wchar']]],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x2c, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x8, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0xc, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x10, ['unsigned long']],
+    'LowestLink' : [ 0x14, ['unsigned long']],
+    'Dependencies' : [ 0x18, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x1c, ['_LDRP_CSLIST']],
+    'State' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'LdrModulesPlaceHolder', 1: 'LdrModulesMapping', 2: 'LdrModulesMapped', 3: 'LdrModulesWaitingForDependencies', 4: 'LdrModulesSnapping', 5: 'LdrModulesSnapped', 6: 'LdrModulesCondensed', 7: 'LdrModulesReadyToInit', 8: 'LdrModulesInitializing', 9: 'LdrModulesReadyToRun', '\xfb': 'LdrModulesMerged', '\xfd': 'LdrModulesSnapError', '\xfc': 'LdrModulesInitError', -1: 'LdrModulesUnloading', '\xfe': 'LdrModulesUnloaded'})]],
+    'CondenseLink' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x28, ['unsigned long']],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x100, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0xc0, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0xc8, ['pointer', ['void']]],
+    'PointersLength' : [ 0xcc, ['unsigned long']],
+    'ModulePrefix' : [ 0xd0, ['pointer', ['wchar']]],
+    'DriverList' : [ 0xd4, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0xdc, ['_STRING']],
+    'ProgMsg' : [ 0xe4, ['_STRING']],
+    'DoneMsg' : [ 0xec, ['_STRING']],
+    'FileObject' : [ 0xf4, ['pointer', ['void']]],
+    'UsageType' : [ 0xf8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x8, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'Node' : [ 0x4, ['unsigned long']],
+} ],
+  '_KQUEUE' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x18, ['unsigned long']],
+    'MaximumCount' : [ 0x1c, ['unsigned long']],
+    'ThreadListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x20, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0xc, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x20, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_DESCRIPTOR' : [ 0x8, {
+    'Pad' : [ 0x0, ['unsigned short']],
+    'Limit' : [ 0x2, ['unsigned short']],
+    'Base' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a08' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2a0a' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2a0c' : [ 0x8, {
+    'NotificationStructure' : [ 0x0, ['pointer', ['void']]],
+    'DeviceId' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2a0e' : [ 0x4, {
+    'Notification' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_2a10' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a12' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2a14' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2a16' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2a18' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_2a1a' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_2a08']],
+    'TargetDevice' : [ 0x0, ['__unnamed_2a0a']],
+    'InstallDevice' : [ 0x0, ['__unnamed_2a0a']],
+    'CustomNotification' : [ 0x0, ['__unnamed_2a0c']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_2a0e']],
+    'PowerNotification' : [ 0x0, ['__unnamed_2a10']],
+    'VetoNotification' : [ 0x0, ['__unnamed_2a12']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_2a14']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_2a16']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_2a18']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_2a0a']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_2a0a']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x44, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'DeviceInstanceStartedEvent', 12: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalSize' : [ 0x1c, ['unsigned long']],
+    'DeviceObject' : [ 0x20, ['pointer', ['void']]],
+    'u' : [ 0x24, ['__unnamed_2a1a']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x8, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x4, ['pointer', ['_HHIVE']]],
+} ],
+  '_HVIEW_MAP_DIRECTORY' : [ 0x200, {
+    'Tables' : [ 0x0, ['array', 128, ['pointer', ['_HVIEW_MAP_TABLE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x18, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x8, ['long']],
+    'Misses' : [ 0xc, ['unsigned long']],
+    'MissesLast' : [ 0x10, ['unsigned long']],
+    'AllStacksInUse' : [ 0x14, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x4, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['pointer', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0xc, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'MpnId' : [ 0x4, ['unsigned short']],
+    'Node' : [ 0x6, ['unsigned short']],
+    'Channel' : [ 0x8, ['unsigned short']],
+    'IsPowerManageable' : [ 0xa, ['unsigned char']],
+    'DeepPowerState' : [ 0xb, ['unsigned char']],
+} ],
+  '_MI_LARGE_PAGE_REBUILD_WAIT_BLOCK' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_MI_LARGE_PAGE_REBUILD_WAIT_BLOCK']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Link' : [ 0x14, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x1c, ['pointer', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x50, {
+    'Prcb' : [ 0x0, ['pointer', ['_KPRCB']]],
+    'PerfContext' : [ 0x4, ['unsigned long']],
+    'ProcCap' : [ 0x8, ['unsigned long']],
+    'ProcFloor' : [ 0xc, ['unsigned long']],
+    'PlatformCap' : [ 0x10, ['unsigned long']],
+    'ThermalCap' : [ 0x14, ['unsigned long']],
+    'LimitReasons' : [ 0x18, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x20, ['unsigned long long']],
+    'TargetPercent' : [ 0x28, ['unsigned long']],
+    'SelectedPercent' : [ 0x2c, ['unsigned long']],
+    'SelectedFrequency' : [ 0x30, ['unsigned long']],
+    'PreviousFrequency' : [ 0x34, ['unsigned long']],
+    'PreviousPercent' : [ 0x38, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x3c, ['unsigned long']],
+    'SelectedState' : [ 0x40, ['unsigned long long']],
+    'Force' : [ 0x48, ['unsigned char']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e0, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x18, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x288, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x2a4, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer', ['void']]],
+    'ConsoleFlags' : [ 0x14, ['unsigned long']],
+    'StandardInput' : [ 0x18, ['pointer', ['void']]],
+    'StandardOutput' : [ 0x1c, ['pointer', ['void']]],
+    'StandardError' : [ 0x20, ['pointer', ['void']]],
+    'CurrentDirectory' : [ 0x24, ['_CURDIR']],
+    'DllPath' : [ 0x30, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x38, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x40, ['_UNICODE_STRING']],
+    'Environment' : [ 0x48, ['pointer', ['void']]],
+    'StartingX' : [ 0x4c, ['unsigned long']],
+    'StartingY' : [ 0x50, ['unsigned long']],
+    'CountX' : [ 0x54, ['unsigned long']],
+    'CountY' : [ 0x58, ['unsigned long']],
+    'CountCharsX' : [ 0x5c, ['unsigned long']],
+    'CountCharsY' : [ 0x60, ['unsigned long']],
+    'FillAttribute' : [ 0x64, ['unsigned long']],
+    'WindowFlags' : [ 0x68, ['unsigned long']],
+    'ShowWindowFlags' : [ 0x6c, ['unsigned long']],
+    'WindowTitle' : [ 0x70, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0x78, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0x80, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0x88, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0x90, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x290, ['unsigned long']],
+    'EnvironmentVersion' : [ 0x294, ['unsigned long']],
+    'PackageDependencyData' : [ 0x298, ['pointer', ['void']]],
+    'ProcessGroupId' : [ 0x29c, ['unsigned long']],
+    'LoaderThreads' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x20, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long']],
+    'ActiveCacheMatch' : [ 0x4, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0x8, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x14, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_2a60' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a62' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2a64' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2a60']],
+    'Gpt' : [ 0x0, ['__unnamed_2a62']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0xc0, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer', ['void']]],
+    'CommonBuffer' : [ 0xc, ['array', 2, ['pointer', ['void']]]],
+    'PhysicalAddress' : [ 0x18, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x28, ['pointer', ['void']]],
+    'OpenRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'WriteRoutine' : [ 0x30, ['pointer', ['void']]],
+    'FinishRoutine' : [ 0x34, ['pointer', ['void']]],
+    'AdapterObject' : [ 0x38, ['pointer', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x3c, ['pointer', ['void']]],
+    'PortConfiguration' : [ 0x40, ['pointer', ['void']]],
+    'CrashDump' : [ 0x44, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x45, ['unsigned char']],
+    'HiberResume' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x47, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x48, ['unsigned long']],
+    'CommonBufferSize' : [ 0x4c, ['unsigned long']],
+    'TargetAddress' : [ 0x50, ['pointer', ['void']]],
+    'WritePendingRoutine' : [ 0x54, ['pointer', ['void']]],
+    'PartitionStyle' : [ 0x58, ['unsigned long']],
+    'DiskInfo' : [ 0x5c, ['__unnamed_2a64']],
+    'ReadRoutine' : [ 0x6c, ['pointer', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0x70, ['pointer', ['void']]],
+    'LogSectionTruncateSize' : [ 0x74, ['unsigned long']],
+    'Parameters' : [ 0x78, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xb8, ['pointer', ['void']]],
+    'DumpNotifyRoutine' : [ 0xbc, ['pointer', ['void']]],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ActiveCooling' : [ 0x14, ['pointer', ['void']]],
+    'PassiveCooling' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x8, {
+    'Start' : [ 0x0, ['pointer', ['unsigned char']]],
+    'End' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0x60, {
+    'Component' : [ 0x0, ['pointer', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x4, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x14, ['pointer', ['void']]],
+    'Flags' : [ 0x18, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x1c, ['pointer', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x20, ['unsigned long']],
+    'LastChangeStamp' : [ 0x28, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x30, ['unsigned char']],
+    'PepRegistered' : [ 0x31, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x32, ['unsigned char']],
+    'RequestDriverContext' : [ 0x34, ['pointer', ['void']]],
+    'WorkOrder' : [ 0x38, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x54, ['unsigned long']],
+    'Sets' : [ 0x58, ['pointer', ['_POP_FX_PERF_SET']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x4, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x10, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_2a8e' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a90' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a92' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a94' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2a8e']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_2a90']],
+    'Raw' : [ 0x0, ['__unnamed_2a92']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x28, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'Operation' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'DirtyVectorModified', 1: 'DirtyDataCaptureStart', 2: 'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0x8, ['__unnamed_2a94']],
+    'Stack' : [ 0x10, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x4, ['long']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x10, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0xc, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0xc, ['_RTL_BITMAP']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2aa2' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2aa4' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2aa2']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2aa7' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2aa9' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2aa7']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2aa4']],
+    'HighPart' : [ 0x4, ['__unnamed_2aa9']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x70, {
+    'UncompressedData' : [ 0x0, ['pointer', ['unsigned char']]],
+    'MappingVa' : [ 0x4, ['pointer', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x8, ['pointer', ['void']]],
+    'CompressedDataBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'CompressTicks' : [ 0x18, ['unsigned long long']],
+    'BytesCopied' : [ 0x20, ['unsigned long long']],
+    'PagesProcessed' : [ 0x28, ['unsigned long long']],
+    'DecompressTicks' : [ 0x30, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x38, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x40, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x68, ['unsigned long']],
+    'HuffCompressCount' : [ 0x6c, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x30, {
+    'ViewOffset' : [ 0x0, ['unsigned long']],
+    'Pinned' : [ 0x4, ['unsigned char']],
+    'PinMask' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer', ['_KTHREAD']]],
+    'Stack' : [ 0x14, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x14, {
+    'NextEntry' : [ 0x0, ['pointer', ['void']]],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x10, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'CallingAddress' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long']],
+    'Tag' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x8, {
+    'NextExtension' : [ 0x0, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HVIEW_MAP_TABLE' : [ 0x600, {
+    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
+} ],
+  '_LDRP_CSLIST' : [ 0x4, {
+    'Tail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0xc, {
+    'NextPage' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'VerifierEntry' : [ 0x4, ['pointer', ['void']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SlatKernelCodeProtected' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x28, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x10, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x18, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'EtwNotificationTypeNoReply', 2: 'EtwNotificationTypeLegacyEnable', 3: 'EtwNotificationTypeEnable', 4: 'EtwNotificationTypePrivateLogger', 5: 'EtwNotificationTypePerflib', 6: 'EtwNotificationTypeAudio', 7: 'EtwNotificationTypeSession', 8: 'EtwNotificationTypeReserved', 9: 'EtwNotificationTypeCredentialUI', 10: 'EtwNotificationTypeInProcSession', 11: 'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x38, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0xc, ['pointer', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x10, ['pointer', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x14, ['pointer', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x18, ['pointer', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x1c, ['pointer', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x20, ['pointer', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x24, ['pointer', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x28, ['pointer', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x2c, ['pointer', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x30, ['pointer', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x18, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x14, ['pointer', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x4, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_ENTRY' : [ 0x18, {
+    'ViewStart' : [ 0x0, ['pointer', ['void']]],
+    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Bcb' : [ 0x4, ['pointer', ['void']]],
+    'PinnedPages' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x24, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x10, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_2b01' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x4, ['pointer', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_2b03' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x28, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x8, ['unsigned long long']],
+    'Unit' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateUnitOther', 1: 'PoFxPerfStateUnitFrequency', 2: 'PoFxPerfStateUnitBandwidth', 3: 'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateTypeDiscrete', 1: 'PoFxPerfStateTypeRange', 2: 'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x18, ['__unnamed_2b01']],
+    'Range' : [ 0x18, ['__unnamed_2b03']],
+} ],
+  '_CURDIR' : [ 0xc, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '__unnamed_2b09' : [ 0x8, {
+    'MessageAddressLow' : [ 0x0, ['unsigned long']],
+    'MessageData' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+} ],
+  '__unnamed_2b0b' : [ 0x8, {
+    'RemappedFormat' : [ 0x0, ['_ULARGE_INTEGER']],
+    'Msi' : [ 0x0, ['__unnamed_2b09']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_2b0b']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '__unnamed_2b11' : [ 0x8, {
+    'EndingOffset' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x4, ['pointer', ['pointer', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2b13' : [ 0x4, {
+    'ResourceToRelease' : [ 0x0, ['pointer', ['_ERESOURCE']]],
+} ],
+  '__unnamed_2b19' : [ 0xc, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_2b1d' : [ 0x8, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x4, ['unsigned char']],
+} ],
+  '__unnamed_2b1f' : [ 0x14, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+    'Argument5' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x14, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2b11']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2b13']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2b19']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_2b1d']],
+    'Others' : [ 0x0, ['__unnamed_2b1f']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+}

From 52adfcbee678f3f94c742851aff3b0b1556b25c4 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Sat, 10 Sep 2016 23:59:33 -0400
Subject: [PATCH 027/304] win10.py: new kdbgsize for build 14393

---
 volatility/plugins/overlays/windows/win10.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index cb8f9b748..7c6ea2020 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -86,6 +86,17 @@ def modification(self, profile):
             'DTBSignature' : [ None, ['VolatilityMagic', dict(value = "\x03\x00\x2A\x00")]],
             }]})
 
+class Win10KDBG(windows.AbstractKDBGMod):
+    """The Windows 10 KDBG signatures"""
+
+    before = ['Win8KDBG']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x >= 14393}
+
+    kdbgsize = 0x368
+
 class ObHeaderCookieStore(object):
     """A class for finding and storing the nt!ObHeaderCookie value"""
 

From 5093fa26a782bd692e08efd729d0252d72a83ec7 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Sun, 11 Sep 2016 00:33:19 -0400
Subject: [PATCH 028/304] win10.py: fix _OBJECT_HEADER for win10 build 14393

---
 volatility/plugins/overlays/windows/win10.py | 67 +++++++++++++++++++-
 1 file changed, 66 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 7c6ea2020..bc2259479 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -385,6 +385,69 @@ class _OBJECT_HEADER_10_1AC738FB(_OBJECT_HEADER_10):
         53: 'DxgkSharedSwapChainObject',
         }
 
+class _OBJECT_HEADER_10_DD08DD42(_OBJECT_HEADER_10):
+
+    type_map = {
+        2: 'Type',
+        3: 'Directory',
+        4: 'SymbolicLink',
+        5: 'Token',
+        6: 'Job',
+        7: 'Process',
+        8: 'Thread',
+        9: 'UserApcReserve',
+        10: 'IoCompletionReserve',
+        11: 'PsSiloContextPaged',
+        12: 'PsSiloContextNonPaged',
+        13: 'DebugObject',
+        14: 'Event',
+        15: 'Mutant',
+        16: 'Callback',
+        17: 'Semaphore',
+        18: 'Timer',
+        19: 'IRTimer',
+        20: 'Profile',
+        21: 'KeyedEvent',
+        22: 'WindowStation',
+        23: 'Desktop',
+        24: 'Composition',
+        25: 'RawInputManager',
+        26: 'CoreMessaging',
+        27: 'TpWorkerFactory',
+        28: 'Adapter',
+        29: 'Controller',
+        30: 'Device',
+        31: 'Driver',
+        32: 'IoCompletion',
+        33: 'WaitCompletionPacket',
+        34: 'File',
+        35: 'TmTm',
+        36: 'TmTx',
+        37: 'TmRm',
+        38: 'TmEn',
+        39: 'Section',
+        40: 'Session',
+        41: 'Partition',
+        42: 'Key',
+        43: 'RegistryTransaction',
+        44: 'ALPC',
+        45: 'PowerRequest',
+        46: 'WmiGuid',
+        47: 'EtwRegistration',
+        48: 'EtwConsumer',
+        49: 'DmaAdapter',
+        50: 'DmaDomain',
+        51: 'PcwObject',
+        52: 'FilterConnectionPort',
+        53: 'FilterCommunicationPort',
+        54: 'NdisCmState',
+        55: 'DxgkSharedResource',
+        56: 'DxgkSharedSyncObject',
+        57: 'DxgkSharedSwapChainObject',
+        58: 'VRegConfigurationContext',
+        59: 'VirtualKey',
+        }
+
 class Win10ObjectHeader(obj.ProfileModification):
     before = ["Win8ObjectClasses"]
     conditions = {'os': lambda x: x == 'windows',
@@ -396,7 +459,9 @@ def modification(self, profile):
         metadata = profile.metadata
         build = metadata.get("build", 0)
 
-        if build >= 10240:
+        if build >= 14393:
+            header = _OBJECT_HEADER_10_DD08DD42
+        elif build >= 10240:
             header = _OBJECT_HEADER_10_1AC738FB
         else:
             header = _OBJECT_HEADER_10

From 190798076bc360f9221255cbc1b343158553e830 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Sun, 11 Sep 2016 05:58:19 -0400
Subject: [PATCH 029/304] README.txt: added win10 profiles for 14393

---
 README.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.txt b/README.txt
index 51ea50816..80ea6add7 100644
--- a/README.txt
+++ b/README.txt
@@ -168,8 +168,10 @@ VistaSP2x64       - A Profile for Windows Vista SP2 x64
 VistaSP2x86       - A Profile for Windows Vista SP2 x86
 Win10x64          - A Profile for Windows 10 x64
 Win10x64_1AC738FB - A Profile for Windows 10 x64 from PDB 1AC738FB
+Win10x64_DD08DD42 - A Profile for Windows 10 x64 from PDB DD08DD42
 Win10x86          - A Profile for Windows 10 x86
 Win10x86_44B89EEA - A Profile for Windows 10 x86 from PDB 44B89EEA
+Win10x86_9619274A - A Profile for Windows 10 x86 from PDB 9619274A
 Win2003SP0x86     - A Profile for Windows 2003 SP0 x86
 Win2003SP1x64     - A Profile for Windows 2003 SP1 x64
 Win2003SP1x86     - A Profile for Windows 2003 SP1 x86

From fc0cb6387e7b9cccc0226c6353a02069c2b298b5 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Mon, 12 Sep 2016 11:47:08 -0400
Subject: [PATCH 030/304] bigpagepools.py: new magic values for win10 14393

---
 volatility/plugins/bigpagepools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index bf12ee0d9..2a31d073c 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40]],
             (6, 4, '32bit') : [[-168, -164]],
         }
 

From 20d56c9588bdf300a5670b41762d08e53f0679aa Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Mon, 12 Sep 2016 15:18:29 -0400
Subject: [PATCH 031/304] bigpagepools.py: new magic values for win10 14393.103

---
 volatility/plugins/bigpagepools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index 2a31d073c..3536db992 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24]],
             (6, 4, '32bit') : [[-168, -164]],
         }
 

From 69142099447a5248ebdb9e3ba636738d509b7055 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Thu, 15 Sep 2016 10:54:41 -0500
Subject: [PATCH 032/304] fix two (potential) issues when finding win10
 cookies. first, don't assume get_kdbg() will succeed. this /can/ return None,
 so check the return value. second, avoid calling list(kdbg.modules()) just to
 find NT, when we know NT is always first - it wastes cycles

---
 volatility/plugins/overlays/windows/win10.py | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index bc2259479..168e83537 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -139,7 +139,20 @@ def findcookie(self, kernel_space):
             return False 
 
         kdbg = tasks.get_kdbg(kernel_space)
-        nt_mod = list(kdbg.modules())[0]
+        
+        if not kdbg:
+            debug.warning("Cannot find KDBG")
+            return False
+        
+        nt_mod = None 
+        
+        for mod in kdbg.modules():
+            nt_mod = mod 
+            break 
+            
+        if nt_mod == None:
+            debug.warning("Cannot find NT module")
+            return False
 
         addr = nt_mod.getprocaddress("ObGetObjectType")
         if addr == None:

From a9136d70243af045033695f5f7fd774b3b411696 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Tue, 13 Sep 2016 14:52:45 -0400
Subject: [PATCH 033/304] win7: added profiles for the recent versions. Fixes
 psscan.

---
 volatility/plugins/overlays/windows/win7.py   |   21 +
 .../windows/win7_sp1_x64_632B36E0_vtypes.py   | 9232 +++++++++++++++++
 .../windows/win7_sp1_x86_BBA98F40_vtypes.py   | 8842 ++++++++++++++++
 3 files changed, 18095 insertions(+)
 create mode 100755 volatility/plugins/overlays/windows/win7_sp1_x64_632B36E0_vtypes.py
 create mode 100755 volatility/plugins/overlays/windows/win7_sp1_x86_BBA98F40_vtypes.py

diff --git a/volatility/plugins/overlays/windows/win7.py b/volatility/plugins/overlays/windows/win7.py
index 789cd65c8..f6828f1e9 100644
--- a/volatility/plugins/overlays/windows/win7.py
+++ b/volatility/plugins/overlays/windows/win7.py
@@ -207,6 +207,15 @@ class Win7SP1x86(obj.Profile):
     _md_build = 7601
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x86_vtypes'
 
+class Win7SP1x86_BBA98F40(obj.Profile):
+    """ A Profile for Windows 7 SP1 x86 from PDB BBA98F40"""
+    _md_memory_model = '32bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 1
+    _md_build = 7601
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x86_BBA98F40_vtypes'
+
 class Win7SP0x64(obj.Profile):
     """ A Profile for Windows 7 SP0 x64 """
     _md_memory_model = '64bit'
@@ -225,8 +234,20 @@ class Win7SP1x64(obj.Profile):
     _md_build = 7601
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x64_vtypes'
 
+class Win7SP1x64_632B36E0(obj.Profile):
+    """ A Profile for Windows 7 SP1 x64 from PDB 632B36E0"""
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 1
+    _md_build = 7601
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x64_632B36E0_vtypes'
+
 class Win2008R2SP0x64(Win7SP0x64):
     """ A Profile for Windows 2008 R2 SP0 x64 """
 
 class Win2008R2SP1x64(Win7SP1x64):
     """ A Profile for Windows 2008 R2 SP1 x64 """
+
+class Win2008R2SP1x64_632B36E0(Win7SP1x64_632B36E0):
+    """ A Profile for Windows 2008 R2 SP1 x64 from PDB 632B36E0"""
diff --git a/volatility/plugins/overlays/windows/win7_sp1_x64_632B36E0_vtypes.py b/volatility/plugins/overlays/windows/win7_sp1_x64_632B36E0_vtypes.py
new file mode 100755
index 000000000..1489d0130
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win7_sp1_x64_632B36E0_vtypes.py
@@ -0,0 +1,9232 @@
+ntkrnlmp_types = {
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_KBUGCHECK_ACTIVE_STATE' : [ 0x4, {
+    'BugCheckState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'BugCheckOwner' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['long']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_SYSTEM_IDLE' : [ 0x38, {
+    'AverageIdleness' : [ 0x0, ['long']],
+    'LowestIdleness' : [ 0x4, ['long']],
+    'Time' : [ 0x8, ['unsigned long']],
+    'Timeout' : [ 0xc, ['unsigned long']],
+    'LastUserInput' : [ 0x10, ['unsigned long']],
+    'Action' : [ 0x14, ['POWER_ACTION_POLICY']],
+    'MinState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SystemRequired' : [ 0x24, ['unsigned char']],
+    'IdleWorker' : [ 0x25, ['unsigned char']],
+    'Sampling' : [ 0x26, ['unsigned char']],
+    'LastTick' : [ 0x28, ['unsigned long long']],
+    'LastSystemRequiredTime' : [ 0x30, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x18, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x18, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x8, ['pointer64', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x10, ['long']],
+    'MissedMappingsCount' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_202c' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_202e' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2030' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2032' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_2030']],
+    'Translated' : [ 0x0, ['__unnamed_202e']],
+} ],
+  '__unnamed_2034' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2036' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2038' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_203a' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_203c' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_203e' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2040' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_202c']],
+    'Port' : [ 0x0, ['__unnamed_202c']],
+    'Interrupt' : [ 0x0, ['__unnamed_202e']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2032']],
+    'Memory' : [ 0x0, ['__unnamed_202c']],
+    'Dma' : [ 0x0, ['__unnamed_2034']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_1eff']],
+    'BusNumber' : [ 0x0, ['__unnamed_2036']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_2038']],
+    'Memory40' : [ 0x0, ['__unnamed_203a']],
+    'Memory48' : [ 0x0, ['__unnamed_203c']],
+    'Memory64' : [ 0x0, ['__unnamed_203e']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2040']],
+} ],
+  '__unnamed_2045' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_2045']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_204f' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x8, ['__unnamed_204f']],
+} ],
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x48, {
+    'Parent' : [ 0x0, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x8, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x10, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0x18, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2059' : [ 0x8, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long long')]],
+    'Parent' : [ 0x0, ['pointer64', ['_MMSUBSECTION_NODE']]],
+} ],
+  '_MMSUBSECTION_NODE' : [ 0x28, {
+    'u' : [ 0x0, ['__unnamed_1fb7']],
+    'StartingSector' : [ 0x4, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0x10, ['__unnamed_2059']],
+    'LeftChild' : [ 0x18, ['pointer64', ['_MMSUBSECTION_NODE']]],
+    'RightChild' : [ 0x20, ['pointer64', ['_MMSUBSECTION_NODE']]],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2061' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2063' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2061']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x58, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'Volume' : [ 0x40, ['_LIST_ENTRY']],
+    'Specific' : [ 0x50, ['__unnamed_2063']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x68, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'KernelApcInProgress' : [ 0x28, ['unsigned char']],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPending' : [ 0x2a, ['unsigned char']],
+} ],
+  '_IA64_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x300, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x80, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x88, ['unsigned long']],
+    'LastCallbackId' : [ 0x8c, ['unsigned long']],
+    'PostCount' : [ 0x100, ['unsigned long']],
+    'ReturnCount' : [ 0x180, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x200, ['unsigned long']],
+    'UserLock' : [ 0x280, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x288, ['unsigned long long']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_DEVICE_MAP' : [ 0x40, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+} ],
+  '_HEAP_DEBUGGING_INFORMATION' : [ 0x30, {
+    'InterceptorFunction' : [ 0x0, ['pointer64', ['void']]],
+    'InterceptorValue' : [ 0x8, ['unsigned short']],
+    'ExtendedOptions' : [ 0xc, ['unsigned long']],
+    'StackTraceDepth' : [ 0x10, ['unsigned long']],
+    'MinTotalBlockSize' : [ 0x18, ['unsigned long long']],
+    'MaxTotalBlockSize' : [ 0x20, ['unsigned long long']],
+    'HeapLeakEnumerationRoutine' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MMBANKED_SECTION' : [ 0x38, {
+    'BasePhysicalPage' : [ 0x0, ['unsigned long long']],
+    'BasedPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BankSize' : [ 0x10, ['unsigned long']],
+    'BankShift' : [ 0x14, ['unsigned long']],
+    'BankedRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'CurrentMappedPte' : [ 0x28, ['pointer64', ['_MMPTE']]],
+    'BankTemplate' : [ 0x30, ['array', 1, ['_MMPTE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['array', 7, ['unsigned long long']]],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x68, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x38, ['_WORK_QUEUE_ITEM']],
+    'FailingDriver' : [ 0x58, ['pointer64', ['_DRIVER_OBJECT']]],
+    'ReferenceCount' : [ 0x60, ['long']],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  '_SECTION_OBJECT' : [ 0x30, {
+    'StartingVa' : [ 0x0, ['pointer64', ['void']]],
+    'EndingVa' : [ 0x8, ['pointer64', ['void']]],
+    'Parent' : [ 0x10, ['pointer64', ['void']]],
+    'LeftChild' : [ 0x18, ['pointer64', ['void']]],
+    'RightChild' : [ 0x20, ['pointer64', ['void']]],
+    'Segment' : [ 0x28, ['pointer64', ['_SEGMENT_OBJECT']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['unsigned long']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_20e2' : [ 0x4, {
+    'AsULONG' : [ 0x0, ['unsigned long']],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_PERF_STATES' : [ 0xb0, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxFrequency' : [ 0x4, ['unsigned long']],
+    'PStateCap' : [ 0x8, ['unsigned long']],
+    'TStateCap' : [ 0xc, ['unsigned long']],
+    'MaxPerfState' : [ 0x10, ['unsigned long']],
+    'MinPerfState' : [ 0x14, ['unsigned long']],
+    'LowestPState' : [ 0x18, ['unsigned long']],
+    'IncreaseTime' : [ 0x1c, ['unsigned long']],
+    'DecreaseTime' : [ 0x20, ['unsigned long']],
+    'BusyAdjThreshold' : [ 0x24, ['unsigned char']],
+    'Reserved' : [ 0x25, ['unsigned char']],
+    'ThrottleStatesOnly' : [ 0x26, ['unsigned char']],
+    'PolicyType' : [ 0x27, ['unsigned char']],
+    'TimerInterval' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['__unnamed_20e2']],
+    'TargetProcessors' : [ 0x30, ['_KAFFINITY_EX']],
+    'PStateHandler' : [ 0x58, ['pointer64', ['void']]],
+    'PStateContext' : [ 0x60, ['unsigned long long']],
+    'TStateHandler' : [ 0x68, ['pointer64', ['void']]],
+    'TStateContext' : [ 0x70, ['unsigned long long']],
+    'FeedbackHandler' : [ 0x78, ['pointer64', ['void']]],
+    'GetFFHThrottleState' : [ 0x80, ['pointer64', ['void']]],
+    'State' : [ 0x88, ['array', 1, ['_PPM_PERF_STATE']]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
+} ],
+  '_WMI_TRACE_PACKET' : [ 0x4, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HookId' : [ 0x2, ['unsigned short']],
+    'Type' : [ 0x2, ['unsigned char']],
+    'Group' : [ 0x3, ['unsigned char']],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x70, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CriticalSection' : [ 0x8, ['_RTL_CRITICAL_SECTION']],
+    'RtlHandleTable' : [ 0x30, ['_RTL_HANDLE_TABLE']],
+    'NumberOfBuckets' : [ 0x60, ['unsigned long']],
+    'Buckets' : [ 0x68, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POP_POWER_ACTION' : [ 0xc0, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'ProgrammedRTCTime' : [ 0x58, ['unsigned long long']],
+    'WakeOnRTC' : [ 0x60, ['unsigned char']],
+    'WakeTimerInfo' : [ 0x68, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+    'FilteredCapabilities' : [ 0x70, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['unsigned short']]],
+    'DriverName' : [ 0x50, ['pointer64', ['unsigned short']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x228, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTransitions' : [ 0x8, ['unsigned long']],
+    'FailedTransitions' : [ 0xc, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x10, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'IdleTimeBuckets' : [ 0x28, ['array', 16, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2124' : [ 0x4, {
+    'Level' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2126' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_2124']],
+    'Button' : [ 0x10, ['__unnamed_2126']],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0x148, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x18, ['pointer64', ['void']]],
+    'EmInfFileSize' : [ 0x20, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x28, ['pointer64', ['void']]],
+    'LoaderPagesSpanned' : [ 0x30, ['unsigned long long']],
+    'HeadlessLoaderBlock' : [ 0x38, ['pointer64', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x40, ['pointer64', ['_SMBIOS_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x48, ['pointer64', ['void']]],
+    'DrvDBSize' : [ 0x50, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x58, ['pointer64', ['_NETWORK_LOADER_BLOCK']]],
+    'FirmwareDescriptorListHead' : [ 0x60, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x70, ['pointer64', ['void']]],
+    'AcpiTableSize' : [ 0x78, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x7c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x7c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x7c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x7c, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x80, ['pointer64', ['_LOADER_PERFORMANCE_DATA']]],
+    'BootApplicationPersistentData' : [ 0x88, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0x98, ['pointer64', ['void']]],
+    'BootIdentifier' : [ 0xa0, ['_GUID']],
+    'ResumePages' : [ 0xb0, ['unsigned long']],
+    'DumpHeader' : [ 0xb8, ['pointer64', ['void']]],
+    'BgContext' : [ 0xc0, ['pointer64', ['void']]],
+    'NumaLocalityInfo' : [ 0xc8, ['pointer64', ['void']]],
+    'NumaGroupAssignment' : [ 0xd0, ['pointer64', ['void']]],
+    'AttachedHives' : [ 0xd8, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0xe8, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0xf0, ['pointer64', ['void']]],
+    'TpmBootEntropyResult' : [ 0xf8, ['_TPM_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0x140, ['unsigned long long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x400, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ALPC_MESSAGE_ZONE' : [ 0x30, {
+    'Mdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x8, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'SystemLimit' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_PROC_HISTORY_ENTRY' : [ 0x4, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'Frequency' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xd8, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_POOL_HEADER' : [ 0x10, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'BlockSize' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'PoolType' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+    'PoolTagHash' : [ 0xa, ['unsigned short']],
+} ],
+  '_ETW_PROVIDER_TABLE_ENTRY' : [ 0x18, {
+    'RefCount' : [ 0x0, ['long']],
+    'State' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'EtwProviderStateFree', 1: 'EtwProviderStateTransition', 2: 'EtwProviderStateActive', 3: 'EtwProviderStateMax'})]],
+    'RegEntry' : [ 0x8, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'Caller' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PEB64' : [ 0x380, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsLegacyProcess' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'HotpatchInformation' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['unsigned long long']],
+    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
+    'FlsBitmap' : [ 0x338, ['unsigned long long']],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pContextData' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_21ca' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x1f80, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_21ca']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'LastProcessSwappedOutTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'SessionPageDirectoryIndex' : [ 0x28, ['unsigned long long']],
+    'NonPagablePages' : [ 0x30, ['unsigned long long']],
+    'CommittedPages' : [ 0x38, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x40, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x50, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x58, ['pointer64', ['void']]],
+    'ResidentProcessCount' : [ 0x60, ['long']],
+    'SessionPoolAllocationFailures' : [ 0x64, ['array', 4, ['unsigned long']]],
+    'ImageList' : [ 0x78, ['_LIST_ENTRY']],
+    'LocaleId' : [ 0x88, ['unsigned long']],
+    'AttachCount' : [ 0x8c, ['unsigned long']],
+    'AttachGate' : [ 0x90, ['_KGATE']],
+    'WsListEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0xc0, ['array', 21, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xb40, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xb98, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xc00, ['_MMSUPPORT']],
+    'Wsle' : [ 0xc88, ['pointer64', ['_MMWSLE']]],
+    'DriverUnload' : [ 0xc90, ['pointer64', ['void']]],
+    'PagedPool' : [ 0xcc0, ['_POOL_DESCRIPTOR']],
+    'PageDirectory' : [ 0x1e00, ['_MMPTE']],
+    'SessionVaLock' : [ 0x1e08, ['_KGUARDED_MUTEX']],
+    'DynamicVaBitMap' : [ 0x1e40, ['_RTL_BITMAP']],
+    'DynamicVaHint' : [ 0x1e50, ['unsigned long']],
+    'SpecialPool' : [ 0x1e58, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1ea0, ['_KGUARDED_MUTEX']],
+    'PoolBigEntriesInUse' : [ 0x1ed8, ['long']],
+    'PagedPoolPdeCount' : [ 0x1edc, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1ee0, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1ee4, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1ee8, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1f30, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1f38, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x1f40, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1f48, ['unsigned long long']],
+    'IoState' : [ 0x1f50, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1f54, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1f58, ['_KEVENT']],
+    'CreateTime' : [ 0x1f70, ['unsigned long long']],
+    'CpuQuotaBlock' : [ 0x1f78, ['pointer64', ['_PS_CPU_QUOTA_BLOCK']]],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Rom' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SetMappedFileIoComplete' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CollidedFlush' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x68, {
+    'Mutex' : [ 0x0, ['_KGUARDED_MUTEX']],
+    'PagedPoolAllocationMap' : [ 0x38, ['_RTL_BITMAP']],
+    'FirstPteForPagedPool' : [ 0x48, ['pointer64', ['_MMPTE']]],
+    'PagedPoolHint' : [ 0x50, ['unsigned long']],
+    'PagedPoolCommit' : [ 0x58, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x60, ['unsigned long long']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'FeedbackHandler' : [ 0x40, ['pointer64', ['void']]],
+    'GetFFHThrottleState' : [ 0x48, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0x50, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x58, ['pointer64', ['void']]],
+    'PerfHandler' : [ 0x60, ['pointer64', ['void']]],
+    'Processors' : [ 0x68, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'PerfChangeTime' : [ 0x70, ['unsigned long long']],
+    'ProcessorCount' : [ 0x78, ['unsigned long']],
+    'PreviousFrequencyMhz' : [ 0x7c, ['unsigned long']],
+    'CurrentFrequencyMhz' : [ 0x80, ['unsigned long']],
+    'PreviousFrequency' : [ 0x84, ['unsigned long']],
+    'CurrentFrequency' : [ 0x88, ['unsigned long']],
+    'CurrentPerfContext' : [ 0x8c, ['unsigned long']],
+    'DesiredFrequency' : [ 0x90, ['unsigned long']],
+    'MaxFrequency' : [ 0x94, ['unsigned long']],
+    'MinPerfPercent' : [ 0x98, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x9c, ['unsigned long']],
+    'MaxPercent' : [ 0xa0, ['unsigned long']],
+    'MinPercent' : [ 0xa4, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0xa8, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0xac, ['unsigned long']],
+    'Coordination' : [ 0xb0, ['unsigned char']],
+    'PerfChangeIntervalCount' : [ 0xb4, ['long']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_RELATION_LIST' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'TagCount' : [ 0x4, ['unsigned long']],
+    'FirstLevel' : [ 0x8, ['unsigned long']],
+    'MaxLevel' : [ 0xc, ['unsigned long']],
+    'Entries' : [ 0x10, ['array', 1, ['pointer64', ['_RELATION_LIST_ENTRY']]]],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x48, {
+    'PteBase' : [ 0x0, ['pointer64', ['_MMPTE']]],
+    'Lock' : [ 0x8, ['unsigned long long']],
+    'Paged' : [ 0x10, ['_MI_SPECIAL_POOL_PTE_LIST']],
+    'NonPaged' : [ 0x20, ['_MI_SPECIAL_POOL_PTE_LIST']],
+    'PagesInUse' : [ 0x30, ['long long']],
+    'SpecialPoolPdes' : [ 0x38, ['_RTL_BITMAP']],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '__unnamed_2240' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2244' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_2240']],
+    'Bits' : [ 0x4, ['__unnamed_2244']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_KGUARDED_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_PPM_PERF_STATE' : [ 0x28, {
+    'Frequency' : [ 0x0, ['unsigned long']],
+    'Power' : [ 0x4, ['unsigned long']],
+    'PercentFrequency' : [ 0x8, ['unsigned char']],
+    'IncreaseLevel' : [ 0x9, ['unsigned char']],
+    'DecreaseLevel' : [ 0xa, ['unsigned char']],
+    'Type' : [ 0xb, ['unsigned char']],
+    'Control' : [ 0x10, ['unsigned long long']],
+    'Status' : [ 0x18, ['unsigned long long']],
+    'TotalHitCount' : [ 0x20, ['unsigned long']],
+    'DesiredCount' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KDPC_DATA' : [ 0x20, {
+    'DpcListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2260' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2262' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2260']],
+    'Merged' : [ 0x10, ['__unnamed_2262']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '__unnamed_226a' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_226a']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_MSUBSECTION' : [ 0x70, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'NextMappedSubsection' : [ 0x10, ['pointer64', ['_MSUBSECTION']]],
+    'PtesInSubsection' : [ 0x18, ['unsigned long']],
+    'UnusedPtes' : [ 0x20, ['unsigned long']],
+    'GlobalPerSessionHead' : [ 0x20, ['pointer64', ['_MM_AVL_TABLE']]],
+    'u' : [ 0x28, ['__unnamed_1fb7']],
+    'StartingSector' : [ 0x2c, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x30, ['unsigned long']],
+    'u1' : [ 0x38, ['__unnamed_2059']],
+    'LeftChild' : [ 0x40, ['pointer64', ['_MMSUBSECTION_NODE']]],
+    'RightChild' : [ 0x48, ['pointer64', ['_MMSUBSECTION_NODE']]],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x70, {
+    'GetTime' : [ 0x0, ['unsigned long long']],
+    'SetTime' : [ 0x8, ['unsigned long long']],
+    'GetWakeupTime' : [ 0x10, ['unsigned long long']],
+    'SetWakeupTime' : [ 0x18, ['unsigned long long']],
+    'SetVirtualAddressMap' : [ 0x20, ['unsigned long long']],
+    'ConvertPointer' : [ 0x28, ['unsigned long long']],
+    'GetVariable' : [ 0x30, ['unsigned long long']],
+    'GetNextVariableName' : [ 0x38, ['unsigned long long']],
+    'SetVariable' : [ 0x40, ['unsigned long long']],
+    'GetNextHighMonotonicCount' : [ 0x48, ['unsigned long long']],
+    'ResetSystem' : [ 0x50, ['unsigned long long']],
+    'UpdateCapsule' : [ 0x58, ['unsigned long long']],
+    'QueryCapsuleCapabilities' : [ 0x60, ['unsigned long long']],
+    'QueryVariableInfo' : [ 0x68, ['unsigned long long']],
+} ],
+  '_MI_SPECIAL_POOL_PTE_LIST' : [ 0x10, {
+    'FreePteHead' : [ 0x0, ['_MMPTE']],
+    'FreePteTail' : [ 0x8, ['_MMPTE']],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'spare2' : [ 0x12, ['array', 3, ['unsigned char']]],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'spare3' : [ 0x16, ['array', 8, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_2280' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+} ],
+  '__unnamed_2284' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x50, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_2280']],
+    'u2' : [ 0x38, ['__unnamed_2284']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+    'ThePtes' : [ 0x48, ['array', 1, ['_MMPTE']]],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_228d' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_228f' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_228d']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x100, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_228f']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'PoolPageHeaders' : [ 0x30, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x40, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x50, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x54, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x5c, ['unsigned long']],
+    'PagedBytes' : [ 0x60, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x70, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x80, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x84, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x88, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x8c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x90, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x94, ['unsigned long']],
+    'LockedBytes' : [ 0x98, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xa0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xc0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xd0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xe8, ['_LIST_ENTRY']],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'UlongFlags' : [ 0x0, ['unsigned long']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'ReadAheadSpinLock' : [ 0x48, ['unsigned long long']],
+    'PrivateLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'Spare' : [ 0xc, ['unsigned long']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_TPM_BOOT_ENTROPY_LDR_RESULT' : [ 0x48, {
+    'Policy' : [ 0x0, ['unsigned long long']],
+    'ResultCode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'TpmBootEntropyStructureUninitialized', 1: 'TpmBootEntropyDisabledByPolicy', 2: 'TpmBootEntropyNoTpmFound', 3: 'TpmBootEntropyTpmError', 4: 'TpmBootEntropySuccess'})]],
+    'ResultStatus' : [ 0xc, ['long']],
+    'Time' : [ 0x10, ['unsigned long long']],
+    'EntropyLength' : [ 0x18, ['unsigned long']],
+    'EntropyData' : [ 0x1c, ['array', 40, ['unsigned char']]],
+} ],
+  '_RTL_HANDLE_TABLE' : [ 0x30, {
+    'MaximumNumberOfHandles' : [ 0x0, ['unsigned long']],
+    'SizeOfHandleTableEntry' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['array', 2, ['unsigned long']]],
+    'FreeHandles' : [ 0x10, ['pointer64', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'CommittedHandles' : [ 0x18, ['pointer64', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'UnCommittedHandles' : [ 0x20, ['pointer64', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'MaxReservedHandles' : [ 0x28, ['pointer64', ['_RTL_HANDLE_TABLE_ENTRY']]],
+} ],
+  '_PTE_TRACKER' : [ 0x58, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'CallingAddress' : [ 0x48, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x20, {
+    'BlockAddress' : [ 0x0, ['unsigned long long']],
+    'BinAddress' : [ 0x8, ['unsigned long long']],
+    'CmView' : [ 0x10, ['pointer64', ['_CM_VIEW_OF_FILE']]],
+    'MemAlloc' : [ 0x18, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x18, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'ReferenceCount' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['unsigned char']],
+    'NameLength' : [ 0xf, ['unsigned char']],
+    'Name' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x10, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMSESSION' : [ 0x58, {
+    'SystemSpaceViewLock' : [ 0x0, ['_KGUARDED_MUTEX']],
+    'SystemSpaceViewLockPointer' : [ 0x38, ['pointer64', ['_KGUARDED_MUTEX']]],
+    'SystemSpaceViewTable' : [ 0x40, ['pointer64', ['_MMVIEW']]],
+    'SystemSpaceHashSize' : [ 0x48, ['unsigned long']],
+    'SystemSpaceHashEntries' : [ 0x4c, ['unsigned long']],
+    'SystemSpaceHashKey' : [ 0x50, ['unsigned long']],
+    'BitmapFailures' : [ 0x54, ['unsigned long']],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'Index' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned short']],
+    'EnableMask' : [ 0x34, ['unsigned char']],
+    'GroupEnableMask' : [ 0x35, ['unsigned char']],
+    'UseDescriptorType' : [ 0x36, ['unsigned char']],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'ReplyQueue' : [ 0x38, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x38, ['array', 4, ['pointer64', ['_ETW_REG_ENTRY']]]],
+    'Process' : [ 0x58, ['pointer64', ['_EPROCESS']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x60, ['pointer64', ['void']]],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x2f8, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'GetNewDeviceList' : [ 0x30, ['unsigned char']],
+    'Order' : [ 0x38, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x2d0, ['_LIST_ENTRY']],
+    'Status' : [ 0x2e0, ['long']],
+    'FailedDevice' : [ 0x2e8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x2f0, ['unsigned char']],
+    'Cancelled' : [ 0x2f1, ['unsigned char']],
+    'IgnoreErrors' : [ 0x2f2, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x2f3, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x2f4, ['unsigned char']],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'ExtraSharedWowSubsections' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WatchProto' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'FloppyMedia' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DefaultProtectionMask' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 22, native_type='unsigned long')]],
+    'Binary32' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ContainsDebug' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x58, {
+    'WorkerQueue' : [ 0x0, ['_KQUEUE']],
+    'DynamicThreadCount' : [ 0x40, ['unsigned long']],
+    'WorkItemsProcessed' : [ 0x44, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x48, ['unsigned long']],
+    'QueueDepthLastPass' : [ 0x4c, ['unsigned long']],
+    'Info' : [ 0x50, ['EX_QUEUE_WORKER_INFO']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0xfe4, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'SystemReserved1' : [ 0xcc, ['array', 54, ['unsigned long']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'SpareBytes' : [ 0x1ac, ['array', 36, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'EtwLocalData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'SoftPatchPtr1' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'SpareUlong0' : [ 0xfdc, ['unsigned long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x60, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'IdleCheck' : [ 0x28, ['pointer64', ['void']]],
+    'IdleHandler' : [ 0x30, ['pointer64', ['void']]],
+    'HvConfig' : [ 0x38, ['unsigned long long']],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Latency' : [ 0x48, ['unsigned long']],
+    'Power' : [ 0x4c, ['unsigned long']],
+    'TimeCheck' : [ 0x50, ['unsigned long']],
+    'StateFlags' : [ 0x54, ['unsigned long']],
+    'PromotePercent' : [ 0x58, ['unsigned char']],
+    'DemotePercent' : [ 0x59, ['unsigned char']],
+    'PromotePercentBase' : [ 0x5a, ['unsigned char']],
+    'DemotePercentBase' : [ 0x5b, ['unsigned char']],
+    'StateType' : [ 0x5c, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_2318' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x40, {
+    'Lock' : [ 0x0, ['long']],
+    'NodeToFree' : [ 0x8, ['pointer64', ['void']]],
+    'NodeRangeSize' : [ 0x10, ['unsigned long long']],
+    'NodeCount' : [ 0x18, ['unsigned long long']],
+    'Tables' : [ 0x20, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x28, ['unsigned long']],
+    'u1' : [ 0x2c, ['__unnamed_2318']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATION_LIST_ENTRY' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'Devices' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8168, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x8038, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x803c, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8040, ['unsigned long']],
+    'TotalReleases' : [ 0x8044, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x8048, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x804c, ['unsigned long']],
+    'Instigator' : [ 0x8050, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8058, ['unsigned long']],
+    'Participant' : [ 0x8060, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8160, ['long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x28, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SystemClass', 1: 'ProcessorClass', 2: 'CacheClass', 3: 'AdapterClass', 4: 'ControllerClass', 5: 'PeripheralClass', 6: 'MemoryClass', 7: 'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'ArcSystem', 1: 'CentralProcessor', 2: 'FloatingPointProcessor', 3: 'PrimaryIcache', 4: 'PrimaryDcache', 5: 'SecondaryIcache', 6: 'SecondaryDcache', 7: 'SecondaryCache', 8: 'EisaAdapter', 9: 'TcAdapter', 10: 'ScsiAdapter', 11: 'DtiAdapter', 12: 'MultiFunctionAdapter', 13: 'DiskController', 14: 'TapeController', 15: 'CdromController', 16: 'WormController', 17: 'SerialController', 18: 'NetworkController', 19: 'DisplayController', 20: 'ParallelController', 21: 'PointerController', 22: 'KeyboardController', 23: 'AudioController', 24: 'OtherController', 25: 'DiskPeripheral', 26: 'FloppyDiskPeripheral', 27: 'TapePeripheral', 28: 'ModemPeripheral', 29: 'MonitorPeripheral', 30: 'PrinterPeripheral', 31: 'PointerPeripheral', 32: 'KeyboardPeripheral', 33: 'TerminalPeripheral', 34: 'OtherPeripheral', 35: 'LinePeripheral', 36: 'NetworkPeripheral', 37: 'SystemMemory', 38: 'DockingInformation', 39: 'RealModeIrqRoutingTable', 40: 'RealModePCIEnumeration', 41: 'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer64', ['unsigned char']]],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_UOW' : [ 0x60, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x50, ['unsigned long']],
+    'OldValueCell' : [ 0x50, ['unsigned long']],
+    'NewValueCell' : [ 0x54, ['unsigned long']],
+    'UserFlags' : [ 0x50, ['unsigned long']],
+    'LastWriteTime' : [ 0x50, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x50, ['unsigned long']],
+    'OldChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x58, ['unsigned long']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2367' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2369' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2367']],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2369']],
+} ],
+  '_PSP_CPU_SHARE_CAPTURED_WEIGHT_DATA' : [ 0x8, {
+    'CapturedCpuShareWeight' : [ 0x0, ['unsigned long']],
+    'CapturedTotalWeight' : [ 0x4, ['unsigned long']],
+    'CombinedData' : [ 0x0, ['long long']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '__unnamed_237c' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_237c']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x48, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_HEAP_USERDATA_HEADER' : [ 0x20, {
+    'SFreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'SubSegment' : [ 0x0, ['pointer64', ['_HEAP_SUBSEGMENT']]],
+    'Reserved' : [ 0x8, ['pointer64', ['void']]],
+    'SizeIndex' : [ 0x10, ['unsigned long long']],
+    'Signature' : [ 0x18, ['unsigned long long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_DEFERRED_WRITE' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'GpValue' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0x70, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1b, {
+    'PerUserPolicy' : [ 0x0, ['array', 27, ['unsigned char']]],
+} ],
+  '__unnamed_23d4' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_23d6' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_23da' : [ 0x8, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_23de' : [ 0x10, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x8, ['unsigned char']],
+} ],
+  '__unnamed_23e0' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_23d4']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_23d6']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_23da']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_23de']],
+    'Others' : [ 0x0, ['__unnamed_23e0']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x110, {
+    'WriteToFile' : [ 0x0, ['unsigned char']],
+    'ReserveLoaderMemory' : [ 0x1, ['unsigned char']],
+    'ReserveFreeMemory' : [ 0x2, ['unsigned char']],
+    'Reset' : [ 0x3, ['unsigned char']],
+    'HiberFlags' : [ 0x4, ['unsigned char']],
+    'WroteHiberFile' : [ 0x5, ['unsigned char']],
+    'MapFrozen' : [ 0x6, ['unsigned char']],
+    'MemoryMap' : [ 0x8, ['_RTL_BITMAP']],
+    'DiscardedMemoryPages' : [ 0x18, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x28, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x38, ['unsigned long']],
+    'NextCloneRange' : [ 0x40, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x48, ['unsigned long long']],
+    'LoaderMdl' : [ 0x50, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x58, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x60, ['unsigned long long']],
+    'IoPages' : [ 0x68, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x70, ['unsigned long']],
+    'CurrentMcb' : [ 0x78, ['pointer64', ['void']]],
+    'DumpStack' : [ 0x80, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x88, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'PreferredIoWriteSize' : [ 0x90, ['unsigned long']],
+    'IoProgress' : [ 0x94, ['unsigned long']],
+    'HiberVa' : [ 0x98, ['unsigned long long']],
+    'HiberPte' : [ 0xa0, ['_LARGE_INTEGER']],
+    'Status' : [ 0xa8, ['long']],
+    'MemoryImage' : [ 0xb0, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'CompressionWorkspace' : [ 0xb8, ['pointer64', ['void']]],
+    'CompressedWriteBuffer' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'CompressedWriteBufferSize' : [ 0xc8, ['unsigned long']],
+    'MaxCompressedOutputSize' : [ 0xcc, ['unsigned long']],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'CompressionBlock' : [ 0xd8, ['pointer64', ['void']]],
+    'DmaIO' : [ 0xe0, ['pointer64', ['void']]],
+    'TemporaryHeap' : [ 0xe8, ['pointer64', ['void']]],
+    'BootLoaderLogMdl' : [ 0xf0, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0xf8, ['pointer64', ['_MDL']]],
+    'ResumeContext' : [ 0x100, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0x108, ['unsigned long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x110, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0xa0, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0xa8, ['pointer64', ['void']]],
+    'PointersLength' : [ 0xb0, ['unsigned long']],
+    'ModulePrefix' : [ 0xb8, ['pointer64', ['unsigned short']]],
+    'DriverList' : [ 0xc0, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0xd0, ['_STRING']],
+    'ProgMsg' : [ 0xe0, ['_STRING']],
+    'DoneMsg' : [ 0xf0, ['_STRING']],
+    'FileObject' : [ 0x100, ['pointer64', ['void']]],
+    'UsageType' : [ 0x108, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile'})]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x40, {
+    'ThreadHandle' : [ 0x0, ['pointer64', ['void']]],
+    'ThreadId' : [ 0x8, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x10, ['pointer64', ['void']]],
+    'Code' : [ 0x18, ['unsigned long']],
+    'Parameter1' : [ 0x20, ['unsigned long long']],
+    'Parameter2' : [ 0x28, ['unsigned long long']],
+    'Parameter3' : [ 0x30, ['unsigned long long']],
+    'Parameter4' : [ 0x38, ['unsigned long long']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_RTL_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NextFree' : [ 0x0, ['pointer64', ['_RTL_HANDLE_TABLE_ENTRY']]],
+} ],
+  '__unnamed_2406' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_2406']],
+} ],
+  '__unnamed_240a' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_240a']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x128, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long']],
+    'HiberFlags' : [ 0x34, ['unsigned char']],
+    'spare' : [ 0x35, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x38, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'HiberPte' : [ 0x48, ['_LARGE_INTEGER']],
+    'NoFreePages' : [ 0x50, ['unsigned long']],
+    'FreeMapCheck' : [ 0x54, ['unsigned long']],
+    'WakeCheck' : [ 0x58, ['unsigned long']],
+    'FirstTablePage' : [ 0x60, ['unsigned long long']],
+    'PerfInfo' : [ 0x68, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0xc0, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0xc8, ['array', 1, ['unsigned long long']]],
+    'NoBootLoaderLogPages' : [ 0xd0, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0xd8, ['array', 8, ['unsigned long long']]],
+    'NotUsed' : [ 0x118, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x11c, ['unsigned long']],
+    'ResumeContextPages' : [ 0x120, ['unsigned long']],
+} ],
+  'EX_QUEUE_WORKER_INFO' : [ 0x4, {
+    'QueueDisabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MakeThreadsAsNecessary' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitMode' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WorkerCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'QueueWorkerInfo' : [ 0x0, ['long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x58, {
+    'IoTicks' : [ 0x0, ['unsigned long long']],
+    'InitTicks' : [ 0x8, ['unsigned long long']],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'ElapsedTicks' : [ 0x18, ['unsigned long long']],
+    'CompressTicks' : [ 0x20, ['unsigned long long']],
+    'ResumeAppTime' : [ 0x28, ['unsigned long long']],
+    'HiberFileResumeTime' : [ 0x30, ['unsigned long long']],
+    'BytesCopied' : [ 0x38, ['unsigned long long']],
+    'PagesProcessed' : [ 0x40, ['unsigned long long']],
+    'PagesWritten' : [ 0x48, ['unsigned long']],
+    'DumpCount' : [ 0x4c, ['unsigned long']],
+    'FileRuns' : [ 0x50, ['unsigned long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_MMVIEW' : [ 0x30, {
+    'Entry' : [ 0x0, ['unsigned long long']],
+    'Writable' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'ControlArea' : [ 0x8, ['pointer64', ['_CONTROL_AREA']]],
+    'ViewLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionViewVa' : [ 0x20, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x40, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'PciDeviceId' : [ 0x18, ['unsigned short']],
+    'PciVendorId' : [ 0x1a, ['unsigned short']],
+    'PciBusNumber' : [ 0x1c, ['unsigned char']],
+    'PciBusSegment' : [ 0x1e, ['unsigned short']],
+    'PciSlotNumber' : [ 0x20, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x21, ['unsigned char']],
+    'PciFlags' : [ 0x24, ['unsigned long']],
+    'SystemGUID' : [ 0x28, ['_GUID']],
+    'IsMMIODevice' : [ 0x38, ['unsigned char']],
+    'TerminalType' : [ 0x39, ['unsigned char']],
+} ],
+  '__unnamed_2434' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2436' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2438' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2434']],
+    'Gpt' : [ 0x0, ['__unnamed_2436']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0xa0, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_2438']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x48, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Hint' : [ 0x14, ['unsigned long']],
+    'BasePte' : [ 0x18, ['pointer64', ['_MMPTE']]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'Vm' : [ 0x28, ['pointer64', ['_MMSUPPORT']]],
+    'TotalSystemPtes' : [ 0x30, ['long']],
+    'TotalFreeSystemPtes' : [ 0x34, ['long']],
+    'CachedPteCount' : [ 0x38, ['long']],
+    'PteFailures' : [ 0x3c, ['unsigned long']],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+    'GlobalMutex' : [ 0x40, ['pointer64', ['_KGUARDED_MUTEX']]],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x20, {
+    'DHCPServerACK' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x8, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x298, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 9, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x5f0, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'Reserved2' : [ 0x248, ['array', 7, ['unsigned long']]],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'AltArchitecturePad' : [ 0x2c4, ['array', 1, ['unsigned long']]],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['unsigned char']],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'TscQpcData' : [ 0x2ed, ['unsigned char']],
+    'TscQpcEnabled' : [ 0x2ed, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TscQpcSpareFlag' : [ 0x2ed, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'TscQpcShift' : [ 0x2ed, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'TscQpcPad' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgSystemDllRelocated' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgSEHValidationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'SystemCall' : [ 0x300, ['unsigned long']],
+    'SystemCallReturn' : [ 0x304, ['unsigned long']],
+    'SystemCallPad' : [ 0x308, ['array', 3, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'DEPRECATED_Wow64SharedInformation' : [ 0x340, ['array', 16, ['unsigned long']]],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved5' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'TscQpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned short']],
+    'Reserved4' : [ 0x3c6, ['unsigned short']],
+    'AitSamplingValue' : [ 0x3c8, ['unsigned long']],
+    'AppCompatFlag' : [ 0x3cc, ['unsigned long']],
+    'DEPRECATED_SystemDllNativeRelocation' : [ 0x3d0, ['unsigned long long']],
+    'DEPRECATED_SystemDllWowRelocation' : [ 0x3d8, ['unsigned long']],
+    'XStatePad' : [ 0x3dc, ['array', 1, ['unsigned long']]],
+    'XState' : [ 0x3e0, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1043' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1043']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1047' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1047']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_105f' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1061' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_105f']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_1061']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_INVALID'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TP_TASK' : [ 0x20, {
+    'Callbacks' : [ 0x0, ['pointer64', ['_TP_TASK_CALLBACKS']]],
+    'NumaNode' : [ 0x8, ['unsigned long']],
+    'IdealProcessor' : [ 0xc, ['unsigned char']],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_TP_TASK_CALLBACKS' : [ 0x10, {
+    'ExecuteCallback' : [ 0x0, ['pointer64', ['void']]],
+    'Unposted' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_TP_DIRECT' : [ 0x10, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'NumaNode' : [ 0x8, ['unsigned long']],
+    'IdealProcessor' : [ 0xc, ['unsigned char']],
+} ],
+  '_TEB' : [ 0x1818, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'SystemReserved1' : [ 0x110, ['array', 54, ['pointer64', ['void']]]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'SpareBytes' : [ 0x2d0, ['array', 24, ['unsigned char']]],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'EtwLocalData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'SoftPatchPtr1' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'SpareUlong0' : [ 0x180c, ['unsigned long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned short']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_KPCR' : [ 0x4e80, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x4d00, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'PrcbPad00' : [ 0x21, ['array', 3, ['unsigned char']]],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PrcbPad01' : [ 0x38, ['unsigned long long']],
+    'ProcessorState' : [ 0x40, ['_KPROCESSOR_STATE']],
+    'CpuType' : [ 0x5f0, ['unsigned char']],
+    'CpuID' : [ 0x5f1, ['unsigned char']],
+    'CpuStep' : [ 0x5f2, ['unsigned short']],
+    'CpuStepping' : [ 0x5f2, ['unsigned char']],
+    'CpuModel' : [ 0x5f3, ['unsigned char']],
+    'MHz' : [ 0x5f4, ['unsigned long']],
+    'HalReserved' : [ 0x5f8, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x638, ['unsigned short']],
+    'MajorVersion' : [ 0x63a, ['unsigned short']],
+    'BuildType' : [ 0x63c, ['unsigned char']],
+    'CpuVendor' : [ 0x63d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x63e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x63f, ['unsigned char']],
+    'ApicMask' : [ 0x640, ['unsigned long']],
+    'CFlushSize' : [ 0x644, ['unsigned long']],
+    'AcpiReserved' : [ 0x648, ['pointer64', ['void']]],
+    'InitialApicId' : [ 0x650, ['unsigned long']],
+    'Stride' : [ 0x654, ['unsigned long']],
+    'Group' : [ 0x658, ['unsigned short']],
+    'GroupSetMember' : [ 0x660, ['unsigned long long']],
+    'GroupIndex' : [ 0x668, ['unsigned char']],
+    'LockQueue' : [ 0x670, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x780, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNPagedLookasideList' : [ 0x880, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x1480, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x2080, ['long']],
+    'DeferredReadyListHead' : [ 0x2088, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2090, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2094, ['long']],
+    'MmTransitionCount' : [ 0x2098, ['long']],
+    'MmDemandZeroCount' : [ 0x209c, ['long']],
+    'MmPageReadCount' : [ 0x20a0, ['long']],
+    'MmPageReadIoCount' : [ 0x20a4, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x20a8, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x20ac, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x20b0, ['long']],
+    'MmMappedWriteIoCount' : [ 0x20b4, ['long']],
+    'KeSystemCalls' : [ 0x20b8, ['unsigned long']],
+    'KeContextSwitches' : [ 0x20bc, ['unsigned long']],
+    'CcFastReadNoWait' : [ 0x20c0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x20c4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x20c8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x20cc, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x20d0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x20d4, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x20d8, ['long']],
+    'IoReadOperationCount' : [ 0x20dc, ['long']],
+    'IoWriteOperationCount' : [ 0x20e0, ['long']],
+    'IoOtherOperationCount' : [ 0x20e4, ['long']],
+    'IoReadTransferCount' : [ 0x20e8, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x20f0, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x20f8, ['_LARGE_INTEGER']],
+    'TargetCount' : [ 0x2100, ['long']],
+    'IpiFrozen' : [ 0x2104, ['unsigned long']],
+    'DpcData' : [ 0x2180, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x21c0, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x21c8, ['long']],
+    'DpcRequestRate' : [ 0x21cc, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x21d0, ['unsigned long']],
+    'DpcLastCount' : [ 0x21d4, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x21d8, ['unsigned char']],
+    'QuantumEnd' : [ 0x21d9, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x21da, ['unsigned char']],
+    'IdleSchedule' : [ 0x21db, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x21dc, ['long']],
+    'DpcRequestSlot' : [ 0x21dc, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x21dc, ['short']],
+    'DpcThreadActive' : [ 0x21de, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'ThreadDpcState' : [ 0x21de, ['short']],
+    'TimerHand' : [ 0x21e0, ['unsigned long']],
+    'MasterOffset' : [ 0x21e4, ['long']],
+    'LastTick' : [ 0x21e8, ['unsigned long']],
+    'UnusedPad' : [ 0x21ec, ['unsigned long']],
+    'PrcbPad50' : [ 0x21f0, ['array', 2, ['unsigned long long']]],
+    'TimerTable' : [ 0x2200, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x4400, ['_KGATE']],
+    'PrcbPad52' : [ 0x4418, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x4420, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x4460, ['long']],
+    'ClockCheckSlot' : [ 0x4464, ['unsigned char']],
+    'ClockPollCycle' : [ 0x4465, ['unsigned char']],
+    'NmiActive' : [ 0x4466, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x4468, ['long']],
+    'DpcWatchdogCount' : [ 0x446c, ['long']],
+    'TickOffset' : [ 0x4470, ['unsigned long long']],
+    'KeSpinLockOrdering' : [ 0x4478, ['long']],
+    'PrcbPad70' : [ 0x447c, ['unsigned long']],
+    'WaitListHead' : [ 0x4480, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x4490, ['unsigned long long']],
+    'ReadySummary' : [ 0x4498, ['unsigned long']],
+    'QueueIndex' : [ 0x449c, ['unsigned long']],
+    'TimerExpirationDpc' : [ 0x44a0, ['_KDPC']],
+    'PrcbPad72' : [ 0x44e0, ['array', 4, ['unsigned long long']]],
+    'DispatcherReadyListHead' : [ 0x4500, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x4700, ['unsigned long']],
+    'KernelTime' : [ 0x4704, ['unsigned long']],
+    'UserTime' : [ 0x4708, ['unsigned long']],
+    'DpcTime' : [ 0x470c, ['unsigned long']],
+    'InterruptTime' : [ 0x4710, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4714, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4718, ['unsigned char']],
+    'PrcbPad80' : [ 0x4719, ['array', 7, ['unsigned char']]],
+    'DpcTimeCount' : [ 0x4720, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4724, ['unsigned long']],
+    'PeriodicCount' : [ 0x4728, ['unsigned long']],
+    'PeriodicBias' : [ 0x472c, ['unsigned long']],
+    'AvailableTime' : [ 0x4730, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x4734, ['unsigned long']],
+    'ParentNode' : [ 0x4738, ['pointer64', ['_KNODE']]],
+    'StartCycles' : [ 0x4740, ['unsigned long long']],
+    'PrcbPad82' : [ 0x4748, ['array', 3, ['unsigned long long']]],
+    'MmSpinLockOrdering' : [ 0x4760, ['long']],
+    'PageColor' : [ 0x4764, ['unsigned long']],
+    'NodeColor' : [ 0x4768, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x476c, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x4770, ['unsigned long']],
+    'PrcbPad83' : [ 0x4774, ['unsigned long']],
+    'CycleTime' : [ 0x4778, ['unsigned long long']],
+    'CcFastMdlReadNoWait' : [ 0x4780, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x4784, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x4788, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x478c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x4790, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x4794, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x4798, ['unsigned long']],
+    'CcPinReadWait' : [ 0x479c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x47a0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x47a4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x47a8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x47ac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x47b0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x47b4, ['unsigned long']],
+    'CcDataPages' : [ 0x47b8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x47bc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x47c0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x47c4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x47c8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x47cc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x47d0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x47d4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x47d8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x47dc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x47e0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x47e4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x47e8, ['long']],
+    'MmCacheReadCount' : [ 0x47ec, ['long']],
+    'MmCacheIoCount' : [ 0x47f0, ['long']],
+    'PrcbPad91' : [ 0x47f4, ['array', 1, ['unsigned long']]],
+    'RuntimeAccumulation' : [ 0x47f8, ['unsigned long long']],
+    'PowerState' : [ 0x4800, ['_PROCESSOR_POWER_STATE']],
+    'PrcbPad92' : [ 0x4900, ['array', 16, ['unsigned char']]],
+    'KeAlignmentFixupCount' : [ 0x4910, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x4918, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x4958, ['_KTIMER']],
+    'Cache' : [ 0x4998, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x49d4, ['unsigned long']],
+    'CachedCommit' : [ 0x49d8, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x49dc, ['unsigned long']],
+    'HyperPte' : [ 0x49e0, ['pointer64', ['void']]],
+    'WheaInfo' : [ 0x49e8, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x49f0, ['pointer64', ['void']]],
+    'InterruptObjectPool' : [ 0x4a00, ['_SLIST_HEADER']],
+    'HypercallPageList' : [ 0x4a10, ['_SLIST_HEADER']],
+    'HypercallPageVirtual' : [ 0x4a20, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x4a28, ['pointer64', ['void']]],
+    'StatisticsPage' : [ 0x4a30, ['pointer64', ['unsigned long long']]],
+    'RateControl' : [ 0x4a38, ['pointer64', ['void']]],
+    'CacheProcessorMask' : [ 0x4a40, ['array', 5, ['unsigned long long']]],
+    'PackageProcessorSet' : [ 0x4a68, ['_KAFFINITY_EX']],
+    'CoreProcessorSet' : [ 0x4a90, ['unsigned long long']],
+    'PebsIndexAddress' : [ 0x4a98, ['pointer64', ['void']]],
+    'PrcbPad93' : [ 0x4aa0, ['array', 12, ['unsigned long long']]],
+    'SpinLockAcquireCount' : [ 0x4b00, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4b04, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x4b08, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0x4b0c, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x4b10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x4b14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x4b18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x4b1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x4b20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x4b24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x4b28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x4b2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x4b30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x4b34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x4b38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x4b3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x4b40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x4b44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x4b48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4b4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x4b50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x4b54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x4b58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x4b5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x4b60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x4b64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x4b68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x4b6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x4b70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x4b74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x4b78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x4b7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x4b80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x4b84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x4b88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x4b8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x4b90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x4b94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x4b98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x4b9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0x4ba0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0x4ba4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0x4ba8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0x4bac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0x4bb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0x4bb4, ['unsigned long']],
+    'VendorString' : [ 0x4bb8, ['array', 13, ['unsigned char']]],
+    'PrcbPad10' : [ 0x4bc5, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x4bc8, ['unsigned long']],
+    'UpdateSignature' : [ 0x4bd0, ['_LARGE_INTEGER']],
+    'Context' : [ 0x4bd8, ['pointer64', ['_CONTEXT']]],
+    'ContextFlags' : [ 0x4be0, ['unsigned long']],
+    'ExtendedState' : [ 0x4be8, ['pointer64', ['_XSAVE_AREA']]],
+    'Mailbox' : [ 0x4c00, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestMailbox' : [ 0x4c80, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTHREAD' : [ 0x368, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'KernelStack' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'WaitRegister' : [ 0x48, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x49, ['unsigned char']],
+    'Alerted' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'KernelStackResident' : [ 0x4c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x4c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessReadyQueue' : [ 0x4c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WaitNext' : [ 0x4c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x4c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Alertable' : [ 0x4c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GdiFlushActive' : [ 0x4c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x4c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x4c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x4c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x4c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x4c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'TimerActive' : [ 0x4c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SystemThread' : [ 0x4c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Reserved' : [ 0x4c, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x4c, ['long']],
+    'ApcState' : [ 0x50, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x50, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0x7b, ['unsigned char']],
+    'NextProcessor' : [ 0x7c, ['unsigned long']],
+    'DeferredProcessor' : [ 0x80, ['unsigned long']],
+    'ApcQueueLock' : [ 0x88, ['unsigned long long']],
+    'WaitStatus' : [ 0x90, ['long long']],
+    'WaitBlockList' : [ 0x98, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xa0, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xa0, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xb0, ['pointer64', ['_KQUEUE']]],
+    'Teb' : [ 0xb8, ['pointer64', ['void']]],
+    'Timer' : [ 0xc0, ['_KTIMER']],
+    'AutoAlignment' : [ 0x100, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x100, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EtwStackTraceApc1Inserted' : [ 0x100, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EtwStackTraceApc2Inserted' : [ 0x100, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x100, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x100, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x100, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x100, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x100, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'VdmSafe' : [ 0x100, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'UmsDispatched' : [ 0x100, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x100, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x100, ['long']],
+    'Spare0' : [ 0x104, ['unsigned long']],
+    'WaitBlock' : [ 0x108, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x108, ['array', 44, ['unsigned char']]],
+    'ContextSwitches' : [ 0x134, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x108, ['array', 92, ['unsigned char']]],
+    'State' : [ 0x164, ['unsigned char']],
+    'NpxState' : [ 0x165, ['unsigned char']],
+    'WaitIrql' : [ 0x166, ['unsigned char']],
+    'WaitMode' : [ 0x167, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x108, ['array', 140, ['unsigned char']]],
+    'WaitTime' : [ 0x194, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x108, ['array', 168, ['unsigned char']]],
+    'TebMappedLowVa' : [ 0x1b0, ['pointer64', ['void']]],
+    'Ucb' : [ 0x1b8, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'WaitBlockFill8' : [ 0x108, ['array', 188, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1c4, ['short']],
+    'SpecialApcDisable' : [ 0x1c6, ['short']],
+    'CombinedApcDisable' : [ 0x1c4, ['unsigned long']],
+    'QueueListEntry' : [ 0x1c8, ['_LIST_ENTRY']],
+    'TrapFrame' : [ 0x1d8, ['pointer64', ['_KTRAP_FRAME']]],
+    'FirstArgument' : [ 0x1e0, ['pointer64', ['void']]],
+    'CallbackStack' : [ 0x1e8, ['pointer64', ['void']]],
+    'CallbackDepth' : [ 0x1e8, ['unsigned long long']],
+    'ApcStateIndex' : [ 0x1f0, ['unsigned char']],
+    'BasePriority' : [ 0x1f1, ['unsigned char']],
+    'PriorityDecrement' : [ 0x1f2, ['unsigned char']],
+    'ForegroundBoost' : [ 0x1f2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x1f2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x1f3, ['unsigned char']],
+    'AdjustReason' : [ 0x1f4, ['unsigned char']],
+    'AdjustIncrement' : [ 0x1f5, ['unsigned char']],
+    'PreviousMode' : [ 0x1f6, ['unsigned char']],
+    'Saturation' : [ 0x1f7, ['unsigned char']],
+    'SystemCallNumber' : [ 0x1f8, ['unsigned long']],
+    'FreezeCount' : [ 0x1fc, ['unsigned long']],
+    'UserAffinity' : [ 0x200, ['_GROUP_AFFINITY']],
+    'Process' : [ 0x210, ['pointer64', ['_KPROCESS']]],
+    'Affinity' : [ 0x218, ['_GROUP_AFFINITY']],
+    'IdealProcessor' : [ 0x228, ['unsigned long']],
+    'UserIdealProcessor' : [ 0x22c, ['unsigned long']],
+    'ApcStatePointer' : [ 0x230, ['array', 2, ['pointer64', ['_KAPC_STATE']]]],
+    'SavedApcState' : [ 0x240, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x240, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x26b, ['unsigned char']],
+    'SuspendCount' : [ 0x26c, ['unsigned char']],
+    'Spare1' : [ 0x26d, ['unsigned char']],
+    'CodePatchInProgress' : [ 0x26e, ['unsigned char']],
+    'Win32Thread' : [ 0x270, ['pointer64', ['void']]],
+    'StackBase' : [ 0x278, ['pointer64', ['void']]],
+    'SuspendApc' : [ 0x280, ['_KAPC']],
+    'SuspendApcFill0' : [ 0x280, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x281, ['unsigned char']],
+    'SuspendApcFill1' : [ 0x280, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x283, ['unsigned char']],
+    'SuspendApcFill2' : [ 0x280, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x284, ['unsigned long']],
+    'SuspendApcFill3' : [ 0x280, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c0, ['pointer64', ['_KPRCB']]],
+    'SuspendApcFill4' : [ 0x280, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2c8, ['pointer64', ['void']]],
+    'SuspendApcFill5' : [ 0x280, ['array', 83, ['unsigned char']]],
+    'LargeStack' : [ 0x2d3, ['unsigned char']],
+    'UserTime' : [ 0x2d4, ['unsigned long']],
+    'SuspendSemaphore' : [ 0x2d8, ['_KSEMAPHORE']],
+    'SuspendSemaphorefill' : [ 0x2d8, ['array', 28, ['unsigned char']]],
+    'SListFaultCount' : [ 0x2f4, ['unsigned long']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'SListFaultAddress' : [ 0x318, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x320, ['long long']],
+    'WriteOperationCount' : [ 0x328, ['long long']],
+    'OtherOperationCount' : [ 0x330, ['long long']],
+    'ReadTransferCount' : [ 0x338, ['long long']],
+    'WriteTransferCount' : [ 0x340, ['long long']],
+    'OtherTransferCount' : [ 0x348, ['long long']],
+    'ThreadCounters' : [ 0x350, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'StateSaveArea' : [ 0x358, ['pointer64', ['_XSAVE_FORMAT']]],
+    'XStateSave' : [ 0x360, ['pointer64', ['_XSTATE_SAVE']]],
+} ],
+  '_KERNEL_STACK_CONTROL' : [ 0x50, {
+    'Current' : [ 0x0, ['_KERNEL_STACK_SEGMENT']],
+    'Previous' : [ 0x28, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x98, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'PrimaryFlags' : [ 0x88, ['unsigned long']],
+    'UmsContextHeaderReady' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsContextHeader' : [ 0x30, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'UmsWaitGate' : [ 0x38, ['_KGATE']],
+    'StagingArea' : [ 0x50, ['pointer64', ['void']]],
+    'Flags' : [ 0x58, ['long']],
+    'UmsForceQueueTermination' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x58, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsPrimaryDeliveredContext' : [ 0x58, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UmsPerformingSingleStep' : [ 0x58, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'TebSelector' : [ 0x90, ['unsigned short']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_11c8' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 25, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 64, native_type='unsigned long long')]],
+    'HeaderType' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Init' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 61, native_type='unsigned long long')]],
+    'Region' : [ 0x8, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_11cd' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'HeaderType' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Init' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_11d0' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'HeaderType' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'Header8' : [ 0x0, ['__unnamed_11c8']],
+    'Header16' : [ 0x0, ['__unnamed_11cd']],
+    'HeaderX64' : [ 0x0, ['__unnamed_11d0']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_IO_STATUS_BLOCK32' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_EX_PUSH_LOCK_CACHE_AWARE' : [ 0x100, {
+    'Locks' : [ 0x0, ['array', 32, ['pointer64', ['_EX_PUSH_LOCK']]]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_EX_PUSH_LOCK_WAIT_BLOCK' : [ 0x40, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Next' : [ 0x18, ['pointer64', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'Last' : [ 0x20, ['pointer64', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'Previous' : [ 0x28, ['pointer64', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'ShareCount' : [ 0x30, ['long']],
+    'Flags' : [ 0x34, ['long']],
+} ],
+  '_ETHREAD' : [ 0x4a8, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x368, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x370, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x370, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x380, ['long']],
+    'PostBlockList' : [ 0x388, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x388, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x390, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x398, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x398, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x398, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x3a0, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x3a8, ['_LIST_ENTRY']],
+    'Cid' : [ 0x3b8, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x3c8, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x3c8, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x3e8, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x3f0, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x400, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x408, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CpuQuotaApc' : [ 0x410, ['pointer64', ['_PSP_CPU_QUOTA_APC']]],
+    'Win32StartAddress' : [ 0x418, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x420, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x428, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x438, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x440, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x448, ['unsigned long']],
+    'MmLockOrdering' : [ 0x44c, ['long']],
+    'CrossThreadFlags' : [ 0x450, ['unsigned long']],
+    'Terminated' : [ 0x450, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x450, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x450, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x450, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x450, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x450, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x450, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x450, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x450, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x450, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x450, ['BitField', dict(start_bit = 10, end_bit = 13, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x450, ['BitField', dict(start_bit = 13, end_bit = 16, native_type='unsigned long')]],
+    'RundownFail' : [ 0x450, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NeedsWorkingSetAging' : [ 0x450, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x454, ['unsigned long']],
+    'ActiveExWorker' : [ 0x454, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerCanWaitUser' : [ 0x454, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x454, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x454, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x454, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RateApcState' : [ 0x454, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x454, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x458, ['unsigned long']],
+    'Spare' : [ 0x458, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x458, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EtwPageFaultCalloutActive' : [ 0x458, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'OwnsProcessWorkingSetExclusive' : [ 0x458, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'OwnsProcessWorkingSetShared' : [ 0x458, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsSystemCacheWorkingSetExclusive' : [ 0x458, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsSystemCacheWorkingSetShared' : [ 0x458, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsSessionWorkingSetExclusive' : [ 0x458, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'OwnsSessionWorkingSetShared' : [ 0x459, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x459, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x459, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x459, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Prefetching' : [ 0x459, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsDynamicMemoryShared' : [ 0x459, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsChangeControlAreaExclusive' : [ 0x459, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsChangeControlAreaShared' : [ 0x459, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'OwnsPagedPoolWorkingSetExclusive' : [ 0x45a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsPagedPoolWorkingSetShared' : [ 0x45a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'OwnsSystemPtesWorkingSetExclusive' : [ 0x45a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'OwnsSystemPtesWorkingSetShared' : [ 0x45a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'TrimTrigger' : [ 0x45a, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x45a, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'PriorityRegionActive' : [ 0x45b, ['unsigned char']],
+    'CacheManagerActive' : [ 0x45c, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x45d, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x45e, ['unsigned char']],
+    'LockOrderState' : [ 0x45f, ['unsigned char']],
+    'AlpcMessageId' : [ 0x460, ['unsigned long long']],
+    'AlpcMessage' : [ 0x468, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x468, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x470, ['_LIST_ENTRY']],
+    'CacheManagerCount' : [ 0x480, ['unsigned long']],
+    'IoBoostCount' : [ 0x484, ['unsigned long']],
+    'IrpListLock' : [ 0x488, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x490, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x498, ['_SINGLE_LIST_ENTRY']],
+    'KernelStackReference' : [ 0x4a0, ['unsigned long']],
+} ],
+  '_EPROCESS' : [ 0x4e8, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CreateTime' : [ 0x168, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x170, ['_LARGE_INTEGER']],
+    'RundownProtect' : [ 0x178, ['_EX_RUNDOWN_REF']],
+    'UniqueProcessId' : [ 0x180, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x188, ['_LIST_ENTRY']],
+    'ProcessQuotaUsage' : [ 0x198, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x1a8, ['array', 2, ['unsigned long long']]],
+    'CommitCharge' : [ 0x1b8, ['unsigned long long']],
+    'QuotaBlock' : [ 0x1c0, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'CpuQuotaBlock' : [ 0x1c8, ['pointer64', ['_PS_CPU_QUOTA_BLOCK']]],
+    'PeakVirtualSize' : [ 0x1d0, ['unsigned long long']],
+    'VirtualSize' : [ 0x1d8, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x1e0, ['_LIST_ENTRY']],
+    'DebugPort' : [ 0x1f0, ['pointer64', ['void']]],
+    'ExceptionPortData' : [ 0x1f8, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x1f8, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x1f8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'ObjectTable' : [ 0x200, ['pointer64', ['_HANDLE_TABLE']]],
+    'Token' : [ 0x208, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0x210, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x218, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x220, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x228, ['pointer64', ['_ETHREAD']]],
+    'HardwareTrigger' : [ 0x230, ['unsigned long long']],
+    'PhysicalVadRoot' : [ 0x238, ['pointer64', ['_MM_AVL_TABLE']]],
+    'CloneRoot' : [ 0x240, ['pointer64', ['void']]],
+    'NumberOfPrivatePages' : [ 0x248, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x250, ['unsigned long long']],
+    'Win32Process' : [ 0x258, ['pointer64', ['void']]],
+    'Job' : [ 0x260, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x268, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x270, ['pointer64', ['void']]],
+    'Cookie' : [ 0x278, ['unsigned long']],
+    'UmsScheduledThreads' : [ 0x27c, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x280, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x288, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x290, ['pointer64', ['void']]],
+    'LdtInformation' : [ 0x298, ['pointer64', ['void']]],
+    'Spare' : [ 0x2a0, ['pointer64', ['void']]],
+    'ConsoleHostProcess' : [ 0x2a8, ['unsigned long long']],
+    'DeviceMap' : [ 0x2b0, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x2b8, ['pointer64', ['void']]],
+    'FreeTebHint' : [ 0x2c0, ['pointer64', ['void']]],
+    'FreeUmsTebHint' : [ 0x2c8, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x2d0, ['_HARDWARE_PTE']],
+    'Filler' : [ 0x2d0, ['unsigned long long']],
+    'Session' : [ 0x2d8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x2e0, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x2ef, ['unsigned char']],
+    'JobLinks' : [ 0x2f0, ['_LIST_ENTRY']],
+    'LockedPagesList' : [ 0x300, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'SecurityPort' : [ 0x318, ['pointer64', ['void']]],
+    'Wow64Process' : [ 0x320, ['pointer64', ['void']]],
+    'ActiveThreads' : [ 0x328, ['unsigned long']],
+    'ImagePathHash' : [ 0x32c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x330, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x334, ['long']],
+    'Peb' : [ 0x338, ['pointer64', ['_PEB']]],
+    'PrefetchTrace' : [ 0x340, ['_EX_FAST_REF']],
+    'ReadOperationCount' : [ 0x348, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x350, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x358, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x360, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x368, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x370, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x378, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x380, ['unsigned long long']],
+    'AweInfo' : [ 0x388, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x390, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'Vm' : [ 0x398, ['_MMSUPPORT']],
+    'MmProcessLinks' : [ 0x420, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x430, ['pointer64', ['void']]],
+    'ModifiedPageCount' : [ 0x438, ['unsigned long']],
+    'Flags2' : [ 0x43c, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x43c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x43c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x43c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x43c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x43c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x43c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ReportPhysicalPageChanges' : [ 0x43c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'HandleTableRundown' : [ 0x43c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x43c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x43c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'NumaAware' : [ 0x43c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProtectedProcess' : [ 0x43c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x43c, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x43c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x43c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x43c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x43c, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x43c, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x43c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x43c, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Spare1' : [ 0x43c, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x43c, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x43c, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'LowVaAccessible' : [ 0x43c, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Flags' : [ 0x440, ['unsigned long']],
+    'CreateReported' : [ 0x440, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x440, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x440, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x440, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow64SplitPages' : [ 0x440, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x440, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x440, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x440, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ForkFailed' : [ 0x440, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x440, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x440, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x440, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x440, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x440, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x440, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x440, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x440, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x440, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x440, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'InjectInpageErrors' : [ 0x440, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x440, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x440, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x440, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x440, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x440, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x440, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x440, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x440, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x440, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ExitStatus' : [ 0x444, ['long']],
+    'VadRoot' : [ 0x448, ['_MM_AVL_TABLE']],
+    'AlpcContext' : [ 0x488, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x4a8, ['_LIST_ENTRY']],
+    'RequestedTimerResolution' : [ 0x4b8, ['unsigned long']],
+    'ActiveThreadsHighWatermark' : [ 0x4bc, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x4c0, ['unsigned long']],
+    'TimerResolutionStackRecord' : [ 0x4c8, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'SequenceNumber' : [ 0x4d0, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x4d8, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x4e0, ['unsigned long long']],
+} ],
+  '_KPROCESS' : [ 0x160, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long long']],
+    'Affinity' : [ 0x48, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x80, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x88, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0xb0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0xb0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0xb0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'ActiveGroupsMask' : [ 0xb0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0xb0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0xb0, ['long']],
+    'BasePriority' : [ 0xb4, ['unsigned char']],
+    'QuantumReset' : [ 0xb5, ['unsigned char']],
+    'Visited' : [ 0xb6, ['unsigned char']],
+    'Unused3' : [ 0xb7, ['unsigned char']],
+    'ThreadSeed' : [ 0xb8, ['array', 4, ['unsigned long']]],
+    'IdealNode' : [ 0xc8, ['array', 4, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0xd0, ['unsigned short']],
+    'Flags' : [ 0xd2, ['_KEXECUTE_OPTIONS']],
+    'Unused1' : [ 0xd3, ['unsigned char']],
+    'Unused2' : [ 0xd4, ['unsigned long']],
+    'Unused4' : [ 0xd8, ['unsigned long']],
+    'StackCount' : [ 0xdc, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0xf0, ['unsigned long long']],
+    'KernelTime' : [ 0xf8, ['unsigned long']],
+    'UserTime' : [ 0xfc, ['unsigned long']],
+    'InstrumentationCallback' : [ 0x100, ['pointer64', ['void']]],
+    'LdtSystemDescriptor' : [ 0x108, ['_KGDTENTRY64']],
+    'LdtBaseAddress' : [ 0x118, ['pointer64', ['void']]],
+    'LdtProcessLock' : [ 0x120, ['_KGUARDED_MUTEX']],
+    'LdtFreeSelectorHint' : [ 0x158, ['unsigned short']],
+    'LdtTableLength' : [ 0x15a, ['unsigned short']],
+} ],
+  '__unnamed_12d4' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_12d4']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xd8, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+} ],
+  '__unnamed_12e3' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_12e8' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_12ea' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_12e8']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_12f5' : [ 0x50, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_12f7' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_12f5']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_12e3']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_12ea']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_12f7']],
+} ],
+  '__unnamed_12fe' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1302' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_1306' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_1308' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_130c' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_130e' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1310' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_1312' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1314' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1316' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_131a' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_131c' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_131e' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1320' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1322' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1324' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1328' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_132c' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1330' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1334' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_133a' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_133e' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1342' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1344' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1346' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_134a' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_134e' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1352' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile'})]],
+} ],
+  '__unnamed_1356' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_135a' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1362' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+} ],
+  '__unnamed_1366' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1368' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_136a' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_136c' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_12fe']],
+    'CreatePipe' : [ 0x0, ['__unnamed_1302']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_1306']],
+    'Read' : [ 0x0, ['__unnamed_1308']],
+    'Write' : [ 0x0, ['__unnamed_1308']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_130c']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_130e']],
+    'QueryFile' : [ 0x0, ['__unnamed_1310']],
+    'SetFile' : [ 0x0, ['__unnamed_1312']],
+    'QueryEa' : [ 0x0, ['__unnamed_1314']],
+    'SetEa' : [ 0x0, ['__unnamed_1316']],
+    'QueryVolume' : [ 0x0, ['__unnamed_131a']],
+    'SetVolume' : [ 0x0, ['__unnamed_131a']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_131c']],
+    'LockControl' : [ 0x0, ['__unnamed_131e']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1320']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1322']],
+    'SetSecurity' : [ 0x0, ['__unnamed_1324']],
+    'MountVolume' : [ 0x0, ['__unnamed_1328']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_1328']],
+    'Scsi' : [ 0x0, ['__unnamed_132c']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1330']],
+    'SetQuota' : [ 0x0, ['__unnamed_1316']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1334']],
+    'QueryInterface' : [ 0x0, ['__unnamed_133a']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_133e']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1342']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1344']],
+    'SetLock' : [ 0x0, ['__unnamed_1346']],
+    'QueryId' : [ 0x0, ['__unnamed_134a']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_134e']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1352']],
+    'WaitWake' : [ 0x0, ['__unnamed_1356']],
+    'PowerSequence' : [ 0x0, ['__unnamed_135a']],
+    'Power' : [ 0x0, ['__unnamed_1362']],
+    'StartDevice' : [ 0x0, ['__unnamed_1366']],
+    'WMI' : [ 0x0, ['__unnamed_1368']],
+    'Others' : [ 0x0, ['__unnamed_136a']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_136c']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1382' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_1382']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x20, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x58, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_14ee' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_14ee']],
+} ],
+  '__unnamed_14ff' : [ 0x10, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Ia64' : [ 0x0, ['_IA64_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0xf0, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x40, ['unsigned long long']],
+    'Prcb' : [ 0x48, ['unsigned long long']],
+    'Process' : [ 0x50, ['unsigned long long']],
+    'Thread' : [ 0x58, ['unsigned long long']],
+    'RegistryLength' : [ 0x60, ['unsigned long']],
+    'RegistryBase' : [ 0x68, ['pointer64', ['void']]],
+    'ConfigurationRoot' : [ 0x70, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0x78, ['pointer64', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0x80, ['pointer64', ['unsigned char']]],
+    'NtBootPathName' : [ 0x88, ['pointer64', ['unsigned char']]],
+    'NtHalPathName' : [ 0x90, ['pointer64', ['unsigned char']]],
+    'LoadOptions' : [ 0x98, ['pointer64', ['unsigned char']]],
+    'NlsData' : [ 0xa0, ['pointer64', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0xa8, ['pointer64', ['_ARC_DISK_INFORMATION']]],
+    'OemFontFile' : [ 0xb0, ['pointer64', ['void']]],
+    'Extension' : [ 0xb8, ['pointer64', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0xc0, ['__unnamed_14ff']],
+    'FirmwareInformation' : [ 0xd0, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_152e' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'WsIndex' : [ 0x0, ['unsigned long']],
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer64', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_1530' : [ 0x8, {
+    'Blink' : [ 0x0, ['unsigned long long']],
+    'ImageProtoPte' : [ 0x0, ['pointer64', ['_MMPTE']]],
+    'ShareCount' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1533' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'VolatileReferenceCount' : [ 0x0, ['short']],
+    'ShortFlags' : [ 0x2, ['unsigned short']],
+} ],
+  '__unnamed_1535' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY']],
+    'e2' : [ 0x0, ['__unnamed_1533']],
+} ],
+  '__unnamed_153d' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 52, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 55, native_type='unsigned long long')]],
+    'PfnImageVerified' : [ 0x0, ['BitField', dict(start_bit = 55, end_bit = 56, native_type='unsigned long long')]],
+    'AweAllocation' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'u1' : [ 0x0, ['__unnamed_152e']],
+    'u2' : [ 0x8, ['__unnamed_1530']],
+    'PteAddress' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['long']],
+    'PteLong' : [ 0x10, ['unsigned long long']],
+    'u3' : [ 0x18, ['__unnamed_1535']],
+    'UsedPageTableEntries' : [ 0x1c, ['unsigned short']],
+    'VaType' : [ 0x1e, ['unsigned char']],
+    'ViewCount' : [ 0x1f, ['unsigned char']],
+    'OriginalPte' : [ 0x20, ['_MMPTE']],
+    'AweReferenceCount' : [ 0x20, ['long']],
+    'u4' : [ 0x28, ['__unnamed_153d']],
+} ],
+  '_MI_COLOR_BASE' : [ 0x10, {
+    'ColorPointer' : [ 0x0, ['pointer64', ['unsigned short']]],
+    'ColorMask' : [ 0x8, ['unsigned short']],
+    'ColorNode' : [ 0xa, ['unsigned short']],
+} ],
+  '_MMSUPPORT' : [ 0x88, {
+    'WorkingSetMutex' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ExitGate' : [ 0x8, ['pointer64', ['_KGATE']]],
+    'AccessLog' : [ 0x10, ['pointer64', ['void']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 7, ['unsigned long']]],
+    'MinimumWorkingSetSize' : [ 0x44, ['unsigned long']],
+    'WorkingSetSize' : [ 0x48, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x4c, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x50, ['unsigned long']],
+    'ChargedWslePages' : [ 0x54, ['unsigned long']],
+    'ActualWslePages' : [ 0x58, ['unsigned long']],
+    'WorkingSetSizeOverhead' : [ 0x5c, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x60, ['unsigned long']],
+    'HardFaultCount' : [ 0x64, ['unsigned long']],
+    'VmWorkingSetList' : [ 0x68, ['pointer64', ['_MMWSL']]],
+    'NextPageColor' : [ 0x70, ['unsigned short']],
+    'LastTrimStamp' : [ 0x72, ['unsigned short']],
+    'PageFaultCount' : [ 0x74, ['unsigned long']],
+    'RepurposeCount' : [ 0x78, ['unsigned long']],
+    'Spare' : [ 0x7c, ['array', 2, ['unsigned long']]],
+    'Flags' : [ 0x84, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_MMWSL' : [ 0x488, {
+    'FirstFree' : [ 0x0, ['unsigned long']],
+    'FirstDynamic' : [ 0x4, ['unsigned long']],
+    'LastEntry' : [ 0x8, ['unsigned long']],
+    'NextSlot' : [ 0xc, ['unsigned long']],
+    'Wsle' : [ 0x10, ['pointer64', ['_MMWSLE']]],
+    'LowestPagableAddress' : [ 0x18, ['pointer64', ['void']]],
+    'LastInitializedWsle' : [ 0x20, ['unsigned long']],
+    'NextAgingSlot' : [ 0x24, ['unsigned long']],
+    'NumberOfCommittedPageTables' : [ 0x28, ['unsigned long']],
+    'VadBitMapHint' : [ 0x2c, ['unsigned long']],
+    'NonDirectCount' : [ 0x30, ['unsigned long']],
+    'LastVadBit' : [ 0x34, ['unsigned long']],
+    'MaximumLastVadBit' : [ 0x38, ['unsigned long']],
+    'LastAllocationSizeHint' : [ 0x3c, ['unsigned long']],
+    'LastAllocationSize' : [ 0x40, ['unsigned long']],
+    'NonDirectHash' : [ 0x48, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x50, ['pointer64', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x58, ['pointer64', ['_MMWSLE_HASH']]],
+    'MaximumUserPageTablePages' : [ 0x60, ['unsigned long']],
+    'MaximumUserPageDirectoryPages' : [ 0x64, ['unsigned long']],
+    'CommittedPageTables' : [ 0x68, ['pointer64', ['unsigned long']]],
+    'NumberOfCommittedPageDirectories' : [ 0x70, ['unsigned long']],
+    'CommittedPageDirectories' : [ 0x78, ['array', 128, ['unsigned long long']]],
+    'NumberOfCommittedPageDirectoryParents' : [ 0x478, ['unsigned long']],
+    'CommittedPageDirectoryParents' : [ 0x480, ['array', 1, ['unsigned long long']]],
+} ],
+  '__unnamed_156b' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_156b']],
+} ],
+  '__unnamed_1577' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_1581' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 30, native_type='unsigned long')]],
+    'BitMap64' : [ 0x4, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubsectionRoot' : [ 0x8, ['pointer64', ['_MM_SUBSECTION_AVL_TABLE']]],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_1583' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_1581']],
+} ],
+  '_CONTROL_AREA' : [ 0x80, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_1577']],
+    'FlushInProgressCount' : [ 0x3c, ['unsigned long']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'StartingFrame' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_1583']],
+    'LockedPages' : [ 0x68, ['unsigned long long']],
+    'ViewList' : [ 0x70, ['_LIST_ENTRY']],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPAGING_FILE' : [ 0x90, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'File' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x38, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PageFileName' : [ 0x48, ['_UNICODE_STRING']],
+    'Bitmap' : [ 0x58, ['pointer64', ['_RTL_BITMAP']]],
+    'EvictStoreBitmap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'BitmapHint' : [ 0x68, ['unsigned long']],
+    'LastAllocationSize' : [ 0x6c, ['unsigned long']],
+    'ToBeEvictedCount' : [ 0x70, ['unsigned long']],
+    'PageFileNumber' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'BootPartition' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Spare0' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x76, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare1' : [ 0x76, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'FileHandle' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['unsigned long long']],
+    'LockOwner' : [ 0x88, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_MM_AVL_TABLE' : [ 0x40, {
+    'BalancedRoot' : [ 0x0, ['_MMADDRESS_NODE']],
+    'DepthOfTree' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long long')]],
+    'Unused' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long long')]],
+    'NumberGenericTableElements' : [ 0x28, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='unsigned long long')]],
+    'NodeHint' : [ 0x30, ['pointer64', ['void']]],
+    'NodeFreeHint' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '__unnamed_15bf' : [ 0x8, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long long')]],
+    'Parent' : [ 0x0, ['pointer64', ['_MMVAD']]],
+} ],
+  '__unnamed_15c2' : [ 0x8, {
+    'LongFlags' : [ 0x0, ['unsigned long long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_15c5' : [ 0x8, {
+    'LongFlags3' : [ 0x0, ['unsigned long long']],
+    'VadFlags3' : [ 0x0, ['_MMVAD_FLAGS3']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'u1' : [ 0x0, ['__unnamed_15bf']],
+    'LeftChild' : [ 0x8, ['pointer64', ['_MMVAD']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_MMVAD']]],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u' : [ 0x28, ['__unnamed_15c2']],
+    'PushLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x38, ['__unnamed_15c5']],
+} ],
+  '__unnamed_15cd' : [ 0x8, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long long')]],
+    'Parent' : [ 0x0, ['pointer64', ['_MMADDRESS_NODE']]],
+} ],
+  '_MMADDRESS_NODE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_15cd']],
+    'LeftChild' : [ 0x8, ['pointer64', ['_MMADDRESS_NODE']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_MMADDRESS_NODE']]],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_15d2' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '_MMVAD' : [ 0x78, {
+    'u1' : [ 0x0, ['__unnamed_15bf']],
+    'LeftChild' : [ 0x8, ['pointer64', ['_MMVAD']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_MMVAD']]],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u' : [ 0x28, ['__unnamed_15c2']],
+    'PushLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x38, ['__unnamed_15c5']],
+    'u2' : [ 0x40, ['__unnamed_15d2']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'MappedSubsection' : [ 0x48, ['pointer64', ['_MSUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+} ],
+  '__unnamed_15dd' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x68, {
+    'Status' : [ 0x0, ['long']],
+    'Priority' : [ 0x4, ['unsigned char']],
+    'IrpPriority' : [ 0x5, ['unsigned char']],
+    'CurrentTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x10, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x20, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x28, ['unsigned long long']],
+    'MdlHack' : [ 0x30, ['__unnamed_15dd']],
+} ],
+  '__unnamed_15e3' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '__unnamed_15e5' : [ 0x8, {
+    'KeepForever' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_15e3']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['__unnamed_15e5']],
+    'PagingFile' : [ 0x30, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x40, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x48, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x50, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'PointerMdl' : [ 0x60, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0x68, ['_MDL']],
+    'Page' : [ 0x98, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HHIVE' : [ 0x598, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileSetSize' : [ 0x28, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x30, ['pointer64', ['void']]],
+    'FileRead' : [ 0x38, ['pointer64', ['void']]],
+    'FileFlush' : [ 0x40, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x48, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x50, ['pointer64', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x58, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x68, ['unsigned long']],
+    'DirtyAlloc' : [ 0x6c, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x70, ['unsigned long']],
+    'Cluster' : [ 0x74, ['unsigned long']],
+    'Flat' : [ 0x78, ['unsigned char']],
+    'ReadOnly' : [ 0x79, ['unsigned char']],
+    'DirtyFlag' : [ 0x7a, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x7c, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x80, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x84, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x88, ['unsigned long']],
+    'HiveFlags' : [ 0x8c, ['unsigned long']],
+    'CurrentLog' : [ 0x90, ['unsigned long']],
+    'LogSize' : [ 0x94, ['array', 2, ['unsigned long']]],
+    'RefreshCount' : [ 0x9c, ['unsigned long']],
+    'StorageTypeCount' : [ 0xa0, ['unsigned long']],
+    'Version' : [ 0xa4, ['unsigned long']],
+    'Storage' : [ 0xa8, ['array', 2, ['_DUAL']]],
+} ],
+  '_CM_VIEW_OF_FILE' : [ 0x58, {
+    'MappedViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'PinnedViewLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'FlushedViewLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'CmHive' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'Bcb' : [ 0x38, ['pointer64', ['void']]],
+    'ViewAddress' : [ 0x40, ['pointer64', ['void']]],
+    'FileOffset' : [ 0x48, ['unsigned long']],
+    'Size' : [ 0x4c, ['unsigned long']],
+    'UseCount' : [ 0x50, ['unsigned long']],
+} ],
+  '_CMHIVE' : [ 0xbe8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x598, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0x5c8, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x5d8, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x5e8, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x5f8, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0x600, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0x610, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x618, ['unsigned long']],
+    'Identity' : [ 0x61c, ['unsigned long']],
+    'HiveLock' : [ 0x620, ['pointer64', ['_FAST_MUTEX']]],
+    'ViewLock' : [ 0x628, ['_EX_PUSH_LOCK']],
+    'ViewLockOwner' : [ 0x630, ['pointer64', ['_KTHREAD']]],
+    'ViewLockLast' : [ 0x638, ['unsigned long']],
+    'ViewUnLockLast' : [ 0x63c, ['unsigned long']],
+    'WriterLock' : [ 0x640, ['pointer64', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0x648, ['pointer64', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0x650, ['_RTL_BITMAP']],
+    'FlushOffsetArray' : [ 0x660, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'FlushOffsetArrayCount' : [ 0x668, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x66c, ['unsigned long']],
+    'FlushLock2' : [ 0x670, ['pointer64', ['_FAST_MUTEX']]],
+    'SecurityLock' : [ 0x678, ['_EX_PUSH_LOCK']],
+    'MappedViewList' : [ 0x680, ['_LIST_ENTRY']],
+    'PinnedViewList' : [ 0x690, ['_LIST_ENTRY']],
+    'FlushedViewList' : [ 0x6a0, ['_LIST_ENTRY']],
+    'MappedViewCount' : [ 0x6b0, ['unsigned short']],
+    'PinnedViewCount' : [ 0x6b2, ['unsigned short']],
+    'UseCount' : [ 0x6b4, ['unsigned long']],
+    'ViewsPerHive' : [ 0x6b8, ['unsigned long']],
+    'FileObject' : [ 0x6c0, ['pointer64', ['_FILE_OBJECT']]],
+    'LastShrinkHiveSize' : [ 0x6c8, ['unsigned long']],
+    'ActualFileSize' : [ 0x6d0, ['_LARGE_INTEGER']],
+    'FileFullPath' : [ 0x6d8, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x6e8, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x6f8, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x708, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x70c, ['unsigned long']],
+    'SecurityHitHint' : [ 0x710, ['long']],
+    'SecurityCache' : [ 0x718, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x720, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xb20, ['unsigned long']],
+    'UnloadEventArray' : [ 0xb28, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0xb30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0xb38, ['unsigned char']],
+    'UnloadWorkItem' : [ 0xb40, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0xb48, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0xb70, ['unsigned char']],
+    'GrowOffset' : [ 0xb74, ['unsigned long']],
+    'KcbConvertListHead' : [ 0xb78, ['_LIST_ENTRY']],
+    'KnodeConvertListHead' : [ 0xb88, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0xb98, ['pointer64', ['_CM_CELL_REMAP_BLOCK']]],
+    'Flags' : [ 0xba0, ['unsigned long']],
+    'TrustClassEntry' : [ 0xba8, ['_LIST_ENTRY']],
+    'FlushCount' : [ 0xbb8, ['unsigned long']],
+    'CmRm' : [ 0xbc0, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0xbc8, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0xbcc, ['long']],
+    'CreatorOwner' : [ 0xbd0, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0xbd8, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0xbe0, ['_LARGE_INTEGER']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x128, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Delete' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'DelayedDeref' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DelayedClose' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Parking' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyHash' : [ 0x10, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x10, ['unsigned long']],
+    'NextHash' : [ 0x18, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x20, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x28, ['unsigned long']],
+    'KcbPushlock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x38, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x38, ['long']],
+    'SlotHint' : [ 0x40, ['unsigned long']],
+    'ParentKcb' : [ 0x48, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x50, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x60, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x70, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x70, ['unsigned long']],
+    'SubKeyCount' : [ 0x70, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x78, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x88, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xb0, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xb2, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xb4, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb8, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '__unnamed_1669' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapAndCopy', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpReadFileImageAndBuildMap', 8: '_HvpRecoverData', 9: '_HvpRecoverWholeHive', 10: '_HvpMapFileImageAndBuildMap', 11: '_CmpValidateHiveSecurityDescriptors', 12: '_HvpEnlistBinInMap', 13: '_CmCheckRegistry', 14: '_CmRegistryIO', 15: '_CmCheckRegistry2', 16: '_CmpCheckKey', 17: '_CmpCheckValueList', 18: '_HvCheckHive', 19: '_HvCheckBin'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_166c' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_166e' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1670' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1672' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_1676' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_167a' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_167c' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'RecoverableIndex' : [ 0xc, ['unsigned long']],
+    'Locations' : [ 0x10, ['array', 8, ['__unnamed_1669']]],
+    'RecoverableLocations' : [ 0x70, ['array', 8, ['__unnamed_1669']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_166c']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_166e']],
+    'CheckKey' : [ 0xf0, ['__unnamed_1670']],
+    'CheckValueList' : [ 0x110, ['__unnamed_1672']],
+    'CheckHive' : [ 0x128, ['__unnamed_1676']],
+    'CheckHive1' : [ 0x138, ['__unnamed_1676']],
+    'CheckBin' : [ 0x148, ['__unnamed_167a']],
+    'RecoverData' : [ 0x158, ['__unnamed_167c']],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0x80, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'DpcCount' : [ 0x38, ['unsigned long']],
+    'DpcRate' : [ 0x3c, ['unsigned long']],
+    'C1Time' : [ 0x40, ['unsigned long long']],
+    'C2Time' : [ 0x48, ['unsigned long long']],
+    'C3Time' : [ 0x50, ['unsigned long long']],
+    'C1Transitions' : [ 0x58, ['unsigned long long']],
+    'C2Transitions' : [ 0x60, ['unsigned long long']],
+    'C3Transitions' : [ 0x68, ['unsigned long long']],
+    'ParkingStatus' : [ 0x70, ['unsigned long']],
+    'CurrentFrequency' : [ 0x74, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x78, ['unsigned long']],
+    'StateFlags' : [ 0x7c, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_CONTEXT32_UPDATE' : [ 0x4, {
+    'NumberEntries' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_KAFFINITY_EX' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 4, ['unsigned long long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0x18, {
+    'Affinity' : [ 0x0, ['pointer64', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x8, ['unsigned long long']],
+    'CurrentIndex' : [ 0x10, ['unsigned short']],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'TimeStampCKCL' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'LastBranchControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchMSR' : [ 0x110, ['unsigned long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'TimeStampKlog' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'CodePatchCycle' : [ 0x18c, ['long']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'CallbackStack' : [ 0xd8, ['unsigned long long']],
+    'OutputBuffer' : [ 0xe0, ['unsigned long long']],
+    'OutputLength' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependentList' : [ 0x50, ['_LIST_ENTRY']],
+    'ProviderList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1763' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1765' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1769' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['unsigned short']]],
+} ],
+  '_DEVICE_NODE' : [ 0x268, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Level' : [ 0x50, ['unsigned long']],
+    'Notify' : [ 0x58, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xc0, ['_PO_IRP_MANAGER']],
+    'State' : [ 0xe0, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0xe4, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0xe8, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x138, ['unsigned long']],
+    'CompletionStatus' : [ 0x13c, ['long']],
+    'Flags' : [ 0x140, ['unsigned long']],
+    'UserFlags' : [ 0x144, ['unsigned long']],
+    'Problem' : [ 0x148, ['unsigned long']],
+    'ResourceList' : [ 0x150, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x158, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x160, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x168, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x174, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x178, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x17c, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x180, ['unsigned short']],
+    'RemovalPolicy' : [ 0x182, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x183, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x188, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x198, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1a8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x1b8, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x1ba, ['unsigned short']],
+    'NoArbiterMask' : [ 0x1bc, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x1be, ['unsigned short']],
+    'OverUsed1' : [ 0x1c0, ['__unnamed_1763']],
+    'OverUsed2' : [ 0x1c8, ['__unnamed_1765']],
+    'BootResources' : [ 0x1d0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x1d8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x1e0, ['unsigned long']],
+    'DockInfo' : [ 0x1e8, ['__unnamed_1769']],
+    'DisableableDepends' : [ 0x208, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x210, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x220, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x230, ['unsigned long']],
+    'PreviousParent' : [ 0x238, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x240, ['unsigned long']],
+    'NumaNodeIndex' : [ 0x244, ['unsigned long']],
+    'ContainerID' : [ 0x248, ['_GUID']],
+    'OverrideFlags' : [ 0x258, ['unsigned char']],
+    'RequiresUnloadedDriver' : [ 0x259, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x260, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+} ],
+  '_KNODE' : [ 0xc0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x10, ['array', 3, ['_SLIST_HEADER']]],
+    'Affinity' : [ 0x40, ['_GROUP_AFFINITY']],
+    'ProximityId' : [ 0x50, ['unsigned long']],
+    'NodeNumber' : [ 0x54, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x56, ['unsigned short']],
+    'MaximumProcessors' : [ 0x58, ['unsigned char']],
+    'Color' : [ 0x59, ['unsigned char']],
+    'Flags' : [ 0x5a, ['_flags']],
+    'NodePad0' : [ 0x5b, ['unsigned char']],
+    'Seed' : [ 0x5c, ['unsigned long']],
+    'MmShiftedColor' : [ 0x60, ['unsigned long']],
+    'FreeCount' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'Right' : [ 0x78, ['unsigned long']],
+    'Left' : [ 0x7c, ['unsigned long']],
+    'CachedKernelStacks' : [ 0x80, ['_CACHED_KSTACK_LIST']],
+    'ParkLock' : [ 0xa0, ['long']],
+    'NodePad1' : [ 0xa4, ['unsigned long']],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1811' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1811']],
+} ],
+  '__unnamed_1818' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1818']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x38, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'DirtyPages' : [ 0x28, ['unsigned long long']],
+    'PagesQueuedToDisk' : [ 0x30, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x1f8, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'LogHandle' : [ 0xf0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DirtyPageThreshold' : [ 0x100, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x104, ['unsigned long']],
+    'UninitializeEvent' : [ 0x108, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x110, ['_KGUARDED_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x148, ['_LARGE_INTEGER']],
+    'Event' : [ 0x150, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x168, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x170, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1d8, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1e0, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x1e8, ['unsigned long']],
+    'WritesInProgress' : [ 0x1ec, ['unsigned long']],
+    'PipelinedReadAheadSize' : [ 0x1f0, ['unsigned long']],
+} ],
+  '__unnamed_188a' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+} ],
+  '_VACB' : [ 0x30, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_188a']],
+    'Links' : [ 0x18, ['_LIST_ENTRY']],
+    'ArrayHead' : [ 0x28, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_KGUARDED_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Gate' : [ 0x18, ['_KGATE']],
+    'KernelApcDisable' : [ 0x30, ['short']],
+    'SpecialApcDisable' : [ 0x32, ['short']],
+    'CombinedApcDisable' : [ 0x30, ['unsigned long']],
+} ],
+  '__unnamed_18a8' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_18aa' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_18ac' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_18ae' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_18b0' : [ 0x8, {
+    'Read' : [ 0x0, ['__unnamed_18a8']],
+    'Write' : [ 0x0, ['__unnamed_18aa']],
+    'Event' : [ 0x0, ['__unnamed_18ac']],
+    'Notification' : [ 0x0, ['__unnamed_18ae']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x20, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_18b0']],
+    'Function' : [ 0x18, ['unsigned char']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x208, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'PointerKey' : [ 0x90, ['unsigned long long']],
+    'Interceptor' : [ 0x98, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x9c, ['unsigned long']],
+    'Signature' : [ 0xa0, ['unsigned long']],
+    'SegmentReserve' : [ 0xa8, ['unsigned long long']],
+    'SegmentCommit' : [ 0xb0, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb8, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xc0, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc8, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xd0, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd8, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xda, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xe0, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe8, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xea, ['unsigned short']],
+    'TagEntries' : [ 0xf0, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf8, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x108, ['unsigned long long']],
+    'AlignMask' : [ 0x110, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x118, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x128, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x138, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x13c, ['unsigned long']],
+    'BlocksIndex' : [ 0x140, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x148, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x150, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x158, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x168, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x170, ['pointer64', ['void']]],
+    'FrontEndHeap' : [ 0x178, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x180, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x182, ['unsigned char']],
+    'Counters' : [ 0x188, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x1f8, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1901' : [ 0x28, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+} ],
+  '_HEAP_LOCK' : [ 0x28, {
+    'Lock' : [ 0x0, ['__unnamed_1901']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PEB' : [ 0x380, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsLegacyProcess' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['void']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'HotpatchInformation' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pContextData' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0xe0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'LoadedImports' : [ 0x80, ['pointer64', ['void']]],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'PatchInformation' : [ 0x90, ['pointer64', ['void']]],
+    'ForwarderLinks' : [ 0x98, ['_LIST_ENTRY']],
+    'ServiceTagLinks' : [ 0xa8, ['_LIST_ENTRY']],
+    'StaticLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'ContextInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'OriginalBase' : [ 0xd0, ['unsigned long long']],
+    'LoadTime' : [ 0xd8, ['_LARGE_INTEGER']],
+} ],
+  '_HEAP_SUBSEGMENT' : [ 0x30, {
+    'LocalInfo' : [ 0x0, ['pointer64', ['_HEAP_LOCAL_SEGMENT_INFO']]],
+    'UserBlocks' : [ 0x8, ['pointer64', ['_HEAP_USERDATA_HEADER']]],
+    'AggregateExchg' : [ 0x10, ['_INTERLOCK_SEQ']],
+    'BlockSize' : [ 0x18, ['unsigned short']],
+    'Flags' : [ 0x1a, ['unsigned short']],
+    'BlockCount' : [ 0x1c, ['unsigned short']],
+    'SizeIndex' : [ 0x1e, ['unsigned char']],
+    'AffinityIndex' : [ 0x1f, ['unsigned char']],
+    'Alignment' : [ 0x18, ['array', 2, ['unsigned long']]],
+    'SFreeListEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'Lock' : [ 0x28, ['unsigned long']],
+} ],
+  '__unnamed_197f' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1981' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_197f']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1983' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1985' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1983']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_1981']],
+    'u2' : [ 0x4, ['__unnamed_1985']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x38, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'CreatedObjects' : [ 0xc, ['unsigned long']],
+    'DeletedObjects' : [ 0x10, ['unsigned long']],
+    'DeleteProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x28, ['unsigned long long']],
+    'LookasideIndex' : [ 0x30, ['unsigned long']],
+} ],
+  '__unnamed_199e' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_19a0' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_199e']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x20, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_19a0']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'Lock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_19b3' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_19b5' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19b3']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_19b5']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_19bb' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_19bd' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19bb']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_19bd']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_19c3' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_19c5' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19c3']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_19c5']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x40, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+} ],
+  '__unnamed_19e1' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_19e3' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19e1']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1a0, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'MainQueue' : [ 0x88, ['_LIST_ENTRY']],
+    'PendingQueue' : [ 0x98, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa8, ['_LIST_ENTRY']],
+    'WaitQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xc8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xc8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0xd0, ['_ALPC_PORT_ATTRIBUTES']],
+    'Lock' : [ 0x118, ['_EX_PUSH_LOCK']],
+    'ResourceListLock' : [ 0x120, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x128, ['_LIST_ENTRY']],
+    'CompletionList' : [ 0x138, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'MessageZone' : [ 0x140, ['pointer64', ['_ALPC_MESSAGE_ZONE']]],
+    'CallbackObject' : [ 0x148, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x150, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x158, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x168, ['long']],
+    'u1' : [ 0x16c, ['__unnamed_19e3']],
+    'TargetQueuePort' : [ 0x170, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x178, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x180, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x188, ['unsigned long']],
+    'PendingQueueLength' : [ 0x18c, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x190, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x194, ['unsigned long']],
+    'WaitQueueLength' : [ 0x198, ['unsigned long']],
+} ],
+  '_OBJECT_TYPE' : [ 0xd0, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xb8, ['unsigned long']],
+    'CallbackList' : [ 0xc0, ['_LIST_ENTRY']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1981']],
+    'u2' : [ 0x4, ['__unnamed_1985']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1a02' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_1a04' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1a02']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x100, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtensionBuffer' : [ 0x10, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0x18, ['unsigned long long']],
+    'QuotaProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x20, ['pointer64', ['void']]],
+    'SequenceNo' : [ 0x28, ['long']],
+    'u1' : [ 0x2c, ['__unnamed_1a04']],
+    'CancelSequencePort' : [ 0x30, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x40, ['long']],
+    'CancelListEntry' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'PortQueue' : [ 0x68, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x70, ['pointer64', ['_ALPC_PORT']]],
+    'MessageAttributes' : [ 0x78, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xb0, ['pointer64', ['void']]],
+    'DataSystemVa' : [ 0xb8, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xc0, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xc8, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xd0, ['pointer64', ['_ETHREAD']]],
+    'PortMessage' : [ 0xd8, ['_PORT_MESSAGE']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ObjectType' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['pointer64', ['_OB_DUPLICATE_OBJECT_STATE']]],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x38, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+} ],
+  '__unnamed_1a42' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1a44' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1a42']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_1a44']],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x38, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'TotalLength' : [ 0x2c, ['unsigned short']],
+    'Type' : [ 0x2e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x30, ['unsigned short']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x48, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x78, ['pointer64', ['void']]],
+    'Override' : [ 0x80, ['unsigned char']],
+    'QueryOnly' : [ 0x81, ['unsigned char']],
+    'DeleteOnly' : [ 0x82, ['unsigned char']],
+    'FullAttributes' : [ 0x83, ['unsigned char']],
+    'LocalFileObject' : [ 0x88, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x90, ['unsigned long']],
+    'DriverCreateContext' : [ 0x98, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x340, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'CollectionOn' : [ 0xc, ['long']],
+    'LoggerMode' : [ 0x10, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x14, ['long']],
+    'GetCpuClock' : [ 0x18, ['pointer64', ['void']]],
+    'StartTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'NBQHead' : [ 0x40, ['pointer64', ['void']]],
+    'OverflowNBQHead' : [ 0x48, ['pointer64', ['void']]],
+    'QueueBlockFreeList' : [ 0x50, ['_SLIST_HEADER']],
+    'GlobalList' : [ 0x60, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x70, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x70, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x78, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x98, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xa8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xb8, ['unsigned long']],
+    'MaximumFileSize' : [ 0xbc, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xc0, ['unsigned long']],
+    'FlushTimer' : [ 0xc4, ['unsigned long']],
+    'FlushThreshold' : [ 0xc8, ['unsigned long']],
+    'ByteOffset' : [ 0xd0, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xd8, ['unsigned long']],
+    'BuffersAvailable' : [ 0xdc, ['long']],
+    'NumberOfBuffers' : [ 0xe0, ['long']],
+    'MaximumBuffers' : [ 0xe4, ['unsigned long']],
+    'EventsLost' : [ 0xe8, ['unsigned long']],
+    'BuffersWritten' : [ 0xec, ['unsigned long']],
+    'LogBuffersLost' : [ 0xf0, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xf4, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xf8, ['unsigned long']],
+    'SequencePtr' : [ 0x100, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x108, ['unsigned long']],
+    'InstanceGuid' : [ 0x10c, ['_GUID']],
+    'FileCounter' : [ 0x11c, ['long']],
+    'BufferCallback' : [ 0x120, ['pointer64', ['void']]],
+    'PoolType' : [ 0x128, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x130, ['_ETW_REF_CLOCK']],
+    'Consumers' : [ 0x140, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x150, ['unsigned long']],
+    'TransitionConsumer' : [ 0x158, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x160, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x168, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x178, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x180, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x188, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x190, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x198, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1a0, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1a8, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1b8, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1c0, ['_KEVENT']],
+    'FlushEvent' : [ 0x1d8, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x1f0, ['_KTIMER']],
+    'FlushDpc' : [ 0x230, ['_KDPC']],
+    'LoggerMutex' : [ 0x270, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2a8, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2b0, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2b0, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2b8, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x300, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x308, ['_EX_FAST_REF']],
+    'BufferSequenceNumber' : [ 0x310, ['long long']],
+    'Flags' : [ 0x318, ['unsigned long']],
+    'Persistent' : [ 0x318, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x318, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x318, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x318, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x318, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x318, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x318, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x318, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x318, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x318, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x31c, ['unsigned long']],
+    'RequestNewFie' : [ 0x31c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RequestUpdateFile' : [ 0x31c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RequestFlush' : [ 0x31c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RequestDisableRealtime' : [ 0x31c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequestDisconnectConsumer' : [ 0x31c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RequestConnectConsumer' : [ 0x31c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x320, ['_RTL_BITMAP']],
+    'DisallowedGuids' : [ 0x330, ['_DISALLOWED_GUIDS']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_ETW_BUFFER_HANDLE' : [ 0x10, {
+    'TraceBuffer' : [ 0x0, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'BufferFastRef' : [ 0x8, ['pointer64', ['_EX_FAST_REF']]],
+} ],
+  '_SYSTEM_TRACE_HEADER' : [ 0x20, {
+    'Marker' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['unsigned char']],
+    'Header' : [ 0x4, ['unsigned long']],
+    'Packet' : [ 0x4, ['_WMI_TRACE_PACKET']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'SystemTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'KernelTime' : [ 0x18, ['unsigned long']],
+    'UserTime' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PERFINFO_TRACE_HEADER' : [ 0x18, {
+    'Marker' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['unsigned char']],
+    'Header' : [ 0x4, ['unsigned long']],
+    'Packet' : [ 0x4, ['_WMI_TRACE_PACKET']],
+    'TS' : [ 0x8, ['unsigned long long']],
+    'SystemTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'Data' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_NBQUEUE_BLOCK' : [ 0x20, {
+    'SListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'Next' : [ 0x10, ['unsigned long long']],
+    'Data' : [ 0x18, ['unsigned long long']],
+} ],
+  '_TlgProvider_t' : [ 0x40, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+    'AnnotationFunc' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'Abandoned' : [ 0x30, ['unsigned char']],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_TRACE_ENABLE_CONTEXT' : [ 0x8, {
+    'LoggerId' : [ 0x0, ['unsigned short']],
+    'Level' : [ 0x2, ['unsigned char']],
+    'InternalFlag' : [ 0x3, ['unsigned char']],
+    'EnableFlags' : [ 0x4, ['unsigned long']],
+} ],
+  '_TRACE_ENABLE_CONTEXT_EX' : [ 0x10, {
+    'LoggerId' : [ 0x0, ['unsigned short']],
+    'Level' : [ 0x2, ['unsigned char']],
+    'InternalFlag' : [ 0x3, ['unsigned char']],
+    'EnableFlags' : [ 0x4, ['unsigned long']],
+    'EnableFlagsHigh' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x1b0, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long']],
+    'Guid' : [ 0x14, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['array', 8, ['pointer64', ['_EVENT_FILTER_HEADER']]]],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x310, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x74, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x78, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x7c, ['unsigned long']],
+    'VariableLength' : [ 0x80, ['unsigned long']],
+    'DynamicCharged' : [ 0x84, ['unsigned long']],
+    'DynamicAvailable' : [ 0x88, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x8c, ['unsigned long']],
+    'UserAndGroups' : [ 0x90, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa0, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xa8, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb0, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xb8, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc0, ['unsigned long']],
+    'TokenInUse' : [ 0xc4, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xc8, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xcc, ['unsigned long']],
+    'LogonSession' : [ 0xd0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xd8, ['_LUID']],
+    'SidHash' : [ 0xe0, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f0, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x300, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'VariablePart' : [ 0x308, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x50, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'pDeviceMap' : [ 0x20, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x28, ['pointer64', ['void']]],
+    'AccountName' : [ 0x30, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x40, ['_UNICODE_STRING']],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved' : [ 0x1a, ['unsigned short']],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+    'HashIndex' : [ 0x14, ['unsigned short']],
+    'DirectoryLocked' : [ 0x16, ['unsigned char']],
+    'LockedExclusive' : [ 0x17, ['unsigned char']],
+    'LockStateSignature' : [ 0x18, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x150, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'SessionId' : [ 0x138, ['unsigned long']],
+    'NamespaceEntry' : [ 0x140, ['pointer64', ['void']]],
+    'Flags' : [ 0x148, ['unsigned long']],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS3' : [ 0x8, {
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'Teb' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'SequentialAccess' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'LastSequentialTrim' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 24, native_type='unsigned long long')]],
+    'Spare2' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long long')]],
+    'LargePageCreating' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'Spare3' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'Reserved1' : [ 0xa8, ['array', 85, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'SharedWaiters' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeSummary' : [ 0x260, ['unsigned long']],
+    'FreeBins' : [ 0x268, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Coalescable' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KeepShifting' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'Abandoned' : [ 0x1, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CpuThrottled' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved2' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DpcActive' : [ 0x3, ['unsigned char']],
+    'Lock' : [ 0x0, ['long']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_COUNTERS' : [ 0x70, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'CompactHeapCalls' : [ 0x48, ['unsigned long']],
+    'CompactedUCRs' : [ 0x4c, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x50, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x54, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x58, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x60, ['unsigned long long']],
+    'LastPolledSize' : [ 0x68, ['unsigned long long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Count' : [ 0x10, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x18, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x20, ['unsigned long long']],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0x10, {
+    'CommonDataArea' : [ 0x0, ['pointer64', ['void']]],
+    'MachineType' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x30, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x10, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x10, {
+    'Key' : [ 0x0, ['pointer64', ['void']]],
+    'Index' : [ 0x8, ['unsigned long']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '_HANDLE_TABLE' : [ 0x68, {
+    'TableCode' : [ 0x0, ['unsigned long long']],
+    'QuotaProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'UniqueProcessId' : [ 0x10, ['pointer64', ['void']]],
+    'HandleLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'HandleTableList' : [ 0x20, ['_LIST_ENTRY']],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'DebugInfo' : [ 0x38, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+    'ExtraInfoPages' : [ 0x40, ['long']],
+    'Flags' : [ 0x44, ['unsigned long']],
+    'StrictFIFO' : [ 0x44, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FirstFreeHandle' : [ 0x48, ['unsigned long']],
+    'LastFreeHandleEntry' : [ 0x50, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x58, ['unsigned long']],
+    'NextHandleNeedingPool' : [ 0x5c, ['unsigned long']],
+    'HandleCountHighWatermark' : [ 0x60, ['unsigned long']],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'PoolType' : [ 0xc, ['unsigned long']],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'OneSecured' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'MultipleSecured' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'LongVad' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ExtendableFile' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_CM_KEY_BODY' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KtmTrans' : [ 0x38, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'Object' : [ 0x18, ['pointer64', ['void']]],
+    'NextWaitBlock' : [ 0x20, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitKey' : [ 0x28, ['unsigned short']],
+    'WaitType' : [ 0x2a, ['unsigned char']],
+    'BlockState' : [ 0x2b, ['unsigned char']],
+    'SpareLong' : [ 0x2c, ['long']],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x78, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['_KAFFINITY_EX']],
+    'SamplingPeriod' : [ 0x38, ['unsigned long']],
+    'CurrentTemperature' : [ 0x3c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x40, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x44, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x48, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x4c, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x74, ['unsigned long']],
+} ],
+  '__unnamed_1cdf' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_1ce1' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_1cdf']],
+    'Private' : [ 0x0, ['__unnamed_1ce1']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DirtyPages' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x18, {
+    'SecurityContext' : [ 0x0, ['_IMAGE_SECURITY_CONTEXT']],
+    'DynamicRelocations' : [ 0x8, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x10, ['long']],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '__unnamed_1d02' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'Secured' : [ 0x0, ['_MMADDRESS_LIST']],
+} ],
+  '__unnamed_1d08' : [ 0x8, {
+    'Banked' : [ 0x0, ['pointer64', ['_MMBANKED_SECTION']]],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD_LONG' : [ 0x90, {
+    'u1' : [ 0x0, ['__unnamed_15bf']],
+    'LeftChild' : [ 0x8, ['pointer64', ['_MMVAD']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_MMVAD']]],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u' : [ 0x28, ['__unnamed_15c2']],
+    'PushLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x38, ['__unnamed_15c5']],
+    'u2' : [ 0x40, ['__unnamed_15d2']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u3' : [ 0x78, ['__unnamed_1d02']],
+    'u4' : [ 0x88, ['__unnamed_1d08']],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_EJOB' : [ 0x1c8, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'TotalPageFaultCount' : [ 0xc0, ['unsigned long']],
+    'TotalProcesses' : [ 0xc4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xc8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xcc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xd0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xd8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xe0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xe8, ['unsigned long long']],
+    'LimitFlags' : [ 0xf0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xf4, ['unsigned long']],
+    'Affinity' : [ 0xf8, ['_KAFFINITY_EX']],
+    'PriorityClass' : [ 0x120, ['unsigned char']],
+    'AccessState' : [ 0x128, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'UIRestrictionsClass' : [ 0x130, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x134, ['unsigned long']],
+    'CompletionPort' : [ 0x138, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x140, ['pointer64', ['void']]],
+    'SessionId' : [ 0x148, ['unsigned long']],
+    'SchedulingClass' : [ 0x14c, ['unsigned long']],
+    'ReadOperationCount' : [ 0x150, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x158, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x160, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x168, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x170, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x178, ['unsigned long long']],
+    'ProcessMemoryLimit' : [ 0x180, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x188, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x190, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x198, ['unsigned long long']],
+    'CurrentJobMemoryUsed' : [ 0x1a0, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x1a8, ['_EX_PUSH_LOCK']],
+    'JobSetLinks' : [ 0x1b0, ['_LIST_ENTRY']],
+    'MemberLevel' : [ 0x1c0, ['unsigned long']],
+    'JobFlags' : [ 0x1c4, ['unsigned long']],
+} ],
+  '__unnamed_1d1c' : [ 0x4, {
+    'AsULONG' : [ 0x0, ['unsigned long']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HvMaxCState' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0xa0, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['__unnamed_1d1c']],
+    'TargetState' : [ 0x8, ['unsigned long']],
+    'ActualState' : [ 0xc, ['unsigned long']],
+    'OldState' : [ 0x10, ['unsigned long']],
+    'TargetProcessors' : [ 0x18, ['_KAFFINITY_EX']],
+    'State' : [ 0x40, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '__unnamed_1d25' : [ 0x18, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x20, {
+    'FirmwareTypeEfi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_1d25']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x88, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned long']],
+    'ShutDownRequested' : [ 0x5c, ['unsigned char']],
+    'NewBuffersLost' : [ 0x5d, ['unsigned char']],
+    'Disconnected' : [ 0x5e, ['unsigned char']],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'Wow' : [ 0x84, ['unsigned char']],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x8, ['_KGUARDED_MUTEX']],
+    'NonPagedLock' : [ 0x8, ['unsigned long long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'RunningDeAllocs' : [ 0x44, ['long']],
+    'TotalBigPages' : [ 0x48, ['long']],
+    'ThreadsProcessingDeferrals' : [ 0x4c, ['long']],
+    'TotalBytes' : [ 0x50, ['unsigned long long']],
+    'PoolIndex' : [ 0x80, ['unsigned long']],
+    'TotalPages' : [ 0xc0, ['long']],
+    'PendingFrees' : [ 0x100, ['pointer64', ['pointer64', ['void']]]],
+    'PendingFreeDepth' : [ 0x108, ['long']],
+    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x38, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_KINTERRUPT' : [ 0xa0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'Pad' : [ 0x65, ['array', 3, ['unsigned char']]],
+    'Mode' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptActiveHigh', 2: 'InterruptActiveLow'})]],
+    'ServiceCount' : [ 0x70, ['unsigned long']],
+    'DispatchCount' : [ 0x74, ['unsigned long']],
+    'Rsvd1' : [ 0x78, ['unsigned long long']],
+    'TrapFrame' : [ 0x80, ['pointer64', ['_KTRAP_FRAME']]],
+    'Reserved' : [ 0x88, ['pointer64', ['void']]],
+    'DispatchCode' : [ 0x90, ['array', 4, ['unsigned long']]],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'ObAttributes' : [ 0x0, ['unsigned long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'GrantedAccess' : [ 0x8, ['unsigned long']],
+    'GrantedAccessIndex' : [ 0x8, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xa, ['unsigned short']],
+    'NextFreeTableEntry' : [ 0x8, ['unsigned long']],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x88, {
+    'FileName' : [ 0x0, ['pointer64', ['unsigned short']]],
+    'BaseName' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x98, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x20, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x28, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x30, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x38, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x40, ['unsigned long long']],
+    'Header' : [ 0x48, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x50, ['pointer64', ['void']]],
+    'ListSize' : [ 0x58, ['unsigned long long']],
+    'Bitmap' : [ 0x60, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x68, ['unsigned long long']],
+    'Data' : [ 0x70, ['pointer64', ['void']]],
+    'DataSize' : [ 0x78, ['unsigned long long']],
+    'BitmapLimit' : [ 0x80, ['unsigned long']],
+    'BitmapNextHint' : [ 0x84, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x88, ['unsigned long']],
+    'AttributeFlags' : [ 0x8c, ['unsigned long']],
+    'AttributeSize' : [ 0x90, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_IO_WORKITEM' : [ 0x40, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'Type' : [ 0x38, ['unsigned long']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x8, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 51, native_type='unsigned long long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 55, native_type='unsigned long long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 55, end_bit = 56, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 61, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 63, native_type='unsigned long long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MMWSLE_HASH' : [ 0x4, {
+    'Index' : [ 0x0, ['unsigned long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x10, {
+    'PushImmOp' : [ 0x0, ['unsigned char']],
+    'PushImm' : [ 0x1, ['unsigned long']],
+    'PushRbp' : [ 0x5, ['unsigned char']],
+    'JmpOp' : [ 0x6, ['unsigned char']],
+    'JmpOffset' : [ 0x7, ['long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x90, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'Data' : [ 0x40, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0x18, {
+    'AnsiCodePageData' : [ 0x0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0x8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_ALIGNED_AFFINITY_SUMMARY' : [ 0x80, {
+    'CpuSet' : [ 0x0, ['_KAFFINITY_EX']],
+    'SMTSet' : [ 0x28, ['_KAFFINITY_EX']],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x210, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OptimizedSave' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Features' : [ 0x10, ['array', 64, ['_XSTATE_FEATURE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 22, native_type='unsigned long long')]],
+    'InStore' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x540, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HasQuantumReq' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HasAffinityReq' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HasPriorityReq' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4f0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x4f8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'QuantumValue' : [ 0x500, ['unsigned long long']],
+    'AffinityMask' : [ 0x508, ['_GROUP_AFFINITY']],
+    'Priority' : [ 0x518, ['long']],
+    'PrimaryUmsContext' : [ 0x520, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x528, ['unsigned long']],
+    'KernelYieldCount' : [ 0x52c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x530, ['unsigned long']],
+    'YieldCount' : [ 0x534, ['unsigned long']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x28, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['long']],
+    'NonPagedFrees' : [ 0x8, ['long']],
+    'NonPagedBytes' : [ 0x10, ['unsigned long long']],
+    'PagedAllocs' : [ 0x18, ['unsigned long']],
+    'PagedFrees' : [ 0x1c, ['unsigned long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MM_SUBSECTION_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_MMSUBSECTION_NODE']],
+    'DepthOfTree' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long long')]],
+    'Unused' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long long')]],
+    'NumberGenericTableElements' : [ 0x28, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='unsigned long long')]],
+    'NodeHint' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x4, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'Padding0' : [ 0x20, ['array', 2, ['unsigned long']]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x100, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleAccounting' : [ 0x20, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'Hypervisor' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower'})]],
+    'PerfHistoryTotal' : [ 0x2c, ['unsigned long']],
+    'ThermalConstraint' : [ 0x30, ['unsigned char']],
+    'PerfHistoryCount' : [ 0x31, ['unsigned char']],
+    'PerfHistorySlot' : [ 0x32, ['unsigned char']],
+    'Reserved' : [ 0x33, ['unsigned char']],
+    'LastSysTime' : [ 0x34, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0x38, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0x40, ['long']],
+    'FFHThrottleStateInfo' : [ 0x48, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x68, ['_KDPC']],
+    'PerfActionMask' : [ 0xa8, ['long']],
+    'IdleCheck' : [ 0xb0, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0xc0, ['_PROC_IDLE_SNAP']],
+    'Domain' : [ 0xd0, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0xd8, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Load' : [ 0xe0, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0xe8, ['pointer64', ['_PROC_HISTORY_ENTRY']]],
+    'Utility' : [ 0xf0, ['unsigned long']],
+    'OverUtilizedHistory' : [ 0xf4, ['unsigned long']],
+    'AffinityCount' : [ 0xf8, ['unsigned long']],
+    'AffinityHistory' : [ 0xfc, ['unsigned long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMPFNENTRY' : [ 0x2, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Priority' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Rom' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'KernelStack' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEGMENT_OBJECT' : [ 0x40, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['_LARGE_INTEGER']],
+    'NonExtendedPtes' : [ 0x18, ['unsigned long']],
+    'ImageCommitment' : [ 0x1c, ['unsigned long']],
+    'ControlArea' : [ 0x20, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x28, ['pointer64', ['_SUBSECTION']]],
+    'MmSectionFlags' : [ 0x30, ['pointer64', ['_MMSECTION_FLAGS']]],
+    'MmSubSectionFlags' : [ 0x38, ['pointer64', ['_MMSUBSECTION_FLAGS']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'ModwriterAttached' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'TrimHard' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'MemoryPriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Available' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderReserve', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x2c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'BucketLimits' : [ 0x18, ['array', 16, ['unsigned long long']]],
+    'State' : [ 0x98, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_TEB64' : [ 0x1818, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'SystemReserved1' : [ 0x110, ['array', 54, ['unsigned long long']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'SpareBytes' : [ 0x2d0, ['array', 24, ['unsigned char']]],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'EtwLocalData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'SoftPatchPtr1' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'SpareUlong0' : [ 0x180c, ['unsigned long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xa0, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ActivityCounter' : [ 0x90, ['unsigned long']],
+    'PreviousActivityCounter' : [ 0x94, ['unsigned long']],
+    'WorkerTrimRequests' : [ 0x98, ['unsigned long']],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0x110, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'TimerApc' : [ 0x40, ['_KAPC']],
+    'TimerDpc' : [ 0x98, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Lock' : [ 0xe8, ['unsigned long long']],
+    'Period' : [ 0xf0, ['long']],
+    'ApcAssociated' : [ 0xf4, ['unsigned char']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_POOL_BLOCK_HEAD' : [ 0x20, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'List' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1e83' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_1e83']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x698, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['unsigned short']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x120, ['unsigned char']],
+    'TransactionEvent' : [ 0x128, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x130, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x138, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x140, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x148, ['pointer64', ['void']]],
+    'PdoDescriptionString' : [ 0x150, ['array', 336, ['wchar']]],
+    'PdoSymbolicNameString' : [ 0x3f0, ['array', 672, ['unsigned char']]],
+    'PdoAddressString' : [ 0x690, ['array', 1, ['wchar']]],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '__unnamed_1edc' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1ede' : [ 0x8, {
+    'Last' : [ 0x0, ['unsigned long']],
+    'u' : [ 0x4, ['__unnamed_1edc']],
+} ],
+  '__unnamed_1ee0' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_1edc']],
+} ],
+  '__unnamed_1ee2' : [ 0x8, {
+    'OldCell' : [ 0x0, ['__unnamed_1ede']],
+    'NewCell' : [ 0x0, ['__unnamed_1ee0']],
+} ],
+  '_HCELL' : [ 0xc, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_1ee2']],
+} ],
+  '_HMAP_TABLE' : [ 0x4000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x30, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'PercentageCap' : [ 0x10, ['unsigned long']],
+    'ThermalCap' : [ 0x14, ['unsigned long']],
+    'TargetFrequency' : [ 0x18, ['unsigned long']],
+    'AcumulatedFullFrequency' : [ 0x1c, ['unsigned long']],
+    'AcumulatedZeroFrequency' : [ 0x20, ['unsigned long']],
+    'FrequencyHistoryTotal' : [ 0x24, ['unsigned long']],
+    'AverageFrequency' : [ 0x28, ['unsigned long']],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'Pad0' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_1ef7' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1efb' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_1efd' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1eff' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_1f01' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1f03' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1f05' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1f07' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1f09' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1f0b' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_1ef7']],
+    'Memory' : [ 0x0, ['__unnamed_1ef7']],
+    'Interrupt' : [ 0x0, ['__unnamed_1efb']],
+    'Dma' : [ 0x0, ['__unnamed_1efd']],
+    'Generic' : [ 0x0, ['__unnamed_1ef7']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_1eff']],
+    'BusNumber' : [ 0x0, ['__unnamed_1f01']],
+    'ConfigData' : [ 0x0, ['__unnamed_1f03']],
+    'Memory40' : [ 0x0, ['__unnamed_1f05']],
+    'Memory48' : [ 0x0, ['__unnamed_1f07']],
+    'Memory64' : [ 0x0, ['__unnamed_1f09']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_1f0b']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x1e8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'State' : [ 0x10, ['unsigned char']],
+    'Flags' : [ 0x11, ['unsigned char']],
+    'Mode' : [ 0x12, ['unsigned char']],
+    'PendingMode' : [ 0x13, ['unsigned char']],
+    'ActivePoint' : [ 0x14, ['unsigned char']],
+    'PendingActivePoint' : [ 0x15, ['unsigned char']],
+    'Throttle' : [ 0x18, ['long']],
+    'LastTime' : [ 0x20, ['unsigned long long']],
+    'SampleRate' : [ 0x28, ['unsigned long']],
+    'LastTemp' : [ 0x2c, ['unsigned long']],
+    'PassiveTimer' : [ 0x30, ['_KTIMER']],
+    'PassiveDpc' : [ 0x70, ['_KDPC']],
+    'OverThrottled' : [ 0xb0, ['_POP_ACTION_TRIGGER']],
+    'Irp' : [ 0xc8, ['pointer64', ['_IRP']]],
+    'Info' : [ 0xd0, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0x148, ['_LARGE_INTEGER']],
+    'Metrics' : [ 0x150, ['_POP_THERMAL_ZONE_METRICS']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_POP_THERMAL_ZONE_METRICS' : [ 0x98, {
+    'MetricsResource' : [ 0x0, ['_ERESOURCE']],
+    'ActiveCount' : [ 0x68, ['unsigned long']],
+    'PassiveCount' : [ 0x6c, ['unsigned long']],
+    'LastActiveStartTick' : [ 0x70, ['_LARGE_INTEGER']],
+    'AverageActiveTime' : [ 0x78, ['_LARGE_INTEGER']],
+    'LastPassiveStartTick' : [ 0x80, ['_LARGE_INTEGER']],
+    'AveragePassiveTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'StartTickSinceLastReset' : [ 0x90, ['_LARGE_INTEGER']],
+} ],
+  '_CM_TRANS' : [ 0xa8, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KtmTrans' : [ 0x30, ['pointer64', ['void']]],
+    'CmRm' : [ 0x38, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x40, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x48, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x50, ['_GUID']],
+    'StartLsn' : [ 0x60, ['unsigned long long']],
+    'TransState' : [ 0x68, ['unsigned long']],
+    'HiveCount' : [ 0x6c, ['unsigned long']],
+    'HiveArray' : [ 0x70, ['array', 7, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '_POOL_HACKER' : [ 0x30, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'Contents' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1c, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1b, ['unsigned char']],
+} ],
+  '__unnamed_1f48' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1f4a' : [ 0x18, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_1f48']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x30, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'u1' : [ 0x10, ['__unnamed_1f4a']],
+    'VerifiedData' : [ 0x28, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '__unnamed_1f52' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f54' : [ 0x2, {
+    'DeviceIds' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f56' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f58' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceIds' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f5a' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1f5c' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1f5e' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f60' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_1f62' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f64' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_1f66' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_1f52']],
+    'TargetDevice' : [ 0x0, ['__unnamed_1f54']],
+    'InstallDevice' : [ 0x0, ['__unnamed_1f56']],
+    'CustomNotification' : [ 0x0, ['__unnamed_1f58']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_1f5a']],
+    'PowerNotification' : [ 0x0, ['__unnamed_1f5c']],
+    'VetoNotification' : [ 0x0, ['__unnamed_1f5e']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_1f60']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_1f62']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_1f64']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_1f56']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_1f66']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_PS_CPU_QUOTA_BLOCK' : [ 0x4080, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'CpuShareWeight' : [ 0x14, ['unsigned long']],
+    'CapturedWeightData' : [ 0x18, ['_PSP_CPU_SHARE_CAPTURED_WEIGHT_DATA']],
+    'DuplicateInputMarker' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x20, ['long']],
+    'BlockCurrentGenerationLock' : [ 0x0, ['unsigned long long']],
+    'CyclesAccumulated' : [ 0x8, ['unsigned long long']],
+    'CycleCredit' : [ 0x40, ['unsigned long long']],
+    'BlockCurrentGeneration' : [ 0x48, ['unsigned long']],
+    'CpuCyclePercent' : [ 0x4c, ['unsigned long']],
+    'CyclesFinishedForCurrentGeneration' : [ 0x50, ['unsigned char']],
+    'Cpu' : [ 0x80, ['array', 256, ['_PS_PER_CPU_QUOTA_CACHE_AWARE']]],
+} ],
+  '__unnamed_1f82' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_1f82']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x8, ['unsigned long long']],
+    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x70, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1fb7' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'PtesInSubsection' : [ 0x18, ['unsigned long']],
+    'UnusedPtes' : [ 0x20, ['unsigned long']],
+    'GlobalPerSessionHead' : [ 0x20, ['pointer64', ['_MM_AVL_TABLE']]],
+    'u' : [ 0x28, ['__unnamed_1fb7']],
+    'StartingSector' : [ 0x2c, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x30, ['unsigned long']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5b0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xe0, ['_CONTEXT']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PS_PER_CPU_QUOTA_CACHE_AWARE' : [ 0x40, {
+    'SortedListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'IdleOnlyListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CycleBaseAllowance' : [ 0x20, ['unsigned long long']],
+    'CyclesRemaining' : [ 0x28, ['long long']],
+    'CurrentGeneration' : [ 0x30, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x28, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+    'ActualLimit' : [ 0x20, ['unsigned long long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMWSLENTRY' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_INTERLOCK_SEQ' : [ 0x8, {
+    'Depth' : [ 0x0, ['unsigned short']],
+    'FreeEntryOffset' : [ 0x2, ['unsigned short']],
+    'OffsetAndDepth' : [ 0x0, ['unsigned long']],
+    'Sequence' : [ 0x4, ['unsigned long']],
+    'Exchg' : [ 0x0, ['long long']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_PEB32' : [ 0x248, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsLegacyProcess' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'HotpatchInformation' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['unsigned long']],
+    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
+    'FlsBitmap' : [ 0x218, ['unsigned long']],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pContextData' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+}
diff --git a/volatility/plugins/overlays/windows/win7_sp1_x86_BBA98F40_vtypes.py b/volatility/plugins/overlays/windows/win7_sp1_x86_BBA98F40_vtypes.py
new file mode 100755
index 000000000..3e1ad6dcb
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win7_sp1_x86_BBA98F40_vtypes.py
@@ -0,0 +1,8842 @@
+ntkrnlmp_types = {
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x34, {
+    'Parent' : [ 0x0, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x4, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x8, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0xc, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x30, ['pointer', ['void']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2005' : [ 0x4, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long')]],
+    'Parent' : [ 0x0, ['pointer', ['_MMSUBSECTION_NODE']]],
+} ],
+  '_MMSUBSECTION_NODE' : [ 0x18, {
+    'u' : [ 0x0, ['__unnamed_1f77']],
+    'StartingSector' : [ 0x4, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0xc, ['__unnamed_2005']],
+    'LeftChild' : [ 0x10, ['pointer', ['_MMSUBSECTION_NODE']]],
+    'RightChild' : [ 0x14, ['pointer', ['_MMSUBSECTION_NODE']]],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x8, {
+    'p' : [ 0x0, ['pointer', ['void']]],
+    'RangeSize' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_200d' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_200f' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_200d']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x40, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'Volume' : [ 0x30, ['_LIST_ENTRY']],
+    'Specific' : [ 0x38, ['__unnamed_200f']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x38, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0xc, ['pointer', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x10, ['pointer', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x14, ['pointer', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x18, ['pointer', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x1c, ['pointer', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x20, ['pointer', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x24, ['pointer', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x28, ['pointer', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x2c, ['pointer', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x30, ['pointer', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_KENLISTMENT' : [ 0x168, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x4, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x18, ['_GUID']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NextSameTx' : [ 0x48, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x50, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x58, ['pointer', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0x5c, ['pointer', ['_KTRANSACTION']]],
+    'State' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0x64, ['unsigned long']],
+    'NotificationMask' : [ 0x68, ['unsigned long']],
+    'Key' : [ 0x6c, ['pointer', ['void']]],
+    'KeyRefCount' : [ 0x70, ['unsigned long']],
+    'RecoveryInformation' : [ 0x74, ['pointer', ['void']]],
+    'RecoveryInformationLength' : [ 0x78, ['unsigned long']],
+    'DynamicNameInformation' : [ 0x7c, ['pointer', ['void']]],
+    'DynamicNameInformationLength' : [ 0x80, ['unsigned long']],
+    'FinalNotification' : [ 0x84, ['pointer', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0x88, ['pointer', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0x8c, ['pointer', ['void']]],
+    'SubordinateTxHandle' : [ 0x90, ['pointer', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x94, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0xa4, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0xb4, ['_GUID']],
+    'NextHistory' : [ 0xc4, ['unsigned long']],
+    'History' : [ 0xc8, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ArbiterHandler' : [ 0x10, ['pointer', ['void']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_KAPC_STATE' : [ 0x18, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x10, ['pointer', ['_KPROCESS']]],
+    'KernelApcInProgress' : [ 0x14, ['unsigned char']],
+    'KernelApcPending' : [ 0x15, ['unsigned char']],
+    'UserApcPending' : [ 0x16, ['unsigned char']],
+} ],
+  '_IA64_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x4, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x300, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x80, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x88, ['unsigned long']],
+    'LastCallbackId' : [ 0x8c, ['unsigned long']],
+    'PostCount' : [ 0x100, ['unsigned long']],
+    'ReturnCount' : [ 0x180, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x200, ['unsigned long']],
+    'UserLock' : [ 0x280, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x288, ['unsigned long long']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_DEVICE_MAP' : [ 0x34, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x4, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x8, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DriveMap' : [ 0x10, ['unsigned long']],
+    'DriveType' : [ 0x14, ['array', 32, ['unsigned char']]],
+} ],
+  '_HEAP_DEBUGGING_INFORMATION' : [ 0x1c, {
+    'InterceptorFunction' : [ 0x0, ['pointer', ['void']]],
+    'InterceptorValue' : [ 0x4, ['unsigned short']],
+    'ExtendedOptions' : [ 0x8, ['unsigned long']],
+    'StackTraceDepth' : [ 0xc, ['unsigned long']],
+    'MinTotalBlockSize' : [ 0x10, ['unsigned long']],
+    'MaxTotalBlockSize' : [ 0x14, ['unsigned long']],
+    'HeapLeakEnumerationRoutine' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MMBANKED_SECTION' : [ 0x20, {
+    'BasePhysicalPage' : [ 0x0, ['unsigned long']],
+    'BasedPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'BankSize' : [ 0x8, ['unsigned long']],
+    'BankShift' : [ 0xc, ['unsigned long']],
+    'BankedRoutine' : [ 0x10, ['pointer', ['void']]],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'CurrentMappedPte' : [ 0x18, ['pointer', ['_MMPTE']]],
+    'BankTemplate' : [ 0x1c, ['array', 1, ['_MMPTE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['array', 7, ['unsigned long long']]],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x20, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x8, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x10, ['unsigned long']],
+    'ReserveSize' : [ 0x14, ['unsigned long']],
+    'BusyBlock' : [ 0x18, ['_HEAP_ENTRY']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'Context' : [ 0xc, ['pointer', ['void']]],
+    'CompletionState' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x14, ['unsigned long']],
+    'Status' : [ 0x18, ['long']],
+    'Information' : [ 0x1c, ['pointer', ['void']]],
+    'WorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'FailingDriver' : [ 0x30, ['pointer', ['_DRIVER_OBJECT']]],
+    'ReferenceCount' : [ 0x34, ['long']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x28, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DeviceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'DeviceContext' : [ 0x14, ['pointer', ['void']]],
+    'NumberOfMapRegisters' : [ 0x18, ['unsigned long']],
+    'DeviceObject' : [ 0x1c, ['pointer', ['void']]],
+    'CurrentIrp' : [ 0x20, ['pointer', ['void']]],
+    'BufferChainingDpc' : [ 0x24, ['pointer', ['_KDPC']]],
+} ],
+  '_SECTION_OBJECT' : [ 0x18, {
+    'StartingVa' : [ 0x0, ['pointer', ['void']]],
+    'EndingVa' : [ 0x4, ['pointer', ['void']]],
+    'Parent' : [ 0x8, ['pointer', ['void']]],
+    'LeftChild' : [ 0xc, ['pointer', ['void']]],
+    'RightChild' : [ 0x10, ['pointer', ['void']]],
+    'Segment' : [ 0x14, ['pointer', ['_SEGMENT_OBJECT']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x10, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x4, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0xc, ['unsigned short']],
+    'Name' : [ 0xe, ['array', 1, ['wchar']]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x48, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_208d' : [ 0x4, {
+    'AsULONG' : [ 0x0, ['unsigned long']],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_PERF_STATES' : [ 0x80, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxFrequency' : [ 0x4, ['unsigned long']],
+    'PStateCap' : [ 0x8, ['unsigned long']],
+    'TStateCap' : [ 0xc, ['unsigned long']],
+    'MaxPerfState' : [ 0x10, ['unsigned long']],
+    'MinPerfState' : [ 0x14, ['unsigned long']],
+    'LowestPState' : [ 0x18, ['unsigned long']],
+    'IncreaseTime' : [ 0x1c, ['unsigned long']],
+    'DecreaseTime' : [ 0x20, ['unsigned long']],
+    'BusyAdjThreshold' : [ 0x24, ['unsigned char']],
+    'Reserved' : [ 0x25, ['unsigned char']],
+    'ThrottleStatesOnly' : [ 0x26, ['unsigned char']],
+    'PolicyType' : [ 0x27, ['unsigned char']],
+    'TimerInterval' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['__unnamed_208d']],
+    'TargetProcessors' : [ 0x30, ['_KAFFINITY_EX']],
+    'PStateHandler' : [ 0x3c, ['pointer', ['void']]],
+    'PStateContext' : [ 0x40, ['unsigned long']],
+    'TStateHandler' : [ 0x44, ['pointer', ['void']]],
+    'TStateContext' : [ 0x48, ['unsigned long']],
+    'FeedbackHandler' : [ 0x4c, ['pointer', ['void']]],
+    'GetFFHThrottleState' : [ 0x50, ['pointer', ['void']]],
+    'State' : [ 0x58, ['array', 1, ['_PPM_PERF_STATE']]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x30, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x1c, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x20, ['unsigned long']],
+    'Counters' : [ 0x24, ['array', 2, ['unsigned long']]],
+} ],
+  '_WMI_TRACE_PACKET' : [ 0x4, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HookId' : [ 0x2, ['unsigned short']],
+    'Type' : [ 0x2, ['unsigned char']],
+    'Group' : [ 0x3, ['unsigned char']],
+} ],
+  '_KTIMER' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x10, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x20, ['pointer', ['_KDPC']]],
+    'Period' : [ 0x24, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x44, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CriticalSection' : [ 0x4, ['_RTL_CRITICAL_SECTION']],
+    'RtlHandleTable' : [ 0x1c, ['_RTL_HANDLE_TABLE']],
+    'NumberOfBuckets' : [ 0x3c, ['unsigned long']],
+    'Buckets' : [ 0x40, ['array', 1, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POP_POWER_ACTION' : [ 0xb0, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x34, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x38, ['pointer', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x40, ['unsigned long long']],
+    'SleepTime' : [ 0x48, ['unsigned long long']],
+    'ProgrammedRTCTime' : [ 0x50, ['unsigned long long']],
+    'WakeOnRTC' : [ 0x58, ['unsigned char']],
+    'WakeTimerInfo' : [ 0x5c, ['pointer', ['_DIAGNOSTIC_BUFFER']]],
+    'FilteredCapabilities' : [ 0x60, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x8, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x10, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x1c, ['unsigned char']],
+    'DeviceObject' : [ 0x20, ['pointer', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x24, ['pointer', ['unsigned short']]],
+    'DriverName' : [ 0x28, ['pointer', ['unsigned short']]],
+    'ChildCount' : [ 0x2c, ['unsigned long']],
+    'ActiveChild' : [ 0x30, ['unsigned long']],
+    'ParentCount' : [ 0x34, ['unsigned long']],
+    'ActiveParent' : [ 0x38, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x4, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x24, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x10, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x228, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTransitions' : [ 0x8, ['unsigned long']],
+    'FailedTransitions' : [ 0xc, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x10, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'IdleTimeBuckets' : [ 0x28, ['array', 16, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x4, {
+    'PageHashes' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_20d0' : [ 0x4, {
+    'Level' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_20d2' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x10, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0xc, ['__unnamed_20d0']],
+    'Button' : [ 0xc, ['__unnamed_20d2']],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0x70, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x4, ['pointer', ['void']]],
+    'FastIoRead' : [ 0x8, ['pointer', ['void']]],
+    'FastIoWrite' : [ 0xc, ['pointer', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x10, ['pointer', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x14, ['pointer', ['void']]],
+    'FastIoLock' : [ 0x18, ['pointer', ['void']]],
+    'FastIoUnlockSingle' : [ 0x1c, ['pointer', ['void']]],
+    'FastIoUnlockAll' : [ 0x20, ['pointer', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x24, ['pointer', ['void']]],
+    'FastIoDeviceControl' : [ 0x28, ['pointer', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x2c, ['pointer', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x30, ['pointer', ['void']]],
+    'FastIoDetachDevice' : [ 0x34, ['pointer', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x38, ['pointer', ['void']]],
+    'AcquireForModWrite' : [ 0x3c, ['pointer', ['void']]],
+    'MdlRead' : [ 0x40, ['pointer', ['void']]],
+    'MdlReadComplete' : [ 0x44, ['pointer', ['void']]],
+    'PrepareMdlWrite' : [ 0x48, ['pointer', ['void']]],
+    'MdlWriteComplete' : [ 0x4c, ['pointer', ['void']]],
+    'FastIoReadCompressed' : [ 0x50, ['pointer', ['void']]],
+    'FastIoWriteCompressed' : [ 0x54, ['pointer', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0x58, ['pointer', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0x5c, ['pointer', ['void']]],
+    'FastIoQueryOpen' : [ 0x60, ['pointer', ['void']]],
+    'ReleaseForModWrite' : [ 0x64, ['pointer', ['void']]],
+    'AcquireForCcFlush' : [ 0x68, ['pointer', ['void']]],
+    'ReleaseForCcFlush' : [ 0x6c, ['pointer', ['void']]],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0xc, {
+    'ChainLink' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0xe8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x14, ['pointer', ['void']]],
+    'EmInfFileSize' : [ 0x18, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x1c, ['pointer', ['void']]],
+    'LoaderPagesSpanned' : [ 0x20, ['unsigned long']],
+    'HeadlessLoaderBlock' : [ 0x24, ['pointer', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x28, ['pointer', ['_SMBIOS_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x2c, ['pointer', ['void']]],
+    'DrvDBSize' : [ 0x30, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x34, ['pointer', ['_NETWORK_LOADER_BLOCK']]],
+    'HalpIRQLToTPR' : [ 0x38, ['pointer', ['unsigned char']]],
+    'HalpVectorToIRQL' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'FirmwareDescriptorListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x48, ['pointer', ['void']]],
+    'AcpiTableSize' : [ 0x4c, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x54, ['pointer', ['_LOADER_PERFORMANCE_DATA']]],
+    'BootApplicationPersistentData' : [ 0x58, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0x60, ['pointer', ['void']]],
+    'BootIdentifier' : [ 0x64, ['_GUID']],
+    'ResumePages' : [ 0x74, ['unsigned long']],
+    'DumpHeader' : [ 0x78, ['pointer', ['void']]],
+    'BgContext' : [ 0x7c, ['pointer', ['void']]],
+    'NumaLocalityInfo' : [ 0x80, ['pointer', ['void']]],
+    'NumaGroupAssignment' : [ 0x84, ['pointer', ['void']]],
+    'AttachedHives' : [ 0x88, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0x90, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0x94, ['pointer', ['void']]],
+    'TpmBootEntropyResult' : [ 0x98, ['_TPM_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0xe0, ['unsigned long long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x38, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x8, ['unsigned char']],
+    'ArbiterInterface' : [ 0xc, ['pointer', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x10, ['pointer', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x1c, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x24, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x2c, ['_LIST_ENTRY']],
+    'State' : [ 0x34, ['unsigned char']],
+    'ResourcesChanged' : [ 0x35, ['unsigned char']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Group' : [ 0x8, ['pointer', ['void']]],
+    'Sacl' : [ 0xc, ['pointer', ['_ACL']]],
+    'Dacl' : [ 0x10, ['pointer', ['_ACL']]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x298, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer', ['void']]],
+    'ConsoleFlags' : [ 0x14, ['unsigned long']],
+    'StandardInput' : [ 0x18, ['pointer', ['void']]],
+    'StandardOutput' : [ 0x1c, ['pointer', ['void']]],
+    'StandardError' : [ 0x20, ['pointer', ['void']]],
+    'CurrentDirectory' : [ 0x24, ['_CURDIR']],
+    'DllPath' : [ 0x30, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x38, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x40, ['_UNICODE_STRING']],
+    'Environment' : [ 0x48, ['pointer', ['void']]],
+    'StartingX' : [ 0x4c, ['unsigned long']],
+    'StartingY' : [ 0x50, ['unsigned long']],
+    'CountX' : [ 0x54, ['unsigned long']],
+    'CountY' : [ 0x58, ['unsigned long']],
+    'CountCharsX' : [ 0x5c, ['unsigned long']],
+    'CountCharsY' : [ 0x60, ['unsigned long']],
+    'FillAttribute' : [ 0x64, ['unsigned long']],
+    'WindowFlags' : [ 0x68, ['unsigned long']],
+    'ShowWindowFlags' : [ 0x6c, ['unsigned long']],
+    'WindowTitle' : [ 0x70, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0x78, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0x80, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0x88, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0x90, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x290, ['unsigned long']],
+    'EnvironmentVersion' : [ 0x294, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x8, {
+    'BasePage' : [ 0x0, ['unsigned long']],
+    'PageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ALPC_MESSAGE_ZONE' : [ 0x18, {
+    'Mdl' : [ 0x0, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x4, ['pointer', ['void']]],
+    'UserLimit' : [ 0x8, ['pointer', ['void']]],
+    'SystemVa' : [ 0xc, ['pointer', ['void']]],
+    'SystemLimit' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x14, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x10, ['unsigned char']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x10, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x4, ['pointer', ['void']]],
+    'AcquireForReadAhead' : [ 0x8, ['pointer', ['void']]],
+    'ReleaseFromReadAhead' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_PROC_HISTORY_ENTRY' : [ 0x4, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'Frequency' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_RTL_RANGE' : [ 0x20, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer', ['void']]],
+    'Owner' : [ 0x14, ['pointer', ['void']]],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'Flags' : [ 0x19, ['unsigned char']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_POOL_HEADER' : [ 0x8, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'AllocatorBackTraceIndex' : [ 0x4, ['unsigned short']],
+    'PoolTagHash' : [ 0x6, ['unsigned short']],
+} ],
+  '_ETW_PROVIDER_TABLE_ENTRY' : [ 0x10, {
+    'RefCount' : [ 0x0, ['long']],
+    'State' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'EtwProviderStateFree', 1: 'EtwProviderStateTransition', 2: 'EtwProviderStateActive', 3: 'EtwProviderStateMax'})]],
+    'RegEntry' : [ 0x8, ['pointer', ['_ETW_REG_ENTRY']]],
+    'Caller' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x4, {
+    'ImageFileName' : [ 0x0, ['pointer', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x8, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x4, ['unsigned long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x40, {
+    'Address' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0xc, ['array', 13, ['pointer', ['void']]]],
+} ],
+  '__unnamed_2164' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x2040, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2164']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'LastProcessSwappedOutTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long']],
+    'NonPagablePages' : [ 0x24, ['unsigned long']],
+    'CommittedPages' : [ 0x28, ['unsigned long']],
+    'PagedPoolStart' : [ 0x2c, ['pointer', ['void']]],
+    'PagedPoolEnd' : [ 0x30, ['pointer', ['void']]],
+    'SessionObject' : [ 0x34, ['pointer', ['void']]],
+    'SessionObjectHandle' : [ 0x38, ['pointer', ['void']]],
+    'ResidentProcessCount' : [ 0x3c, ['long']],
+    'SessionPoolAllocationFailures' : [ 0x40, ['array', 4, ['unsigned long']]],
+    'ImageList' : [ 0x50, ['_LIST_ENTRY']],
+    'LocaleId' : [ 0x58, ['unsigned long']],
+    'AttachCount' : [ 0x5c, ['unsigned long']],
+    'AttachGate' : [ 0x60, ['_KGATE']],
+    'WsListEntry' : [ 0x70, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0x80, ['array', 25, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xd00, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xd38, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xd70, ['_MMSUPPORT']],
+    'Wsle' : [ 0xddc, ['pointer', ['_MMWSLE']]],
+    'DriverUnload' : [ 0xde0, ['pointer', ['void']]],
+    'PagedPool' : [ 0xe00, ['_POOL_DESCRIPTOR']],
+    'PageTables' : [ 0x1f40, ['pointer', ['_MMPTE']]],
+    'SpecialPool' : [ 0x1f44, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1f68, ['_KGUARDED_MUTEX']],
+    'PoolBigEntriesInUse' : [ 0x1f88, ['long']],
+    'PagedPoolPdeCount' : [ 0x1f8c, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1f90, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1f94, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1f98, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1fc8, ['pointer', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1fcc, ['unsigned long']],
+    'PoolTrackBigPages' : [ 0x1fd0, ['pointer', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1fd4, ['unsigned long']],
+    'IoState' : [ 0x1fd8, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1fdc, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1fe0, ['_KEVENT']],
+    'CreateTime' : [ 0x1ff0, ['unsigned long long']],
+    'SessionPoolPdes' : [ 0x1ff8, ['_RTL_BITMAP']],
+    'CpuQuotaBlock' : [ 0x2000, ['pointer', ['_PS_CPU_QUOTA_BLOCK']]],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x8, {
+    'Process' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'HandleCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CLIENT_ID' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['pointer', ['void']]],
+    'UniqueThread' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0x80, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer', ['void']]],
+    'ThreadOwner' : [ 0xc, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x20, ['array', 8, ['pointer', ['void']]]],
+    'LastAcquireTrace' : [ 0x40, ['array', 8, ['pointer', ['void']]]],
+    'LastReleaseTrace' : [ 0x60, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Rom' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SetMappedFileIoComplete' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CollidedFlush' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x3c, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0xc, ['pointer', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x10, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x11, ['unsigned char']],
+    'ServerIsRemote' : [ 0x12, ['unsigned char']],
+    'ClientTokenControl' : [ 0x14, ['_TOKEN_CONTROL']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x38, {
+    'Mutex' : [ 0x0, ['_KGUARDED_MUTEX']],
+    'PagedPoolAllocationMap' : [ 0x20, ['_RTL_BITMAP']],
+    'FirstPteForPagedPool' : [ 0x28, ['pointer', ['_MMPTE']]],
+    'PagedPoolHint' : [ 0x2c, ['unsigned long']],
+    'PagedPoolCommit' : [ 0x30, ['unsigned long']],
+    'AllocatedPagedPool' : [ 0x34, ['unsigned long']],
+} ],
+  '_BITMAP_RANGE' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x8, ['long long']],
+    'FirstDirtyPage' : [ 0x10, ['unsigned long']],
+    'LastDirtyPage' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'Bitmap' : [ 0x1c, ['pointer', ['unsigned long']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x10, {
+    'SecurityQos' : [ 0x0, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x4, ['pointer', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x8, ['unsigned long']],
+    'FullCreateOptions' : [ 0xc, ['unsigned long']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x78, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x8, ['pointer', ['_KPRCB']]],
+    'Members' : [ 0xc, ['_KAFFINITY_EX']],
+    'FeedbackHandler' : [ 0x18, ['pointer', ['void']]],
+    'GetFFHThrottleState' : [ 0x1c, ['pointer', ['void']]],
+    'BoostPolicyHandler' : [ 0x20, ['pointer', ['void']]],
+    'PerfSelectionHandler' : [ 0x24, ['pointer', ['void']]],
+    'PerfHandler' : [ 0x28, ['pointer', ['void']]],
+    'Processors' : [ 0x2c, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'PerfChangeTime' : [ 0x30, ['unsigned long long']],
+    'ProcessorCount' : [ 0x38, ['unsigned long']],
+    'PreviousFrequencyMhz' : [ 0x3c, ['unsigned long']],
+    'CurrentFrequencyMhz' : [ 0x40, ['unsigned long']],
+    'PreviousFrequency' : [ 0x44, ['unsigned long']],
+    'CurrentFrequency' : [ 0x48, ['unsigned long']],
+    'CurrentPerfContext' : [ 0x4c, ['unsigned long']],
+    'DesiredFrequency' : [ 0x50, ['unsigned long']],
+    'MaxFrequency' : [ 0x54, ['unsigned long']],
+    'MinPerfPercent' : [ 0x58, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x5c, ['unsigned long']],
+    'MaxPercent' : [ 0x60, ['unsigned long']],
+    'MinPercent' : [ 0x64, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0x68, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0x6c, ['unsigned long']],
+    'Coordination' : [ 0x70, ['unsigned char']],
+    'PerfChangeIntervalCount' : [ 0x74, ['long']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0x50, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Type' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0xa0, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x20, ['array', 128, ['unsigned char']]],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Link' : [ 0x14, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x1c, ['pointer', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_RELATION_LIST' : [ 0x14, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'TagCount' : [ 0x4, ['unsigned long']],
+    'FirstLevel' : [ 0x8, ['unsigned long']],
+    'MaxLevel' : [ 0xc, ['unsigned long']],
+    'Entries' : [ 0x10, ['array', 1, ['pointer', ['_RELATION_LIST_ENTRY']]]],
+} ],
+  '_IO_TIMER' : [ 0x18, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x4, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x24, {
+    'PteBase' : [ 0x0, ['pointer', ['_MMPTE']]],
+    'Lock' : [ 0x4, ['unsigned long']],
+    'Paged' : [ 0x8, ['_MI_SPECIAL_POOL_PTE_LIST']],
+    'NonPaged' : [ 0x10, ['_MI_SPECIAL_POOL_PTE_LIST']],
+    'PagesInUse' : [ 0x18, ['long']],
+    'SpecialPoolPdes' : [ 0x1c, ['_RTL_BITMAP']],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x10, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x4, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x8, ['pointer', ['unsigned long']]],
+    'Conflicts' : [ 0xc, ['pointer', ['pointer', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x10, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x4, ['unsigned long']],
+    'Run' : [ 0x8, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x4c, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x4, ['_KMUTANT']],
+    'Lock' : [ 0x24, ['_KGUARDED_MUTEX']],
+    'List' : [ 0x44, ['_LIST_ENTRY']],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x10, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x8, ['_PO_IRP_QUEUE']],
+} ],
+  '_PPM_PERF_STATE' : [ 0x28, {
+    'Frequency' : [ 0x0, ['unsigned long']],
+    'Power' : [ 0x4, ['unsigned long']],
+    'PercentFrequency' : [ 0x8, ['unsigned char']],
+    'IncreaseLevel' : [ 0x9, ['unsigned char']],
+    'DecreaseLevel' : [ 0xa, ['unsigned char']],
+    'Type' : [ 0xb, ['unsigned char']],
+    'Control' : [ 0x10, ['unsigned long long']],
+    'Status' : [ 0x18, ['unsigned long long']],
+    'TotalHitCount' : [ 0x20, ['unsigned long']],
+    'DesiredCount' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KDPC_DATA' : [ 0x14, {
+    'DpcListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'DpcLock' : [ 0x8, ['unsigned long']],
+    'DpcQueueDepth' : [ 0xc, ['long']],
+    'DpcCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_21f1' : [ 0x8, {
+    'UserData' : [ 0x0, ['pointer', ['void']]],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_21f3' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_21f1']],
+    'Merged' : [ 0x10, ['__unnamed_21f3']],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'PublicFlags' : [ 0x19, ['unsigned char']],
+    'PrivateFlags' : [ 0x1a, ['unsigned short']],
+    'ListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x4, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x8, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '__unnamed_21fb' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_21fb']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x4, ['_LIST_ENTRY']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_MSUBSECTION' : [ 0x3c, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'NextMappedSubsection' : [ 0x8, ['pointer', ['_MSUBSECTION']]],
+    'PtesInSubsection' : [ 0xc, ['unsigned long']],
+    'UnusedPtes' : [ 0x10, ['unsigned long']],
+    'GlobalPerSessionHead' : [ 0x10, ['pointer', ['_MM_AVL_TABLE']]],
+    'u' : [ 0x14, ['__unnamed_1f77']],
+    'StartingSector' : [ 0x18, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x1c, ['unsigned long']],
+    'u1' : [ 0x20, ['__unnamed_2005']],
+    'LeftChild' : [ 0x24, ['pointer', ['_MMSUBSECTION_NODE']]],
+    'RightChild' : [ 0x28, ['pointer', ['_MMSUBSECTION_NODE']]],
+    'DereferenceList' : [ 0x2c, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x34, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x38, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x38, {
+    'GetTime' : [ 0x0, ['unsigned long']],
+    'SetTime' : [ 0x4, ['unsigned long']],
+    'GetWakeupTime' : [ 0x8, ['unsigned long']],
+    'SetWakeupTime' : [ 0xc, ['unsigned long']],
+    'SetVirtualAddressMap' : [ 0x10, ['unsigned long']],
+    'ConvertPointer' : [ 0x14, ['unsigned long']],
+    'GetVariable' : [ 0x18, ['unsigned long']],
+    'GetNextVariableName' : [ 0x1c, ['unsigned long']],
+    'SetVariable' : [ 0x20, ['unsigned long']],
+    'GetNextHighMonotonicCount' : [ 0x24, ['unsigned long']],
+    'ResetSystem' : [ 0x28, ['unsigned long']],
+    'UpdateCapsule' : [ 0x2c, ['unsigned long']],
+    'QueryCapsuleCapabilities' : [ 0x30, ['unsigned long']],
+    'QueryVariableInfo' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_SPECIAL_POOL_PTE_LIST' : [ 0x8, {
+    'FreePteHead' : [ 0x0, ['_MMPTE']],
+    'FreePteTail' : [ 0x4, ['_MMPTE']],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'spare2' : [ 0x12, ['array', 3, ['unsigned char']]],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'spare3' : [ 0x16, ['array', 8, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_2211' : [ 0x4, {
+    'ImageCommitment' : [ 0x0, ['unsigned long']],
+    'CreatingProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+} ],
+  '__unnamed_2215' : [ 0x4, {
+    'ImageInformation' : [ 0x0, ['pointer', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x20, ['__unnamed_2211']],
+    'u2' : [ 0x24, ['__unnamed_2215']],
+    'PrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+    'ThePtes' : [ 0x2c, ['array', 1, ['_MMPTE']]],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x10, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_221e' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2220' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_221e']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x90, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x4, ['pointer', ['void']]],
+    'EtwHandlesListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_2220']],
+    'Signature' : [ 0x14, ['unsigned long']],
+    'PoolPageHeaders' : [ 0x18, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x20, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x28, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x2c, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x30, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x34, ['unsigned long']],
+    'PagedBytes' : [ 0x38, ['unsigned long']],
+    'NonPagedBytes' : [ 0x3c, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x40, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x44, ['unsigned long']],
+    'RaiseIrqls' : [ 0x48, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x4c, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x50, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x54, ['unsigned long']],
+    'AllocationsFailed' : [ 0x58, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x5c, ['unsigned long']],
+    'LockedBytes' : [ 0x60, ['unsigned long']],
+    'PeakLockedBytes' : [ 0x64, ['unsigned long']],
+    'MappedLockedBytes' : [ 0x68, ['unsigned long']],
+    'PeakMappedLockedBytes' : [ 0x6c, ['unsigned long']],
+    'MappedIoSpaceBytes' : [ 0x70, ['unsigned long']],
+    'PeakMappedIoSpaceBytes' : [ 0x74, ['unsigned long']],
+    'PagesForMdlBytes' : [ 0x78, ['unsigned long']],
+    'PeakPagesForMdlBytes' : [ 0x7c, ['unsigned long']],
+    'ContiguousMemoryBytes' : [ 0x80, ['unsigned long']],
+    'PeakContiguousMemoryBytes' : [ 0x84, ['unsigned long']],
+    'ContiguousMemoryListHead' : [ 0x88, ['_LIST_ENTRY']],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x58, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'UlongFlags' : [ 0x0, ['unsigned long']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'ReadAheadSpinLock' : [ 0x48, ['unsigned long']],
+    'PrivateLinks' : [ 0x4c, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x54, ['pointer', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'Spare' : [ 0xc, ['unsigned long']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_TPM_BOOT_ENTROPY_LDR_RESULT' : [ 0x48, {
+    'Policy' : [ 0x0, ['unsigned long long']],
+    'ResultCode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'TpmBootEntropyStructureUninitialized', 1: 'TpmBootEntropyDisabledByPolicy', 2: 'TpmBootEntropyNoTpmFound', 3: 'TpmBootEntropyTpmError', 4: 'TpmBootEntropySuccess'})]],
+    'ResultStatus' : [ 0xc, ['long']],
+    'Time' : [ 0x10, ['unsigned long long']],
+    'EntropyLength' : [ 0x18, ['unsigned long']],
+    'EntropyData' : [ 0x1c, ['array', 40, ['unsigned char']]],
+} ],
+  '_RTL_HANDLE_TABLE' : [ 0x20, {
+    'MaximumNumberOfHandles' : [ 0x0, ['unsigned long']],
+    'SizeOfHandleTableEntry' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['array', 2, ['unsigned long']]],
+    'FreeHandles' : [ 0x10, ['pointer', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'CommittedHandles' : [ 0x14, ['pointer', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'UnCommittedHandles' : [ 0x18, ['pointer', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'MaxReservedHandles' : [ 0x1c, ['pointer', ['_RTL_HANDLE_TABLE_ENTRY']]],
+} ],
+  '_PTE_TRACKER' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'Count' : [ 0xc, ['unsigned long']],
+    'SystemVa' : [ 0x10, ['pointer', ['void']]],
+    'StartVa' : [ 0x14, ['pointer', ['void']]],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'IoMapping' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x24, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x24, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'Spare' : [ 0x24, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'CallingAddress' : [ 0x28, ['pointer', ['void']]],
+    'CallersCaller' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0xc, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x10, {
+    'BlockAddress' : [ 0x0, ['unsigned long']],
+    'BinAddress' : [ 0x4, ['unsigned long']],
+    'CmView' : [ 0x8, ['pointer', ['_CM_VIEW_OF_FILE']]],
+    'MemAlloc' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x10, {
+    'HashLink' : [ 0x0, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x4, ['unsigned short']],
+    'Atom' : [ 0x6, ['unsigned short']],
+    'ReferenceCount' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'NameLength' : [ 0xb, ['unsigned char']],
+    'Name' : [ 0xc, ['array', 1, ['wchar']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x10, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1'})]],
+    'ReorderingBarrier' : [ 0x10, ['unsigned char']],
+    'RequestArgument' : [ 0x14, ['unsigned long']],
+    'CompletionEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x1c, ['pointer', ['long']]],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMSESSION' : [ 0x38, {
+    'SystemSpaceViewLock' : [ 0x0, ['_KGUARDED_MUTEX']],
+    'SystemSpaceViewLockPointer' : [ 0x20, ['pointer', ['_KGUARDED_MUTEX']]],
+    'SystemSpaceViewTable' : [ 0x24, ['pointer', ['_MMVIEW']]],
+    'SystemSpaceHashSize' : [ 0x28, ['unsigned long']],
+    'SystemSpaceHashEntries' : [ 0x2c, ['unsigned long']],
+    'SystemSpaceHashKey' : [ 0x30, ['unsigned long']],
+    'BitmapFailures' : [ 0x34, ['unsigned long']],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x3c, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x8, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x10, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x14, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'Index' : [ 0x18, ['unsigned short']],
+    'Flags' : [ 0x1a, ['unsigned short']],
+    'EnableMask' : [ 0x1c, ['unsigned char']],
+    'GroupEnableMask' : [ 0x1d, ['unsigned char']],
+    'UseDescriptorType' : [ 0x1e, ['unsigned char']],
+    'SessionId' : [ 0x20, ['unsigned long']],
+    'ReplyQueue' : [ 0x20, ['pointer', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x20, ['array', 4, ['pointer', ['_ETW_REG_ENTRY']]]],
+    'Process' : [ 0x30, ['pointer', ['_EPROCESS']]],
+    'Callback' : [ 0x30, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x34, ['pointer', ['void']]],
+    'Traits' : [ 0x38, ['pointer', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0xa4, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x4, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x8, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x18, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'ServerSectionBase' : [ 0x24, ['pointer', ['void']]],
+    'PortContext' : [ 0x28, ['pointer', ['void']]],
+    'ClientThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x3c, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0x78, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0x80, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MappingProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0x8c, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0x8e, ['unsigned short']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'WaitEvent' : [ 0x94, ['_KEVENT']],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x8, ['unsigned long']],
+    'Alternatives' : [ 0xc, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'WorkSpace' : [ 0x1c, ['long']],
+    'InterfaceType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x24, ['unsigned long']],
+    'BusNumber' : [ 0x28, ['unsigned long']],
+    'Assignment' : [ 0x2c, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x30, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'Traits' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1a8, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x14, ['pointer', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x18, ['pointer', ['_KSEMAPHORE']]],
+    'GetNewDeviceList' : [ 0x1c, ['unsigned char']],
+    'Order' : [ 0x20, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x190, ['_LIST_ENTRY']],
+    'Status' : [ 0x198, ['long']],
+    'FailedDevice' : [ 0x19c, ['pointer', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1a0, ['unsigned char']],
+    'Cancelled' : [ 0x1a1, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1a2, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1a3, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1a4, ['unsigned char']],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'ExtraSharedWowSubsections' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WatchProto' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'FloppyMedia' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DefaultProtectionMask' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 22, native_type='unsigned long')]],
+    'Binary32' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ContainsDebug' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'CallerType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x8, ['unsigned long']],
+    'DevicePathOffset' : [ 0xc, ['unsigned long']],
+    'ReasonOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x3c, {
+    'WorkerQueue' : [ 0x0, ['_KQUEUE']],
+    'DynamicThreadCount' : [ 0x28, ['unsigned long']],
+    'WorkItemsProcessed' : [ 0x2c, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x30, ['unsigned long']],
+    'QueueDepthLastPass' : [ 0x34, ['unsigned long']],
+    'Info' : [ 0x38, ['EX_QUEUE_WORKER_INFO']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x4, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x8, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x14, ['unsigned long']],
+    'PagingCount' : [ 0x18, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x1c, ['unsigned char']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x40, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'IdleCheck' : [ 0xc, ['pointer', ['void']]],
+    'IdleHandler' : [ 0x10, ['pointer', ['void']]],
+    'HvConfig' : [ 0x18, ['unsigned long long']],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Latency' : [ 0x24, ['unsigned long']],
+    'Power' : [ 0x28, ['unsigned long']],
+    'TimeCheck' : [ 0x2c, ['unsigned long']],
+    'StateFlags' : [ 0x30, ['unsigned long']],
+    'PromotePercent' : [ 0x34, ['unsigned char']],
+    'DemotePercent' : [ 0x35, ['unsigned char']],
+    'PromotePercentBase' : [ 0x36, ['unsigned char']],
+    'DemotePercentBase' : [ 0x37, ['unsigned char']],
+    'StateType' : [ 0x38, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x154, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'State' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x1c, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x3c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x50, ['_GUID']],
+    'NotificationQueue' : [ 0x60, ['_KQUEUE']],
+    'NotificationMutex' : [ 0x88, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0xa8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xb0, ['unsigned long']],
+    'NotificationRoutine' : [ 0xb4, ['pointer', ['void']]],
+    'Key' : [ 0xb8, ['pointer', ['void']]],
+    'ProtocolListHead' : [ 0xbc, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0xc4, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0xcc, ['_LIST_ENTRY']],
+    'Tm' : [ 0xd4, ['pointer', ['_KTM']]],
+    'Description' : [ 0xd8, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0xe0, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x140, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_229b' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x40, {
+    'Lock' : [ 0x0, ['long']],
+    'NodeToFree' : [ 0x4, ['pointer', ['void']]],
+    'NodeRangeSize' : [ 0x8, ['unsigned long']],
+    'NodeCount' : [ 0xc, ['unsigned long']],
+    'Tables' : [ 0x10, ['pointer', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_229b']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATION_LIST_ENTRY' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'Devices' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x40e0, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x14, ['unsigned long']],
+    'ResourceAddressRange' : [ 0x18, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x2010, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x2014, ['unsigned long']],
+    'ThreadAddressRange' : [ 0x2018, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x4010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x4014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x4018, ['unsigned long']],
+    'NodesSearched' : [ 0x401c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x4020, ['unsigned long']],
+    'SequenceNumber' : [ 0x4024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x4028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x402c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x4030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x4034, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x4038, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x403c, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x4040, ['unsigned long']],
+    'TotalReleases' : [ 0x4044, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x4048, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x404c, ['unsigned long']],
+    'Instigator' : [ 0x4050, ['pointer', ['void']]],
+    'NumberOfParticipants' : [ 0x4054, ['unsigned long']],
+    'Participant' : [ 0x4058, ['array', 32, ['pointer', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x40d8, ['long']],
+} ],
+  '_KTM' : [ 0x238, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x4, ['_KMUTANT']],
+    'State' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x28, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x3c, ['_GUID']],
+    'Flags' : [ 0x4c, ['unsigned long']],
+    'VolatileFlags' : [ 0x50, ['unsigned long']],
+    'LogFileName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x5c, ['pointer', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0x60, ['pointer', ['void']]],
+    'LogManagementContext' : [ 0x64, ['pointer', ['void']]],
+    'Transactions' : [ 0x68, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0xc8, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x128, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x148, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x150, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x158, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x178, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x180, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x188, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x190, ['pointer', ['void']]],
+    'TmRm' : [ 0x194, ['pointer', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x198, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x1b8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x1c0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x1d0, ['_ERESOURCE']],
+    'LogFlags' : [ 0x208, ['unsigned long']],
+    'LogFullStatus' : [ 0x20c, ['long']],
+    'RecoveryStatus' : [ 0x210, ['long']],
+    'LastCheckBaseLsn' : [ 0x218, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x220, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x228, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x24, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SystemClass', 1: 'ProcessorClass', 2: 'CacheClass', 3: 'AdapterClass', 4: 'ControllerClass', 5: 'PeripheralClass', 6: 'MemoryClass', 7: 'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'ArcSystem', 1: 'CentralProcessor', 2: 'FloatingPointProcessor', 3: 'PrimaryIcache', 4: 'PrimaryDcache', 5: 'SecondaryIcache', 6: 'SecondaryDcache', 7: 'SecondaryCache', 8: 'EisaAdapter', 9: 'TcAdapter', 10: 'ScsiAdapter', 11: 'DtiAdapter', 12: 'MultiFunctionAdapter', 13: 'DiskController', 14: 'TapeController', 15: 'CdromController', 16: 'WormController', 17: 'SerialController', 18: 'NetworkController', 19: 'DisplayController', 20: 'ParallelController', 21: 'PointerController', 22: 'KeyboardController', 23: 'AudioController', 24: 'OtherController', 25: 'DiskPeripheral', 26: 'FloppyDiskPeripheral', 27: 'TapePeripheral', 28: 'ModemPeripheral', 29: 'MonitorPeripheral', 30: 'PrinterPeripheral', 31: 'PointerPeripheral', 32: 'KeyboardPeripheral', 33: 'TerminalPeripheral', 34: 'OtherPeripheral', 35: 'LinePeripheral', 36: 'NetworkPeripheral', 37: 'SystemMemory', 38: 'DockingInformation', 39: 'RealModeIrqRoutingTable', 40: 'RealModePCIEnumeration', 41: 'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer', ['unsigned char']]],
+} ],
+  '_VF_BTS_RECORD' : [ 0xc, {
+    'JumpedFrom' : [ 0x0, ['pointer', ['void']]],
+    'JumpedTo' : [ 0x4, ['pointer', ['void']]],
+    'Unused1' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Predicted' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Unused2' : [ 0x8, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KTRANSACTION' : [ 0x1e0, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'Mutex' : [ 0x14, ['_KMUTANT']],
+    'TreeTx' : [ 0x34, ['pointer', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x38, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x4c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0x60, ['_GUID']],
+    'State' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0x74, ['unsigned long']],
+    'EnlistmentHead' : [ 0x78, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x80, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0x84, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0x88, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0x8c, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0x90, ['unsigned long']],
+    'PendingResponses' : [ 0x94, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0x98, ['pointer', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xa0, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0xb0, ['pointer', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0xb4, ['pointer', ['void']]],
+    'IsolationLevel' : [ 0xb8, ['unsigned long']],
+    'IsolationFlags' : [ 0xbc, ['unsigned long']],
+    'Timeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'Description' : [ 0xc8, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0xd0, ['pointer', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0xd4, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0xe4, ['_KDPC']],
+    'RollbackTimer' : [ 0x108, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x130, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x138, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x13c, ['pointer', ['_KTM']]],
+    'CommitReservation' : [ 0x140, ['long long']],
+    'TransactionHistory' : [ 0x148, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x198, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x19c, ['pointer', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x1a0, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x1a4, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x1c4, ['pointer', ['void']]],
+    'PendingPromotionCount' : [ 0x1c8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x1cc, ['_KEVENT']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_UOW' : [ 0x38, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x8, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0xc, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x18, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x1c, ['pointer', ['_CM_TRANS']]],
+    'UoWState' : [ 0x20, ['unsigned long']],
+    'ActionType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x30, ['unsigned long']],
+    'OldValueCell' : [ 0x30, ['unsigned long']],
+    'NewValueCell' : [ 0x34, ['unsigned long']],
+    'UserFlags' : [ 0x30, ['unsigned long']],
+    'LastWriteTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x30, ['unsigned long']],
+    'OldChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x34, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x34, ['unsigned long']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x320, {
+    'ContextFrame' : [ 0x0, ['_CONTEXT']],
+    'SpecialRegisters' : [ 0x2cc, ['_KSPECIAL_REGISTERS']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'DueTickCount' : [ 0xc, ['unsigned long']],
+    'Inserted' : [ 0x10, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x11, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x12, ['unsigned short']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_22f8' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_22fa' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_22f8']],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_22fa']],
+} ],
+  '_PSP_CPU_SHARE_CAPTURED_WEIGHT_DATA' : [ 0x8, {
+    'CapturedCpuShareWeight' : [ 0x0, ['unsigned long']],
+    'CapturedTotalWeight' : [ 0x4, ['unsigned long']],
+    'CombinedData' : [ 0x0, ['long long']],
+} ],
+  '_CM_NAME_HASH' : [ 0xc, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'Name' : [ 0xa, ['array', 1, ['wchar']]],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x8, {
+    'CurrentIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'PendingIrpList' : [ 0x4, ['pointer', ['_IRP']]],
+} ],
+  '__unnamed_230d' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0x6c, {
+    'Parent' : [ 0x0, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x4, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0xc, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'Root' : [ 0x1c, ['pointer', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x20, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x24, ['__unnamed_230d']],
+    'ChildrenCount' : [ 0x28, ['long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'ParentStackTrace' : [ 0x4c, ['array', 8, ['pointer', ['void']]]],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0x60, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x38, ['_KMUTANT']],
+    'LinksOffset' : [ 0x58, ['unsigned short']],
+    'GuidOffset' : [ 0x5a, ['unsigned short']],
+    'Expired' : [ 0x5c, ['unsigned char']],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x10, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x4, ['pointer', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x8, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x4, ['pointer', ['_HHIVE']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x8, {
+    'Stream' : [ 0x0, ['pointer', ['void']]],
+    'Detail' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x8, {
+    'Start' : [ 0x0, ['pointer', ['unsigned char']]],
+    'End' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x18, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x18, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x14, ['pointer', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x14, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x8, ['pointer', ['void']]],
+    'Key' : [ 0xc, ['unsigned long']],
+    'BindingProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x204, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'HashTable' : [ 0x4, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x38, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x2c, ['array', 3, ['unsigned long']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x38, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x30, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_HEAP_USERDATA_HEADER' : [ 0x10, {
+    'SFreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'SubSegment' : [ 0x0, ['pointer', ['_HEAP_SUBSEGMENT']]],
+    'Reserved' : [ 0x4, ['pointer', ['void']]],
+    'SizeIndex' : [ 0x8, ['unsigned long']],
+    'Signature' : [ 0xc, ['unsigned long']],
+} ],
+  '_STACK_TABLE' : [ 0x8040, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x4, ['array', 16, ['pointer', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x44, ['array', 16381, ['unsigned short']]],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_DEFERRED_WRITE' : [ 0x24, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x8, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'PostRoutine' : [ 0x18, ['pointer', ['void']]],
+    'Context1' : [ 0x1c, ['pointer', ['void']]],
+    'Context2' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x4, ['pointer', ['_ARBITER_ORDERING']]],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x30, {
+    'TransferAddress' : [ 0x0, ['pointer', ['void']]],
+    'ZeroBits' : [ 0x4, ['unsigned long']],
+    'MaximumStackSize' : [ 0x8, ['unsigned long']],
+    'CommittedStackSize' : [ 0xc, ['unsigned long']],
+    'SubSystemType' : [ 0x10, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x14, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x16, ['unsigned short']],
+    'SubSystemVersion' : [ 0x14, ['unsigned long']],
+    'GpValue' : [ 0x18, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x1c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x1e, ['unsigned short']],
+    'Machine' : [ 0x20, ['unsigned short']],
+    'ImageContainsCode' : [ 0x22, ['unsigned char']],
+    'ImageFlags' : [ 0x23, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x23, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x23, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x23, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x23, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x23, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x24, ['unsigned long']],
+    'ImageFileSize' : [ 0x28, ['unsigned long']],
+    'CheckSum' : [ 0x2c, ['unsigned long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0x3c, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x38, ['pointer', ['_VF_AVL_TREE_NODE']]],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1b, {
+    'PerUserPolicy' : [ 0x0, ['array', 27, ['unsigned char']]],
+} ],
+  '__unnamed_2365' : [ 0x8, {
+    'EndingOffset' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x4, ['pointer', ['pointer', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2367' : [ 0x4, {
+    'ResourceToRelease' : [ 0x0, ['pointer', ['_ERESOURCE']]],
+} ],
+  '__unnamed_236b' : [ 0x8, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_236f' : [ 0x8, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x4, ['unsigned char']],
+} ],
+  '__unnamed_2371' : [ 0x14, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+    'Argument5' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x14, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2365']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2367']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_236b']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_236f']],
+    'Others' : [ 0x0, ['__unnamed_2371']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0xa0, {
+    'WriteToFile' : [ 0x0, ['unsigned char']],
+    'ReserveLoaderMemory' : [ 0x1, ['unsigned char']],
+    'ReserveFreeMemory' : [ 0x2, ['unsigned char']],
+    'Reset' : [ 0x3, ['unsigned char']],
+    'HiberFlags' : [ 0x4, ['unsigned char']],
+    'WroteHiberFile' : [ 0x5, ['unsigned char']],
+    'MapFrozen' : [ 0x6, ['unsigned char']],
+    'MemoryMap' : [ 0x8, ['_RTL_BITMAP']],
+    'DiscardedMemoryPages' : [ 0x10, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x18, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x20, ['unsigned long']],
+    'NextCloneRange' : [ 0x24, ['pointer', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x28, ['unsigned long']],
+    'LoaderMdl' : [ 0x2c, ['pointer', ['_MDL']]],
+    'AllocatedMdl' : [ 0x30, ['pointer', ['_MDL']]],
+    'PagesOut' : [ 0x38, ['unsigned long long']],
+    'IoPages' : [ 0x40, ['pointer', ['void']]],
+    'IoPagesCount' : [ 0x44, ['unsigned long']],
+    'CurrentMcb' : [ 0x48, ['pointer', ['void']]],
+    'DumpStack' : [ 0x4c, ['pointer', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x50, ['pointer', ['_KPROCESSOR_STATE']]],
+    'PreferredIoWriteSize' : [ 0x54, ['unsigned long']],
+    'IoProgress' : [ 0x58, ['unsigned long']],
+    'HiberVa' : [ 0x5c, ['unsigned long']],
+    'HiberPte' : [ 0x60, ['_LARGE_INTEGER']],
+    'Status' : [ 0x68, ['long']],
+    'MemoryImage' : [ 0x6c, ['pointer', ['PO_MEMORY_IMAGE']]],
+    'CompressionWorkspace' : [ 0x70, ['pointer', ['void']]],
+    'CompressedWriteBuffer' : [ 0x74, ['pointer', ['unsigned char']]],
+    'CompressedWriteBufferSize' : [ 0x78, ['unsigned long']],
+    'MaxCompressedOutputSize' : [ 0x7c, ['unsigned long']],
+    'PerformanceStats' : [ 0x80, ['pointer', ['unsigned long']]],
+    'CompressionBlock' : [ 0x84, ['pointer', ['void']]],
+    'DmaIO' : [ 0x88, ['pointer', ['void']]],
+    'TemporaryHeap' : [ 0x8c, ['pointer', ['void']]],
+    'BootLoaderLogMdl' : [ 0x90, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'ResumeContext' : [ 0x98, ['pointer', ['void']]],
+    'ResumeContextPages' : [ 0x9c, ['unsigned long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x40, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x8, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0xb0, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x70, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x78, ['pointer', ['void']]],
+    'PointersLength' : [ 0x7c, ['unsigned long']],
+    'ModulePrefix' : [ 0x80, ['pointer', ['unsigned short']]],
+    'DriverList' : [ 0x84, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x8c, ['_STRING']],
+    'ProgMsg' : [ 0x94, ['_STRING']],
+    'DoneMsg' : [ 0x9c, ['_STRING']],
+    'FileObject' : [ 0xa4, ['pointer', ['void']]],
+    'UsageType' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile'})]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x20, {
+    'ThreadHandle' : [ 0x0, ['pointer', ['void']]],
+    'ThreadId' : [ 0x4, ['pointer', ['void']]],
+    'ProcessId' : [ 0x8, ['pointer', ['void']]],
+    'Code' : [ 0xc, ['unsigned long']],
+    'Parameter1' : [ 0x10, ['unsigned long']],
+    'Parameter2' : [ 0x14, ['unsigned long']],
+    'Parameter3' : [ 0x18, ['unsigned long']],
+    'Parameter4' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x20, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0xc, ['unsigned long']],
+    'CollectMultiple' : [ 0x10, ['unsigned char']],
+    'Buffer' : [ 0x14, ['pointer', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+} ],
+  '_RTL_HANDLE_TABLE_ENTRY' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NextFree' : [ 0x0, ['pointer', ['_RTL_HANDLE_TABLE_ENTRY']]],
+} ],
+  '__unnamed_2395' : [ 0x10, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x10, {
+    'Parameters' : [ 0x0, ['__unnamed_2395']],
+} ],
+  '__unnamed_2399' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2399']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0xe0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long']],
+    'PageSize' : [ 0x14, ['unsigned long']],
+    'SystemTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x20, ['unsigned long long']],
+    'FeatureFlags' : [ 0x28, ['unsigned long']],
+    'HiberFlags' : [ 0x2c, ['unsigned char']],
+    'spare' : [ 0x2d, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x30, ['unsigned long']],
+    'HiberVa' : [ 0x34, ['unsigned long']],
+    'HiberPte' : [ 0x38, ['_LARGE_INTEGER']],
+    'NoFreePages' : [ 0x40, ['unsigned long']],
+    'FreeMapCheck' : [ 0x44, ['unsigned long']],
+    'WakeCheck' : [ 0x48, ['unsigned long']],
+    'FirstTablePage' : [ 0x4c, ['unsigned long']],
+    'PerfInfo' : [ 0x50, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0xa8, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0xac, ['array', 1, ['unsigned long']]],
+    'NoBootLoaderLogPages' : [ 0xb0, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0xb4, ['array', 8, ['unsigned long']]],
+    'NotUsed' : [ 0xd4, ['unsigned long']],
+    'ResumeContextCheck' : [ 0xd8, ['unsigned long']],
+    'ResumeContextPages' : [ 0xdc, ['unsigned long']],
+} ],
+  'EX_QUEUE_WORKER_INFO' : [ 0x4, {
+    'QueueDisabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MakeThreadsAsNecessary' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitMode' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WorkerCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'QueueWorkerInfo' : [ 0x0, ['long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_CURDIR' : [ 0xc, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x58, {
+    'IoTicks' : [ 0x0, ['unsigned long long']],
+    'InitTicks' : [ 0x8, ['unsigned long long']],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'ElapsedTicks' : [ 0x18, ['unsigned long long']],
+    'CompressTicks' : [ 0x20, ['unsigned long long']],
+    'ResumeAppTime' : [ 0x28, ['unsigned long long']],
+    'HiberFileResumeTime' : [ 0x30, ['unsigned long long']],
+    'BytesCopied' : [ 0x38, ['unsigned long long']],
+    'PagesProcessed' : [ 0x40, ['unsigned long long']],
+    'PagesWritten' : [ 0x48, ['unsigned long']],
+    'DumpCount' : [ 0x4c, ['unsigned long']],
+    'FileRuns' : [ 0x50, ['unsigned long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x10, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0xc, ['unsigned char']],
+    'Reserved' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_MMVIEW' : [ 0x18, {
+    'Entry' : [ 0x0, ['unsigned long']],
+    'Writable' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlArea' : [ 0x4, ['pointer', ['_CONTROL_AREA']]],
+    'ViewLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'SessionViewVa' : [ 0x10, ['pointer', ['void']]],
+    'SessionId' : [ 0x14, ['unsigned long']],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x34, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0xc, ['pointer', ['unsigned char']]],
+    'PciDeviceId' : [ 0x10, ['unsigned short']],
+    'PciVendorId' : [ 0x12, ['unsigned short']],
+    'PciBusNumber' : [ 0x14, ['unsigned char']],
+    'PciBusSegment' : [ 0x16, ['unsigned short']],
+    'PciSlotNumber' : [ 0x18, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x19, ['unsigned char']],
+    'PciFlags' : [ 0x1c, ['unsigned long']],
+    'SystemGUID' : [ 0x20, ['_GUID']],
+    'IsMMIODevice' : [ 0x30, ['unsigned char']],
+    'TerminalType' : [ 0x31, ['unsigned char']],
+} ],
+  '__unnamed_23c1' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_23c3' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_23c5' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_23c1']],
+    'Gpt' : [ 0x0, ['__unnamed_23c3']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x70, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer', ['void']]],
+    'CommonBuffer' : [ 0xc, ['array', 2, ['pointer', ['void']]]],
+    'PhysicalAddress' : [ 0x18, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x28, ['pointer', ['void']]],
+    'OpenRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'WriteRoutine' : [ 0x30, ['pointer', ['void']]],
+    'FinishRoutine' : [ 0x34, ['pointer', ['void']]],
+    'AdapterObject' : [ 0x38, ['pointer', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x3c, ['pointer', ['void']]],
+    'PortConfiguration' : [ 0x40, ['pointer', ['void']]],
+    'CrashDump' : [ 0x44, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x48, ['unsigned long']],
+    'CommonBufferSize' : [ 0x4c, ['unsigned long']],
+    'TargetAddress' : [ 0x50, ['pointer', ['void']]],
+    'WritePendingRoutine' : [ 0x54, ['pointer', ['void']]],
+    'PartitionStyle' : [ 0x58, ['unsigned long']],
+    'DiskInfo' : [ 0x5c, ['__unnamed_23c5']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x30, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Hint' : [ 0xc, ['unsigned long']],
+    'BasePte' : [ 0x10, ['pointer', ['_MMPTE']]],
+    'FailureCount' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Vm' : [ 0x18, ['pointer', ['_MMSUPPORT']]],
+    'TotalSystemPtes' : [ 0x1c, ['long']],
+    'TotalFreeSystemPtes' : [ 0x20, ['long']],
+    'CachedPteCount' : [ 0x24, ['long']],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x2c, ['unsigned long']],
+    'GlobalMutex' : [ 0x2c, ['pointer', ['_KGUARDED_MUTEX']]],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x10, {
+    'DHCPServerACK' : [ 0x0, ['pointer', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x4, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x8, ['pointer', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x170, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x4, ['pointer', ['pointer', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x8, ['array', 9, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x28, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x10, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x18, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x2c, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x28, ['long']],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x4, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['pointer', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0x54, {
+    'Cr0' : [ 0x0, ['unsigned long']],
+    'Cr2' : [ 0x4, ['unsigned long']],
+    'Cr3' : [ 0x8, ['unsigned long']],
+    'Cr4' : [ 0xc, ['unsigned long']],
+    'KernelDr0' : [ 0x10, ['unsigned long']],
+    'KernelDr1' : [ 0x14, ['unsigned long']],
+    'KernelDr2' : [ 0x18, ['unsigned long']],
+    'KernelDr3' : [ 0x1c, ['unsigned long']],
+    'KernelDr6' : [ 0x20, ['unsigned long']],
+    'KernelDr7' : [ 0x24, ['unsigned long']],
+    'Gdtr' : [ 0x28, ['_DESCRIPTOR']],
+    'Idtr' : [ 0x30, ['_DESCRIPTOR']],
+    'Tr' : [ 0x38, ['unsigned short']],
+    'Ldtr' : [ 0x3a, ['unsigned short']],
+    'Reserved' : [ 0x3c, ['array', 6, ['unsigned long']]],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0xc, {
+    'Previous' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x4, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x10, ['pointer', ['void']]],
+    'WhichOrderedElement' : [ 0x14, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x18, ['unsigned long']],
+    'DepthOfTree' : [ 0x1c, ['unsigned long']],
+    'RestartKey' : [ 0x20, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x24, ['unsigned long']],
+    'CompareRoutine' : [ 0x28, ['pointer', ['void']]],
+    'AllocateRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'FreeRoutine' : [ 0x30, ['pointer', ['void']]],
+    'TableContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_DESCRIPTOR' : [ 0x8, {
+    'Pad' : [ 0x0, ['unsigned short']],
+    'Limit' : [ 0x2, ['unsigned short']],
+    'Base' : [ 0x4, ['unsigned long']],
+} ],
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x5f0, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'Reserved2' : [ 0x248, ['array', 7, ['unsigned long']]],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'AltArchitecturePad' : [ 0x2c4, ['array', 1, ['unsigned long']]],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['unsigned char']],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'TscQpcData' : [ 0x2ed, ['unsigned char']],
+    'TscQpcEnabled' : [ 0x2ed, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TscQpcSpareFlag' : [ 0x2ed, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'TscQpcShift' : [ 0x2ed, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'TscQpcPad' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgSystemDllRelocated' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgSEHValidationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'SystemCall' : [ 0x300, ['unsigned long']],
+    'SystemCallReturn' : [ 0x304, ['unsigned long']],
+    'SystemCallPad' : [ 0x308, ['array', 3, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'DEPRECATED_Wow64SharedInformation' : [ 0x340, ['array', 16, ['unsigned long']]],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved5' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'TscQpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned short']],
+    'Reserved4' : [ 0x3c6, ['unsigned short']],
+    'AitSamplingValue' : [ 0x3c8, ['unsigned long']],
+    'AppCompatFlag' : [ 0x3cc, ['unsigned long']],
+    'DEPRECATED_SystemDllNativeRelocation' : [ 0x3d0, ['unsigned long long']],
+    'DEPRECATED_SystemDllWowRelocation' : [ 0x3d8, ['unsigned long']],
+    'XStatePad' : [ 0x3dc, ['array', 1, ['unsigned long']]],
+    'XState' : [ 0x3e0, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1041' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1041']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1045' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1045']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_105e' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1060' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_105e']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x4, ['pointer', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x8, ['pointer', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0xc, ['pointer', ['void']]],
+    'RaceDll' : [ 0x10, ['pointer', ['void']]],
+    'ActivationContext' : [ 0x14, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x18, ['pointer', ['void']]],
+    'u' : [ 0x1c, ['__unnamed_1060']],
+    'CallbackPriority' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_INVALID'})]],
+    'Size' : [ 0x24, ['unsigned long']],
+} ],
+  '_TP_TASK' : [ 0x14, {
+    'Callbacks' : [ 0x0, ['pointer', ['_TP_TASK_CALLBACKS']]],
+    'NumaNode' : [ 0x4, ['unsigned long']],
+    'IdealProcessor' : [ 0x8, ['unsigned char']],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+} ],
+  '_TP_TASK_CALLBACKS' : [ 0x8, {
+    'ExecuteCallback' : [ 0x0, ['pointer', ['void']]],
+    'Unposted' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_TP_DIRECT' : [ 0xc, {
+    'Callback' : [ 0x0, ['pointer', ['void']]],
+    'NumaNode' : [ 0x4, ['unsigned long']],
+    'IdealProcessor' : [ 0x8, ['unsigned char']],
+} ],
+  '_TEB' : [ 0xfe4, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x1c, ['pointer', ['void']]],
+    'ClientId' : [ 0x20, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['pointer', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x30, ['pointer', ['_PEB']]],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['pointer', ['void']]],
+    'Win32ThreadInfo' : [ 0x40, ['pointer', ['void']]],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['pointer', ['void']]],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'SystemReserved1' : [ 0xcc, ['array', 54, ['pointer', ['void']]]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['pointer', ['_ACTIVATION_CONTEXT_STACK']]],
+    'SpareBytes' : [ 0x1ac, ['array', 36, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['pointer', ['void']]],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['pointer', ['void']]],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['pointer', ['void']]]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['pointer', ['void']]],
+    'glSectionInfo' : [ 0xbe0, ['pointer', ['void']]],
+    'glSection' : [ 0xbe4, ['pointer', ['void']]],
+    'glTable' : [ 0xbe8, ['pointer', ['void']]],
+    'glCurrentRC' : [ 0xbec, ['pointer', ['void']]],
+    'glContext' : [ 0xbf0, ['pointer', ['void']]],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['pointer', ['void']]],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['pointer', ['void']]]],
+    'TlsLinks' : [ 0xf10, ['_LIST_ENTRY']],
+    'Vdm' : [ 0xf18, ['pointer', ['void']]],
+    'ReservedForNtRpc' : [ 0xf1c, ['pointer', ['void']]],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['pointer', ['void']]]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['pointer', ['void']]]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['pointer', ['void']]],
+    'EtwLocalData' : [ 0xf64, ['pointer', ['void']]],
+    'EtwTraceData' : [ 0xf68, ['pointer', ['void']]],
+    'WinSockData' : [ 0xf6c, ['pointer', ['void']]],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['pointer', ['void']]],
+    'ReservedForOle' : [ 0xf80, ['pointer', ['void']]],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['pointer', ['void']]],
+    'SoftPatchPtr1' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['pointer', ['void']]],
+    'TlsExpansionSlots' : [ 0xf94, ['pointer', ['pointer', ['void']]]],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['pointer', ['void']]],
+    'pShimData' : [ 0xfa4, ['pointer', ['void']]],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['pointer', ['void']]],
+    'ActiveFrame' : [ 0xfb0, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0xfb4, ['pointer', ['void']]],
+    'PreferredLanguages' : [ 0xfb8, ['pointer', ['void']]],
+    'UserPrefLanguages' : [ 0xfbc, ['pointer', ['void']]],
+    'MergedPrefLanguages' : [ 0xfc0, ['pointer', ['void']]],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['pointer', ['void']]],
+    'TxnScopeExitCallback' : [ 0xfd0, ['pointer', ['void']]],
+    'TxnScopeContext' : [ 0xfd4, ['pointer', ['void']]],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'SpareUlong0' : [ 0xfdc, ['unsigned long']],
+    'ResourceRetValue' : [ 0xfe0, ['pointer', ['void']]],
+} ],
+  '_LIST_ENTRY' : [ 0x8, {
+    'Flink' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x4, {
+    'Next' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0xc, {
+    'ChainHead' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x14, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ChainHead' : [ 0xc, ['pointer', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x24, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned short']]],
+} ],
+  '_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS' : [ 0xf8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_KPCR' : [ 0x3748, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'Used_ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Used_StackBase' : [ 0x4, ['pointer', ['void']]],
+    'Spare2' : [ 0x8, ['pointer', ['void']]],
+    'TssCopy' : [ 0xc, ['pointer', ['void']]],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'SetMemberCopy' : [ 0x14, ['unsigned long']],
+    'Used_Self' : [ 0x18, ['pointer', ['void']]],
+    'SelfPcr' : [ 0x1c, ['pointer', ['_KPCR']]],
+    'Prcb' : [ 0x20, ['pointer', ['_KPRCB']]],
+    'Irql' : [ 0x24, ['unsigned char']],
+    'IRR' : [ 0x28, ['unsigned long']],
+    'IrrActive' : [ 0x2c, ['unsigned long']],
+    'IDR' : [ 0x30, ['unsigned long']],
+    'KdVersionBlock' : [ 0x34, ['pointer', ['void']]],
+    'IDT' : [ 0x38, ['pointer', ['_KIDTENTRY']]],
+    'GDT' : [ 0x3c, ['pointer', ['_KGDTENTRY']]],
+    'TSS' : [ 0x40, ['pointer', ['_KTSS']]],
+    'MajorVersion' : [ 0x44, ['unsigned short']],
+    'MinorVersion' : [ 0x46, ['unsigned short']],
+    'SetMember' : [ 0x48, ['unsigned long']],
+    'StallScaleFactor' : [ 0x4c, ['unsigned long']],
+    'SpareUnused' : [ 0x50, ['unsigned char']],
+    'Number' : [ 0x51, ['unsigned char']],
+    'Spare0' : [ 0x52, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x53, ['unsigned char']],
+    'VdmAlert' : [ 0x54, ['unsigned long']],
+    'KernelReserved' : [ 0x58, ['array', 14, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0x90, ['unsigned long']],
+    'HalReserved' : [ 0x94, ['array', 16, ['unsigned long']]],
+    'InterruptMode' : [ 0xd4, ['unsigned long']],
+    'Spare1' : [ 0xd8, ['unsigned char']],
+    'KernelReserved2' : [ 0xdc, ['array', 17, ['unsigned long']]],
+    'PrcbData' : [ 0x120, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x3628, {
+    'MinorVersion' : [ 0x0, ['unsigned short']],
+    'MajorVersion' : [ 0x2, ['unsigned short']],
+    'CurrentThread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'NextThread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'IdleThread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'LegacyNumber' : [ 0x10, ['unsigned char']],
+    'NestingLevel' : [ 0x11, ['unsigned char']],
+    'BuildType' : [ 0x12, ['unsigned short']],
+    'CpuType' : [ 0x14, ['unsigned char']],
+    'CpuID' : [ 0x15, ['unsigned char']],
+    'CpuStep' : [ 0x16, ['unsigned short']],
+    'CpuStepping' : [ 0x16, ['unsigned char']],
+    'CpuModel' : [ 0x17, ['unsigned char']],
+    'ProcessorState' : [ 0x18, ['_KPROCESSOR_STATE']],
+    'KernelReserved' : [ 0x338, ['array', 16, ['unsigned long']]],
+    'HalReserved' : [ 0x378, ['array', 16, ['unsigned long']]],
+    'CFlushSize' : [ 0x3b8, ['unsigned long']],
+    'CoresPerPhysicalProcessor' : [ 0x3bc, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x3bd, ['unsigned char']],
+    'PrcbPad0' : [ 0x3be, ['array', 2, ['unsigned char']]],
+    'MHz' : [ 0x3c0, ['unsigned long']],
+    'CpuVendor' : [ 0x3c4, ['unsigned char']],
+    'GroupIndex' : [ 0x3c5, ['unsigned char']],
+    'Group' : [ 0x3c6, ['unsigned short']],
+    'GroupSetMember' : [ 0x3c8, ['unsigned long']],
+    'Number' : [ 0x3cc, ['unsigned long']],
+    'PrcbPad1' : [ 0x3d0, ['array', 72, ['unsigned char']]],
+    'LockQueue' : [ 0x418, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'NpxThread' : [ 0x4a0, ['pointer', ['_KTHREAD']]],
+    'InterruptCount' : [ 0x4a4, ['unsigned long']],
+    'KernelTime' : [ 0x4a8, ['unsigned long']],
+    'UserTime' : [ 0x4ac, ['unsigned long']],
+    'DpcTime' : [ 0x4b0, ['unsigned long']],
+    'DpcTimeCount' : [ 0x4b4, ['unsigned long']],
+    'InterruptTime' : [ 0x4b8, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4bc, ['unsigned long']],
+    'PageColor' : [ 0x4c0, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4c4, ['unsigned char']],
+    'NodeColor' : [ 0x4c5, ['unsigned char']],
+    'PrcbPad20' : [ 0x4c6, ['array', 2, ['unsigned char']]],
+    'NodeShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'ParentNode' : [ 0x4cc, ['pointer', ['_KNODE']]],
+    'SecondaryColorMask' : [ 0x4d0, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4d4, ['unsigned long']],
+    'PrcbPad21' : [ 0x4d8, ['array', 2, ['unsigned long']]],
+    'CcFastReadNoWait' : [ 0x4e0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x4e4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x4e8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x4ec, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x4f0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x4f4, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x4f8, ['long']],
+    'IoReadOperationCount' : [ 0x4fc, ['long']],
+    'IoWriteOperationCount' : [ 0x500, ['long']],
+    'IoOtherOperationCount' : [ 0x504, ['long']],
+    'IoReadTransferCount' : [ 0x508, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x510, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x518, ['_LARGE_INTEGER']],
+    'CcFastMdlReadNoWait' : [ 0x520, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x524, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x528, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x52c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x530, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x534, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x538, ['unsigned long']],
+    'CcPinReadWait' : [ 0x53c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x540, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x544, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x548, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x54c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x550, ['unsigned long']],
+    'CcDataFlushes' : [ 0x554, ['unsigned long']],
+    'CcDataPages' : [ 0x558, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x55c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x560, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x564, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x568, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x56c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x570, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x574, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x578, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x57c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x580, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x584, ['unsigned long']],
+    'KeAlignmentFixupCount' : [ 0x588, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x58c, ['unsigned long']],
+    'KeSystemCalls' : [ 0x590, ['unsigned long']],
+    'AvailableTime' : [ 0x594, ['unsigned long']],
+    'PrcbPad22' : [ 0x598, ['array', 2, ['unsigned long']]],
+    'PPLookasideList' : [ 0x5a0, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNPagedLookasideList' : [ 0x620, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0xf20, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x1820, ['unsigned long']],
+    'ReverseStall' : [ 0x1824, ['long']],
+    'IpiFrame' : [ 0x1828, ['pointer', ['void']]],
+    'PrcbPad3' : [ 0x182c, ['array', 52, ['unsigned char']]],
+    'CurrentPacket' : [ 0x1860, ['array', 3, ['pointer', ['void']]]],
+    'TargetSet' : [ 0x186c, ['unsigned long']],
+    'WorkerRoutine' : [ 0x1870, ['pointer', ['void']]],
+    'IpiFrozen' : [ 0x1874, ['unsigned long']],
+    'PrcbPad4' : [ 0x1878, ['array', 40, ['unsigned char']]],
+    'RequestSummary' : [ 0x18a0, ['unsigned long']],
+    'SignalDone' : [ 0x18a4, ['pointer', ['_KPRCB']]],
+    'PrcbPad50' : [ 0x18a8, ['array', 56, ['unsigned char']]],
+    'DpcData' : [ 0x18e0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x1908, ['pointer', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x190c, ['long']],
+    'DpcRequestRate' : [ 0x1910, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x1914, ['unsigned long']],
+    'DpcLastCount' : [ 0x1918, ['unsigned long']],
+    'PrcbLock' : [ 0x191c, ['unsigned long']],
+    'DpcGate' : [ 0x1920, ['_KGATE']],
+    'ThreadDpcEnable' : [ 0x1930, ['unsigned char']],
+    'QuantumEnd' : [ 0x1931, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x1932, ['unsigned char']],
+    'IdleSchedule' : [ 0x1933, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x1934, ['long']],
+    'DpcRequestSlot' : [ 0x1934, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x1934, ['short']],
+    'DpcThreadActive' : [ 0x1936, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'ThreadDpcState' : [ 0x1936, ['short']],
+    'TimerHand' : [ 0x1938, ['unsigned long']],
+    'LastTick' : [ 0x193c, ['unsigned long']],
+    'MasterOffset' : [ 0x1940, ['long']],
+    'PrcbPad41' : [ 0x1944, ['array', 2, ['unsigned long']]],
+    'PeriodicCount' : [ 0x194c, ['unsigned long']],
+    'PeriodicBias' : [ 0x1950, ['unsigned long']],
+    'TickOffset' : [ 0x1958, ['unsigned long long']],
+    'TimerTable' : [ 0x1960, ['_KTIMER_TABLE']],
+    'CallDpc' : [ 0x31a0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x31c0, ['long']],
+    'ClockCheckSlot' : [ 0x31c4, ['unsigned char']],
+    'ClockPollCycle' : [ 0x31c5, ['unsigned char']],
+    'PrcbPad6' : [ 0x31c6, ['array', 2, ['unsigned char']]],
+    'DpcWatchdogPeriod' : [ 0x31c8, ['long']],
+    'DpcWatchdogCount' : [ 0x31cc, ['long']],
+    'ThreadWatchdogPeriod' : [ 0x31d0, ['long']],
+    'ThreadWatchdogCount' : [ 0x31d4, ['long']],
+    'KeSpinLockOrdering' : [ 0x31d8, ['long']],
+    'PrcbPad70' : [ 0x31dc, ['array', 1, ['unsigned long']]],
+    'WaitListHead' : [ 0x31e0, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x31e8, ['unsigned long']],
+    'ReadySummary' : [ 0x31ec, ['unsigned long']],
+    'QueueIndex' : [ 0x31f0, ['unsigned long']],
+    'DeferredReadyListHead' : [ 0x31f4, ['_SINGLE_LIST_ENTRY']],
+    'StartCycles' : [ 0x31f8, ['unsigned long long']],
+    'CycleTime' : [ 0x3200, ['unsigned long long']],
+    'HighCycleTime' : [ 0x3208, ['unsigned long']],
+    'PrcbPad71' : [ 0x320c, ['unsigned long']],
+    'PrcbPad72' : [ 0x3210, ['array', 2, ['unsigned long long']]],
+    'DispatcherReadyListHead' : [ 0x3220, ['array', 32, ['_LIST_ENTRY']]],
+    'ChainedInterruptList' : [ 0x3320, ['pointer', ['void']]],
+    'LookasideIrpFloat' : [ 0x3324, ['long']],
+    'MmPageFaultCount' : [ 0x3328, ['long']],
+    'MmCopyOnWriteCount' : [ 0x332c, ['long']],
+    'MmTransitionCount' : [ 0x3330, ['long']],
+    'MmCacheTransitionCount' : [ 0x3334, ['long']],
+    'MmDemandZeroCount' : [ 0x3338, ['long']],
+    'MmPageReadCount' : [ 0x333c, ['long']],
+    'MmPageReadIoCount' : [ 0x3340, ['long']],
+    'MmCacheReadCount' : [ 0x3344, ['long']],
+    'MmCacheIoCount' : [ 0x3348, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x334c, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x3350, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x3354, ['long']],
+    'MmMappedWriteIoCount' : [ 0x3358, ['long']],
+    'CachedCommit' : [ 0x335c, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x3360, ['unsigned long']],
+    'HyperPte' : [ 0x3364, ['pointer', ['void']]],
+    'PrcbPad8' : [ 0x3368, ['array', 4, ['unsigned char']]],
+    'VendorString' : [ 0x336c, ['array', 13, ['unsigned char']]],
+    'InitialApicId' : [ 0x3379, ['unsigned char']],
+    'LogicalProcessorsPerPhysicalProcessor' : [ 0x337a, ['unsigned char']],
+    'PrcbPad9' : [ 0x337b, ['array', 5, ['unsigned char']]],
+    'FeatureBits' : [ 0x3380, ['unsigned long']],
+    'UpdateSignature' : [ 0x3388, ['_LARGE_INTEGER']],
+    'IsrTime' : [ 0x3390, ['unsigned long long']],
+    'RuntimeAccumulation' : [ 0x3398, ['unsigned long long']],
+    'PowerState' : [ 0x33a0, ['_PROCESSOR_POWER_STATE']],
+    'DpcWatchdogDpc' : [ 0x3468, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x3488, ['_KTIMER']],
+    'WheaInfo' : [ 0x34b0, ['pointer', ['void']]],
+    'EtwSupport' : [ 0x34b4, ['pointer', ['void']]],
+    'InterruptObjectPool' : [ 0x34b8, ['_SLIST_HEADER']],
+    'HypercallPageList' : [ 0x34c0, ['_SLIST_HEADER']],
+    'HypercallPageVirtual' : [ 0x34c8, ['pointer', ['void']]],
+    'VirtualApicAssist' : [ 0x34cc, ['pointer', ['void']]],
+    'StatisticsPage' : [ 0x34d0, ['pointer', ['unsigned long long']]],
+    'RateControl' : [ 0x34d4, ['pointer', ['void']]],
+    'Cache' : [ 0x34d8, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x3514, ['unsigned long']],
+    'CacheProcessorMask' : [ 0x3518, ['array', 5, ['unsigned long']]],
+    'PackageProcessorSet' : [ 0x352c, ['_KAFFINITY_EX']],
+    'PrcbPad91' : [ 0x3538, ['array', 1, ['unsigned long']]],
+    'CoreProcessorSet' : [ 0x353c, ['unsigned long']],
+    'TimerExpirationDpc' : [ 0x3540, ['_KDPC']],
+    'SpinLockAcquireCount' : [ 0x3560, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x3564, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x3568, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0x356c, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x3570, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x3574, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x3578, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x357c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x3580, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x3584, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x3588, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x358c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x3590, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x3594, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x3598, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x359c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x35a0, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x35a4, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x35a8, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x35ac, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x35b0, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x35b4, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x35b8, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x35bc, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x35c0, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x35c4, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x35c8, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x35cc, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x35d0, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x35d4, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x35d8, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x35dc, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x35e0, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x35e4, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x35e8, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x35ec, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x35f0, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x35f4, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x35f8, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x35fc, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0x3600, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0x3604, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0x3608, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0x360c, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0x3610, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0x3614, ['unsigned long']],
+    'Context' : [ 0x3618, ['pointer', ['_CONTEXT']]],
+    'ContextFlags' : [ 0x361c, ['unsigned long']],
+    'ExtendedState' : [ 0x3620, ['pointer', ['_XSAVE_AREA']]],
+} ],
+  '_KAPC' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x14, ['pointer', ['void']]],
+    'RundownRoutine' : [ 0x18, ['pointer', ['void']]],
+    'NormalRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'NormalContext' : [ 0x20, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x24, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x28, ['pointer', ['void']]],
+    'ApcStateIndex' : [ 0x2c, ['unsigned char']],
+    'ApcMode' : [ 0x2d, ['unsigned char']],
+    'Inserted' : [ 0x2e, ['unsigned char']],
+} ],
+  '_KTHREAD' : [ 0x200, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'CycleTime' : [ 0x10, ['unsigned long long']],
+    'HighCycleTime' : [ 0x18, ['unsigned long']],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer', ['void']]],
+    'StackLimit' : [ 0x2c, ['pointer', ['void']]],
+    'KernelStack' : [ 0x30, ['pointer', ['void']]],
+    'ThreadLock' : [ 0x34, ['unsigned long']],
+    'WaitRegister' : [ 0x38, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x39, ['unsigned char']],
+    'Alerted' : [ 0x3a, ['array', 2, ['unsigned char']]],
+    'KernelStackResident' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessReadyQueue' : [ 0x3c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WaitNext' : [ 0x3c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x3c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Alertable' : [ 0x3c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GdiFlushActive' : [ 0x3c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x3c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x3c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x3c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x3c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x3c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'TimerActive' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SystemThread' : [ 0x3c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Reserved' : [ 0x3c, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x3c, ['long']],
+    'ApcState' : [ 0x40, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x40, ['array', 23, ['unsigned char']]],
+    'Priority' : [ 0x57, ['unsigned char']],
+    'NextProcessor' : [ 0x58, ['unsigned long']],
+    'DeferredProcessor' : [ 0x5c, ['unsigned long']],
+    'ApcQueueLock' : [ 0x60, ['unsigned long']],
+    'ContextSwitches' : [ 0x64, ['unsigned long']],
+    'State' : [ 0x68, ['unsigned char']],
+    'NpxState' : [ 0x69, ['unsigned char']],
+    'WaitIrql' : [ 0x6a, ['unsigned char']],
+    'WaitMode' : [ 0x6b, ['unsigned char']],
+    'WaitStatus' : [ 0x6c, ['long']],
+    'WaitBlockList' : [ 0x70, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0x74, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x74, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0x7c, ['pointer', ['_KQUEUE']]],
+    'WaitTime' : [ 0x80, ['unsigned long']],
+    'KernelApcDisable' : [ 0x84, ['short']],
+    'SpecialApcDisable' : [ 0x86, ['short']],
+    'CombinedApcDisable' : [ 0x84, ['unsigned long']],
+    'Teb' : [ 0x88, ['pointer', ['void']]],
+    'Timer' : [ 0x90, ['_KTIMER']],
+    'AutoAlignment' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0xb8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EtwStackTraceApc1Inserted' : [ 0xb8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EtwStackTraceApc2Inserted' : [ 0xb8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CalloutActive' : [ 0xb8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0xb8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0xb8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0xb8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'VdmSafe' : [ 0xb8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'UmsDispatched' : [ 0xb8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0xb8, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0xb8, ['long']],
+    'ServiceTable' : [ 0xbc, ['pointer', ['void']]],
+    'WaitBlock' : [ 0xc0, ['array', 4, ['_KWAIT_BLOCK']]],
+    'QueueListEntry' : [ 0x120, ['_LIST_ENTRY']],
+    'TrapFrame' : [ 0x128, ['pointer', ['_KTRAP_FRAME']]],
+    'FirstArgument' : [ 0x12c, ['pointer', ['void']]],
+    'CallbackStack' : [ 0x130, ['pointer', ['void']]],
+    'CallbackDepth' : [ 0x130, ['unsigned long']],
+    'ApcStateIndex' : [ 0x134, ['unsigned char']],
+    'BasePriority' : [ 0x135, ['unsigned char']],
+    'PriorityDecrement' : [ 0x136, ['unsigned char']],
+    'ForegroundBoost' : [ 0x136, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x136, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x137, ['unsigned char']],
+    'AdjustReason' : [ 0x138, ['unsigned char']],
+    'AdjustIncrement' : [ 0x139, ['unsigned char']],
+    'PreviousMode' : [ 0x13a, ['unsigned char']],
+    'Saturation' : [ 0x13b, ['unsigned char']],
+    'SystemCallNumber' : [ 0x13c, ['unsigned long']],
+    'FreezeCount' : [ 0x140, ['unsigned long']],
+    'UserAffinity' : [ 0x144, ['_GROUP_AFFINITY']],
+    'Process' : [ 0x150, ['pointer', ['_KPROCESS']]],
+    'Affinity' : [ 0x154, ['_GROUP_AFFINITY']],
+    'IdealProcessor' : [ 0x160, ['unsigned long']],
+    'UserIdealProcessor' : [ 0x164, ['unsigned long']],
+    'ApcStatePointer' : [ 0x168, ['array', 2, ['pointer', ['_KAPC_STATE']]]],
+    'SavedApcState' : [ 0x170, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x170, ['array', 23, ['unsigned char']]],
+    'WaitReason' : [ 0x187, ['unsigned char']],
+    'SuspendCount' : [ 0x188, ['unsigned char']],
+    'Spare1' : [ 0x189, ['unsigned char']],
+    'OtherPlatformFill' : [ 0x18a, ['unsigned char']],
+    'Win32Thread' : [ 0x18c, ['pointer', ['void']]],
+    'StackBase' : [ 0x190, ['pointer', ['void']]],
+    'SuspendApc' : [ 0x194, ['_KAPC']],
+    'SuspendApcFill0' : [ 0x194, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x195, ['unsigned char']],
+    'SuspendApcFill1' : [ 0x194, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x197, ['unsigned char']],
+    'SuspendApcFill2' : [ 0x194, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x198, ['unsigned long']],
+    'SuspendApcFill3' : [ 0x194, ['array', 36, ['unsigned char']]],
+    'WaitPrcb' : [ 0x1b8, ['pointer', ['_KPRCB']]],
+    'SuspendApcFill4' : [ 0x194, ['array', 40, ['unsigned char']]],
+    'LegoData' : [ 0x1bc, ['pointer', ['void']]],
+    'SuspendApcFill5' : [ 0x194, ['array', 47, ['unsigned char']]],
+    'LargeStack' : [ 0x1c3, ['unsigned char']],
+    'UserTime' : [ 0x1c4, ['unsigned long']],
+    'SuspendSemaphore' : [ 0x1c8, ['_KSEMAPHORE']],
+    'SuspendSemaphorefill' : [ 0x1c8, ['array', 20, ['unsigned char']]],
+    'SListFaultCount' : [ 0x1dc, ['unsigned long']],
+    'ThreadListEntry' : [ 0x1e0, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x1e8, ['_LIST_ENTRY']],
+    'SListFaultAddress' : [ 0x1f0, ['pointer', ['void']]],
+    'ThreadCounters' : [ 0x1f4, ['pointer', ['_KTHREAD_COUNTERS']]],
+    'XStateSave' : [ 0x1f8, ['pointer', ['_XSTATE_SAVE']]],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Event' : [ 0xc, ['_KEVENT']],
+    'OldIrql' : [ 0x1c, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_SLIST_HEADER' : [ 0x8, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x4, ['unsigned short']],
+    'Sequence' : [ 0x6, ['unsigned short']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x48, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['unsigned long']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['_FAST_MUTEX']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer', ['void']]],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_EX_PUSH_LOCK_CACHE_AWARE' : [ 0x80, {
+    'Locks' : [ 0x0, ['array', 32, ['pointer', ['_EX_PUSH_LOCK']]]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x8, {
+    'P' : [ 0x0, ['pointer', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x4, ['pointer', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_EX_FAST_REF' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_EX_PUSH_LOCK_WAIT_BLOCK' : [ 0x30, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Next' : [ 0x10, ['pointer', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'Last' : [ 0x14, ['pointer', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'Previous' : [ 0x18, ['pointer', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'ShareCount' : [ 0x1c, ['long']],
+    'Flags' : [ 0x20, ['long']],
+} ],
+  '_ETHREAD' : [ 0x2b8, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x200, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x208, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x208, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x210, ['long']],
+    'PostBlockList' : [ 0x214, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x214, ['pointer', ['void']]],
+    'StartAddress' : [ 0x218, ['pointer', ['void']]],
+    'TerminationPort' : [ 0x21c, ['pointer', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x21c, ['pointer', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x21c, ['pointer', ['void']]],
+    'ActiveTimerListLock' : [ 0x220, ['unsigned long']],
+    'ActiveTimerListHead' : [ 0x224, ['_LIST_ENTRY']],
+    'Cid' : [ 0x22c, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x234, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x234, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x248, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x24c, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x254, ['unsigned long']],
+    'DeviceToVerify' : [ 0x258, ['pointer', ['_DEVICE_OBJECT']]],
+    'CpuQuotaApc' : [ 0x25c, ['pointer', ['_PSP_CPU_QUOTA_APC']]],
+    'Win32StartAddress' : [ 0x260, ['pointer', ['void']]],
+    'LegacyPowerObject' : [ 0x264, ['pointer', ['void']]],
+    'ThreadListEntry' : [ 0x268, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x270, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x274, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x278, ['unsigned long']],
+    'MmLockOrdering' : [ 0x27c, ['long']],
+    'CrossThreadFlags' : [ 0x280, ['unsigned long']],
+    'Terminated' : [ 0x280, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x280, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x280, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x280, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x280, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x280, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x280, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x280, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x280, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x280, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x280, ['BitField', dict(start_bit = 10, end_bit = 13, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x280, ['BitField', dict(start_bit = 13, end_bit = 16, native_type='unsigned long')]],
+    'RundownFail' : [ 0x280, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NeedsWorkingSetAging' : [ 0x280, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x284, ['unsigned long']],
+    'ActiveExWorker' : [ 0x284, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerCanWaitUser' : [ 0x284, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x284, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x284, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x284, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RateApcState' : [ 0x284, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x284, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x288, ['unsigned long']],
+    'Spare' : [ 0x288, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x288, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EtwPageFaultCalloutActive' : [ 0x288, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'OwnsProcessWorkingSetExclusive' : [ 0x288, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'OwnsProcessWorkingSetShared' : [ 0x288, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsSystemCacheWorkingSetExclusive' : [ 0x288, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsSystemCacheWorkingSetShared' : [ 0x288, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsSessionWorkingSetExclusive' : [ 0x288, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'OwnsSessionWorkingSetShared' : [ 0x289, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x289, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x289, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x289, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Prefetching' : [ 0x289, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsDynamicMemoryShared' : [ 0x289, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsChangeControlAreaExclusive' : [ 0x289, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsChangeControlAreaShared' : [ 0x289, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'OwnsPagedPoolWorkingSetExclusive' : [ 0x28a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsPagedPoolWorkingSetShared' : [ 0x28a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'OwnsSystemPtesWorkingSetExclusive' : [ 0x28a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'OwnsSystemPtesWorkingSetShared' : [ 0x28a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'TrimTrigger' : [ 0x28a, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x28a, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'PriorityRegionActive' : [ 0x28b, ['unsigned char']],
+    'CacheManagerActive' : [ 0x28c, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x28d, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x28e, ['unsigned char']],
+    'LockOrderState' : [ 0x28f, ['unsigned char']],
+    'AlpcMessageId' : [ 0x290, ['unsigned long']],
+    'AlpcMessage' : [ 0x294, ['pointer', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x294, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x298, ['_LIST_ENTRY']],
+    'CacheManagerCount' : [ 0x2a0, ['unsigned long']],
+    'IoBoostCount' : [ 0x2a4, ['unsigned long']],
+    'IrpListLock' : [ 0x2a8, ['unsigned long']],
+    'ReservedForSynchTracking' : [ 0x2ac, ['pointer', ['void']]],
+    'CmCallbackListHead' : [ 0x2b0, ['_SINGLE_LIST_ENTRY']],
+    'KernelStackReference' : [ 0x2b4, ['unsigned long']],
+} ],
+  '_EPROCESS' : [ 0x2d8, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x98, ['_EX_PUSH_LOCK']],
+    'CreateTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'RundownProtect' : [ 0xb0, ['_EX_RUNDOWN_REF']],
+    'UniqueProcessId' : [ 0xb4, ['pointer', ['void']]],
+    'ActiveProcessLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'ProcessQuotaUsage' : [ 0xc0, ['array', 2, ['unsigned long']]],
+    'ProcessQuotaPeak' : [ 0xc8, ['array', 2, ['unsigned long']]],
+    'CommitCharge' : [ 0xd0, ['unsigned long']],
+    'QuotaBlock' : [ 0xd4, ['pointer', ['_EPROCESS_QUOTA_BLOCK']]],
+    'CpuQuotaBlock' : [ 0xd8, ['pointer', ['_PS_CPU_QUOTA_BLOCK']]],
+    'PeakVirtualSize' : [ 0xdc, ['unsigned long']],
+    'VirtualSize' : [ 0xe0, ['unsigned long']],
+    'SessionProcessLinks' : [ 0xe4, ['_LIST_ENTRY']],
+    'DebugPort' : [ 0xec, ['pointer', ['void']]],
+    'ExceptionPortData' : [ 0xf0, ['pointer', ['void']]],
+    'ExceptionPortValue' : [ 0xf0, ['unsigned long']],
+    'ExceptionPortState' : [ 0xf0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'ObjectTable' : [ 0xf4, ['pointer', ['_HANDLE_TABLE']]],
+    'Token' : [ 0xf8, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0xfc, ['unsigned long']],
+    'AddressCreationLock' : [ 0x100, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x104, ['pointer', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x108, ['pointer', ['_ETHREAD']]],
+    'HardwareTrigger' : [ 0x10c, ['unsigned long']],
+    'PhysicalVadRoot' : [ 0x110, ['pointer', ['_MM_AVL_TABLE']]],
+    'CloneRoot' : [ 0x114, ['pointer', ['void']]],
+    'NumberOfPrivatePages' : [ 0x118, ['unsigned long']],
+    'NumberOfLockedPages' : [ 0x11c, ['unsigned long']],
+    'Win32Process' : [ 0x120, ['pointer', ['void']]],
+    'Job' : [ 0x124, ['pointer', ['_EJOB']]],
+    'SectionObject' : [ 0x128, ['pointer', ['void']]],
+    'SectionBaseAddress' : [ 0x12c, ['pointer', ['void']]],
+    'Cookie' : [ 0x130, ['unsigned long']],
+    'Spare8' : [ 0x134, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x138, ['pointer', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x13c, ['pointer', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x140, ['pointer', ['void']]],
+    'LdtInformation' : [ 0x144, ['pointer', ['void']]],
+    'VdmObjects' : [ 0x148, ['pointer', ['void']]],
+    'ConsoleHostProcess' : [ 0x14c, ['unsigned long']],
+    'DeviceMap' : [ 0x150, ['pointer', ['void']]],
+    'EtwDataSource' : [ 0x154, ['pointer', ['void']]],
+    'FreeTebHint' : [ 0x158, ['pointer', ['void']]],
+    'PageDirectoryPte' : [ 0x160, ['_HARDWARE_PTE']],
+    'Filler' : [ 0x160, ['unsigned long long']],
+    'Session' : [ 0x168, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x16c, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x17b, ['unsigned char']],
+    'JobLinks' : [ 0x17c, ['_LIST_ENTRY']],
+    'LockedPagesList' : [ 0x184, ['pointer', ['void']]],
+    'ThreadListHead' : [ 0x188, ['_LIST_ENTRY']],
+    'SecurityPort' : [ 0x190, ['pointer', ['void']]],
+    'PaeTop' : [ 0x194, ['pointer', ['void']]],
+    'ActiveThreads' : [ 0x198, ['unsigned long']],
+    'ImagePathHash' : [ 0x19c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x1a0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x1a4, ['long']],
+    'Peb' : [ 0x1a8, ['pointer', ['_PEB']]],
+    'PrefetchTrace' : [ 0x1ac, ['_EX_FAST_REF']],
+    'ReadOperationCount' : [ 0x1b0, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x1b8, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x1c0, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x1c8, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x1d0, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x1e0, ['unsigned long']],
+    'CommitChargePeak' : [ 0x1e4, ['unsigned long']],
+    'AweInfo' : [ 0x1e8, ['pointer', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x1ec, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'Vm' : [ 0x1f0, ['_MMSUPPORT']],
+    'MmProcessLinks' : [ 0x25c, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x264, ['pointer', ['void']]],
+    'ModifiedPageCount' : [ 0x268, ['unsigned long']],
+    'Flags2' : [ 0x26c, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x26c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x26c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x26c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x26c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x26c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x26c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ReportPhysicalPageChanges' : [ 0x26c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'HandleTableRundown' : [ 0x26c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x26c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x26c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'NumaAware' : [ 0x26c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProtectedProcess' : [ 0x26c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x26c, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x26c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x26c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x26c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x26c, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x26c, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x26c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x26c, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Spare1' : [ 0x26c, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x26c, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x26c, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'LowVaAccessible' : [ 0x26c, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Flags' : [ 0x270, ['unsigned long']],
+    'CreateReported' : [ 0x270, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x270, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x270, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x270, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow64SplitPages' : [ 0x270, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x270, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x270, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x270, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ForkFailed' : [ 0x270, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x270, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x270, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x270, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x270, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x270, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x270, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x270, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x270, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x270, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x270, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'InjectInpageErrors' : [ 0x270, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x270, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x270, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x270, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x270, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x270, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x270, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x270, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x270, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x270, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ExitStatus' : [ 0x274, ['long']],
+    'VadRoot' : [ 0x278, ['_MM_AVL_TABLE']],
+    'AlpcContext' : [ 0x298, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x2a8, ['_LIST_ENTRY']],
+    'RequestedTimerResolution' : [ 0x2b0, ['unsigned long']],
+    'ActiveThreadsHighWatermark' : [ 0x2b4, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x2b8, ['unsigned long']],
+    'TimerResolutionStackRecord' : [ 0x2bc, ['pointer', ['_PO_DIAG_STACK_RECORD']]],
+    'SequenceNumber' : [ 0x2c0, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x2c8, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x2d0, ['unsigned long long']],
+} ],
+  '_KPROCESS' : [ 0x98, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x18, ['unsigned long']],
+    'LdtDescriptor' : [ 0x1c, ['_KGDTENTRY']],
+    'Int21Descriptor' : [ 0x24, ['_KIDTENTRY']],
+    'ThreadListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x34, ['unsigned long']],
+    'Affinity' : [ 0x38, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x44, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x4c, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x50, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'ActiveGroupsMask' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x5c, ['long']],
+    'BasePriority' : [ 0x60, ['unsigned char']],
+    'QuantumReset' : [ 0x61, ['unsigned char']],
+    'Visited' : [ 0x62, ['unsigned char']],
+    'Unused3' : [ 0x63, ['unsigned char']],
+    'ThreadSeed' : [ 0x64, ['array', 1, ['unsigned long']]],
+    'IdealNode' : [ 0x68, ['array', 1, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x6a, ['unsigned short']],
+    'Flags' : [ 0x6c, ['_KEXECUTE_OPTIONS']],
+    'Unused1' : [ 0x6d, ['unsigned char']],
+    'IopmOffset' : [ 0x6e, ['unsigned short']],
+    'Unused4' : [ 0x70, ['unsigned long']],
+    'StackCount' : [ 0x74, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x80, ['unsigned long long']],
+    'KernelTime' : [ 0x88, ['unsigned long']],
+    'UserTime' : [ 0x8c, ['unsigned long']],
+    'VdmTrapcHandler' : [ 0x90, ['pointer', ['void']]],
+} ],
+  '__unnamed_1292' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0x74, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'AuxData' : [ 0x30, ['pointer', ['void']]],
+    'Privileges' : [ 0x34, ['__unnamed_1292']],
+    'AuditPrivileges' : [ 0x60, ['unsigned char']],
+    'ObjectName' : [ 0x64, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x6c, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xc0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x4, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x14, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x18, ['unsigned long']],
+    'TransactionId' : [ 0x1c, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x30, ['pointer', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x34, ['pointer', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x38, ['pointer', ['void']]],
+    'SDLock' : [ 0x3c, ['pointer', ['void']]],
+    'AccessReasons' : [ 0x40, ['_ACCESS_REASONS']],
+} ],
+  '__unnamed_12a1' : [ 0x4, {
+    'MasterIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_12a6' : [ 0x8, {
+    'UserApcRoutine' : [ 0x0, ['pointer', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer', ['void']]],
+    'UserApcContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_12a8' : [ 0x8, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_12a6']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_12b3' : [ 0x28, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer', ['void']]]],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x14, ['pointer', ['unsigned char']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x20, ['pointer', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x20, ['unsigned long']],
+    'OriginalFileObject' : [ 0x24, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_12b5' : [ 0x30, {
+    'Overlay' : [ 0x0, ['__unnamed_12b3']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IRP' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x4, ['pointer', ['_MDL']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AssociatedIrp' : [ 0xc, ['__unnamed_12a1']],
+    'ThreadListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x18, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x20, ['unsigned char']],
+    'PendingReturned' : [ 0x21, ['unsigned char']],
+    'StackCount' : [ 0x22, ['unsigned char']],
+    'CurrentLocation' : [ 0x23, ['unsigned char']],
+    'Cancel' : [ 0x24, ['unsigned char']],
+    'CancelIrql' : [ 0x25, ['unsigned char']],
+    'ApcEnvironment' : [ 0x26, ['unsigned char']],
+    'AllocationFlags' : [ 0x27, ['unsigned char']],
+    'UserIosb' : [ 0x28, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x2c, ['pointer', ['_KEVENT']]],
+    'Overlay' : [ 0x30, ['__unnamed_12a8']],
+    'CancelRoutine' : [ 0x38, ['pointer', ['void']]],
+    'UserBuffer' : [ 0x3c, ['pointer', ['void']]],
+    'Tail' : [ 0x40, ['__unnamed_12b5']],
+} ],
+  '__unnamed_12bc' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'FileAttributes' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'EaLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_12c0' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_12c4' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_12c6' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_12ca' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_12cc' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_12ce' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_12d0' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0xc, ['unsigned char']],
+    'AdvanceOnly' : [ 0xd, ['unsigned char']],
+    'ClusterCount' : [ 0xc, ['unsigned long']],
+    'DeleteHandle' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_12d2' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x4, ['pointer', ['void']]],
+    'EaListLength' : [ 0x8, ['unsigned long']],
+    'EaIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_12d4' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_12d8' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_12da' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'FsControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_12dd' : [ 0x10, {
+    'Length' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_12df' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'IoControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_12e1' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_12e3' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_12e7' : [ 0x8, {
+    'Vpb' : [ 0x0, ['pointer', ['_VPB']]],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_12eb' : [ 0x4, {
+    'Srb' : [ 0x0, ['pointer', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_12ef' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x4, ['pointer', ['void']]],
+    'SidList' : [ 0x8, ['pointer', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_12f3' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_12f9' : [ 0x10, {
+    'InterfaceType' : [ 0x0, ['pointer', ['_GUID']]],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned short']],
+    'Interface' : [ 0x8, ['pointer', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_12fd' : [ 0x4, {
+    'Capabilities' : [ 0x0, ['pointer', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1301' : [ 0x4, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1303' : [ 0x10, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['void']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+    'Length' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1305' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_1309' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_130d' : [ 0x8, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1311' : [ 0x8, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile'})]],
+} ],
+  '__unnamed_1315' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_1319' : [ 0x4, {
+    'PowerSequence' : [ 0x0, ['pointer', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1321' : [ 0x10, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x8, ['_POWER_STATE']],
+    'ShutdownType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+} ],
+  '__unnamed_1325' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x4, ['pointer', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1327' : [ 0x10, {
+    'ProviderId' : [ 0x0, ['unsigned long']],
+    'DataPath' : [ 0x4, ['pointer', ['void']]],
+    'BufferSize' : [ 0x8, ['unsigned long']],
+    'Buffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1329' : [ 0x10, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_132b' : [ 0x10, {
+    'Create' : [ 0x0, ['__unnamed_12bc']],
+    'CreatePipe' : [ 0x0, ['__unnamed_12c0']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_12c4']],
+    'Read' : [ 0x0, ['__unnamed_12c6']],
+    'Write' : [ 0x0, ['__unnamed_12c6']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_12ca']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_12cc']],
+    'QueryFile' : [ 0x0, ['__unnamed_12ce']],
+    'SetFile' : [ 0x0, ['__unnamed_12d0']],
+    'QueryEa' : [ 0x0, ['__unnamed_12d2']],
+    'SetEa' : [ 0x0, ['__unnamed_12d4']],
+    'QueryVolume' : [ 0x0, ['__unnamed_12d8']],
+    'SetVolume' : [ 0x0, ['__unnamed_12d8']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_12da']],
+    'LockControl' : [ 0x0, ['__unnamed_12dd']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_12df']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_12e1']],
+    'SetSecurity' : [ 0x0, ['__unnamed_12e3']],
+    'MountVolume' : [ 0x0, ['__unnamed_12e7']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_12e7']],
+    'Scsi' : [ 0x0, ['__unnamed_12eb']],
+    'QueryQuota' : [ 0x0, ['__unnamed_12ef']],
+    'SetQuota' : [ 0x0, ['__unnamed_12d4']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_12f3']],
+    'QueryInterface' : [ 0x0, ['__unnamed_12f9']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_12fd']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1301']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1303']],
+    'SetLock' : [ 0x0, ['__unnamed_1305']],
+    'QueryId' : [ 0x0, ['__unnamed_1309']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_130d']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1311']],
+    'WaitWake' : [ 0x0, ['__unnamed_1315']],
+    'PowerSequence' : [ 0x0, ['__unnamed_1319']],
+    'Power' : [ 0x0, ['__unnamed_1321']],
+    'StartDevice' : [ 0x0, ['__unnamed_1325']],
+    'WMI' : [ 0x0, ['__unnamed_1327']],
+    'Others' : [ 0x0, ['__unnamed_1329']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x24, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x4, ['__unnamed_132b']],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_1341' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x14, ['pointer', ['_IRP']]],
+    'Timer' : [ 0x18, ['pointer', ['_IO_TIMER']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Characteristics' : [ 0x20, ['unsigned long']],
+    'Vpb' : [ 0x24, ['pointer', ['_VPB']]],
+    'DeviceExtension' : [ 0x28, ['pointer', ['void']]],
+    'DeviceType' : [ 0x2c, ['unsigned long']],
+    'StackSize' : [ 0x30, ['unsigned char']],
+    'Queue' : [ 0x34, ['__unnamed_1341']],
+    'AlignmentRequirement' : [ 0x5c, ['unsigned long']],
+    'DeviceQueue' : [ 0x60, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0x74, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x94, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x98, ['pointer', ['void']]],
+    'DeviceLock' : [ 0x9c, ['_KEVENT']],
+    'SectorSize' : [ 0xac, ['unsigned short']],
+    'Spare1' : [ 0xae, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0xb0, ['pointer', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0xb4, ['pointer', ['void']]],
+} ],
+  '_KDPC' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'DeferredRoutine' : [ 0xc, ['pointer', ['void']]],
+    'DeferredContext' : [ 0x10, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x14, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x18, ['pointer', ['void']]],
+    'DpcData' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x10, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x4, ['pointer', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x8, ['pointer', ['void']]],
+    'TxnParameters' : [ 0xc, ['pointer', ['_TXN_PARAMETER_BLOCK']]],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ObjectName' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x10, ['pointer', ['void']]],
+    'SecurityQualityOfService' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0x80, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x8, ['pointer', ['_VPB']]],
+    'FsContext' : [ 0xc, ['pointer', ['void']]],
+    'FsContext2' : [ 0x10, ['pointer', ['void']]],
+    'SectionObjectPointer' : [ 0x14, ['pointer', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x18, ['pointer', ['void']]],
+    'FinalStatus' : [ 0x1c, ['long']],
+    'RelatedFileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x24, ['unsigned char']],
+    'DeletePending' : [ 0x25, ['unsigned char']],
+    'ReadAccess' : [ 0x26, ['unsigned char']],
+    'WriteAccess' : [ 0x27, ['unsigned char']],
+    'DeleteAccess' : [ 0x28, ['unsigned char']],
+    'SharedRead' : [ 0x29, ['unsigned char']],
+    'SharedWrite' : [ 0x2a, ['unsigned char']],
+    'SharedDelete' : [ 0x2b, ['unsigned char']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x40, ['unsigned long']],
+    'Busy' : [ 0x44, ['unsigned long']],
+    'LastLock' : [ 0x48, ['pointer', ['void']]],
+    'Lock' : [ 0x4c, ['_KEVENT']],
+    'Event' : [ 0x5c, ['_KEVENT']],
+    'CompletionContext' : [ 0x6c, ['pointer', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0x70, ['unsigned long']],
+    'IrpList' : [ 0x74, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x4, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x38, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0x8, ['unsigned long']],
+    'CurrentFileIndex' : [ 0x8, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+    'FirstFileEntry' : [ 0x28, ['pointer', ['unsigned long']]],
+    'Process' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer', ['unsigned long']]],
+    'LastPageFrameEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x40, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0xc, ['pointer', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x10, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x28, ['pointer', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x2c, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x38, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_iobuf' : [ 0x20, {
+    '_ptr' : [ 0x0, ['pointer', ['unsigned char']]],
+    '_cnt' : [ 0x4, ['long']],
+    '_base' : [ 0x8, ['pointer', ['unsigned char']]],
+    '_flag' : [ 0xc, ['long']],
+    '_file' : [ 0x10, ['long']],
+    '_charbuf' : [ 0x14, ['long']],
+    '_bufsiz' : [ 0x18, ['long']],
+    '_tmpfname' : [ 0x1c, ['pointer', ['unsigned char']]],
+} ],
+  '__unnamed_14ae' : [ 0x4, {
+    'Long' : [ 0x0, ['unsigned long']],
+    'VolatileLong' : [ 0x0, ['unsigned long']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_14ae']],
+} ],
+  '__unnamed_14bf' : [ 0xc, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Ia64' : [ 0x0, ['_IA64_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0x88, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x28, ['unsigned long']],
+    'Prcb' : [ 0x2c, ['unsigned long']],
+    'Process' : [ 0x30, ['unsigned long']],
+    'Thread' : [ 0x34, ['unsigned long']],
+    'RegistryLength' : [ 0x38, ['unsigned long']],
+    'RegistryBase' : [ 0x3c, ['pointer', ['void']]],
+    'ConfigurationRoot' : [ 0x40, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0x44, ['pointer', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0x48, ['pointer', ['unsigned char']]],
+    'NtBootPathName' : [ 0x4c, ['pointer', ['unsigned char']]],
+    'NtHalPathName' : [ 0x50, ['pointer', ['unsigned char']]],
+    'LoadOptions' : [ 0x54, ['pointer', ['unsigned char']]],
+    'NlsData' : [ 0x58, ['pointer', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0x5c, ['pointer', ['_ARC_DISK_INFORMATION']]],
+    'OemFontFile' : [ 0x60, ['pointer', ['void']]],
+    'Extension' : [ 0x64, ['pointer', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0x68, ['__unnamed_14bf']],
+    'FirmwareInformation' : [ 0x74, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0xc, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x14, {
+    'Total' : [ 0x0, ['unsigned long']],
+    'ListName' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x8, ['unsigned long']],
+    'Blink' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_14f0' : [ 0x4, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'WsIndex' : [ 0x0, ['unsigned long']],
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_14f2' : [ 0x4, {
+    'Blink' : [ 0x0, ['unsigned long']],
+    'ImageProtoPte' : [ 0x0, ['pointer', ['_MMPTE']]],
+    'ShareCount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_14f5' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'VolatileReferenceCount' : [ 0x0, ['short']],
+    'ShortFlags' : [ 0x2, ['unsigned short']],
+} ],
+  '__unnamed_14f7' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY']],
+    'e2' : [ 0x0, ['__unnamed_14f5']],
+} ],
+  '__unnamed_14fc' : [ 0x4, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'PfnImageVerified' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'AweAllocation' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MMPFN' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_14f0']],
+    'u2' : [ 0x4, ['__unnamed_14f2']],
+    'PteAddress' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x8, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['long']],
+    'PteLong' : [ 0x8, ['unsigned long']],
+    'u3' : [ 0xc, ['__unnamed_14f7']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'AweReferenceCount' : [ 0x10, ['long']],
+    'u4' : [ 0x14, ['__unnamed_14fc']],
+} ],
+  '_MI_COLOR_BASE' : [ 0x8, {
+    'ColorPointer' : [ 0x0, ['pointer', ['unsigned short']]],
+    'ColorMask' : [ 0x4, ['unsigned short']],
+    'ColorNode' : [ 0x6, ['unsigned short']],
+} ],
+  '_MMSUPPORT' : [ 0x6c, {
+    'WorkingSetMutex' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ExitGate' : [ 0x4, ['pointer', ['_KGATE']]],
+    'AccessLog' : [ 0x8, ['pointer', ['void']]],
+    'WorkingSetExpansionLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x14, ['array', 7, ['unsigned long']]],
+    'MinimumWorkingSetSize' : [ 0x30, ['unsigned long']],
+    'WorkingSetSize' : [ 0x34, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x38, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x3c, ['unsigned long']],
+    'ChargedWslePages' : [ 0x40, ['unsigned long']],
+    'ActualWslePages' : [ 0x44, ['unsigned long']],
+    'WorkingSetSizeOverhead' : [ 0x48, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x4c, ['unsigned long']],
+    'HardFaultCount' : [ 0x50, ['unsigned long']],
+    'VmWorkingSetList' : [ 0x54, ['pointer', ['_MMWSL']]],
+    'NextPageColor' : [ 0x58, ['unsigned short']],
+    'LastTrimStamp' : [ 0x5a, ['unsigned short']],
+    'PageFaultCount' : [ 0x5c, ['unsigned long']],
+    'RepurposeCount' : [ 0x60, ['unsigned long']],
+    'Spare' : [ 0x64, ['array', 1, ['unsigned long']]],
+    'Flags' : [ 0x68, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_MMWSL' : [ 0x6a8, {
+    'FirstFree' : [ 0x0, ['unsigned long']],
+    'FirstDynamic' : [ 0x4, ['unsigned long']],
+    'LastEntry' : [ 0x8, ['unsigned long']],
+    'NextSlot' : [ 0xc, ['unsigned long']],
+    'Wsle' : [ 0x10, ['pointer', ['_MMWSLE']]],
+    'LowestPagableAddress' : [ 0x14, ['pointer', ['void']]],
+    'LastInitializedWsle' : [ 0x18, ['unsigned long']],
+    'NextAgingSlot' : [ 0x1c, ['unsigned long']],
+    'NumberOfCommittedPageTables' : [ 0x20, ['unsigned long']],
+    'VadBitMapHint' : [ 0x24, ['unsigned long']],
+    'NonDirectCount' : [ 0x28, ['unsigned long']],
+    'LastVadBit' : [ 0x2c, ['unsigned long']],
+    'MaximumLastVadBit' : [ 0x30, ['unsigned long']],
+    'LastAllocationSizeHint' : [ 0x34, ['unsigned long']],
+    'LastAllocationSize' : [ 0x38, ['unsigned long']],
+    'NonDirectHash' : [ 0x3c, ['pointer', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x40, ['pointer', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x44, ['pointer', ['_MMWSLE_HASH']]],
+    'UsedPageTableEntries' : [ 0x48, ['array', 768, ['unsigned short']]],
+    'CommittedPageTables' : [ 0x648, ['array', 24, ['unsigned long']]],
+} ],
+  '__unnamed_152c' : [ 0x4, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_152c']],
+} ],
+  '__unnamed_1538' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_1542' : [ 0xc, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 30, native_type='unsigned long')]],
+    'BitMap64' : [ 0x4, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubsectionRoot' : [ 0x8, ['pointer', ['_MM_SUBSECTION_AVL_TABLE']]],
+    'SeImageStub' : [ 0x8, ['pointer', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_1544' : [ 0xc, {
+    'e2' : [ 0x0, ['__unnamed_1542']],
+} ],
+  '_CONTROL_AREA' : [ 0x50, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x4, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0xc, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x10, ['unsigned long']],
+    'NumberOfMappedViews' : [ 0x14, ['unsigned long']],
+    'NumberOfUserReferences' : [ 0x18, ['unsigned long']],
+    'u' : [ 0x1c, ['__unnamed_1538']],
+    'FlushInProgressCount' : [ 0x20, ['unsigned long']],
+    'FilePointer' : [ 0x24, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x28, ['long']],
+    'ModifiedWriteCount' : [ 0x2c, ['unsigned long']],
+    'StartingFrame' : [ 0x2c, ['unsigned long']],
+    'WaitList' : [ 0x30, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x34, ['__unnamed_1544']],
+    'LockedPages' : [ 0x40, ['unsigned long long']],
+    'ViewList' : [ 0x48, ['_LIST_ENTRY']],
+} ],
+  '_MM_STORE_KEY' : [ 0x4, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 28, native_type='unsigned long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireKey' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPAGING_FILE' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'MinimumSize' : [ 0x8, ['unsigned long']],
+    'FreeSpace' : [ 0xc, ['unsigned long']],
+    'PeakUsage' : [ 0x10, ['unsigned long']],
+    'HighestPage' : [ 0x14, ['unsigned long']],
+    'File' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x1c, ['array', 2, ['pointer', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PageFileName' : [ 0x24, ['_UNICODE_STRING']],
+    'Bitmap' : [ 0x2c, ['pointer', ['_RTL_BITMAP']]],
+    'EvictStoreBitmap' : [ 0x30, ['pointer', ['_RTL_BITMAP']]],
+    'BitmapHint' : [ 0x34, ['unsigned long']],
+    'LastAllocationSize' : [ 0x38, ['unsigned long']],
+    'ToBeEvictedCount' : [ 0x3c, ['unsigned long']],
+    'PageFileNumber' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'BootPartition' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Spare0' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x42, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare1' : [ 0x42, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'FileHandle' : [ 0x44, ['pointer', ['void']]],
+    'Lock' : [ 0x48, ['unsigned long']],
+    'LockOwner' : [ 0x4c, ['pointer', ['_ETHREAD']]],
+} ],
+  '_RTL_BITMAP' : [ 0x8, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_MM_AVL_TABLE' : [ 0x20, {
+    'BalancedRoot' : [ 0x0, ['_MMADDRESS_NODE']],
+    'DepthOfTree' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'Unused' : [ 0x14, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'NumberGenericTableElements' : [ 0x14, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'NodeHint' : [ 0x18, ['pointer', ['void']]],
+    'NodeFreeHint' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '__unnamed_1584' : [ 0x4, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long')]],
+    'Parent' : [ 0x0, ['pointer', ['_MMVAD']]],
+} ],
+  '__unnamed_1587' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_158a' : [ 0x4, {
+    'LongFlags3' : [ 0x0, ['unsigned long']],
+    'VadFlags3' : [ 0x0, ['_MMVAD_FLAGS3']],
+} ],
+  '_MMVAD_SHORT' : [ 0x20, {
+    'u1' : [ 0x0, ['__unnamed_1584']],
+    'LeftChild' : [ 0x4, ['pointer', ['_MMVAD']]],
+    'RightChild' : [ 0x8, ['pointer', ['_MMVAD']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u' : [ 0x14, ['__unnamed_1587']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x1c, ['__unnamed_158a']],
+} ],
+  '__unnamed_1592' : [ 0x4, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long')]],
+    'Parent' : [ 0x0, ['pointer', ['_MMADDRESS_NODE']]],
+} ],
+  '_MMADDRESS_NODE' : [ 0x14, {
+    'u1' : [ 0x0, ['__unnamed_1592']],
+    'LeftChild' : [ 0x4, ['pointer', ['_MMADDRESS_NODE']]],
+    'RightChild' : [ 0x8, ['pointer', ['_MMADDRESS_NODE']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_1597' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '_MMVAD' : [ 0x3c, {
+    'u1' : [ 0x0, ['__unnamed_1584']],
+    'LeftChild' : [ 0x4, ['pointer', ['_MMVAD']]],
+    'RightChild' : [ 0x8, ['pointer', ['_MMVAD']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u' : [ 0x14, ['__unnamed_1587']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x1c, ['__unnamed_158a']],
+    'u2' : [ 0x20, ['__unnamed_1597']],
+    'Subsection' : [ 0x24, ['pointer', ['_SUBSECTION']]],
+    'MappedSubsection' : [ 0x24, ['pointer', ['_MSUBSECTION']]],
+    'FirstPrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x2c, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x30, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x38, ['pointer', ['_EPROCESS']]],
+} ],
+  '__unnamed_15a2' : [ 0x20, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x1c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x40, {
+    'Status' : [ 0x0, ['long']],
+    'Priority' : [ 0x4, ['unsigned char']],
+    'IrpPriority' : [ 0x5, ['unsigned char']],
+    'CurrentTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x10, ['unsigned long']],
+    'ModifiedPagesTotal' : [ 0x14, ['unsigned long']],
+    'ModifiedPagefilePages' : [ 0x18, ['unsigned long']],
+    'ModifiedNoWritePages' : [ 0x1c, ['unsigned long']],
+    'MdlHack' : [ 0x20, ['__unnamed_15a2']],
+} ],
+  '__unnamed_15a8' : [ 0x8, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '__unnamed_15aa' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x60, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x8, ['__unnamed_15a8']],
+    'Irp' : [ 0x10, ['pointer', ['_IRP']]],
+    'u1' : [ 0x14, ['__unnamed_15aa']],
+    'PagingFile' : [ 0x18, ['pointer', ['_MMPAGING_FILE']]],
+    'File' : [ 0x1c, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x20, ['pointer', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x24, ['pointer', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x28, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'PointerMdl' : [ 0x38, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x3c, ['_MDL']],
+    'Page' : [ 0x58, ['array', 1, ['unsigned long']]],
+} ],
+  '_MDL' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MDL']]],
+    'Size' : [ 0x4, ['short']],
+    'MdlFlags' : [ 0x6, ['short']],
+    'Process' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0xc, ['pointer', ['void']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'ByteCount' : [ 0x14, ['unsigned long']],
+    'ByteOffset' : [ 0x18, ['unsigned long']],
+} ],
+  '_HHIVE' : [ 0x2ec, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x4, ['pointer', ['void']]],
+    'ReleaseCellRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Allocate' : [ 0xc, ['pointer', ['void']]],
+    'Free' : [ 0x10, ['pointer', ['void']]],
+    'FileSetSize' : [ 0x14, ['pointer', ['void']]],
+    'FileWrite' : [ 0x18, ['pointer', ['void']]],
+    'FileRead' : [ 0x1c, ['pointer', ['void']]],
+    'FileFlush' : [ 0x20, ['pointer', ['void']]],
+    'HiveLoadFailure' : [ 0x24, ['pointer', ['void']]],
+    'BaseBlock' : [ 0x28, ['pointer', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x2c, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x34, ['unsigned long']],
+    'DirtyAlloc' : [ 0x38, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x3c, ['unsigned long']],
+    'Cluster' : [ 0x40, ['unsigned long']],
+    'Flat' : [ 0x44, ['unsigned char']],
+    'ReadOnly' : [ 0x45, ['unsigned char']],
+    'DirtyFlag' : [ 0x46, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x48, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x4c, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x50, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x54, ['unsigned long']],
+    'HiveFlags' : [ 0x58, ['unsigned long']],
+    'CurrentLog' : [ 0x5c, ['unsigned long']],
+    'LogSize' : [ 0x60, ['array', 2, ['unsigned long']]],
+    'RefreshCount' : [ 0x68, ['unsigned long']],
+    'StorageTypeCount' : [ 0x6c, ['unsigned long']],
+    'Version' : [ 0x70, ['unsigned long']],
+    'Storage' : [ 0x74, ['array', 2, ['_DUAL']]],
+} ],
+  '_CM_VIEW_OF_FILE' : [ 0x30, {
+    'MappedViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'PinnedViewLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'FlushedViewLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'CmHive' : [ 0x18, ['pointer', ['_CMHIVE']]],
+    'Bcb' : [ 0x1c, ['pointer', ['void']]],
+    'ViewAddress' : [ 0x20, ['pointer', ['void']]],
+    'FileOffset' : [ 0x24, ['unsigned long']],
+    'Size' : [ 0x28, ['unsigned long']],
+    'UseCount' : [ 0x2c, ['unsigned long']],
+} ],
+  '_CMHIVE' : [ 0x638, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x2ec, ['array', 6, ['pointer', ['void']]]],
+    'NotifyList' : [ 0x304, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x30c, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x314, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x31c, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0x320, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0x328, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x32c, ['unsigned long']],
+    'Identity' : [ 0x330, ['unsigned long']],
+    'HiveLock' : [ 0x334, ['pointer', ['_FAST_MUTEX']]],
+    'ViewLock' : [ 0x338, ['_EX_PUSH_LOCK']],
+    'ViewLockOwner' : [ 0x33c, ['pointer', ['_KTHREAD']]],
+    'ViewLockLast' : [ 0x340, ['unsigned long']],
+    'ViewUnLockLast' : [ 0x344, ['unsigned long']],
+    'WriterLock' : [ 0x348, ['pointer', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0x34c, ['pointer', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0x350, ['_RTL_BITMAP']],
+    'FlushOffsetArray' : [ 0x358, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'FlushOffsetArrayCount' : [ 0x35c, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x360, ['unsigned long']],
+    'FlushLock2' : [ 0x364, ['pointer', ['_FAST_MUTEX']]],
+    'SecurityLock' : [ 0x368, ['_EX_PUSH_LOCK']],
+    'MappedViewList' : [ 0x36c, ['_LIST_ENTRY']],
+    'PinnedViewList' : [ 0x374, ['_LIST_ENTRY']],
+    'FlushedViewList' : [ 0x37c, ['_LIST_ENTRY']],
+    'MappedViewCount' : [ 0x384, ['unsigned short']],
+    'PinnedViewCount' : [ 0x386, ['unsigned short']],
+    'UseCount' : [ 0x388, ['unsigned long']],
+    'ViewsPerHive' : [ 0x38c, ['unsigned long']],
+    'FileObject' : [ 0x390, ['pointer', ['_FILE_OBJECT']]],
+    'LastShrinkHiveSize' : [ 0x394, ['unsigned long']],
+    'ActualFileSize' : [ 0x398, ['_LARGE_INTEGER']],
+    'FileFullPath' : [ 0x3a0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x3a8, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x3b0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x3b8, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x3bc, ['unsigned long']],
+    'SecurityHitHint' : [ 0x3c0, ['long']],
+    'SecurityCache' : [ 0x3c4, ['pointer', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x3c8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0x5c8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x5cc, ['pointer', ['pointer', ['_KEVENT']]]],
+    'RootKcb' : [ 0x5d0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x5d4, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x5d8, ['pointer', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x5dc, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0x5f0, ['unsigned char']],
+    'GrowOffset' : [ 0x5f4, ['unsigned long']],
+    'KcbConvertListHead' : [ 0x5f8, ['_LIST_ENTRY']],
+    'KnodeConvertListHead' : [ 0x600, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0x608, ['pointer', ['_CM_CELL_REMAP_BLOCK']]],
+    'Flags' : [ 0x60c, ['unsigned long']],
+    'TrustClassEntry' : [ 0x610, ['_LIST_ENTRY']],
+    'FlushCount' : [ 0x618, ['unsigned long']],
+    'CmRm' : [ 0x61c, ['pointer', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x620, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x624, ['long']],
+    'CreatorOwner' : [ 0x628, ['pointer', ['_KTHREAD']]],
+    'RundownThread' : [ 0x62c, ['pointer', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x630, ['_LARGE_INTEGER']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0xa0, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Delete' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'DelayedDeref' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DelayedClose' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Parking' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyHash' : [ 0xc, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0xc, ['unsigned long']],
+    'NextHash' : [ 0x10, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x14, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+    'KcbPushlock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x20, ['pointer', ['_KTHREAD']]],
+    'SharedCount' : [ 0x20, ['long']],
+    'SlotHint' : [ 0x24, ['unsigned long']],
+    'ParentKcb' : [ 0x28, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x2c, ['pointer', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x34, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x3c, ['pointer', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x3c, ['unsigned long']],
+    'SubKeyCount' : [ 0x3c, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x48, ['array', 4, ['pointer', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0x60, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0x62, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0x64, ['unsigned long']],
+    'KcbUserFlags' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KCBUoWListHead' : [ 0x6c, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0x74, ['_LIST_ENTRY']],
+    'Stolen' : [ 0x74, ['pointer', ['unsigned char']]],
+    'TransKCBOwner' : [ 0x7c, ['pointer', ['_CM_TRANS']]],
+    'KCBLock' : [ 0x80, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x88, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x90, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x98, ['pointer', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x9c, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Entry' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+} ],
+  '__unnamed_162f' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapAndCopy', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpReadFileImageAndBuildMap', 8: '_HvpRecoverData', 9: '_HvpRecoverWholeHive', 10: '_HvpMapFileImageAndBuildMap', 11: '_CmpValidateHiveSecurityDescriptors', 12: '_HvpEnlistBinInMap', 13: '_CmCheckRegistry', 14: '_CmRegistryIO', 15: '_CmCheckRegistry2', 16: '_CmpCheckKey', 17: '_CmpCheckValueList', 18: '_HvCheckHive', 19: '_HvCheckBin'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1632' : [ 0xc, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x4, ['pointer', ['void']]],
+    'Status' : [ 0x8, ['long']],
+} ],
+  '__unnamed_1634' : [ 0x4, {
+    'CheckStack' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1636' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x4, ['pointer', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x8, ['pointer', ['void']]],
+    'Index' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1638' : [ 0x10, {
+    'List' : [ 0x0, ['pointer', ['_CELL_DATA']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Cell' : [ 0x8, ['unsigned long']],
+    'CellPoint' : [ 0xc, ['pointer', ['_CELL_DATA']]],
+} ],
+  '__unnamed_163c' : [ 0xc, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer', ['_HBIN']]],
+} ],
+  '__unnamed_1640' : [ 0x8, {
+    'Bin' : [ 0x0, ['pointer', ['_HBIN']]],
+    'CellPoint' : [ 0x4, ['pointer', ['_HCELL']]],
+} ],
+  '__unnamed_1642' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x120, {
+    'Hive' : [ 0x0, ['pointer', ['_HHIVE']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'RecoverableIndex' : [ 0x8, ['unsigned long']],
+    'Locations' : [ 0xc, ['array', 8, ['__unnamed_162f']]],
+    'RecoverableLocations' : [ 0x6c, ['array', 8, ['__unnamed_162f']]],
+    'RegistryIO' : [ 0xcc, ['__unnamed_1632']],
+    'CheckRegistry2' : [ 0xd8, ['__unnamed_1634']],
+    'CheckKey' : [ 0xdc, ['__unnamed_1636']],
+    'CheckValueList' : [ 0xec, ['__unnamed_1638']],
+    'CheckHive' : [ 0xfc, ['__unnamed_163c']],
+    'CheckHive1' : [ 0x108, ['__unnamed_163c']],
+    'CheckBin' : [ 0x114, ['__unnamed_1640']],
+    'RecoverData' : [ 0x11c, ['__unnamed_1642']],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x8, ['unsigned long']],
+    'Counters' : [ 0xc, ['pointer', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0x80, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'DpcCount' : [ 0x38, ['unsigned long']],
+    'DpcRate' : [ 0x3c, ['unsigned long']],
+    'C1Time' : [ 0x40, ['unsigned long long']],
+    'C2Time' : [ 0x48, ['unsigned long long']],
+    'C3Time' : [ 0x50, ['unsigned long long']],
+    'C1Transitions' : [ 0x58, ['unsigned long long']],
+    'C2Transitions' : [ 0x60, ['unsigned long long']],
+    'C3Transitions' : [ 0x68, ['unsigned long long']],
+    'ParkingStatus' : [ 0x70, ['unsigned long']],
+    'CurrentFrequency' : [ 0x74, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x78, ['unsigned long']],
+    'StateFlags' : [ 0x7c, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x8, {
+    'Data' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_TEB32' : [ 0xfe4, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'SystemReserved1' : [ 0xcc, ['array', 54, ['unsigned long']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'SpareBytes' : [ 0x1ac, ['array', 36, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'EtwLocalData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'SoftPatchPtr1' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'SpareUlong0' : [ 0xfdc, ['unsigned long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+} ],
+  '_TEB64' : [ 0x1818, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'SystemReserved1' : [ 0x110, ['array', 54, ['unsigned long long']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'SpareBytes' : [ 0x2d0, ['array', 24, ['unsigned char']]],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'EtwLocalData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'SoftPatchPtr1' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'SpareUlong0' : [ 0x180c, ['unsigned long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+} ],
+  '_KTIMER_TABLE' : [ 0x1840, {
+    'TimerExpiry' : [ 0x0, ['array', 16, ['pointer', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x40, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Entry' : [ 0x4, ['_LIST_ENTRY']],
+    'Time' : [ 0x10, ['_ULARGE_INTEGER']],
+} ],
+  '_KAFFINITY_EX' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0xc, {
+    'Affinity' : [ 0x0, ['pointer', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x4, ['unsigned long']],
+    'CurrentIndex' : [ 0x8, ['unsigned short']],
+} ],
+  '_GROUP_AFFINITY' : [ 0xc, {
+    'Mask' : [ 0x0, ['unsigned long']],
+    'Group' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['array', 3, ['unsigned short']]],
+} ],
+  '_XSTATE_SAVE' : [ 0x20, {
+    'Reserved1' : [ 0x0, ['long long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+    'Prev' : [ 0xc, ['pointer', ['_XSTATE_SAVE']]],
+    'Reserved3' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Thread' : [ 0x14, ['pointer', ['_KTHREAD']]],
+    'Reserved4' : [ 0x18, ['pointer', ['void']]],
+    'Level' : [ 0x1c, ['unsigned char']],
+    'XStateContext' : [ 0x0, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_FXSAVE_FORMAT' : [ 0x1e0, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned short']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned long']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned long']],
+    'MXCsr' : [ 0x18, ['unsigned long']],
+    'MXCsrMask' : [ 0x1c, ['unsigned long']],
+    'RegisterArea' : [ 0x20, ['array', 128, ['unsigned char']]],
+    'Reserved3' : [ 0xa0, ['array', 128, ['unsigned char']]],
+    'Reserved4' : [ 0x120, ['array', 192, ['unsigned char']]],
+} ],
+  '_FNSAVE_FORMAT' : [ 0x6c, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+} ],
+  '_KSTACK_AREA' : [ 0x210, {
+    'FnArea' : [ 0x0, ['_FNSAVE_FORMAT']],
+    'NpxFrame' : [ 0x0, ['_FXSAVE_FORMAT']],
+    'StackControl' : [ 0x1e0, ['_KERNEL_STACK_CONTROL']],
+    'Cr0NpxState' : [ 0x1fc, ['unsigned long']],
+    'Padding' : [ 0x200, ['array', 4, ['unsigned long']]],
+} ],
+  '_KERNEL_STACK_CONTROL' : [ 0x1c, {
+    'PreviousTrapFrame' : [ 0x0, ['pointer', ['_KTRAP_FRAME']]],
+    'PreviousExceptionList' : [ 0x0, ['pointer', ['void']]],
+    'StackControlFlags' : [ 0x4, ['unsigned long']],
+    'PreviousLargeStack' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousSegmentsPresent' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExpandCalloutStack' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Previous' : [ 0x8, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned short']],
+    'Logging' : [ 0x12, ['unsigned char']],
+    'Reserved' : [ 0x13, ['unsigned char']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x2c, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x8, ['unsigned long']],
+    'CompletedList' : [ 0xc, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x14, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x28, ['unsigned long']],
+} ],
+  '_KSEMAPHORE' : [ 0x14, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x10, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x3c, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x8, ['unsigned long']],
+    'Dope' : [ 0xc, ['pointer', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x10, ['unsigned long']],
+    'DeviceNode' : [ 0x14, ['pointer', ['void']]],
+    'AttachedTo' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x1c, ['long']],
+    'StartIoKey' : [ 0x20, ['long']],
+    'StartIoFlags' : [ 0x24, ['unsigned long']],
+    'Vpb' : [ 0x28, ['pointer', ['_VPB']]],
+    'DependentList' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProviderList' : [ 0x34, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1744' : [ 0x4, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1746' : [ 0x4, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_174a' : [ 0x10, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0xc, ['pointer', ['unsigned short']]],
+} ],
+  '_DEVICE_NODE' : [ 0x188, {
+    'Sibling' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Level' : [ 0x28, ['unsigned long']],
+    'Notify' : [ 0x2c, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x68, ['_PO_IRP_MANAGER']],
+    'State' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x7c, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x80, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0xd0, ['unsigned long']],
+    'CompletionStatus' : [ 0xd4, ['long']],
+    'Flags' : [ 0xd8, ['unsigned long']],
+    'UserFlags' : [ 0xdc, ['unsigned long']],
+    'Problem' : [ 0xe0, ['unsigned long']],
+    'ResourceList' : [ 0xe4, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0xe8, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0xec, ['pointer', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0xf0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0xf4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0xf8, ['unsigned long']],
+    'ChildInterfaceType' : [ 0xfc, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x100, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x104, ['unsigned short']],
+    'RemovalPolicy' : [ 0x106, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x107, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x108, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x110, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x118, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x120, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x122, ['unsigned short']],
+    'NoArbiterMask' : [ 0x124, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x126, ['unsigned short']],
+    'OverUsed1' : [ 0x128, ['__unnamed_1744']],
+    'OverUsed2' : [ 0x12c, ['__unnamed_1746']],
+    'BootResources' : [ 0x130, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x134, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x138, ['unsigned long']],
+    'DockInfo' : [ 0x13c, ['__unnamed_174a']],
+    'DisableableDepends' : [ 0x14c, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x150, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x160, ['unsigned long']],
+    'PreviousParent' : [ 0x164, ['pointer', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x168, ['unsigned long']],
+    'NumaNodeIndex' : [ 0x16c, ['unsigned long']],
+    'ContainerID' : [ 0x170, ['_GUID']],
+    'OverrideFlags' : [ 0x180, ['unsigned char']],
+    'RequiresUnloadedDriver' : [ 0x181, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x184, ['pointer', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+} ],
+  '_KNODE' : [ 0x80, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x8, ['array', 3, ['_SLIST_HEADER']]],
+    'Affinity' : [ 0x20, ['_GROUP_AFFINITY']],
+    'ProximityId' : [ 0x2c, ['unsigned long']],
+    'NodeNumber' : [ 0x30, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x32, ['unsigned short']],
+    'MaximumProcessors' : [ 0x34, ['unsigned char']],
+    'Color' : [ 0x35, ['unsigned char']],
+    'Flags' : [ 0x36, ['_flags']],
+    'NodePad0' : [ 0x37, ['unsigned char']],
+    'Seed' : [ 0x38, ['unsigned long']],
+    'MmShiftedColor' : [ 0x3c, ['unsigned long']],
+    'FreeCount' : [ 0x40, ['array', 2, ['unsigned long']]],
+    'CachedKernelStacks' : [ 0x48, ['_CACHED_KSTACK_LIST']],
+    'ParkLock' : [ 0x60, ['long']],
+    'NodePad1' : [ 0x64, ['unsigned long']],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0xc, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x28, {
+    'PhysicalDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'AllocationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0xc, ['unsigned long']],
+    'Position' : [ 0x10, ['unsigned long']],
+    'ResourceRequirements' : [ 0x14, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x18, ['pointer', ['void']]],
+    'ResourceAssignment' : [ 0x1c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x20, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x24, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_17f3' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_17f3']],
+} ],
+  '__unnamed_17fa' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_17fa']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_X86_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_POP_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x20, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0x1c, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x160, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x28, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x30, ['array', 4, ['pointer', ['_VACB']]]],
+    'Vacbs' : [ 0x40, ['pointer', ['pointer', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x44, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x4c, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'Flags' : [ 0x60, ['unsigned long']],
+    'Status' : [ 0x64, ['long']],
+    'Mbcb' : [ 0x68, ['pointer', ['_MBCB']]],
+    'Section' : [ 0x6c, ['pointer', ['void']]],
+    'CreateEvent' : [ 0x70, ['pointer', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0x74, ['pointer', ['_KEVENT']]],
+    'PagesToWrite' : [ 0x78, ['unsigned long']],
+    'BeyondLastFlush' : [ 0x80, ['long long']],
+    'Callbacks' : [ 0x88, ['pointer', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0x8c, ['pointer', ['void']]],
+    'PrivateList' : [ 0x90, ['_LIST_ENTRY']],
+    'LogHandle' : [ 0x98, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x9c, ['pointer', ['void']]],
+    'DirtyPageThreshold' : [ 0xa0, ['unsigned long']],
+    'LazyWritePassCount' : [ 0xa4, ['unsigned long']],
+    'UninitializeEvent' : [ 0xa8, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0xac, ['_KGUARDED_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0xd0, ['_LARGE_INTEGER']],
+    'Event' : [ 0xd8, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0xe8, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0xf0, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x148, ['pointer', ['void']]],
+    'VolumeCacheMap' : [ 0x14c, ['pointer', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x150, ['unsigned long']],
+    'WritesInProgress' : [ 0x154, ['unsigned long']],
+    'PipelinedReadAheadSize' : [ 0x158, ['unsigned long']],
+} ],
+  '__unnamed_186a' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+} ],
+  '_VACB' : [ 0x20, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x8, ['__unnamed_186a']],
+    'Links' : [ 0x10, ['_LIST_ENTRY']],
+    'ArrayHead' : [ 0x18, ['pointer', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_KGUARDED_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+    'KernelApcDisable' : [ 0x1c, ['short']],
+    'SpecialApcDisable' : [ 0x1e, ['short']],
+    'CombinedApcDisable' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_1888' : [ 0x4, {
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_188a' : [ 0x4, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_188c' : [ 0x4, {
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+} ],
+  '__unnamed_188e' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1890' : [ 0x4, {
+    'Read' : [ 0x0, ['__unnamed_1888']],
+    'Write' : [ 0x0, ['__unnamed_188a']],
+    'Event' : [ 0x0, ['__unnamed_188c']],
+    'Notification' : [ 0x0, ['__unnamed_188e']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x10, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x8, ['__unnamed_1890']],
+    'Function' : [ 0xc, ['unsigned char']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x10, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x8, ['pointer', ['void']]],
+    'VacbLevelsAllocated' : [ 0xc, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x24, {
+    'ExtendedLookup' : [ 0x0, ['pointer', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x4, ['unsigned long']],
+    'ExtraItem' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x10, ['unsigned long']],
+    'BaseIndex' : [ 0x14, ['unsigned long']],
+    'ListHead' : [ 0x18, ['pointer', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'ListHints' : [ 0x20, ['pointer', ['pointer', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x138, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+    'Flags' : [ 0x40, ['unsigned long']],
+    'ForceFlags' : [ 0x44, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x48, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x4c, ['unsigned long']],
+    'Encoding' : [ 0x50, ['_HEAP_ENTRY']],
+    'PointerKey' : [ 0x58, ['unsigned long']],
+    'Interceptor' : [ 0x5c, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x60, ['unsigned long']],
+    'Signature' : [ 0x64, ['unsigned long']],
+    'SegmentReserve' : [ 0x68, ['unsigned long']],
+    'SegmentCommit' : [ 0x6c, ['unsigned long']],
+    'DeCommitFreeBlockThreshold' : [ 0x70, ['unsigned long']],
+    'DeCommitTotalFreeThreshold' : [ 0x74, ['unsigned long']],
+    'TotalFreeSize' : [ 0x78, ['unsigned long']],
+    'MaximumAllocationSize' : [ 0x7c, ['unsigned long']],
+    'ProcessHeapsListIndex' : [ 0x80, ['unsigned short']],
+    'HeaderValidateLength' : [ 0x82, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0x84, ['pointer', ['void']]],
+    'NextAvailableTagIndex' : [ 0x88, ['unsigned short']],
+    'MaximumTagIndex' : [ 0x8a, ['unsigned short']],
+    'TagEntries' : [ 0x8c, ['pointer', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0x90, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x98, ['unsigned long']],
+    'AlignMask' : [ 0x9c, ['unsigned long']],
+    'VirtualAllocdBlocks' : [ 0xa0, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0xa8, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0xb0, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0xb4, ['unsigned long']],
+    'BlocksIndex' : [ 0xb8, ['pointer', ['void']]],
+    'UCRIndex' : [ 0xbc, ['pointer', ['void']]],
+    'PseudoTagEntries' : [ 0xc0, ['pointer', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0xc4, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0xcc, ['pointer', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0xd0, ['pointer', ['void']]],
+    'FrontEndHeap' : [ 0xd4, ['pointer', ['void']]],
+    'FrontHeapLockCount' : [ 0xd8, ['unsigned short']],
+    'FrontEndHeapType' : [ 0xda, ['unsigned char']],
+    'Counters' : [ 0xdc, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x130, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_18e1' : [ 0x18, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+} ],
+  '_HEAP_LOCK' : [ 0x18, {
+    'Lock' : [ 0x0, ['__unnamed_18e1']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x18, {
+    'DebugInfo' : [ 0x0, ['pointer', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x4, ['long']],
+    'RecursionCount' : [ 0x8, ['long']],
+    'OwningThread' : [ 0xc, ['pointer', ['void']]],
+    'LockSemaphore' : [ 0x10, ['pointer', ['void']]],
+    'SpinCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_HEAP_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['pointer', ['void']]],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x40, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['pointer', ['void']]],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+    'FreeList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEB' : [ 0x248, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsLegacyProcess' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['pointer', ['void']]],
+    'ImageBaseAddress' : [ 0x8, ['pointer', ['void']]],
+    'Ldr' : [ 0xc, ['pointer', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x10, ['pointer', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x14, ['pointer', ['void']]],
+    'ProcessHeap' : [ 0x18, ['pointer', ['void']]],
+    'FastPebLock' : [ 0x1c, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x20, ['pointer', ['void']]],
+    'IFEOKey' : [ 0x24, ['pointer', ['void']]],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['pointer', ['void']]],
+    'UserSharedInfoPtr' : [ 0x2c, ['pointer', ['void']]],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['pointer', ['void']]],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['pointer', ['void']]],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['pointer', ['void']]],
+    'HotpatchInformation' : [ 0x50, ['pointer', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x54, ['pointer', ['pointer', ['void']]]],
+    'AnsiCodePageData' : [ 0x58, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x5c, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x60, ['pointer', ['void']]],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['pointer', ['pointer', ['void']]]],
+    'GdiSharedHandleTable' : [ 0x94, ['pointer', ['void']]],
+    'ProcessStarterHelper' : [ 0x98, ['pointer', ['void']]],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['pointer', ['void']]],
+    'TlsExpansionBitmap' : [ 0x150, ['pointer', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['pointer', ['void']]],
+    'AppCompatInfo' : [ 0x1ec, ['pointer', ['void']]],
+    'CSDVersion' : [ 0x1f0, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x1f8, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x200, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x204, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['pointer', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x210, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x218, ['pointer', ['void']]],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['pointer', ['void']]],
+    'WerShipAssertPtr' : [ 0x234, ['pointer', ['void']]],
+    'pContextData' : [ 0x238, ['pointer', ['void']]],
+    'pImageHeaderHash' : [ 0x23c, ['pointer', ['void']]],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer', ['void']]],
+    'InLoadOrderModuleList' : [ 0xc, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x14, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x24, ['pointer', ['void']]],
+    'ShutdownInProgress' : [ 0x28, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x78, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'LoadCount' : [ 0x38, ['unsigned short']],
+    'TlsIndex' : [ 0x3a, ['unsigned short']],
+    'HashLinks' : [ 0x3c, ['_LIST_ENTRY']],
+    'SectionPointer' : [ 0x3c, ['pointer', ['void']]],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+    'LoadedImports' : [ 0x44, ['pointer', ['void']]],
+    'EntryPointActivationContext' : [ 0x48, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'PatchInformation' : [ 0x4c, ['pointer', ['void']]],
+    'ForwarderLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'ServiceTagLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'StaticLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ContextInformation' : [ 0x68, ['pointer', ['void']]],
+    'OriginalBase' : [ 0x6c, ['unsigned long']],
+    'LoadTime' : [ 0x70, ['_LARGE_INTEGER']],
+} ],
+  '_HEAP_SUBSEGMENT' : [ 0x20, {
+    'LocalInfo' : [ 0x0, ['pointer', ['_HEAP_LOCAL_SEGMENT_INFO']]],
+    'UserBlocks' : [ 0x4, ['pointer', ['_HEAP_USERDATA_HEADER']]],
+    'AggregateExchg' : [ 0x8, ['_INTERLOCK_SEQ']],
+    'BlockSize' : [ 0x10, ['unsigned short']],
+    'Flags' : [ 0x12, ['unsigned short']],
+    'BlockCount' : [ 0x14, ['unsigned short']],
+    'SizeIndex' : [ 0x16, ['unsigned char']],
+    'AffinityIndex' : [ 0x17, ['unsigned char']],
+    'Alignment' : [ 0x10, ['array', 2, ['unsigned long']]],
+    'SFreeListEntry' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'Lock' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_1960' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1962' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1960']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1964' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1966' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1964']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1962']],
+    'u2' : [ 0x4, ['__unnamed_1966']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x24, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'CreatedObjects' : [ 0xc, ['unsigned long']],
+    'DeletedObjects' : [ 0x10, ['unsigned long']],
+    'DeleteProcedure' : [ 0x14, ['pointer', ['void']]],
+    'DestroyProcedure' : [ 0x18, ['pointer', ['void']]],
+    'UsualSize' : [ 0x1c, ['unsigned long']],
+    'LookasideIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_1982' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1984' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1982']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x18, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'u1' : [ 0x8, ['__unnamed_1984']],
+    'ResourceId' : [ 0x9, ['unsigned char']],
+    'CachedReferences' : [ 0xa, ['short']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Pad' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1996' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1998' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1996']],
+} ],
+  '_KALPC_SECTION' : [ 0x28, {
+    'SectionObject' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'HandleTable' : [ 0x8, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0xc, ['pointer', ['void']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x14, ['pointer', ['_ALPC_PORT']]],
+    'u1' : [ 0x18, ['__unnamed_1998']],
+    'NumberOfRegions' : [ 0x1c, ['unsigned long']],
+    'RegionListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_199e' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_19a0' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_199e']],
+} ],
+  '_KALPC_REGION' : [ 0x30, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x8, ['pointer', ['_KALPC_SECTION']]],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ViewSize' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_19a0']],
+    'NumberOfViews' : [ 0x1c, ['unsigned long']],
+    'ViewListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x28, ['pointer', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x2c, ['pointer', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_19a6' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_19a8' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19a6']],
+} ],
+  '_KALPC_VIEW' : [ 0x34, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x8, ['pointer', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'Address' : [ 0x14, ['pointer', ['void']]],
+    'Size' : [ 0x18, ['unsigned long']],
+    'SecureViewHandle' : [ 0x1c, ['pointer', ['void']]],
+    'WriteAccessHandle' : [ 0x20, ['pointer', ['void']]],
+    'u1' : [ 0x24, ['__unnamed_19a8']],
+    'NumberOfOwnerMessages' : [ 0x28, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x24, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x4, ['pointer', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0xc, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x14, ['_ALPC_HANDLE_TABLE']],
+} ],
+  '__unnamed_19c4' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_19c6' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19c4']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0xfc, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x10, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x14, ['pointer', ['void']]],
+    'CompletionPacketLookaside' : [ 0x18, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x1c, ['pointer', ['void']]],
+    'StaticSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'MainQueue' : [ 0x5c, ['_LIST_ENTRY']],
+    'PendingQueue' : [ 0x64, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0x6c, ['_LIST_ENTRY']],
+    'WaitQueue' : [ 0x74, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0x7c, ['pointer', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0x7c, ['pointer', ['_KEVENT']]],
+    'PortAttributes' : [ 0x80, ['_ALPC_PORT_ATTRIBUTES']],
+    'Lock' : [ 0xac, ['_EX_PUSH_LOCK']],
+    'ResourceListLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0xb4, ['_LIST_ENTRY']],
+    'CompletionList' : [ 0xbc, ['pointer', ['_ALPC_COMPLETION_LIST']]],
+    'MessageZone' : [ 0xc0, ['pointer', ['_ALPC_MESSAGE_ZONE']]],
+    'CallbackObject' : [ 0xc4, ['pointer', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0xc8, ['pointer', ['void']]],
+    'CanceledQueue' : [ 0xcc, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0xd4, ['long']],
+    'u1' : [ 0xd8, ['__unnamed_19c6']],
+    'TargetQueuePort' : [ 0xdc, ['pointer', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0xe0, ['pointer', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0xe4, ['pointer', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0xe8, ['unsigned long']],
+    'PendingQueueLength' : [ 0xec, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0xf0, ['unsigned long']],
+    'CanceledQueueLength' : [ 0xf4, ['unsigned long']],
+    'WaitQueueLength' : [ 0xf8, ['unsigned long']],
+} ],
+  '_OBJECT_TYPE' : [ 0x88, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x10, ['pointer', ['void']]],
+    'Index' : [ 0x14, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x18, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x1c, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x20, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x24, ['unsigned long']],
+    'TypeInfo' : [ 0x28, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0x7c, ['unsigned long']],
+    'CallbackList' : [ 0x80, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_19df' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_19e1' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19df']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x88, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtensionBuffer' : [ 0x8, ['pointer', ['void']]],
+    'ExtensionBufferSize' : [ 0xc, ['unsigned long']],
+    'QuotaProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x10, ['pointer', ['void']]],
+    'SequenceNo' : [ 0x14, ['long']],
+    'u1' : [ 0x18, ['__unnamed_19e1']],
+    'CancelSequencePort' : [ 0x1c, ['pointer', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x20, ['pointer', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x24, ['long']],
+    'CancelListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitingThread' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'Reserve' : [ 0x34, ['pointer', ['_KALPC_RESERVE']]],
+    'PortQueue' : [ 0x38, ['pointer', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x3c, ['pointer', ['_ALPC_PORT']]],
+    'MessageAttributes' : [ 0x40, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0x5c, ['pointer', ['void']]],
+    'DataSystemVa' : [ 0x60, ['pointer', ['void']]],
+    'CommunicationInfo' : [ 0x64, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0x68, ['pointer', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0x6c, ['pointer', ['_ETHREAD']]],
+    'PortMessage' : [ 0x70, ['_PORT_MESSAGE']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x4, ['unsigned long']],
+    'ViewBase' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x14, {
+    'OwnerPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x4, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Message' : [ 0xc, ['pointer', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ObjectType' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['pointer', ['_OB_DUPLICATE_OBJECT_STATE']]],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x1c, {
+    'ClientContext' : [ 0x0, ['pointer', ['void']]],
+    'ServerContext' : [ 0x4, ['pointer', ['void']]],
+    'PortContext' : [ 0x8, ['pointer', ['void']]],
+    'CancelPortContext' : [ 0xc, ['pointer', ['void']]],
+    'SecurityData' : [ 0x10, ['pointer', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x14, ['pointer', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x18, ['pointer', ['_KALPC_HANDLE_DATA']]],
+} ],
+  '__unnamed_1a1e' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1a20' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1a1e']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x50, {
+    'HandleTable' : [ 0x0, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x4, ['pointer', ['void']]],
+    'OwningProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x10, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x4c, ['__unnamed_1a20']],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x8, ['unsigned long']],
+    'KeyContext' : [ 0xc, ['pointer', ['void']]],
+    'ApcContext' : [ 0x10, ['pointer', ['void']]],
+    'IoStatus' : [ 0x14, ['long']],
+    'IoStatusInformation' : [ 0x18, ['unsigned long']],
+    'MiniPacketCallback' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Allocated' : [ 0x24, ['unsigned char']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x20, {
+    'PortObject' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'Message' : [ 0x4, ['pointer', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'TargetPort' : [ 0x10, ['pointer', ['_ALPC_PORT']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'TotalLength' : [ 0x18, ['unsigned short']],
+    'Type' : [ 0x1a, ['unsigned short']],
+    'DataInfoOffset' : [ 0x1c, ['unsigned short']],
+} ],
+  '_DRIVER_OBJECT' : [ 0xa8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DriverStart' : [ 0xc, ['pointer', ['void']]],
+    'DriverSize' : [ 0x10, ['unsigned long']],
+    'DriverSection' : [ 0x14, ['pointer', ['void']]],
+    'DriverExtension' : [ 0x18, ['pointer', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x1c, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x28, ['pointer', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x2c, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x30, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x34, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x38, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x14, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0xc, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x24, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+    'FoIoPriorityHint' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x8, ['long']],
+    'Information' : [ 0xc, ['unsigned long']],
+    'ParseCheck' : [ 0x10, ['unsigned long']],
+    'RelatedFileObject' : [ 0x14, ['pointer', ['_FILE_OBJECT']]],
+    'OriginalAttributes' : [ 0x18, ['pointer', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x28, ['unsigned long']],
+    'FileAttributes' : [ 0x2c, ['unsigned short']],
+    'ShareAccess' : [ 0x2e, ['unsigned short']],
+    'EaBuffer' : [ 0x30, ['pointer', ['void']]],
+    'EaLength' : [ 0x34, ['unsigned long']],
+    'Options' : [ 0x38, ['unsigned long']],
+    'Disposition' : [ 0x3c, ['unsigned long']],
+    'BasicInformation' : [ 0x40, ['pointer', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x44, ['pointer', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x4c, ['pointer', ['void']]],
+    'Override' : [ 0x50, ['unsigned char']],
+    'QueryOnly' : [ 0x51, ['unsigned char']],
+    'DeleteOnly' : [ 0x52, ['unsigned char']],
+    'FullAttributes' : [ 0x53, ['unsigned char']],
+    'LocalFileObject' : [ 0x54, ['pointer', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x58, ['unsigned long']],
+    'DriverCreateContext' : [ 0x5c, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '_RTL_RB_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0xc, {
+    'Children' : [ 0x0, ['array', 2, ['pointer', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x4, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x248, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'CollectionOn' : [ 0xc, ['long']],
+    'LoggerMode' : [ 0x10, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x14, ['long']],
+    'GetCpuClock' : [ 0x18, ['pointer', ['void']]],
+    'StartTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x28, ['pointer', ['void']]],
+    'LoggerThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x30, ['long']],
+    'NBQHead' : [ 0x34, ['pointer', ['void']]],
+    'OverflowNBQHead' : [ 0x38, ['pointer', ['void']]],
+    'QueueBlockFreeList' : [ 0x40, ['_SLIST_HEADER']],
+    'GlobalList' : [ 0x48, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x50, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x50, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x5c, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x64, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0x6c, ['_UNICODE_STRING']],
+    'ClockType' : [ 0x74, ['unsigned long']],
+    'MaximumFileSize' : [ 0x78, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0x7c, ['unsigned long']],
+    'FlushTimer' : [ 0x80, ['unsigned long']],
+    'FlushThreshold' : [ 0x84, ['unsigned long']],
+    'ByteOffset' : [ 0x88, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0x90, ['unsigned long']],
+    'BuffersAvailable' : [ 0x94, ['long']],
+    'NumberOfBuffers' : [ 0x98, ['long']],
+    'MaximumBuffers' : [ 0x9c, ['unsigned long']],
+    'EventsLost' : [ 0xa0, ['unsigned long']],
+    'BuffersWritten' : [ 0xa4, ['unsigned long']],
+    'LogBuffersLost' : [ 0xa8, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xac, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xb0, ['unsigned long']],
+    'SequencePtr' : [ 0xb4, ['pointer', ['long']]],
+    'LocalSequence' : [ 0xb8, ['unsigned long']],
+    'InstanceGuid' : [ 0xbc, ['_GUID']],
+    'FileCounter' : [ 0xcc, ['long']],
+    'BufferCallback' : [ 0xd0, ['pointer', ['void']]],
+    'PoolType' : [ 0xd4, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0xd8, ['_ETW_REF_CLOCK']],
+    'Consumers' : [ 0xe8, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0xf0, ['unsigned long']],
+    'TransitionConsumer' : [ 0xf4, ['pointer', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0xf8, ['pointer', ['void']]],
+    'RealtimeLogfileName' : [ 0xfc, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x110, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x118, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x120, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x128, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x130, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x138, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x148, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x14c, ['_KEVENT']],
+    'FlushEvent' : [ 0x15c, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x170, ['_KTIMER']],
+    'FlushDpc' : [ 0x198, ['_KDPC']],
+    'LoggerMutex' : [ 0x1b8, ['_KMUTANT']],
+    'LoggerLock' : [ 0x1d8, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x1dc, ['unsigned long']],
+    'BufferListPushLock' : [ 0x1dc, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x1e0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x21c, ['pointer', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x220, ['_EX_FAST_REF']],
+    'BufferSequenceNumber' : [ 0x228, ['long long']],
+    'Flags' : [ 0x230, ['unsigned long']],
+    'Persistent' : [ 0x230, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x230, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x230, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x230, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x230, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x230, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x230, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x230, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x230, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x230, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x234, ['unsigned long']],
+    'RequestNewFie' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RequestUpdateFile' : [ 0x234, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RequestFlush' : [ 0x234, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RequestDisableRealtime' : [ 0x234, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequestDisconnectConsumer' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RequestConnectConsumer' : [ 0x234, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x238, ['_RTL_BITMAP']],
+    'DisallowedGuids' : [ 0x240, ['_DISALLOWED_GUIDS']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_ETW_BUFFER_HANDLE' : [ 0x8, {
+    'TraceBuffer' : [ 0x0, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'BufferFastRef' : [ 0x4, ['pointer', ['_EX_FAST_REF']]],
+} ],
+  '_SYSTEM_TRACE_HEADER' : [ 0x20, {
+    'Marker' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['unsigned char']],
+    'Header' : [ 0x4, ['unsigned long']],
+    'Packet' : [ 0x4, ['_WMI_TRACE_PACKET']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'SystemTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'KernelTime' : [ 0x18, ['unsigned long']],
+    'UserTime' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PERFINFO_TRACE_HEADER' : [ 0x18, {
+    'Marker' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['unsigned char']],
+    'Header' : [ 0x4, ['unsigned long']],
+    'Packet' : [ 0x4, ['_WMI_TRACE_PACKET']],
+    'TS' : [ 0x8, ['unsigned long long']],
+    'SystemTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'Data' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_NBQUEUE_BLOCK' : [ 0x18, {
+    'SListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x8, ['unsigned long long']],
+    'Data' : [ 0x10, ['unsigned long long']],
+} ],
+  '_TlgProvider_t' : [ 0x30, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x4, ['pointer', ['unsigned short']]],
+    'KeywordAny' : [ 0x8, ['unsigned long long']],
+    'KeywordAll' : [ 0x10, ['unsigned long long']],
+    'RegHandle' : [ 0x18, ['unsigned long long']],
+    'EnableCallback' : [ 0x20, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x24, ['pointer', ['void']]],
+    'AnnotationFunc' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KMUTANT' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x18, ['pointer', ['_KTHREAD']]],
+    'Abandoned' : [ 0x1c, ['unsigned char']],
+    'ApcDisable' : [ 0x1d, ['unsigned char']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_TRACE_ENABLE_CONTEXT' : [ 0x8, {
+    'LoggerId' : [ 0x0, ['unsigned short']],
+    'Level' : [ 0x2, ['unsigned char']],
+    'InternalFlag' : [ 0x3, ['unsigned char']],
+    'EnableFlags' : [ 0x4, ['unsigned long']],
+} ],
+  '_TRACE_ENABLE_CONTEXT_EX' : [ 0x10, {
+    'LoggerId' : [ 0x0, ['unsigned short']],
+    'Level' : [ 0x2, ['unsigned char']],
+    'InternalFlag' : [ 0x3, ['unsigned char']],
+    'EnableFlags' : [ 0x4, ['unsigned long']],
+    'EnableFlagsHigh' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x178, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x8, ['long']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'RegListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x24, ['pointer', ['void']]],
+    'LastEnable' : [ 0x28, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x28, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x38, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x58, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x158, ['array', 8, ['pointer', ['_EVENT_FILTER_HEADER']]]],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x1e0, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x34, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x74, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x78, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x7c, ['unsigned long']],
+    'VariableLength' : [ 0x80, ['unsigned long']],
+    'DynamicCharged' : [ 0x84, ['unsigned long']],
+    'DynamicAvailable' : [ 0x88, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x8c, ['unsigned long']],
+    'UserAndGroups' : [ 0x90, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x94, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0x98, ['pointer', ['void']]],
+    'DynamicPart' : [ 0x9c, ['pointer', ['unsigned long']]],
+    'DefaultDacl' : [ 0xa0, ['pointer', ['_ACL']]],
+    'TokenType' : [ 0xa4, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xac, ['unsigned long']],
+    'TokenInUse' : [ 0xb0, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xb4, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xb8, ['unsigned long']],
+    'LogonSession' : [ 0xbc, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xc0, ['_LUID']],
+    'SidHash' : [ 0xc8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x150, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x1d8, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'VariablePart' : [ 0x1dc, ['unsigned long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x34, {
+    'Next' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x4, ['_LUID']],
+    'BuddyLogonId' : [ 0xc, ['_LUID']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'pDeviceMap' : [ 0x1c, ['pointer', ['_DEVICE_MAP']]],
+    'Token' : [ 0x20, ['pointer', ['void']]],
+    'AccountName' : [ 0x24, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x2c, ['_UNICODE_STRING']],
+} ],
+  '_OBJECT_HEADER' : [ 0x20, {
+    'PointerCount' : [ 0x0, ['long']],
+    'HandleCount' : [ 0x4, ['long']],
+    'NextToFree' : [ 0x4, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0xc, ['unsigned char']],
+    'TraceFlags' : [ 0xd, ['unsigned char']],
+    'InfoMask' : [ 0xe, ['unsigned char']],
+    'Flags' : [ 0xf, ['unsigned char']],
+    'ObjectCreateInfo' : [ 0x10, ['pointer', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x10, ['pointer', ['void']]],
+    'SecurityDescriptor' : [ 0x14, ['pointer', ['void']]],
+    'Body' : [ 0x18, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x10, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x8, {
+    'ExclusiveProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x8, {
+    'HandleCountDataBase' : [ 0x0, ['pointer', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x10, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x4, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0xc, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x10, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x8, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x14, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+    'HashIndex' : [ 0xc, ['unsigned short']],
+    'DirectoryLocked' : [ 0xe, ['unsigned char']],
+    'LockedExclusive' : [ 0xf, ['unsigned char']],
+    'LockStateSignature' : [ 0x10, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0xa8, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x94, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x98, ['pointer', ['_DEVICE_MAP']]],
+    'SessionId' : [ 0x9c, ['unsigned long']],
+    'NamespaceEntry' : [ 0xa0, ['pointer', ['void']]],
+    'Flags' : [ 0xa4, ['unsigned long']],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x4, {
+    'ImpersonationData' : [ 0x0, ['unsigned long']],
+    'ImpersonationToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS3' : [ 0x4, {
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long')]],
+    'Teb' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SequentialAccess' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'LastSequentialTrim' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 24, native_type='unsigned long')]],
+    'Spare2' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x4, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer', ['_VI_POOL_ENTRY']]],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'Reserved1' : [ 0xa8, ['array', 85, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x8, ['pointer', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'SharedWaiters' : [ 0x10, ['pointer', ['_KSEMAPHORE']]],
+    'ExclusiveWaiters' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x18, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x30, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x4, ['unsigned long']],
+    'SenderPort' : [ 0x8, ['pointer', ['void']]],
+    'RepliedToThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'PortContext' : [ 0x10, ['pointer', ['void']]],
+    'Request' : [ 0x18, ['_PORT_MESSAGE']],
+} ],
+  '_HARDWARE_PTE' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'reserved' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_DUAL' : [ 0x13c, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x4, ['pointer', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x8, ['pointer', ['_HMAP_TABLE']]],
+    'Guard' : [ 0xc, ['unsigned long']],
+    'FreeDisplay' : [ 0x10, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeSummary' : [ 0x130, ['unsigned long']],
+    'FreeBins' : [ 0x134, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x2c, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long']],
+    'MemoryBandwidth' : [ 0x14, ['unsigned long']],
+    'MaxPoolUsage' : [ 0x18, ['unsigned long']],
+    'MaxSectionSize' : [ 0x1c, ['unsigned long']],
+    'MaxViewSize' : [ 0x20, ['unsigned long']],
+    'MaxTotalSectionSize' : [ 0x24, ['unsigned long']],
+    'DupObjectTypes' : [ 0x28, ['unsigned long']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_KQUEUE' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x18, ['unsigned long']],
+    'MaximumCount' : [ 0x1c, ['unsigned long']],
+    'ThreadListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Coalescable' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KeepShifting' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'Abandoned' : [ 0x1, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CpuThrottled' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Processor' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved2' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DpcActive' : [ 0x3, ['unsigned char']],
+    'Lock' : [ 0x0, ['long']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x10, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'DontUse0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'PointerProtoPte' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'WaitResponse' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_COUNTERS' : [ 0x54, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long']],
+    'TotalMemoryCommitted' : [ 0x4, ['unsigned long']],
+    'TotalMemoryLargeUCR' : [ 0x8, ['unsigned long']],
+    'TotalSizeInVirtualBlocks' : [ 0xc, ['unsigned long']],
+    'TotalSegments' : [ 0x10, ['unsigned long']],
+    'TotalUCRs' : [ 0x14, ['unsigned long']],
+    'CommittOps' : [ 0x18, ['unsigned long']],
+    'DeCommitOps' : [ 0x1c, ['unsigned long']],
+    'LockAcquires' : [ 0x20, ['unsigned long']],
+    'LockCollisions' : [ 0x24, ['unsigned long']],
+    'CommitRate' : [ 0x28, ['unsigned long']],
+    'DecommittRate' : [ 0x2c, ['unsigned long']],
+    'CommitFailures' : [ 0x30, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x34, ['unsigned long']],
+    'CompactHeapCalls' : [ 0x38, ['unsigned long']],
+    'CompactedUCRs' : [ 0x3c, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x40, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x44, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x48, ['unsigned long']],
+    'HighWatermarkSize' : [ 0x4c, ['unsigned long']],
+    'LastPolledSize' : [ 0x50, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x10, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x8, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0xc, ['unsigned long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Count' : [ 0x8, ['unsigned long']],
+    'NumberOfEntries' : [ 0xc, ['unsigned long']],
+    'NumberOfEntriesPeak' : [ 0x10, ['unsigned long']],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0xc, ['pointer', ['void']]],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x18, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x1c, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x20, ['pointer', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Lock' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x2c, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x30, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x31, ['unsigned char']],
+    'LightestSleepState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x38, ['pointer', ['DOCK_INTERFACE']]],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0xc, {
+    'CommonDataArea' : [ 0x0, ['pointer', ['void']]],
+    'MachineType' : [ 0x4, ['unsigned long']],
+    'VirtualBias' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x24, {
+    'SidHash' : [ 0x0, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x8, ['pointer', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0xc, ['_LUID']],
+    'TokenType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x1c, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x8, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x8, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x4, ['unsigned long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x8, {
+    'Key' : [ 0x0, ['pointer', ['void']]],
+    'Index' : [ 0x4, ['unsigned long']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x1000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer', ['_HMAP_TABLE']]]],
+} ],
+  '_HANDLE_TABLE' : [ 0x3c, {
+    'TableCode' : [ 0x0, ['unsigned long']],
+    'QuotaProcess' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'UniqueProcessId' : [ 0x8, ['pointer', ['void']]],
+    'HandleLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'HandleTableList' : [ 0x10, ['_LIST_ENTRY']],
+    'HandleContentionEvent' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'DebugInfo' : [ 0x1c, ['pointer', ['_HANDLE_TRACE_DEBUG_INFO']]],
+    'ExtraInfoPages' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'StrictFIFO' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FirstFreeHandle' : [ 0x28, ['unsigned long']],
+    'LastFreeHandleEntry' : [ 0x2c, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x30, ['unsigned long']],
+    'NextHandleNeedingPool' : [ 0x34, ['unsigned long']],
+    'HandleCountHighWatermark' : [ 0x38, ['unsigned long']],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x10, {
+    'Va' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'PoolType' : [ 0x8, ['unsigned long']],
+    'NumberOfBytes' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'OneSecured' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'MultipleSecured' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'LongVad' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ExtendableFile' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x4, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x8, ['pointer', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_CM_KEY_BODY' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x8, ['pointer', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0xc, ['pointer', ['void']]],
+    'KeyBodyList' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x18, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KtmTrans' : [ 0x1c, ['pointer', ['void']]],
+    'KtmUow' : [ 0x20, ['pointer', ['_GUID']]],
+    'ContextListHead' : [ 0x24, ['_LIST_ENTRY']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x18, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'Object' : [ 0xc, ['pointer', ['void']]],
+    'NextWaitBlock' : [ 0x10, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitKey' : [ 0x14, ['unsigned short']],
+    'WaitType' : [ 0x16, ['unsigned char']],
+    'BlockState' : [ 0x17, ['unsigned char']],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProtoAddressLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProtoAddressHigh' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['_KAFFINITY_EX']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x54, ['unsigned long']],
+} ],
+  '__unnamed_1c9d' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c9f' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_1c9d']],
+    'Private' : [ 0x0, ['__unnamed_1c9f']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x10, {
+    'IssueType' : [ 0x0, ['unsigned long']],
+    'Address' : [ 0x4, ['pointer', ['void']]],
+    'Parameters' : [ 0x8, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DirtyPages' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x8, {
+    'ExceptionRecord' : [ 0x0, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x4, ['pointer', ['_CONTEXT']]],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x1c, {
+    'ObjectHeader' : [ 0x0, ['pointer', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x18, ['unsigned short']],
+    'MaxStacks' : [ 0x1a, ['unsigned short']],
+    'StackInfo' : [ 0x1c, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0xc, {
+    'SecurityContext' : [ 0x0, ['_IMAGE_SECURITY_CONTEXT']],
+    'DynamicRelocations' : [ 0x4, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0x8, ['long']],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x40, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'TagIndex' : [ 0xc, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xe, ['unsigned short']],
+    'TagName' : [ 0x10, ['array', 24, ['wchar']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '__unnamed_1cc1' : [ 0x8, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'Secured' : [ 0x0, ['_MMADDRESS_LIST']],
+} ],
+  '__unnamed_1cc7' : [ 0x4, {
+    'Banked' : [ 0x0, ['pointer', ['_MMBANKED_SECTION']]],
+    'ExtendedInfo' : [ 0x0, ['pointer', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD_LONG' : [ 0x48, {
+    'u1' : [ 0x0, ['__unnamed_1584']],
+    'LeftChild' : [ 0x4, ['pointer', ['_MMVAD']]],
+    'RightChild' : [ 0x8, ['pointer', ['_MMVAD']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u' : [ 0x14, ['__unnamed_1587']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x1c, ['__unnamed_158a']],
+    'u2' : [ 0x20, ['__unnamed_1597']],
+    'Subsection' : [ 0x24, ['pointer', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x2c, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x30, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x38, ['pointer', ['_EPROCESS']]],
+    'u3' : [ 0x3c, ['__unnamed_1cc1']],
+    'u4' : [ 0x44, ['__unnamed_1cc7']],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x4, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 12, native_type='unsigned long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_NT_TIB' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x4, ['pointer', ['void']]],
+    'StackLimit' : [ 0x8, ['pointer', ['void']]],
+    'SubSystemTib' : [ 0xc, ['pointer', ['void']]],
+    'FiberData' : [ 0x10, ['pointer', ['void']]],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['pointer', ['void']]],
+    'Self' : [ 0x18, ['pointer', ['_NT_TIB']]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_EJOB' : [ 0x138, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x20, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0x60, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0x68, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'TotalPageFaultCount' : [ 0x78, ['unsigned long']],
+    'TotalProcesses' : [ 0x7c, ['unsigned long']],
+    'ActiveProcesses' : [ 0x80, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0x84, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0x88, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0x90, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0x98, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x9c, ['unsigned long']],
+    'LimitFlags' : [ 0xa0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xa4, ['unsigned long']],
+    'Affinity' : [ 0xa8, ['_KAFFINITY_EX']],
+    'PriorityClass' : [ 0xb4, ['unsigned char']],
+    'AccessState' : [ 0xb8, ['pointer', ['_JOB_ACCESS_STATE']]],
+    'UIRestrictionsClass' : [ 0xbc, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0xc0, ['unsigned long']],
+    'CompletionPort' : [ 0xc4, ['pointer', ['void']]],
+    'CompletionKey' : [ 0xc8, ['pointer', ['void']]],
+    'SessionId' : [ 0xcc, ['unsigned long']],
+    'SchedulingClass' : [ 0xd0, ['unsigned long']],
+    'ReadOperationCount' : [ 0xd8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0xe0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0xe8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0xf0, ['unsigned long long']],
+    'WriteTransferCount' : [ 0xf8, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x100, ['unsigned long long']],
+    'ProcessMemoryLimit' : [ 0x108, ['unsigned long']],
+    'JobMemoryLimit' : [ 0x10c, ['unsigned long']],
+    'PeakProcessMemoryUsed' : [ 0x110, ['unsigned long']],
+    'PeakJobMemoryUsed' : [ 0x114, ['unsigned long']],
+    'CurrentJobMemoryUsed' : [ 0x118, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x120, ['_EX_PUSH_LOCK']],
+    'JobSetLinks' : [ 0x124, ['_LIST_ENTRY']],
+    'MemberLevel' : [ 0x12c, ['unsigned long']],
+    'JobFlags' : [ 0x130, ['unsigned long']],
+} ],
+  '__unnamed_1cd8' : [ 0x4, {
+    'AsULONG' : [ 0x0, ['unsigned long']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HvMaxCState' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x60, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['__unnamed_1cd8']],
+    'TargetState' : [ 0x8, ['unsigned long']],
+    'ActualState' : [ 0xc, ['unsigned long']],
+    'OldState' : [ 0x10, ['unsigned long']],
+    'TargetProcessors' : [ 0x14, ['_KAFFINITY_EX']],
+    'State' : [ 0x20, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '__unnamed_1ce1' : [ 0x10, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x14, {
+    'FirmwareTypeEfi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_1ce1']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x50, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x8, ['pointer', ['void']]],
+    'ProcessObject' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x10, ['pointer', ['void']]],
+    'RealtimeConnectContext' : [ 0x14, ['pointer', ['void']]],
+    'DisconnectEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x1c, ['pointer', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x20, ['pointer', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x24, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x28, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x2c, ['unsigned long']],
+    'LoggerId' : [ 0x30, ['unsigned long']],
+    'ShutDownRequested' : [ 0x34, ['unsigned char']],
+    'NewBuffersLost' : [ 0x35, ['unsigned char']],
+    'Disconnected' : [ 0x36, ['unsigned char']],
+    'ReservedBufferSpaceBitMap' : [ 0x38, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x40, ['pointer', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x44, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x48, ['unsigned long']],
+    'UserPagesReused' : [ 0x4c, ['unsigned long']],
+} ],
+  '__unnamed_1cea' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_1cf0' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1cf2' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_1cea']],
+    'Bits' : [ 0x0, ['__unnamed_1cf0']],
+} ],
+  '_KGDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_1cf2']],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x4, ['_KGUARDED_MUTEX']],
+    'NonPagedLock' : [ 0x4, ['unsigned long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'RunningDeAllocs' : [ 0x44, ['long']],
+    'TotalBigPages' : [ 0x48, ['long']],
+    'ThreadsProcessingDeferrals' : [ 0x4c, ['long']],
+    'TotalBytes' : [ 0x50, ['unsigned long']],
+    'PoolIndex' : [ 0x80, ['unsigned long']],
+    'TotalPages' : [ 0xc0, ['long']],
+    'PendingFrees' : [ 0x100, ['pointer', ['pointer', ['void']]]],
+    'PendingFreeDepth' : [ 0x104, ['long']],
+    'ListHeads' : [ 0x140, ['array', 512, ['_LIST_ENTRY']]],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0xc, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x1c, {
+    'DriverObject' : [ 0x0, ['pointer', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x4, ['pointer', ['void']]],
+    'Count' : [ 0x8, ['unsigned long']],
+    'ServiceKeyName' : [ 0xc, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x14, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x18, ['pointer', ['_FS_FILTER_CALLBACKS']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x2c, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x8, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x14, ['pointer', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x18, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x18, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_KINTERRUPT' : [ 0x278, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0xc, ['pointer', ['void']]],
+    'MessageServiceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'MessageIndex' : [ 0x14, ['unsigned long']],
+    'ServiceContext' : [ 0x18, ['pointer', ['void']]],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'TickCount' : [ 0x20, ['unsigned long']],
+    'ActualLock' : [ 0x24, ['pointer', ['unsigned long']]],
+    'DispatchAddress' : [ 0x28, ['pointer', ['void']]],
+    'Vector' : [ 0x2c, ['unsigned long']],
+    'Irql' : [ 0x30, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x31, ['unsigned char']],
+    'FloatingSave' : [ 0x32, ['unsigned char']],
+    'Connected' : [ 0x33, ['unsigned char']],
+    'Number' : [ 0x34, ['unsigned long']],
+    'ShareVector' : [ 0x38, ['unsigned char']],
+    'Pad' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'Mode' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptActiveHigh', 2: 'InterruptActiveLow'})]],
+    'ServiceCount' : [ 0x44, ['unsigned long']],
+    'DispatchCount' : [ 0x48, ['unsigned long']],
+    'Rsvd1' : [ 0x50, ['unsigned long long']],
+    'DispatchCode' : [ 0x58, ['array', 135, ['unsigned long']]],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'ObAttributes' : [ 0x0, ['unsigned long']],
+    'InfoTable' : [ 0x0, ['pointer', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+    'GrantedAccessIndex' : [ 0x4, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x6, ['unsigned short']],
+    'NextFreeTableEntry' : [ 0x4, ['unsigned long']],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x18, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x4, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0xc, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x58, {
+    'FileName' : [ 0x0, ['pointer', ['unsigned short']]],
+    'BaseName' : [ 0x4, ['pointer', ['unsigned short']]],
+    'RegRootName' : [ 0x8, ['pointer', ['unsigned short']]],
+    'CmHive' : [ 0xc, ['pointer', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x10, ['unsigned long']],
+    'CmHiveFlags' : [ 0x14, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x18, ['unsigned long']],
+    'CmHive2' : [ 0x1c, ['pointer', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x20, ['unsigned char']],
+    'ThreadFinished' : [ 0x21, ['unsigned char']],
+    'ThreadStarted' : [ 0x22, ['unsigned char']],
+    'Allocate' : [ 0x23, ['unsigned char']],
+    'WinPERequired' : [ 0x24, ['unsigned char']],
+    'StartEvent' : [ 0x28, ['_KEVENT']],
+    'FinishedEvent' : [ 0x38, ['_KEVENT']],
+    'MountLock' : [ 0x48, ['_KEVENT']],
+} ],
+  '_CONTEXT' : [ 0x2cc, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+    'Dr0' : [ 0x4, ['unsigned long']],
+    'Dr1' : [ 0x8, ['unsigned long']],
+    'Dr2' : [ 0xc, ['unsigned long']],
+    'Dr3' : [ 0x10, ['unsigned long']],
+    'Dr6' : [ 0x14, ['unsigned long']],
+    'Dr7' : [ 0x18, ['unsigned long']],
+    'FloatSave' : [ 0x1c, ['_FLOATING_SAVE_AREA']],
+    'SegGs' : [ 0x8c, ['unsigned long']],
+    'SegFs' : [ 0x90, ['unsigned long']],
+    'SegEs' : [ 0x94, ['unsigned long']],
+    'SegDs' : [ 0x98, ['unsigned long']],
+    'Edi' : [ 0x9c, ['unsigned long']],
+    'Esi' : [ 0xa0, ['unsigned long']],
+    'Ebx' : [ 0xa4, ['unsigned long']],
+    'Edx' : [ 0xa8, ['unsigned long']],
+    'Ecx' : [ 0xac, ['unsigned long']],
+    'Eax' : [ 0xb0, ['unsigned long']],
+    'Ebp' : [ 0xb4, ['unsigned long']],
+    'Eip' : [ 0xb8, ['unsigned long']],
+    'SegCs' : [ 0xbc, ['unsigned long']],
+    'EFlags' : [ 0xc0, ['unsigned long']],
+    'Esp' : [ 0xc4, ['unsigned long']],
+    'SegSs' : [ 0xc8, ['unsigned long']],
+    'ExtendedRegisters' : [ 0xcc, ['array', 512, ['unsigned char']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x10, {
+    'Handles' : [ 0x0, ['pointer', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x8, {
+    'Port' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x100, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 62, ['pointer', ['void']]]],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'CallingAddress' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long']],
+    'Tag' : [ 0xc, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x54, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'Mdl' : [ 0xc, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x10, ['pointer', ['void']]],
+    'UserLimit' : [ 0x14, ['pointer', ['void']]],
+    'DataUserVa' : [ 0x18, ['pointer', ['void']]],
+    'SystemVa' : [ 0x1c, ['pointer', ['void']]],
+    'TotalSize' : [ 0x20, ['unsigned long']],
+    'Header' : [ 0x24, ['pointer', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x28, ['pointer', ['void']]],
+    'ListSize' : [ 0x2c, ['unsigned long']],
+    'Bitmap' : [ 0x30, ['pointer', ['void']]],
+    'BitmapSize' : [ 0x34, ['unsigned long']],
+    'Data' : [ 0x38, ['pointer', ['void']]],
+    'DataSize' : [ 0x3c, ['unsigned long']],
+    'BitmapLimit' : [ 0x40, ['unsigned long']],
+    'BitmapNextHint' : [ 0x44, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x48, ['unsigned long']],
+    'AttributeFlags' : [ 0x4c, ['unsigned long']],
+    'AttributeSize' : [ 0x50, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_LAZY_WRITER' : [ 0x50, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x20, ['_KTIMER']],
+    'ScanActive' : [ 0x48, ['unsigned char']],
+    'OtherWork' : [ 0x49, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x4a, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x4b, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x4c, ['unsigned char']],
+    'PendingPowerScan' : [ 0x4d, ['unsigned char']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x44, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer', ['unsigned char']]],
+    'DataPortMapped' : [ 0xc, ['unsigned char']],
+    'AddressPort' : [ 0x10, ['pointer', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x14, ['unsigned char']],
+    'CommandPort' : [ 0x18, ['pointer', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x1c, ['unsigned char']],
+    'NextSlotNumber' : [ 0x20, ['unsigned long']],
+    'DeviceList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x2c, ['pointer', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x30, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x38, ['unsigned long']],
+    'SystemPowerState' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x8, {
+    'Sid' : [ 0x0, ['pointer', ['void']]],
+    'Attributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_IO_WORKITEM' : [ 0x20, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x10, ['pointer', ['void']]],
+    'IoObject' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'Type' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_RM' : [ 0x58, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x10, ['pointer', ['void']]],
+    'Tm' : [ 0x14, ['pointer', ['void']]],
+    'RmHandle' : [ 0x18, ['pointer', ['void']]],
+    'KtmRm' : [ 0x1c, ['pointer', ['void']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'ContainerNum' : [ 0x24, ['unsigned long']],
+    'ContainerSize' : [ 0x28, ['unsigned long long']],
+    'CmHive' : [ 0x30, ['pointer', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x34, ['pointer', ['void']]],
+    'MarshallingContext' : [ 0x38, ['pointer', ['void']]],
+    'RmFlags' : [ 0x3c, ['unsigned long']],
+    'LogStartStatus1' : [ 0x40, ['long']],
+    'LogStartStatus2' : [ 0x44, ['long']],
+    'BaseLsn' : [ 0x48, ['unsigned long long']],
+    'RmLock' : [ 0x50, ['pointer', ['_ERESOURCE']]],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 19, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 23, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MMWSLE_HASH' : [ 0x4, {
+    'Index' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x18, {
+    'AllocAddress' : [ 0x0, ['unsigned long']],
+    'AllocTag' : [ 0x4, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x8, ['unsigned long']],
+    'ReAllocTag' : [ 0xc, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x10, ['unsigned long']],
+    'FreeTag' : [ 0x14, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0xc, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x8, ['pointer', ['void']]],
+    'CallersCaller' : [ 0xc, ['pointer', ['void']]],
+    'CallCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x8, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'Flags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0x6, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'OldIrql' : [ 0x4, ['unsigned char']],
+    'NewIrql' : [ 0x5, ['unsigned char']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'TickCount' : [ 0x8, ['unsigned long']],
+    'StackTrace' : [ 0xc, ['array', 5, ['pointer', ['void']]]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x64, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x8, ['unsigned long']],
+    'CallerEvent' : [ 0xc, ['pointer', ['_KEVENT']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'VetoType' : [ 0x18, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x1c, ['pointer', ['_UNICODE_STRING']]],
+    'Data' : [ 0x20, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0xc, {
+    'AnsiCodePageData' : [ 0x0, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x4, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_ALIGNED_AFFINITY_SUMMARY' : [ 0x40, {
+    'CpuSet' : [ 0x0, ['_KAFFINITY_EX']],
+    'SMTSet' : [ 0xc, ['_KAFFINITY_EX']],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x210, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OptimizedSave' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Features' : [ 0x10, ['array', 64, ['_XSTATE_FEATURE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x2c, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'RealRefCount' : [ 0x14, ['unsigned long']],
+    'Descriptor' : [ 0x18, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x1c, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['long']],
+    'NonPagedFrees' : [ 0x8, ['long']],
+    'NonPagedBytes' : [ 0xc, ['unsigned long']],
+    'PagedAllocs' : [ 0x10, ['unsigned long']],
+    'PagedFrees' : [ 0x14, ['unsigned long']],
+    'PagedBytes' : [ 0x18, ['unsigned long']],
+} ],
+  '_MM_SUBSECTION_AVL_TABLE' : [ 0x20, {
+    'BalancedRoot' : [ 0x0, ['_MMSUBSECTION_NODE']],
+    'DepthOfTree' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'Unused' : [ 0x18, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'NumberGenericTableElements' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'NodeHint' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x4, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'Padding0' : [ 0x20, ['array', 2, ['unsigned long']]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer', ['void']]],
+    'Pointer1' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0xc8, {
+    'IdleStates' : [ 0x0, ['pointer', ['_PPM_IDLE_STATES']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleAccounting' : [ 0x20, ['pointer', ['_PROC_IDLE_ACCOUNTING']]],
+    'Hypervisor' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower'})]],
+    'PerfHistoryTotal' : [ 0x28, ['unsigned long']],
+    'ThermalConstraint' : [ 0x2c, ['unsigned char']],
+    'PerfHistoryCount' : [ 0x2d, ['unsigned char']],
+    'PerfHistorySlot' : [ 0x2e, ['unsigned char']],
+    'Reserved' : [ 0x2f, ['unsigned char']],
+    'LastSysTime' : [ 0x30, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0x34, ['unsigned long']],
+    'WmiInterfaceEnabled' : [ 0x38, ['long']],
+    'FFHThrottleStateInfo' : [ 0x40, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x60, ['_KDPC']],
+    'PerfActionMask' : [ 0x80, ['long']],
+    'IdleCheck' : [ 0x88, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x98, ['_PROC_IDLE_SNAP']],
+    'Domain' : [ 0xa8, ['pointer', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0xac, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'Load' : [ 0xb0, ['pointer', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0xb4, ['pointer', ['_PROC_HISTORY_ENTRY']]],
+    'Utility' : [ 0xb8, ['unsigned long']],
+    'OverUtilizedHistory' : [ 0xbc, ['unsigned long']],
+    'AffinityCount' : [ 0xc0, ['unsigned long']],
+    'AffinityHistory' : [ 0xc4, ['unsigned long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMPFNENTRY' : [ 0x2, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Priority' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Rom' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'KernelStack' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEGMENT_OBJECT' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SizeOfSegment' : [ 0x8, ['_LARGE_INTEGER']],
+    'NonExtendedPtes' : [ 0x10, ['unsigned long']],
+    'ImageCommitment' : [ 0x14, ['unsigned long']],
+    'ControlArea' : [ 0x18, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x1c, ['pointer', ['_SUBSECTION']]],
+    'MmSectionFlags' : [ 0x20, ['pointer', ['_MMSECTION_FLAGS']]],
+    'MmSubSectionFlags' : [ 0x24, ['pointer', ['_MMSUBSECTION_FLAGS']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x20, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_KTSS' : [ 0x20ac, {
+    'Backlink' : [ 0x0, ['unsigned short']],
+    'Reserved0' : [ 0x2, ['unsigned short']],
+    'Esp0' : [ 0x4, ['unsigned long']],
+    'Ss0' : [ 0x8, ['unsigned short']],
+    'Reserved1' : [ 0xa, ['unsigned short']],
+    'NotUsed1' : [ 0xc, ['array', 4, ['unsigned long']]],
+    'CR3' : [ 0x1c, ['unsigned long']],
+    'Eip' : [ 0x20, ['unsigned long']],
+    'EFlags' : [ 0x24, ['unsigned long']],
+    'Eax' : [ 0x28, ['unsigned long']],
+    'Ecx' : [ 0x2c, ['unsigned long']],
+    'Edx' : [ 0x30, ['unsigned long']],
+    'Ebx' : [ 0x34, ['unsigned long']],
+    'Esp' : [ 0x38, ['unsigned long']],
+    'Ebp' : [ 0x3c, ['unsigned long']],
+    'Esi' : [ 0x40, ['unsigned long']],
+    'Edi' : [ 0x44, ['unsigned long']],
+    'Es' : [ 0x48, ['unsigned short']],
+    'Reserved2' : [ 0x4a, ['unsigned short']],
+    'Cs' : [ 0x4c, ['unsigned short']],
+    'Reserved3' : [ 0x4e, ['unsigned short']],
+    'Ss' : [ 0x50, ['unsigned short']],
+    'Reserved4' : [ 0x52, ['unsigned short']],
+    'Ds' : [ 0x54, ['unsigned short']],
+    'Reserved5' : [ 0x56, ['unsigned short']],
+    'Fs' : [ 0x58, ['unsigned short']],
+    'Reserved6' : [ 0x5a, ['unsigned short']],
+    'Gs' : [ 0x5c, ['unsigned short']],
+    'Reserved7' : [ 0x5e, ['unsigned short']],
+    'LDT' : [ 0x60, ['unsigned short']],
+    'Reserved8' : [ 0x62, ['unsigned short']],
+    'Flags' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+    'IoMaps' : [ 0x68, ['array', 1, ['_KiIoAccessMap']]],
+    'IntDirectionMap' : [ 0x208c, ['array', 32, ['unsigned char']]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_KIDTENTRY' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'Access' : [ 0x4, ['unsigned short']],
+    'ExtendedOffset' : [ 0x6, ['unsigned short']],
+} ],
+  'DOCK_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x10, ['pointer', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x14, ['pointer', ['void']]],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0xc, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x4, ['pointer', ['void']]],
+    'DataLength' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'ModwriterAttached' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'TrimHard' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'MemoryPriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Available' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER' : [ 0xe0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'ImageBase' : [ 0x1c, ['unsigned long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long']],
+    'SizeOfStackCommit' : [ 0x4c, ['unsigned long']],
+    'SizeOfHeapReserve' : [ 0x50, ['unsigned long']],
+    'SizeOfHeapCommit' : [ 0x54, ['unsigned long']],
+    'LoaderFlags' : [ 0x58, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x5c, ['unsigned long']],
+    'DataDirectory' : [ 0x60, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'ActiveCount' : [ 0x8, ['unsigned long']],
+    'PendingNullCount' : [ 0xc, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x10, ['unsigned long']],
+    'PendingDelete' : [ 0x14, ['unsigned long']],
+    'FreeListHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x1c, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x20, ['pointer', ['void']]],
+    'Entry' : [ 0x24, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderReserve', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderMaximum'})]],
+    'BasePage' : [ 0xc, ['unsigned long']],
+    'PageCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x8, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x4, ['pointer', ['pointer', ['_CM_KCB_UOW']]]],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x2c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'BucketLimits' : [ 0x18, ['array', 16, ['unsigned long long']]],
+    'State' : [ 0x98, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x4c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['unsigned long']],
+    'SamplingPeriod' : [ 0x10, ['unsigned long']],
+    'CurrentTemperature' : [ 0x14, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0x84, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long']],
+    'NonPagedBytes' : [ 0x54, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x5c, ['unsigned long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x60, ['unsigned long']],
+    'SessionTrims' : [ 0x64, ['unsigned long']],
+    'OptionChanges' : [ 0x68, ['unsigned long']],
+    'VerifyMode' : [ 0x6c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x70, ['_UNICODE_STRING']],
+    'ActivityCounter' : [ 0x78, ['unsigned long']],
+    'PreviousActivityCounter' : [ 0x7c, ['unsigned long']],
+    'WorkerTrimRequests' : [ 0x80, ['unsigned long']],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x24, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0xc, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x4, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_OWNER_ENTRY' : [ 0x8, {
+    'OwnerThread' : [ 0x0, ['unsigned long']],
+    'IoPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0x98, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'TimerApc' : [ 0x28, ['_KAPC']],
+    'TimerDpc' : [ 0x58, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'Lock' : [ 0x80, ['unsigned long']],
+    'Period' : [ 0x84, ['long']],
+    'ApcAssociated' : [ 0x88, ['unsigned char']],
+    'WakeReason' : [ 0x8c, ['pointer', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x90, ['_LIST_ENTRY']],
+} ],
+  '_FREE_DISPLAY' : [ 0xc, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Display' : [ 0x4, ['_RTL_BITMAP']],
+} ],
+  '_POOL_BLOCK_HEAD' : [ 0x10, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1e46' : [ 0x4, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'StartVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_1e46']],
+    'EndVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x5ec, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x4, ['pointer', ['_KEVENT']]],
+    'Name' : [ 0x8, ['pointer', ['unsigned short']]],
+    'OrderingName' : [ 0xc, ['pointer', ['unsigned short']]],
+    'ResourceType' : [ 0x10, ['long']],
+    'Allocation' : [ 0x14, ['pointer', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x18, ['pointer', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x1c, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x24, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x2c, ['long']],
+    'Interface' : [ 0x30, ['pointer', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x34, ['unsigned long']],
+    'AllocationStack' : [ 0x38, ['pointer', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x3c, ['pointer', ['void']]],
+    'PackResource' : [ 0x40, ['pointer', ['void']]],
+    'UnpackResource' : [ 0x44, ['pointer', ['void']]],
+    'ScoreRequirement' : [ 0x48, ['pointer', ['void']]],
+    'TestAllocation' : [ 0x4c, ['pointer', ['void']]],
+    'RetestAllocation' : [ 0x50, ['pointer', ['void']]],
+    'CommitAllocation' : [ 0x54, ['pointer', ['void']]],
+    'RollbackAllocation' : [ 0x58, ['pointer', ['void']]],
+    'BootAllocation' : [ 0x5c, ['pointer', ['void']]],
+    'QueryArbitrate' : [ 0x60, ['pointer', ['void']]],
+    'QueryConflict' : [ 0x64, ['pointer', ['void']]],
+    'AddReserved' : [ 0x68, ['pointer', ['void']]],
+    'StartArbiter' : [ 0x6c, ['pointer', ['void']]],
+    'PreprocessEntry' : [ 0x70, ['pointer', ['void']]],
+    'AllocateEntry' : [ 0x74, ['pointer', ['void']]],
+    'GetNextAllocationRange' : [ 0x78, ['pointer', ['void']]],
+    'FindSuitableRange' : [ 0x7c, ['pointer', ['void']]],
+    'AddAllocation' : [ 0x80, ['pointer', ['void']]],
+    'BacktrackAllocation' : [ 0x84, ['pointer', ['void']]],
+    'OverrideConflict' : [ 0x88, ['pointer', ['void']]],
+    'InitializeRangeList' : [ 0x8c, ['pointer', ['void']]],
+    'TransactionInProgress' : [ 0x90, ['unsigned char']],
+    'TransactionEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'Extension' : [ 0x98, ['pointer', ['void']]],
+    'BusDeviceObject' : [ 0x9c, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0xa0, ['pointer', ['void']]],
+    'ConflictCallback' : [ 0xa4, ['pointer', ['void']]],
+    'PdoDescriptionString' : [ 0xa8, ['array', 336, ['wchar']]],
+    'PdoSymbolicNameString' : [ 0x348, ['array', 672, ['unsigned char']]],
+    'PdoAddressString' : [ 0x5e8, ['array', 1, ['wchar']]],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x10, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x8, ['unsigned long']],
+    'Inserted' : [ 0xc, ['unsigned char']],
+} ],
+  '__unnamed_1e9f' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1ea1' : [ 0x8, {
+    'Last' : [ 0x0, ['unsigned long']],
+    'u' : [ 0x4, ['__unnamed_1e9f']],
+} ],
+  '__unnamed_1ea3' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_1e9f']],
+} ],
+  '__unnamed_1ea5' : [ 0x8, {
+    'OldCell' : [ 0x0, ['__unnamed_1ea1']],
+    'NewCell' : [ 0x0, ['__unnamed_1ea3']],
+} ],
+  '_HCELL' : [ 0xc, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_1ea5']],
+} ],
+  '_HMAP_TABLE' : [ 0x2000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x24, {
+    'Prcb' : [ 0x0, ['pointer', ['_KPRCB']]],
+    'PerfContext' : [ 0x4, ['unsigned long']],
+    'PercentageCap' : [ 0x8, ['unsigned long']],
+    'ThermalCap' : [ 0xc, ['unsigned long']],
+    'TargetFrequency' : [ 0x10, ['unsigned long']],
+    'AcumulatedFullFrequency' : [ 0x14, ['unsigned long']],
+    'AcumulatedZeroFrequency' : [ 0x18, ['unsigned long']],
+    'FrequencyHistoryTotal' : [ 0x1c, ['unsigned long']],
+    'AverageFrequency' : [ 0x20, ['unsigned long']],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x18, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x8, ['long']],
+    'Misses' : [ 0xc, ['unsigned long']],
+    'MissesLast' : [ 0x10, ['unsigned long']],
+    'Pad0' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1eba' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1ebe' : [ 0x14, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_1ec0' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1ec2' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_1ec4' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1ec6' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1ec8' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1eca' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1ecc' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1ece' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_1eba']],
+    'Memory' : [ 0x0, ['__unnamed_1eba']],
+    'Interrupt' : [ 0x0, ['__unnamed_1ebe']],
+    'Dma' : [ 0x0, ['__unnamed_1ec0']],
+    'Generic' : [ 0x0, ['__unnamed_1eba']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_1ec2']],
+    'BusNumber' : [ 0x0, ['__unnamed_1ec4']],
+    'ConfigData' : [ 0x0, ['__unnamed_1ec6']],
+    'Memory40' : [ 0x0, ['__unnamed_1ec8']],
+    'Memory48' : [ 0x0, ['__unnamed_1eca']],
+    'Memory64' : [ 0x0, ['__unnamed_1ecc']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_1ece']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x150, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'State' : [ 0x8, ['unsigned char']],
+    'Flags' : [ 0x9, ['unsigned char']],
+    'Mode' : [ 0xa, ['unsigned char']],
+    'PendingMode' : [ 0xb, ['unsigned char']],
+    'ActivePoint' : [ 0xc, ['unsigned char']],
+    'PendingActivePoint' : [ 0xd, ['unsigned char']],
+    'Throttle' : [ 0x10, ['long']],
+    'LastTime' : [ 0x18, ['unsigned long long']],
+    'SampleRate' : [ 0x20, ['unsigned long']],
+    'LastTemp' : [ 0x24, ['unsigned long']],
+    'PassiveTimer' : [ 0x28, ['_KTIMER']],
+    'PassiveDpc' : [ 0x50, ['_KDPC']],
+    'OverThrottled' : [ 0x70, ['_POP_ACTION_TRIGGER']],
+    'Irp' : [ 0x80, ['pointer', ['_IRP']]],
+    'Info' : [ 0x84, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0xe0, ['_LARGE_INTEGER']],
+    'Metrics' : [ 0xe8, ['_POP_THERMAL_ZONE_METRICS']],
+} ],
+  '_MMPTE_LIST' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 10, native_type='unsigned long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0xc, {
+    'NextPage' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'VerifierEntry' : [ 0x4, ['pointer', ['void']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0x80, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0xc, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x2c, ['unsigned long']],
+    'TraceDb' : [ 0x30, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_CM_WORKITEM' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x8, ['unsigned long']],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Parameter' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_POP_THERMAL_ZONE_METRICS' : [ 0x68, {
+    'MetricsResource' : [ 0x0, ['_ERESOURCE']],
+    'ActiveCount' : [ 0x38, ['unsigned long']],
+    'PassiveCount' : [ 0x3c, ['unsigned long']],
+    'LastActiveStartTick' : [ 0x40, ['_LARGE_INTEGER']],
+    'AverageActiveTime' : [ 0x48, ['_LARGE_INTEGER']],
+    'LastPassiveStartTick' : [ 0x50, ['_LARGE_INTEGER']],
+    'AveragePassiveTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'StartTickSinceLastReset' : [ 0x60, ['_LARGE_INTEGER']],
+} ],
+  '_CM_TRANS' : [ 0x68, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KtmTrans' : [ 0x18, ['pointer', ['void']]],
+    'CmRm' : [ 0x1c, ['pointer', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x20, ['pointer', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x24, ['pointer', ['void']]],
+    'KtmUow' : [ 0x28, ['_GUID']],
+    'StartLsn' : [ 0x38, ['unsigned long long']],
+    'TransState' : [ 0x40, ['unsigned long']],
+    'HiveCount' : [ 0x44, ['unsigned long']],
+    'HiveArray' : [ 0x48, ['array', 7, ['pointer', ['_CMHIVE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'Stamp' : [ 0x10, ['unsigned long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x2c, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ProbeMode' : [ 0x8, ['unsigned char']],
+    'PagedPoolCharge' : [ 0xc, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x10, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x14, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x18, ['pointer', ['void']]],
+    'SecurityQos' : [ 0x1c, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x20, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x4, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x8, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+    'ContentionCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x1c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x1e, ['unsigned short']],
+} ],
+  '_POOL_HACKER' : [ 0x28, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'Contents' : [ 0x8, ['array', 8, ['unsigned long']]],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x8, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x4, ['array', 1, ['pointer', ['void']]]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0xc, {
+    'DataSectionObject' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['void']]],
+    'ImageSectionObject' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_VF_BTS_DATA_MANAGEMENT_AREA' : [ 0x34, {
+    'BTSBufferBase' : [ 0x0, ['pointer', ['void']]],
+    'BTSIndex' : [ 0x4, ['pointer', ['void']]],
+    'BTSMax' : [ 0x8, ['pointer', ['void']]],
+    'BTSInterruptThreshold' : [ 0xc, ['pointer', ['void']]],
+    'PEBSBufferBase' : [ 0x10, ['pointer', ['void']]],
+    'PEBSIndex' : [ 0x14, ['pointer', ['void']]],
+    'PEBSMax' : [ 0x18, ['pointer', ['void']]],
+    'PEBSInterruptThreshold' : [ 0x1c, ['pointer', ['void']]],
+    'PEBSCounterReset' : [ 0x20, ['array', 2, ['pointer', ['void']]]],
+    'Reserved' : [ 0x28, ['array', 12, ['unsigned char']]],
+} ],
+  '_FLOATING_SAVE_AREA' : [ 0x70, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+    'Cr0NpxState' : [ 0x6c, ['unsigned long']],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1c, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1b, ['unsigned char']],
+} ],
+  '__unnamed_1f0d' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1f0f' : [ 0xc, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_1f0d']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x18, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'u1' : [ 0x8, ['__unnamed_1f0f']],
+    'VerifiedData' : [ 0x14, ['pointer', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '__unnamed_1f17' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f19' : [ 0x2, {
+    'DeviceIds' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f1b' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f1d' : [ 0x8, {
+    'NotificationStructure' : [ 0x0, ['pointer', ['void']]],
+    'DeviceIds' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f1f' : [ 0x4, {
+    'Notification' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1f21' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1f23' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f25' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_1f27' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f29' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_1f2b' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_1f17']],
+    'TargetDevice' : [ 0x0, ['__unnamed_1f19']],
+    'InstallDevice' : [ 0x0, ['__unnamed_1f1b']],
+    'CustomNotification' : [ 0x0, ['__unnamed_1f1d']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_1f1f']],
+    'PowerNotification' : [ 0x0, ['__unnamed_1f21']],
+    'VetoNotification' : [ 0x0, ['__unnamed_1f23']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_1f25']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_1f27']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_1f29']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_1f1b']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x44, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalSize' : [ 0x1c, ['unsigned long']],
+    'DeviceObject' : [ 0x20, ['pointer', ['void']]],
+    'u' : [ 0x24, ['__unnamed_1f2b']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x8, ['unsigned long']],
+    'Unloads' : [ 0xc, ['unsigned long']],
+    'BaseName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x4, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x88, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x8, ['array', 32, ['unsigned long']]],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Reserved2' : [ 0x14, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer', ['void']]],
+    'Reserved3' : [ 0x1c, ['unsigned long']],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 8, ['_M128A']]],
+    'Reserved4' : [ 0x120, ['array', 192, ['unsigned char']]],
+    'StackControl' : [ 0x1e0, ['array', 7, ['unsigned long']]],
+    'Cr0NpxState' : [ 0x1fc, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0x88, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x18, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x20, ['long long']],
+    'BitmapRange1' : [ 0x28, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x48, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x68, ['_BITMAP_RANGE']],
+} ],
+  '_PS_CPU_QUOTA_BLOCK' : [ 0x880, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'CpuShareWeight' : [ 0xc, ['unsigned long']],
+    'CapturedWeightData' : [ 0x10, ['_PSP_CPU_SHARE_CAPTURED_WEIGHT_DATA']],
+    'DuplicateInputMarker' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x18, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x18, ['long']],
+    'BlockCurrentGenerationLock' : [ 0x0, ['unsigned long']],
+    'CyclesAccumulated' : [ 0x8, ['unsigned long long']],
+    'CycleCredit' : [ 0x40, ['unsigned long long']],
+    'BlockCurrentGeneration' : [ 0x48, ['unsigned long']],
+    'CpuCyclePercent' : [ 0x4c, ['unsigned long']],
+    'CyclesFinishedForCurrentGeneration' : [ 0x50, ['unsigned char']],
+    'Cpu' : [ 0x80, ['array', 32, ['_PS_PER_CPU_QUOTA_CACHE_AWARE']]],
+} ],
+  '__unnamed_1f46' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_1f46']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'BusExtension' : [ 0x4, ['pointer', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['unsigned long']],
+    'RealKcb' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x14, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Busy' : [ 0x10, ['unsigned char']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x50, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer', ['void']]],
+    'OpenProcedure' : [ 0x34, ['pointer', ['void']]],
+    'CloseProcedure' : [ 0x38, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x3c, ['pointer', ['void']]],
+    'ParseProcedure' : [ 0x40, ['pointer', ['void']]],
+    'SecurityProcedure' : [ 0x44, ['pointer', ['void']]],
+    'QueryNameProcedure' : [ 0x48, ['pointer', ['void']]],
+    'OkayToCloseProcedure' : [ 0x4c, ['pointer', ['void']]],
+} ],
+  '__unnamed_1f77' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '_SUBSECTION' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'PtesInSubsection' : [ 0xc, ['unsigned long']],
+    'UnusedPtes' : [ 0x10, ['unsigned long']],
+    'GlobalPerSessionHead' : [ 0x10, ['pointer', ['_MM_AVL_TABLE']]],
+    'u' : [ 0x14, ['__unnamed_1f77']],
+    'StartingSector' : [ 0x18, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x1c, ['unsigned long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x8, {
+    'NextExtension' : [ 0x0, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PS_PER_CPU_QUOTA_CACHE_AWARE' : [ 0x40, {
+    'SortedListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'IdleOnlyListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'CycleBaseAllowance' : [ 0x10, ['unsigned long long']],
+    'CyclesRemaining' : [ 0x18, ['long long']],
+    'CurrentGeneration' : [ 0x20, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x14, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'StackLimit' : [ 0x4, ['unsigned long']],
+    'KernelStack' : [ 0x8, ['unsigned long']],
+    'InitialStack' : [ 0xc, ['unsigned long']],
+    'ActualLimit' : [ 0x10, ['unsigned long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Parameter' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x24, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x28, ['unsigned long']],
+    'Alternatives' : [ 0x2c, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x30, ['unsigned short']],
+    'RangeAttributes' : [ 0x32, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x33, ['unsigned char']],
+    'WorkSpace' : [ 0x34, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMWSLENTRY' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_INTERLOCK_SEQ' : [ 0x8, {
+    'Depth' : [ 0x0, ['unsigned short']],
+    'FreeEntryOffset' : [ 0x2, ['unsigned short']],
+    'OffsetAndDepth' : [ 0x0, ['unsigned long']],
+    'Sequence' : [ 0x4, ['unsigned long']],
+    'Exchg' : [ 0x0, ['long long']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_VPB' : [ 0x58, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'VolumeLabel' : [ 0x18, ['array', 32, ['wchar']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x10, {
+    'ClientToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x8, ['pointer', ['void']]],
+    'ProcessAuditId' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_KiIoAccessMap' : [ 0x2024, {
+    'DirectionMap' : [ 0x0, ['array', 32, ['unsigned char']]],
+    'IoMap' : [ 0x20, ['array', 8196, ['unsigned char']]],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x40, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0xc, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x1c, ['unsigned long']],
+    'AccessBufferList' : [ 0x20, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x28, ['long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x30, ['long']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_POP_SYSTEM_IDLE' : [ 0x38, {
+    'AverageIdleness' : [ 0x0, ['long']],
+    'LowestIdleness' : [ 0x4, ['long']],
+    'Time' : [ 0x8, ['unsigned long']],
+    'Timeout' : [ 0xc, ['unsigned long']],
+    'LastUserInput' : [ 0x10, ['unsigned long']],
+    'Action' : [ 0x14, ['POWER_ACTION_POLICY']],
+    'MinState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SystemRequired' : [ 0x24, ['unsigned char']],
+    'IdleWorker' : [ 0x25, ['unsigned char']],
+    'Sampling' : [ 0x26, ['unsigned char']],
+    'LastTick' : [ 0x28, ['unsigned long long']],
+    'LastSystemRequiredTime' : [ 0x30, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0xc, {
+    'SharedExportThunks' : [ 0x0, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x4, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x8, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x18, {
+    'SourceProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x4, ['pointer', ['void']]],
+    'Object' : [ 0x8, ['pointer', ['void']]],
+    'TargetAccess' : [ 0xc, ['unsigned long']],
+    'ObjectInfo' : [ 0x10, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SubsectionAddressLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 10, native_type='unsigned long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SubsectionAddressHigh' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x10, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x4, ['pointer', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x8, ['long']],
+    'MissedMappingsCount' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1fd8' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1fda' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1fdc' : [ 0xc, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1fde' : [ 0xc, {
+    'Raw' : [ 0x0, ['__unnamed_1fdc']],
+    'Translated' : [ 0x0, ['__unnamed_1fda']],
+} ],
+  '__unnamed_1fe0' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1fe2' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1fe4' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1fe6' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1fe8' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1fea' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1fec' : [ 0xc, {
+    'Generic' : [ 0x0, ['__unnamed_1fd8']],
+    'Port' : [ 0x0, ['__unnamed_1fd8']],
+    'Interrupt' : [ 0x0, ['__unnamed_1fda']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_1fde']],
+    'Memory' : [ 0x0, ['__unnamed_1fd8']],
+    'Dma' : [ 0x0, ['__unnamed_1fe0']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_1ec2']],
+    'BusNumber' : [ 0x0, ['__unnamed_1fe2']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_1fe4']],
+    'Memory40' : [ 0x0, ['__unnamed_1fe6']],
+    'Memory48' : [ 0x0, ['__unnamed_1fe8']],
+    'Memory64' : [ 0x0, ['__unnamed_1fea']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_1fec']],
+} ],
+  '__unnamed_1ff1' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_1ff1']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x4, {
+    'ReserveDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_1ffb' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x54, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x4, ['__unnamed_1ffb']],
+} ],
+}

From 759691b99f0ad2577e46e963bce7a8d4d18bd593 Mon Sep 17 00:00:00 2001
From: "Nick L. Petroni, Jr" <npetroni@volexity.com>
Date: Fri, 16 Sep 2016 23:33:06 -0400
Subject: [PATCH 034/304] win8: added recent profile. Fixes hivelist.

---
 volatility/plugins/overlays/windows/win8.py   |    13 +
 .../windows/win8_sp1_x64_54B5A1C6_vtypes.py   | 11259 ++++++++++++++++
 2 files changed, 11272 insertions(+)
 create mode 100644 volatility/plugins/overlays/windows/win8_sp1_x64_54B5A1C6_vtypes.py

diff --git a/volatility/plugins/overlays/windows/win8.py b/volatility/plugins/overlays/windows/win8.py
index 9e13be737..a2171a544 100644
--- a/volatility/plugins/overlays/windows/win8.py
+++ b/volatility/plugins/overlays/windows/win8.py
@@ -422,6 +422,15 @@ class Win8SP1x64(obj.Profile):
     _md_build = 9600
     _md_vtype_module = 'volatility.plugins.overlays.windows.win8_sp1_x64_vtypes'
 
+class Win8SP1x64_54B5A1C6(obj.Profile):
+    """ A Profile for Windows 8.1 x64 from PDB 54B5A1C6"""
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 3
+    _md_build = 9600
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win8_sp1_x64_54B5A1C6_vtypes'
+
 class Win2012x64(Win8SP0x64):
     """ A Profile for Windows Server 2012 x64 """
     _md_build = 9201 ##FIXME: fake build number to indicate server 2012 vs windows 8
@@ -430,6 +439,10 @@ class Win2012R2x64(Win8SP1x64):
     """ A Profile for Windows Server 2012 R2 x64 """
     _md_build = 9601 ##FIXME: fake build number to indicate server 2012 R2 vs windows 8.1
 
+class Win2012R2x64_54B5A1C6(Win8SP1x64_54B5A1C6):
+    """ A Profile for Windows Server 2012 R2 x64 from PDB 54B5A1C6"""
+    _md_build = 9601 ##FIXME: fake build number to indicate server 2012 R2 vs windows 8.1
+
 class Win8SP0x86(obj.Profile):
     """ A Profile for Windows 8 x86 """
     _md_memory_model = '32bit'
diff --git a/volatility/plugins/overlays/windows/win8_sp1_x64_54B5A1C6_vtypes.py b/volatility/plugins/overlays/windows/win8_sp1_x64_54B5A1C6_vtypes.py
new file mode 100644
index 000000000..91aaab42b
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win8_sp1_x64_54B5A1C6_vtypes.py
@@ -0,0 +1,11259 @@
+ntkrnlmp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x5f0, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'Reserved2' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'AltArchitecturePad' : [ 0x2c4, ['array', 1, ['unsigned long']]],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'Reserved12' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCallPad' : [ 0x308, ['array', 3, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrement32' : [ 0x368, ['unsigned long']],
+    'QpcInterruptTimeIncrement32' : [ 0x36c, ['unsigned long']],
+    'QpcSystemTimeIncrementShift' : [ 0x370, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x371, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x372, ['unsigned short']],
+    'Reserved8' : [ 0x374, ['array', 12, ['unsigned char']]],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_107f' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_107f']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1083' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1083']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_109b' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_109d' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_109b']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_109d']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1820, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'SystemReserved1' : [ 0x110, ['array', 54, ['pointer64', ['void']]]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'SpareBytes' : [ 0x2d0, ['array', 24, ['unsigned char']]],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'Padding1' : [ 0x2ec, ['array', 4, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'SpareUlong0' : [ 0x180c, ['unsigned long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0x18, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned short']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x5f00, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x5d80, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PrcbPad00' : [ 0x23, ['array', 1, ['unsigned char']]],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'ProcessorState' : [ 0x40, ['_KPROCESSOR_STATE']],
+    'CpuType' : [ 0x5f0, ['unsigned char']],
+    'CpuID' : [ 0x5f1, ['unsigned char']],
+    'CpuStep' : [ 0x5f2, ['unsigned short']],
+    'CpuStepping' : [ 0x5f2, ['unsigned char']],
+    'CpuModel' : [ 0x5f3, ['unsigned char']],
+    'MHz' : [ 0x5f4, ['unsigned long']],
+    'HalReserved' : [ 0x5f8, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x638, ['unsigned short']],
+    'MajorVersion' : [ 0x63a, ['unsigned short']],
+    'BuildType' : [ 0x63c, ['unsigned char']],
+    'CpuVendor' : [ 0x63d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x63e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x63f, ['unsigned char']],
+    'ParentNode' : [ 0x640, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0x648, ['unsigned long long']],
+    'Group' : [ 0x650, ['unsigned char']],
+    'GroupIndex' : [ 0x651, ['unsigned char']],
+    'PrcbPad05' : [ 0x652, ['array', 2, ['unsigned char']]],
+    'ApicMask' : [ 0x654, ['unsigned long']],
+    'CFlushSize' : [ 0x658, ['unsigned long']],
+    'AcpiReserved' : [ 0x660, ['pointer64', ['void']]],
+    'InitialApicId' : [ 0x668, ['unsigned long']],
+    'LockQueue' : [ 0x670, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x780, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x880, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0x1480, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x2080, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PrcbPad20' : [ 0x2c80, ['unsigned long long']],
+    'DeferredReadyListHead' : [ 0x2c88, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2c90, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2c94, ['long']],
+    'MmTransitionCount' : [ 0x2c98, ['long']],
+    'MmDemandZeroCount' : [ 0x2c9c, ['long']],
+    'MmPageReadCount' : [ 0x2ca0, ['long']],
+    'MmPageReadIoCount' : [ 0x2ca4, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x2ca8, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x2cac, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x2cb0, ['long']],
+    'MmMappedWriteIoCount' : [ 0x2cb4, ['long']],
+    'KeSystemCalls' : [ 0x2cb8, ['unsigned long']],
+    'KeContextSwitches' : [ 0x2cbc, ['unsigned long']],
+    'LdtSelector' : [ 0x2cc0, ['unsigned short']],
+    'PrcbPad40' : [ 0x2cc2, ['unsigned short']],
+    'CcFastReadNoWait' : [ 0x2cc4, ['unsigned long']],
+    'CcFastReadWait' : [ 0x2cc8, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x2ccc, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x2cd0, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x2cd4, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x2cd8, ['unsigned long']],
+    'IoReadOperationCount' : [ 0x2cdc, ['long']],
+    'IoWriteOperationCount' : [ 0x2ce0, ['long']],
+    'IoOtherOperationCount' : [ 0x2ce4, ['long']],
+    'IoReadTransferCount' : [ 0x2ce8, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x2cf0, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x2cf8, ['_LARGE_INTEGER']],
+    'PacketBarrier' : [ 0x2d00, ['long']],
+    'TargetCount' : [ 0x2d04, ['long']],
+    'IpiFrozen' : [ 0x2d08, ['unsigned long']],
+    'IsrDpcStats' : [ 0x2d10, ['pointer64', ['void']]],
+    'DeviceInterrupts' : [ 0x2d18, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x2d1c, ['long']],
+    'InterruptLastCount' : [ 0x2d20, ['unsigned long']],
+    'InterruptRate' : [ 0x2d24, ['unsigned long']],
+    'PrcbPad41' : [ 0x2d28, ['array', 22, ['unsigned long']]],
+    'DpcData' : [ 0x2d80, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2dd0, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2dd8, ['long']],
+    'DpcRequestRate' : [ 0x2ddc, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x2de0, ['unsigned long']],
+    'DpcLastCount' : [ 0x2de4, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x2de8, ['unsigned char']],
+    'QuantumEnd' : [ 0x2de9, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x2dea, ['unsigned char']],
+    'IdleSchedule' : [ 0x2deb, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x2dec, ['long']],
+    'DpcRequestSlot' : [ 0x2dec, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x2dec, ['short']],
+    'ThreadDpcState' : [ 0x2dee, ['short']],
+    'DpcNormalProcessingActive' : [ 0x2dec, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x2dec, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x2dec, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x2dec, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x2dec, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x2dec, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x2dec, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x2dec, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x2dec, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x2dec, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2df0, ['unsigned long']],
+    'LastTick' : [ 0x2df4, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2df8, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2dfc, ['unsigned long']],
+    'TimerTable' : [ 0x2e00, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x5000, ['_KGATE']],
+    'PrcbPad52' : [ 0x5018, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x5020, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x5060, ['long']],
+    'PrcbPad60' : [ 0x5064, ['array', 2, ['unsigned char']]],
+    'NmiActive' : [ 0x5066, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x5068, ['long']],
+    'DpcWatchdogCount' : [ 0x506c, ['long']],
+    'KeSpinLockOrdering' : [ 0x5070, ['long']],
+    'PrcbPad70' : [ 0x5074, ['array', 1, ['unsigned long']]],
+    'CachedPtes' : [ 0x5078, ['pointer64', ['void']]],
+    'WaitListHead' : [ 0x5080, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x5090, ['unsigned long long']],
+    'ReadySummary' : [ 0x5098, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x509c, ['long']],
+    'QueueIndex' : [ 0x50a0, ['unsigned long']],
+    'PrcbPad75' : [ 0x50a4, ['array', 3, ['unsigned long']]],
+    'TimerExpirationDpc' : [ 0x50b0, ['_KDPC']],
+    'ScbQueue' : [ 0x50f0, ['_RTL_RB_TREE']],
+    'DispatcherReadyListHead' : [ 0x5100, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x5300, ['unsigned long']],
+    'KernelTime' : [ 0x5304, ['unsigned long']],
+    'UserTime' : [ 0x5308, ['unsigned long']],
+    'DpcTime' : [ 0x530c, ['unsigned long']],
+    'InterruptTime' : [ 0x5310, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x5314, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x5318, ['unsigned char']],
+    'GroupSchedulingOverQuota' : [ 0x5319, ['unsigned char']],
+    'DeepSleep' : [ 0x531a, ['unsigned char']],
+    'PrcbPad80' : [ 0x531b, ['array', 1, ['unsigned char']]],
+    'ScbOffset' : [ 0x531c, ['unsigned long']],
+    'DpcTimeCount' : [ 0x5320, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x5324, ['unsigned long']],
+    'PeriodicCount' : [ 0x5328, ['unsigned long']],
+    'PeriodicBias' : [ 0x532c, ['unsigned long']],
+    'AvailableTime' : [ 0x5330, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x5334, ['unsigned long']],
+    'StartCycles' : [ 0x5338, ['unsigned long long']],
+    'GenerationTarget' : [ 0x5340, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x5348, ['unsigned long long']],
+    'PrcbPad81' : [ 0x5350, ['array', 2, ['unsigned long long']]],
+    'MmSpinLockOrdering' : [ 0x5360, ['long']],
+    'PageColor' : [ 0x5364, ['unsigned long']],
+    'NodeColor' : [ 0x5368, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x536c, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x5370, ['unsigned long']],
+    'PrcbPad83' : [ 0x5374, ['unsigned long']],
+    'CycleTime' : [ 0x5378, ['unsigned long long']],
+    'CcFastMdlReadNoWait' : [ 0x5380, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x5384, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x5388, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x538c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x5390, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x5394, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x5398, ['unsigned long']],
+    'CcPinReadWait' : [ 0x539c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x53a0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x53a4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x53a8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x53ac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x53b0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x53b4, ['unsigned long']],
+    'CcDataPages' : [ 0x53b8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x53bc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x53c0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x53c4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x53c8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x53cc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x53d0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x53d4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x53d8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x53dc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x53e0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x53e4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x53e8, ['long']],
+    'MmCacheReadCount' : [ 0x53ec, ['long']],
+    'MmCacheIoCount' : [ 0x53f0, ['long']],
+    'PrcbPad91' : [ 0x53f4, ['array', 3, ['unsigned long']]],
+    'PowerState' : [ 0x5400, ['_PROCESSOR_POWER_STATE']],
+    'ScbList' : [ 0x55e0, ['_LIST_ENTRY']],
+    'PrcbPad92' : [ 0x55f0, ['array', 19, ['unsigned long']]],
+    'KeAlignmentFixupCount' : [ 0x563c, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x5640, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x5680, ['_KTIMER']],
+    'Cache' : [ 0x56c0, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x56fc, ['unsigned long']],
+    'CachedCommit' : [ 0x5700, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x5704, ['unsigned long']],
+    'HyperPte' : [ 0x5708, ['pointer64', ['void']]],
+    'WheaInfo' : [ 0x5710, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x5718, ['pointer64', ['void']]],
+    'InterruptObjectPool' : [ 0x5720, ['_SLIST_HEADER']],
+    'HypercallPageList' : [ 0x5730, ['_SLIST_HEADER']],
+    'HypercallPageVirtual' : [ 0x5740, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x5748, ['pointer64', ['void']]],
+    'StatisticsPage' : [ 0x5750, ['pointer64', ['unsigned long long']]],
+    'PackageProcessorSet' : [ 0x5758, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x5800, ['unsigned long long']],
+    'SharedReadyQueue' : [ 0x5808, ['pointer64', ['_KSHARED_READY_QUEUE']]],
+    'CoreProcessorSet' : [ 0x5810, ['unsigned long long']],
+    'ScanSiblingMask' : [ 0x5818, ['unsigned long long']],
+    'LLCMask' : [ 0x5820, ['unsigned long long']],
+    'CacheProcessorMask' : [ 0x5828, ['array', 5, ['unsigned long long']]],
+    'ScanSiblingIndex' : [ 0x5850, ['unsigned long']],
+    'SharedReadyQueueOffset' : [ 0x5854, ['unsigned long']],
+    'ProcessorProfileControlArea' : [ 0x5858, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x5860, ['pointer64', ['void']]],
+    'PrcbPad94' : [ 0x5868, ['array', 3, ['unsigned long long']]],
+    'SynchCounters' : [ 0x5880, ['_SYNCH_COUNTERS']],
+    'PteBitCache' : [ 0x5938, ['unsigned long long']],
+    'PteBitOffset' : [ 0x5940, ['unsigned long']],
+    'FsCounters' : [ 0x5948, ['_FILESYSTEM_DISK_COUNTERS']],
+    'VendorString' : [ 0x5958, ['array', 13, ['unsigned char']]],
+    'PrcbPad10' : [ 0x5965, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x5968, ['unsigned long long']],
+    'PrcbPad11' : [ 0x5970, ['unsigned long']],
+    'UpdateSignature' : [ 0x5978, ['_LARGE_INTEGER']],
+    'Context' : [ 0x5980, ['pointer64', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x5988, ['unsigned long']],
+    'ExtendedState' : [ 0x5990, ['pointer64', ['_XSAVE_AREA']]],
+    'IsrStack' : [ 0x5998, ['pointer64', ['void']]],
+    'EntropyTimingState' : [ 0x59a0, ['_KENTROPY_TIMING_STATE']],
+    'AbSelfIoBoostsList' : [ 0x5af0, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x5af8, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x5b00, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x5b40, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x5b94, ['_IOP_IRP_STACK_PROFILER']],
+    'TimerExpirationTrace' : [ 0x5be8, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x5ce8, ['unsigned long']],
+    'Mailbox' : [ 0x5d00, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestMailbox' : [ 0x5d40, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KFLOATING_SAVE' : [ 0x4, {
+    'Dummy' : [ 0x0, ['unsigned long']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_KTHREAD' : [ 0x5d0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'StackBase' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'CycleTime' : [ 0x48, ['unsigned long long']],
+    'CurrentRunTime' : [ 0x50, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
+    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
+    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x71, ['unsigned char']],
+    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
+    'SpareMiscFlag0' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ApcPendingReload' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x74, ['long']],
+    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UserAffinitySet' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x78, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x78, ['long']],
+    'Spare0' : [ 0x7c, ['unsigned long']],
+    'SystemCallNumber' : [ 0x80, ['unsigned long']],
+    'Spare1' : [ 0x84, ['unsigned long']],
+    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
+    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x98, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0xc3, ['unsigned char']],
+    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
+    'WaitStatus' : [ 0xc8, ['long long']],
+    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xf0, ['pointer64', ['void']]],
+    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
+    'Timer' : [ 0x100, ['_KTIMER']],
+    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
+    'ContextSwitches' : [ 0x154, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
+    'State' : [ 0x184, ['unsigned char']],
+    'NpxState' : [ 0x185, ['unsigned char']],
+    'WaitIrql' : [ 0x186, ['unsigned char']],
+    'WaitMode' : [ 0x187, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
+    'WaitTime' : [ 0x1b4, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1e4, ['short']],
+    'SpecialApcDisable' : [ 0x1e6, ['short']],
+    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
+    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
+    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
+    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
+    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
+    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
+    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'TebMappedLowVa' : [ 0x200, ['pointer64', ['void']]],
+    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x218, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x21c, ['long']],
+    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
+    'PreviousMode' : [ 0x232, ['unsigned char']],
+    'BasePriority' : [ 0x233, ['unsigned char']],
+    'PriorityDecrement' : [ 0x234, ['unsigned char']],
+    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x235, ['unsigned char']],
+    'AdjustReason' : [ 0x236, ['unsigned char']],
+    'AdjustIncrement' : [ 0x237, ['unsigned char']],
+    'Affinity' : [ 0x238, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x238, ['array', 10, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x242, ['unsigned char']],
+    'WaitBlockCount' : [ 0x243, ['unsigned char']],
+    'IdealProcessor' : [ 0x244, ['unsigned long']],
+    'ApcStatePointer' : [ 0x248, ['array', 2, ['pointer64', ['_KAPC_STATE']]]],
+    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x283, ['unsigned char']],
+    'SuspendCount' : [ 0x284, ['unsigned char']],
+    'Saturation' : [ 0x285, ['unsigned char']],
+    'SListFaultCount' : [ 0x286, ['unsigned short']],
+    'SchedulerApc' : [ 0x288, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x289, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x28b, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x28c, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
+    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
+    'UserTime' : [ 0x2dc, ['unsigned long']],
+    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'LockEntriesFreeList' : [ 0x318, ['_SINGLE_LIST_ENTRY']],
+    'LockEntries' : [ 0x320, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x568, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x570, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x580, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x584, ['long']],
+    'AbReferenceCount' : [ 0x588, ['short']],
+    'AbFreeEntryCount' : [ 0x58a, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x58b, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x58c, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x590, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x590, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x598, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x5a0, ['long long']],
+    'WriteOperationCount' : [ 0x5a8, ['long long']],
+    'OtherOperationCount' : [ 0x5b0, ['long long']],
+    'ReadTransferCount' : [ 0x5b8, ['long long']],
+    'WriteTransferCount' : [ 0x5c0, ['long long']],
+    'OtherTransferCount' : [ 0x5c8, ['long long']],
+} ],
+  '_KSTACK_CONTROL' : [ 0x30, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'ActualLimit' : [ 0x8, ['unsigned long long']],
+    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_1232' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'HeaderX64' : [ 0x0, ['__unnamed_1232']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0xc0, {
+    'DeepIdleSet' : [ 0x0, ['unsigned long long']],
+    'SharedReadyQueueLeaders' : [ 0x8, ['unsigned long long']],
+    'ProximityId' : [ 0x40, ['unsigned long']],
+    'NodeNumber' : [ 0x44, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x46, ['unsigned short']],
+    'MaximumProcessors' : [ 0x48, ['unsigned char']],
+    'Flags' : [ 0x49, ['_flags']],
+    'Stride' : [ 0x4a, ['unsigned char']],
+    'LowIndex' : [ 0x4b, ['unsigned char']],
+    'Affinity' : [ 0x50, ['_GROUP_AFFINITY']],
+    'IdleCpuSet' : [ 0x60, ['unsigned long long']],
+    'IdleSmtSet' : [ 0x68, ['unsigned long long']],
+    'NonParkedSet' : [ 0x80, ['unsigned long long']],
+    'Seed' : [ 0x88, ['unsigned long']],
+    'Lowest' : [ 0x8c, ['unsigned long']],
+    'Highest' : [ 0x90, ['unsigned long']],
+    'ParkLock' : [ 0x94, ['long']],
+} ],
+  '_ENODE' : [ 0x500, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'ExWorkQueues' : [ 0xc0, ['array', 8, ['pointer64', ['_EX_WORK_QUEUE']]]],
+    'ExWorkQueue' : [ 0x100, ['_EX_WORK_QUEUE']],
+    'ExpThreadSetManagerEvent' : [ 0x3d0, ['_KEVENT']],
+    'ExpDeadlockTimer' : [ 0x3e8, ['_KTIMER']],
+    'ExpThreadReaperEvent' : [ 0x428, ['_KEVENT']],
+    'WaitBlocks' : [ 0x440, ['array', 3, ['_KWAIT_BLOCK']]],
+    'ExpWorkerThreadBalanceManagerPtr' : [ 0x4d0, ['pointer64', ['_ETHREAD']]],
+    'ExpWorkerSeed' : [ 0x4d8, ['unsigned long']],
+    'ExWorkerFullInit' : [ 0x4dc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerStructInit' : [ 0x4dc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExWorkerFlags' : [ 0x4dc, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long long']],
+    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
+    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x4, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'VolatileLowValue' : [ 0x0, ['long long']],
+    'LowValue' : [ 0x0, ['long long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
+    'HighValue' : [ 0x8, ['long long']],
+    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
+    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+    'TypeInfo' : [ 0xc, ['unsigned long']],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1329' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_1329']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xe0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
+} ],
+  '_ETHREAD' : [ 0x778, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x5d0, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x5d8, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x5d8, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x5e8, ['pointer64', ['void']]],
+    'PostBlockList' : [ 0x5f0, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x5f0, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x5f8, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x600, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x600, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x600, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x608, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x610, ['_LIST_ENTRY']],
+    'Cid' : [ 0x620, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x630, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x630, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x650, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x658, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x668, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x670, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x678, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x680, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x688, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x698, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x6a0, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x6a8, ['unsigned long']],
+    'MmLockOrdering' : [ 0x6ac, ['long']],
+    'CmLockOrdering' : [ 0x6b0, ['long']],
+    'CrossThreadFlags' : [ 0x6b4, ['unsigned long']],
+    'Terminated' : [ 0x6b4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x6b4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x6b4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x6b4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x6b4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x6b4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x6b4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x6b4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x6b4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x6b4, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x6b4, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x6b4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x6b4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x6b4, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x6b8, ['unsigned long']],
+    'ActiveExWorker' : [ 0x6b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x6b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x6b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x6b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x6b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x6bc, ['unsigned long']],
+    'HardFaultBehavior' : [ 0x6bc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x6bc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x6bc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'OwnsProcessWorkingSetExclusive' : [ 0x6bc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'OwnsProcessWorkingSetShared' : [ 0x6bc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsSystemCacheWorkingSetExclusive' : [ 0x6bc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsSystemCacheWorkingSetShared' : [ 0x6bc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsSessionWorkingSetExclusive' : [ 0x6bc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'OwnsSessionWorkingSetShared' : [ 0x6bd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x6bd, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x6bd, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x6bd, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Prefetching' : [ 0x6bd, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x6bd, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsChangeControlAreaExclusive' : [ 0x6bd, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsChangeControlAreaShared' : [ 0x6bd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'OwnsPagedPoolWorkingSetExclusive' : [ 0x6be, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsPagedPoolWorkingSetShared' : [ 0x6be, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'OwnsSystemPtesWorkingSetExclusive' : [ 0x6be, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'OwnsSystemPtesWorkingSetShared' : [ 0x6be, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'TrimTrigger' : [ 0x6be, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Spare2' : [ 0x6be, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x6bf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x6bf, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'Spare3' : [ 0x6bf, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x6c0, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x6c1, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x6c2, ['unsigned char']],
+    'LockOrderState' : [ 0x6c3, ['unsigned char']],
+    'AlpcMessageId' : [ 0x6c8, ['unsigned long long']],
+    'AlpcMessage' : [ 0x6d0, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x6d0, ['unsigned long']],
+    'ExitStatus' : [ 0x6d8, ['long']],
+    'AlpcWaitListEntry' : [ 0x6e0, ['_LIST_ENTRY']],
+    'CacheManagerCount' : [ 0x6f0, ['unsigned long']],
+    'IoBoostCount' : [ 0x6f4, ['unsigned long']],
+    'BoostList' : [ 0x6f8, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x708, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x718, ['unsigned long long']],
+    'IrpListLock' : [ 0x720, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x728, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x730, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x738, ['pointer64', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x740, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x748, ['pointer64', ['void']]],
+    'KernelStackReference' : [ 0x750, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x758, ['pointer64', ['void']]],
+    'UserFsBase' : [ 0x760, ['unsigned long']],
+    'UserGsBase' : [ 0x768, ['unsigned long long']],
+    'PicoContext' : [ 0x770, ['pointer64', ['void']]],
+} ],
+  '_EPROCESS' : [ 0x6f0, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x2c8, ['_EX_PUSH_LOCK']],
+    'CreateTime' : [ 0x2d0, ['_LARGE_INTEGER']],
+    'RundownProtect' : [ 0x2d8, ['_EX_RUNDOWN_REF']],
+    'UniqueProcessId' : [ 0x2e0, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x2e8, ['_LIST_ENTRY']],
+    'Flags2' : [ 0x2f8, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x2f8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x2f8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x2f8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x2f8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x2f8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x2f8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0x2f8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x2f8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x2f8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x2f8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x2f8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0x2f8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x2f8, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x2f8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x2f8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x2f8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x2f8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x2f8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x2f8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x2f8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0x2f8, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x2f8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x2f8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x2f8, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x2f8, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0x2f8, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0x2f8, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x2f8, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x2fc, ['unsigned long']],
+    'CreateReported' : [ 0x2fc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x2fc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x2fc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x2fc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ControlFlowGuardEnabled' : [ 0x2fc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x2fc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x2fc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x2fc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ForkFailed' : [ 0x2fc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x2fc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x2fc, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x2fc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x2fc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x2fc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x2fc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x2fc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x2fc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x2fc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x2fc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0x2fc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x2fc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x2fc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x2fc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x2fc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0x2fc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x2fc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x2fc, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x2fc, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x2fc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ProcessQuotaUsage' : [ 0x300, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'PeakVirtualSize' : [ 0x320, ['unsigned long long']],
+    'VirtualSize' : [ 0x328, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x330, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x340, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x340, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x340, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Token' : [ 0x348, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0x350, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x358, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x360, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x368, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x370, ['pointer64', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x378, ['pointer64', ['_EJOB']]],
+    'CloneRoot' : [ 0x380, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x388, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x390, ['unsigned long long']],
+    'Win32Process' : [ 0x398, ['pointer64', ['void']]],
+    'Job' : [ 0x3a0, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x3a8, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x3b0, ['pointer64', ['void']]],
+    'Cookie' : [ 0x3b8, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x3c0, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x3c8, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x3d0, ['pointer64', ['void']]],
+    'LdtInformation' : [ 0x3d8, ['pointer64', ['void']]],
+    'OwnerProcessId' : [ 0x3e0, ['unsigned long long']],
+    'Peb' : [ 0x3e8, ['pointer64', ['_PEB']]],
+    'Session' : [ 0x3f0, ['pointer64', ['void']]],
+    'AweInfo' : [ 0x3f8, ['pointer64', ['void']]],
+    'QuotaBlock' : [ 0x400, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x408, ['pointer64', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x410, ['pointer64', ['void']]],
+    'Wow64Process' : [ 0x418, ['pointer64', ['void']]],
+    'DeviceMap' : [ 0x420, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x428, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x430, ['unsigned long long']],
+    'ImageFileName' : [ 0x438, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x447, ['unsigned char']],
+    'SecurityPort' : [ 0x448, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x450, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x458, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x468, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x470, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x480, ['unsigned long']],
+    'ImagePathHash' : [ 0x484, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x488, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x48c, ['long']],
+    'PrefetchTrace' : [ 0x490, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x498, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x4a0, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x4a8, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x4b0, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x4b8, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x4c0, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x4c8, ['_LARGE_INTEGER']],
+    'CommitCharge' : [ 0x4d0, ['unsigned long long']],
+    'Vm' : [ 0x4d8, ['_MMSUPPORT']],
+    'MmProcessLinks' : [ 0x5c0, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x5d0, ['unsigned long']],
+    'ExitStatus' : [ 0x5d4, ['long']],
+    'VadRoot' : [ 0x5d8, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x5e0, ['pointer64', ['void']]],
+    'VadCount' : [ 0x5e8, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x5f0, ['unsigned long long']],
+    'VadPhysicalPagesLimit' : [ 0x5f8, ['unsigned long long']],
+    'AlpcContext' : [ 0x600, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x620, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x630, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x638, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x63c, ['unsigned long']],
+    'ExitTime' : [ 0x640, ['_LARGE_INTEGER']],
+    'InvertedFunctionTable' : [ 0x648, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
+    'InvertedFunctionTableLock' : [ 0x650, ['_EX_PUSH_LOCK']],
+    'ActiveThreadsHighWatermark' : [ 0x658, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x65c, ['unsigned long']],
+    'ThreadListLock' : [ 0x660, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x668, ['pointer64', ['void']]],
+    'Spare0' : [ 0x670, ['unsigned long long']],
+    'SignatureLevel' : [ 0x678, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x679, ['unsigned char']],
+    'Protection' : [ 0x67a, ['_PS_PROTECTION']],
+    'SpareByte20' : [ 0x67b, ['array', 1, ['unsigned char']]],
+    'Flags3' : [ 0x67c, ['unsigned long']],
+    'Minimal' : [ 0x67c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SvmReserved' : [ 0x680, ['long']],
+    'SvmReserved1' : [ 0x688, ['pointer64', ['void']]],
+    'SvmReserved2' : [ 0x690, ['unsigned long long']],
+    'LastFreezeInterruptTime' : [ 0x698, ['unsigned long long']],
+    'DiskCounters' : [ 0x6a0, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x6a8, ['pointer64', ['void']]],
+    'KeepAliveCounter' : [ 0x6b0, ['unsigned long']],
+    'NoWakeKeepAliveCounter' : [ 0x6b4, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x6b8, ['unsigned long long']],
+    'CommitChargeLimit' : [ 0x6c0, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x6c8, ['unsigned long long']],
+    'HighPriorityFaultsAllowed' : [ 0x6d0, ['unsigned long']],
+    'SequenceNumber' : [ 0x6d8, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x6e0, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x6e8, ['unsigned long long']],
+} ],
+  '_KPROCESS' : [ 0x2c8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long']],
+    'Spare0' : [ 0x44, ['unsigned long']],
+    'Affinity' : [ 0x48, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0xf0, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x108, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x1b0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x1b0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x1b0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'AffinitySet' : [ 0x1b0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='long')]],
+    'DeepFreeze' : [ 0x1b0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x1b0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x1b0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x1b0, ['BitField', dict(start_bit = 7, end_bit = 27, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x1b0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x1b0, ['long']],
+    'BasePriority' : [ 0x1b4, ['unsigned char']],
+    'QuantumReset' : [ 0x1b5, ['unsigned char']],
+    'Visited' : [ 0x1b6, ['unsigned char']],
+    'Flags' : [ 0x1b7, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x1b8, ['array', 20, ['unsigned long']]],
+    'IdealNode' : [ 0x208, ['array', 20, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x230, ['unsigned short']],
+    'Spare1' : [ 0x232, ['unsigned short']],
+    'StackCount' : [ 0x234, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x238, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x248, ['unsigned long long']],
+    'ContextSwitches' : [ 0x250, ['unsigned long long']],
+    'SchedulingGroup' : [ 0x258, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'FreezeCount' : [ 0x260, ['unsigned long']],
+    'KernelTime' : [ 0x264, ['unsigned long']],
+    'UserTime' : [ 0x268, ['unsigned long']],
+    'LdtFreeSelectorHint' : [ 0x26c, ['unsigned short']],
+    'LdtTableLength' : [ 0x26e, ['unsigned short']],
+    'LdtSystemDescriptor' : [ 0x270, ['_KGDTENTRY64']],
+    'LdtBaseAddress' : [ 0x280, ['pointer64', ['void']]],
+    'LdtProcessLock' : [ 0x288, ['_FAST_MUTEX']],
+    'InstrumentationCallback' : [ 0x2c0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1381' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1387' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1389' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_1387']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1394' : [ 0x58, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1396' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_1394']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_1381']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_1389']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_1396']],
+} ],
+  '__unnamed_139d' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13a1' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13a5' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13a7' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13ab' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13ad' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_13af' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13b1' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13b3' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13b5' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13b9' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsDataCopyInformation', 13: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13bb' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13bd' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13bf' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13c1' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_13c3' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13c7' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_13cb' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_13cf' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13d3' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_13d7' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13db' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_13df' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_13e1' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13e3' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_13e7' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_13eb' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_13ef' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_13f3' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_13f7' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_13ff' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+} ],
+  '__unnamed_1403' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1405' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1407' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1409' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_139d']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13a1']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13a5']],
+    'Read' : [ 0x0, ['__unnamed_13a7']],
+    'Write' : [ 0x0, ['__unnamed_13a7']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13ab']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13ad']],
+    'QueryFile' : [ 0x0, ['__unnamed_13af']],
+    'SetFile' : [ 0x0, ['__unnamed_13b1']],
+    'QueryEa' : [ 0x0, ['__unnamed_13b3']],
+    'SetEa' : [ 0x0, ['__unnamed_13b5']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13b9']],
+    'SetVolume' : [ 0x0, ['__unnamed_13b9']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13bb']],
+    'LockControl' : [ 0x0, ['__unnamed_13bd']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_13bf']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_13c1']],
+    'SetSecurity' : [ 0x0, ['__unnamed_13c3']],
+    'MountVolume' : [ 0x0, ['__unnamed_13c7']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_13c7']],
+    'Scsi' : [ 0x0, ['__unnamed_13cb']],
+    'QueryQuota' : [ 0x0, ['__unnamed_13cf']],
+    'SetQuota' : [ 0x0, ['__unnamed_13b5']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_13d3']],
+    'QueryInterface' : [ 0x0, ['__unnamed_13d7']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_13db']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_13df']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_13e1']],
+    'SetLock' : [ 0x0, ['__unnamed_13e3']],
+    'QueryId' : [ 0x0, ['__unnamed_13e7']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_13eb']],
+    'UsageNotification' : [ 0x0, ['__unnamed_13ef']],
+    'WaitWake' : [ 0x0, ['__unnamed_13f3']],
+    'PowerSequence' : [ 0x0, ['__unnamed_13f7']],
+    'Power' : [ 0x0, ['__unnamed_13ff']],
+    'StartDevice' : [ 0x0, ['__unnamed_1403']],
+    'WMI' : [ 0x0, ['__unnamed_1405']],
+    'Others' : [ 0x0, ['__unnamed_1407']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_1409']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_141f' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_141f']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x20, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x70, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x60, ['pointer64', ['void']]],
+    'UserContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'Oplock' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_15a5' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_15a5']],
+} ],
+  '_EX_PUSH_LOCK_CACHE_AWARE' : [ 0x100, {
+    'Locks' : [ 0x0, ['array', 32, ['pointer64', ['_EX_PUSH_LOCK']]]],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
+    'WaiterPriority' : [ 0x1b, ['unsigned char']],
+    'SharedWaiters' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_15e9' : [ 0x8, {
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
+    'WsIndex' : [ 0x0, ['unsigned long long']],
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer64', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_15ee' : [ 0x8, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'SpareBlink' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'ImageProtoPte' : [ 0x0, ['pointer64', ['_MMPTE']]],
+    'ShareCount' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_15f1' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'VolatileReferenceCount' : [ 0x0, ['short']],
+    'ShortFlags' : [ 0x2, ['unsigned short']],
+    'VolatileShortFlags' : [ 0x2, ['unsigned short']],
+} ],
+  '__unnamed_15f3' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY']],
+    'e2' : [ 0x0, ['__unnamed_15f1']],
+} ],
+  '__unnamed_15fd' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'Channel' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Unused3' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 53, native_type='unsigned long long')]],
+    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'u1' : [ 0x0, ['__unnamed_15e9']],
+    'u2' : [ 0x8, ['__unnamed_15ee']],
+    'PteAddress' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['long']],
+    'PteLong' : [ 0x10, ['unsigned long long']],
+    'u3' : [ 0x18, ['__unnamed_15f3']],
+    'NodeBlinkLow' : [ 0x1c, ['unsigned short']],
+    'Unused' : [ 0x1e, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'VaType' : [ 0x1e, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ViewCount' : [ 0x1f, ['unsigned char']],
+    'NodeFlinkLow' : [ 0x1f, ['unsigned char']],
+    'OriginalPte' : [ 0x20, ['_MMPTE']],
+    'u4' : [ 0x28, ['__unnamed_15fd']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x68, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'MiVaUnused', 1: 'MiVaSessionSpace', 2: 'MiVaProcessSpace', 3: 'MiVaBootLoaded', 4: 'MiVaPfnDatabase', 5: 'MiVaNonPagedPool', 6: 'MiVaPagedPool', 7: 'MiVaSpecialPoolPaged', 8: 'MiVaSystemCache', 9: 'MiVaSystemPtes', 10: 'MiVaHal', 11: 'MiVaSessionGlobalSpace', 12: 'MiVaDriverImages', 13: 'MiVaSpecialPoolNonPaged', 14: 'MiVaMaximumType', 15: 'MiVaSystemPtesLarge'})]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x30, ['unsigned long long']],
+    'GlobalMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'Vm' : [ 0x38, ['pointer64', ['_MMSUPPORT']]],
+    'TotalSystemPtes' : [ 0x40, ['unsigned long long']],
+    'Hint' : [ 0x48, ['unsigned long long']],
+    'CachedPtes' : [ 0x50, ['pointer64', ['_MI_CACHED_PTE']]],
+    'TotalFreeSystemPtes' : [ 0x58, ['unsigned long long']],
+    'CachedPteCount' : [ 0x60, ['long']],
+} ],
+  '__unnamed_161f' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_161f']],
+} ],
+  '_MMWSL' : [ 0x320, {
+    'FirstFree' : [ 0x0, ['unsigned long long']],
+    'FirstDynamic' : [ 0x8, ['unsigned long long']],
+    'LastEntry' : [ 0x10, ['unsigned long long']],
+    'NextSlot' : [ 0x18, ['unsigned long long']],
+    'LastInitializedWsle' : [ 0x20, ['unsigned long long']],
+    'NextAgingSlot' : [ 0x28, ['unsigned long long']],
+    'NextAccessClearingSlot' : [ 0x30, ['unsigned long long']],
+    'LastAccessClearingRemainder' : [ 0x38, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x3c, ['unsigned long']],
+    'WsleSize' : [ 0x40, ['unsigned long']],
+    'NonDirectCount' : [ 0x48, ['unsigned long long']],
+    'LowestPagableAddress' : [ 0x50, ['pointer64', ['void']]],
+    'NonDirectHash' : [ 0x58, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x60, ['pointer64', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x68, ['pointer64', ['_MMWSLE_HASH']]],
+    'ActiveWsleCounts' : [ 0x70, ['array', 16, ['unsigned long long']]],
+    'ActiveWsles' : [ 0xf0, ['array', 16, ['_MI_ACTIVE_WSLE_LISTHEAD']]],
+    'Wsle' : [ 0x1f0, ['pointer64', ['_MMWSLE']]],
+    'UserVaInfo' : [ 0x1f8, ['_MI_USER_VA_INFO']],
+} ],
+  '_MMSUPPORT' : [ 0xe8, {
+    'ExitGate' : [ 0x0, ['pointer64', ['_KGATE']]],
+    'AccessLog' : [ 0x8, ['pointer64', ['void']]],
+    'WorkingSetMutex' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 7, ['unsigned long long']]],
+    'MinimumWorkingSetSize' : [ 0x60, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x68, ['unsigned long long']],
+    'WorkingSetLeafPrivateSize' : [ 0x70, ['unsigned long long']],
+    'WorkingSetSize' : [ 0x78, ['unsigned long long']],
+    'WorkingSetPrivateSize' : [ 0x80, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0x88, ['unsigned long long']],
+    'ChargedWslePages' : [ 0x90, ['unsigned long long']],
+    'ActualWslePages' : [ 0x98, ['unsigned long long']],
+    'WorkingSetSizeOverhead' : [ 0xa0, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0xa8, ['unsigned long long']],
+    'HardFaultCount' : [ 0xb0, ['unsigned long']],
+    'VmWorkingSetList' : [ 0xb8, ['pointer64', ['_MMWSL']]],
+    'NextPageColor' : [ 0xc0, ['unsigned short']],
+    'LastTrimStamp' : [ 0xc2, ['unsigned short']],
+    'PageFaultCount' : [ 0xc4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0xc8, ['unsigned long long']],
+    'ForceTrimPages' : [ 0xd0, ['unsigned long long']],
+    'Flags' : [ 0xd8, ['_MMSUPPORT_FLAGS']],
+    'WsSwapSupport' : [ 0xe0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1639' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_1643' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 28, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_1645' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_1643']],
+} ],
+  '_CONTROL_AREA' : [ 0x78, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_1639']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_1645']],
+    'LockedPages' : [ 0x68, ['unsigned long long']],
+    'FileObjectLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPAGING_FILE' : [ 0xe0, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
+    'LargestReserveCluster' : [ 0x38, ['unsigned long long']],
+    'File' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x48, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x60, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x70, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x80, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x88, ['unsigned long']],
+    'ReservationBitmapHint' : [ 0x8c, ['unsigned long']],
+    'LargestNonReservedClusterSize' : [ 0x90, ['unsigned long']],
+    'RefreshClusterSize' : [ 0x94, ['unsigned long']],
+    'LastRefreshClusterSize' : [ 0x98, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x9c, ['unsigned long']],
+    'ToBeEvictedCount' : [ 0xa0, ['unsigned long']],
+    'HybridPriority' : [ 0xa4, ['unsigned long']],
+    'PageFileNumber' : [ 0xa8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'BootPartition' : [ 0xa8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0xa8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'NoReservations' : [ 0xa8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Spare0' : [ 0xa8, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0xaa, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0xaa, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xab, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0xac, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0xb0, ['unsigned long']],
+    'PageHash' : [ 0xb8, ['pointer64', ['unsigned long']]],
+    'FileHandle' : [ 0xc0, ['pointer64', ['void']]],
+    'Lock' : [ 0xc8, ['unsigned long long']],
+    'LockOwner' : [ 0xd0, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x30, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
+    'EvictStoreBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x60, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '__unnamed_1686' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapForLoaderHive', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpMapHiveImage', 8: '_HvpRecoverData', 9: '_CmpValidateHiveSecurityDescriptors', 10: '_HvpEnlistBinInMap', 11: '_CmCheckRegistry', 12: '_CmRegistryIO', 13: '_CmCheckRegistry2', 14: '_CmpCheckKey', 15: '_CmpCheckValueList', 16: '_HvCheckHive', 17: '_HvCheckBin', 18: '_HvpGetLogEntryDirtyVector', 19: '_HvpReadLogEntryHeader', 20: '_HvpReadLogEntry'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1689' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_168b' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_168f' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1691' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_1695' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_1699' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_169b' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'RecoverableIndex' : [ 0xc, ['unsigned long']],
+    'Locations' : [ 0x10, ['array', 8, ['__unnamed_1686']]],
+    'RecoverableLocations' : [ 0x70, ['array', 8, ['__unnamed_1686']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_1689']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_168b']],
+    'CheckKey' : [ 0xf0, ['__unnamed_168f']],
+    'CheckValueList' : [ 0x110, ['__unnamed_1691']],
+    'CheckHive' : [ 0x128, ['__unnamed_1695']],
+    'CheckHive1' : [ 0x138, ['__unnamed_1695']],
+    'CheckBin' : [ 0x148, ['__unnamed_1699']],
+    'RecoverData' : [ 0x158, ['__unnamed_169b']],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xb8, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'ParkingStatus' : [ 0x78, ['unsigned long']],
+    'CurrentFrequency' : [ 0x7c, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x80, ['unsigned long']],
+    'StateFlags' : [ 0x84, ['unsigned long']],
+    'NominalThroughput' : [ 0x88, ['unsigned long']],
+    'ActiveThroughput' : [ 0x8c, ['unsigned long']],
+    'ScaledThroughput' : [ 0x90, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0x98, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa0, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xa8, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb0, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xb4, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0xc, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+} ],
+  '_CONTEXT32_UPDATE' : [ 0x4, {
+    'NumberEntries' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1705' : [ 0x10, {
+    'ReservedEax' : [ 0x0, ['unsigned long']],
+    'ReservedEbx' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'InitialApicId' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ReservedEcx' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HypervisorPresent' : [ 0x8, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ReservedEdx' : [ 0xc, ['unsigned long']],
+} ],
+  '_HV_CPUID_RESULT' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'VersionAndFeatures' : [ 0x0, ['__unnamed_1705']],
+    'HvVendorAndMaxFunction' : [ 0x0, ['_HV_VENDOR_AND_MAX_FUNCTION']],
+    'HvInterface' : [ 0x0, ['_HV_HYPERVISOR_INTERFACE_INFO']],
+    'MsHvVersion' : [ 0x0, ['_HV_HYPERVISOR_VERSION_INFO']],
+    'MsHvFeatures' : [ 0x0, ['_HV_HYPERVISOR_FEATURES']],
+    'MsHvEnlightenmentInformation' : [ 0x0, ['_HV_ENLIGHTENMENT_INFORMATION']],
+    'MsHvImplementationLimits' : [ 0x0, ['_HV_IMPLEMENTATION_LIMITS']],
+    'MsHvHardwareFeatures' : [ 0x0, ['_HV_HYPERVISOR_HARDWARE_FEATURES']],
+} ],
+  '_HV_VENDOR_AND_MAX_FUNCTION' : [ 0x10, {
+    'MaxFunction' : [ 0x0, ['unsigned long']],
+    'VendorName' : [ 0x4, ['array', 12, ['unsigned char']]],
+} ],
+  '_HV_HYPERVISOR_INTERFACE_INFO' : [ 0x10, {
+    'Interface' : [ 0x0, ['unsigned long']],
+    'ReservedEbx' : [ 0x4, ['unsigned long']],
+    'ReservedEcx' : [ 0x8, ['unsigned long']],
+    'ReservedEdx' : [ 0xc, ['unsigned long']],
+} ],
+  '_HV_HYPERVISOR_VERSION_INFO' : [ 0x10, {
+    'BuildNumber' : [ 0x0, ['unsigned long']],
+    'MinorVersion' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'MajorVersion' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ServicePack' : [ 0x8, ['unsigned long']],
+    'ServiceNumber' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'ServiceBranch' : [ 0xc, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyMsrsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashMsrsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugMsrsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_HYPERVISOR_HARDWARE_FEATURES' : [ 0x10, {
+    'ApicOverlayAssistInUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MsrBitmapsInUse' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ArchitecturalPerformanceCountersInUse' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SecondLevelAddressTranslationInUse' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DmaRemappingInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'InterruptRemappingInUse' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'MemoryPatrolScrubberPresent' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'ReservedEbx' : [ 0x4, ['unsigned long']],
+    'ReservedEcx' : [ 0x8, ['unsigned long']],
+    'ReservedEdx' : [ 0xc, ['unsigned long']],
+} ],
+  '_HV_ENLIGHTENMENT_INFORMATION' : [ 0x10, {
+    'UseHypercallForAddressSpaceSwitch' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UseHypercallForLocalFlush' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UseHypercallForRemoteFlush' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UseApicMsrs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UseMsrForReset' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseRelaxedTiming' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UseDmaRemapping' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'UseInterruptRemapping' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UseX2ApicMsrs' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DeprecateAutoEoi' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'LongSpinWaitCount' : [ 0x4, ['unsigned long']],
+    'ReservedEcx' : [ 0x8, ['unsigned long']],
+    'ReservedEdx' : [ 0xc, ['unsigned long']],
+} ],
+  '_HV_IMPLEMENTATION_LIMITS' : [ 0x10, {
+    'MaxVirtualProcessorCount' : [ 0x0, ['unsigned long']],
+    'MaxLogicalProcessorCount' : [ 0x4, ['unsigned long']],
+    'MaxInterruptMappingCount' : [ 0x8, ['unsigned long']],
+    'ReservedEdx' : [ 0xc, ['unsigned long']],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeMsr' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicMsrs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerMsrs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessApicMsrs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetMsr' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsMsr' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleMsr' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyMsrs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugMsrs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'EnableExpandedStackwalking' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x268, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ReadySummary' : [ 0x8, ['unsigned long']],
+    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
+    'Span' : [ 0x250, ['unsigned long']],
+    'LowProcIndex' : [ 0x254, ['unsigned long']],
+    'QueueIndex' : [ 0x258, ['unsigned long']],
+    'ProcCount' : [ 0x25c, ['unsigned long']],
+    'Affinity' : [ 0x260, ['unsigned long long']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'Spare1' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
+    'OutputLength' : [ 0xe0, ['unsigned long long']],
+    'Spare2' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'TimeStampCKCL' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'LastBranchControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchMSR' : [ 0x110, ['unsigned long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'TimeStampKlog' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'Fill4' : [ 0x18c, ['unsigned long']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
+    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x58, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1805' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1807' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_180b' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['unsigned short']]],
+} ],
+  '_DEVICE_NODE' : [ 0x2c8, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x58, ['long']],
+    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
+    'FxActivationCount' : [ 0x78, ['long']],
+    'FxSleepCount' : [ 0x7c, ['long']],
+    'Plugin' : [ 0x80, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x88, ['unsigned long']],
+    'CurrentPowerState' : [ 0x8c, ['_POWER_STATE']],
+    'Notify' : [ 0x90, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xf8, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0x118, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0x128, ['unsigned long']],
+    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x134, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
+    'CompletionStatus' : [ 0x188, ['long']],
+    'Flags' : [ 0x18c, ['unsigned long']],
+    'UserFlags' : [ 0x190, ['unsigned long']],
+    'Problem' : [ 0x194, ['unsigned long']],
+    'ProblemStatus' : [ 0x198, ['long']],
+    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x1c4, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
+    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
+    'OverUsed1' : [ 0x210, ['__unnamed_1805']],
+    'OverUsed2' : [ 0x218, ['__unnamed_1807']],
+    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x230, ['unsigned long']],
+    'DockInfo' : [ 0x238, ['__unnamed_180b']],
+    'DisableableDepends' : [ 0x258, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
+    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x290, ['unsigned long']],
+    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
+    'ContainerID' : [ 0x298, ['_GUID']],
+    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x2c0, ['unsigned long']],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KAFFINITY_EX' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_18c2' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_18c2']],
+} ],
+  '__unnamed_18c9' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_18c9']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x1e0, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
+    'Reserved' : [ 0x28, ['unsigned long long']],
+    'IdlePolicy' : [ 0x30, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x38, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x40, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xb0, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower'})]],
+    'LastSysTime' : [ 0xb4, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xb8, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0xc0, ['long']],
+    'FFHThrottleStateInfo' : [ 0xc8, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0xe8, ['_KDPC']],
+    'PerfActionMask' : [ 0x128, ['long']],
+    'HvIdleCheck' : [ 0x130, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x140, ['_PROC_PERF_SNAP']],
+    'Domain' : [ 0x180, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x188, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x190, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x198, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x1a0, ['pointer64', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x1a8, ['unsigned char']],
+    'HvTargetState' : [ 0x1a9, ['unsigned char']],
+    'Parked' : [ 0x1aa, ['unsigned char']],
+    'OverUtilized' : [ 0x1ab, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x1ac, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x1b0, ['unsigned long']],
+    'ExpectedUtility' : [ 0x1b4, ['unsigned long']],
+    'Utility' : [ 0x1b8, ['array', 3, ['_PROC_PERF_UTILITY']]],
+} ],
+  '_PROC_PERF_UTILITY' : [ 0xc, {
+    'Affinitized' : [ 0x0, ['unsigned long']],
+    'Performance' : [ 0x4, ['unsigned long']],
+    'Total' : [ 0x8, ['unsigned long']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CompleteIdleStatePending' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0xd0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x20, ['unsigned long long']],
+    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0xc0, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x208, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
+    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
+    'Event' : [ 0x158, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
+    'WritesInProgress' : [ 0x204, ['unsigned long']],
+} ],
+  '__unnamed_1971' : [ 0x10, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_1971']],
+    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '__unnamed_1992' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_1994' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1996' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_1998' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_199a' : [ 0x30, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_199c' : [ 0x30, {
+    'Read' : [ 0x0, ['__unnamed_1992']],
+    'Write' : [ 0x0, ['__unnamed_1994']],
+    'Event' : [ 0x0, ['__unnamed_1996']],
+    'Notification' : [ 0x0, ['__unnamed_1998']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_199a']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x48, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_199c']],
+    'Function' : [ 0x40, ['unsigned char']],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
+    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x90, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x298, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x90, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
+    'Signature' : [ 0x98, ['unsigned long']],
+    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
+    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
+    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x100, ['unsigned long long']],
+    'AlignMask' : [ 0x108, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
+    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
+    'FrontEndHeap' : [ 0x170, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x178, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x17a, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0x17b, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0x180, ['pointer64', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0x188, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0x18a, ['array', 129, ['unsigned char']]],
+    'Counters' : [ 0x210, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x288, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1a07' : [ 0x68, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x68, {
+    'Lock' : [ 0x0, ['__unnamed_1a07']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1a59' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1a5b' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1a59']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1a5d' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1a5f' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1a5d']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_1a5b']],
+    'u2' : [ 0x4, ['__unnamed_1a5f']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x30, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_1a7a' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1a7c' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1a7a']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x30, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_1a7c']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1a8e' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1a90' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1a8e']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_1a90']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1a99' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1a9b' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1a99']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_1a9b']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1aa1' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_1aa3' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1aa1']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_1aa3']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1ac1' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1ac3' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1ac1']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1c0, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0xd0, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xe0, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xe0, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0xe8, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0x130, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0x148, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0x150, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0x158, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x160, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x168, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x178, ['long']],
+    'ReferenceNo' : [ 0x17c, ['long']],
+    'ReferenceNoWait' : [ 0x180, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0x188, ['__unnamed_1ac3']],
+    'TargetQueuePort' : [ 0x190, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x198, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x1a0, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x1a8, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x1ac, ['unsigned long']],
+    'PendingQueueLength' : [ 0x1b0, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x1b4, ['unsigned long']],
+    'WaitQueueLength' : [ 0x1b8, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x28, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x48, ['unsigned long long']],
+    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x58, ['pointer64', ['void']]],
+    'ListSize' : [ 0x60, ['unsigned long long']],
+    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x70, ['unsigned long long']],
+    'Data' : [ 0x78, ['pointer64', ['void']]],
+    'DataSize' : [ 0x80, ['unsigned long long']],
+    'BitmapLimit' : [ 0x88, ['unsigned long']],
+    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
+    'AttributeFlags' : [ 0x94, ['unsigned long']],
+    'AttributeSize' : [ 0x98, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0xd8, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xc0, ['unsigned long']],
+    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x18, ['long']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1a5b']],
+    'u2' : [ 0x4, ['__unnamed_1a5f']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1aeb' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_1aed' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1aeb']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x100, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'u1' : [ 0x28, ['__unnamed_1aed']],
+    'SequenceNo' : [ 0x2c, ['long']],
+    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
+    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x48, ['long']],
+    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xa0, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xa8, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xb0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xb8, ['pointer64', ['_ETHREAD']]],
+    'WakeReference' : [ 0xc0, ['pointer64', ['void']]],
+    'ExtensionBuffer' : [ 0xc8, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0xd0, ['unsigned long long']],
+    'PortMessage' : [ 0xd8, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x38, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'TotalLength' : [ 0x2c, ['unsigned short']],
+    'Type' : [ 0x2e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x30, ['unsigned short']],
+    'SignalCompletion' : [ 0x32, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x33, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x30, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ObjectType' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x38, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+} ],
+  '__unnamed_1b2f' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b31' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b2f']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_1b31']],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x28, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'TimeStamped' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
+    'ActivityId' : [ 0x10, ['_GUID']],
+    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x48, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x78, ['pointer64', ['void']]],
+    'Override' : [ 0x80, ['unsigned char']],
+    'QueryOnly' : [ 0x81, ['unsigned char']],
+    'DeleteOnly' : [ 0x82, ['unsigned char']],
+    'FullAttributes' : [ 0x83, ['unsigned char']],
+    'LocalFileObject' : [ 0x88, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x90, ['unsigned long']],
+    'AccessMode' : [ 0x94, ['unsigned char']],
+    'DriverCreateContext' : [ 0x98, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1bf6' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1bf6']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer64', ['unsigned short']]],
+    'LogFileName' : [ 0x40, ['pointer64', ['unsigned short']]],
+    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x110, ['unsigned long']],
+    'BuffersLost' : [ 0x114, ['unsigned long']],
+} ],
+  '_TlgProvider_t' : [ 0x40, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+    'AnnotationFunc' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x390, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'ErrorMarker' : [ 0x1c, ['unsigned long']],
+    'SizeMask' : [ 0x20, ['unsigned long']],
+    'GetCpuClock' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'FailureReason' : [ 0x3c, ['unsigned long']],
+    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x58, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x70, ['_LIST_ENTRY']],
+    'ProviderBinaryList' : [ 0x80, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x90, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x90, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x98, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0xa8, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0xb8, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xc8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xd8, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'FlushThreshold' : [ 0xe4, ['unsigned long']],
+    'ByteOffset' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xf0, ['unsigned long']],
+    'BuffersAvailable' : [ 0xf4, ['long']],
+    'NumberOfBuffers' : [ 0xf8, ['long']],
+    'MaximumBuffers' : [ 0xfc, ['unsigned long']],
+    'EventsLost' : [ 0x100, ['unsigned long']],
+    'PeakBuffersCount' : [ 0x104, ['long']],
+    'BuffersWritten' : [ 0x108, ['unsigned long']],
+    'LogBuffersLost' : [ 0x10c, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0x110, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0x114, ['unsigned long']],
+    'SequencePtr' : [ 0x118, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x120, ['unsigned long']],
+    'InstanceGuid' : [ 0x124, ['_GUID']],
+    'MaximumFileSize' : [ 0x134, ['unsigned long']],
+    'FileCounter' : [ 0x138, ['long']],
+    'PoolType' : [ 0x13c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x140, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0x150, ['long']],
+    'ProviderInfoSize' : [ 0x154, ['unsigned long']],
+    'Consumers' : [ 0x158, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x168, ['unsigned long']],
+    'TransitionConsumer' : [ 0x170, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x178, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x180, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x190, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x198, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x1a0, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x1a8, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x1b0, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1b8, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1c0, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1d0, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1d8, ['_KEVENT']],
+    'FlushEvent' : [ 0x1f0, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x208, ['_KTIMER']],
+    'LoggerDpc' : [ 0x248, ['_KDPC']],
+    'LoggerMutex' : [ 0x288, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2c8, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2c8, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2d0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x318, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x320, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x328, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x330, ['pointer64', ['void']]],
+    'BufferSequenceNumber' : [ 0x338, ['long long']],
+    'Flags' : [ 0x340, ['unsigned long']],
+    'Persistent' : [ 0x340, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x340, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x340, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x340, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x340, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x340, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x340, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x340, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x340, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x340, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x340, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x340, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x340, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SpareFlags1' : [ 0x340, ['BitField', dict(start_bit = 13, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x340, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x340, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x340, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x344, ['unsigned long']],
+    'DbgRequestNewFie' : [ 0x344, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x344, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x344, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x344, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x344, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x344, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDefferdFlush' : [ 0x344, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDefferdFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x344, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x344, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x348, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x358, ['pointer64', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x360, ['pointer64', ['_ETW_PMC_SUPPORT']]],
+    'WinRtProviderBinaryList' : [ 0x368, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x378, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x380, ['_DISALLOWED_GUIDS']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x28, {
+    'Source' : [ 0x0, ['array', -16, ['Enumeration', dict(target = 'long', choices = {0: 'ProfileTime', 1: 'ProfileAlignmentFixup', 2: 'ProfileTotalIssues', 3: 'ProfilePipelineDry', 4: 'ProfileLoadInstructions', 5: 'ProfilePipelineFrozen', 6: 'ProfileBranchInstructions', 7: 'ProfileTotalNonissues', 8: 'ProfileDcacheMisses', 9: 'ProfileIcacheMisses', 10: 'ProfileCacheMisses', 11: 'ProfileBranchMispredictions', 12: 'ProfileStoreInstructions', 13: 'ProfileFpInstructions', 14: 'ProfileIntegerInstructions', 15: 'Profile2Issue', 16: 'Profile3Issue', 17: 'Profile4Issue', 18: 'ProfileSpecialInstructions', 19: 'ProfileTotalCycles', 20: 'ProfileIcacheIssues', 21: 'ProfileDcacheAccesses', 22: 'ProfileMemoryBarrierCycles', 23: 'ProfileLoadLinkedIssues', 24: 'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x10, ['unsigned long']],
+    'HookId' : [ 0x14, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x1c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x20, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x478, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc8, ['unsigned long']],
+    'TokenInUse' : [ 0xcc, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
+    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
+    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x310, ['pointer64', ['void']]],
+    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x320, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_LOWBOX_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
+    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
+    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'VariablePart' : [ 0x470, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x80, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x30, ['pointer64', ['void']]],
+    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
+    'LowBoxHandlesTable' : [ 0x58, ['_SEP_LOWBOX_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare' : [ 0x1c, ['unsigned long']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved' : [ 0x1a, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
+    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0x18, ['unsigned long']],
+    'HashIndex' : [ 0x1c, ['unsigned short']],
+    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
+    'LockedExclusive' : [ 0x1f, ['unsigned char']],
+    'LockStateSignature' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x150, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x130, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'SessionId' : [ 0x138, ['unsigned long']],
+    'NamespaceEntry' : [ 0x140, ['pointer64', ['void']]],
+    'Flags' : [ 0x148, ['unsigned long']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0x18, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x428, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x10, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
+    'ErrorCount' : [ 0x18, ['long']],
+    'RecordCount' : [ 0x1c, ['unsigned long']],
+    'RecordLength' : [ 0x20, ['unsigned long']],
+    'PoolTag' : [ 0x24, ['unsigned long']],
+    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x38, ['pointer64', ['void']]],
+    'SectionCount' : [ 0x40, ['unsigned long']],
+    'SectionLength' : [ 0x44, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
+    'TotalErrors' : [ 0x54, ['unsigned long']],
+    'Deferred' : [ 0x58, ['unsigned char']],
+    'Descriptor' : [ 0x59, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x10, ['unsigned long']],
+    'ProcessorNumber' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x1c, ['long']],
+    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'ConnectLock' : [ 0x8, ['_KEVENT']],
+    'LineMasked' : [ 0x20, ['unsigned char']],
+    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0xb0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long long']],
+    'WorkQueue' : [ 0x20, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
+    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
+    'WorkOrderCount' : [ 0x70, ['unsigned long']],
+    'WorkOrders' : [ 0x78, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x150, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x108, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Reserved1' : [ 0x2, ['unsigned char']],
+    'Timer2Reserved2' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_COUNTERS' : [ 0x78, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x50, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
+    'LastPolledSize' : [ 0x70, ['unsigned long long']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Count' : [ 0x10, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x18, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x20, ['unsigned long long']],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_MI_ACTIVE_WSLE_LISTHEAD' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x68, ['unsigned char']],
+    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'QueryRemoveDevice', 1: 'CancelRemoveDevice', 2: 'RemoveDevice', 3: 'SurpriseRemoveDevice', 4: 'EjectDevice', 5: 'RemoveFailedDevice', 6: 'RemoveUnstartedFailedDevice', 7: 'MaxDeviceDeleteType'})]],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x50, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'AppContainerNumber' : [ 0x30, ['unsigned long']],
+    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
+    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x10, {
+    'Key' : [ 0x0, ['pointer64', ['void']]],
+    'Index' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x20, ['long']],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['unsigned long long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'PoolType' : [ 0xc, ['unsigned long']],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x48, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ullContextMinimum' : [ 0x8, ['unsigned long long']],
+    'guPlatform' : [ 0x10, ['_GUID']],
+    'guMinPlatform' : [ 0x20, ['_GUID']],
+    'ulContextSource' : [ 0x30, ['unsigned long']],
+    'ulElementCount' : [ 0x34, ['unsigned long']],
+    'guElements' : [ 0x38, ['array', 1, ['_GUID']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x30, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x18, ['_KEVENT']],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_CM_KEY_BODY' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KtmTrans' : [ 0x38, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x10, ['unsigned char']],
+    'BlockState' : [ 0x11, ['unsigned char']],
+    'WaitKey' : [ 0x12, ['unsigned short']],
+    'SpareLong' : [ 0x14, ['long']],
+    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
+    'Object' : [ 0x20, ['pointer64', ['void']]],
+    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x50, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x18, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x1c, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x20, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x48, ['unsigned long']],
+    'MinimumThrottle' : [ 0x4c, ['unsigned long']],
+} ],
+  '__unnamed_1dce' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_1dd0' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_1dce']],
+    'Private' : [ 0x0, ['__unnamed_1dd0']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Processors' : [ 0x8, ['unsigned long']],
+    'ActiveProcessors' : [ 0xc, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DirtyPages' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'Abandoned' : [ 0x30, ['unsigned char']],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['_IMAGE_SECURITY_CONTEXT']],
+    'DynamicRelocations' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 28, native_type='unsigned long long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_EJOB' : [ 0x4b0, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
+    'TotalProcesses' : [ 0xd4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
+    'LimitFlags' : [ 0x100, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
+    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
+    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
+    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
+    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
+    'SessionId' : [ 0x1e0, ['unsigned long']],
+    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
+    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x250, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x258, ['unsigned long long']],
+    'EffectiveAffinity' : [ 0x260, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x308, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x310, ['unsigned long long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x318, ['unsigned long long']],
+    'EffectiveProcessMemoryLimit' : [ 0x320, ['unsigned long long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x328, ['pointer64', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x338, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x33c, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x340, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x344, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x348, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x34c, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x350, ['unsigned char']],
+    'PriorityClass' : [ 0x351, ['unsigned char']],
+    'Reserved1' : [ 0x352, ['array', 2, ['unsigned char']]],
+    'CompletionFilter' : [ 0x354, ['unsigned long']],
+    'WakeChannel' : [ 0x358, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x358, ['_PS_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x390, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x398, ['unsigned long']],
+    'OwnedHighEdgeFilters' : [ 0x39c, ['unsigned long']],
+    'NotificationLink' : [ 0x3a0, ['pointer64', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x3a8, ['unsigned long long']],
+    'NotificationInfo' : [ 0x3b0, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x3b8, ['pointer64', ['void']]],
+    'NotificationPacket' : [ 0x3c0, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x3c8, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x3d0, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x3d8, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x3e0, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x3e8, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x3f8, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x408, ['pointer64', ['_EJOB']]],
+    'RootJob' : [ 0x410, ['pointer64', ['_EJOB']]],
+    'IteratorListHead' : [ 0x418, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x428, ['unsigned long long']],
+    'Ancestors' : [ 0x430, ['pointer64', ['pointer64', ['_EJOB']]]],
+    'Accounting' : [ 0x438, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x488, ['unsigned long']],
+    'SequenceNumber' : [ 0x48c, ['unsigned long']],
+    'TimerListLock' : [ 0x490, ['unsigned long long']],
+    'TimerListHead' : [ 0x498, ['_LIST_ENTRY']],
+    'JobFlags' : [ 0x4a8, ['unsigned long']],
+    'CloseDone' : [ 0x4a8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x4a8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x4a8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x4a8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x4a8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x4a8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x4a8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x4a8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x4a8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x4a8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x4a8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x4a8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x4a8, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x4a8, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x4a8, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x4a8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x4a8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x4a8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x4a8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x4a8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x4a8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x4a8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x4a8, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x4a8, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x4a8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareJobFlags' : [ 0x4a8, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'EffectiveHighEdgeFilters' : [ 0x4ac, ['unsigned long']],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x318, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'ForceIdle' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ReasonFlags' : [ 0x24, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x28, ['unsigned long long']],
+    'PreviousStatus' : [ 0x30, ['long']],
+    'PreviousCancelReason' : [ 0x34, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x38, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0xe0, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x188, ['pointer64', ['void']]],
+    'IdleExecute' : [ 0x190, ['pointer64', ['void']]],
+    'IdlePreselect' : [ 0x198, ['pointer64', ['void']]],
+    'IdleTest' : [ 0x1a0, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x1a8, ['pointer64', ['void']]],
+    'IdleCancel' : [ 0x1b0, ['pointer64', ['void']]],
+    'IdleIsHalted' : [ 0x1b8, ['pointer64', ['void']]],
+    'IdleInitiateWake' : [ 0x1c0, ['pointer64', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x1c8, ['pointer64', ['void']]],
+    'PrepareInfo' : [ 0x1d0, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'Tracing' : [ 0x238, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'State' : [ 0x240, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_PEB' : [ 0x388, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['void']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'SparePvoid0' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pUnused' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x98, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned short']],
+    'Flags' : [ 0x5a, ['unsigned char']],
+    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x8, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x8, ['unsigned long long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'RunningDeAllocs' : [ 0x44, ['long']],
+    'TotalBigPages' : [ 0x48, ['long']],
+    'ThreadsProcessingDeferrals' : [ 0x4c, ['long']],
+    'TotalBytes' : [ 0x50, ['unsigned long long']],
+    'PoolIndex' : [ 0x80, ['unsigned long']],
+    'TotalPages' : [ 0xc0, ['long']],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'PendingFreeDepth' : [ 0x108, ['long']],
+    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x50, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
+    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x88, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x10, ['unsigned long long']],
+    'ItemCount' : [ 0x18, ['long']],
+    'Dpc' : [ 0x20, ['_KDPC']],
+    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_KINTERRUPT' : [ 0x100, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
+    'ActiveCount' : [ 0x66, ['unsigned short']],
+    'InternalState' : [ 0x68, ['long']],
+    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x74, ['unsigned long']],
+    'DispatchCount' : [ 0x78, ['unsigned long']],
+    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
+    'DispatchCode' : [ 0x90, ['array', 4, ['unsigned long']]],
+    'DisconnectData' : [ 0xa0, ['pointer64', ['void']]],
+    'ServiceThread' : [ 0xa8, ['pointer64', ['_KTHREAD']]],
+    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
+    'ConnectionData' : [ 0xf0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
+    'Padding' : [ 0xf8, ['array', 8, ['unsigned char']]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x88, {
+    'FileName' : [ 0x0, ['pointer64', ['unsigned short']]],
+    'BaseName' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1ea0' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: 'WheaErrSrcStateStopped', 2: 'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_1ea0']],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x2d0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Node' : [ 0x2b0, ['pointer64', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x2b8, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x2bc, ['unsigned long']],
+    'ThreadCount' : [ 0x2c0, ['long']],
+    'MinThreads' : [ 0x2c4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x2c4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x2c8, ['long']],
+    'QueueIndex' : [ 0x2cc, ['Enumeration', dict(target = 'long', choices = {0: 'ExPoolUntrusted', 1: 'ExPoolTrusted', 8: 'ExPoolMax'})]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'Width8Bits', 1: 'Width16Bits', 2: 'Width32Bits', 3: 'Width64Bits', 4: 'WidthNoWrap', 5: 'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'Compatible', 1: 'TypeA', 2: 'TypeB', 3: 'TypeC', 4: 'TypeF', 5: 'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_IO_WORKITEM' : [ 0x50, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'Type' : [ 0x38, ['unsigned long']],
+    'ActivityId' : [ 0x3c, ['_GUID']],
+} ],
+  '_MMWSLE_HASH' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long long']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x88, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x40, ['_KDPC']],
+    'WorkOrder' : [ 0x80, ['pointer64', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xa8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'Lock' : [ 0x44, ['unsigned long']],
+    'Cancel' : [ 0x48, ['unsigned char']],
+    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'Data' : [ 0x58, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x5, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PS_WAKE_INFORMATION' : [ 0x38, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 5, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x30, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x48, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_RTL_BITMAP_EX' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x218, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x128, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Delete' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'DelayedDeref' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DelayedClose' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Parking' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyHash' : [ 0x10, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x10, ['unsigned long']],
+    'NextHash' : [ 0x18, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x20, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x28, ['unsigned long']],
+    'KcbPushlock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x38, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x38, ['long']],
+    'SlotHint' : [ 0x40, ['unsigned long']],
+    'ParentKcb' : [ 0x48, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x50, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x60, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x70, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x70, ['unsigned long']],
+    'SubKeyCount' : [ 0x70, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x78, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x88, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xb0, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xb2, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xb4, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb8, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_KLOCK_ENTRY' : [ 0x60, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'ThreadUnsafe' : [ 0x18, ['pointer64', ['void']]],
+    'HeadNodeByte' : [ 0x18, ['unsigned char']],
+    'Reserved1' : [ 0x19, ['array', 6, ['unsigned char']]],
+    'AcquiredByte' : [ 0x1f, ['unsigned char']],
+    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
+    'WaitingAndBusyByte' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
+    'InTreeByte' : [ 0x27, ['unsigned char']],
+    'SessionState' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+    'SessionPad' : [ 0x2c, ['unsigned long']],
+    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
+    'EntryLock' : [ 0x50, ['unsigned long long']],
+    'AllBoosts' : [ 0x58, ['unsigned short']],
+    'IoBoost' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'CpuBoostsBitmap' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x5a, ['unsigned short']],
+    'IoPriorityBit' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'AbSpare' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'SparePad' : [ 0x5d, ['array', 3, ['unsigned char']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'InStore' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 25, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_1f44' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x100, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_1f44']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
+    'ByteCount' : [ 0x88, ['unsigned long']],
+    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'PointerMdl' : [ 0xc0, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xc8, ['_MDL']],
+    'Page' : [ 0xf8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x28, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['unsigned long']],
+    'NonPagedFrees' : [ 0x8, ['unsigned long']],
+    'NonPagedBytes' : [ 0x10, ['unsigned long long']],
+    'PagedAllocs' : [ 0x18, ['unsigned long']],
+    'PagedFrees' : [ 0x1c, ['unsigned long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x50, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'CycleTime' : [ 0x10, ['unsigned long long']],
+    'ContextSwitches' : [ 0x18, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x20, ['long long']],
+    'WriteOperationCount' : [ 0x28, ['long long']],
+    'OtherOperationCount' : [ 0x30, ['long long']],
+    'ReadTransferCount' : [ 0x38, ['long long']],
+    'WriteTransferCount' : [ 0x40, ['long long']],
+    'OtherTransferCount' : [ 0x48, ['long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMPFNENTRY' : [ 0x2, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Priority' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEGMENT_OBJECT' : [ 0x40, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['_LARGE_INTEGER']],
+    'NonExtendedPtes' : [ 0x18, ['unsigned long']],
+    'ImageCommitment' : [ 0x1c, ['unsigned long']],
+    'ControlArea' : [ 0x20, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x28, ['pointer64', ['_SUBSECTION']]],
+    'MmSectionFlags' : [ 0x30, ['pointer64', ['_MMSECTION_FLAGS']]],
+    'MmSubSectionFlags' : [ 0x38, ['pointer64', ['_MMSUBSECTION_FLAGS']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_CMHIVE' : [ 0x1360, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x5a8, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0x5d8, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x5e8, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x5f8, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x608, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0x610, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0x620, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x628, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x630, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x638, ['unsigned long']],
+    'Identity' : [ 0x63c, ['unsigned long']],
+    'HiveLock' : [ 0x640, ['pointer64', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0x648, ['pointer64', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0x650, ['pointer64', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0x658, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x668, ['unsigned long']],
+    'FlushLogEntry' : [ 0x670, ['pointer64', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0x678, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x67c, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x680, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x688, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x698, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x6a0, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x6a8, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x6b0, ['pointer64', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x6b8, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0x6c0, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0x6c4, ['unsigned long']],
+    'ActualFileSize' : [ 0x6c8, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x6d0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x6e0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x6f0, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x700, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x710, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x714, ['unsigned long']],
+    'SecurityHitHint' : [ 0x718, ['long']],
+    'SecurityCache' : [ 0x720, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x728, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xb28, ['unsigned long']],
+    'UnloadEventArray' : [ 0xb30, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0xb38, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0xb40, ['unsigned char']],
+    'UnloadWorkItem' : [ 0xb48, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0xb50, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0xb78, ['unsigned char']],
+    'GrowOffset' : [ 0xb7c, ['unsigned long']],
+    'KcbConvertListHead' : [ 0xb80, ['_LIST_ENTRY']],
+    'KnodeConvertListHead' : [ 0xb90, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0xba0, ['pointer64', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0xba8, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x10b0, ['unsigned long']],
+    'TrustClassEntry' : [ 0x10b8, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x10c8, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x10d0, ['unsigned long long']],
+    'CmRm' : [ 0x10d8, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x10e0, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x10e4, ['long']],
+    'CreatorOwner' : [ 0x10e8, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0x10f0, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x10f8, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x1100, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x1118, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x1130, ['unsigned long']],
+    'FlushActive' : [ 0x1130, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0x1130, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0x1130, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x1130, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x1134, ['unsigned long']],
+    'ReferenceCount' : [ 0x1138, ['long']],
+    'UnloadHistoryIndex' : [ 0x113c, ['long']],
+    'UnloadHistory' : [ 0x1140, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0x1340, ['unsigned long']],
+    'UnaccessedStart' : [ 0x1344, ['unsigned long']],
+    'UnaccessedEnd' : [ 0x1348, ['unsigned long']],
+    'LoadedKeyCount' : [ 0x134c, ['unsigned long']],
+    'HandleClosePending' : [ 0x1350, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0x1358, ['_EX_PUSH_LOCK']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
+    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
+    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
+    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
+    'AvailableHistory' : [ 0x30, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'ForceCredits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Available' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderReserve', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x3f8, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x20, ['unsigned char']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_TEB64' : [ 0x1820, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'SystemReserved1' : [ 0x110, ['array', 54, ['unsigned long long']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'SpareBytes' : [ 0x2d0, ['array', 24, ['unsigned char']]],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'Padding1' : [ 0x2ec, ['array', 4, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'SpareUlong0' : [ 0x180c, ['unsigned long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xa0, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ActivityCounter' : [ 0x90, ['unsigned long']],
+    'PreviousActivityCounter' : [ 0x94, ['unsigned long']],
+    'WorkerTrimRequests' : [ 0x98, ['unsigned long']],
+} ],
+  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
+    'CurrentSize' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'Epoch' : [ 0x8, ['unsigned long']],
+    'Overflow' : [ 0xc, ['unsigned char']],
+    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x18, {
+    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x10, ['unsigned long']],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x90, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
+    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
+    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsFlags' : [ 0x50, ['unsigned long']],
+    'TebSelector' : [ 0x88, ['unsigned short']],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_ETIMER' : [ 0x138, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x40, ['unsigned long long']],
+    'TimerApc' : [ 0x48, ['_KAPC']],
+    'TimerDpc' : [ 0xa0, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Period' : [ 0xf0, ['unsigned long']],
+    'TimerFlags' : [ 0xf4, ['unsigned char']],
+    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0xf5, ['unsigned char']],
+    'Spare2' : [ 0xf6, ['unsigned short']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x128, ['unsigned long long']],
+    'CoalescingWindow' : [ 0x130, ['unsigned long']],
+} ],
+  '_PROC_PERF_SNAP' : [ 0x40, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'Active' : [ 0x10, ['unsigned long long']],
+    'LastActive' : [ 0x18, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x90, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'Count' : [ 0x28, ['unsigned long long']],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'StackTrace' : [ 0x40, ['array', 8, ['pointer64', ['void']]]],
+    'Who' : [ 0x80, ['unsigned long']],
+    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_POOL_BLOCK_HEAD' : [ 0x20, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'List' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_EXHANDLE' : [ 0x8, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x508, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x150, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['unsigned short']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x120, ['unsigned char']],
+    'TransactionEvent' : [ 0x128, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x130, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x138, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x140, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x148, ['pointer64', ['void']]],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '__unnamed_2059' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_205b' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2059']],
+} ],
+  '__unnamed_205d' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_205b']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_205d']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_HMAP_TABLE' : [ 0x3000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '_SEP_LOWBOX_HANDLES_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'HandleCount' : [ 0x28, ['unsigned long']],
+    'Handles' : [ 0x30, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x58, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'PlatformCap' : [ 0x10, ['unsigned long']],
+    'ThermalCap' : [ 0x14, ['unsigned long']],
+    'LimitReasons' : [ 0x18, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x20, ['unsigned long long']],
+    'TargetPercent' : [ 0x28, ['unsigned long']],
+    'DesiredPercent' : [ 0x2c, ['unsigned long']],
+    'SelectedPercent' : [ 0x30, ['unsigned long']],
+    'SelectedFrequency' : [ 0x34, ['unsigned long']],
+    'PreviousFrequency' : [ 0x38, ['unsigned long']],
+    'PreviousPercent' : [ 0x3c, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x40, ['unsigned long']],
+    'SelectedState' : [ 0x48, ['unsigned long long']],
+    'Force' : [ 0x50, ['unsigned char']],
+} ],
+  '__unnamed_2072' : [ 0x20, {
+    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
+    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
+    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_2075' : [ 0x10, {
+    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0xf8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x30, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x78, ['_KDPC']],
+    'MinorFunction' : [ 0xb8, ['unsigned char']],
+    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'PowerState' : [ 0xc0, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
+    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0xd0, ['unsigned char']],
+    'NotifyPEP' : [ 0xd1, ['unsigned char']],
+    'Device' : [ 0xd8, ['__unnamed_2072']],
+    'System' : [ 0xd8, ['__unnamed_2075']],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_MI_USER_VA_INFO' : [ 0x128, {
+    'NumberOfCommittedPageTables' : [ 0x0, ['unsigned long']],
+    'PhysicalMappingCount' : [ 0x4, ['unsigned long']],
+    'VadBitMapHint' : [ 0x8, ['unsigned long']],
+    'LastAllocationSizeHint' : [ 0xc, ['unsigned long']],
+    'LastAllocationSize' : [ 0x10, ['unsigned long']],
+    'LowestBottomUpVadBit' : [ 0x14, ['unsigned long']],
+    'VadBitMapSize' : [ 0x18, ['unsigned long']],
+    'VadBitMapCommitment' : [ 0x1c, ['unsigned long']],
+    'MaximumLastVadBit' : [ 0x20, ['unsigned long']],
+    'VadsBeingDeleted' : [ 0x24, ['long']],
+    'LastVadDeletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'VadBitBuffer' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'LowestBottomUpAllocationAddress' : [ 0x38, ['pointer64', ['void']]],
+    'HighestTopDownAllocationAddress' : [ 0x40, ['pointer64', ['void']]],
+    'FreeTebHint' : [ 0x48, ['pointer64', ['void']]],
+    'NumaAware' : [ 0x50, ['unsigned char']],
+    'PrivateFixupVadCount' : [ 0x58, ['unsigned long long']],
+    'CfgBitMap' : [ 0x60, ['array', 3, ['_MI_CFG_BITMAP_INFO']]],
+    'CommittedPageTableBufferForTopLevel' : [ 0xc0, ['array', 8, ['unsigned long']]],
+    'CommittedPageTableBitmaps' : [ 0xe0, ['array', 3, ['_RTL_BITMAP']]],
+    'PageTableBitmapPages' : [ 0x110, ['array', 3, ['unsigned long']]],
+    'FreeUmsTebHint' : [ 0x120, ['pointer64', ['void']]],
+} ],
+  '_PROC_FEEDBACK' : [ 0x70, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
+    'UnscaledTime' : [ 0x30, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x38, ['long long']],
+    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
+    'UserTimeLast' : [ 0x60, ['unsigned long']],
+    'KernelTimeLast' : [ 0x64, ['unsigned long']],
+    'KernelTimesIndex' : [ 0x68, ['unsigned char']],
+} ],
+  '__unnamed_208a' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_208e' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2090' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2092' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2094' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_2096' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2098' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_209a' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_209c' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_209e' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_20a0' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_20a2' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_208a']],
+    'Memory' : [ 0x0, ['__unnamed_208a']],
+    'Interrupt' : [ 0x0, ['__unnamed_208e']],
+    'Dma' : [ 0x0, ['__unnamed_2090']],
+    'DmaV3' : [ 0x0, ['__unnamed_2092']],
+    'Generic' : [ 0x0, ['__unnamed_208a']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2094']],
+    'BusNumber' : [ 0x0, ['__unnamed_2096']],
+    'ConfigData' : [ 0x0, ['__unnamed_2098']],
+    'Memory40' : [ 0x0, ['__unnamed_209a']],
+    'Memory48' : [ 0x0, ['__unnamed_209c']],
+    'Memory64' : [ 0x0, ['__unnamed_209e']],
+    'Connection' : [ 0x0, ['__unnamed_20a0']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_20a2']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x1f0, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+    'State' : [ 0x40, ['unsigned char']],
+    'Flags' : [ 0x41, ['unsigned char']],
+    'Removing' : [ 0x42, ['unsigned char']],
+    'Mode' : [ 0x43, ['unsigned char']],
+    'PendingMode' : [ 0x44, ['unsigned char']],
+    'ActivePoint' : [ 0x45, ['unsigned char']],
+    'PendingActivePoint' : [ 0x46, ['unsigned char']],
+    'Critical' : [ 0x47, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x48, ['long']],
+    'Throttle' : [ 0x4c, ['long']],
+    'PendingThrottle' : [ 0x50, ['long']],
+    'ThrottleReasons' : [ 0x54, ['unsigned long']],
+    'LastTime' : [ 0x58, ['unsigned long long']],
+    'SampleRate' : [ 0x60, ['unsigned long']],
+    'LastTemp' : [ 0x64, ['unsigned long']],
+    'PassiveTimer' : [ 0x68, ['_KTIMER']],
+    'PassiveDpc' : [ 0xa8, ['_KDPC']],
+    'Info' : [ 0xe8, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0x138, ['_LARGE_INTEGER']],
+    'Policy' : [ 0x140, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0x154, ['unsigned char']],
+    'Metrics' : [ 0x158, ['_POP_THERMAL_ZONE_METRICS']],
+    'WorkItem' : [ 0x188, ['_WORK_QUEUE_ITEM']],
+    'Lock' : [ 0x1a8, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x1b8, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x1d0, ['_KEVENT']],
+    'InstanceId' : [ 0x1e8, ['unsigned long']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_HHIVE' : [ 0x5a8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'Allocate' : [ 0x10, ['pointer64', ['void']]],
+    'Free' : [ 0x18, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x20, ['pointer64', ['void']]],
+    'FileRead' : [ 0x28, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x30, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x38, ['pointer64', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x40, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x50, ['unsigned long']],
+    'DirtyAlloc' : [ 0x54, ['unsigned long']],
+    'UnreconciledVector' : [ 0x58, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x68, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x6c, ['unsigned long']],
+    'Cluster' : [ 0x70, ['unsigned long']],
+    'Flat' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x75, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x78, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x7c, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x80, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x84, ['unsigned long']],
+    'HiveFlags' : [ 0x88, ['unsigned long']],
+    'CurrentLog' : [ 0x8c, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x90, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x94, ['unsigned long']],
+    'CurrentLogOffset' : [ 0x98, ['unsigned long']],
+    'MinimumLogSequence' : [ 0x9c, ['unsigned long']],
+    'LogFileSizeCap' : [ 0xa0, ['unsigned long']],
+    'LogDataPresent' : [ 0xa4, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0xa6, ['unsigned char']],
+    'BaseBlockDirty' : [ 0xa7, ['unsigned char']],
+    'FirstLogFile' : [ 0xa8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0xa8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0xa8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0xa8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0xa8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0xa8, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0xaa, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0xac, ['unsigned long']],
+    'StorageTypeCount' : [ 0xb0, ['unsigned long']],
+    'Version' : [ 0xb4, ['unsigned long']],
+    'Storage' : [ 0xb8, ['array', 2, ['_DUAL']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_POP_THERMAL_ZONE_METRICS' : [ 0x30, {
+    'ActiveCount' : [ 0x0, ['unsigned long']],
+    'PassiveCount' : [ 0x4, ['unsigned long']],
+    'LastActiveStartTime' : [ 0x8, ['unsigned long long']],
+    'AverageActiveTime' : [ 0x10, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x18, ['unsigned long long']],
+    'AveragePassiveTime' : [ 0x20, ['unsigned long long']],
+    'StartTickSinceLastReset' : [ 0x28, ['_LARGE_INTEGER']],
+} ],
+  '_CM_TRANS' : [ 0xa8, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KtmTrans' : [ 0x30, ['pointer64', ['void']]],
+    'CmRm' : [ 0x38, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x40, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x48, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x50, ['_GUID']],
+    'StartLsn' : [ 0x60, ['unsigned long long']],
+    'TransState' : [ 0x68, ['unsigned long']],
+    'HiveCount' : [ 0x6c, ['unsigned long']],
+    'HiveArray' : [ 0x70, ['array', 7, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_POOL_HACKER' : [ 0x30, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'Contents' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1e, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1d, ['unsigned char']],
+} ],
+  '__unnamed_20f7' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_20f9' : [ 0x20, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_20f7']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x38, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'u1' : [ 0x10, ['__unnamed_20f9']],
+    'VerifiedData' : [ 0x30, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '__unnamed_2102' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2104' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2106' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2108' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_210a' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_210c' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_210e' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2110' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2112' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_2114' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_2102']],
+    'TargetDevice' : [ 0x0, ['__unnamed_2104']],
+    'InstallDevice' : [ 0x0, ['__unnamed_2104']],
+    'CustomNotification' : [ 0x0, ['__unnamed_2106']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_2108']],
+    'PowerNotification' : [ 0x0, ['__unnamed_210a']],
+    'VetoNotification' : [ 0x0, ['__unnamed_210c']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_210e']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_2110']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_2112']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_2104']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_2104']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'DeviceInstanceStartedEvent', 12: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_2114']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x68, {
+    'Context' : [ 0x0, ['pointer64', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x48, ['unsigned long']],
+    'DependencyUsed' : [ 0x4c, ['unsigned long']],
+    'DependencyArray' : [ 0x50, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x58, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x5c, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x60, ['unsigned long']],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '__unnamed_2130' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_2130']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x8, ['unsigned long long']],
+    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
+} ],
+  '__unnamed_2169' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'PtesInSubsection' : [ 0x18, ['unsigned long']],
+    'UnusedPtes' : [ 0x20, ['unsigned long']],
+    'GlobalPerSessionHead' : [ 0x20, ['_RTL_AVL_TREE']],
+    'u' : [ 0x28, ['__unnamed_2169']],
+    'StartingSector' : [ 0x2c, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x30, ['unsigned long']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5b0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xe0, ['_CONTEXT']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
+    'DirtyPages' : [ 0x0, ['unsigned long long']],
+    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
+    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMWSLENTRY' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'HighActiveFlink' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'HighActiveBlink' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
+    'NodeTargetCount' : [ 0x38, ['long']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_PEB32' : [ 0x250, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'SparePvoid0' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['unsigned long']],
+    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
+    'FlsBitmap' : [ 0x218, ['unsigned long']],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pUnused' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_KPRIQUEUE' : [ 0x2b0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x298, ['unsigned long']],
+    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_WAITING_IRP' : [ 0x38, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'Information' : [ 0x30, ['unsigned long']],
+    'BreakAllRH' : [ 0x34, ['unsigned char']],
+} ],
+  '_POP_SYSTEM_IDLE' : [ 0x40, {
+    'AverageIdleness' : [ 0x0, ['long']],
+    'LowestIdleness' : [ 0x4, ['long']],
+    'Time' : [ 0x8, ['unsigned long']],
+    'Timeout' : [ 0xc, ['unsigned long']],
+    'LastUserInput' : [ 0x10, ['unsigned long']],
+    'Action' : [ 0x14, ['POWER_ACTION_POLICY']],
+    'MinState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SystemRequired' : [ 0x24, ['unsigned long']],
+    'IdleWorker' : [ 0x28, ['unsigned char']],
+    'Sampling' : [ 0x29, ['unsigned char']],
+    'LastTick' : [ 0x30, ['unsigned long long']],
+    'LastSystemRequiredTime' : [ 0x38, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x1c0, {
+    'Value' : [ 0x0, ['unsigned short']],
+    'Type' : [ 0x2, ['unsigned char']],
+    'HardCap' : [ 0x3, ['unsigned char']],
+    'RelativeWeight' : [ 0x4, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x8, ['unsigned long long']],
+    'NotificationCycles' : [ 0x10, ['long long']],
+    'SchedulingGroupList' : [ 0x18, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x28, ['pointer64', ['_KDPC']]],
+    'PerProcessor' : [ 0x40, ['array', 1, ['_KSCB']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
+    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x28, ['unsigned char']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+} ],
+  '__unnamed_21f1' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_21f3' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_21f5' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_21f7' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_21f5']],
+    'Translated' : [ 0x0, ['__unnamed_21f3']],
+} ],
+  '__unnamed_21f9' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_21fb' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_21fd' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_21ff' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2201' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2203' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2205' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2207' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_21f1']],
+    'Port' : [ 0x0, ['__unnamed_21f1']],
+    'Interrupt' : [ 0x0, ['__unnamed_21f3']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_21f7']],
+    'Memory' : [ 0x0, ['__unnamed_21f1']],
+    'Dma' : [ 0x0, ['__unnamed_21f9']],
+    'DmaV3' : [ 0x0, ['__unnamed_21fb']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2094']],
+    'BusNumber' : [ 0x0, ['__unnamed_21fd']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_21ff']],
+    'Memory40' : [ 0x0, ['__unnamed_2201']],
+    'Memory48' : [ 0x0, ['__unnamed_2203']],
+    'Memory64' : [ 0x0, ['__unnamed_2205']],
+    'Connection' : [ 0x0, ['__unnamed_20a0']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2207']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_220f' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_220f']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
+    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
+    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'SizeOfTable' : [ 0x14, ['unsigned long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_221f' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x8, ['__unnamed_221f']],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_DEVICE' : [ 0x218, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'Plugin' : [ 0x30, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
+    'MiniPlugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'MiniPluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
+    'DevNode' : [ 0x50, ['pointer64', ['_DEVICE_NODE']]],
+    'DeviceObject' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x68, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0xa0, ['pointer64', ['void']]],
+    'RemoveLock' : [ 0xa8, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0xc8, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0x100, ['unsigned long long']],
+    'IdleTimer' : [ 0x108, ['_KTIMER']],
+    'IdleDpc' : [ 0x148, ['_KDPC']],
+    'IdleTimeout' : [ 0x188, ['unsigned long long']],
+    'IdleStamp' : [ 0x190, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x198, ['pointer64', ['_DEVICE_OBJECT']]],
+    'NextIrpPowerState' : [ 0x1a0, ['_POWER_STATE']],
+    'NextIrpCallerCompletion' : [ 0x1a8, ['pointer64', ['void']]],
+    'NextIrpCallerContext' : [ 0x1b0, ['pointer64', ['void']]],
+    'IrpCompleteEvent' : [ 0x1b8, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x1d0, ['pointer64', ['void']]],
+    'Accounting' : [ 0x1d8, ['_POP_FX_ACCOUNTING']],
+    'ComponentCount' : [ 0x208, ['unsigned long']],
+    'Components' : [ 0x210, ['array', 1, ['pointer64', ['_POP_FX_COMPONENT']]]],
+} ],
+  '__unnamed_2238' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_223a' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2238']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x58, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'Volume' : [ 0x40, ['_LIST_ENTRY']],
+    'Specific' : [ 0x50, ['__unnamed_223a']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x28, {
+    'BadPageCount' : [ 0x0, ['unsigned long long']],
+    'BadPagesDetected' : [ 0x8, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
+    'ScrubPasses' : [ 0x10, ['long']],
+    'ScrubBadPagesFound' : [ 0x14, ['long']],
+    'FeatureBits' : [ 0x18, ['unsigned long long']],
+    'TimeZoneId' : [ 0x20, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x68, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x28, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPending' : [ 0x2a, ['unsigned char']],
+} ],
+  '_DELAY_ACK_FO' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SpareUlong' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_DEVICE_MAP' : [ 0x40, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['array', 7, ['unsigned long long']]],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x38, ['long']],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '__unnamed_229f' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_22a1' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_22a3' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_22a5' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_229f']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_22a1']],
+    'Raw' : [ 0x0, ['__unnamed_22a3']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x50, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DirtyVectorModified', 1: 'DirtyDataCaptureStart', 2: 'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0xc, ['__unnamed_22a5']],
+    'Stack' : [ 0x18, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_22ac' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_22af' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
+    'StartingVpn' : [ 0x18, ['unsigned long']],
+    'EndingVpn' : [ 0x1c, ['unsigned long']],
+    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
+    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
+    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
+    'LargeImageBias' : [ 0x23, ['unsigned char']],
+    'ReferenceCount' : [ 0x24, ['long']],
+    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x30, ['__unnamed_22ac']],
+    'u1' : [ 0x34, ['__unnamed_22af']],
+    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LockState' : [ 0x0, ['pointer64', ['void']]],
+    'SessionState' : [ 0x8, ['pointer64', ['void']]],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'SessionPad' : [ 0xc, ['unsigned long']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x10, ['unsigned long']],
+    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  '_SECTION_OBJECT' : [ 0x30, {
+    'StartingVa' : [ 0x0, ['pointer64', ['void']]],
+    'EndingVa' : [ 0x8, ['pointer64', ['void']]],
+    'Parent' : [ 0x10, ['pointer64', ['void']]],
+    'LeftChild' : [ 0x18, ['pointer64', ['void']]],
+    'RightChild' : [ 0x20, ['pointer64', ['void']]],
+    'Segment' : [ 0x28, ['pointer64', ['_SEGMENT_OBJECT']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['unsigned long']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
+    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '__unnamed_22f4' : [ 0x10, {
+    'ProgrammedTime' : [ 0x0, ['unsigned long long']],
+    'TimerInfo' : [ 0x8, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0xe0, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x60, ['array', 3, ['__unnamed_22f4']]],
+    'FilteredCapabilities' : [ 0x90, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['unsigned short']]],
+    'DriverName' : [ 0x50, ['pointer64', ['unsigned short']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3d0, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0x90, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x410, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
+    'ProcessGroupId' : [ 0x408, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_LOCK_HEADER' : [ 0x20, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x8, ['unsigned long long']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+    'Valid' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xe0, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+    'Xcr0' : [ 0xd8, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_POOL_HEADER' : [ 0x10, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+    'PoolTagHash' : [ 0xa, ['unsigned short']],
+} ],
+  '_PEB64' : [ 0x388, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'SparePvoid0' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['unsigned long long']],
+    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
+    'FlsBitmap' : [ 0x338, ['unsigned long long']],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pUnused' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_23ac' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x2000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_23ac']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
+    'NonPagablePages' : [ 0x28, ['unsigned long long']],
+    'CommittedPages' : [ 0x30, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x58, ['array', 4, ['unsigned long']]],
+    'ImageList' : [ 0x68, ['_LIST_ENTRY']],
+    'LocaleId' : [ 0x78, ['unsigned long']],
+    'AttachCount' : [ 0x7c, ['unsigned long']],
+    'AttachGate' : [ 0x80, ['_KGATE']],
+    'WsListEntry' : [ 0x98, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0xc0, ['array', 21, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xb40, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xb98, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xc00, ['_MMSUPPORT']],
+    'Wsle' : [ 0xce8, ['pointer64', ['_MMWSLE']]],
+    'DriverUnload' : [ 0xcf0, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PagedPool' : [ 0xd00, ['_POOL_DESCRIPTOR']],
+    'PageDirectory' : [ 0x1e40, ['_MMPTE']],
+    'SessionVaLock' : [ 0x1e48, ['_FAST_MUTEX']],
+    'DynamicVaBitMap' : [ 0x1e80, ['_RTL_BITMAP']],
+    'DynamicVaHint' : [ 0x1e90, ['unsigned long']],
+    'SpecialPool' : [ 0x1e98, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1ee8, ['_FAST_MUTEX']],
+    'PoolBigEntriesInUse' : [ 0x1f20, ['long']],
+    'PagedPoolPdeCount' : [ 0x1f24, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1f28, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1f2c, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1f30, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1f98, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1fa0, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x1fa8, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1fb0, ['unsigned long long']],
+    'IoState' : [ 0x1fb8, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1fbc, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1fc0, ['_KEVENT']],
+    'CreateTime' : [ 0x1fd8, ['unsigned long long']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '__unnamed_23bc' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_23bf' : [ 0x8, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x80, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x40, ['__unnamed_23bc']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u4' : [ 0x78, ['__unnamed_23bf']],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x8, ['long long']],
+    'SidCount' : [ 0x10, ['unsigned long']],
+    'SidValuesStart' : [ 0x18, ['unsigned long long']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x20, ['unsigned char']],
+    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
+    'OplockState' : [ 0x90, ['unsigned long']],
+    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x68, {
+    'Mutex' : [ 0x0, ['_FAST_MUTEX']],
+    'PagedPoolAllocationMap' : [ 0x38, ['_RTL_BITMAP_EX']],
+    'FirstPteForPagedPool' : [ 0x48, ['pointer64', ['_MMPTE']]],
+    'MaximumSize' : [ 0x50, ['unsigned long long']],
+    'PagedPoolHint' : [ 0x58, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x60, ['unsigned long long']],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x28, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
+    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
+    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x158, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'ProcessorCount' : [ 0xc0, ['unsigned long']],
+    'Processors' : [ 0xc8, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0xd0, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0xd8, ['pointer64', ['void']]],
+    'BoostModeHandler' : [ 0xe0, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0xe8, ['pointer64', ['void']]],
+    'PerfControlHandler' : [ 0xf0, ['pointer64', ['void']]],
+    'MaxFrequency' : [ 0xf8, ['unsigned long']],
+    'NominalFrequency' : [ 0xfc, ['unsigned long']],
+    'MaxPercent' : [ 0x100, ['unsigned long']],
+    'MinPerfPercent' : [ 0x104, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x108, ['unsigned long']],
+    'Coordination' : [ 0x10c, ['unsigned char']],
+    'HardPlatformCap' : [ 0x10d, ['unsigned char']],
+    'AffinitizeControl' : [ 0x10e, ['unsigned char']],
+    'SelectedPercent' : [ 0x110, ['unsigned long']],
+    'SelectedFrequency' : [ 0x114, ['unsigned long']],
+    'DesiredPercent' : [ 0x118, ['unsigned long']],
+    'MaxPolicyPercent' : [ 0x11c, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x120, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0x124, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0x128, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x12c, ['unsigned long']],
+    'TolerancePercent' : [ 0x130, ['unsigned long']],
+    'SelectedState' : [ 0x138, ['unsigned long long']],
+    'Force' : [ 0x140, ['unsigned char']],
+    'PerfChangeTime' : [ 0x148, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x150, ['unsigned long']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_RELATION_LIST' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'TagCount' : [ 0x4, ['unsigned long']],
+    'FirstLevel' : [ 0x8, ['unsigned long']],
+    'MaxLevel' : [ 0xc, ['unsigned long']],
+    'Entries' : [ 0x10, ['array', 1, ['pointer64', ['_RELATION_LIST_ENTRY']]]],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x18, {
+    'QueueHead' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueTail' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x10, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0x40, ['_RTL_BITMAP']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
+    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x18, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '__unnamed_242f' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2433' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_242f']],
+    'Bits' : [ 0x4, ['__unnamed_2433']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'DataLow' : [ 0x0, ['long long']],
+    'DataHigh' : [ 0x8, ['long long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_FAST_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x80, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x10, ['short']],
+    'SpecialApcDisable' : [ 0x12, ['short']],
+    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
+    'Irql' : [ 0x14, ['unsigned char']],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_DYNAMIC_FUNCTION_TABLE' : [ 0x58, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
+    'MinimumAddress' : [ 0x20, ['unsigned long long']],
+    'MaximumAddress' : [ 0x28, ['unsigned long long']],
+    'BaseAddress' : [ 0x30, ['unsigned long long']],
+    'Callback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['unsigned short']]],
+    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'RF_SORTED', 1: 'RF_UNSORTED', 2: 'RF_CALLBACK', 3: 'RF_KERNEL_DYNAMIC'})]],
+    'EntryCount' : [ 0x54, ['unsigned long']],
+} ],
+  '_SEP_LOWBOX_HANDLES_TABLE' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2450' : [ 0x4, {
+    'Level' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2452' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_2450']],
+    'Button' : [ 0x10, ['__unnamed_2452']],
+} ],
+  '_KDPC_DATA' : [ 0x28, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_KSCB' : [ 0x170, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'UnderQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x10, ['unsigned long long']],
+    'LongTermCycles' : [ 0x18, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x20, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x28, ['unsigned long long']],
+    'ReadyTime' : [ 0x30, ['unsigned long long']],
+    'InsertTime' : [ 0x38, ['unsigned long long']],
+    'PerProcessorList' : [ 0x40, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x50, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OverQuota' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardCap' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Spare1' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x69, ['unsigned char']],
+    'ReadySummary' : [ 0x6a, ['unsigned short']],
+    'Rank' : [ 0x6c, ['unsigned long']],
+    'ReadyListHead' : [ 0x70, ['array', 16, ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_2462' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2464' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2462']],
+    'Merged' : [ 0x10, ['__unnamed_2464']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'HistoryList' : [ 0x8, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
+    'BeginAddress' : [ 0x0, ['unsigned long']],
+    'EndAddress' : [ 0x4, ['unsigned long']],
+    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
+    'UnwindData' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2472' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_2472']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'spare3' : [ 0x16, ['array', 8, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_2486' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+} ],
+  '__unnamed_248a' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x48, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_2486']],
+    'u2' : [ 0x38, ['__unnamed_248a']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_2493' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2495' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_2493']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x100, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_2495']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'PoolPageHeaders' : [ 0x30, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x40, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x50, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x54, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x5c, ['unsigned long']],
+    'PagedBytes' : [ 0x60, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x70, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x80, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x84, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x88, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x8c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x90, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x94, ['unsigned long']],
+    'LockedBytes' : [ 0x98, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xa0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xc0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xd0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xe8, ['_LIST_ENTRY']],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x78, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
+    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
+    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned long']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PTE_TRACKER' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
+    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'DisableInterrupts' : [ 0x22, ['unsigned char']],
+    'Context' : [ 0x28, ['unsigned long long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_HMAP_ENTRY' : [ 0x18, {
+    'BlockAddress' : [ 0x0, ['unsigned long long']],
+    'BinAddress' : [ 0x8, ['unsigned long long']],
+    'MemAlloc' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x28, ['unsigned char']],
+    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x270, ['unsigned long']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1', 19: 'NotifyTransportRelationsChange', 20: 'NotifyEjectionRelationsChange', 21: 'ConfigureDevice', 22: 'ConfigureDeviceClass', 23: 'ConfigureDeviceExtensions'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'LowboxNumber' : [ 0x28, ['unsigned long']],
+    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MI_CFG_BITMAP_INFO' : [ 0x20, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'RegionSize' : [ 0x8, ['unsigned long long']],
+    'VadBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'BitmapVad' : [ 0x18, ['pointer64', ['_MMVAD']]],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMSESSION' : [ 0x58, {
+    'SystemSpaceViewLock' : [ 0x0, ['_FAST_MUTEX']],
+    'SystemSpaceViewLockPointer' : [ 0x38, ['pointer64', ['_FAST_MUTEX']]],
+    'SystemSpaceViewTable' : [ 0x40, ['pointer64', ['_MMVIEW']]],
+    'SystemSpaceHashSize' : [ 0x48, ['unsigned long']],
+    'SystemSpaceHashEntries' : [ 0x4c, ['unsigned long']],
+    'SystemSpaceHashKey' : [ 0x50, ['unsigned long']],
+    'BitmapFailures' : [ 0x54, ['unsigned long']],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x30, ['pointer64', ['void']]],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'Index' : [ 0x60, ['unsigned short']],
+    'Flags' : [ 0x62, ['unsigned char']],
+    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'EnableMask' : [ 0x63, ['unsigned char']],
+    'GroupEnableMask' : [ 0x64, ['unsigned char']],
+    'UseDescriptorType' : [ 0x65, ['unsigned char']],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'OriginalAffinity' : [ 0x8, ['_GROUP_AFFINITY']],
+    'SteeringListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'SteeringListRoot' : [ 0x28, ['pointer64', ['void']]],
+    'IsrTime' : [ 0x30, ['unsigned long long']],
+    'DpcTime' : [ 0x38, ['unsigned long long']],
+    'IsrLoad' : [ 0x40, ['unsigned long']],
+    'DpcLoad' : [ 0x44, ['unsigned long']],
+    'IsPrimaryInterrupt' : [ 0x48, ['unsigned char']],
+    'InterruptObjectArray' : [ 0x50, ['pointer64', ['pointer64', ['_KINTERRUPT']]]],
+    'InterruptObjectCount' : [ 0x58, ['unsigned long']],
+    'Vectors' : [ 0x60, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x118, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'InProgressLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReservedFlags2' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x90, ['pointer64', ['void']]],
+    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
+    'SnapContext' : [ 0xb0, ['pointer64', ['_LDRP_DLL_SNAP_CONTEXT']]],
+    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
+    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
+    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0xf8, ['unsigned long long']],
+    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
+    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: 'LoadReasonStaticDependency', 1: 'LoadReasonStaticForwarderDependency', 2: 'LoadReasonDynamicForwarderDependency', 3: 'LoadReasonDelayloadDependency', 4: 'LoadReasonDynamicLoad', 5: 'LoadReasonAsImageLoad', 6: 'LoadReasonAsDataLoad', -1: 'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x50, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'DependencyCount' : [ 0x20, ['unsigned long']],
+    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
+    'RemovalLink' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
+    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'LdrModulesPlaceHolder', 1: 'LdrModulesMapping', 2: 'LdrModulesMapped', 3: 'LdrModulesWaitingForDependencies', 4: 'LdrModulesSnapping', 5: 'LdrModulesSnapped', 6: 'LdrModulesCondensed', 7: 'LdrModulesReadyToInit', 8: 'LdrModulesInitializing', 9: 'LdrModulesReadyToRun', '\xfb': 'LdrModulesMerged', '\xfd': 'LdrModulesSnapError', '\xfc': 'LdrModulesInitError', -1: 'LdrModulesUnloading', '\xfe': 'LdrModulesUnloaded'})]],
+    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x48, ['unsigned long']],
+    'LowestLink' : [ 0x4c, ['unsigned long']],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1d0, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x1a8, ['_LIST_ENTRY']],
+    'Status' : [ 0x1b8, ['long']],
+    'FailedDevice' : [ 0x1c0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1c8, ['unsigned char']],
+    'Cancelled' : [ 0x1c9, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1ca, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1cb, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LockedPages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'FloppyMedia' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ILOnly' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0xfe8, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'SystemReserved1' : [ 0xcc, ['array', 54, ['unsigned long']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'SpareBytes' : [ 0x1ac, ['array', 36, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'SpareUlong0' : [ 0xfdc, ['unsigned long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0xd8, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Latency' : [ 0xa8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xac, ['unsigned long']],
+    'Power' : [ 0xb0, ['unsigned long']],
+    'StateFlags' : [ 0xb4, ['unsigned long']],
+    'VetoAccounting' : [ 0xb8, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0xd0, ['unsigned char']],
+    'InterruptsEnabled' : [ 0xd1, ['unsigned char']],
+    'Interruptible' : [ 0xd2, ['unsigned char']],
+    'ContextRetained' : [ 0xd3, ['unsigned char']],
+    'CacheCoherent' : [ 0xd4, ['unsigned char']],
+    'WakesSpuriously' : [ 0xd5, ['unsigned char']],
+    'PlatformOnly' : [ 0xd6, ['unsigned char']],
+    'NoCState' : [ 0xd7, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x18, ['long']],
+    'HighWaterMark' : [ 0x1c, ['unsigned long']],
+    'Reserved' : [ 0x20, ['array', 8, ['unsigned long']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_2559' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x20, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
+    'NodeCount' : [ 0x8, ['unsigned long long']],
+    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x18, ['unsigned long']],
+    'u1' : [ 0x1c, ['__unnamed_2559']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned char']],
+    'DripsRequiredState' : [ 0xc, ['unsigned long']],
+    'Level' : [ 0x10, ['long']],
+    'ActiveStamp' : [ 0x18, ['long long']],
+    'CsActiveTime' : [ 0x20, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x28, ['long long']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RELATION_LIST_ENTRY' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'Devices' : [ 0x8, ['array', 1, ['_DEVICE_OBJECT_LIST_ENTRY']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x6, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+} ],
+  '_POP_FX_COMPONENT' : [ 0xf8, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x60, ['long']],
+    'ActiveEvent' : [ 0x68, ['_KEVENT']],
+    'IdleLock' : [ 0x80, ['unsigned long long']],
+    'IdleConditionComplete' : [ 0x88, ['long']],
+    'IdleStateComplete' : [ 0x8c, ['long']],
+    'IdleStamp' : [ 0x90, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x98, ['unsigned long']],
+    'IdleStateCount' : [ 0x9c, ['unsigned long']],
+    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
+    'ProviderCount' : [ 0xac, ['unsigned long']],
+    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
+    'DependentCount' : [ 0xbc, ['unsigned long']],
+    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x38, {
+    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
+    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
+    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
+    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
+    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
+    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
+    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PROVIDER_BINARY_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x10, ['unsigned char']],
+    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0x14, ['unsigned long']],
+    'DebugId' : [ 0x18, ['_CVDD']],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'StackLimitHits' : [ 0x8038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
+    'TotalReleases' : [ 0x8048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
+    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
+    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8168, ['long']],
+    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: 'BugcheckStackLimits', 1: 'DPCStackLimits', 2: 'ExpandedStackLimits', 3: 'NormalStackLimits', 4: 'Win32kStackLimits', 5: 'SwapBusyStackLimits', 6: 'IsrStackLimits', 7: 'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
+    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_UOW' : [ 0x60, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x50, ['unsigned long']],
+    'OldValueCell' : [ 0x50, ['unsigned long']],
+    'NewValueCell' : [ 0x54, ['unsigned long']],
+    'UserFlags' : [ 0x50, ['unsigned long']],
+    'LastWriteTime' : [ 0x50, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x50, ['unsigned long']],
+    'OldChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x58, ['unsigned long']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x40, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'IRHints' : [ 0x30, ['unsigned long']],
+    'IRTruncatedHints' : [ 0x34, ['unsigned long']],
+    'ExpectedWakeReason' : [ 0x38, ['unsigned char']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_25c8' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_25ca' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_25c8']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_25ca']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '__unnamed_25dc' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_25dc']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x14, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x520, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x508, ['unsigned long']],
+    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x510, ['unsigned long']],
+    'YieldCount' : [ 0x514, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x48, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x178, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long long']],
+    'Guid' : [ 0x18, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['pointer64', ['_ETW_FILTER_HEADER']]],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_DEFERRED_WRITE' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2647' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2649' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2647']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2649']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'GpValue' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0xc0, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1d, {
+    'PerUserPolicy' : [ 0x0, ['array', 29, ['unsigned char']]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_265d' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_265f' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_2663' : [ 0x8, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2667' : [ 0x10, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x8, ['unsigned char']],
+} ],
+  '__unnamed_2669' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_265d']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_265f']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2663']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_2667']],
+    'Others' : [ 0x0, ['__unnamed_2669']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
+    'Function' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long long']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x68, {
+    'PlatformOnlyCount' : [ 0x0, ['unsigned long long']],
+    'PreVetoCount' : [ 0x8, ['unsigned long long']],
+    'VetoCount' : [ 0x10, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x40, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x48, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x50, ['unsigned long long']],
+    'NoCStateCount' : [ 0x58, ['unsigned long long']],
+    'SelectedCount' : [ 0x60, ['unsigned long long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x28, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '__unnamed_2678' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_267a' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_267c' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_2678']],
+    'Interrupt' : [ 0x0, ['__unnamed_267a']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_267a']],
+    'Sci' : [ 0x0, ['__unnamed_267a']],
+    'Nmi' : [ 0x0, ['__unnamed_267a']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_267c']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x1a0, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'VerifyKernelPhaseOnResume' : [ 0x3, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x4, ['unsigned char']],
+    'InitializationFinished' : [ 0x5, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'MapFrozen' : [ 0x14, ['unsigned char']],
+    'DiscardMap' : [ 0x18, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x18, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x28, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x38, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x48, ['unsigned long']],
+    'ClonedPageCount' : [ 0x50, ['unsigned long long']],
+    'CurrentMap' : [ 0x58, ['pointer64', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x60, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x68, ['unsigned long long']],
+    'LoaderMdl' : [ 0x70, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x78, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x80, ['unsigned long long']],
+    'IoPages' : [ 0x88, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x90, ['unsigned long']],
+    'CurrentMcb' : [ 0x98, ['pointer64', ['void']]],
+    'DumpStack' : [ 0xa0, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0xa8, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0xb0, ['unsigned long']],
+    'Status' : [ 0xb4, ['long']],
+    'GraphicsProc' : [ 0xb8, ['unsigned long']],
+    'MemoryImage' : [ 0xc0, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0xc8, ['pointer64', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0xd0, ['pointer64', ['_MDL']]],
+    'SiLogOffset' : [ 0xd8, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0xe0, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0xe8, ['pointer64', ['void']]],
+    'ResumeContext' : [ 0xf0, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0xf8, ['unsigned long']],
+    'ProcessorCount' : [ 0xfc, ['unsigned long']],
+    'ProcessorContext' : [ 0x100, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0x108, ['pointer64', ['unsigned char']]],
+    'ProdConsSize' : [ 0x110, ['unsigned long']],
+    'MaxDataPages' : [ 0x114, ['unsigned long']],
+    'ExtraBuffer' : [ 0x118, ['pointer64', ['void']]],
+    'ExtraBufferSize' : [ 0x120, ['unsigned long long']],
+    'ExtraMapVa' : [ 0x128, ['pointer64', ['void']]],
+    'BitlockerKeyPFN' : [ 0x130, ['unsigned long long']],
+    'IoInfo' : [ 0x138, ['_POP_IO_INFO']],
+    'HardwareConfigurationSignature' : [ 0x198, ['unsigned long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x178, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
+    'PointersLength' : [ 0x118, ['unsigned long']],
+    'ModulePrefix' : [ 0x120, ['pointer64', ['unsigned short']]],
+    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x138, ['_STRING']],
+    'ProgMsg' : [ 0x148, ['_STRING']],
+    'DoneMsg' : [ 0x158, ['_STRING']],
+    'FileObject' : [ 0x168, ['pointer64', ['void']]],
+    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x18, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
+    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
+    'Code' : [ 0x20, ['unsigned long']],
+    'Parameter1' : [ 0x28, ['unsigned long long']],
+    'Parameter2' : [ 0x30, ['unsigned long long']],
+    'Parameter3' : [ 0x38, ['unsigned long long']],
+    'Parameter4' : [ 0x40, ['unsigned long long']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'Teb' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 31, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'SecureInfo' : [ 0x10, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP_EX']],
+    'InPageSupport' : [ 0x10, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'PhysicalMemory' : [ 0x10, ['_MI_PHYSMEM_BLOCK']],
+    'LargePage' : [ 0x10, ['pointer64', ['_MI_LARGEPAGE_MEMORY_INFO']]],
+} ],
+  '__unnamed_26b9' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_26b9']],
+} ],
+  '__unnamed_26bd' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_26bd']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x360, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long long']],
+    'HiberFlags' : [ 0x38, ['unsigned char']],
+    'spare' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'NoFreePages' : [ 0x48, ['unsigned long']],
+    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
+    'WakeCheck' : [ 0x50, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x60, ['unsigned long long']],
+    'FirstKernelRestorePage' : [ 0x68, ['unsigned long long']],
+    'PerfInfo' : [ 0x70, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x218, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x220, ['array', 1, ['unsigned long long']]],
+    'SiLogOffset' : [ 0x228, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x22c, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x230, ['array', 24, ['unsigned long long']]],
+    'NotUsed' : [ 0x2f0, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x2f4, ['unsigned long']],
+    'ResumeContextPages' : [ 0x2f8, ['unsigned long']],
+    'Hiberboot' : [ 0x2fc, ['unsigned char']],
+    'HvCr3' : [ 0x300, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x308, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x310, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x318, ['unsigned long long']],
+    'BootFlags' : [ 0x320, ['unsigned long long']],
+    'HalEntryPointPhysical' : [ 0x328, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x330, ['unsigned long long']],
+    'BitlockerKeyPfns' : [ 0x338, ['array', 4, ['unsigned long long']]],
+    'HardwareSignature' : [ 0x358, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned short']],
+    'Flags' : [ 0x16, ['unsigned short']],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1a8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x38, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x3c, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x40, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x48, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x50, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x58, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x80, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xa8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xb0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xb8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xc0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xc8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0xd0, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0xd8, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0xe0, ['unsigned long long']],
+    'IoBoundedness' : [ 0xe8, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0xf0, ['unsigned long long']],
+    'KernelIoTicks' : [ 0xf8, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x100, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x108, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x110, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x118, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x120, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x128, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x130, ['unsigned long long']],
+    'AnimationStart' : [ 0x138, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x140, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x148, ['unsigned long']],
+    'BootPagesProcessed' : [ 0x150, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x158, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x160, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x168, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x170, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x178, ['unsigned long long']],
+    'BytesWritten' : [ 0x180, ['unsigned long long']],
+    'PagesWritten' : [ 0x188, ['unsigned long']],
+    'FileRuns' : [ 0x18c, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x190, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x194, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x198, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1a0, ['unsigned long long']],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '__unnamed_26dc' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_26dc']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MI_PHYSMEM_BLOCK' : [ 0x8, {
+    'IoTracker' : [ 0x0, ['pointer64', ['_MMIO_TRACKER']]],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
+    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
+    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'CopyTicks' : [ 0x20, ['unsigned long long']],
+    'CompressTicks' : [ 0x28, ['unsigned long long']],
+    'BytesCopied' : [ 0x30, ['unsigned long long']],
+    'PagesProcessed' : [ 0x38, ['unsigned long long']],
+    'DecompressTicks' : [ 0x40, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x78, ['unsigned long']],
+    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
+} ],
+  '_DEVICE_OBJECT_LIST_ENTRY' : [ 0x10, {
+    'DeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceRelation', 1: 'Dependent', 2: 'DirectDescendant'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x20, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_POP_IO_INFO' : [ 0x60, {
+    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'IoReady', 1: 'IoPending', 2: 'IoDone'})]],
+    'IoStartCount' : [ 0x10, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
+    'RequestSize' : [ 0x28, ['unsigned long long']],
+    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x38, ['unsigned long long']],
+    'Buffer' : [ 0x40, ['pointer64', ['void']]],
+    'AsyncCapable' : [ 0x48, ['unsigned char']],
+    'BytesToRead' : [ 0x50, ['unsigned long long']],
+    'Pages' : [ 0x58, ['unsigned long']],
+} ],
+  '_LDRP_CSLIST' : [ 0x8, {
+    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MMVIEW' : [ 0x38, {
+    'PteOffset' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['unsigned long long']],
+    'u1' : [ 0x10, ['_MMVIEW_CONTROL_AREA']],
+    'ViewLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'SessionViewVa' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'SessionIdForGlobalSubsections' : [ 0x34, ['unsigned long']],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x48, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkFilter' : [ 0x28, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'EventIdFilter' : [ 0x30, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x38, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x40, ['pointer64', ['_EVENT_FILTER_HEADER']]],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_MMVIEW_CONTROL_AREA' : [ 0x8, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'Writable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'ExceptionForInPageErrors' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'UsedForControlArea' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_2712' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2714' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2717' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_271b' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'ApicDestinationModePhysical', 2: 'ApicDestinationModeLogicalFlat', 3: 'ApicDestinationModeLogicalClustered', 4: 'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptTypeControllerInput', 1: 'InterruptTypeXapicMessage', 2: 'InterruptTypeHypertransport', 3: 'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x38, ['__unnamed_2712']],
+    'XapicMessage' : [ 0x38, ['__unnamed_2714']],
+    'Hypertransport' : [ 0x38, ['__unnamed_2717']],
+    'GenericMessage' : [ 0x38, ['__unnamed_2714']],
+    'MessageRequest' : [ 0x38, ['__unnamed_271b']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_272e' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2730' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2732' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_272e']],
+    'Gpt' : [ 0x0, ['__unnamed_2730']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
+    'HiberResume' : [ 0x6a, ['unsigned char']],
+    'Reserved1' : [ 0x6b, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_2732']],
+    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
+    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
+    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x30, ['unsigned short']],
+    'ReplyIndex' : [ 0x32, ['unsigned short']],
+    'Flags' : [ 0x34, ['unsigned long']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_KDPC_LIST' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x178, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'EtwNotificationTypeNoReply', 2: 'EtwNotificationTypeLegacyEnable', 3: 'EtwNotificationTypeEnable', 4: 'EtwNotificationTypePrivateLogger', 5: 'EtwNotificationTypePerflib', 6: 'EtwNotificationTypeAudio', 7: 'EtwNotificationTypeSession', 8: 'EtwNotificationTypeReserved', 9: 'EtwNotificationTypeCredentialUI', 10: 'EtwNotificationTypeInProcSession', 11: 'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '__unnamed_2766' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2768' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2766']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_276b' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_276d' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_276b']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2768']],
+    'HighPart' : [ 0x4, ['__unnamed_276d']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_MI_LARGEPAGE_MEMORY_INFO' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ColoredPageInfoBase' : [ 0x10, ['pointer64', ['_COLORED_PAGE_INFO']]],
+    'PagesNeedZeroing' : [ 0x18, ['unsigned long']],
+    'ActualImageViewSize' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_277f' : [ 0x8, {
+    'MessageAddressLow' : [ 0x0, ['unsigned long']],
+    'MessageData' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+} ],
+  '__unnamed_2781' : [ 0x8, {
+    'RemappedFormat' : [ 0x0, ['_ULARGE_INTEGER']],
+    'Msi' : [ 0x0, ['__unnamed_277f']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_2781']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMIO_TRACKER' : [ 0x70, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PageFrameIndex' : [ 0x10, ['unsigned long long']],
+    'NumberOfPages' : [ 0x18, ['unsigned long long']],
+    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
+    'CacheFlushTimeStamp' : [ 0x20, ['unsigned long']],
+    'Mdl' : [ 0x28, ['pointer64', ['_MDL']]],
+    'MdlPages' : [ 0x30, ['unsigned long long']],
+    'StackTrace' : [ 0x38, ['array', 6, ['pointer64', ['void']]]],
+    'CacheInfo' : [ 0x68, ['array', 1, ['_IO_CACHE_INFO']]],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_278d' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2790' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x180, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Event' : [ 0x20, ['_KEVENT']],
+    'CollidedEvent' : [ 0x38, ['_KEVENT']],
+    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
+    'PteContents' : [ 0x68, ['_MMPTE']],
+    'Thread' : [ 0x70, ['pointer64', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0x78, ['pointer64', ['_MMPFN']]],
+    'WaitCount' : [ 0x80, ['long']],
+    'ByteCount' : [ 0x84, ['unsigned long']],
+    'u3' : [ 0x88, ['__unnamed_278d']],
+    'u1' : [ 0x8c, ['__unnamed_2790']],
+    'FilePointer' : [ 0x90, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x98, ['pointer64', ['_CONTROL_AREA']]],
+    'Autoboost' : [ 0xa0, ['pointer64', ['void']]],
+    'FaultingAddress' : [ 0xa8, ['pointer64', ['void']]],
+    'PointerPte' : [ 0xb0, ['pointer64', ['_MMPTE']]],
+    'BasePte' : [ 0xb8, ['pointer64', ['_MMPTE']]],
+    'Pfn' : [ 0xc0, ['pointer64', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xd0, ['_MDL']],
+    'Page' : [ 0x100, ['array', 16, ['unsigned long long']]],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BoostedPriority' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_COLORED_PAGE_INFO' : [ 0x18, {
+    'BeingZeroed' : [ 0x0, ['long']],
+    'Processor' : [ 0x4, ['unsigned long']],
+    'PagesQueued' : [ 0x8, ['unsigned long long']],
+    'PfnAllocation' : [ 0x10, ['pointer64', ['_MMPFN']]],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_IO_CACHE_INFO' : [ 0x1, {
+    'CacheAttribute' : [ 0x0, ['unsigned char']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x8, ['pointer64', ['unsigned short']]],
+} ],
+}

From 6631c0c93848e7e90dc0e76035fc38066c7c9946 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Thu, 22 Sep 2016 18:18:37 -0500
Subject: [PATCH 035/304] expand VolatilityKDBG for recent 64-bit Windows 10

generate and check a list of KDBG sizes rather than statically checking
at a single size per profile. this allows kdbgscan to find & decrypt
the KDBG even if a user manually specifies an incorrect profile when
running the plugin
---
 .../plugins/overlays/windows/win8_kdbg.py     | 57 +++++++++++++++----
 1 file changed, 47 insertions(+), 10 deletions(-)

diff --git a/volatility/plugins/overlays/windows/win8_kdbg.py b/volatility/plugins/overlays/windows/win8_kdbg.py
index 302d8d481..daa1e2b1a 100644
--- a/volatility/plugins/overlays/windows/win8_kdbg.py
+++ b/volatility/plugins/overlays/windows/win8_kdbg.py
@@ -18,13 +18,14 @@
 # along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
 #
 
-import struct
+import struct, copy
 import volatility.obj as obj
 import volatility.addrspace as addrspace
 import volatility.constants as constants
 import volatility.utils as utils
 import volatility.plugins.overlays.windows.win8 as win8
 import volatility.plugins.patchguard as patchguard
+import volatility.registry as registry
 
 try:
     import distorm3
@@ -64,8 +65,9 @@ def decode_kdbg(self, vals):
         the Windows kernel file."""
 
         block_encoded, kdbg_block, wait_never, wait_always = vals
-        header = obj.VolMagic(self.obj_vm).KDBGHeader.v()
-        kdbg_size = struct.unpack("<H", header[-2:])[0]
+        # just take the maximum. if we decode a tiny bit of 
+        # extra data in some cases, its totally fine.
+        kdbg_size = max(self.unique_sizes())
         buffer = ""
 
         entries = obj.Object("Array", 
@@ -82,16 +84,35 @@ def decode_kdbg(self, vals):
 
         return buffer
 
+    def unique_sizes(self):
+    
+        items = registry.get_plugin_classes(obj.Profile).items()
+        sizes = set()
+        
+        for name, cls in items:
+            if (cls._md_os != "windows" or cls._md_memory_model != "64bit"):
+                continue
+                
+            if (cls._md_major, cls._md_minor) < (6, 2):
+                continue 
+                
+            conf = copy.deepcopy(self.obj_vm.get_config())
+            conf.PROFILE = name 
+            buff = addrspace.BufferAddressSpace(config = conf)
+            header = obj.VolMagic(buff).KDBGHeader.v()
+            
+            # this unpacks the kdbgsize from the signature 
+            size = struct.unpack("<H", header[-2:])[0]
+            sizes.add(size)
+            
+        return sizes
+
     def copy_data_block(self, full_addr):
         """This function emulates nt!KdCopyDataBlock on a live 
         machine by finding the encoded KDBG structure and using
         the required entropy values to decode it."""
 
-        # this unpacks the kdbgsize from the signature 
-        header = obj.VolMagic(self.obj_vm).KDBGHeader.v()
-        kdbg_size = struct.unpack("<H", header[-2:])[0]
-
-        size_str = struct.pack("I", kdbg_size)
+        sizes = self.unique_sizes()
         alignment = 8 
         addr_space = self.obj_vm
         bits = distorm3.Decode64Bits
@@ -105,13 +126,29 @@ def copy_data_block(self, full_addr):
         if code == None:
             return obj.NoneObject("Crossed a code boundary")
 
-        if code.find(struct.pack("I", kdbg_size / alignment)) == -1:
+        found_size = False 
+        
+        for size in sizes:
+            val = struct.pack("I", size / alignment)
+            if code.find(val) != -1:
+                found_size = True
+                break
+        
+        if not found_size:
             return obj.NoneObject("Cannot find KDBG size signature")
 
         version = (addr_space.profile.metadata.get('major', 0), addr_space.profile.metadata.get('minor', 0))
         if version < (6, 4):
             # we don't perform this check for Windows 10.x
-            if code.find(size_str) == -1:
+            found_str = False 
+            
+            for size in sizes:
+                val = struct.pack("I", size)
+                if code.find(val) != -1:
+                    found_str = True
+                    break
+                
+            if not found_str:
                 return obj.NoneObject("Cannot find KDBG size signature")  
 
         ops = list(distorm3.Decompose(full_addr, code, bits))

From f1e8107ef8db60750a8b0c853ed9d3c5c0139f8e Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 28 Sep 2016 11:54:46 -0500
Subject: [PATCH 036/304] refs #319 fixing vad plugins on 32-bit win8 and win10
 - only 64-bit versions have *VpnHigh members

---
 .../plugins/overlays/windows/vad_vtypes.py    | 42 ++++++++++++++++---
 1 file changed, 37 insertions(+), 5 deletions(-)

diff --git a/volatility/plugins/overlays/windows/vad_vtypes.py b/volatility/plugins/overlays/windows/vad_vtypes.py
index 56484c640..626c3f946 100644
--- a/volatility/plugins/overlays/windows/vad_vtypes.py
+++ b/volatility/plugins/overlays/windows/vad_vtypes.py
@@ -347,6 +347,16 @@ def LeftChild(self):
     def RightChild(self):
         return self.VadNode.RightChild
 
+class _MMVAD_SHORT_WIN8_64(_MMVAD_SHORT_WIN8):
+    
+    @property
+    def Start(self):
+        return (self.StartingVpn << 12) | (self.StartingVpnHigh << 44)
+
+    @property
+    def End(self):
+        return (((self.EndingVpn + 1) << 12) | (self.EndingVpnHigh << 44)) - 1
+
 class _MMVAD_WIN8(_MM_AVL_NODE):
 
     @property
@@ -397,9 +407,15 @@ class Win8Vad(obj.ProfileModification):
                   "minor": lambda x: x == 2}
 
     def modification(self, profile):
+    
+        if profile.metadata.get("memory_model") == "32bit":
+            short_vad = _MMVAD_SHORT_WIN8
+        else:
+            short_vad = _MMVAD_SHORT_WIN8_64
+    
         profile.object_classes.update({
             '_MMVAD': _MMVAD_WIN8,
-            '_MMVAD_SHORT': _MMVAD_SHORT_WIN8,
+            '_MMVAD_SHORT': short_vad,
             '_MM_AVL_TABLE': _MM_AVL_TABLE_WIN8,
             '_MM_AVL_NODE': _MM_AVL_NODE,
             })
@@ -442,12 +458,12 @@ def Parent(self):
 
     @property
     def Start(self):
-        return (self.StartingVpn << 12) | (self.StartingVpnHigh << 44)
+        return self.StartingVpn << 12
 
     @property
     def End(self):
-        return (((self.EndingVpn + 1) << 12) | (self.EndingVpnHigh << 44)) - 1
-
+        return ((self.EndingVpn + 1) << 12) - 1
+        
     @property
     def VadFlags(self):
         return self.u.VadFlags
@@ -468,6 +484,16 @@ def LeftChild(self):
     def RightChild(self):
         return self.VadNode.Right
 
+class _MMVAD_SHORT_WIN81_64(_MMVAD_SHORT_WIN81):
+
+    @property
+    def Start(self):
+        return (self.StartingVpn << 12) | (self.StartingVpnHigh << 44)
+
+    @property
+    def End(self):
+        return (((self.EndingVpn + 1) << 12) | (self.EndingVpnHigh << 44)) - 1
+
 class _MMVAD_WIN81(_MMVAD_SHORT_WIN81):
 
     @property
@@ -518,9 +544,15 @@ class Win81Vad(obj.ProfileModification):
                   "minor": lambda x: x >= 3}
 
     def modification(self, profile):
+    
+        if profile.metadata.get("memory_model") == "32bit":
+            short_vad = _MMVAD_SHORT_WIN81
+        else:
+            short_vad = _MMVAD_SHORT_WIN81_64
+    
         profile.object_classes.update({
             '_MMVAD': _MMVAD_WIN81,
-            '_MMVAD_SHORT': _MMVAD_SHORT_WIN81,
+            '_MMVAD_SHORT': short_vad,
             '_RTL_AVL_TREE': _RTL_AVL_TREE,
             '_RTL_BALANCED_NODE': _RTL_BALANCED_NODE,
             })

From 04771d3b92a6505c95ef23a07dee8c6acb529de1 Mon Sep 17 00:00:00 2001
From: iMHLv2 <michael.ligh@mnin.org>
Date: Wed, 28 Sep 2016 12:10:56 -0500
Subject: [PATCH 037/304] Update README.txt with new profiles

---
 README.txt | 83 +++++++++++++++++++++++++++++-------------------------
 1 file changed, 44 insertions(+), 39 deletions(-)

diff --git a/README.txt b/README.txt
index 80ea6add7..0ca8af519 100644
--- a/README.txt
+++ b/README.txt
@@ -160,45 +160,50 @@ WindowsHiberFileSpace32       - This is a hibernate address space for windows hi
 
 Profiles
 --------
-VistaSP0x64       - A Profile for Windows Vista SP0 x64
-VistaSP0x86       - A Profile for Windows Vista SP0 x86
-VistaSP1x64       - A Profile for Windows Vista SP1 x64
-VistaSP1x86       - A Profile for Windows Vista SP1 x86
-VistaSP2x64       - A Profile for Windows Vista SP2 x64
-VistaSP2x86       - A Profile for Windows Vista SP2 x86
-Win10x64          - A Profile for Windows 10 x64
-Win10x64_1AC738FB - A Profile for Windows 10 x64 from PDB 1AC738FB
-Win10x64_DD08DD42 - A Profile for Windows 10 x64 from PDB DD08DD42
-Win10x86          - A Profile for Windows 10 x86
-Win10x86_44B89EEA - A Profile for Windows 10 x86 from PDB 44B89EEA
-Win10x86_9619274A - A Profile for Windows 10 x86 from PDB 9619274A
-Win2003SP0x86     - A Profile for Windows 2003 SP0 x86
-Win2003SP1x64     - A Profile for Windows 2003 SP1 x64
-Win2003SP1x86     - A Profile for Windows 2003 SP1 x86
-Win2003SP2x64     - A Profile for Windows 2003 SP2 x64
-Win2003SP2x86     - A Profile for Windows 2003 SP2 x86
-Win2008R2SP0x64   - A Profile for Windows 2008 R2 SP0 x64
-Win2008R2SP1x64   - A Profile for Windows 2008 R2 SP1 x64
-Win2008SP1x64     - A Profile for Windows 2008 SP1 x64
-Win2008SP1x86     - A Profile for Windows 2008 SP1 x86
-Win2008SP2x64     - A Profile for Windows 2008 SP2 x64
-Win2008SP2x86     - A Profile for Windows 2008 SP2 x86
-Win2012R2x64      - A Profile for Windows Server 2012 R2 x64
-Win2012x64        - A Profile for Windows Server 2012 x64
-Win7SP0x64        - A Profile for Windows 7 SP0 x64
-Win7SP0x86        - A Profile for Windows 7 SP0 x86
-Win7SP1x64        - A Profile for Windows 7 SP1 x64
-Win7SP1x86        - A Profile for Windows 7 SP1 x86
-Win81U1x64        - A Profile for Windows 8.1 Update 1 x64
-Win81U1x86        - A Profile for Windows 8.1 Update 1 x86
-Win8SP0x64        - A Profile for Windows 8 x64
-Win8SP0x86        - A Profile for Windows 8 x86
-Win8SP1x64        - A Profile for Windows 8.1 x64
-Win8SP1x86        - A Profile for Windows 8.1 x86
-WinXPSP1x64       - A Profile for Windows XP SP1 x64
-WinXPSP2x64       - A Profile for Windows XP SP2 x64
-WinXPSP2x86       - A Profile for Windows XP SP2 x86
-WinXPSP3x86       - A Profile for Windows XP SP3 x86
+VistaSP0x64              - A Profile for Windows Vista SP0 x64
+VistaSP0x86              - A Profile for Windows Vista SP0 x86
+VistaSP1x64              - A Profile for Windows Vista SP1 x64
+VistaSP1x86              - A Profile for Windows Vista SP1 x86
+VistaSP2x64              - A Profile for Windows Vista SP2 x64
+VistaSP2x86              - A Profile for Windows Vista SP2 x86
+Win10x64                 - A Profile for Windows 10 x64
+Win10x64_1AC738FB        - A Profile for Windows 10 x64 from PDB 1AC738FB
+Win10x64_DD08DD42        - A Profile for Windows 10 x64 from PDB DD08DD42
+Win10x86                 - A Profile for Windows 10 x86
+Win10x86_44B89EEA        - A Profile for Windows 10 x86 from PDB 44B89EEA
+Win10x86_9619274A        - A Profile for Windows 10 x86 from PDB 9619274A
+Win2003SP0x86            - A Profile for Windows 2003 SP0 x86
+Win2003SP1x64            - A Profile for Windows 2003 SP1 x64
+Win2003SP1x86            - A Profile for Windows 2003 SP1 x86
+Win2003SP2x64            - A Profile for Windows 2003 SP2 x64
+Win2003SP2x86            - A Profile for Windows 2003 SP2 x86
+Win2008R2SP0x64          - A Profile for Windows 2008 R2 SP0 x64
+Win2008R2SP1x64          - A Profile for Windows 2008 R2 SP1 x64
+Win2008R2SP1x64_632B36E0 - A Profile for Windows 2008 R2 SP1 x64 from PDB 632B36E0
+Win2008SP1x64            - A Profile for Windows 2008 SP1 x64
+Win2008SP1x86            - A Profile for Windows 2008 SP1 x86
+Win2008SP2x64            - A Profile for Windows 2008 SP2 x64
+Win2008SP2x86            - A Profile for Windows 2008 SP2 x86
+Win2012R2x64             - A Profile for Windows Server 2012 R2 x64
+Win2012R2x64_54B5A1C6    - A Profile for Windows Server 2012 R2 x64 from PDB 54B5A1C6
+Win2012x64               - A Profile for Windows Server 2012 x64
+Win7SP0x64               - A Profile for Windows 7 SP0 x64
+Win7SP0x86               - A Profile for Windows 7 SP0 x86
+Win7SP1x64               - A Profile for Windows 7 SP1 x64
+Win7SP1x64_632B36E0      - A Profile for Windows 7 SP1 x64 from PDB 632B36E0
+Win7SP1x86               - A Profile for Windows 7 SP1 x86
+Win7SP1x86_BBA98F40      - A Profile for Windows 7 SP1 x86 from PDB BBA98F40
+Win81U1x64               - A Profile for Windows 8.1 Update 1 x64
+Win81U1x86               - A Profile for Windows 8.1 Update 1 x86
+Win8SP0x64               - A Profile for Windows 8 x64
+Win8SP0x86               - A Profile for Windows 8 x86
+Win8SP1x64               - A Profile for Windows 8.1 x64
+Win8SP1x64_54B5A1C6      - A Profile for Windows 8.1 x64 from PDB 54B5A1C6
+Win8SP1x86               - A Profile for Windows 8.1 x86
+WinXPSP1x64              - A Profile for Windows XP SP1 x64
+WinXPSP2x64              - A Profile for Windows XP SP2 x64
+WinXPSP2x86              - A Profile for Windows XP SP2 x86
+WinXPSP3x86              - A Profile for Windows XP SP3 x86
 
 Plugins
 -------

From 534374da57679dc353c974de45d27a42b81931ec Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Fri, 7 Oct 2016 09:36:31 -0500
Subject: [PATCH 038/304] Linux - fix two bugs

---
 volatility/plugins/linux/psxview.py        | 2 +-
 volatility/plugins/overlays/linux/linux.py | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/linux/psxview.py b/volatility/plugins/linux/psxview.py
index 5504ec638..82400aaf5 100644
--- a/volatility/plugins/linux/psxview.py
+++ b/volatility/plugins/linux/psxview.py
@@ -89,7 +89,7 @@ def calculate(self):
 
             for offset in tasks:
 
-                if offset not in seen_offsets:
+                if offset and offset not in seen_offsets:
                     seen_offsets.append(offset)
                     yield offset, obj.Object("task_struct", offset = offset, vm = phys_addr_space), ps_sources
 
diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 009390210..80f02eb74 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2049,8 +2049,11 @@ def get_time_vars(self):
  
             tv64 = (oreal.tv64 & 0xffffffff) - (oboot.tv64 & 0xffffffff)
 
-            tv64 = (tv64 / 100000000) * -1
-            timeo = linux_common.vol_timespec(tv64, 0) 
+            if tv64:
+                tv64 = (tv64 / 100000000) * -1
+                timeo = linux_common.vol_timespec(tv64, 0) 
+            else:
+                timeo = None
 
         return (wall, timeo)
 

From 5afe6537e7576d895914a89a9bcc03589cdc55b0 Mon Sep 17 00:00:00 2001
From: Raphael Catolino <raphael.catolino@gmail.com>
Date: Sat, 8 Oct 2016 14:18:27 +0200
Subject: [PATCH 039/304] Check for DW_AT_declaration flag in DW_TAG_union_type

---
 volatility/dwarf.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/volatility/dwarf.py b/volatility/dwarf.py
index 237622ba5..211cdb42b 100644
--- a/volatility/dwarf.py
+++ b/volatility/dwarf.py
@@ -201,7 +201,8 @@ def process_statement(self, kind, level, data, statement_id):
             name = data.get('DW_AT_name', "__unnamed_%s" % statement_id).strip('"')
             self.name_stack[-1][1] = name
             self.id_to_name[statement_id] = [name]
-            self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
+            if 'DW_AT_declaration' not in data:
+                self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
 
         elif kind == 'DW_TAG_array_type':
             self.name_stack[-1][1] = statement_id

From 7d96c4ded7474de99b01c1a9b480b7ef53f7779a Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 11 Oct 2016 14:27:27 -0500
Subject: [PATCH 040/304] start using StartingVpnHigh and EndingVpnHigh for
 VADs on windows 8.1 (not windows 8)

---
 .../plugins/overlays/windows/vad_vtypes.py      | 17 +----------------
 1 file changed, 1 insertion(+), 16 deletions(-)

diff --git a/volatility/plugins/overlays/windows/vad_vtypes.py b/volatility/plugins/overlays/windows/vad_vtypes.py
index 626c3f946..08752493f 100644
--- a/volatility/plugins/overlays/windows/vad_vtypes.py
+++ b/volatility/plugins/overlays/windows/vad_vtypes.py
@@ -347,16 +347,6 @@ def LeftChild(self):
     def RightChild(self):
         return self.VadNode.RightChild
 
-class _MMVAD_SHORT_WIN8_64(_MMVAD_SHORT_WIN8):
-    
-    @property
-    def Start(self):
-        return (self.StartingVpn << 12) | (self.StartingVpnHigh << 44)
-
-    @property
-    def End(self):
-        return (((self.EndingVpn + 1) << 12) | (self.EndingVpnHigh << 44)) - 1
-
 class _MMVAD_WIN8(_MM_AVL_NODE):
 
     @property
@@ -408,14 +398,9 @@ class Win8Vad(obj.ProfileModification):
 
     def modification(self, profile):
     
-        if profile.metadata.get("memory_model") == "32bit":
-            short_vad = _MMVAD_SHORT_WIN8
-        else:
-            short_vad = _MMVAD_SHORT_WIN8_64
-    
         profile.object_classes.update({
             '_MMVAD': _MMVAD_WIN8,
-            '_MMVAD_SHORT': short_vad,
+            '_MMVAD_SHORT': _MMVAD_SHORT_WIN8,
             '_MM_AVL_TABLE': _MM_AVL_TABLE_WIN8,
             '_MM_AVL_NODE': _MM_AVL_NODE,
             })

From 692b65da959c1b8351842b0727aa830c4f6cf197 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 11 Oct 2016 14:32:46 -0500
Subject: [PATCH 041/304] add an md_product metadata field to windows profiles
 to help distinguish between server and client versions of the OS (when all
 else is the same, such as kernel version and build number, etc)

---
 volatility/plugins/overlays/windows/vista.py   | 10 ++++++++++
 volatility/plugins/overlays/windows/win10.py   |  6 ++++++
 volatility/plugins/overlays/windows/win2003.py |  7 +++++++
 volatility/plugins/overlays/windows/win7.py    |  9 +++++++++
 volatility/plugins/overlays/windows/win8.py    | 10 ++++++++++
 volatility/plugins/overlays/windows/xp.py      |  2 ++
 6 files changed, 44 insertions(+)

diff --git a/volatility/plugins/overlays/windows/vista.py b/volatility/plugins/overlays/windows/vista.py
index cf7847e15..49ea2196c 100644
--- a/volatility/plugins/overlays/windows/vista.py
+++ b/volatility/plugins/overlays/windows/vista.py
@@ -236,6 +236,7 @@ class VistaSP0x86(obj.Profile):
     _md_memory_model = '32bit'
     _md_os = 'windows'
     _md_vtype_module = 'volatility.plugins.overlays.windows.vista_sp0_x86_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class VistaSP0x64(obj.Profile):
     """ A Profile for Windows Vista SP0 x64 """
@@ -245,6 +246,7 @@ class VistaSP0x64(obj.Profile):
     _md_memory_model = '64bit'
     _md_os = 'windows'
     _md_vtype_module = 'volatility.plugins.overlays.windows.vista_sp0_x64_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class VistaSP1x86(obj.Profile):
     """ A Profile for Windows Vista SP1 x86 """
@@ -254,6 +256,7 @@ class VistaSP1x86(obj.Profile):
     _md_memory_model = '32bit'
     _md_os = 'windows'
     _md_vtype_module = 'volatility.plugins.overlays.windows.vista_sp1_x86_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class VistaSP1x64(obj.Profile):
     """ A Profile for Windows Vista SP1 x64 """
@@ -263,6 +266,7 @@ class VistaSP1x64(obj.Profile):
     _md_memory_model = '64bit'
     _md_os = 'windows'
     _md_vtype_module = 'volatility.plugins.overlays.windows.vista_sp1_x64_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class VistaSP2x86(obj.Profile):
     """ A Profile for Windows Vista SP2 x86 """
@@ -272,6 +276,7 @@ class VistaSP2x86(obj.Profile):
     _md_memory_model = '32bit'
     _md_os = 'windows'
     _md_vtype_module = 'volatility.plugins.overlays.windows.vista_sp2_x86_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class VistaSP2x64(obj.Profile):
     """ A Profile for Windows Vista SP2 x64 """
@@ -281,15 +286,20 @@ class VistaSP2x64(obj.Profile):
     _md_memory_model = '64bit'
     _md_os = 'windows'
     _md_vtype_module = 'volatility.plugins.overlays.windows.vista_sp2_x64_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win2008SP1x64(VistaSP1x64):
     """ A Profile for Windows 2008 SP1 x64 """
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win2008SP2x64(VistaSP2x64):
     """ A Profile for Windows 2008 SP2 x64 """
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win2008SP1x86(VistaSP1x86):
     """ A Profile for Windows 2008 SP1 x86 """
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win2008SP2x86(VistaSP2x86):
     """ A Profile for Windows 2008 SP2 x86 """
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 168e83537..c4191c8a5 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -527,6 +527,7 @@ class Win10x64(obj.Profile):
     _md_minor = 4
     _md_build = 9841
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win10x64_1AC738FB(obj.Profile):
     """ A Profile for Windows 10 x64 from PDB 1AC738FB"""
@@ -536,6 +537,7 @@ class Win10x64_1AC738FB(obj.Profile):
     _md_minor = 4
     _md_build = 10240
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_1AC738FB_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win10x64_DD08DD42(obj.Profile):
     """ A Profile for Windows 10 x64 from PDB DD08DD42"""
@@ -545,6 +547,7 @@ class Win10x64_DD08DD42(obj.Profile):
     _md_minor = 4
     _md_build = 14393
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_DD08DD42_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win10x86(obj.Profile):
     """ A Profile for Windows 10 x86 """
@@ -554,6 +557,7 @@ class Win10x86(obj.Profile):
     _md_minor = 4
     _md_build = 9841
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win10x86_44B89EEA(obj.Profile):
     """ A Profile for Windows 10 x86 from PDB 44B89EEA"""
@@ -563,6 +567,7 @@ class Win10x86_44B89EEA(obj.Profile):
     _md_minor = 4
     _md_build = 10240
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_44B89EEA_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win10x86_9619274A(obj.Profile):
     """ A Profile for Windows 10 x86 from PDB 9619274A"""
@@ -572,3 +577,4 @@ class Win10x86_9619274A(obj.Profile):
     _md_minor = 4
     _md_build = 14393
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_9619274A_vtypes'
+    _md_product = ["NtProductWinNt"]
diff --git a/volatility/plugins/overlays/windows/win2003.py b/volatility/plugins/overlays/windows/win2003.py
index 8cac99767..c44774c3f 100644
--- a/volatility/plugins/overlays/windows/win2003.py
+++ b/volatility/plugins/overlays/windows/win2003.py
@@ -133,6 +133,7 @@ class Win2003SP0x86(obj.Profile):
     _md_build = 3789
     _md_memory_model = '32bit'
     _md_vtype_module = 'volatility.plugins.overlays.windows.win2003_sp0_x86_vtypes'
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win2003SP1x86(obj.Profile):
     """ A Profile for Windows 2003 SP1 x86 """
@@ -142,6 +143,7 @@ class Win2003SP1x86(obj.Profile):
     _md_build = 3790
     _md_memory_model = '32bit'
     _md_vtype_module = 'volatility.plugins.overlays.windows.win2003_sp1_x86_vtypes'
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win2003SP2x86(obj.Profile):
     """ A Profile for Windows 2003 SP2 x86 """
@@ -152,6 +154,7 @@ class Win2003SP2x86(obj.Profile):
     _md_build = 3791 
     _md_memory_model = '32bit'
     _md_vtype_module = 'volatility.plugins.overlays.windows.win2003_sp2_x86_vtypes'
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win2003SP1x64(obj.Profile):
     """ A Profile for Windows 2003 SP1 x64 """
@@ -161,6 +164,7 @@ class Win2003SP1x64(obj.Profile):
     _md_minor = 2
     _md_build = 3790
     _md_vtype_module = 'volatility.plugins.overlays.windows.win2003_sp1_x64_vtypes'
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win2003SP2x64(obj.Profile):
     """ A Profile for Windows 2003 SP2 x64 """
@@ -171,10 +175,13 @@ class Win2003SP2x64(obj.Profile):
     # This is a fake build number. See the comment in Win2003SP0x86
     _md_build = 3791
     _md_vtype_module = 'volatility.plugins.overlays.windows.win2003_sp2_x64_vtypes'
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class WinXPSP1x64(Win2003SP1x64):
     """ A Profile for Windows XP SP1 x64 """
+    _md_product = ["NtProductWinNt"]
 
 class WinXPSP2x64(Win2003SP2x64):
     """ A Profile for Windows XP SP2 x64 """
+    _md_product = ["NtProductWinNt"]
 
diff --git a/volatility/plugins/overlays/windows/win7.py b/volatility/plugins/overlays/windows/win7.py
index f6828f1e9..b4502195b 100644
--- a/volatility/plugins/overlays/windows/win7.py
+++ b/volatility/plugins/overlays/windows/win7.py
@@ -197,6 +197,7 @@ class Win7SP0x86(obj.Profile):
     _md_minor = 1
     _md_build = 7600
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp0_x86_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win7SP1x86(obj.Profile):
     """ A Profile for Windows 7 SP1 x86 """
@@ -206,6 +207,7 @@ class Win7SP1x86(obj.Profile):
     _md_minor = 1
     _md_build = 7601
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x86_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win7SP1x86_BBA98F40(obj.Profile):
     """ A Profile for Windows 7 SP1 x86 from PDB BBA98F40"""
@@ -215,6 +217,7 @@ class Win7SP1x86_BBA98F40(obj.Profile):
     _md_minor = 1
     _md_build = 7601
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x86_BBA98F40_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win7SP0x64(obj.Profile):
     """ A Profile for Windows 7 SP0 x64 """
@@ -224,6 +227,7 @@ class Win7SP0x64(obj.Profile):
     _md_minor = 1
     _md_build = 7600
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp0_x64_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win7SP1x64(obj.Profile):
     """ A Profile for Windows 7 SP1 x64 """
@@ -233,6 +237,7 @@ class Win7SP1x64(obj.Profile):
     _md_minor = 1
     _md_build = 7601
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x64_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win7SP1x64_632B36E0(obj.Profile):
     """ A Profile for Windows 7 SP1 x64 from PDB 632B36E0"""
@@ -242,12 +247,16 @@ class Win7SP1x64_632B36E0(obj.Profile):
     _md_minor = 1
     _md_build = 7601
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x64_632B36E0_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win2008R2SP0x64(Win7SP0x64):
     """ A Profile for Windows 2008 R2 SP0 x64 """
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win2008R2SP1x64(Win7SP1x64):
     """ A Profile for Windows 2008 R2 SP1 x64 """
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win2008R2SP1x64_632B36E0(Win7SP1x64_632B36E0):
     """ A Profile for Windows 2008 R2 SP1 x64 from PDB 632B36E0"""
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
diff --git a/volatility/plugins/overlays/windows/win8.py b/volatility/plugins/overlays/windows/win8.py
index a2171a544..648dde62c 100644
--- a/volatility/plugins/overlays/windows/win8.py
+++ b/volatility/plugins/overlays/windows/win8.py
@@ -412,6 +412,7 @@ class Win8SP0x64(obj.Profile):
     _md_minor = 2
     _md_build = 9200
     _md_vtype_module = 'volatility.plugins.overlays.windows.win8_sp0_x64_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win8SP1x64(obj.Profile):
     """ A Profile for Windows 8.1 x64 """
@@ -421,6 +422,7 @@ class Win8SP1x64(obj.Profile):
     _md_minor = 3
     _md_build = 9600
     _md_vtype_module = 'volatility.plugins.overlays.windows.win8_sp1_x64_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win8SP1x64_54B5A1C6(obj.Profile):
     """ A Profile for Windows 8.1 x64 from PDB 54B5A1C6"""
@@ -430,18 +432,22 @@ class Win8SP1x64_54B5A1C6(obj.Profile):
     _md_minor = 3
     _md_build = 9600
     _md_vtype_module = 'volatility.plugins.overlays.windows.win8_sp1_x64_54B5A1C6_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win2012x64(Win8SP0x64):
     """ A Profile for Windows Server 2012 x64 """
     _md_build = 9201 ##FIXME: fake build number to indicate server 2012 vs windows 8
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win2012R2x64(Win8SP1x64):
     """ A Profile for Windows Server 2012 R2 x64 """
     _md_build = 9601 ##FIXME: fake build number to indicate server 2012 R2 vs windows 8.1
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win2012R2x64_54B5A1C6(Win8SP1x64_54B5A1C6):
     """ A Profile for Windows Server 2012 R2 x64 from PDB 54B5A1C6"""
     _md_build = 9601 ##FIXME: fake build number to indicate server 2012 R2 vs windows 8.1
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
 
 class Win8SP0x86(obj.Profile):
     """ A Profile for Windows 8 x86 """
@@ -451,6 +457,7 @@ class Win8SP0x86(obj.Profile):
     _md_minor = 2
     _md_build = 9200
     _md_vtype_module = 'volatility.plugins.overlays.windows.win8_sp0_x86_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win8SP1x86(obj.Profile):
     """ A Profile for Windows 8.1 x86 """
@@ -460,6 +467,7 @@ class Win8SP1x86(obj.Profile):
     _md_minor = 3
     _md_build = 9600
     _md_vtype_module = 'volatility.plugins.overlays.windows.win8_sp1_x86_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win81U1x64(obj.Profile):
     """ A Profile for Windows 8.1 Update 1 x64 """
@@ -469,6 +477,7 @@ class Win81U1x64(obj.Profile):
     _md_minor = 3
     _md_build = 17031 
     _md_vtype_module = 'volatility.plugins.overlays.windows.win81_u1_x64_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class Win81U1x86(obj.Profile):
     """ A Profile for Windows 8.1 Update 1 x86 """
@@ -478,3 +487,4 @@ class Win81U1x86(obj.Profile):
     _md_minor = 3
     _md_build = 17031 
     _md_vtype_module = 'volatility.plugins.overlays.windows.win81_u1_x86_vtypes'
+    _md_product = ["NtProductWinNt"]
diff --git a/volatility/plugins/overlays/windows/xp.py b/volatility/plugins/overlays/windows/xp.py
index 557c96fb3..05389a23f 100644
--- a/volatility/plugins/overlays/windows/xp.py
+++ b/volatility/plugins/overlays/windows/xp.py
@@ -54,6 +54,7 @@ class WinXPSP2x86(obj.Profile):
     _md_os = 'windows'
     _md_memory_model = '32bit'
     _md_vtype_module = 'volatility.plugins.overlays.windows.xp_sp2_x86_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 class WinXPSP3x86(obj.Profile):
     """ A Profile for Windows XP SP3 x86 """
@@ -62,5 +63,6 @@ class WinXPSP3x86(obj.Profile):
     _md_os = 'windows'
     _md_memory_model = '32bit'
     _md_vtype_module = 'volatility.plugins.overlays.windows.xp_sp3_x86_vtypes'
+    _md_product = ["NtProductWinNt"]
 
 

From 6f71a2764c21e405f9f76351ab053dc91f9d4ff3 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 11 Oct 2016 14:51:16 -0500
Subject: [PATCH 042/304] the iehistory plugin needs a Url property

---
 volatility/plugins/iehistory.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/volatility/plugins/iehistory.py b/volatility/plugins/iehistory.py
index a4042a588..c7f106383 100644
--- a/volatility/plugins/iehistory.py
+++ b/volatility/plugins/iehistory.py
@@ -87,6 +87,10 @@ def url_and_title(self):
                         title = title + t
 
         return url, title
+        
+    @property
+    def Url(self):
+        return self.url_and_title()[0]
 
 class IEHistoryVTypes(obj.ProfileModification):
     """Apply structures for IE history parsing"""

From 8d10c1d81e4fbc4cdddcd6fcbb0e0ffcb52a61fb Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 12 Oct 2016 08:13:56 -0500
Subject: [PATCH 043/304] refs #333 add a 1gb default maximum memory range size
 to vaddump and yarascan

---
 volatility/plugins/malware/malfind.py | 8 ++++++--
 volatility/plugins/vadinfo.py         | 7 ++++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/malware/malfind.py b/volatility/plugins/malware/malfind.py
index d68ccd042..94f634a98 100644
--- a/volatility/plugins/malware/malfind.py
+++ b/volatility/plugins/malware/malfind.py
@@ -130,7 +130,8 @@ def __init__(self, task = None, **kwargs):
         BaseYaraScanner.__init__(self, address_space = task.get_process_address_space(), **kwargs)
 
     def scan(self, offset = 0, maxlen = None):
-        for vad, self.address_space in self.task.get_vads(skip_max_commit = True):
+        filter = lambda x : x.Length < maxlen
+        for vad, self.address_space in self.task.get_vads(vad_filter = filter, skip_max_commit = True):
             for match in BaseYaraScanner.scan(self, vad.Start, vad.Length):
                 yield match
 
@@ -196,6 +197,9 @@ def __init__(self, config, *args, **kwargs):
         config.add_option('REVERSE', short_option = 'R', default = 0,
                           help = 'Reverse this number of bytes',
                           action = 'store', type = 'int')
+        config.add_option('MAX-SIZE', short_option = 'M', default = 0x40000000, 
+                          action = 'store', type = 'long', 
+                          help = 'Set the maximum size (default is 1GB)') 
 
     def _compile_rules(self):
         """Compile the YARA rules from command-line parameters. 
@@ -232,7 +236,7 @@ def _compile_rules(self):
     def _scan_process_memory(self, addr_space, rules):
         for task in self.filter_tasks(tasks.pslist(addr_space)):
             scanner = VadYaraScanner(task = task, rules = rules)
-            for hit, address in scanner.scan():
+            for hit, address in scanner.scan(maxlen = self._config.MAX_SIZE):
                 yield (task, address, hit, scanner.address_space.zread(address - self._config.REVERSE, self._config.SIZE))
 
     def _scan_kernel_memory(self, addr_space, rules):
diff --git a/volatility/plugins/vadinfo.py b/volatility/plugins/vadinfo.py
index aac2c5730..13bd8b403 100644
--- a/volatility/plugins/vadinfo.py
+++ b/volatility/plugins/vadinfo.py
@@ -382,6 +382,9 @@ def __init__(self, config, *args, **kwargs):
         config.add_option('BASE', short_option = 'b', default = None,
                           help = 'Dump VAD with BASE address (in hex)',
                           action = 'store', type = 'int')
+        config.add_option('MAX-SIZE', short_option = 'M', default = 0x40000000, 
+                          action = 'store', type = 'long', 
+                          help = 'Set the maximum size (default is 1GB)') 
 
     def dump_vad(self, path, vad, address_space):
         """
@@ -451,7 +454,9 @@ def render_text(self, outfd, data):
             if offset == None:
                 offset = 0
 
-            for vad, _addrspace in task.get_vads(skip_max_commit = True):
+            filter = lambda x : x.Length < self._config.MAX_SIZE
+
+            for vad, _addrspace in task.get_vads(vad_filter = filter, skip_max_commit = True):
 
                 if self._config.BASE and vad.Start != self._config.BASE:
                     continue

From 66a46cbb77642042a79075776d8ce76582c64ee6 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 12 Oct 2016 10:02:28 -0500
Subject: [PATCH 044/304] update to the previous commit which only applies a
 VAD size filter for VadYaraScanner when a maxlen is specified

---
 volatility/plugins/malware/malfind.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/malware/malfind.py b/volatility/plugins/malware/malfind.py
index 94f634a98..5d5ff3994 100644
--- a/volatility/plugins/malware/malfind.py
+++ b/volatility/plugins/malware/malfind.py
@@ -130,8 +130,15 @@ def __init__(self, task = None, **kwargs):
         BaseYaraScanner.__init__(self, address_space = task.get_process_address_space(), **kwargs)
 
     def scan(self, offset = 0, maxlen = None):
-        filter = lambda x : x.Length < maxlen
-        for vad, self.address_space in self.task.get_vads(vad_filter = filter, skip_max_commit = True):
+    
+        if maxlen == None:
+            vads = self.task.get_vads(skip_max_commit = True)
+        else:
+            filter = lambda x : x.Length < maxlen
+            vads = self.task.get_vads(vad_filter = filter, 
+                skip_max_commit = True)
+        
+        for vad, self.address_space in vads:
             for match in BaseYaraScanner.scan(self, vad.Start, vad.Length):
                 yield match
 

From 107cd7360ff20b184ee769feecddd033b3fe4d7a Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Thu, 13 Oct 2016 08:21:00 -0500
Subject: [PATCH 045/304] handle more recent versions of virtual box ELF core
 dumps

---
 volatility/plugins/addrspaces/elfcoredump.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/addrspaces/elfcoredump.py b/volatility/plugins/addrspaces/elfcoredump.py
index 5bb22b09e..f6f43f6dd 100644
--- a/volatility/plugins/addrspaces/elfcoredump.py
+++ b/volatility/plugins/addrspaces/elfcoredump.py
@@ -126,7 +126,7 @@ def check_note(self, note):
     def validate(self):
         self.as_assert(self.header, 'ELF error: did not find any PT_NOTE segment with VBCORE')
         self.as_assert(self.header.u32Magic == DBGFCORE_MAGIC, 'Could not find VBox core magic signature')
-        self.as_assert(self.header.u32FmtVersion == DBGFCORE_FMT_VERSION, 'Unknown VBox core format version')
+        self.as_assert(self.header.u32FmtVersion & 0xFFFFFFF0 == DBGFCORE_FMT_VERSION, 'Unknown VBox core format version')
         self.as_assert(self.runs, 'ELF error: did not find any LOAD segment with main RAM')
 
 class QemuCoreDumpElf(VirtualBoxCoreDumpElf64):

From f6df486e4a5b90dfea1992b9f02b8853975785f1 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Thu, 13 Oct 2016 11:31:29 -0500
Subject: [PATCH 046/304] update the handle pointer decoding algorithm for
 windows 10 64-bit builds >= 14393 (fixes the handles plugin)

---
 volatility/plugins/overlays/windows/win10.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index c4191c8a5..d6954e811 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -460,6 +460,17 @@ class _OBJECT_HEADER_10_DD08DD42(_OBJECT_HEADER_10):
         58: 'VRegConfigurationContext',
         59: 'VirtualKey',
         }
+        
+class _HANDLE_TABLE_10_DD08DD42(win8._HANDLE_TABLE_81R264):
+    
+    def decode_pointer(self, value):
+        
+        value = value & 0xFFFFFFFFFFFFFFF8
+        value = value >> self.DECODE_MAGIC
+        if (value & (1 << 47)):
+            value = value | 0xFFFF000000000000
+    
+        return value
 
 class Win10ObjectHeader(obj.ProfileModification):
     before = ["Win8ObjectClasses"]
@@ -474,6 +485,12 @@ def modification(self, profile):
 
         if build >= 14393:
             header = _OBJECT_HEADER_10_DD08DD42
+            
+            ## update the handle table here as well
+            if metadata.get("memory_model") == "64bit":
+                profile.object_classes.update({
+                    "_HANDLE_TABLE": _HANDLE_TABLE_10_DD08DD42})
+            
         elif build >= 10240:
             header = _OBJECT_HEADER_10_1AC738FB
         else:

From 403fb10afd73266ce40d5a543ad9a41aabc552e8 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 14 Oct 2016 17:02:54 -0500
Subject: [PATCH 047/304] tweak the patch from
 6631c0c93848e7e90dc0e76035fc38066c7c9946 to include KDBG sizes for all 64-bit
 platforms and not just >= 6.2. we need to be able to find the patch guard
 entropy values for all 64-bit versions of windows for the timer DPC decoding

---
 volatility/plugins/overlays/windows/win8_kdbg.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/windows/win8_kdbg.py b/volatility/plugins/overlays/windows/win8_kdbg.py
index daa1e2b1a..c6006a6ec 100644
--- a/volatility/plugins/overlays/windows/win8_kdbg.py
+++ b/volatility/plugins/overlays/windows/win8_kdbg.py
@@ -93,8 +93,8 @@ def unique_sizes(self):
             if (cls._md_os != "windows" or cls._md_memory_model != "64bit"):
                 continue
                 
-            if (cls._md_major, cls._md_minor) < (6, 2):
-                continue 
+            #if (cls._md_major, cls._md_minor) < (6, 2):
+            #    continue 
                 
             conf = copy.deepcopy(self.obj_vm.get_config())
             conf.PROFILE = name 

From 527bf4d6f280dba5a9a18a017703c382656b403a Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 17 Oct 2016 10:20:43 -0500
Subject: [PATCH 048/304] Linux - add support for kaslr kernels

---
 volatility/plugins/linux/aslr_shift.py     | 43 +++++++++++
 volatility/plugins/overlays/linux/linux.py | 88 +++++++++++++++++-----
 2 files changed, 113 insertions(+), 18 deletions(-)
 create mode 100644 volatility/plugins/linux/aslr_shift.py

diff --git a/volatility/plugins/linux/aslr_shift.py b/volatility/plugins/linux/aslr_shift.py
new file mode 100644
index 000000000..6d1ece3bc
--- /dev/null
+++ b/volatility/plugins/linux/aslr_shift.py
@@ -0,0 +1,43 @@
+# Volatility
+#
+# This file is part of Volatility.
+#
+# Volatility is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Volatility is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+@author:       Andrew Case
+@license:      GNU General Public License 2.0
+@contact:      atcuno@gmail.com
+@organization: 
+"""
+
+import volatility.utils as utils
+import volatility.plugins.linux.common as common
+
+class linux_aslr_shift(common.AbstractLinuxCommand):
+    """Automatically detect the Linux ASLR shift"""
+
+    def calculate(self):
+        aspace = utils.load_as(self._config)
+        
+        yield aspace.profile.shift_address
+ 
+    def render_text(self, outfd, data):
+        self.table_header(outfd, [("Shift Address", "[addrpad]")])
+
+        for shift_address in data:
+            self.table_row(outfd, shift_address)
+
+
diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 80f02eb74..ae6c719ef 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -37,6 +37,7 @@
 import volatility.obj as obj
 import volatility.debug as debug
 import volatility.dwarf as dwarf
+import volatility.scan as scan
 import volatility.plugins.linux.common as linux_common
 import volatility.plugins.linux.flags as linux_flags
 import volatility.addrspace as addrspace
@@ -211,11 +212,13 @@ def __init__(self, *args, **kwargs):
             # change the name to catch any code referencing the old hash table
             self.sys_map = {}
             self.sym_addr_cache = {}
+            self.shift_address = 0
             obj.Profile.__init__(self, *args, **kwargs)
 
         def clear(self):
             """Clear out the system map, and everything else"""
             self.sys_map = {}
+            self.shift_address = 0
             obj.Profile.clear(self)
 
         def reset(self):
@@ -281,7 +284,11 @@ def get_all_symbols(self, module = "kernel"):
                 mod = symtable[module]
 
                 for (name, addrs) in mod.items():
-                    ret.append(addrs)
+                    addr = addrs[0][0]
+                    if self.shift_address and addr:
+                        addr = addr + self.shift_address
+
+                    ret.append((name, addr))
             else:
                 debug.info("All symbols requested for non-existent module %s" % module)
 
@@ -292,14 +299,12 @@ def get_all_addresses(self, module = "kernel"):
 
             # returns a hash table for quick looks
             # the main use of this function is to see if an address is known
-            ret = {}
-
             symbols = self.get_all_symbols(module)
+            
+            ret = {}
 
-            for sym in symbols:
-
-                for (addr, addrtype) in sym:
-                    ret[addr] = 1
+            for _name, addr in symbols:
+                ret[addr] = 1
 
             return ret
 
@@ -312,7 +317,7 @@ def _get_symbol_by_address(self, module, sym_address):
             for (name, addrs) in mod.items():
 
                 for (addr, addr_type) in addrs:
-                    if sym_address == addr:
+                    if sym_address == addr + self.shift_address:
                         ret = name
                         break
 
@@ -413,6 +418,9 @@ def get_symbol(self, sym_name, nm_type = "", module = "kernel"):
             else:
                 debug.info("Requested module {0:s} not found in symbol table\n".format(module))
 
+            if ret:
+                ret = ret + self.shift_address
+
             return ret
 
         def get_symbol_type(self, sym_name, nm_type = "", module = "kernel"):
@@ -940,7 +948,6 @@ def get_param_val(self, param, _over = 0):
                     val = 'Y'
 
         else:
-            print "Unknown get_fn: {0:#x}".format(getfn)
             return None
 
         return val
@@ -1808,7 +1815,6 @@ def get_libdl_maps(self):
             ehdr = obj.Object("elf_hdr", offset = vma.vm_start, vm = proc_as)
 
             if not ehdr or not ehdr.is_valid():
-                #print "could not get header for  %d | %s" % (self.pid, self.comm)
                 continue
 
             for phdr in ehdr.program_headers():
@@ -2260,6 +2266,19 @@ def d_count(self):
             ret = self.m("d_count")
         return ret
 
+class swapperScan(scan.BaseScanner):
+    """ Scanner for swapper string for Mountain Lion """
+    checks = []
+
+    def __init__(self, needles = None):
+        self.needles = needles
+        self.checks = [ ("MultiStringFinderCheck", {'needles':needles}) ]
+        scan.BaseScanner.__init__(self) 
+
+    def scan(self, address_space, offset = 0, maxlen = None):
+        for offset in scan.BaseScanner.scan(self, address_space, offset, maxlen):
+            yield offset
+
 class VolatilityDTB(obj.VolatilityMagic):
     """A scanner for DTB values."""
 
@@ -2273,18 +2292,28 @@ def generate_suggestions(self):
         else:
             sym   = "init_level4_pgt"
             shifts = [0xffffffff80000000, 0xffffffff80000000 - 0x1000000, 0xffffffff7fe00000]       
+        
+        config         = self.obj_vm.get_config()
+        tbl = self.obj_vm.profile.sys_map["kernel"]
+        
+        if config.SHIFT:
+            shift_address = config.SHIFT
+        else:
+            shift_address = self.obj_vm.profile.shift_address
 
         good_dtb = -1
- 
+            
+        init_task_addr = tbl["init_task"][0][0] + shift_address
+        dtb_sym_addr   = tbl[sym][0][0] + shift_address
+        
+        comm_offset    = profile.get_obj_offset("task_struct", "comm")
+        pid_offset     = self.obj_vm.profile.get_obj_offset("task_struct", "pid")
+        pas            = self.obj_vm
+        
         for shift in shifts:
-            sym_addr = profile.get_symbol(sym) - shift
-
-            pas = self.obj_vm
-
-            init_task_addr = profile.get_symbol("init_task") 
-            offset         = profile.get_obj_offset("task_struct", "comm")
+            sym_addr = dtb_sym_addr - shift
        
-            read_addr = init_task_addr - shift + offset
+            read_addr = init_task_addr - shift + comm_offset
 
             buf = pas.read(read_addr, 12)        
           
@@ -2294,6 +2323,28 @@ def generate_suggestions(self):
                     good_dtb = sym_addr
                     break
 
+        # check for relocated kernel
+        if good_dtb == -1 and shift_address == 0:
+            scanner = swapperScan(needles = ["swapper/0"])
+            for swapper_offset in scanner.scan(self.obj_vm):
+                swapper_address = swapper_offset - comm_offset
+
+                if pas.read(swapper_address + pid_offset, 4) != "\x00\x00\x00\x00":
+                    continue
+
+                tmp_shift_address = swapper_address - (init_task_addr - shifts[0])
+
+                if tmp_shift_address & 0xfff != 0x000:
+                    continue
+                
+                shift_address = tmp_shift_address
+                good_dtb = dtb_sym_addr - shifts[0] + shift_address
+ 
+                break
+        
+        if shift_address != 0:   
+            self.obj_vm.profile.shift_address = shift_address
+
         yield good_dtb
 
 # the intel check, simply checks for the static paging of init_task
@@ -2314,6 +2365,7 @@ def generate_suggestions(self):
         for shift in shifts:
             phys  = self.obj_vm.vtop(init_task_addr)
             check = init_task_addr - shift
+           
             if phys == check:
                 ret = True
                 break

From f8c7c38b70852f2d0b8728bd5c27f6e026a9a355 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 17 Oct 2016 11:09:29 -0500
Subject: [PATCH 049/304] Linux - update linux_lsmod and moddump to work with
 latest kernels

---
 volatility/plugins/overlays/linux/linux.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index ae6c719ef..16a554bd5 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -1010,6 +1010,24 @@ def get_symbol(self, wanted_sym_name):
                 break
 
         return ret       
+   
+    @property
+    def symtab(self):
+        if hasattr(self, "kallsyms"):
+            ret = self.kallsyms.symtab
+        else:
+            ret = self.m("symtab")
+
+        return ret 
+ 
+    @property
+    def num_symtab(self):
+        if hasattr(self, "kallsyms"):
+            ret = self.kallsyms.num_symtab.v()
+        else:
+            ret = self.m("num_symtab").v()
+
+        return ret   
 
     def is_valid(self):
         valid = False

From cc880fa73ae5744a074f4dafe27302bc15c146a8 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 17 Oct 2016 11:13:49 -0500
Subject: [PATCH 050/304] Linux - fix issue 280 related to network byte order

---
 volatility/plugins/overlays/linux/linux.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 16a554bd5..f45bee7a8 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -744,7 +744,7 @@ def dst_port(self):
         elif hasattr(self, "inet_dport"):
             return socket.htons(self.inet_dport)
         elif hasattr(self, "sk") and hasattr(self.sk, "__sk_common") and hasattr(self.sk.__sk_common, "skc_dport"):
-            return self.sk.__sk_common.skc_num #pylint: disable-msg=W0212
+            return socket.htons(self.sk.__sk_common.skc_dport) #pylint: disable-msg=W0212
         else:
             return None
 

From f85cb934d9b92f6302e0f6e695f431459708097c Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 17 Oct 2016 11:21:43 -0500
Subject: [PATCH 051/304] Linux - ensure address checks are done on int and not
 CType

---
 volatility/plugins/linux/common.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/common.py b/volatility/plugins/linux/common.py
index 3928d2905..50a80d21a 100644
--- a/volatility/plugins/linux/common.py
+++ b/volatility/plugins/linux/common.py
@@ -67,6 +67,7 @@ def is_valid_profile(profile):
         return profile.metadata.get('os', 'Unknown').lower() == 'linux'
 
     def is_known_address(self, addr, modules):
+        addr = int(addr)
 
         text = self.profile.get_symbol("_text")
         etext = self.profile.get_symbol("_etext")
@@ -84,7 +85,7 @@ def address_in_module(self, addr, modules):
     def verify_ops(self, ops, op_members, modules):
 
         for check in op_members:
-            addr = ops.m(check)
+            addr = int(ops.m(check))
 
             if addr and addr != 0:
 

From 33d461c31212db5fddeee12b019eefa4727f8c28 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 17 Oct 2016 11:25:29 -0500
Subject: [PATCH 052/304] Linux - check for corruption on hash table size in
 arp table enumeration

---
 volatility/plugins/linux/arp.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/volatility/plugins/linux/arp.py b/volatility/plugins/linux/arp.py
index 443964c07..84b9c9bdc 100644
--- a/volatility/plugins/linux/arp.py
+++ b/volatility/plugins/linux/arp.py
@@ -82,6 +82,9 @@ def handle_table(self, ntable):
 
         buckets = obj.Object(theType = 'Array', offset = hash_table, vm = self.addr_space, targetType = 'Pointer', count = hash_size)
 
+        if not buckets or hash_size > 50000:
+            return []
+
         for i in range(hash_size):
             if buckets[i]:
                 neighbor = obj.Object("neighbour", offset = buckets[i], vm = self.addr_space)

From 2ff525da7de115cc9e4f04156ef1acfcc6fa62cf Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 17 Oct 2016 11:41:02 -0500
Subject: [PATCH 053/304] Linux - fix hidden modules related to issue 273

---
 volatility/plugins/linux/hidden_modules.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/volatility/plugins/linux/hidden_modules.py b/volatility/plugins/linux/hidden_modules.py
index f7f22a8c8..346b055eb 100644
--- a/volatility/plugins/linux/hidden_modules.py
+++ b/volatility/plugins/linux/hidden_modules.py
@@ -63,9 +63,7 @@ def walk_modules_address_space(self, addr_space):
         check_bufs = []
         replace_bufs = []
         
-        check_nums = [3000, 2800, 2700, 2500, 2300, 2100, 2000, 1500, 1300, 1200, 1024, 512, 256, 128, 96, 64, 48, 32, 24, 16, 12, 9]
-        if minus_size == 4:
-            check_nums = check_nums + [8, 6, 5]
+        check_nums = [3000, 2800, 2700, 2500, 2300, 2100, 2000, 1500, 1300, 1200, 1024, 512, 256, 128, 96, 64, 48, 32, 24]
 
         for num in check_nums:
             check_bufs.append("\x00" * num)        

From 5f113ee60dd70ad528625a0ed6553c7baa404cf6 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Fri, 21 Oct 2016 11:56:23 -0500
Subject: [PATCH 054/304] Linux - add further checks in ASLR scanning

---
 volatility/plugins/overlays/linux/linux.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index f45bee7a8..99120dfa4 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2343,10 +2343,13 @@ def generate_suggestions(self):
 
         # check for relocated kernel
         if good_dtb == -1 and shift_address == 0:
-            scanner = swapperScan(needles = ["swapper/0"])
+            scanner = swapperScan(needles = ["swapper/0\x00\x00\x00\x00\x00\x00"])
             for swapper_offset in scanner.scan(self.obj_vm):
                 swapper_address = swapper_offset - comm_offset
 
+                if pas.read(swapper_address, 4) != "\x00\x00\x00\x00":
+                    continue
+
                 if pas.read(swapper_address + pid_offset, 4) != "\x00\x00\x00\x00":
                     continue
 
@@ -2357,9 +2360,8 @@ def generate_suggestions(self):
                 
                 shift_address = tmp_shift_address
                 good_dtb = dtb_sym_addr - shifts[0] + shift_address
- 
                 break
-        
+
         if shift_address != 0:   
             self.obj_vm.profile.shift_address = shift_address
 

From 19d12116fe2f1f3d98873799c8fe80ddbf046f32 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 21 Oct 2016 15:22:38 -0500
Subject: [PATCH 055/304] fix a backtrace in hashdump when the
 CurrentControlSetXXX cannot be determined

---
 volatility/win32/hashdump.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/volatility/win32/hashdump.py b/volatility/win32/hashdump.py
index ddca5a6f5..7f22ee6be 100644
--- a/volatility/win32/hashdump.py
+++ b/volatility/win32/hashdump.py
@@ -117,6 +117,8 @@ def find_control_set(sysaddr):
     for v in rawreg.values(csselect):
         if v.Name == "Current":
             return v.Data
+            
+    return 1
 
 def get_bootkey(sysaddr):
     cs = find_control_set(sysaddr)

From 1d65795714821c90336a13765c67abcac0641eba Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Tue, 25 Oct 2016 13:50:29 -0500
Subject: [PATCH 056/304] Linux - fix overflow error in ARP table size
 calculation

---
 volatility/plugins/linux/arp.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/arp.py b/volatility/plugins/linux/arp.py
index 84b9c9bdc..341ff193d 100644
--- a/volatility/plugins/linux/arp.py
+++ b/volatility/plugins/linux/arp.py
@@ -74,7 +74,11 @@ def handle_table(self, ntable):
             hash_size = ntable.nht.hash_mask
             hash_table = ntable.nht.hash_buckets
         else:
-            hash_size = (1 << ntable.nht.hash_shift)
+            try:
+                hash_size = (1 << ntable.nht.hash_shift)
+            except OverflowError:
+                return []        
+    
             hash_table = ntable.nht.hash_buckets
 
         if not self.addr_space.is_valid_address(hash_table):

From 4d5fbcb61ab1b7526dd83d123fa00b9c66fc68b9 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Tue, 25 Oct 2016 15:49:24 -0500
Subject: [PATCH 057/304] Linux - re-enable strict validation of
 linux_bash_hash

---
 volatility/plugins/linux/bash_hash.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/linux/bash_hash.py b/volatility/plugins/linux/bash_hash.py
index 48dad9c53..1aaf36b62 100644
--- a/volatility/plugins/linux/bash_hash.py
+++ b/volatility/plugins/linux/bash_hash.py
@@ -102,10 +102,10 @@ def __iter__(self):
             for bucket_ptr in bucket_array:
                 bucket = bucket_ptr.dereference_as("bucket_contents")
                 while bucket.times_found > 0 and bucket.data.is_valid() and bucket.key.is_valid():  
-                    #pdata = bucket.data 
+                    pdata = bucket.data 
 
-                    #if pdata.path.is_valid() and (0 <= pdata.flags <= 2):
-                    yield bucket
+                    if pdata.path.is_valid() and (0 <= pdata.flags <= 2):
+                        yield bucket
 
                     bucket = bucket.next
  
@@ -143,6 +143,8 @@ def calculate(self):
             if not (self._config.SCAN_ALL or str(task.comm) == "bash"):
                 continue
 
+            print "Scanning %d" % task.pid
+
             for ent in task.bash_hash_entries():
                 yield task, ent
 

From b223e1088954db0788c7f67f749f4fc3f8fe94bb Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Tue, 25 Oct 2016 16:03:35 -0500
Subject: [PATCH 058/304] Linux - remove print and add infinite loop protection
 to bash_hash

---
 volatility/plugins/linux/bash_hash.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/linux/bash_hash.py b/volatility/plugins/linux/bash_hash.py
index 1aaf36b62..b93ddf3d1 100644
--- a/volatility/plugins/linux/bash_hash.py
+++ b/volatility/plugins/linux/bash_hash.py
@@ -97,18 +97,25 @@ def is_valid(self):
        
     def __iter__(self):
         if self.is_valid():
+            seen = {}
+
             bucket_array = obj.Object(theType="Array", targetType="Pointer", offset = self.bucket_array, vm = self.nbuckets.obj_vm, count = 64)
    
             for bucket_ptr in bucket_array:
                 bucket = bucket_ptr.dereference_as("bucket_contents")
                 while bucket.times_found > 0 and bucket.data.is_valid() and bucket.key.is_valid():  
+                    if bucket.v() in seen:
+                        break
+
+                    seen[bucket.v()] = 1
+
                     pdata = bucket.data 
 
                     if pdata.path.is_valid() and (0 <= pdata.flags <= 2):
                         yield bucket
 
                     bucket = bucket.next
- 
+                     
 class BashHashTypes(obj.ProfileModification):
     conditions = {"os" : lambda x : x in ["linux"]}
 
@@ -143,8 +150,6 @@ def calculate(self):
             if not (self._config.SCAN_ALL or str(task.comm) == "bash"):
                 continue
 
-            print "Scanning %d" % task.pid
-
             for ent in task.bash_hash_entries():
                 yield task, ent
 

From 75fb0346b5147532584b7da6efc44816e098c739 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 26 Oct 2016 08:54:53 -0500
Subject: [PATCH 059/304] refs #342 Add an interpreter path in convert.py

---
 tools/mac/convert.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/mac/convert.py b/tools/mac/convert.py
index 963a6e18c..270bf9169 100755
--- a/tools/mac/convert.py
+++ b/tools/mac/convert.py
@@ -1,3 +1,5 @@
+#!/usr/bin/env python
+
 import os, sys, re
 
 class DWARFParser(object):

From bc824fd3e2c5e51638ebf30257a9babd3fa289e7 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Fri, 18 Nov 2016 10:18:08 -0600
Subject: [PATCH 060/304] Linux - fix smearing issue check_fops and
 substantially improve performance

---
 volatility/plugins/linux/check_fops.py | 14 +++++++-------
 volatility/plugins/linux/common.py     | 15 +++++++++++++--
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/volatility/plugins/linux/check_fops.py b/volatility/plugins/linux/check_fops.py
index 8581d2131..d9ef2013b 100644
--- a/volatility/plugins/linux/check_fops.py
+++ b/volatility/plugins/linux/check_fops.py
@@ -57,9 +57,8 @@ def check_open_files_fop(self, f_op_members, modules):
                 for (hooked_member, hook_address) in self.verify_ops(filp.f_op, f_op_members, modules):
                     name = "{0:s} {1:d} {2:s}".format(task.comm, i, linux_common.get_path(task, filp))
                     yield (name, hooked_member, hook_address)
-
+                    
     def check_proc_fop(self, f_op_members, modules):
-
         proc_mnt_addr = self.addr_space.profile.get_symbol("proc_mnt")
         if not proc_mnt_addr:
             return
@@ -74,22 +73,23 @@ def check_proc_fop(self, f_op_members, modules):
 
         # only check the root directory
         for dentry in root.d_subdirs.list_of_type("dentry", "d_u"):
-
             name = dentry.d_name.name.dereference_as("String", length = 255)
             
             for (hooked_member, hook_address) in self.verify_ops(dentry.d_inode.i_fop, f_op_members, modules): 
                 yield("proc_mnt: {0}".format(name), hooked_member, hook_address)
     
     def walk_proc(self, cur, f_op_members, modules, parent = ""):
- 
+        last_cur = None
         while cur:
-
             if cur.obj_offset in self.seen_proc:
+                if cur.obj_offset == last_cur:
+                    break
+
                 cur = cur.next
                 continue
 
             self.seen_proc[cur.obj_offset] = 1
-
+            
             name = cur.name.dereference_as("String", length = 255)
 
             fops = cur.proc_fops
@@ -104,6 +104,7 @@ def walk_proc(self, cur, f_op_members, modules, parent = ""):
                     yield (name, hooked_member, hook_address)
                 subdir = subdir.next
 
+            last_cur = cur.obj_offset
             cur = cur.next
 
     def check_proc_root_fops(self, f_op_members, modules):   
@@ -138,7 +139,6 @@ def calculate(self):
             funcs = [self.check_open_files_fop, self.check_proc_fop, self.check_proc_root_fops, self.check_file_cache]
 
             for func in funcs:
-
                 for (name, member, address) in func(f_op_members, modules):
                     yield (name, member, address)
 
diff --git a/volatility/plugins/linux/common.py b/volatility/plugins/linux/common.py
index 50a80d21a..0c1f7d997 100644
--- a/volatility/plugins/linux/common.py
+++ b/volatility/plugins/linux/common.py
@@ -51,6 +51,7 @@ class AbstractLinuxCommand(commands.Command):
     def __init__(self, *args, **kwargs):
         self.addr_space = None
         self.known_addrs = {}
+        self.known_fops  = {}
         commands.Command.__init__(self, *args, **kwargs)
 
     @property
@@ -83,12 +84,19 @@ def address_in_module(self, addr, modules):
         return False
 
     def verify_ops(self, ops, op_members, modules):
+        ops_addr = ops.v()        
+        ops_list = []
+
+        if ops_addr in self.known_fops:
+            for check, addr in self.known_fops[ops_addr]:
+                yield check, addr
+
+            return
 
         for check in op_members:
             addr = int(ops.m(check))
 
-            if addr and addr != 0:
-
+            if addr and addr != 0 and addr != -1:
                 if addr in self.known_addrs:
                     known = self.known_addrs[addr]
                 else:
@@ -97,6 +105,9 @@ def verify_ops(self, ops, op_members, modules):
                 
                 if known == 0:
                     yield (check, addr)
+                    ops_list.append((check, addr))
+
+        self.known_fops[ops_addr] = ops_list
 
 class AbstractLinuxIntelCommand(AbstractLinuxCommand):
     @staticmethod

From 266005c070b8e88744472b92ed37021c3750b12b Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Fri, 18 Nov 2016 10:28:09 -0600
Subject: [PATCH 061/304] Linux - add support through Linux 4.9 for cpuinfo

---
 volatility/plugins/linux/cpuinfo.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/linux/cpuinfo.py b/volatility/plugins/linux/cpuinfo.py
index 716656955..81a9fea1e 100644
--- a/volatility/plugins/linux/cpuinfo.py
+++ b/volatility/plugins/linux/cpuinfo.py
@@ -78,8 +78,9 @@ def get_per_cpu_symbol(self, sym_name, module = "kernel"):
 
     def online_cpus(self):
         """ returns a list of online cpus (the processor numbers) """
-        cpu_online_bits_addr = self.addr_space.profile.get_symbol("cpu_online_bits")
-        cpu_present_map_addr = self.addr_space.profile.get_symbol("cpu_present_map")
+        cpu_online_bits_addr  = self.addr_space.profile.get_symbol("cpu_online_bits")
+        cpu_present_map_addr  = self.addr_space.profile.get_symbol("cpu_present_map")
+        cpu_present_mask_addr = self.addr_space.profile.get_symbol("__cpu_present_mask")
 
         #later kernels..
         if cpu_online_bits_addr:
@@ -88,11 +89,14 @@ def online_cpus(self):
         elif cpu_present_map_addr:
             bmap = obj.Object("unsigned long", offset = cpu_present_map_addr, vm = self.addr_space)
 
+        elif cpu_present_mask_addr:
+            bmap = obj.Object("unsigned long", offset = cpu_present_mask_addr, vm = self.addr_space)
+
         else:
             raise AttributeError, "Unable to determine number of online CPUs for memory capture"
 
         cpus = []
-        for i in range(8):
+        for i in range(32):
             if bmap & (1 << i):
                 cpus.append(i)
 

From ecd8a54eb8d4394cd5e292dc8b51982e088a42fb Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Mon, 21 Nov 2016 10:04:51 -0600
Subject: [PATCH 062/304] update to support registry plugins on win10 14393.447

---
 volatility/plugins/bigpagepools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index 3536db992..b4e85942a 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48]],
             (6, 4, '32bit') : [[-168, -164]],
         }
 

From 4c5b1f699ba99dfab32d505b59e0b14b92a150f1 Mon Sep 17 00:00:00 2001
From: Ladi Prosek <lprosek@redhat.com>
Date: Wed, 14 Dec 2016 16:10:46 +0100
Subject: [PATCH 063/304] Increase the _DBGKD_GET_VERSION64 search area

In recent Win10 builds _DBGKD_GET_VERSION64 does not immediately
precede the KDBG structure. It is still within a few pages from
it though.
---
 volatility/plugins/overlays/windows/kdbg_vtypes.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/kdbg_vtypes.py b/volatility/plugins/overlays/windows/kdbg_vtypes.py
index 3a883227e..8c9825512 100644
--- a/volatility/plugins/overlays/windows/kdbg_vtypes.py
+++ b/volatility/plugins/overlays/windows/kdbg_vtypes.py
@@ -56,6 +56,16 @@ def modules(self):
             yield l
 
     def dbgkd_version64(self):
+        """Finds _DBGKD_GET_VERSION64 corresponding to this KDBG"""
+        verinfo = self.dbgkd_find_version64(pages_to_scan = 1)
+        if verinfo:
+            return verinfo
+
+        # _DBGKD_GET_VERSION64 does not immediately precede KDBG on newer Windows.
+        # Try again with more pages to scan.
+        return self.dbgkd_find_version64(pages_to_scan = 16)
+
+    def dbgkd_find_version64(self, pages_to_scan):
         """Scan backwards from the base of KDBG to find the 
         _DBGKD_GET_VERSION64. We have a winner when kernel 
         base addresses and process list head match."""
@@ -64,7 +74,8 @@ def dbgkd_version64(self):
         memory_model = self.obj_native_vm.profile.metadata.get('memory_model', '32bit')
 
         dbgkd_off = self.obj_offset & 0xFFFFFFFFFFFFF000
-        dbgkd_end = dbgkd_off + 0x1000
+        dbgkd_off -= (pages_to_scan / 2) * 0x1000
+        dbgkd_end = dbgkd_off + pages_to_scan * 0x1000
         # The _DBGKD_GET_VERSION64 structure is autogenerated, so
         # this value should be correct for each profile
         dbgkd_size = self.obj_native_vm.profile.get_obj_size("_DBGKD_GET_VERSION64")

From 5a41f277104ffcffc3ac43ebbbb608f66dcc0789 Mon Sep 17 00:00:00 2001
From: Ladi Prosek <lprosek@redhat.com>
Date: Thu, 15 Dec 2016 09:56:58 +0100
Subject: [PATCH 064/304] Beef up nt!KdCopyDataBlock detection

In recent Win10 builds the nt!KdCopyDataBlock detection algorithm incorrectly
finds a code region in NDIS.sys instead of the real thing.

NDIS!ndisFIsLoopbackNetBuffer+0x36:
fffff800`ecf185fa 803dc90f030004  cmp     byte ptr [NDIS!ndisWppEnabledLevelPerFlag+0x2 (fffff800`ecf495ca)],4
fffff800`ecf18601 721b            jb      NDIS!ndisFIsLoopbackNetBuffer+0x5a (fffff800`ecf1861e)
fffff800`ecf18603 4d8943c8        mov     qword ptr [r11-38h],r8
fffff800`ecf18607 4c8bca          mov     r9,rdx
fffff800`ecf1860a 4c8bc0          mov     r8,rax
fffff800`ecf1860d 488d15b4f20100  lea     rdx,[NDIS!WPP_64f4c5b0cce0308c37da1ab1727cd205_Traceguids (fffff800`ecf378c8)]
...

This commit makes the detection more selective by also looking for a
bswap instruction, present in all variants of nt!KdCopyDataBlock seen
in the wild so far - Win8, Win8.1, Win10, Win10 RS1.
---
 volatility/plugins/overlays/windows/win8_kdbg.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/windows/win8_kdbg.py b/volatility/plugins/overlays/windows/win8_kdbg.py
index c6006a6ec..a5e793c75 100644
--- a/volatility/plugins/overlays/windows/win8_kdbg.py
+++ b/volatility/plugins/overlays/windows/win8_kdbg.py
@@ -161,6 +161,8 @@ def copy_data_block(self, full_addr):
         wait_always = None
         # nt!KdpDataBlockEncoded
         block_encoded = None
+        # only for KdCopyDataBlock detection
+        bswap = None
 
         for op in ops:
             # cmp cs:KdpDataBlockEncoded, 0
@@ -202,14 +204,18 @@ def copy_data_block(self, full_addr):
                                         offset = offset,
                                         vm = addr_space)
                 break
+            # bswap reg
+            elif (not bswap and op.mnemonic == 'BSWAP'):
+                bswap = True
             elif op.mnemonic == "RET":
                 break
 
         # check if we've found all the required offsets 
         if (block_encoded != None 
                     and kdbg_block != None 
-                    and wait_never != None 
-                    and wait_always != None):
+                    and wait_never != None
+                    and wait_always != None
+                    and bswap != None):
             
             # some acquisition tools decode the KDBG block but leave 
             # nt!KdpDataBlockEncoded set, so we handle it here. 

From 15d9dcfb6ff3f3bf90c9eb46553b98438cfb8ed6 Mon Sep 17 00:00:00 2001
From: Ladi Prosek <lprosek@redhat.com>
Date: Thu, 15 Dec 2016 10:19:24 +0100
Subject: [PATCH 065/304] Add basic error handling to raw2dmp

Failing the conversion with cryptic errors like "integer out of range for
'I' format code" is suboptimal.

This commit adds checks for the two most common error conditions.
---
 volatility/plugins/raw2dmp.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/volatility/plugins/raw2dmp.py b/volatility/plugins/raw2dmp.py
index 9fbd62589..e6a6b2ce3 100644
--- a/volatility/plugins/raw2dmp.py
+++ b/volatility/plugins/raw2dmp.py
@@ -57,10 +57,14 @@ def convert_to_crash(config, output):
                           offset = obj.VolMagic(vspace).KUSER_SHARED_DATA.v(),
                           vm = vspace)
         kdbg = obj.VolMagic(vspace).KDBG.v()
+        if not kdbg:
+            raise RuntimeError("Couldn't find KDBG block. Wrong profile?")
 
         # Scanning the memory region near KDDEBUGGER_DATA64 for 
         # DBGKD_GET_VERSION64
         dbgkd = kdbg.dbgkd_version64()
+        if not dbgkd:
+            raise RuntimeError("Couldn't find _DBGKD_GET_VERSION64.")
 
         # Set the correct file magic
         for i in range(len("PAGE")):

From b2b19f843bf123d4ddcfd6e14fa2ce0ba898ed93 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 16 Dec 2016 10:54:58 -0600
Subject: [PATCH 066/304] version bump to 2.6

---
 volatility/constants.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/constants.py b/volatility/constants.py
index 0e6e09a72..6d1044fe1 100644
--- a/volatility/constants.py
+++ b/volatility/constants.py
@@ -23,7 +23,7 @@
 
 import os, sys
 
-VERSION = "2.5"
+VERSION = "2.6"
 
 SCAN_BLOCKSIZE = 1024 * 1024 * 10
 

From bf16230c9c239fd7b41358ed77a015eea5b93a45 Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Thu, 22 Dec 2016 09:13:07 -0500
Subject: [PATCH 067/304] making tree.html use a remote ds.js script

---
 tools/doxygen/d3/tree.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/doxygen/d3/tree.html b/tools/doxygen/d3/tree.html
index 72cd462a9..18b6db585 100644
--- a/tools/doxygen/d3/tree.html
+++ b/tools/doxygen/d3/tree.html
@@ -25,7 +25,7 @@
 
 </style>
 <body>
-<script src="d3.js"></script>
+<script src="https://d3js.org/d3.v3.min.js"></script>
 <script>
 
 var margin = {top: 20, right: 120, bottom: 20, left: 120},

From 0a78efec8e1748a138cadfd41bbbc9fd0a57108a Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Thu, 22 Dec 2016 09:13:33 -0500
Subject: [PATCH 068/304] removing d3.js  refs issue #343

---
 tools/doxygen/d3/d3.js | 5 -----
 1 file changed, 5 deletions(-)
 delete mode 100644 tools/doxygen/d3/d3.js

diff --git a/tools/doxygen/d3/d3.js b/tools/doxygen/d3/d3.js
deleted file mode 100644
index 88550ae51..000000000
--- a/tools/doxygen/d3/d3.js
+++ /dev/null
@@ -1,5 +0,0 @@
-!function(){function n(n,t){return t>n?-1:n>t?1:n>=t?0:0/0}function t(n){return null!=n&&!isNaN(n)}function e(n){return{left:function(t,e,r,u){for(arguments.length<3&&(r=0),arguments.length<4&&(u=t.length);u>r;){var i=r+u>>>1;n(t[i],e)<0?r=i+1:u=i}return r},right:function(t,e,r,u){for(arguments.length<3&&(r=0),arguments.length<4&&(u=t.length);u>r;){var i=r+u>>>1;n(t[i],e)>0?u=i:r=i+1}return r}}}function r(n){return n.length}function u(n){for(var t=1;n*t%1;)t*=10;return t}function i(n,t){try{for(var e in t)Object.defineProperty(n.prototype,e,{value:t[e],enumerable:!1})}catch(r){n.prototype=t}}function o(){}function a(n){return ia+n in this}function c(n){return n=ia+n,n in this&&delete this[n]}function s(){var n=[];return this.forEach(function(t){n.push(t)}),n}function l(){var n=0;for(var t in this)t.charCodeAt(0)===oa&&++n;return n}function f(){for(var n in this)if(n.charCodeAt(0)===oa)return!1;return!0}function h(){}function g(n,t,e){return function(){var r=e.apply(t,arguments);return r===t?n:r}}function p(n,t){if(t in n)return t;t=t.charAt(0).toUpperCase()+t.substring(1);for(var e=0,r=aa.length;r>e;++e){var u=aa[e]+t;if(u in n)return u}}function v(){}function d(){}function m(n){function t(){for(var t,r=e,u=-1,i=r.length;++u<i;)(t=r[u].on)&&t.apply(this,arguments);return n}var e=[],r=new o;return t.on=function(t,u){var i,o=r.get(t);return arguments.length<2?o&&o.on:(o&&(o.on=null,e=e.slice(0,i=e.indexOf(o)).concat(e.slice(i+1)),r.remove(t)),u&&e.push(r.set(t,{on:u})),n)},t}function y(){Zo.event.preventDefault()}function x(){for(var n,t=Zo.event;n=t.sourceEvent;)t=n;return t}function M(n){for(var t=new d,e=0,r=arguments.length;++e<r;)t[arguments[e]]=m(t);return t.of=function(e,r){return function(u){try{var i=u.sourceEvent=Zo.event;u.target=n,Zo.event=u,t[u.type].apply(e,r)}finally{Zo.event=i}}},t}function _(n){return sa(n,pa),n}function b(n){return"function"==typeof n?n:function(){return la(n,this)}}function w(n){return"function"==typeof n?n:function(){return fa(n,this)}}function S(n,t){function e(){this.removeAttribute(n)}function r(){this.removeAttributeNS(n.space,n.local)}function u(){this.setAttribute(n,t)}function i(){this.setAttributeNS(n.space,n.local,t)}function o(){var e=t.apply(this,arguments);null==e?this.removeAttribute(n):this.setAttribute(n,e)}function a(){var e=t.apply(this,arguments);null==e?this.removeAttributeNS(n.space,n.local):this.setAttributeNS(n.space,n.local,e)}return n=Zo.ns.qualify(n),null==t?n.local?r:e:"function"==typeof t?n.local?a:o:n.local?i:u}function k(n){return n.trim().replace(/\s+/g," ")}function E(n){return new RegExp("(?:^|\\s+)"+Zo.requote(n)+"(?:\\s+|$)","g")}function A(n){return(n+"").trim().split(/^|\s+/)}function C(n,t){function e(){for(var e=-1;++e<u;)n[e](this,t)}function r(){for(var e=-1,r=t.apply(this,arguments);++e<u;)n[e](this,r)}n=A(n).map(N);var u=n.length;return"function"==typeof t?r:e}function N(n){var t=E(n);return function(e,r){if(u=e.classList)return r?u.add(n):u.remove(n);var u=e.getAttribute("class")||"";r?(t.lastIndex=0,t.test(u)||e.setAttribute("class",k(u+" "+n))):e.setAttribute("class",k(u.replace(t," ")))}}function z(n,t,e){function r(){this.style.removeProperty(n)}function u(){this.style.setProperty(n,t,e)}function i(){var r=t.apply(this,arguments);null==r?this.style.removeProperty(n):this.style.setProperty(n,r,e)}return null==t?r:"function"==typeof t?i:u}function L(n,t){function e(){delete this[n]}function r(){this[n]=t}function u(){var e=t.apply(this,arguments);null==e?delete this[n]:this[n]=e}return null==t?e:"function"==typeof t?u:r}function T(n){return"function"==typeof n?n:(n=Zo.ns.qualify(n)).local?function(){return this.ownerDocument.createElementNS(n.space,n.local)}:function(){return this.ownerDocument.createElementNS(this.namespaceURI,n)}}function q(n){return{__data__:n}}function R(n){return function(){return ga(this,n)}}function D(t){return arguments.length||(t=n),function(n,e){return n&&e?t(n.__data__,e.__data__):!n-!e}}function P(n,t){for(var e=0,r=n.length;r>e;e++)for(var u,i=n[e],o=0,a=i.length;a>o;o++)(u=i[o])&&t(u,o,e);return n}function U(n){return sa(n,da),n}function j(n){var t,e;return function(r,u,i){var o,a=n[i].update,c=a.length;for(i!=e&&(e=i,t=0),u>=t&&(t=u+1);!(o=a[t])&&++t<c;);return o}}function H(){var n=this.__transition__;n&&++n.active}function F(n,t,e){function r(){var t=this[o];t&&(this.removeEventListener(n,t,t.$),delete this[o])}function u(){var u=c(t,Xo(arguments));r.call(this),this.addEventListener(n,this[o]=u,u.$=e),u._=t}function i(){var t,e=new RegExp("^__on([^.]+)"+Zo.requote(n)+"$");for(var r in this)if(t=r.match(e)){var u=this[r];this.removeEventListener(t[1],u,u.$),delete this[r]}}var o="__on"+n,a=n.indexOf("."),c=O;a>0&&(n=n.substring(0,a));var s=ya.get(n);return s&&(n=s,c=Y),a?t?u:r:t?v:i}function O(n,t){return function(e){var r=Zo.event;Zo.event=e,t[0]=this.__data__;try{n.apply(this,t)}finally{Zo.event=r}}}function Y(n,t){var e=O(n,t);return function(n){var t=this,r=n.relatedTarget;r&&(r===t||8&r.compareDocumentPosition(t))||e.call(t,n)}}function I(){var n=".dragsuppress-"+ ++Ma,t="click"+n,e=Zo.select(Wo).on("touchmove"+n,y).on("dragstart"+n,y).on("selectstart"+n,y);if(xa){var r=Bo.style,u=r[xa];r[xa]="none"}return function(i){function o(){e.on(t,null)}e.on(n,null),xa&&(r[xa]=u),i&&(e.on(t,function(){y(),o()},!0),setTimeout(o,0))}}function Z(n,t){t.changedTouches&&(t=t.changedTouches[0]);var e=n.ownerSVGElement||n;if(e.createSVGPoint){var r=e.createSVGPoint();if(0>_a&&(Wo.scrollX||Wo.scrollY)){e=Zo.select("body").append("svg").style({position:"absolute",top:0,left:0,margin:0,padding:0,border:"none"},"important");var u=e[0][0].getScreenCTM();_a=!(u.f||u.e),e.remove()}return _a?(r.x=t.pageX,r.y=t.pageY):(r.x=t.clientX,r.y=t.clientY),r=r.matrixTransform(n.getScreenCTM().inverse()),[r.x,r.y]}var i=n.getBoundingClientRect();return[t.clientX-i.left-n.clientLeft,t.clientY-i.top-n.clientTop]}function V(){return Zo.event.changedTouches[0].identifier}function X(){return Zo.event.target}function $(){return Wo}function B(n){return n>0?1:0>n?-1:0}function W(n,t,e){return(t[0]-n[0])*(e[1]-n[1])-(t[1]-n[1])*(e[0]-n[0])}function J(n){return n>1?0:-1>n?ba:Math.acos(n)}function G(n){return n>1?Sa:-1>n?-Sa:Math.asin(n)}function K(n){return((n=Math.exp(n))-1/n)/2}function Q(n){return((n=Math.exp(n))+1/n)/2}function nt(n){return((n=Math.exp(2*n))-1)/(n+1)}function tt(n){return(n=Math.sin(n/2))*n}function et(){}function rt(n,t,e){return this instanceof rt?(this.h=+n,this.s=+t,void(this.l=+e)):arguments.length<2?n instanceof rt?new rt(n.h,n.s,n.l):mt(""+n,yt,rt):new rt(n,t,e)}function ut(n,t,e){function r(n){return n>360?n-=360:0>n&&(n+=360),60>n?i+(o-i)*n/60:180>n?o:240>n?i+(o-i)*(240-n)/60:i}function u(n){return Math.round(255*r(n))}var i,o;return n=isNaN(n)?0:(n%=360)<0?n+360:n,t=isNaN(t)?0:0>t?0:t>1?1:t,e=0>e?0:e>1?1:e,o=.5>=e?e*(1+t):e+t-e*t,i=2*e-o,new gt(u(n+120),u(n),u(n-120))}function it(n,t,e){return this instanceof it?(this.h=+n,this.c=+t,void(this.l=+e)):arguments.length<2?n instanceof it?new it(n.h,n.c,n.l):n instanceof at?st(n.l,n.a,n.b):st((n=xt((n=Zo.rgb(n)).r,n.g,n.b)).l,n.a,n.b):new it(n,t,e)}function ot(n,t,e){return isNaN(n)&&(n=0),isNaN(t)&&(t=0),new at(e,Math.cos(n*=Aa)*t,Math.sin(n)*t)}function at(n,t,e){return this instanceof at?(this.l=+n,this.a=+t,void(this.b=+e)):arguments.length<2?n instanceof at?new at(n.l,n.a,n.b):n instanceof it?ot(n.l,n.c,n.h):xt((n=gt(n)).r,n.g,n.b):new at(n,t,e)}function ct(n,t,e){var r=(n+16)/116,u=r+t/500,i=r-e/200;return u=lt(u)*ja,r=lt(r)*Ha,i=lt(i)*Fa,new gt(ht(3.2404542*u-1.5371385*r-.4985314*i),ht(-.969266*u+1.8760108*r+.041556*i),ht(.0556434*u-.2040259*r+1.0572252*i))}function st(n,t,e){return n>0?new it(Math.atan2(e,t)*Ca,Math.sqrt(t*t+e*e),n):new it(0/0,0/0,n)}function lt(n){return n>.206893034?n*n*n:(n-4/29)/7.787037}function ft(n){return n>.008856?Math.pow(n,1/3):7.787037*n+4/29}function ht(n){return Math.round(255*(.00304>=n?12.92*n:1.055*Math.pow(n,1/2.4)-.055))}function gt(n,t,e){return this instanceof gt?(this.r=~~n,this.g=~~t,void(this.b=~~e)):arguments.length<2?n instanceof gt?new gt(n.r,n.g,n.b):mt(""+n,gt,ut):new gt(n,t,e)}function pt(n){return new gt(n>>16,255&n>>8,255&n)}function vt(n){return pt(n)+""}function dt(n){return 16>n?"0"+Math.max(0,n).toString(16):Math.min(255,n).toString(16)}function mt(n,t,e){var r,u,i,o=0,a=0,c=0;if(r=/([a-z]+)\((.*)\)/i.exec(n))switch(u=r[2].split(","),r[1]){case"hsl":return e(parseFloat(u[0]),parseFloat(u[1])/100,parseFloat(u[2])/100);case"rgb":return t(_t(u[0]),_t(u[1]),_t(u[2]))}return(i=Ia.get(n))?t(i.r,i.g,i.b):(null==n||"#"!==n.charAt(0)||isNaN(i=parseInt(n.substring(1),16))||(4===n.length?(o=(3840&i)>>4,o=o>>4|o,a=240&i,a=a>>4|a,c=15&i,c=c<<4|c):7===n.length&&(o=(16711680&i)>>16,a=(65280&i)>>8,c=255&i)),t(o,a,c))}function yt(n,t,e){var r,u,i=Math.min(n/=255,t/=255,e/=255),o=Math.max(n,t,e),a=o-i,c=(o+i)/2;return a?(u=.5>c?a/(o+i):a/(2-o-i),r=n==o?(t-e)/a+(e>t?6:0):t==o?(e-n)/a+2:(n-t)/a+4,r*=60):(r=0/0,u=c>0&&1>c?0:r),new rt(r,u,c)}function xt(n,t,e){n=Mt(n),t=Mt(t),e=Mt(e);var r=ft((.4124564*n+.3575761*t+.1804375*e)/ja),u=ft((.2126729*n+.7151522*t+.072175*e)/Ha),i=ft((.0193339*n+.119192*t+.9503041*e)/Fa);return at(116*u-16,500*(r-u),200*(u-i))}function Mt(n){return(n/=255)<=.04045?n/12.92:Math.pow((n+.055)/1.055,2.4)}function _t(n){var t=parseFloat(n);return"%"===n.charAt(n.length-1)?Math.round(2.55*t):t}function bt(n){return"function"==typeof n?n:function(){return n}}function wt(n){return n}function St(n){return function(t,e,r){return 2===arguments.length&&"function"==typeof e&&(r=e,e=null),kt(t,e,n,r)}}function kt(n,t,e,r){function u(){var n,t=c.status;if(!t&&c.responseText||t>=200&&300>t||304===t){try{n=e.call(i,c)}catch(r){return o.error.call(i,r),void 0}o.load.call(i,n)}else o.error.call(i,c)}var i={},o=Zo.dispatch("beforesend","progress","load","error"),a={},c=new XMLHttpRequest,s=null;return!Wo.XDomainRequest||"withCredentials"in c||!/^(http(s)?:)?\/\//.test(n)||(c=new XDomainRequest),"onload"in c?c.onload=c.onerror=u:c.onreadystatechange=function(){c.readyState>3&&u()},c.onprogress=function(n){var t=Zo.event;Zo.event=n;try{o.progress.call(i,c)}finally{Zo.event=t}},i.header=function(n,t){return n=(n+"").toLowerCase(),arguments.length<2?a[n]:(null==t?delete a[n]:a[n]=t+"",i)},i.mimeType=function(n){return arguments.length?(t=null==n?null:n+"",i):t},i.responseType=function(n){return arguments.length?(s=n,i):s},i.response=function(n){return e=n,i},["get","post"].forEach(function(n){i[n]=function(){return i.send.apply(i,[n].concat(Xo(arguments)))}}),i.send=function(e,r,u){if(2===arguments.length&&"function"==typeof r&&(u=r,r=null),c.open(e,n,!0),null==t||"accept"in a||(a.accept=t+",*/*"),c.setRequestHeader)for(var l in a)c.setRequestHeader(l,a[l]);return null!=t&&c.overrideMimeType&&c.overrideMimeType(t),null!=s&&(c.responseType=s),null!=u&&i.on("error",u).on("load",function(n){u(null,n)}),o.beforesend.call(i,c),c.send(null==r?null:r),i},i.abort=function(){return c.abort(),i},Zo.rebind(i,o,"on"),null==r?i:i.get(Et(r))}function Et(n){return 1===n.length?function(t,e){n(null==t?e:null)}:n}function At(){var n=Ct(),t=Nt()-n;t>24?(isFinite(t)&&(clearTimeout($a),$a=setTimeout(At,t)),Xa=0):(Xa=1,Wa(At))}function Ct(){var n=Date.now();for(Ba=Za;Ba;)n>=Ba.t&&(Ba.f=Ba.c(n-Ba.t)),Ba=Ba.n;return n}function Nt(){for(var n,t=Za,e=1/0;t;)t.f?t=n?n.n=t.n:Za=t.n:(t.t<e&&(e=t.t),t=(n=t).n);return Va=n,e}function zt(n,t){return t-(n?Math.ceil(Math.log(n)/Math.LN10):1)}function Lt(n,t){var e=Math.pow(10,3*ua(8-t));return{scale:t>8?function(n){return n/e}:function(n){return n*e},symbol:n}}function Tt(n){var t=n.decimal,e=n.thousands,r=n.grouping,u=n.currency,i=r?function(n){for(var t=n.length,u=[],i=0,o=r[0];t>0&&o>0;)u.push(n.substring(t-=o,t+o)),o=r[i=(i+1)%r.length];return u.reverse().join(e)}:wt;return function(n){var e=Ga.exec(n),r=e[1]||" ",o=e[2]||">",a=e[3]||"",c=e[4]||"",s=e[5],l=+e[6],f=e[7],h=e[8],g=e[9],p=1,v="",d="",m=!1;switch(h&&(h=+h.substring(1)),(s||"0"===r&&"="===o)&&(s=r="0",o="=",f&&(l-=Math.floor((l-1)/4))),g){case"n":f=!0,g="g";break;case"%":p=100,d="%",g="f";break;case"p":p=100,d="%",g="r";break;case"b":case"o":case"x":case"X":"#"===c&&(v="0"+g.toLowerCase());case"c":case"d":m=!0,h=0;break;case"s":p=-1,g="r"}"$"===c&&(v=u[0],d=u[1]),"r"!=g||h||(g="g"),null!=h&&("g"==g?h=Math.max(1,Math.min(21,h)):("e"==g||"f"==g)&&(h=Math.max(0,Math.min(20,h)))),g=Ka.get(g)||qt;var y=s&&f;return function(n){var e=d;if(m&&n%1)return"";var u=0>n||0===n&&0>1/n?(n=-n,"-"):a;if(0>p){var c=Zo.formatPrefix(n,h);n=c.scale(n),e=c.symbol+d}else n*=p;n=g(n,h);var x=n.lastIndexOf("."),M=0>x?n:n.substring(0,x),_=0>x?"":t+n.substring(x+1);!s&&f&&(M=i(M));var b=v.length+M.length+_.length+(y?0:u.length),w=l>b?new Array(b=l-b+1).join(r):"";return y&&(M=i(w+M)),u+=v,n=M+_,("<"===o?u+n+w:">"===o?w+u+n:"^"===o?w.substring(0,b>>=1)+u+n+w.substring(b):u+(y?n:w+n))+e}}}function qt(n){return n+""}function Rt(){this._=new Date(arguments.length>1?Date.UTC.apply(this,arguments):arguments[0])}function Dt(n,t,e){function r(t){var e=n(t),r=i(e,1);return r-t>t-e?e:r}function u(e){return t(e=n(new nc(e-1)),1),e}function i(n,e){return t(n=new nc(+n),e),n}function o(n,r,i){var o=u(n),a=[];if(i>1)for(;r>o;)e(o)%i||a.push(new Date(+o)),t(o,1);else for(;r>o;)a.push(new Date(+o)),t(o,1);return a}function a(n,t,e){try{nc=Rt;var r=new Rt;return r._=n,o(r,t,e)}finally{nc=Date}}n.floor=n,n.round=r,n.ceil=u,n.offset=i,n.range=o;var c=n.utc=Pt(n);return c.floor=c,c.round=Pt(r),c.ceil=Pt(u),c.offset=Pt(i),c.range=a,n}function Pt(n){return function(t,e){try{nc=Rt;var r=new Rt;return r._=t,n(r,e)._}finally{nc=Date}}}function Ut(n){function t(n){function t(t){for(var e,u,i,o=[],a=-1,c=0;++a<r;)37===n.charCodeAt(a)&&(o.push(n.substring(c,a)),null!=(u=ec[e=n.charAt(++a)])&&(e=n.charAt(++a)),(i=C[e])&&(e=i(t,null==u?"e"===e?" ":"0":u)),o.push(e),c=a+1);return o.push(n.substring(c,a)),o.join("")}var r=n.length;return t.parse=function(t){var r={y:1900,m:0,d:1,H:0,M:0,S:0,L:0,Z:null},u=e(r,n,t,0);if(u!=t.length)return null;"p"in r&&(r.H=r.H%12+12*r.p);var i=null!=r.Z&&nc!==Rt,o=new(i?Rt:nc);return"j"in r?o.setFullYear(r.y,0,r.j):"w"in r&&("W"in r||"U"in r)?(o.setFullYear(r.y,0,1),o.setFullYear(r.y,0,"W"in r?(r.w+6)%7+7*r.W-(o.getDay()+5)%7:r.w+7*r.U-(o.getDay()+6)%7)):o.setFullYear(r.y,r.m,r.d),o.setHours(r.H+Math.floor(r.Z/100),r.M+r.Z%100,r.S,r.L),i?o._:o},t.toString=function(){return n},t}function e(n,t,e,r){for(var u,i,o,a=0,c=t.length,s=e.length;c>a;){if(r>=s)return-1;if(u=t.charCodeAt(a++),37===u){if(o=t.charAt(a++),i=N[o in ec?t.charAt(a++):o],!i||(r=i(n,e,r))<0)return-1}else if(u!=e.charCodeAt(r++))return-1}return r}function r(n,t,e){b.lastIndex=0;var r=b.exec(t.substring(e));return r?(n.w=w.get(r[0].toLowerCase()),e+r[0].length):-1}function u(n,t,e){M.lastIndex=0;var r=M.exec(t.substring(e));return r?(n.w=_.get(r[0].toLowerCase()),e+r[0].length):-1}function i(n,t,e){E.lastIndex=0;var r=E.exec(t.substring(e));return r?(n.m=A.get(r[0].toLowerCase()),e+r[0].length):-1}function o(n,t,e){S.lastIndex=0;var r=S.exec(t.substring(e));return r?(n.m=k.get(r[0].toLowerCase()),e+r[0].length):-1}function a(n,t,r){return e(n,C.c.toString(),t,r)}function c(n,t,r){return e(n,C.x.toString(),t,r)}function s(n,t,r){return e(n,C.X.toString(),t,r)}function l(n,t,e){var r=x.get(t.substring(e,e+=2).toLowerCase());return null==r?-1:(n.p=r,e)}var f=n.dateTime,h=n.date,g=n.time,p=n.periods,v=n.days,d=n.shortDays,m=n.months,y=n.shortMonths;t.utc=function(n){function e(n){try{nc=Rt;var t=new nc;return t._=n,r(t)}finally{nc=Date}}var r=t(n);return e.parse=function(n){try{nc=Rt;var t=r.parse(n);return t&&t._}finally{nc=Date}},e.toString=r.toString,e},t.multi=t.utc.multi=re;var x=Zo.map(),M=Ht(v),_=Ft(v),b=Ht(d),w=Ft(d),S=Ht(m),k=Ft(m),E=Ht(y),A=Ft(y);p.forEach(function(n,t){x.set(n.toLowerCase(),t)});var C={a:function(n){return d[n.getDay()]},A:function(n){return v[n.getDay()]},b:function(n){return y[n.getMonth()]},B:function(n){return m[n.getMonth()]},c:t(f),d:function(n,t){return jt(n.getDate(),t,2)},e:function(n,t){return jt(n.getDate(),t,2)},H:function(n,t){return jt(n.getHours(),t,2)},I:function(n,t){return jt(n.getHours()%12||12,t,2)},j:function(n,t){return jt(1+Qa.dayOfYear(n),t,3)},L:function(n,t){return jt(n.getMilliseconds(),t,3)},m:function(n,t){return jt(n.getMonth()+1,t,2)},M:function(n,t){return jt(n.getMinutes(),t,2)},p:function(n){return p[+(n.getHours()>=12)]},S:function(n,t){return jt(n.getSeconds(),t,2)},U:function(n,t){return jt(Qa.sundayOfYear(n),t,2)},w:function(n){return n.getDay()},W:function(n,t){return jt(Qa.mondayOfYear(n),t,2)},x:t(h),X:t(g),y:function(n,t){return jt(n.getFullYear()%100,t,2)},Y:function(n,t){return jt(n.getFullYear()%1e4,t,4)},Z:te,"%":function(){return"%"}},N={a:r,A:u,b:i,B:o,c:a,d:Wt,e:Wt,H:Gt,I:Gt,j:Jt,L:ne,m:Bt,M:Kt,p:l,S:Qt,U:Yt,w:Ot,W:It,x:c,X:s,y:Vt,Y:Zt,Z:Xt,"%":ee};return t}function jt(n,t,e){var r=0>n?"-":"",u=(r?-n:n)+"",i=u.length;return r+(e>i?new Array(e-i+1).join(t)+u:u)}function Ht(n){return new RegExp("^(?:"+n.map(Zo.requote).join("|")+")","i")}function Ft(n){for(var t=new o,e=-1,r=n.length;++e<r;)t.set(n[e].toLowerCase(),e);return t}function Ot(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e,e+1));return r?(n.w=+r[0],e+r[0].length):-1}function Yt(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e));return r?(n.U=+r[0],e+r[0].length):-1}function It(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e));return r?(n.W=+r[0],e+r[0].length):-1}function Zt(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e,e+4));return r?(n.y=+r[0],e+r[0].length):-1}function Vt(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e,e+2));return r?(n.y=$t(+r[0]),e+r[0].length):-1}function Xt(n,t,e){return/^[+-]\d{4}$/.test(t=t.substring(e,e+5))?(n.Z=-t,e+5):-1}function $t(n){return n+(n>68?1900:2e3)}function Bt(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e,e+2));return r?(n.m=r[0]-1,e+r[0].length):-1}function Wt(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e,e+2));return r?(n.d=+r[0],e+r[0].length):-1}function Jt(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e,e+3));return r?(n.j=+r[0],e+r[0].length):-1}function Gt(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e,e+2));return r?(n.H=+r[0],e+r[0].length):-1}function Kt(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e,e+2));return r?(n.M=+r[0],e+r[0].length):-1}function Qt(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e,e+2));return r?(n.S=+r[0],e+r[0].length):-1}function ne(n,t,e){rc.lastIndex=0;var r=rc.exec(t.substring(e,e+3));return r?(n.L=+r[0],e+r[0].length):-1}function te(n){var t=n.getTimezoneOffset(),e=t>0?"-":"+",r=~~(ua(t)/60),u=ua(t)%60;return e+jt(r,"0",2)+jt(u,"0",2)}function ee(n,t,e){uc.lastIndex=0;var r=uc.exec(t.substring(e,e+1));return r?e+r[0].length:-1}function re(n){for(var t=n.length,e=-1;++e<t;)n[e][0]=this(n[e][0]);return function(t){for(var e=0,r=n[e];!r[1](t);)r=n[++e];return r[0](t)}}function ue(){}function ie(n,t,e){var r=e.s=n+t,u=r-n,i=r-u;e.t=n-i+(t-u)}function oe(n,t){n&&cc.hasOwnProperty(n.type)&&cc[n.type](n,t)}function ae(n,t,e){var r,u=-1,i=n.length-e;for(t.lineStart();++u<i;)r=n[u],t.point(r[0],r[1],r[2]);t.lineEnd()}function ce(n,t){var e=-1,r=n.length;for(t.polygonStart();++e<r;)ae(n[e],t,1);t.polygonEnd()}function se(){function n(n,t){n*=Aa,t=t*Aa/2+ba/4;var e=n-r,o=e>=0?1:-1,a=o*e,c=Math.cos(t),s=Math.sin(t),l=i*s,f=u*c+l*Math.cos(a),h=l*o*Math.sin(a);lc.add(Math.atan2(h,f)),r=n,u=c,i=s}var t,e,r,u,i;fc.point=function(o,a){fc.point=n,r=(t=o)*Aa,u=Math.cos(a=(e=a)*Aa/2+ba/4),i=Math.sin(a)},fc.lineEnd=function(){n(t,e)}}function le(n){var t=n[0],e=n[1],r=Math.cos(e);return[r*Math.cos(t),r*Math.sin(t),Math.sin(e)]}function fe(n,t){return n[0]*t[0]+n[1]*t[1]+n[2]*t[2]}function he(n,t){return[n[1]*t[2]-n[2]*t[1],n[2]*t[0]-n[0]*t[2],n[0]*t[1]-n[1]*t[0]]}function ge(n,t){n[0]+=t[0],n[1]+=t[1],n[2]+=t[2]}function pe(n,t){return[n[0]*t,n[1]*t,n[2]*t]}function ve(n){var t=Math.sqrt(n[0]*n[0]+n[1]*n[1]+n[2]*n[2]);n[0]/=t,n[1]/=t,n[2]/=t}function de(n){return[Math.atan2(n[1],n[0]),G(n[2])]}function me(n,t){return ua(n[0]-t[0])<ka&&ua(n[1]-t[1])<ka}function ye(n,t){n*=Aa;var e=Math.cos(t*=Aa);xe(e*Math.cos(n),e*Math.sin(n),Math.sin(t))}function xe(n,t,e){++hc,pc+=(n-pc)/hc,vc+=(t-vc)/hc,dc+=(e-dc)/hc}function Me(){function n(n,u){n*=Aa;var i=Math.cos(u*=Aa),o=i*Math.cos(n),a=i*Math.sin(n),c=Math.sin(u),s=Math.atan2(Math.sqrt((s=e*c-r*a)*s+(s=r*o-t*c)*s+(s=t*a-e*o)*s),t*o+e*a+r*c);gc+=s,mc+=s*(t+(t=o)),yc+=s*(e+(e=a)),xc+=s*(r+(r=c)),xe(t,e,r)}var t,e,r;wc.point=function(u,i){u*=Aa;var o=Math.cos(i*=Aa);t=o*Math.cos(u),e=o*Math.sin(u),r=Math.sin(i),wc.point=n,xe(t,e,r)}}function _e(){wc.point=ye}function be(){function n(n,t){n*=Aa;var e=Math.cos(t*=Aa),o=e*Math.cos(n),a=e*Math.sin(n),c=Math.sin(t),s=u*c-i*a,l=i*o-r*c,f=r*a-u*o,h=Math.sqrt(s*s+l*l+f*f),g=r*o+u*a+i*c,p=h&&-J(g)/h,v=Math.atan2(h,g);Mc+=p*s,_c+=p*l,bc+=p*f,gc+=v,mc+=v*(r+(r=o)),yc+=v*(u+(u=a)),xc+=v*(i+(i=c)),xe(r,u,i)}var t,e,r,u,i;wc.point=function(o,a){t=o,e=a,wc.point=n,o*=Aa;var c=Math.cos(a*=Aa);r=c*Math.cos(o),u=c*Math.sin(o),i=Math.sin(a),xe(r,u,i)},wc.lineEnd=function(){n(t,e),wc.lineEnd=_e,wc.point=ye}}function we(){return!0}function Se(n,t,e,r,u){var i=[],o=[];if(n.forEach(function(n){if(!((t=n.length-1)<=0)){var t,e=n[0],r=n[t];if(me(e,r)){u.lineStart();for(var a=0;t>a;++a)u.point((e=n[a])[0],e[1]);return u.lineEnd(),void 0}var c=new Ee(e,n,null,!0),s=new Ee(e,null,c,!1);c.o=s,i.push(c),o.push(s),c=new Ee(r,n,null,!1),s=new Ee(r,null,c,!0),c.o=s,i.push(c),o.push(s)}}),o.sort(t),ke(i),ke(o),i.length){for(var a=0,c=e,s=o.length;s>a;++a)o[a].e=c=!c;for(var l,f,h=i[0];;){for(var g=h,p=!0;g.v;)if((g=g.n)===h)return;l=g.z,u.lineStart();do{if(g.v=g.o.v=!0,g.e){if(p)for(var a=0,s=l.length;s>a;++a)u.point((f=l[a])[0],f[1]);else r(g.x,g.n.x,1,u);g=g.n}else{if(p){l=g.p.z;for(var a=l.length-1;a>=0;--a)u.point((f=l[a])[0],f[1])}else r(g.x,g.p.x,-1,u);g=g.p}g=g.o,l=g.z,p=!p}while(!g.v);u.lineEnd()}}}function ke(n){if(t=n.length){for(var t,e,r=0,u=n[0];++r<t;)u.n=e=n[r],e.p=u,u=e;u.n=e=n[0],e.p=u}}function Ee(n,t,e,r){this.x=n,this.z=t,this.o=e,this.e=r,this.v=!1,this.n=this.p=null}function Ae(n,t,e,r){return function(u,i){function o(t,e){var r=u(t,e);n(t=r[0],e=r[1])&&i.point(t,e)}function a(n,t){var e=u(n,t);d.point(e[0],e[1])}function c(){y.point=a,d.lineStart()}function s(){y.point=o,d.lineEnd()}function l(n,t){v.push([n,t]);var e=u(n,t);M.point(e[0],e[1])}function f(){M.lineStart(),v=[]}function h(){l(v[0][0],v[0][1]),M.lineEnd();var n,t=M.clean(),e=x.buffer(),r=e.length;if(v.pop(),p.push(v),v=null,r)if(1&t){n=e[0];var u,r=n.length-1,o=-1;if(r>0){for(_||(i.polygonStart(),_=!0),i.lineStart();++o<r;)i.point((u=n[o])[0],u[1]);i.lineEnd()}}else r>1&&2&t&&e.push(e.pop().concat(e.shift())),g.push(e.filter(Ce))}var g,p,v,d=t(i),m=u.invert(r[0],r[1]),y={point:o,lineStart:c,lineEnd:s,polygonStart:function(){y.point=l,y.lineStart=f,y.lineEnd=h,g=[],p=[]},polygonEnd:function(){y.point=o,y.lineStart=c,y.lineEnd=s,g=Zo.merge(g);var n=Le(m,p);g.length?(_||(i.polygonStart(),_=!0),Se(g,ze,n,e,i)):n&&(_||(i.polygonStart(),_=!0),i.lineStart(),e(null,null,1,i),i.lineEnd()),_&&(i.polygonEnd(),_=!1),g=p=null},sphere:function(){i.polygonStart(),i.lineStart(),e(null,null,1,i),i.lineEnd(),i.polygonEnd()}},x=Ne(),M=t(x),_=!1;return y}}function Ce(n){return n.length>1}function Ne(){var n,t=[];return{lineStart:function(){t.push(n=[])},point:function(t,e){n.push([t,e])},lineEnd:v,buffer:function(){var e=t;return t=[],n=null,e},rejoin:function(){t.length>1&&t.push(t.pop().concat(t.shift()))}}}function ze(n,t){return((n=n.x)[0]<0?n[1]-Sa-ka:Sa-n[1])-((t=t.x)[0]<0?t[1]-Sa-ka:Sa-t[1])}function Le(n,t){var e=n[0],r=n[1],u=[Math.sin(e),-Math.cos(e),0],i=0,o=0;lc.reset();for(var a=0,c=t.length;c>a;++a){var s=t[a],l=s.length;if(l)for(var f=s[0],h=f[0],g=f[1]/2+ba/4,p=Math.sin(g),v=Math.cos(g),d=1;;){d===l&&(d=0),n=s[d];var m=n[0],y=n[1]/2+ba/4,x=Math.sin(y),M=Math.cos(y),_=m-h,b=_>=0?1:-1,w=b*_,S=w>ba,k=p*x;if(lc.add(Math.atan2(k*b*Math.sin(w),v*M+k*Math.cos(w))),i+=S?_+b*wa:_,S^h>=e^m>=e){var E=he(le(f),le(n));ve(E);var A=he(u,E);ve(A);var C=(S^_>=0?-1:1)*G(A[2]);(r>C||r===C&&(E[0]||E[1]))&&(o+=S^_>=0?1:-1)}if(!d++)break;h=m,p=x,v=M,f=n}}return(-ka>i||ka>i&&0>lc)^1&o}function Te(n){var t,e=0/0,r=0/0,u=0/0;return{lineStart:function(){n.lineStart(),t=1},point:function(i,o){var a=i>0?ba:-ba,c=ua(i-e);ua(c-ba)<ka?(n.point(e,r=(r+o)/2>0?Sa:-Sa),n.point(u,r),n.lineEnd(),n.lineStart(),n.point(a,r),n.point(i,r),t=0):u!==a&&c>=ba&&(ua(e-u)<ka&&(e-=u*ka),ua(i-a)<ka&&(i-=a*ka),r=qe(e,r,i,o),n.point(u,r),n.lineEnd(),n.lineStart(),n.point(a,r),t=0),n.point(e=i,r=o),u=a},lineEnd:function(){n.lineEnd(),e=r=0/0},clean:function(){return 2-t}}}function qe(n,t,e,r){var u,i,o=Math.sin(n-e);return ua(o)>ka?Math.atan((Math.sin(t)*(i=Math.cos(r))*Math.sin(e)-Math.sin(r)*(u=Math.cos(t))*Math.sin(n))/(u*i*o)):(t+r)/2}function Re(n,t,e,r){var u;if(null==n)u=e*Sa,r.point(-ba,u),r.point(0,u),r.point(ba,u),r.point(ba,0),r.point(ba,-u),r.point(0,-u),r.point(-ba,-u),r.point(-ba,0),r.point(-ba,u);else if(ua(n[0]-t[0])>ka){var i=n[0]<t[0]?ba:-ba;u=e*i/2,r.point(-i,u),r.point(0,u),r.point(i,u)}else r.point(t[0],t[1])}function De(n){function t(n,t){return Math.cos(n)*Math.cos(t)>i}function e(n){var e,i,c,s,l;return{lineStart:function(){s=c=!1,l=1},point:function(f,h){var g,p=[f,h],v=t(f,h),d=o?v?0:u(f,h):v?u(f+(0>f?ba:-ba),h):0;if(!e&&(s=c=v)&&n.lineStart(),v!==c&&(g=r(e,p),(me(e,g)||me(p,g))&&(p[0]+=ka,p[1]+=ka,v=t(p[0],p[1]))),v!==c)l=0,v?(n.lineStart(),g=r(p,e),n.point(g[0],g[1])):(g=r(e,p),n.point(g[0],g[1]),n.lineEnd()),e=g;else if(a&&e&&o^v){var m;d&i||!(m=r(p,e,!0))||(l=0,o?(n.lineStart(),n.point(m[0][0],m[0][1]),n.point(m[1][0],m[1][1]),n.lineEnd()):(n.point(m[1][0],m[1][1]),n.lineEnd(),n.lineStart(),n.point(m[0][0],m[0][1])))}!v||e&&me(e,p)||n.point(p[0],p[1]),e=p,c=v,i=d},lineEnd:function(){c&&n.lineEnd(),e=null},clean:function(){return l|(s&&c)<<1}}}function r(n,t,e){var r=le(n),u=le(t),o=[1,0,0],a=he(r,u),c=fe(a,a),s=a[0],l=c-s*s;if(!l)return!e&&n;var f=i*c/l,h=-i*s/l,g=he(o,a),p=pe(o,f),v=pe(a,h);ge(p,v);var d=g,m=fe(p,d),y=fe(d,d),x=m*m-y*(fe(p,p)-1);if(!(0>x)){var M=Math.sqrt(x),_=pe(d,(-m-M)/y);if(ge(_,p),_=de(_),!e)return _;var b,w=n[0],S=t[0],k=n[1],E=t[1];w>S&&(b=w,w=S,S=b);var A=S-w,C=ua(A-ba)<ka,N=C||ka>A;if(!C&&k>E&&(b=k,k=E,E=b),N?C?k+E>0^_[1]<(ua(_[0]-w)<ka?k:E):k<=_[1]&&_[1]<=E:A>ba^(w<=_[0]&&_[0]<=S)){var z=pe(d,(-m+M)/y);return ge(z,p),[_,de(z)]}}}function u(t,e){var r=o?n:ba-n,u=0;return-r>t?u|=1:t>r&&(u|=2),-r>e?u|=4:e>r&&(u|=8),u}var i=Math.cos(n),o=i>0,a=ua(i)>ka,c=sr(n,6*Aa);return Ae(t,e,c,o?[0,-n]:[-ba,n-ba])}function Pe(n,t,e,r){return function(u){var i,o=u.a,a=u.b,c=o.x,s=o.y,l=a.x,f=a.y,h=0,g=1,p=l-c,v=f-s;if(i=n-c,p||!(i>0)){if(i/=p,0>p){if(h>i)return;g>i&&(g=i)}else if(p>0){if(i>g)return;i>h&&(h=i)}if(i=e-c,p||!(0>i)){if(i/=p,0>p){if(i>g)return;i>h&&(h=i)}else if(p>0){if(h>i)return;g>i&&(g=i)}if(i=t-s,v||!(i>0)){if(i/=v,0>v){if(h>i)return;g>i&&(g=i)}else if(v>0){if(i>g)return;i>h&&(h=i)}if(i=r-s,v||!(0>i)){if(i/=v,0>v){if(i>g)return;i>h&&(h=i)}else if(v>0){if(h>i)return;g>i&&(g=i)}return h>0&&(u.a={x:c+h*p,y:s+h*v}),1>g&&(u.b={x:c+g*p,y:s+g*v}),u}}}}}}function Ue(n,t,e,r){function u(r,u){return ua(r[0]-n)<ka?u>0?0:3:ua(r[0]-e)<ka?u>0?2:1:ua(r[1]-t)<ka?u>0?1:0:u>0?3:2}function i(n,t){return o(n.x,t.x)}function o(n,t){var e=u(n,1),r=u(t,1);return e!==r?e-r:0===e?t[1]-n[1]:1===e?n[0]-t[0]:2===e?n[1]-t[1]:t[0]-n[0]}return function(a){function c(n){for(var t=0,e=d.length,r=n[1],u=0;e>u;++u)for(var i,o=1,a=d[u],c=a.length,s=a[0];c>o;++o)i=a[o],s[1]<=r?i[1]>r&&W(s,i,n)>0&&++t:i[1]<=r&&W(s,i,n)<0&&--t,s=i;return 0!==t}function s(i,a,c,s){var l=0,f=0;if(null==i||(l=u(i,c))!==(f=u(a,c))||o(i,a)<0^c>0){do s.point(0===l||3===l?n:e,l>1?r:t);while((l=(l+c+4)%4)!==f)}else s.point(a[0],a[1])}function l(u,i){return u>=n&&e>=u&&i>=t&&r>=i}function f(n,t){l(n,t)&&a.point(n,t)}function h(){N.point=p,d&&d.push(m=[]),S=!0,w=!1,_=b=0/0}function g(){v&&(p(y,x),M&&w&&A.rejoin(),v.push(A.buffer())),N.point=f,w&&a.lineEnd()}function p(n,t){n=Math.max(-kc,Math.min(kc,n)),t=Math.max(-kc,Math.min(kc,t));var e=l(n,t);if(d&&m.push([n,t]),S)y=n,x=t,M=e,S=!1,e&&(a.lineStart(),a.point(n,t));else if(e&&w)a.point(n,t);else{var r={a:{x:_,y:b},b:{x:n,y:t}};C(r)?(w||(a.lineStart(),a.point(r.a.x,r.a.y)),a.point(r.b.x,r.b.y),e||a.lineEnd(),k=!1):e&&(a.lineStart(),a.point(n,t),k=!1)}_=n,b=t,w=e}var v,d,m,y,x,M,_,b,w,S,k,E=a,A=Ne(),C=Pe(n,t,e,r),N={point:f,lineStart:h,lineEnd:g,polygonStart:function(){a=A,v=[],d=[],k=!0},polygonEnd:function(){a=E,v=Zo.merge(v);var t=c([n,r]),e=k&&t,u=v.length;(e||u)&&(a.polygonStart(),e&&(a.lineStart(),s(null,null,1,a),a.lineEnd()),u&&Se(v,i,t,s,a),a.polygonEnd()),v=d=m=null}};return N}}function je(n,t){function e(e,r){return e=n(e,r),t(e[0],e[1])}return n.invert&&t.invert&&(e.invert=function(e,r){return e=t.invert(e,r),e&&n.invert(e[0],e[1])}),e}function He(n){var t=0,e=ba/3,r=tr(n),u=r(t,e);return u.parallels=function(n){return arguments.length?r(t=n[0]*ba/180,e=n[1]*ba/180):[180*(t/ba),180*(e/ba)]},u}function Fe(n,t){function e(n,t){var e=Math.sqrt(i-2*u*Math.sin(t))/u;return[e*Math.sin(n*=u),o-e*Math.cos(n)]}var r=Math.sin(n),u=(r+Math.sin(t))/2,i=1+r*(2*u-r),o=Math.sqrt(i)/u;return e.invert=function(n,t){var e=o-t;return[Math.atan2(n,e)/u,G((i-(n*n+e*e)*u*u)/(2*u))]},e}function Oe(){function n(n,t){Ac+=u*n-r*t,r=n,u=t}var t,e,r,u;Tc.point=function(i,o){Tc.point=n,t=r=i,e=u=o},Tc.lineEnd=function(){n(t,e)}}function Ye(n,t){Cc>n&&(Cc=n),n>zc&&(zc=n),Nc>t&&(Nc=t),t>Lc&&(Lc=t)}function Ie(){function n(n,t){o.push("M",n,",",t,i)}function t(n,t){o.push("M",n,",",t),a.point=e}function e(n,t){o.push("L",n,",",t)}function r(){a.point=n}function u(){o.push("Z")}var i=Ze(4.5),o=[],a={point:n,lineStart:function(){a.point=t},lineEnd:r,polygonStart:function(){a.lineEnd=u},polygonEnd:function(){a.lineEnd=r,a.point=n},pointRadius:function(n){return i=Ze(n),a},result:function(){if(o.length){var n=o.join("");return o=[],n}}};return a}function Ze(n){return"m0,"+n+"a"+n+","+n+" 0 1,1 0,"+-2*n+"a"+n+","+n+" 0 1,1 0,"+2*n+"z"}function Ve(n,t){pc+=n,vc+=t,++dc}function Xe(){function n(n,r){var u=n-t,i=r-e,o=Math.sqrt(u*u+i*i);mc+=o*(t+n)/2,yc+=o*(e+r)/2,xc+=o,Ve(t=n,e=r)}var t,e;Rc.point=function(r,u){Rc.point=n,Ve(t=r,e=u)}}function $e(){Rc.point=Ve}function Be(){function n(n,t){var e=n-r,i=t-u,o=Math.sqrt(e*e+i*i);mc+=o*(r+n)/2,yc+=o*(u+t)/2,xc+=o,o=u*n-r*t,Mc+=o*(r+n),_c+=o*(u+t),bc+=3*o,Ve(r=n,u=t)}var t,e,r,u;Rc.point=function(i,o){Rc.point=n,Ve(t=r=i,e=u=o)},Rc.lineEnd=function(){n(t,e)}}function We(n){function t(t,e){n.moveTo(t,e),n.arc(t,e,o,0,wa)}function e(t,e){n.moveTo(t,e),a.point=r}function r(t,e){n.lineTo(t,e)}function u(){a.point=t}function i(){n.closePath()}var o=4.5,a={point:t,lineStart:function(){a.point=e},lineEnd:u,polygonStart:function(){a.lineEnd=i},polygonEnd:function(){a.lineEnd=u,a.point=t},pointRadius:function(n){return o=n,a},result:v};return a}function Je(n){function t(n){return(a?r:e)(n)}function e(t){return Qe(t,function(e,r){e=n(e,r),t.point(e[0],e[1])})}function r(t){function e(e,r){e=n(e,r),t.point(e[0],e[1])}function r(){x=0/0,S.point=i,t.lineStart()}function i(e,r){var i=le([e,r]),o=n(e,r);u(x,M,y,_,b,w,x=o[0],M=o[1],y=e,_=i[0],b=i[1],w=i[2],a,t),t.point(x,M)}function o(){S.point=e,t.lineEnd()}function c(){r(),S.point=s,S.lineEnd=l}function s(n,t){i(f=n,h=t),g=x,p=M,v=_,d=b,m=w,S.point=i}function l(){u(x,M,y,_,b,w,g,p,f,v,d,m,a,t),S.lineEnd=o,o()}var f,h,g,p,v,d,m,y,x,M,_,b,w,S={point:e,lineStart:r,lineEnd:o,polygonStart:function(){t.polygonStart(),S.lineStart=c},polygonEnd:function(){t.polygonEnd(),S.lineStart=r}};return S}function u(t,e,r,a,c,s,l,f,h,g,p,v,d,m){var y=l-t,x=f-e,M=y*y+x*x;if(M>4*i&&d--){var _=a+g,b=c+p,w=s+v,S=Math.sqrt(_*_+b*b+w*w),k=Math.asin(w/=S),E=ua(ua(w)-1)<ka||ua(r-h)<ka?(r+h)/2:Math.atan2(b,_),A=n(E,k),C=A[0],N=A[1],z=C-t,L=N-e,T=x*z-y*L;(T*T/M>i||ua((y*z+x*L)/M-.5)>.3||o>a*g+c*p+s*v)&&(u(t,e,r,a,c,s,C,N,E,_/=S,b/=S,w,d,m),m.point(C,N),u(C,N,E,_,b,w,l,f,h,g,p,v,d,m))}}var i=.5,o=Math.cos(30*Aa),a=16;
-return t.precision=function(n){return arguments.length?(a=(i=n*n)>0&&16,t):Math.sqrt(i)},t}function Ge(n){var t=Je(function(t,e){return n([t*Ca,e*Ca])});return function(n){return er(t(n))}}function Ke(n){this.stream=n}function Qe(n,t){return{point:t,sphere:function(){n.sphere()},lineStart:function(){n.lineStart()},lineEnd:function(){n.lineEnd()},polygonStart:function(){n.polygonStart()},polygonEnd:function(){n.polygonEnd()}}}function nr(n){return tr(function(){return n})()}function tr(n){function t(n){return n=a(n[0]*Aa,n[1]*Aa),[n[0]*h+c,s-n[1]*h]}function e(n){return n=a.invert((n[0]-c)/h,(s-n[1])/h),n&&[n[0]*Ca,n[1]*Ca]}function r(){a=je(o=ir(m,y,x),i);var n=i(v,d);return c=g-n[0]*h,s=p+n[1]*h,u()}function u(){return l&&(l.valid=!1,l=null),t}var i,o,a,c,s,l,f=Je(function(n,t){return n=i(n,t),[n[0]*h+c,s-n[1]*h]}),h=150,g=480,p=250,v=0,d=0,m=0,y=0,x=0,M=Sc,_=wt,b=null,w=null;return t.stream=function(n){return l&&(l.valid=!1),l=er(M(o,f(_(n)))),l.valid=!0,l},t.clipAngle=function(n){return arguments.length?(M=null==n?(b=n,Sc):De((b=+n)*Aa),u()):b},t.clipExtent=function(n){return arguments.length?(w=n,_=n?Ue(n[0][0],n[0][1],n[1][0],n[1][1]):wt,u()):w},t.scale=function(n){return arguments.length?(h=+n,r()):h},t.translate=function(n){return arguments.length?(g=+n[0],p=+n[1],r()):[g,p]},t.center=function(n){return arguments.length?(v=n[0]%360*Aa,d=n[1]%360*Aa,r()):[v*Ca,d*Ca]},t.rotate=function(n){return arguments.length?(m=n[0]%360*Aa,y=n[1]%360*Aa,x=n.length>2?n[2]%360*Aa:0,r()):[m*Ca,y*Ca,x*Ca]},Zo.rebind(t,f,"precision"),function(){return i=n.apply(this,arguments),t.invert=i.invert&&e,r()}}function er(n){return Qe(n,function(t,e){n.point(t*Aa,e*Aa)})}function rr(n,t){return[n,t]}function ur(n,t){return[n>ba?n-wa:-ba>n?n+wa:n,t]}function ir(n,t,e){return n?t||e?je(ar(n),cr(t,e)):ar(n):t||e?cr(t,e):ur}function or(n){return function(t,e){return t+=n,[t>ba?t-wa:-ba>t?t+wa:t,e]}}function ar(n){var t=or(n);return t.invert=or(-n),t}function cr(n,t){function e(n,t){var e=Math.cos(t),a=Math.cos(n)*e,c=Math.sin(n)*e,s=Math.sin(t),l=s*r+a*u;return[Math.atan2(c*i-l*o,a*r-s*u),G(l*i+c*o)]}var r=Math.cos(n),u=Math.sin(n),i=Math.cos(t),o=Math.sin(t);return e.invert=function(n,t){var e=Math.cos(t),a=Math.cos(n)*e,c=Math.sin(n)*e,s=Math.sin(t),l=s*i-c*o;return[Math.atan2(c*i+s*o,a*r+l*u),G(l*r-a*u)]},e}function sr(n,t){var e=Math.cos(n),r=Math.sin(n);return function(u,i,o,a){var c=o*t;null!=u?(u=lr(e,u),i=lr(e,i),(o>0?i>u:u>i)&&(u+=o*wa)):(u=n+o*wa,i=n-.5*c);for(var s,l=u;o>0?l>i:i>l;l-=c)a.point((s=de([e,-r*Math.cos(l),-r*Math.sin(l)]))[0],s[1])}}function lr(n,t){var e=le(t);e[0]-=n,ve(e);var r=J(-e[1]);return((-e[2]<0?-r:r)+2*Math.PI-ka)%(2*Math.PI)}function fr(n,t,e){var r=Zo.range(n,t-ka,e).concat(t);return function(n){return r.map(function(t){return[n,t]})}}function hr(n,t,e){var r=Zo.range(n,t-ka,e).concat(t);return function(n){return r.map(function(t){return[t,n]})}}function gr(n){return n.source}function pr(n){return n.target}function vr(n,t,e,r){var u=Math.cos(t),i=Math.sin(t),o=Math.cos(r),a=Math.sin(r),c=u*Math.cos(n),s=u*Math.sin(n),l=o*Math.cos(e),f=o*Math.sin(e),h=2*Math.asin(Math.sqrt(tt(r-t)+u*o*tt(e-n))),g=1/Math.sin(h),p=h?function(n){var t=Math.sin(n*=h)*g,e=Math.sin(h-n)*g,r=e*c+t*l,u=e*s+t*f,o=e*i+t*a;return[Math.atan2(u,r)*Ca,Math.atan2(o,Math.sqrt(r*r+u*u))*Ca]}:function(){return[n*Ca,t*Ca]};return p.distance=h,p}function dr(){function n(n,u){var i=Math.sin(u*=Aa),o=Math.cos(u),a=ua((n*=Aa)-t),c=Math.cos(a);Dc+=Math.atan2(Math.sqrt((a=o*Math.sin(a))*a+(a=r*i-e*o*c)*a),e*i+r*o*c),t=n,e=i,r=o}var t,e,r;Pc.point=function(u,i){t=u*Aa,e=Math.sin(i*=Aa),r=Math.cos(i),Pc.point=n},Pc.lineEnd=function(){Pc.point=Pc.lineEnd=v}}function mr(n,t){function e(t,e){var r=Math.cos(t),u=Math.cos(e),i=n(r*u);return[i*u*Math.sin(t),i*Math.sin(e)]}return e.invert=function(n,e){var r=Math.sqrt(n*n+e*e),u=t(r),i=Math.sin(u),o=Math.cos(u);return[Math.atan2(n*i,r*o),Math.asin(r&&e*i/r)]},e}function yr(n,t){function e(n,t){o>0?-Sa+ka>t&&(t=-Sa+ka):t>Sa-ka&&(t=Sa-ka);var e=o/Math.pow(u(t),i);return[e*Math.sin(i*n),o-e*Math.cos(i*n)]}var r=Math.cos(n),u=function(n){return Math.tan(ba/4+n/2)},i=n===t?Math.sin(n):Math.log(r/Math.cos(t))/Math.log(u(t)/u(n)),o=r*Math.pow(u(n),i)/i;return i?(e.invert=function(n,t){var e=o-t,r=B(i)*Math.sqrt(n*n+e*e);return[Math.atan2(n,e)/i,2*Math.atan(Math.pow(o/r,1/i))-Sa]},e):Mr}function xr(n,t){function e(n,t){var e=i-t;return[e*Math.sin(u*n),i-e*Math.cos(u*n)]}var r=Math.cos(n),u=n===t?Math.sin(n):(r-Math.cos(t))/(t-n),i=r/u+n;return ua(u)<ka?rr:(e.invert=function(n,t){var e=i-t;return[Math.atan2(n,e)/u,i-B(u)*Math.sqrt(n*n+e*e)]},e)}function Mr(n,t){return[n,Math.log(Math.tan(ba/4+t/2))]}function _r(n){var t,e=nr(n),r=e.scale,u=e.translate,i=e.clipExtent;return e.scale=function(){var n=r.apply(e,arguments);return n===e?t?e.clipExtent(null):e:n},e.translate=function(){var n=u.apply(e,arguments);return n===e?t?e.clipExtent(null):e:n},e.clipExtent=function(n){var o=i.apply(e,arguments);if(o===e){if(t=null==n){var a=ba*r(),c=u();i([[c[0]-a,c[1]-a],[c[0]+a,c[1]+a]])}}else t&&(o=null);return o},e.clipExtent(null)}function br(n,t){return[Math.log(Math.tan(ba/4+t/2)),-n]}function wr(n){return n[0]}function Sr(n){return n[1]}function kr(n){for(var t=n.length,e=[0,1],r=2,u=2;t>u;u++){for(;r>1&&W(n[e[r-2]],n[e[r-1]],n[u])<=0;)--r;e[r++]=u}return e.slice(0,r)}function Er(n,t){return n[0]-t[0]||n[1]-t[1]}function Ar(n,t,e){return(e[0]-t[0])*(n[1]-t[1])<(e[1]-t[1])*(n[0]-t[0])}function Cr(n,t,e,r){var u=n[0],i=e[0],o=t[0]-u,a=r[0]-i,c=n[1],s=e[1],l=t[1]-c,f=r[1]-s,h=(a*(c-s)-f*(u-i))/(f*o-a*l);return[u+h*o,c+h*l]}function Nr(n){var t=n[0],e=n[n.length-1];return!(t[0]-e[0]||t[1]-e[1])}function zr(){Gr(this),this.edge=this.site=this.circle=null}function Lr(n){var t=Bc.pop()||new zr;return t.site=n,t}function Tr(n){Yr(n),Vc.remove(n),Bc.push(n),Gr(n)}function qr(n){var t=n.circle,e=t.x,r=t.cy,u={x:e,y:r},i=n.P,o=n.N,a=[n];Tr(n);for(var c=i;c.circle&&ua(e-c.circle.x)<ka&&ua(r-c.circle.cy)<ka;)i=c.P,a.unshift(c),Tr(c),c=i;a.unshift(c),Yr(c);for(var s=o;s.circle&&ua(e-s.circle.x)<ka&&ua(r-s.circle.cy)<ka;)o=s.N,a.push(s),Tr(s),s=o;a.push(s),Yr(s);var l,f=a.length;for(l=1;f>l;++l)s=a[l],c=a[l-1],Br(s.edge,c.site,s.site,u);c=a[0],s=a[f-1],s.edge=Xr(c.site,s.site,null,u),Or(c),Or(s)}function Rr(n){for(var t,e,r,u,i=n.x,o=n.y,a=Vc._;a;)if(r=Dr(a,o)-i,r>ka)a=a.L;else{if(u=i-Pr(a,o),!(u>ka)){r>-ka?(t=a.P,e=a):u>-ka?(t=a,e=a.N):t=e=a;break}if(!a.R){t=a;break}a=a.R}var c=Lr(n);if(Vc.insert(t,c),t||e){if(t===e)return Yr(t),e=Lr(t.site),Vc.insert(c,e),c.edge=e.edge=Xr(t.site,c.site),Or(t),Or(e),void 0;if(!e)return c.edge=Xr(t.site,c.site),void 0;Yr(t),Yr(e);var s=t.site,l=s.x,f=s.y,h=n.x-l,g=n.y-f,p=e.site,v=p.x-l,d=p.y-f,m=2*(h*d-g*v),y=h*h+g*g,x=v*v+d*d,M={x:(d*y-g*x)/m+l,y:(h*x-v*y)/m+f};Br(e.edge,s,p,M),c.edge=Xr(s,n,null,M),e.edge=Xr(n,p,null,M),Or(t),Or(e)}}function Dr(n,t){var e=n.site,r=e.x,u=e.y,i=u-t;if(!i)return r;var o=n.P;if(!o)return-1/0;e=o.site;var a=e.x,c=e.y,s=c-t;if(!s)return a;var l=a-r,f=1/i-1/s,h=l/s;return f?(-h+Math.sqrt(h*h-2*f*(l*l/(-2*s)-c+s/2+u-i/2)))/f+r:(r+a)/2}function Pr(n,t){var e=n.N;if(e)return Dr(e,t);var r=n.site;return r.y===t?r.x:1/0}function Ur(n){this.site=n,this.edges=[]}function jr(n){for(var t,e,r,u,i,o,a,c,s,l,f=n[0][0],h=n[1][0],g=n[0][1],p=n[1][1],v=Zc,d=v.length;d--;)if(i=v[d],i&&i.prepare())for(a=i.edges,c=a.length,o=0;c>o;)l=a[o].end(),r=l.x,u=l.y,s=a[++o%c].start(),t=s.x,e=s.y,(ua(r-t)>ka||ua(u-e)>ka)&&(a.splice(o,0,new Wr($r(i.site,l,ua(r-f)<ka&&p-u>ka?{x:f,y:ua(t-f)<ka?e:p}:ua(u-p)<ka&&h-r>ka?{x:ua(e-p)<ka?t:h,y:p}:ua(r-h)<ka&&u-g>ka?{x:h,y:ua(t-h)<ka?e:g}:ua(u-g)<ka&&r-f>ka?{x:ua(e-g)<ka?t:f,y:g}:null),i.site,null)),++c)}function Hr(n,t){return t.angle-n.angle}function Fr(){Gr(this),this.x=this.y=this.arc=this.site=this.cy=null}function Or(n){var t=n.P,e=n.N;if(t&&e){var r=t.site,u=n.site,i=e.site;if(r!==i){var o=u.x,a=u.y,c=r.x-o,s=r.y-a,l=i.x-o,f=i.y-a,h=2*(c*f-s*l);if(!(h>=-Ea)){var g=c*c+s*s,p=l*l+f*f,v=(f*g-s*p)/h,d=(c*p-l*g)/h,f=d+a,m=Wc.pop()||new Fr;m.arc=n,m.site=u,m.x=v+o,m.y=f+Math.sqrt(v*v+d*d),m.cy=f,n.circle=m;for(var y=null,x=$c._;x;)if(m.y<x.y||m.y===x.y&&m.x<=x.x){if(!x.L){y=x.P;break}x=x.L}else{if(!x.R){y=x;break}x=x.R}$c.insert(y,m),y||(Xc=m)}}}}function Yr(n){var t=n.circle;t&&(t.P||(Xc=t.N),$c.remove(t),Wc.push(t),Gr(t),n.circle=null)}function Ir(n){for(var t,e=Ic,r=Pe(n[0][0],n[0][1],n[1][0],n[1][1]),u=e.length;u--;)t=e[u],(!Zr(t,n)||!r(t)||ua(t.a.x-t.b.x)<ka&&ua(t.a.y-t.b.y)<ka)&&(t.a=t.b=null,e.splice(u,1))}function Zr(n,t){var e=n.b;if(e)return!0;var r,u,i=n.a,o=t[0][0],a=t[1][0],c=t[0][1],s=t[1][1],l=n.l,f=n.r,h=l.x,g=l.y,p=f.x,v=f.y,d=(h+p)/2,m=(g+v)/2;if(v===g){if(o>d||d>=a)return;if(h>p){if(i){if(i.y>=s)return}else i={x:d,y:c};e={x:d,y:s}}else{if(i){if(i.y<c)return}else i={x:d,y:s};e={x:d,y:c}}}else if(r=(h-p)/(v-g),u=m-r*d,-1>r||r>1)if(h>p){if(i){if(i.y>=s)return}else i={x:(c-u)/r,y:c};e={x:(s-u)/r,y:s}}else{if(i){if(i.y<c)return}else i={x:(s-u)/r,y:s};e={x:(c-u)/r,y:c}}else if(v>g){if(i){if(i.x>=a)return}else i={x:o,y:r*o+u};e={x:a,y:r*a+u}}else{if(i){if(i.x<o)return}else i={x:a,y:r*a+u};e={x:o,y:r*o+u}}return n.a=i,n.b=e,!0}function Vr(n,t){this.l=n,this.r=t,this.a=this.b=null}function Xr(n,t,e,r){var u=new Vr(n,t);return Ic.push(u),e&&Br(u,n,t,e),r&&Br(u,t,n,r),Zc[n.i].edges.push(new Wr(u,n,t)),Zc[t.i].edges.push(new Wr(u,t,n)),u}function $r(n,t,e){var r=new Vr(n,null);return r.a=t,r.b=e,Ic.push(r),r}function Br(n,t,e,r){n.a||n.b?n.l===e?n.b=r:n.a=r:(n.a=r,n.l=t,n.r=e)}function Wr(n,t,e){var r=n.a,u=n.b;this.edge=n,this.site=t,this.angle=e?Math.atan2(e.y-t.y,e.x-t.x):n.l===t?Math.atan2(u.x-r.x,r.y-u.y):Math.atan2(r.x-u.x,u.y-r.y)}function Jr(){this._=null}function Gr(n){n.U=n.C=n.L=n.R=n.P=n.N=null}function Kr(n,t){var e=t,r=t.R,u=e.U;u?u.L===e?u.L=r:u.R=r:n._=r,r.U=u,e.U=r,e.R=r.L,e.R&&(e.R.U=e),r.L=e}function Qr(n,t){var e=t,r=t.L,u=e.U;u?u.L===e?u.L=r:u.R=r:n._=r,r.U=u,e.U=r,e.L=r.R,e.L&&(e.L.U=e),r.R=e}function nu(n){for(;n.L;)n=n.L;return n}function tu(n,t){var e,r,u,i=n.sort(eu).pop();for(Ic=[],Zc=new Array(n.length),Vc=new Jr,$c=new Jr;;)if(u=Xc,i&&(!u||i.y<u.y||i.y===u.y&&i.x<u.x))(i.x!==e||i.y!==r)&&(Zc[i.i]=new Ur(i),Rr(i),e=i.x,r=i.y),i=n.pop();else{if(!u)break;qr(u.arc)}t&&(Ir(t),jr(t));var o={cells:Zc,edges:Ic};return Vc=$c=Ic=Zc=null,o}function eu(n,t){return t.y-n.y||t.x-n.x}function ru(n,t,e){return(n.x-e.x)*(t.y-n.y)-(n.x-t.x)*(e.y-n.y)}function uu(n){return n.x}function iu(n){return n.y}function ou(){return{leaf:!0,nodes:[],point:null,x:null,y:null}}function au(n,t,e,r,u,i){if(!n(t,e,r,u,i)){var o=.5*(e+u),a=.5*(r+i),c=t.nodes;c[0]&&au(n,c[0],e,r,o,a),c[1]&&au(n,c[1],o,r,u,a),c[2]&&au(n,c[2],e,a,o,i),c[3]&&au(n,c[3],o,a,u,i)}}function cu(n,t){n=Zo.rgb(n),t=Zo.rgb(t);var e=n.r,r=n.g,u=n.b,i=t.r-e,o=t.g-r,a=t.b-u;return function(n){return"#"+dt(Math.round(e+i*n))+dt(Math.round(r+o*n))+dt(Math.round(u+a*n))}}function su(n,t){var e,r={},u={};for(e in n)e in t?r[e]=hu(n[e],t[e]):u[e]=n[e];for(e in t)e in n||(u[e]=t[e]);return function(n){for(e in r)u[e]=r[e](n);return u}}function lu(n,t){return t-=n=+n,function(e){return n+t*e}}function fu(n,t){var e,r,u,i=Gc.lastIndex=Kc.lastIndex=0,o=-1,a=[],c=[];for(n+="",t+="";(e=Gc.exec(n))&&(r=Kc.exec(t));)(u=r.index)>i&&(u=t.substring(i,u),a[o]?a[o]+=u:a[++o]=u),(e=e[0])===(r=r[0])?a[o]?a[o]+=r:a[++o]=r:(a[++o]=null,c.push({i:o,x:lu(e,r)})),i=Kc.lastIndex;return i<t.length&&(u=t.substring(i),a[o]?a[o]+=u:a[++o]=u),a.length<2?c[0]?(t=c[0].x,function(n){return t(n)+""}):function(){return t}:(t=c.length,function(n){for(var e,r=0;t>r;++r)a[(e=c[r]).i]=e.x(n);return a.join("")})}function hu(n,t){for(var e,r=Zo.interpolators.length;--r>=0&&!(e=Zo.interpolators[r](n,t)););return e}function gu(n,t){var e,r=[],u=[],i=n.length,o=t.length,a=Math.min(n.length,t.length);for(e=0;a>e;++e)r.push(hu(n[e],t[e]));for(;i>e;++e)u[e]=n[e];for(;o>e;++e)u[e]=t[e];return function(n){for(e=0;a>e;++e)u[e]=r[e](n);return u}}function pu(n){return function(t){return 0>=t?0:t>=1?1:n(t)}}function vu(n){return function(t){return 1-n(1-t)}}function du(n){return function(t){return.5*(.5>t?n(2*t):2-n(2-2*t))}}function mu(n){return n*n}function yu(n){return n*n*n}function xu(n){if(0>=n)return 0;if(n>=1)return 1;var t=n*n,e=t*n;return 4*(.5>n?e:3*(n-t)+e-.75)}function Mu(n){return function(t){return Math.pow(t,n)}}function _u(n){return 1-Math.cos(n*Sa)}function bu(n){return Math.pow(2,10*(n-1))}function wu(n){return 1-Math.sqrt(1-n*n)}function Su(n,t){var e;return arguments.length<2&&(t=.45),arguments.length?e=t/wa*Math.asin(1/n):(n=1,e=t/4),function(r){return 1+n*Math.pow(2,-10*r)*Math.sin((r-e)*wa/t)}}function ku(n){return n||(n=1.70158),function(t){return t*t*((n+1)*t-n)}}function Eu(n){return 1/2.75>n?7.5625*n*n:2/2.75>n?7.5625*(n-=1.5/2.75)*n+.75:2.5/2.75>n?7.5625*(n-=2.25/2.75)*n+.9375:7.5625*(n-=2.625/2.75)*n+.984375}function Au(n,t){n=Zo.hcl(n),t=Zo.hcl(t);var e=n.h,r=n.c,u=n.l,i=t.h-e,o=t.c-r,a=t.l-u;return isNaN(o)&&(o=0,r=isNaN(r)?t.c:r),isNaN(i)?(i=0,e=isNaN(e)?t.h:e):i>180?i-=360:-180>i&&(i+=360),function(n){return ot(e+i*n,r+o*n,u+a*n)+""}}function Cu(n,t){n=Zo.hsl(n),t=Zo.hsl(t);var e=n.h,r=n.s,u=n.l,i=t.h-e,o=t.s-r,a=t.l-u;return isNaN(o)&&(o=0,r=isNaN(r)?t.s:r),isNaN(i)?(i=0,e=isNaN(e)?t.h:e):i>180?i-=360:-180>i&&(i+=360),function(n){return ut(e+i*n,r+o*n,u+a*n)+""}}function Nu(n,t){n=Zo.lab(n),t=Zo.lab(t);var e=n.l,r=n.a,u=n.b,i=t.l-e,o=t.a-r,a=t.b-u;return function(n){return ct(e+i*n,r+o*n,u+a*n)+""}}function zu(n,t){return t-=n,function(e){return Math.round(n+t*e)}}function Lu(n){var t=[n.a,n.b],e=[n.c,n.d],r=qu(t),u=Tu(t,e),i=qu(Ru(e,t,-u))||0;t[0]*e[1]<e[0]*t[1]&&(t[0]*=-1,t[1]*=-1,r*=-1,u*=-1),this.rotate=(r?Math.atan2(t[1],t[0]):Math.atan2(-e[0],e[1]))*Ca,this.translate=[n.e,n.f],this.scale=[r,i],this.skew=i?Math.atan2(u,i)*Ca:0}function Tu(n,t){return n[0]*t[0]+n[1]*t[1]}function qu(n){var t=Math.sqrt(Tu(n,n));return t&&(n[0]/=t,n[1]/=t),t}function Ru(n,t,e){return n[0]+=e*t[0],n[1]+=e*t[1],n}function Du(n,t){var e,r=[],u=[],i=Zo.transform(n),o=Zo.transform(t),a=i.translate,c=o.translate,s=i.rotate,l=o.rotate,f=i.skew,h=o.skew,g=i.scale,p=o.scale;return a[0]!=c[0]||a[1]!=c[1]?(r.push("translate(",null,",",null,")"),u.push({i:1,x:lu(a[0],c[0])},{i:3,x:lu(a[1],c[1])})):c[0]||c[1]?r.push("translate("+c+")"):r.push(""),s!=l?(s-l>180?l+=360:l-s>180&&(s+=360),u.push({i:r.push(r.pop()+"rotate(",null,")")-2,x:lu(s,l)})):l&&r.push(r.pop()+"rotate("+l+")"),f!=h?u.push({i:r.push(r.pop()+"skewX(",null,")")-2,x:lu(f,h)}):h&&r.push(r.pop()+"skewX("+h+")"),g[0]!=p[0]||g[1]!=p[1]?(e=r.push(r.pop()+"scale(",null,",",null,")"),u.push({i:e-4,x:lu(g[0],p[0])},{i:e-2,x:lu(g[1],p[1])})):(1!=p[0]||1!=p[1])&&r.push(r.pop()+"scale("+p+")"),e=u.length,function(n){for(var t,i=-1;++i<e;)r[(t=u[i]).i]=t.x(n);return r.join("")}}function Pu(n,t){return t=t-(n=+n)?1/(t-n):0,function(e){return(e-n)*t}}function Uu(n,t){return t=t-(n=+n)?1/(t-n):0,function(e){return Math.max(0,Math.min(1,(e-n)*t))}}function ju(n){for(var t=n.source,e=n.target,r=Fu(t,e),u=[t];t!==r;)t=t.parent,u.push(t);for(var i=u.length;e!==r;)u.splice(i,0,e),e=e.parent;return u}function Hu(n){for(var t=[],e=n.parent;null!=e;)t.push(n),n=e,e=e.parent;return t.push(n),t}function Fu(n,t){if(n===t)return n;for(var e=Hu(n),r=Hu(t),u=e.pop(),i=r.pop(),o=null;u===i;)o=u,u=e.pop(),i=r.pop();return o}function Ou(n){n.fixed|=2}function Yu(n){n.fixed&=-7}function Iu(n){n.fixed|=4,n.px=n.x,n.py=n.y}function Zu(n){n.fixed&=-5}function Vu(n,t,e){var r=0,u=0;if(n.charge=0,!n.leaf)for(var i,o=n.nodes,a=o.length,c=-1;++c<a;)i=o[c],null!=i&&(Vu(i,t,e),n.charge+=i.charge,r+=i.charge*i.cx,u+=i.charge*i.cy);if(n.point){n.leaf||(n.point.x+=Math.random()-.5,n.point.y+=Math.random()-.5);var s=t*e[n.point.index];n.charge+=n.pointCharge=s,r+=s*n.point.x,u+=s*n.point.y}n.cx=r/n.charge,n.cy=u/n.charge}function Xu(n,t){return Zo.rebind(n,t,"sort","children","value"),n.nodes=n,n.links=Ku,n}function $u(n,t){for(var e=[n];null!=(n=e.pop());)if(t(n),(u=n.children)&&(r=u.length))for(var r,u;--r>=0;)e.push(u[r])}function Bu(n,t){for(var e=[n],r=[];null!=(n=e.pop());)if(r.push(n),(i=n.children)&&(u=i.length))for(var u,i,o=-1;++o<u;)e.push(i[o]);for(;null!=(n=r.pop());)t(n)}function Wu(n){return n.children}function Ju(n){return n.value}function Gu(n,t){return t.value-n.value}function Ku(n){return Zo.merge(n.map(function(n){return(n.children||[]).map(function(t){return{source:n,target:t}})}))}function Qu(n){return n.x}function ni(n){return n.y}function ti(n,t,e){n.y0=t,n.y=e}function ei(n){return Zo.range(n.length)}function ri(n){for(var t=-1,e=n[0].length,r=[];++t<e;)r[t]=0;return r}function ui(n){for(var t,e=1,r=0,u=n[0][1],i=n.length;i>e;++e)(t=n[e][1])>u&&(r=e,u=t);return r}function ii(n){return n.reduce(oi,0)}function oi(n,t){return n+t[1]}function ai(n,t){return ci(n,Math.ceil(Math.log(t.length)/Math.LN2+1))}function ci(n,t){for(var e=-1,r=+n[0],u=(n[1]-r)/t,i=[];++e<=t;)i[e]=u*e+r;return i}function si(n){return[Zo.min(n),Zo.max(n)]}function li(n,t){return n.value-t.value}function fi(n,t){var e=n._pack_next;n._pack_next=t,t._pack_prev=n,t._pack_next=e,e._pack_prev=t}function hi(n,t){n._pack_next=t,t._pack_prev=n}function gi(n,t){var e=t.x-n.x,r=t.y-n.y,u=n.r+t.r;return.999*u*u>e*e+r*r}function pi(n){function t(n){l=Math.min(n.x-n.r,l),f=Math.max(n.x+n.r,f),h=Math.min(n.y-n.r,h),g=Math.max(n.y+n.r,g)}if((e=n.children)&&(s=e.length)){var e,r,u,i,o,a,c,s,l=1/0,f=-1/0,h=1/0,g=-1/0;if(e.forEach(vi),r=e[0],r.x=-r.r,r.y=0,t(r),s>1&&(u=e[1],u.x=u.r,u.y=0,t(u),s>2))for(i=e[2],yi(r,u,i),t(i),fi(r,i),r._pack_prev=i,fi(i,u),u=r._pack_next,o=3;s>o;o++){yi(r,u,i=e[o]);var p=0,v=1,d=1;for(a=u._pack_next;a!==u;a=a._pack_next,v++)if(gi(a,i)){p=1;break}if(1==p)for(c=r._pack_prev;c!==a._pack_prev&&!gi(c,i);c=c._pack_prev,d++);p?(d>v||v==d&&u.r<r.r?hi(r,u=a):hi(r=c,u),o--):(fi(r,i),u=i,t(i))}var m=(l+f)/2,y=(h+g)/2,x=0;for(o=0;s>o;o++)i=e[o],i.x-=m,i.y-=y,x=Math.max(x,i.r+Math.sqrt(i.x*i.x+i.y*i.y));n.r=x,e.forEach(di)}}function vi(n){n._pack_next=n._pack_prev=n}function di(n){delete n._pack_next,delete n._pack_prev}function mi(n,t,e,r){var u=n.children;if(n.x=t+=r*n.x,n.y=e+=r*n.y,n.r*=r,u)for(var i=-1,o=u.length;++i<o;)mi(u[i],t,e,r)}function yi(n,t,e){var r=n.r+e.r,u=t.x-n.x,i=t.y-n.y;if(r&&(u||i)){var o=t.r+e.r,a=u*u+i*i;o*=o,r*=r;var c=.5+(r-o)/(2*a),s=Math.sqrt(Math.max(0,2*o*(r+a)-(r-=a)*r-o*o))/(2*a);e.x=n.x+c*u+s*i,e.y=n.y+c*i-s*u}else e.x=n.x+r,e.y=n.y}function xi(n,t){return n.parent==t.parent?1:2}function Mi(n){var t=n.children;return t.length?t[0]:n.t}function _i(n){var t,e=n.children;return(t=e.length)?e[t-1]:n.t}function bi(n,t,e){var r=e/(t.i-n.i);t.c-=r,t.s+=e,n.c+=r,t.z+=e,t.m+=e}function wi(n){for(var t,e=0,r=0,u=n.children,i=u.length;--i>=0;)t=u[i],t.z+=e,t.m+=e,e+=t.s+(r+=t.c)}function Si(n,t,e){return n.a.parent===t.parent?n.a:e}function ki(n){return 1+Zo.max(n,function(n){return n.y})}function Ei(n){return n.reduce(function(n,t){return n+t.x},0)/n.length}function Ai(n){var t=n.children;return t&&t.length?Ai(t[0]):n}function Ci(n){var t,e=n.children;return e&&(t=e.length)?Ci(e[t-1]):n}function Ni(n){return{x:n.x,y:n.y,dx:n.dx,dy:n.dy}}function zi(n,t){var e=n.x+t[3],r=n.y+t[0],u=n.dx-t[1]-t[3],i=n.dy-t[0]-t[2];return 0>u&&(e+=u/2,u=0),0>i&&(r+=i/2,i=0),{x:e,y:r,dx:u,dy:i}}function Li(n){var t=n[0],e=n[n.length-1];return e>t?[t,e]:[e,t]}function Ti(n){return n.rangeExtent?n.rangeExtent():Li(n.range())}function qi(n,t,e,r){var u=e(n[0],n[1]),i=r(t[0],t[1]);return function(n){return i(u(n))}}function Ri(n,t){var e,r=0,u=n.length-1,i=n[r],o=n[u];return i>o&&(e=r,r=u,u=e,e=i,i=o,o=e),n[r]=t.floor(i),n[u]=t.ceil(o),n}function Di(n){return n?{floor:function(t){return Math.floor(t/n)*n},ceil:function(t){return Math.ceil(t/n)*n}}:ss}function Pi(n,t,e,r){var u=[],i=[],o=0,a=Math.min(n.length,t.length)-1;for(n[a]<n[0]&&(n=n.slice().reverse(),t=t.slice().reverse());++o<=a;)u.push(e(n[o-1],n[o])),i.push(r(t[o-1],t[o]));return function(t){var e=Zo.bisect(n,t,1,a)-1;return i[e](u[e](t))}}function Ui(n,t,e,r){function u(){var u=Math.min(n.length,t.length)>2?Pi:qi,c=r?Uu:Pu;return o=u(n,t,c,e),a=u(t,n,c,hu),i}function i(n){return o(n)}var o,a;return i.invert=function(n){return a(n)},i.domain=function(t){return arguments.length?(n=t.map(Number),u()):n},i.range=function(n){return arguments.length?(t=n,u()):t},i.rangeRound=function(n){return i.range(n).interpolate(zu)},i.clamp=function(n){return arguments.length?(r=n,u()):r},i.interpolate=function(n){return arguments.length?(e=n,u()):e},i.ticks=function(t){return Oi(n,t)},i.tickFormat=function(t,e){return Yi(n,t,e)},i.nice=function(t){return Hi(n,t),u()},i.copy=function(){return Ui(n,t,e,r)},u()}function ji(n,t){return Zo.rebind(n,t,"range","rangeRound","interpolate","clamp")}function Hi(n,t){return Ri(n,Di(Fi(n,t)[2]))}function Fi(n,t){null==t&&(t=10);var e=Li(n),r=e[1]-e[0],u=Math.pow(10,Math.floor(Math.log(r/t)/Math.LN10)),i=t/r*u;return.15>=i?u*=10:.35>=i?u*=5:.75>=i&&(u*=2),e[0]=Math.ceil(e[0]/u)*u,e[1]=Math.floor(e[1]/u)*u+.5*u,e[2]=u,e}function Oi(n,t){return Zo.range.apply(Zo,Fi(n,t))}function Yi(n,t,e){var r=Fi(n,t);if(e){var u=Ga.exec(e);if(u.shift(),"s"===u[8]){var i=Zo.formatPrefix(Math.max(ua(r[0]),ua(r[1])));return u[7]||(u[7]="."+Ii(i.scale(r[2]))),u[8]="f",e=Zo.format(u.join("")),function(n){return e(i.scale(n))+i.symbol}}u[7]||(u[7]="."+Zi(u[8],r)),e=u.join("")}else e=",."+Ii(r[2])+"f";return Zo.format(e)}function Ii(n){return-Math.floor(Math.log(n)/Math.LN10+.01)}function Zi(n,t){var e=Ii(t[2]);return n in ls?Math.abs(e-Ii(Math.max(ua(t[0]),ua(t[1]))))+ +("e"!==n):e-2*("%"===n)}function Vi(n,t,e,r){function u(n){return(e?Math.log(0>n?0:n):-Math.log(n>0?0:-n))/Math.log(t)}function i(n){return e?Math.pow(t,n):-Math.pow(t,-n)}function o(t){return n(u(t))}return o.invert=function(t){return i(n.invert(t))},o.domain=function(t){return arguments.length?(e=t[0]>=0,n.domain((r=t.map(Number)).map(u)),o):r},o.base=function(e){return arguments.length?(t=+e,n.domain(r.map(u)),o):t},o.nice=function(){var t=Ri(r.map(u),e?Math:hs);return n.domain(t),r=t.map(i),o},o.ticks=function(){var n=Li(r),o=[],a=n[0],c=n[1],s=Math.floor(u(a)),l=Math.ceil(u(c)),f=t%1?2:t;if(isFinite(l-s)){if(e){for(;l>s;s++)for(var h=1;f>h;h++)o.push(i(s)*h);o.push(i(s))}else for(o.push(i(s));s++<l;)for(var h=f-1;h>0;h--)o.push(i(s)*h);for(s=0;o[s]<a;s++);for(l=o.length;o[l-1]>c;l--);o=o.slice(s,l)}return o},o.tickFormat=function(n,t){if(!arguments.length)return fs;arguments.length<2?t=fs:"function"!=typeof t&&(t=Zo.format(t));var r,a=Math.max(.1,n/o.ticks().length),c=e?(r=1e-12,Math.ceil):(r=-1e-12,Math.floor);return function(n){return n/i(c(u(n)+r))<=a?t(n):""}},o.copy=function(){return Vi(n.copy(),t,e,r)},ji(o,n)}function Xi(n,t,e){function r(t){return n(u(t))}var u=$i(t),i=$i(1/t);return r.invert=function(t){return i(n.invert(t))},r.domain=function(t){return arguments.length?(n.domain((e=t.map(Number)).map(u)),r):e},r.ticks=function(n){return Oi(e,n)},r.tickFormat=function(n,t){return Yi(e,n,t)},r.nice=function(n){return r.domain(Hi(e,n))},r.exponent=function(o){return arguments.length?(u=$i(t=o),i=$i(1/t),n.domain(e.map(u)),r):t},r.copy=function(){return Xi(n.copy(),t,e)},ji(r,n)}function $i(n){return function(t){return 0>t?-Math.pow(-t,n):Math.pow(t,n)}}function Bi(n,t){function e(e){return i[((u.get(e)||("range"===t.t?u.set(e,n.push(e)):0/0))-1)%i.length]}function r(t,e){return Zo.range(n.length).map(function(n){return t+e*n})}var u,i,a;return e.domain=function(r){if(!arguments.length)return n;n=[],u=new o;for(var i,a=-1,c=r.length;++a<c;)u.has(i=r[a])||u.set(i,n.push(i));return e[t.t].apply(e,t.a)},e.range=function(n){return arguments.length?(i=n,a=0,t={t:"range",a:arguments},e):i},e.rangePoints=function(u,o){arguments.length<2&&(o=0);var c=u[0],s=u[1],l=(s-c)/(Math.max(1,n.length-1)+o);return i=r(n.length<2?(c+s)/2:c+l*o/2,l),a=0,t={t:"rangePoints",a:arguments},e},e.rangeBands=function(u,o,c){arguments.length<2&&(o=0),arguments.length<3&&(c=o);var s=u[1]<u[0],l=u[s-0],f=u[1-s],h=(f-l)/(n.length-o+2*c);return i=r(l+h*c,h),s&&i.reverse(),a=h*(1-o),t={t:"rangeBands",a:arguments},e},e.rangeRoundBands=function(u,o,c){arguments.length<2&&(o=0),arguments.length<3&&(c=o);var s=u[1]<u[0],l=u[s-0],f=u[1-s],h=Math.floor((f-l)/(n.length-o+2*c)),g=f-l-(n.length-o)*h;return i=r(l+Math.round(g/2),h),s&&i.reverse(),a=Math.round(h*(1-o)),t={t:"rangeRoundBands",a:arguments},e},e.rangeBand=function(){return a},e.rangeExtent=function(){return Li(t.a[0])},e.copy=function(){return Bi(n,t)},e.domain(n)}function Wi(e,r){function u(){var n=0,t=r.length;for(o=[];++n<t;)o[n-1]=Zo.quantile(e,n/t);return i}function i(n){return isNaN(n=+n)?void 0:r[Zo.bisect(o,n)]}var o;return i.domain=function(r){return arguments.length?(e=r.filter(t).sort(n),u()):e},i.range=function(n){return arguments.length?(r=n,u()):r},i.quantiles=function(){return o},i.invertExtent=function(n){return n=r.indexOf(n),0>n?[0/0,0/0]:[n>0?o[n-1]:e[0],n<o.length?o[n]:e[e.length-1]]},i.copy=function(){return Wi(e,r)},u()}function Ji(n,t,e){function r(t){return e[Math.max(0,Math.min(o,Math.floor(i*(t-n))))]}function u(){return i=e.length/(t-n),o=e.length-1,r}var i,o;return r.domain=function(e){return arguments.length?(n=+e[0],t=+e[e.length-1],u()):[n,t]},r.range=function(n){return arguments.length?(e=n,u()):e},r.invertExtent=function(t){return t=e.indexOf(t),t=0>t?0/0:t/i+n,[t,t+1/i]},r.copy=function(){return Ji(n,t,e)},u()}function Gi(n,t){function e(e){return e>=e?t[Zo.bisect(n,e)]:void 0}return e.domain=function(t){return arguments.length?(n=t,e):n},e.range=function(n){return arguments.length?(t=n,e):t},e.invertExtent=function(e){return e=t.indexOf(e),[n[e-1],n[e]]},e.copy=function(){return Gi(n,t)},e}function Ki(n){function t(n){return+n}return t.invert=t,t.domain=t.range=function(e){return arguments.length?(n=e.map(t),t):n},t.ticks=function(t){return Oi(n,t)},t.tickFormat=function(t,e){return Yi(n,t,e)},t.copy=function(){return Ki(n)},t}function Qi(n){return n.innerRadius}function no(n){return n.outerRadius}function to(n){return n.startAngle}function eo(n){return n.endAngle}function ro(n){function t(t){function o(){s.push("M",i(n(l),a))}for(var c,s=[],l=[],f=-1,h=t.length,g=bt(e),p=bt(r);++f<h;)u.call(this,c=t[f],f)?l.push([+g.call(this,c,f),+p.call(this,c,f)]):l.length&&(o(),l=[]);return l.length&&o(),s.length?s.join(""):null}var e=wr,r=Sr,u=we,i=uo,o=i.key,a=.7;return t.x=function(n){return arguments.length?(e=n,t):e},t.y=function(n){return arguments.length?(r=n,t):r},t.defined=function(n){return arguments.length?(u=n,t):u},t.interpolate=function(n){return arguments.length?(o="function"==typeof n?i=n:(i=xs.get(n)||uo).key,t):o},t.tension=function(n){return arguments.length?(a=n,t):a},t}function uo(n){return n.join("L")}function io(n){return uo(n)+"Z"}function oo(n){for(var t=0,e=n.length,r=n[0],u=[r[0],",",r[1]];++t<e;)u.push("H",(r[0]+(r=n[t])[0])/2,"V",r[1]);return e>1&&u.push("H",r[0]),u.join("")}function ao(n){for(var t=0,e=n.length,r=n[0],u=[r[0],",",r[1]];++t<e;)u.push("V",(r=n[t])[1],"H",r[0]);return u.join("")}function co(n){for(var t=0,e=n.length,r=n[0],u=[r[0],",",r[1]];++t<e;)u.push("H",(r=n[t])[0],"V",r[1]);return u.join("")}function so(n,t){return n.length<4?uo(n):n[1]+ho(n.slice(1,n.length-1),go(n,t))}function lo(n,t){return n.length<3?uo(n):n[0]+ho((n.push(n[0]),n),go([n[n.length-2]].concat(n,[n[1]]),t))}function fo(n,t){return n.length<3?uo(n):n[0]+ho(n,go(n,t))}function ho(n,t){if(t.length<1||n.length!=t.length&&n.length!=t.length+2)return uo(n);var e=n.length!=t.length,r="",u=n[0],i=n[1],o=t[0],a=o,c=1;if(e&&(r+="Q"+(i[0]-2*o[0]/3)+","+(i[1]-2*o[1]/3)+","+i[0]+","+i[1],u=n[1],c=2),t.length>1){a=t[1],i=n[c],c++,r+="C"+(u[0]+o[0])+","+(u[1]+o[1])+","+(i[0]-a[0])+","+(i[1]-a[1])+","+i[0]+","+i[1];for(var s=2;s<t.length;s++,c++)i=n[c],a=t[s],r+="S"+(i[0]-a[0])+","+(i[1]-a[1])+","+i[0]+","+i[1]}if(e){var l=n[c];r+="Q"+(i[0]+2*a[0]/3)+","+(i[1]+2*a[1]/3)+","+l[0]+","+l[1]}return r}function go(n,t){for(var e,r=[],u=(1-t)/2,i=n[0],o=n[1],a=1,c=n.length;++a<c;)e=i,i=o,o=n[a],r.push([u*(o[0]-e[0]),u*(o[1]-e[1])]);return r}function po(n){if(n.length<3)return uo(n);var t=1,e=n.length,r=n[0],u=r[0],i=r[1],o=[u,u,u,(r=n[1])[0]],a=[i,i,i,r[1]],c=[u,",",i,"L",xo(bs,o),",",xo(bs,a)];for(n.push(n[e-1]);++t<=e;)r=n[t],o.shift(),o.push(r[0]),a.shift(),a.push(r[1]),Mo(c,o,a);return n.pop(),c.push("L",r),c.join("")}function vo(n){if(n.length<4)return uo(n);for(var t,e=[],r=-1,u=n.length,i=[0],o=[0];++r<3;)t=n[r],i.push(t[0]),o.push(t[1]);for(e.push(xo(bs,i)+","+xo(bs,o)),--r;++r<u;)t=n[r],i.shift(),i.push(t[0]),o.shift(),o.push(t[1]),Mo(e,i,o);return e.join("")}function mo(n){for(var t,e,r=-1,u=n.length,i=u+4,o=[],a=[];++r<4;)e=n[r%u],o.push(e[0]),a.push(e[1]);for(t=[xo(bs,o),",",xo(bs,a)],--r;++r<i;)e=n[r%u],o.shift(),o.push(e[0]),a.shift(),a.push(e[1]),Mo(t,o,a);return t.join("")}function yo(n,t){var e=n.length-1;if(e)for(var r,u,i=n[0][0],o=n[0][1],a=n[e][0]-i,c=n[e][1]-o,s=-1;++s<=e;)r=n[s],u=s/e,r[0]=t*r[0]+(1-t)*(i+u*a),r[1]=t*r[1]+(1-t)*(o+u*c);return po(n)}function xo(n,t){return n[0]*t[0]+n[1]*t[1]+n[2]*t[2]+n[3]*t[3]}function Mo(n,t,e){n.push("C",xo(Ms,t),",",xo(Ms,e),",",xo(_s,t),",",xo(_s,e),",",xo(bs,t),",",xo(bs,e))}function _o(n,t){return(t[1]-n[1])/(t[0]-n[0])}function bo(n){for(var t=0,e=n.length-1,r=[],u=n[0],i=n[1],o=r[0]=_o(u,i);++t<e;)r[t]=(o+(o=_o(u=i,i=n[t+1])))/2;return r[t]=o,r}function wo(n){for(var t,e,r,u,i=[],o=bo(n),a=-1,c=n.length-1;++a<c;)t=_o(n[a],n[a+1]),ua(t)<ka?o[a]=o[a+1]=0:(e=o[a]/t,r=o[a+1]/t,u=e*e+r*r,u>9&&(u=3*t/Math.sqrt(u),o[a]=u*e,o[a+1]=u*r));for(a=-1;++a<=c;)u=(n[Math.min(c,a+1)][0]-n[Math.max(0,a-1)][0])/(6*(1+o[a]*o[a])),i.push([u||0,o[a]*u||0]);return i}function So(n){return n.length<3?uo(n):n[0]+ho(n,wo(n))}function ko(n){for(var t,e,r,u=-1,i=n.length;++u<i;)t=n[u],e=t[0],r=t[1]+ms,t[0]=e*Math.cos(r),t[1]=e*Math.sin(r);return n}function Eo(n){function t(t){function c(){v.push("M",a(n(m),f),l,s(n(d.reverse()),f),"Z")}for(var h,g,p,v=[],d=[],m=[],y=-1,x=t.length,M=bt(e),_=bt(u),b=e===r?function(){return g}:bt(r),w=u===i?function(){return p}:bt(i);++y<x;)o.call(this,h=t[y],y)?(d.push([g=+M.call(this,h,y),p=+_.call(this,h,y)]),m.push([+b.call(this,h,y),+w.call(this,h,y)])):d.length&&(c(),d=[],m=[]);return d.length&&c(),v.length?v.join(""):null}var e=wr,r=wr,u=0,i=Sr,o=we,a=uo,c=a.key,s=a,l="L",f=.7;return t.x=function(n){return arguments.length?(e=r=n,t):r},t.x0=function(n){return arguments.length?(e=n,t):e},t.x1=function(n){return arguments.length?(r=n,t):r},t.y=function(n){return arguments.length?(u=i=n,t):i},t.y0=function(n){return arguments.length?(u=n,t):u},t.y1=function(n){return arguments.length?(i=n,t):i},t.defined=function(n){return arguments.length?(o=n,t):o},t.interpolate=function(n){return arguments.length?(c="function"==typeof n?a=n:(a=xs.get(n)||uo).key,s=a.reverse||a,l=a.closed?"M":"L",t):c},t.tension=function(n){return arguments.length?(f=n,t):f},t}function Ao(n){return n.radius}function Co(n){return[n.x,n.y]}function No(n){return function(){var t=n.apply(this,arguments),e=t[0],r=t[1]+ms;return[e*Math.cos(r),e*Math.sin(r)]}}function zo(){return 64}function Lo(){return"circle"}function To(n){var t=Math.sqrt(n/ba);return"M0,"+t+"A"+t+","+t+" 0 1,1 0,"+-t+"A"+t+","+t+" 0 1,1 0,"+t+"Z"}function qo(n,t){return sa(n,Cs),n.id=t,n}function Ro(n,t,e,r){var u=n.id;return P(n,"function"==typeof e?function(n,i,o){n.__transition__[u].tween.set(t,r(e.call(n,n.__data__,i,o)))}:(e=r(e),function(n){n.__transition__[u].tween.set(t,e)}))}function Do(n){return null==n&&(n=""),function(){this.textContent=n}}function Po(n,t,e,r){var u=n.__transition__||(n.__transition__={active:0,count:0}),i=u[e];if(!i){var a=r.time;i=u[e]={tween:new o,time:a,ease:r.ease,delay:r.delay,duration:r.duration},++u.count,Zo.timer(function(r){function o(r){return u.active>e?s():(u.active=e,i.event&&i.event.start.call(n,l,t),i.tween.forEach(function(e,r){(r=r.call(n,l,t))&&v.push(r)}),Zo.timer(function(){return p.c=c(r||1)?we:c,1},0,a),void 0)}function c(r){if(u.active!==e)return s();for(var o=r/g,a=f(o),c=v.length;c>0;)v[--c].call(n,a);
-return o>=1?(i.event&&i.event.end.call(n,l,t),s()):void 0}function s(){return--u.count?delete u[e]:delete n.__transition__,1}var l=n.__data__,f=i.ease,h=i.delay,g=i.duration,p=Ba,v=[];return p.t=h+a,r>=h?o(r-h):(p.c=o,void 0)},0,a)}}function Uo(n,t){n.attr("transform",function(n){return"translate("+t(n)+",0)"})}function jo(n,t){n.attr("transform",function(n){return"translate(0,"+t(n)+")"})}function Ho(n){return n.toISOString()}function Fo(n,t,e){function r(t){return n(t)}function u(n,e){var r=n[1]-n[0],u=r/e,i=Zo.bisect(Us,u);return i==Us.length?[t.year,Fi(n.map(function(n){return n/31536e6}),e)[2]]:i?t[u/Us[i-1]<Us[i]/u?i-1:i]:[Fs,Fi(n,e)[2]]}return r.invert=function(t){return Oo(n.invert(t))},r.domain=function(t){return arguments.length?(n.domain(t),r):n.domain().map(Oo)},r.nice=function(n,t){function e(e){return!isNaN(e)&&!n.range(e,Oo(+e+1),t).length}var i=r.domain(),o=Li(i),a=null==n?u(o,10):"number"==typeof n&&u(o,n);return a&&(n=a[0],t=a[1]),r.domain(Ri(i,t>1?{floor:function(t){for(;e(t=n.floor(t));)t=Oo(t-1);return t},ceil:function(t){for(;e(t=n.ceil(t));)t=Oo(+t+1);return t}}:n))},r.ticks=function(n,t){var e=Li(r.domain()),i=null==n?u(e,10):"number"==typeof n?u(e,n):!n.range&&[{range:n},t];return i&&(n=i[0],t=i[1]),n.range(e[0],Oo(+e[1]+1),1>t?1:t)},r.tickFormat=function(){return e},r.copy=function(){return Fo(n.copy(),t,e)},ji(r,n)}function Oo(n){return new Date(n)}function Yo(n){return JSON.parse(n.responseText)}function Io(n){var t=$o.createRange();return t.selectNode($o.body),t.createContextualFragment(n.responseText)}var Zo={version:"3.4.11"};Date.now||(Date.now=function(){return+new Date});var Vo=[].slice,Xo=function(n){return Vo.call(n)},$o=document,Bo=$o.documentElement,Wo=window;try{Xo(Bo.childNodes)[0].nodeType}catch(Jo){Xo=function(n){for(var t=n.length,e=new Array(t);t--;)e[t]=n[t];return e}}try{$o.createElement("div").style.setProperty("opacity",0,"")}catch(Go){var Ko=Wo.Element.prototype,Qo=Ko.setAttribute,na=Ko.setAttributeNS,ta=Wo.CSSStyleDeclaration.prototype,ea=ta.setProperty;Ko.setAttribute=function(n,t){Qo.call(this,n,t+"")},Ko.setAttributeNS=function(n,t,e){na.call(this,n,t,e+"")},ta.setProperty=function(n,t,e){ea.call(this,n,t+"",e)}}Zo.ascending=n,Zo.descending=function(n,t){return n>t?-1:t>n?1:t>=n?0:0/0},Zo.min=function(n,t){var e,r,u=-1,i=n.length;if(1===arguments.length){for(;++u<i&&!(null!=(e=n[u])&&e>=e);)e=void 0;for(;++u<i;)null!=(r=n[u])&&e>r&&(e=r)}else{for(;++u<i&&!(null!=(e=t.call(n,n[u],u))&&e>=e);)e=void 0;for(;++u<i;)null!=(r=t.call(n,n[u],u))&&e>r&&(e=r)}return e},Zo.max=function(n,t){var e,r,u=-1,i=n.length;if(1===arguments.length){for(;++u<i&&!(null!=(e=n[u])&&e>=e);)e=void 0;for(;++u<i;)null!=(r=n[u])&&r>e&&(e=r)}else{for(;++u<i&&!(null!=(e=t.call(n,n[u],u))&&e>=e);)e=void 0;for(;++u<i;)null!=(r=t.call(n,n[u],u))&&r>e&&(e=r)}return e},Zo.extent=function(n,t){var e,r,u,i=-1,o=n.length;if(1===arguments.length){for(;++i<o&&!(null!=(e=u=n[i])&&e>=e);)e=u=void 0;for(;++i<o;)null!=(r=n[i])&&(e>r&&(e=r),r>u&&(u=r))}else{for(;++i<o&&!(null!=(e=u=t.call(n,n[i],i))&&e>=e);)e=void 0;for(;++i<o;)null!=(r=t.call(n,n[i],i))&&(e>r&&(e=r),r>u&&(u=r))}return[e,u]},Zo.sum=function(n,t){var e,r=0,u=n.length,i=-1;if(1===arguments.length)for(;++i<u;)isNaN(e=+n[i])||(r+=e);else for(;++i<u;)isNaN(e=+t.call(n,n[i],i))||(r+=e);return r},Zo.mean=function(n,e){var r,u=0,i=n.length,o=-1,a=i;if(1===arguments.length)for(;++o<i;)t(r=n[o])?u+=r:--a;else for(;++o<i;)t(r=e.call(n,n[o],o))?u+=r:--a;return a?u/a:void 0},Zo.quantile=function(n,t){var e=(n.length-1)*t+1,r=Math.floor(e),u=+n[r-1],i=e-r;return i?u+i*(n[r]-u):u},Zo.median=function(e,r){return arguments.length>1&&(e=e.map(r)),e=e.filter(t),e.length?Zo.quantile(e.sort(n),.5):void 0};var ra=e(n);Zo.bisectLeft=ra.left,Zo.bisect=Zo.bisectRight=ra.right,Zo.bisector=function(t){return e(1===t.length?function(e,r){return n(t(e),r)}:t)},Zo.shuffle=function(n){for(var t,e,r=n.length;r;)e=0|Math.random()*r--,t=n[r],n[r]=n[e],n[e]=t;return n},Zo.permute=function(n,t){for(var e=t.length,r=new Array(e);e--;)r[e]=n[t[e]];return r},Zo.pairs=function(n){for(var t,e=0,r=n.length-1,u=n[0],i=new Array(0>r?0:r);r>e;)i[e]=[t=u,u=n[++e]];return i},Zo.zip=function(){if(!(u=arguments.length))return[];for(var n=-1,t=Zo.min(arguments,r),e=new Array(t);++n<t;)for(var u,i=-1,o=e[n]=new Array(u);++i<u;)o[i]=arguments[i][n];return e},Zo.transpose=function(n){return Zo.zip.apply(Zo,n)},Zo.keys=function(n){var t=[];for(var e in n)t.push(e);return t},Zo.values=function(n){var t=[];for(var e in n)t.push(n[e]);return t},Zo.entries=function(n){var t=[];for(var e in n)t.push({key:e,value:n[e]});return t},Zo.merge=function(n){for(var t,e,r,u=n.length,i=-1,o=0;++i<u;)o+=n[i].length;for(e=new Array(o);--u>=0;)for(r=n[u],t=r.length;--t>=0;)e[--o]=r[t];return e};var ua=Math.abs;Zo.range=function(n,t,e){if(arguments.length<3&&(e=1,arguments.length<2&&(t=n,n=0)),1/0===(t-n)/e)throw new Error("infinite range");var r,i=[],o=u(ua(e)),a=-1;if(n*=o,t*=o,e*=o,0>e)for(;(r=n+e*++a)>t;)i.push(r/o);else for(;(r=n+e*++a)<t;)i.push(r/o);return i},Zo.map=function(n){var t=new o;if(n instanceof o)n.forEach(function(n,e){t.set(n,e)});else for(var e in n)t.set(e,n[e]);return t},i(o,{has:a,get:function(n){return this[ia+n]},set:function(n,t){return this[ia+n]=t},remove:c,keys:s,values:function(){var n=[];return this.forEach(function(t,e){n.push(e)}),n},entries:function(){var n=[];return this.forEach(function(t,e){n.push({key:t,value:e})}),n},size:l,empty:f,forEach:function(n){for(var t in this)t.charCodeAt(0)===oa&&n.call(this,t.substring(1),this[t])}});var ia="\x00",oa=ia.charCodeAt(0);Zo.nest=function(){function n(t,a,c){if(c>=i.length)return r?r.call(u,a):e?a.sort(e):a;for(var s,l,f,h,g=-1,p=a.length,v=i[c++],d=new o;++g<p;)(h=d.get(s=v(l=a[g])))?h.push(l):d.set(s,[l]);return t?(l=t(),f=function(e,r){l.set(e,n(t,r,c))}):(l={},f=function(e,r){l[e]=n(t,r,c)}),d.forEach(f),l}function t(n,e){if(e>=i.length)return n;var r=[],u=a[e++];return n.forEach(function(n,u){r.push({key:n,values:t(u,e)})}),u?r.sort(function(n,t){return u(n.key,t.key)}):r}var e,r,u={},i=[],a=[];return u.map=function(t,e){return n(e,t,0)},u.entries=function(e){return t(n(Zo.map,e,0),0)},u.key=function(n){return i.push(n),u},u.sortKeys=function(n){return a[i.length-1]=n,u},u.sortValues=function(n){return e=n,u},u.rollup=function(n){return r=n,u},u},Zo.set=function(n){var t=new h;if(n)for(var e=0,r=n.length;r>e;++e)t.add(n[e]);return t},i(h,{has:a,add:function(n){return this[ia+n]=!0,n},remove:function(n){return n=ia+n,n in this&&delete this[n]},values:s,size:l,empty:f,forEach:function(n){for(var t in this)t.charCodeAt(0)===oa&&n.call(this,t.substring(1))}}),Zo.behavior={},Zo.rebind=function(n,t){for(var e,r=1,u=arguments.length;++r<u;)n[e=arguments[r]]=g(n,t,t[e]);return n};var aa=["webkit","ms","moz","Moz","o","O"];Zo.dispatch=function(){for(var n=new d,t=-1,e=arguments.length;++t<e;)n[arguments[t]]=m(n);return n},d.prototype.on=function(n,t){var e=n.indexOf("."),r="";if(e>=0&&(r=n.substring(e+1),n=n.substring(0,e)),n)return arguments.length<2?this[n].on(r):this[n].on(r,t);if(2===arguments.length){if(null==t)for(n in this)this.hasOwnProperty(n)&&this[n].on(r,null);return this}},Zo.event=null,Zo.requote=function(n){return n.replace(ca,"\\$&")};var ca=/[\\\^\$\*\+\?\|\[\]\(\)\.\{\}]/g,sa={}.__proto__?function(n,t){n.__proto__=t}:function(n,t){for(var e in t)n[e]=t[e]},la=function(n,t){return t.querySelector(n)},fa=function(n,t){return t.querySelectorAll(n)},ha=Bo.matches||Bo[p(Bo,"matchesSelector")],ga=function(n,t){return ha.call(n,t)};"function"==typeof Sizzle&&(la=function(n,t){return Sizzle(n,t)[0]||null},fa=Sizzle,ga=Sizzle.matchesSelector),Zo.selection=function(){return ma};var pa=Zo.selection.prototype=[];pa.select=function(n){var t,e,r,u,i=[];n=b(n);for(var o=-1,a=this.length;++o<a;){i.push(t=[]),t.parentNode=(r=this[o]).parentNode;for(var c=-1,s=r.length;++c<s;)(u=r[c])?(t.push(e=n.call(u,u.__data__,c,o)),e&&"__data__"in u&&(e.__data__=u.__data__)):t.push(null)}return _(i)},pa.selectAll=function(n){var t,e,r=[];n=w(n);for(var u=-1,i=this.length;++u<i;)for(var o=this[u],a=-1,c=o.length;++a<c;)(e=o[a])&&(r.push(t=Xo(n.call(e,e.__data__,a,u))),t.parentNode=e);return _(r)};var va={svg:"http://www.w3.org/2000/svg",xhtml:"http://www.w3.org/1999/xhtml",xlink:"http://www.w3.org/1999/xlink",xml:"http://www.w3.org/XML/1998/namespace",xmlns:"http://www.w3.org/2000/xmlns/"};Zo.ns={prefix:va,qualify:function(n){var t=n.indexOf(":"),e=n;return t>=0&&(e=n.substring(0,t),n=n.substring(t+1)),va.hasOwnProperty(e)?{space:va[e],local:n}:n}},pa.attr=function(n,t){if(arguments.length<2){if("string"==typeof n){var e=this.node();return n=Zo.ns.qualify(n),n.local?e.getAttributeNS(n.space,n.local):e.getAttribute(n)}for(t in n)this.each(S(t,n[t]));return this}return this.each(S(n,t))},pa.classed=function(n,t){if(arguments.length<2){if("string"==typeof n){var e=this.node(),r=(n=A(n)).length,u=-1;if(t=e.classList){for(;++u<r;)if(!t.contains(n[u]))return!1}else for(t=e.getAttribute("class");++u<r;)if(!E(n[u]).test(t))return!1;return!0}for(t in n)this.each(C(t,n[t]));return this}return this.each(C(n,t))},pa.style=function(n,t,e){var r=arguments.length;if(3>r){if("string"!=typeof n){2>r&&(t="");for(e in n)this.each(z(e,n[e],t));return this}if(2>r)return Wo.getComputedStyle(this.node(),null).getPropertyValue(n);e=""}return this.each(z(n,t,e))},pa.property=function(n,t){if(arguments.length<2){if("string"==typeof n)return this.node()[n];for(t in n)this.each(L(t,n[t]));return this}return this.each(L(n,t))},pa.text=function(n){return arguments.length?this.each("function"==typeof n?function(){var t=n.apply(this,arguments);this.textContent=null==t?"":t}:null==n?function(){this.textContent=""}:function(){this.textContent=n}):this.node().textContent},pa.html=function(n){return arguments.length?this.each("function"==typeof n?function(){var t=n.apply(this,arguments);this.innerHTML=null==t?"":t}:null==n?function(){this.innerHTML=""}:function(){this.innerHTML=n}):this.node().innerHTML},pa.append=function(n){return n=T(n),this.select(function(){return this.appendChild(n.apply(this,arguments))})},pa.insert=function(n,t){return n=T(n),t=b(t),this.select(function(){return this.insertBefore(n.apply(this,arguments),t.apply(this,arguments)||null)})},pa.remove=function(){return this.each(function(){var n=this.parentNode;n&&n.removeChild(this)})},pa.data=function(n,t){function e(n,e){var r,u,i,a=n.length,f=e.length,h=Math.min(a,f),g=new Array(f),p=new Array(f),v=new Array(a);if(t){var d,m=new o,y=new o,x=[];for(r=-1;++r<a;)d=t.call(u=n[r],u.__data__,r),m.has(d)?v[r]=u:m.set(d,u),x.push(d);for(r=-1;++r<f;)d=t.call(e,i=e[r],r),(u=m.get(d))?(g[r]=u,u.__data__=i):y.has(d)||(p[r]=q(i)),y.set(d,i),m.remove(d);for(r=-1;++r<a;)m.has(x[r])&&(v[r]=n[r])}else{for(r=-1;++r<h;)u=n[r],i=e[r],u?(u.__data__=i,g[r]=u):p[r]=q(i);for(;f>r;++r)p[r]=q(e[r]);for(;a>r;++r)v[r]=n[r]}p.update=g,p.parentNode=g.parentNode=v.parentNode=n.parentNode,c.push(p),s.push(g),l.push(v)}var r,u,i=-1,a=this.length;if(!arguments.length){for(n=new Array(a=(r=this[0]).length);++i<a;)(u=r[i])&&(n[i]=u.__data__);return n}var c=U([]),s=_([]),l=_([]);if("function"==typeof n)for(;++i<a;)e(r=this[i],n.call(r,r.parentNode.__data__,i));else for(;++i<a;)e(r=this[i],n);return s.enter=function(){return c},s.exit=function(){return l},s},pa.datum=function(n){return arguments.length?this.property("__data__",n):this.property("__data__")},pa.filter=function(n){var t,e,r,u=[];"function"!=typeof n&&(n=R(n));for(var i=0,o=this.length;o>i;i++){u.push(t=[]),t.parentNode=(e=this[i]).parentNode;for(var a=0,c=e.length;c>a;a++)(r=e[a])&&n.call(r,r.__data__,a,i)&&t.push(r)}return _(u)},pa.order=function(){for(var n=-1,t=this.length;++n<t;)for(var e,r=this[n],u=r.length-1,i=r[u];--u>=0;)(e=r[u])&&(i&&i!==e.nextSibling&&i.parentNode.insertBefore(e,i),i=e);return this},pa.sort=function(n){n=D.apply(this,arguments);for(var t=-1,e=this.length;++t<e;)this[t].sort(n);return this.order()},pa.each=function(n){return P(this,function(t,e,r){n.call(t,t.__data__,e,r)})},pa.call=function(n){var t=Xo(arguments);return n.apply(t[0]=this,t),this},pa.empty=function(){return!this.node()},pa.node=function(){for(var n=0,t=this.length;t>n;n++)for(var e=this[n],r=0,u=e.length;u>r;r++){var i=e[r];if(i)return i}return null},pa.size=function(){var n=0;return this.each(function(){++n}),n};var da=[];Zo.selection.enter=U,Zo.selection.enter.prototype=da,da.append=pa.append,da.empty=pa.empty,da.node=pa.node,da.call=pa.call,da.size=pa.size,da.select=function(n){for(var t,e,r,u,i,o=[],a=-1,c=this.length;++a<c;){r=(u=this[a]).update,o.push(t=[]),t.parentNode=u.parentNode;for(var s=-1,l=u.length;++s<l;)(i=u[s])?(t.push(r[s]=e=n.call(u.parentNode,i.__data__,s,a)),e.__data__=i.__data__):t.push(null)}return _(o)},da.insert=function(n,t){return arguments.length<2&&(t=j(this)),pa.insert.call(this,n,t)},pa.transition=function(){for(var n,t,e=Ss||++Ns,r=[],u=ks||{time:Date.now(),ease:xu,delay:0,duration:250},i=-1,o=this.length;++i<o;){r.push(n=[]);for(var a=this[i],c=-1,s=a.length;++c<s;)(t=a[c])&&Po(t,c,e,u),n.push(t)}return qo(r,e)},pa.interrupt=function(){return this.each(H)},Zo.select=function(n){var t=["string"==typeof n?la(n,$o):n];return t.parentNode=Bo,_([t])},Zo.selectAll=function(n){var t=Xo("string"==typeof n?fa(n,$o):n);return t.parentNode=Bo,_([t])};var ma=Zo.select(Bo);pa.on=function(n,t,e){var r=arguments.length;if(3>r){if("string"!=typeof n){2>r&&(t=!1);for(e in n)this.each(F(e,n[e],t));return this}if(2>r)return(r=this.node()["__on"+n])&&r._;e=!1}return this.each(F(n,t,e))};var ya=Zo.map({mouseenter:"mouseover",mouseleave:"mouseout"});ya.forEach(function(n){"on"+n in $o&&ya.remove(n)});var xa="onselectstart"in $o?null:p(Bo.style,"userSelect"),Ma=0;Zo.mouse=function(n){return Z(n,x())};var _a=/WebKit/.test(Wo.navigator.userAgent)?-1:0;Zo.touches=function(n,t){return arguments.length<2&&(t=x().touches),t?Xo(t).map(function(t){var e=Z(n,t);return e.identifier=t.identifier,e}):[]},Zo.behavior.drag=function(){function n(){this.on("mousedown.drag",u).on("touchstart.drag",i)}function t(n,t,u,i,o){return function(){function a(){var n,e,r=t(h,v);r&&(n=r[0]-x[0],e=r[1]-x[1],p|=n|e,x=r,g({type:"drag",x:r[0]+s[0],y:r[1]+s[1],dx:n,dy:e}))}function c(){t(h,v)&&(m.on(i+d,null).on(o+d,null),y(p&&Zo.event.target===f),g({type:"dragend"}))}var s,l=this,f=Zo.event.target,h=l.parentNode,g=e.of(l,arguments),p=0,v=n(),d=".drag"+(null==v?"":"-"+v),m=Zo.select(u()).on(i+d,a).on(o+d,c),y=I(),x=t(h,v);r?(s=r.apply(l,arguments),s=[s.x-x[0],s.y-x[1]]):s=[0,0],g({type:"dragstart"})}}var e=M(n,"drag","dragstart","dragend"),r=null,u=t(v,Zo.mouse,$,"mousemove","mouseup"),i=t(V,Zo.touch,X,"touchmove","touchend");return n.origin=function(t){return arguments.length?(r=t,n):r},Zo.rebind(n,e,"on")};var ba=Math.PI,wa=2*ba,Sa=ba/2,ka=1e-6,Ea=ka*ka,Aa=ba/180,Ca=180/ba,Na=Math.SQRT2,za=2,La=4;Zo.interpolateZoom=function(n,t){function e(n){var t=n*y;if(m){var e=Q(v),o=i/(za*h)*(e*nt(Na*t+v)-K(v));return[r+o*s,u+o*l,i*e/Q(Na*t+v)]}return[r+n*s,u+n*l,i*Math.exp(Na*t)]}var r=n[0],u=n[1],i=n[2],o=t[0],a=t[1],c=t[2],s=o-r,l=a-u,f=s*s+l*l,h=Math.sqrt(f),g=(c*c-i*i+La*f)/(2*i*za*h),p=(c*c-i*i-La*f)/(2*c*za*h),v=Math.log(Math.sqrt(g*g+1)-g),d=Math.log(Math.sqrt(p*p+1)-p),m=d-v,y=(m||Math.log(c/i))/Na;return e.duration=1e3*y,e},Zo.behavior.zoom=function(){function n(n){n.on(A,s).on(Ra+".zoom",f).on("dblclick.zoom",h).on(z,l)}function t(n){return[(n[0]-S.x)/S.k,(n[1]-S.y)/S.k]}function e(n){return[n[0]*S.k+S.x,n[1]*S.k+S.y]}function r(n){S.k=Math.max(E[0],Math.min(E[1],n))}function u(n,t){t=e(t),S.x+=n[0]-t[0],S.y+=n[1]-t[1]}function i(){_&&_.domain(x.range().map(function(n){return(n-S.x)/S.k}).map(x.invert)),w&&w.domain(b.range().map(function(n){return(n-S.y)/S.k}).map(b.invert))}function o(n){n({type:"zoomstart"})}function a(n){i(),n({type:"zoom",scale:S.k,translate:[S.x,S.y]})}function c(n){n({type:"zoomend"})}function s(){function n(){l=1,u(Zo.mouse(r),h),a(s)}function e(){f.on(C,null).on(N,null),g(l&&Zo.event.target===i),c(s)}var r=this,i=Zo.event.target,s=L.of(r,arguments),l=0,f=Zo.select(Wo).on(C,n).on(N,e),h=t(Zo.mouse(r)),g=I();H.call(r),o(s)}function l(){function n(){var n=Zo.touches(g);return h=S.k,n.forEach(function(n){n.identifier in v&&(v[n.identifier]=t(n))}),n}function e(){var t=Zo.event.target;Zo.select(t).on(M,i).on(_,f),b.push(t);for(var e=Zo.event.changedTouches,o=0,c=e.length;c>o;++o)v[e[o].identifier]=null;var s=n(),l=Date.now();if(1===s.length){if(500>l-m){var h=s[0],g=v[h.identifier];r(2*S.k),u(h,g),y(),a(p)}m=l}else if(s.length>1){var h=s[0],x=s[1],w=h[0]-x[0],k=h[1]-x[1];d=w*w+k*k}}function i(){for(var n,t,e,i,o=Zo.touches(g),c=0,s=o.length;s>c;++c,i=null)if(e=o[c],i=v[e.identifier]){if(t)break;n=e,t=i}if(i){var l=(l=e[0]-n[0])*l+(l=e[1]-n[1])*l,f=d&&Math.sqrt(l/d);n=[(n[0]+e[0])/2,(n[1]+e[1])/2],t=[(t[0]+i[0])/2,(t[1]+i[1])/2],r(f*h)}m=null,u(n,t),a(p)}function f(){if(Zo.event.touches.length){for(var t=Zo.event.changedTouches,e=0,r=t.length;r>e;++e)delete v[t[e].identifier];for(var u in v)return void n()}Zo.selectAll(b).on(x,null),w.on(A,s).on(z,l),k(),c(p)}var h,g=this,p=L.of(g,arguments),v={},d=0,x=".zoom-"+Zo.event.changedTouches[0].identifier,M="touchmove"+x,_="touchend"+x,b=[],w=Zo.select(g).on(A,null).on(z,e),k=I();H.call(g),e(),o(p)}function f(){var n=L.of(this,arguments);d?clearTimeout(d):(g=t(p=v||Zo.mouse(this)),H.call(this),o(n)),d=setTimeout(function(){d=null,c(n)},50),y(),r(Math.pow(2,.002*Ta())*S.k),u(p,g),a(n)}function h(){var n=L.of(this,arguments),e=Zo.mouse(this),i=t(e),s=Math.log(S.k)/Math.LN2;o(n),r(Math.pow(2,Zo.event.shiftKey?Math.ceil(s)-1:Math.floor(s)+1)),u(e,i),a(n),c(n)}var g,p,v,d,m,x,_,b,w,S={x:0,y:0,k:1},k=[960,500],E=qa,A="mousedown.zoom",C="mousemove.zoom",N="mouseup.zoom",z="touchstart.zoom",L=M(n,"zoomstart","zoom","zoomend");return n.event=function(n){n.each(function(){var n=L.of(this,arguments),t=S;Ss?Zo.select(this).transition().each("start.zoom",function(){S=this.__chart__||{x:0,y:0,k:1},o(n)}).tween("zoom:zoom",function(){var e=k[0],r=k[1],u=e/2,i=r/2,o=Zo.interpolateZoom([(u-S.x)/S.k,(i-S.y)/S.k,e/S.k],[(u-t.x)/t.k,(i-t.y)/t.k,e/t.k]);return function(t){var r=o(t),c=e/r[2];this.__chart__=S={x:u-r[0]*c,y:i-r[1]*c,k:c},a(n)}}).each("end.zoom",function(){c(n)}):(this.__chart__=S,o(n),a(n),c(n))})},n.translate=function(t){return arguments.length?(S={x:+t[0],y:+t[1],k:S.k},i(),n):[S.x,S.y]},n.scale=function(t){return arguments.length?(S={x:S.x,y:S.y,k:+t},i(),n):S.k},n.scaleExtent=function(t){return arguments.length?(E=null==t?qa:[+t[0],+t[1]],n):E},n.center=function(t){return arguments.length?(v=t&&[+t[0],+t[1]],n):v},n.size=function(t){return arguments.length?(k=t&&[+t[0],+t[1]],n):k},n.x=function(t){return arguments.length?(_=t,x=t.copy(),S={x:0,y:0,k:1},n):_},n.y=function(t){return arguments.length?(w=t,b=t.copy(),S={x:0,y:0,k:1},n):w},Zo.rebind(n,L,"on")};var Ta,qa=[0,1/0],Ra="onwheel"in $o?(Ta=function(){return-Zo.event.deltaY*(Zo.event.deltaMode?120:1)},"wheel"):"onmousewheel"in $o?(Ta=function(){return Zo.event.wheelDelta},"mousewheel"):(Ta=function(){return-Zo.event.detail},"MozMousePixelScroll");Zo.color=et,et.prototype.toString=function(){return this.rgb()+""},Zo.hsl=rt;var Da=rt.prototype=new et;Da.brighter=function(n){return n=Math.pow(.7,arguments.length?n:1),new rt(this.h,this.s,this.l/n)},Da.darker=function(n){return n=Math.pow(.7,arguments.length?n:1),new rt(this.h,this.s,n*this.l)},Da.rgb=function(){return ut(this.h,this.s,this.l)},Zo.hcl=it;var Pa=it.prototype=new et;Pa.brighter=function(n){return new it(this.h,this.c,Math.min(100,this.l+Ua*(arguments.length?n:1)))},Pa.darker=function(n){return new it(this.h,this.c,Math.max(0,this.l-Ua*(arguments.length?n:1)))},Pa.rgb=function(){return ot(this.h,this.c,this.l).rgb()},Zo.lab=at;var Ua=18,ja=.95047,Ha=1,Fa=1.08883,Oa=at.prototype=new et;Oa.brighter=function(n){return new at(Math.min(100,this.l+Ua*(arguments.length?n:1)),this.a,this.b)},Oa.darker=function(n){return new at(Math.max(0,this.l-Ua*(arguments.length?n:1)),this.a,this.b)},Oa.rgb=function(){return ct(this.l,this.a,this.b)},Zo.rgb=gt;var Ya=gt.prototype=new et;Ya.brighter=function(n){n=Math.pow(.7,arguments.length?n:1);var t=this.r,e=this.g,r=this.b,u=30;return t||e||r?(t&&u>t&&(t=u),e&&u>e&&(e=u),r&&u>r&&(r=u),new gt(Math.min(255,t/n),Math.min(255,e/n),Math.min(255,r/n))):new gt(u,u,u)},Ya.darker=function(n){return n=Math.pow(.7,arguments.length?n:1),new gt(n*this.r,n*this.g,n*this.b)},Ya.hsl=function(){return yt(this.r,this.g,this.b)},Ya.toString=function(){return"#"+dt(this.r)+dt(this.g)+dt(this.b)};var Ia=Zo.map({aliceblue:15792383,antiquewhite:16444375,aqua:65535,aquamarine:8388564,azure:15794175,beige:16119260,bisque:16770244,black:0,blanchedalmond:16772045,blue:255,blueviolet:9055202,brown:10824234,burlywood:14596231,cadetblue:6266528,chartreuse:8388352,chocolate:13789470,coral:16744272,cornflowerblue:6591981,cornsilk:16775388,crimson:14423100,cyan:65535,darkblue:139,darkcyan:35723,darkgoldenrod:12092939,darkgray:11119017,darkgreen:25600,darkgrey:11119017,darkkhaki:12433259,darkmagenta:9109643,darkolivegreen:5597999,darkorange:16747520,darkorchid:10040012,darkred:9109504,darksalmon:15308410,darkseagreen:9419919,darkslateblue:4734347,darkslategray:3100495,darkslategrey:3100495,darkturquoise:52945,darkviolet:9699539,deeppink:16716947,deepskyblue:49151,dimgray:6908265,dimgrey:6908265,dodgerblue:2003199,firebrick:11674146,floralwhite:16775920,forestgreen:2263842,fuchsia:16711935,gainsboro:14474460,ghostwhite:16316671,gold:16766720,goldenrod:14329120,gray:8421504,green:32768,greenyellow:11403055,grey:8421504,honeydew:15794160,hotpink:16738740,indianred:13458524,indigo:4915330,ivory:16777200,khaki:15787660,lavender:15132410,lavenderblush:16773365,lawngreen:8190976,lemonchiffon:16775885,lightblue:11393254,lightcoral:15761536,lightcyan:14745599,lightgoldenrodyellow:16448210,lightgray:13882323,lightgreen:9498256,lightgrey:13882323,lightpink:16758465,lightsalmon:16752762,lightseagreen:2142890,lightskyblue:8900346,lightslategray:7833753,lightslategrey:7833753,lightsteelblue:11584734,lightyellow:16777184,lime:65280,limegreen:3329330,linen:16445670,magenta:16711935,maroon:8388608,mediumaquamarine:6737322,mediumblue:205,mediumorchid:12211667,mediumpurple:9662683,mediumseagreen:3978097,mediumslateblue:8087790,mediumspringgreen:64154,mediumturquoise:4772300,mediumvioletred:13047173,midnightblue:1644912,mintcream:16121850,mistyrose:16770273,moccasin:16770229,navajowhite:16768685,navy:128,oldlace:16643558,olive:8421376,olivedrab:7048739,orange:16753920,orangered:16729344,orchid:14315734,palegoldenrod:15657130,palegreen:10025880,paleturquoise:11529966,palevioletred:14381203,papayawhip:16773077,peachpuff:16767673,peru:13468991,pink:16761035,plum:14524637,powderblue:11591910,purple:8388736,red:16711680,rosybrown:12357519,royalblue:4286945,saddlebrown:9127187,salmon:16416882,sandybrown:16032864,seagreen:3050327,seashell:16774638,sienna:10506797,silver:12632256,skyblue:8900331,slateblue:6970061,slategray:7372944,slategrey:7372944,snow:16775930,springgreen:65407,steelblue:4620980,tan:13808780,teal:32896,thistle:14204888,tomato:16737095,turquoise:4251856,violet:15631086,wheat:16113331,white:16777215,whitesmoke:16119285,yellow:16776960,yellowgreen:10145074});Ia.forEach(function(n,t){Ia.set(n,pt(t))}),Zo.functor=bt,Zo.xhr=St(wt),Zo.dsv=function(n,t){function e(n,e,i){arguments.length<3&&(i=e,e=null);var o=kt(n,t,null==e?r:u(e),i);return o.row=function(n){return arguments.length?o.response(null==(e=n)?r:u(n)):e},o}function r(n){return e.parse(n.responseText)}function u(n){return function(t){return e.parse(t.responseText,n)}}function i(t){return t.map(o).join(n)}function o(n){return a.test(n)?'"'+n.replace(/\"/g,'""')+'"':n}var a=new RegExp('["'+n+"\n]"),c=n.charCodeAt(0);return e.parse=function(n,t){var r;return e.parseRows(n,function(n,e){if(r)return r(n,e-1);var u=new Function("d","return {"+n.map(function(n,t){return JSON.stringify(n)+": d["+t+"]"}).join(",")+"}");r=t?function(n,e){return t(u(n),e)}:u})},e.parseRows=function(n,t){function e(){if(l>=s)return o;if(u)return u=!1,i;var t=l;if(34===n.charCodeAt(t)){for(var e=t;e++<s;)if(34===n.charCodeAt(e)){if(34!==n.charCodeAt(e+1))break;++e}l=e+2;var r=n.charCodeAt(e+1);return 13===r?(u=!0,10===n.charCodeAt(e+2)&&++l):10===r&&(u=!0),n.substring(t+1,e).replace(/""/g,'"')}for(;s>l;){var r=n.charCodeAt(l++),a=1;if(10===r)u=!0;else if(13===r)u=!0,10===n.charCodeAt(l)&&(++l,++a);else if(r!==c)continue;return n.substring(t,l-a)}return n.substring(t)}for(var r,u,i={},o={},a=[],s=n.length,l=0,f=0;(r=e())!==o;){for(var h=[];r!==i&&r!==o;)h.push(r),r=e();(!t||(h=t(h,f++)))&&a.push(h)}return a},e.format=function(t){if(Array.isArray(t[0]))return e.formatRows(t);var r=new h,u=[];return t.forEach(function(n){for(var t in n)r.has(t)||u.push(r.add(t))}),[u.map(o).join(n)].concat(t.map(function(t){return u.map(function(n){return o(t[n])}).join(n)})).join("\n")},e.formatRows=function(n){return n.map(i).join("\n")},e},Zo.csv=Zo.dsv(",","text/csv"),Zo.tsv=Zo.dsv("	","text/tab-separated-values"),Zo.touch=function(n,t,e){if(arguments.length<3&&(e=t,t=x().changedTouches),t)for(var r,u=0,i=t.length;i>u;++u)if((r=t[u]).identifier===e)return Z(n,r)};var Za,Va,Xa,$a,Ba,Wa=Wo[p(Wo,"requestAnimationFrame")]||function(n){setTimeout(n,17)};Zo.timer=function(n,t,e){var r=arguments.length;2>r&&(t=0),3>r&&(e=Date.now());var u=e+t,i={c:n,t:u,f:!1,n:null};Va?Va.n=i:Za=i,Va=i,Xa||($a=clearTimeout($a),Xa=1,Wa(At))},Zo.timer.flush=function(){Ct(),Nt()},Zo.round=function(n,t){return t?Math.round(n*(t=Math.pow(10,t)))/t:Math.round(n)};var Ja=["y","z","a","f","p","n","\xb5","m","","k","M","G","T","P","E","Z","Y"].map(Lt);Zo.formatPrefix=function(n,t){var e=0;return n&&(0>n&&(n*=-1),t&&(n=Zo.round(n,zt(n,t))),e=1+Math.floor(1e-12+Math.log(n)/Math.LN10),e=Math.max(-24,Math.min(24,3*Math.floor((e-1)/3)))),Ja[8+e/3]};var Ga=/(?:([^{])?([<>=^]))?([+\- ])?([$#])?(0)?(\d+)?(,)?(\.-?\d+)?([a-z%])?/i,Ka=Zo.map({b:function(n){return n.toString(2)},c:function(n){return String.fromCharCode(n)},o:function(n){return n.toString(8)},x:function(n){return n.toString(16)},X:function(n){return n.toString(16).toUpperCase()},g:function(n,t){return n.toPrecision(t)},e:function(n,t){return n.toExponential(t)},f:function(n,t){return n.toFixed(t)},r:function(n,t){return(n=Zo.round(n,zt(n,t))).toFixed(Math.max(0,Math.min(20,zt(n*(1+1e-15),t))))}}),Qa=Zo.time={},nc=Date;Rt.prototype={getDate:function(){return this._.getUTCDate()},getDay:function(){return this._.getUTCDay()},getFullYear:function(){return this._.getUTCFullYear()},getHours:function(){return this._.getUTCHours()},getMilliseconds:function(){return this._.getUTCMilliseconds()},getMinutes:function(){return this._.getUTCMinutes()},getMonth:function(){return this._.getUTCMonth()},getSeconds:function(){return this._.getUTCSeconds()},getTime:function(){return this._.getTime()},getTimezoneOffset:function(){return 0},valueOf:function(){return this._.valueOf()},setDate:function(){tc.setUTCDate.apply(this._,arguments)},setDay:function(){tc.setUTCDay.apply(this._,arguments)},setFullYear:function(){tc.setUTCFullYear.apply(this._,arguments)},setHours:function(){tc.setUTCHours.apply(this._,arguments)},setMilliseconds:function(){tc.setUTCMilliseconds.apply(this._,arguments)},setMinutes:function(){tc.setUTCMinutes.apply(this._,arguments)},setMonth:function(){tc.setUTCMonth.apply(this._,arguments)},setSeconds:function(){tc.setUTCSeconds.apply(this._,arguments)},setTime:function(){tc.setTime.apply(this._,arguments)}};var tc=Date.prototype;Qa.year=Dt(function(n){return n=Qa.day(n),n.setMonth(0,1),n},function(n,t){n.setFullYear(n.getFullYear()+t)},function(n){return n.getFullYear()}),Qa.years=Qa.year.range,Qa.years.utc=Qa.year.utc.range,Qa.day=Dt(function(n){var t=new nc(2e3,0);return t.setFullYear(n.getFullYear(),n.getMonth(),n.getDate()),t},function(n,t){n.setDate(n.getDate()+t)},function(n){return n.getDate()-1}),Qa.days=Qa.day.range,Qa.days.utc=Qa.day.utc.range,Qa.dayOfYear=function(n){var t=Qa.year(n);return Math.floor((n-t-6e4*(n.getTimezoneOffset()-t.getTimezoneOffset()))/864e5)},["sunday","monday","tuesday","wednesday","thursday","friday","saturday"].forEach(function(n,t){t=7-t;var e=Qa[n]=Dt(function(n){return(n=Qa.day(n)).setDate(n.getDate()-(n.getDay()+t)%7),n},function(n,t){n.setDate(n.getDate()+7*Math.floor(t))},function(n){var e=Qa.year(n).getDay();return Math.floor((Qa.dayOfYear(n)+(e+t)%7)/7)-(e!==t)});Qa[n+"s"]=e.range,Qa[n+"s"].utc=e.utc.range,Qa[n+"OfYear"]=function(n){var e=Qa.year(n).getDay();return Math.floor((Qa.dayOfYear(n)+(e+t)%7)/7)}}),Qa.week=Qa.sunday,Qa.weeks=Qa.sunday.range,Qa.weeks.utc=Qa.sunday.utc.range,Qa.weekOfYear=Qa.sundayOfYear;var ec={"-":"",_:" ",0:"0"},rc=/^\s*\d+/,uc=/^%/;Zo.locale=function(n){return{numberFormat:Tt(n),timeFormat:Ut(n)}};var ic=Zo.locale({decimal:".",thousands:",",grouping:[3],currency:["$",""],dateTime:"%a %b %e %X %Y",date:"%m/%d/%Y",time:"%H:%M:%S",periods:["AM","PM"],days:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],shortDays:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],months:["January","February","March","April","May","June","July","August","September","October","November","December"],shortMonths:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"]});Zo.format=ic.numberFormat,Zo.geo={},ue.prototype={s:0,t:0,add:function(n){ie(n,this.t,oc),ie(oc.s,this.s,this),this.s?this.t+=oc.t:this.s=oc.t},reset:function(){this.s=this.t=0},valueOf:function(){return this.s}};var oc=new ue;Zo.geo.stream=function(n,t){n&&ac.hasOwnProperty(n.type)?ac[n.type](n,t):oe(n,t)};var ac={Feature:function(n,t){oe(n.geometry,t)},FeatureCollection:function(n,t){for(var e=n.features,r=-1,u=e.length;++r<u;)oe(e[r].geometry,t)}},cc={Sphere:function(n,t){t.sphere()},Point:function(n,t){n=n.coordinates,t.point(n[0],n[1],n[2])},MultiPoint:function(n,t){for(var e=n.coordinates,r=-1,u=e.length;++r<u;)n=e[r],t.point(n[0],n[1],n[2])},LineString:function(n,t){ae(n.coordinates,t,0)},MultiLineString:function(n,t){for(var e=n.coordinates,r=-1,u=e.length;++r<u;)ae(e[r],t,0)},Polygon:function(n,t){ce(n.coordinates,t)},MultiPolygon:function(n,t){for(var e=n.coordinates,r=-1,u=e.length;++r<u;)ce(e[r],t)},GeometryCollection:function(n,t){for(var e=n.geometries,r=-1,u=e.length;++r<u;)oe(e[r],t)}};Zo.geo.area=function(n){return sc=0,Zo.geo.stream(n,fc),sc};var sc,lc=new ue,fc={sphere:function(){sc+=4*ba},point:v,lineStart:v,lineEnd:v,polygonStart:function(){lc.reset(),fc.lineStart=se},polygonEnd:function(){var n=2*lc;sc+=0>n?4*ba+n:n,fc.lineStart=fc.lineEnd=fc.point=v}};Zo.geo.bounds=function(){function n(n,t){x.push(M=[l=n,h=n]),f>t&&(f=t),t>g&&(g=t)}function t(t,e){var r=le([t*Aa,e*Aa]);if(m){var u=he(m,r),i=[u[1],-u[0],0],o=he(i,u);ve(o),o=de(o);var c=t-p,s=c>0?1:-1,v=o[0]*Ca*s,d=ua(c)>180;if(d^(v>s*p&&s*t>v)){var y=o[1]*Ca;y>g&&(g=y)}else if(v=(v+360)%360-180,d^(v>s*p&&s*t>v)){var y=-o[1]*Ca;f>y&&(f=y)}else f>e&&(f=e),e>g&&(g=e);d?p>t?a(l,t)>a(l,h)&&(h=t):a(t,h)>a(l,h)&&(l=t):h>=l?(l>t&&(l=t),t>h&&(h=t)):t>p?a(l,t)>a(l,h)&&(h=t):a(t,h)>a(l,h)&&(l=t)}else n(t,e);m=r,p=t}function e(){_.point=t}function r(){M[0]=l,M[1]=h,_.point=n,m=null}function u(n,e){if(m){var r=n-p;y+=ua(r)>180?r+(r>0?360:-360):r}else v=n,d=e;fc.point(n,e),t(n,e)}function i(){fc.lineStart()}function o(){u(v,d),fc.lineEnd(),ua(y)>ka&&(l=-(h=180)),M[0]=l,M[1]=h,m=null}function a(n,t){return(t-=n)<0?t+360:t}function c(n,t){return n[0]-t[0]}function s(n,t){return t[0]<=t[1]?t[0]<=n&&n<=t[1]:n<t[0]||t[1]<n}var l,f,h,g,p,v,d,m,y,x,M,_={point:n,lineStart:e,lineEnd:r,polygonStart:function(){_.point=u,_.lineStart=i,_.lineEnd=o,y=0,fc.polygonStart()},polygonEnd:function(){fc.polygonEnd(),_.point=n,_.lineStart=e,_.lineEnd=r,0>lc?(l=-(h=180),f=-(g=90)):y>ka?g=90:-ka>y&&(f=-90),M[0]=l,M[1]=h}};return function(n){g=h=-(l=f=1/0),x=[],Zo.geo.stream(n,_);var t=x.length;if(t){x.sort(c);for(var e,r=1,u=x[0],i=[u];t>r;++r)e=x[r],s(e[0],u)||s(e[1],u)?(a(u[0],e[1])>a(u[0],u[1])&&(u[1]=e[1]),a(e[0],u[1])>a(u[0],u[1])&&(u[0]=e[0])):i.push(u=e);
-for(var o,e,p=-1/0,t=i.length-1,r=0,u=i[t];t>=r;u=e,++r)e=i[r],(o=a(u[1],e[0]))>p&&(p=o,l=e[0],h=u[1])}return x=M=null,1/0===l||1/0===f?[[0/0,0/0],[0/0,0/0]]:[[l,f],[h,g]]}}(),Zo.geo.centroid=function(n){hc=gc=pc=vc=dc=mc=yc=xc=Mc=_c=bc=0,Zo.geo.stream(n,wc);var t=Mc,e=_c,r=bc,u=t*t+e*e+r*r;return Ea>u&&(t=mc,e=yc,r=xc,ka>gc&&(t=pc,e=vc,r=dc),u=t*t+e*e+r*r,Ea>u)?[0/0,0/0]:[Math.atan2(e,t)*Ca,G(r/Math.sqrt(u))*Ca]};var hc,gc,pc,vc,dc,mc,yc,xc,Mc,_c,bc,wc={sphere:v,point:ye,lineStart:Me,lineEnd:_e,polygonStart:function(){wc.lineStart=be},polygonEnd:function(){wc.lineStart=Me}},Sc=Ae(we,Te,Re,[-ba,-ba/2]),kc=1e9;Zo.geo.clipExtent=function(){var n,t,e,r,u,i,o={stream:function(n){return u&&(u.valid=!1),u=i(n),u.valid=!0,u},extent:function(a){return arguments.length?(i=Ue(n=+a[0][0],t=+a[0][1],e=+a[1][0],r=+a[1][1]),u&&(u.valid=!1,u=null),o):[[n,t],[e,r]]}};return o.extent([[0,0],[960,500]])},(Zo.geo.conicEqualArea=function(){return He(Fe)}).raw=Fe,Zo.geo.albers=function(){return Zo.geo.conicEqualArea().rotate([96,0]).center([-.6,38.7]).parallels([29.5,45.5]).scale(1070)},Zo.geo.albersUsa=function(){function n(n){var i=n[0],o=n[1];return t=null,e(i,o),t||(r(i,o),t)||u(i,o),t}var t,e,r,u,i=Zo.geo.albers(),o=Zo.geo.conicEqualArea().rotate([154,0]).center([-2,58.5]).parallels([55,65]),a=Zo.geo.conicEqualArea().rotate([157,0]).center([-3,19.9]).parallels([8,18]),c={point:function(n,e){t=[n,e]}};return n.invert=function(n){var t=i.scale(),e=i.translate(),r=(n[0]-e[0])/t,u=(n[1]-e[1])/t;return(u>=.12&&.234>u&&r>=-.425&&-.214>r?o:u>=.166&&.234>u&&r>=-.214&&-.115>r?a:i).invert(n)},n.stream=function(n){var t=i.stream(n),e=o.stream(n),r=a.stream(n);return{point:function(n,u){t.point(n,u),e.point(n,u),r.point(n,u)},sphere:function(){t.sphere(),e.sphere(),r.sphere()},lineStart:function(){t.lineStart(),e.lineStart(),r.lineStart()},lineEnd:function(){t.lineEnd(),e.lineEnd(),r.lineEnd()},polygonStart:function(){t.polygonStart(),e.polygonStart(),r.polygonStart()},polygonEnd:function(){t.polygonEnd(),e.polygonEnd(),r.polygonEnd()}}},n.precision=function(t){return arguments.length?(i.precision(t),o.precision(t),a.precision(t),n):i.precision()},n.scale=function(t){return arguments.length?(i.scale(t),o.scale(.35*t),a.scale(t),n.translate(i.translate())):i.scale()},n.translate=function(t){if(!arguments.length)return i.translate();var s=i.scale(),l=+t[0],f=+t[1];return e=i.translate(t).clipExtent([[l-.455*s,f-.238*s],[l+.455*s,f+.238*s]]).stream(c).point,r=o.translate([l-.307*s,f+.201*s]).clipExtent([[l-.425*s+ka,f+.12*s+ka],[l-.214*s-ka,f+.234*s-ka]]).stream(c).point,u=a.translate([l-.205*s,f+.212*s]).clipExtent([[l-.214*s+ka,f+.166*s+ka],[l-.115*s-ka,f+.234*s-ka]]).stream(c).point,n},n.scale(1070)};var Ec,Ac,Cc,Nc,zc,Lc,Tc={point:v,lineStart:v,lineEnd:v,polygonStart:function(){Ac=0,Tc.lineStart=Oe},polygonEnd:function(){Tc.lineStart=Tc.lineEnd=Tc.point=v,Ec+=ua(Ac/2)}},qc={point:Ye,lineStart:v,lineEnd:v,polygonStart:v,polygonEnd:v},Rc={point:Ve,lineStart:Xe,lineEnd:$e,polygonStart:function(){Rc.lineStart=Be},polygonEnd:function(){Rc.point=Ve,Rc.lineStart=Xe,Rc.lineEnd=$e}};Zo.geo.path=function(){function n(n){return n&&("function"==typeof a&&i.pointRadius(+a.apply(this,arguments)),o&&o.valid||(o=u(i)),Zo.geo.stream(n,o)),i.result()}function t(){return o=null,n}var e,r,u,i,o,a=4.5;return n.area=function(n){return Ec=0,Zo.geo.stream(n,u(Tc)),Ec},n.centroid=function(n){return pc=vc=dc=mc=yc=xc=Mc=_c=bc=0,Zo.geo.stream(n,u(Rc)),bc?[Mc/bc,_c/bc]:xc?[mc/xc,yc/xc]:dc?[pc/dc,vc/dc]:[0/0,0/0]},n.bounds=function(n){return zc=Lc=-(Cc=Nc=1/0),Zo.geo.stream(n,u(qc)),[[Cc,Nc],[zc,Lc]]},n.projection=function(n){return arguments.length?(u=(e=n)?n.stream||Ge(n):wt,t()):e},n.context=function(n){return arguments.length?(i=null==(r=n)?new Ie:new We(n),"function"!=typeof a&&i.pointRadius(a),t()):r},n.pointRadius=function(t){return arguments.length?(a="function"==typeof t?t:(i.pointRadius(+t),+t),n):a},n.projection(Zo.geo.albersUsa()).context(null)},Zo.geo.transform=function(n){return{stream:function(t){var e=new Ke(t);for(var r in n)e[r]=n[r];return e}}},Ke.prototype={point:function(n,t){this.stream.point(n,t)},sphere:function(){this.stream.sphere()},lineStart:function(){this.stream.lineStart()},lineEnd:function(){this.stream.lineEnd()},polygonStart:function(){this.stream.polygonStart()},polygonEnd:function(){this.stream.polygonEnd()}},Zo.geo.projection=nr,Zo.geo.projectionMutator=tr,(Zo.geo.equirectangular=function(){return nr(rr)}).raw=rr.invert=rr,Zo.geo.rotation=function(n){function t(t){return t=n(t[0]*Aa,t[1]*Aa),t[0]*=Ca,t[1]*=Ca,t}return n=ir(n[0]%360*Aa,n[1]*Aa,n.length>2?n[2]*Aa:0),t.invert=function(t){return t=n.invert(t[0]*Aa,t[1]*Aa),t[0]*=Ca,t[1]*=Ca,t},t},ur.invert=rr,Zo.geo.circle=function(){function n(){var n="function"==typeof r?r.apply(this,arguments):r,t=ir(-n[0]*Aa,-n[1]*Aa,0).invert,u=[];return e(null,null,1,{point:function(n,e){u.push(n=t(n,e)),n[0]*=Ca,n[1]*=Ca}}),{type:"Polygon",coordinates:[u]}}var t,e,r=[0,0],u=6;return n.origin=function(t){return arguments.length?(r=t,n):r},n.angle=function(r){return arguments.length?(e=sr((t=+r)*Aa,u*Aa),n):t},n.precision=function(r){return arguments.length?(e=sr(t*Aa,(u=+r)*Aa),n):u},n.angle(90)},Zo.geo.distance=function(n,t){var e,r=(t[0]-n[0])*Aa,u=n[1]*Aa,i=t[1]*Aa,o=Math.sin(r),a=Math.cos(r),c=Math.sin(u),s=Math.cos(u),l=Math.sin(i),f=Math.cos(i);return Math.atan2(Math.sqrt((e=f*o)*e+(e=s*l-c*f*a)*e),c*l+s*f*a)},Zo.geo.graticule=function(){function n(){return{type:"MultiLineString",coordinates:t()}}function t(){return Zo.range(Math.ceil(i/d)*d,u,d).map(h).concat(Zo.range(Math.ceil(s/m)*m,c,m).map(g)).concat(Zo.range(Math.ceil(r/p)*p,e,p).filter(function(n){return ua(n%d)>ka}).map(l)).concat(Zo.range(Math.ceil(a/v)*v,o,v).filter(function(n){return ua(n%m)>ka}).map(f))}var e,r,u,i,o,a,c,s,l,f,h,g,p=10,v=p,d=90,m=360,y=2.5;return n.lines=function(){return t().map(function(n){return{type:"LineString",coordinates:n}})},n.outline=function(){return{type:"Polygon",coordinates:[h(i).concat(g(c).slice(1),h(u).reverse().slice(1),g(s).reverse().slice(1))]}},n.extent=function(t){return arguments.length?n.majorExtent(t).minorExtent(t):n.minorExtent()},n.majorExtent=function(t){return arguments.length?(i=+t[0][0],u=+t[1][0],s=+t[0][1],c=+t[1][1],i>u&&(t=i,i=u,u=t),s>c&&(t=s,s=c,c=t),n.precision(y)):[[i,s],[u,c]]},n.minorExtent=function(t){return arguments.length?(r=+t[0][0],e=+t[1][0],a=+t[0][1],o=+t[1][1],r>e&&(t=r,r=e,e=t),a>o&&(t=a,a=o,o=t),n.precision(y)):[[r,a],[e,o]]},n.step=function(t){return arguments.length?n.majorStep(t).minorStep(t):n.minorStep()},n.majorStep=function(t){return arguments.length?(d=+t[0],m=+t[1],n):[d,m]},n.minorStep=function(t){return arguments.length?(p=+t[0],v=+t[1],n):[p,v]},n.precision=function(t){return arguments.length?(y=+t,l=fr(a,o,90),f=hr(r,e,y),h=fr(s,c,90),g=hr(i,u,y),n):y},n.majorExtent([[-180,-90+ka],[180,90-ka]]).minorExtent([[-180,-80-ka],[180,80+ka]])},Zo.geo.greatArc=function(){function n(){return{type:"LineString",coordinates:[t||r.apply(this,arguments),e||u.apply(this,arguments)]}}var t,e,r=gr,u=pr;return n.distance=function(){return Zo.geo.distance(t||r.apply(this,arguments),e||u.apply(this,arguments))},n.source=function(e){return arguments.length?(r=e,t="function"==typeof e?null:e,n):r},n.target=function(t){return arguments.length?(u=t,e="function"==typeof t?null:t,n):u},n.precision=function(){return arguments.length?n:0},n},Zo.geo.interpolate=function(n,t){return vr(n[0]*Aa,n[1]*Aa,t[0]*Aa,t[1]*Aa)},Zo.geo.length=function(n){return Dc=0,Zo.geo.stream(n,Pc),Dc};var Dc,Pc={sphere:v,point:v,lineStart:dr,lineEnd:v,polygonStart:v,polygonEnd:v},Uc=mr(function(n){return Math.sqrt(2/(1+n))},function(n){return 2*Math.asin(n/2)});(Zo.geo.azimuthalEqualArea=function(){return nr(Uc)}).raw=Uc;var jc=mr(function(n){var t=Math.acos(n);return t&&t/Math.sin(t)},wt);(Zo.geo.azimuthalEquidistant=function(){return nr(jc)}).raw=jc,(Zo.geo.conicConformal=function(){return He(yr)}).raw=yr,(Zo.geo.conicEquidistant=function(){return He(xr)}).raw=xr;var Hc=mr(function(n){return 1/n},Math.atan);(Zo.geo.gnomonic=function(){return nr(Hc)}).raw=Hc,Mr.invert=function(n,t){return[n,2*Math.atan(Math.exp(t))-Sa]},(Zo.geo.mercator=function(){return _r(Mr)}).raw=Mr;var Fc=mr(function(){return 1},Math.asin);(Zo.geo.orthographic=function(){return nr(Fc)}).raw=Fc;var Oc=mr(function(n){return 1/(1+n)},function(n){return 2*Math.atan(n)});(Zo.geo.stereographic=function(){return nr(Oc)}).raw=Oc,br.invert=function(n,t){return[-t,2*Math.atan(Math.exp(n))-Sa]},(Zo.geo.transverseMercator=function(){var n=_r(br),t=n.center,e=n.rotate;return n.center=function(n){return n?t([-n[1],n[0]]):(n=t(),[n[1],-n[0]])},n.rotate=function(n){return n?e([n[0],n[1],n.length>2?n[2]+90:90]):(n=e(),[n[0],n[1],n[2]-90])},e([0,0,90])}).raw=br,Zo.geom={},Zo.geom.hull=function(n){function t(n){if(n.length<3)return[];var t,u=bt(e),i=bt(r),o=n.length,a=[],c=[];for(t=0;o>t;t++)a.push([+u.call(this,n[t],t),+i.call(this,n[t],t),t]);for(a.sort(Er),t=0;o>t;t++)c.push([a[t][0],-a[t][1]]);var s=kr(a),l=kr(c),f=l[0]===s[0],h=l[l.length-1]===s[s.length-1],g=[];for(t=s.length-1;t>=0;--t)g.push(n[a[s[t]][2]]);for(t=+f;t<l.length-h;++t)g.push(n[a[l[t]][2]]);return g}var e=wr,r=Sr;return arguments.length?t(n):(t.x=function(n){return arguments.length?(e=n,t):e},t.y=function(n){return arguments.length?(r=n,t):r},t)},Zo.geom.polygon=function(n){return sa(n,Yc),n};var Yc=Zo.geom.polygon.prototype=[];Yc.area=function(){for(var n,t=-1,e=this.length,r=this[e-1],u=0;++t<e;)n=r,r=this[t],u+=n[1]*r[0]-n[0]*r[1];return.5*u},Yc.centroid=function(n){var t,e,r=-1,u=this.length,i=0,o=0,a=this[u-1];for(arguments.length||(n=-1/(6*this.area()));++r<u;)t=a,a=this[r],e=t[0]*a[1]-a[0]*t[1],i+=(t[0]+a[0])*e,o+=(t[1]+a[1])*e;return[i*n,o*n]},Yc.clip=function(n){for(var t,e,r,u,i,o,a=Nr(n),c=-1,s=this.length-Nr(this),l=this[s-1];++c<s;){for(t=n.slice(),n.length=0,u=this[c],i=t[(r=t.length-a)-1],e=-1;++e<r;)o=t[e],Ar(o,l,u)?(Ar(i,l,u)||n.push(Cr(i,o,l,u)),n.push(o)):Ar(i,l,u)&&n.push(Cr(i,o,l,u)),i=o;a&&n.push(n[0]),l=u}return n};var Ic,Zc,Vc,Xc,$c,Bc=[],Wc=[];Ur.prototype.prepare=function(){for(var n,t=this.edges,e=t.length;e--;)n=t[e].edge,n.b&&n.a||t.splice(e,1);return t.sort(Hr),t.length},Wr.prototype={start:function(){return this.edge.l===this.site?this.edge.a:this.edge.b},end:function(){return this.edge.l===this.site?this.edge.b:this.edge.a}},Jr.prototype={insert:function(n,t){var e,r,u;if(n){if(t.P=n,t.N=n.N,n.N&&(n.N.P=t),n.N=t,n.R){for(n=n.R;n.L;)n=n.L;n.L=t}else n.R=t;e=n}else this._?(n=nu(this._),t.P=null,t.N=n,n.P=n.L=t,e=n):(t.P=t.N=null,this._=t,e=null);for(t.L=t.R=null,t.U=e,t.C=!0,n=t;e&&e.C;)r=e.U,e===r.L?(u=r.R,u&&u.C?(e.C=u.C=!1,r.C=!0,n=r):(n===e.R&&(Kr(this,e),n=e,e=n.U),e.C=!1,r.C=!0,Qr(this,r))):(u=r.L,u&&u.C?(e.C=u.C=!1,r.C=!0,n=r):(n===e.L&&(Qr(this,e),n=e,e=n.U),e.C=!1,r.C=!0,Kr(this,r))),e=n.U;this._.C=!1},remove:function(n){n.N&&(n.N.P=n.P),n.P&&(n.P.N=n.N),n.N=n.P=null;var t,e,r,u=n.U,i=n.L,o=n.R;if(e=i?o?nu(o):i:o,u?u.L===n?u.L=e:u.R=e:this._=e,i&&o?(r=e.C,e.C=n.C,e.L=i,i.U=e,e!==o?(u=e.U,e.U=n.U,n=e.R,u.L=n,e.R=o,o.U=e):(e.U=u,u=e,n=e.R)):(r=n.C,n=e),n&&(n.U=u),!r){if(n&&n.C)return n.C=!1,void 0;do{if(n===this._)break;if(n===u.L){if(t=u.R,t.C&&(t.C=!1,u.C=!0,Kr(this,u),t=u.R),t.L&&t.L.C||t.R&&t.R.C){t.R&&t.R.C||(t.L.C=!1,t.C=!0,Qr(this,t),t=u.R),t.C=u.C,u.C=t.R.C=!1,Kr(this,u),n=this._;break}}else if(t=u.L,t.C&&(t.C=!1,u.C=!0,Qr(this,u),t=u.L),t.L&&t.L.C||t.R&&t.R.C){t.L&&t.L.C||(t.R.C=!1,t.C=!0,Kr(this,t),t=u.L),t.C=u.C,u.C=t.L.C=!1,Qr(this,u),n=this._;break}t.C=!0,n=u,u=u.U}while(!n.C);n&&(n.C=!1)}}},Zo.geom.voronoi=function(n){function t(n){var t=new Array(n.length),r=a[0][0],u=a[0][1],i=a[1][0],o=a[1][1];return tu(e(n),a).cells.forEach(function(e,a){var c=e.edges,s=e.site,l=t[a]=c.length?c.map(function(n){var t=n.start();return[t.x,t.y]}):s.x>=r&&s.x<=i&&s.y>=u&&s.y<=o?[[r,o],[i,o],[i,u],[r,u]]:[];l.point=n[a]}),t}function e(n){return n.map(function(n,t){return{x:Math.round(i(n,t)/ka)*ka,y:Math.round(o(n,t)/ka)*ka,i:t}})}var r=wr,u=Sr,i=r,o=u,a=Jc;return n?t(n):(t.links=function(n){return tu(e(n)).edges.filter(function(n){return n.l&&n.r}).map(function(t){return{source:n[t.l.i],target:n[t.r.i]}})},t.triangles=function(n){var t=[];return tu(e(n)).cells.forEach(function(e,r){for(var u,i,o=e.site,a=e.edges.sort(Hr),c=-1,s=a.length,l=a[s-1].edge,f=l.l===o?l.r:l.l;++c<s;)u=l,i=f,l=a[c].edge,f=l.l===o?l.r:l.l,r<i.i&&r<f.i&&ru(o,i,f)<0&&t.push([n[r],n[i.i],n[f.i]])}),t},t.x=function(n){return arguments.length?(i=bt(r=n),t):r},t.y=function(n){return arguments.length?(o=bt(u=n),t):u},t.clipExtent=function(n){return arguments.length?(a=null==n?Jc:n,t):a===Jc?null:a},t.size=function(n){return arguments.length?t.clipExtent(n&&[[0,0],n]):a===Jc?null:a&&a[1]},t)};var Jc=[[-1e6,-1e6],[1e6,1e6]];Zo.geom.delaunay=function(n){return Zo.geom.voronoi().triangles(n)},Zo.geom.quadtree=function(n,t,e,r,u){function i(n){function i(n,t,e,r,u,i,o,a){if(!isNaN(e)&&!isNaN(r))if(n.leaf){var c=n.x,l=n.y;if(null!=c)if(ua(c-e)+ua(l-r)<.01)s(n,t,e,r,u,i,o,a);else{var f=n.point;n.x=n.y=n.point=null,s(n,f,c,l,u,i,o,a),s(n,t,e,r,u,i,o,a)}else n.x=e,n.y=r,n.point=t}else s(n,t,e,r,u,i,o,a)}function s(n,t,e,r,u,o,a,c){var s=.5*(u+a),l=.5*(o+c),f=e>=s,h=r>=l,g=(h<<1)+f;n.leaf=!1,n=n.nodes[g]||(n.nodes[g]=ou()),f?u=s:a=s,h?o=l:c=l,i(n,t,e,r,u,o,a,c)}var l,f,h,g,p,v,d,m,y,x=bt(a),M=bt(c);if(null!=t)v=t,d=e,m=r,y=u;else if(m=y=-(v=d=1/0),f=[],h=[],p=n.length,o)for(g=0;p>g;++g)l=n[g],l.x<v&&(v=l.x),l.y<d&&(d=l.y),l.x>m&&(m=l.x),l.y>y&&(y=l.y),f.push(l.x),h.push(l.y);else for(g=0;p>g;++g){var _=+x(l=n[g],g),b=+M(l,g);v>_&&(v=_),d>b&&(d=b),_>m&&(m=_),b>y&&(y=b),f.push(_),h.push(b)}var w=m-v,S=y-d;w>S?y=d+w:m=v+S;var k=ou();if(k.add=function(n){i(k,n,+x(n,++g),+M(n,g),v,d,m,y)},k.visit=function(n){au(n,k,v,d,m,y)},g=-1,null==t){for(;++g<p;)i(k,n[g],f[g],h[g],v,d,m,y);--g}else n.forEach(k.add);return f=h=n=l=null,k}var o,a=wr,c=Sr;return(o=arguments.length)?(a=uu,c=iu,3===o&&(u=e,r=t,e=t=0),i(n)):(i.x=function(n){return arguments.length?(a=n,i):a},i.y=function(n){return arguments.length?(c=n,i):c},i.extent=function(n){return arguments.length?(null==n?t=e=r=u=null:(t=+n[0][0],e=+n[0][1],r=+n[1][0],u=+n[1][1]),i):null==t?null:[[t,e],[r,u]]},i.size=function(n){return arguments.length?(null==n?t=e=r=u=null:(t=e=0,r=+n[0],u=+n[1]),i):null==t?null:[r-t,u-e]},i)},Zo.interpolateRgb=cu,Zo.interpolateObject=su,Zo.interpolateNumber=lu,Zo.interpolateString=fu;var Gc=/[-+]?(?:\d+\.?\d*|\.?\d+)(?:[eE][-+]?\d+)?/g,Kc=new RegExp(Gc.source,"g");Zo.interpolate=hu,Zo.interpolators=[function(n,t){var e=typeof t;return("string"===e?Ia.has(t)||/^(#|rgb\(|hsl\()/.test(t)?cu:fu:t instanceof et?cu:Array.isArray(t)?gu:"object"===e&&isNaN(t)?su:lu)(n,t)}],Zo.interpolateArray=gu;var Qc=function(){return wt},ns=Zo.map({linear:Qc,poly:Mu,quad:function(){return mu},cubic:function(){return yu},sin:function(){return _u},exp:function(){return bu},circle:function(){return wu},elastic:Su,back:ku,bounce:function(){return Eu}}),ts=Zo.map({"in":wt,out:vu,"in-out":du,"out-in":function(n){return du(vu(n))}});Zo.ease=function(n){var t=n.indexOf("-"),e=t>=0?n.substring(0,t):n,r=t>=0?n.substring(t+1):"in";return e=ns.get(e)||Qc,r=ts.get(r)||wt,pu(r(e.apply(null,Vo.call(arguments,1))))},Zo.interpolateHcl=Au,Zo.interpolateHsl=Cu,Zo.interpolateLab=Nu,Zo.interpolateRound=zu,Zo.transform=function(n){var t=$o.createElementNS(Zo.ns.prefix.svg,"g");return(Zo.transform=function(n){if(null!=n){t.setAttribute("transform",n);var e=t.transform.baseVal.consolidate()}return new Lu(e?e.matrix:es)})(n)},Lu.prototype.toString=function(){return"translate("+this.translate+")rotate("+this.rotate+")skewX("+this.skew+")scale("+this.scale+")"};var es={a:1,b:0,c:0,d:1,e:0,f:0};Zo.interpolateTransform=Du,Zo.layout={},Zo.layout.bundle=function(){return function(n){for(var t=[],e=-1,r=n.length;++e<r;)t.push(ju(n[e]));return t}},Zo.layout.chord=function(){function n(){var n,s,f,h,g,p={},v=[],d=Zo.range(i),m=[];for(e=[],r=[],n=0,h=-1;++h<i;){for(s=0,g=-1;++g<i;)s+=u[h][g];v.push(s),m.push(Zo.range(i)),n+=s}for(o&&d.sort(function(n,t){return o(v[n],v[t])}),a&&m.forEach(function(n,t){n.sort(function(n,e){return a(u[t][n],u[t][e])})}),n=(wa-l*i)/n,s=0,h=-1;++h<i;){for(f=s,g=-1;++g<i;){var y=d[h],x=m[y][g],M=u[y][x],_=s,b=s+=M*n;p[y+"-"+x]={index:y,subindex:x,startAngle:_,endAngle:b,value:M}}r[y]={index:y,startAngle:f,endAngle:s,value:(s-f)/n},s+=l}for(h=-1;++h<i;)for(g=h-1;++g<i;){var w=p[h+"-"+g],S=p[g+"-"+h];(w.value||S.value)&&e.push(w.value<S.value?{source:S,target:w}:{source:w,target:S})}c&&t()}function t(){e.sort(function(n,t){return c((n.source.value+n.target.value)/2,(t.source.value+t.target.value)/2)})}var e,r,u,i,o,a,c,s={},l=0;return s.matrix=function(n){return arguments.length?(i=(u=n)&&u.length,e=r=null,s):u},s.padding=function(n){return arguments.length?(l=n,e=r=null,s):l},s.sortGroups=function(n){return arguments.length?(o=n,e=r=null,s):o},s.sortSubgroups=function(n){return arguments.length?(a=n,e=null,s):a},s.sortChords=function(n){return arguments.length?(c=n,e&&t(),s):c},s.chords=function(){return e||n(),e},s.groups=function(){return r||n(),r},s},Zo.layout.force=function(){function n(n){return function(t,e,r,u){if(t.point!==n){var i=t.cx-n.x,o=t.cy-n.y,a=u-e,c=i*i+o*o;if(c>a*a/d){if(p>c){var s=t.charge/c;n.px-=i*s,n.py-=o*s}return!0}if(t.point&&c&&p>c){var s=t.pointCharge/c;n.px-=i*s,n.py-=o*s}}return!t.charge}}function t(n){n.px=Zo.event.x,n.py=Zo.event.y,a.resume()}var e,r,u,i,o,a={},c=Zo.dispatch("start","tick","end"),s=[1,1],l=.9,f=rs,h=us,g=-30,p=is,v=.1,d=.64,m=[],y=[];return a.tick=function(){if((r*=.99)<.005)return c.end({type:"end",alpha:r=0}),!0;var t,e,a,f,h,p,d,x,M,_=m.length,b=y.length;for(e=0;b>e;++e)a=y[e],f=a.source,h=a.target,x=h.x-f.x,M=h.y-f.y,(p=x*x+M*M)&&(p=r*i[e]*((p=Math.sqrt(p))-u[e])/p,x*=p,M*=p,h.x-=x*(d=f.weight/(h.weight+f.weight)),h.y-=M*d,f.x+=x*(d=1-d),f.y+=M*d);if((d=r*v)&&(x=s[0]/2,M=s[1]/2,e=-1,d))for(;++e<_;)a=m[e],a.x+=(x-a.x)*d,a.y+=(M-a.y)*d;if(g)for(Vu(t=Zo.geom.quadtree(m),r,o),e=-1;++e<_;)(a=m[e]).fixed||t.visit(n(a));for(e=-1;++e<_;)a=m[e],a.fixed?(a.x=a.px,a.y=a.py):(a.x-=(a.px-(a.px=a.x))*l,a.y-=(a.py-(a.py=a.y))*l);c.tick({type:"tick",alpha:r})},a.nodes=function(n){return arguments.length?(m=n,a):m},a.links=function(n){return arguments.length?(y=n,a):y},a.size=function(n){return arguments.length?(s=n,a):s},a.linkDistance=function(n){return arguments.length?(f="function"==typeof n?n:+n,a):f},a.distance=a.linkDistance,a.linkStrength=function(n){return arguments.length?(h="function"==typeof n?n:+n,a):h},a.friction=function(n){return arguments.length?(l=+n,a):l},a.charge=function(n){return arguments.length?(g="function"==typeof n?n:+n,a):g},a.chargeDistance=function(n){return arguments.length?(p=n*n,a):Math.sqrt(p)},a.gravity=function(n){return arguments.length?(v=+n,a):v},a.theta=function(n){return arguments.length?(d=n*n,a):Math.sqrt(d)},a.alpha=function(n){return arguments.length?(n=+n,r?r=n>0?n:0:n>0&&(c.start({type:"start",alpha:r=n}),Zo.timer(a.tick)),a):r},a.start=function(){function n(n,r){if(!e){for(e=new Array(c),a=0;c>a;++a)e[a]=[];for(a=0;s>a;++a){var u=y[a];e[u.source.index].push(u.target),e[u.target.index].push(u.source)}}for(var i,o=e[t],a=-1,s=o.length;++a<s;)if(!isNaN(i=o[a][n]))return i;return Math.random()*r}var t,e,r,c=m.length,l=y.length,p=s[0],v=s[1];for(t=0;c>t;++t)(r=m[t]).index=t,r.weight=0;for(t=0;l>t;++t)r=y[t],"number"==typeof r.source&&(r.source=m[r.source]),"number"==typeof r.target&&(r.target=m[r.target]),++r.source.weight,++r.target.weight;for(t=0;c>t;++t)r=m[t],isNaN(r.x)&&(r.x=n("x",p)),isNaN(r.y)&&(r.y=n("y",v)),isNaN(r.px)&&(r.px=r.x),isNaN(r.py)&&(r.py=r.y);if(u=[],"function"==typeof f)for(t=0;l>t;++t)u[t]=+f.call(this,y[t],t);else for(t=0;l>t;++t)u[t]=f;if(i=[],"function"==typeof h)for(t=0;l>t;++t)i[t]=+h.call(this,y[t],t);else for(t=0;l>t;++t)i[t]=h;if(o=[],"function"==typeof g)for(t=0;c>t;++t)o[t]=+g.call(this,m[t],t);else for(t=0;c>t;++t)o[t]=g;return a.resume()},a.resume=function(){return a.alpha(.1)},a.stop=function(){return a.alpha(0)},a.drag=function(){return e||(e=Zo.behavior.drag().origin(wt).on("dragstart.force",Ou).on("drag.force",t).on("dragend.force",Yu)),arguments.length?(this.on("mouseover.force",Iu).on("mouseout.force",Zu).call(e),void 0):e},Zo.rebind(a,c,"on")};var rs=20,us=1,is=1/0;Zo.layout.hierarchy=function(){function n(u){var i,o=[u],a=[];for(u.depth=0;null!=(i=o.pop());)if(a.push(i),(s=e.call(n,i,i.depth))&&(c=s.length)){for(var c,s,l;--c>=0;)o.push(l=s[c]),l.parent=i,l.depth=i.depth+1;r&&(i.value=0),i.children=s}else r&&(i.value=+r.call(n,i,i.depth)||0),delete i.children;return Bu(u,function(n){var e,u;t&&(e=n.children)&&e.sort(t),r&&(u=n.parent)&&(u.value+=n.value)}),a}var t=Gu,e=Wu,r=Ju;return n.sort=function(e){return arguments.length?(t=e,n):t},n.children=function(t){return arguments.length?(e=t,n):e},n.value=function(t){return arguments.length?(r=t,n):r},n.revalue=function(t){return r&&($u(t,function(n){n.children&&(n.value=0)}),Bu(t,function(t){var e;t.children||(t.value=+r.call(n,t,t.depth)||0),(e=t.parent)&&(e.value+=t.value)})),t},n},Zo.layout.partition=function(){function n(t,e,r,u){var i=t.children;if(t.x=e,t.y=t.depth*u,t.dx=r,t.dy=u,i&&(o=i.length)){var o,a,c,s=-1;for(r=t.value?r/t.value:0;++s<o;)n(a=i[s],e,c=a.value*r,u),e+=c}}function t(n){var e=n.children,r=0;if(e&&(u=e.length))for(var u,i=-1;++i<u;)r=Math.max(r,t(e[i]));return 1+r}function e(e,i){var o=r.call(this,e,i);return n(o[0],0,u[0],u[1]/t(o[0])),o}var r=Zo.layout.hierarchy(),u=[1,1];return e.size=function(n){return arguments.length?(u=n,e):u},Xu(e,r)},Zo.layout.pie=function(){function n(i){var o=i.map(function(e,r){return+t.call(n,e,r)}),a=+("function"==typeof r?r.apply(this,arguments):r),c=(("function"==typeof u?u.apply(this,arguments):u)-a)/Zo.sum(o),s=Zo.range(i.length);null!=e&&s.sort(e===os?function(n,t){return o[t]-o[n]}:function(n,t){return e(i[n],i[t])});var l=[];return s.forEach(function(n){var t;l[n]={data:i[n],value:t=o[n],startAngle:a,endAngle:a+=t*c}}),l}var t=Number,e=os,r=0,u=wa;return n.value=function(e){return arguments.length?(t=e,n):t},n.sort=function(t){return arguments.length?(e=t,n):e},n.startAngle=function(t){return arguments.length?(r=t,n):r},n.endAngle=function(t){return arguments.length?(u=t,n):u},n};var os={};Zo.layout.stack=function(){function n(a,c){var s=a.map(function(e,r){return t.call(n,e,r)}),l=s.map(function(t){return t.map(function(t,e){return[i.call(n,t,e),o.call(n,t,e)]})}),f=e.call(n,l,c);s=Zo.permute(s,f),l=Zo.permute(l,f);var h,g,p,v=r.call(n,l,c),d=s.length,m=s[0].length;for(g=0;m>g;++g)for(u.call(n,s[0][g],p=v[g],l[0][g][1]),h=1;d>h;++h)u.call(n,s[h][g],p+=l[h-1][g][1],l[h][g][1]);return a}var t=wt,e=ei,r=ri,u=ti,i=Qu,o=ni;return n.values=function(e){return arguments.length?(t=e,n):t},n.order=function(t){return arguments.length?(e="function"==typeof t?t:as.get(t)||ei,n):e},n.offset=function(t){return arguments.length?(r="function"==typeof t?t:cs.get(t)||ri,n):r},n.x=function(t){return arguments.length?(i=t,n):i},n.y=function(t){return arguments.length?(o=t,n):o},n.out=function(t){return arguments.length?(u=t,n):u},n};var as=Zo.map({"inside-out":function(n){var t,e,r=n.length,u=n.map(ui),i=n.map(ii),o=Zo.range(r).sort(function(n,t){return u[n]-u[t]}),a=0,c=0,s=[],l=[];for(t=0;r>t;++t)e=o[t],c>a?(a+=i[e],s.push(e)):(c+=i[e],l.push(e));return l.reverse().concat(s)},reverse:function(n){return Zo.range(n.length).reverse()},"default":ei}),cs=Zo.map({silhouette:function(n){var t,e,r,u=n.length,i=n[0].length,o=[],a=0,c=[];for(e=0;i>e;++e){for(t=0,r=0;u>t;t++)r+=n[t][e][1];r>a&&(a=r),o.push(r)}for(e=0;i>e;++e)c[e]=(a-o[e])/2;return c},wiggle:function(n){var t,e,r,u,i,o,a,c,s,l=n.length,f=n[0],h=f.length,g=[];for(g[0]=c=s=0,e=1;h>e;++e){for(t=0,u=0;l>t;++t)u+=n[t][e][1];for(t=0,i=0,a=f[e][0]-f[e-1][0];l>t;++t){for(r=0,o=(n[t][e][1]-n[t][e-1][1])/(2*a);t>r;++r)o+=(n[r][e][1]-n[r][e-1][1])/a;i+=o*n[t][e][1]}g[e]=c-=u?i/u*a:0,s>c&&(s=c)}for(e=0;h>e;++e)g[e]-=s;return g},expand:function(n){var t,e,r,u=n.length,i=n[0].length,o=1/u,a=[];for(e=0;i>e;++e){for(t=0,r=0;u>t;t++)r+=n[t][e][1];if(r)for(t=0;u>t;t++)n[t][e][1]/=r;else for(t=0;u>t;t++)n[t][e][1]=o}for(e=0;i>e;++e)a[e]=0;return a},zero:ri});Zo.layout.histogram=function(){function n(n,i){for(var o,a,c=[],s=n.map(e,this),l=r.call(this,s,i),f=u.call(this,l,s,i),i=-1,h=s.length,g=f.length-1,p=t?1:1/h;++i<g;)o=c[i]=[],o.dx=f[i+1]-(o.x=f[i]),o.y=0;if(g>0)for(i=-1;++i<h;)a=s[i],a>=l[0]&&a<=l[1]&&(o=c[Zo.bisect(f,a,1,g)-1],o.y+=p,o.push(n[i]));return c}var t=!0,e=Number,r=si,u=ai;return n.value=function(t){return arguments.length?(e=t,n):e},n.range=function(t){return arguments.length?(r=bt(t),n):r},n.bins=function(t){return arguments.length?(u="number"==typeof t?function(n){return ci(n,t)}:bt(t),n):u},n.frequency=function(e){return arguments.length?(t=!!e,n):t},n},Zo.layout.pack=function(){function n(n,i){var o=e.call(this,n,i),a=o[0],c=u[0],s=u[1],l=null==t?Math.sqrt:"function"==typeof t?t:function(){return t};if(a.x=a.y=0,Bu(a,function(n){n.r=+l(n.value)}),Bu(a,pi),r){var f=r*(t?1:Math.max(2*a.r/c,2*a.r/s))/2;Bu(a,function(n){n.r+=f}),Bu(a,pi),Bu(a,function(n){n.r-=f})}return mi(a,c/2,s/2,t?1:1/Math.max(2*a.r/c,2*a.r/s)),o}var t,e=Zo.layout.hierarchy().sort(li),r=0,u=[1,1];return n.size=function(t){return arguments.length?(u=t,n):u},n.radius=function(e){return arguments.length?(t=null==e||"function"==typeof e?e:+e,n):t},n.padding=function(t){return arguments.length?(r=+t,n):r},Xu(n,e)},Zo.layout.tree=function(){function n(n,u){var l=o.call(this,n,u),f=l[0],h=t(f);if(Bu(h,e),h.parent.m=-h.z,$u(h,r),s)$u(f,i);else{var g=f,p=f,v=f;$u(f,function(n){n.x<g.x&&(g=n),n.x>p.x&&(p=n),n.depth>v.depth&&(v=n)});var d=a(g,p)/2-g.x,m=c[0]/(p.x+a(p,g)/2+d),y=c[1]/(v.depth||1);$u(f,function(n){n.x=(n.x+d)*m,n.y=n.depth*y})}return l}function t(n){for(var t,e={A:null,children:[n]},r=[e];null!=(t=r.pop());)for(var u,i=t.children,o=0,a=i.length;a>o;++o)r.push((i[o]=u={_:i[o],parent:t,children:(u=i[o].children)&&u.slice()||[],A:null,a:null,z:0,m:0,c:0,s:0,t:null,i:o}).a=u);return e.children[0]}function e(n){var t=n.children,e=n.parent.children,r=n.i?e[n.i-1]:null;if(t.length){wi(n);var i=(t[0].z+t[t.length-1].z)/2;r?(n.z=r.z+a(n._,r._),n.m=n.z-i):n.z=i}else r&&(n.z=r.z+a(n._,r._));n.parent.A=u(n,r,n.parent.A||e[0])}function r(n){n._.x=n.z+n.parent.m,n.m+=n.parent.m}function u(n,t,e){if(t){for(var r,u=n,i=n,o=t,c=u.parent.children[0],s=u.m,l=i.m,f=o.m,h=c.m;o=_i(o),u=Mi(u),o&&u;)c=Mi(c),i=_i(i),i.a=n,r=o.z+f-u.z-s+a(o._,u._),r>0&&(bi(Si(o,n,e),n,r),s+=r,l+=r),f+=o.m,s+=u.m,h+=c.m,l+=i.m;o&&!_i(i)&&(i.t=o,i.m+=f-l),u&&!Mi(c)&&(c.t=u,c.m+=s-h,e=n)}return e}function i(n){n.x*=c[0],n.y=n.depth*c[1]}var o=Zo.layout.hierarchy().sort(null).value(null),a=xi,c=[1,1],s=null;return n.separation=function(t){return arguments.length?(a=t,n):a},n.size=function(t){return arguments.length?(s=null==(c=t)?i:null,n):s?null:c},n.nodeSize=function(t){return arguments.length?(s=null==(c=t)?null:i,n):s?c:null},Xu(n,o)},Zo.layout.cluster=function(){function n(n,i){var o,a=t.call(this,n,i),c=a[0],s=0;Bu(c,function(n){var t=n.children;t&&t.length?(n.x=Ei(t),n.y=ki(t)):(n.x=o?s+=e(n,o):0,n.y=0,o=n)});var l=Ai(c),f=Ci(c),h=l.x-e(l,f)/2,g=f.x+e(f,l)/2;return Bu(c,u?function(n){n.x=(n.x-c.x)*r[0],n.y=(c.y-n.y)*r[1]}:function(n){n.x=(n.x-h)/(g-h)*r[0],n.y=(1-(c.y?n.y/c.y:1))*r[1]}),a}var t=Zo.layout.hierarchy().sort(null).value(null),e=xi,r=[1,1],u=!1;return n.separation=function(t){return arguments.length?(e=t,n):e},n.size=function(t){return arguments.length?(u=null==(r=t),n):u?null:r},n.nodeSize=function(t){return arguments.length?(u=null!=(r=t),n):u?r:null},Xu(n,t)},Zo.layout.treemap=function(){function n(n,t){for(var e,r,u=-1,i=n.length;++u<i;)r=(e=n[u]).value*(0>t?0:t),e.area=isNaN(r)||0>=r?0:r}function t(e){var i=e.children;if(i&&i.length){var o,a,c,s=f(e),l=[],h=i.slice(),p=1/0,v="slice"===g?s.dx:"dice"===g?s.dy:"slice-dice"===g?1&e.depth?s.dy:s.dx:Math.min(s.dx,s.dy);for(n(h,s.dx*s.dy/e.value),l.area=0;(c=h.length)>0;)l.push(o=h[c-1]),l.area+=o.area,"squarify"!==g||(a=r(l,v))<=p?(h.pop(),p=a):(l.area-=l.pop().area,u(l,v,s,!1),v=Math.min(s.dx,s.dy),l.length=l.area=0,p=1/0);l.length&&(u(l,v,s,!0),l.length=l.area=0),i.forEach(t)}}function e(t){var r=t.children;if(r&&r.length){var i,o=f(t),a=r.slice(),c=[];for(n(a,o.dx*o.dy/t.value),c.area=0;i=a.pop();)c.push(i),c.area+=i.area,null!=i.z&&(u(c,i.z?o.dx:o.dy,o,!a.length),c.length=c.area=0);r.forEach(e)}}function r(n,t){for(var e,r=n.area,u=0,i=1/0,o=-1,a=n.length;++o<a;)(e=n[o].area)&&(i>e&&(i=e),e>u&&(u=e));return r*=r,t*=t,r?Math.max(t*u*p/r,r/(t*i*p)):1/0}function u(n,t,e,r){var u,i=-1,o=n.length,a=e.x,s=e.y,l=t?c(n.area/t):0;if(t==e.dx){for((r||l>e.dy)&&(l=e.dy);++i<o;)u=n[i],u.x=a,u.y=s,u.dy=l,a+=u.dx=Math.min(e.x+e.dx-a,l?c(u.area/l):0);u.z=!0,u.dx+=e.x+e.dx-a,e.y+=l,e.dy-=l}else{for((r||l>e.dx)&&(l=e.dx);++i<o;)u=n[i],u.x=a,u.y=s,u.dx=l,s+=u.dy=Math.min(e.y+e.dy-s,l?c(u.area/l):0);u.z=!1,u.dy+=e.y+e.dy-s,e.x+=l,e.dx-=l}}function i(r){var u=o||a(r),i=u[0];return i.x=0,i.y=0,i.dx=s[0],i.dy=s[1],o&&a.revalue(i),n([i],i.dx*i.dy/i.value),(o?e:t)(i),h&&(o=u),u}var o,a=Zo.layout.hierarchy(),c=Math.round,s=[1,1],l=null,f=Ni,h=!1,g="squarify",p=.5*(1+Math.sqrt(5));return i.size=function(n){return arguments.length?(s=n,i):s},i.padding=function(n){function t(t){var e=n.call(i,t,t.depth);return null==e?Ni(t):zi(t,"number"==typeof e?[e,e,e,e]:e)}function e(t){return zi(t,n)}if(!arguments.length)return l;var r;return f=null==(l=n)?Ni:"function"==(r=typeof n)?t:"number"===r?(n=[n,n,n,n],e):e,i},i.round=function(n){return arguments.length?(c=n?Math.round:Number,i):c!=Number},i.sticky=function(n){return arguments.length?(h=n,o=null,i):h},i.ratio=function(n){return arguments.length?(p=n,i):p},i.mode=function(n){return arguments.length?(g=n+"",i):g},Xu(i,a)},Zo.random={normal:function(n,t){var e=arguments.length;return 2>e&&(t=1),1>e&&(n=0),function(){var e,r,u;do e=2*Math.random()-1,r=2*Math.random()-1,u=e*e+r*r;while(!u||u>1);return n+t*e*Math.sqrt(-2*Math.log(u)/u)}},logNormal:function(){var n=Zo.random.normal.apply(Zo,arguments);return function(){return Math.exp(n())}},bates:function(n){var t=Zo.random.irwinHall(n);return function(){return t()/n}},irwinHall:function(n){return function(){for(var t=0,e=0;n>e;e++)t+=Math.random();return t}}},Zo.scale={};var ss={floor:wt,ceil:wt};Zo.scale.linear=function(){return Ui([0,1],[0,1],hu,!1)};var ls={s:1,g:1,p:1,r:1,e:1};Zo.scale.log=function(){return Vi(Zo.scale.linear().domain([0,1]),10,!0,[1,10])};var fs=Zo.format(".0e"),hs={floor:function(n){return-Math.ceil(-n)},ceil:function(n){return-Math.floor(-n)}};Zo.scale.pow=function(){return Xi(Zo.scale.linear(),1,[0,1])},Zo.scale.sqrt=function(){return Zo.scale.pow().exponent(.5)},Zo.scale.ordinal=function(){return Bi([],{t:"range",a:[[]]})},Zo.scale.category10=function(){return Zo.scale.ordinal().range(gs)},Zo.scale.category20=function(){return Zo.scale.ordinal().range(ps)},Zo.scale.category20b=function(){return Zo.scale.ordinal().range(vs)},Zo.scale.category20c=function(){return Zo.scale.ordinal().range(ds)};var gs=[2062260,16744206,2924588,14034728,9725885,9197131,14907330,8355711,12369186,1556175].map(vt),ps=[2062260,11454440,16744206,16759672,2924588,10018698,14034728,16750742,9725885,12955861,9197131,12885140,14907330,16234194,8355711,13092807,12369186,14408589,1556175,10410725].map(vt),vs=[3750777,5395619,7040719,10264286,6519097,9216594,11915115,13556636,9202993,12426809,15186514,15190932,8666169,11356490,14049643,15177372,8077683,10834324,13528509,14589654].map(vt),ds=[3244733,7057110,10406625,13032431,15095053,16616764,16625259,16634018,3253076,7652470,10607003,13101504,7695281,10394312,12369372,14342891,6513507,9868950,12434877,14277081].map(vt);Zo.scale.quantile=function(){return Wi([],[])},Zo.scale.quantize=function(){return Ji(0,1,[0,1])},Zo.scale.threshold=function(){return Gi([.5],[0,1])},Zo.scale.identity=function(){return Ki([0,1])},Zo.svg={},Zo.svg.arc=function(){function n(){var n=t.apply(this,arguments),i=e.apply(this,arguments),o=r.apply(this,arguments)+ms,a=u.apply(this,arguments)+ms,c=(o>a&&(c=o,o=a,a=c),a-o),s=ba>c?"0":"1",l=Math.cos(o),f=Math.sin(o),h=Math.cos(a),g=Math.sin(a);
-return c>=ys?n?"M0,"+i+"A"+i+","+i+" 0 1,1 0,"+-i+"A"+i+","+i+" 0 1,1 0,"+i+"M0,"+n+"A"+n+","+n+" 0 1,0 0,"+-n+"A"+n+","+n+" 0 1,0 0,"+n+"Z":"M0,"+i+"A"+i+","+i+" 0 1,1 0,"+-i+"A"+i+","+i+" 0 1,1 0,"+i+"Z":n?"M"+i*l+","+i*f+"A"+i+","+i+" 0 "+s+",1 "+i*h+","+i*g+"L"+n*h+","+n*g+"A"+n+","+n+" 0 "+s+",0 "+n*l+","+n*f+"Z":"M"+i*l+","+i*f+"A"+i+","+i+" 0 "+s+",1 "+i*h+","+i*g+"L0,0"+"Z"}var t=Qi,e=no,r=to,u=eo;return n.innerRadius=function(e){return arguments.length?(t=bt(e),n):t},n.outerRadius=function(t){return arguments.length?(e=bt(t),n):e},n.startAngle=function(t){return arguments.length?(r=bt(t),n):r},n.endAngle=function(t){return arguments.length?(u=bt(t),n):u},n.centroid=function(){var n=(t.apply(this,arguments)+e.apply(this,arguments))/2,i=(r.apply(this,arguments)+u.apply(this,arguments))/2+ms;return[Math.cos(i)*n,Math.sin(i)*n]},n};var ms=-Sa,ys=wa-ka;Zo.svg.line=function(){return ro(wt)};var xs=Zo.map({linear:uo,"linear-closed":io,step:oo,"step-before":ao,"step-after":co,basis:po,"basis-open":vo,"basis-closed":mo,bundle:yo,cardinal:fo,"cardinal-open":so,"cardinal-closed":lo,monotone:So});xs.forEach(function(n,t){t.key=n,t.closed=/-closed$/.test(n)});var Ms=[0,2/3,1/3,0],_s=[0,1/3,2/3,0],bs=[0,1/6,2/3,1/6];Zo.svg.line.radial=function(){var n=ro(ko);return n.radius=n.x,delete n.x,n.angle=n.y,delete n.y,n},ao.reverse=co,co.reverse=ao,Zo.svg.area=function(){return Eo(wt)},Zo.svg.area.radial=function(){var n=Eo(ko);return n.radius=n.x,delete n.x,n.innerRadius=n.x0,delete n.x0,n.outerRadius=n.x1,delete n.x1,n.angle=n.y,delete n.y,n.startAngle=n.y0,delete n.y0,n.endAngle=n.y1,delete n.y1,n},Zo.svg.chord=function(){function n(n,a){var c=t(this,i,n,a),s=t(this,o,n,a);return"M"+c.p0+r(c.r,c.p1,c.a1-c.a0)+(e(c,s)?u(c.r,c.p1,c.r,c.p0):u(c.r,c.p1,s.r,s.p0)+r(s.r,s.p1,s.a1-s.a0)+u(s.r,s.p1,c.r,c.p0))+"Z"}function t(n,t,e,r){var u=t.call(n,e,r),i=a.call(n,u,r),o=c.call(n,u,r)+ms,l=s.call(n,u,r)+ms;return{r:i,a0:o,a1:l,p0:[i*Math.cos(o),i*Math.sin(o)],p1:[i*Math.cos(l),i*Math.sin(l)]}}function e(n,t){return n.a0==t.a0&&n.a1==t.a1}function r(n,t,e){return"A"+n+","+n+" 0 "+ +(e>ba)+",1 "+t}function u(n,t,e,r){return"Q 0,0 "+r}var i=gr,o=pr,a=Ao,c=to,s=eo;return n.radius=function(t){return arguments.length?(a=bt(t),n):a},n.source=function(t){return arguments.length?(i=bt(t),n):i},n.target=function(t){return arguments.length?(o=bt(t),n):o},n.startAngle=function(t){return arguments.length?(c=bt(t),n):c},n.endAngle=function(t){return arguments.length?(s=bt(t),n):s},n},Zo.svg.diagonal=function(){function n(n,u){var i=t.call(this,n,u),o=e.call(this,n,u),a=(i.y+o.y)/2,c=[i,{x:i.x,y:a},{x:o.x,y:a},o];return c=c.map(r),"M"+c[0]+"C"+c[1]+" "+c[2]+" "+c[3]}var t=gr,e=pr,r=Co;return n.source=function(e){return arguments.length?(t=bt(e),n):t},n.target=function(t){return arguments.length?(e=bt(t),n):e},n.projection=function(t){return arguments.length?(r=t,n):r},n},Zo.svg.diagonal.radial=function(){var n=Zo.svg.diagonal(),t=Co,e=n.projection;return n.projection=function(n){return arguments.length?e(No(t=n)):t},n},Zo.svg.symbol=function(){function n(n,r){return(ws.get(t.call(this,n,r))||To)(e.call(this,n,r))}var t=Lo,e=zo;return n.type=function(e){return arguments.length?(t=bt(e),n):t},n.size=function(t){return arguments.length?(e=bt(t),n):e},n};var ws=Zo.map({circle:To,cross:function(n){var t=Math.sqrt(n/5)/2;return"M"+-3*t+","+-t+"H"+-t+"V"+-3*t+"H"+t+"V"+-t+"H"+3*t+"V"+t+"H"+t+"V"+3*t+"H"+-t+"V"+t+"H"+-3*t+"Z"},diamond:function(n){var t=Math.sqrt(n/(2*As)),e=t*As;return"M0,"+-t+"L"+e+",0"+" 0,"+t+" "+-e+",0"+"Z"},square:function(n){var t=Math.sqrt(n)/2;return"M"+-t+","+-t+"L"+t+","+-t+" "+t+","+t+" "+-t+","+t+"Z"},"triangle-down":function(n){var t=Math.sqrt(n/Es),e=t*Es/2;return"M0,"+e+"L"+t+","+-e+" "+-t+","+-e+"Z"},"triangle-up":function(n){var t=Math.sqrt(n/Es),e=t*Es/2;return"M0,"+-e+"L"+t+","+e+" "+-t+","+e+"Z"}});Zo.svg.symbolTypes=ws.keys();var Ss,ks,Es=Math.sqrt(3),As=Math.tan(30*Aa),Cs=[],Ns=0;Cs.call=pa.call,Cs.empty=pa.empty,Cs.node=pa.node,Cs.size=pa.size,Zo.transition=function(n){return arguments.length?Ss?n.transition():n:ma.transition()},Zo.transition.prototype=Cs,Cs.select=function(n){var t,e,r,u=this.id,i=[];n=b(n);for(var o=-1,a=this.length;++o<a;){i.push(t=[]);for(var c=this[o],s=-1,l=c.length;++s<l;)(r=c[s])&&(e=n.call(r,r.__data__,s,o))?("__data__"in r&&(e.__data__=r.__data__),Po(e,s,u,r.__transition__[u]),t.push(e)):t.push(null)}return qo(i,u)},Cs.selectAll=function(n){var t,e,r,u,i,o=this.id,a=[];n=w(n);for(var c=-1,s=this.length;++c<s;)for(var l=this[c],f=-1,h=l.length;++f<h;)if(r=l[f]){i=r.__transition__[o],e=n.call(r,r.__data__,f,c),a.push(t=[]);for(var g=-1,p=e.length;++g<p;)(u=e[g])&&Po(u,g,o,i),t.push(u)}return qo(a,o)},Cs.filter=function(n){var t,e,r,u=[];"function"!=typeof n&&(n=R(n));for(var i=0,o=this.length;o>i;i++){u.push(t=[]);for(var e=this[i],a=0,c=e.length;c>a;a++)(r=e[a])&&n.call(r,r.__data__,a,i)&&t.push(r)}return qo(u,this.id)},Cs.tween=function(n,t){var e=this.id;return arguments.length<2?this.node().__transition__[e].tween.get(n):P(this,null==t?function(t){t.__transition__[e].tween.remove(n)}:function(r){r.__transition__[e].tween.set(n,t)})},Cs.attr=function(n,t){function e(){this.removeAttribute(a)}function r(){this.removeAttributeNS(a.space,a.local)}function u(n){return null==n?e:(n+="",function(){var t,e=this.getAttribute(a);return e!==n&&(t=o(e,n),function(n){this.setAttribute(a,t(n))})})}function i(n){return null==n?r:(n+="",function(){var t,e=this.getAttributeNS(a.space,a.local);return e!==n&&(t=o(e,n),function(n){this.setAttributeNS(a.space,a.local,t(n))})})}if(arguments.length<2){for(t in n)this.attr(t,n[t]);return this}var o="transform"==n?Du:hu,a=Zo.ns.qualify(n);return Ro(this,"attr."+n,t,a.local?i:u)},Cs.attrTween=function(n,t){function e(n,e){var r=t.call(this,n,e,this.getAttribute(u));return r&&function(n){this.setAttribute(u,r(n))}}function r(n,e){var r=t.call(this,n,e,this.getAttributeNS(u.space,u.local));return r&&function(n){this.setAttributeNS(u.space,u.local,r(n))}}var u=Zo.ns.qualify(n);return this.tween("attr."+n,u.local?r:e)},Cs.style=function(n,t,e){function r(){this.style.removeProperty(n)}function u(t){return null==t?r:(t+="",function(){var r,u=Wo.getComputedStyle(this,null).getPropertyValue(n);return u!==t&&(r=hu(u,t),function(t){this.style.setProperty(n,r(t),e)})})}var i=arguments.length;if(3>i){if("string"!=typeof n){2>i&&(t="");for(e in n)this.style(e,n[e],t);return this}e=""}return Ro(this,"style."+n,t,u)},Cs.styleTween=function(n,t,e){function r(r,u){var i=t.call(this,r,u,Wo.getComputedStyle(this,null).getPropertyValue(n));return i&&function(t){this.style.setProperty(n,i(t),e)}}return arguments.length<3&&(e=""),this.tween("style."+n,r)},Cs.text=function(n){return Ro(this,"text",n,Do)},Cs.remove=function(){return this.each("end.transition",function(){var n;this.__transition__.count<2&&(n=this.parentNode)&&n.removeChild(this)})},Cs.ease=function(n){var t=this.id;return arguments.length<1?this.node().__transition__[t].ease:("function"!=typeof n&&(n=Zo.ease.apply(Zo,arguments)),P(this,function(e){e.__transition__[t].ease=n}))},Cs.delay=function(n){var t=this.id;return arguments.length<1?this.node().__transition__[t].delay:P(this,"function"==typeof n?function(e,r,u){e.__transition__[t].delay=+n.call(e,e.__data__,r,u)}:(n=+n,function(e){e.__transition__[t].delay=n}))},Cs.duration=function(n){var t=this.id;return arguments.length<1?this.node().__transition__[t].duration:P(this,"function"==typeof n?function(e,r,u){e.__transition__[t].duration=Math.max(1,n.call(e,e.__data__,r,u))}:(n=Math.max(1,n),function(e){e.__transition__[t].duration=n}))},Cs.each=function(n,t){var e=this.id;if(arguments.length<2){var r=ks,u=Ss;Ss=e,P(this,function(t,r,u){ks=t.__transition__[e],n.call(t,t.__data__,r,u)}),ks=r,Ss=u}else P(this,function(r){var u=r.__transition__[e];(u.event||(u.event=Zo.dispatch("start","end"))).on(n,t)});return this},Cs.transition=function(){for(var n,t,e,r,u=this.id,i=++Ns,o=[],a=0,c=this.length;c>a;a++){o.push(n=[]);for(var t=this[a],s=0,l=t.length;l>s;s++)(e=t[s])&&(r=Object.create(e.__transition__[u]),r.delay+=r.duration,Po(e,s,i,r)),n.push(e)}return qo(o,i)},Zo.svg.axis=function(){function n(n){n.each(function(){var n,s=Zo.select(this),l=this.__chart__||e,f=this.__chart__=e.copy(),h=null==c?f.ticks?f.ticks.apply(f,a):f.domain():c,g=null==t?f.tickFormat?f.tickFormat.apply(f,a):wt:t,p=s.selectAll(".tick").data(h,f),v=p.enter().insert("g",".domain").attr("class","tick").style("opacity",ka),d=Zo.transition(p.exit()).style("opacity",ka).remove(),m=Zo.transition(p.order()).style("opacity",1),y=Ti(f),x=s.selectAll(".domain").data([0]),M=(x.enter().append("path").attr("class","domain"),Zo.transition(x));v.append("line"),v.append("text");var _=v.select("line"),b=m.select("line"),w=p.select("text").text(g),S=v.select("text"),k=m.select("text");switch(r){case"bottom":n=Uo,_.attr("y2",u),S.attr("y",Math.max(u,0)+o),b.attr("x2",0).attr("y2",u),k.attr("x",0).attr("y",Math.max(u,0)+o),w.attr("dy",".71em").style("text-anchor","middle"),M.attr("d","M"+y[0]+","+i+"V0H"+y[1]+"V"+i);break;case"top":n=Uo,_.attr("y2",-u),S.attr("y",-(Math.max(u,0)+o)),b.attr("x2",0).attr("y2",-u),k.attr("x",0).attr("y",-(Math.max(u,0)+o)),w.attr("dy","0em").style("text-anchor","middle"),M.attr("d","M"+y[0]+","+-i+"V0H"+y[1]+"V"+-i);break;case"left":n=jo,_.attr("x2",-u),S.attr("x",-(Math.max(u,0)+o)),b.attr("x2",-u).attr("y2",0),k.attr("x",-(Math.max(u,0)+o)).attr("y",0),w.attr("dy",".32em").style("text-anchor","end"),M.attr("d","M"+-i+","+y[0]+"H0V"+y[1]+"H"+-i);break;case"right":n=jo,_.attr("x2",u),S.attr("x",Math.max(u,0)+o),b.attr("x2",u).attr("y2",0),k.attr("x",Math.max(u,0)+o).attr("y",0),w.attr("dy",".32em").style("text-anchor","start"),M.attr("d","M"+i+","+y[0]+"H0V"+y[1]+"H"+i)}if(f.rangeBand){var E=f,A=E.rangeBand()/2;l=f=function(n){return E(n)+A}}else l.rangeBand?l=f:d.call(n,f);v.call(n,l),m.call(n,f)})}var t,e=Zo.scale.linear(),r=zs,u=6,i=6,o=3,a=[10],c=null;return n.scale=function(t){return arguments.length?(e=t,n):e},n.orient=function(t){return arguments.length?(r=t in Ls?t+"":zs,n):r},n.ticks=function(){return arguments.length?(a=arguments,n):a},n.tickValues=function(t){return arguments.length?(c=t,n):c},n.tickFormat=function(e){return arguments.length?(t=e,n):t},n.tickSize=function(t){var e=arguments.length;return e?(u=+t,i=+arguments[e-1],n):u},n.innerTickSize=function(t){return arguments.length?(u=+t,n):u},n.outerTickSize=function(t){return arguments.length?(i=+t,n):i},n.tickPadding=function(t){return arguments.length?(o=+t,n):o},n.tickSubdivide=function(){return arguments.length&&n},n};var zs="bottom",Ls={top:1,right:1,bottom:1,left:1};Zo.svg.brush=function(){function n(i){i.each(function(){var i=Zo.select(this).style("pointer-events","all").style("-webkit-tap-highlight-color","rgba(0,0,0,0)").on("mousedown.brush",u).on("touchstart.brush",u),o=i.selectAll(".background").data([0]);o.enter().append("rect").attr("class","background").style("visibility","hidden").style("cursor","crosshair"),i.selectAll(".extent").data([0]).enter().append("rect").attr("class","extent").style("cursor","move");var a=i.selectAll(".resize").data(p,wt);a.exit().remove(),a.enter().append("g").attr("class",function(n){return"resize "+n}).style("cursor",function(n){return Ts[n]}).append("rect").attr("x",function(n){return/[ew]$/.test(n)?-3:null}).attr("y",function(n){return/^[ns]/.test(n)?-3:null}).attr("width",6).attr("height",6).style("visibility","hidden"),a.style("display",n.empty()?"none":null);var l,f=Zo.transition(i),h=Zo.transition(o);c&&(l=Ti(c),h.attr("x",l[0]).attr("width",l[1]-l[0]),e(f)),s&&(l=Ti(s),h.attr("y",l[0]).attr("height",l[1]-l[0]),r(f)),t(f)})}function t(n){n.selectAll(".resize").attr("transform",function(n){return"translate("+l[+/e$/.test(n)]+","+f[+/^s/.test(n)]+")"})}function e(n){n.select(".extent").attr("x",l[0]),n.selectAll(".extent,.n>rect,.s>rect").attr("width",l[1]-l[0])}function r(n){n.select(".extent").attr("y",f[0]),n.selectAll(".extent,.e>rect,.w>rect").attr("height",f[1]-f[0])}function u(){function u(){32==Zo.event.keyCode&&(C||(x=null,z[0]-=l[1],z[1]-=f[1],C=2),y())}function p(){32==Zo.event.keyCode&&2==C&&(z[0]+=l[1],z[1]+=f[1],C=0,y())}function v(){var n=Zo.mouse(_),u=!1;M&&(n[0]+=M[0],n[1]+=M[1]),C||(Zo.event.altKey?(x||(x=[(l[0]+l[1])/2,(f[0]+f[1])/2]),z[0]=l[+(n[0]<x[0])],z[1]=f[+(n[1]<x[1])]):x=null),E&&d(n,c,0)&&(e(S),u=!0),A&&d(n,s,1)&&(r(S),u=!0),u&&(t(S),w({type:"brush",mode:C?"move":"resize"}))}function d(n,t,e){var r,u,a=Ti(t),c=a[0],s=a[1],p=z[e],v=e?f:l,d=v[1]-v[0];return C&&(c-=p,s-=d+p),r=(e?g:h)?Math.max(c,Math.min(s,n[e])):n[e],C?u=(r+=p)+d:(x&&(p=Math.max(c,Math.min(s,2*x[e]-r))),r>p?(u=r,r=p):u=p),v[0]!=r||v[1]!=u?(e?o=null:i=null,v[0]=r,v[1]=u,!0):void 0}function m(){v(),S.style("pointer-events","all").selectAll(".resize").style("display",n.empty()?"none":null),Zo.select("body").style("cursor",null),L.on("mousemove.brush",null).on("mouseup.brush",null).on("touchmove.brush",null).on("touchend.brush",null).on("keydown.brush",null).on("keyup.brush",null),N(),w({type:"brushend"})}var x,M,_=this,b=Zo.select(Zo.event.target),w=a.of(_,arguments),S=Zo.select(_),k=b.datum(),E=!/^(n|s)$/.test(k)&&c,A=!/^(e|w)$/.test(k)&&s,C=b.classed("extent"),N=I(),z=Zo.mouse(_),L=Zo.select(Wo).on("keydown.brush",u).on("keyup.brush",p);if(Zo.event.changedTouches?L.on("touchmove.brush",v).on("touchend.brush",m):L.on("mousemove.brush",v).on("mouseup.brush",m),S.interrupt().selectAll("*").interrupt(),C)z[0]=l[0]-z[0],z[1]=f[0]-z[1];else if(k){var T=+/w$/.test(k),q=+/^n/.test(k);M=[l[1-T]-z[0],f[1-q]-z[1]],z[0]=l[T],z[1]=f[q]}else Zo.event.altKey&&(x=z.slice());S.style("pointer-events","none").selectAll(".resize").style("display",null),Zo.select("body").style("cursor",b.style("cursor")),w({type:"brushstart"}),v()}var i,o,a=M(n,"brushstart","brush","brushend"),c=null,s=null,l=[0,0],f=[0,0],h=!0,g=!0,p=qs[0];return n.event=function(n){n.each(function(){var n=a.of(this,arguments),t={x:l,y:f,i:i,j:o},e=this.__chart__||t;this.__chart__=t,Ss?Zo.select(this).transition().each("start.brush",function(){i=e.i,o=e.j,l=e.x,f=e.y,n({type:"brushstart"})}).tween("brush:brush",function(){var e=gu(l,t.x),r=gu(f,t.y);return i=o=null,function(u){l=t.x=e(u),f=t.y=r(u),n({type:"brush",mode:"resize"})}}).each("end.brush",function(){i=t.i,o=t.j,n({type:"brush",mode:"resize"}),n({type:"brushend"})}):(n({type:"brushstart"}),n({type:"brush",mode:"resize"}),n({type:"brushend"}))})},n.x=function(t){return arguments.length?(c=t,p=qs[!c<<1|!s],n):c},n.y=function(t){return arguments.length?(s=t,p=qs[!c<<1|!s],n):s},n.clamp=function(t){return arguments.length?(c&&s?(h=!!t[0],g=!!t[1]):c?h=!!t:s&&(g=!!t),n):c&&s?[h,g]:c?h:s?g:null},n.extent=function(t){var e,r,u,a,h;return arguments.length?(c&&(e=t[0],r=t[1],s&&(e=e[0],r=r[0]),i=[e,r],c.invert&&(e=c(e),r=c(r)),e>r&&(h=e,e=r,r=h),(e!=l[0]||r!=l[1])&&(l=[e,r])),s&&(u=t[0],a=t[1],c&&(u=u[1],a=a[1]),o=[u,a],s.invert&&(u=s(u),a=s(a)),u>a&&(h=u,u=a,a=h),(u!=f[0]||a!=f[1])&&(f=[u,a])),n):(c&&(i?(e=i[0],r=i[1]):(e=l[0],r=l[1],c.invert&&(e=c.invert(e),r=c.invert(r)),e>r&&(h=e,e=r,r=h))),s&&(o?(u=o[0],a=o[1]):(u=f[0],a=f[1],s.invert&&(u=s.invert(u),a=s.invert(a)),u>a&&(h=u,u=a,a=h))),c&&s?[[e,u],[r,a]]:c?[e,r]:s&&[u,a])},n.clear=function(){return n.empty()||(l=[0,0],f=[0,0],i=o=null),n},n.empty=function(){return!!c&&l[0]==l[1]||!!s&&f[0]==f[1]},Zo.rebind(n,a,"on")};var Ts={n:"ns-resize",e:"ew-resize",s:"ns-resize",w:"ew-resize",nw:"nwse-resize",ne:"nesw-resize",se:"nwse-resize",sw:"nesw-resize"},qs=[["n","e","s","w","nw","ne","se","sw"],["e","w"],["n","s"],[]],Rs=Qa.format=ic.timeFormat,Ds=Rs.utc,Ps=Ds("%Y-%m-%dT%H:%M:%S.%LZ");Rs.iso=Date.prototype.toISOString&&+new Date("2000-01-01T00:00:00.000Z")?Ho:Ps,Ho.parse=function(n){var t=new Date(n);return isNaN(t)?null:t},Ho.toString=Ps.toString,Qa.second=Dt(function(n){return new nc(1e3*Math.floor(n/1e3))},function(n,t){n.setTime(n.getTime()+1e3*Math.floor(t))},function(n){return n.getSeconds()}),Qa.seconds=Qa.second.range,Qa.seconds.utc=Qa.second.utc.range,Qa.minute=Dt(function(n){return new nc(6e4*Math.floor(n/6e4))},function(n,t){n.setTime(n.getTime()+6e4*Math.floor(t))},function(n){return n.getMinutes()}),Qa.minutes=Qa.minute.range,Qa.minutes.utc=Qa.minute.utc.range,Qa.hour=Dt(function(n){var t=n.getTimezoneOffset()/60;return new nc(36e5*(Math.floor(n/36e5-t)+t))},function(n,t){n.setTime(n.getTime()+36e5*Math.floor(t))},function(n){return n.getHours()}),Qa.hours=Qa.hour.range,Qa.hours.utc=Qa.hour.utc.range,Qa.month=Dt(function(n){return n=Qa.day(n),n.setDate(1),n},function(n,t){n.setMonth(n.getMonth()+t)},function(n){return n.getMonth()}),Qa.months=Qa.month.range,Qa.months.utc=Qa.month.utc.range;var Us=[1e3,5e3,15e3,3e4,6e4,3e5,9e5,18e5,36e5,108e5,216e5,432e5,864e5,1728e5,6048e5,2592e6,7776e6,31536e6],js=[[Qa.second,1],[Qa.second,5],[Qa.second,15],[Qa.second,30],[Qa.minute,1],[Qa.minute,5],[Qa.minute,15],[Qa.minute,30],[Qa.hour,1],[Qa.hour,3],[Qa.hour,6],[Qa.hour,12],[Qa.day,1],[Qa.day,2],[Qa.week,1],[Qa.month,1],[Qa.month,3],[Qa.year,1]],Hs=Rs.multi([[".%L",function(n){return n.getMilliseconds()}],[":%S",function(n){return n.getSeconds()}],["%I:%M",function(n){return n.getMinutes()}],["%I %p",function(n){return n.getHours()}],["%a %d",function(n){return n.getDay()&&1!=n.getDate()}],["%b %d",function(n){return 1!=n.getDate()}],["%B",function(n){return n.getMonth()}],["%Y",we]]),Fs={range:function(n,t,e){return Zo.range(Math.ceil(n/e)*e,+t,e).map(Oo)},floor:wt,ceil:wt};js.year=Qa.year,Qa.scale=function(){return Fo(Zo.scale.linear(),js,Hs)};var Os=js.map(function(n){return[n[0].utc,n[1]]}),Ys=Ds.multi([[".%L",function(n){return n.getUTCMilliseconds()}],[":%S",function(n){return n.getUTCSeconds()}],["%I:%M",function(n){return n.getUTCMinutes()}],["%I %p",function(n){return n.getUTCHours()}],["%a %d",function(n){return n.getUTCDay()&&1!=n.getUTCDate()}],["%b %d",function(n){return 1!=n.getUTCDate()}],["%B",function(n){return n.getUTCMonth()}],["%Y",we]]);Os.year=Qa.year.utc,Qa.scale.utc=function(){return Fo(Zo.scale.linear(),Os,Ys)},Zo.text=St(function(n){return n.responseText}),Zo.json=function(n,t){return kt(n,"application/json",Yo,t)},Zo.html=function(n,t){return kt(n,"text/html",Io,t)},Zo.xml=St(function(n){return n.responseXML}),"function"==typeof define&&define.amd?define(Zo):"object"==typeof module&&module.exports&&(module.exports=Zo),this.d3=Zo}();
\ No newline at end of file

From 3f4fb8c84c6e0d029222cad02d082be18b4c8676 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Thu, 22 Dec 2016 11:20:23 -0600
Subject: [PATCH 069/304] Linux - fix copy/paste error

---
 volatility/plugins/overlays/linux/linux.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 99120dfa4..a1ba46701 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -831,7 +831,7 @@ class module_struct(obj.CType):
     @property   
     def module_core(self):
         if hasattr(self, "core_layout"):
-            ret = self.m("core_layout").m("size")
+            ret = self.m("core_layout").m("base")
         else:
             ret = self.m("module_core")
 
@@ -840,7 +840,7 @@ def module_core(self):
     @property
     def module_init(self):
         if hasattr(self, "init_layout"):
-            ret = self.m("init_layout").m("size")
+            ret = self.m("init_layout").m("base")
         else:
             ret = self.m("module_init")
     

From 33134a9727a9c923c51a9ac498a459c3e90934ad Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 23 Dec 2016 12:07:49 -0600
Subject: [PATCH 070/304] Switch to a profile naming convention based on build
 numbers rather than PDB GUIDs. Add Windows Server 2016 profiles. Update the
 README for 2.6.

---
 README.txt                                   | 111 +++++++++++--------
 volatility/plugins/overlays/windows/win10.py |  26 +++--
 volatility/plugins/overlays/windows/win7.py  |  12 +-
 volatility/plugins/overlays/windows/win8.py  |   8 +-
 4 files changed, 90 insertions(+), 67 deletions(-)

diff --git a/README.txt b/README.txt
index 0ca8af519..b37e9fb6e 100644
--- a/README.txt
+++ b/README.txt
@@ -36,7 +36,13 @@ Windows:
 * 64-bit Windows 7 Service Pack 0 and 1
 * 64-bit Windows 8, 8.1, and 8.1 Update 1
 * 64-bit Windows Server 2012 and 2012 R2 
-* 64-bit Windows 10 (initial support)
+* 64-bit Windows 10 (including at least 10.0.14393)
+* 64-bit Windows Server 2016 (including at least 10.0.14393.0)
+
+Note: Please see the guidelines at the following link for notes on 
+compatibility with recently patched Windows 7 (or later) memory samples:
+
+    https://github.com/volatilityfoundation/volatility/wiki/2.6-Win-Profiles
 
 Linux: 
 * 32-bit Linux kernels 2.6.11 to 4.2.3
@@ -70,7 +76,7 @@ ability to convert between these formats:
   - VirtualBox ELF64 core dump
   - VMware saved state and snapshot files
   - EWF format (E01) 
-  - LiME (Linux Memory Extractor) format
+  - LiME format
   - Mach-O file format
   - QEMU virtual machine dumps
   - Firewire 
@@ -133,7 +139,7 @@ Quick Start
    Example:
 
 $ python vol.py --info
-Volatility Foundation Volatility Framework 2.5
+Volatility Foundation Volatility Framework 2.6
 
 Address Spaces
 --------------
@@ -160,50 +166,51 @@ WindowsHiberFileSpace32       - This is a hibernate address space for windows hi
 
 Profiles
 --------
-VistaSP0x64              - A Profile for Windows Vista SP0 x64
-VistaSP0x86              - A Profile for Windows Vista SP0 x86
-VistaSP1x64              - A Profile for Windows Vista SP1 x64
-VistaSP1x86              - A Profile for Windows Vista SP1 x86
-VistaSP2x64              - A Profile for Windows Vista SP2 x64
-VistaSP2x86              - A Profile for Windows Vista SP2 x86
-Win10x64                 - A Profile for Windows 10 x64
-Win10x64_1AC738FB        - A Profile for Windows 10 x64 from PDB 1AC738FB
-Win10x64_DD08DD42        - A Profile for Windows 10 x64 from PDB DD08DD42
-Win10x86                 - A Profile for Windows 10 x86
-Win10x86_44B89EEA        - A Profile for Windows 10 x86 from PDB 44B89EEA
-Win10x86_9619274A        - A Profile for Windows 10 x86 from PDB 9619274A
-Win2003SP0x86            - A Profile for Windows 2003 SP0 x86
-Win2003SP1x64            - A Profile for Windows 2003 SP1 x64
-Win2003SP1x86            - A Profile for Windows 2003 SP1 x86
-Win2003SP2x64            - A Profile for Windows 2003 SP2 x64
-Win2003SP2x86            - A Profile for Windows 2003 SP2 x86
-Win2008R2SP0x64          - A Profile for Windows 2008 R2 SP0 x64
-Win2008R2SP1x64          - A Profile for Windows 2008 R2 SP1 x64
-Win2008R2SP1x64_632B36E0 - A Profile for Windows 2008 R2 SP1 x64 from PDB 632B36E0
-Win2008SP1x64            - A Profile for Windows 2008 SP1 x64
-Win2008SP1x86            - A Profile for Windows 2008 SP1 x86
-Win2008SP2x64            - A Profile for Windows 2008 SP2 x64
-Win2008SP2x86            - A Profile for Windows 2008 SP2 x86
-Win2012R2x64             - A Profile for Windows Server 2012 R2 x64
-Win2012R2x64_54B5A1C6    - A Profile for Windows Server 2012 R2 x64 from PDB 54B5A1C6
-Win2012x64               - A Profile for Windows Server 2012 x64
-Win7SP0x64               - A Profile for Windows 7 SP0 x64
-Win7SP0x86               - A Profile for Windows 7 SP0 x86
-Win7SP1x64               - A Profile for Windows 7 SP1 x64
-Win7SP1x64_632B36E0      - A Profile for Windows 7 SP1 x64 from PDB 632B36E0
-Win7SP1x86               - A Profile for Windows 7 SP1 x86
-Win7SP1x86_BBA98F40      - A Profile for Windows 7 SP1 x86 from PDB BBA98F40
-Win81U1x64               - A Profile for Windows 8.1 Update 1 x64
-Win81U1x86               - A Profile for Windows 8.1 Update 1 x86
-Win8SP0x64               - A Profile for Windows 8 x64
-Win8SP0x86               - A Profile for Windows 8 x86
-Win8SP1x64               - A Profile for Windows 8.1 x64
-Win8SP1x64_54B5A1C6      - A Profile for Windows 8.1 x64 from PDB 54B5A1C6
-Win8SP1x86               - A Profile for Windows 8.1 x86
-WinXPSP1x64              - A Profile for Windows XP SP1 x64
-WinXPSP2x64              - A Profile for Windows XP SP2 x64
-WinXPSP2x86              - A Profile for Windows XP SP2 x86
-WinXPSP3x86              - A Profile for Windows XP SP3 x86
+VistaSP0x64           - A Profile for Windows Vista SP0 x64
+VistaSP0x86           - A Profile for Windows Vista SP0 x86
+VistaSP1x64           - A Profile for Windows Vista SP1 x64
+VistaSP1x86           - A Profile for Windows Vista SP1 x86
+VistaSP2x64           - A Profile for Windows Vista SP2 x64
+VistaSP2x86           - A Profile for Windows Vista SP2 x86
+Win10x64              - A Profile for Windows 10 x64
+Win10x64_10586        - A Profile for Windows 10 x64 (10.0.10586.306 / 2016-04-23)
+Win10x64_14393        - A Profile for Windows 10 x64 (10.0.14393.0 / 2016-07-16)
+Win10x86              - A Profile for Windows 10 x86
+Win10x86_10586        - A Profile for Windows 10 x86 (10.0.10586.420 / 2016-05-28)
+Win10x86_14393        - A Profile for Windows 10 x86 (10.0.14393.0 / 2016-07-16)
+Win2003SP0x86         - A Profile for Windows 2003 SP0 x86
+Win2003SP1x64         - A Profile for Windows 2003 SP1 x64
+Win2003SP1x86         - A Profile for Windows 2003 SP1 x86
+Win2003SP2x64         - A Profile for Windows 2003 SP2 x64
+Win2003SP2x86         - A Profile for Windows 2003 SP2 x86
+Win2008R2SP0x64       - A Profile for Windows 2008 R2 SP0 x64
+Win2008R2SP1x64       - A Profile for Windows 2008 R2 SP1 x64
+Win2008R2SP1x64_23418 - A Profile for Windows 2008 R2 SP1 x64 (6.1.7601.23418 / 2016-04-09)
+Win2008SP1x64         - A Profile for Windows 2008 SP1 x64
+Win2008SP1x86         - A Profile for Windows 2008 SP1 x86
+Win2008SP2x64         - A Profile for Windows 2008 SP2 x64
+Win2008SP2x86         - A Profile for Windows 2008 SP2 x86
+Win2012R2x64          - A Profile for Windows Server 2012 R2 x64
+Win2012R2x64_18340    - A Profile for Windows Server 2012 R2 x64 (6.3.9600.18340 / 2016-05-13)
+Win2012x64            - A Profile for Windows Server 2012 x64
+Win2016x64_14393      - A Profile for Windows Server 2016 x64 (10.0.14393.0 / 2016-07-16)
+Win7SP0x64            - A Profile for Windows 7 SP0 x64
+Win7SP0x86            - A Profile for Windows 7 SP0 x86
+Win7SP1x64            - A Profile for Windows 7 SP1 x64
+Win7SP1x64_23418      - A Profile for Windows 7 SP1 x64 (6.1.7601.23418 / 2016-04-09)
+Win7SP1x86            - A Profile for Windows 7 SP1 x86
+Win7SP1x86_23418      - A Profile for Windows 7 SP1 x86 (6.1.7601.23418 / 2016-04-09)
+Win81U1x64            - A Profile for Windows 8.1 Update 1 x64
+Win81U1x86            - A Profile for Windows 8.1 Update 1 x86
+Win8SP0x64            - A Profile for Windows 8 x64
+Win8SP0x86            - A Profile for Windows 8 x86
+Win8SP1x64            - A Profile for Windows 8.1 x64
+Win8SP1x64_18340      - A Profile for Windows 8.1 x64 (6.3.9600.18340 / 2016-05-13)
+Win8SP1x86            - A Profile for Windows 8.1 x86
+WinXPSP1x64           - A Profile for Windows XP SP1 x64
+WinXPSP2x64           - A Profile for Windows XP SP2 x64
+WinXPSP2x86           - A Profile for Windows XP SP2 x86
+WinXPSP3x86           - A Profile for Windows XP SP3 x86
 
 Plugins
 -------
@@ -263,6 +270,7 @@ ldrmodules                 - Detect unlinked DLLs
 limeinfo                   - Dump Lime file format information
 linux_apihooks             - Checks for userland apihooks
 linux_arp                  - Print the ARP table
+linux_aslr_shift           - Automatically detect the Linux ASLR shift
 linux_banner               - Prints the Linux banner information
 linux_bash                 - Recover bash history from bash process memory
 linux_bash_env             - Recover a process' dynamic environment variables
@@ -478,7 +486,7 @@ yarascan                   - Scan process or kernel memory with Yara signatures
    Example:
    
     $ python vol.py imageinfo -f WIN-II7VOJTUNGL-20120324-193051.raw 
-    Volatility Foundation Volatility Framework 2.5
+    Volatility Foundation Volatility Framework 2.6
     Determining profile based on KDBG search...
     
               Suggested Profile(s) : Win2008R2SP0x64, Win7SP1x64, Win7SP0x64, Win2008R2SP1x64 (Instantiated with Win7SP0x64)
@@ -494,6 +502,11 @@ yarascan                   - Scan process or kernel memory with Yara signatures
                Image date and time : 2012-03-24 19:30:53 UTC+0000
          Image local date and time : 2012-03-25 03:30:53 +0800
 
+   If multiple profiles are suggested by imageinfo or kdbgscan, or if you're having trouble analyzing 
+   Windows 7 or later memory samples, please see the guidelines here:
+
+        https://github.com/volatilityfoundation/volatility/wiki/2.6-Win-Profiles
+
 4. Run some other plugins. -f is a required option for all plugins. Some
    also require/accept other options. Run "python vol.py <plugin> -h" for
    more information on a particular command.  A Command Reference wiki
@@ -508,7 +521,7 @@ yarascan                   - Scan process or kernel memory with Yara signatures
 Licensing and Copyright
 =======================
 
-Copyright (C) 2007-2015 Volatility Foundation
+Copyright (C) 2007-2016 Volatility Foundation
 
 All Rights Reserved
 
diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index d6954e811..507233797 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -546,8 +546,8 @@ class Win10x64(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_vtypes'
     _md_product = ["NtProductWinNt"]
 
-class Win10x64_1AC738FB(obj.Profile):
-    """ A Profile for Windows 10 x64 from PDB 1AC738FB"""
+class Win10x64_10586(obj.Profile):
+    """ A Profile for Windows 10 x64 (10.0.10586.306 / 2016-04-23) """
     _md_memory_model = '64bit'
     _md_os = 'windows'
     _md_major = 6
@@ -556,8 +556,8 @@ class Win10x64_1AC738FB(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_1AC738FB_vtypes'
     _md_product = ["NtProductWinNt"]
 
-class Win10x64_DD08DD42(obj.Profile):
-    """ A Profile for Windows 10 x64 from PDB DD08DD42"""
+class Win10x64_14393(obj.Profile):
+    """ A Profile for Windows 10 x64 (10.0.14393.0 / 2016-07-16) """
     _md_memory_model = '64bit'
     _md_os = 'windows'
     _md_major = 6
@@ -576,8 +576,8 @@ class Win10x86(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_vtypes'
     _md_product = ["NtProductWinNt"]
 
-class Win10x86_44B89EEA(obj.Profile):
-    """ A Profile for Windows 10 x86 from PDB 44B89EEA"""
+class Win10x86_10586(obj.Profile):
+    """ A Profile for Windows 10 x86 (10.0.10586.420 / 2016-05-28) """
     _md_memory_model = '32bit'
     _md_os = 'windows'
     _md_major = 6
@@ -586,8 +586,8 @@ class Win10x86_44B89EEA(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_44B89EEA_vtypes'
     _md_product = ["NtProductWinNt"]
 
-class Win10x86_9619274A(obj.Profile):
-    """ A Profile for Windows 10 x86 from PDB 9619274A"""
+class Win10x86_14393(obj.Profile):
+    """ A Profile for Windows 10 x86 (10.0.14393.0 / 2016-07-16) """
     _md_memory_model = '32bit'
     _md_os = 'windows'
     _md_major = 6
@@ -595,3 +595,13 @@ class Win10x86_9619274A(obj.Profile):
     _md_build = 14393
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_9619274A_vtypes'
     _md_product = ["NtProductWinNt"]
+    
+class Win2016x64_14393(Win10x64_14393):
+    """ A Profile for Windows Server 2016 x64 (10.0.14393.0 / 2016-07-16) """
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 14393
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_DD08DD42_vtypes'
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
diff --git a/volatility/plugins/overlays/windows/win7.py b/volatility/plugins/overlays/windows/win7.py
index b4502195b..7c8ea05e6 100644
--- a/volatility/plugins/overlays/windows/win7.py
+++ b/volatility/plugins/overlays/windows/win7.py
@@ -209,8 +209,8 @@ class Win7SP1x86(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x86_vtypes'
     _md_product = ["NtProductWinNt"]
 
-class Win7SP1x86_BBA98F40(obj.Profile):
-    """ A Profile for Windows 7 SP1 x86 from PDB BBA98F40"""
+class Win7SP1x86_23418(obj.Profile):
+    """ A Profile for Windows 7 SP1 x86 (6.1.7601.23418 / 2016-04-09) """
     _md_memory_model = '32bit'
     _md_os = 'windows'
     _md_major = 6
@@ -239,8 +239,8 @@ class Win7SP1x64(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x64_vtypes'
     _md_product = ["NtProductWinNt"]
 
-class Win7SP1x64_632B36E0(obj.Profile):
-    """ A Profile for Windows 7 SP1 x64 from PDB 632B36E0"""
+class Win7SP1x64_23418(obj.Profile):
+    """ A Profile for Windows 7 SP1 x64 (6.1.7601.23418 / 2016-04-09) """
     _md_memory_model = '64bit'
     _md_os = 'windows'
     _md_major = 6
@@ -257,6 +257,6 @@ class Win2008R2SP1x64(Win7SP1x64):
     """ A Profile for Windows 2008 R2 SP1 x64 """
     _md_product = ["NtProductLanManNt", "NtProductServer"]
 
-class Win2008R2SP1x64_632B36E0(Win7SP1x64_632B36E0):
-    """ A Profile for Windows 2008 R2 SP1 x64 from PDB 632B36E0"""
+class Win2008R2SP1x64_23418(Win7SP1x64_23418):
+    """ A Profile for Windows 2008 R2 SP1 x64 (6.1.7601.23418 / 2016-04-09) """
     _md_product = ["NtProductLanManNt", "NtProductServer"]
diff --git a/volatility/plugins/overlays/windows/win8.py b/volatility/plugins/overlays/windows/win8.py
index 648dde62c..c826fee03 100644
--- a/volatility/plugins/overlays/windows/win8.py
+++ b/volatility/plugins/overlays/windows/win8.py
@@ -424,8 +424,8 @@ class Win8SP1x64(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win8_sp1_x64_vtypes'
     _md_product = ["NtProductWinNt"]
 
-class Win8SP1x64_54B5A1C6(obj.Profile):
-    """ A Profile for Windows 8.1 x64 from PDB 54B5A1C6"""
+class Win8SP1x64_18340(obj.Profile):
+    """ A Profile for Windows 8.1 x64 (6.3.9600.18340 / 2016-05-13) """
     _md_memory_model = '64bit'
     _md_os = 'windows'
     _md_major = 6
@@ -444,8 +444,8 @@ class Win2012R2x64(Win8SP1x64):
     _md_build = 9601 ##FIXME: fake build number to indicate server 2012 R2 vs windows 8.1
     _md_product = ["NtProductLanManNt", "NtProductServer"]
 
-class Win2012R2x64_54B5A1C6(Win8SP1x64_54B5A1C6):
-    """ A Profile for Windows Server 2012 R2 x64 from PDB 54B5A1C6"""
+class Win2012R2x64_18340(Win8SP1x64_18340):
+    """ A Profile for Windows Server 2012 R2 x64 (6.3.9600.18340 / 2016-05-13) """
     _md_build = 9601 ##FIXME: fake build number to indicate server 2012 R2 vs windows 8.1
     _md_product = ["NtProductLanManNt", "NtProductServer"]
 

From 736bc36e420308b12aff415d2e50ea59290dd066 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Sat, 24 Dec 2016 08:14:26 -0600
Subject: [PATCH 071/304] Update the README for Mac 10.12 support

---
 README.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.txt b/README.txt
index b37e9fb6e..bc09fbe8f 100644
--- a/README.txt
+++ b/README.txt
@@ -59,6 +59,7 @@ Mac OSX:
 * 64-bit 10.9.x Mavericks (there is no 32-bit version)
 * 64-bit 10.10.x Yosemite (there is no 32-bit version)
 * 64-bit 10.11.x El Capitan (there is no 32-bit version)
+* 64-bit 10.12.x Sierra (there is no 32-bit version)
 
 Volatility does not provide memory sample acquisition
 capabilities. For acquisition, there are both free and commercial

From 634bab247e98766dfa162858e7c672f6a723e652 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 27 Dec 2016 09:54:47 -0600
Subject: [PATCH 072/304] bump credits and authors for 2.6

---
 AUTHORS.txt | 11 +++++++++++
 CREDITS.txt | 14 ++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/AUTHORS.txt b/AUTHORS.txt
index d01f09405..8066ebe13 100644
--- a/AUTHORS.txt
+++ b/AUTHORS.txt
@@ -4,6 +4,17 @@ This file identifies core Volatility authors.
 All lists are alphabetical. 
 ===============================================
 
+Volatility 2.6:
+------------
+
+Mike Auty
+Andrew Case
+Michael Hale Ligh
+Jamie Levy
+AAron Walters
+Nick L. Petroni, Jr.
+
+
 Volatility 2.4, 2.5:
 ------------
 
diff --git a/CREDITS.txt b/CREDITS.txt
index 26082de49..46714be5d 100644
--- a/CREDITS.txt
+++ b/CREDITS.txt
@@ -12,6 +12,20 @@ If you believe you've been left off, it is not
 intentional. Please bring it to our attention!
 ===============================================
 
+Volatility 2.6:
+
+jie-lin for fixing a pyinstaller NameError issue 
+gcmoreira for fixing a recursive property issue in Linux plugins
+Adam Bridge for updating the EditBox plugin 
+jie-lin for preventing a backtrace in the MBR parser plugin
+haco20292 for fixing a bug in linux_dmesg 
+williamshowalter for updating mac_get_profile and convert.py for El Capitan support 
+robbyFux for fixing a bug in the svcscan plugin 
+f-s-p for adding unified output to the threads plugin 
+Binary_Raider for adding the powershell empire plugins
+ozylol for updating create_all_profiles.py for Mac 10.11 
+JamesHabben for adjusting sqlite inserts to allow for more columns to exist in table
+
 Volatility 2.5: 
 
 Adam Bridge for adding a --count option (humanly readable byte stats) to imagecopy/raw2dmp

From cccbc7e69f267cca262324f07e8d405b3468bad1 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Thu, 9 Feb 2017 08:47:04 -0600
Subject: [PATCH 073/304] record last write time for service entries

---
 volatility/plugins/malware/svcscan.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/malware/svcscan.py b/volatility/plugins/malware/svcscan.py
index 6c91e07b2..61593bb94 100644
--- a/volatility/plugins/malware/svcscan.py
+++ b/volatility/plugins/malware/svcscan.py
@@ -453,7 +453,8 @@ def get_service_info(regapi):
                         dll_value = utils.remove_unprintable(service_dll)
                     break
 
-            info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value)
+            last_write = int(subkey.LastWriteTime)
+            info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value, last_write)
 
         return info
 

From 8e187e38bd1387b0585a4791b9a8db7671131a8b Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 17 Feb 2017 08:44:40 -0600
Subject: [PATCH 074/304] fix a cycle in _CM_KEY_BODY.full_key_name()

---
 volatility/plugins/overlays/windows/windows.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index 4324677dc..dab16fe2b 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -1009,11 +1009,13 @@ class _CM_KEY_BODY(obj.CType):
     def full_key_name(self):
         output = []
         kcb = self.KeyControlBlock
-        while kcb.ParentKcb:
+        seen = []
+        while kcb.ParentKcb and kcb.ParentKcb.obj_offset not in seen:
             if kcb.NameBlock.Name == None:
                 break
             output.append(str(kcb.NameBlock.Name))
             kcb = kcb.ParentKcb
+            seen.append(kcb.obj_offset)
         return "\\".join(reversed(output))
 
 class _CMHIVE(obj.CType):

From 7594944627d2cfbfc076a10a9ff918f7c6e996f8 Mon Sep 17 00:00:00 2001
From: dennisieur <dennisieur@hotmail.com>
Date: Sat, 18 Feb 2017 18:13:46 +0800
Subject: [PATCH 075/304] update to support netscan plugins on win10 x64

author:
dennisieur@hotmail.com
glacier314@gmail.com
---
 volatility/plugins/netscan.py                 | 36 ++++++++++++-
 .../plugins/overlays/windows/tcpip_vtypes.py  | 54 +++++++++++++++++++
 2 files changed, 89 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/netscan.py b/volatility/plugins/netscan.py
index 6da0465e2..841f4376c 100644
--- a/volatility/plugins/netscan.py
+++ b/volatility/plugins/netscan.py
@@ -169,6 +169,31 @@ def is_valid(self):
 class _UDP_ENDPOINT(_TCP_LISTENER):
     """Class for objects found in UdpA pools"""
 
+
+class _UDP_ENDPOINT_WIN10x64(_UDP_ENDPOINT):
+    """Class for objects found in UdpA pools"""
+
+    def dual_stack_sockets(self):
+        """Handle Windows dual-stack sockets"""
+
+        # If this pointer is valid, the socket is bound to
+        # a specific IP address. Otherwise, the socket is
+        # listening on all IP addresses of the address family.
+
+        # For windows 10
+        local_addr = self.LocalAddr.dereference()
+
+        if local_addr != None:
+            inaddr = local_addr.pData.dereference()
+            if self.AddressFamily == AF_INET:
+                yield "v4", inaddr.addr4, inaddr_any
+            else:
+                yield "v6", inaddr.addr6, inaddr6_any
+        else:
+            yield "v4", inaddr_any, inaddr_any
+            if self.AddressFamily == AF_INET6:
+                yield "v6", inaddr6_any, inaddr6_any
+
 #--------------------------------------------------------------------------------
 # profile modifications 
 #--------------------------------------------------------------------------------
@@ -186,8 +211,16 @@ def modification(self, profile):
         profile.object_classes.update({
             '_TCP_LISTENER': _TCP_LISTENER,
             '_TCP_ENDPOINT': _TCP_ENDPOINT,
-            '_UDP_ENDPOINT': _UDP_ENDPOINT,
             })
+        if profile.metadata.get('major', 0) == 6 and  profile.metadata.get('minor', 0) == 4:
+            profile.object_classes.update({
+                '_UDP_ENDPOINT': _UDP_ENDPOINT_WIN10x64,
+                })
+        else:
+            profile.object_classes.update({
+                '_UDP_ENDPOINT': _UDP_ENDPOINT,
+                })
+
 
 #--------------------------------------------------------------------------------
 # netscan plugin 
@@ -198,6 +231,7 @@ class Netscan(common.AbstractScanCommand):
 
     scanners = [PoolScanUdpEndpoint, PoolScanTcpListener, PoolScanTcpEndpoint]
 
+
     @staticmethod
     def is_valid_profile(profile):
         return (profile.metadata.get('os', 'unknown') == 'windows' and
diff --git a/volatility/plugins/overlays/windows/tcpip_vtypes.py b/volatility/plugins/overlays/windows/tcpip_vtypes.py
index 8ed262faf..a8618d81a 100644
--- a/volatility/plugins/overlays/windows/tcpip_vtypes.py
+++ b/volatility/plugins/overlays/windows/tcpip_vtypes.py
@@ -241,6 +241,51 @@
     }],
 }
 
+# Structures for netscan on x64 Windows 10
+tcpip_vtypes_win_10_x64 = {
+    '_IN_ADDR' : [ None, {
+    'addr4' : [ 0x0, ['IpAddress']],
+    'addr6' : [ 0x0, ['Ipv6Address']],
+    }],
+    '_INETAF' : [ None, {
+    'AddressFamily' : [ 0x18, ['unsigned short']],
+    }],
+    '_LOCAL_ADDRESS_WIN10_UDP' : [ None, {
+    'pData' : [ 0x0, ['pointer', ['_IN_ADDR']]],
+    }],
+    '_LOCAL_ADDRESS' : [ None, {
+    'pData' : [ 0x10, ['pointer', ['pointer', ['_IN_ADDR']]]],
+    }],
+    '_ADDRINFO' : [ None, {
+    'Local' : [ 0x0, ['pointer', ['_LOCAL_ADDRESS']]],
+    'Remote' : [ 0x10, ['pointer', ['_IN_ADDR']]],
+    }],
+    '_TCP_LISTENER': [ None, { # TcpL
+    'Owner' : [ 0x30, ['pointer', ['_EPROCESS']]],
+    'CreateTime' : [ 0x40, ['WinTimeStamp', dict(is_utc = True)]],
+    'LocalAddr' : [ 0x60, ['pointer', ['_LOCAL_ADDRESS']]],
+    'InetAF' : [ 0x28, ['pointer', ['_INETAF']]],
+    'Port' : [ 0x72, ['unsigned be short']],
+    }],
+    '_TCP_ENDPOINT': [ None, { # TcpE
+    'InetAF' : [ 0x10, ['pointer', ['_INETAF']]],
+    'AddrInfo' : [ 0x18, ['pointer', ['_ADDRINFO']]],
+    'State' : [ 0x6C, ['Enumeration', dict(target = 'long', choices = TCP_STATE_ENUM)]],
+    'LocalPort' : [ 0x70, ['unsigned be short']],
+    'RemotePort' : [ 0x74, ['unsigned be short']],
+    'Owner' : [ 0x258, ['pointer', ['_EPROCESS']]],
+    'CreateTime' : [ 0x268, ['WinTimeStamp', dict(is_utc = True)]],
+    }],
+    '_UDP_ENDPOINT': [ None, { # UdpA
+    'Owner' : [ 0x28, ['pointer', ['_EPROCESS']]],
+    'CreateTime' : [ 0x58, ['WinTimeStamp', dict(is_utc = True)]],
+    'LocalAddr' : [ 0x80, ['pointer', ['_LOCAL_ADDRESS_WIN10_UDP']]],
+    'InetAF' : [ 0x20, ['pointer', ['_INETAF']]],
+    'Port' : [ 0x78, ['unsigned be short']],
+    }],
+}
+
+
 class _ADDRESS_OBJECT(obj.CType):
 
     def is_valid(self):
@@ -405,3 +450,12 @@ def modification(self, profile):
                 'Owner' : [ 0x258, ['pointer', ['_EPROCESS']]],
                 }],
             })
+
+class Win10x64Tcpip(obj.ProfileModification):
+    before = ['Win81x64Tcpip']
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '64bit',
+                  'major': lambda x : x == 6,
+                  'minor': lambda x : x == 4}
+    def modification(self, profile):
+        profile.vtypes.update(tcpip_vtypes_win_10_x64)

From 040dfc50c476ff407f5efbab3717ef3a7a4bf84d Mon Sep 17 00:00:00 2001
From: "A.K" <AddaxSoft@users.noreply.github.com>
Date: Sun, 26 Feb 2017 10:12:57 +0100
Subject: [PATCH 076/304] typos

---
 README.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.txt b/README.txt
index bc09fbe8f..7fcc6262b 100644
--- a/README.txt
+++ b/README.txt
@@ -567,7 +567,7 @@ For Windows:
 For Linux:
 * The suspected kernel version of the memory image
 
-Other options for communicaton can be found at:
+Other options for communication can be found at:
     https://github.com/volatilityfoundation/volatility/wiki
 
 Missing or Truncated Information

From 0db0457bb3ea4da5b96f787360c87aec3364deb0 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Sat, 18 Mar 2017 20:40:26 -0500
Subject: [PATCH 077/304] protects against a cycle seen in win10x86_14393 where
 one of a key's subkey entries pointed back at itself

---
 volatility/win32/rawreg.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/volatility/win32/rawreg.py b/volatility/win32/rawreg.py
index e5cf5425f..a9d2aac98 100644
--- a/volatility/win32/rawreg.py
+++ b/volatility/win32/rawreg.py
@@ -105,6 +105,12 @@ def read_sklist(sk):
                 continue
 
             ssk = obj.Object("_CM_KEY_INDEX", ssk_off, sk.obj_vm)
+            
+            # this protects against a cycle seen in win10x86_14393 where
+            # one of a key's subkey entries pointed back at itself
+            if ssk == sk:
+                break
+                
             for i in read_sklist(ssk):
                 yield i
 

From d5ec83791188a44e1b038931c2e33880ae3d184f Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Sat, 18 Mar 2017 20:44:14 -0500
Subject: [PATCH 078/304] sometimes a basic.String() instance may evaluate to
 None, but not be a NoneObject, thus .reason won't be available, and an
 AttributeError will be raised

---
 volatility/plugins/registry/printkey.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/registry/printkey.py b/volatility/plugins/registry/printkey.py
index 86c17ef3d..1678ab6f5 100644
--- a/volatility/plugins/registry/printkey.py
+++ b/volatility/plugins/registry/printkey.py
@@ -99,7 +99,7 @@ def render_text(self, outfd, data):
                 outfd.write("Subkeys:\n")
                 for s in rawreg.subkeys(key):
                     if s.Name == None:
-                        outfd.write("  Unknown subkey: " + s.Name.reason + "\n")
+                        outfd.write("  Unknown subkey at {0:#x}\n".format(s.obj_offset))
                     else:
                         outfd.write("  {1:3s} {0}\n".format(s.Name, self.voltext(s)))
                 outfd.write("\n")

From 5afcda00cd4b08d683dbbbc5ffd343aeead4a3bc Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Mon, 27 Mar 2017 11:24:03 -0400
Subject: [PATCH 079/304] fixing spacing on notepad

---
 volatility/plugins/notepad.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/volatility/plugins/notepad.py b/volatility/plugins/notepad.py
index ba7b87048..ad7de5b22 100644
--- a/volatility/plugins/notepad.py
+++ b/volatility/plugins/notepad.py
@@ -206,10 +206,10 @@ def generator(self, data):
                         continue
 
                     text = obj.Object("String",
-                                      offset=entry.obj_offset + entry_size,
-                                      vm=task.get_process_address_space(),
-                                      length=entry.Size * entry_size,
-                                      encoding="utf16")
+                                      offset = entry.obj_offset + entry_size,
+                                      vm = task.get_process_address_space(),
+                                      length = entry.Size * entry_size,
+                                      encoding = "utf16")
 
                     if not text or len(text) == 0:
                         continue
@@ -237,10 +237,10 @@ def render_text(self, outfd, data):
                         continue 
 
                     text = obj.Object("String", 
-                                      offset=entry.obj_offset + entry_size,
-                                      vm=task.get_process_address_space(),
-                                      length=entry.Size * entry_size,
-                                      encoding="utf16")
+                                      offset = entry.obj_offset + entry_size,
+                                      vm = task.get_process_address_space(),
+                                      length = entry.Size * entry_size,
+                                      encoding = "utf16")
 
                     if not text or len(text) == 0:
                         continue 
@@ -252,4 +252,4 @@ def render_text(self, outfd, data):
                             handle.write(entry.get_data())
                         outfd.write("Dumped To: {0}\n".format(path))
 
-                    outfd.write("Text:\n{0}\n\n".format(text))
\ No newline at end of file
+                    outfd.write("Text:\n{0}\n\n".format(text))

From 0e28d8d1aa716f2ed7a49d59f09ee9b90478b328 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 29 Mar 2017 06:41:46 -0500
Subject: [PATCH 080/304] Fix DLL LoadCount for Win8 and Win10. Add DLL
 LoadTime to dlllist output (will be blank for < Win7)

---
 volatility/plugins/overlays/windows/pe_vtypes.py | 6 ++++++
 volatility/plugins/overlays/windows/win8.py      | 2 +-
 volatility/plugins/taskmods.py                   | 8 +++++---
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/volatility/plugins/overlays/windows/pe_vtypes.py b/volatility/plugins/overlays/windows/pe_vtypes.py
index 879e12c54..06999adae 100644
--- a/volatility/plugins/overlays/windows/pe_vtypes.py
+++ b/volatility/plugins/overlays/windows/pe_vtypes.py
@@ -441,6 +441,12 @@ class _LDR_DATA_TABLE_ENTRY(obj.CType):
     FIXME: If these classes are found by modscan, ensure we can
     dereference properly with obj_native_vm. 
     """
+    
+    def load_time(self):
+        if hasattr(self, "LoadTime"):
+            return str(self.LoadTime)
+        else:
+            return ""
 
     def _nt_header(self):
         """Return the _IMAGE_NT_HEADERS object"""
diff --git a/volatility/plugins/overlays/windows/win8.py b/volatility/plugins/overlays/windows/win8.py
index c826fee03..790a74232 100644
--- a/volatility/plugins/overlays/windows/win8.py
+++ b/volatility/plugins/overlays/windows/win8.py
@@ -148,7 +148,7 @@ def LoadCount(self):
         LoadCount member, so we fake it.
         """
 
-        return 0
+        return self.ObsoleteLoadCount
 
 class _OBJECT_HEADER(win7._OBJECT_HEADER):
     """A class for object headers on Win 8 / Server 2012"""
diff --git a/volatility/plugins/taskmods.py b/volatility/plugins/taskmods.py
index 5438cf286..528ed75d0 100644
--- a/volatility/plugins/taskmods.py
+++ b/volatility/plugins/taskmods.py
@@ -56,6 +56,7 @@ def unified_output(self, data):
                        ("Base", Address),
                        ("Size", Hex),
                        ("LoadCount", Hex),
+                       ("LoadTime", str),
                        ("Path", str)],
                         self.generator(data))
 
@@ -65,9 +66,9 @@ def generator(self, data):
 
             if task.Peb:
                 for m in task.get_load_modules():
-                    yield (0, [int(pid), Address(m.DllBase), Hex(m.SizeOfImage), Hex(m.LoadCount), str(m.FullDllName or '')])
+                    yield (0, [int(pid), Address(m.DllBase), Hex(m.SizeOfImage), Hex(m.LoadCount), str(m.load_time()), str(m.FullDllName or '')])
             else:
-                yield (0, [int(pid), Address(0), Hex(0), Hex(0), "Error reading PEB for pid"])
+                yield (0, [int(pid), Address(0), Hex(0), Hex(0), "", "Error reading PEB for pid"])
 
     def render_text(self, outfd, data):
         for task in data:
@@ -87,10 +88,11 @@ def render_text(self, outfd, data):
                                   [("Base", "[addrpad]"),
                                    ("Size", "[addr]"),
                                    ("LoadCount", "[addr]"),
+                                   ("LoadTime", "<30"),
                                    ("Path", ""),
                                    ])
                 for m in task.get_load_modules():
-                    self.table_row(outfd, m.DllBase, m.SizeOfImage, m.LoadCount, str(m.FullDllName or ''))
+                    self.table_row(outfd, m.DllBase, m.SizeOfImage, m.LoadCount, str(m.load_time()), str(m.FullDllName or ''))
             else:
                 outfd.write("Unable to read PEB for task.\n")
 

From e6c36e2ef104e1ab5c2830864a354a692f749678 Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Wed, 29 Mar 2017 09:44:29 -0400
Subject: [PATCH 081/304] imageinfo: Fixing backtrace when instantiating with
 non Windows

Refs: https://github.com/volatilityfoundation/profiles/issues/42

Although we correctly check that a Windows only profile is given
at runtime, if a user has a Linux or Mac profile in their path,
Volatility will try to instantiate with that as well, leading to the
crash.  Therefore, we check that the volmagic object has a KDBG member.
---
 volatility/plugins/imageinfo.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/imageinfo.py b/volatility/plugins/imageinfo.py
index 282dd74c7..017fae963 100644
--- a/volatility/plugins/imageinfo.py
+++ b/volatility/plugins/imageinfo.py
@@ -99,7 +99,7 @@ def calculate(self):
             yield ('DTB', Address, Address(addr_space.dtb))
 
         volmagic = obj.VolMagic(addr_space)
-        if hasattr(addr_space, "dtb"):
+        if hasattr(addr_space, "dtb") and hasattr(volmagic, "KDBG"):
             kdbg = volmagic.KDBG.v()
             if type(kdbg) == int:
                 kdbg = obj.Object("_KDDEBUGGER_DATA64", offset = kdbg, vm = addr_space)

From 1ace3c4e0e1b85e97f5357a3b1f35b198868ac75 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Thu, 30 Mar 2017 11:52:33 -0500
Subject: [PATCH 082/304] add a --refined option to malfind to reduce some of
 the noisy output. disabled by default.

---
 volatility/plugins/malware/malfind.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/volatility/plugins/malware/malfind.py b/volatility/plugins/malware/malfind.py
index 5d5ff3994..c5c112467 100644
--- a/volatility/plugins/malware/malfind.py
+++ b/volatility/plugins/malware/malfind.py
@@ -376,6 +376,16 @@ class Malfind(vadinfo.VADDump):
     def __init__(self, config, *args, **kwargs):
         vadinfo.VADDump.__init__(self, config, *args, **kwargs)
         config.remove_option("BASE")
+        config.add_option("REFINED", 
+            short_option = 'W', default = False, 
+            action = 'store_true',
+            help = 'Refine the output: only show regions with '\
+                'an MZ header or that start with well known '\
+                'opcode combinations (i.e. PUSH EBP). WARNING: '\
+                'this can cause you to overlook regions with '\
+                'wiped headers or shell code blocks starting '\
+                'with NOP sleds, etc. However, it will in '\
+                'general result in less noisy output')
 
     def _is_vad_empty(self, vad, address_space):
         """
@@ -449,6 +459,8 @@ def render_text(self, outfd, data):
         if self._config.DUMP_DIR and not os.path.isdir(self._config.DUMP_DIR):
             debug.error(self._config.DUMP_DIR + " is not a directory")
 
+        refined_criteria = ["MZ", "\x55\x8B"]
+
         for task in data:
             for vad, address_space in task.get_vads(vad_filter = task._injection_filter):
 
@@ -457,6 +469,9 @@ def render_text(self, outfd, data):
 
                 content = address_space.zread(vad.Start, 64)
 
+                if self._config.REFINED and content[0:2] not in refined_criteria:
+                    continue
+
                 outfd.write("Process: {0} Pid: {1} Address: {2:#x}\n".format(
                     task.ImageFileName, task.UniqueProcessId, vad.Start))
 

From dbcc37ba5ec07a58a417250a5731ff7f93c90828 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Sun, 2 Apr 2017 15:46:19 -0400
Subject: [PATCH 083/304] Add additional fixes for windows 10 x86. Fix a
 possible issue with the windows 10 x64 TCP_ENDPOINT RemotePort offset

---
 volatility/plugins/netscan.py                 | 48 ++++++-------------
 .../plugins/overlays/windows/tcpip_vtypes.py  | 31 +++++++++++-
 2 files changed, 44 insertions(+), 35 deletions(-)

diff --git a/volatility/plugins/netscan.py b/volatility/plugins/netscan.py
index 841f4376c..943797162 100644
--- a/volatility/plugins/netscan.py
+++ b/volatility/plugins/netscan.py
@@ -114,7 +114,7 @@ def dual_stack_sockets(self):
         # connects to the listener, a TCP_ENDPOINT is created
         # and that structure contains the remote address.
         if local_addr != None:
-            inaddr = local_addr.pData.dereference().dereference()
+            inaddr = local_addr.inaddr
             if self.AddressFamily == AF_INET:
                 yield "v4", inaddr.addr4, inaddr_any
             else:
@@ -169,30 +169,17 @@ def is_valid(self):
 class _UDP_ENDPOINT(_TCP_LISTENER):
     """Class for objects found in UdpA pools"""
 
+class _LOCAL_ADDRESS(obj.CType):
+	
+	@property
+	def inaddr(self):
+		return self.pData.dereference().dereference()
+		
+class _LOCAL_ADDRESS_WIN10_UDP(obj.CType):
 
-class _UDP_ENDPOINT_WIN10x64(_UDP_ENDPOINT):
-    """Class for objects found in UdpA pools"""
-
-    def dual_stack_sockets(self):
-        """Handle Windows dual-stack sockets"""
-
-        # If this pointer is valid, the socket is bound to
-        # a specific IP address. Otherwise, the socket is
-        # listening on all IP addresses of the address family.
-
-        # For windows 10
-        local_addr = self.LocalAddr.dereference()
-
-        if local_addr != None:
-            inaddr = local_addr.pData.dereference()
-            if self.AddressFamily == AF_INET:
-                yield "v4", inaddr.addr4, inaddr_any
-            else:
-                yield "v6", inaddr.addr6, inaddr6_any
-        else:
-            yield "v4", inaddr_any, inaddr_any
-            if self.AddressFamily == AF_INET6:
-                yield "v6", inaddr6_any, inaddr6_any
+	@property
+	def inaddr(self):
+		return self.pData.dereference()
 
 #--------------------------------------------------------------------------------
 # profile modifications 
@@ -211,16 +198,10 @@ def modification(self, profile):
         profile.object_classes.update({
             '_TCP_LISTENER': _TCP_LISTENER,
             '_TCP_ENDPOINT': _TCP_ENDPOINT,
+            '_LOCAL_ADDRESS': _LOCAL_ADDRESS,
+            '_UDP_ENDPOINT': _UDP_ENDPOINT,
+            '_LOCAL_ADDRESS_WIN10_UDP': _LOCAL_ADDRESS_WIN10_UDP,
             })
-        if profile.metadata.get('major', 0) == 6 and  profile.metadata.get('minor', 0) == 4:
-            profile.object_classes.update({
-                '_UDP_ENDPOINT': _UDP_ENDPOINT_WIN10x64,
-                })
-        else:
-            profile.object_classes.update({
-                '_UDP_ENDPOINT': _UDP_ENDPOINT,
-                })
-
 
 #--------------------------------------------------------------------------------
 # netscan plugin 
@@ -231,7 +212,6 @@ class Netscan(common.AbstractScanCommand):
 
     scanners = [PoolScanUdpEndpoint, PoolScanTcpListener, PoolScanTcpEndpoint]
 
-
     @staticmethod
     def is_valid_profile(profile):
         return (profile.metadata.get('os', 'unknown') == 'windows' and
diff --git a/volatility/plugins/overlays/windows/tcpip_vtypes.py b/volatility/plugins/overlays/windows/tcpip_vtypes.py
index a8618d81a..743d4adbf 100644
--- a/volatility/plugins/overlays/windows/tcpip_vtypes.py
+++ b/volatility/plugins/overlays/windows/tcpip_vtypes.py
@@ -272,7 +272,7 @@
     'AddrInfo' : [ 0x18, ['pointer', ['_ADDRINFO']]],
     'State' : [ 0x6C, ['Enumeration', dict(target = 'long', choices = TCP_STATE_ENUM)]],
     'LocalPort' : [ 0x70, ['unsigned be short']],
-    'RemotePort' : [ 0x74, ['unsigned be short']],
+    'RemotePort' : [ 0x72, ['unsigned be short']],
     'Owner' : [ 0x258, ['pointer', ['_EPROCESS']]],
     'CreateTime' : [ 0x268, ['WinTimeStamp', dict(is_utc = True)]],
     }],
@@ -417,6 +417,35 @@ def modification(self, profile):
             }],
         })
 
+class Win10Tcpip(obj.ProfileModification):
+    before = ['Win8Tcpip']
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '32bit',
+                  'major': lambda x : x == 6,
+                  'minor': lambda x : x >= 4}
+    def modification(self, profile):
+        profile.merge_overlay({
+        '_ADDRINFO' : [ None, {
+            'Local' : [ 0x0, ['pointer', ['_LOCAL_ADDRESS']]],
+            'Remote' : [ 0xC, ['pointer', ['_IN_ADDR']]],
+        }],
+        '_TCP_ENDPOINT': [ None, {
+            'InetAF' : [ 0x8, ['pointer', ['_INETAF']]],
+            'AddrInfo' : [ 0xC, ['pointer', ['_ADDRINFO']]],
+            'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = TCP_STATE_ENUM)]],
+            'LocalPort' : [ 0x3C, ['unsigned be short']],
+            'RemotePort' : [ 0x3E, ['unsigned be short']],
+            'Owner' : [ 0x1b0, ['pointer', ['_EPROCESS']]],
+            }],
+        })
+
+        if profile.metadata.get("build") >= 14393:
+            profile.merge_overlay({
+                '_TCP_ENDPOINT': [ None, {
+                'Owner' : [ 0x1b4, ['pointer', ['_EPROCESS']]],
+                }],
+            })
+
 class Win8x64Tcpip(obj.ProfileModification):
     before = ['Win7Vista2008x64Tcpip']
     conditions = {'os': lambda x: x == 'windows',

From aa015f581356fea3df85cb99aa892fb7ba809f1f Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 5 Apr 2017 11:27:11 -0400
Subject: [PATCH 084/304] Enhance the algorithm we use to determine unique KDBG
 sizes for Win 8 x64 and above. The goal is to avoid creating obj.Profile()
 instances for each profile, which triggers load_modifications(), effectively
 applying all profile modifications unnecessarily many times. This saves about
 3-5 seconds per plugin command, even when you supply --kdbg.

---
 .../plugins/overlays/windows/win8_kdbg.py     | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/volatility/plugins/overlays/windows/win8_kdbg.py b/volatility/plugins/overlays/windows/win8_kdbg.py
index c6006a6ec..79028da67 100644
--- a/volatility/plugins/overlays/windows/win8_kdbg.py
+++ b/volatility/plugins/overlays/windows/win8_kdbg.py
@@ -18,12 +18,13 @@
 # along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
 #
 
-import struct, copy
+import struct
 import volatility.obj as obj
 import volatility.addrspace as addrspace
 import volatility.constants as constants
 import volatility.utils as utils
 import volatility.plugins.overlays.windows.win8 as win8
+import volatility.plugins.overlays.windows.windows as windows_main
 import volatility.plugins.patchguard as patchguard
 import volatility.registry as registry
 
@@ -85,26 +86,25 @@ def decode_kdbg(self, vals):
         return buffer
 
     def unique_sizes(self):
+    	"""Determine the possible KDBG sizes to scan for, across all 
+    	profiles Win8 x64 and above. We do this by reflecting back on 
+    	the profile modifications to see which ones would trigger and
+    	then grabbing the KDBG size."""
     
-        items = registry.get_plugin_classes(obj.Profile).items()
+        items = registry.get_plugin_classes(windows_main.AbstractKDBGMod).items()
         sizes = set()
         
         for name, cls in items:
-            if (cls._md_os != "windows" or cls._md_memory_model != "64bit"):
+            try:
+                if (not cls.conditions["os"]("windows") or 
+                        not cls.conditions["major"](6) or 
+                        not cls.conditions["minor"](4)):
+                    continue
+
+                sizes.add(cls.kdbgsize)
+            except:
                 continue
-                
-            #if (cls._md_major, cls._md_minor) < (6, 2):
-            #    continue 
-                
-            conf = copy.deepcopy(self.obj_vm.get_config())
-            conf.PROFILE = name 
-            buff = addrspace.BufferAddressSpace(config = conf)
-            header = obj.VolMagic(buff).KDBGHeader.v()
-            
-            # this unpacks the kdbgsize from the signature 
-            size = struct.unpack("<H", header[-2:])[0]
-            sizes.add(size)
-            
+
         return sizes
 
     def copy_data_block(self, full_addr):
@@ -285,4 +285,4 @@ class Win8x64VolatilityKDBG(obj.ProfileModification):
                   'memory_model': lambda x: x == "64bit"}
     
     def modification(self, profile):
-        profile.object_classes.update({"VolatilityKDBG": VolatilityKDBG})
\ No newline at end of file
+        profile.object_classes.update({"VolatilityKDBG": VolatilityKDBG})

From 82eb807a6bc4d92ac652ea757fc156d4f4cdd0c4 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 5 Apr 2017 14:11:00 -0400
Subject: [PATCH 085/304] Add 32- and 64-bit profiles for Windows 10 Creators
 Edition (Based on 15063)

---
 volatility/plugins/overlays/windows/win10.py  |   106 +-
 .../windows/win10_x64_15063_vtypes.py         | 13962 ++++++++++++++++
 .../windows/win10_x86_15063_vtypes.py         | 13436 +++++++++++++++
 3 files changed, 27501 insertions(+), 3 deletions(-)
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_15063_vtypes.py
 create mode 100755 volatility/plugins/overlays/windows/win10_x86_15063_vtypes.py

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 507233797..37e04a2a0 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -81,9 +81,16 @@ class Win10x86DTB(obj.ProfileModification):
                   }
 
     def modification(self, profile):
+        build = profile.metadata.get("build", 0)
+
+        if build >= 15063:
+            signature = "\x03\x00\x2C\x00"
+        else:
+            signature = "\x03\x00\x2A\x00"
+
         profile.merge_overlay({
             'VOLATILITY_MAGIC': [ None, {
-            'DTBSignature' : [ None, ['VolatilityMagic', dict(value = "\x03\x00\x2A\x00")]],
+            'DTBSignature' : [ None, ['VolatilityMagic', dict(value = signature)]],
             }]})
 
 class Win10KDBG(windows.AbstractKDBGMod):
@@ -460,7 +467,72 @@ class _OBJECT_HEADER_10_DD08DD42(_OBJECT_HEADER_10):
         58: 'VRegConfigurationContext',
         59: 'VirtualKey',
         }
-        
+    
+class _OBJECT_HEADER_10_15063(_OBJECT_HEADER_10):
+
+    type_map = {
+		2: 'Type',
+		3: 'Directory',
+		4: 'SymbolicLink',
+		5: 'Token',
+		6: 'Job',
+		7: 'Process',
+		8: 'Thread',
+		9: 'UserApcReserve',
+		10: 'IoCompletionReserve',
+		11: 'ActivityReference',
+		12: 'PsSiloContextPaged',
+		13: 'PsSiloContextNonPaged',
+		14: 'DebugObject',
+		15: 'Event',
+		16: 'Mutant',
+		17: 'Callback',
+		18: 'Semaphore',
+		19: 'Timer',
+		20: 'IRTimer',
+		21: 'Profile',
+		22: 'KeyedEvent',
+		23: 'WindowStation',
+		24: 'Desktop',
+		25: 'Composition',
+		26: 'RawInputManager',
+		27: 'CoreMessaging',
+		28: 'TpWorkerFactory',
+		29: 'Adapter',
+		30: 'Controller',
+		31: 'Device',
+		32: 'Driver',
+		33: 'IoCompletion',
+		34: 'WaitCompletionPacket',
+		35: 'File',
+		36: 'TmTm',
+		37: 'TmTx',
+		38: 'TmRm',
+		39: 'TmEn',
+		40: 'Section',
+		41: 'Session',
+		42: 'Partition',
+		43: 'Key',
+		44: 'RegistryTransaction',
+		45: 'ALPC Port',
+		46: 'PowerRequest',
+		47: 'WmiGuid',
+		48: 'EtwRegistration',
+		49: 'EtwSessionDemuxEntry',
+		50: 'EtwConsumer',
+		51: 'DmaAdapter',
+		52: 'DmaDomain',
+		53: 'PcwObject',
+		54: 'FilterConnectionPort',
+		55: 'FilterCommunicationPort',
+		56: 'NdisCmState',
+		57: 'DxgkSharedResource',
+		58: 'DxgkSharedSyncObject',
+		59: 'DxgkSharedSwapChainObject',
+        60: 'DxgkCurrentDxgProcessObject',
+        61: 'VRegConfigurationContext'
+    	}
+    
 class _HANDLE_TABLE_10_DD08DD42(win8._HANDLE_TABLE_81R264):
     
     def decode_pointer(self, value):
@@ -483,7 +555,15 @@ def modification(self, profile):
         metadata = profile.metadata
         build = metadata.get("build", 0)
 
-        if build >= 14393:
+        if build >= 15063:
+            header = _OBJECT_HEADER_10_15063
+
+            ## update the handle table here as well
+            if metadata.get("memory_model") == "64bit":
+                profile.object_classes.update({
+                    "_HANDLE_TABLE": _HANDLE_TABLE_10_DD08DD42})
+
+        elif build >= 14393:
             header = _OBJECT_HEADER_10_DD08DD42
             
             ## update the handle table here as well
@@ -605,3 +685,23 @@ class Win2016x64_14393(Win10x64_14393):
     _md_build = 14393
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_DD08DD42_vtypes'
     _md_product = ["NtProductLanManNt", "NtProductServer"]
+
+class Win10x86_15063(obj.Profile):
+    """ A Profile for Windows 10 x86 (10.0.15063.0 / 2017-04-04) """
+    _md_memory_model = '32bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 15063
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_15063_vtypes'
+    _md_product = ["NtProductWinNt"]
+
+class Win10x64_15063(obj.Profile):
+    """ A Profile for Windows 10 x64 (10.0.15063.0 / 2017-04-04) """
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 15063
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_15063_vtypes'
+    _md_product = ["NtProductWinNt"]
diff --git a/volatility/plugins/overlays/windows/win10_x64_15063_vtypes.py b/volatility/plugins/overlays/windows/win10_x64_15063_vtypes.py
new file mode 100644
index 000000000..3e8b57364
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_15063_vtypes.py
@@ -0,0 +1,13962 @@
+ntkrnlmp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'Reserved8' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1087' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1087']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_109f' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_10a1' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_109f']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_10a1']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['pointer64', ['void']]]],
+    'SystemReserved1' : [ 0x190, ['array', 32, ['pointer64', ['void']]]],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0x18, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_1112' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1112']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x6bc0, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x6a40, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IdleState' : [ 0x23, ['unsigned char']],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'CpuType' : [ 0x40, ['unsigned char']],
+    'CpuID' : [ 0x41, ['unsigned char']],
+    'CpuStep' : [ 0x42, ['unsigned short']],
+    'CpuStepping' : [ 0x42, ['unsigned char']],
+    'CpuModel' : [ 0x43, ['unsigned char']],
+    'MHz' : [ 0x44, ['unsigned long']],
+    'HalReserved' : [ 0x48, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x88, ['unsigned short']],
+    'MajorVersion' : [ 0x8a, ['unsigned short']],
+    'BuildType' : [ 0x8c, ['unsigned char']],
+    'CpuVendor' : [ 0x8d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x8e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x8f, ['unsigned char']],
+    'PrcbPad04' : [ 0x90, ['array', 6, ['unsigned long long']]],
+    'ParentNode' : [ 0xc0, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0xc8, ['unsigned long long']],
+    'Group' : [ 0xd0, ['unsigned char']],
+    'GroupIndex' : [ 0xd1, ['unsigned char']],
+    'PrcbPad05' : [ 0xd2, ['array', 2, ['unsigned char']]],
+    'InitialApicId' : [ 0xd4, ['unsigned long']],
+    'ScbOffset' : [ 0xd8, ['unsigned long']],
+    'ApicMask' : [ 0xdc, ['unsigned long']],
+    'AcpiReserved' : [ 0xe0, ['pointer64', ['void']]],
+    'CFlushSize' : [ 0xe8, ['unsigned long']],
+    'PrcbPad10' : [ 0xec, ['unsigned long']],
+    'PrcbPad11' : [ 0xf0, ['array', 2, ['unsigned long long']]],
+    'ProcessorState' : [ 0x100, ['_KPROCESSOR_STATE']],
+    'PrcbPad12' : [ 0x6c0, ['array', 6, ['unsigned long long']]],
+    'LockQueue' : [ 0x6f0, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x800, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x900, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0x1500, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x2100, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PrcbPad20' : [ 0x2d00, ['unsigned long long']],
+    'DeferredReadyListHead' : [ 0x2d08, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2d10, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2d14, ['long']],
+    'MmTransitionCount' : [ 0x2d18, ['long']],
+    'MmDemandZeroCount' : [ 0x2d1c, ['long']],
+    'MmPageReadCount' : [ 0x2d20, ['long']],
+    'MmPageReadIoCount' : [ 0x2d24, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x2d28, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x2d2c, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x2d30, ['long']],
+    'MmMappedWriteIoCount' : [ 0x2d34, ['long']],
+    'KeSystemCalls' : [ 0x2d38, ['unsigned long']],
+    'KeContextSwitches' : [ 0x2d3c, ['unsigned long']],
+    'PrcbPad40' : [ 0x2d40, ['unsigned long']],
+    'CcFastReadNoWait' : [ 0x2d44, ['unsigned long']],
+    'CcFastReadWait' : [ 0x2d48, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x2d4c, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x2d50, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x2d54, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x2d58, ['unsigned long']],
+    'IoReadOperationCount' : [ 0x2d5c, ['long']],
+    'IoWriteOperationCount' : [ 0x2d60, ['long']],
+    'IoOtherOperationCount' : [ 0x2d64, ['long']],
+    'IoReadTransferCount' : [ 0x2d68, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x2d70, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x2d78, ['_LARGE_INTEGER']],
+    'PacketBarrier' : [ 0x2d80, ['long']],
+    'TargetCount' : [ 0x2d84, ['long']],
+    'IpiFrozen' : [ 0x2d88, ['unsigned long']],
+    'IsrDpcStats' : [ 0x2d90, ['pointer64', ['void']]],
+    'DeviceInterrupts' : [ 0x2d98, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x2d9c, ['long']],
+    'InterruptLastCount' : [ 0x2da0, ['unsigned long']],
+    'InterruptRate' : [ 0x2da4, ['unsigned long']],
+    'LastNonHrTimerExpiration' : [ 0x2da8, ['unsigned long long']],
+    'PrcbPad41' : [ 0x2db0, ['array', 20, ['unsigned long']]],
+    'DpcData' : [ 0x2e00, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2e50, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2e58, ['long']],
+    'DpcRequestRate' : [ 0x2e5c, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x2e60, ['unsigned long']],
+    'DpcLastCount' : [ 0x2e64, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x2e68, ['unsigned char']],
+    'QuantumEnd' : [ 0x2e69, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x2e6a, ['unsigned char']],
+    'IdleSchedule' : [ 0x2e6b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x2e6c, ['long']],
+    'DpcRequestSlot' : [ 0x2e6c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x2e6c, ['short']],
+    'ThreadDpcState' : [ 0x2e6e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x2e6c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x2e6c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x2e6c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x2e6c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x2e6c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x2e6c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x2e6c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x2e6c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x2e6c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x2e6c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2e70, ['unsigned long']],
+    'LastTick' : [ 0x2e74, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2e78, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2e7c, ['unsigned long']],
+    'InterruptObject' : [ 0x2e80, ['array', 256, ['pointer64', ['void']]]],
+    'TimerTable' : [ 0x3680, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x5880, ['_KGATE']],
+    'PrcbPad52' : [ 0x5898, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x58a0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x58e0, ['long']],
+    'PrcbPad60' : [ 0x58e4, ['array', 2, ['unsigned char']]],
+    'NmiActive' : [ 0x58e6, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x58e8, ['long']],
+    'DpcWatchdogCount' : [ 0x58ec, ['long']],
+    'KeSpinLockOrdering' : [ 0x58f0, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x58f4, ['unsigned long']],
+    'CachedPtes' : [ 0x58f8, ['pointer64', ['void']]],
+    'WaitListHead' : [ 0x5900, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x5910, ['unsigned long long']],
+    'ReadySummary' : [ 0x5918, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x591c, ['long']],
+    'QueueIndex' : [ 0x5920, ['unsigned long']],
+    'PrcbPad75' : [ 0x5924, ['array', 3, ['unsigned long']]],
+    'TimerExpirationDpc' : [ 0x5930, ['_KDPC']],
+    'ScbQueue' : [ 0x5970, ['_RTL_RB_TREE']],
+    'DispatcherReadyListHead' : [ 0x5980, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x5b80, ['unsigned long']],
+    'KernelTime' : [ 0x5b84, ['unsigned long']],
+    'UserTime' : [ 0x5b88, ['unsigned long']],
+    'DpcTime' : [ 0x5b8c, ['unsigned long']],
+    'InterruptTime' : [ 0x5b90, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x5b94, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x5b98, ['unsigned char']],
+    'GroupSchedulingOverQuota' : [ 0x5b99, ['unsigned char']],
+    'DeepSleep' : [ 0x5b9a, ['unsigned char']],
+    'PrcbPad80' : [ 0x5b9b, ['array', 5, ['unsigned char']]],
+    'DpcTimeCount' : [ 0x5ba0, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x5ba4, ['unsigned long']],
+    'PeriodicCount' : [ 0x5ba8, ['unsigned long']],
+    'PeriodicBias' : [ 0x5bac, ['unsigned long']],
+    'AvailableTime' : [ 0x5bb0, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x5bb4, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x5bb8, ['unsigned long']],
+    'StartCycles' : [ 0x5bc0, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x5bc8, ['unsigned long long']],
+    'TaggedCycles' : [ 0x5bd0, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x5be0, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x5be8, ['unsigned long long']],
+    'ImportantCycles' : [ 0x5bf0, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x5bf8, ['unsigned long long']],
+    'ReadyQueueExpectedRunTime' : [ 0x5c00, ['unsigned long long']],
+    'PrcbPad81' : [ 0x5c08, ['array', 21, ['unsigned long']]],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x5c5c, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x5c60, ['long']],
+    'PageColor' : [ 0x5c64, ['unsigned long']],
+    'NodeColor' : [ 0x5c68, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x5c6c, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x5c70, ['unsigned long']],
+    'PrcbPad83' : [ 0x5c74, ['unsigned long']],
+    'CycleTime' : [ 0x5c78, ['unsigned long long']],
+    'Cycles' : [ 0x5c80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad84' : [ 0x5cc0, ['array', 16, ['unsigned long']]],
+    'CcFastMdlReadNoWait' : [ 0x5d00, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x5d04, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x5d08, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x5d0c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x5d10, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x5d14, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x5d18, ['unsigned long']],
+    'CcPinReadWait' : [ 0x5d1c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x5d20, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x5d24, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x5d28, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x5d2c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x5d30, ['unsigned long']],
+    'CcDataFlushes' : [ 0x5d34, ['unsigned long']],
+    'CcDataPages' : [ 0x5d38, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x5d3c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x5d40, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x5d44, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x5d48, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x5d4c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x5d50, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x5d54, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x5d58, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x5d5c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x5d60, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x5d64, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x5d68, ['long']],
+    'MmCacheReadCount' : [ 0x5d6c, ['long']],
+    'MmCacheIoCount' : [ 0x5d70, ['long']],
+    'PrcbPad91' : [ 0x5d74, ['array', 3, ['unsigned long']]],
+    'PowerState' : [ 0x5d80, ['_PROCESSOR_POWER_STATE']],
+    'ScbList' : [ 0x5f58, ['_LIST_ENTRY']],
+    'ForceIdleDpc' : [ 0x5f68, ['_KDPC']],
+    'PrcbPad92' : [ 0x5fa8, ['array', 18, ['unsigned long']]],
+    'KeAlignmentFixupCount' : [ 0x5ff0, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x5ff8, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x6038, ['_KTIMER']],
+    'Cache' : [ 0x6078, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x60b4, ['unsigned long']],
+    'CachedCommit' : [ 0x60b8, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x60bc, ['unsigned long']],
+    'HyperPte' : [ 0x60c0, ['pointer64', ['void']]],
+    'WheaInfo' : [ 0x60c8, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x60d0, ['pointer64', ['void']]],
+    'InterruptObjectPool' : [ 0x60e0, ['_SLIST_HEADER']],
+    'HypercallPageList' : [ 0x60f0, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x6100, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x6108, ['pointer64', ['void']]],
+    'StatisticsPage' : [ 0x6110, ['pointer64', ['unsigned long long']]],
+    'PackageProcessorSet' : [ 0x6118, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x61c0, ['unsigned long long']],
+    'SharedReadyQueue' : [ 0x61c8, ['pointer64', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x61d0, ['unsigned long']],
+    'ScanSiblingIndex' : [ 0x61d4, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x61d8, ['unsigned long long']],
+    'ScanSiblingMask' : [ 0x61e0, ['unsigned long long']],
+    'LLCMask' : [ 0x61e8, ['unsigned long long']],
+    'CacheProcessorMask' : [ 0x61f0, ['array', 5, ['unsigned long long']]],
+    'ProcessorProfileControlArea' : [ 0x6218, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x6220, ['pointer64', ['void']]],
+    'DpcWatchdogProfile' : [ 0x6228, ['pointer64', ['pointer64', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x6230, ['pointer64', ['pointer64', ['void']]]],
+    'PrcbPad94' : [ 0x6238, ['array', 9, ['unsigned long long']]],
+    'SynchCounters' : [ 0x6280, ['_SYNCH_COUNTERS']],
+    'PteBitCache' : [ 0x6338, ['unsigned long long']],
+    'PteBitOffset' : [ 0x6340, ['unsigned long']],
+    'FsCounters' : [ 0x6348, ['_FILESYSTEM_DISK_COUNTERS']],
+    'VendorString' : [ 0x6358, ['array', 13, ['unsigned char']]],
+    'PrcbPad100' : [ 0x6365, ['array', 2, ['unsigned char']]],
+    'PendingVirtualLittle' : [ 0x6367, ['unsigned char']],
+    'FeatureBits' : [ 0x6368, ['unsigned long long']],
+    'PrcbPad110' : [ 0x6370, ['unsigned long']],
+    'UpdateSignature' : [ 0x6378, ['_LARGE_INTEGER']],
+    'Context' : [ 0x6380, ['pointer64', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x6388, ['unsigned long']],
+    'ExtendedState' : [ 0x6390, ['pointer64', ['_XSAVE_AREA']]],
+    'IsrStack' : [ 0x6398, ['pointer64', ['void']]],
+    'EntropyTimingState' : [ 0x63a0, ['_KENTROPY_TIMING_STATE']],
+    'AbSelfIoBoostsList' : [ 0x64f0, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x64f8, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x6500, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x6540, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x6594, ['_IOP_IRP_STACK_PROFILER']],
+    'LocalSharedReadyQueue' : [ 0x6600, ['_KSHARED_READY_QUEUE']],
+    'TimerExpirationTrace' : [ 0x6870, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x6970, ['unsigned long']],
+    'ExSaPageArray' : [ 0x6978, ['pointer64', ['void']]],
+    'SecureFault' : [ 0x6980, ['_KSECURE_FAULT_INFORMATION']],
+    'Mailbox' : [ 0x69c0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestMailbox' : [ 0x6a00, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KFLOATING_SAVE' : [ 0x4, {
+    'Dummy' : [ 0x0, ['unsigned long']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0x2d8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x44, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x48, ['unsigned long long']],
+    'Affinity' : [ 0x50, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x110, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x1b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x1b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x1b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'DeepFreeze' : [ 0x1b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x1b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x1b8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x1b8, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x1b8, ['BitField', dict(start_bit = 8, end_bit = 28, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x1b8, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x1b8, ['long']],
+    'BasePriority' : [ 0x1bc, ['unsigned char']],
+    'QuantumReset' : [ 0x1bd, ['unsigned char']],
+    'Visited' : [ 0x1be, ['unsigned char']],
+    'Flags' : [ 0x1bf, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x1c0, ['array', 20, ['unsigned long']]],
+    'IdealNode' : [ 0x210, ['array', 20, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x238, ['unsigned short']],
+    'Spare1' : [ 0x23a, ['unsigned short']],
+    'StackCount' : [ 0x23c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x240, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x250, ['unsigned long long']],
+    'ContextSwitches' : [ 0x258, ['unsigned long long']],
+    'SchedulingGroup' : [ 0x260, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'FreezeCount' : [ 0x268, ['unsigned long']],
+    'KernelTime' : [ 0x26c, ['unsigned long']],
+    'UserTime' : [ 0x270, ['unsigned long']],
+    'ReadyTime' : [ 0x274, ['unsigned long']],
+    'Spare2' : [ 0x278, ['array', 80, ['unsigned char']]],
+    'InstrumentationCallback' : [ 0x2c8, ['pointer64', ['void']]],
+    'SecurePid' : [ 0x2d0, ['unsigned long long']],
+} ],
+  '_KTHREAD' : [ 0x5e8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'StackBase' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'CycleTime' : [ 0x48, ['unsigned long long']],
+    'CurrentRunTime' : [ 0x50, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
+    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
+    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x71, ['unsigned char']],
+    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x74, ['long']],
+    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BamEppImportant' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 19, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x78, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x78, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x78, ['BitField', dict(start_bit = 21, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x78, ['long']],
+    'Tag' : [ 0x7c, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x7d, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x7f, ['unsigned char']],
+    'SystemCallNumber' : [ 0x80, ['unsigned long']],
+    'ReadyTime' : [ 0x84, ['unsigned long']],
+    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
+    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x98, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0xc3, ['unsigned char']],
+    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
+    'WaitStatus' : [ 0xc8, ['long long']],
+    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xf0, ['pointer64', ['void']]],
+    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
+    'Timer' : [ 0x100, ['_KTIMER']],
+    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
+    'ContextSwitches' : [ 0x154, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
+    'State' : [ 0x184, ['unsigned char']],
+    'Spare13' : [ 0x185, ['unsigned char']],
+    'WaitIrql' : [ 0x186, ['unsigned char']],
+    'WaitMode' : [ 0x187, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
+    'WaitTime' : [ 0x1b4, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1e4, ['short']],
+    'SpecialApcDisable' : [ 0x1e6, ['short']],
+    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
+    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
+    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
+    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
+    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
+    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
+    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'Spare21' : [ 0x200, ['pointer64', ['void']]],
+    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x218, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x21c, ['long']],
+    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
+    'PreviousMode' : [ 0x232, ['unsigned char']],
+    'BasePriority' : [ 0x233, ['unsigned char']],
+    'PriorityDecrement' : [ 0x234, ['unsigned char']],
+    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x235, ['unsigned char']],
+    'AdjustReason' : [ 0x236, ['unsigned char']],
+    'AdjustIncrement' : [ 0x237, ['unsigned char']],
+    'AffinityVersion' : [ 0x238, ['unsigned long long']],
+    'Affinity' : [ 0x240, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x240, ['array', 10, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x24a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x24b, ['unsigned char']],
+    'IdealProcessor' : [ 0x24c, ['unsigned long']],
+    'NpxState' : [ 0x250, ['unsigned long long']],
+    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x283, ['unsigned char']],
+    'SuspendCount' : [ 0x284, ['unsigned char']],
+    'Saturation' : [ 0x285, ['unsigned char']],
+    'SListFaultCount' : [ 0x286, ['unsigned short']],
+    'SchedulerApc' : [ 0x288, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x289, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x28b, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x28c, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
+    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
+    'UserTime' : [ 0x2dc, ['unsigned long']],
+    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x318, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x319, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x31a, ['unsigned char']],
+    'Spare20' : [ 0x31b, ['unsigned char']],
+    'SecureThreadCookie' : [ 0x31c, ['unsigned long']],
+    'LockEntries' : [ 0x320, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x568, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x570, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x580, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x584, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x588, ['long']],
+    'KeReferenceCount' : [ 0x58c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x58e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x58f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x590, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x598, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x598, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x5a0, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x5a8, ['long long']],
+    'WriteOperationCount' : [ 0x5b0, ['long long']],
+    'OtherOperationCount' : [ 0x5b8, ['long long']],
+    'ReadTransferCount' : [ 0x5c0, ['long long']],
+    'WriteTransferCount' : [ 0x5c8, ['long long']],
+    'OtherTransferCount' : [ 0x5d0, ['long long']],
+    'QueuedScb' : [ 0x5d8, ['pointer64', ['_KSCB']]],
+    'ThreadTimerDelay' : [ 0x5e0, ['unsigned long']],
+    'Spare22' : [ 0x5e4, ['long']],
+} ],
+  '_KSTACK_CONTROL' : [ 0x30, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'ActualLimit' : [ 0x8, ['unsigned long long']],
+    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_1287' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'HeaderX64' : [ 0x0, ['__unnamed_1287']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x140, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long long']],
+    'IdleSmtSet' : [ 0x8, ['unsigned long long']],
+    'IdleCpuSet' : [ 0x10, ['unsigned long long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long long']],
+    'IdleConstrainedSet' : [ 0x48, ['unsigned long long']],
+    'NonParkedSet' : [ 0x50, ['unsigned long long']],
+    'ParkLock' : [ 0x58, ['long']],
+    'Seed' : [ 0x5c, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x88, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x88, ['array', 10, ['unsigned char']]],
+    'NodeNumber' : [ 0x92, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x94, ['unsigned short']],
+    'Stride' : [ 0x96, ['unsigned char']],
+    'Spare0' : [ 0x97, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x98, ['unsigned long long']],
+    'ProximityId' : [ 0xa0, ['unsigned long']],
+    'Lowest' : [ 0xa4, ['unsigned long']],
+    'Highest' : [ 0xa8, ['unsigned long']],
+    'MaximumProcessors' : [ 0xac, ['unsigned char']],
+    'Flags' : [ 0xad, ['_flags']],
+    'Spare10' : [ 0xae, ['unsigned char']],
+    'HeteroSets' : [ 0xb0, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+} ],
+  '_ENODE' : [ 0x840, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'ExWorkQueues' : [ 0x140, ['array', 8, ['pointer64', ['_EX_WORK_QUEUE']]]],
+    'ExWorkQueue' : [ 0x180, ['_EX_WORK_QUEUE']],
+    'IoWorkQueue' : [ 0x450, ['_EX_WORK_QUEUE']],
+    'ExpThreadSetManagerEvent' : [ 0x720, ['_KEVENT']],
+    'ExpDeadlockTimer' : [ 0x738, ['_KTIMER']],
+    'ExpThreadReaperEvent' : [ 0x778, ['_KEVENT']],
+    'WaitBlocks' : [ 0x790, ['array', 3, ['_KWAIT_BLOCK']]],
+    'ExpWorkerThreadBalanceManagerPtr' : [ 0x820, ['pointer64', ['_ETHREAD']]],
+    'ExpWorkerSeed' : [ 0x828, ['unsigned long']],
+    'ExWorkerFullInit' : [ 0x82c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerStructInit' : [ 0x82c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExWorkerFlags' : [ 0x82c, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long long']],
+    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x2c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
+    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'VolatileLowValue' : [ 0x0, ['long long']],
+    'LowValue' : [ 0x0, ['long long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x8, ['long long']],
+    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
+    'RefCountField' : [ 0x0, ['long long']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
+    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+    'Spare2' : [ 0xc, ['unsigned long']],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1379' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_1379']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xe0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_EPROCESS' : [ 0x818, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x2d8, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0x2e0, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x2e8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x2f8, ['_EX_RUNDOWN_REF']],
+    'Flags2' : [ 0x300, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x304, ['unsigned long']],
+    'CreateReported' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x304, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ControlFlowGuardEnabled' : [ 0x304, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x304, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x304, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x304, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0x304, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x304, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x304, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x304, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x304, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x304, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x304, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x304, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x304, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0x304, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x304, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x304, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x304, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x304, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0x304, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x304, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x304, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x304, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x304, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0x308, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x320, ['array', 2, ['unsigned long long']]],
+    'PeakVirtualSize' : [ 0x330, ['unsigned long long']],
+    'VirtualSize' : [ 0x338, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x340, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x350, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x350, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x350, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Token' : [ 0x358, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x360, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x368, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x370, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x378, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x380, ['pointer64', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x388, ['pointer64', ['_EJOB']]],
+    'CloneRoot' : [ 0x390, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x398, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x3a0, ['unsigned long long']],
+    'Win32Process' : [ 0x3a8, ['pointer64', ['void']]],
+    'Job' : [ 0x3b0, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x3b8, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x3c0, ['pointer64', ['void']]],
+    'Cookie' : [ 0x3c8, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x3d0, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x3d8, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x3e0, ['pointer64', ['void']]],
+    'LdtInformation' : [ 0x3e8, ['pointer64', ['void']]],
+    'OwnerProcessId' : [ 0x3f0, ['unsigned long long']],
+    'Peb' : [ 0x3f8, ['pointer64', ['_PEB']]],
+    'Session' : [ 0x400, ['pointer64', ['_MM_SESSION_SPACE']]],
+    'AweInfo' : [ 0x408, ['pointer64', ['void']]],
+    'QuotaBlock' : [ 0x410, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x418, ['pointer64', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x420, ['pointer64', ['void']]],
+    'WoW64Process' : [ 0x428, ['pointer64', ['_EWOW64PROCESS']]],
+    'DeviceMap' : [ 0x430, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x438, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x440, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x448, ['pointer64', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x450, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x45f, ['unsigned char']],
+    'SecurityPort' : [ 0x460, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x468, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x470, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x480, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x488, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x498, ['unsigned long']],
+    'ImagePathHash' : [ 0x49c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x4a0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x4a4, ['long']],
+    'PrefetchTrace' : [ 0x4a8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x4b0, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x4b8, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x4c0, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x4c8, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x4d0, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x4d8, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x4e0, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x4e8, ['unsigned long long']],
+    'CommitCharge' : [ 0x4f0, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x4f8, ['unsigned long long']],
+    'Vm' : [ 0x500, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x610, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x620, ['unsigned long']],
+    'ExitStatus' : [ 0x624, ['long']],
+    'VadRoot' : [ 0x628, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x630, ['pointer64', ['void']]],
+    'VadCount' : [ 0x638, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x640, ['unsigned long long']],
+    'VadPhysicalPagesLimit' : [ 0x648, ['unsigned long long']],
+    'AlpcContext' : [ 0x650, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x670, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x680, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x688, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x68c, ['unsigned long']],
+    'ExitTime' : [ 0x690, ['_LARGE_INTEGER']],
+    'InvertedFunctionTable' : [ 0x698, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
+    'InvertedFunctionTableLock' : [ 0x6a0, ['_EX_PUSH_LOCK']],
+    'ActiveThreadsHighWatermark' : [ 0x6a8, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x6ac, ['unsigned long']],
+    'ThreadListLock' : [ 0x6b0, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x6b8, ['pointer64', ['void']]],
+    'ServerSilo' : [ 0x6c0, ['pointer64', ['_EJOB']]],
+    'SignatureLevel' : [ 0x6c8, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x6c9, ['unsigned char']],
+    'Protection' : [ 0x6ca, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x6cb, ['unsigned char']],
+    'Flags3' : [ 0x6cc, ['unsigned long']],
+    'Minimal' : [ 0x6cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x6cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x6cc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x6cc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Crashed' : [ 0x6cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x6cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x6cc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x6cc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x6cc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6cc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'InPrivate' : [ 0x6cc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x6cc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x6cc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x6cc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x6cc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x6cc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x6cc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x6cc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x6cc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AutomaticallyOverrideChildProcessPolicy' : [ 0x6cc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x6cc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x6cc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x6cc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x6cc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x6cc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityAudit' : [ 0x6cc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x6cc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0x6cc, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0x6cc, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x6cc, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x6d0, ['long']],
+    'SvmData' : [ 0x6d8, ['pointer64', ['void']]],
+    'SvmProcessLock' : [ 0x6e0, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x6e8, ['unsigned long long']],
+    'SvmProcessDeviceListHead' : [ 0x6f0, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x700, ['unsigned long long']],
+    'DiskCounters' : [ 0x708, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x710, ['pointer64', ['void']]],
+    'TrustletIdentity' : [ 0x718, ['unsigned long long']],
+    'HighPriorityFaultsAllowed' : [ 0x720, ['unsigned long']],
+    'EnergyContext' : [ 0x728, ['pointer64', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x730, ['pointer64', ['void']]],
+    'SequenceNumber' : [ 0x738, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x740, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x748, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x750, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x758, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x760, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x760, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x768, ['unsigned long long']],
+    'SharedCommitLock' : [ 0x770, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x778, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x788, ['unsigned long long']],
+    'DefaultCpuSets' : [ 0x790, ['unsigned long long']],
+    'AllowedCpuSetsIndirect' : [ 0x788, ['pointer64', ['unsigned long long']]],
+    'DefaultCpuSetsIndirect' : [ 0x790, ['pointer64', ['unsigned long long']]],
+    'DiskIoAttribution' : [ 0x798, ['pointer64', ['void']]],
+    'DxgProcess' : [ 0x7a0, ['pointer64', ['void']]],
+    'Win32KFilterSet' : [ 0x7a8, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x7b0, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x7b8, ['unsigned long']],
+    'KTimer2Sets' : [ 0x7bc, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x7c0, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x7c8, ['unsigned long long']],
+    'VirtualTimerListHead' : [ 0x7d0, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x7e0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x7e0, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'Flags4' : [ 0x810, ['unsigned long']],
+    'PicoCreated' : [ 0x810, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0x810, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_EWOW64PROCESS' : [ 0x10, {
+    'Peb' : [ 0x0, ['pointer64', ['void']]],
+    'Machine' : [ 0x8, ['unsigned short']],
+} ],
+  '_ETHREAD' : [ 0x810, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x5e8, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x5f0, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x5f0, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x600, ['pointer64', ['void']]],
+    'PostBlockList' : [ 0x608, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x608, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x610, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x618, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x618, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x618, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x620, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x628, ['_LIST_ENTRY']],
+    'Cid' : [ 0x638, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x648, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x648, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x668, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x670, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x680, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x688, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x690, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x698, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x6a0, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x6b0, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x6b8, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x6c0, ['unsigned long']],
+    'MmLockOrdering' : [ 0x6c4, ['long']],
+    'CrossThreadFlags' : [ 0x6c8, ['unsigned long']],
+    'Terminated' : [ 0x6c8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x6c8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x6c8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x6c8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x6c8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x6c8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x6c8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x6c8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x6c8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x6c8, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x6c8, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x6c8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x6c8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6c8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x6c8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x6c8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x6c8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x6c8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x6c8, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x6cc, ['unsigned long']],
+    'ActiveExWorker' : [ 0x6cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x6cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x6cc, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x6cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x6cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x6cc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x6cc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x6cc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x6cc, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x6d0, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x6d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x6d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x6d0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x6d0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x6d0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x6d0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x6d0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x6d0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x6d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x6d1, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x6d4, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x6d5, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x6d6, ['unsigned char']],
+    'LockOrderState' : [ 0x6d7, ['unsigned char']],
+    'AlpcMessageId' : [ 0x6d8, ['unsigned long long']],
+    'AlpcMessage' : [ 0x6e0, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x6e0, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x6e8, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x6f8, ['long']],
+    'CacheManagerCount' : [ 0x6fc, ['unsigned long']],
+    'IoBoostCount' : [ 0x700, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x704, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x708, ['unsigned long']],
+    'BoostList' : [ 0x710, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x720, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x730, ['unsigned long long']],
+    'IrpListLock' : [ 0x738, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x740, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x748, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x750, ['pointer64', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x758, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x760, ['pointer64', ['void']]],
+    'KernelStackReference' : [ 0x768, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x770, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x778, ['pointer64', ['void']]],
+    'PropertySet' : [ 0x780, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x798, ['pointer64', ['void']]],
+    'UserFsBase' : [ 0x7a0, ['unsigned long long']],
+    'UserGsBase' : [ 0x7a8, ['unsigned long long']],
+    'EnergyValues' : [ 0x7b0, ['pointer64', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x7b8, ['pointer64', ['void']]],
+    'SelectedCpuSets' : [ 0x7c0, ['unsigned long long']],
+    'SelectedCpuSetsIndirect' : [ 0x7c0, ['pointer64', ['unsigned long long']]],
+    'Silo' : [ 0x7c8, ['pointer64', ['_EJOB']]],
+    'ThreadName' : [ 0x7d0, ['pointer64', ['_UNICODE_STRING']]],
+    'SetContextState' : [ 0x7d8, ['pointer64', ['_CONTEXT']]],
+    'LastExpectedRunTime' : [ 0x7e0, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x7e8, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x7f8, ['unsigned long long']],
+    'DisownedOwnerEntryListHead' : [ 0x800, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_13ed' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13f3' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13f5' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13f3']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13fe' : [ 0x58, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1400' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_13fe']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_13ed']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_13f5']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_1400']],
+} ],
+  '__unnamed_1407' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_140b' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_140f' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_1411' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1415' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileDesiredStorageClassInformation', 68: 'FileStatInformation', 69: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1417' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1419' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileDesiredStorageClassInformation', 68: 'FileStatInformation', 69: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_141b' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileDesiredStorageClassInformation', 68: 'FileStatInformation', 69: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_141d' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_141f' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1423' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsDataCopyInformation', 13: 'FileFsMetadataSizeInformation', 14: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_1425' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1427' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1429' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_142b' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_142d' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1431' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_1435' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1439' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_143d' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_1441' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1445' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1449' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_144b' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_144d' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_1451' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_1455' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1459' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_145d' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_1461' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1469' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_146d' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_146f' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1471' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1473' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_1407']],
+    'CreatePipe' : [ 0x0, ['__unnamed_140b']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_140f']],
+    'Read' : [ 0x0, ['__unnamed_1411']],
+    'Write' : [ 0x0, ['__unnamed_1411']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_1415']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_1417']],
+    'QueryFile' : [ 0x0, ['__unnamed_1419']],
+    'SetFile' : [ 0x0, ['__unnamed_141b']],
+    'QueryEa' : [ 0x0, ['__unnamed_141d']],
+    'SetEa' : [ 0x0, ['__unnamed_141f']],
+    'QueryVolume' : [ 0x0, ['__unnamed_1423']],
+    'SetVolume' : [ 0x0, ['__unnamed_1423']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_1425']],
+    'LockControl' : [ 0x0, ['__unnamed_1427']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1429']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_142b']],
+    'SetSecurity' : [ 0x0, ['__unnamed_142d']],
+    'MountVolume' : [ 0x0, ['__unnamed_1431']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_1431']],
+    'Scsi' : [ 0x0, ['__unnamed_1435']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1439']],
+    'SetQuota' : [ 0x0, ['__unnamed_141f']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_143d']],
+    'QueryInterface' : [ 0x0, ['__unnamed_1441']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_1445']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1449']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_144b']],
+    'SetLock' : [ 0x0, ['__unnamed_144d']],
+    'QueryId' : [ 0x0, ['__unnamed_1451']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_1455']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1459']],
+    'WaitWake' : [ 0x0, ['__unnamed_145d']],
+    'PowerSequence' : [ 0x0, ['__unnamed_1461']],
+    'Power' : [ 0x0, ['__unnamed_1469']],
+    'StartDevice' : [ 0x0, ['__unnamed_146d']],
+    'WMI' : [ 0x0, ['__unnamed_146f']],
+    'Others' : [ 0x0, ['__unnamed_1471']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_1473']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1489' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_1489']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x28, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x20, ['pointer64', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x610, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
+    'TotalProcesses' : [ 0xd4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
+    'LimitFlags' : [ 0x100, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
+    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
+    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
+    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
+    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
+    'SessionId' : [ 0x1e0, ['unsigned long']],
+    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
+    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
+    'JobTotalMemoryLimit' : [ 0x250, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x258, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x260, ['unsigned long long']],
+    'EffectiveAffinity' : [ 0x268, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x310, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x318, ['unsigned long long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x320, ['unsigned long long']],
+    'EffectiveProcessMemoryLimit' : [ 0x328, ['unsigned long long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x338, ['pointer64', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x340, ['pointer64', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x348, ['pointer64', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x350, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x354, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x358, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x35c, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x360, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x364, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x368, ['unsigned char']],
+    'PriorityClass' : [ 0x369, ['unsigned char']],
+    'NestingDepth' : [ 0x36a, ['unsigned char']],
+    'Reserved1' : [ 0x36b, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x36c, ['unsigned long']],
+    'WakeChannel' : [ 0x370, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x370, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x3b8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x3c0, ['unsigned long']],
+    'NotificationLink' : [ 0x3c8, ['pointer64', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x3d0, ['unsigned long long']],
+    'NotificationInfo' : [ 0x3d8, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x3e0, ['pointer64', ['void']]],
+    'NotificationPacket' : [ 0x3e8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x3f0, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x3f8, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x400, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x408, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x410, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x420, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x430, ['pointer64', ['_EJOB']]],
+    'RootJob' : [ 0x438, ['pointer64', ['_EJOB']]],
+    'IteratorListHead' : [ 0x440, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x450, ['unsigned long long']],
+    'Ancestors' : [ 0x458, ['pointer64', ['pointer64', ['_EJOB']]]],
+    'SessionObject' : [ 0x458, ['pointer64', ['void']]],
+    'Accounting' : [ 0x460, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x4b8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x4bc, ['unsigned long']],
+    'SequenceNumber' : [ 0x4c0, ['unsigned long']],
+    'JobId' : [ 0x4c4, ['unsigned long']],
+    'ContainerId' : [ 0x4c8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x4d8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x4e8, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x4f0, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x508, ['pointer64', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x510, ['pointer64', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x518, ['unsigned long']],
+    'CloseDone' : [ 0x518, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x518, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x518, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x518, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x518, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x518, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x518, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x518, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x518, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x518, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x518, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x518, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x518, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x518, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x518, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x518, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x518, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x518, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x518, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x518, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x518, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x518, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x518, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x518, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x51c, ['unsigned long']],
+    'ParentLocked' : [ 0x51c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x51c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x51c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x520, ['pointer64', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x528, ['unsigned long long']],
+    'DiskIoAttributionUserRefCount' : [ 0x530, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x534, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x538, ['pointer64', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x538, ['pointer64', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x540, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x568, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x5a0, ['long']],
+    'VolumeIoControlTree' : [ 0x5a8, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x5b8, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x5c0, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x5c4, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x5c8, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x5cc, ['unsigned long']],
+    'IoControlLock' : [ 0x5d0, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x5d8, ['unsigned long long']],
+    'RundownWorkItem' : [ 0x5e0, ['_WORK_QUEUE_ITEM']],
+    'MemoryPartitionObject' : [ 0x600, ['pointer64', ['void']]],
+    'EnergyTrackingState' : [ 0x608, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x70, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x60, ['pointer64', ['void']]],
+    'UserContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x158, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'Oplock' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '_TlgProvider_t' : [ 0x40, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+    'AnnotationFunc' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_1679' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_1679']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0x10, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x8, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0xc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
+    'WaiterPriority' : [ 0x1b, ['unsigned char']],
+    'SharedWaiters' : [ 0x20, ['pointer64', ['void']]],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['void']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x50, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer64', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0x18, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x20, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x28, ['unsigned long long']],
+    'NumberOfReferences' : [ 0x30, ['unsigned long long']],
+    'CloneHeader' : [ 0x38, ['pointer64', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x40, ['unsigned long long']],
+    'NestingLevel' : [ 0x48, ['unsigned long long']],
+} ],
+  '__unnamed_16ba' : [ 0x4, {
+    'MustNotBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+} ],
+  '__unnamed_16bc' : [ 0x8, {
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
+    'PageTableWsle' : [ 0x0, ['__unnamed_16ba']],
+    'WsIndex' : [ 0x0, ['unsigned long long']],
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer64', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_16c1' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_16c3' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_16c5' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_16c1']],
+    'e4' : [ 0x0, ['__unnamed_16c3']],
+} ],
+  '__unnamed_16d1' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'Channel' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 50, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 52, native_type='unsigned long long')]],
+    'FileOnly' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_16bc']],
+    'PteAddress' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x8, ['pointer64', ['void']]],
+    'PteLong' : [ 0x8, ['unsigned long long']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'u2' : [ 0x18, ['_MIPFNBLINK']],
+    'u3' : [ 0x20, ['__unnamed_16c5']],
+    'NodeBlinkLow' : [ 0x24, ['unsigned short']],
+    'Unused' : [ 0x26, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Unused2' : [ 0x26, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ViewCount' : [ 0x27, ['unsigned char']],
+    'NodeFlinkLow' : [ 0x27, ['unsigned char']],
+    'u4' : [ 0x28, ['__unnamed_16d1']],
+} ],
+  '__unnamed_16dc' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_16e0' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x48, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_16dc']],
+    'u2' : [ 0x38, ['__unnamed_16e0']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_16e5' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_16e8' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS2']],
+} ],
+  '__unnamed_16f1' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'LargePage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 23, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_16f3' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_16f1']],
+} ],
+  '__unnamed_16f5' : [ 0x8, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x80, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_16e5']],
+    'u1' : [ 0x3c, ['__unnamed_16e8']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_16f3']],
+    'FileObjectLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x70, ['unsigned long long']],
+    'u3' : [ 0x78, ['__unnamed_16f5']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x68, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'MiVaUnused', 1: 'MiVaSessionSpace', 2: 'MiVaProcessSpace', 3: 'MiVaBootLoaded', 4: 'MiVaPfnDatabase', 5: 'MiVaNonPagedPool', 6: 'MiVaPagedPool', 7: 'MiVaSpecialPoolPaged', 8: 'MiVaSystemCache', 9: 'MiVaSystemPtes', 10: 'MiVaHal', 11: 'MiVaSessionGlobalSpace', 12: 'MiVaDriverImages', 13: 'MiVaSpecialPoolNonPaged', 14: 'MiVaMaximumType', 15: 'MiVaSystemPtesLarge'})]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x30, ['unsigned long long']],
+    'GlobalPushLock' : [ 0x30, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'Vm' : [ 0x38, ['pointer64', ['_MMSUPPORT_INSTANCE']]],
+    'TotalSystemPtes' : [ 0x40, ['unsigned long long']],
+    'Hint' : [ 0x48, ['unsigned long long']],
+    'LowestBitEverAllocated' : [ 0x50, ['unsigned long long']],
+    'CachedPtes' : [ 0x58, ['pointer64', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x60, ['unsigned long long']],
+} ],
+  '__unnamed_170f' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_1712' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
+    'StartingVpn' : [ 0x18, ['unsigned long']],
+    'EndingVpn' : [ 0x1c, ['unsigned long']],
+    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
+    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
+    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
+    'SpareNT64VadUChar' : [ 0x23, ['unsigned char']],
+    'ReferenceCount' : [ 0x24, ['long']],
+    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x30, ['__unnamed_170f']],
+    'u1' : [ 0x34, ['__unnamed_1712']],
+    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HHIVE' : [ 0xa68, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x28, ['pointer64', ['void']]],
+    'FileRead' : [ 0x30, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x38, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x40, ['pointer64', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x48, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x58, ['unsigned long']],
+    'DirtyAlloc' : [ 0x5c, ['unsigned long']],
+    'UnreconciledVector' : [ 0x60, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x70, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x74, ['unsigned long']],
+    'Cluster' : [ 0x78, ['unsigned long']],
+    'Flat' : [ 0x7c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x7c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SystemCacheBacked' : [ 0x7c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x7c, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x7d, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x80, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x84, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x88, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x8c, ['unsigned long']],
+    'HiveFlags' : [ 0x90, ['unsigned long']],
+    'CurrentLog' : [ 0x94, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x98, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x9c, ['unsigned long']],
+    'CurrentLogOffset' : [ 0xa0, ['unsigned long']],
+    'MinimumLogSequence' : [ 0xa4, ['unsigned long']],
+    'LogFileSizeCap' : [ 0xa8, ['unsigned long']],
+    'LogDataPresent' : [ 0xac, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0xae, ['unsigned char']],
+    'BaseBlockDirty' : [ 0xaf, ['unsigned char']],
+    'LastLogSwapTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0xb8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0xb8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0xb8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0xb8, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0xba, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0xbc, ['unsigned long']],
+    'StorageTypeCount' : [ 0xc0, ['unsigned long']],
+    'Version' : [ 0xc4, ['unsigned long']],
+    'ViewMap' : [ 0xc8, ['_HVIEW_MAP']],
+    'Storage' : [ 0x578, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x128, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x18, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x20, ['unsigned long']],
+    'KcbPushlock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x30, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x30, ['long']],
+    'DelayedDeref' : [ 0x38, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x38, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x38, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x39, ['unsigned char']],
+    'LayerHeight' : [ 0x3a, ['short']],
+    'SlotHint' : [ 0x3c, ['unsigned long']],
+    'ParentKcb' : [ 0x40, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x48, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x50, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x58, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x68, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x68, ['unsigned long']],
+    'SubKeyCount' : [ 0x68, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x70, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x80, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xa8, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xaa, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xac, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Spare3' : [ 0xb4, ['unsigned long']],
+    'LayerInfo' : [ 0xb8, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0x120, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x120, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1780' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapForLoaderHive', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpMapHiveImage', 8: '_HvpRecoverData', 9: '_CmpValidateHiveSecurityDescriptors', 10: '_HvpEnlistBinInMap', 11: '_CmCheckRegistry', 12: '_CmRegistryIO', 13: '_CmCheckRegistry2', 14: '_CmpCheckKey', 15: '_CmpCheckValueList', 16: '_HvCheckHive', 17: '_HvCheckBin', 18: '_HvpGetLogEntryDirtyVector', 19: '_HvpReadLogEntryHeader', 20: '_HvpReadLogEntry', 21: '_CmpMountPreloadedHives', 22: '_CmpLoadHiveThread', 23: '_CmpCheckLeaf'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1783' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1785' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1787' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1789' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_178d' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_1791' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_1793' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned short']],
+    'RecoverableIndex' : [ 0xa, ['unsigned short']],
+    'Locations' : [ 0xc, ['array', 8, ['__unnamed_1780']]],
+    'RecoverableLocations' : [ 0x6c, ['array', 8, ['__unnamed_1780']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_1783']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_1785']],
+    'CheckKey' : [ 0xf0, ['__unnamed_1787']],
+    'CheckValueList' : [ 0x110, ['__unnamed_1789']],
+    'CheckHive' : [ 0x128, ['__unnamed_178d']],
+    'CheckHive1' : [ 0x138, ['__unnamed_178d']],
+    'CheckBin' : [ 0x148, ['__unnamed_1791']],
+    'RecoverData' : [ 0x158, ['__unnamed_1793']],
+} ],
+  '_CM_KCB_UOW' : [ 0x78, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ParentUoW' : [ 0x50, ['pointer64', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x58, ['unsigned long']],
+    'OldValueCell' : [ 0x58, ['unsigned long']],
+    'NewValueCell' : [ 0x5c, ['unsigned long']],
+    'UserFlags' : [ 0x58, ['unsigned long']],
+    'LastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x60, ['unsigned long']],
+    'OldChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x60, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x60, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x68, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x68, ['pointer64', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x70, ['pointer64', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x70, ['pointer64', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0xb0, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x30, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x30, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x30, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x30, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x30, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x30, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x30, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x30, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x30, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x30, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x30, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x30, ['unsigned long']],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x40, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x48, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x50, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x58, ['_GUID']],
+    'StartLsn' : [ 0x68, ['unsigned long long']],
+    'HiveCount' : [ 0x70, ['unsigned long']],
+    'HiveArray' : [ 0x78, ['array', 7, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 30, ['unsigned long']]],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 32, ['unsigned long long']]],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x270, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ReadySummary' : [ 0x8, ['unsigned long']],
+    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
+    'Span' : [ 0x250, ['unsigned char']],
+    'LowProcIndex' : [ 0x251, ['unsigned char']],
+    'QueueIndex' : [ 0x252, ['unsigned char']],
+    'ProcCount' : [ 0x253, ['unsigned char']],
+    'ScanOwner' : [ 0x254, ['unsigned char']],
+    'Spare' : [ 0x255, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x258, ['unsigned long long']],
+    'ReadyThreadCount' : [ 0x260, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x268, ['unsigned long long']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'Spare1' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
+    'OutputLength' : [ 0xe0, ['unsigned long long']],
+    'Spare2' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'Fill4' : [ 0x18c, ['unsigned long']],
+} ],
+  '__unnamed_18c5' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_18c7' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_18cb' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x2d0, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x58, ['long']],
+    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
+    'FxActivationCount' : [ 0x78, ['long']],
+    'FxSleepCount' : [ 0x7c, ['long']],
+    'Plugin' : [ 0x80, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x88, ['unsigned long']],
+    'CurrentPowerState' : [ 0x8c, ['_POWER_STATE']],
+    'Notify' : [ 0x90, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xf8, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0x118, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0x128, ['unsigned long']],
+    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x134, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
+    'CompletionStatus' : [ 0x188, ['long']],
+    'Flags' : [ 0x18c, ['unsigned long']],
+    'UserFlags' : [ 0x190, ['unsigned long']],
+    'Problem' : [ 0x194, ['unsigned long']],
+    'ProblemStatus' : [ 0x198, ['long']],
+    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x1c4, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
+    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
+    'OverUsed1' : [ 0x210, ['__unnamed_18c5']],
+    'OverUsed2' : [ 0x218, ['__unnamed_18c7']],
+    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x230, ['unsigned long']],
+    'DockInfo' : [ 0x238, ['__unnamed_18cb']],
+    'DisableableDepends' : [ 0x258, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
+    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x290, ['long']],
+    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
+    'ContainerID' : [ 0x298, ['_GUID']],
+    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x2c0, ['unsigned long']],
+    'RebalanceContext' : [ 0x2c8, ['pointer64', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
+    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x68, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
+    'InterruptContext' : [ 0x58, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KAFFINITY_EX' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_19c4' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_19c4']],
+} ],
+  '__unnamed_19cb' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_19cb']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x18, ['pointer64', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PullDefault', 1: 'PullUp', 2: 'PullDown', 3: 'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'IoRestrictionNone', 1: 'IoRestrictionInputOnly', 2: 'IoRestrictionOutputOnly', 3: 'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x20, ['pointer64', ['unsigned short']]],
+    'PinCount' : [ 0x28, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x2a, ['unsigned char']],
+    'ResourceSourceName' : [ 0x30, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x40, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x30, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'SlaveAddress' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x28, ['unsigned long']],
+    'RxBufferSize' : [ 0x2c, ['unsigned short']],
+    'TxBufferSize' : [ 0x2e, ['unsigned short']],
+    'Parity' : [ 0x30, ['unsigned char']],
+    'LinesInUse' : [ 0x31, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'DataBitLength' : [ 0x2c, ['unsigned char']],
+    'Phase' : [ 0x2d, ['unsigned char']],
+    'Polarity' : [ 0x2e, ['unsigned char']],
+    'DeviceSelection' : [ 0x30, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x1c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x18, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x20, ['pointer64', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x28, ['pointer64', ['void']]],
+    'Accounting' : [ 0x30, ['pointer64', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0xb40, {
+    'Name' : [ 0x0, ['pointer64', ['wchar']]],
+    'Id' : [ 0x8, ['unsigned char']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Priority' : [ 0x20, ['unsigned char']],
+    'Settings' : [ 0x28, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0xb18, ['unsigned long long']],
+    'Count' : [ 0xb20, ['unsigned long long']],
+    'MaxDuration' : [ 0xb28, ['unsigned long long']],
+    'MinDuration' : [ 0xb30, ['unsigned long long']],
+    'TotalDuration' : [ 0xb38, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0x578, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x44, ['unsigned long']],
+    'AutonomousPreference' : [ 0x48, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x49, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4b, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x4d, ['unsigned char']],
+    'ParkingPerfState' : [ 0x4e, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x50, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x51, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x52, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x53, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x54, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x55, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x56, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x58, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x5c, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x60, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x62, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x64, ['unsigned char']],
+    'IdleDisabled' : [ 0x65, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x68, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x6c, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x6d, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x6e, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x6f, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x70, ['array', 640, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x2f0, ['array', 640, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0x570, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0x571, ['unsigned char']],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x460, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x2e0, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x310, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x360, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x368, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x370, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x378, ['pointer64', ['void']]],
+    'HardErrorState' : [ 0x380, ['unsigned long']],
+    'WnfSiloState' : [ 0x388, ['_WNF_SILODRIVERSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x3c0, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x3d0, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x3e0, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x3e8, ['pointer64', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x3f0, ['unsigned char']],
+    'NtSystemRoot' : [ 0x3f8, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x408, ['_UNICODE_STRING']],
+    'Storage' : [ 0x418, ['pointer64', ['_PSP_STORAGE']]],
+    'State' : [ 0x420, ['Enumeration', dict(target = 'long', choices = {0: 'SERVERSILO_INITING', 1: 'SERVERSILO_STARTED', 2: 'SERVERSILO_SHUTTING_DOWN', 3: 'SERVERSILO_TERMINATING', 4: 'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x424, ['long']],
+    'DeleteEvent' : [ 0x428, ['pointer64', ['_KEVENT']]],
+    'UserSharedData' : [ 0x430, ['pointer64', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x438, ['pointer64', ['void']]],
+    'TerminateWorkItem' : [ 0x440, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0xd0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x20, ['unsigned long long']],
+    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0xc0, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x218, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
+    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
+    'Event' : [ 0x158, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
+    'WritesInProgress' : [ 0x204, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x208, ['unsigned long']],
+    'Partition' : [ 0x210, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '__unnamed_1acd' : [ 0x10, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_1acd']],
+    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x3c0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'MasterLock' : [ 0x40, ['unsigned long long']],
+    'WorkQueueLock' : [ 0x80, ['unsigned long long']],
+    'PartitionID' : [ 0x88, ['unsigned short']],
+    'PartitionLinks' : [ 0x90, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapList' : [ 0xa0, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0xb0, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0xc0, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriterCursor' : [ 0xd8, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0xf0, ['_LIST_ENTRY']],
+    'ChangeSharedCacheMapFileLock' : [ 0x100, ['_EX_PUSH_LOCK']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0x108, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0x10c, ['unsigned char']],
+    'NumberWorkerThreads' : [ 0x110, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0x114, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0x118, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0x128, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0x138, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0x148, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0x158, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0x168, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0x178, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0x17c, ['unsigned long']],
+    'QueueThrottle' : [ 0x180, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0x184, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0x188, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0x18c, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0x190, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0x194, ['unsigned long']],
+    'LowMemoryEvent' : [ 0x198, ['_KEVENT']],
+    'PowerEvent' : [ 0x1b0, ['_KEVENT']],
+    'PeriodicEvent' : [ 0x1c8, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x1e0, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x1f8, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x210, ['unsigned long']],
+    'LazyWriter' : [ 0x218, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x2a0, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x2b8, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x2f0, ['pointer64', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x2f8, ['long']],
+    'AverageAvailablePages' : [ 0x300, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x308, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x310, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x318, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x320, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x328, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x329, ['unsigned char']],
+    'DeferredWrites' : [ 0x330, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x340, ['unsigned long long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x348, ['pointer64', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x350, ['pointer64', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x358, ['pointer64', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x360, ['pointer64', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x368, ['pointer64', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x370, ['pointer64', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x378, ['pointer64', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x380, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1af1' : [ 0x10, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1af3' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1af5' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_1af7' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1af9' : [ 0x30, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_1afd' : [ 0x68, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'PrefetchList' : [ 0x20, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x28, ['unsigned long']],
+    'Mdl' : [ 0x30, ['pointer64', ['_MDL']]],
+    'IoStatusBlock' : [ 0x38, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x40, ['pointer64', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x48, ['pointer64', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x50, ['pointer64', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x58, ['pointer64', ['void']]],
+    'RequestorMode' : [ 0x60, ['unsigned char']],
+    'NestingLevel' : [ 0x64, ['unsigned long']],
+} ],
+  '__unnamed_1aff' : [ 0x68, {
+    'Read' : [ 0x0, ['__unnamed_1af1']],
+    'Write' : [ 0x0, ['__unnamed_1af3']],
+    'Event' : [ 0x0, ['__unnamed_1af5']],
+    'Notification' : [ 0x0, ['__unnamed_1af7']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1af9']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1afd']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x88, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_1aff']],
+    'Function' : [ 0x78, ['unsigned char']],
+    'Partition' : [ 0x80, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
+    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x90, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x28, {
+    'Allocate' : [ 0x0, ['unsigned long long']],
+    'Free' : [ 0x8, ['unsigned long long']],
+    'Commit' : [ 0x10, ['unsigned long long']],
+    'Decommit' : [ 0x18, ['unsigned long long']],
+    'ExtendContext' : [ 0x20, ['unsigned long long']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x2a0, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x90, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
+    'Signature' : [ 0x98, ['unsigned long']],
+    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
+    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
+    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x100, ['unsigned long long']],
+    'AlignMask' : [ 0x108, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
+    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
+    'StackTraceInitVar' : [ 0x170, ['_RTL_RUN_ONCE']],
+    'FrontEndHeap' : [ 0x178, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x180, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x182, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0x183, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0x188, ['pointer64', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0x190, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0x192, ['array', 129, ['unsigned char']]],
+    'Counters' : [ 0x218, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x290, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1b99' : [ 0x68, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x68, {
+    'Lock' : [ 0x0, ['__unnamed_1b99']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1bec' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1bee' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bec']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1bf0' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1bf2' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1bf0']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_1bee']],
+    'u2' : [ 0x4, ['__unnamed_1bf2']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x30, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_1c0d' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1c0f' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1c0d']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x30, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_1c0f']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1c21' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c23' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c21']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_1c23']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1c2c' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c2e' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c2c']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_1c2e']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1c34' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c36' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c34']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_1c36']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1c54' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c56' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c54']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1d8, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0xd0, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0xe8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xf8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xf8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0x100, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0x148, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x150, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0x168, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0x170, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x178, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x180, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x190, ['long']],
+    'ReferenceNo' : [ 0x194, ['long']],
+    'ReferenceNoWait' : [ 0x198, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0x1a0, ['__unnamed_1c56']],
+    'TargetQueuePort' : [ 0x1a8, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x1b0, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x1b8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x1c0, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x1c4, ['unsigned long']],
+    'PendingQueueLength' : [ 0x1c8, ['unsigned long']],
+    'DirectQueueLength' : [ 0x1cc, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x1d0, ['unsigned long']],
+    'WaitQueueLength' : [ 0x1d4, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x28, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x48, ['unsigned long long']],
+    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x58, ['pointer64', ['void']]],
+    'ListSize' : [ 0x60, ['unsigned long long']],
+    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x70, ['unsigned long long']],
+    'Data' : [ 0x78, ['pointer64', ['void']]],
+    'DataSize' : [ 0x80, ['unsigned long long']],
+    'BitmapLimit' : [ 0x88, ['unsigned long']],
+    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
+    'AttributeFlags' : [ 0x94, ['unsigned long']],
+    'AttributeSize' : [ 0x98, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0xd8, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xc0, ['unsigned long']],
+    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x18, ['long']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1bee']],
+    'u2' : [ 0x4, ['__unnamed_1bf2']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1c7c' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c7e' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c7c']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x118, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'u1' : [ 0x28, ['__unnamed_1c7e']],
+    'SequenceNo' : [ 0x2c, ['long']],
+    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
+    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x48, ['long']],
+    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xb0, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xb8, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xc0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xc8, ['pointer64', ['_ETHREAD']]],
+    'WakeReference' : [ 0xd0, ['pointer64', ['void']]],
+    'WakeReference2' : [ 0xd8, ['pointer64', ['void']]],
+    'ExtensionBuffer' : [ 0xe0, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0xe8, ['unsigned long long']],
+    'PortMessage' : [ 0xf0, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x40, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x28, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'TotalLength' : [ 0x34, ['unsigned short']],
+    'Type' : [ 0x36, ['unsigned short']],
+    'DataInfoOffset' : [ 0x38, ['unsigned short']],
+    'SignalCompletion' : [ 0x3a, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x3b, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x30, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x48, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x38, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x40, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_1cc3' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1cc5' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1cc3']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_1cc5']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x8, {
+    'Event' : [ 0x0, ['unsigned long long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x38, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
+    'DiskIoAttributionHandle' : [ 0x10, ['unsigned long long']],
+    'ActivityId' : [ 0x18, ['_GUID']],
+    'Timestamp' : [ 0x28, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x28, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x28, ['pointer64', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x30, ['long long']],
+    'AdapterCryptoParameters' : [ 0x28, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x50, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x70, ['pointer64', ['void']]],
+    'CreateFileType' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x80, ['pointer64', ['void']]],
+    'Override' : [ 0x88, ['unsigned char']],
+    'QueryOnly' : [ 0x89, ['unsigned char']],
+    'DeleteOnly' : [ 0x8a, ['unsigned char']],
+    'FullAttributes' : [ 0x8b, ['unsigned char']],
+    'LocalFileObject' : [ 0x90, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x98, ['unsigned long']],
+    'AccessMode' : [ 0x9c, ['unsigned char']],
+    'DriverCreateContext' : [ 0xa0, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileDesiredStorageClassInformation', 68: 'FileStatInformation', 69: 'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0xcc, ['unsigned long']],
+    'FilterQuery' : [ 0xd0, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1d8c' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1d8c']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer64', ['wchar']]],
+    'LogFileName' : [ 0x40, ['pointer64', ['wchar']]],
+    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x110, ['unsigned long']],
+    'BuffersLost' : [ 0x114, ['unsigned long']],
+} ],
+  '_RTL_HASH_TABLE' : [ 0x10, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x10, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0x18, {
+    'Hash' : [ 0x0, ['pointer64', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x8, ['pointer64', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x10, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x18, {
+    'Table' : [ 0x0, ['pointer64', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x8, ['unsigned long']],
+    'EntryMax' : [ 0xc, ['unsigned long']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x8, {
+    'Key' : [ 0x0, ['unsigned long long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x10, {
+    'QueueTail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStatePendingCompression', 5: 'EtwBufferStateCompressed', 6: 'EtwBufferStatePlaceholder', 7: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x468, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'ErrorMarker' : [ 0x1c, ['unsigned long']],
+    'SizeMask' : [ 0x20, ['unsigned long']],
+    'GetCpuClock' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'FailureReason' : [ 0x3c, ['unsigned long']],
+    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x50, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x60, ['_LIST_ENTRY']],
+    'ProviderBinaryList' : [ 0x70, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x80, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x80, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x98, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0xa8, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xb8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xc8, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xcc, ['unsigned long']],
+    'FlushTimer' : [ 0xd0, ['unsigned long']],
+    'FlushThreshold' : [ 0xd4, ['unsigned long']],
+    'ByteOffset' : [ 0xd8, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xe0, ['unsigned long']],
+    'BuffersAvailable' : [ 0xe4, ['long']],
+    'NumberOfBuffers' : [ 0xe8, ['long']],
+    'MaximumBuffers' : [ 0xec, ['unsigned long']],
+    'EventsLost' : [ 0xf0, ['unsigned long']],
+    'PeakBuffersCount' : [ 0xf4, ['long']],
+    'BuffersWritten' : [ 0xf8, ['unsigned long']],
+    'LogBuffersLost' : [ 0xfc, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0x100, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0x104, ['unsigned long']],
+    'SequencePtr' : [ 0x108, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x110, ['unsigned long']],
+    'InstanceGuid' : [ 0x114, ['_GUID']],
+    'MaximumFileSize' : [ 0x124, ['unsigned long']],
+    'FileCounter' : [ 0x128, ['long']],
+    'PoolType' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x130, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0x140, ['long']],
+    'ProviderInfoSize' : [ 0x144, ['unsigned long']],
+    'Consumers' : [ 0x148, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x158, ['unsigned long']],
+    'TransitionConsumer' : [ 0x160, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x168, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x170, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x180, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x188, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x190, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x198, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x1a0, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1a8, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1b0, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1c8, ['_KEVENT']],
+    'FlushEvent' : [ 0x1e0, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x1f8, ['_KTIMER']],
+    'LoggerDpc' : [ 0x238, ['_KDPC']],
+    'LoggerMutex' : [ 0x278, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2b0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2b8, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2b8, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2c0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x308, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x310, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x318, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x320, ['pointer64', ['void']]],
+    'BufferSequenceNumber' : [ 0x328, ['long long']],
+    'Flags' : [ 0x330, ['unsigned long']],
+    'Persistent' : [ 0x330, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x330, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x330, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x330, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x330, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x330, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x330, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x330, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x330, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x330, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x330, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x330, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x330, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x330, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x330, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'SpareFlags1' : [ 0x330, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x330, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x330, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x330, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x334, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x334, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x334, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x334, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x334, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x334, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x334, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x334, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x334, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x334, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x334, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x334, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x334, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x334, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x338, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x348, ['pointer64', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x350, ['pointer64', ['_ETW_PMC_SUPPORT']]],
+    'WinRtProviderBinaryList' : [ 0x358, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x368, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x370, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x380, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x388, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x398, ['pointer64', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x3a0, ['Enumeration', dict(target = 'long', choices = {0: 'EtwpPeriodicTimerUnset', 1: 'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x3a8, ['pointer64', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x3b0, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x3b8, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x3d8, ['long']],
+    'CompressionLock' : [ 0x3e0, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x3e8, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x3f0, ['pointer64', ['void']]],
+    'CompressionOn' : [ 0x3f8, ['long']],
+    'CompressionRatioGuess' : [ 0x3fc, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x400, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x404, ['Enumeration', dict(target = 'long', choices = {0: 'EtwCompressionModeRestart', 1: 'EtwCompressionModeNoDisable', 2: 'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x408, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x410, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x450, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x458, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x460, ['_LARGE_INTEGER']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x38, {
+    'Source' : [ 0x0, ['array', -32, ['Enumeration', dict(target = 'long', choices = {0: 'ProfileTime', 1: 'ProfileAlignmentFixup', 2: 'ProfileTotalIssues', 3: 'ProfilePipelineDry', 4: 'ProfileLoadInstructions', 5: 'ProfilePipelineFrozen', 6: 'ProfileBranchInstructions', 7: 'ProfileTotalNonissues', 8: 'ProfileDcacheMisses', 9: 'ProfileIcacheMisses', 10: 'ProfileCacheMisses', 11: 'ProfileBranchMispredictions', 12: 'ProfileStoreInstructions', 13: 'ProfileFpInstructions', 14: 'ProfileIntegerInstructions', 15: 'Profile2Issue', 16: 'Profile3Issue', 17: 'Profile4Issue', 18: 'ProfileSpecialInstructions', 19: 'ProfileTotalCycles', 20: 'ProfileIcacheIssues', 21: 'ProfileDcacheAccesses', 22: 'ProfileMemoryBarrierCycles', 23: 'ProfileLoadLinkedIssues', 24: 'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x20, ['unsigned long']],
+    'HookId' : [ 0x24, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x2c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x30, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0x13f8, {
+    'SiloGlobals' : [ 0x0, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'EtwpSecurityProviderGuidEntry' : [ 0x8, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x198, ['array', 64, ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'WmipLoggerContext' : [ 0x398, ['array', 64, ['pointer64', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x598, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0x1398, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0x13a8, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0x13ac, ['long']],
+    'EtwpSecurityProviderPID' : [ 0x13b0, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0x13b8, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0x13d8, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0x13e8, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0x13f0, ['pointer64', ['_ETW_SILO_TRACING_BLOCK']]],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x18, {
+    'RunRefs' : [ 0x0, ['pointer64', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x8, ['pointer64', ['void']]],
+    'RunRefSize' : [ 0x10, ['unsigned long']],
+    'Number' : [ 0x14, ['unsigned long']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x30, {
+    'SystemLogonSession' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x10, ['pointer64', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0x18, ['pointer64', ['void']]],
+    'UncSystemPaths' : [ 0x20, ['pointer64', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x28, ['pointer64', ['_CI_NGEN_PATHS']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x498, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc8, ['unsigned long']],
+    'TokenInUse' : [ 0xcc, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
+    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
+    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x310, ['pointer64', ['void']]],
+    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x320, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
+    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
+    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x470, ['pointer64', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x478, ['pointer64', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x480, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x488, ['pointer64', ['void']]],
+    'VariablePart' : [ 0x490, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0xc0, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x30, ['pointer64', ['void']]],
+    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x58, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x80, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0xa0, ['pointer64', ['_EJOB']]],
+    'SiblingAuthId' : [ 0xa8, ['_LUID']],
+    'TokenList' : [ 0xb0, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved2' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved1' : [ 0x1a, ['unsigned short']],
+    'Reserved2' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
+    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x10, {
+    'Footer' : [ 0x0, ['pointer64', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x30, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x20, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x10, {
+    'Context1' : [ 0x0, ['pointer64', ['void']]],
+    'Context2' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x10, ['pointer64', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0x18, ['unsigned char']],
+    'Padding1' : [ 0x19, ['array', 3, ['unsigned char']]],
+    'Padding2' : [ 0x1c, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0x18, ['unsigned long']],
+    'HashIndex' : [ 0x1c, ['unsigned short']],
+    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
+    'LockedExclusive' : [ 0x1f, ['unsigned char']],
+    'LockStateSignature' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x158, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x138, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0x140, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x148, ['pointer64', ['void']]],
+    'Flags' : [ 0x150, ['unsigned long']],
+    'SessionId' : [ 0x154, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x2e0, {
+    'SystemDeviceMap' : [ 0x0, ['pointer64', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x8, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x80, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0x18, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x428, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x10, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
+    'ErrorCount' : [ 0x18, ['long']],
+    'RecordCount' : [ 0x1c, ['unsigned long']],
+    'RecordLength' : [ 0x20, ['unsigned long']],
+    'PoolTag' : [ 0x24, ['unsigned long']],
+    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x38, ['pointer64', ['void']]],
+    'SectionCount' : [ 0x40, ['unsigned long']],
+    'SectionLength' : [ 0x44, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
+    'TotalErrors' : [ 0x54, ['unsigned long']],
+    'Deferred' : [ 0x58, ['unsigned char']],
+    'Descriptor' : [ 0x59, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x10, ['unsigned long']],
+    'ProcessorNumber' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x1c, ['long']],
+    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x20, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x18, ['long']],
+    'HighWaterMark' : [ 0x1c, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x28, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_1f67' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x4000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_1f67']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
+    'NonPagablePages' : [ 0x28, ['unsigned long long']],
+    'CommittedPages' : [ 0x30, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x58, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x68, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x70, ['unsigned long']],
+    'AttachCount' : [ 0x74, ['unsigned long']],
+    'AttachGate' : [ 0x78, ['_KGATE']],
+    'WsListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'PagedPoolInfo' : [ 0xa0, ['_MM_PAGED_POOL_INFO']],
+    'Lookaside' : [ 0x100, ['array', 21, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xb80, ['_MMSESSION']],
+    'Vm' : [ 0xbc0, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0xd00, ['_MMWSL_INSTANCE']],
+    'AggregateSessionWs' : [ 0xd40, ['_MMSUPPORT_AGGREGATION']],
+    'PagedPool' : [ 0xd80, ['_POOL_DESCRIPTOR']],
+    'DriverUnload' : [ 0x1ec0, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PageDirectory' : [ 0x1ec8, ['_MMPTE']],
+    'SessionVaLock' : [ 0x1ed0, ['_EX_PUSH_LOCK']],
+    'DynamicVaBitMap' : [ 0x1ed8, ['_RTL_BITMAP_EX']],
+    'DynamicVaHint' : [ 0x1ee8, ['unsigned long long']],
+    'SpecialPool' : [ 0x1ef0, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1f30, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x1f38, ['long']],
+    'PagedPoolPdeCount' : [ 0x1f3c, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1f40, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1f44, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1f48, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1fb0, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1fb8, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x1fc0, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1fc8, ['unsigned long long']],
+    'IoState' : [ 0x1fd0, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1fd4, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1fd8, ['_KEVENT']],
+    'ServerSilo' : [ 0x1ff0, ['pointer64', ['_EJOB']]],
+    'CreateTime' : [ 0x1ff8, ['unsigned long long']],
+    'PoolTags' : [ 0x2000, ['array', 8192, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x260, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x250, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x258, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'ParseProcedureEx' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x60, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0x18, ['unsigned long']],
+    'EntryOffset' : [ 0x18, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0x19, ['unsigned char']],
+    'WaitingBit' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0x1a, ['unsigned char']],
+    'AcquiredBit' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0x1b, ['unsigned char']],
+    'HeadNodeBit' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'SpareFlags' : [ 0x1c, ['unsigned long']],
+    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
+    'InTreeByte' : [ 0x27, ['unsigned char']],
+    'SessionState' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+    'SessionPad' : [ 0x2c, ['unsigned long']],
+    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
+    'EntryLock' : [ 0x50, ['unsigned long long']],
+    'BoostBitmap' : [ 0x58, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+    'SparePad' : [ 0x5c, ['unsigned long']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RfgControlStack' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x78, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x50, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
+    'LastPolledSize' : [ 0x70, ['unsigned long long']],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
+    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_1fcc' : [ 0x20, {
+    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
+    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
+    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_1fcf' : [ 0x10, {
+    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0xf8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x30, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x78, ['_KDPC']],
+    'MinorFunction' : [ 0xb8, ['unsigned char']],
+    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'PowerState' : [ 0xc0, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
+    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0xd0, ['unsigned char']],
+    'NotifyPEP' : [ 0xd1, ['unsigned char']],
+    'Device' : [ 0xd8, ['__unnamed_1fcc']],
+    'System' : [ 0xd8, ['__unnamed_1fcf']],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x28, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['unsigned long']],
+    'NonPagedFrees' : [ 0x8, ['unsigned long']],
+    'NonPagedBytes' : [ 0x10, ['unsigned long long']],
+    'PagedAllocs' : [ 0x18, ['unsigned long']],
+    'PagedFrees' : [ 0x1c, ['unsigned long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x428, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0xf0, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x198, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x1a0, ['pointer64', ['void']]],
+    'IdleExecute' : [ 0x1a8, ['pointer64', ['void']]],
+    'IdlePreselect' : [ 0x1b0, ['pointer64', ['void']]],
+    'IdleTest' : [ 0x1b8, ['pointer64', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x1c0, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x1c8, ['pointer64', ['void']]],
+    'IdleCancel' : [ 0x1d0, ['pointer64', ['void']]],
+    'IdleIsHalted' : [ 0x1d8, ['pointer64', ['void']]],
+    'IdleInitiateWake' : [ 0x1e0, ['pointer64', ['void']]],
+    'PrepareInfo' : [ 0x1e8, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0x240, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0x2e8, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0x2f0, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0x2f8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0x308, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0x318, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x330, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x38, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_201e' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: 'WheaErrSrcStateStopped', 2: 'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_201e']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x120, {
+    'ProcessCid' : [ 0x0, ['pointer64', ['void']]],
+    'ThreadCid' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x20, ['unsigned long']],
+    'CreateTrace' : [ 0x28, ['array', 30, ['unsigned long long']]],
+    'Count' : [ 0x118, ['long']],
+    'CaptureCount' : [ 0x11c, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x240, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x48, ['pointer64', ['_KDPC']]],
+    'ChildList' : [ 0x50, ['_LIST_ENTRY']],
+    'Parent' : [ 0x60, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x20, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x8, ['unsigned long long']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+    'Valid' : [ 0x18, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x48, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'EntryDescriptor' : [ 0x20, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x38, ['unsigned long']],
+    'Handles' : [ 0x40, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x18, {
+    'IdealMask' : [ 0x0, ['unsigned long long']],
+    'PreferredMask' : [ 0x8, ['unsigned long long']],
+    'AvailableMask' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMSESSION' : [ 0x20, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x8, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x10, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x18, ['unsigned long']],
+    'BitmapFailures' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x20, {
+    'CompletionRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'RequestorMode' : [ 0x18, ['unsigned char']],
+    'NestingLevel' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
+    'DirtyPages' : [ 0x0, ['unsigned long long']],
+    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
+    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_DEVICE_MAP' : [ 0x48, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x40, ['pointer64', ['_EJOB']]],
+} ],
+  '_RTL_BITMAP_EX' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned long long')]],
+    'ExecutePrivilege' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x8, ['pointer64', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x10, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x18, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'ReservedForHardware' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'ReservedForSoftware' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'WsleProtection' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x28, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer64', ['void']]],
+    'OverQuotaHistory' : [ 0x8, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x20, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_PROVIDER_BINARY_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x10, ['unsigned char']],
+    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0x14, ['unsigned long']],
+    'DebugId' : [ 0x18, ['_CVDD']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x2b0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x88, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x10, ['unsigned long long']],
+    'ItemCount' : [ 0x18, ['long']],
+    'Dpc' : [ 0x20, ['_KDPC']],
+    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x8, {
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXHANDLE' : [ 0x8, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_FAST_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['wchar']]],
+    'DriverName' : [ 0x50, ['pointer64', ['wchar']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x270, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x48, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'SecureInfo' : [ 0x8, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'InPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x8, ['_MI_LARGEPAGE_IMAGE_INFO']],
+    'CreatingThread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'PebTebRfg' : [ 0x8, ['_MI_SUB64K_FREE_RANGES']],
+    'RfgProtectedStack' : [ 0x8, ['_MI_RFG_PROTECTED_STACK']],
+    'WaitReason' : [ 0x40, ['unsigned long']],
+} ],
+  '__unnamed_210f' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_2112' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2114' : [ 0x4, {
+    'AlignmentNoAccessPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0x18, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0x18, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0x18, ['pointer64', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x20, ['__unnamed_210f']],
+    'StartingSector' : [ 0x24, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x28, ['unsigned long']],
+    'PtesInSubsection' : [ 0x2c, ['unsigned long']],
+    'u1' : [ 0x30, ['__unnamed_2112']],
+    'UnusedPtes' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x34, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u2' : [ 0x34, ['__unnamed_2114']],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['unsigned long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
+    'NodeTargetCount' : [ 0x38, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x68, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'Reserved2' : [ 0x18, ['unsigned long']],
+    'Reserved3' : [ 0x20, ['array', 4, ['pointer64', ['void']]]],
+    'Reserved4' : [ 0x40, ['array', 4, ['unsigned long']]],
+    'Reserved5' : [ 0x50, ['pointer64', ['void']]],
+    'Reserved6' : [ 0x58, ['array', 2, ['pointer64', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x10, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x50, {
+    'LsaProcessHandle' : [ 0x0, ['pointer64', ['void']]],
+    'LsaCommandPortHandle' : [ 0x8, ['pointer64', ['void']]],
+    'SepRmThreadHandle' : [ 0x10, ['pointer64', ['void']]],
+    'RmCommandPortHandle' : [ 0x18, ['pointer64', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x20, ['pointer64', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x28, ['pointer64', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x30, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x38, ['pointer64', ['void']]],
+    'RmViewPortMemory' : [ 0x40, ['pointer64', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x48, ['long']],
+    'LsaCommandPortActive' : [ 0x4c, ['unsigned char']],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x30, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x10, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0x18, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x38, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'FirstPteForPagedPool' : [ 0x18, ['pointer64', ['_MMPTE']]],
+    'MaximumSize' : [ 0x20, ['unsigned long long']],
+    'PagedPoolHint' : [ 0x28, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x30, ['unsigned long long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0xf8, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xa8, ['_UNICODE_STRING']],
+    'Latency' : [ 0xb8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xbc, ['unsigned long']],
+    'Power' : [ 0xc0, ['unsigned long']],
+    'StateFlags' : [ 0xc4, ['unsigned long']],
+    'VetoAccounting' : [ 0xc8, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0xf0, ['unsigned char']],
+    'InterruptsEnabled' : [ 0xf1, ['unsigned char']],
+    'Interruptible' : [ 0xf2, ['unsigned char']],
+    'ContextRetained' : [ 0xf3, ['unsigned char']],
+    'CacheCoherent' : [ 0xf4, ['unsigned char']],
+    'WakesSpuriously' : [ 0xf5, ['unsigned char']],
+    'PlatformOnly' : [ 0xf6, ['unsigned char']],
+    'NoCState' : [ 0xf7, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x8, ['unsigned long long']],
+    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_214b' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_214d' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_214b']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x120, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_214d']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'PoolPageHeaders' : [ 0x30, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x40, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x50, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x54, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x5c, ['unsigned long']],
+    'PagedBytes' : [ 0x60, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x70, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x80, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x84, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x88, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x8c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x90, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x94, ['unsigned long']],
+    'LockedBytes' : [ 0x98, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xa0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xc0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xd0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xe8, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0xf8, ['unsigned long']],
+    'ExecutePageProtections' : [ 0xfc, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x100, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x104, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x108, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0x10c, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x110, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Luid' : [ 0x20, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x28, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x18, {
+    'DynamicRelocations' : [ 0x0, ['pointer64', ['void']]],
+    'SecurityContext' : [ 0x8, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderZero', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderVsmMemory', 30: 'LoaderFirmwareCode', 31: 'LoaderFirmwareData', 32: 'LoaderFirmwareReserved', 33: 'LoaderEnclaveMemory', 34: 'LoaderFirmwareKsr', 35: 'LoaderEnclaveKsr', 36: 'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x38, {
+    'ScopeMap' : [ 0x0, ['pointer64', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x8, ['pointer64', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x10, ['pointer64', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x18, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x20, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x28, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x30, ['long long']],
+} ],
+  '_DELAY_ACK_FO' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x20, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
+    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
+    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
+    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
+    'AvailableHistory' : [ 0x30, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x90, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'Count' : [ 0x28, ['unsigned long long']],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'StackTrace' : [ 0x40, ['array', 8, ['pointer64', ['void']]]],
+    'Who' : [ 0x80, ['unsigned long']],
+    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_MMSECTION_FLAGS2' : [ 0x4, {
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'NoCrossPartitionAccess' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SubsectionCrossPartitionReferenceOverflow' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KSECURE_FAULT_INFORMATION' : [ 0x10, {
+    'FaultCode' : [ 0x0, ['unsigned long long']],
+    'FaultVa' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '__unnamed_21a3' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_21a5' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_21a3']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_21a5']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x18, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long long']],
+    'NumberOfProcessReferences' : [ 0x8, ['unsigned long long']],
+    'ClonePtes' : [ 0x10, ['pointer64', ['_MMCLONE_BLOCK']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x1b40, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x100, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x340, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x3f8, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x480, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x4b0, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x5c0, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x940, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0xae0, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0xaf0, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0xb50, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0xbc8, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0xc80, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0xd00, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0xe20, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0xec0, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x1040, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x10b0, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x1100, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x11c0, ['_MI_SYSTEM_TRIM_STATE']],
+    'Cookie' : [ 0x1200, ['unsigned long long']],
+    'BootRegistryRuns' : [ 0x1208, ['pointer64', ['pointer64', ['void']]]],
+    'ZeroingDisabled' : [ 0x1210, ['long']],
+    'FullyInitialized' : [ 0x1214, ['unsigned char']],
+    'SafeBooted' : [ 0x1215, ['unsigned char']],
+    'TraceLogging' : [ 0x1218, ['pointer64', ['_TlgProvider_t']]],
+    'Vs' : [ 0x1240, ['_MI_VISIBLE_STATE']],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x400, {
+    'ProcessorBuffers' : [ 0x0, ['array', 64, ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x200, ['array', 64, ['unsigned long long']]],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x30, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x18, ['_KEVENT']],
+} ],
+  '__unnamed_21d3' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_21d5' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_21d3']],
+} ],
+  '__unnamed_21d7' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_21d5']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_21d7']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_21df' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_21df']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MI_LARGEPAGE_IMAGE_INFO' : [ 0x10, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_21ec' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x28, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
+    'NodeCount' : [ 0x8, ['unsigned long long']],
+    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x18, ['unsigned long']],
+    'UseSessionId' : [ 0x1c, ['unsigned char']],
+    'u1' : [ 0x20, ['__unnamed_21ec']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x110, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0xc8, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x30, {
+    'SystemDllBase' : [ 0x0, ['pointer64', ['void']]],
+    'ColorSeed' : [ 0x8, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0xc, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x28, ['pointer64', ['_MMPTE']]],
+} ],
+  '_MMSUPPORT_AGGREGATION' : [ 0x20, {
+    'PageFaultCount' : [ 0x0, ['unsigned long']],
+    'WorkingSetSize' : [ 0x8, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x10, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x78, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
+    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
+    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x190, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long long']],
+    'Guid' : [ 0x18, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['pointer64', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x178, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x180, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x188, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x150, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['wchar']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['wchar']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x120, ['unsigned char']],
+    'TransactionEvent' : [ 0x128, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x130, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x138, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x140, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x148, ['pointer64', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0xb8, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x10, ['_KMUTANT']],
+    'FixupLock' : [ 0x48, ['long']],
+    'FirstLoadEver' : [ 0x4c, ['unsigned char']],
+    'LargePageAll' : [ 0x4d, ['unsigned char']],
+    'LastPage' : [ 0x50, ['unsigned long long']],
+    'LargePageList' : [ 0x58, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x68, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x78, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x88, ['array', 2, ['pointer64', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x98, ['unsigned long long']],
+    'PageCounts' : [ 0xa0, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SlatKernelCodeProtected' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x68, ['unsigned char']],
+    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'QueryRemoveDevice', 1: 'CancelRemoveDevice', 2: 'RemoveDevice', 3: 'SurpriseRemoveDevice', 4: 'EjectDevice', 5: 'RemoveFailedDevice', 6: 'RemoveUnstartedFailedDevice', 7: 'MaxDeviceDeleteType'})]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x10, ['unsigned long']],
+    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x2d0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Node' : [ 0x2b0, ['pointer64', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x2b8, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x2bc, ['unsigned long']],
+    'ThreadCount' : [ 0x2c0, ['long']],
+    'MinThreads' : [ 0x2c4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x2c4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x2c8, ['long']],
+    'QueueIndex' : [ 0x2cc, ['Enumeration', dict(target = 'long', choices = {0: 'ExPoolUntrusted', 1: 'IoPoolUntrusted', 2: 'ExPoolTrusted', 8: 'ExPoolMax'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x8, {
+    'Head' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x100, {
+    'DriverInit' : [ 0x0, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x8, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x10, ['pointer64', ['void']]],
+    'AddDevice' : [ 0x18, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x20, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x60, {
+    'PartitionLock' : [ 0x0, ['unsigned long long']],
+    'PartitionIdLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x10, ['unsigned long long']],
+    'PartitionList' : [ 0x18, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x30, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x40, ['array', 1, ['pointer64', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x48, ['pointer64', ['pointer64', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x50, ['unsigned long long']],
+    'CrossPartitionDenials' : [ 0x58, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x5c, ['unsigned char']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x368, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+    'State' : [ 0x40, ['unsigned char']],
+    'Flags' : [ 0x41, ['unsigned char']],
+    'Removing' : [ 0x42, ['unsigned char']],
+    'Mode' : [ 0x43, ['unsigned char']],
+    'PendingMode' : [ 0x44, ['unsigned char']],
+    'ActivePoint' : [ 0x45, ['unsigned char']],
+    'PendingActivePoint' : [ 0x46, ['unsigned char']],
+    'Critical' : [ 0x47, ['unsigned char']],
+    'ThermalStandby' : [ 0x48, ['unsigned char']],
+    'OverThrottled' : [ 0x49, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x4c, ['long']],
+    'Throttle' : [ 0x50, ['long']],
+    'PendingThrottle' : [ 0x54, ['long']],
+    'ThrottleReasons' : [ 0x58, ['unsigned long']],
+    'LastPassiveTime' : [ 0x60, ['unsigned long long']],
+    'SampleRate' : [ 0x68, ['unsigned long']],
+    'LastTemp' : [ 0x6c, ['unsigned long']],
+    'Info' : [ 0x70, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xcc, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xe4, ['unsigned char']],
+    'PollingRate' : [ 0xe8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xf0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xf8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x100, ['unsigned long long']],
+    'WorkItem' : [ 0x108, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0x128, ['_KTIMER2']],
+    'Lock' : [ 0x1b0, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x1c0, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x1d8, ['_KEVENT']],
+    'InstanceId' : [ 0x1f0, ['unsigned long']],
+    'TelemetryTracker' : [ 0x1f8, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x358, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x8, ['long long']],
+    'SidCount' : [ 0x10, ['unsigned long']],
+    'SidValuesStart' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
+    'Function' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_22ea' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_22ec' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_22ea']],
+    'Private' : [ 0x0, ['__unnamed_22ec']],
+} ],
+  '_CM_TRANS_PTR' : [ 0x8, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'TransPtr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x38, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x10, ['unsigned long long']],
+    'VolumeKey' : [ 0x18, ['unsigned long long']],
+    'Rundown' : [ 0x20, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x28, ['pointer64', ['void']]],
+    'VolumeIoAttribution' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x8, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x8, ['unsigned long long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x48, ['unsigned long long']],
+    'BigPagesAllocated' : [ 0x50, ['unsigned long long']],
+    'BytesAllocated' : [ 0x58, ['unsigned long long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x88, ['unsigned long long']],
+    'BigPagesDeallocated' : [ 0x90, ['unsigned long long']],
+    'BytesDeallocated' : [ 0x98, ['unsigned long long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+    'PoolTypeCopy' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'ThreadsProcessingDeferrals' : [ 0x108, ['long']],
+    'PendingFreeDepth' : [ 0x10c, ['long']],
+    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2363' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2365' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_2363']],
+    'Button' : [ 0x10, ['__unnamed_2365']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
+    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x88, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x18, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x58, ['long long']],
+    'Callback' : [ 0x60, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x68, ['pointer64', ['void']]],
+    'DisableCallback' : [ 0x70, ['pointer64', ['void']]],
+    'DisableContext' : [ 0x78, ['pointer64', ['void']]],
+    'AbsoluteSystemTime' : [ 0x80, ['unsigned char']],
+    'TypeFlags' : [ 0x81, ['unsigned char']],
+    'Unused' : [ 0x81, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x81, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x81, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x81, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x81, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x82, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x88, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'DetachTimeStamp' : [ 0x20, ['unsigned long']],
+    'CodePageEdited' : [ 0x24, ['unsigned char']],
+    'DynamicPoolBitBuffer' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'DynamicVaBitBuffer' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'DynamicVaBitBufferPages' : [ 0x38, ['unsigned long long']],
+    'DynamicVaStart' : [ 0x40, ['pointer64', ['void']]],
+    'ImageVaStart' : [ 0x48, ['pointer64', ['void']]],
+    'DynamicPtesBitBuffer' : [ 0x50, ['pointer64', ['unsigned long']]],
+    'IdLock' : [ 0x58, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x60, ['pointer64', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x70, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x78, ['pointer64', ['void']]],
+    'SessionCore' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x10, ['pointer64', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'AccessMask' : [ 0x20, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x240, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'UnusedSubsectionPagedPool' : [ 0x18, ['unsigned long long']],
+    'UnusedSegmentForceFree' : [ 0x20, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x24, ['unsigned long']],
+    'HighSectionBase' : [ 0x28, ['pointer64', ['void']]],
+    'PhysicalSubsection' : [ 0x30, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0xa0, ['_CONTROL_AREA']],
+    'DanglingExtentsPages' : [ 0x120, ['pointer64', ['_MMPFN']]],
+    'DanglingExtentsLock' : [ 0x128, ['long']],
+    'DanglingExtentsWorkItem' : [ 0x130, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsWorkerActive' : [ 0x150, ['unsigned char']],
+    'PageFileSectionHead' : [ 0x158, ['_RTL_AVL_TREE']],
+    'PageFileSectionListSpinLock' : [ 0x160, ['long']],
+    'ImageBias' : [ 0x164, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0x168, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0x170, ['_RTL_BITMAP']],
+    'ImageBias64Low' : [ 0x180, ['unsigned long']],
+    'ImageBias64High' : [ 0x184, ['unsigned long']],
+    'ImageBitMap64Low' : [ 0x188, ['_RTL_BITMAP']],
+    'ImageBitMap64High' : [ 0x198, ['_RTL_BITMAP']],
+    'ImageBitMapWow64Dll' : [ 0x1a8, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0x1b8, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x1c0, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0x1c8, ['unsigned long long']],
+    'LostDataFiles' : [ 0x1d0, ['unsigned long']],
+    'LostDataPages' : [ 0x1d4, ['unsigned long']],
+    'ImageFailureReason' : [ 0x1d8, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x1e0, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x1e8, ['pointer64', ['_CONTROL_AREA']]],
+    'CfgBitMapSection64' : [ 0x1f0, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea64' : [ 0x1f8, ['pointer64', ['_CONTROL_AREA']]],
+    'KernelCfgBitMap' : [ 0x200, ['_RTL_BITMAP_EX']],
+    'KernelCfgBitMapLock' : [ 0x210, ['_EX_PUSH_LOCK']],
+    'ImageCfgFailure' : [ 0x218, ['unsigned long']],
+    'ImageChecksumBreakpoint' : [ 0x21c, ['unsigned long']],
+    'ImageSizeBreakpoint' : [ 0x220, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x224, ['long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x28, ['unsigned char']],
+    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x50, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkFilter' : [ 0x28, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'EventIdFilter' : [ 0x30, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x38, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x40, ['pointer64', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x48, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 24, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xb0, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0xa4, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xa8, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x7a0, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'SharedData' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pUnused' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['pointer64', ['void']]]],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_23e0' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_23e5' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_23e0']],
+    'Bits' : [ 0x4, ['__unnamed_23e5']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'DataLow' : [ 0x0, ['long long']],
+    'DataHigh' : [ 0x8, ['long long']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x38, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Vad' : [ 0x20, ['pointer64', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x28, ['unsigned long']],
+    'FullSetBits' : [ 0x2c, ['unsigned long']],
+    'SubListIndex' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_23fb' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_23fe' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x1b0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Event' : [ 0x20, ['_KEVENT']],
+    'CollidedEvent' : [ 0x38, ['_KEVENT']],
+    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
+    'ApcState' : [ 0x68, ['_KAPC_STATE']],
+    'Thread' : [ 0x98, ['pointer64', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0xa0, ['pointer64', ['_MMPFN']]],
+    'PteContents' : [ 0xa8, ['_MMPTE']],
+    'WaitCount' : [ 0xb0, ['long']],
+    'ByteCount' : [ 0xb4, ['unsigned long']],
+    'u3' : [ 0xb8, ['__unnamed_23fb']],
+    'u1' : [ 0xbc, ['__unnamed_23fe']],
+    'FilePointer' : [ 0xc0, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xc8, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0xc8, ['pointer64', ['_SUBSECTION']]],
+    'Autoboost' : [ 0xd0, ['pointer64', ['void']]],
+    'FaultingAddress' : [ 0xd8, ['pointer64', ['void']]],
+    'PointerPte' : [ 0xe0, ['pointer64', ['_MMPTE']]],
+    'BasePte' : [ 0xe8, ['pointer64', ['_MMPTE']]],
+    'Pfn' : [ 0xf0, ['pointer64', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0xf8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0x100, ['_MDL']],
+    'Page' : [ 0x130, ['array', 16, ['unsigned long long']]],
+    'FlowThrough' : [ 0x130, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x20, {
+    'BaseKcb' : [ 0x0, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x8, ['long']],
+    'ClonedKcbListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1', 19: 'NotifyTransportRelationsChange', 20: 'NotifyEjectionRelationsChange', 21: 'ConfigureDevice', 22: 'ConfigureDeviceClass', 23: 'ConfigureDeviceExtensions', 24: 'ConfigureDeviceReset'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+    'ActivityId' : [ 0x38, ['_GUID']],
+    'RefCount' : [ 0x48, ['long']],
+    'Dequeued' : [ 0x4c, ['unsigned char']],
+    'CancelLock' : [ 0x50, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x58, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0x180, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x38, ['unsigned char']],
+    'Platform' : [ 0x39, ['unsigned char']],
+    'DependencyListCount' : [ 0x3c, ['unsigned long']],
+    'Processors' : [ 0x40, ['_KAFFINITY_EX']],
+    'Name' : [ 0xe8, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0xf8, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x100, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x108, ['unsigned long long']],
+    'RefCount' : [ 0x140, ['long']],
+    'CacheAlign0' : [ 0x140, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'LowboxNumber' : [ 0x28, ['unsigned long']],
+    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x8, ['pointer64', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_MI_PARTITION' : [ 0x27c0, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0x1c8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x4a0, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x540, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x780, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0x1340, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0x13c0, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0x1420, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x15a8, ['pointer64', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x15b0, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0x15c0, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x58, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x38, ['pointer64', ['_ETHREAD']]],
+    'Type' : [ 0x40, ['unsigned long']],
+    'ActivityId' : [ 0x44, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x28, {
+    'NextPteToTrim' : [ 0x0, ['pointer64', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0x18, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x1c, ['unsigned long']],
+    'LockedEntries' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_CMHIVE' : [ 0x17a8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0xa68, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0xa98, ['_LIST_ENTRY']],
+    'HiveList' : [ 0xaa8, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0xab8, ['_LIST_ENTRY']],
+    'FailedUnloadList' : [ 0xac8, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0xad8, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0xae0, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0xaf0, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0xaf8, ['unsigned long']],
+    'DeletedKcbTable' : [ 0xb00, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0xb08, ['unsigned long']],
+    'Identity' : [ 0xb0c, ['unsigned long']],
+    'HiveLock' : [ 0xb10, ['pointer64', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0xb18, ['pointer64', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0xb20, ['pointer64', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0xb28, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0xb38, ['unsigned long']],
+    'FlushLogEntry' : [ 0xb40, ['pointer64', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0xb48, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0xb4c, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0xb50, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0xb58, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0xb68, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0xb70, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0xb78, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0xb80, ['pointer64', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0xb88, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0xb90, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0xb94, ['unsigned long']],
+    'ActualFileSize' : [ 0xb98, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0xba0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0xbb0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0xbc0, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0xbd0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0xbe0, ['unsigned long']],
+    'SecurityCacheSize' : [ 0xbe4, ['unsigned long']],
+    'SecurityHitHint' : [ 0xbe8, ['long']],
+    'SecurityCache' : [ 0xbf0, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0xbf8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xff8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x1000, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0x1008, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x1010, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x1018, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x1020, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0x1048, ['unsigned char']],
+    'GrowOffset' : [ 0x104c, ['unsigned long']],
+    'KcbConvertListHead' : [ 0x1050, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0x1060, ['pointer64', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0x1068, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x14f0, ['unsigned long']],
+    'TrustClassEntry' : [ 0x14f8, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x1508, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x1510, ['unsigned long long']],
+    'CmRm' : [ 0x1518, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x1520, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x1524, ['long']],
+    'CreatorOwner' : [ 0x1528, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0x1530, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x1538, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x1540, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x1558, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x1570, ['unsigned long']],
+    'FlushActive' : [ 0x1570, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0x1570, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0x1570, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x1570, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x1574, ['unsigned long']],
+    'ReferenceCount' : [ 0x1578, ['long']],
+    'UnloadHistoryIndex' : [ 0x157c, ['long']],
+    'UnloadHistory' : [ 0x1580, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0x1780, ['unsigned long']],
+    'UnaccessedStart' : [ 0x1784, ['unsigned long']],
+    'UnaccessedEnd' : [ 0x1788, ['unsigned long']],
+    'LoadedKeyCount' : [ 0x178c, ['unsigned long']],
+    'HandleClosePending' : [ 0x1790, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0x1798, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0x17a0, ['unsigned char']],
+    'FailedUnload' : [ 0x17a1, ['unsigned char']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5c0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xf0, ['_CONTEXT']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x28, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPending' : [ 0x2a, ['unsigned char']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer64', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0xbc0, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer64', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x280, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x500, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x780, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x7c0, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x7e8, ['array', 2, ['pointer64', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x7f8, ['array', 8, ['pointer64', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x838, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x880, ['unsigned long long']],
+    'TransitionSharedPagesPeak' : [ 0x888, ['array', 3, ['unsigned long long']]],
+    'MappedPageListHeadEvent' : [ 0x8a0, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0xa20, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0xa40, ['unsigned long']],
+    'StandbyListDiscard' : [ 0xa44, ['unsigned char']],
+    'FreeListDiscard' : [ 0xa45, ['unsigned char']],
+    'LargePfnBitMapsReady' : [ 0xa46, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0xa48, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0xa50, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0xac0, ['unsigned long long']],
+    'AvailablePageWaitStates' : [ 0xac8, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0xb28, ['pointer64', ['void']]],
+    'TransitionPrivatePages' : [ 0xb40, ['unsigned long long']],
+    'LargePfnBitMap' : [ 0xb48, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'LowMemoryThreshold' : [ 0xb68, ['unsigned long long']],
+    'HighMemoryThreshold' : [ 0xb70, ['unsigned long long']],
+    'LargePfnBitMapLock' : [ 0xb80, ['unsigned long long']],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '__unnamed_24b4' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_24b6' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_24b8' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_24b4']],
+    'Interrupt' : [ 0x0, ['__unnamed_24b6']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_24b6']],
+    'Sci' : [ 0x0, ['__unnamed_24b6']],
+    'Nmi' : [ 0x0, ['__unnamed_24b6']],
+    'Sea' : [ 0x0, ['__unnamed_24b6']],
+    'Sei' : [ 0x0, ['__unnamed_24b6']],
+    'Gsiv' : [ 0x0, ['__unnamed_24b6']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_24b8']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
+    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x2b0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x298, ['unsigned long']],
+    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_KSCB' : [ 0x1a8, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x70, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x70, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x70, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x70, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x70, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x70, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x70, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x71, ['unsigned char']],
+    'ReadySummary' : [ 0x72, ['unsigned short']],
+    'Rank' : [ 0x74, ['unsigned long']],
+    'ShareRank' : [ 0x78, ['pointer64', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x80, ['unsigned long']],
+    'ReadyListHead' : [ 0x88, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0x188, ['_RTL_RB_TREE']],
+    'Parent' : [ 0x198, ['pointer64', ['_KSCB']]],
+    'Root' : [ 0x1a0, ['pointer64', ['_KSCB']]],
+} ],
+  '__unnamed_24d6' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x10, ['pointer64', ['void']]],
+    'ExceptionTableSize' : [ 0x18, ['unsigned long']],
+    'GpValue' : [ 0x20, ['pointer64', ['void']]],
+    'NonPagedDebugInfo' : [ 0x28, ['pointer64', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'u1' : [ 0x6e, ['__unnamed_24d6']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x7c, ['unsigned long']],
+    'CoverageSection' : [ 0x80, ['pointer64', ['void']]],
+    'LoadedImports' : [ 0x88, ['pointer64', ['void']]],
+    'Spare' : [ 0x90, ['pointer64', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x98, ['unsigned long']],
+    'TimeDateStamp' : [ 0x9c, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long long']],
+    'TrimInProgressCount' : [ 0x8, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x10, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x28, ['array', 3, ['unsigned long']]],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'Abandoned' : [ 0x30, ['unsigned char']],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x28, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x2c, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_HMAP_TABLE' : [ 0x5000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_2508' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_250a' : [ 0x20, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_2508']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x40, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0x18, ['__unnamed_250a']],
+    'VerifiedData' : [ 0x38, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x30, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
+    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
+    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SystemCacheAttributes' : [ 0x20, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x18, {
+    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x10, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0x80, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x90, ['unsigned long long']],
+    'PteTrackingBitmap' : [ 0x98, ['_RTL_BITMAP_EX']],
+    'CachedPteHeads' : [ 0xa8, ['pointer64', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xb0, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x118, ['unsigned long']],
+    'KernelStackPages' : [ 0x11c, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x11d, ['unsigned char']],
+    'AdjustCounter' : [ 0x11e, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x120, ['long']],
+    'ReservedMappingTree' : [ 0x128, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x130, ['pointer64', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x138, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x140, ['long']],
+} ],
+  '__unnamed_251e' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0x1c8, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_251e']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'ReferenceCount' : [ 0x10, ['unsigned long long']],
+    'ParentPartition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'ListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'NodeInformation' : [ 0x30, ['pointer64', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x38, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x40, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x48, ['unsigned long long']],
+    'PfnUnmapWorkItem' : [ 0x50, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x70, ['unsigned long long']],
+    'PfnUnmapWaitList' : [ 0x78, ['pointer64', ['void']]],
+    'MemoryRuns' : [ 0x80, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x88, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0xa0, ['array', 5, ['pointer64', ['void']]]],
+    'PartitionObject' : [ 0xc8, ['pointer64', ['void']]],
+    'PartitionObjectHandle' : [ 0xd0, ['pointer64', ['void']]],
+    'PartitionSystemThreadsLock' : [ 0xd8, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0xe8, ['long']],
+    'PfnUnmapActive' : [ 0xec, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0xf0, ['_KEVENT']],
+    'RootDirectory' : [ 0x108, ['pointer64', ['void']]],
+    'KernelObjectsDirectory' : [ 0x110, ['pointer64', ['void']]],
+    'MemoryEvents' : [ 0x118, ['array', 11, ['pointer64', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0x170, ['array', 11, ['pointer64', ['void']]]],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '__unnamed_252a' : [ 0x8, {
+    'InstancedWorkingSet' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0xc8, {
+    'NextPageColor' : [ 0x0, ['unsigned short']],
+    'LastTrimStamp' : [ 0x2, ['unsigned short']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long long']],
+    'VmWorkingSetList' : [ 0x10, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 8, ['unsigned long long']]],
+    'ExitOutswapGate' : [ 0x68, ['pointer64', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x70, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x78, ['unsigned long long']],
+    'WorkingSetLeafPrivateSize' : [ 0x80, ['unsigned long long']],
+    'WorkingSetSize' : [ 0x88, ['unsigned long long']],
+    'WorkingSetPrivateSize' : [ 0x90, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0x98, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0xa0, ['unsigned long long']],
+    'HardFaultCount' : [ 0xa8, ['unsigned long']],
+    'PartitionId' : [ 0xac, ['unsigned short']],
+    'Pad0' : [ 0xae, ['unsigned short']],
+    'u1' : [ 0xb0, ['__unnamed_252a']],
+    'Reserved0' : [ 0xb8, ['unsigned long long']],
+    'Flags' : [ 0xc0, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x10, ['unsigned char']],
+    'BlockState' : [ 0x11, ['unsigned char']],
+    'WaitKey' : [ 0x12, ['unsigned short']],
+    'SpareLong' : [ 0x14, ['long']],
+    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
+    'Object' : [ 0x20, ['pointer64', ['void']]],
+    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x18, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0x10, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'AcquiredRundown' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+} ],
+  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
+    'CurrentSize' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'Epoch' : [ 0x8, ['unsigned long']],
+    'Overflow' : [ 0xc, ['unsigned char']],
+    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long long']],
+    'WorkQueue' : [ 0x20, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
+    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
+    'AcceptAcpiNotification' : [ 0x70, ['pointer64', ['void']]],
+    'WorkOrderCount' : [ 0x78, ['unsigned long']],
+    'WorkOrders' : [ 0x80, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x30, ['pointer64', ['void']]],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'Index' : [ 0x60, ['unsigned short']],
+    'Flags' : [ 0x62, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x62, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'EnableMask' : [ 0x64, ['unsigned char']],
+    'GroupEnableMask' : [ 0x65, ['unsigned char']],
+    'UseDescriptorType' : [ 0x66, ['unsigned char']],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x380, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long long']],
+    'AvailableSystemCacheVa' : [ 0x8, ['unsigned long long']],
+    'DynamicBitMapSystemPtes' : [ 0x10, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapDriverImages' : [ 0x58, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapPagedPool' : [ 0xe8, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSpecialPool' : [ 0x130, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapSystemCache' : [ 0x1c0, ['_MI_DYNAMIC_BITMAP']],
+    'HalPrivateVaStart' : [ 0x208, ['pointer64', ['void']]],
+    'HalPrivateVaSize' : [ 0x210, ['unsigned long long']],
+    'SystemVaAssignment' : [ 0x218, ['array', 8, ['unsigned long']]],
+    'SystemVaAssignmentHint' : [ 0x238, ['unsigned long']],
+    'DeleteKvaLock' : [ 0x23c, ['long']],
+    'WsleArrays' : [ 0x240, ['array', 5, ['pointer64', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x268, ['pointer64', ['_MI_HYPER_SPACE']]],
+    'HyperSpaceEnd' : [ 0x270, ['pointer64', ['void']]],
+    'FreeSystemCacheVa' : [ 0x278, ['_KEVENT']],
+    'SystemVaLock' : [ 0x290, ['unsigned long long']],
+    'SystemCacheViewLock' : [ 0x298, ['unsigned long long']],
+    'SystemWorkingSetList' : [ 0x2a0, ['array', 5, ['_MMWSL_INSTANCE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x48, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'GoodCitizenWaiting' : [ 0x4, ['long']],
+    'ReleasedCommitDebt' : [ 0x8, ['unsigned long long']],
+    'ResetPagesRepurposedCount' : [ 0x10, ['unsigned long long']],
+    'WsSwapSupport' : [ 0x18, ['pointer64', ['void']]],
+    'CommitReleaseContext' : [ 0x20, ['pointer64', ['void']]],
+    'AccessLog' : [ 0x28, ['pointer64', ['void']]],
+    'ChargedWslePages' : [ 0x30, ['unsigned long long']],
+    'ActualWslePages' : [ 0x38, ['unsigned long long']],
+    'Reserved0' : [ 0x40, ['unsigned long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x20, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'PaddingFor16ByteAlignment' : [ 0x8, ['unsigned long long']],
+    'CloneCommitCount' : [ 0x10, ['unsigned long long']],
+    'u1' : [ 0x10, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0x18, ['unsigned long long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_25c1' : [ 0x8, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_SECTION' : [ 0x40, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u1' : [ 0x28, ['__unnamed_25c1']],
+    'SizeOfSection' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_16e5']],
+    'InitialPageProtection' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x3c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x48, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer64', ['void']]]],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xb8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'ArgumentStatus' : [ 0x14, ['long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'Lock' : [ 0x44, ['unsigned long']],
+    'Cancel' : [ 0x48, ['unsigned char']],
+    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x58, ['_GUID']],
+    'Data' : [ 0x68, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0x48, {
+    'Timelines' : [ 0x0, ['array', 9, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x20, ['pointer64', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x28, ['long']],
+    'Active' : [ 0x2c, ['long']],
+    'FreeWhenDone' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x118, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x10, ['unsigned long']],
+    'InDebugger' : [ 0x14, ['long']],
+    'Pfns' : [ 0x18, ['array', 32, ['pointer64', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LockState' : [ 0x0, ['pointer64', ['void']]],
+    'SessionState' : [ 0x8, ['pointer64', ['void']]],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'SessionPad' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_ETIMER' : [ 0x138, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x40, ['unsigned long long']],
+    'TimerApc' : [ 0x48, ['_KAPC']],
+    'TimerDpc' : [ 0xa0, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Period' : [ 0xf0, ['unsigned long']],
+    'TimerFlags' : [ 0xf4, ['unsigned char']],
+    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0xf5, ['unsigned char']],
+    'Spare2' : [ 0xf6, ['unsigned short']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x128, ['unsigned long long']],
+    'CoalescingWindow' : [ 0x130, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x78, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x48, ['pointer64', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x50, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'CrashDumpPte' : [ 0x70, ['pointer64', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x20, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0x18, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x10, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x1d8, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x28, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x30, ['unsigned char']],
+    'PepWokenTransition' : [ 0x31, ['unsigned char']],
+    'EfficiencyClass' : [ 0x32, ['unsigned char']],
+    'SchedulingClass' : [ 0x33, ['unsigned char']],
+    'TargetIdleState' : [ 0x34, ['unsigned long']],
+    'IdlePolicy' : [ 0x38, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x40, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x48, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower', 3: 'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xdc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xe0, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0xe8, ['long']],
+    'FFHThrottleStateInfo' : [ 0xf0, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x110, ['_KDPC']],
+    'PerfActionMask' : [ 0x150, ['long']],
+    'HvIdleCheck' : [ 0x158, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x168, ['pointer64', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x170, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x178, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x180, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x188, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x190, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x198, ['pointer64', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x1a0, ['unsigned char']],
+    'HvTargetState' : [ 0x1a1, ['unsigned char']],
+    'Parked' : [ 0x1a2, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x1a4, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x1a8, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x1ac, ['unsigned long']],
+    'RelativePerformance' : [ 0x1b0, ['unsigned long']],
+    'Utility' : [ 0x1b4, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x1b8, ['unsigned long']],
+    'SnapTimeLast' : [ 0x1c0, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x1c0, ['unsigned long long']],
+    'ActiveTime' : [ 0x1c8, ['unsigned long long']],
+    'TotalTime' : [ 0x1d0, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x240, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x18, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x30, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x48, ['unsigned long long']],
+    'DereferenceSegmentHeader' : [ 0x50, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x80, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x90, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0xd0, ['unsigned char']],
+    'UnusedSegmentList' : [ 0xd8, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0xe8, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0xf8, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0x108, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x120, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0x128, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0x140, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x160, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0x170, ['_EX_PUSH_LOCK']],
+    'SharedCharges' : [ 0x178, ['array', 4, ['_MI_CROSS_PARTITION_CHARGES']]],
+    'SharedChargesDrainEvent' : [ 0x1f8, ['pointer64', ['_KEVENT']]],
+    'PagefileControlAreasDrainEvent' : [ 0x200, ['pointer64', ['_KEVENT']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x18, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_POP_FX_DEVICE' : [ 0x2a0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DevNode' : [ 0x30, ['pointer64', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x50, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x58, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x68, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x70, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0xb0, ['pointer64', ['void']]],
+    'AcpiLink' : [ 0xb8, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0xc8, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0xd8, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0xf8, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x118, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0x150, ['unsigned long long']],
+    'IdleTimer' : [ 0x158, ['_KTIMER']],
+    'IdleDpc' : [ 0x198, ['_KDPC']],
+    'IdleTimeout' : [ 0x1d8, ['unsigned long long']],
+    'IdleStamp' : [ 0x1e0, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x1e8, ['array', 2, ['pointer64', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x1f8, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x200, ['array', 2, ['pointer64', ['void']]]],
+    'NextIrpCallerContext' : [ 0x210, ['array', 2, ['pointer64', ['void']]]],
+    'IrpCompleteEvent' : [ 0x220, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x238, ['pointer64', ['void']]],
+    'Accounting' : [ 0x240, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x270, ['unsigned long']],
+    'ComponentCount' : [ 0x274, ['unsigned long']],
+    'Components' : [ 0x278, ['pointer64', ['pointer64', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x280, ['unsigned long']],
+    'Log' : [ 0x288, ['pointer64', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x290, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x298, ['pointer64', ['_DRIVER_OBJECT']]],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x80, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x10, ['short']],
+    'SpecialApcDisable' : [ 0x12, ['short']],
+    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
+    'Irql' : [ 0x14, ['unsigned char']],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x8, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 59, native_type='unsigned long long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer64', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Processors' : [ 0x8, ['unsigned long']],
+    'ActiveProcessors' : [ 0xc, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0x18, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SepCachedHandlesEntryLowbox', 1: 'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x8, ['pointer64', ['void']]],
+    'IsolationPrefix' : [ 0x8, ['_UNICODE_STRING']],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0xc0, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['long']],
+} ],
+  '__unnamed_2679' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_267b' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2679']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x60, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x40, ['pointer64', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x48, ['_LIST_ENTRY']],
+    'Specific' : [ 0x58, ['__unnamed_267b']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x38, ['long']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x160, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb8, ['array', 21, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0x1200, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x8, ['unsigned long long']],
+    'NumberOfPhysicalPages' : [ 0x10, ['unsigned long long']],
+    'NumberOfPagingFiles' : [ 0x18, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x1c, ['unsigned char']],
+    'PagingFile' : [ 0x20, ['array', 16, ['pointer64', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0xc0, ['unsigned long long']],
+    'ResidentAvailablePages' : [ 0x100, ['unsigned long long']],
+    'PartitionWs' : [ 0x140, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x208, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x230, ['unsigned long long']],
+    'ModifiedPageListHead' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x280, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x2a8, ['unsigned long long']],
+    'TotalPagesForPagingFile' : [ 0x2b0, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x2b8, ['unsigned long long']],
+    'ProcessLockedFilePages' : [ 0x2c0, ['unsigned long long']],
+    'SharedCommit' : [ 0x2c8, ['unsigned long long']],
+    'ChargeCommitmentFailures' : [ 0x2d0, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x2e0, ['long']],
+    'PageFileTraces' : [ 0x2e8, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x58, {
+    'Context' : [ 0x0, ['pointer64', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x4c, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x50, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x70, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'RebalanceReasonUnknown', 1: 'RebalanceReasonRequirementsChanged', 2: 'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'RebalanceFailureNone', 1: 'RebalanceFailureDisabled', 2: 'RebalanceFailureNoMemory', 3: 'RebalanceFailureQueryStopUnexpectedVeto', 4: 'RebalanceFailureNoRequirements', 5: 'RebalanceFailureNoCandidates', 6: 'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x20, ['unsigned char']],
+    'TriggerRoot' : [ 0x28, ['pointer64', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x30, ['unsigned char']],
+    'BeginTime' : [ 0x38, ['unsigned long long']],
+    'VetoNode' : [ 0x40, ['array', 2, ['pointer64', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x50, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceQueryRebalanceSucceeded', 1: 'DeviceQueryStopFailed', 2: 'DeviceFailedGetNewResourceRequirement', 3: 'DeviceInUnexpectedState', 4: 'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x58, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x28, {
+    'BlockOffset' : [ 0x0, ['unsigned long long']],
+    'PermanentBinAddress' : [ 0x8, ['unsigned long long']],
+    'TemporaryBinAddress' : [ 0x10, ['unsigned long long']],
+    'TemporaryBinRundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+    'MemAlloc' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_26e5' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x110, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x58, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x68, ['array', 3, ['__unnamed_26e5']]],
+    'WakeAlarmPaused' : [ 0xb0, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb8, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc0, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_WNF_LOCK' : [ 0x8, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_ISR_THUNK' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KINTERRUPT' : [ 0x100, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
+    'ActiveCount' : [ 0x66, ['unsigned short']],
+    'InternalState' : [ 0x68, ['long']],
+    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x74, ['unsigned long']],
+    'DispatchCount' : [ 0x78, ['unsigned long']],
+    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x90, ['pointer64', ['void']]],
+    'ServiceThread' : [ 0x98, ['pointer64', ['_KTHREAD']]],
+    'ConnectionData' : [ 0xa0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0xa8, ['pointer64', ['void']]],
+    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xf0, ['pointer64', ['void']]],
+    'Padding' : [ 0xf8, ['array', 8, ['unsigned char']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x60, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x18, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x1c, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x40, ['long']],
+    'Gate' : [ 0x48, ['_KGATE']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x40, {
+    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
+    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
+    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
+    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
+    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
+    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
+    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
+    'DripsWatchdogCallback' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x10, ['pointer64', ['void']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'SharedWaiters' : [ 0x20, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x28, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'ReservedWin64OnlyPointer' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'UnlockInProgress' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 48, native_type='unsigned long long')]],
+} ],
+  '_WAITING_IRP' : [ 0x38, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'Information' : [ 0x30, ['unsigned long']],
+    'BreakAllRH' : [ 0x34, ['unsigned char']],
+} ],
+  '_MI_DYNAMIC_BITMAP' : [ 0x48, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'MaximumSize' : [ 0x10, ['unsigned long long']],
+    'Hint' : [ 0x18, ['unsigned long long']],
+    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
+    'SizeTopDown' : [ 0x28, ['unsigned long long']],
+    'HintTopDown' : [ 0x30, ['unsigned long long']],
+    'BaseVaTopDown' : [ 0x38, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x90, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
+    'UnscaledTime' : [ 0x30, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x38, ['long long']],
+    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
+    'UserTimeLast' : [ 0x60, ['unsigned long']],
+    'KernelTimeLast' : [ 0x64, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x68, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x70, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x78, ['unsigned long long']],
+    'StallTime' : [ 0x80, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x88, ['unsigned char']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
+    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'Scaling' : [ 0x22, ['unsigned char']],
+    'Context' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'Hint' : [ 0x20, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_PEB64' : [ 0x7a0, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'SharedData' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['unsigned long long']],
+    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
+    'FlsBitmap' : [ 0x338, ['unsigned long long']],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pUnused' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['LIST_ENTRY64']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['unsigned long long']]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned short']],
+    'Flags' : [ 0x5a, ['unsigned char']],
+    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
+    'SiloState' : [ 0x98, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x1d0, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x30, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x50, ['unsigned long']],
+    'ClonedPageCount' : [ 0x58, ['unsigned long long']],
+    'CurrentMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x68, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x70, ['unsigned long long']],
+    'LoaderMdl' : [ 0x78, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x80, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x88, ['unsigned long long']],
+    'IoPages' : [ 0x90, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x98, ['unsigned long']],
+    'CurrentMcb' : [ 0xa0, ['pointer64', ['void']]],
+    'DumpStack' : [ 0xa8, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0xb0, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0xb8, ['unsigned long']],
+    'Status' : [ 0xbc, ['long']],
+    'GraphicsProc' : [ 0xc0, ['unsigned long']],
+    'MemoryImage' : [ 0xc8, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0xd8, ['pointer64', ['_MDL']]],
+    'SiLogOffset' : [ 0xe0, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0xe8, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0xf0, ['pointer64', ['void']]],
+    'ResumeContext' : [ 0xf8, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0x100, ['unsigned long']],
+    'SecurePages' : [ 0x104, ['unsigned long']],
+    'ProcessorCount' : [ 0x108, ['unsigned long']],
+    'ProcessorContext' : [ 0x110, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0x118, ['pointer64', ['unsigned char']]],
+    'ProdConsSize' : [ 0x120, ['unsigned long']],
+    'MaxDataPages' : [ 0x124, ['unsigned long']],
+    'ExtraBuffer' : [ 0x128, ['pointer64', ['void']]],
+    'ExtraBufferSize' : [ 0x130, ['unsigned long long']],
+    'ExtraMapVa' : [ 0x138, ['pointer64', ['void']]],
+    'BitlockerKeyPFN' : [ 0x140, ['unsigned long long']],
+    'IoInfo' : [ 0x148, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x1b8, ['pointer64', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x1c0, ['unsigned long long']],
+    'HardwareConfigurationSignature' : [ 0x1c8, ['unsigned long']],
+    'IumEnabled' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '__unnamed_2778' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2778']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_277f' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_277f']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long long']],
+    'TotalCommitLimitMaximum' : [ 0x8, ['unsigned long long']],
+    'Popups' : [ 0x10, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x18, ['unsigned long long']],
+    'HighCommitThreshold' : [ 0x20, ['unsigned long long']],
+    'EventLock' : [ 0x28, ['unsigned long long']],
+    'SystemCommitReserve' : [ 0x30, ['unsigned long long']],
+    'OverCommit' : [ 0x40, ['unsigned long long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x58, {
+    'Sibling' : [ 0x0, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
+    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
+    'Code' : [ 0x20, ['unsigned long']],
+    'Parameter1' : [ 0x28, ['unsigned long long']],
+    'Parameter2' : [ 0x30, ['unsigned long long']],
+    'Parameter3' : [ 0x38, ['unsigned long long']],
+    'Parameter4' : [ 0x40, ['unsigned long long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'StackLimitHits' : [ 0x8038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
+    'TotalReleases' : [ 0x8048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
+    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
+    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8168, ['long']],
+    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: 'BugcheckStackLimits', 1: 'DPCStackLimits', 2: 'ExpandedStackLimits', 3: 'NormalStackLimits', 4: 'Win32kStackLimits', 5: 'SwapBusyStackLimits', 6: 'IsrStackLimits', 7: 'DebuggerStackLimits', 8: 'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
+    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x3d8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long long']],
+    'HiberFlags' : [ 0x38, ['unsigned char']],
+    'spare' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'NoFreePages' : [ 0x48, ['unsigned long']],
+    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
+    'WakeCheck' : [ 0x50, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
+    'FirstSecureRestorePage' : [ 0x60, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x68, ['unsigned long long']],
+    'FirstKernelRestorePage' : [ 0x70, ['unsigned long long']],
+    'FirstChecksumRestorePage' : [ 0x78, ['unsigned long long']],
+    'NoChecksumEntries' : [ 0x80, ['unsigned long long']],
+    'PerfInfo' : [ 0x88, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x280, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x288, ['array', 1, ['unsigned long long']]],
+    'SiLogOffset' : [ 0x290, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x294, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x298, ['array', 24, ['unsigned long long']]],
+    'NotUsed' : [ 0x358, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x35c, ['unsigned long']],
+    'ResumeContextPages' : [ 0x360, ['unsigned long']],
+    'Hiberboot' : [ 0x364, ['unsigned char']],
+    'HvCr3' : [ 0x368, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x370, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x378, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x380, ['unsigned long long']],
+    'BootFlags' : [ 0x388, ['unsigned long long']],
+    'HalEntryPointPhysical' : [ 0x390, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x398, ['unsigned long long']],
+    'BitlockerKeyPfns' : [ 0x3a0, ['array', 4, ['unsigned long long']]],
+    'HardwareSignature' : [ 0x3c0, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x3d0, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x3d4, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x3d5, ['unsigned char']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x50, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x8, ['long']],
+    'PrefetchSeekThreshold' : [ 0xc, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x30, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x34, ['unsigned long']],
+    'DelayPageFaults' : [ 0x38, ['long']],
+    'FileCompressionBoundary' : [ 0x3c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x40, ['unsigned char']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x70, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long long']],
+    'PfnDecayFreeSList' : [ 0x10, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x28, ['_KDPC']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x8, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x150, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x108, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x38, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long long']]],
+    'InitialInPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x10, ['pointer64', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x1a0, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+    'CrossPartition' : [ 0x18, ['_MI_PAGE_COMBINING_SUPPORT']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_PTE_TRACKER' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x28, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0x18, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0x120, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
+    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x40, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x50, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x60, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x70, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x78, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x7c, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x80, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x84, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x88, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x8c, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x90, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0xa0, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0xb0, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0xc0, ['pointer64', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0xc8, ['unsigned long']],
+    'HybridPriority' : [ 0xc8, ['unsigned long']],
+    'PageFileNumber' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'Spare0' : [ 0xcc, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0xce, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0xce, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0xcf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0xcf, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0xd0, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0xd4, ['unsigned long']],
+    'PageHash' : [ 0xd8, ['pointer64', ['unsigned long']]],
+    'FileHandle' : [ 0xe0, ['pointer64', ['void']]],
+    'Lock' : [ 0xe8, ['unsigned long long']],
+    'LockOwner' : [ 0xf0, ['pointer64', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0xf8, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x100, ['pointer64', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x108, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_HVIEW_MAP' : [ 0x4b0, {
+    'MappedLength' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Directory' : [ 0x18, ['pointer64', ['_HVIEW_MAP_DIRECTORY']]],
+    'PagesCharged' : [ 0x20, ['unsigned long']],
+    'PinLog' : [ 0x28, ['_HVIEW_MAP_PIN_LOG']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x20, ['long']],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned short']],
+    'Flags' : [ 0x16, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x10, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x30, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x20, ['unsigned long']],
+    'ModuleSize' : [ 0x24, ['unsigned long']],
+    'Offset' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_2825' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2827' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2825']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2827']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_RELATION_LIST' : [ 0x10, {
+    'DeviceObjectList' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x8, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x10, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x70, {
+    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'IoReady', 1: 'IoPending', 2: 'IoDone'})]],
+    'IoStartCount' : [ 0x10, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
+    'RequestSize' : [ 0x28, ['unsigned long long']],
+    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x38, ['unsigned long long']],
+    'Buffer' : [ 0x40, ['pointer64', ['void']]],
+    'AsyncCapable' : [ 0x48, ['unsigned char']],
+    'BytesToRead' : [ 0x50, ['unsigned long long']],
+    'Pages' : [ 0x58, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x60, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x68, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x58, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'AppContainerNumber' : [ 0x30, ['unsigned long']],
+    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
+    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
+    'SecurityAttributes' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x8, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 62, native_type='unsigned long long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+    'Lock' : [ 0x0, ['long long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x18, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0x10, ['pointer64', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '__unnamed_2865' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x78, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x20, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x28, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x30, ['unsigned long long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x38, ['unsigned long long']],
+    'MdlHack' : [ 0x40, ['__unnamed_2865']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['unsigned long long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Pattern' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2872' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_2872']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '__unnamed_2883' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_2886' : [ 0x8, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x88, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x40, ['__unnamed_2883']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u4' : [ 0x78, ['__unnamed_2886']],
+    'FileObject' : [ 0x80, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x88, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
+    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
+    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsFlags' : [ 0x50, ['unsigned long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x120, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x90, ['pointer64', ['void']]],
+    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0xb0, ['pointer64', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
+    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
+    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0xf8, ['unsigned long long']],
+    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
+    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: 'LoadReasonStaticDependency', 1: 'LoadReasonStaticForwarderDependency', 2: 'LoadReasonDynamicForwarderDependency', 3: 'LoadReasonDelayloadDependency', 4: 'LoadReasonDynamicLoad', 5: 'LoadReasonAsImageLoad', 6: 'LoadReasonAsDataLoad', -1: 'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
+    'ReferenceCount' : [ 0x114, ['unsigned long']],
+    'DependentLoadFlags' : [ 0x118, ['unsigned long']],
+    'SigningLevel' : [ 0x11c, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x18, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_28b3' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_28b5' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_28b7' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_28b3']],
+    'e2' : [ 0x0, ['__unnamed_28b5']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_28b7']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x2d0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x60, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0xc0, ['unsigned long long']],
+    'NumberOfMappedMdlsInUse' : [ 0xc8, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0xcc, ['unsigned long']],
+    'MappedFileHeader' : [ 0xd0, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0xf8, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0xf9, ['unsigned char']],
+    'TransitionInserted' : [ 0xfa, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0xfc, ['long']],
+    'LastMappedWriteError' : [ 0x100, ['long']],
+    'MappedFileWriteSucceeded' : [ 0x104, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0x108, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0x10c, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0x110, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0x128, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0x130, ['unsigned long long']],
+    'ModifiedPageWriterEvent' : [ 0x138, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0x150, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0x168, ['long']],
+    'WriteAllMappedPages' : [ 0x16c, ['long']],
+    'MappedPageWriterEvent' : [ 0x170, ['_KEVENT']],
+    'ModWriteData' : [ 0x188, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x1c8, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x1e0, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x208, ['pointer64', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x210, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x218, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x238, ['unsigned long']],
+    'ClusterWritesDisabled' : [ 0x23c, ['array', 2, ['long']]],
+    'NotifyStoreMemoryConditions' : [ 0x248, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x260, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x264, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x268, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x270, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x290, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x298, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x2b8, ['long']],
+    'WorkingSetSwapLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x2c8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer64', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'Width8Bits', 1: 'Width16Bits', 2: 'Width32Bits', 3: 'Width64Bits', 4: 'WidthNoWrap', 5: 'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'Compatible', 1: 'TypeA', 2: 'TypeB', 3: 'TypeC', 4: 'TypeF', 5: 'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned char']],
+    'DripsRequiredState' : [ 0xc, ['unsigned long']],
+    'Level' : [ 0x10, ['long']],
+    'ActiveStamp' : [ 0x18, ['long long']],
+    'CsActiveTime' : [ 0x20, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x28, ['long long']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+} ],
+  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
+    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
+    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'SizeOfTable' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x48, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer64', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '__unnamed_291a' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x80, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_291a']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'EvictFlushLock' : [ 0x1c, ['long']],
+    'EvictionThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x28, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x40, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x50, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x68, ['pointer64', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_MI_RFG_PROTECTED_STACK' : [ 0x18, {
+    'ControlStackBase' : [ 0x0, ['pointer64', ['void']]],
+    'ControlStackVad' : [ 0x8, ['pointer64', ['_MMVAD_SHORT']]],
+    'OwnerThread' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x100, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x60, ['long']],
+    'ActiveEvent' : [ 0x68, ['_KEVENT']],
+    'IdleLock' : [ 0x80, ['unsigned long long']],
+    'IdleConditionComplete' : [ 0x88, ['long']],
+    'IdleStateComplete' : [ 0x8c, ['long']],
+    'IdleStamp' : [ 0x90, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x98, ['unsigned long']],
+    'IdleStateCount' : [ 0x9c, ['unsigned long']],
+    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
+    'ProviderCount' : [ 0xac, ['unsigned long']],
+    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
+    'DependentCount' : [ 0xbc, ['unsigned long']],
+    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0xf8, ['pointer64', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_DYNAMIC_FUNCTION_TABLE' : [ 0x70, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
+    'MinimumAddress' : [ 0x20, ['unsigned long long']],
+    'MaximumAddress' : [ 0x28, ['unsigned long long']],
+    'BaseAddress' : [ 0x30, ['unsigned long long']],
+    'Callback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['wchar']]],
+    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'RF_SORTED', 1: 'RF_UNSORTED', 2: 'RF_CALLBACK', 3: 'RF_KERNEL_DYNAMIC'})]],
+    'EntryCount' : [ 0x54, ['unsigned long']],
+    'TreeNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x60, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x20, ['unsigned long long']],
+    'ActualExpansion' : [ 0x28, ['unsigned long long']],
+    'Event' : [ 0x30, ['_KEVENT']],
+    'InProgress' : [ 0x48, ['long']],
+    'u' : [ 0x4c, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+    'ActiveEntry' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'AttemptForCantExtend' : [ 0x58, ['unsigned char']],
+    'PageFileContract' : [ 0x59, ['unsigned char']],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_HVIEW_MAP_PIN_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x20, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_294b' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_294b']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x10, ['unsigned char']],
+    'Disowned' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0x12, ['unsigned char']],
+    'IsWaiting' : [ 0x13, ['unsigned char']],
+    'LockAddress' : [ 0x18, ['pointer64', ['void']]],
+    'ThreadAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SublistHead' : [ 0x28, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0xe8, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long long']],
+    'NonPagedPoolSListMaximum' : [ 0x8, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x18, ['unsigned long long']],
+    'BadPoolHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x28, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x2c, ['unsigned char']],
+    'PoolFailures' : [ 0x30, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x54, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x80, ['unsigned long long']],
+    'HighPagedPoolThreshold' : [ 0x88, ['unsigned long long']],
+    'PagedPoolSListMaximum' : [ 0x90, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x94, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0xa8, ['unsigned long long']],
+    'SpecialPoolRejected' : [ 0xb0, ['array', 6, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0xc8, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0xd0, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0xd4, ['unsigned long']],
+    'TotalPagedPoolQuota' : [ 0xd8, ['unsigned long long']],
+    'TotalNonPagedPoolQuota' : [ 0xe0, ['unsigned long long']],
+} ],
+  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
+    'BeginAddress' : [ 0x0, ['unsigned long']],
+    'EndAddress' : [ 0x4, ['unsigned long']],
+    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
+    'UnwindData' : [ 0x8, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'ConnectLock' : [ 0x8, ['_KEVENT']],
+    'LineMasked' : [ 0x20, ['unsigned char']],
+    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0x18, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x8, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0xf0, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaLastRangeIndex' : [ 0x4, ['unsigned long']],
+    'NumaTableCaptured' : [ 0x8, ['unsigned char']],
+    'NodeShift' : [ 0x9, ['unsigned char']],
+    'ChannelShift' : [ 0xa, ['unsigned char']],
+    'NodeGraph' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x18, ['pointer64', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaMemoryRanges' : [ 0x20, ['pointer64', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x28, ['pointer64', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'SecondLevelCacheSize' : [ 0x30, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x34, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x38, ['unsigned long']],
+    'TotalPagesAllowed' : [ 0x40, ['unsigned long long']],
+    'SecondaryColorMask' : [ 0x48, ['unsigned long']],
+    'SecondaryColors' : [ 0x4c, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x50, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x54, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x58, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x5c, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x60, ['unsigned long long']],
+    'OptimalZeroingAttribute' : [ 0x68, ['array', 4, ['array', -16, ['Enumeration', dict(target = 'long', choices = {0: 'MiNonCached', 1: 'MiCached', 2: 'MiWriteCombined', 3: 'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0xa8, ['unsigned char']],
+    'ZeroCostCounts' : [ 0xb0, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'PrimaryPfns' : [ 0xd0, ['unsigned long long']],
+    'HighestPossiblePhysicalPage' : [ 0xd8, ['unsigned long long']],
+    'EnclaveRegions' : [ 0xe0, ['_RTL_AVL_TREE']],
+    'VsmKernelPageCount' : [ 0xe8, ['unsigned long long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x28, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0x18, ['unsigned char']],
+    'BlocksDrips' : [ 0x19, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x1c, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x20, ['pointer64', ['_PPM_VETO_ENTRY']]],
+} ],
+  '__unnamed_297c' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_297c']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x118, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x100, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x108, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x110, ['unsigned long long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xb8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x38, ['unsigned long long']],
+    'ProbeRaises' : [ 0x40, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x80, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x88, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x8c, ['unsigned long']],
+    'CheckZeroCount' : [ 0x90, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x94, ['long']],
+    'BadPagesDetected' : [ 0x98, ['long']],
+    'ScrubPasses' : [ 0x9c, ['long']],
+    'ScrubBadPagesFound' : [ 0xa0, ['long']],
+    'UserViewFailures' : [ 0xa4, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0xa8, ['unsigned long']],
+    'ResavailFailures' : [ 0xac, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xb4, ['unsigned char']],
+    'InitFailure' : [ 0xb5, ['unsigned char']],
+    'StopBadMaps' : [ 0xb6, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x1e0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0xc0, ['unsigned long long']],
+    'ProcessorCount' : [ 0xc8, ['unsigned long']],
+    'EfficiencyClass' : [ 0xcc, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0xcd, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0xce, ['unsigned char']],
+    'Spare' : [ 0xcf, ['unsigned char']],
+    'Processors' : [ 0xd0, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0xd8, ['pointer64', ['void']]],
+    'TimeWindowHandler' : [ 0xe0, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0xe8, ['pointer64', ['void']]],
+    'BoostModeHandler' : [ 0xf0, ['pointer64', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0xf8, ['pointer64', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x100, ['pointer64', ['void']]],
+    'AutonomousModeHandler' : [ 0x108, ['pointer64', ['void']]],
+    'ReinitializeHandler' : [ 0x110, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x118, ['pointer64', ['void']]],
+    'PerfControlHandler' : [ 0x120, ['pointer64', ['void']]],
+    'DomainPerfControlHandler' : [ 0x128, ['pointer64', ['void']]],
+    'MaxFrequency' : [ 0x130, ['unsigned long']],
+    'NominalFrequency' : [ 0x134, ['unsigned long']],
+    'MaxPercent' : [ 0x138, ['unsigned long']],
+    'MinPerfPercent' : [ 0x13c, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x140, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x148, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x150, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x158, ['unsigned char']],
+    'Coordination' : [ 0x159, ['unsigned char']],
+    'HardPlatformCap' : [ 0x15a, ['unsigned char']],
+    'AffinitizeControl' : [ 0x15b, ['unsigned char']],
+    'EfficientThrottle' : [ 0x15c, ['unsigned char']],
+    'AllowVirtualHeterogeneity' : [ 0x15d, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x15e, ['unsigned char']],
+    'AutonomousMode' : [ 0x15f, ['unsigned char']],
+    'DesiredPercent' : [ 0x160, ['unsigned long']],
+    'MaxPolicyPercent' : [ 0x164, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x168, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x16c, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x170, ['unsigned long']],
+    'SelectionGeneration' : [ 0x174, ['unsigned long']],
+    'BackgroundSelectionGeneration' : [ 0x178, ['unsigned long']],
+    'Selection' : [ 0x180, ['_PERF_CONTROL_STATE_SELECTION']],
+    'BackgroundSelection' : [ 0x1a8, ['_PERF_CONTROL_STATE_SELECTION']],
+    'PerfChangeTime' : [ 0x1d0, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x1d8, ['unsigned long']],
+    'Force' : [ 0x1dc, ['unsigned char']],
+    'ProvideGuidance' : [ 0x1dd, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0xa8, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x8, ['unsigned long long']],
+    'DummyPagePfn' : [ 0x10, ['pointer64', ['_MMPFN']]],
+    'DummyPage' : [ 0x18, ['unsigned long long']],
+    'PageOfZeroes' : [ 0x20, ['unsigned long long']],
+    'ZeroMapping' : [ 0x28, ['pointer64', ['void']]],
+    'OnesMapping' : [ 0x30, ['pointer64', ['void']]],
+    'ZeroCrc' : [ 0x38, ['unsigned long long']],
+    'OnesCrc' : [ 0x40, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x48, ['array', 4, ['unsigned long long']]],
+    'PfnGapFrames' : [ 0x68, ['array', 4, ['unsigned long long']]],
+    'PageTableOfZeroes' : [ 0x88, ['unsigned long long']],
+    'PdeOfZeroes' : [ 0x90, ['_MMPTE']],
+    'PageTableOfOnes' : [ 0x98, ['unsigned long long']],
+    'PdeOfOnes' : [ 0xa0, ['_MMPTE']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x10, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Lock' : [ 0x20, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x38, ['pointer64', ['void']]],
+    'Enabled' : [ 0x40, ['unsigned char']],
+    'ActiveEngaged' : [ 0x41, ['unsigned char']],
+    'ThrottleLimit' : [ 0x42, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x43, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x48, ['pointer64', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Interface' : [ 0x58, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '__unnamed_29b1' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x8, ['__unnamed_29b1']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x10, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+    'PoolTagHash' : [ 0xa, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x140, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_29c4' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_29c4']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x88, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x40, ['_KDPC']],
+    'WorkOrder' : [ 0x80, ['pointer64', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '__unnamed_29d9' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_29d9']],
+} ],
+  '__unnamed_29dd' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_29e1' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_29e3' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_29e5' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_29e7' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_29e9' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_29eb' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29ed' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_29ef' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_29f1' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_29f3' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29f5' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_29dd']],
+    'Memory' : [ 0x0, ['__unnamed_29dd']],
+    'Interrupt' : [ 0x0, ['__unnamed_29e1']],
+    'Dma' : [ 0x0, ['__unnamed_29e3']],
+    'DmaV3' : [ 0x0, ['__unnamed_29e5']],
+    'Generic' : [ 0x0, ['__unnamed_29dd']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_29e7']],
+    'BusNumber' : [ 0x0, ['__unnamed_29e9']],
+    'ConfigData' : [ 0x0, ['__unnamed_29eb']],
+    'Memory40' : [ 0x0, ['__unnamed_29ed']],
+    'Memory48' : [ 0x0, ['__unnamed_29ef']],
+    'Memory64' : [ 0x0, ['__unnamed_29f1']],
+    'Connection' : [ 0x0, ['__unnamed_29f3']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_29f5']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x50, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
+    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x30, ['unsigned short']],
+    'ReplyIndex' : [ 0x32, ['unsigned short']],
+    'Flags' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x60, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '__unnamed_2a19' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x108, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_2a19']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
+    'ByteCount' : [ 0x88, ['unsigned long']],
+    'ChargedPages' : [ 0x8c, ['unsigned long']],
+    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'Partition' : [ 0xc0, ['pointer64', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xd0, ['_MDL']],
+    'Page' : [ 0x100, ['array', 1, ['unsigned long long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x20, ['unsigned char']],
+    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
+    'OplockState' : [ 0x90, ['unsigned long']],
+    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
+} ],
+  '__unnamed_2a22' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2a23' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2a22']],
+    'Merged' : [ 0x10, ['__unnamed_2a23']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2a27' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a29' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2a2b' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2a2d' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_2a2b']],
+    'Translated' : [ 0x0, ['__unnamed_2a29']],
+} ],
+  '__unnamed_2a2f' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a31' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_2a33' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a35' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a37' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a39' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a3b' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a3d' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_2a27']],
+    'Port' : [ 0x0, ['__unnamed_2a27']],
+    'Interrupt' : [ 0x0, ['__unnamed_2a29']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2a2d']],
+    'Memory' : [ 0x0, ['__unnamed_2a27']],
+    'Dma' : [ 0x0, ['__unnamed_2a2f']],
+    'DmaV3' : [ 0x0, ['__unnamed_2a31']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_29e7']],
+    'BusNumber' : [ 0x0, ['__unnamed_2a33']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_2a35']],
+    'Memory40' : [ 0x0, ['__unnamed_2a37']],
+    'Memory48' : [ 0x0, ['__unnamed_2a39']],
+    'Memory64' : [ 0x0, ['__unnamed_2a3b']],
+    'Connection' : [ 0x0, ['__unnamed_29f3']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2a3d']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0x900, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x40, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x50, ['pointer64', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x58, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x90, ['unsigned long long']],
+    'SizeOfPagedPoolInPages' : [ 0x98, ['unsigned long long']],
+    'SystemPteInfo' : [ 0xa0, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0x108, ['unsigned long long']],
+    'SmallNonPagedPtesCommit' : [ 0x110, ['unsigned long long']],
+    'BootCommit' : [ 0x118, ['unsigned long long']],
+    'MdlPagesAllocated' : [ 0x120, ['unsigned long long']],
+    'SystemPageTableCommit' : [ 0x128, ['unsigned long long']],
+    'SpecialPagesInUse' : [ 0x130, ['unsigned long long']],
+    'ProcessCommit' : [ 0x138, ['unsigned long long']],
+    'DriverCommit' : [ 0x140, ['long']],
+    'PfnDatabaseCommit' : [ 0x148, ['unsigned long long']],
+    'SystemWs' : [ 0x180, ['array', 3, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x4c0, ['_MMSUPPORT_SHARED']],
+    'AggregateSystemWs' : [ 0x540, ['array', 1, ['_MMSUPPORT_AGGREGATION']]],
+    'MapCacheFailures' : [ 0x560, ['unsigned long']],
+    'PagefileHashPages' : [ 0x568, ['unsigned long long']],
+    'PteHeader' : [ 0x570, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x688, ['pointer64', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x690, ['array', 14, ['unsigned long long']]],
+    'SystemVaType' : [ 0x700, ['array', 256, ['unsigned char']]],
+    'SystemVaRegions' : [ 0x800, ['array', 13, ['_MI_SYSTEM_VA_ASSIGNMENT']]],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xf0, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+    'Xcr0' : [ 0xd8, ['unsigned long long']],
+    'MsrFsBase' : [ 0xe0, ['unsigned long long']],
+    'SpecialPadding0' : [ 0xe8, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x48, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x70, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x38, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long']],
+    'LargeViews' : [ 0x6c, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x118, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastPerfCheckSnap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xb8, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x108, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x10c, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x110, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x112, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x113, ['unsigned char']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_PEB32' : [ 0x460, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'SharedData' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['unsigned long']],
+    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
+    'FlsBitmap' : [ 0x218, ['unsigned long']],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pUnused' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['LIST_ENTRY32']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['unsigned long']]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1d0, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x1a8, ['_LIST_ENTRY']],
+    'Status' : [ 0x1b8, ['long']],
+    'FailedDevice' : [ 0x1c0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1c8, ['unsigned char']],
+    'Cancelled' : [ 0x1c9, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1ca, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1cb, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x98, {
+    'FileName' : [ 0x0, ['pointer64', ['wchar']]],
+    'BaseName' : [ 0x8, ['pointer64', ['wchar']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['wchar']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+    'FilePath' : [ 0x88, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x178, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'HitCount' : [ 0x18, ['unsigned long long']],
+    'LastActivationTime' : [ 0x20, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x28, ['unsigned long long']],
+    'CsActivationTime' : [ 0x30, ['unsigned long long']],
+    'CsActiveTime' : [ 0x38, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x38, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x20, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x30, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2aa7' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x888, {
+    'LargePageFreeCount' : [ 0x0, ['array', 3, ['array', 2, ['unsigned long long']]]],
+    'LargePages' : [ 0x30, ['array', 3, ['array', 2, ['array', 2, ['array', 4, ['_LIST_ENTRY']]]]]],
+    'LargePagesCount' : [ 0x330, ['array', 3, ['array', 2, ['array', 2, ['array', 4, ['unsigned long long']]]]]],
+    'LargePageRebuildTimer' : [ 0x4b0, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'StandbyPageList' : [ 0x4d8, ['array', 4, ['array', 8, ['_MMPFNLIST_SHORT']]]],
+    'FreeCount' : [ 0x7d8, ['array', 2, ['unsigned long long']]],
+    'TotalPages' : [ 0x7e8, ['array', 4, ['unsigned long long']]],
+    'TotalPagesEntireNode' : [ 0x808, ['unsigned long long']],
+    'MmShiftedColor' : [ 0x810, ['unsigned long']],
+    'Color' : [ 0x814, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x818, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'Flags' : [ 0x858, ['__unnamed_2aa7']],
+    'NodeLock' : [ 0x860, ['_EX_PUSH_LOCK']],
+    'ZeroThreadHugeMapLock' : [ 0x868, ['unsigned long long']],
+    'ChannelStatus' : [ 0x870, ['unsigned char']],
+    'ChannelOrdering' : [ 0x871, ['array', 4, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x875, ['array', 4, ['unsigned char']]],
+    'PowerAttribute' : [ 0x879, ['array', 4, ['unsigned char']]],
+    'LargePageLock' : [ 0x880, ['unsigned long long']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_MI_HYPER_SPACE' : [ 0x10804000, {
+    'VadBitmap' : [ 0x0, ['array', 268435456, ['unsigned char']]],
+    'PageDirectoryCommitmentBitmap' : [ 0x10000000, ['array', 16384, ['unsigned char']]],
+    'PageTableCommitmentBitmap' : [ 0x10004000, ['array', 8388608, ['unsigned char']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['long']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DeviceNode' : [ 0x30, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0x190, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x10, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x40, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x70, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedBitMapMaximum' : [ 0xb0, ['unsigned long long']],
+    'DynamicBitMapNonPagedPool' : [ 0xb8, ['_MI_DYNAMIC_BITMAP']],
+    'NonPagedPoolLowestPage' : [ 0x100, ['unsigned long long']],
+    'NonPagedPoolHighestPage' : [ 0x108, ['unsigned long long']],
+    'AllocatedNonPagedPool' : [ 0x110, ['unsigned long long']],
+    'PartialLargePoolRegions' : [ 0x118, ['unsigned long long']],
+    'PagesInPartialLargePoolRegions' : [ 0x120, ['unsigned long long']],
+    'CachedNonPagedPoolCount' : [ 0x128, ['unsigned long long']],
+    'NonPagedPoolSpinLock' : [ 0x130, ['unsigned long long']],
+    'CachedNonPagedPool' : [ 0x138, ['pointer64', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x140, ['pointer64', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x148, ['pointer64', ['void']]],
+    'NonPagedBitMap' : [ 0x150, ['array', 3, ['_RTL_BITMAP_EX']]],
+    'NonPagedHint' : [ 0x180, ['array', 2, ['unsigned long long']]],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0x188, {
+    'Partition' : [ 0x0, ['pointer64', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0x18, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x40, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x48, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x58, ['unsigned long long']],
+    'CombinePageListHeads' : [ 0x60, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0x160, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long long']],
+    'BadPagesDetected' : [ 0x8, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
+    'ScrubPasses' : [ 0x10, ['long']],
+    'ScrubBadPagesFound' : [ 0x14, ['long']],
+    'PageHashErrors' : [ 0x18, ['unsigned long']],
+    'FeatureBits' : [ 0x20, ['unsigned long long']],
+    'TimeZoneId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x28, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x20, ['unsigned char']],
+    'RebuildActive' : [ 0x21, ['unsigned char']],
+    'NextPassDelta' : [ 0x22, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x23, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x68, {
+    'IoPfnLock' : [ 0x0, ['unsigned long long']],
+    'IoPfnRoot' : [ 0x8, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x20, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x30, ['unsigned long']],
+    'IoCacheStats' : [ 0x38, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x60, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x20, {
+    'CurrentCharges' : [ 0x0, ['unsigned long long']],
+    'ChargeFailures' : [ 0x8, ['unsigned long long']],
+    'ChargePeak' : [ 0x10, ['unsigned long long']],
+    'ChargeMinimum' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_2aec' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x30, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SessionId' : [ 0x18, ['unsigned long']],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x20, ['pointer64', ['_MMPTE']]],
+    'u2' : [ 0x28, ['__unnamed_2aec']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x40, {
+    'PagesLoad' : [ 0x0, ['long long']],
+    'PagesAverage' : [ 0x8, ['unsigned long long']],
+    'AverageAvailablePages' : [ 0x10, ['unsigned long long']],
+    'PagesWritten' : [ 0x18, ['unsigned long long']],
+    'WritesIssued' : [ 0x20, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x24, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x28, ['unsigned long']],
+    'WriteBurstCount' : [ 0x2c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x30, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x38, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x3e, ['unsigned short']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x40, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '__unnamed_2b12' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2b14' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2b17' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_2b1b' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'ApicDestinationModePhysical', 2: 'ApicDestinationModeLogicalFlat', 3: 'ApicDestinationModeLogicalClustered', 4: 'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x58, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptTypeControllerInput', 1: 'InterruptTypeXapicMessage', 2: 'InterruptTypeHypertransport', 3: 'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x38, ['__unnamed_2b12']],
+    'HvDeviceId' : [ 0x40, ['unsigned long long']],
+    'XapicMessage' : [ 0x48, ['__unnamed_2b14']],
+    'Hypertransport' : [ 0x48, ['__unnamed_2b17']],
+    'GenericMessage' : [ 0x48, ['__unnamed_2b14']],
+    'MessageRequest' : [ 0x48, ['__unnamed_2b1b']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x50, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0x18, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x1c, ['unsigned long']],
+    'LowestLink' : [ 0x20, ['unsigned long']],
+    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
+    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'LdrModulesPlaceHolder', 1: 'LdrModulesMapping', 2: 'LdrModulesMapped', 3: 'LdrModulesWaitingForDependencies', 4: 'LdrModulesSnapping', 5: 'LdrModulesSnapped', 6: 'LdrModulesCondensed', 7: 'LdrModulesReadyToInit', 8: 'LdrModulesInitializing', 9: 'LdrModulesReadyToRun', '\xfb': 'LdrModulesMerged', '\xfd': 'LdrModulesSnapError', '\xfc': 'LdrModulesInitError', -1: 'LdrModulesUnloading', '\xfe': 'LdrModulesUnloaded'})]],
+    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x48, ['unsigned long']],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x178, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
+    'StorageInfo' : [ 0x110, ['pointer64', ['void']]],
+    'UseStorageInfo' : [ 0x118, ['unsigned char']],
+    'PointersLength' : [ 0x11c, ['unsigned long']],
+    'ModulePrefix' : [ 0x120, ['pointer64', ['wchar']]],
+    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x138, ['_STRING']],
+    'ProgMsg' : [ 0x148, ['_STRING']],
+    'DoneMsg' : [ 0x158, ['_STRING']],
+    'FileObject' : [ 0x168, ['pointer64', ['void']]],
+    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x38, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0x18, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x520, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x508, ['unsigned long']],
+    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x510, ['unsigned long']],
+    'YieldCount' : [ 0x514, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x38, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2b43' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2b45' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2b47' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2b49' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2b4b' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b4d' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2b4f' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2b51' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2b53' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_2b55' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_2b43']],
+    'TargetDevice' : [ 0x0, ['__unnamed_2b45']],
+    'InstallDevice' : [ 0x0, ['__unnamed_2b45']],
+    'CustomNotification' : [ 0x0, ['__unnamed_2b47']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_2b49']],
+    'PowerNotification' : [ 0x0, ['__unnamed_2b4b']],
+    'VetoNotification' : [ 0x0, ['__unnamed_2b4d']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_2b4f']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_2b51']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_2b53']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_2b45']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_2b45']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'DeviceInstanceStartedEvent', 12: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_2b55']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  '_HVIEW_MAP_DIRECTORY' : [ 0x400, {
+    'Tables' : [ 0x0, ['array', 128, ['pointer64', ['_HVIEW_MAP_TABLE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'AllStacksInUse' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'MpnId' : [ 0x8, ['unsigned short']],
+    'Node' : [ 0xa, ['unsigned short']],
+    'Channel' : [ 0xc, ['unsigned short']],
+    'IsPowerManageable' : [ 0xe, ['unsigned char']],
+    'DeepPowerState' : [ 0xf, ['unsigned char']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x90, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'PlatformCap' : [ 0x10, ['unsigned long']],
+    'ThermalCap' : [ 0x14, ['unsigned long']],
+    'LimitReasons' : [ 0x18, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x20, ['unsigned long long']],
+    'VirtualLittle' : [ 0x28, ['unsigned char']],
+    'ResolvedVirtualLittle' : [ 0x29, ['unsigned char']],
+    'LastVirtualTranstionTsc' : [ 0x30, ['unsigned long long']],
+    'VirtualTranstionHysteresis' : [ 0x38, ['unsigned long long']],
+    'ProcCap' : [ 0x40, ['unsigned long']],
+    'ProcFloor' : [ 0x44, ['unsigned long']],
+    'TargetPercent' : [ 0x48, ['unsigned long']],
+    'Selection' : [ 0x50, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x78, ['unsigned long']],
+    'PreviousFrequency' : [ 0x7c, ['unsigned long']],
+    'PreviousPercent' : [ 0x80, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x84, ['unsigned long']],
+    'Force' : [ 0x88, ['unsigned char']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x410, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
+    'ProcessGroupId' : [ 0x408, ['unsigned long']],
+    'LoaderThreads' : [ 0x40c, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x28, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long long']],
+    'ActiveCacheMatch' : [ 0x8, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x14, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x1c, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_2b99' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b9b' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2b9d' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2b99']],
+    'Gpt' : [ 0x0, ['__unnamed_2b9b']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
+    'HiberResume' : [ 0x6a, ['unsigned char']],
+    'Reserved1' : [ 0x6b, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_2b9d']],
+    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
+    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
+    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x38, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ActiveCooling' : [ 0x28, ['pointer64', ['void']]],
+    'PassiveCooling' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0xa0, {
+    'Component' : [ 0x0, ['pointer64', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x8, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x30, ['pointer64', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x38, ['unsigned long']],
+    'LastChangeStamp' : [ 0x40, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x48, ['unsigned char']],
+    'PepRegistered' : [ 0x49, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x4a, ['unsigned char']],
+    'RequestDriverContext' : [ 0x50, ['pointer64', ['void']]],
+    'WorkOrder' : [ 0x58, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x90, ['unsigned long']],
+    'Sets' : [ 0x98, ['pointer64', ['_POP_FX_PERF_SET']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNLIST_SHORT' : [ 0x18, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Flink' : [ 0x8, ['unsigned long long']],
+    'Blink' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_2bce' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2bd0' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2bd2' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2bd4' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2bce']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_2bd0']],
+    'Raw' : [ 0x0, ['__unnamed_2bd2']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DirtyVectorModified', 1: 'DirtyDataCaptureStart', 2: 'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0xc, ['__unnamed_2bd4']],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x10, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x8, ['long']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x28, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0x18, ['_RTL_BITMAP']],
+} ],
+  '_MI_SYSTEM_VA_ASSIGNMENT' : [ 0x10, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2be4' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2be6' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2be4']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2be9' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2beb' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2be9']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2be6']],
+    'HighPart' : [ 0x4, ['__unnamed_2beb']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
+    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
+    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'CopyTicks' : [ 0x20, ['unsigned long long']],
+    'CompressTicks' : [ 0x28, ['unsigned long long']],
+    'BytesCopied' : [ 0x30, ['unsigned long long']],
+    'PagesProcessed' : [ 0x38, ['unsigned long long']],
+    'DecompressTicks' : [ 0x40, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x78, ['unsigned long']],
+    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x48, {
+    'ViewOffset' : [ 0x0, ['unsigned long']],
+    'Pinned' : [ 0x4, ['unsigned char']],
+    'PinMask' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x28, {
+    'NextEntry' : [ 0x0, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x18, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HVIEW_MAP_TABLE' : [ 0x800, {
+    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
+} ],
+  '_LDRP_CSLIST' : [ 0x8, {
+    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'EtwNotificationTypeNoReply', 2: 'EtwNotificationTypeLegacyEnable', 3: 'EtwNotificationTypeEnable', 4: 'EtwNotificationTypePrivateLogger', 5: 'EtwNotificationTypePerflib', 6: 'EtwNotificationTypeAudio', 7: 'EtwNotificationTypeSession', 8: 'EtwNotificationTypeReserved', 9: 'EtwNotificationTypeCredentialUI', 10: 'EtwNotificationTypeInProcSession', 11: 'EtwNotificationTypeFilteredPrivateLogger', 12: 'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x78, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+    'PreQueryOpen' : [ 0x68, ['pointer64', ['void']]],
+    'PostQueryOpen' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer64', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_ENTRY' : [ 0x20, {
+    'ViewStart' : [ 0x0, ['pointer64', ['void']]],
+    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Bcb' : [ 0x8, ['pointer64', ['void']]],
+    'PinnedPages' : [ 0x10, ['unsigned long long']],
+    'Size' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_2c3e' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['pointer64', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_2c40' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x30, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'Unit' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateUnitOther', 1: 'PoFxPerfStateUnitFrequency', 2: 'PoFxPerfStateUnitBandwidth', 3: 'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateTypeDiscrete', 1: 'PoFxPerfStateTypeRange', 2: 'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x20, ['__unnamed_2c3e']],
+    'Range' : [ 0x20, ['__unnamed_2c40']],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2c46' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_2c48' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_2c46']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_2c48']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2c4e' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2c50' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_2c56' : [ 0x10, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer64', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_2c5a' : [ 0x10, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x8, ['unsigned char']],
+} ],
+  '__unnamed_2c5c' : [ 0x20, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileInformation' : [ 0x8, ['pointer64', ['void']]],
+    'Length' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'FileInformationClass' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileDesiredStorageClassInformation', 68: 'FileStatInformation', 69: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_2c5e' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2c4e']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2c50']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2c56']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_2c5a']],
+    'QueryOpen' : [ 0x0, ['__unnamed_2c5c']],
+    'Others' : [ 0x0, ['__unnamed_2c5e']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+}
diff --git a/volatility/plugins/overlays/windows/win10_x86_15063_vtypes.py b/volatility/plugins/overlays/windows/win10_x86_15063_vtypes.py
new file mode 100755
index 000000000..13b8547d4
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_15063_vtypes.py
@@ -0,0 +1,13436 @@
+ntkrpamp_86_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'Reserved8' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1084' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1084']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1088' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1088']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_10a3' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_10a5' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_10a3']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x4, ['pointer', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x8, ['pointer', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0xc, ['pointer', ['void']]],
+    'RaceDll' : [ 0x10, ['pointer', ['void']]],
+    'ActivationContext' : [ 0x14, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x18, ['pointer', ['void']]],
+    'u' : [ 0x1c, ['__unnamed_10a5']],
+    'CallbackPriority' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x24, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x1c, ['pointer', ['void']]],
+    'ClientId' : [ 0x20, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['pointer', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x30, ['pointer', ['_PEB']]],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['pointer', ['void']]],
+    'Win32ThreadInfo' : [ 0x40, ['pointer', ['void']]],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['pointer', ['void']]],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['pointer', ['void']]]],
+    'SystemReserved1' : [ 0x10c, ['array', 30, ['pointer', ['void']]]],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['pointer', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['pointer', ['void']]],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['pointer', ['void']]],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['pointer', ['void']]]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['pointer', ['void']]],
+    'glSectionInfo' : [ 0xbe0, ['pointer', ['void']]],
+    'glSection' : [ 0xbe4, ['pointer', ['void']]],
+    'glTable' : [ 0xbe8, ['pointer', ['void']]],
+    'glCurrentRC' : [ 0xbec, ['pointer', ['void']]],
+    'glContext' : [ 0xbf0, ['pointer', ['void']]],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['pointer', ['void']]],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['pointer', ['void']]]],
+    'TlsLinks' : [ 0xf10, ['_LIST_ENTRY']],
+    'Vdm' : [ 0xf18, ['pointer', ['void']]],
+    'ReservedForNtRpc' : [ 0xf1c, ['pointer', ['void']]],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['pointer', ['void']]]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['pointer', ['void']]]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['pointer', ['void']]],
+    'PerflibData' : [ 0xf64, ['pointer', ['void']]],
+    'EtwTraceData' : [ 0xf68, ['pointer', ['void']]],
+    'WinSockData' : [ 0xf6c, ['pointer', ['void']]],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['pointer', ['void']]],
+    'ReservedForOle' : [ 0xf80, ['pointer', ['void']]],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['pointer', ['void']]],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['pointer', ['void']]],
+    'TlsExpansionSlots' : [ 0xf94, ['pointer', ['pointer', ['void']]]],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['pointer', ['void']]],
+    'pShimData' : [ 0xfa4, ['pointer', ['void']]],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['pointer', ['void']]],
+    'ActiveFrame' : [ 0xfb0, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0xfb4, ['pointer', ['void']]],
+    'PreferredLanguages' : [ 0xfb8, ['pointer', ['void']]],
+    'UserPrefLanguages' : [ 0xfbc, ['pointer', ['void']]],
+    'MergedPrefLanguages' : [ 0xfc0, ['pointer', ['void']]],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['pointer', ['void']]],
+    'TxnScopeExitCallback' : [ 0xfd0, ['pointer', ['void']]],
+    'TxnScopeContext' : [ 0xfd4, ['pointer', ['void']]],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['pointer', ['void']]],
+    'ReservedForWdf' : [ 0xfe4, ['pointer', ['void']]],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x8, {
+    'Flink' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x4, {
+    'Next' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0xc, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0xc, {
+    'ChainHead' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x14, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0xc, ['pointer', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x24, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS' : [ 0xf8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0xc, {
+    'Children' : [ 0x0, ['array', 2, ['pointer', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_AVL_TREE' : [ 0x4, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x4a20, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'Used_ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Used_StackBase' : [ 0x4, ['pointer', ['void']]],
+    'MxCsr' : [ 0x8, ['unsigned long']],
+    'TssCopy' : [ 0xc, ['pointer', ['void']]],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'SetMemberCopy' : [ 0x14, ['unsigned long']],
+    'Used_Self' : [ 0x18, ['pointer', ['void']]],
+    'SelfPcr' : [ 0x1c, ['pointer', ['_KPCR']]],
+    'Prcb' : [ 0x20, ['pointer', ['_KPRCB']]],
+    'Irql' : [ 0x24, ['unsigned char']],
+    'IRR' : [ 0x28, ['unsigned long']],
+    'IrrActive' : [ 0x2c, ['unsigned long']],
+    'IDR' : [ 0x30, ['unsigned long']],
+    'KdVersionBlock' : [ 0x34, ['pointer', ['void']]],
+    'IDT' : [ 0x38, ['pointer', ['_KIDTENTRY']]],
+    'GDT' : [ 0x3c, ['pointer', ['_KGDTENTRY']]],
+    'TSS' : [ 0x40, ['pointer', ['_KTSS']]],
+    'MajorVersion' : [ 0x44, ['unsigned short']],
+    'MinorVersion' : [ 0x46, ['unsigned short']],
+    'SetMember' : [ 0x48, ['unsigned long']],
+    'StallScaleFactor' : [ 0x4c, ['unsigned long']],
+    'SpareUnused' : [ 0x50, ['unsigned char']],
+    'Number' : [ 0x51, ['unsigned char']],
+    'Spare0' : [ 0x52, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x53, ['unsigned char']],
+    'VdmAlert' : [ 0x54, ['unsigned long']],
+    'KernelReserved' : [ 0x58, ['array', 14, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0x90, ['unsigned long']],
+    'HalReserved' : [ 0x94, ['array', 16, ['unsigned long']]],
+    'InterruptMode' : [ 0xd4, ['unsigned long']],
+    'Spare1' : [ 0xd8, ['unsigned char']],
+    'KernelReserved2' : [ 0xdc, ['array', 17, ['unsigned long']]],
+    'PrcbData' : [ 0x120, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x4900, {
+    'MinorVersion' : [ 0x0, ['unsigned short']],
+    'MajorVersion' : [ 0x2, ['unsigned short']],
+    'CurrentThread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'NextThread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'IdleThread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'LegacyNumber' : [ 0x10, ['unsigned char']],
+    'NestingLevel' : [ 0x11, ['unsigned char']],
+    'BuildType' : [ 0x12, ['unsigned short']],
+    'CpuType' : [ 0x14, ['unsigned char']],
+    'CpuID' : [ 0x15, ['unsigned char']],
+    'CpuStep' : [ 0x16, ['unsigned short']],
+    'CpuStepping' : [ 0x16, ['unsigned char']],
+    'CpuModel' : [ 0x17, ['unsigned char']],
+    'ProcessorState' : [ 0x18, ['_KPROCESSOR_STATE']],
+    'ParentNode' : [ 0x338, ['pointer', ['_KNODE']]],
+    'PriorityState' : [ 0x33c, ['pointer', ['unsigned char']]],
+    'KernelReserved' : [ 0x340, ['array', 14, ['unsigned long']]],
+    'HalReserved' : [ 0x378, ['array', 16, ['unsigned long']]],
+    'CFlushSize' : [ 0x3b8, ['unsigned long']],
+    'CoresPerPhysicalProcessor' : [ 0x3bc, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x3bd, ['unsigned char']],
+    'CpuVendor' : [ 0x3be, ['unsigned char']],
+    'PrcbPad0' : [ 0x3bf, ['array', 1, ['unsigned char']]],
+    'MHz' : [ 0x3c0, ['unsigned long']],
+    'GroupIndex' : [ 0x3c4, ['unsigned char']],
+    'Group' : [ 0x3c5, ['unsigned char']],
+    'PrcbPad05' : [ 0x3c6, ['array', 2, ['unsigned char']]],
+    'GroupSetMember' : [ 0x3c8, ['unsigned long']],
+    'Number' : [ 0x3cc, ['unsigned long']],
+    'ClockOwner' : [ 0x3d0, ['unsigned char']],
+    'PendingTickFlags' : [ 0x3d1, ['unsigned char']],
+    'PendingTick' : [ 0x3d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x3d1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PrcbPad10' : [ 0x3d2, ['array', 70, ['unsigned char']]],
+    'LockQueue' : [ 0x418, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'InterruptCount' : [ 0x4a0, ['unsigned long']],
+    'KernelTime' : [ 0x4a4, ['unsigned long']],
+    'UserTime' : [ 0x4a8, ['unsigned long']],
+    'DpcTime' : [ 0x4ac, ['unsigned long']],
+    'DpcTimeCount' : [ 0x4b0, ['unsigned long']],
+    'InterruptTime' : [ 0x4b4, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4b8, ['unsigned long']],
+    'PageColor' : [ 0x4bc, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4c0, ['unsigned char']],
+    'NodeColor' : [ 0x4c1, ['unsigned char']],
+    'DeepSleep' : [ 0x4c2, ['unsigned char']],
+    'PrcbPad20' : [ 0x4c3, ['array', 5, ['unsigned char']]],
+    'NodeShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x4cc, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4d0, ['unsigned long']],
+    'PrcbPad21' : [ 0x4d4, ['array', 3, ['unsigned long']]],
+    'CcFastReadNoWait' : [ 0x4e0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x4e4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x4e8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x4ec, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x4f0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x4f4, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x4f8, ['long']],
+    'IoReadOperationCount' : [ 0x4fc, ['long']],
+    'IoWriteOperationCount' : [ 0x500, ['long']],
+    'IoOtherOperationCount' : [ 0x504, ['long']],
+    'IoReadTransferCount' : [ 0x508, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x510, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x518, ['_LARGE_INTEGER']],
+    'CcFastMdlReadNoWait' : [ 0x520, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x524, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x528, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x52c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x530, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x534, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x538, ['unsigned long']],
+    'CcPinReadWait' : [ 0x53c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x540, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x544, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x548, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x54c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x550, ['unsigned long']],
+    'CcDataFlushes' : [ 0x554, ['unsigned long']],
+    'CcDataPages' : [ 0x558, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x55c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x560, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x564, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x568, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x56c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x570, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x574, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x578, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x57c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x580, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x584, ['unsigned long']],
+    'KeAlignmentFixupCount' : [ 0x588, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x58c, ['unsigned long']],
+    'KeSystemCalls' : [ 0x590, ['unsigned long']],
+    'AvailableTime' : [ 0x594, ['unsigned long']],
+    'PrcbPad22' : [ 0x598, ['array', 2, ['unsigned long']]],
+    'PPLookasideList' : [ 0x5a0, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x620, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0xf20, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x1820, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x2120, ['long']],
+    'ReverseStall' : [ 0x2124, ['long']],
+    'IpiFrame' : [ 0x2128, ['pointer', ['void']]],
+    'PrcbPad3' : [ 0x212c, ['array', 52, ['unsigned char']]],
+    'CurrentPacket' : [ 0x2160, ['array', 3, ['pointer', ['void']]]],
+    'TargetSet' : [ 0x216c, ['unsigned long']],
+    'WorkerRoutine' : [ 0x2170, ['pointer', ['void']]],
+    'IpiFrozen' : [ 0x2174, ['unsigned long']],
+    'PrcbPad4' : [ 0x2178, ['array', 40, ['unsigned char']]],
+    'RequestSummary' : [ 0x21a0, ['unsigned long']],
+    'TargetCount' : [ 0x21a4, ['long']],
+    'LastNonHrTimerExpiration' : [ 0x21a8, ['unsigned long long']],
+    'PrcbPad50' : [ 0x21b0, ['array', 32, ['unsigned char']]],
+    'InterruptLastCount' : [ 0x21d0, ['unsigned long']],
+    'InterruptRate' : [ 0x21d4, ['unsigned long']],
+    'DeviceInterrupts' : [ 0x21d8, ['unsigned long']],
+    'IsrDpcStats' : [ 0x21dc, ['pointer', ['void']]],
+    'DpcData' : [ 0x21e0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2210, ['pointer', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2214, ['long']],
+    'DpcRequestRate' : [ 0x2218, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x221c, ['unsigned long']],
+    'DpcLastCount' : [ 0x2220, ['unsigned long']],
+    'PrcbLock' : [ 0x2224, ['unsigned long']],
+    'DpcGate' : [ 0x2228, ['_KGATE']],
+    'IdleState' : [ 0x2238, ['unsigned char']],
+    'QuantumEnd' : [ 0x2239, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x223a, ['unsigned char']],
+    'IdleSchedule' : [ 0x223b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x223c, ['long']],
+    'DpcRequestSlot' : [ 0x223c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x223c, ['short']],
+    'ThreadDpcState' : [ 0x223e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x223c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x223c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x223c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x223c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x223c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x223c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x223c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x223c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x223c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x223c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2240, ['unsigned long']],
+    'LastTick' : [ 0x2244, ['unsigned long']],
+    'PeriodicCount' : [ 0x2248, ['unsigned long']],
+    'PeriodicBias' : [ 0x224c, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2250, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2254, ['unsigned long']],
+    'GroupSchedulingOverQuota' : [ 0x2258, ['unsigned char']],
+    'ThreadDpcEnable' : [ 0x2259, ['unsigned char']],
+    'PrcbPad41' : [ 0x225a, ['array', 2, ['unsigned char']]],
+    'TimerTable' : [ 0x2260, ['_KTIMER_TABLE']],
+    'CallDpc' : [ 0x3aa0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x3ac0, ['long']],
+    'PrcbPad6' : [ 0x3ac4, ['array', 4, ['unsigned char']]],
+    'DpcWatchdogPeriod' : [ 0x3ac8, ['long']],
+    'DpcWatchdogCount' : [ 0x3acc, ['long']],
+    'KeSpinLockOrdering' : [ 0x3ad0, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x3ad4, ['unsigned long']],
+    'QueueIndex' : [ 0x3ad8, ['unsigned long']],
+    'DeferredReadyListHead' : [ 0x3adc, ['_SINGLE_LIST_ENTRY']],
+    'ReadySummary' : [ 0x3ae0, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x3ae4, ['long']],
+    'WaitLock' : [ 0x3ae8, ['unsigned long']],
+    'WaitListHead' : [ 0x3aec, ['_LIST_ENTRY']],
+    'ScbOffset' : [ 0x3af4, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x3af8, ['unsigned long']],
+    'StartCycles' : [ 0x3b00, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x3b08, ['unsigned long long']],
+    'TaggedCycles' : [ 0x3b10, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x3b20, ['unsigned long long']],
+    'CycleTime' : [ 0x3b28, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x3b30, ['unsigned long long']],
+    'ImportantCycles' : [ 0x3b38, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x3b40, ['unsigned long long']],
+    'ReadyQueueExpectedRunTime' : [ 0x3b48, ['unsigned long long']],
+    'HighCycleTime' : [ 0x3b50, ['unsigned long']],
+    'Cycles' : [ 0x3b58, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad71' : [ 0x3b98, ['array', 2, ['unsigned long']]],
+    'DispatcherReadyListHead' : [ 0x3ba0, ['array', 32, ['_LIST_ENTRY']]],
+    'ChainedInterruptList' : [ 0x3ca0, ['pointer', ['void']]],
+    'LookasideIrpFloat' : [ 0x3ca4, ['long']],
+    'ScbQueue' : [ 0x3ca8, ['_RTL_RB_TREE']],
+    'ScbList' : [ 0x3cb0, ['_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x3cb8, ['long']],
+    'MmCopyOnWriteCount' : [ 0x3cbc, ['long']],
+    'MmTransitionCount' : [ 0x3cc0, ['long']],
+    'MmCacheTransitionCount' : [ 0x3cc4, ['long']],
+    'MmDemandZeroCount' : [ 0x3cc8, ['long']],
+    'MmPageReadCount' : [ 0x3ccc, ['long']],
+    'MmPageReadIoCount' : [ 0x3cd0, ['long']],
+    'MmCacheReadCount' : [ 0x3cd4, ['long']],
+    'MmCacheIoCount' : [ 0x3cd8, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x3cdc, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x3ce0, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x3ce4, ['long']],
+    'MmMappedWriteIoCount' : [ 0x3ce8, ['long']],
+    'CachedCommit' : [ 0x3cec, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x3cf0, ['unsigned long']],
+    'HyperPte' : [ 0x3cf4, ['pointer', ['void']]],
+    'PrcbPad8' : [ 0x3cf8, ['array', 4, ['unsigned char']]],
+    'VendorString' : [ 0x3cfc, ['array', 13, ['unsigned char']]],
+    'InitialApicId' : [ 0x3d09, ['unsigned char']],
+    'LogicalProcessorsPerPhysicalProcessor' : [ 0x3d0a, ['unsigned char']],
+    'PrcbPad9' : [ 0x3d0b, ['array', 1, ['unsigned char']]],
+    'FeatureBits' : [ 0x3d10, ['unsigned long long']],
+    'UpdateSignature' : [ 0x3d18, ['_LARGE_INTEGER']],
+    'IsrTime' : [ 0x3d20, ['unsigned long long']],
+    'PrcbPad90' : [ 0x3d28, ['array', 2, ['unsigned long']]],
+    'PowerState' : [ 0x3d30, ['_PROCESSOR_POWER_STATE']],
+    'ForceIdleDpc' : [ 0x3eb0, ['_KDPC']],
+    'PrcbPad91' : [ 0x3ed0, ['array', 8, ['unsigned long']]],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x3ef0, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x3ef4, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x3f18, ['_KTIMER']],
+    'HypercallPageList' : [ 0x3f40, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x3f48, ['pointer', ['void']]],
+    'VirtualApicAssist' : [ 0x3f4c, ['pointer', ['void']]],
+    'StatisticsPage' : [ 0x3f50, ['pointer', ['unsigned long long']]],
+    'Cache' : [ 0x3f54, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x3f90, ['unsigned long']],
+    'PackageProcessorSet' : [ 0x3f94, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x3fa0, ['unsigned long']],
+    'SharedReadyQueue' : [ 0x3fa4, ['pointer', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x3fa8, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x3fac, ['unsigned long']],
+    'ScanSiblingMask' : [ 0x3fb0, ['unsigned long']],
+    'LLCMask' : [ 0x3fb4, ['unsigned long']],
+    'CacheProcessorMask' : [ 0x3fb8, ['array', 5, ['unsigned long']]],
+    'ScanSiblingIndex' : [ 0x3fcc, ['unsigned long']],
+    'WheaInfo' : [ 0x3fd0, ['pointer', ['void']]],
+    'EtwSupport' : [ 0x3fd4, ['pointer', ['void']]],
+    'InterruptObjectPool' : [ 0x3fd8, ['_SLIST_HEADER']],
+    'DpcWatchdogProfile' : [ 0x3fe0, ['pointer', ['pointer', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x3fe4, ['pointer', ['pointer', ['void']]]],
+    'PrcbPad92' : [ 0x3fe8, ['array', 1, ['unsigned long']]],
+    'PteBitCache' : [ 0x3fec, ['unsigned long']],
+    'PteBitOffset' : [ 0x3ff0, ['unsigned long']],
+    'PrcbPad93' : [ 0x3ff4, ['unsigned long']],
+    'ProcessorProfileControlArea' : [ 0x3ff8, ['pointer', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x3ffc, ['pointer', ['void']]],
+    'TimerExpirationDpc' : [ 0x4000, ['_KDPC']],
+    'SynchCounters' : [ 0x4020, ['_SYNCH_COUNTERS']],
+    'FsCounters' : [ 0x40d8, ['_FILESYSTEM_DISK_COUNTERS']],
+    'Context' : [ 0x40e8, ['pointer', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x40ec, ['unsigned long']],
+    'ExtendedState' : [ 0x40f0, ['pointer', ['_XSAVE_AREA']]],
+    'EntropyTimingState' : [ 0x40f4, ['_KENTROPY_TIMING_STATE']],
+    'IsrStack' : [ 0x421c, ['pointer', ['void']]],
+    'VectorToInterruptObject' : [ 0x4220, ['array', 208, ['pointer', ['_KINTERRUPT']]]],
+    'AbSelfIoBoostsList' : [ 0x4560, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x4564, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x4568, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x4588, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x45dc, ['_IOP_IRP_STACK_PROFILER']],
+    'TimerExpirationTrace' : [ 0x4630, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x4730, ['unsigned long']],
+    'ExSaPageArray' : [ 0x4734, ['pointer', ['void']]],
+    'PrcbPad100' : [ 0x4738, ['array', 10, ['unsigned long']]],
+    'LocalSharedReadyQueue' : [ 0x4760, ['_KSHARED_READY_QUEUE']],
+    'Mailbox' : [ 0x48a0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'PrcbPad' : [ 0x48a4, ['array', 60, ['unsigned char']]],
+    'RequestMailbox' : [ 0x48e0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KAPC' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x14, ['pointer', ['void']]],
+    'RundownRoutine' : [ 0x18, ['pointer', ['void']]],
+    'NormalRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Reserved' : [ 0x14, ['array', 3, ['pointer', ['void']]]],
+    'NormalContext' : [ 0x20, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x24, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x28, ['pointer', ['void']]],
+    'ApcStateIndex' : [ 0x2c, ['unsigned char']],
+    'ApcMode' : [ 0x2d, ['unsigned char']],
+    'Inserted' : [ 0x2e, ['unsigned char']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0xb0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x18, ['unsigned long']],
+    'LdtDescriptor' : [ 0x1c, ['_KGDTENTRY']],
+    'Int21Descriptor' : [ 0x24, ['_KIDTENTRY']],
+    'ThreadListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x34, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x38, ['unsigned long long']],
+    'Affinity' : [ 0x40, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x4c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x54, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x58, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x64, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x64, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x64, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'DeepFreeze' : [ 0x64, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x64, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x64, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x64, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x64, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x64, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x64, ['long']],
+    'BasePriority' : [ 0x68, ['unsigned char']],
+    'QuantumReset' : [ 0x69, ['unsigned char']],
+    'Visited' : [ 0x6a, ['unsigned char']],
+    'Flags' : [ 0x6b, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x6c, ['array', 1, ['unsigned long']]],
+    'IdealNode' : [ 0x70, ['array', 1, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x72, ['unsigned short']],
+    'Spare1' : [ 0x74, ['unsigned short']],
+    'IopmOffset' : [ 0x76, ['unsigned short']],
+    'SchedulingGroup' : [ 0x78, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'StackCount' : [ 0x7c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x80, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x88, ['unsigned long long']],
+    'ContextSwitches' : [ 0x90, ['unsigned long long']],
+    'FreezeCount' : [ 0x98, ['unsigned long']],
+    'KernelTime' : [ 0x9c, ['unsigned long']],
+    'UserTime' : [ 0xa0, ['unsigned long']],
+    'ReadyTime' : [ 0xa4, ['unsigned long']],
+    'VdmTrapcHandler' : [ 0xa8, ['pointer', ['void']]],
+    'ProcessTimerDelay' : [ 0xac, ['unsigned long']],
+} ],
+  '_KTHREAD' : [ 0x350, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x10, ['pointer', ['void']]],
+    'QuantumTarget' : [ 0x18, ['unsigned long long']],
+    'InitialStack' : [ 0x20, ['pointer', ['void']]],
+    'StackLimit' : [ 0x24, ['pointer', ['void']]],
+    'StackBase' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLock' : [ 0x2c, ['unsigned long']],
+    'CycleTime' : [ 0x30, ['unsigned long long']],
+    'HighCycleTime' : [ 0x38, ['unsigned long']],
+    'ServiceTable' : [ 0x3c, ['pointer', ['void']]],
+    'CurrentRunTime' : [ 0x40, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x44, ['unsigned long']],
+    'KernelStack' : [ 0x48, ['pointer', ['void']]],
+    'StateSaveArea' : [ 0x4c, ['pointer', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x50, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x54, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x55, ['unsigned char']],
+    'Alerted' : [ 0x56, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x58, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x58, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x58, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x58, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x58, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x58, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x58, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x58, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x58, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x58, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x58, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x58, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x58, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x58, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x58, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x58, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x58, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x58, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x58, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x58, ['long']],
+    'AutoAlignment' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BamEppImportant' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GuiThread' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x5c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x5c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x5c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x5c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x5c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x5c, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x5c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x5c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x5c, ['BitField', dict(start_bit = 17, end_bit = 19, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x5c, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x5c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x5c, ['BitField', dict(start_bit = 21, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x5c, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x5c, ['long']],
+    'Tag' : [ 0x60, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x61, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x63, ['unsigned char']],
+    'SystemCallNumber' : [ 0x64, ['unsigned long']],
+    'FirstArgument' : [ 0x68, ['pointer', ['void']]],
+    'TrapFrame' : [ 0x6c, ['pointer', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x70, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x70, ['array', 23, ['unsigned char']]],
+    'Priority' : [ 0x87, ['unsigned char']],
+    'UserIdealProcessor' : [ 0x88, ['unsigned long']],
+    'ContextSwitches' : [ 0x8c, ['unsigned long']],
+    'State' : [ 0x90, ['unsigned char']],
+    'Spare12' : [ 0x91, ['unsigned char']],
+    'WaitIrql' : [ 0x92, ['unsigned char']],
+    'WaitMode' : [ 0x93, ['unsigned char']],
+    'WaitStatus' : [ 0x94, ['long']],
+    'WaitBlockList' : [ 0x98, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0x9c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x9c, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xa4, ['pointer', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xa8, ['pointer', ['void']]],
+    'RelativeTimerBias' : [ 0xb0, ['unsigned long long']],
+    'Timer' : [ 0xb8, ['_KTIMER']],
+    'WaitBlock' : [ 0xe0, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill8' : [ 0xe0, ['array', 20, ['unsigned char']]],
+    'ThreadCounters' : [ 0xf4, ['pointer', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0xe0, ['array', 44, ['unsigned char']]],
+    'XStateSave' : [ 0x10c, ['pointer', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0xe0, ['array', 68, ['unsigned char']]],
+    'Win32Thread' : [ 0x124, ['pointer', ['void']]],
+    'WaitBlockFill11' : [ 0xe0, ['array', 88, ['unsigned char']]],
+    'WaitTime' : [ 0x138, ['unsigned long']],
+    'KernelApcDisable' : [ 0x13c, ['short']],
+    'SpecialApcDisable' : [ 0x13e, ['short']],
+    'CombinedApcDisable' : [ 0x13c, ['unsigned long']],
+    'QueueListEntry' : [ 0x140, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x148, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x148, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x148, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x14c, ['long']],
+    'Process' : [ 0x150, ['pointer', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x154, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x154, ['array', 6, ['unsigned char']]],
+    'PreviousMode' : [ 0x15a, ['unsigned char']],
+    'BasePriority' : [ 0x15b, ['unsigned char']],
+    'PriorityDecrement' : [ 0x15c, ['unsigned char']],
+    'ForegroundBoost' : [ 0x15c, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x15c, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x15d, ['unsigned char']],
+    'AdjustReason' : [ 0x15e, ['unsigned char']],
+    'AdjustIncrement' : [ 0x15f, ['unsigned char']],
+    'AffinityVersion' : [ 0x160, ['unsigned long']],
+    'Affinity' : [ 0x164, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x164, ['array', 6, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x16a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x16b, ['unsigned char']],
+    'IdealProcessor' : [ 0x16c, ['unsigned long']],
+    'ReadyTime' : [ 0x170, ['unsigned long']],
+    'SavedApcState' : [ 0x174, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x174, ['array', 23, ['unsigned char']]],
+    'WaitReason' : [ 0x18b, ['unsigned char']],
+    'SuspendCount' : [ 0x18c, ['unsigned char']],
+    'Saturation' : [ 0x18d, ['unsigned char']],
+    'SListFaultCount' : [ 0x18e, ['unsigned short']],
+    'SchedulerApc' : [ 0x190, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x190, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x191, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x190, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x193, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x190, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x194, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x190, ['array', 36, ['unsigned char']]],
+    'WaitPrcb' : [ 0x1b4, ['pointer', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x190, ['array', 40, ['unsigned char']]],
+    'LegoData' : [ 0x1b8, ['pointer', ['void']]],
+    'SchedulerApcFill5' : [ 0x190, ['array', 47, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x1bf, ['unsigned char']],
+    'UserTime' : [ 0x1c0, ['unsigned long']],
+    'SuspendEvent' : [ 0x1c4, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x1d4, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x1dc, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x1e4, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x1e5, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x1e6, ['unsigned char']],
+    'Spare20' : [ 0x1e7, ['unsigned char']],
+    'LockEntries' : [ 0x1e8, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x308, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x30c, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x310, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x320, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x324, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x328, ['long']],
+    'KeReferenceCount' : [ 0x32c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x32e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x32f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x330, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x334, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x334, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x338, ['unsigned long']],
+    'QueuedScb' : [ 0x33c, ['pointer', ['_KSCB']]],
+    'NpxState' : [ 0x340, ['unsigned long long']],
+    'ThreadTimerDelay' : [ 0x348, ['unsigned long']],
+} ],
+  '_KSTACK_CONTROL' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'ActualLimit' : [ 0x4, ['unsigned long']],
+    'StackExpansion' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousTrapFrame' : [ 0x8, ['pointer', ['_KTRAP_FRAME']]],
+    'PreviousExceptionList' : [ 0xc, ['pointer', ['void']]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Event' : [ 0xc, ['_KEVENT']],
+    'OldIrql' : [ 0x1c, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_SLIST_HEADER' : [ 0x8, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x4, ['unsigned short']],
+    'CpuId' : [ 0x6, ['unsigned short']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x48, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['unsigned long']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['_FAST_MUTEX']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer', ['void']]],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Parameter' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer', ['void']]],
+    'DeleteContext' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x8, {
+    'P' : [ 0x0, ['pointer', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x4, ['pointer', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x100, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long']],
+    'IdleSmtSet' : [ 0x4, ['unsigned long']],
+    'IdleCpuSet' : [ 0x8, ['unsigned long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long']],
+    'IdleConstrainedSet' : [ 0x44, ['unsigned long']],
+    'NonParkedSet' : [ 0x48, ['unsigned long']],
+    'ParkLock' : [ 0x4c, ['long']],
+    'Seed' : [ 0x50, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x84, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x84, ['array', 6, ['unsigned char']]],
+    'NodeNumber' : [ 0x8a, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x8c, ['unsigned short']],
+    'Stride' : [ 0x8e, ['unsigned char']],
+    'Spare0' : [ 0x8f, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x90, ['unsigned long']],
+    'ProximityId' : [ 0x94, ['unsigned long']],
+    'Lowest' : [ 0x98, ['unsigned long']],
+    'Highest' : [ 0x9c, ['unsigned long']],
+    'MaximumProcessors' : [ 0xa0, ['unsigned char']],
+    'Flags' : [ 0xa1, ['_flags']],
+    'Spare10' : [ 0xa2, ['unsigned char']],
+    'HeteroSets' : [ 0xa4, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+} ],
+  '_ENODE' : [ 0x540, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'ExWorkQueues' : [ 0x100, ['array', 8, ['pointer', ['_EX_WORK_QUEUE']]]],
+    'ExWorkQueue' : [ 0x120, ['_EX_WORK_QUEUE']],
+    'IoWorkQueue' : [ 0x2d8, ['_EX_WORK_QUEUE']],
+    'ExpThreadSetManagerEvent' : [ 0x490, ['_KEVENT']],
+    'ExpDeadlockTimer' : [ 0x4a0, ['_KTIMER']],
+    'ExpThreadReaperEvent' : [ 0x4c8, ['_KEVENT']],
+    'WaitBlocks' : [ 0x4d8, ['array', 3, ['_KWAIT_BLOCK']]],
+    'ExpWorkerThreadBalanceManagerPtr' : [ 0x520, ['pointer', ['_ETHREAD']]],
+    'ExpWorkerSeed' : [ 0x524, ['unsigned long']],
+    'ExWorkerFullInit' : [ 0x528, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerStructInit' : [ 0x528, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExWorkerFlags' : [ 0x528, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long']],
+    'QuotaProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x10, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'StrictFIFO' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x1c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x1c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x24, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 20, ['unsigned char']]],
+    'DebugInfo' : [ 0x54, ['pointer', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'VolatileLowValue' : [ 0x0, ['long']],
+    'LowValue' : [ 0x0, ['long']],
+    'InfoTable' : [ 0x0, ['pointer', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x4, ['long']],
+    'NextFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x4, ['_EXHANDLE']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'RefCountField' : [ 0x4, ['long']],
+    'GrantedAccessBits' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'ProtectFromClose' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'RefCnt' : [ 0x4, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_FAST_REF' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1352' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0x74, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'AuxData' : [ 0x30, ['pointer', ['void']]],
+    'Privileges' : [ 0x34, ['__unnamed_1352']],
+    'AuditPrivileges' : [ 0x60, ['unsigned char']],
+    'ObjectName' : [ 0x64, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x6c, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xc4, {
+    'PrivilegesUsed' : [ 0x0, ['pointer', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x4, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x14, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x18, ['unsigned long']],
+    'TransactionId' : [ 0x1c, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x30, ['pointer', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x34, ['pointer', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x38, ['pointer', ['void']]],
+    'SDLock' : [ 0x3c, ['pointer', ['void']]],
+    'AccessReasons' : [ 0x40, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xc0, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x480, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x350, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x358, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x358, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x360, ['pointer', ['void']]],
+    'PostBlockList' : [ 0x364, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x364, ['pointer', ['void']]],
+    'StartAddress' : [ 0x368, ['pointer', ['void']]],
+    'TerminationPort' : [ 0x36c, ['pointer', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x36c, ['pointer', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x36c, ['pointer', ['void']]],
+    'ActiveTimerListLock' : [ 0x370, ['unsigned long']],
+    'ActiveTimerListHead' : [ 0x374, ['_LIST_ENTRY']],
+    'Cid' : [ 0x37c, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x384, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x384, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x398, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x39c, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x3a4, ['unsigned long']],
+    'DeviceToVerify' : [ 0x3a8, ['pointer', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x3ac, ['pointer', ['void']]],
+    'LegacyPowerObject' : [ 0x3b0, ['pointer', ['void']]],
+    'ThreadListEntry' : [ 0x3b4, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x3bc, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x3c0, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x3c4, ['unsigned long']],
+    'MmLockOrdering' : [ 0x3c8, ['long']],
+    'CrossThreadFlags' : [ 0x3cc, ['unsigned long']],
+    'Terminated' : [ 0x3cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x3cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x3cc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x3cc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x3cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x3cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x3cc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x3cc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x3cc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x3cc, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x3cc, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x3cc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x3cc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x3cc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x3cc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x3cc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x3cc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x3cc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x3cc, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x3d0, ['unsigned long']],
+    'ActiveExWorker' : [ 0x3d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x3d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x3d0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x3d0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x3d0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x3d0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x3d0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x3d0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x3d0, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x3d4, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x3d4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x3d4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x3d4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x3d4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x3d4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x3d4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x3d4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x3d4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x3d5, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x3d5, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x3d8, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x3d9, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x3da, ['unsigned char']],
+    'LockOrderState' : [ 0x3db, ['unsigned char']],
+    'AlpcMessageId' : [ 0x3dc, ['unsigned long']],
+    'AlpcMessage' : [ 0x3e0, ['pointer', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x3e0, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x3e4, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x3ec, ['long']],
+    'CacheManagerCount' : [ 0x3f0, ['unsigned long']],
+    'IoBoostCount' : [ 0x3f4, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x3f8, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x3fc, ['unsigned long']],
+    'BoostList' : [ 0x400, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x408, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x410, ['unsigned long']],
+    'IrpListLock' : [ 0x414, ['unsigned long']],
+    'ReservedForSynchTracking' : [ 0x418, ['pointer', ['void']]],
+    'CmCallbackListHead' : [ 0x41c, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x420, ['pointer', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x424, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x428, ['pointer', ['void']]],
+    'KernelStackReference' : [ 0x42c, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x430, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x434, ['pointer', ['void']]],
+    'PropertySet' : [ 0x438, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x444, ['pointer', ['void']]],
+    'UserFsBase' : [ 0x448, ['unsigned long']],
+    'UserGsBase' : [ 0x44c, ['unsigned long']],
+    'EnergyValues' : [ 0x450, ['pointer', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x454, ['pointer', ['void']]],
+    'SelectedCpuSets' : [ 0x458, ['unsigned long']],
+    'SelectedCpuSetsIndirect' : [ 0x458, ['pointer', ['unsigned long']]],
+    'Silo' : [ 0x45c, ['pointer', ['_EJOB']]],
+    'ThreadName' : [ 0x460, ['pointer', ['_UNICODE_STRING']]],
+    'LastExpectedRunTime' : [ 0x464, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x468, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x470, ['unsigned long']],
+    'DisownedOwnerEntryListHead' : [ 0x474, ['_LIST_ENTRY']],
+} ],
+  '_EPROCESS' : [ 0x3e0, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0xb4, ['pointer', ['void']]],
+    'ActiveProcessLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0xc0, ['_EX_RUNDOWN_REF']],
+    'VdmObjects' : [ 0xc4, ['pointer', ['void']]],
+    'Flags2' : [ 0xc8, ['unsigned long']],
+    'JobNotReallyActive' : [ 0xc8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0xc8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0xc8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0xc8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0xc8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0xc8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0xc8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0xc8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0xc8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0xc8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0xc8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0xc8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0xc8, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0xc8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0xc8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0xc8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0xc8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0xc8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0xc8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0xc8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0xc8, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0xc8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0xc8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0xc8, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0xc8, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0xc8, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0xc8, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0xc8, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0xcc, ['unsigned long']],
+    'CreateReported' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0xcc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0xcc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0xcc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ControlFlowGuardEnabled' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0xcc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0xcc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0xcc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0xcc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0xcc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0xcc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0xcc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0xcc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0xcc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0xcc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0xcc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0xcc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0xcc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0xcc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0xcc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0xcc, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0xcc, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0xcc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0xd0, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0xd8, ['array', 2, ['unsigned long']]],
+    'ProcessQuotaPeak' : [ 0xe0, ['array', 2, ['unsigned long']]],
+    'PeakVirtualSize' : [ 0xe8, ['unsigned long']],
+    'VirtualSize' : [ 0xec, ['unsigned long']],
+    'SessionProcessLinks' : [ 0xf0, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0xf8, ['pointer', ['void']]],
+    'ExceptionPortValue' : [ 0xf8, ['unsigned long']],
+    'ExceptionPortState' : [ 0xf8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Token' : [ 0xfc, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x100, ['unsigned long']],
+    'AddressCreationLock' : [ 0x104, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x108, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x10c, ['pointer', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x110, ['pointer', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x114, ['pointer', ['_EJOB']]],
+    'CloneRoot' : [ 0x118, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x11c, ['unsigned long']],
+    'NumberOfLockedPages' : [ 0x120, ['unsigned long']],
+    'Win32Process' : [ 0x124, ['pointer', ['void']]],
+    'Job' : [ 0x128, ['pointer', ['_EJOB']]],
+    'SectionObject' : [ 0x12c, ['pointer', ['void']]],
+    'SectionBaseAddress' : [ 0x130, ['pointer', ['void']]],
+    'Cookie' : [ 0x134, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x138, ['pointer', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x13c, ['pointer', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x140, ['pointer', ['void']]],
+    'LdtInformation' : [ 0x144, ['pointer', ['void']]],
+    'OwnerProcessId' : [ 0x148, ['unsigned long']],
+    'Peb' : [ 0x14c, ['pointer', ['_PEB']]],
+    'Session' : [ 0x150, ['pointer', ['_MM_SESSION_SPACE']]],
+    'AweInfo' : [ 0x154, ['pointer', ['void']]],
+    'QuotaBlock' : [ 0x158, ['pointer', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x15c, ['pointer', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x160, ['pointer', ['void']]],
+    'PaeTop' : [ 0x164, ['pointer', ['void']]],
+    'DeviceMap' : [ 0x168, ['pointer', ['void']]],
+    'EtwDataSource' : [ 0x16c, ['pointer', ['void']]],
+    'PageDirectoryPte' : [ 0x170, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x178, ['pointer', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x17c, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x18b, ['unsigned char']],
+    'SecurityPort' : [ 0x18c, ['pointer', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x190, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x194, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x19c, ['pointer', ['void']]],
+    'ThreadListHead' : [ 0x1a0, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x1a8, ['unsigned long']],
+    'ImagePathHash' : [ 0x1ac, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x1b0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x1b4, ['long']],
+    'PrefetchTrace' : [ 0x1b8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x1bc, ['pointer', ['void']]],
+    'ReadOperationCount' : [ 0x1c0, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x1c8, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x1d0, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x1e8, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x1f0, ['unsigned long']],
+    'CommitCharge' : [ 0x1f4, ['unsigned long']],
+    'CommitChargePeak' : [ 0x1f8, ['unsigned long']],
+    'Vm' : [ 0x1fc, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x288, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x290, ['unsigned long']],
+    'ExitStatus' : [ 0x294, ['long']],
+    'VadRoot' : [ 0x298, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x29c, ['pointer', ['void']]],
+    'VadCount' : [ 0x2a0, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x2a4, ['unsigned long']],
+    'VadPhysicalPagesLimit' : [ 0x2a8, ['unsigned long']],
+    'AlpcContext' : [ 0x2ac, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x2bc, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x2c4, ['pointer', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x2c8, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x2cc, ['unsigned long']],
+    'ExitTime' : [ 0x2d0, ['_LARGE_INTEGER']],
+    'ActiveThreadsHighWatermark' : [ 0x2d8, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x2dc, ['unsigned long']],
+    'ThreadListLock' : [ 0x2e0, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x2e4, ['pointer', ['void']]],
+    'ServerSilo' : [ 0x2e8, ['pointer', ['_EJOB']]],
+    'SignatureLevel' : [ 0x2ec, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x2ed, ['unsigned char']],
+    'Protection' : [ 0x2ee, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x2ef, ['unsigned char']],
+    'Flags3' : [ 0x2f0, ['unsigned long']],
+    'Minimal' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Crashed' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'InPrivate' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x2f0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x2f0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x2f0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x2f0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x2f0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x2f0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x2f0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AutomaticallyOverrideChildProcessPolicy' : [ 0x2f0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x2f0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x2f0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x2f0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x2f0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityAudit' : [ 0x2f0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0x2f0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0x2f0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x2f0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x2f4, ['long']],
+    'SvmData' : [ 0x2f8, ['pointer', ['void']]],
+    'SvmProcessLock' : [ 0x2fc, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x300, ['unsigned long']],
+    'SvmProcessDeviceListHead' : [ 0x304, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x310, ['unsigned long long']],
+    'DiskCounters' : [ 0x318, ['pointer', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x31c, ['pointer', ['void']]],
+    'HighPriorityFaultsAllowed' : [ 0x320, ['unsigned long']],
+    'InstrumentationCallback' : [ 0x324, ['pointer', ['void']]],
+    'EnergyContext' : [ 0x328, ['pointer', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x32c, ['pointer', ['void']]],
+    'SequenceNumber' : [ 0x330, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x338, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x340, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x348, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x350, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x358, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x358, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x360, ['unsigned long']],
+    'SharedCommitLock' : [ 0x364, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x368, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x370, ['unsigned long']],
+    'DefaultCpuSets' : [ 0x374, ['unsigned long']],
+    'AllowedCpuSetsIndirect' : [ 0x370, ['pointer', ['unsigned long']]],
+    'DefaultCpuSetsIndirect' : [ 0x374, ['pointer', ['unsigned long']]],
+    'DiskIoAttribution' : [ 0x378, ['pointer', ['void']]],
+    'DxgProcess' : [ 0x37c, ['pointer', ['void']]],
+    'Win32KFilterSet' : [ 0x380, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x388, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x390, ['unsigned long']],
+    'KTimer2Sets' : [ 0x394, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x398, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x39c, ['unsigned long']],
+    'VirtualTimerListHead' : [ 0x3a0, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x3a8, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x3a8, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'Flags4' : [ 0x3d8, ['unsigned long']],
+    'PicoCreated' : [ 0x3d8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0x3d8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_13b5' : [ 0x4, {
+    'MasterIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_13bb' : [ 0x8, {
+    'UserApcRoutine' : [ 0x0, ['pointer', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer', ['void']]],
+    'UserApcContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_13bd' : [ 0x8, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13bb']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13c6' : [ 0x2c, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer', ['void']]]],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x14, ['pointer', ['unsigned char']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x20, ['pointer', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x20, ['unsigned long']],
+    'OriginalFileObject' : [ 0x24, ['pointer', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '__unnamed_13c8' : [ 0x30, {
+    'Overlay' : [ 0x0, ['__unnamed_13c6']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IRP' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x4, ['pointer', ['_MDL']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AssociatedIrp' : [ 0xc, ['__unnamed_13b5']],
+    'ThreadListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x18, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x20, ['unsigned char']],
+    'PendingReturned' : [ 0x21, ['unsigned char']],
+    'StackCount' : [ 0x22, ['unsigned char']],
+    'CurrentLocation' : [ 0x23, ['unsigned char']],
+    'Cancel' : [ 0x24, ['unsigned char']],
+    'CancelIrql' : [ 0x25, ['unsigned char']],
+    'ApcEnvironment' : [ 0x26, ['unsigned char']],
+    'AllocationFlags' : [ 0x27, ['unsigned char']],
+    'UserIosb' : [ 0x28, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x2c, ['pointer', ['_KEVENT']]],
+    'Overlay' : [ 0x30, ['__unnamed_13bd']],
+    'CancelRoutine' : [ 0x38, ['pointer', ['void']]],
+    'UserBuffer' : [ 0x3c, ['pointer', ['void']]],
+    'Tail' : [ 0x40, ['__unnamed_13c8']],
+} ],
+  '__unnamed_13cf' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'FileAttributes' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'EaLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13d3' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13d7' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13d9' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13dd' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileDesiredStorageClassInformation', 68: 'FileStatInformation', 69: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13df' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13e1' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileDesiredStorageClassInformation', 68: 'FileStatInformation', 69: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13e3' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileDesiredStorageClassInformation', 68: 'FileStatInformation', 69: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0xc, ['unsigned char']],
+    'AdvanceOnly' : [ 0xd, ['unsigned char']],
+    'ClusterCount' : [ 0xc, ['unsigned long']],
+    'DeleteHandle' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13e5' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x4, ['pointer', ['void']]],
+    'EaListLength' : [ 0x8, ['unsigned long']],
+    'EaIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13e7' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13eb' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsDataCopyInformation', 13: 'FileFsMetadataSizeInformation', 14: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13ed' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'FsControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13f0' : [ 0x10, {
+    'Length' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13f2' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'IoControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13f4' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13f6' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_13fa' : [ 0x8, {
+    'Vpb' : [ 0x0, ['pointer', ['_VPB']]],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_13fe' : [ 0x4, {
+    'Srb' : [ 0x0, ['pointer', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1402' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x4, ['pointer', ['void']]],
+    'SidList' : [ 0x8, ['pointer', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1406' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_140a' : [ 0x10, {
+    'InterfaceType' : [ 0x0, ['pointer', ['_GUID']]],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned short']],
+    'Interface' : [ 0x8, ['pointer', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_140e' : [ 0x4, {
+    'Capabilities' : [ 0x0, ['pointer', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1412' : [ 0x4, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1414' : [ 0x10, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['void']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+    'Length' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1416' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_141a' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_141e' : [ 0x8, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1422' : [ 0x8, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_1426' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_142a' : [ 0x4, {
+    'PowerSequence' : [ 0x0, ['pointer', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1432' : [ 0x10, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x8, ['_POWER_STATE']],
+    'ShutdownType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_1436' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x4, ['pointer', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1438' : [ 0x10, {
+    'ProviderId' : [ 0x0, ['unsigned long']],
+    'DataPath' : [ 0x4, ['pointer', ['void']]],
+    'BufferSize' : [ 0x8, ['unsigned long']],
+    'Buffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_143a' : [ 0x10, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_143c' : [ 0x10, {
+    'Create' : [ 0x0, ['__unnamed_13cf']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13d3']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13d7']],
+    'Read' : [ 0x0, ['__unnamed_13d9']],
+    'Write' : [ 0x0, ['__unnamed_13d9']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13dd']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13df']],
+    'QueryFile' : [ 0x0, ['__unnamed_13e1']],
+    'SetFile' : [ 0x0, ['__unnamed_13e3']],
+    'QueryEa' : [ 0x0, ['__unnamed_13e5']],
+    'SetEa' : [ 0x0, ['__unnamed_13e7']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13eb']],
+    'SetVolume' : [ 0x0, ['__unnamed_13eb']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13ed']],
+    'LockControl' : [ 0x0, ['__unnamed_13f0']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_13f2']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_13f4']],
+    'SetSecurity' : [ 0x0, ['__unnamed_13f6']],
+    'MountVolume' : [ 0x0, ['__unnamed_13fa']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_13fa']],
+    'Scsi' : [ 0x0, ['__unnamed_13fe']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1402']],
+    'SetQuota' : [ 0x0, ['__unnamed_13e7']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1406']],
+    'QueryInterface' : [ 0x0, ['__unnamed_140a']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_140e']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1412']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1414']],
+    'SetLock' : [ 0x0, ['__unnamed_1416']],
+    'QueryId' : [ 0x0, ['__unnamed_141a']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_141e']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1422']],
+    'WaitWake' : [ 0x0, ['__unnamed_1426']],
+    'PowerSequence' : [ 0x0, ['__unnamed_142a']],
+    'Power' : [ 0x0, ['__unnamed_1432']],
+    'StartDevice' : [ 0x0, ['__unnamed_1436']],
+    'WMI' : [ 0x0, ['__unnamed_1438']],
+    'Others' : [ 0x0, ['__unnamed_143a']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x24, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x4, ['__unnamed_143c']],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_1452' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x14, ['pointer', ['_IRP']]],
+    'Timer' : [ 0x18, ['pointer', ['_IO_TIMER']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Characteristics' : [ 0x20, ['unsigned long']],
+    'Vpb' : [ 0x24, ['pointer', ['_VPB']]],
+    'DeviceExtension' : [ 0x28, ['pointer', ['void']]],
+    'DeviceType' : [ 0x2c, ['unsigned long']],
+    'StackSize' : [ 0x30, ['unsigned char']],
+    'Queue' : [ 0x34, ['__unnamed_1452']],
+    'AlignmentRequirement' : [ 0x5c, ['unsigned long']],
+    'DeviceQueue' : [ 0x60, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0x74, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x94, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x98, ['pointer', ['void']]],
+    'DeviceLock' : [ 0x9c, ['_KEVENT']],
+    'SectorSize' : [ 0xac, ['unsigned short']],
+    'Spare1' : [ 0xae, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0xb0, ['pointer', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0xb4, ['pointer', ['void']]],
+} ],
+  '_KDPC' : [ 0x20, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x8, ['unsigned long']],
+    'DeferredRoutine' : [ 0xc, ['pointer', ['void']]],
+    'DeferredContext' : [ 0x10, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x14, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x18, ['pointer', ['void']]],
+    'DpcData' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x14, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x4, ['pointer', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x8, ['pointer', ['void']]],
+    'TxnParameters' : [ 0xc, ['pointer', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x10, ['pointer', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x398, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x20, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0x60, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0x68, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0x78, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0x80, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0x88, ['unsigned long']],
+    'TotalProcesses' : [ 0x8c, ['unsigned long']],
+    'ActiveProcesses' : [ 0x90, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0x94, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0x98, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xa0, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xa8, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0xac, ['unsigned long']],
+    'LimitFlags' : [ 0xb0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xb4, ['unsigned long']],
+    'Affinity' : [ 0xb8, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0xc4, ['pointer', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0xc8, ['pointer', ['void']]],
+    'UIRestrictionsClass' : [ 0xcc, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0xd0, ['unsigned long']],
+    'CompletionPort' : [ 0xd4, ['pointer', ['void']]],
+    'CompletionKey' : [ 0xd8, ['pointer', ['void']]],
+    'CompletionCount' : [ 0xe0, ['unsigned long long']],
+    'SessionId' : [ 0xe8, ['unsigned long']],
+    'SchedulingClass' : [ 0xec, ['unsigned long']],
+    'ReadOperationCount' : [ 0xf0, ['unsigned long long']],
+    'WriteOperationCount' : [ 0xf8, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x100, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x108, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x110, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x118, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x120, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x148, ['unsigned long']],
+    'JobMemoryLimit' : [ 0x14c, ['unsigned long']],
+    'JobTotalMemoryLimit' : [ 0x150, ['unsigned long']],
+    'PeakProcessMemoryUsed' : [ 0x154, ['unsigned long']],
+    'PeakJobMemoryUsed' : [ 0x158, ['unsigned long']],
+    'EffectiveAffinity' : [ 0x15c, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x168, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x170, ['unsigned long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x174, ['unsigned long']],
+    'EffectiveProcessMemoryLimit' : [ 0x178, ['unsigned long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x17c, ['pointer', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x180, ['pointer', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x184, ['pointer', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x188, ['pointer', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x18c, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x190, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x194, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x198, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x19c, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x1a0, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x1a4, ['unsigned char']],
+    'PriorityClass' : [ 0x1a5, ['unsigned char']],
+    'NestingDepth' : [ 0x1a6, ['unsigned char']],
+    'Reserved1' : [ 0x1a7, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x1a8, ['unsigned long']],
+    'WakeChannel' : [ 0x1b0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x1b0, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x1f8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x200, ['unsigned long']],
+    'NotificationLink' : [ 0x204, ['pointer', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x208, ['unsigned long long']],
+    'NotificationInfo' : [ 0x210, ['pointer', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x214, ['pointer', ['void']]],
+    'NotificationPacket' : [ 0x218, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x21c, ['pointer', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x220, ['pointer', ['void']]],
+    'ReadyTime' : [ 0x228, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x230, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x234, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x23c, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x244, ['pointer', ['_EJOB']]],
+    'RootJob' : [ 0x248, ['pointer', ['_EJOB']]],
+    'IteratorListHead' : [ 0x24c, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x254, ['unsigned long']],
+    'Ancestors' : [ 0x258, ['pointer', ['pointer', ['_EJOB']]]],
+    'SessionObject' : [ 0x258, ['pointer', ['void']]],
+    'Accounting' : [ 0x260, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x2b8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x2bc, ['unsigned long']],
+    'SequenceNumber' : [ 0x2c0, ['unsigned long']],
+    'JobId' : [ 0x2c4, ['unsigned long']],
+    'ContainerId' : [ 0x2c8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x2d8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x2e8, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x2ec, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x2f8, ['pointer', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x2fc, ['pointer', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x300, ['unsigned long']],
+    'CloseDone' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x300, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x300, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x300, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x304, ['unsigned long']],
+    'ParentLocked' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x308, ['pointer', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x30c, ['unsigned long']],
+    'DiskIoAttributionUserRefCount' : [ 0x310, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x314, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x318, ['pointer', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x318, ['pointer', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x31c, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x330, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x34c, ['long']],
+    'VolumeIoControlTree' : [ 0x350, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x358, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x360, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x364, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x368, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x36c, ['unsigned long']],
+    'IoControlLock' : [ 0x370, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x374, ['unsigned long']],
+    'RundownWorkItem' : [ 0x378, ['_WORK_QUEUE_ITEM']],
+    'MemoryPartitionObject' : [ 0x388, ['pointer', ['void']]],
+    'EnergyTrackingState' : [ 0x390, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MDL']]],
+    'Size' : [ 0x4, ['short']],
+    'MdlFlags' : [ 0x6, ['short']],
+    'Process' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0xc, ['pointer', ['void']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'ByteCount' : [ 0x14, ['unsigned long']],
+    'ByteOffset' : [ 0x18, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x68, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x5c, ['pointer', ['void']]],
+    'UserContext' : [ 0x60, ['pointer', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0x80, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x8, ['pointer', ['_VPB']]],
+    'FsContext' : [ 0xc, ['pointer', ['void']]],
+    'FsContext2' : [ 0x10, ['pointer', ['void']]],
+    'SectionObjectPointer' : [ 0x14, ['pointer', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x18, ['pointer', ['void']]],
+    'FinalStatus' : [ 0x1c, ['long']],
+    'RelatedFileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x24, ['unsigned char']],
+    'DeletePending' : [ 0x25, ['unsigned char']],
+    'ReadAccess' : [ 0x26, ['unsigned char']],
+    'WriteAccess' : [ 0x27, ['unsigned char']],
+    'DeleteAccess' : [ 0x28, ['unsigned char']],
+    'SharedRead' : [ 0x29, ['unsigned char']],
+    'SharedWrite' : [ 0x2a, ['unsigned char']],
+    'SharedDelete' : [ 0x2b, ['unsigned char']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x40, ['unsigned long']],
+    'Busy' : [ 0x44, ['unsigned long']],
+    'LastLock' : [ 0x48, ['pointer', ['void']]],
+    'Lock' : [ 0x4c, ['_KEVENT']],
+    'Event' : [ 0x5c, ['_KEVENT']],
+    'CompletionContext' : [ 0x6c, ['pointer', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0x70, ['unsigned long']],
+    'IrpList' : [ 0x74, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x4, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x38, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0x8, ['unsigned long']],
+    'CurrentFileIndex' : [ 0x8, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+    'FirstFileEntry' : [ 0x28, ['pointer', ['unsigned long']]],
+    'Process' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer', ['unsigned long']]],
+    'LastPageFrameEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x158, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0xc, ['pointer', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x10, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x28, ['pointer', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x2c, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x38, ['pointer', ['pointer', ['void']]]],
+    'Oplock' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedForRemote' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedContext' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_iobuf' : [ 0x20, {
+    '_ptr' : [ 0x0, ['pointer', ['unsigned char']]],
+    '_cnt' : [ 0x4, ['long']],
+    '_base' : [ 0x8, ['pointer', ['unsigned char']]],
+    '_flag' : [ 0xc, ['long']],
+    '_file' : [ 0x10, ['long']],
+    '_charbuf' : [ 0x14, ['long']],
+    '_bufsiz' : [ 0x18, ['long']],
+    '_tmpfname' : [ 0x1c, ['pointer', ['unsigned char']]],
+} ],
+  '_TlgProvider_t' : [ 0x30, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x4, ['pointer', ['unsigned short']]],
+    'KeywordAny' : [ 0x8, ['unsigned long long']],
+    'KeywordAll' : [ 0x10, ['unsigned long long']],
+    'RegHandle' : [ 0x18, ['unsigned long long']],
+    'EnableCallback' : [ 0x20, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x24, ['pointer', ['void']]],
+    'AnnotationFunc' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_1642' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'HighLow' : [ 0x0, ['_MMPTE_HIGHLOW']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_1642']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0xc, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x4, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0x8, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x8, ['pointer', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'ReservedLowFlags' : [ 0xe, ['unsigned char']],
+    'WaiterPriority' : [ 0xf, ['unsigned char']],
+    'SharedWaiters' : [ 0x10, ['pointer', ['void']]],
+    'ExclusiveWaiters' : [ 0x14, ['pointer', ['void']]],
+    'OwnerEntry' : [ 0x18, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0xc, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x14, {
+    'Total' : [ 0x0, ['unsigned long']],
+    'ListName' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x8, ['unsigned long']],
+    'Blink' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x30, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0xc, ['pointer', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x10, ['pointer', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x14, ['unsigned long']],
+    'NumberOfReferences' : [ 0x18, ['unsigned long']],
+    'CloneHeader' : [ 0x1c, ['pointer', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x20, ['unsigned long']],
+    'NestingLevel' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_1686' : [ 0x4, {
+    'MustNotBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+} ],
+  '__unnamed_1688' : [ 0x4, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'PageTableWsle' : [ 0x0, ['__unnamed_1686']],
+    'WsIndex' : [ 0x0, ['unsigned long']],
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_168d' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_168f' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1691' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_168d']],
+    'e4' : [ 0x0, ['__unnamed_168f']],
+} ],
+  '__unnamed_1696' : [ 0x4, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 27, native_type='unsigned long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPFN' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_1688']],
+    'PteAddress' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x4, ['pointer', ['void']]],
+    'PteLong' : [ 0x4, ['unsigned long']],
+    'OriginalPte' : [ 0x8, ['_MMPTE']],
+    'u2' : [ 0x10, ['_MIPFNBLINK']],
+    'u3' : [ 0x14, ['__unnamed_1691']],
+    'u4' : [ 0x18, ['__unnamed_1696']],
+} ],
+  '__unnamed_16a1' : [ 0x4, {
+    'ImageCommitment' : [ 0x0, ['unsigned long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_16a5' : [ 0x4, {
+    'ImageInformation' : [ 0x0, ['pointer', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x20, ['__unnamed_16a1']],
+    'u2' : [ 0x24, ['__unnamed_16a5']],
+    'PrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_16aa' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_16b3' : [ 0xc, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'LargePage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 23, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_16b5' : [ 0xc, {
+    'e2' : [ 0x0, ['__unnamed_16b3']],
+} ],
+  '__unnamed_16ba' : [ 0x4, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 20, native_type='unsigned long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x50, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'ListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0xc, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x10, ['unsigned long']],
+    'NumberOfMappedViews' : [ 0x14, ['unsigned long']],
+    'NumberOfUserReferences' : [ 0x18, ['unsigned long']],
+    'u' : [ 0x1c, ['__unnamed_16aa']],
+    'FilePointer' : [ 0x20, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x24, ['long']],
+    'ModifiedWriteCount' : [ 0x28, ['unsigned long']],
+    'WaitList' : [ 0x2c, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x30, ['__unnamed_16b5']],
+    'FileObjectLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x40, ['unsigned long long']],
+    'u3' : [ 0x48, ['__unnamed_16ba']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x38, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'BasePte' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'VaType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'MiVaUnused', 1: 'MiVaSessionSpace', 2: 'MiVaProcessSpace', 3: 'MiVaBootLoaded', 4: 'MiVaPfnDatabase', 5: 'MiVaNonPagedPool', 6: 'MiVaPagedPool', 7: 'MiVaSpecialPoolPaged', 8: 'MiVaSystemCache', 9: 'MiVaSystemPtes', 10: 'MiVaHal', 11: 'MiVaSessionGlobalSpace', 12: 'MiVaDriverImages', 13: 'MiVaSpecialPoolNonPaged', 14: 'MiVaPagedProtoPool', 15: 'MiVaMaximumType', 16: 'MiVaSystemPtesLarge'})]],
+    'FailureCount' : [ 0x14, ['pointer', ['unsigned long']]],
+    'PteFailures' : [ 0x18, ['unsigned long']],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'GlobalPushLock' : [ 0x1c, ['pointer', ['_EX_PUSH_LOCK']]],
+    'Vm' : [ 0x20, ['pointer', ['_MMSUPPORT_INSTANCE']]],
+    'TotalSystemPtes' : [ 0x24, ['unsigned long']],
+    'Hint' : [ 0x28, ['unsigned long']],
+    'LowestBitEverAllocated' : [ 0x2c, ['unsigned long']],
+    'CachedPtes' : [ 0x30, ['pointer', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_16db' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_16de' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x28, {
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'NextVad' : [ 0x0, ['pointer', ['_MMVAD_SHORT']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x1c, ['__unnamed_16db']],
+    'u1' : [ 0x20, ['__unnamed_16de']],
+    'EventList' : [ 0x24, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x4, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 28, native_type='unsigned long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireKey' : [ 0x0, ['unsigned long']],
+} ],
+  '_HHIVE' : [ 0x6f0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x4, ['pointer', ['void']]],
+    'ReleaseCellRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Allocate' : [ 0xc, ['pointer', ['void']]],
+    'Free' : [ 0x10, ['pointer', ['void']]],
+    'FileWrite' : [ 0x14, ['pointer', ['void']]],
+    'FileRead' : [ 0x18, ['pointer', ['void']]],
+    'HiveLoadFailure' : [ 0x1c, ['pointer', ['void']]],
+    'BaseBlock' : [ 0x20, ['pointer', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x24, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x2c, ['unsigned long']],
+    'DirtyAlloc' : [ 0x30, ['unsigned long']],
+    'UnreconciledVector' : [ 0x34, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x3c, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x40, ['unsigned long']],
+    'Cluster' : [ 0x44, ['unsigned long']],
+    'Flat' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SystemCacheBacked' : [ 0x48, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x49, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x4c, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x50, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x54, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x58, ['unsigned long']],
+    'HiveFlags' : [ 0x5c, ['unsigned long']],
+    'CurrentLog' : [ 0x60, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x64, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x68, ['unsigned long']],
+    'CurrentLogOffset' : [ 0x6c, ['unsigned long']],
+    'MinimumLogSequence' : [ 0x70, ['unsigned long']],
+    'LogFileSizeCap' : [ 0x74, ['unsigned long']],
+    'LogDataPresent' : [ 0x78, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0x7a, ['unsigned char']],
+    'BaseBlockDirty' : [ 0x7b, ['unsigned char']],
+    'LastLogSwapTime' : [ 0x80, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0x88, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0x88, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0x88, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0x88, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0x8a, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0x8c, ['unsigned long']],
+    'StorageTypeCount' : [ 0x90, ['unsigned long']],
+    'Version' : [ 0x94, ['unsigned long']],
+    'ViewMap' : [ 0x98, ['_HVIEW_MAP']],
+    'Storage' : [ 0x3b8, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0xa8, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0xc, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0x14, ['unsigned long']],
+    'KcbPushlock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x1c, ['pointer', ['_KTHREAD']]],
+    'SharedCount' : [ 0x1c, ['long']],
+    'DelayedDeref' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x20, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x20, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x21, ['unsigned char']],
+    'LayerHeight' : [ 0x22, ['short']],
+    'SlotHint' : [ 0x24, ['unsigned long']],
+    'ParentKcb' : [ 0x28, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x2c, ['pointer', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x34, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x3c, ['pointer', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x3c, ['unsigned long']],
+    'SubKeyCount' : [ 0x3c, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x48, ['array', 4, ['pointer', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0x60, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0x62, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0x64, ['unsigned long']],
+    'KcbUserFlags' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'LayerInfo' : [ 0x6c, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'KCBUoWListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'Stolen' : [ 0x78, ['pointer', ['unsigned char']]],
+    'TransKCBOwner' : [ 0x80, ['pointer', ['_CM_TRANS']]],
+    'KCBLock' : [ 0x84, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x8c, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x94, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x9c, ['pointer', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0xa0, ['pointer', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0xa0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0xa0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x8, ['pointer', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0xc, ['pointer', ['void']]],
+    'KeyBodyList' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x18, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x20, ['pointer', ['_GUID']]],
+    'ContextListHead' : [ 0x24, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1749' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapForLoaderHive', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpMapHiveImage', 8: '_HvpRecoverData', 9: '_CmpValidateHiveSecurityDescriptors', 10: '_HvpEnlistBinInMap', 11: '_CmCheckRegistry', 12: '_CmRegistryIO', 13: '_CmCheckRegistry2', 14: '_CmpCheckKey', 15: '_CmpCheckValueList', 16: '_HvCheckHive', 17: '_HvCheckBin', 18: '_HvpGetLogEntryDirtyVector', 19: '_HvpReadLogEntryHeader', 20: '_HvpReadLogEntry', 21: '_CmpMountPreloadedHives', 22: '_CmpLoadHiveThread', 23: '_CmpCheckLeaf'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_174c' : [ 0xc, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x4, ['pointer', ['void']]],
+    'Status' : [ 0x8, ['long']],
+} ],
+  '__unnamed_174e' : [ 0x4, {
+    'CheckStack' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1750' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x4, ['pointer', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x8, ['pointer', ['void']]],
+    'Index' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1752' : [ 0x10, {
+    'List' : [ 0x0, ['pointer', ['_CELL_DATA']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Cell' : [ 0x8, ['unsigned long']],
+    'CellPoint' : [ 0xc, ['pointer', ['_CELL_DATA']]],
+} ],
+  '__unnamed_1756' : [ 0xc, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer', ['_HBIN']]],
+} ],
+  '__unnamed_175a' : [ 0x8, {
+    'Bin' : [ 0x0, ['pointer', ['_HBIN']]],
+    'CellPoint' : [ 0x4, ['pointer', ['_HCELL']]],
+} ],
+  '__unnamed_175c' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x11c, {
+    'Hive' : [ 0x0, ['pointer', ['_HHIVE']]],
+    'Index' : [ 0x4, ['unsigned short']],
+    'RecoverableIndex' : [ 0x6, ['unsigned short']],
+    'Locations' : [ 0x8, ['array', 8, ['__unnamed_1749']]],
+    'RecoverableLocations' : [ 0x68, ['array', 8, ['__unnamed_1749']]],
+    'RegistryIO' : [ 0xc8, ['__unnamed_174c']],
+    'CheckRegistry2' : [ 0xd4, ['__unnamed_174e']],
+    'CheckKey' : [ 0xd8, ['__unnamed_1750']],
+    'CheckValueList' : [ 0xe8, ['__unnamed_1752']],
+    'CheckHive' : [ 0xf8, ['__unnamed_1756']],
+    'CheckHive1' : [ 0x104, ['__unnamed_1756']],
+    'CheckBin' : [ 0x110, ['__unnamed_175a']],
+    'RecoverData' : [ 0x118, ['__unnamed_175c']],
+} ],
+  '_CM_KCB_UOW' : [ 0x40, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x8, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0xc, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x18, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x1c, ['pointer', ['_CM_TRANS']]],
+    'UoWState' : [ 0x20, ['unsigned long']],
+    'ActionType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ParentUoW' : [ 0x2c, ['pointer', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x30, ['unsigned long']],
+    'OldValueCell' : [ 0x30, ['unsigned long']],
+    'NewValueCell' : [ 0x34, ['unsigned long']],
+    'UserFlags' : [ 0x30, ['unsigned long']],
+    'LastWriteTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x34, ['unsigned long']],
+    'OldChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x34, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x34, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x38, ['pointer', ['void']]],
+    'SecurityData' : [ 0x38, ['pointer', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x38, ['pointer', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x38, ['pointer', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x3c, ['pointer', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x3c, ['pointer', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0x68, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x18, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x18, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x18, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x18, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x18, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x18, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x18, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x18, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x18, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x18, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x18, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x18, ['unsigned long']],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x20, ['pointer', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x24, ['pointer', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x28, ['pointer', ['void']]],
+    'KtmUow' : [ 0x2c, ['_GUID']],
+    'StartLsn' : [ 0x40, ['unsigned long long']],
+    'HiveCount' : [ 0x48, ['unsigned long']],
+    'HiveArray' : [ 0x4c, ['array', 7, ['pointer', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x8, ['unsigned long']],
+    'Counters' : [ 0xc, ['pointer', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x8, {
+    'Data' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 30, ['unsigned long']]],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 32, ['unsigned long long']]],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x1840, {
+    'TimerExpiry' : [ 0x0, ['array', 16, ['pointer', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x40, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Entry' : [ 0x4, ['_LIST_ENTRY']],
+    'Time' : [ 0x10, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x20, {
+    'Reserved1' : [ 0x0, ['long long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+    'Prev' : [ 0xc, ['pointer', ['_XSTATE_SAVE']]],
+    'Reserved3' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Thread' : [ 0x14, ['pointer', ['_KTHREAD']]],
+    'Reserved4' : [ 0x18, ['pointer', ['void']]],
+    'Level' : [ 0x1c, ['unsigned char']],
+    'XStateContext' : [ 0x0, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x140, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'ReadySummary' : [ 0x4, ['unsigned long']],
+    'ReadyListHead' : [ 0x8, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x108, ['array', 32, ['unsigned char']]],
+    'Span' : [ 0x128, ['unsigned char']],
+    'LowProcIndex' : [ 0x129, ['unsigned char']],
+    'QueueIndex' : [ 0x12a, ['unsigned char']],
+    'ProcCount' : [ 0x12b, ['unsigned char']],
+    'ScanOwner' : [ 0x12c, ['unsigned char']],
+    'Spare' : [ 0x12d, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x130, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x134, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KAFFINITY_EX' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0xc, {
+    'Affinity' : [ 0x0, ['pointer', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x4, ['unsigned long']],
+    'CurrentIndex' : [ 0x8, ['unsigned short']],
+} ],
+  '__unnamed_189e' : [ 0x4, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_18a0' : [ 0x4, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_18a4' : [ 0x10, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0xc, ['pointer', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x1d0, {
+    'Sibling' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x2c, ['long']],
+    'FxRemoveEvent' : [ 0x30, ['_KEVENT']],
+    'FxActivationCount' : [ 0x40, ['long']],
+    'FxSleepCount' : [ 0x44, ['long']],
+    'Plugin' : [ 0x48, ['pointer', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x4c, ['unsigned long']],
+    'CurrentPowerState' : [ 0x50, ['_POWER_STATE']],
+    'Notify' : [ 0x54, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x90, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0xa0, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0xa8, ['unsigned long']],
+    'State' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0xb0, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0xb4, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x104, ['unsigned long']],
+    'CompletionStatus' : [ 0x108, ['long']],
+    'Flags' : [ 0x10c, ['unsigned long']],
+    'UserFlags' : [ 0x110, ['unsigned long']],
+    'Problem' : [ 0x114, ['unsigned long']],
+    'ProblemStatus' : [ 0x118, ['long']],
+    'ResourceList' : [ 0x11c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x120, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x124, ['pointer', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x128, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x130, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x134, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x138, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x13c, ['unsigned short']],
+    'RemovalPolicy' : [ 0x13e, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x13f, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x140, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x148, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x150, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x158, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x15a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x15c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x15e, ['unsigned short']],
+    'OverUsed1' : [ 0x160, ['__unnamed_189e']],
+    'OverUsed2' : [ 0x164, ['__unnamed_18a0']],
+    'BootResources' : [ 0x168, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x16c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x170, ['unsigned long']],
+    'DockInfo' : [ 0x174, ['__unnamed_18a4']],
+    'DisableableDepends' : [ 0x184, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x188, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x190, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x198, ['unsigned long']],
+    'PreviousParent' : [ 0x19c, ['pointer', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x1a0, ['long']],
+    'NumaNodeIndex' : [ 0x1a4, ['unsigned long']],
+    'ContainerID' : [ 0x1a8, ['_GUID']],
+    'OverrideFlags' : [ 0x1b8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x1bc, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x1c0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x1c4, ['pointer', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x1c8, ['unsigned long']],
+    'RebalanceContext' : [ 0x1cc, ['pointer', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x38, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x2c, ['pointer', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x30, ['pointer', ['unsigned long long']]],
+    'EnableLevel' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x2c, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x8, ['unsigned long']],
+    'CompletedList' : [ 0xc, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x14, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x28, ['unsigned long']],
+} ],
+  '_KSEMAPHORE' : [ 0x14, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x10, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x38, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x8, ['unsigned long']],
+    'Dope' : [ 0xc, ['pointer', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x10, ['unsigned long']],
+    'DeviceNode' : [ 0x14, ['pointer', ['void']]],
+    'AttachedTo' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x1c, ['long']],
+    'StartIoKey' : [ 0x20, ['long']],
+    'StartIoFlags' : [ 0x24, ['unsigned long']],
+    'Vpb' : [ 0x28, ['pointer', ['_VPB']]],
+    'DependencyNode' : [ 0x2c, ['pointer', ['void']]],
+    'InterruptContext' : [ 0x30, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0xc, {
+    'Mask' : [ 0x0, ['unsigned long']],
+    'Group' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['array', 3, ['unsigned short']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0xc, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x28, {
+    'PhysicalDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'AllocationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0xc, ['unsigned long']],
+    'Position' : [ 0x10, ['unsigned long']],
+    'ResourceRequirements' : [ 0x14, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x18, ['pointer', ['void']]],
+    'ResourceAssignment' : [ 0x1c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x20, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x24, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_199c' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_199c']],
+} ],
+  '__unnamed_19a3' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_19a3']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_X86_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x14, ['pointer', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x30, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PullDefault', 1: 'PullUp', 2: 'PullDown', 3: 'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'IoRestrictionNone', 1: 'IoRestrictionInputOnly', 2: 'IoRestrictionOutputOnly', 3: 'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x1c, ['pointer', ['unsigned short']]],
+    'PinCount' : [ 0x20, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x22, ['unsigned char']],
+    'ResourceSourceName' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x28, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x20, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'SlaveAddress' : [ 0x1c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x18, ['unsigned long']],
+    'RxBufferSize' : [ 0x1c, ['unsigned short']],
+    'TxBufferSize' : [ 0x1e, ['unsigned short']],
+    'Parity' : [ 0x20, ['unsigned char']],
+    'LinesInUse' : [ 0x21, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'DataBitLength' : [ 0x1c, ['unsigned char']],
+    'Phase' : [ 0x1d, ['unsigned char']],
+    'Polarity' : [ 0x1e, ['unsigned char']],
+    'DeviceSelection' : [ 0x20, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x100, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x14, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x18, ['pointer', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x1c, ['pointer', ['void']]],
+    'Accounting' : [ 0x20, ['pointer', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_POP_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x1b8, {
+    'Name' : [ 0x0, ['pointer', ['wchar']]],
+    'Id' : [ 0x4, ['unsigned char']],
+    'Guid' : [ 0x8, ['_GUID']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Priority' : [ 0x1c, ['unsigned char']],
+    'Settings' : [ 0x20, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x190, ['unsigned long long']],
+    'Count' : [ 0x198, ['unsigned long long']],
+    'MaxDuration' : [ 0x1a0, ['unsigned long long']],
+    'MinDuration' : [ 0x1a8, ['unsigned long long']],
+    'TotalDuration' : [ 0x1b0, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xb8, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x44, ['unsigned long']],
+    'AutonomousPreference' : [ 0x48, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x49, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4b, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x4d, ['unsigned char']],
+    'ParkingPerfState' : [ 0x4e, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x50, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x51, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x52, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x53, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x54, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x55, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x56, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x58, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x5c, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x60, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x62, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x64, ['unsigned char']],
+    'IdleDisabled' : [ 0x65, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x68, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x6c, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x6d, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x6e, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x6f, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x70, ['array', 32, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x90, ['array', 32, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xb0, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xb1, ['unsigned char']],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x290, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x1a4, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x1c0, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x1f0, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x1f4, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x1f8, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x1fc, ['pointer', ['void']]],
+    'HardErrorState' : [ 0x200, ['unsigned long']],
+    'WnfSiloState' : [ 0x208, ['_WNF_SILODRIVERSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x238, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x240, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x248, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x24c, ['pointer', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x250, ['unsigned char']],
+    'NtSystemRoot' : [ 0x254, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x25c, ['_UNICODE_STRING']],
+    'Storage' : [ 0x264, ['pointer', ['_PSP_STORAGE']]],
+    'State' : [ 0x268, ['Enumeration', dict(target = 'long', choices = {0: 'SERVERSILO_INITING', 1: 'SERVERSILO_STARTED', 2: 'SERVERSILO_SHUTTING_DOWN', 3: 'SERVERSILO_TERMINATING', 4: 'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x26c, ['long']],
+    'DeleteEvent' : [ 0x270, ['pointer', ['_KEVENT']]],
+    'UserSharedData' : [ 0x274, ['pointer', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x278, ['pointer', ['void']]],
+    'TerminateWorkItem' : [ 0x27c, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x90, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x14, ['unsigned long']],
+    'LogHandleContext' : [ 0x18, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0x84, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0x88, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x178, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x28, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x30, ['array', 4, ['pointer', ['_VACB']]]],
+    'Vacbs' : [ 0x40, ['pointer', ['pointer', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x44, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x4c, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'Flags' : [ 0x60, ['unsigned long']],
+    'Status' : [ 0x64, ['long']],
+    'Mbcb' : [ 0x68, ['pointer', ['_MBCB']]],
+    'Section' : [ 0x6c, ['pointer', ['void']]],
+    'CreateEvent' : [ 0x70, ['pointer', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0x74, ['pointer', ['_KEVENT']]],
+    'PagesToWrite' : [ 0x78, ['unsigned long']],
+    'BeyondLastFlush' : [ 0x80, ['long long']],
+    'Callbacks' : [ 0x88, ['pointer', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0x8c, ['pointer', ['void']]],
+    'PrivateList' : [ 0x90, ['_LIST_ENTRY']],
+    'V1' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0xa0, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0xa8, ['unsigned long']],
+    'LazyWritePassCount' : [ 0xac, ['unsigned long']],
+    'UninitializeEvent' : [ 0xb0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0xb4, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0xd8, ['_LARGE_INTEGER']],
+    'Event' : [ 0xe0, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0xf8, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x160, ['pointer', ['void']]],
+    'VolumeCacheMap' : [ 0x164, ['pointer', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x168, ['unsigned long']],
+    'WritesInProgress' : [ 0x16c, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x170, ['unsigned long']],
+    'Partition' : [ 0x174, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '__unnamed_1aa4' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x8, ['__unnamed_1aa4']],
+    'ArrayHead' : [ 0x10, ['pointer', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x280, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'MasterLock' : [ 0x40, ['unsigned long']],
+    'WorkQueueLock' : [ 0x80, ['unsigned long']],
+    'PartitionID' : [ 0x84, ['unsigned short']],
+    'PartitionLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapList' : [ 0x90, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0x98, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0xa0, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriterCursor' : [ 0xac, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0xb8, ['_LIST_ENTRY']],
+    'ChangeSharedCacheMapFileLock' : [ 0xc0, ['_EX_PUSH_LOCK']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0xc4, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0xc8, ['unsigned char']],
+    'NumberWorkerThreads' : [ 0xcc, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0xd0, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0xd4, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0xdc, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0xe4, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0xec, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0xf4, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0xfc, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0x104, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0x108, ['unsigned long']],
+    'QueueThrottle' : [ 0x10c, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0x110, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0x114, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0x118, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0x11c, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0x120, ['unsigned long']],
+    'LowMemoryEvent' : [ 0x124, ['_KEVENT']],
+    'PowerEvent' : [ 0x134, ['_KEVENT']],
+    'PeriodicEvent' : [ 0x144, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x154, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x164, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x174, ['unsigned long']],
+    'LazyWriter' : [ 0x178, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x1c8, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x1d8, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x200, ['pointer', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x204, ['long']],
+    'AverageAvailablePages' : [ 0x208, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x210, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x218, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x220, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x228, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x230, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x231, ['unsigned char']],
+    'DeferredWrites' : [ 0x234, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x240, ['unsigned long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x244, ['pointer', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x248, ['pointer', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x24c, ['pointer', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x250, ['pointer', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x254, ['pointer', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x258, ['pointer', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x25c, ['pointer', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x260, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1ac8' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1aca' : [ 0x4, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1acc' : [ 0x4, {
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+} ],
+  '__unnamed_1ace' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1ad0' : [ 0x1c, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x4, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x8, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_1ad4' : [ 0x40, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'PrefetchList' : [ 0x18, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x1c, ['unsigned long']],
+    'Mdl' : [ 0x20, ['pointer', ['_MDL']]],
+    'IoStatusBlock' : [ 0x24, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x34, ['pointer', ['void']]],
+    'RequestorMode' : [ 0x38, ['unsigned char']],
+    'NestingLevel' : [ 0x3c, ['unsigned long']],
+} ],
+  '__unnamed_1ad6' : [ 0x40, {
+    'Read' : [ 0x0, ['__unnamed_1ac8']],
+    'Write' : [ 0x0, ['__unnamed_1aca']],
+    'Event' : [ 0x0, ['__unnamed_1acc']],
+    'Notification' : [ 0x0, ['__unnamed_1ace']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1ad0']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1ad4']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x50, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x8, ['__unnamed_1ad6']],
+    'Function' : [ 0x48, ['unsigned char']],
+    'Partition' : [ 0x4c, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0xc, {
+    'DataSectionObject' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['void']]],
+    'ImageSectionObject' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x18, {
+    'Callback' : [ 0x0, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0x4, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x10, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x8, ['pointer', ['void']]],
+    'VacbLevelsAllocated' : [ 0xc, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x68, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x8, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0xc, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x18, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x40, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x44, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x48, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x50, ['pointer', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x54, ['unsigned long']],
+    'LastLWTimeStamp' : [ 0x58, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x60, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0x88, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x18, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x20, ['long long']],
+    'BitmapRange1' : [ 0x28, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x48, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x68, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x8, ['long long']],
+    'FirstDirtyPage' : [ 0x10, ['unsigned long']],
+    'LastDirtyPage' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'Bitmap' : [ 0x1c, ['pointer', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0xc, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x50, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x20, ['_KTIMER']],
+    'ScanActive' : [ 0x48, ['unsigned char']],
+    'OtherWork' : [ 0x49, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x4a, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x4b, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x4c, ['unsigned char']],
+    'PendingPowerScan' : [ 0x4d, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x4e, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x14, {
+    'Allocate' : [ 0x0, ['unsigned long']],
+    'Free' : [ 0x4, ['unsigned long']],
+    'Commit' : [ 0x8, ['unsigned long']],
+    'Decommit' : [ 0xc, ['unsigned long']],
+    'ExtendContext' : [ 0x10, ['unsigned long']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x24, {
+    'ExtendedLookup' : [ 0x0, ['pointer', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x4, ['unsigned long']],
+    'ExtraItem' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x10, ['unsigned long']],
+    'BaseIndex' : [ 0x14, ['unsigned long']],
+    'ListHead' : [ 0x18, ['pointer', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'ListHints' : [ 0x20, ['pointer', ['pointer', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x248, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+    'Flags' : [ 0x40, ['unsigned long']],
+    'ForceFlags' : [ 0x44, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x48, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x4c, ['unsigned long']],
+    'Encoding' : [ 0x50, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x58, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x5c, ['unsigned long']],
+    'Signature' : [ 0x60, ['unsigned long']],
+    'SegmentReserve' : [ 0x64, ['unsigned long']],
+    'SegmentCommit' : [ 0x68, ['unsigned long']],
+    'DeCommitFreeBlockThreshold' : [ 0x6c, ['unsigned long']],
+    'DeCommitTotalFreeThreshold' : [ 0x70, ['unsigned long']],
+    'TotalFreeSize' : [ 0x74, ['unsigned long']],
+    'MaximumAllocationSize' : [ 0x78, ['unsigned long']],
+    'ProcessHeapsListIndex' : [ 0x7c, ['unsigned short']],
+    'HeaderValidateLength' : [ 0x7e, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0x80, ['pointer', ['void']]],
+    'NextAvailableTagIndex' : [ 0x84, ['unsigned short']],
+    'MaximumTagIndex' : [ 0x86, ['unsigned short']],
+    'TagEntries' : [ 0x88, ['pointer', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0x8c, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x94, ['unsigned long']],
+    'AlignMask' : [ 0x98, ['unsigned long']],
+    'VirtualAllocdBlocks' : [ 0x9c, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0xa4, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0xac, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0xb0, ['unsigned long']],
+    'BlocksIndex' : [ 0xb4, ['pointer', ['void']]],
+    'UCRIndex' : [ 0xb8, ['pointer', ['void']]],
+    'PseudoTagEntries' : [ 0xbc, ['pointer', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0xc0, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0xc8, ['pointer', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0xcc, ['pointer', ['void']]],
+    'StackTraceInitVar' : [ 0xd0, ['_RTL_RUN_ONCE']],
+    'FrontEndHeap' : [ 0xd4, ['pointer', ['void']]],
+    'FrontHeapLockCount' : [ 0xd8, ['unsigned short']],
+    'FrontEndHeapType' : [ 0xda, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0xdb, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0xdc, ['pointer', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0xe0, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0xe2, ['array', 257, ['unsigned char']]],
+    'Counters' : [ 0x1e4, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x240, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1b6b' : [ 0x38, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x38, {
+    'Lock' : [ 0x0, ['__unnamed_1b6b']],
+} ],
+  '_HEAP_ENTRY' : [ 0x8, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x40, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x20, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x8, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x10, ['unsigned long']],
+    'ReserveSize' : [ 0x14, ['unsigned long']],
+    'BusyBlock' : [ 0x18, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x10, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+    'FreeList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1bbe' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1bc0' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bbe']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1bc2' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1bc4' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1bc2']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1bc0']],
+    'u2' : [ 0x4, ['__unnamed_1bc4']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x20, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x14, ['pointer', ['void']]],
+    'DestroyProcedure' : [ 0x18, ['pointer', ['void']]],
+    'UsualSize' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_1be1' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1be3' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1be1']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x18, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'u1' : [ 0x8, ['__unnamed_1be3']],
+    'ResourceId' : [ 0x9, ['unsigned char']],
+    'CachedReferences' : [ 0xa, ['short']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Pad' : [ 0x10, ['unsigned long']],
+    'Lock' : [ 0x14, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1bf7' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bf9' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bf7']],
+} ],
+  '_KALPC_SECTION' : [ 0x28, {
+    'SectionObject' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'HandleTable' : [ 0x8, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0xc, ['pointer', ['void']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x14, ['pointer', ['_ALPC_PORT']]],
+    'u1' : [ 0x18, ['__unnamed_1bf9']],
+    'NumberOfRegions' : [ 0x1c, ['unsigned long']],
+    'RegionListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1c02' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c04' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c02']],
+} ],
+  '_KALPC_REGION' : [ 0x30, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x8, ['pointer', ['_KALPC_SECTION']]],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ViewSize' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_1c04']],
+    'NumberOfViews' : [ 0x1c, ['unsigned long']],
+    'ViewListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x28, ['pointer', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x2c, ['pointer', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1c0a' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c0c' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c0a']],
+} ],
+  '_KALPC_VIEW' : [ 0x34, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x8, ['pointer', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'Address' : [ 0x14, ['pointer', ['void']]],
+    'Size' : [ 0x18, ['unsigned long']],
+    'SecureViewHandle' : [ 0x1c, ['pointer', ['void']]],
+    'WriteAccessHandle' : [ 0x20, ['pointer', ['void']]],
+    'u1' : [ 0x24, ['__unnamed_1c0c']],
+    'NumberOfOwnerMessages' : [ 0x28, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x28, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x4, ['pointer', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0xc, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x14, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x24, ['pointer', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1c29' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c2b' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c29']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x11c, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x10, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x14, ['pointer', ['void']]],
+    'CompletionPacketLookaside' : [ 0x18, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x1c, ['pointer', ['void']]],
+    'StaticSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x60, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0x74, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0x7c, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0x80, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0x8c, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0x94, ['pointer', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'PortAttributes' : [ 0x98, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0xc4, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0xd0, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0xd4, ['pointer', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0xd8, ['pointer', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0xdc, ['pointer', ['void']]],
+    'CanceledQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0xe8, ['long']],
+    'ReferenceNo' : [ 0xec, ['long']],
+    'ReferenceNoWait' : [ 0xf0, ['pointer', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0xf4, ['__unnamed_1c2b']],
+    'TargetQueuePort' : [ 0xf8, ['pointer', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0xfc, ['pointer', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x100, ['pointer', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x104, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x108, ['unsigned long']],
+    'PendingQueueLength' : [ 0x10c, ['unsigned long']],
+    'DirectQueueLength' : [ 0x110, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x114, ['unsigned long']],
+    'WaitQueueLength' : [ 0x118, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x58, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x10, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x14, ['pointer', ['void']]],
+    'UserLimit' : [ 0x18, ['pointer', ['void']]],
+    'DataUserVa' : [ 0x1c, ['pointer', ['void']]],
+    'SystemVa' : [ 0x20, ['pointer', ['void']]],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'Header' : [ 0x28, ['pointer', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x2c, ['pointer', ['void']]],
+    'ListSize' : [ 0x30, ['unsigned long']],
+    'Bitmap' : [ 0x34, ['pointer', ['void']]],
+    'BitmapSize' : [ 0x38, ['unsigned long']],
+    'Data' : [ 0x3c, ['pointer', ['void']]],
+    'DataSize' : [ 0x40, ['unsigned long']],
+    'BitmapLimit' : [ 0x44, ['unsigned long']],
+    'BitmapNextHint' : [ 0x48, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x4c, ['unsigned long']],
+    'AttributeFlags' : [ 0x50, ['unsigned long']],
+    'AttributeSize' : [ 0x54, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ObjectName' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x10, ['pointer', ['void']]],
+    'SecurityQualityOfService' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0x90, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x10, ['pointer', ['void']]],
+    'Index' : [ 0x14, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x18, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x1c, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x20, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x24, ['unsigned long']],
+    'TypeInfo' : [ 0x28, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0x84, ['unsigned long']],
+    'CallbackList' : [ 0x88, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x14, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1c4e' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c50' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c4e']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x98, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'u1' : [ 0x14, ['__unnamed_1c50']],
+    'SequenceNo' : [ 0x18, ['long']],
+    'QuotaProcess' : [ 0x1c, ['pointer', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x1c, ['pointer', ['void']]],
+    'CancelSequencePort' : [ 0x20, ['pointer', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x24, ['pointer', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x28, ['long']],
+    'CancelListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x34, ['pointer', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x38, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0x60, ['pointer', ['void']]],
+    'CommunicationInfo' : [ 0x64, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0x68, ['pointer', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0x6c, ['pointer', ['_ETHREAD']]],
+    'WakeReference' : [ 0x70, ['pointer', ['void']]],
+    'WakeReference2' : [ 0x74, ['pointer', ['void']]],
+    'ExtensionBuffer' : [ 0x78, ['pointer', ['void']]],
+    'ExtensionBufferSize' : [ 0x7c, ['unsigned long']],
+    'PortMessage' : [ 0x80, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x24, {
+    'PortObject' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'Message' : [ 0x4, ['pointer', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'TargetPort' : [ 0x10, ['pointer', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x14, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalLength' : [ 0x1c, ['unsigned short']],
+    'Type' : [ 0x1e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x20, ['unsigned short']],
+    'SignalCompletion' : [ 0x22, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x23, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x4, ['unsigned long']],
+    'ViewBase' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x14, {
+    'OwnerPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x4, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Message' : [ 0xc, ['pointer', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x24, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x28, {
+    'ClientContext' : [ 0x0, ['pointer', ['void']]],
+    'ServerContext' : [ 0x4, ['pointer', ['void']]],
+    'PortContext' : [ 0x8, ['pointer', ['void']]],
+    'CancelPortContext' : [ 0xc, ['pointer', ['void']]],
+    'SecurityData' : [ 0x10, ['pointer', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x14, ['pointer', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x18, ['pointer', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x1c, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x20, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_1c94' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c96' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c94']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x50, {
+    'HandleTable' : [ 0x0, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x4, ['pointer', ['void']]],
+    'OwningProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x10, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x4c, ['__unnamed_1c96']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x4, {
+    'Event' : [ 0x0, ['unsigned long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x8, ['unsigned long']],
+    'KeyContext' : [ 0xc, ['pointer', ['void']]],
+    'ApcContext' : [ 0x10, ['pointer', ['void']]],
+    'IoStatus' : [ 0x14, ['long']],
+    'IoStatusInformation' : [ 0x18, ['unsigned long']],
+    'MiniPacketCallback' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Allocated' : [ 0x24, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x30, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer', ['void']]],
+    'DiskIoAttributionHandle' : [ 0xc, ['unsigned long']],
+    'ActivityId' : [ 0x10, ['_GUID']],
+    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x20, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x20, ['pointer', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x24, ['long long']],
+    'AdapterCryptoParameters' : [ 0x20, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+} ],
+  '_DRIVER_OBJECT' : [ 0xa8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DriverStart' : [ 0xc, ['pointer', ['void']]],
+    'DriverSize' : [ 0x10, ['unsigned long']],
+    'DriverSection' : [ 0x14, ['pointer', ['void']]],
+    'DriverExtension' : [ 0x18, ['pointer', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x1c, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x28, ['pointer', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x2c, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x30, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x34, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x38, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x14, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0xc, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x28, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+    'FoIoPriorityHint' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0x88, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x8, ['long']],
+    'Information' : [ 0xc, ['unsigned long']],
+    'ParseCheck' : [ 0x10, ['unsigned long']],
+    'RelatedFileObject' : [ 0x14, ['pointer', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x18, ['pointer', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x28, ['unsigned long']],
+    'FileAttributes' : [ 0x2c, ['unsigned short']],
+    'ShareAccess' : [ 0x2e, ['unsigned short']],
+    'EaBuffer' : [ 0x30, ['pointer', ['void']]],
+    'EaLength' : [ 0x34, ['unsigned long']],
+    'Options' : [ 0x38, ['unsigned long']],
+    'Disposition' : [ 0x3c, ['unsigned long']],
+    'BasicInformation' : [ 0x40, ['pointer', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x44, ['pointer', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x48, ['pointer', ['void']]],
+    'CreateFileType' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x50, ['pointer', ['void']]],
+    'Override' : [ 0x54, ['unsigned char']],
+    'QueryOnly' : [ 0x55, ['unsigned char']],
+    'DeleteOnly' : [ 0x56, ['unsigned char']],
+    'FullAttributes' : [ 0x57, ['unsigned char']],
+    'LocalFileObject' : [ 0x58, ['pointer', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x5c, ['unsigned long']],
+    'AccessMode' : [ 0x60, ['unsigned char']],
+    'DriverCreateContext' : [ 0x64, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileDesiredStorageClassInformation', 68: 'FileStatInformation', 69: 'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0x7c, ['unsigned long']],
+    'FilterQuery' : [ 0x80, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1d5f' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x110, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1d5f']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer', ['wchar']]],
+    'LogFileName' : [ 0x3c, ['pointer', ['wchar']]],
+    'TimeZone' : [ 0x40, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0xf8, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x108, ['unsigned long']],
+    'BuffersLost' : [ 0x10c, ['unsigned long']],
+} ],
+  '_RTL_HASH_TABLE' : [ 0xc, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x8, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0xc, {
+    'Hash' : [ 0x0, ['pointer', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x4, ['pointer', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x10, {
+    'Table' : [ 0x0, ['pointer', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x4, ['unsigned long']],
+    'EntryMax' : [ 0x8, ['unsigned long']],
+    'EntryCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x4, {
+    'Key' : [ 0x0, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x8, {
+    'QueueTail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStatePendingCompression', 5: 'EtwBufferStateCompressed', 6: 'EtwBufferStatePlaceholder', 7: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer', ['void']]],
+    'Pointer1' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x310, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 1, ['unsigned long']]],
+    'ErrorMarker' : [ 0x18, ['unsigned long']],
+    'SizeMask' : [ 0x1c, ['unsigned long']],
+    'GetCpuClock' : [ 0x20, ['pointer', ['void']]],
+    'LoggerThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x28, ['long']],
+    'FailureReason' : [ 0x2c, ['unsigned long']],
+    'BufferQueue' : [ 0x30, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x38, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x40, ['_LIST_ENTRY']],
+    'ProviderBinaryList' : [ 0x48, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x50, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x50, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x5c, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x64, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0x6c, ['_UNICODE_STRING']],
+    'ClockType' : [ 0x74, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0x78, ['unsigned long']],
+    'FlushTimer' : [ 0x7c, ['unsigned long']],
+    'FlushThreshold' : [ 0x80, ['unsigned long']],
+    'ByteOffset' : [ 0x88, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0x90, ['unsigned long']],
+    'BuffersAvailable' : [ 0x94, ['long']],
+    'NumberOfBuffers' : [ 0x98, ['long']],
+    'MaximumBuffers' : [ 0x9c, ['unsigned long']],
+    'EventsLost' : [ 0xa0, ['unsigned long']],
+    'PeakBuffersCount' : [ 0xa4, ['long']],
+    'BuffersWritten' : [ 0xa8, ['unsigned long']],
+    'LogBuffersLost' : [ 0xac, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xb0, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xb4, ['unsigned long']],
+    'SequencePtr' : [ 0xb8, ['pointer', ['long']]],
+    'LocalSequence' : [ 0xbc, ['unsigned long']],
+    'InstanceGuid' : [ 0xc0, ['_GUID']],
+    'MaximumFileSize' : [ 0xd0, ['unsigned long']],
+    'FileCounter' : [ 0xd4, ['long']],
+    'PoolType' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0xe0, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0xf0, ['long']],
+    'ProviderInfoSize' : [ 0xf4, ['unsigned long']],
+    'Consumers' : [ 0xf8, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x100, ['unsigned long']],
+    'TransitionConsumer' : [ 0x104, ['pointer', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x108, ['pointer', ['void']]],
+    'RealtimeLogfileName' : [ 0x10c, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x118, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x120, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x128, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x130, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x138, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x140, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x148, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x158, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x15c, ['_KEVENT']],
+    'FlushEvent' : [ 0x16c, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x180, ['_KTIMER']],
+    'LoggerDpc' : [ 0x1a8, ['_KDPC']],
+    'LoggerMutex' : [ 0x1c8, ['_KMUTANT']],
+    'LoggerLock' : [ 0x1e8, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x1ec, ['unsigned long']],
+    'BufferListPushLock' : [ 0x1ec, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x1f0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x22c, ['pointer', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x230, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x238, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x240, ['pointer', ['void']]],
+    'BufferSequenceNumber' : [ 0x248, ['long long']],
+    'Flags' : [ 0x250, ['unsigned long']],
+    'Persistent' : [ 0x250, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x250, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x250, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x250, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x250, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x250, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x250, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x250, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x250, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x250, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x250, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x250, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x250, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x250, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x250, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'SpareFlags1' : [ 0x250, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x250, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x250, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x250, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x254, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x254, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x254, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x254, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x254, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x254, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x254, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x254, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x254, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x254, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x254, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x254, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x254, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x254, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x258, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x260, ['pointer', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x264, ['pointer', ['_ETW_PMC_SUPPORT']]],
+    'WinRtProviderBinaryList' : [ 0x268, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x270, ['pointer', ['pointer', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x274, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x280, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x288, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x290, ['pointer', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x294, ['Enumeration', dict(target = 'long', choices = {0: 'EtwpPeriodicTimerUnset', 1: 'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x298, ['pointer', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x29c, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x2a0, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x2b0, ['long']],
+    'CompressionLock' : [ 0x2b4, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x2b8, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x2bc, ['pointer', ['void']]],
+    'CompressionOn' : [ 0x2c0, ['long']],
+    'CompressionRatioGuess' : [ 0x2c4, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x2c8, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x2cc, ['Enumeration', dict(target = 'long', choices = {0: 'EtwCompressionModeRestart', 1: 'EtwCompressionModeNoDisable', 2: 'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x2d0, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x2d4, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x2f8, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x300, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x308, ['_LARGE_INTEGER']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x34, {
+    'Source' : [ 0x0, ['array', -32, ['Enumeration', dict(target = 'long', choices = {0: 'ProfileTime', 1: 'ProfileAlignmentFixup', 2: 'ProfileTotalIssues', 3: 'ProfilePipelineDry', 4: 'ProfileLoadInstructions', 5: 'ProfilePipelineFrozen', 6: 'ProfileBranchInstructions', 7: 'ProfileTotalNonissues', 8: 'ProfileDcacheMisses', 9: 'ProfileIcacheMisses', 10: 'ProfileCacheMisses', 11: 'ProfileBranchMispredictions', 12: 'ProfileStoreInstructions', 13: 'ProfileFpInstructions', 14: 'ProfileIntegerInstructions', 15: 'Profile2Issue', 16: 'Profile3Issue', 17: 'Profile4Issue', 18: 'ProfileSpecialInstructions', 19: 'ProfileTotalCycles', 20: 'ProfileIcacheIssues', 21: 'ProfileDcacheAccesses', 22: 'ProfileMemoryBarrierCycles', 23: 'ProfileLoadLinkedIssues', 24: 'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x20, ['unsigned long']],
+    'HookId' : [ 0x24, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x2c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x30, ['array', 1, ['pointer', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0xac0, {
+    'SiloGlobals' : [ 0x0, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'EtwpSecurityProviderGuidEntry' : [ 0x8, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x170, ['array', 64, ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'WmipLoggerContext' : [ 0x270, ['array', 64, ['pointer', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x370, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0xa70, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0xa80, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0xa84, ['long']],
+    'EtwpSecurityProviderPID' : [ 0xa88, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0xa8c, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0xa9c, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0xab0, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0xab8, ['pointer', ['_ETW_SILO_TRACING_BLOCK']]],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x10, {
+    'RunRefs' : [ 0x0, ['pointer', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x4, ['pointer', ['void']]],
+    'RunRefSize' : [ 0x8, ['unsigned long']],
+    'Number' : [ 0xc, ['unsigned long']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x18, {
+    'SystemLogonSession' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x4, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x8, ['pointer', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0xc, ['pointer', ['void']]],
+    'UncSystemPaths' : [ 0x10, ['pointer', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x14, ['pointer', ['_CI_NGEN_PATHS']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x2a8, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x34, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x94, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x98, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0x9c, ['pointer', ['void']]],
+    'DynamicPart' : [ 0xa0, ['pointer', ['unsigned long']]],
+    'DefaultDacl' : [ 0xa4, ['pointer', ['_ACL']]],
+    'TokenType' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xb0, ['unsigned long']],
+    'TokenInUse' : [ 0xb4, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xb8, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xbc, ['unsigned long']],
+    'LogonSession' : [ 0xc0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xc4, ['_LUID']],
+    'SidHash' : [ 0xcc, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x154, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x1dc, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x1e0, ['pointer', ['void']]],
+    'Capabilities' : [ 0x1e4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x1e8, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x1ec, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x274, ['pointer', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x278, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x27c, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x280, ['pointer', ['void']]],
+    'TrustLinkedToken' : [ 0x284, ['pointer', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x288, ['pointer', ['void']]],
+    'TokenSidValues' : [ 0x28c, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x290, ['pointer', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x294, ['pointer', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x298, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x29c, ['pointer', ['void']]],
+    'VariablePart' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x6c, {
+    'Next' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x4, ['_LUID']],
+    'BuddyLogonId' : [ 0xc, ['_LUID']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'pDeviceMap' : [ 0x1c, ['pointer', ['_DEVICE_MAP']]],
+    'Token' : [ 0x20, ['pointer', ['void']]],
+    'AccountName' : [ 0x24, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x2c, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x34, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x40, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x44, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x48, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0x58, ['pointer', ['_EJOB']]],
+    'SiblingAuthId' : [ 0x5c, ['_LUID']],
+    'TokenList' : [ 0x64, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x20, {
+    'PointerCount' : [ 0x0, ['long']],
+    'HandleCount' : [ 0x4, ['long']],
+    'NextToFree' : [ 0x4, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0xc, ['unsigned char']],
+    'TraceFlags' : [ 0xd, ['unsigned char']],
+    'DbgRefTrace' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0xe, ['unsigned char']],
+    'Flags' : [ 0xf, ['unsigned char']],
+    'NewObject' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0xf, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0xf, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0xf, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0xf, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectCreateInfo' : [ 0x10, ['pointer', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x10, ['pointer', ['void']]],
+    'SecurityDescriptor' : [ 0x14, ['pointer', ['void']]],
+    'Body' : [ 0x18, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x10, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x8, {
+    'ExclusiveProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x8, {
+    'HandleCountDataBase' : [ 0x0, ['pointer', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x10, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x4, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0xc, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x10, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x8, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0xc, ['unsigned short']],
+    'Reserved1' : [ 0xe, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x8, {
+    'SecurityDescriptor' : [ 0x0, ['pointer', ['void']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x8, {
+    'Footer' : [ 0x0, ['pointer', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x18, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x10, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x8, {
+    'Context1' : [ 0x0, ['pointer', ['void']]],
+    'Context2' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x10, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x8, ['pointer', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0xc, ['unsigned char']],
+    'Padding1' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x18, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'EntryLink' : [ 0x8, ['pointer', ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0xc, ['unsigned long']],
+    'HashIndex' : [ 0x10, ['unsigned short']],
+    'DirectoryLocked' : [ 0x12, ['unsigned char']],
+    'LockedExclusive' : [ 0x13, ['unsigned char']],
+    'LockStateSignature' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0xb0, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x94, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x98, ['pointer', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x9c, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0xa0, ['pointer', ['void']]],
+    'SessionObject' : [ 0xa4, ['pointer', ['void']]],
+    'Flags' : [ 0xa8, ['unsigned long']],
+    'SessionId' : [ 0xac, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x1a4, {
+    'SystemDeviceMap' : [ 0x0, ['pointer', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x4, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x74, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0xc, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x4, ['pointer', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x8, ['pointer', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x418, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x8, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0xc, ['unsigned long']],
+    'ErrorCount' : [ 0x10, ['long']],
+    'RecordCount' : [ 0x14, ['unsigned long']],
+    'RecordLength' : [ 0x18, ['unsigned long']],
+    'PoolTag' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x24, ['pointer', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x28, ['pointer', ['void']]],
+    'SectionCount' : [ 0x2c, ['unsigned long']],
+    'SectionLength' : [ 0x30, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x38, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x40, ['unsigned long']],
+    'TotalErrors' : [ 0x44, ['unsigned long']],
+    'Deferred' : [ 0x48, ['unsigned char']],
+    'Descriptor' : [ 0x49, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xe4, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'ProcessorNumber' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x14, ['long']],
+    'ErrorSource' : [ 0x18, ['pointer', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x1c, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x48, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x20, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PepAcpiMemory', 1: 'PepAcpiIoPort', 2: 'PepAcpiInterrupt', 3: 'PepAcpiGpioIo', 4: 'PepAcpiGpioInt', 5: 'PepAcpiSpbI2c', 6: 'PepAcpiSpbSpi', 7: 'PepAcpiSpbUart', 8: 'PepAcpiExtendedMemory', 9: 'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0xc, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x10, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x14, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x8, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0xc, ['long']],
+    'HighWaterMark' : [ 0x10, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x18, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x8, ['unsigned long']],
+    'DpcQueueDepth' : [ 0xc, ['long']],
+    'DpcCount' : [ 0x10, ['unsigned long']],
+    'ActiveDpc' : [ 0x14, ['pointer', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_1f37' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x7000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_1f37']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x18, ['unsigned long']],
+    'NonPagablePages' : [ 0x1c, ['unsigned long']],
+    'CommittedPages' : [ 0x20, ['unsigned long']],
+    'PagedPoolStart' : [ 0x24, ['pointer', ['void']]],
+    'PagedPoolEnd' : [ 0x28, ['pointer', ['void']]],
+    'SessionObject' : [ 0x2c, ['pointer', ['void']]],
+    'SessionObjectHandle' : [ 0x30, ['pointer', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x34, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x44, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x48, ['unsigned long']],
+    'AttachCount' : [ 0x4c, ['unsigned long']],
+    'AttachGate' : [ 0x50, ['_KGATE']],
+    'WsListEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'PagedPoolInfo' : [ 0x68, ['_MM_PAGED_POOL_INFO']],
+    'Lookaside' : [ 0xc0, ['array', 24, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xcc0, ['_MMSESSION']],
+    'Vm' : [ 0xd00, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0xdc0, ['_MMWSL_INSTANCE']],
+    'PagedPool' : [ 0xe00, ['_POOL_DESCRIPTOR']],
+    'DriverUnload' : [ 0x1f40, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PageTables' : [ 0x1f48, ['array', 1024, ['_MMPTE']]],
+    'PagedPoolBitBuffer' : [ 0x3f48, ['array', 32, ['unsigned long']]],
+    'SpecialPool' : [ 0x3fc8, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x4008, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x400c, ['long']],
+    'PagedPoolPdeCount' : [ 0x4010, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x4014, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x4018, ['unsigned long']],
+    'SystemPteInfo' : [ 0x401c, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x4054, ['pointer', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x4058, ['unsigned long']],
+    'PoolTrackBigPages' : [ 0x405c, ['pointer', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x4060, ['unsigned long']],
+    'IoState' : [ 0x4064, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x4068, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x406c, ['_KEVENT']],
+    'ServerSilo' : [ 0x407c, ['pointer', ['_EJOB']]],
+    'CreateTime' : [ 0x4080, ['unsigned long long']],
+    'PoolTags' : [ 0x5000, ['array', 8192, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x130, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x12c, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer', ['void']]],
+    'OpenProcedure' : [ 0x34, ['pointer', ['void']]],
+    'CloseProcedure' : [ 0x38, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x3c, ['pointer', ['void']]],
+    'ParseProcedure' : [ 0x40, ['pointer', ['void']]],
+    'ParseProcedureEx' : [ 0x40, ['pointer', ['void']]],
+    'SecurityProcedure' : [ 0x44, ['pointer', ['void']]],
+    'QueryNameProcedure' : [ 0x48, ['pointer', ['void']]],
+    'OkayToCloseProcedure' : [ 0x4c, ['pointer', ['void']]],
+    'WaitObjectFlagMask' : [ 0x50, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x54, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x56, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x30, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0xc, ['unsigned long']],
+    'EntryOffset' : [ 0xc, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0xd, ['unsigned char']],
+    'WaitingBit' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0xe, ['unsigned char']],
+    'AcquiredBit' : [ 0xe, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0xf, ['unsigned char']],
+    'HeadNodeBit' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x10, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x10, ['pointer', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x10, ['unsigned char']],
+    'Reserved' : [ 0x11, ['array', 2, ['unsigned char']]],
+    'InTreeByte' : [ 0x13, ['unsigned char']],
+    'SessionState' : [ 0x14, ['pointer', ['void']]],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'OwnerTree' : [ 0x18, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x20, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x18, ['unsigned char']],
+    'EntryLock' : [ 0x28, ['unsigned long']],
+    'BoostBitmap' : [ 0x2c, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x40, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'TagIndex' : [ 0xc, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xe, ['unsigned short']],
+    'TagName' : [ 0x10, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RfgControlStack' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x5c, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long']],
+    'TotalMemoryCommitted' : [ 0x4, ['unsigned long']],
+    'TotalMemoryLargeUCR' : [ 0x8, ['unsigned long']],
+    'TotalSizeInVirtualBlocks' : [ 0xc, ['unsigned long']],
+    'TotalSegments' : [ 0x10, ['unsigned long']],
+    'TotalUCRs' : [ 0x14, ['unsigned long']],
+    'CommittOps' : [ 0x18, ['unsigned long']],
+    'DeCommitOps' : [ 0x1c, ['unsigned long']],
+    'LockAcquires' : [ 0x20, ['unsigned long']],
+    'LockCollisions' : [ 0x24, ['unsigned long']],
+    'CommitRate' : [ 0x28, ['unsigned long']],
+    'DecommittRate' : [ 0x2c, ['unsigned long']],
+    'CommitFailures' : [ 0x30, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x34, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x38, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x3c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x40, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x44, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x48, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x4c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x50, ['unsigned long']],
+    'HighWatermarkSize' : [ 0x54, ['unsigned long']],
+    'LastPolledSize' : [ 0x58, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0xc, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x18, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'Irp' : [ 0xc, ['pointer', ['_IRP']]],
+    'Device' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x14, ['unsigned char']],
+} ],
+  '__unnamed_1f9d' : [ 0x10, {
+    'CallerCompletion' : [ 0x0, ['pointer', ['void']]],
+    'CallerContext' : [ 0x4, ['pointer', ['void']]],
+    'CallerDevice' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0xc, ['unsigned char']],
+} ],
+  '__unnamed_1fa0' : [ 0x8, {
+    'NotifyDevice' : [ 0x0, ['pointer', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x4, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x18, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x20, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'MinorFunction' : [ 0x68, ['unsigned char']],
+    'PowerStateType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'PowerState' : [ 0x70, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0x74, ['unsigned char']],
+    'FxDevice' : [ 0x78, ['pointer', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0x7c, ['unsigned char']],
+    'NotifyPEP' : [ 0x7d, ['unsigned char']],
+    'Device' : [ 0x80, ['__unnamed_1f9d']],
+    'System' : [ 0x80, ['__unnamed_1fa0']],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CLIENT_ID' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['pointer', ['void']]],
+    'UniqueThread' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x1c, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['unsigned long']],
+    'NonPagedFrees' : [ 0x8, ['unsigned long']],
+    'NonPagedBytes' : [ 0xc, ['unsigned long']],
+    'PagedAllocs' : [ 0x10, ['unsigned long']],
+    'PagedFrees' : [ 0x14, ['unsigned long']],
+    'PagedBytes' : [ 0x18, ['unsigned long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_STACK_TABLE' : [ 0x8040, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x4, ['array', 16, ['pointer', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x44, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x150, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0x54, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x60, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x64, ['pointer', ['void']]],
+    'IdleExecute' : [ 0x68, ['pointer', ['void']]],
+    'IdlePreselect' : [ 0x6c, ['pointer', ['void']]],
+    'IdleTest' : [ 0x70, ['pointer', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x74, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x78, ['pointer', ['void']]],
+    'IdleCancel' : [ 0x7c, ['pointer', ['void']]],
+    'IdleIsHalted' : [ 0x80, ['pointer', ['void']]],
+    'IdleInitiateWake' : [ 0x84, ['pointer', ['void']]],
+    'PrepareInfo' : [ 0x88, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0xd8, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0xe4, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0xe8, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0xec, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0xf4, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0xfc, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x10c, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x1c, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1ff3' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeGenericV2', 13: 'WheaErrSrcTypeSCIGenericV2', 14: 'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: 'WheaErrSrcStateStopped', 2: 'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_1ff3']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0x80, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer', ['void']]],
+    'ThreadOwner' : [ 0xc, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x20, ['array', 8, ['pointer', ['void']]]],
+    'LastAcquireTrace' : [ 0x40, ['array', 8, ['pointer', ['void']]]],
+    'LastReleaseTrace' : [ 0x60, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x9c, {
+    'ProcessCid' : [ 0x0, ['pointer', ['void']]],
+    'ThreadCid' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x18, ['unsigned long']],
+    'CreateTrace' : [ 0x1c, ['array', 30, ['unsigned long']]],
+    'Count' : [ 0x94, ['long']],
+    'CaptureCount' : [ 0x98, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0xa0, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x20, ['array', 128, ['unsigned char']]],
+} ],
+  '_VF_BTS_DATA_MANAGEMENT_AREA' : [ 0x34, {
+    'BTSBufferBase' : [ 0x0, ['pointer', ['void']]],
+    'BTSIndex' : [ 0x4, ['pointer', ['void']]],
+    'BTSMax' : [ 0x8, ['pointer', ['void']]],
+    'BTSInterruptThreshold' : [ 0xc, ['pointer', ['void']]],
+    'PEBSBufferBase' : [ 0x10, ['pointer', ['void']]],
+    'PEBSIndex' : [ 0x14, ['pointer', ['void']]],
+    'PEBSMax' : [ 0x18, ['pointer', ['void']]],
+    'PEBSInterruptThreshold' : [ 0x1c, ['pointer', ['void']]],
+    'PEBSCounterReset' : [ 0x20, ['array', 2, ['pointer', ['void']]]],
+    'Reserved' : [ 0x28, ['array', 12, ['unsigned char']]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x180, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x40, ['pointer', ['_KDPC']]],
+    'ChildList' : [ 0x44, ['_LIST_ENTRY']],
+    'Parent' : [ 0x4c, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x8, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x4, ['pointer', ['pointer', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x130, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x8, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0xc, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x10, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x98, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x120, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x124, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x128, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x12c, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x4, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x8, ['pointer', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x10, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Lock' : [ 0x8, ['unsigned long']],
+    'Valid' : [ 0xc, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x24, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'EntryDescriptor' : [ 0x10, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x1c, ['unsigned long']],
+    'Handles' : [ 0x20, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0xc, {
+    'IdealMask' : [ 0x0, ['unsigned long']],
+    'PreferredMask' : [ 0x4, ['unsigned long']],
+    'AvailableMask' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMSESSION' : [ 0x14, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x4, ['pointer', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0xc, ['unsigned long']],
+    'BitmapFailures' : [ 0x10, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x14, {
+    'CompletionRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'RequestorMode' : [ 0xc, ['unsigned char']],
+    'NestingLevel' : [ 0x10, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0xc, {
+    'DirtyPages' : [ 0x0, ['unsigned long']],
+    'DirtyPagesLastScan' : [ 0x4, ['unsigned long']],
+    'DirtyPagesScheduledLastScan' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x8, {
+    'Sid' : [ 0x0, ['pointer', ['void']]],
+    'Attributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_MAP' : [ 0x38, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x4, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x8, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'DriveMap' : [ 0x10, ['unsigned long']],
+    'DriveType' : [ 0x14, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x34, ['pointer', ['_EJOB']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0xc, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x4, ['pointer', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x8, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x10, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0xc, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x10, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x4, ['unsigned long']],
+    'Run' : [ 0x8, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0xc, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x4, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x14, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer', ['void']]],
+    'OverQuotaHistory' : [ 0x4, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x8, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x8, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x4, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x30, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x4, ['unsigned long']],
+    'SenderPort' : [ 0x8, ['pointer', ['void']]],
+    'RepliedToThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'PortContext' : [ 0x10, ['pointer', ['void']]],
+    'Request' : [ 0x18, ['_PORT_MESSAGE']],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x20, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0xc, ['unsigned long']],
+    'CollectMultiple' : [ 0x10, ['unsigned char']],
+    'Buffer' : [ 0x14, ['pointer', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x1c, {
+    'ObjectHeader' : [ 0x0, ['pointer', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x18, ['unsigned short']],
+    'MaxStacks' : [ 0x1a, ['unsigned short']],
+    'StackInfo' : [ 0x1c, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_PROVIDER_BINARY_ENTRY' : [ 0x2c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x8, ['unsigned char']],
+    'Spare' : [ 0x9, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0xc, ['unsigned long']],
+    'DebugId' : [ 0x10, ['_CVDD']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['unsigned long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x19c, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_VF_BTS_RECORD' : [ 0xc, {
+    'JumpedFrom' : [ 0x0, ['pointer', ['void']]],
+    'JumpedTo' : [ 0x4, ['pointer', ['void']]],
+    'Unused1' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Predicted' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Unused2' : [ 0x8, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x2c, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long']],
+    'MemoryBandwidth' : [ 0x14, ['unsigned long']],
+    'MaxPoolUsage' : [ 0x18, ['unsigned long']],
+    'MaxSectionSize' : [ 0x1c, ['unsigned long']],
+    'MaxViewSize' : [ 0x20, ['unsigned long']],
+    'MaxTotalSectionSize' : [ 0x24, ['unsigned long']],
+    'DupObjectTypes' : [ 0x28, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x44, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['long']],
+    'Dpc' : [ 0x10, ['_KDPC']],
+    'WorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0xc, ['pointer', ['void']]],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x4, {
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXHANDLE' : [ 0x4, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Group' : [ 0x8, ['pointer', ['void']]],
+    'Sacl' : [ 0xc, ['pointer', ['_ACL']]],
+    'Dacl' : [ 0x10, ['pointer', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x4c, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x4, ['_KMUTANT']],
+    'Lock' : [ 0x24, ['_FAST_MUTEX']],
+    'List' : [ 0x44, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x8, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x10, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x1c, ['unsigned char']],
+    'DeviceObject' : [ 0x20, ['pointer', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x24, ['pointer', ['wchar']]],
+    'DriverName' : [ 0x28, ['pointer', ['wchar']]],
+    'ChildCount' : [ 0x2c, ['unsigned long']],
+    'ActiveChild' : [ 0x30, ['unsigned long']],
+    'ParentCount' : [ 0x34, ['unsigned long']],
+    'ActiveParent' : [ 0x38, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x19c, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x4, ['pointer', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x8, ['pointer', ['_HMAP_TABLE']]],
+    'Guard' : [ 0xc, ['unsigned long']],
+    'FreeDisplay' : [ 0x10, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x190, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x198, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+    'SecureInfo' : [ 0x4, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x4, ['_RTL_BITMAP']],
+    'InPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x4, ['_MI_LARGEPAGE_IMAGE_INFO']],
+    'CreatingThread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'PebTebRfg' : [ 0x4, ['_MI_SUB64K_FREE_RANGES']],
+    'RfgProtectedStack' : [ 0x4, ['_MI_RFG_PROTECTED_STACK']],
+    'WaitReason' : [ 0x24, ['unsigned long']],
+} ],
+  '__unnamed_20e3' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_20e6' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_20e8' : [ 0x4, {
+    'AlignmentNoAccessPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SUBSECTION' : [ 0x28, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0xc, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0xc, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0xc, ['pointer', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x10, ['__unnamed_20e3']],
+    'StartingSector' : [ 0x14, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x18, ['unsigned long']],
+    'PtesInSubsection' : [ 0x1c, ['unsigned long']],
+    'u1' : [ 0x20, ['__unnamed_20e6']],
+    'UnusedPtes' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x24, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u2' : [ 0x24, ['__unnamed_20e8']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x4, ['unsigned long']],
+    'RequestPacket' : [ 0x8, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x18, ['pointer', ['long']]],
+    'NodeTargetCount' : [ 0x1c, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x4, ['_LIST_ENTRY']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0xc, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x4, ['pointer', ['void']]],
+    'DataLength' : [ 0x8, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x38, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'Reserved3' : [ 0x10, ['array', 4, ['pointer', ['void']]]],
+    'Reserved4' : [ 0x20, ['array', 4, ['unsigned long']]],
+    'Reserved6' : [ 0x30, ['array', 2, ['pointer', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x8, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x18, {
+    'AllocAddress' : [ 0x0, ['unsigned long']],
+    'AllocTag' : [ 0x4, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x8, ['unsigned long']],
+    'ReAllocTag' : [ 0xc, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x10, ['unsigned long']],
+    'FreeTag' : [ 0x14, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x30, {
+    'LsaProcessHandle' : [ 0x0, ['pointer', ['void']]],
+    'LsaCommandPortHandle' : [ 0x4, ['pointer', ['void']]],
+    'SepRmThreadHandle' : [ 0x8, ['pointer', ['void']]],
+    'RmCommandPortHandle' : [ 0xc, ['pointer', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x10, ['pointer', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x14, ['pointer', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x20, ['pointer', ['void']]],
+    'RmViewPortMemory' : [ 0x24, ['pointer', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x28, ['long']],
+    'LsaCommandPortActive' : [ 0x2c, ['unsigned char']],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x18, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x8, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0xc, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x58, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x10, ['pointer', ['void']]],
+    'Tm' : [ 0x14, ['pointer', ['void']]],
+    'RmHandle' : [ 0x18, ['pointer', ['void']]],
+    'KtmRm' : [ 0x1c, ['pointer', ['void']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'ContainerNum' : [ 0x24, ['unsigned long']],
+    'ContainerSize' : [ 0x28, ['unsigned long long']],
+    'CmHive' : [ 0x30, ['pointer', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x34, ['pointer', ['void']]],
+    'MarshallingContext' : [ 0x38, ['pointer', ['void']]],
+    'RmFlags' : [ 0x3c, ['unsigned long']],
+    'LogStartStatus1' : [ 0x40, ['long']],
+    'LogStartStatus2' : [ 0x44, ['long']],
+    'BaseLsn' : [ 0x48, ['unsigned long long']],
+    'RmLock' : [ 0x50, ['pointer', ['_ERESOURCE']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x1c, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x4, ['_RTL_BITMAP']],
+    'FirstPteForPagedPool' : [ 0xc, ['pointer', ['_MMPTE']]],
+    'MaximumSize' : [ 0x10, ['unsigned long']],
+    'PagedPoolHint' : [ 0x14, ['unsigned long']],
+    'AllocatedPagedPool' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x44, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xc, ['_UNICODE_STRING']],
+    'Latency' : [ 0x14, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x18, ['unsigned long']],
+    'Power' : [ 0x1c, ['unsigned long']],
+    'StateFlags' : [ 0x20, ['unsigned long']],
+    'VetoAccounting' : [ 0x24, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0x3c, ['unsigned char']],
+    'InterruptsEnabled' : [ 0x3d, ['unsigned char']],
+    'Interruptible' : [ 0x3e, ['unsigned char']],
+    'ContextRetained' : [ 0x3f, ['unsigned char']],
+    'CacheCoherent' : [ 0x40, ['unsigned char']],
+    'WakesSpuriously' : [ 0x41, ['unsigned char']],
+    'PlatformOnly' : [ 0x42, ['unsigned char']],
+    'NoCState' : [ 0x43, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['unsigned long']],
+    'RealKcb' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_211c' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_211e' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_211c']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0xb0, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x4, ['pointer', ['void']]],
+    'EtwHandlesListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_211e']],
+    'Signature' : [ 0x14, ['unsigned long']],
+    'PoolPageHeaders' : [ 0x18, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x20, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x28, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x2c, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x30, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x34, ['unsigned long']],
+    'PagedBytes' : [ 0x38, ['unsigned long']],
+    'NonPagedBytes' : [ 0x3c, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x40, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x44, ['unsigned long']],
+    'RaiseIrqls' : [ 0x48, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x4c, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x50, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x54, ['unsigned long']],
+    'AllocationsFailed' : [ 0x58, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x5c, ['unsigned long']],
+    'LockedBytes' : [ 0x60, ['unsigned long']],
+    'PeakLockedBytes' : [ 0x64, ['unsigned long']],
+    'MappedLockedBytes' : [ 0x68, ['unsigned long']],
+    'PeakMappedLockedBytes' : [ 0x6c, ['unsigned long']],
+    'MappedIoSpaceBytes' : [ 0x70, ['unsigned long']],
+    'PeakMappedIoSpaceBytes' : [ 0x74, ['unsigned long']],
+    'PagesForMdlBytes' : [ 0x78, ['unsigned long']],
+    'PeakPagesForMdlBytes' : [ 0x7c, ['unsigned long']],
+    'ContiguousMemoryBytes' : [ 0x80, ['unsigned long']],
+    'PeakContiguousMemoryBytes' : [ 0x84, ['unsigned long']],
+    'ContiguousMemoryListHead' : [ 0x88, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0xa4, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xa8, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Luid' : [ 0x10, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x18, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x20, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0xc, {
+    'DynamicRelocations' : [ 0x0, ['pointer', ['void']]],
+    'SecurityContext' : [ 0x4, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x8, ['unsigned long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderZero', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderVsmMemory', 30: 'LoaderFirmwareCode', 31: 'LoaderFirmwareData', 32: 'LoaderFirmwareReserved', 33: 'LoaderEnclaveMemory', 34: 'LoaderFirmwareKsr', 35: 'LoaderEnclaveKsr', 36: 'LoaderMaximum'})]],
+    'BasePage' : [ 0xc, ['unsigned long']],
+    'PageCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x30, {
+    'ScopeMap' : [ 0x0, ['pointer', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x4, ['pointer', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x8, ['pointer', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x10, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x18, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x20, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x28, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x8, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_DELAY_ACK_FO' : [ 0xc, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x10, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Processor' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Instrumented' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x10, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x28, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long']],
+    'DirtyPageThresholdTop' : [ 0x4, ['unsigned long']],
+    'DirtyPageThresholdBottom' : [ 0x8, ['unsigned long']],
+    'DirtyPageTarget' : [ 0xc, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x10, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x18, ['unsigned long long']],
+    'AvailableHistory' : [ 0x20, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x4c, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0xc, ['pointer', ['_MDL']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'StackTrace' : [ 0x24, ['array', 8, ['pointer', ['void']]]],
+    'Who' : [ 0x44, ['unsigned long']],
+    'Process' : [ 0x48, ['pointer', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x2cc, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+    'Dr0' : [ 0x4, ['unsigned long']],
+    'Dr1' : [ 0x8, ['unsigned long']],
+    'Dr2' : [ 0xc, ['unsigned long']],
+    'Dr3' : [ 0x10, ['unsigned long']],
+    'Dr6' : [ 0x14, ['unsigned long']],
+    'Dr7' : [ 0x18, ['unsigned long']],
+    'FloatSave' : [ 0x1c, ['_FLOATING_SAVE_AREA']],
+    'SegGs' : [ 0x8c, ['unsigned long']],
+    'SegFs' : [ 0x90, ['unsigned long']],
+    'SegEs' : [ 0x94, ['unsigned long']],
+    'SegDs' : [ 0x98, ['unsigned long']],
+    'Edi' : [ 0x9c, ['unsigned long']],
+    'Esi' : [ 0xa0, ['unsigned long']],
+    'Ebx' : [ 0xa4, ['unsigned long']],
+    'Edx' : [ 0xa8, ['unsigned long']],
+    'Ecx' : [ 0xac, ['unsigned long']],
+    'Eax' : [ 0xb0, ['unsigned long']],
+    'Ebp' : [ 0xb4, ['unsigned long']],
+    'Eip' : [ 0xb8, ['unsigned long']],
+    'SegCs' : [ 0xbc, ['unsigned long']],
+    'EFlags' : [ 0xc0, ['unsigned long']],
+    'Esp' : [ 0xc4, ['unsigned long']],
+    'SegSs' : [ 0xc8, ['unsigned long']],
+    'ExtendedRegisters' : [ 0xcc, ['array', 512, ['unsigned char']]],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0x80, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0xc, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x2c, ['unsigned long']],
+    'TraceDb' : [ 0x30, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x10, {
+    'Handles' : [ 0x0, ['pointer', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x10, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '__unnamed_216c' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_216e' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_216c']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_216e']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0xc, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long']],
+    'NumberOfProcessReferences' : [ 0x4, ['unsigned long']],
+    'ClonePtes' : [ 0x8, ['pointer', ['_MMCLONE_BLOCK']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x3b00, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x500, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x640, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x6ac, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x16e8, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x1740, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1800, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x2d00, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0x2d18, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0x2d20, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x2d58, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x2da0, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x2e80, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x2f00, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x2f90, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x3000, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x3140, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x3180, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x31b8, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x3200, ['_MI_SYSTEM_TRIM_STATE']],
+    'Cookie' : [ 0x3240, ['unsigned long']],
+    'BootRegistryRuns' : [ 0x3244, ['pointer', ['pointer', ['void']]]],
+    'ZeroingDisabled' : [ 0x3248, ['long']],
+    'FullyInitialized' : [ 0x324c, ['unsigned char']],
+    'SafeBooted' : [ 0x324d, ['unsigned char']],
+    'PfnBitMap' : [ 0x3250, ['_RTL_BITMAP']],
+    'TraceLogging' : [ 0x3258, ['pointer', ['_TlgProvider_t']]],
+    'Vs' : [ 0x3280, ['_MI_VISIBLE_STATE']],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x300, {
+    'ProcessorBuffers' : [ 0x0, ['array', 64, ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x100, ['array', 64, ['unsigned long long']]],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x10, ['_KEVENT']],
+} ],
+  '__unnamed_219c' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_219e' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_219c']],
+} ],
+  '__unnamed_21a0' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_219e']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_21a0']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x1000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_21a8' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_21a8']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x8, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_LARGEPAGE_IMAGE_INFO' : [ 0x8, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_21b5' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x18, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long']],
+    'NodeCount' : [ 0x4, ['unsigned long']],
+    'Tables' : [ 0x8, ['pointer', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0xc, ['unsigned long']],
+    'UseSessionId' : [ 0x10, ['unsigned char']],
+    'u1' : [ 0x14, ['__unnamed_21b5']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x10, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x4, ['pointer', ['void']]],
+    'AcquireForReadAhead' : [ 0x8, ['pointer', ['void']]],
+    'ReleaseFromReadAhead' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x8c, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0x68, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x58, {
+    'SystemDllBase' : [ 0x0, ['pointer', ['void']]],
+    'ColorSeed' : [ 0x4, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0x8, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x20, ['pointer', ['_MMPTE']]],
+    'FreePaeEntries' : [ 0x24, ['unsigned long']],
+    'FirstFreePae' : [ 0x28, ['_PAE_ENTRY']],
+    'AllocatedPaePages' : [ 0x48, ['long']],
+    'PaeLock' : [ 0x4c, ['unsigned long']],
+    'PaeEntrySList' : [ 0x50, ['_SLIST_HEADER']],
+} ],
+  '_KIDTENTRY' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'Access' : [ 0x4, ['unsigned short']],
+    'ExtendedOffset' : [ 0x6, ['unsigned short']],
+} ],
+  '_IO_TIMER' : [ 0x18, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x4, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x8, {
+    'ExceptionRecord' : [ 0x0, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x4, ['pointer', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long']],
+    'PipelinedReadAheadRequestSize' : [ 0x54, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x58, ['unsigned long']],
+    'PrivateLinks' : [ 0x5c, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x168, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x8, ['long']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'RegListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x24, ['pointer', ['void']]],
+    'LastEnable' : [ 0x28, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x28, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x38, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x58, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x158, ['pointer', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x15c, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x164, ['pointer', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0xa8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x4, ['pointer', ['_KEVENT']]],
+    'Name' : [ 0x8, ['pointer', ['wchar']]],
+    'OrderingName' : [ 0xc, ['pointer', ['wchar']]],
+    'ResourceType' : [ 0x10, ['long']],
+    'Allocation' : [ 0x14, ['pointer', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x18, ['pointer', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x1c, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x24, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x2c, ['long']],
+    'Interface' : [ 0x30, ['pointer', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x34, ['unsigned long']],
+    'AllocationStack' : [ 0x38, ['pointer', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x3c, ['pointer', ['void']]],
+    'PackResource' : [ 0x40, ['pointer', ['void']]],
+    'UnpackResource' : [ 0x44, ['pointer', ['void']]],
+    'ScoreRequirement' : [ 0x48, ['pointer', ['void']]],
+    'TestAllocation' : [ 0x4c, ['pointer', ['void']]],
+    'RetestAllocation' : [ 0x50, ['pointer', ['void']]],
+    'CommitAllocation' : [ 0x54, ['pointer', ['void']]],
+    'RollbackAllocation' : [ 0x58, ['pointer', ['void']]],
+    'BootAllocation' : [ 0x5c, ['pointer', ['void']]],
+    'QueryArbitrate' : [ 0x60, ['pointer', ['void']]],
+    'QueryConflict' : [ 0x64, ['pointer', ['void']]],
+    'AddReserved' : [ 0x68, ['pointer', ['void']]],
+    'StartArbiter' : [ 0x6c, ['pointer', ['void']]],
+    'PreprocessEntry' : [ 0x70, ['pointer', ['void']]],
+    'AllocateEntry' : [ 0x74, ['pointer', ['void']]],
+    'GetNextAllocationRange' : [ 0x78, ['pointer', ['void']]],
+    'FindSuitableRange' : [ 0x7c, ['pointer', ['void']]],
+    'AddAllocation' : [ 0x80, ['pointer', ['void']]],
+    'BacktrackAllocation' : [ 0x84, ['pointer', ['void']]],
+    'OverrideConflict' : [ 0x88, ['pointer', ['void']]],
+    'InitializeRangeList' : [ 0x8c, ['pointer', ['void']]],
+    'TransactionInProgress' : [ 0x90, ['unsigned char']],
+    'TransactionEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'Extension' : [ 0x98, ['pointer', ['void']]],
+    'BusDeviceObject' : [ 0x9c, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0xa0, ['pointer', ['void']]],
+    'ConflictCallback' : [ 0xa4, ['pointer', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x3c, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0xc, ['pointer', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x10, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x11, ['unsigned char']],
+    'ServerIsRemote' : [ 0x12, ['unsigned char']],
+    'ClientTokenControl' : [ 0x14, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x40, {
+    'Address' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0xc, ['array', 13, ['pointer', ['void']]]],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0x6c, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x8, ['_KMUTANT']],
+    'FixupLock' : [ 0x28, ['long']],
+    'FirstLoadEver' : [ 0x2c, ['unsigned char']],
+    'LargePageAll' : [ 0x2d, ['unsigned char']],
+    'LastPage' : [ 0x30, ['unsigned long']],
+    'LargePageList' : [ 0x34, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x3c, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x44, ['pointer', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x4c, ['array', 2, ['pointer', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x54, ['unsigned long']],
+    'PageCounts' : [ 0x58, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x24, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x44, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x18, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x1c, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x20, ['pointer', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Lock' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x2c, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x30, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x31, ['unsigned char']],
+    'LightestSleepState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x38, ['pointer', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x3c, ['unsigned char']],
+    'DeleteType' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'QueryRemoveDevice', 1: 'CancelRemoveDevice', 2: 'RemoveDevice', 3: 'SurpriseRemoveDevice', 4: 'EjectDevice', 5: 'RemoveFailedDevice', 6: 'RemoveUnstartedFailedDevice', 7: 'MaxDeviceDeleteType'})]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x24, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x8, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'PostRoutine' : [ 0x18, ['pointer', ['void']]],
+    'Context1' : [ 0x1c, ['pointer', ['void']]],
+    'Context2' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x18, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x4, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0xc, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x28, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x8, ['unsigned long']],
+    'SyncCallback' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'DeviceContext' : [ 0x14, ['pointer', ['void']]],
+    'NumberOfMapRegisters' : [ 0x18, ['unsigned long']],
+    'DeviceObject' : [ 0x1c, ['pointer', ['void']]],
+    'CurrentIrp' : [ 0x20, ['pointer', ['void']]],
+    'BufferChainingDpc' : [ 0x24, ['pointer', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x1b8, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Node' : [ 0x19c, ['pointer', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x1a0, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x1a4, ['unsigned long']],
+    'ThreadCount' : [ 0x1a8, ['long']],
+    'MinThreads' : [ 0x1ac, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x1ac, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x1b0, ['long']],
+    'QueueIndex' : [ 0x1b4, ['Enumeration', dict(target = 'long', choices = {0: 'ExPoolUntrusted', 1: 'IoPoolUntrusted', 2: 'ExPoolTrusted', 8: 'ExPoolMax'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x4, {
+    'Head' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'ActiveCount' : [ 0x8, ['unsigned long']],
+    'PendingNullCount' : [ 0xc, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x10, ['unsigned long']],
+    'PendingDelete' : [ 0x14, ['unsigned long']],
+    'FreeListHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x1c, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x20, ['pointer', ['void']]],
+    'Entry' : [ 0x24, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x80, {
+    'DriverInit' : [ 0x0, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x4, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x8, ['pointer', ['void']]],
+    'AddDevice' : [ 0xc, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x10, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x38, {
+    'PartitionLock' : [ 0x0, ['unsigned long']],
+    'PartitionIdLock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x8, ['unsigned long long']],
+    'PartitionList' : [ 0x10, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x18, ['pointer', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x1c, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x24, ['array', 1, ['pointer', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x28, ['pointer', ['pointer', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x2c, ['unsigned long']],
+    'CrossPartitionDenials' : [ 0x30, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x34, ['unsigned char']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x2e8, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+    'State' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+    'Removing' : [ 0x22, ['unsigned char']],
+    'Mode' : [ 0x23, ['unsigned char']],
+    'PendingMode' : [ 0x24, ['unsigned char']],
+    'ActivePoint' : [ 0x25, ['unsigned char']],
+    'PendingActivePoint' : [ 0x26, ['unsigned char']],
+    'Critical' : [ 0x27, ['unsigned char']],
+    'ThermalStandby' : [ 0x28, ['unsigned char']],
+    'OverThrottled' : [ 0x29, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x2c, ['long']],
+    'Throttle' : [ 0x30, ['long']],
+    'PendingThrottle' : [ 0x34, ['long']],
+    'ThrottleReasons' : [ 0x38, ['unsigned long']],
+    'LastPassiveTime' : [ 0x40, ['unsigned long long']],
+    'SampleRate' : [ 0x48, ['unsigned long']],
+    'LastTemp' : [ 0x4c, ['unsigned long']],
+    'Info' : [ 0x50, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xac, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xc4, ['unsigned char']],
+    'PollingRate' : [ 0xc8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xd0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xd8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0xe0, ['unsigned long long']],
+    'WorkItem' : [ 0xe8, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0xf8, ['_KTIMER2']],
+    'Lock' : [ 0x150, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x158, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x168, ['_KEVENT']],
+    'InstanceId' : [ 0x178, ['unsigned long']],
+    'TelemetryTracker' : [ 0x180, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x2e0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'BusExtension' : [ 0x4, ['pointer', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x10, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'SidCount' : [ 0x8, ['unsigned long']],
+    'SidValuesStart' : [ 0xc, ['unsigned long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'DontUse0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'PointerProtoPte' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x4, {
+    'Function' : [ 0x0, ['pointer', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_22b2' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_22b4' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_22b2']],
+    'Private' : [ 0x0, ['__unnamed_22b4']],
+} ],
+  '_CM_TRANS_PTR' : [ 0x4, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'TransPtr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x10, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x8, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0xc, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0x70, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x4, ['pointer', ['void']]],
+    'FastIoRead' : [ 0x8, ['pointer', ['void']]],
+    'FastIoWrite' : [ 0xc, ['pointer', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x10, ['pointer', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x14, ['pointer', ['void']]],
+    'FastIoLock' : [ 0x18, ['pointer', ['void']]],
+    'FastIoUnlockSingle' : [ 0x1c, ['pointer', ['void']]],
+    'FastIoUnlockAll' : [ 0x20, ['pointer', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x24, ['pointer', ['void']]],
+    'FastIoDeviceControl' : [ 0x28, ['pointer', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x2c, ['pointer', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x30, ['pointer', ['void']]],
+    'FastIoDetachDevice' : [ 0x34, ['pointer', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x38, ['pointer', ['void']]],
+    'AcquireForModWrite' : [ 0x3c, ['pointer', ['void']]],
+    'MdlRead' : [ 0x40, ['pointer', ['void']]],
+    'MdlReadComplete' : [ 0x44, ['pointer', ['void']]],
+    'PrepareMdlWrite' : [ 0x48, ['pointer', ['void']]],
+    'MdlWriteComplete' : [ 0x4c, ['pointer', ['void']]],
+    'FastIoReadCompressed' : [ 0x50, ['pointer', ['void']]],
+    'FastIoWriteCompressed' : [ 0x54, ['pointer', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0x58, ['pointer', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0x5c, ['pointer', ['void']]],
+    'FastIoQueryOpen' : [ 0x60, ['pointer', ['void']]],
+    'ReleaseForModWrite' : [ 0x64, ['pointer', ['void']]],
+    'AcquireForCcFlush' : [ 0x68, ['pointer', ['void']]],
+    'ReleaseForCcFlush' : [ 0x6c, ['pointer', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x1c, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x8, ['unsigned long']],
+    'VolumeKey' : [ 0xc, ['unsigned long']],
+    'Rundown' : [ 0x10, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x14, ['pointer', ['void']]],
+    'VolumeIoAttribution' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x8, {
+    'Port' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x8, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'Flags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0x6, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x4, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x4, ['unsigned long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x44, ['unsigned long']],
+    'BigPagesAllocated' : [ 0x48, ['unsigned long']],
+    'BytesAllocated' : [ 0x4c, ['unsigned long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x84, ['unsigned long']],
+    'BigPagesDeallocated' : [ 0x88, ['unsigned long']],
+    'BytesDeallocated' : [ 0x8c, ['unsigned long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+    'PoolTypeCopy' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPoolBase', 1: 'PagedPool', 2: 'NonPagedPoolBaseMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolBaseCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolBaseCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 516: 'NonPagedPoolNxCacheAligned', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 512: 'NonPagedPoolNx', 544: 'NonPagedPoolSessionNx', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'ThreadsProcessingDeferrals' : [ 0x104, ['long']],
+    'PendingFreeDepth' : [ 0x108, ['long']],
+    'ListHeads' : [ 0x140, ['array', 512, ['_LIST_ENTRY']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER' : [ 0xe0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'ImageBase' : [ 0x1c, ['unsigned long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long']],
+    'SizeOfStackCommit' : [ 0x4c, ['unsigned long']],
+    'SizeOfHeapReserve' : [ 0x50, ['unsigned long']],
+    'SizeOfHeapCommit' : [ 0x54, ['unsigned long']],
+    'LoaderFlags' : [ 0x58, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x5c, ['unsigned long']],
+    'DataDirectory' : [ 0x60, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x4, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x8, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x14, ['unsigned long']],
+    'PagingCount' : [ 0x18, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x1c, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_232b' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_232d' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x10, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0xc, ['__unnamed_232b']],
+    'Button' : [ 0xc, ['__unnamed_232d']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0xc, ['pointer', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x14, ['unsigned long']],
+    'Buckets' : [ 0x18, ['array', 1, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x58, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x10, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x28, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x38, ['long long']],
+    'Callback' : [ 0x40, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x44, ['pointer', ['void']]],
+    'DisableCallback' : [ 0x48, ['pointer', ['void']]],
+    'DisableContext' : [ 0x4c, ['pointer', ['void']]],
+    'AbsoluteSystemTime' : [ 0x50, ['unsigned char']],
+    'TypeFlags' : [ 0x51, ['unsigned char']],
+    'Unused' : [ 0x51, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x51, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x51, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x51, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x51, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x52, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x103c, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'DetachTimeStamp' : [ 0x14, ['unsigned long']],
+    'CodePageEdited' : [ 0x18, ['unsigned char']],
+    'DynamicPoolBitBuffer' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'VaReferenceCount' : [ 0x20, ['array', 1024, ['long']]],
+    'DynamicPtesBitBuffer' : [ 0x1020, ['pointer', ['unsigned long']]],
+    'IdLock' : [ 0x1024, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x1028, ['pointer', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x102c, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x1030, ['pointer', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x1034, ['pointer', ['void']]],
+    'SessionCore' : [ 0x1038, ['pointer', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer', ['void']]],
+    'CallbackContext' : [ 0xc, ['pointer', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'AccessMask' : [ 0x18, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x140, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x4, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'UnusedSubsectionPagedPool' : [ 0xc, ['unsigned long']],
+    'UnusedSegmentForceFree' : [ 0x10, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x14, ['unsigned long']],
+    'HighSectionBase' : [ 0x18, ['pointer', ['void']]],
+    'PhysicalSubsection' : [ 0x1c, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0x60, ['_CONTROL_AREA']],
+    'DanglingExtentsPages' : [ 0xb0, ['pointer', ['_MMPFN']]],
+    'DanglingExtentsLock' : [ 0xb4, ['long']],
+    'DanglingExtentsWorkItem' : [ 0xb8, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsWorkerActive' : [ 0xc8, ['unsigned char']],
+    'PageFileSectionHead' : [ 0xcc, ['_RTL_AVL_TREE']],
+    'PageFileSectionListSpinLock' : [ 0xd0, ['long']],
+    'ImageBias' : [ 0xd4, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0xd8, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0xdc, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0xe4, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0xe8, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0xec, ['unsigned long']],
+    'LostDataFiles' : [ 0xf0, ['unsigned long']],
+    'LostDataPages' : [ 0xf4, ['unsigned long']],
+    'ImageFailureReason' : [ 0xf8, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0xfc, ['pointer', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x100, ['pointer', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x104, ['unsigned long']],
+    'ImageChecksumBreakpoint' : [ 0x108, ['unsigned long']],
+    'ImageSizeBreakpoint' : [ 0x10c, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x110, ['long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x1c, {
+    'HashLink' : [ 0x0, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x4, ['unsigned short']],
+    'Atom' : [ 0x6, ['unsigned short']],
+    'Reference' : [ 0x8, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x18, ['unsigned char']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'WaitResponse' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x18, {
+    'DebugInfo' : [ 0x0, ['pointer', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x4, ['long']],
+    'RecursionCount' : [ 0x8, ['long']],
+    'OwningThread' : [ 0xc, ['pointer', ['void']]],
+    'LockSemaphore' : [ 0x10, ['pointer', ['void']]],
+    'SpinCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x38, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x8, ['unsigned char']],
+    'ArbiterInterface' : [ 0xc, ['pointer', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x10, ['pointer', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x1c, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x24, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x2c, ['_LIST_ENTRY']],
+    'State' : [ 0x34, ['unsigned char']],
+    'ResourcesChanged' : [ 0x35, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x28, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x4, ['pointer', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x8, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0xc, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x10, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkFilter' : [ 0x14, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'EventIdFilter' : [ 0x18, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x1c, ['pointer', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x20, ['pointer', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x24, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0x94, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long']],
+    'NonPagedBytes' : [ 0x54, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x5c, ['unsigned long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x60, ['unsigned long']],
+    'SessionTrims' : [ 0x64, ['unsigned long']],
+    'OptionChanges' : [ 0x68, ['unsigned long']],
+    'VerifyMode' : [ 0x6c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x70, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x78, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x7c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x80, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x84, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x88, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0x8c, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x90, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x460, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['pointer', ['void']]],
+    'ImageBaseAddress' : [ 0x8, ['pointer', ['void']]],
+    'Ldr' : [ 0xc, ['pointer', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x10, ['pointer', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x14, ['pointer', ['void']]],
+    'ProcessHeap' : [ 0x18, ['pointer', ['void']]],
+    'FastPebLock' : [ 0x1c, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x20, ['pointer', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x24, ['pointer', ['void']]],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['pointer', ['void']]],
+    'UserSharedInfoPtr' : [ 0x2c, ['pointer', ['void']]],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['pointer', ['_SLIST_HEADER']]],
+    'ApiSetMap' : [ 0x38, ['pointer', ['void']]],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['pointer', ['void']]],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['pointer', ['void']]],
+    'SharedData' : [ 0x50, ['pointer', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x54, ['pointer', ['pointer', ['void']]]],
+    'AnsiCodePageData' : [ 0x58, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x5c, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x60, ['pointer', ['void']]],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['pointer', ['pointer', ['void']]]],
+    'GdiSharedHandleTable' : [ 0x94, ['pointer', ['void']]],
+    'ProcessStarterHelper' : [ 0x98, ['pointer', ['void']]],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['pointer', ['void']]],
+    'TlsExpansionBitmap' : [ 0x150, ['pointer', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['pointer', ['void']]],
+    'AppCompatInfo' : [ 0x1ec, ['pointer', ['void']]],
+    'CSDVersion' : [ 0x1f0, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x1f8, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x200, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x204, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['pointer', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x210, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x218, ['pointer', ['void']]],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['pointer', ['void']]],
+    'WerShipAssertPtr' : [ 0x234, ['pointer', ['void']]],
+    'pUnused' : [ 0x238, ['pointer', ['void']]],
+    'pImageHeaderHash' : [ 0x23c, ['pointer', ['void']]],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['pointer', ['void']]]],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x8, ['unsigned long']],
+    'Unloads' : [ 0xc, ['unsigned long']],
+    'BaseName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x10, {
+    'IssueType' : [ 0x0, ['unsigned long']],
+    'Address' : [ 0x4, ['pointer', ['void']]],
+    'Parameters' : [ 0x8, ['array', 2, ['unsigned long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x14, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Busy' : [ 0x10, ['unsigned char']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x24, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x28, ['unsigned long']],
+    'Alternatives' : [ 0x2c, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x30, ['unsigned short']],
+    'RangeAttributes' : [ 0x32, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x33, ['unsigned char']],
+    'WorkSpace' : [ 0x34, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x8, {
+    'BasePage' : [ 0x0, ['unsigned long']],
+    'PageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_23ad' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_23b2' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_23b4' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_23ad']],
+    'Bits' : [ 0x0, ['__unnamed_23b2']],
+} ],
+  '_KGDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_23b4']],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x20, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP']],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Vad' : [ 0x10, ['pointer', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x14, ['unsigned long']],
+    'FullSetBits' : [ 0x18, ['unsigned long']],
+    'SubListIndex' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_23bc' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_23bf' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0xf8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'CollidedEvent' : [ 0x20, ['_KEVENT']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ApcState' : [ 0x40, ['_KAPC_STATE']],
+    'Thread' : [ 0x58, ['pointer', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0x5c, ['pointer', ['_MMPFN']]],
+    'PteContents' : [ 0x60, ['_MMPTE']],
+    'WaitCount' : [ 0x68, ['long']],
+    'ByteCount' : [ 0x6c, ['unsigned long']],
+    'u3' : [ 0x70, ['__unnamed_23bc']],
+    'u1' : [ 0x74, ['__unnamed_23bf']],
+    'FilePointer' : [ 0x78, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x7c, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x7c, ['pointer', ['_SUBSECTION']]],
+    'Autoboost' : [ 0x80, ['pointer', ['void']]],
+    'FaultingAddress' : [ 0x84, ['pointer', ['void']]],
+    'PointerPte' : [ 0x88, ['pointer', ['_MMPTE']]],
+    'BasePte' : [ 0x8c, ['pointer', ['_MMPTE']]],
+    'Pfn' : [ 0x90, ['pointer', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x98, ['_MDL']],
+    'Page' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'FlowThrough' : [ 0xb4, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x10, {
+    'BaseKcb' : [ 0x0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x4, ['long']],
+    'ClonedKcbListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1', 19: 'NotifyTransportRelationsChange', 20: 'NotifyEjectionRelationsChange', 21: 'ConfigureDevice', 22: 'ConfigureDeviceClass', 23: 'ConfigureDeviceExtensions', 24: 'ConfigureDeviceReset'})]],
+    'ReorderingBarrier' : [ 0x10, ['unsigned char']],
+    'RequestArgument' : [ 0x14, ['unsigned long']],
+    'CompletionEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x1c, ['pointer', ['long']]],
+    'ActivityId' : [ 0x20, ['_GUID']],
+    'RefCount' : [ 0x30, ['long']],
+    'Dequeued' : [ 0x34, ['unsigned char']],
+    'CancelLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x3c, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0xc0, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x28, ['unsigned char']],
+    'Platform' : [ 0x29, ['unsigned char']],
+    'DependencyListCount' : [ 0x2c, ['unsigned long']],
+    'Processors' : [ 0x30, ['_KAFFINITY_EX']],
+    'Name' : [ 0x3c, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0x44, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x48, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x50, ['unsigned long long']],
+    'RefCount' : [ 0x80, ['long']],
+    'CacheAlign0' : [ 0x80, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer', ['void']]],
+    'InLoadOrderModuleList' : [ 0xc, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x14, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x24, ['pointer', ['void']]],
+    'ShutdownInProgress' : [ 0x28, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'LowboxNumber' : [ 0x14, ['unsigned long']],
+    'AtomTable' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x4, ['pointer', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_MI_PARTITION' : [ 0x1a00, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0xf8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x2c8, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x340, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x440, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0xc00, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0xc80, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0xcc0, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0xd98, ['pointer', ['void']]],
+    'WorkingSetExpansionHead' : [ 0xd9c, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0xdc0, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_MMPTE_HIGHLOW' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0xb0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0xc, ['pointer', ['void']]],
+    'MessageServiceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'MessageIndex' : [ 0x14, ['unsigned long']],
+    'ServiceContext' : [ 0x18, ['pointer', ['void']]],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'TickCount' : [ 0x20, ['unsigned long']],
+    'ActualLock' : [ 0x24, ['pointer', ['unsigned long']]],
+    'DispatchAddress' : [ 0x28, ['pointer', ['void']]],
+    'Vector' : [ 0x2c, ['unsigned long']],
+    'Irql' : [ 0x30, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x31, ['unsigned char']],
+    'FloatingSave' : [ 0x32, ['unsigned char']],
+    'Connected' : [ 0x33, ['unsigned char']],
+    'Number' : [ 0x34, ['unsigned long']],
+    'ShareVector' : [ 0x38, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x39, ['unsigned char']],
+    'ActiveCount' : [ 0x3a, ['unsigned short']],
+    'InternalState' : [ 0x3c, ['long']],
+    'Mode' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x48, ['unsigned long']],
+    'DispatchCount' : [ 0x4c, ['unsigned long']],
+    'PassiveEvent' : [ 0x50, ['pointer', ['_KEVENT']]],
+    'DisconnectData' : [ 0x54, ['pointer', ['void']]],
+    'ServiceThread' : [ 0x58, ['pointer', ['_KTHREAD']]],
+    'ConnectionData' : [ 0x5c, ['pointer', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0x60, ['pointer', ['void']]],
+    'IsrDpcStats' : [ 0x68, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xa8, ['pointer', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x34, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x10, ['pointer', ['void']]],
+    'IoObject' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x1c, ['pointer', ['_ETHREAD']]],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ActivityId' : [ 0x24, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x18, {
+    'NextPteToTrim' : [ 0x0, ['pointer', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0xc, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x10, ['unsigned long']],
+    'LockedEntries' : [ 0x14, ['unsigned long']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x44, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer', ['unsigned char']]],
+    'DataPortMapped' : [ 0xc, ['unsigned char']],
+    'AddressPort' : [ 0x10, ['pointer', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x14, ['unsigned char']],
+    'CommandPort' : [ 0x18, ['pointer', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x1c, ['unsigned char']],
+    'NextSlotNumber' : [ 0x20, ['unsigned long']],
+    'DeviceList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x2c, ['pointer', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x30, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x38, ['unsigned long']],
+    'SystemPowerState' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_CMHIVE' : [ 0xf20, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x6f0, ['array', 6, ['pointer', ['void']]]],
+    'NotifyList' : [ 0x708, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x710, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x718, ['_LIST_ENTRY']],
+    'FailedUnloadList' : [ 0x720, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x728, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0x72c, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0x734, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x738, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x73c, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x740, ['unsigned long']],
+    'Identity' : [ 0x744, ['unsigned long']],
+    'HiveLock' : [ 0x748, ['pointer', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0x74c, ['pointer', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0x750, ['pointer', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0x754, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x75c, ['unsigned long']],
+    'FlushLogEntry' : [ 0x760, ['pointer', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0x764, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x768, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x76c, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x770, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x778, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x77c, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x780, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x784, ['pointer', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x788, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0x78c, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0x790, ['unsigned long']],
+    'ActualFileSize' : [ 0x798, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x7a0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x7b0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x7b8, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x7c0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x7c8, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x7cc, ['unsigned long']],
+    'SecurityHitHint' : [ 0x7d0, ['long']],
+    'SecurityCache' : [ 0x7d4, ['pointer', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x7d8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0x9d8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x9dc, ['pointer', ['pointer', ['_KEVENT']]]],
+    'RootKcb' : [ 0x9e0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x9e4, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x9e8, ['pointer', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x9ec, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0xa00, ['unsigned char']],
+    'GrowOffset' : [ 0xa04, ['unsigned long']],
+    'KcbConvertListHead' : [ 0xa08, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0xa10, ['pointer', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0xa14, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0xc9c, ['unsigned long']],
+    'TrustClassEntry' : [ 0xca0, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0xca8, ['unsigned long long']],
+    'UnreconciledTime' : [ 0xcb0, ['unsigned long long']],
+    'CmRm' : [ 0xcb8, ['pointer', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0xcbc, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0xcc0, ['long']],
+    'CreatorOwner' : [ 0xcc4, ['pointer', ['_KTHREAD']]],
+    'RundownThread' : [ 0xcc8, ['pointer', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0xcd0, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0xcd8, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0xce4, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0xcf0, ['unsigned long']],
+    'FlushActive' : [ 0xcf0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0xcf0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0xcf0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0xcf0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0xcf4, ['unsigned long']],
+    'ReferenceCount' : [ 0xcf8, ['long']],
+    'UnloadHistoryIndex' : [ 0xcfc, ['long']],
+    'UnloadHistory' : [ 0xd00, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0xf00, ['unsigned long']],
+    'UnaccessedStart' : [ 0xf04, ['unsigned long']],
+    'UnaccessedEnd' : [ 0xf08, ['unsigned long']],
+    'LoadedKeyCount' : [ 0xf0c, ['unsigned long']],
+    'HandleClosePending' : [ 0xf10, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0xf14, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0xf18, ['unsigned char']],
+    'FailedUnload' : [ 0xf19, ['unsigned char']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KAPC_STATE' : [ 0x18, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x10, ['pointer', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x14, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x15, ['unsigned char']],
+    'UserApcPending' : [ 0x16, ['unsigned char']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x10, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x8, ['unsigned long']],
+    'Inserted' : [ 0xc, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0x7c0, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x1c0, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x200, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x340, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x480, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x4c0, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x4d4, ['array', 2, ['pointer', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x4dc, ['array', 8, ['pointer', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x4fc, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x540, ['unsigned long']],
+    'TransitionSharedPagesPeak' : [ 0x544, ['array', 3, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x550, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x650, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x660, ['unsigned long']],
+    'StandbyListDiscard' : [ 0x664, ['unsigned char']],
+    'FreeListDiscard' : [ 0x665, ['unsigned char']],
+    'LargePfnBitMapsReady' : [ 0x666, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0x668, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x670, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0x6c0, ['unsigned long']],
+    'AvailablePageWaitStates' : [ 0x6c4, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0x700, ['pointer', ['void']]],
+    'TransitionPrivatePages' : [ 0x740, ['unsigned long']],
+    'LargePfnBitMap' : [ 0x744, ['array', 1, ['_RTL_BITMAP']]],
+    'LowMemoryThreshold' : [ 0x74c, ['unsigned long']],
+    'HighMemoryThreshold' : [ 0x750, ['unsigned long']],
+    'LargePfnBitMapLock' : [ 0x780, ['unsigned long']],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '__unnamed_246d' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_246f' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2471' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_246d']],
+    'Interrupt' : [ 0x0, ['__unnamed_246f']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_246f']],
+    'Sci' : [ 0x0, ['__unnamed_246f']],
+    'Nmi' : [ 0x0, ['__unnamed_246f']],
+    'Sea' : [ 0x0, ['__unnamed_246f']],
+    'Sei' : [ 0x0, ['__unnamed_246f']],
+    'Gsiv' : [ 0x0, ['__unnamed_246f']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_2471']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x4, {
+    'LogHandleContext' : [ 0x0, ['pointer', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x19c, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x110, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x190, ['unsigned long']],
+    'ThreadListHead' : [ 0x194, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x2c, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'RealRefCount' : [ 0x14, ['unsigned long']],
+    'Descriptor' : [ 0x18, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_KSCB' : [ 0x100, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x50, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x5d, ['unsigned char']],
+    'ReadySummary' : [ 0x5e, ['unsigned short']],
+    'Rank' : [ 0x60, ['unsigned long']],
+    'ShareRank' : [ 0x64, ['pointer', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x68, ['unsigned long']],
+    'ReadyListHead' : [ 0x6c, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0xec, ['_RTL_RB_TREE']],
+    'Parent' : [ 0xf4, ['pointer', ['_KSCB']]],
+    'Root' : [ 0xf8, ['pointer', ['_KSCB']]],
+} ],
+  '__unnamed_248e' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0x5c, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x8, ['pointer', ['void']]],
+    'ExceptionTableSize' : [ 0xc, ['unsigned long']],
+    'GpValue' : [ 0x10, ['pointer', ['void']]],
+    'NonPagedDebugInfo' : [ 0x14, ['pointer', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'LoadCount' : [ 0x38, ['unsigned short']],
+    'u1' : [ 0x3a, ['__unnamed_248e']],
+    'SectionPointer' : [ 0x3c, ['pointer', ['void']]],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x44, ['unsigned long']],
+    'CoverageSection' : [ 0x48, ['pointer', ['void']]],
+    'LoadedImports' : [ 0x4c, ['pointer', ['void']]],
+    'Spare' : [ 0x50, ['pointer', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x54, ['unsigned long']],
+    'TimeDateStamp' : [ 0x58, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_KTSS' : [ 0x20ac, {
+    'Backlink' : [ 0x0, ['unsigned short']],
+    'Reserved0' : [ 0x2, ['unsigned short']],
+    'Esp0' : [ 0x4, ['unsigned long']],
+    'Ss0' : [ 0x8, ['unsigned short']],
+    'Reserved1' : [ 0xa, ['unsigned short']],
+    'NotUsed1' : [ 0xc, ['array', 4, ['unsigned long']]],
+    'CR3' : [ 0x1c, ['unsigned long']],
+    'Eip' : [ 0x20, ['unsigned long']],
+    'EFlags' : [ 0x24, ['unsigned long']],
+    'Eax' : [ 0x28, ['unsigned long']],
+    'Ecx' : [ 0x2c, ['unsigned long']],
+    'Edx' : [ 0x30, ['unsigned long']],
+    'Ebx' : [ 0x34, ['unsigned long']],
+    'Esp' : [ 0x38, ['unsigned long']],
+    'Ebp' : [ 0x3c, ['unsigned long']],
+    'Esi' : [ 0x40, ['unsigned long']],
+    'Edi' : [ 0x44, ['unsigned long']],
+    'Es' : [ 0x48, ['unsigned short']],
+    'Reserved2' : [ 0x4a, ['unsigned short']],
+    'Cs' : [ 0x4c, ['unsigned short']],
+    'Reserved3' : [ 0x4e, ['unsigned short']],
+    'Ss' : [ 0x50, ['unsigned short']],
+    'Reserved4' : [ 0x52, ['unsigned short']],
+    'Ds' : [ 0x54, ['unsigned short']],
+    'Reserved5' : [ 0x56, ['unsigned short']],
+    'Fs' : [ 0x58, ['unsigned short']],
+    'Reserved6' : [ 0x5a, ['unsigned short']],
+    'Gs' : [ 0x5c, ['unsigned short']],
+    'Reserved7' : [ 0x5e, ['unsigned short']],
+    'LDT' : [ 0x60, ['unsigned short']],
+    'Reserved8' : [ 0x62, ['unsigned short']],
+    'Flags' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+    'IoMaps' : [ 0x68, ['array', 1, ['_KiIoAccessMap']]],
+    'IntDirectionMap' : [ 0x208c, ['array', 32, ['unsigned char']]],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long']],
+    'TrimInProgressCount' : [ 0x4, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x8, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x18, ['array', 3, ['unsigned long']]],
+} ],
+  '_KMUTANT' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x18, ['pointer', ['_KTHREAD']]],
+    'Abandoned' : [ 0x1c, ['unsigned char']],
+    'ApcDisable' : [ 0x1d, ['unsigned char']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x4, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x168, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x4, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x18, ['_GUID']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NextSameTx' : [ 0x48, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x50, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x58, ['pointer', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0x5c, ['pointer', ['_KTRANSACTION']]],
+    'State' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0x64, ['unsigned long']],
+    'NotificationMask' : [ 0x68, ['unsigned long']],
+    'Key' : [ 0x6c, ['pointer', ['void']]],
+    'KeyRefCount' : [ 0x70, ['unsigned long']],
+    'RecoveryInformation' : [ 0x74, ['pointer', ['void']]],
+    'RecoveryInformationLength' : [ 0x78, ['unsigned long']],
+    'DynamicNameInformation' : [ 0x7c, ['pointer', ['void']]],
+    'DynamicNameInformationLength' : [ 0x80, ['unsigned long']],
+    'FinalNotification' : [ 0x84, ['pointer', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0x88, ['pointer', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0x8c, ['pointer', ['void']]],
+    'SubordinateTxHandle' : [ 0x90, ['pointer', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x94, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0xa4, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0xb4, ['_GUID']],
+    'NextHistory' : [ 0xc4, ['unsigned long']],
+    'History' : [ 0xc8, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x14, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x18, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long']],
+} ],
+  '_HMAP_TABLE' : [ 0x2800, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_24c4' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_24c6' : [ 0x10, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_24c4']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x20, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0xc, ['__unnamed_24c6']],
+    'VerifiedData' : [ 0x1c, ['pointer', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x10, {
+    'SecurityQos' : [ 0x0, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x4, ['pointer', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x8, ['unsigned long']],
+    'FullCreateOptions' : [ 0xc, ['unsigned long']],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x20, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x8, ['pointer', ['void']]],
+    'SessionViewVa' : [ 0x8, ['pointer', ['void']]],
+    'VadsProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'Type' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SystemCacheAttributes' : [ 0x10, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x10, ['unsigned long long']],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0xc, {
+    'ActiveThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'WaitList' : [ 0x4, ['pointer', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x140, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0xc0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0xc8, ['unsigned long']],
+    'PteTrackingBitmap' : [ 0xcc, ['_RTL_BITMAP']],
+    'CachedPteHeads' : [ 0xd4, ['pointer', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xd8, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x110, ['unsigned long']],
+    'KernelStackPages' : [ 0x114, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x115, ['unsigned char']],
+    'AdjustCounter' : [ 0x116, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x118, ['long']],
+    'ReservedMappingTree' : [ 0x11c, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x120, ['pointer', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x124, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x128, ['long']],
+} ],
+  '__unnamed_24da' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0xf8, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_24da']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'ReferenceCount' : [ 0x10, ['unsigned long']],
+    'ParentPartition' : [ 0x14, ['pointer', ['_MI_PARTITION']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeInformation' : [ 0x20, ['pointer', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x24, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x28, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x2c, ['unsigned long']],
+    'PfnUnmapWorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x40, ['unsigned long']],
+    'PfnUnmapWaitList' : [ 0x44, ['pointer', ['void']]],
+    'MemoryRuns' : [ 0x48, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x4c, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x5c, ['array', 5, ['pointer', ['void']]]],
+    'PartitionObject' : [ 0x70, ['pointer', ['void']]],
+    'PartitionObjectHandle' : [ 0x74, ['pointer', ['void']]],
+    'PartitionSystemThreadsLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0x7c, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0x80, ['long']],
+    'PfnUnmapActive' : [ 0x84, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0x88, ['_KEVENT']],
+    'RootDirectory' : [ 0x98, ['pointer', ['void']]],
+    'KernelObjectsDirectory' : [ 0x9c, ['pointer', ['void']]],
+    'MemoryEvents' : [ 0xa0, ['array', 11, ['pointer', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0xcc, ['array', 11, ['pointer', ['void']]]],
+} ],
+  '__unnamed_24e5' : [ 0x4, {
+    'InstancedWorkingSet' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0x68, {
+    'NextPageColor' : [ 0x0, ['unsigned short']],
+    'LastTrimStamp' : [ 0x2, ['unsigned short']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long']],
+    'VmWorkingSetList' : [ 0xc, ['pointer', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x18, ['array', 8, ['unsigned long']]],
+    'ExitOutswapGate' : [ 0x38, ['pointer', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x3c, ['unsigned long']],
+    'WorkingSetLeafSize' : [ 0x40, ['unsigned long']],
+    'WorkingSetLeafPrivateSize' : [ 0x44, ['unsigned long']],
+    'WorkingSetSize' : [ 0x48, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x4c, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x50, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x54, ['unsigned long']],
+    'HardFaultCount' : [ 0x58, ['unsigned long']],
+    'u1' : [ 0x5c, ['__unnamed_24e5']],
+    'Reserved0' : [ 0x60, ['unsigned long']],
+    'Flags' : [ 0x64, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x18, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x8, ['unsigned char']],
+    'BlockState' : [ 0x9, ['unsigned char']],
+    'WaitKey' : [ 0xa, ['unsigned short']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0xc, ['pointer', ['_KQUEUE']]],
+    'Object' : [ 0x10, ['pointer', ['void']]],
+    'SparePtr' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x10, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0xc, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x58, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'VolumeLabel' : [ 0x18, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'AcquiredRundown' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'WorkQueue' : [ 0x18, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x40, ['pointer', ['void']]],
+    'AcceptProcessorNotification' : [ 0x44, ['pointer', ['void']]],
+    'AcceptAcpiNotification' : [ 0x48, ['pointer', ['void']]],
+    'WorkOrderCount' : [ 0x4c, ['unsigned long']],
+    'WorkOrders' : [ 0x50, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NT_TIB' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x4, ['pointer', ['void']]],
+    'StackLimit' : [ 0x8, ['pointer', ['void']]],
+    'SubSystemTib' : [ 0xc, ['pointer', ['void']]],
+    'FiberData' : [ 0x10, ['pointer', ['void']]],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['pointer', ['void']]],
+    'Self' : [ 0x18, ['pointer', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x3c, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x8, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x10, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x14, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x18, ['pointer', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x18, ['array', 4, ['pointer', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x18, ['pointer', ['void']]],
+    'SessionId' : [ 0x1c, ['unsigned long']],
+    'Process' : [ 0x28, ['pointer', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['void']]],
+    'Callback' : [ 0x2c, ['pointer', ['void']]],
+    'Index' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x32, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x32, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x32, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x32, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x32, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'EnableMask' : [ 0x34, ['unsigned char']],
+    'GroupEnableMask' : [ 0x35, ['unsigned char']],
+    'UseDescriptorType' : [ 0x36, ['unsigned char']],
+    'Traits' : [ 0x38, ['pointer', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x1500, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long']],
+    'SystemVaBias' : [ 0x4, ['unsigned long']],
+    'SystemAvailableVaLow' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+    'SystemRangeStart' : [ 0x10, ['pointer', ['void']]],
+    'SystemCachePdeCount' : [ 0x14, ['array', 1024, ['unsigned char']]],
+    'SystemCacheReverseMaps' : [ 0x414, ['array', 1024, ['pointer', ['void']]]],
+    'DeleteKvaLock' : [ 0x1414, ['long']],
+    'WsleArrays' : [ 0x1418, ['array', 5, ['pointer', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x142c, ['pointer', ['_MI_HYPER_SPACE']]],
+    'HyperSpaceEnd' : [ 0x1430, ['pointer', ['void']]],
+    'FreeSystemCacheVa' : [ 0x1434, ['_KEVENT']],
+    'SystemVaLock' : [ 0x1444, ['unsigned long']],
+    'SystemCacheViewLock' : [ 0x1448, ['unsigned long']],
+    'SystemWorkingSetList' : [ 0x144c, ['array', 5, ['_MMWSL_INSTANCE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x24, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'ReleasedCommitDebt' : [ 0x4, ['unsigned long']],
+    'ResetPagesRepurposedCount' : [ 0x8, ['unsigned long']],
+    'WsSwapSupport' : [ 0xc, ['pointer', ['void']]],
+    'CommitReleaseContext' : [ 0x10, ['pointer', ['void']]],
+    'AccessLog' : [ 0x14, ['pointer', ['void']]],
+    'ChargedWslePages' : [ 0x18, ['unsigned long']],
+    'ActualWslePages' : [ 0x1c, ['unsigned long']],
+    'GoodCitizenWaiting' : [ 0x20, ['long']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x4, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x4, {
+    'ImpersonationData' : [ 0x0, ['unsigned long']],
+    'ImpersonationToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x4, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x8, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x10, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x8, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PAE_ENTRY' : [ 0x20, {
+    'PteEntry' : [ 0x0, ['array', 4, ['_MMPTE']]],
+    'PaeEntry' : [ 0x0, ['_PAE_PAGEINFO']],
+    'NextPae' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x10, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CloneCommitCount' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0x8, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_257a' : [ 0x4, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_SECTION' : [ 0x28, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u1' : [ 0x14, ['__unnamed_257a']],
+    'SizeOfSection' : [ 0x18, ['unsigned long long']],
+    'u' : [ 0x20, ['__unnamed_16aa']],
+    'InitialPageProtection' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x24, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x24, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer', ['void']]]],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x88, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x8, ['unsigned long']],
+    'ArgumentStatus' : [ 0xc, ['long']],
+    'CallerEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'Callback' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'VetoType' : [ 0x1c, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x20, ['pointer', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x24, ['unsigned long']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'Cancel' : [ 0x2c, ['unsigned char']],
+    'Parent' : [ 0x30, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x34, ['_GUID']],
+    'Data' : [ 0x44, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x8, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x4, ['array', 1, ['pointer', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0x48, {
+    'Timelines' : [ 0x0, ['array', 9, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x20, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x14, ['long']],
+    'Active' : [ 0x18, ['long']],
+    'FreeWhenDone' : [ 0x1c, ['unsigned char']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x90, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x8, ['unsigned long']],
+    'InDebugger' : [ 0xc, ['long']],
+    'Pfns' : [ 0x10, ['array', 32, ['pointer', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x8, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 31, native_type='unsigned long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x0, ['pointer', ['void']]],
+    'SessionState' : [ 0x4, ['pointer', ['void']]],
+    'SessionId' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x20, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer', ['void']]],
+    'Owner' : [ 0x14, ['pointer', ['void']]],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'Flags' : [ 0x19, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x10, {
+    'ClientToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x8, ['pointer', ['void']]],
+    'ProcessAuditId' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_ETIMER' : [ 0xb8, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'TimerApc' : [ 0x2c, ['_KAPC']],
+    'TimerDpc' : [ 0x5c, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0x7c, ['_LIST_ENTRY']],
+    'Period' : [ 0x84, ['unsigned long']],
+    'TimerFlags' : [ 0x88, ['unsigned char']],
+    'ApcAssociated' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0x88, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0x88, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0x89, ['unsigned char']],
+    'Spare2' : [ 0x8a, ['unsigned short']],
+    'WakeReason' : [ 0x8c, ['pointer', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x98, ['pointer', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x9c, ['_LIST_ENTRY']],
+    'DueTime' : [ 0xa8, ['unsigned long long']],
+    'CoalescingWindow' : [ 0xb0, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x48, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x34, ['array', 2, ['_RTL_BITMAP']]],
+    'CrashDumpPte' : [ 0x44, ['pointer', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'OldIrql' : [ 0x4, ['unsigned char']],
+    'NewIrql' : [ 0x5, ['unsigned char']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'TickCount' : [ 0x8, ['unsigned long']],
+    'StackTrace' : [ 0xc, ['array', 5, ['pointer', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0xc, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x8, {
+    'OwnerThread' : [ 0x0, ['unsigned long']],
+    'IoPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Entry' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x8, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x4, {
+    'ImageFileName' : [ 0x0, ['pointer', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x180, {
+    'IdleStates' : [ 0x0, ['pointer', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x4, ['pointer', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x20, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x28, ['unsigned char']],
+    'PepWokenTransition' : [ 0x29, ['unsigned char']],
+    'EfficiencyClass' : [ 0x2a, ['unsigned char']],
+    'SchedulingClass' : [ 0x2b, ['unsigned char']],
+    'TargetIdleState' : [ 0x2c, ['unsigned long']],
+    'IdlePolicy' : [ 0x30, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x38, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x40, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower', 3: 'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xcc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xd0, ['unsigned long']],
+    'WmiInterfaceEnabled' : [ 0xd4, ['long']],
+    'FFHThrottleStateInfo' : [ 0xd8, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0xf8, ['_KDPC']],
+    'PerfActionMask' : [ 0x118, ['long']],
+    'HvIdleCheck' : [ 0x120, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x130, ['pointer', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x134, ['pointer', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x138, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x13c, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x140, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x144, ['pointer', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x148, ['pointer', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x14c, ['unsigned char']],
+    'HvTargetState' : [ 0x14d, ['unsigned char']],
+    'Parked' : [ 0x14e, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x150, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x154, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x158, ['unsigned long']],
+    'RelativePerformance' : [ 0x15c, ['unsigned long']],
+    'Utility' : [ 0x160, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x164, ['unsigned long']],
+    'SnapTimeLast' : [ 0x168, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x168, ['unsigned long long']],
+    'ActiveTime' : [ 0x170, ['unsigned long long']],
+    'TotalTime' : [ 0x178, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x100, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x18, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x28, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x38, ['unsigned long']],
+    'DereferenceSegmentHeader' : [ 0x3c, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x58, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x60, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0x88, ['unsigned char']],
+    'UnusedSegmentList' : [ 0x8c, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0x94, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0x9c, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0xa4, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0xb4, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0xb8, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0xd0, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0xe0, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0xe8, ['_EX_PUSH_LOCK']],
+} ],
+  '_KiIoAccessMap' : [ 0x2024, {
+    'DirectionMap' : [ 0x0, ['array', 32, ['unsigned char']]],
+    'IoMap' : [ 0x20, ['array', 8196, ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x14, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x154, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'State' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x1c, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x3c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x50, ['_GUID']],
+    'NotificationQueue' : [ 0x60, ['_KQUEUE']],
+    'NotificationMutex' : [ 0x88, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0xa8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xb0, ['unsigned long']],
+    'NotificationRoutine' : [ 0xb4, ['pointer', ['void']]],
+    'Key' : [ 0xb8, ['pointer', ['void']]],
+    'ProtocolListHead' : [ 0xbc, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0xc4, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0xcc, ['_LIST_ENTRY']],
+    'Tm' : [ 0xd4, ['pointer', ['_KTM']]],
+    'Description' : [ 0xd8, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0xe0, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x140, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_POP_FX_DEVICE' : [ 0x198, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DevNode' : [ 0x1c, ['pointer', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x20, ['pointer', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x24, ['pointer', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x28, ['pointer', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x2c, ['pointer', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x30, ['pointer', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x38, ['pointer', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x3c, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0x5c, ['pointer', ['void']]],
+    'AcpiLink' : [ 0x60, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0x68, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0x70, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x88, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0xa0, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0xbc, ['unsigned long']],
+    'IdleTimer' : [ 0xc0, ['_KTIMER']],
+    'IdleDpc' : [ 0xe8, ['_KDPC']],
+    'IdleTimeout' : [ 0x108, ['unsigned long long']],
+    'IdleStamp' : [ 0x110, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x118, ['array', 2, ['pointer', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x120, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x128, ['array', 2, ['pointer', ['void']]]],
+    'NextIrpCallerContext' : [ 0x130, ['array', 2, ['pointer', ['void']]]],
+    'IrpCompleteEvent' : [ 0x138, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x148, ['pointer', ['void']]],
+    'Accounting' : [ 0x150, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x178, ['unsigned long']],
+    'ComponentCount' : [ 0x17c, ['unsigned long']],
+    'Components' : [ 0x180, ['pointer', ['pointer', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x184, ['unsigned long']],
+    'Log' : [ 0x188, ['pointer', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x18c, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x190, ['pointer', ['_DRIVER_OBJECT']]],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x40, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x8, ['short']],
+    'SpecialApcDisable' : [ 0xa, ['short']],
+    'CombinedApcDisable' : [ 0x8, ['unsigned long']],
+    'Irql' : [ 0xc, ['unsigned char']],
+    'StackTrace' : [ 0x10, ['array', 12, ['pointer', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x4, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Processors' : [ 0x4, ['unsigned long']],
+    'ActiveProcessors' : [ 0x8, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0xc, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SepCachedHandlesEntryLowbox', 1: 'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x4, ['pointer', ['void']]],
+    'IsolationPrefix' : [ 0x4, ['_UNICODE_STRING']],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x8, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x4, ['unsigned long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0x80, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x38, ['pointer', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x3c, ['pointer', ['void']]],
+    'Lock' : [ 0x40, ['long']],
+} ],
+  '_FLOATING_SAVE_AREA' : [ 0x70, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+    'Spare0' : [ 0x6c, ['unsigned long']],
+} ],
+  '__unnamed_2637' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2639' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2637']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x44, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x30, ['pointer', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x34, ['_LIST_ENTRY']],
+    'Specific' : [ 0x3c, ['__unnamed_2639']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0xc, {
+    'ChainLink' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'Context' : [ 0xc, ['pointer', ['void']]],
+    'CompletionState' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x14, ['unsigned long']],
+    'Status' : [ 0x18, ['long']],
+    'Information' : [ 0x1c, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x4, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer', ['_VI_POOL_ENTRY']]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x4, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0xa4, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x4, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x8, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x18, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'ServerSectionBase' : [ 0x24, ['pointer', ['void']]],
+    'PortContext' : [ 0x28, ['pointer', ['void']]],
+    'ClientThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x3c, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0x78, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0x80, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MappingProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0x8c, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0x8e, ['unsigned short']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'WaitEvent' : [ 0x94, ['_KEVENT']],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x10, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x4, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0xc, ['unsigned short']],
+    'Name' : [ 0xe, ['array', 1, ['wchar']]],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_RTL_SRWLOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x100, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 62, ['pointer', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x10, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x4, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x8, ['pointer', ['unsigned long']]],
+    'Conflicts' : [ 0xc, ['pointer', ['pointer', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x160, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb8, ['array', 21, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0xc40, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long']],
+    'HighestPhysicalPage' : [ 0x4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x8, ['unsigned long']],
+    'NumberOfPagingFiles' : [ 0xc, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x10, ['unsigned char']],
+    'PagingFile' : [ 0x14, ['array', 16, ['pointer', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0x80, ['unsigned long']],
+    'ResidentAvailablePages' : [ 0xc0, ['unsigned long']],
+    'PartitionWs' : [ 0x100, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x168, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x180, ['unsigned long']],
+    'ModifiedPageListHead' : [ 0x1c0, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x200, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x214, ['unsigned long']],
+    'TotalPagesForPagingFile' : [ 0x218, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x21c, ['unsigned long']],
+    'ProcessLockedFilePages' : [ 0x220, ['unsigned long']],
+    'SharedCommit' : [ 0x224, ['unsigned long']],
+    'ChargeCommitmentFailures' : [ 0x228, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x238, ['long']],
+    'PageFileTraces' : [ 0x240, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x8, {
+    'Process' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'HandleCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x10, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x50, {
+    'Context' : [ 0x0, ['pointer', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x44, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x4c, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x50, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'RebalanceReasonUnknown', 1: 'RebalanceReasonRequirementsChanged', 2: 'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'RebalanceFailureNone', 1: 'RebalanceFailureDisabled', 2: 'RebalanceFailureNoMemory', 3: 'RebalanceFailureQueryStopUnexpectedVeto', 4: 'RebalanceFailureNoRequirements', 5: 'RebalanceFailureNoCandidates', 6: 'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x1c, ['unsigned char']],
+    'TriggerRoot' : [ 0x20, ['pointer', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x24, ['unsigned char']],
+    'BeginTime' : [ 0x28, ['unsigned long long']],
+    'VetoNode' : [ 0x30, ['array', 2, ['pointer', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x38, ['array', -8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceQueryRebalanceSucceeded', 1: 'DeviceQueryStopFailed', 2: 'DeviceFailedGetNewResourceRequirement', 3: 'DeviceInUnexpectedState', 4: 'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x40, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x14, {
+    'BlockOffset' : [ 0x0, ['unsigned long']],
+    'PermanentBinAddress' : [ 0x4, ['unsigned long']],
+    'TemporaryBinAddress' : [ 0x8, ['unsigned long']],
+    'TemporaryBinRundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+    'MemAlloc' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_26a0' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x108, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x34, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x38, ['pointer', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x40, ['unsigned long long']],
+    'SleepTime' : [ 0x48, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x50, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x60, ['array', 3, ['__unnamed_26a0']]],
+    'WakeAlarmPaused' : [ 0xa8, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb0, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xb8, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'Stamp' : [ 0x10, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_WNF_LOCK' : [ 0x4, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x3c, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x10, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x14, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x28, ['long']],
+    'Gate' : [ 0x2c, ['_KGATE']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x10, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'StackLimit' : [ 0x4, ['unsigned long']],
+    'KernelStack' : [ 0x8, ['unsigned long']],
+    'InitialStack' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x20, {
+    'ComponentActive' : [ 0x0, ['pointer', ['void']]],
+    'ComponentIdle' : [ 0x4, ['pointer', ['void']]],
+    'ComponentIdleState' : [ 0x8, ['pointer', ['void']]],
+    'DevicePowerRequired' : [ 0xc, ['pointer', ['void']]],
+    'DevicePowerNotRequired' : [ 0x10, ['pointer', ['void']]],
+    'PowerControl' : [ 0x14, ['pointer', ['void']]],
+    'ComponentCriticalTransition' : [ 0x18, ['pointer', ['void']]],
+    'DripsWatchdogCallback' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x8, ['pointer', ['void']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'SharedWaiters' : [ 0x10, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x14, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'UnlockInProgress' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 48, native_type='unsigned long long')]],
+} ],
+  '_WAITING_IRP' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'CompletionRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'Information' : [ 0x18, ['unsigned long']],
+    'BreakAllRH' : [ 0x1c, ['unsigned char']],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x88, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x20, ['unsigned long long']],
+    'UnscaledTime' : [ 0x28, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x30, ['long long']],
+    'ScaledTime' : [ 0x38, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x48, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x50, ['unsigned long long']],
+    'UserTimeLast' : [ 0x58, ['unsigned long']],
+    'KernelTimeLast' : [ 0x5c, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x60, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x68, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x80, ['unsigned char']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x320, {
+    'ContextFrame' : [ 0x0, ['_CONTEXT']],
+    'SpecialRegisters' : [ 0x2cc, ['_KSPECIAL_REGISTERS']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x28, {
+    'InstantaneousRead' : [ 0x0, ['pointer', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'Scaling' : [ 0x22, ['unsigned char']],
+    'Context' : [ 0x24, ['unsigned long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'Hint' : [ 0x10, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x58, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x8, ['pointer', ['void']]],
+    'ProcessObject' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x10, ['pointer', ['void']]],
+    'RealtimeConnectContext' : [ 0x14, ['pointer', ['void']]],
+    'DisconnectEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x1c, ['pointer', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x20, ['pointer', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x24, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x28, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x2c, ['unsigned long']],
+    'LoggerId' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned char']],
+    'ShutDownRequested' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x34, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x40, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x44, ['unsigned long']],
+    'UserPagesReused' : [ 0x48, ['unsigned long']],
+    'EventsLostCount' : [ 0x4c, ['pointer', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x50, ['pointer', ['unsigned long']]],
+    'SiloState' : [ 0x54, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_PAE_PAGEINFO' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'PageFrameNumber' : [ 0x8, ['unsigned long']],
+    'EntriesInUse' : [ 0xc, ['unsigned long']],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x140, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x28, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x30, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x38, ['unsigned long']],
+    'ClonedPageCount' : [ 0x40, ['unsigned long long']],
+    'CurrentMap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x4c, ['pointer', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x50, ['unsigned long']],
+    'LoaderMdl' : [ 0x54, ['pointer', ['_MDL']]],
+    'AllocatedMdl' : [ 0x58, ['pointer', ['_MDL']]],
+    'PagesOut' : [ 0x60, ['unsigned long long']],
+    'IoPages' : [ 0x68, ['pointer', ['void']]],
+    'IoPagesCount' : [ 0x6c, ['unsigned long']],
+    'CurrentMcb' : [ 0x70, ['pointer', ['void']]],
+    'DumpStack' : [ 0x74, ['pointer', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x78, ['pointer', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0x7c, ['unsigned long']],
+    'Status' : [ 0x80, ['long']],
+    'GraphicsProc' : [ 0x84, ['unsigned long']],
+    'MemoryImage' : [ 0x88, ['pointer', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0x8c, ['pointer', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0x90, ['pointer', ['_MDL']]],
+    'SiLogOffset' : [ 0x94, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0x98, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0x9c, ['pointer', ['void']]],
+    'ResumeContext' : [ 0xa0, ['pointer', ['void']]],
+    'ResumeContextPages' : [ 0xa4, ['unsigned long']],
+    'ProcessorCount' : [ 0xa8, ['unsigned long']],
+    'ProcessorContext' : [ 0xac, ['pointer', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0xb0, ['pointer', ['unsigned char']]],
+    'ProdConsSize' : [ 0xb4, ['unsigned long']],
+    'MaxDataPages' : [ 0xb8, ['unsigned long']],
+    'ExtraBuffer' : [ 0xbc, ['pointer', ['void']]],
+    'ExtraBufferSize' : [ 0xc0, ['unsigned long']],
+    'ExtraMapVa' : [ 0xc4, ['pointer', ['void']]],
+    'BitlockerKeyPFN' : [ 0xc8, ['unsigned long']],
+    'IoInfo' : [ 0xd0, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x130, ['pointer', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x134, ['unsigned long']],
+    'HardwareConfigurationSignature' : [ 0x138, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x4, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '__unnamed_2719' : [ 0x4, {
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_2719']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2720' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0x6c, {
+    'Parent' : [ 0x0, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x4, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0xc, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'Root' : [ 0x1c, ['pointer', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x20, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x24, ['__unnamed_2720']],
+    'ChildrenCount' : [ 0x28, ['long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'ParentStackTrace' : [ 0x4c, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x8, {
+    'p' : [ 0x0, ['pointer', ['void']]],
+    'RangeSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long']],
+    'TotalCommitLimitMaximum' : [ 0x4, ['unsigned long']],
+    'Popups' : [ 0x8, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x10, ['unsigned long']],
+    'HighCommitThreshold' : [ 0x14, ['unsigned long']],
+    'EventLock' : [ 0x18, ['unsigned long']],
+    'SystemCommitReserve' : [ 0x1c, ['unsigned long']],
+    'OverCommit' : [ 0x40, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x2c, {
+    'Sibling' : [ 0x0, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'CallerType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x8, ['unsigned long']],
+    'DevicePathOffset' : [ 0xc, ['unsigned long']],
+    'ReasonOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x38, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x2c, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x24, {
+    'InitiatingThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ThreadId' : [ 0x8, ['pointer', ['void']]],
+    'ProcessId' : [ 0xc, ['pointer', ['void']]],
+    'Code' : [ 0x10, ['unsigned long']],
+    'Parameter1' : [ 0x14, ['unsigned long']],
+    'Parameter2' : [ 0x18, ['unsigned long']],
+    'Parameter3' : [ 0x1c, ['unsigned long']],
+    'Parameter4' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x2c, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ProbeMode' : [ 0x8, ['unsigned char']],
+    'PagedPoolCharge' : [ 0xc, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x10, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x14, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x18, ['pointer', ['void']]],
+    'SecurityQos' : [ 0x1c, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x20, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x40f0, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x14, ['unsigned long']],
+    'ResourceAddressRange' : [ 0x18, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x2010, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x2014, ['unsigned long']],
+    'ThreadAddressRange' : [ 0x2018, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x4010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x4014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x4018, ['unsigned long']],
+    'NodesSearched' : [ 0x401c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x4020, ['unsigned long']],
+    'SequenceNumber' : [ 0x4024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x4028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x402c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x4030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x4034, ['unsigned long']],
+    'StackLimitHits' : [ 0x4038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x403c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x4040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x4044, ['unsigned long']],
+    'TotalReleases' : [ 0x4048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x404c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x4050, ['unsigned long']],
+    'Instigator' : [ 0x4054, ['pointer', ['void']]],
+    'NumberOfParticipants' : [ 0x4058, ['unsigned long']],
+    'Participant' : [ 0x405c, ['array', 32, ['pointer', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x40dc, ['long']],
+    'StackType' : [ 0x40e0, ['Enumeration', dict(target = 'long', choices = {0: 'BugcheckStackLimits', 1: 'DPCStackLimits', 2: 'ExpandedStackLimits', 3: 'NormalStackLimits', 4: 'Win32kStackLimits', 5: 'SwapBusyStackLimits', 6: 'IsrStackLimits', 7: 'DebuggerStackLimits', 8: 'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x40e4, ['unsigned long']],
+    'StackHighLimit' : [ 0x40e8, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x10, ['pointer', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x14, ['pointer', ['void']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x338, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long']],
+    'PageSize' : [ 0x14, ['unsigned long']],
+    'SystemTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x20, ['unsigned long long']],
+    'FeatureFlags' : [ 0x28, ['unsigned long long']],
+    'HiberFlags' : [ 0x30, ['unsigned char']],
+    'spare' : [ 0x31, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x34, ['unsigned long']],
+    'HiberVa' : [ 0x38, ['unsigned long']],
+    'NoFreePages' : [ 0x3c, ['unsigned long']],
+    'FreeMapCheck' : [ 0x40, ['unsigned long']],
+    'WakeCheck' : [ 0x44, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x48, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x50, ['unsigned long']],
+    'FirstKernelRestorePage' : [ 0x54, ['unsigned long']],
+    'FirstChecksumRestorePage' : [ 0x58, ['unsigned long']],
+    'NoChecksumEntries' : [ 0x60, ['unsigned long long']],
+    'PerfInfo' : [ 0x68, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x260, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x264, ['array', 1, ['unsigned long']]],
+    'SiLogOffset' : [ 0x268, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x26c, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x270, ['array', 24, ['unsigned long']]],
+    'NotUsed' : [ 0x2d0, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x2d4, ['unsigned long']],
+    'ResumeContextPages' : [ 0x2d8, ['unsigned long']],
+    'Hiberboot' : [ 0x2dc, ['unsigned char']],
+    'HvCr3' : [ 0x2e0, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x2e8, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x2f0, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x2f8, ['unsigned long long']],
+    'BootFlags' : [ 0x300, ['unsigned long long']],
+    'HalEntryPointPhysical' : [ 0x308, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x310, ['unsigned long']],
+    'BitlockerKeyPfns' : [ 0x314, ['array', 4, ['unsigned long']]],
+    'HardwareSignature' : [ 0x324, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x328, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x330, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x334, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x335, ['unsigned char']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject', 8: 'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x10, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x20, ['pointer', ['_KDPC']]],
+    'Period' : [ 0x24, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x4, {
+    'PageHashes' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x8, ['unsigned long']],
+    'Alternatives' : [ 0xc, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'WorkSpace' : [ 0x1c, ['long']],
+    'InterfaceType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x24, ['unsigned long']],
+    'BusNumber' : [ 0x28, ['unsigned long']],
+    'Assignment' : [ 0x2c, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x30, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x38, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x4, ['long']],
+    'PrefetchSeekThreshold' : [ 0x8, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x24, ['unsigned long']],
+    'DelayPageFaults' : [ 0x28, ['long']],
+    'FileCompressionBoundary' : [ 0x2c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x38, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long']],
+    'PfnDecayFreeSList' : [ 0x8, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x10, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x14, ['_KDPC']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x4, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x128, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x104, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x124, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x8, ['pointer', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x1c, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'InitialInPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x8, ['pointer', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0xc, ['unsigned long']],
+    'Node' : [ 0x10, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x18, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0x50, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Type' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_PTE_TRACKER' : [ 0x44, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'Count' : [ 0xc, ['unsigned long']],
+    'SystemVa' : [ 0x10, ['pointer', ['void']]],
+    'StartVa' : [ 0x14, ['pointer', ['void']]],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'IoMapping' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x24, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x24, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x24, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x24, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x28, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x18, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Next' : [ 0x14, ['pointer', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0xc, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0xa8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'MinimumSize' : [ 0x8, ['unsigned long']],
+    'FreeSpace' : [ 0xc, ['unsigned long']],
+    'PeakUsage' : [ 0x10, ['unsigned long']],
+    'HighestPage' : [ 0x14, ['unsigned long']],
+    'FreeReservationSpace' : [ 0x18, ['unsigned long']],
+    'File' : [ 0x1c, ['pointer', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x20, ['array', 2, ['pointer', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x28, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x30, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x38, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x3c, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x40, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x44, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x48, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x4c, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x50, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x54, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0x5c, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0x64, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0x6c, ['pointer', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0x70, ['unsigned long']],
+    'HybridPriority' : [ 0x70, ['unsigned long']],
+    'PageFileNumber' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'Spare0' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x76, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x76, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0x77, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0x77, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0x78, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0x7c, ['unsigned long']],
+    'PageHash' : [ 0x80, ['pointer', ['unsigned long']]],
+    'FileHandle' : [ 0x84, ['pointer', ['void']]],
+    'Lock' : [ 0x88, ['unsigned long']],
+    'LockOwner' : [ 0x8c, ['pointer', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0x90, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x94, ['pointer', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x98, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x88, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x8, ['array', 32, ['unsigned long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HVIEW_MAP' : [ 0x320, {
+    'MappedLength' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'Directory' : [ 0xc, ['pointer', ['_HVIEW_MAP_DIRECTORY']]],
+    'PagesCharged' : [ 0x10, ['unsigned long']],
+    'PinLog' : [ 0x18, ['_HVIEW_MAP_PIN_LOG']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x1c, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x10, ['long']],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'WatchdogTimerInfo' : [ 0x18, ['pointer', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x10, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x8, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x4, ['_RTL_AVL_TREE']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x28, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x18, ['unsigned long']],
+    'ModuleSize' : [ 0x1c, ['unsigned long']],
+    'Offset' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_27c7' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_27c9' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_27c7']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_27c9']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x204, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'HashTable' : [ 0x4, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_RELATION_LIST' : [ 0x8, {
+    'DeviceObjectList' : [ 0x0, ['pointer', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x4, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x8, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x4, ['pointer', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'LowboxMap' : [ 0xc, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x60, {
+    'DumpMdl' : [ 0x0, ['pointer', ['_MDL']]],
+    'IoStatus' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'IoReady', 1: 'IoPending', 2: 'IoDone'})]],
+    'IoStartCount' : [ 0x8, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x10, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x18, ['unsigned long long']],
+    'RequestSize' : [ 0x20, ['unsigned long long']],
+    'IoLocation' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x30, ['unsigned long long']],
+    'Buffer' : [ 0x38, ['pointer', ['void']]],
+    'AsyncCapable' : [ 0x3c, ['unsigned char']],
+    'BytesToRead' : [ 0x40, ['unsigned long long']],
+    'Pages' : [ 0x48, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x50, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x58, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x38, {
+    'SidHash' : [ 0x0, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x8, ['pointer', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0xc, ['_LUID']],
+    'TokenType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x1c, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'AppContainerNumber' : [ 0x24, ['unsigned long']],
+    'PackageSid' : [ 0x28, ['pointer', ['void']]],
+    'CapabilitiesHash' : [ 0x2c, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x30, ['pointer', ['void']]],
+    'SecurityAttributes' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x4, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 28, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x0, ['long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x1c, {
+    'SourceProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x4, ['pointer', ['void']]],
+    'Object' : [ 0x8, ['pointer', ['void']]],
+    'TargetAccess' : [ 0xc, ['unsigned long']],
+    'ObjectInfo' : [ 0x10, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x10, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0xc, ['pointer', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x14, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x8, ['pointer', ['void']]],
+    'Key' : [ 0xc, ['unsigned long']],
+    'BindingProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+} ],
+  '__unnamed_2801' : [ 0x20, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x1c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x50, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long']],
+    'ModifiedPagesTotal' : [ 0x1c, ['unsigned long']],
+    'ModifiedPagefilePages' : [ 0x20, ['unsigned long']],
+    'ModifiedNoWritePages' : [ 0x24, ['unsigned long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x28, ['unsigned long']],
+    'MdlHack' : [ 0x2c, ['__unnamed_2801']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x10, {
+    'Va' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'Pattern' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0x8, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0x8, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_280e' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_280e']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x30, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x1c, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x20, ['unsigned long']],
+    'Counters' : [ 0x24, ['array', 2, ['unsigned long']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x4, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '__unnamed_281f' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_2822' : [ 0x4, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x4c, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x28, ['__unnamed_281f']],
+    'Subsection' : [ 0x2c, ['pointer', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x30, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x34, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x38, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x40, ['pointer', ['_EPROCESS']]],
+    'u4' : [ 0x44, ['__unnamed_2822']],
+    'FileObject' : [ 0x48, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PpmIdleBucketTimeInQpc', 1: 'PpmIdleBucketTimeIn100ns', 2: 'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_KTM' : [ 0x238, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x4, ['_KMUTANT']],
+    'State' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x28, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x3c, ['_GUID']],
+    'Flags' : [ 0x4c, ['unsigned long']],
+    'VolatileFlags' : [ 0x50, ['unsigned long']],
+    'LogFileName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x5c, ['pointer', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0x60, ['pointer', ['void']]],
+    'LogManagementContext' : [ 0x64, ['pointer', ['void']]],
+    'Transactions' : [ 0x68, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0xc8, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x128, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x148, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x150, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x158, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x178, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x180, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x188, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x190, ['pointer', ['void']]],
+    'TmRm' : [ 0x194, ['pointer', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x198, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x1b8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x1c0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x1d0, ['_ERESOURCE']],
+    'LogFlags' : [ 0x208, ['unsigned long']],
+    'LogFullStatus' : [ 0x20c, ['long']],
+    'RecoveryStatus' : [ 0x210, ['long']],
+    'LastCheckBaseLsn' : [ 0x218, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x220, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x228, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x8, {
+    'CurrentIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'PendingIrpList' : [ 0x4, ['pointer', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x2c, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x8, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x14, ['pointer', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x18, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x18, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0xa8, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x34, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'PackagedBinary' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x34, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x34, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x34, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x34, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x34, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x34, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x34, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x34, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x34, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x34, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x34, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x34, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x34, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x34, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x34, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x34, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x34, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x34, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x34, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x34, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x38, ['unsigned short']],
+    'TlsIndex' : [ 0x3a, ['unsigned short']],
+    'HashLinks' : [ 0x3c, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x48, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x4c, ['pointer', ['void']]],
+    'DdagNode' : [ 0x50, ['pointer', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0x54, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0x5c, ['pointer', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0x60, ['pointer', ['void']]],
+    'SwitchBackContext' : [ 0x64, ['pointer', ['void']]],
+    'BaseAddressIndexNode' : [ 0x68, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0x74, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0x80, ['unsigned long']],
+    'LoadTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x90, ['unsigned long']],
+    'LoadReason' : [ 0x94, ['Enumeration', dict(target = 'long', choices = {0: 'LoadReasonStaticDependency', 1: 'LoadReasonStaticForwarderDependency', 2: 'LoadReasonDynamicForwarderDependency', 3: 'LoadReasonDelayloadDependency', 4: 'LoadReasonDynamicLoad', 5: 'LoadReasonAsImageLoad', 6: 'LoadReasonAsDataLoad', -1: 'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x98, ['unsigned long']],
+    'ReferenceCount' : [ 0x9c, ['unsigned long']],
+    'DependentLoadFlags' : [ 0xa0, ['unsigned long']],
+    'SigningLevel' : [ 0xa4, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_284b' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_284d' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_284f' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_284b']],
+    'e2' : [ 0x0, ['__unnamed_284d']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_284f']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'DueTickCount' : [ 0xc, ['unsigned long']],
+    'Inserted' : [ 0x10, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x11, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x12, ['unsigned short']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x1d0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x38, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0x70, ['unsigned long']],
+    'NumberOfMappedMdlsInUse' : [ 0x74, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0x78, ['unsigned long']],
+    'MappedFileHeader' : [ 0x7c, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0x94, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0x95, ['unsigned char']],
+    'TransitionInserted' : [ 0x96, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0x98, ['long']],
+    'LastMappedWriteError' : [ 0x9c, ['long']],
+    'MappedFileWriteSucceeded' : [ 0xa0, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0xa4, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xa8, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0xac, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0xbc, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0xc0, ['unsigned long']],
+    'ModifiedPageWriterEvent' : [ 0xc4, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0xd4, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0xe4, ['long']],
+    'WriteAllMappedPages' : [ 0xe8, ['long']],
+    'MappedPageWriterEvent' : [ 0xec, ['_KEVENT']],
+    'ModWriteData' : [ 0x100, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x130, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x140, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x158, ['pointer', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x15c, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x160, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x170, ['unsigned long']],
+    'ClusterWritesDisabled' : [ 0x174, ['array', 2, ['long']]],
+    'NotifyStoreMemoryConditions' : [ 0x17c, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x18c, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x190, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x194, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x198, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x1a8, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x1b0, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x1c0, ['long']],
+    'WorkingSetSwapLock' : [ 0x1c4, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x1c8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x10, ['pointer', ['void']]],
+    'WhichOrderedElement' : [ 0x14, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x18, ['unsigned long']],
+    'DepthOfTree' : [ 0x1c, ['unsigned long']],
+    'RestartKey' : [ 0x20, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x24, ['unsigned long']],
+    'CompareRoutine' : [ 0x28, ['pointer', ['void']]],
+    'AllocateRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'FreeRoutine' : [ 0x30, ['pointer', ['void']]],
+    'TableContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x4, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x8, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+    'ContentionCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x1c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x1e, ['unsigned short']],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'Width8Bits', 1: 'Width16Bits', 2: 'Width32Bits', 3: 'Width64Bits', 4: 'WidthNoWrap', 5: 'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'Compatible', 1: 'TypeA', 2: 'TypeB', 3: 'TypeC', 4: 'TypeF', 5: 'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['unsigned char']],
+    'DripsRequiredState' : [ 0x8, ['unsigned long']],
+    'Level' : [ 0xc, ['long']],
+    'ActiveStamp' : [ 0x10, ['long long']],
+    'CsActiveTime' : [ 0x18, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x20, ['long long']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceWakeAlarm', 9: 'PolicyDeviceFan', 10: 'PolicyCsBatterySaver', 11: 'PolicyImmediateDozeS4Predicted', 12: 'PolicyImmediateDozeS4PredictedNoWake', 13: 'PolicyImmediateDozeS4AdaptiveBudget', 14: 'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: 'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x38, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x30, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '__unnamed_28ad' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x58, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_28ad']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'EvictFlushLock' : [ 0x1c, ['long']],
+    'EvictionThread' : [ 0x20, ['pointer', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x24, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x38, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x40, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x50, ['pointer', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x54, ['pointer', ['_EPROCESS']]],
+} ],
+  '_MI_RFG_PROTECTED_STACK' : [ 0xc, {
+    'ControlStackBase' : [ 0x0, ['pointer', ['void']]],
+    'ControlStackVad' : [ 0x4, ['pointer', ['_MMVAD_SHORT']]],
+    'OwnerThread' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0xc0, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x14, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x30, ['pointer', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x34, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x3c, ['long']],
+    'ActiveEvent' : [ 0x40, ['_KEVENT']],
+    'IdleLock' : [ 0x50, ['unsigned long']],
+    'IdleConditionComplete' : [ 0x54, ['long']],
+    'IdleStateComplete' : [ 0x58, ['long']],
+    'IdleStamp' : [ 0x60, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x68, ['unsigned long']],
+    'IdleStateCount' : [ 0x6c, ['unsigned long']],
+    'IdleStates' : [ 0x70, ['pointer', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0x74, ['unsigned long']],
+    'ProviderCount' : [ 0x78, ['unsigned long']],
+    'Providers' : [ 0x7c, ['pointer', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0x80, ['unsigned long']],
+    'DependentCount' : [ 0x84, ['unsigned long']],
+    'Dependents' : [ 0x88, ['pointer', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0x90, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0xb8, ['pointer', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 8, ['_M128A']]],
+    'Reserved4' : [ 0x120, ['array', 224, ['unsigned char']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x38, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x4, ['_LIST_ENTRY']],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x10, ['unsigned long']],
+    'ActualExpansion' : [ 0x14, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'InProgress' : [ 0x28, ['long']],
+    'u' : [ 0x2c, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+    'ActiveEntry' : [ 0x30, ['pointer', ['pointer', ['void']]]],
+    'AttemptForCantExtend' : [ 0x34, ['unsigned char']],
+    'PageFileContract' : [ 0x35, ['unsigned char']],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Reserved2' : [ 0x14, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer', ['void']]],
+    'Reserved3' : [ 0x1c, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_PIN_LOG' : [ 0x308, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x18, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x8, {
+    'Stream' : [ 0x0, ['pointer', ['void']]],
+    'Detail' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_28d9' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_28d9']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x8, ['unsigned char']],
+    'Disowned' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0xa, ['unsigned char']],
+    'IsWaiting' : [ 0xb, ['unsigned char']],
+    'LockAddress' : [ 0xc, ['pointer', ['void']]],
+    'ThreadAddress' : [ 0x10, ['pointer', ['void']]],
+    'SublistHead' : [ 0x14, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0x4dc, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolSListMaximum' : [ 0x4, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x10, ['unsigned long']],
+    'BadPoolHead' : [ 0x14, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x18, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x1c, ['unsigned char']],
+    'PoolFailures' : [ 0x20, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x44, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x70, ['unsigned long']],
+    'HighPagedPoolThreshold' : [ 0x74, ['unsigned long']],
+    'SpecialPoolPdesMax' : [ 0x78, ['long']],
+    'NonPagedPoolNodes' : [ 0x7c, ['array', 1024, ['unsigned char']]],
+    'PagedProtoPoolInfo' : [ 0x47c, ['_MM_PAGED_POOL_INFO']],
+    'PagedPoolSListMaximum' : [ 0x498, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x49c, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0x4ac, ['unsigned long']],
+    'SpecialPoolRejected' : [ 0x4b0, ['array', 6, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0x4c8, ['unsigned long']],
+    'SpecialPoolPdes' : [ 0x4cc, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0x4d0, ['unsigned long']],
+    'TotalPagedPoolQuota' : [ 0x4d4, ['unsigned long']],
+    'TotalNonPagedPoolQuota' : [ 0x4d8, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x30, {
+    'TransferAddress' : [ 0x0, ['pointer', ['void']]],
+    'ZeroBits' : [ 0x4, ['unsigned long']],
+    'MaximumStackSize' : [ 0x8, ['unsigned long']],
+    'CommittedStackSize' : [ 0xc, ['unsigned long']],
+    'SubSystemType' : [ 0x10, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x14, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x16, ['unsigned short']],
+    'SubSystemVersion' : [ 0x14, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x18, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x1a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x18, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x1c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x1e, ['unsigned short']],
+    'Machine' : [ 0x20, ['unsigned short']],
+    'ImageContainsCode' : [ 0x22, ['unsigned char']],
+    'ImageFlags' : [ 0x23, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x23, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x23, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x23, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x23, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x23, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x23, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x23, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x24, ['unsigned long']],
+    'ImageFileSize' : [ 0x28, ['unsigned long']],
+    'CheckSum' : [ 0x2c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x1c, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'ConnectLock' : [ 0x4, ['_KEVENT']],
+    'LineMasked' : [ 0x14, ['unsigned char']],
+    'InterruptList' : [ 0x18, ['pointer', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0xc, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x4, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_CM_WORKITEM' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x8, ['unsigned long']],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Parameter' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x4, ['pointer', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0xc0, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaLastRangeIndex' : [ 0x4, ['unsigned long']],
+    'NumaTableCaptured' : [ 0x8, ['unsigned char']],
+    'NodeShift' : [ 0x9, ['unsigned char']],
+    'ChannelShift' : [ 0xa, ['unsigned char']],
+    'NodeGraph' : [ 0xc, ['pointer', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x10, ['pointer', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaMemoryRanges' : [ 0x14, ['pointer', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x18, ['pointer', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'SecondLevelCacheSize' : [ 0x1c, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x20, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x24, ['unsigned long']],
+    'TotalPagesAllowed' : [ 0x28, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x2c, ['unsigned long']],
+    'SecondaryColors' : [ 0x30, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x34, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x38, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x3c, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x40, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x44, ['unsigned long']],
+    'OptimalZeroingAttribute' : [ 0x48, ['array', 4, ['array', -16, ['Enumeration', dict(target = 'long', choices = {0: 'MiNonCached', 1: 'MiCached', 2: 'MiWriteCombined', 3: 'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0x88, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x90, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'HighestPossiblePhysicalPage' : [ 0xb0, ['unsigned long']],
+    'EnclaveRegions' : [ 0xb4, ['_RTL_AVL_TREE']],
+    'VsmKernelPageCount' : [ 0xb8, ['unsigned long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x18, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0xc, ['unsigned char']],
+    'BlocksDrips' : [ 0xd, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x10, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x14, ['pointer', ['_PPM_VETO_ENTRY']]],
+} ],
+  '__unnamed_2908' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2908']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x8c, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x80, ['unsigned long']],
+    'NumberOfEntries' : [ 0x84, ['unsigned long']],
+    'NumberOfEntriesPeak' : [ 0x88, ['unsigned long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xa8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x28, ['unsigned long']],
+    'ProbeRaises' : [ 0x2c, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x6c, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x74, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x78, ['unsigned long']],
+    'CheckZeroCount' : [ 0x7c, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x80, ['long']],
+    'BadPagesDetected' : [ 0x84, ['long']],
+    'ScrubPasses' : [ 0x88, ['long']],
+    'ScrubBadPagesFound' : [ 0x8c, ['long']],
+    'UserViewFailures' : [ 0x90, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0x94, ['unsigned long']],
+    'ResavailFailures' : [ 0x98, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xa0, ['unsigned char']],
+    'InitFailure' : [ 0xa1, ['unsigned char']],
+    'StopBadMaps' : [ 0xa2, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x100, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x8, ['pointer', ['_KPRCB']]],
+    'Members' : [ 0xc, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0x18, ['unsigned long']],
+    'ProcessorCount' : [ 0x1c, ['unsigned long']],
+    'EfficiencyClass' : [ 0x20, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0x21, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0x22, ['unsigned char']],
+    'Spare' : [ 0x23, ['unsigned char']],
+    'Processors' : [ 0x24, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0x28, ['pointer', ['void']]],
+    'TimeWindowHandler' : [ 0x2c, ['pointer', ['void']]],
+    'BoostPolicyHandler' : [ 0x30, ['pointer', ['void']]],
+    'BoostModeHandler' : [ 0x34, ['pointer', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0x38, ['pointer', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x3c, ['pointer', ['void']]],
+    'AutonomousModeHandler' : [ 0x40, ['pointer', ['void']]],
+    'ReinitializeHandler' : [ 0x44, ['pointer', ['void']]],
+    'PerfSelectionHandler' : [ 0x48, ['pointer', ['void']]],
+    'PerfControlHandler' : [ 0x4c, ['pointer', ['void']]],
+    'DomainPerfControlHandler' : [ 0x50, ['pointer', ['void']]],
+    'MaxFrequency' : [ 0x54, ['unsigned long']],
+    'NominalFrequency' : [ 0x58, ['unsigned long']],
+    'MaxPercent' : [ 0x5c, ['unsigned long']],
+    'MinPerfPercent' : [ 0x60, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x64, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x68, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x70, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x78, ['unsigned char']],
+    'Coordination' : [ 0x79, ['unsigned char']],
+    'HardPlatformCap' : [ 0x7a, ['unsigned char']],
+    'AffinitizeControl' : [ 0x7b, ['unsigned char']],
+    'EfficientThrottle' : [ 0x7c, ['unsigned char']],
+    'AllowVirtualHeterogeneity' : [ 0x7d, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x7e, ['unsigned char']],
+    'AutonomousMode' : [ 0x7f, ['unsigned char']],
+    'DesiredPercent' : [ 0x80, ['unsigned long']],
+    'MaxPolicyPercent' : [ 0x84, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x88, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x8c, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x90, ['unsigned long']],
+    'SelectionGeneration' : [ 0x94, ['unsigned long']],
+    'BackgroundSelectionGeneration' : [ 0x98, ['unsigned long']],
+    'Selection' : [ 0xa0, ['_PERF_CONTROL_STATE_SELECTION']],
+    'BackgroundSelection' : [ 0xc8, ['_PERF_CONTROL_STATE_SELECTION']],
+    'PerfChangeTime' : [ 0xf0, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0xf8, ['unsigned long']],
+    'Force' : [ 0xfc, ['unsigned char']],
+    'ProvideGuidance' : [ 0xfd, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x40, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x4, ['unsigned long']],
+    'DummyPagePfn' : [ 0x8, ['pointer', ['_MMPFN']]],
+    'DummyPage' : [ 0xc, ['unsigned long']],
+    'PageOfZeroes' : [ 0x10, ['unsigned long']],
+    'ZeroMapping' : [ 0x14, ['pointer', ['void']]],
+    'OnesMapping' : [ 0x18, ['pointer', ['void']]],
+    'ZeroCrc' : [ 0x20, ['unsigned long long']],
+    'OnesCrc' : [ 0x28, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x30, ['array', 2, ['unsigned long']]],
+    'PfnGapFrames' : [ 0x38, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x10, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0xc, ['unsigned char']],
+    'Reserved' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x8, {
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x48, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x1c, ['pointer', ['void']]],
+    'Enabled' : [ 0x20, ['unsigned char']],
+    'ActiveEngaged' : [ 0x21, ['unsigned char']],
+    'ThrottleLimit' : [ 0x22, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x23, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x24, ['pointer', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x28, ['pointer', ['_KEVENT']]],
+    'Interface' : [ 0x2c, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '__unnamed_2942' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x54, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x4, ['__unnamed_2942']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x14, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x10, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x8, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'AllocatorBackTraceIndex' : [ 0x4, ['unsigned short']],
+    'PoolTagHash' : [ 0x6, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x140, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: 'PoAc', 1: 'PoDc', 2: 'PoHot', 3: 'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_2955' : [ 0x4, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2955']],
+    'EndVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x50, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x28, ['_KDPC']],
+    'WorkOrder' : [ 0x48, ['pointer', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ArbiterHandler' : [ 0x10, ['pointer', ['void']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_296a' : [ 0x10, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x10, {
+    'Parameters' : [ 0x0, ['__unnamed_296a']],
+} ],
+  '__unnamed_296e' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2972' : [ 0x14, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2974' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2976' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2978' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_297a' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_297c' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_297e' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2980' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2982' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2984' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2986' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_296e']],
+    'Memory' : [ 0x0, ['__unnamed_296e']],
+    'Interrupt' : [ 0x0, ['__unnamed_2972']],
+    'Dma' : [ 0x0, ['__unnamed_2974']],
+    'DmaV3' : [ 0x0, ['__unnamed_2976']],
+    'Generic' : [ 0x0, ['__unnamed_296e']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2978']],
+    'BusNumber' : [ 0x0, ['__unnamed_297a']],
+    'ConfigData' : [ 0x0, ['__unnamed_297c']],
+    'Memory40' : [ 0x0, ['__unnamed_297e']],
+    'Memory48' : [ 0x0, ['__unnamed_2980']],
+    'Memory64' : [ 0x0, ['__unnamed_2982']],
+    'Connection' : [ 0x0, ['__unnamed_2984']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_2986']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x28, {
+    'DriverObject' : [ 0x0, ['pointer', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x4, ['pointer', ['void']]],
+    'Count' : [ 0x8, ['unsigned long']],
+    'ServiceKeyName' : [ 0xc, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x14, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x18, ['pointer', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x1c, ['pointer', ['void']]],
+    'DvCallbacks' : [ 0x20, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'Traits' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x8, ['pointer', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0xc, ['pointer', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x10, ['pointer', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x14, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned short']],
+    'ReplyIndex' : [ 0x1a, ['unsigned short']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x58, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x4, {
+    'ReserveDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '__unnamed_29aa' : [ 0x8, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x8, ['__unnamed_29aa']],
+    'Irp' : [ 0x10, ['pointer', ['_IRP']]],
+    'u1' : [ 0x14, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x18, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x1c, ['_KAPC']],
+    'ByteCount' : [ 0x4c, ['unsigned long']],
+    'ChargedPages' : [ 0x50, ['unsigned long']],
+    'PagingFile' : [ 0x54, ['pointer', ['_MMPAGING_FILE']]],
+    'File' : [ 0x58, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x5c, ['pointer', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x60, ['pointer', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'Partition' : [ 0x78, ['pointer', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0x7c, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x80, ['_MDL']],
+    'Page' : [ 0x9c, ['array', 1, ['unsigned long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0x50, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x10, ['unsigned char']],
+    'IrpOplocksR' : [ 0x14, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x1c, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x24, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x2c, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x34, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x3c, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x44, ['pointer', ['_GUID']]],
+    'OplockState' : [ 0x48, ['unsigned long']],
+    'FastMutex' : [ 0x4c, ['pointer', ['_FAST_MUTEX']]],
+} ],
+  '__unnamed_29b3' : [ 0x8, {
+    'UserData' : [ 0x0, ['pointer', ['void']]],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_29b4' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_29b3']],
+    'Merged' : [ 0x10, ['__unnamed_29b4']],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'PublicFlags' : [ 0x19, ['unsigned char']],
+    'PrivateFlags' : [ 0x1a, ['unsigned short']],
+    'ListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_29b8' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29ba' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29bc' : [ 0xc, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29be' : [ 0xc, {
+    'Raw' : [ 0x0, ['__unnamed_29bc']],
+    'Translated' : [ 0x0, ['__unnamed_29ba']],
+} ],
+  '__unnamed_29c0' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29c2' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_29c4' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29c6' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29c8' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29ca' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29cc' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29ce' : [ 0xc, {
+    'Generic' : [ 0x0, ['__unnamed_29b8']],
+    'Port' : [ 0x0, ['__unnamed_29b8']],
+    'Interrupt' : [ 0x0, ['__unnamed_29ba']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_29be']],
+    'Memory' : [ 0x0, ['__unnamed_29b8']],
+    'Dma' : [ 0x0, ['__unnamed_29c0']],
+    'DmaV3' : [ 0x0, ['__unnamed_29c2']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2978']],
+    'BusNumber' : [ 0x0, ['__unnamed_29c4']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_29c6']],
+    'Memory40' : [ 0x0, ['__unnamed_29c8']],
+    'Memory48' : [ 0x0, ['__unnamed_29ca']],
+    'Memory64' : [ 0x0, ['__unnamed_29cc']],
+    'Connection' : [ 0x0, ['__unnamed_2984']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_29ce']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x40, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0x880, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x40, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x4c, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x68, ['unsigned long']],
+    'SizeOfPagedPoolInPages' : [ 0x6c, ['unsigned long']],
+    'SystemPteInfo' : [ 0x70, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0xa8, ['unsigned long']],
+    'SmallNonPagedPtesCommit' : [ 0xac, ['unsigned long']],
+    'BootCommit' : [ 0xb0, ['unsigned long']],
+    'MdlPagesAllocated' : [ 0xb4, ['unsigned long']],
+    'SystemPageTableCommit' : [ 0xb8, ['unsigned long']],
+    'SpecialPagesInUse' : [ 0xbc, ['unsigned long']],
+    'ProcessCommit' : [ 0xc0, ['unsigned long']],
+    'DriverCommit' : [ 0xc4, ['long']],
+    'PfnDatabaseCommit' : [ 0xc8, ['unsigned long']],
+    'SystemWs' : [ 0x100, ['array', 3, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x2c0, ['_MMSUPPORT_SHARED']],
+    'MapCacheFailures' : [ 0x2e4, ['unsigned long']],
+    'PagefileHashPages' : [ 0x2e8, ['unsigned long']],
+    'PteHeader' : [ 0x2ec, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x378, ['pointer', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x37c, ['array', 15, ['unsigned long']]],
+    'SystemVaType' : [ 0x3b8, ['array', 1024, ['unsigned char']]],
+    'SystemVaTypeCountFailures' : [ 0x7b8, ['array', 15, ['unsigned long']]],
+    'SystemVaTypeCountLimit' : [ 0x7f4, ['array', 15, ['unsigned long']]],
+    'SystemVaTypeCountPeak' : [ 0x830, ['array', 15, ['unsigned long']]],
+    'SystemAvailableVa' : [ 0x86c, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0x54, {
+    'Cr0' : [ 0x0, ['unsigned long']],
+    'Cr2' : [ 0x4, ['unsigned long']],
+    'Cr3' : [ 0x8, ['unsigned long']],
+    'Cr4' : [ 0xc, ['unsigned long']],
+    'KernelDr0' : [ 0x10, ['unsigned long']],
+    'KernelDr1' : [ 0x14, ['unsigned long']],
+    'KernelDr2' : [ 0x18, ['unsigned long']],
+    'KernelDr3' : [ 0x1c, ['unsigned long']],
+    'KernelDr6' : [ 0x20, ['unsigned long']],
+    'KernelDr7' : [ 0x24, ['unsigned long']],
+    'Gdtr' : [ 0x28, ['_DESCRIPTOR']],
+    'Idtr' : [ 0x30, ['_DESCRIPTOR']],
+    'Tr' : [ 0x38, ['unsigned short']],
+    'Ldtr' : [ 0x3a, ['unsigned short']],
+    'Xcr0' : [ 0x3c, ['unsigned long long']],
+    'ExceptionList' : [ 0x44, ['unsigned long']],
+    'Reserved' : [ 0x48, ['array', 3, ['unsigned long']]],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x8, ['pointer', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x14, ['pointer', ['_ETHREAD']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'AtomicLinks' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x44, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x28, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x34, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x3c, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x40, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x118, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastPerfCheckSnap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xb8, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x108, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x10c, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x110, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x112, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x113, ['unsigned char']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x104, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x14, ['pointer', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x18, ['pointer', ['_KSEMAPHORE']]],
+    'Order' : [ 0x1c, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0xec, ['_LIST_ENTRY']],
+    'Status' : [ 0xf4, ['long']],
+    'FailedDevice' : [ 0xf8, ['pointer', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0xfc, ['unsigned char']],
+    'Cancelled' : [ 0xfd, ['unsigned char']],
+    'IgnoreErrors' : [ 0xfe, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0xff, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x100, ['unsigned char']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x4c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['unsigned long']],
+    'SamplingPeriod' : [ 0x10, ['unsigned long']],
+    'CurrentTemperature' : [ 0x14, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x60, {
+    'FileName' : [ 0x0, ['pointer', ['wchar']]],
+    'BaseName' : [ 0x4, ['pointer', ['wchar']]],
+    'RegRootName' : [ 0x8, ['pointer', ['wchar']]],
+    'CmHive' : [ 0xc, ['pointer', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x10, ['unsigned long']],
+    'CmHiveFlags' : [ 0x14, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x18, ['unsigned long']],
+    'CmHive2' : [ 0x1c, ['pointer', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x20, ['unsigned char']],
+    'ThreadFinished' : [ 0x21, ['unsigned char']],
+    'ThreadStarted' : [ 0x22, ['unsigned char']],
+    'Allocate' : [ 0x23, ['unsigned char']],
+    'WinPERequired' : [ 0x24, ['unsigned char']],
+    'StartEvent' : [ 0x28, ['_KEVENT']],
+    'FinishedEvent' : [ 0x38, ['_KEVENT']],
+    'MountLock' : [ 0x48, ['_KEVENT']],
+    'FilePath' : [ 0x58, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0xd0, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x4, ['pointer', ['pointer', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x8, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'HitCount' : [ 0x10, ['unsigned long long']],
+    'LastActivationTime' : [ 0x18, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x20, ['unsigned long long']],
+    'CsActivationTime' : [ 0x28, ['unsigned long long']],
+    'CsActiveTime' : [ 0x30, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x28, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x14, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'HashTable' : [ 0xc, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x1c, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ListHead' : [ 0x14, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2a28' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0xb4, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['array', 2, ['unsigned long']]]],
+    'LargePages' : [ 0x10, ['array', 2, ['array', 2, ['array', 2, ['array', 1, ['_LIST_ENTRY']]]]]],
+    'LargePagesCount' : [ 0x50, ['array', 2, ['array', 2, ['array', 2, ['array', 1, ['unsigned long']]]]]],
+    'LargePageRebuildTimer' : [ 0x70, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'FreeCount' : [ 0x84, ['array', 2, ['unsigned long']]],
+    'TotalPages' : [ 0x8c, ['array', 1, ['unsigned long']]],
+    'TotalPagesEntireNode' : [ 0x90, ['unsigned long']],
+    'MmShiftedColor' : [ 0x94, ['unsigned long']],
+    'Color' : [ 0x98, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x9c, ['array', 1, ['array', 2, ['unsigned long']]]],
+    'Flags' : [ 0xa4, ['__unnamed_2a28']],
+    'NodeLock' : [ 0xa8, ['_EX_PUSH_LOCK']],
+    'ChannelStatus' : [ 0xac, ['unsigned char']],
+    'ChannelOrdering' : [ 0xad, ['array', 1, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0xae, ['array', 1, ['unsigned char']]],
+    'PowerAttribute' : [ 0xaf, ['array', 1, ['unsigned char']]],
+    'LargePageLock' : [ 0xb0, ['unsigned long']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_MI_HYPER_SPACE' : [ 0x2000, {
+    'VadBitmap' : [ 0x0, ['array', 6144, ['unsigned char']]],
+    'PaddingToPageBoundary' : [ 0x1800, ['array', 2048, ['unsigned char']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['long']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DeviceNode' : [ 0x1c, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x10, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x4, ['pointer', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x40, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0xc, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x1c, ['unsigned long']],
+    'AccessBufferList' : [ 0x20, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x28, ['long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x30, ['long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x8, ['pointer', ['void']]],
+    'CallersCaller' : [ 0xc, ['pointer', ['void']]],
+    'CallCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0xc, {
+    'Previous' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x4, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x10, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0xb0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x8, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x20, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x38, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedPoolLowestPage' : [ 0x68, ['unsigned long']],
+    'NonPagedPoolHighestPage' : [ 0x6c, ['unsigned long']],
+    'AllocatedNonPagedPool' : [ 0x70, ['unsigned long']],
+    'PartialLargePoolRegions' : [ 0x74, ['unsigned long']],
+    'PagesInPartialLargePoolRegions' : [ 0x78, ['unsigned long']],
+    'CachedNonPagedPoolCount' : [ 0x7c, ['unsigned long']],
+    'NonPagedPoolSpinLock' : [ 0x80, ['unsigned long']],
+    'CachedNonPagedPool' : [ 0x84, ['pointer', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x88, ['pointer', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x8c, ['pointer', ['void']]],
+    'NonPagedBitMap' : [ 0x90, ['array', 3, ['_RTL_BITMAP']]],
+    'NonPagedHint' : [ 0xa8, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0xd8, {
+    'Partition' : [ 0x0, ['pointer', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x4, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0xc, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x20, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x24, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x2c, ['unsigned long']],
+    'CombinePageListHeads' : [ 0x30, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0xb0, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long']],
+    'BadPagesDetected' : [ 0x4, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x8, ['long']],
+    'ScrubPasses' : [ 0xc, ['long']],
+    'ScrubBadPagesFound' : [ 0x10, ['long']],
+    'PageHashErrors' : [ 0x14, ['unsigned long']],
+    'FeatureBits' : [ 0x18, ['unsigned long long']],
+    'TimeZoneId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x28, ['pointer', ['void']]],
+    'ExceptionChainTerminator' : [ 0x2c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'ExceptionChainTerminatorRecord' : [ 0x30, ['_EXCEPTION_REGISTRATION_RECORD']],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x10, {
+    'SharedExportThunks' : [ 0x0, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x4, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x8, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0xc, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x14, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x10, ['unsigned char']],
+    'RebuildActive' : [ 0x11, ['unsigned char']],
+    'NextPassDelta' : [ 0x12, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x13, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x40, {
+    'IoPfnLock' : [ 0x0, ['unsigned long']],
+    'IoPfnRoot' : [ 0x4, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x10, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x18, ['unsigned long']],
+    'IoCacheStats' : [ 0x1c, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x3c, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x2c, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x28, ['long']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a6b' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x18, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer', ['void']]],
+    'SessionId' : [ 0xc, ['unsigned long']],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+    'u2' : [ 0x14, ['__unnamed_2a6b']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x30, {
+    'PagesLoad' : [ 0x0, ['long']],
+    'PagesAverage' : [ 0x4, ['unsigned long']],
+    'AverageAvailablePages' : [ 0x8, ['unsigned long']],
+    'PagesWritten' : [ 0xc, ['unsigned long']],
+    'WritesIssued' : [ 0x10, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x14, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x18, ['unsigned long']],
+    'WriteBurstCount' : [ 0x1c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x20, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x28, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x2e, ['unsigned short']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_KTRANSACTION' : [ 0x1e0, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'Mutex' : [ 0x14, ['_KMUTANT']],
+    'TreeTx' : [ 0x34, ['pointer', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x38, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x4c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0x60, ['_GUID']],
+    'State' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0x74, ['unsigned long']],
+    'EnlistmentHead' : [ 0x78, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x80, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0x84, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0x88, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0x8c, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0x90, ['unsigned long']],
+    'PendingResponses' : [ 0x94, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0x98, ['pointer', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xa0, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0xb0, ['pointer', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0xb4, ['pointer', ['void']]],
+    'IsolationLevel' : [ 0xb8, ['unsigned long']],
+    'IsolationFlags' : [ 0xbc, ['unsigned long']],
+    'Timeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'Description' : [ 0xc8, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0xd0, ['pointer', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0xd4, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0xe4, ['_KDPC']],
+    'RollbackTimer' : [ 0x108, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x130, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x138, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x13c, ['pointer', ['_KTM']]],
+    'CommitReservation' : [ 0x140, ['long long']],
+    'TransactionHistory' : [ 0x148, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x198, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x19c, ['pointer', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x1a0, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x1a4, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x1c4, ['pointer', ['void']]],
+    'PendingPromotionCount' : [ 0x1c8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x1cc, ['_KEVENT']],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x40, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0x60, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x38, ['_KMUTANT']],
+    'LinksOffset' : [ 0x58, ['unsigned short']],
+    'GuidOffset' : [ 0x5a, ['unsigned short']],
+    'Expired' : [ 0x5c, ['unsigned char']],
+} ],
+  '__unnamed_2a91' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a93' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a96' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_2a9a' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'ApicDestinationModePhysical', 2: 'ApicDestinationModeLogicalFlat', 3: 'ApicDestinationModeLogicalClustered', 4: 'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x50, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptTypeControllerInput', 1: 'InterruptTypeXapicMessage', 2: 'InterruptTypeHypertransport', 3: 'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptRisingEdge', 2: 'InterruptFallingEdge', 3: 'InterruptActiveBothTriggerLow', 4: 'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'TargetProcessors' : [ 0x14, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x20, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x30, ['__unnamed_2a91']],
+    'HvDeviceId' : [ 0x38, ['unsigned long long']],
+    'XapicMessage' : [ 0x40, ['__unnamed_2a93']],
+    'Hypertransport' : [ 0x40, ['__unnamed_2a96']],
+    'GenericMessage' : [ 0x40, ['__unnamed_2a93']],
+    'MessageRequest' : [ 0x40, ['__unnamed_2a9a']],
+} ],
+  '_CM_NAME_HASH' : [ 0xc, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'Name' : [ 0xa, ['array', 1, ['wchar']]],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x2c, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x8, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0xc, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x10, ['unsigned long']],
+    'LowestLink' : [ 0x14, ['unsigned long']],
+    'Dependencies' : [ 0x18, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x1c, ['_LDRP_CSLIST']],
+    'State' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'LdrModulesPlaceHolder', 1: 'LdrModulesMapping', 2: 'LdrModulesMapped', 3: 'LdrModulesWaitingForDependencies', 4: 'LdrModulesSnapping', 5: 'LdrModulesSnapped', 6: 'LdrModulesCondensed', 7: 'LdrModulesReadyToInit', 8: 'LdrModulesInitializing', 9: 'LdrModulesReadyToRun', '\xfb': 'LdrModulesMerged', '\xfd': 'LdrModulesSnapError', '\xfc': 'LdrModulesInitError', -1: 'LdrModulesUnloading', '\xfe': 'LdrModulesUnloaded'})]],
+    'CondenseLink' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x28, ['unsigned long']],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x100, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0xc0, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0xc8, ['pointer', ['void']]],
+    'StorageInfo' : [ 0xc8, ['pointer', ['void']]],
+    'UseStorageInfo' : [ 0xcc, ['unsigned char']],
+    'PointersLength' : [ 0xd0, ['unsigned long']],
+    'ModulePrefix' : [ 0xd4, ['pointer', ['wchar']]],
+    'DriverList' : [ 0xd8, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0xe0, ['_STRING']],
+    'ProgMsg' : [ 0xe8, ['_STRING']],
+    'DoneMsg' : [ 0xf0, ['_STRING']],
+    'FileObject' : [ 0xf8, ['pointer', ['void']]],
+    'UsageType' : [ 0xfc, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile', 4: 'DeviceUsageTypeBoot', 5: 'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x8, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'Node' : [ 0x4, ['unsigned long']],
+} ],
+  '_KQUEUE' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x18, ['unsigned long']],
+    'MaximumCount' : [ 0x1c, ['unsigned long']],
+    'ThreadListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x20, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0xc, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x20, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_DESCRIPTOR' : [ 0x8, {
+    'Pad' : [ 0x0, ['unsigned short']],
+    'Limit' : [ 0x2, ['unsigned short']],
+    'Base' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2abb' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2abd' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2abf' : [ 0x8, {
+    'NotificationStructure' : [ 0x0, ['pointer', ['void']]],
+    'DeviceId' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2ac1' : [ 0x4, {
+    'Notification' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_2ac3' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2ac5' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2ac7' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2ac9' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2acb' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_2acd' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_2abb']],
+    'TargetDevice' : [ 0x0, ['__unnamed_2abd']],
+    'InstallDevice' : [ 0x0, ['__unnamed_2abd']],
+    'CustomNotification' : [ 0x0, ['__unnamed_2abf']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_2ac1']],
+    'PowerNotification' : [ 0x0, ['__unnamed_2ac3']],
+    'VetoNotification' : [ 0x0, ['__unnamed_2ac5']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_2ac7']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_2ac9']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_2acb']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_2abd']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_2abd']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x44, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'DeviceInstanceStartedEvent', 12: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalSize' : [ 0x1c, ['unsigned long']],
+    'DeviceObject' : [ 0x20, ['pointer', ['void']]],
+    'u' : [ 0x24, ['__unnamed_2acd']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x8, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x4, ['pointer', ['_HHIVE']]],
+} ],
+  '_HVIEW_MAP_DIRECTORY' : [ 0x200, {
+    'Tables' : [ 0x0, ['array', 128, ['pointer', ['_HVIEW_MAP_TABLE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x18, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x8, ['long']],
+    'Misses' : [ 0xc, ['unsigned long']],
+    'MissesLast' : [ 0x10, ['unsigned long']],
+    'AllStacksInUse' : [ 0x14, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x4, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['pointer', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0xc, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'MpnId' : [ 0x4, ['unsigned short']],
+    'Node' : [ 0x6, ['unsigned short']],
+    'Channel' : [ 0x8, ['unsigned short']],
+    'IsPowerManageable' : [ 0xa, ['unsigned char']],
+    'DeepPowerState' : [ 0xb, ['unsigned char']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Link' : [ 0x14, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x1c, ['pointer', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x88, {
+    'Prcb' : [ 0x0, ['pointer', ['_KPRCB']]],
+    'PerfContext' : [ 0x4, ['unsigned long']],
+    'PlatformCap' : [ 0x8, ['unsigned long']],
+    'ThermalCap' : [ 0xc, ['unsigned long']],
+    'LimitReasons' : [ 0x10, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x18, ['unsigned long long']],
+    'VirtualLittle' : [ 0x20, ['unsigned char']],
+    'ResolvedVirtualLittle' : [ 0x21, ['unsigned char']],
+    'LastVirtualTranstionTsc' : [ 0x28, ['unsigned long long']],
+    'VirtualTranstionHysteresis' : [ 0x30, ['unsigned long long']],
+    'ProcCap' : [ 0x38, ['unsigned long']],
+    'ProcFloor' : [ 0x3c, ['unsigned long']],
+    'TargetPercent' : [ 0x40, ['unsigned long']],
+    'Selection' : [ 0x48, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x70, ['unsigned long']],
+    'PreviousFrequency' : [ 0x74, ['unsigned long']],
+    'PreviousPercent' : [ 0x78, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x7c, ['unsigned long']],
+    'Force' : [ 0x80, ['unsigned char']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x18, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x288, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'ACPIBus', 18: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x2a4, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer', ['void']]],
+    'ConsoleFlags' : [ 0x14, ['unsigned long']],
+    'StandardInput' : [ 0x18, ['pointer', ['void']]],
+    'StandardOutput' : [ 0x1c, ['pointer', ['void']]],
+    'StandardError' : [ 0x20, ['pointer', ['void']]],
+    'CurrentDirectory' : [ 0x24, ['_CURDIR']],
+    'DllPath' : [ 0x30, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x38, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x40, ['_UNICODE_STRING']],
+    'Environment' : [ 0x48, ['pointer', ['void']]],
+    'StartingX' : [ 0x4c, ['unsigned long']],
+    'StartingY' : [ 0x50, ['unsigned long']],
+    'CountX' : [ 0x54, ['unsigned long']],
+    'CountY' : [ 0x58, ['unsigned long']],
+    'CountCharsX' : [ 0x5c, ['unsigned long']],
+    'CountCharsY' : [ 0x60, ['unsigned long']],
+    'FillAttribute' : [ 0x64, ['unsigned long']],
+    'WindowFlags' : [ 0x68, ['unsigned long']],
+    'ShowWindowFlags' : [ 0x6c, ['unsigned long']],
+    'WindowTitle' : [ 0x70, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0x78, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0x80, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0x88, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0x90, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x290, ['unsigned long']],
+    'EnvironmentVersion' : [ 0x294, ['unsigned long']],
+    'PackageDependencyData' : [ 0x298, ['pointer', ['void']]],
+    'ProcessGroupId' : [ 0x29c, ['unsigned long']],
+    'LoaderThreads' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x20, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long']],
+    'ActiveCacheMatch' : [ 0x4, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0x8, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x14, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_2b11' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b13' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2b15' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2b11']],
+    'Gpt' : [ 0x0, ['__unnamed_2b13']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0xc0, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer', ['void']]],
+    'CommonBuffer' : [ 0xc, ['array', 2, ['pointer', ['void']]]],
+    'PhysicalAddress' : [ 0x18, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x28, ['pointer', ['void']]],
+    'OpenRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'WriteRoutine' : [ 0x30, ['pointer', ['void']]],
+    'FinishRoutine' : [ 0x34, ['pointer', ['void']]],
+    'AdapterObject' : [ 0x38, ['pointer', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x3c, ['pointer', ['void']]],
+    'PortConfiguration' : [ 0x40, ['pointer', ['void']]],
+    'CrashDump' : [ 0x44, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x45, ['unsigned char']],
+    'HiberResume' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x47, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x48, ['unsigned long']],
+    'CommonBufferSize' : [ 0x4c, ['unsigned long']],
+    'TargetAddress' : [ 0x50, ['pointer', ['void']]],
+    'WritePendingRoutine' : [ 0x54, ['pointer', ['void']]],
+    'PartitionStyle' : [ 0x58, ['unsigned long']],
+    'DiskInfo' : [ 0x5c, ['__unnamed_2b15']],
+    'ReadRoutine' : [ 0x6c, ['pointer', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0x70, ['pointer', ['void']]],
+    'LogSectionTruncateSize' : [ 0x74, ['unsigned long']],
+    'Parameters' : [ 0x78, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xb8, ['pointer', ['void']]],
+    'DumpNotifyRoutine' : [ 0xbc, ['pointer', ['void']]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ActiveCooling' : [ 0x14, ['pointer', ['void']]],
+    'PassiveCooling' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x8, {
+    'Start' : [ 0x0, ['pointer', ['unsigned char']]],
+    'End' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0x60, {
+    'Component' : [ 0x0, ['pointer', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x4, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x14, ['pointer', ['void']]],
+    'Flags' : [ 0x18, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x1c, ['pointer', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x20, ['unsigned long']],
+    'LastChangeStamp' : [ 0x28, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x30, ['unsigned char']],
+    'PepRegistered' : [ 0x31, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x32, ['unsigned char']],
+    'RequestDriverContext' : [ 0x34, ['pointer', ['void']]],
+    'WorkOrder' : [ 0x38, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x54, ['unsigned long']],
+    'Sets' : [ 0x58, ['pointer', ['_POP_FX_PERF_SET']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x4, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x10, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_2b40' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b42' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b44' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b46' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2b40']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_2b42']],
+    'Raw' : [ 0x0, ['__unnamed_2b44']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x28, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'Operation' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'DirtyVectorModified', 1: 'DirtyDataCaptureStart', 2: 'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0x8, ['__unnamed_2b46']],
+    'Stack' : [ 0x10, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x4, ['long']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x10, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0xc, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0xc, ['_RTL_BITMAP']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2b54' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2b56' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2b54']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2b59' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2b5b' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2b59']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2b56']],
+    'HighPart' : [ 0x4, ['__unnamed_2b5b']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x70, {
+    'UncompressedData' : [ 0x0, ['pointer', ['unsigned char']]],
+    'MappingVa' : [ 0x4, ['pointer', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x8, ['pointer', ['void']]],
+    'CompressedDataBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'CompressTicks' : [ 0x18, ['unsigned long long']],
+    'BytesCopied' : [ 0x20, ['unsigned long long']],
+    'PagesProcessed' : [ 0x28, ['unsigned long long']],
+    'DecompressTicks' : [ 0x30, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x38, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x40, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x68, ['unsigned long']],
+    'HuffCompressCount' : [ 0x6c, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x30, {
+    'ViewOffset' : [ 0x0, ['unsigned long']],
+    'Pinned' : [ 0x4, ['unsigned char']],
+    'PinMask' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer', ['_KTHREAD']]],
+    'Stack' : [ 0x14, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x14, {
+    'NextEntry' : [ 0x0, ['pointer', ['void']]],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x10, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'CallingAddress' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long']],
+    'Tag' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x8, {
+    'NextExtension' : [ 0x0, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HVIEW_MAP_TABLE' : [ 0x600, {
+    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
+} ],
+  '_LDRP_CSLIST' : [ 0x4, {
+    'Tail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0xc, {
+    'NextPage' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'VerifierEntry' : [ 0x4, ['pointer', ['void']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SlatKernelCodeProtected' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x28, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x10, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x18, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'EtwNotificationTypeNoReply', 2: 'EtwNotificationTypeLegacyEnable', 3: 'EtwNotificationTypeEnable', 4: 'EtwNotificationTypePrivateLogger', 5: 'EtwNotificationTypePerflib', 6: 'EtwNotificationTypeAudio', 7: 'EtwNotificationTypeSession', 8: 'EtwNotificationTypeReserved', 9: 'EtwNotificationTypeCredentialUI', 10: 'EtwNotificationTypeInProcSession', 11: 'EtwNotificationTypeFilteredPrivateLogger', 12: 'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x40, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0xc, ['pointer', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x10, ['pointer', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x14, ['pointer', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x18, ['pointer', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x1c, ['pointer', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x20, ['pointer', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x24, ['pointer', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x28, ['pointer', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x2c, ['pointer', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x30, ['pointer', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x34, ['pointer', ['void']]],
+    'PreQueryOpen' : [ 0x38, ['pointer', ['void']]],
+    'PostQueryOpen' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x18, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x14, ['pointer', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x4, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_ENTRY' : [ 0x18, {
+    'ViewStart' : [ 0x0, ['pointer', ['void']]],
+    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Bcb' : [ 0x4, ['pointer', ['void']]],
+    'PinnedPages' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x24, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x10, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_2bb3' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x4, ['pointer', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_2bb5' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x28, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x8, ['unsigned long long']],
+    'Unit' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateUnitOther', 1: 'PoFxPerfStateUnitFrequency', 2: 'PoFxPerfStateUnitBandwidth', 3: 'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PoFxPerfStateTypeDiscrete', 1: 'PoFxPerfStateTypeRange', 2: 'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x18, ['__unnamed_2bb3']],
+    'Range' : [ 0x18, ['__unnamed_2bb5']],
+} ],
+  '_CURDIR' : [ 0xc, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '__unnamed_2bbb' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_2bbd' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_2bbb']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_2bbd']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '__unnamed_2bc3' : [ 0x8, {
+    'EndingOffset' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x4, ['pointer', ['pointer', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2bc5' : [ 0x4, {
+    'ResourceToRelease' : [ 0x0, ['pointer', ['_ERESOURCE']]],
+} ],
+  '__unnamed_2bcb' : [ 0xc, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_2bcf' : [ 0x8, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x4, ['unsigned char']],
+} ],
+  '__unnamed_2bd1' : [ 0x10, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileInformation' : [ 0x4, ['pointer', ['void']]],
+    'Length' : [ 0x8, ['pointer', ['unsigned long']]],
+    'FileInformationClass' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileUnusedInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileRenameInformationBypassAccessCheck', 57: 'FileLinkInformationBypassAccessCheck', 58: 'FileVolumeNameInformation', 59: 'FileIdInformation', 60: 'FileIdExtdDirectoryInformation', 61: 'FileReplaceCompletionInformation', 62: 'FileHardLinkFullIdInformation', 63: 'FileIdExtdBothDirectoryInformation', 64: 'FileDispositionInformationEx', 65: 'FileRenameInformationEx', 66: 'FileRenameInformationExBypassAccessCheck', 67: 'FileDesiredStorageClassInformation', 68: 'FileStatInformation', 69: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_2bd3' : [ 0x14, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+    'Argument5' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x14, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2bc3']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2bc5']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2bcb']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_2bcf']],
+    'QueryOpen' : [ 0x0, ['__unnamed_2bd1']],
+    'Others' : [ 0x0, ['__unnamed_2bd3']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+}

From 35984c0dddbd2e8e660fd156b1b6b45bf4d83ff6 Mon Sep 17 00:00:00 2001
From: Bastian Neuburger <b.neuburger@gsi.de>
Date: Thu, 6 Apr 2017 08:05:28 +0200
Subject: [PATCH 086/304] Add unified_output to mac_get_profile

---
 volatility/plugins/mac/get_profile.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index 072fc4309..adc2c212b 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -30,6 +30,8 @@
 import volatility.addrspace as addrspace
 import volatility.registry as registry
 import volatility.plugins.mac.common as common
+from volatility.renderers import TreeGrid
+from volatility.renderers.basic import Address
 
 profiles = [
 ["MacYosemite_10_10_14A389x64", 18446743523963612480, 18446743523964534784, 1],
@@ -166,6 +168,18 @@ def calculate(self):
             yield result
         else:
             debug.error("Unable to find an OS X profile for the given memory sample.")
+
+    def unified_output(self, data):
+        return TreeGrid([("Profile", str),
+                          ("Shift Address", Address)
+                          ], self.generator(data))
+
+    def generator(self, data):
+        for (profile, shift) in data:
+            yield(0, [
+                str(profile),
+                Address(shift),
+                ])
                     
     def render_text(self, outfd, data):
         self.table_header(outfd, [("Profile", "50"), ("Shift Address", "[addrpad]")])

From 900bd56ec17b4373d8aeb73eba501e52efe7e46a Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Sat, 8 Apr 2017 17:33:02 -0400
Subject: [PATCH 087/304] The patch in 5a41f277104ffcffc3ac43ebbbb608f66dcc0789
 assumed that bswap appears in KdCopyDataBlock before all other criteria is
 found, but in at least one system (2012R2 IIRC) the bswap was after
 KiWaitAlways, which caused the op check loop to abort early. This new patch
 still checks for bswap but it does so independently of the other variables,
 and we abort ASAP if it isn't found, which also lends a small performance
 improvement.

---
 .../plugins/overlays/windows/win8_kdbg.py     | 28 ++++++++++++-------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/volatility/plugins/overlays/windows/win8_kdbg.py b/volatility/plugins/overlays/windows/win8_kdbg.py
index 8f607717f..831b5f875 100644
--- a/volatility/plugins/overlays/windows/win8_kdbg.py
+++ b/volatility/plugins/overlays/windows/win8_kdbg.py
@@ -161,10 +161,24 @@ def copy_data_block(self, full_addr):
         wait_always = None
         # nt!KdpDataBlockEncoded
         block_encoded = None
-        # only for KdCopyDataBlock detection
-        bswap = None
-
+        
+        # collect instructions up to the first RET
+        before_ret = []
+        # we need a bswap instruction to be valid
+        found_bswap = False
+        
         for op in ops:
+        	if op.mnemonic == "BSWAP":
+        		found_bswap = True
+        	elif op.mnemonic == "RET":
+        		break
+        	else:
+        		before_ret.append(op)
+        		
+        if not found_bswap:
+        	return obj.NoneObject("No bswap instruction found")
+
+        for op in before_ret:
             # cmp cs:KdpDataBlockEncoded, 0
             if (not block_encoded and op.mnemonic == "CMP" and 
                         op.operands[0].type == "AbsoluteMemory" and 
@@ -204,18 +218,12 @@ def copy_data_block(self, full_addr):
                                         offset = offset,
                                         vm = addr_space)
                 break
-            # bswap reg
-            elif (not bswap and op.mnemonic == 'BSWAP'):
-                bswap = True
-            elif op.mnemonic == "RET":
-                break
 
         # check if we've found all the required offsets 
         if (block_encoded != None 
                     and kdbg_block != None 
                     and wait_never != None
-                    and wait_always != None
-                    and bswap != None):
+                    and wait_always != None):
             
             # some acquisition tools decode the KDBG block but leave 
             # nt!KdpDataBlockEncoded set, so we handle it here. 

From 17704956380c8871660646f386b9b0f009a5725b Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Sat, 8 Apr 2017 17:36:21 -0400
Subject: [PATCH 088/304] Improve support for network connections (in
 particular the remote IP address field) reported via netscan for 32-bit
 Windows 8 and 8.1 (with and without the update)

---
 volatility/plugins/overlays/windows/tcpip_vtypes.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/volatility/plugins/overlays/windows/tcpip_vtypes.py b/volatility/plugins/overlays/windows/tcpip_vtypes.py
index 743d4adbf..e02e09e5e 100644
--- a/volatility/plugins/overlays/windows/tcpip_vtypes.py
+++ b/volatility/plugins/overlays/windows/tcpip_vtypes.py
@@ -402,6 +402,9 @@ def modification(self, profile):
             'RemotePort' : [ 0x3E, ['unsigned be short']],
             'Owner' : [ 0x174, ['pointer', ['_EPROCESS']]],
             }],
+        '_ADDRINFO' : [ None, {
+            'Remote' : [ 0xC, ['pointer', ['_IN_ADDR']]],
+            }],
         })
 
 class Win81Tcpip(obj.ProfileModification):

From da344858f60aac3e7a1a96da62ef82ca83d4eb1c Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sun, 9 Apr 2017 20:35:44 -0500
Subject: [PATCH 089/304] Mac - update mac_get_profile for latest kernels

---
 volatility/plugins/mac/get_profile.py | 145 +++++++++++++++-----------
 1 file changed, 83 insertions(+), 62 deletions(-)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index 072fc4309..00e1ce3f6 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -32,68 +32,89 @@
 import volatility.plugins.mac.common as common
 
 profiles = [
-["MacYosemite_10_10_14A389x64", 18446743523963612480, 18446743523964534784, 1],
-["MacYosemite_10_10_14B25x64", 18446743523963612480, 18446743523964534784, 1],
-["MacYosemite_10_10_2_14C1514x64", 18446743523963607600, 18446743523964534784, 1],
-["MacYosemite_10_10_3_14D131x64", 18446743523963609408, 18446743523964534784, 1],
-["MacYosemite_10_10_3_14D136x64", 18446743523963609408, 18446743523964534784, 1],
-["MacYosemite_10_10_4_14E46x64", 18446743523963610496, 18446743523964534784, 1],
-["MacYosemite_10_10_5_14F27x64", 18446743523963608608, 18446743523964534784, 1],
-["MacYosemite_10_10_5_14F1021x64", 18446743523963608704, 18446743523964534784, 1],
-["MacLeopard_10_5_3_Intelx86", 4850472, 1708032, 0],
-["MacLeopard_10_5_4_Intelx86", 4850488, 1708032, 0],
-["MacLeopard_10_5_5_Intelx86", 4850568, 1708032, 0],
-["MacLeopard_10_5_6_Intelx86", 4859540, 1712128, 0],
-["MacLeopard_10_5_7_Intelx86", 4880064, 1716224, 0],
-["MacLeopard_10_5_8_Intelx86", 4882736, 1716224, 0],
-["MacLeopard_10_5_Intelx86", 4823024, 1703936, 0],
-["MacSnowLeopard_10_6_1_AMDx64", 18446743523959762264, 18446743523956649984, 0],
-["MacSnowLeopard_10_6_2_AMDx64", 18446743523959767128, 18446743523956654080, 0],
-["MacSnowLeopard_10_6_4_AMDx64", 18446743523959767504, 18446743523956662272, 0],
-["MacSnowLeopard_10_6_5_AMDx64", 18446743523959780720, 18446743523956666368, 0],
-["MacSnowLeopard_10_6_6_AMDx64", 18446743523959780936, 18446743523956666368, 0],
-["MacSnowLeopard_10_6_7_AMDx64", 18446743523959800160, 18446743523956666368, 0],
-["MacSnowLeopard_10_6_8_AMDx64", 18446743523959819016, 18446743523956670464, 0],
-["MacSnowLeopard_10_6_AMDx64", 18446743523959762264, 18446743523956649984, 0],
-["MacSnowLeopard_10_6_1_Intelx86", 6139972, 2744320, 0],
-["MacSnowLeopard_10_6_2_Intelx86", 6144688, 2748416, 0],
-["MacSnowLeopard_10_6_3_Intelx86", 6139684, 2752512, 0],
-["MacSnowLeopard_10_6_4_Intelx86", 6143412, 2752512, 0],
-["MacSnowLeopard_10_6_5_Intelx86", 6165360, 2760704, 0],
-["MacSnowLeopard_10_6_6_Intelx86", 6165676, 2760704, 0],
-["MacSnowLeopard_10_6_7_Intelx86", 6186376, 2760704, 0],
-["MacSnowLeopard_10_6_8_Intelx86", 6203832, 2764800, 0],
-["MacSnowLeopard_10_6_Intelx86", 6139972, 2744320, 0],
-["MacLion_10_7_1_AMDx64", 18446743523961030696, 18446743523956600832, 0],
-["MacLion_10_7_2_AMDx64", 18446743523961030368, 18446743523956600832, 0],
-["MacLion_10_7_3_AMDx64", 18446743523961032256, 18446743523956600832, 0],
-["MacLion_10_7_4_AMDx64", 18446743523961048360, 18446743523956609024, 0],
-["MacLion_10_7_5_AMDx64", 18446743523961053360, 18446743523956609024, 0],
-["MacLion_10_7_AMDx64", 18446743523961030304, 18446743523956600832, 0],
-["MacLion_10_7_1_Intelx86", 7447336, 2899968, 0],
-["MacLion_10_7_2_Intelx86", 7451396, 2904064, 0],
-["MacLion_10_7_3_Intelx86", 7453552, 2904064, 0],
-["MacLion_10_7_4_Intelx86", 7464424, 2908160, 0],
-["MacLion_10_7_5_Intelx86", 7468772, 2908160, 0],
-["MacLion_10_7_Intelx86", 7446904, 2899968, 0],
-["MacMountainLion_10_8_1_AMDx64", 18446743523961328192, 18446743523962269696, 1],
-["MacMountainLion_10_8_2_AMDx64", 18446743523961340528, 18446743523962269696, 1],
-["MacMountainLion_10_8_3_AMDx64", 18446743523961294000, 18446743523962269696, 1],
-["MacMountainLion_10_8_4_12e55_AMDx64", 18446743523961302256, 18446743523962269696, 1],
-["MacMountainLion_10_8_5_12f37_AMDx64", 18446743523961347136, 18446743523962273792, 1],
-["MacMountainLion_10_8_5_12f45_AMDx64", 18446743523961347136, 18446743523962273792, 1],
-["MacMavericks_10_9_1_AMDx64", 18446743523961749984, 18446743523962273792, 1],
-["MacMavericks_10_9_2_13C1021_AMDx64", 18446743523961751392, 18446743523962273792, 1],
-["MacMavericks_10_9_2__13C64_AMDx64", 18446743523961753424, 18446743523962273792, 1],
-["MacMavericks_10_9_3_AMDx64", 18446743523961765744, 18446743523962273792, 1],
-["MacMavericks_10_9_4_AMDx64", 18446743523961767008, 18446743523962273792, 1],
-["MacMavericks_10_9_5_AMDx64", 18446743523961765968, 18446743523962273792, 1],
-["MacElCapitan_10_11_15A284x64", 18446743523963516960, 18446743523964547072, 1],
-["MacElCapitan_10_11_1_15B42x64", 18446743523963517744, 18446743523964555264, 1],
-["MacElCapitan_10_11_2_15C50x64", 18446743523963517440, 18446743523964555264, 1],
-["MacElCapitan_10_11_3_15D13bx64", 18446743523963520864, 18446743523964555264, 1],
-["MacElCapitan_10_11_3_15D21x64", 18446743523963520864, 18446743523964555264, 1],
-["MacElCapitan_10_11_4_15E65x64", 18446743523963511520, 18446743523964555264, 1],
+["MacYosemite_10_10_2_14C1514x64", 18446743523963607600, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_3_14D131x64", 18446743523963609408, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_3_14D136x64", 18446743523963609408, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_4_14E46x64", 18446743523963610496, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_5_14F1021x64", 18446743523963608704, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_5_14f1509x64", 18446743523963608704, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_5_14F1912x64", 18446743523963609312, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_5_14F2009x64", 18446743523963609536, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_5_14F2109x64", 18446743523963609536, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_5_14F2315x64", 18446743523963601344, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_5_14F27x64", 18446743523963608608, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_14A389x64", 18446743523963612480, 18446743523964534784, 1, 724],
+["MacYosemite_10_10_14B25x64", 18446743523963612480, 18446743523964534784, 1, 724],
+["MacElCapitan_10_11_1_15B42x64", 18446743523963517744, 18446743523964555264, 1, 724],
+["MacElCapitan_10_11_2_15C50x64", 18446743523963517440, 18446743523964555264, 1, 740],
+["MacElCapitan_10_11_3_15D13bx64", 18446743523963520864, 18446743523964555264, 1, 740],
+["MacElCapitan_10_11_3_15D21x64", 18446743523963520864, 18446743523964555264, 1, 740],
+["MacElCapitan_10_11_4_15E65x64", 18446743523963511520, 18446743523964555264, 1, 740],
+["MacElCapitan_10_11_5_15F34x64", 18446743523963513456, 18446743523964555264, 1, 740],
+["MacElCapitan_10_11_6_15G1004x64", 18446743523963516032, 18446743523964555264, 1, 740],
+["MacElCapitan_10_11_6_15G1108x64", 18446743523963516032, 18446743523964555264, 1, 740],
+["MacElCapitan_10_11_6_15G1212x64", 18446743523963503888, 18446743523964555264, 1, 740],
+["MacElCapitan_10_11_6_15G1217x64", 18446743523963503456, 18446743523964555264, 1, 740],
+["MacElCapitan_10_11_6_15G1421x64", 18446743523963503440, 18446743523964555264, 1, 740],
+["MacElCapitan_10_11_15A284x64", 18446743523963516960, 18446743523964547072, 1, 724],
+["MacSierra_10_12_0_16A323x64", 18446743523963569392, 18446743523964379136, 1, 740],
+["MacSierra_10_12_1_16B2657x64", 18446743523963568512, 18446743523964379136, 1, 740],
+["MacSierra_10_12_2_16C63ax64", 18446743523963567232, 18446743523964379136, 1, 740],
+["MacSierra_10_12_2_16C67x64", 18446743523963567232, 18446743523964379136, 1, 740],
+["MacSierra_10_12_3_16D32x64", 18446743523963567520, 18446743523964379136, 1, 740],
+["MacSierra_10_12_4_16E195x64", 18446743523963564384, 18446743523964379136, 1, 740],
+["MacLeopard_10_5_3_Intelx86", 4850472, 1708032, 0, 416],
+["MacLeopard_10_5_4_Intelx86", 4850488, 1708032, 0, 416],
+["MacLeopard_10_5_5_Intelx86", 4850568, 1708032, 0, 416],
+["MacLeopard_10_5_6_Intelx86", 4859540, 1712128, 0, 416],
+["MacLeopard_10_5_7_Intelx86", 4880064, 1716224, 0, 416],
+["MacLeopard_10_5_8_Intelx86", 4882736, 1716224, 0, 416],
+["MacLeopard_10_5_Intelx86", 4823024, 1703936, 0, 416],
+["MacSnowLeopard_10_6_1_AMDx64", 18446743523959762264, 18446743523956649984, 0, 700],
+["MacSnowLeopard_10_6_2_AMDx64", 18446743523959767128, 18446743523956654080, 0, 700],
+["MacSnowLeopard_10_6_4_AMDx64", 18446743523959767504, 18446743523956662272, 0, 700],
+["MacSnowLeopard_10_6_5_AMDx64", 18446743523959780720, 18446743523956666368, 0, 700],
+["MacSnowLeopard_10_6_6_AMDx64", 18446743523959780936, 18446743523956666368, 0, 700],
+["MacSnowLeopard_10_6_7_AMDx64", 18446743523959800160, 18446743523956666368, 0, 700],
+["MacSnowLeopard_10_6_8_AMDx64", 18446743523959819016, 18446743523956670464, 0, 700],
+["MacSnowLeopard_10_6_AMDx64", 18446743523959762264, 18446743523956649984, 0, 700],
+["MacSnowLeopard_10_6_1_Intelx86", 6139972, 2744320, 0, 420],
+["MacSnowLeopard_10_6_2_Intelx86", 6144688, 2748416, 0, 420],
+["MacSnowLeopard_10_6_3_Intelx86", 6139684, 2752512, 0, 420],
+["MacSnowLeopard_10_6_4_Intelx86", 6143412, 2752512, 0, 420],
+["MacSnowLeopard_10_6_5_Intelx86", 6165360, 2760704, 0, 420],
+["MacSnowLeopard_10_6_6_Intelx86", 6165676, 2760704, 0, 420],
+["MacSnowLeopard_10_6_7_Intelx86", 6186376, 2760704, 0, 420],
+["MacSnowLeopard_10_6_8_Intelx86", 6203832, 2764800, 0, 420],
+["MacSnowLeopard_10_6_Intelx86", 6139972, 2744320, 0, 420],
+["MacLion_10_7_1_AMDx64", 18446743523961030696, 18446743523956600832, 0, 716],
+["MacLion_10_7_2_AMDx64", 18446743523961030368, 18446743523956600832, 0, 716],
+["MacLion_10_7_3_AMDx64", 18446743523961032256, 18446743523956600832, 0, 716],
+["MacLion_10_7_4_AMDx64", 18446743523961048360, 18446743523956609024, 0, 716],
+["MacLion_10_7_5_AMDx64", 18446743523961053360, 18446743523956609024, 0, 716],
+["MacLion_10_7_AMDx64", 18446743523961030304, 18446743523956600832, 0, 716],
+["MacLion_10_7_1_Intelx86", 7447336, 2899968, 0, 444],
+["MacLion_10_7_2_Intelx86", 7451396, 2904064, 0, 444],
+["MacLion_10_7_3_Intelx86", 7453552, 2904064, 0, 444],
+["MacLion_10_7_4_Intelx86", 7464424, 2908160, 0, 444],
+["MacLion_10_7_5_Intelx86", 7468772, 2908160, 0, 444],
+["MacLion_10_7_Intelx86", 7446904, 2899968, 0, 444],
+["MacMountainLion_10_8_1_AMDx64", 18446743523961328192, 18446743523962269696, 1, 716],
+["MacMountainLion_10_8_2_12c54x64", 18446743523961340528, 18446743523962269696, 1, 716],
+["MacMountainLion_10_8_2_12c60x64", 18446743523961340528, 18446743523962269696, 1, 716],
+["MacMountainLion_10_8_2_AMDx64", 18446743523961340528, 18446743523962269696, 1, 716],
+["MacMountainLion_10_8_3_AMDx64", 18446743523961294000, 18446743523962269696, 1, 716],
+["MacMountainLion_10_8_4_12e55_AMDx64", 18446743523961302256, 18446743523962269696, 1, 716],
+["MacMountainLion_10_8_5_12F2518_AMDx64", 18446743523961347136, 18446743523962273792, 1, 716],
+["MacMountainLion_10_8_5_12f37_AMDx64", 18446743523961347136, 18446743523962273792, 1, 716],
+["MacMountainLion_10_8_5_12f45_AMDx64", 18446743523961347136, 18446743523962273792, 1, 716],
+["MacMavericks_10_9_1_AMDx64", 18446743523961749984, 18446743523962273792, 1, 724],
+["MacMavericks_10_9_2_13C1021_AMDx64", 18446743523961751392, 18446743523962273792, 1, 724],
+["MacMavericks_10_9_2__13C64_AMDx64", 18446743523961753424, 18446743523962273792, 1, 724],
+["MacMavericks_10_9_3_AMDx64", 18446743523961765744, 18446743523962273792, 1, 724],
+["MacMavericks_10_9_4_AMDx64", 18446743523961767008, 18446743523962273792, 1, 724],
+["MacMavericks_10_9_5_13F1077_AMDx64", 18446743523961774256, 18446743523962273792, 1, 724],
+["MacMavericks_10_9_5_AMDx64", 18446743523961765968, 18446743523962273792, 1, 724],
 ]
 
 class catfishScan(scan.BaseScanner):

From 0b59bd948ec19f9919a390dc8561432ea15a60cc Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sun, 9 Apr 2017 21:10:17 -0500
Subject: [PATCH 090/304] Mac - update mac_get_profile

---
 volatility/plugins/mac/get_profile.py | 166 +++++++++++++-------------
 1 file changed, 83 insertions(+), 83 deletions(-)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index 00e1ce3f6..01c79d640 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -32,89 +32,89 @@
 import volatility.plugins.mac.common as common
 
 profiles = [
-["MacYosemite_10_10_2_14C1514x64", 18446743523963607600, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_3_14D131x64", 18446743523963609408, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_3_14D136x64", 18446743523963609408, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_4_14E46x64", 18446743523963610496, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_5_14F1021x64", 18446743523963608704, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_5_14f1509x64", 18446743523963608704, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_5_14F1912x64", 18446743523963609312, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_5_14F2009x64", 18446743523963609536, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_5_14F2109x64", 18446743523963609536, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_5_14F2315x64", 18446743523963601344, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_5_14F27x64", 18446743523963608608, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_14A389x64", 18446743523963612480, 18446743523964534784, 1, 724],
-["MacYosemite_10_10_14B25x64", 18446743523963612480, 18446743523964534784, 1, 724],
-["MacElCapitan_10_11_1_15B42x64", 18446743523963517744, 18446743523964555264, 1, 724],
-["MacElCapitan_10_11_2_15C50x64", 18446743523963517440, 18446743523964555264, 1, 740],
-["MacElCapitan_10_11_3_15D13bx64", 18446743523963520864, 18446743523964555264, 1, 740],
-["MacElCapitan_10_11_3_15D21x64", 18446743523963520864, 18446743523964555264, 1, 740],
-["MacElCapitan_10_11_4_15E65x64", 18446743523963511520, 18446743523964555264, 1, 740],
-["MacElCapitan_10_11_5_15F34x64", 18446743523963513456, 18446743523964555264, 1, 740],
-["MacElCapitan_10_11_6_15G1004x64", 18446743523963516032, 18446743523964555264, 1, 740],
-["MacElCapitan_10_11_6_15G1108x64", 18446743523963516032, 18446743523964555264, 1, 740],
-["MacElCapitan_10_11_6_15G1212x64", 18446743523963503888, 18446743523964555264, 1, 740],
-["MacElCapitan_10_11_6_15G1217x64", 18446743523963503456, 18446743523964555264, 1, 740],
-["MacElCapitan_10_11_6_15G1421x64", 18446743523963503440, 18446743523964555264, 1, 740],
-["MacElCapitan_10_11_15A284x64", 18446743523963516960, 18446743523964547072, 1, 724],
-["MacSierra_10_12_0_16A323x64", 18446743523963569392, 18446743523964379136, 1, 740],
-["MacSierra_10_12_1_16B2657x64", 18446743523963568512, 18446743523964379136, 1, 740],
-["MacSierra_10_12_2_16C63ax64", 18446743523963567232, 18446743523964379136, 1, 740],
-["MacSierra_10_12_2_16C67x64", 18446743523963567232, 18446743523964379136, 1, 740],
-["MacSierra_10_12_3_16D32x64", 18446743523963567520, 18446743523964379136, 1, 740],
-["MacSierra_10_12_4_16E195x64", 18446743523963564384, 18446743523964379136, 1, 740],
-["MacLeopard_10_5_3_Intelx86", 4850472, 1708032, 0, 416],
-["MacLeopard_10_5_4_Intelx86", 4850488, 1708032, 0, 416],
-["MacLeopard_10_5_5_Intelx86", 4850568, 1708032, 0, 416],
-["MacLeopard_10_5_6_Intelx86", 4859540, 1712128, 0, 416],
-["MacLeopard_10_5_7_Intelx86", 4880064, 1716224, 0, 416],
-["MacLeopard_10_5_8_Intelx86", 4882736, 1716224, 0, 416],
-["MacLeopard_10_5_Intelx86", 4823024, 1703936, 0, 416],
-["MacSnowLeopard_10_6_1_AMDx64", 18446743523959762264, 18446743523956649984, 0, 700],
-["MacSnowLeopard_10_6_2_AMDx64", 18446743523959767128, 18446743523956654080, 0, 700],
-["MacSnowLeopard_10_6_4_AMDx64", 18446743523959767504, 18446743523956662272, 0, 700],
-["MacSnowLeopard_10_6_5_AMDx64", 18446743523959780720, 18446743523956666368, 0, 700],
-["MacSnowLeopard_10_6_6_AMDx64", 18446743523959780936, 18446743523956666368, 0, 700],
-["MacSnowLeopard_10_6_7_AMDx64", 18446743523959800160, 18446743523956666368, 0, 700],
-["MacSnowLeopard_10_6_8_AMDx64", 18446743523959819016, 18446743523956670464, 0, 700],
-["MacSnowLeopard_10_6_AMDx64", 18446743523959762264, 18446743523956649984, 0, 700],
-["MacSnowLeopard_10_6_1_Intelx86", 6139972, 2744320, 0, 420],
-["MacSnowLeopard_10_6_2_Intelx86", 6144688, 2748416, 0, 420],
-["MacSnowLeopard_10_6_3_Intelx86", 6139684, 2752512, 0, 420],
-["MacSnowLeopard_10_6_4_Intelx86", 6143412, 2752512, 0, 420],
-["MacSnowLeopard_10_6_5_Intelx86", 6165360, 2760704, 0, 420],
-["MacSnowLeopard_10_6_6_Intelx86", 6165676, 2760704, 0, 420],
-["MacSnowLeopard_10_6_7_Intelx86", 6186376, 2760704, 0, 420],
-["MacSnowLeopard_10_6_8_Intelx86", 6203832, 2764800, 0, 420],
-["MacSnowLeopard_10_6_Intelx86", 6139972, 2744320, 0, 420],
-["MacLion_10_7_1_AMDx64", 18446743523961030696, 18446743523956600832, 0, 716],
-["MacLion_10_7_2_AMDx64", 18446743523961030368, 18446743523956600832, 0, 716],
-["MacLion_10_7_3_AMDx64", 18446743523961032256, 18446743523956600832, 0, 716],
-["MacLion_10_7_4_AMDx64", 18446743523961048360, 18446743523956609024, 0, 716],
-["MacLion_10_7_5_AMDx64", 18446743523961053360, 18446743523956609024, 0, 716],
-["MacLion_10_7_AMDx64", 18446743523961030304, 18446743523956600832, 0, 716],
-["MacLion_10_7_1_Intelx86", 7447336, 2899968, 0, 444],
-["MacLion_10_7_2_Intelx86", 7451396, 2904064, 0, 444],
-["MacLion_10_7_3_Intelx86", 7453552, 2904064, 0, 444],
-["MacLion_10_7_4_Intelx86", 7464424, 2908160, 0, 444],
-["MacLion_10_7_5_Intelx86", 7468772, 2908160, 0, 444],
-["MacLion_10_7_Intelx86", 7446904, 2899968, 0, 444],
-["MacMountainLion_10_8_1_AMDx64", 18446743523961328192, 18446743523962269696, 1, 716],
-["MacMountainLion_10_8_2_12c54x64", 18446743523961340528, 18446743523962269696, 1, 716],
-["MacMountainLion_10_8_2_12c60x64", 18446743523961340528, 18446743523962269696, 1, 716],
-["MacMountainLion_10_8_2_AMDx64", 18446743523961340528, 18446743523962269696, 1, 716],
-["MacMountainLion_10_8_3_AMDx64", 18446743523961294000, 18446743523962269696, 1, 716],
-["MacMountainLion_10_8_4_12e55_AMDx64", 18446743523961302256, 18446743523962269696, 1, 716],
-["MacMountainLion_10_8_5_12F2518_AMDx64", 18446743523961347136, 18446743523962273792, 1, 716],
-["MacMountainLion_10_8_5_12f37_AMDx64", 18446743523961347136, 18446743523962273792, 1, 716],
-["MacMountainLion_10_8_5_12f45_AMDx64", 18446743523961347136, 18446743523962273792, 1, 716],
-["MacMavericks_10_9_1_AMDx64", 18446743523961749984, 18446743523962273792, 1, 724],
-["MacMavericks_10_9_2_13C1021_AMDx64", 18446743523961751392, 18446743523962273792, 1, 724],
-["MacMavericks_10_9_2__13C64_AMDx64", 18446743523961753424, 18446743523962273792, 1, 724],
-["MacMavericks_10_9_3_AMDx64", 18446743523961765744, 18446743523962273792, 1, 724],
-["MacMavericks_10_9_4_AMDx64", 18446743523961767008, 18446743523962273792, 1, 724],
-["MacMavericks_10_9_5_13F1077_AMDx64", 18446743523961774256, 18446743523962273792, 1, 724],
-["MacMavericks_10_9_5_AMDx64", 18446743523961765968, 18446743523962273792, 1, 724],
+["MacYosemite_10_10_2_14C1514x64", 18446743523963607600, 18446743523964534784, 1],
+["MacYosemite_10_10_3_14D131x64", 18446743523963609408, 18446743523964534784, 1],
+["MacYosemite_10_10_3_14D136x64", 18446743523963609408, 18446743523964534784, 1],
+["MacYosemite_10_10_4_14E46x64", 18446743523963610496, 18446743523964534784, 1],
+["MacYosemite_10_10_5_14F1021x64", 18446743523963608704, 18446743523964534784, 1],
+["MacYosemite_10_10_5_14f1509x64", 18446743523963608704, 18446743523964534784, 1],
+["MacYosemite_10_10_5_14F1912x64", 18446743523963609312, 18446743523964534784, 1],
+["MacYosemite_10_10_5_14F2009x64", 18446743523963609536, 18446743523964534784, 1],
+["MacYosemite_10_10_5_14F2109x64", 18446743523963609536, 18446743523964534784, 1],
+["MacYosemite_10_10_5_14F2315x64", 18446743523963601344, 18446743523964534784, 1],
+["MacYosemite_10_10_5_14F27x64", 18446743523963608608, 18446743523964534784, 1],
+["MacYosemite_10_10_14A389x64", 18446743523963612480, 18446743523964534784, 1],
+["MacYosemite_10_10_14B25x64", 18446743523963612480, 18446743523964534784, 1],
+["MacElCapitan_10_11_1_15B42x64", 18446743523963517744, 18446743523964555264, 1],
+["MacElCapitan_10_11_2_15C50x64", 18446743523963517440, 18446743523964555264, 1],
+["MacElCapitan_10_11_3_15D13bx64", 18446743523963520864, 18446743523964555264, 1],
+["MacElCapitan_10_11_3_15D21x64", 18446743523963520864, 18446743523964555264, 1],
+["MacElCapitan_10_11_4_15E65x64", 18446743523963511520, 18446743523964555264, 1],
+["MacElCapitan_10_11_5_15F34x64", 18446743523963513456, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G1004x64", 18446743523963516032, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G1108x64", 18446743523963516032, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G1212x64", 18446743523963503888, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G1217x64", 18446743523963503456, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G1421x64", 18446743523963503440, 18446743523964555264, 1],
+["MacElCapitan_10_11_15A284x64", 18446743523963516960, 18446743523964547072, 1],
+["MacSierra_10_12_0_16A323x64", 18446743523963569392, 18446743523964379136, 1],
+["MacSierra_10_12_1_16B2657x64", 18446743523963568512, 18446743523964379136, 1],
+["MacSierra_10_12_2_16C63ax64", 18446743523963567232, 18446743523964379136, 1],
+["MacSierra_10_12_2_16C67x64", 18446743523963567232, 18446743523964379136, 1],
+["MacSierra_10_12_3_16D32x64", 18446743523963567520, 18446743523964379136, 1],
+["MacSierra_10_12_4_16E195x64", 18446743523963564384, 18446743523964379136, 1],
+["MacLeopard_10_5_3_Intelx86", 4850472, 1708032, 0],
+["MacLeopard_10_5_4_Intelx86", 4850488, 1708032, 0],
+["MacLeopard_10_5_5_Intelx86", 4850568, 1708032, 0],
+["MacLeopard_10_5_6_Intelx86", 4859540, 1712128, 0],
+["MacLeopard_10_5_7_Intelx86", 4880064, 1716224, 0],
+["MacLeopard_10_5_8_Intelx86", 4882736, 1716224, 0],
+["MacLeopard_10_5_Intelx86", 4823024, 1703936, 0],
+["MacSnowLeopard_10_6_1_AMDx64", 18446743523959762264, 18446743523956649984, 0],
+["MacSnowLeopard_10_6_2_AMDx64", 18446743523959767128, 18446743523956654080, 0],
+["MacSnowLeopard_10_6_4_AMDx64", 18446743523959767504, 18446743523956662272, 0],
+["MacSnowLeopard_10_6_5_AMDx64", 18446743523959780720, 18446743523956666368, 0],
+["MacSnowLeopard_10_6_6_AMDx64", 18446743523959780936, 18446743523956666368, 0],
+["MacSnowLeopard_10_6_7_AMDx64", 18446743523959800160, 18446743523956666368, 0],
+["MacSnowLeopard_10_6_8_AMDx64", 18446743523959819016, 18446743523956670464, 0],
+["MacSnowLeopard_10_6_AMDx64", 18446743523959762264, 18446743523956649984, 0],
+["MacSnowLeopard_10_6_1_Intelx86", 6139972, 2744320, 0],
+["MacSnowLeopard_10_6_2_Intelx86", 6144688, 2748416, 0],
+["MacSnowLeopard_10_6_3_Intelx86", 6139684, 2752512, 0],
+["MacSnowLeopard_10_6_4_Intelx86", 6143412, 2752512, 0],
+["MacSnowLeopard_10_6_5_Intelx86", 6165360, 2760704, 0],
+["MacSnowLeopard_10_6_6_Intelx86", 6165676, 2760704, 0],
+["MacSnowLeopard_10_6_7_Intelx86", 6186376, 2760704, 0],
+["MacSnowLeopard_10_6_8_Intelx86", 6203832, 2764800, 0],
+["MacSnowLeopard_10_6_Intelx86", 6139972, 2744320, 0],
+["MacLion_10_7_1_AMDx64", 18446743523961030696, 18446743523956600832, 0],
+["MacLion_10_7_2_AMDx64", 18446743523961030368, 18446743523956600832, 0],
+["MacLion_10_7_3_AMDx64", 18446743523961032256, 18446743523956600832, 0],
+["MacLion_10_7_4_AMDx64", 18446743523961048360, 18446743523956609024, 0],
+["MacLion_10_7_5_AMDx64", 18446743523961053360, 18446743523956609024, 0],
+["MacLion_10_7_AMDx64", 18446743523961030304, 18446743523956600832, 0],
+["MacLion_10_7_1_Intelx86", 7447336, 2899968, 0],
+["MacLion_10_7_2_Intelx86", 7451396, 2904064, 0],
+["MacLion_10_7_3_Intelx86", 7453552, 2904064, 0],
+["MacLion_10_7_4_Intelx86", 7464424, 2908160, 0],
+["MacLion_10_7_5_Intelx86", 7468772, 2908160, 0],
+["MacLion_10_7_Intelx86", 7446904, 2899968, 0],
+["MacMountainLion_10_8_1_AMDx64", 18446743523961328192, 18446743523962269696, 1],
+["MacMountainLion_10_8_2_12c54x64", 18446743523961340528, 18446743523962269696, 1],
+["MacMountainLion_10_8_2_12c60x64", 18446743523961340528, 18446743523962269696, 1],
+["MacMountainLion_10_8_2_AMDx64", 18446743523961340528, 18446743523962269696, 1],
+["MacMountainLion_10_8_3_AMDx64", 18446743523961294000, 18446743523962269696, 1],
+["MacMountainLion_10_8_4_12e55_AMDx64", 18446743523961302256, 18446743523962269696, 1],
+["MacMountainLion_10_8_5_12F2518_AMDx64", 18446743523961347136, 18446743523962273792, 1],
+["MacMountainLion_10_8_5_12f37_AMDx64", 18446743523961347136, 18446743523962273792, 1],
+["MacMountainLion_10_8_5_12f45_AMDx64", 18446743523961347136, 18446743523962273792, 1],
+["MacMavericks_10_9_1_AMDx64", 18446743523961749984, 18446743523962273792, 1],
+["MacMavericks_10_9_2_13C1021_AMDx64", 18446743523961751392, 18446743523962273792, 1],
+["MacMavericks_10_9_2__13C64_AMDx64", 18446743523961753424, 18446743523962273792, 1],
+["MacMavericks_10_9_3_AMDx64", 18446743523961765744, 18446743523962273792, 1],
+["MacMavericks_10_9_4_AMDx64", 18446743523961767008, 18446743523962273792, 1],
+["MacMavericks_10_9_5_13F1077_AMDx64", 18446743523961774256, 18446743523962273792, 1],
+["MacMavericks_10_9_5_AMDx64", 18446743523961765968, 18446743523962273792, 1],
 ]
 
 class catfishScan(scan.BaseScanner):

From 1517764e3531ffbb143a5079418b28d04f6dc41e Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 10 Apr 2017 10:25:24 -0500
Subject: [PATCH 091/304] Mac - add manual cnode defintion for 10.12.x

---
 volatility/plugins/overlays/mac/mac.py | 41 ++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 74ae8c19f..ff80d3040 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -148,6 +148,47 @@ def modification(self, profile):
         else:
             profile.vtypes.update(mig_vtypes_64)
 
+# this change was introduced in 10.12 (Sierra), which only has 64 bit versions
+cnode_vtypes = {
+    'cat_attr': [ 0x78, {
+        'ca_fileid': [0x0, ['unsigned int']],
+        'ca_mode': [0x4, ['unsigned short']],
+        'ca_recflags': [0x6, ['unsigned short']],
+        'ca_linkcount': [0x8, ['unsigned int']],
+        'ca_uid': [0xc, ['unsigned int']],
+        'ca_gid': [0x10, ['unsigned int']],
+        'ca_atime': [0x18, ['long']],
+        'ca_atimeondisk': [0x20, ['long']],
+        'ca_mtime': [0x28, ['long']],
+        'ca_ctime': [0x30, ['long']],
+        'ca_itime': [0x38, ['long']],
+        'ca_btime': [0x40, ['long']],
+        'ca_flags': [0x48, ['unsigned int']],
+    }],
+
+    'cnode': [ 0x148, {
+        'c_flag': [0x40, ['unsigned int']],
+        'c_hflag': [0x44, ['unsigned int']],
+        'c_vp': [0x48, ['pointer', ['vnode']]],
+        'c_rsrc_vp': [0x50, ['pointer', ['vnode']]],
+        'c_childhint': [0x68, ['unsigned int']],
+        'c_dirthreadhint': [0x6c, ['unsigned int']],
+        'c_attr': [0x88, ['cat_attr']],
+        'c_dirhinttag': [0x120, ['short']],
+        'c_dirchangecnt': [0x124, ['unsigned int']],
+        'c_touch_acctime': [0x138, ['unsigned char']],
+        'c_touch_chgtime': [0x139, ['unsigned char']],
+        'c_touch_modtime': [0x13a, ['unsigned char']],
+        'c_update_txn': [0x13c, ['unsigned int']],
+    }],
+}
+
+class CNodeTypes(obj.ProfileModification):
+    conditions = {"os" : lambda x : x in ["mac"]}
+
+    def modification(self, profile):
+        if not profile.vtypes.get("cnode"):
+            profile.vtypes.update(cnode_vtypes)
 
 class catfishScan(scan.BaseScanner):
     """ Scanner for Catfish string for Mountain Lion """

From 8061c104553834cb829a2ecb6ea659a29d6122be Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 11 Apr 2017 21:58:52 -0500
Subject: [PATCH 092/304] fix duplicate underscore in mac profile name

---
 volatility/plugins/mac/get_profile.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index 01c79d640..145bac79f 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -110,7 +110,7 @@
 ["MacMountainLion_10_8_5_12f45_AMDx64", 18446743523961347136, 18446743523962273792, 1],
 ["MacMavericks_10_9_1_AMDx64", 18446743523961749984, 18446743523962273792, 1],
 ["MacMavericks_10_9_2_13C1021_AMDx64", 18446743523961751392, 18446743523962273792, 1],
-["MacMavericks_10_9_2__13C64_AMDx64", 18446743523961753424, 18446743523962273792, 1],
+["MacMavericks_10_9_2_13C64_AMDx64", 18446743523961753424, 18446743523962273792, 1],
 ["MacMavericks_10_9_3_AMDx64", 18446743523961765744, 18446743523962273792, 1],
 ["MacMavericks_10_9_4_AMDx64", 18446743523961767008, 18446743523962273792, 1],
 ["MacMavericks_10_9_5_13F1077_AMDx64", 18446743523961774256, 18446743523962273792, 1],

From 595ef3c388dc59b23fb44466269c4db11aee533a Mon Sep 17 00:00:00 2001
From: Bastian Neuburger <b.neuburger@gsi.de>
Date: Tue, 4 Apr 2017 09:36:39 +0200
Subject: [PATCH 093/304] Use read_long_long_phys for LinuxAMD64PagedMemory
 address space insted of read_long_phys

---
 volatility/plugins/linux/threads.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/threads.py b/volatility/plugins/linux/threads.py
index bb4d7b532..9178e153f 100644
--- a/volatility/plugins/linux/threads.py
+++ b/volatility/plugins/linux/threads.py
@@ -71,7 +71,10 @@ def get_addr_limit(self,thread, addrvar_offset = 8 ):
         """
         addr_space = thread.get_process_address_space()
         offset = thread.obj_offset + addrvar_offset
-        return addr_space.read_long_phys(offset)
+        if addr_space.__class__ == "LinuxAMD64PagedMemory":
+            return addr_space.read_long_long_phys(offset)
+        else:
+            return addr_space.read_long_phys(offset)
 
     def render_text(self, outfd, data):
         for task in data:

From bb8f18345b94c3d2bb0b2d3f367d566808e15199 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 14 Apr 2017 23:21:09 -0500
Subject: [PATCH 094/304] commit aa015f581356fea3df85cb99aa892fb7ba809f1f
 changed the way we detect encrypted KDBG on x64 Win 8 and above, but
 overlooked the fact that the timers plugin also needs to find the encrypted
 KDBG entropy values in order to decode DPC addresses for x64 Vista/7. this
 patch removes the minor version requirement (i.e. the 4 part of 6.4) so that
 it matches Vista/7 as well. a subsequent check for KDBG OwnerTag prevents FPs
 with kdbgscan

---
 volatility/plugins/overlays/windows/win8_kdbg.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/volatility/plugins/overlays/windows/win8_kdbg.py b/volatility/plugins/overlays/windows/win8_kdbg.py
index 831b5f875..a602aa80d 100644
--- a/volatility/plugins/overlays/windows/win8_kdbg.py
+++ b/volatility/plugins/overlays/windows/win8_kdbg.py
@@ -97,8 +97,7 @@ def unique_sizes(self):
         for name, cls in items:
             try:
                 if (not cls.conditions["os"]("windows") or 
-                        not cls.conditions["major"](6) or 
-                        not cls.conditions["minor"](4)):
+                        not cls.conditions["major"](6)):
                     continue
 
                 sizes.add(cls.kdbgsize)
@@ -251,9 +250,10 @@ def copy_data_block(self, full_addr):
             kdbg.newattr('wait_never', wait_never)
             kdbg.newattr('wait_always', wait_always)                    
 
-            return kdbg
-        else:
-            return obj.NoneObject("Cannot find decoding entropy values")
+            if kdbg.Header.OwnerTag == 0x4742444b:
+                return kdbg
+                
+        return obj.NoneObject("Cannot find decoding entropy values")
 
     def generate_suggestions(self):
         """Generates a list of possible KDBG structure locations"""

From aebbb399bd002ebe97a7ce5752205577cc05607d Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Sun, 16 Apr 2017 17:29:38 -0500
Subject: [PATCH 095/304] add a new set of registry offsets to fix hivelist
 (and all other registry based plugins) on windows 10 x64 14393.953

---
 volatility/plugins/bigpagepools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index b4e85942a..6341d860d 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32]],
             (6, 4, '32bit') : [[-168, -164]],
         }
 

From ac9642e0f70d0928dcae977f8d1fbddbdbfad6ed Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Mon, 17 Apr 2017 12:31:59 -0500
Subject: [PATCH 096/304] Adding support for svcscan on 32- and 64-bit Windows
 10 15063 (Creators Update)

---
 volatility/plugins/malware/svcscan.py | 51 +++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/volatility/plugins/malware/svcscan.py b/volatility/plugins/malware/svcscan.py
index 61593bb94..94ffa86ae 100644
--- a/volatility/plugins/malware/svcscan.py
+++ b/volatility/plugins/malware/svcscan.py
@@ -295,6 +295,31 @@ def modification(self, profile):
             'ProcessId': [ 0x20, ['unsigned int']],
             } ],
         })
+        
+class Service10_15063x64(obj.ProfileModification):
+    """Service structures for Win10 15063 (Creators)"""
+
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x64', 'ServiceVistax64']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x == 15063,
+                  'memory_model': lambda x: x == '64bit'}
+
+    def modification(self, profile):
+        profile.merge_overlay({
+            '_SERVICE_RECORD' : [ None, {
+            'PrevEntry': [ 0x10, ['pointer', ['_SERVICE_RECORD']]],
+            'ServiceName' : [ 0x38, ['pointer', ['String', dict(encoding = 'utf16', length = 512)]]],
+            'DisplayName' : [ 0x40, ['pointer', ['String', dict(encoding = 'utf16', length = 512)]]],
+            'Order' : [ 0x20, ['unsigned int']],
+            'DriverName' : [ 0xe8, ['pointer', ['String', dict(encoding = 'utf16', length = 256)]]],
+            'ServiceProcess' : [ 0xe8, ['pointer', ['_SERVICE_PROCESS']]],
+            'Type' : [ 0x48, ['Flags', {'bitmap': SERVICE_TYPE_FLAGS}]],
+            'State' : [ 0x4C, ['Enumeration', dict(target = 'long', choices = SERVICE_STATE_ENUM)]],
+            'Start' : [ 0x24, ['Enumeration', dict(target = 'long', choices = SERVICE_START_ENUM)]],
+            } ],
+        })
 
 class Service8x86(obj.ProfileModification):
     """Service structures for Win8/8.1 32-bit"""
@@ -325,6 +350,32 @@ def modification(self, profile):
             } ],
         })
 
+class Service10_15063x86(obj.ProfileModification):
+    """Service structures for Win10 15063 (Creators)"""
+
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x86']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x == 15063,
+                  'memory_model': lambda x: x == '32bit'}
+
+    def modification(self, profile):
+        profile.vtypes.update({
+            '_SERVICE_RECORD' : [ None, {
+            'PrevEntry': [ 0xC, ['pointer', ['_SERVICE_RECORD']]],
+            'ServiceName' : [ 0x2C, ['pointer', ['String', dict(encoding = 'utf16', length = 512)]]],
+            'DisplayName' : [ 0x30, ['pointer', ['String', dict(encoding = 'utf16', length = 512)]]],
+            'Order' : [ 0x14, ['unsigned int']],
+            'DriverName' : [ 0x9C, ['pointer', ['String', dict(encoding = 'utf16', length = 256)]]],
+            'ServiceProcess' : [ 0x9C, ['pointer', ['_SERVICE_PROCESS']]],
+            ## needs updating
+            'Type' : [ 0x34, ['Flags', {'bitmap': SERVICE_TYPE_FLAGS}]],
+            'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = SERVICE_STATE_ENUM)]],
+            'Start' : [ 0x18, ['Enumeration', dict(target = 'long', choices = SERVICE_START_ENUM)]],
+            } ],
+        })
+
 #--------------------------------------------------------------------------------
 # svcscan plugin 
 #--------------------------------------------------------------------------------

From 91ba49d0a5d2bb92bdedad38b58152cfff0544da Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Tue, 18 Apr 2017 08:37:40 -0500
Subject: [PATCH 097/304] Mac - update file extraction to support 10.12.x

---
 volatility/plugins/overlays/mac/mac.py | 47 +++++++++++++++++++++-----
 1 file changed, 39 insertions(+), 8 deletions(-)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index ff80d3040..78eac77c1 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -329,14 +329,45 @@ def full_path(self):
 
         return ret
 
-    def get_contents(self):
-        moc  = self.v_un.vu_ubcinfo.ui_control.moc_object
-        memq = moc.memq 
+    '''
+    static inline uintptr_t vm_page_unpack_ptr(uintptr_t p)
+    {
+            if (!p) 
+                    return ((uintptr_t)0);
+
+            if (p & VM_PACKED_FROM_VM_PAGES_ARRAY)
+                    return ((uintptr_t)(&vm_pages[(uint32_t)(p & ~VM_PACKED_FROM_VM_PAGES_ARRAY)]));
+            return (((p << VM_PACKED_POINTER_SHIFT) + (uintptr_t) VM_MIN_KERNEL_AND_KEXT_ADDRESS));
+    }
+    '''
+    def _get_next_page(self, memq):
+        # packed pointer, in 10.12+
+        p = memq.m("next")
+
+        if p == 0 or p == None:
+            ret = None
+        
+        elif self.obj_vm.profile.metadata.get('memory_model', 0) == "64bit" and p.size() == 4:  
+            
+            if p & 0x80000000 != 0:
+                vm_pages_ptr = self.obj_vm.profile.get_symbol("_vm_pages")
+                vm_pages_addr = obj.Object("unsigned long long", offset = vm_pages_ptr, vm = self.obj_vm)
+                ret_addr = vm_pages_addr + ((p & ~0x80000000) * 8)
+            else:
+                ret_addr = (p << 6) + 0xffffff7f80000000  
+
+            ret = obj.Object("vm_page", offset = ret_addr, vm = self.obj_vm)
+        else:
+            ret = p.dereference_as("vm_page")
 
-        cur = memq.m("next").dereference_as("vm_page")
+        return ret
+
+    def get_contents(self):
+        memq = self.v_un.vu_ubcinfo.ui_control.moc_object.memq
+        cur = self._get_next_page(memq)
 
         file_size = self.v_un.vu_ubcinfo.ui_size
-        phys_as = utils.load_as(self.obj_vm.get_config(), astype = 'physical')
+        phys_as   = self.obj_vm.base
 
         idx = 0
         written = 0
@@ -345,13 +376,13 @@ def get_contents(self):
             # the last element of the queue seems to track the size of the queue
             if cur.offset != 0 and cur.offset == idx:
                 break
-                
+            
             if cur.phys_page != 0 and cur.offset >= 0:
                 sz = 4096
 
                 if file_size - written < 4096:
                     sz = file_size - written
-
+                
                 buf = phys_as.zread(cur.phys_page * 4096, sz)
 
                 yield (cur.offset.v(), buf)
@@ -359,7 +390,7 @@ def get_contents(self):
             idx     = idx + 1
             written = written + 4096
 
-            cur = cur.listq.next.dereference_as("vm_page")
+            cur = self._get_next_page(cur.listq)
 
 class fileglob(obj.CType):
     

From dc7bf5bb3ba48b88a4c1e9735e884b6e301e9001 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Wed, 19 Apr 2017 00:58:50 -0500
Subject: [PATCH 098/304] Mac - update get profile for combined profiles and
 with collision detection

---
 volatility/plugins/mac/get_profile.py | 82 +++++++++++++++++----------
 1 file changed, 53 insertions(+), 29 deletions(-)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index 145bac79f..08ef3189c 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -31,28 +31,23 @@
 import volatility.registry as registry
 import volatility.plugins.mac.common as common
 
+
 profiles = [
 ["MacYosemite_10_10_2_14C1514x64", 18446743523963607600, 18446743523964534784, 1],
-["MacYosemite_10_10_3_14D131x64", 18446743523963609408, 18446743523964534784, 1],
-["MacYosemite_10_10_3_14D136x64", 18446743523963609408, 18446743523964534784, 1],
+["MacYosemite_10_10_3_14D131_14D136x64", 18446743523963609408, 18446743523964534784, 1],
 ["MacYosemite_10_10_4_14E46x64", 18446743523963610496, 18446743523964534784, 1],
-["MacYosemite_10_10_5_14F1021x64", 18446743523963608704, 18446743523964534784, 1],
-["MacYosemite_10_10_5_14f1509x64", 18446743523963608704, 18446743523964534784, 1],
+["MacYosemite_10_10_5_14F1021_14f1509x64", 18446743523963608704, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F1912x64", 18446743523963609312, 18446743523964534784, 1],
-["MacYosemite_10_10_5_14F2009x64", 18446743523963609536, 18446743523964534784, 1],
-["MacYosemite_10_10_5_14F2109x64", 18446743523963609536, 18446743523964534784, 1],
+["MacYosemite_10_10_5_14F2009_14F2109x64", 18446743523963609536, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F2315x64", 18446743523963601344, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F27x64", 18446743523963608608, 18446743523964534784, 1],
-["MacYosemite_10_10_14A389x64", 18446743523963612480, 18446743523964534784, 1],
-["MacYosemite_10_10_14B25x64", 18446743523963612480, 18446743523964534784, 1],
+["MacYosemite_10_10_14A389_14B25x64", 18446743523963612480, 18446743523964534784, 1],
 ["MacElCapitan_10_11_1_15B42x64", 18446743523963517744, 18446743523964555264, 1],
 ["MacElCapitan_10_11_2_15C50x64", 18446743523963517440, 18446743523964555264, 1],
-["MacElCapitan_10_11_3_15D13bx64", 18446743523963520864, 18446743523964555264, 1],
-["MacElCapitan_10_11_3_15D21x64", 18446743523963520864, 18446743523964555264, 1],
+["MacElCapitan_10_11_3_15D21_15D13bx64", 18446743523963520864, 18446743523964555264, 1],
 ["MacElCapitan_10_11_4_15E65x64", 18446743523963511520, 18446743523964555264, 1],
 ["MacElCapitan_10_11_5_15F34x64", 18446743523963513456, 18446743523964555264, 1],
-["MacElCapitan_10_11_6_15G1004x64", 18446743523963516032, 18446743523964555264, 1],
-["MacElCapitan_10_11_6_15G1108x64", 18446743523963516032, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G1004_15G1108x64", 18446743523963516032, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1212x64", 18446743523963503888, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1217x64", 18446743523963503456, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1421x64", 18446743523963503440, 18446743523964555264, 1],
@@ -70,15 +65,13 @@
 ["MacLeopard_10_5_7_Intelx86", 4880064, 1716224, 0],
 ["MacLeopard_10_5_8_Intelx86", 4882736, 1716224, 0],
 ["MacLeopard_10_5_Intelx86", 4823024, 1703936, 0],
-["MacSnowLeopard_10_6_1_AMDx64", 18446743523959762264, 18446743523956649984, 0],
 ["MacSnowLeopard_10_6_2_AMDx64", 18446743523959767128, 18446743523956654080, 0],
 ["MacSnowLeopard_10_6_4_AMDx64", 18446743523959767504, 18446743523956662272, 0],
 ["MacSnowLeopard_10_6_5_AMDx64", 18446743523959780720, 18446743523956666368, 0],
 ["MacSnowLeopard_10_6_6_AMDx64", 18446743523959780936, 18446743523956666368, 0],
 ["MacSnowLeopard_10_6_7_AMDx64", 18446743523959800160, 18446743523956666368, 0],
 ["MacSnowLeopard_10_6_8_AMDx64", 18446743523959819016, 18446743523956670464, 0],
-["MacSnowLeopard_10_6_AMDx64", 18446743523959762264, 18446743523956649984, 0],
-["MacSnowLeopard_10_6_1_Intelx86", 6139972, 2744320, 0],
+["MacSnowLeopard_10_6_10_6_1_AMDx64", 18446743523959762264, 18446743523956649984, 0],
 ["MacSnowLeopard_10_6_2_Intelx86", 6144688, 2748416, 0],
 ["MacSnowLeopard_10_6_3_Intelx86", 6139684, 2752512, 0],
 ["MacSnowLeopard_10_6_4_Intelx86", 6143412, 2752512, 0],
@@ -86,7 +79,7 @@
 ["MacSnowLeopard_10_6_6_Intelx86", 6165676, 2760704, 0],
 ["MacSnowLeopard_10_6_7_Intelx86", 6186376, 2760704, 0],
 ["MacSnowLeopard_10_6_8_Intelx86", 6203832, 2764800, 0],
-["MacSnowLeopard_10_6_Intelx86", 6139972, 2744320, 0],
+["MacSnowLeopard_10_6_10_6_1_Intelx86", 6139972, 2744320, 0],
 ["MacLion_10_7_1_AMDx64", 18446743523961030696, 18446743523956600832, 0],
 ["MacLion_10_7_2_AMDx64", 18446743523961030368, 18446743523956600832, 0],
 ["MacLion_10_7_3_AMDx64", 18446743523961032256, 18446743523956600832, 0],
@@ -100,9 +93,7 @@
 ["MacLion_10_7_5_Intelx86", 7468772, 2908160, 0],
 ["MacLion_10_7_Intelx86", 7446904, 2899968, 0],
 ["MacMountainLion_10_8_1_AMDx64", 18446743523961328192, 18446743523962269696, 1],
-["MacMountainLion_10_8_2_12c54x64", 18446743523961340528, 18446743523962269696, 1],
-["MacMountainLion_10_8_2_12c60x64", 18446743523961340528, 18446743523962269696, 1],
-["MacMountainLion_10_8_2_AMDx64", 18446743523961340528, 18446743523962269696, 1],
+["MacMountainLion_10_8_2_12c54_12c60x64", 18446743523961340528, 18446743523962269696, 1],
 ["MacMountainLion_10_8_3_AMDx64", 18446743523961294000, 18446743523962269696, 1],
 ["MacMountainLion_10_8_4_12e55_AMDx64", 18446743523961302256, 18446743523962269696, 1],
 ["MacMountainLion_10_8_5_12F2518_AMDx64", 18446743523961347136, 18446743523962273792, 1],
@@ -117,6 +108,19 @@
 ["MacMavericks_10_9_5_AMDx64", 18446743523961765968, 18446743523962273792, 1],
 ]
 
+collisions_10_8_5 = {
+    "MacMountainLion_10_8_5_12F2518_AMDx64" : "xnu-2050.48.19~1",
+    "MacMountainLion_10_8_5_12f37_AMDx64"   : "xnu-2050.48.11~1",
+    "MacMountainLion_10_8_5_12f45_AMDx64"   : "xnu-2050.48.12~1",
+}
+
+collisions_10_12_2 = {
+    "MacSierra_10_12_2_16C63ax64" : "Tue Nov 29 12:39:07",
+    "MacSierra_10_12_2_16C67x64"  : "Thu Nov 17 20:23:58",
+}
+
+collision_sets = [collisions_10_8_5, collisions_10_12_2]
+
 class catfishScan(scan.BaseScanner):
     """ Scanner for Catfish string for Mountain Lion """
     checks = []
@@ -135,15 +139,33 @@ class mac_get_profile(common.AbstractMacCommand):
     """Automatically detect Mac profiles"""
 
     @staticmethod
-    def check_address(ver_addr, aspace):
+    def check_address(profile, ver_addr, aspace):
+        ret = None
+        sig = "Darwin Kernel"
+        
         if ver_addr > 0xffffffff:
             ver_addr = ver_addr - 0xffffff8000000000
         elif ver_addr > 0xc0000000:
             ver_addr = ver_addr - 0xc0000000
 
-        ver_buf = aspace.read(ver_addr, 32)
-        sig = "Darwin Kernel"
-        return ver_buf and ver_buf.startswith(sig)
+        ver_buf = aspace.read(ver_addr, 128)
+        
+        if ver_buf and ver_buf.startswith(sig):
+            ret = profile
+            
+            for collision_set in collision_sets:
+                # check if profile is within a collision set
+                if profile in collision_set:
+                    # if it is, then walk all profiles in that set to find the proper one
+                    for test_profile, test_string in collision_set.items():
+                        if ver_buf.find(test_string) != -1:
+                            ret = test_profile
+                            break
+
+                    # no need to keep looking if we found the profile in a collision set already      
+                    break
+
+        return ret
 
     @staticmethod
     def guess_profile(aspace):
@@ -158,11 +180,12 @@ def guess_profile(aspace):
             
             On failure, it implicitly returns None.
         """
-        
+ 
         for data in profiles:
-            if mac_get_profile.check_address(data[1], aspace):
-                return data[0], 0 
-            
+            ret = mac_get_profile.check_address(data[0], data[1], aspace)
+            if ret:
+                return ret, 0 
+
         # didn't find a direct translation, so look for KASLR kernels
         scanner = catfishScan(needles = ["Catfish \x00\x00"])
         for catfish_offset in scanner.scan(aspace):
@@ -175,8 +198,9 @@ def guess_profile(aspace):
 
                 ver_addr += shift_address
                 
-                if mac_get_profile.check_address(ver_addr, aspace):
-                    return profile, shift_address
+                ret = mac_get_profile.check_address(profile, ver_addr, aspace)
+                if ret:    
+                    return ret, shift_address
 
     def calculate(self):
         aspace = utils.load_as(self._config, astype = 'physical')

From 172324eae3ddd19e688ea753c15e5809294adb85 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Wed, 19 Apr 2017 13:45:43 -0500
Subject: [PATCH 099/304] mac - update get profile

---
 volatility/plugins/mac/get_profile.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index 08ef3189c..46c54b997 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -31,7 +31,6 @@
 import volatility.registry as registry
 import volatility.plugins.mac.common as common
 
-
 profiles = [
 ["MacYosemite_10_10_2_14C1514x64", 18446743523963607600, 18446743523964534784, 1],
 ["MacYosemite_10_10_3_14D131_14D136x64", 18446743523963609408, 18446743523964534784, 1],
@@ -105,6 +104,7 @@
 ["MacMavericks_10_9_3_AMDx64", 18446743523961765744, 18446743523962273792, 1],
 ["MacMavericks_10_9_4_AMDx64", 18446743523961767008, 18446743523962273792, 1],
 ["MacMavericks_10_9_5_13F1077_AMDx64", 18446743523961774256, 18446743523962273792, 1],
+["MacMavericks_10_9_5_13F1911_AMDx64", 18446743523961774096, 18446743523962273792, 1],
 ["MacMavericks_10_9_5_AMDx64", 18446743523961765968, 18446743523962273792, 1],
 ]
 

From 37970713747f9c72e58eb53112036ae42bf8530d Mon Sep 17 00:00:00 2001
From: takedown <takedownz@gmail.com>
Date: Fri, 21 Apr 2017 23:18:04 +0300
Subject: [PATCH 100/304] uninitialized id_auth variable fix

---
 volatility/plugins/overlays/windows/windows.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index dab16fe2b..a460ba45d 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -650,6 +650,7 @@ def get_sids(self):
         if self.UserAndGroupCount < 0xFFFF:
             for sa in self.UserAndGroups.dereference():
                 sid = sa.Sid.dereference_as('_SID')
+                id_auth = ""
                 for i in sid.IdentifierAuthority.Value:
                     id_auth = i
                 yield "S-" + "-".join(str(i) for i in (sid.Revision, id_auth) +

From b66d5f8da453f2f32d5eada8152ab881d7c1539a Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Fri, 28 Apr 2017 16:41:41 -0500
Subject: [PATCH 101/304] Linux - move boot time calculation into common for
 clear API access

---
 volatility/plugins/linux/common.py         | 54 ++++++++++++++++++++-
 volatility/plugins/overlays/linux/linux.py | 55 +---------------------
 2 files changed, 54 insertions(+), 55 deletions(-)

diff --git a/volatility/plugins/linux/common.py b/volatility/plugins/linux/common.py
index 0c1f7d997..61e329201 100644
--- a/volatility/plugins/linux/common.py
+++ b/volatility/plugins/linux/common.py
@@ -233,6 +233,58 @@ def write_elf_file(dump_dir, task, elf_addr):
 
     return file_path 
 
+def get_time_vars(obj_vm):
+    '''
+    Sometime in 3.[3-5], Linux switched to a global timekeeper structure
+    This just figures out which is in use and returns the correct variables
+    '''
+    wall_addr       = obj_vm.profile.get_symbol("wall_to_monotonic")
+    sleep_addr      = obj_vm.profile.get_symbol("total_sleep_time")
+    timekeeper_addr = obj_vm.profile.get_symbol("timekeeper")
+    tkcore_addr     = obj_vm.profile.get_symbol("tk_core") 
+
+    wall  = None
+    timeo = None
+
+    # old way
+    if wall_addr and sleep_addr:
+        wall = obj.Object("timespec", offset = wall_addr, vm = obj_vm)
+        timeo = obj.Object("timespec", offset = sleep_addr, vm = obj_vm)
+
+    elif wall_addr:
+        wall  = obj.Object("timespec", offset = wall_addr, vm = obj_vm)
+        timeo = linux_common.vol_timespec(0, 0)
+
+    # timekeeper way
+    elif timekeeper_addr:
+        timekeeper = obj.Object("timekeeper", offset = timekeeper_addr, vm = obj_vm)
+        wall = timekeeper.wall_to_monotonic
+        timeo = timekeeper.total_sleep_time
+
+    # 3.17(ish) - 3.19(ish) way
+    elif tkcore_addr and hasattr("timekeeper", "total_sleep_time"):
+        # skip seqcount
+        timekeeper = obj.Object("timekeeper", offset = tkcore_addr + 4, vm = obj_vm)
+        wall = timekeeper.wall_to_monotonic
+        timeo = timekeeper.total_sleep_time
+
+    # 3.19(ish)+
+    # getboottime from 3.19.x
+    elif tkcore_addr:
+        # skip seqcount
+        timekeeper = obj.Object("timekeeper", offset = tkcore_addr + 8, vm = obj_vm)
+        wall = timekeeper.wall_to_monotonic
+
+        oreal = timekeeper.offs_real
+        oboot = timekeeper.offs_boot
+
+        tv64 = (oreal.tv64 & 0xffffffff) - (oboot.tv64 & 0xffffffff)
+
+        if tv64:
+            tv64 = (tv64 / 100000000) * -1
+            timeo = vol_timespec(tv64, 0) 
+        else:
+            timeo = None
 
-
+    return (wall, timeo)
 
diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index a1ba46701..75f9bacc5 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2028,62 +2028,9 @@ def TICK_NSEC(self):
 
         return self.SH_DIV(1000000 * 1000, self.ACTHZ(CLOCK_TICK_RATE, HZ), 8)
 
-    def get_time_vars(self):
-        '''
-        Sometime in 3.[3-5], Linux switched to a global timekeeper structure
-        This just figures out which is in use and returns the correct variables
-        '''
-
-        wall_addr       = self.obj_vm.profile.get_symbol("wall_to_monotonic")
-        sleep_addr      = self.obj_vm.profile.get_symbol("total_sleep_time")
-        timekeeper_addr = self.obj_vm.profile.get_symbol("timekeeper")
-        tkcore_addr     = self.obj_vm.profile.get_symbol("tk_core") 
-
-        # old way
-        if wall_addr and sleep_addr:
-            wall = obj.Object("timespec", offset = wall_addr, vm = self.obj_vm)
-            timeo = obj.Object("timespec", offset = sleep_addr, vm = self.obj_vm)
-
-        elif wall_addr:
-            wall  = obj.Object("timespec", offset = wall_addr, vm = self.obj_vm)
-            timeo = linux_common.vol_timespec(0, 0)
-    
-        # timekeeper way
-        elif timekeeper_addr:
-            timekeeper = obj.Object("timekeeper", offset = timekeeper_addr, vm = self.obj_vm)
-            wall = timekeeper.wall_to_monotonic
-            timeo = timekeeper.total_sleep_time
-
-        # 3.17(ish) - 3.19(ish) way
-        elif tkcore_addr and hasattr("timekeeper", "total_sleep_time"):
-            # skip seqcount
-            timekeeper = obj.Object("timekeeper", offset = tkcore_addr + 4, vm = self.obj_vm)
-            wall = timekeeper.wall_to_monotonic
-            timeo = timekeeper.total_sleep_time
-
-        # 3.19(ish)+
-        # getboottime from 3.19.x
-        elif tkcore_addr:
-            # skip seqcount
-            timekeeper = obj.Object("timekeeper", offset = tkcore_addr + 8, vm = self.obj_vm)
-            wall = timekeeper.wall_to_monotonic
-
-            oreal = timekeeper.offs_real
-            oboot = timekeeper.offs_boot
- 
-            tv64 = (oreal.tv64 & 0xffffffff) - (oboot.tv64 & 0xffffffff)
-
-            if tv64:
-                tv64 = (tv64 / 100000000) * -1
-                timeo = linux_common.vol_timespec(tv64, 0) 
-            else:
-                timeo = None
-
-        return (wall, timeo)
-
     # based on 2.6.35 getboottime
     def get_boot_time(self):
-        (wall, timeo) = self.get_time_vars()
+        (wall, timeo) = linux_common.get_time_vars(self.obj_vm)
 
         if wall == None or timeo == None:
             return -1

From 34327a798402ad0256bc06d6ef25181680d05d05 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 11:48:43 -0500
Subject: [PATCH 102/304] Linux - harden library list against smearing

---
 volatility/plugins/overlays/linux/elf.py | 26 ++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/volatility/plugins/overlays/linux/elf.py b/volatility/plugins/overlays/linux/elf.py
index 45b11822b..ba23c7c62 100644
--- a/volatility/plugins/overlays/linux/elf.py
+++ b/volatility/plugins/overlays/linux/elf.py
@@ -573,7 +573,6 @@ def p_vaddr(self):
     def dynamic_sections(self):
         # sanity check
         if str(self.p_type) != 'PT_DYNAMIC':
-            print "failed sanity check"
             return
 
         rtname = self._get_typename("dyn")
@@ -686,16 +685,27 @@ def l_prev(self):
         tname = "elf_link_map"
         return obj.Object(tname, offset = naddr, vm = self.obj_vm, parent = self)
 
-    def __iter__(self):
-        cur = self
+    def _walk_map_list(self, access_func):
+        seen = []
+        cur  = self
         while cur:
-            yield cur
-            cur = cur.l_next
+            if cur.obj_offset in seen:
+                break
 
-        cur = self
-        while cur:
             yield cur
-            cur = cur.l_prev
+
+            seen.append(cur.obj_offset)
+
+            # check for signs of infinite looping
+            if len(seen) > 1024:
+                break
+
+            cur = access_func(cur)
+
+    def __iter__(self):        
+        for member in [lambda x: x.l_next, lambda x: x.l_prev]:
+            for mapinfo in self._walk_map_list(member):
+                yield mapinfo
 
 class elf32_link_map(obj.CType):
     def __init__(self, theType, offset, vm, name = None, **kwargs):

From 58c40cc97c489e4dc9cc02143bf8399a71ac743b Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 12:00:09 -0500
Subject: [PATCH 103/304] Linux - harden dmesg against smear

---
 volatility/plugins/linux/dmesg.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/dmesg.py b/volatility/plugins/linux/dmesg.py
index 8e42f0ced..a51d2e29e 100644
--- a/volatility/plugins/linux/dmesg.py
+++ b/volatility/plugins/linux/dmesg.py
@@ -61,18 +61,23 @@ def _ver_3(self, buf_addr, buf_len):
         log = obj.Object("log", offset = cur_addr, vm = self.addr_space)
         cur_len = log.len
 
-        while cur_addr < end_addr and cur_len != 0:
+        while cur_addr < end_addr and cur_len != 0 and cur_len < 4096:
 
             msg_len = log.text_len
             cur_ts = log.ts_nsec
 
             buf = obj.Object("String", offset = cur_addr + size_of_log, vm = self.addr_space, length = msg_len)
+            if buf == None:
+                break
 
             ret = ret + "[{0}.{1}] {2}\n".format(cur_ts, cur_ts / 1000000000, buf)
 
             cur_addr = cur_addr + cur_len
 
             log = obj.Object("log", offset = cur_addr, vm = self.addr_space)
+            if log == None:
+                break
+
             cur_len = log.len
 
         return ret

From 51c8248eae0d6e09663f9a4c060b3ebf46eff4ae Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 12:03:43 -0500
Subject: [PATCH 104/304] Linux - hardend arp against smear

---
 volatility/plugins/linux/arp.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/linux/arp.py b/volatility/plugins/linux/arp.py
index 341ff193d..31d2e8e4f 100644
--- a/volatility/plugins/linux/arp.py
+++ b/volatility/plugins/linux/arp.py
@@ -99,10 +99,18 @@ def handle_table(self, ntable):
         return sum(ret, [])
 
     def walk_neighbor(self, neighbor):
-
-        ret = []
+        seen = []
+        ret  = []
+        ctr  = 0
 
         for n in linux_common.walk_internal_list("neighbour", "next", neighbor):
+            if n.obj_offset in seen:
+                break
+            seen.append(n.obj_offset)
+
+            if ctr > 1024:
+                break
+            ctr = ctr + 1
 
             # get the family from each neighbour in order to work with ipv4 and 6
             family = n.tbl.family

From c163a13f9131d1bb5018b04f3e0b1fafacf4fecb Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 12:09:14 -0500
Subject: [PATCH 105/304] Linux - protect psaux against smear

---
 volatility/plugins/overlays/linux/linux.py | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 75f9bacc5..5ad1fa8b8 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2120,13 +2120,18 @@ def get_commandline(self):
             # read argv from userland
             start = self.mm.arg_start.v()
 
-            argv = proc_as.read(start, self.mm.arg_end - self.mm.arg_start)
+            size_to_read = self.mm.arg_end - self.mm.arg_start
 
-            if argv:
-                # split the \x00 buffer into args
-                name = " ".join(argv.split("\x00"))
-            else:
+            if size_to_read < 1 or size_to_read > 4096:
                 name = ""
+            else:
+                argv = proc_as.read(start, size_to_read)
+
+                if argv:
+                    # split the \x00 buffer into args
+                    name = " ".join(argv.split("\x00"))
+                else:
+                    name = ""
         else:
             # kernel thread
             name = "[" + self.comm + "]"

From 2e2533743e5f7fba96042599886683b3e1536e28 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 12:30:46 -0500
Subject: [PATCH 106/304] Linux - protect psenv against arguments

---
 volatility/plugins/overlays/linux/linux.py | 49 +++++-----------------
 1 file changed, 11 insertions(+), 38 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 5ad1fa8b8..67e8d57fd 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -1583,33 +1583,6 @@ def bash_history_entries(self):
         for hist in sorted(history_entries, key = attrgetter('time_as_integer')):
             yield hist              
 
-    def psenv(self):
-        env = ""
-
-        if self.mm:
-            # set the as with our new dtb so we can read from userland
-            proc_as = self.get_process_address_space()
-            if proc_as == None:
-                env = ""
-            else:
-                # read argv from userland
-                start = self.mm.env_start.v()
-
-                env = proc_as.read(start, self.mm.env_end - self.mm.env_start + 10)
-                
-        if env:
-            ents = env.split("\x00")
-            for varstr in ents:
-                eqidx = varstr.find("=")
-
-                if eqidx == -1:
-                    continue
-
-                key = varstr[:eqidx]
-                val = varstr[eqidx+1:]
-
-                yield (key, val) 
-
     def _dynamic_env(self, proc_as, pack_format, addr_sz):
         for vma in self.get_proc_maps():
             if not (vma.vm_file and str(vma.vm_flags) == "rw-"):
@@ -2084,26 +2057,26 @@ def get_task_start_time(self):
         return dt
 
     def get_environment(self):
+        env = ""
+        
         if self.mm:
             # set the as with our new dtb so we can read from userland
             proc_as = self.get_process_address_space()
             if proc_as == None:
                 return ""
 
-            # read argv from userland
             start = self.mm.env_start.v()
 
-            argv = proc_as.read(start, self.mm.env_end - self.mm.env_start + 10)
-            
-            if argv:
-                # split the \x00 buffer into args
-                env = " ".join(argv.split("\x00"))
+            size_to_read = self.mm.env_end.v() - start + 10 
 
-            else:
-                env = ""
-        else:
-            # kernel thread
-            env = ""
+            if 4 < size_to_read < 4096:
+                args = proc_as.read(start, size_to_read)
+                if args:
+                    for vals in args.split("\x00"): 
+                        ents = vals.split("=")
+
+                        if len(ents) == 2:
+                            env = env + "%s=%s " % (ents[0], ents[1])
 
         if len(env) > 1 and env[-1] == " ":
             env = env[:-1]

From 4b59c65274eda2c0e27ecf2d2f33877adda79ed3 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 12:50:38 -0500
Subject: [PATCH 107/304] Linux - protect ELF extraction from smearing

---
 volatility/plugins/overlays/linux/elf.py   | 6 ++++++
 volatility/plugins/overlays/linux/linux.py | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/volatility/plugins/overlays/linux/elf.py b/volatility/plugins/overlays/linux/elf.py
index ba23c7c62..3f7b65f5f 100644
--- a/volatility/plugins/overlays/linux/elf.py
+++ b/volatility/plugins/overlays/linux/elf.py
@@ -307,6 +307,9 @@ def program_headers(self):
 
         tname = "elf_phdr"
         
+        if self.e_phoff < 0 or self.e_phoff > 1000000:
+            return
+
         # the buffer of headers
         arr_start = self.obj_offset + self.e_phoff
 
@@ -561,6 +564,9 @@ class elf_phdr(elf):
     def __init__(self, theType, offset, vm, name = None, **kwargs):
         elf.__init__(self, 0, "elf32_phdr", "elf64_phdr", theType, offset, vm, name, **kwargs)    
 
+    def is_valid(self):
+        return self.p_vaddr > 0x1000 and self.p_filesz > 0 and self.p_memsz > 0
+
     @property
     def p_vaddr(self):
         ret = self.__getattr__("p_vaddr")
diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 67e8d57fd..6732b8adf 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -1212,6 +1212,9 @@ def get_elf(self, elf_addr):
 
             real_size = end - start
 
+            if real_size < 0 or real_size > 100000000:
+                continue
+
             sects[start] = real_size
  
         last_end = -1

From cdeb291e2e2eb667ef3808bed742e6ae7edf6110 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 16:41:49 -0500
Subject: [PATCH 108/304] Mac - protect system call enumeration from smear

---
 volatility/plugins/mac/check_syscall_table.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/volatility/plugins/mac/check_syscall_table.py b/volatility/plugins/mac/check_syscall_table.py
index a7d100942..a7b0926e9 100644
--- a/volatility/plugins/mac/check_syscall_table.py
+++ b/volatility/plugins/mac/check_syscall_table.py
@@ -72,7 +72,12 @@ def calculate(self):
         table_addr = self.addr_space.profile.get_symbol("_sysent")
 
         nsysent = obj.Object("int", offset = self.addr_space.profile.get_symbol("_nsysent"), vm = self.addr_space)
+        if nsysent == None or nsysent == 0:
+            return
+
         sysents = obj.Object(theType = "Array", offset = table_addr, vm = self.addr_space, count = nsysent, targetType = "sysent")
+        if sysents == None:
+            return
 
         for (i, sysent) in enumerate(sysents):
             ent_addr = sysent.sy_call.v()

From a4385051090fccc81ccd8d92082ac52d859e3f52 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 16:49:47 -0500
Subject: [PATCH 109/304] Mac - protect lsmod from smear

---
 volatility/plugins/mac/lsmod.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/volatility/plugins/mac/lsmod.py b/volatility/plugins/mac/lsmod.py
index 5063e556c..c7a3c00f6 100644
--- a/volatility/plugins/mac/lsmod.py
+++ b/volatility/plugins/mac/lsmod.py
@@ -42,11 +42,27 @@ def calculate(self):
 
         p = self.addr_space.profile.get_symbol("_kmod")
         kmodaddr = obj.Object("Pointer", offset = p, vm = self.addr_space)
+        if kmodaddr == None:
+            return
+
         kmod = kmodaddr.dereference_as("kmod_info") 
 
+        seen = []
+        ctr  = 0
+
         while kmod.is_valid():
+            # key on .v() instead of .obj_offset due 'next' being at offset 0
+            if kmod.v() in seen:
+                break
+            seen.append(kmod.v())
+
+            if ctr > 1024:
+                break
+            ctr = ctr + 1
+
             if not self._config.ADDR or (kmod.address <= self._config.ADDR <= (kmod.address + kmod.m("size"))):
                 yield kmod
+
             kmod = kmod.next
 
     def unified_output(self, data):

From 78d8539adbdd2ca5ed0ba3233af384e36bcab21b Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 16:55:31 -0500
Subject: [PATCH 110/304] Mac - protect lsof from smear

---
 volatility/plugins/overlays/mac/mac.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 78eac77c1..996848b74 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1219,6 +1219,9 @@ def lsof(self):
         if nfiles > num_fds:
             num_fds = nfiles
 
+        if num_fds > 4096:
+            num_fds = 1024
+
         fds = obj.Object('Array', offset = self.p_fd.fd_ofiles, vm = self.obj_vm, targetType = 'Pointer', count = num_fds)
 
         for i, fd in enumerate(fds):

From a3b479bce0fb7502396cff2a6f8e6e975cd090f9 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 17:08:59 -0500
Subject: [PATCH 111/304] Mac - protect dyld_maps from smear

---
 volatility/plugins/overlays/mac/mac.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 996848b74..de84c42f0 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1058,10 +1058,14 @@ def get_dyld_maps(self):
 
         info_addr = struct.unpack(self.pack_fmt, info_buf)[0] 
 
-        img_infos = obj.Object(theType = "Array", targetType = itype, offset = info_addr, count = infos.infoArrayCount, vm = proc_as)
+        cnt = infos.infoArrayCount
+        if cnt > 4096:
+            cnt = 1024 
+
+        img_infos = obj.Object(theType = "Array", targetType = itype, offset = info_addr, count = cnt, vm = proc_as)
         
         for info_addr in img_infos:
-            if info_addr:
+            if info_addr and info_addr.is_valid():
                 yield info_addr
 
     def get_proc_maps(self):
@@ -1725,6 +1729,9 @@ def get_address(self):
         return ip
 
 class dyld32_image_info(obj.CType):
+    def is_valid(self):
+        return len(self.imageFilePath) > 1 and self.imageLoadAddress > 0x1000
+
     def _read_ptr(self, addr):
         addr = self.obj_vm.read(addr, 4)
         if not addr:
@@ -1757,6 +1764,9 @@ def imageLoadAddress(self):
         return addr
 
 class dyld64_image_info(obj.CType):
+    def is_valid(self):
+        return len(self.imageFilePath) > 1 and self.imageLoadAddress > 0x1000
+
     def _read_ptr(self, addr):
         addr = self.obj_vm.read(addr, 8)
         if addr == None:

From 90543a075ac1c98a2edd537b12b7f82da971f3de Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 17:11:13 -0500
Subject: [PATCH 112/304] Mac - protect psaux from smear

---
 volatility/plugins/overlays/mac/mac.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index de84c42f0..d1a483a2a 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1193,6 +1193,9 @@ def get_arguments(self):
         argc = self.p_argc + 1
         args = []
 
+        if argc > 1024:
+            return ""
+
         while argc > 0:
             arg = obj.Object("String", offset = argsstart, vm = proc_as, length = 256)
                 

From a3deb49b6ce346b1745f41cc8522a0c82ce16db0 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 17:51:45 -0500
Subject: [PATCH 113/304] Mac - protect macho extraction from smear

---
 volatility/plugins/overlays/mac/macho.py | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/overlays/mac/macho.py b/volatility/plugins/overlays/mac/macho.py
index 199f93de5..46c08559c 100644
--- a/volatility/plugins/overlays/mac/macho.py
+++ b/volatility/plugins/overlays/mac/macho.py
@@ -314,7 +314,10 @@ def load_commands(self):
 
         # the load commands start after the header
         hdr_size = self.macho_obj.size()
-         
+        
+        if hdr_size == 0 or hdr_size > 100000000:
+            return
+
         arr_start = self.obj_offset + hdr_size
 
         offset = 0
@@ -354,8 +357,12 @@ def get_indirect_syms(self):
         syms = []        
         tname = self._get_typename("nlist")
         obj_size = self.obj_vm.profile.get_obj_size(tname)  
+
+        cnt = self.cached_dysymtab.nindirectsyms 
+        if cnt > 100000:
+            cnt = 1024
  
-        symtab_idxs = obj.Object(theType="Array", targetType="unsigned int", count=self.cached_dysymtab.nindirectsyms, offset = self.obj_offset + self.cached_dysymtab.indirectsymoff, vm = self.obj_vm, parent = self)
+        symtab_idxs = obj.Object(theType="Array", targetType="unsigned int", count=cnt, offset = self.obj_offset + self.cached_dysymtab.indirectsymoff, vm = self.obj_vm, parent = self)
 
         for idx in symtab_idxs:
             sym_addr = self.cached_symtab + (idx * obj_size)
@@ -518,7 +525,11 @@ def sections_for_segment(self, segment):
         seg_struct = self._get_typename("segment_command")
         seg_size   = self.obj_vm.profile.get_obj_size(seg_struct)
 
-        for i in range(segment.nsects):
+        cnt = segment.nsects 
+        if cnt > 1024:
+            cnt = 1024
+
+        for i in range(cnt):
             sect_addr = segment.obj_offset + seg_size + (i * sect_size)
             
             sect = obj.Object("macho_section", offset = sect_addr, vm = self.obj_vm, parent = self)

From 3b8a546c1d83dccaaf7ad4d27df302bfe58bb488 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Sat, 29 Apr 2017 18:03:29 -0500
Subject: [PATCH 114/304] Mac - protect macho extraction from smear

---
 volatility/plugins/overlays/mac/mac.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index d1a483a2a..d80f9c32a 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1009,7 +1009,10 @@ def get_macho(self, exe_address):
         for seg in m.segments():
             if str(seg.segname) == "__PAGEZERO":
                 continue
-                
+ 
+            if seg.vmsize == 0 or seg.vmsize > 100000000:
+                continue
+               
             # this is related to the shared cache map 
             # contact Andrew for full details
             if str(seg.segname) == "__LINKEDIT" and seg.vmsize > 20000000:
@@ -1017,7 +1020,6 @@ def get_macho(self, exe_address):
 
             cur = seg.vmaddr
             end = seg.vmaddr + seg.vmsize
-        
             while cur < end:
                 buffer = buffer + proc_as.zread(cur, 4096) 
                 cur = cur + 4096

From 3619c8a32f5b2f552bbc4a8464a6ea768de48423 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Thu, 4 May 2017 18:06:37 -0500
Subject: [PATCH 115/304] Linux - add support for kernel physical ASLR in 4.9+
 kernels

---
 volatility/plugins/linux/aslr_shift.py     |  10 +-
 volatility/plugins/linux/common.py         |   8 ++
 volatility/plugins/overlays/linux/linux.py | 123 +++++++++++++--------
 3 files changed, 90 insertions(+), 51 deletions(-)

diff --git a/volatility/plugins/linux/aslr_shift.py b/volatility/plugins/linux/aslr_shift.py
index 6d1ece3bc..c2a794271 100644
--- a/volatility/plugins/linux/aslr_shift.py
+++ b/volatility/plugins/linux/aslr_shift.py
@@ -32,12 +32,12 @@ class linux_aslr_shift(common.AbstractLinuxCommand):
     def calculate(self):
         aspace = utils.load_as(self._config)
         
-        yield aspace.profile.shift_address
- 
+        yield aspace.profile.virtual_shift, aspace.profile.physical_shift
+
     def render_text(self, outfd, data):
-        self.table_header(outfd, [("Shift Address", "[addrpad]")])
+        self.table_header(outfd, [("Virtual Shift Address", "[addrpad]"), ("Physical Shift Address", "[addrpad]")])
 
-        for shift_address in data:
-            self.table_row(outfd, shift_address)
+        for v, p in data:
+            self.table_row(outfd, v, p)
 
 
diff --git a/volatility/plugins/linux/common.py b/volatility/plugins/linux/common.py
index 61e329201..40d50f4a3 100644
--- a/volatility/plugins/linux/common.py
+++ b/volatility/plugins/linux/common.py
@@ -42,6 +42,9 @@ def __init__(self, secs, nsecs):
         self.tv_nsec = nsecs
 
 def set_plugin_members(obj_ref):
+    if obj_ref._config.SHIFT:
+        debug.error("Linux uses --virtual_shift and --physical_shift. Please run linux_aslr_shift to obtain the values.")
+
     obj_ref.addr_space = utils.load_as(obj_ref._config)
 
     if not obj_ref.is_valid_profile(obj_ref.addr_space.profile):
@@ -67,6 +70,11 @@ def execute(self, *args, **kwargs):
     def is_valid_profile(profile):
         return profile.metadata.get('os', 'Unknown').lower() == 'linux'
 
+    @staticmethod
+    def register_options(config):
+        config.add_option("PHYSICAL_SHIFT", type = 'int', default = 0, help = "Linux kernel physical shift address")
+        config.add_option("VIRTUAL_SHIFT", type = 'int', default = 0, help = "Linux kernel virtual shift address")
+
     def is_known_address(self, addr, modules):
         addr = int(addr)
 
diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 6732b8adf..9b6f1059f 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -212,13 +212,15 @@ def __init__(self, *args, **kwargs):
             # change the name to catch any code referencing the old hash table
             self.sys_map = {}
             self.sym_addr_cache = {}
-            self.shift_address = 0
+            self.physical_shift = 0
+            self.virtual_shift = 0
             obj.Profile.__init__(self, *args, **kwargs)
 
         def clear(self):
             """Clear out the system map, and everything else"""
             self.sys_map = {}
-            self.shift_address = 0
+            self.virutal_shift = 0
+            self.physical_shift = 0
             obj.Profile.clear(self)
 
         def reset(self):
@@ -285,8 +287,8 @@ def get_all_symbols(self, module = "kernel"):
 
                 for (name, addrs) in mod.items():
                     addr = addrs[0][0]
-                    if self.shift_address and addr:
-                        addr = addr + self.shift_address
+                    if self.virtual_shift and addr:
+                        addr = addr + self.virtual_shift
 
                     ret.append((name, addr))
             else:
@@ -317,7 +319,7 @@ def _get_symbol_by_address(self, module, sym_address):
             for (name, addrs) in mod.items():
 
                 for (addr, addr_type) in addrs:
-                    if sym_address == addr + self.shift_address:
+                    if sym_address == addr + self.virtual_shift:
                         ret = name
                         break
 
@@ -419,7 +421,7 @@ def get_symbol(self, sym_name, nm_type = "", module = "kernel"):
                 debug.info("Requested module {0:s} not found in symbol table\n".format(module))
 
             if ret:
-                ret = ret + self.shift_address
+                ret = ret + self.virtual_shift
 
             return ret
 
@@ -2233,45 +2235,64 @@ def generate_suggestions(self):
         profile = self.obj_vm.profile
         
         if profile.metadata.get('memory_model', '32bit') == "32bit":
-            sym   = "swapper_pg_dir"
-            shifts = [0xc0000000]
+            sym     = "swapper_pg_dir"
+            shifts  = [0xc0000000]
+            read_sz = 4
+            fmt     = "<I"
         else:
-            sym   = "init_level4_pgt"
-            shifts = [0xffffffff80000000, 0xffffffff80000000 - 0x1000000, 0xffffffff7fe00000]       
-        
-        config         = self.obj_vm.get_config()
-        tbl = self.obj_vm.profile.sys_map["kernel"]
+            sym     = "init_level4_pgt"
+            shifts  = [0xffffffff80000000, 0xffffffff80000000 - 0x1000000, 0xffffffff7fe00000]       
+            read_sz = 8
+            fmt     = "<Q"
+
+        config = self.obj_vm.get_config()
+        tbl    = self.obj_vm.profile.sys_map["kernel"]
         
-        if config.SHIFT:
-            shift_address = config.SHIFT
+        if config.PHYSICAL_SHIFT and not config.VIRTUAL_SHIFT:
+            debug.error("You must specifiy both the virtual and physical shift.") 
+        elif not config.PHYSICAL_SHIFT and config.VIRTUAL_SHIFT:
+            debug.error("You must specifiy both the virtual and physical shift.") 
+        elif config.PHYSICAL_SHIFT and config.VIRTUAL_SHIFT:
+            physical_shift_address = config.PHYSICAL_SHIFT
+            virtual_shift_address = config.VIRTUAL_SHIFT
         else:
-            shift_address = self.obj_vm.profile.shift_address
+            physical_shift_address = self.obj_vm.profile.physical_shift
+            virtual_shift_address  = self.obj_vm.profile.virtual_shift    
 
         good_dtb = -1
             
-        init_task_addr = tbl["init_task"][0][0] + shift_address
-        dtb_sym_addr   = tbl[sym][0][0] + shift_address
-        
-        comm_offset    = profile.get_obj_offset("task_struct", "comm")
-        pid_offset     = self.obj_vm.profile.get_obj_offset("task_struct", "pid")
-        pas            = self.obj_vm
-        
-        for shift in shifts:
-            sym_addr = dtb_sym_addr - shift
+        init_task_addr = tbl["init_task"][0][0] + physical_shift_address
+        dtb_sym_addr   = tbl[sym][0][0] + physical_shift_address
+        files_sym_addr = tbl["init_files"][0][0] + physical_shift_address
        
-            read_addr = init_task_addr - shift + comm_offset
+        comm_offset   = profile.get_obj_offset("task_struct", "comm")
+        pid_offset    = profile.get_obj_offset("task_struct", "pid")
+        files_offset  = profile.get_obj_offset("task_struct", "files") 
+        mm_offset     = profile.get_obj_offset("task_struct", "active_mm")
+        pas           = self.obj_vm
+        
+        if physical_shift_address != 0 and virtual_shift_address != 0:
+            good_dtb  = dtb_sym_addr - shifts[0]
+            self.obj_vm.profile.physical_shift = physical_shift_address 
+            self.obj_vm.profile.virtual_shift  = virtual_shift_address
+
+        if good_dtb == -1:
+            for shift in shifts:
+                sym_addr = dtb_sym_addr - shift
+           
+                read_addr = init_task_addr - shift + comm_offset
 
-            buf = pas.read(read_addr, 12)        
-          
-            if buf:
-                idx = buf.find("swapper")
-                if idx == 0:
-                    good_dtb = sym_addr
-                    break
+                buf = pas.read(read_addr, 12)        
+                if buf:
+                    idx = buf.find("swapper")
+                    if idx == 0:
+                        good_dtb = sym_addr
+                        break
 
-        # check for relocated kernel
-        if good_dtb == -1 and shift_address == 0:
+        # check for relocated or physical aslr kernel
+        if good_dtb == -1:
             scanner = swapperScan(needles = ["swapper/0\x00\x00\x00\x00\x00\x00"])
+            ctr = 0
             for swapper_offset in scanner.scan(self.obj_vm):
                 swapper_address = swapper_offset - comm_offset
 
@@ -2281,18 +2302,27 @@ def generate_suggestions(self):
                 if pas.read(swapper_address + pid_offset, 4) != "\x00\x00\x00\x00":
                     continue
 
-                tmp_shift_address = swapper_address - (init_task_addr - shifts[0])
+                mm_buf = pas.read(swapper_address + mm_offset, read_sz)
+                mm_addr = struct.unpack(fmt, mm_buf)[0]
+                if mm_addr == 0:
+                    continue
 
+                tmp_shift_address = swapper_address - (init_task_addr - shifts[0])
                 if tmp_shift_address & 0xfff != 0x000:
                     continue
-                
-                shift_address = tmp_shift_address
-                good_dtb = dtb_sym_addr - shifts[0] + shift_address
-                break
 
-        if shift_address != 0:   
-            self.obj_vm.profile.shift_address = shift_address
+                physical_shift_address = tmp_shift_address
+                
+                self.obj_vm.profile.physical_shift = physical_shift_address
+                good_dtb = dtb_sym_addr - shifts[0] + physical_shift_address
+                
+                files_buf  = pas.read(swapper_address + files_offset, read_sz)
+                files_addr = struct.unpack(fmt, files_buf)[0]
 
+                # will be 0 for kernels that don't randomize the physical load address
+                self.obj_vm.profile.virtual_shift = files_addr - files_sym_addr
+                break
+        
         yield good_dtb
 
 # the intel check, simply checks for the static paging of init_task
@@ -2302,18 +2332,19 @@ class VolatilityLinuxIntelValidAS(obj.VolatilityMagic):
     def generate_suggestions(self):
 
         init_task_addr = self.obj_vm.profile.get_symbol("init_task")
-
         if self.obj_vm.profile.metadata.get('memory_model', '32bit') == "32bit":
             shifts = [0xc0000000]
         else:
             shifts = [0xffffffff80000000, 0xffffffff80000000 - 0x1000000, 0xffffffff7fe00000]       
 
         ret = False
+           
+        phys  = self.obj_vm.vtop(init_task_addr)
+        if phys == None:
+            return
 
         for shift in shifts:
-            phys  = self.obj_vm.vtop(init_task_addr)
-            check = init_task_addr - shift
-           
+            check = init_task_addr - shift + self.obj_vm.profile.physical_shift - self.obj_vm.profile.virtual_shift
             if phys == check:
                 ret = True
                 break

From 140aed4665f0074d9d04fd1fcac489c93ebd668c Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Thu, 4 May 2017 23:00:24 -0500
Subject: [PATCH 116/304] Linux - add psenv function

---
 volatility/plugins/overlays/linux/linux.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 9b6f1059f..e86a2fd88 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2061,14 +2061,12 @@ def get_task_start_time(self):
         
         return dt
 
-    def get_environment(self):
-        env = ""
-        
+    def psenv(self): 
         if self.mm:
             # set the as with our new dtb so we can read from userland
             proc_as = self.get_process_address_space()
             if proc_as == None:
-                return ""
+                return
 
             start = self.mm.env_start.v()
 
@@ -2081,7 +2079,13 @@ def get_environment(self):
                         ents = vals.split("=")
 
                         if len(ents) == 2:
-                            env = env + "%s=%s " % (ents[0], ents[1])
+                            yield ents[0], ents[1]        
+
+    def get_environment(self):
+        env = ""
+
+        for key, value in self.psenv():
+            env = env + "%s=%s " % (key, value)
 
         if len(env) > 1 and env[-1] == " ":
             env = env[:-1]

From 1bdb319ab4678a6e2b1ec350c8314f5b987c1da3 Mon Sep 17 00:00:00 2001
From: Fabio <pagabuc@gmail.com>
Date: Sat, 13 May 2017 15:08:43 +0200
Subject: [PATCH 117/304] ktime_t is not a union anymore

---
 volatility/plugins/linux/common.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/linux/common.py b/volatility/plugins/linux/common.py
index 40d50f4a3..e96cf6dfd 100644
--- a/volatility/plugins/linux/common.py
+++ b/volatility/plugins/linux/common.py
@@ -286,8 +286,11 @@ def get_time_vars(obj_vm):
         oreal = timekeeper.offs_real
         oboot = timekeeper.offs_boot
 
-        tv64 = (oreal.tv64 & 0xffffffff) - (oboot.tv64 & 0xffffffff)
-
+        if hasattr(oreal,"tv64"):
+            tv64 = (oreal.tv64 & 0xffffffff) - (oboot.tv64 & 0xffffffff)
+        else:
+            tv64 = (oreal & 0xffffffff) - (oboot & 0xffffffff)
+            
         if tv64:
             tv64 = (tv64 / 100000000) * -1
             timeo = vol_timespec(tv64, 0) 

From b29f0fb5d16fb2c04fe472db142246ec62567771 Mon Sep 17 00:00:00 2001
From: bradley <bradley@schatzforensic.com.au>
Date: Tue, 23 May 2017 15:28:00 +1000
Subject: [PATCH 118/304] AFF4 Standard v1 image support.

---
 volatility/plugins/addrspaces/aff4.py | 133 ++++++++++++++++++++++++++
 1 file changed, 133 insertions(+)
 create mode 100644 volatility/plugins/addrspaces/aff4.py

diff --git a/volatility/plugins/addrspaces/aff4.py b/volatility/plugins/addrspaces/aff4.py
new file mode 100644
index 000000000..e8c7ca111
--- /dev/null
+++ b/volatility/plugins/addrspaces/aff4.py
@@ -0,0 +1,133 @@
+# Volatility
+# AFF4 Standard v1 memory image reader
+# Based on WindowsCrashDumpSpace32
+#
+# Copyright (C) 2017 Schatz Forensic
+#
+# Authors:
+# bradley@schatzforensic.com (Bradley Schatz)
+#
+# This file is part of Volatility.
+#
+# Volatility is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Volatility is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+""" An AS for processing crash dumps """
+import struct
+import volatility.obj as obj
+import volatility.addrspace as addrspace
+from pyaff4 import data_store
+from pyaff4 import lexicon
+from pyaff4.container import Container
+import volatility.plugins.addrspaces.standard as standard
+import logging
+
+
+LOGGER = logging.getLogger("pyaff4")
+LOGGER.setLevel(logging.ERROR)
+
+#pylint: disable-msg=C0111
+
+zipFileHeaderMAGIC = "\x50\x4b\x03\x04"
+
+class AFF4AddressSpace(standard.FileAddressSpace):
+    """ This AS supports AFF4 Containers """
+    order = 31
+
+    def __init__(self, base, config, **kwargs):
+        standard.FileAddressSpace.__init__(self, base, config, layered=True)
+
+        # Must be stacked on a Raw file based image
+        self.as_assert(base, "No base address space provided")
+
+        # Must start with the a Zip File Header
+        self.as_assert((base.read(0, 4) == zipFileHeaderMAGIC), "Header signature invalid")
+
+        # Cant stack an AFF4 image on another AFF4 images
+        self.as_assert(type(base) != AFF4AddressSpace, "Cant stack AFF4 addressspace on same")
+        self.fhandle = Container.open(self.name)
+        self.fsize = self.fhandle.Size()
+        self.fhandle.seek(0)
+        dtb = self.fhandle.parent.getDTB()
+        if dtb != 0:
+            self.dtb = dtb
+
+    def write(self, _addr, _buf):
+        if not self._config.WRITE:
+            return False
+        raise NotImplementedError("Write support is not implemented for AFF4 containers")
+
+    def get_header(self):
+        return self.header
+
+    def fread(self, length):
+        length = int(length)
+        return self.fhandle.read(length)
+
+    def read(self, addr, length):
+        addr, length = int(addr), int(length)
+        try:
+            self.fhandle.seek(addr)
+        except (IOError, OverflowError):
+            return None
+        data = self.fhandle.read(length)
+        if len(data) == 0:
+            return None
+        return data
+
+    def zread(self, addr, length):
+        data = self.read(addr, length)
+        if data is None:
+            data = "\x00" * length
+        elif len(data) != length:
+            data += "\x00" * (length - len(data))
+
+        return data
+
+    def read_long(self, addr):
+        string = self.read(addr, 4)
+        longval, = self._long_struct.unpack(string)
+        return longval
+
+    def get_available_addresses(self):
+        """ This returns the ranges  of valid addresses """
+        lastOffset = -1
+        lastLength = -1
+        for run in self.fhandle.GetRanges():
+            offset = run.map_offset
+            length = run.length
+            if lastOffset == -1:
+                lastOffset = offset
+                lastLength = length
+            else:
+                if lastOffset + lastLength == offset:
+                    # merge the two
+                    lastLength = lastLength + length
+                    continue
+                else:
+                    # emit the last
+                    res = (lastOffset, lastLength)
+                    lastOffset = offset
+                    lastLength = length
+                    yield res
+        yield (lastOffset, lastLength)
+
+
+    def is_valid_address(self, addr):
+        if addr == None:
+            return False
+        return self.fhandle.tree.overlaps(addr)
+
+    def close(self):
+        self.fhandle.close()

From b65f177b6db1c4fc0bf78a4a84e31506623fc810 Mon Sep 17 00:00:00 2001
From: bradley <bradley@schatzforensic.com.au>
Date: Tue, 23 May 2017 15:32:18 +1000
Subject: [PATCH 119/304] Make DTB scanner only scan image regions containing
 data, rather than relying on those regions being transparently in-filled with
 zeros.

---
 volatility/plugins/overlays/basic.py | 40 +++++++++++++++++-----------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/volatility/plugins/overlays/basic.py b/volatility/plugins/overlays/basic.py
index cb7f4b766..0fcf794f1 100644
--- a/volatility/plugins/overlays/basic.py
+++ b/volatility/plugins/overlays/basic.py
@@ -211,22 +211,30 @@ class VolatilityDTB(obj.VolatilityMagic):
 
     def generate_suggestions(self):
         offset = 0
-        data = self.obj_vm.zread(offset, constants.SCAN_BLOCKSIZE)
-        last_range_start, last_range_size = sorted(self.obj_vm.get_available_addresses())[-1]
-        max_offset = last_range_start + last_range_size
-        while data:
-            found = data.find(str(self.obj_parent.DTBSignature), 0)
-            while found >= 0:
-                proc = obj.Object("_EPROCESS", offset = offset + found,
-                                  vm = self.obj_vm)
-                if 'Idle' in proc.ImageFileName.v():
-                    yield proc.Pcb.DirectoryTableBase.v()
-                found = data.find(str(self.obj_parent.DTBSignature), found + 1)
-
-            offset += len(data)
-            if offset >= max_offset:
-                break 
-            data = self.obj_vm.zread(offset, constants.SCAN_BLOCKSIZE)
+        addresslist = sorted(self.obj_vm.get_available_addresses())
+        for range in addresslist:
+            (range_start, range_size) = range
+            offset = range_start
+            range_end = range_start + range_size
+            read_size = min(constants.SCAN_BLOCKSIZE, range_size)
+
+            data = self.obj_vm.zread(offset, read_size)
+
+            while 1:
+                found = data.find(str(self.obj_parent.DTBSignature), 0)
+                while found >= 0:
+                    proc = obj.Object("_EPROCESS", offset = offset + found,
+                                      vm = self.obj_vm)
+                    if 'Idle' in proc.ImageFileName.v():
+                        yield proc.Pcb.DirectoryTableBase.v()
+                    found = data.find(str(self.obj_parent.DTBSignature), found + 1)
+
+
+                offset += len(data)
+                if offset >= range_end:
+                    break
+                read_size = min(constants.SCAN_BLOCKSIZE, range_end - offset)
+                data = self.obj_vm.zread(offset, read_size)
 
 class UnixTimeStamp(obj.NativeType):
     """Class for handling Unix Time Stamps"""

From f93390e09cd399ba1f62dc8432f1bfe9cac17448 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Fri, 9 Jun 2017 13:38:58 -0500
Subject: [PATCH 120/304] Linux - fix module reference

---
 volatility/plugins/linux/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/common.py b/volatility/plugins/linux/common.py
index e96cf6dfd..037cecb33 100644
--- a/volatility/plugins/linux/common.py
+++ b/volatility/plugins/linux/common.py
@@ -261,7 +261,7 @@ def get_time_vars(obj_vm):
 
     elif wall_addr:
         wall  = obj.Object("timespec", offset = wall_addr, vm = obj_vm)
-        timeo = linux_common.vol_timespec(0, 0)
+        timeo = vol_timespec(0, 0)
 
     # timekeeper way
     elif timekeeper_addr:

From b16ea893a1fb3e18546c7e40b1f4940ca425f062 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Fri, 9 Jun 2017 13:40:06 -0500
Subject: [PATCH 121/304] Windows - fix calculation of inlined registry data

---
 volatility/win32/rawreg.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/volatility/win32/rawreg.py b/volatility/win32/rawreg.py
index a9d2aac98..36ec53549 100644
--- a/volatility/win32/rawreg.py
+++ b/volatility/win32/rawreg.py
@@ -145,9 +145,12 @@ def value_data(val):
     inline = val.DataLength & 0x80000000
 
     if inline:
-        if val.DataLength == 0x80000000:
-            return ("REG_DWORD", val.Type.v())
-        valdata = val.obj_vm.read(val.Data.obj_offset, val.DataLength & 0x7FFFFFFF)
+        inline_len = val.DataLength & 0x7FFFFFFF
+        if inline_len == 0 or inline_len > 4:
+            valdata = None
+        else:
+            valdata = val.obj_vm.read(val.Data.obj_offset, inline_len)
+
     elif val.obj_vm.hive.Version == 5 and val.DataLength > 0x4000:
         # Value is a BIG_DATA block, stored in chunked format
         datalen = val.DataLength

From 80bf38e7e23bb50f9bcaac4f9cd9d07b17c7b8c3 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Fri, 9 Jun 2017 13:43:43 -0500
Subject: [PATCH 122/304] Linux - fix typo

---
 volatility/plugins/overlays/linux/linux.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index e86a2fd88..a8ba1cb9e 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -219,8 +219,9 @@ def __init__(self, *args, **kwargs):
         def clear(self):
             """Clear out the system map, and everything else"""
             self.sys_map = {}
-            self.virutal_shift = 0
+            self.sym_addr_cache = {}
             self.physical_shift = 0
+            self.virtual_shift = 0
             obj.Profile.clear(self)
 
         def reset(self):

From e1fa3fa0e4b20a7752fa6b4deb354a3983cd01db Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Fri, 9 Jun 2017 17:59:10 -0500
Subject: [PATCH 123/304] Linux - update aslr scanner

---
 volatility/plugins/overlays/linux/linux.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index a8ba1cb9e..28159cbde 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2307,11 +2307,6 @@ def generate_suggestions(self):
                 if pas.read(swapper_address + pid_offset, 4) != "\x00\x00\x00\x00":
                     continue
 
-                mm_buf = pas.read(swapper_address + mm_offset, read_sz)
-                mm_addr = struct.unpack(fmt, mm_buf)[0]
-                if mm_addr == 0:
-                    continue
-
                 tmp_shift_address = swapper_address - (init_task_addr - shifts[0])
                 if tmp_shift_address & 0xfff != 0x000:
                     continue
@@ -2326,6 +2321,7 @@ def generate_suggestions(self):
 
                 # will be 0 for kernels that don't randomize the physical load address
                 self.obj_vm.profile.virtual_shift = files_addr - files_sym_addr
+
                 break
         
         yield good_dtb

From dc64dc015296d2627f5f62c21a5275abe65222c8 Mon Sep 17 00:00:00 2001
From: "Bittick, Kennon" <kennon.bittick@gtri.gatech.edu>
Date: Mon, 12 Jun 2017 13:09:47 -0400
Subject: [PATCH 124/304] Linux - fix issue when loading program_headers.

Instead of capping the number of program headers to examine to 128,
Volatility made the number to check at least 128. The validity check
later on made this mostly work, but this fixes the underlying issue.
---
 volatility/plugins/overlays/linux/elf.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/linux/elf.py b/volatility/plugins/overlays/linux/elf.py
index 3f7b65f5f..65ca245fe 100644
--- a/volatility/plugins/overlays/linux/elf.py
+++ b/volatility/plugins/overlays/linux/elf.py
@@ -314,9 +314,9 @@ def program_headers(self):
         arr_start = self.obj_offset + self.e_phoff
 
         if self.e_phnum > 128:
-            phnum = self.e_phnum
-        else:
             phnum = 128
+        else:
+            phnum = self.e_phnum
 
         for i in range(phnum):
             # use the real size

From dd5a1e2f88b6f9bd01c2ba141fda974fcb5f6a83 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 27 Jun 2017 14:39:30 -0500
Subject: [PATCH 125/304] Linux - cast values from module parameters

---
 volatility/plugins/overlays/linux/linux.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 28159cbde..d87f6e5a2 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -926,14 +926,14 @@ def get_param_val(self, param, _over = 0):
                 val = val + str(mret or '')
 
         elif getfn == self.obj_vm.profile.get_symbol("param_get_string"):
-            val = param.str.dereference_as("String", length = param.str.maxlen)
+            val = str(param.str.dereference_as("String", length = param.str.maxlen))
 
         elif getfn == self.obj_vm.profile.get_symbol("param_get_charp"):
             addr = obj.Object("Pointer", offset = param.arg, vm = self.obj_vm)
             if addr == 0:
                 val = "(null)"
             else:
-                val = addr.dereference_as("String", length = 256)
+                val = str(addr.dereference_as("String", length = 256))
 
         elif getfn.v() in ints:
             val = obj.Object(ints[getfn.v()], offset = param.arg, vm = self.obj_vm)
@@ -944,11 +944,13 @@ def get_param_val(self, param, _over = 0):
                 else:
                     val = 'N'
 
-            if getfn == self.obj_vm.profile.get_symbol("param_get_invbool"):
+            elif getfn == self.obj_vm.profile.get_symbol("param_get_invbool"):
                 if val:
                     val = 'N'
                 else:
                     val = 'Y'
+            else:
+                val = int(val)
 
         else:
             return None

From dfa89e2ce87b8c315f1950cf7b0cb3b27b2cbcd6 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Thu, 29 Jun 2017 20:19:22 -0500
Subject: [PATCH 126/304] Refs #441 #438 fixing a bug in linux ELF header
 checks which broke virtual box memory samples

---
 volatility/plugins/overlays/linux/elf.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/linux/elf.py b/volatility/plugins/overlays/linux/elf.py
index 3f7b65f5f..8011d6bc1 100644
--- a/volatility/plugins/overlays/linux/elf.py
+++ b/volatility/plugins/overlays/linux/elf.py
@@ -565,7 +565,7 @@ def __init__(self, theType, offset, vm, name = None, **kwargs):
         elf.__init__(self, 0, "elf32_phdr", "elf64_phdr", theType, offset, vm, name, **kwargs)    
 
     def is_valid(self):
-        return self.p_vaddr > 0x1000 and self.p_filesz > 0 and self.p_memsz > 0
+        return self.p_filesz > 0 and self.p_memsz > 0
 
     @property
     def p_vaddr(self):

From db94d50c2c308a7d822dbc0aa9007f6fd2cc8626 Mon Sep 17 00:00:00 2001
From: HomeSen <mail@homesen.de>
Date: Thu, 6 Jul 2017 12:53:28 +0200
Subject: [PATCH 127/304] Fixed issue #237 by explicitly declaring text factory
 for SQLite render

---
 volatility/renderers/sqlite.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/volatility/renderers/sqlite.py b/volatility/renderers/sqlite.py
index 8d1745757..606b079f9 100644
--- a/volatility/renderers/sqlite.py
+++ b/volatility/renderers/sqlite.py
@@ -48,6 +48,9 @@ def render(self, outfd, grid):
             debug.error("Please specify a valid output file using --output-file")
 
         self._db = sqlite3.connect(self._config.OUTPUT_FILE, isolation_level = None)
+        # Change text factory from unicode to bytestring to allow insertion of non-ASCII characters
+        # Sometimes process remainders in memory cause funky names et.al. to be retrieved
+        self._db.text_factory = str
         create = "CREATE TABLE IF NOT EXISTS " + self._plugin_name + "( id INTEGER, " + \
                  ", ".join(['"' + self._sanitize_name(i.name) + '" ' + self._column_type(i.type) for i in grid.columns]) + ")"
         self._db.execute(create)
@@ -75,4 +78,4 @@ def _add_multiple_row(node, accumulator):
                      ", ".join(['"' + self._sanitize_name(i.name) + '"' for i in grid.columns]) + ") " + \
                      " VALUES (?, " + ", ".join(["?"] * (len(self._accumulator[1][0])-1)) + ")"
             self._db.executemany(insert, self._accumulator[1])
-            self._db.execute("COMMIT TRANSACTION")  
\ No newline at end of file
+            self._db.execute("COMMIT TRANSACTION")  

From b3db0ccc8399c77f56408eb74a9152d3c95a138e Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 11 Jul 2017 13:37:57 -0500
Subject: [PATCH 128/304] Broaden the conditions under which we skip duplicate
 PTE entries in the get_available_pages API. It used to apply only to 64-bit
 Windows 10, but we've started seeing similar entries on Windows 8 / Server
 2012.

---
 volatility/plugins/addrspaces/amd64.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/volatility/plugins/addrspaces/amd64.py b/volatility/plugins/addrspaces/amd64.py
index 6c6b6bc5f..0abeb58c8 100644
--- a/volatility/plugins/addrspaces/amd64.py
+++ b/volatility/plugins/addrspaces/amd64.py
@@ -339,24 +339,24 @@ def entry_present(self, entry):
         # Thus, we will treat it as present.
         return present or ((entry & (1 << 11)) and not (entry & (1 << 10)))
 
-class Win10AMD64PagedMemory(WindowsAMD64PagedMemory):
-    """Windows 10-specific AMD 64-bit address space.
+class SkipDuplicatesAMD64PagedMemory(WindowsAMD64PagedMemory):
+    """Windows 8/10-specific AMD 64-bit address space.
 
     This class is used to filter out large sections of kernel mappings that are
-    duplicates in recent versions of Windows 10.
+    duplicates in recent versions of Windows 8/10.
     """
     order = 53
     skip_duplicate_entries = True
 
     def is_valid_profile(self, profile):
         '''
-        This address space should only be used with recent Windows 10 profiles
+        This address space should only be used with recent Windows 8/10 profiles
         '''
 
         valid = WindowsAMD64PagedMemory.is_valid_profile(self, profile)
         major = profile.metadata.get('major', 0)
         minor = profile.metadata.get('minor', 0)
-        return valid and major >= 6 and minor >= 4
+        return valid and major >= 6 and minor >= 2
 
 
 class LinuxAMD64PagedMemory(AMD64PagedMemory):

From efab609590f2007d4b0e85a5f5d927188b213d8c Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 28 Jul 2017 12:24:37 -0500
Subject: [PATCH 129/304] Add a new set of big page table values for GUID
 96D97527892B4BD19B68BEA3E36FBBA5 (Win2012R2x64) and strengthen the sanity
 checks to check the address and size are both multiples of a 4K page

---
 volatility/plugins/bigpagepools.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index 6341d860d..84e55ed93 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -78,7 +78,7 @@ def modification(self, profile):
         if distance == None:
             if version == (6, 3, '64bit'):
                 if m.get('build', 0) == 9601:
-                    distance = [[-5192, -5200], [-5224, -5232]]
+                    distance = [[-5192, -5200], [-5224, -5232], [-5192, -5216]]
                 else:
                     distance = [[-5200, -5176], [-5224, -5232], [-5192, -5200]]
 
@@ -116,8 +116,10 @@ def generate_suggestions(self):
             table_size = obj.Object("address", 
                 offset = track_table - pair[1], 
                 vm = self.obj_vm)
-
-            if table_size != 0 and self.obj_vm.is_valid_address(table_base):
+                
+            if (table_base % 0x1000 == 0 and
+                    self.obj_vm.is_valid_address(table_base) and
+                    table_size != 0 and table_size % 0x1000 == 0):
                 break
 
         debug.debug("Distance Map: {0}".format(repr(self.distance)))

From 12613ec1521f6b550aeb70037cb3a981905a7855 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 31 Jul 2017 13:07:12 -0500
Subject: [PATCH 130/304] Update kref reference counter handling for 4.12

---
 volatility/plugins/overlays/linux/linux.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index d87f6e5a2..a3496124e 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -1159,6 +1159,16 @@ def info(self, task):
 
         return fname, major, minor, ino, pgoff 
 
+class kobject(obj.CType):
+    def reference_count(self):
+        refcnt = self.kref.refcount
+        if hasattr(refcnt, "counter"):
+            ret = refcnt.counter
+        else:
+            ret = refcnt.refs.counter
+
+        return ret
+
 class task_struct(obj.CType):
     def is_valid_task(self):
 
@@ -2396,6 +2406,7 @@ def modification(self, profile):
             'hlist_node': hlist_node,
             'files_struct': files_struct,
             'task_struct': task_struct,
+            'kobject'    : kobject,
             'vm_area_struct': vm_area_struct,
             'module' : module_struct,
             'hlist_bl_node' : hlist_bl_node,

From c84c491a11603d98b7e69be1c080292fe1ecdf9a Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 31 Jul 2017 13:07:26 -0500
Subject: [PATCH 131/304] Update kref reference counter handling for 4.12

---
 volatility/plugins/linux/check_modules.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/check_modules.py b/volatility/plugins/linux/check_modules.py
index fd586ceec..493625683 100644
--- a/volatility/plugins/linux/check_modules.py
+++ b/volatility/plugins/linux/check_modules.py
@@ -50,7 +50,7 @@ def get_kset_modules(self):
             mod = mod_kobj.mod
 
             name = kobj.name.dereference_as("String", length = 32)
-            if name.is_valid() and kobj.kref.refcount.counter > 2:
+            if name.is_valid() and kobj.reference_count() > 2:
                 ret[str(name)] = mod
     
         return ret

From f488365d72eabb5a00bb73bce16e71d9079e2f17 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 31 Jul 2017 13:10:27 -0500
Subject: [PATCH 132/304] Linux - support rename of init_level4_pgt to
 init_top_pgt in 4.13+

---
 volatility/plugins/overlays/linux/linux.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index a3496124e..ad9f4b47f 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2250,6 +2250,8 @@ class VolatilityDTB(obj.VolatilityMagic):
     def generate_suggestions(self):
         """Tries to locate the DTB."""
         profile = self.obj_vm.profile
+        config = self.obj_vm.get_config()
+        tbl    = self.obj_vm.profile.sys_map["kernel"]
         
         if profile.metadata.get('memory_model', '32bit') == "32bit":
             sym     = "swapper_pg_dir"
@@ -2258,13 +2260,14 @@ def generate_suggestions(self):
             fmt     = "<I"
         else:
             sym     = "init_level4_pgt"
+            # >= 4.13 
+            if not sym in tbl:
+                sym = "init_top_pgt"
+                
             shifts  = [0xffffffff80000000, 0xffffffff80000000 - 0x1000000, 0xffffffff7fe00000]       
             read_sz = 8
             fmt     = "<Q"
-
-        config = self.obj_vm.get_config()
-        tbl    = self.obj_vm.profile.sys_map["kernel"]
-        
+       
         if config.PHYSICAL_SHIFT and not config.VIRTUAL_SHIFT:
             debug.error("You must specifiy both the virtual and physical shift.") 
         elif not config.PHYSICAL_SHIFT and config.VIRTUAL_SHIFT:

From 9c9315ac3ee3c4fdd697be0a5aee231a1d347519 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 31 Jul 2017 14:11:01 -0500
Subject: [PATCH 133/304] Linux - add support for module scanning, extraction,
 and enumeration through 4.13

---
 tools/linux/module.c                       | 12 ++++++++++++
 volatility/plugins/linux/hidden_modules.py | 19 +++++++++++++------
 volatility/plugins/overlays/linux/linux.py | 21 ++++++++++++++++++++-
 3 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/tools/linux/module.c b/tools/linux/module.c
index 30a1eff73..1604924fc 100644
--- a/tools/linux/module.c
+++ b/tools/linux/module.c
@@ -225,6 +225,18 @@ struct module_sections module_sect_attrs;
 
 struct module_kobject module_kobject;
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,2,0)
+// we can't get the defintion of mod_tree_root directly
+// because it is declared in module.c as a static struct
+// the latch_tree_root struct has the variables we want 
+// immediately after it though
+
+#include <linux/rbtree_latch.h>
+
+struct latch_tree_root ltr;
+
+#endif
+
 #ifdef CONFIG_SLAB
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,31)
diff --git a/volatility/plugins/linux/hidden_modules.py b/volatility/plugins/linux/hidden_modules.py
index 346b055eb..a78308d18 100644
--- a/volatility/plugins/linux/hidden_modules.py
+++ b/volatility/plugins/linux/hidden_modules.py
@@ -27,6 +27,7 @@
 import re
 
 import volatility.obj as obj
+import volatility.debug as debug
 import volatility.plugins.linux.common as linux_common
 import volatility.plugins.linux.lsmod  as linux_lsmod
 from volatility.renderers import TreeGrid
@@ -38,13 +39,19 @@ class linux_hidden_modules(linux_common.AbstractLinuxCommand):
     def walk_modules_address_space(self, addr_space):
         list_mods = [x[0].obj_offset for x in linux_lsmod.linux_lsmod(self._config).calculate()]
 
-        # this for is for pre-2008 kernels:
-        # https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/kernel/module.c?id=3a642e99babe0617febb6f402e1e063479f489db)
-        if addr_space.profile.get_symbol("module_addr_min") == None:
-            return
+        if addr_space.profile.get_symbol("module_addr_min"):
+            min_addr_sym = obj.Object("unsigned long", offset = addr_space.profile.get_symbol("module_addr_min"), vm = addr_space)
+            max_addr_sym = obj.Object("unsigned long", offset = addr_space.profile.get_symbol("module_addr_max"), vm = addr_space)
+        
+        elif addr_space.profile.get_symbol("mod_tree"):
+            skip_size    = addr_space.profile.get_obj_size("latch_tree_root")
+            addr         = addr_space.profile.get_symbol("mod_tree")
+            ulong_size   = addr_space.profile.get_obj_size("unsigned long")
 
-        min_addr_sym = obj.Object("unsigned long", offset = addr_space.profile.get_symbol("module_addr_min"), vm = addr_space)
-        max_addr_sym = obj.Object("unsigned long", offset = addr_space.profile.get_symbol("module_addr_max"), vm = addr_space)
+            min_addr_sym = obj.Object("unsigned long", offset = addr + skip_size, vm = addr_space)
+            max_addr_sym = obj.Object("unsigned long", offset = addr + skip_size + ulong_size, vm = addr_space)
+        else:
+            debug.error("Unsupport kernel verison. Please file a bug ticket that includes your kernel version and distribution.")
 
         min_addr = min_addr_sym & ~0xfff
         max_addr = (max_addr_sym & ~0xfff) + 0x1000
diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index ad9f4b47f..0e7a042d1 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -858,6 +858,24 @@ def init_size(self):
 
         return ret
  
+    @property
+    def init_text_size(self):
+        if hasattr(self, "init_layout"):
+            ret = self.m("init_layout").m("text_size")
+        else:
+            ret = self.m("init_text_size")
+
+        return ret
+ 
+    @property 
+    def core_text_size(self):
+        if hasattr(self, "core_layout"):
+            ret = self.m("core_layout").m("text_size")
+        else:
+            ret = self.m("core_text_size")
+
+        return ret
+    
     @property 
     def core_size(self):
         if hasattr(self, "core_layout"):
@@ -866,7 +884,8 @@ def core_size(self):
             ret = self.m("core_size")
 
         return ret
-        
+   
+
     def _get_sect_count(self, grp):
         arr = obj.Object(theType = 'Array', offset = grp.attrs, vm = self.obj_vm, targetType = 'Pointer', count = 25)
 

From 0d8eb81eab8599ff2c5b24bf322383f0bbb3a431 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 31 Jul 2017 23:12:03 -0500
Subject: [PATCH 134/304] Linux - add support for file extraction through 4.13

---
 volatility/plugins/linux/find_file.py      | 143 ++++++++++++++++-----
 volatility/plugins/overlays/linux/linux.py |  14 +-
 2 files changed, 120 insertions(+), 37 deletions(-)

diff --git a/volatility/plugins/linux/find_file.py b/volatility/plugins/linux/find_file.py
index fa9665098..75af44218 100644
--- a/volatility/plugins/linux/find_file.py
+++ b/volatility/plugins/linux/find_file.py
@@ -44,7 +44,9 @@ def __init__(self, config, *args, **kwargs):
         
         config.remove_option("LIST_SBS")
         config.add_option('LISTFILES', short_option = 'L', default = None, help = 'list all files cached in memory', action = 'count')
-        
+    
+        self.ptr_size = -1
+
     def _walk_sb(self, dentry_param, parent):
         ret = []
             
@@ -82,10 +84,10 @@ def _get_sbs(self):
 
         return ret
 
-    def walk_sbs(self):
-        linux_common.set_plugin_members(self)
-        
-        sbs = self._get_sbs()
+    def walk_sbs(self, sbs = []):
+        if sbs == []:
+            linux_common.set_plugin_members(self)
+            sbs = self._get_sbs()
 
         for (sb, sb_path) in sbs:
             if sb_path != "/":
@@ -147,12 +149,77 @@ def render_text(self, outfd, data):
                 self.table_row(outfd, inode_num, inode, file_path)
                 
     # from here down is code to walk the page cache and mem_map / mem_section page structs#
+    def radix_tree_is_internal_node(self, ptr):
+        if hasattr(ptr, "v"):
+            ptr = ptr.v()
+
+        return ptr & 3 == 1
+
     def radix_tree_is_indirect_ptr(self, ptr):
         return ptr & 1
 
     def radix_tree_indirect_to_ptr(self, ptr):
         return obj.Object("radix_tree_node", offset = ptr & ~1, vm = self.addr_space)
 
+    def index_is_valid(self, root, index):
+        node = root.rnode
+        if self.radix_tree_is_internal_node(node):
+            maxindex = (self.RADIX_TREE_MAP_SIZE << node.shift) - 1 
+        else:
+            maxindex = 0
+       
+        if index > maxindex:
+            node = None
+
+        return node
+
+    def is_sibling_entry(self, parent, node):
+        parent_ptr = parent.slots.obj_offset
+        node_ptr   = node
+
+        return (parent_ptr <= node_ptr) and \
+                (node_ptr < parent_ptr + (self.ptr_size * self.RADIX_TREE_MAP_SIZE))
+
+    def get_slot_offset(self, parent, slot):
+        return (slot.v() - parent.slots.obj_offset) / self.ptr_size
+
+    def radix_tree_descend(self, parent, node, index):
+        offset  = (index >> parent.shift) & self.RADIX_TREE_MAP_MASK
+        ent_ptr = parent.slots.obj_offset + (self.ptr_size * offset)
+        entry   = obj.Object(theType="Pointer", targetType="unsigned long", offset = ent_ptr, vm = self.addr_space)
+
+        if 1: # TODO - multi order 
+            if self.radix_tree_is_internal_node(entry):
+                print "multi internal"
+                if self.is_sibling_entry(parent, entry):
+                    print "sibling ptr"
+                    sibentry = self.radix_tree_indirect_to_ptr(entry)
+                    offset = self.get_slot_offset(parent, sibentry)
+                    entry   = sibentry.v()
+
+        node = entry
+
+        return offset, node
+
+    def find_slot_post_4_11(self, root, index):
+        node = self.index_is_valid(root, index)
+        if node == None:
+            return None
+        
+        slot = root.rnode.v()
+
+        while self.radix_tree_is_internal_node(node):
+            if node == 1:
+                return None
+            else:
+                parent    = self.radix_tree_indirect_to_ptr(node)
+                offset, node = self.radix_tree_descend(parent, node, index) 
+                slot_addr = parent.slots.obj_offset + (offset * self.ptr_size)
+                slot      = obj.Object(theType="Pointer", targetType="unsigned long", offset = slot_addr, vm = self.addr_space)
+                slot      = slot.v()
+
+        return slot
+
     def radix_tree_lookup_slot(self, root, index):
         self.RADIX_TREE_MAP_SHIFT = 6
         self.RADIX_TREE_MAP_SIZE = 1 << self.RADIX_TREE_MAP_SHIFT
@@ -160,40 +227,46 @@ def radix_tree_lookup_slot(self, root, index):
 
         node = root.rnode
 
-        if self.radix_tree_is_indirect_ptr(node) == 0:
-
-            if index > 0:
-                return None
-
-            off = root.obj_offset + self.profile.get_obj_offset("radix_tree_root", "rnode")
-            page = obj.Object("Pointer", offset = off, vm = self.addr_space)
-            return page
+        post_4_11 = False
 
-        node = self.radix_tree_indirect_to_ptr(node)
-       
         if hasattr(node, "height"):
             height = node.height
-        else:
+        elif hasattr(node, "path"):
             height = node.path
-            
-        if hasattr(node, "shift"):
-            shift = node.shift
         else:
-            shift = (height - 1) * self.RADIX_TREE_MAP_SHIFT
+            post_4_11 = True
+        
+        if post_4_11:
+            slot = self.find_slot_post_4_11(root, index)
+        else:
+            if self.radix_tree_is_indirect_ptr(node) == 0:
+                if index > 0:
+                    return None
 
-        slot = -1
+                off = root.obj_offset + self.profile.get_obj_offset("radix_tree_root", "rnode")
+                page = obj.Object("Pointer", offset = off, vm = self.addr_space)
+                return page
 
-        while 1:
-            idx = (index >> shift) & self.RADIX_TREE_MAP_MASK
-            slot = node.slots[idx]
-            node = self.radix_tree_indirect_to_ptr(slot)
-            shift = shift - self.RADIX_TREE_MAP_SHIFT
-            height = height - 1
-            if height <= 0:
-                break
+            node = self.radix_tree_indirect_to_ptr(node)
+            
+            if hasattr(node, "shift"):
+                shift = node.shift
+            else:
+                shift = (height - 1) * self.RADIX_TREE_MAP_SHIFT
 
-        if slot == -1:
-            return None
+            slot = -1
+
+            while 1:
+                idx = (index >> shift) & self.RADIX_TREE_MAP_MASK
+                slot = node.slots[idx]
+                node = self.radix_tree_indirect_to_ptr(slot)
+                shift = shift - self.RADIX_TREE_MAP_SHIFT
+                height = height - 1
+                if height <= 0:
+                    break
+
+            if slot == -1:
+                return None
 
         return slot
 
@@ -216,6 +289,7 @@ def get_page_contents(self, inode, idx):
         if page_addr:
             page = obj.Object("page", offset = page_addr, vm = self.addr_space)
             phys_offset = page.to_paddr()
+
             if phys_offset > 0:
                 phys_as = utils.load_as(self._config, astype = 'physical')
                 data = phys_as.zread(phys_offset, 4096)
@@ -230,6 +304,11 @@ def get_page_contents(self, inode, idx):
     # and handles the last page not being page_size aligned 
     def get_file_contents(self, inode):
         linux_common.set_plugin_members(self)
+        if self.addr_space.profile.metadata.get('memory_model', '32bit') == "32bit":
+            self.ptr_size = 4
+        else:
+            self.ptr_size = 8
+
         data = ""
         file_size = inode.i_size
 
@@ -245,7 +324,7 @@ def get_file_contents(self, inode):
 
         if idxs > 1000000000:
             raise StopIteration
-
+            
         for idx in range(0, idxs):
             data = self.get_page_contents(inode, idx)
                 
diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 0e7a042d1..ab619bea7 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2484,14 +2484,18 @@ def to_paddr(self):
             mem_map_ptr = obj.Object("Pointer", offset = mem_map_addr, vm = self.obj_vm, parent = self.obj_parent)
 
         elif mem_section_addr:
-            # this is hardcoded in the kernel - VMEMMAPSTART, usually 64 bit kernels
-            mem_map_ptr = 0xffffea0000000000
-
+            mem_map_ptr_addr = self.obj_vm.profile.get_symbol("vmemmap_base")
+            if mem_map_ptr_addr:
+                # (later) ASLR kernels
+                mem_map_ptr = obj.Object("unsigned long", offset = mem_map_ptr_addr, vm = self.obj_vm)
+            else:
+                # this is hardcoded in the kernel - VMEMMAPSTART, usually 64 bit kernels
+                mem_map_ptr = 0xffffea0000000000
         else:
             debug.error("phys_addr_of_page: Unable to determine physical address of page. NUMA is not supported at this time.\n")
-
+        
         phys_offset = (self.obj_offset - mem_map_ptr) / self.obj_vm.profile.get_obj_size("page")
-
+        
         phys_offset = phys_offset << 12
 
         return phys_offset

From 68065613c3bb87140fc58a4892393c1d81d82a95 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 1 Aug 2017 09:29:42 -0500
Subject: [PATCH 135/304] Linux - remove dead code from keyboard_notifiers

---
 volatility/plugins/linux/keyboard_notifiers.py | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/volatility/plugins/linux/keyboard_notifiers.py b/volatility/plugins/linux/keyboard_notifiers.py
index 60736c161..4faae4885 100644
--- a/volatility/plugins/linux/keyboard_notifiers.py
+++ b/volatility/plugins/linux/keyboard_notifiers.py
@@ -55,11 +55,6 @@ def calculate(self):
                 if not sym_name:
                     sym_name = "HOOKED"
                     
-                    module = obj.Object("module", offset = 0xffffffffa03a15d0, vm = self.addr_space)
-                    sym = module.get_symbol_for_address(call_addr)
-     
-                    sym_name = "%s: %s/%s" % (sym_name, module.name, sym)
-
                 hooked = 1            
         
             symbol_cache[call_addr] = sym_name

From 9c066576838eb9ab7a070d8f2455792fab2c3f55 Mon Sep 17 00:00:00 2001
From: Tom O'Connor <toc@list.org>
Date: Wed, 2 Aug 2017 08:23:05 -0400
Subject: [PATCH 136/304] Adding conditionals to allow for compilation against
 older Linux kernels

---
 tools/linux/module.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tools/linux/module.c b/tools/linux/module.c
index 1604924fc..193f44b1b 100644
--- a/tools/linux/module.c
+++ b/tools/linux/module.c
@@ -60,7 +60,9 @@ struct xt_table xt_table;
 #include <asm/termbits.h>
 
 #include <linux/notifier.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
 struct atomic_notifier_head atomic_notifier_head;
+#endif
 
 #include <linux/tty_driver.h>
 struct tty_driver tty_driver;
@@ -86,10 +88,12 @@ struct unix_sock unix_sock;
 struct pid pid;
 struct radix_tree_root radix_tree_root;
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,12)
 #ifdef CONFIG_NET_SCHED
 #include <net/sch_generic.h>
 struct Qdisc qdisc;
 #endif
+#endif
 
 struct inet_protosw inet_protosw;
 
@@ -177,7 +181,12 @@ struct rt_hash_bucket {
 } rt_hash_bucket;
 
 #ifndef RADIX_TREE_MAP_SHIFT
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,18)
+#define RADIX_TREE_MAP_SHIFT    6
+#else
 #define RADIX_TREE_MAP_SHIFT    (CONFIG_BASE_SMALL ? 4 : 6)
+#endif
 #define RADIX_TREE_MAP_SIZE     (1UL << RADIX_TREE_MAP_SHIFT)
 #define RADIX_TREE_MAP_MASK     (RADIX_TREE_MAP_SIZE-1)
 #define RADIX_TREE_TAG_LONGS    ((RADIX_TREE_MAP_SIZE + BITS_PER_LONG - 1) / BITS_PER_LONG)

From cf60a2f27db02e224d2b86bbb58f6db20127e81c Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 14 Aug 2017 18:58:10 -0500
Subject: [PATCH 137/304] Linux - update module.c for proc_dir_entry changes

---
 tools/linux/module.c | 65 ++++++++++++++++++++++++++++++--------------
 1 file changed, 45 insertions(+), 20 deletions(-)

diff --git a/tools/linux/module.c b/tools/linux/module.c
index 193f44b1b..f384bc4a0 100644
--- a/tools/linux/module.c
+++ b/tools/linux/module.c
@@ -575,26 +575,51 @@ struct mount {
 #endif
 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,13,0)
-struct proc_dir_entry {
-    unsigned int low_ino;
-    umode_t mode;
-    nlink_t nlink;
-    kuid_t uid;
-    kgid_t gid;
-    loff_t size;
-    const struct inode_operations *proc_iops;
-    const struct file_operations *proc_fops;
-    struct proc_dir_entry *next, *parent, *subdir;
-    void *data;
-    atomic_t count;         /* use count */
-    atomic_t in_use;        /* number of callers into module in progress; */
-                          /* negative -> it's going away RSN */
-    struct completion *pde_unload_completion;
-    struct list_head pde_openers;   /* who did ->open, but not ->release */
-    spinlock_t pde_unload_lock; /* proc_fops checks and pde_users bumps */
-    u8 namelen;
-    char name[];
-};
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3,19,0)
+    struct proc_dir_entry {
+        unsigned int low_ino;
+        umode_t mode;
+        nlink_t nlink;
+        kuid_t uid;
+        kgid_t gid;
+        loff_t size;
+        const struct inode_operations *proc_iops;
+        const struct file_operations *proc_fops;
+        struct proc_dir_entry *next, *parent, *subdir;
+        void *data;
+        atomic_t count;         /* use count */
+        atomic_t in_use;        /* number of callers into module in progress; */
+                              /* negative -> it's going away RSN */
+        struct completion *pde_unload_completion;
+        struct list_head pde_openers;   /* who did ->open, but not ->release */
+        spinlock_t pde_unload_lock; /* proc_fops checks and pde_users bumps */
+        u8 namelen;
+        char name[];
+    };
+#else
+   struct proc_dir_entry {
+        unsigned int low_ino;
+        umode_t mode;
+        nlink_t nlink;
+        kuid_t uid;
+        kgid_t gid;
+        loff_t size;
+        const struct inode_operations *proc_iops;
+        const struct file_operations *proc_fops;
+        struct proc_dir_entry *parent;
+        struct rb_root subdir;
+        struct rb_node subdir_node;
+        void *data;
+        atomic_t count;     /* use count */
+        atomic_t in_use;    /* number of callers into module in progress; */
+                /* negative -> it's going away RSN */
+        struct completion *pde_unload_completion;
+        struct list_head pde_openers;   /* who did ->open, but not ->release */
+        spinlock_t pde_unload_lock; /* proc_fops checks and pde_users bumps */
+        u8 namelen;
+        char name[];
+   };
+#endif
 #endif
 
 struct resource resource;

From 7f9f7715db2903ee064ae03c95d90c3720db5be8 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 14 Aug 2017 18:59:40 -0500
Subject: [PATCH 138/304] Linux - add stricter checks in cached file
 enumeration

---
 volatility/plugins/linux/find_file.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/volatility/plugins/linux/find_file.py b/volatility/plugins/linux/find_file.py
index 75af44218..f568ca66e 100644
--- a/volatility/plugins/linux/find_file.py
+++ b/volatility/plugins/linux/find_file.py
@@ -62,16 +62,22 @@ def _walk_sb(self, dentry_param, parent):
 
             if not dentry.d_name.name.is_valid():
                 continue
-
+            
+            inode = dentry.d_inode
+            
+            ivalid = False
+            if inode and inode.is_valid():
+                if inode.i_ino == 0 or inode.i_ino > 100000000000:
+                    continue
+                ivalid = True
+            
             # do not use os.path.join
             # this allows us to have consistent paths from the user
             name  = dentry.d_name.name.dereference_as("String", length = 255)
             new_file = parent + "/" + name
             ret.append((new_file, dentry))
  
-            inode = dentry.d_inode
-
-            if inode and inode.is_valid() and inode.is_dir():
+            if ivalid and inode.is_dir():
                 ret = ret + self._walk_sb(dentry, new_file)
 
         return ret

From 5a64808793caee4a952a6a9fb03a79d6a691b74e Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 14 Aug 2017 19:01:48 -0500
Subject: [PATCH 139/304] Linux - update check_fop through 4.13 and with more
 checks

---
 volatility/plugins/linux/check_fops.py | 146 ++++++++++++++++++++-----
 1 file changed, 120 insertions(+), 26 deletions(-)

diff --git a/volatility/plugins/linux/check_fops.py b/volatility/plugins/linux/check_fops.py
index d9ef2013b..237acd0af 100644
--- a/volatility/plugins/linux/check_fops.py
+++ b/volatility/plugins/linux/check_fops.py
@@ -43,6 +43,8 @@ class linux_check_fop(linux_common.AbstractLinuxCommand):
     def __init__(self, config, *args, **kwargs):
         linux_common.AbstractLinuxCommand.__init__(self, config, *args, **kwargs)
         self._config.add_option('INODE', short_option = 'i', default = None, help = 'inode to check', action = 'store', type='int')
+        # to prevent multiple plugins from walking the process list
+        self.tasks = []
 
     def check_file_cache(self, f_op_members, modules):
          for (_, _, file_path, file_dentry) in find_file.linux_find_file(self._config).walk_sbs():
@@ -53,6 +55,7 @@ def check_open_files_fop(self, f_op_members, modules):
         # get all the members in file_operations, they are all function pointers
         tasks = linux_pslist.linux_pslist(self._config).calculate()
         for task in tasks:
+            self.tasks.append(task)
             for filp, i in task.lsof():
                 for (hooked_member, hook_address) in self.verify_ops(filp.f_op, f_op_members, modules):
                     name = "{0:s} {1:d} {2:s}".format(task.comm, i, linux_common.get_path(task, filp))
@@ -60,26 +63,59 @@ def check_open_files_fop(self, f_op_members, modules):
                     
     def check_proc_fop(self, f_op_members, modules):
         proc_mnt_addr = self.addr_space.profile.get_symbol("proc_mnt")
-        if not proc_mnt_addr:
-            return
+        
+        if proc_mnt_addr:
+            proc_mnt_ptr = obj.Object("Pointer", offset = proc_mnt_addr, vm = self.addr_space)
+            proc_mnts    = [proc_mnt_ptr.dereference_as("vfsmount")]
+        else:
+            proc_mnts = []
+            seen_pids = {}
+                
+            if self.addr_space.profile.obj_has_member("nsproxy", "pid_ns"):
+                ns_member = "pid_ns"
+            else:
+                ns_member = "pid_ns_for_children"
 
-        proc_mnt_ptr = obj.Object("Pointer", offset = proc_mnt_addr, vm = self.addr_space)
-        proc_mnt = proc_mnt_ptr.dereference_as("vfsmount")
+            for task in self.tasks:
+                nsp = task.nsproxy
+                pidns = nsp.m(ns_member)
 
-        root = proc_mnt.mnt_root
+                if pidns.v() in seen_pids:
+                    continue
 
-        for (hooked_member, hook_address) in self.verify_ops(root.d_inode.i_fop, f_op_members, modules):
-            yield ("proc_mnt: root", hooked_member, hook_address)
+                seen_pids[pidns.v()] = 1
 
-        # only check the root directory
-        for dentry in root.d_subdirs.list_of_type("dentry", "d_u"):
-            name = dentry.d_name.name.dereference_as("String", length = 255)
-            
-            for (hooked_member, hook_address) in self.verify_ops(dentry.d_inode.i_fop, f_op_members, modules): 
-                yield("proc_mnt: {0}".format(name), hooked_member, hook_address)
-    
-    def walk_proc(self, cur, f_op_members, modules, parent = ""):
+                proc_mnts.append(pidns.proc_mnt)
+
+        for proc_mnt in proc_mnts:
+            root = proc_mnt.mnt_root
+
+            for (hooked_member, hook_address) in self.verify_ops(root.d_inode.i_fop, f_op_members, modules):
+                yield ("proc_mnt: root: %x" % root.v(), hooked_member, hook_address)
+
+            # only check the root directory
+            if self.addr_space.profile.obj_has_member("dentry", "d_child"):
+                walk_member = "d_child"
+            else:
+                walk_member = "d_u"
+
+            for dentry in root.d_subdirs.list_of_type("dentry", walk_member):
+                name = dentry.d_name.name.dereference_as("String", length = 255)
+
+                for (hooked_member, hook_address) in self.verify_ops(dentry.d_inode.i_fop, f_op_members, modules): 
+                    yield("proc_mnt: {0:x}:{1}".format(root.v(), name), hooked_member, hook_address)
+
+    def _get_name(self, pde, parent):
+        if type(pde.name) == obj.Pointer:
+            s = pde.name.dereference_as("String", length = 255)
+        else:
+            s = pde.obj_vm.read(pde.name.obj_offset, pde.namelen)
+        
+        return str(parent + "/" + str(s))
+
+    def _walk_proc_old(self, cur, f_op_members, modules, parent):
         last_cur = None
+
         while cur:
             if cur.obj_offset in self.seen_proc:
                 if cur.obj_offset == last_cur:
@@ -89,24 +125,69 @@ def walk_proc(self, cur, f_op_members, modules, parent = ""):
                 continue
 
             self.seen_proc[cur.obj_offset] = 1
+                
+            name = self._get_name(cur, parent)
             
-            name = cur.name.dereference_as("String", length = 255)
-
-            fops = cur.proc_fops
-
-            for (hooked_member, hook_address) in self.verify_ops(fops, f_op_members, modules):
+            for (hooked_member, hook_address) in self.verify_ops(cur.proc_fops, f_op_members, modules):
                 yield (name, hooked_member, hook_address)
 
             subdir = cur.subdir
 
             while subdir:
-                for (name, hooked_member, hook_address) in self.walk_proc(subdir, f_op_members, modules):
-                    yield (name, hooked_member, hook_address)
+                for (subname, hooked_member, hook_address) in self._walk_proc_old(subdir, f_op_members, modules, name):
+                    yield (subname, hooked_member, hook_address)
                 subdir = subdir.next
 
             last_cur = cur.obj_offset
             cur = cur.next
 
+    def _walk_rb(self, rb):
+        nodes = []
+
+        if not rb.is_valid():
+             return nodes
+
+        rboff = self.addr_space.profile.get_obj_offset("proc_dir_entry", "subdir_node")
+        pde = obj.Object("proc_dir_entry", offset = rb.v() - rboff, vm = self.addr_space)
+        
+        nodes.append(pde)
+
+        for pde2 in self._walk_rb(rb.rb_left):
+            nodes.append(pde2)
+ 
+        for pde3 in self._walk_rb(rb.rb_right):
+            nodes.append(pde3)
+
+        return nodes
+
+    def _do_walk_proc_current(self, cur, f_op_members, modules, parent):
+        nodes = []
+
+        for pde in self._walk_rb(cur.subdir.rb_node):
+            name = self._get_name(pde, parent)
+
+            nodes.append((pde, name))
+            
+            nodes = nodes + self._do_walk_proc_current(pde, f_op_members, modules, name)
+
+        return nodes
+
+    def _walk_proc_current(self, cur, f_op_members, modules, parent):
+        proc_entries = self._do_walk_proc_current(cur, f_op_members, modules, parent)
+
+        for (pde, name) in proc_entries:
+            for (hooked_member, hook_address) in self.verify_ops(pde.proc_fops, f_op_members, modules):
+                yield (name, hooked_member, hook_address)
+
+    def _walk_proc_dir(self, proc_root, f_op_members, modules, parent):
+        if self.addr_space.profile.obj_has_member("proc_dir_entry", "subdir_node"):
+            walk_proc = self._walk_proc_current
+        else:
+            walk_proc = self._walk_proc_old
+
+        for (name, hooked_member, hook_address) in walk_proc(proc_root, f_op_members, modules, parent):
+            yield (name, hooked_member, hook_address) 
+        
     def check_proc_root_fops(self, f_op_members, modules):   
         self.seen_proc = {}
  
@@ -115,9 +196,21 @@ def check_proc_root_fops(self, f_op_members, modules):
 
         for (hooked_member, hook_address) in self.verify_ops(proc_root.proc_fops, f_op_members, modules):
             yield("proc_root", hooked_member, hook_address)
+   
+        for (name, hooked_member, hook_address) in self._walk_proc_dir(proc_root, f_op_members, modules, "/proc"):
+            yield(name, hooked_member, hook_address)
 
-        for (name, hooked_member, hook_address) in self.walk_proc(proc_root, f_op_members, modules):
-            yield (name, hooked_member, hook_address) 
+    def check_proc_net_fops(self, f_op_members, modules):   
+        nslist_addr = self.addr_space.profile.get_symbol("net_namespace_list")
+        # < 2.6.23
+        if not nslist_addr:
+            return
+
+        nethead = obj.Object("list_head", offset = nslist_addr, vm = self.addr_space)
+
+        for net in nethead.list_of_type("net", "list"):
+            for (name, hooked_member, hook_address) in self._walk_proc_dir(net.proc_net, f_op_members, modules, "/proc/net"):
+                yield (name, hooked_member, hook_address)
 
     def calculate(self):
         linux_common.set_plugin_members(self)
@@ -136,8 +229,9 @@ def calculate(self):
                 yield("inode at {0:x}".format(inode.obj_offset), hooked_member, hook_address)
             
         else:
-            funcs = [self.check_open_files_fop, self.check_proc_fop, self.check_proc_root_fops, self.check_file_cache]
-
+            funcs = [self.check_open_files_fop, self.check_proc_fop, self.check_proc_root_fops, \
+                    self.check_proc_net_fops, self.check_file_cache]
+            
             for func in funcs:
                 for (name, member, address) in func(f_op_members, modules):
                     yield (name, member, address)

From 6e1f68e9698ef8127ded71fc7cb25adf898c5225 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 15 Aug 2017 08:25:39 -0500
Subject: [PATCH 140/304] Windows - set maximum number of entries

---
 volatility/plugins/overlays/windows/pe_vtypes.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/volatility/plugins/overlays/windows/pe_vtypes.py b/volatility/plugins/overlays/windows/pe_vtypes.py
index 06999adae..f4ea785ba 100644
--- a/volatility/plugins/overlays/windows/pe_vtypes.py
+++ b/volatility/plugins/overlays/windows/pe_vtypes.py
@@ -957,6 +957,10 @@ def __init__(self, theType = None, offset = None, vm = None, parent = None, *arg
 
     def get_entries(self):
         """Gets a tree of the entries from the top level IRD"""
+
+        if self.NamedEntriesCount + self.IdEntriesCount > 4096:
+            return
+ 
         for irde in self.Entries:
             if irde != None:
                 if irde.Name & 0x80000000:

From 831ff24ab03910434d630da2394afc6d91c8814d Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 16 Aug 2017 18:39:03 -0500
Subject: [PATCH 141/304] Linux - rework to ASLR scanner to be more resistant
 to stale swapper structures

---
 volatility/plugins/overlays/linux/linux.py | 28 ++++++++++++----------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index ab619bea7..4f78e2a88 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2300,9 +2300,9 @@ def generate_suggestions(self):
 
         good_dtb = -1
             
-        init_task_addr = tbl["init_task"][0][0] + physical_shift_address
-        dtb_sym_addr   = tbl[sym][0][0] + physical_shift_address
-        files_sym_addr = tbl["init_files"][0][0] + physical_shift_address
+        init_task_addr = tbl["init_task"][0][0] + virtual_shift_address
+        dtb_sym_addr   = tbl[sym][0][0] + virtual_shift_address
+        files_sym_addr = tbl["init_files"][0][0] + virtual_shift_address
        
         comm_offset   = profile.get_obj_offset("task_struct", "comm")
         pid_offset    = profile.get_obj_offset("task_struct", "pid")
@@ -2311,7 +2311,7 @@ def generate_suggestions(self):
         pas           = self.obj_vm
         
         if physical_shift_address != 0 and virtual_shift_address != 0:
-            good_dtb  = dtb_sym_addr - shifts[0]
+            good_dtb = (dtb_sym_addr - shifts[0] - virtual_shift_address) + physical_shift_address
             self.obj_vm.profile.physical_shift = physical_shift_address 
             self.obj_vm.profile.virtual_shift  = virtual_shift_address
 
@@ -2341,21 +2341,23 @@ def generate_suggestions(self):
                 if pas.read(swapper_address + pid_offset, 4) != "\x00\x00\x00\x00":
                     continue
 
-                tmp_shift_address = swapper_address - (init_task_addr - shifts[0])
-                if tmp_shift_address & 0xfff != 0x000:
+                tmp_physical_shift = swapper_address - (init_task_addr - shifts[0]) 
+                if tmp_physical_shift & 0xfff != 0x000:
+                    continue
+
+                good_dtb = (dtb_sym_addr - shifts[0] + 0) + tmp_physical_shift 
+
+                if pas.zread(good_dtb, 8) != "\x00\x00\x00\x00\x00\x00\x00\x00":
                     continue
 
-                physical_shift_address = tmp_shift_address
-                
-                self.obj_vm.profile.physical_shift = physical_shift_address
-                good_dtb = dtb_sym_addr - shifts[0] + physical_shift_address
-                
                 files_buf  = pas.read(swapper_address + files_offset, read_sz)
                 files_addr = struct.unpack(fmt, files_buf)[0]
 
-                # will be 0 for kernels that don't randomize the physical load address
-                self.obj_vm.profile.virtual_shift = files_addr - files_sym_addr
+                tmp_virtual_shift = files_addr - files_sym_addr
 
+                self.obj_vm.profile.physical_shift = tmp_physical_shift
+                self.obj_vm.profile.virtual_shift  = tmp_virtual_shift
+ 
                 break
         
         yield good_dtb

From f56382a3890210369f76b228b57ba09ee80c4f3e Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 17 Aug 2017 04:01:55 -0500
Subject: [PATCH 142/304] Linux - remove prints and update api for
 linux_moddump

---
 volatility/plugins/linux/lsmod.py | 26 +++++---------------------
 1 file changed, 5 insertions(+), 21 deletions(-)

diff --git a/volatility/plugins/linux/lsmod.py b/volatility/plugins/linux/lsmod.py
index c07e11bad..0e383f9a0 100644
--- a/volatility/plugins/linux/lsmod.py
+++ b/volatility/plugins/linux/lsmod.py
@@ -274,7 +274,6 @@ def _parse_sections(self, module):
             sort_idx = sorted_ents[address]
 
             if name == ".symtab":
-                print "FIXING"
                 str_section_data = self._fix_sym_table(module, sect_sa)
                 str_size = len(str_section_data)
                 size = str_size
@@ -282,11 +281,9 @@ def _parse_sections(self, module):
                 try:
                     next_addr = addrs[sort_idx+1]
                     size = next_addr - address
-                    #print "%x | %x | %8x | %d | %s" % (next_addr, address, size, sort_idx, name)
                 except IndexError:
                     # the last one
                     size = 0x4000 # guess?
-                    #print "one: size 0x4000 for %s" % name
 
             sect_sa.append((name, address, size))
 
@@ -296,21 +293,16 @@ def _parse_sections(self, module):
             try:
                 next_addr = addrs[sort_idx+1]
                 size = next_addr - address
-                #print "%x | %x | %8x | %d | %s" % (next_addr, address, size, sort_idx, name)
             except IndexError:
                 # the last one
                 size = 0x4000 # guess?
 
             if name == ".symtab":
-                print "FIXING 2"
                 size         = str_size
                 section_data = str_section_data
             else:  
                 section_data = module.obj_vm.zread(address, size)
-                #print "reading %d bytes from %x for section %s : got %d" % (size, address, name, len(section_data))
 
-            print "adding section %s | %d with size %d | %d" % (name, sect_bytes, size, len(section_data))
-            
             updated_sections.append((name, address, size, sect_bytes, section_data))
             
             sect_bytes = sect_bytes + size
@@ -431,8 +423,6 @@ def _make_sect_header_64(self, name, address, size, file_off, strtab_idx, symtab
         return data
 
     def _make_sect_header_32(self, name, address, size, file_off, strtab_idx, symtab_idx):
-        #print "trying: %-30s | %.16x | %.8x | %d" % (name, address, size, file_off)
-
         int_sh_type = self._calc_sect_type(name)
 
         sh_name       = struct.pack("<I", self._calc_sect_name_idx(name))
@@ -474,7 +464,6 @@ def _find_sec(self, sections_info, sym_addr):
             (name, address, size) = sect
             
             if address <= sym_addr < address + size:
-                #print "found in sec: %s" % name
                 return name
 
         return ""
@@ -484,8 +473,6 @@ def _fix_sym_table(self, module, sections_info):
         
         first_name = False
 
-        print "walking %d syms to be fixed...." % module.num_symtab
-
         if self.addr_space.profile.metadata.get('memory_model', '32bit') == '64bit':
             sym_type     = "elf64_sym"
             st_value_fmt = "<Q"
@@ -554,7 +541,6 @@ def _fix_sym_table(self, module, sections_info):
             b = (bind << 4) & 0xf0
             t = stype & 0xf
             st_info = (b | t) & 0xff
-            #print "st_info: %x : %x | %x || %d | %x" % (sym.st_value, b, t, st_info, st_info)
             st_info = struct.pack("B", st_info)
             
             #### fix indexes ####
@@ -611,21 +597,16 @@ def _get_module_data(self, module):
 
         strtab_idx = len(updated_sections) 
 
-        print "******************"
-
         for (i, (name, address, size, file_off, sect_data)) in enumerate(updated_sections):
             section_headers = section_headers + _make_sect_header(name, address, size, file_off, strtab_idx, symtab_idx)
             
-            print "added section %30s with size %6d file offset %6d len(section_data): %6d"  % (name, size, file_off, len(section_data))
-
             section_data    = section_data + sect_data              
 
             last_file_off = file_off
             last_sec_sz   = len(sect_data)
 
             if len(sect_data) != size:
-                print "BROKEN SIZE"
-                exit()
+                return ""
 
         # we need this section, but its not in memory
         # we can manually create it though and add it to our file
@@ -640,6 +621,9 @@ def _get_module_data(self, module):
 
         return header + section_data + section_headers 
 
+    def get_module_data(self, module):
+        return self._get_module_data(module)
+
     def render_text(self, outfd, data):
         if not self._config.DUMP_DIR:
             debug.error("You must supply a --dump-dir output directory")
@@ -648,7 +632,7 @@ def render_text(self, outfd, data):
             ## TODO: pass module.name through a char sanitizer 
             file_name = "{0}.{1:#x}.lkm".format(module.name, module.obj_offset)
             mod_file = open(os.path.join(self._config.DUMP_DIR, file_name), 'wb')
-            mod_data = self._get_module_data(module)
+            mod_data = self.get_module_data(module)
             mod_file.write(mod_data)
             mod_file.close()
             outfd.write("Wrote {0} bytes to {1}\n".format(len(mod_data), file_name))

From 4b680c86ecb70340f63d76769b6a0a1f488aa53d Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 17 Aug 2017 19:18:06 -0500
Subject: [PATCH 143/304] Linux - add support for indexes for both system call
 tables on 64 bit systems

---
 volatility/plugins/linux/check_syscall.py | 141 ++++++++++++----------
 1 file changed, 74 insertions(+), 67 deletions(-)

diff --git a/volatility/plugins/linux/check_syscall.py b/volatility/plugins/linux/check_syscall.py
index 8055998aa..c20431e0b 100644
--- a/volatility/plugins/linux/check_syscall.py
+++ b/volatility/plugins/linux/check_syscall.py
@@ -45,11 +45,6 @@
 class linux_check_syscall(linux_common.AbstractLinuxCommand):
     """ Checks if the system call table has been altered """
 
-
-    def __init__(self, config, *args, **kwargs):
-        linux_common.AbstractLinuxCommand.__init__(self, config, *args, **kwargs)
-        self._config.add_option('syscall-indexes', short_option = 'I', default = None, help = 'Path to unistd_{32,64}.h from the target machine', action = 'store', type = 'str')
-
     def _get_table_size(self, table_addr, table_name):
         """
         Returns the size of the table based on the next symbol
@@ -129,7 +124,6 @@ def _get_table_info(self, table_name):
 
         return [table_addr, table_size]
 
-
     def _compute_hook_sym_name(self, visible_mods, hidden_mods, call_addr):
         mod_found = 0
         for (module, _, __) in visible_mods:
@@ -151,8 +145,12 @@ def _compute_hook_sym_name(self, visible_mods, hidden_mods, call_addr):
 
         return sym_name
 
-    def _index_name(self, index_names, i):
-        if i in index_names:
+    def _index_name(self, table_name, index_info, i):   
+        index_names = index_info[table_name]
+
+        if len(index_names.keys()) == 0:
+            ret = ""
+        elif i in index_names:
             ret = index_names[i]
         else:
             ret = "<INDEX NOT FOUND %d>" % i
@@ -176,40 +174,21 @@ def _find_index(self, index_names, line_index):
 
         return ret
 
-    def get_syscalls(self, index_lines = None, get_hidden = False):
+    def get_syscalls(self, index_info = None, get_hidden = False, compute_name = True):
         linux_common.set_plugin_members(self)
 
         if get_hidden:
             hidden_mods = list(linux_hidden_modules.linux_hidden_modules(self._config).calculate())
         else:
             hidden_mods = []    
-    
-        visible_mods = linux_lsmod.linux_lsmod(self._config).calculate()
-
-        if not index_lines:
-            index_lines = self._find_and_parse_index_file()
-
-        if index_lines:
-            index_names = {}
-            for line in index_lines.split("\n"): 
-                ents = line.split()
-
-                if len(ents) == 3 and ents[0] == "#define":
-                    name  = ents[1].replace("__NR_", "")
-
-                    # "(__NR_timer_create+1)"
-                    index = ents[2] 
-                    if index[0] == "(":
-                        index = self._find_index(index_names, index)
-                    else:
-                        try:
-                            index = int(index)
-                        except ValueError:
-                            index = 999999  #well beyond any valid table index
-
-                    index_names[index] = name
+   
+        if compute_name:
+            visible_mods = linux_lsmod.linux_lsmod(self._config).calculate()
         else:
-            index_names = None
+            visible_mods = []
+
+        if not index_info:
+            index_info = self._find_and_parse_index_file()
 
         table_name = self.addr_space.profile.metadata.get('memory_model', '32bit')
         sym_addrs = self.profile.get_all_addresses()
@@ -229,51 +208,87 @@ def get_syscalls(self, index_lines = None, get_hidden = False):
                 if not call_addr:
                     continue
 
-                if index_names:
-                    idx_name = self._index_name(index_names, i)
-                else:
-                    idx_name = ""
+                idx_name = self._index_name(table_name, index_info, i)
 
                 call_addr = int(call_addr)
 
                 if not call_addr in sym_addrs:
                     hooked = 1
-
                     sym_name = self._compute_hook_sym_name(visible_mods, hidden_mods, call_addr)
                 else:
                     hooked = 0 
                     sym_name = self.profile.get_symbol_by_address("kernel", call_addr)
 
                 yield (tableaddr, table_name, i, idx_name, call_addr, sym_name, hooked)
- 
-    def _find_and_parse_index_file(self):
-        memory_model = self.addr_space.profile.metadata.get('memory_model', '32bit')
 
-        if memory_model == '32bit':
-            header_path = "unistd_32.h"
+    def get_unistd_paths(self):
+        if self.profile.metadata.get('memory_model', '32bit') == "32bit":
+            is_32 = True
+            paths32 = ["/usr/include/i386-linux-gnu/asm/unistd_32.h", "/usr/include/asm/unistd_32.h"]
+            paths64 = []
         else:
-            header_path = "unistd_64.h"
+            is_32 = False
+            paths32 = ["/usr/include/x86_64-linux-gnu/asm/unistd_32.h", "/usr/include/asm/unistd_32.h"]
+            paths64 = ["/usr/include/x86_64-linux-gnu/asm/unistd_64.h", "/usr/include/asm/unistd_64.h"]
 
-        find_file = linux_find_file.linux_find_file(self._config)
+        return is_32, paths32, paths64
+
+    def _parse_index_file(self, index_lines):
+        index_names = {}
+
+        for line in index_lines.split("\n"): 
+            ents = line.split()
+
+            if len(ents) == 3 and ents[0] == "#define":
+                name  = ents[1].replace("__NR_", "")
+
+                index = ents[2] 
+                if index[0] == "(":
+                    index = self._find_index(index_names, index)
+                else:
+                    try:
+                        index = int(index)
+                    except ValueError:
+                        index = 999999  #well beyond any valid table index
 
-        inodes = []
+                index_names[index] = name
+    
+        return index_names
+
+    def _find_and_parse_index_file(self): 
+        is_32, paths32, paths64 = self.get_unistd_paths()
+
+        index_tables = {"32bit" : {}, "64bit" : {}}
+
+        find_file = linux_find_file.linux_find_file(self._config)
         for (_, _, file_path, file_dentry) in find_file.walk_sbs():
-            ents = file_path.split("/") 
-            if len(ents) > 1 and ents[-1] == header_path:
-                inode = file_dentry.d_inode
-                inodes.append(inode)
+            # stop enumerating files (slow) once we find our wanted information 
+            if (is_32 and len(index_tables["32bit"].keys()) > 0) or \
+                (len(index_tables["32bit"].keys()) > 0 and len(index_tables["64bit"].keys()) > 0):
+                break
+
+            elif file_path in paths32:
+                table = "32bit"
+                paths32.remove(file_path)
+
+            elif file_path in paths64:
+                table = "64bit"
+                paths64.remove(file_path)
+
+            else:
+                continue
 
-        ret = None
-        for inode in inodes:
             buf = ""
+            inode = file_dentry.d_inode
             for page in find_file.get_file_contents(inode):
                 buf = buf + page
             
-            if len(buf) > 4096:
-                ret = buf
-                break
+            if len(buf) < 1024:
+                continue
 
-        return ret
+            index_tables[table] = self._parse_index_file(buf) 
+
+        return index_tables
 
     def calculate(self):
         """ 
@@ -285,15 +300,7 @@ def calculate(self):
         if not has_distorm:
             debug.warning("distorm not installed. The best method to calculate the system call table size will not be used.")
                         
-        if self._config.SYSCALL_INDEXES:
-            if not os.path.exists(self._config.SYSCALL_INDEXES):
-                debug.error("Given syscall indexes file does not exist!")
-
-            index_lines = open(self._config.SYSCALL_INDEXES, "r").read()
-        else:
-            index_lines = None
-
-        for (tableaddr, table_name, i, idx_name, call_addr, sym_name, hooked) in self.get_syscalls(index_lines, True): 
+        for (tableaddr, table_name, i, idx_name, call_addr, sym_name, hooked) in self.get_syscalls(None, True, True): 
             yield (tableaddr, table_name, i, idx_name, call_addr, sym_name, hooked)
  
     def unified_output(self, data):

From 2da5aec5ce173acac50a3040b2f0d6d953a91302 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 17 Aug 2017 22:57:27 -0500
Subject: [PATCH 144/304] Linux - update system call API

---
 volatility/plugins/linux/check_syscall.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/linux/check_syscall.py b/volatility/plugins/linux/check_syscall.py
index c20431e0b..a85879fac 100644
--- a/volatility/plugins/linux/check_syscall.py
+++ b/volatility/plugins/linux/check_syscall.py
@@ -222,6 +222,8 @@ def get_syscalls(self, index_info = None, get_hidden = False, compute_name = Tru
                 yield (tableaddr, table_name, i, idx_name, call_addr, sym_name, hooked)
 
     def get_unistd_paths(self):
+        linux_common.set_plugin_members(self)
+        
         if self.profile.metadata.get('memory_model', '32bit') == "32bit":
             is_32 = True
             paths32 = ["/usr/include/i386-linux-gnu/asm/unistd_32.h", "/usr/include/asm/unistd_32.h"]
@@ -233,7 +235,7 @@ def get_unistd_paths(self):
 
         return is_32, paths32, paths64
 
-    def _parse_index_file(self, index_lines):
+    def parse_index_file(self, index_lines):
         index_names = {}
 
         for line in index_lines.split("\n"): 
@@ -286,7 +288,7 @@ def _find_and_parse_index_file(self):
             if len(buf) < 1024:
                 continue
 
-            index_tables[table] = self._parse_index_file(buf) 
+            index_tables[table] = self.parse_index_file(buf) 
 
         return index_tables
 

From 75f7d9fc21c05f739b832f829aef2536ef7d2e1b Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Fri, 18 Aug 2017 12:24:13 -0500
Subject: [PATCH 145/304] computers suck

---
 volatility/plugins/overlays/mac/mac.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index d80f9c32a..85acecc53 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -352,7 +352,7 @@ def _get_next_page(self, memq):
             if p & 0x80000000 != 0:
                 vm_pages_ptr = self.obj_vm.profile.get_symbol("_vm_pages")
                 vm_pages_addr = obj.Object("unsigned long long", offset = vm_pages_ptr, vm = self.obj_vm)
-                ret_addr = vm_pages_addr + ((p & ~0x80000000) * 8)
+                ret_addr = vm_pages_addr + ((p & ~0x80000000) * self.obj_vm.profile.get_obj_size("vm_page"))
             else:
                 ret_addr = (p << 6) + 0xffffff7f80000000  
 

From 473fd0d1aaf96f856d54bac61a19af78e96f14b8 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Fri, 18 Aug 2017 12:48:45 -0500
Subject: [PATCH 146/304] Mac - update check_fop through Sierra

---
 volatility/plugins/mac/check_fop.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/mac/check_fop.py b/volatility/plugins/mac/check_fop.py
index c869e6231..d36478b0e 100644
--- a/volatility/plugins/mac/check_fop.py
+++ b/volatility/plugins/mac/check_fop.py
@@ -43,7 +43,9 @@ def _walk_vfstbllist(self, kaddr_info):
         table_ptr = self.addr_space.profile.get_symbol("_vfstbllist")
         table = obj.Object(theType = "Array", targetType = "vfstable", offset = table_ptr, count = table_size, vm = self.addr_space) 
         vfs_op_members = self.profile.types['vfsops'].keywords["members"].keys()
-        vfs_op_members.remove("vfs_reserved")
+        
+        if "vfs_reserved" in vfs_op_members:
+            vfs_op_members.remove("vfs_reserved")
 
         for vfs in table:
             if not vfs.is_valid():

From 7dee89a83a145333ba32f3dae4cb1aac2184802e Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Fri, 18 Aug 2017 15:05:16 -0500
Subject: [PATCH 147/304] Mac - update vtype generation for typedefs and update
 check_mig_table to use new type when available

---
 tools/mac/convert.py                      | 21 +++++++++++++++++-
 volatility/plugins/mac/check_mig_table.py | 26 +++++++++++++++--------
 2 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/tools/mac/convert.py b/tools/mac/convert.py
index 270bf9169..cc7831c27 100755
--- a/tools/mac/convert.py
+++ b/tools/mac/convert.py
@@ -46,12 +46,13 @@ def __init__(self):
         self.all_local_vars = []
         self.local_vars = []
         self.anons = 0
+        self.typedefs = {}
 
     def resolve(self, memb):
         """Lookup anonymouse member and replace it with a well known one."""
         # Reference to another type
+        
         if isinstance(memb, str) and memb.startswith('<'):
-
             try:
                 resolved = self.id_to_name[memb[1:]]
             except:
@@ -67,6 +68,22 @@ def resolve(self, memb):
 
         return ret
 
+    def fix_typedefs(self):
+        tmp_types = self.vtypes.copy()
+        
+        for vname,vdata in tmp_types.items():
+            if vname.startswith("__unnamed_"):
+                statement_id = vname.split("_")[3]
+                
+                if statement_id in self.typedefs:
+                    tmp_types[self.typedefs[statement_id]] = vdata
+                else:
+                    tmp_types[vname] = vdata
+            else:
+                tmp_types[vname] = vdata
+
+        return tmp_types
+
     def resolve_refs(self):
         """Replace references with types."""
         for v in self.vtypes:
@@ -228,6 +245,7 @@ def process_statement(self, kind, level, data, statement_id):
         elif kind == 'TAG_typedef':
             try:
                 self.id_to_name[statement_id] = data['AT_type']
+                self.typedefs[data['AT_type'].replace("<","").replace(">","")] = data['AT_name']
             except:
                 self.id_to_name[statement_id] = ['void']
 
@@ -333,6 +351,7 @@ def process_variable(self, data):
     def finalize(self):
         """Finalize the output."""
         if self.vtypes:
+            self.vtypes = self.fix_typedefs()
             self.vtypes = self.resolve_refs()
             self.all_vtypes.update(self.vtypes)
         if self.vars:
diff --git a/volatility/plugins/mac/check_mig_table.py b/volatility/plugins/mac/check_mig_table.py
index 8c26e8e16..13e4a8283 100644
--- a/volatility/plugins/mac/check_mig_table.py
+++ b/volatility/plugins/mac/check_mig_table.py
@@ -35,18 +35,26 @@ class mac_check_mig_table(common.AbstractMacCommand):
     def calculate(self):
         common.set_plugin_members(self)
        
-        # we can't use an array as the size of mig_hash_entry
-        # depends on if MAC_COUNTERS is set, which changes between kernels
-        # mig_table_max_displ is declared directly after mig_buckets
-        # which allows us to calculate the size of each entry dynamically
- 
-        di_addr = self.addr_space.profile.get_symbol("_mig_table_max_displ")
+        n = 1024
         mig_buckets_addr = self.addr_space.profile.get_symbol("_mig_buckets")
 
-        ele_size = (di_addr - mig_buckets_addr) / 1024 
+        if self.addr_space.profile.has_type("mig_hash_t"):
+            ele_size = self.addr_space.profile.get_obj_size("mig_hash_t")
+            
+            ele_type = "mig_hash_t"
+       
+        else:
+            # we can't use an array as the size of mig_hash_entry
+            # depends on if MAC_COUNTERS is set, which changes between kernels
+            # mig_table_max_displ is declared directly after mig_buckets
+            # which allows us to calculate the size of each entry dynamically
+            di_addr  = self.addr_space.profile.get_symbol("_mig_table_max_displ")
+            ele_size = (di_addr - mig_buckets_addr) / n
+            
+            ele_type = "mig_hash_entry"
 
-        for i in range(1024):
-            entry = obj.Object("mig_hash_entry", offset = mig_buckets_addr + (i * ele_size), vm = self.addr_space)
+        for i in range(n):
+            entry = obj.Object(ele_type, offset = mig_buckets_addr + (i * ele_size), vm = self.addr_space)
 
             if entry.routine == 0:
                 continue

From cd979ae1139031752d2c20a482de79dc4229527f Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Fri, 18 Aug 2017 15:57:48 -0500
Subject: [PATCH 148/304] Mac - update zone enumeration and handling

---
 volatility/plugins/mac/list_zones.py   | 20 +++++++++++++-------
 volatility/plugins/overlays/mac/mac.py |  6 +++++-
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/volatility/plugins/mac/list_zones.py b/volatility/plugins/mac/list_zones.py
index a958d9d33..07184ec76 100644
--- a/volatility/plugins/mac/list_zones.py
+++ b/volatility/plugins/mac/list_zones.py
@@ -28,7 +28,6 @@
 import volatility.plugins.mac.common as common
 from volatility.renderers import TreeGrid
 
-
 class mac_list_zones(common.AbstractMacCommand):
     """ Prints active zones """
 
@@ -36,14 +35,21 @@ def calculate(self):
         common.set_plugin_members(self)
 
         first_zone_addr = self.addr_space.profile.get_symbol("_first_zone")
+        if first_zone_addr:
+            zone_ptr = obj.Object("Pointer", offset = first_zone_addr, vm = self.addr_space)
+            zone = zone_ptr.dereference_as("zone")
 
-        zone_ptr = obj.Object("Pointer", offset = first_zone_addr, vm = self.addr_space)
-        zone = zone_ptr.dereference_as("zone")
+            while zone:
+                yield zone
+                zone = zone.next_zone       
+        else:
+            zone_ptr = self.addr_space.profile.get_symbol("_zone_array")
+            zone_arr = obj.Object(theType="Array", targetType="zone", vm = self.addr_space, count = 256, offset = zone_ptr)
 
-        while zone:
-            yield zone
-            zone = zone.next_zone       
- 
+            for zone in zone_arr:
+                if zone.is_valid():
+                    yield zone
+    
     def unified_output(self, data):
         return TreeGrid([("Name", str),
                          ("Active Count", int),
diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 85acecc53..b7aff7c77 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -132,13 +132,14 @@ def modification(self, profile):
 
 mig_vtypes_64 = {
     'mig_hash_entry' : [24, {
-         'num'       : [0, ['long long']],
+         'num'       : [0, ['int']],
          'routine'   : [8, ['pointer', ['void']]],
          'size'      : [16, ['int']],  
          'callcount' : [20, ['unsigned int']],  
          }],
 }
 
+
 class MigTypes(obj.ProfileModification):
     conditions = {"os" : lambda x : x in ["mac"]}
 
@@ -1322,6 +1323,9 @@ def walk_list(self, list_head):
             p = p.tasks.prev.dereference_as("task")
 
 class zone(obj.CType):
+    def is_valid(self):
+        return self.elem_size > 0
+    
     def _get_from_active_zones(self):
         ret = []
         first_elem = self.active_zones

From 108c2052a37a21edba13eda637d2a32664d05f19 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Fri, 18 Aug 2017 16:03:50 -0500
Subject: [PATCH 149/304] Mac - update vm_map alias member mapping

---
 volatility/plugins/mac/threads.py      |  6 +++---
 volatility/plugins/overlays/mac/mac.py | 13 +++++++++----
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/volatility/plugins/mac/threads.py b/volatility/plugins/mac/threads.py
index a8e95331d..57d40fd36 100644
--- a/volatility/plugins/mac/threads.py
+++ b/volatility/plugins/mac/threads.py
@@ -216,7 +216,7 @@ def get_stack_map(self, proc, proc_threads, bit_string):
 
         for map in proc.get_proc_maps():
             vm_map_start = map.links.start
-            map_type = str(dict_alias.get(int(map.alias), "UNKNOWN"))
+            map_type = str(dict_alias.get(int(map.range_alias()), "UNKNOWN"))
             map_path = map.get_path()
 
             # see if map is a STACK (not a STACK_GUARD), if so which thread it belongs to
@@ -242,13 +242,13 @@ def get_stack_map(self, proc, proc_threads, bit_string):
                 # Based on the vmmap command:
                  # current map is a stack marked as thread, then mark previous map with thread id if stack
                     prev_proc, prev_map, prev_map_path = maps.pop()
-                    if str(dict_alias.get(int(prev_map.alias), "UNKNOWN")) == "VM_MEMORY_STACK" and prev_map.get_perms() != "---" and "thread" not in prev_map_path:
+                    if str(dict_alias.get(int(prev_map.range_alias()), "UNKNOWN")) == "VM_MEMORY_STACK" and prev_map.get_perms() != "---" and "thread" not in prev_map_path:
                         prev_map_path = "thread id {0}".format(stack_thread_id)
                     maps.append((prev_proc, prev_map, prev_map_path))
                 else:
                  # if previous map is a stack marked as thread, then mark current map with thread id
                     prev_proc, prev_map, prev_map_path = maps.pop()
-                    if str(dict_alias.get(int(prev_map.alias), "UNKNOWN")) == "VM_MEMORY_STACK" and prev_map.get_perms() != "---" and "thread" in prev_map_path:
+                    if str(dict_alias.get(int(prev_map.range_alias()), "UNKNOWN")) == "VM_MEMORY_STACK" and prev_map.get_perms() != "---" and "thread" in prev_map_path:
                         map_path = "thread id {0}".format(stack_thread_id)
                     maps.append((prev_proc, prev_map, prev_map_path))
 
diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index b7aff7c77..6cdde51f4 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1458,13 +1458,18 @@ def get_perms(self):
                 perms = perms + "-"
 
         return perms
+    
+    def range_alias(self):
+        if hasattr(self, "alias"):
+            ret = self.alias.v()
+        else:
+            ret = self.vme_offset.v() & 0xfff
+
+        return ret
 
     # used to find heap, stack, etc.
     def get_special_path(self):
-        if hasattr(self, "alias"):
-            check = self.alias.v()
-        else:
-            check = self.vme_offset.v() & 0xfff
+        check = self.range_alias()
 
         if 0 < check < 10:
             ret = "[heap]"

From 8edf2c64beffa40bf5ffb5c138a7da3edf0cc77d Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Fri, 18 Aug 2017 16:10:44 -0500
Subject: [PATCH 150/304] Mac - update threads_simple to print the current
 priority instead of the base

---
 volatility/plugins/mac/threads_simple.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/mac/threads_simple.py b/volatility/plugins/mac/threads_simple.py
index b6b599643..0fee3c76c 100644
--- a/volatility/plugins/mac/threads_simple.py
+++ b/volatility/plugins/mac/threads_simple.py
@@ -63,7 +63,7 @@ def generator(self, data):
                     int(proc.p_pid),
                     str(proc.p_comm),
                     str(th.start_time()),
-                    int(th.priority),
+                    int(th.sched_pri),
                     Address(func_addr),
                     str(handler),
                     ])
@@ -93,6 +93,6 @@ def render_text(self, outfd, data):
                 
                 self.table_row(outfd, proc.p_pid, proc.p_comm, 
                     th.start_time(), 
-                    th.priority, 
+                    th.sched_pri, 
                     func_addr, handler)
    

From 375ab769bb6753d6e2d5a0236716e5d381ccd73c Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 24 Aug 2017 12:17:56 -0500
Subject: [PATCH 151/304] Mac - update get_profile with latest profiles

---
 volatility/plugins/mac/get_profile.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index 0eb1492ba..9fde3c387 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -41,6 +41,7 @@
 ["MacYosemite_10_10_5_14F1912x64", 18446743523963609312, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F2009_14F2109x64", 18446743523963609536, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F2315x64", 18446743523963601344, 18446743523964534784, 1],
+["MacYosemite_10_10_5_14F2511x64", 18446743523963610096, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F27x64", 18446743523963608608, 18446743523964534784, 1],
 ["MacYosemite_10_10_14A389_14B25x64", 18446743523963612480, 18446743523964534784, 1],
 ["MacElCapitan_10_11_1_15B42x64", 18446743523963517744, 18446743523964555264, 1],
@@ -52,6 +53,8 @@
 ["MacElCapitan_10_11_6_15G1212x64", 18446743523963503888, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1217x64", 18446743523963503456, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1421x64", 18446743523963503440, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G1510x64", 18446743523963503632, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G1611x64", 18446743523963517424, 18446743523964555264, 1],
 ["MacElCapitan_10_11_15A284x64", 18446743523963516960, 18446743523964547072, 1],
 ["MacSierra_10_12_0_16A323x64", 18446743523963569392, 18446743523964379136, 1],
 ["MacSierra_10_12_1_16B2657x64", 18446743523963568512, 18446743523964379136, 1],
@@ -59,6 +62,8 @@
 ["MacSierra_10_12_2_16C67x64", 18446743523963567232, 18446743523964379136, 1],
 ["MacSierra_10_12_3_16D32x64", 18446743523963567520, 18446743523964379136, 1],
 ["MacSierra_10_12_4_16E195x64", 18446743523963564384, 18446743523964379136, 1],
+["MacSierra_10_12_5_16F73x64", 18446743523963562144, 18446743523964379136, 1],
+["MacSierra_10_12_6_16G29x64", 18446743523963561936, 18446743523964379136, 1],
 ["MacLeopard_10_5_3_Intelx86", 4850472, 1708032, 0],
 ["MacLeopard_10_5_4_Intelx86", 4850488, 1708032, 0],
 ["MacLeopard_10_5_5_Intelx86", 4850568, 1708032, 0],

From f07a3119ac5fad965790bec6a1b1e8252c95efd8 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 7 Sep 2017 17:20:11 -0500
Subject: [PATCH 152/304] Mac - protect against stale Catfish entries in DTB
 scanning

---
 volatility/plugins/overlays/mac/mac.py | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 6cdde51f4..68c9076b7 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -229,20 +229,27 @@ def _get_dtb_pre_m_lion(self):
     def _get_dtb_m_lion(self):
         tbl = self.obj_vm.profile.sys_map["kernel"]
         config = self.obj_vm.get_config()
-
+        
         if config.SHIFT:
             shift_address = config.SHIFT
         else:
+            ver_addr = tbl["_version"][0][0] - 0xffffff8000000000
+
             scanner = catfishScan(needles = ["Catfish \x00\x00"])
             for catfish_offset in scanner.scan(self.obj_vm):
-                shift_address = catfish_offset - (tbl["_lowGlo"][0][0] % 0xFFFFFF80)
-                break
+                tmp_shift_address = catfish_offset - (tbl["_lowGlo"][0][0] % 0xFFFFFF80)
+                tmp_ver_addr  = ver_addr + tmp_shift_address 
+                
+                test_buf = self.obj_vm.zread(tmp_ver_addr, 16)
+                if test_buf and test_buf.startswith("Darwin"):
+                    shift_address = tmp_shift_address
+                    break
 
         self.obj_vm.profile.shift_address = shift_address
 
         bootpml4 = (tbl["_BootPML4"][0][0] % 0xFFFFFF80) + shift_address
         boot_pml4_dtb = amd64.AMD64PagedMemory(self.obj_vm, config, dtb = bootpml4)
-      
+     
         idlepml4_addr = (tbl['_IdlePML4'][0][0]) + shift_address
         idlepml4_ptr = obj.Object("unsigned int", offset = idlepml4_addr, vm = boot_pml4_dtb)
 
@@ -251,12 +258,12 @@ def _get_dtb_m_lion(self):
     def generate_suggestions(self):
         profile = self.obj_vm.profile
         bootpml = profile.get_symbol("_BootPML4")
-        
-        if bootpml:        
+
+        if bootpml:
             ret = self._get_dtb_m_lion()
         else:
             ret = self._get_dtb_pre_m_lion()                  
-        
+
         yield ret
 
 class VolatilityMacIntelValidAS(obj.VolatilityMagic):

From 49566255c9a98488bd4c87da413cffa6cc33456b Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Fri, 8 Sep 2017 12:42:05 -0500
Subject: [PATCH 153/304] Add support for enumerating the 32bit modules in a
 wow64 process

---
 .../plugins/overlays/windows/pe_vtypes.py     | 64 +++++++++++++++++++
 .../plugins/overlays/windows/windows.py       | 54 +++++++++++++---
 volatility/plugins/taskmods.py                |  2 -
 3 files changed, 109 insertions(+), 11 deletions(-)

diff --git a/volatility/plugins/overlays/windows/pe_vtypes.py b/volatility/plugins/overlays/windows/pe_vtypes.py
index f4ea785ba..276f38179 100644
--- a/volatility/plugins/overlays/windows/pe_vtypes.py
+++ b/volatility/plugins/overlays/windows/pe_vtypes.py
@@ -1007,3 +1007,67 @@ def modification(self, profile):
             '_VS_VERSION_INFO': _VS_VERSION_INFO,
             'VerStruct': VerStruct,
             })
+
+peb32_vtypes = {
+   '_PEB32_LDR_DATA': [48, {
+        "Length": [0, ['unsigned long']],
+        "Initialized": [4, ['unsigned char']],
+        "SsHandle": [8, ['pointer32', ['void']]],
+        "InLoadOrderModuleList": [12, ['LIST_ENTRY32']],
+        "InMemoryOrderModuleList": [20, ['LIST_ENTRY32']],
+        "InInitializationOrderModuleList": [28, ['LIST_ENTRY32']],
+        "EntryInProgress": [36, ['pointer32', ['void']]],
+        "ShutdownInProgress": [40, ['unsigned char']],
+        "ShutdownThreadId": [44, ['pointer32', ['void']]],
+    }],
+    '_LDR32_DATA_TABLE_ENTRY': [76, {
+        "InLoadOrderLinks": [0, ['LIST_ENTRY32']],
+        "InMemoryOrderLinks": [8, ['LIST_ENTRY32']],
+        "InInitializationOrderLinks": [16, ['LIST_ENTRY32']],
+        "DllBase": [24, ['pointer32', ['void']]],
+        "EntryPoint": [28, ['pointer32', ['void']]],
+        "SizeOfImage": [32, ['unsigned long']],
+        "FullDllName": [36, ['_UNICODE32_STRING']],
+        "BaseDllName": [44, ['_UNICODE32_STRING']],
+        "Flags": [52, ['unsigned long']],
+        "LoadCount": [56, ['unsigned short']],
+        "TlsIndex": [58, ['unsigned short']],
+        "HashLinks": [60, ['LIST_ENTRY32']],
+        "TimeDateStamp": [68, ['unsigned long']],
+        "EntryPointActivationContext": [72, ['pointer32', ['void']]],
+    }],
+    '_UNICODE32_STRING' : [ 12, {
+        'Length' : [ 0x0, ['unsigned short']],
+        'MaximumLength' : [ 0x2, ['unsigned short']],
+        'Buffer' : [ 0x4, ['pointer32', ['unsigned short']]],
+    }],
+}
+
+peb32_overlay = {
+    '_PEB32' : [None, {
+        'Ldr' : [ None, ['pointer32', ['_PEB32_LDR_DATA']]],       
+    }],
+}
+
+ldr_loadtime_overlay = {
+   '_LDR32_DATA_TABLE_ENTRY' : [None, {
+        "LoadTime": [0x70, ['WinTimeStamp']],
+    }],
+}
+
+# apply to any 64bit version of Windows
+class WinPeb32(obj.ProfileModification):
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '64bit'}
+
+    def modification(self, profile):       
+        profile.vtypes.update(peb32_vtypes)
+        profile.merge_overlay(peb32_overlay)
+        profile.object_classes.update({"_LDR32_DATA_TABLE_ENTRY" : _LDR_DATA_TABLE_ENTRY})
+       
+        if 'LoadTime' in profile.vtypes['_LDR_DATA_TABLE_ENTRY'][1]:
+            profile.merge_overlay(ldr_loadtime_overlay)
+        
+
+
+
diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index a460ba45d..15adcc557 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -210,15 +210,18 @@ def __len__(self):
 
 class _LIST_ENTRY(obj.CType):
     """ Adds iterators for _LIST_ENTRY types """
+    def get_next_entry(self, member):
+        return self.m(member).dereference()
+    
     def list_of_type(self, type, member, forward = True, head_sentinel = True):
         if not self.is_valid():
             return
 
         ## Get the first element
         if forward:
-            nxt = self.Flink.dereference()
+            nxt = self.get_next_entry("Flink")
         else:
-            nxt = self.Blink.dereference()
+            nxt = self.get_next_entry("Blink")
 
         offset = self.obj_vm.profile.get_obj_offset(type, member)
 
@@ -240,9 +243,9 @@ def list_of_type(self, type, member, forward = True, head_sentinel = True):
             yield item
 
             if forward:
-                nxt = item.m(member).Flink.dereference()
+                nxt =  item.m(member).get_next_entry("Flink")
             else:
-                nxt = item.m(member).Blink.dereference()
+                nxt = item.m(member).get_next_entry("Blink")
 
     def __nonzero__(self):
         ## List entries are valid when both Flinks and Blink are valid
@@ -251,6 +254,11 @@ def __nonzero__(self):
     def __iter__(self):
         return self.list_of_type(self.obj_parent.obj_name, self.obj_name)
 
+# for LIST_ENTRY32, the LDR member is an unsigned long not a Pointer as regular LIST_ENTRY
+class LIST_ENTRY32(_LIST_ENTRY):
+    def get_next_entry(self, member):
+        return obj.Object("LIST_ENTRY32", offset = self.m(member).v(), vm = self.obj_vm)
+
 class WinTimeStamp(obj.NativeType):
     """Class for handling Windows Time Stamps"""
 
@@ -395,6 +403,23 @@ def Peb(self):
 
         return obj.NoneObject("Peb not found")
 
+    def Peb32(self):
+        """ Returns a _PEB object which is using the process address space.
+
+        The PEB structure is referencing back into the process address
+        space so we need to switch address spaces when we look at
+        it. This method ensure this happens automatically.
+        """
+        process_ad = self.get_process_address_space()
+        if process_ad:
+            offset = self.Wow64Process.v()
+            peb32 = obj.Object("_PEB32", offset = offset, vm = process_ad, name = "Peb32", parent = self)
+
+            if peb32.is_valid():
+                return peb32
+        
+        return obj.NoneObject("Peb32 not found")
+
     def get_process_address_space(self):
         """ Gets a process address space for a task given in _EPROCESS """
         directory_table_base = self.Pcb.DirectoryTableBase.v()
@@ -408,20 +433,29 @@ def get_process_address_space(self):
 
         return process_as
 
-    def _get_modules(self, the_list, the_type):
+    def _get_modules(self, the_list, entry_type, link_member):
         """Generator for DLLs in one of the 3 PEB lists"""
+
         if self.UniqueProcessId and the_list:
-            for l in the_list.list_of_type("_LDR_DATA_TABLE_ENTRY", the_type):
+            for l in the_list.list_of_type(entry_type, link_member):
                 yield l
 
+    def _prep_get_modules(self, list_member, link_member):
+        for module in self._get_modules(self.Peb.Ldr.m(list_member), "_LDR_DATA_TABLE_ENTRY", link_member):
+            yield module
+
+        if self.IsWow64:
+            for module in self._get_modules(self.Peb32().Ldr.m(list_member), "_LDR32_DATA_TABLE_ENTRY", link_member):
+                yield module
+
     def get_init_modules(self):
-        return self._get_modules(self.Peb.Ldr.InInitializationOrderModuleList, "InInitializationOrderLinks")
+        return self._prep_get_modules("InInitializationOrderModuleList", "InInitializationOrderLinks")
 
     def get_mem_modules(self):
-        return self._get_modules(self.Peb.Ldr.InMemoryOrderModuleList, "InMemoryOrderLinks")
+        return self._prep_get_modules("InMemoryOrderModuleList", "InMemoryOrderLinks")
 
     def get_load_modules(self):
-        return self._get_modules(self.Peb.Ldr.InLoadOrderModuleList, "InLoadOrderLinks")
+        return self._prep_get_modules("InLoadOrderModuleList", "InLoadOrderLinks")
 
     def get_token(self):
         """Return the process's TOKEN object if its valid"""
@@ -1176,7 +1210,9 @@ class WindowsObjectClasses(obj.ProfileModification):
     def modification(self, profile):
         profile.object_classes.update({
             '_UNICODE_STRING': _UNICODE_STRING,
+            '_UNICODE32_STRING': _UNICODE_STRING,
             '_LIST_ENTRY': _LIST_ENTRY,
+            'LIST_ENTRY32': LIST_ENTRY32,
             'WinTimeStamp': WinTimeStamp,
             'DosDate':DosDate,
             '_EPROCESS': _EPROCESS,
diff --git a/volatility/plugins/taskmods.py b/volatility/plugins/taskmods.py
index 528ed75d0..5d9289b42 100644
--- a/volatility/plugins/taskmods.py
+++ b/volatility/plugins/taskmods.py
@@ -80,8 +80,6 @@ def render_text(self, outfd, data):
             if task.Peb:
                 ## REMOVE this after 2.4, since we have the cmdline plugin now
                 outfd.write("Command line : {0}\n".format(str(task.Peb.ProcessParameters.CommandLine or '')))
-                if task.IsWow64:
-                    outfd.write("Note: use ldrmodules for listing DLLs in Wow64 processes\n")
                 outfd.write("{0}\n".format(str(task.Peb.CSDVersion or '')))
                 outfd.write("\n")
                 self.table_header(outfd,

From f5aabe2368a6959b178ac88a74a16858902d8720 Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Fri, 8 Sep 2017 15:42:48 -0400
Subject: [PATCH 154/304] drivermodule fixes:

crashed when supplying a base address due to missing data that
was not yielded.

also made the "ADDR" arg clearer
---
 volatility/plugins/drivermodule.py | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/volatility/plugins/drivermodule.py b/volatility/plugins/drivermodule.py
index 008218b00..4e84ba205 100644
--- a/volatility/plugins/drivermodule.py
+++ b/volatility/plugins/drivermodule.py
@@ -33,7 +33,7 @@ class drivermodule(common.AbstractWindowsCommand):
     def __init__(self, config, *args, **kwargs):
         common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
         config.add_option('ADDR', short_option = 'a', default = None,
-                          help = 'Show info on module at or containing this address',
+                          help = 'Show info on module at or containing this (base) address',
                           action = 'store', type = 'int')
  
     def calculate(self):
@@ -44,24 +44,28 @@ def calculate(self):
         mod_addrs = sorted(mods.keys())
             
         drivers = dtree.DriverIrp(self._config).calculate()    
-        found_driver = "UNKNOWN"
+        driver_name = "UNKNOWN"
+        service_key = "UNKNOWN"
+        driver_name3 = "UNKNOWN"
+        module_name = "UNKNOWN"
 
         if self._config.ADDR:
             find_address = self._config.ADDR
             
-            found_module = tasks.find_module(mods, mod_addrs, mods.values()[0].obj_vm.address_mask(find_address))
-            if found_module:
-                found_module = found_module.BaseDllName or found_module.FullDllName
-            else:
-                found_module = "UNKNOWN"
+            module_name = tasks.find_module(mods, mod_addrs, mods.values()[0].obj_vm.address_mask(find_address))
+            if module_name:
+                module_name = module_name.BaseDllName or module_name.FullDllName
 
             for driver in drivers:
                 if driver.DriverStart <= find_address < driver.DriverStart + driver.DriverSize:
                     header = driver.get_object_header()
-                    found_driver = header.NameInfo.Name
+                    driver_name = header.NameInfo.Name
+                    driver_name  = str(driver.get_object_header().NameInfo.Name or '') 
+                    service_key = str(driver.DriverExtension.ServiceKeyName or '') 
+                    driver_name3 = str(driver.DriverName or '') 
                     break
             
-            yield (found_module, found_driver)
+            yield (module_name, driver_name, service_key, driver_name3)
 
         else:                
             for driver in drivers:
@@ -70,10 +74,9 @@ def calculate(self):
                 driver_name3 = str(driver.DriverName or '')
                 
                 owning_module = tasks.find_module(mods, mod_addrs, mods.values()[0].obj_vm.address_mask(driver.DriverStart))
+                module_name = "UNKNOWN"
                 if owning_module:
                     module_name = owning_module.BaseDllName or owning_module.FullDllName
-                else:
-                    module_name = "UNKNOWN"
 
                 yield (module_name, driver_name, service_key, driver_name3)
 

From 4ac6c836cc4ae58db18beae04f7f16854efdc7de Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Fri, 8 Sep 2017 16:07:50 -0400
Subject: [PATCH 155/304] added missing definition for wchar

---
 volatility/plugins/overlays/windows/vista.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/vista.py b/volatility/plugins/overlays/windows/vista.py
index 49ea2196c..b343b8bcd 100644
--- a/volatility/plugins/overlays/windows/vista.py
+++ b/volatility/plugins/overlays/windows/vista.py
@@ -113,7 +113,8 @@ class VistaObjectClasses(obj.ProfileModification):
     def modification(self, profile):
         profile.object_classes.update({'_ETHREAD'    : _ETHREAD, 
                                        '_POOL_HEADER': _POOL_HEADER, 
-                                        '_TOKEN': _TOKEN})
+                                       '_TOKEN': _TOKEN,
+                                       'wchar': windows._UNICODE_STRING})
 
 class VistaKDBG(windows.AbstractKDBGMod):
     before = ['WindowsOverlay']

From 458f3354f0c7465b52f4be4c04e80fb460e547d6 Mon Sep 17 00:00:00 2001
From: bradley <bradley@schatzforensic.com.au>
Date: Wed, 13 Sep 2017 22:27:20 +1000
Subject: [PATCH 156/304] Shift AFF4 volatility support to contrib

---
 .../addrspaces => contrib/plugins/aspaces}/aff4.py   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)
 rename {volatility/plugins/addrspaces => contrib/plugins/aspaces}/aff4.py (98%)

diff --git a/volatility/plugins/addrspaces/aff4.py b/contrib/plugins/aspaces/aff4.py
similarity index 98%
rename from volatility/plugins/addrspaces/aff4.py
rename to contrib/plugins/aspaces/aff4.py
index e8c7ca111..803fe103c 100644
--- a/volatility/plugins/addrspaces/aff4.py
+++ b/contrib/plugins/aspaces/aff4.py
@@ -27,20 +27,21 @@
 import struct
 import volatility.obj as obj
 import volatility.addrspace as addrspace
+import volatility.plugins.addrspaces.standard as standard
+import logging
+import pyaff4
 from pyaff4 import data_store
 from pyaff4 import lexicon
 from pyaff4.container import Container
-import volatility.plugins.addrspaces.standard as standard
-import logging
-
 
 LOGGER = logging.getLogger("pyaff4")
 LOGGER.setLevel(logging.ERROR)
 
-#pylint: disable-msg=C0111
+# pylint: disable-msg=C0111
 
 zipFileHeaderMAGIC = "\x50\x4b\x03\x04"
 
+
 class AFF4AddressSpace(standard.FileAddressSpace):
     """ This AS supports AFF4 Containers """
     order = 31
@@ -123,11 +124,10 @@ def get_available_addresses(self):
                     yield res
         yield (lastOffset, lastLength)
 
-
     def is_valid_address(self, addr):
         if addr == None:
             return False
         return self.fhandle.tree.overlaps(addr)
 
     def close(self):
-        self.fhandle.close()
+        self.fhandle.close()
\ No newline at end of file

From d5b8a19ddf9dea68ac4f7d55485d3f1adc26b0a3 Mon Sep 17 00:00:00 2001
From: bradley <bradley@schatzforensic.com.au>
Date: Wed, 13 Sep 2017 22:57:24 +1000
Subject: [PATCH 157/304] Revert changes to basic.py

---
 volatility/plugins/overlays/basic.py | 40 +++++++++++-----------------
 1 file changed, 16 insertions(+), 24 deletions(-)

diff --git a/volatility/plugins/overlays/basic.py b/volatility/plugins/overlays/basic.py
index 0fcf794f1..cb7f4b766 100644
--- a/volatility/plugins/overlays/basic.py
+++ b/volatility/plugins/overlays/basic.py
@@ -211,30 +211,22 @@ class VolatilityDTB(obj.VolatilityMagic):
 
     def generate_suggestions(self):
         offset = 0
-        addresslist = sorted(self.obj_vm.get_available_addresses())
-        for range in addresslist:
-            (range_start, range_size) = range
-            offset = range_start
-            range_end = range_start + range_size
-            read_size = min(constants.SCAN_BLOCKSIZE, range_size)
-
-            data = self.obj_vm.zread(offset, read_size)
-
-            while 1:
-                found = data.find(str(self.obj_parent.DTBSignature), 0)
-                while found >= 0:
-                    proc = obj.Object("_EPROCESS", offset = offset + found,
-                                      vm = self.obj_vm)
-                    if 'Idle' in proc.ImageFileName.v():
-                        yield proc.Pcb.DirectoryTableBase.v()
-                    found = data.find(str(self.obj_parent.DTBSignature), found + 1)
-
-
-                offset += len(data)
-                if offset >= range_end:
-                    break
-                read_size = min(constants.SCAN_BLOCKSIZE, range_end - offset)
-                data = self.obj_vm.zread(offset, read_size)
+        data = self.obj_vm.zread(offset, constants.SCAN_BLOCKSIZE)
+        last_range_start, last_range_size = sorted(self.obj_vm.get_available_addresses())[-1]
+        max_offset = last_range_start + last_range_size
+        while data:
+            found = data.find(str(self.obj_parent.DTBSignature), 0)
+            while found >= 0:
+                proc = obj.Object("_EPROCESS", offset = offset + found,
+                                  vm = self.obj_vm)
+                if 'Idle' in proc.ImageFileName.v():
+                    yield proc.Pcb.DirectoryTableBase.v()
+                found = data.find(str(self.obj_parent.DTBSignature), found + 1)
+
+            offset += len(data)
+            if offset >= max_offset:
+                break 
+            data = self.obj_vm.zread(offset, constants.SCAN_BLOCKSIZE)
 
 class UnixTimeStamp(obj.NativeType):
     """Class for handling Unix Time Stamps"""

From 370839a661a98069f4f5e889c6960b72043edd50 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 14 Sep 2017 12:43:10 -0500
Subject: [PATCH 158/304] Add support for impscan 64

---
 volatility/plugins/malware/impscan.py         | 35 +++++++++++++------
 .../plugins/overlays/windows/pe_vtypes.py     | 29 +++++++++++----
 .../plugins/overlays/windows/windows.py       | 10 ++++++
 3 files changed, 57 insertions(+), 17 deletions(-)

diff --git a/volatility/plugins/malware/impscan.py b/volatility/plugins/malware/impscan.py
index 60d834ae0..f56071a12 100644
--- a/volatility/plugins/malware/impscan.py
+++ b/volatility/plugins/malware/impscan.py
@@ -117,7 +117,7 @@ def _call_or_unc_jmp(self, op):
                 op.mnemonic == "JMP"))
 
     def _vicinity_scan(self, addr_space, calls_imported,
-                apis, base_address, data_len, forward):
+                apis, base_address, data_len, is_wow64, addr_type, forward):
         """Scan forward from the lowest IAT entry found or
         backward from the highest IAT entry found. We do this 
         because not every imported function will be called 
@@ -138,7 +138,10 @@ def _vicinity_scan(self, addr_space, calls_imported,
         if not sortedlist:
             return
 
-        size_of_address = addr_space.profile.get_obj_size("address")
+        if is_wow64:
+            size_of_address = 4
+        else:
+            size_of_address = addr_space.profile.get_obj_size("address")
 
         if forward:
             start_addr = sortedlist[0]
@@ -157,7 +160,7 @@ def _vicinity_scan(self, addr_space, calls_imported,
             else:
                 next_addr = start_addr - (i * size_of_address)
 
-            call_dest = obj.Object("address", offset = next_addr,
+            call_dest = obj.Object(addr_type, offset = next_addr,
                             vm = addr_space).v()
 
             if (not call_dest or
@@ -190,7 +193,7 @@ def _original_import(self, mod_name, func_name):
         else:
             return mod_name, func_name
 
-    def call_scan(self, addr_space, base_address, data):
+    def call_scan(self, addr_space, base_address, data, is_wow64, addr_type):
         """Disassemble a block of data and yield possible 
         calls to imported functions. We're looking for 
         instructions such as these:
@@ -218,19 +221,18 @@ def call_scan(self, addr_space, base_address, data):
 
         memory_model = addr_space.profile.metadata.get('memory_model', '32bit')
 
-        if memory_model == '32bit':
+        if memory_model == '32bit' or is_wow64:
             mode = distorm3.Decode32Bits
         else:
             mode = distorm3.Decode64Bits
 
         for op in distorm3.DecomposeGenerator(base_address, data, mode):
-
             if not op.valid:
                 continue
 
             iat_loc = None
 
-            if memory_model == '32bit':
+            if memory_model == '32bit' or is_wow64:
                 if (self._call_or_unc_jmp(op) and
                         op.operands[0].type == 'AbsoluteMemoryAddress'):
                     iat_loc = (op.operands[0].disp) & 0xffffffff
@@ -246,7 +248,7 @@ def call_scan(self, addr_space, base_address, data):
                 continue
 
             # This is the address being called 
-            call_dest = obj.Object("address", offset = iat_loc,
+            call_dest = obj.Object(addr_type, offset = iat_loc,
                             vm = addr_space)
 
             if call_dest == None:
@@ -305,6 +307,9 @@ def calculate(self):
             data = kernel_space.zread(base_address, size_to_read)
             apis = self.enum_apis(all_mods)
             addr_space = kernel_space
+
+            is_wow64 = False
+
         else:
             # In process mode, we find the process by PID
             task = None
@@ -328,6 +333,7 @@ def calculate(self):
             if not all_mods:
                 debug.error("Cannot load DLLs in process AS")
 
+
             # If an address is supplied with a size, try to get
             # the size from the vad node. If neither are supplied, 
             # assume we should carve the main process executable. 
@@ -347,25 +353,32 @@ def calculate(self):
                 base_address = all_mods[0].DllBase
                 size_to_read = all_mods[0].SizeOfImage
 
+            is_wow64 = task.IsWow64
+
             data = task_space.zread(base_address, size_to_read)
             apis = self.enum_apis(all_mods)
             addr_space = task_space
 
+        if is_wow64:
+            addr_type = "int"
+        else:
+            addr_type = "address"
+
         # This is a dictionary of confirmed API calls.
         calls_imported = dict(
                 (iat, call)
-                for (_, iat, call) in self.call_scan(addr_space, base_address, data)
+                for (_, iat, call) in self.call_scan(addr_space, base_address, data, is_wow64, addr_type)
                 if call in apis
                 )
 
         # Scan forward 
         self._vicinity_scan(addr_space,
-                calls_imported, apis, base_address, len(data),
+                calls_imported, apis, base_address, len(data), is_wow64, addr_type,
                 forward = True)
 
         # Scan reverse 
         self._vicinity_scan(addr_space,
-                calls_imported, apis, base_address, len(data),
+                calls_imported, apis, base_address, len(data), is_wow64, addr_type,
                 forward = False)
 
         for iat, call in sorted(calls_imported.items()):
diff --git a/volatility/plugins/overlays/windows/pe_vtypes.py b/volatility/plugins/overlays/windows/pe_vtypes.py
index 276f38179..73872228a 100644
--- a/volatility/plugins/overlays/windows/pe_vtypes.py
+++ b/volatility/plugins/overlays/windows/pe_vtypes.py
@@ -454,7 +454,7 @@ def _nt_header(self):
         try:
             dos_header = obj.Object("_IMAGE_DOS_HEADER", offset = self.DllBase,
                                     vm = self.obj_native_vm)
-
+            
             return dos_header.get_nt_header()
         except ValueError:
             return obj.NoneObject("Failed initial sanity checks")
@@ -571,6 +571,7 @@ def exports(self):
 
         if expdir.valid(self._nt_header()):
             # Ordinal, Function RVA, and Name Object 
+
             for o, f, n in expdir._exported_functions():
                 yield o, f, n
 
@@ -751,9 +752,27 @@ def get_image(self, unsafe = False, memory = False, fix = False):
         else:
             return self._get_image_exe(unsafe, fix)
 
+class _IMAGE_NT_HEADERS64(obj.CType):
+    @property
+    def OptionalHeader(self):
+        ret = self.m("OptionalHeader")
+
+        if self.obj_vm.profile.get_obj_size("address") == 8 and self.FileHeader.Machine == 0x014c: # 32bit exe
+            ret = ret.cast("_IMAGE_OPTIONAL_HEADER32") 
+
+        return ret
+
 class _IMAGE_NT_HEADERS(obj.CType):
     """PE header"""
 
+    @property
+    def OptionalHeader(self):
+        ret = self.m("OptionalHeader")
+        if self.obj_vm.profile.get_obj_size("address") == 8 and self.FileHeader.Machine == 0x014c: # 32bit exe
+            ret = ret.cast("_IMAGE_OPTIONAL_HEADER32") 
+        
+        return ret
+
     def get_sections(self, unsafe = False):
         """Get the PE sections"""
         sect_size = self.obj_vm.profile.get_obj_size("_IMAGE_SECTION_HEADER")
@@ -1000,6 +1019,7 @@ def modification(self, profile):
             '_LDR_DATA_TABLE_ENTRY': _LDR_DATA_TABLE_ENTRY,
             '_IMAGE_DOS_HEADER': _IMAGE_DOS_HEADER,
             '_IMAGE_NT_HEADERS': _IMAGE_NT_HEADERS,
+            '_IMAGE_NT_HEADERS64': _IMAGE_NT_HEADERS64,
             '_IMAGE_SECTION_HEADER': _IMAGE_SECTION_HEADER,
             '_IMAGE_RESOURCE_DIRECTORY': _IMAGE_RESOURCE_DIRECTORY,
             '_IMAGE_RESOURCE_DIR_STRING_U': _IMAGE_RESOURCE_DIR_STRING_U,
@@ -1036,11 +1056,6 @@ def modification(self, profile):
         "TimeDateStamp": [68, ['unsigned long']],
         "EntryPointActivationContext": [72, ['pointer32', ['void']]],
     }],
-    '_UNICODE32_STRING' : [ 12, {
-        'Length' : [ 0x0, ['unsigned short']],
-        'MaximumLength' : [ 0x2, ['unsigned short']],
-        'Buffer' : [ 0x4, ['pointer32', ['unsigned short']]],
-    }],
 }
 
 peb32_overlay = {
@@ -1060,6 +1075,8 @@ class WinPeb32(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows',
                   'memory_model': lambda x: x == '64bit'}
 
+    before = ['WinPEVTypes', 'WinPEx64VTypes', 'WinPEObjectClasses']
+
     def modification(self, profile):       
         profile.vtypes.update(peb32_vtypes)
         profile.merge_overlay(peb32_overlay)
diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index 15adcc557..a916f6ed5 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -231,6 +231,7 @@ def list_of_type(self, type, member, forward = True, head_sentinel = True):
             seen.add(self.obj_offset)
 
         while nxt.is_valid() and nxt.obj_offset not in seen:
+
             ## Instantiate the object
             item = obj.Object(type, offset = nxt.obj_offset - offset,
                                     vm = self.obj_vm,
@@ -1185,6 +1186,14 @@ def get_object(self, struct_name, object_type = None, use_top_down = False, skip
 import tcpip_vtypes
 import ssdt_vtypes
 
+unicode32_vtypes = {
+  '_UNICODE32_STRING' : [ 12, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer32', ['unsigned short']]],
+  }],
+}
+
 class WindowsOverlay(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows'}
     before = ['BasicObjectClasses', 'WindowsVTypes']
@@ -1202,6 +1211,7 @@ def modification(self, profile):
         profile.vtypes.update(kdbg_vtypes.kdbg_vtypes)
         profile.vtypes.update(tcpip_vtypes.tcpip_vtypes)
         profile.vtypes.update(ssdt_vtypes.ssdt_vtypes)
+        profile.vtypes.update(unicode32_vtypes)
 
 class WindowsObjectClasses(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows'}

From 1476136618828432f3c6549a7af13106fc43a19f Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 18 Oct 2017 13:46:24 -0500
Subject: [PATCH 159/304] Windows - add property for wow64process due to member
 rename

---
 volatility/plugins/overlays/windows/windows.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index a916f6ed5..ddc5accb0 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -472,10 +472,22 @@ def get_token(self):
 
         return obj.NoneObject("Cannot get process Token")
 
+    @property
+    def Wow64Process(self):
+        if hasattr(self, "Wow64Process"):
+            ret = self.m("Wow64Process")
+        elif hasattr(self, "WoW64Process"):
+            ret = self.m("WoW64Process")
+        else:
+            ret = None
+
+        return ret
+
     @property
     def IsWow64(self):
         """Returns True if this is a wow64 process"""
-        return hasattr(self, 'Wow64Process') and self.Wow64Process.v() != 0
+        val = self.Wow64Process
+        return val and val.v() != None
 
     @property
     def SessionId(self):

From 9c91f5412712da27c3beae9758423f132a66f9f6 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Mon, 23 Oct 2017 10:13:02 -0500
Subject: [PATCH 160/304] Move unstable plugins, plugins still under
 development, and plugins maintained/supported by members of the community to
 the community repository

---
 contrib/plugins/README.md            |   1 +
 contrib/plugins/aspaces/README.md    |   1 +
 contrib/plugins/aspaces/__init__.py  |   0
 contrib/plugins/aspaces/aff4.py      | 133 ------
 contrib/plugins/aspaces/ewf.py       | 107 -----
 contrib/plugins/enumfunc.py          |  95 -----
 contrib/plugins/malware/README.md    |   1 +
 contrib/plugins/malware/__init__.py  |   0
 contrib/plugins/malware/poisonivy.py | 396 ------------------
 contrib/plugins/malware/psempire.py  |  97 -----
 contrib/plugins/malware/zeusscan.py  | 600 ---------------------------
 contrib/plugins/pagecheck.py         |  42 --
 contrib/plugins/psdispscan.py        | 182 --------
 contrib/plugins/saveconfig.py        | 163 --------
 contrib/plugins/scanprof.py          |  58 ---
 15 files changed, 3 insertions(+), 1873 deletions(-)
 create mode 100644 contrib/plugins/README.md
 create mode 100644 contrib/plugins/aspaces/README.md
 delete mode 100644 contrib/plugins/aspaces/__init__.py
 delete mode 100644 contrib/plugins/aspaces/aff4.py
 delete mode 100644 contrib/plugins/aspaces/ewf.py
 delete mode 100644 contrib/plugins/enumfunc.py
 create mode 100644 contrib/plugins/malware/README.md
 delete mode 100644 contrib/plugins/malware/__init__.py
 delete mode 100644 contrib/plugins/malware/poisonivy.py
 delete mode 100644 contrib/plugins/malware/psempire.py
 delete mode 100644 contrib/plugins/malware/zeusscan.py
 delete mode 100644 contrib/plugins/pagecheck.py
 delete mode 100644 contrib/plugins/psdispscan.py
 delete mode 100644 contrib/plugins/saveconfig.py
 delete mode 100644 contrib/plugins/scanprof.py

diff --git a/contrib/plugins/README.md b/contrib/plugins/README.md
new file mode 100644
index 000000000..8ece0a8d0
--- /dev/null
+++ b/contrib/plugins/README.md
@@ -0,0 +1 @@
+Plugins in this directory have moved. Please see the github.com/volatilityfoundation/community repository.
diff --git a/contrib/plugins/aspaces/README.md b/contrib/plugins/aspaces/README.md
new file mode 100644
index 000000000..8ece0a8d0
--- /dev/null
+++ b/contrib/plugins/aspaces/README.md
@@ -0,0 +1 @@
+Plugins in this directory have moved. Please see the github.com/volatilityfoundation/community repository.
diff --git a/contrib/plugins/aspaces/__init__.py b/contrib/plugins/aspaces/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/contrib/plugins/aspaces/aff4.py b/contrib/plugins/aspaces/aff4.py
deleted file mode 100644
index 803fe103c..000000000
--- a/contrib/plugins/aspaces/aff4.py
+++ /dev/null
@@ -1,133 +0,0 @@
-# Volatility
-# AFF4 Standard v1 memory image reader
-# Based on WindowsCrashDumpSpace32
-#
-# Copyright (C) 2017 Schatz Forensic
-#
-# Authors:
-# bradley@schatzforensic.com (Bradley Schatz)
-#
-# This file is part of Volatility.
-#
-# Volatility is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Volatility is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-""" An AS for processing crash dumps """
-import struct
-import volatility.obj as obj
-import volatility.addrspace as addrspace
-import volatility.plugins.addrspaces.standard as standard
-import logging
-import pyaff4
-from pyaff4 import data_store
-from pyaff4 import lexicon
-from pyaff4.container import Container
-
-LOGGER = logging.getLogger("pyaff4")
-LOGGER.setLevel(logging.ERROR)
-
-# pylint: disable-msg=C0111
-
-zipFileHeaderMAGIC = "\x50\x4b\x03\x04"
-
-
-class AFF4AddressSpace(standard.FileAddressSpace):
-    """ This AS supports AFF4 Containers """
-    order = 31
-
-    def __init__(self, base, config, **kwargs):
-        standard.FileAddressSpace.__init__(self, base, config, layered=True)
-
-        # Must be stacked on a Raw file based image
-        self.as_assert(base, "No base address space provided")
-
-        # Must start with the a Zip File Header
-        self.as_assert((base.read(0, 4) == zipFileHeaderMAGIC), "Header signature invalid")
-
-        # Cant stack an AFF4 image on another AFF4 images
-        self.as_assert(type(base) != AFF4AddressSpace, "Cant stack AFF4 addressspace on same")
-        self.fhandle = Container.open(self.name)
-        self.fsize = self.fhandle.Size()
-        self.fhandle.seek(0)
-        dtb = self.fhandle.parent.getDTB()
-        if dtb != 0:
-            self.dtb = dtb
-
-    def write(self, _addr, _buf):
-        if not self._config.WRITE:
-            return False
-        raise NotImplementedError("Write support is not implemented for AFF4 containers")
-
-    def get_header(self):
-        return self.header
-
-    def fread(self, length):
-        length = int(length)
-        return self.fhandle.read(length)
-
-    def read(self, addr, length):
-        addr, length = int(addr), int(length)
-        try:
-            self.fhandle.seek(addr)
-        except (IOError, OverflowError):
-            return None
-        data = self.fhandle.read(length)
-        if len(data) == 0:
-            return None
-        return data
-
-    def zread(self, addr, length):
-        data = self.read(addr, length)
-        if data is None:
-            data = "\x00" * length
-        elif len(data) != length:
-            data += "\x00" * (length - len(data))
-
-        return data
-
-    def read_long(self, addr):
-        string = self.read(addr, 4)
-        longval, = self._long_struct.unpack(string)
-        return longval
-
-    def get_available_addresses(self):
-        """ This returns the ranges  of valid addresses """
-        lastOffset = -1
-        lastLength = -1
-        for run in self.fhandle.GetRanges():
-            offset = run.map_offset
-            length = run.length
-            if lastOffset == -1:
-                lastOffset = offset
-                lastLength = length
-            else:
-                if lastOffset + lastLength == offset:
-                    # merge the two
-                    lastLength = lastLength + length
-                    continue
-                else:
-                    # emit the last
-                    res = (lastOffset, lastLength)
-                    lastOffset = offset
-                    lastLength = length
-                    yield res
-        yield (lastOffset, lastLength)
-
-    def is_valid_address(self, addr):
-        if addr == None:
-            return False
-        return self.fhandle.tree.overlaps(addr)
-
-    def close(self):
-        self.fhandle.close()
\ No newline at end of file
diff --git a/contrib/plugins/aspaces/ewf.py b/contrib/plugins/aspaces/ewf.py
deleted file mode 100644
index 0364d3099..000000000
--- a/contrib/plugins/aspaces/ewf.py
+++ /dev/null
@@ -1,107 +0,0 @@
-""" This Address Space allows us to open ewf files """
-
-#pylint: disable-msg=C0111
-
-from ctypes import CDLL, c_char_p, c_int, pointer, c_ulonglong, c_ulong, create_string_buffer
-import ctypes.util
-import volatility.plugins.addrspaces.standard as standard
-
-possible_names = ['libewf-1', 'ewf', ]
-for name in possible_names:
-    resolved = ctypes.util.find_library(name)
-    if resolved:
-        break
-
-if resolved:
-    libewf = CDLL(resolved)
-
-if not resolved or not libewf._name:
-    libewf = None
-
-class ewffile(object):
-    """ A file like object to provide access to the ewf file """
-    def __init__(self, volumes):
-        if isinstance(volumes, str):
-            volumes = [volumes, ]
-
-        volume_array = c_char_p * len(volumes)
-        self.handle = libewf.libewf_open(volume_array(*volumes), c_int(len(volumes)),
-                                         c_int(1))
-        if self.handle == 0:
-            raise RuntimeError("Unable to open ewf file")
-
-        self.readptr = 0
-        size_p = pointer(c_ulonglong(0))
-        libewf.libewf_get_media_size(self.handle, size_p)
-        self.size = size_p.contents.value
-
-    def seek(self, offset, whence = 0):
-        if whence == 0:
-            self.readptr = offset
-        elif whence == 1:
-            self.readptr += offset
-        elif whence == 2:
-            self.readptr = self.size + offset
-
-        self.readptr = min(self.readptr, self.size)
-
-    def tell(self):
-        return self.readptr
-
-    def read(self, length):
-        buf = create_string_buffer(length)
-        length = libewf.libewf_read_random(self.handle, buf,
-                                           c_ulong(length),
-                                           c_ulonglong(self.readptr))
-
-        return buf.raw[:length]
-
-    def close(self):
-        libewf.libewf_close(self.handle)
-
-    def get_headers(self):
-        properties = ["case_number", "description", "examinier_name",
-                      "evidence_number", "notes", "acquiry_date",
-                      "system_date", "acquiry_operating_system",
-                      "acquiry_software_version", "password",
-                      "compression_type", "model", "serial_number", ]
-
-        ## Make sure we parsed all headers
-        libewf.libewf_parse_header_values(self.handle, c_int(4))
-        result = {'size': self.size}
-        buf = create_string_buffer(1024)
-        for p in properties:
-            libewf.libewf_get_header_value(self.handle, p, buf, 1024)
-            result[p] = buf.value
-
-        ## Get the hash
-        if libewf.libewf_get_md5_hash(self.handle, buf, 16) == 1:
-            result['md5'] = buf.raw[:16]
-
-        return result
-
-def ewf_open(volumes):
-    return ewffile(volumes)
-
-class EWFAddressSpace(standard.FileAddressSpace):
-    """ An EWF capable address space.
-
-    In order for us to work we need:
-    1) There must be a base AS.
-    2) The first 6 bytes must be 45 56 46 09 0D 0A (EVF header)
-    """
-    order = 20
-    def __init__(self, base, config, **kwargs):
-        self.as_assert(libewf, "No libEWF implementation found")
-        standard.FileAddressSpace.__init__(self, base, config, layered = True)
-        self.as_assert(base, "No base address space provided")
-        self.as_assert(base.read(0, 6) == "\x45\x56\x46\x09\x0D\x0A", "EWF signature not present")
-        self.fhandle = ewf_open([self.name])
-        self.fhandle.seek(0, 2)
-        self.fsize = self.fhandle.tell()
-        self.fhandle.seek(0)
-
-    def write(self, _addr, _buf):
-        if not self._config.WRITE:
-            return False
-        raise NotImplementedError("Write support is not yet implemented for EWF files")
diff --git a/contrib/plugins/enumfunc.py b/contrib/plugins/enumfunc.py
deleted file mode 100644
index 79c8a4a18..000000000
--- a/contrib/plugins/enumfunc.py
+++ /dev/null
@@ -1,95 +0,0 @@
-# Volatility
-# Copyright (c) 2012 Michael Ligh (michael.ligh@mnin.org)
-#
-# This file is part of Volatility.
-#
-# Volatility is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Volatility is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-import volatility.plugins.taskmods as taskmods
-import volatility.utils as utils
-import volatility.win32.tasks as tasks
-import volatility.win32.modules as modules
-import volatility.plugins.filescan as filescan
-import volatility.plugins.modscan as modscan
-
-class EnumFunc(taskmods.DllList):
-    """Enumerate imported/exported functions"""
-
-    def __init__(self, config, *args, **kwargs):
-        taskmods.DllList.__init__(self, config, *args, **kwargs)
-        config.remove_option("PID")
-        config.remove_option("OFFSET")
-        config.add_option("SCAN", short_option = 's', default = False,
-                          action = 'store_true', help = 'Scan for objects')
-        config.add_option("PROCESS-ONLY", short_option = 'P', default = False,
-                          action = 'store_true', help = 'Process only')
-        config.add_option("KERNEL-ONLY", short_option = 'K', default = False,
-                          action = 'store_true', help = 'Kernel only')
-        config.add_option("IMPORT-ONLY", short_option = 'I', default = False,
-                          action = 'store_true', help = 'Imports only')
-        config.add_option("EXPORT-ONLY", short_option = 'E', default = False,
-                          action = 'store_true', help = 'Exports only')
-
-    def calculate(self):
-        addr_space = utils.load_as(self._config)
-
-        tasklist = []
-        modslist = []
-
-        if self._config.SCAN:
-            if not self._config.KERNEL_ONLY:
-                for t in filescan.PSScan(self._config).calculate():
-                    v = self.virtual_process_from_physical_offset(addr_space, t.obj_offset)
-                    if v:
-                        tasklist.append(v)
-            if not self._config.PROCESS_ONLY:
-                modslist = [m for m in modscan.ModScan(self._config).calculate()]
-        else:
-            if not self._config.KERNEL_ONLY:
-                tasklist = [t for t in tasks.pslist(addr_space)]
-            if not self._config.PROCESS_ONLY:
-                modslist = [m for m in modules.lsmod(addr_space)]
-
-        for task in tasklist:
-            for mod in task.get_load_modules():
-                yield task, mod
-
-        for mod in modslist:
-            yield None, mod
-
-    def render_text(self, outfd, data):
-
-        outfd.write("{0:<20} {1:<10} {2:<20} {3:<10} {4:<20} {5}\n".format(
-                "Process", "Type", "Module", "Ordinal", "Address", "Name"))
-
-        for process, module in data:
-            if not self._config.IMPORT_ONLY:
-                for o, f, n in module.exports():
-                    outfd.write("{0:<20} {1:<10} {2:<20} {3:<10} {4:#018x} {5}\n".format(
-                            process.ImageFileName if process else "<KERNEL>",
-                            "Export", module.BaseDllName,
-                            o,
-                            (module.DllBase + f) if f else 0, # None if forwarded 
-                            n or '' # None if paged
-                            ))
-            if not self._config.EXPORT_ONLY:
-                for dll, o, f, n in module.imports():
-                    outfd.write("{0:<20} {1:<10} {2:<20} {3:<10} {4:#018x} {5}\n".format(
-                            process.ImageFileName if process else "<KERNEL>",
-                            "Import", module.BaseDllName,
-                            o,
-                            f or 0, # None if paged 
-                            dll + "!" + n or '' # None if paged or imported by ordinal 
-                            ))
diff --git a/contrib/plugins/malware/README.md b/contrib/plugins/malware/README.md
new file mode 100644
index 000000000..8ece0a8d0
--- /dev/null
+++ b/contrib/plugins/malware/README.md
@@ -0,0 +1 @@
+Plugins in this directory have moved. Please see the github.com/volatilityfoundation/community repository.
diff --git a/contrib/plugins/malware/__init__.py b/contrib/plugins/malware/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/contrib/plugins/malware/poisonivy.py b/contrib/plugins/malware/poisonivy.py
deleted file mode 100644
index 16fffb579..000000000
--- a/contrib/plugins/malware/poisonivy.py
+++ /dev/null
@@ -1,396 +0,0 @@
-# Poison Ivy RAT detection and analysis for Volatility 2.0
-#
-# Version 1.0 (for release at the FIRST Conference, June 18, 2012)
-#
-# This version is limited to PoisonIvy's server version 2.3.1 
-#
-# Author: Andreas Schuster <a.schuster@forensikblog.de>
-#
-# This plugin is based on zeusscan2.py by Michael Hale Ligh.
-#
-# This file is part of Volatility.
-#
-# Volatility is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Volatility is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-import volatility.plugins.taskmods as taskmods
-import volatility.obj as obj
-import volatility.win32.tasks as tasks
-import volatility.utils as utils
-import volatility.debug as debug
-import volatility.plugins.malware.malfind as malfind
-
-try:
-    import yara
-    has_yara = True
-except ImportError:
-    has_yara = False
-
-class PIHOST(obj.CType):
-    """Class for Poison Ivy Host/Proxy"""
-
-    def next(self):
-        """The next variable-length structure in the array"""
-
-        return obj.Object("PIHOST", 
-                         offset = self.obj_offset + self.length + 
-                         self.obj_vm.profile.get_obj_size("PIHOST"), 
-                         vm = self.obj_vm)
-
-class PICONFIG(obj.CType):
-    """Class for Poison Ivy Configuration Block"""
-
-    def _read_hosts(self, memb):
-        """Parse C2 or proxy config from data block"""
-
-        # The first object in the array 
-        host = obj.Object("PIHOST", offset = memb.obj_offset, vm = self.obj_vm)
-        # The number of objects shall not exceed
-        # the total size of the array 
-        size = self.obj_vm.profile.get_obj_size("HOSTCFGSPACE")
-
-        while (host.length > 0 and 
-                    host.obj_offset < memb.obj_offset + size):
-            yield host 
-            host = host.next()
-
-    def get_hosts(self):
-        """Return the list of C2 hosts"""
-
-        if self.ProxyCfgPresent == 1:
-            return self._read_hosts(self.C2WhenProxy)
-        else:
-            return self._read_hosts(self.NextHop)
-
-    def get_proxies(self):
-        """Return the list of proxies"""        
-
-        if self.ProxyCfgPresent == 1:
-            return self._read_hosts(self.NextHop)
-        else:
-            raise StopIteration 
-
-    @property
-    def CopyDestFile(self):
-        """Return the destination directory and file name"""
-
-        destination = ''
-        if self.CopyDestDir == 1:
-            destination = '%WINDIR%'
-        elif self.CopyDestDir == 2:
-            destination = '%WINDIR%\\System32'
-
-        if self.CopyAsADS == 1:
-            destination += ':'
-        else:
-            destination += '\\' 
-
-        return destination + self.m('CopyDestFile')
-
-class PoisonIvyTypesx86(obj.ProfileModification):
-    """Modification for Poison Ivy"""
-
-    conditions = {'os': lambda x: x == 'windows', 
-                  'memory_model': lambda x: x == '32bit'}
-
-    def modification(self, profile):
-
-        profile.object_classes.update({'PIHOST': PIHOST, 'PICONFIG': PICONFIG})
-
-        profile.vtypes.update({
-            'PIHOST': [ 4, { # minimum size based on the static fields 
-                'length'                       : [ 0, ['unsigned char']], 
-                'hostname'                     : [ 1, ['String', dict(length = lambda x : x.length)]], 
-                'proto'                        : [ lambda x: x.obj_offset + 1 + x.length, ['Enumeration', dict(target = 'unsigned char', choices = {0: 'direct', 1: 'SOCKS', 2: 'HTTP'})]], 
-                'port'                         : [ lambda x: x.obj_offset + 1 + x.length + 1, ['unsigned short']], 
-            }], 
-            'HOSTCFGSPACE' : [ 256, {
-            }],
-            'PICONFIG' : [ 0xf74, {
-                'imp_socket'                   : [ 0x001, ['unsigned int']],
-                'imp_connect'                  : [ 0x005, ['unsigned int']],
-                'imp_closesocket'              : [ 0x009, ['unsigned int']],
-                'imp_send'                     : [ 0x00d, ['unsigned int']],
-                'imp_recv'                     : [ 0x011, ['unsigned int']],
-                'imp_htons'                    : [ 0x015, ['unsigned int']],
-                'imp_inet_addr'                : [ 0x019, ['unsigned int']],
-                'imp_gethostbyname'            : [ 0x01d, ['unsigned int']],
-                'imp_VirtualAlloc'             : [ 0x021, ['unsigned int']],
-                'imp_VirtualFree'              : [ 0x025, ['unsigned int']],
-                'imp_CreateThread'             : [ 0x029, ['unsigned int']],
-                'imp_CreateProcessA'           : [ 0x02d, ['unsigned int']],
-                'imp_RegCloseKey'              : [ 0x031, ['unsigned int']],
-                'imp_RegOpenKeyExA'            : [ 0x035, ['unsigned int']],
-                'imp_RegQueryValueExA'         : [ 0x039, ['unsigned int']],
-                'imp_RegSetValueExA'           : [ 0x03d, ['unsigned int']],
-                'imp_RegDeleteKeyA'            : [ 0x041, ['unsigned int']],
-                'imp_RegCreateKeyExA'          : [ 0x045, ['unsigned int']],
-                'imp_RegQueryInfoKeyA'         : [ 0x049, ['unsigned int']],
-                'imp_RegEnumKeyExA'            : [ 0x04d, ['unsigned int']],
-                'imp_DeleteFileA'              : [ 0x051, ['unsigned int']],
-                'imp_CopyFileA'                : [ 0x055, ['unsigned int']],
-                'imp_CreateFileA'              : [ 0x059, ['unsigned int']],
-                'imp_GetKeyNameTextA'          : [ 0x05d, ['unsigned int']],
-                'imp_GetActiveWindow'          : [ 0x061, ['unsigned int']],
-                'imp_GetWindowTextA'           : [ 0x065, ['unsigned int']],
-                'imp_WriteFile'                : [ 0x069, ['unsigned int']],
-                'imp_CallNextHookEx'           : [ 0x06d, ['unsigned int']],
-                'imp_SetFilePointer'           : [ 0x071, ['unsigned int']],
-                'imp_ToAscii'                  : [ 0x075, ['unsigned int']],
-                'imp_GetKeyboardState'         : [ 0x079, ['unsigned int']],
-                'imp_GetLocalTime'             : [ 0x07d, ['unsigned int']],
-                'imp_lstrcat'                  : [ 0x081, ['unsigned int']],
-                'imp_CreateMutexA'             : [ 0x085, ['unsigned int']],
-                'imp_RtlGetLastWin32Error'     : [ 0x089, ['unsigned int']],
-                'imp_GetFileTime'              : [ 0x08d, ['unsigned int']],
-                'imp_SetFileTime'              : [ 0x091, ['unsigned int']],
-                'imp_OpenProcess'              : [ 0x095, ['unsigned int']],
-                'imp_select'                   : [ 0x099, ['unsigned int']],
-                'imp_LoadLibraryA'             : [ 0x09d, ['unsigned int']],
-                'imp_CloseHandle'              : [ 0x0a1, ['unsigned int']],
-                'imp_Sleep'                    : [ 0x0a5, ['unsigned int']],
-                'imp_RtlMoveMemory'            : [ 0x0a9, ['unsigned int']],
-                'imp_RtlZeroMemory'            : [ 0x0ad, ['unsigned int']],
-                'imp_VirtualAllocEx'           : [ 0x0b1, ['unsigned int']],
-                'imp_WriteProcessMemory'       : [ 0x0b5, ['unsigned int']],
-                'imp_CreateToolhelp32Snapshot' : [ 0x0b9, ['unsigned int']],
-                'imp_Process32First'           : [ 0x0bd, ['unsigned int']],
-                'imp_Process32Next'            : [ 0x0c1, ['unsigned int']],
-                'func_FindProcess'             : [ 0x0c5, ['unsigned int']],
-                'imp_CreateRemoteThread'       : [ 0x0c9, ['unsigned int']],
-                'imp_lstrcmpi'                 : [ 0x0cd, ['unsigned int']],
-                'func_WriteProcess'            : [ 0x0d1, ['unsigned int']],
-                'func_Extra'                   : [ 0x0d5, ['unsigned int']],
-                'func_Main'                    : [ 0x0d9, ['unsigned int']],
-                'func_GetProcAddressByCRC32'   : [ 0x0dd, ['unsigned int']],
-                'NULL'                         : [ 0x0e1, ['unsigned int']],
-                'func_Send_Receive'            : [ 0x0e5, ['unsigned int']],
-                'func_strcopy'                 : [ 0x0e9, ['unsigned int']],
-                'func_Keylogger_Hook'          : [ 0x0ed, ['unsigned int']],
-                'func_0f1'                     : [ 0x0f1, ['unsigned int']],
-                'func_Persist_ActiveSetup'     : [ 0x0f5, ['unsigned int']],
-                'func_Injector'                : [ 0x0f9, ['unsigned int']],
-                'func_Key_expansion'           : [ 0x0fd, ['unsigned int']],
-                'func_Encrypt'                 : [ 0x101, ['unsigned int']],
-                'func_Decrypt'                 : [ 0x105, ['unsigned int']],
-                'func_Camellia_feistel'        : [ 0x109, ['unsigned int']],
-                'func_Camellia_local'          : [ 0x10d, ['unsigned int']],
-                'var_Camellia_Sbox1'           : [ 0x111, ['unsigned int']],
-                'var_Camellia_Table1'          : [ 0x115, ['unsigned int']],
-                'var_Camellia_Table2'          : [ 0x119, ['unsigned int']],
-                'var_Socket'                   : [ 0x121, ['unsigned int']],
-                'var_Version'                  : [ 0x129, ['unsigned int']],
-                'CopyDestFile'                 : [ 0x12d, ['String', dict(length = 24)]],
-                'Secret'                       : [ 0x145, ['String', dict(length = 32)]],
-                'PersistActiveSetupGUID'       : [ 0x165, ['String', dict(length = 38)]],
-                'NextHop'                      : [ 0x190, ['HOSTCFGSPACE']],
-                'ProxyCfgPresent'              : [ 0x2c1, ['int']],
-                'C2WhenProxy'                  : [ 0x2c5, ['HOSTCFGSPACE']],
-                'PersistActiveSetupOn'         : [ 0x3f6, ['unsigned char']],
-                'CopyDestDir'                  : [ 0x3f7, ['unsigned char']],
-                'Melt'                         : [ 0x3f8, ['unsigned char']],
-                'InjectPersist'                : [ 0x3f9, ['unsigned char']],
-                'Keylogger'                    : [ 0x3fa, ['unsigned char']],
-                'Mutex'                        : [ 0x3fb, ['String', dict(length = 20)]],
-                'PersistActiveSetupName'       : [ 0x40f, ['String', dict(length = 9)]],
-                'DefaultBrowserKey'            : [ 0x418, ['String', dict(length = 41)]],
-                'InjectIntoDefaultBrowser'     : [ 0x441, ['unsigned char']],
-                'InjectIntoProcessName'        : [ 0x442, ['String', dict(length = 20)]],
-                'PersistActiveSetupKeyPart'    : [ 0x456, ['String', dict(length = 93)]],
-                'PersistActiveSetupKey'        : [ 0x4b3, ['String', dict(length = 255)]],
-                'CurrentFile'                  : [ 0x5b2, ['String', dict(length = 255)]],
-                'PersistentFile'               : [ 0x6b1, ['String', dict(length = 255)]],
-                'KeyloggerLogfile'             : [ 0x7b0, ['String', dict(length = 255)]],
-                'IsAdmin'                      : [ 0x8af, ['unsigned char']],
-                'var_8b4'                      : [ 0x8b4, ['unsigned int']],
-                'var_8b8'                      : [ 0x8b8, ['unsigned char']],
-                'var_8b9'                      : [ 0x8b9, ['unsigned int']],
-                'KeyloggerTID'                 : [ 0x8bd, ['unsigned int']],
-                'InjectorTID'                  : [ 0x8c1, ['unsigned int']],
-                'hnd_Mutex'                    : [ 0x8c5, ['unsigned int']],
-                'Challenge'                    : [ 0x8d9, ['array', 136, ['unsigned char']]],
-                'var_Camellia_Keyschedule'     : [ 0x96b, ['array', 272, ['unsigned char']]],
-                'hnd_Kernel32'                 : [ 0xabb, ['unsigned int']],
-                'hnd_User32'                   : [ 0xabf, ['unsigned int']],
-                'hnd_Ws2_32'                   : [ 0xac3, ['unsigned int']],
-                'hnd_Advapi32'                 : [ 0xad3, ['unsigned int']],
-                'hnd_Ntdll'                    : [ 0xadb, ['unsigned int']],
-                'imp_lstrlenA'                 : [ 0xaf0, ['unsigned int']],
-                'UseProxy'                     : [ 0xaf4, ['unsigned char']],
-                'ProxyNoPersist'               : [ 0xaf5, ['unsigned char']],
-                'func_af6'                     : [ 0xaf6, ['unsigned int']],
-                'ServerId'                     : [ 0xafa, ['String', dict(length = 255)]],
-                'ServerGroup'                  : [ 0xbf9, ['String', dict(length = 255)]],
-                'imp_GetFileSize'              : [ 0xcf8, ['unsigned int']],
-                'imp_ReadFile'                 : [ 0xcfc, ['unsigned int']],
-                'func_CopyFile'                : [ 0xd00, ['unsigned int']],
-                'func_Inject_explorer'         : [ 0xd04, ['unsigned int']],
-                'Inject'                       : [ 0xd08, ['unsigned char']],
-                'PersistHKLMRun'               : [ 0xd09, ['unsigned char']],
-                'func_Persist_HKLMRun'         : [ 0xd0a, ['unsigned int']],
-                'func_Keylogger'               : [ 0xd0e, ['unsigned int']],
-                'CopyAsADS'                    : [ 0xd12, ['unsigned char']],
-                'PersistHKLMRunName'           : [ 0xe12, ['String', dict(length = 255)]]
-            }]
-        })
-
-# This simple signature is based on string constants. It it easy to find, easy
-# to explain - and easy to break! Therefore you're advised to develop robust, 
-# code based signatures for daily work.
-signatures = {
-    'namespace1' : 'rule pivars {strings: $a = { \
-        53 74 75 62 50 61 74 68 ?? 53 4F 46 54 57 41 52\
-        45 5C 43 6C 61 73 73 65 73 5C 68 74 74 70 5C 73\
-        68 65 6C 6C 5C 6F 70 65 6E 5C 63 6F 6D 6D 61 6E\
-        64 [22] 53 6F 66 74 77 61 72 65 5C 4D 69 63 72 6F\
-        73 6F 66 74 5C 41 63 74 69 76 65 20 53 65 74 75\
-        70 5C 49 6E 73 74 61 6C 6C 65 64 20 43 6F 6D 70\
-        6F 6E 65 6E 74 73 5C } condition: $a}'
-}
-
-class PoisonIvyScan(taskmods.DllList):
-    "Detect processes infected with Poison Ivy"
-
-    @staticmethod
-    def is_valid_profile(profile):
-        return (profile.metadata.get('os', 'unknown') == 'windows' and
-                profile.metadata.get('memory_model', '32bit') == '32bit')
-
-    def get_vad_base(self, task, address):
-        """ Get the VAD starting address """        
-
-        for vad in task.VadRoot.traverse():
-            if address >= vad.Start and address < vad.End:
-                return vad.Start
-
-        # This should never really happen
-        return None
-
-    def calculate(self):
-
-        if not has_yara:
-            debug.error("Yara must be installed for this plugin")
-
-        addr_space = utils.load_as(self._config)
-        
-        if not self.is_valid_profile(addr_space.profile):
-            debug.error("This command does not support the selected profile.")
-        
-        rules = yara.compile(sources = signatures)
-
-        for task in self.filter_tasks(tasks.pslist(addr_space)):
-            scanner = malfind.VadYaraScanner(task = task, rules = rules)
-
-            for hit, address in scanner.scan():
-                vad_base_addr = self.get_vad_base(task, address)
-                if address - vad_base_addr > 0x1000:
-                    continue
-
-                yield task, vad_base_addr
-
-    def render_text(self, outfd, data):
-
-        self.table_header(outfd, [("Name", "20"), 
-                                  ("PID", "8"),
-                                  ("Data VA", "[addrpad]")])
-
-        for task, start in data:
-            self.table_row(outfd, task.ImageFileName, task.UniqueProcessId, start)
-
-class PoisonIvyConfig(PoisonIvyScan):
-    "Locate and parse the Poison Ivy configuration"
-
-    def render_text(self, outfd, data):
-        
-        delim = '-' * 80
-
-        for task, start in data:
-
-            outfd.write("{0}\n".format(delim))
-            
-            proc_addr_space = task.get_process_address_space()
-
-            config = obj.Object('PICONFIG', offset = start, vm = proc_addr_space)
-
-            outfd.write('Process: {0} ({1})\n\n'.format(task.ImageFileName, task.UniqueProcessId))
-            outfd.write('Infection:\n')
-
-            if config.IsAdmin == 1:
-                outfd.write('\tPoisonIvy has ADMIN privileges!\n')
-            else:
-                outfd.write('\tPoisonIvy has user privileges.\n')
-
-            outfd.write('\tVersion: {0}\n'.format(config.var_Version))
-            outfd.write('\tBase VA: {0:#x}\n'.format(config.func_Main))
-            outfd.write('\tExtra VA: {0:#x}\n'.format(config.func_Extra))
-            outfd.write('\tData VA: {0:#x}\n'.format(start))
-            outfd.write('\tMutex: {0}\n'.format(config.Mutex))
-            outfd.write('\tOriginal file: {0}\n'.format(config.CurrentFile))
-            outfd.write('\tMelt original file: {0}\n\n'.format(config.Melt == 1))
-
-            outfd.write("Command and Control:\n")
-            for i, host in enumerate(config.get_hosts()):
-                outfd.write('\tHost {0}: {1}:{2} ({3})\n'.format(i, host.hostname, host.port, host.proto))
-
-            # secret (either password or keyfile)
-            if config.Secret.isalnum():
-                outfd.write('\tPassword: {0}\n'.format(config.Secret))
-            else:
-                outfd.write('\tKey (from file): 0x{0}'.format(config.Secret.encode('hex')))
-
-            # management info
-            outfd.write('\tId: {0}\n'.format(config.ServerId))
-            outfd.write('\tGroup: {0}\n\n'.format(config.ServerGroup))
-
-            outfd.write('Keylogger:\n')
-            outfd.write('\tKeylogger: {0}\n'.format(config.Keylogger == 1))
-            if config.Keylogger == 1:
-                outfd.write('\tKeylogger TID: {0}\n'.format(config.KeyloggerTID))
-                outfd.write('\tKeylogger Setup: {0:#x}\n'.format(config.func_Keylogger))
-                outfd.write('\tKeylogger Routine: {0:#x}\n'.format(config.func_Keylogger_Hook))
-                outfd.write('\tKeylogger logfile: {0}\n'.format(config.KeyloggerLogfile))
-
-            outfd.write("\nCopy file:\n")
-            outfd.write('\tCopy routine: {0:#x}\n'.format(config.func_CopyFile))
-            outfd.write('\tDestination: {0}\n'.format(config.CopyDestFile))
-
-            outfd.write("\nPersistence:\n")
-            outfd.write('\tActive Setup: {0}\n'.format(config.PersistActiveSetupOn == 1))
-            if config.PersistActiveSetupOn == 1:
-                outfd.write('\tActive Setup key: {0}\n'.format(config.PersistActiveSetupKey))
-                outfd.write('\tActive Setup name: {0}\n'.format(config.PersistActiveSetupName))
-                outfd.write('\tSetup routine: {0:#x}\n'.format(config.func_Persist_ActiveSetup))
-
-            outfd.write("\tHKLM Run: {0}\n".format(bool(config.PersistHKLMRun == 1)))
-            if config.PersistHKLMRun == 1:
-                outfd.write("\tHKLM Run name: {0}\n".format(config.PersistHKLMRunName))
-                outfd.write("\tSetup routine: {0:#x}\n".format(config.func_Persist_HKLMRun))
-
-            outfd.write("\nInjector:\n")
-            outfd.write("\tInject into other processes: {0}\n".format(config.Inject == 1))
-            if config.Inject == 1:
-                outfd.write('\tPersistently: {0}\n'.format(config.InjectPersist == 1))
-                outfd.write('\tInjector TID: {0}\n'.format(config.InjectorTID))
-                outfd.write('\tInjector Routine: {0:#x}\n'.format(config.func_Injector))
-                outfd.write('\tTarget process name: {0}\n'.format(config.InjectIntoProcessName))
-                outfd.write('\tTarget default browser: {0}\n'.format(config.InjectIntoDefaultBrowser == 1))
-
-            outfd.write("\nProxy:\n")
-            outfd.write('\tUse Proxy: {0}\n'.format(config.UseProxy == 1))
-            if config.UseProxy == 1:
-                outfd.write('\tPersistently: {0}\n'.format(config.ProxyNoPersist == 0))
-                for i, proxy in enumerate(config.get_proxies()):
-                    outfd.write('\tHost {0}: {1}:{2} ({3})\n'.format(i, proxy.hostname, proxy.port, proxy.proto))
-
-            outfd.write("\nDecrypt: {0:#x}\n".format(config.func_Decrypt))
diff --git a/contrib/plugins/malware/psempire.py b/contrib/plugins/malware/psempire.py
deleted file mode 100644
index d98e59eae..000000000
--- a/contrib/plugins/malware/psempire.py
+++ /dev/null
@@ -1,97 +0,0 @@
-"""
-@author:       Slavi Parpulev
-"""
-import re
-import base64
-import volatility.plugins.common as common 
-import volatility.utils as utils
-import volatility.win32.tasks as tasks
-import volatility.plugins.malware.malfind as malfind
-import volatility.plugins.taskmods as taskmods
-
-try:
-    import yara
-    has_yara = True
-except ImportError:
-    has_yara = False
-
-signatures = {
-    'namespace1' : 'rule pivars {strings: $command = { \
-        70 6f 77 65 72 73 68 65 6c 6c 2e 65 78 65 20 2d\
-        4e 6f 50 20 2d 4e 6f 6e 49 20 2d 57 20 48 69 64\
-        64 65 6e 20 2d 45 6e 63 20}\
-        condition: $command}'
-}
-
-# signatures = {
-#     'namespace1' : 'rule pivars {strings: $a = /powershell.exe.-NoP.-NonI.-W.Hidden.-Enc.([a-zA-Z0-9]+)/ condition: $a}'
-# }
-
-
-class PSEmpire(taskmods.DllList):
-    """A plugin detecting the presence of PowerShell Empire. Idally run against a PID of powershell.exe"""
-
-
-    def get_vad_base(self, task, address):
-        """ Get the VAD starting address """        
-
-        for vad in task.VadRoot.traverse():
-            if address >= vad.Start and address < vad.End:
-                return vad.Start
-
-        # This should never really happen
-        return None
-
-    def calculate(self):
-        if not has_yara:
-            debug.error("Yara must be installed for this plugin")
-
-        addr_space = utils.load_as(self._config)
-        
-        if not self.is_valid_profile(addr_space.profile):
-            debug.error("This command does not support the selected profile.")
-	    # For each process in the list
-        for task in self.filter_tasks(tasks.pslist(addr_space)):
-            # print task.ImageFileName
-            for vad, address_space in task.get_vads(vad_filter = task._injection_filter):
-				# Injected code detected if there's values returned
-                rules = yara.compile(sources = signatures)
-                scanner = malfind.VadYaraScanner(task = task, rules = rules)
-                # print 'before'
-                for hit, address in scanner.scan():
-            	    vad_base_addr = self.get_vad_base(task, address)
-            	    
-            	    # Get a chuck of memory of size 2048 next to where the string was detected
-                    content = address_space.zread(address, 2048)
-                    yield task, address, vad_base_addr, content
-                    break
-                # break  # Show only 1 instance of detected injection per process
-
-    def render_text(self, outfd, data):
-        for task, address, vad_base_addr, content in data:
-            finalstring = []
-            # hex dump returns 16 bytes at a time, walk the entire dump and get all values in finalstring
-            for offset,h,c in utils.Hexdump(content):
-                finalstring.append(''.join(c))
-            # Get only the base64 part of the string and decode utf16 otherwise next regex fails to interpret the value as ascii
-            obfuscated = base64.b64decode(re.findall(r'.+-Enc\.([a-zA-Z0-9]+)', "".join(finalstring))[0]).decode('utf16')
-            # Get server value and port from the string
-            try:
-                server = re.findall(r'http.+//(.+):', obfuscated)[0]
-            except:
-                server = "Not detected"
-            try:
-                port = re.findall(r'http.+:(.+)/', obfuscated)[0]
-            except:
-                port = "Not found"
-
-            outfd.write("Process: {0} Pid: {1} Vad_base: {2:#x} Detected at Address: {3:#x}\n".format(
-                task.ImageFileName, task.UniqueProcessId, vad_base_addr, address))
-
-            outfd.write("Connecting to - Server: {0} Port: {1}\n".format(
-                server, port))
-
-            outfd.write("{0}\n".format("\n".join(
-                ["{0:#010x}  {1:<48}  {2}".format(address + o, h, ''.join(c))
-                for o, h, c in utils.Hexdump(content[:64])
-                ])))
diff --git a/contrib/plugins/malware/zeusscan.py b/contrib/plugins/malware/zeusscan.py
deleted file mode 100644
index 11bc22850..000000000
--- a/contrib/plugins/malware/zeusscan.py
+++ /dev/null
@@ -1,600 +0,0 @@
-# Volatility
-#
-# Zeus support:
-# Michael Hale Ligh <michael.ligh@mnin.org>
-#
-# Citadel support:
-# Santiago Vicente <smvicente@invisson.com>
-#
-# This file is part of Volatility.
-#
-# Volatility is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Volatility is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-import struct, hashlib
-import volatility.utils as utils
-import volatility.obj as obj
-import volatility.commands as commands
-import volatility.debug as debug
-import volatility.win32.tasks as tasks
-import volatility.plugins.malware.impscan as impscan
-import volatility.plugins.taskmods as taskmods
-import volatility.plugins.procdump as procdump
-import volatility.addrspace as addrspace
-import volatility.plugins.vadinfo as vadinfo
-import volatility.exceptions as exceptions
-
-try:
-    import yara
-    has_yara = True
-except ImportError:
-    has_yara = False
-
-RC4_KEYSIZE = 0x102
-
-#--------------------------------------------------------------------------------
-# Profile Modifications 
-#--------------------------------------------------------------------------------
-
-class ZeusVTypes(obj.ProfileModification):
-
-    conditions = {'os': lambda x: x == 'windows', 
-                  'memory_model': lambda x: x == "32bit"}
-    
-    def modification(self, profile):
-        profile.vtypes.update({
-            '_ZEUS2_CONFIG' : [ 0x1E6, {
-                'struct_size' :   [ 0x0, ['unsigned int']], 
-                'guid' :   [ 0x4, ['array', 0x30, ['unsigned short']]], 
-                'guid2' : [ 0x7C, ['array', 0x10, ['unsigned char']]], 
-                'rc4key' : [ 0x8C, ['array', 0x100, ['unsigned char']]], 
-                'exefile' : [ 0x18E, ['String', dict(length = 0x14)]], 
-                'datfile' : [ 0x1A2, ['String', dict(length = 0x14)]], 
-                'keyname' : [ 0x1B6, ['String', dict(length = 0xA)]], 
-                'value1' : [ 0x1C0, ['String', dict(length = 0xA)]],  
-                'value2' : [ 0x1CA, ['String', dict(length = 0xA)]], 
-                'value3' : [ 0x1D4, ['String', dict(length = 0xA)]], 
-                'guid_xor_key' : [ 0x1DE, ['unsigned int']], 
-                'xorkey' : [ 0x1E2, ['unsigned int']], 
-            }], 
-            '_CITADEL1345_CONFIG' : [ 0x11C, {
-                'struct_size' :   [ 0x0, ['unsigned int']], 
-                'guid' :   [ 0x4, ['array', 0x30, ['unsigned short']]], 
-                'guid2' : [ 0x7C, ['array', 0x10, ['unsigned char']]], 
-                'exefile' : [ 0x9C, ['String', dict(length = 0x14)]], 
-                'datfile' : [ 0xB0, ['String', dict(length = 0x14)]], 
-                'keyname' : [ 0xEC, ['String', dict(length = 0xA)]], 
-                'value1' : [ 0xF6, ['String', dict(length = 0xA)]],  
-                'value2' : [ 0x100, ['String', dict(length = 0xA)]], 
-                'value3' : [ 0x10A, ['String', dict(length = 0xA)]], 
-                'guid_xor_key' : [ 0x114, ['unsigned int']], 
-                'xorkey' : [ 0x118, ['unsigned int']], 
-                }],
-            })
-
-#--------------------------------------------------------------------------------
-# Scanner for Zeus > 1.20 and < 2.0  
-#--------------------------------------------------------------------------------
-
-class ZeusScan1(taskmods.DllList):
-    """Locate and Decrypt Zeus > 1.20 and < 2.0 Configs"""
-
-    @staticmethod
-    def is_valid_profile(profile):
-        return (profile.metadata.get('os', 'unknown') == 'windows' and
-                profile.metadata.get('memory_model', '32bit') == '32bit')
-
-    def _zeus_filter(self, vad):
-        """
-        This is a callback that's executed by get_vads() 
-        when searching for zeus injections. 
-
-        @param vad: an MMVAD object.
-
-        @returns: True if the MMVAD looks like it might
-        contain a zeus image. 
-
-        We want the memory to be executable, but right now we 
-        can only get the original protection not the current 
-        protection...and the original protection can be 
-        anything. This version of zeus happens to use 
-        PAGE_NOACCESS so that's what we'll look for instead.
-        """
-
-        prot = vad.u.VadFlags.Protection.v()
-        prot = vadinfo.PROTECT_FLAGS.get(prot, "")
-
-        return (vad.u.VadFlags.PrivateMemory == 0 and 
-                    prot == "PAGE_NO_ACCESS" and 
-                    vad.Tag == "VadS")
-
-    def calculate(self):
-        
-        addr_space = utils.load_as(self._config)
-
-        if not self.is_valid_profile(addr_space.profile):
-            debug.error("This command does not support the selected profile.")
-
-        for task in self.filter_tasks(tasks.pslist(addr_space)):
-            task_space = task.get_process_address_space()
-
-            # We must have a process AS
-            if not task_space:
-                continue 
-
-            winsock = None
-
-            # Locate the winsock DLL
-            for mod in task.get_load_modules():
-                if str(mod.BaseDllName or '').lower() == "ws2_32.dll":
-                    winsock = mod
-                    break
-            
-            if not winsock:
-                continue 
-
-            # Resolve the closesocket API 
-            closesocket = winsock.getprocaddress("closesocket")
-
-            if not closesocket:
-                continue 
-
-            for vad, process_space in task.get_vads(
-                                    vad_filter = self._zeus_filter,
-                                    ):
-                                    
-                if obj.Object("_IMAGE_DOS_HEADER", offset = vad.Start, 
-                        vm = process_space).e_magic != 0x5A4D:
-                    continue
-                    
-                data = process_space.zread(vad.Start, vad.Length)
-            
-                scanner = impscan.ImpScan(self._config).call_scan
-                calls = list(scanner(task_space, vad.Start, data))
-
-                for (_, iat_loc, call_dest) in calls:
-                    if call_dest != closesocket:
-                        continue 
-
-                    # Read the DWORD directly after closesocket 
-                    struct_base = obj.Object('Pointer', 
-                        offset = iat_loc + 4, vm = task_space)
-
-                    # To be valid, it must point within the vad segment 
-                    if (struct_base < vad.Start or 
-                            struct_base > (vad.Start + vad.End)):
-                        continue 
-
-                    # Grab the key data
-                    key = task_space.read(struct_base + 0x2a, RC4_KEYSIZE)
-
-                    # Greg's sanity check
-                    if len(key) != RC4_KEYSIZE or key[-2:] != "\x00\x00":
-                        continue
-
-                    yield task, struct_base, key
-
-    def render_text(self, outfd, data):
-
-        for task, struct_base, key in data:
-            hex = "\n".join(["{0:#010x}  {1:<48}  {2}".format(
-                            struct_base + 0x2a + o, 
-                            h, ''.join(c)) for o, h, c in utils.Hexdump(key)
-                            ])
-            outfd.write("Process: {0} {1}\n".format(
-                task.UniqueProcessId, task.ImageFileName))
-            outfd.write(hex)
-            outfd.write("\n")
-
-#--------------------------------------------------------------------------------
-# Scanner for Zeus >= 2.0 
-#--------------------------------------------------------------------------------
-
-class ZeusScan2(procdump.ProcDump):
-    """Locate and Decrypt Zeus >= 2.0 Configs"""
-
-    signatures = {
-    'namespace1':'rule z1 {strings: $a = {56 BA ?? ?? 00 00 52 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8B 35 ?? ?? ?? ?? 8B 0D ?? ?? ?? ??} condition: $a}',
-    'namespace5':'rule z5 {strings: $a = {56 BA ?? ?? 00 00 52 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8B 0D ?? ?? ?? ?? 03 0D ?? ?? ?? ??} condition: $a}',
-    'namespace2':'rule z2 {strings: $a = {55 8B EC 51 A1 ?? ?? ?? ?? 8B 0D ?? ?? ?? ?? 56 8D 34 01 A1 ?? ?? ?? ?? 8B 0D ?? ?? ?? ??} condition: $a}',
-    'namespace3':'rule z3 {strings: $a = {68 02 01 00 00 8D 84 24 ?? ?? ?? ?? 50 8D 44 24 ?? 50 E8 ?? ?? ?? ?? B8 E6 01 00 00 50 68 ?? ?? ?? ??} condition: $a}',
-    'namespace4':'rule z4 {strings: $a = {68 02 01 00 00 8D 85 ?? ?? ?? ?? 50 8D 85 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? B8 E6 01 00 00 50 68 ?? ?? ?? ??} condition: $a}'
-    }
-
-    magic_struct = '_ZEUS2_CONFIG'
-
-    params = dict(
-            # This contains the C2 URL, RC4 key for decoding 
-            # local.ds and the magic buffer
-            decoded_config = None,
-            # This contains the hardware lock info, the user.ds 
-            # RC4 key, and XOR key
-            encoded_magic = None,
-            # The decoded version of the magic structure
-            decoded_magic = None, 
-            # The key for decoding the configuration
-            config_key = None, 
-            # The login key (citadel only)
-            login_key = None, 
-            # The AES key (citadel only)
-            aes_key = None, 
-            )
-
-    @staticmethod
-    def is_valid_profile(profile):
-        return (profile.metadata.get('os', 'unknown') == 'windows' and
-                profile.metadata.get('memory_model', '32bit') == '32bit')
-
-    def rc4(self, key, encoded):
-        """Perform a basic RC4 operation"""
-        # Turn the buffers into lists so the elements are mutable
-        key_copy = [ord(c) for c in key]
-        enc_copy = [ord(c) for c in encoded]
-        # Start with the last two bytes in the key
-        var1 = key_copy[0x100]
-        var2 = key_copy[0x101]
-        # Do the RC4 algorithm
-        for i in range(0, len(enc_copy)):
-            var1 += 1
-            a = var1 & 0xFF
-            b = key_copy[a]
-            var2 += b
-            var2 &= 0xFF
-            key_copy[a]  = key_copy[var2]
-            key_copy[var2] = b
-            enc_copy[i] ^= key_copy[(key_copy[a] + b) & 0xFF]
-        # Return the decoded bytes as a string
-        decoded = [chr(c) for c in enc_copy]
-        return ''.join(decoded)
-
-    def rc4_init(self, data):
-        """Initialize the RC4 keystate"""
-        # The key starts off as a mutable list
-        key = list()
-        for i in range(0, 256):
-            key.append(i)
-        # Add the trailing two bytes
-        key.append(0)
-        key.append(0)
-        # Make a copy of the data so its mutable also
-        data_copy = [ord(c) for c in data]
-        var1 = 0
-        var2 = 0
-        for i in range(0, 256):
-            a = key[i]
-            var2 += (data_copy[var1] + a)
-            var2 &= 0xFF
-            var1 += 1
-            key[i] = key[var2]
-            key[var2] = a
-        # Return a copy of the key as a string
-        return ''.join([chr(c) for c in key])
-
-    def decode_config(self, encoded_config, last_sec_data):
-        """Decode the config with data from the last PE section. 
-
-        @param encoded_config: the encoded configuration
-        @param last_sec_data: last PE section data. 
-        """
-
-        return ''.join([chr(ord(last_sec_data[i]) ^ ord(encoded_config[i])) 
-                        for i in range(len(encoded_config))])
-
-    def check_matches(self, task_space, vad, matches, last_sec_data):
-        """Check the Yara matches and derive the encoded/decoded 
-        config objects and magic structures. 
-
-        @param task_space: the process AS
-        @param vad: the containing MMVAD 
-        @param matches: list of YARA hits 
-        @param last_sec_data: buffer of the last PE section's data
-        """
-
-        hits = dict((m.rule, m.strings[0][0] + vad.Start) for m in matches)
-
-        ## Do the magic 
-        if 'z3' in hits:
-            addr = obj.Object('unsigned long', offset = hits['z3'] + 30, vm = task_space)
-            size = task_space.profile.get_obj_size(self.magic_struct)
-            self.params['encoded_magic'] = task_space.read(addr, size)
-        elif 'z4' in hits:
-            addr = obj.Object('unsigned long', offset = hits['z4'] + 31, vm = task_space)
-            size = task_space.profile.get_obj_size(self.magic_struct)
-            self.params['encoded_magic'] = task_space.read(addr, size)
-        else:
-            return False 
-
-        ## Do the config 
-        if 'z1' in hits:
-            addr = obj.Object('unsigned long', offset = hits['z1'] + 8, vm = task_space)
-            size = obj.Object('unsigned long', offset = hits['z1'] + 2, vm = task_space)
-            encoded_config = task_space.read(addr, size)
-            self.params['decoded_config'] = self.decode_config(encoded_config, last_sec_data)
-        elif 'z2' in hits:
-            addr = obj.Object('Pointer', offset = hits['z2'] + 26, vm = task_space)
-            encoded_config = task_space.read(addr.dereference(), 0x3c8)
-            rc4_init = self.rc4_init(encoded_config)
-            self.params['decoded_config'] = self.rc4(rc4_init, last_sec_data[2:])
-        elif 'z5' in hits:
-            addr = obj.Object('unsigned long', offset = hits['z5'] + 8, vm = task_space)
-            size = obj.Object('unsigned long', offset = hits['z5'] + 2, vm = task_space)
-            encoded_config = task_space.read(addr, size)
-            self.params['decoded_config'] = self.decode_config(encoded_config, last_sec_data)
-        else:
-            return False 
-
-        ## We found at least one of each category 
-        return True
-    
-    def decode_magic(self, config_key):
-        """Decode the magic structure using the configuration key. 
-        
-        @param config_key: the config RC4 key.
-        """
-
-        return self.rc4(config_key, self.params['encoded_magic'])
-
-    def scan_key(self, task_space):
-        """Find the offset of the RC4 key and use it to 
-        decode the magic buffer. 
-
-        @param task_space: the process AS
-        """
-
-        offset = 0
-        found = False
-
-        while offset < len(self.params['decoded_config']) - RC4_KEYSIZE:
-
-            config_key = self.params['decoded_config'][offset:offset + RC4_KEYSIZE]
-            decoded_magic = self.decode_magic(config_key)
-
-            # When the first four bytes of the decoded magic buffer 
-            # equal the size of the magic buffer, then we've found 
-            # a winning RC4 key
-            (struct_size,) = struct.unpack("=I", decoded_magic[0:4])
-
-            if struct_size == task_space.profile.get_obj_size(self.magic_struct):
-                found = True
-                self.params['config_key'] = config_key
-                self.params['decoded_magic'] = decoded_magic
-                break
-
-            offset += 1
-
-        return found 
-
-    def calculate(self):
-        
-        if not has_yara:
-            debug.error("You must install yara")
-
-        addr_space = utils.load_as(self._config)
-
-        if not self.is_valid_profile(addr_space.profile):
-            debug.error("This command does not support the selected profile.")
-
-        rules = yara.compile(sources = self.signatures)
-
-        for task in self.filter_tasks(tasks.pslist(addr_space)):
-            task_space = task.get_process_address_space()
-
-            # We must have a process AS
-            if not task_space:
-                continue 
-
-            for vad, process_space in task.get_vads(): 
-            
-                if obj.Object("_IMAGE_DOS_HEADER", offset = vad.Start, 
-                        vm = process_space).e_magic != 0x5A4D:
-                    continue
-                    
-                # a zeus range will never be more than 5 MB
-                if vad.Length > 0x500000:
-                    continue
-
-                data = process_space.zread(vad.Start, vad.Length)
-            
-                # check for the signature with YARA, both hits must be present
-                matches = rules.match(data = data)
-
-                if len(matches) < 2:
-                    continue
-
-                try:
-                    dos_header = obj.Object("_IMAGE_DOS_HEADER", 
-                                    offset = vad.Start, vm = task_space)
-                    nt_header = dos_header.get_nt_header()
-                except (ValueError, exceptions.SanityCheckException):
-                    continue 
-
-                # There must be more than 2 sections 
-                if nt_header.FileHeader.NumberOfSections < 2:
-                    continue
-
-                # Get the last PE section's data 
-                sections = list(nt_header.get_sections())
-                last_sec = sections[-1]
-                last_sec_data = task_space.zread(
-                                    (last_sec.VirtualAddress + vad.Start), 
-                                    last_sec.Misc.VirtualSize
-                                    )
-                                    
-                success = self.check_matches(task_space, vad, matches, 
-                                            last_sec_data)
-
-                if not success:
-                    continue 
-
-                success = self.scan_key(task_space)
-
-                if not success:
-                    continue 
-
-                yield task, vad, self.params
-
-    def render_extra(self, outfd, task, vad, params):
-        """Show any Zeus specific fields"""
-
-        rc4_offset = task.obj_vm.profile.get_obj_offset(self.magic_struct, 'rc4key')
-        creds_key = params['decoded_magic'][rc4_offset:rc4_offset + RC4_KEYSIZE]
-
-        outfd.write("{0:<30} : \n{1}\n".format("Credential RC4 key", 
-                "\n".join(
-                ["{0:#010x}  {1:<48}  {2}".format(vad.Start + o, h, ''.join(c))
-                for o, h, c in utils.Hexdump(creds_key)
-                ])))
-
-    def render_text(self, outfd, data):
-        """Render the plugin's default text output"""
-        
-        for task, vad, params in data:
-
-            # Get a magic object from the buffer
-            buffer_space = addrspace.BufferAddressSpace(
-                                config = self._config, 
-                                data = params['decoded_magic'])
-
-            magic_obj = obj.Object(self.magic_struct, 
-                                offset = 0, vm = buffer_space)
-
-            outfd.write("*" * 50 + "\n")
-            outfd.write("{0:<30} : {1}\n".format("Process", task.ImageFileName))
-            outfd.write("{0:<30} : {1}\n".format("Pid", task.UniqueProcessId))
-            outfd.write("{0:<30} : {1}\n".format("Address", vad.Start))
-
-            # grab the URLs from the decoded buffer
-            decoded_config = params['decoded_config']
-            urls = []
-            while "http" in decoded_config:
-                url = decoded_config[decoded_config.find("http"):]
-                urls.append(url[:url.find('\x00')])
-                decoded_config = url[url.find('\x00'):]
-            for i, url in enumerate(urls):
-                outfd.write("{0:<30} : {1}\n".format("URL {0}".format(i), url))
-
-            outfd.write("{0:<30} : {1}\n".format("Identifier", 
-                ''.join([chr(c) for c in magic_obj.guid if c != 0])))
-            outfd.write("{0:<30} : {1}\n".format("Mutant key", magic_obj.guid_xor_key))
-            outfd.write("{0:<30} : {1}\n".format("XOR key", magic_obj.xorkey))
-            outfd.write("{0:<30} : {1}\n".format("Registry", 
-                "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\{0}".format(magic_obj.keyname)))
-            outfd.write("{0:<30} : {1}\n".format(" Value 1", magic_obj.value1))
-            outfd.write("{0:<30} : {1}\n".format(" Value 2", magic_obj.value2))
-            outfd.write("{0:<30} : {1}\n".format(" Value 3", magic_obj.value3))
-            outfd.write("{0:<30} : {1}\n".format("Executable", magic_obj.exefile))
-            outfd.write("{0:<30} : {1}\n".format("Data file", magic_obj.datfile))
-
-            outfd.write("{0:<30} : \n{1}\n".format("Config RC4 key", 
-                    "\n".join(
-                    ["{0:#010x}  {1:<48}  {2}".format(vad.Start + o, h, ''.join(c))
-                    for o, h, c in utils.Hexdump(params['config_key'])
-                    ])))
-
-            self.render_extra(outfd, task, vad, params)
-
-class CitadelScan1345(ZeusScan2):
-    """Locate and Decrypt Citadel 1.3.4.5 Configs"""
-
-    signatures = {
-    'namespace1':'rule z1 {strings: $a = {8B EC 83 EC 0C 8A 82 ?? ?? ?? ?? 88 45 FE 8A 82 01 01 00 00 88 45 FD 8A 82 02 01 00 00 B9 ?? ?? ?? ?? 88 45 FF E8 ?? ?? ?? ??} condition: $a}',
-    'namespace2':'rule z2 {strings: $a = {56 BA ?? ?? 00 00 52 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8B 0D ?? ?? ?? ?? 03 0D ?? ?? ?? ?? 8B F2 2B C8} condition: $a}',
-    'namespace3':'rule z3 {strings: $a = {68 ?? ?? 00 00 8D 85 ?? ?? ?? ?? 50 8D 85 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? B8 ?? ?? 00 00 50 68 ?? ?? ?? ??} condition: $a}'
-    }
-
-    magic_struct = '_CITADEL1345_CONFIG'
-
-    def rc4(self, key, encoded, login_key):
-        """Perform a basic RC4 operation. 
-        
-        Same as Zeus, but with incorporation of
-        a LOGIN_KEY value."""
-        # Turn the buffers into lists so the elements are mutable
-        key_copy = [ord(c) for c in key]
-        enc_copy = [ord(c) for c in encoded]
-        # Start with the last two bytes in the key
-        var1 = key_copy[0x100]
-        var2 = key_copy[0x101]
-        var3 = 0
-        login_key_len = len(login_key);
-        # Do the RC4 algorithm
-        for i in range(0, len(enc_copy)):
-            var1 += 1
-            a = var1 & 0xFF
-            b = key_copy[a]
-            var2 += b
-            var2 &= 0xFF
-            key_copy[a]  = key_copy[var2]
-            key_copy[var2] = b
-            enc_copy[i] ^= key_copy[(key_copy[a] + b) & 0xFF]
-            enc_copy[i] ^= ord(login_key[var3])
-            var3 += 1
-            if (var3 == login_key_len):
-                var3 = 0
-
-        # Return the decoded bytes as a string
-        decoded = [chr(c) for c in enc_copy]
-        return ''.join(decoded)
-
-    def decode_magic(self, config_key):
-        """Decode the magic buffer using RC4 and 
-        the LOGIN_KEY."""
-
-        return self.rc4(config_key, self.params['encoded_magic'], 
-                        self.params['login_key'])
-
-    def check_matches(self, task_space, vad, matches, last_sec_data):
-        """Check the Yara matches and derive the encoded/decoded 
-        config objects and magic structures. 
-
-        @param task_space: the process AS
-        @param vad: the containing MMVAD 
-        @param matches: list of YARA hits 
-        @param last_sec_data: buffer of the last PE section's data
-        """
-
-        hits = dict((m.rule, m.strings[0][0] + vad.Start) for m in matches)
-
-        if 'z1' in hits:
-            addr = obj.Object('unsigned long', offset = hits['z1'] + 30, vm = task_space)
-            self.params['login_key'] = task_space.read(addr, 0x20)
-        else:
-            return False
-
-        if 'z2' in hits:
-            addr = obj.Object('unsigned long', offset = hits['z2'] + 8, vm = task_space)
-            size = obj.Object('unsigned long', offset = hits['z2'] + 2, vm = task_space)
-            encoded_config = task_space.read(addr, size)
-            self.params['decoded_config'] = self.decode_config(encoded_config, last_sec_data)
-        else:
-            return False
-
-        if 'z3' in hits:
-            addr = obj.Object('unsigned long', offset = hits['z3'] + 31, vm = task_space)
-            size = task_space.profile.get_obj_size(self.magic_struct)
-            self.params['encoded_magic'] = task_space.read(addr, size)
-        else:
-            return False
-
-        return True
-
-    def render_extra(self, outfd, task, vad, params):
-        """Show Citadel specific fields"""
-
-        aes_key = self.rc4(params['config_key'], 
-                           hashlib.md5(params['login_key']).digest(),
-                           params['login_key'])
-
-        outfd.write("{0:<30} : {1}\n".format("Login key", params['login_key'].upper()))
-        outfd.write("{0:<30} : {1}\n".format("AES key", str(aes_key).encode('hex').upper()))
diff --git a/contrib/plugins/pagecheck.py b/contrib/plugins/pagecheck.py
deleted file mode 100644
index cea7898cf..000000000
--- a/contrib/plugins/pagecheck.py
+++ /dev/null
@@ -1,42 +0,0 @@
-# Volatility
-#
-# This file is part of Volatility.
-#
-# Volatility is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Volatility is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-import volatility.commands as commands
-import volatility.utils as utils
-
-class PageCheck(commands.Command):
-    """Reads the available pages and reports if any are inaccessible"""
-
-    def render_text(self, outfd, data):
-        """Displays any page errors"""
-        found = False
-        for page, vtop, size, pde, pte in data:
-            found = True
-            outfd.write("(V): 0x{0:08x} [PDE] 0x{3:08x} [PTE] 0x{4:08x} (P): 0x{1:08x} Size: 0x{2:08x}\n".format(page, vtop, size, pde, pte))
-        if not found:
-            outfd.write("No page failures found!")
-
-    def calculate(self):
-        """Calculate returns the results of the available pages validity"""
-        addr_space = utils.load_as(self._config)
-        for page, size in addr_space.get_available_pages():
-            output = addr_space.read(page, size)
-            if output == None:
-                pde_value = addr_space.get_pde(page)
-                pte_value = addr_space.get_pte(page, pde_value)
-                yield page, addr_space.vtop(page), size, pde_value, pte_value
diff --git a/contrib/plugins/psdispscan.py b/contrib/plugins/psdispscan.py
deleted file mode 100644
index a4911aaeb..000000000
--- a/contrib/plugins/psdispscan.py
+++ /dev/null
@@ -1,182 +0,0 @@
-# Volatility
-#
-# Authors:
-# Michael Cohen <scudette@users.sourceforge.net>
-#
-# This file is part of Volatility.
-#
-# Volatility is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Volatility is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-"""
-This module implements the slow thorough process scanning
-
-@author:       Michael Cohen
-@license:      GNU General Public License 2.0 or later
-@contact:      scudette@users.sourceforge.net
-@organization: Volatile Systems
-"""
-
-#pylint: disable-msg=C0111
-
-import volatility.commands as commands
-import volatility.cache as cache
-import volatility.utils as utils
-import volatility.obj as obj
-import volatility.scan as scan
-
-class DispatchHeaderCheck(scan.ScannerCheck):
-    """ A very fast check for an _EPROCESS.Pcb.Header.
-
-    This check assumes that the type and size of
-    _EPROCESS.Pcb.Header are unsigned chars, but allows their
-    offsets to be determined from vtypes (so they could change
-    between OS versions).
-    """
-    order = 10
-
-    def __init__(self, address_space, **_kwargs):
-        ## Because this checks needs to be super fast we first
-        ## instantiate the _EPROCESS and work out the offsets of the
-        ## type and size members. Then in the check we just read those
-        ## offsets directly.
-        eprocess = obj.Object("_EPROCESS", vm = address_space, offset = 0)
-        self.type = eprocess.Pcb.Header.Type
-        self.size = eprocess.Pcb.Header.Size
-        self.buffer_size = max(self.size.obj_offset, self.type.obj_offset) + 2
-        scan.ScannerCheck.__init__(self, address_space)
-
-    def check(self, offset):
-        data = self.address_space.read(offset + self.type.obj_offset, self.buffer_size)
-        return data[self.type.obj_offset] == "\x03" and data[self.size.obj_offset] == "\x1b"
-
-    def skip(self, data, offset):
-        try:
-            nextval = data.index("\x03", offset + 1)
-            return nextval - self.type.obj_offset - offset
-        except ValueError:
-            ## Substring is not found - skip to the end of this data buffer
-            return len(data) - offset
-
-class CheckThreadList(scan.ScannerCheck):
-    """ Checks that _EPROCESS thread list points to the kernel Address Space """
-    def check(self, offset):
-        eprocess = obj.Object("_EPROCESS", vm = self.address_space,
-                             offset = offset)
-        kernel = 0x80000000
-
-        list_head = eprocess.ThreadListHead
-
-        if list_head.Flink > kernel and list_head.Blink > kernel:
-            return True
-
-class CheckDTBAligned(scan.ScannerCheck):
-    """ Checks that _EPROCESS.Pcb.DirectoryTableBase is aligned to 0x20 """
-    def check(self, offset):
-        eprocess = obj.Object("_EPROCESS", vm = self.address_space,
-                             offset = offset)
-
-        return eprocess.Pcb.DirectoryTableBase % 0x20 == 0
-
-class CheckSynchronization(scan.ScannerCheck):
-    """ Checks that _EPROCESS.WorkingSetLock and _EPROCESS.AddressCreationLock look valid """
-    def check(self, offset):
-        eprocess = obj.Object("_EPROCESS", vm = self.address_space,
-                             offset = offset)
-
-        event = eprocess.WorkingSetLock.Event.Header
-        if event.Type != 0x1 or event.Size != 0x4:
-            return False
-
-        event = eprocess.AddressCreationLock.Event.Header
-        if event.Size == 0x4 and event.Type == 0x1:
-            return True
-
-class PSDispScanner(scan.BaseScanner):
-    """ This scanner carves things that look like _EPROCESS structures.
-
-    Since the _EPROCESS does not need to be linked to the process
-    list, this scanner is useful to recover terminated or cloaked
-    processes.
-    """
-    checks = [ ("DispatchHeaderCheck", {}),
-               ("CheckDTBAligned", {}),
-               ("CheckThreadList", {}),
-               ("CheckSynchronization", {})
-               ]
-
-class PSDispScan(commands.Command, cache.Testable):
-    """ Scan Physical memory for _EPROCESS objects based on their Dispatch Headers"""
-
-    # Declare meta information associated with this plugin
-
-    meta_info = dict(
-        author = 'Brendan Dolan-Gavitt',
-        copyright = 'Copyright (c) 2007,2008 Brendan Dolan-Gavitt',
-        contact = 'bdolangavitt@wesleyan.edu',
-        license = 'GNU General Public License 2.0 or later',
-        url = 'http://moyix.blogspot.com/',
-        os = 'WIN_32_XP_SP2',
-        version = '1.0',
-        )
-
-    @cache.CacheDecorator("tests/psscan")
-    def calculate(self):
-        address_space = utils.load_as(self._config, astype = 'physical')
-
-        for offset in PSDispScanner().scan(address_space):
-            yield obj.Object('_EPROCESS', vm = address_space, offset = offset)
-
-    def render_dot(self, outfd, data):
-        objects = set()
-        links = set()
-
-        for eprocess in data:
-            label = "{0} | {1} |".format(eprocess.UniqueProcessId,
-                                         eprocess.ImageFileName)
-            if eprocess.ExitTime:
-                label += "exited\\n{0}".format(eprocess.ExitTime)
-                options = ' style = "filled" fillcolor = "lightgray" '
-            else:
-                label += "running"
-                options = ''
-
-            objects.add('pid{0} [label="{1}" shape="record" {2}];\n'.format(eprocess.UniqueProcessId,
-                                                                            label, options))
-            links.add("pid{0} -> pid{1} [];\n".format(eprocess.InheritedFromUniqueProcessId,
-                                                      eprocess.UniqueProcessId))
-
-        ## Now write the dot file
-        outfd.write("digraph processtree { \ngraph [rankdir = \"TB\"];\n")
-        for link in links:
-            outfd.write(link)
-
-        for item in objects:
-            outfd.write(item)
-        outfd.write("}")
-
-    def render_text(self, outfd, data):
-        ## Just grab the AS and scan it using our scanner
-        outfd.write(" Offset     Name             PID    PPID   PDB        Time created             Time exited             \n" +
-                    "---------- ---------------- ------ ------ ---------- ------------------------ ------------------------ \n")
-
-        for eprocess in data:
-            outfd.write("{0:#010x} {1:16} {2:6} {3:6} {4:#010x} {5:24} {6:24}\n".format(
-                eprocess.obj_offset,
-                eprocess.ImageFileName,
-                eprocess.UniqueProcessId,
-                eprocess.InheritedFromUniqueProcessId,
-                eprocess.Pcb.DirectoryTableBase,
-                eprocess.CreateTime or '',
-                eprocess.ExitTime or ''))
diff --git a/contrib/plugins/saveconfig.py b/contrib/plugins/saveconfig.py
deleted file mode 100644
index 1504bc4b8..000000000
--- a/contrib/plugins/saveconfig.py
+++ /dev/null
@@ -1,163 +0,0 @@
-# Volatility
-#
-# Author:
-# Andrew Cook <cooka2011@gmail.com>
-#
-# This file is part of Volatility./
-#
-# Volatility is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Volatility is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-import os
-import volatility.plugins.common as common
-import volatility.conf as conf
-import volatility.win32.tasks as tasks
-import volatility.utils as utils
-import volatility.plugins.kdbgscan as kdbgscan
-import volatility.obj as obj
-import volatility.cache as cache
-import volatility.registry as registry
-import ConfigParser
-
-class SaveConfig(kdbgscan.KDBGScan): # common.AbstractWindowsCommand):
-    """Generates Volatility configuration files"""
-    def __init__(self, config, *args, **kwargs):
-        common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)
-
-        config.add_option("DEST", default = "./volatilityrc", short_option = "D",
-            help = "File to save the generated configuration")
-
-        config.add_option("EXCLUDE-CONF", default = False, short_option = "E",
-            action = "store_true", help = "Save only options specified on the command line (rather than configuration files)")
-
-        config.add_option("MODIFY", default = False, short_option = "M",
-            action = "store_true", help = "Modify (rather than override) the generated configuration file")
-
-        config.add_option("OFFSETS", default = False,
-            action = "store_true", help = "Get offsets, like KDBG and DTB")
-
-        config.add_option("AUTO", default = False,
-            action = "store_true", help = "Attempt to automatically determine profile")
-
-
-        ## Used to make sure we do not save our own options and options that are already saved
-        self._exclude_options = ["dest", "exclude_conf", "modify", "offsets", "auto"]
-
-        ## Used to store suggested profiles based on kdbg search
-        self.suglist = []
-
-        ## Used to save the generated configuration
-        self.new_config = ConfigParser.RawConfigParser()
-
-        ## Where to output the generated configuration file
-        self.save_location = self._config.DEST
-
-	## Used if we 'aborted' due to not wanting to overwrite an existing file
-	self.abort = False
-
-
-    def calculate(self):
-	## Stop executing if the user did not mean to overwrite the file
-	if os.path.isfile(self.save_location):
-		resp = raw_input("Are you sure you want to overwrite {}? [Y/n] ".format(self.save_location)) 
-		if resp.upper() == 'N':
-			self.abort = True
-			return # Not continuing 
-
-        ## Read from existing target configuration (if modifying)
-        if self._config.MODIFY:
-            self.new_config.read(self.save_location)
-
-
-        ## Attempt to automatically determine profile
-        if self._config.AUTO:
-            print("Determining profile based on KDBG search...")
-            self.suglist = [ s for s, _ in kdbgscan.KDBGScan.calculate(self)]
-            if self.suglist:
-                self.new_config.set("DEFAULT", "profile", self.suglist[0])
-                ## Update profile so --offsets will work
-                self._config.PROFILE = self.suglist[0]
-                self._exclude_options.append('profile')
-            else:
-                print("Failed to determine profile")
-
-        ## Read in current command line (precedence over settings in configs)
-        for key in self._config.opts:
-            if key not in self._exclude_options:
-                self.new_config.set("DEFAULT", key, self._config.opts[key])
-                ## Add to excluded list so we do not overwrite them later
-                self._exclude_options.append(key)
-
-        ## Save options from configuration files (unless excluded by user)
-        if self._config.EXCLUDE_CONF == False:
-            for key in self._config.cnf_opts:
-                if key not in self._exclude_options:
-                    self.new_config.set("DEFAULT", key, self._config.cnf_opts[key])
-
-        ## Get offsets (KDBG and DTB)
-        if self._config.OFFSETS:
-            addr_space = utils.load_as(self._config)
-            kdbg = tasks.get_kdbg(addr_space)
-            self.new_config.set("DEFAULT", "kdbg", str(kdbg.v()))
-            if hasattr(addr_space, "dtb"):
-                self.new_config.set("DEFAULT", "dtb", str(addr_space.dtb))
-
-
-        ## Ensure DTB and KDBG are converted properly at the last moment:
-        ## Note, volatility will convert these to int when read from CNF_OPTS
-        try:
-            kdbg = self.new_config.get("DEFAULT", "kdbg")
-            self.new_config.set("DEFAULT", "kdbg", str(hex(int(kdbg))))
-        except ConfigParser.NoOptionError:
-            pass
-        try:
-            dtb = self.new_config.get("DEFAULT", "dtb")
-            self.new_config.set("DEFAULT", "dtb", str(hex(int(dtb))))
-        except ConfigParser.NoOptionError:
-            pass
-
-
-        ## Write the new configuration file
-        with open(self.save_location, "wb") as configfile:
-            self.new_config.write(configfile)
-
-
-    def max_width(self):
-        """ Return length of the longest key and longest value """
-        max_key_width = 0
-        max_val_width = 0
-
-        for key, val in self.new_config.items("DEFAULT"):
-            max_key_width = max(len(str(key)), max_key_width)
-            max_val_width = max(len(str(val)), max_val_width)
-
-        return (str(max_key_width), str(max_val_width))
-
-    def render_text(self, outfd, data):
-        outfd.write("\n")
-	if self.abort:
-		print ("No configuration file created")
-	else:
-        	if len(self.suglist) > 1:
-            		outfd.write("Suggested profiles: {}\n".format(", ".join(self.suglist)))
-        	if self.suglist:
-           		outfd.write("Selected profile: {}\n\n".format(self.suglist[0]))
-
-		print ("Saved configuration options:")
-        	self.table_header(outfd, [("Option", self.max_width()[0]), ("Value", self.max_width()[1])])
-        	## Print out the final saved configuration
-        	for opt, val in self.new_config.items("DEFAULT"):
-            		self.table_row(outfd, opt, val)
-
-        	outfd.write("\nConfiguration saved to {}\n".format(self.save_location))
diff --git a/contrib/plugins/scanprof.py b/contrib/plugins/scanprof.py
deleted file mode 100644
index 59fd70bc2..000000000
--- a/contrib/plugins/scanprof.py
+++ /dev/null
@@ -1,58 +0,0 @@
-# Volatility
-#
-# Authors:
-# Mike Auty <mike.auty@gmail.com>
-#
-# This file is part of Volatility.
-#
-# Volatility is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Volatility is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-import sys
-import itertools
-import timeit
-
-class ScanProfInstance(object):
-    def __init__(self, func, *args):
-        self.func = func
-        self.args = args
-        self.results = []
-
-    def __call__(self):
-        self.results = self.func(*self.args)
-
-def permscan(self, address_space, offset = 0, maxlen = None):
-    times = []
-    # Run a warm-up scan to ensure the file is cached as much as possible
-    self.oldscan(address_space, offset, maxlen)
-
-    perms = list(itertools.permutations(self.checks))
-    for i in range(len(perms)):
-        self.checks = perms[i]
-        print "Running scan {0}/{1}...".format(i + 1, len(perms))
-        profobj = ScanProfInstance(self.oldscan, address_space, offset, maxlen)
-        value = timeit.timeit(profobj, number = self.repeats)
-        times.append((value, len(list(profobj.results)), i))
-
-    print "Scan results"
-    print "{0:20} | {1:7} | {2:6} | {3}".format("Time", "Results", "Perm #", "Ordering")
-    for val, l, ordering in sorted(times):
-        print "{0:20} | {1:7} | {2:6} | {3}".format(val, l, ordering, perms[ordering])
-    sys.exit(1)
-
-def ScanProfiler(cls, repeats = 3):
-    cls.repeats = repeats
-    cls.oldscan = cls.scan
-    cls.scan = permscan
-    return cls

From 3e145527ec5f4192ecda33d7cfd8f71c9eeeac41 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 8 Nov 2017 14:41:07 -0600
Subject: [PATCH 161/304] force boolean evaluation

---
 volatility/plugins/overlays/windows/windows.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index ddc5accb0..7cbd3bded 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -479,7 +479,7 @@ def Wow64Process(self):
         elif hasattr(self, "WoW64Process"):
             ret = self.m("WoW64Process")
         else:
-            ret = None
+            ret = 0
 
         return ret
 
@@ -487,7 +487,7 @@ def Wow64Process(self):
     def IsWow64(self):
         """Returns True if this is a wow64 process"""
         val = self.Wow64Process
-        return val and val.v() != None
+        return val != 0 and val.v() != None
 
     @property
     def SessionId(self):

From cb9e3e69eca3f29f48829d889f362db91c544be2 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Thu, 9 Nov 2017 14:03:45 -0600
Subject: [PATCH 162/304] Updates for WSL support (process names only)

---
 volatility/plugins/overlays/windows/win10.py  | 29 +++++++++++++++++++
 .../plugins/overlays/windows/windows.py       | 19 ++++++++++++
 volatility/plugins/volshell.py                |  2 +-
 3 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 37e04a2a0..f98ae1535 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -578,6 +578,35 @@ def modification(self, profile):
 
         profile.object_classes.update({"_OBJECT_HEADER": header})
 
+class WSLPicoModifcation(obj.ProfileModification): 
+    """Profile modification for Windows Subsystem for Linux, 
+    in particular the Pico process contexts"""
+
+    before = ['WindowsOverlay']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4, 
+                  'memory_model': lambda x: x == '64bit'}
+                  
+    def modification(self, profile):
+        
+        build = profile.metadata.get("build", 0)
+        
+        if build <= 14393:
+            # offsets for anniversary update
+            pico_context = {'_PICO_CONTEXT' : [ None, {
+                "Name": [ 0x178, ["_UNICODE_STRING"]]}]}
+        else:
+            # offsets for creators & fall creators  
+            pico_context = {'_PICO_CONTEXT' : [ None, {
+                "Name": [ 0x180, ["_UNICODE_STRING"]]}]}
+        
+        profile.vtypes.update(pico_context)
+        
+        profile.merge_overlay({'_EPROCESS': [ None, {
+            'PicoContext' : [ None, ['pointer', ['_PICO_CONTEXT']]],
+            }]})
+
 class Win10PoolHeader(obj.ProfileModification):
     before = ['WindowsOverlay']
     conditions = {'os': lambda x: x == 'windows',
diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index a460ba45d..4febe6c09 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -442,6 +442,25 @@ def IsWow64(self):
         """Returns True if this is a wow64 process"""
         return hasattr(self, 'Wow64Process') and self.Wow64Process.v() != 0
 
+    @property
+    def ImageFileName(self):
+        """Return the image's file name if its a normal 
+        Windows process. If its a Pico process (WSL) 
+        then derive the name from the PicoContext."""
+         
+        # more often than not, its a normal windows process
+        # so give this priority before we even check WSL 
+        name = self.m("ImageFileName")
+        
+        # WSL requires x64 but strangely the x86 types still
+        # contain PicoContext, but in those cases it always
+        # seems to be zeroed out
+        if (len(name) == 0 and 
+                hasattr(self, "PicoContext") and self.PicoContext != 0):
+            name = self.PicoContext.Name
+        
+        return name
+
     @property
     def SessionId(self):
         """Returns the Session ID of the process"""
diff --git a/volatility/plugins/volshell.py b/volatility/plugins/volshell.py
index 5899d4a25..870809a62 100644
--- a/volatility/plugins/volshell.py
+++ b/volatility/plugins/volshell.py
@@ -120,7 +120,7 @@ def set_context(self, offset = None, pid = None, name = None, physical = False):
         elif name is not None:
             offsets = []
             for p in self.getpidlist():
-                if p.ImageFileName.find(name) >= 0:
+                if str(p.ImageFileName).find(name) >= 0:
                     offsets.append(p)
             if not offsets:
                 print "Unable to find process matching name {0}".format(name)

From f1d1ed283f3052035d2fca85cb24500ad1d703e1 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Thu, 9 Nov 2017 16:29:44 -0600
Subject: [PATCH 163/304] Add support for windows fall creators (16299)

---
 volatility/plugins/bigpagepools.py            |     6 +-
 volatility/plugins/malware/svcscan.py         |    38 +-
 volatility/plugins/overlays/windows/win10.py  |    99 +-
 .../windows/win10_x64_16299_vtypes.py         | 14287 ++++++++++++++++
 .../windows/win10_x86_16299_vtypes.py         | 13696 +++++++++++++++
 5 files changed, 28121 insertions(+), 5 deletions(-)
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_16299_vtypes.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x86_16299_vtypes.py

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index 84e55ed93..fcf65863e 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328]],
             (6, 4, '32bit') : [[-168, -164]],
         }
 
@@ -119,7 +119,9 @@ def generate_suggestions(self):
                 
             if (table_base % 0x1000 == 0 and
                     self.obj_vm.is_valid_address(table_base) and
-                    table_size != 0 and table_size % 0x1000 == 0):
+                    table_size != 0 and 
+                    table_size % 0x1000 == 0 and 
+                    table_size < 0x1000000):
                 break
 
         debug.debug("Distance Map: {0}".format(repr(self.distance)))
diff --git a/volatility/plugins/malware/svcscan.py b/volatility/plugins/malware/svcscan.py
index 94ffa86ae..96f20c1e5 100644
--- a/volatility/plugins/malware/svcscan.py
+++ b/volatility/plugins/malware/svcscan.py
@@ -303,7 +303,7 @@ class Service10_15063x64(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows',
                   'major': lambda x: x == 6,
                   'minor': lambda x: x == 4,
-                  'build': lambda x: x == 15063,
+                  'build': lambda x: x >= 15063,
                   'memory_model': lambda x: x == '64bit'}
 
     def modification(self, profile):
@@ -320,6 +320,23 @@ def modification(self, profile):
             'Start' : [ 0x24, ['Enumeration', dict(target = 'long', choices = SERVICE_START_ENUM)]],
             } ],
         })
+        
+class Service10_16299x64(obj.ProfileModification):
+    """Service structures for Win10 16299 (Fall Creators)"""
+
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x64']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x == 16299,
+                  'memory_model': lambda x: x == '64bit'}
+
+    def modification(self, profile):
+        profile.merge_overlay({
+            '_SERVICE_PROCESS': [ None, {
+            'BinaryPath': [ 0x18, ['pointer', ['String', dict(encoding = 'utf16', length = 256)]]],
+            'ProcessId': [ 0x28, ['unsigned int']],
+            }]})
 
 class Service8x86(obj.ProfileModification):
     """Service structures for Win8/8.1 32-bit"""
@@ -357,7 +374,7 @@ class Service10_15063x86(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows',
                   'major': lambda x: x == 6,
                   'minor': lambda x: x == 4,
-                  'build': lambda x: x == 15063,
+                  'build': lambda x: x >= 15063,
                   'memory_model': lambda x: x == '32bit'}
 
     def modification(self, profile):
@@ -375,6 +392,23 @@ def modification(self, profile):
             'Start' : [ 0x18, ['Enumeration', dict(target = 'long', choices = SERVICE_START_ENUM)]],
             } ],
         })
+        
+class Service10_16299x86(obj.ProfileModification):
+    """Service structures for Win10 16299 (Fall Creators)"""
+
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x86']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x == 16299,
+                  'memory_model': lambda x: x == '32bit'}
+
+    def modification(self, profile):
+        profile.merge_overlay({
+            '_SERVICE_PROCESS': [ None, {
+            'BinaryPath': [ 0xc, ['pointer', ['String', dict(encoding = 'utf16', length = 256)]]],
+            'ProcessId': [ 0x14, ['unsigned int']],
+            }]})
 
 #--------------------------------------------------------------------------------
 # svcscan plugin 
diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 37e04a2a0..7f3f01523 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -533,6 +533,75 @@ class _OBJECT_HEADER_10_15063(_OBJECT_HEADER_10):
         61: 'VRegConfigurationContext'
     	}
     
+class _OBJECT_HEADER_10_16299(_OBJECT_HEADER_10):
+
+    type_map = {
+		2: 'Type',
+        3: 'Directory',
+        4: 'SymbolicLink',
+        5: 'Token',
+        6: 'Job',
+        7: 'Process',
+        8: 'Thread',
+        9: 'Partition',
+        10: 'UserApcReserve',
+        11: 'IoCompletionReserve',
+        12: 'ActivityReference',
+        13: 'PsSiloContextPaged',
+        14: 'PsSiloContextNonPaged',
+        15: 'DebugObject',
+        16: 'Event',
+        17: 'Mutant',
+        18: 'Callback',
+        19: 'Semaphore',
+        20: 'Timer',
+        21: 'IRTimer',
+        22: 'Profile',
+        23: 'KeyedEvent',
+        24: 'WindowStation',
+        25: 'Desktop',
+        26: 'Composition',
+        27: 'RawInputManager',
+        28: 'CoreMessaging',
+        29: 'TpWorkerFactory',
+        30: 'Adapter',
+        31: 'Controller',
+        32: 'Device',
+        33: 'Driver',
+        34: 'IoCompletion',
+        35: 'WaitCompletionPacket',
+        36: 'File',
+        37: 'TmTm',
+        38: 'TmTx',
+        39: 'TmRm',
+        40: 'TmEn',
+        41: 'Section',
+        42: 'Session',
+        43: 'Key',
+        44: 'RegistryTransaction',
+        45: 'ALPC Port',
+        46: 'EnergyTracker',
+        47: 'PowerRequest',
+        48: 'WmiGuid',
+        49: 'EtwRegistration',
+        50: 'EtwSessionDemuxEntry',
+        51: 'EtwConsumer',
+        52: 'DmaAdapter',
+        53: 'DmaDomain',
+        54: 'PcwObject',
+        55: 'FilterConnectionPort',
+        56: 'FilterCommunicationPort',
+        57: 'NdisCmState',
+        58: 'DxgkSharedResource',
+        59: 'DxgkSharedSyncObject',
+        60: 'DxgkSharedSwapChainObject',
+        61: 'DxgkDisplayManagerObject',
+        62: 'DxgkCurrentDxgProcessObject',
+        63: 'DxgkSharedProtectedSessionObject',
+        64: 'DxgkSharedBundleObject',
+        65: 'VRegConfigurationContext',
+    	}
+    
 class _HANDLE_TABLE_10_DD08DD42(win8._HANDLE_TABLE_81R264):
     
     def decode_pointer(self, value):
@@ -555,7 +624,15 @@ def modification(self, profile):
         metadata = profile.metadata
         build = metadata.get("build", 0)
 
-        if build >= 15063:
+        if build >= 16299:
+            header = _OBJECT_HEADER_10_16299
+
+            ## update the handle table here as well
+            if metadata.get("memory_model") == "64bit":
+                profile.object_classes.update({
+                    "_HANDLE_TABLE": _HANDLE_TABLE_10_DD08DD42})
+
+        elif build >= 15063:
             header = _OBJECT_HEADER_10_15063
 
             ## update the handle table here as well
@@ -696,6 +773,16 @@ class Win10x86_15063(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_15063_vtypes'
     _md_product = ["NtProductWinNt"]
 
+class Win10x86_16299(obj.Profile):
+    """ A Profile for Windows 10 x86 (10.0.16299.15 / 2017-09-29) """
+    _md_memory_model = '32bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 16299
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_16299_vtypes'
+    _md_product = ["NtProductWinNt"]
+
 class Win10x64_15063(obj.Profile):
     """ A Profile for Windows 10 x64 (10.0.15063.0 / 2017-04-04) """
     _md_memory_model = '64bit'
@@ -705,3 +792,13 @@ class Win10x64_15063(obj.Profile):
     _md_build = 15063
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_15063_vtypes'
     _md_product = ["NtProductWinNt"]
+    
+class Win10x64_16299(obj.Profile):
+    """ A Profile for Windows 10 x64 (10.0.16299.0 / 2017-09-22) """
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 16299
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_16299_vtypes'
+    _md_product = ["NtProductWinNt"]
diff --git a/volatility/plugins/overlays/windows/win10_x64_16299_vtypes.py b/volatility/plugins/overlays/windows/win10_x64_16299_vtypes.py
new file mode 100644
index 000000000..81effa394
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_16299_vtypes.py
@@ -0,0 +1,14287 @@
+ntkrnlmp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PS_MITIGATION_AUDIT_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgStateSeparationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'TelemetryCoverageRound' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_108b' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_108b']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_10a3' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_10a5' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_10a3']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_10a5']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['pointer64', ['void']]]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['pointer64', ['void']]]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x281, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0x18, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_1117' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1117']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x6b00, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x6980, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IdleState' : [ 0x23, ['unsigned char']],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'CpuType' : [ 0x40, ['unsigned char']],
+    'CpuID' : [ 0x41, ['unsigned char']],
+    'CpuStep' : [ 0x42, ['unsigned short']],
+    'CpuStepping' : [ 0x42, ['unsigned char']],
+    'CpuModel' : [ 0x43, ['unsigned char']],
+    'MHz' : [ 0x44, ['unsigned long']],
+    'HalReserved' : [ 0x48, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x88, ['unsigned short']],
+    'MajorVersion' : [ 0x8a, ['unsigned short']],
+    'BuildType' : [ 0x8c, ['unsigned char']],
+    'CpuVendor' : [ 0x8d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x8e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x8f, ['unsigned char']],
+    'PrcbPad04' : [ 0x90, ['array', 6, ['unsigned long long']]],
+    'ParentNode' : [ 0xc0, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0xc8, ['unsigned long long']],
+    'Group' : [ 0xd0, ['unsigned char']],
+    'GroupIndex' : [ 0xd1, ['unsigned char']],
+    'PrcbPad05' : [ 0xd2, ['array', 2, ['unsigned char']]],
+    'InitialApicId' : [ 0xd4, ['unsigned long']],
+    'ScbOffset' : [ 0xd8, ['unsigned long']],
+    'ApicMask' : [ 0xdc, ['unsigned long']],
+    'AcpiReserved' : [ 0xe0, ['pointer64', ['void']]],
+    'CFlushSize' : [ 0xe8, ['unsigned long']],
+    'BamFlags' : [ 0xec, ['long']],
+    'BamQosLevel' : [ 0xec, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'PendingQosUpdate' : [ 0xec, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'BamFlagsReserved' : [ 0xec, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'PrcbPad11' : [ 0xf0, ['array', 2, ['unsigned long long']]],
+    'ProcessorState' : [ 0x100, ['_KPROCESSOR_STATE']],
+    'PrcbPad12' : [ 0x6c0, ['array', 6, ['unsigned long long']]],
+    'LockQueue' : [ 0x6f0, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x800, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x900, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0x1500, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x2100, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PrcbPad20' : [ 0x2d00, ['unsigned long long']],
+    'DeferredReadyListHead' : [ 0x2d08, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2d10, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2d14, ['long']],
+    'MmTransitionCount' : [ 0x2d18, ['long']],
+    'MmDemandZeroCount' : [ 0x2d1c, ['long']],
+    'MmPageReadCount' : [ 0x2d20, ['long']],
+    'MmPageReadIoCount' : [ 0x2d24, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x2d28, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x2d2c, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x2d30, ['long']],
+    'MmMappedWriteIoCount' : [ 0x2d34, ['long']],
+    'KeSystemCalls' : [ 0x2d38, ['unsigned long']],
+    'KeContextSwitches' : [ 0x2d3c, ['unsigned long']],
+    'PrcbPad40' : [ 0x2d40, ['unsigned long']],
+    'CcFastReadNoWait' : [ 0x2d44, ['unsigned long']],
+    'CcFastReadWait' : [ 0x2d48, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x2d4c, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x2d50, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x2d54, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x2d58, ['unsigned long']],
+    'IoReadOperationCount' : [ 0x2d5c, ['long']],
+    'IoWriteOperationCount' : [ 0x2d60, ['long']],
+    'IoOtherOperationCount' : [ 0x2d64, ['long']],
+    'IoReadTransferCount' : [ 0x2d68, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x2d70, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x2d78, ['_LARGE_INTEGER']],
+    'PacketBarrier' : [ 0x2d80, ['long']],
+    'TargetCount' : [ 0x2d84, ['long']],
+    'IpiFrozen' : [ 0x2d88, ['unsigned long']],
+    'PrcbPad30' : [ 0x2d8c, ['unsigned long']],
+    'IsrDpcStats' : [ 0x2d90, ['pointer64', ['void']]],
+    'DeviceInterrupts' : [ 0x2d98, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x2d9c, ['long']],
+    'InterruptLastCount' : [ 0x2da0, ['unsigned long']],
+    'InterruptRate' : [ 0x2da4, ['unsigned long']],
+    'LastNonHrTimerExpiration' : [ 0x2da8, ['unsigned long long']],
+    'PrcbPad35' : [ 0x2db0, ['array', 2, ['unsigned long long']]],
+    'InterruptObjectPool' : [ 0x2dc0, ['_SLIST_HEADER']],
+    'PrcbPad41' : [ 0x2dd0, ['array', 6, ['unsigned long long']]],
+    'DpcData' : [ 0x2e00, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2e50, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2e58, ['long']],
+    'DpcRequestRate' : [ 0x2e5c, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x2e60, ['unsigned long']],
+    'DpcLastCount' : [ 0x2e64, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x2e68, ['unsigned char']],
+    'QuantumEnd' : [ 0x2e69, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x2e6a, ['unsigned char']],
+    'IdleSchedule' : [ 0x2e6b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x2e6c, ['long']],
+    'DpcRequestSlot' : [ 0x2e6c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x2e6c, ['short']],
+    'ThreadDpcState' : [ 0x2e6e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x2e6c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x2e6c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x2e6c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x2e6c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x2e6c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x2e6c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x2e6c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x2e6c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x2e6c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x2e6c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2e70, ['unsigned long']],
+    'LastTick' : [ 0x2e74, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2e78, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2e7c, ['unsigned long']],
+    'InterruptObject' : [ 0x2e80, ['array', 256, ['pointer64', ['void']]]],
+    'TimerTable' : [ 0x3680, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x5880, ['_KGATE']],
+    'PrcbPad52' : [ 0x5898, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x58a0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x58e0, ['long']],
+    'PrcbPad60' : [ 0x58e4, ['array', 2, ['unsigned char']]],
+    'NmiActive' : [ 0x58e6, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x58e8, ['long']],
+    'DpcWatchdogCount' : [ 0x58ec, ['long']],
+    'KeSpinLockOrdering' : [ 0x58f0, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x58f4, ['unsigned long']],
+    'CachedPtes' : [ 0x58f8, ['pointer64', ['void']]],
+    'WaitListHead' : [ 0x5900, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x5910, ['unsigned long long']],
+    'ReadySummary' : [ 0x5918, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x591c, ['long']],
+    'QueueIndex' : [ 0x5920, ['unsigned long']],
+    'PrcbPad75' : [ 0x5924, ['array', 3, ['unsigned long']]],
+    'TimerExpirationDpc' : [ 0x5930, ['_KDPC']],
+    'ScbQueue' : [ 0x5970, ['_RTL_RB_TREE']],
+    'DispatcherReadyListHead' : [ 0x5980, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x5b80, ['unsigned long']],
+    'KernelTime' : [ 0x5b84, ['unsigned long']],
+    'UserTime' : [ 0x5b88, ['unsigned long']],
+    'DpcTime' : [ 0x5b8c, ['unsigned long']],
+    'InterruptTime' : [ 0x5b90, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x5b94, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x5b98, ['unsigned char']],
+    'GroupSchedulingOverQuota' : [ 0x5b99, ['unsigned char']],
+    'DeepSleep' : [ 0x5b9a, ['unsigned char']],
+    'PrcbPad80' : [ 0x5b9b, ['unsigned char']],
+    'DpcTimeCount' : [ 0x5b9c, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x5ba0, ['unsigned long']],
+    'PeriodicCount' : [ 0x5ba4, ['unsigned long']],
+    'PeriodicBias' : [ 0x5ba8, ['unsigned long']],
+    'AvailableTime' : [ 0x5bac, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x5bb0, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x5bb4, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x5bb8, ['unsigned long long']],
+    'StartCycles' : [ 0x5bc0, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x5bc8, ['unsigned long long']],
+    'TaggedCycles' : [ 0x5bd0, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x5be0, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x5be8, ['unsigned long long']],
+    'ImportantCycles' : [ 0x5bf0, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x5bf8, ['unsigned long long']],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x5c00, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x5c04, ['long']],
+    'CachedStack' : [ 0x5c08, ['pointer64', ['void']]],
+    'PageColor' : [ 0x5c10, ['unsigned long']],
+    'NodeColor' : [ 0x5c14, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x5c18, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x5c1c, ['unsigned long']],
+    'PrcbPad81' : [ 0x5c20, ['array', 3, ['unsigned long long']]],
+    'CycleTime' : [ 0x5c38, ['unsigned long long']],
+    'Cycles' : [ 0x5c40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CcFastMdlReadNoWait' : [ 0x5c80, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x5c84, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x5c88, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x5c8c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x5c90, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x5c94, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x5c98, ['unsigned long']],
+    'CcPinReadWait' : [ 0x5c9c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x5ca0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x5ca4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x5ca8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x5cac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x5cb0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x5cb4, ['unsigned long']],
+    'CcDataPages' : [ 0x5cb8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x5cbc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x5cc0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x5cc4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x5cc8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x5ccc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x5cd0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x5cd4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x5cd8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x5cdc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x5ce0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x5ce4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x5ce8, ['long']],
+    'MmCacheReadCount' : [ 0x5cec, ['long']],
+    'MmCacheIoCount' : [ 0x5cf0, ['long']],
+    'PrcbPad91' : [ 0x5cf4, ['array', 3, ['unsigned long']]],
+    'PowerState' : [ 0x5d00, ['_PROCESSOR_POWER_STATE']],
+    'HyperPte' : [ 0x5f00, ['pointer64', ['void']]],
+    'ScbList' : [ 0x5f08, ['_LIST_ENTRY']],
+    'ForceIdleDpc' : [ 0x5f18, ['_KDPC']],
+    'DpcWatchdogDpc' : [ 0x5f58, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x5f98, ['_KTIMER']],
+    'Cache' : [ 0x5fd8, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x6014, ['unsigned long']],
+    'CachedCommit' : [ 0x6018, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x601c, ['unsigned long']],
+    'WheaInfo' : [ 0x6020, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x6028, ['pointer64', ['void']]],
+    'ExSaPageArray' : [ 0x6030, ['pointer64', ['void']]],
+    'KeAlignmentFixupCount' : [ 0x6038, ['unsigned long']],
+    'PrcbPad95' : [ 0x603c, ['unsigned long']],
+    'HypercallPageList' : [ 0x6040, ['_SLIST_HEADER']],
+    'StatisticsPage' : [ 0x6050, ['pointer64', ['unsigned long long']]],
+    'PrcbPad85' : [ 0x6058, ['array', 5, ['unsigned long long']]],
+    'HypercallCachedPages' : [ 0x6080, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x6088, ['pointer64', ['void']]],
+    'PackageProcessorSet' : [ 0x6090, ['_KAFFINITY_EX']],
+    'PrcbPad86' : [ 0x6138, ['unsigned long long']],
+    'SharedReadyQueueMask' : [ 0x6140, ['unsigned long long']],
+    'SharedReadyQueue' : [ 0x6148, ['pointer64', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x6150, ['unsigned long']],
+    'ScanSiblingIndex' : [ 0x6154, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x6158, ['unsigned long long']],
+    'ScanSiblingMask' : [ 0x6160, ['unsigned long long']],
+    'LLCMask' : [ 0x6168, ['unsigned long long']],
+    'CacheProcessorMask' : [ 0x6170, ['array', 5, ['unsigned long long']]],
+    'ProcessorProfileControlArea' : [ 0x6198, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x61a0, ['pointer64', ['void']]],
+    'DpcWatchdogProfile' : [ 0x61a8, ['pointer64', ['pointer64', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x61b0, ['pointer64', ['pointer64', ['void']]]],
+    'SchedulerAssist' : [ 0x61b8, ['pointer64', ['void']]],
+    'SynchCounters' : [ 0x61c0, ['_SYNCH_COUNTERS']],
+    'PrcbPad94' : [ 0x6278, ['unsigned long long']],
+    'FsCounters' : [ 0x6280, ['_FILESYSTEM_DISK_COUNTERS']],
+    'VendorString' : [ 0x6290, ['array', 13, ['unsigned char']]],
+    'PrcbPad100' : [ 0x629d, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x62a0, ['unsigned long long']],
+    'UpdateSignature' : [ 0x62a8, ['_LARGE_INTEGER']],
+    'PteBitCache' : [ 0x62b0, ['unsigned long long']],
+    'PteBitOffset' : [ 0x62b8, ['unsigned long']],
+    'PrcbPad105' : [ 0x62bc, ['unsigned long']],
+    'Context' : [ 0x62c0, ['pointer64', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x62c8, ['unsigned long']],
+    'PrcbPad115' : [ 0x62cc, ['unsigned long']],
+    'ExtendedState' : [ 0x62d0, ['pointer64', ['_XSAVE_AREA']]],
+    'IsrStack' : [ 0x62d8, ['pointer64', ['void']]],
+    'EntropyTimingState' : [ 0x62e0, ['_KENTROPY_TIMING_STATE']],
+    'AbSelfIoBoostsList' : [ 0x6430, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x6438, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x6440, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x6480, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x64d4, ['_IOP_IRP_STACK_PROFILER']],
+    'SecureFault' : [ 0x6528, ['_KSECURE_FAULT_INFORMATION']],
+    'PrcbPad120' : [ 0x6538, ['unsigned long long']],
+    'LocalSharedReadyQueue' : [ 0x6540, ['_KSHARED_READY_QUEUE']],
+    'PrcbPad125' : [ 0x67b0, ['array', 2, ['unsigned long long']]],
+    'TimerExpirationTraceCount' : [ 0x67c0, ['unsigned long']],
+    'PrcbPad127' : [ 0x67c4, ['unsigned long']],
+    'TimerExpirationTrace' : [ 0x67c8, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'PrcbPad128' : [ 0x68c8, ['array', 7, ['unsigned long long']]],
+    'Mailbox' : [ 0x6900, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'PrcbPad130' : [ 0x6908, ['array', 7, ['unsigned long long']]],
+    'RequestMailbox' : [ 0x6940, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KFLOATING_SAVE' : [ 0x4, {
+    'Dummy' : [ 0x0, ['unsigned long']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '__unnamed_1222' : [ 0x8, {
+    'SecureProcess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '__unnamed_1224' : [ 0x8, {
+    'SecureHandle' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x0, ['__unnamed_1222']],
+} ],
+  '_KPROCESS' : [ 0x2d8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x44, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x48, ['unsigned long long']],
+    'Affinity' : [ 0x50, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x110, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x1b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x1b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x1b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'DeepFreeze' : [ 0x1b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x1b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x1b8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x1b8, ['BitField', dict(start_bit = 6, end_bit = 9, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x1b8, ['BitField', dict(start_bit = 9, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x1b8, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x1b8, ['long']],
+    'BasePriority' : [ 0x1bc, ['unsigned char']],
+    'QuantumReset' : [ 0x1bd, ['unsigned char']],
+    'Visited' : [ 0x1be, ['unsigned char']],
+    'Flags' : [ 0x1bf, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x1c0, ['array', 20, ['unsigned long']]],
+    'IdealNode' : [ 0x210, ['array', 20, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x238, ['unsigned short']],
+    'Spare1' : [ 0x23a, ['unsigned short']],
+    'StackCount' : [ 0x23c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x240, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x250, ['unsigned long long']],
+    'ContextSwitches' : [ 0x258, ['unsigned long long']],
+    'SchedulingGroup' : [ 0x260, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'FreezeCount' : [ 0x268, ['unsigned long']],
+    'KernelTime' : [ 0x26c, ['unsigned long']],
+    'UserTime' : [ 0x270, ['unsigned long']],
+    'ReadyTime' : [ 0x274, ['unsigned long']],
+    'Spare2' : [ 0x278, ['array', 80, ['unsigned char']]],
+    'InstrumentationCallback' : [ 0x2c8, ['pointer64', ['void']]],
+    'SecureState' : [ 0x2d0, ['__unnamed_1224']],
+} ],
+  '_KTHREAD' : [ 0x5f0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'StackBase' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'CycleTime' : [ 0x48, ['unsigned long long']],
+    'CurrentRunTime' : [ 0x50, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
+    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
+    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x71, ['unsigned char']],
+    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x74, ['long']],
+    'BamQosLevel' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x78, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x78, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x78, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'VpBackingThread' : [ 0x78, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x78, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x78, ['long']],
+    'Tag' : [ 0x7c, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x7d, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x7f, ['unsigned char']],
+    'SystemCallNumber' : [ 0x80, ['unsigned long']],
+    'ReadyTime' : [ 0x84, ['unsigned long']],
+    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
+    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x98, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0xc3, ['unsigned char']],
+    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
+    'WaitStatus' : [ 0xc8, ['long long']],
+    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xf0, ['pointer64', ['void']]],
+    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
+    'Timer' : [ 0x100, ['_KTIMER']],
+    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
+    'ContextSwitches' : [ 0x154, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
+    'State' : [ 0x184, ['unsigned char']],
+    'Spare13' : [ 0x185, ['unsigned char']],
+    'WaitIrql' : [ 0x186, ['unsigned char']],
+    'WaitMode' : [ 0x187, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
+    'WaitTime' : [ 0x1b4, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1e4, ['short']],
+    'SpecialApcDisable' : [ 0x1e6, ['short']],
+    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
+    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
+    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
+    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
+    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
+    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
+    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'Spare21' : [ 0x200, ['pointer64', ['void']]],
+    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x218, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x21c, ['long']],
+    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
+    'PreviousMode' : [ 0x232, ['unsigned char']],
+    'BasePriority' : [ 0x233, ['unsigned char']],
+    'PriorityDecrement' : [ 0x234, ['unsigned char']],
+    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x235, ['unsigned char']],
+    'AdjustReason' : [ 0x236, ['unsigned char']],
+    'AdjustIncrement' : [ 0x237, ['unsigned char']],
+    'AffinityVersion' : [ 0x238, ['unsigned long long']],
+    'Affinity' : [ 0x240, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x240, ['array', 10, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x24a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x24b, ['unsigned char']],
+    'IdealProcessor' : [ 0x24c, ['unsigned long']],
+    'NpxState' : [ 0x250, ['unsigned long long']],
+    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x283, ['unsigned char']],
+    'SuspendCount' : [ 0x284, ['unsigned char']],
+    'Saturation' : [ 0x285, ['unsigned char']],
+    'SListFaultCount' : [ 0x286, ['unsigned short']],
+    'SchedulerApc' : [ 0x288, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x289, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x28b, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x28c, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
+    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
+    'UserTime' : [ 0x2dc, ['unsigned long']],
+    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x318, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x319, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x31a, ['unsigned char']],
+    'Spare20' : [ 0x31b, ['unsigned char']],
+    'SecureThreadCookie' : [ 0x31c, ['unsigned long']],
+    'LockEntries' : [ 0x320, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x568, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x570, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x580, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x584, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x588, ['long']],
+    'KeReferenceCount' : [ 0x58c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x58e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x58f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x590, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x598, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x598, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x5a0, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x5a8, ['long long']],
+    'WriteOperationCount' : [ 0x5b0, ['long long']],
+    'OtherOperationCount' : [ 0x5b8, ['long long']],
+    'ReadTransferCount' : [ 0x5c0, ['long long']],
+    'WriteTransferCount' : [ 0x5c8, ['long long']],
+    'OtherTransferCount' : [ 0x5d0, ['long long']],
+    'QueuedScb' : [ 0x5d8, ['pointer64', ['_KSCB']]],
+    'ThreadTimerDelay' : [ 0x5e0, ['unsigned long']],
+    'ThreadFlags2' : [ 0x5e4, ['long']],
+    'PpmPolicy' : [ 0x5e4, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlags2Reserved' : [ 0x5e4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'SchedulerAssist' : [ 0x5e8, ['pointer64', ['void']]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x30, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'ActualLimit' : [ 0x8, ['unsigned long long']],
+    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_1293' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'HeaderX64' : [ 0x0, ['__unnamed_1293']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x140, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long long']],
+    'IdleSmtSet' : [ 0x8, ['unsigned long long']],
+    'IdleCpuSet' : [ 0x10, ['unsigned long long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long long']],
+    'IdleConstrainedSet' : [ 0x48, ['unsigned long long']],
+    'NonParkedSet' : [ 0x50, ['unsigned long long']],
+    'ParkLock' : [ 0x58, ['long']],
+    'Seed' : [ 0x5c, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x88, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x88, ['array', 10, ['unsigned char']]],
+    'NodeNumber' : [ 0x92, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x94, ['unsigned short']],
+    'Stride' : [ 0x96, ['unsigned char']],
+    'Spare0' : [ 0x97, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x98, ['unsigned long long']],
+    'ProximityId' : [ 0xa0, ['unsigned long']],
+    'Lowest' : [ 0xa4, ['unsigned long']],
+    'Highest' : [ 0xa8, ['unsigned long']],
+    'MaximumProcessors' : [ 0xac, ['unsigned char']],
+    'Flags' : [ 0xad, ['_flags']],
+    'Spare10' : [ 0xae, ['unsigned char']],
+    'HeteroSets' : [ 0xb0, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+    'PpmConfiguredQosSets' : [ 0x128, ['array', 3, ['unsigned long long']]],
+} ],
+  '_ENODE' : [ 0x180, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'HotAddProcessorWorkItem' : [ 0x140, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long long']],
+    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x2c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
+    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'VolatileLowValue' : [ 0x0, ['long long']],
+    'LowValue' : [ 0x0, ['long long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x8, ['long long']],
+    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
+    'RefCountField' : [ 0x0, ['long long']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
+    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+    'Spare2' : [ 0xc, ['unsigned long']],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_137e' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_137e']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xe0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x818, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x5f0, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x5f8, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x5f8, ['_LIST_ENTRY']],
+    'PostBlockList' : [ 0x608, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x608, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x610, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x618, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x618, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x618, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x620, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x628, ['_LIST_ENTRY']],
+    'Cid' : [ 0x638, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x648, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x648, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x668, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x670, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x680, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x688, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x690, ['pointer64', ['void']]],
+    'ChargeOnlySession' : [ 0x698, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x6a0, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x6a8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x6b8, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x6c0, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x6c8, ['unsigned long']],
+    'MmLockOrdering' : [ 0x6cc, ['long']],
+    'CrossThreadFlags' : [ 0x6d0, ['unsigned long']],
+    'Terminated' : [ 0x6d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x6d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x6d0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x6d0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x6d0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x6d0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x6d0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x6d0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x6d0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x6d0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x6d0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x6d0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x6d0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6d0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x6d0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x6d0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x6d0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x6d0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ForcedSelfTrimActive' : [ 0x6d0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x6d0, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x6d4, ['unsigned long']],
+    'ActiveExWorker' : [ 0x6d4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x6d4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x6d4, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x6d4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x6d4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x6d4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x6d4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x6d4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SecureContext' : [ 0x6d4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ZeroPageThread' : [ 0x6d4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x6d4, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x6d8, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x6d8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x6d8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x6d8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x6d8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x6d8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x6d8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x6d8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x6d8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x6d9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x6d9, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'AllowWritesToExecutableMemory' : [ 0x6d9, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x6dc, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x6dd, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x6de, ['unsigned char']],
+    'LockOrderState' : [ 0x6df, ['unsigned char']],
+    'AlpcMessageId' : [ 0x6e0, ['unsigned long long']],
+    'AlpcMessage' : [ 0x6e8, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x6e8, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x6f0, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x700, ['long']],
+    'CacheManagerCount' : [ 0x704, ['unsigned long']],
+    'IoBoostCount' : [ 0x708, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x70c, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x710, ['unsigned long']],
+    'BoostList' : [ 0x718, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x728, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x738, ['unsigned long long']],
+    'IrpListLock' : [ 0x740, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x748, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x750, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x758, ['pointer64', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x760, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x768, ['pointer64', ['void']]],
+    'KernelStackReference' : [ 0x770, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x778, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x780, ['pointer64', ['void']]],
+    'PropertySet' : [ 0x788, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x7a0, ['pointer64', ['void']]],
+    'UserFsBase' : [ 0x7a8, ['unsigned long long']],
+    'UserGsBase' : [ 0x7b0, ['unsigned long long']],
+    'EnergyValues' : [ 0x7b8, ['pointer64', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x7c0, ['pointer64', ['void']]],
+    'SelectedCpuSets' : [ 0x7c8, ['unsigned long long']],
+    'SelectedCpuSetsIndirect' : [ 0x7c8, ['pointer64', ['unsigned long long']]],
+    'Silo' : [ 0x7d0, ['pointer64', ['_EJOB']]],
+    'ThreadName' : [ 0x7d8, ['pointer64', ['_UNICODE_STRING']]],
+    'SetContextState' : [ 0x7e0, ['pointer64', ['_CONTEXT']]],
+    'LastExpectedRunTime' : [ 0x7e8, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x7f0, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x800, ['unsigned long long']],
+    'DisownedOwnerEntryListHead' : [ 0x808, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_13d5' : [ 0x4, {
+    'ControlFlowGuardEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditDisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'AuditDisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'AuditProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'AuditProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinaries' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinariesAllowStore' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AuditLoaderIntegrityContinuity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'EnableModuleTamperingProtection' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'EnableModuleTamperingProtectionNoInherit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+} ],
+  '__unnamed_13d7' : [ 0x4, {
+    'EnableExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AuditExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'EnableRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuditRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuditRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'EnableRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AuditRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'EnableImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_EPROCESS' : [ 0x838, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x2d8, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0x2e0, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x2e8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x2f8, ['_EX_RUNDOWN_REF']],
+    'Flags2' : [ 0x300, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PicoCreated' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'EnableReadVmLogging' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'EnableWriteVmLogging' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'InPrivate' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x304, ['unsigned long']],
+    'CreateReported' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x304, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ManageExecutableMemoryWrites' : [ 0x304, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x304, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x304, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x304, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0x304, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x304, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x304, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x304, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x304, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x304, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x304, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x304, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x304, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0x304, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x304, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x304, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x304, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x304, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0x304, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x304, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x304, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x304, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x304, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0x308, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x320, ['array', 2, ['unsigned long long']]],
+    'PeakVirtualSize' : [ 0x330, ['unsigned long long']],
+    'VirtualSize' : [ 0x338, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x340, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x350, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x350, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x350, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Token' : [ 0x358, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x360, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x368, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x370, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x378, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x380, ['pointer64', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x388, ['pointer64', ['_EJOB']]],
+    'CloneRoot' : [ 0x390, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x398, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x3a0, ['unsigned long long']],
+    'Win32Process' : [ 0x3a8, ['pointer64', ['void']]],
+    'Job' : [ 0x3b0, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x3b8, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x3c0, ['pointer64', ['void']]],
+    'Cookie' : [ 0x3c8, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x3d0, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x3d8, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x3e0, ['pointer64', ['void']]],
+    'LdtInformation' : [ 0x3e8, ['pointer64', ['void']]],
+    'OwnerProcessId' : [ 0x3f0, ['unsigned long long']],
+    'Peb' : [ 0x3f8, ['pointer64', ['_PEB']]],
+    'Session' : [ 0x400, ['pointer64', ['_MM_SESSION_SPACE']]],
+    'AweInfo' : [ 0x408, ['pointer64', ['void']]],
+    'QuotaBlock' : [ 0x410, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x418, ['pointer64', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x420, ['pointer64', ['void']]],
+    'WoW64Process' : [ 0x428, ['pointer64', ['_EWOW64PROCESS']]],
+    'DeviceMap' : [ 0x430, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x438, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x440, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x448, ['pointer64', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x450, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x45f, ['unsigned char']],
+    'SecurityPort' : [ 0x460, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x468, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x470, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x480, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x488, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x498, ['unsigned long']],
+    'ImagePathHash' : [ 0x49c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x4a0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x4a4, ['long']],
+    'PrefetchTrace' : [ 0x4a8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x4b0, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x4b8, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x4c0, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x4c8, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x4d0, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x4d8, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x4e0, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x4e8, ['unsigned long long']],
+    'CommitCharge' : [ 0x4f0, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x4f8, ['unsigned long long']],
+    'Vm' : [ 0x500, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x610, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x620, ['unsigned long']],
+    'ExitStatus' : [ 0x624, ['long']],
+    'VadRoot' : [ 0x628, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x630, ['pointer64', ['void']]],
+    'VadCount' : [ 0x638, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x640, ['unsigned long long']],
+    'VadPhysicalPagesLimit' : [ 0x648, ['unsigned long long']],
+    'AlpcContext' : [ 0x650, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x670, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x680, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x688, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x68c, ['unsigned long']],
+    'ExitTime' : [ 0x690, ['_LARGE_INTEGER']],
+    'InvertedFunctionTable' : [ 0x698, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
+    'InvertedFunctionTableLock' : [ 0x6a0, ['_EX_PUSH_LOCK']],
+    'ActiveThreadsHighWatermark' : [ 0x6a8, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x6ac, ['unsigned long']],
+    'ThreadListLock' : [ 0x6b0, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x6b8, ['pointer64', ['void']]],
+    'ServerSilo' : [ 0x6c0, ['pointer64', ['_EJOB']]],
+    'SignatureLevel' : [ 0x6c8, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x6c9, ['unsigned char']],
+    'Protection' : [ 0x6ca, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x6cb, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'GhostCount' : [ 0x6cb, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Flags3' : [ 0x6cc, ['unsigned long']],
+    'Minimal' : [ 0x6cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x6cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Crashed' : [ 0x6cc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x6cc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x6cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x6cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x6cc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6cc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x6cc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x6cc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x6cc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x6cc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SystemProcess' : [ 0x6cc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'HideImageBaseAddresses' : [ 0x6cc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x6d0, ['long']],
+    'SvmData' : [ 0x6d8, ['pointer64', ['void']]],
+    'SvmProcessLock' : [ 0x6e0, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x6e8, ['unsigned long long']],
+    'SvmProcessDeviceListHead' : [ 0x6f0, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x700, ['unsigned long long']],
+    'DiskCounters' : [ 0x708, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x710, ['pointer64', ['void']]],
+    'TrustletIdentity' : [ 0x718, ['unsigned long long']],
+    'EnclaveTable' : [ 0x720, ['pointer64', ['void']]],
+    'EnclaveNumber' : [ 0x728, ['unsigned long long']],
+    'EnclaveLock' : [ 0x730, ['_EX_PUSH_LOCK']],
+    'HighPriorityFaultsAllowed' : [ 0x738, ['unsigned long']],
+    'EnergyContext' : [ 0x740, ['pointer64', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x748, ['pointer64', ['void']]],
+    'SequenceNumber' : [ 0x750, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x758, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x760, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x768, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x770, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x778, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x778, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x780, ['unsigned long long']],
+    'SharedCommitLock' : [ 0x788, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x790, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x7a0, ['unsigned long long']],
+    'DefaultCpuSets' : [ 0x7a8, ['unsigned long long']],
+    'AllowedCpuSetsIndirect' : [ 0x7a0, ['pointer64', ['unsigned long long']]],
+    'DefaultCpuSetsIndirect' : [ 0x7a8, ['pointer64', ['unsigned long long']]],
+    'DiskIoAttribution' : [ 0x7b0, ['pointer64', ['void']]],
+    'DxgProcess' : [ 0x7b8, ['pointer64', ['void']]],
+    'Win32KFilterSet' : [ 0x7c0, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x7c8, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x7d0, ['unsigned long']],
+    'KTimer2Sets' : [ 0x7d4, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x7d8, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x7e0, ['unsigned long long']],
+    'VirtualTimerListHead' : [ 0x7e8, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x7f8, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x7f8, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'MitigationFlags' : [ 0x828, ['unsigned long']],
+    'MitigationFlagsValues' : [ 0x828, ['__unnamed_13d5']],
+    'MitigationFlags2' : [ 0x82c, ['unsigned long']],
+    'MitigationFlags2Values' : [ 0x82c, ['__unnamed_13d7']],
+    'PartitionObject' : [ 0x830, ['pointer64', ['void']]],
+} ],
+  '_EWOW64PROCESS' : [ 0x10, {
+    'Peb' : [ 0x0, ['pointer64', ['void']]],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'NtdllType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PsNativeSystemDll', 1: u'PsWowX86SystemDll', 2: u'PsWowArm32SystemDll', 3: u'PsWowAmd64SystemDll', 4: u'PsWowChpeX86SystemDll', 5: u'PsVsmEnclaveRuntimeDll', 6: u'PsSystemDllTotalTypes'})]],
+} ],
+  '__unnamed_13f7' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13fd' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13ff' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13fd']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1408' : [ 0x58, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '__unnamed_140a' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_1408']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_13f7']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_13ff']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_140a']],
+} ],
+  '__unnamed_1411' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1415' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_1419' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_141b' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_141f' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1421' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1425' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+    'DirectoryNotifyInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'DirectoryNotifyInformation', 2: u'DirectoryNotifyExtendedInformation'})]],
+} ],
+  '__unnamed_1427' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_1429' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_142b' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_142d' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1431' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_1433' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1435' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1437' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1439' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_143b' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_143f' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_1443' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1447' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_144b' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_144f' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1453' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1457' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1459' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_145b' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_145f' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_1463' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1467' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_146b' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_146f' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1477' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_147b' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_147d' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_147f' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1481' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_1411']],
+    'CreatePipe' : [ 0x0, ['__unnamed_1415']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_1419']],
+    'Read' : [ 0x0, ['__unnamed_141b']],
+    'Write' : [ 0x0, ['__unnamed_141b']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_141f']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_1421']],
+    'NotifyDirectoryEx' : [ 0x0, ['__unnamed_1425']],
+    'QueryFile' : [ 0x0, ['__unnamed_1427']],
+    'SetFile' : [ 0x0, ['__unnamed_1429']],
+    'QueryEa' : [ 0x0, ['__unnamed_142b']],
+    'SetEa' : [ 0x0, ['__unnamed_142d']],
+    'QueryVolume' : [ 0x0, ['__unnamed_1431']],
+    'SetVolume' : [ 0x0, ['__unnamed_1431']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_1433']],
+    'LockControl' : [ 0x0, ['__unnamed_1435']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1437']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1439']],
+    'SetSecurity' : [ 0x0, ['__unnamed_143b']],
+    'MountVolume' : [ 0x0, ['__unnamed_143f']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_143f']],
+    'Scsi' : [ 0x0, ['__unnamed_1443']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1447']],
+    'SetQuota' : [ 0x0, ['__unnamed_142d']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_144b']],
+    'QueryInterface' : [ 0x0, ['__unnamed_144f']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_1453']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1457']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1459']],
+    'SetLock' : [ 0x0, ['__unnamed_145b']],
+    'QueryId' : [ 0x0, ['__unnamed_145f']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_1463']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1467']],
+    'WaitWake' : [ 0x0, ['__unnamed_146b']],
+    'PowerSequence' : [ 0x0, ['__unnamed_146f']],
+    'Power' : [ 0x0, ['__unnamed_1477']],
+    'StartDevice' : [ 0x0, ['__unnamed_147b']],
+    'WMI' : [ 0x0, ['__unnamed_147d']],
+    'Others' : [ 0x0, ['__unnamed_147f']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_1481']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1497' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_1497']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x28, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x20, ['pointer64', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x620, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
+    'TotalProcesses' : [ 0xd4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
+    'LimitFlags' : [ 0x100, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
+    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
+    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
+    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
+    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
+    'SessionId' : [ 0x1e0, ['unsigned long']],
+    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
+    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
+    'JobTotalMemoryLimit' : [ 0x250, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x258, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x260, ['unsigned long long']],
+    'EffectiveAffinity' : [ 0x268, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x310, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x318, ['unsigned long long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x320, ['unsigned long long']],
+    'EffectiveProcessMemoryLimit' : [ 0x328, ['unsigned long long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x338, ['pointer64', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x340, ['pointer64', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x348, ['pointer64', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x350, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x354, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x358, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x35c, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x360, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x364, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x368, ['unsigned char']],
+    'PriorityClass' : [ 0x369, ['unsigned char']],
+    'NestingDepth' : [ 0x36a, ['unsigned char']],
+    'Reserved1' : [ 0x36b, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x36c, ['unsigned long']],
+    'WakeChannel' : [ 0x370, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x370, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x3b8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x3c0, ['unsigned long']],
+    'NotificationLink' : [ 0x3c8, ['pointer64', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x3d0, ['unsigned long long']],
+    'NotificationInfo' : [ 0x3d8, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x3e0, ['pointer64', ['void']]],
+    'NotificationPacket' : [ 0x3e8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x3f0, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x3f8, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x400, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x408, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x410, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x420, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x430, ['pointer64', ['_EJOB']]],
+    'RootJob' : [ 0x438, ['pointer64', ['_EJOB']]],
+    'IteratorListHead' : [ 0x440, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x450, ['unsigned long long']],
+    'Ancestors' : [ 0x458, ['pointer64', ['pointer64', ['_EJOB']]]],
+    'SessionObject' : [ 0x458, ['pointer64', ['void']]],
+    'Accounting' : [ 0x460, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x4b8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x4bc, ['unsigned long']],
+    'SequenceNumber' : [ 0x4c0, ['unsigned long']],
+    'JobId' : [ 0x4c4, ['unsigned long']],
+    'ContainerId' : [ 0x4c8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x4d8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x4e8, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x4f0, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x508, ['pointer64', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x510, ['pointer64', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x518, ['unsigned long']],
+    'CloseDone' : [ 0x518, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x518, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x518, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x518, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x518, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x518, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x518, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x518, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x518, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x518, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x518, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x518, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x518, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x518, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x518, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x518, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x518, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x518, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x518, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x518, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x518, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x518, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x518, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x518, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x51c, ['unsigned long']],
+    'ParentLocked' : [ 0x51c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x51c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x51c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x520, ['pointer64', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x528, ['unsigned long long']],
+    'DiskIoAttributionUserRefCount' : [ 0x530, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x534, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x538, ['pointer64', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x538, ['pointer64', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x540, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x568, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x5a0, ['long']],
+    'VolumeIoControlTree' : [ 0x5a8, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x5b8, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x5c0, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x5c4, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x5c8, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x5cc, ['unsigned long']],
+    'LastThrottledIoTime' : [ 0x5d0, ['unsigned long long']],
+    'IoControlLock' : [ 0x5d8, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x5e0, ['unsigned long long']],
+    'RundownWorkItem' : [ 0x5e8, ['_WORK_QUEUE_ITEM']],
+    'PartitionObject' : [ 0x608, ['pointer64', ['void']]],
+    'PartitionOwnerJob' : [ 0x610, ['pointer64', ['_EJOB']]],
+    'EnergyTrackingState' : [ 0x618, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x70, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x60, ['pointer64', ['void']]],
+    'UserContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x1b0, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'Oplock' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '_RTL_HASH_TABLE' : [ 0x10, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x10, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0x18, {
+    'Hash' : [ 0x0, ['pointer64', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x8, ['pointer64', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x10, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x18, {
+    'Table' : [ 0x0, ['pointer64', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x8, ['unsigned long']],
+    'EntryMax' : [ 0xc, ['unsigned long']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x8, {
+    'Key' : [ 0x0, ['unsigned long long']],
+} ],
+  '_TlgProvider_t' : [ 0x40, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+    'AnnotationFunc' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_16eb' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_16eb']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0x10, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x8, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0xc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
+    'WaiterPriority' : [ 0x1b, ['unsigned char']],
+    'SharedWaiters' : [ 0x20, ['pointer64', ['void']]],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['void']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x50, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer64', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0x18, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x20, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x28, ['unsigned long long']],
+    'NumberOfReferences' : [ 0x30, ['unsigned long long']],
+    'CloneHeader' : [ 0x38, ['pointer64', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x40, ['unsigned long long']],
+    'NestingLevel' : [ 0x48, ['unsigned long long']],
+} ],
+  '__unnamed_172b' : [ 0x8, {
+    'NextSlistPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
+    'Active' : [ 0x0, ['_MI_ACTIVE_PFN']],
+} ],
+  '__unnamed_1730' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_1732' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1734' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_1730']],
+    'e4' : [ 0x0, ['__unnamed_1732']],
+} ],
+  '__unnamed_1740' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'Channel' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 50, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 52, native_type='unsigned long long')]],
+    'FileOnly' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_172b']],
+    'PteAddress' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x8, ['pointer64', ['void']]],
+    'PteLong' : [ 0x8, ['unsigned long long']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'u2' : [ 0x18, ['_MIPFNBLINK']],
+    'u3' : [ 0x20, ['__unnamed_1734']],
+    'NodeBlinkLow' : [ 0x24, ['unsigned short']],
+    'Unused' : [ 0x26, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Unused2' : [ 0x26, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ViewCount' : [ 0x27, ['unsigned char']],
+    'NodeFlinkLow' : [ 0x27, ['unsigned char']],
+    'u4' : [ 0x28, ['__unnamed_1740']],
+} ],
+  '__unnamed_174b' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_174f' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x48, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_174b']],
+    'u2' : [ 0x38, ['__unnamed_174f']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_1754' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_1757' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS2']],
+} ],
+  '__unnamed_175f' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'LargePage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 23, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_1761' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_175f']],
+} ],
+  '__unnamed_1763' : [ 0x8, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x80, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_1754']],
+    'u1' : [ 0x3c, ['__unnamed_1757']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_1761']],
+    'FileObjectLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x70, ['unsigned long long']],
+    'u3' : [ 0x78, ['__unnamed_1763']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x68, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSpecialPoolNonPaged', 14: u'MiVaSystemPtesLarge', 15: u'MiVaKernelStacks', 16: u'MiVaMaximumType'})]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x30, ['unsigned long long']],
+    'GlobalPushLock' : [ 0x30, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'Vm' : [ 0x38, ['pointer64', ['_MMSUPPORT_INSTANCE']]],
+    'TotalSystemPtes' : [ 0x40, ['unsigned long long']],
+    'Hint' : [ 0x48, ['unsigned long long']],
+    'LowestBitEverAllocated' : [ 0x50, ['unsigned long long']],
+    'CachedPtes' : [ 0x58, ['pointer64', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x60, ['unsigned long long']],
+} ],
+  '__unnamed_177d' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_1780' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
+    'ExtraCreateInfo' : [ 0x8, ['pointer64', ['void']]],
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long']],
+    'EndingVpn' : [ 0x1c, ['unsigned long']],
+    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
+    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
+    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
+    'SpareNT64VadUChar' : [ 0x23, ['unsigned char']],
+    'ReferenceCount' : [ 0x24, ['long']],
+    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x30, ['__unnamed_177d']],
+    'u1' : [ 0x34, ['__unnamed_1780']],
+    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_PARTITION' : [ 0x2880, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0x1a8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x470, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x500, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x800, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0x13c0, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0x1440, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0x14a8, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x1630, ['pointer64', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x1638, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0x1680, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_EPARTITION' : [ 0x80, {
+    'MmPartition' : [ 0x0, ['pointer64', ['void']]],
+    'CcPartition' : [ 0x8, ['pointer64', ['void']]],
+    'ExPartition' : [ 0x10, ['pointer64', ['void']]],
+    'HardReferenceCount' : [ 0x18, ['long long']],
+    'OpenHandleCount' : [ 0x20, ['long long']],
+    'ActivePartitionLinks' : [ 0x28, ['_LIST_ENTRY']],
+    'ParentPartition' : [ 0x38, ['pointer64', ['_EPARTITION']]],
+    'TeardownWorkItem' : [ 0x40, ['_WORK_QUEUE_ITEM']],
+    'TeardownLock' : [ 0x60, ['_EX_PUSH_LOCK']],
+    'SystemProcess' : [ 0x68, ['pointer64', ['_EPROCESS']]],
+    'SystemProcessHandle' : [ 0x70, ['pointer64', ['void']]],
+    'PartitionFlags' : [ 0x78, ['unsigned long']],
+    'PairedWithJob' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Padding' : [ 0x7c, ['unsigned long']],
+} ],
+  '_HHIVE' : [ 0xa68, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x28, ['pointer64', ['void']]],
+    'FileRead' : [ 0x30, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x38, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x40, ['pointer64', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x48, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x58, ['unsigned long']],
+    'DirtyAlloc' : [ 0x5c, ['unsigned long']],
+    'UnreconciledVector' : [ 0x60, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x70, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x74, ['unsigned long']],
+    'Cluster' : [ 0x78, ['unsigned long']],
+    'Flat' : [ 0x7c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x7c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SystemCacheBacked' : [ 0x7c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x7c, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x7d, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x80, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x84, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x88, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x8c, ['unsigned long']],
+    'HiveFlags' : [ 0x90, ['unsigned long']],
+    'CurrentLog' : [ 0x94, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x98, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x9c, ['unsigned long']],
+    'CurrentLogOffset' : [ 0xa0, ['unsigned long']],
+    'MinimumLogSequence' : [ 0xa4, ['unsigned long']],
+    'LogFileSizeCap' : [ 0xa8, ['unsigned long']],
+    'LogDataPresent' : [ 0xac, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0xae, ['unsigned char']],
+    'BaseBlockDirty' : [ 0xaf, ['unsigned char']],
+    'LastLogSwapTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0xb8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0xb8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0xb8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0xb8, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0xba, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0xbc, ['unsigned long']],
+    'StorageTypeCount' : [ 0xc0, ['unsigned long']],
+    'Version' : [ 0xc4, ['unsigned long']],
+    'ViewMap' : [ 0xc8, ['_HVIEW_MAP']],
+    'Storage' : [ 0x578, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x130, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SpareExtFlag' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x18, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x20, ['unsigned long']],
+    'KcbPushlock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x30, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x30, ['long']],
+    'DelayedDeref' : [ 0x38, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x38, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x38, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x39, ['unsigned char']],
+    'LayerHeight' : [ 0x3a, ['short']],
+    'Spare1' : [ 0x3c, ['unsigned long']],
+    'ParentKcb' : [ 0x40, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x48, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x50, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x58, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x68, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x68, ['unsigned long']],
+    'SubKeyCount' : [ 0x68, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x70, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x80, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xa8, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xaa, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xac, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Spare3' : [ 0xb4, ['unsigned long']],
+    'LayerInfo' : [ 0xb8, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0x120, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x120, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'SequenceNumber' : [ 0x128, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x60, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+    'EnumerationResumeContext' : [ 0x58, ['pointer64', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_181b' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmInitializeHive', 2: u'_HvInitializeHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread', 23: u'_CmpCheckLeaf'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_181e' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1820' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1822' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1824' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_1828' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_182c' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_182e' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned short']],
+    'RecoverableIndex' : [ 0xa, ['unsigned short']],
+    'Locations' : [ 0xc, ['array', 8, ['__unnamed_181b']]],
+    'RecoverableLocations' : [ 0x6c, ['array', 8, ['__unnamed_181b']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_181e']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_1820']],
+    'CheckKey' : [ 0xf0, ['__unnamed_1822']],
+    'CheckValueList' : [ 0x110, ['__unnamed_1824']],
+    'CheckHive' : [ 0x128, ['__unnamed_1828']],
+    'CheckHive1' : [ 0x138, ['__unnamed_1828']],
+    'CheckBin' : [ 0x148, ['__unnamed_182c']],
+    'RecoverData' : [ 0x158, ['__unnamed_182e']],
+} ],
+  '_CM_KCB_UOW' : [ 0x78, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ParentUoW' : [ 0x50, ['pointer64', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x58, ['unsigned long']],
+    'OldValueCell' : [ 0x58, ['unsigned long']],
+    'NewValueCell' : [ 0x5c, ['unsigned long']],
+    'UserFlags' : [ 0x58, ['unsigned long']],
+    'LastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x60, ['unsigned long']],
+    'OldChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x60, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x60, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x68, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x68, ['pointer64', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x70, ['pointer64', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x70, ['pointer64', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0xb8, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x30, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x30, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x30, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x30, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x30, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x30, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x30, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x30, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x30, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x30, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x30, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x30, ['unsigned long']],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x40, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x48, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x50, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x58, ['_GUID']],
+    'StartLsn' : [ 0x68, ['unsigned long long']],
+    'HiveCount' : [ 0x70, ['unsigned long']],
+    'HiveArray' : [ 0x78, ['array', 8, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['unsigned long']]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x175, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['unsigned long long']]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x281, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SyntheticTimeUnhaltedTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'AccessRootSchedulerReg' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x270, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ReadySummary' : [ 0x8, ['unsigned long']],
+    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
+    'Span' : [ 0x250, ['unsigned char']],
+    'LowProcIndex' : [ 0x251, ['unsigned char']],
+    'QueueIndex' : [ 0x252, ['unsigned char']],
+    'ProcCount' : [ 0x253, ['unsigned char']],
+    'ScanOwner' : [ 0x254, ['unsigned char']],
+    'Spare' : [ 0x255, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x258, ['unsigned long long']],
+    'ReadyThreadCount' : [ 0x260, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x268, ['unsigned long long']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'Spare1' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
+    'OutputLength' : [ 0xe0, ['unsigned long long']],
+    'Spare2' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'Fill4' : [ 0x18c, ['unsigned long']],
+} ],
+  '__unnamed_195f' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1961' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1965' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x2d8, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x58, ['long']],
+    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
+    'FxActivationCount' : [ 0x78, ['long']],
+    'FxSleepCount' : [ 0x7c, ['long']],
+    'Plugin' : [ 0x80, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x88, ['unsigned long']],
+    'CurrentPowerState' : [ 0x8c, ['_POWER_STATE']],
+    'Notify' : [ 0x90, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xf8, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0x118, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0x128, ['unsigned long']],
+    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x134, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
+    'CompletionStatus' : [ 0x188, ['long']],
+    'Flags' : [ 0x18c, ['unsigned long']],
+    'UserFlags' : [ 0x190, ['unsigned long']],
+    'Problem' : [ 0x194, ['unsigned long']],
+    'ProblemStatus' : [ 0x198, ['long']],
+    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x1c4, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
+    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
+    'OverUsed1' : [ 0x210, ['__unnamed_195f']],
+    'OverUsed2' : [ 0x218, ['__unnamed_1961']],
+    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x230, ['unsigned long']],
+    'DockInfo' : [ 0x238, ['__unnamed_1965']],
+    'DisableableDepends' : [ 0x258, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
+    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x290, ['long']],
+    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
+    'ContainerID' : [ 0x298, ['_GUID']],
+    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x2c0, ['unsigned long']],
+    'RebalanceContext' : [ 0x2c8, ['pointer64', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+    'IommuExtension' : [ 0x2d0, ['pointer64', ['_DEVICE_NODE_IOMMU_EXTENSION']]],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
+    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x68, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
+    'InterruptContext' : [ 0x58, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KAFFINITY_EX' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1a64' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1a64']],
+} ],
+  '__unnamed_1a6b' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1a6b']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x18, ['pointer64', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x20, ['pointer64', ['unsigned short']]],
+    'PinCount' : [ 0x28, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x2a, ['unsigned char']],
+    'ResourceSourceName' : [ 0x30, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x40, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x30, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'SlaveAddress' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x28, ['unsigned long']],
+    'RxBufferSize' : [ 0x2c, ['unsigned short']],
+    'TxBufferSize' : [ 0x2e, ['unsigned short']],
+    'Parity' : [ 0x30, ['unsigned char']],
+    'LinesInUse' : [ 0x31, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'DataBitLength' : [ 0x2c, ['unsigned char']],
+    'Phase' : [ 0x2d, ['unsigned char']],
+    'Polarity' : [ 0x2e, ['unsigned char']],
+    'DeviceSelection' : [ 0x30, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x1c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x18, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x20, ['pointer64', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x28, ['pointer64', ['void']]],
+    'Accounting' : [ 0x30, ['pointer64', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x1550, {
+    'Name' : [ 0x0, ['pointer64', ['wchar']]],
+    'Id' : [ 0x8, ['unsigned char']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Priority' : [ 0x20, ['unsigned char']],
+    'Settings' : [ 0x28, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x1528, ['unsigned long long']],
+    'Count' : [ 0x1530, ['unsigned long long']],
+    'MaxDuration' : [ 0x1538, ['unsigned long long']],
+    'MinDuration' : [ 0x1540, ['unsigned long long']],
+    'TotalDuration' : [ 0x1548, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xa80, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x44, ['unsigned long']],
+    'AutonomousPreference' : [ 0x48, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x49, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4b, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x4d, ['unsigned char']],
+    'ParkingPerfState' : [ 0x4e, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x50, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x51, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x52, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x53, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x54, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x55, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x56, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x58, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x5c, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x60, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x62, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x64, ['unsigned char']],
+    'IdleDisabled' : [ 0x65, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x68, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x6c, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x6d, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x6e, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x6f, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x70, ['array', 1280, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x570, ['array', 1280, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xa70, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xa71, ['unsigned char']],
+    'ThreadPolicies' : [ 0xa74, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuPolicyAll', 1: u'KHeteroCpuPolicyLarge', 2: u'KHeteroCpuPolicyLargeOrIdle', 3: u'KHeteroCpuPolicySmall', 4: u'KHeteroCpuPolicySmallOrIdle', 5: u'KHeteroCpuPolicyStaticMax', 6: u'KHeteroCpuPolicyBiasedSmall', 7: u'KHeteroCpuPolicyBiasedLarge', 8: u'KHeteroCpuPolicyDefault', 9: u'KHeteroCpuPolicyMax'})]]],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x480, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x2e0, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x310, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x360, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x368, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x370, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x378, ['pointer64', ['void']]],
+    'HardErrorState' : [ 0x380, ['unsigned long']],
+    'WnfSiloState' : [ 0x388, ['_WNF_SILODRIVERSTATE']],
+    'DbgkSiloState' : [ 0x3c0, ['_DBGK_SILOSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x3e0, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x3f0, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x400, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x408, ['pointer64', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x410, ['unsigned char']],
+    'NtSystemRoot' : [ 0x418, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x428, ['_UNICODE_STRING']],
+    'Storage' : [ 0x438, ['pointer64', ['_PSP_STORAGE']]],
+    'State' : [ 0x440, ['Enumeration', dict(target = 'long', choices = {0: u'SERVERSILO_INITING', 1: u'SERVERSILO_STARTED', 2: u'SERVERSILO_SHUTTING_DOWN', 3: u'SERVERSILO_TERMINATING', 4: u'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x444, ['long']],
+    'DeleteEvent' : [ 0x448, ['pointer64', ['_KEVENT']]],
+    'UserSharedData' : [ 0x450, ['pointer64', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x458, ['pointer64', ['void']]],
+    'TerminateWorkItem' : [ 0x460, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SIrpBlocked' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BlockFastResume' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0xd0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x20, ['unsigned long long']],
+    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0xc0, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x218, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
+    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
+    'Event' : [ 0x158, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
+    'WritesInProgress' : [ 0x204, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x208, ['unsigned long']],
+    'Partition' : [ 0x210, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '__unnamed_1b72' : [ 0x10, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_1b72']],
+    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x400, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'PartitionObject' : [ 0x8, ['pointer64', ['_EPARTITION']]],
+    'CleanSharedCacheMapList' : [ 0x10, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0x20, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0x30, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriteCursor' : [ 0x48, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0x60, ['_LIST_ENTRY']],
+    'PrivateLock' : [ 0x80, ['unsigned long long']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0x88, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0x8c, ['unsigned char']],
+    'WorkQueueLock' : [ 0xc0, ['unsigned long long']],
+    'NumberWorkerThreads' : [ 0xc8, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0xcc, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0xd0, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0xf0, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0x100, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0x110, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0x120, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0x130, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0x134, ['unsigned long']],
+    'QueueThrottle' : [ 0x138, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0x13c, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0x140, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0x144, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0x148, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0x14c, ['unsigned long']],
+    'LowMemoryEvent' : [ 0x150, ['_KEVENT']],
+    'PowerEvent' : [ 0x168, ['_KEVENT']],
+    'PeriodicEvent' : [ 0x180, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x198, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x1b0, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x1c8, ['unsigned long']],
+    'LazyWriter' : [ 0x1d0, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x258, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x270, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x2a8, ['pointer64', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x2b0, ['long']],
+    'AverageAvailablePages' : [ 0x2b8, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x2c0, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x2c8, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x2d0, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x2d8, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x2e0, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x2e1, ['unsigned char']],
+    'DeferredWrites' : [ 0x2e8, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x300, ['unsigned long long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x308, ['pointer64', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x310, ['pointer64', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x318, ['pointer64', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x320, ['pointer64', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x328, ['pointer64', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x330, ['pointer64', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x338, ['pointer64', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x340, ['_EX_PUSH_LOCK']],
+    'VacbFreeHighPriorityList' : [ 0x348, ['_LIST_ENTRY']],
+    'NumberOfFreeHighPriorityVacbs' : [ 0x358, ['unsigned long']],
+    'LowPriWorkerThread' : [ 0x360, ['pointer64', ['_ETHREAD']]],
+    'LowPriSharedCacheMap' : [ 0x368, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'LowPriOldCpuPriority' : [ 0x370, ['long']],
+    'LowPriOldIoPriority' : [ 0x374, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+    'LowPriorityWorkerThreadLock' : [ 0x378, ['_EX_PUSH_LOCK']],
+    'MaxNumberOfWriteBehindThreads' : [ 0x380, ['unsigned long']],
+    'CoalescingState' : [ 0x384, ['unsigned char']],
+    'RundownStarted' : [ 0x385, ['unsigned char']],
+    'RefCount' : [ 0x388, ['long long']],
+    'ExitEvent' : [ 0x390, ['_KEVENT']],
+    'FinalDereferenceEvent' : [ 0x3a8, ['_KEVENT']],
+    'LazyWriteScanThreadHandle' : [ 0x3c0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1b98' : [ 0x10, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1b9a' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1b9c' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_1b9e' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1ba0' : [ 0x30, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_1ba4' : [ 0x68, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'PrefetchList' : [ 0x20, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x28, ['unsigned long']],
+    'Mdl' : [ 0x30, ['pointer64', ['_MDL']]],
+    'IoStatusBlock' : [ 0x38, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x40, ['pointer64', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x48, ['pointer64', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x50, ['pointer64', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x58, ['pointer64', ['void']]],
+    'RequestorMode' : [ 0x60, ['unsigned char']],
+    'NestingLevel' : [ 0x64, ['unsigned long']],
+} ],
+  '__unnamed_1ba6' : [ 0x68, {
+    'Read' : [ 0x0, ['__unnamed_1b98']],
+    'Write' : [ 0x0, ['__unnamed_1b9a']],
+    'Event' : [ 0x0, ['__unnamed_1b9c']],
+    'Notification' : [ 0x0, ['__unnamed_1b9e']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1ba0']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1ba4']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x88, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_1ba6']],
+    'Function' : [ 0x78, ['unsigned char']],
+    'Partition' : [ 0x80, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x50, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+    'Partition' : [ 0x48, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
+    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x90, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x28, {
+    'Allocate' : [ 0x0, ['unsigned long long']],
+    'Free' : [ 0x8, ['unsigned long long']],
+    'Commit' : [ 0x10, ['unsigned long long']],
+    'Decommit' : [ 0x18, ['unsigned long long']],
+    'ExtendContext' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SEGMENT_HEAP_EXTRA' : [ 0x10, {
+    'AllocationTag' : [ 0x0, ['unsigned short']],
+    'InterceptorIndex' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UserFlags' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ExtraSizeInUnits' : [ 0x3, ['unsigned char']],
+    'Settable' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x2a0, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x90, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
+    'Signature' : [ 0x98, ['unsigned long']],
+    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
+    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
+    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x100, ['unsigned long long']],
+    'AlignMask' : [ 0x108, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
+    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
+    'StackTraceInitVar' : [ 0x170, ['_RTL_RUN_ONCE']],
+    'FrontEndHeap' : [ 0x178, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x180, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x182, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0x183, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0x188, ['pointer64', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0x190, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0x192, ['array', 129, ['unsigned char']]],
+    'Counters' : [ 0x218, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x290, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1c5a' : [ 0x68, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x68, {
+    'Lock' : [ 0x0, ['__unnamed_1c5a']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1ca9' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1cab' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1ca9']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1cad' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1caf' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1cad']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_1cab']],
+    'u2' : [ 0x4, ['__unnamed_1caf']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x30, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_1cca' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1ccc' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1cca']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x30, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_1ccc']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1cde' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1ce0' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1cde']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_1ce0']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1ce9' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1ceb' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1ce9']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_1ceb']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1cf1' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemSpace' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_1cf3' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1cf1']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_1cf3']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1d11' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d13' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d11']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1d8, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0xd0, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0xe8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xf8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xf8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0x100, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0x148, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x150, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0x168, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0x170, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x178, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x180, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x190, ['long']],
+    'ReferenceNo' : [ 0x194, ['long']],
+    'ReferenceNoWait' : [ 0x198, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0x1a0, ['__unnamed_1d13']],
+    'TargetQueuePort' : [ 0x1a8, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x1b0, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x1b8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x1c0, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x1c4, ['unsigned long']],
+    'PendingQueueLength' : [ 0x1c8, ['unsigned long']],
+    'DirectQueueLength' : [ 0x1cc, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x1d0, ['unsigned long']],
+    'WaitQueueLength' : [ 0x1d4, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x28, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x48, ['unsigned long long']],
+    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x58, ['pointer64', ['void']]],
+    'ListSize' : [ 0x60, ['unsigned long long']],
+    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x70, ['unsigned long long']],
+    'Data' : [ 0x78, ['pointer64', ['void']]],
+    'DataSize' : [ 0x80, ['unsigned long long']],
+    'BitmapLimit' : [ 0x88, ['unsigned long']],
+    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
+    'AttributeFlags' : [ 0x94, ['unsigned long']],
+    'AttributeSize' : [ 0x98, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0xd8, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xc0, ['unsigned long']],
+    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x18, ['long']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1cab']],
+    'u2' : [ 0x4, ['__unnamed_1caf']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1d39' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d3b' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d39']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x118, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'u1' : [ 0x28, ['__unnamed_1d3b']],
+    'SequenceNo' : [ 0x2c, ['long']],
+    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
+    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x48, ['long']],
+    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xb0, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xb8, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xc0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xc8, ['pointer64', ['_ETHREAD']]],
+    'WakeReference' : [ 0xd0, ['pointer64', ['void']]],
+    'WakeReference2' : [ 0xd8, ['pointer64', ['void']]],
+    'ExtensionBuffer' : [ 0xe0, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0xe8, ['unsigned long long']],
+    'PortMessage' : [ 0xf0, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x40, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x28, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'TotalLength' : [ 0x34, ['unsigned short']],
+    'Type' : [ 0x36, ['unsigned short']],
+    'DataInfoOffset' : [ 0x38, ['unsigned short']],
+    'SignalCompletion' : [ 0x3a, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x3b, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x30, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x48, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x38, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x40, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_1d80' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d82' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d80']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_1d82']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x8, {
+    'Event' : [ 0x0, ['unsigned long long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x38, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
+    'DiskIoAttributionHandle' : [ 0x10, ['unsigned long long']],
+    'ActivityId' : [ 0x18, ['_GUID']],
+    'Timestamp' : [ 0x28, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x28, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x28, ['pointer64', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x30, ['long long']],
+    'AdapterCryptoParameters' : [ 0x28, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x58, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 9, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x70, ['pointer64', ['void']]],
+    'CreateFileType' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x80, ['pointer64', ['void']]],
+    'Override' : [ 0x88, ['unsigned char']],
+    'QueryOnly' : [ 0x89, ['unsigned char']],
+    'DeleteOnly' : [ 0x8a, ['unsigned char']],
+    'FullAttributes' : [ 0x8b, ['unsigned char']],
+    'LocalFileObject' : [ 0x90, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x98, ['unsigned long']],
+    'AccessMode' : [ 0x9c, ['unsigned char']],
+    'DriverCreateContext' : [ 0xa0, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0xcc, ['unsigned long']],
+    'FilterQuery' : [ 0xd0, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1e4c' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1e4c']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer64', ['wchar']]],
+    'LogFileName' : [ 0x40, ['pointer64', ['wchar']]],
+    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x110, ['unsigned long']],
+    'BuffersLost' : [ 0x114, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x10, {
+    'QueueTail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStatePendingCompression', 5: u'EtwBufferStateCompressed', 6: u'EtwBufferStatePlaceholder', 7: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x990, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'ErrorMarker' : [ 0x1c, ['unsigned long']],
+    'SizeMask' : [ 0x20, ['unsigned long']],
+    'GetCpuClock' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'FailureReason' : [ 0x3c, ['unsigned long']],
+    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x50, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x60, ['_LIST_ENTRY']],
+    'DebugIdTrackingList' : [ 0x70, ['_LIST_ENTRY']],
+    'DecodeControlList' : [ 0x80, ['pointer64', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'DecodeControlCount' : [ 0x88, ['unsigned long']],
+    'BatchedBufferList' : [ 0x90, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x90, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x98, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0xa8, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0xb8, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xc8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xd8, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'FlushThreshold' : [ 0xe4, ['unsigned long']],
+    'ByteOffset' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xf0, ['unsigned long']],
+    'BuffersAvailable' : [ 0xf4, ['long']],
+    'NumberOfBuffers' : [ 0xf8, ['long']],
+    'MaximumBuffers' : [ 0xfc, ['unsigned long']],
+    'EventsLost' : [ 0x100, ['unsigned long']],
+    'PeakBuffersCount' : [ 0x104, ['long']],
+    'BuffersWritten' : [ 0x108, ['unsigned long']],
+    'LogBuffersLost' : [ 0x10c, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0x110, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0x114, ['unsigned long']],
+    'SequencePtr' : [ 0x118, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x120, ['unsigned long']],
+    'InstanceGuid' : [ 0x124, ['_GUID']],
+    'MaximumFileSize' : [ 0x134, ['unsigned long']],
+    'FileCounter' : [ 0x138, ['long']],
+    'PoolType' : [ 0x13c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x140, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0x150, ['long']],
+    'ProviderInfoSize' : [ 0x154, ['unsigned long']],
+    'Consumers' : [ 0x158, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x168, ['unsigned long']],
+    'TransitionConsumer' : [ 0x170, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x178, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x180, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x190, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x198, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x1a0, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x1a8, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x1b0, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1b8, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1c0, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1d0, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1d8, ['_KEVENT']],
+    'FlushEvent' : [ 0x1f0, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x208, ['_KTIMER']],
+    'LoggerDpc' : [ 0x248, ['_KDPC']],
+    'LoggerMutex' : [ 0x288, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2c8, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2c8, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2d0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x318, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x320, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x328, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x330, ['pointer64', ['void']]],
+    'BufferSequenceNumber' : [ 0x338, ['long long']],
+    'Flags' : [ 0x340, ['unsigned long']],
+    'Persistent' : [ 0x340, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x340, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x340, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x340, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x340, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x340, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x340, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x340, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x340, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x340, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x340, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x340, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x340, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x340, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x340, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LastBranchTracing' : [ 0x340, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x340, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x340, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x340, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x344, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x344, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x344, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x344, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x344, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x344, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x344, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x344, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x344, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x344, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'StackTraceBlock' : [ 0x350, ['_ETW_STACK_TRACE_BLOCK']],
+    'HookIdMap' : [ 0x850, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x860, ['pointer64', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x868, ['pointer64', ['_ETW_PMC_SUPPORT']]],
+    'LbrData' : [ 0x870, ['pointer64', ['_ETW_LBR_SUPPORT']]],
+    'BinaryTrackingList' : [ 0x878, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x888, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x890, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x8a0, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x8a8, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x8b8, ['pointer64', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x8c0, ['Enumeration', dict(target = 'long', choices = {0: u'EtwpPeriodicTimerUnset', 1: u'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x8c8, ['pointer64', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x8d0, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x8d8, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x8f8, ['long']],
+    'CompressionLock' : [ 0x900, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x908, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x910, ['pointer64', ['void']]],
+    'CompressionOn' : [ 0x918, ['long']],
+    'CompressionRatioGuess' : [ 0x91c, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x920, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x924, ['Enumeration', dict(target = 'long', choices = {0: u'EtwCompressionModeRestart', 1: u'EtwCompressionModeNoDisable', 2: u'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x928, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x930, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x970, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x978, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x980, ['_LARGE_INTEGER']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x38, {
+    'Source' : [ 0x0, ['array', 8, ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x20, ['unsigned long']],
+    'HookId' : [ 0x24, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x2c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x30, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LBR_SUPPORT' : [ 0x14, {
+    'LbrHandle' : [ 0x0, ['unsigned long']],
+    'LbrOptions' : [ 0x4, ['unsigned long']],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0x1190, {
+    'SiloGlobals' : [ 0x0, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'MaxLoggers' : [ 0x8, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x10, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x1a0, ['pointer64', ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'EtwpLoggerContext' : [ 0x1a8, ['pointer64', ['pointer64', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x1b0, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0xfb0, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0xfc0, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0xfc4, ['long']],
+    'EtwpSecurityProviderPID' : [ 0xfc8, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0xfd0, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0xff0, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0x1000, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0x1008, ['pointer64', ['_ETW_SILO_TRACING_BLOCK']]],
+    'PartitionId' : [ 0x1010, ['_GUID']],
+    'ParentId' : [ 0x1020, ['_GUID']],
+    'QpcOffsetFromRoot' : [ 0x1030, ['_LARGE_INTEGER']],
+    'PartitionType' : [ 0x1038, ['unsigned long']],
+    'SystemLoggerSettings' : [ 0x103c, ['_ETW_SYSTEM_LOGGER_SETTINGS']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x30, {
+    'SystemLogonSession' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x10, ['pointer64', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0x18, ['pointer64', ['void']]],
+    'UncSystemPaths' : [ 0x20, ['pointer64', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x28, ['pointer64', ['_CI_NGEN_PATHS']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x498, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc8, ['unsigned long']],
+    'TokenInUse' : [ 0xcc, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
+    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
+    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x310, ['pointer64', ['void']]],
+    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x320, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
+    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
+    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x470, ['pointer64', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x478, ['pointer64', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x480, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x488, ['pointer64', ['void']]],
+    'VariablePart' : [ 0x490, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0xc0, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x30, ['pointer64', ['void']]],
+    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x58, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x80, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0xa0, ['pointer64', ['_EJOB']]],
+    'SiblingAuthId' : [ 0xa8, ['_LUID']],
+    'TokenList' : [ 0xb0, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved2' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved1' : [ 0x1a, ['unsigned short']],
+    'Reserved2' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
+    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x10, {
+    'Footer' : [ 0x0, ['pointer64', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x30, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x20, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x10, {
+    'Context1' : [ 0x0, ['pointer64', ['void']]],
+    'Context2' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x10, ['pointer64', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0x18, ['unsigned char']],
+    'Padding1' : [ 0x19, ['array', 3, ['unsigned char']]],
+    'Padding2' : [ 0x1c, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0x18, ['unsigned long']],
+    'HashIndex' : [ 0x1c, ['unsigned short']],
+    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
+    'LockedExclusive' : [ 0x1f, ['unsigned char']],
+    'LockStateSignature' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x158, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x138, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0x140, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x148, ['pointer64', ['void']]],
+    'Flags' : [ 0x150, ['unsigned long']],
+    'SessionId' : [ 0x154, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x2e0, {
+    'SystemDeviceMap' : [ 0x0, ['pointer64', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x8, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x80, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0x18, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x428, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x10, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
+    'ErrorCount' : [ 0x18, ['long']],
+    'RecordCount' : [ 0x1c, ['unsigned long']],
+    'RecordLength' : [ 0x20, ['unsigned long']],
+    'PoolTag' : [ 0x24, ['unsigned long']],
+    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x38, ['pointer64', ['void']]],
+    'SectionCount' : [ 0x40, ['unsigned long']],
+    'SectionLength' : [ 0x44, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
+    'TotalErrors' : [ 0x54, ['unsigned long']],
+    'Deferred' : [ 0x58, ['unsigned char']],
+    'Descriptor' : [ 0x59, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x10, ['unsigned long']],
+    'ProcessorNumber' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x1c, ['long']],
+    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x20, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x18, ['long']],
+    'HighWaterMark' : [ 0x1c, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x28, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_1fcc' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x4000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_1fcc']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
+    'NonPagablePages' : [ 0x28, ['unsigned long long']],
+    'CommittedPages' : [ 0x30, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x58, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x68, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x70, ['unsigned long']],
+    'AttachCount' : [ 0x74, ['unsigned long']],
+    'AttachGate' : [ 0x78, ['_KGATE']],
+    'WsListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'PagedPoolInfo' : [ 0xa0, ['_MM_PAGED_POOL_INFO']],
+    'Lookaside' : [ 0x100, ['array', 21, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xb80, ['_MMSESSION']],
+    'Vm' : [ 0xbc0, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0xd00, ['_MMWSL_INSTANCE']],
+    'AggregateSessionWs' : [ 0xd40, ['_MMSUPPORT_AGGREGATION']],
+    'PagedPool' : [ 0xd80, ['_POOL_DESCRIPTOR']],
+    'DriverUnload' : [ 0x1ec0, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PageDirectory' : [ 0x1ec8, ['_MMPTE']],
+    'SessionVaLock' : [ 0x1ed0, ['_EX_PUSH_LOCK']],
+    'DynamicVaBitMap' : [ 0x1ed8, ['_RTL_BITMAP_EX']],
+    'DynamicVaHint' : [ 0x1ee8, ['unsigned long long']],
+    'SpecialPool' : [ 0x1ef0, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1f30, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x1f38, ['long']],
+    'PagedPoolPdeCount' : [ 0x1f3c, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1f40, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1f44, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1f48, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1fb0, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1fb8, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x1fc0, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1fc8, ['unsigned long long']],
+    'IoState' : [ 0x1fd0, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1fd4, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1fd8, ['_KEVENT']],
+    'ServerSilo' : [ 0x1ff0, ['pointer64', ['_EJOB']]],
+    'CreateTime' : [ 0x1ff8, ['unsigned long long']],
+    'PoolTags' : [ 0x2000, ['array', 8192, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x260, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x250, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x258, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'ParseProcedureEx' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x60, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0x18, ['unsigned long']],
+    'EntryOffset' : [ 0x18, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0x19, ['unsigned char']],
+    'WaitingBit' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0x1a, ['unsigned char']],
+    'AcquiredBit' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0x1b, ['unsigned char']],
+    'HeadNodeBit' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'SpareFlags' : [ 0x1c, ['unsigned long']],
+    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
+    'InTreeByte' : [ 0x27, ['unsigned char']],
+    'SessionState' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+    'SessionPad' : [ 0x2c, ['unsigned long']],
+    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
+    'EntryLock' : [ 0x50, ['unsigned long long']],
+    'BoostBitmap' : [ 0x58, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+    'SparePad' : [ 0x5c, ['unsigned long']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RfgControlStack' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x78, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x50, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
+    'LastPolledSize' : [ 0x70, ['unsigned long long']],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
+    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_2032' : [ 0x20, {
+    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
+    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
+    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_2035' : [ 0x10, {
+    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0xf8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x30, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x78, ['_KDPC']],
+    'MinorFunction' : [ 0xb8, ['unsigned char']],
+    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0xc0, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
+    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0xd0, ['unsigned char']],
+    'NotifyPEP' : [ 0xd1, ['unsigned char']],
+    'Device' : [ 0xd8, ['__unnamed_2032']],
+    'System' : [ 0xd8, ['__unnamed_2035']],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x38, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedBytes' : [ 0x8, ['unsigned long long']],
+    'NonPagedAllocs' : [ 0x10, ['unsigned long long']],
+    'NonPagedFrees' : [ 0x18, ['unsigned long long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+    'PagedAllocs' : [ 0x28, ['unsigned long long']],
+    'PagedFrees' : [ 0x30, ['unsigned long long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGK_SILOSTATE' : [ 0x20, {
+    'ErrorPortLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ErrorPort' : [ 0x8, ['pointer64', ['_DBGKP_ERROR_PORT']]],
+    'ErrorProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ErrorPortRegisteredEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x428, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0xf0, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x198, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x1a0, ['pointer64', ['void']]],
+    'IdleExecute' : [ 0x1a8, ['pointer64', ['void']]],
+    'IdlePreselect' : [ 0x1b0, ['pointer64', ['void']]],
+    'IdleTest' : [ 0x1b8, ['pointer64', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x1c0, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x1c8, ['pointer64', ['void']]],
+    'IdleCancel' : [ 0x1d0, ['pointer64', ['void']]],
+    'IdleIsHalted' : [ 0x1d8, ['pointer64', ['void']]],
+    'IdleInitiateWake' : [ 0x1e0, ['pointer64', ['void']]],
+    'PrepareInfo' : [ 0x1e8, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0x240, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0x2e8, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0x2f0, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0x2f8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0x308, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0x318, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x330, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x38, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_2088' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_2088']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x120, {
+    'ProcessCid' : [ 0x0, ['pointer64', ['void']]],
+    'ThreadCid' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x20, ['unsigned long']],
+    'CreateTrace' : [ 0x28, ['array', 30, ['unsigned long long']]],
+    'Count' : [ 0x118, ['long']],
+    'CaptureCount' : [ 0x11c, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ShortThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x240, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x48, ['pointer64', ['_KDPC']]],
+    'ChildList' : [ 0x50, ['_LIST_ENTRY']],
+    'Parent' : [ 0x60, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x28, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'LockMdlSwitchedTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x10, ['unsigned long long']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Valid' : [ 0x20, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x48, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'EntryDescriptor' : [ 0x20, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x38, ['unsigned long']],
+    'Handles' : [ 0x40, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x18, {
+    'IdealMask' : [ 0x0, ['unsigned long long']],
+    'PreferredMask' : [ 0x8, ['unsigned long long']],
+    'AvailableMask' : [ 0x10, ['unsigned long long']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_MMSESSION' : [ 0x20, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x8, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x10, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x18, ['unsigned long']],
+    'BitmapFailures' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x20, {
+    'CompletionRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'RequestorMode' : [ 0x18, ['unsigned char']],
+    'NestingLevel' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
+    'DirtyPages' : [ 0x0, ['unsigned long long']],
+    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
+    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SK_CRASH_MINIDUMP' : [ 0x1000, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'ModuleCount' : [ 0x8, ['unsigned long']],
+    'FrameCount' : [ 0xc, ['unsigned long']],
+    'Modules' : [ 0x10, ['array', 16, ['_SK_CRASH_MODULE']]],
+    'StackFrames' : [ 0x490, ['array', 366, ['_SK_CRASH_STACK_FRAME']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_SK_CRASH_STACK_FRAME' : [ 0x8, {
+    'ModuleId' : [ 0x0, ['unsigned long']],
+    'Rva' : [ 0x4, ['unsigned long']],
+    'Pc' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DEVICE_MAP' : [ 0x48, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x40, ['pointer64', ['_EJOB']]],
+} ],
+  '_RTL_BITMAP_EX' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned long long')]],
+    'ExecutePrivilege' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x8, ['pointer64', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x10, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x18, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'ReservedForHardware' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'ReservedForSoftware' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'WsleProtection' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x28, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer64', ['void']]],
+    'OverQuotaHistory' : [ 0x8, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x20, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '__unnamed_213a' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x90, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_213a']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'WritesOutstanding' : [ 0x1c, ['unsigned long']],
+    'EvictFlushLock' : [ 0x20, ['long']],
+    'EvictionThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x30, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x50, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x60, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x78, ['pointer64', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x80, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_PS_PROPERTY_SET' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x2b0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x88, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x10, ['unsigned long long']],
+    'ItemCount' : [ 0x18, ['long']],
+    'Dpc' : [ 0x20, ['_KDPC']],
+    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x8, {
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXHANDLE' : [ 0x8, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_FAST_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['wchar']]],
+    'DriverName' : [ 0x50, ['pointer64', ['wchar']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x270, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x48, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'SecureInfo' : [ 0x8, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'InPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x8, ['_MI_LARGEPAGE_IMAGE_INFO']],
+    'CreatingThread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'PebTebRfg' : [ 0x8, ['_MI_SUB64K_FREE_RANGES']],
+    'RfgProtectedStack' : [ 0x8, ['_MI_RFG_PROTECTED_STACK']],
+    'WaitReason' : [ 0x40, ['unsigned long']],
+} ],
+  '__unnamed_2187' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_218a' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_218c' : [ 0x4, {
+    'AlignmentNoAccessPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0x18, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0x18, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0x18, ['pointer64', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x20, ['__unnamed_2187']],
+    'StartingSector' : [ 0x24, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x28, ['unsigned long']],
+    'PtesInSubsection' : [ 0x2c, ['unsigned long']],
+    'u1' : [ 0x30, ['__unnamed_218a']],
+    'UnusedPtes' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x34, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u2' : [ 0x34, ['__unnamed_218c']],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['unsigned long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
+    'NodeTargetCount' : [ 0x38, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x68, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'Reserved2' : [ 0x18, ['unsigned long']],
+    'Reserved3' : [ 0x20, ['array', 4, ['pointer64', ['void']]]],
+    'Reserved4' : [ 0x40, ['array', 4, ['unsigned long']]],
+    'Reserved5' : [ 0x50, ['pointer64', ['void']]],
+    'Reserved6' : [ 0x58, ['array', 2, ['pointer64', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x10, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x50, {
+    'LsaProcessHandle' : [ 0x0, ['pointer64', ['void']]],
+    'LsaCommandPortHandle' : [ 0x8, ['pointer64', ['void']]],
+    'SepRmThreadHandle' : [ 0x10, ['pointer64', ['void']]],
+    'RmCommandPortHandle' : [ 0x18, ['pointer64', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x20, ['pointer64', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x28, ['pointer64', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x30, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x38, ['pointer64', ['void']]],
+    'RmViewPortMemory' : [ 0x40, ['pointer64', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x48, ['long']],
+    'LsaCommandPortActive' : [ 0x4c, ['unsigned char']],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x30, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x10, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0x18, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x38, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'FirstPteForPagedPool' : [ 0x18, ['pointer64', ['_MMPTE']]],
+    'MaximumSize' : [ 0x20, ['unsigned long long']],
+    'PagedPoolHint' : [ 0x28, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x30, ['unsigned long long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0xf8, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xa8, ['_UNICODE_STRING']],
+    'Latency' : [ 0xb8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xbc, ['unsigned long']],
+    'Power' : [ 0xc0, ['unsigned long']],
+    'StateFlags' : [ 0xc4, ['unsigned long']],
+    'VetoAccounting' : [ 0xc8, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0xf0, ['unsigned char']],
+    'InterruptsEnabled' : [ 0xf1, ['unsigned char']],
+    'Interruptible' : [ 0xf2, ['unsigned char']],
+    'ContextRetained' : [ 0xf3, ['unsigned char']],
+    'CacheCoherent' : [ 0xf4, ['unsigned char']],
+    'WakesSpuriously' : [ 0xf5, ['unsigned char']],
+    'PlatformOnly' : [ 0xf6, ['unsigned char']],
+    'NoCState' : [ 0xf7, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x8, ['unsigned long long']],
+    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_21c6' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_21c8' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_21c6']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x120, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_21c8']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'PoolPageHeaders' : [ 0x30, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x40, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x50, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x54, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x5c, ['unsigned long']],
+    'PagedBytes' : [ 0x60, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x70, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x80, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x84, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x88, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x8c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x90, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x94, ['unsigned long']],
+    'LockedBytes' : [ 0x98, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xa0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xc0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xd0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xe8, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0xf8, ['unsigned long']],
+    'ExecutePageProtections' : [ 0xfc, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x100, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x104, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x108, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0x10c, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x110, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Luid' : [ 0x20, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x28, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x18, {
+    'DynamicRelocations' : [ 0x0, ['pointer64', ['void']]],
+    'SecurityContext' : [ 0x8, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderEnclaveMemory', 34: u'LoaderFirmwareKsr', 35: u'LoaderEnclaveKsr', 36: u'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x38, {
+    'ScopeMap' : [ 0x0, ['pointer64', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x8, ['pointer64', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x10, ['pointer64', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x18, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x20, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x28, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x30, ['long long']],
+} ],
+  '_DELAY_ACK_FO' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x20, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
+    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
+    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
+    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
+    'AvailableHistory' : [ 0x30, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x90, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'Count' : [ 0x28, ['unsigned long long']],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Who' : [ 0x38, ['unsigned long']],
+    'Hash' : [ 0x3c, ['unsigned long']],
+    'Page' : [ 0x40, ['unsigned long long']],
+    'StackTrace' : [ 0x48, ['array', 8, ['pointer64', ['void']]]],
+    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_MMSECTION_FLAGS2' : [ 0x4, {
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'NoCrossPartitionAccess' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SubsectionCrossPartitionReferenceOverflow' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KSECURE_FAULT_INFORMATION' : [ 0x10, {
+    'FaultCode' : [ 0x0, ['unsigned long long']],
+    'FaultVa' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '__unnamed_2222' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2224' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2222']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2224']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x20, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long long']],
+    'NumberOfProcessReferences' : [ 0x8, ['unsigned long long']],
+    'ClonePtes' : [ 0x10, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x1b00, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x100, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x380, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x438, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x4c0, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x4f8, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x600, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x9c0, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0x9d8, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0x9e8, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0xa48, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0xac0, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0xb80, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0xc00, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0xd20, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0xdc0, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x1000, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x1070, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x10c0, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x1180, ['_MI_SYSTEM_TRIM_STATE']],
+    'Cookie' : [ 0x11c0, ['unsigned long long']],
+    'BootRegistryRuns' : [ 0x11c8, ['pointer64', ['pointer64', ['void']]]],
+    'ZeroingDisabled' : [ 0x11d0, ['long']],
+    'FullyInitialized' : [ 0x11d4, ['unsigned char']],
+    'SafeBooted' : [ 0x11d5, ['unsigned char']],
+    'TraceLogging' : [ 0x11d8, ['pointer64', ['_TlgProvider_t']]],
+    'Vs' : [ 0x1200, ['_MI_VISIBLE_STATE']],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x40, {
+    'ProcessorBuffers' : [ 0x0, ['pointer64', ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0x1200, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x8, ['unsigned long long']],
+    'NumberOfPhysicalPages' : [ 0x10, ['unsigned long long']],
+    'NumberOfPagingFiles' : [ 0x18, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x1c, ['unsigned char']],
+    'PagingFile' : [ 0x20, ['array', 16, ['pointer64', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0xc0, ['unsigned long long']],
+    'ResidentAvailablePages' : [ 0x100, ['unsigned long long']],
+    'PartitionWs' : [ 0x140, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x208, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x230, ['unsigned long long']],
+    'ModifiedPageListHead' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x280, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x2a8, ['unsigned long long']],
+    'TotalPagesForPagingFile' : [ 0x2b0, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x2b8, ['unsigned long long']],
+    'ProcessLockedFilePages' : [ 0x2c0, ['unsigned long long']],
+    'SharedCommit' : [ 0x2c8, ['unsigned long long']],
+    'ChargeCommitmentFailures' : [ 0x2d0, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x2e0, ['long']],
+    'PageFileTraces' : [ 0x2e8, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x30, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x18, ['_KEVENT']],
+} ],
+  '_ETW_DECODE_CONTROL_ENTRY' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'Decode' : [ 0x8, ['_GUID']],
+    'Control' : [ 0x18, ['_GUID']],
+    'ConsumersNotified' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_225c' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_225e' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_225c']],
+} ],
+  '__unnamed_2260' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_225e']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2260']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_2268' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_2268']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MI_LARGEPAGE_IMAGE_INFO' : [ 0x10, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2275' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x28, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
+    'NodeCount' : [ 0x8, ['unsigned long long']],
+    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x18, ['unsigned long']],
+    'UseSessionId' : [ 0x1c, ['unsigned char']],
+    'u1' : [ 0x20, ['__unnamed_2275']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x110, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0xc8, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x38, {
+    'SystemDllBase' : [ 0x0, ['pointer64', ['void']]],
+    'ColorSeed' : [ 0x8, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0xc, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x28, ['pointer64', ['_MMPTE']]],
+    'VadSecureCookie' : [ 0x30, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_AGGREGATION' : [ 0x20, {
+    'PageFaultCount' : [ 0x0, ['unsigned long']],
+    'WorkingSetSize' : [ 0x8, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x10, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x78, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
+    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
+    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x190, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long long']],
+    'Guid' : [ 0x18, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['pointer64', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x178, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x180, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x188, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x150, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['wchar']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['wchar']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x120, ['unsigned char']],
+    'TransactionEvent' : [ 0x128, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x130, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x138, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x140, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x148, ['pointer64', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0xb8, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x10, ['_KMUTANT']],
+    'FixupLock' : [ 0x48, ['long']],
+    'FirstLoadEver' : [ 0x4c, ['unsigned char']],
+    'LargePageAll' : [ 0x4d, ['unsigned char']],
+    'LastPage' : [ 0x50, ['unsigned long long']],
+    'LargePageList' : [ 0x58, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x68, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x78, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x88, ['array', 2, ['pointer64', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x98, ['unsigned long long']],
+    'PageCounts' : [ 0xa0, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SlatKernelCodeProtected' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x68, ['unsigned char']],
+    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x10, ['unsigned long']],
+    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x8, {
+    'Head' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x100, {
+    'DriverInit' : [ 0x0, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x8, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x10, ['pointer64', ['void']]],
+    'AddDevice' : [ 0x18, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x20, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x60, {
+    'PartitionLock' : [ 0x0, ['unsigned long long']],
+    'PartitionIdLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x10, ['unsigned long long']],
+    'PartitionList' : [ 0x18, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x30, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x40, ['array', 1, ['pointer64', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x48, ['pointer64', ['pointer64', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x50, ['unsigned long long']],
+    'CrossPartitionDenials' : [ 0x58, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x5c, ['unsigned char']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x368, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+    'State' : [ 0x40, ['unsigned char']],
+    'Flags' : [ 0x41, ['unsigned char']],
+    'Removing' : [ 0x42, ['unsigned char']],
+    'Mode' : [ 0x43, ['unsigned char']],
+    'PendingMode' : [ 0x44, ['unsigned char']],
+    'ActivePoint' : [ 0x45, ['unsigned char']],
+    'PendingActivePoint' : [ 0x46, ['unsigned char']],
+    'Critical' : [ 0x47, ['unsigned char']],
+    'ThermalStandby' : [ 0x48, ['unsigned char']],
+    'OverThrottled' : [ 0x49, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x4c, ['long']],
+    'Throttle' : [ 0x50, ['long']],
+    'PendingThrottle' : [ 0x54, ['long']],
+    'ThrottleReasons' : [ 0x58, ['unsigned long']],
+    'LastPassiveTime' : [ 0x60, ['unsigned long long']],
+    'SampleRate' : [ 0x68, ['unsigned long']],
+    'LastTemp' : [ 0x6c, ['unsigned long']],
+    'Info' : [ 0x70, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xcc, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xe4, ['unsigned char']],
+    'PollingRate' : [ 0xe8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xf0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xf8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x100, ['unsigned long long']],
+    'WorkItem' : [ 0x108, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0x128, ['_KTIMER2']],
+    'Lock' : [ 0x1b0, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x1c0, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x1d8, ['_KEVENT']],
+    'InstanceId' : [ 0x1f0, ['unsigned long']],
+    'TelemetryTracker' : [ 0x1f8, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x358, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_DEVICE_OBJECT_LIST_ENTRY' : [ 0x18, {
+    'DeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'RELATION_LEVEL_REMOVE_EJECT', 1: u'RELATION_LEVEL_DEPENDENT', 2: u'RELATION_LEVEL_DIRECT_DESCENDANT'})]],
+    'Ordinal' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x8, ['long long']],
+    'SidCount' : [ 0x10, ['unsigned long']],
+    'SidValuesStart' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x18, {
+    'RunRefs' : [ 0x0, ['pointer64', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x8, ['pointer64', ['void']]],
+    'RunRefSize' : [ 0x10, ['unsigned long']],
+    'Number' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
+    'Function' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_236d' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_236f' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_236d']],
+    'Private' : [ 0x0, ['__unnamed_236f']],
+} ],
+  '_CM_TRANS_PTR' : [ 0x8, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'TransPtr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x38, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x10, ['unsigned long long']],
+    'VolumeKey' : [ 0x18, ['unsigned long long']],
+    'Rundown' : [ 0x20, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x28, ['pointer64', ['void']]],
+    'VolumeIoAttribution' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x8, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x8, ['unsigned long long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x48, ['unsigned long long']],
+    'BigPagesAllocated' : [ 0x50, ['unsigned long long']],
+    'BytesAllocated' : [ 0x58, ['unsigned long long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x88, ['unsigned long long']],
+    'BigPagesDeallocated' : [ 0x90, ['unsigned long long']],
+    'BytesDeallocated' : [ 0x98, ['unsigned long long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+    'PoolTypeCopy' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'ThreadsProcessingDeferrals' : [ 0x108, ['long']],
+    'PendingFreeDepth' : [ 0x10c, ['long']],
+    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_23e2' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_23e4' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_23e2']],
+    'Button' : [ 0x10, ['__unnamed_23e4']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
+    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x88, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x18, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x58, ['long long']],
+    'Callback' : [ 0x60, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x68, ['pointer64', ['void']]],
+    'DisableCallback' : [ 0x70, ['pointer64', ['void']]],
+    'DisableContext' : [ 0x78, ['pointer64', ['void']]],
+    'AbsoluteSystemTime' : [ 0x80, ['unsigned char']],
+    'TypeFlags' : [ 0x81, ['unsigned char']],
+    'Unused' : [ 0x81, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x81, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x81, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x81, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x81, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x82, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x88, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'DetachTimeStamp' : [ 0x20, ['unsigned long']],
+    'CodePageEdited' : [ 0x24, ['unsigned char']],
+    'DynamicPoolBitBuffer' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'DynamicVaBitBuffer' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'DynamicVaBitBufferPages' : [ 0x38, ['unsigned long long']],
+    'DynamicVaStart' : [ 0x40, ['pointer64', ['void']]],
+    'ImageVaStart' : [ 0x48, ['pointer64', ['void']]],
+    'DynamicPtesBitBuffer' : [ 0x50, ['pointer64', ['unsigned long']]],
+    'IdLock' : [ 0x58, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x60, ['pointer64', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x70, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x78, ['pointer64', ['void']]],
+    'SessionCore' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x10, ['pointer64', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'AccessMask' : [ 0x20, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x280, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'UnusedSegmentPagedPool' : [ 0x18, ['unsigned long long']],
+    'DataSectionProtectionMask' : [ 0x20, ['unsigned long']],
+    'HighSectionBase' : [ 0x28, ['pointer64', ['void']]],
+    'PhysicalSubsection' : [ 0x30, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0xa0, ['_CONTROL_AREA']],
+    'PurgingExtentPages' : [ 0x120, ['_MMPFNLIST']],
+    'DanglingExtentPages' : [ 0x148, ['pointer64', ['_MMPFN']]],
+    'DanglingExtentsWorkItem' : [ 0x150, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsWorkerActive' : [ 0x170, ['unsigned char']],
+    'PurgingExtentsNeedWatchdog' : [ 0x171, ['unsigned char']],
+    'PageFileSectionHead' : [ 0x178, ['_RTL_AVL_TREE']],
+    'PageFileSectionListSpinLock' : [ 0x180, ['long']],
+    'ImageBias' : [ 0x184, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0x188, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0x190, ['_RTL_BITMAP']],
+    'ImageBias64Low' : [ 0x1a0, ['unsigned long']],
+    'ImageBias64High' : [ 0x1a4, ['unsigned long']],
+    'ImageBitMap64Low' : [ 0x1a8, ['_RTL_BITMAP']],
+    'ImageBitMap64High' : [ 0x1b8, ['_RTL_BITMAP']],
+    'ImageBitMapWow64Dll' : [ 0x1c8, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0x1d8, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x1e0, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0x1e8, ['unsigned long long']],
+    'LostDataFiles' : [ 0x1f0, ['unsigned long']],
+    'LostDataPages' : [ 0x1f4, ['unsigned long']],
+    'ImageFailureReason' : [ 0x1f8, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x200, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x208, ['pointer64', ['_CONTROL_AREA']]],
+    'CfgBitMapSection64' : [ 0x210, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea64' : [ 0x218, ['pointer64', ['_CONTROL_AREA']]],
+    'KernelCfgBitMap' : [ 0x220, ['_RTL_BITMAP_EX']],
+    'KernelCfgBitMapLock' : [ 0x230, ['_EX_PUSH_LOCK']],
+    'ImageCfgFailure' : [ 0x238, ['unsigned long']],
+    'ImageChecksumBreakpoint' : [ 0x23c, ['unsigned long']],
+    'ImageSizeBreakpoint' : [ 0x240, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x244, ['long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x28, ['unsigned char']],
+    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x60, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkIdFilter' : [ 0x28, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'StackWalkNameFilter' : [ 0x30, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+    'StackWalkLevelKwFilter' : [ 0x38, ['pointer64', ['_EVENT_FILTER_LEVEL_KW']]],
+    'EventIdFilter' : [ 0x40, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x48, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x50, ['pointer64', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x58, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 24, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xb0, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0xa4, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xa8, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x7b0, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'SharedData' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pUnused' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['pointer64', ['void']]]],
+    'TelemetryCoverageHeader' : [ 0x7a0, ['pointer64', ['void']]],
+    'CloudFileFlags' : [ 0x7a8, ['unsigned long']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_245f' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2463' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_245f']],
+    'Bits' : [ 0x4, ['__unnamed_2463']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'DataLow' : [ 0x0, ['long long']],
+    'DataHigh' : [ 0x8, ['long long']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_SYSTEM_LOGGER_SETTINGS' : [ 0x154, {
+    'EtwpSystemLogger' : [ 0x0, ['array', 8, ['_ETW_SYSTEM_LOGGER']]],
+    'EtwpActiveSystemLoggers' : [ 0x10, ['unsigned long']],
+    'SiloGlobalGroupMask' : [ 0x14, ['_PERFINFO_GROUPMASK']],
+    'EtwpGroupMasks' : [ 0x34, ['array', 9, ['_PERFINFO_GROUPMASK']]],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x38, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Vad' : [ 0x20, ['pointer64', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x28, ['unsigned long']],
+    'FullSetBits' : [ 0x2c, ['unsigned long']],
+    'SubListIndex' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_247e' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2481' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x1b0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Event' : [ 0x20, ['_KEVENT']],
+    'CollidedEvent' : [ 0x38, ['_KEVENT']],
+    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
+    'ApcState' : [ 0x68, ['_KAPC_STATE']],
+    'Thread' : [ 0x98, ['pointer64', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0xa0, ['pointer64', ['_MMPFN']]],
+    'PteContents' : [ 0xa8, ['_MMPTE']],
+    'WaitCount' : [ 0xb0, ['long']],
+    'ByteCount' : [ 0xb4, ['unsigned long']],
+    'u3' : [ 0xb8, ['__unnamed_247e']],
+    'u1' : [ 0xbc, ['__unnamed_2481']],
+    'FilePointer' : [ 0xc0, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xc8, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0xc8, ['pointer64', ['_SUBSECTION']]],
+    'Autoboost' : [ 0xd0, ['pointer64', ['void']]],
+    'FaultingAddress' : [ 0xd8, ['pointer64', ['void']]],
+    'PointerPte' : [ 0xe0, ['pointer64', ['_MMPTE']]],
+    'BasePte' : [ 0xe8, ['pointer64', ['_MMPTE']]],
+    'Pfn' : [ 0xf0, ['pointer64', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0xf8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0x100, ['_MDL']],
+    'Page' : [ 0x130, ['array', 16, ['unsigned long long']]],
+    'FlowThrough' : [ 0x130, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x20, {
+    'BaseKcb' : [ 0x0, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x8, ['long']],
+    'ClonedKcbListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset', 25: u'ClearDmaGuardProblem'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+    'ActivityId' : [ 0x38, ['_GUID']],
+    'RefCount' : [ 0x48, ['long']],
+    'Dequeued' : [ 0x4c, ['unsigned char']],
+    'CancelLock' : [ 0x50, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x58, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0x180, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x38, ['unsigned char']],
+    'Platform' : [ 0x39, ['unsigned char']],
+    'DependencyListCount' : [ 0x3c, ['unsigned long']],
+    'Processors' : [ 0x40, ['_KAFFINITY_EX']],
+    'Name' : [ 0xe8, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0xf8, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x100, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x108, ['unsigned long long']],
+    'RefCount' : [ 0x140, ['long']],
+    'CacheAlign0' : [ 0x140, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0xbc0, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer64', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x280, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x500, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x780, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x7c0, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x7e8, ['array', 2, ['pointer64', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x7f8, ['array', 8, ['pointer64', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x838, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x880, ['unsigned long long']],
+    'TransitionSharedPagesPeak' : [ 0x888, ['array', 3, ['unsigned long long']]],
+    'MappedPageListHeadEvent' : [ 0x8a0, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0xa20, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0xa40, ['unsigned long']],
+    'StandbyListDiscard' : [ 0xa44, ['unsigned char']],
+    'FreeListDiscard' : [ 0xa45, ['unsigned char']],
+    'LargePfnBitMapsReady' : [ 0xa46, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0xa48, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0xa50, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0xac0, ['unsigned long long']],
+    'AvailablePageWaitStates' : [ 0xac8, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0xb28, ['pointer64', ['void']]],
+    'TransitionPrivatePages' : [ 0xb40, ['unsigned long long']],
+    'LargePfnBitMap' : [ 0xb48, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'LowMemoryThreshold' : [ 0xb68, ['unsigned long long']],
+    'HighMemoryThreshold' : [ 0xb70, ['unsigned long long']],
+    'LargePfnBitMapLock' : [ 0xb80, ['unsigned long long']],
+} ],
+  '__unnamed_24ab' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_24ab']],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0x188, {
+    'Partition' : [ 0x0, ['pointer64', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0x18, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x40, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x48, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x58, ['unsigned long long']],
+    'CombinePageListHeads' : [ 0x60, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0x160, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'LowboxNumber' : [ 0x28, ['unsigned long']],
+    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x8, ['pointer64', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'KernelSoftReboot' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x58, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x38, ['pointer64', ['_ETHREAD']]],
+    'Type' : [ 0x40, ['unsigned long']],
+    'ActivityId' : [ 0x44, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x28, {
+    'NextPteToTrim' : [ 0x0, ['pointer64', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0x18, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x1c, ['unsigned long']],
+    'LockedEntries' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_CMHIVE' : [ 0x17a8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0xa68, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0xa98, ['_LIST_ENTRY']],
+    'HiveList' : [ 0xaa8, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0xab8, ['_LIST_ENTRY']],
+    'FailedUnloadList' : [ 0xac8, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0xad8, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0xae0, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0xaf0, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0xaf8, ['unsigned long']],
+    'DeletedKcbTable' : [ 0xb00, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0xb08, ['unsigned long']],
+    'Identity' : [ 0xb0c, ['unsigned long']],
+    'HiveLock' : [ 0xb10, ['pointer64', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0xb18, ['pointer64', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0xb20, ['pointer64', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0xb28, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0xb38, ['unsigned long']],
+    'FlushLogEntry' : [ 0xb40, ['pointer64', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0xb48, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0xb4c, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0xb50, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0xb58, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0xb68, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0xb70, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0xb78, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0xb80, ['pointer64', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0xb88, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0xb90, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0xb94, ['unsigned long']],
+    'ActualFileSize' : [ 0xb98, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0xba0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0xbb0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0xbc0, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0xbd0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0xbe0, ['unsigned long']],
+    'SecurityCacheSize' : [ 0xbe4, ['unsigned long']],
+    'SecurityHitHint' : [ 0xbe8, ['long']],
+    'SecurityCache' : [ 0xbf0, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0xbf8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xff8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x1000, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0x1008, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x1010, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x1018, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x1020, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0x1048, ['unsigned char']],
+    'GrowOffset' : [ 0x104c, ['unsigned long']],
+    'KcbConvertListHead' : [ 0x1050, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0x1060, ['pointer64', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0x1068, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x14f0, ['unsigned long']],
+    'TrustClassEntry' : [ 0x14f8, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x1508, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x1510, ['unsigned long long']],
+    'CmRm' : [ 0x1518, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x1520, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x1524, ['long']],
+    'CreatorOwner' : [ 0x1528, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0x1530, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x1538, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x1540, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x1558, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x1570, ['unsigned long']],
+    'FlushActive' : [ 0x1570, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0x1570, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0x1570, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x1570, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x1574, ['unsigned long']],
+    'ReferenceCount' : [ 0x1578, ['long']],
+    'UnloadHistoryIndex' : [ 0x157c, ['long']],
+    'UnloadHistory' : [ 0x1580, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0x1780, ['unsigned long']],
+    'UnaccessedStart' : [ 0x1784, ['unsigned long']],
+    'UnaccessedEnd' : [ 0x1788, ['unsigned long']],
+    'LoadedKeyCount' : [ 0x178c, ['unsigned long']],
+    'HandleClosePending' : [ 0x1790, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0x1798, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0x17a0, ['unsigned char']],
+    'FailedUnload' : [ 0x17a1, ['unsigned char']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_SK_CRASH_MODULE' : [ 0x48, {
+    'ImageName' : [ 0x0, ['array', 32, ['wchar']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5c0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xf0, ['_CONTEXT']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x28, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPending' : [ 0x2a, ['unsigned char']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer64', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '__unnamed_2539' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_253b' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_253d' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_2539']],
+    'Interrupt' : [ 0x0, ['__unnamed_253b']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_253b']],
+    'Sci' : [ 0x0, ['__unnamed_253b']],
+    'Nmi' : [ 0x0, ['__unnamed_253b']],
+    'Sea' : [ 0x0, ['__unnamed_253b']],
+    'Sei' : [ 0x0, ['__unnamed_253b']],
+    'Gsiv' : [ 0x0, ['__unnamed_253b']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_253d']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
+    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x2b0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x298, ['unsigned long']],
+    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x2e0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Partition' : [ 0x2b0, ['pointer64', ['_EX_PARTITION']]],
+    'Node' : [ 0x2b8, ['pointer64', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x2c0, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x2c4, ['unsigned long']],
+    'ThreadCount' : [ 0x2c8, ['long']],
+    'MinThreads' : [ 0x2cc, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x2cc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x2d0, ['long']],
+    'QueueIndex' : [ 0x2d4, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'IoPoolUntrusted', 8: u'ExPoolMax'})]],
+    'AllThreadsExitedEvent' : [ 0x2d8, ['pointer64', ['_KEVENT']]],
+} ],
+  '_KSCB' : [ 0x1a8, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x70, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x70, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x70, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x70, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x70, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x70, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x70, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x71, ['unsigned char']],
+    'ReadySummary' : [ 0x72, ['unsigned short']],
+    'Rank' : [ 0x74, ['unsigned long']],
+    'ShareRank' : [ 0x78, ['pointer64', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x80, ['unsigned long']],
+    'ReadyListHead' : [ 0x88, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0x188, ['_RTL_RB_TREE']],
+    'Parent' : [ 0x198, ['pointer64', ['_KSCB']]],
+    'Root' : [ 0x1a0, ['pointer64', ['_KSCB']]],
+} ],
+  '__unnamed_2564' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x10, ['pointer64', ['void']]],
+    'ExceptionTableSize' : [ 0x18, ['unsigned long']],
+    'GpValue' : [ 0x20, ['pointer64', ['void']]],
+    'NonPagedDebugInfo' : [ 0x28, ['pointer64', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'u1' : [ 0x6e, ['__unnamed_2564']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x7c, ['unsigned long']],
+    'CoverageSection' : [ 0x80, ['pointer64', ['void']]],
+    'LoadedImports' : [ 0x88, ['pointer64', ['void']]],
+    'Spare' : [ 0x90, ['pointer64', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x98, ['unsigned long']],
+    'TimeDateStamp' : [ 0x9c, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long long']],
+    'TrimInProgressCount' : [ 0x8, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x10, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x28, ['array', 3, ['unsigned long']]],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'Abandoned' : [ 0x30, ['unsigned char']],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '__unnamed_2572' : [ 0x8, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 44, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2578' : [ 0x8, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'OldestWsleLeafEntries' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 14, native_type='unsigned long long')]],
+    'OldestWsleLeafAge' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 17, native_type='unsigned long long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 60, native_type='unsigned long long')]],
+} ],
+  '_MI_ACTIVE_PFN' : [ 0x8, {
+    'Leaf' : [ 0x0, ['__unnamed_2572']],
+    'PageTable' : [ 0x0, ['__unnamed_2578']],
+    'EntireActiveField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x28, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x2c, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_HMAP_TABLE' : [ 0x5000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_25a3' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_25a5' : [ 0x20, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_25a3']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x40, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0x18, ['__unnamed_25a5']],
+    'VerifiedData' : [ 0x38, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x30, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
+    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
+    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SystemCacheAttributes' : [ 0x20, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x18, {
+    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x10, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x240, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0x80, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x90, ['unsigned long long']],
+    'PteTrackingBitmap' : [ 0x98, ['_RTL_BITMAP_EX']],
+    'CachedPteHeads' : [ 0xa8, ['pointer64', ['_MI_CACHED_PTES']]],
+    'CachedKernelStackPteHeads' : [ 0xb0, ['pointer64', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xb8, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPteInfo' : [ 0x120, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x188, ['unsigned long']],
+    'KernelStackPages' : [ 0x18c, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x18d, ['unsigned char']],
+    'AdjustCounter' : [ 0x18e, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x190, ['long']],
+    'ReservedMappingTree' : [ 0x198, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x1a0, ['pointer64', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x1a8, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x1b0, ['long']],
+    'UltraSpaceContext' : [ 0x1b8, ['_MI_ULTRA_VA_CONTEXT']],
+    'NumberOfUltraMdlMaps' : [ 0x1f8, ['unsigned long']],
+    'UltraMdlNodeMappings' : [ 0x200, ['pointer64', ['_MI_ULTRA_MDL_NODE']]],
+} ],
+  '__unnamed_25bc' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0x1a8, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_25bc']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'NodeInformation' : [ 0x10, ['pointer64', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x18, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x20, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x28, ['unsigned long long']],
+    'PfnUnmapWorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x50, ['unsigned long long']],
+    'PfnUnmapWaitList' : [ 0x58, ['pointer64', ['void']]],
+    'MemoryRuns' : [ 0x60, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x68, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x80, ['array', 5, ['pointer64', ['void']]]],
+    'PartitionObject' : [ 0xa8, ['pointer64', ['_EPARTITION']]],
+    'PartitionSystemThreadsLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0xc0, ['long']],
+    'PfnUnmapActive' : [ 0xc4, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0xc8, ['_KEVENT']],
+    'RootDirectory' : [ 0xe0, ['pointer64', ['void']]],
+    'KernelObjectsDirectory' : [ 0xe8, ['pointer64', ['void']]],
+    'MemoryEvents' : [ 0xf0, ['array', 11, ['pointer64', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0x148, ['array', 11, ['pointer64', ['void']]]],
+    'NonChargedSecurePages' : [ 0x1a0, ['unsigned long long']],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '__unnamed_25c8' : [ 0x8, {
+    'InstancedWorkingSet' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0xc8, {
+    'NextPageColor' : [ 0x0, ['unsigned short']],
+    'LastTrimStamp' : [ 0x2, ['unsigned short']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long long']],
+    'VmWorkingSetList' : [ 0x10, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 8, ['unsigned long long']]],
+    'ExitOutswapGate' : [ 0x68, ['pointer64', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x70, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x78, ['unsigned long long']],
+    'WorkingSetLeafPrivateSize' : [ 0x80, ['unsigned long long']],
+    'WorkingSetSize' : [ 0x88, ['unsigned long long']],
+    'WorkingSetPrivateSize' : [ 0x90, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0x98, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0xa0, ['unsigned long long']],
+    'HardFaultCount' : [ 0xa8, ['unsigned long']],
+    'PartitionId' : [ 0xac, ['unsigned short']],
+    'Pad0' : [ 0xae, ['unsigned short']],
+    'u1' : [ 0xb0, ['__unnamed_25c8']],
+    'Reserved0' : [ 0xb8, ['unsigned long long']],
+    'Flags' : [ 0xc0, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x10, ['unsigned char']],
+    'BlockState' : [ 0x11, ['unsigned char']],
+    'WaitKey' : [ 0x12, ['unsigned short']],
+    'SpareLong' : [ 0x14, ['long']],
+    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
+    'Object' : [ 0x20, ['pointer64', ['void']]],
+    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x18, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0x10, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'AcquiredRundown' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+} ],
+  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
+    'CurrentSize' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'Epoch' : [ 0x8, ['unsigned long']],
+    'Overflow' : [ 0xc, ['unsigned char']],
+    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long long']],
+    'WorkQueue' : [ 0x20, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
+    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
+    'AcceptAcpiNotification' : [ 0x70, ['pointer64', ['void']]],
+    'WorkOrderCount' : [ 0x78, ['unsigned long']],
+    'WorkOrders' : [ 0x80, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_25ef' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x78, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x20, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x28, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x30, ['unsigned long long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x38, ['unsigned long long']],
+    'MdlHack' : [ 0x40, ['__unnamed_25ef']],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x30, ['pointer64', ['void']]],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'Index' : [ 0x60, ['unsigned short']],
+    'Flags' : [ 0x62, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x62, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'DbgUseDescriptorType' : [ 0x62, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'DbgDropProviderTraits' : [ 0x62, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'EnableMask' : [ 0x64, ['unsigned char']],
+    'GroupEnableMask' : [ 0x65, ['unsigned char']],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x28, {
+    'NextEntry' : [ 0x0, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x3c0, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long long']],
+    'AvailableSystemCacheVa' : [ 0x8, ['unsigned long long']],
+    'DynamicBitMapKernelStacks' : [ 0x10, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSystemPtes' : [ 0x58, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapDriverImages' : [ 0xa0, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapPagedPool' : [ 0x130, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSpecialPool' : [ 0x178, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapSystemCache' : [ 0x208, ['_MI_DYNAMIC_BITMAP']],
+    'HalPrivateVaStart' : [ 0x250, ['pointer64', ['void']]],
+    'HalPrivateVaSize' : [ 0x258, ['unsigned long long']],
+    'SystemVaAssignment' : [ 0x260, ['array', 8, ['unsigned long']]],
+    'SystemVaAssignmentHint' : [ 0x280, ['unsigned long']],
+    'DeleteKvaLock' : [ 0x284, ['long']],
+    'WsleArrays' : [ 0x288, ['array', 5, ['pointer64', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x2b0, ['pointer64', ['_MI_HYPER_SPACE']]],
+    'HyperSpaceEnd' : [ 0x2b8, ['pointer64', ['void']]],
+    'FreeSystemCacheVa' : [ 0x2c0, ['_KEVENT']],
+    'SystemVaLock' : [ 0x2d8, ['unsigned long long']],
+    'SystemCacheViewLock' : [ 0x2e0, ['unsigned long long']],
+    'SystemWorkingSetList' : [ 0x2e8, ['array', 5, ['_MMWSL_INSTANCE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x48, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'GoodCitizenWaiting' : [ 0x4, ['long']],
+    'ReleasedCommitDebt' : [ 0x8, ['unsigned long long']],
+    'ResetPagesRepurposedCount' : [ 0x10, ['unsigned long long']],
+    'WsSwapSupport' : [ 0x18, ['pointer64', ['void']]],
+    'CommitReleaseContext' : [ 0x20, ['pointer64', ['void']]],
+    'AccessLog' : [ 0x28, ['pointer64', ['void']]],
+    'ChargedWslePages' : [ 0x30, ['unsigned long long']],
+    'ActualWslePages' : [ 0x38, ['unsigned long long']],
+    'Reserved0' : [ 0x40, ['unsigned long long']],
+} ],
+  '_ETW_SYSTEM_LOGGER' : [ 0x2, {
+    'LoggerId' : [ 0x0, ['unsigned char']],
+    'ClockType' : [ 0x1, ['unsigned char']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MI_ULTRA_VA_CONTEXT' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ZeroMapping' : [ 0x8, ['pointer64', ['void']]],
+    'AllocationHintBit' : [ 0x10, ['unsigned long long']],
+    'Bitmap' : [ 0x18, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'ConcurrencyMaximum' : [ 0x38, ['long']],
+    'ConcurrencyCount' : [ 0x3c, ['long']],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x20, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CrossPartitionReferences' : [ 0x8, ['unsigned long long']],
+    'CloneCommitCount' : [ 0x10, ['unsigned long long']],
+    'u1' : [ 0x10, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0x18, ['unsigned long long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_2668' : [ 0x8, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_SECTION' : [ 0x40, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u1' : [ 0x28, ['__unnamed_2668']],
+    'SizeOfSection' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_1754']],
+    'InitialPageProtection' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x3c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x48, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer64', ['void']]]],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xb8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'ArgumentStatus' : [ 0x14, ['long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'Lock' : [ 0x44, ['unsigned long']],
+    'Cancel' : [ 0x48, ['unsigned char']],
+    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x58, ['_GUID']],
+    'Data' : [ 0x68, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0xa0, {
+    'Timelines' : [ 0x0, ['array', 14, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+    'InputTimeline' : [ 0x48, ['_TIMELINE_BITMAP']],
+    'AudioInTimeline' : [ 0x50, ['_TIMELINE_BITMAP']],
+    'AudioOutTimeline' : [ 0x58, ['_TIMELINE_BITMAP']],
+    'DisplayRequiredTimeline' : [ 0x60, ['_TIMELINE_BITMAP']],
+    'KeyboardInputTimeline' : [ 0x68, ['_TIMELINE_BITMAP']],
+    'Durations' : [ 0x70, ['array', 5, ['_ENERGY_STATE_DURATION']]],
+    'InputDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'AudioInDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'AudioOutDuration' : [ 0x80, ['_ENERGY_STATE_DURATION']],
+    'DisplayRequiredDuration' : [ 0x88, ['_ENERGY_STATE_DURATION']],
+    'PSMBackgroundDuration' : [ 0x90, ['_ENERGY_STATE_DURATION']],
+    'KeyboardInput' : [ 0x98, ['unsigned long']],
+    'MouseInput' : [ 0x9c, ['unsigned long']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x20, ['pointer64', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x28, ['long']],
+    'Active' : [ 0x2c, ['long']],
+    'FreeWhenDone' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x118, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x10, ['unsigned long']],
+    'InDebugger' : [ 0x14, ['long']],
+    'Pfns' : [ 0x18, ['array', 32, ['pointer64', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LockState' : [ 0x0, ['pointer64', ['void']]],
+    'SessionState' : [ 0x8, ['pointer64', ['void']]],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'SessionPad' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_ETIMER' : [ 0x138, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x40, ['unsigned long long']],
+    'TimerApc' : [ 0x48, ['_KAPC']],
+    'TimerDpc' : [ 0xa0, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Period' : [ 0xf0, ['unsigned long']],
+    'TimerFlags' : [ 0xf4, ['unsigned char']],
+    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0xf5, ['unsigned char']],
+    'Spare2' : [ 0xf6, ['unsigned short']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x128, ['unsigned long long']],
+    'CoalescingWindow' : [ 0x130, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x78, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x48, ['pointer64', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x50, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'CrashDumpPte' : [ 0x70, ['pointer64', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x20, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0x18, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x10, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x200, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x28, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x30, ['unsigned char']],
+    'PepWokenTransition' : [ 0x31, ['unsigned char']],
+    'EfficiencyClass' : [ 0x32, ['unsigned char']],
+    'SchedulingClass' : [ 0x33, ['unsigned char']],
+    'TargetIdleState' : [ 0x34, ['unsigned long']],
+    'IdlePolicy' : [ 0x38, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x40, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x48, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xdc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xe0, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0xe8, ['long']],
+    'FFHThrottleStateInfo' : [ 0xf0, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x110, ['_KDPC']],
+    'PerfActionMask' : [ 0x150, ['long']],
+    'HvIdleCheck' : [ 0x158, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x168, ['pointer64', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x170, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x178, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x180, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x188, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x190, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x198, ['pointer64', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x1a0, ['unsigned char']],
+    'HvTargetState' : [ 0x1a1, ['unsigned char']],
+    'Parked' : [ 0x1a2, ['unsigned char']],
+    'LongPriorQosPeriod' : [ 0x1a3, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x1a4, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x1a8, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x1ac, ['unsigned long']],
+    'RelativePerformance' : [ 0x1b0, ['unsigned long']],
+    'Utility' : [ 0x1b4, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x1b8, ['unsigned long']],
+    'SnapTimeLast' : [ 0x1c0, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x1c0, ['unsigned long long']],
+    'ActiveTime' : [ 0x1c8, ['unsigned long long']],
+    'TotalTime' : [ 0x1d0, ['unsigned long long']],
+    'FxDevice' : [ 0x1d8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'LastQosTranstionTsc' : [ 0x1e0, ['unsigned long long']],
+    'QosTransitionHysteresis' : [ 0x1e8, ['unsigned long long']],
+    'RequestedQosClass' : [ 0x1f0, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMax'})]],
+    'ResolvedQosClass' : [ 0x1f4, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMax'})]],
+    'QosEquivalencyMask' : [ 0x1f8, ['unsigned long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x300, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x18, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x30, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x48, ['unsigned long long']],
+    'AttemptForCantExtend' : [ 0x50, ['_MMPAGE_FILE_EXPANSION']],
+    'DereferenceSegmentHeader' : [ 0xa8, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0xf8, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x108, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0x148, ['unsigned char']],
+    'SegmentDereferenceThreadExists' : [ 0x149, ['unsigned char']],
+    'UnusedSegmentPagedPool' : [ 0x150, ['unsigned long long']],
+    'UnusedSegmentList' : [ 0x158, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0x168, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0x178, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0x188, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x1a0, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0x1a8, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0x1c0, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x1e0, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0x1f0, ['_EX_PUSH_LOCK']],
+    'PagefileExtensionWaiters' : [ 0x1f8, ['unsigned long']],
+    'PagefileExtensionRequests' : [ 0x1fc, ['unsigned long']],
+    'PagefileExtensionWaitEvent' : [ 0x200, ['_KEVENT']],
+    'SharedCharges' : [ 0x218, ['array', 5, ['_MI_CROSS_PARTITION_CHARGES']]],
+    'SharedChargesDrainEvent' : [ 0x2b8, ['pointer64', ['_KEVENT']]],
+    'PagefileControlAreasDrainEvent' : [ 0x2c0, ['pointer64', ['_KEVENT']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x18, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_DEVICE' : [ 0x2a0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DevNode' : [ 0x30, ['pointer64', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x50, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x58, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x68, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x70, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0xb0, ['pointer64', ['void']]],
+    'AcpiLink' : [ 0xb8, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0xc8, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0xd8, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0xf8, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x118, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0x150, ['unsigned long long']],
+    'IdleTimer' : [ 0x158, ['_KTIMER']],
+    'IdleDpc' : [ 0x198, ['_KDPC']],
+    'IdleTimeout' : [ 0x1d8, ['unsigned long long']],
+    'IdleStamp' : [ 0x1e0, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x1e8, ['array', 2, ['pointer64', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x1f8, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x200, ['array', 2, ['pointer64', ['void']]]],
+    'NextIrpCallerContext' : [ 0x210, ['array', 2, ['pointer64', ['void']]]],
+    'IrpCompleteEvent' : [ 0x220, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x238, ['pointer64', ['void']]],
+    'Accounting' : [ 0x240, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x270, ['unsigned long']],
+    'ComponentCount' : [ 0x274, ['unsigned long']],
+    'Components' : [ 0x278, ['pointer64', ['pointer64', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x280, ['unsigned long']],
+    'Log' : [ 0x288, ['pointer64', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x290, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x298, ['pointer64', ['_DRIVER_OBJECT']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x80, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x10, ['short']],
+    'SpecialApcDisable' : [ 0x12, ['short']],
+    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
+    'Irql' : [ 0x14, ['unsigned char']],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x8, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 59, native_type='unsigned long long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer64', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Processors' : [ 0x8, ['unsigned long']],
+    'ActiveProcessors' : [ 0xc, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0x18, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SepCachedHandlesEntryLowbox', 1: u'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x8, ['pointer64', ['void']]],
+    'IsolationPrefix' : [ 0x8, ['_UNICODE_STRING']],
+} ],
+  '_MI_ULTRA_MDL_NODE' : [ 0x200, {
+    'UltraMdlMaps' : [ 0x0, ['array', 8, ['_MI_ALIGNED_SLIST']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0xc0, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['long']],
+} ],
+  '__unnamed_2728' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_272a' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2728']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x60, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x40, ['pointer64', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x48, ['_LIST_ENTRY']],
+    'Specific' : [ 0x58, ['__unnamed_272a']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x38, ['long']],
+} ],
+  '_ETW_STACK_TRACE_BLOCK' : [ 0x500, {
+    'Flags' : [ 0x0, ['long']],
+    'RelatedTimestamp' : [ 0x8, ['_LARGE_INTEGER']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackWalkDpc' : [ 0x18, ['_KDPC']],
+    'ApcListHead' : [ 0x60, ['_SLIST_HEADER']],
+    'ApcEntry' : [ 0x70, ['array', 12, ['_ETW_APC_ENTRY']]],
+    'ApcCount' : [ 0x4f0, ['long']],
+    'MaxApcCount' : [ 0x4f4, ['long']],
+} ],
+  '_EVENT_FILTER_LEVEL_KW' : [ 0x18, {
+    'MatchAnyKeyword' : [ 0x0, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x8, ['unsigned long long']],
+    'Level' : [ 0x10, ['unsigned char']],
+    'FilterIn' : [ 0x11, ['unsigned char']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '__unnamed_2749' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x58, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x20, ['unsigned long long']],
+    'ActualExpansion' : [ 0x28, ['unsigned long long']],
+    'Event' : [ 0x30, ['_KEVENT']],
+    'InProgress' : [ 0x48, ['long']],
+    'u1' : [ 0x4c, ['__unnamed_2749']],
+    'ActiveEntry' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x160, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb8, ['array', 21, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x58, {
+    'Context' : [ 0x0, ['pointer64', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x4c, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x50, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x70, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceReasonUnknown', 1: u'RebalanceReasonRequirementsChanged', 2: u'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceFailureNone', 1: u'RebalanceFailureDisabled', 2: u'RebalanceFailureNoMemory', 3: u'RebalanceFailureQueryStopUnexpectedVeto', 4: u'RebalanceFailureNoRequirements', 5: u'RebalanceFailureNoCandidates', 6: u'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x20, ['unsigned char']],
+    'TriggerRoot' : [ 0x28, ['pointer64', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x30, ['unsigned char']],
+    'BeginTime' : [ 0x38, ['unsigned long long']],
+    'VetoNode' : [ 0x40, ['array', 2, ['pointer64', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x50, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceQueryRebalanceSucceeded', 1: u'DeviceQueryStopFailed', 2: u'DeviceFailedGetNewResourceRequirement', 3: u'DeviceInUnexpectedState', 4: u'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x58, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x28, {
+    'BlockOffset' : [ 0x0, ['unsigned long long']],
+    'PermanentBinAddress' : [ 0x8, ['unsigned long long']],
+    'TemporaryBinAddress' : [ 0x10, ['unsigned long long']],
+    'TemporaryBinRundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+    'MemAlloc' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_2795' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x118, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x58, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x68, ['array', 3, ['__unnamed_2795']]],
+    'WakeAlarmPaused' : [ 0xb0, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb8, ['unsigned long long']],
+    'DozeDeferralStartTime' : [ 0xc0, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc8, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_WNF_LOCK' : [ 0x8, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  '_RELATION_LIST' : [ 0x10, {
+    'DeviceObjectList' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x8, ['unsigned char']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_ISR_THUNK' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KINTERRUPT' : [ 0x100, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
+    'ActiveCount' : [ 0x66, ['unsigned short']],
+    'InternalState' : [ 0x68, ['long']],
+    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x74, ['unsigned long']],
+    'DispatchCount' : [ 0x78, ['unsigned long']],
+    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x90, ['pointer64', ['void']]],
+    'ServiceThread' : [ 0x98, ['pointer64', ['_KTHREAD']]],
+    'ConnectionData' : [ 0xa0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0xa8, ['pointer64', ['void']]],
+    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xf0, ['pointer64', ['void']]],
+    'Padding' : [ 0xf8, ['array', 8, ['unsigned char']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x68, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x18, ['unsigned char']],
+    'ThreadPriorityStatic' : [ 0x19, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x1c, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x40, ['long']],
+    'Gate' : [ 0x48, ['_KGATE']],
+    'ThreadContext' : [ 0x60, ['pointer64', ['_MI_ZERO_THREAD_CONTEXT']]],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x40, {
+    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
+    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
+    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
+    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
+    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
+    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
+    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
+    'DripsWatchdogCallback' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x10, ['pointer64', ['void']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'SharedWaiters' : [ 0x20, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x28, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'ReservedWin64OnlyPointer' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 48, native_type='unsigned long long')]],
+} ],
+  '_WAITING_IRP' : [ 0x40, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'Information' : [ 0x30, ['unsigned long']],
+    'BreakAllRH' : [ 0x34, ['unsigned char']],
+    'OplockBreakNotify' : [ 0x35, ['unsigned char']],
+    'FileObject' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_MI_DYNAMIC_BITMAP' : [ 0x48, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'MaximumSize' : [ 0x10, ['unsigned long long']],
+    'Hint' : [ 0x18, ['unsigned long long']],
+    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
+    'SizeTopDown' : [ 0x28, ['unsigned long long']],
+    'HintTopDown' : [ 0x30, ['unsigned long long']],
+    'BaseVaTopDown' : [ 0x38, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x90, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
+    'UnscaledTime' : [ 0x30, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x38, ['long long']],
+    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
+    'UserTimeLast' : [ 0x60, ['unsigned long']],
+    'KernelTimeLast' : [ 0x64, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x68, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x70, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x78, ['unsigned long long']],
+    'StallTime' : [ 0x80, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x88, ['unsigned char']],
+    'CounterDiscardsIdleTime' : [ 0x89, ['unsigned char']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
+    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'DiscardIdleTime' : [ 0x22, ['unsigned char']],
+    'Scaling' : [ 0x23, ['unsigned char']],
+    'Context' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'Hint' : [ 0x20, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_PEB64' : [ 0x7b0, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'SharedData' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['unsigned long long']],
+    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
+    'FlsBitmap' : [ 0x338, ['unsigned long long']],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pUnused' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['LIST_ENTRY64']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['unsigned long long']]],
+    'TelemetryCoverageHeader' : [ 0x7a0, ['unsigned long long']],
+    'CloudFileFlags' : [ 0x7a8, ['unsigned long']],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned short']],
+    'Flags' : [ 0x5a, ['unsigned char']],
+    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
+    'SiloState' : [ 0x98, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x1d0, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x30, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x50, ['unsigned long']],
+    'ClonedPageCount' : [ 0x58, ['unsigned long long']],
+    'CurrentMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x68, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x70, ['unsigned long long']],
+    'LoaderMdl' : [ 0x78, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x80, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x88, ['unsigned long long']],
+    'IoPages' : [ 0x90, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x98, ['unsigned long']],
+    'CurrentMcb' : [ 0xa0, ['pointer64', ['void']]],
+    'DumpStack' : [ 0xa8, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0xb0, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0xb8, ['unsigned long']],
+    'Status' : [ 0xbc, ['long']],
+    'GraphicsProc' : [ 0xc0, ['unsigned long']],
+    'MemoryImage' : [ 0xc8, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0xd8, ['pointer64', ['_MDL']]],
+    'SiLogOffset' : [ 0xe0, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0xe8, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0xf0, ['pointer64', ['void']]],
+    'ResumeContext' : [ 0xf8, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0x100, ['unsigned long']],
+    'SecurePages' : [ 0x104, ['unsigned long']],
+    'ProcessorCount' : [ 0x108, ['unsigned long']],
+    'ProcessorContext' : [ 0x110, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0x118, ['pointer64', ['unsigned char']]],
+    'ProdConsSize' : [ 0x120, ['unsigned long']],
+    'MaxDataPages' : [ 0x124, ['unsigned long']],
+    'ExtraBuffer' : [ 0x128, ['pointer64', ['void']]],
+    'ExtraBufferSize' : [ 0x130, ['unsigned long long']],
+    'ExtraMapVa' : [ 0x138, ['pointer64', ['void']]],
+    'BitlockerKeyPFN' : [ 0x140, ['unsigned long long']],
+    'IoInfo' : [ 0x148, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x1b8, ['pointer64', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x1c0, ['unsigned long long']],
+    'HardwareConfigurationSignature' : [ 0x1c8, ['unsigned long']],
+    'IumEnabled' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2833' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_2833']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long long']],
+    'TotalCommitLimitMaximum' : [ 0x8, ['unsigned long long']],
+    'Popups' : [ 0x10, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x18, ['unsigned long long']],
+    'HighCommitThreshold' : [ 0x20, ['unsigned long long']],
+    'EventLock' : [ 0x28, ['unsigned long long']],
+    'SystemCommitReserve' : [ 0x30, ['unsigned long long']],
+    'OverCommit' : [ 0x40, ['unsigned long long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x58, {
+    'Sibling' : [ 0x0, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
+    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
+    'Code' : [ 0x20, ['unsigned long']],
+    'Parameter1' : [ 0x28, ['unsigned long long']],
+    'Parameter2' : [ 0x30, ['unsigned long long']],
+    'Parameter3' : [ 0x38, ['unsigned long long']],
+    'Parameter4' : [ 0x40, ['unsigned long long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'StackLimitHits' : [ 0x8038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
+    'TotalReleases' : [ 0x8048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
+    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
+    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8168, ['long']],
+    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'DebuggerStackLimits', 8: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
+    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x3d8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long long']],
+    'HiberFlags' : [ 0x38, ['unsigned char']],
+    'spare' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'NoFreePages' : [ 0x48, ['unsigned long']],
+    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
+    'WakeCheck' : [ 0x50, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
+    'FirstSecureRestorePage' : [ 0x60, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x68, ['unsigned long long']],
+    'FirstKernelRestorePage' : [ 0x70, ['unsigned long long']],
+    'FirstChecksumRestorePage' : [ 0x78, ['unsigned long long']],
+    'NoChecksumEntries' : [ 0x80, ['unsigned long long']],
+    'PerfInfo' : [ 0x88, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x280, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x288, ['array', 1, ['unsigned long long']]],
+    'SiLogOffset' : [ 0x290, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x294, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x298, ['array', 24, ['unsigned long long']]],
+    'NotUsed' : [ 0x358, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x35c, ['unsigned long']],
+    'ResumeContextPages' : [ 0x360, ['unsigned long']],
+    'Hiberboot' : [ 0x364, ['unsigned char']],
+    'HvCr3' : [ 0x368, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x370, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x378, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x380, ['unsigned long long']],
+    'BootFlags' : [ 0x388, ['unsigned long long']],
+    'RestoreProcessorStateRoutine' : [ 0x390, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x398, ['unsigned long long']],
+    'BitlockerKeyPfns' : [ 0x3a0, ['array', 4, ['unsigned long long']]],
+    'HardwareSignature' : [ 0x3c0, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x3d0, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x3d4, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x3d5, ['unsigned char']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x50, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x8, ['long']],
+    'PrefetchSeekThreshold' : [ 0xc, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x30, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x34, ['unsigned long']],
+    'DelayPageFaults' : [ 0x38, ['long']],
+    'FileCompressionBoundary' : [ 0x3c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x40, ['unsigned char']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x70, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long long']],
+    'PfnDecayFreeSList' : [ 0x10, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x28, ['_KDPC']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x8, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x150, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x108, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x38, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long long']]],
+    'InitialInPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x10, ['pointer64', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x18, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_PTE_TRACKER' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x28, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0x18, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0x120, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
+    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x40, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x50, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x60, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x70, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x78, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x7c, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x80, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x84, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x88, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x8c, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x90, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0xa0, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0xb0, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0xc0, ['pointer64', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0xc8, ['unsigned long']],
+    'HybridPriority' : [ 0xc8, ['unsigned long']],
+    'PageFileNumber' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'Spare0' : [ 0xcc, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0xce, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0xce, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0xcf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0xcf, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0xd0, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0xd4, ['unsigned long']],
+    'PageHash' : [ 0xd8, ['pointer64', ['unsigned long']]],
+    'FileHandle' : [ 0xe0, ['pointer64', ['void']]],
+    'Lock' : [ 0xe8, ['unsigned long long']],
+    'LockOwner' : [ 0xf0, ['pointer64', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0xf8, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x100, ['pointer64', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x108, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_HVIEW_MAP' : [ 0x4b0, {
+    'MappedLength' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Directory' : [ 0x18, ['pointer64', ['_HVIEW_MAP_DIRECTORY']]],
+    'PagesCharged' : [ 0x20, ['unsigned long']],
+    'PinLog' : [ 0x28, ['_HVIEW_MAP_PIN_LOG']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x20, ['long']],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned short']],
+    'Flags' : [ 0x16, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x10, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x30, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x20, ['unsigned long']],
+    'ModuleSize' : [ 0x24, ['unsigned long']],
+    'Offset' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_28da' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_28dc' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_28da']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_28dc']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x10, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x70, {
+    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x10, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
+    'RequestSize' : [ 0x28, ['unsigned long long']],
+    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x38, ['unsigned long long']],
+    'Buffer' : [ 0x40, ['pointer64', ['void']]],
+    'AsyncCapable' : [ 0x48, ['unsigned char']],
+    'BytesToRead' : [ 0x50, ['unsigned long long']],
+    'Pages' : [ 0x58, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x60, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x68, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x58, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'AppContainerNumber' : [ 0x30, ['unsigned long']],
+    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
+    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
+    'SecurityAttributes' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x8, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 62, native_type='unsigned long long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+    'Lock' : [ 0x0, ['long long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x18, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0x10, ['pointer64', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['unsigned long long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Pattern' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_291f' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_291f']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '__unnamed_2930' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_2933' : [ 0x8, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x88, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x40, ['__unnamed_2930']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u4' : [ 0x78, ['__unnamed_2933']],
+    'FileObject' : [ 0x80, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x88, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
+    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
+    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsFlags' : [ 0x50, ['unsigned long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x120, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x90, ['pointer64', ['void']]],
+    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0xb0, ['pointer64', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
+    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
+    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0xf8, ['unsigned long long']],
+    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
+    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', 7: u'LoadReasonEnclavePrimary', 8: u'LoadReasonEnclaveDependency', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
+    'ReferenceCount' : [ 0x114, ['unsigned long']],
+    'DependentLoadFlags' : [ 0x118, ['unsigned long']],
+    'SigningLevel' : [ 0x11c, ['unsigned char']],
+} ],
+  '_ETW_APC_ENTRY' : [ 0x60, {
+    'SListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'Apc' : [ 0x0, ['_KAPC']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x18, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2961' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2963' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_2965' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_2961']],
+    'e2' : [ 0x0, ['__unnamed_2963']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_2965']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x2c0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x58, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0xb0, ['unsigned long long']],
+    'NumberOfMappedMdlsInUse' : [ 0xb8, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0xbc, ['unsigned long']],
+    'MappedFileHeader' : [ 0xc0, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0xe8, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0xe9, ['unsigned char']],
+    'ModwriterActive' : [ 0xea, ['unsigned char']],
+    'TransitionInserted' : [ 0xeb, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0xec, ['long']],
+    'LastMappedWriteError' : [ 0xf0, ['long']],
+    'MappedFileWriteSucceeded' : [ 0xf4, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0xf8, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xfc, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0x100, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0x118, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0x120, ['unsigned long long']],
+    'ModifiedPageWriterEvent' : [ 0x128, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0x140, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0x158, ['long']],
+    'WriteAllMappedPages' : [ 0x15c, ['long']],
+    'MappedPageWriterEvent' : [ 0x160, ['_KEVENT']],
+    'ModWriteData' : [ 0x178, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x1b8, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x1d0, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x1f8, ['pointer64', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x200, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x208, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x228, ['unsigned long']],
+    'ClusterWritesDisabled' : [ 0x22c, ['array', 2, ['long']]],
+    'NotifyStoreMemoryConditions' : [ 0x238, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x250, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x254, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x258, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x260, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x280, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x288, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x2a8, ['long']],
+    'WorkingSetSwapLock' : [ 0x2b0, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x2b8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer64', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x10, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x8, ['long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned char']],
+    'DripsRequiredState' : [ 0xc, ['unsigned long']],
+    'Level' : [ 0x10, ['long']],
+    'ActiveStamp' : [ 0x18, ['long long']],
+    'CsActiveTime' : [ 0x20, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x28, ['long long']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+} ],
+  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
+    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
+    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'SizeOfTable' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x48, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer64', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MI_RFG_PROTECTED_STACK' : [ 0x18, {
+    'ControlStackBase' : [ 0x0, ['pointer64', ['void']]],
+    'ControlStackVad' : [ 0x8, ['pointer64', ['_MMVAD_SHORT']]],
+    'OwnerThread' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x100, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x60, ['long']],
+    'ActiveEvent' : [ 0x68, ['_KEVENT']],
+    'IdleLock' : [ 0x80, ['unsigned long long']],
+    'IdleConditionComplete' : [ 0x88, ['long']],
+    'IdleStateComplete' : [ 0x8c, ['long']],
+    'IdleStamp' : [ 0x90, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x98, ['unsigned long']],
+    'IdleStateCount' : [ 0x9c, ['unsigned long']],
+    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
+    'ProviderCount' : [ 0xac, ['unsigned long']],
+    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
+    'DependentCount' : [ 0xbc, ['unsigned long']],
+    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0xf8, ['pointer64', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_DYNAMIC_FUNCTION_TABLE' : [ 0x70, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
+    'MinimumAddress' : [ 0x20, ['unsigned long long']],
+    'MaximumAddress' : [ 0x28, ['unsigned long long']],
+    'BaseAddress' : [ 0x30, ['unsigned long long']],
+    'Callback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['wchar']]],
+    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'RF_SORTED', 1: u'RF_UNSORTED', 2: u'RF_CALLBACK', 3: u'RF_KERNEL_DYNAMIC'})]],
+    'EntryCount' : [ 0x54, ['unsigned long']],
+    'TreeNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_HVIEW_MAP_PIN_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x20, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29ed' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_29ed']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x10, ['unsigned char']],
+    'Disowned' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0x12, ['unsigned char']],
+    'IsWaiting' : [ 0x13, ['unsigned char']],
+    'LockAddress' : [ 0x18, ['pointer64', ['void']]],
+    'ThreadAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SublistHead' : [ 0x28, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0xe8, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long long']],
+    'NonPagedPoolSListMaximum' : [ 0x8, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x18, ['unsigned long long']],
+    'BadPoolHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x28, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x2c, ['unsigned char']],
+    'PoolFailures' : [ 0x30, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x54, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x80, ['unsigned long long']],
+    'HighPagedPoolThreshold' : [ 0x88, ['unsigned long long']],
+    'PagedPoolSListMaximum' : [ 0x90, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x94, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0xa8, ['unsigned long long']],
+    'SpecialPoolRejected' : [ 0xb0, ['array', 6, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0xc8, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0xd0, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0xd4, ['unsigned long']],
+    'TotalPagedPoolQuota' : [ 0xd8, ['unsigned long long']],
+    'TotalNonPagedPoolQuota' : [ 0xe0, ['unsigned long long']],
+} ],
+  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
+    'BeginAddress' : [ 0x0, ['unsigned long']],
+    'EndAddress' : [ 0x4, ['unsigned long']],
+    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
+    'UnwindData' : [ 0x8, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'ConnectLock' : [ 0x8, ['_KEVENT']],
+    'LineMasked' : [ 0x20, ['unsigned char']],
+    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0x18, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x8, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0xf8, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaLastRangeIndex' : [ 0x4, ['unsigned long']],
+    'NumaTableCaptured' : [ 0x8, ['unsigned char']],
+    'NodeShift' : [ 0x9, ['unsigned char']],
+    'ChannelShift' : [ 0xa, ['unsigned char']],
+    'NodeGraph' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x18, ['pointer64', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaMemoryRanges' : [ 0x20, ['pointer64', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x28, ['pointer64', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'SecondLevelCacheSize' : [ 0x30, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x34, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x38, ['unsigned long']],
+    'TotalPagesAllowed' : [ 0x40, ['unsigned long long']],
+    'SecondaryColorMask' : [ 0x48, ['unsigned long']],
+    'SecondaryColors' : [ 0x4c, ['unsigned long']],
+    'MediumPageColors' : [ 0x50, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x54, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x58, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x5c, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x60, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x68, ['unsigned long long']],
+    'OptimalZeroingAttribute' : [ 0x70, ['array', 4, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'MiNonCached', 1: u'MiCached', 2: u'MiWriteCombined', 3: u'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0xb0, ['unsigned char']],
+    'ZeroCostCounts' : [ 0xb8, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'PrimaryPfns' : [ 0xd8, ['unsigned long long']],
+    'HighestPossiblePhysicalPage' : [ 0xe0, ['unsigned long long']],
+    'EnclaveRegions' : [ 0xe8, ['_RTL_AVL_TREE']],
+    'VsmKernelPageCount' : [ 0xf0, ['unsigned long long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x28, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0x18, ['unsigned char']],
+    'BlocksDrips' : [ 0x19, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x1c, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x20, ['pointer64', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_EX_PARTITION' : [ 0x20, {
+    'PartitionObject' : [ 0x0, ['pointer64', ['_EPARTITION']]],
+    'WorkQueues' : [ 0x8, ['pointer64', ['pointer64', ['pointer64', ['_EX_WORK_QUEUE']]]]],
+    'WorkQueueManagers' : [ 0x10, ['pointer64', ['pointer64', ['_EX_WORK_QUEUE_MANAGER']]]],
+    'QueueAllocationMask' : [ 0x18, ['long']],
+} ],
+  '__unnamed_2a26' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2a26']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x118, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x100, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x108, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x110, ['unsigned long long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xb8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x38, ['unsigned long long']],
+    'ProbeRaises' : [ 0x40, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x80, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x88, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x8c, ['unsigned long']],
+    'CheckZeroCount' : [ 0x90, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x94, ['long']],
+    'BadPagesDetected' : [ 0x98, ['long']],
+    'ScrubPasses' : [ 0x9c, ['long']],
+    'ScrubBadPagesFound' : [ 0xa0, ['long']],
+    'UserViewFailures' : [ 0xa4, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0xa8, ['unsigned long']],
+    'ResavailFailures' : [ 0xac, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xb4, ['unsigned char']],
+    'InitFailure' : [ 0xb5, ['unsigned char']],
+    'StopBadMaps' : [ 0xb6, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x260, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0xc0, ['unsigned long long']],
+    'ProcessorCount' : [ 0xc8, ['unsigned long']],
+    'EfficiencyClass' : [ 0xcc, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0xcd, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0xce, ['unsigned char']],
+    'Spare' : [ 0xcf, ['unsigned char']],
+    'Processors' : [ 0xd0, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0xd8, ['pointer64', ['void']]],
+    'TimeWindowHandler' : [ 0xe0, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0xe8, ['pointer64', ['void']]],
+    'BoostModeHandler' : [ 0xf0, ['pointer64', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0xf8, ['pointer64', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x100, ['pointer64', ['void']]],
+    'AutonomousModeHandler' : [ 0x108, ['pointer64', ['void']]],
+    'ReinitializeHandler' : [ 0x110, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x118, ['pointer64', ['void']]],
+    'PerfControlHandler' : [ 0x120, ['pointer64', ['void']]],
+    'DomainPerfControlHandler' : [ 0x128, ['pointer64', ['void']]],
+    'MaxFrequency' : [ 0x130, ['unsigned long']],
+    'NominalFrequency' : [ 0x134, ['unsigned long']],
+    'MaxPercent' : [ 0x138, ['unsigned long']],
+    'MinPerfPercent' : [ 0x13c, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x140, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x148, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x150, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x158, ['unsigned char']],
+    'Coordination' : [ 0x159, ['unsigned char']],
+    'HardPlatformCap' : [ 0x15a, ['unsigned char']],
+    'AffinitizeControl' : [ 0x15b, ['unsigned char']],
+    'EfficientThrottle' : [ 0x15c, ['unsigned char']],
+    'AllowSchedulerDirectedPerfStates' : [ 0x15d, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x15e, ['unsigned char']],
+    'AutonomousMode' : [ 0x15f, ['unsigned char']],
+    'ProvideGuidance' : [ 0x160, ['unsigned char']],
+    'DesiredPercent' : [ 0x164, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x168, ['unsigned long']],
+    'QosPolicies' : [ 0x16c, ['array', 3, ['_PROC_PERF_QOS_CLASS_POLICY']]],
+    'QosDisableReasons' : [ 0x1b4, ['array', 3, ['unsigned long']]],
+    'QosEquivalencyMasks' : [ 0x1c0, ['array', 3, ['unsigned long']]],
+    'QosSupported' : [ 0x1cc, ['unsigned char']],
+    'SelectionGeneration' : [ 0x1d0, ['unsigned long']],
+    'QosSelection' : [ 0x1d8, ['array', 3, ['_PERF_CONTROL_STATE_SELECTION']]],
+    'PerfChangeTime' : [ 0x250, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x258, ['unsigned long']],
+    'Force' : [ 0x25c, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0xa8, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x8, ['unsigned long long']],
+    'DummyPagePfn' : [ 0x10, ['pointer64', ['_MMPFN']]],
+    'DummyPage' : [ 0x18, ['unsigned long long']],
+    'PageOfZeroes' : [ 0x20, ['unsigned long long']],
+    'ZeroMapping' : [ 0x28, ['pointer64', ['void']]],
+    'OnesMapping' : [ 0x30, ['pointer64', ['void']]],
+    'ZeroCrc' : [ 0x38, ['unsigned long long']],
+    'OnesCrc' : [ 0x40, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x48, ['array', 4, ['unsigned long long']]],
+    'PfnGapFrames' : [ 0x68, ['array', 4, ['unsigned long long']]],
+    'PageTableOfZeroes' : [ 0x88, ['unsigned long long']],
+    'PdeOfZeroes' : [ 0x90, ['_MMPTE']],
+    'PageTableOfOnes' : [ 0x98, ['unsigned long long']],
+    'PdeOfOnes' : [ 0xa0, ['_MMPTE']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x10, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DEVICE_OBJECT_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'TagCount' : [ 0x8, ['unsigned long']],
+    'OperationCode' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+    'Devices' : [ 0x10, ['array', 1, ['_DEVICE_OBJECT_LIST_ENTRY']]],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Lock' : [ 0x20, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x38, ['pointer64', ['void']]],
+    'Enabled' : [ 0x40, ['unsigned char']],
+    'ActiveEngaged' : [ 0x41, ['unsigned char']],
+    'ThrottleLimit' : [ 0x42, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x43, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x48, ['pointer64', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Interface' : [ 0x58, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '__unnamed_2a5f' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x8, ['__unnamed_2a5f']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x10, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+    'PoolTagHash' : [ 0xa, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x144, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+    'UserPresencePredictionEnabled' : [ 0x140, ['unsigned long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_2a72' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_2a72']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x88, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x40, ['_KDPC']],
+    'WorkOrder' : [ 0x80, ['pointer64', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '__unnamed_2a87' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_2a87']],
+} ],
+  '__unnamed_2a8b' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2a8f' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2a91' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a93' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2a95' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_2a97' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2a99' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a9b' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2a9d' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2a9f' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2aa1' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2aa3' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_2a8b']],
+    'Memory' : [ 0x0, ['__unnamed_2a8b']],
+    'Interrupt' : [ 0x0, ['__unnamed_2a8f']],
+    'Dma' : [ 0x0, ['__unnamed_2a91']],
+    'DmaV3' : [ 0x0, ['__unnamed_2a93']],
+    'Generic' : [ 0x0, ['__unnamed_2a8b']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2a95']],
+    'BusNumber' : [ 0x0, ['__unnamed_2a97']],
+    'ConfigData' : [ 0x0, ['__unnamed_2a99']],
+    'Memory40' : [ 0x0, ['__unnamed_2a9b']],
+    'Memory48' : [ 0x0, ['__unnamed_2a9d']],
+    'Memory64' : [ 0x0, ['__unnamed_2a9f']],
+    'Connection' : [ 0x0, ['__unnamed_2aa1']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_2aa3']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x50, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
+    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x30, ['unsigned short']],
+    'ReplyIndex' : [ 0x32, ['unsigned short']],
+    'Flags' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x60, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '__unnamed_2ac7' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x108, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_2ac7']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
+    'ByteCount' : [ 0x88, ['unsigned long']],
+    'ChargedPages' : [ 0x8c, ['unsigned long']],
+    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'Partition' : [ 0xc0, ['pointer64', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xd0, ['_MDL']],
+    'Page' : [ 0x100, ['array', 1, ['unsigned long long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x20, ['unsigned char']],
+    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
+    'OplockState' : [ 0x90, ['unsigned long']],
+    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
+} ],
+  '__unnamed_2ad0' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2ad1' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2ad0']],
+    'Merged' : [ 0x10, ['__unnamed_2ad1']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2ad5' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2ad7' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2ad9' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2adb' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_2ad9']],
+    'Translated' : [ 0x0, ['__unnamed_2ad7']],
+} ],
+  '__unnamed_2add' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2adf' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_2ae1' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2ae3' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2ae5' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2ae7' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2ae9' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2aeb' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_2ad5']],
+    'Port' : [ 0x0, ['__unnamed_2ad5']],
+    'Interrupt' : [ 0x0, ['__unnamed_2ad7']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2adb']],
+    'Memory' : [ 0x0, ['__unnamed_2ad5']],
+    'Dma' : [ 0x0, ['__unnamed_2add']],
+    'DmaV3' : [ 0x0, ['__unnamed_2adf']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2a95']],
+    'BusNumber' : [ 0x0, ['__unnamed_2ae1']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_2ae3']],
+    'Memory40' : [ 0x0, ['__unnamed_2ae5']],
+    'Memory48' : [ 0x0, ['__unnamed_2ae7']],
+    'Memory64' : [ 0x0, ['__unnamed_2ae9']],
+    'Connection' : [ 0x0, ['__unnamed_2aa1']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2aeb']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0x900, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x40, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x50, ['pointer64', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x58, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x90, ['unsigned long long']],
+    'SizeOfPagedPoolInPages' : [ 0x98, ['unsigned long long']],
+    'SystemPteInfo' : [ 0xa0, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0x108, ['unsigned long long']],
+    'SmallNonPagedPtesCommit' : [ 0x110, ['unsigned long long']],
+    'BootCommit' : [ 0x118, ['unsigned long long']],
+    'MdlPagesAllocated' : [ 0x120, ['unsigned long long']],
+    'SystemPageTableCommit' : [ 0x128, ['unsigned long long']],
+    'SpecialPagesInUse' : [ 0x130, ['unsigned long long']],
+    'ProcessCommit' : [ 0x138, ['unsigned long long']],
+    'DriverCommit' : [ 0x140, ['long']],
+    'PfnDatabaseCommit' : [ 0x148, ['unsigned long long']],
+    'SystemWs' : [ 0x180, ['array', 3, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x4c0, ['_MMSUPPORT_SHARED']],
+    'AggregateSystemWs' : [ 0x540, ['array', 1, ['_MMSUPPORT_AGGREGATION']]],
+    'MapCacheFailures' : [ 0x560, ['unsigned long']],
+    'PagefileHashPages' : [ 0x568, ['unsigned long long']],
+    'PteHeader' : [ 0x570, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x688, ['pointer64', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x690, ['array', 16, ['unsigned long long']]],
+    'SystemVaType' : [ 0x710, ['array', 256, ['unsigned char']]],
+    'SystemVaRegions' : [ 0x810, ['array', 14, ['_MI_SYSTEM_VA_ASSIGNMENT']]],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xf0, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+    'Xcr0' : [ 0xd8, ['unsigned long long']],
+    'MsrFsBase' : [ 0xe0, ['unsigned long long']],
+    'SpecialPadding0' : [ 0xe8, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x48, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x70, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x38, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long']],
+    'LargeViews' : [ 0x6c, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x118, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastPerfCheckSnap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xb8, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x108, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x10c, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x110, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x112, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x113, ['unsigned char']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_PEB32' : [ 0x468, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'SharedData' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['unsigned long']],
+    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
+    'FlsBitmap' : [ 0x218, ['unsigned long']],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pUnused' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['LIST_ENTRY32']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['unsigned long']]],
+    'TelemetryCoverageHeader' : [ 0x45c, ['unsigned long']],
+    'CloudFileFlags' : [ 0x460, ['unsigned long']],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1d0, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x1a8, ['_LIST_ENTRY']],
+    'Status' : [ 0x1b8, ['long']],
+    'FailedDevice' : [ 0x1c0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1c8, ['unsigned char']],
+    'Cancelled' : [ 0x1c9, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1ca, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1cb, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x98, {
+    'FileName' : [ 0x0, ['pointer64', ['wchar']]],
+    'BaseName' : [ 0x8, ['pointer64', ['wchar']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['wchar']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+    'FilePath' : [ 0x88, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x178, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'HitCount' : [ 0x18, ['unsigned long long']],
+    'LastActivationTime' : [ 0x20, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x28, ['unsigned long long']],
+    'CsActivationTime' : [ 0x30, ['unsigned long long']],
+    'CsActiveTime' : [ 0x38, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x38, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_ETW_DEBUGID_TRACKING_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x10, ['unsigned char']],
+    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0x14, ['unsigned long']],
+    'DebugId' : [ 0x18, ['_CVDD']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x20, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x50, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ControlAreaDeleteListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'UnusedSegmentDeleteListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'PagefileExtensionListHead' : [ 0x40, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2b5b' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x2040, {
+    'LargePageFreeCount' : [ 0x0, ['array', 3, ['array', 2, ['unsigned long long']]]],
+    'LargePagesCount' : [ 0x30, ['array', 3, ['array', 2, ['array', 2, ['array', 4, ['unsigned long long']]]]]],
+    'LargePages' : [ 0x1b0, ['array', 2, ['array', 2, ['array', 2, ['array', 4, ['_LIST_ENTRY']]]]]],
+    'MediumPages' : [ 0x3b0, ['array', 2, ['array', 2, ['array', 4, ['array', 16, ['_LIST_ENTRY']]]]]],
+    'MediumPagesCount' : [ 0x13b0, ['array', 2, ['array', 2, ['array', 4, ['array', 16, ['unsigned long long']]]]]],
+    'LargePageRebuildTimer' : [ 0x1bb0, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'StandbyPageList' : [ 0x1bd8, ['array', 4, ['array', 8, ['_MMPFNLIST_SHORT']]]],
+    'FreePageListHeadsBitmap' : [ 0x1f00, ['array', 2, ['_RTL_BITMAP']]],
+    'FreePageListHeadsBitmapBuffer' : [ 0x1f20, ['array', 16, ['unsigned long']]],
+    'FreeCount' : [ 0x1f60, ['array', 2, ['unsigned long long']]],
+    'TotalPages' : [ 0x1f70, ['array', 4, ['unsigned long long']]],
+    'TotalPagesEntireNode' : [ 0x1f90, ['unsigned long long']],
+    'MmShiftedColor' : [ 0x1f98, ['unsigned long']],
+    'Color' : [ 0x1f9c, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x1fa0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'Flags' : [ 0x1fe0, ['__unnamed_2b5b']],
+    'NodeLock' : [ 0x1fe8, ['_EX_PUSH_LOCK']],
+    'ZeroThreadHugeMapLock' : [ 0x1ff0, ['unsigned long long']],
+    'ChannelStatus' : [ 0x1ff8, ['unsigned char']],
+    'ChannelOrdering' : [ 0x1ff9, ['array', 4, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x1ffd, ['array', 4, ['unsigned char']]],
+    'PowerAttribute' : [ 0x2001, ['array', 4, ['unsigned char']]],
+    'LargePageLock' : [ 0x2008, ['unsigned long long']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_MI_HYPER_SPACE' : [ 0x10804000, {
+    'VadBitmap' : [ 0x0, ['array', 268435456, ['unsigned char']]],
+    'PageDirectoryCommitmentBitmap' : [ 0x10000000, ['array', 16384, ['unsigned char']]],
+    'PageTableCommitmentBitmap' : [ 0x10004000, ['array', 8388608, ['unsigned char']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['long']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DeviceNode' : [ 0x30, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0x190, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x10, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x40, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x70, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedBitMapMaximum' : [ 0xb0, ['unsigned long long']],
+    'DynamicBitMapNonPagedPool' : [ 0xb8, ['_MI_DYNAMIC_BITMAP']],
+    'NonPagedPoolLowestPage' : [ 0x100, ['unsigned long long']],
+    'NonPagedPoolHighestPage' : [ 0x108, ['unsigned long long']],
+    'AllocatedNonPagedPool' : [ 0x110, ['unsigned long long']],
+    'PartialLargePoolRegions' : [ 0x118, ['unsigned long long']],
+    'PagesInPartialLargePoolRegions' : [ 0x120, ['unsigned long long']],
+    'CachedNonPagedPoolCount' : [ 0x128, ['unsigned long long']],
+    'NonPagedPoolSpinLock' : [ 0x130, ['unsigned long long']],
+    'CachedNonPagedPool' : [ 0x138, ['pointer64', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x140, ['pointer64', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x148, ['pointer64', ['void']]],
+    'NonPagedBitMap' : [ 0x150, ['array', 3, ['_RTL_BITMAP_EX']]],
+    'NonPagedHint' : [ 0x180, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PROC_PERF_QOS_CLASS_POLICY' : [ 0x18, {
+    'MaxPolicyPercent' : [ 0x0, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x4, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x8, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0xc, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x10, ['unsigned long']],
+    'ProvideGuidance' : [ 0x14, ['unsigned char']],
+    'AllowThrottling' : [ 0x15, ['unsigned char']],
+    'PerfBoostMode' : [ 0x16, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x17, ['unsigned char']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long long']],
+    'BadPagesDetected' : [ 0x8, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
+    'ScrubPasses' : [ 0x10, ['long']],
+    'ScrubBadPagesFound' : [ 0x14, ['long']],
+    'PageHashErrors' : [ 0x18, ['unsigned long']],
+    'FeatureBits' : [ 0x20, ['unsigned long long']],
+    'TimeZoneId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x28, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x20, ['unsigned char']],
+    'RebuildActive' : [ 0x21, ['unsigned char']],
+    'NextPassDelta' : [ 0x22, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x23, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x68, {
+    'IoPfnLock' : [ 0x0, ['unsigned long long']],
+    'IoPfnRoot' : [ 0x8, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x20, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x30, ['unsigned long']],
+    'IoCacheStats' : [ 0x38, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x60, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x20, {
+    'CurrentCharges' : [ 0x0, ['unsigned long long']],
+    'ChargeFailures' : [ 0x8, ['unsigned long long']],
+    'ChargePeak' : [ 0x10, ['unsigned long long']],
+    'ChargeMinimum' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_2b9a' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x30, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SessionId' : [ 0x18, ['unsigned long']],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x20, ['pointer64', ['_MMPTE']]],
+    'u2' : [ 0x28, ['__unnamed_2b9a']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x40, {
+    'PagesLoad' : [ 0x0, ['long long']],
+    'PagesAverage' : [ 0x8, ['unsigned long long']],
+    'AverageAvailablePages' : [ 0x10, ['unsigned long long']],
+    'PagesWritten' : [ 0x18, ['unsigned long long']],
+    'WritesIssued' : [ 0x20, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x24, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x28, ['unsigned long']],
+    'WriteBurstCount' : [ 0x2c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x30, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x38, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x3e, ['unsigned short']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x40, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '__unnamed_2bbc' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2bbe' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2bc1' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_2bc5' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x58, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x38, ['__unnamed_2bbc']],
+    'HvDeviceId' : [ 0x40, ['unsigned long long']],
+    'XapicMessage' : [ 0x48, ['__unnamed_2bbe']],
+    'Hypertransport' : [ 0x48, ['__unnamed_2bc1']],
+    'GenericMessage' : [ 0x48, ['__unnamed_2bbe']],
+    'MessageRequest' : [ 0x48, ['__unnamed_2bc5']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x50, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0x18, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x1c, ['unsigned long']],
+    'LowestLink' : [ 0x20, ['unsigned long']],
+    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
+    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x48, ['unsigned long']],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x178, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
+    'StorageInfo' : [ 0x110, ['pointer64', ['void']]],
+    'UseStorageInfo' : [ 0x118, ['unsigned char']],
+    'PointersLength' : [ 0x11c, ['unsigned long']],
+    'ModulePrefix' : [ 0x120, ['pointer64', ['wchar']]],
+    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x138, ['_STRING']],
+    'ProgMsg' : [ 0x148, ['_STRING']],
+    'DoneMsg' : [ 0x158, ['_STRING']],
+    'FileObject' : [ 0x168, ['pointer64', ['void']]],
+    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x38, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0x18, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x520, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x508, ['unsigned long']],
+    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x510, ['unsigned long']],
+    'YieldCount' : [ 0x514, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x38, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2bec' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2bee' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2bf0' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2bf2' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2bf4' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2bf6' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2bf8' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2bfa' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2bfc' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_2bfe' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_2bec']],
+    'TargetDevice' : [ 0x0, ['__unnamed_2bee']],
+    'InstallDevice' : [ 0x0, ['__unnamed_2bee']],
+    'CustomNotification' : [ 0x0, ['__unnamed_2bf0']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_2bf2']],
+    'PowerNotification' : [ 0x0, ['__unnamed_2bf4']],
+    'VetoNotification' : [ 0x0, ['__unnamed_2bf6']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_2bf8']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_2bfa']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_2bfc']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_2bee']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_2bee']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_2bfe']],
+} ],
+  '_HVIEW_MAP_DIRECTORY' : [ 0x400, {
+    'Tables' : [ 0x0, ['array', 128, ['pointer64', ['_HVIEW_MAP_TABLE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'AllStacksInUse' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'MpnId' : [ 0x8, ['unsigned short']],
+    'Node' : [ 0xa, ['unsigned short']],
+    'Channel' : [ 0xc, ['unsigned short']],
+    'IsPowerManageable' : [ 0xe, ['unsigned char']],
+    'DeepPowerState' : [ 0xf, ['unsigned char']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x78, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'PlatformCap' : [ 0x10, ['unsigned long']],
+    'ThermalCap' : [ 0x14, ['unsigned long']],
+    'LimitReasons' : [ 0x18, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x20, ['unsigned long long']],
+    'ProcCap' : [ 0x28, ['unsigned long']],
+    'ProcFloor' : [ 0x2c, ['unsigned long']],
+    'TargetPercent' : [ 0x30, ['unsigned long']],
+    'Selection' : [ 0x38, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x60, ['unsigned long']],
+    'PreviousFrequency' : [ 0x64, ['unsigned long']],
+    'PreviousPercent' : [ 0x68, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x6c, ['unsigned long']],
+    'Force' : [ 0x70, ['unsigned char']],
+} ],
+  '_MI_ALIGNED_SLIST' : [ 0x40, {
+    'SList' : [ 0x0, ['_SLIST_HEADER']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x410, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
+    'ProcessGroupId' : [ 0x408, ['unsigned long']],
+    'LoaderThreads' : [ 0x40c, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x28, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long long']],
+    'ActiveCacheMatch' : [ 0x8, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x14, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x1c, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_2c41' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2c43' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2c45' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2c41']],
+    'Gpt' : [ 0x0, ['__unnamed_2c43']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
+    'HiberResume' : [ 0x6a, ['unsigned char']],
+    'Reserved1' : [ 0x6b, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_2c45']],
+    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
+    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
+    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x38, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ActiveCooling' : [ 0x28, ['pointer64', ['void']]],
+    'PassiveCooling' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0xa0, {
+    'Component' : [ 0x0, ['pointer64', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x8, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x30, ['pointer64', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x38, ['unsigned long']],
+    'LastChangeStamp' : [ 0x40, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x48, ['unsigned char']],
+    'PepRegistered' : [ 0x49, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x4a, ['unsigned char']],
+    'RequestDriverContext' : [ 0x50, ['pointer64', ['void']]],
+    'WorkOrder' : [ 0x58, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x90, ['unsigned long']],
+    'Sets' : [ 0x98, ['pointer64', ['_POP_FX_PERF_SET']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'AttemptForCantExtend' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'UnusedSegmentDeletion' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileContract' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNLIST_SHORT' : [ 0x18, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Flink' : [ 0x8, ['unsigned long long']],
+    'Blink' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_2c7a' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2c7c' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2c7e' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2c80' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2c7a']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_2c7c']],
+    'Raw' : [ 0x0, ['__unnamed_2c7e']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0xc, ['__unnamed_2c80']],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x28, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0x18, ['_RTL_BITMAP']],
+} ],
+  '_MI_SYSTEM_VA_ASSIGNMENT' : [ 0x10, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2c8e' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2c90' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2c8e']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2c93' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2c95' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2c93']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2c90']],
+    'HighPart' : [ 0x4, ['__unnamed_2c95']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
+    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
+    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'CopyTicks' : [ 0x20, ['unsigned long long']],
+    'CompressTicks' : [ 0x28, ['unsigned long long']],
+    'BytesCopied' : [ 0x30, ['unsigned long long']],
+    'PagesProcessed' : [ 0x38, ['unsigned long long']],
+    'DecompressTicks' : [ 0x40, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x78, ['unsigned long']],
+    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x48, {
+    'ViewOffset' : [ 0x0, ['unsigned long']],
+    'Pinned' : [ 0x4, ['unsigned char']],
+    'PinMask' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x18, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HVIEW_MAP_TABLE' : [ 0x800, {
+    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
+} ],
+  '_LDRP_CSLIST' : [ 0x8, {
+    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_EX_WORK_QUEUE_MANAGER' : [ 0x118, {
+    'Partition' : [ 0x0, ['pointer64', ['_EX_PARTITION']]],
+    'Node' : [ 0x8, ['pointer64', ['_ENODE']]],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'DeadlockTimer' : [ 0x28, ['_KTIMER']],
+    'ReaperEvent' : [ 0x68, ['_KEVENT']],
+    'ReaperTimer' : [ 0x80, ['_KTIMER2']],
+    'ThreadHandle' : [ 0x108, ['pointer64', ['void']]],
+    'ExitThread' : [ 0x110, ['unsigned long']],
+    'ThreadSeed' : [ 0x114, ['unsigned long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeFilteredPrivateLogger', 12: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x78, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+    'PreQueryOpen' : [ 0x68, ['pointer64', ['void']]],
+    'PostQueryOpen' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer64', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_ENTRY' : [ 0x20, {
+    'ViewStart' : [ 0x0, ['pointer64', ['void']]],
+    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Bcb' : [ 0x8, ['pointer64', ['void']]],
+    'PinnedPages' : [ 0x10, ['unsigned long long']],
+    'Size' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_2ce7' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['pointer64', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_2ce9' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x30, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'Unit' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x20, ['__unnamed_2ce7']],
+    'Range' : [ 0x20, ['__unnamed_2ce9']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2cf1' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_2cf3' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_2cf1']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_2cf3']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2cf9' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2cfb' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_2d01' : [ 0x10, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer64', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_2d05' : [ 0x10, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NotifyTypeCreate', 1: u'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x8, ['unsigned char']],
+} ],
+  '__unnamed_2d07' : [ 0x20, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileInformation' : [ 0x8, ['pointer64', ['void']]],
+    'Length' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'FileInformationClass' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileMaximumInformation'})]],
+    'CompletionStatus' : [ 0x1c, ['long']],
+} ],
+  '__unnamed_2d09' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2cf9']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2cfb']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2d01']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_2d05']],
+    'QueryOpen' : [ 0x0, ['__unnamed_2d07']],
+    'Others' : [ 0x0, ['__unnamed_2d09']],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+}
diff --git a/volatility/plugins/overlays/windows/win10_x86_16299_vtypes.py b/volatility/plugins/overlays/windows/win10_x86_16299_vtypes.py
new file mode 100644
index 000000000..36307f0c2
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_16299_vtypes.py
@@ -0,0 +1,13696 @@
+ntkrpamp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PS_MITIGATION_AUDIT_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgStateSeparationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'TelemetryCoverageRound' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1088' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1088']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_108c' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_108c']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_10a7' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_10a9' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_10a7']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x4, ['pointer', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x8, ['pointer', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0xc, ['pointer', ['void']]],
+    'RaceDll' : [ 0x10, ['pointer', ['void']]],
+    'ActivationContext' : [ 0x14, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x18, ['pointer', ['void']]],
+    'u' : [ 0x1c, ['__unnamed_10a9']],
+    'CallbackPriority' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x24, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x1c, ['pointer', ['void']]],
+    'ClientId' : [ 0x20, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['pointer', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x30, ['pointer', ['_PEB']]],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['pointer', ['void']]],
+    'Win32ThreadInfo' : [ 0x40, ['pointer', ['void']]],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['pointer', ['void']]],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['pointer', ['void']]]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['pointer', ['void']]]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x175, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['pointer', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['pointer', ['void']]],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['pointer', ['void']]],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['pointer', ['void']]]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['pointer', ['void']]],
+    'glSectionInfo' : [ 0xbe0, ['pointer', ['void']]],
+    'glSection' : [ 0xbe4, ['pointer', ['void']]],
+    'glTable' : [ 0xbe8, ['pointer', ['void']]],
+    'glCurrentRC' : [ 0xbec, ['pointer', ['void']]],
+    'glContext' : [ 0xbf0, ['pointer', ['void']]],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['pointer', ['void']]],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['pointer', ['void']]]],
+    'TlsLinks' : [ 0xf10, ['_LIST_ENTRY']],
+    'Vdm' : [ 0xf18, ['pointer', ['void']]],
+    'ReservedForNtRpc' : [ 0xf1c, ['pointer', ['void']]],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['pointer', ['void']]]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['pointer', ['void']]]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['pointer', ['void']]],
+    'PerflibData' : [ 0xf64, ['pointer', ['void']]],
+    'EtwTraceData' : [ 0xf68, ['pointer', ['void']]],
+    'WinSockData' : [ 0xf6c, ['pointer', ['void']]],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['pointer', ['void']]],
+    'ReservedForOle' : [ 0xf80, ['pointer', ['void']]],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['pointer', ['void']]],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['pointer', ['void']]],
+    'TlsExpansionSlots' : [ 0xf94, ['pointer', ['pointer', ['void']]]],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['pointer', ['void']]],
+    'pShimData' : [ 0xfa4, ['pointer', ['void']]],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['pointer', ['void']]],
+    'ActiveFrame' : [ 0xfb0, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0xfb4, ['pointer', ['void']]],
+    'PreferredLanguages' : [ 0xfb8, ['pointer', ['void']]],
+    'UserPrefLanguages' : [ 0xfbc, ['pointer', ['void']]],
+    'MergedPrefLanguages' : [ 0xfc0, ['pointer', ['void']]],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['pointer', ['void']]],
+    'TxnScopeExitCallback' : [ 0xfd0, ['pointer', ['void']]],
+    'TxnScopeContext' : [ 0xfd4, ['pointer', ['void']]],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['pointer', ['void']]],
+    'ReservedForWdf' : [ 0xfe4, ['pointer', ['void']]],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x8, {
+    'Flink' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x4, {
+    'Next' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0xc, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0xc, {
+    'ChainHead' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x14, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0xc, ['pointer', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x24, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS' : [ 0xf8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0xc, {
+    'Children' : [ 0x0, ['array', 2, ['pointer', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_AVL_TREE' : [ 0x4, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x4a60, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'Used_ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Used_StackBase' : [ 0x4, ['pointer', ['void']]],
+    'MxCsr' : [ 0x8, ['unsigned long']],
+    'TssCopy' : [ 0xc, ['pointer', ['void']]],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'SetMemberCopy' : [ 0x14, ['unsigned long']],
+    'Used_Self' : [ 0x18, ['pointer', ['void']]],
+    'SelfPcr' : [ 0x1c, ['pointer', ['_KPCR']]],
+    'Prcb' : [ 0x20, ['pointer', ['_KPRCB']]],
+    'Irql' : [ 0x24, ['unsigned char']],
+    'IRR' : [ 0x28, ['unsigned long']],
+    'IrrActive' : [ 0x2c, ['unsigned long']],
+    'IDR' : [ 0x30, ['unsigned long']],
+    'KdVersionBlock' : [ 0x34, ['pointer', ['void']]],
+    'IDT' : [ 0x38, ['pointer', ['_KIDTENTRY']]],
+    'GDT' : [ 0x3c, ['pointer', ['_KGDTENTRY']]],
+    'TSS' : [ 0x40, ['pointer', ['_KTSS']]],
+    'MajorVersion' : [ 0x44, ['unsigned short']],
+    'MinorVersion' : [ 0x46, ['unsigned short']],
+    'SetMember' : [ 0x48, ['unsigned long']],
+    'StallScaleFactor' : [ 0x4c, ['unsigned long']],
+    'SpareUnused' : [ 0x50, ['unsigned char']],
+    'Number' : [ 0x51, ['unsigned char']],
+    'Spare0' : [ 0x52, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x53, ['unsigned char']],
+    'VdmAlert' : [ 0x54, ['unsigned long']],
+    'KernelReserved' : [ 0x58, ['array', 14, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0x90, ['unsigned long']],
+    'HalReserved' : [ 0x94, ['array', 16, ['unsigned long']]],
+    'InterruptMode' : [ 0xd4, ['unsigned long']],
+    'Spare1' : [ 0xd8, ['unsigned char']],
+    'KernelReserved2' : [ 0xdc, ['array', 17, ['unsigned long']]],
+    'PrcbData' : [ 0x120, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x4940, {
+    'MinorVersion' : [ 0x0, ['unsigned short']],
+    'MajorVersion' : [ 0x2, ['unsigned short']],
+    'CurrentThread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'NextThread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'IdleThread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'LegacyNumber' : [ 0x10, ['unsigned char']],
+    'NestingLevel' : [ 0x11, ['unsigned char']],
+    'BuildType' : [ 0x12, ['unsigned short']],
+    'CpuType' : [ 0x14, ['unsigned char']],
+    'CpuID' : [ 0x15, ['unsigned char']],
+    'CpuStep' : [ 0x16, ['unsigned short']],
+    'CpuStepping' : [ 0x16, ['unsigned char']],
+    'CpuModel' : [ 0x17, ['unsigned char']],
+    'ProcessorState' : [ 0x18, ['_KPROCESSOR_STATE']],
+    'ParentNode' : [ 0x338, ['pointer', ['_KNODE']]],
+    'PriorityState' : [ 0x33c, ['pointer', ['unsigned char']]],
+    'KernelReserved' : [ 0x340, ['array', 14, ['unsigned long']]],
+    'HalReserved' : [ 0x378, ['array', 16, ['unsigned long']]],
+    'CFlushSize' : [ 0x3b8, ['unsigned long']],
+    'CoresPerPhysicalProcessor' : [ 0x3bc, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x3bd, ['unsigned char']],
+    'CpuVendor' : [ 0x3be, ['unsigned char']],
+    'PrcbPad0' : [ 0x3bf, ['array', 1, ['unsigned char']]],
+    'MHz' : [ 0x3c0, ['unsigned long']],
+    'GroupIndex' : [ 0x3c4, ['unsigned char']],
+    'Group' : [ 0x3c5, ['unsigned char']],
+    'PrcbPad05' : [ 0x3c6, ['array', 2, ['unsigned char']]],
+    'GroupSetMember' : [ 0x3c8, ['unsigned long']],
+    'Number' : [ 0x3cc, ['unsigned long']],
+    'ClockOwner' : [ 0x3d0, ['unsigned char']],
+    'PendingTickFlags' : [ 0x3d1, ['unsigned char']],
+    'PendingTick' : [ 0x3d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x3d1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PrcbPad10' : [ 0x3d2, ['array', 70, ['unsigned char']]],
+    'LockQueue' : [ 0x418, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'InterruptCount' : [ 0x4a0, ['unsigned long']],
+    'KernelTime' : [ 0x4a4, ['unsigned long']],
+    'UserTime' : [ 0x4a8, ['unsigned long']],
+    'DpcTime' : [ 0x4ac, ['unsigned long']],
+    'DpcTimeCount' : [ 0x4b0, ['unsigned long']],
+    'InterruptTime' : [ 0x4b4, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4b8, ['unsigned long']],
+    'PageColor' : [ 0x4bc, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4c0, ['unsigned char']],
+    'NodeColor' : [ 0x4c1, ['unsigned char']],
+    'DeepSleep' : [ 0x4c2, ['unsigned char']],
+    'PrcbPad20' : [ 0x4c3, ['unsigned char']],
+    'CachedStack' : [ 0x4c4, ['pointer', ['void']]],
+    'NodeShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x4cc, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4d0, ['unsigned long']],
+    'PrcbPad21' : [ 0x4d4, ['array', 2, ['unsigned long']]],
+    'SchedulerAssist' : [ 0x4dc, ['pointer', ['void']]],
+    'CcFastReadNoWait' : [ 0x4e0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x4e4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x4e8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x4ec, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x4f0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x4f4, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x4f8, ['long']],
+    'IoReadOperationCount' : [ 0x4fc, ['long']],
+    'IoWriteOperationCount' : [ 0x500, ['long']],
+    'IoOtherOperationCount' : [ 0x504, ['long']],
+    'IoReadTransferCount' : [ 0x508, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x510, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x518, ['_LARGE_INTEGER']],
+    'CcFastMdlReadNoWait' : [ 0x520, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x524, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x528, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x52c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x530, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x534, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x538, ['unsigned long']],
+    'CcPinReadWait' : [ 0x53c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x540, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x544, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x548, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x54c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x550, ['unsigned long']],
+    'CcDataFlushes' : [ 0x554, ['unsigned long']],
+    'CcDataPages' : [ 0x558, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x55c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x560, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x564, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x568, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x56c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x570, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x574, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x578, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x57c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x580, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x584, ['unsigned long']],
+    'KeAlignmentFixupCount' : [ 0x588, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x58c, ['unsigned long']],
+    'KeSystemCalls' : [ 0x590, ['unsigned long']],
+    'AvailableTime' : [ 0x594, ['unsigned long']],
+    'PrcbPad22' : [ 0x598, ['array', 2, ['unsigned long']]],
+    'PPLookasideList' : [ 0x5a0, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x620, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0xf20, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x1820, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x2120, ['long']],
+    'ReverseStall' : [ 0x2124, ['long']],
+    'IpiFrame' : [ 0x2128, ['pointer', ['void']]],
+    'PrcbPad3' : [ 0x212c, ['array', 52, ['unsigned char']]],
+    'CurrentPacket' : [ 0x2160, ['array', 3, ['pointer', ['void']]]],
+    'TargetSet' : [ 0x216c, ['unsigned long']],
+    'WorkerRoutine' : [ 0x2170, ['pointer', ['void']]],
+    'IpiFrozen' : [ 0x2174, ['unsigned long']],
+    'PrcbPad4' : [ 0x2178, ['array', 40, ['unsigned char']]],
+    'RequestSummary' : [ 0x21a0, ['unsigned long']],
+    'TargetCount' : [ 0x21a4, ['long']],
+    'LastNonHrTimerExpiration' : [ 0x21a8, ['unsigned long long']],
+    'PrcbPad50' : [ 0x21b0, ['array', 32, ['unsigned char']]],
+    'InterruptLastCount' : [ 0x21d0, ['unsigned long']],
+    'InterruptRate' : [ 0x21d4, ['unsigned long']],
+    'DeviceInterrupts' : [ 0x21d8, ['unsigned long']],
+    'IsrDpcStats' : [ 0x21dc, ['pointer', ['void']]],
+    'DpcData' : [ 0x21e0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2210, ['pointer', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2214, ['long']],
+    'DpcRequestRate' : [ 0x2218, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x221c, ['unsigned long']],
+    'DpcLastCount' : [ 0x2220, ['unsigned long']],
+    'PrcbLock' : [ 0x2224, ['unsigned long']],
+    'DpcGate' : [ 0x2228, ['_KGATE']],
+    'IdleState' : [ 0x2238, ['unsigned char']],
+    'QuantumEnd' : [ 0x2239, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x223a, ['unsigned char']],
+    'IdleSchedule' : [ 0x223b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x223c, ['long']],
+    'DpcRequestSlot' : [ 0x223c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x223c, ['short']],
+    'ThreadDpcState' : [ 0x223e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x223c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x223c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x223c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x223c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x223c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x223c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x223c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x223c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x223c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x223c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2240, ['unsigned long']],
+    'LastTick' : [ 0x2244, ['unsigned long']],
+    'PeriodicCount' : [ 0x2248, ['unsigned long']],
+    'PeriodicBias' : [ 0x224c, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2250, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2254, ['unsigned long']],
+    'GroupSchedulingOverQuota' : [ 0x2258, ['unsigned char']],
+    'ThreadDpcEnable' : [ 0x2259, ['unsigned char']],
+    'PrcbPad41' : [ 0x225a, ['array', 2, ['unsigned char']]],
+    'TimerTable' : [ 0x2260, ['_KTIMER_TABLE']],
+    'CallDpc' : [ 0x3aa0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x3ac0, ['long']],
+    'PrcbPad6' : [ 0x3ac4, ['array', 4, ['unsigned char']]],
+    'DpcWatchdogPeriod' : [ 0x3ac8, ['long']],
+    'DpcWatchdogCount' : [ 0x3acc, ['long']],
+    'KeSpinLockOrdering' : [ 0x3ad0, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x3ad4, ['unsigned long']],
+    'QueueIndex' : [ 0x3ad8, ['unsigned long']],
+    'DeferredReadyListHead' : [ 0x3adc, ['_SINGLE_LIST_ENTRY']],
+    'ReadySummary' : [ 0x3ae0, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x3ae4, ['long']],
+    'WaitLock' : [ 0x3ae8, ['unsigned long']],
+    'WaitListHead' : [ 0x3aec, ['_LIST_ENTRY']],
+    'ScbOffset' : [ 0x3af4, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x3af8, ['unsigned long']],
+    'StartCycles' : [ 0x3b00, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x3b08, ['unsigned long long']],
+    'TaggedCycles' : [ 0x3b10, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x3b20, ['unsigned long long']],
+    'CycleTime' : [ 0x3b28, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x3b30, ['unsigned long long']],
+    'ImportantCycles' : [ 0x3b38, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x3b40, ['unsigned long long']],
+    'ReadyQueueExpectedRunTime' : [ 0x3b48, ['unsigned long long']],
+    'HighCycleTime' : [ 0x3b50, ['unsigned long']],
+    'Cycles' : [ 0x3b58, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad71' : [ 0x3b98, ['array', 2, ['unsigned long']]],
+    'DispatcherReadyListHead' : [ 0x3ba0, ['array', 32, ['_LIST_ENTRY']]],
+    'ChainedInterruptList' : [ 0x3ca0, ['pointer', ['void']]],
+    'LookasideIrpFloat' : [ 0x3ca4, ['long']],
+    'ScbQueue' : [ 0x3ca8, ['_RTL_RB_TREE']],
+    'ScbList' : [ 0x3cb0, ['_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x3cb8, ['long']],
+    'MmCopyOnWriteCount' : [ 0x3cbc, ['long']],
+    'MmTransitionCount' : [ 0x3cc0, ['long']],
+    'MmCacheTransitionCount' : [ 0x3cc4, ['long']],
+    'MmDemandZeroCount' : [ 0x3cc8, ['long']],
+    'MmPageReadCount' : [ 0x3ccc, ['long']],
+    'MmPageReadIoCount' : [ 0x3cd0, ['long']],
+    'MmCacheReadCount' : [ 0x3cd4, ['long']],
+    'MmCacheIoCount' : [ 0x3cd8, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x3cdc, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x3ce0, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x3ce4, ['long']],
+    'MmMappedWriteIoCount' : [ 0x3ce8, ['long']],
+    'CachedCommit' : [ 0x3cec, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x3cf0, ['unsigned long']],
+    'HyperPte' : [ 0x3cf4, ['pointer', ['void']]],
+    'PrcbPad8' : [ 0x3cf8, ['array', 4, ['unsigned char']]],
+    'VendorString' : [ 0x3cfc, ['array', 13, ['unsigned char']]],
+    'InitialApicId' : [ 0x3d09, ['unsigned char']],
+    'LogicalProcessorsPerPhysicalProcessor' : [ 0x3d0a, ['unsigned char']],
+    'PrcbPad9' : [ 0x3d0b, ['array', 1, ['unsigned char']]],
+    'FeatureBits' : [ 0x3d10, ['unsigned long long']],
+    'UpdateSignature' : [ 0x3d18, ['_LARGE_INTEGER']],
+    'IsrTime' : [ 0x3d20, ['unsigned long long']],
+    'PrcbPad90' : [ 0x3d28, ['array', 2, ['unsigned long']]],
+    'PowerState' : [ 0x3d30, ['_PROCESSOR_POWER_STATE']],
+    'ForceIdleDpc' : [ 0x3ed8, ['_KDPC']],
+    'PrcbPad91' : [ 0x3ef8, ['array', 14, ['unsigned long']]],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x3f30, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x3f34, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x3f58, ['_KTIMER']],
+    'HypercallPageList' : [ 0x3f80, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x3f88, ['pointer', ['void']]],
+    'VirtualApicAssist' : [ 0x3f8c, ['pointer', ['void']]],
+    'StatisticsPage' : [ 0x3f90, ['pointer', ['unsigned long long']]],
+    'Cache' : [ 0x3f94, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x3fd0, ['unsigned long']],
+    'PackageProcessorSet' : [ 0x3fd4, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x3fe0, ['unsigned long']],
+    'SharedReadyQueue' : [ 0x3fe4, ['pointer', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x3fe8, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x3fec, ['unsigned long']],
+    'ScanSiblingMask' : [ 0x3ff0, ['unsigned long']],
+    'LLCMask' : [ 0x3ff4, ['unsigned long']],
+    'CacheProcessorMask' : [ 0x3ff8, ['array', 5, ['unsigned long']]],
+    'ScanSiblingIndex' : [ 0x400c, ['unsigned long']],
+    'WheaInfo' : [ 0x4010, ['pointer', ['void']]],
+    'EtwSupport' : [ 0x4014, ['pointer', ['void']]],
+    'InterruptObjectPool' : [ 0x4018, ['_SLIST_HEADER']],
+    'DpcWatchdogProfile' : [ 0x4020, ['pointer', ['pointer', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x4024, ['pointer', ['pointer', ['void']]]],
+    'PrcbPad92' : [ 0x4028, ['array', 1, ['unsigned long']]],
+    'PteBitCache' : [ 0x402c, ['unsigned long']],
+    'PteBitOffset' : [ 0x4030, ['unsigned long']],
+    'PrcbPad93' : [ 0x4034, ['unsigned long']],
+    'ProcessorProfileControlArea' : [ 0x4038, ['pointer', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x403c, ['pointer', ['void']]],
+    'TimerExpirationDpc' : [ 0x4040, ['_KDPC']],
+    'SynchCounters' : [ 0x4060, ['_SYNCH_COUNTERS']],
+    'FsCounters' : [ 0x4118, ['_FILESYSTEM_DISK_COUNTERS']],
+    'Context' : [ 0x4128, ['pointer', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x412c, ['unsigned long']],
+    'ExtendedState' : [ 0x4130, ['pointer', ['_XSAVE_AREA']]],
+    'EntropyTimingState' : [ 0x4134, ['_KENTROPY_TIMING_STATE']],
+    'IsrStack' : [ 0x425c, ['pointer', ['void']]],
+    'VectorToInterruptObject' : [ 0x4260, ['array', 208, ['pointer', ['_KINTERRUPT']]]],
+    'AbSelfIoBoostsList' : [ 0x45a0, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x45a4, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x45a8, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x45c8, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x461c, ['_IOP_IRP_STACK_PROFILER']],
+    'TimerExpirationTrace' : [ 0x4670, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x4770, ['unsigned long']],
+    'ExSaPageArray' : [ 0x4774, ['pointer', ['void']]],
+    'PrcbPad100' : [ 0x4778, ['array', 10, ['unsigned long']]],
+    'LocalSharedReadyQueue' : [ 0x47a0, ['_KSHARED_READY_QUEUE']],
+    'Mailbox' : [ 0x48e0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'PrcbPad' : [ 0x48e4, ['array', 60, ['unsigned char']]],
+    'RequestMailbox' : [ 0x4920, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KAPC' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x14, ['pointer', ['void']]],
+    'RundownRoutine' : [ 0x18, ['pointer', ['void']]],
+    'NormalRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Reserved' : [ 0x14, ['array', 3, ['pointer', ['void']]]],
+    'NormalContext' : [ 0x20, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x24, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x28, ['pointer', ['void']]],
+    'ApcStateIndex' : [ 0x2c, ['unsigned char']],
+    'ApcMode' : [ 0x2d, ['unsigned char']],
+    'Inserted' : [ 0x2e, ['unsigned char']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0xb0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x18, ['unsigned long']],
+    'LdtDescriptor' : [ 0x1c, ['_KGDTENTRY']],
+    'Int21Descriptor' : [ 0x24, ['_KIDTENTRY']],
+    'ThreadListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x34, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x38, ['unsigned long long']],
+    'Affinity' : [ 0x40, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x4c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x54, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x58, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x64, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x64, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x64, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'DeepFreeze' : [ 0x64, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x64, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x64, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x64, ['BitField', dict(start_bit = 6, end_bit = 9, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x64, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x64, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x64, ['long']],
+    'BasePriority' : [ 0x68, ['unsigned char']],
+    'QuantumReset' : [ 0x69, ['unsigned char']],
+    'Visited' : [ 0x6a, ['unsigned char']],
+    'Flags' : [ 0x6b, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x6c, ['array', 1, ['unsigned long']]],
+    'IdealNode' : [ 0x70, ['array', 1, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x72, ['unsigned short']],
+    'Spare1' : [ 0x74, ['unsigned short']],
+    'IopmOffset' : [ 0x76, ['unsigned short']],
+    'SchedulingGroup' : [ 0x78, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'StackCount' : [ 0x7c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x80, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x88, ['unsigned long long']],
+    'ContextSwitches' : [ 0x90, ['unsigned long long']],
+    'FreezeCount' : [ 0x98, ['unsigned long']],
+    'KernelTime' : [ 0x9c, ['unsigned long']],
+    'UserTime' : [ 0xa0, ['unsigned long']],
+    'ReadyTime' : [ 0xa4, ['unsigned long']],
+    'VdmTrapcHandler' : [ 0xa8, ['pointer', ['void']]],
+    'ProcessTimerDelay' : [ 0xac, ['unsigned long']],
+} ],
+  '_KTHREAD' : [ 0x350, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x10, ['pointer', ['void']]],
+    'QuantumTarget' : [ 0x18, ['unsigned long long']],
+    'InitialStack' : [ 0x20, ['pointer', ['void']]],
+    'StackLimit' : [ 0x24, ['pointer', ['void']]],
+    'StackBase' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLock' : [ 0x2c, ['unsigned long']],
+    'CycleTime' : [ 0x30, ['unsigned long long']],
+    'HighCycleTime' : [ 0x38, ['unsigned long']],
+    'ServiceTable' : [ 0x3c, ['pointer', ['void']]],
+    'CurrentRunTime' : [ 0x40, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x44, ['unsigned long']],
+    'KernelStack' : [ 0x48, ['pointer', ['void']]],
+    'StateSaveArea' : [ 0x4c, ['pointer', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x50, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x54, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x55, ['unsigned char']],
+    'Alerted' : [ 0x56, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x58, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x58, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x58, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x58, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x58, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x58, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x58, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x58, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x58, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x58, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x58, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x58, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x58, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x58, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x58, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x58, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x58, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x58, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x58, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x58, ['long']],
+    'BamQosLevel' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'AutoAlignment' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x5c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x5c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x5c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x5c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x5c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x5c, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x5c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x5c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x5c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x5c, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x5c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x5c, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'VpBackingThread' : [ 0x5c, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x5c, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x5c, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x5c, ['long']],
+    'Tag' : [ 0x60, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x61, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x63, ['unsigned char']],
+    'SystemCallNumber' : [ 0x64, ['unsigned long']],
+    'FirstArgument' : [ 0x68, ['pointer', ['void']]],
+    'TrapFrame' : [ 0x6c, ['pointer', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x70, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x70, ['array', 23, ['unsigned char']]],
+    'Priority' : [ 0x87, ['unsigned char']],
+    'UserIdealProcessor' : [ 0x88, ['unsigned long']],
+    'ContextSwitches' : [ 0x8c, ['unsigned long']],
+    'State' : [ 0x90, ['unsigned char']],
+    'Spare12' : [ 0x91, ['unsigned char']],
+    'WaitIrql' : [ 0x92, ['unsigned char']],
+    'WaitMode' : [ 0x93, ['unsigned char']],
+    'WaitStatus' : [ 0x94, ['long']],
+    'WaitBlockList' : [ 0x98, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0x9c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x9c, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xa4, ['pointer', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xa8, ['pointer', ['void']]],
+    'RelativeTimerBias' : [ 0xb0, ['unsigned long long']],
+    'Timer' : [ 0xb8, ['_KTIMER']],
+    'WaitBlock' : [ 0xe0, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill8' : [ 0xe0, ['array', 20, ['unsigned char']]],
+    'ThreadCounters' : [ 0xf4, ['pointer', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0xe0, ['array', 44, ['unsigned char']]],
+    'XStateSave' : [ 0x10c, ['pointer', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0xe0, ['array', 68, ['unsigned char']]],
+    'Win32Thread' : [ 0x124, ['pointer', ['void']]],
+    'WaitBlockFill11' : [ 0xe0, ['array', 88, ['unsigned char']]],
+    'WaitTime' : [ 0x138, ['unsigned long']],
+    'KernelApcDisable' : [ 0x13c, ['short']],
+    'SpecialApcDisable' : [ 0x13e, ['short']],
+    'CombinedApcDisable' : [ 0x13c, ['unsigned long']],
+    'QueueListEntry' : [ 0x140, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x148, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x148, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x148, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x14c, ['long']],
+    'Process' : [ 0x150, ['pointer', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x154, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x154, ['array', 6, ['unsigned char']]],
+    'PreviousMode' : [ 0x15a, ['unsigned char']],
+    'BasePriority' : [ 0x15b, ['unsigned char']],
+    'PriorityDecrement' : [ 0x15c, ['unsigned char']],
+    'ForegroundBoost' : [ 0x15c, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x15c, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x15d, ['unsigned char']],
+    'AdjustReason' : [ 0x15e, ['unsigned char']],
+    'AdjustIncrement' : [ 0x15f, ['unsigned char']],
+    'AffinityVersion' : [ 0x160, ['unsigned long']],
+    'Affinity' : [ 0x164, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x164, ['array', 6, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x16a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x16b, ['unsigned char']],
+    'IdealProcessor' : [ 0x16c, ['unsigned long']],
+    'ReadyTime' : [ 0x170, ['unsigned long']],
+    'SavedApcState' : [ 0x174, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x174, ['array', 23, ['unsigned char']]],
+    'WaitReason' : [ 0x18b, ['unsigned char']],
+    'SuspendCount' : [ 0x18c, ['unsigned char']],
+    'Saturation' : [ 0x18d, ['unsigned char']],
+    'SListFaultCount' : [ 0x18e, ['unsigned short']],
+    'SchedulerApc' : [ 0x190, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x190, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x191, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x190, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x193, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x190, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x194, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x190, ['array', 36, ['unsigned char']]],
+    'WaitPrcb' : [ 0x1b4, ['pointer', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x190, ['array', 40, ['unsigned char']]],
+    'LegoData' : [ 0x1b8, ['pointer', ['void']]],
+    'SchedulerApcFill5' : [ 0x190, ['array', 47, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x1bf, ['unsigned char']],
+    'UserTime' : [ 0x1c0, ['unsigned long']],
+    'SuspendEvent' : [ 0x1c4, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x1d4, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x1dc, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x1e4, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x1e5, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x1e6, ['unsigned char']],
+    'Spare20' : [ 0x1e7, ['unsigned char']],
+    'LockEntries' : [ 0x1e8, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x308, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x30c, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x310, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x320, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x324, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x328, ['long']],
+    'KeReferenceCount' : [ 0x32c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x32e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x32f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x330, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x334, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x334, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x338, ['unsigned long']],
+    'QueuedScb' : [ 0x33c, ['pointer', ['_KSCB']]],
+    'NpxState' : [ 0x340, ['unsigned long long']],
+    'ThreadTimerDelay' : [ 0x348, ['unsigned long']],
+    'ThreadFlags2' : [ 0x34c, ['long']],
+    'PpmPolicy' : [ 0x34c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlags2Reserved' : [ 0x34c, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'ActualLimit' : [ 0x4, ['unsigned long']],
+    'StackExpansion' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousTrapFrame' : [ 0x8, ['pointer', ['_KTRAP_FRAME']]],
+    'PreviousExceptionList' : [ 0xc, ['pointer', ['void']]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Event' : [ 0xc, ['_KEVENT']],
+    'OldIrql' : [ 0x1c, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_SLIST_HEADER' : [ 0x8, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x4, ['unsigned short']],
+    'CpuId' : [ 0x6, ['unsigned short']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x48, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['unsigned long']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['_FAST_MUTEX']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer', ['void']]],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Parameter' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer', ['void']]],
+    'DeleteContext' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x8, {
+    'P' : [ 0x0, ['pointer', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x4, ['pointer', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x100, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long']],
+    'IdleSmtSet' : [ 0x4, ['unsigned long']],
+    'IdleCpuSet' : [ 0x8, ['unsigned long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long']],
+    'IdleConstrainedSet' : [ 0x44, ['unsigned long']],
+    'NonParkedSet' : [ 0x48, ['unsigned long']],
+    'ParkLock' : [ 0x4c, ['long']],
+    'Seed' : [ 0x50, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x84, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x84, ['array', 6, ['unsigned char']]],
+    'NodeNumber' : [ 0x8a, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x8c, ['unsigned short']],
+    'Stride' : [ 0x8e, ['unsigned char']],
+    'Spare0' : [ 0x8f, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x90, ['unsigned long']],
+    'ProximityId' : [ 0x94, ['unsigned long']],
+    'Lowest' : [ 0x98, ['unsigned long']],
+    'Highest' : [ 0x9c, ['unsigned long']],
+    'MaximumProcessors' : [ 0xa0, ['unsigned char']],
+    'Flags' : [ 0xa1, ['_flags']],
+    'Spare10' : [ 0xa2, ['unsigned char']],
+    'HeteroSets' : [ 0xa4, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+    'PpmConfiguredQosSets' : [ 0xe0, ['array', 3, ['unsigned long']]],
+} ],
+  '_ENODE' : [ 0x140, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'HotAddProcessorWorkItem' : [ 0x100, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long']],
+    'QuotaProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x10, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'StrictFIFO' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x1c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x1c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x24, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 20, ['unsigned char']]],
+    'DebugInfo' : [ 0x54, ['pointer', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'VolatileLowValue' : [ 0x0, ['long']],
+    'LowValue' : [ 0x0, ['long']],
+    'InfoTable' : [ 0x0, ['pointer', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x4, ['long']],
+    'NextFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x4, ['_EXHANDLE']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'RefCountField' : [ 0x4, ['long']],
+    'GrantedAccessBits' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'ProtectFromClose' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'RefCnt' : [ 0x4, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_FAST_REF' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1351' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0x74, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'AuxData' : [ 0x30, ['pointer', ['void']]],
+    'Privileges' : [ 0x34, ['__unnamed_1351']],
+    'AuditPrivileges' : [ 0x60, ['unsigned char']],
+    'ObjectName' : [ 0x64, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x6c, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xc4, {
+    'PrivilegesUsed' : [ 0x0, ['pointer', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x4, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x14, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x18, ['unsigned long']],
+    'TransactionId' : [ 0x1c, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x30, ['pointer', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x34, ['pointer', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x38, ['pointer', ['void']]],
+    'SDLock' : [ 0x3c, ['pointer', ['void']]],
+    'AccessReasons' : [ 0x40, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xc0, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x480, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x350, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x358, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x358, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x360, ['pointer', ['void']]],
+    'PostBlockList' : [ 0x364, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x364, ['pointer', ['void']]],
+    'StartAddress' : [ 0x368, ['pointer', ['void']]],
+    'TerminationPort' : [ 0x36c, ['pointer', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x36c, ['pointer', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x36c, ['pointer', ['void']]],
+    'ActiveTimerListLock' : [ 0x370, ['unsigned long']],
+    'ActiveTimerListHead' : [ 0x374, ['_LIST_ENTRY']],
+    'Cid' : [ 0x37c, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x384, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x384, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x398, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x39c, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x3a4, ['unsigned long']],
+    'DeviceToVerify' : [ 0x3a8, ['pointer', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x3ac, ['pointer', ['void']]],
+    'LegacyPowerObject' : [ 0x3b0, ['pointer', ['void']]],
+    'ThreadListEntry' : [ 0x3b4, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x3bc, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x3c0, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x3c4, ['unsigned long']],
+    'MmLockOrdering' : [ 0x3c8, ['long']],
+    'CrossThreadFlags' : [ 0x3cc, ['unsigned long']],
+    'Terminated' : [ 0x3cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x3cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x3cc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x3cc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x3cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x3cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x3cc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x3cc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x3cc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x3cc, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x3cc, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x3cc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x3cc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x3cc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x3cc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x3cc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x3cc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x3cc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ForcedSelfTrimActive' : [ 0x3cc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x3cc, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x3d0, ['unsigned long']],
+    'ActiveExWorker' : [ 0x3d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x3d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x3d0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x3d0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x3d0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x3d0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x3d0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x3d0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SecureContext' : [ 0x3d0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ZeroPageThread' : [ 0x3d0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x3d0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x3d4, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x3d4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x3d4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x3d4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x3d4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x3d4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x3d4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x3d4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x3d4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x3d5, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x3d5, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'AllowWritesToExecutableMemory' : [ 0x3d5, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x3d8, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x3d9, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x3da, ['unsigned char']],
+    'LockOrderState' : [ 0x3db, ['unsigned char']],
+    'AlpcMessageId' : [ 0x3dc, ['unsigned long']],
+    'AlpcMessage' : [ 0x3e0, ['pointer', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x3e0, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x3e4, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x3ec, ['long']],
+    'CacheManagerCount' : [ 0x3f0, ['unsigned long']],
+    'IoBoostCount' : [ 0x3f4, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x3f8, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x3fc, ['unsigned long']],
+    'BoostList' : [ 0x400, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x408, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x410, ['unsigned long']],
+    'IrpListLock' : [ 0x414, ['unsigned long']],
+    'ReservedForSynchTracking' : [ 0x418, ['pointer', ['void']]],
+    'CmCallbackListHead' : [ 0x41c, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x420, ['pointer', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x424, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x428, ['pointer', ['void']]],
+    'KernelStackReference' : [ 0x42c, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x430, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x434, ['pointer', ['void']]],
+    'PropertySet' : [ 0x438, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x444, ['pointer', ['void']]],
+    'UserFsBase' : [ 0x448, ['unsigned long']],
+    'UserGsBase' : [ 0x44c, ['unsigned long']],
+    'EnergyValues' : [ 0x450, ['pointer', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x454, ['pointer', ['void']]],
+    'SelectedCpuSets' : [ 0x458, ['unsigned long']],
+    'SelectedCpuSetsIndirect' : [ 0x458, ['pointer', ['unsigned long']]],
+    'Silo' : [ 0x45c, ['pointer', ['_EJOB']]],
+    'ThreadName' : [ 0x460, ['pointer', ['_UNICODE_STRING']]],
+    'LastExpectedRunTime' : [ 0x464, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x468, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x470, ['unsigned long']],
+    'DisownedOwnerEntryListHead' : [ 0x474, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_13a3' : [ 0x4, {
+    'ControlFlowGuardEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditDisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'AuditDisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'AuditProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'AuditProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinaries' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinariesAllowStore' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AuditLoaderIntegrityContinuity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'EnableModuleTamperingProtection' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'EnableModuleTamperingProtectionNoInherit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+} ],
+  '__unnamed_13a5' : [ 0x4, {
+    'EnableExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AuditExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'EnableRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuditRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuditRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'EnableRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AuditRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'EnableImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_EPROCESS' : [ 0x3e8, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0xb4, ['pointer', ['void']]],
+    'ActiveProcessLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0xc0, ['_EX_RUNDOWN_REF']],
+    'VdmObjects' : [ 0xc4, ['pointer', ['void']]],
+    'Flags2' : [ 0xc8, ['unsigned long']],
+    'JobNotReallyActive' : [ 0xc8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0xc8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0xc8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0xc8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0xc8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0xc8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0xc8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0xc8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0xc8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0xc8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PicoCreated' : [ 0xc8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0xc8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0xc8, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0xc8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0xc8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0xc8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0xc8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0xc8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0xc8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0xc8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0xc8, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'EnableReadVmLogging' : [ 0xc8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'EnableWriteVmLogging' : [ 0xc8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0xc8, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0xc8, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0xc8, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0xc8, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'InPrivate' : [ 0xc8, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0xcc, ['unsigned long']],
+    'CreateReported' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0xcc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0xcc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0xcc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ManageExecutableMemoryWrites' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0xcc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0xcc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0xcc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0xcc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0xcc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0xcc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0xcc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0xcc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0xcc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0xcc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0xcc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0xcc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0xcc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0xcc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0xcc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0xcc, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0xcc, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0xcc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0xd0, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0xd8, ['array', 2, ['unsigned long']]],
+    'ProcessQuotaPeak' : [ 0xe0, ['array', 2, ['unsigned long']]],
+    'PeakVirtualSize' : [ 0xe8, ['unsigned long']],
+    'VirtualSize' : [ 0xec, ['unsigned long']],
+    'SessionProcessLinks' : [ 0xf0, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0xf8, ['pointer', ['void']]],
+    'ExceptionPortValue' : [ 0xf8, ['unsigned long']],
+    'ExceptionPortState' : [ 0xf8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Token' : [ 0xfc, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x100, ['unsigned long']],
+    'AddressCreationLock' : [ 0x104, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x108, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x10c, ['pointer', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x110, ['pointer', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x114, ['pointer', ['_EJOB']]],
+    'CloneRoot' : [ 0x118, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x11c, ['unsigned long']],
+    'NumberOfLockedPages' : [ 0x120, ['unsigned long']],
+    'Win32Process' : [ 0x124, ['pointer', ['void']]],
+    'Job' : [ 0x128, ['pointer', ['_EJOB']]],
+    'SectionObject' : [ 0x12c, ['pointer', ['void']]],
+    'SectionBaseAddress' : [ 0x130, ['pointer', ['void']]],
+    'Cookie' : [ 0x134, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x138, ['pointer', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x13c, ['pointer', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x140, ['pointer', ['void']]],
+    'LdtInformation' : [ 0x144, ['pointer', ['void']]],
+    'OwnerProcessId' : [ 0x148, ['unsigned long']],
+    'Peb' : [ 0x14c, ['pointer', ['_PEB']]],
+    'Session' : [ 0x150, ['pointer', ['_MM_SESSION_SPACE']]],
+    'AweInfo' : [ 0x154, ['pointer', ['void']]],
+    'QuotaBlock' : [ 0x158, ['pointer', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x15c, ['pointer', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x160, ['pointer', ['void']]],
+    'PaeTop' : [ 0x164, ['pointer', ['void']]],
+    'DeviceMap' : [ 0x168, ['pointer', ['void']]],
+    'EtwDataSource' : [ 0x16c, ['pointer', ['void']]],
+    'PageDirectoryPte' : [ 0x170, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x178, ['pointer', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x17c, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x18b, ['unsigned char']],
+    'SecurityPort' : [ 0x18c, ['pointer', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x190, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x194, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x19c, ['pointer', ['void']]],
+    'ThreadListHead' : [ 0x1a0, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x1a8, ['unsigned long']],
+    'ImagePathHash' : [ 0x1ac, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x1b0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x1b4, ['long']],
+    'PrefetchTrace' : [ 0x1b8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x1bc, ['pointer', ['void']]],
+    'ReadOperationCount' : [ 0x1c0, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x1c8, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x1d0, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x1e8, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x1f0, ['unsigned long']],
+    'CommitCharge' : [ 0x1f4, ['unsigned long']],
+    'CommitChargePeak' : [ 0x1f8, ['unsigned long']],
+    'Vm' : [ 0x1fc, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x288, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x290, ['unsigned long']],
+    'ExitStatus' : [ 0x294, ['long']],
+    'VadRoot' : [ 0x298, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x29c, ['pointer', ['void']]],
+    'VadCount' : [ 0x2a0, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x2a4, ['unsigned long']],
+    'VadPhysicalPagesLimit' : [ 0x2a8, ['unsigned long']],
+    'AlpcContext' : [ 0x2ac, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x2bc, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x2c4, ['pointer', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x2c8, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x2cc, ['unsigned long']],
+    'ExitTime' : [ 0x2d0, ['_LARGE_INTEGER']],
+    'ActiveThreadsHighWatermark' : [ 0x2d8, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x2dc, ['unsigned long']],
+    'ThreadListLock' : [ 0x2e0, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x2e4, ['pointer', ['void']]],
+    'ServerSilo' : [ 0x2e8, ['pointer', ['_EJOB']]],
+    'SignatureLevel' : [ 0x2ec, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x2ed, ['unsigned char']],
+    'Protection' : [ 0x2ee, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x2ef, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'GhostCount' : [ 0x2ef, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Flags3' : [ 0x2f0, ['unsigned long']],
+    'Minimal' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Crashed' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SystemProcess' : [ 0x2f0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'HideImageBaseAddresses' : [ 0x2f0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x2f4, ['long']],
+    'SvmData' : [ 0x2f8, ['pointer', ['void']]],
+    'SvmProcessLock' : [ 0x2fc, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x300, ['unsigned long']],
+    'SvmProcessDeviceListHead' : [ 0x304, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x310, ['unsigned long long']],
+    'DiskCounters' : [ 0x318, ['pointer', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x31c, ['pointer', ['void']]],
+    'HighPriorityFaultsAllowed' : [ 0x320, ['unsigned long']],
+    'InstrumentationCallback' : [ 0x324, ['pointer', ['void']]],
+    'EnergyContext' : [ 0x328, ['pointer', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x32c, ['pointer', ['void']]],
+    'SequenceNumber' : [ 0x330, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x338, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x340, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x348, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x350, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x358, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x358, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x360, ['unsigned long']],
+    'SharedCommitLock' : [ 0x364, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x368, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x370, ['unsigned long']],
+    'DefaultCpuSets' : [ 0x374, ['unsigned long']],
+    'AllowedCpuSetsIndirect' : [ 0x370, ['pointer', ['unsigned long']]],
+    'DefaultCpuSetsIndirect' : [ 0x374, ['pointer', ['unsigned long']]],
+    'DiskIoAttribution' : [ 0x378, ['pointer', ['void']]],
+    'DxgProcess' : [ 0x37c, ['pointer', ['void']]],
+    'Win32KFilterSet' : [ 0x380, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x388, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x390, ['unsigned long']],
+    'KTimer2Sets' : [ 0x394, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x398, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x39c, ['unsigned long']],
+    'VirtualTimerListHead' : [ 0x3a0, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x3a8, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x3a8, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'MitigationFlags' : [ 0x3d8, ['unsigned long']],
+    'MitigationFlagsValues' : [ 0x3d8, ['__unnamed_13a3']],
+    'MitigationFlags2' : [ 0x3dc, ['unsigned long']],
+    'MitigationFlags2Values' : [ 0x3dc, ['__unnamed_13a5']],
+    'PartitionObject' : [ 0x3e0, ['pointer', ['void']]],
+} ],
+  '__unnamed_13b8' : [ 0x4, {
+    'MasterIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_13be' : [ 0x8, {
+    'UserApcRoutine' : [ 0x0, ['pointer', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer', ['void']]],
+    'UserApcContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_13c0' : [ 0x8, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13be']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13c9' : [ 0x2c, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer', ['void']]]],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x14, ['pointer', ['unsigned char']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x20, ['pointer', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x20, ['unsigned long']],
+    'OriginalFileObject' : [ 0x24, ['pointer', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '__unnamed_13cb' : [ 0x30, {
+    'Overlay' : [ 0x0, ['__unnamed_13c9']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IRP' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x4, ['pointer', ['_MDL']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AssociatedIrp' : [ 0xc, ['__unnamed_13b8']],
+    'ThreadListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x18, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x20, ['unsigned char']],
+    'PendingReturned' : [ 0x21, ['unsigned char']],
+    'StackCount' : [ 0x22, ['unsigned char']],
+    'CurrentLocation' : [ 0x23, ['unsigned char']],
+    'Cancel' : [ 0x24, ['unsigned char']],
+    'CancelIrql' : [ 0x25, ['unsigned char']],
+    'ApcEnvironment' : [ 0x26, ['unsigned char']],
+    'AllocationFlags' : [ 0x27, ['unsigned char']],
+    'UserIosb' : [ 0x28, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x2c, ['pointer', ['_KEVENT']]],
+    'Overlay' : [ 0x30, ['__unnamed_13c0']],
+    'CancelRoutine' : [ 0x38, ['pointer', ['void']]],
+    'UserBuffer' : [ 0x3c, ['pointer', ['void']]],
+    'Tail' : [ 0x40, ['__unnamed_13cb']],
+} ],
+  '__unnamed_13d2' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'FileAttributes' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'EaLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13d6' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13da' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13dc' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13e0' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13e2' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13e6' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+    'DirectoryNotifyInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'DirectoryNotifyInformation', 2: u'DirectoryNotifyExtendedInformation'})]],
+} ],
+  '__unnamed_13e8' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13ea' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0xc, ['unsigned char']],
+    'AdvanceOnly' : [ 0xd, ['unsigned char']],
+    'ClusterCount' : [ 0xc, ['unsigned long']],
+    'DeleteHandle' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13ec' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x4, ['pointer', ['void']]],
+    'EaListLength' : [ 0x8, ['unsigned long']],
+    'EaIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13ee' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13f2' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13f4' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'FsControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13f7' : [ 0x10, {
+    'Length' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13f9' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'IoControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13fb' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13fd' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1401' : [ 0x8, {
+    'Vpb' : [ 0x0, ['pointer', ['_VPB']]],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_1405' : [ 0x4, {
+    'Srb' : [ 0x0, ['pointer', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1409' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x4, ['pointer', ['void']]],
+    'SidList' : [ 0x8, ['pointer', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_140d' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_1411' : [ 0x10, {
+    'InterfaceType' : [ 0x0, ['pointer', ['_GUID']]],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned short']],
+    'Interface' : [ 0x8, ['pointer', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1415' : [ 0x4, {
+    'Capabilities' : [ 0x0, ['pointer', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1419' : [ 0x4, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_141b' : [ 0x10, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['void']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+    'Length' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_141d' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_1421' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_1425' : [ 0x8, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1429' : [ 0x8, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_142d' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_1431' : [ 0x4, {
+    'PowerSequence' : [ 0x0, ['pointer', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1439' : [ 0x10, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x8, ['_POWER_STATE']],
+    'ShutdownType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_143d' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x4, ['pointer', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_143f' : [ 0x10, {
+    'ProviderId' : [ 0x0, ['unsigned long']],
+    'DataPath' : [ 0x4, ['pointer', ['void']]],
+    'BufferSize' : [ 0x8, ['unsigned long']],
+    'Buffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1441' : [ 0x10, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1443' : [ 0x10, {
+    'Create' : [ 0x0, ['__unnamed_13d2']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13d6']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13da']],
+    'Read' : [ 0x0, ['__unnamed_13dc']],
+    'Write' : [ 0x0, ['__unnamed_13dc']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13e0']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13e2']],
+    'NotifyDirectoryEx' : [ 0x0, ['__unnamed_13e6']],
+    'QueryFile' : [ 0x0, ['__unnamed_13e8']],
+    'SetFile' : [ 0x0, ['__unnamed_13ea']],
+    'QueryEa' : [ 0x0, ['__unnamed_13ec']],
+    'SetEa' : [ 0x0, ['__unnamed_13ee']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13f2']],
+    'SetVolume' : [ 0x0, ['__unnamed_13f2']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13f4']],
+    'LockControl' : [ 0x0, ['__unnamed_13f7']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_13f9']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_13fb']],
+    'SetSecurity' : [ 0x0, ['__unnamed_13fd']],
+    'MountVolume' : [ 0x0, ['__unnamed_1401']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_1401']],
+    'Scsi' : [ 0x0, ['__unnamed_1405']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1409']],
+    'SetQuota' : [ 0x0, ['__unnamed_13ee']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_140d']],
+    'QueryInterface' : [ 0x0, ['__unnamed_1411']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_1415']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1419']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_141b']],
+    'SetLock' : [ 0x0, ['__unnamed_141d']],
+    'QueryId' : [ 0x0, ['__unnamed_1421']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_1425']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1429']],
+    'WaitWake' : [ 0x0, ['__unnamed_142d']],
+    'PowerSequence' : [ 0x0, ['__unnamed_1431']],
+    'Power' : [ 0x0, ['__unnamed_1439']],
+    'StartDevice' : [ 0x0, ['__unnamed_143d']],
+    'WMI' : [ 0x0, ['__unnamed_143f']],
+    'Others' : [ 0x0, ['__unnamed_1441']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x24, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x4, ['__unnamed_1443']],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_1459' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x14, ['pointer', ['_IRP']]],
+    'Timer' : [ 0x18, ['pointer', ['_IO_TIMER']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Characteristics' : [ 0x20, ['unsigned long']],
+    'Vpb' : [ 0x24, ['pointer', ['_VPB']]],
+    'DeviceExtension' : [ 0x28, ['pointer', ['void']]],
+    'DeviceType' : [ 0x2c, ['unsigned long']],
+    'StackSize' : [ 0x30, ['unsigned char']],
+    'Queue' : [ 0x34, ['__unnamed_1459']],
+    'AlignmentRequirement' : [ 0x5c, ['unsigned long']],
+    'DeviceQueue' : [ 0x60, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0x74, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x94, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x98, ['pointer', ['void']]],
+    'DeviceLock' : [ 0x9c, ['_KEVENT']],
+    'SectorSize' : [ 0xac, ['unsigned short']],
+    'Spare1' : [ 0xae, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0xb0, ['pointer', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0xb4, ['pointer', ['void']]],
+} ],
+  '_KDPC' : [ 0x20, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x8, ['unsigned long']],
+    'DeferredRoutine' : [ 0xc, ['pointer', ['void']]],
+    'DeferredContext' : [ 0x10, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x14, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x18, ['pointer', ['void']]],
+    'DpcData' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x14, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x4, ['pointer', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x8, ['pointer', ['void']]],
+    'TxnParameters' : [ 0xc, ['pointer', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x10, ['pointer', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x3a0, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x20, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0x60, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0x68, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0x78, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0x80, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0x88, ['unsigned long']],
+    'TotalProcesses' : [ 0x8c, ['unsigned long']],
+    'ActiveProcesses' : [ 0x90, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0x94, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0x98, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xa0, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xa8, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0xac, ['unsigned long']],
+    'LimitFlags' : [ 0xb0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xb4, ['unsigned long']],
+    'Affinity' : [ 0xb8, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0xc4, ['pointer', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0xc8, ['pointer', ['void']]],
+    'UIRestrictionsClass' : [ 0xcc, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0xd0, ['unsigned long']],
+    'CompletionPort' : [ 0xd4, ['pointer', ['void']]],
+    'CompletionKey' : [ 0xd8, ['pointer', ['void']]],
+    'CompletionCount' : [ 0xe0, ['unsigned long long']],
+    'SessionId' : [ 0xe8, ['unsigned long']],
+    'SchedulingClass' : [ 0xec, ['unsigned long']],
+    'ReadOperationCount' : [ 0xf0, ['unsigned long long']],
+    'WriteOperationCount' : [ 0xf8, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x100, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x108, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x110, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x118, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x120, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x148, ['unsigned long']],
+    'JobMemoryLimit' : [ 0x14c, ['unsigned long']],
+    'JobTotalMemoryLimit' : [ 0x150, ['unsigned long']],
+    'PeakProcessMemoryUsed' : [ 0x154, ['unsigned long']],
+    'PeakJobMemoryUsed' : [ 0x158, ['unsigned long']],
+    'EffectiveAffinity' : [ 0x15c, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x168, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x170, ['unsigned long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x174, ['unsigned long']],
+    'EffectiveProcessMemoryLimit' : [ 0x178, ['unsigned long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x17c, ['pointer', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x180, ['pointer', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x184, ['pointer', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x188, ['pointer', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x18c, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x190, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x194, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x198, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x19c, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x1a0, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x1a4, ['unsigned char']],
+    'PriorityClass' : [ 0x1a5, ['unsigned char']],
+    'NestingDepth' : [ 0x1a6, ['unsigned char']],
+    'Reserved1' : [ 0x1a7, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x1a8, ['unsigned long']],
+    'WakeChannel' : [ 0x1b0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x1b0, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x1f8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x200, ['unsigned long']],
+    'NotificationLink' : [ 0x204, ['pointer', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x208, ['unsigned long long']],
+    'NotificationInfo' : [ 0x210, ['pointer', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x214, ['pointer', ['void']]],
+    'NotificationPacket' : [ 0x218, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x21c, ['pointer', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x220, ['pointer', ['void']]],
+    'ReadyTime' : [ 0x228, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x230, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x234, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x23c, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x244, ['pointer', ['_EJOB']]],
+    'RootJob' : [ 0x248, ['pointer', ['_EJOB']]],
+    'IteratorListHead' : [ 0x24c, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x254, ['unsigned long']],
+    'Ancestors' : [ 0x258, ['pointer', ['pointer', ['_EJOB']]]],
+    'SessionObject' : [ 0x258, ['pointer', ['void']]],
+    'Accounting' : [ 0x260, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x2b8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x2bc, ['unsigned long']],
+    'SequenceNumber' : [ 0x2c0, ['unsigned long']],
+    'JobId' : [ 0x2c4, ['unsigned long']],
+    'ContainerId' : [ 0x2c8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x2d8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x2e8, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x2ec, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x2f8, ['pointer', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x2fc, ['pointer', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x300, ['unsigned long']],
+    'CloseDone' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x300, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x300, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x300, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x304, ['unsigned long']],
+    'ParentLocked' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x308, ['pointer', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x30c, ['unsigned long']],
+    'DiskIoAttributionUserRefCount' : [ 0x310, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x314, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x318, ['pointer', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x318, ['pointer', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x31c, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x330, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x34c, ['long']],
+    'VolumeIoControlTree' : [ 0x350, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x358, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x360, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x364, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x368, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x36c, ['unsigned long']],
+    'LastThrottledIoTime' : [ 0x370, ['unsigned long long']],
+    'IoControlLock' : [ 0x378, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x37c, ['unsigned long']],
+    'RundownWorkItem' : [ 0x380, ['_WORK_QUEUE_ITEM']],
+    'PartitionObject' : [ 0x390, ['pointer', ['void']]],
+    'PartitionOwnerJob' : [ 0x394, ['pointer', ['_EJOB']]],
+    'EnergyTrackingState' : [ 0x398, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MDL']]],
+    'Size' : [ 0x4, ['short']],
+    'MdlFlags' : [ 0x6, ['short']],
+    'Process' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0xc, ['pointer', ['void']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'ByteCount' : [ 0x14, ['unsigned long']],
+    'ByteOffset' : [ 0x18, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x68, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x5c, ['pointer', ['void']]],
+    'UserContext' : [ 0x60, ['pointer', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0x80, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x8, ['pointer', ['_VPB']]],
+    'FsContext' : [ 0xc, ['pointer', ['void']]],
+    'FsContext2' : [ 0x10, ['pointer', ['void']]],
+    'SectionObjectPointer' : [ 0x14, ['pointer', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x18, ['pointer', ['void']]],
+    'FinalStatus' : [ 0x1c, ['long']],
+    'RelatedFileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x24, ['unsigned char']],
+    'DeletePending' : [ 0x25, ['unsigned char']],
+    'ReadAccess' : [ 0x26, ['unsigned char']],
+    'WriteAccess' : [ 0x27, ['unsigned char']],
+    'DeleteAccess' : [ 0x28, ['unsigned char']],
+    'SharedRead' : [ 0x29, ['unsigned char']],
+    'SharedWrite' : [ 0x2a, ['unsigned char']],
+    'SharedDelete' : [ 0x2b, ['unsigned char']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x40, ['unsigned long']],
+    'Busy' : [ 0x44, ['unsigned long']],
+    'LastLock' : [ 0x48, ['pointer', ['void']]],
+    'Lock' : [ 0x4c, ['_KEVENT']],
+    'Event' : [ 0x5c, ['_KEVENT']],
+    'CompletionContext' : [ 0x6c, ['pointer', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0x70, ['unsigned long']],
+    'IrpList' : [ 0x74, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x4, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x38, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0x8, ['unsigned long']],
+    'CurrentFileIndex' : [ 0x8, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+    'FirstFileEntry' : [ 0x28, ['pointer', ['unsigned long']]],
+    'Process' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer', ['unsigned long']]],
+    'LastPageFrameEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x1b0, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0xc, ['pointer', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x10, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x28, ['pointer', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x2c, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x38, ['pointer', ['pointer', ['void']]]],
+    'Oplock' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedForRemote' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedContext' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_iobuf' : [ 0x20, {
+    '_ptr' : [ 0x0, ['pointer', ['unsigned char']]],
+    '_cnt' : [ 0x4, ['long']],
+    '_base' : [ 0x8, ['pointer', ['unsigned char']]],
+    '_flag' : [ 0xc, ['long']],
+    '_file' : [ 0x10, ['long']],
+    '_charbuf' : [ 0x14, ['long']],
+    '_bufsiz' : [ 0x18, ['long']],
+    '_tmpfname' : [ 0x1c, ['pointer', ['unsigned char']]],
+} ],
+  '_RTL_HASH_TABLE' : [ 0xc, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x8, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0xc, {
+    'Hash' : [ 0x0, ['pointer', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x4, ['pointer', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x10, {
+    'Table' : [ 0x0, ['pointer', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x4, ['unsigned long']],
+    'EntryMax' : [ 0x8, ['unsigned long']],
+    'EntryCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x4, {
+    'Key' : [ 0x0, ['unsigned long']],
+} ],
+  '_TlgProvider_t' : [ 0x30, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x4, ['pointer', ['unsigned short']]],
+    'KeywordAny' : [ 0x8, ['unsigned long long']],
+    'KeywordAll' : [ 0x10, ['unsigned long long']],
+    'RegHandle' : [ 0x18, ['unsigned long long']],
+    'EnableCallback' : [ 0x20, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x24, ['pointer', ['void']]],
+    'AnnotationFunc' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_16a8' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'HighLow' : [ 0x0, ['_MMPTE_HIGHLOW']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_16a8']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0xc, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x4, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0x8, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x8, ['pointer', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'ReservedLowFlags' : [ 0xe, ['unsigned char']],
+    'WaiterPriority' : [ 0xf, ['unsigned char']],
+    'SharedWaiters' : [ 0x10, ['pointer', ['void']]],
+    'ExclusiveWaiters' : [ 0x14, ['pointer', ['void']]],
+    'OwnerEntry' : [ 0x18, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0xc, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x14, {
+    'Total' : [ 0x0, ['unsigned long']],
+    'ListName' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x8, ['unsigned long']],
+    'Blink' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x30, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0xc, ['pointer', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x10, ['pointer', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x14, ['unsigned long']],
+    'NumberOfReferences' : [ 0x18, ['unsigned long']],
+    'CloneHeader' : [ 0x1c, ['pointer', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x20, ['unsigned long']],
+    'NestingLevel' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_16eb' : [ 0x4, {
+    'NextSlistPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x0, ['_MI_ACTIVE_PFN']],
+} ],
+  '__unnamed_16f0' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_16f2' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_16f4' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_16f0']],
+    'e4' : [ 0x0, ['__unnamed_16f2']],
+} ],
+  '__unnamed_16f9' : [ 0x4, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 27, native_type='unsigned long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPFN' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_16eb']],
+    'PteAddress' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x4, ['pointer', ['void']]],
+    'PteLong' : [ 0x4, ['unsigned long']],
+    'OriginalPte' : [ 0x8, ['_MMPTE']],
+    'u2' : [ 0x10, ['_MIPFNBLINK']],
+    'u3' : [ 0x14, ['__unnamed_16f4']],
+    'u4' : [ 0x18, ['__unnamed_16f9']],
+} ],
+  '__unnamed_1704' : [ 0x4, {
+    'ImageCommitment' : [ 0x0, ['unsigned long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1708' : [ 0x4, {
+    'ImageInformation' : [ 0x0, ['pointer', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x20, ['__unnamed_1704']],
+    'u2' : [ 0x24, ['__unnamed_1708']],
+    'PrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_170d' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_1715' : [ 0xc, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'LargePage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 23, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_1717' : [ 0xc, {
+    'e2' : [ 0x0, ['__unnamed_1715']],
+} ],
+  '__unnamed_171c' : [ 0x4, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 20, native_type='unsigned long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x50, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'ListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0xc, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x10, ['unsigned long']],
+    'NumberOfMappedViews' : [ 0x14, ['unsigned long']],
+    'NumberOfUserReferences' : [ 0x18, ['unsigned long']],
+    'u' : [ 0x1c, ['__unnamed_170d']],
+    'FilePointer' : [ 0x20, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x24, ['long']],
+    'ModifiedWriteCount' : [ 0x28, ['unsigned long']],
+    'WaitList' : [ 0x2c, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x30, ['__unnamed_1717']],
+    'FileObjectLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x40, ['unsigned long long']],
+    'u3' : [ 0x48, ['__unnamed_171c']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x38, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'BasePte' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'VaType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSpecialPoolNonPaged', 14: u'MiVaPagedProtoPool', 15: u'MiVaSystemPtesLarge', 16: u'MiVaKernelStacks', 17: u'MiVaMaximumType'})]],
+    'FailureCount' : [ 0x14, ['pointer', ['unsigned long']]],
+    'PteFailures' : [ 0x18, ['unsigned long']],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'GlobalPushLock' : [ 0x1c, ['pointer', ['_EX_PUSH_LOCK']]],
+    'Vm' : [ 0x20, ['pointer', ['_MMSUPPORT_INSTANCE']]],
+    'TotalSystemPtes' : [ 0x24, ['unsigned long']],
+    'Hint' : [ 0x28, ['unsigned long']],
+    'LowestBitEverAllocated' : [ 0x2c, ['unsigned long']],
+    'CachedPtes' : [ 0x30, ['pointer', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_173d' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_1740' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x28, {
+    'NextVad' : [ 0x0, ['pointer', ['_MMVAD_SHORT']]],
+    'ExtraCreateInfo' : [ 0x4, ['pointer', ['void']]],
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x1c, ['__unnamed_173d']],
+    'u1' : [ 0x20, ['__unnamed_1740']],
+    'EventList' : [ 0x24, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x4, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 28, native_type='unsigned long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireKey' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PARTITION' : [ 0x1a80, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0xe8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x2b0, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x340, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x4c0, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0xc80, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0xd00, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0xd40, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0xe18, ['pointer', ['void']]],
+    'WorkingSetExpansionHead' : [ 0xe1c, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0xe40, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_EPARTITION' : [ 0x44, {
+    'MmPartition' : [ 0x0, ['pointer', ['void']]],
+    'CcPartition' : [ 0x4, ['pointer', ['void']]],
+    'ExPartition' : [ 0x8, ['pointer', ['void']]],
+    'HardReferenceCount' : [ 0xc, ['long']],
+    'OpenHandleCount' : [ 0x10, ['long']],
+    'ActivePartitionLinks' : [ 0x14, ['_LIST_ENTRY']],
+    'ParentPartition' : [ 0x1c, ['pointer', ['_EPARTITION']]],
+    'TeardownWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'TeardownLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'SystemProcess' : [ 0x34, ['pointer', ['_EPROCESS']]],
+    'SystemProcessHandle' : [ 0x38, ['pointer', ['void']]],
+    'PartitionFlags' : [ 0x3c, ['unsigned long']],
+    'PairedWithJob' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Padding' : [ 0x40, ['unsigned long']],
+} ],
+  '_HHIVE' : [ 0x6f0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x4, ['pointer', ['void']]],
+    'ReleaseCellRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Allocate' : [ 0xc, ['pointer', ['void']]],
+    'Free' : [ 0x10, ['pointer', ['void']]],
+    'FileWrite' : [ 0x14, ['pointer', ['void']]],
+    'FileRead' : [ 0x18, ['pointer', ['void']]],
+    'HiveLoadFailure' : [ 0x1c, ['pointer', ['void']]],
+    'BaseBlock' : [ 0x20, ['pointer', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x24, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x2c, ['unsigned long']],
+    'DirtyAlloc' : [ 0x30, ['unsigned long']],
+    'UnreconciledVector' : [ 0x34, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x3c, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x40, ['unsigned long']],
+    'Cluster' : [ 0x44, ['unsigned long']],
+    'Flat' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SystemCacheBacked' : [ 0x48, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x49, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x4c, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x50, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x54, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x58, ['unsigned long']],
+    'HiveFlags' : [ 0x5c, ['unsigned long']],
+    'CurrentLog' : [ 0x60, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x64, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x68, ['unsigned long']],
+    'CurrentLogOffset' : [ 0x6c, ['unsigned long']],
+    'MinimumLogSequence' : [ 0x70, ['unsigned long']],
+    'LogFileSizeCap' : [ 0x74, ['unsigned long']],
+    'LogDataPresent' : [ 0x78, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0x7a, ['unsigned char']],
+    'BaseBlockDirty' : [ 0x7b, ['unsigned char']],
+    'LastLogSwapTime' : [ 0x80, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0x88, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0x88, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0x88, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0x88, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0x8a, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0x8c, ['unsigned long']],
+    'StorageTypeCount' : [ 0x90, ['unsigned long']],
+    'Version' : [ 0x94, ['unsigned long']],
+    'ViewMap' : [ 0x98, ['_HVIEW_MAP']],
+    'Storage' : [ 0x3b8, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0xb0, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SpareExtFlag' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0xc, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0x14, ['unsigned long']],
+    'KcbPushlock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x1c, ['pointer', ['_KTHREAD']]],
+    'SharedCount' : [ 0x1c, ['long']],
+    'DelayedDeref' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x20, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x20, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x21, ['unsigned char']],
+    'LayerHeight' : [ 0x22, ['short']],
+    'ParentKcb' : [ 0x24, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x28, ['pointer', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x2c, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x30, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x38, ['pointer', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x38, ['unsigned long']],
+    'SubKeyCount' : [ 0x38, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x3c, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x3c, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x44, ['array', 4, ['pointer', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0x60, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0x62, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0x64, ['unsigned long']],
+    'KcbUserFlags' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'LayerInfo' : [ 0x6c, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'KCBUoWListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'Stolen' : [ 0x78, ['pointer', ['unsigned char']]],
+    'TransKCBOwner' : [ 0x80, ['pointer', ['_CM_TRANS']]],
+    'KCBLock' : [ 0x84, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x8c, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x94, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x9c, ['pointer', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0xa0, ['pointer', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0xa0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0xa0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0xa8, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x8, ['pointer', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0xc, ['pointer', ['void']]],
+    'KeyBodyList' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x18, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x20, ['pointer', ['_GUID']]],
+    'ContextListHead' : [ 0x24, ['_LIST_ENTRY']],
+    'EnumerationResumeContext' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x10, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x4, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0xc, ['unsigned short']],
+    'Name' : [ 0xe, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_17d7' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmInitializeHive', 2: u'_HvInitializeHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread', 23: u'_CmpCheckLeaf'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_17da' : [ 0xc, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x4, ['pointer', ['void']]],
+    'Status' : [ 0x8, ['long']],
+} ],
+  '__unnamed_17dc' : [ 0x4, {
+    'CheckStack' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_17de' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x4, ['pointer', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x8, ['pointer', ['void']]],
+    'Index' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_17e0' : [ 0x10, {
+    'List' : [ 0x0, ['pointer', ['_CELL_DATA']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Cell' : [ 0x8, ['unsigned long']],
+    'CellPoint' : [ 0xc, ['pointer', ['_CELL_DATA']]],
+} ],
+  '__unnamed_17e4' : [ 0xc, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer', ['_HBIN']]],
+} ],
+  '__unnamed_17e8' : [ 0x8, {
+    'Bin' : [ 0x0, ['pointer', ['_HBIN']]],
+    'CellPoint' : [ 0x4, ['pointer', ['_HCELL']]],
+} ],
+  '__unnamed_17ea' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x11c, {
+    'Hive' : [ 0x0, ['pointer', ['_HHIVE']]],
+    'Index' : [ 0x4, ['unsigned short']],
+    'RecoverableIndex' : [ 0x6, ['unsigned short']],
+    'Locations' : [ 0x8, ['array', 8, ['__unnamed_17d7']]],
+    'RecoverableLocations' : [ 0x68, ['array', 8, ['__unnamed_17d7']]],
+    'RegistryIO' : [ 0xc8, ['__unnamed_17da']],
+    'CheckRegistry2' : [ 0xd4, ['__unnamed_17dc']],
+    'CheckKey' : [ 0xd8, ['__unnamed_17de']],
+    'CheckValueList' : [ 0xe8, ['__unnamed_17e0']],
+    'CheckHive' : [ 0xf8, ['__unnamed_17e4']],
+    'CheckHive1' : [ 0x104, ['__unnamed_17e4']],
+    'CheckBin' : [ 0x110, ['__unnamed_17e8']],
+    'RecoverData' : [ 0x118, ['__unnamed_17ea']],
+} ],
+  '_CM_KCB_UOW' : [ 0x40, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x8, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0xc, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x18, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x1c, ['pointer', ['_CM_TRANS']]],
+    'UoWState' : [ 0x20, ['unsigned long']],
+    'ActionType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ParentUoW' : [ 0x2c, ['pointer', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x30, ['unsigned long']],
+    'OldValueCell' : [ 0x30, ['unsigned long']],
+    'NewValueCell' : [ 0x34, ['unsigned long']],
+    'UserFlags' : [ 0x30, ['unsigned long']],
+    'LastWriteTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x34, ['unsigned long']],
+    'OldChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x34, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x34, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x38, ['pointer', ['void']]],
+    'SecurityData' : [ 0x38, ['pointer', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x38, ['pointer', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x38, ['pointer', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x3c, ['pointer', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x3c, ['pointer', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0x70, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x18, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x18, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x18, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x18, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x18, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x18, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x18, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x18, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x18, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x18, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x18, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x18, ['unsigned long']],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x20, ['pointer', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x24, ['pointer', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x28, ['pointer', ['void']]],
+    'KtmUow' : [ 0x2c, ['_GUID']],
+    'StartLsn' : [ 0x40, ['unsigned long long']],
+    'HiveCount' : [ 0x48, ['unsigned long']],
+    'HiveArray' : [ 0x4c, ['array', 8, ['pointer', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x8, ['unsigned long']],
+    'Counters' : [ 0xc, ['pointer', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x8, {
+    'Data' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['unsigned long']]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x175, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['unsigned long long']]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x281, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SyntheticTimeUnhaltedTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'AccessRootSchedulerReg' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x1840, {
+    'TimerExpiry' : [ 0x0, ['array', 16, ['pointer', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x40, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Entry' : [ 0x4, ['_LIST_ENTRY']],
+    'Time' : [ 0x10, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x20, {
+    'Reserved1' : [ 0x0, ['long long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+    'Prev' : [ 0xc, ['pointer', ['_XSTATE_SAVE']]],
+    'Reserved3' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Thread' : [ 0x14, ['pointer', ['_KTHREAD']]],
+    'Reserved4' : [ 0x18, ['pointer', ['void']]],
+    'Level' : [ 0x1c, ['unsigned char']],
+    'XStateContext' : [ 0x0, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x140, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'ReadySummary' : [ 0x4, ['unsigned long']],
+    'ReadyListHead' : [ 0x8, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x108, ['array', 32, ['unsigned char']]],
+    'Span' : [ 0x128, ['unsigned char']],
+    'LowProcIndex' : [ 0x129, ['unsigned char']],
+    'QueueIndex' : [ 0x12a, ['unsigned char']],
+    'ProcCount' : [ 0x12b, ['unsigned char']],
+    'ScanOwner' : [ 0x12c, ['unsigned char']],
+    'Spare' : [ 0x12d, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x130, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x134, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KAFFINITY_EX' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0xc, {
+    'Affinity' : [ 0x0, ['pointer', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x4, ['unsigned long']],
+    'CurrentIndex' : [ 0x8, ['unsigned short']],
+} ],
+  '__unnamed_192c' : [ 0x4, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_192e' : [ 0x4, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1932' : [ 0x10, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0xc, ['pointer', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x1d4, {
+    'Sibling' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x2c, ['long']],
+    'FxRemoveEvent' : [ 0x30, ['_KEVENT']],
+    'FxActivationCount' : [ 0x40, ['long']],
+    'FxSleepCount' : [ 0x44, ['long']],
+    'Plugin' : [ 0x48, ['pointer', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x4c, ['unsigned long']],
+    'CurrentPowerState' : [ 0x50, ['_POWER_STATE']],
+    'Notify' : [ 0x54, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x90, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0xa0, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0xa8, ['unsigned long']],
+    'State' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0xb0, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0xb4, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x104, ['unsigned long']],
+    'CompletionStatus' : [ 0x108, ['long']],
+    'Flags' : [ 0x10c, ['unsigned long']],
+    'UserFlags' : [ 0x110, ['unsigned long']],
+    'Problem' : [ 0x114, ['unsigned long']],
+    'ProblemStatus' : [ 0x118, ['long']],
+    'ResourceList' : [ 0x11c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x120, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x124, ['pointer', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x128, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x130, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x134, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x138, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x13c, ['unsigned short']],
+    'RemovalPolicy' : [ 0x13e, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x13f, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x140, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x148, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x150, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x158, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x15a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x15c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x15e, ['unsigned short']],
+    'OverUsed1' : [ 0x160, ['__unnamed_192c']],
+    'OverUsed2' : [ 0x164, ['__unnamed_192e']],
+    'BootResources' : [ 0x168, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x16c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x170, ['unsigned long']],
+    'DockInfo' : [ 0x174, ['__unnamed_1932']],
+    'DisableableDepends' : [ 0x184, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x188, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x190, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x198, ['unsigned long']],
+    'PreviousParent' : [ 0x19c, ['pointer', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x1a0, ['long']],
+    'NumaNodeIndex' : [ 0x1a4, ['unsigned long']],
+    'ContainerID' : [ 0x1a8, ['_GUID']],
+    'OverrideFlags' : [ 0x1b8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x1bc, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x1c0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x1c4, ['pointer', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x1c8, ['unsigned long']],
+    'RebalanceContext' : [ 0x1cc, ['pointer', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+    'IommuExtension' : [ 0x1d0, ['pointer', ['_DEVICE_NODE_IOMMU_EXTENSION']]],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x38, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x2c, ['pointer', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x30, ['pointer', ['unsigned long long']]],
+    'EnableLevel' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x2c, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x8, ['unsigned long']],
+    'CompletedList' : [ 0xc, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x14, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x28, ['unsigned long']],
+} ],
+  '_KSEMAPHORE' : [ 0x14, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x10, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x38, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x8, ['unsigned long']],
+    'Dope' : [ 0xc, ['pointer', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x10, ['unsigned long']],
+    'DeviceNode' : [ 0x14, ['pointer', ['void']]],
+    'AttachedTo' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x1c, ['long']],
+    'StartIoKey' : [ 0x20, ['long']],
+    'StartIoFlags' : [ 0x24, ['unsigned long']],
+    'Vpb' : [ 0x28, ['pointer', ['_VPB']]],
+    'DependencyNode' : [ 0x2c, ['pointer', ['void']]],
+    'InterruptContext' : [ 0x30, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0xc, {
+    'Mask' : [ 0x0, ['unsigned long']],
+    'Group' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['array', 3, ['unsigned short']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0xc, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x28, {
+    'PhysicalDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'AllocationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0xc, ['unsigned long']],
+    'Position' : [ 0x10, ['unsigned long']],
+    'ResourceRequirements' : [ 0x14, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x18, ['pointer', ['void']]],
+    'ResourceAssignment' : [ 0x1c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x20, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x24, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1a30' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1a30']],
+} ],
+  '__unnamed_1a37' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1a37']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_X86_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x14, ['pointer', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x30, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x1c, ['pointer', ['unsigned short']]],
+    'PinCount' : [ 0x20, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x22, ['unsigned char']],
+    'ResourceSourceName' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x28, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x20, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'SlaveAddress' : [ 0x1c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x18, ['unsigned long']],
+    'RxBufferSize' : [ 0x1c, ['unsigned short']],
+    'TxBufferSize' : [ 0x1e, ['unsigned short']],
+    'Parity' : [ 0x20, ['unsigned char']],
+    'LinesInUse' : [ 0x21, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'DataBitLength' : [ 0x1c, ['unsigned char']],
+    'Phase' : [ 0x1d, ['unsigned char']],
+    'Polarity' : [ 0x1e, ['unsigned char']],
+    'DeviceSelection' : [ 0x20, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x100, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x14, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x18, ['pointer', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x1c, ['pointer', ['void']]],
+    'Accounting' : [ 0x20, ['pointer', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_POP_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x1c8, {
+    'Name' : [ 0x0, ['pointer', ['wchar']]],
+    'Id' : [ 0x4, ['unsigned char']],
+    'Guid' : [ 0x8, ['_GUID']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Priority' : [ 0x1c, ['unsigned char']],
+    'Settings' : [ 0x20, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x1a0, ['unsigned long long']],
+    'Count' : [ 0x1a8, ['unsigned long long']],
+    'MaxDuration' : [ 0x1b0, ['unsigned long long']],
+    'MinDuration' : [ 0x1b8, ['unsigned long long']],
+    'TotalDuration' : [ 0x1c0, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xc0, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x44, ['unsigned long']],
+    'AutonomousPreference' : [ 0x48, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x49, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4b, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x4d, ['unsigned char']],
+    'ParkingPerfState' : [ 0x4e, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x50, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x51, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x52, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x53, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x54, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x55, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x56, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x58, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x5c, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x60, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x62, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x64, ['unsigned char']],
+    'IdleDisabled' : [ 0x65, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x68, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x6c, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x6d, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x6e, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x6f, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x70, ['array', 32, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x90, ['array', 32, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xb0, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xb1, ['unsigned char']],
+    'ThreadPolicies' : [ 0xb4, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuPolicyAll', 1: u'KHeteroCpuPolicyLarge', 2: u'KHeteroCpuPolicyLargeOrIdle', 3: u'KHeteroCpuPolicySmall', 4: u'KHeteroCpuPolicySmallOrIdle', 5: u'KHeteroCpuPolicyStaticMax', 6: u'KHeteroCpuPolicyBiasedSmall', 7: u'KHeteroCpuPolicyBiasedLarge', 8: u'KHeteroCpuPolicyDefault', 9: u'KHeteroCpuPolicyMax'})]]],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x2a0, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x1a4, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x1c0, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x1f0, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x1f4, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x1f8, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x1fc, ['pointer', ['void']]],
+    'HardErrorState' : [ 0x200, ['unsigned long']],
+    'WnfSiloState' : [ 0x208, ['_WNF_SILODRIVERSTATE']],
+    'DbgkSiloState' : [ 0x238, ['_DBGK_SILOSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x248, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x250, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x258, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x25c, ['pointer', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x260, ['unsigned char']],
+    'NtSystemRoot' : [ 0x264, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x26c, ['_UNICODE_STRING']],
+    'Storage' : [ 0x274, ['pointer', ['_PSP_STORAGE']]],
+    'State' : [ 0x278, ['Enumeration', dict(target = 'long', choices = {0: u'SERVERSILO_INITING', 1: u'SERVERSILO_STARTED', 2: u'SERVERSILO_SHUTTING_DOWN', 3: u'SERVERSILO_TERMINATING', 4: u'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x27c, ['long']],
+    'DeleteEvent' : [ 0x280, ['pointer', ['_KEVENT']]],
+    'UserSharedData' : [ 0x284, ['pointer', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x288, ['pointer', ['void']]],
+    'TerminateWorkItem' : [ 0x28c, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SIrpBlocked' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BlockFastResume' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x90, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x14, ['unsigned long']],
+    'LogHandleContext' : [ 0x18, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0x84, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0x88, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x178, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x28, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x30, ['array', 4, ['pointer', ['_VACB']]]],
+    'Vacbs' : [ 0x40, ['pointer', ['pointer', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x44, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x4c, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'Flags' : [ 0x60, ['unsigned long']],
+    'Status' : [ 0x64, ['long']],
+    'Mbcb' : [ 0x68, ['pointer', ['_MBCB']]],
+    'Section' : [ 0x6c, ['pointer', ['void']]],
+    'CreateEvent' : [ 0x70, ['pointer', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0x74, ['pointer', ['_KEVENT']]],
+    'PagesToWrite' : [ 0x78, ['unsigned long']],
+    'BeyondLastFlush' : [ 0x80, ['long long']],
+    'Callbacks' : [ 0x88, ['pointer', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0x8c, ['pointer', ['void']]],
+    'PrivateList' : [ 0x90, ['_LIST_ENTRY']],
+    'V1' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0xa0, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0xa8, ['unsigned long']],
+    'LazyWritePassCount' : [ 0xac, ['unsigned long']],
+    'UninitializeEvent' : [ 0xb0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0xb4, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0xd8, ['_LARGE_INTEGER']],
+    'Event' : [ 0xe0, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0xf8, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x160, ['pointer', ['void']]],
+    'VolumeCacheMap' : [ 0x164, ['pointer', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x168, ['unsigned long']],
+    'WritesInProgress' : [ 0x16c, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x170, ['unsigned long']],
+    'Partition' : [ 0x174, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '__unnamed_1b3d' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x8, ['__unnamed_1b3d']],
+    'ArrayHead' : [ 0x10, ['pointer', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x280, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'PartitionObject' : [ 0x4, ['pointer', ['_EPARTITION']]],
+    'CleanSharedCacheMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0x18, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriteCursor' : [ 0x24, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0x30, ['_LIST_ENTRY']],
+    'PrivateLock' : [ 0x40, ['unsigned long']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0x44, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0x48, ['unsigned char']],
+    'WorkQueueLock' : [ 0x80, ['unsigned long']],
+    'NumberWorkerThreads' : [ 0x84, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0x88, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0x8c, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0x94, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0x9c, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0xa4, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0xac, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0xb4, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0xbc, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0xc0, ['unsigned long']],
+    'QueueThrottle' : [ 0xc4, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0xc8, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0xcc, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0xd0, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0xd4, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0xd8, ['unsigned long']],
+    'LowMemoryEvent' : [ 0xdc, ['_KEVENT']],
+    'PowerEvent' : [ 0xec, ['_KEVENT']],
+    'PeriodicEvent' : [ 0xfc, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x10c, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x11c, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x12c, ['unsigned long']],
+    'LazyWriter' : [ 0x130, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x180, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x190, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x1b8, ['pointer', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x1bc, ['long']],
+    'AverageAvailablePages' : [ 0x1c0, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x1c8, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x1d0, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x1e8, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x1e9, ['unsigned char']],
+    'DeferredWrites' : [ 0x1ec, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x200, ['unsigned long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x204, ['pointer', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x208, ['pointer', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x20c, ['pointer', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x210, ['pointer', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x214, ['pointer', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x218, ['pointer', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x21c, ['pointer', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x220, ['_EX_PUSH_LOCK']],
+    'VacbFreeHighPriorityList' : [ 0x224, ['_LIST_ENTRY']],
+    'NumberOfFreeHighPriorityVacbs' : [ 0x22c, ['unsigned long']],
+    'LowPriWorkerThread' : [ 0x230, ['pointer', ['_ETHREAD']]],
+    'LowPriSharedCacheMap' : [ 0x234, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'LowPriOldCpuPriority' : [ 0x238, ['long']],
+    'LowPriOldIoPriority' : [ 0x23c, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+    'LowPriorityWorkerThreadLock' : [ 0x240, ['_EX_PUSH_LOCK']],
+    'MaxNumberOfWriteBehindThreads' : [ 0x244, ['unsigned long']],
+    'CoalescingState' : [ 0x248, ['unsigned char']],
+    'RundownStarted' : [ 0x249, ['unsigned char']],
+    'RefCount' : [ 0x24c, ['long']],
+    'ExitEvent' : [ 0x250, ['_KEVENT']],
+    'FinalDereferenceEvent' : [ 0x260, ['_KEVENT']],
+    'LazyWriteScanThreadHandle' : [ 0x270, ['pointer', ['void']]],
+} ],
+  '__unnamed_1b63' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1b65' : [ 0x4, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1b67' : [ 0x4, {
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+} ],
+  '__unnamed_1b69' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1b6b' : [ 0x1c, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x4, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x8, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_1b6f' : [ 0x40, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'PrefetchList' : [ 0x18, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x1c, ['unsigned long']],
+    'Mdl' : [ 0x20, ['pointer', ['_MDL']]],
+    'IoStatusBlock' : [ 0x24, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x34, ['pointer', ['void']]],
+    'RequestorMode' : [ 0x38, ['unsigned char']],
+    'NestingLevel' : [ 0x3c, ['unsigned long']],
+} ],
+  '__unnamed_1b71' : [ 0x40, {
+    'Read' : [ 0x0, ['__unnamed_1b63']],
+    'Write' : [ 0x0, ['__unnamed_1b65']],
+    'Event' : [ 0x0, ['__unnamed_1b67']],
+    'Notification' : [ 0x0, ['__unnamed_1b69']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1b6b']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1b6f']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x50, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x8, ['__unnamed_1b71']],
+    'Function' : [ 0x48, ['unsigned char']],
+    'Partition' : [ 0x4c, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x28, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x8, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'PostRoutine' : [ 0x18, ['pointer', ['void']]],
+    'Context1' : [ 0x1c, ['pointer', ['void']]],
+    'Context2' : [ 0x20, ['pointer', ['void']]],
+    'Partition' : [ 0x24, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0xc, {
+    'DataSectionObject' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['void']]],
+    'ImageSectionObject' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x18, {
+    'Callback' : [ 0x0, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0x4, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x10, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x8, ['pointer', ['void']]],
+    'VacbLevelsAllocated' : [ 0xc, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x68, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x8, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0xc, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x18, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x40, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x44, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x48, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x50, ['pointer', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x54, ['unsigned long']],
+    'LastLWTimeStamp' : [ 0x58, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x60, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0x88, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x18, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x20, ['long long']],
+    'BitmapRange1' : [ 0x28, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x48, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x68, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x8, ['long long']],
+    'FirstDirtyPage' : [ 0x10, ['unsigned long']],
+    'LastDirtyPage' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'Bitmap' : [ 0x1c, ['pointer', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0xc, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x50, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x20, ['_KTIMER']],
+    'ScanActive' : [ 0x48, ['unsigned char']],
+    'OtherWork' : [ 0x49, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x4a, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x4b, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x4c, ['unsigned char']],
+    'PendingPowerScan' : [ 0x4d, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x4e, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x14, {
+    'Allocate' : [ 0x0, ['unsigned long']],
+    'Free' : [ 0x4, ['unsigned long']],
+    'Commit' : [ 0x8, ['unsigned long']],
+    'Decommit' : [ 0xc, ['unsigned long']],
+    'ExtendContext' : [ 0x10, ['unsigned long']],
+} ],
+  '_SEGMENT_HEAP_EXTRA' : [ 0x8, {
+    'AllocationTag' : [ 0x0, ['unsigned short']],
+    'InterceptorIndex' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UserFlags' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ExtraSizeInUnits' : [ 0x3, ['unsigned char']],
+    'Settable' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x24, {
+    'ExtendedLookup' : [ 0x0, ['pointer', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x4, ['unsigned long']],
+    'ExtraItem' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x10, ['unsigned long']],
+    'BaseIndex' : [ 0x14, ['unsigned long']],
+    'ListHead' : [ 0x18, ['pointer', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'ListHints' : [ 0x20, ['pointer', ['pointer', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x248, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+    'Flags' : [ 0x40, ['unsigned long']],
+    'ForceFlags' : [ 0x44, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x48, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x4c, ['unsigned long']],
+    'Encoding' : [ 0x50, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x58, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x5c, ['unsigned long']],
+    'Signature' : [ 0x60, ['unsigned long']],
+    'SegmentReserve' : [ 0x64, ['unsigned long']],
+    'SegmentCommit' : [ 0x68, ['unsigned long']],
+    'DeCommitFreeBlockThreshold' : [ 0x6c, ['unsigned long']],
+    'DeCommitTotalFreeThreshold' : [ 0x70, ['unsigned long']],
+    'TotalFreeSize' : [ 0x74, ['unsigned long']],
+    'MaximumAllocationSize' : [ 0x78, ['unsigned long']],
+    'ProcessHeapsListIndex' : [ 0x7c, ['unsigned short']],
+    'HeaderValidateLength' : [ 0x7e, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0x80, ['pointer', ['void']]],
+    'NextAvailableTagIndex' : [ 0x84, ['unsigned short']],
+    'MaximumTagIndex' : [ 0x86, ['unsigned short']],
+    'TagEntries' : [ 0x88, ['pointer', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0x8c, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x94, ['unsigned long']],
+    'AlignMask' : [ 0x98, ['unsigned long']],
+    'VirtualAllocdBlocks' : [ 0x9c, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0xa4, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0xac, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0xb0, ['unsigned long']],
+    'BlocksIndex' : [ 0xb4, ['pointer', ['void']]],
+    'UCRIndex' : [ 0xb8, ['pointer', ['void']]],
+    'PseudoTagEntries' : [ 0xbc, ['pointer', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0xc0, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0xc8, ['pointer', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0xcc, ['pointer', ['void']]],
+    'StackTraceInitVar' : [ 0xd0, ['_RTL_RUN_ONCE']],
+    'FrontEndHeap' : [ 0xd4, ['pointer', ['void']]],
+    'FrontHeapLockCount' : [ 0xd8, ['unsigned short']],
+    'FrontEndHeapType' : [ 0xda, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0xdb, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0xdc, ['pointer', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0xe0, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0xe2, ['array', 257, ['unsigned char']]],
+    'Counters' : [ 0x1e4, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x240, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1c20' : [ 0x38, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x38, {
+    'Lock' : [ 0x0, ['__unnamed_1c20']],
+} ],
+  '_HEAP_ENTRY' : [ 0x8, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x40, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x20, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x8, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x10, ['unsigned long']],
+    'ReserveSize' : [ 0x14, ['unsigned long']],
+    'BusyBlock' : [ 0x18, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x10, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+    'FreeList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1c6f' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1c71' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c6f']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1c73' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1c75' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1c73']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1c71']],
+    'u2' : [ 0x4, ['__unnamed_1c75']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x20, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x14, ['pointer', ['void']]],
+    'DestroyProcedure' : [ 0x18, ['pointer', ['void']]],
+    'UsualSize' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_1c92' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1c94' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1c92']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x18, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'u1' : [ 0x8, ['__unnamed_1c94']],
+    'ResourceId' : [ 0x9, ['unsigned char']],
+    'CachedReferences' : [ 0xa, ['short']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Pad' : [ 0x10, ['unsigned long']],
+    'Lock' : [ 0x14, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1ca8' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1caa' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1ca8']],
+} ],
+  '_KALPC_SECTION' : [ 0x28, {
+    'SectionObject' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'HandleTable' : [ 0x8, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0xc, ['pointer', ['void']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x14, ['pointer', ['_ALPC_PORT']]],
+    'u1' : [ 0x18, ['__unnamed_1caa']],
+    'NumberOfRegions' : [ 0x1c, ['unsigned long']],
+    'RegionListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1cb3' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1cb5' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1cb3']],
+} ],
+  '_KALPC_REGION' : [ 0x30, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x8, ['pointer', ['_KALPC_SECTION']]],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ViewSize' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_1cb5']],
+    'NumberOfViews' : [ 0x1c, ['unsigned long']],
+    'ViewListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x28, ['pointer', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x2c, ['pointer', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1cbb' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemSpace' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_1cbd' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1cbb']],
+} ],
+  '_KALPC_VIEW' : [ 0x34, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x8, ['pointer', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'Address' : [ 0x14, ['pointer', ['void']]],
+    'Size' : [ 0x18, ['unsigned long']],
+    'SecureViewHandle' : [ 0x1c, ['pointer', ['void']]],
+    'WriteAccessHandle' : [ 0x20, ['pointer', ['void']]],
+    'u1' : [ 0x24, ['__unnamed_1cbd']],
+    'NumberOfOwnerMessages' : [ 0x28, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x28, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x4, ['pointer', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0xc, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x14, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x24, ['pointer', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1cda' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1cdc' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1cda']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x11c, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x10, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x14, ['pointer', ['void']]],
+    'CompletionPacketLookaside' : [ 0x18, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x1c, ['pointer', ['void']]],
+    'StaticSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x60, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0x74, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0x7c, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0x80, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0x8c, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0x94, ['pointer', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'PortAttributes' : [ 0x98, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0xc4, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0xd0, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0xd4, ['pointer', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0xd8, ['pointer', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0xdc, ['pointer', ['void']]],
+    'CanceledQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0xe8, ['long']],
+    'ReferenceNo' : [ 0xec, ['long']],
+    'ReferenceNoWait' : [ 0xf0, ['pointer', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0xf4, ['__unnamed_1cdc']],
+    'TargetQueuePort' : [ 0xf8, ['pointer', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0xfc, ['pointer', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x100, ['pointer', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x104, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x108, ['unsigned long']],
+    'PendingQueueLength' : [ 0x10c, ['unsigned long']],
+    'DirectQueueLength' : [ 0x110, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x114, ['unsigned long']],
+    'WaitQueueLength' : [ 0x118, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x58, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x10, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x14, ['pointer', ['void']]],
+    'UserLimit' : [ 0x18, ['pointer', ['void']]],
+    'DataUserVa' : [ 0x1c, ['pointer', ['void']]],
+    'SystemVa' : [ 0x20, ['pointer', ['void']]],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'Header' : [ 0x28, ['pointer', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x2c, ['pointer', ['void']]],
+    'ListSize' : [ 0x30, ['unsigned long']],
+    'Bitmap' : [ 0x34, ['pointer', ['void']]],
+    'BitmapSize' : [ 0x38, ['unsigned long']],
+    'Data' : [ 0x3c, ['pointer', ['void']]],
+    'DataSize' : [ 0x40, ['unsigned long']],
+    'BitmapLimit' : [ 0x44, ['unsigned long']],
+    'BitmapNextHint' : [ 0x48, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x4c, ['unsigned long']],
+    'AttributeFlags' : [ 0x50, ['unsigned long']],
+    'AttributeSize' : [ 0x54, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ObjectName' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x10, ['pointer', ['void']]],
+    'SecurityQualityOfService' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0x90, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x10, ['pointer', ['void']]],
+    'Index' : [ 0x14, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x18, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x1c, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x20, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x24, ['unsigned long']],
+    'TypeInfo' : [ 0x28, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0x84, ['unsigned long']],
+    'CallbackList' : [ 0x88, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x14, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1cff' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d01' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1cff']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x98, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'u1' : [ 0x14, ['__unnamed_1d01']],
+    'SequenceNo' : [ 0x18, ['long']],
+    'QuotaProcess' : [ 0x1c, ['pointer', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x1c, ['pointer', ['void']]],
+    'CancelSequencePort' : [ 0x20, ['pointer', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x24, ['pointer', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x28, ['long']],
+    'CancelListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x34, ['pointer', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x38, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0x60, ['pointer', ['void']]],
+    'CommunicationInfo' : [ 0x64, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0x68, ['pointer', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0x6c, ['pointer', ['_ETHREAD']]],
+    'WakeReference' : [ 0x70, ['pointer', ['void']]],
+    'WakeReference2' : [ 0x74, ['pointer', ['void']]],
+    'ExtensionBuffer' : [ 0x78, ['pointer', ['void']]],
+    'ExtensionBufferSize' : [ 0x7c, ['unsigned long']],
+    'PortMessage' : [ 0x80, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x24, {
+    'PortObject' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'Message' : [ 0x4, ['pointer', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'TargetPort' : [ 0x10, ['pointer', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x14, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalLength' : [ 0x1c, ['unsigned short']],
+    'Type' : [ 0x1e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x20, ['unsigned short']],
+    'SignalCompletion' : [ 0x22, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x23, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x4, ['unsigned long']],
+    'ViewBase' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x14, {
+    'OwnerPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x4, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Message' : [ 0xc, ['pointer', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x24, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x28, {
+    'ClientContext' : [ 0x0, ['pointer', ['void']]],
+    'ServerContext' : [ 0x4, ['pointer', ['void']]],
+    'PortContext' : [ 0x8, ['pointer', ['void']]],
+    'CancelPortContext' : [ 0xc, ['pointer', ['void']]],
+    'SecurityData' : [ 0x10, ['pointer', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x14, ['pointer', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x18, ['pointer', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x1c, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x20, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_1d44' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d46' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d44']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x50, {
+    'HandleTable' : [ 0x0, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x4, ['pointer', ['void']]],
+    'OwningProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x10, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x4c, ['__unnamed_1d46']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x4, {
+    'Event' : [ 0x0, ['unsigned long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x8, ['unsigned long']],
+    'KeyContext' : [ 0xc, ['pointer', ['void']]],
+    'ApcContext' : [ 0x10, ['pointer', ['void']]],
+    'IoStatus' : [ 0x14, ['long']],
+    'IoStatusInformation' : [ 0x18, ['unsigned long']],
+    'MiniPacketCallback' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Allocated' : [ 0x24, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x30, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer', ['void']]],
+    'DiskIoAttributionHandle' : [ 0xc, ['unsigned long']],
+    'ActivityId' : [ 0x10, ['_GUID']],
+    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x20, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x20, ['pointer', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x24, ['long long']],
+    'AdapterCryptoParameters' : [ 0x20, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+} ],
+  '_DRIVER_OBJECT' : [ 0xa8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DriverStart' : [ 0xc, ['pointer', ['void']]],
+    'DriverSize' : [ 0x10, ['unsigned long']],
+    'DriverSection' : [ 0x14, ['pointer', ['void']]],
+    'DriverExtension' : [ 0x18, ['pointer', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x1c, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x28, ['pointer', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x2c, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x30, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x34, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x38, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x14, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0xc, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x2c, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x4, ['array', 9, ['pointer', ['void']]]],
+    'FoIoPriorityHint' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0x88, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x8, ['long']],
+    'Information' : [ 0xc, ['unsigned long']],
+    'ParseCheck' : [ 0x10, ['unsigned long']],
+    'RelatedFileObject' : [ 0x14, ['pointer', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x18, ['pointer', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x28, ['unsigned long']],
+    'FileAttributes' : [ 0x2c, ['unsigned short']],
+    'ShareAccess' : [ 0x2e, ['unsigned short']],
+    'EaBuffer' : [ 0x30, ['pointer', ['void']]],
+    'EaLength' : [ 0x34, ['unsigned long']],
+    'Options' : [ 0x38, ['unsigned long']],
+    'Disposition' : [ 0x3c, ['unsigned long']],
+    'BasicInformation' : [ 0x40, ['pointer', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x44, ['pointer', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x48, ['pointer', ['void']]],
+    'CreateFileType' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x50, ['pointer', ['void']]],
+    'Override' : [ 0x54, ['unsigned char']],
+    'QueryOnly' : [ 0x55, ['unsigned char']],
+    'DeleteOnly' : [ 0x56, ['unsigned char']],
+    'FullAttributes' : [ 0x57, ['unsigned char']],
+    'LocalFileObject' : [ 0x58, ['pointer', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x5c, ['unsigned long']],
+    'AccessMode' : [ 0x60, ['unsigned char']],
+    'DriverCreateContext' : [ 0x64, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0x7c, ['unsigned long']],
+    'FilterQuery' : [ 0x80, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1e12' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x110, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1e12']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer', ['wchar']]],
+    'LogFileName' : [ 0x3c, ['pointer', ['wchar']]],
+    'TimeZone' : [ 0x40, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0xf8, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x108, ['unsigned long']],
+    'BuffersLost' : [ 0x10c, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x8, {
+    'QueueTail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStatePendingCompression', 5: u'EtwBufferStateCompressed', 6: u'EtwBufferStatePlaceholder', 7: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer', ['void']]],
+    'Pointer1' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x5a0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 1, ['unsigned long']]],
+    'ErrorMarker' : [ 0x18, ['unsigned long']],
+    'SizeMask' : [ 0x1c, ['unsigned long']],
+    'GetCpuClock' : [ 0x20, ['pointer', ['void']]],
+    'LoggerThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x28, ['long']],
+    'FailureReason' : [ 0x2c, ['unsigned long']],
+    'BufferQueue' : [ 0x30, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x38, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x40, ['_LIST_ENTRY']],
+    'DebugIdTrackingList' : [ 0x48, ['_LIST_ENTRY']],
+    'DecodeControlList' : [ 0x50, ['pointer', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'DecodeControlCount' : [ 0x54, ['unsigned long']],
+    'BatchedBufferList' : [ 0x58, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x58, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x5c, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x64, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x6c, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0x74, ['_UNICODE_STRING']],
+    'ClockType' : [ 0x7c, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0x80, ['unsigned long']],
+    'FlushTimer' : [ 0x84, ['unsigned long']],
+    'FlushThreshold' : [ 0x88, ['unsigned long']],
+    'ByteOffset' : [ 0x90, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0x98, ['unsigned long']],
+    'BuffersAvailable' : [ 0x9c, ['long']],
+    'NumberOfBuffers' : [ 0xa0, ['long']],
+    'MaximumBuffers' : [ 0xa4, ['unsigned long']],
+    'EventsLost' : [ 0xa8, ['unsigned long']],
+    'PeakBuffersCount' : [ 0xac, ['long']],
+    'BuffersWritten' : [ 0xb0, ['unsigned long']],
+    'LogBuffersLost' : [ 0xb4, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xb8, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xbc, ['unsigned long']],
+    'SequencePtr' : [ 0xc0, ['pointer', ['long']]],
+    'LocalSequence' : [ 0xc4, ['unsigned long']],
+    'InstanceGuid' : [ 0xc8, ['_GUID']],
+    'MaximumFileSize' : [ 0xd8, ['unsigned long']],
+    'FileCounter' : [ 0xdc, ['long']],
+    'PoolType' : [ 0xe0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0xe8, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0xf8, ['long']],
+    'ProviderInfoSize' : [ 0xfc, ['unsigned long']],
+    'Consumers' : [ 0x100, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x108, ['unsigned long']],
+    'TransitionConsumer' : [ 0x10c, ['pointer', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x110, ['pointer', ['void']]],
+    'RealtimeLogfileName' : [ 0x114, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x120, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x128, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x130, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x138, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x140, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x148, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x150, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x160, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x164, ['_KEVENT']],
+    'FlushEvent' : [ 0x174, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x188, ['_KTIMER']],
+    'LoggerDpc' : [ 0x1b0, ['_KDPC']],
+    'LoggerMutex' : [ 0x1d0, ['_KMUTANT']],
+    'LoggerLock' : [ 0x1f0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x1f4, ['unsigned long']],
+    'BufferListPushLock' : [ 0x1f4, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x1f8, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x234, ['pointer', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x238, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x240, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x248, ['pointer', ['void']]],
+    'BufferSequenceNumber' : [ 0x250, ['long long']],
+    'Flags' : [ 0x258, ['unsigned long']],
+    'Persistent' : [ 0x258, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x258, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x258, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x258, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x258, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x258, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x258, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x258, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x258, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x258, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x258, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x258, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x258, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x258, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x258, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LastBranchTracing' : [ 0x258, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x258, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x258, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x258, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x25c, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x25c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x25c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x25c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x25c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x25c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x25c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x25c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x25c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x25c, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'StackTraceBlock' : [ 0x260, ['_ETW_STACK_TRACE_BLOCK']],
+    'HookIdMap' : [ 0x4e8, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x4f0, ['pointer', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x4f4, ['pointer', ['_ETW_PMC_SUPPORT']]],
+    'LbrData' : [ 0x4f8, ['pointer', ['_ETW_LBR_SUPPORT']]],
+    'BinaryTrackingList' : [ 0x4fc, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x504, ['pointer', ['pointer', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x508, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x510, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x518, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x520, ['pointer', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x524, ['Enumeration', dict(target = 'long', choices = {0: u'EtwpPeriodicTimerUnset', 1: u'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x528, ['pointer', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x52c, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x530, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x540, ['long']],
+    'CompressionLock' : [ 0x544, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x548, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x54c, ['pointer', ['void']]],
+    'CompressionOn' : [ 0x550, ['long']],
+    'CompressionRatioGuess' : [ 0x554, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x558, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x55c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwCompressionModeRestart', 1: u'EtwCompressionModeNoDisable', 2: u'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x564, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x588, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x590, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x598, ['_LARGE_INTEGER']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x34, {
+    'Source' : [ 0x0, ['array', 8, ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x20, ['unsigned long']],
+    'HookId' : [ 0x24, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x2c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x30, ['array', 1, ['pointer', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LBR_SUPPORT' : [ 0x14, {
+    'LbrHandle' : [ 0x0, ['unsigned long']],
+    'LbrOptions' : [ 0x4, ['unsigned long']],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0xa48, {
+    'SiloGlobals' : [ 0x0, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'MaxLoggers' : [ 0x4, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x8, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x170, ['pointer', ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'EtwpLoggerContext' : [ 0x174, ['pointer', ['pointer', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x178, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0x878, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0x888, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0x88c, ['long']],
+    'EtwpSecurityProviderPID' : [ 0x890, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0x894, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0x8a4, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0x8b8, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0x8c0, ['pointer', ['_ETW_SILO_TRACING_BLOCK']]],
+    'PartitionId' : [ 0x8c4, ['_GUID']],
+    'ParentId' : [ 0x8d4, ['_GUID']],
+    'QpcOffsetFromRoot' : [ 0x8e8, ['_LARGE_INTEGER']],
+    'PartitionType' : [ 0x8f0, ['unsigned long']],
+    'SystemLoggerSettings' : [ 0x8f4, ['_ETW_SYSTEM_LOGGER_SETTINGS']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x18, {
+    'SystemLogonSession' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x4, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x8, ['pointer', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0xc, ['pointer', ['void']]],
+    'UncSystemPaths' : [ 0x10, ['pointer', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x14, ['pointer', ['_CI_NGEN_PATHS']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x2a8, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x34, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x94, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x98, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0x9c, ['pointer', ['void']]],
+    'DynamicPart' : [ 0xa0, ['pointer', ['unsigned long']]],
+    'DefaultDacl' : [ 0xa4, ['pointer', ['_ACL']]],
+    'TokenType' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xb0, ['unsigned long']],
+    'TokenInUse' : [ 0xb4, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xb8, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xbc, ['unsigned long']],
+    'LogonSession' : [ 0xc0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xc4, ['_LUID']],
+    'SidHash' : [ 0xcc, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x154, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x1dc, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x1e0, ['pointer', ['void']]],
+    'Capabilities' : [ 0x1e4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x1e8, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x1ec, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x274, ['pointer', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x278, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x27c, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x280, ['pointer', ['void']]],
+    'TrustLinkedToken' : [ 0x284, ['pointer', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x288, ['pointer', ['void']]],
+    'TokenSidValues' : [ 0x28c, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x290, ['pointer', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x294, ['pointer', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x298, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x29c, ['pointer', ['void']]],
+    'VariablePart' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x6c, {
+    'Next' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x4, ['_LUID']],
+    'BuddyLogonId' : [ 0xc, ['_LUID']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'pDeviceMap' : [ 0x1c, ['pointer', ['_DEVICE_MAP']]],
+    'Token' : [ 0x20, ['pointer', ['void']]],
+    'AccountName' : [ 0x24, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x2c, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x34, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x40, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x44, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x48, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0x58, ['pointer', ['_EJOB']]],
+    'SiblingAuthId' : [ 0x5c, ['_LUID']],
+    'TokenList' : [ 0x64, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x20, {
+    'PointerCount' : [ 0x0, ['long']],
+    'HandleCount' : [ 0x4, ['long']],
+    'NextToFree' : [ 0x4, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0xc, ['unsigned char']],
+    'TraceFlags' : [ 0xd, ['unsigned char']],
+    'DbgRefTrace' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0xe, ['unsigned char']],
+    'Flags' : [ 0xf, ['unsigned char']],
+    'NewObject' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0xf, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0xf, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0xf, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0xf, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectCreateInfo' : [ 0x10, ['pointer', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x10, ['pointer', ['void']]],
+    'SecurityDescriptor' : [ 0x14, ['pointer', ['void']]],
+    'Body' : [ 0x18, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x10, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x8, {
+    'ExclusiveProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x8, {
+    'HandleCountDataBase' : [ 0x0, ['pointer', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x10, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x4, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0xc, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x10, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x8, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0xc, ['unsigned short']],
+    'Reserved1' : [ 0xe, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x8, {
+    'SecurityDescriptor' : [ 0x0, ['pointer', ['void']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x8, {
+    'Footer' : [ 0x0, ['pointer', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x18, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x10, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x8, {
+    'Context1' : [ 0x0, ['pointer', ['void']]],
+    'Context2' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x10, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x8, ['pointer', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0xc, ['unsigned char']],
+    'Padding1' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x18, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'EntryLink' : [ 0x8, ['pointer', ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0xc, ['unsigned long']],
+    'HashIndex' : [ 0x10, ['unsigned short']],
+    'DirectoryLocked' : [ 0x12, ['unsigned char']],
+    'LockedExclusive' : [ 0x13, ['unsigned char']],
+    'LockStateSignature' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0xb0, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x94, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x98, ['pointer', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x9c, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0xa0, ['pointer', ['void']]],
+    'SessionObject' : [ 0xa4, ['pointer', ['void']]],
+    'Flags' : [ 0xa8, ['unsigned long']],
+    'SessionId' : [ 0xac, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x1a4, {
+    'SystemDeviceMap' : [ 0x0, ['pointer', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x4, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x74, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0xc, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x4, ['pointer', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x8, ['pointer', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x418, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x8, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0xc, ['unsigned long']],
+    'ErrorCount' : [ 0x10, ['long']],
+    'RecordCount' : [ 0x14, ['unsigned long']],
+    'RecordLength' : [ 0x18, ['unsigned long']],
+    'PoolTag' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x24, ['pointer', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x28, ['pointer', ['void']]],
+    'SectionCount' : [ 0x2c, ['unsigned long']],
+    'SectionLength' : [ 0x30, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x38, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x40, ['unsigned long']],
+    'TotalErrors' : [ 0x44, ['unsigned long']],
+    'Deferred' : [ 0x48, ['unsigned char']],
+    'Descriptor' : [ 0x49, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xe4, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'ProcessorNumber' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x14, ['long']],
+    'ErrorSource' : [ 0x18, ['pointer', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x1c, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x48, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x20, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0xc, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x10, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x14, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x8, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0xc, ['long']],
+    'HighWaterMark' : [ 0x10, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x18, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x8, ['unsigned long']],
+    'DpcQueueDepth' : [ 0xc, ['long']],
+    'DpcCount' : [ 0x10, ['unsigned long']],
+    'ActiveDpc' : [ 0x14, ['pointer', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_1f90' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x7000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_1f90']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x18, ['unsigned long']],
+    'NonPagablePages' : [ 0x1c, ['unsigned long']],
+    'CommittedPages' : [ 0x20, ['unsigned long']],
+    'PagedPoolStart' : [ 0x24, ['pointer', ['void']]],
+    'PagedPoolEnd' : [ 0x28, ['pointer', ['void']]],
+    'SessionObject' : [ 0x2c, ['pointer', ['void']]],
+    'SessionObjectHandle' : [ 0x30, ['pointer', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x34, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x44, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x48, ['unsigned long']],
+    'AttachCount' : [ 0x4c, ['unsigned long']],
+    'AttachGate' : [ 0x50, ['_KGATE']],
+    'WsListEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'PagedPoolInfo' : [ 0x68, ['_MM_PAGED_POOL_INFO']],
+    'Lookaside' : [ 0xc0, ['array', 24, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xcc0, ['_MMSESSION']],
+    'Vm' : [ 0xd00, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0xdc0, ['_MMWSL_INSTANCE']],
+    'PagedPool' : [ 0xe00, ['_POOL_DESCRIPTOR']],
+    'DriverUnload' : [ 0x1f40, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PageTables' : [ 0x1f48, ['array', 1024, ['_MMPTE']]],
+    'PagedPoolBitBuffer' : [ 0x3f48, ['array', 32, ['unsigned long']]],
+    'SpecialPool' : [ 0x3fc8, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x4008, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x400c, ['long']],
+    'PagedPoolPdeCount' : [ 0x4010, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x4014, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x4018, ['unsigned long']],
+    'SystemPteInfo' : [ 0x401c, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x4054, ['pointer', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x4058, ['unsigned long']],
+    'PoolTrackBigPages' : [ 0x405c, ['pointer', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x4060, ['unsigned long']],
+    'IoState' : [ 0x4064, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x4068, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x406c, ['_KEVENT']],
+    'ServerSilo' : [ 0x407c, ['pointer', ['_EJOB']]],
+    'CreateTime' : [ 0x4080, ['unsigned long long']],
+    'PoolTags' : [ 0x5000, ['array', 8192, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x130, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x12c, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer', ['void']]],
+    'OpenProcedure' : [ 0x34, ['pointer', ['void']]],
+    'CloseProcedure' : [ 0x38, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x3c, ['pointer', ['void']]],
+    'ParseProcedure' : [ 0x40, ['pointer', ['void']]],
+    'ParseProcedureEx' : [ 0x40, ['pointer', ['void']]],
+    'SecurityProcedure' : [ 0x44, ['pointer', ['void']]],
+    'QueryNameProcedure' : [ 0x48, ['pointer', ['void']]],
+    'OkayToCloseProcedure' : [ 0x4c, ['pointer', ['void']]],
+    'WaitObjectFlagMask' : [ 0x50, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x54, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x56, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x30, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0xc, ['unsigned long']],
+    'EntryOffset' : [ 0xc, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0xd, ['unsigned char']],
+    'WaitingBit' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0xe, ['unsigned char']],
+    'AcquiredBit' : [ 0xe, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0xf, ['unsigned char']],
+    'HeadNodeBit' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x10, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x10, ['pointer', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x10, ['unsigned char']],
+    'Reserved' : [ 0x11, ['array', 2, ['unsigned char']]],
+    'InTreeByte' : [ 0x13, ['unsigned char']],
+    'SessionState' : [ 0x14, ['pointer', ['void']]],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'OwnerTree' : [ 0x18, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x20, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x18, ['unsigned char']],
+    'EntryLock' : [ 0x28, ['unsigned long']],
+    'BoostBitmap' : [ 0x2c, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x40, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'TagIndex' : [ 0xc, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xe, ['unsigned short']],
+    'TagName' : [ 0x10, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RfgControlStack' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x5c, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long']],
+    'TotalMemoryCommitted' : [ 0x4, ['unsigned long']],
+    'TotalMemoryLargeUCR' : [ 0x8, ['unsigned long']],
+    'TotalSizeInVirtualBlocks' : [ 0xc, ['unsigned long']],
+    'TotalSegments' : [ 0x10, ['unsigned long']],
+    'TotalUCRs' : [ 0x14, ['unsigned long']],
+    'CommittOps' : [ 0x18, ['unsigned long']],
+    'DeCommitOps' : [ 0x1c, ['unsigned long']],
+    'LockAcquires' : [ 0x20, ['unsigned long']],
+    'LockCollisions' : [ 0x24, ['unsigned long']],
+    'CommitRate' : [ 0x28, ['unsigned long']],
+    'DecommittRate' : [ 0x2c, ['unsigned long']],
+    'CommitFailures' : [ 0x30, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x34, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x38, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x3c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x40, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x44, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x48, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x4c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x50, ['unsigned long']],
+    'HighWatermarkSize' : [ 0x54, ['unsigned long']],
+    'LastPolledSize' : [ 0x58, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0xc, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x18, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'Irp' : [ 0xc, ['pointer', ['_IRP']]],
+    'Device' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x14, ['unsigned char']],
+} ],
+  '__unnamed_1ff7' : [ 0x10, {
+    'CallerCompletion' : [ 0x0, ['pointer', ['void']]],
+    'CallerContext' : [ 0x4, ['pointer', ['void']]],
+    'CallerDevice' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0xc, ['unsigned char']],
+} ],
+  '__unnamed_1ffa' : [ 0x8, {
+    'NotifyDevice' : [ 0x0, ['pointer', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x4, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x18, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x20, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'MinorFunction' : [ 0x68, ['unsigned char']],
+    'PowerStateType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0x70, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0x74, ['unsigned char']],
+    'FxDevice' : [ 0x78, ['pointer', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0x7c, ['unsigned char']],
+    'NotifyPEP' : [ 0x7d, ['unsigned char']],
+    'Device' : [ 0x80, ['__unnamed_1ff7']],
+    'System' : [ 0x80, ['__unnamed_1ffa']],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CLIENT_ID' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['pointer', ['void']]],
+    'UniqueThread' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x30, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedBytes' : [ 0x4, ['unsigned long']],
+    'NonPagedAllocs' : [ 0x8, ['unsigned long long']],
+    'NonPagedFrees' : [ 0x10, ['unsigned long long']],
+    'PagedBytes' : [ 0x18, ['unsigned long']],
+    'PagedAllocs' : [ 0x20, ['unsigned long long']],
+    'PagedFrees' : [ 0x28, ['unsigned long long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGK_SILOSTATE' : [ 0x10, {
+    'ErrorPortLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ErrorPort' : [ 0x4, ['pointer', ['_DBGKP_ERROR_PORT']]],
+    'ErrorProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ErrorPortRegisteredEvent' : [ 0xc, ['pointer', ['_KEVENT']]],
+} ],
+  '_STACK_TABLE' : [ 0x8040, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x4, ['array', 16, ['pointer', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x44, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x150, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0x54, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x60, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x64, ['pointer', ['void']]],
+    'IdleExecute' : [ 0x68, ['pointer', ['void']]],
+    'IdlePreselect' : [ 0x6c, ['pointer', ['void']]],
+    'IdleTest' : [ 0x70, ['pointer', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x74, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x78, ['pointer', ['void']]],
+    'IdleCancel' : [ 0x7c, ['pointer', ['void']]],
+    'IdleIsHalted' : [ 0x80, ['pointer', ['void']]],
+    'IdleInitiateWake' : [ 0x84, ['pointer', ['void']]],
+    'PrepareInfo' : [ 0x88, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0xd8, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0xe4, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0xe8, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0xec, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0xf4, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0xfc, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x10c, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x1c, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_2051' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_2051']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0x80, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer', ['void']]],
+    'ThreadOwner' : [ 0xc, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x20, ['array', 8, ['pointer', ['void']]]],
+    'LastAcquireTrace' : [ 0x40, ['array', 8, ['pointer', ['void']]]],
+    'LastReleaseTrace' : [ 0x60, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x9c, {
+    'ProcessCid' : [ 0x0, ['pointer', ['void']]],
+    'ThreadCid' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x18, ['unsigned long']],
+    'CreateTrace' : [ 0x1c, ['array', 30, ['unsigned long']]],
+    'Count' : [ 0x94, ['long']],
+    'CaptureCount' : [ 0x98, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0xa0, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x20, ['array', 128, ['unsigned char']]],
+} ],
+  '_VF_BTS_DATA_MANAGEMENT_AREA' : [ 0x34, {
+    'BTSBufferBase' : [ 0x0, ['pointer', ['void']]],
+    'BTSIndex' : [ 0x4, ['pointer', ['void']]],
+    'BTSMax' : [ 0x8, ['pointer', ['void']]],
+    'BTSInterruptThreshold' : [ 0xc, ['pointer', ['void']]],
+    'PEBSBufferBase' : [ 0x10, ['pointer', ['void']]],
+    'PEBSIndex' : [ 0x14, ['pointer', ['void']]],
+    'PEBSMax' : [ 0x18, ['pointer', ['void']]],
+    'PEBSInterruptThreshold' : [ 0x1c, ['pointer', ['void']]],
+    'PEBSCounterReset' : [ 0x20, ['array', 2, ['pointer', ['void']]]],
+    'Reserved' : [ 0x28, ['array', 12, ['unsigned char']]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ShortThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x180, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x40, ['pointer', ['_KDPC']]],
+    'ChildList' : [ 0x44, ['_LIST_ENTRY']],
+    'Parent' : [ 0x4c, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x8, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x4, ['pointer', ['pointer', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x130, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x8, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0xc, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x10, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x98, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x120, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x124, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x128, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x12c, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x4, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x8, ['pointer', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x14, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'LockMdlSwitchedTree' : [ 0x4, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Valid' : [ 0x10, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x24, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'EntryDescriptor' : [ 0x10, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x1c, ['unsigned long']],
+    'Handles' : [ 0x20, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0xc, {
+    'IdealMask' : [ 0x0, ['unsigned long']],
+    'PreferredMask' : [ 0x4, ['unsigned long']],
+    'AvailableMask' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_NAME_HASH' : [ 0xc, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'Name' : [ 0xa, ['array', 1, ['wchar']]],
+} ],
+  '_MMSESSION' : [ 0x14, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x4, ['pointer', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0xc, ['unsigned long']],
+    'BitmapFailures' : [ 0x10, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x14, {
+    'CompletionRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'RequestorMode' : [ 0xc, ['unsigned char']],
+    'NestingLevel' : [ 0x10, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0xc, {
+    'DirtyPages' : [ 0x0, ['unsigned long']],
+    'DirtyPagesLastScan' : [ 0x4, ['unsigned long']],
+    'DirtyPagesScheduledLastScan' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x8, {
+    'Sid' : [ 0x0, ['pointer', ['void']]],
+    'Attributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_MAP' : [ 0x38, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x4, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x8, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'DriveMap' : [ 0x10, ['unsigned long']],
+    'DriveType' : [ 0x14, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x34, ['pointer', ['_EJOB']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0xc, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x4, ['pointer', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x8, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x10, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0xc, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x10, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x4, ['unsigned long']],
+    'Run' : [ 0x8, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0xc, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x4, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x14, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer', ['void']]],
+    'OverQuotaHistory' : [ 0x4, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x8, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x8, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x4, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x30, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x4, ['unsigned long']],
+    'SenderPort' : [ 0x8, ['pointer', ['void']]],
+    'RepliedToThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'PortContext' : [ 0x10, ['pointer', ['void']]],
+    'Request' : [ 0x18, ['_PORT_MESSAGE']],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x20, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0xc, ['unsigned long']],
+    'CollectMultiple' : [ 0x10, ['unsigned char']],
+    'Buffer' : [ 0x14, ['pointer', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x1c, {
+    'ObjectHeader' : [ 0x0, ['pointer', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x18, ['unsigned short']],
+    'MaxStacks' : [ 0x1a, ['unsigned short']],
+    'StackInfo' : [ 0x1c, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '__unnamed_20f8' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x58, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_20f8']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'WritesOutstanding' : [ 0x1c, ['unsigned long']],
+    'EvictFlushLock' : [ 0x20, ['long']],
+    'EvictionThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x28, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x38, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x40, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x50, ['pointer', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x54, ['pointer', ['_EPROCESS']]],
+} ],
+  '_PS_PROPERTY_SET' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['unsigned long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x19c, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_VF_BTS_RECORD' : [ 0xc, {
+    'JumpedFrom' : [ 0x0, ['pointer', ['void']]],
+    'JumpedTo' : [ 0x4, ['pointer', ['void']]],
+    'Unused1' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Predicted' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Unused2' : [ 0x8, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x2c, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long']],
+    'MemoryBandwidth' : [ 0x14, ['unsigned long']],
+    'MaxPoolUsage' : [ 0x18, ['unsigned long']],
+    'MaxSectionSize' : [ 0x1c, ['unsigned long']],
+    'MaxViewSize' : [ 0x20, ['unsigned long']],
+    'MaxTotalSectionSize' : [ 0x24, ['unsigned long']],
+    'DupObjectTypes' : [ 0x28, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x44, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['long']],
+    'Dpc' : [ 0x10, ['_KDPC']],
+    'WorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0xc, ['pointer', ['void']]],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x4, {
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXHANDLE' : [ 0x4, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Group' : [ 0x8, ['pointer', ['void']]],
+    'Sacl' : [ 0xc, ['pointer', ['_ACL']]],
+    'Dacl' : [ 0x10, ['pointer', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x4c, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x4, ['_KMUTANT']],
+    'Lock' : [ 0x24, ['_FAST_MUTEX']],
+    'List' : [ 0x44, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x8, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x10, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x1c, ['unsigned char']],
+    'DeviceObject' : [ 0x20, ['pointer', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x24, ['pointer', ['wchar']]],
+    'DriverName' : [ 0x28, ['pointer', ['wchar']]],
+    'ChildCount' : [ 0x2c, ['unsigned long']],
+    'ActiveChild' : [ 0x30, ['unsigned long']],
+    'ParentCount' : [ 0x34, ['unsigned long']],
+    'ActiveParent' : [ 0x38, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x19c, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x4, ['pointer', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x8, ['pointer', ['_HMAP_TABLE']]],
+    'Guard' : [ 0xc, ['unsigned long']],
+    'FreeDisplay' : [ 0x10, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x190, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x198, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+    'SecureInfo' : [ 0x4, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x4, ['_RTL_BITMAP']],
+    'InPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x4, ['_MI_LARGEPAGE_IMAGE_INFO']],
+    'CreatingThread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'PebTebRfg' : [ 0x4, ['_MI_SUB64K_FREE_RANGES']],
+    'RfgProtectedStack' : [ 0x4, ['_MI_RFG_PROTECTED_STACK']],
+    'WaitReason' : [ 0x24, ['unsigned long']],
+} ],
+  '__unnamed_2149' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_214c' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_214e' : [ 0x4, {
+    'AlignmentNoAccessPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SUBSECTION' : [ 0x28, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0xc, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0xc, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0xc, ['pointer', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x10, ['__unnamed_2149']],
+    'StartingSector' : [ 0x14, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x18, ['unsigned long']],
+    'PtesInSubsection' : [ 0x1c, ['unsigned long']],
+    'u1' : [ 0x20, ['__unnamed_214c']],
+    'UnusedPtes' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x24, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u2' : [ 0x24, ['__unnamed_214e']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x4, ['unsigned long']],
+    'RequestPacket' : [ 0x8, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x18, ['pointer', ['long']]],
+    'NodeTargetCount' : [ 0x1c, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x4, ['_LIST_ENTRY']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0xc, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x4, ['pointer', ['void']]],
+    'DataLength' : [ 0x8, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x38, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'Reserved3' : [ 0x10, ['array', 4, ['pointer', ['void']]]],
+    'Reserved4' : [ 0x20, ['array', 4, ['unsigned long']]],
+    'Reserved6' : [ 0x30, ['array', 2, ['pointer', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x8, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x18, {
+    'AllocAddress' : [ 0x0, ['unsigned long']],
+    'AllocTag' : [ 0x4, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x8, ['unsigned long']],
+    'ReAllocTag' : [ 0xc, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x10, ['unsigned long']],
+    'FreeTag' : [ 0x14, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x30, {
+    'LsaProcessHandle' : [ 0x0, ['pointer', ['void']]],
+    'LsaCommandPortHandle' : [ 0x4, ['pointer', ['void']]],
+    'SepRmThreadHandle' : [ 0x8, ['pointer', ['void']]],
+    'RmCommandPortHandle' : [ 0xc, ['pointer', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x10, ['pointer', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x14, ['pointer', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x20, ['pointer', ['void']]],
+    'RmViewPortMemory' : [ 0x24, ['pointer', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x28, ['long']],
+    'LsaCommandPortActive' : [ 0x2c, ['unsigned char']],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x18, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x8, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0xc, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x58, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x10, ['pointer', ['void']]],
+    'Tm' : [ 0x14, ['pointer', ['void']]],
+    'RmHandle' : [ 0x18, ['pointer', ['void']]],
+    'KtmRm' : [ 0x1c, ['pointer', ['void']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'ContainerNum' : [ 0x24, ['unsigned long']],
+    'ContainerSize' : [ 0x28, ['unsigned long long']],
+    'CmHive' : [ 0x30, ['pointer', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x34, ['pointer', ['void']]],
+    'MarshallingContext' : [ 0x38, ['pointer', ['void']]],
+    'RmFlags' : [ 0x3c, ['unsigned long']],
+    'LogStartStatus1' : [ 0x40, ['long']],
+    'LogStartStatus2' : [ 0x44, ['long']],
+    'BaseLsn' : [ 0x48, ['unsigned long long']],
+    'RmLock' : [ 0x50, ['pointer', ['_ERESOURCE']]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x1c, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x4, ['_RTL_BITMAP']],
+    'FirstPteForPagedPool' : [ 0xc, ['pointer', ['_MMPTE']]],
+    'MaximumSize' : [ 0x10, ['unsigned long']],
+    'PagedPoolHint' : [ 0x14, ['unsigned long']],
+    'AllocatedPagedPool' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x44, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xc, ['_UNICODE_STRING']],
+    'Latency' : [ 0x14, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x18, ['unsigned long']],
+    'Power' : [ 0x1c, ['unsigned long']],
+    'StateFlags' : [ 0x20, ['unsigned long']],
+    'VetoAccounting' : [ 0x24, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0x3c, ['unsigned char']],
+    'InterruptsEnabled' : [ 0x3d, ['unsigned char']],
+    'Interruptible' : [ 0x3e, ['unsigned char']],
+    'ContextRetained' : [ 0x3f, ['unsigned char']],
+    'CacheCoherent' : [ 0x40, ['unsigned char']],
+    'WakesSpuriously' : [ 0x41, ['unsigned char']],
+    'PlatformOnly' : [ 0x42, ['unsigned char']],
+    'NoCState' : [ 0x43, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['unsigned long']],
+    'RealKcb' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_2186' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2188' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_2186']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0xb0, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x4, ['pointer', ['void']]],
+    'EtwHandlesListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_2188']],
+    'Signature' : [ 0x14, ['unsigned long']],
+    'PoolPageHeaders' : [ 0x18, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x20, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x28, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x2c, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x30, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x34, ['unsigned long']],
+    'PagedBytes' : [ 0x38, ['unsigned long']],
+    'NonPagedBytes' : [ 0x3c, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x40, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x44, ['unsigned long']],
+    'RaiseIrqls' : [ 0x48, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x4c, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x50, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x54, ['unsigned long']],
+    'AllocationsFailed' : [ 0x58, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x5c, ['unsigned long']],
+    'LockedBytes' : [ 0x60, ['unsigned long']],
+    'PeakLockedBytes' : [ 0x64, ['unsigned long']],
+    'MappedLockedBytes' : [ 0x68, ['unsigned long']],
+    'PeakMappedLockedBytes' : [ 0x6c, ['unsigned long']],
+    'MappedIoSpaceBytes' : [ 0x70, ['unsigned long']],
+    'PeakMappedIoSpaceBytes' : [ 0x74, ['unsigned long']],
+    'PagesForMdlBytes' : [ 0x78, ['unsigned long']],
+    'PeakPagesForMdlBytes' : [ 0x7c, ['unsigned long']],
+    'ContiguousMemoryBytes' : [ 0x80, ['unsigned long']],
+    'PeakContiguousMemoryBytes' : [ 0x84, ['unsigned long']],
+    'ContiguousMemoryListHead' : [ 0x88, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0xa4, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xa8, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Luid' : [ 0x10, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x18, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x20, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0xc, {
+    'DynamicRelocations' : [ 0x0, ['pointer', ['void']]],
+    'SecurityContext' : [ 0x4, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x8, ['unsigned long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderEnclaveMemory', 34: u'LoaderFirmwareKsr', 35: u'LoaderEnclaveKsr', 36: u'LoaderMaximum'})]],
+    'BasePage' : [ 0xc, ['unsigned long']],
+    'PageCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x30, {
+    'ScopeMap' : [ 0x0, ['pointer', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x4, ['pointer', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x8, ['pointer', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x10, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x18, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x20, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x28, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x8, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_DELAY_ACK_FO' : [ 0xc, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x8, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x4, ['pointer', ['_HHIVE']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x10, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Processor' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Instrumented' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x10, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x28, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long']],
+    'DirtyPageThresholdTop' : [ 0x4, ['unsigned long']],
+    'DirtyPageThresholdBottom' : [ 0x8, ['unsigned long']],
+    'DirtyPageTarget' : [ 0xc, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x10, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x18, ['unsigned long long']],
+    'AvailableHistory' : [ 0x20, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x50, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0xc, ['pointer', ['_MDL']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Who' : [ 0x20, ['unsigned long']],
+    'Hash' : [ 0x24, ['unsigned long']],
+    'Page' : [ 0x28, ['unsigned long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'Process' : [ 0x4c, ['pointer', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x2cc, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+    'Dr0' : [ 0x4, ['unsigned long']],
+    'Dr1' : [ 0x8, ['unsigned long']],
+    'Dr2' : [ 0xc, ['unsigned long']],
+    'Dr3' : [ 0x10, ['unsigned long']],
+    'Dr6' : [ 0x14, ['unsigned long']],
+    'Dr7' : [ 0x18, ['unsigned long']],
+    'FloatSave' : [ 0x1c, ['_FLOATING_SAVE_AREA']],
+    'SegGs' : [ 0x8c, ['unsigned long']],
+    'SegFs' : [ 0x90, ['unsigned long']],
+    'SegEs' : [ 0x94, ['unsigned long']],
+    'SegDs' : [ 0x98, ['unsigned long']],
+    'Edi' : [ 0x9c, ['unsigned long']],
+    'Esi' : [ 0xa0, ['unsigned long']],
+    'Ebx' : [ 0xa4, ['unsigned long']],
+    'Edx' : [ 0xa8, ['unsigned long']],
+    'Ecx' : [ 0xac, ['unsigned long']],
+    'Eax' : [ 0xb0, ['unsigned long']],
+    'Ebp' : [ 0xb4, ['unsigned long']],
+    'Eip' : [ 0xb8, ['unsigned long']],
+    'SegCs' : [ 0xbc, ['unsigned long']],
+    'EFlags' : [ 0xc0, ['unsigned long']],
+    'Esp' : [ 0xc4, ['unsigned long']],
+    'SegSs' : [ 0xc8, ['unsigned long']],
+    'ExtendedRegisters' : [ 0xcc, ['array', 512, ['unsigned char']]],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0x80, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0xc, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x2c, ['unsigned long']],
+    'TraceDb' : [ 0x30, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x10, {
+    'Handles' : [ 0x0, ['pointer', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x10, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '__unnamed_21d8' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_21da' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_21d8']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_21da']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long']],
+    'NumberOfProcessReferences' : [ 0x4, ['unsigned long']],
+    'ClonePtes' : [ 0x8, ['pointer', ['_MMCLONE_BLOCK']]],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x3bc0, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x500, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x640, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x6ac, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x16e8, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x1748, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1840, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x2d40, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0x2d58, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0x2d60, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x2d98, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x2de0, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x2ec0, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x2f40, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x2fd0, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x3040, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x31c0, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x3200, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x3238, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x3280, ['_MI_SYSTEM_TRIM_STATE']],
+    'Cookie' : [ 0x32c0, ['unsigned long']],
+    'BootRegistryRuns' : [ 0x32c4, ['pointer', ['pointer', ['void']]]],
+    'ZeroingDisabled' : [ 0x32c8, ['long']],
+    'FullyInitialized' : [ 0x32cc, ['unsigned char']],
+    'SafeBooted' : [ 0x32cd, ['unsigned char']],
+    'PfnBitMap' : [ 0x32d0, ['_RTL_BITMAP']],
+    'TraceLogging' : [ 0x32d8, ['pointer', ['_TlgProvider_t']]],
+    'Vs' : [ 0x3300, ['_MI_VISIBLE_STATE']],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x40, {
+    'ProcessorBuffers' : [ 0x0, ['pointer', ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x4, ['pointer', ['unsigned long long']]],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0xc40, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long']],
+    'HighestPhysicalPage' : [ 0x4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x8, ['unsigned long']],
+    'NumberOfPagingFiles' : [ 0xc, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x10, ['unsigned char']],
+    'PagingFile' : [ 0x14, ['array', 16, ['pointer', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0x80, ['unsigned long']],
+    'ResidentAvailablePages' : [ 0xc0, ['unsigned long']],
+    'PartitionWs' : [ 0x100, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x168, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x180, ['unsigned long']],
+    'ModifiedPageListHead' : [ 0x1c0, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x200, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x214, ['unsigned long']],
+    'TotalPagesForPagingFile' : [ 0x218, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x21c, ['unsigned long']],
+    'ProcessLockedFilePages' : [ 0x220, ['unsigned long']],
+    'SharedCommit' : [ 0x224, ['unsigned long']],
+    'ChargeCommitmentFailures' : [ 0x228, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x238, ['long']],
+    'PageFileTraces' : [ 0x240, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x10, ['_KEVENT']],
+} ],
+  '_ETW_DECODE_CONTROL_ENTRY' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'Decode' : [ 0x4, ['_GUID']],
+    'Control' : [ 0x14, ['_GUID']],
+    'ConsumersNotified' : [ 0x24, ['unsigned char']],
+} ],
+  '__unnamed_2212' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2214' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2212']],
+} ],
+  '__unnamed_2216' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_2214']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2216']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x1000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_221e' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_221e']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x8, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_LARGEPAGE_IMAGE_INFO' : [ 0x8, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_222b' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x18, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long']],
+    'NodeCount' : [ 0x4, ['unsigned long']],
+    'Tables' : [ 0x8, ['pointer', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0xc, ['unsigned long']],
+    'UseSessionId' : [ 0x10, ['unsigned char']],
+    'u1' : [ 0x14, ['__unnamed_222b']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x10, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x4, ['pointer', ['void']]],
+    'AcquireForReadAhead' : [ 0x8, ['pointer', ['void']]],
+    'ReleaseFromReadAhead' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x8c, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0x68, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x60, {
+    'SystemDllBase' : [ 0x0, ['pointer', ['void']]],
+    'ColorSeed' : [ 0x4, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0x8, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x20, ['pointer', ['_MMPTE']]],
+    'VadSecureCookie' : [ 0x24, ['unsigned long']],
+    'FreePaeEntries' : [ 0x28, ['unsigned long']],
+    'FirstFreePae' : [ 0x30, ['_PAE_ENTRY']],
+    'AllocatedPaePages' : [ 0x50, ['long']],
+    'PaeLock' : [ 0x54, ['unsigned long']],
+    'PaeEntrySList' : [ 0x58, ['_SLIST_HEADER']],
+} ],
+  '_KIDTENTRY' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'Access' : [ 0x4, ['unsigned short']],
+    'ExtendedOffset' : [ 0x6, ['unsigned short']],
+} ],
+  '_IO_TIMER' : [ 0x18, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x4, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x8, {
+    'ExceptionRecord' : [ 0x0, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x4, ['pointer', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long']],
+    'PipelinedReadAheadRequestSize' : [ 0x54, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x58, ['unsigned long']],
+    'PrivateLinks' : [ 0x5c, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x168, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x8, ['long']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'RegListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x24, ['pointer', ['void']]],
+    'LastEnable' : [ 0x28, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x28, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x38, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x58, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x158, ['pointer', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x15c, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x164, ['pointer', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0xa8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x4, ['pointer', ['_KEVENT']]],
+    'Name' : [ 0x8, ['pointer', ['wchar']]],
+    'OrderingName' : [ 0xc, ['pointer', ['wchar']]],
+    'ResourceType' : [ 0x10, ['long']],
+    'Allocation' : [ 0x14, ['pointer', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x18, ['pointer', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x1c, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x24, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x2c, ['long']],
+    'Interface' : [ 0x30, ['pointer', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x34, ['unsigned long']],
+    'AllocationStack' : [ 0x38, ['pointer', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x3c, ['pointer', ['void']]],
+    'PackResource' : [ 0x40, ['pointer', ['void']]],
+    'UnpackResource' : [ 0x44, ['pointer', ['void']]],
+    'ScoreRequirement' : [ 0x48, ['pointer', ['void']]],
+    'TestAllocation' : [ 0x4c, ['pointer', ['void']]],
+    'RetestAllocation' : [ 0x50, ['pointer', ['void']]],
+    'CommitAllocation' : [ 0x54, ['pointer', ['void']]],
+    'RollbackAllocation' : [ 0x58, ['pointer', ['void']]],
+    'BootAllocation' : [ 0x5c, ['pointer', ['void']]],
+    'QueryArbitrate' : [ 0x60, ['pointer', ['void']]],
+    'QueryConflict' : [ 0x64, ['pointer', ['void']]],
+    'AddReserved' : [ 0x68, ['pointer', ['void']]],
+    'StartArbiter' : [ 0x6c, ['pointer', ['void']]],
+    'PreprocessEntry' : [ 0x70, ['pointer', ['void']]],
+    'AllocateEntry' : [ 0x74, ['pointer', ['void']]],
+    'GetNextAllocationRange' : [ 0x78, ['pointer', ['void']]],
+    'FindSuitableRange' : [ 0x7c, ['pointer', ['void']]],
+    'AddAllocation' : [ 0x80, ['pointer', ['void']]],
+    'BacktrackAllocation' : [ 0x84, ['pointer', ['void']]],
+    'OverrideConflict' : [ 0x88, ['pointer', ['void']]],
+    'InitializeRangeList' : [ 0x8c, ['pointer', ['void']]],
+    'TransactionInProgress' : [ 0x90, ['unsigned char']],
+    'TransactionEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'Extension' : [ 0x98, ['pointer', ['void']]],
+    'BusDeviceObject' : [ 0x9c, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0xa0, ['pointer', ['void']]],
+    'ConflictCallback' : [ 0xa4, ['pointer', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x3c, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0xc, ['pointer', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x10, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x11, ['unsigned char']],
+    'ServerIsRemote' : [ 0x12, ['unsigned char']],
+    'ClientTokenControl' : [ 0x14, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x40, {
+    'Address' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0xc, ['array', 13, ['pointer', ['void']]]],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0x6c, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x8, ['_KMUTANT']],
+    'FixupLock' : [ 0x28, ['long']],
+    'FirstLoadEver' : [ 0x2c, ['unsigned char']],
+    'LargePageAll' : [ 0x2d, ['unsigned char']],
+    'LastPage' : [ 0x30, ['unsigned long']],
+    'LargePageList' : [ 0x34, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x3c, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x44, ['pointer', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x4c, ['array', 2, ['pointer', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x54, ['unsigned long']],
+    'PageCounts' : [ 0x58, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x24, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x44, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x18, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x1c, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x20, ['pointer', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Lock' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x2c, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x30, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x31, ['unsigned char']],
+    'LightestSleepState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x38, ['pointer', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x3c, ['unsigned char']],
+    'DeleteType' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x18, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x4, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0xc, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x28, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x8, ['unsigned long']],
+    'SyncCallback' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'DeviceContext' : [ 0x14, ['pointer', ['void']]],
+    'NumberOfMapRegisters' : [ 0x18, ['unsigned long']],
+    'DeviceObject' : [ 0x1c, ['pointer', ['void']]],
+    'CurrentIrp' : [ 0x20, ['pointer', ['void']]],
+    'BufferChainingDpc' : [ 0x24, ['pointer', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x4, {
+    'Head' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'ActiveCount' : [ 0x8, ['unsigned long']],
+    'PendingNullCount' : [ 0xc, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x10, ['unsigned long']],
+    'PendingDelete' : [ 0x14, ['unsigned long']],
+    'FreeListHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x1c, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x20, ['pointer', ['void']]],
+    'Entry' : [ 0x24, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x80, {
+    'DriverInit' : [ 0x0, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x4, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x8, ['pointer', ['void']]],
+    'AddDevice' : [ 0xc, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x10, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x38, {
+    'PartitionLock' : [ 0x0, ['unsigned long']],
+    'PartitionIdLock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x8, ['unsigned long long']],
+    'PartitionList' : [ 0x10, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x18, ['pointer', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x1c, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x24, ['array', 1, ['pointer', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x28, ['pointer', ['pointer', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x2c, ['unsigned long']],
+    'CrossPartitionDenials' : [ 0x30, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x34, ['unsigned char']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x2e8, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+    'State' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+    'Removing' : [ 0x22, ['unsigned char']],
+    'Mode' : [ 0x23, ['unsigned char']],
+    'PendingMode' : [ 0x24, ['unsigned char']],
+    'ActivePoint' : [ 0x25, ['unsigned char']],
+    'PendingActivePoint' : [ 0x26, ['unsigned char']],
+    'Critical' : [ 0x27, ['unsigned char']],
+    'ThermalStandby' : [ 0x28, ['unsigned char']],
+    'OverThrottled' : [ 0x29, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x2c, ['long']],
+    'Throttle' : [ 0x30, ['long']],
+    'PendingThrottle' : [ 0x34, ['long']],
+    'ThrottleReasons' : [ 0x38, ['unsigned long']],
+    'LastPassiveTime' : [ 0x40, ['unsigned long long']],
+    'SampleRate' : [ 0x48, ['unsigned long']],
+    'LastTemp' : [ 0x4c, ['unsigned long']],
+    'Info' : [ 0x50, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xac, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xc4, ['unsigned char']],
+    'PollingRate' : [ 0xc8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xd0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xd8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0xe0, ['unsigned long long']],
+    'WorkItem' : [ 0xe8, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0xf8, ['_KTIMER2']],
+    'Lock' : [ 0x150, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x158, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x168, ['_KEVENT']],
+    'InstanceId' : [ 0x178, ['unsigned long']],
+    'TelemetryTracker' : [ 0x180, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x2e0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'BusExtension' : [ 0x4, ['pointer', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_DEVICE_OBJECT_LIST_ENTRY' : [ 0x10, {
+    'DeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'RELATION_LEVEL_REMOVE_EJECT', 1: u'RELATION_LEVEL_DEPENDENT', 2: u'RELATION_LEVEL_DIRECT_DESCENDANT'})]],
+    'Ordinal' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x10, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'SidCount' : [ 0x8, ['unsigned long']],
+    'SidValuesStart' : [ 0xc, ['unsigned long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'DontUse0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'PointerProtoPte' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x10, {
+    'RunRefs' : [ 0x0, ['pointer', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x4, ['pointer', ['void']]],
+    'RunRefSize' : [ 0x8, ['unsigned long']],
+    'Number' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x4, {
+    'Function' : [ 0x0, ['pointer', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2320' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_2322' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_2320']],
+    'Private' : [ 0x0, ['__unnamed_2322']],
+} ],
+  '_CM_TRANS_PTR' : [ 0x4, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'TransPtr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x10, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x8, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0xc, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0x70, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x4, ['pointer', ['void']]],
+    'FastIoRead' : [ 0x8, ['pointer', ['void']]],
+    'FastIoWrite' : [ 0xc, ['pointer', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x10, ['pointer', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x14, ['pointer', ['void']]],
+    'FastIoLock' : [ 0x18, ['pointer', ['void']]],
+    'FastIoUnlockSingle' : [ 0x1c, ['pointer', ['void']]],
+    'FastIoUnlockAll' : [ 0x20, ['pointer', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x24, ['pointer', ['void']]],
+    'FastIoDeviceControl' : [ 0x28, ['pointer', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x2c, ['pointer', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x30, ['pointer', ['void']]],
+    'FastIoDetachDevice' : [ 0x34, ['pointer', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x38, ['pointer', ['void']]],
+    'AcquireForModWrite' : [ 0x3c, ['pointer', ['void']]],
+    'MdlRead' : [ 0x40, ['pointer', ['void']]],
+    'MdlReadComplete' : [ 0x44, ['pointer', ['void']]],
+    'PrepareMdlWrite' : [ 0x48, ['pointer', ['void']]],
+    'MdlWriteComplete' : [ 0x4c, ['pointer', ['void']]],
+    'FastIoReadCompressed' : [ 0x50, ['pointer', ['void']]],
+    'FastIoWriteCompressed' : [ 0x54, ['pointer', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0x58, ['pointer', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0x5c, ['pointer', ['void']]],
+    'FastIoQueryOpen' : [ 0x60, ['pointer', ['void']]],
+    'ReleaseForModWrite' : [ 0x64, ['pointer', ['void']]],
+    'AcquireForCcFlush' : [ 0x68, ['pointer', ['void']]],
+    'ReleaseForCcFlush' : [ 0x6c, ['pointer', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x1c, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x8, ['unsigned long']],
+    'VolumeKey' : [ 0xc, ['unsigned long']],
+    'Rundown' : [ 0x10, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x14, ['pointer', ['void']]],
+    'VolumeIoAttribution' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x8, {
+    'Port' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x8, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'Flags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0x6, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x4, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x4, ['unsigned long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x44, ['unsigned long']],
+    'BigPagesAllocated' : [ 0x48, ['unsigned long']],
+    'BytesAllocated' : [ 0x4c, ['unsigned long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x84, ['unsigned long']],
+    'BigPagesDeallocated' : [ 0x88, ['unsigned long']],
+    'BytesDeallocated' : [ 0x8c, ['unsigned long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+    'PoolTypeCopy' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'ThreadsProcessingDeferrals' : [ 0x104, ['long']],
+    'PendingFreeDepth' : [ 0x108, ['long']],
+    'ListHeads' : [ 0x140, ['array', 512, ['_LIST_ENTRY']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER' : [ 0xe0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'ImageBase' : [ 0x1c, ['unsigned long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long']],
+    'SizeOfStackCommit' : [ 0x4c, ['unsigned long']],
+    'SizeOfHeapReserve' : [ 0x50, ['unsigned long']],
+    'SizeOfHeapCommit' : [ 0x54, ['unsigned long']],
+    'LoaderFlags' : [ 0x58, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x5c, ['unsigned long']],
+    'DataDirectory' : [ 0x60, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x4, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x8, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x14, ['unsigned long']],
+    'PagingCount' : [ 0x18, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x1c, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2395' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2397' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x10, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0xc, ['__unnamed_2395']],
+    'Button' : [ 0xc, ['__unnamed_2397']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0xc, ['pointer', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x14, ['unsigned long']],
+    'Buckets' : [ 0x18, ['array', 1, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x58, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x10, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x28, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x38, ['long long']],
+    'Callback' : [ 0x40, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x44, ['pointer', ['void']]],
+    'DisableCallback' : [ 0x48, ['pointer', ['void']]],
+    'DisableContext' : [ 0x4c, ['pointer', ['void']]],
+    'AbsoluteSystemTime' : [ 0x50, ['unsigned char']],
+    'TypeFlags' : [ 0x51, ['unsigned char']],
+    'Unused' : [ 0x51, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x51, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x51, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x51, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x51, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x52, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x103c, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'DetachTimeStamp' : [ 0x14, ['unsigned long']],
+    'CodePageEdited' : [ 0x18, ['unsigned char']],
+    'DynamicPoolBitBuffer' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'VaReferenceCount' : [ 0x20, ['array', 1024, ['long']]],
+    'DynamicPtesBitBuffer' : [ 0x1020, ['pointer', ['unsigned long']]],
+    'IdLock' : [ 0x1024, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x1028, ['pointer', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x102c, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x1030, ['pointer', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x1034, ['pointer', ['void']]],
+    'SessionCore' : [ 0x1038, ['pointer', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer', ['void']]],
+    'CallbackContext' : [ 0xc, ['pointer', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'AccessMask' : [ 0x18, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x140, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x4, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'UnusedSegmentPagedPool' : [ 0xc, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x10, ['unsigned long']],
+    'HighSectionBase' : [ 0x14, ['pointer', ['void']]],
+    'PhysicalSubsection' : [ 0x18, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0x60, ['_CONTROL_AREA']],
+    'PurgingExtentPages' : [ 0xb0, ['_MMPFNLIST']],
+    'DanglingExtentPages' : [ 0xc4, ['pointer', ['_MMPFN']]],
+    'DanglingExtentsWorkItem' : [ 0xc8, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsWorkerActive' : [ 0xd8, ['unsigned char']],
+    'PurgingExtentsNeedWatchdog' : [ 0xd9, ['unsigned char']],
+    'PageFileSectionHead' : [ 0xdc, ['_RTL_AVL_TREE']],
+    'PageFileSectionListSpinLock' : [ 0xe0, ['long']],
+    'ImageBias' : [ 0xe4, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0xe8, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0xec, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0xf4, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0xf8, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0xfc, ['unsigned long']],
+    'LostDataFiles' : [ 0x100, ['unsigned long']],
+    'LostDataPages' : [ 0x104, ['unsigned long']],
+    'ImageFailureReason' : [ 0x108, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x10c, ['pointer', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x110, ['pointer', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x114, ['unsigned long']],
+    'ImageChecksumBreakpoint' : [ 0x118, ['unsigned long']],
+    'ImageSizeBreakpoint' : [ 0x11c, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x120, ['long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x1c, {
+    'HashLink' : [ 0x0, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x4, ['unsigned short']],
+    'Atom' : [ 0x6, ['unsigned short']],
+    'Reference' : [ 0x8, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x18, ['unsigned char']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'WaitResponse' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x18, {
+    'DebugInfo' : [ 0x0, ['pointer', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x4, ['long']],
+    'RecursionCount' : [ 0x8, ['long']],
+    'OwningThread' : [ 0xc, ['pointer', ['void']]],
+    'LockSemaphore' : [ 0x10, ['pointer', ['void']]],
+    'SpinCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x38, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x8, ['unsigned char']],
+    'ArbiterInterface' : [ 0xc, ['pointer', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x10, ['pointer', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x1c, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x24, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x2c, ['_LIST_ENTRY']],
+    'State' : [ 0x34, ['unsigned char']],
+    'ResourcesChanged' : [ 0x35, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x30, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x4, ['pointer', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x8, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0xc, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x10, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkIdFilter' : [ 0x14, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'StackWalkNameFilter' : [ 0x18, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+    'StackWalkLevelKwFilter' : [ 0x1c, ['pointer', ['_EVENT_FILTER_LEVEL_KW']]],
+    'EventIdFilter' : [ 0x20, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x24, ['pointer', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x28, ['pointer', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x2c, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0x94, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long']],
+    'NonPagedBytes' : [ 0x54, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x5c, ['unsigned long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x60, ['unsigned long']],
+    'SessionTrims' : [ 0x64, ['unsigned long']],
+    'OptionChanges' : [ 0x68, ['unsigned long']],
+    'VerifyMode' : [ 0x6c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x70, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x78, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x7c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x80, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x84, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x88, ['unsigned long']],
+    'UnsupportedRelocs' : [ 0x8c, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x90, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x468, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['pointer', ['void']]],
+    'ImageBaseAddress' : [ 0x8, ['pointer', ['void']]],
+    'Ldr' : [ 0xc, ['pointer', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x10, ['pointer', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x14, ['pointer', ['void']]],
+    'ProcessHeap' : [ 0x18, ['pointer', ['void']]],
+    'FastPebLock' : [ 0x1c, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x20, ['pointer', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x24, ['pointer', ['void']]],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['pointer', ['void']]],
+    'UserSharedInfoPtr' : [ 0x2c, ['pointer', ['void']]],
+    'SystemReserved' : [ 0x30, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x34, ['pointer', ['_SLIST_HEADER']]],
+    'ApiSetMap' : [ 0x38, ['pointer', ['void']]],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['pointer', ['void']]],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['pointer', ['void']]],
+    'SharedData' : [ 0x50, ['pointer', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x54, ['pointer', ['pointer', ['void']]]],
+    'AnsiCodePageData' : [ 0x58, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x5c, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x60, ['pointer', ['void']]],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['pointer', ['pointer', ['void']]]],
+    'GdiSharedHandleTable' : [ 0x94, ['pointer', ['void']]],
+    'ProcessStarterHelper' : [ 0x98, ['pointer', ['void']]],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['pointer', ['void']]],
+    'TlsExpansionBitmap' : [ 0x150, ['pointer', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['pointer', ['void']]],
+    'AppCompatInfo' : [ 0x1ec, ['pointer', ['void']]],
+    'CSDVersion' : [ 0x1f0, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x1f8, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x200, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x204, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['pointer', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x210, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x218, ['pointer', ['void']]],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['pointer', ['void']]],
+    'WerShipAssertPtr' : [ 0x234, ['pointer', ['void']]],
+    'pUnused' : [ 0x238, ['pointer', ['void']]],
+    'pImageHeaderHash' : [ 0x23c, ['pointer', ['void']]],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['pointer', ['void']]]],
+    'TelemetryCoverageHeader' : [ 0x45c, ['pointer', ['void']]],
+    'CloudFileFlags' : [ 0x460, ['unsigned long']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x8, ['unsigned long']],
+    'Unloads' : [ 0xc, ['unsigned long']],
+    'BaseName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x10, {
+    'IssueType' : [ 0x0, ['unsigned long']],
+    'Address' : [ 0x4, ['pointer', ['void']]],
+    'Parameters' : [ 0x8, ['array', 2, ['unsigned long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x14, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Busy' : [ 0x10, ['unsigned char']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x24, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x28, ['unsigned long']],
+    'Alternatives' : [ 0x2c, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x30, ['unsigned short']],
+    'RangeAttributes' : [ 0x32, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x33, ['unsigned char']],
+    'WorkSpace' : [ 0x34, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x8, {
+    'BasePage' : [ 0x0, ['unsigned long']],
+    'PageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2419' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_241d' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_241f' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_2419']],
+    'Bits' : [ 0x0, ['__unnamed_241d']],
+} ],
+  '_KGDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_241f']],
+} ],
+  '_ETW_SYSTEM_LOGGER_SETTINGS' : [ 0x154, {
+    'EtwpSystemLogger' : [ 0x0, ['array', 8, ['_ETW_SYSTEM_LOGGER']]],
+    'EtwpActiveSystemLoggers' : [ 0x10, ['unsigned long']],
+    'SiloGlobalGroupMask' : [ 0x14, ['_PERFINFO_GROUPMASK']],
+    'EtwpGroupMasks' : [ 0x34, ['array', 9, ['_PERFINFO_GROUPMASK']]],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x20, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP']],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Vad' : [ 0x10, ['pointer', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x14, ['unsigned long']],
+    'FullSetBits' : [ 0x18, ['unsigned long']],
+    'SubListIndex' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_242c' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_242f' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0xf8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'CollidedEvent' : [ 0x20, ['_KEVENT']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ApcState' : [ 0x40, ['_KAPC_STATE']],
+    'Thread' : [ 0x58, ['pointer', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0x5c, ['pointer', ['_MMPFN']]],
+    'PteContents' : [ 0x60, ['_MMPTE']],
+    'WaitCount' : [ 0x68, ['long']],
+    'ByteCount' : [ 0x6c, ['unsigned long']],
+    'u3' : [ 0x70, ['__unnamed_242c']],
+    'u1' : [ 0x74, ['__unnamed_242f']],
+    'FilePointer' : [ 0x78, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x7c, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x7c, ['pointer', ['_SUBSECTION']]],
+    'Autoboost' : [ 0x80, ['pointer', ['void']]],
+    'FaultingAddress' : [ 0x84, ['pointer', ['void']]],
+    'PointerPte' : [ 0x88, ['pointer', ['_MMPTE']]],
+    'BasePte' : [ 0x8c, ['pointer', ['_MMPTE']]],
+    'Pfn' : [ 0x90, ['pointer', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x98, ['_MDL']],
+    'Page' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'FlowThrough' : [ 0xb4, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x10, {
+    'BaseKcb' : [ 0x0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x4, ['long']],
+    'ClonedKcbListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset', 25: u'ClearDmaGuardProblem'})]],
+    'ReorderingBarrier' : [ 0x10, ['unsigned char']],
+    'RequestArgument' : [ 0x14, ['unsigned long']],
+    'CompletionEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x1c, ['pointer', ['long']]],
+    'ActivityId' : [ 0x20, ['_GUID']],
+    'RefCount' : [ 0x30, ['long']],
+    'Dequeued' : [ 0x34, ['unsigned char']],
+    'CancelLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x3c, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0xc0, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x28, ['unsigned char']],
+    'Platform' : [ 0x29, ['unsigned char']],
+    'DependencyListCount' : [ 0x2c, ['unsigned long']],
+    'Processors' : [ 0x30, ['_KAFFINITY_EX']],
+    'Name' : [ 0x3c, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0x44, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x48, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x50, ['unsigned long long']],
+    'RefCount' : [ 0x80, ['long']],
+    'CacheAlign0' : [ 0x80, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer', ['void']]],
+    'InLoadOrderModuleList' : [ 0xc, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x14, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x24, ['pointer', ['void']]],
+    'ShutdownInProgress' : [ 0x28, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0x7c0, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x1c0, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x200, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x340, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x480, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x4c0, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x4d4, ['array', 2, ['pointer', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x4dc, ['array', 8, ['pointer', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x4fc, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x540, ['unsigned long']],
+    'TransitionSharedPagesPeak' : [ 0x544, ['array', 3, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x550, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x650, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x660, ['unsigned long']],
+    'StandbyListDiscard' : [ 0x664, ['unsigned char']],
+    'FreeListDiscard' : [ 0x665, ['unsigned char']],
+    'LargePfnBitMapsReady' : [ 0x666, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0x668, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x670, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0x6c0, ['unsigned long']],
+    'AvailablePageWaitStates' : [ 0x6c4, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0x700, ['pointer', ['void']]],
+    'TransitionPrivatePages' : [ 0x740, ['unsigned long']],
+    'LargePfnBitMap' : [ 0x744, ['array', 1, ['_RTL_BITMAP']]],
+    'LowMemoryThreshold' : [ 0x74c, ['unsigned long']],
+    'HighMemoryThreshold' : [ 0x750, ['unsigned long']],
+    'LargePfnBitMapLock' : [ 0x780, ['unsigned long']],
+} ],
+  '__unnamed_2459' : [ 0x4, {
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_2459']],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0xd8, {
+    'Partition' : [ 0x0, ['pointer', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x4, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0xc, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x20, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x24, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x2c, ['unsigned long']],
+    'CombinePageListHeads' : [ 0x30, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0xb0, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'LowboxNumber' : [ 0x14, ['unsigned long']],
+    'AtomTable' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x4, ['pointer', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'KernelSoftReboot' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_MMPTE_HIGHLOW' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0xb0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0xc, ['pointer', ['void']]],
+    'MessageServiceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'MessageIndex' : [ 0x14, ['unsigned long']],
+    'ServiceContext' : [ 0x18, ['pointer', ['void']]],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'TickCount' : [ 0x20, ['unsigned long']],
+    'ActualLock' : [ 0x24, ['pointer', ['unsigned long']]],
+    'DispatchAddress' : [ 0x28, ['pointer', ['void']]],
+    'Vector' : [ 0x2c, ['unsigned long']],
+    'Irql' : [ 0x30, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x31, ['unsigned char']],
+    'FloatingSave' : [ 0x32, ['unsigned char']],
+    'Connected' : [ 0x33, ['unsigned char']],
+    'Number' : [ 0x34, ['unsigned long']],
+    'ShareVector' : [ 0x38, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x39, ['unsigned char']],
+    'ActiveCount' : [ 0x3a, ['unsigned short']],
+    'InternalState' : [ 0x3c, ['long']],
+    'Mode' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x48, ['unsigned long']],
+    'DispatchCount' : [ 0x4c, ['unsigned long']],
+    'PassiveEvent' : [ 0x50, ['pointer', ['_KEVENT']]],
+    'DisconnectData' : [ 0x54, ['pointer', ['void']]],
+    'ServiceThread' : [ 0x58, ['pointer', ['_KTHREAD']]],
+    'ConnectionData' : [ 0x5c, ['pointer', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0x60, ['pointer', ['void']]],
+    'IsrDpcStats' : [ 0x68, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xa8, ['pointer', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x34, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x10, ['pointer', ['void']]],
+    'IoObject' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x1c, ['pointer', ['_ETHREAD']]],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ActivityId' : [ 0x24, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x18, {
+    'NextPteToTrim' : [ 0x0, ['pointer', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0xc, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x10, ['unsigned long']],
+    'LockedEntries' : [ 0x14, ['unsigned long']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x44, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer', ['unsigned char']]],
+    'DataPortMapped' : [ 0xc, ['unsigned char']],
+    'AddressPort' : [ 0x10, ['pointer', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x14, ['unsigned char']],
+    'CommandPort' : [ 0x18, ['pointer', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x1c, ['unsigned char']],
+    'NextSlotNumber' : [ 0x20, ['unsigned long']],
+    'DeviceList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x2c, ['pointer', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x30, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x38, ['unsigned long']],
+    'SystemPowerState' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_CMHIVE' : [ 0xf20, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x6f0, ['array', 6, ['pointer', ['void']]]],
+    'NotifyList' : [ 0x708, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x710, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x718, ['_LIST_ENTRY']],
+    'FailedUnloadList' : [ 0x720, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x728, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0x72c, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0x734, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x738, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x73c, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x740, ['unsigned long']],
+    'Identity' : [ 0x744, ['unsigned long']],
+    'HiveLock' : [ 0x748, ['pointer', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0x74c, ['pointer', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0x750, ['pointer', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0x754, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x75c, ['unsigned long']],
+    'FlushLogEntry' : [ 0x760, ['pointer', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0x764, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x768, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x76c, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x770, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x778, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x77c, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x780, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x784, ['pointer', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x788, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0x78c, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0x790, ['unsigned long']],
+    'ActualFileSize' : [ 0x798, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x7a0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x7b0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x7b8, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x7c0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x7c8, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x7cc, ['unsigned long']],
+    'SecurityHitHint' : [ 0x7d0, ['long']],
+    'SecurityCache' : [ 0x7d4, ['pointer', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x7d8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0x9d8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x9dc, ['pointer', ['pointer', ['_KEVENT']]]],
+    'RootKcb' : [ 0x9e0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x9e4, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x9e8, ['pointer', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x9ec, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0xa00, ['unsigned char']],
+    'GrowOffset' : [ 0xa04, ['unsigned long']],
+    'KcbConvertListHead' : [ 0xa08, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0xa10, ['pointer', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0xa14, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0xc9c, ['unsigned long']],
+    'TrustClassEntry' : [ 0xca0, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0xca8, ['unsigned long long']],
+    'UnreconciledTime' : [ 0xcb0, ['unsigned long long']],
+    'CmRm' : [ 0xcb8, ['pointer', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0xcbc, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0xcc0, ['long']],
+    'CreatorOwner' : [ 0xcc4, ['pointer', ['_KTHREAD']]],
+    'RundownThread' : [ 0xcc8, ['pointer', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0xcd0, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0xcd8, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0xce4, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0xcf0, ['unsigned long']],
+    'FlushActive' : [ 0xcf0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0xcf0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0xcf0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0xcf0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0xcf4, ['unsigned long']],
+    'ReferenceCount' : [ 0xcf8, ['long']],
+    'UnloadHistoryIndex' : [ 0xcfc, ['long']],
+    'UnloadHistory' : [ 0xd00, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0xf00, ['unsigned long']],
+    'UnaccessedStart' : [ 0xf04, ['unsigned long']],
+    'UnaccessedEnd' : [ 0xf08, ['unsigned long']],
+    'LoadedKeyCount' : [ 0xf0c, ['unsigned long']],
+    'HandleClosePending' : [ 0xf10, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0xf14, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0xf18, ['unsigned char']],
+    'FailedUnload' : [ 0xf19, ['unsigned char']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KAPC_STATE' : [ 0x18, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x10, ['pointer', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x14, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x15, ['unsigned char']],
+    'UserApcPending' : [ 0x16, ['unsigned char']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x10, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x8, ['unsigned long']],
+    'Inserted' : [ 0xc, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '__unnamed_24dd' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_24df' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_24e1' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_24dd']],
+    'Interrupt' : [ 0x0, ['__unnamed_24df']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_24df']],
+    'Sci' : [ 0x0, ['__unnamed_24df']],
+    'Nmi' : [ 0x0, ['__unnamed_24df']],
+    'Sea' : [ 0x0, ['__unnamed_24df']],
+    'Sei' : [ 0x0, ['__unnamed_24df']],
+    'Gsiv' : [ 0x0, ['__unnamed_24df']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_24e1']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x4, {
+    'LogHandleContext' : [ 0x0, ['pointer', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x19c, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x110, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x190, ['unsigned long']],
+    'ThreadListHead' : [ 0x194, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x2c, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'RealRefCount' : [ 0x14, ['unsigned long']],
+    'Descriptor' : [ 0x18, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x1c0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Partition' : [ 0x19c, ['pointer', ['_EX_PARTITION']]],
+    'Node' : [ 0x1a0, ['pointer', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x1a4, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x1a8, ['unsigned long']],
+    'ThreadCount' : [ 0x1ac, ['long']],
+    'MinThreads' : [ 0x1b0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x1b0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x1b4, ['long']],
+    'QueueIndex' : [ 0x1b8, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'IoPoolUntrusted', 8: u'ExPoolMax'})]],
+    'AllThreadsExitedEvent' : [ 0x1bc, ['pointer', ['_KEVENT']]],
+} ],
+  '_KSCB' : [ 0x100, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x50, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x5d, ['unsigned char']],
+    'ReadySummary' : [ 0x5e, ['unsigned short']],
+    'Rank' : [ 0x60, ['unsigned long']],
+    'ShareRank' : [ 0x64, ['pointer', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x68, ['unsigned long']],
+    'ReadyListHead' : [ 0x6c, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0xec, ['_RTL_RB_TREE']],
+    'Parent' : [ 0xf4, ['pointer', ['_KSCB']]],
+    'Root' : [ 0xf8, ['pointer', ['_KSCB']]],
+} ],
+  '__unnamed_2507' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0x5c, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x8, ['pointer', ['void']]],
+    'ExceptionTableSize' : [ 0xc, ['unsigned long']],
+    'GpValue' : [ 0x10, ['pointer', ['void']]],
+    'NonPagedDebugInfo' : [ 0x14, ['pointer', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'LoadCount' : [ 0x38, ['unsigned short']],
+    'u1' : [ 0x3a, ['__unnamed_2507']],
+    'SectionPointer' : [ 0x3c, ['pointer', ['void']]],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x44, ['unsigned long']],
+    'CoverageSection' : [ 0x48, ['pointer', ['void']]],
+    'LoadedImports' : [ 0x4c, ['pointer', ['void']]],
+    'Spare' : [ 0x50, ['pointer', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x54, ['unsigned long']],
+    'TimeDateStamp' : [ 0x58, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_KTSS' : [ 0x20ac, {
+    'Backlink' : [ 0x0, ['unsigned short']],
+    'Reserved0' : [ 0x2, ['unsigned short']],
+    'Esp0' : [ 0x4, ['unsigned long']],
+    'Ss0' : [ 0x8, ['unsigned short']],
+    'Reserved1' : [ 0xa, ['unsigned short']],
+    'NotUsed1' : [ 0xc, ['array', 4, ['unsigned long']]],
+    'CR3' : [ 0x1c, ['unsigned long']],
+    'Eip' : [ 0x20, ['unsigned long']],
+    'EFlags' : [ 0x24, ['unsigned long']],
+    'Eax' : [ 0x28, ['unsigned long']],
+    'Ecx' : [ 0x2c, ['unsigned long']],
+    'Edx' : [ 0x30, ['unsigned long']],
+    'Ebx' : [ 0x34, ['unsigned long']],
+    'Esp' : [ 0x38, ['unsigned long']],
+    'Ebp' : [ 0x3c, ['unsigned long']],
+    'Esi' : [ 0x40, ['unsigned long']],
+    'Edi' : [ 0x44, ['unsigned long']],
+    'Es' : [ 0x48, ['unsigned short']],
+    'Reserved2' : [ 0x4a, ['unsigned short']],
+    'Cs' : [ 0x4c, ['unsigned short']],
+    'Reserved3' : [ 0x4e, ['unsigned short']],
+    'Ss' : [ 0x50, ['unsigned short']],
+    'Reserved4' : [ 0x52, ['unsigned short']],
+    'Ds' : [ 0x54, ['unsigned short']],
+    'Reserved5' : [ 0x56, ['unsigned short']],
+    'Fs' : [ 0x58, ['unsigned short']],
+    'Reserved6' : [ 0x5a, ['unsigned short']],
+    'Gs' : [ 0x5c, ['unsigned short']],
+    'Reserved7' : [ 0x5e, ['unsigned short']],
+    'LDT' : [ 0x60, ['unsigned short']],
+    'Reserved8' : [ 0x62, ['unsigned short']],
+    'Flags' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+    'IoMaps' : [ 0x68, ['array', 1, ['_KiIoAccessMap']]],
+    'IntDirectionMap' : [ 0x208c, ['array', 32, ['unsigned char']]],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long']],
+    'TrimInProgressCount' : [ 0x4, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x8, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x18, ['array', 3, ['unsigned long']]],
+} ],
+  '_KMUTANT' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x18, ['pointer', ['_KTHREAD']]],
+    'Abandoned' : [ 0x1c, ['unsigned char']],
+    'ApcDisable' : [ 0x1d, ['unsigned char']],
+} ],
+  '__unnamed_2519' : [ 0x4, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 29, native_type='unsigned long')]],
+} ],
+  '__unnamed_251c' : [ 0x4, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_ACTIVE_PFN' : [ 0x4, {
+    'Leaf' : [ 0x0, ['__unnamed_2519']],
+    'PageTable' : [ 0x0, ['__unnamed_251c']],
+    'EntireActiveField' : [ 0x0, ['unsigned long']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x4, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x168, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x4, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x18, ['_GUID']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NextSameTx' : [ 0x48, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x50, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x58, ['pointer', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0x5c, ['pointer', ['_KTRANSACTION']]],
+    'State' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0x64, ['unsigned long']],
+    'NotificationMask' : [ 0x68, ['unsigned long']],
+    'Key' : [ 0x6c, ['pointer', ['void']]],
+    'KeyRefCount' : [ 0x70, ['unsigned long']],
+    'RecoveryInformation' : [ 0x74, ['pointer', ['void']]],
+    'RecoveryInformationLength' : [ 0x78, ['unsigned long']],
+    'DynamicNameInformation' : [ 0x7c, ['pointer', ['void']]],
+    'DynamicNameInformationLength' : [ 0x80, ['unsigned long']],
+    'FinalNotification' : [ 0x84, ['pointer', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0x88, ['pointer', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0x8c, ['pointer', ['void']]],
+    'SubordinateTxHandle' : [ 0x90, ['pointer', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x94, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0xa4, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0xb4, ['_GUID']],
+    'NextHistory' : [ 0xc4, ['unsigned long']],
+    'History' : [ 0xc8, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x14, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x18, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long']],
+} ],
+  '_HMAP_TABLE' : [ 0x2800, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_2547' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2549' : [ 0x10, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_2547']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x20, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0xc, ['__unnamed_2549']],
+    'VerifiedData' : [ 0x1c, ['pointer', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x10, {
+    'SecurityQos' : [ 0x0, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x4, ['pointer', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x8, ['unsigned long']],
+    'FullCreateOptions' : [ 0xc, ['unsigned long']],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x20, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x8, ['pointer', ['void']]],
+    'SessionViewVa' : [ 0x8, ['pointer', ['void']]],
+    'VadsProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'Type' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SystemCacheAttributes' : [ 0x10, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x10, ['unsigned long long']],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0xc, {
+    'ActiveThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'WaitList' : [ 0x4, ['pointer', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0xc0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0xc8, ['unsigned long']],
+    'PteTrackingBitmap' : [ 0xcc, ['_RTL_BITMAP']],
+    'CachedPteHeads' : [ 0xd4, ['pointer', ['_MI_CACHED_PTES']]],
+    'CachedKernelStackPteHeads' : [ 0xd8, ['pointer', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xdc, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPteInfo' : [ 0x114, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x14c, ['unsigned long']],
+    'KernelStackPages' : [ 0x150, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x151, ['unsigned char']],
+    'AdjustCounter' : [ 0x152, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x154, ['long']],
+    'ReservedMappingTree' : [ 0x158, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x15c, ['pointer', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x160, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x164, ['long']],
+} ],
+  '__unnamed_255d' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0xe4, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_255d']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'NodeInformation' : [ 0x10, ['pointer', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x14, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x18, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x1c, ['unsigned long']],
+    'PfnUnmapWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x30, ['unsigned long']],
+    'PfnUnmapWaitList' : [ 0x34, ['pointer', ['void']]],
+    'MemoryRuns' : [ 0x38, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x3c, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x4c, ['array', 5, ['pointer', ['void']]]],
+    'PartitionObject' : [ 0x60, ['pointer', ['_EPARTITION']]],
+    'PartitionSystemThreadsLock' : [ 0x64, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0x6c, ['long']],
+    'PfnUnmapActive' : [ 0x70, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0x74, ['_KEVENT']],
+    'RootDirectory' : [ 0x84, ['pointer', ['void']]],
+    'KernelObjectsDirectory' : [ 0x88, ['pointer', ['void']]],
+    'MemoryEvents' : [ 0x8c, ['array', 11, ['pointer', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0xb8, ['array', 11, ['pointer', ['void']]]],
+} ],
+  '__unnamed_2568' : [ 0x4, {
+    'InstancedWorkingSet' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0x68, {
+    'NextPageColor' : [ 0x0, ['unsigned short']],
+    'LastTrimStamp' : [ 0x2, ['unsigned short']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long']],
+    'VmWorkingSetList' : [ 0xc, ['pointer', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x18, ['array', 8, ['unsigned long']]],
+    'ExitOutswapGate' : [ 0x38, ['pointer', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x3c, ['unsigned long']],
+    'WorkingSetLeafSize' : [ 0x40, ['unsigned long']],
+    'WorkingSetLeafPrivateSize' : [ 0x44, ['unsigned long']],
+    'WorkingSetSize' : [ 0x48, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x4c, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x50, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x54, ['unsigned long']],
+    'HardFaultCount' : [ 0x58, ['unsigned long']],
+    'u1' : [ 0x5c, ['__unnamed_2568']],
+    'Reserved0' : [ 0x60, ['unsigned long']],
+    'Flags' : [ 0x64, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x18, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x8, ['unsigned char']],
+    'BlockState' : [ 0x9, ['unsigned char']],
+    'WaitKey' : [ 0xa, ['unsigned short']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0xc, ['pointer', ['_KQUEUE']]],
+    'Object' : [ 0x10, ['pointer', ['void']]],
+    'SparePtr' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x10, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0xc, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x58, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'VolumeLabel' : [ 0x18, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'AcquiredRundown' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'WorkQueue' : [ 0x18, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x40, ['pointer', ['void']]],
+    'AcceptProcessorNotification' : [ 0x44, ['pointer', ['void']]],
+    'AcceptAcpiNotification' : [ 0x48, ['pointer', ['void']]],
+    'WorkOrderCount' : [ 0x4c, ['unsigned long']],
+    'WorkOrders' : [ 0x50, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_258c' : [ 0x20, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x1c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x50, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long']],
+    'ModifiedPagesTotal' : [ 0x1c, ['unsigned long']],
+    'ModifiedPagefilePages' : [ 0x20, ['unsigned long']],
+    'ModifiedNoWritePages' : [ 0x24, ['unsigned long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x28, ['unsigned long']],
+    'MdlHack' : [ 0x2c, ['__unnamed_258c']],
+} ],
+  '_NT_TIB' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x4, ['pointer', ['void']]],
+    'StackLimit' : [ 0x8, ['pointer', ['void']]],
+    'SubSystemTib' : [ 0xc, ['pointer', ['void']]],
+    'FiberData' : [ 0x10, ['pointer', ['void']]],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['pointer', ['void']]],
+    'Self' : [ 0x18, ['pointer', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x3c, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x8, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x10, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x14, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x18, ['pointer', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x18, ['array', 4, ['pointer', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x18, ['pointer', ['void']]],
+    'SessionId' : [ 0x1c, ['unsigned long']],
+    'Process' : [ 0x28, ['pointer', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['void']]],
+    'Callback' : [ 0x2c, ['pointer', ['void']]],
+    'Index' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x32, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x32, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x32, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x32, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x32, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'DbgUseDescriptorType' : [ 0x32, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'DbgDropProviderTraits' : [ 0x32, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'EnableMask' : [ 0x34, ['unsigned char']],
+    'GroupEnableMask' : [ 0x35, ['unsigned char']],
+    'Traits' : [ 0x38, ['pointer', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x14, {
+    'NextEntry' : [ 0x0, ['pointer', ['void']]],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x1500, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long']],
+    'SystemVaBias' : [ 0x4, ['unsigned long']],
+    'SystemAvailableVaLow' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+    'SystemRangeStart' : [ 0x10, ['pointer', ['void']]],
+    'SystemCachePdeCount' : [ 0x14, ['array', 1024, ['unsigned char']]],
+    'SystemCacheReverseMaps' : [ 0x414, ['array', 1024, ['pointer', ['void']]]],
+    'DeleteKvaLock' : [ 0x1414, ['long']],
+    'WsleArrays' : [ 0x1418, ['array', 5, ['pointer', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x142c, ['pointer', ['_MI_HYPER_SPACE']]],
+    'HyperSpaceEnd' : [ 0x1430, ['pointer', ['void']]],
+    'FreeSystemCacheVa' : [ 0x1434, ['_KEVENT']],
+    'SystemVaLock' : [ 0x1444, ['unsigned long']],
+    'SystemCacheViewLock' : [ 0x1448, ['unsigned long']],
+    'SystemWorkingSetList' : [ 0x144c, ['array', 5, ['_MMWSL_INSTANCE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x24, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'ReleasedCommitDebt' : [ 0x4, ['unsigned long']],
+    'ResetPagesRepurposedCount' : [ 0x8, ['unsigned long']],
+    'WsSwapSupport' : [ 0xc, ['pointer', ['void']]],
+    'CommitReleaseContext' : [ 0x10, ['pointer', ['void']]],
+    'AccessLog' : [ 0x14, ['pointer', ['void']]],
+    'ChargedWslePages' : [ 0x18, ['unsigned long']],
+    'ActualWslePages' : [ 0x1c, ['unsigned long']],
+    'GoodCitizenWaiting' : [ 0x20, ['long']],
+} ],
+  '_ETW_SYSTEM_LOGGER' : [ 0x2, {
+    'LoggerId' : [ 0x0, ['unsigned char']],
+    'ClockType' : [ 0x1, ['unsigned char']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x4, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x4, {
+    'ImpersonationData' : [ 0x0, ['unsigned long']],
+    'ImpersonationToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x4, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x8, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x10, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x8, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PAE_ENTRY' : [ 0x20, {
+    'PteEntry' : [ 0x0, ['array', 4, ['_MMPTE']]],
+    'PaeEntry' : [ 0x0, ['_PAE_PAGEINFO']],
+    'NextPae' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x10, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CloneCommitCount' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0x8, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_2605' : [ 0x4, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_SECTION' : [ 0x28, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u1' : [ 0x14, ['__unnamed_2605']],
+    'SizeOfSection' : [ 0x18, ['unsigned long long']],
+    'u' : [ 0x20, ['__unnamed_170d']],
+    'InitialPageProtection' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x24, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x24, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer', ['void']]]],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x88, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x8, ['unsigned long']],
+    'ArgumentStatus' : [ 0xc, ['long']],
+    'CallerEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'Callback' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'VetoType' : [ 0x1c, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x20, ['pointer', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x24, ['unsigned long']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'Cancel' : [ 0x2c, ['unsigned char']],
+    'Parent' : [ 0x30, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x34, ['_GUID']],
+    'Data' : [ 0x44, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x8, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x4, ['array', 1, ['pointer', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0xa0, {
+    'Timelines' : [ 0x0, ['array', 14, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+    'InputTimeline' : [ 0x48, ['_TIMELINE_BITMAP']],
+    'AudioInTimeline' : [ 0x50, ['_TIMELINE_BITMAP']],
+    'AudioOutTimeline' : [ 0x58, ['_TIMELINE_BITMAP']],
+    'DisplayRequiredTimeline' : [ 0x60, ['_TIMELINE_BITMAP']],
+    'KeyboardInputTimeline' : [ 0x68, ['_TIMELINE_BITMAP']],
+    'Durations' : [ 0x70, ['array', 5, ['_ENERGY_STATE_DURATION']]],
+    'InputDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'AudioInDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'AudioOutDuration' : [ 0x80, ['_ENERGY_STATE_DURATION']],
+    'DisplayRequiredDuration' : [ 0x88, ['_ENERGY_STATE_DURATION']],
+    'PSMBackgroundDuration' : [ 0x90, ['_ENERGY_STATE_DURATION']],
+    'KeyboardInput' : [ 0x98, ['unsigned long']],
+    'MouseInput' : [ 0x9c, ['unsigned long']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x20, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x14, ['long']],
+    'Active' : [ 0x18, ['long']],
+    'FreeWhenDone' : [ 0x1c, ['unsigned char']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x90, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x8, ['unsigned long']],
+    'InDebugger' : [ 0xc, ['long']],
+    'Pfns' : [ 0x10, ['array', 32, ['pointer', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x8, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 31, native_type='unsigned long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x0, ['pointer', ['void']]],
+    'SessionState' : [ 0x4, ['pointer', ['void']]],
+    'SessionId' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x20, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer', ['void']]],
+    'Owner' : [ 0x14, ['pointer', ['void']]],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'Flags' : [ 0x19, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x10, {
+    'ClientToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x8, ['pointer', ['void']]],
+    'ProcessAuditId' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_ETIMER' : [ 0xb8, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'TimerApc' : [ 0x2c, ['_KAPC']],
+    'TimerDpc' : [ 0x5c, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0x7c, ['_LIST_ENTRY']],
+    'Period' : [ 0x84, ['unsigned long']],
+    'TimerFlags' : [ 0x88, ['unsigned char']],
+    'ApcAssociated' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0x88, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0x88, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0x89, ['unsigned char']],
+    'Spare2' : [ 0x8a, ['unsigned short']],
+    'WakeReason' : [ 0x8c, ['pointer', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x98, ['pointer', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x9c, ['_LIST_ENTRY']],
+    'DueTime' : [ 0xa8, ['unsigned long long']],
+    'CoalescingWindow' : [ 0xb0, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x48, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x34, ['array', 2, ['_RTL_BITMAP']]],
+    'CrashDumpPte' : [ 0x44, ['pointer', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'OldIrql' : [ 0x4, ['unsigned char']],
+    'NewIrql' : [ 0x5, ['unsigned char']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'TickCount' : [ 0x8, ['unsigned long']],
+    'StackTrace' : [ 0xc, ['array', 5, ['pointer', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0xc, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x8, {
+    'OwnerThread' : [ 0x0, ['unsigned long']],
+    'IoPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Entry' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x8, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x4, {
+    'ImageFileName' : [ 0x0, ['pointer', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x1a8, {
+    'IdleStates' : [ 0x0, ['pointer', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x4, ['pointer', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x20, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x28, ['unsigned char']],
+    'PepWokenTransition' : [ 0x29, ['unsigned char']],
+    'EfficiencyClass' : [ 0x2a, ['unsigned char']],
+    'SchedulingClass' : [ 0x2b, ['unsigned char']],
+    'TargetIdleState' : [ 0x2c, ['unsigned long']],
+    'IdlePolicy' : [ 0x30, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x38, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x40, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xcc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xd0, ['unsigned long']],
+    'WmiInterfaceEnabled' : [ 0xd4, ['long']],
+    'FFHThrottleStateInfo' : [ 0xd8, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0xf8, ['_KDPC']],
+    'PerfActionMask' : [ 0x118, ['long']],
+    'HvIdleCheck' : [ 0x120, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x130, ['pointer', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x134, ['pointer', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x138, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x13c, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x140, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x144, ['pointer', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x148, ['pointer', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x14c, ['unsigned char']],
+    'HvTargetState' : [ 0x14d, ['unsigned char']],
+    'Parked' : [ 0x14e, ['unsigned char']],
+    'LongPriorQosPeriod' : [ 0x14f, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x150, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x154, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x158, ['unsigned long']],
+    'RelativePerformance' : [ 0x15c, ['unsigned long']],
+    'Utility' : [ 0x160, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x164, ['unsigned long']],
+    'SnapTimeLast' : [ 0x168, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x168, ['unsigned long long']],
+    'ActiveTime' : [ 0x170, ['unsigned long long']],
+    'TotalTime' : [ 0x178, ['unsigned long long']],
+    'FxDevice' : [ 0x180, ['pointer', ['_POP_FX_DEVICE']]],
+    'LastQosTranstionTsc' : [ 0x188, ['unsigned long long']],
+    'QosTransitionHysteresis' : [ 0x190, ['unsigned long long']],
+    'RequestedQosClass' : [ 0x198, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMax'})]],
+    'ResolvedQosClass' : [ 0x19c, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMax'})]],
+    'QosEquivalencyMask' : [ 0x1a0, ['unsigned long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x180, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x18, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x28, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x38, ['unsigned long']],
+    'AttemptForCantExtend' : [ 0x3c, ['_MMPAGE_FILE_EXPANSION']],
+    'DereferenceSegmentHeader' : [ 0x70, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x9c, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0xa8, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0xd0, ['unsigned char']],
+    'SegmentDereferenceThreadExists' : [ 0xd1, ['unsigned char']],
+    'UnusedSegmentPagedPool' : [ 0xd4, ['unsigned long']],
+    'UnusedSegmentList' : [ 0xd8, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0xe0, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0xe8, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0xf0, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0x108, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0x120, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x130, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0x138, ['_EX_PUSH_LOCK']],
+    'PagefileExtensionWaiters' : [ 0x13c, ['unsigned long']],
+    'PagefileExtensionRequests' : [ 0x140, ['unsigned long']],
+    'PagefileExtensionWaitEvent' : [ 0x144, ['_KEVENT']],
+} ],
+  '_KiIoAccessMap' : [ 0x2024, {
+    'DirectionMap' : [ 0x0, ['array', 32, ['unsigned char']]],
+    'IoMap' : [ 0x20, ['array', 8196, ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x14, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x154, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'State' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x1c, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x3c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x50, ['_GUID']],
+    'NotificationQueue' : [ 0x60, ['_KQUEUE']],
+    'NotificationMutex' : [ 0x88, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0xa8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xb0, ['unsigned long']],
+    'NotificationRoutine' : [ 0xb4, ['pointer', ['void']]],
+    'Key' : [ 0xb8, ['pointer', ['void']]],
+    'ProtocolListHead' : [ 0xbc, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0xc4, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0xcc, ['_LIST_ENTRY']],
+    'Tm' : [ 0xd4, ['pointer', ['_KTM']]],
+    'Description' : [ 0xd8, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0xe0, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x140, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_DEVICE' : [ 0x198, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DevNode' : [ 0x1c, ['pointer', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x20, ['pointer', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x24, ['pointer', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x28, ['pointer', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x2c, ['pointer', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x30, ['pointer', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x38, ['pointer', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x3c, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0x5c, ['pointer', ['void']]],
+    'AcpiLink' : [ 0x60, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0x68, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0x70, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x88, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0xa0, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0xbc, ['unsigned long']],
+    'IdleTimer' : [ 0xc0, ['_KTIMER']],
+    'IdleDpc' : [ 0xe8, ['_KDPC']],
+    'IdleTimeout' : [ 0x108, ['unsigned long long']],
+    'IdleStamp' : [ 0x110, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x118, ['array', 2, ['pointer', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x120, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x128, ['array', 2, ['pointer', ['void']]]],
+    'NextIrpCallerContext' : [ 0x130, ['array', 2, ['pointer', ['void']]]],
+    'IrpCompleteEvent' : [ 0x138, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x148, ['pointer', ['void']]],
+    'Accounting' : [ 0x150, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x178, ['unsigned long']],
+    'ComponentCount' : [ 0x17c, ['unsigned long']],
+    'Components' : [ 0x180, ['pointer', ['pointer', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x184, ['unsigned long']],
+    'Log' : [ 0x188, ['pointer', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x18c, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x190, ['pointer', ['_DRIVER_OBJECT']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x40, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x8, ['short']],
+    'SpecialApcDisable' : [ 0xa, ['short']],
+    'CombinedApcDisable' : [ 0x8, ['unsigned long']],
+    'Irql' : [ 0xc, ['unsigned char']],
+    'StackTrace' : [ 0x10, ['array', 12, ['pointer', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x4, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Processors' : [ 0x4, ['unsigned long']],
+    'ActiveProcessors' : [ 0x8, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0xc, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SepCachedHandlesEntryLowbox', 1: u'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x4, ['pointer', ['void']]],
+    'IsolationPrefix' : [ 0x4, ['_UNICODE_STRING']],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x8, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x4, ['unsigned long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0x80, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x38, ['pointer', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x3c, ['pointer', ['void']]],
+    'Lock' : [ 0x40, ['long']],
+} ],
+  '_FLOATING_SAVE_AREA' : [ 0x70, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+    'Spare0' : [ 0x6c, ['unsigned long']],
+} ],
+  '__unnamed_26c8' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_26ca' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_26c8']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x44, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x30, ['pointer', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x34, ['_LIST_ENTRY']],
+    'Specific' : [ 0x3c, ['__unnamed_26ca']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0xc, {
+    'ChainLink' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'Context' : [ 0xc, ['pointer', ['void']]],
+    'CompletionState' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x14, ['unsigned long']],
+    'Status' : [ 0x18, ['long']],
+    'Information' : [ 0x1c, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_ETW_STACK_TRACE_BLOCK' : [ 0x288, {
+    'Flags' : [ 0x0, ['long']],
+    'RelatedTimestamp' : [ 0x8, ['_LARGE_INTEGER']],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'StackWalkDpc' : [ 0x14, ['_KDPC']],
+    'ApcListHead' : [ 0x38, ['_SLIST_HEADER']],
+    'ApcEntry' : [ 0x40, ['array', 12, ['_ETW_APC_ENTRY']]],
+    'ApcCount' : [ 0x280, ['long']],
+    'MaxApcCount' : [ 0x284, ['long']],
+} ],
+  '_EVENT_FILTER_LEVEL_KW' : [ 0x18, {
+    'MatchAnyKeyword' : [ 0x0, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x8, ['unsigned long long']],
+    'Level' : [ 0x10, ['unsigned char']],
+    'FilterIn' : [ 0x11, ['unsigned char']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x4, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer', ['_VI_POOL_ENTRY']]],
+} ],
+  '__unnamed_26e7' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x34, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x4, ['_LIST_ENTRY']],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x10, ['unsigned long']],
+    'ActualExpansion' : [ 0x14, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'InProgress' : [ 0x28, ['long']],
+    'u1' : [ 0x2c, ['__unnamed_26e7']],
+    'ActiveEntry' : [ 0x30, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x4, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0xa4, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x4, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x8, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x18, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'ServerSectionBase' : [ 0x24, ['pointer', ['void']]],
+    'PortContext' : [ 0x28, ['pointer', ['void']]],
+    'ClientThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x3c, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0x78, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0x80, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MappingProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0x8c, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0x8e, ['unsigned short']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'WaitEvent' : [ 0x94, ['_KEVENT']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_RTL_SRWLOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x100, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 62, ['pointer', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x10, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x4, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x8, ['pointer', ['unsigned long']]],
+    'Conflicts' : [ 0xc, ['pointer', ['pointer', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x160, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb8, ['array', 21, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x8, {
+    'Process' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'HandleCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x10, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x50, {
+    'Context' : [ 0x0, ['pointer', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x44, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x4c, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x50, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceReasonUnknown', 1: u'RebalanceReasonRequirementsChanged', 2: u'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceFailureNone', 1: u'RebalanceFailureDisabled', 2: u'RebalanceFailureNoMemory', 3: u'RebalanceFailureQueryStopUnexpectedVeto', 4: u'RebalanceFailureNoRequirements', 5: u'RebalanceFailureNoCandidates', 6: u'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x1c, ['unsigned char']],
+    'TriggerRoot' : [ 0x20, ['pointer', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x24, ['unsigned char']],
+    'BeginTime' : [ 0x28, ['unsigned long long']],
+    'VetoNode' : [ 0x30, ['array', 2, ['pointer', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x38, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceQueryRebalanceSucceeded', 1: u'DeviceQueryStopFailed', 2: u'DeviceFailedGetNewResourceRequirement', 3: u'DeviceInUnexpectedState', 4: u'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x40, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x14, {
+    'BlockOffset' : [ 0x0, ['unsigned long']],
+    'PermanentBinAddress' : [ 0x4, ['unsigned long']],
+    'TemporaryBinAddress' : [ 0x8, ['unsigned long']],
+    'TemporaryBinRundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+    'MemAlloc' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2732' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x110, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x34, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x38, ['pointer', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x40, ['unsigned long long']],
+    'SleepTime' : [ 0x48, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x50, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x60, ['array', 3, ['__unnamed_2732']]],
+    'WakeAlarmPaused' : [ 0xa8, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb0, ['unsigned long long']],
+    'DozeDeferralStartTime' : [ 0xb8, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc0, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'Stamp' : [ 0x10, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_WNF_LOCK' : [ 0x4, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  '_RELATION_LIST' : [ 0x8, {
+    'DeviceObjectList' : [ 0x0, ['pointer', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x4, ['unsigned char']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x40, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x10, ['unsigned char']],
+    'ThreadPriorityStatic' : [ 0x11, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x14, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x28, ['long']],
+    'Gate' : [ 0x2c, ['_KGATE']],
+    'ThreadContext' : [ 0x3c, ['pointer', ['_MI_ZERO_THREAD_CONTEXT']]],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x10, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'StackLimit' : [ 0x4, ['unsigned long']],
+    'KernelStack' : [ 0x8, ['unsigned long']],
+    'InitialStack' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x20, {
+    'ComponentActive' : [ 0x0, ['pointer', ['void']]],
+    'ComponentIdle' : [ 0x4, ['pointer', ['void']]],
+    'ComponentIdleState' : [ 0x8, ['pointer', ['void']]],
+    'DevicePowerRequired' : [ 0xc, ['pointer', ['void']]],
+    'DevicePowerNotRequired' : [ 0x10, ['pointer', ['void']]],
+    'PowerControl' : [ 0x14, ['pointer', ['void']]],
+    'ComponentCriticalTransition' : [ 0x18, ['pointer', ['void']]],
+    'DripsWatchdogCallback' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x8, ['pointer', ['void']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'SharedWaiters' : [ 0x10, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x14, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 48, native_type='unsigned long long')]],
+} ],
+  '_WAITING_IRP' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'CompletionRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'Information' : [ 0x18, ['unsigned long']],
+    'BreakAllRH' : [ 0x1c, ['unsigned char']],
+    'OplockBreakNotify' : [ 0x1d, ['unsigned char']],
+    'FileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x88, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x20, ['unsigned long long']],
+    'UnscaledTime' : [ 0x28, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x30, ['long long']],
+    'ScaledTime' : [ 0x38, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x48, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x50, ['unsigned long long']],
+    'UserTimeLast' : [ 0x58, ['unsigned long']],
+    'KernelTimeLast' : [ 0x5c, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x60, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x68, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x80, ['unsigned char']],
+    'CounterDiscardsIdleTime' : [ 0x81, ['unsigned char']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x320, {
+    'ContextFrame' : [ 0x0, ['_CONTEXT']],
+    'SpecialRegisters' : [ 0x2cc, ['_KSPECIAL_REGISTERS']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x28, {
+    'InstantaneousRead' : [ 0x0, ['pointer', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'DiscardIdleTime' : [ 0x22, ['unsigned char']],
+    'Scaling' : [ 0x23, ['unsigned char']],
+    'Context' : [ 0x24, ['unsigned long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'Hint' : [ 0x10, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x58, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x8, ['pointer', ['void']]],
+    'ProcessObject' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x10, ['pointer', ['void']]],
+    'RealtimeConnectContext' : [ 0x14, ['pointer', ['void']]],
+    'DisconnectEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x1c, ['pointer', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x20, ['pointer', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x24, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x28, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x2c, ['unsigned long']],
+    'LoggerId' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned char']],
+    'ShutDownRequested' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x34, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x40, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x44, ['unsigned long']],
+    'UserPagesReused' : [ 0x48, ['unsigned long']],
+    'EventsLostCount' : [ 0x4c, ['pointer', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x50, ['pointer', ['unsigned long']]],
+    'SiloState' : [ 0x54, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_PAE_PAGEINFO' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'PageFrameNumber' : [ 0x8, ['unsigned long']],
+    'EntriesInUse' : [ 0xc, ['unsigned long']],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x140, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x28, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x30, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x38, ['unsigned long']],
+    'ClonedPageCount' : [ 0x40, ['unsigned long long']],
+    'CurrentMap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x4c, ['pointer', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x50, ['unsigned long']],
+    'LoaderMdl' : [ 0x54, ['pointer', ['_MDL']]],
+    'AllocatedMdl' : [ 0x58, ['pointer', ['_MDL']]],
+    'PagesOut' : [ 0x60, ['unsigned long long']],
+    'IoPages' : [ 0x68, ['pointer', ['void']]],
+    'IoPagesCount' : [ 0x6c, ['unsigned long']],
+    'CurrentMcb' : [ 0x70, ['pointer', ['void']]],
+    'DumpStack' : [ 0x74, ['pointer', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x78, ['pointer', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0x7c, ['unsigned long']],
+    'Status' : [ 0x80, ['long']],
+    'GraphicsProc' : [ 0x84, ['unsigned long']],
+    'MemoryImage' : [ 0x88, ['pointer', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0x8c, ['pointer', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0x90, ['pointer', ['_MDL']]],
+    'SiLogOffset' : [ 0x94, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0x98, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0x9c, ['pointer', ['void']]],
+    'ResumeContext' : [ 0xa0, ['pointer', ['void']]],
+    'ResumeContextPages' : [ 0xa4, ['unsigned long']],
+    'ProcessorCount' : [ 0xa8, ['unsigned long']],
+    'ProcessorContext' : [ 0xac, ['pointer', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0xb0, ['pointer', ['unsigned char']]],
+    'ProdConsSize' : [ 0xb4, ['unsigned long']],
+    'MaxDataPages' : [ 0xb8, ['unsigned long']],
+    'ExtraBuffer' : [ 0xbc, ['pointer', ['void']]],
+    'ExtraBufferSize' : [ 0xc0, ['unsigned long']],
+    'ExtraMapVa' : [ 0xc4, ['pointer', ['void']]],
+    'BitlockerKeyPFN' : [ 0xc8, ['unsigned long']],
+    'IoInfo' : [ 0xd0, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x130, ['pointer', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x134, ['unsigned long']],
+    'HardwareConfigurationSignature' : [ 0x138, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x4, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_27b6' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0x6c, {
+    'Parent' : [ 0x0, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x4, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0xc, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'Root' : [ 0x1c, ['pointer', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x20, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x24, ['__unnamed_27b6']],
+    'ChildrenCount' : [ 0x28, ['long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'ParentStackTrace' : [ 0x4c, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x8, {
+    'p' : [ 0x0, ['pointer', ['void']]],
+    'RangeSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long']],
+    'TotalCommitLimitMaximum' : [ 0x4, ['unsigned long']],
+    'Popups' : [ 0x8, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x10, ['unsigned long']],
+    'HighCommitThreshold' : [ 0x14, ['unsigned long']],
+    'EventLock' : [ 0x18, ['unsigned long']],
+    'SystemCommitReserve' : [ 0x1c, ['unsigned long']],
+    'OverCommit' : [ 0x40, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x2c, {
+    'Sibling' : [ 0x0, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'CallerType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x8, ['unsigned long']],
+    'DevicePathOffset' : [ 0xc, ['unsigned long']],
+    'ReasonOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x38, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x2c, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x24, {
+    'InitiatingThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ThreadId' : [ 0x8, ['pointer', ['void']]],
+    'ProcessId' : [ 0xc, ['pointer', ['void']]],
+    'Code' : [ 0x10, ['unsigned long']],
+    'Parameter1' : [ 0x14, ['unsigned long']],
+    'Parameter2' : [ 0x18, ['unsigned long']],
+    'Parameter3' : [ 0x1c, ['unsigned long']],
+    'Parameter4' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x2c, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ProbeMode' : [ 0x8, ['unsigned char']],
+    'PagedPoolCharge' : [ 0xc, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x10, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x14, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x18, ['pointer', ['void']]],
+    'SecurityQos' : [ 0x1c, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x20, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x40f0, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x14, ['unsigned long']],
+    'ResourceAddressRange' : [ 0x18, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x2010, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x2014, ['unsigned long']],
+    'ThreadAddressRange' : [ 0x2018, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x4010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x4014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x4018, ['unsigned long']],
+    'NodesSearched' : [ 0x401c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x4020, ['unsigned long']],
+    'SequenceNumber' : [ 0x4024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x4028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x402c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x4030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x4034, ['unsigned long']],
+    'StackLimitHits' : [ 0x4038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x403c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x4040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x4044, ['unsigned long']],
+    'TotalReleases' : [ 0x4048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x404c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x4050, ['unsigned long']],
+    'Instigator' : [ 0x4054, ['pointer', ['void']]],
+    'NumberOfParticipants' : [ 0x4058, ['unsigned long']],
+    'Participant' : [ 0x405c, ['array', 32, ['pointer', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x40dc, ['long']],
+    'StackType' : [ 0x40e0, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'DebuggerStackLimits', 8: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x40e4, ['unsigned long']],
+    'StackHighLimit' : [ 0x40e8, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x10, ['pointer', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x14, ['pointer', ['void']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x338, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long']],
+    'PageSize' : [ 0x14, ['unsigned long']],
+    'SystemTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x20, ['unsigned long long']],
+    'FeatureFlags' : [ 0x28, ['unsigned long long']],
+    'HiberFlags' : [ 0x30, ['unsigned char']],
+    'spare' : [ 0x31, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x34, ['unsigned long']],
+    'HiberVa' : [ 0x38, ['unsigned long']],
+    'NoFreePages' : [ 0x3c, ['unsigned long']],
+    'FreeMapCheck' : [ 0x40, ['unsigned long']],
+    'WakeCheck' : [ 0x44, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x48, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x50, ['unsigned long']],
+    'FirstKernelRestorePage' : [ 0x54, ['unsigned long']],
+    'FirstChecksumRestorePage' : [ 0x58, ['unsigned long']],
+    'NoChecksumEntries' : [ 0x60, ['unsigned long long']],
+    'PerfInfo' : [ 0x68, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x260, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x264, ['array', 1, ['unsigned long']]],
+    'SiLogOffset' : [ 0x268, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x26c, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x270, ['array', 24, ['unsigned long']]],
+    'NotUsed' : [ 0x2d0, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x2d4, ['unsigned long']],
+    'ResumeContextPages' : [ 0x2d8, ['unsigned long']],
+    'Hiberboot' : [ 0x2dc, ['unsigned char']],
+    'HvCr3' : [ 0x2e0, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x2e8, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x2f0, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x2f8, ['unsigned long long']],
+    'BootFlags' : [ 0x300, ['unsigned long long']],
+    'RestoreProcessorStateRoutine' : [ 0x308, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x310, ['unsigned long']],
+    'BitlockerKeyPfns' : [ 0x314, ['array', 4, ['unsigned long']]],
+    'HardwareSignature' : [ 0x324, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x328, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x330, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x334, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x335, ['unsigned char']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x10, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x20, ['pointer', ['_KDPC']]],
+    'Period' : [ 0x24, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x4, {
+    'PageHashes' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x8, ['unsigned long']],
+    'Alternatives' : [ 0xc, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'WorkSpace' : [ 0x1c, ['long']],
+    'InterfaceType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x24, ['unsigned long']],
+    'BusNumber' : [ 0x28, ['unsigned long']],
+    'Assignment' : [ 0x2c, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x30, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x38, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x4, ['long']],
+    'PrefetchSeekThreshold' : [ 0x8, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x24, ['unsigned long']],
+    'DelayPageFaults' : [ 0x28, ['long']],
+    'FileCompressionBoundary' : [ 0x2c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x38, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long']],
+    'PfnDecayFreeSList' : [ 0x8, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x10, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x14, ['_KDPC']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x4, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x128, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x104, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x124, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x8, ['pointer', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x1c, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'InitialInPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x8, ['pointer', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0xc, ['unsigned long']],
+    'Node' : [ 0x10, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x18, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0x50, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Type' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_PTE_TRACKER' : [ 0x44, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'Count' : [ 0xc, ['unsigned long']],
+    'SystemVa' : [ 0x10, ['pointer', ['void']]],
+    'StartVa' : [ 0x14, ['pointer', ['void']]],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'IoMapping' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x24, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x24, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x24, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x24, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x28, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x18, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Next' : [ 0x14, ['pointer', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0xc, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0xa8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'MinimumSize' : [ 0x8, ['unsigned long']],
+    'FreeSpace' : [ 0xc, ['unsigned long']],
+    'PeakUsage' : [ 0x10, ['unsigned long']],
+    'HighestPage' : [ 0x14, ['unsigned long']],
+    'FreeReservationSpace' : [ 0x18, ['unsigned long']],
+    'File' : [ 0x1c, ['pointer', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x20, ['array', 2, ['pointer', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x28, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x30, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x38, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x3c, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x40, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x44, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x48, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x4c, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x50, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x54, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0x5c, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0x64, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0x6c, ['pointer', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0x70, ['unsigned long']],
+    'HybridPriority' : [ 0x70, ['unsigned long']],
+    'PageFileNumber' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'Spare0' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x76, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x76, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0x77, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0x77, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0x78, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0x7c, ['unsigned long']],
+    'PageHash' : [ 0x80, ['pointer', ['unsigned long']]],
+    'FileHandle' : [ 0x84, ['pointer', ['void']]],
+    'Lock' : [ 0x88, ['unsigned long']],
+    'LockOwner' : [ 0x8c, ['pointer', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0x90, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x94, ['pointer', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x98, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x88, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x8, ['array', 32, ['unsigned long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HVIEW_MAP' : [ 0x320, {
+    'MappedLength' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'Directory' : [ 0xc, ['pointer', ['_HVIEW_MAP_DIRECTORY']]],
+    'PagesCharged' : [ 0x10, ['unsigned long']],
+    'PinLog' : [ 0x18, ['_HVIEW_MAP_PIN_LOG']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x1c, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x10, ['long']],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'WatchdogTimerInfo' : [ 0x18, ['pointer', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x10, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x8, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x4, ['_RTL_AVL_TREE']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x28, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x18, ['unsigned long']],
+    'ModuleSize' : [ 0x1c, ['unsigned long']],
+    'Offset' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_285d' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_285f' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_285d']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_285f']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x204, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'HashTable' : [ 0x4, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x8, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x4, ['pointer', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'LowboxMap' : [ 0xc, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x60, {
+    'DumpMdl' : [ 0x0, ['pointer', ['_MDL']]],
+    'IoStatus' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x8, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x10, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x18, ['unsigned long long']],
+    'RequestSize' : [ 0x20, ['unsigned long long']],
+    'IoLocation' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x30, ['unsigned long long']],
+    'Buffer' : [ 0x38, ['pointer', ['void']]],
+    'AsyncCapable' : [ 0x3c, ['unsigned char']],
+    'BytesToRead' : [ 0x40, ['unsigned long long']],
+    'Pages' : [ 0x48, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x50, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x58, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x38, {
+    'SidHash' : [ 0x0, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x8, ['pointer', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0xc, ['_LUID']],
+    'TokenType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x1c, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'AppContainerNumber' : [ 0x24, ['unsigned long']],
+    'PackageSid' : [ 0x28, ['pointer', ['void']]],
+    'CapabilitiesHash' : [ 0x2c, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x30, ['pointer', ['void']]],
+    'SecurityAttributes' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x4, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 28, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x0, ['long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x1c, {
+    'SourceProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x4, ['pointer', ['void']]],
+    'Object' : [ 0x8, ['pointer', ['void']]],
+    'TargetAccess' : [ 0xc, ['unsigned long']],
+    'ObjectInfo' : [ 0x10, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x10, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0xc, ['pointer', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x14, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x8, ['pointer', ['void']]],
+    'Key' : [ 0xc, ['unsigned long']],
+    'BindingProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x10, {
+    'Va' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'Pattern' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0x8, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0x8, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_289c' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_289c']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x30, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x1c, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x20, ['unsigned long']],
+    'Counters' : [ 0x24, ['array', 2, ['unsigned long']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x4, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '__unnamed_28ad' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_28b0' : [ 0x4, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x4c, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x28, ['__unnamed_28ad']],
+    'Subsection' : [ 0x2c, ['pointer', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x30, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x34, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x38, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x40, ['pointer', ['_EPROCESS']]],
+    'u4' : [ 0x44, ['__unnamed_28b0']],
+    'FileObject' : [ 0x48, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_KTM' : [ 0x238, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x4, ['_KMUTANT']],
+    'State' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x28, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x3c, ['_GUID']],
+    'Flags' : [ 0x4c, ['unsigned long']],
+    'VolatileFlags' : [ 0x50, ['unsigned long']],
+    'LogFileName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x5c, ['pointer', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0x60, ['pointer', ['void']]],
+    'LogManagementContext' : [ 0x64, ['pointer', ['void']]],
+    'Transactions' : [ 0x68, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0xc8, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x128, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x148, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x150, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x158, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x178, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x180, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x188, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x190, ['pointer', ['void']]],
+    'TmRm' : [ 0x194, ['pointer', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x198, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x1b8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x1c0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x1d0, ['_ERESOURCE']],
+    'LogFlags' : [ 0x208, ['unsigned long']],
+    'LogFullStatus' : [ 0x20c, ['long']],
+    'RecoveryStatus' : [ 0x210, ['long']],
+    'LastCheckBaseLsn' : [ 0x218, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x220, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x228, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x8, {
+    'CurrentIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'PendingIrpList' : [ 0x4, ['pointer', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x2c, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x8, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x14, ['pointer', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x18, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x18, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0xa8, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x34, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'PackagedBinary' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x34, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x34, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x34, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x34, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x34, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x34, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x34, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x34, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x34, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x34, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x34, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x34, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x34, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x34, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x34, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x34, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x34, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x34, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x34, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x34, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x38, ['unsigned short']],
+    'TlsIndex' : [ 0x3a, ['unsigned short']],
+    'HashLinks' : [ 0x3c, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x48, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x4c, ['pointer', ['void']]],
+    'DdagNode' : [ 0x50, ['pointer', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0x54, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0x5c, ['pointer', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0x60, ['pointer', ['void']]],
+    'SwitchBackContext' : [ 0x64, ['pointer', ['void']]],
+    'BaseAddressIndexNode' : [ 0x68, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0x74, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0x80, ['unsigned long']],
+    'LoadTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x90, ['unsigned long']],
+    'LoadReason' : [ 0x94, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', 7: u'LoadReasonEnclavePrimary', 8: u'LoadReasonEnclaveDependency', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x98, ['unsigned long']],
+    'ReferenceCount' : [ 0x9c, ['unsigned long']],
+    'DependentLoadFlags' : [ 0xa0, ['unsigned long']],
+    'SigningLevel' : [ 0xa4, ['unsigned char']],
+} ],
+  '_ETW_APC_ENTRY' : [ 0x30, {
+    'SListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Apc' : [ 0x0, ['_KAPC']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_28da' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_28dc' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_28de' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_28da']],
+    'e2' : [ 0x0, ['__unnamed_28dc']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_28de']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'DueTickCount' : [ 0xc, ['unsigned long']],
+    'Inserted' : [ 0x10, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x11, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x12, ['unsigned short']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x1c8, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x34, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0x68, ['unsigned long']],
+    'NumberOfMappedMdlsInUse' : [ 0x6c, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0x70, ['unsigned long']],
+    'MappedFileHeader' : [ 0x74, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0x8c, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0x8d, ['unsigned char']],
+    'ModwriterActive' : [ 0x8e, ['unsigned char']],
+    'TransitionInserted' : [ 0x8f, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0x90, ['long']],
+    'LastMappedWriteError' : [ 0x94, ['long']],
+    'MappedFileWriteSucceeded' : [ 0x98, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0x9c, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xa0, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0xa4, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0xb4, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0xb8, ['unsigned long']],
+    'ModifiedPageWriterEvent' : [ 0xbc, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0xcc, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0xdc, ['long']],
+    'WriteAllMappedPages' : [ 0xe0, ['long']],
+    'MappedPageWriterEvent' : [ 0xe4, ['_KEVENT']],
+    'ModWriteData' : [ 0xf8, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x128, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x138, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x150, ['pointer', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x154, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x158, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x168, ['unsigned long']],
+    'ClusterWritesDisabled' : [ 0x16c, ['array', 2, ['long']]],
+    'NotifyStoreMemoryConditions' : [ 0x174, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x184, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x188, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x18c, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x190, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x1a0, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x1b8, ['long']],
+    'WorkingSetSwapLock' : [ 0x1bc, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x1c0, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x4, ['long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x10, ['pointer', ['void']]],
+    'WhichOrderedElement' : [ 0x14, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x18, ['unsigned long']],
+    'DepthOfTree' : [ 0x1c, ['unsigned long']],
+    'RestartKey' : [ 0x20, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x24, ['unsigned long']],
+    'CompareRoutine' : [ 0x28, ['pointer', ['void']]],
+    'AllocateRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'FreeRoutine' : [ 0x30, ['pointer', ['void']]],
+    'TableContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x4, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x8, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+    'ContentionCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x1c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x1e, ['unsigned short']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['unsigned char']],
+    'DripsRequiredState' : [ 0x8, ['unsigned long']],
+    'Level' : [ 0xc, ['long']],
+    'ActiveStamp' : [ 0x10, ['long long']],
+    'CsActiveTime' : [ 0x18, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x20, ['long long']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x38, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x30, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MI_RFG_PROTECTED_STACK' : [ 0xc, {
+    'ControlStackBase' : [ 0x0, ['pointer', ['void']]],
+    'ControlStackVad' : [ 0x4, ['pointer', ['_MMVAD_SHORT']]],
+    'OwnerThread' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0xc0, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x14, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x30, ['pointer', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x34, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x3c, ['long']],
+    'ActiveEvent' : [ 0x40, ['_KEVENT']],
+    'IdleLock' : [ 0x50, ['unsigned long']],
+    'IdleConditionComplete' : [ 0x54, ['long']],
+    'IdleStateComplete' : [ 0x58, ['long']],
+    'IdleStamp' : [ 0x60, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x68, ['unsigned long']],
+    'IdleStateCount' : [ 0x6c, ['unsigned long']],
+    'IdleStates' : [ 0x70, ['pointer', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0x74, ['unsigned long']],
+    'ProviderCount' : [ 0x78, ['unsigned long']],
+    'Providers' : [ 0x7c, ['pointer', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0x80, ['unsigned long']],
+    'DependentCount' : [ 0x84, ['unsigned long']],
+    'Dependents' : [ 0x88, ['pointer', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0x90, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0xb8, ['pointer', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 8, ['_M128A']]],
+    'Reserved4' : [ 0x120, ['array', 224, ['unsigned char']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Reserved2' : [ 0x14, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer', ['void']]],
+    'Reserved3' : [ 0x1c, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_PIN_LOG' : [ 0x308, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x18, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x8, {
+    'Stream' : [ 0x0, ['pointer', ['void']]],
+    'Detail' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_295c' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_295c']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x8, ['unsigned char']],
+    'Disowned' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0xa, ['unsigned char']],
+    'IsWaiting' : [ 0xb, ['unsigned char']],
+    'LockAddress' : [ 0xc, ['pointer', ['void']]],
+    'ThreadAddress' : [ 0x10, ['pointer', ['void']]],
+    'SublistHead' : [ 0x14, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0x4dc, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolSListMaximum' : [ 0x4, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x10, ['unsigned long']],
+    'BadPoolHead' : [ 0x14, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x18, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x1c, ['unsigned char']],
+    'PoolFailures' : [ 0x20, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x44, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x70, ['unsigned long']],
+    'HighPagedPoolThreshold' : [ 0x74, ['unsigned long']],
+    'SpecialPoolPdesMax' : [ 0x78, ['long']],
+    'NonPagedPoolNodes' : [ 0x7c, ['array', 1024, ['unsigned char']]],
+    'PagedProtoPoolInfo' : [ 0x47c, ['_MM_PAGED_POOL_INFO']],
+    'PagedPoolSListMaximum' : [ 0x498, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x49c, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0x4ac, ['unsigned long']],
+    'SpecialPoolRejected' : [ 0x4b0, ['array', 6, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0x4c8, ['unsigned long']],
+    'SpecialPoolPdes' : [ 0x4cc, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0x4d0, ['unsigned long']],
+    'TotalPagedPoolQuota' : [ 0x4d4, ['unsigned long']],
+    'TotalNonPagedPoolQuota' : [ 0x4d8, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x30, {
+    'TransferAddress' : [ 0x0, ['pointer', ['void']]],
+    'ZeroBits' : [ 0x4, ['unsigned long']],
+    'MaximumStackSize' : [ 0x8, ['unsigned long']],
+    'CommittedStackSize' : [ 0xc, ['unsigned long']],
+    'SubSystemType' : [ 0x10, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x14, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x16, ['unsigned short']],
+    'SubSystemVersion' : [ 0x14, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x18, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x1a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x18, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x1c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x1e, ['unsigned short']],
+    'Machine' : [ 0x20, ['unsigned short']],
+    'ImageContainsCode' : [ 0x22, ['unsigned char']],
+    'ImageFlags' : [ 0x23, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x23, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x23, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x23, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x23, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x23, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x23, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x23, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x24, ['unsigned long']],
+    'ImageFileSize' : [ 0x28, ['unsigned long']],
+    'CheckSum' : [ 0x2c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x1c, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'ConnectLock' : [ 0x4, ['_KEVENT']],
+    'LineMasked' : [ 0x14, ['unsigned char']],
+    'InterruptList' : [ 0x18, ['pointer', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0xc, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x4, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_CM_WORKITEM' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x8, ['unsigned long']],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Parameter' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x4, ['pointer', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0xc0, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaLastRangeIndex' : [ 0x4, ['unsigned long']],
+    'NumaTableCaptured' : [ 0x8, ['unsigned char']],
+    'NodeShift' : [ 0x9, ['unsigned char']],
+    'ChannelShift' : [ 0xa, ['unsigned char']],
+    'NodeGraph' : [ 0xc, ['pointer', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x10, ['pointer', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaMemoryRanges' : [ 0x14, ['pointer', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x18, ['pointer', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'SecondLevelCacheSize' : [ 0x1c, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x20, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x24, ['unsigned long']],
+    'TotalPagesAllowed' : [ 0x28, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x2c, ['unsigned long']],
+    'SecondaryColors' : [ 0x30, ['unsigned long']],
+    'MediumPageColors' : [ 0x34, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x38, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x3c, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x40, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x44, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x48, ['unsigned long']],
+    'OptimalZeroingAttribute' : [ 0x4c, ['array', 4, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'MiNonCached', 1: u'MiCached', 2: u'MiWriteCombined', 3: u'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0x8c, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x90, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'HighestPossiblePhysicalPage' : [ 0xb0, ['unsigned long']],
+    'EnclaveRegions' : [ 0xb4, ['_RTL_AVL_TREE']],
+    'VsmKernelPageCount' : [ 0xb8, ['unsigned long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x18, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0xc, ['unsigned char']],
+    'BlocksDrips' : [ 0xd, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x10, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x14, ['pointer', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_EX_PARTITION' : [ 0x10, {
+    'PartitionObject' : [ 0x0, ['pointer', ['_EPARTITION']]],
+    'WorkQueues' : [ 0x4, ['pointer', ['pointer', ['pointer', ['_EX_WORK_QUEUE']]]]],
+    'WorkQueueManagers' : [ 0x8, ['pointer', ['pointer', ['_EX_WORK_QUEUE_MANAGER']]]],
+    'QueueAllocationMask' : [ 0xc, ['long']],
+} ],
+  '__unnamed_2993' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2993']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x8c, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x80, ['unsigned long']],
+    'NumberOfEntries' : [ 0x84, ['unsigned long']],
+    'NumberOfEntriesPeak' : [ 0x88, ['unsigned long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xa8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x28, ['unsigned long']],
+    'ProbeRaises' : [ 0x2c, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x6c, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x74, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x78, ['unsigned long']],
+    'CheckZeroCount' : [ 0x7c, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x80, ['long']],
+    'BadPagesDetected' : [ 0x84, ['long']],
+    'ScrubPasses' : [ 0x88, ['long']],
+    'ScrubBadPagesFound' : [ 0x8c, ['long']],
+    'UserViewFailures' : [ 0x90, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0x94, ['unsigned long']],
+    'ResavailFailures' : [ 0x98, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xa0, ['unsigned char']],
+    'InitFailure' : [ 0xa1, ['unsigned char']],
+    'StopBadMaps' : [ 0xa2, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x180, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x8, ['pointer', ['_KPRCB']]],
+    'Members' : [ 0xc, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0x18, ['unsigned long']],
+    'ProcessorCount' : [ 0x1c, ['unsigned long']],
+    'EfficiencyClass' : [ 0x20, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0x21, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0x22, ['unsigned char']],
+    'Spare' : [ 0x23, ['unsigned char']],
+    'Processors' : [ 0x24, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0x28, ['pointer', ['void']]],
+    'TimeWindowHandler' : [ 0x2c, ['pointer', ['void']]],
+    'BoostPolicyHandler' : [ 0x30, ['pointer', ['void']]],
+    'BoostModeHandler' : [ 0x34, ['pointer', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0x38, ['pointer', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x3c, ['pointer', ['void']]],
+    'AutonomousModeHandler' : [ 0x40, ['pointer', ['void']]],
+    'ReinitializeHandler' : [ 0x44, ['pointer', ['void']]],
+    'PerfSelectionHandler' : [ 0x48, ['pointer', ['void']]],
+    'PerfControlHandler' : [ 0x4c, ['pointer', ['void']]],
+    'DomainPerfControlHandler' : [ 0x50, ['pointer', ['void']]],
+    'MaxFrequency' : [ 0x54, ['unsigned long']],
+    'NominalFrequency' : [ 0x58, ['unsigned long']],
+    'MaxPercent' : [ 0x5c, ['unsigned long']],
+    'MinPerfPercent' : [ 0x60, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x64, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x68, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x70, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x78, ['unsigned char']],
+    'Coordination' : [ 0x79, ['unsigned char']],
+    'HardPlatformCap' : [ 0x7a, ['unsigned char']],
+    'AffinitizeControl' : [ 0x7b, ['unsigned char']],
+    'EfficientThrottle' : [ 0x7c, ['unsigned char']],
+    'AllowSchedulerDirectedPerfStates' : [ 0x7d, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x7e, ['unsigned char']],
+    'AutonomousMode' : [ 0x7f, ['unsigned char']],
+    'ProvideGuidance' : [ 0x80, ['unsigned char']],
+    'DesiredPercent' : [ 0x84, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x88, ['unsigned long']],
+    'QosPolicies' : [ 0x8c, ['array', 3, ['_PROC_PERF_QOS_CLASS_POLICY']]],
+    'QosDisableReasons' : [ 0xd4, ['array', 3, ['unsigned long']]],
+    'QosEquivalencyMasks' : [ 0xe0, ['array', 3, ['unsigned long']]],
+    'QosSupported' : [ 0xec, ['unsigned char']],
+    'SelectionGeneration' : [ 0xf0, ['unsigned long']],
+    'QosSelection' : [ 0xf8, ['array', 3, ['_PERF_CONTROL_STATE_SELECTION']]],
+    'PerfChangeTime' : [ 0x170, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x178, ['unsigned long']],
+    'Force' : [ 0x17c, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x40, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x4, ['unsigned long']],
+    'DummyPagePfn' : [ 0x8, ['pointer', ['_MMPFN']]],
+    'DummyPage' : [ 0xc, ['unsigned long']],
+    'PageOfZeroes' : [ 0x10, ['unsigned long']],
+    'ZeroMapping' : [ 0x14, ['pointer', ['void']]],
+    'OnesMapping' : [ 0x18, ['pointer', ['void']]],
+    'ZeroCrc' : [ 0x20, ['unsigned long long']],
+    'OnesCrc' : [ 0x28, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x30, ['array', 2, ['unsigned long']]],
+    'PfnGapFrames' : [ 0x38, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x10, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0xc, ['unsigned char']],
+    'Reserved' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x8, {
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DEVICE_OBJECT_LIST' : [ 0x20, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'TagCount' : [ 0x8, ['unsigned long']],
+    'OperationCode' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+    'Devices' : [ 0x10, ['array', 1, ['_DEVICE_OBJECT_LIST_ENTRY']]],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x48, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x1c, ['pointer', ['void']]],
+    'Enabled' : [ 0x20, ['unsigned char']],
+    'ActiveEngaged' : [ 0x21, ['unsigned char']],
+    'ThrottleLimit' : [ 0x22, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x23, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x24, ['pointer', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x28, ['pointer', ['_KEVENT']]],
+    'Interface' : [ 0x2c, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '__unnamed_29d1' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x54, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x4, ['__unnamed_29d1']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x14, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x10, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x8, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'AllocatorBackTraceIndex' : [ 0x4, ['unsigned short']],
+    'PoolTagHash' : [ 0x6, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x144, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+    'UserPresencePredictionEnabled' : [ 0x140, ['unsigned long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_29e4' : [ 0x4, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_29e4']],
+    'EndVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x50, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x28, ['_KDPC']],
+    'WorkOrder' : [ 0x48, ['pointer', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ArbiterHandler' : [ 0x10, ['pointer', ['void']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_29f9' : [ 0x10, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x10, {
+    'Parameters' : [ 0x0, ['__unnamed_29f9']],
+} ],
+  '__unnamed_29fd' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2a01' : [ 0x14, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2a03' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2a05' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2a07' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_2a09' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2a0b' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a0d' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2a0f' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2a11' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2a13' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a15' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_29fd']],
+    'Memory' : [ 0x0, ['__unnamed_29fd']],
+    'Interrupt' : [ 0x0, ['__unnamed_2a01']],
+    'Dma' : [ 0x0, ['__unnamed_2a03']],
+    'DmaV3' : [ 0x0, ['__unnamed_2a05']],
+    'Generic' : [ 0x0, ['__unnamed_29fd']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2a07']],
+    'BusNumber' : [ 0x0, ['__unnamed_2a09']],
+    'ConfigData' : [ 0x0, ['__unnamed_2a0b']],
+    'Memory40' : [ 0x0, ['__unnamed_2a0d']],
+    'Memory48' : [ 0x0, ['__unnamed_2a0f']],
+    'Memory64' : [ 0x0, ['__unnamed_2a11']],
+    'Connection' : [ 0x0, ['__unnamed_2a13']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_2a15']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x28, {
+    'DriverObject' : [ 0x0, ['pointer', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x4, ['pointer', ['void']]],
+    'Count' : [ 0x8, ['unsigned long']],
+    'ServiceKeyName' : [ 0xc, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x14, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x18, ['pointer', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x1c, ['pointer', ['void']]],
+    'DvCallbacks' : [ 0x20, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'Traits' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x8, ['pointer', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0xc, ['pointer', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x10, ['pointer', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x14, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned short']],
+    'ReplyIndex' : [ 0x1a, ['unsigned short']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x58, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x4, {
+    'ReserveDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '__unnamed_2a39' : [ 0x8, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x8, ['__unnamed_2a39']],
+    'Irp' : [ 0x10, ['pointer', ['_IRP']]],
+    'u1' : [ 0x14, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x18, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x1c, ['_KAPC']],
+    'ByteCount' : [ 0x4c, ['unsigned long']],
+    'ChargedPages' : [ 0x50, ['unsigned long']],
+    'PagingFile' : [ 0x54, ['pointer', ['_MMPAGING_FILE']]],
+    'File' : [ 0x58, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x5c, ['pointer', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x60, ['pointer', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'Partition' : [ 0x78, ['pointer', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0x7c, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x80, ['_MDL']],
+    'Page' : [ 0x9c, ['array', 1, ['unsigned long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0x50, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x10, ['unsigned char']],
+    'IrpOplocksR' : [ 0x14, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x1c, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x24, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x2c, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x34, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x3c, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x44, ['pointer', ['_GUID']]],
+    'OplockState' : [ 0x48, ['unsigned long']],
+    'FastMutex' : [ 0x4c, ['pointer', ['_FAST_MUTEX']]],
+} ],
+  '__unnamed_2a42' : [ 0x8, {
+    'UserData' : [ 0x0, ['pointer', ['void']]],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_2a43' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2a42']],
+    'Merged' : [ 0x10, ['__unnamed_2a43']],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'PublicFlags' : [ 0x19, ['unsigned char']],
+    'PrivateFlags' : [ 0x1a, ['unsigned short']],
+    'ListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2a47' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a49' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a4b' : [ 0xc, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a4d' : [ 0xc, {
+    'Raw' : [ 0x0, ['__unnamed_2a4b']],
+    'Translated' : [ 0x0, ['__unnamed_2a49']],
+} ],
+  '__unnamed_2a4f' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a51' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_2a53' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a55' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a57' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a59' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a5b' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2a5d' : [ 0xc, {
+    'Generic' : [ 0x0, ['__unnamed_2a47']],
+    'Port' : [ 0x0, ['__unnamed_2a47']],
+    'Interrupt' : [ 0x0, ['__unnamed_2a49']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2a4d']],
+    'Memory' : [ 0x0, ['__unnamed_2a47']],
+    'Dma' : [ 0x0, ['__unnamed_2a4f']],
+    'DmaV3' : [ 0x0, ['__unnamed_2a51']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2a07']],
+    'BusNumber' : [ 0x0, ['__unnamed_2a53']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_2a55']],
+    'Memory40' : [ 0x0, ['__unnamed_2a57']],
+    'Memory48' : [ 0x0, ['__unnamed_2a59']],
+    'Memory64' : [ 0x0, ['__unnamed_2a5b']],
+    'Connection' : [ 0x0, ['__unnamed_2a13']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2a5d']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x40, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0x8c0, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x40, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x4c, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x68, ['unsigned long']],
+    'SizeOfPagedPoolInPages' : [ 0x6c, ['unsigned long']],
+    'SystemPteInfo' : [ 0x70, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0xa8, ['unsigned long']],
+    'SmallNonPagedPtesCommit' : [ 0xac, ['unsigned long']],
+    'BootCommit' : [ 0xb0, ['unsigned long']],
+    'MdlPagesAllocated' : [ 0xb4, ['unsigned long']],
+    'SystemPageTableCommit' : [ 0xb8, ['unsigned long']],
+    'SpecialPagesInUse' : [ 0xbc, ['unsigned long']],
+    'ProcessCommit' : [ 0xc0, ['unsigned long']],
+    'DriverCommit' : [ 0xc4, ['long']],
+    'PfnDatabaseCommit' : [ 0xc8, ['unsigned long']],
+    'SystemWs' : [ 0x100, ['array', 3, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x2c0, ['_MMSUPPORT_SHARED']],
+    'MapCacheFailures' : [ 0x2e4, ['unsigned long']],
+    'PagefileHashPages' : [ 0x2e8, ['unsigned long']],
+    'PteHeader' : [ 0x2ec, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x378, ['pointer', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x37c, ['array', 17, ['unsigned long']]],
+    'SystemVaType' : [ 0x3c0, ['array', 1024, ['unsigned char']]],
+    'SystemVaTypeCountFailures' : [ 0x7c0, ['array', 17, ['unsigned long']]],
+    'SystemVaTypeCountLimit' : [ 0x804, ['array', 17, ['unsigned long']]],
+    'SystemVaTypeCountPeak' : [ 0x848, ['array', 17, ['unsigned long']]],
+    'SystemAvailableVa' : [ 0x88c, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0x54, {
+    'Cr0' : [ 0x0, ['unsigned long']],
+    'Cr2' : [ 0x4, ['unsigned long']],
+    'Cr3' : [ 0x8, ['unsigned long']],
+    'Cr4' : [ 0xc, ['unsigned long']],
+    'KernelDr0' : [ 0x10, ['unsigned long']],
+    'KernelDr1' : [ 0x14, ['unsigned long']],
+    'KernelDr2' : [ 0x18, ['unsigned long']],
+    'KernelDr3' : [ 0x1c, ['unsigned long']],
+    'KernelDr6' : [ 0x20, ['unsigned long']],
+    'KernelDr7' : [ 0x24, ['unsigned long']],
+    'Gdtr' : [ 0x28, ['_DESCRIPTOR']],
+    'Idtr' : [ 0x30, ['_DESCRIPTOR']],
+    'Tr' : [ 0x38, ['unsigned short']],
+    'Ldtr' : [ 0x3a, ['unsigned short']],
+    'Xcr0' : [ 0x3c, ['unsigned long long']],
+    'ExceptionList' : [ 0x44, ['unsigned long']],
+    'Reserved' : [ 0x48, ['array', 3, ['unsigned long']]],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x8, ['pointer', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x14, ['pointer', ['_ETHREAD']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'AtomicLinks' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x44, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x28, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x34, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x3c, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x40, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x118, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastPerfCheckSnap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xb8, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x108, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x10c, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x110, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x112, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x113, ['unsigned char']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x104, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x14, ['pointer', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x18, ['pointer', ['_KSEMAPHORE']]],
+    'Order' : [ 0x1c, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0xec, ['_LIST_ENTRY']],
+    'Status' : [ 0xf4, ['long']],
+    'FailedDevice' : [ 0xf8, ['pointer', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0xfc, ['unsigned char']],
+    'Cancelled' : [ 0xfd, ['unsigned char']],
+    'IgnoreErrors' : [ 0xfe, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0xff, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x100, ['unsigned char']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x4c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['unsigned long']],
+    'SamplingPeriod' : [ 0x10, ['unsigned long']],
+    'CurrentTemperature' : [ 0x14, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x60, {
+    'FileName' : [ 0x0, ['pointer', ['wchar']]],
+    'BaseName' : [ 0x4, ['pointer', ['wchar']]],
+    'RegRootName' : [ 0x8, ['pointer', ['wchar']]],
+    'CmHive' : [ 0xc, ['pointer', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x10, ['unsigned long']],
+    'CmHiveFlags' : [ 0x14, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x18, ['unsigned long']],
+    'CmHive2' : [ 0x1c, ['pointer', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x20, ['unsigned char']],
+    'ThreadFinished' : [ 0x21, ['unsigned char']],
+    'ThreadStarted' : [ 0x22, ['unsigned char']],
+    'Allocate' : [ 0x23, ['unsigned char']],
+    'WinPERequired' : [ 0x24, ['unsigned char']],
+    'StartEvent' : [ 0x28, ['_KEVENT']],
+    'FinishedEvent' : [ 0x38, ['_KEVENT']],
+    'MountLock' : [ 0x48, ['_KEVENT']],
+    'FilePath' : [ 0x58, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0xd0, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x4, ['pointer', ['pointer', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x8, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'HitCount' : [ 0x10, ['unsigned long long']],
+    'LastActivationTime' : [ 0x18, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x20, ['unsigned long long']],
+    'CsActivationTime' : [ 0x28, ['unsigned long long']],
+    'CsActiveTime' : [ 0x30, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x28, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_ETW_DEBUGID_TRACKING_ENTRY' : [ 0x2c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x8, ['unsigned char']],
+    'Spare' : [ 0x9, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0xc, ['unsigned long']],
+    'DebugId' : [ 0x10, ['_CVDD']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x14, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'HashTable' : [ 0xc, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x2c, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ControlAreaDeleteListHead' : [ 0x14, ['_LIST_ENTRY']],
+    'UnusedSegmentDeleteListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'PagefileExtensionListHead' : [ 0x24, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2abd' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x400, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['array', 2, ['unsigned long']]]],
+    'LargePagesCount' : [ 0x10, ['array', 2, ['array', 2, ['array', 2, ['array', 1, ['unsigned long']]]]]],
+    'LargePages' : [ 0x30, ['array', 1, ['array', 2, ['array', 2, ['array', 1, ['_LIST_ENTRY']]]]]],
+    'MediumPages' : [ 0x50, ['array', 2, ['array', 2, ['array', 1, ['array', 16, ['_LIST_ENTRY']]]]]],
+    'MediumPagesCount' : [ 0x250, ['array', 2, ['array', 2, ['array', 1, ['array', 16, ['unsigned long']]]]]],
+    'LargePageRebuildTimer' : [ 0x350, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'FreePageListHeadsBitmap' : [ 0x380, ['array', 2, ['_RTL_BITMAP']]],
+    'FreePageListHeadsBitmapBuffer' : [ 0x390, ['array', 16, ['unsigned long']]],
+    'FreeCount' : [ 0x3d0, ['array', 2, ['unsigned long']]],
+    'TotalPages' : [ 0x3d8, ['array', 1, ['unsigned long']]],
+    'TotalPagesEntireNode' : [ 0x3dc, ['unsigned long']],
+    'MmShiftedColor' : [ 0x3e0, ['unsigned long']],
+    'Color' : [ 0x3e4, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x3e8, ['array', 1, ['array', 2, ['unsigned long']]]],
+    'Flags' : [ 0x3f0, ['__unnamed_2abd']],
+    'NodeLock' : [ 0x3f4, ['_EX_PUSH_LOCK']],
+    'ChannelStatus' : [ 0x3f8, ['unsigned char']],
+    'ChannelOrdering' : [ 0x3f9, ['array', 1, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x3fa, ['array', 1, ['unsigned char']]],
+    'PowerAttribute' : [ 0x3fb, ['array', 1, ['unsigned char']]],
+    'LargePageLock' : [ 0x3fc, ['unsigned long']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_MI_HYPER_SPACE' : [ 0x2000, {
+    'VadBitmap' : [ 0x0, ['array', 6144, ['unsigned char']]],
+    'PaddingToPageBoundary' : [ 0x1800, ['array', 2048, ['unsigned char']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['long']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DeviceNode' : [ 0x1c, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x10, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x4, ['pointer', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x40, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0xc, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x1c, ['unsigned long']],
+    'AccessBufferList' : [ 0x20, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x28, ['long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x30, ['long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x8, ['pointer', ['void']]],
+    'CallersCaller' : [ 0xc, ['pointer', ['void']]],
+    'CallCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0xc, {
+    'Previous' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x4, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x10, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0xb0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x8, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x20, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x38, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedPoolLowestPage' : [ 0x68, ['unsigned long']],
+    'NonPagedPoolHighestPage' : [ 0x6c, ['unsigned long']],
+    'AllocatedNonPagedPool' : [ 0x70, ['unsigned long']],
+    'PartialLargePoolRegions' : [ 0x74, ['unsigned long']],
+    'PagesInPartialLargePoolRegions' : [ 0x78, ['unsigned long']],
+    'CachedNonPagedPoolCount' : [ 0x7c, ['unsigned long']],
+    'NonPagedPoolSpinLock' : [ 0x80, ['unsigned long']],
+    'CachedNonPagedPool' : [ 0x84, ['pointer', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x88, ['pointer', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x8c, ['pointer', ['void']]],
+    'NonPagedBitMap' : [ 0x90, ['array', 3, ['_RTL_BITMAP']]],
+    'NonPagedHint' : [ 0xa8, ['array', 2, ['unsigned long']]],
+} ],
+  '_PROC_PERF_QOS_CLASS_POLICY' : [ 0x18, {
+    'MaxPolicyPercent' : [ 0x0, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x4, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x8, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0xc, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x10, ['unsigned long']],
+    'ProvideGuidance' : [ 0x14, ['unsigned char']],
+    'AllowThrottling' : [ 0x15, ['unsigned char']],
+    'PerfBoostMode' : [ 0x16, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x17, ['unsigned char']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long']],
+    'BadPagesDetected' : [ 0x4, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x8, ['long']],
+    'ScrubPasses' : [ 0xc, ['long']],
+    'ScrubBadPagesFound' : [ 0x10, ['long']],
+    'PageHashErrors' : [ 0x14, ['unsigned long']],
+    'FeatureBits' : [ 0x18, ['unsigned long long']],
+    'TimeZoneId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x28, ['pointer', ['void']]],
+    'ExceptionChainTerminator' : [ 0x2c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'ExceptionChainTerminatorRecord' : [ 0x30, ['_EXCEPTION_REGISTRATION_RECORD']],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x10, {
+    'SharedExportThunks' : [ 0x0, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x4, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x8, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0xc, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x14, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x10, ['unsigned char']],
+    'RebuildActive' : [ 0x11, ['unsigned char']],
+    'NextPassDelta' : [ 0x12, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x13, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x40, {
+    'IoPfnLock' : [ 0x0, ['unsigned long']],
+    'IoPfnRoot' : [ 0x4, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x10, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x18, ['unsigned long']],
+    'IoCacheStats' : [ 0x1c, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x3c, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x2c, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x28, ['long']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2afa' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x18, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer', ['void']]],
+    'SessionId' : [ 0xc, ['unsigned long']],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+    'u2' : [ 0x14, ['__unnamed_2afa']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x30, {
+    'PagesLoad' : [ 0x0, ['long']],
+    'PagesAverage' : [ 0x4, ['unsigned long']],
+    'AverageAvailablePages' : [ 0x8, ['unsigned long']],
+    'PagesWritten' : [ 0xc, ['unsigned long']],
+    'WritesIssued' : [ 0x10, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x14, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x18, ['unsigned long']],
+    'WriteBurstCount' : [ 0x1c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x20, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x28, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x2e, ['unsigned short']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_KTRANSACTION' : [ 0x1e0, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'Mutex' : [ 0x14, ['_KMUTANT']],
+    'TreeTx' : [ 0x34, ['pointer', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x38, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x4c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0x60, ['_GUID']],
+    'State' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0x74, ['unsigned long']],
+    'EnlistmentHead' : [ 0x78, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x80, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0x84, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0x88, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0x8c, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0x90, ['unsigned long']],
+    'PendingResponses' : [ 0x94, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0x98, ['pointer', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xa0, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0xb0, ['pointer', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0xb4, ['pointer', ['void']]],
+    'IsolationLevel' : [ 0xb8, ['unsigned long']],
+    'IsolationFlags' : [ 0xbc, ['unsigned long']],
+    'Timeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'Description' : [ 0xc8, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0xd0, ['pointer', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0xd4, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0xe4, ['_KDPC']],
+    'RollbackTimer' : [ 0x108, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x130, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x138, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x13c, ['pointer', ['_KTM']]],
+    'CommitReservation' : [ 0x140, ['long long']],
+    'TransactionHistory' : [ 0x148, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x198, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x19c, ['pointer', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x1a0, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x1a4, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x1c4, ['pointer', ['void']]],
+    'PendingPromotionCount' : [ 0x1c8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x1cc, ['_KEVENT']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x40, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0x60, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x38, ['_KMUTANT']],
+    'LinksOffset' : [ 0x58, ['unsigned short']],
+    'GuidOffset' : [ 0x5a, ['unsigned short']],
+    'Expired' : [ 0x5c, ['unsigned char']],
+} ],
+  '__unnamed_2b1c' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2b1e' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2b21' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_2b25' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x50, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x14, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x20, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x30, ['__unnamed_2b1c']],
+    'HvDeviceId' : [ 0x38, ['unsigned long long']],
+    'XapicMessage' : [ 0x40, ['__unnamed_2b1e']],
+    'Hypertransport' : [ 0x40, ['__unnamed_2b21']],
+    'GenericMessage' : [ 0x40, ['__unnamed_2b1e']],
+    'MessageRequest' : [ 0x40, ['__unnamed_2b25']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x2c, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x8, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0xc, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x10, ['unsigned long']],
+    'LowestLink' : [ 0x14, ['unsigned long']],
+    'Dependencies' : [ 0x18, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x1c, ['_LDRP_CSLIST']],
+    'State' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x28, ['unsigned long']],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x100, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0xc0, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0xc8, ['pointer', ['void']]],
+    'StorageInfo' : [ 0xc8, ['pointer', ['void']]],
+    'UseStorageInfo' : [ 0xcc, ['unsigned char']],
+    'PointersLength' : [ 0xd0, ['unsigned long']],
+    'ModulePrefix' : [ 0xd4, ['pointer', ['wchar']]],
+    'DriverList' : [ 0xd8, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0xe0, ['_STRING']],
+    'ProgMsg' : [ 0xe8, ['_STRING']],
+    'DoneMsg' : [ 0xf0, ['_STRING']],
+    'FileObject' : [ 0xf8, ['pointer', ['void']]],
+    'UsageType' : [ 0xfc, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x8, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'Node' : [ 0x4, ['unsigned long']],
+} ],
+  '_KQUEUE' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x18, ['unsigned long']],
+    'MaximumCount' : [ 0x1c, ['unsigned long']],
+    'ThreadListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x20, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0xc, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x20, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_DESCRIPTOR' : [ 0x8, {
+    'Pad' : [ 0x0, ['unsigned short']],
+    'Limit' : [ 0x2, ['unsigned short']],
+    'Base' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b43' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2b45' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2b47' : [ 0x8, {
+    'NotificationStructure' : [ 0x0, ['pointer', ['void']]],
+    'DeviceId' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2b49' : [ 0x4, {
+    'Notification' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_2b4b' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b4d' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2b4f' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2b51' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2b53' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_2b55' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_2b43']],
+    'TargetDevice' : [ 0x0, ['__unnamed_2b45']],
+    'InstallDevice' : [ 0x0, ['__unnamed_2b45']],
+    'CustomNotification' : [ 0x0, ['__unnamed_2b47']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_2b49']],
+    'PowerNotification' : [ 0x0, ['__unnamed_2b4b']],
+    'VetoNotification' : [ 0x0, ['__unnamed_2b4d']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_2b4f']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_2b51']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_2b53']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_2b45']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_2b45']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x44, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalSize' : [ 0x1c, ['unsigned long']],
+    'DeviceObject' : [ 0x20, ['pointer', ['void']]],
+    'u' : [ 0x24, ['__unnamed_2b55']],
+} ],
+  '_HVIEW_MAP_DIRECTORY' : [ 0x200, {
+    'Tables' : [ 0x0, ['array', 128, ['pointer', ['_HVIEW_MAP_TABLE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x18, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x8, ['long']],
+    'Misses' : [ 0xc, ['unsigned long']],
+    'MissesLast' : [ 0x10, ['unsigned long']],
+    'AllStacksInUse' : [ 0x14, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x4, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['pointer', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0xc, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'MpnId' : [ 0x4, ['unsigned short']],
+    'Node' : [ 0x6, ['unsigned short']],
+    'Channel' : [ 0x8, ['unsigned short']],
+    'IsPowerManageable' : [ 0xa, ['unsigned char']],
+    'DeepPowerState' : [ 0xb, ['unsigned char']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Link' : [ 0x14, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x1c, ['pointer', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x70, {
+    'Prcb' : [ 0x0, ['pointer', ['_KPRCB']]],
+    'PerfContext' : [ 0x4, ['unsigned long']],
+    'PlatformCap' : [ 0x8, ['unsigned long']],
+    'ThermalCap' : [ 0xc, ['unsigned long']],
+    'LimitReasons' : [ 0x10, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x18, ['unsigned long long']],
+    'ProcCap' : [ 0x20, ['unsigned long']],
+    'ProcFloor' : [ 0x24, ['unsigned long']],
+    'TargetPercent' : [ 0x28, ['unsigned long']],
+    'Selection' : [ 0x30, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x58, ['unsigned long']],
+    'PreviousFrequency' : [ 0x5c, ['unsigned long']],
+    'PreviousPercent' : [ 0x60, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x64, ['unsigned long']],
+    'Force' : [ 0x68, ['unsigned char']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x18, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x288, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x2a4, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer', ['void']]],
+    'ConsoleFlags' : [ 0x14, ['unsigned long']],
+    'StandardInput' : [ 0x18, ['pointer', ['void']]],
+    'StandardOutput' : [ 0x1c, ['pointer', ['void']]],
+    'StandardError' : [ 0x20, ['pointer', ['void']]],
+    'CurrentDirectory' : [ 0x24, ['_CURDIR']],
+    'DllPath' : [ 0x30, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x38, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x40, ['_UNICODE_STRING']],
+    'Environment' : [ 0x48, ['pointer', ['void']]],
+    'StartingX' : [ 0x4c, ['unsigned long']],
+    'StartingY' : [ 0x50, ['unsigned long']],
+    'CountX' : [ 0x54, ['unsigned long']],
+    'CountY' : [ 0x58, ['unsigned long']],
+    'CountCharsX' : [ 0x5c, ['unsigned long']],
+    'CountCharsY' : [ 0x60, ['unsigned long']],
+    'FillAttribute' : [ 0x64, ['unsigned long']],
+    'WindowFlags' : [ 0x68, ['unsigned long']],
+    'ShowWindowFlags' : [ 0x6c, ['unsigned long']],
+    'WindowTitle' : [ 0x70, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0x78, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0x80, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0x88, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0x90, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x290, ['unsigned long']],
+    'EnvironmentVersion' : [ 0x294, ['unsigned long']],
+    'PackageDependencyData' : [ 0x298, ['pointer', ['void']]],
+    'ProcessGroupId' : [ 0x29c, ['unsigned long']],
+    'LoaderThreads' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x20, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long']],
+    'ActiveCacheMatch' : [ 0x4, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0x8, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x14, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_2b96' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b98' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2b9a' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2b96']],
+    'Gpt' : [ 0x0, ['__unnamed_2b98']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0xc0, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer', ['void']]],
+    'CommonBuffer' : [ 0xc, ['array', 2, ['pointer', ['void']]]],
+    'PhysicalAddress' : [ 0x18, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x28, ['pointer', ['void']]],
+    'OpenRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'WriteRoutine' : [ 0x30, ['pointer', ['void']]],
+    'FinishRoutine' : [ 0x34, ['pointer', ['void']]],
+    'AdapterObject' : [ 0x38, ['pointer', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x3c, ['pointer', ['void']]],
+    'PortConfiguration' : [ 0x40, ['pointer', ['void']]],
+    'CrashDump' : [ 0x44, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x45, ['unsigned char']],
+    'HiberResume' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x47, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x48, ['unsigned long']],
+    'CommonBufferSize' : [ 0x4c, ['unsigned long']],
+    'TargetAddress' : [ 0x50, ['pointer', ['void']]],
+    'WritePendingRoutine' : [ 0x54, ['pointer', ['void']]],
+    'PartitionStyle' : [ 0x58, ['unsigned long']],
+    'DiskInfo' : [ 0x5c, ['__unnamed_2b9a']],
+    'ReadRoutine' : [ 0x6c, ['pointer', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0x70, ['pointer', ['void']]],
+    'LogSectionTruncateSize' : [ 0x74, ['unsigned long']],
+    'Parameters' : [ 0x78, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xb8, ['pointer', ['void']]],
+    'DumpNotifyRoutine' : [ 0xbc, ['pointer', ['void']]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ActiveCooling' : [ 0x14, ['pointer', ['void']]],
+    'PassiveCooling' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x8, {
+    'Start' : [ 0x0, ['pointer', ['unsigned char']]],
+    'End' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0x60, {
+    'Component' : [ 0x0, ['pointer', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x4, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x14, ['pointer', ['void']]],
+    'Flags' : [ 0x18, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x1c, ['pointer', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x20, ['unsigned long']],
+    'LastChangeStamp' : [ 0x28, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x30, ['unsigned char']],
+    'PepRegistered' : [ 0x31, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x32, ['unsigned char']],
+    'RequestDriverContext' : [ 0x34, ['pointer', ['void']]],
+    'WorkOrder' : [ 0x38, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x54, ['unsigned long']],
+    'Sets' : [ 0x58, ['pointer', ['_POP_FX_PERF_SET']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'AttemptForCantExtend' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'UnusedSegmentDeletion' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileContract' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x4, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x10, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_2bc9' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2bcb' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2bcd' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2bcf' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2bc9']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_2bcb']],
+    'Raw' : [ 0x0, ['__unnamed_2bcd']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x28, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'Operation' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0x8, ['__unnamed_2bcf']],
+    'Stack' : [ 0x10, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x10, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0xc, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0xc, ['_RTL_BITMAP']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2bdb' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2bdd' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2bdb']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2be0' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2be2' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2be0']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2bdd']],
+    'HighPart' : [ 0x4, ['__unnamed_2be2']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x70, {
+    'UncompressedData' : [ 0x0, ['pointer', ['unsigned char']]],
+    'MappingVa' : [ 0x4, ['pointer', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x8, ['pointer', ['void']]],
+    'CompressedDataBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'CompressTicks' : [ 0x18, ['unsigned long long']],
+    'BytesCopied' : [ 0x20, ['unsigned long long']],
+    'PagesProcessed' : [ 0x28, ['unsigned long long']],
+    'DecompressTicks' : [ 0x30, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x38, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x40, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x68, ['unsigned long']],
+    'HuffCompressCount' : [ 0x6c, ['unsigned long']],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x30, {
+    'ViewOffset' : [ 0x0, ['unsigned long']],
+    'Pinned' : [ 0x4, ['unsigned char']],
+    'PinMask' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer', ['_KTHREAD']]],
+    'Stack' : [ 0x14, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x10, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'CallingAddress' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long']],
+    'Tag' : [ 0xc, ['unsigned long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x8, {
+    'NextExtension' : [ 0x0, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HVIEW_MAP_TABLE' : [ 0x600, {
+    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
+} ],
+  '_LDRP_CSLIST' : [ 0x4, {
+    'Tail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0xc, {
+    'NextPage' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'VerifierEntry' : [ 0x4, ['pointer', ['void']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SlatKernelCodeProtected' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_EX_WORK_QUEUE_MANAGER' : [ 0xb8, {
+    'Partition' : [ 0x0, ['pointer', ['_EX_PARTITION']]],
+    'Node' : [ 0x4, ['pointer', ['_ENODE']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+    'DeadlockTimer' : [ 0x18, ['_KTIMER']],
+    'ReaperEvent' : [ 0x40, ['_KEVENT']],
+    'ReaperTimer' : [ 0x50, ['_KTIMER2']],
+    'ThreadHandle' : [ 0xa8, ['pointer', ['void']]],
+    'ExitThread' : [ 0xac, ['unsigned long']],
+    'ThreadSeed' : [ 0xb0, ['unsigned long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x28, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x10, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x18, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeFilteredPrivateLogger', 12: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x40, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0xc, ['pointer', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x10, ['pointer', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x14, ['pointer', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x18, ['pointer', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x1c, ['pointer', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x20, ['pointer', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x24, ['pointer', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x28, ['pointer', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x2c, ['pointer', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x30, ['pointer', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x34, ['pointer', ['void']]],
+    'PreQueryOpen' : [ 0x38, ['pointer', ['void']]],
+    'PostQueryOpen' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x18, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x14, ['pointer', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x4, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_ENTRY' : [ 0x18, {
+    'ViewStart' : [ 0x0, ['pointer', ['void']]],
+    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Bcb' : [ 0x4, ['pointer', ['void']]],
+    'PinnedPages' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x24, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x10, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_2c39' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x4, ['pointer', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_2c3b' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x28, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x8, ['unsigned long long']],
+    'Unit' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x18, ['__unnamed_2c39']],
+    'Range' : [ 0x18, ['__unnamed_2c3b']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CURDIR' : [ 0xc, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '__unnamed_2c43' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_2c45' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_2c43']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_2c45']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '__unnamed_2c4b' : [ 0x8, {
+    'EndingOffset' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x4, ['pointer', ['pointer', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2c4d' : [ 0x4, {
+    'ResourceToRelease' : [ 0x0, ['pointer', ['_ERESOURCE']]],
+} ],
+  '__unnamed_2c53' : [ 0xc, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_2c57' : [ 0x8, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NotifyTypeCreate', 1: u'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x4, ['unsigned char']],
+} ],
+  '__unnamed_2c59' : [ 0x14, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileInformation' : [ 0x4, ['pointer', ['void']]],
+    'Length' : [ 0x8, ['pointer', ['unsigned long']]],
+    'FileInformationClass' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileMaximumInformation'})]],
+    'CompletionStatus' : [ 0x10, ['long']],
+} ],
+  '__unnamed_2c5b' : [ 0x14, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+    'Argument5' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x14, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2c4b']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2c4d']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2c53']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_2c57']],
+    'QueryOpen' : [ 0x0, ['__unnamed_2c59']],
+    'Others' : [ 0x0, ['__unnamed_2c5b']],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+}

From f14757f444fe0889da4c6b41ad79bd063ed6bd07 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 10 Nov 2017 08:48:44 -0600
Subject: [PATCH 164/304] Fixing netscan TCP endpoints on Windows 10 Creators
 and Fall Creators

---
 .../plugins/overlays/windows/tcpip_vtypes.py  | 26 ++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/tcpip_vtypes.py b/volatility/plugins/overlays/windows/tcpip_vtypes.py
index e02e09e5e..25f55b45b 100644
--- a/volatility/plugins/overlays/windows/tcpip_vtypes.py
+++ b/volatility/plugins/overlays/windows/tcpip_vtypes.py
@@ -442,12 +442,20 @@ def modification(self, profile):
             }],
         })
 
-        if profile.metadata.get("build") >= 14393:
+        build = profile.metadata.get("build")
+
+        if build == 14393:
             profile.merge_overlay({
                 '_TCP_ENDPOINT': [ None, {
                 'Owner' : [ 0x1b4, ['pointer', ['_EPROCESS']]],
                 }],
             })
+        elif build >= 15063:
+            profile.merge_overlay({
+                '_TCP_ENDPOINT': [ None, {
+                'Owner' : [ 0x1cc, ['pointer', ['_EPROCESS']]],
+                }],
+            })
 
 class Win8x64Tcpip(obj.ProfileModification):
     before = ['Win7Vista2008x64Tcpip']
@@ -491,3 +499,19 @@ class Win10x64Tcpip(obj.ProfileModification):
                   'minor': lambda x : x == 4}
     def modification(self, profile):
         profile.vtypes.update(tcpip_vtypes_win_10_x64)
+        
+class Win10x64_15063_Tcpip(obj.ProfileModification):
+    """TCP Endpoint for Creators and Fall Creators"""
+    
+    before = ['Win10x64Tcpip']
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '64bit',
+                  'major': lambda x : x == 6,
+                  'minor': lambda x : x == 4,
+                  'build': lambda x : x >= 15063}
+    def modification(self, profile):
+        profile.merge_overlay({
+            '_TCP_ENDPOINT': [ None, {
+                'Owner' : [ 0x270, ['pointer', ['_EPROCESS']]],
+                }],
+            })

From 715387c6ebe4af3d18941c33dbd377e61a011eb7 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 10 Nov 2017 13:14:10 -0600
Subject: [PATCH 165/304] Add initial profile modifications for win32k plugins
 on win10 creators / fall creators

---
 volatility/plugins/gui/vtypes/win10.py | 57 ++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 volatility/plugins/gui/vtypes/win10.py

diff --git a/volatility/plugins/gui/vtypes/win10.py b/volatility/plugins/gui/vtypes/win10.py
new file mode 100644
index 000000000..2088e67fc
--- /dev/null
+++ b/volatility/plugins/gui/vtypes/win10.py
@@ -0,0 +1,57 @@
+# Volatility
+# Copyright (C) 2007-2017 Volatility Foundation
+# Copyright (C) 2017 Michael Hale Ligh <michael.ligh@mnin.org>
+#
+# This file is part of Volatility.
+#
+# Volatility is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Volatility is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import volatility.obj as obj 
+
+class Win10x86_Gui(obj.ProfileModification):
+
+    before = ["XP2003x86BaseVTypes", "Win32Kx86VTypes", "AtomTablex86Overlay", "Win32KCoreClasses", "Win8x86Gui"]
+
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '32bit',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4}
+
+    def modification(self, profile):
+        build = profile.metadata.get('build', 0)
+    
+        if build >= 15063:    
+            profile.merge_overlay({
+            })
+
+class Win10x64_Gui(obj.ProfileModification):
+
+    before = ["Win32KCoreClasses", "Win8x64Gui"]
+
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '64bit',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4}
+
+    def modification(self, profile):
+        build = profile.metadata.get('build', 0)
+    
+        if build >= 15063:    
+            profile.merge_overlay({
+                'tagDESKTOP': [None, {
+                    'rpdeskNext': [0x20, ['pointer64', ['tagDESKTOP']]],
+                    'rpwinstaParent': [0x28, ['pointer64', ['tagWINDOWSTATION']]],
+                }],
+            })
\ No newline at end of file

From 2377c25139a58452c63c82ee17b125cb7f5be7bf Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Fri, 10 Nov 2017 21:01:44 -0600
Subject: [PATCH 166/304] Add additional offsets for win32k gui support on
 creators and fall creators

---
 volatility/plugins/gui/vtypes/win10.py | 38 ++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/volatility/plugins/gui/vtypes/win10.py b/volatility/plugins/gui/vtypes/win10.py
index 2088e67fc..6732d1974 100644
--- a/volatility/plugins/gui/vtypes/win10.py
+++ b/volatility/plugins/gui/vtypes/win10.py
@@ -34,6 +34,25 @@ def modification(self, profile):
     
         if build >= 15063:    
             profile.merge_overlay({
+                'tagDESKTOP': [None, {
+                    'rpdeskNext': [0x10, ['pointer', ['tagDESKTOP']]],
+                    'rpwinstaParent': [0x14, ['pointer', ['tagWINDOWSTATION']]],
+                    'pheapDesktop': [0x40, ['pointer', ['tagWIN32HEAP']]],
+                    'PtiList': [0x5c, ['_LIST_ENTRY']],
+                }],
+                'tagTHREADINFO': [None, {
+                    'ppi': [0xe0, ['pointer', ['tagPROCESSINFO']]],
+                    'PtiLink': [0x188, ['_LIST_ENTRY']],
+                }],
+                'tagWND': [None, {
+                    'spwndNext': [0x34, ['pointer', ['tagWND']]],
+                    'spwndPrev': [0x38, ['pointer', ['tagWND']]],
+                    'spwndParent': [0x3c, ['pointer', ['tagWND']]],
+                    'spwndChild': [0x40, ['pointer', ['tagWND']]],
+                    'lpfnWndProc': [0x68, ['pointer', ['void']]], #?
+                    'pcls': [0x6c, ['pointer', ['tagCLS']]], #?
+                    'strName': [0x8c, ['_LARGE_UNICODE_STRING']], #?
+                }],
             })
 
 class Win10x64_Gui(obj.ProfileModification):
@@ -53,5 +72,24 @@ def modification(self, profile):
                 'tagDESKTOP': [None, {
                     'rpdeskNext': [0x20, ['pointer64', ['tagDESKTOP']]],
                     'rpwinstaParent': [0x28, ['pointer64', ['tagWINDOWSTATION']]],
+                    'pheapDesktop': [0x80, ['pointer', ['tagWIN32HEAP']]],
+                    'PtiList': [0xA8, ['_LIST_ENTRY']],
+                }],
+                'tagTHREADINFO': [None, {
+                    'ppi': [0x190, ['pointer', ['tagPROCESSINFO']]],
+                     # zzzSetDesktop 
+                     # mov [rbx+1B8h], rax
+                     # lea rax, [rbx+2C8h]
+                     # lea rcx, [rdi+0A8h] => int 29h 
+                    'PtiLink': [0x2c8, ['_LIST_ENTRY']],
+                }],
+                'tagWND': [None, {
+                    'spwndNext': [0x58, ['pointer64', ['tagWND']]],
+                    'spwndPrev': [0x60, ['pointer64', ['tagWND']]],
+                    'spwndParent': [0x68, ['pointer64', ['tagWND']]],
+                    'spwndChild': [0x70, ['pointer64', ['tagWND']]],
+                    'lpfnWndProc': [0xa0, ['pointer64', ['void']]],
+                    'pcls': [0xa8, ['pointer64', ['tagCLS']]],
+                    'strName': [0xe8, ['_LARGE_UNICODE_STRING']],
                 }],
             })
\ No newline at end of file

From 179d206d3d0c7d0045ca23ee465416cc44e5f480 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Mon, 13 Nov 2017 07:59:34 -0600
Subject: [PATCH 167/304] Update the ssdt plugin for Windows 10 profiles

---
 .../plugins/overlays/windows/ssdt_vtypes.py   |   66 +-
 .../windows/win10_x64_10586_syscalls.py       | 1585 ++++++++++++++++
 .../windows/win10_x64_14393_syscalls.py       | 1594 ++++++++++++++++
 .../windows/win10_x64_15063_syscalls.py       | 1596 ++++++++++++++++
 .../windows/win10_x64_16299_syscalls.py       | 1642 +++++++++++++++++
 .../windows/win10_x86_10586_syscalls.py       | 1583 ++++++++++++++++
 .../windows/win10_x86_14393_syscalls.py       | 1592 ++++++++++++++++
 .../windows/win10_x86_15063_syscalls.py       | 1594 ++++++++++++++++
 .../windows/win10_x86_16299_syscalls.py       | 1640 ++++++++++++++++
 volatility/plugins/ssdt.py                    |   21 +-
 10 files changed, 12903 insertions(+), 10 deletions(-)
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_10586_syscalls.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_14393_syscalls.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_15063_syscalls.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_16299_syscalls.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x86_10586_syscalls.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x86_14393_syscalls.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x86_15063_syscalls.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x86_16299_syscalls.py

diff --git a/volatility/plugins/overlays/windows/ssdt_vtypes.py b/volatility/plugins/overlays/windows/ssdt_vtypes.py
index ceb17910c..79cd06414 100644
--- a/volatility/plugins/overlays/windows/ssdt_vtypes.py
+++ b/volatility/plugins/overlays/windows/ssdt_vtypes.py
@@ -195,4 +195,68 @@ class Win8SP1x64Syscalls(AbstractSyscalls):
     conditions = {'os': lambda x: x == 'windows',
                   'memory_model': lambda x: x == '64bit',
                   'major': lambda x : x == 6,
-                  'minor': lambda x : x == 3}
\ No newline at end of file
+                  'minor': lambda x : x == 3}
+
+class Win10x64_10586_Syscalls(AbstractSyscalls):
+    syscall_module = 'volatility.plugins.overlays.windows.win10_x64_10586_syscalls'
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '64bit',
+                  'major': lambda x : x == 6,
+                  'minor': lambda x : x == 4,
+                  'build': lambda x : x == 10586}
+
+class Win10x86_10586_Syscalls(AbstractSyscalls):
+    syscall_module = 'volatility.plugins.overlays.windows.win10_x86_10586_syscalls'
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '32bit',
+                  'major': lambda x : x == 6,
+                  'minor': lambda x : x == 4,
+                  'build': lambda x : x == 10586}
+
+class Win10x64_14393_Syscalls(AbstractSyscalls):
+    syscall_module = 'volatility.plugins.overlays.windows.win10_x64_14393_syscalls'
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '64bit',
+                  'major': lambda x : x == 6,
+                  'minor': lambda x : x == 4,
+                  'build': lambda x : x == 14393}
+
+class Win10x86_14393_Syscalls(AbstractSyscalls):
+    syscall_module = 'volatility.plugins.overlays.windows.win10_x86_14393_syscalls'
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '32bit',
+                  'major': lambda x : x == 6,
+                  'minor': lambda x : x == 4,
+                  'build': lambda x : x == 14393}
+
+class Win10x64_15063_Syscalls(AbstractSyscalls):
+    syscall_module = 'volatility.plugins.overlays.windows.win10_x64_15063_syscalls'
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '64bit',
+                  'major': lambda x : x == 6,
+                  'minor': lambda x : x == 4,
+                  'build': lambda x : x == 15063}
+
+class Win10x86_15063_Syscalls(AbstractSyscalls):
+    syscall_module = 'volatility.plugins.overlays.windows.win10_x86_15063_syscalls'
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '32bit',
+                  'major': lambda x : x == 6,
+                  'minor': lambda x : x == 4,
+                  'build': lambda x : x == 15063}
+
+class Win10x64_16299_Syscalls(AbstractSyscalls):
+    syscall_module = 'volatility.plugins.overlays.windows.win10_x64_16299_syscalls'
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '64bit',
+                  'major': lambda x : x == 6,
+                  'minor': lambda x : x == 4,
+                  'build': lambda x : x == 16299}
+
+class Win10x86_16299_Syscalls(AbstractSyscalls):
+    syscall_module = 'volatility.plugins.overlays.windows.win10_x86_16299_syscalls'
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '32bit',
+                  'major': lambda x : x == 6,
+                  'minor': lambda x : x == 4,
+                  'build': lambda x : x == 16299}
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win10_x64_10586_syscalls.py b/volatility/plugins/overlays/windows/win10_x64_10586_syscalls.py
new file mode 100644
index 000000000..be9e372a7
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_10586_syscalls.py
@@ -0,0 +1,1585 @@
+syscalls = [
+    [
+        "NtUserGetOwnerTransformedMonitorRect",
+        "NtUserYieldTask",
+        "NtUserSetSensorPresence",
+        "NtUserGetThreadState",
+        "NtUserPeekMessage",
+        "NtUserCallOneParam",
+        "NtUserGetKeyState",
+        "NtUserInvalidateRect",
+        "NtUserCallNoParam",
+        "NtUserGetMessage",
+        "NtUserMessageCall",
+        "NtGdiBitBlt",
+        "NtGdiGetCharSet",
+        "NtUserGetDC",
+        "NtGdiSelectBitmap",
+        "NtUserWaitMessage",
+        "NtUserTranslateMessage",
+        "NtUserGetProp",
+        "NtUserPostMessage",
+        "NtUserQueryWindow",
+        "NtUserTranslateAccelerator",
+        "NtGdiFlush",
+        "NtUserRedrawWindow",
+        "NtUserWindowFromPoint",
+        "NtUserCallMsgFilter",
+        "NtUserValidateTimerCallback",
+        "NtUserBeginPaint",
+        "NtUserSetTimer",
+        "NtUserEndPaint",
+        "NtUserSetCursor",
+        "NtUserKillTimer",
+        "NtUserBuildHwndList",
+        "NtUserSelectPalette",
+        "NtUserCallNextHookEx",
+        "NtUserHideCaret",
+        "NtGdiIntersectClipRect",
+        "NtUserCallHwndLock",
+        "NtUserGetProcessWindowStation",
+        "NtGdiDeleteObjectApp",
+        "NtUserSetWindowPos",
+        "NtUserShowCaret",
+        "NtUserEndDeferWindowPosEx",
+        "NtUserCallHwndParamLock",
+        "NtUserVkKeyScanEx",
+        "NtGdiSetDIBitsToDeviceInternal",
+        "NtUserCallTwoParam",
+        "NtGdiGetRandomRgn",
+        "NtUserCopyAcceleratorTable",
+        "NtUserNotifyWinEvent",
+        "NtGdiExtSelectClipRgn",
+        "NtUserIsClipboardFormatAvailable",
+        "NtUserSetScrollInfo",
+        "NtGdiStretchBlt",
+        "NtUserCreateCaret",
+        "NtGdiRectVisible",
+        "NtGdiCombineRgn",
+        "NtGdiGetDCObject",
+        "NtUserDispatchMessage",
+        "NtUserRegisterWindowMessage",
+        "NtGdiExtTextOutW",
+        "NtGdiSelectFont",
+        "NtGdiRestoreDC",
+        "NtGdiSaveDC",
+        "NtUserGetForegroundWindow",
+        "NtUserShowScrollBar",
+        "NtUserFindExistingCursorIcon",
+        "NtGdiGetDCDword",
+        "NtGdiGetRegionData",
+        "NtGdiLineTo",
+        "NtUserSystemParametersInfo",
+        "NtGdiGetAppClipBox",
+        "NtUserGetAsyncKeyState",
+        "NtUserGetCPD",
+        "NtUserRemoveProp",
+        "NtGdiDoPalette",
+        "NtGdiPolyPolyDraw",
+        "NtUserSetCapture",
+        "NtUserEnumDisplayMonitors",
+        "NtGdiCreateCompatibleBitmap",
+        "NtUserSetProp",
+        "NtGdiGetTextCharsetInfo",
+        "NtUserSBGetParms",
+        "NtUserGetIconInfo",
+        "NtUserExcludeUpdateRgn",
+        "NtUserSetFocus",
+        "NtGdiExtGetObjectW",
+        "NtUserGetUpdateRect",
+        "NtGdiCreateCompatibleDC",
+        "NtUserGetClipboardSequenceNumber",
+        "NtGdiCreatePen",
+        "NtUserShowWindow",
+        "NtUserGetKeyboardLayoutList",
+        "NtGdiPatBlt",
+        "NtUserMapVirtualKeyEx",
+        "NtUserSetWindowLong",
+        "NtGdiHfontCreate",
+        "NtUserMoveWindow",
+        "NtUserPostThreadMessage",
+        "NtUserDrawIconEx",
+        "NtUserGetSystemMenu",
+        "NtGdiDrawStream",
+        "NtUserInternalGetWindowText",
+        "NtUserGetWindowDC",
+        "NtGdiD3dDrawPrimitives2",
+        "NtGdiInvertRgn",
+        "NtGdiGetRgnBox",
+        "NtGdiGetAndSetDCDword",
+        "NtGdiMaskBlt",
+        "NtGdiGetWidthTable",
+        "NtUserScrollDC",
+        "NtUserGetObjectInformation",
+        "NtGdiCreateBitmap",
+        "NtUserFindWindowEx",
+        "NtGdiPolyPatBlt",
+        "NtUserUnhookWindowsHookEx",
+        "NtGdiGetNearestColor",
+        "NtGdiTransformPoints",
+        "NtGdiGetDCPoint",
+        "NtGdiCreateDIBBrush",
+        "NtGdiGetTextMetricsW",
+        "NtUserCreateWindowEx",
+        "NtUserSetParent",
+        "NtUserGetKeyboardState",
+        "NtUserToUnicodeEx",
+        "NtUserGetControlBrush",
+        "NtUserGetClassName",
+        "NtGdiAlphaBlend",
+        "NtGdiDdBlt",
+        "NtGdiOffsetRgn",
+        "NtUserDefSetText",
+        "NtGdiGetTextFaceW",
+        "NtGdiStretchDIBitsInternal",
+        "NtUserSendInput",
+        "NtUserGetThreadDesktop",
+        "NtGdiCreateRectRgn",
+        "NtGdiGetDIBitsInternal",
+        "NtUserGetUpdateRgn",
+        "NtGdiDeleteClientObj",
+        "NtUserGetIconSize",
+        "NtUserFillWindow",
+        "NtGdiExtCreateRegion",
+        "NtGdiComputeXformCoefficients",
+        "NtUserSetWindowsHookEx",
+        "NtUserNotifyProcessCreate",
+        "NtGdiUnrealizeObject",
+        "NtUserGetTitleBarInfo",
+        "NtGdiRectangle",
+        "NtUserSetThreadDesktop",
+        "NtUserGetDCEx",
+        "NtUserGetScrollBarInfo",
+        "NtGdiGetTextExtent",
+        "NtUserSetWindowFNID",
+        "NtGdiSetLayout",
+        "NtUserCalcMenuBar",
+        "NtUserThunkedMenuItemInfo",
+        "NtGdiExcludeClipRect",
+        "NtGdiCreateDIBSection",
+        "NtGdiGetDCforBitmap",
+        "NtUserDestroyCursor",
+        "NtUserDestroyWindow",
+        "NtUserCallHwndParam",
+        "NtGdiCreateDIBitmapInternal",
+        "NtUserOpenWindowStation",
+        "NtGdiDdDeleteSurfaceObject",
+        "NtGdiDdCanCreateSurface",
+        "NtGdiDdCreateSurface",
+        "NtUserSetCursorIconData",
+        "NtGdiDdDestroySurface",
+        "NtUserCloseDesktop",
+        "NtUserOpenDesktop",
+        "NtUserSetProcessWindowStation",
+        "NtUserGetAtomName",
+        "NtGdiDdResetVisrgn",
+        "NtGdiExtCreatePen",
+        "NtGdiCreatePaletteInternal",
+        "NtGdiSetBrushOrg",
+        "NtUserBuildNameList",
+        "NtGdiSetPixel",
+        "NtUserRegisterClassExWOW",
+        "NtGdiCreatePatternBrushInternal",
+        "NtUserGetAncestor",
+        "NtGdiGetOutlineTextMetricsInternalW",
+        "NtGdiSetBitmapBits",
+        "NtUserCloseWindowStation",
+        "NtUserGetDoubleClickTime",
+        "NtUserEnableScrollBar",
+        "NtGdiCreateSolidBrush",
+        "NtUserGetClassInfoEx",
+        "NtGdiCreateClientObj",
+        "NtUserUnregisterClass",
+        "NtUserDeleteMenu",
+        "NtGdiRectInRegion",
+        "NtUserScrollWindowEx",
+        "NtGdiGetPixel",
+        "NtUserSetClassLong",
+        "NtUserGetMenuBarInfo",
+        "NtGdiDdCreateSurfaceEx",
+        "NtGdiDdCreateSurfaceObject",
+        "NtGdiGetNearestPaletteIndex",
+        "NtGdiDdLockD3D",
+        "NtGdiDdUnlockD3D",
+        "NtGdiGetCharWidthW",
+        "NtUserInvalidateRgn",
+        "NtUserGetClipboardOwner",
+        "NtUserSetWindowRgn",
+        "NtUserBitBltSysBmp",
+        "NtGdiGetCharWidthInfo",
+        "NtUserValidateRect",
+        "NtUserCloseClipboard",
+        "NtUserOpenClipboard",
+        "NtGdiGetStockObject",
+        "NtUserSetClipboardData",
+        "NtUserEnableMenuItem",
+        "NtUserAlterWindowStyle",
+        "NtGdiFillRgn",
+        "NtUserGetWindowPlacement",
+        "NtGdiModifyWorldTransform",
+        "NtGdiGetFontData",
+        "NtUserGetOpenClipboardWindow",
+        "NtUserSetThreadState",
+        "NtGdiOpenDCW",
+        "NtUserTrackMouseEvent",
+        "NtGdiGetTransform",
+        "NtUserDestroyMenu",
+        "NtGdiGetBitmapBits",
+        "NtUserConsoleControl",
+        "NtUserSetActiveWindow",
+        "NtUserSetInformationThread",
+        "NtUserSetWindowPlacement",
+        "NtUserGetControlColor",
+        "NtGdiSetMetaRgn",
+        "NtGdiSetMiterLimit",
+        "NtGdiSetVirtualResolution",
+        "NtGdiGetRasterizerCaps",
+        "NtUserSetWindowWord",
+        "NtUserGetClipboardFormatName",
+        "NtUserRealInternalGetMessage",
+        "NtUserCreateLocalMemHandle",
+        "NtUserAttachThreadInput",
+        "NtGdiCreateHalftonePalette",
+        "NtUserPaintMenuBar",
+        "NtUserSetKeyboardState",
+        "NtGdiCombineTransform",
+        "NtUserCreateAcceleratorTable",
+        "NtUserGetCursorFrameInfo",
+        "NtUserGetAltTabInfo",
+        "NtUserGetCaretBlinkTime",
+        "NtGdiQueryFontAssocInfo",
+        "NtUserProcessConnect",
+        "NtUserEnumDisplayDevices",
+        "NtUserEmptyClipboard",
+        "NtUserGetClipboardData",
+        "NtUserRemoveMenu",
+        "NtGdiSetBoundsRect",
+        "NtGdiGetBitmapDimension",
+        "NtUserConvertMemHandle",
+        "NtUserDestroyAcceleratorTable",
+        "NtUserGetGUIThreadInfo",
+        "NtGdiCloseFigure",
+        "NtUserSetWindowsHookAW",
+        "NtUserSetMenuDefaultItem",
+        "NtUserCheckMenuItem",
+        "NtUserSetWinEventHook",
+        "NtUserUnhookWinEvent",
+        "NtUserLockWindowUpdate",
+        "NtUserSetSystemMenu",
+        "NtUserThunkedMenuInfo",
+        "NtGdiBeginPath",
+        "NtGdiEndPath",
+        "NtGdiFillPath",
+        "NtUserCallHwnd",
+        "NtUserDdeInitialize",
+        "NtUserModifyUserStartupInfoFlags",
+        "NtUserCountClipboardFormats",
+        "NtGdiAddFontMemResourceEx",
+        "NtGdiEqualRgn",
+        "NtGdiGetSystemPaletteUse",
+        "NtGdiRemoveFontMemResourceEx",
+        "NtUserEnumDisplaySettings",
+        "NtUserPaintDesktop",
+        "NtGdiExtEscape",
+        "NtGdiSetBitmapDimension",
+        "NtGdiSetFontEnumeration",
+        "NtUserChangeClipboardChain",
+        "NtUserSetClipboardViewer",
+        "NtUserShowWindowAsync",
+        "NtGdiCreateColorSpace",
+        "NtGdiDeleteColorSpace",
+        "NtUserActivateKeyboardLayout",
+        "NtBindCompositionSurface",
+        "NtCompositionInputThread",
+        "NtCompositionSetDropTarget",
+        "NtCreateCompositionInputSink",
+        "NtCreateCompositionSurfaceHandle",
+        "NtCreateImplicitCompositionInputSink",
+        "NtDCompositionAddCrossDeviceVisualChild",
+        "NtDCompositionAddVisualChild",
+        "NtDCompositionAttachMouseWheelToHwnd",
+        "NtDCompositionBeginFrame",
+        "NtDCompositionCapturePointer",
+        "NtDCompositionCommitChannel",
+        "NtDCompositionConfirmFrame",
+        "NtDCompositionConnectPipe",
+        "NtDCompositionCreateAndBindSharedSection",
+        "NtDCompositionCreateChannel",
+        "NtDCompositionCreateConnection",
+        "NtDCompositionCreateDwmChannel",
+        "NtDCompositionCreateResource",
+        "NtDCompositionCurrentBatchId",
+        "NtDCompositionDestroyChannel",
+        "NtDCompositionDestroyConnection",
+        "NtDCompositionDiscardFrame",
+        "NtDCompositionDuplicateHandleToProcess",
+        "NtDCompositionDuplicateSwapchainHandleToDwm",
+        "NtDCompositionEnableDDASupport",
+        "NtDCompositionEnableMMCSS",
+        "NtDCompositionGetAnimationTime",
+        "NtDCompositionGetChannels",
+        "NtDCompositionGetConnectionBatch",
+        "NtDCompositionGetDeletedResources",
+        "NtDCompositionGetFrameLegacyTokens",
+        "NtDCompositionGetFrameStatistics",
+        "NtDCompositionGetFrameSurfaceUpdates",
+        "NtDCompositionOpenSharedResource",
+        "NtDCompositionOpenSharedResourceHandle",
+        "NtDCompositionReferenceSharedResourceOnDwmChannel",
+        "NtDCompositionRegisterThumbnailVisual",
+        "NtDCompositionRegisterVirtualDesktopVisual",
+        "NtDCompositionReleaseAllResources",
+        "NtDCompositionReleaseResource",
+        "NtDCompositionRemoveCrossDeviceVisualChild",
+        "NtDCompositionRemoveVisualChild",
+        "NtDCompositionReplaceVisualChildren",
+        "NtDCompositionRetireFrame",
+        "NtDCompositionSetChannelCallbackId",
+        "NtDCompositionSetChannelCommitCompletionEvent",
+        "NtDCompositionSetDebugCounter",
+        "NtDCompositionSetResourceAnimationProperty",
+        "NtDCompositionSetResourceBufferProperty",
+        "NtDCompositionSetResourceCallbackId",
+        "NtDCompositionSetResourceDeletedNotificationTag",
+        "NtDCompositionSetResourceFloatProperty",
+        "NtDCompositionSetResourceHandleProperty",
+        "NtDCompositionSetResourceIntegerProperty",
+        "NtDCompositionSetResourceReferenceArrayProperty",
+        "NtDCompositionSetResourceReferenceProperty",
+        "NtDCompositionSetVisualInputSink",
+        "NtDCompositionSubmitDWMBatch",
+        "NtDCompositionSynchronize",
+        "NtDCompositionTelemetryAnimationScenarioBegin",
+        "NtDCompositionTelemetryAnimationScenarioReference",
+        "NtDCompositionTelemetryAnimationScenarioUnreference",
+        "NtDCompositionTelemetrySetApplicationId",
+        "NtDCompositionTelemetryTouchInteractionBegin",
+        "NtDCompositionTelemetryTouchInteractionEnd",
+        "NtDCompositionTelemetryTouchInteractionUpdate",
+        "NtDCompositionUpdatePointerCapture",
+        "NtDCompositionWaitForChannel",
+        "NtDesktopCaptureBits",
+        "NtDuplicateCompositionInputSink",
+        "NtGdiAbortDoc",
+        "NtGdiAbortPath",
+        "NtGdiAddEmbFontToDC",
+        "NtGdiAddFontResourceW",
+        "NtGdiAddRemoteFontToDC",
+        "NtGdiAddRemoteMMInstanceToDC",
+        "NtGdiAngleArc",
+        "NtGdiAnyLinkedFonts",
+        "NtGdiArcInternal",
+        "NtGdiBRUSHOBJ_DeleteRbrush",
+        "NtGdiBRUSHOBJ_hGetColorTransform",
+        "NtGdiBRUSHOBJ_pvAllocRbrush",
+        "NtGdiBRUSHOBJ_pvGetRbrush",
+        "NtGdiBRUSHOBJ_ulGetBrushColor",
+        "NtGdiBeginGdiRendering",
+        "NtGdiCLIPOBJ_bEnum",
+        "NtGdiCLIPOBJ_cEnumStart",
+        "NtGdiCLIPOBJ_ppoGetPath",
+        "NtGdiCancelDC",
+        "NtGdiChangeGhostFont",
+        "NtGdiCheckBitmapBits",
+        "NtGdiClearBitmapAttributes",
+        "NtGdiClearBrushAttributes",
+        "NtGdiColorCorrectPalette",
+        "NtGdiConfigureOPMProtectedOutput",
+        "NtGdiConvertMetafileRect",
+        "NtGdiCreateBitmapFromDxSurface",
+        "NtGdiCreateBitmapFromDxSurface2",
+        "NtGdiCreateColorTransform",
+        "NtGdiCreateEllipticRgn",
+        "NtGdiCreateHatchBrushInternal",
+        "NtGdiCreateMetafileDC",
+        "NtGdiCreateOPMProtectedOutputs",
+        "NtGdiCreateRoundRectRgn",
+        "NtGdiCreateServerMetaFile",
+        "NtGdiCreateSessionMappedDIBSection",
+        "NtGdiD3dContextCreate",
+        "NtGdiD3dContextDestroy",
+        "NtGdiD3dContextDestroyAll",
+        "NtGdiD3dValidateTextureStageState",
+        "NtGdiDDCCIGetCapabilitiesString",
+        "NtGdiDDCCIGetCapabilitiesStringLength",
+        "NtGdiDDCCIGetTimingReport",
+        "NtGdiDDCCIGetVCPFeature",
+        "NtGdiDDCCISaveCurrentSettings",
+        "NtGdiDDCCISetVCPFeature",
+        "NtGdiDdAddAttachedSurface",
+        "NtGdiDdAlphaBlt",
+        "NtGdiDdAttachSurface",
+        "NtGdiDdBeginMoCompFrame",
+        "NtGdiDdCanCreateD3DBuffer",
+        "NtGdiDdColorControl",
+        "NtGdiDdCreateD3DBuffer",
+        "NtGdiDdCreateDirectDrawObject",
+        "NtGdiDdCreateFullscreenSprite",
+        "NtGdiDdCreateMoComp",
+        "NtGdiDdDDIAbandonSwapChain",
+        "NtGdiDdDDIAcquireKeyedMutex",
+        "NtGdiDdDDIAcquireKeyedMutex2",
+        "NtGdiDdDDIAcquireSwapChain",
+        "NtGdiDdDDIAdjustFullscreenGamma",
+        "NtGdiDdDDICacheHybridQueryValue",
+        "NtGdiDdDDIChangeVideoMemoryReservation",
+        "NtGdiDdDDICheckExclusiveOwnership",
+        "NtGdiDdDDICheckMonitorPowerState",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport2",
+        "NtGdiDdDDICheckOcclusion",
+        "NtGdiDdDDICheckSharedResourceAccess",
+        "NtGdiDdDDICheckVidPnExclusiveOwnership",
+        "NtGdiDdDDICloseAdapter",
+        "NtGdiDdDDIConfigureSharedResource",
+        "NtGdiDdDDICreateAllocation",
+        "NtGdiDdDDICreateContext",
+        "NtGdiDdDDICreateContextVirtual",
+        "NtGdiDdDDICreateDCFromMemory",
+        "NtGdiDdDDICreateDevice",
+        "NtGdiDdDDICreateKeyedMutex",
+        "NtGdiDdDDICreateKeyedMutex2",
+        "NtGdiDdDDICreateOutputDupl",
+        "NtGdiDdDDICreateOverlay",
+        "NtGdiDdDDICreatePagingQueue",
+        "NtGdiDdDDICreateSwapChain",
+        "NtGdiDdDDICreateSynchronizationObject",
+        "NtGdiDdDDIDestroyAllocation",
+        "NtGdiDdDDIDestroyAllocation2",
+        "NtGdiDdDDIDestroyContext",
+        "NtGdiDdDDIDestroyDCFromMemory",
+        "NtGdiDdDDIDestroyDevice",
+        "NtGdiDdDDIDestroyKeyedMutex",
+        "NtGdiDdDDIDestroyOutputDupl",
+        "NtGdiDdDDIDestroyOverlay",
+        "NtGdiDdDDIDestroyPagingQueue",
+        "NtGdiDdDDIDestroySynchronizationObject",
+        "NtGdiDdDDIEnumAdapters",
+        "NtGdiDdDDIEnumAdapters2",
+        "NtGdiDdDDIEscape",
+        "NtGdiDdDDIEvict",
+        "NtGdiDdDDIFlipOverlay",
+        "NtGdiDdDDIFlushHeapTransitions",
+        "NtGdiDdDDIFreeGpuVirtualAddress",
+        "NtGdiDdDDIGetCachedHybridQueryValue",
+        "NtGdiDdDDIGetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetContextSchedulingPriority",
+        "NtGdiDdDDIGetDWMVerticalBlankEvent",
+        "NtGdiDdDDIGetDeviceState",
+        "NtGdiDdDDIGetDisplayModeList",
+        "NtGdiDdDDIGetMultisampleMethodList",
+        "NtGdiDdDDIGetOverlayState",
+        "NtGdiDdDDIGetPresentHistory",
+        "NtGdiDdDDIGetPresentQueueEvent",
+        "NtGdiDdDDIGetProcessSchedulingPriorityClass",
+        "NtGdiDdDDIGetResourcePresentPrivateDriverData",
+        "NtGdiDdDDIGetRuntimeData",
+        "NtGdiDdDDIGetScanLine",
+        "NtGdiDdDDIGetSetSwapChainMetadata",
+        "NtGdiDdDDIGetSharedPrimaryHandle",
+        "NtGdiDdDDIGetSharedResourceAdapterLuid",
+        "NtGdiDdDDIInvalidateActiveVidPn",
+        "NtGdiDdDDIInvalidateCache",
+        "NtGdiDdDDILock",
+        "NtGdiDdDDILock2",
+        "NtGdiDdDDIMakeResident",
+        "NtGdiDdDDIMapGpuVirtualAddress",
+        "NtGdiDdDDIMarkDeviceAsError",
+        "NtGdiDdDDINetDispGetNextChunkInfo",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceStatus",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceSupport",
+        "NtGdiDdDDINetDispStartMiracastDisplayDevice",
+        "NtGdiDdDDINetDispStopMiracastDisplayDevice",
+        "NtGdiDdDDINetDispStopSessions",
+        "NtGdiDdDDIOfferAllocations",
+        "NtGdiDdDDIOpenAdapterFromDeviceName",
+        "NtGdiDdDDIOpenAdapterFromHdc",
+        "NtGdiDdDDIOpenAdapterFromLuid",
+        "NtGdiDdDDIOpenKeyedMutex",
+        "NtGdiDdDDIOpenKeyedMutex2",
+        "NtGdiDdDDIOpenNtHandleFromName",
+        "NtGdiDdDDIOpenResource",
+        "NtGdiDdDDIOpenResourceFromNtHandle",
+        "NtGdiDdDDIOpenSwapChain",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle2",
+        "NtGdiDdDDIOpenSyncObjectNtHandleFromName",
+        "NtGdiDdDDIOpenSynchronizationObject",
+        "NtGdiDdDDIOutputDuplGetFrameInfo",
+        "NtGdiDdDDIOutputDuplGetMetaData",
+        "NtGdiDdDDIOutputDuplGetPointerShapeData",
+        "NtGdiDdDDIOutputDuplPresent",
+        "NtGdiDdDDIOutputDuplReleaseFrame",
+        "NtGdiDdDDIPinDirectFlipResources",
+        "NtGdiDdDDIPollDisplayChildren",
+        "NtGdiDdDDIPresent",
+        "NtGdiDdDDIPresentMultiPlaneOverlay",
+        "NtGdiDdDDIPresentMultiPlaneOverlay2",
+        "NtGdiDdDDIQueryAdapterInfo",
+        "NtGdiDdDDIQueryAllocationResidency",
+        "NtGdiDdDDIQueryClockCalibration",
+        "NtGdiDdDDIQueryRemoteVidPnSourceFromGdiDisplayName",
+        "NtGdiDdDDIQueryResourceInfo",
+        "NtGdiDdDDIQueryResourceInfoFromNtHandle",
+        "NtGdiDdDDIQueryStatistics",
+        "NtGdiDdDDIQueryVidPnExclusiveOwnership",
+        "NtGdiDdDDIQueryVideoMemoryInfo",
+        "NtGdiDdDDIReclaimAllocations",
+        "NtGdiDdDDIReclaimAllocations2",
+        "NtGdiDdDDIReleaseKeyedMutex",
+        "NtGdiDdDDIReleaseKeyedMutex2",
+        "NtGdiDdDDIReleaseProcessVidPnSourceOwners",
+        "NtGdiDdDDIReleaseSwapChain",
+        "NtGdiDdDDIRender",
+        "NtGdiDdDDIReserveGpuVirtualAddress",
+        "NtGdiDdDDISetAllocationPriority",
+        "NtGdiDdDDISetContextInProcessSchedulingPriority",
+        "NtGdiDdDDISetContextSchedulingPriority",
+        "NtGdiDdDDISetDisplayMode",
+        "NtGdiDdDDISetDisplayPrivateDriverFormat",
+        "NtGdiDdDDISetDodIndirectSwapchain",
+        "NtGdiDdDDISetGammaRamp",
+        "NtGdiDdDDISetHwProtectionTeardownRecovery",
+        "NtGdiDdDDISetProcessSchedulingPriorityClass",
+        "NtGdiDdDDISetQueuedLimit",
+        "NtGdiDdDDISetStablePowerState",
+        "NtGdiDdDDISetStereoEnabled",
+        "NtGdiDdDDISetSyncRefreshCountWaitTarget",
+        "NtGdiDdDDISetVidPnSourceHwProtection",
+        "NtGdiDdDDISetVidPnSourceOwner",
+        "NtGdiDdDDISetVidPnSourceOwner1",
+        "NtGdiDdDDIShareObjects",
+        "NtGdiDdDDISharedPrimaryLockNotification",
+        "NtGdiDdDDISharedPrimaryUnLockNotification",
+        "NtGdiDdDDISignalSynchronizationObject",
+        "NtGdiDdDDISignalSynchronizationObjectFromCpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu2",
+        "NtGdiDdDDISubmitCommand",
+        "NtGdiDdDDIUnlock",
+        "NtGdiDdDDIUnlock2",
+        "NtGdiDdDDIUnpinDirectFlipResources",
+        "NtGdiDdDDIUpdateGpuVirtualAddress",
+        "NtGdiDdDDIUpdateOverlay",
+        "NtGdiDdDDIWaitForIdle",
+        "NtGdiDdDDIWaitForSynchronizationObject",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromCpu",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromGpu",
+        "NtGdiDdDDIWaitForVerticalBlankEvent",
+        "NtGdiDdDDIWaitForVerticalBlankEvent2",
+        "NtGdiDdDeleteDirectDrawObject",
+        "NtGdiDdDestroyD3DBuffer",
+        "NtGdiDdDestroyFullscreenSprite",
+        "NtGdiDdDestroyMoComp",
+        "NtGdiDdEndMoCompFrame",
+        "NtGdiDdFlip",
+        "NtGdiDdFlipToGDISurface",
+        "NtGdiDdGetAvailDriverMemory",
+        "NtGdiDdGetBltStatus",
+        "NtGdiDdGetDC",
+        "NtGdiDdGetDriverInfo",
+        "NtGdiDdGetDriverState",
+        "NtGdiDdGetDxHandle",
+        "NtGdiDdGetFlipStatus",
+        "NtGdiDdGetInternalMoCompInfo",
+        "NtGdiDdGetMoCompBuffInfo",
+        "NtGdiDdGetMoCompFormats",
+        "NtGdiDdGetMoCompGuids",
+        "NtGdiDdGetScanLine",
+        "NtGdiDdLock",
+        "NtGdiDdNotifyFullscreenSpriteUpdate",
+        "NtGdiDdQueryDirectDrawObject",
+        "NtGdiDdQueryMoCompStatus",
+        "NtGdiDdQueryVisRgnUniqueness",
+        "NtGdiDdReenableDirectDrawObject",
+        "NtGdiDdReleaseDC",
+        "NtGdiDdRenderMoComp",
+        "NtGdiDdSetColorKey",
+        "NtGdiDdSetExclusiveMode",
+        "NtGdiDdSetGammaRamp",
+        "NtGdiDdSetOverlayPosition",
+        "NtGdiDdUnattachSurface",
+        "NtGdiDdUnlock",
+        "NtGdiDdUpdateOverlay",
+        "NtGdiDdWaitForVerticalBlank",
+        "NtGdiDeleteColorTransform",
+        "NtGdiDescribePixelFormat",
+        "NtGdiDestroyOPMProtectedOutput",
+        "NtGdiDestroyPhysicalMonitor",
+        "NtGdiDoBanding",
+        "NtGdiDrawEscape",
+        "NtGdiDvpAcquireNotification",
+        "NtGdiDvpCanCreateVideoPort",
+        "NtGdiDvpColorControl",
+        "NtGdiDvpCreateVideoPort",
+        "NtGdiDvpDestroyVideoPort",
+        "NtGdiDvpFlipVideoPort",
+        "NtGdiDvpGetVideoPortBandwidth",
+        "NtGdiDvpGetVideoPortConnectInfo",
+        "NtGdiDvpGetVideoPortField",
+        "NtGdiDvpGetVideoPortFlipStatus",
+        "NtGdiDvpGetVideoPortInputFormats",
+        "NtGdiDvpGetVideoPortLine",
+        "NtGdiDvpGetVideoPortOutputFormats",
+        "NtGdiDvpGetVideoSignalStatus",
+        "NtGdiDvpReleaseNotification",
+        "NtGdiDvpUpdateVideoPort",
+        "NtGdiDvpWaitForVideoPortSync",
+        "NtGdiDwmCreatedBitmapRemotingOutput",
+        "NtGdiDxgGenericThunk",
+        "NtGdiEllipse",
+        "NtGdiEnableEudc",
+        "NtGdiEndDoc",
+        "NtGdiEndGdiRendering",
+        "NtGdiEndPage",
+        "NtGdiEngAlphaBlend",
+        "NtGdiEngAssociateSurface",
+        "NtGdiEngBitBlt",
+        "NtGdiEngCheckAbort",
+        "NtGdiEngComputeGlyphSet",
+        "NtGdiEngCopyBits",
+        "NtGdiEngCreateBitmap",
+        "NtGdiEngCreateClip",
+        "NtGdiEngCreateDeviceBitmap",
+        "NtGdiEngCreateDeviceSurface",
+        "NtGdiEngCreatePalette",
+        "NtGdiEngDeleteClip",
+        "NtGdiEngDeletePalette",
+        "NtGdiEngDeletePath",
+        "NtGdiEngDeleteSurface",
+        "NtGdiEngEraseSurface",
+        "NtGdiEngFillPath",
+        "NtGdiEngGradientFill",
+        "NtGdiEngLineTo",
+        "NtGdiEngLockSurface",
+        "NtGdiEngMarkBandingSurface",
+        "NtGdiEngPaint",
+        "NtGdiEngPlgBlt",
+        "NtGdiEngStretchBlt",
+        "NtGdiEngStretchBltROP",
+        "NtGdiEngStrokeAndFillPath",
+        "NtGdiEngStrokePath",
+        "NtGdiEngTextOut",
+        "NtGdiEngTransparentBlt",
+        "NtGdiEngUnlockSurface",
+        "NtGdiEnumFonts",
+        "NtGdiEnumObjects",
+        "NtGdiEudcLoadUnloadLink",
+        "NtGdiExtFloodFill",
+        "NtGdiFONTOBJ_cGetAllGlyphHandles",
+        "NtGdiFONTOBJ_cGetGlyphs",
+        "NtGdiFONTOBJ_pQueryGlyphAttrs",
+        "NtGdiFONTOBJ_pfdg",
+        "NtGdiFONTOBJ_pifi",
+        "NtGdiFONTOBJ_pvTrueTypeFontFile",
+        "NtGdiFONTOBJ_pxoGetXform",
+        "NtGdiFONTOBJ_vGetInfo",
+        "NtGdiFlattenPath",
+        "NtGdiFontIsLinked",
+        "NtGdiForceUFIMapping",
+        "NtGdiFrameRgn",
+        "NtGdiFullscreenControl",
+        "NtGdiGetBoundsRect",
+        "NtGdiGetCOPPCompatibleOPMInformation",
+        "NtGdiGetCertificate",
+        "NtGdiGetCertificateByHandle",
+        "NtGdiGetCertificateSize",
+        "NtGdiGetCertificateSizeByHandle",
+        "NtGdiGetCharABCWidthsW",
+        "NtGdiGetCharacterPlacementW",
+        "NtGdiGetColorAdjustment",
+        "NtGdiGetColorSpaceforBitmap",
+        "NtGdiGetCurrentDpiInfo",
+        "NtGdiGetDeviceCaps",
+        "NtGdiGetDeviceCapsAll",
+        "NtGdiGetDeviceGammaRamp",
+        "NtGdiGetDeviceWidth",
+        "NtGdiGetDhpdev",
+        "NtGdiGetETM",
+        "NtGdiGetEmbUFI",
+        "NtGdiGetEmbedFonts",
+        "NtGdiGetEudcTimeStampEx",
+        "NtGdiGetFontFileData",
+        "NtGdiGetFontFileInfo",
+        "NtGdiGetFontResourceInfoInternalW",
+        "NtGdiGetFontUnicodeRanges",
+        "NtGdiGetGlyphIndicesW",
+        "NtGdiGetGlyphIndicesWInternal",
+        "NtGdiGetGlyphOutline",
+        "NtGdiGetKerningPairs",
+        "NtGdiGetLinkedUFIs",
+        "NtGdiGetMiterLimit",
+        "NtGdiGetMonitorID",
+        "NtGdiGetNumberOfPhysicalMonitors",
+        "NtGdiGetOPMInformation",
+        "NtGdiGetOPMRandomNumber",
+        "NtGdiGetObjectBitmapHandle",
+        "NtGdiGetPath",
+        "NtGdiGetPerBandInfo",
+        "NtGdiGetPhysicalMonitorDescription",
+        "NtGdiGetPhysicalMonitors",
+        "NtGdiGetRealizationInfo",
+        "NtGdiGetServerMetaFileBits",
+        "NtGdiGetSpoolMessage",
+        "NtGdiGetStats",
+        "NtGdiGetStringBitmapW",
+        "NtGdiGetSuggestedOPMProtectedOutputArraySize",
+        "NtGdiGetTextExtentExW",
+        "NtGdiGetUFI",
+        "NtGdiGetUFIPathname",
+        "NtGdiGradientFill",
+        "NtGdiHLSurfGetInformation",
+        "NtGdiHLSurfSetInformation",
+        "NtGdiHT_Get8BPPFormatPalette",
+        "NtGdiHT_Get8BPPMaskPalette",
+        "NtGdiIcmBrushInfo",
+        "NtGdiInit",
+        "NtGdiInitSpool",
+        "NtGdiMakeFontDir",
+        "NtGdiMakeInfoDC",
+        "NtGdiMakeObjectUnXferable",
+        "NtGdiMakeObjectXferable",
+        "NtGdiMirrorWindowOrg",
+        "NtGdiMonoBitmap",
+        "NtGdiMoveTo",
+        "NtGdiOffsetClipRgn",
+        "NtGdiPATHOBJ_bEnum",
+        "NtGdiPATHOBJ_bEnumClipLines",
+        "NtGdiPATHOBJ_vEnumStart",
+        "NtGdiPATHOBJ_vEnumStartClipLines",
+        "NtGdiPATHOBJ_vGetBounds",
+        "NtGdiPathToRegion",
+        "NtGdiPlgBlt",
+        "NtGdiPolyDraw",
+        "NtGdiPolyTextOutW",
+        "NtGdiPtInRegion",
+        "NtGdiPtVisible",
+        "NtGdiQueryFonts",
+        "NtGdiRemoveFontResourceW",
+        "NtGdiRemoveMergeFont",
+        "NtGdiResetDC",
+        "NtGdiResizePalette",
+        "NtGdiRoundRect",
+        "NtGdiSTROBJ_bEnum",
+        "NtGdiSTROBJ_bEnumPositionsOnly",
+        "NtGdiSTROBJ_bGetAdvanceWidths",
+        "NtGdiSTROBJ_dwGetCodePage",
+        "NtGdiSTROBJ_vEnumStart",
+        "NtGdiScaleViewportExtEx",
+        "NtGdiScaleWindowExtEx",
+        "NtGdiSelectBrush",
+        "NtGdiSelectClipPath",
+        "NtGdiSelectPen",
+        "NtGdiSetBitmapAttributes",
+        "NtGdiSetBrushAttributes",
+        "NtGdiSetColorAdjustment",
+        "NtGdiSetColorSpace",
+        "NtGdiSetDeviceGammaRamp",
+        "NtGdiSetFontXform",
+        "NtGdiSetIcmMode",
+        "NtGdiSetLinkedUFIs",
+        "NtGdiSetMagicColors",
+        "NtGdiSetOPMSigningKeyAndSequenceNumbers",
+        "NtGdiSetPUMPDOBJ",
+        "NtGdiSetPixelFormat",
+        "NtGdiSetRectRgn",
+        "NtGdiSetSizeDevice",
+        "NtGdiSetSystemPaletteUse",
+        "NtGdiSetTextJustification",
+        "NtGdiSetUMPDSandboxState",
+        "NtGdiStartDoc",
+        "NtGdiStartPage",
+        "NtGdiStrokeAndFillPath",
+        "NtGdiStrokePath",
+        "NtGdiSwapBuffers",
+        "NtGdiTransparentBlt",
+        "NtGdiUMPDEngFreeUserMem",
+        "NtGdiUnloadPrinterDriver",
+        "NtGdiUnmapMemFont",
+        "NtGdiUpdateColors",
+        "NtGdiUpdateTransform",
+        "NtGdiWidenPath",
+        "NtGdiXFORMOBJ_bApplyXform",
+        "NtGdiXFORMOBJ_iGetXform",
+        "NtGdiXLATEOBJ_cGetPalette",
+        "NtGdiXLATEOBJ_hGetColorTransform",
+        "NtGdiXLATEOBJ_iXlate",
+        "NtHWCursorUpdatePointer",
+        "NtNotifyPresentToCompositionSurface",
+        "NtOpenCompositionSurfaceDirtyRegion",
+        "NtOpenCompositionSurfaceSectionInfo",
+        "NtOpenCompositionSurfaceSwapChainHandleInfo",
+        "NtQueryCompositionInputIsImplicit",
+        "NtQueryCompositionInputQueueAndTransform",
+        "NtQueryCompositionInputSink",
+        "NtQueryCompositionInputSinkLuid",
+        "NtQueryCompositionInputSinkViewId",
+        "NtQueryCompositionSurfaceBinding",
+        "NtQueryCompositionSurfaceRenderingRealization",
+        "NtQueryCompositionSurfaceStatistics",
+        "NtRIMAddInputObserver",
+        "NtRIMGetDevicePreparsedDataLockfree",
+        "NtRIMObserveNextInput",
+        "NtRIMRemoveInputObserver",
+        "NtRIMUpdateInputObserverRegistration",
+        "NtSetCompositionSurfaceAnalogExclusive",
+        "NtSetCompositionSurfaceBufferCompositionModeAndOrientation",
+        "NtSetCompositionSurfaceIndependentFlipInfo",
+        "NtSetCompositionSurfaceOutOfFrameDirectFlipNotification",
+        "NtSetCompositionSurfaceStatistics",
+        "NtTokenManagerConfirmOutstandingAnalogToken",
+        "NtTokenManagerCreateCompositionTokenHandle",
+        "NtTokenManagerDeleteOutstandingDirectFlipTokens",
+        "NtTokenManagerGetAnalogExclusiveSurfaceUpdates",
+        "NtTokenManagerGetAnalogExclusiveTokenEvent",
+        "NtTokenManagerGetOutOfFrameDirectFlipSurfaceUpdates",
+        "NtTokenManagerOpenSectionAndEvents",
+        "NtTokenManagerThread",
+        "NtUnBindCompositionSurface",
+        "NtUpdateInputSinkTransforms",
+        "NtUserAcquireIAMKey",
+        "NtUserAddClipboardFormatListener",
+        "NtUserAssociateInputContext",
+        "NtUserAutoPromoteMouseInPointer",
+        "NtUserAutoRotateScreen",
+        "NtUserBlockInput",
+        "NtUserBuildHimcList",
+        "NtUserBuildPropList",
+        "NtUserCalculatePopupWindowPosition",
+        "NtUserCallHwndOpt",
+        "NtUserCanBrokerForceForeground",
+        "NtUserChangeDisplaySettings",
+        "NtUserChangeWindowMessageFilterEx",
+        "NtUserCheckAccessForIntegrityLevel",
+        "NtUserCheckProcessForClipboardAccess",
+        "NtUserCheckProcessSession",
+        "NtUserCheckWindowThreadDesktop",
+        "NtUserChildWindowFromPointEx",
+        "NtUserClearForeground",
+        "NtUserClipCursor",
+        "NtUserCompositionInputSinkLuidFromPoint",
+        "NtUserCreateDCompositionHwndTarget",
+        "NtUserCreateDesktopEx",
+        "NtUserCreateInputContext",
+        "NtUserCreateWindowStation",
+        "NtUserCtxDisplayIOCtl",
+        "NtUserDeferWindowPosAndBand",
+        "NtUserDelegateCapturePointers",
+        "NtUserDelegateInput",
+        "NtUserDestroyDCompositionHwndTarget",
+        "NtUserDestroyInputContext",
+        "NtUserDisableImmersiveOwner",
+        "NtUserDisableProcessWindowFiltering",
+        "NtUserDisableThreadIme",
+        "NtUserDiscardPointerFrameMessages",
+        "NtUserDisplayConfigGetDeviceInfo",
+        "NtUserDisplayConfigSetDeviceInfo",
+        "NtUserDoSoundConnect",
+        "NtUserDoSoundDisconnect",
+        "NtUserDragDetect",
+        "NtUserDragObject",
+        "NtUserDrawAnimatedRects",
+        "NtUserDrawCaption",
+        "NtUserDrawCaptionTemp",
+        "NtUserDrawMenuBarTemp",
+        "NtUserDwmGetRemoteSessionOcclusionEvent",
+        "NtUserDwmGetRemoteSessionOcclusionState",
+        "NtUserDwmKernelShutdown",
+        "NtUserDwmKernelStartup",
+        "NtUserDwmValidateWindow",
+        "NtUserEnableChildWindowDpiMessage",
+        "NtUserEnableIAMAccess",
+        "NtUserEnableMouseInPointer",
+        "NtUserEnableMouseInputForCursorSuppression",
+        "NtUserEnableTouchPad",
+        "NtUserEndMenu",
+        "NtUserEvent",
+        "NtUserFlashWindowEx",
+        "NtUserFrostCrashedWindow",
+        "NtUserGetAppImeLevel",
+        "NtUserGetAutoRotationState",
+        "NtUserGetCIMSSM",
+        "NtUserGetCaretPos",
+        "NtUserGetClipCursor",
+        "NtUserGetClipboardAccessToken",
+        "NtUserGetClipboardViewer",
+        "NtUserGetComboBoxInfo",
+        "NtUserGetCurrentInputMessageSource",
+        "NtUserGetCursorDims",
+        "NtUserGetCursorInfo",
+        "NtUserGetDManipHookInitFunction",
+        "NtUserGetDesktopID",
+        "NtUserGetDisplayAutoRotationPreferences",
+        "NtUserGetDisplayAutoRotationPreferencesByProcessId",
+        "NtUserGetDisplayConfigBufferSizes",
+        "NtUserGetDpiForMonitor",
+        "NtUserGetDpiSystemMetrics",
+        "NtUserGetGestureConfig",
+        "NtUserGetGestureExtArgs",
+        "NtUserGetGestureInfo",
+        "NtUserGetGuiResources",
+        "NtUserGetHimetricScaleFactorFromPixelLocation",
+        "NtUserGetImeHotKey",
+        "NtUserGetImeInfoEx",
+        "NtUserGetInputLocaleInfo",
+        "NtUserGetInternalWindowPos",
+        "NtUserGetKeyNameText",
+        "NtUserGetKeyboardLayoutName",
+        "NtUserGetLayeredWindowAttributes",
+        "NtUserGetListBoxInfo",
+        "NtUserGetMenuIndex",
+        "NtUserGetMenuItemRect",
+        "NtUserGetMouseMovePointsEx",
+        "NtUserGetPhysicalDeviceRect",
+        "NtUserGetPointerCursorId",
+        "NtUserGetPointerDevice",
+        "NtUserGetPointerDeviceCursors",
+        "NtUserGetPointerDeviceProperties",
+        "NtUserGetPointerDeviceRects",
+        "NtUserGetPointerDevices",
+        "NtUserGetPointerFrameArrivalTimes",
+        "NtUserGetPointerInfoList",
+        "NtUserGetPointerInputTransform",
+        "NtUserGetPointerType",
+        "NtUserGetPrecisionTouchPadConfiguration",
+        "NtUserGetPriorityClipboardFormat",
+        "NtUserGetProcessDpiAwareness",
+        "NtUserGetProcessUIContextInformation",
+        "NtUserGetQueueEventStatus",
+        "NtUserGetRawInputBuffer",
+        "NtUserGetRawInputData",
+        "NtUserGetRawInputDeviceInfo",
+        "NtUserGetRawInputDeviceList",
+        "NtUserGetRawPointerDeviceData",
+        "NtUserGetRegisteredRawInputDevices",
+        "NtUserGetTopLevelWindow",
+        "NtUserGetTouchInputInfo",
+        "NtUserGetTouchValidationStatus",
+        "NtUserGetUpdatedClipboardFormats",
+        "NtUserGetWOWClass",
+        "NtUserGetWindowBand",
+        "NtUserGetWindowCompositionAttribute",
+        "NtUserGetWindowCompositionInfo",
+        "NtUserGetWindowDisplayAffinity",
+        "NtUserGetWindowFeedbackSetting",
+        "NtUserGetWindowMinimizeRect",
+        "NtUserGetWindowRgnEx",
+        "NtUserGhostWindowFromHungWindow",
+        "NtUserHandleDelegatedInput",
+        "NtUserHardErrorControl",
+        "NtUserHidePointerContactVisualization",
+        "NtUserHiliteMenuItem",
+        "NtUserHungWindowFromGhostWindow",
+        "NtUserHwndQueryRedirectionInfo",
+        "NtUserHwndSetRedirectionInfo",
+        "NtUserImpersonateDdeClientWindow",
+        "NtUserInitTask",
+        "NtUserInitialize",
+        "NtUserInitializeClientPfnArrays",
+        "NtUserInitializeInputDeviceInjection",
+        "NtUserInitializePointerDeviceInjection",
+        "NtUserInitializeTouchInjection",
+        "NtUserInjectDeviceInput",
+        "NtUserInjectGesture",
+        "NtUserInjectKeyboardInput",
+        "NtUserInjectMouseInput",
+        "NtUserInjectPointerInput",
+        "NtUserInjectTouchInput",
+        "NtUserInternalClipCursor",
+        "NtUserInternalGetWindowIcon",
+        "NtUserIsChildWindowDpiMessageEnabled",
+        "NtUserIsMouseInPointerEnabled",
+        "NtUserIsMouseInputEnabled",
+        "NtUserIsTopLevelWindow",
+        "NtUserIsTouchWindow",
+        "NtUserIsWindowBroadcastingDpiToChildren",
+        "NtUserLayoutCompleted",
+        "NtUserLinkDpiCursor",
+        "NtUserLoadKeyboardLayoutEx",
+        "NtUserLockWindowStation",
+        "NtUserLockWorkStation",
+        "NtUserLogicalToPerMonitorDPIPhysicalPoint",
+        "NtUserLogicalToPhysicalPoint",
+        "NtUserMNDragLeave",
+        "NtUserMNDragOver",
+        "NtUserMagControl",
+        "NtUserMagGetContextInformation",
+        "NtUserMagSetContextInformation",
+        "NtUserMenuItemFromPoint",
+        "NtUserMinMaximize",
+        "NtUserModifyWindowTouchCapability",
+        "NtUserNavigateFocus",
+        "NtUserNotifyIMEStatus",
+        "NtUserOpenInputDesktop",
+        "NtUserOpenThreadDesktop",
+        "NtUserPaintMonitor",
+        "NtUserPerMonitorDPIPhysicalToLogicalPoint",
+        "NtUserPhysicalToLogicalPoint",
+        "NtUserPrintWindow",
+        "NtUserPromoteMouseInPointer",
+        "NtUserPromotePointer",
+        "NtUserQueryBSDRWindow",
+        "NtUserQueryDisplayConfig",
+        "NtUserQueryInformationThread",
+        "NtUserQueryInputContext",
+        "NtUserQuerySendMessage",
+        "NtUserRealChildWindowFromPoint",
+        "NtUserRealWaitMessageEx",
+        "NtUserRegisterBSDRWindow",
+        "NtUserRegisterDManipHook",
+        "NtUserRegisterEdgy",
+        "NtUserRegisterErrorReportingDialog",
+        "NtUserRegisterHotKey",
+        "NtUserRegisterManipulationThread",
+        "NtUserRegisterPointerDeviceNotifications",
+        "NtUserRegisterPointerInputTarget",
+        "NtUserRegisterRawInputDevices",
+        "NtUserRegisterServicesProcess",
+        "NtUserRegisterSessionPort",
+        "NtUserRegisterShellPTPListener",
+        "NtUserRegisterTasklist",
+        "NtUserRegisterTouchHitTestingWindow",
+        "NtUserRegisterTouchPadCapable",
+        "NtUserRegisterUserApiHook",
+        "NtUserReleaseDwmHitTestWaiters",
+        "NtUserRemoteConnect",
+        "NtUserRemoteRedrawRectangle",
+        "NtUserRemoteRedrawScreen",
+        "NtUserRemoteStopScreenUpdates",
+        "NtUserRemoveClipboardFormatListener",
+        "NtUserRemoveInjectionDevice",
+        "NtUserReportInertia",
+        "NtUserResolveDesktopForWOW",
+        "NtUserSendEventMessage",
+        "NtUserSetActivationFilter",
+        "NtUserSetActiveProcessForMonitor",
+        "NtUserSetAppImeLevel",
+        "NtUserSetAutoRotation",
+        "NtUserSetBrokeredForeground",
+        "NtUserSetCalibrationData",
+        "NtUserSetChildWindowNoActivate",
+        "NtUserSetClassWord",
+        "NtUserSetCoreWindow",
+        "NtUserSetCoreWindowPartner",
+        "NtUserSetCursorContents",
+        "NtUserSetDisplayAutoRotationPreferences",
+        "NtUserSetDisplayConfig",
+        "NtUserSetDisplayMapping",
+        "NtUserSetFallbackForeground",
+        "NtUserSetFeatureReportResponse",
+        "NtUserSetGestureConfig",
+        "NtUserSetImeHotKey",
+        "NtUserSetImeInfoEx",
+        "NtUserSetImeOwnerWindow",
+        "NtUserSetInternalWindowPos",
+        "NtUserSetLayeredWindowAttributes",
+        "NtUserSetManipulationInputTarget",
+        "NtUserSetMenu",
+        "NtUserSetMenuContextHelpId",
+        "NtUserSetMenuFlagRtoL",
+        "NtUserSetMirrorRendering",
+        "NtUserSetObjectInformation",
+        "NtUserSetPrecisionTouchPadConfiguration",
+        "NtUserSetProcessDpiAwareness",
+        "NtUserSetProcessRestrictionExemption",
+        "NtUserSetProcessUIAccessZorder",
+        "NtUserSetShellWindowEx",
+        "NtUserSetSysColors",
+        "NtUserSetSystemCursor",
+        "NtUserSetSystemTimer",
+        "NtUserSetThreadInputBlocked",
+        "NtUserSetThreadLayoutHandles",
+        "NtUserSetWindowArrangement",
+        "NtUserSetWindowBand",
+        "NtUserSetWindowCompositionAttribute",
+        "NtUserSetWindowCompositionTransition",
+        "NtUserSetWindowDisplayAffinity",
+        "NtUserSetWindowFeedbackSetting",
+        "NtUserSetWindowRgnEx",
+        "NtUserSetWindowShowState",
+        "NtUserSetWindowStationUser",
+        "NtUserShowSystemCursor",
+        "NtUserShutdownBlockReasonCreate",
+        "NtUserShutdownBlockReasonQuery",
+        "NtUserShutdownReasonDestroy",
+        "NtUserSignalRedirectionStartComplete",
+        "NtUserSlicerControl",
+        "NtUserSoundSentry",
+        "NtUserSwitchDesktop",
+        "NtUserTestForInteractiveUser",
+        "NtUserTrackPopupMenuEx",
+        "NtUserTransformPoint",
+        "NtUserTransformRect",
+        "NtUserUndelegateInput",
+        "NtUserUnloadKeyboardLayout",
+        "NtUserUnlockWindowStation",
+        "NtUserUnregisterHotKey",
+        "NtUserUnregisterSessionPort",
+        "NtUserUnregisterUserApiHook",
+        "NtUserUpdateDefaultDesktopThumbnail",
+        "NtUserUpdateInputContext",
+        "NtUserUpdateInstance",
+        "NtUserUpdateLayeredWindow",
+        "NtUserUpdatePerUserSystemParameters",
+        "NtUserUpdateWindowInputSinkHints",
+        "NtUserUpdateWindowTrackingInfo",
+        "NtUserUpdateWindowTransform",
+        "NtUserUserHandleGrantAccess",
+        "NtUserValidateHandleSecure",
+        "NtUserWaitAvailableMessageEx",
+        "NtUserWaitForInputIdle",
+        "NtUserWaitForMsgAndEvent",
+        "NtUserWaitForRedirectionStartComplete",
+        "NtUserWindowFromPhysicalPoint",
+        "NtValidateCompositionSurfaceHandle",
+        "NtVisualCaptureBits",
+        "NtUserSetClassLongPtr",
+        "NtUserSetWindowLongPtr"
+    ],
+    [
+        "NtAccessCheck",
+        "NtWorkerFactoryWorkerReady",
+        "NtAcceptConnectPort",
+        "NtMapUserPhysicalPagesScatter",
+        "NtWaitForSingleObject",
+        "NtCallbackReturn",
+        "NtReadFile",
+        "NtDeviceIoControlFile",
+        "NtWriteFile",
+        "NtRemoveIoCompletion",
+        "NtReleaseSemaphore",
+        "NtReplyWaitReceivePort",
+        "NtReplyPort",
+        "NtSetInformationThread",
+        "NtSetEvent",
+        "NtClose",
+        "NtQueryObject",
+        "NtQueryInformationFile",
+        "NtOpenKey",
+        "NtEnumerateValueKey",
+        "NtFindAtom",
+        "NtQueryDefaultLocale",
+        "NtQueryKey",
+        "NtQueryValueKey",
+        "NtAllocateVirtualMemory",
+        "NtQueryInformationProcess",
+        "NtWaitForMultipleObjects32",
+        "NtWriteFileGather",
+        "NtSetInformationProcess",
+        "NtCreateKey",
+        "NtFreeVirtualMemory",
+        "NtImpersonateClientOfPort",
+        "NtReleaseMutant",
+        "NtQueryInformationToken",
+        "NtRequestWaitReplyPort",
+        "NtQueryVirtualMemory",
+        "NtOpenThreadToken",
+        "NtQueryInformationThread",
+        "NtOpenProcess",
+        "NtSetInformationFile",
+        "NtMapViewOfSection",
+        "NtAccessCheckAndAuditAlarm",
+        "NtUnmapViewOfSection",
+        "NtReplyWaitReceivePortEx",
+        "NtTerminateProcess",
+        "NtSetEventBoostPriority",
+        "NtReadFileScatter",
+        "NtOpenThreadTokenEx",
+        "NtOpenProcessTokenEx",
+        "NtQueryPerformanceCounter",
+        "NtEnumerateKey",
+        "NtOpenFile",
+        "NtDelayExecution",
+        "NtQueryDirectoryFile",
+        "NtQuerySystemInformation",
+        "NtOpenSection",
+        "NtQueryTimer",
+        "NtFsControlFile",
+        "NtWriteVirtualMemory",
+        "NtCloseObjectAuditAlarm",
+        "NtDuplicateObject",
+        "NtQueryAttributesFile",
+        "NtClearEvent",
+        "NtReadVirtualMemory",
+        "NtOpenEvent",
+        "NtAdjustPrivilegesToken",
+        "NtDuplicateToken",
+        "NtContinue",
+        "NtQueryDefaultUILanguage",
+        "NtQueueApcThread",
+        "NtYieldExecution",
+        "NtAddAtom",
+        "NtCreateEvent",
+        "NtQueryVolumeInformationFile",
+        "NtCreateSection",
+        "NtFlushBuffersFile",
+        "NtApphelpCacheControl",
+        "NtCreateProcessEx",
+        "NtCreateThread",
+        "NtIsProcessInJob",
+        "NtProtectVirtualMemory",
+        "NtQuerySection",
+        "NtResumeThread",
+        "NtTerminateThread",
+        "NtReadRequestData",
+        "NtCreateFile",
+        "NtQueryEvent",
+        "NtWriteRequestData",
+        "NtOpenDirectoryObject",
+        "NtAccessCheckByTypeAndAuditAlarm",
+        "NtQuerySystemTime",
+        "NtWaitForMultipleObjects",
+        "NtSetInformationObject",
+        "NtCancelIoFile",
+        "NtTraceEvent",
+        "NtPowerInformation",
+        "NtSetValueKey",
+        "NtCancelTimer",
+        "NtSetTimer",
+        "NtAccessCheckByType",
+        "NtAccessCheckByTypeResultList",
+        "NtAccessCheckByTypeResultListAndAuditAlarm",
+        "NtAccessCheckByTypeResultListAndAuditAlarmByHandle",
+        "NtAddAtomEx",
+        "NtAddBootEntry",
+        "NtAddDriverEntry",
+        "NtAdjustGroupsToken",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAlertResumeThread",
+        "NtAlertThread",
+        "NtAlertThreadByThreadId",
+        "NtAllocateLocallyUniqueId",
+        "NtAllocateReserveObject",
+        "NtAllocateUserPhysicalPages",
+        "NtAllocateUuids",
+        "NtAlpcAcceptConnectPort",
+        "NtAlpcCancelMessage",
+        "NtAlpcConnectPort",
+        "NtAlpcConnectPortEx",
+        "NtAlpcCreatePort",
+        "NtAlpcCreatePortSection",
+        "NtAlpcCreateResourceReserve",
+        "NtAlpcCreateSectionView",
+        "NtAlpcCreateSecurityContext",
+        "NtAlpcDeletePortSection",
+        "NtAlpcDeleteResourceReserve",
+        "NtAlpcDeleteSectionView",
+        "NtAlpcDeleteSecurityContext",
+        "NtAlpcDisconnectPort",
+        "NtAlpcImpersonateClientContainerOfPort",
+        "NtAlpcImpersonateClientOfPort",
+        "NtAlpcOpenSenderProcess",
+        "NtAlpcOpenSenderThread",
+        "NtAlpcQueryInformation",
+        "NtAlpcQueryInformationMessage",
+        "NtAlpcRevokeSecurityContext",
+        "NtAlpcSendWaitReceivePort",
+        "NtAlpcSetInformation",
+        "NtAreMappedFilesTheSame",
+        "NtAssignProcessToJobObject",
+        "NtAssociateWaitCompletionPacket",
+        "NtCancelIoFileEx",
+        "NtCancelSynchronousIoFile",
+        "NtCancelTimer2",
+        "NtCancelWaitCompletionPacket",
+        "NtCommitComplete",
+        "NtCommitEnlistment",
+        "NtCommitTransaction",
+        "NtCompactKeys",
+        "NtCompareObjects",
+        "NtCompareTokens",
+        "ArbPreprocessEntry",
+        "NtCompressKey",
+        "NtConnectPort",
+        "NtCreateDebugObject",
+        "NtCreateDirectoryObject",
+        "NtCreateDirectoryObjectEx",
+        "NtCreateEnclave",
+        "NtCreateEnlistment",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtCreateIRTimer",
+        "NtCreateIoCompletion",
+        "NtCreateJobObject",
+        "ArbAddReserved",
+        "NtCreateKeyTransacted",
+        "NtCreateKeyedEvent",
+        "NtCreateLowBoxToken",
+        "NtCreateMailslotFile",
+        "NtCreateMutant",
+        "NtCreateNamedPipeFile",
+        "NtCreatePagingFile",
+        "NtCreatePartition",
+        "NtCreatePort",
+        "NtCreatePrivateNamespace",
+        "NtCreateProcess",
+        "NtCreateProfile",
+        "NtCreateProfileEx",
+        "NtCreateResourceManager",
+        "NtCreateSemaphore",
+        "NtCreateSymbolicLinkObject",
+        "NtCreateThreadEx",
+        "NtCreateTimer",
+        "NtCreateTimer2",
+        "NtCreateToken",
+        "NtCreateTokenEx",
+        "NtCreateTransaction",
+        "NtCreateTransactionManager",
+        "NtCreateUserProcess",
+        "NtCreateWaitCompletionPacket",
+        "NtCreateWaitablePort",
+        "NtCreateWnfStateName",
+        "NtCreateWorkerFactory",
+        "NtDebugActiveProcess",
+        "NtDebugContinue",
+        "NtDeleteAtom",
+        "NtDeleteBootEntry",
+        "NtDeleteDriverEntry",
+        "NtDeleteFile",
+        "NtDeleteKey",
+        "NtDeleteObjectAuditAlarm",
+        "NtDeletePrivateNamespace",
+        "NtDeleteValueKey",
+        "NtDeleteWnfStateData",
+        "NtDeleteWnfStateName",
+        "NtDisableLastKnownGood",
+        "NtDisplayString",
+        "NtDrawText",
+        "NtEnableLastKnownGood",
+        "NtEnumerateBootEntries",
+        "NtEnumerateDriverEntries",
+        "NtEnumerateSystemEnvironmentValuesEx",
+        "NtEnumerateTransactionObject",
+        "NtExtendSection",
+        "NtFilterBootOption",
+        "NtFilterToken",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtFlushBuffersFileEx",
+        "NtFlushInstallUILanguage",
+        "ArbPreprocessEntry",
+        "NtFlushKey",
+        "NtFlushProcessWriteBuffers",
+        "NtFlushVirtualMemory",
+        "NtFlushWriteBuffer",
+        "NtFreeUserPhysicalPages",
+        "NtFreezeRegistry",
+        "NtFreezeTransactions",
+        "NtGetCachedSigningLevel",
+        "NtGetCompleteWnfStateSubscription",
+        "NtGetContextThread",
+        "NtGetCurrentProcessorNumber",
+        "NtGetCurrentProcessorNumberEx",
+        "NtGetDevicePowerState",
+        "NtGetMUIRegistryInfo",
+        "NtGetNextProcess",
+        "NtGetNextThread",
+        "NtGetNlsSectionPtr",
+        "NtGetNotificationResourceManager",
+        "NtGetWriteWatch",
+        "NtImpersonateAnonymousToken",
+        "NtImpersonateThread",
+        "NtInitializeEnclave",
+        "NtInitializeNlsFiles",
+        "NtInitializeRegistry",
+        "NtInitiatePowerAction",
+        "NtIsSystemResumeAutomatic",
+        "NtIsUILanguageComitted",
+        "NtListenPort",
+        "NtLoadDriver",
+        "NtLoadEnclaveData",
+        "NtLoadKey",
+        "NtLoadKey2",
+        "NtLoadKeyEx",
+        "NtLockFile",
+        "NtLockProductActivationKeys",
+        "NtLockRegistryKey",
+        "NtLockVirtualMemory",
+        "NtMakePermanentObject",
+        "NtMakeTemporaryObject",
+        "NtManagePartition",
+        "NtMapCMFModule",
+        "NtMapUserPhysicalPages",
+        "NtModifyBootEntry",
+        "NtModifyDriverEntry",
+        "NtNotifyChangeDirectoryFile",
+        "NtNotifyChangeKey",
+        "NtNotifyChangeMultipleKeys",
+        "NtNotifyChangeSession",
+        "NtOpenEnlistment",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtOpenIoCompletion",
+        "NtOpenJobObject",
+        "NtOpenKeyEx",
+        "NtOpenKeyTransacted",
+        "NtOpenKeyTransactedEx",
+        "NtOpenKeyedEvent",
+        "NtOpenMutant",
+        "NtOpenObjectAuditAlarm",
+        "NtOpenPartition",
+        "NtOpenPrivateNamespace",
+        "NtOpenProcessToken",
+        "NtOpenResourceManager",
+        "NtOpenSemaphore",
+        "NtOpenSession",
+        "NtOpenSymbolicLinkObject",
+        "NtOpenThread",
+        "NtOpenTimer",
+        "NtOpenTransaction",
+        "NtOpenTransactionManager",
+        "NtPlugPlayControl",
+        "NtPrePrepareComplete",
+        "NtPrePrepareEnlistment",
+        "NtPrepareComplete",
+        "NtPrepareEnlistment",
+        "NtPrivilegeCheck",
+        "NtPrivilegeObjectAuditAlarm",
+        "NtPrivilegedServiceAuditAlarm",
+        "NtPropagationComplete",
+        "NtPropagationFailed",
+        "NtPulseEvent",
+        "NtQueryBootEntryOrder",
+        "NtQueryBootOptions",
+        "NtQueryDebugFilterState",
+        "NtQueryDirectoryObject",
+        "NtQueryDriverEntryOrder",
+        "NtQueryEaFile",
+        "NtQueryFullAttributesFile",
+        "NtQueryInformationAtom",
+        "NtQueryInformationEnlistment",
+        "NtQueryInformationJobObject",
+        "NtQueryInformationPort",
+        "NtQueryInformationResourceManager",
+        "NtQueryInformationTransaction",
+        "NtQueryInformationTransactionManager",
+        "NtQueryInformationWorkerFactory",
+        "NtQueryInstallUILanguage",
+        "NtQueryIntervalProfile",
+        "NtQueryIoCompletion",
+        "NtQueryLicenseValue",
+        "NtQueryMultipleValueKey",
+        "NtQueryMutant",
+        "NtQueryOpenSubKeys",
+        "NtQueryOpenSubKeysEx",
+        "NtQueryPortInformationProcess",
+        "NtQueryQuotaInformationFile",
+        "NtQuerySecurityAttributesToken",
+        "NtQuerySecurityObject",
+        "NtQuerySemaphore",
+        "NtQuerySymbolicLinkObject",
+        "NtQuerySystemEnvironmentValue",
+        "NtQuerySystemEnvironmentValueEx",
+        "NtQuerySystemInformationEx",
+        "NtQueryTimerResolution",
+        "NtQueryWnfStateData",
+        "NtQueryWnfStateNameInformation",
+        "NtQueueApcThreadEx",
+        "NtRaiseException",
+        "NtRaiseHardError",
+        "NtReadOnlyEnlistment",
+        "NtRecoverEnlistment",
+        "NtRecoverResourceManager",
+        "NtRecoverTransactionManager",
+        "NtRegisterProtocolAddressInformation",
+        "NtRegisterThreadTerminatePort",
+        "NtReleaseKeyedEvent",
+        "NtReleaseWorkerFactoryWorker",
+        "NtRemoveIoCompletionEx",
+        "NtRemoveProcessDebug",
+        "NtRenameKey",
+        "NtRenameTransactionManager",
+        "NtReplaceKey",
+        "NtReplacePartitionUnit",
+        "NtReplyWaitReplyPort",
+        "NtRequestPort",
+        "NtResetEvent",
+        "NtResetWriteWatch",
+        "NtRestoreKey",
+        "NtResumeProcess",
+        "NtRevertContainerImpersonation",
+        "NtRollbackComplete",
+        "NtRollbackEnlistment",
+        "NtRollbackTransaction",
+        "NtRollforwardTransactionManager",
+        "NtSaveKey",
+        "NtSaveKeyEx",
+        "NtSaveMergedKeys",
+        "NtSecureConnectPort",
+        "NtSerializeBoot",
+        "NtSetBootEntryOrder",
+        "NtSetBootOptions",
+        "NtSetCachedSigningLevel",
+        "NtSetContextThread",
+        "NtSetDebugFilterState",
+        "NtSetDefaultHardErrorPort",
+        "NtSetDefaultLocale",
+        "NtSetDefaultUILanguage",
+        "NtSetDriverEntryOrder",
+        "NtSetEaFile",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtSetIRTimer",
+        "NtSetInformationDebugObject",
+        "NtSetInformationEnlistment",
+        "NtSetInformationJobObject",
+        "NtSetInformationKey",
+        "NtSetInformationResourceManager",
+        "NtSetInformationSymbolicLink",
+        "NtSetInformationToken",
+        "NtSetInformationTransaction",
+        "NtSetInformationTransactionManager",
+        "NtSetInformationVirtualMemory",
+        "NtSetInformationWorkerFactory",
+        "NtSetIntervalProfile",
+        "NtSetIoCompletion",
+        "NtSetIoCompletionEx",
+        "BvgaSetVirtualFrameBuffer",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtSetQuotaInformationFile",
+        "NtSetSecurityObject",
+        "NtSetSystemEnvironmentValue",
+        "NtSetSystemEnvironmentValueEx",
+        "NtSetSystemInformation",
+        "NtSetSystemPowerState",
+        "NtSetSystemTime",
+        "NtSetThreadExecutionState",
+        "NtSetTimer2",
+        "NtSetTimerEx",
+        "NtSetTimerResolution",
+        "NtSetUuidSeed",
+        "NtSetVolumeInformationFile",
+        "NtSetWnfProcessNotificationEvent",
+        "NtShutdownSystem",
+        "NtShutdownWorkerFactory",
+        "NtSignalAndWaitForSingleObject",
+        "NtSinglePhaseReject",
+        "NtStartProfile",
+        "NtStopProfile",
+        "NtSubscribeWnfStateChange",
+        "NtSuspendProcess",
+        "NtSuspendThread",
+        "NtSystemDebugControl",
+        "NtTerminateJobObject",
+        "NtTestAlert",
+        "NtThawRegistry",
+        "NtThawTransactions",
+        "NtTraceControl",
+        "NtTranslateFilePath",
+        "NtUmsThreadYield",
+        "NtUnloadDriver",
+        "NtUnloadKey",
+        "NtUnloadKey2",
+        "NtUnloadKeyEx",
+        "NtUnlockFile",
+        "NtUnlockVirtualMemory",
+        "NtUnmapViewOfSectionEx",
+        "NtUnsubscribeWnfStateChange",
+        "NtUpdateWnfStateData",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtWaitForAlertByThreadId",
+        "NtWaitForDebugEvent",
+        "NtWaitForKeyedEvent",
+        "NtWaitForWorkViaWorkerFactory",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAdjustTokenClaimsAndDeviceGroups"
+    ]
+]
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win10_x64_14393_syscalls.py b/volatility/plugins/overlays/windows/win10_x64_14393_syscalls.py
new file mode 100644
index 000000000..cff8f3469
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_14393_syscalls.py
@@ -0,0 +1,1594 @@
+syscalls = [
+    [
+        "stub_UserGetOwnerTransformedMonitorRect",
+        "stub_UserYieldTask",
+        "stub_UserSetSensorPresence",
+        "NtUserGetThreadState",
+        "NtUserPeekMessage",
+        "NtUserCallOneParam",
+        "NtUserGetKeyState",
+        "NtUserInvalidateRect",
+        "NtUserCallNoParam",
+        "NtUserGetMessage",
+        "NtUserMessageCall",
+        "NtGdiBitBlt",
+        "NtGdiGetCharSet",
+        "NtUserGetDC",
+        "NtGdiSelectBitmap",
+        "NtUserWaitMessage",
+        "NtUserTranslateMessage",
+        "NtUserGetProp",
+        "NtUserPostMessage",
+        "NtUserQueryWindow",
+        "stub_UserTranslateAccelerator",
+        "NtGdiFlush",
+        "NtUserRedrawWindow",
+        "NtUserWindowFromPoint",
+        "NtUserCallMsgFilter",
+        "NtUserValidateTimerCallback",
+        "NtUserBeginPaint",
+        "NtUserSetTimer",
+        "NtUserEndPaint",
+        "NtUserSetCursor",
+        "NtUserKillTimer",
+        "NtUserBuildHwndList",
+        "NtUserSelectPalette",
+        "NtUserCallNextHookEx",
+        "NtUserHideCaret",
+        "NtGdiIntersectClipRect",
+        "NtUserCallHwndLock",
+        "NtUserGetProcessWindowStation",
+        "NtGdiDeleteObjectApp",
+        "NtUserSetWindowPos",
+        "NtUserShowCaret",
+        "stub_UserEndDeferWindowPosEx",
+        "NtUserCallHwndParamLock",
+        "NtUserVkKeyScanEx",
+        "NtGdiSetDIBitsToDeviceInternal",
+        "NtUserCallTwoParam",
+        "NtGdiGetRandomRgn",
+        "stub_UserCopyAcceleratorTable",
+        "NtUserNotifyWinEvent",
+        "NtGdiExtSelectClipRgn",
+        "NtUserIsClipboardFormatAvailable",
+        "NtUserSetScrollInfo",
+        "NtGdiStretchBlt",
+        "NtUserCreateCaret",
+        "NtGdiRectVisible",
+        "NtGdiCombineRgn",
+        "NtGdiGetDCObject",
+        "NtUserDispatchMessage",
+        "NtUserRegisterWindowMessage",
+        "NtGdiExtTextOutW",
+        "NtGdiSelectFont",
+        "NtGdiRestoreDC",
+        "NtGdiSaveDC",
+        "NtUserGetForegroundWindow",
+        "stub_UserShowScrollBar",
+        "NtUserFindExistingCursorIcon",
+        "NtGdiGetDCDword",
+        "NtGdiGetRegionData",
+        "NtGdiLineTo",
+        "NtUserSystemParametersInfo",
+        "NtGdiGetAppClipBox",
+        "NtUserGetAsyncKeyState",
+        "NtUserGetCPD",
+        "NtUserRemoveProp",
+        "NtGdiDoPalette",
+        "NtGdiPolyPolyDraw",
+        "NtUserSetCapture",
+        "NtUserEnumDisplayMonitors",
+        "NtGdiCreateCompatibleBitmap",
+        "NtUserSetProp",
+        "NtGdiGetTextCharsetInfo",
+        "stub_UserSBGetParms",
+        "NtUserGetIconInfo",
+        "stub_UserExcludeUpdateRgn",
+        "NtUserSetFocus",
+        "NtGdiExtGetObjectW",
+        "NtUserGetUpdateRect",
+        "NtGdiCreateCompatibleDC",
+        "NtUserGetClipboardSequenceNumber",
+        "NtGdiCreatePen",
+        "NtUserShowWindow",
+        "NtUserGetKeyboardLayoutList",
+        "NtGdiPatBlt",
+        "NtUserMapVirtualKeyEx",
+        "NtUserSetWindowLong",
+        "NtGdiHfontCreate",
+        "NtUserMoveWindow",
+        "NtUserPostThreadMessage",
+        "NtUserDrawIconEx",
+        "NtUserGetSystemMenu",
+        "NtGdiDrawStream",
+        "NtUserInternalGetWindowText",
+        "NtUserGetWindowDC",
+        "stub_GdiD3dDrawPrimitives2",
+        "stub_GdiInvertRgn",
+        "NtGdiGetRgnBox",
+        "NtGdiGetAndSetDCDword",
+        "stub_GdiMaskBlt",
+        "NtGdiGetWidthTable",
+        "NtUserScrollDC",
+        "NtUserGetObjectInformation",
+        "NtGdiCreateBitmap",
+        "NtUserFindWindowEx",
+        "NtGdiPolyPatBlt",
+        "NtUserUnhookWindowsHookEx",
+        "stub_GdiGetNearestColor",
+        "NtGdiTransformPoints",
+        "NtGdiGetDCPoint",
+        "stub_GdiCreateDIBBrush",
+        "NtGdiGetTextMetricsW",
+        "NtUserCreateWindowEx",
+        "NtUserSetParent",
+        "NtUserGetKeyboardState",
+        "NtUserToUnicodeEx",
+        "NtUserGetControlBrush",
+        "NtUserGetClassName",
+        "NtGdiAlphaBlend",
+        "stub_GdiDdBlt",
+        "NtGdiOffsetRgn",
+        "NtUserDefSetText",
+        "NtGdiGetTextFaceW",
+        "NtGdiStretchDIBitsInternal",
+        "NtUserSendInput",
+        "NtUserGetThreadDesktop",
+        "NtGdiCreateRectRgn",
+        "NtGdiGetDIBitsInternal",
+        "stub_UserGetUpdateRgn",
+        "NtGdiDeleteClientObj",
+        "NtUserGetIconSize",
+        "NtUserFillWindow",
+        "NtGdiExtCreateRegion",
+        "NtGdiComputeXformCoefficients",
+        "NtUserSetWindowsHookEx",
+        "stub_UserNotifyProcessCreate",
+        "stub_GdiUnrealizeObject",
+        "NtUserGetTitleBarInfo",
+        "NtGdiRectangle",
+        "NtUserSetThreadDesktop",
+        "NtUserGetDCEx",
+        "stub_UserGetScrollBarInfo",
+        "stub_GdiGetTextExtent",
+        "NtUserSetWindowFNID",
+        "NtGdiSetLayout",
+        "NtUserCalcMenuBar",
+        "NtUserThunkedMenuItemInfo",
+        "NtGdiExcludeClipRect",
+        "NtGdiCreateDIBSection",
+        "NtGdiGetDCforBitmap",
+        "NtUserDestroyCursor",
+        "NtUserDestroyWindow",
+        "NtUserCallHwndParam",
+        "NtGdiCreateDIBitmapInternal",
+        "stub_UserOpenWindowStation",
+        "stub_GdiDdDeleteSurfaceObject",
+        "stub_GdiDdCanCreateSurface",
+        "stub_GdiDdCreateSurface",
+        "NtUserSetCursorIconData",
+        "stub_GdiDdDestroySurface",
+        "NtUserCloseDesktop",
+        "NtUserOpenDesktop",
+        "stub_UserSetProcessWindowStation",
+        "NtUserGetAtomName",
+        "stub_GdiDdResetVisrgn",
+        "NtGdiExtCreatePen",
+        "NtGdiCreatePaletteInternal",
+        "stub_GdiSetBrushOrg",
+        "NtUserBuildNameList",
+        "NtGdiSetPixel",
+        "NtUserRegisterClassExWOW",
+        "NtGdiCreatePatternBrushInternal",
+        "NtUserGetAncestor",
+        "NtGdiGetOutlineTextMetricsInternalW",
+        "NtGdiSetBitmapBits",
+        "NtUserCloseWindowStation",
+        "NtUserGetDoubleClickTime",
+        "stub_UserEnableScrollBar",
+        "NtGdiCreateSolidBrush",
+        "NtUserGetClassInfoEx",
+        "NtGdiCreateClientObj",
+        "NtUserUnregisterClass",
+        "NtUserDeleteMenu",
+        "NtGdiRectInRegion",
+        "stub_UserScrollWindowEx",
+        "NtGdiGetPixel",
+        "NtUserSetClassLong",
+        "NtUserGetMenuBarInfo",
+        "stub_GdiDdCreateSurfaceEx",
+        "stub_GdiDdCreateSurfaceObject",
+        "stub_GdiGetNearestPaletteIndex",
+        "stub_GdiDdLockD3D",
+        "stub_GdiDdUnlockD3D",
+        "NtGdiGetCharWidthW",
+        "stub_UserInvalidateRgn",
+        "stub_UserGetClipboardOwner",
+        "NtUserSetWindowRgn",
+        "NtUserBitBltSysBmp",
+        "stub_GdiGetCharWidthInfo",
+        "NtUserValidateRect",
+        "NtUserCloseClipboard",
+        "NtUserOpenClipboard",
+        "stub_UserSetClipboardData",
+        "NtUserEnableMenuItem",
+        "NtUserAlterWindowStyle",
+        "NtGdiFillRgn",
+        "NtUserGetWindowPlacement",
+        "NtGdiModifyWorldTransform",
+        "NtGdiGetFontData",
+        "NtUserGetOpenClipboardWindow",
+        "NtUserSetThreadState",
+        "NtGdiOpenDCW",
+        "NtUserTrackMouseEvent",
+        "NtGdiGetTransform",
+        "NtUserDestroyMenu",
+        "NtGdiGetBitmapBits",
+        "stub_UserConsoleControl",
+        "NtUserSetActiveWindow",
+        "stub_UserSetInformationThread",
+        "stub_UserSetWindowPlacement",
+        "NtUserGetControlColor",
+        "NtGdiSetMetaRgn",
+        "stub_GdiSetMiterLimit",
+        "stub_GdiSetVirtualResolution",
+        "stub_GdiGetRasterizerCaps",
+        "stub_UserSetWindowWord",
+        "NtUserGetClipboardFormatName",
+        "NtUserRealInternalGetMessage",
+        "stub_UserCreateLocalMemHandle",
+        "NtUserAttachThreadInput",
+        "NtGdiCreateHalftonePalette",
+        "stub_UserPaintMenuBar",
+        "NtUserSetKeyboardState",
+        "stub_GdiCombineTransform",
+        "NtUserCreateAcceleratorTable",
+        "NtUserGetCursorFrameInfo",
+        "stub_UserGetAltTabInfo",
+        "NtUserGetCaretBlinkTime",
+        "NtGdiQueryFontAssocInfo",
+        "stub_UserProcessConnect",
+        "NtUserEnumDisplayDevices",
+        "stub_UserEmptyClipboard",
+        "NtUserGetClipboardData",
+        "NtUserRemoveMenu",
+        "NtGdiSetBoundsRect",
+        "stub_GdiGetBitmapDimension",
+        "stub_UserConvertMemHandle",
+        "NtUserDestroyAcceleratorTable",
+        "NtUserGetGUIThreadInfo",
+        "stub_GdiCloseFigure",
+        "stub_UserSetWindowsHookAW",
+        "stub_UserSetMenuDefaultItem",
+        "NtUserCheckMenuItem",
+        "NtUserSetWinEventHook",
+        "NtUserUnhookWinEvent",
+        "stub_UserLockWindowUpdate",
+        "stub_UserSetSystemMenu",
+        "NtUserThunkedMenuInfo",
+        "NtGdiBeginPath",
+        "NtGdiEndPath",
+        "NtGdiFillPath",
+        "NtUserCallHwnd",
+        "stub_UserDdeInitialize",
+        "NtUserModifyUserStartupInfoFlags",
+        "NtUserCountClipboardFormats",
+        "stub_GdiAddFontMemResourceEx",
+        "stub_GdiEqualRgn",
+        "stub_GdiGetSystemPaletteUse",
+        "stub_GdiRemoveFontMemResourceEx",
+        "NtUserEnumDisplaySettings",
+        "stub_UserPaintDesktop",
+        "stub_GdiExtEscape",
+        "stub_GdiSetBitmapDimension",
+        "stub_GdiSetFontEnumeration",
+        "NtUserChangeClipboardChain",
+        "NtUserSetClipboardViewer",
+        "stub_UserShowWindowAsync",
+        "stub_GdiCreateColorSpace",
+        "stub_GdiDeleteColorSpace",
+        "NtUserActivateKeyboardLayout",
+        "NtBindCompositionSurface",
+        "stub_CompositionInputThread",
+        "NtCompositionSetDropTarget",
+        "NtCreateCompositionInputSink",
+        "NtCreateCompositionSurfaceHandle",
+        "stub_CreateImplicitCompositionInputSink",
+        "NtDCompositionAddCrossDeviceVisualChild",
+        "stub_DCompositionBeginFrame",
+        "NtDCompositionCommitChannel",
+        "stub_DCompositionConfirmFrame",
+        "stub_DCompositionConnectPipe",
+        "NtDCompositionCreateAndBindSharedSection",
+        "NtDCompositionCreateChannel",
+        "stub_DCompositionCreateConnection",
+        "stub_DCompositionCreateDwmChannel",
+        "NtDCompositionCurrentBatchId",
+        "NtDCompositionDestroyChannel",
+        "stub_DCompositionDestroyConnection",
+        "stub_DCompositionDiscardFrame",
+        "stub_DCompositionDuplicateHandleToProcess",
+        "stub_DCompositionDuplicateSwapchainHandleToDwm",
+        "stub_DCompositionEnableDDASupport",
+        "stub_DCompositionEnableMMCSS",
+        "stub_DCompositionGetChannels",
+        "stub_DCompositionGetConnectionBatch",
+        "NtDCompositionGetDeletedResources",
+        "stub_DCompositionGetFrameLegacyTokens",
+        "NtDCompositionGetFrameStatistics",
+        "stub_DCompositionGetFrameSurfaceUpdates",
+        "NtDCompositionProcessChannelBatchBuffer",
+        "stub_DCompositionReferenceSharedResourceOnDwmChannel",
+        "stub_DCompositionRegisterThumbnailVisual",
+        "stub_DCompositionRegisterVirtualDesktopVisual",
+        "NtDCompositionReleaseAllResources",
+        "NtDCompositionRemoveCrossDeviceVisualChild",
+        "stub_DCompositionRetireFrame",
+        "NtDCompositionSetChannelCallbackId",
+        "NtDCompositionSetChannelCommitCompletionEvent",
+        "stub_DCompositionSetDebugCounter",
+        "stub_DCompositionSubmitDWMBatch",
+        "NtDCompositionSynchronize",
+        "NtDCompositionTelemetryAnimationScenarioBegin",
+        "NtDCompositionTelemetryAnimationScenarioReference",
+        "NtDCompositionTelemetryAnimationScenarioUnreference",
+        "NtDCompositionTelemetrySetApplicationId",
+        "NtDCompositionTelemetryTouchInteractionBegin",
+        "NtDCompositionTelemetryTouchInteractionEnd",
+        "NtDCompositionTelemetryTouchInteractionUpdate",
+        "stub_DCompositionUpdatePointerCapture",
+        "NtDCompositionWaitForChannel",
+        "stub_DesktopCaptureBits",
+        "stub_DuplicateCompositionInputSink",
+        "stub_GdiAbortDoc",
+        "stub_GdiAbortPath",
+        "stub_GdiAddEmbFontToDC",
+        "stub_GdiAddFontResourceW",
+        "stub_GdiAddRemoteFontToDC",
+        "stub_GdiAddRemoteMMInstanceToDC",
+        "stub_GdiAngleArc",
+        "NtGdiAnyLinkedFonts",
+        "stub_GdiArcInternal",
+        "stub_GdiBRUSHOBJ_DeleteRbrush",
+        "stub_GdiBRUSHOBJ_hGetColorTransform",
+        "stub_GdiBRUSHOBJ_pvAllocRbrush",
+        "stub_GdiBRUSHOBJ_pvGetRbrush",
+        "stub_GdiBRUSHOBJ_ulGetBrushColor",
+        "NtGdiBeginGdiRendering",
+        "stub_GdiCLIPOBJ_bEnum",
+        "stub_GdiCLIPOBJ_cEnumStart",
+        "stub_GdiCLIPOBJ_ppoGetPath",
+        "stub_GdiCancelDC",
+        "stub_GdiChangeGhostFont",
+        "stub_GdiCheckBitmapBits",
+        "stub_GdiClearBitmapAttributes",
+        "stub_GdiClearBrushAttributes",
+        "stub_GdiColorCorrectPalette",
+        "NtGdiConfigureOPMProtectedOutput",
+        "stub_GdiConvertMetafileRect",
+        "stub_GdiCreateBitmapFromDxSurface",
+        "NtGdiCreateBitmapFromDxSurface2",
+        "stub_GdiCreateColorTransform",
+        "stub_GdiCreateEllipticRgn",
+        "stub_GdiCreateHatchBrushInternal",
+        "stub_GdiCreateMetafileDC",
+        "NtGdiCreateOPMProtectedOutput",
+        "NtGdiCreateOPMProtectedOutputs",
+        "NtGdiCreateRoundRectRgn",
+        "stub_GdiCreateServerMetaFile",
+        "stub_GdiCreateSessionMappedDIBSection",
+        "stub_GdiD3dContextCreate",
+        "stub_GdiD3dContextDestroy",
+        "stub_GdiD3dContextDestroyAll",
+        "stub_GdiD3dValidateTextureStageState",
+        "stub_GdiDDCCIGetCapabilitiesString",
+        "stub_GdiDDCCIGetCapabilitiesStringLength",
+        "stub_GdiDDCCIGetTimingReport",
+        "stub_GdiDDCCIGetVCPFeature",
+        "stub_GdiDDCCISaveCurrentSettings",
+        "stub_GdiDDCCISetVCPFeature",
+        "stub_GdiDdAddAttachedSurface",
+        "stub_GdiDdAlphaBlt",
+        "stub_GdiDdAttachSurface",
+        "stub_GdiDdBeginMoCompFrame",
+        "stub_GdiDdCanCreateD3DBuffer",
+        "stub_GdiDdColorControl",
+        "stub_GdiDdCreateD3DBuffer",
+        "stub_GdiDdCreateDirectDrawObject",
+        "stub_GdiDdCreateFullscreenSprite",
+        "stub_GdiDdCreateMoComp",
+        "stub_GdiDdDDIAbandonSwapChain",
+        "stub_GdiDdDDIAcquireKeyedMutex",
+        "NtGdiDdDDIAcquireKeyedMutex2",
+        "stub_GdiDdDDIAcquireSwapChain",
+        "stub_GdiDdDDIAdjustFullscreenGamma",
+        "NtGdiDdDDICacheHybridQueryValue",
+        "stub_GdiDdDDIChangeVideoMemoryReservation",
+        "stub_GdiDdDDICheckExclusiveOwnership",
+        "stub_GdiDdDDICheckMonitorPowerState",
+        "stub_GdiDdDDICheckMultiPlaneOverlaySupport",
+        "stub_GdiDdDDICheckMultiPlaneOverlaySupport2",
+        "stub_GdiDdDDICheckMultiPlaneOverlaySupport3",
+        "stub_GdiDdDDICheckOcclusion",
+        "stub_GdiDdDDICheckSharedResourceAccess",
+        "stub_GdiDdDDICheckVidPnExclusiveOwnership",
+        "NtGdiDdDDICloseAdapter",
+        "NtGdiDdDDIConfigureSharedResource",
+        "NtGdiDdDDICreateAllocation",
+        "NtGdiDdDDICreateContext",
+        "NtGdiDdDDICreateContextVirtual",
+        "NtGdiDdDDICreateDCFromMemory",
+        "NtGdiDdDDICreateDevice",
+        "stub_GdiDdDDICreateKeyedMutex",
+        "NtGdiDdDDICreateKeyedMutex2",
+        "stub_GdiDdDDICreateOutputDupl",
+        "stub_GdiDdDDICreateOverlay",
+        "NtGdiDdDDICreatePagingQueue",
+        "stub_GdiDdDDICreateSwapChain",
+        "NtGdiDdDDICreateSynchronizationObject",
+        "NtGdiDdDDIDestroyAllocation",
+        "NtGdiDdDDIDestroyAllocation2",
+        "NtGdiDdDDIDestroyContext",
+        "NtGdiDdDDIDestroyDCFromMemory",
+        "NtGdiDdDDIDestroyDevice",
+        "NtGdiDdDDIDestroyKeyedMutex",
+        "stub_GdiDdDDIDestroyOutputDupl",
+        "stub_GdiDdDDIDestroyOverlay",
+        "NtGdiDdDDIDestroyPagingQueue",
+        "NtGdiDdDDIDestroySynchronizationObject",
+        "NtGdiDdDDIEnumAdapters",
+        "NtGdiDdDDIEnumAdapters2",
+        "NtGdiDdDDIEscape",
+        "NtGdiDdDDIEvict",
+        "stub_GdiDdDDIFlipOverlay",
+        "NtGdiDdDDIFlushHeapTransitions",
+        "NtGdiDdDDIFreeGpuVirtualAddress",
+        "NtGdiDdDDIGetCachedHybridQueryValue",
+        "stub_GdiDdDDIGetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetContextSchedulingPriority",
+        "stub_GdiDdDDIGetDWMVerticalBlankEvent",
+        "NtGdiDdDDIGetDeviceState",
+        "NtGdiDdDDIGetDisplayModeList",
+        "stub_GdiDdDDIGetMultisampleMethodList",
+        "stub_GdiDdDDIGetOverlayState",
+        "stub_GdiDdDDIGetPresentHistory",
+        "stub_GdiDdDDIGetPresentQueueEvent",
+        "stub_GdiDdDDIGetProcessSchedulingPriorityClass",
+        "stub_GdiDdDDIGetResourcePresentPrivateDriverData",
+        "stub_GdiDdDDIGetRuntimeData",
+        "stub_GdiDdDDIGetScanLine",
+        "stub_GdiDdDDIGetSetSwapChainMetadata",
+        "NtGdiDdDDIGetSharedPrimaryHandle",
+        "stub_GdiDdDDIGetSharedResourceAdapterLuid",
+        "stub_GdiDdDDIInvalidateActiveVidPn",
+        "stub_GdiDdDDIInvalidateCache",
+        "NtGdiDdDDILock",
+        "NtGdiDdDDILock2",
+        "NtGdiDdDDIMakeResident",
+        "NtGdiDdDDIMapGpuVirtualAddress",
+        "NtGdiDdDDIMarkDeviceAsError",
+        "stub_GdiDdDDINetDispGetNextChunkInfo",
+        "stub_GdiDdDDINetDispQueryMiracastDisplayDeviceStatus",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceSupport",
+        "stub_GdiDdDDINetDispStartMiracastDisplayDevice",
+        "stub_GdiDdDDINetDispStopMiracastDisplayDevice",
+        "stub_GdiDdDDINetDispStopSessions",
+        "NtGdiDdDDIOfferAllocations",
+        "NtGdiDdDDIOpenAdapterFromDeviceName",
+        "NtGdiDdDDIOpenAdapterFromHdc",
+        "NtGdiDdDDIOpenAdapterFromLuid",
+        "stub_GdiDdDDIOpenKeyedMutex",
+        "NtGdiDdDDIOpenKeyedMutex2",
+        "stub_GdiDdDDIOpenNtHandleFromName",
+        "NtGdiDdDDIOpenResource",
+        "NtGdiDdDDIOpenResourceFromNtHandle",
+        "stub_GdiDdDDIOpenSwapChain",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle",
+        "stub_GdiDdDDIOpenSyncObjectFromNtHandle2",
+        "stub_GdiDdDDIOpenSyncObjectNtHandleFromName",
+        "NtGdiDdDDIOpenSynchronizationObject",
+        "stub_GdiDdDDIOutputDuplGetFrameInfo",
+        "stub_GdiDdDDIOutputDuplGetMetaData",
+        "stub_GdiDdDDIOutputDuplGetPointerShapeData",
+        "stub_GdiDdDDIOutputDuplPresent",
+        "stub_GdiDdDDIOutputDuplReleaseFrame",
+        "stub_GdiDdDDIPinDirectFlipResources",
+        "NtGdiDdDDIPollDisplayChildren",
+        "NtGdiDdDDIPresent",
+        "stub_GdiDdDDIPresentMultiPlaneOverlay",
+        "stub_GdiDdDDIPresentMultiPlaneOverlay2",
+        "stub_GdiDdDDIPresentMultiPlaneOverlay3",
+        "NtGdiDdDDIQueryAdapterInfo",
+        "stub_GdiDdDDIQueryAllocationResidency",
+        "stub_GdiDdDDIQueryClockCalibration",
+        "stub_GdiDdDDIQueryFSEBlock",
+        "stub_GdiDdDDIQueryProcessOfferInfo",
+        "stub_GdiDdDDIQueryRemoteVidPnSourceFromGdiDisplayName",
+        "NtGdiDdDDIQueryResourceInfo",
+        "NtGdiDdDDIQueryResourceInfoFromNtHandle",
+        "stub_GdiDdDDIQueryStatistics",
+        "stub_GdiDdDDIQueryVidPnExclusiveOwnership",
+        "NtGdiDdDDIQueryVideoMemoryInfo",
+        "NtGdiDdDDIReclaimAllocations",
+        "NtGdiDdDDIReclaimAllocations2",
+        "stub_GdiDdDDIReleaseKeyedMutex",
+        "NtGdiDdDDIReleaseKeyedMutex2",
+        "stub_GdiDdDDIReleaseProcessVidPnSourceOwners",
+        "stub_GdiDdDDIReleaseSwapChain",
+        "NtGdiDdDDIRender",
+        "NtGdiDdDDIReserveGpuVirtualAddress",
+        "NtGdiDdDDISetAllocationPriority",
+        "stub_GdiDdDDISetContextInProcessSchedulingPriority",
+        "NtGdiDdDDISetContextSchedulingPriority",
+        "stub_GdiDdDDISetDisplayMode",
+        "stub_GdiDdDDISetDisplayPrivateDriverFormat",
+        "stub_GdiDdDDISetDodIndirectSwapchain",
+        "stub_GdiDdDDISetFSEBlock",
+        "stub_GdiDdDDISetGammaRamp",
+        "NtGdiDdDDISetHwProtectionTeardownRecovery",
+        "stub_GdiDdDDISetProcessSchedulingPriorityClass",
+        "NtGdiDdDDISetQueuedLimit",
+        "stub_GdiDdDDISetStablePowerState",
+        "stub_GdiDdDDISetStereoEnabled",
+        "stub_GdiDdDDISetSyncRefreshCountWaitTarget",
+        "stub_GdiDdDDISetVidPnSourceHwProtection",
+        "stub_GdiDdDDISetVidPnSourceOwner",
+        "stub_GdiDdDDISetVidPnSourceOwner1",
+        "NtGdiDdDDIShareObjects",
+        "stub_GdiDdDDISharedPrimaryLockNotification",
+        "stub_GdiDdDDISharedPrimaryUnLockNotification",
+        "NtGdiDdDDISignalSynchronizationObject",
+        "stub_GdiDdDDISignalSynchronizationObjectFromCpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu2",
+        "NtGdiDdDDISubmitCommand",
+        "stub_GdiDdDDITrimProcessCommitment",
+        "NtGdiDdDDIUnlock",
+        "NtGdiDdDDIUnlock2",
+        "stub_GdiDdDDIUnpinDirectFlipResources",
+        "stub_GdiDdDDIUpdateAllocationProperty",
+        "stub_GdiDdDDIUpdateGpuVirtualAddress",
+        "stub_GdiDdDDIUpdateOverlay",
+        "stub_GdiDdDDIWaitForIdle",
+        "NtGdiDdDDIWaitForSynchronizationObject",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromCpu",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromGpu",
+        "NtGdiDdDDIWaitForVerticalBlankEvent",
+        "stub_GdiDdDDIWaitForVerticalBlankEvent2",
+        "stub_GdiDdDeleteDirectDrawObject",
+        "stub_GdiDdDestroyD3DBuffer",
+        "stub_GdiDdDestroyFullscreenSprite",
+        "stub_GdiDdDestroyMoComp",
+        "stub_GdiDdEndMoCompFrame",
+        "stub_GdiDdFlip",
+        "stub_GdiDdFlipToGDISurface",
+        "stub_GdiDdGetAvailDriverMemory",
+        "stub_GdiDdGetBltStatus",
+        "stub_GdiDdGetDC",
+        "stub_GdiDdGetDriverInfo",
+        "stub_GdiDdGetDriverState",
+        "stub_GdiDdGetDxHandle",
+        "stub_GdiDdGetFlipStatus",
+        "stub_GdiDdGetInternalMoCompInfo",
+        "stub_GdiDdGetMoCompBuffInfo",
+        "stub_GdiDdGetMoCompFormats",
+        "stub_GdiDdGetMoCompGuids",
+        "stub_GdiDdGetScanLine",
+        "stub_GdiDdLock",
+        "stub_GdiDdNotifyFullscreenSpriteUpdate",
+        "stub_GdiDdQueryDirectDrawObject",
+        "stub_GdiDdQueryMoCompStatus",
+        "stub_GdiDdQueryVisRgnUniqueness",
+        "stub_GdiDdReenableDirectDrawObject",
+        "stub_GdiDdReleaseDC",
+        "stub_GdiDdRenderMoComp",
+        "stub_GdiDdSetColorKey",
+        "stub_GdiDdSetExclusiveMode",
+        "stub_GdiDdSetGammaRamp",
+        "stub_GdiDdSetOverlayPosition",
+        "stub_GdiDdUnattachSurface",
+        "stub_GdiDdUnlock",
+        "stub_GdiDdUpdateOverlay",
+        "stub_GdiDdWaitForVerticalBlank",
+        "stub_GdiDeleteColorTransform",
+        "stub_GdiDescribePixelFormat",
+        "NtGdiDestroyOPMProtectedOutput",
+        "stub_GdiDestroyPhysicalMonitor",
+        "stub_GdiDoBanding",
+        "stub_GdiDrawEscape",
+        "stub_GdiDvpAcquireNotification",
+        "stub_GdiDvpCanCreateVideoPort",
+        "stub_GdiDvpColorControl",
+        "stub_GdiDvpCreateVideoPort",
+        "stub_GdiDvpDestroyVideoPort",
+        "stub_GdiDvpFlipVideoPort",
+        "stub_GdiDvpGetVideoPortBandwidth",
+        "stub_GdiDvpGetVideoPortConnectInfo",
+        "stub_GdiDvpGetVideoPortField",
+        "stub_GdiDvpGetVideoPortFlipStatus",
+        "stub_GdiDvpGetVideoPortInputFormats",
+        "stub_GdiDvpGetVideoPortLine",
+        "stub_GdiDvpGetVideoPortOutputFormats",
+        "stub_GdiDvpGetVideoSignalStatus",
+        "stub_GdiDvpReleaseNotification",
+        "stub_GdiDvpUpdateVideoPort",
+        "stub_GdiDvpWaitForVideoPortSync",
+        "stub_GdiDwmCreatedBitmapRemotingOutput",
+        "stub_GdiDxgGenericThunk",
+        "NtGdiEllipse",
+        "stub_GdiEnableEudc",
+        "stub_GdiEndDoc",
+        "NtGdiEndGdiRendering",
+        "stub_GdiEndPage",
+        "stub_GdiEngAlphaBlend",
+        "stub_GdiEngAssociateSurface",
+        "stub_GdiEngBitBlt",
+        "stub_GdiEngCheckAbort",
+        "stub_GdiEngComputeGlyphSet",
+        "stub_GdiEngCopyBits",
+        "stub_GdiEngCreateBitmap",
+        "stub_GdiEngCreateClip",
+        "stub_GdiEngCreateDeviceBitmap",
+        "stub_GdiEngCreateDeviceSurface",
+        "stub_GdiEngCreatePalette",
+        "stub_GdiEngDeleteClip",
+        "stub_GdiEngDeletePalette",
+        "stub_GdiEngDeletePath",
+        "stub_GdiEngDeleteSurface",
+        "stub_GdiEngEraseSurface",
+        "stub_GdiEngFillPath",
+        "stub_GdiEngGradientFill",
+        "stub_GdiEngLineTo",
+        "stub_GdiEngLockSurface",
+        "stub_GdiEngMarkBandingSurface",
+        "stub_GdiEngPaint",
+        "stub_GdiEngPlgBlt",
+        "stub_GdiEngStretchBlt",
+        "stub_GdiEngStretchBltROP",
+        "stub_GdiEngStrokeAndFillPath",
+        "stub_GdiEngStrokePath",
+        "stub_GdiEngTextOut",
+        "stub_GdiEngTransparentBlt",
+        "stub_GdiEngUnlockSurface",
+        "NtGdiEnumFonts",
+        "stub_GdiEnumObjects",
+        "stub_GdiEudcLoadUnloadLink",
+        "stub_GdiExtFloodFill",
+        "stub_GdiFONTOBJ_cGetAllGlyphHandles",
+        "stub_GdiFONTOBJ_cGetGlyphs",
+        "stub_GdiFONTOBJ_pQueryGlyphAttrs",
+        "stub_GdiFONTOBJ_pfdg",
+        "stub_GdiFONTOBJ_pifi",
+        "stub_GdiFONTOBJ_pvTrueTypeFontFile",
+        "stub_GdiFONTOBJ_pxoGetXform",
+        "stub_GdiFONTOBJ_vGetInfo",
+        "stub_GdiFlattenPath",
+        "NtGdiFontIsLinked",
+        "stub_GdiForceUFIMapping",
+        "NtGdiFrameRgn",
+        "stub_GdiFullscreenControl",
+        "NtGdiGetBoundsRect",
+        "stub_GdiGetCOPPCompatibleOPMInformation",
+        "stub_GdiGetCertificate",
+        "NtGdiGetCertificateByHandle",
+        "stub_GdiGetCertificateSize",
+        "NtGdiGetCertificateSizeByHandle",
+        "NtGdiGetCharABCWidthsW",
+        "stub_GdiGetCharacterPlacementW",
+        "stub_GdiGetColorAdjustment",
+        "stub_GdiGetColorSpaceforBitmap",
+        "NtGdiGetCurrentDpiInfo",
+        "NtGdiGetDeviceCaps",
+        "stub_GdiGetDeviceCapsAll",
+        "stub_GdiGetDeviceGammaRamp",
+        "NtGdiGetDeviceWidth",
+        "stub_GdiGetDhpdev",
+        "stub_GdiGetETM",
+        "stub_GdiGetEmbUFI",
+        "stub_GdiGetEmbedFonts",
+        "NtGdiGetEntry",
+        "stub_GdiGetEudcTimeStampEx",
+        "stub_GdiGetFontFileData",
+        "stub_GdiGetFontFileInfo",
+        "stub_GdiGetFontResourceInfoInternalW",
+        "stub_GdiGetFontUnicodeRanges",
+        "NtGdiGetGlyphIndicesW",
+        "stub_GdiGetGlyphIndicesWInternal",
+        "stub_GdiGetGlyphOutline",
+        "stub_GdiGetKerningPairs",
+        "stub_GdiGetLinkedUFIs",
+        "stub_GdiGetMiterLimit",
+        "NtGdiGetMonitorID",
+        "NtGdiGetNumberOfPhysicalMonitors",
+        "NtGdiGetOPMInformation",
+        "NtGdiGetOPMRandomNumber",
+        "stub_GdiGetObjectBitmapHandle",
+        "stub_GdiGetPath",
+        "stub_GdiGetPerBandInfo",
+        "stub_GdiGetPhysicalMonitorDescription",
+        "stub_GdiGetPhysicalMonitors",
+        "stub_GdiGetProcessSessionFonts",
+        "stub_GdiGetPublicFontTableChangeCookie",
+        "NtGdiGetRealizationInfo",
+        "stub_GdiGetServerMetaFileBits",
+        "stub_GdiGetSpoolMessage",
+        "stub_GdiGetStats",
+        "stub_GdiGetStringBitmapW",
+        "NtGdiGetSuggestedOPMProtectedOutputArraySize",
+        "NtGdiGetTextExtentExW",
+        "stub_GdiGetUFI",
+        "stub_GdiGetUFIPathname",
+        "NtGdiGradientFill",
+        "stub_GdiHLSurfGetInformation",
+        "stub_GdiHLSurfSetInformation",
+        "stub_GdiHT_Get8BPPFormatPalette",
+        "stub_GdiHT_Get8BPPMaskPalette",
+        "stub_GdiIcmBrushInfo",
+        "NtGdiInit",
+        "stub_GdiInitSpool",
+        "stub_GdiMakeFontDir",
+        "stub_GdiMakeInfoDC",
+        "stub_GdiMakeObjectUnXferable",
+        "stub_GdiMakeObjectXferable",
+        "stub_GdiMirrorWindowOrg",
+        "stub_GdiMonoBitmap",
+        "stub_GdiMoveTo",
+        "stub_GdiOffsetClipRgn",
+        "stub_GdiPATHOBJ_bEnum",
+        "stub_GdiPATHOBJ_bEnumClipLines",
+        "stub_GdiPATHOBJ_vEnumStart",
+        "stub_GdiPATHOBJ_vEnumStartClipLines",
+        "stub_GdiPATHOBJ_vGetBounds",
+        "stub_GdiPathToRegion",
+        "stub_GdiPlgBlt",
+        "stub_GdiPolyDraw",
+        "stub_GdiPolyTextOutW",
+        "stub_GdiPtInRegion",
+        "stub_GdiPtVisible",
+        "stub_GdiQueryFonts",
+        "stub_GdiRemoveFontResourceW",
+        "stub_GdiRemoveMergeFont",
+        "stub_GdiResetDC",
+        "stub_GdiResizePalette",
+        "NtGdiRoundRect",
+        "stub_GdiSTROBJ_bEnum",
+        "stub_GdiSTROBJ_bEnumPositionsOnly",
+        "stub_GdiSTROBJ_bGetAdvanceWidths",
+        "stub_GdiSTROBJ_dwGetCodePage",
+        "stub_GdiSTROBJ_vEnumStart",
+        "stub_GdiScaleViewportExtEx",
+        "stub_GdiScaleWindowExtEx",
+        "stub_GdiSelectBrush",
+        "NtGdiSelectClipPath",
+        "stub_GdiSelectPen",
+        "stub_GdiSetBitmapAttributes",
+        "stub_GdiSetBrushAttributes",
+        "stub_GdiSetColorAdjustment",
+        "stub_GdiSetColorSpace",
+        "stub_GdiSetDeviceGammaRamp",
+        "stub_GdiSetFontXform",
+        "NtGdiSetIcmMode",
+        "stub_GdiSetLinkedUFIs",
+        "stub_GdiSetMagicColors",
+        "NtGdiSetOPMSigningKeyAndSequenceNumbers",
+        "stub_GdiSetPUMPDOBJ",
+        "stub_GdiSetPixelFormat",
+        "stub_GdiSetRectRgn",
+        "stub_GdiSetSizeDevice",
+        "stub_GdiSetSystemPaletteUse",
+        "stub_GdiSetTextJustification",
+        "NtGdiSetUMPDSandboxState",
+        "stub_GdiStartDoc",
+        "stub_GdiStartPage",
+        "stub_GdiStrokeAndFillPath",
+        "NtGdiStrokePath",
+        "stub_GdiSwapBuffers",
+        "NtGdiTransparentBlt",
+        "stub_GdiUMPDEngFreeUserMem",
+        "stub_GdiUnloadPrinterDriver",
+        "stub_GdiUnmapMemFont",
+        "stub_GdiUpdateColors",
+        "stub_GdiUpdateTransform",
+        "stub_GdiWidenPath",
+        "stub_GdiXFORMOBJ_bApplyXform",
+        "stub_GdiXFORMOBJ_iGetXform",
+        "stub_GdiXLATEOBJ_cGetPalette",
+        "stub_GdiXLATEOBJ_hGetColorTransform",
+        "stub_GdiXLATEOBJ_iXlate",
+        "stub_HWCursorUpdatePointer",
+        "stub_NotifyPresentToCompositionSurface",
+        "stub_OpenCompositionSurfaceDirtyRegion",
+        "stub_OpenCompositionSurfaceSectionInfo",
+        "stub_OpenCompositionSurfaceSwapChainHandleInfo",
+        "stub_QueryCompositionInputIsImplicit",
+        "stub_QueryCompositionInputQueueAndTransform",
+        "stub_QueryCompositionInputSink",
+        "stub_QueryCompositionInputSinkLuid",
+        "stub_QueryCompositionInputSinkViewId",
+        "stub_QueryCompositionSurfaceBinding",
+        "stub_QueryCompositionSurfaceHDRMetaData",
+        "stub_QueryCompositionSurfaceRenderingRealization",
+        "NtQueryCompositionSurfaceStatistics",
+        "stub_RIMAddInputObserver",
+        "stub_RIMGetDevicePreparsedDataLockfree",
+        "stub_RIMObserveNextInput",
+        "stub_RIMRemoveInputObserver",
+        "stub_RIMUpdateInputObserverRegistration",
+        "stub_SetCompositionSurfaceAnalogExclusive",
+        "stub_SetCompositionSurfaceBufferCompositionModeAndOrientation",
+        "stub_SetCompositionSurfaceDirectFlipState",
+        "stub_SetCompositionSurfaceHDRMetaData",
+        "stub_SetCompositionSurfaceIndependentFlipInfo",
+        "stub_SetCompositionSurfaceStatistics",
+        "stub_TokenManagerConfirmOutstandingAnalogToken",
+        "NtTokenManagerCreateCompositionTokenHandle",
+        "stub_TokenManagerGetAnalogExclusiveSurfaceUpdates",
+        "stub_TokenManagerGetAnalogExclusiveTokenEvent",
+        "stub_TokenManagerOpenSectionAndEvents",
+        "stub_TokenManagerThread",
+        "NtUnBindCompositionSurface",
+        "stub_UpdateInputSinkTransforms",
+        "stub_UserAcquireIAMKey",
+        "stub_UserAcquireInteractiveControlBackgroundAccess",
+        "stub_UserAddClipboardFormatListener",
+        "NtUserAssociateInputContext",
+        "NtUserAutoPromoteMouseInPointer",
+        "stub_UserAutoRotateScreen",
+        "stub_UserBlockInput",
+        "stub_UserBroadcastThemeChangeEvent",
+        "NtUserBuildHimcList",
+        "stub_UserBuildPropList",
+        "stub_UserCalculatePopupWindowPosition",
+        "stub_UserCallHwndOpt",
+        "stub_UserCanBrokerForceForeground",
+        "stub_UserChangeDisplaySettings",
+        "NtUserChangeWindowMessageFilterEx",
+        "stub_UserCheckAccessForIntegrityLevel",
+        "stub_UserCheckProcessForClipboardAccess",
+        "stub_UserCheckProcessSession",
+        "stub_UserCheckWindowThreadDesktop",
+        "NtUserChildWindowFromPointEx",
+        "stub_UserClearForeground",
+        "NtUserClipCursor",
+        "stub_UserCompositionInputSinkLuidFromPoint",
+        "NtUserCreateDCompositionHwndTarget",
+        "stub_UserCreateDesktopEx",
+        "NtUserCreateInputContext",
+        "stub_UserCreateWindowStation",
+        "stub_UserCtxDisplayIOCtl",
+        "stub_UserDeferWindowPosAndBand",
+        "NtUserDelegateCapturePointers",
+        "NtUserDelegateInput",
+        "NtUserDestroyDCompositionHwndTarget",
+        "NtUserDestroyInputContext",
+        "stub_UserDisableImmersiveOwner",
+        "stub_UserDisableProcessWindowFiltering",
+        "NtUserDisableThreadIme",
+        "stub_UserDiscardPointerFrameMessages",
+        "NtUserDisplayConfigGetDeviceInfo",
+        "stub_UserDisplayConfigSetDeviceInfo",
+        "stub_UserDoSoundConnect",
+        "stub_UserDoSoundDisconnect",
+        "stub_UserDragDetect",
+        "stub_UserDragObject",
+        "stub_UserDrawAnimatedRects",
+        "stub_UserDrawCaption",
+        "stub_UserDrawCaptionTemp",
+        "stub_UserDrawMenuBarTemp",
+        "stub_UserDwmGetRemoteSessionOcclusionEvent",
+        "stub_UserDwmGetRemoteSessionOcclusionState",
+        "stub_UserDwmKernelShutdown",
+        "stub_UserDwmKernelStartup",
+        "stub_UserDwmValidateWindow",
+        "stub_UserEnableChildWindowDpiMessage",
+        "stub_UserEnableIAMAccess",
+        "NtUserEnableMouseInPointer",
+        "stub_UserEnableMouseInputForCursorSuppression",
+        "stub_UserEnableNonClientDpiScaling",
+        "stub_UserEnableTouchPad",
+        "NtUserEndMenu",
+        "stub_UserEvent",
+        "stub_UserFlashWindowEx",
+        "stub_UserFrostCrashedWindow",
+        "stub_UserGetAppImeLevel",
+        "stub_UserGetAutoRotationState",
+        "NtUserGetCIMSSM",
+        "NtUserGetCaretPos",
+        "stub_UserGetClipCursor",
+        "stub_UserGetClipboardAccessToken",
+        "stub_UserGetClipboardViewer",
+        "stub_UserGetComboBoxInfo",
+        "NtUserGetCurrentInputMessageSource",
+        "NtUserGetCursorDims",
+        "NtUserGetCursorInfo",
+        "NtUserGetDManipHookInitFunction",
+        "stub_UserGetDesktopID",
+        "stub_UserGetDisplayAutoRotationPreferences",
+        "stub_UserGetDisplayAutoRotationPreferencesByProcessId",
+        "NtUserGetDisplayConfigBufferSizes",
+        "NtUserGetDpiForMonitor",
+        "NtUserGetGestureConfig",
+        "stub_UserGetGestureExtArgs",
+        "NtUserGetGestureInfo",
+        "stub_UserGetGuiResources",
+        "stub_UserGetHimetricScaleFactorFromPixelLocation",
+        "NtUserGetImeHotKey",
+        "NtUserGetImeInfoEx",
+        "stub_UserGetInputLocaleInfo",
+        "stub_UserGetInteractiveControlDeviceInfo",
+        "stub_UserGetInteractiveControlInfo",
+        "stub_UserGetInternalWindowPos",
+        "NtUserGetKeyNameText",
+        "NtUserGetKeyboardLayoutName",
+        "NtUserGetLayeredWindowAttributes",
+        "stub_UserGetListBoxInfo",
+        "stub_UserGetMenuIndex",
+        "NtUserGetMenuItemRect",
+        "stub_UserGetMouseMovePointsEx",
+        "NtUserGetPhysicalDeviceRect",
+        "NtUserGetPointerCursorId",
+        "NtUserGetPointerDevice",
+        "stub_UserGetPointerDeviceCursors",
+        "NtUserGetPointerDeviceProperties",
+        "NtUserGetPointerDeviceRects",
+        "NtUserGetPointerDevices",
+        "NtUserGetPointerFrameArrivalTimes",
+        "NtUserGetPointerInfoList",
+        "NtUserGetPointerInputTransform",
+        "NtUserGetPointerType",
+        "NtUserGetPrecisionTouchPadConfiguration",
+        "stub_UserGetPriorityClipboardFormat",
+        "NtUserGetProcessDpiAwarenessContext",
+        "NtUserGetProcessUIContextInformation",
+        "NtUserGetQueueStatusReadonly",
+        "stub_UserGetRawInputBuffer",
+        "NtUserGetRawInputData",
+        "NtUserGetRawInputDeviceInfo",
+        "NtUserGetRawInputDeviceList",
+        "NtUserGetRawPointerDeviceData",
+        "stub_UserGetRegisteredRawInputDevices",
+        "stub_UserGetTopLevelWindow",
+        "NtUserGetTouchInputInfo",
+        "stub_UserGetTouchValidationStatus",
+        "stub_UserGetUpdatedClipboardFormats",
+        "stub_UserGetWOWClass",
+        "NtUserGetWindowBand",
+        "NtUserGetWindowCompositionAttribute",
+        "stub_UserGetWindowCompositionInfo",
+        "stub_UserGetWindowDisplayAffinity",
+        "NtUserGetWindowFeedbackSetting",
+        "stub_UserGetWindowMinimizeRect",
+        "stub_UserGetWindowRgnEx",
+        "stub_UserGhostWindowFromHungWindow",
+        "NtUserHandleDelegatedInput",
+        "stub_UserHardErrorControl",
+        "NtUserHidePointerContactVisualization",
+        "stub_UserHiliteMenuItem",
+        "stub_UserHungWindowFromGhostWindow",
+        "stub_UserHwndQueryRedirectionInfo",
+        "stub_UserHwndSetRedirectionInfo",
+        "stub_UserImpersonateDdeClientWindow",
+        "stub_UserInheritWindowMonitor",
+        "stub_UserInitTask",
+        "stub_UserInitialize",
+        "stub_UserInitializeClientPfnArrays",
+        "stub_UserInitializeInputDeviceInjection",
+        "stub_UserInitializePointerDeviceInjection",
+        "stub_UserInitializeTouchInjection",
+        "stub_UserInjectDeviceInput",
+        "stub_UserInjectGesture",
+        "stub_UserInjectKeyboardInput",
+        "stub_UserInjectMouseInput",
+        "stub_UserInjectPointerInput",
+        "stub_UserInjectTouchInput",
+        "stub_UserInteractiveControlQueryUsage",
+        "stub_UserInternalClipCursor",
+        "stub_UserInternalGetWindowIcon",
+        "NtUserIsChildWindowDpiMessageEnabled",
+        "stub_UserIsMouseInPointerEnabled",
+        "stub_UserIsMouseInputEnabled",
+        "NtUserIsNonClientDpiScalingEnabled",
+        "NtUserIsTopLevelWindow",
+        "NtUserIsTouchWindow",
+        "NtUserIsWindowBroadcastingDpiToChildren",
+        "stub_UserLayoutCompleted",
+        "NtUserLinkDpiCursor",
+        "NtUserLoadKeyboardLayoutEx",
+        "stub_UserLockWindowStation",
+        "stub_UserLockWorkStation",
+        "NtUserLogicalToPerMonitorDPIPhysicalPoint",
+        "NtUserLogicalToPhysicalPoint",
+        "stub_UserMNDragLeave",
+        "stub_UserMNDragOver",
+        "stub_UserMagControl",
+        "stub_UserMagGetContextInformation",
+        "stub_UserMagSetContextInformation",
+        "NtUserMenuItemFromPoint",
+        "stub_UserMinMaximize",
+        "NtUserModifyWindowTouchCapability",
+        "stub_UserNavigateFocus",
+        "NtUserNotifyIMEStatus",
+        "NtUserOpenInputDesktop",
+        "stub_UserOpenThreadDesktop",
+        "stub_UserPaintMonitor",
+        "stub_UserPerMonitorDPIPhysicalToLogicalPoint",
+        "NtUserPhysicalToLogicalPoint",
+        "stub_UserPrintWindow",
+        "stub_UserPromoteMouseInPointer",
+        "NtUserPromotePointer",
+        "stub_UserQueryBSDRWindow",
+        "NtUserQueryDisplayConfig",
+        "stub_UserQueryInformationThread",
+        "NtUserQueryInputContext",
+        "stub_UserQuerySendMessage",
+        "stub_UserRealChildWindowFromPoint",
+        "stub_UserRealWaitMessageEx",
+        "stub_UserRegisterBSDRWindow",
+        "stub_UserRegisterDManipHook",
+        "stub_UserRegisterEdgy",
+        "stub_UserRegisterErrorReportingDialog",
+        "NtUserRegisterHotKey",
+        "stub_UserRegisterManipulationThread",
+        "stub_UserRegisterPointerDeviceNotifications",
+        "stub_UserRegisterPointerInputTarget",
+        "NtUserRegisterRawInputDevices",
+        "stub_UserRegisterServicesProcess",
+        "stub_UserRegisterSessionPort",
+        "stub_UserRegisterShellPTPListener",
+        "stub_UserRegisterTasklist",
+        "NtUserRegisterTouchHitTestingWindow",
+        "stub_UserRegisterTouchPadCapable",
+        "stub_UserRegisterUserApiHook",
+        "stub_UserReleaseDwmHitTestWaiters",
+        "stub_UserRemoteConnect",
+        "stub_UserRemoteRedrawRectangle",
+        "stub_UserRemoteRedrawScreen",
+        "stub_UserRemoteStopScreenUpdates",
+        "stub_UserRemoveClipboardFormatListener",
+        "stub_UserRemoveInjectionDevice",
+        "NtUserReportInertia",
+        "stub_UserResolveDesktopForWOW",
+        "stub_UserSendEventMessage",
+        "stub_UserSendInteractiveControlHapticsReport",
+        "stub_UserSetActivationFilter",
+        "stub_UserSetActiveProcessForMonitor",
+        "stub_UserSetAppImeLevel",
+        "stub_UserSetAutoRotation",
+        "stub_UserSetBrokeredForeground",
+        "stub_UserSetCalibrationData",
+        "stub_UserSetChildWindowNoActivate",
+        "stub_UserSetClassWord",
+        "stub_UserSetCoreWindow",
+        "stub_UserSetCoreWindowPartner",
+        "stub_UserSetCursorContents",
+        "stub_UserSetDisplayAutoRotationPreferences",
+        "stub_UserSetDisplayConfig",
+        "stub_UserSetDisplayMapping",
+        "stub_UserSetFallbackForeground",
+        "stub_UserSetFeatureReportResponse",
+        "NtUserSetGestureConfig",
+        "NtUserSetImeHotKey",
+        "NtUserSetImeInfoEx",
+        "NtUserSetImeOwnerWindow",
+        "stub_UserSetInteractiveControlFocus",
+        "stub_UserSetInteractiveCtrlRotationAngle",
+        "stub_UserSetInternalWindowPos",
+        "NtUserSetLayeredWindowAttributes",
+        "stub_UserSetManipulationInputTarget",
+        "stub_UserSetMenu",
+        "stub_UserSetMenuContextHelpId",
+        "stub_UserSetMenuFlagRtoL",
+        "stub_UserSetMirrorRendering",
+        "stub_UserSetObjectInformation",
+        "stub_UserSetPrecisionTouchPadConfiguration",
+        "NtUserSetProcessDpiAwarenessContext",
+        "NtUserSetProcessInteractionFlags",
+        "stub_UserSetProcessRestrictionExemption",
+        "stub_UserSetProcessUIAccessZorder",
+        "stub_UserSetShellWindowEx",
+        "stub_UserSetSysColors",
+        "stub_UserSetSystemCursor",
+        "stub_UserSetSystemTimer",
+        "NtUserSetThreadInputBlocked",
+        "NtUserSetThreadLayoutHandles",
+        "stub_UserSetWindowArrangement",
+        "stub_UserSetWindowBand",
+        "NtUserSetWindowCompositionAttribute",
+        "NtUserSetWindowCompositionTransition",
+        "stub_UserSetWindowDisplayAffinity",
+        "NtUserSetWindowFeedbackSetting",
+        "stub_UserSetWindowRgnEx",
+        "stub_UserSetWindowShowState",
+        "stub_UserSetWindowStationUser",
+        "stub_UserShowSystemCursor",
+        "stub_UserShutdownBlockReasonCreate",
+        "stub_UserShutdownBlockReasonQuery",
+        "stub_UserShutdownReasonDestroy",
+        "stub_UserSignalRedirectionStartComplete",
+        "stub_UserSlicerControl",
+        "stub_UserSoundSentry",
+        "stub_UserSwitchDesktop",
+        "stub_UserSystemParametersInfoForDpi",
+        "stub_UserTestForInteractiveUser",
+        "NtUserTrackPopupMenuEx",
+        "NtUserTransformPoint",
+        "NtUserTransformRect",
+        "NtUserUndelegateInput",
+        "stub_UserUnloadKeyboardLayout",
+        "stub_UserUnlockWindowStation",
+        "stub_UserUnregisterHotKey",
+        "stub_UserUnregisterSessionPort",
+        "stub_UserUnregisterUserApiHook",
+        "stub_UserUpdateDefaultDesktopThumbnail",
+        "NtUserUpdateInputContext",
+        "stub_UserUpdateInstance",
+        "NtUserUpdateLayeredWindow",
+        "stub_UserUpdatePerUserSystemParameters",
+        "stub_UserUpdateWindowInputSinkHints",
+        "stub_UserUpdateWindowTrackingInfo",
+        "stub_UserUpdateWindowTransform",
+        "stub_UserUserHandleGrantAccess",
+        "stub_UserValidateHandleSecure",
+        "stub_UserWaitAvailableMessageEx",
+        "stub_UserWaitForInputIdle",
+        "stub_UserWaitForMsgAndEvent",
+        "stub_UserWaitForRedirectionStartComplete",
+        "NtUserWindowFromPhysicalPoint",
+        "stub_ValidateCompositionSurfaceHandle",
+        "NtVisualCaptureBits",
+        "NtUserSetClassLongPtr",
+        "NtUserSetWindowLongPtr"
+    ],
+    [
+        "NtAccessCheck",
+        "NtWorkerFactoryWorkerReady",
+        "NtAcceptConnectPort",
+        "NtMapUserPhysicalPagesScatter",
+        "NtWaitForSingleObject",
+        "NtCallbackReturn",
+        "NtReadFile",
+        "NtDeviceIoControlFile",
+        "NtWriteFile",
+        "NtRemoveIoCompletion",
+        "NtReleaseSemaphore",
+        "NtReplyWaitReceivePort",
+        "NtReplyPort",
+        "NtSetInformationThread",
+        "NtSetEvent",
+        "NtClose",
+        "NtQueryObject",
+        "NtQueryInformationFile",
+        "NtOpenKey",
+        "NtEnumerateValueKey",
+        "NtFindAtom",
+        "NtQueryDefaultLocale",
+        "NtQueryKey",
+        "NtQueryValueKey",
+        "NtAllocateVirtualMemory",
+        "NtQueryInformationProcess",
+        "NtWaitForMultipleObjects32",
+        "NtWriteFileGather",
+        "NtSetInformationProcess",
+        "NtCreateKey",
+        "NtFreeVirtualMemory",
+        "NtImpersonateClientOfPort",
+        "NtReleaseMutant",
+        "NtQueryInformationToken",
+        "NtRequestWaitReplyPort",
+        "NtQueryVirtualMemory",
+        "NtOpenThreadToken",
+        "NtQueryInformationThread",
+        "NtOpenProcess",
+        "NtSetInformationFile",
+        "NtMapViewOfSection",
+        "NtAccessCheckAndAuditAlarm",
+        "NtUnmapViewOfSection",
+        "NtReplyWaitReceivePortEx",
+        "NtTerminateProcess",
+        "NtSetEventBoostPriority",
+        "NtReadFileScatter",
+        "NtOpenThreadTokenEx",
+        "NtOpenProcessTokenEx",
+        "NtQueryPerformanceCounter",
+        "NtEnumerateKey",
+        "NtOpenFile",
+        "NtDelayExecution",
+        "NtQueryDirectoryFile",
+        "NtQuerySystemInformation",
+        "NtOpenSection",
+        "NtQueryTimer",
+        "NtFsControlFile",
+        "NtWriteVirtualMemory",
+        "NtCloseObjectAuditAlarm",
+        "NtDuplicateObject",
+        "NtQueryAttributesFile",
+        "NtClearEvent",
+        "NtReadVirtualMemory",
+        "NtOpenEvent",
+        "NtAdjustPrivilegesToken",
+        "NtDuplicateToken",
+        "NtContinue",
+        "NtQueryDefaultUILanguage",
+        "NtQueueApcThread",
+        "NtYieldExecution",
+        "NtAddAtom",
+        "NtCreateEvent",
+        "NtQueryVolumeInformationFile",
+        "NtCreateSection",
+        "NtFlushBuffersFile",
+        "NtApphelpCacheControl",
+        "NtCreateProcessEx",
+        "NtCreateThread",
+        "NtIsProcessInJob",
+        "NtProtectVirtualMemory",
+        "NtQuerySection",
+        "NtResumeThread",
+        "NtTerminateThread",
+        "NtReadRequestData",
+        "NtCreateFile",
+        "NtQueryEvent",
+        "NtWriteRequestData",
+        "NtOpenDirectoryObject",
+        "NtAccessCheckByTypeAndAuditAlarm",
+        "NtQuerySystemTime",
+        "NtWaitForMultipleObjects",
+        "NtSetInformationObject",
+        "NtCancelIoFile",
+        "NtTraceEvent",
+        "NtPowerInformation",
+        "NtSetValueKey",
+        "NtCancelTimer",
+        "NtSetTimer",
+        "NtAccessCheckByType",
+        "NtAccessCheckByTypeResultList",
+        "NtAccessCheckByTypeResultListAndAuditAlarm",
+        "NtAccessCheckByTypeResultListAndAuditAlarmByHandle",
+        "NtAddAtomEx",
+        "NtAddBootEntry",
+        "NtAddDriverEntry",
+        "NtAdjustGroupsToken",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAlertResumeThread",
+        "NtAlertThread",
+        "NtAlertThreadByThreadId",
+        "NtAllocateLocallyUniqueId",
+        "NtAllocateReserveObject",
+        "NtAllocateUserPhysicalPages",
+        "NtAllocateUuids",
+        "NtAlpcAcceptConnectPort",
+        "NtAlpcCancelMessage",
+        "NtAlpcConnectPort",
+        "NtAlpcConnectPortEx",
+        "NtAlpcCreatePort",
+        "NtAlpcCreatePortSection",
+        "NtAlpcCreateResourceReserve",
+        "NtAlpcCreateSectionView",
+        "NtAlpcCreateSecurityContext",
+        "NtAlpcDeletePortSection",
+        "NtAlpcDeleteResourceReserve",
+        "NtAlpcDeleteSectionView",
+        "NtAlpcDeleteSecurityContext",
+        "NtAlpcDisconnectPort",
+        "NtAlpcImpersonateClientContainerOfPort",
+        "NtAlpcImpersonateClientOfPort",
+        "NtAlpcOpenSenderProcess",
+        "NtAlpcOpenSenderThread",
+        "NtAlpcQueryInformation",
+        "NtAlpcQueryInformationMessage",
+        "NtAlpcRevokeSecurityContext",
+        "NtAlpcSendWaitReceivePort",
+        "NtAlpcSetInformation",
+        "NtAreMappedFilesTheSame",
+        "NtAssignProcessToJobObject",
+        "NtAssociateWaitCompletionPacket",
+        "NtCancelIoFileEx",
+        "NtCancelSynchronousIoFile",
+        "NtCancelTimer2",
+        "NtCancelWaitCompletionPacket",
+        "NtCommitComplete",
+        "NtCommitEnlistment",
+        "NtCommitRegistryTransaction",
+        "NtCommitTransaction",
+        "NtCompactKeys",
+        "NtCompareObjects",
+        "NtCompareTokens",
+        "ArbPreprocessEntry",
+        "NtCompressKey",
+        "NtConnectPort",
+        "NtCreateDebugObject",
+        "NtCreateDirectoryObject",
+        "NtCreateDirectoryObjectEx",
+        "NtCreateEnclave",
+        "NtCreateEnlistment",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtCreateIRTimer",
+        "NtCreateIoCompletion",
+        "NtCreateJobObject",
+        "ArbAddReserved",
+        "NtCreateKeyTransacted",
+        "NtCreateKeyedEvent",
+        "NtCreateLowBoxToken",
+        "NtCreateMailslotFile",
+        "NtCreateMutant",
+        "NtCreateNamedPipeFile",
+        "NtCreatePagingFile",
+        "NtCreatePartition",
+        "NtCreatePort",
+        "NtCreatePrivateNamespace",
+        "NtCreateProcess",
+        "NtCreateProfile",
+        "NtCreateProfileEx",
+        "NtCreateRegistryTransaction",
+        "NtCreateResourceManager",
+        "NtCreateSemaphore",
+        "NtCreateSymbolicLinkObject",
+        "NtCreateThreadEx",
+        "NtCreateTimer",
+        "NtCreateTimer2",
+        "NtCreateToken",
+        "NtCreateTokenEx",
+        "NtCreateTransaction",
+        "NtCreateTransactionManager",
+        "NtCreateUserProcess",
+        "NtCreateWaitCompletionPacket",
+        "NtCreateWaitablePort",
+        "NtCreateWnfStateName",
+        "NtCreateWorkerFactory",
+        "NtDebugActiveProcess",
+        "NtDebugContinue",
+        "NtDeleteAtom",
+        "NtDeleteBootEntry",
+        "NtDeleteDriverEntry",
+        "NtDeleteFile",
+        "NtDeleteKey",
+        "NtDeleteObjectAuditAlarm",
+        "NtDeletePrivateNamespace",
+        "NtDeleteValueKey",
+        "NtDeleteWnfStateData",
+        "NtDeleteWnfStateName",
+        "NtDisableLastKnownGood",
+        "NtDisplayString",
+        "NtDrawText",
+        "NtEnableLastKnownGood",
+        "NtEnumerateBootEntries",
+        "NtEnumerateDriverEntries",
+        "NtEnumerateSystemEnvironmentValuesEx",
+        "NtEnumerateTransactionObject",
+        "NtExtendSection",
+        "NtFilterBootOption",
+        "NtFilterToken",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtFlushBuffersFileEx",
+        "NtFlushInstallUILanguage",
+        "ArbPreprocessEntry",
+        "NtFlushKey",
+        "NtFlushProcessWriteBuffers",
+        "NtFlushVirtualMemory",
+        "NtFlushWriteBuffer",
+        "NtFreeUserPhysicalPages",
+        "NtFreezeRegistry",
+        "NtFreezeTransactions",
+        "NtGetCachedSigningLevel",
+        "NtGetCompleteWnfStateSubscription",
+        "NtGetContextThread",
+        "NtGetCurrentProcessorNumber",
+        "NtGetCurrentProcessorNumberEx",
+        "NtGetDevicePowerState",
+        "NtGetMUIRegistryInfo",
+        "NtGetNextProcess",
+        "NtGetNextThread",
+        "NtGetNlsSectionPtr",
+        "NtGetNotificationResourceManager",
+        "NtGetWriteWatch",
+        "NtImpersonateAnonymousToken",
+        "NtImpersonateThread",
+        "NtInitializeEnclave",
+        "NtInitializeNlsFiles",
+        "NtInitializeRegistry",
+        "NtInitiatePowerAction",
+        "NtIsSystemResumeAutomatic",
+        "NtIsUILanguageComitted",
+        "NtListenPort",
+        "NtLoadDriver",
+        "NtLoadEnclaveData",
+        "NtLoadKey",
+        "NtLoadKey2",
+        "NtLoadKeyEx",
+        "NtLockFile",
+        "NtLockProductActivationKeys",
+        "NtLockRegistryKey",
+        "NtLockVirtualMemory",
+        "NtMakePermanentObject",
+        "NtMakeTemporaryObject",
+        "NtManagePartition",
+        "NtMapCMFModule",
+        "NtMapUserPhysicalPages",
+        "NtModifyBootEntry",
+        "NtModifyDriverEntry",
+        "NtNotifyChangeDirectoryFile",
+        "NtNotifyChangeKey",
+        "NtNotifyChangeMultipleKeys",
+        "NtNotifyChangeSession",
+        "NtOpenEnlistment",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtOpenIoCompletion",
+        "NtOpenJobObject",
+        "NtOpenKeyEx",
+        "NtOpenKeyTransacted",
+        "NtOpenKeyTransactedEx",
+        "NtOpenKeyedEvent",
+        "NtOpenMutant",
+        "NtOpenObjectAuditAlarm",
+        "NtOpenPartition",
+        "NtOpenPrivateNamespace",
+        "NtOpenProcessToken",
+        "NtOpenRegistryTransaction",
+        "NtOpenResourceManager",
+        "NtOpenSemaphore",
+        "NtOpenSession",
+        "NtOpenSymbolicLinkObject",
+        "NtOpenThread",
+        "NtOpenTimer",
+        "NtOpenTransaction",
+        "NtOpenTransactionManager",
+        "NtPlugPlayControl",
+        "NtPrePrepareComplete",
+        "NtPrePrepareEnlistment",
+        "NtPrepareComplete",
+        "NtPrepareEnlistment",
+        "NtPrivilegeCheck",
+        "NtPrivilegeObjectAuditAlarm",
+        "NtPrivilegedServiceAuditAlarm",
+        "NtPropagationComplete",
+        "NtPropagationFailed",
+        "NtPulseEvent",
+        "NtQueryBootEntryOrder",
+        "NtQueryBootOptions",
+        "NtQueryDebugFilterState",
+        "NtQueryDirectoryObject",
+        "NtQueryDriverEntryOrder",
+        "NtQueryEaFile",
+        "NtQueryFullAttributesFile",
+        "NtQueryInformationAtom",
+        "NtQueryInformationEnlistment",
+        "NtQueryInformationJobObject",
+        "NtQueryInformationPort",
+        "NtQueryInformationResourceManager",
+        "NtQueryInformationTransaction",
+        "NtQueryInformationTransactionManager",
+        "NtQueryInformationWorkerFactory",
+        "NtQueryInstallUILanguage",
+        "NtQueryIntervalProfile",
+        "NtQueryIoCompletion",
+        "NtQueryLicenseValue",
+        "NtQueryMultipleValueKey",
+        "NtQueryMutant",
+        "NtQueryOpenSubKeys",
+        "NtQueryOpenSubKeysEx",
+        "CmpForceInvalidatePreCallback",
+        "NtQueryQuotaInformationFile",
+        "NtQuerySecurityAttributesToken",
+        "NtQuerySecurityObject",
+        "NtQuerySecurityPolicy",
+        "NtQuerySemaphore",
+        "NtQuerySymbolicLinkObject",
+        "NtQuerySystemEnvironmentValue",
+        "NtQuerySystemEnvironmentValueEx",
+        "NtQuerySystemInformationEx",
+        "NtQueryTimerResolution",
+        "NtQueryWnfStateData",
+        "NtQueryWnfStateNameInformation",
+        "NtQueueApcThreadEx",
+        "NtRaiseException",
+        "NtRaiseHardError",
+        "NtReadOnlyEnlistment",
+        "NtRecoverEnlistment",
+        "NtRecoverResourceManager",
+        "NtRecoverTransactionManager",
+        "NtRegisterProtocolAddressInformation",
+        "NtRegisterThreadTerminatePort",
+        "NtReleaseKeyedEvent",
+        "NtReleaseWorkerFactoryWorker",
+        "NtRemoveIoCompletionEx",
+        "NtRemoveProcessDebug",
+        "NtRenameKey",
+        "NtRenameTransactionManager",
+        "NtReplaceKey",
+        "NtReplacePartitionUnit",
+        "NtReplyWaitReplyPort",
+        "NtRequestPort",
+        "NtResetEvent",
+        "NtResetWriteWatch",
+        "NtRestoreKey",
+        "NtResumeProcess",
+        "NtRevertContainerImpersonation",
+        "NtRollbackComplete",
+        "NtRollbackEnlistment",
+        "NtRollbackRegistryTransaction",
+        "NtRollbackTransaction",
+        "NtRollforwardTransactionManager",
+        "NtSaveKey",
+        "NtSaveKeyEx",
+        "NtSaveMergedKeys",
+        "NtSecureConnectPort",
+        "NtSerializeBoot",
+        "NtSetBootEntryOrder",
+        "NtSetBootOptions",
+        "NtSetCachedSigningLevel",
+        "NtSetCachedSigningLevel2",
+        "NtSetContextThread",
+        "NtSetDebugFilterState",
+        "NtSetDefaultHardErrorPort",
+        "NtSetDefaultLocale",
+        "NtSetDefaultUILanguage",
+        "NtSetDriverEntryOrder",
+        "NtSetEaFile",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtSetIRTimer",
+        "NtSetInformationDebugObject",
+        "NtSetInformationEnlistment",
+        "NtSetInformationJobObject",
+        "NtSetInformationKey",
+        "NtSetInformationResourceManager",
+        "NtSetInformationSymbolicLink",
+        "NtSetInformationToken",
+        "NtSetInformationTransaction",
+        "NtSetInformationTransactionManager",
+        "NtSetInformationVirtualMemory",
+        "NtSetInformationWorkerFactory",
+        "NtSetIntervalProfile",
+        "NtSetIoCompletion",
+        "NtSetIoCompletionEx",
+        "BvgaSetVirtualFrameBuffer",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtSetQuotaInformationFile",
+        "NtSetSecurityObject",
+        "NtSetSystemEnvironmentValue",
+        "NtSetSystemEnvironmentValueEx",
+        "NtSetSystemInformation",
+        "NtSetSystemPowerState",
+        "NtSetSystemTime",
+        "NtSetThreadExecutionState",
+        "NtSetTimer2",
+        "NtSetTimerEx",
+        "NtSetTimerResolution",
+        "NtSetUuidSeed",
+        "NtSetVolumeInformationFile",
+        "NtSetWnfProcessNotificationEvent",
+        "NtShutdownSystem",
+        "NtShutdownWorkerFactory",
+        "NtSignalAndWaitForSingleObject",
+        "NtSinglePhaseReject",
+        "NtStartProfile",
+        "NtStopProfile",
+        "NtSubscribeWnfStateChange",
+        "NtSuspendProcess",
+        "NtSuspendThread",
+        "NtSystemDebugControl",
+        "NtTerminateJobObject",
+        "NtTestAlert",
+        "NtThawRegistry",
+        "NtThawTransactions",
+        "NtTraceControl",
+        "NtTranslateFilePath",
+        "NtUmsThreadYield",
+        "NtUnloadDriver",
+        "NtUnloadKey",
+        "NtUnloadKey2",
+        "NtUnloadKeyEx",
+        "NtUnlockFile",
+        "NtUnlockVirtualMemory",
+        "NtUnmapViewOfSectionEx",
+        "NtUnsubscribeWnfStateChange",
+        "NtUpdateWnfStateData",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtWaitForAlertByThreadId",
+        "NtWaitForDebugEvent",
+        "NtWaitForKeyedEvent",
+        "NtWaitForWorkViaWorkerFactory",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAdjustTokenClaimsAndDeviceGroups"
+    ]
+]
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win10_x64_15063_syscalls.py b/volatility/plugins/overlays/windows/win10_x64_15063_syscalls.py
new file mode 100644
index 000000000..ac64641f7
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_15063_syscalls.py
@@ -0,0 +1,1596 @@
+syscalls = [
+    [
+        "NtUserGetOwnerTransformedMonitorRect",
+        "NtUserYieldTask",
+        "NtUserSetSensorPresence",
+        "NtUserGetThreadState",
+        "NtUserPeekMessage",
+        "NtUserCallOneParam",
+        "NtUserGetKeyState",
+        "NtUserInvalidateRect",
+        "NtUserCallNoParam",
+        "NtUserGetMessage",
+        "NtUserMessageCall",
+        "NtGdiBitBlt",
+        "NtGdiGetCharSet",
+        "NtUserGetDC",
+        "NtGdiSelectBitmap",
+        "NtUserWaitMessage",
+        "NtUserTranslateMessage",
+        "NtUserGetProp",
+        "NtUserPostMessage",
+        "NtUserQueryWindow",
+        "NtUserTranslateAccelerator",
+        "NtGdiFlush",
+        "NtUserRedrawWindow",
+        "NtUserWindowFromPoint",
+        "NtUserCallMsgFilter",
+        "NtUserValidateTimerCallback",
+        "NtUserBeginPaint",
+        "NtUserSetTimer",
+        "NtUserEndPaint",
+        "NtUserSetCursor",
+        "NtUserKillTimer",
+        "NtUserBuildHwndList",
+        "NtUserSelectPalette",
+        "NtUserCallNextHookEx",
+        "NtUserHideCaret",
+        "NtGdiIntersectClipRect",
+        "NtUserCallHwndLock",
+        "NtUserGetProcessWindowStation",
+        "NtGdiDeleteObjectApp",
+        "NtUserSetWindowPos",
+        "NtUserShowCaret",
+        "NtUserEndDeferWindowPosEx",
+        "NtUserCallHwndParamLock",
+        "NtUserVkKeyScanEx",
+        "NtGdiSetDIBitsToDeviceInternal",
+        "NtUserCallTwoParam",
+        "NtGdiGetRandomRgn",
+        "NtUserCopyAcceleratorTable",
+        "NtUserNotifyWinEvent",
+        "NtGdiExtSelectClipRgn",
+        "NtUserIsClipboardFormatAvailable",
+        "NtUserSetScrollInfo",
+        "NtGdiStretchBlt",
+        "NtUserCreateCaret",
+        "NtGdiRectVisible",
+        "NtGdiCombineRgn",
+        "NtGdiGetDCObject",
+        "NtUserDispatchMessage",
+        "NtUserRegisterWindowMessage",
+        "NtGdiExtTextOutW",
+        "NtGdiSelectFont",
+        "NtGdiRestoreDC",
+        "NtGdiSaveDC",
+        "NtUserGetForegroundWindow",
+        "NtUserShowScrollBar",
+        "NtUserFindExistingCursorIcon",
+        "NtGdiGetDCDword",
+        "NtGdiGetRegionData",
+        "NtGdiLineTo",
+        "NtUserSystemParametersInfo",
+        "NtGdiGetAppClipBox",
+        "NtUserGetAsyncKeyState",
+        "NtUserGetCPD",
+        "NtUserRemoveProp",
+        "NtGdiDoPalette",
+        "NtGdiPolyPolyDraw",
+        "NtUserSetCapture",
+        "NtUserEnumDisplayMonitors",
+        "NtGdiCreateCompatibleBitmap",
+        "NtUserSetProp",
+        "NtGdiGetTextCharsetInfo",
+        "NtUserSBGetParms",
+        "NtUserGetIconInfo",
+        "NtUserExcludeUpdateRgn",
+        "NtUserSetFocus",
+        "NtGdiExtGetObjectW",
+        "NtUserGetUpdateRect",
+        "NtGdiCreateCompatibleDC",
+        "NtUserGetClipboardSequenceNumber",
+        "NtGdiCreatePen",
+        "NtUserShowWindow",
+        "NtUserGetKeyboardLayoutList",
+        "NtGdiPatBlt",
+        "NtUserMapVirtualKeyEx",
+        "NtUserSetWindowLong",
+        "NtGdiHfontCreate",
+        "NtUserMoveWindow",
+        "NtUserPostThreadMessage",
+        "NtUserDrawIconEx",
+        "NtUserGetSystemMenu",
+        "NtGdiDrawStream",
+        "NtUserInternalGetWindowText",
+        "NtUserGetWindowDC",
+        "NtGdiInvertRgn",
+        "NtGdiGetRgnBox",
+        "NtGdiGetAndSetDCDword",
+        "NtGdiMaskBlt",
+        "NtGdiGetWidthTable",
+        "NtUserScrollDC",
+        "NtUserGetObjectInformation",
+        "NtGdiCreateBitmap",
+        "NtUserFindWindowEx",
+        "NtGdiPolyPatBlt",
+        "NtUserUnhookWindowsHookEx",
+        "NtGdiGetNearestColor",
+        "NtGdiTransformPoints",
+        "NtGdiGetDCPoint",
+        "NtGdiCreateDIBBrush",
+        "NtGdiGetTextMetricsW",
+        "NtUserCreateWindowEx",
+        "NtUserSetParent",
+        "NtUserGetKeyboardState",
+        "NtUserToUnicodeEx",
+        "NtUserGetControlBrush",
+        "NtUserGetClassName",
+        "NtGdiAlphaBlend",
+        "NtGdiOffsetRgn",
+        "NtUserDefSetText",
+        "NtGdiGetTextFaceW",
+        "NtGdiStretchDIBitsInternal",
+        "NtUserSendInput",
+        "NtUserGetThreadDesktop",
+        "NtGdiCreateRectRgn",
+        "NtGdiGetDIBitsInternal",
+        "NtUserGetUpdateRgn",
+        "NtGdiDeleteClientObj",
+        "NtUserGetIconSize",
+        "NtUserFillWindow",
+        "NtGdiExtCreateRegion",
+        "NtGdiComputeXformCoefficients",
+        "NtUserSetWindowsHookEx",
+        "NtUserNotifyProcessCreate",
+        "NtGdiUnrealizeObject",
+        "NtUserGetTitleBarInfo",
+        "NtGdiRectangle",
+        "NtUserSetThreadDesktop",
+        "NtUserGetDCEx",
+        "NtUserGetScrollBarInfo",
+        "NtGdiGetTextExtent",
+        "NtUserSetWindowFNID",
+        "NtGdiSetLayout",
+        "NtUserCalcMenuBar",
+        "NtUserThunkedMenuItemInfo",
+        "NtGdiExcludeClipRect",
+        "NtGdiCreateDIBSection",
+        "NtGdiGetDCforBitmap",
+        "NtUserDestroyCursor",
+        "NtUserDestroyWindow",
+        "NtUserCallHwndParam",
+        "NtGdiCreateDIBitmapInternal",
+        "NtUserOpenWindowStation",
+        "NtUserSetCursorIconData",
+        "NtUserCloseDesktop",
+        "NtUserOpenDesktop",
+        "NtUserSetProcessWindowStation",
+        "NtUserGetAtomName",
+        "NtGdiExtCreatePen",
+        "NtGdiCreatePaletteInternal",
+        "NtGdiSetBrushOrg",
+        "NtUserBuildNameList",
+        "NtGdiSetPixel",
+        "NtUserRegisterClassExWOW",
+        "NtGdiCreatePatternBrushInternal",
+        "NtUserGetAncestor",
+        "NtGdiGetOutlineTextMetricsInternalW",
+        "NtGdiSetBitmapBits",
+        "NtUserCloseWindowStation",
+        "NtUserGetDoubleClickTime",
+        "NtUserEnableScrollBar",
+        "NtGdiCreateSolidBrush",
+        "NtUserGetClassInfoEx",
+        "NtGdiCreateClientObj",
+        "NtUserUnregisterClass",
+        "NtUserDeleteMenu",
+        "NtGdiRectInRegion",
+        "NtUserScrollWindowEx",
+        "NtGdiGetPixel",
+        "NtUserSetClassLong",
+        "NtUserGetMenuBarInfo",
+        "NtGdiGetNearestPaletteIndex",
+        "NtGdiGetCharWidthW",
+        "NtUserInvalidateRgn",
+        "NtUserGetClipboardOwner",
+        "NtUserSetWindowRgn",
+        "NtUserBitBltSysBmp",
+        "NtGdiGetCharWidthInfo",
+        "NtUserValidateRect",
+        "NtUserCloseClipboard",
+        "NtUserOpenClipboard",
+        "NtUserSetClipboardData",
+        "NtUserEnableMenuItem",
+        "NtUserAlterWindowStyle",
+        "NtGdiFillRgn",
+        "NtUserGetWindowPlacement",
+        "NtGdiModifyWorldTransform",
+        "NtGdiGetFontData",
+        "NtUserGetOpenClipboardWindow",
+        "NtUserSetThreadState",
+        "NtGdiOpenDCW",
+        "NtUserTrackMouseEvent",
+        "NtGdiGetTransform",
+        "NtUserDestroyMenu",
+        "NtGdiGetBitmapBits",
+        "NtUserConsoleControl",
+        "NtUserSetActiveWindow",
+        "NtUserSetInformationThread",
+        "NtUserSetWindowPlacement",
+        "NtUserGetControlColor",
+        "NtGdiSetMetaRgn",
+        "NtGdiSetMiterLimit",
+        "NtGdiSetVirtualResolution",
+        "NtGdiGetRasterizerCaps",
+        "NtUserSetWindowWord",
+        "NtUserGetClipboardFormatName",
+        "NtUserRealInternalGetMessage",
+        "NtUserCreateLocalMemHandle",
+        "NtUserAttachThreadInput",
+        "NtGdiCreateHalftonePalette",
+        "NtUserPaintMenuBar",
+        "NtUserSetKeyboardState",
+        "NtGdiCombineTransform",
+        "NtUserCreateAcceleratorTable",
+        "NtUserGetCursorFrameInfo",
+        "NtUserGetAltTabInfo",
+        "NtUserGetCaretBlinkTime",
+        "NtGdiQueryFontAssocInfo",
+        "NtUserProcessConnect",
+        "NtUserEnumDisplayDevices",
+        "NtUserEmptyClipboard",
+        "NtUserGetClipboardData",
+        "NtUserRemoveMenu",
+        "NtGdiSetBoundsRect",
+        "NtGdiGetBitmapDimension",
+        "NtUserConvertMemHandle",
+        "NtUserDestroyAcceleratorTable",
+        "NtUserGetGUIThreadInfo",
+        "NtGdiCloseFigure",
+        "NtUserSetWindowsHookAW",
+        "NtUserSetMenuDefaultItem",
+        "NtUserCheckMenuItem",
+        "NtUserSetWinEventHook",
+        "NtUserUnhookWinEvent",
+        "NtUserLockWindowUpdate",
+        "NtUserSetSystemMenu",
+        "NtUserThunkedMenuInfo",
+        "NtGdiBeginPath",
+        "NtGdiEndPath",
+        "NtGdiFillPath",
+        "NtUserCallHwnd",
+        "NtUserDdeInitialize",
+        "NtUserModifyUserStartupInfoFlags",
+        "NtUserCountClipboardFormats",
+        "NtGdiAddFontMemResourceEx",
+        "NtGdiEqualRgn",
+        "NtGdiGetSystemPaletteUse",
+        "NtGdiRemoveFontMemResourceEx",
+        "NtUserEnumDisplaySettings",
+        "NtUserPaintDesktop",
+        "NtGdiExtEscape",
+        "NtGdiSetBitmapDimension",
+        "NtGdiSetFontEnumeration",
+        "NtUserChangeClipboardChain",
+        "NtUserSetClipboardViewer",
+        "NtUserShowWindowAsync",
+        "NtGdiCreateColorSpace",
+        "NtGdiDeleteColorSpace",
+        "NtUserActivateKeyboardLayout",
+        "NtBindCompositionSurface",
+        "NtCompositionInputThread",
+        "NtCompositionSetDropTarget",
+        "NtCreateCompositionInputSink",
+        "NtCreateCompositionSurfaceHandle",
+        "NtCreateImplicitCompositionInputSink",
+        "NtDCompositionAddCrossDeviceVisualChild",
+        "NtDCompositionBeginFrame",
+        "NtDCompositionCommitChannel",
+        "NtDCompositionCommitSynchronizationObject",
+        "NtDCompositionConfirmFrame",
+        "NtDCompositionConnectPipe",
+        "NtDCompositionCreateAndBindSharedSection",
+        "NtDCompositionCreateChannel",
+        "NtDCompositionCreateConnection",
+        "NtDCompositionCreateDwmChannel",
+        "NtDCompositionCreateSharedVisualHandle",
+        "NtDCompositionCurrentBatchId",
+        "NtDCompositionDestroyChannel",
+        "NtDCompositionDestroyConnection",
+        "NtDCompositionDiscardFrame",
+        "NtDCompositionDuplicateHandleToProcess",
+        "NtDCompositionDuplicateSwapchainHandleToDwm",
+        "NtDCompositionEnableDDASupport",
+        "NtDCompositionEnableMMCSS",
+        "NtDCompositionGetChannels",
+        "NtDCompositionGetConnectionBatch",
+        "NtDCompositionGetDeletedResources",
+        "NtDCompositionGetFrameLegacyTokens",
+        "NtDCompositionGetFrameStatistics",
+        "NtDCompositionGetFrameSurfaceUpdates",
+        "NtDCompositionProcessChannelBatchBuffer",
+        "NtDCompositionReferenceSharedResourceOnDwmChannel",
+        "NtDCompositionRegisterThumbnailVisual",
+        "NtDCompositionRegisterVirtualDesktopVisual",
+        "NtDCompositionReleaseAllResources",
+        "NtDCompositionRemoveCrossDeviceVisualChild",
+        "NtDCompositionRetireFrame",
+        "NtDCompositionSetChannelCallbackId",
+        "NtDCompositionSetChannelCommitCompletionEvent",
+        "NtDCompositionSetChildRootVisual",
+        "NtDCompositionSetDebugCounter",
+        "NtDCompositionSubmitDWMBatch",
+        "NtDCompositionSynchronize",
+        "NtDCompositionTelemetryAnimationScenarioBegin",
+        "NtDCompositionTelemetryAnimationScenarioReference",
+        "NtDCompositionTelemetryAnimationScenarioUnreference",
+        "NtDCompositionTelemetrySetApplicationId",
+        "NtDCompositionTelemetryTouchInteractionBegin",
+        "NtDCompositionTelemetryTouchInteractionEnd",
+        "NtDCompositionTelemetryTouchInteractionUpdate",
+        "NtDCompositionUpdatePointerCapture",
+        "NtDCompositionWaitForChannel",
+        "NtDesktopCaptureBits",
+        "NtDuplicateCompositionInputSink",
+        "NtGdiAbortDoc",
+        "NtGdiAbortPath",
+        "NtGdiAddEmbFontToDC",
+        "NtGdiAddFontResourceW",
+        "NtGdiAddInitialFonts",
+        "NtGdiAddRemoteFontToDC",
+        "NtGdiAddRemoteMMInstanceToDC",
+        "NtGdiAngleArc",
+        "NtGdiAnyLinkedFonts",
+        "NtGdiArcInternal",
+        "NtGdiBRUSHOBJ_DeleteRbrush",
+        "NtGdiBRUSHOBJ_hGetColorTransform",
+        "NtGdiBRUSHOBJ_pvAllocRbrush",
+        "NtGdiBRUSHOBJ_pvGetRbrush",
+        "NtGdiBRUSHOBJ_ulGetBrushColor",
+        "NtGdiBeginGdiRendering",
+        "NtGdiCLIPOBJ_bEnum",
+        "NtGdiCLIPOBJ_cEnumStart",
+        "NtGdiCLIPOBJ_ppoGetPath",
+        "NtGdiCancelDC",
+        "NtGdiChangeGhostFont",
+        "NtGdiCheckBitmapBits",
+        "NtGdiClearBitmapAttributes",
+        "NtGdiClearBrushAttributes",
+        "NtGdiColorCorrectPalette",
+        "NtGdiConfigureOPMProtectedOutput",
+        "NtGdiConvertMetafileRect",
+        "NtGdiCreateBitmapFromDxSurface",
+        "NtGdiCreateBitmapFromDxSurface2",
+        "NtGdiCreateColorTransform",
+        "NtGdiCreateEllipticRgn",
+        "NtGdiCreateHatchBrushInternal",
+        "NtGdiCreateMetafileDC",
+        "NtGdiCreateOPMProtectedOutput",
+        "NtGdiCreateOPMProtectedOutputs",
+        "NtGdiCreateRoundRectRgn",
+        "NtGdiCreateServerMetaFile",
+        "NtGdiCreateSessionMappedDIBSection",
+        "NtGdiDDCCIGetCapabilitiesString",
+        "NtGdiDDCCIGetCapabilitiesStringLength",
+        "NtGdiDDCCIGetTimingReport",
+        "NtGdiDDCCIGetVCPFeature",
+        "NtGdiDDCCISaveCurrentSettings",
+        "NtGdiDDCCISetVCPFeature",
+        "NtGdiDdCreateFullscreenSprite",
+        "NtGdiDdDDIAbandonSwapChain",
+        "NtGdiDdDDIAcquireKeyedMutex",
+        "NtGdiDdDDIAcquireKeyedMutex2",
+        "NtGdiDdDDIAcquireSwapChain",
+        "NtGdiDdDDIAdjustFullscreenGamma",
+        "NtGdiDdDDICacheHybridQueryValue",
+        "NtGdiDdDDIChangeVideoMemoryReservation",
+        "NtGdiDdDDICheckExclusiveOwnership",
+        "NtGdiDdDDICheckMonitorPowerState",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport2",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport3",
+        "NtGdiDdDDICheckOcclusion",
+        "NtGdiDdDDICheckSharedResourceAccess",
+        "NtGdiDdDDICheckVidPnExclusiveOwnership",
+        "NtGdiDdDDICloseAdapter",
+        "NtGdiDdDDIConfigureSharedResource",
+        "NtGdiDdDDICreateAllocation",
+        "NtGdiDdDDICreateContext",
+        "NtGdiDdDDICreateContextVirtual",
+        "NtGdiDdDDICreateDCFromMemory",
+        "NtGdiDdDDICreateDevice",
+        "NtGdiDdDDICreateHwContext",
+        "NtGdiDdDDICreateHwQueue",
+        "NtGdiDdDDICreateKeyedMutex",
+        "NtGdiDdDDICreateKeyedMutex2",
+        "NtGdiDdDDICreateOutputDupl",
+        "NtGdiDdDDICreateOverlay",
+        "NtGdiDdDDICreatePagingQueue",
+        "NtGdiDdDDICreateSwapChain",
+        "NtGdiDdDDICreateSynchronizationObject",
+        "NtGdiDdDDIDestroyAllocation",
+        "NtGdiDdDDIDestroyAllocation2",
+        "NtGdiDdDDIDestroyContext",
+        "NtGdiDdDDIDestroyDCFromMemory",
+        "NtGdiDdDDIDestroyDevice",
+        "NtGdiDdDDIDestroyHwContext",
+        "NtGdiDdDDIDestroyHwQueue",
+        "NtGdiDdDDIDestroyKeyedMutex",
+        "NtGdiDdDDIDestroyOutputDupl",
+        "NtGdiDdDDIDestroyOverlay",
+        "NtGdiDdDDIDestroyPagingQueue",
+        "NtGdiDdDDIDestroySynchronizationObject",
+        "NtGdiDdDDIEnumAdapters",
+        "NtGdiDdDDIEnumAdapters2",
+        "NtGdiDdDDIEscape",
+        "NtGdiDdDDIEvict",
+        "NtGdiDdDDIFlipOverlay",
+        "NtGdiDdDDIFlushHeapTransitions",
+        "NtGdiDdDDIFreeGpuVirtualAddress",
+        "NtGdiDdDDIGetAllocationPriority",
+        "NtGdiDdDDIGetCachedHybridQueryValue",
+        "NtGdiDdDDIGetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetContextSchedulingPriority",
+        "NtGdiDdDDIGetDWMVerticalBlankEvent",
+        "NtGdiDdDDIGetDeviceState",
+        "NtGdiDdDDIGetDisplayModeList",
+        "NtGdiDdDDIGetMemoryBudgetTarget",
+        "NtGdiDdDDIGetMultiPlaneOverlayCaps",
+        "NtGdiDdDDIGetMultisampleMethodList",
+        "NtGdiDdDDIGetOverlayState",
+        "NtGdiDdDDIGetPostCompositionCaps",
+        "NtGdiDdDDIGetPresentHistory",
+        "NtGdiDdDDIGetPresentQueueEvent",
+        "NtGdiDdDDIGetProcessSchedulingPriorityBand",
+        "NtGdiDdDDIGetProcessSchedulingPriorityClass",
+        "NtGdiDdDDIGetResourcePresentPrivateDriverData",
+        "NtGdiDdDDIGetRuntimeData",
+        "NtGdiDdDDIGetScanLine",
+        "NtGdiDdDDIGetSetSwapChainMetadata",
+        "NtGdiDdDDIGetSharedPrimaryHandle",
+        "NtGdiDdDDIGetSharedResourceAdapterLuid",
+        "NtGdiDdDDIGetYieldPercentage",
+        "NtGdiDdDDIInvalidateActiveVidPn",
+        "NtGdiDdDDIInvalidateCache",
+        "NtGdiDdDDILock",
+        "NtGdiDdDDILock2",
+        "NtGdiDdDDIMakeResident",
+        "NtGdiDdDDIMapGpuVirtualAddress",
+        "NtGdiDdDDIMarkDeviceAsError",
+        "NtGdiDdDDINetDispGetNextChunkInfo",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceStatus",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceSupport",
+        "NtGdiDdDDINetDispStartMiracastDisplayDevice",
+        "NtGdiDdDDINetDispStopMiracastDisplayDevice",
+        "NtGdiDdDDINetDispStopSessions",
+        "NtGdiDdDDIOfferAllocations",
+        "NtGdiDdDDIOpenAdapterFromDeviceName",
+        "NtGdiDdDDIOpenAdapterFromHdc",
+        "NtGdiDdDDIOpenAdapterFromLuid",
+        "NtGdiDdDDIOpenKeyedMutex",
+        "NtGdiDdDDIOpenKeyedMutex2",
+        "NtGdiDdDDIOpenNtHandleFromName",
+        "NtGdiDdDDIOpenResource",
+        "NtGdiDdDDIOpenResourceFromNtHandle",
+        "NtGdiDdDDIOpenSwapChain",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle2",
+        "NtGdiDdDDIOpenSyncObjectNtHandleFromName",
+        "NtGdiDdDDIOpenSynchronizationObject",
+        "NtGdiDdDDIOutputDuplGetFrameInfo",
+        "NtGdiDdDDIOutputDuplGetMetaData",
+        "NtGdiDdDDIOutputDuplGetPointerShapeData",
+        "NtGdiDdDDIOutputDuplPresent",
+        "NtGdiDdDDIOutputDuplReleaseFrame",
+        "NtGdiDdDDIPinDirectFlipResources",
+        "NtGdiDdDDIPollDisplayChildren",
+        "NtGdiDdDDIPresent",
+        "NtGdiDdDDIPresentMultiPlaneOverlay",
+        "NtGdiDdDDIPresentMultiPlaneOverlay2",
+        "NtGdiDdDDIPresentMultiPlaneOverlay3",
+        "NtGdiDdDDIQueryAdapterInfo",
+        "NtGdiDdDDIQueryAllocationResidency",
+        "NtGdiDdDDIQueryClockCalibration",
+        "NtGdiDdDDIQueryFSEBlock",
+        "NtGdiDdDDIQueryProcessOfferInfo",
+        "NtGdiDdDDIQueryRemoteVidPnSourceFromGdiDisplayName",
+        "NtGdiDdDDIQueryResourceInfo",
+        "NtGdiDdDDIQueryResourceInfoFromNtHandle",
+        "NtGdiDdDDIQueryStatistics",
+        "NtGdiDdDDIQueryVidPnExclusiveOwnership",
+        "NtGdiDdDDIQueryVideoMemoryInfo",
+        "NtGdiDdDDIReclaimAllocations",
+        "NtGdiDdDDIReclaimAllocations2",
+        "NtGdiDdDDIReleaseKeyedMutex",
+        "NtGdiDdDDIReleaseKeyedMutex2",
+        "NtGdiDdDDIReleaseProcessVidPnSourceOwners",
+        "NtGdiDdDDIReleaseSwapChain",
+        "NtGdiDdDDIRender",
+        "NtGdiDdDDIReserveGpuVirtualAddress",
+        "NtGdiDdDDISetAllocationPriority",
+        "NtGdiDdDDISetContextInProcessSchedulingPriority",
+        "NtGdiDdDDISetContextSchedulingPriority",
+        "NtGdiDdDDISetDisplayMode",
+        "NtGdiDdDDISetDisplayPrivateDriverFormat",
+        "NtGdiDdDDISetDodIndirectSwapchain",
+        "NtGdiDdDDISetFSEBlock",
+        "NtGdiDdDDISetGammaRamp",
+        "NtGdiDdDDISetHwProtectionTeardownRecovery",
+        "NtGdiDdDDISetMemoryBudgetTarget",
+        "NtGdiDdDDISetProcessSchedulingPriorityBand",
+        "NtGdiDdDDISetProcessSchedulingPriorityClass",
+        "NtGdiDdDDISetQueuedLimit",
+        "NtGdiDdDDISetStablePowerState",
+        "NtGdiDdDDISetStereoEnabled",
+        "NtGdiDdDDISetSyncRefreshCountWaitTarget",
+        "NtGdiDdDDISetVidPnSourceHwProtection",
+        "NtGdiDdDDISetVidPnSourceOwner",
+        "NtGdiDdDDISetVidPnSourceOwner1",
+        "NtGdiDdDDISetYieldPercentage",
+        "NtGdiDdDDIShareObjects",
+        "NtGdiDdDDISharedPrimaryLockNotification",
+        "NtGdiDdDDISharedPrimaryUnLockNotification",
+        "NtGdiDdDDISignalSynchronizationObject",
+        "NtGdiDdDDISignalSynchronizationObjectFromCpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu2",
+        "NtGdiDdDDISubmitCommand",
+        "NtGdiDdDDISubmitCommandToHwQueue",
+        "NtGdiDdDDISubmitSignalSyncObjectsToHwQueue",
+        "NtGdiDdDDISubmitWaitForSyncObjectsToHwQueue",
+        "NtGdiDdDDITrimProcessCommitment",
+        "NtGdiDdDDIUnlock",
+        "NtGdiDdDDIUnlock2",
+        "NtGdiDdDDIUnpinDirectFlipResources",
+        "NtGdiDdDDIUpdateAllocationProperty",
+        "NtGdiDdDDIUpdateGpuVirtualAddress",
+        "NtGdiDdDDIUpdateOverlay",
+        "NtGdiDdDDIWaitForIdle",
+        "NtGdiDdDDIWaitForSynchronizationObject",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromCpu",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromGpu",
+        "NtGdiDdDDIWaitForVerticalBlankEvent",
+        "NtGdiDdDDIWaitForVerticalBlankEvent2",
+        "NtGdiDdDestroyFullscreenSprite",
+        "NtGdiDdNotifyFullscreenSpriteUpdate",
+        "NtGdiDdQueryVisRgnUniqueness",
+        "NtGdiDeleteColorTransform",
+        "NtGdiDescribePixelFormat",
+        "NtGdiDestroyOPMProtectedOutput",
+        "NtGdiDestroyPhysicalMonitor",
+        "NtGdiDoBanding",
+        "NtGdiDrawEscape",
+        "NtGdiDwmCreatedBitmapRemotingOutput",
+        "NtGdiEllipse",
+        "NtGdiEnableEudc",
+        "NtGdiEndDoc",
+        "NtGdiEndGdiRendering",
+        "NtGdiEndPage",
+        "NtGdiEngAlphaBlend",
+        "NtGdiEngAssociateSurface",
+        "NtGdiEngBitBlt",
+        "NtGdiEngCheckAbort",
+        "NtGdiEngComputeGlyphSet",
+        "NtGdiEngCopyBits",
+        "NtGdiEngCreateBitmap",
+        "NtGdiEngCreateClip",
+        "NtGdiEngCreateDeviceBitmap",
+        "NtGdiEngCreateDeviceSurface",
+        "NtGdiEngCreatePalette",
+        "NtGdiEngDeleteClip",
+        "NtGdiEngDeletePalette",
+        "NtGdiEngDeletePath",
+        "NtGdiEngDeleteSurface",
+        "NtGdiEngEraseSurface",
+        "NtGdiEngFillPath",
+        "NtGdiEngGradientFill",
+        "NtGdiEngLineTo",
+        "NtGdiEngLockSurface",
+        "NtGdiEngMarkBandingSurface",
+        "NtGdiEngPaint",
+        "NtGdiEngPlgBlt",
+        "NtGdiEngStretchBlt",
+        "NtGdiEngStretchBltROP",
+        "NtGdiEngStrokeAndFillPath",
+        "NtGdiEngStrokePath",
+        "NtGdiEngTextOut",
+        "NtGdiEngTransparentBlt",
+        "NtGdiEngUnlockSurface",
+        "NtGdiEnumFonts",
+        "NtGdiEnumObjects",
+        "NtGdiEudcLoadUnloadLink",
+        "NtGdiExtFloodFill",
+        "NtGdiFONTOBJ_cGetAllGlyphHandles",
+        "NtGdiFONTOBJ_cGetGlyphs",
+        "NtGdiFONTOBJ_pQueryGlyphAttrs",
+        "NtGdiFONTOBJ_pfdg",
+        "NtGdiFONTOBJ_pifi",
+        "NtGdiFONTOBJ_pvTrueTypeFontFile",
+        "NtGdiFONTOBJ_pxoGetXform",
+        "NtGdiFONTOBJ_vGetInfo",
+        "NtGdiFlattenPath",
+        "NtGdiFontIsLinked",
+        "NtGdiForceUFIMapping",
+        "NtGdiFrameRgn",
+        "NtGdiFullscreenControl",
+        "NtGdiGetAppliedDeviceGammaRamp",
+        "NtGdiGetBitmapDpiScaleValue",
+        "NtGdiGetBoundsRect",
+        "NtGdiGetCOPPCompatibleOPMInformation",
+        "NtGdiGetCertificate",
+        "NtGdiGetCertificateByHandle",
+        "NtGdiGetCertificateSize",
+        "NtGdiGetCertificateSizeByHandle",
+        "NtGdiGetCharABCWidthsW",
+        "NtGdiGetCharacterPlacementW",
+        "NtGdiGetColorAdjustment",
+        "NtGdiGetColorSpaceforBitmap",
+        "NtGdiGetCurrentDpiInfo",
+        "NtGdiGetDCDpiScaleValue",
+        "NtGdiGetDeviceCaps",
+        "NtGdiGetDeviceCapsAll",
+        "NtGdiGetDeviceGammaRamp",
+        "NtGdiGetDeviceWidth",
+        "NtGdiGetDhpdev",
+        "NtGdiGetETM",
+        "NtGdiGetEmbUFI",
+        "NtGdiGetEmbedFonts",
+        "NtGdiGetEntry",
+        "NtGdiGetEudcTimeStampEx",
+        "NtGdiGetFontFileData",
+        "NtGdiGetFontFileInfo",
+        "NtGdiGetFontResourceInfoInternalW",
+        "NtGdiGetFontUnicodeRanges",
+        "NtGdiGetGammaRampCapability",
+        "NtGdiGetGlyphIndicesW",
+        "NtGdiGetGlyphIndicesWInternal",
+        "NtGdiGetGlyphOutline",
+        "NtGdiGetKerningPairs",
+        "NtGdiGetLinkedUFIs",
+        "NtGdiGetMiterLimit",
+        "NtGdiGetMonitorID",
+        "NtGdiGetNumberOfPhysicalMonitors",
+        "NtGdiGetOPMInformation",
+        "NtGdiGetOPMRandomNumber",
+        "NtGdiGetObjectBitmapHandle",
+        "NtGdiGetPath",
+        "NtGdiGetPerBandInfo",
+        "NtGdiGetPhysicalMonitorDescription",
+        "NtGdiGetPhysicalMonitors",
+        "NtGdiGetProcessSessionFonts",
+        "NtGdiGetPublicFontTableChangeCookie",
+        "NtGdiGetRealizationInfo",
+        "NtGdiGetServerMetaFileBits",
+        "NtGdiGetSpoolMessage",
+        "NtGdiGetStats",
+        "NtGdiGetStringBitmapW",
+        "NtGdiGetSuggestedOPMProtectedOutputArraySize",
+        "NtGdiGetTextExtentExW",
+        "NtGdiGetUFI",
+        "NtGdiGetUFIPathname",
+        "NtGdiGradientFill",
+        "NtGdiHLSurfGetInformation",
+        "NtGdiHLSurfSetInformation",
+        "NtGdiHT_Get8BPPFormatPalette",
+        "NtGdiHT_Get8BPPMaskPalette",
+        "NtGdiIcmBrushInfo",
+        "NtGdiInit",
+        "NtGdiInitSpool",
+        "NtGdiMakeFontDir",
+        "NtGdiMakeInfoDC",
+        "NtGdiMakeObjectUnXferable",
+        "NtGdiMakeObjectXferable",
+        "NtGdiMirrorWindowOrg",
+        "NtGdiMonoBitmap",
+        "NtGdiMoveTo",
+        "NtGdiOffsetClipRgn",
+        "NtGdiPATHOBJ_bEnum",
+        "NtGdiPATHOBJ_bEnumClipLines",
+        "NtGdiPATHOBJ_vEnumStart",
+        "NtGdiPATHOBJ_vEnumStartClipLines",
+        "NtGdiPATHOBJ_vGetBounds",
+        "NtGdiPathToRegion",
+        "NtGdiPlgBlt",
+        "NtGdiPolyDraw",
+        "NtGdiPolyTextOutW",
+        "NtGdiPtInRegion",
+        "NtGdiPtVisible",
+        "NtGdiQueryFonts",
+        "NtGdiRemoveFontResourceW",
+        "NtGdiRemoveMergeFont",
+        "NtGdiResetDC",
+        "NtGdiResizePalette",
+        "NtGdiRoundRect",
+        "NtGdiSTROBJ_bEnum",
+        "NtGdiSTROBJ_bEnumPositionsOnly",
+        "NtGdiSTROBJ_bGetAdvanceWidths",
+        "NtGdiSTROBJ_dwGetCodePage",
+        "NtGdiSTROBJ_vEnumStart",
+        "NtGdiScaleRgn",
+        "NtGdiScaleValues",
+        "NtGdiScaleViewportExtEx",
+        "NtGdiScaleWindowExtEx",
+        "NtGdiSelectBrush",
+        "NtGdiSelectClipPath",
+        "NtGdiSelectPen",
+        "NtGdiSetBitmapAttributes",
+        "NtGdiSetBrushAttributes",
+        "NtGdiSetColorAdjustment",
+        "NtGdiSetColorSpace",
+        "NtGdiSetDeviceGammaRamp",
+        "NtGdiSetFontXform",
+        "NtGdiSetIcmMode",
+        "NtGdiSetLinkedUFIs",
+        "NtGdiSetMagicColors",
+        "NtGdiSetOPMSigningKeyAndSequenceNumbers",
+        "NtGdiSetPUMPDOBJ",
+        "NtGdiSetPixelFormat",
+        "NtGdiSetPrivateDeviceGammaRamp",
+        "NtGdiSetRectRgn",
+        "NtGdiSetSizeDevice",
+        "NtGdiSetSystemPaletteUse",
+        "NtGdiSetTextJustification",
+        "NtGdiSetUMPDSandboxState",
+        "NtGdiStartDoc",
+        "NtGdiStartPage",
+        "NtGdiStrokeAndFillPath",
+        "NtGdiStrokePath",
+        "NtGdiSwapBuffers",
+        "NtGdiTransparentBlt",
+        "NtGdiUMPDEngFreeUserMem",
+        "NtGdiUnloadPrinterDriver",
+        "NtGdiUnmapMemFont",
+        "NtGdiUpdateColors",
+        "NtGdiUpdateTransform",
+        "NtGdiWidenPath",
+        "NtGdiXFORMOBJ_bApplyXform",
+        "NtGdiXFORMOBJ_iGetXform",
+        "NtGdiXLATEOBJ_cGetPalette",
+        "NtGdiXLATEOBJ_hGetColorTransform",
+        "NtGdiXLATEOBJ_iXlate",
+        "NtHWCursorUpdatePointer",
+        "NtMITActivateInputProcessing",
+        "NtMITBindInputTypeToMonitors",
+        "NtMITCoreMsgKGetConnectionHandle",
+        "NtMITCoreMsgKOpenConnectionTo",
+        "NtMITCoreMsgKSend",
+        "NtMITDeactivateInputProcessing",
+        "NtMITDisableMouseIntercept",
+        "NtMITEnableMouseIntercept",
+        "NtMITSetInputCallbacks",
+        "NtMITSynthesizeMouseInput",
+        "NtMITSynthesizeMouseWheel",
+        "NtMITSynthesizeTouchInput",
+        "NtMITUpdateInputGlobals",
+        "NtMITWaitForMultipleObjectsEx",
+        "NtNotifyPresentToCompositionSurface",
+        "NtOpenCompositionSurfaceDirtyRegion",
+        "NtOpenCompositionSurfaceSectionInfo",
+        "NtOpenCompositionSurfaceSwapChainHandleInfo",
+        "NtQueryCompositionInputIsImplicit",
+        "NtQueryCompositionInputQueueAndTransform",
+        "NtQueryCompositionInputSink",
+        "NtQueryCompositionInputSinkLuid",
+        "NtQueryCompositionInputSinkViewId",
+        "NtQueryCompositionSurfaceBinding",
+        "NtQueryCompositionSurfaceHDRMetaData",
+        "NtQueryCompositionSurfaceRenderingRealization",
+        "NtQueryCompositionSurfaceStatistics",
+        "NtRIMAddInputObserver",
+        "NtRIMAreSiblingDevices",
+        "NtRIMDeviceIoControl",
+        "NtRIMFreeInputBuffer",
+        "NtRIMGetDevicePreparsedData",
+        "NtRIMGetDevicePreparsedDataLockfree",
+        "NtRIMGetDeviceProperties",
+        "NtRIMGetDevicePropertiesLockfree",
+        "NtRIMGetPhysicalDeviceRect",
+        "NtRIMGetSourceProcessId",
+        "NtRIMObserveNextInput",
+        "NtRIMOnPnpNotification",
+        "NtRIMOnTimerNotification",
+        "NtRIMReadInput",
+        "NtRIMRegisterForInput",
+        "NtRIMRemoveInputObserver",
+        "NtRIMSetTestModeStatus",
+        "NtRIMUnregisterForInput",
+        "NtRIMUpdateInputObserverRegistration",
+        "NtSetCompositionSurfaceAnalogExclusive",
+        "NtSetCompositionSurfaceBufferUsage",
+        "NtSetCompositionSurfaceDirectFlipState",
+        "NtSetCompositionSurfaceHDRMetaData",
+        "NtSetCompositionSurfaceIndependentFlipInfo",
+        "NtSetCompositionSurfaceStatistics",
+        "NtTokenManagerConfirmOutstandingAnalogToken",
+        "NtTokenManagerCreateCompositionTokenHandle",
+        "NtTokenManagerGetAnalogExclusiveSurfaceUpdates",
+        "NtTokenManagerGetAnalogExclusiveTokenEvent",
+        "NtTokenManagerOpenSectionAndEvents",
+        "NtTokenManagerThread",
+        "NtUnBindCompositionSurface",
+        "NtUpdateInputSinkTransforms",
+        "NtUserAcquireIAMKey",
+        "NtUserAcquireInteractiveControlBackgroundAccess",
+        "NtUserAddClipboardFormatListener",
+        "NtUserAssociateInputContext",
+        "NtUserAutoPromoteMouseInPointer",
+        "NtUserAutoRotateScreen",
+        "NtUserBeginLayoutUpdate",
+        "NtUserBlockInput",
+        "NtUserBroadcastThemeChangeEvent",
+        "NtUserBuildHimcList",
+        "NtUserBuildPropList",
+        "NtUserCalculatePopupWindowPosition",
+        "NtUserCallHwndOpt",
+        "NtUserCanBrokerForceForeground",
+        "NtUserChangeDisplaySettings",
+        "NtUserChangeWindowMessageFilterEx",
+        "NtUserCheckAccessForIntegrityLevel",
+        "NtUserCheckProcessForClipboardAccess",
+        "NtUserCheckProcessSession",
+        "NtUserCheckWindowThreadDesktop",
+        "NtUserChildWindowFromPointEx",
+        "NtUserClearForeground",
+        "NtUserClipCursor",
+        "NtUserCompositionInputSinkLuidFromPoint",
+        "NtUserCompositionInputSinkViewInstanceIdFromPoint",
+        "NtUserConfirmResizeCommit",
+        "NtUserCreateDCompositionHwndTarget",
+        "NtUserCreateDesktopEx",
+        "NtUserCreateInputContext",
+        "NtUserCreateWindowStation",
+        "NtUserCtxDisplayIOCtl",
+        "NtUserDeferWindowPosAndBand",
+        "NtUserDelegateCapturePointers",
+        "NtUserDelegateInput",
+        "NtUserDestroyDCompositionHwndTarget",
+        "NtUserDestroyInputContext",
+        "NtUserDisableImmersiveOwner",
+        "NtUserDisableProcessWindowFiltering",
+        "NtUserDisableThreadIme",
+        "NtUserDiscardPointerFrameMessages",
+        "NtUserDisplayConfigGetDeviceInfo",
+        "NtUserDisplayConfigSetDeviceInfo",
+        "NtUserDoSoundConnect",
+        "NtUserDoSoundDisconnect",
+        "NtUserDragDetect",
+        "NtUserDragObject",
+        "NtUserDrawAnimatedRects",
+        "NtUserDrawCaption",
+        "NtUserDrawCaptionTemp",
+        "NtUserDrawMenuBarTemp",
+        "NtUserDwmGetRemoteSessionOcclusionEvent",
+        "NtUserDwmGetRemoteSessionOcclusionState",
+        "NtUserDwmKernelShutdown",
+        "NtUserDwmKernelStartup",
+        "NtUserDwmValidateWindow",
+        "NtUserEnableChildWindowDpiMessage",
+        "NtUserEnableIAMAccess",
+        "NtUserEnableMouseInPointer",
+        "NtUserEnableMouseInputForCursorSuppression",
+        "NtUserEnableNonClientDpiScaling",
+        "NtUserEnableResizeLayoutSynchronization",
+        "NtUserEnableTouchPad",
+        "NtUserEnableWindowGDIScaledDpiMessage",
+        "NtUserEnableWindowResizeOptimization",
+        "NtUserEndMenu",
+        "NtUserEvent",
+        "NtUserFlashWindowEx",
+        "NtUserFrostCrashedWindow",
+        "NtUserFunctionalizeDisplayConfig",
+        "NtUserGetAppImeLevel",
+        "NtUserGetAutoRotationState",
+        "NtUserGetCIMSSM",
+        "NtUserGetCaretPos",
+        "NtUserGetClipCursor",
+        "NtUserGetClipboardAccessToken",
+        "NtUserGetClipboardViewer",
+        "NtUserGetComboBoxInfo",
+        "NtUserGetCurrentInputMessageSource",
+        "NtUserGetCursorDims",
+        "NtUserGetCursorInfo",
+        "NtUserGetDManipHookInitFunction",
+        "NtUserGetDesktopID",
+        "NtUserGetDisplayAutoRotationPreferences",
+        "NtUserGetDisplayAutoRotationPreferencesByProcessId",
+        "NtUserGetDisplayConfigBufferSizes",
+        "NtUserGetDpiForMonitor",
+        "NtUserGetGestureConfig",
+        "NtUserGetGestureExtArgs",
+        "NtUserGetGestureInfo",
+        "NtUserGetGuiResources",
+        "NtUserGetHimetricScaleFactorFromPixelLocation",
+        "NtUserGetImeHotKey",
+        "NtUserGetImeInfoEx",
+        "NtUserGetInputLocaleInfo",
+        "NtUserGetInteractiveControlDeviceInfo",
+        "NtUserGetInteractiveControlInfo",
+        "NtUserGetInteractiveCtrlSupportedWaveforms",
+        "NtUserGetInternalWindowPos",
+        "NtUserGetKeyNameText",
+        "NtUserGetKeyboardLayoutName",
+        "NtUserGetLayeredWindowAttributes",
+        "NtUserGetListBoxInfo",
+        "NtUserGetMenuIndex",
+        "NtUserGetMenuItemRect",
+        "NtUserGetMouseMovePointsEx",
+        "NtUserGetPhysicalDeviceRect",
+        "NtUserGetPointerCursorId",
+        "NtUserGetPointerDevice",
+        "NtUserGetPointerDeviceCursors",
+        "NtUserGetPointerDeviceProperties",
+        "NtUserGetPointerDeviceRects",
+        "NtUserGetPointerDevices",
+        "NtUserGetPointerFrameArrivalTimes",
+        "NtUserGetPointerInfoList",
+        "NtUserGetPointerInputTransform",
+        "NtUserGetPointerType",
+        "NtUserGetPrecisionTouchPadConfiguration",
+        "NtUserGetPriorityClipboardFormat",
+        "NtUserGetProcessDpiAwarenessContext",
+        "NtUserGetProcessUIContextInformation",
+        "NtUserGetQueueStatusReadonly",
+        "NtUserGetRawInputBuffer",
+        "NtUserGetRawInputData",
+        "NtUserGetRawInputDeviceInfo",
+        "NtUserGetRawInputDeviceList",
+        "NtUserGetRawPointerDeviceData",
+        "NtUserGetRegisteredRawInputDevices",
+        "NtUserGetResizeDCompositionSynchronizationObject",
+        "NtUserGetTopLevelWindow",
+        "NtUserGetTouchInputInfo",
+        "NtUserGetTouchValidationStatus",
+        "NtUserGetUpdatedClipboardFormats",
+        "NtUserGetWOWClass",
+        "NtUserGetWindowBand",
+        "NtUserGetWindowCompositionAttribute",
+        "NtUserGetWindowCompositionInfo",
+        "NtUserGetWindowDisplayAffinity",
+        "NtUserGetWindowFeedbackSetting",
+        "NtUserGetWindowMinimizeRect",
+        "NtUserGetWindowRgnEx",
+        "NtUserGhostWindowFromHungWindow",
+        "NtUserHandleDelegatedInput",
+        "NtUserHardErrorControl",
+        "NtUserHidePointerContactVisualization",
+        "NtUserHiliteMenuItem",
+        "NtUserHungWindowFromGhostWindow",
+        "NtUserHwndQueryRedirectionInfo",
+        "NtUserHwndSetRedirectionInfo",
+        "NtUserImpersonateDdeClientWindow",
+        "NtUserInheritWindowMonitor",
+        "NtUserInitTask",
+        "NtUserInitialize",
+        "NtUserInitializeClientPfnArrays",
+        "NtUserInitializeGenericHidInjection",
+        "NtUserInitializeInputDeviceInjection",
+        "NtUserInitializePointerDeviceInjection",
+        "NtUserInitializePointerDeviceInjectionEx",
+        "NtUserInitializeTouchInjection",
+        "NtUserInjectDeviceInput",
+        "NtUserInjectGenericHidInput",
+        "NtUserInjectGesture",
+        "NtUserInjectKeyboardInput",
+        "NtUserInjectMouseInput",
+        "NtUserInjectPointerInput",
+        "NtUserInjectTouchInput",
+        "NtUserInteractiveControlQueryUsage",
+        "NtUserInternalGetWindowIcon",
+        "NtUserIsChildWindowDpiMessageEnabled",
+        "NtUserIsMouseInPointerEnabled",
+        "NtUserIsMouseInputEnabled",
+        "NtUserIsNonClientDpiScalingEnabled",
+        "NtUserIsResizeLayoutSynchronizationEnabled",
+        "NtUserIsTopLevelWindow",
+        "NtUserIsTouchWindow",
+        "NtUserIsWindowBroadcastingDpiToChildren",
+        "NtUserIsWindowGDIScaledDpiMessageEnabled",
+        "NtUserLayoutCompleted",
+        "NtUserLinkDpiCursor",
+        "NtUserLoadKeyboardLayoutEx",
+        "NtUserLockCursor",
+        "NtUserLockWindowStation",
+        "NtUserLockWorkStation",
+        "NtUserLogicalToPerMonitorDPIPhysicalPoint",
+        "NtUserLogicalToPhysicalPoint",
+        "NtUserMNDragLeave",
+        "NtUserMNDragOver",
+        "NtUserMagControl",
+        "NtUserMagGetContextInformation",
+        "NtUserMagSetContextInformation",
+        "NtUserMenuItemFromPoint",
+        "NtUserMinMaximize",
+        "NtUserModifyWindowTouchCapability",
+        "NtUserNavigateFocus",
+        "NtUserNotifyIMEStatus",
+        "NtUserOpenInputDesktop",
+        "NtUserOpenThreadDesktop",
+        "NtUserPaintMonitor",
+        "NtUserPerMonitorDPIPhysicalToLogicalPoint",
+        "NtUserPhysicalToLogicalPoint",
+        "NtUserPrintWindow",
+        "NtUserProcessInkFeedbackCommand",
+        "NtUserPromoteMouseInPointer",
+        "NtUserPromotePointer",
+        "NtUserQueryBSDRWindow",
+        "NtUserQueryDisplayConfig",
+        "NtUserQueryInformationThread",
+        "NtUserQueryInputContext",
+        "NtUserQuerySendMessage",
+        "NtUserRealChildWindowFromPoint",
+        "NtUserRealWaitMessageEx",
+        "NtUserRegisterBSDRWindow",
+        "NtUserRegisterDManipHook",
+        "NtUserRegisterEdgy",
+        "NtUserRegisterErrorReportingDialog",
+        "NtUserRegisterHotKey",
+        "NtUserRegisterManipulationThread",
+        "NtUserRegisterPointerDeviceNotifications",
+        "NtUserRegisterPointerInputTarget",
+        "NtUserRegisterRawInputDevices",
+        "NtUserRegisterServicesProcess",
+        "NtUserRegisterSessionPort",
+        "NtUserRegisterShellPTPListener",
+        "NtUserRegisterTasklist",
+        "NtUserRegisterTouchHitTestingWindow",
+        "NtUserRegisterTouchPadCapable",
+        "NtUserRegisterUserApiHook",
+        "NtUserReleaseDwmHitTestWaiters",
+        "NtUserRemoteConnect",
+        "NtUserRemoteRedrawRectangle",
+        "NtUserRemoteRedrawScreen",
+        "NtUserRemoteStopScreenUpdates",
+        "NtUserRemoveClipboardFormatListener",
+        "NtUserRemoveInjectionDevice",
+        "NtUserReportInertia",
+        "NtUserResolveDesktopForWOW",
+        "NtUserSendEventMessage",
+        "NtUserSendInteractiveControlHapticsReport",
+        "NtUserSetActivationFilter",
+        "NtUserSetActiveProcessForMonitor",
+        "NtUserSetAppImeLevel",
+        "NtUserSetAutoRotation",
+        "NtUserSetBrokeredForeground",
+        "NtUserSetCalibrationData",
+        "NtUserSetChildWindowNoActivate",
+        "NtUserSetClassWord",
+        "NtUserSetCoreWindow",
+        "NtUserSetCoreWindowPartner",
+        "NtUserSetCursorContents",
+        "NtUserSetDialogControlDpiChangeBehavior",
+        "NtUserSetDisplayAutoRotationPreferences",
+        "NtUserSetDisplayConfig",
+        "NtUserSetDisplayMapping",
+        "NtUserSetFallbackForeground",
+        "NtUserSetFeatureReportResponse",
+        "NtUserSetGestureConfig",
+        "NtUserSetImeHotKey",
+        "NtUserSetImeInfoEx",
+        "NtUserSetImeOwnerWindow",
+        "NtUserSetInteractiveControlFocus",
+        "NtUserSetInteractiveCtrlRotationAngle",
+        "NtUserSetInternalWindowPos",
+        "NtUserSetLayeredWindowAttributes",
+        "NtUserSetManipulationInputTarget",
+        "NtUserSetMenu",
+        "NtUserSetMenuContextHelpId",
+        "NtUserSetMenuFlagRtoL",
+        "NtUserSetMirrorRendering",
+        "NtUserSetObjectInformation",
+        "NtUserSetPrecisionTouchPadConfiguration",
+        "NtUserSetProcessDpiAwarenessContext",
+        "NtUserSetProcessInteractionFlags",
+        "NtUserSetProcessRestrictionExemption",
+        "NtUserSetProcessUIAccessZorder",
+        "NtUserSetShellWindowEx",
+        "NtUserSetSysColors",
+        "NtUserSetSystemCursor",
+        "NtUserSetSystemTimer",
+        "NtUserSetThreadInputBlocked",
+        "NtUserSetThreadLayoutHandles",
+        "NtUserSetWindowArrangement",
+        "NtUserSetWindowBand",
+        "NtUserSetWindowCompositionAttribute",
+        "NtUserSetWindowCompositionTransition",
+        "NtUserSetWindowDisplayAffinity",
+        "NtUserSetWindowFeedbackSetting",
+        "NtUserSetWindowRgnEx",
+        "NtUserSetWindowShowState",
+        "NtUserSetWindowStationUser",
+        "NtUserShowSystemCursor",
+        "NtUserShutdownBlockReasonCreate",
+        "NtUserShutdownBlockReasonQuery",
+        "NtUserShutdownReasonDestroy",
+        "NtUserSignalRedirectionStartComplete",
+        "NtUserSlicerControl",
+        "NtUserSoundSentry",
+        "NtUserSwitchDesktop",
+        "NtUserSystemParametersInfoForDpi",
+        "NtUserTestForInteractiveUser",
+        "NtUserTrackPopupMenuEx",
+        "NtUserTransformPoint",
+        "NtUserTransformRect",
+        "NtUserUndelegateInput",
+        "NtUserUnloadKeyboardLayout",
+        "NtUserUnlockWindowStation",
+        "NtUserUnregisterHotKey",
+        "NtUserUnregisterSessionPort",
+        "NtUserUnregisterUserApiHook",
+        "NtUserUpdateDefaultDesktopThumbnail",
+        "NtUserUpdateInputContext",
+        "NtUserUpdateInstance",
+        "NtUserUpdateLayeredWindow",
+        "NtUserUpdatePerUserSystemParameters",
+        "NtUserUpdateWindowInputSinkHints",
+        "NtUserUpdateWindowTrackingInfo",
+        "NtUserUserHandleGrantAccess",
+        "NtUserValidateHandleSecure",
+        "NtUserWaitAvailableMessageEx",
+        "NtUserWaitForInputIdle",
+        "NtUserWaitForMsgAndEvent",
+        "NtUserWaitForRedirectionStartComplete",
+        "NtUserWindowFromPhysicalPoint",
+        "NtValidateCompositionSurfaceHandle",
+        "NtVisualCaptureBits",
+        "NtUserSetClassLongPtr",
+        "NtUserSetWindowLongPtr"
+    ],
+    [
+        "NtAccessCheck",
+        "NtWorkerFactoryWorkerReady",
+        "NtAcceptConnectPort",
+        "NtMapUserPhysicalPagesScatter",
+        "NtWaitForSingleObject",
+        "NtCallbackReturn",
+        "NtReadFile",
+        "NtDeviceIoControlFile",
+        "NtWriteFile",
+        "NtRemoveIoCompletion",
+        "NtReleaseSemaphore",
+        "NtReplyWaitReceivePort",
+        "NtReplyPort",
+        "NtSetInformationThread",
+        "NtSetEvent",
+        "NtClose",
+        "NtQueryObject",
+        "NtQueryInformationFile",
+        "NtOpenKey",
+        "NtEnumerateValueKey",
+        "NtFindAtom",
+        "NtQueryDefaultLocale",
+        "NtQueryKey",
+        "NtQueryValueKey",
+        "NtAllocateVirtualMemory",
+        "NtQueryInformationProcess",
+        "NtWaitForMultipleObjects32",
+        "NtWriteFileGather",
+        "NtSetInformationProcess",
+        "NtCreateKey",
+        "NtFreeVirtualMemory",
+        "NtImpersonateClientOfPort",
+        "NtReleaseMutant",
+        "NtQueryInformationToken",
+        "NtRequestWaitReplyPort",
+        "NtQueryVirtualMemory",
+        "NtOpenThreadToken",
+        "NtQueryInformationThread",
+        "NtOpenProcess",
+        "NtSetInformationFile",
+        "NtMapViewOfSection",
+        "NtAccessCheckAndAuditAlarm",
+        "NtUnmapViewOfSection",
+        "NtReplyWaitReceivePortEx",
+        "NtTerminateProcess",
+        "NtSetEventBoostPriority",
+        "NtReadFileScatter",
+        "NtOpenThreadTokenEx",
+        "NtOpenProcessTokenEx",
+        "NtQueryPerformanceCounter",
+        "NtEnumerateKey",
+        "NtOpenFile",
+        "NtDelayExecution",
+        "NtQueryDirectoryFile",
+        "NtQuerySystemInformation",
+        "NtOpenSection",
+        "NtQueryTimer",
+        "NtFsControlFile",
+        "NtWriteVirtualMemory",
+        "NtCloseObjectAuditAlarm",
+        "NtDuplicateObject",
+        "NtQueryAttributesFile",
+        "NtClearEvent",
+        "NtReadVirtualMemory",
+        "NtOpenEvent",
+        "NtAdjustPrivilegesToken",
+        "NtDuplicateToken",
+        "NtContinue",
+        "NtQueryDefaultUILanguage",
+        "NtQueueApcThread",
+        "NtYieldExecution",
+        "NtAddAtom",
+        "NtCreateEvent",
+        "NtQueryVolumeInformationFile",
+        "NtCreateSection",
+        "NtFlushBuffersFile",
+        "NtApphelpCacheControl",
+        "NtCreateProcessEx",
+        "NtCreateThread",
+        "NtIsProcessInJob",
+        "NtProtectVirtualMemory",
+        "NtQuerySection",
+        "NtResumeThread",
+        "NtTerminateThread",
+        "NtReadRequestData",
+        "NtCreateFile",
+        "NtQueryEvent",
+        "NtWriteRequestData",
+        "NtOpenDirectoryObject",
+        "NtAccessCheckByTypeAndAuditAlarm",
+        "NtQuerySystemTime",
+        "NtWaitForMultipleObjects",
+        "NtSetInformationObject",
+        "NtCancelIoFile",
+        "NtTraceEvent",
+        "NtPowerInformation",
+        "NtSetValueKey",
+        "NtCancelTimer",
+        "NtSetTimer",
+        "NtAccessCheckByType",
+        "NtAccessCheckByTypeResultList",
+        "NtAccessCheckByTypeResultListAndAuditAlarm",
+        "NtAccessCheckByTypeResultListAndAuditAlarmByHandle",
+        "NtAcquireProcessActivityReference",
+        "NtAddAtomEx",
+        "NtAddBootEntry",
+        "NtAddDriverEntry",
+        "NtAdjustGroupsToken",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAlertResumeThread",
+        "NtAlertThread",
+        "NtAlertThreadByThreadId",
+        "NtAllocateLocallyUniqueId",
+        "NtAllocateReserveObject",
+        "NtAllocateUserPhysicalPages",
+        "NtAllocateUuids",
+        "NtAlpcAcceptConnectPort",
+        "NtAlpcCancelMessage",
+        "NtAlpcConnectPort",
+        "NtAlpcConnectPortEx",
+        "NtAlpcCreatePort",
+        "NtAlpcCreatePortSection",
+        "NtAlpcCreateResourceReserve",
+        "NtAlpcCreateSectionView",
+        "NtAlpcCreateSecurityContext",
+        "NtAlpcDeletePortSection",
+        "NtAlpcDeleteResourceReserve",
+        "NtAlpcDeleteSectionView",
+        "NtAlpcDeleteSecurityContext",
+        "NtAlpcDisconnectPort",
+        "NtAlpcImpersonateClientContainerOfPort",
+        "NtAlpcImpersonateClientOfPort",
+        "NtAlpcOpenSenderProcess",
+        "NtAlpcOpenSenderThread",
+        "NtAlpcQueryInformation",
+        "NtAlpcQueryInformationMessage",
+        "NtAlpcRevokeSecurityContext",
+        "NtAlpcSendWaitReceivePort",
+        "NtAlpcSetInformation",
+        "NtAreMappedFilesTheSame",
+        "NtAssignProcessToJobObject",
+        "NtAssociateWaitCompletionPacket",
+        "NtCancelIoFileEx",
+        "NtCancelSynchronousIoFile",
+        "NtCancelTimer2",
+        "NtCancelWaitCompletionPacket",
+        "NtCommitComplete",
+        "NtCommitEnlistment",
+        "NtCommitRegistryTransaction",
+        "NtCommitTransaction",
+        "NtCompactKeys",
+        "NtCompareObjects",
+        "NtCompareSigningLevels",
+        "NtCompareTokens",
+        "ArbPreprocessEntry",
+        "NtCompressKey",
+        "NtConnectPort",
+        "NtConvertBetweenAuxiliaryCounterAndPerformanceCounter",
+        "NtCreateDebugObject",
+        "NtCreateDirectoryObject",
+        "NtCreateDirectoryObjectEx",
+        "NtCreateEnclave",
+        "NtCreateEnlistment",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtCreateIRTimer",
+        "NtCreateIoCompletion",
+        "NtCreateJobObject",
+        "ArbAddReserved",
+        "NtCreateKeyTransacted",
+        "NtCreateKeyedEvent",
+        "NtCreateLowBoxToken",
+        "NtCreateMailslotFile",
+        "NtCreateMutant",
+        "NtCreateNamedPipeFile",
+        "NtCreatePagingFile",
+        "NtCreatePartition",
+        "NtCreatePort",
+        "NtCreatePrivateNamespace",
+        "NtCreateProcess",
+        "NtCreateProfile",
+        "NtCreateProfileEx",
+        "NtCreateRegistryTransaction",
+        "NtCreateResourceManager",
+        "NtCreateSemaphore",
+        "NtCreateSymbolicLinkObject",
+        "NtCreateThreadEx",
+        "NtCreateTimer",
+        "NtCreateTimer2",
+        "NtCreateToken",
+        "NtCreateTokenEx",
+        "NtCreateTransaction",
+        "NtCreateTransactionManager",
+        "NtCreateUserProcess",
+        "NtCreateWaitCompletionPacket",
+        "NtCreateWaitablePort",
+        "NtCreateWnfStateName",
+        "NtCreateWorkerFactory",
+        "NtDebugActiveProcess",
+        "NtDebugContinue",
+        "NtDeleteAtom",
+        "NtDeleteBootEntry",
+        "NtDeleteDriverEntry",
+        "NtDeleteFile",
+        "NtDeleteKey",
+        "NtDeleteObjectAuditAlarm",
+        "NtDeletePrivateNamespace",
+        "NtDeleteValueKey",
+        "NtDeleteWnfStateData",
+        "NtDeleteWnfStateName",
+        "NtDisableLastKnownGood",
+        "NtDisplayString",
+        "NtDrawText",
+        "NtEnableLastKnownGood",
+        "NtEnumerateBootEntries",
+        "NtEnumerateDriverEntries",
+        "NtEnumerateSystemEnvironmentValuesEx",
+        "NtEnumerateTransactionObject",
+        "NtExtendSection",
+        "NtFilterBootOption",
+        "NtFilterToken",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtFlushBuffersFileEx",
+        "NtFlushInstallUILanguage",
+        "ArbPreprocessEntry",
+        "NtFlushKey",
+        "NtFlushProcessWriteBuffers",
+        "NtFlushVirtualMemory",
+        "NtFlushWriteBuffer",
+        "NtFreeUserPhysicalPages",
+        "NtFreezeRegistry",
+        "NtFreezeTransactions",
+        "NtGetCachedSigningLevel",
+        "NtGetCompleteWnfStateSubscription",
+        "NtGetContextThread",
+        "NtGetCurrentProcessorNumber",
+        "NtGetCurrentProcessorNumberEx",
+        "NtGetDevicePowerState",
+        "NtGetMUIRegistryInfo",
+        "NtGetNextProcess",
+        "NtGetNextThread",
+        "NtGetNlsSectionPtr",
+        "NtGetNotificationResourceManager",
+        "NtGetWriteWatch",
+        "NtImpersonateAnonymousToken",
+        "NtImpersonateThread",
+        "NtInitializeEnclave",
+        "NtInitializeNlsFiles",
+        "NtInitializeRegistry",
+        "NtInitiatePowerAction",
+        "NtIsSystemResumeAutomatic",
+        "NtIsUILanguageComitted",
+        "NtListenPort",
+        "NtLoadDriver",
+        "NtLoadEnclaveData",
+        "NtLoadHotPatch",
+        "NtLoadKey",
+        "NtLoadKey2",
+        "NtLoadKeyEx",
+        "NtLockFile",
+        "NtLockProductActivationKeys",
+        "NtLockRegistryKey",
+        "NtLockVirtualMemory",
+        "NtMakePermanentObject",
+        "NtMakeTemporaryObject",
+        "NtManagePartition",
+        "NtMapCMFModule",
+        "NtMapUserPhysicalPages",
+        "NtModifyBootEntry",
+        "NtModifyDriverEntry",
+        "NtNotifyChangeDirectoryFile",
+        "NtNotifyChangeKey",
+        "NtNotifyChangeMultipleKeys",
+        "NtNotifyChangeSession",
+        "NtOpenEnlistment",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtOpenIoCompletion",
+        "NtOpenJobObject",
+        "NtOpenKeyEx",
+        "NtOpenKeyTransacted",
+        "NtOpenKeyTransactedEx",
+        "NtOpenKeyedEvent",
+        "NtOpenMutant",
+        "NtOpenObjectAuditAlarm",
+        "NtOpenPartition",
+        "NtOpenPrivateNamespace",
+        "NtOpenProcessToken",
+        "NtOpenRegistryTransaction",
+        "NtOpenResourceManager",
+        "NtOpenSemaphore",
+        "NtOpenSession",
+        "NtOpenSymbolicLinkObject",
+        "NtOpenThread",
+        "NtOpenTimer",
+        "NtOpenTransaction",
+        "NtOpenTransactionManager",
+        "NtPlugPlayControl",
+        "NtPrePrepareComplete",
+        "NtPrePrepareEnlistment",
+        "NtPrepareComplete",
+        "NtPrepareEnlistment",
+        "NtPrivilegeCheck",
+        "NtPrivilegeObjectAuditAlarm",
+        "NtPrivilegedServiceAuditAlarm",
+        "NtPropagationComplete",
+        "NtPropagationFailed",
+        "NtPulseEvent",
+        "NtQueryAuxiliaryCounterFrequency",
+        "NtQueryBootEntryOrder",
+        "NtQueryBootOptions",
+        "NtQueryDebugFilterState",
+        "NtQueryDirectoryObject",
+        "NtQueryDriverEntryOrder",
+        "NtQueryEaFile",
+        "NtQueryFullAttributesFile",
+        "NtQueryInformationAtom",
+        "NtQueryInformationByName",
+        "NtQueryInformationEnlistment",
+        "NtQueryInformationJobObject",
+        "NtQueryInformationPort",
+        "NtQueryInformationResourceManager",
+        "NtQueryInformationTransaction",
+        "NtQueryInformationTransactionManager",
+        "NtQueryInformationWorkerFactory",
+        "NtQueryInstallUILanguage",
+        "NtQueryIntervalProfile",
+        "NtQueryIoCompletion",
+        "NtQueryLicenseValue",
+        "NtQueryMultipleValueKey",
+        "NtQueryMutant",
+        "NtQueryOpenSubKeys",
+        "NtQueryOpenSubKeysEx",
+        "CmpForceInvalidatePreCallback",
+        "NtQueryQuotaInformationFile",
+        "NtQuerySecurityAttributesToken",
+        "NtQuerySecurityObject",
+        "NtQuerySecurityPolicy",
+        "NtQuerySemaphore",
+        "NtQuerySymbolicLinkObject",
+        "NtQuerySystemEnvironmentValue",
+        "NtQuerySystemEnvironmentValueEx",
+        "NtQuerySystemInformationEx",
+        "NtQueryTimerResolution",
+        "NtQueryWnfStateData",
+        "NtQueryWnfStateNameInformation",
+        "NtQueueApcThreadEx",
+        "NtRaiseException",
+        "NtRaiseHardError",
+        "NtReadOnlyEnlistment",
+        "NtRecoverEnlistment",
+        "NtRecoverResourceManager",
+        "NtRecoverTransactionManager",
+        "NtRegisterProtocolAddressInformation",
+        "NtRegisterThreadTerminatePort",
+        "NtReleaseKeyedEvent",
+        "NtReleaseWorkerFactoryWorker",
+        "NtRemoveIoCompletionEx",
+        "NtRemoveProcessDebug",
+        "NtRenameKey",
+        "NtRenameTransactionManager",
+        "NtReplaceKey",
+        "NtReplacePartitionUnit",
+        "NtReplyWaitReplyPort",
+        "NtRequestPort",
+        "NtResetEvent",
+        "NtResetWriteWatch",
+        "NtRestoreKey",
+        "NtResumeProcess",
+        "NtRevertContainerImpersonation",
+        "NtRollbackComplete",
+        "NtRollbackEnlistment",
+        "NtRollbackRegistryTransaction",
+        "NtRollbackTransaction",
+        "NtRollforwardTransactionManager",
+        "NtSaveKey",
+        "NtSaveKeyEx",
+        "NtSaveMergedKeys",
+        "NtSecureConnectPort",
+        "NtSerializeBoot",
+        "NtSetBootEntryOrder",
+        "NtSetBootOptions",
+        "NtSetCachedSigningLevel",
+        "NtSetCachedSigningLevel2",
+        "NtSetContextThread",
+        "NtSetDebugFilterState",
+        "NtSetDefaultHardErrorPort",
+        "NtSetDefaultLocale",
+        "NtSetDefaultUILanguage",
+        "NtSetDriverEntryOrder",
+        "NtSetEaFile",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtSetIRTimer",
+        "NtSetInformationDebugObject",
+        "NtSetInformationEnlistment",
+        "NtSetInformationJobObject",
+        "NtSetInformationKey",
+        "NtSetInformationResourceManager",
+        "NtSetInformationSymbolicLink",
+        "NtSetInformationToken",
+        "NtSetInformationTransaction",
+        "NtSetInformationTransactionManager",
+        "NtSetInformationVirtualMemory",
+        "NtSetInformationWorkerFactory",
+        "NtSetIntervalProfile",
+        "NtSetIoCompletion",
+        "NtSetIoCompletionEx",
+        "BvgaSetVirtualFrameBuffer",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtSetQuotaInformationFile",
+        "NtSetSecurityObject",
+        "NtSetSystemEnvironmentValue",
+        "NtSetSystemEnvironmentValueEx",
+        "NtSetSystemInformation",
+        "NtSetSystemPowerState",
+        "NtSetSystemTime",
+        "NtSetThreadExecutionState",
+        "NtSetTimer2",
+        "NtSetTimerEx",
+        "NtSetTimerResolution",
+        "NtSetUuidSeed",
+        "NtSetVolumeInformationFile",
+        "NtSetWnfProcessNotificationEvent",
+        "NtShutdownSystem",
+        "NtShutdownWorkerFactory",
+        "NtSignalAndWaitForSingleObject",
+        "NtSinglePhaseReject",
+        "NtStartProfile",
+        "NtStopProfile",
+        "NtSubscribeWnfStateChange",
+        "NtSuspendProcess",
+        "NtSuspendThread",
+        "NtSystemDebugControl",
+        "NtTerminateJobObject",
+        "NtTestAlert",
+        "NtThawRegistry",
+        "NtThawTransactions",
+        "NtTraceControl",
+        "NtTranslateFilePath",
+        "NtUmsThreadYield",
+        "NtUnloadDriver",
+        "NtUnloadKey",
+        "NtUnloadKey2",
+        "NtUnloadKeyEx",
+        "NtUnlockFile",
+        "NtUnlockVirtualMemory",
+        "NtUnmapViewOfSectionEx",
+        "NtUnsubscribeWnfStateChange",
+        "NtUpdateWnfStateData",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtWaitForAlertByThreadId",
+        "NtWaitForDebugEvent",
+        "NtWaitForKeyedEvent",
+        "NtWaitForWorkViaWorkerFactory",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAdjustTokenClaimsAndDeviceGroups"
+    ]
+]
diff --git a/volatility/plugins/overlays/windows/win10_x64_16299_syscalls.py b/volatility/plugins/overlays/windows/win10_x64_16299_syscalls.py
new file mode 100644
index 000000000..d7ac30d25
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_16299_syscalls.py
@@ -0,0 +1,1642 @@
+syscalls = [
+    [
+        "NtUserGetOwnerTransformedMonitorRect",
+        "NtUserYieldTask",
+        "NtUserSetSensorPresence",
+        "NtUserGetThreadState",
+        "NtUserPeekMessage",
+        "NtUserCallOneParam",
+        "NtUserGetKeyState",
+        "NtUserInvalidateRect",
+        "NtUserCallNoParam",
+        "NtUserGetMessage",
+        "NtUserMessageCall",
+        "NtGdiBitBlt",
+        "NtGdiGetCharSet",
+        "NtUserGetDC",
+        "NtGdiSelectBitmap",
+        "NtUserWaitMessage",
+        "NtUserTranslateMessage",
+        "NtUserGetProp",
+        "NtUserPostMessage",
+        "NtUserQueryWindow",
+        "NtUserTranslateAccelerator",
+        "NtGdiFlush",
+        "NtUserRedrawWindow",
+        "NtUserWindowFromPoint",
+        "NtUserCallMsgFilter",
+        "NtUserValidateTimerCallback",
+        "NtUserBeginPaint",
+        "NtUserSetTimer",
+        "NtUserEndPaint",
+        "NtUserSetCursor",
+        "NtUserKillTimer",
+        "NtUserBuildHwndList",
+        "NtUserSelectPalette",
+        "NtUserCallNextHookEx",
+        "NtUserHideCaret",
+        "NtGdiIntersectClipRect",
+        "NtUserCallHwndLock",
+        "NtUserGetProcessWindowStation",
+        "NtGdiDeleteObjectApp",
+        "NtUserSetWindowPos",
+        "NtUserShowCaret",
+        "NtUserEndDeferWindowPosEx",
+        "NtUserCallHwndParamLock",
+        "NtUserVkKeyScanEx",
+        "NtGdiSetDIBitsToDeviceInternal",
+        "NtUserCallTwoParam",
+        "NtGdiGetRandomRgn",
+        "NtUserCopyAcceleratorTable",
+        "NtUserNotifyWinEvent",
+        "NtGdiExtSelectClipRgn",
+        "NtUserIsClipboardFormatAvailable",
+        "NtUserSetScrollInfo",
+        "NtGdiStretchBlt",
+        "NtUserCreateCaret",
+        "NtGdiRectVisible",
+        "NtGdiCombineRgn",
+        "NtGdiGetDCObject",
+        "NtUserDispatchMessage",
+        "NtUserRegisterWindowMessage",
+        "NtGdiExtTextOutW",
+        "NtGdiSelectFont",
+        "NtGdiRestoreDC",
+        "NtGdiSaveDC",
+        "NtUserGetForegroundWindow",
+        "NtUserShowScrollBar",
+        "NtUserFindExistingCursorIcon",
+        "NtGdiGetDCDword",
+        "NtGdiGetRegionData",
+        "NtGdiLineTo",
+        "NtUserSystemParametersInfo",
+        "NtGdiGetAppClipBox",
+        "NtUserGetAsyncKeyState",
+        "NtUserGetCPD",
+        "NtUserRemoveProp",
+        "NtGdiDoPalette",
+        "NtGdiPolyPolyDraw",
+        "NtUserSetCapture",
+        "NtUserEnumDisplayMonitors",
+        "NtGdiCreateCompatibleBitmap",
+        "NtUserSetProp",
+        "NtGdiGetTextCharsetInfo",
+        "NtUserSBGetParms",
+        "NtUserGetIconInfo",
+        "NtUserExcludeUpdateRgn",
+        "NtUserSetFocus",
+        "NtGdiExtGetObjectW",
+        "NtUserGetUpdateRect",
+        "NtGdiCreateCompatibleDC",
+        "NtUserGetClipboardSequenceNumber",
+        "NtGdiCreatePen",
+        "NtUserShowWindow",
+        "NtUserGetKeyboardLayoutList",
+        "NtGdiPatBlt",
+        "NtUserMapVirtualKeyEx",
+        "NtUserSetWindowLong",
+        "NtGdiHfontCreate",
+        "NtUserMoveWindow",
+        "NtUserPostThreadMessage",
+        "NtUserDrawIconEx",
+        "NtUserGetSystemMenu",
+        "NtGdiDrawStream",
+        "NtUserInternalGetWindowText",
+        "NtUserGetWindowDC",
+        "NtGdiInvertRgn",
+        "NtGdiGetRgnBox",
+        "NtGdiGetAndSetDCDword",
+        "NtGdiMaskBlt",
+        "NtGdiGetWidthTable",
+        "NtUserScrollDC",
+        "NtUserGetObjectInformation",
+        "NtGdiCreateBitmap",
+        "NtUserFindWindowEx",
+        "NtGdiPolyPatBlt",
+        "NtUserUnhookWindowsHookEx",
+        "NtGdiGetNearestColor",
+        "NtGdiTransformPoints",
+        "NtGdiGetDCPoint",
+        "NtGdiCreateDIBBrush",
+        "NtGdiGetTextMetricsW",
+        "NtUserCreateWindowEx",
+        "NtUserSetParent",
+        "NtUserGetKeyboardState",
+        "NtUserToUnicodeEx",
+        "NtUserGetControlBrush",
+        "NtUserGetClassName",
+        "NtGdiAlphaBlend",
+        "NtGdiOffsetRgn",
+        "NtUserDefSetText",
+        "NtGdiGetTextFaceW",
+        "NtGdiStretchDIBitsInternal",
+        "NtUserSendInput",
+        "NtUserGetThreadDesktop",
+        "NtGdiCreateRectRgn",
+        "NtGdiGetDIBitsInternal",
+        "NtUserGetUpdateRgn",
+        "NtGdiDeleteClientObj",
+        "NtUserGetIconSize",
+        "NtUserFillWindow",
+        "NtGdiExtCreateRegion",
+        "NtGdiComputeXformCoefficients",
+        "NtUserSetWindowsHookEx",
+        "NtUserNotifyProcessCreate",
+        "NtGdiUnrealizeObject",
+        "NtUserGetTitleBarInfo",
+        "NtGdiRectangle",
+        "NtUserSetThreadDesktop",
+        "NtUserGetDCEx",
+        "NtUserGetScrollBarInfo",
+        "NtGdiGetTextExtent",
+        "NtUserSetWindowFNID",
+        "NtGdiSetLayout",
+        "NtUserCalcMenuBar",
+        "NtUserThunkedMenuItemInfo",
+        "NtGdiExcludeClipRect",
+        "NtGdiCreateDIBSection",
+        "NtGdiGetDCforBitmap",
+        "NtUserDestroyCursor",
+        "NtUserDestroyWindow",
+        "NtUserCallHwndParam",
+        "NtGdiCreateDIBitmapInternal",
+        "NtUserOpenWindowStation",
+        "NtUserSetCursorIconData",
+        "NtUserCloseDesktop",
+        "NtUserOpenDesktop",
+        "NtUserSetProcessWindowStation",
+        "NtUserGetAtomName",
+        "NtGdiExtCreatePen",
+        "NtGdiCreatePaletteInternal",
+        "NtGdiSetBrushOrg",
+        "NtUserBuildNameList",
+        "NtGdiSetPixel",
+        "NtUserRegisterClassExWOW",
+        "NtGdiCreatePatternBrushInternal",
+        "NtUserGetAncestor",
+        "NtGdiGetOutlineTextMetricsInternalW",
+        "NtGdiSetBitmapBits",
+        "NtUserCloseWindowStation",
+        "NtUserGetDoubleClickTime",
+        "NtUserEnableScrollBar",
+        "NtGdiCreateSolidBrush",
+        "NtUserGetClassInfoEx",
+        "NtGdiCreateClientObj",
+        "NtUserUnregisterClass",
+        "NtUserDeleteMenu",
+        "NtGdiRectInRegion",
+        "NtUserScrollWindowEx",
+        "NtGdiGetPixel",
+        "NtUserSetClassLong",
+        "NtUserGetMenuBarInfo",
+        "NtGdiGetNearestPaletteIndex",
+        "NtGdiGetCharWidthW",
+        "NtUserInvalidateRgn",
+        "NtUserGetClipboardOwner",
+        "NtUserSetWindowRgn",
+        "NtUserBitBltSysBmp",
+        "NtGdiGetCharWidthInfo",
+        "NtUserValidateRect",
+        "NtUserCloseClipboard",
+        "NtUserOpenClipboard",
+        "NtUserSetClipboardData",
+        "NtUserEnableMenuItem",
+        "NtUserAlterWindowStyle",
+        "NtGdiFillRgn",
+        "NtUserGetWindowPlacement",
+        "NtGdiModifyWorldTransform",
+        "NtGdiGetFontData",
+        "NtUserGetOpenClipboardWindow",
+        "NtUserSetThreadState",
+        "NtGdiOpenDCW",
+        "NtUserTrackMouseEvent",
+        "NtGdiGetTransform",
+        "NtUserDestroyMenu",
+        "NtGdiGetBitmapBits",
+        "NtUserConsoleControl",
+        "NtUserSetActiveWindow",
+        "NtUserSetInformationThread",
+        "NtUserSetWindowPlacement",
+        "NtUserGetControlColor",
+        "NtGdiSetMetaRgn",
+        "NtGdiSetMiterLimit",
+        "NtGdiSetVirtualResolution",
+        "NtGdiGetRasterizerCaps",
+        "NtUserSetWindowWord",
+        "NtUserGetClipboardFormatName",
+        "NtUserRealInternalGetMessage",
+        "NtUserCreateLocalMemHandle",
+        "NtUserAttachThreadInput",
+        "NtGdiCreateHalftonePalette",
+        "NtUserPaintMenuBar",
+        "NtUserSetKeyboardState",
+        "NtGdiCombineTransform",
+        "NtUserCreateAcceleratorTable",
+        "NtUserGetCursorFrameInfo",
+        "NtUserGetAltTabInfo",
+        "NtUserGetCaretBlinkTime",
+        "NtGdiQueryFontAssocInfo",
+        "NtUserProcessConnect",
+        "NtUserEnumDisplayDevices",
+        "NtUserEmptyClipboard",
+        "NtUserGetClipboardData",
+        "NtUserRemoveMenu",
+        "NtGdiSetBoundsRect",
+        "NtGdiGetBitmapDimension",
+        "NtUserConvertMemHandle",
+        "NtUserDestroyAcceleratorTable",
+        "NtUserGetGUIThreadInfo",
+        "NtGdiCloseFigure",
+        "NtUserSetWindowsHookAW",
+        "NtUserSetMenuDefaultItem",
+        "NtUserCheckMenuItem",
+        "NtUserSetWinEventHook",
+        "NtUserUnhookWinEvent",
+        "NtUserLockWindowUpdate",
+        "NtUserSetSystemMenu",
+        "NtUserThunkedMenuInfo",
+        "NtGdiBeginPath",
+        "NtGdiEndPath",
+        "NtGdiFillPath",
+        "NtUserCallHwnd",
+        "NtUserDdeInitialize",
+        "NtUserModifyUserStartupInfoFlags",
+        "NtUserCountClipboardFormats",
+        "NtGdiAddFontMemResourceEx",
+        "NtGdiEqualRgn",
+        "NtGdiGetSystemPaletteUse",
+        "NtGdiRemoveFontMemResourceEx",
+        "NtUserEnumDisplaySettings",
+        "NtUserPaintDesktop",
+        "NtGdiExtEscape",
+        "NtGdiSetBitmapDimension",
+        "NtGdiSetFontEnumeration",
+        "NtUserChangeClipboardChain",
+        "NtUserSetClipboardViewer",
+        "NtUserShowWindowAsync",
+        "NtGdiCreateColorSpace",
+        "NtGdiDeleteColorSpace",
+        "NtUserActivateKeyboardLayout",
+        "NtBindCompositionSurface",
+        "NtCompositionInputThread",
+        "NtCompositionSetDropTarget",
+        "NtCreateCompositionInputSink",
+        "NtCreateCompositionSurfaceHandle",
+        "NtCreateImplicitCompositionInputSink",
+        "NtDCompositionAddCrossDeviceVisualChild",
+        "NtDCompositionBeginFrame",
+        "NtDCompositionCommitChannel",
+        "NtDCompositionCommitSynchronizationObject",
+        "NtDCompositionConfirmFrame",
+        "NtDCompositionConnectPipe",
+        "NtDCompositionCreateAndBindSharedSection",
+        "NtDCompositionCreateChannel",
+        "NtDCompositionCreateConnection",
+        "NtDCompositionCreateDwmChannel",
+        "NtDCompositionCreateSharedVisualHandle",
+        "NtDCompositionCurrentBatchId",
+        "NtDCompositionDestroyChannel",
+        "NtDCompositionDestroyConnection",
+        "NtDCompositionDiscardFrame",
+        "NtDCompositionDuplicateHandleToProcess",
+        "NtDCompositionDuplicateSwapchainHandleToDwm",
+        "NtDCompositionEnableDDASupport",
+        "NtDCompositionEnableMMCSS",
+        "NtDCompositionGetChannels",
+        "NtDCompositionGetConnectionBatch",
+        "NtDCompositionGetDeletedResources",
+        "NtDCompositionGetFrameLegacyTokens",
+        "NtDCompositionGetFrameStatistics",
+        "NtDCompositionGetFrameSurfaceUpdates",
+        "NtDCompositionProcessChannelBatchBuffer",
+        "NtDCompositionReferenceSharedResourceOnDwmChannel",
+        "NtDCompositionRegisterThumbnailVisual",
+        "NtDCompositionRegisterVirtualDesktopVisual",
+        "NtDCompositionReleaseAllResources",
+        "NtDCompositionRemoveCrossDeviceVisualChild",
+        "NtDCompositionRetireFrame",
+        "NtDCompositionSetChannelCallbackId",
+        "NtDCompositionSetChannelCommitCompletionEvent",
+        "NtDCompositionSetChildRootVisual",
+        "NtDCompositionSetDebugCounter",
+        "NtDCompositionSubmitDWMBatch",
+        "NtDCompositionSynchronize",
+        "NtDCompositionTelemetryAnimationScenarioBegin",
+        "NtDCompositionTelemetryAnimationScenarioReference",
+        "NtDCompositionTelemetryAnimationScenarioUnreference",
+        "NtDCompositionTelemetrySetApplicationId",
+        "NtDCompositionTelemetryTouchInteractionBegin",
+        "NtDCompositionTelemetryTouchInteractionEnd",
+        "NtDCompositionTelemetryTouchInteractionUpdate",
+        "NtDCompositionUpdatePointerCapture",
+        "NtDCompositionWaitForChannel",
+        "NtDWMBindCursorToOutputConfig",
+        "NtDWMCommitInputSystemOutputConfig",
+        "NtDWMSetCursorOrientation",
+        "NtDWMSetInputSystemOutputConfig",
+        "NtDesktopCaptureBits",
+        "NtDuplicateCompositionInputSink",
+        "NtFlipObjectAddPoolBuffer",
+        "NtFlipObjectCreate",
+        "NtFlipObjectOpen",
+        "NtFlipObjectRemovePoolBuffer",
+        "NtGdiAbortDoc",
+        "NtGdiAbortPath",
+        "NtGdiAddEmbFontToDC",
+        "NtGdiAddFontResourceW",
+        "NtGdiAddInitialFonts",
+        "NtGdiAddRemoteFontToDC",
+        "NtGdiAddRemoteMMInstanceToDC",
+        "NtGdiAngleArc",
+        "NtGdiAnyLinkedFonts",
+        "NtGdiArcInternal",
+        "NtGdiBRUSHOBJ_DeleteRbrush",
+        "NtGdiBRUSHOBJ_hGetColorTransform",
+        "NtGdiBRUSHOBJ_pvAllocRbrush",
+        "NtGdiBRUSHOBJ_pvGetRbrush",
+        "NtGdiBRUSHOBJ_ulGetBrushColor",
+        "NtGdiBeginGdiRendering",
+        "NtGdiCLIPOBJ_bEnum",
+        "NtGdiCLIPOBJ_cEnumStart",
+        "NtGdiCLIPOBJ_ppoGetPath",
+        "NtGdiCancelDC",
+        "NtGdiChangeGhostFont",
+        "NtGdiCheckBitmapBits",
+        "NtGdiClearBitmapAttributes",
+        "NtGdiClearBrushAttributes",
+        "NtGdiColorCorrectPalette",
+        "NtGdiConfigureOPMProtectedOutput",
+        "NtGdiConvertMetafileRect",
+        "NtGdiCreateBitmapFromDxSurface",
+        "NtGdiCreateBitmapFromDxSurface2",
+        "NtGdiCreateColorTransform",
+        "NtGdiCreateEllipticRgn",
+        "NtGdiCreateHatchBrushInternal",
+        "NtGdiCreateMetafileDC",
+        "NtGdiCreateOPMProtectedOutput",
+        "NtGdiCreateOPMProtectedOutputs",
+        "NtGdiCreateRoundRectRgn",
+        "NtGdiCreateServerMetaFile",
+        "NtGdiCreateSessionMappedDIBSection",
+        "NtGdiDDCCIGetCapabilitiesString",
+        "NtGdiDDCCIGetCapabilitiesStringLength",
+        "NtGdiDDCCIGetTimingReport",
+        "NtGdiDDCCIGetVCPFeature",
+        "NtGdiDDCCISaveCurrentSettings",
+        "NtGdiDDCCISetVCPFeature",
+        "NtGdiDdCreateFullscreenSprite",
+        "NtGdiDdDDIAbandonSwapChain",
+        "NtGdiDdDDIAcquireKeyedMutex",
+        "NtGdiDdDDIAcquireKeyedMutex2",
+        "NtGdiDdDDIAcquireSwapChain",
+        "NtGdiDdDDIAddSurfaceToSwapChain",
+        "NtGdiDdDDIAdjustFullscreenGamma",
+        "NtGdiDdDDICacheHybridQueryValue",
+        "NtGdiDdDDIChangeVideoMemoryReservation",
+        "NtGdiDdDDICheckExclusiveOwnership",
+        "NtGdiDdDDICheckMonitorPowerState",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport2",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport3",
+        "NtGdiDdDDICheckOcclusion",
+        "NtGdiDdDDICheckSharedResourceAccess",
+        "NtGdiDdDDICheckVidPnExclusiveOwnership",
+        "NtGdiDdDDICloseAdapter",
+        "NtGdiDdDDIConfigureSharedResource",
+        "NtGdiDdDDICreateAllocation",
+        "NtGdiDdDDICreateBundleObject",
+        "NtGdiDdDDICreateContext",
+        "NtGdiDdDDICreateContextVirtual",
+        "NtGdiDdDDICreateDCFromMemory",
+        "NtGdiDdDDICreateDevice",
+        "NtGdiDdDDICreateHwContext",
+        "NtGdiDdDDICreateHwQueue",
+        "NtGdiDdDDICreateKeyedMutex",
+        "NtGdiDdDDICreateKeyedMutex2",
+        "NtGdiDdDDICreateOutputDupl",
+        "NtGdiDdDDICreateOverlay",
+        "NtGdiDdDDICreatePagingQueue",
+        "NtGdiDdDDICreateProtectedSession",
+        "NtGdiDdDDICreateSwapChain",
+        "NtGdiDdDDICreateSynchronizationObject",
+        "NtGdiDdDDIDDisplayEnum",
+        "NtGdiDdDDIDestroyAllocation",
+        "NtGdiDdDDIDestroyAllocation2",
+        "NtGdiDdDDIDestroyContext",
+        "NtGdiDdDDIDestroyDCFromMemory",
+        "NtGdiDdDDIDestroyDevice",
+        "NtGdiDdDDIDestroyHwContext",
+        "NtGdiDdDDIDestroyHwQueue",
+        "NtGdiDdDDIDestroyKeyedMutex",
+        "NtGdiDdDDIDestroyOutputDupl",
+        "NtGdiDdDDIDestroyOverlay",
+        "NtGdiDdDDIDestroyPagingQueue",
+        "NtGdiDdDDIDestroyProtectedSession",
+        "NtGdiDdDDIDestroySynchronizationObject",
+        "NtGdiDdDDIDispMgrCreate",
+        "NtGdiDdDDIDispMgrSourceOperation",
+        "NtGdiDdDDIDispMgrTargetOperation",
+        "NtGdiDdDDIEnumAdapters",
+        "NtGdiDdDDIEnumAdapters2",
+        "NtGdiDdDDIEscape",
+        "NtGdiDdDDIEvict",
+        "NtGdiDdDDIExtractBundleObject",
+        "NtGdiDdDDIFlipOverlay",
+        "NtGdiDdDDIFlushHeapTransitions",
+        "NtGdiDdDDIFreeGpuVirtualAddress",
+        "NtGdiDdDDIGetAllocationPriority",
+        "NtGdiDdDDIGetCachedHybridQueryValue",
+        "NtGdiDdDDIGetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetContextSchedulingPriority",
+        "NtGdiDdDDIGetDWMVerticalBlankEvent",
+        "NtGdiDdDDIGetDeviceState",
+        "NtGdiDdDDIGetDisplayModeList",
+        "NtGdiDdDDIGetMemoryBudgetTarget",
+        "NtGdiDdDDIGetMultiPlaneOverlayCaps",
+        "NtGdiDdDDIGetMultisampleMethodList",
+        "NtGdiDdDDIGetOverlayState",
+        "NtGdiDdDDIGetPostCompositionCaps",
+        "NtGdiDdDDIGetPresentHistory",
+        "NtGdiDdDDIGetPresentQueueEvent",
+        "NtGdiDdDDIGetProcessDeviceLostSupport",
+        "NtGdiDdDDIGetProcessSchedulingPriorityBand",
+        "NtGdiDdDDIGetProcessSchedulingPriorityClass",
+        "NtGdiDdDDIGetResourcePresentPrivateDriverData",
+        "NtGdiDdDDIGetRuntimeData",
+        "NtGdiDdDDIGetScanLine",
+        "NtGdiDdDDIGetSetSwapChainMetadata",
+        "NtGdiDdDDIGetSharedPrimaryHandle",
+        "NtGdiDdDDIGetSharedResourceAdapterLuid",
+        "NtGdiDdDDIGetYieldPercentage",
+        "NtGdiDdDDIInvalidateActiveVidPn",
+        "NtGdiDdDDIInvalidateCache",
+        "NtGdiDdDDILock",
+        "NtGdiDdDDILock2",
+        "NtGdiDdDDIMakeResident",
+        "NtGdiDdDDIMapGpuVirtualAddress",
+        "NtGdiDdDDIMarkDeviceAsError",
+        "NtGdiDdDDINetDispGetNextChunkInfo",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceStatus",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceSupport",
+        "NtGdiDdDDINetDispStartMiracastDisplayDevice",
+        "NtGdiDdDDINetDispStopMiracastDisplayDevice",
+        "NtGdiDdDDINetDispStopSessions",
+        "NtGdiDdDDIOfferAllocations",
+        "NtGdiDdDDIOpenAdapterFromDeviceName",
+        "NtGdiDdDDIOpenAdapterFromHdc",
+        "NtGdiDdDDIOpenAdapterFromLuid",
+        "NtGdiDdDDIOpenKeyedMutex",
+        "NtGdiDdDDIOpenKeyedMutex2",
+        "NtGdiDdDDIOpenNtHandleFromName",
+        "NtGdiDdDDIOpenProtectedSessionFromNtHandle",
+        "NtGdiDdDDIOpenResource",
+        "NtGdiDdDDIOpenResourceFromNtHandle",
+        "NtGdiDdDDIOpenSwapChain",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle2",
+        "NtGdiDdDDIOpenSyncObjectNtHandleFromName",
+        "NtGdiDdDDIOpenSynchronizationObject",
+        "NtGdiDdDDIOutputDuplGetFrameInfo",
+        "NtGdiDdDDIOutputDuplGetMetaData",
+        "NtGdiDdDDIOutputDuplGetPointerShapeData",
+        "NtGdiDdDDIOutputDuplPresent",
+        "NtGdiDdDDIOutputDuplReleaseFrame",
+        "NtGdiDdDDIPinDirectFlipResources",
+        "NtGdiDdDDIPollDisplayChildren",
+        "NtGdiDdDDIPresent",
+        "NtGdiDdDDIPresentMultiPlaneOverlay",
+        "NtGdiDdDDIPresentMultiPlaneOverlay2",
+        "NtGdiDdDDIPresentMultiPlaneOverlay3",
+        "NtGdiDdDDIPresentRedirected",
+        "NtGdiDdDDIQueryAdapterInfo",
+        "NtGdiDdDDIQueryAllocationResidency",
+        "NtGdiDdDDIQueryClockCalibration",
+        "NtGdiDdDDIQueryFSEBlock",
+        "NtGdiDdDDIQueryProcessOfferInfo",
+        "NtGdiDdDDIQueryProtectedSessionInfoFromNtHandle",
+        "NtGdiDdDDIQueryProtectedSessionStatus",
+        "NtGdiDdDDIQueryRemoteVidPnSourceFromGdiDisplayName",
+        "NtGdiDdDDIQueryResourceInfo",
+        "NtGdiDdDDIQueryResourceInfoFromNtHandle",
+        "NtGdiDdDDIQueryStatistics",
+        "NtGdiDdDDIQueryVidPnExclusiveOwnership",
+        "NtGdiDdDDIQueryVideoMemoryInfo",
+        "NtGdiDdDDIReclaimAllocations",
+        "NtGdiDdDDIReclaimAllocations2",
+        "NtGdiDdDDIReleaseKeyedMutex",
+        "NtGdiDdDDIReleaseKeyedMutex2",
+        "NtGdiDdDDIReleaseProcessVidPnSourceOwners",
+        "NtGdiDdDDIReleaseSwapChain",
+        "NtGdiDdDDIRemoveSurfaceFromSwapChain",
+        "NtGdiDdDDIRender",
+        "NtGdiDdDDIReserveGpuVirtualAddress",
+        "NtGdiDdDDISetAllocationPriority",
+        "NtGdiDdDDISetContextInProcessSchedulingPriority",
+        "NtGdiDdDDISetContextSchedulingPriority",
+        "NtGdiDdDDISetDeviceLostSupport",
+        "NtGdiDdDDISetDisplayMode",
+        "NtGdiDdDDISetDisplayPrivateDriverFormat",
+        "NtGdiDdDDISetDodIndirectSwapchain",
+        "NtGdiDdDDISetFSEBlock",
+        "NtGdiDdDDISetGammaRamp",
+        "NtGdiDdDDISetHwProtectionTeardownRecovery",
+        "NtGdiDdDDISetMemoryBudgetTarget",
+        "NtGdiDdDDISetMonitorColorSpaceTransform",
+        "NtGdiDdDDISetProcessSchedulingPriorityBand",
+        "NtGdiDdDDISetProcessSchedulingPriorityClass",
+        "NtGdiDdDDISetQueuedLimit",
+        "NtGdiDdDDISetStablePowerState",
+        "NtGdiDdDDISetStereoEnabled",
+        "NtGdiDdDDISetSyncRefreshCountWaitTarget",
+        "NtGdiDdDDISetVidPnSourceHwProtection",
+        "NtGdiDdDDISetVidPnSourceOwner",
+        "NtGdiDdDDISetYieldPercentage",
+        "NtGdiDdDDIShareObjects",
+        "NtGdiDdDDISharedPrimaryLockNotification",
+        "NtGdiDdDDISharedPrimaryUnLockNotification",
+        "NtGdiDdDDISignalSynchronizationObject",
+        "NtGdiDdDDISignalSynchronizationObjectFromCpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu2",
+        "NtGdiDdDDISubmitCommand",
+        "NtGdiDdDDISubmitCommandToHwQueue",
+        "NtGdiDdDDISubmitSignalSyncObjectsToHwQueue",
+        "NtGdiDdDDISubmitWaitForSyncObjectsToHwQueue",
+        "NtGdiDdDDITrimProcessCommitment",
+        "NtGdiDdDDIUnOrderedPresentSwapChain",
+        "NtGdiDdDDIUnlock",
+        "NtGdiDdDDIUnlock2",
+        "NtGdiDdDDIUnpinDirectFlipResources",
+        "NtGdiDdDDIUpdateAllocationProperty",
+        "NtGdiDdDDIUpdateGpuVirtualAddress",
+        "NtGdiDdDDIUpdateOverlay",
+        "NtGdiDdDDIWaitForIdle",
+        "NtGdiDdDDIWaitForSynchronizationObject",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromCpu",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromGpu",
+        "NtGdiDdDDIWaitForVerticalBlankEvent",
+        "NtGdiDdDDIWaitForVerticalBlankEvent2",
+        "NtGdiDdDestroyFullscreenSprite",
+        "NtGdiDdNotifyFullscreenSpriteUpdate",
+        "NtGdiDdQueryVisRgnUniqueness",
+        "NtGdiDeleteColorTransform",
+        "NtGdiDescribePixelFormat",
+        "NtGdiDestroyOPMProtectedOutput",
+        "NtGdiDestroyPhysicalMonitor",
+        "NtGdiDoBanding",
+        "NtGdiDrawEscape",
+        "NtGdiDwmCreatedBitmapRemotingOutput",
+        "NtGdiEllipse",
+        "NtGdiEnableEudc",
+        "NtGdiEndDoc",
+        "NtGdiEndGdiRendering",
+        "NtGdiEndPage",
+        "NtGdiEngAlphaBlend",
+        "NtGdiEngAssociateSurface",
+        "NtGdiEngBitBlt",
+        "NtGdiEngCheckAbort",
+        "NtGdiEngComputeGlyphSet",
+        "NtGdiEngCopyBits",
+        "NtGdiEngCreateBitmap",
+        "NtGdiEngCreateClip",
+        "NtGdiEngCreateDeviceBitmap",
+        "NtGdiEngCreateDeviceSurface",
+        "NtGdiEngCreatePalette",
+        "NtGdiEngDeleteClip",
+        "NtGdiEngDeletePalette",
+        "NtGdiEngDeletePath",
+        "NtGdiEngDeleteSurface",
+        "NtGdiEngEraseSurface",
+        "NtGdiEngFillPath",
+        "NtGdiEngGradientFill",
+        "NtGdiEngLineTo",
+        "NtGdiEngLockSurface",
+        "NtGdiEngMarkBandingSurface",
+        "NtGdiEngPaint",
+        "NtGdiEngPlgBlt",
+        "NtGdiEngStretchBlt",
+        "NtGdiEngStretchBltROP",
+        "NtGdiEngStrokeAndFillPath",
+        "NtGdiEngStrokePath",
+        "NtGdiEngTextOut",
+        "NtGdiEngTransparentBlt",
+        "NtGdiEngUnlockSurface",
+        "NtGdiEnsureDpiDepDefaultGuiFontForPlateau",
+        "NtGdiEnumFonts",
+        "NtGdiEnumObjects",
+        "NtGdiEudcLoadUnloadLink",
+        "NtGdiExtFloodFill",
+        "NtGdiFONTOBJ_cGetAllGlyphHandles",
+        "NtGdiFONTOBJ_cGetGlyphs",
+        "NtGdiFONTOBJ_pQueryGlyphAttrs",
+        "NtGdiFONTOBJ_pfdg",
+        "NtGdiFONTOBJ_pifi",
+        "NtGdiFONTOBJ_pvTrueTypeFontFile",
+        "NtGdiFONTOBJ_pxoGetXform",
+        "NtGdiFONTOBJ_vGetInfo",
+        "NtGdiFlattenPath",
+        "NtGdiFontIsLinked",
+        "NtGdiForceUFIMapping",
+        "NtGdiFrameRgn",
+        "NtGdiFullscreenControl",
+        "NtGdiGetAppliedDeviceGammaRamp",
+        "NtGdiGetBitmapDpiScaleValue",
+        "NtGdiGetBoundsRect",
+        "NtGdiGetCOPPCompatibleOPMInformation",
+        "NtGdiGetCertificate",
+        "NtGdiGetCertificateByHandle",
+        "NtGdiGetCertificateSize",
+        "NtGdiGetCertificateSizeByHandle",
+        "NtGdiGetCharABCWidthsW",
+        "NtGdiGetCharacterPlacementW",
+        "NtGdiGetColorAdjustment",
+        "NtGdiGetColorSpaceforBitmap",
+        "NtGdiGetCurrentDpiInfo",
+        "NtGdiGetDCDpiScaleValue",
+        "NtGdiGetDeviceCaps",
+        "NtGdiGetDeviceCapsAll",
+        "NtGdiGetDeviceGammaRamp",
+        "NtGdiGetDeviceWidth",
+        "NtGdiGetDhpdev",
+        "NtGdiGetETM",
+        "NtGdiGetEmbUFI",
+        "NtGdiGetEmbedFonts",
+        "NtGdiGetEntry",
+        "NtGdiGetEudcTimeStampEx",
+        "NtGdiGetFontFileData",
+        "NtGdiGetFontFileInfo",
+        "NtGdiGetFontResourceInfoInternalW",
+        "NtGdiGetFontUnicodeRanges",
+        "NtGdiGetGammaRampCapability",
+        "NtGdiGetGlyphIndicesW",
+        "NtGdiGetGlyphIndicesWInternal",
+        "NtGdiGetGlyphOutline",
+        "NtGdiGetKerningPairs",
+        "NtGdiGetLinkedUFIs",
+        "NtGdiGetMiterLimit",
+        "NtGdiGetMonitorID",
+        "NtGdiGetNumberOfPhysicalMonitors",
+        "NtGdiGetOPMInformation",
+        "NtGdiGetOPMRandomNumber",
+        "NtGdiGetObjectBitmapHandle",
+        "NtGdiGetPath",
+        "NtGdiGetPerBandInfo",
+        "NtGdiGetPhysicalMonitorDescription",
+        "NtGdiGetPhysicalMonitors",
+        "NtGdiGetProcessSessionFonts",
+        "NtGdiGetPublicFontTableChangeCookie",
+        "NtGdiGetRealizationInfo",
+        "NtGdiGetServerMetaFileBits",
+        "NtGdiGetSpoolMessage",
+        "NtGdiGetStats",
+        "NtGdiGetStringBitmapW",
+        "NtGdiGetSuggestedOPMProtectedOutputArraySize",
+        "NtGdiGetTextExtentExW",
+        "NtGdiGetUFI",
+        "NtGdiGetUFIPathname",
+        "NtGdiGradientFill",
+        "NtGdiHLSurfGetInformation",
+        "NtGdiHLSurfSetInformation",
+        "NtGdiHT_Get8BPPFormatPalette",
+        "NtGdiHT_Get8BPPMaskPalette",
+        "NtGdiIcmBrushInfo",
+        "NtGdiInit",
+        "NtGdiInitSpool",
+        "NtGdiMakeFontDir",
+        "NtGdiMakeInfoDC",
+        "NtGdiMakeObjectUnXferable",
+        "NtGdiMakeObjectXferable",
+        "NtGdiMirrorWindowOrg",
+        "NtGdiMonoBitmap",
+        "NtGdiMoveTo",
+        "NtGdiOffsetClipRgn",
+        "NtGdiPATHOBJ_bEnum",
+        "NtGdiPATHOBJ_bEnumClipLines",
+        "NtGdiPATHOBJ_vEnumStart",
+        "NtGdiPATHOBJ_vEnumStartClipLines",
+        "NtGdiPATHOBJ_vGetBounds",
+        "NtGdiPathToRegion",
+        "NtGdiPlgBlt",
+        "NtGdiPolyDraw",
+        "NtGdiPolyTextOutW",
+        "NtGdiPtInRegion",
+        "NtGdiPtVisible",
+        "NtGdiQueryFonts",
+        "NtGdiRemoveFontResourceW",
+        "NtGdiRemoveMergeFont",
+        "NtGdiResetDC",
+        "NtGdiResizePalette",
+        "NtGdiRoundRect",
+        "NtGdiSTROBJ_bEnum",
+        "NtGdiSTROBJ_bEnumPositionsOnly",
+        "NtGdiSTROBJ_bGetAdvanceWidths",
+        "NtGdiSTROBJ_dwGetCodePage",
+        "NtGdiSTROBJ_vEnumStart",
+        "NtGdiScaleRgn",
+        "NtGdiScaleValues",
+        "NtGdiScaleViewportExtEx",
+        "NtGdiScaleWindowExtEx",
+        "NtGdiSelectBrush",
+        "NtGdiSelectClipPath",
+        "NtGdiSelectPen",
+        "NtGdiSetBitmapAttributes",
+        "NtGdiSetBrushAttributes",
+        "NtGdiSetColorAdjustment",
+        "NtGdiSetColorSpace",
+        "NtGdiSetDeviceGammaRamp",
+        "NtGdiSetFontXform",
+        "NtGdiSetIcmMode",
+        "NtGdiSetLinkedUFIs",
+        "NtGdiSetMagicColors",
+        "NtGdiSetOPMSigningKeyAndSequenceNumbers",
+        "NtGdiSetPUMPDOBJ",
+        "NtGdiSetPixelFormat",
+        "NtGdiSetPrivateDeviceGammaRamp",
+        "NtGdiSetRectRgn",
+        "NtGdiSetSizeDevice",
+        "NtGdiSetSystemPaletteUse",
+        "NtGdiSetTextJustification",
+        "NtGdiSetUMPDSandboxState",
+        "NtGdiStartDoc",
+        "NtGdiStartPage",
+        "NtGdiStrokeAndFillPath",
+        "NtGdiStrokePath",
+        "NtGdiSwapBuffers",
+        "NtGdiTransparentBlt",
+        "NtGdiUMPDEngFreeUserMem",
+        "NtGdiUnloadPrinterDriver",
+        "NtGdiUnmapMemFont",
+        "NtGdiUpdateColors",
+        "NtGdiUpdateTransform",
+        "NtGdiWidenPath",
+        "NtGdiXFORMOBJ_bApplyXform",
+        "NtGdiXFORMOBJ_iGetXform",
+        "NtGdiXLATEOBJ_cGetPalette",
+        "NtGdiXLATEOBJ_hGetColorTransform",
+        "NtGdiXLATEOBJ_iXlate",
+        "NtHWCursorUpdatePointer",
+        "NtMITActivateInputProcessing",
+        "NtMITBindInputTypeToMonitors",
+        "NtMITCoreMsgKGetConnectionHandle",
+        "NtMITCoreMsgKOpenConnectionTo",
+        "NtMITCoreMsgKSend",
+        "NtMITDeactivateInputProcessing",
+        "NtMITDisableMouseIntercept",
+        "NtMITEnableMouseIntercept",
+        "NtMITGetCursorUpdateHandle",
+        "NtMITSetInputCallbacks",
+        "NtMITSynthesizeMouseInput",
+        "NtMITSynthesizeMouseWheel",
+        "NtMITSynthesizeTouchInput",
+        "NtMITUpdateInputGlobals",
+        "NtMITWaitForMultipleObjectsEx",
+        "NtNotifyPresentToCompositionSurface",
+        "NtOpenCompositionSurfaceDirtyRegion",
+        "NtOpenCompositionSurfaceSectionInfo",
+        "NtOpenCompositionSurfaceSwapChainHandleInfo",
+        "NtQueryCompositionInputIsImplicit",
+        "NtQueryCompositionInputQueueAndTransform",
+        "NtQueryCompositionInputSink",
+        "NtQueryCompositionInputSinkLuid",
+        "NtQueryCompositionInputSinkViewId",
+        "NtQueryCompositionSurfaceBinding",
+        "NtQueryCompositionSurfaceHDRMetaData",
+        "NtQueryCompositionSurfaceRenderingRealization",
+        "NtQueryCompositionSurfaceStatistics",
+        "NtRIMAddInputObserver",
+        "NtRIMAreSiblingDevices",
+        "NtRIMDeviceIoControl",
+        "NtRIMEnableMonitorMappingForDevice",
+        "NtRIMFreeInputBuffer",
+        "NtRIMGetDevicePreparsedData",
+        "NtRIMGetDevicePreparsedDataLockfree",
+        "NtRIMGetDeviceProperties",
+        "NtRIMGetDevicePropertiesLockfree",
+        "NtRIMGetPhysicalDeviceRect",
+        "NtRIMGetSourceProcessId",
+        "NtRIMObserveNextInput",
+        "NtRIMOnPnpNotification",
+        "NtRIMOnTimerNotification",
+        "NtRIMReadInput",
+        "NtRIMRegisterForInput",
+        "NtRIMRemoveInputObserver",
+        "NtRIMSetTestModeStatus",
+        "NtRIMUnregisterForInput",
+        "NtRIMUpdateInputObserverRegistration",
+        "NtSetCompositionSurfaceAnalogExclusive",
+        "NtSetCompositionSurfaceBufferUsage",
+        "NtSetCompositionSurfaceDirectFlipState",
+        "NtSetCompositionSurfaceHDRMetaData",
+        "NtSetCompositionSurfaceIndependentFlipInfo",
+        "NtSetCompositionSurfaceStatistics",
+        "NtTokenManagerConfirmOutstandingAnalogToken",
+        "NtTokenManagerCreateCompositionTokenHandle",
+        "NtTokenManagerGetAnalogExclusiveSurfaceUpdates",
+        "NtTokenManagerGetAnalogExclusiveTokenEvent",
+        "NtTokenManagerOpenSectionAndEvents",
+        "NtTokenManagerThread",
+        "NtUnBindCompositionSurface",
+        "NtUpdateInputSinkTransforms",
+        "NtUserAcquireIAMKey",
+        "NtUserAcquireInteractiveControlBackgroundAccess",
+        "NtUserAddClipboardFormatListener",
+        "NtUserAssociateInputContext",
+        "NtUserAutoPromoteMouseInPointer",
+        "NtUserAutoRotateScreen",
+        "NtUserBeginLayoutUpdate",
+        "NtUserBlockInput",
+        "NtUserBroadcastThemeChangeEvent",
+        "NtUserBuildHimcList",
+        "NtUserBuildPropList",
+        "NtUserCalculatePopupWindowPosition",
+        "NtUserCallHwndOpt",
+        "NtUserCanBrokerForceForeground",
+        "NtUserChangeDisplaySettings",
+        "NtUserChangeWindowMessageFilterEx",
+        "NtUserCheckAccessForIntegrityLevel",
+        "NtUserCheckProcessForClipboardAccess",
+        "NtUserCheckProcessSession",
+        "NtUserCheckWindowThreadDesktop",
+        "NtUserChildWindowFromPointEx",
+        "NtUserClearForeground",
+        "NtUserClipCursor",
+        "NtUserCompositionInputSinkLuidFromPoint",
+        "NtUserCompositionInputSinkViewInstanceIdFromPoint",
+        "NtUserConfirmResizeCommit",
+        "NtUserCreateDCompositionHwndTarget",
+        "NtUserCreateDesktopEx",
+        "NtUserCreateEmptyCursorObject",
+        "NtUserCreateInputContext",
+        "NtUserCreateWindowStation",
+        "NtUserCtxDisplayIOCtl",
+        "NtUserDeferWindowPosAndBand",
+        "NtUserDelegateCapturePointers",
+        "NtUserDelegateInput",
+        "NtUserDestroyDCompositionHwndTarget",
+        "NtUserDestroyInputContext",
+        "NtUserDisableImmersiveOwner",
+        "NtUserDisableProcessWindowFiltering",
+        "NtUserDisableThreadIme",
+        "NtUserDiscardPointerFrameMessages",
+        "NtUserDisplayConfigGetDeviceInfo",
+        "NtUserDisplayConfigSetDeviceInfo",
+        "NtUserDoSoundConnect",
+        "NtUserDoSoundDisconnect",
+        "NtUserDragDetect",
+        "NtUserDragObject",
+        "NtUserDrawAnimatedRects",
+        "NtUserDrawCaption",
+        "NtUserDrawCaptionTemp",
+        "NtUserDrawMenuBarTemp",
+        "NtUserDwmGetRemoteSessionOcclusionEvent",
+        "NtUserDwmGetRemoteSessionOcclusionState",
+        "NtUserDwmKernelShutdown",
+        "NtUserDwmKernelStartup",
+        "NtUserDwmValidateWindow",
+        "NtUserEnableChildWindowDpiMessage",
+        "NtUserEnableIAMAccess",
+        "NtUserEnableMouseInPointer",
+        "NtUserEnableMouseInputForCursorSuppression",
+        "NtUserEnableNonClientDpiScaling",
+        "NtUserEnableResizeLayoutSynchronization",
+        "NtUserEnableTouchPad",
+        "NtUserEnableWindowGDIScaledDpiMessage",
+        "NtUserEnableWindowResizeOptimization",
+        "NtUserEndMenu",
+        "NtUserEvent",
+        "NtUserFlashWindowEx",
+        "NtUserFrostCrashedWindow",
+        "NtUserFunctionalizeDisplayConfig",
+        "NtUserGetActiveProcessesDpis",
+        "NtUserGetAppImeLevel",
+        "NtUserGetAutoRotationState",
+        "NtUserGetCIMSSM",
+        "NtUserGetCaretPos",
+        "NtUserGetClipCursor",
+        "NtUserGetClipboardAccessToken",
+        "NtUserGetClipboardViewer",
+        "NtUserGetComboBoxInfo",
+        "NtUserGetCurrentInputMessageSource",
+        "NtUserGetCursor",
+        "NtUserGetCursorDims",
+        "NtUserGetCursorInfo",
+        "NtUserGetDManipHookInitFunction",
+        "NtUserGetDesktopID",
+        "NtUserGetDisplayAutoRotationPreferences",
+        "NtUserGetDisplayAutoRotationPreferencesByProcessId",
+        "NtUserGetDisplayConfigBufferSizes",
+        "NtUserGetDpiForCurrentProcess",
+        "NtUserGetDpiForMonitor",
+        "NtUserGetGestureConfig",
+        "NtUserGetGestureExtArgs",
+        "NtUserGetGestureInfo",
+        "NtUserGetGuiResources",
+        "NtUserGetHDevName",
+        "NtUserGetHimetricScaleFactorFromPixelLocation",
+        "NtUserGetImeHotKey",
+        "NtUserGetImeInfoEx",
+        "NtUserGetInputLocaleInfo",
+        "NtUserGetInteractiveControlDeviceInfo",
+        "NtUserGetInteractiveControlInfo",
+        "NtUserGetInteractiveCtrlSupportedWaveforms",
+        "NtUserGetInternalWindowPos",
+        "NtUserGetKeyNameText",
+        "NtUserGetKeyboardLayoutName",
+        "NtUserGetLayeredWindowAttributes",
+        "NtUserGetListBoxInfo",
+        "NtUserGetMenuIndex",
+        "NtUserGetMenuItemRect",
+        "NtUserGetMouseMovePointsEx",
+        "NtUserGetPhysicalDeviceRect",
+        "NtUserGetPointerCursorId",
+        "NtUserGetPointerDevice",
+        "NtUserGetPointerDeviceCursors",
+        "NtUserGetPointerDeviceProperties",
+        "NtUserGetPointerDeviceRects",
+        "NtUserGetPointerDevices",
+        "NtUserGetPointerFrameArrivalTimes",
+        "NtUserGetPointerInfoList",
+        "NtUserGetPointerInputTransform",
+        "NtUserGetPointerType",
+        "NtUserGetPrecisionTouchPadConfiguration",
+        "NtUserGetPriorityClipboardFormat",
+        "NtUserGetProcessDpiAwarenessContext",
+        "NtUserGetProcessUIContextInformation",
+        "NtUserGetQueueStatusReadonly",
+        "NtUserGetRawInputBuffer",
+        "NtUserGetRawInputData",
+        "NtUserGetRawInputDeviceInfo",
+        "NtUserGetRawInputDeviceList",
+        "NtUserGetRawPointerDeviceData",
+        "NtUserGetRegisteredRawInputDevices",
+        "NtUserGetResizeDCompositionSynchronizationObject",
+        "NtUserGetTopLevelWindow",
+        "NtUserGetTouchInputInfo",
+        "NtUserGetTouchValidationStatus",
+        "NtUserGetUpdatedClipboardFormats",
+        "NtUserGetWOWClass",
+        "NtUserGetWindowBand",
+        "NtUserGetWindowCompositionAttribute",
+        "NtUserGetWindowCompositionInfo",
+        "NtUserGetWindowDisplayAffinity",
+        "NtUserGetWindowFeedbackSetting",
+        "NtUserGetWindowMinimizeRect",
+        "NtUserGetWindowRgnEx",
+        "NtUserGhostWindowFromHungWindow",
+        "NtUserHandleDelegatedInput",
+        "NtUserHardErrorControl",
+        "NtUserHidePointerContactVisualization",
+        "NtUserHiliteMenuItem",
+        "NtUserHungWindowFromGhostWindow",
+        "NtUserHwndQueryRedirectionInfo",
+        "NtUserHwndSetRedirectionInfo",
+        "NtUserImpersonateDdeClientWindow",
+        "NtUserInheritWindowMonitor",
+        "NtUserInitTask",
+        "NtUserInitialize",
+        "NtUserInitializeClientPfnArrays",
+        "NtUserInitializeGenericHidInjection",
+        "NtUserInitializeInputDeviceInjection",
+        "NtUserInitializePointerDeviceInjection",
+        "NtUserInitializePointerDeviceInjectionEx",
+        "NtUserInitializeTouchInjection",
+        "NtUserInjectDeviceInput",
+        "NtUserInjectGenericHidInput",
+        "NtUserInjectGesture",
+        "NtUserInjectKeyboardInput",
+        "NtUserInjectMouseInput",
+        "NtUserInjectPointerInput",
+        "NtUserInjectTouchInput",
+        "NtUserInteractiveControlQueryUsage",
+        "NtUserInternalGetWindowIcon",
+        "NtUserIsChildWindowDpiMessageEnabled",
+        "NtUserIsMouseInPointerEnabled",
+        "NtUserIsMouseInputEnabled",
+        "NtUserIsNonClientDpiScalingEnabled",
+        "NtUserIsResizeLayoutSynchronizationEnabled",
+        "NtUserIsTopLevelWindow",
+        "NtUserIsTouchWindow",
+        "NtUserIsWindowBroadcastingDpiToChildren",
+        "NtUserIsWindowGDIScaledDpiMessageEnabled",
+        "NtUserLayoutCompleted",
+        "NtUserLinkDpiCursor",
+        "NtUserLoadKeyboardLayoutEx",
+        "NtUserLockCursor",
+        "NtUserLockWindowStation",
+        "NtUserLockWorkStation",
+        "NtUserLogicalToPerMonitorDPIPhysicalPoint",
+        "NtUserLogicalToPhysicalPoint",
+        "NtUserMNDragLeave",
+        "NtUserMNDragOver",
+        "NtUserMagControl",
+        "NtUserMagGetContextInformation",
+        "NtUserMagSetContextInformation",
+        "NtUserMenuItemFromPoint",
+        "NtUserMinMaximize",
+        "NtUserModifyWindowTouchCapability",
+        "NtUserMsgWaitForMultipleObjectsEx",
+        "NtUserNavigateFocus",
+        "NtUserNotifyIMEStatus",
+        "NtUserOpenInputDesktop",
+        "NtUserOpenThreadDesktop",
+        "NtUserPaintMonitor",
+        "NtUserPerMonitorDPIPhysicalToLogicalPoint",
+        "NtUserPhysicalToLogicalPoint",
+        "NtUserPrintWindow",
+        "NtUserProcessInkFeedbackCommand",
+        "NtUserPromoteMouseInPointer",
+        "NtUserPromotePointer",
+        "NtUserQueryBSDRWindow",
+        "NtUserQueryDisplayConfig",
+        "NtUserQueryInformationThread",
+        "NtUserQueryInputContext",
+        "NtUserQuerySendMessage",
+        "NtUserRealChildWindowFromPoint",
+        "NtUserRealWaitMessageEx",
+        "NtUserRegisterBSDRWindow",
+        "NtUserRegisterDManipHook",
+        "NtUserRegisterEdgy",
+        "NtUserRegisterErrorReportingDialog",
+        "NtUserRegisterHotKey",
+        "NtUserRegisterManipulationThread",
+        "NtUserRegisterPointerDeviceNotifications",
+        "NtUserRegisterPointerInputTarget",
+        "NtUserRegisterRawInputDevices",
+        "NtUserRegisterServicesProcess",
+        "NtUserRegisterSessionPort",
+        "NtUserRegisterShellPTPListener",
+        "NtUserRegisterTasklist",
+        "NtUserRegisterTouchHitTestingWindow",
+        "NtUserRegisterTouchPadCapable",
+        "NtUserRegisterUserApiHook",
+        "NtUserReleaseDC",
+        "NtUserReleaseDwmHitTestWaiters",
+        "NtUserRemoteConnect",
+        "NtUserRemoteRedrawRectangle",
+        "NtUserRemoteRedrawScreen",
+        "NtUserRemoteStopScreenUpdates",
+        "NtUserRemoveClipboardFormatListener",
+        "NtUserRemoveInjectionDevice",
+        "NtUserReportInertia",
+        "NtUserResolveDesktopForWOW",
+        "NtUserSendEventMessage",
+        "NtUserSendInteractiveControlHapticsReport",
+        "NtUserSetActivationFilter",
+        "NtUserSetActiveProcessForMonitor",
+        "NtUserSetAppImeLevel",
+        "NtUserSetAutoRotation",
+        "NtUserSetBrokeredForeground",
+        "NtUserSetCalibrationData",
+        "NtUserSetChildWindowNoActivate",
+        "NtUserSetClassWord",
+        "NtUserSetCoreWindow",
+        "NtUserSetCoreWindowPartner",
+        "NtUserSetCursorContents",
+        "NtUserSetCursorPos",
+        "NtUserSetDesktopColorTransform",
+        "NtUserSetDialogControlDpiChangeBehavior",
+        "NtUserSetDisplayAutoRotationPreferences",
+        "NtUserSetDisplayConfig",
+        "NtUserSetDisplayMapping",
+        "NtUserSetFallbackForeground",
+        "NtUserSetFeatureReportResponse",
+        "NtUserSetGestureConfig",
+        "NtUserSetImeHotKey",
+        "NtUserSetImeInfoEx",
+        "NtUserSetImeOwnerWindow",
+        "NtUserSetInteractiveControlFocus",
+        "NtUserSetInteractiveCtrlRotationAngle",
+        "NtUserSetInternalWindowPos",
+        "NtUserSetLayeredWindowAttributes",
+        "NtUserSetManipulationInputTarget",
+        "NtUserSetMenu",
+        "NtUserSetMenuContextHelpId",
+        "NtUserSetMenuFlagRtoL",
+        "NtUserSetMirrorRendering",
+        "NtUserSetObjectInformation",
+        "NtUserSetPrecisionTouchPadConfiguration",
+        "NtUserSetProcessDpiAwarenessContext",
+        "NtUserSetProcessInteractionFlags",
+        "NtUserSetProcessRestrictionExemption",
+        "NtUserSetProcessUIAccessZorder",
+        "NtUserSetShellWindowEx",
+        "NtUserSetSysColors",
+        "NtUserSetSystemCursor",
+        "NtUserSetSystemTimer",
+        "NtUserSetTargetForResourceBrokering",
+        "NtUserSetThreadInputBlocked",
+        "NtUserSetThreadLayoutHandles",
+        "NtUserSetWindowArrangement",
+        "NtUserSetWindowBand",
+        "NtUserSetWindowCompositionAttribute",
+        "NtUserSetWindowCompositionTransition",
+        "NtUserSetWindowDisplayAffinity",
+        "NtUserSetWindowFeedbackSetting",
+        "NtUserSetWindowRgnEx",
+        "NtUserSetWindowShowState",
+        "NtUserSetWindowStationUser",
+        "NtUserShowCursor",
+        "NtUserShowSystemCursor",
+        "NtUserShutdownBlockReasonCreate",
+        "NtUserShutdownBlockReasonQuery",
+        "NtUserShutdownReasonDestroy",
+        "NtUserSignalRedirectionStartComplete",
+        "NtUserSlicerControl",
+        "NtUserSoundSentry",
+        "NtUserStopAndEndInertia",
+        "NtUserSwitchDesktop",
+        "NtUserSystemParametersInfoForDpi",
+        "NtUserTestForInteractiveUser",
+        "NtUserTrackPopupMenuEx",
+        "NtUserTransformPoint",
+        "NtUserTransformRect",
+        "NtUserUndelegateInput",
+        "NtUserUnloadKeyboardLayout",
+        "NtUserUnlockWindowStation",
+        "NtUserUnregisterHotKey",
+        "NtUserUnregisterSessionPort",
+        "NtUserUnregisterUserApiHook",
+        "NtUserUpdateDefaultDesktopThumbnail",
+        "NtUserUpdateInputContext",
+        "NtUserUpdateInstance",
+        "NtUserUpdateLayeredWindow",
+        "NtUserUpdatePerUserSystemParameters",
+        "NtUserUpdateWindowInputSinkHints",
+        "NtUserUpdateWindowTrackingInfo",
+        "NtUserUserHandleGrantAccess",
+        "NtUserValidateHandleSecure",
+        "NtUserWOWCleanup",
+        "NtUserWaitAvailableMessageEx",
+        "NtUserWaitForInputIdle",
+        "NtUserWaitForMsgAndEvent",
+        "NtUserWaitForRedirectionStartComplete",
+        "NtUserWindowFromDC",
+        "NtUserWindowFromPhysicalPoint",
+        "NtValidateCompositionSurfaceHandle",
+        "NtVisualCaptureBits",
+        "NtUserSetClassLongPtr",
+        "NtUserSetWindowLongPtr"
+    ],
+    [
+        "NtAccessCheck",
+        "NtWorkerFactoryWorkerReady",
+        "NtAcceptConnectPort",
+        "NtMapUserPhysicalPagesScatter",
+        "NtWaitForSingleObject",
+        "NtCallbackReturn",
+        "NtReadFile",
+        "NtDeviceIoControlFile",
+        "NtWriteFile",
+        "NtRemoveIoCompletion",
+        "NtReleaseSemaphore",
+        "NtReplyWaitReceivePort",
+        "NtReplyPort",
+        "NtSetInformationThread",
+        "NtSetEvent",
+        "NtClose",
+        "NtQueryObject",
+        "NtQueryInformationFile",
+        "NtOpenKey",
+        "NtEnumerateValueKey",
+        "NtFindAtom",
+        "NtQueryDefaultLocale",
+        "NtQueryKey",
+        "NtQueryValueKey",
+        "NtAllocateVirtualMemory",
+        "NtQueryInformationProcess",
+        "NtWaitForMultipleObjects32",
+        "NtWriteFileGather",
+        "NtSetInformationProcess",
+        "NtCreateKey",
+        "NtFreeVirtualMemory",
+        "NtImpersonateClientOfPort",
+        "NtReleaseMutant",
+        "NtQueryInformationToken",
+        "NtRequestWaitReplyPort",
+        "NtQueryVirtualMemory",
+        "NtOpenThreadToken",
+        "NtQueryInformationThread",
+        "NtOpenProcess",
+        "NtSetInformationFile",
+        "NtMapViewOfSection",
+        "NtAccessCheckAndAuditAlarm",
+        "NtUnmapViewOfSection",
+        "NtReplyWaitReceivePortEx",
+        "NtTerminateProcess",
+        "NtSetEventBoostPriority",
+        "NtReadFileScatter",
+        "NtOpenThreadTokenEx",
+        "NtOpenProcessTokenEx",
+        "NtQueryPerformanceCounter",
+        "NtEnumerateKey",
+        "NtOpenFile",
+        "NtDelayExecution",
+        "NtQueryDirectoryFile",
+        "NtQuerySystemInformation",
+        "NtOpenSection",
+        "NtQueryTimer",
+        "NtFsControlFile",
+        "NtWriteVirtualMemory",
+        "NtCloseObjectAuditAlarm",
+        "NtDuplicateObject",
+        "NtQueryAttributesFile",
+        "NtClearEvent",
+        "NtReadVirtualMemory",
+        "NtOpenEvent",
+        "NtAdjustPrivilegesToken",
+        "NtDuplicateToken",
+        "NtContinue",
+        "NtQueryDefaultUILanguage",
+        "NtQueueApcThread",
+        "NtYieldExecution",
+        "NtAddAtom",
+        "NtCreateEvent",
+        "NtQueryVolumeInformationFile",
+        "NtCreateSection",
+        "NtFlushBuffersFile",
+        "NtApphelpCacheControl",
+        "NtCreateProcessEx",
+        "NtCreateThread",
+        "NtIsProcessInJob",
+        "NtProtectVirtualMemory",
+        "NtQuerySection",
+        "NtResumeThread",
+        "NtTerminateThread",
+        "NtReadRequestData",
+        "NtCreateFile",
+        "NtQueryEvent",
+        "NtWriteRequestData",
+        "NtOpenDirectoryObject",
+        "NtAccessCheckByTypeAndAuditAlarm",
+        "NtQuerySystemTime",
+        "NtWaitForMultipleObjects",
+        "NtSetInformationObject",
+        "NtCancelIoFile",
+        "NtTraceEvent",
+        "NtPowerInformation",
+        "NtSetValueKey",
+        "NtCancelTimer",
+        "NtSetTimer",
+        "NtAccessCheckByType",
+        "NtAccessCheckByTypeResultList",
+        "NtAccessCheckByTypeResultListAndAuditAlarm",
+        "NtAccessCheckByTypeResultListAndAuditAlarmByHandle",
+        "NtAcquireProcessActivityReference",
+        "NtAddAtomEx",
+        "NtAddBootEntry",
+        "NtAddDriverEntry",
+        "NtAdjustGroupsToken",
+        "NT_DISK::GetPnpProperty",
+        "NtAlertResumeThread",
+        "NtAlertThread",
+        "NtAlertThreadByThreadId",
+        "NtAllocateLocallyUniqueId",
+        "NtAllocateReserveObject",
+        "NtAllocateUserPhysicalPages",
+        "NtAllocateUuids",
+        "NtAlpcAcceptConnectPort",
+        "NtAlpcCancelMessage",
+        "NtAlpcConnectPort",
+        "NtAlpcConnectPortEx",
+        "NtAlpcCreatePort",
+        "NtAlpcCreatePortSection",
+        "NtAlpcCreateResourceReserve",
+        "NtAlpcCreateSectionView",
+        "NtAlpcCreateSecurityContext",
+        "NtAlpcDeletePortSection",
+        "NtAlpcDeleteResourceReserve",
+        "NtAlpcDeleteSectionView",
+        "NtAlpcDeleteSecurityContext",
+        "NtAlpcDisconnectPort",
+        "NtAlpcImpersonateClientContainerOfPort",
+        "NtAlpcImpersonateClientOfPort",
+        "NtAlpcOpenSenderProcess",
+        "NtAlpcOpenSenderThread",
+        "NtAlpcQueryInformation",
+        "NtAlpcQueryInformationMessage",
+        "NtAlpcRevokeSecurityContext",
+        "NtAlpcSendWaitReceivePort",
+        "NtAlpcSetInformation",
+        "NtAreMappedFilesTheSame",
+        "NtAssignProcessToJobObject",
+        "NtAssociateWaitCompletionPacket",
+        "NtCallEnclave",
+        "NtCancelIoFileEx",
+        "NtCancelSynchronousIoFile",
+        "NtCancelTimer2",
+        "NtCancelWaitCompletionPacket",
+        "NtCommitComplete",
+        "NtCommitEnlistment",
+        "NtCommitRegistryTransaction",
+        "NtCommitTransaction",
+        "NtCompactKeys",
+        "NtCompareObjects",
+        "NtCompareSigningLevels",
+        "NtCompareTokens",
+        "ArbPreprocessEntry",
+        "NtCompressKey",
+        "NtConnectPort",
+        "NtConvertBetweenAuxiliaryCounterAndPerformanceCounter",
+        "NtCreateDebugObject",
+        "NtCreateDirectoryObject",
+        "NtCreateDirectoryObjectEx",
+        "NtCreateEnclave",
+        "NtCreateEnlistment",
+        "NT_DISK::GetPnpProperty",
+        "NtCreateIRTimer",
+        "NtCreateIoCompletion",
+        "NtCreateJobObject",
+        "ArbAddReserved",
+        "NtCreateKeyTransacted",
+        "NtCreateKeyedEvent",
+        "NtCreateLowBoxToken",
+        "NtCreateMailslotFile",
+        "NtCreateMutant",
+        "NtCreateNamedPipeFile",
+        "NtCreatePagingFile",
+        "NtCreatePartition",
+        "NtCreatePort",
+        "NtCreatePrivateNamespace",
+        "NtCreateProcess",
+        "NtCreateProfile",
+        "NtCreateProfileEx",
+        "NtCreateRegistryTransaction",
+        "NtCreateResourceManager",
+        "NtCreateSemaphore",
+        "NtCreateSymbolicLinkObject",
+        "NtCreateThreadEx",
+        "NtCreateTimer",
+        "NtCreateTimer2",
+        "NtCreateToken",
+        "NtCreateTokenEx",
+        "NtCreateTransaction",
+        "NtCreateTransactionManager",
+        "NtCreateUserProcess",
+        "NtCreateWaitCompletionPacket",
+        "NtCreateWaitablePort",
+        "NtCreateWnfStateName",
+        "NtCreateWorkerFactory",
+        "NtDebugActiveProcess",
+        "NtDebugContinue",
+        "NtDeleteAtom",
+        "NtDeleteBootEntry",
+        "NtDeleteDriverEntry",
+        "NtDeleteFile",
+        "NtDeleteKey",
+        "NtDeleteObjectAuditAlarm",
+        "NtDeletePrivateNamespace",
+        "NtDeleteValueKey",
+        "NtDeleteWnfStateData",
+        "NtDeleteWnfStateName",
+        "NtDisableLastKnownGood",
+        "NtDisplayString",
+        "NtDrawText",
+        "NtEnableLastKnownGood",
+        "NtEnumerateBootEntries",
+        "NtEnumerateDriverEntries",
+        "NtEnumerateSystemEnvironmentValuesEx",
+        "NtEnumerateTransactionObject",
+        "NtExtendSection",
+        "NtFilterBootOption",
+        "NtFilterToken",
+        "NT_DISK::GetPnpProperty",
+        "NtFlushBuffersFileEx",
+        "NtFlushInstallUILanguage",
+        "ArbPreprocessEntry",
+        "NtFlushKey",
+        "NtFlushProcessWriteBuffers",
+        "NtFlushVirtualMemory",
+        "NtFlushWriteBuffer",
+        "NtFreeUserPhysicalPages",
+        "NtFreezeRegistry",
+        "NtFreezeTransactions",
+        "NtGetCachedSigningLevel",
+        "NtGetCompleteWnfStateSubscription",
+        "NtGetContextThread",
+        "NtGetCurrentProcessorNumber",
+        "NtGetCurrentProcessorNumberEx",
+        "NtGetDevicePowerState",
+        "NtGetMUIRegistryInfo",
+        "NtGetNextProcess",
+        "NtGetNextThread",
+        "NtGetNlsSectionPtr",
+        "NtGetNotificationResourceManager",
+        "NtGetWriteWatch",
+        "NtImpersonateAnonymousToken",
+        "NtImpersonateThread",
+        "NtInitializeEnclave",
+        "NtInitializeNlsFiles",
+        "NtInitializeRegistry",
+        "NtInitiatePowerAction",
+        "NtIsSystemResumeAutomatic",
+        "NtIsUILanguageComitted",
+        "NtListenPort",
+        "NtLoadDriver",
+        "NtLoadEnclaveData",
+        "NtLoadHotPatch",
+        "NtLoadKey",
+        "NtLoadKey2",
+        "NtLoadKeyEx",
+        "NtLockFile",
+        "NtLockProductActivationKeys",
+        "NtLockRegistryKey",
+        "NtLockVirtualMemory",
+        "NtMakePermanentObject",
+        "NtMakeTemporaryObject",
+        "NtManagePartition",
+        "NtMapCMFModule",
+        "NtMapUserPhysicalPages",
+        "NtModifyBootEntry",
+        "NtModifyDriverEntry",
+        "NtNotifyChangeDirectoryFile",
+        "NtNotifyChangeDirectoryFileEx",
+        "NtNotifyChangeKey",
+        "NtNotifyChangeMultipleKeys",
+        "NtNotifyChangeSession",
+        "NtOpenEnlistment",
+        "NT_DISK::GetPnpProperty",
+        "NtOpenIoCompletion",
+        "NtOpenJobObject",
+        "NtOpenKeyEx",
+        "NtOpenKeyTransacted",
+        "NtOpenKeyTransactedEx",
+        "NtOpenKeyedEvent",
+        "NtOpenMutant",
+        "NtOpenObjectAuditAlarm",
+        "NtOpenPartition",
+        "NtOpenPrivateNamespace",
+        "NtOpenProcessToken",
+        "NtOpenRegistryTransaction",
+        "NtOpenResourceManager",
+        "NtOpenSemaphore",
+        "NtOpenSession",
+        "NtOpenSymbolicLinkObject",
+        "NtOpenThread",
+        "NtOpenTimer",
+        "NtOpenTransaction",
+        "NtOpenTransactionManager",
+        "NtPlugPlayControl",
+        "NtPrePrepareComplete",
+        "NtPrePrepareEnlistment",
+        "NtPrepareComplete",
+        "NtPrepareEnlistment",
+        "NtPrivilegeCheck",
+        "NtPrivilegeObjectAuditAlarm",
+        "NtPrivilegedServiceAuditAlarm",
+        "NtPropagationComplete",
+        "NtPropagationFailed",
+        "NtPulseEvent",
+        "NtQueryAuxiliaryCounterFrequency",
+        "NtQueryBootEntryOrder",
+        "NtQueryBootOptions",
+        "NtQueryDebugFilterState",
+        "NtQueryDirectoryFileEx",
+        "NtQueryDirectoryObject",
+        "NtQueryDriverEntryOrder",
+        "NtQueryEaFile",
+        "NtQueryFullAttributesFile",
+        "NtQueryInformationAtom",
+        "NtQueryInformationByName",
+        "NtQueryInformationEnlistment",
+        "NtQueryInformationJobObject",
+        "NtQueryInformationPort",
+        "NtQueryInformationResourceManager",
+        "NtQueryInformationTransaction",
+        "NtQueryInformationTransactionManager",
+        "NtQueryInformationWorkerFactory",
+        "NtQueryInstallUILanguage",
+        "NtQueryIntervalProfile",
+        "NtQueryIoCompletion",
+        "NtQueryLicenseValue",
+        "NtQueryMultipleValueKey",
+        "NtQueryMutant",
+        "NtQueryOpenSubKeys",
+        "NtQueryOpenSubKeysEx",
+        "CmpForceInvalidatePreCallback",
+        "NtQueryQuotaInformationFile",
+        "NtQuerySecurityAttributesToken",
+        "NtQuerySecurityObject",
+        "NtQuerySecurityPolicy",
+        "NtQuerySemaphore",
+        "NtQuerySymbolicLinkObject",
+        "NtQuerySystemEnvironmentValue",
+        "NtQuerySystemEnvironmentValueEx",
+        "NtQuerySystemInformationEx",
+        "NtQueryTimerResolution",
+        "NtQueryWnfStateData",
+        "NtQueryWnfStateNameInformation",
+        "NtQueueApcThreadEx",
+        "NtRaiseException",
+        "NtRaiseHardError",
+        "NtReadOnlyEnlistment",
+        "NtRecoverEnlistment",
+        "NtRecoverResourceManager",
+        "NtRecoverTransactionManager",
+        "NtRegisterProtocolAddressInformation",
+        "NtRegisterThreadTerminatePort",
+        "NtReleaseKeyedEvent",
+        "NtReleaseWorkerFactoryWorker",
+        "NtRemoveIoCompletionEx",
+        "NtRemoveProcessDebug",
+        "NtRenameKey",
+        "NtRenameTransactionManager",
+        "NtReplaceKey",
+        "NtReplacePartitionUnit",
+        "NtReplyWaitReplyPort",
+        "NtRequestPort",
+        "NtResetEvent",
+        "NtResetWriteWatch",
+        "NtRestoreKey",
+        "NtResumeProcess",
+        "NtRevertContainerImpersonation",
+        "NtRollbackComplete",
+        "NtRollbackEnlistment",
+        "NtRollbackRegistryTransaction",
+        "NtRollbackTransaction",
+        "NtRollforwardTransactionManager",
+        "NtSaveKey",
+        "NtSaveKeyEx",
+        "NtSaveMergedKeys",
+        "NtSecureConnectPort",
+        "NtSerializeBoot",
+        "NtSetBootEntryOrder",
+        "NtSetBootOptions",
+        "NtSetCachedSigningLevel",
+        "NtSetCachedSigningLevel2",
+        "NtSetContextThread",
+        "NtSetDebugFilterState",
+        "NtSetDefaultHardErrorPort",
+        "NtSetDefaultLocale",
+        "NtSetDefaultUILanguage",
+        "NtSetDriverEntryOrder",
+        "NtSetEaFile",
+        "NT_DISK::GetPnpProperty",
+        "NT_DISK::GetPnpProperty",
+        "NtSetIRTimer",
+        "NtSetInformationDebugObject",
+        "NtSetInformationEnlistment",
+        "NtSetInformationJobObject",
+        "NtSetInformationKey",
+        "NtSetInformationResourceManager",
+        "NtSetInformationSymbolicLink",
+        "NtSetInformationToken",
+        "NtSetInformationTransaction",
+        "NtSetInformationTransactionManager",
+        "NtSetInformationVirtualMemory",
+        "NtSetInformationWorkerFactory",
+        "NtSetIntervalProfile",
+        "NtSetIoCompletion",
+        "NtSetIoCompletionEx",
+        "BvgaSetVirtualFrameBuffer",
+        "NT_DISK::GetPnpProperty",
+        "NT_DISK::GetPnpProperty",
+        "NtSetQuotaInformationFile",
+        "NtSetSecurityObject",
+        "NtSetSystemEnvironmentValue",
+        "NtSetSystemEnvironmentValueEx",
+        "NtSetSystemInformation",
+        "NtSetSystemPowerState",
+        "NtSetSystemTime",
+        "NtSetThreadExecutionState",
+        "NtSetTimer2",
+        "NtSetTimerEx",
+        "NtSetTimerResolution",
+        "NtSetUuidSeed",
+        "NtSetVolumeInformationFile",
+        "NtSetWnfProcessNotificationEvent",
+        "NtShutdownSystem",
+        "NtShutdownWorkerFactory",
+        "NtSignalAndWaitForSingleObject",
+        "NtSinglePhaseReject",
+        "NtStartProfile",
+        "NtStopProfile",
+        "NtSubscribeWnfStateChange",
+        "NtSuspendProcess",
+        "NtSuspendThread",
+        "NtSystemDebugControl",
+        "NtTerminateEnclave",
+        "NtTerminateJobObject",
+        "NtTestAlert",
+        "NtThawRegistry",
+        "NtThawTransactions",
+        "NtTraceControl",
+        "NtTranslateFilePath",
+        "NtUmsThreadYield",
+        "NtUnloadDriver",
+        "NtUnloadKey",
+        "NtUnloadKey2",
+        "NtUnloadKeyEx",
+        "NtUnlockFile",
+        "NtUnlockVirtualMemory",
+        "NtUnmapViewOfSectionEx",
+        "NtUnsubscribeWnfStateChange",
+        "NtUpdateWnfStateData",
+        "NT_DISK::GetPnpProperty",
+        "NtWaitForAlertByThreadId",
+        "NtWaitForDebugEvent",
+        "NtWaitForKeyedEvent",
+        "NtWaitForWorkViaWorkerFactory",
+        "NT_DISK::GetPnpProperty",
+        "NT_DISK::GetPnpProperty"
+    ]
+]
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win10_x86_10586_syscalls.py b/volatility/plugins/overlays/windows/win10_x86_10586_syscalls.py
new file mode 100644
index 000000000..13e0b9e9a
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_10586_syscalls.py
@@ -0,0 +1,1583 @@
+syscalls = [
+    [
+        "NtAccessCheck",
+        "NtWorkerFactoryWorkerReady",
+        "NtAcceptConnectPort",
+        "NtYieldExecution",
+        "NtWriteVirtualMemory",
+        "NtWriteRequestData",
+        "NtWriteFileGather",
+        "NtWriteFile",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtWaitForWorkViaWorkerFactory",
+        "NtWaitForSingleObject",
+        "NtWaitForMultipleObjects32",
+        "NtWaitForMultipleObjects",
+        "NtWaitForKeyedEvent",
+        "NtWaitForDebugEvent",
+        "NtWaitForAlertByThreadId",
+        "NtVdmControl",
+        "NtUnsubscribeWnfStateChange",
+        "NtUpdateWnfStateData",
+        "NtUnmapViewOfSection",
+        "NtUnmapViewOfSectionEx",
+        "NtUnlockVirtualMemory",
+        "NtUnlockFile",
+        "NtUnloadKeyEx",
+        "NtUnloadKey2",
+        "NtUnloadKey",
+        "NtUnloadDriver",
+        "NtUmsThreadYield",
+        "NtTranslateFilePath",
+        "NtTraceEvent",
+        "NtTraceControl",
+        "NtThawTransactions",
+        "NtThawRegistry",
+        "NtTestAlert",
+        "NtTerminateThread",
+        "NtTerminateProcess",
+        "NtTerminateJobObject",
+        "NtSystemDebugControl",
+        "NtSuspendThread",
+        "NtSuspendProcess",
+        "NtSubscribeWnfStateChange",
+        "NtStopProfile",
+        "NtStartProfile",
+        "NtSinglePhaseReject",
+        "NtSignalAndWaitForSingleObject",
+        "NtShutdownWorkerFactory",
+        "NtShutdownSystem",
+        "NtSetWnfProcessNotificationEvent",
+        "NtSetVolumeInformationFile",
+        "NtSetValueKey",
+        "NtSetUuidSeed",
+        "NtSetTimerResolution",
+        "NtSetTimerEx",
+        "NtSetTimer",
+        "NtSetThreadExecutionState",
+        "NtSetSystemTime",
+        "NtSetSystemPowerState",
+        "NtSetSystemInformation",
+        "NtSetSystemEnvironmentValueEx",
+        "NtSetSystemEnvironmentValue",
+        "NtSetSecurityObject",
+        "NtSetQuotaInformationFile",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtSetLdtEntries",
+        "NtSetIRTimer",
+        "NtSetTimer2",
+        "NtCancelTimer2",
+        "NtSetIoCompletionEx",
+        "NtSetIoCompletion",
+        "NtSetIntervalProfile",
+        "NtSetInformationWorkerFactory",
+        "NtSetInformationTransactionManager",
+        "NtSetInformationTransaction",
+        "NtSetInformationToken",
+        "NtSetInformationThread",
+        "NtSetInformationResourceManager",
+        "NtSetInformationProcess",
+        "NtSetInformationObject",
+        "NtSetInformationKey",
+        "NtSetInformationJobObject",
+        "NtSetInformationFile",
+        "NtSetInformationEnlistment",
+        "NtSetInformationDebugObject",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtSetEventBoostPriority",
+        "NtSetEvent",
+        "NtSetEaFile",
+        "NtSetDriverEntryOrder",
+        "NtSetDefaultUILanguage",
+        "NtSetDefaultLocale",
+        "NtSetDefaultHardErrorPort",
+        "NtSetDebugFilterState",
+        "NtSetContextThread",
+        "NtSetCachedSigningLevel",
+        "NtSetBootOptions",
+        "NtSetBootEntryOrder",
+        "NtSerializeBoot",
+        "NtSecureConnectPort",
+        "NtSaveMergedKeys",
+        "NtSaveKeyEx",
+        "NtSaveKey",
+        "NtRollforwardTransactionManager",
+        "NtRollbackTransaction",
+        "NtRollbackEnlistment",
+        "NtRollbackComplete",
+        "NtRevertContainerImpersonation",
+        "NtResumeThread",
+        "NtResumeProcess",
+        "NtRestoreKey",
+        "NtResetWriteWatch",
+        "NtResetEvent",
+        "NtRequestWaitReplyPort",
+        "NtRequestPort",
+        "NtReplyWaitReplyPort",
+        "NtReplyWaitReceivePortEx",
+        "NtReplyWaitReceivePort",
+        "NtReplyPort",
+        "NtReplacePartitionUnit",
+        "NtReplaceKey",
+        "NtRenameTransactionManager",
+        "NtRenameKey",
+        "NtRemoveProcessDebug",
+        "NtRemoveIoCompletionEx",
+        "NtRemoveIoCompletion",
+        "NtReleaseWorkerFactoryWorker",
+        "NtReleaseSemaphore",
+        "NtReleaseMutant",
+        "NtReleaseKeyedEvent",
+        "NtRegisterThreadTerminatePort",
+        "NtRegisterProtocolAddressInformation",
+        "NtRecoverTransactionManager",
+        "NtRecoverResourceManager",
+        "NtRecoverEnlistment",
+        "NtReadVirtualMemory",
+        "NtReadRequestData",
+        "NtReadOnlyEnlistment",
+        "NtReadFileScatter",
+        "NtReadFile",
+        "NtRaiseHardError",
+        "NtRaiseException",
+        "NtQueueApcThreadEx",
+        "NtQueueApcThread",
+        "NtQueryWnfStateData",
+        "NtQueryWnfStateNameInformation",
+        "NtQueryVolumeInformationFile",
+        "NtQueryVirtualMemory",
+        "NtQueryValueKey",
+        "NtQueryTimerResolution",
+        "NtQueryTimer",
+        "NtQuerySystemTime",
+        "NtQuerySystemInformationEx",
+        "NtQuerySystemInformation",
+        "NtQuerySystemEnvironmentValueEx",
+        "NtQuerySystemEnvironmentValue",
+        "NtQuerySymbolicLinkObject",
+        "NtQuerySemaphore",
+        "NtQuerySecurityObject",
+        "NtQuerySecurityAttributesToken",
+        "NtQuerySection",
+        "NtQueryQuotaInformationFile",
+        "NtQueryPortInformationProcess",
+        "NtQueryPerformanceCounter",
+        "NtQueryOpenSubKeysEx",
+        "NtQueryOpenSubKeys",
+        "NtQueryObject",
+        "NtQueryMutant",
+        "NtQueryMultipleValueKey",
+        "NtQueryLicenseValue",
+        "NtQueryKey",
+        "NtQueryIoCompletion",
+        "NtQueryIntervalProfile",
+        "NtQueryInstallUILanguage",
+        "NtQueryInformationWorkerFactory",
+        "NtQueryInformationTransactionManager",
+        "NtQueryInformationTransaction",
+        "NtQueryInformationToken",
+        "NtQueryInformationThread",
+        "NtQueryInformationResourceManager",
+        "NtQueryInformationProcess",
+        "NtQueryInformationPort",
+        "NtQueryInformationJobObject",
+        "NtQueryInformationFile",
+        "NtQueryInformationEnlistment",
+        "NtQueryInformationAtom",
+        "NtQueryFullAttributesFile",
+        "NtQueryEvent",
+        "NtQueryEaFile",
+        "NtQueryDriverEntryOrder",
+        "NtQueryDirectoryObject",
+        "NtQueryDirectoryFile",
+        "NtQueryDefaultUILanguage",
+        "NtQueryDefaultLocale",
+        "NtQueryDebugFilterState",
+        "NtQueryBootOptions",
+        "NtQueryBootEntryOrder",
+        "NtQueryAttributesFile",
+        "NtPulseEvent",
+        "NtProtectVirtualMemory",
+        "NtPropagationFailed",
+        "NtPropagationComplete",
+        "NtPrivilegeObjectAuditAlarm",
+        "NtPrivilegedServiceAuditAlarm",
+        "NtPrivilegeCheck",
+        "NtSetInformationVirtualMemory",
+        "NtPrePrepareEnlistment",
+        "NtPrePrepareComplete",
+        "NtPrepareEnlistment",
+        "NtPrepareComplete",
+        "NtPowerInformation",
+        "NtPlugPlayControl",
+        "NtOpenTransactionManager",
+        "NtOpenTransaction",
+        "NtOpenTimer",
+        "NtOpenThreadTokenEx",
+        "NtOpenThreadToken",
+        "NtOpenThread",
+        "NtOpenSymbolicLinkObject",
+        "NtOpenSession",
+        "NtOpenSemaphore",
+        "NtOpenSection",
+        "NtOpenResourceManager",
+        "NtCreateJobSet",
+        "NtOpenProcessTokenEx",
+        "NtOpenProcessToken",
+        "NtOpenProcess",
+        "NtOpenPrivateNamespace",
+        "NtOpenObjectAuditAlarm",
+        "NtOpenMutant",
+        "NtOpenKeyTransactedEx",
+        "NtOpenKeyTransacted",
+        "NtOpenKeyEx",
+        "NtOpenKeyedEvent",
+        "NtOpenKey",
+        "NtOpenJobObject",
+        "NtOpenIoCompletion",
+        "NtOpenFile",
+        "NtCreateEventPair",
+        "NtOpenEvent",
+        "NtOpenEnlistment",
+        "NtOpenDirectoryObject",
+        "NtNotifyChangeSession",
+        "NtNotifyChangeMultipleKeys",
+        "NtNotifyChangeKey",
+        "NtNotifyChangeDirectoryFile",
+        "NtManagePartition",
+        "NtModifyDriverEntry",
+        "NtModifyBootEntry",
+        "NtMapViewOfSection",
+        "NtMapUserPhysicalPagesScatter",
+        "NtMapUserPhysicalPages",
+        "NtMapCMFModule",
+        "NtMakeTemporaryObject",
+        "NtMakePermanentObject",
+        "NtLockVirtualMemory",
+        "NtLockRegistryKey",
+        "NtLockProductActivationKeys",
+        "NtLockFile",
+        "NtLoadKeyEx",
+        "NtLoadKey2",
+        "NtLoadKey",
+        "NtLoadEnclaveData",
+        "NtLoadDriver",
+        "NtListenPort",
+        "NtIsUILanguageComitted",
+        "NtIsSystemResumeAutomatic",
+        "NtIsProcessInJob",
+        "NtInitiatePowerAction",
+        "NtInitializeRegistry",
+        "NtInitializeNlsFiles",
+        "NtInitializeEnclave",
+        "NtImpersonateThread",
+        "NtImpersonateClientOfPort",
+        "NtImpersonateAnonymousToken",
+        "NtGetWriteWatch",
+        "NtGetNotificationResourceManager",
+        "NtGetNlsSectionPtr",
+        "NtGetNextThread",
+        "NtGetNextProcess",
+        "NtGetMUIRegistryInfo",
+        "NtGetDevicePowerState",
+        "NtGetCurrentProcessorNumberEx",
+        "NtGetCurrentProcessorNumber",
+        "NtGetContextThread",
+        "NtGetCompleteWnfStateSubscription",
+        "NtGetCachedSigningLevel",
+        "NtFsControlFile",
+        "NtFreezeTransactions",
+        "NtFreezeRegistry",
+        "NtFreeVirtualMemory",
+        "NtFreeUserPhysicalPages",
+        "NtFlushWriteBuffer",
+        "NtFlushVirtualMemory",
+        "NtFlushProcessWriteBuffers",
+        "NtFlushKey",
+        "FsRtlSyncVolumes",
+        "NtFlushInstallUILanguage",
+        "NtFlushBuffersFile",
+        "NtFlushBuffersFileEx",
+        "NtFindAtom",
+        "NtFilterToken",
+        "NtFilterTokenEx",
+        "NtFilterBootOption",
+        "NtExtendSection",
+        "NtEnumerateValueKey",
+        "NtEnumerateTransactionObject",
+        "NtEnumerateSystemEnvironmentValuesEx",
+        "NtEnumerateKey",
+        "NtEnumerateDriverEntries",
+        "NtEnumerateBootEntries",
+        "NtEnableLastKnownGood",
+        "NtDuplicateToken",
+        "NtDuplicateObject",
+        "NtDrawText",
+        "NtDisplayString",
+        "NtDisableLastKnownGood",
+        "NtDeviceIoControlFile",
+        "NtDeleteWnfStateName",
+        "NtDeleteWnfStateData",
+        "NtDeleteValueKey",
+        "NtDeletePrivateNamespace",
+        "NtDeleteObjectAuditAlarm",
+        "NtDeleteKey",
+        "NtDeleteFile",
+        "NtDeleteDriverEntry",
+        "NtDeleteBootEntry",
+        "NtDeleteAtom",
+        "NtDelayExecution",
+        "NtDebugContinue",
+        "NtDebugActiveProcess",
+        "NtCreatePartition",
+        "NtCreateWorkerFactory",
+        "NtCreateWnfStateName",
+        "NtCreateWaitCompletionPacket",
+        "NtCreateWaitablePort",
+        "NtCreateUserProcess",
+        "NtCreateTransactionManager",
+        "NtCreateTransaction",
+        "NtCreateToken",
+        "NtCreateLowBoxToken",
+        "NtCreateTokenEx",
+        "NtCreateTimer",
+        "NtCreateThreadEx",
+        "NtCreateThread",
+        "NtCreateSymbolicLinkObject",
+        "NtCreateSemaphore",
+        "NtCreateSection",
+        "NtCreateResourceManager",
+        "NtCreateProfileEx",
+        "NtCreateProfile",
+        "NtCreateProcessEx",
+        "NtCreateProcess",
+        "NtCreatePrivateNamespace",
+        "NtCreatePort",
+        "NtCreatePagingFile",
+        "NtCreateNamedPipeFile",
+        "NtCreateMutant",
+        "NtCreateMailslotFile",
+        "NtCreateKeyTransacted",
+        "NtCreateKeyedEvent",
+        "NtCreateKey",
+        "NtCreateJobSet",
+        "NtCreateJobObject",
+        "NtCreateIRTimer",
+        "NtCreateTimer2",
+        "NtCreateIoCompletion",
+        "NtCreateFile",
+        "NtCreateEventPair",
+        "NtCreateEvent",
+        "NtCreateEnlistment",
+        "NtCreateEnclave",
+        "NtCreateDirectoryObjectEx",
+        "NtCreateDirectoryObject",
+        "NtCreateDebugObject",
+        "NtContinue",
+        "NtConnectPort",
+        "NtCompressKey",
+        "NtCompleteConnectPort",
+        "NtCompareTokens",
+        "NtCompareObjects",
+        "NtCompactKeys",
+        "NtCommitTransaction",
+        "NtCommitEnlistment",
+        "NtCommitComplete",
+        "NtCloseObjectAuditAlarm",
+        "NtClose",
+        "NtClearEvent",
+        "NtCancelWaitCompletionPacket",
+        "NtCancelTimer",
+        "NtCancelSynchronousIoFile",
+        "NtCancelIoFileEx",
+        "NtCancelIoFile",
+        "NtCallbackReturn",
+        "NtAssociateWaitCompletionPacket",
+        "NtAssignProcessToJobObject",
+        "NtAreMappedFilesTheSame",
+        "NtApphelpCacheControl",
+        "NtAlpcSetInformation",
+        "NtAlpcSendWaitReceivePort",
+        "NtAlpcRevokeSecurityContext",
+        "NtAlpcQueryInformationMessage",
+        "NtAlpcQueryInformation",
+        "NtAlpcOpenSenderThread",
+        "NtAlpcOpenSenderProcess",
+        "NtAlpcImpersonateClientOfPort",
+        "NtAlpcImpersonateClientContainerOfPort",
+        "NtAlpcDisconnectPort",
+        "NtAlpcDeleteSecurityContext",
+        "NtAlpcDeleteSectionView",
+        "NtAlpcDeleteResourceReserve",
+        "NtAlpcDeletePortSection",
+        "NtAlpcCreateSecurityContext",
+        "NtAlpcCreateSectionView",
+        "NtAlpcCreateResourceReserve",
+        "NtAlpcCreatePortSection",
+        "NtAlpcCreatePort",
+        "NtAlpcConnectPort",
+        "NtAlpcConnectPortEx",
+        "NtAlpcCancelMessage",
+        "NtAlpcAcceptConnectPort",
+        "NtAllocateVirtualMemory",
+        "NtAllocateUuids",
+        "NtAllocateUserPhysicalPages",
+        "NtAllocateReserveObject",
+        "NtAllocateLocallyUniqueId",
+        "NtAlertThreadByThreadId",
+        "NtAlertThread",
+        "NtAlertResumeThread",
+        "NtAdjustPrivilegesToken",
+        "NtAdjustGroupsToken",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAddDriverEntry",
+        "NtAddBootEntry",
+        "NtAddAtom",
+        "NtAddAtomEx",
+        "NtAccessCheckByTypeResultListAndAuditAlarmByHandle",
+        "NtAccessCheckByTypeResultListAndAuditAlarm",
+        "NtAccessCheckByTypeResultList",
+        "NtAccessCheckByTypeAndAuditAlarm",
+        "NtAccessCheckByType",
+        "NtAccessCheckAndAuditAlarm",
+        "NtSetInformationSymbolicLink"
+    ],
+    [
+        "NtUserGetOwnerTransformedMonitorRect",
+        "NtUserYieldTask",
+        "NtUserSetSensorPresence",
+        "NtGdiWidenPath",
+        "NtGdiUpdateColors",
+        "NtGdiUnrealizeObject",
+        "NtGdiUnmapMemFont",
+        "NtGdiUnloadPrinterDriver",
+        "NtGdiTransparentBlt",
+        "NtGdiTransformPoints",
+        "NtGdiSwapBuffers",
+        "NtGdiStrokePath",
+        "NtGdiStrokeAndFillPath",
+        "NtGdiStretchDIBitsInternal",
+        "NtGdiStretchBlt",
+        "NtGdiStartPage",
+        "NtGdiStartDoc",
+        "NtGdiSetSizeDevice",
+        "NtGdiSetVirtualResolution",
+        "NtGdiSetTextJustification",
+        "NtGdiSetSystemPaletteUse",
+        "NtGdiSetRectRgn",
+        "NtGdiSetPixelFormat",
+        "NtGdiSetPixel",
+        "NtGdiSetOPMSigningKeyAndSequenceNumbers",
+        "NtGdiSetLayout",
+        "NtGdiMirrorWindowOrg",
+        "NtGdiGetDeviceWidth",
+        "NtGdiSetMiterLimit",
+        "NtGdiSetMetaRgn",
+        "NtGdiSetMagicColors",
+        "NtGdiSetLinkedUFIs",
+        "NtGdiSetIcmMode",
+        "NtGdiSetFontXform",
+        "NtGdiSetFontEnumeration",
+        "NtGdiSetDIBitsToDeviceInternal",
+        "NtGdiSetDeviceGammaRamp",
+        "NtGdiSetColorSpace",
+        "NtGdiSetColorAdjustment",
+        "NtGdiSetBrushOrg",
+        "NtGdiSetBrushAttributes",
+        "NtGdiSetBoundsRect",
+        "NtGdiSetBitmapDimension",
+        "NtGdiSetBitmapBits",
+        "NtGdiSetBitmapAttributes",
+        "NtGdiSelectPen",
+        "NtGdiSelectFont",
+        "NtGdiSelectClipPath",
+        "NtGdiSelectBrush",
+        "NtGdiSelectBitmap",
+        "NtGdiScaleWindowExtEx",
+        "NtGdiScaleViewportExtEx",
+        "NtGdiSaveDC",
+        "NtGdiRoundRect",
+        "NtGdiRestoreDC",
+        "NtGdiResizePalette",
+        "NtGdiResetDC",
+        "NtGdiRemoveFontMemResourceEx",
+        "NtGdiRemoveFontResourceW",
+        "NtGdiRectVisible",
+        "NtGdiRectInRegion",
+        "NtGdiRectangle",
+        "NtGdiQueryFontAssocInfo",
+        "NtGdiQueryFonts",
+        "NtGdiPtVisible",
+        "NtGdiPtInRegion",
+        "NtGdiPolyTextOutW",
+        "NtGdiPolyPolyDraw",
+        "NtGdiPolyDraw",
+        "NtGdiPlgBlt",
+        "NtGdiPathToRegion",
+        "NtGdiPolyPatBlt",
+        "NtGdiPatBlt",
+        "NtGdiOpenDCW",
+        "NtGdiOffsetRgn",
+        "NtGdiOffsetClipRgn",
+        "NtGdiMoveTo",
+        "NtGdiMonoBitmap",
+        "NtGdiModifyWorldTransform",
+        "NtGdiMaskBlt",
+        "NtGdiMakeInfoDC",
+        "NtGdiMakeFontDir",
+        "NtGdiLineTo",
+        "NtGdiInvertRgn",
+        "NtGdiIntersectClipRect",
+        "NtGdiInitSpool",
+        "NtGdiInit",
+        "NtGdiIcmBrushInfo",
+        "NtGdiHfontCreate",
+        "NtGdiGradientFill",
+        "NtGdiGetWidthTable",
+        "NtGdiGetFontUnicodeRanges",
+        "NtGdiAddEmbFontToDC",
+        "NtGdiChangeGhostFont",
+        "NtGdiGetEmbedFonts",
+        "NtGdiGetUFIPathname",
+        "NtGdiGetEmbUFI",
+        "NtGdiGetUFI",
+        "NtGdiGetTransform",
+        "NtGdiGetTextMetricsW",
+        "NtGdiGetTextFaceW",
+        "NtGdiGetTextExtentExW",
+        "NtGdiGetTextExtent",
+        "NtGdiGetTextCharsetInfo",
+        "NtGdiGetSystemPaletteUse",
+        "NtGdiGetSuggestedOPMProtectedOutputArraySize",
+        "NtGdiGetStringBitmapW",
+        "NtGdiGetStockObject",
+        "NtGdiGetStats",
+        "NtGdiGetSpoolMessage",
+        "NtGdiGetServerMetaFileBits",
+        "NtGdiGetRgnBox",
+        "NtGdiGetRegionData",
+        "NtGdiGetRealizationInfo",
+        "NtGdiGetRasterizerCaps",
+        "NtGdiGetRandomRgn",
+        "NtGdiGetPixel",
+        "NtGdiGetPath",
+        "NtGdiGetOutlineTextMetricsInternalW",
+        "NtGdiGetOPMRandomNumber",
+        "NtGdiGetObjectBitmapHandle",
+        "NtGdiGetNearestPaletteIndex",
+        "NtGdiGetNearestColor",
+        "NtGdiGetMonitorID",
+        "NtGdiGetMiterLimit",
+        "NtGdiGetLinkedUFIs",
+        "NtGdiGetKerningPairs",
+        "NtGdiGetOPMInformation",
+        "NtGdiGetGlyphOutline",
+        "NtGdiGetGlyphIndicesWInternal",
+        "NtGdiGetGlyphIndicesW",
+        "NtGdiGetFontResourceInfoInternalW",
+        "NtGdiGetFontFileInfo",
+        "NtGdiGetFontFileData",
+        "NtGdiGetFontData",
+        "NtGdiGetEudcTimeStampEx",
+        "NtGdiGetETM",
+        "NtGdiGetDIBitsInternal",
+        "NtGdiGetDeviceCapsAll",
+        "NtGdiGetDeviceGammaRamp",
+        "NtGdiGetDeviceCaps",
+        "NtGdiGetDCPoint",
+        "NtGdiGetDCObject",
+        "NtGdiGetDCforBitmap",
+        "NtGdiGetDCDword",
+        "NtGdiGetCurrentDpiInfo",
+        "NtGdiGetCOPPCompatibleOPMInformation",
+        "NtGdiGetColorSpaceforBitmap",
+        "NtGdiGetColorAdjustment",
+        "NtGdiGetCharWidthInfo",
+        "NtGdiGetCharWidthW",
+        "NtGdiGetCharSet",
+        "NtGdiGetCharacterPlacementW",
+        "NtGdiGetCharABCWidthsW",
+        "NtGdiGetCertificateSize",
+        "NtGdiGetCertificate",
+        "NtGdiGetCertificateSizeByHandle",
+        "NtGdiGetCertificateByHandle",
+        "NtGdiGetBoundsRect",
+        "NtGdiGetBitmapDimension",
+        "NtGdiGetBitmapBits",
+        "NtGdiGetAppClipBox",
+        "NtGdiGetAndSetDCDword",
+        "NtGdiFullscreenControl",
+        "NtGdiFrameRgn",
+        "NtGdiForceUFIMapping",
+        "NtGdiFlush",
+        "NtGdiFlattenPath",
+        "NtGdiFillRgn",
+        "NtGdiFillPath",
+        "NtGdiExtTextOutW",
+        "NtGdiExtSelectClipRgn",
+        "NtGdiExtGetObjectW",
+        "NtGdiExtFloodFill",
+        "NtGdiExtEscape",
+        "NtGdiExtCreateRegion",
+        "NtGdiExtCreatePen",
+        "NtGdiExcludeClipRect",
+        "NtGdiEudcLoadUnloadLink",
+        "NtGdiEqualRgn",
+        "NtGdiEnumObjects",
+        "NtGdiEnumFonts",
+        "NtGdiEndPath",
+        "NtGdiEndPage",
+        "NtGdiEndGdiRendering",
+        "NtGdiEndDoc",
+        "NtGdiEnableEudc",
+        "NtGdiEllipse",
+        "NtGdiDrawEscape",
+        "NtGdiDoPalette",
+        "NtGdiDoBanding",
+        "NtGdiGetPerBandInfo",
+        "NtGdiDestroyOPMProtectedOutput",
+        "NtGdiDescribePixelFormat",
+        "NtGdiDeleteObjectApp",
+        "NtGdiDeleteColorTransform",
+        "NtGdiDeleteColorSpace",
+        "NtGdiDeleteClientObj",
+        "NtGdiDxgGenericThunk",
+        "NtGdiDvpReleaseNotification",
+        "NtGdiDvpAcquireNotification",
+        "NtGdiDvpWaitForVideoPortSync",
+        "NtGdiDvpUpdateVideoPort",
+        "NtGdiDvpGetVideoSignalStatus",
+        "NtGdiDvpGetVideoPortConnectInfo",
+        "NtGdiDvpGetVideoPortOutputFormats",
+        "NtGdiDvpGetVideoPortLine",
+        "NtGdiDvpGetVideoPortInputFormats",
+        "NtGdiDvpGetVideoPortFlipStatus",
+        "NtGdiDvpGetVideoPortField",
+        "NtGdiDvpGetVideoPortBandwidth",
+        "NtGdiDvpFlipVideoPort",
+        "NtGdiDvpDestroyVideoPort",
+        "NtGdiDvpCreateVideoPort",
+        "NtGdiDvpColorControl",
+        "NtGdiDvpCanCreateVideoPort",
+        "NtGdiDdWaitForVerticalBlank",
+        "NtGdiDdUpdateOverlay",
+        "NtGdiDdUnlockD3D",
+        "NtGdiDdUnlock",
+        "NtGdiDdUnattachSurface",
+        "NtGdiDdSetOverlayPosition",
+        "NtGdiDdCreateSurfaceEx",
+        "NtGdiDdSetGammaRamp",
+        "NtGdiDdSetExclusiveMode",
+        "NtGdiDdSetColorKey",
+        "NtGdiDdResetVisrgn",
+        "NtGdiDdRenderMoComp",
+        "NtGdiDdReleaseDC",
+        "NtGdiDdReenableDirectDrawObject",
+        "NtGdiDdQueryMoCompStatus",
+        "NtGdiDdQueryDirectDrawObject",
+        "NtGdiDdLockD3D",
+        "NtGdiDdLock",
+        "NtGdiDdGetScanLine",
+        "NtGdiDdGetMoCompFormats",
+        "NtGdiDdGetMoCompGuids",
+        "NtGdiDdGetMoCompBuffInfo",
+        "NtGdiDdGetInternalMoCompInfo",
+        "NtGdiDdGetFlipStatus",
+        "NtGdiDdGetDxHandle",
+        "NtGdiDdGetDriverInfo",
+        "NtGdiDdGetDC",
+        "NtGdiDdGetBltStatus",
+        "NtGdiDdGetAvailDriverMemory",
+        "NtGdiDdFlipToGDISurface",
+        "NtGdiDdFlip",
+        "NtGdiDdEndMoCompFrame",
+        "NtGdiDdDestroyD3DBuffer",
+        "NtGdiDdDestroySurface",
+        "NtGdiDdDestroyMoComp",
+        "NtGdiDdDeleteSurfaceObject",
+        "NtGdiDdDeleteDirectDrawObject",
+        "NtGdiDdCreateSurfaceObject",
+        "NtGdiDdCreateMoComp",
+        "NtGdiDdCreateD3DBuffer",
+        "NtGdiDdCreateSurface",
+        "NtGdiDdCreateDirectDrawObject",
+        "NtGdiDdColorControl",
+        "NtGdiDdCanCreateD3DBuffer",
+        "NtGdiDdCanCreateSurface",
+        "NtGdiDdBlt",
+        "NtGdiDdBeginMoCompFrame",
+        "NtGdiDdAttachSurface",
+        "NtGdiDdAlphaBlt",
+        "NtGdiDdAddAttachedSurface",
+        "NtGdiDdGetDriverState",
+        "NtGdiD3dDrawPrimitives2",
+        "NtGdiD3dValidateTextureStageState",
+        "NtGdiD3dContextDestroyAll",
+        "NtGdiD3dContextDestroy",
+        "NtGdiD3dContextCreate",
+        "NtGdiCreateSolidBrush",
+        "NtGdiCreateServerMetaFile",
+        "NtGdiCreateRoundRectRgn",
+        "NtGdiCreateRectRgn",
+        "NtGdiCreatePen",
+        "NtGdiCreatePatternBrushInternal",
+        "NtGdiCreatePaletteInternal",
+        "NtGdiCreateOPMProtectedOutputs",
+        "NtGdiCreateMetafileDC",
+        "NtGdiCreateHatchBrushInternal",
+        "NtGdiCreateHalftonePalette",
+        "NtGdiCreateEllipticRgn",
+        "NtGdiCreateSessionMappedDIBSection",
+        "NtGdiCreateDIBSection",
+        "NtGdiCreateDIBitmapInternal",
+        "NtGdiCreateDIBBrush",
+        "NtGdiCreateCompatibleDC",
+        "NtGdiCreateCompatibleBitmap",
+        "NtGdiCreateColorTransform",
+        "NtGdiCreateColorSpace",
+        "NtGdiCreateClientObj",
+        "NtGdiCreateBitmapFromDxSurface2",
+        "NtGdiCreateBitmapFromDxSurface",
+        "NtGdiCreateBitmap",
+        "NtGdiConvertMetafileRect",
+        "NtGdiConfigureOPMProtectedOutput",
+        "NtGdiComputeXformCoefficients",
+        "NtGdiCombineTransform",
+        "NtGdiCombineRgn",
+        "NtGdiColorCorrectPalette",
+        "NtGdiClearBrushAttributes",
+        "NtGdiClearBitmapAttributes",
+        "NtGdiCloseFigure",
+        "NtGdiCheckBitmapBits",
+        "NtGdiCancelDC",
+        "NtGdiBitBlt",
+        "NtGdiBeginPath",
+        "NtGdiBeginGdiRendering",
+        "NtGdiArcInternal",
+        "NtGdiFontIsLinked",
+        "NtGdiAnyLinkedFonts",
+        "NtGdiAngleArc",
+        "NtGdiAlphaBlend",
+        "NtGdiAddRemoteMMInstanceToDC",
+        "NtGdiRemoveMergeFont",
+        "NtGdiAddFontMemResourceEx",
+        "NtGdiAddRemoteFontToDC",
+        "NtGdiAddFontResourceW",
+        "NtGdiAbortPath",
+        "NtGdiAbortDoc",
+        "NtUserDefSetText",
+        "NtUserDeferWindowPosAndBand",
+        "NtUserDdeInitialize",
+        "NtUserCanBrokerForceForeground",
+        "NtUserCreateWindowStation",
+        "NtUserCreateWindowEx",
+        "NtUserCreateLocalMemHandle",
+        "NtUserCreateInputContext",
+        "NtUserCreateDesktopEx",
+        "NtUserCreateCaret",
+        "NtUserCreateAcceleratorTable",
+        "NtUserCountClipboardFormats",
+        "NtUserCopyAcceleratorTable",
+        "NtUserConvertMemHandle",
+        "NtUserConsoleControl",
+        "NtUserCloseWindowStation",
+        "NtUserCloseDesktop",
+        "NtUserCloseClipboard",
+        "NtUserClipCursor",
+        "NtUserChildWindowFromPointEx",
+        "NtUserCheckMenuItem",
+        "NtUserCheckWindowThreadDesktop",
+        "NtUserDwmValidateWindow",
+        "NtUserCheckAccessForIntegrityLevel",
+        "NtUserDisplayConfigSetDeviceInfo",
+        "NtUserDisplayConfigGetDeviceInfo",
+        "NtUserQueryDisplayConfig",
+        "NtUserSetDisplayConfig",
+        "NtUserGetDisplayConfigBufferSizes",
+        "NtUserChangeDisplaySettings",
+        "NtUserChangeClipboardChain",
+        "NtUserCallTwoParam",
+        "NtUserCallOneParam",
+        "NtUserCallNoParam",
+        "NtUserCallNextHookEx",
+        "NtUserCallMsgFilter",
+        "NtUserCallHwndParamLock",
+        "NtUserCallHwndParam",
+        "NtUserCallHwndOpt",
+        "NtUserCallHwndLock",
+        "NtUserCallHwnd",
+        "NtUserBuildPropList",
+        "NtUserBuildNameList",
+        "NtUserBuildHwndList",
+        "NtUserBuildHimcList",
+        "NtUserBlockInput",
+        "NtUserBitBltSysBmp",
+        "NtUserBeginPaint",
+        "NtUserAttachThreadInput",
+        "NtUserAssociateInputContext",
+        "NtUserAlterWindowStyle",
+        "NtUserAddClipboardFormatListener",
+        "NtUserActivateKeyboardLayout",
+        "NtUserDelegateCapturePointers",
+        "NtUserDelegateInput",
+        "NtUserDispatchMessage",
+        "NtUserDisableProcessWindowFiltering",
+        "NtUserDisableThreadIme",
+        "NtUserDestroyWindow",
+        "NtUserDestroyMenu",
+        "NtUserDestroyInputContext",
+        "NtUserDestroyCursor",
+        "NtUserDestroyAcceleratorTable",
+        "NtUserDeleteMenu",
+        "NtUserDoSoundDisconnect",
+        "NtUserDoSoundConnect",
+        "NtUserGhostWindowFromHungWindow",
+        "NtUserGetWOWClass",
+        "NtUserGetWindowPlacement",
+        "NtUserGetWindowDisplayAffinity",
+        "NtUserGetWindowDC",
+        "NtUserGetWindowCompositionAttribute",
+        "NtUserGetWindowCompositionInfo",
+        "NtUserGetWindowBand",
+        "NtUserGetUpdateRgn",
+        "NtUserGetUpdateRect",
+        "NtUserGetUpdatedClipboardFormats",
+        "NtUserGetTopLevelWindow",
+        "NtUserGetTitleBarInfo",
+        "NtUserGetThreadState",
+        "NtUserGetThreadDesktop",
+        "NtUserGetSystemMenu",
+        "NtUserGetScrollBarInfo",
+        "NtUserGetRegisteredRawInputDevices",
+        "NtUserGetRawInputDeviceList",
+        "NtUserGetRawInputDeviceInfo",
+        "NtUserGetRawInputData",
+        "NtUserGetRawInputBuffer",
+        "NtUserGetProcessWindowStation",
+        "NtUserGetPriorityClipboardFormat",
+        "NtUserGetOpenClipboardWindow",
+        "NtUserGetObjectInformation",
+        "NtUserGetMouseMovePointsEx",
+        "NtUserGetMessage",
+        "NtUserGetMenuItemRect",
+        "NtUserGetMenuIndex",
+        "NtUserGetMenuBarInfo",
+        "NtUserGetListBoxInfo",
+        "NtUserGetKeyState",
+        "NtUserGetKeyNameText",
+        "NtUserGetKeyboardState",
+        "NtUserGetKeyboardLayoutName",
+        "NtUserGetKeyboardLayoutList",
+        "NtUserGetInternalWindowPos",
+        "NtUserGetInputLocaleInfo",
+        "NtUserGetImeInfoEx",
+        "NtUserGetImeHotKey",
+        "NtUserGetIconSize",
+        "NtUserGetIconInfo",
+        "NtUserGetGUIThreadInfo",
+        "NtUserGetGuiResources",
+        "NtUserGetForegroundWindow",
+        "NtUserGetDpiSystemMetrics",
+        "NtUserGetDoubleClickTime",
+        "NtUserGetDesktopID",
+        "NtUserGetDCEx",
+        "NtUserGetDC",
+        "NtUserGetCursorInfo",
+        "NtUserGetCursorFrameInfo",
+        "NtUserGetCurrentInputMessageSource",
+        "NtUserGetCIMSSM",
+        "NtUserGetCPD",
+        "NtUserGetControlColor",
+        "NtUserGetControlBrush",
+        "NtUserGetComboBoxInfo",
+        "NtUserGetClipCursor",
+        "NtUserGetClipboardViewer",
+        "NtUserGetClipboardSequenceNumber",
+        "NtUserGetClipboardOwner",
+        "NtUserGetClipboardFormatName",
+        "NtUserGetClipboardData",
+        "NtUserGetClassName",
+        "NtUserGetClassInfoEx",
+        "NtUserGetCaretPos",
+        "NtUserGetCaretBlinkTime",
+        "NtUserGetAtomName",
+        "NtUserGetAsyncKeyState",
+        "NtUserGetAppImeLevel",
+        "NtUserGetAncestor",
+        "NtUserGetAltTabInfo",
+        "NtUserFrostCrashedWindow",
+        "NtUserFlashWindowEx",
+        "NtUserFindWindowEx",
+        "NtUserFindExistingCursorIcon",
+        "NtUserFillWindow",
+        "NtUserExcludeUpdateRgn",
+        "NtUserEvent",
+        "NtUserEnumDisplaySettings",
+        "NtUserEnumDisplayMonitors",
+        "NtUserEnumDisplayDevices",
+        "NtUserEndPaint",
+        "NtUserEndMenu",
+        "NtUserEndDeferWindowPosEx",
+        "NtUserEnableScrollBar",
+        "NtUserEnableMenuItem",
+        "NtUserEmptyClipboard",
+        "NtUserDrawMenuBarTemp",
+        "NtUserDrawIconEx",
+        "NtUserDrawCaptionTemp",
+        "NtUserDrawCaption",
+        "NtUserDrawAnimatedRects",
+        "NtUserDragObject",
+        "NtUserDragDetect",
+        "NtUserHandleDelegatedInput",
+        "NtUserRealChildWindowFromPoint",
+        "NtUserQueryWindow",
+        "NtUserQuerySendMessage",
+        "NtUserQueryInputContext",
+        "NtUserQueryInformationThread",
+        "NtUserQueryBSDRWindow",
+        "NtUserPerMonitorDPIPhysicalToLogicalPoint",
+        "NtUserProcessConnect",
+        "NtUserPrintWindow",
+        "NtUserPostThreadMessage",
+        "NtUserPostMessage",
+        "NtUserPhysicalToLogicalPoint",
+        "NtUserPeekMessage",
+        "NtUserPaintMonitor",
+        "NtUserPaintDesktop",
+        "NtUserOpenWindowStation",
+        "NtUserOpenThreadDesktop",
+        "NtUserOpenInputDesktop",
+        "NtUserOpenDesktop",
+        "NtUserOpenClipboard",
+        "NtUserNotifyWinEvent",
+        "NtUserNotifyProcessCreate",
+        "NtUserNotifyIMEStatus",
+        "NtUserMoveWindow",
+        "NtUserModifyUserStartupInfoFlags",
+        "NtUserMNDragOver",
+        "NtUserMNDragLeave",
+        "NtUserMinMaximize",
+        "NtUserMessageCall",
+        "NtUserMenuItemFromPoint",
+        "NtUserMapVirtualKeyEx",
+        "NtUserLayoutCompleted",
+        "NtUserLogicalToPerMonitorDPIPhysicalPoint",
+        "NtUserLogicalToPhysicalPoint",
+        "NtUserLockWorkStation",
+        "NtUserLockWindowUpdate",
+        "NtUserLockWindowStation",
+        "NtUserLoadKeyboardLayoutEx",
+        "NtUserKillTimer",
+        "NtUserIsTopLevelWindow",
+        "NtUserIsClipboardFormatAvailable",
+        "NtUserInvalidateRgn",
+        "NtUserInvalidateRect",
+        "NtUserInternalGetWindowIcon",
+        "NtUserInternalGetWindowText",
+        "NtUserInitTask",
+        "NtUserInitializeClientPfnArrays",
+        "NtUserInitialize",
+        "NtUserImpersonateDdeClientWindow",
+        "NtUserHungWindowFromGhostWindow",
+        "NtUserHiliteMenuItem",
+        "NtUserHideCaret",
+        "NtUserHardErrorControl",
+        "NtUserRealInternalGetMessage",
+        "NtUserRealWaitMessageEx",
+        "NtUserReleaseDwmHitTestWaiters",
+        "NtUserTranslateMessage",
+        "NtUserTranslateAccelerator",
+        "NtUserPaintMenuBar",
+        "NtUserCalcMenuBar",
+        "NtUserCalculatePopupWindowPosition",
+        "NtUserTrackPopupMenuEx",
+        "NtUserTrackMouseEvent",
+        "NtUserToUnicodeEx",
+        "NtUserThunkedMenuItemInfo",
+        "NtUserThunkedMenuInfo",
+        "NtUserTestForInteractiveUser",
+        "NtUserSendEventMessage",
+        "NtUserSystemParametersInfo",
+        "NtUserSwitchDesktop",
+        "NtUserSoundSentry",
+        "NtUserShutdownReasonDestroy",
+        "NtUserShutdownBlockReasonQuery",
+        "NtUserShutdownBlockReasonCreate",
+        "NtUserShowWindowAsync",
+        "NtUserShowWindow",
+        "NtUserShowScrollBar",
+        "NtUserShowCaret",
+        "NtUserSetWinEventHook",
+        "NtUserSetWindowWord",
+        "NtUserSetWindowStationUser",
+        "NtUserSetWindowsHookEx",
+        "NtUserSetWindowsHookAW",
+        "NtUserSetWindowRgnEx",
+        "NtUserGetWindowRgnEx",
+        "NtUserSetWindowRgn",
+        "NtUserSetWindowPos",
+        "NtUserSetWindowPlacement",
+        "NtUserSetWindowLong",
+        "NtUserSetWindowFNID",
+        "NtUserSetWindowDisplayAffinity",
+        "NtUserSetWindowCompositionTransition",
+        "NtUserUpdateDefaultDesktopThumbnail",
+        "NtUserSetWindowCompositionAttribute",
+        "NtUserSetWindowBand",
+        "NtUserSetProcessUIAccessZorder",
+        "NtUserSetProcessDpiAwareness",
+        "NtUserEnableChildWindowDpiMessage",
+        "NtUserIsChildWindowDpiMessageEnabled",
+        "NtUserIsWindowBroadcastingDpiToChildren",
+        "NtUserSetTimer",
+        "NtUserSetThreadState",
+        "NtUserSetThreadLayoutHandles",
+        "NtUserSetThreadDesktop",
+        "NtUserSetThreadInputBlocked",
+        "NtUserSetSystemTimer",
+        "NtUserSetSystemMenu",
+        "NtUserSetSystemCursor",
+        "NtUserSetSysColors",
+        "NtUserSetShellWindowEx",
+        "NtUserSetScrollInfo",
+        "NtUserSetProp",
+        "NtUserGetProp",
+        "NtUserSetProcessWindowStation",
+        "NtUserSetParent",
+        "NtUserSetObjectInformation",
+        "NtUserSetMenuFlagRtoL",
+        "NtUserSetMenuDefaultItem",
+        "NtUserSetMenuContextHelpId",
+        "NtUserSetMenu",
+        "NtUserSetKeyboardState",
+        "NtUserSetInternalWindowPos",
+        "NtUserSetInformationThread",
+        "NtUserSetImeOwnerWindow",
+        "NtUserSetImeInfoEx",
+        "NtUserSetImeHotKey",
+        "NtUserSetFocus",
+        "NtUserSetCursorIconData",
+        "NtUserSetCursorContents",
+        "NtUserSetCursor",
+        "NtUserSetClipboardViewer",
+        "NtUserSetClipboardData",
+        "NtUserSetClassWord",
+        "NtUserSetClassLong",
+        "NtUserSetChildWindowNoActivate",
+        "NtUserSetCapture",
+        "NtUserSetAppImeLevel",
+        "NtUserSetActiveWindow",
+        "NtUserSendInput",
+        "NtUserSelectPalette",
+        "NtUserScrollWindowEx",
+        "NtUserScrollDC",
+        "NtUserSBGetParms",
+        "NtUserResolveDesktopForWOW",
+        "NtUserRemoveProp",
+        "NtUserRemoveMenu",
+        "NtUserRemoveClipboardFormatListener",
+        "NtUserRegisterWindowMessage",
+        "NtUserRegisterTasklist",
+        "NtUserRegisterServicesProcess",
+        "NtUserRegisterRawInputDevices",
+        "NtUserRegisterHotKey",
+        "NtUserRegisterDManipHook",
+        "NtUserGetDManipHookInitFunction",
+        "NtUserRegisterManipulationThread",
+        "NtUserSetManipulationInputTarget",
+        "NtUserRegisterUserApiHook",
+        "NtUserRegisterErrorReportingDialog",
+        "NtUserRegisterClassExWOW",
+        "NtUserRegisterBSDRWindow",
+        "NtUserRedrawWindow",
+        "NtUserUndelegateInput",
+        "NtUserGetWindowMinimizeRect",
+        "NtUserDwmGetRemoteSessionOcclusionEvent",
+        "NtUserDwmGetRemoteSessionOcclusionState",
+        "NtUserDwmKernelShutdown",
+        "NtUserDwmKernelStartup",
+        "NtUserUpdateWindowTransform",
+        "NtUserCheckProcessSession",
+        "NtUserUnregisterSessionPort",
+        "NtUserRegisterSessionPort",
+        "NtUserCtxDisplayIOCtl",
+        "NtUserRemoteStopScreenUpdates",
+        "NtUserRemoteRedrawScreen",
+        "NtUserRemoteRedrawRectangle",
+        "NtUserRemoteConnect",
+        "NtUserWaitAvailableMessageEx",
+        "NtUserWindowFromPoint",
+        "NtUserWindowFromPhysicalPoint",
+        "NtUserWaitMessage",
+        "NtUserWaitForMsgAndEvent",
+        "NtUserWaitForInputIdle",
+        "NtUserVkKeyScanEx",
+        "NtUserValidateTimerCallback",
+        "NtUserValidateRect",
+        "NtUserValidateHandleSecure",
+        "NtUserUserHandleGrantAccess",
+        "NtUserUpdatePerUserSystemParameters",
+        "NtUserSetLayeredWindowAttributes",
+        "NtUserGetLayeredWindowAttributes",
+        "NtUserUpdateLayeredWindow",
+        "NtUserUpdateInstance",
+        "NtUserUpdateInputContext",
+        "NtUserUnregisterHotKey",
+        "NtUserUnregisterUserApiHook",
+        "NtUserUnregisterClass",
+        "NtUserUnlockWindowStation",
+        "NtUserUnloadKeyboardLayout",
+        "NtUserUnhookWinEvent",
+        "NtUserUnhookWindowsHookEx",
+        "NtUserGetTouchInputInfo",
+        "NtUserIsTouchWindow",
+        "NtUserModifyWindowTouchCapability",
+        "NtGdiEngStretchBltROP",
+        "NtGdiEngTextOut",
+        "NtGdiEngTransparentBlt",
+        "NtGdiEngGradientFill",
+        "NtGdiEngAlphaBlend",
+        "NtGdiEngLineTo",
+        "NtGdiEngPaint",
+        "NtGdiEngStrokeAndFillPath",
+        "NtGdiEngFillPath",
+        "NtGdiEngStrokePath",
+        "NtGdiEngMarkBandingSurface",
+        "NtGdiEngPlgBlt",
+        "NtGdiEngStretchBlt",
+        "NtGdiEngBitBlt",
+        "NtGdiEngLockSurface",
+        "NtGdiEngUnlockSurface",
+        "NtGdiEngEraseSurface",
+        "NtGdiEngDeleteSurface",
+        "NtGdiEngDeletePalette",
+        "NtGdiEngCopyBits",
+        "NtGdiEngComputeGlyphSet",
+        "NtGdiEngCreatePalette",
+        "NtGdiEngCreateDeviceBitmap",
+        "NtGdiEngCreateDeviceSurface",
+        "NtGdiEngCreateBitmap",
+        "NtGdiEngAssociateSurface",
+        "NtUserSetWindowFeedbackSetting",
+        "NtUserRegisterEdgy",
+        "NtUserRegisterShellPTPListener",
+        "NtUserGetWindowFeedbackSetting",
+        "NtUserHidePointerContactVisualization",
+        "NtUserGetTouchValidationStatus",
+        "NtUserInitializeTouchInjection",
+        "NtUserInjectTouchInput",
+        "NtUserRegisterTouchHitTestingWindow",
+        "NtUserSetDisplayMapping",
+        "NtUserSetCalibrationData",
+        "NtUserGetPhysicalDeviceRect",
+        "NtUserRegisterTouchPadCapable",
+        "NtUserGetRawPointerDeviceData",
+        "NtUserGetPointerDeviceCursors",
+        "NtUserGetPointerDeviceRects",
+        "NtUserRegisterPointerDeviceNotifications",
+        "NtUserGetPointerDeviceProperties",
+        "NtUserGetPointerDevice",
+        "NtUserGetPointerDevices",
+        "NtUserEnableTouchPad",
+        "NtUserGetPrecisionTouchPadConfiguration",
+        "NtUserSetPrecisionTouchPadConfiguration",
+        "NtUserPromotePointer",
+        "NtUserDiscardPointerFrameMessages",
+        "NtUserRegisterPointerInputTarget",
+        "NtUserGetPointerFrameArrivalTimes",
+        "NtUserGetPointerInputTransform",
+        "NtUserGetPointerInfoList",
+        "NtUserGetPointerCursorId",
+        "NtUserGetPointerType",
+        "NtUserGetGestureConfig",
+        "NtUserSetGestureConfig",
+        "NtUserGetGestureExtArgs",
+        "NtUserGetGestureInfo",
+        "NtUserInjectGesture",
+        "NtUserChangeWindowMessageFilterEx",
+        "NtGdiXLATEOBJ_hGetColorTransform",
+        "NtGdiXLATEOBJ_iXlate",
+        "NtGdiXLATEOBJ_cGetPalette",
+        "NtGdiEngDeleteClip",
+        "NtGdiEngCreateClip",
+        "NtGdiEngDeletePath",
+        "NtGdiCLIPOBJ_ppoGetPath",
+        "NtGdiCLIPOBJ_cEnumStart",
+        "NtGdiCLIPOBJ_bEnum",
+        "NtGdiBRUSHOBJ_hGetColorTransform",
+        "NtGdiBRUSHOBJ_pvGetRbrush",
+        "NtGdiBRUSHOBJ_pvAllocRbrush",
+        "NtGdiBRUSHOBJ_ulGetBrushColor",
+        "NtGdiXFORMOBJ_iGetXform",
+        "NtGdiXFORMOBJ_bApplyXform",
+        "NtGdiFONTOBJ_pQueryGlyphAttrs",
+        "NtGdiFONTOBJ_pfdg",
+        "NtGdiFONTOBJ_pifi",
+        "NtGdiFONTOBJ_cGetGlyphs",
+        "NtGdiFONTOBJ_pxoGetXform",
+        "NtGdiFONTOBJ_vGetInfo",
+        "NtGdiFONTOBJ_cGetAllGlyphHandles",
+        "NtGdiFONTOBJ_pvTrueTypeFontFile",
+        "NtGdiSTROBJ_dwGetCodePage",
+        "NtGdiSTROBJ_vEnumStart",
+        "NtGdiSTROBJ_bGetAdvanceWidths",
+        "NtGdiSTROBJ_bEnumPositionsOnly",
+        "NtGdiSTROBJ_bEnum",
+        "NtGdiPATHOBJ_bEnumClipLines",
+        "NtGdiPATHOBJ_vEnumStartClipLines",
+        "NtGdiPATHOBJ_vEnumStart",
+        "NtGdiPATHOBJ_bEnum",
+        "NtGdiPATHOBJ_vGetBounds",
+        "NtGdiEngCheckAbort",
+        "NtGdiGetDhpdev",
+        "NtGdiHT_Get8BPPMaskPalette",
+        "NtGdiHT_Get8BPPFormatPalette",
+        "NtGdiUpdateTransform",
+        "NtGdiUMPDEngFreeUserMem",
+        "NtGdiBRUSHOBJ_DeleteRbrush",
+        "NtGdiSetPUMPDOBJ",
+        "NtGdiSetUMPDSandboxState",
+        "NtGdiDrawStream",
+        "NtGdiHLSurfSetInformation",
+        "NtGdiHLSurfGetInformation",
+        "NtGdiDwmCreatedBitmapRemotingOutput",
+        "NtGdiDdDDIGetScanLine",
+        "NtGdiDdDDIReleaseProcessVidPnSourceOwners",
+        "NtGdiDdDDIGetProcessSchedulingPriorityClass",
+        "NtGdiDdDDISetProcessSchedulingPriorityClass",
+        "NtGdiDdDDIGetContextSchedulingPriority",
+        "NtGdiDdDDISetContextSchedulingPriority",
+        "NtGdiDdDDIDestroyDCFromMemory",
+        "NtGdiDdDDICreateDCFromMemory",
+        "NtGdiDdDDIGetDeviceState",
+        "NtGdiDdDDISetGammaRamp",
+        "NtGdiDdDDIWaitForVerticalBlankEvent",
+        "NtGdiDdDDIDestroyOverlay",
+        "NtGdiDdDDIFlipOverlay",
+        "NtGdiDdDDIUpdateOverlay",
+        "NtGdiDdDDICreateOverlay",
+        "NtGdiDdDDIGetPresentQueueEvent",
+        "NtGdiDdDDIGetPresentHistory",
+        "NtGdiDdDDISetVidPnSourceOwner1",
+        "NtGdiDdDDISetVidPnSourceOwner",
+        "NtGdiDdDDIQueryStatistics",
+        "NtGdiDdDDIEscape",
+        "NtGdiDdDDIGetSharedPrimaryHandle",
+        "NtGdiDdDDICloseAdapter",
+        "NtGdiDdDDIOpenAdapterFromLuid",
+        "NtGdiDdDDIEnumAdapters",
+        "NtGdiDdDDIEnumAdapters2",
+        "NtGdiDdDDIOpenAdapterFromHdc",
+        "NtGdiDdDDIOpenAdapterFromDeviceName",
+        "NtGdiDdDDIRender",
+        "NtGdiDdDDIPresent",
+        "NtGdiDdDDIGetMultisampleMethodList",
+        "NtGdiDdDDISetDisplayMode",
+        "NtGdiDdDDIGetDisplayModeList",
+        "NtGdiDdDDIUnlock",
+        "NtGdiDdDDILock",
+        "NtGdiDdDDIQueryAdapterInfo",
+        "NtGdiDdDDIGetRuntimeData",
+        "NtGdiDdDDISignalSynchronizationObject",
+        "NtGdiDdDDIWaitForSynchronizationObject",
+        "NtGdiDdDDIDestroySynchronizationObject",
+        "NtGdiDdDDIOpenSynchronizationObject",
+        "NtGdiDdDDICreateSynchronizationObject",
+        "NtGdiDdDDIDestroyContext",
+        "NtGdiDdDDICreateContext",
+        "NtGdiDdDDIDestroyDevice",
+        "NtGdiDdDDICreateDevice",
+        "NtGdiDdDDIQueryAllocationResidency",
+        "NtGdiDdDDISetAllocationPriority",
+        "NtGdiDdDDIDestroyAllocation",
+        "NtGdiDdDDIDestroyAllocation2",
+        "NtGdiDdDDIOpenResourceFromNtHandle",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle2",
+        "NtGdiDdDDIOpenResource",
+        "NtGdiDdDDIOpenNtHandleFromName",
+        "NtGdiDdDDIOpenSyncObjectNtHandleFromName",
+        "NtGdiDdDDIShareObjects",
+        "NtGdiDdDDIQueryResourceInfoFromNtHandle",
+        "NtGdiDdDDIQueryResourceInfo",
+        "NtGdiDdDDICreateAllocation",
+        "NtGdiDdDDIOutputDuplReleaseFrame",
+        "NtGdiDdDDIQueryRemoteVidPnSourceFromGdiDisplayName",
+        "NtGdiDdDDIOutputDuplPresent",
+        "NtGdiDdDDIReleaseKeyedMutex2",
+        "NtGdiDdDDIAcquireKeyedMutex2",
+        "NtGdiDdDDIOpenKeyedMutex2",
+        "NtGdiDdDDICreateKeyedMutex2",
+        "NtGdiDdDDIOutputDuplGetPointerShapeData",
+        "NtGdiDdDDIOutputDuplGetMetaData",
+        "NtGdiDdDDIOutputDuplGetFrameInfo",
+        "NtGdiDdDDIDestroyOutputDupl",
+        "NtGdiDdDDICreateOutputDupl",
+        "NtGdiDdDDIReclaimAllocations",
+        "NtGdiDdDDIOfferAllocations",
+        "NtGdiDdDDICheckSharedResourceAccess",
+        "NtGdiDdDDICheckVidPnExclusiveOwnership",
+        "NtGdiDdDDIGetOverlayState",
+        "NtGdiDdDDIConfigureSharedResource",
+        "NtGdiDdDDIReleaseKeyedMutex",
+        "NtGdiDdDDIAcquireKeyedMutex",
+        "NtGdiDdDDIDestroyKeyedMutex",
+        "NtGdiDdDDIOpenKeyedMutex",
+        "NtGdiDdDDICreateKeyedMutex",
+        "NtGdiDdDDISharedPrimaryUnLockNotification",
+        "NtGdiDdDDISharedPrimaryLockNotification",
+        "NtGdiDdDDISetDisplayPrivateDriverFormat",
+        "NtGdiDdDDICheckExclusiveOwnership",
+        "NtGdiDdDDICheckMonitorPowerState",
+        "NtGdiDdDDIWaitForIdle",
+        "NtGdiDdDDICheckOcclusion",
+        "NtGdiDdDDIInvalidateActiveVidPn",
+        "NtGdiDdDDIPollDisplayChildren",
+        "NtGdiDdDDISetQueuedLimit",
+        "NtGdiDdDDIPinDirectFlipResources",
+        "NtGdiDdDDIUnpinDirectFlipResources",
+        "NtGdiDdDDIWaitForVerticalBlankEvent2",
+        "NtGdiDdDDIGetDWMVerticalBlankEvent",
+        "NtGdiDdDDISetSyncRefreshCountWaitTarget",
+        "NtGdiDdDDISetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetSharedResourceAdapterLuid",
+        "NtGdiDdDDISetStereoEnabled",
+        "NtGdiDdDDIPresentMultiPlaneOverlay",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport",
+        "NtGdiDdDDIMakeResident",
+        "NtGdiDdDDIEvict",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromCpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromCpu",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu2",
+        "NtGdiDdDDICreatePagingQueue",
+        "NtGdiDdDDIDestroyPagingQueue",
+        "NtGdiDdDDILock2",
+        "NtGdiDdDDIUnlock2",
+        "NtGdiDdDDIInvalidateCache",
+        "NtGdiDdDDIGetResourcePresentPrivateDriverData",
+        "NtGdiDdDDIMapGpuVirtualAddress",
+        "NtGdiDdDDIReserveGpuVirtualAddress",
+        "NtGdiDdDDIFreeGpuVirtualAddress",
+        "NtGdiDdDDIUpdateGpuVirtualAddress",
+        "NtGdiDdDDICreateContextVirtual",
+        "NtGdiDdDDISubmitCommand",
+        "NtGdiDdDDIGetCachedHybridQueryValue",
+        "NtGdiDdDDICacheHybridQueryValue",
+        "NtGdiDdDDINetDispGetNextChunkInfo",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceSupport",
+        "NtGdiDdDDINetDispStartMiracastDisplayDevice",
+        "NtGdiDdDDINetDispStopMiracastDisplayDevice",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceStatus",
+        "NtGdiDdDDINetDispStopSessions",
+        "NtGdiDdDDIQueryVideoMemoryInfo",
+        "NtGdiDdDDIChangeVideoMemoryReservation",
+        "NtGdiDdDDICreateSwapChain",
+        "NtGdiDdDDIOpenSwapChain",
+        "NtGdiDdDDIGetSetSwapChainMetadata",
+        "NtGdiDdDDIAcquireSwapChain",
+        "NtGdiDdDDIReleaseSwapChain",
+        "NtGdiDdDDIAbandonSwapChain",
+        "NtGdiDdDDISetDodIndirectSwapchain",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport2",
+        "NtGdiDdDDIPresentMultiPlaneOverlay2",
+        "NtGdiDdDDIReclaimAllocations2",
+        "NtGdiDdDDISetStablePowerState",
+        "NtGdiDdDDIQueryClockCalibration",
+        "NtGdiDdDDIQueryVidPnExclusiveOwnership",
+        "NtGdiDdDDIAdjustFullscreenGamma",
+        "NtGdiDdDDISetVidPnSourceHwProtection",
+        "NtGdiDdDDIMarkDeviceAsError",
+        "NtGdiDdDDIFlushHeapTransitions",
+        "NtGdiDdDDISetHwProtectionTeardownRecovery",
+        "NtGdiMakeObjectUnXferable",
+        "NtGdiMakeObjectXferable",
+        "NtGdiDestroyPhysicalMonitor",
+        "NtGdiGetPhysicalMonitorDescription",
+        "NtGdiGetPhysicalMonitors",
+        "NtGdiGetNumberOfPhysicalMonitors",
+        "NtGdiDDCCIGetTimingReport",
+        "NtGdiDDCCIGetCapabilitiesString",
+        "NtGdiDDCCIGetCapabilitiesStringLength",
+        "NtGdiDDCCISaveCurrentSettings",
+        "NtGdiDDCCISetVCPFeature",
+        "NtGdiDDCCIGetVCPFeature",
+        "NtGdiDdQueryVisRgnUniqueness",
+        "NtGdiDdDestroyFullscreenSprite",
+        "NtGdiDdNotifyFullscreenSpriteUpdate",
+        "NtGdiDdCreateFullscreenSprite",
+        "NtUserShowSystemCursor",
+        "NtUserSetMirrorRendering",
+        "NtUserMagGetContextInformation",
+        "NtUserMagSetContextInformation",
+        "NtUserMagControl",
+        "NtUserSlicerControl",
+        "NtUserHwndSetRedirectionInfo",
+        "NtUserHwndQueryRedirectionInfo",
+        "NtCreateCompositionSurfaceHandle",
+        "NtValidateCompositionSurfaceHandle",
+        "NtBindCompositionSurface",
+        "NtUnBindCompositionSurface",
+        "NtQueryCompositionSurfaceBinding",
+        "NtNotifyPresentToCompositionSurface",
+        "NtQueryCompositionSurfaceStatistics",
+        "NtOpenCompositionSurfaceSectionInfo",
+        "NtOpenCompositionSurfaceSwapChainHandleInfo",
+        "NtQueryCompositionSurfaceRenderingRealization",
+        "NtOpenCompositionSurfaceDirtyRegion",
+        "NtSetCompositionSurfaceOutOfFrameDirectFlipNotification",
+        "NtSetCompositionSurfaceStatistics",
+        "NtSetCompositionSurfaceBufferCompositionModeAndOrientation",
+        "NtSetCompositionSurfaceIndependentFlipInfo",
+        "NtDesktopCaptureBits",
+        "NtDCompositionEnableMMCSS",
+        "NtVisualCaptureBits",
+        "NtDCompositionEnableDDASupport",
+        "NtCreateCompositionInputSink",
+        "NtCreateImplicitCompositionInputSink",
+        "NtDuplicateCompositionInputSink",
+        "NtQueryCompositionInputSink",
+        "NtQueryCompositionInputSinkLuid",
+        "NtQueryCompositionInputSinkViewId",
+        "NtUpdateInputSinkTransforms",
+        "NtCompositionInputThread",
+        "NtQueryCompositionInputQueueAndTransform",
+        "NtQueryCompositionInputIsImplicit",
+        "NtCompositionSetDropTarget",
+        "NtTokenManagerOpenSectionAndEvents",
+        "NtTokenManagerThread",
+        "NtTokenManagerGetOutOfFrameDirectFlipSurfaceUpdates",
+        "NtTokenManagerDeleteOutstandingDirectFlipTokens",
+        "NtTokenManagerCreateCompositionTokenHandle",
+        "NtTokenManagerGetAnalogExclusiveTokenEvent",
+        "NtTokenManagerGetAnalogExclusiveSurfaceUpdates",
+        "NtTokenManagerConfirmOutstandingAnalogToken",
+        "NtSetCompositionSurfaceAnalogExclusive",
+        "NtDCompositionBeginFrame",
+        "NtDCompositionConfirmFrame",
+        "NtDCompositionRetireFrame",
+        "NtDCompositionDiscardFrame",
+        "NtDCompositionGetFrameSurfaceUpdates",
+        "NtDCompositionGetFrameLegacyTokens",
+        "NtDCompositionDestroyConnection",
+        "NtDCompositionGetConnectionBatch",
+        "NtDCompositionGetFrameStatistics",
+        "NtDCompositionGetDeletedResources",
+        "NtDCompositionSetResourceDeletedNotificationTag",
+        "NtDCompositionCreateConnection",
+        "NtDCompositionDestroyChannel",
+        "NtDCompositionReleaseAllResources",
+        "NtDCompositionSubmitDWMBatch",
+        "NtDCompositionCommitChannel",
+        "NtDCompositionWaitForChannel",
+        "NtDCompositionSetChannelCommitCompletionEvent",
+        "NtDCompositionTelemetryTouchInteractionBegin",
+        "NtDCompositionTelemetryTouchInteractionUpdate",
+        "NtDCompositionTelemetryTouchInteractionEnd",
+        "NtDCompositionTelemetrySetApplicationId",
+        "NtDCompositionTelemetryAnimationScenarioBegin",
+        "NtDCompositionTelemetryAnimationScenarioReference",
+        "NtDCompositionTelemetryAnimationScenarioUnreference",
+        "NtDCompositionCurrentBatchId",
+        "NtDCompositionReleaseResource",
+        "NtDCompositionRemoveCrossDeviceVisualChild",
+        "NtDCompositionRemoveVisualChild",
+        "NtDCompositionAddCrossDeviceVisualChild",
+        "NtDCompositionAddVisualChild",
+        "NtDCompositionReplaceVisualChildren",
+        "NtDCompositionSetResourceAnimationProperty",
+        "NtDCompositionSetResourceReferenceArrayProperty",
+        "NtDCompositionSetResourceReferenceProperty",
+        "NtDCompositionSetResourceBufferProperty",
+        "NtDCompositionSetResourceIntegerProperty",
+        "NtDCompositionSetResourceFloatProperty",
+        "NtDCompositionSetResourceHandleProperty",
+        "NtDCompositionCreateResource",
+        "NtDCompositionOpenSharedResource",
+        "NtDCompositionOpenSharedResourceHandle",
+        "NtDCompositionCreateDwmChannel",
+        "NtDCompositionCreateChannel",
+        "NtDCompositionSynchronize",
+        "NtDCompositionReferenceSharedResourceOnDwmChannel",
+        "NtDCompositionCreateAndBindSharedSection",
+        "NtDCompositionSetDebugCounter",
+        "NtDCompositionGetChannels",
+        "NtDCompositionConnectPipe",
+        "NtDCompositionRegisterThumbnailVisual",
+        "NtDCompositionRegisterVirtualDesktopVisual",
+        "NtDCompositionDuplicateHandleToProcess",
+        "NtDCompositionSetVisualInputSink",
+        "NtDCompositionGetAnimationTime",
+        "NtDCompositionUpdatePointerCapture",
+        "NtDCompositionCapturePointer",
+        "NtDCompositionSetChannelCallbackId",
+        "NtDCompositionSetResourceCallbackId",
+        "NtDCompositionDuplicateSwapchainHandleToDwm",
+        "NtDCompositionAttachMouseWheelToHwnd",
+        "NtUserDestroyDCompositionHwndTarget",
+        "NtUserCreateDCompositionHwndTarget",
+        "NtUserWaitForRedirectionStartComplete",
+        "NtUserSignalRedirectionStartComplete",
+        "NtUserSetActiveProcessForMonitor",
+        "NtUserGetDisplayAutoRotationPreferencesByProcessId",
+        "NtUserGetDisplayAutoRotationPreferences",
+        "NtUserSetDisplayAutoRotationPreferences",
+        "NtUserSetAutoRotation",
+        "NtUserGetAutoRotationState",
+        "NtUserAutoRotateScreen",
+        "NtUserAcquireIAMKey",
+        "NtUserSetActivationFilter",
+        "NtUserSetFallbackForeground",
+        "NtUserSetBrokeredForeground",
+        "NtUserDisableImmersiveOwner",
+        "NtUserClearForeground",
+        "NtUserEnableIAMAccess",
+        "NtUserGetProcessUIContextInformation",
+        "NtUserSetProcessRestrictionExemption",
+        "NtUserSetWindowArrangement",
+        "NtUserSetWindowShowState",
+        "NtUserUpdateWindowTrackingInfo",
+        "NtUserEnableMouseInPointer",
+        "NtUserIsMouseInPointerEnabled",
+        "NtUserPromoteMouseInPointer",
+        "NtUserAutoPromoteMouseInPointer",
+        "NtUserEnableMouseInputForCursorSuppression",
+        "NtUserIsMouseInputEnabled",
+        "NtUserInternalClipCursor",
+        "NtUserCheckProcessForClipboardAccess",
+        "NtUserGetClipboardAccessToken",
+        "NtUserGetQueueEventStatus",
+        "NtUserCompositionInputSinkLuidFromPoint",
+        "NtUserUpdateWindowInputSinkHints",
+        "NtUserTransformPoint",
+        "NtUserTransformRect",
+        "NtUserGetHimetricScaleFactorFromPixelLocation",
+        "NtUserGetProcessDpiAwareness",
+        "NtUserGetDpiForMonitor",
+        "NtUserReportInertia",
+        "NtUserLinkDpiCursor",
+        "NtUserGetCursorDims",
+        "NtUserInitializeInputDeviceInjection",
+        "NtUserInitializePointerDeviceInjection",
+        "NtUserRemoveInjectionDevice",
+        "NtUserSetFeatureReportResponse",
+        "NtUserInjectDeviceInput",
+        "NtUserInjectMouseInput",
+        "NtUserInjectKeyboardInput",
+        "NtUserInjectPointerInput",
+        "NtRIMAddInputObserver",
+        "NtRIMRemoveInputObserver",
+        "NtRIMUpdateInputObserverRegistration",
+        "NtRIMObserveNextInput",
+        "NtRIMGetDevicePreparsedDataLockfree",
+        "NtUserSetCoreWindow",
+        "NtUserSetCoreWindowPartner",
+        "NtUserNavigateFocus",
+        "NtHWCursorUpdatePointer"
+    ]
+]
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win10_x86_14393_syscalls.py b/volatility/plugins/overlays/windows/win10_x86_14393_syscalls.py
new file mode 100644
index 000000000..489a735b2
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_14393_syscalls.py
@@ -0,0 +1,1592 @@
+syscalls = [
+    [
+        "NtAccessCheck",
+        "NtWorkerFactoryWorkerReady",
+        "NtAcceptConnectPort",
+        "NtYieldExecution",
+        "NtWriteVirtualMemory",
+        "NtWriteRequestData",
+        "NtWriteFileGather",
+        "NtWriteFile",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtWaitForWorkViaWorkerFactory",
+        "NtWaitForSingleObject",
+        "NtWaitForMultipleObjects32",
+        "NtWaitForMultipleObjects",
+        "NtWaitForKeyedEvent",
+        "NtWaitForDebugEvent",
+        "NtWaitForAlertByThreadId",
+        "NtVdmControl",
+        "NtUnsubscribeWnfStateChange",
+        "NtUpdateWnfStateData",
+        "NtUnmapViewOfSection",
+        "NtUnmapViewOfSectionEx",
+        "NtUnlockVirtualMemory",
+        "NtUnlockFile",
+        "NtUnloadKeyEx",
+        "NtUnloadKey2",
+        "NtUnloadKey",
+        "NtUnloadDriver",
+        "NtUmsThreadYield",
+        "NtTranslateFilePath",
+        "NtTraceEvent",
+        "NtTraceControl",
+        "NtThawTransactions",
+        "NtThawRegistry",
+        "NtTestAlert",
+        "NtTerminateThread",
+        "NtTerminateProcess",
+        "NtTerminateJobObject",
+        "NtSystemDebugControl",
+        "NtSuspendThread",
+        "NtSuspendProcess",
+        "NtSubscribeWnfStateChange",
+        "NtStopProfile",
+        "NtStartProfile",
+        "NtSinglePhaseReject",
+        "NtSignalAndWaitForSingleObject",
+        "NtShutdownWorkerFactory",
+        "NtShutdownSystem",
+        "NtSetWnfProcessNotificationEvent",
+        "NtSetVolumeInformationFile",
+        "NtSetValueKey",
+        "NtSetUuidSeed",
+        "NtSetTimerResolution",
+        "NtSetTimerEx",
+        "NtSetTimer",
+        "NtSetThreadExecutionState",
+        "NtSetSystemTime",
+        "NtSetSystemPowerState",
+        "NtSetSystemInformation",
+        "NtSetSystemEnvironmentValueEx",
+        "NtSetSystemEnvironmentValue",
+        "NtSetSecurityObject",
+        "NtSetQuotaInformationFile",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtSetLdtEntries",
+        "NtSetIRTimer",
+        "NtSetTimer2",
+        "NtCancelTimer2",
+        "NtSetIoCompletionEx",
+        "NtSetIoCompletion",
+        "NtSetIntervalProfile",
+        "NtSetInformationWorkerFactory",
+        "NtSetInformationTransactionManager",
+        "NtSetInformationTransaction",
+        "NtSetInformationToken",
+        "NtSetInformationThread",
+        "NtSetInformationResourceManager",
+        "NtSetInformationProcess",
+        "NtSetInformationObject",
+        "NtSetInformationKey",
+        "NtSetInformationJobObject",
+        "NtSetInformationFile",
+        "NtSetInformationEnlistment",
+        "NtSetInformationDebugObject",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtSetEventBoostPriority",
+        "NtSetEvent",
+        "NtSetEaFile",
+        "NtSetDriverEntryOrder",
+        "NtSetDefaultUILanguage",
+        "NtSetDefaultLocale",
+        "NtSetDefaultHardErrorPort",
+        "NtSetDebugFilterState",
+        "NtSetContextThread",
+        "NtSetCachedSigningLevel2",
+        "NtSetCachedSigningLevel",
+        "NtSetBootOptions",
+        "NtSetBootEntryOrder",
+        "NtSerializeBoot",
+        "NtSecureConnectPort",
+        "NtSaveMergedKeys",
+        "NtSaveKeyEx",
+        "NtSaveKey",
+        "NtRollforwardTransactionManager",
+        "NtRollbackTransaction",
+        "NtRollbackEnlistment",
+        "NtRollbackComplete",
+        "NtRevertContainerImpersonation",
+        "NtResumeThread",
+        "NtResumeProcess",
+        "NtRestoreKey",
+        "NtResetWriteWatch",
+        "NtResetEvent",
+        "NtRequestWaitReplyPort",
+        "NtRequestPort",
+        "NtReplyWaitReplyPort",
+        "NtReplyWaitReceivePortEx",
+        "NtReplyWaitReceivePort",
+        "NtReplyPort",
+        "NtReplacePartitionUnit",
+        "NtReplaceKey",
+        "NtRenameTransactionManager",
+        "NtRenameKey",
+        "NtRemoveProcessDebug",
+        "NtRemoveIoCompletionEx",
+        "NtRemoveIoCompletion",
+        "NtReleaseWorkerFactoryWorker",
+        "NtReleaseSemaphore",
+        "NtReleaseMutant",
+        "NtReleaseKeyedEvent",
+        "NtRegisterThreadTerminatePort",
+        "NtRegisterProtocolAddressInformation",
+        "NtRecoverTransactionManager",
+        "NtRecoverResourceManager",
+        "NtRecoverEnlistment",
+        "NtReadVirtualMemory",
+        "NtReadRequestData",
+        "NtReadOnlyEnlistment",
+        "NtReadFileScatter",
+        "NtReadFile",
+        "NtRaiseHardError",
+        "NtRaiseException",
+        "NtQueueApcThreadEx",
+        "NtQueueApcThread",
+        "NtQueryWnfStateData",
+        "NtQueryWnfStateNameInformation",
+        "NtQueryVolumeInformationFile",
+        "NtQueryVirtualMemory",
+        "NtQueryValueKey",
+        "NtQueryTimerResolution",
+        "NtQueryTimer",
+        "NtQuerySystemTime",
+        "NtQuerySystemInformationEx",
+        "NtQuerySystemInformation",
+        "NtQuerySystemEnvironmentValueEx",
+        "NtQuerySystemEnvironmentValue",
+        "NtQuerySymbolicLinkObject",
+        "NtQuerySemaphore",
+        "NtQuerySecurityPolicy",
+        "NtQuerySecurityObject",
+        "NtQuerySecurityAttributesToken",
+        "NtQuerySection",
+        "NtQueryQuotaInformationFile",
+        "NtQueryPortInformationProcess",
+        "NtQueryPerformanceCounter",
+        "NtQueryOpenSubKeysEx",
+        "NtQueryOpenSubKeys",
+        "NtQueryObject",
+        "NtQueryMutant",
+        "NtQueryMultipleValueKey",
+        "NtQueryLicenseValue",
+        "NtQueryKey",
+        "NtQueryIoCompletion",
+        "NtQueryIntervalProfile",
+        "NtQueryInstallUILanguage",
+        "NtQueryInformationWorkerFactory",
+        "NtQueryInformationTransactionManager",
+        "NtQueryInformationTransaction",
+        "NtQueryInformationToken",
+        "NtQueryInformationThread",
+        "NtQueryInformationResourceManager",
+        "NtQueryInformationProcess",
+        "NtQueryInformationPort",
+        "NtQueryInformationJobObject",
+        "NtQueryInformationFile",
+        "NtQueryInformationEnlistment",
+        "NtQueryInformationAtom",
+        "NtQueryFullAttributesFile",
+        "NtQueryEvent",
+        "NtQueryEaFile",
+        "NtQueryDriverEntryOrder",
+        "NtQueryDirectoryObject",
+        "NtQueryDirectoryFile",
+        "NtQueryDefaultUILanguage",
+        "NtQueryDefaultLocale",
+        "NtQueryDebugFilterState",
+        "NtQueryBootOptions",
+        "NtQueryBootEntryOrder",
+        "NtQueryAttributesFile",
+        "NtPulseEvent",
+        "NtProtectVirtualMemory",
+        "NtPropagationFailed",
+        "NtPropagationComplete",
+        "NtPrivilegeObjectAuditAlarm",
+        "NtPrivilegedServiceAuditAlarm",
+        "NtPrivilegeCheck",
+        "NtSetInformationVirtualMemory",
+        "NtPrePrepareEnlistment",
+        "NtPrePrepareComplete",
+        "NtPrepareEnlistment",
+        "NtPrepareComplete",
+        "NtPowerInformation",
+        "NtPlugPlayControl",
+        "NtOpenTransactionManager",
+        "NtOpenTransaction",
+        "NtOpenTimer",
+        "NtOpenThreadTokenEx",
+        "NtOpenThreadToken",
+        "NtOpenThread",
+        "NtOpenSymbolicLinkObject",
+        "NtOpenSession",
+        "NtOpenSemaphore",
+        "NtOpenSection",
+        "NtOpenResourceManager",
+        "NtCreateJobSet",
+        "NtOpenProcessTokenEx",
+        "NtOpenProcessToken",
+        "NtOpenProcess",
+        "NtOpenPrivateNamespace",
+        "NtOpenObjectAuditAlarm",
+        "NtOpenMutant",
+        "NtOpenKeyTransactedEx",
+        "NtOpenKeyTransacted",
+        "NtOpenKeyEx",
+        "NtOpenKeyedEvent",
+        "NtOpenKey",
+        "NtOpenJobObject",
+        "NtOpenIoCompletion",
+        "NtOpenFile",
+        "NtCreateEventPair",
+        "NtOpenEvent",
+        "NtOpenEnlistment",
+        "NtOpenDirectoryObject",
+        "NtNotifyChangeSession",
+        "NtNotifyChangeMultipleKeys",
+        "NtNotifyChangeKey",
+        "NtNotifyChangeDirectoryFile",
+        "NtManagePartition",
+        "NtModifyDriverEntry",
+        "NtModifyBootEntry",
+        "NtMapViewOfSection",
+        "NtMapUserPhysicalPagesScatter",
+        "NtMapUserPhysicalPages",
+        "NtMapCMFModule",
+        "NtMakeTemporaryObject",
+        "NtMakePermanentObject",
+        "NtLockVirtualMemory",
+        "NtLockRegistryKey",
+        "NtLockProductActivationKeys",
+        "NtLockFile",
+        "NtLoadKeyEx",
+        "NtLoadKey2",
+        "NtLoadKey",
+        "NtLoadEnclaveData",
+        "NtLoadDriver",
+        "NtListenPort",
+        "NtIsUILanguageComitted",
+        "NtIsSystemResumeAutomatic",
+        "NtIsProcessInJob",
+        "NtInitiatePowerAction",
+        "NtInitializeRegistry",
+        "NtInitializeNlsFiles",
+        "NtInitializeEnclave",
+        "NtImpersonateThread",
+        "NtImpersonateClientOfPort",
+        "NtImpersonateAnonymousToken",
+        "NtGetWriteWatch",
+        "NtGetNotificationResourceManager",
+        "NtGetNlsSectionPtr",
+        "NtGetNextThread",
+        "NtGetNextProcess",
+        "NtGetMUIRegistryInfo",
+        "NtGetDevicePowerState",
+        "NtGetCurrentProcessorNumberEx",
+        "NtGetCurrentProcessorNumber",
+        "NtGetContextThread",
+        "NtGetCompleteWnfStateSubscription",
+        "NtGetCachedSigningLevel",
+        "NtFsControlFile",
+        "NtFreezeTransactions",
+        "NtFreezeRegistry",
+        "NtFreeVirtualMemory",
+        "NtFreeUserPhysicalPages",
+        "NtFlushWriteBuffer",
+        "NtFlushVirtualMemory",
+        "NtFlushProcessWriteBuffers",
+        "NtFlushKey",
+        "FsRtlSyncVolumes",
+        "NtFlushInstallUILanguage",
+        "NtFlushBuffersFile",
+        "NtFlushBuffersFileEx",
+        "NtFindAtom",
+        "NtFilterToken",
+        "NtFilterTokenEx",
+        "NtFilterBootOption",
+        "NtExtendSection",
+        "NtEnumerateValueKey",
+        "NtEnumerateTransactionObject",
+        "NtEnumerateSystemEnvironmentValuesEx",
+        "NtEnumerateKey",
+        "NtEnumerateDriverEntries",
+        "NtEnumerateBootEntries",
+        "NtEnableLastKnownGood",
+        "NtDuplicateToken",
+        "NtDuplicateObject",
+        "NtDrawText",
+        "NtDisplayString",
+        "NtDisableLastKnownGood",
+        "NtDeviceIoControlFile",
+        "NtDeleteWnfStateName",
+        "NtDeleteWnfStateData",
+        "NtDeleteValueKey",
+        "NtDeletePrivateNamespace",
+        "NtDeleteObjectAuditAlarm",
+        "NtDeleteKey",
+        "NtDeleteFile",
+        "NtDeleteDriverEntry",
+        "NtDeleteBootEntry",
+        "NtDeleteAtom",
+        "NtDelayExecution",
+        "NtDebugContinue",
+        "NtDebugActiveProcess",
+        "NtCreatePartition",
+        "NtCreateWorkerFactory",
+        "NtCreateWnfStateName",
+        "NtCreateWaitCompletionPacket",
+        "NtCreateWaitablePort",
+        "NtCreateUserProcess",
+        "NtCreateTransactionManager",
+        "NtCreateTransaction",
+        "NtCreateToken",
+        "NtCreateLowBoxToken",
+        "NtCreateTokenEx",
+        "NtCreateTimer",
+        "NtCreateThreadEx",
+        "NtCreateThread",
+        "NtCreateSymbolicLinkObject",
+        "NtCreateSemaphore",
+        "NtCreateSection",
+        "NtCreateResourceManager",
+        "NtCreateProfileEx",
+        "NtCreateProfile",
+        "NtCreateProcessEx",
+        "NtCreateProcess",
+        "NtCreatePrivateNamespace",
+        "NtCreatePort",
+        "NtCreatePagingFile",
+        "NtCreateNamedPipeFile",
+        "NtCreateMutant",
+        "NtCreateMailslotFile",
+        "NtCreateKeyTransacted",
+        "NtCreateKeyedEvent",
+        "NtCreateKey",
+        "NtCreateJobSet",
+        "NtCreateJobObject",
+        "NtCreateIRTimer",
+        "NtCreateTimer2",
+        "NtCreateIoCompletion",
+        "NtCreateFile",
+        "NtCreateEventPair",
+        "NtCreateEvent",
+        "NtCreateEnlistment",
+        "NtCreateEnclave",
+        "NtCreateDirectoryObjectEx",
+        "NtCreateDirectoryObject",
+        "NtCreateDebugObject",
+        "NtContinue",
+        "NtConnectPort",
+        "NtCompressKey",
+        "NtCompleteConnectPort",
+        "NtCompareTokens",
+        "NtCompareObjects",
+        "NtCompactKeys",
+        "NtCommitTransaction",
+        "NtCommitEnlistment",
+        "NtCommitComplete",
+        "NtCloseObjectAuditAlarm",
+        "NtClose",
+        "NtClearEvent",
+        "NtCancelWaitCompletionPacket",
+        "NtCancelTimer",
+        "NtCancelSynchronousIoFile",
+        "NtCancelIoFileEx",
+        "NtCancelIoFile",
+        "NtCallbackReturn",
+        "NtAssociateWaitCompletionPacket",
+        "NtAssignProcessToJobObject",
+        "NtAreMappedFilesTheSame",
+        "NtApphelpCacheControl",
+        "NtAlpcSetInformation",
+        "NtAlpcSendWaitReceivePort",
+        "NtAlpcRevokeSecurityContext",
+        "NtAlpcQueryInformationMessage",
+        "NtAlpcQueryInformation",
+        "NtAlpcOpenSenderThread",
+        "NtAlpcOpenSenderProcess",
+        "NtAlpcImpersonateClientOfPort",
+        "NtAlpcImpersonateClientContainerOfPort",
+        "NtAlpcDisconnectPort",
+        "NtAlpcDeleteSecurityContext",
+        "NtAlpcDeleteSectionView",
+        "NtAlpcDeleteResourceReserve",
+        "NtAlpcDeletePortSection",
+        "NtAlpcCreateSecurityContext",
+        "NtAlpcCreateSectionView",
+        "NtAlpcCreateResourceReserve",
+        "NtAlpcCreatePortSection",
+        "NtAlpcCreatePort",
+        "NtAlpcConnectPort",
+        "NtAlpcConnectPortEx",
+        "NtAlpcCancelMessage",
+        "NtAlpcAcceptConnectPort",
+        "NtAllocateVirtualMemory",
+        "NtAllocateUuids",
+        "NtAllocateUserPhysicalPages",
+        "NtAllocateReserveObject",
+        "NtAllocateLocallyUniqueId",
+        "NtAlertThreadByThreadId",
+        "NtAlertThread",
+        "NtAlertResumeThread",
+        "NtAdjustPrivilegesToken",
+        "NtAdjustGroupsToken",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAddDriverEntry",
+        "NtAddBootEntry",
+        "NtAddAtom",
+        "NtAddAtomEx",
+        "NtAccessCheckByTypeResultListAndAuditAlarmByHandle",
+        "NtAccessCheckByTypeResultListAndAuditAlarm",
+        "NtAccessCheckByTypeResultList",
+        "NtAccessCheckByTypeAndAuditAlarm",
+        "NtAccessCheckByType",
+        "NtAccessCheckAndAuditAlarm",
+        "NtSetInformationSymbolicLink",
+        "NtCreateRegistryTransaction",
+        "NtOpenRegistryTransaction",
+        "NtCommitRegistryTransaction",
+        "NtRollbackRegistryTransaction"
+    ],
+    [
+        "NtUserGetOwnerTransformedMonitorRect",
+        "NtUserYieldTask",
+        "NtUserSetSensorPresence",
+        "NtGdiWidenPath",
+        "NtGdiUpdateColors",
+        "NtGdiUnrealizeObject",
+        "NtGdiUnmapMemFont",
+        "NtGdiUnloadPrinterDriver",
+        "NtGdiTransparentBlt",
+        "NtGdiTransformPoints",
+        "NtGdiSwapBuffers",
+        "NtGdiStrokePath",
+        "NtGdiStrokeAndFillPath",
+        "NtGdiStretchDIBitsInternal",
+        "NtGdiStretchBlt",
+        "NtGdiStartPage",
+        "NtGdiStartDoc",
+        "NtGdiSetSizeDevice",
+        "NtGdiSetVirtualResolution",
+        "NtGdiSetTextJustification",
+        "NtGdiSetSystemPaletteUse",
+        "NtGdiSetRectRgn",
+        "NtGdiSetPixelFormat",
+        "NtGdiSetPixel",
+        "NtGdiSetOPMSigningKeyAndSequenceNumbers",
+        "NtGdiSetLayout",
+        "NtGdiMirrorWindowOrg",
+        "NtGdiGetDeviceWidth",
+        "NtGdiSetMiterLimit",
+        "NtGdiSetMetaRgn",
+        "NtGdiSetMagicColors",
+        "NtGdiSetLinkedUFIs",
+        "NtGdiSetIcmMode",
+        "NtGdiSetFontXform",
+        "NtGdiSetFontEnumeration",
+        "NtGdiSetDIBitsToDeviceInternal",
+        "NtGdiSetDeviceGammaRamp",
+        "NtGdiSetColorSpace",
+        "NtGdiSetColorAdjustment",
+        "NtGdiSetBrushOrg",
+        "NtGdiSetBrushAttributes",
+        "NtGdiSetBoundsRect",
+        "NtGdiSetBitmapDimension",
+        "NtGdiSetBitmapBits",
+        "NtGdiSetBitmapAttributes",
+        "NtGdiSelectPen",
+        "NtGdiSelectFont",
+        "NtGdiSelectClipPath",
+        "NtGdiSelectBrush",
+        "NtGdiSelectBitmap",
+        "NtGdiScaleWindowExtEx",
+        "NtGdiScaleViewportExtEx",
+        "NtGdiSaveDC",
+        "NtGdiRoundRect",
+        "NtGdiRestoreDC",
+        "NtGdiResizePalette",
+        "NtGdiResetDC",
+        "NtGdiRemoveFontMemResourceEx",
+        "NtGdiRemoveFontResourceW",
+        "NtGdiRectVisible",
+        "NtGdiRectInRegion",
+        "NtGdiRectangle",
+        "NtGdiQueryFontAssocInfo",
+        "NtGdiQueryFonts",
+        "NtGdiPtVisible",
+        "NtGdiPtInRegion",
+        "NtGdiPolyTextOutW",
+        "NtGdiPolyPolyDraw",
+        "NtGdiPolyDraw",
+        "NtGdiPlgBlt",
+        "NtGdiPathToRegion",
+        "NtGdiPolyPatBlt",
+        "NtGdiPatBlt",
+        "NtGdiOpenDCW",
+        "NtGdiOffsetRgn",
+        "NtGdiOffsetClipRgn",
+        "NtGdiMoveTo",
+        "NtGdiMonoBitmap",
+        "NtGdiModifyWorldTransform",
+        "NtGdiMaskBlt",
+        "NtGdiMakeInfoDC",
+        "NtGdiMakeFontDir",
+        "NtGdiLineTo",
+        "NtGdiInvertRgn",
+        "NtGdiIntersectClipRect",
+        "NtGdiInitSpool",
+        "NtGdiInit",
+        "NtGdiIcmBrushInfo",
+        "NtGdiHfontCreate",
+        "NtGdiGradientFill",
+        "NtGdiGetWidthTable",
+        "NtGdiGetFontUnicodeRanges",
+        "NtGdiAddEmbFontToDC",
+        "NtGdiChangeGhostFont",
+        "NtGdiGetEmbedFonts",
+        "NtGdiGetUFIPathname",
+        "NtGdiGetEmbUFI",
+        "NtGdiGetUFI",
+        "NtGdiGetTransform",
+        "NtGdiGetTextMetricsW",
+        "NtGdiGetTextFaceW",
+        "NtGdiGetTextExtentExW",
+        "NtGdiGetTextExtent",
+        "NtGdiGetTextCharsetInfo",
+        "NtGdiGetSystemPaletteUse",
+        "NtGdiGetSuggestedOPMProtectedOutputArraySize",
+        "NtGdiGetStringBitmapW",
+        "NtGdiGetStats",
+        "NtGdiGetSpoolMessage",
+        "NtGdiGetServerMetaFileBits",
+        "NtGdiGetRgnBox",
+        "NtGdiGetRegionData",
+        "NtGdiGetRealizationInfo",
+        "NtGdiGetRasterizerCaps",
+        "NtGdiGetRandomRgn",
+        "NtGdiGetPixel",
+        "NtGdiGetPath",
+        "NtGdiGetOutlineTextMetricsInternalW",
+        "NtGdiGetOPMRandomNumber",
+        "NtGdiGetObjectBitmapHandle",
+        "NtGdiGetNearestPaletteIndex",
+        "NtGdiGetNearestColor",
+        "NtGdiGetMonitorID",
+        "NtGdiGetMiterLimit",
+        "NtGdiGetLinkedUFIs",
+        "NtGdiGetKerningPairs",
+        "NtGdiGetOPMInformation",
+        "NtGdiGetGlyphOutline",
+        "NtGdiGetGlyphIndicesWInternal",
+        "NtGdiGetGlyphIndicesW",
+        "NtGdiGetFontResourceInfoInternalW",
+        "NtGdiGetFontFileInfo",
+        "NtGdiGetFontFileData",
+        "NtGdiGetFontData",
+        "NtGdiGetEudcTimeStampEx",
+        "NtGdiGetETM",
+        "NtGdiGetEntry",
+        "NtGdiGetDIBitsInternal",
+        "NtGdiGetDeviceCapsAll",
+        "NtGdiGetDeviceGammaRamp",
+        "NtGdiGetDeviceCaps",
+        "NtGdiGetDCPoint",
+        "NtGdiGetDCObject",
+        "NtGdiGetDCforBitmap",
+        "NtGdiGetDCDword",
+        "NtGdiGetCurrentDpiInfo",
+        "NtGdiGetCOPPCompatibleOPMInformation",
+        "NtGdiGetColorSpaceforBitmap",
+        "NtGdiGetColorAdjustment",
+        "NtGdiGetCharWidthInfo",
+        "NtGdiGetCharWidthW",
+        "NtGdiGetCharSet",
+        "NtGdiGetCharacterPlacementW",
+        "NtGdiGetCharABCWidthsW",
+        "NtGdiGetCertificateSize",
+        "NtGdiGetCertificate",
+        "NtGdiGetCertificateSizeByHandle",
+        "NtGdiGetCertificateByHandle",
+        "NtGdiGetBoundsRect",
+        "NtGdiGetBitmapDimension",
+        "NtGdiGetBitmapBits",
+        "NtGdiGetAppClipBox",
+        "NtGdiGetAndSetDCDword",
+        "NtGdiFullscreenControl",
+        "NtGdiFrameRgn",
+        "NtGdiForceUFIMapping",
+        "NtGdiFlush",
+        "NtGdiFlattenPath",
+        "NtGdiFillRgn",
+        "NtGdiFillPath",
+        "NtGdiExtTextOutW",
+        "NtGdiExtSelectClipRgn",
+        "NtGdiExtGetObjectW",
+        "NtGdiExtFloodFill",
+        "NtGdiExtEscape",
+        "NtGdiExtCreateRegion",
+        "NtGdiExtCreatePen",
+        "NtGdiExcludeClipRect",
+        "NtGdiEudcLoadUnloadLink",
+        "NtGdiEqualRgn",
+        "NtGdiEnumObjects",
+        "NtGdiEnumFonts",
+        "NtGdiEndPath",
+        "NtGdiEndPage",
+        "NtGdiEndGdiRendering",
+        "NtGdiEndDoc",
+        "NtGdiEnableEudc",
+        "NtGdiEllipse",
+        "NtGdiDrawEscape",
+        "NtGdiDoPalette",
+        "NtGdiDoBanding",
+        "NtGdiGetPerBandInfo",
+        "NtGdiDestroyOPMProtectedOutput",
+        "NtGdiDescribePixelFormat",
+        "NtGdiDeleteObjectApp",
+        "NtGdiDeleteColorTransform",
+        "NtGdiDeleteColorSpace",
+        "NtGdiDeleteClientObj",
+        "NtGdiDxgGenericThunk",
+        "NtGdiDvpReleaseNotification",
+        "NtGdiDvpAcquireNotification",
+        "NtGdiDvpWaitForVideoPortSync",
+        "NtGdiDvpUpdateVideoPort",
+        "NtGdiDvpGetVideoSignalStatus",
+        "NtGdiDvpGetVideoPortConnectInfo",
+        "NtGdiDvpGetVideoPortOutputFormats",
+        "NtGdiDvpGetVideoPortLine",
+        "NtGdiDvpGetVideoPortInputFormats",
+        "NtGdiDvpGetVideoPortFlipStatus",
+        "NtGdiDvpGetVideoPortField",
+        "NtGdiDvpGetVideoPortBandwidth",
+        "NtGdiDvpFlipVideoPort",
+        "NtGdiDvpDestroyVideoPort",
+        "NtGdiDvpCreateVideoPort",
+        "NtGdiDvpColorControl",
+        "NtGdiDvpCanCreateVideoPort",
+        "NtGdiDdWaitForVerticalBlank",
+        "NtGdiDdUpdateOverlay",
+        "NtGdiDdUnlockD3D",
+        "NtGdiDdUnlock",
+        "NtGdiDdUnattachSurface",
+        "NtGdiDdSetOverlayPosition",
+        "NtGdiDdCreateSurfaceEx",
+        "NtGdiDdSetGammaRamp",
+        "NtGdiDdSetExclusiveMode",
+        "NtGdiDdSetColorKey",
+        "NtGdiDdResetVisrgn",
+        "NtGdiDdRenderMoComp",
+        "NtGdiDdReleaseDC",
+        "NtGdiDdReenableDirectDrawObject",
+        "NtGdiDdQueryMoCompStatus",
+        "NtGdiDdQueryDirectDrawObject",
+        "NtGdiDdLockD3D",
+        "NtGdiDdLock",
+        "NtGdiDdGetScanLine",
+        "NtGdiDdGetMoCompFormats",
+        "NtGdiDdGetMoCompGuids",
+        "NtGdiDdGetMoCompBuffInfo",
+        "NtGdiDdGetInternalMoCompInfo",
+        "NtGdiDdGetFlipStatus",
+        "NtGdiDdGetDxHandle",
+        "NtGdiDdGetDriverInfo",
+        "NtGdiDdGetDC",
+        "NtGdiDdGetBltStatus",
+        "NtGdiDdGetAvailDriverMemory",
+        "NtGdiDdFlipToGDISurface",
+        "NtGdiDdFlip",
+        "NtGdiDdEndMoCompFrame",
+        "NtGdiDdDestroyD3DBuffer",
+        "NtGdiDdDestroySurface",
+        "NtGdiDdDestroyMoComp",
+        "NtGdiDdDeleteSurfaceObject",
+        "NtGdiDdDeleteDirectDrawObject",
+        "NtGdiDdCreateSurfaceObject",
+        "NtGdiDdCreateMoComp",
+        "NtGdiDdCreateD3DBuffer",
+        "NtGdiDdCreateSurface",
+        "NtGdiDdCreateDirectDrawObject",
+        "NtGdiDdColorControl",
+        "NtGdiDdCanCreateD3DBuffer",
+        "NtGdiDdCanCreateSurface",
+        "NtGdiDdBlt",
+        "NtGdiDdBeginMoCompFrame",
+        "NtGdiDdAttachSurface",
+        "NtGdiDdAlphaBlt",
+        "NtGdiDdAddAttachedSurface",
+        "NtGdiDdGetDriverState",
+        "NtGdiD3dDrawPrimitives2",
+        "NtGdiD3dValidateTextureStageState",
+        "NtGdiD3dContextDestroyAll",
+        "NtGdiD3dContextDestroy",
+        "NtGdiD3dContextCreate",
+        "NtGdiCreateSolidBrush",
+        "NtGdiCreateServerMetaFile",
+        "NtGdiCreateRoundRectRgn",
+        "NtGdiCreateRectRgn",
+        "NtGdiCreatePen",
+        "NtGdiCreatePatternBrushInternal",
+        "NtGdiCreatePaletteInternal",
+        "NtGdiCreateOPMProtectedOutputs",
+        "NtGdiCreateOPMProtectedOutput",
+        "NtGdiCreateMetafileDC",
+        "NtGdiCreateHatchBrushInternal",
+        "NtGdiCreateHalftonePalette",
+        "NtGdiCreateEllipticRgn",
+        "NtGdiCreateSessionMappedDIBSection",
+        "NtGdiCreateDIBSection",
+        "NtGdiCreateDIBitmapInternal",
+        "NtGdiCreateDIBBrush",
+        "NtGdiCreateCompatibleDC",
+        "NtGdiCreateCompatibleBitmap",
+        "NtGdiCreateColorTransform",
+        "NtGdiCreateColorSpace",
+        "NtGdiCreateClientObj",
+        "NtGdiCreateBitmapFromDxSurface2",
+        "NtGdiCreateBitmapFromDxSurface",
+        "NtGdiCreateBitmap",
+        "NtGdiConvertMetafileRect",
+        "NtGdiConfigureOPMProtectedOutput",
+        "NtGdiComputeXformCoefficients",
+        "NtGdiCombineTransform",
+        "NtGdiCombineRgn",
+        "NtGdiColorCorrectPalette",
+        "NtGdiClearBrushAttributes",
+        "NtGdiClearBitmapAttributes",
+        "NtGdiCloseFigure",
+        "NtGdiCheckBitmapBits",
+        "NtGdiCancelDC",
+        "NtGdiBitBlt",
+        "NtGdiBeginPath",
+        "NtGdiBeginGdiRendering",
+        "NtGdiArcInternal",
+        "NtGdiFontIsLinked",
+        "NtGdiAnyLinkedFonts",
+        "NtGdiAngleArc",
+        "NtGdiAlphaBlend",
+        "NtGdiAddRemoteMMInstanceToDC",
+        "NtGdiRemoveMergeFont",
+        "NtGdiAddFontMemResourceEx",
+        "NtGdiAddRemoteFontToDC",
+        "NtGdiAddFontResourceW",
+        "NtGdiAbortPath",
+        "NtGdiAbortDoc",
+        "NtUserDefSetText",
+        "NtUserDeferWindowPosAndBand",
+        "NtUserDdeInitialize",
+        "NtUserCanBrokerForceForeground",
+        "NtUserCreateWindowStation",
+        "NtUserCreateWindowEx",
+        "NtUserCreateLocalMemHandle",
+        "NtUserCreateInputContext",
+        "NtUserCreateDesktopEx",
+        "NtUserCreateCaret",
+        "NtUserCreateAcceleratorTable",
+        "NtUserCountClipboardFormats",
+        "NtUserCopyAcceleratorTable",
+        "NtUserConvertMemHandle",
+        "NtUserConsoleControl",
+        "NtUserCloseWindowStation",
+        "NtUserCloseDesktop",
+        "NtUserCloseClipboard",
+        "NtUserClipCursor",
+        "NtUserChildWindowFromPointEx",
+        "NtUserCheckMenuItem",
+        "NtUserCheckWindowThreadDesktop",
+        "NtUserDwmValidateWindow",
+        "NtUserCheckAccessForIntegrityLevel",
+        "NtUserDisplayConfigSetDeviceInfo",
+        "NtUserDisplayConfigGetDeviceInfo",
+        "NtUserQueryDisplayConfig",
+        "NtUserSetDisplayConfig",
+        "NtUserGetDisplayConfigBufferSizes",
+        "NtUserChangeDisplaySettings",
+        "NtUserChangeClipboardChain",
+        "NtUserCallTwoParam",
+        "NtUserCallOneParam",
+        "NtUserCallNoParam",
+        "NtUserCallNextHookEx",
+        "NtUserCallMsgFilter",
+        "NtUserCallHwndParamLock",
+        "NtUserCallHwndParam",
+        "NtUserCallHwndOpt",
+        "NtUserCallHwndLock",
+        "NtUserCallHwnd",
+        "NtUserBroadcastThemeChangeEvent",
+        "NtUserBuildPropList",
+        "NtUserBuildNameList",
+        "NtUserBuildHwndList",
+        "NtUserBuildHimcList",
+        "NtUserBlockInput",
+        "NtUserBitBltSysBmp",
+        "NtUserBeginPaint",
+        "NtUserAttachThreadInput",
+        "NtUserAssociateInputContext",
+        "NtUserAlterWindowStyle",
+        "NtUserAddClipboardFormatListener",
+        "NtUserActivateKeyboardLayout",
+        "NtUserDelegateCapturePointers",
+        "NtUserDelegateInput",
+        "NtUserDispatchMessage",
+        "NtUserDisableProcessWindowFiltering",
+        "NtUserDisableThreadIme",
+        "NtUserDestroyWindow",
+        "NtUserDestroyMenu",
+        "NtUserDestroyInputContext",
+        "NtUserDestroyCursor",
+        "NtUserDestroyAcceleratorTable",
+        "NtUserDeleteMenu",
+        "NtUserDoSoundDisconnect",
+        "NtUserDoSoundConnect",
+        "NtUserGhostWindowFromHungWindow",
+        "NtUserGetWOWClass",
+        "NtUserGetWindowPlacement",
+        "NtUserGetWindowDisplayAffinity",
+        "NtUserGetWindowDC",
+        "NtUserGetWindowCompositionAttribute",
+        "NtUserGetWindowCompositionInfo",
+        "NtUserGetWindowBand",
+        "NtUserGetUpdateRgn",
+        "NtUserGetUpdateRect",
+        "NtUserGetUpdatedClipboardFormats",
+        "NtUserGetTopLevelWindow",
+        "NtUserGetTitleBarInfo",
+        "NtUserGetThreadState",
+        "NtUserGetThreadDesktop",
+        "NtUserGetSystemMenu",
+        "NtUserGetScrollBarInfo",
+        "NtUserGetRegisteredRawInputDevices",
+        "NtUserGetRawInputDeviceList",
+        "NtUserGetRawInputDeviceInfo",
+        "NtUserGetRawInputData",
+        "NtUserGetRawInputBuffer",
+        "NtUserGetProcessDpiAwarenessContext",
+        "NtUserGetProcessWindowStation",
+        "NtUserGetPriorityClipboardFormat",
+        "NtUserGetOpenClipboardWindow",
+        "NtUserGetObjectInformation",
+        "NtUserGetMouseMovePointsEx",
+        "NtUserGetMessage",
+        "NtUserGetMenuItemRect",
+        "NtUserGetMenuIndex",
+        "NtUserGetMenuBarInfo",
+        "NtUserGetListBoxInfo",
+        "NtUserGetKeyState",
+        "NtUserGetKeyNameText",
+        "NtUserGetKeyboardState",
+        "NtUserGetKeyboardLayoutName",
+        "NtUserGetKeyboardLayoutList",
+        "NtUserGetInternalWindowPos",
+        "NtUserGetInputLocaleInfo",
+        "NtUserGetImeInfoEx",
+        "NtUserGetImeHotKey",
+        "NtUserGetIconSize",
+        "NtUserGetIconInfo",
+        "NtUserGetGUIThreadInfo",
+        "NtUserGetGuiResources",
+        "NtUserGetForegroundWindow",
+        "NtUserGetDoubleClickTime",
+        "NtUserGetDesktopID",
+        "NtUserGetDCEx",
+        "NtUserGetDC",
+        "NtUserGetCursorInfo",
+        "NtUserGetCursorFrameInfo",
+        "NtUserGetCurrentInputMessageSource",
+        "NtUserGetCIMSSM",
+        "NtUserGetCPD",
+        "NtUserGetControlColor",
+        "NtUserGetControlBrush",
+        "NtUserGetComboBoxInfo",
+        "NtUserGetClipCursor",
+        "NtUserGetClipboardViewer",
+        "NtUserGetClipboardSequenceNumber",
+        "NtUserGetClipboardOwner",
+        "NtUserGetClipboardFormatName",
+        "NtUserGetClipboardData",
+        "NtUserGetClassName",
+        "NtUserGetClassInfoEx",
+        "NtUserGetCaretPos",
+        "NtUserGetCaretBlinkTime",
+        "NtUserGetAtomName",
+        "NtUserGetAsyncKeyState",
+        "NtUserGetAppImeLevel",
+        "NtUserGetAncestor",
+        "NtUserGetAltTabInfo",
+        "NtUserFrostCrashedWindow",
+        "NtUserFlashWindowEx",
+        "NtUserFindWindowEx",
+        "NtUserFindExistingCursorIcon",
+        "NtUserFillWindow",
+        "NtUserExcludeUpdateRgn",
+        "NtUserEvent",
+        "NtUserEnumDisplaySettings",
+        "NtUserEnumDisplayMonitors",
+        "NtUserEnumDisplayDevices",
+        "NtUserEndPaint",
+        "NtUserEndMenu",
+        "NtUserEndDeferWindowPosEx",
+        "NtUserEnableScrollBar",
+        "NtUserEnableMenuItem",
+        "NtUserEmptyClipboard",
+        "NtUserDrawMenuBarTemp",
+        "NtUserDrawIconEx",
+        "NtUserDrawCaptionTemp",
+        "NtUserDrawCaption",
+        "NtUserDrawAnimatedRects",
+        "NtUserDragObject",
+        "NtUserDragDetect",
+        "NtUserHandleDelegatedInput",
+        "NtUserInheritWindowMonitor",
+        "NtUserRealChildWindowFromPoint",
+        "NtUserQueryWindow",
+        "NtUserQuerySendMessage",
+        "NtUserQueryInputContext",
+        "NtUserQueryInformationThread",
+        "NtUserQueryBSDRWindow",
+        "NtUserPerMonitorDPIPhysicalToLogicalPoint",
+        "NtUserProcessConnect",
+        "NtUserPrintWindow",
+        "NtUserPostThreadMessage",
+        "NtUserPostMessage",
+        "NtUserPhysicalToLogicalPoint",
+        "NtUserPeekMessage",
+        "NtUserPaintMonitor",
+        "NtUserPaintDesktop",
+        "NtUserOpenWindowStation",
+        "NtUserOpenThreadDesktop",
+        "NtUserOpenInputDesktop",
+        "NtUserOpenDesktop",
+        "NtUserOpenClipboard",
+        "NtUserNotifyWinEvent",
+        "NtUserNotifyProcessCreate",
+        "NtUserNotifyIMEStatus",
+        "NtUserMoveWindow",
+        "NtUserModifyUserStartupInfoFlags",
+        "NtUserMNDragOver",
+        "NtUserMNDragLeave",
+        "NtUserMinMaximize",
+        "NtUserMessageCall",
+        "NtUserMenuItemFromPoint",
+        "NtUserMapVirtualKeyEx",
+        "NtUserLayoutCompleted",
+        "NtUserLogicalToPerMonitorDPIPhysicalPoint",
+        "NtUserLogicalToPhysicalPoint",
+        "NtUserLockWorkStation",
+        "NtUserLockWindowUpdate",
+        "NtUserLockWindowStation",
+        "NtUserLoadKeyboardLayoutEx",
+        "NtUserKillTimer",
+        "NtUserIsTopLevelWindow",
+        "NtUserIsClipboardFormatAvailable",
+        "NtUserInvalidateRgn",
+        "NtUserInvalidateRect",
+        "NtUserInternalGetWindowIcon",
+        "NtUserInternalGetWindowText",
+        "NtUserInitTask",
+        "NtUserInitializeClientPfnArrays",
+        "NtUserInitialize",
+        "NtUserImpersonateDdeClientWindow",
+        "NtUserHungWindowFromGhostWindow",
+        "NtUserHiliteMenuItem",
+        "NtUserHideCaret",
+        "NtUserHardErrorControl",
+        "NtUserRealInternalGetMessage",
+        "NtUserRealWaitMessageEx",
+        "NtUserReleaseDwmHitTestWaiters",
+        "NtUserTranslateMessage",
+        "NtUserTranslateAccelerator",
+        "NtUserPaintMenuBar",
+        "NtUserCalcMenuBar",
+        "NtUserCalculatePopupWindowPosition",
+        "NtUserTrackPopupMenuEx",
+        "NtUserTrackMouseEvent",
+        "NtUserToUnicodeEx",
+        "NtUserThunkedMenuItemInfo",
+        "NtUserThunkedMenuInfo",
+        "NtUserTestForInteractiveUser",
+        "NtUserSendEventMessage",
+        "NtUserSystemParametersInfo",
+        "NtUserSystemParametersInfoForDpi",
+        "NtUserSwitchDesktop",
+        "NtUserSoundSentry",
+        "NtUserShutdownReasonDestroy",
+        "NtUserShutdownBlockReasonQuery",
+        "NtUserShutdownBlockReasonCreate",
+        "NtUserShowWindowAsync",
+        "NtUserShowWindow",
+        "NtUserShowScrollBar",
+        "NtUserShowCaret",
+        "NtUserSetWinEventHook",
+        "NtUserSetWindowWord",
+        "NtUserSetWindowStationUser",
+        "NtUserSetWindowsHookEx",
+        "NtUserSetWindowsHookAW",
+        "NtUserSetWindowRgnEx",
+        "NtUserGetWindowRgnEx",
+        "NtUserSetWindowRgn",
+        "NtUserSetWindowPos",
+        "NtUserSetWindowPlacement",
+        "NtUserSetWindowLong",
+        "NtUserSetWindowFNID",
+        "NtUserSetWindowDisplayAffinity",
+        "NtUserSetWindowCompositionTransition",
+        "NtUserUpdateDefaultDesktopThumbnail",
+        "NtUserSetWindowCompositionAttribute",
+        "NtUserSetWindowBand",
+        "NtUserSetProcessUIAccessZorder",
+        "NtUserSetProcessDpiAwarenessContext",
+        "NtUserEnableChildWindowDpiMessage",
+        "NtUserIsChildWindowDpiMessageEnabled",
+        "NtUserEnableNonClientDpiScaling",
+        "NtUserIsNonClientDpiScalingEnabled",
+        "NtUserIsWindowBroadcastingDpiToChildren",
+        "NtUserSetTimer",
+        "NtUserSetThreadState",
+        "NtUserSetThreadLayoutHandles",
+        "NtUserSetThreadDesktop",
+        "NtUserSetThreadInputBlocked",
+        "NtUserSetSystemTimer",
+        "NtUserSetSystemMenu",
+        "NtUserSetSystemCursor",
+        "NtUserSetSysColors",
+        "NtUserSetShellWindowEx",
+        "NtUserSetScrollInfo",
+        "NtUserSetProp",
+        "NtUserGetProp",
+        "NtUserSetProcessWindowStation",
+        "NtUserSetParent",
+        "NtUserSetObjectInformation",
+        "NtUserSetMenuFlagRtoL",
+        "NtUserSetMenuDefaultItem",
+        "NtUserSetMenuContextHelpId",
+        "NtUserSetMenu",
+        "NtUserSetKeyboardState",
+        "NtUserSetInternalWindowPos",
+        "NtUserSetInformationThread",
+        "NtUserSetImeOwnerWindow",
+        "NtUserSetImeInfoEx",
+        "NtUserSetImeHotKey",
+        "NtUserSetFocus",
+        "NtUserSetCursorIconData",
+        "NtUserSetCursorContents",
+        "NtUserSetCursor",
+        "NtUserSetClipboardViewer",
+        "NtUserSetClipboardData",
+        "NtUserSetClassWord",
+        "NtUserSetClassLong",
+        "NtUserSetChildWindowNoActivate",
+        "NtUserSetCapture",
+        "NtUserSetAppImeLevel",
+        "NtUserSetActiveWindow",
+        "NtUserSendInput",
+        "NtUserSelectPalette",
+        "NtUserScrollWindowEx",
+        "NtUserScrollDC",
+        "NtUserSBGetParms",
+        "NtUserResolveDesktopForWOW",
+        "NtUserRemoveProp",
+        "NtUserRemoveMenu",
+        "NtUserRemoveClipboardFormatListener",
+        "NtUserRegisterWindowMessage",
+        "NtUserRegisterTasklist",
+        "NtUserRegisterServicesProcess",
+        "NtUserRegisterRawInputDevices",
+        "NtUserRegisterHotKey",
+        "NtUserRegisterDManipHook",
+        "NtUserGetDManipHookInitFunction",
+        "NtUserRegisterManipulationThread",
+        "NtUserSetManipulationInputTarget",
+        "NtUserRegisterUserApiHook",
+        "NtUserRegisterErrorReportingDialog",
+        "NtUserRegisterClassExWOW",
+        "NtUserRegisterBSDRWindow",
+        "NtUserRedrawWindow",
+        "NtUserUndelegateInput",
+        "NtUserGetWindowMinimizeRect",
+        "NtUserDwmGetRemoteSessionOcclusionEvent",
+        "NtUserDwmGetRemoteSessionOcclusionState",
+        "NtUserDwmKernelShutdown",
+        "NtUserDwmKernelStartup",
+        "NtUserUpdateWindowTransform",
+        "NtUserCheckProcessSession",
+        "NtUserUnregisterSessionPort",
+        "NtUserRegisterSessionPort",
+        "NtUserCtxDisplayIOCtl",
+        "NtUserRemoteStopScreenUpdates",
+        "NtUserRemoteRedrawScreen",
+        "NtUserRemoteRedrawRectangle",
+        "NtUserRemoteConnect",
+        "NtUserWaitAvailableMessageEx",
+        "NtUserWindowFromPoint",
+        "NtUserWindowFromPhysicalPoint",
+        "NtUserWaitMessage",
+        "NtUserWaitForMsgAndEvent",
+        "NtUserWaitForInputIdle",
+        "NtUserVkKeyScanEx",
+        "NtUserValidateTimerCallback",
+        "NtUserValidateRect",
+        "NtUserValidateHandleSecure",
+        "NtUserUserHandleGrantAccess",
+        "NtUserUpdatePerUserSystemParameters",
+        "NtUserSetLayeredWindowAttributes",
+        "NtUserGetLayeredWindowAttributes",
+        "NtUserUpdateLayeredWindow",
+        "NtUserUpdateInstance",
+        "NtUserUpdateInputContext",
+        "NtUserUnregisterHotKey",
+        "NtUserUnregisterUserApiHook",
+        "NtUserUnregisterClass",
+        "NtUserUnlockWindowStation",
+        "NtUserUnloadKeyboardLayout",
+        "NtUserUnhookWinEvent",
+        "NtUserUnhookWindowsHookEx",
+        "NtUserGetTouchInputInfo",
+        "NtUserIsTouchWindow",
+        "NtUserModifyWindowTouchCapability",
+        "NtGdiEngStretchBltROP",
+        "NtGdiEngTextOut",
+        "NtGdiEngTransparentBlt",
+        "NtGdiEngGradientFill",
+        "NtGdiEngAlphaBlend",
+        "NtGdiEngLineTo",
+        "NtGdiEngPaint",
+        "NtGdiEngStrokeAndFillPath",
+        "NtGdiEngFillPath",
+        "NtGdiEngStrokePath",
+        "NtGdiEngMarkBandingSurface",
+        "NtGdiEngPlgBlt",
+        "NtGdiEngStretchBlt",
+        "NtGdiEngBitBlt",
+        "NtGdiEngLockSurface",
+        "NtGdiEngUnlockSurface",
+        "NtGdiEngEraseSurface",
+        "NtGdiEngDeleteSurface",
+        "NtGdiEngDeletePalette",
+        "NtGdiEngCopyBits",
+        "NtGdiEngComputeGlyphSet",
+        "NtGdiEngCreatePalette",
+        "NtGdiEngCreateDeviceBitmap",
+        "NtGdiEngCreateDeviceSurface",
+        "NtGdiEngCreateBitmap",
+        "NtGdiEngAssociateSurface",
+        "NtUserSetWindowFeedbackSetting",
+        "NtUserRegisterEdgy",
+        "NtUserRegisterShellPTPListener",
+        "NtUserGetWindowFeedbackSetting",
+        "NtUserHidePointerContactVisualization",
+        "NtUserGetTouchValidationStatus",
+        "NtUserInitializeTouchInjection",
+        "NtUserInjectTouchInput",
+        "NtUserRegisterTouchHitTestingWindow",
+        "NtUserSetDisplayMapping",
+        "NtUserSetCalibrationData",
+        "NtUserGetPhysicalDeviceRect",
+        "NtUserRegisterTouchPadCapable",
+        "NtUserGetRawPointerDeviceData",
+        "NtUserGetPointerDeviceCursors",
+        "NtUserGetPointerDeviceRects",
+        "NtUserRegisterPointerDeviceNotifications",
+        "NtUserGetPointerDeviceProperties",
+        "NtUserGetPointerDevice",
+        "NtUserGetPointerDevices",
+        "NtUserEnableTouchPad",
+        "NtUserGetPrecisionTouchPadConfiguration",
+        "NtUserSetPrecisionTouchPadConfiguration",
+        "NtUserPromotePointer",
+        "NtUserDiscardPointerFrameMessages",
+        "NtUserRegisterPointerInputTarget",
+        "NtUserGetPointerFrameArrivalTimes",
+        "NtUserGetPointerInputTransform",
+        "NtUserGetPointerInfoList",
+        "NtUserGetPointerCursorId",
+        "NtUserGetPointerType",
+        "NtUserGetGestureConfig",
+        "NtUserSetGestureConfig",
+        "NtUserGetGestureExtArgs",
+        "NtUserGetGestureInfo",
+        "NtUserInjectGesture",
+        "NtUserChangeWindowMessageFilterEx",
+        "NtGdiXLATEOBJ_hGetColorTransform",
+        "NtGdiXLATEOBJ_iXlate",
+        "NtGdiXLATEOBJ_cGetPalette",
+        "NtGdiEngDeleteClip",
+        "NtGdiEngCreateClip",
+        "NtGdiEngDeletePath",
+        "NtGdiCLIPOBJ_ppoGetPath",
+        "NtGdiCLIPOBJ_cEnumStart",
+        "NtGdiCLIPOBJ_bEnum",
+        "NtGdiBRUSHOBJ_hGetColorTransform",
+        "NtGdiBRUSHOBJ_pvGetRbrush",
+        "NtGdiBRUSHOBJ_pvAllocRbrush",
+        "NtGdiBRUSHOBJ_ulGetBrushColor",
+        "NtGdiXFORMOBJ_iGetXform",
+        "NtGdiXFORMOBJ_bApplyXform",
+        "NtGdiFONTOBJ_pQueryGlyphAttrs",
+        "NtGdiFONTOBJ_pfdg",
+        "NtGdiFONTOBJ_pifi",
+        "NtGdiFONTOBJ_cGetGlyphs",
+        "NtGdiFONTOBJ_pxoGetXform",
+        "NtGdiFONTOBJ_vGetInfo",
+        "NtGdiFONTOBJ_cGetAllGlyphHandles",
+        "NtGdiFONTOBJ_pvTrueTypeFontFile",
+        "NtGdiSTROBJ_dwGetCodePage",
+        "NtGdiSTROBJ_vEnumStart",
+        "NtGdiSTROBJ_bGetAdvanceWidths",
+        "NtGdiSTROBJ_bEnumPositionsOnly",
+        "NtGdiSTROBJ_bEnum",
+        "NtGdiPATHOBJ_bEnumClipLines",
+        "NtGdiPATHOBJ_vEnumStartClipLines",
+        "NtGdiPATHOBJ_vEnumStart",
+        "NtGdiPATHOBJ_bEnum",
+        "NtGdiPATHOBJ_vGetBounds",
+        "NtGdiEngCheckAbort",
+        "NtGdiGetDhpdev",
+        "NtGdiHT_Get8BPPMaskPalette",
+        "NtGdiHT_Get8BPPFormatPalette",
+        "NtGdiUpdateTransform",
+        "NtGdiUMPDEngFreeUserMem",
+        "NtGdiBRUSHOBJ_DeleteRbrush",
+        "NtGdiSetPUMPDOBJ",
+        "NtGdiSetUMPDSandboxState",
+        "NtGdiDrawStream",
+        "NtGdiHLSurfSetInformation",
+        "NtGdiHLSurfGetInformation",
+        "NtGdiDwmCreatedBitmapRemotingOutput",
+        "NtGdiDdDDIGetScanLine",
+        "NtGdiDdDDIReleaseProcessVidPnSourceOwners",
+        "NtGdiDdDDIGetProcessSchedulingPriorityClass",
+        "NtGdiDdDDISetProcessSchedulingPriorityClass",
+        "NtGdiDdDDIGetContextSchedulingPriority",
+        "NtGdiDdDDISetContextSchedulingPriority",
+        "NtGdiDdDDIDestroyDCFromMemory",
+        "NtGdiDdDDICreateDCFromMemory",
+        "NtGdiDdDDIGetDeviceState",
+        "NtGdiDdDDISetGammaRamp",
+        "NtGdiDdDDIWaitForVerticalBlankEvent",
+        "NtGdiDdDDIDestroyOverlay",
+        "NtGdiDdDDIFlipOverlay",
+        "NtGdiDdDDIUpdateOverlay",
+        "NtGdiDdDDICreateOverlay",
+        "NtGdiDdDDIGetPresentQueueEvent",
+        "NtGdiDdDDIGetPresentHistory",
+        "NtGdiDdDDISetVidPnSourceOwner1",
+        "NtGdiDdDDISetVidPnSourceOwner",
+        "NtGdiDdDDIQueryStatistics",
+        "NtGdiDdDDIEscape",
+        "NtGdiDdDDIGetSharedPrimaryHandle",
+        "NtGdiDdDDICloseAdapter",
+        "NtGdiDdDDIOpenAdapterFromLuid",
+        "NtGdiDdDDIEnumAdapters",
+        "NtGdiDdDDIEnumAdapters2",
+        "NtGdiDdDDIOpenAdapterFromHdc",
+        "NtGdiDdDDIOpenAdapterFromDeviceName",
+        "NtGdiDdDDIRender",
+        "NtGdiDdDDIPresent",
+        "NtGdiDdDDIGetMultisampleMethodList",
+        "NtGdiDdDDISetDisplayMode",
+        "NtGdiDdDDIGetDisplayModeList",
+        "NtGdiDdDDIUnlock",
+        "NtGdiDdDDILock",
+        "NtGdiDdDDIQueryAdapterInfo",
+        "NtGdiDdDDIGetRuntimeData",
+        "NtGdiDdDDISignalSynchronizationObject",
+        "NtGdiDdDDIWaitForSynchronizationObject",
+        "NtGdiDdDDIDestroySynchronizationObject",
+        "NtGdiDdDDIOpenSynchronizationObject",
+        "NtGdiDdDDICreateSynchronizationObject",
+        "NtGdiDdDDIDestroyContext",
+        "NtGdiDdDDICreateContext",
+        "NtGdiDdDDIDestroyDevice",
+        "NtGdiDdDDICreateDevice",
+        "NtGdiDdDDIQueryAllocationResidency",
+        "NtGdiDdDDISetAllocationPriority",
+        "NtGdiDdDDIDestroyAllocation",
+        "NtGdiDdDDIDestroyAllocation2",
+        "NtGdiDdDDIOpenResourceFromNtHandle",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle2",
+        "NtGdiDdDDIOpenResource",
+        "NtGdiDdDDIOpenNtHandleFromName",
+        "NtGdiDdDDIOpenSyncObjectNtHandleFromName",
+        "NtGdiDdDDIShareObjects",
+        "NtGdiDdDDIQueryResourceInfoFromNtHandle",
+        "NtGdiDdDDIQueryResourceInfo",
+        "NtGdiDdDDICreateAllocation",
+        "NtGdiDdDDIOutputDuplReleaseFrame",
+        "NtGdiDdDDIQueryRemoteVidPnSourceFromGdiDisplayName",
+        "NtGdiDdDDIOutputDuplPresent",
+        "NtGdiDdDDIReleaseKeyedMutex2",
+        "NtGdiDdDDIAcquireKeyedMutex2",
+        "NtGdiDdDDIOpenKeyedMutex2",
+        "NtGdiDdDDICreateKeyedMutex2",
+        "NtGdiDdDDIOutputDuplGetPointerShapeData",
+        "NtGdiDdDDIOutputDuplGetMetaData",
+        "NtGdiDdDDIOutputDuplGetFrameInfo",
+        "NtGdiDdDDIDestroyOutputDupl",
+        "NtGdiDdDDICreateOutputDupl",
+        "NtGdiDdDDIReclaimAllocations",
+        "NtGdiDdDDIOfferAllocations",
+        "NtGdiDdDDICheckSharedResourceAccess",
+        "NtGdiDdDDICheckVidPnExclusiveOwnership",
+        "NtGdiDdDDIGetOverlayState",
+        "NtGdiDdDDIConfigureSharedResource",
+        "NtGdiDdDDIReleaseKeyedMutex",
+        "NtGdiDdDDIAcquireKeyedMutex",
+        "NtGdiDdDDIDestroyKeyedMutex",
+        "NtGdiDdDDIOpenKeyedMutex",
+        "NtGdiDdDDICreateKeyedMutex",
+        "NtGdiDdDDISharedPrimaryUnLockNotification",
+        "NtGdiDdDDISharedPrimaryLockNotification",
+        "NtGdiDdDDISetDisplayPrivateDriverFormat",
+        "NtGdiDdDDICheckExclusiveOwnership",
+        "NtGdiDdDDICheckMonitorPowerState",
+        "NtGdiDdDDIWaitForIdle",
+        "NtGdiDdDDICheckOcclusion",
+        "NtGdiDdDDIInvalidateActiveVidPn",
+        "NtGdiDdDDIPollDisplayChildren",
+        "NtGdiDdDDISetQueuedLimit",
+        "NtGdiDdDDIPinDirectFlipResources",
+        "NtGdiDdDDIUnpinDirectFlipResources",
+        "NtGdiDdDDIWaitForVerticalBlankEvent2",
+        "NtGdiDdDDIGetDWMVerticalBlankEvent",
+        "NtGdiDdDDISetSyncRefreshCountWaitTarget",
+        "NtGdiDdDDISetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetSharedResourceAdapterLuid",
+        "NtGdiDdDDISetStereoEnabled",
+        "NtGdiDdDDIPresentMultiPlaneOverlay",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport",
+        "NtGdiDdDDIMakeResident",
+        "NtGdiDdDDIEvict",
+        "NtGdiDdDDIUpdateAllocationProperty",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromCpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromCpu",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu2",
+        "NtGdiDdDDICreatePagingQueue",
+        "NtGdiDdDDIDestroyPagingQueue",
+        "NtGdiDdDDILock2",
+        "NtGdiDdDDIUnlock2",
+        "NtGdiDdDDIInvalidateCache",
+        "NtGdiDdDDIGetResourcePresentPrivateDriverData",
+        "NtGdiDdDDIMapGpuVirtualAddress",
+        "NtGdiDdDDIReserveGpuVirtualAddress",
+        "NtGdiDdDDIFreeGpuVirtualAddress",
+        "NtGdiDdDDIUpdateGpuVirtualAddress",
+        "NtGdiDdDDICreateContextVirtual",
+        "NtGdiDdDDISubmitCommand",
+        "NtGdiDdDDIGetCachedHybridQueryValue",
+        "NtGdiDdDDICacheHybridQueryValue",
+        "NtGdiDdDDINetDispGetNextChunkInfo",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceSupport",
+        "NtGdiDdDDINetDispStartMiracastDisplayDevice",
+        "NtGdiDdDDINetDispStopMiracastDisplayDevice",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceStatus",
+        "NtGdiDdDDINetDispStopSessions",
+        "NtGdiDdDDIQueryVideoMemoryInfo",
+        "NtGdiDdDDIChangeVideoMemoryReservation",
+        "NtGdiDdDDICreateSwapChain",
+        "NtGdiDdDDIOpenSwapChain",
+        "NtGdiDdDDIGetSetSwapChainMetadata",
+        "NtGdiDdDDIAcquireSwapChain",
+        "NtGdiDdDDIReleaseSwapChain",
+        "NtGdiDdDDIAbandonSwapChain",
+        "NtGdiDdDDISetDodIndirectSwapchain",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport2",
+        "NtGdiDdDDIPresentMultiPlaneOverlay2",
+        "NtGdiDdDDIReclaimAllocations2",
+        "NtGdiDdDDISetStablePowerState",
+        "NtGdiDdDDIQueryClockCalibration",
+        "NtGdiDdDDIQueryVidPnExclusiveOwnership",
+        "NtGdiDdDDIAdjustFullscreenGamma",
+        "NtGdiDdDDISetVidPnSourceHwProtection",
+        "NtGdiDdDDIMarkDeviceAsError",
+        "NtGdiDdDDIFlushHeapTransitions",
+        "NtGdiDdDDISetHwProtectionTeardownRecovery",
+        "NtGdiDdDDIQueryProcessOfferInfo",
+        "NtGdiDdDDITrimProcessCommitment",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport3",
+        "NtGdiDdDDIPresentMultiPlaneOverlay3",
+        "NtGdiDdDDISetFSEBlock",
+        "NtGdiDdDDIQueryFSEBlock",
+        "NtGdiMakeObjectUnXferable",
+        "NtGdiMakeObjectXferable",
+        "NtGdiDestroyPhysicalMonitor",
+        "NtGdiGetPhysicalMonitorDescription",
+        "NtGdiGetPhysicalMonitors",
+        "NtGdiGetNumberOfPhysicalMonitors",
+        "NtGdiDDCCIGetTimingReport",
+        "NtGdiDDCCIGetCapabilitiesString",
+        "NtGdiDDCCIGetCapabilitiesStringLength",
+        "NtGdiDDCCISaveCurrentSettings",
+        "NtGdiDDCCISetVCPFeature",
+        "NtGdiDDCCIGetVCPFeature",
+        "NtGdiDdQueryVisRgnUniqueness",
+        "NtGdiDdDestroyFullscreenSprite",
+        "NtGdiDdNotifyFullscreenSpriteUpdate",
+        "NtGdiDdCreateFullscreenSprite",
+        "NtGdiGetProcessSessionFonts",
+        "NtGdiGetPublicFontTableChangeCookie",
+        "NtUserShowSystemCursor",
+        "NtUserSetMirrorRendering",
+        "NtUserMagGetContextInformation",
+        "NtUserMagSetContextInformation",
+        "NtUserMagControl",
+        "NtUserSlicerControl",
+        "NtUserHwndSetRedirectionInfo",
+        "NtUserHwndQueryRedirectionInfo",
+        "NtCreateCompositionSurfaceHandle",
+        "NtValidateCompositionSurfaceHandle",
+        "NtBindCompositionSurface",
+        "NtUnBindCompositionSurface",
+        "NtQueryCompositionSurfaceBinding",
+        "NtNotifyPresentToCompositionSurface",
+        "NtQueryCompositionSurfaceStatistics",
+        "NtOpenCompositionSurfaceSectionInfo",
+        "NtOpenCompositionSurfaceSwapChainHandleInfo",
+        "NtQueryCompositionSurfaceRenderingRealization",
+        "NtOpenCompositionSurfaceDirtyRegion",
+        "NtQueryCompositionSurfaceHDRMetaData",
+        "NtSetCompositionSurfaceHDRMetaData",
+        "NtSetCompositionSurfaceDirectFlipState",
+        "NtSetCompositionSurfaceStatistics",
+        "NtSetCompositionSurfaceBufferCompositionModeAndOrientation",
+        "NtSetCompositionSurfaceIndependentFlipInfo",
+        "NtDesktopCaptureBits",
+        "NtDCompositionEnableMMCSS",
+        "NtVisualCaptureBits",
+        "NtDCompositionEnableDDASupport",
+        "NtCreateCompositionInputSink",
+        "NtCreateImplicitCompositionInputSink",
+        "NtDuplicateCompositionInputSink",
+        "NtQueryCompositionInputSink",
+        "NtQueryCompositionInputSinkLuid",
+        "NtQueryCompositionInputSinkViewId",
+        "NtUpdateInputSinkTransforms",
+        "NtCompositionInputThread",
+        "NtQueryCompositionInputQueueAndTransform",
+        "NtQueryCompositionInputIsImplicit",
+        "NtCompositionSetDropTarget",
+        "NtTokenManagerOpenSectionAndEvents",
+        "NtTokenManagerThread",
+        "NtTokenManagerCreateCompositionTokenHandle",
+        "NtTokenManagerGetAnalogExclusiveTokenEvent",
+        "NtTokenManagerGetAnalogExclusiveSurfaceUpdates",
+        "NtTokenManagerConfirmOutstandingAnalogToken",
+        "NtSetCompositionSurfaceAnalogExclusive",
+        "NtDCompositionBeginFrame",
+        "NtDCompositionConfirmFrame",
+        "NtDCompositionRetireFrame",
+        "NtDCompositionDiscardFrame",
+        "NtDCompositionGetFrameSurfaceUpdates",
+        "NtDCompositionGetFrameLegacyTokens",
+        "NtDCompositionDestroyConnection",
+        "NtDCompositionGetConnectionBatch",
+        "NtDCompositionGetFrameStatistics",
+        "NtDCompositionGetDeletedResources",
+        "NtDCompositionCreateConnection",
+        "NtDCompositionDestroyChannel",
+        "NtDCompositionReleaseAllResources",
+        "NtDCompositionSubmitDWMBatch",
+        "NtDCompositionProcessChannelBatchBuffer",
+        "NtDCompositionCommitChannel",
+        "NtDCompositionWaitForChannel",
+        "NtDCompositionSetChannelCommitCompletionEvent",
+        "NtDCompositionTelemetryTouchInteractionBegin",
+        "NtDCompositionTelemetryTouchInteractionUpdate",
+        "NtDCompositionTelemetryTouchInteractionEnd",
+        "NtDCompositionTelemetrySetApplicationId",
+        "NtDCompositionTelemetryAnimationScenarioBegin",
+        "NtDCompositionTelemetryAnimationScenarioReference",
+        "NtDCompositionTelemetryAnimationScenarioUnreference",
+        "NtDCompositionCurrentBatchId",
+        "NtDCompositionRemoveCrossDeviceVisualChild",
+        "NtDCompositionAddCrossDeviceVisualChild",
+        "NtDCompositionCreateDwmChannel",
+        "NtDCompositionCreateChannel",
+        "NtDCompositionSynchronize",
+        "NtDCompositionReferenceSharedResourceOnDwmChannel",
+        "NtDCompositionCreateAndBindSharedSection",
+        "NtDCompositionSetDebugCounter",
+        "NtDCompositionGetChannels",
+        "NtDCompositionConnectPipe",
+        "NtDCompositionRegisterThumbnailVisual",
+        "NtDCompositionRegisterVirtualDesktopVisual",
+        "NtDCompositionDuplicateHandleToProcess",
+        "NtDCompositionUpdatePointerCapture",
+        "NtDCompositionSetChannelCallbackId",
+        "NtDCompositionDuplicateSwapchainHandleToDwm",
+        "NtUserDestroyDCompositionHwndTarget",
+        "NtUserCreateDCompositionHwndTarget",
+        "NtUserWaitForRedirectionStartComplete",
+        "NtUserSignalRedirectionStartComplete",
+        "NtUserSetActiveProcessForMonitor",
+        "NtUserGetDisplayAutoRotationPreferencesByProcessId",
+        "NtUserGetDisplayAutoRotationPreferences",
+        "NtUserSetDisplayAutoRotationPreferences",
+        "NtUserSetAutoRotation",
+        "NtUserGetAutoRotationState",
+        "NtUserAutoRotateScreen",
+        "NtUserAcquireIAMKey",
+        "NtUserSetActivationFilter",
+        "NtUserSetFallbackForeground",
+        "NtUserSetBrokeredForeground",
+        "NtUserDisableImmersiveOwner",
+        "NtUserClearForeground",
+        "NtUserEnableIAMAccess",
+        "NtUserGetProcessUIContextInformation",
+        "NtUserSetProcessRestrictionExemption",
+        "NtUserSetWindowArrangement",
+        "NtUserSetWindowShowState",
+        "NtUserUpdateWindowTrackingInfo",
+        "NtUserEnableMouseInPointer",
+        "NtUserIsMouseInPointerEnabled",
+        "NtUserPromoteMouseInPointer",
+        "NtUserAutoPromoteMouseInPointer",
+        "NtUserEnableMouseInputForCursorSuppression",
+        "NtUserIsMouseInputEnabled",
+        "NtUserInternalClipCursor",
+        "NtUserCheckProcessForClipboardAccess",
+        "NtUserGetClipboardAccessToken",
+        "NtUserGetQueueStatusReadonly",
+        "NtUserCompositionInputSinkLuidFromPoint",
+        "NtUserUpdateWindowInputSinkHints",
+        "NtUserTransformPoint",
+        "NtUserTransformRect",
+        "NtUserGetHimetricScaleFactorFromPixelLocation",
+        "NtUserGetDpiForMonitor",
+        "NtUserReportInertia",
+        "NtUserLinkDpiCursor",
+        "NtUserGetCursorDims",
+        "NtUserInitializeInputDeviceInjection",
+        "NtUserInitializePointerDeviceInjection",
+        "NtUserRemoveInjectionDevice",
+        "NtUserSetFeatureReportResponse",
+        "NtUserInjectDeviceInput",
+        "NtUserInjectMouseInput",
+        "NtUserInjectKeyboardInput",
+        "NtUserInjectPointerInput",
+        "NtRIMAddInputObserver",
+        "NtRIMRemoveInputObserver",
+        "NtRIMUpdateInputObserverRegistration",
+        "NtRIMObserveNextInput",
+        "NtRIMGetDevicePreparsedDataLockfree",
+        "NtUserSetCoreWindow",
+        "NtUserSetCoreWindowPartner",
+        "NtUserNavigateFocus",
+        "NtHWCursorUpdatePointer",
+        "NtUserAcquireInteractiveControlBackgroundAccess",
+        "NtUserGetInteractiveControlInfo",
+        "NtUserGetInteractiveControlDeviceInfo",
+        "NtUserSendInteractiveControlHapticsReport",
+        "NtUserSetInteractiveControlFocus",
+        "NtUserInteractiveControlQueryUsage",
+        "NtUserSetInteractiveCtrlRotationAngle",
+        "NtUserSetProcessInteractionFlags"
+    ]
+]
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win10_x86_15063_syscalls.py b/volatility/plugins/overlays/windows/win10_x86_15063_syscalls.py
new file mode 100644
index 000000000..ac32e04fc
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_15063_syscalls.py
@@ -0,0 +1,1594 @@
+syscalls = [
+    [
+        "NtAccessCheck",
+        "NtWorkerFactoryWorkerReady",
+        "NtAcceptConnectPort",
+        "NtYieldExecution",
+        "NtWriteVirtualMemory",
+        "NtWriteRequestData",
+        "NtWriteFileGather",
+        "NtWriteFile",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtWaitForWorkViaWorkerFactory",
+        "NtWaitForSingleObject",
+        "NtWaitForMultipleObjects32",
+        "NtWaitForMultipleObjects",
+        "NtWaitForKeyedEvent",
+        "NtWaitForDebugEvent",
+        "NtWaitForAlertByThreadId",
+        "NtVdmControl",
+        "NtUnsubscribeWnfStateChange",
+        "NtUpdateWnfStateData",
+        "NtUnmapViewOfSection",
+        "NtUnmapViewOfSectionEx",
+        "NtUnlockVirtualMemory",
+        "NtUnlockFile",
+        "NtUnloadKeyEx",
+        "NtUnloadKey2",
+        "NtUnloadKey",
+        "NtUnloadDriver",
+        "NtUmsThreadYield",
+        "NtTranslateFilePath",
+        "NtTraceEvent",
+        "NtTraceControl",
+        "NtThawTransactions",
+        "NtThawRegistry",
+        "NtTestAlert",
+        "NtTerminateThread",
+        "NtTerminateProcess",
+        "NtTerminateJobObject",
+        "NtSystemDebugControl",
+        "NtSuspendThread",
+        "NtSuspendProcess",
+        "NtSubscribeWnfStateChange",
+        "NtStopProfile",
+        "NtStartProfile",
+        "NtSinglePhaseReject",
+        "NtSignalAndWaitForSingleObject",
+        "NtShutdownWorkerFactory",
+        "NtShutdownSystem",
+        "NtSetWnfProcessNotificationEvent",
+        "NtSetVolumeInformationFile",
+        "NtSetValueKey",
+        "NtSetUuidSeed",
+        "NtSetTimerResolution",
+        "NtSetTimerEx",
+        "NtSetTimer",
+        "NtSetThreadExecutionState",
+        "NtSetSystemTime",
+        "NtSetSystemPowerState",
+        "NtSetSystemInformation",
+        "NtSetSystemEnvironmentValueEx",
+        "NtSetSystemEnvironmentValue",
+        "NtSetSecurityObject",
+        "NtSetQuotaInformationFile",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtSetLdtEntries",
+        "NtSetIRTimer",
+        "NtSetTimer2",
+        "NtCancelTimer2",
+        "NtSetIoCompletionEx",
+        "NtSetIoCompletion",
+        "NtSetIntervalProfile",
+        "NtSetInformationWorkerFactory",
+        "NtSetInformationTransactionManager",
+        "NtSetInformationTransaction",
+        "NtSetInformationToken",
+        "NtSetInformationThread",
+        "NtSetInformationResourceManager",
+        "NtSetInformationProcess",
+        "NtSetInformationObject",
+        "NtSetInformationKey",
+        "NtSetInformationJobObject",
+        "NtSetInformationFile",
+        "NtSetInformationEnlistment",
+        "NtSetInformationDebugObject",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtSetEventBoostPriority",
+        "NtSetEvent",
+        "NtSetEaFile",
+        "NtSetDriverEntryOrder",
+        "NtSetDefaultUILanguage",
+        "NtSetDefaultLocale",
+        "NtSetDefaultHardErrorPort",
+        "NtSetDebugFilterState",
+        "NtSetContextThread",
+        "NtSetCachedSigningLevel2",
+        "NtSetCachedSigningLevel",
+        "NtSetBootOptions",
+        "NtSetBootEntryOrder",
+        "NtSerializeBoot",
+        "NtSecureConnectPort",
+        "NtSaveMergedKeys",
+        "NtSaveKeyEx",
+        "NtSaveKey",
+        "NtRollforwardTransactionManager",
+        "NtRollbackTransaction",
+        "NtRollbackEnlistment",
+        "NtRollbackComplete",
+        "NtRevertContainerImpersonation",
+        "NtResumeThread",
+        "NtResumeProcess",
+        "NtRestoreKey",
+        "NtResetWriteWatch",
+        "NtResetEvent",
+        "NtRequestWaitReplyPort",
+        "NtRequestPort",
+        "NtReplyWaitReplyPort",
+        "NtReplyWaitReceivePortEx",
+        "NtReplyWaitReceivePort",
+        "NtReplyPort",
+        "NtReplacePartitionUnit",
+        "NtReplaceKey",
+        "NtRenameTransactionManager",
+        "NtRenameKey",
+        "NtRemoveProcessDebug",
+        "NtRemoveIoCompletionEx",
+        "NtRemoveIoCompletion",
+        "NtReleaseWorkerFactoryWorker",
+        "NtReleaseSemaphore",
+        "NtReleaseMutant",
+        "NtReleaseKeyedEvent",
+        "NtRegisterThreadTerminatePort",
+        "NtRegisterProtocolAddressInformation",
+        "NtRecoverTransactionManager",
+        "NtRecoverResourceManager",
+        "NtRecoverEnlistment",
+        "NtReadVirtualMemory",
+        "NtReadRequestData",
+        "NtReadOnlyEnlistment",
+        "NtReadFileScatter",
+        "NtReadFile",
+        "NtRaiseHardError",
+        "NtRaiseException",
+        "NtQueueApcThreadEx",
+        "NtQueueApcThread",
+        "NtQueryAuxiliaryCounterFrequency",
+        "NtQueryWnfStateData",
+        "NtQueryWnfStateNameInformation",
+        "NtQueryVolumeInformationFile",
+        "NtQueryVirtualMemory",
+        "NtQueryValueKey",
+        "NtQueryTimerResolution",
+        "NtQueryTimer",
+        "NtQuerySystemTime",
+        "NtQuerySystemInformationEx",
+        "NtQuerySystemInformation",
+        "NtQuerySystemEnvironmentValueEx",
+        "NtQuerySystemEnvironmentValue",
+        "NtQuerySymbolicLinkObject",
+        "NtQuerySemaphore",
+        "NtQuerySecurityPolicy",
+        "NtQuerySecurityObject",
+        "NtQuerySecurityAttributesToken",
+        "NtQuerySection",
+        "NtQueryQuotaInformationFile",
+        "NtQueryPortInformationProcess",
+        "NtQueryPerformanceCounter",
+        "NtQueryOpenSubKeysEx",
+        "NtQueryOpenSubKeys",
+        "NtQueryObject",
+        "NtQueryMutant",
+        "NtQueryMultipleValueKey",
+        "NtQueryLicenseValue",
+        "NtQueryKey",
+        "NtQueryIoCompletion",
+        "NtQueryIntervalProfile",
+        "NtQueryInstallUILanguage",
+        "NtQueryInformationWorkerFactory",
+        "NtQueryInformationTransactionManager",
+        "NtQueryInformationTransaction",
+        "NtQueryInformationToken",
+        "NtQueryInformationThread",
+        "NtQueryInformationResourceManager",
+        "NtQueryInformationProcess",
+        "NtQueryInformationPort",
+        "NtQueryInformationJobObject",
+        "NtQueryInformationFile",
+        "NtQueryInformationEnlistment",
+        "NtQueryInformationByName",
+        "NtQueryInformationAtom",
+        "NtQueryFullAttributesFile",
+        "NtQueryEvent",
+        "NtQueryEaFile",
+        "NtQueryDriverEntryOrder",
+        "NtQueryDirectoryObject",
+        "NtQueryDirectoryFile",
+        "NtQueryDefaultUILanguage",
+        "NtQueryDefaultLocale",
+        "NtQueryDebugFilterState",
+        "NtQueryBootOptions",
+        "NtQueryBootEntryOrder",
+        "NtQueryAttributesFile",
+        "NtPulseEvent",
+        "NtProtectVirtualMemory",
+        "NtPropagationFailed",
+        "NtPropagationComplete",
+        "NtPrivilegeObjectAuditAlarm",
+        "NtPrivilegedServiceAuditAlarm",
+        "NtPrivilegeCheck",
+        "NtSetInformationVirtualMemory",
+        "NtPrePrepareEnlistment",
+        "NtPrePrepareComplete",
+        "NtPrepareEnlistment",
+        "NtPrepareComplete",
+        "NtPowerInformation",
+        "NtPlugPlayControl",
+        "NtOpenTransactionManager",
+        "NtOpenTransaction",
+        "NtOpenTimer",
+        "NtOpenThreadTokenEx",
+        "NtOpenThreadToken",
+        "NtOpenThread",
+        "NtOpenSymbolicLinkObject",
+        "NtOpenSession",
+        "NtOpenSemaphore",
+        "NtOpenSection",
+        "NtOpenResourceManager",
+        "NtOpenPartition",
+        "NtOpenProcessTokenEx",
+        "NtOpenProcessToken",
+        "NtOpenProcess",
+        "NtOpenPrivateNamespace",
+        "NtOpenObjectAuditAlarm",
+        "NtOpenMutant",
+        "NtOpenKeyTransactedEx",
+        "NtOpenKeyTransacted",
+        "NtOpenKeyEx",
+        "NtOpenKeyedEvent",
+        "NtOpenKey",
+        "NtOpenJobObject",
+        "NtOpenIoCompletion",
+        "NtOpenFile",
+        "NtCreateEventPair",
+        "NtOpenEvent",
+        "NtOpenEnlistment",
+        "NtOpenDirectoryObject",
+        "NtNotifyChangeSession",
+        "NtNotifyChangeMultipleKeys",
+        "NtNotifyChangeKey",
+        "NtNotifyChangeDirectoryFile",
+        "NtManagePartition",
+        "NtModifyDriverEntry",
+        "NtModifyBootEntry",
+        "NtMapViewOfSection",
+        "NtMapUserPhysicalPagesScatter",
+        "NtMapUserPhysicalPages",
+        "NtMapCMFModule",
+        "NtMakeTemporaryObject",
+        "NtMakePermanentObject",
+        "NtLockVirtualMemory",
+        "NtLockRegistryKey",
+        "NtLockProductActivationKeys",
+        "NtLockFile",
+        "NtLoadKeyEx",
+        "NtLoadKey2",
+        "NtLoadKey",
+        "NtLoadHotPatch",
+        "NtLoadEnclaveData",
+        "NtLoadDriver",
+        "NtListenPort",
+        "NtIsUILanguageComitted",
+        "NtIsSystemResumeAutomatic",
+        "NtIsProcessInJob",
+        "NtInitiatePowerAction",
+        "NtInitializeRegistry",
+        "NtInitializeNlsFiles",
+        "NtInitializeEnclave",
+        "NtImpersonateThread",
+        "NtImpersonateClientOfPort",
+        "NtImpersonateAnonymousToken",
+        "NtGetWriteWatch",
+        "NtGetNotificationResourceManager",
+        "NtGetNlsSectionPtr",
+        "NtGetNextThread",
+        "NtGetNextProcess",
+        "NtGetMUIRegistryInfo",
+        "NtGetDevicePowerState",
+        "NtGetCurrentProcessorNumberEx",
+        "NtGetCurrentProcessorNumber",
+        "NtGetContextThread",
+        "NtGetCompleteWnfStateSubscription",
+        "NtGetCachedSigningLevel",
+        "NtFsControlFile",
+        "NtFreezeTransactions",
+        "NtFreezeRegistry",
+        "NtFreeVirtualMemory",
+        "NtFreeUserPhysicalPages",
+        "NtFlushWriteBuffer",
+        "NtFlushVirtualMemory",
+        "NtFlushProcessWriteBuffers",
+        "NtFlushKey",
+        "FsRtlSyncVolumes",
+        "NtFlushInstallUILanguage",
+        "NtFlushBuffersFile",
+        "NtFlushBuffersFileEx",
+        "NtFindAtom",
+        "NtFilterToken",
+        "NtFilterTokenEx",
+        "NtFilterBootOption",
+        "NtExtendSection",
+        "NtEnumerateValueKey",
+        "NtEnumerateTransactionObject",
+        "NtEnumerateSystemEnvironmentValuesEx",
+        "NtEnumerateKey",
+        "NtEnumerateDriverEntries",
+        "NtEnumerateBootEntries",
+        "NtEnableLastKnownGood",
+        "NtDuplicateToken",
+        "NtDuplicateObject",
+        "NtDrawText",
+        "NtDisplayString",
+        "NtDisableLastKnownGood",
+        "NtDeviceIoControlFile",
+        "NtDeleteWnfStateName",
+        "NtDeleteWnfStateData",
+        "NtDeleteValueKey",
+        "NtDeletePrivateNamespace",
+        "NtDeleteObjectAuditAlarm",
+        "NtDeleteKey",
+        "NtDeleteFile",
+        "NtDeleteDriverEntry",
+        "NtDeleteBootEntry",
+        "NtDeleteAtom",
+        "NtDelayExecution",
+        "NtDebugContinue",
+        "NtDebugActiveProcess",
+        "NtCreatePartition",
+        "NtCreateWorkerFactory",
+        "NtCreateWnfStateName",
+        "NtCreateWaitCompletionPacket",
+        "NtCreateWaitablePort",
+        "NtCreateUserProcess",
+        "NtCreateTransactionManager",
+        "NtCreateTransaction",
+        "NtCreateToken",
+        "NtCreateLowBoxToken",
+        "NtCreateTokenEx",
+        "NtCreateTimer",
+        "NtCreateThreadEx",
+        "NtCreateThread",
+        "NtCreateSymbolicLinkObject",
+        "NtCreateSemaphore",
+        "NtCreateSection",
+        "NtCreateResourceManager",
+        "NtCreateProfileEx",
+        "NtCreateProfile",
+        "NtCreateProcessEx",
+        "NtCreateProcess",
+        "NtCreatePrivateNamespace",
+        "NtCreatePort",
+        "NtCreatePagingFile",
+        "NtCreateNamedPipeFile",
+        "NtCreateMutant",
+        "NtCreateMailslotFile",
+        "NtCreateKeyTransacted",
+        "NtCreateKeyedEvent",
+        "NtCreateKey",
+        "NtCreateJobSet",
+        "NtCreateJobObject",
+        "NtCreateIRTimer",
+        "NtCreateTimer2",
+        "NtCreateIoCompletion",
+        "NtCreateFile",
+        "NtCreateEventPair",
+        "NtCreateEvent",
+        "NtCreateEnlistment",
+        "NtCreateEnclave",
+        "NtCreateDirectoryObjectEx",
+        "NtCreateDirectoryObject",
+        "NtCreateDebugObject",
+        "NtConvertBetweenAuxiliaryCounterAndPerformanceCounter",
+        "NtContinue",
+        "NtConnectPort",
+        "NtCompressKey",
+        "NtCompleteConnectPort",
+        "NtCompareTokens",
+        "NtCompareSigningLevels",
+        "NtCompareObjects",
+        "NtCompactKeys",
+        "NtCommitTransaction",
+        "NtCommitEnlistment",
+        "NtCommitComplete",
+        "NtCloseObjectAuditAlarm",
+        "NtClose",
+        "NtClearEvent",
+        "NtCancelWaitCompletionPacket",
+        "NtCancelTimer",
+        "NtCancelSynchronousIoFile",
+        "NtCancelIoFileEx",
+        "NtCancelIoFile",
+        "NtCallbackReturn",
+        "NtAssociateWaitCompletionPacket",
+        "NtAssignProcessToJobObject",
+        "NtAreMappedFilesTheSame",
+        "NtApphelpCacheControl",
+        "NtAlpcSetInformation",
+        "NtAlpcSendWaitReceivePort",
+        "NtAlpcRevokeSecurityContext",
+        "NtAlpcQueryInformationMessage",
+        "NtAlpcQueryInformation",
+        "NtAlpcOpenSenderThread",
+        "NtAlpcOpenSenderProcess",
+        "NtAlpcImpersonateClientOfPort",
+        "NtAlpcImpersonateClientContainerOfPort",
+        "NtAlpcDisconnectPort",
+        "NtAlpcDeleteSecurityContext",
+        "NtAlpcDeleteSectionView",
+        "NtAlpcDeleteResourceReserve",
+        "NtAlpcDeletePortSection",
+        "NtAlpcCreateSecurityContext",
+        "NtAlpcCreateSectionView",
+        "NtAlpcCreateResourceReserve",
+        "NtAlpcCreatePortSection",
+        "NtAlpcCreatePort",
+        "NtAlpcConnectPort",
+        "NtAlpcConnectPortEx",
+        "NtAlpcCancelMessage",
+        "NtAlpcAcceptConnectPort",
+        "NtAllocateVirtualMemory",
+        "NtAllocateUuids",
+        "NtAllocateUserPhysicalPages",
+        "NtAllocateReserveObject",
+        "NtAllocateLocallyUniqueId",
+        "NtAlertThreadByThreadId",
+        "NtAlertThread",
+        "NtAlertResumeThread",
+        "NtAdjustPrivilegesToken",
+        "NtAdjustGroupsToken",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAddDriverEntry",
+        "NtAddBootEntry",
+        "NtAddAtom",
+        "NtAddAtomEx",
+        "NtAcquireProcessActivityReference",
+        "NtAccessCheckByTypeResultListAndAuditAlarmByHandle",
+        "NtAccessCheckByTypeResultListAndAuditAlarm",
+        "NtAccessCheckByTypeResultList",
+        "NtAccessCheckByTypeAndAuditAlarm",
+        "NtAccessCheckByType",
+        "NtAccessCheckAndAuditAlarm",
+        "NtSetInformationSymbolicLink",
+        "NtCreateRegistryTransaction",
+        "NtOpenRegistryTransaction",
+        "NtCommitRegistryTransaction",
+        "NtRollbackRegistryTransaction"
+    ],
+    [
+        "NtUserGetOwnerTransformedMonitorRect",
+        "NtUserYieldTask",
+        "NtUserSetSensorPresence",
+        "NtGdiWidenPath",
+        "NtGdiUpdateColors",
+        "NtGdiUnrealizeObject",
+        "NtGdiUnmapMemFont",
+        "NtGdiUnloadPrinterDriver",
+        "NtGdiTransparentBlt",
+        "NtGdiTransformPoints",
+        "NtGdiScaleRgn",
+        "NtGdiScaleValues",
+        "NtGdiGetDCDpiScaleValue",
+        "NtGdiGetBitmapDpiScaleValue",
+        "NtGdiSwapBuffers",
+        "NtGdiStrokePath",
+        "NtGdiStrokeAndFillPath",
+        "NtGdiStretchDIBitsInternal",
+        "NtGdiStretchBlt",
+        "NtGdiStartPage",
+        "NtGdiStartDoc",
+        "NtGdiSetSizeDevice",
+        "NtGdiSetVirtualResolution",
+        "NtGdiSetTextJustification",
+        "NtGdiSetSystemPaletteUse",
+        "NtGdiSetRectRgn",
+        "NtGdiSetPixelFormat",
+        "NtGdiSetPixel",
+        "NtGdiSetOPMSigningKeyAndSequenceNumbers",
+        "NtGdiSetLayout",
+        "NtGdiMirrorWindowOrg",
+        "NtGdiGetDeviceWidth",
+        "NtGdiSetMiterLimit",
+        "NtGdiSetMetaRgn",
+        "NtGdiSetMagicColors",
+        "NtGdiSetLinkedUFIs",
+        "NtGdiSetIcmMode",
+        "NtGdiSetFontXform",
+        "NtGdiSetFontEnumeration",
+        "NtGdiSetDIBitsToDeviceInternal",
+        "NtGdiSetDeviceGammaRamp",
+        "NtGdiGetGammaRampCapability",
+        "NtGdiSetPrivateDeviceGammaRamp",
+        "NtGdiGetAppliedDeviceGammaRamp",
+        "NtGdiSetColorSpace",
+        "NtGdiSetColorAdjustment",
+        "NtGdiSetBrushOrg",
+        "NtGdiSetBrushAttributes",
+        "NtGdiSetBoundsRect",
+        "NtGdiSetBitmapDimension",
+        "NtGdiSetBitmapBits",
+        "NtGdiSetBitmapAttributes",
+        "NtGdiSelectPen",
+        "NtGdiSelectFont",
+        "NtGdiSelectClipPath",
+        "NtGdiSelectBrush",
+        "NtGdiSelectBitmap",
+        "NtGdiScaleWindowExtEx",
+        "NtGdiScaleViewportExtEx",
+        "NtGdiSaveDC",
+        "NtGdiRoundRect",
+        "NtGdiRestoreDC",
+        "NtGdiResizePalette",
+        "NtGdiResetDC",
+        "NtGdiRemoveFontMemResourceEx",
+        "NtGdiRemoveFontResourceW",
+        "NtGdiRectVisible",
+        "NtGdiRectInRegion",
+        "NtGdiRectangle",
+        "NtGdiQueryFontAssocInfo",
+        "NtGdiQueryFonts",
+        "NtGdiPtVisible",
+        "NtGdiPtInRegion",
+        "NtGdiPolyTextOutW",
+        "NtGdiPolyPolyDraw",
+        "NtGdiPolyDraw",
+        "NtGdiPlgBlt",
+        "NtGdiPathToRegion",
+        "NtGdiPolyPatBlt",
+        "NtGdiPatBlt",
+        "NtGdiOpenDCW",
+        "NtGdiOffsetRgn",
+        "NtGdiOffsetClipRgn",
+        "NtGdiMoveTo",
+        "NtGdiMonoBitmap",
+        "NtGdiModifyWorldTransform",
+        "NtGdiMaskBlt",
+        "NtGdiMakeInfoDC",
+        "NtGdiMakeFontDir",
+        "NtGdiLineTo",
+        "NtGdiInvertRgn",
+        "NtGdiIntersectClipRect",
+        "NtGdiInitSpool",
+        "NtGdiInit",
+        "NtGdiIcmBrushInfo",
+        "NtGdiHfontCreate",
+        "NtGdiGradientFill",
+        "NtGdiGetWidthTable",
+        "NtGdiGetFontUnicodeRanges",
+        "NtGdiAddEmbFontToDC",
+        "NtGdiChangeGhostFont",
+        "NtGdiGetEmbedFonts",
+        "NtGdiGetUFIPathname",
+        "NtGdiGetEmbUFI",
+        "NtGdiGetUFI",
+        "NtGdiGetTransform",
+        "NtGdiGetTextMetricsW",
+        "NtGdiGetTextFaceW",
+        "NtGdiGetTextExtentExW",
+        "NtGdiGetTextExtent",
+        "NtGdiGetTextCharsetInfo",
+        "NtGdiGetSystemPaletteUse",
+        "NtGdiGetSuggestedOPMProtectedOutputArraySize",
+        "NtGdiGetStringBitmapW",
+        "NtGdiGetStats",
+        "NtGdiGetSpoolMessage",
+        "NtGdiGetServerMetaFileBits",
+        "NtGdiGetRgnBox",
+        "NtGdiGetRegionData",
+        "NtGdiGetRealizationInfo",
+        "NtGdiGetRasterizerCaps",
+        "NtGdiGetRandomRgn",
+        "NtGdiGetPixel",
+        "NtGdiGetPath",
+        "NtGdiGetOutlineTextMetricsInternalW",
+        "NtGdiGetOPMRandomNumber",
+        "NtGdiGetObjectBitmapHandle",
+        "NtGdiGetNearestPaletteIndex",
+        "NtGdiGetNearestColor",
+        "NtGdiGetMonitorID",
+        "NtGdiGetMiterLimit",
+        "NtGdiGetLinkedUFIs",
+        "NtGdiGetKerningPairs",
+        "NtGdiGetOPMInformation",
+        "NtGdiGetGlyphOutline",
+        "NtGdiGetGlyphIndicesWInternal",
+        "NtGdiGetGlyphIndicesW",
+        "NtGdiGetFontResourceInfoInternalW",
+        "NtGdiGetFontFileInfo",
+        "NtGdiGetFontFileData",
+        "NtGdiGetFontData",
+        "NtGdiGetEudcTimeStampEx",
+        "NtGdiGetETM",
+        "NtGdiGetEntry",
+        "NtGdiGetDIBitsInternal",
+        "NtGdiGetDeviceCapsAll",
+        "NtGdiGetDeviceGammaRamp",
+        "NtGdiGetDeviceCaps",
+        "NtGdiGetDCPoint",
+        "NtGdiGetDCObject",
+        "NtGdiGetDCforBitmap",
+        "NtGdiGetDCDword",
+        "NtGdiGetCurrentDpiInfo",
+        "NtGdiGetCOPPCompatibleOPMInformation",
+        "NtGdiGetColorSpaceforBitmap",
+        "NtGdiGetColorAdjustment",
+        "NtGdiGetCharWidthInfo",
+        "NtGdiGetCharWidthW",
+        "NtGdiGetCharSet",
+        "NtGdiGetCharacterPlacementW",
+        "NtGdiGetCharABCWidthsW",
+        "NtGdiGetCertificateSize",
+        "NtGdiGetCertificate",
+        "NtGdiGetCertificateSizeByHandle",
+        "NtGdiGetCertificateByHandle",
+        "NtGdiGetBoundsRect",
+        "NtGdiGetBitmapDimension",
+        "NtGdiGetBitmapBits",
+        "NtGdiGetAppClipBox",
+        "NtGdiGetAndSetDCDword",
+        "NtGdiFullscreenControl",
+        "NtGdiFrameRgn",
+        "NtGdiForceUFIMapping",
+        "NtGdiFlush",
+        "NtGdiFlattenPath",
+        "NtGdiFillRgn",
+        "NtGdiFillPath",
+        "NtGdiExtTextOutW",
+        "NtGdiExtSelectClipRgn",
+        "NtGdiExtGetObjectW",
+        "NtGdiExtFloodFill",
+        "NtGdiExtEscape",
+        "NtGdiExtCreateRegion",
+        "NtGdiExtCreatePen",
+        "NtGdiExcludeClipRect",
+        "NtGdiEudcLoadUnloadLink",
+        "NtGdiEqualRgn",
+        "NtGdiEnumObjects",
+        "NtGdiEnumFonts",
+        "NtGdiEndPath",
+        "NtGdiEndPage",
+        "NtGdiEndGdiRendering",
+        "NtGdiEndDoc",
+        "NtGdiEnableEudc",
+        "NtGdiEllipse",
+        "NtGdiDrawEscape",
+        "NtGdiDoPalette",
+        "NtGdiDoBanding",
+        "NtGdiGetPerBandInfo",
+        "NtGdiDestroyOPMProtectedOutput",
+        "NtGdiDescribePixelFormat",
+        "NtGdiDeleteObjectApp",
+        "NtGdiDeleteColorTransform",
+        "NtGdiDeleteColorSpace",
+        "NtGdiDeleteClientObj",
+        "NtGdiCreateSolidBrush",
+        "NtGdiCreateServerMetaFile",
+        "NtGdiCreateRoundRectRgn",
+        "NtGdiCreateRectRgn",
+        "NtGdiCreatePen",
+        "NtGdiCreatePatternBrushInternal",
+        "NtGdiCreatePaletteInternal",
+        "NtGdiCreateOPMProtectedOutputs",
+        "NtGdiCreateOPMProtectedOutput",
+        "NtGdiCreateMetafileDC",
+        "NtGdiCreateHatchBrushInternal",
+        "NtGdiCreateHalftonePalette",
+        "NtGdiCreateEllipticRgn",
+        "NtGdiCreateSessionMappedDIBSection",
+        "NtGdiCreateDIBSection",
+        "NtGdiCreateDIBitmapInternal",
+        "NtGdiCreateDIBBrush",
+        "NtGdiCreateCompatibleDC",
+        "NtGdiCreateCompatibleBitmap",
+        "NtGdiCreateColorTransform",
+        "NtGdiCreateColorSpace",
+        "NtGdiCreateClientObj",
+        "NtGdiCreateBitmapFromDxSurface2",
+        "NtGdiCreateBitmapFromDxSurface",
+        "NtGdiCreateBitmap",
+        "NtGdiConvertMetafileRect",
+        "NtGdiConfigureOPMProtectedOutput",
+        "NtGdiComputeXformCoefficients",
+        "NtGdiCombineTransform",
+        "NtGdiCombineRgn",
+        "NtGdiColorCorrectPalette",
+        "NtGdiClearBrushAttributes",
+        "NtGdiClearBitmapAttributes",
+        "NtGdiCloseFigure",
+        "NtGdiCheckBitmapBits",
+        "NtGdiCancelDC",
+        "NtGdiBitBlt",
+        "NtGdiBeginPath",
+        "NtGdiBeginGdiRendering",
+        "NtGdiArcInternal",
+        "NtGdiFontIsLinked",
+        "NtGdiAnyLinkedFonts",
+        "NtGdiAngleArc",
+        "NtGdiAlphaBlend",
+        "NtGdiAddRemoteMMInstanceToDC",
+        "NtGdiRemoveMergeFont",
+        "NtGdiAddFontMemResourceEx",
+        "NtGdiAddRemoteFontToDC",
+        "NtGdiAddFontResourceW",
+        "NtGdiAbortPath",
+        "NtGdiAbortDoc",
+        "NtUserDefSetText",
+        "NtUserDeferWindowPosAndBand",
+        "NtUserDdeInitialize",
+        "NtUserCanBrokerForceForeground",
+        "NtUserCreateWindowStation",
+        "NtUserCreateWindowEx",
+        "NtUserCreateLocalMemHandle",
+        "NtUserCreateInputContext",
+        "NtUserCreateDesktopEx",
+        "NtUserCreateCaret",
+        "NtUserCreateAcceleratorTable",
+        "NtUserCountClipboardFormats",
+        "NtUserCopyAcceleratorTable",
+        "NtUserConvertMemHandle",
+        "NtUserConsoleControl",
+        "NtUserCloseWindowStation",
+        "NtUserCloseDesktop",
+        "NtUserCloseClipboard",
+        "NtUserClipCursor",
+        "NtUserChildWindowFromPointEx",
+        "NtUserCheckMenuItem",
+        "NtUserCheckWindowThreadDesktop",
+        "NtUserDwmValidateWindow",
+        "NtUserCheckAccessForIntegrityLevel",
+        "NtUserDisplayConfigSetDeviceInfo",
+        "NtUserDisplayConfigGetDeviceInfo",
+        "NtUserQueryDisplayConfig",
+        "NtUserSetDisplayConfig",
+        "NtUserFunctionalizeDisplayConfig",
+        "NtUserGetDisplayConfigBufferSizes",
+        "NtUserChangeDisplaySettings",
+        "NtUserChangeClipboardChain",
+        "NtUserCallTwoParam",
+        "NtUserCallOneParam",
+        "NtUserCallNoParam",
+        "NtUserCallNextHookEx",
+        "NtUserCallMsgFilter",
+        "NtUserCallHwndParamLock",
+        "NtUserCallHwndParam",
+        "NtUserCallHwndOpt",
+        "NtUserCallHwndLock",
+        "NtUserCallHwnd",
+        "NtUserBroadcastThemeChangeEvent",
+        "NtUserBuildPropList",
+        "NtUserBuildNameList",
+        "NtUserBuildHwndList",
+        "NtUserBuildHimcList",
+        "NtUserBlockInput",
+        "NtUserBitBltSysBmp",
+        "NtUserBeginPaint",
+        "NtUserAttachThreadInput",
+        "NtUserAssociateInputContext",
+        "NtUserAlterWindowStyle",
+        "NtUserAddClipboardFormatListener",
+        "NtUserActivateKeyboardLayout",
+        "NtUserDelegateCapturePointers",
+        "NtUserDelegateInput",
+        "NtUserDispatchMessage",
+        "NtUserDisableProcessWindowFiltering",
+        "NtUserDisableThreadIme",
+        "NtUserDestroyWindow",
+        "NtUserDestroyMenu",
+        "NtUserDestroyInputContext",
+        "NtUserDestroyCursor",
+        "NtUserDestroyAcceleratorTable",
+        "NtUserDeleteMenu",
+        "NtUserDoSoundDisconnect",
+        "NtUserDoSoundConnect",
+        "NtUserGhostWindowFromHungWindow",
+        "NtUserGetWOWClass",
+        "NtUserGetWindowPlacement",
+        "NtUserGetWindowDisplayAffinity",
+        "NtUserGetWindowDC",
+        "NtUserGetWindowCompositionAttribute",
+        "NtUserGetWindowCompositionInfo",
+        "NtUserGetWindowBand",
+        "NtUserGetUpdateRgn",
+        "NtUserGetUpdateRect",
+        "NtUserGetUpdatedClipboardFormats",
+        "NtUserGetTopLevelWindow",
+        "NtUserGetTitleBarInfo",
+        "NtUserGetThreadState",
+        "NtUserGetThreadDesktop",
+        "NtUserGetSystemMenu",
+        "NtUserGetScrollBarInfo",
+        "NtUserGetRegisteredRawInputDevices",
+        "NtUserGetRawInputDeviceList",
+        "NtUserGetRawInputDeviceInfo",
+        "NtUserGetRawInputData",
+        "NtUserGetRawInputBuffer",
+        "NtUserGetProcessDpiAwarenessContext",
+        "NtUserGetProcessWindowStation",
+        "NtUserGetPriorityClipboardFormat",
+        "NtUserGetOpenClipboardWindow",
+        "NtUserGetObjectInformation",
+        "NtUserGetMouseMovePointsEx",
+        "NtUserGetMessage",
+        "NtUserGetMenuItemRect",
+        "NtUserGetMenuIndex",
+        "NtUserGetMenuBarInfo",
+        "NtUserGetListBoxInfo",
+        "NtUserGetKeyState",
+        "NtUserGetKeyNameText",
+        "NtUserGetKeyboardState",
+        "NtUserGetKeyboardLayoutName",
+        "NtUserGetKeyboardLayoutList",
+        "NtUserGetInternalWindowPos",
+        "NtUserGetInputLocaleInfo",
+        "NtUserGetImeInfoEx",
+        "NtUserGetImeHotKey",
+        "NtUserGetIconSize",
+        "NtUserGetIconInfo",
+        "NtUserGetGUIThreadInfo",
+        "NtUserGetGuiResources",
+        "NtUserGetForegroundWindow",
+        "NtUserGetDoubleClickTime",
+        "NtUserGetDesktopID",
+        "NtUserGetDCEx",
+        "NtUserGetDC",
+        "NtUserGetCursorInfo",
+        "NtUserGetCursorFrameInfo",
+        "NtUserGetCurrentInputMessageSource",
+        "NtUserGetCIMSSM",
+        "NtUserGetCPD",
+        "NtUserGetControlColor",
+        "NtUserGetControlBrush",
+        "NtUserGetComboBoxInfo",
+        "NtUserGetClipCursor",
+        "NtUserGetClipboardViewer",
+        "NtUserGetClipboardSequenceNumber",
+        "NtUserGetClipboardOwner",
+        "NtUserGetClipboardFormatName",
+        "NtUserGetClipboardData",
+        "NtUserGetClassName",
+        "NtUserGetClassInfoEx",
+        "NtUserGetCaretPos",
+        "NtUserGetCaretBlinkTime",
+        "NtUserGetAtomName",
+        "NtUserGetAsyncKeyState",
+        "NtUserGetAppImeLevel",
+        "NtUserGetAncestor",
+        "NtUserGetAltTabInfo",
+        "NtUserFrostCrashedWindow",
+        "NtUserFlashWindowEx",
+        "NtUserFindWindowEx",
+        "NtUserFindExistingCursorIcon",
+        "NtUserFillWindow",
+        "NtUserExcludeUpdateRgn",
+        "NtUserEvent",
+        "NtUserEnumDisplaySettings",
+        "NtUserEnumDisplayMonitors",
+        "NtUserEnumDisplayDevices",
+        "NtUserEndPaint",
+        "NtUserEndMenu",
+        "NtUserEndDeferWindowPosEx",
+        "NtUserEnableScrollBar",
+        "NtUserEnableMenuItem",
+        "NtUserEmptyClipboard",
+        "NtUserDrawMenuBarTemp",
+        "NtUserDrawIconEx",
+        "NtUserDrawCaptionTemp",
+        "NtUserDrawCaption",
+        "NtUserDrawAnimatedRects",
+        "NtUserDragObject",
+        "NtUserDragDetect",
+        "NtUserHandleDelegatedInput",
+        "NtUserInheritWindowMonitor",
+        "NtUserRealChildWindowFromPoint",
+        "NtUserQueryWindow",
+        "NtUserQuerySendMessage",
+        "NtUserQueryInputContext",
+        "NtUserQueryInformationThread",
+        "NtUserQueryBSDRWindow",
+        "NtUserPerMonitorDPIPhysicalToLogicalPoint",
+        "NtUserProcessConnect",
+        "NtUserPrintWindow",
+        "NtUserPostThreadMessage",
+        "NtUserPostMessage",
+        "NtUserPhysicalToLogicalPoint",
+        "NtUserPeekMessage",
+        "NtUserPaintMonitor",
+        "NtUserPaintDesktop",
+        "NtUserOpenWindowStation",
+        "NtUserOpenThreadDesktop",
+        "NtUserOpenInputDesktop",
+        "NtUserOpenDesktop",
+        "NtUserOpenClipboard",
+        "NtUserNotifyWinEvent",
+        "NtUserNotifyProcessCreate",
+        "NtUserNotifyIMEStatus",
+        "NtUserMoveWindow",
+        "NtUserModifyUserStartupInfoFlags",
+        "NtUserMNDragOver",
+        "NtUserMNDragLeave",
+        "NtUserMinMaximize",
+        "NtUserMessageCall",
+        "NtUserMenuItemFromPoint",
+        "NtUserMapVirtualKeyEx",
+        "NtUserLayoutCompleted",
+        "NtUserLogicalToPerMonitorDPIPhysicalPoint",
+        "NtUserLogicalToPhysicalPoint",
+        "NtUserLockCursor",
+        "NtUserLockWorkStation",
+        "NtUserLockWindowUpdate",
+        "NtUserLockWindowStation",
+        "NtUserLoadKeyboardLayoutEx",
+        "NtUserKillTimer",
+        "NtUserIsTopLevelWindow",
+        "NtUserIsClipboardFormatAvailable",
+        "NtUserInvalidateRgn",
+        "NtUserInvalidateRect",
+        "NtUserInternalGetWindowIcon",
+        "NtUserInternalGetWindowText",
+        "NtUserInitTask",
+        "NtUserInitializeClientPfnArrays",
+        "NtUserInitialize",
+        "NtUserImpersonateDdeClientWindow",
+        "NtUserHungWindowFromGhostWindow",
+        "NtUserHiliteMenuItem",
+        "NtUserHideCaret",
+        "NtUserHardErrorControl",
+        "NtUserRealInternalGetMessage",
+        "NtUserRealWaitMessageEx",
+        "NtUserReleaseDwmHitTestWaiters",
+        "NtUserTranslateMessage",
+        "NtUserTranslateAccelerator",
+        "NtUserPaintMenuBar",
+        "NtUserCalcMenuBar",
+        "NtUserCalculatePopupWindowPosition",
+        "NtUserTrackPopupMenuEx",
+        "NtUserTrackMouseEvent",
+        "NtUserToUnicodeEx",
+        "NtUserThunkedMenuItemInfo",
+        "NtUserThunkedMenuInfo",
+        "NtUserTestForInteractiveUser",
+        "NtUserSendEventMessage",
+        "NtUserSystemParametersInfo",
+        "NtUserSystemParametersInfoForDpi",
+        "NtUserSwitchDesktop",
+        "NtUserSoundSentry",
+        "NtUserShutdownReasonDestroy",
+        "NtUserShutdownBlockReasonQuery",
+        "NtUserShutdownBlockReasonCreate",
+        "NtUserShowWindowAsync",
+        "NtUserShowWindow",
+        "NtUserShowScrollBar",
+        "NtUserShowCaret",
+        "NtUserSetWinEventHook",
+        "NtUserSetWindowWord",
+        "NtUserSetWindowStationUser",
+        "NtUserSetWindowsHookEx",
+        "NtUserSetWindowsHookAW",
+        "NtUserSetWindowRgnEx",
+        "NtUserGetWindowRgnEx",
+        "NtUserSetWindowRgn",
+        "NtUserSetWindowPos",
+        "NtUserSetWindowPlacement",
+        "NtUserSetWindowLong",
+        "NtUserSetWindowFNID",
+        "NtUserSetWindowDisplayAffinity",
+        "NtUserSetWindowCompositionTransition",
+        "NtUserUpdateDefaultDesktopThumbnail",
+        "NtUserSetWindowCompositionAttribute",
+        "NtUserSetWindowBand",
+        "NtUserSetProcessUIAccessZorder",
+        "NtUserSetProcessDpiAwarenessContext",
+        "NtUserEnableChildWindowDpiMessage",
+        "NtUserIsChildWindowDpiMessageEnabled",
+        "NtUserEnableNonClientDpiScaling",
+        "NtUserIsNonClientDpiScalingEnabled",
+        "NtUserSetDialogControlDpiChangeBehavior",
+        "NtUserIsWindowBroadcastingDpiToChildren",
+        "NtUserEnableWindowGDIScaledDpiMessage",
+        "NtUserIsWindowGDIScaledDpiMessageEnabled",
+        "NtUserSetTimer",
+        "NtUserSetThreadState",
+        "NtUserSetThreadLayoutHandles",
+        "NtUserSetThreadDesktop",
+        "NtUserSetThreadInputBlocked",
+        "NtUserSetSystemTimer",
+        "NtUserSetSystemMenu",
+        "NtUserSetSystemCursor",
+        "NtUserSetSysColors",
+        "NtUserSetShellWindowEx",
+        "NtUserSetScrollInfo",
+        "NtUserSetProp",
+        "NtUserGetProp",
+        "NtUserSetProcessWindowStation",
+        "NtUserSetParent",
+        "NtUserSetObjectInformation",
+        "NtUserSetMenuFlagRtoL",
+        "NtUserSetMenuDefaultItem",
+        "NtUserSetMenuContextHelpId",
+        "NtUserSetMenu",
+        "NtUserSetKeyboardState",
+        "NtUserSetInternalWindowPos",
+        "NtUserSetInformationThread",
+        "NtUserSetImeOwnerWindow",
+        "NtUserSetImeInfoEx",
+        "NtUserSetImeHotKey",
+        "NtUserSetFocus",
+        "NtUserSetCursorIconData",
+        "NtUserSetCursorContents",
+        "NtUserSetCursor",
+        "NtUserSetClipboardViewer",
+        "NtUserSetClipboardData",
+        "NtUserSetClassWord",
+        "NtUserSetClassLong",
+        "NtUserSetChildWindowNoActivate",
+        "NtUserSetCapture",
+        "NtUserSetAppImeLevel",
+        "NtUserSetActiveWindow",
+        "NtUserSendInput",
+        "NtUserSelectPalette",
+        "NtUserScrollWindowEx",
+        "NtUserScrollDC",
+        "NtUserSBGetParms",
+        "NtUserResolveDesktopForWOW",
+        "NtUserRemoveProp",
+        "NtUserRemoveMenu",
+        "NtUserRemoveClipboardFormatListener",
+        "NtUserRegisterWindowMessage",
+        "NtUserRegisterTasklist",
+        "NtUserRegisterServicesProcess",
+        "NtUserRegisterRawInputDevices",
+        "NtUserRegisterHotKey",
+        "NtUserRegisterDManipHook",
+        "NtUserGetDManipHookInitFunction",
+        "NtUserRegisterManipulationThread",
+        "NtUserSetManipulationInputTarget",
+        "NtUserRegisterUserApiHook",
+        "NtUserRegisterErrorReportingDialog",
+        "NtUserRegisterClassExWOW",
+        "NtUserRegisterBSDRWindow",
+        "NtUserRedrawWindow",
+        "NtUserUndelegateInput",
+        "NtUserGetWindowMinimizeRect",
+        "NtUserDwmGetRemoteSessionOcclusionEvent",
+        "NtUserDwmGetRemoteSessionOcclusionState",
+        "NtUserDwmKernelShutdown",
+        "NtUserDwmKernelStartup",
+        "NtUserCheckProcessSession",
+        "NtUserUnregisterSessionPort",
+        "NtUserRegisterSessionPort",
+        "NtUserCtxDisplayIOCtl",
+        "NtUserRemoteStopScreenUpdates",
+        "NtUserRemoteRedrawScreen",
+        "NtUserRemoteRedrawRectangle",
+        "NtUserRemoteConnect",
+        "NtUserWaitAvailableMessageEx",
+        "NtUserWindowFromPoint",
+        "NtUserWindowFromPhysicalPoint",
+        "NtUserWaitMessage",
+        "NtUserWaitForMsgAndEvent",
+        "NtUserWaitForInputIdle",
+        "NtUserVkKeyScanEx",
+        "NtUserValidateTimerCallback",
+        "NtUserValidateRect",
+        "NtUserValidateHandleSecure",
+        "NtUserUserHandleGrantAccess",
+        "NtUserUpdatePerUserSystemParameters",
+        "NtUserSetLayeredWindowAttributes",
+        "NtUserGetLayeredWindowAttributes",
+        "NtUserUpdateLayeredWindow",
+        "NtUserUpdateInstance",
+        "NtUserUpdateInputContext",
+        "NtUserUnregisterHotKey",
+        "NtUserUnregisterUserApiHook",
+        "NtUserUnregisterClass",
+        "NtUserUnlockWindowStation",
+        "NtUserUnloadKeyboardLayout",
+        "NtUserUnhookWinEvent",
+        "NtUserUnhookWindowsHookEx",
+        "NtUserGetTouchInputInfo",
+        "NtUserIsTouchWindow",
+        "NtUserModifyWindowTouchCapability",
+        "NtGdiEngStretchBltROP",
+        "NtGdiEngTextOut",
+        "NtGdiEngTransparentBlt",
+        "NtGdiEngGradientFill",
+        "NtGdiEngAlphaBlend",
+        "NtGdiEngLineTo",
+        "NtGdiEngPaint",
+        "NtGdiEngStrokeAndFillPath",
+        "NtGdiEngFillPath",
+        "NtGdiEngStrokePath",
+        "NtGdiEngMarkBandingSurface",
+        "NtGdiEngPlgBlt",
+        "NtGdiEngStretchBlt",
+        "NtGdiEngBitBlt",
+        "NtGdiEngLockSurface",
+        "NtGdiEngUnlockSurface",
+        "NtGdiEngEraseSurface",
+        "NtGdiEngDeleteSurface",
+        "NtGdiEngDeletePalette",
+        "NtGdiEngCopyBits",
+        "NtGdiEngComputeGlyphSet",
+        "NtGdiEngCreatePalette",
+        "NtGdiEngCreateDeviceBitmap",
+        "NtGdiEngCreateDeviceSurface",
+        "NtGdiEngCreateBitmap",
+        "NtGdiEngAssociateSurface",
+        "NtUserSetWindowFeedbackSetting",
+        "NtUserRegisterEdgy",
+        "NtUserRegisterShellPTPListener",
+        "NtUserGetWindowFeedbackSetting",
+        "NtUserHidePointerContactVisualization",
+        "NtUserGetTouchValidationStatus",
+        "NtUserInitializeTouchInjection",
+        "NtUserInjectTouchInput",
+        "NtUserRegisterTouchHitTestingWindow",
+        "NtUserSetDisplayMapping",
+        "NtUserSetCalibrationData",
+        "NtUserGetPhysicalDeviceRect",
+        "NtUserRegisterTouchPadCapable",
+        "NtUserGetRawPointerDeviceData",
+        "NtUserGetPointerDeviceCursors",
+        "NtUserGetPointerDeviceRects",
+        "NtUserRegisterPointerDeviceNotifications",
+        "NtUserGetPointerDeviceProperties",
+        "NtUserGetPointerDevice",
+        "NtUserGetPointerDevices",
+        "NtUserEnableTouchPad",
+        "NtUserGetPrecisionTouchPadConfiguration",
+        "NtUserSetPrecisionTouchPadConfiguration",
+        "NtUserPromotePointer",
+        "NtUserDiscardPointerFrameMessages",
+        "NtUserRegisterPointerInputTarget",
+        "NtUserGetPointerFrameArrivalTimes",
+        "NtUserGetPointerInputTransform",
+        "NtUserGetPointerInfoList",
+        "NtUserGetPointerCursorId",
+        "NtUserGetPointerType",
+        "NtUserGetGestureConfig",
+        "NtUserSetGestureConfig",
+        "NtUserGetGestureExtArgs",
+        "NtUserGetGestureInfo",
+        "NtUserInjectGesture",
+        "NtUserChangeWindowMessageFilterEx",
+        "NtGdiXLATEOBJ_hGetColorTransform",
+        "NtGdiXLATEOBJ_iXlate",
+        "NtGdiXLATEOBJ_cGetPalette",
+        "NtGdiEngDeleteClip",
+        "NtGdiEngCreateClip",
+        "NtGdiEngDeletePath",
+        "NtGdiCLIPOBJ_ppoGetPath",
+        "NtGdiCLIPOBJ_cEnumStart",
+        "NtGdiCLIPOBJ_bEnum",
+        "NtGdiBRUSHOBJ_hGetColorTransform",
+        "NtGdiBRUSHOBJ_pvGetRbrush",
+        "NtGdiBRUSHOBJ_pvAllocRbrush",
+        "NtGdiBRUSHOBJ_ulGetBrushColor",
+        "NtGdiXFORMOBJ_iGetXform",
+        "NtGdiXFORMOBJ_bApplyXform",
+        "NtGdiFONTOBJ_pQueryGlyphAttrs",
+        "NtGdiFONTOBJ_pfdg",
+        "NtGdiFONTOBJ_pifi",
+        "NtGdiFONTOBJ_cGetGlyphs",
+        "NtGdiFONTOBJ_pxoGetXform",
+        "NtGdiFONTOBJ_vGetInfo",
+        "NtGdiFONTOBJ_cGetAllGlyphHandles",
+        "NtGdiFONTOBJ_pvTrueTypeFontFile",
+        "NtGdiSTROBJ_dwGetCodePage",
+        "NtGdiSTROBJ_vEnumStart",
+        "NtGdiSTROBJ_bGetAdvanceWidths",
+        "NtGdiSTROBJ_bEnumPositionsOnly",
+        "NtGdiSTROBJ_bEnum",
+        "NtGdiPATHOBJ_bEnumClipLines",
+        "NtGdiPATHOBJ_vEnumStartClipLines",
+        "NtGdiPATHOBJ_vEnumStart",
+        "NtGdiPATHOBJ_bEnum",
+        "NtGdiPATHOBJ_vGetBounds",
+        "NtGdiEngCheckAbort",
+        "NtGdiGetDhpdev",
+        "NtGdiHT_Get8BPPMaskPalette",
+        "NtGdiHT_Get8BPPFormatPalette",
+        "NtGdiUpdateTransform",
+        "NtGdiUMPDEngFreeUserMem",
+        "NtGdiBRUSHOBJ_DeleteRbrush",
+        "NtGdiSetPUMPDOBJ",
+        "NtGdiSetUMPDSandboxState",
+        "NtGdiDrawStream",
+        "NtGdiHLSurfSetInformation",
+        "NtGdiHLSurfGetInformation",
+        "NtGdiDwmCreatedBitmapRemotingOutput",
+        "NtGdiDdDDIGetScanLine",
+        "NtGdiDdDDIReleaseProcessVidPnSourceOwners",
+        "NtGdiDdDDIGetProcessSchedulingPriorityClass",
+        "NtGdiDdDDISetProcessSchedulingPriorityClass",
+        "NtGdiDdDDIGetContextSchedulingPriority",
+        "NtGdiDdDDISetContextSchedulingPriority",
+        "NtGdiDdDDIDestroyDCFromMemory",
+        "NtGdiDdDDICreateDCFromMemory",
+        "NtGdiDdDDIGetDeviceState",
+        "NtGdiDdDDISetGammaRamp",
+        "NtGdiDdDDIWaitForVerticalBlankEvent",
+        "NtGdiDdDDIDestroyOverlay",
+        "NtGdiDdDDIFlipOverlay",
+        "NtGdiDdDDIUpdateOverlay",
+        "NtGdiDdDDICreateOverlay",
+        "NtGdiDdDDIGetPresentQueueEvent",
+        "NtGdiDdDDIGetPresentHistory",
+        "NtGdiDdDDISetVidPnSourceOwner1",
+        "NtGdiDdDDISetVidPnSourceOwner",
+        "NtGdiDdDDIQueryStatistics",
+        "NtGdiDdDDIEscape",
+        "NtGdiDdDDIGetSharedPrimaryHandle",
+        "NtGdiDdDDICloseAdapter",
+        "NtGdiDdDDIOpenAdapterFromLuid",
+        "NtGdiDdDDIEnumAdapters",
+        "NtGdiDdDDIEnumAdapters2",
+        "NtGdiDdDDIOpenAdapterFromHdc",
+        "NtGdiDdDDIOpenAdapterFromDeviceName",
+        "NtGdiDdDDIRender",
+        "NtGdiDdDDIPresent",
+        "NtGdiDdDDIGetMultisampleMethodList",
+        "NtGdiDdDDISetDisplayMode",
+        "NtGdiDdDDIGetDisplayModeList",
+        "NtGdiDdDDIUnlock",
+        "NtGdiDdDDILock",
+        "NtGdiDdDDIQueryAdapterInfo",
+        "NtGdiDdDDIGetRuntimeData",
+        "NtGdiDdDDISignalSynchronizationObject",
+        "NtGdiDdDDIWaitForSynchronizationObject",
+        "NtGdiDdDDIDestroySynchronizationObject",
+        "NtGdiDdDDIOpenSynchronizationObject",
+        "NtGdiDdDDICreateSynchronizationObject",
+        "NtGdiDdDDIDestroyContext",
+        "NtGdiDdDDICreateContext",
+        "NtGdiDdDDIDestroyDevice",
+        "NtGdiDdDDICreateDevice",
+        "NtGdiDdDDIQueryAllocationResidency",
+        "NtGdiDdDDISetAllocationPriority",
+        "NtGdiDdDDIDestroyAllocation",
+        "NtGdiDdDDIDestroyAllocation2",
+        "NtGdiDdDDIOpenResourceFromNtHandle",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle2",
+        "NtGdiDdDDIOpenResource",
+        "NtGdiDdDDIOpenNtHandleFromName",
+        "NtGdiDdDDIOpenSyncObjectNtHandleFromName",
+        "NtGdiDdDDIShareObjects",
+        "NtGdiDdDDIQueryResourceInfoFromNtHandle",
+        "NtGdiDdDDIQueryResourceInfo",
+        "NtGdiDdDDICreateAllocation",
+        "NtGdiDdDDIOutputDuplReleaseFrame",
+        "NtGdiDdDDIQueryRemoteVidPnSourceFromGdiDisplayName",
+        "NtGdiDdDDIOutputDuplPresent",
+        "NtGdiDdDDIReleaseKeyedMutex2",
+        "NtGdiDdDDIAcquireKeyedMutex2",
+        "NtGdiDdDDIOpenKeyedMutex2",
+        "NtGdiDdDDICreateKeyedMutex2",
+        "NtGdiDdDDIOutputDuplGetPointerShapeData",
+        "NtGdiDdDDIOutputDuplGetMetaData",
+        "NtGdiDdDDIOutputDuplGetFrameInfo",
+        "NtGdiDdDDIDestroyOutputDupl",
+        "NtGdiDdDDICreateOutputDupl",
+        "NtGdiDdDDIReclaimAllocations",
+        "NtGdiDdDDIOfferAllocations",
+        "NtGdiDdDDICheckSharedResourceAccess",
+        "NtGdiDdDDICheckVidPnExclusiveOwnership",
+        "NtGdiDdDDIGetOverlayState",
+        "NtGdiDdDDIConfigureSharedResource",
+        "NtGdiDdDDIReleaseKeyedMutex",
+        "NtGdiDdDDIAcquireKeyedMutex",
+        "NtGdiDdDDIDestroyKeyedMutex",
+        "NtGdiDdDDIOpenKeyedMutex",
+        "NtGdiDdDDICreateKeyedMutex",
+        "NtGdiDdDDISharedPrimaryUnLockNotification",
+        "NtGdiDdDDISharedPrimaryLockNotification",
+        "NtGdiDdDDISetDisplayPrivateDriverFormat",
+        "NtGdiDdDDICheckExclusiveOwnership",
+        "NtGdiDdDDICheckMonitorPowerState",
+        "NtGdiDdDDIWaitForIdle",
+        "NtGdiDdDDICheckOcclusion",
+        "NtGdiDdDDIInvalidateActiveVidPn",
+        "NtGdiDdDDIPollDisplayChildren",
+        "NtGdiDdDDISetQueuedLimit",
+        "NtGdiDdDDIPinDirectFlipResources",
+        "NtGdiDdDDIUnpinDirectFlipResources",
+        "NtGdiDdDDIWaitForVerticalBlankEvent2",
+        "NtGdiDdDDIGetDWMVerticalBlankEvent",
+        "NtGdiDdDDISetSyncRefreshCountWaitTarget",
+        "NtGdiDdDDISetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetSharedResourceAdapterLuid",
+        "NtGdiDdDDISetStereoEnabled",
+        "NtGdiDdDDIPresentMultiPlaneOverlay",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport",
+        "NtGdiDdDDIMakeResident",
+        "NtGdiDdDDIEvict",
+        "NtGdiDdDDIUpdateAllocationProperty",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromCpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromCpu",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu2",
+        "NtGdiDdDDICreatePagingQueue",
+        "NtGdiDdDDIDestroyPagingQueue",
+        "NtGdiDdDDILock2",
+        "NtGdiDdDDIUnlock2",
+        "NtGdiDdDDIInvalidateCache",
+        "NtGdiDdDDIGetResourcePresentPrivateDriverData",
+        "NtGdiDdDDIMapGpuVirtualAddress",
+        "NtGdiDdDDIReserveGpuVirtualAddress",
+        "NtGdiDdDDIFreeGpuVirtualAddress",
+        "NtGdiDdDDIUpdateGpuVirtualAddress",
+        "NtGdiDdDDICreateContextVirtual",
+        "NtGdiDdDDISubmitCommand",
+        "NtGdiDdDDIGetCachedHybridQueryValue",
+        "NtGdiDdDDICacheHybridQueryValue",
+        "NtGdiDdDDINetDispGetNextChunkInfo",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceSupport",
+        "NtGdiDdDDINetDispStartMiracastDisplayDevice",
+        "NtGdiDdDDINetDispStopMiracastDisplayDevice",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceStatus",
+        "NtGdiDdDDINetDispStopSessions",
+        "NtGdiDdDDIQueryVideoMemoryInfo",
+        "NtGdiDdDDIChangeVideoMemoryReservation",
+        "NtGdiDdDDICreateSwapChain",
+        "NtGdiDdDDIOpenSwapChain",
+        "NtGdiDdDDIGetSetSwapChainMetadata",
+        "NtGdiDdDDIAcquireSwapChain",
+        "NtGdiDdDDIReleaseSwapChain",
+        "NtGdiDdDDIAbandonSwapChain",
+        "NtGdiDdDDISetDodIndirectSwapchain",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport2",
+        "NtGdiDdDDIPresentMultiPlaneOverlay2",
+        "NtGdiDdDDIReclaimAllocations2",
+        "NtGdiDdDDISetStablePowerState",
+        "NtGdiDdDDIQueryClockCalibration",
+        "NtGdiDdDDIQueryVidPnExclusiveOwnership",
+        "NtGdiDdDDIAdjustFullscreenGamma",
+        "NtGdiDdDDISetVidPnSourceHwProtection",
+        "NtGdiDdDDIMarkDeviceAsError",
+        "NtGdiDdDDIFlushHeapTransitions",
+        "NtGdiDdDDISetHwProtectionTeardownRecovery",
+        "NtGdiDdDDIQueryProcessOfferInfo",
+        "NtGdiDdDDITrimProcessCommitment",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport3",
+        "NtGdiDdDDIPresentMultiPlaneOverlay3",
+        "NtGdiDdDDISetFSEBlock",
+        "NtGdiDdDDIQueryFSEBlock",
+        "NtGdiDdDDICreateHwContext",
+        "NtGdiDdDDIDestroyHwContext",
+        "NtGdiDdDDICreateHwQueue",
+        "NtGdiDdDDIDestroyHwQueue",
+        "NtGdiDdDDISubmitCommandToHwQueue",
+        "NtGdiDdDDISubmitWaitForSyncObjectsToHwQueue",
+        "NtGdiDdDDISubmitSignalSyncObjectsToHwQueue",
+        "NtGdiDdDDIGetAllocationPriority",
+        "NtGdiDdDDIGetMultiPlaneOverlayCaps",
+        "NtGdiDdDDIGetPostCompositionCaps",
+        "NtGdiDdDDISetYieldPercentage",
+        "NtGdiDdDDISetProcessSchedulingPriorityBand",
+        "NtGdiDdDDISetMemoryBudgetTarget",
+        "NtGdiDdDDIGetYieldPercentage",
+        "NtGdiDdDDIGetProcessSchedulingPriorityBand",
+        "NtGdiDdDDIGetMemoryBudgetTarget",
+        "NtGdiMakeObjectUnXferable",
+        "NtGdiMakeObjectXferable",
+        "NtGdiDestroyPhysicalMonitor",
+        "NtGdiGetPhysicalMonitorDescription",
+        "NtGdiGetPhysicalMonitors",
+        "NtGdiGetNumberOfPhysicalMonitors",
+        "NtGdiDDCCIGetTimingReport",
+        "NtGdiDDCCIGetCapabilitiesString",
+        "NtGdiDDCCIGetCapabilitiesStringLength",
+        "NtGdiDDCCISaveCurrentSettings",
+        "NtGdiDDCCISetVCPFeature",
+        "NtGdiDDCCIGetVCPFeature",
+        "NtGdiDdQueryVisRgnUniqueness",
+        "NtGdiDdDestroyFullscreenSprite",
+        "NtGdiDdNotifyFullscreenSpriteUpdate",
+        "NtGdiDdCreateFullscreenSprite",
+        "NtGdiGetProcessSessionFonts",
+        "NtGdiGetPublicFontTableChangeCookie",
+        "NtGdiAddInitialFonts",
+        "NtUserShowSystemCursor",
+        "NtUserSetMirrorRendering",
+        "NtUserMagGetContextInformation",
+        "NtUserMagSetContextInformation",
+        "NtUserMagControl",
+        "NtUserSlicerControl",
+        "NtUserHwndSetRedirectionInfo",
+        "NtUserHwndQueryRedirectionInfo",
+        "NtCreateCompositionSurfaceHandle",
+        "NtValidateCompositionSurfaceHandle",
+        "NtBindCompositionSurface",
+        "NtUnBindCompositionSurface",
+        "NtQueryCompositionSurfaceBinding",
+        "NtNotifyPresentToCompositionSurface",
+        "NtQueryCompositionSurfaceStatistics",
+        "NtOpenCompositionSurfaceSectionInfo",
+        "NtOpenCompositionSurfaceSwapChainHandleInfo",
+        "NtQueryCompositionSurfaceRenderingRealization",
+        "NtOpenCompositionSurfaceDirtyRegion",
+        "NtQueryCompositionSurfaceHDRMetaData",
+        "NtSetCompositionSurfaceHDRMetaData",
+        "NtSetCompositionSurfaceDirectFlipState",
+        "NtSetCompositionSurfaceStatistics",
+        "NtSetCompositionSurfaceBufferUsage",
+        "NtSetCompositionSurfaceIndependentFlipInfo",
+        "NtDesktopCaptureBits",
+        "NtDCompositionEnableMMCSS",
+        "NtVisualCaptureBits",
+        "NtDCompositionEnableDDASupport",
+        "NtDCompositionCreateSharedVisualHandle",
+        "NtCreateCompositionInputSink",
+        "NtCreateImplicitCompositionInputSink",
+        "NtDuplicateCompositionInputSink",
+        "NtQueryCompositionInputSink",
+        "NtQueryCompositionInputSinkLuid",
+        "NtQueryCompositionInputSinkViewId",
+        "NtUpdateInputSinkTransforms",
+        "NtCompositionInputThread",
+        "NtQueryCompositionInputQueueAndTransform",
+        "NtQueryCompositionInputIsImplicit",
+        "NtCompositionSetDropTarget",
+        "NtTokenManagerOpenSectionAndEvents",
+        "NtTokenManagerThread",
+        "NtTokenManagerCreateCompositionTokenHandle",
+        "NtTokenManagerGetAnalogExclusiveTokenEvent",
+        "NtTokenManagerGetAnalogExclusiveSurfaceUpdates",
+        "NtTokenManagerConfirmOutstandingAnalogToken",
+        "NtSetCompositionSurfaceAnalogExclusive",
+        "NtDCompositionBeginFrame",
+        "NtDCompositionConfirmFrame",
+        "NtDCompositionRetireFrame",
+        "NtDCompositionDiscardFrame",
+        "NtDCompositionGetFrameSurfaceUpdates",
+        "NtDCompositionGetFrameLegacyTokens",
+        "NtDCompositionDestroyConnection",
+        "NtDCompositionGetConnectionBatch",
+        "NtDCompositionGetFrameStatistics",
+        "NtDCompositionGetDeletedResources",
+        "NtDCompositionCreateConnection",
+        "NtDCompositionDestroyChannel",
+        "NtDCompositionReleaseAllResources",
+        "NtDCompositionSubmitDWMBatch",
+        "NtDCompositionProcessChannelBatchBuffer",
+        "NtDCompositionCommitChannel",
+        "NtDCompositionWaitForChannel",
+        "NtDCompositionSetChannelCommitCompletionEvent",
+        "NtDCompositionTelemetryTouchInteractionBegin",
+        "NtDCompositionTelemetryTouchInteractionUpdate",
+        "NtDCompositionTelemetryTouchInteractionEnd",
+        "NtDCompositionTelemetrySetApplicationId",
+        "NtDCompositionTelemetryAnimationScenarioBegin",
+        "NtDCompositionTelemetryAnimationScenarioReference",
+        "NtDCompositionTelemetryAnimationScenarioUnreference",
+        "NtDCompositionCurrentBatchId",
+        "NtDCompositionRemoveCrossDeviceVisualChild",
+        "NtDCompositionAddCrossDeviceVisualChild",
+        "NtDCompositionCreateDwmChannel",
+        "NtDCompositionCreateChannel",
+        "NtDCompositionSynchronize",
+        "NtDCompositionReferenceSharedResourceOnDwmChannel",
+        "NtDCompositionCreateAndBindSharedSection",
+        "NtDCompositionSetDebugCounter",
+        "NtDCompositionGetChannels",
+        "NtDCompositionConnectPipe",
+        "NtDCompositionRegisterThumbnailVisual",
+        "NtDCompositionRegisterVirtualDesktopVisual",
+        "NtDCompositionDuplicateHandleToProcess",
+        "NtDCompositionUpdatePointerCapture",
+        "NtDCompositionSetChannelCallbackId",
+        "NtDCompositionDuplicateSwapchainHandleToDwm",
+        "NtDCompositionSetChildRootVisual",
+        "NtDCompositionCommitSynchronizationObject",
+        "NtUserDestroyDCompositionHwndTarget",
+        "NtUserCreateDCompositionHwndTarget",
+        "NtUserWaitForRedirectionStartComplete",
+        "NtUserSignalRedirectionStartComplete",
+        "NtUserEnableWindowResizeOptimization",
+        "NtUserGetResizeDCompositionSynchronizationObject",
+        "NtUserEnableResizeLayoutSynchronization",
+        "NtUserBeginLayoutUpdate",
+        "NtUserIsResizeLayoutSynchronizationEnabled",
+        "NtUserConfirmResizeCommit",
+        "NtUserSetActiveProcessForMonitor",
+        "NtUserGetDisplayAutoRotationPreferencesByProcessId",
+        "NtUserGetDisplayAutoRotationPreferences",
+        "NtUserSetDisplayAutoRotationPreferences",
+        "NtUserSetAutoRotation",
+        "NtUserGetAutoRotationState",
+        "NtUserAutoRotateScreen",
+        "NtUserAcquireIAMKey",
+        "NtUserSetActivationFilter",
+        "NtUserSetFallbackForeground",
+        "NtUserSetBrokeredForeground",
+        "NtUserDisableImmersiveOwner",
+        "NtUserClearForeground",
+        "NtUserEnableIAMAccess",
+        "NtUserGetProcessUIContextInformation",
+        "NtUserSetProcessRestrictionExemption",
+        "NtUserSetWindowArrangement",
+        "NtUserSetWindowShowState",
+        "NtUserUpdateWindowTrackingInfo",
+        "NtUserEnableMouseInPointer",
+        "NtUserIsMouseInPointerEnabled",
+        "NtUserPromoteMouseInPointer",
+        "NtUserAutoPromoteMouseInPointer",
+        "NtUserEnableMouseInputForCursorSuppression",
+        "NtUserIsMouseInputEnabled",
+        "NtUserCheckProcessForClipboardAccess",
+        "NtUserGetClipboardAccessToken",
+        "NtUserGetQueueStatusReadonly",
+        "NtUserCompositionInputSinkLuidFromPoint",
+        "NtUserCompositionInputSinkViewInstanceIdFromPoint",
+        "NtUserUpdateWindowInputSinkHints",
+        "NtUserTransformPoint",
+        "NtUserTransformRect",
+        "NtUserGetHimetricScaleFactorFromPixelLocation",
+        "NtUserGetDpiForMonitor",
+        "NtUserReportInertia",
+        "NtUserLinkDpiCursor",
+        "NtUserGetCursorDims",
+        "NtUserInitializeInputDeviceInjection",
+        "NtUserInitializeGenericHidInjection",
+        "NtUserInitializePointerDeviceInjection",
+        "NtUserRemoveInjectionDevice",
+        "NtUserSetFeatureReportResponse",
+        "NtUserInjectDeviceInput",
+        "NtUserInjectMouseInput",
+        "NtUserInjectKeyboardInput",
+        "NtUserInjectPointerInput",
+        "NtUserInjectGenericHidInput",
+        "NtUserInitializePointerDeviceInjectionEx",
+        "NtRIMRegisterForInput",
+        "NtRIMReadInput",
+        "NtRIMGetDevicePreparsedData",
+        "NtRIMGetDeviceProperties",
+        "NtRIMAreSiblingDevices",
+        "NtRIMFreeInputBuffer",
+        "NtRIMOnPnpNotification",
+        "NtRIMOnTimerNotification",
+        "NtRIMDeviceIoControl",
+        "NtRIMUnregisterForInput",
+        "NtRIMSetTestModeStatus",
+        "NtRIMGetPhysicalDeviceRect",
+        "NtRIMGetSourceProcessId",
+        "NtRIMAddInputObserver",
+        "NtRIMRemoveInputObserver",
+        "NtRIMUpdateInputObserverRegistration",
+        "NtRIMObserveNextInput",
+        "NtRIMGetDevicePreparsedDataLockfree",
+        "NtRIMGetDevicePropertiesLockfree",
+        "NtUserSetCoreWindow",
+        "NtUserSetCoreWindowPartner",
+        "NtUserNavigateFocus",
+        "NtHWCursorUpdatePointer",
+        "NtUserAcquireInteractiveControlBackgroundAccess",
+        "NtUserGetInteractiveControlInfo",
+        "NtUserGetInteractiveControlDeviceInfo",
+        "NtUserSendInteractiveControlHapticsReport",
+        "NtUserSetInteractiveControlFocus",
+        "NtUserInteractiveControlQueryUsage",
+        "NtUserSetInteractiveCtrlRotationAngle",
+        "NtUserGetInteractiveCtrlSupportedWaveforms",
+        "NtUserProcessInkFeedbackCommand",
+        "NtUserSetProcessInteractionFlags",
+        "NtMITActivateInputProcessing",
+        "NtMITWaitForMultipleObjectsEx",
+        "NtMITDeactivateInputProcessing",
+        "NtMITSetInputCallbacks",
+        "NtMITCoreMsgKGetConnectionHandle",
+        "NtMITCoreMsgKSend",
+        "NtMITCoreMsgKOpenConnectionTo",
+        "NtMITUpdateInputGlobals",
+        "NtMITBindInputTypeToMonitors",
+        "NtMITEnableMouseIntercept",
+        "NtMITDisableMouseIntercept",
+        "NtMITSynthesizeTouchInput",
+        "NtMITSynthesizeMouseInput",
+        "NtMITSynthesizeMouseWheel"
+    ]
+]
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win10_x86_16299_syscalls.py b/volatility/plugins/overlays/windows/win10_x86_16299_syscalls.py
new file mode 100644
index 000000000..11ca55de8
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_16299_syscalls.py
@@ -0,0 +1,1640 @@
+syscalls = [
+    [
+        "NtAccessCheck",
+        "NtWorkerFactoryWorkerReady",
+        "NtAcceptConnectPort",
+        "NtYieldExecution",
+        "NtWriteVirtualMemory",
+        "NtWriteRequestData",
+        "NtWriteFileGather",
+        "NtWriteFile",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtWaitForWorkViaWorkerFactory",
+        "NtWaitForSingleObject",
+        "NtWaitForMultipleObjects32",
+        "NtWaitForMultipleObjects",
+        "NtWaitForKeyedEvent",
+        "NtWaitForDebugEvent",
+        "NtWaitForAlertByThreadId",
+        "NtVdmControl",
+        "NtUnsubscribeWnfStateChange",
+        "NtUpdateWnfStateData",
+        "NtUnmapViewOfSection",
+        "NtUnmapViewOfSectionEx",
+        "NtUnlockVirtualMemory",
+        "NtUnlockFile",
+        "NtUnloadKeyEx",
+        "NtUnloadKey2",
+        "NtUnloadKey",
+        "NtUnloadDriver",
+        "NtUmsThreadYield",
+        "NtTranslateFilePath",
+        "NtTraceEvent",
+        "NtTraceControl",
+        "NtThawTransactions",
+        "NtThawRegistry",
+        "NtTestAlert",
+        "NtTerminateThread",
+        "NtTerminateProcess",
+        "NtTerminateJobObject",
+        "NtTerminateEnclave",
+        "NtSystemDebugControl",
+        "NtSuspendThread",
+        "NtSuspendProcess",
+        "NtSubscribeWnfStateChange",
+        "NtStopProfile",
+        "NtStartProfile",
+        "NtSinglePhaseReject",
+        "NtSignalAndWaitForSingleObject",
+        "NtShutdownWorkerFactory",
+        "NtShutdownSystem",
+        "NtSetWnfProcessNotificationEvent",
+        "NtSetVolumeInformationFile",
+        "NtSetValueKey",
+        "NtSetUuidSeed",
+        "NtSetTimerResolution",
+        "NtSetTimerEx",
+        "NtSetTimer",
+        "NtSetThreadExecutionState",
+        "NtSetSystemTime",
+        "NtSetSystemPowerState",
+        "NtSetSystemInformation",
+        "NtSetSystemEnvironmentValueEx",
+        "NtSetSystemEnvironmentValue",
+        "NtSetSecurityObject",
+        "NtSetQuotaInformationFile",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtSetLdtEntries",
+        "NtSetIRTimer",
+        "NtSetTimer2",
+        "NtCancelTimer2",
+        "NtSetIoCompletionEx",
+        "NtSetIoCompletion",
+        "NtSetIntervalProfile",
+        "NtSetInformationWorkerFactory",
+        "NtSetInformationTransactionManager",
+        "NtSetInformationTransaction",
+        "NtSetInformationToken",
+        "NtSetInformationThread",
+        "NtSetInformationResourceManager",
+        "NtSetInformationProcess",
+        "NtSetInformationObject",
+        "NtSetInformationKey",
+        "NtSetInformationJobObject",
+        "NtSetInformationFile",
+        "NtSetInformationEnlistment",
+        "NtSetInformationDebugObject",
+        "NtSetHighEventPair",
+        "NtSetHighEventPair",
+        "NtSetEventBoostPriority",
+        "NtSetEvent",
+        "NtSetEaFile",
+        "NtSetDriverEntryOrder",
+        "NtSetDefaultUILanguage",
+        "NtSetDefaultLocale",
+        "NtSetDefaultHardErrorPort",
+        "NtSetDebugFilterState",
+        "NtSetContextThread",
+        "NtSetCachedSigningLevel2",
+        "NtSetCachedSigningLevel",
+        "NtSetBootOptions",
+        "NtSetBootEntryOrder",
+        "NtSerializeBoot",
+        "NtSecureConnectPort",
+        "NtSaveMergedKeys",
+        "NtSaveKeyEx",
+        "NtSaveKey",
+        "NtRollforwardTransactionManager",
+        "NtRollbackTransaction",
+        "NtRollbackEnlistment",
+        "NtRollbackComplete",
+        "NtRevertContainerImpersonation",
+        "NtResumeThread",
+        "NtResumeProcess",
+        "NtRestoreKey",
+        "NtResetWriteWatch",
+        "NtResetEvent",
+        "NtRequestWaitReplyPort",
+        "NtRequestPort",
+        "NtReplyWaitReplyPort",
+        "NtReplyWaitReceivePortEx",
+        "NtReplyWaitReceivePort",
+        "NtReplyPort",
+        "NtReplacePartitionUnit",
+        "NtReplaceKey",
+        "NtRenameTransactionManager",
+        "NtRenameKey",
+        "NtRemoveProcessDebug",
+        "NtRemoveIoCompletionEx",
+        "NtRemoveIoCompletion",
+        "NtReleaseWorkerFactoryWorker",
+        "NtReleaseSemaphore",
+        "NtReleaseMutant",
+        "NtReleaseKeyedEvent",
+        "NtRegisterThreadTerminatePort",
+        "NtRegisterProtocolAddressInformation",
+        "NtRecoverTransactionManager",
+        "NtRecoverResourceManager",
+        "NtRecoverEnlistment",
+        "NtReadVirtualMemory",
+        "NtReadRequestData",
+        "NtReadOnlyEnlistment",
+        "NtReadFileScatter",
+        "NtReadFile",
+        "NtRaiseHardError",
+        "NtRaiseException",
+        "NtQueueApcThreadEx",
+        "NtQueueApcThread",
+        "NtQueryAuxiliaryCounterFrequency",
+        "NtQueryWnfStateData",
+        "NtQueryWnfStateNameInformation",
+        "NtQueryVolumeInformationFile",
+        "NtQueryVirtualMemory",
+        "NtQueryValueKey",
+        "NtQueryTimerResolution",
+        "NtQueryTimer",
+        "NtQuerySystemTime",
+        "NtQuerySystemInformationEx",
+        "NtQuerySystemInformation",
+        "NtQuerySystemEnvironmentValueEx",
+        "NtQuerySystemEnvironmentValue",
+        "NtQuerySymbolicLinkObject",
+        "NtQuerySemaphore",
+        "NtQuerySecurityPolicy",
+        "NtQuerySecurityObject",
+        "NtQuerySecurityAttributesToken",
+        "NtQuerySection",
+        "NtQueryQuotaInformationFile",
+        "NtQueryPortInformationProcess",
+        "NtQueryPerformanceCounter",
+        "NtQueryOpenSubKeysEx",
+        "NtQueryOpenSubKeys",
+        "NtQueryObject",
+        "NtQueryMutant",
+        "NtQueryMultipleValueKey",
+        "NtQueryLicenseValue",
+        "NtQueryKey",
+        "NtQueryIoCompletion",
+        "NtQueryIntervalProfile",
+        "NtQueryInstallUILanguage",
+        "NtQueryInformationWorkerFactory",
+        "NtQueryInformationTransactionManager",
+        "NtQueryInformationTransaction",
+        "NtQueryInformationToken",
+        "NtQueryInformationThread",
+        "NtQueryInformationResourceManager",
+        "NtQueryInformationProcess",
+        "NtQueryInformationPort",
+        "NtQueryInformationJobObject",
+        "NtQueryInformationFile",
+        "NtQueryInformationEnlistment",
+        "NtQueryInformationByName",
+        "NtQueryInformationAtom",
+        "NtQueryFullAttributesFile",
+        "NtQueryEvent",
+        "NtQueryEaFile",
+        "NtQueryDriverEntryOrder",
+        "NtQueryDirectoryObject",
+        "NtQueryDirectoryFile",
+        "NtQueryDirectoryFileEx",
+        "NtQueryDefaultUILanguage",
+        "NtQueryDefaultLocale",
+        "NtQueryDebugFilterState",
+        "NtQueryBootOptions",
+        "NtQueryBootEntryOrder",
+        "NtQueryAttributesFile",
+        "NtPulseEvent",
+        "NtProtectVirtualMemory",
+        "NtPropagationFailed",
+        "NtPropagationComplete",
+        "NtPrivilegeObjectAuditAlarm",
+        "NtPrivilegedServiceAuditAlarm",
+        "NtPrivilegeCheck",
+        "NtSetInformationVirtualMemory",
+        "NtPrePrepareEnlistment",
+        "NtPrePrepareComplete",
+        "NtPrepareEnlistment",
+        "NtPrepareComplete",
+        "NtPowerInformation",
+        "NtPlugPlayControl",
+        "NtOpenTransactionManager",
+        "NtOpenTransaction",
+        "NtOpenTimer",
+        "NtOpenThreadTokenEx",
+        "NtOpenThreadToken",
+        "NtOpenThread",
+        "NtOpenSymbolicLinkObject",
+        "NtOpenSession",
+        "NtOpenSemaphore",
+        "NtOpenSection",
+        "NtOpenResourceManager",
+        "NtOpenPartition",
+        "NtOpenProcessTokenEx",
+        "NtOpenProcessToken",
+        "NtOpenProcess",
+        "NtOpenPrivateNamespace",
+        "NtOpenObjectAuditAlarm",
+        "NtOpenMutant",
+        "NtOpenKeyTransactedEx",
+        "NtOpenKeyTransacted",
+        "NtOpenKeyEx",
+        "NtOpenKeyedEvent",
+        "NtOpenKey",
+        "NtOpenJobObject",
+        "NtOpenIoCompletion",
+        "NtOpenFile",
+        "NtCreateEventPair",
+        "NtOpenEvent",
+        "NtOpenEnlistment",
+        "NtOpenDirectoryObject",
+        "NtNotifyChangeSession",
+        "NtNotifyChangeMultipleKeys",
+        "NtNotifyChangeKey",
+        "NtNotifyChangeDirectoryFile",
+        "NtNotifyChangeDirectoryFileEx",
+        "NtManagePartition",
+        "NtModifyDriverEntry",
+        "NtModifyBootEntry",
+        "NtMapViewOfSection",
+        "NtMapUserPhysicalPagesScatter",
+        "NtMapUserPhysicalPages",
+        "NtMapCMFModule",
+        "NtMakeTemporaryObject",
+        "NtMakePermanentObject",
+        "NtLockVirtualMemory",
+        "NtLockRegistryKey",
+        "NtLockProductActivationKeys",
+        "NtLockFile",
+        "NtLoadKeyEx",
+        "NtLoadKey2",
+        "NtLoadKey",
+        "NtLoadHotPatch",
+        "NtLoadEnclaveData",
+        "NtLoadDriver",
+        "NtListenPort",
+        "NtIsUILanguageComitted",
+        "NtIsSystemResumeAutomatic",
+        "NtIsProcessInJob",
+        "NtInitiatePowerAction",
+        "NtInitializeRegistry",
+        "NtInitializeNlsFiles",
+        "NtInitializeEnclave",
+        "NtImpersonateThread",
+        "NtImpersonateClientOfPort",
+        "NtImpersonateAnonymousToken",
+        "NtGetWriteWatch",
+        "NtGetNotificationResourceManager",
+        "NtGetNlsSectionPtr",
+        "NtGetNextThread",
+        "NtGetNextProcess",
+        "NtGetMUIRegistryInfo",
+        "NtGetDevicePowerState",
+        "NtGetCurrentProcessorNumberEx",
+        "NtGetCurrentProcessorNumber",
+        "NtGetContextThread",
+        "NtGetCompleteWnfStateSubscription",
+        "NtGetCachedSigningLevel",
+        "NtFsControlFile",
+        "NtFreezeTransactions",
+        "NtFreezeRegistry",
+        "NtFreeVirtualMemory",
+        "NtFreeUserPhysicalPages",
+        "NtFlushWriteBuffer",
+        "NtFlushVirtualMemory",
+        "NtFlushProcessWriteBuffers",
+        "NtFlushKey",
+        "FsRtlSyncVolumes",
+        "NtFlushInstallUILanguage",
+        "NtFlushBuffersFile",
+        "NtFlushBuffersFileEx",
+        "NtFindAtom",
+        "NtFilterToken",
+        "NtFilterTokenEx",
+        "NtFilterBootOption",
+        "NtExtendSection",
+        "NtEnumerateValueKey",
+        "NtEnumerateTransactionObject",
+        "NtEnumerateSystemEnvironmentValuesEx",
+        "NtEnumerateKey",
+        "NtEnumerateDriverEntries",
+        "NtEnumerateBootEntries",
+        "NtEnableLastKnownGood",
+        "NtDuplicateToken",
+        "NtDuplicateObject",
+        "NtDrawText",
+        "NtDisplayString",
+        "NtDisableLastKnownGood",
+        "NtDeviceIoControlFile",
+        "NtDeleteWnfStateName",
+        "NtDeleteWnfStateData",
+        "NtDeleteValueKey",
+        "NtDeletePrivateNamespace",
+        "NtDeleteObjectAuditAlarm",
+        "NtDeleteKey",
+        "NtDeleteFile",
+        "NtDeleteDriverEntry",
+        "NtDeleteBootEntry",
+        "NtDeleteAtom",
+        "NtDelayExecution",
+        "NtDebugContinue",
+        "NtDebugActiveProcess",
+        "NtCreatePartition",
+        "NtCreateWorkerFactory",
+        "NtCreateWnfStateName",
+        "NtCreateWaitCompletionPacket",
+        "NtCreateWaitablePort",
+        "NtCreateUserProcess",
+        "NtCreateTransactionManager",
+        "NtCreateTransaction",
+        "NtCreateToken",
+        "NtCreateLowBoxToken",
+        "NtCreateTokenEx",
+        "NtCreateTimer",
+        "NtCreateThreadEx",
+        "NtCreateThread",
+        "NtCreateSymbolicLinkObject",
+        "NtCreateSemaphore",
+        "NtCreateSection",
+        "NtCreateResourceManager",
+        "NtCreateProfileEx",
+        "NtCreateProfile",
+        "NtCreateProcessEx",
+        "NtCreateProcess",
+        "NtCreatePrivateNamespace",
+        "NtCreatePort",
+        "NtCreatePagingFile",
+        "NtCreateNamedPipeFile",
+        "NtCreateMutant",
+        "NtCreateMailslotFile",
+        "NtCreateKeyTransacted",
+        "NtCreateKeyedEvent",
+        "NtCreateKey",
+        "NtCreateJobSet",
+        "NtCreateJobObject",
+        "NtCreateIRTimer",
+        "NtCreateTimer2",
+        "NtCreateIoCompletion",
+        "NtCreateFile",
+        "NtCreateEventPair",
+        "NtCreateEvent",
+        "NtCreateEnlistment",
+        "NtCreateEnclave",
+        "NtCreateDirectoryObjectEx",
+        "NtCreateDirectoryObject",
+        "NtCreateDebugObject",
+        "NtConvertBetweenAuxiliaryCounterAndPerformanceCounter",
+        "NtContinue",
+        "NtConnectPort",
+        "NtCompressKey",
+        "NtCompleteConnectPort",
+        "NtCompareTokens",
+        "NtCompareSigningLevels",
+        "NtCompareObjects",
+        "NtCompactKeys",
+        "NtCommitTransaction",
+        "NtCommitEnlistment",
+        "NtCommitComplete",
+        "NtCloseObjectAuditAlarm",
+        "NtClose",
+        "NtClearEvent",
+        "NtCancelWaitCompletionPacket",
+        "NtCancelTimer",
+        "NtCancelSynchronousIoFile",
+        "NtCancelIoFileEx",
+        "NtCancelIoFile",
+        "NtCallEnclave",
+        "NtCallbackReturn",
+        "NtAssociateWaitCompletionPacket",
+        "NtAssignProcessToJobObject",
+        "NtAreMappedFilesTheSame",
+        "NtApphelpCacheControl",
+        "NtAlpcSetInformation",
+        "NtAlpcSendWaitReceivePort",
+        "NtAlpcRevokeSecurityContext",
+        "NtAlpcQueryInformationMessage",
+        "NtAlpcQueryInformation",
+        "NtAlpcOpenSenderThread",
+        "NtAlpcOpenSenderProcess",
+        "NtAlpcImpersonateClientOfPort",
+        "NtAlpcImpersonateClientContainerOfPort",
+        "NtAlpcDisconnectPort",
+        "NtAlpcDeleteSecurityContext",
+        "NtAlpcDeleteSectionView",
+        "NtAlpcDeleteResourceReserve",
+        "NtAlpcDeletePortSection",
+        "NtAlpcCreateSecurityContext",
+        "NtAlpcCreateSectionView",
+        "NtAlpcCreateResourceReserve",
+        "NtAlpcCreatePortSection",
+        "NtAlpcCreatePort",
+        "NtAlpcConnectPort",
+        "NtAlpcConnectPortEx",
+        "NtAlpcCancelMessage",
+        "NtAlpcAcceptConnectPort",
+        "NtAllocateVirtualMemory",
+        "NtAllocateUuids",
+        "NtAllocateUserPhysicalPages",
+        "NtAllocateReserveObject",
+        "NtAllocateLocallyUniqueId",
+        "NtAlertThreadByThreadId",
+        "NtAlertThread",
+        "NtAlertResumeThread",
+        "NtAdjustPrivilegesToken",
+        "NtAdjustGroupsToken",
+        "NtAdjustTokenClaimsAndDeviceGroups",
+        "NtAddDriverEntry",
+        "NtAddBootEntry",
+        "NtAddAtom",
+        "NtAddAtomEx",
+        "NtAcquireProcessActivityReference",
+        "NtAccessCheckByTypeResultListAndAuditAlarmByHandle",
+        "NtAccessCheckByTypeResultListAndAuditAlarm",
+        "NtAccessCheckByTypeResultList",
+        "NtAccessCheckByTypeAndAuditAlarm",
+        "NtAccessCheckByType",
+        "NtAccessCheckAndAuditAlarm",
+        "NtSetInformationSymbolicLink",
+        "NtCreateRegistryTransaction",
+        "NtOpenRegistryTransaction",
+        "NtCommitRegistryTransaction",
+        "NtRollbackRegistryTransaction"
+    ],
+    [
+        "NtUserGetOwnerTransformedMonitorRect",
+        "NtUserYieldTask",
+        "NtUserSetSensorPresence",
+        "NtGdiWidenPath",
+        "NtGdiUpdateColors",
+        "NtGdiUnrealizeObject",
+        "NtGdiUnmapMemFont",
+        "NtGdiUnloadPrinterDriver",
+        "NtGdiTransparentBlt",
+        "NtGdiTransformPoints",
+        "NtGdiScaleRgn",
+        "NtGdiScaleValues",
+        "NtGdiGetDCDpiScaleValue",
+        "NtGdiGetBitmapDpiScaleValue",
+        "NtGdiEnsureDpiDepDefaultGuiFontForPlateau",
+        "NtGdiSwapBuffers",
+        "NtGdiStrokePath",
+        "NtGdiStrokeAndFillPath",
+        "NtGdiStretchDIBitsInternal",
+        "NtGdiStretchBlt",
+        "NtGdiStartPage",
+        "NtGdiStartDoc",
+        "NtGdiSetSizeDevice",
+        "NtGdiSetVirtualResolution",
+        "NtGdiSetTextJustification",
+        "NtGdiSetSystemPaletteUse",
+        "NtGdiSetRectRgn",
+        "NtGdiSetPixelFormat",
+        "NtGdiSetPixel",
+        "NtGdiSetOPMSigningKeyAndSequenceNumbers",
+        "NtGdiSetLayout",
+        "NtGdiMirrorWindowOrg",
+        "NtGdiGetDeviceWidth",
+        "NtGdiSetMiterLimit",
+        "NtGdiSetMetaRgn",
+        "NtGdiSetMagicColors",
+        "NtGdiSetLinkedUFIs",
+        "NtGdiSetIcmMode",
+        "NtGdiSetFontXform",
+        "NtGdiSetFontEnumeration",
+        "NtGdiSetDIBitsToDeviceInternal",
+        "NtGdiSetDeviceGammaRamp",
+        "NtGdiGetGammaRampCapability",
+        "NtGdiSetPrivateDeviceGammaRamp",
+        "NtGdiGetAppliedDeviceGammaRamp",
+        "NtGdiSetColorSpace",
+        "NtGdiSetColorAdjustment",
+        "NtGdiSetBrushOrg",
+        "NtGdiSetBrushAttributes",
+        "NtGdiSetBoundsRect",
+        "NtGdiSetBitmapDimension",
+        "NtGdiSetBitmapBits",
+        "NtGdiSetBitmapAttributes",
+        "NtGdiSelectPen",
+        "NtGdiSelectFont",
+        "NtGdiSelectClipPath",
+        "NtGdiSelectBrush",
+        "NtGdiSelectBitmap",
+        "NtGdiScaleWindowExtEx",
+        "NtGdiScaleViewportExtEx",
+        "NtGdiSaveDC",
+        "NtGdiRoundRect",
+        "NtGdiRestoreDC",
+        "NtGdiResizePalette",
+        "NtGdiResetDC",
+        "NtGdiRemoveFontMemResourceEx",
+        "NtGdiRemoveFontResourceW",
+        "NtGdiRectVisible",
+        "NtGdiRectInRegion",
+        "NtGdiRectangle",
+        "NtGdiQueryFontAssocInfo",
+        "NtGdiQueryFonts",
+        "NtGdiPtVisible",
+        "NtGdiPtInRegion",
+        "NtGdiPolyTextOutW",
+        "NtGdiPolyPolyDraw",
+        "NtGdiPolyDraw",
+        "NtGdiPlgBlt",
+        "NtGdiPathToRegion",
+        "NtGdiPolyPatBlt",
+        "NtGdiPatBlt",
+        "NtGdiOpenDCW",
+        "NtGdiOffsetRgn",
+        "NtGdiOffsetClipRgn",
+        "NtGdiMoveTo",
+        "NtGdiMonoBitmap",
+        "NtGdiModifyWorldTransform",
+        "NtGdiMaskBlt",
+        "NtGdiMakeInfoDC",
+        "NtGdiMakeFontDir",
+        "NtGdiLineTo",
+        "NtGdiInvertRgn",
+        "NtGdiIntersectClipRect",
+        "NtGdiInitSpool",
+        "NtGdiInit",
+        "NtGdiIcmBrushInfo",
+        "NtGdiHfontCreate",
+        "NtGdiGradientFill",
+        "NtGdiGetWidthTable",
+        "NtGdiGetFontUnicodeRanges",
+        "NtGdiAddEmbFontToDC",
+        "NtGdiChangeGhostFont",
+        "NtGdiGetEmbedFonts",
+        "NtGdiGetUFIPathname",
+        "NtGdiGetEmbUFI",
+        "NtGdiGetUFI",
+        "NtGdiGetTransform",
+        "NtGdiGetTextMetricsW",
+        "NtGdiGetTextFaceW",
+        "NtGdiGetTextExtentExW",
+        "NtGdiGetTextExtent",
+        "NtGdiGetTextCharsetInfo",
+        "NtGdiGetSystemPaletteUse",
+        "NtGdiGetSuggestedOPMProtectedOutputArraySize",
+        "NtGdiGetStringBitmapW",
+        "NtGdiGetStats",
+        "NtGdiGetSpoolMessage",
+        "NtGdiGetServerMetaFileBits",
+        "NtGdiGetRgnBox",
+        "NtGdiGetRegionData",
+        "NtGdiGetRealizationInfo",
+        "NtGdiGetRasterizerCaps",
+        "NtGdiGetRandomRgn",
+        "NtGdiGetPixel",
+        "NtGdiGetPath",
+        "NtGdiGetOutlineTextMetricsInternalW",
+        "NtGdiGetOPMRandomNumber",
+        "NtGdiGetObjectBitmapHandle",
+        "NtGdiGetNearestPaletteIndex",
+        "NtGdiGetNearestColor",
+        "NtGdiGetMonitorID",
+        "NtGdiGetMiterLimit",
+        "NtGdiGetLinkedUFIs",
+        "NtGdiGetKerningPairs",
+        "NtGdiGetOPMInformation",
+        "NtGdiGetGlyphOutline",
+        "NtGdiGetGlyphIndicesWInternal",
+        "NtGdiGetGlyphIndicesW",
+        "NtGdiGetFontResourceInfoInternalW",
+        "NtGdiGetFontFileInfo",
+        "NtGdiGetFontFileData",
+        "NtGdiGetFontData",
+        "NtGdiGetEudcTimeStampEx",
+        "NtGdiGetETM",
+        "NtGdiGetEntry",
+        "NtGdiGetDIBitsInternal",
+        "NtGdiGetDeviceCapsAll",
+        "NtGdiGetDeviceGammaRamp",
+        "NtGdiGetDeviceCaps",
+        "NtGdiGetDCPoint",
+        "NtGdiGetDCObject",
+        "NtGdiGetDCforBitmap",
+        "NtGdiGetDCDword",
+        "NtGdiGetCurrentDpiInfo",
+        "NtGdiGetCOPPCompatibleOPMInformation",
+        "NtGdiGetColorSpaceforBitmap",
+        "NtGdiGetColorAdjustment",
+        "NtGdiGetCharWidthInfo",
+        "NtGdiGetCharWidthW",
+        "NtGdiGetCharSet",
+        "NtGdiGetCharacterPlacementW",
+        "NtGdiGetCharABCWidthsW",
+        "NtGdiGetCertificateSize",
+        "NtGdiGetCertificate",
+        "NtGdiGetCertificateSizeByHandle",
+        "NtGdiGetCertificateByHandle",
+        "NtGdiGetBoundsRect",
+        "NtGdiGetBitmapDimension",
+        "NtGdiGetBitmapBits",
+        "NtGdiGetAppClipBox",
+        "NtGdiGetAndSetDCDword",
+        "NtGdiFullscreenControl",
+        "NtGdiFrameRgn",
+        "NtGdiForceUFIMapping",
+        "NtGdiFlush",
+        "NtGdiFlattenPath",
+        "NtGdiFillRgn",
+        "NtGdiFillPath",
+        "NtGdiExtTextOutW",
+        "NtGdiExtSelectClipRgn",
+        "NtGdiExtGetObjectW",
+        "NtGdiExtFloodFill",
+        "NtGdiExtEscape",
+        "NtGdiExtCreateRegion",
+        "NtGdiExtCreatePen",
+        "NtGdiExcludeClipRect",
+        "NtGdiEudcLoadUnloadLink",
+        "NtGdiEqualRgn",
+        "NtGdiEnumObjects",
+        "NtGdiEnumFonts",
+        "NtGdiEndPath",
+        "NtGdiEndPage",
+        "NtGdiEndGdiRendering",
+        "NtGdiEndDoc",
+        "NtGdiEnableEudc",
+        "NtGdiEllipse",
+        "NtGdiDrawEscape",
+        "NtGdiDoPalette",
+        "NtGdiDoBanding",
+        "NtGdiGetPerBandInfo",
+        "NtGdiDestroyOPMProtectedOutput",
+        "NtGdiDescribePixelFormat",
+        "NtGdiDeleteObjectApp",
+        "NtGdiDeleteColorTransform",
+        "NtGdiDeleteColorSpace",
+        "NtGdiDeleteClientObj",
+        "NtGdiCreateSolidBrush",
+        "NtGdiCreateServerMetaFile",
+        "NtGdiCreateRoundRectRgn",
+        "NtGdiCreateRectRgn",
+        "NtGdiCreatePen",
+        "NtGdiCreatePatternBrushInternal",
+        "NtGdiCreatePaletteInternal",
+        "NtGdiCreateOPMProtectedOutputs",
+        "NtGdiCreateOPMProtectedOutput",
+        "NtGdiCreateMetafileDC",
+        "NtGdiCreateHatchBrushInternal",
+        "NtGdiCreateHalftonePalette",
+        "NtGdiCreateEllipticRgn",
+        "NtGdiCreateSessionMappedDIBSection",
+        "NtGdiCreateDIBSection",
+        "NtGdiCreateDIBitmapInternal",
+        "NtGdiCreateDIBBrush",
+        "NtGdiCreateCompatibleDC",
+        "NtGdiCreateCompatibleBitmap",
+        "NtGdiCreateColorTransform",
+        "NtGdiCreateColorSpace",
+        "NtGdiCreateClientObj",
+        "NtGdiCreateBitmapFromDxSurface2",
+        "NtGdiCreateBitmapFromDxSurface",
+        "NtGdiCreateBitmap",
+        "NtGdiConvertMetafileRect",
+        "NtGdiConfigureOPMProtectedOutput",
+        "NtGdiComputeXformCoefficients",
+        "NtGdiCombineTransform",
+        "NtGdiCombineRgn",
+        "NtGdiColorCorrectPalette",
+        "NtGdiClearBrushAttributes",
+        "NtGdiClearBitmapAttributes",
+        "NtGdiCloseFigure",
+        "NtGdiCheckBitmapBits",
+        "NtGdiCancelDC",
+        "NtGdiBitBlt",
+        "NtGdiBeginPath",
+        "NtGdiBeginGdiRendering",
+        "NtGdiArcInternal",
+        "NtGdiFontIsLinked",
+        "NtGdiAnyLinkedFonts",
+        "NtGdiAngleArc",
+        "NtGdiAlphaBlend",
+        "NtGdiAddRemoteMMInstanceToDC",
+        "NtGdiRemoveMergeFont",
+        "NtGdiAddFontMemResourceEx",
+        "NtGdiAddRemoteFontToDC",
+        "NtGdiAddFontResourceW",
+        "NtGdiAbortPath",
+        "NtGdiAbortDoc",
+        "NtUserDefSetText",
+        "NtUserDeferWindowPosAndBand",
+        "NtUserDdeInitialize",
+        "NtUserCanBrokerForceForeground",
+        "NtUserCreateWindowStation",
+        "NtUserCreateWindowEx",
+        "NtUserCreateLocalMemHandle",
+        "NtUserCreateInputContext",
+        "NtUserCreateDesktopEx",
+        "NtUserCreateCaret",
+        "NtUserCreateAcceleratorTable",
+        "NtUserCountClipboardFormats",
+        "NtUserCopyAcceleratorTable",
+        "NtUserConvertMemHandle",
+        "NtUserConsoleControl",
+        "NtUserCloseWindowStation",
+        "NtUserCloseDesktop",
+        "NtUserCloseClipboard",
+        "NtUserClipCursor",
+        "NtUserChildWindowFromPointEx",
+        "NtUserCheckMenuItem",
+        "NtUserCheckWindowThreadDesktop",
+        "NtUserDwmValidateWindow",
+        "NtUserCheckAccessForIntegrityLevel",
+        "NtUserDisplayConfigSetDeviceInfo",
+        "NtUserDisplayConfigGetDeviceInfo",
+        "NtUserQueryDisplayConfig",
+        "NtUserSetDisplayConfig",
+        "NtUserFunctionalizeDisplayConfig",
+        "NtUserGetDisplayConfigBufferSizes",
+        "NtUserChangeDisplaySettings",
+        "NtUserChangeClipboardChain",
+        "NtUserCallTwoParam",
+        "NtUserCallOneParam",
+        "NtUserCallNoParam",
+        "NtUserCallNextHookEx",
+        "NtUserCallMsgFilter",
+        "NtUserCallHwndParamLock",
+        "NtUserCallHwndParam",
+        "NtUserCallHwndOpt",
+        "NtUserCallHwndLock",
+        "NtUserCallHwnd",
+        "NtUserBroadcastThemeChangeEvent",
+        "NtUserBuildPropList",
+        "NtUserBuildNameList",
+        "NtUserBuildHwndList",
+        "NtUserBuildHimcList",
+        "NtUserBlockInput",
+        "NtUserBitBltSysBmp",
+        "NtUserBeginPaint",
+        "NtUserAttachThreadInput",
+        "NtUserAssociateInputContext",
+        "NtUserAlterWindowStyle",
+        "NtUserAddClipboardFormatListener",
+        "NtUserActivateKeyboardLayout",
+        "NtUserDelegateCapturePointers",
+        "NtUserDelegateInput",
+        "NtUserDispatchMessage",
+        "NtUserDisableProcessWindowFiltering",
+        "NtUserDisableThreadIme",
+        "NtUserDestroyWindow",
+        "NtUserDestroyMenu",
+        "NtUserDestroyInputContext",
+        "NtUserDestroyCursor",
+        "NtUserDestroyAcceleratorTable",
+        "NtUserDeleteMenu",
+        "NtUserDoSoundDisconnect",
+        "NtUserDoSoundConnect",
+        "NtUserGhostWindowFromHungWindow",
+        "NtUserGetWOWClass",
+        "NtUserGetWindowPlacement",
+        "NtUserGetWindowDisplayAffinity",
+        "NtUserGetWindowDC",
+        "NtUserGetWindowCompositionAttribute",
+        "NtUserGetWindowCompositionInfo",
+        "NtUserGetWindowBand",
+        "NtUserGetUpdateRgn",
+        "NtUserGetUpdateRect",
+        "NtUserGetUpdatedClipboardFormats",
+        "NtUserGetTopLevelWindow",
+        "NtUserGetTitleBarInfo",
+        "NtUserGetThreadState",
+        "NtUserGetThreadDesktop",
+        "NtUserGetSystemMenu",
+        "NtUserGetScrollBarInfo",
+        "NtUserGetRegisteredRawInputDevices",
+        "NtUserGetRawInputDeviceList",
+        "NtUserGetRawInputDeviceInfo",
+        "NtUserGetRawInputData",
+        "NtUserGetRawInputBuffer",
+        "NtUserGetActiveProcessesDpis",
+        "NtUserGetDpiForCurrentProcess",
+        "NtUserGetProcessDpiAwarenessContext",
+        "NtUserGetProcessWindowStation",
+        "NtUserGetPriorityClipboardFormat",
+        "NtUserGetOpenClipboardWindow",
+        "NtUserGetObjectInformation",
+        "NtUserGetMouseMovePointsEx",
+        "NtUserGetMessage",
+        "NtUserGetMenuItemRect",
+        "NtUserGetMenuIndex",
+        "NtUserGetMenuBarInfo",
+        "NtUserGetListBoxInfo",
+        "NtUserGetKeyState",
+        "NtUserGetKeyNameText",
+        "NtUserGetKeyboardState",
+        "NtUserGetKeyboardLayoutName",
+        "NtUserGetKeyboardLayoutList",
+        "NtUserGetInternalWindowPos",
+        "NtUserGetInputLocaleInfo",
+        "NtUserGetImeInfoEx",
+        "NtUserGetImeHotKey",
+        "NtUserGetIconSize",
+        "NtUserGetIconInfo",
+        "NtUserGetGUIThreadInfo",
+        "NtUserGetGuiResources",
+        "NtUserGetForegroundWindow",
+        "NtUserGetDoubleClickTime",
+        "NtUserGetDesktopID",
+        "NtUserGetDCEx",
+        "NtUserGetDC",
+        "NtUserGetCursorInfo",
+        "NtUserGetCursorFrameInfo",
+        "NtUserGetCurrentInputMessageSource",
+        "NtUserGetCIMSSM",
+        "NtUserGetCPD",
+        "NtUserGetControlColor",
+        "NtUserGetControlBrush",
+        "NtUserGetComboBoxInfo",
+        "NtUserGetClipCursor",
+        "NtUserGetClipboardViewer",
+        "NtUserGetClipboardSequenceNumber",
+        "NtUserGetClipboardOwner",
+        "NtUserGetClipboardFormatName",
+        "NtUserGetClipboardData",
+        "NtUserGetClassName",
+        "NtUserGetClassInfoEx",
+        "NtUserGetCaretPos",
+        "NtUserGetCaretBlinkTime",
+        "NtUserGetAtomName",
+        "NtUserGetAsyncKeyState",
+        "NtUserGetAppImeLevel",
+        "NtUserGetAncestor",
+        "NtUserGetAltTabInfo",
+        "NtUserFrostCrashedWindow",
+        "NtUserFlashWindowEx",
+        "NtUserFindWindowEx",
+        "NtUserFindExistingCursorIcon",
+        "NtUserFillWindow",
+        "NtUserExcludeUpdateRgn",
+        "NtUserEvent",
+        "NtUserEnumDisplaySettings",
+        "NtUserEnumDisplayMonitors",
+        "NtUserEnumDisplayDevices",
+        "NtUserEndPaint",
+        "NtUserEndMenu",
+        "NtUserEndDeferWindowPosEx",
+        "NtUserEnableScrollBar",
+        "NtUserEnableMenuItem",
+        "NtUserEmptyClipboard",
+        "NtUserDrawMenuBarTemp",
+        "NtUserDrawIconEx",
+        "NtUserDrawCaptionTemp",
+        "NtUserDrawCaption",
+        "NtUserDrawAnimatedRects",
+        "NtUserDragObject",
+        "NtUserDragDetect",
+        "NtUserHandleDelegatedInput",
+        "NtUserInheritWindowMonitor",
+        "NtUserRealChildWindowFromPoint",
+        "NtUserQueryWindow",
+        "NtUserQuerySendMessage",
+        "NtUserQueryInputContext",
+        "NtUserQueryInformationThread",
+        "NtUserQueryBSDRWindow",
+        "NtUserPerMonitorDPIPhysicalToLogicalPoint",
+        "NtUserProcessConnect",
+        "NtUserPrintWindow",
+        "NtUserPostThreadMessage",
+        "NtUserPostMessage",
+        "NtUserPhysicalToLogicalPoint",
+        "NtUserPeekMessage",
+        "NtUserPaintMonitor",
+        "NtUserPaintDesktop",
+        "NtUserOpenWindowStation",
+        "NtUserOpenThreadDesktop",
+        "NtUserOpenInputDesktop",
+        "NtUserOpenDesktop",
+        "NtUserOpenClipboard",
+        "NtUserNotifyWinEvent",
+        "NtUserNotifyProcessCreate",
+        "NtUserNotifyIMEStatus",
+        "NtUserMoveWindow",
+        "NtUserModifyUserStartupInfoFlags",
+        "NtUserMNDragOver",
+        "NtUserMNDragLeave",
+        "NtUserMinMaximize",
+        "NtUserMessageCall",
+        "NtUserMenuItemFromPoint",
+        "NtUserMapVirtualKeyEx",
+        "NtUserLayoutCompleted",
+        "NtUserLogicalToPerMonitorDPIPhysicalPoint",
+        "NtUserLogicalToPhysicalPoint",
+        "NtUserLockCursor",
+        "NtUserLockWorkStation",
+        "NtUserLockWindowUpdate",
+        "NtUserLockWindowStation",
+        "NtUserLoadKeyboardLayoutEx",
+        "NtUserKillTimer",
+        "NtUserIsTopLevelWindow",
+        "NtUserIsClipboardFormatAvailable",
+        "NtUserInvalidateRgn",
+        "NtUserInvalidateRect",
+        "NtUserInternalGetWindowIcon",
+        "NtUserInternalGetWindowText",
+        "NtUserInitTask",
+        "NtUserInitializeClientPfnArrays",
+        "NtUserInitialize",
+        "NtUserImpersonateDdeClientWindow",
+        "NtUserHungWindowFromGhostWindow",
+        "NtUserHiliteMenuItem",
+        "NtUserHideCaret",
+        "NtUserHardErrorControl",
+        "NtUserRealInternalGetMessage",
+        "NtUserRealWaitMessageEx",
+        "NtUserReleaseDwmHitTestWaiters",
+        "NtUserReleaseDC",
+        "NtUserTranslateMessage",
+        "NtUserTranslateAccelerator",
+        "NtUserPaintMenuBar",
+        "NtUserCalcMenuBar",
+        "NtUserCalculatePopupWindowPosition",
+        "NtUserTrackPopupMenuEx",
+        "NtUserTrackMouseEvent",
+        "NtUserToUnicodeEx",
+        "NtUserThunkedMenuItemInfo",
+        "NtUserThunkedMenuInfo",
+        "NtUserTestForInteractiveUser",
+        "NtUserSendEventMessage",
+        "NtUserSystemParametersInfo",
+        "NtUserSystemParametersInfoForDpi",
+        "NtUserSwitchDesktop",
+        "NtUserSoundSentry",
+        "NtUserShutdownReasonDestroy",
+        "NtUserShutdownBlockReasonQuery",
+        "NtUserShutdownBlockReasonCreate",
+        "NtUserShowWindowAsync",
+        "NtUserShowWindow",
+        "NtUserShowScrollBar",
+        "NtUserShowCaret",
+        "NtUserShowCursor",
+        "NtUserSetWinEventHook",
+        "NtUserSetWindowWord",
+        "NtUserSetWindowStationUser",
+        "NtUserSetWindowsHookEx",
+        "NtUserSetWindowsHookAW",
+        "NtUserSetWindowRgnEx",
+        "NtUserGetWindowRgnEx",
+        "NtUserSetWindowRgn",
+        "NtUserSetWindowPos",
+        "NtUserSetWindowPlacement",
+        "NtUserSetWindowLong",
+        "NtUserSetWindowFNID",
+        "NtUserSetWindowDisplayAffinity",
+        "NtUserSetWindowCompositionTransition",
+        "NtUserUpdateDefaultDesktopThumbnail",
+        "NtUserSetWindowCompositionAttribute",
+        "NtUserSetWindowBand",
+        "NtUserSetProcessUIAccessZorder",
+        "NtUserSetProcessDpiAwarenessContext",
+        "NtUserEnableChildWindowDpiMessage",
+        "NtUserIsChildWindowDpiMessageEnabled",
+        "NtUserEnableNonClientDpiScaling",
+        "NtUserIsNonClientDpiScalingEnabled",
+        "NtUserSetDialogControlDpiChangeBehavior",
+        "NtUserIsWindowBroadcastingDpiToChildren",
+        "NtUserEnableWindowGDIScaledDpiMessage",
+        "NtUserIsWindowGDIScaledDpiMessageEnabled",
+        "NtUserSetTargetForResourceBrokering",
+        "NtUserSetTimer",
+        "NtUserSetThreadState",
+        "NtUserSetThreadLayoutHandles",
+        "NtUserSetThreadDesktop",
+        "NtUserSetThreadInputBlocked",
+        "NtUserSetSystemTimer",
+        "NtUserSetSystemMenu",
+        "NtUserSetSystemCursor",
+        "NtUserSetSysColors",
+        "NtUserSetShellWindowEx",
+        "NtUserSetScrollInfo",
+        "NtUserSetProp",
+        "NtUserGetProp",
+        "NtUserSetProcessWindowStation",
+        "NtUserSetParent",
+        "NtUserSetObjectInformation",
+        "NtUserSetMenuFlagRtoL",
+        "NtUserSetMenuDefaultItem",
+        "NtUserSetMenuContextHelpId",
+        "NtUserSetMenu",
+        "NtUserSetKeyboardState",
+        "NtUserSetInternalWindowPos",
+        "NtUserSetInformationThread",
+        "NtUserSetImeOwnerWindow",
+        "NtUserSetImeInfoEx",
+        "NtUserSetImeHotKey",
+        "NtUserSetFocus",
+        "NtUserSetCursorIconData",
+        "NtUserSetCursorContents",
+        "NtUserSetCursor",
+        "NtUserSetCursorPos",
+        "NtUserSetClipboardViewer",
+        "NtUserSetClipboardData",
+        "NtUserSetClassWord",
+        "NtUserSetClassLong",
+        "NtUserSetChildWindowNoActivate",
+        "NtUserSetCapture",
+        "NtUserSetAppImeLevel",
+        "NtUserSetActiveWindow",
+        "NtUserSendInput",
+        "NtUserSelectPalette",
+        "NtUserScrollWindowEx",
+        "NtUserScrollDC",
+        "NtUserSBGetParms",
+        "NtUserResolveDesktopForWOW",
+        "NtUserRemoveProp",
+        "NtUserRemoveMenu",
+        "NtUserRemoveClipboardFormatListener",
+        "NtUserRegisterWindowMessage",
+        "NtUserRegisterTasklist",
+        "NtUserRegisterServicesProcess",
+        "NtUserRegisterRawInputDevices",
+        "NtUserRegisterHotKey",
+        "NtUserRegisterDManipHook",
+        "NtUserGetDManipHookInitFunction",
+        "NtUserRegisterManipulationThread",
+        "NtUserSetManipulationInputTarget",
+        "NtUserStopAndEndInertia",
+        "NtUserRegisterUserApiHook",
+        "NtUserRegisterErrorReportingDialog",
+        "NtUserRegisterClassExWOW",
+        "NtUserRegisterBSDRWindow",
+        "NtUserRedrawWindow",
+        "NtUserUndelegateInput",
+        "NtUserGetWindowMinimizeRect",
+        "NtUserDwmGetRemoteSessionOcclusionEvent",
+        "NtUserDwmGetRemoteSessionOcclusionState",
+        "NtUserDwmKernelShutdown",
+        "NtUserDwmKernelStartup",
+        "NtUserCheckProcessSession",
+        "NtUserUnregisterSessionPort",
+        "NtUserRegisterSessionPort",
+        "NtUserCtxDisplayIOCtl",
+        "NtUserRemoteStopScreenUpdates",
+        "NtUserRemoteRedrawScreen",
+        "NtUserRemoteRedrawRectangle",
+        "NtUserRemoteConnect",
+        "NtUserWaitAvailableMessageEx",
+        "NtUserWindowFromPoint",
+        "NtUserWindowFromPhysicalPoint",
+        "NtUserWindowFromDC",
+        "NtUserWaitMessage",
+        "NtUserWaitForMsgAndEvent",
+        "NtUserWaitForInputIdle",
+        "NtUserVkKeyScanEx",
+        "NtUserValidateTimerCallback",
+        "NtUserValidateRect",
+        "NtUserValidateHandleSecure",
+        "NtUserUserHandleGrantAccess",
+        "NtUserUpdatePerUserSystemParameters",
+        "NtUserSetLayeredWindowAttributes",
+        "NtUserGetLayeredWindowAttributes",
+        "NtUserUpdateLayeredWindow",
+        "NtUserUpdateInstance",
+        "NtUserUpdateInputContext",
+        "NtUserUnregisterHotKey",
+        "NtUserUnregisterUserApiHook",
+        "NtUserUnregisterClass",
+        "NtUserUnlockWindowStation",
+        "NtUserUnloadKeyboardLayout",
+        "NtUserUnhookWinEvent",
+        "NtUserUnhookWindowsHookEx",
+        "NtUserGetTouchInputInfo",
+        "NtUserIsTouchWindow",
+        "NtUserModifyWindowTouchCapability",
+        "NtGdiEngStretchBltROP",
+        "NtGdiEngTextOut",
+        "NtGdiEngTransparentBlt",
+        "NtGdiEngGradientFill",
+        "NtGdiEngAlphaBlend",
+        "NtGdiEngLineTo",
+        "NtGdiEngPaint",
+        "NtGdiEngStrokeAndFillPath",
+        "NtGdiEngFillPath",
+        "NtGdiEngStrokePath",
+        "NtGdiEngMarkBandingSurface",
+        "NtGdiEngPlgBlt",
+        "NtGdiEngStretchBlt",
+        "NtGdiEngBitBlt",
+        "NtGdiEngLockSurface",
+        "NtGdiEngUnlockSurface",
+        "NtGdiEngEraseSurface",
+        "NtGdiEngDeleteSurface",
+        "NtGdiEngDeletePalette",
+        "NtGdiEngCopyBits",
+        "NtGdiEngComputeGlyphSet",
+        "NtGdiEngCreatePalette",
+        "NtGdiEngCreateDeviceBitmap",
+        "NtGdiEngCreateDeviceSurface",
+        "NtGdiEngCreateBitmap",
+        "NtGdiEngAssociateSurface",
+        "NtUserSetWindowFeedbackSetting",
+        "NtUserRegisterEdgy",
+        "NtUserRegisterShellPTPListener",
+        "NtUserGetWindowFeedbackSetting",
+        "NtUserHidePointerContactVisualization",
+        "NtUserGetTouchValidationStatus",
+        "NtUserInitializeTouchInjection",
+        "NtUserInjectTouchInput",
+        "NtUserRegisterTouchHitTestingWindow",
+        "NtUserSetDisplayMapping",
+        "NtUserSetCalibrationData",
+        "NtUserGetPhysicalDeviceRect",
+        "NtUserRegisterTouchPadCapable",
+        "NtUserGetRawPointerDeviceData",
+        "NtUserGetPointerDeviceCursors",
+        "NtUserGetPointerDeviceRects",
+        "NtUserRegisterPointerDeviceNotifications",
+        "NtUserGetPointerDeviceProperties",
+        "NtUserGetPointerDevice",
+        "NtUserGetPointerDevices",
+        "NtUserEnableTouchPad",
+        "NtUserGetPrecisionTouchPadConfiguration",
+        "NtUserSetPrecisionTouchPadConfiguration",
+        "NtUserPromotePointer",
+        "NtUserDiscardPointerFrameMessages",
+        "NtUserRegisterPointerInputTarget",
+        "NtUserGetPointerFrameArrivalTimes",
+        "NtUserGetPointerInputTransform",
+        "NtUserGetPointerInfoList",
+        "NtUserGetPointerCursorId",
+        "NtUserGetPointerType",
+        "NtUserGetGestureConfig",
+        "NtUserSetGestureConfig",
+        "NtUserGetGestureExtArgs",
+        "NtUserGetGestureInfo",
+        "NtUserInjectGesture",
+        "NtUserChangeWindowMessageFilterEx",
+        "NtGdiXLATEOBJ_hGetColorTransform",
+        "NtGdiXLATEOBJ_iXlate",
+        "NtGdiXLATEOBJ_cGetPalette",
+        "NtGdiEngDeleteClip",
+        "NtGdiEngCreateClip",
+        "NtGdiEngDeletePath",
+        "NtGdiCLIPOBJ_ppoGetPath",
+        "NtGdiCLIPOBJ_cEnumStart",
+        "NtGdiCLIPOBJ_bEnum",
+        "NtGdiBRUSHOBJ_hGetColorTransform",
+        "NtGdiBRUSHOBJ_pvGetRbrush",
+        "NtGdiBRUSHOBJ_pvAllocRbrush",
+        "NtGdiBRUSHOBJ_ulGetBrushColor",
+        "NtGdiXFORMOBJ_iGetXform",
+        "NtGdiXFORMOBJ_bApplyXform",
+        "NtGdiFONTOBJ_pQueryGlyphAttrs",
+        "NtGdiFONTOBJ_pfdg",
+        "NtGdiFONTOBJ_pifi",
+        "NtGdiFONTOBJ_cGetGlyphs",
+        "NtGdiFONTOBJ_pxoGetXform",
+        "NtGdiFONTOBJ_vGetInfo",
+        "NtGdiFONTOBJ_cGetAllGlyphHandles",
+        "NtGdiFONTOBJ_pvTrueTypeFontFile",
+        "NtGdiSTROBJ_dwGetCodePage",
+        "NtGdiSTROBJ_vEnumStart",
+        "NtGdiSTROBJ_bGetAdvanceWidths",
+        "NtGdiSTROBJ_bEnumPositionsOnly",
+        "NtGdiSTROBJ_bEnum",
+        "NtGdiPATHOBJ_bEnumClipLines",
+        "NtGdiPATHOBJ_vEnumStartClipLines",
+        "NtGdiPATHOBJ_vEnumStart",
+        "NtGdiPATHOBJ_bEnum",
+        "NtGdiPATHOBJ_vGetBounds",
+        "NtGdiEngCheckAbort",
+        "NtGdiGetDhpdev",
+        "NtGdiHT_Get8BPPMaskPalette",
+        "NtGdiHT_Get8BPPFormatPalette",
+        "NtGdiUpdateTransform",
+        "NtGdiUMPDEngFreeUserMem",
+        "NtGdiBRUSHOBJ_DeleteRbrush",
+        "NtGdiSetPUMPDOBJ",
+        "NtGdiSetUMPDSandboxState",
+        "NtGdiDrawStream",
+        "NtGdiHLSurfSetInformation",
+        "NtGdiHLSurfGetInformation",
+        "NtGdiDwmCreatedBitmapRemotingOutput",
+        "NtGdiDdDDIGetScanLine",
+        "NtGdiDdDDIReleaseProcessVidPnSourceOwners",
+        "NtGdiDdDDIGetProcessSchedulingPriorityClass",
+        "NtGdiDdDDISetProcessSchedulingPriorityClass",
+        "NtGdiDdDDIGetContextSchedulingPriority",
+        "NtGdiDdDDISetContextSchedulingPriority",
+        "NtGdiDdDDIDestroyDCFromMemory",
+        "NtGdiDdDDICreateDCFromMemory",
+        "NtGdiDdDDIGetDeviceState",
+        "NtGdiDdDDISetGammaRamp",
+        "NtGdiDdDDIWaitForVerticalBlankEvent",
+        "NtGdiDdDDIDestroyOverlay",
+        "NtGdiDdDDIFlipOverlay",
+        "NtGdiDdDDIUpdateOverlay",
+        "NtGdiDdDDICreateOverlay",
+        "NtGdiDdDDIGetPresentQueueEvent",
+        "NtGdiDdDDIGetPresentHistory",
+        "NtGdiDdDDISetVidPnSourceOwner",
+        "NtGdiDdDDIQueryStatistics",
+        "NtGdiDdDDIEscape",
+        "NtGdiDdDDIGetSharedPrimaryHandle",
+        "NtGdiDdDDICloseAdapter",
+        "NtGdiDdDDIOpenAdapterFromLuid",
+        "NtGdiDdDDIEnumAdapters",
+        "NtGdiDdDDIEnumAdapters2",
+        "NtGdiDdDDIOpenAdapterFromHdc",
+        "NtGdiDdDDIOpenAdapterFromDeviceName",
+        "NtGdiDdDDIRender",
+        "NtGdiDdDDIPresent",
+        "NtGdiDdDDIGetMultisampleMethodList",
+        "NtGdiDdDDISetDisplayMode",
+        "NtGdiDdDDIGetDisplayModeList",
+        "NtGdiDdDDIUnlock",
+        "NtGdiDdDDILock",
+        "NtGdiDdDDIQueryAdapterInfo",
+        "NtGdiDdDDIGetRuntimeData",
+        "NtGdiDdDDISignalSynchronizationObject",
+        "NtGdiDdDDIWaitForSynchronizationObject",
+        "NtGdiDdDDIDestroySynchronizationObject",
+        "NtGdiDdDDIOpenSynchronizationObject",
+        "NtGdiDdDDICreateSynchronizationObject",
+        "NtGdiDdDDIDestroyContext",
+        "NtGdiDdDDICreateContext",
+        "NtGdiDdDDIDestroyDevice",
+        "NtGdiDdDDICreateDevice",
+        "NtGdiDdDDIQueryAllocationResidency",
+        "NtGdiDdDDISetAllocationPriority",
+        "NtGdiDdDDIDestroyAllocation",
+        "NtGdiDdDDIDestroyAllocation2",
+        "NtGdiDdDDIOpenResourceFromNtHandle",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle",
+        "NtGdiDdDDIOpenSyncObjectFromNtHandle2",
+        "NtGdiDdDDIOpenResource",
+        "NtGdiDdDDIOpenNtHandleFromName",
+        "NtGdiDdDDIOpenSyncObjectNtHandleFromName",
+        "NtGdiDdDDIShareObjects",
+        "NtGdiDdDDIQueryResourceInfoFromNtHandle",
+        "NtGdiDdDDIQueryResourceInfo",
+        "NtGdiDdDDICreateAllocation",
+        "NtGdiDdDDIOutputDuplReleaseFrame",
+        "NtGdiDdDDIQueryRemoteVidPnSourceFromGdiDisplayName",
+        "NtGdiDdDDIOutputDuplPresent",
+        "NtGdiDdDDIReleaseKeyedMutex2",
+        "NtGdiDdDDIAcquireKeyedMutex2",
+        "NtGdiDdDDIOpenKeyedMutex2",
+        "NtGdiDdDDICreateKeyedMutex2",
+        "NtGdiDdDDIOutputDuplGetPointerShapeData",
+        "NtGdiDdDDIOutputDuplGetMetaData",
+        "NtGdiDdDDIOutputDuplGetFrameInfo",
+        "NtGdiDdDDIDestroyOutputDupl",
+        "NtGdiDdDDICreateOutputDupl",
+        "NtGdiDdDDIReclaimAllocations",
+        "NtGdiDdDDIOfferAllocations",
+        "NtGdiDdDDICheckSharedResourceAccess",
+        "NtGdiDdDDICheckVidPnExclusiveOwnership",
+        "NtGdiDdDDIGetOverlayState",
+        "NtGdiDdDDIConfigureSharedResource",
+        "NtGdiDdDDIReleaseKeyedMutex",
+        "NtGdiDdDDIAcquireKeyedMutex",
+        "NtGdiDdDDIDestroyKeyedMutex",
+        "NtGdiDdDDIOpenKeyedMutex",
+        "NtGdiDdDDICreateKeyedMutex",
+        "NtGdiDdDDISharedPrimaryUnLockNotification",
+        "NtGdiDdDDISharedPrimaryLockNotification",
+        "NtGdiDdDDISetDisplayPrivateDriverFormat",
+        "NtGdiDdDDICheckExclusiveOwnership",
+        "NtGdiDdDDICheckMonitorPowerState",
+        "NtGdiDdDDIWaitForIdle",
+        "NtGdiDdDDICheckOcclusion",
+        "NtGdiDdDDIInvalidateActiveVidPn",
+        "NtGdiDdDDIPollDisplayChildren",
+        "NtGdiDdDDISetQueuedLimit",
+        "NtGdiDdDDIPinDirectFlipResources",
+        "NtGdiDdDDIUnpinDirectFlipResources",
+        "NtGdiDdDDIWaitForVerticalBlankEvent2",
+        "NtGdiDdDDIGetDWMVerticalBlankEvent",
+        "NtGdiDdDDISetSyncRefreshCountWaitTarget",
+        "NtGdiDdDDISetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetContextInProcessSchedulingPriority",
+        "NtGdiDdDDIGetSharedResourceAdapterLuid",
+        "NtGdiDdDDISetStereoEnabled",
+        "NtGdiDdDDIPresentMultiPlaneOverlay",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport",
+        "NtGdiDdDDIMakeResident",
+        "NtGdiDdDDIEvict",
+        "NtGdiDdDDIUpdateAllocationProperty",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromCpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromCpu",
+        "NtGdiDdDDIWaitForSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu",
+        "NtGdiDdDDISignalSynchronizationObjectFromGpu2",
+        "NtGdiDdDDICreatePagingQueue",
+        "NtGdiDdDDIDestroyPagingQueue",
+        "NtGdiDdDDILock2",
+        "NtGdiDdDDIUnlock2",
+        "NtGdiDdDDIInvalidateCache",
+        "NtGdiDdDDIGetResourcePresentPrivateDriverData",
+        "NtGdiDdDDIMapGpuVirtualAddress",
+        "NtGdiDdDDIReserveGpuVirtualAddress",
+        "NtGdiDdDDIFreeGpuVirtualAddress",
+        "NtGdiDdDDIUpdateGpuVirtualAddress",
+        "NtGdiDdDDICreateContextVirtual",
+        "NtGdiDdDDISubmitCommand",
+        "NtGdiDdDDIGetCachedHybridQueryValue",
+        "NtGdiDdDDICacheHybridQueryValue",
+        "NtGdiDdDDINetDispGetNextChunkInfo",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceSupport",
+        "NtGdiDdDDINetDispStartMiracastDisplayDevice",
+        "NtGdiDdDDINetDispStopMiracastDisplayDevice",
+        "NtGdiDdDDINetDispQueryMiracastDisplayDeviceStatus",
+        "NtGdiDdDDINetDispStopSessions",
+        "NtGdiDdDDIQueryVideoMemoryInfo",
+        "NtGdiDdDDIChangeVideoMemoryReservation",
+        "NtGdiDdDDICreateSwapChain",
+        "NtGdiDdDDIOpenSwapChain",
+        "NtGdiDdDDIAddSurfaceToSwapChain",
+        "NtGdiDdDDIRemoveSurfaceFromSwapChain",
+        "NtGdiDdDDIUnOrderedPresentSwapChain",
+        "NtGdiDdDDIGetSetSwapChainMetadata",
+        "NtGdiDdDDIAcquireSwapChain",
+        "NtGdiDdDDIReleaseSwapChain",
+        "NtGdiDdDDIAbandonSwapChain",
+        "NtGdiDdDDISetDodIndirectSwapchain",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport2",
+        "NtGdiDdDDIPresentMultiPlaneOverlay2",
+        "NtGdiDdDDIReclaimAllocations2",
+        "NtGdiDdDDISetStablePowerState",
+        "NtGdiDdDDIQueryClockCalibration",
+        "NtGdiDdDDIQueryVidPnExclusiveOwnership",
+        "NtGdiDdDDIAdjustFullscreenGamma",
+        "NtGdiDdDDISetVidPnSourceHwProtection",
+        "NtGdiDdDDIMarkDeviceAsError",
+        "NtGdiDdDDIFlushHeapTransitions",
+        "NtGdiDdDDISetHwProtectionTeardownRecovery",
+        "NtGdiDdDDIQueryProcessOfferInfo",
+        "NtGdiDdDDITrimProcessCommitment",
+        "NtGdiDdDDICheckMultiPlaneOverlaySupport3",
+        "NtGdiDdDDIPresentMultiPlaneOverlay3",
+        "NtGdiDdDDISetFSEBlock",
+        "NtGdiDdDDIQueryFSEBlock",
+        "NtGdiDdDDICreateHwContext",
+        "NtGdiDdDDIDestroyHwContext",
+        "NtGdiDdDDICreateHwQueue",
+        "NtGdiDdDDIDestroyHwQueue",
+        "NtGdiDdDDISubmitCommandToHwQueue",
+        "NtGdiDdDDISubmitWaitForSyncObjectsToHwQueue",
+        "NtGdiDdDDISubmitSignalSyncObjectsToHwQueue",
+        "NtGdiDdDDIGetAllocationPriority",
+        "NtGdiDdDDIGetMultiPlaneOverlayCaps",
+        "NtGdiDdDDIGetPostCompositionCaps",
+        "NtGdiDdDDISetYieldPercentage",
+        "NtGdiDdDDISetProcessSchedulingPriorityBand",
+        "NtGdiDdDDISetMemoryBudgetTarget",
+        "NtGdiDdDDIGetYieldPercentage",
+        "NtGdiDdDDIGetProcessSchedulingPriorityBand",
+        "NtGdiDdDDIGetMemoryBudgetTarget",
+        "NtGdiDdDDIDDisplayEnum",
+        "NtGdiDdDDIDispMgrCreate",
+        "NtGdiDdDDIDispMgrTargetOperation",
+        "NtGdiDdDDIDispMgrSourceOperation",
+        "NtGdiDdDDICreateProtectedSession",
+        "NtGdiDdDDIDestroyProtectedSession",
+        "NtGdiDdDDIQueryProtectedSessionStatus",
+        "NtGdiDdDDIQueryProtectedSessionInfoFromNtHandle",
+        "NtGdiDdDDIOpenProtectedSessionFromNtHandle",
+        "NtGdiDdDDISetMonitorColorSpaceTransform",
+        "NtGdiDdDDIPresentRedirected",
+        "NtGdiDdDDICreateBundleObject",
+        "NtGdiDdDDIExtractBundleObject",
+        "NtGdiDdDDISetDeviceLostSupport",
+        "NtGdiDdDDIGetProcessDeviceLostSupport",
+        "NtGdiMakeObjectUnXferable",
+        "NtGdiMakeObjectXferable",
+        "NtGdiDestroyPhysicalMonitor",
+        "NtGdiGetPhysicalMonitorDescription",
+        "NtGdiGetPhysicalMonitors",
+        "NtGdiGetNumberOfPhysicalMonitors",
+        "NtGdiDDCCIGetTimingReport",
+        "NtGdiDDCCIGetCapabilitiesString",
+        "NtGdiDDCCIGetCapabilitiesStringLength",
+        "NtGdiDDCCISaveCurrentSettings",
+        "NtGdiDDCCISetVCPFeature",
+        "NtGdiDDCCIGetVCPFeature",
+        "NtGdiDdQueryVisRgnUniqueness",
+        "NtGdiDdDestroyFullscreenSprite",
+        "NtGdiDdNotifyFullscreenSpriteUpdate",
+        "NtGdiDdCreateFullscreenSprite",
+        "NtGdiGetProcessSessionFonts",
+        "NtGdiGetPublicFontTableChangeCookie",
+        "NtGdiAddInitialFonts",
+        "NtUserShowSystemCursor",
+        "NtUserSetMirrorRendering",
+        "NtUserSetDesktopColorTransform",
+        "NtUserMagGetContextInformation",
+        "NtUserMagSetContextInformation",
+        "NtUserMagControl",
+        "NtUserSlicerControl",
+        "NtUserHwndSetRedirectionInfo",
+        "NtUserHwndQueryRedirectionInfo",
+        "NtCreateCompositionSurfaceHandle",
+        "NtValidateCompositionSurfaceHandle",
+        "NtBindCompositionSurface",
+        "NtUnBindCompositionSurface",
+        "NtQueryCompositionSurfaceBinding",
+        "NtNotifyPresentToCompositionSurface",
+        "NtQueryCompositionSurfaceStatistics",
+        "NtOpenCompositionSurfaceSectionInfo",
+        "NtOpenCompositionSurfaceSwapChainHandleInfo",
+        "NtQueryCompositionSurfaceRenderingRealization",
+        "NtOpenCompositionSurfaceDirtyRegion",
+        "NtQueryCompositionSurfaceHDRMetaData",
+        "NtSetCompositionSurfaceHDRMetaData",
+        "NtSetCompositionSurfaceDirectFlipState",
+        "NtSetCompositionSurfaceStatistics",
+        "NtSetCompositionSurfaceBufferUsage",
+        "NtSetCompositionSurfaceIndependentFlipInfo",
+        "NtDesktopCaptureBits",
+        "NtDCompositionEnableMMCSS",
+        "NtVisualCaptureBits",
+        "NtDCompositionEnableDDASupport",
+        "NtDCompositionCreateSharedVisualHandle",
+        "NtCreateCompositionInputSink",
+        "NtCreateImplicitCompositionInputSink",
+        "NtDuplicateCompositionInputSink",
+        "NtQueryCompositionInputSink",
+        "NtQueryCompositionInputSinkLuid",
+        "NtQueryCompositionInputSinkViewId",
+        "NtUpdateInputSinkTransforms",
+        "NtCompositionInputThread",
+        "NtQueryCompositionInputQueueAndTransform",
+        "NtQueryCompositionInputIsImplicit",
+        "NtCompositionSetDropTarget",
+        "NtTokenManagerOpenSectionAndEvents",
+        "NtTokenManagerThread",
+        "NtTokenManagerCreateCompositionTokenHandle",
+        "NtTokenManagerGetAnalogExclusiveTokenEvent",
+        "NtTokenManagerGetAnalogExclusiveSurfaceUpdates",
+        "NtTokenManagerConfirmOutstandingAnalogToken",
+        "NtSetCompositionSurfaceAnalogExclusive",
+        "NtDCompositionBeginFrame",
+        "NtDCompositionConfirmFrame",
+        "NtDCompositionRetireFrame",
+        "NtDCompositionDiscardFrame",
+        "NtDCompositionGetFrameSurfaceUpdates",
+        "NtDCompositionGetFrameLegacyTokens",
+        "NtDCompositionDestroyConnection",
+        "NtDCompositionGetConnectionBatch",
+        "NtDCompositionGetFrameStatistics",
+        "NtDCompositionGetDeletedResources",
+        "NtDCompositionCreateConnection",
+        "NtDCompositionDestroyChannel",
+        "NtDCompositionReleaseAllResources",
+        "NtDCompositionSubmitDWMBatch",
+        "NtDCompositionProcessChannelBatchBuffer",
+        "NtDCompositionCommitChannel",
+        "NtDCompositionWaitForChannel",
+        "NtDCompositionSetChannelCommitCompletionEvent",
+        "NtDCompositionTelemetryTouchInteractionBegin",
+        "NtDCompositionTelemetryTouchInteractionUpdate",
+        "NtDCompositionTelemetryTouchInteractionEnd",
+        "NtDCompositionTelemetrySetApplicationId",
+        "NtDCompositionTelemetryAnimationScenarioBegin",
+        "NtDCompositionTelemetryAnimationScenarioReference",
+        "NtDCompositionTelemetryAnimationScenarioUnreference",
+        "NtDCompositionCurrentBatchId",
+        "NtDCompositionRemoveCrossDeviceVisualChild",
+        "NtDCompositionAddCrossDeviceVisualChild",
+        "NtDCompositionCreateDwmChannel",
+        "NtDCompositionCreateChannel",
+        "NtDCompositionSynchronize",
+        "NtDCompositionReferenceSharedResourceOnDwmChannel",
+        "NtDCompositionCreateAndBindSharedSection",
+        "NtDCompositionSetDebugCounter",
+        "NtDCompositionGetChannels",
+        "NtDCompositionConnectPipe",
+        "NtDCompositionRegisterThumbnailVisual",
+        "NtDCompositionRegisterVirtualDesktopVisual",
+        "NtDCompositionDuplicateHandleToProcess",
+        "NtDCompositionUpdatePointerCapture",
+        "NtDCompositionSetChannelCallbackId",
+        "NtDCompositionDuplicateSwapchainHandleToDwm",
+        "NtDCompositionSetChildRootVisual",
+        "NtDCompositionCommitSynchronizationObject",
+        "NtFlipObjectCreate",
+        "NtFlipObjectOpen",
+        "NtFlipObjectAddPoolBuffer",
+        "NtFlipObjectRemovePoolBuffer",
+        "NtUserDestroyDCompositionHwndTarget",
+        "NtUserCreateDCompositionHwndTarget",
+        "NtUserCreateEmptyCursorObject",
+        "NtUserWaitForRedirectionStartComplete",
+        "NtUserWOWCleanup",
+        "NtUserSignalRedirectionStartComplete",
+        "NtUserEnableWindowResizeOptimization",
+        "NtUserGetResizeDCompositionSynchronizationObject",
+        "NtUserEnableResizeLayoutSynchronization",
+        "NtUserBeginLayoutUpdate",
+        "NtUserIsResizeLayoutSynchronizationEnabled",
+        "NtUserConfirmResizeCommit",
+        "NtUserSetActiveProcessForMonitor",
+        "NtUserGetDisplayAutoRotationPreferencesByProcessId",
+        "NtUserGetDisplayAutoRotationPreferences",
+        "NtUserSetDisplayAutoRotationPreferences",
+        "NtUserSetAutoRotation",
+        "NtUserGetAutoRotationState",
+        "NtUserAutoRotateScreen",
+        "NtUserAcquireIAMKey",
+        "NtUserSetActivationFilter",
+        "NtUserSetFallbackForeground",
+        "NtUserSetBrokeredForeground",
+        "NtUserDisableImmersiveOwner",
+        "NtUserClearForeground",
+        "NtUserEnableIAMAccess",
+        "NtUserGetProcessUIContextInformation",
+        "NtUserSetProcessRestrictionExemption",
+        "NtUserSetWindowArrangement",
+        "NtUserSetWindowShowState",
+        "NtUserUpdateWindowTrackingInfo",
+        "NtUserEnableMouseInPointer",
+        "NtUserIsMouseInPointerEnabled",
+        "NtUserPromoteMouseInPointer",
+        "NtUserAutoPromoteMouseInPointer",
+        "NtUserEnableMouseInputForCursorSuppression",
+        "NtUserIsMouseInputEnabled",
+        "NtUserCheckProcessForClipboardAccess",
+        "NtUserGetClipboardAccessToken",
+        "NtUserGetQueueStatusReadonly",
+        "NtUserCompositionInputSinkLuidFromPoint",
+        "NtUserCompositionInputSinkViewInstanceIdFromPoint",
+        "NtUserUpdateWindowInputSinkHints",
+        "NtUserTransformPoint",
+        "NtUserTransformRect",
+        "NtUserGetHimetricScaleFactorFromPixelLocation",
+        "NtUserGetHDevName",
+        "NtUserGetDpiForMonitor",
+        "NtUserReportInertia",
+        "NtUserLinkDpiCursor",
+        "NtUserGetCursorDims",
+        "NtUserGetCursor",
+        "NtUserInitializeInputDeviceInjection",
+        "NtUserInitializeGenericHidInjection",
+        "NtUserInitializePointerDeviceInjection",
+        "NtUserRemoveInjectionDevice",
+        "NtUserSetFeatureReportResponse",
+        "NtUserInjectDeviceInput",
+        "NtUserInjectMouseInput",
+        "NtUserInjectKeyboardInput",
+        "NtUserInjectPointerInput",
+        "NtUserInjectGenericHidInput",
+        "NtUserInitializePointerDeviceInjectionEx",
+        "NtRIMRegisterForInput",
+        "NtRIMReadInput",
+        "NtRIMGetDevicePreparsedData",
+        "NtRIMGetDeviceProperties",
+        "NtRIMAreSiblingDevices",
+        "NtRIMFreeInputBuffer",
+        "NtRIMOnPnpNotification",
+        "NtRIMOnTimerNotification",
+        "NtRIMDeviceIoControl",
+        "NtRIMUnregisterForInput",
+        "NtRIMSetTestModeStatus",
+        "NtRIMGetPhysicalDeviceRect",
+        "NtRIMGetSourceProcessId",
+        "NtRIMAddInputObserver",
+        "NtRIMRemoveInputObserver",
+        "NtRIMUpdateInputObserverRegistration",
+        "NtRIMObserveNextInput",
+        "NtRIMGetDevicePreparsedDataLockfree",
+        "NtRIMGetDevicePropertiesLockfree",
+        "NtRIMEnableMonitorMappingForDevice",
+        "NtUserSetCoreWindow",
+        "NtUserSetCoreWindowPartner",
+        "NtUserNavigateFocus",
+        "NtHWCursorUpdatePointer",
+        "NtUserAcquireInteractiveControlBackgroundAccess",
+        "NtUserGetInteractiveControlInfo",
+        "NtUserGetInteractiveControlDeviceInfo",
+        "NtUserSendInteractiveControlHapticsReport",
+        "NtUserSetInteractiveControlFocus",
+        "NtUserInteractiveControlQueryUsage",
+        "NtUserSetInteractiveCtrlRotationAngle",
+        "NtUserGetInteractiveCtrlSupportedWaveforms",
+        "NtUserProcessInkFeedbackCommand",
+        "NtUserSetProcessInteractionFlags",
+        "NtMITActivateInputProcessing",
+        "NtMITWaitForMultipleObjectsEx",
+        "NtMITDeactivateInputProcessing",
+        "NtMITSetInputCallbacks",
+        "NtMITCoreMsgKGetConnectionHandle",
+        "NtMITCoreMsgKSend",
+        "NtMITCoreMsgKOpenConnectionTo",
+        "NtMITUpdateInputGlobals",
+        "NtMITBindInputTypeToMonitors",
+        "NtMITEnableMouseIntercept",
+        "NtMITDisableMouseIntercept",
+        "NtMITSynthesizeTouchInput",
+        "NtMITSynthesizeMouseInput",
+        "NtMITSynthesizeMouseWheel",
+        "NtMITGetCursorUpdateHandle",
+        "NtDWMSetInputSystemOutputConfig",
+        "NtDWMCommitInputSystemOutputConfig",
+        "NtDWMBindCursorToOutputConfig",
+        "NtDWMSetCursorOrientation",
+        "NtUserMsgWaitForMultipleObjectsEx"
+    ]
+]
\ No newline at end of file
diff --git a/volatility/plugins/ssdt.py b/volatility/plugins/ssdt.py
index 1ebac23d5..bb3823167 100644
--- a/volatility/plugins/ssdt.py
+++ b/volatility/plugins/ssdt.py
@@ -39,7 +39,7 @@
 
 #pylint: disable-msg=C0111
 
-def find_tables(start_addr, vm):
+def find_tables(nt_base, start_addr, vm):
     """
     This function finds the RVAs to KeServiceDescriptorTable
     and KeServiceDescriptorTableShadow in the NT module. 
@@ -81,12 +81,15 @@ def find_tables(start_addr, vm):
             if op.flowControl == 'FC_RET':
                 break
             # Looking for a 9-byte CMP instruction whose first operand
-            # has a 32-bit displacement and second operand is zero 
-            if op.mnemonic == 'CMP' and op.size == 9 and op.operands[0].dispSize == 32 and op.operands[0].value == 0:
-                # The displacement is the RVA we want 
-                service_tables.append(op.operands[0].disp)
+            # has a 32-bit displacement and second operand is zero or
+            # a 7-byte CMP instruction with RIP relative addressing
+            if op.mnemonic == 'CMP' and op.operands[0].dispSize == 32 and op.operands[0].value == 0:
+                if op.size == 9:
+                    service_tables.append(nt_base + op.operands[0].disp)
+                elif op.size == 7:
+                    service_tables.append(op.address + op.size + op.operands[0].disp)
             elif op.mnemonic == 'LEA' and op.size == 7 and op.operands[1].dispSize == 32 and op.operands[1].disp > 0:
-                service_tables.append(op.operands[1].disp)
+                service_tables.append(nt_base + op.operands[1].disp)
     else:
         vm.profile.add_types({
             '_INSTRUCTION' : [ 9, {
@@ -109,7 +112,7 @@ def find_tables(start_addr, vm):
             if op.value == 0:
                 for s in ops_list:
                     if op.opcode.v().startswith(s):
-                        service_tables.append(op.disp)
+                        service_tables.append(nt_base + op.disp)
 
     return service_tables
 
@@ -150,8 +153,8 @@ def calculate(self):
             if func_rva == None:
                 raise StopIteration("Cannot locate KeAddSystemServiceTable")
             KeAddSystemServiceTable = ntos.DllBase + func_rva
-            for table_rva in find_tables(KeAddSystemServiceTable, addr_space):
-                ssdt_obj = obj.Object("_SERVICE_DESCRIPTOR_TABLE", ntos.DllBase + table_rva, addr_space)
+            for table_addr in find_tables(ntos.DllBase, KeAddSystemServiceTable, addr_space):
+                ssdt_obj = obj.Object("_SERVICE_DESCRIPTOR_TABLE", table_addr, addr_space)
                 ssdts.add(ssdt_obj)
 
         # Get a list of *unique* SSDT entries. Typically we see only two.

From fc127ca626055e622f10fba1167161ea1d6d3252 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 13 Nov 2017 08:48:09 -0600
Subject: [PATCH 168/304] Mac - add support for vme_offset in vm_map_entry

---
 volatility/plugins/overlays/mac/mac.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 68c9076b7..1ba24c270 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1513,6 +1513,15 @@ def object(self):
 
         return ret
 
+    @property
+    def offset(self): 
+        if hasattr(self, "vme_offset"):
+            ret = self.vme_offset
+        else:
+            ret = self.m("offset")
+
+        return ret
+
     def get_vnode(self):
         map_obj = self
 

From 6157f32b695aeb80fcef1056744a0b5a52741a99 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 13 Nov 2017 10:05:18 -0600
Subject: [PATCH 169/304] Mac - Update profile generation for high sierra

---
 tools/mac/convert.py | 98 ++++++++++++++++++++++++++++++--------------
 1 file changed, 67 insertions(+), 31 deletions(-)

diff --git a/tools/mac/convert.py b/tools/mac/convert.py
index cc7831c27..0583c1c53 100755
--- a/tools/mac/convert.py
+++ b/tools/mac/convert.py
@@ -32,6 +32,7 @@ class DWARFParser(object):
         'signed char': 'signed char',
         'unsigned char': 'unsigned char',
         'unsigned int': 'unsigned int',
+        'unsigned __int128' : 'unsigned char', ### not sure if Vol 2 can represent 128-bit values natively??
     }
 
     def __init__(self):
@@ -150,6 +151,19 @@ def feed_line(self, line):
         #else:
         #    print "line %s does not match" % line.strip()
 
+    def get_offset(self, data):
+        if 'AT_data_member_location' in data:
+            loc = data['AT_data_member_location']
+            if loc[0] == "x":
+                off = int(loc[1:], 16)
+            else:
+                off = int(loc)
+        else:
+            off = 0
+
+
+        return off
+
     def process_statement(self, kind, level, data, statement_id):
         """Process a single parsed statement."""
         new_level = int(level)
@@ -253,11 +267,9 @@ def process_statement(self, kind, level, data, statement_id):
             self.id_to_name[statement_id] = ['void']         # Don't need these
 
         elif kind == 'TAG_variable' and level == '1':
-            if 'AT_location' in data:
-                split = data['AT_location'].split()
-                if len(split) > 1:
-                    loc = int(split[1], 0)
-                    self.vars[data['AT_name']] = [loc, data['AT_type']]
+            loc = self.get_offset(data)
+            if loc != None:
+                self.vars[data['AT_name']] = [loc, data['AT_type']]
 
         elif kind == 'TAG_subprogram':
             # IDEK
@@ -265,16 +277,29 @@ def process_statement(self, kind, level, data, statement_id):
 
         elif kind == 'TAG_member' and parent_kind == 'TAG_structure_type':
             name = data.get('AT_name', "__unnamed_%s" % statement_id)
-            off = int(data['AT_data_member_location'])
-
-            if 'AT_bit_size' in data and 'AT_bit_offset' in data:
-                full_size = int(data['AT_byte_size'])*8
-                stbit = int(data['AT_bit_offset'])
-                edbit = stbit + int(data['AT_bit_size'])
-                stbit = full_size - stbit
-                edbit = full_size - edbit
-                stbit, edbit = edbit, stbit
-                assert stbit < edbit
+            
+            off = self.get_offset(data)
+
+            if 'AT_bit_size' in data and ('AT_bit_offset' in data or 'AT_data_bit_offset' in data):
+               
+                if 'AT_bit_offset' in data:
+                    stbit = int(data['AT_bit_offset'])
+                    edbit = stbit + int(data['AT_bit_size'])
+                    full_size = int(data['AT_byte_size'])*8
+                    stbit = full_size - stbit
+                    edbit = full_size - edbit
+                    stbit, edbit = edbit, stbit
+                    assert stbit < edbit
+                 
+                # high sierra + 
+                else:
+                    stbit = int(data['AT_data_bit_offset'], 16) 
+              
+                    off = stbit / 8
+                    stbit = stbit % 8
+
+                    edbit = stbit + int(data['AT_bit_size'], 16)
+
                 memb_tp = ['BitField', dict(start_bit = stbit, end_bit = edbit)]
             else:
                 memb_tp = data['AT_type']
@@ -284,19 +309,28 @@ def process_statement(self, kind, level, data, statement_id):
         elif kind == 'TAG_member' and parent_kind == 'TAG_class_type':
             name = data.get('AT_name', "__unnamed_%s" % statement_id)
 
-            try:
-                off = int(data['AT_data_member_location'])
-            except:
-                off = 0
-
-            if 'AT_bit_size' in data and 'AT_bit_offset' in data:
-                full_size = int(data['AT_byte_size'])*8
-                stbit = int(data['AT_bit_offset'])
-                edbit = stbit + int(data['AT_bit_size'])
-                stbit = full_size - stbit
-                edbit = full_size - edbit
-                stbit, edbit = edbit, stbit
-                assert stbit < edbit
+            off = self.get_offset(data)
+
+            if 'AT_bit_size' in data and ('AT_bit_offset' in data or 'AT_data_bit_offset' in data):
+            
+                if 'AT_bit_offset' in data:
+                    stbit = int(data['AT_bit_offset'])
+                    edbit = stbit + int(data['AT_bit_size'])
+                    full_size = int(data['AT_byte_size'])*8
+                    stbit = full_size - stbit
+                    edbit = full_size - edbit
+                    stbit, edbit = edbit, stbit
+                    assert stbit < edbit
+                 
+                # high sierra + 
+                else:
+                    stbit = int(data['AT_data_bit_offset'], 16) 
+                 
+                    off = stbit / 8
+                    stbit = stbit % 8
+                 
+                    edbit = stbit + int(data['AT_bit_size'], 16) 
+               
                 memb_tp = ['BitField', dict(start_bit = stbit, end_bit = edbit)]
             else:
                 memb_tp = data['AT_type']
@@ -547,9 +581,11 @@ def convert_file(mac_file, outfile):
                     val = "%d" % int(val, 16)
 
                 if name == "AT_data_member_location":
-                    # skip +
-                    val = val[1:]
-            
+                    if val.startswith("+"):
+                        val = int(val, 10)
+                    else:
+                        val = int(val, 16)
+
                 if name == "AT_type":
                     # convert {0x00000550} ( queue_chain_t )
                     # to      decimal of int

From b51e3d912ab0020cf645bfd0d01f127b1fb37232 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 13 Nov 2017 10:23:01 -0600
Subject: [PATCH 170/304] Mac - update get_profile for new debug kits

---
 volatility/plugins/mac/get_profile.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index 9fde3c387..b5d4c1fb7 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -55,6 +55,7 @@
 ["MacElCapitan_10_11_6_15G1421x64", 18446743523963503440, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1510x64", 18446743523963503632, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1611x64", 18446743523963517424, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G17023x64", 18446743523963518416, 18446743523964555264, 1],
 ["MacElCapitan_10_11_15A284x64", 18446743523963516960, 18446743523964547072, 1],
 ["MacSierra_10_12_0_16A323x64", 18446743523963569392, 18446743523964379136, 1],
 ["MacSierra_10_12_1_16B2657x64", 18446743523963568512, 18446743523964379136, 1],
@@ -63,7 +64,9 @@
 ["MacSierra_10_12_3_16D32x64", 18446743523963567520, 18446743523964379136, 1],
 ["MacSierra_10_12_4_16E195x64", 18446743523963564384, 18446743523964379136, 1],
 ["MacSierra_10_12_5_16F73x64", 18446743523963562144, 18446743523964379136, 1],
+["MacSierra_10_12_6_16G1036x64", 18446743523963564096, 18446743523964379136, 1],
 ["MacSierra_10_12_6_16G29x64", 18446743523963561936, 18446743523964379136, 1],
+["MacHighSierra_10_13_1_17B48x64", 18446743523963490832, 18446743523964391424, 1],
 ["MacLeopard_10_5_3_Intelx86", 4850472, 1708032, 0],
 ["MacLeopard_10_5_4_Intelx86", 4850488, 1708032, 0],
 ["MacLeopard_10_5_5_Intelx86", 4850568, 1708032, 0],
@@ -115,6 +118,8 @@
 ["MacMavericks_10_9_5_AMDx64", 18446743523961765968, 18446743523962273792, 1],
 ]
 
+
+
 collisions_10_8_5 = {
     "MacMountainLion_10_8_5_12F2518_AMDx64" : "xnu-2050.48.19~1",
     "MacMountainLion_10_8_5_12f37_AMDx64"   : "xnu-2050.48.11~1",

From bb3fc2f1868ffb936e8a8588a987780f5f82d385 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Mon, 13 Nov 2017 22:35:35 -0600
Subject: [PATCH 171/304] Fixes for wow64 support on windows 10

---
 .../plugins/overlays/windows/pe_vtypes.py     | 49 ++++++----------
 .../plugins/overlays/windows/windows.py       | 56 ++++++++++++-------
 2 files changed, 53 insertions(+), 52 deletions(-)

diff --git a/volatility/plugins/overlays/windows/pe_vtypes.py b/volatility/plugins/overlays/windows/pe_vtypes.py
index 73872228a..022694bb6 100644
--- a/volatility/plugins/overlays/windows/pe_vtypes.py
+++ b/volatility/plugins/overlays/windows/pe_vtypes.py
@@ -1029,18 +1029,12 @@ def modification(self, profile):
             })
 
 peb32_vtypes = {
-   '_PEB32_LDR_DATA': [48, {
-        "Length": [0, ['unsigned long']],
-        "Initialized": [4, ['unsigned char']],
-        "SsHandle": [8, ['pointer32', ['void']]],
+   '_PEB32_LDR_DATA': [None, {
         "InLoadOrderModuleList": [12, ['LIST_ENTRY32']],
         "InMemoryOrderModuleList": [20, ['LIST_ENTRY32']],
         "InInitializationOrderModuleList": [28, ['LIST_ENTRY32']],
-        "EntryInProgress": [36, ['pointer32', ['void']]],
-        "ShutdownInProgress": [40, ['unsigned char']],
-        "ShutdownThreadId": [44, ['pointer32', ['void']]],
     }],
-    '_LDR32_DATA_TABLE_ENTRY': [76, {
+    '_LDR32_DATA_TABLE_ENTRY': [None, {
         "InLoadOrderLinks": [0, ['LIST_ENTRY32']],
         "InMemoryOrderLinks": [8, ['LIST_ENTRY32']],
         "InInitializationOrderLinks": [16, ['LIST_ENTRY32']],
@@ -1049,24 +1043,9 @@ def modification(self, profile):
         "SizeOfImage": [32, ['unsigned long']],
         "FullDllName": [36, ['_UNICODE32_STRING']],
         "BaseDllName": [44, ['_UNICODE32_STRING']],
-        "Flags": [52, ['unsigned long']],
         "LoadCount": [56, ['unsigned short']],
-        "TlsIndex": [58, ['unsigned short']],
-        "HashLinks": [60, ['LIST_ENTRY32']],
         "TimeDateStamp": [68, ['unsigned long']],
-        "EntryPointActivationContext": [72, ['pointer32', ['void']]],
-    }],
-}
-
-peb32_overlay = {
-    '_PEB32' : [None, {
-        'Ldr' : [ None, ['pointer32', ['_PEB32_LDR_DATA']]],       
-    }],
-}
-
-ldr_loadtime_overlay = {
-   '_LDR32_DATA_TABLE_ENTRY' : [None, {
-        "LoadTime": [0x70, ['WinTimeStamp']],
+        "LoadTime": [0x70, ['WinTimeStamp', dict(is_utc = True)]],
     }],
 }
 
@@ -1079,12 +1058,20 @@ class WinPeb32(obj.ProfileModification):
 
     def modification(self, profile):       
         profile.vtypes.update(peb32_vtypes)
-        profile.merge_overlay(peb32_overlay)
-        profile.object_classes.update({"_LDR32_DATA_TABLE_ENTRY" : _LDR_DATA_TABLE_ENTRY})
-       
-        if 'LoadTime' in profile.vtypes['_LDR_DATA_TABLE_ENTRY'][1]:
-            profile.merge_overlay(ldr_loadtime_overlay)
-        
-
+        profile.merge_overlay({
+            '_PEB32' : [None, {
+                'Ldr' : [ None, ['pointer32', ['_PEB32_LDR_DATA']]],
+            }]})
+        profile.object_classes.update({
+            "_LDR32_DATA_TABLE_ENTRY" : _LDR_DATA_TABLE_ENTRY,
+            })
 
+        meta = profile.metadata
+        vers = (meta.get("major", 0), meta.get("minor", 0))
 
+        # the offset changed starting in windows 8
+        if vers >= (6, 3):
+            profile.merge_overlay({
+                '_LDR32_DATA_TABLE_ENTRY' : [None, {
+                    "LoadTime": [0x88, ['WinTimeStamp', dict(is_utc = True)]],
+                }]})
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index 7cbd3bded..ebeb615b2 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -391,7 +391,7 @@ def Peb(self):
 
         The PEB structure is referencing back into the process address
         space so we need to switch address spaces when we look at
-        it. This method ensure this happens automatically.
+        it. This method ensures this happens automatically.
         """
         process_ad = self.get_process_address_space()
         if process_ad:
@@ -404,20 +404,31 @@ def Peb(self):
 
         return obj.NoneObject("Peb not found")
 
+    @property
     def Peb32(self):
         """ Returns a _PEB object which is using the process address space.
 
         The PEB structure is referencing back into the process address
         space so we need to switch address spaces when we look at
-        it. This method ensure this happens automatically.
+        it. This method ensures this happens automatically.
         """
-        process_ad = self.get_process_address_space()
-        if process_ad:
-            offset = self.Wow64Process.v()
-            peb32 = obj.Object("_PEB32", offset = offset, vm = process_ad, name = "Peb32", parent = self)
+        wow64process = self.Wow64Process
+
+        if wow64process.is_valid():
+            process_ad = self.get_process_address_space()
+            if process_ad:
 
-            if peb32.is_valid():
-                return peb32
+                # starting with windows 10 the Wow64Process member
+                # points to an _EWOW64PROCESS with a Peb
+                try:
+                    offset = wow64process.Peb
+                except AttributeError:
+                    offset = wow64process
+
+                peb32 = obj.Object("_PEB32", offset = offset, vm = process_ad, name = "Peb32", parent = self)
+
+                if peb32.is_valid():
+                    return peb32
         
         return obj.NoneObject("Peb32 not found")
 
@@ -442,11 +453,12 @@ def _get_modules(self, the_list, entry_type, link_member):
                 yield l
 
     def _prep_get_modules(self, list_member, link_member):
-        for module in self._get_modules(self.Peb.Ldr.m(list_member), "_LDR_DATA_TABLE_ENTRY", link_member):
-            yield module
 
-        if self.IsWow64:
-            for module in self._get_modules(self.Peb32().Ldr.m(list_member), "_LDR32_DATA_TABLE_ENTRY", link_member):
+        pebs = [[self.Peb, "_LDR_DATA_TABLE_ENTRY"],
+            [self.Peb32, "_LDR32_DATA_TABLE_ENTRY"]]
+
+        for peb, table_name in pebs:
+            for module in self._get_modules(peb.Ldr.m(list_member), table_name, link_member):
                 yield module
 
     def get_init_modules(self):
@@ -474,20 +486,22 @@ def get_token(self):
 
     @property
     def Wow64Process(self):
-        if hasattr(self, "Wow64Process"):
-            ret = self.m("Wow64Process")
-        elif hasattr(self, "WoW64Process"):
-            ret = self.m("WoW64Process")
-        else:
-            ret = 0
+        try:
+            return self.m("Wow64Process")
+        except AttributeError:
+            pass
+
+        try:
+            return self.m("WoW64Process")
+        except AttributeError:
+            pass
 
-        return ret
+        return obj.NoneObject("Cannot determine the WoW64 status")
 
     @property
     def IsWow64(self):
         """Returns True if this is a wow64 process"""
-        val = self.Wow64Process
-        return val != 0 and val.v() != None
+        return self.Wow64Process.is_valid()
 
     @property
     def SessionId(self):

From b4c70ff6db78a588c14fdadc2cedb3b9d214b285 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 14 Nov 2017 07:24:02 -0600
Subject: [PATCH 172/304] Dynamically load the PEB32 structures from the 32-bit
 version of the 64-bit profile being analyzed

---
 .../plugins/overlays/windows/pe_vtypes.py     | 110 +++++++++++-------
 volatility/plugins/overlays/windows/win8.py   |  12 --
 2 files changed, 70 insertions(+), 52 deletions(-)

diff --git a/volatility/plugins/overlays/windows/pe_vtypes.py b/volatility/plugins/overlays/windows/pe_vtypes.py
index 022694bb6..18942a20f 100644
--- a/volatility/plugins/overlays/windows/pe_vtypes.py
+++ b/volatility/plugins/overlays/windows/pe_vtypes.py
@@ -18,11 +18,12 @@
 # along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
 #
 
-import struct
+import struct, copy
 import volatility.exceptions as exceptions
 import volatility.obj as obj
 import volatility.debug as debug
 import volatility.addrspace as addrspace
+import volatility.registry as registry
 
 pe_vtypes = {
     '_IMAGE_EXPORT_DIRECTORY': [ 0x28, {
@@ -448,6 +449,22 @@ def load_time(self):
         else:
             return ""
 
+    @property
+    def LoadCount(self):
+        # prior to windows 8 / server 2012
+        try:
+            return self.m("LoadCount")
+        except AttributeError:
+            pass
+
+        # windows 8 / server 2012 and later
+        try:
+            return self.ObsoleteLoadCount
+        except AttributeError:
+            pass
+
+        return obj.NoneObject("No load count")
+
     def _nt_header(self):
         """Return the _IMAGE_NT_HEADERS object"""
 
@@ -1028,50 +1045,63 @@ def modification(self, profile):
             'VerStruct': VerStruct,
             })
 
-peb32_vtypes = {
-   '_PEB32_LDR_DATA': [None, {
-        "InLoadOrderModuleList": [12, ['LIST_ENTRY32']],
-        "InMemoryOrderModuleList": [20, ['LIST_ENTRY32']],
-        "InInitializationOrderModuleList": [28, ['LIST_ENTRY32']],
-    }],
-    '_LDR32_DATA_TABLE_ENTRY': [None, {
-        "InLoadOrderLinks": [0, ['LIST_ENTRY32']],
-        "InMemoryOrderLinks": [8, ['LIST_ENTRY32']],
-        "InInitializationOrderLinks": [16, ['LIST_ENTRY32']],
-        "DllBase": [24, ['pointer32', ['void']]],
-        "EntryPoint": [28, ['pointer32', ['void']]],
-        "SizeOfImage": [32, ['unsigned long']],
-        "FullDllName": [36, ['_UNICODE32_STRING']],
-        "BaseDllName": [44, ['_UNICODE32_STRING']],
-        "LoadCount": [56, ['unsigned short']],
-        "TimeDateStamp": [68, ['unsigned long']],
-        "LoadTime": [0x70, ['WinTimeStamp', dict(is_utc = True)]],
-    }],
-}
-
 # apply to any 64bit version of Windows
 class WinPeb32(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows',
                   'memory_model': lambda x: x == '64bit'}
 
-    before = ['WinPEVTypes', 'WinPEx64VTypes', 'WinPEObjectClasses']
+    before = ['WinPEVTypes', 'WinPEx64VTypes', 'WinPEObjectClasses', 'WindowsObjectClasses']
 
-    def modification(self, profile):       
-        profile.vtypes.update(peb32_vtypes)
-        profile.merge_overlay({
-            '_PEB32' : [None, {
-                'Ldr' : [ None, ['pointer32', ['_PEB32_LDR_DATA']]],
-            }]})
-        profile.object_classes.update({
-            "_LDR32_DATA_TABLE_ENTRY" : _LDR_DATA_TABLE_ENTRY,
-            })
+    def cast_as_32bit(self, source_vtype):
+        vtype = copy.copy(source_vtype)
+        # the members of the structure
+        members = vtype[1]
 
+        mapping = {
+            "pointer": "pointer32",
+            "_UNICODE_STRING": "_UNICODE32_STRING",
+            "_LIST_ENTRY": "LIST_ENTRY32",
+        }
+
+        for name, member in members.items():
+            datatype = member[1][0]
+
+            if datatype in mapping:
+                member[1][0] = mapping[datatype]
+
+        return vtype
+
+    def modification(self, profile):
+        profiles = registry.get_plugin_classes(obj.Profile)
         meta = profile.metadata
-        vers = (meta.get("major", 0), meta.get("minor", 0))
-
-        # the offset changed starting in windows 8
-        if vers >= (6, 3):
-            profile.merge_overlay({
-                '_LDR32_DATA_TABLE_ENTRY' : [None, {
-                    "LoadTime": [0x88, ['WinTimeStamp', dict(is_utc = True)]],
-                }]})
\ No newline at end of file
+
+        # find the equivalent 32-bit profile to this 64-bit profile
+        profile_32bit = None
+        for prof in profiles.values():
+            if (prof._md_major == meta.get("major") and
+                            prof._md_minor == meta.get("minor") and
+                            prof._md_build == meta.get("build") and
+                            prof._md_memory_model == "32bit"):
+
+                profile_32bit = prof()
+                break
+
+        if profile_32bit == None:
+            debug.warning("Cannot find a 32-bit equivalent profile. The "\
+                "WoW64 plugins (dlllist, ldrmodules, etc) may not work.")
+            return
+
+        profile.vtypes.update({
+            "_PEB32_LDR_DATA": self.cast_as_32bit(profile_32bit.vtypes["_PEB_LDR_DATA"]),
+            "_LDR32_DATA_TABLE_ENTRY": self.cast_as_32bit(profile_32bit.vtypes["_LDR_DATA_TABLE_ENTRY"]),
+            '_UNICODE32_STRING': self.cast_as_32bit(profile_32bit.vtypes["_UNICODE_STRING"]),
+        })
+
+        profile.object_classes.update({
+            "_LDR32_DATA_TABLE_ENTRY": _LDR_DATA_TABLE_ENTRY
+        })
+
+        profile.merge_overlay({
+            '_PEB32': [None, {
+                'Ldr': [None, ['pointer32', ['_PEB32_LDR_DATA']]],
+        }]})
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win8.py b/volatility/plugins/overlays/windows/win8.py
index 790a74232..955921c40 100644
--- a/volatility/plugins/overlays/windows/win8.py
+++ b/volatility/plugins/overlays/windows/win8.py
@@ -139,17 +139,6 @@ class _PSP_CID_TABLE_81R264(_PSP_CID_TABLE64):
     """PspCidTable for 64-bit Windows 8.1 and Server 2012 R2"""
     DECODE_MAGIC = 0x10
 
-class _LDR_DATA_TABLE_ENTRY(pe_vtypes._LDR_DATA_TABLE_ENTRY):
-    """A class for DLL modules"""
-    
-    @property
-    def LoadCount(self):
-        """The Windows 8 / 2012 module does not have a 
-        LoadCount member, so we fake it.
-        """
-
-        return self.ObsoleteLoadCount
-
 class _OBJECT_HEADER(win7._OBJECT_HEADER):
     """A class for object headers on Win 8 / Server 2012"""
 
@@ -398,7 +387,6 @@ def modification(self, profile):
             objheader = _OBJECT_HEADER
 
         profile.object_classes.update({
-                "_LDR_DATA_TABLE_ENTRY": _LDR_DATA_TABLE_ENTRY, 
                 "_HANDLE_TABLE": handletable,
                 "_OBJECT_HEADER": objheader,
                 "_PSP_CID_TABLE": pspcidtable,

From dd0da529abde549f02e640d746e336d09321e7ae Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 14 Nov 2017 08:03:36 -0600
Subject: [PATCH 173/304] Move wow64 code to windows64.py and don't apply wow64
 types globally

---
 .../plugins/overlays/windows/pe_vtypes.py     | 66 +----------------
 .../plugins/overlays/windows/windows.py       | 16 -----
 .../plugins/overlays/windows/windows64.py     | 70 +++++++++++++++++++
 3 files changed, 72 insertions(+), 80 deletions(-)

diff --git a/volatility/plugins/overlays/windows/pe_vtypes.py b/volatility/plugins/overlays/windows/pe_vtypes.py
index 18942a20f..554f1f47e 100644
--- a/volatility/plugins/overlays/windows/pe_vtypes.py
+++ b/volatility/plugins/overlays/windows/pe_vtypes.py
@@ -18,12 +18,11 @@
 # along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
 #
 
-import struct, copy
+import struct
 import volatility.exceptions as exceptions
 import volatility.obj as obj
 import volatility.debug as debug
 import volatility.addrspace as addrspace
-import volatility.registry as registry
 
 pe_vtypes = {
     '_IMAGE_EXPORT_DIRECTORY': [ 0x28, {
@@ -1043,65 +1042,4 @@ def modification(self, profile):
             '_VS_FIXEDFILEINFO': _VS_FIXEDFILEINFO,
             '_VS_VERSION_INFO': _VS_VERSION_INFO,
             'VerStruct': VerStruct,
-            })
-
-# apply to any 64bit version of Windows
-class WinPeb32(obj.ProfileModification):
-    conditions = {'os': lambda x: x == 'windows',
-                  'memory_model': lambda x: x == '64bit'}
-
-    before = ['WinPEVTypes', 'WinPEx64VTypes', 'WinPEObjectClasses', 'WindowsObjectClasses']
-
-    def cast_as_32bit(self, source_vtype):
-        vtype = copy.copy(source_vtype)
-        # the members of the structure
-        members = vtype[1]
-
-        mapping = {
-            "pointer": "pointer32",
-            "_UNICODE_STRING": "_UNICODE32_STRING",
-            "_LIST_ENTRY": "LIST_ENTRY32",
-        }
-
-        for name, member in members.items():
-            datatype = member[1][0]
-
-            if datatype in mapping:
-                member[1][0] = mapping[datatype]
-
-        return vtype
-
-    def modification(self, profile):
-        profiles = registry.get_plugin_classes(obj.Profile)
-        meta = profile.metadata
-
-        # find the equivalent 32-bit profile to this 64-bit profile
-        profile_32bit = None
-        for prof in profiles.values():
-            if (prof._md_major == meta.get("major") and
-                            prof._md_minor == meta.get("minor") and
-                            prof._md_build == meta.get("build") and
-                            prof._md_memory_model == "32bit"):
-
-                profile_32bit = prof()
-                break
-
-        if profile_32bit == None:
-            debug.warning("Cannot find a 32-bit equivalent profile. The "\
-                "WoW64 plugins (dlllist, ldrmodules, etc) may not work.")
-            return
-
-        profile.vtypes.update({
-            "_PEB32_LDR_DATA": self.cast_as_32bit(profile_32bit.vtypes["_PEB_LDR_DATA"]),
-            "_LDR32_DATA_TABLE_ENTRY": self.cast_as_32bit(profile_32bit.vtypes["_LDR_DATA_TABLE_ENTRY"]),
-            '_UNICODE32_STRING': self.cast_as_32bit(profile_32bit.vtypes["_UNICODE_STRING"]),
-        })
-
-        profile.object_classes.update({
-            "_LDR32_DATA_TABLE_ENTRY": _LDR_DATA_TABLE_ENTRY
-        })
-
-        profile.merge_overlay({
-            '_PEB32': [None, {
-                'Ldr': [None, ['pointer32', ['_PEB32_LDR_DATA']]],
-        }]})
\ No newline at end of file
+            })
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index ebeb615b2..311591e97 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -255,11 +255,6 @@ def __nonzero__(self):
     def __iter__(self):
         return self.list_of_type(self.obj_parent.obj_name, self.obj_name)
 
-# for LIST_ENTRY32, the LDR member is an unsigned long not a Pointer as regular LIST_ENTRY
-class LIST_ENTRY32(_LIST_ENTRY):
-    def get_next_entry(self, member):
-        return obj.Object("LIST_ENTRY32", offset = self.m(member).v(), vm = self.obj_vm)
-
 class WinTimeStamp(obj.NativeType):
     """Class for handling Windows Time Stamps"""
 
@@ -1212,14 +1207,6 @@ def get_object(self, struct_name, object_type = None, use_top_down = False, skip
 import tcpip_vtypes
 import ssdt_vtypes
 
-unicode32_vtypes = {
-  '_UNICODE32_STRING' : [ 12, {
-    'Length' : [ 0x0, ['unsigned short']],
-    'MaximumLength' : [ 0x2, ['unsigned short']],
-    'Buffer' : [ 0x4, ['pointer32', ['unsigned short']]],
-  }],
-}
-
 class WindowsOverlay(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows'}
     before = ['BasicObjectClasses', 'WindowsVTypes']
@@ -1237,7 +1224,6 @@ def modification(self, profile):
         profile.vtypes.update(kdbg_vtypes.kdbg_vtypes)
         profile.vtypes.update(tcpip_vtypes.tcpip_vtypes)
         profile.vtypes.update(ssdt_vtypes.ssdt_vtypes)
-        profile.vtypes.update(unicode32_vtypes)
 
 class WindowsObjectClasses(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows'}
@@ -1246,9 +1232,7 @@ class WindowsObjectClasses(obj.ProfileModification):
     def modification(self, profile):
         profile.object_classes.update({
             '_UNICODE_STRING': _UNICODE_STRING,
-            '_UNICODE32_STRING': _UNICODE_STRING,
             '_LIST_ENTRY': _LIST_ENTRY,
-            'LIST_ENTRY32': LIST_ENTRY32,
             'WinTimeStamp': WinTimeStamp,
             'DosDate':DosDate,
             '_EPROCESS': _EPROCESS,
diff --git a/volatility/plugins/overlays/windows/windows64.py b/volatility/plugins/overlays/windows/windows64.py
index 6ecead712..481575353 100644
--- a/volatility/plugins/overlays/windows/windows64.py
+++ b/volatility/plugins/overlays/windows/windows64.py
@@ -21,6 +21,9 @@
 import copy
 import volatility.obj as obj
 import volatility.plugins.overlays.windows.windows as windows
+import volatility.plugins.overlays.windows.pe_vtypes as pe_vtypes
+import volatility.registry as registry
+import volatility.debug as debug
 
 # File-wide pylint message disable because we have a few situations where we access structs starting _
 #pylint: disable-msg=W0212
@@ -38,6 +41,11 @@ def __call__(self, name, typeList, typeDict = None):
 class _EX_FAST_REF(windows._EX_FAST_REF):
     MAX_FAST_REF = 15
 
+class LIST_ENTRY32(windows._LIST_ENTRY):
+    """the LDR member is an unsigned long not a Pointer as regular LIST_ENTRY"""
+    def get_next_entry(self, member):
+        return obj.Object("LIST_ENTRY32", offset = self.m(member).v(), vm = self.obj_vm)
+
 class ExFastRefx64(obj.ProfileModification):
     before = ['WindowsOverlay', 'WindowsObjectClasses']
     conditions = {'os': lambda x : x == 'windows',
@@ -78,3 +86,65 @@ def modification(self, profile):
         # and therefore can't just be instantiated in object_classes
         # using profile.object_classes.update({'pointer64': obj.Pointer})
         profile._list_to_type = Pointer64Decorator(profile._list_to_type)
+
+class WinPeb32(obj.ProfileModification):
+    conditions = {'os': lambda x: x == 'windows',
+                  'memory_model': lambda x: x == '64bit'}
+
+    before = ['WinPEVTypes', 'WinPEx64VTypes', 'WinPEObjectClasses', 'WindowsObjectClasses']
+
+    def cast_as_32bit(self, source_vtype):
+        vtype = copy.copy(source_vtype)
+        # the members of the structure
+        members = vtype[1]
+
+        mapping = {
+            "pointer": "pointer32",
+            "_UNICODE_STRING": "_UNICODE32_STRING",
+            "_LIST_ENTRY": "LIST_ENTRY32",
+        }
+
+        for name, member in members.items():
+            datatype = member[1][0]
+
+            if datatype in mapping:
+                member[1][0] = mapping[datatype]
+
+        return vtype
+
+    def modification(self, profile):
+        profiles = registry.get_plugin_classes(obj.Profile)
+        meta = profile.metadata
+
+        # find the equivalent 32-bit profile to this 64-bit profile
+        profile_32bit = None
+        for prof in profiles.values():
+            if (prof._md_major == meta.get("major") and
+                            prof._md_minor == meta.get("minor") and
+                            prof._md_build == meta.get("build") and
+                            prof._md_memory_model == "32bit"):
+
+                profile_32bit = prof()
+                break
+
+        if profile_32bit == None:
+            debug.warning("Cannot find a 32-bit equivalent profile. The "\
+                "WoW64 plugins (dlllist, ldrmodules, etc) may not work.")
+            return
+
+        profile.vtypes.update({
+            "_PEB32_LDR_DATA": self.cast_as_32bit(profile_32bit.vtypes["_PEB_LDR_DATA"]),
+            "_LDR32_DATA_TABLE_ENTRY": self.cast_as_32bit(profile_32bit.vtypes["_LDR_DATA_TABLE_ENTRY"]),
+            '_UNICODE32_STRING': self.cast_as_32bit(profile_32bit.vtypes["_UNICODE_STRING"]),
+        })
+
+        profile.object_classes.update({
+            "_LDR32_DATA_TABLE_ENTRY": pe_vtypes._LDR_DATA_TABLE_ENTRY,
+            "_UNICODE32_STRING": windows._UNICODE_STRING,
+            "LIST_ENTRY32": LIST_ENTRY32,
+        })
+
+        profile.merge_overlay({
+            '_PEB32': [None, {
+                'Ldr': [None, ['pointer32', ['_PEB32_LDR_DATA']]],
+        }]})
\ No newline at end of file

From dda318a012536a6dde6dd1c324ee132728281ee8 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 14 Nov 2017 08:19:05 -0600
Subject: [PATCH 174/304] Add back the bool() cast on IsWow64()

---
 volatility/plugins/overlays/windows/windows.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index 311591e97..73d8d0e45 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -496,7 +496,7 @@ def Wow64Process(self):
     @property
     def IsWow64(self):
         """Returns True if this is a wow64 process"""
-        return self.Wow64Process.is_valid()
+        return bool(self.Wow64Process.is_valid())
 
     @property
     def SessionId(self):

From 9dfa58d4244dc29510a145bc4d126f59bdf4d5fb Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 14 Nov 2017 09:49:51 -0600
Subject: [PATCH 175/304] Update impscan to be more backwards compatible for
 plugins that call impscan's methods (is_wow64 is now an optional keyword arg
 with a default of False)

---
 volatility/plugins/malware/impscan.py | 35 ++++++++++++---------------
 1 file changed, 15 insertions(+), 20 deletions(-)

diff --git a/volatility/plugins/malware/impscan.py b/volatility/plugins/malware/impscan.py
index f56071a12..83f823b4b 100644
--- a/volatility/plugins/malware/impscan.py
+++ b/volatility/plugins/malware/impscan.py
@@ -62,9 +62,6 @@ def __init__(self, config, *args, **kwargs):
         config.add_option('SIZE', short_option = 's', default = None,
                           help = 'Size of memory to scan',
                           action = 'store', type = 'int')
-        ## FIXME. ImpScan currently does not work on wow64 processes. 
-        ## Add an option to override the profile's memory_model and 
-        ## allow 32bit disasm on x64 operating systems. 
 
         self.forwarded_imports = {
             "RtlGetLastWin32Error" : "kernel32.dll!GetLastError",
@@ -117,7 +114,7 @@ def _call_or_unc_jmp(self, op):
                 op.mnemonic == "JMP"))
 
     def _vicinity_scan(self, addr_space, calls_imported,
-                apis, base_address, data_len, is_wow64, addr_type, forward):
+                apis, base_address, data_len, is_wow64 = False, forward = True):
         """Scan forward from the lowest IAT entry found or
         backward from the highest IAT entry found. We do this 
         because not every imported function will be called 
@@ -129,7 +126,8 @@ def _vicinity_scan(self, addr_space, calls_imported,
         @param apis: dictionary of exported functions in the AS 
         @param base_address: memory base address 
         @param data_len: size in bytes to check from base_address
-        @param forwared: the direction for the vicinity scan
+        @param is_wow64: True if its a Wow64 process
+        @param forward: the direction for the vicinity scan
         """
 
         sortedlist = calls_imported.keys()
@@ -139,9 +137,11 @@ def _vicinity_scan(self, addr_space, calls_imported,
             return
 
         if is_wow64:
-            size_of_address = 4
+            addr_type = "int"
         else:
-            size_of_address = addr_space.profile.get_obj_size("address")
+            addr_type = "address"
+
+        size_of_address = addr_space.profile.get_obj_size(addr_type)
 
         if forward:
             start_addr = sortedlist[0]
@@ -193,7 +193,7 @@ def _original_import(self, mod_name, func_name):
         else:
             return mod_name, func_name
 
-    def call_scan(self, addr_space, base_address, data, is_wow64, addr_type):
+    def call_scan(self, addr_space, base_address, data, is_wow64 = False):
         """Disassemble a block of data and yield possible 
         calls to imported functions. We're looking for 
         instructions such as these:
@@ -214,7 +214,8 @@ def call_scan(self, addr_space, base_address, data, is_wow64, addr_type):
 
         @param addr_space: an AS to scan with
         @param base_address: memory base address
-        @param data: buffer of data found at base_address 
+        @param data: buffer of data found at base_address
+        @param is_wow64: True if its a Wow64 process
         """
 
         end_address = base_address + len(data)
@@ -223,8 +224,10 @@ def call_scan(self, addr_space, base_address, data, is_wow64, addr_type):
 
         if memory_model == '32bit' or is_wow64:
             mode = distorm3.Decode32Bits
+            addr_type = "int"
         else:
             mode = distorm3.Decode64Bits
+            addr_type = "address"
 
         for op in distorm3.DecomposeGenerator(base_address, data, mode):
             if not op.valid:
@@ -333,7 +336,6 @@ def calculate(self):
             if not all_mods:
                 debug.error("Cannot load DLLs in process AS")
 
-
             # If an address is supplied with a size, try to get
             # the size from the vad node. If neither are supplied, 
             # assume we should carve the main process executable. 
@@ -359,27 +361,20 @@ def calculate(self):
             apis = self.enum_apis(all_mods)
             addr_space = task_space
 
-        if is_wow64:
-            addr_type = "int"
-        else:
-            addr_type = "address"
-
         # This is a dictionary of confirmed API calls.
         calls_imported = dict(
                 (iat, call)
-                for (_, iat, call) in self.call_scan(addr_space, base_address, data, is_wow64, addr_type)
+                for (_, iat, call) in self.call_scan(addr_space, base_address, data, is_wow64)
                 if call in apis
                 )
 
         # Scan forward 
         self._vicinity_scan(addr_space,
-                calls_imported, apis, base_address, len(data), is_wow64, addr_type,
-                forward = True)
+                calls_imported, apis, base_address, len(data), is_wow64, forward = True)
 
         # Scan reverse 
         self._vicinity_scan(addr_space,
-                calls_imported, apis, base_address, len(data), is_wow64, addr_type,
-                forward = False)
+                calls_imported, apis, base_address, len(data), is_wow64, forward = False)
 
         for iat, call in sorted(calls_imported.items()):
             yield iat, call, apis[call][0], apis[call][1]

From 6c6d4039334dad31b5efcee07e85a209fd8a7102 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 14 Nov 2017 10:10:19 -0600
Subject: [PATCH 176/304] Before win10, Wow64Process points to user land, so
 is_valid() fails

---
 volatility/plugins/overlays/windows/windows.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index 73d8d0e45..9334aa6e6 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -496,7 +496,8 @@ def Wow64Process(self):
     @property
     def IsWow64(self):
         """Returns True if this is a wow64 process"""
-        return bool(self.Wow64Process.is_valid())
+        value = self.Wow64Process
+        return value != 0 and value != None
 
     @property
     def SessionId(self):

From 1e337dfb71522972a09b8534182fcaf989e10889 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 14 Nov 2017 13:13:09 -0600
Subject: [PATCH 177/304] In some cases, a PicoContext may be nonzero but still
 invalid (i.e. a terminated process)

---
 volatility/plugins/overlays/windows/windows.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index 4febe6c09..09d255585 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -456,7 +456,7 @@ def ImageFileName(self):
         # contain PicoContext, but in those cases it always
         # seems to be zeroed out
         if (len(name) == 0 and 
-                hasattr(self, "PicoContext") and self.PicoContext != 0):
+                hasattr(self, "PicoContext") and self.PicoContext.is_valid()):
             name = self.PicoContext.Name
         
         return name

From 5cc5d2a2b8e42537d69706560b1b48e341b7f924 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 15 Nov 2017 21:40:43 -0600
Subject: [PATCH 178/304] Add another condition to the WinPeb32 profile
 modification (profile must be windows)

---
 volatility/plugins/overlays/windows/windows64.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/windows64.py b/volatility/plugins/overlays/windows/windows64.py
index 481575353..eebad2b41 100644
--- a/volatility/plugins/overlays/windows/windows64.py
+++ b/volatility/plugins/overlays/windows/windows64.py
@@ -119,7 +119,8 @@ def modification(self, profile):
         # find the equivalent 32-bit profile to this 64-bit profile
         profile_32bit = None
         for prof in profiles.values():
-            if (prof._md_major == meta.get("major") and
+            if (prof._md_os == "windows" and
+                            prof._md_major == meta.get("major") and
                             prof._md_minor == meta.get("minor") and
                             prof._md_build == meta.get("build") and
                             prof._md_memory_model == "32bit"):

From f3c9dfee93a255693bc9a8b7c5deee5786157749 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Thu, 30 Nov 2017 10:44:03 -0600
Subject: [PATCH 179/304] The WinPeb32 profile modification wasn't being
 applied properly to some 64-bit server-based profiles

---
 volatility/plugins/overlays/windows/windows64.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/windows/windows64.py b/volatility/plugins/overlays/windows/windows64.py
index eebad2b41..3750ee598 100644
--- a/volatility/plugins/overlays/windows/windows64.py
+++ b/volatility/plugins/overlays/windows/windows64.py
@@ -116,13 +116,17 @@ def modification(self, profile):
         profiles = registry.get_plugin_classes(obj.Profile)
         meta = profile.metadata
 
-        # find the equivalent 32-bit profile to this 64-bit profile
+        # find the equivalent 32-bit profile to this 64-bit profile.
+        # the prof._md_build + 1 accounts for a poor decision we made
+        # a while back where we added + 1 to the build number for 
+        # server-based profiles as a method to distinguish between 
+        # client vs server in a plugin. 
         profile_32bit = None
         for prof in profiles.values():
             if (prof._md_os == "windows" and
                             prof._md_major == meta.get("major") and
                             prof._md_minor == meta.get("minor") and
-                            prof._md_build == meta.get("build") and
+                            ((prof._md_build == meta.get("build")) or (prof._md_build + 1 == meta.get("build"))) and
                             prof._md_memory_model == "32bit"):
 
                 profile_32bit = prof()

From b39d99392e49799438244fccffebaee9b57d3043 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 26 Dec 2017 14:28:15 -0600
Subject: [PATCH 180/304] Windows - add tighter constraints to SSDT validation

---
 volatility/plugins/ssdt.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/ssdt.py b/volatility/plugins/ssdt.py
index bb3823167..86d99a638 100644
--- a/volatility/plugins/ssdt.py
+++ b/volatility/plugins/ssdt.py
@@ -164,7 +164,7 @@ def calculate(self):
             for i, desc in enumerate(ssdt_obj.Descriptors):
                 # Apply some extra checks - KiServiceTable should reside in kernel memory and ServiceLimit 
                 # should be greater than 0 but not unbelievably high
-                if not desc.is_valid() or desc.ServiceLimit <= 0 or desc.ServiceLimit >= 0xFFFF or desc.KiServiceTable <= 0x80000000:
+                if not desc.is_valid() or desc.ServiceLimit <= 0 or desc.ServiceLimit >= 2048 or desc.KiServiceTable <= 0x80000000:
                     break
                 else:
                     tables.add((i, desc.KiServiceTable.v(), desc.ServiceLimit.v()))

From f74d0312c4dab254575516f9d7e7e71ed9c09706 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 8 Jan 2018 10:41:42 -0600
Subject: [PATCH 181/304] Linux - protect against corrupt inode pointers

---
 volatility/plugins/overlays/linux/linux.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 4f78e2a88..83ffc8c60 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -1164,10 +1164,14 @@ def is_suspicious(self):
 
     def info(self, task):
         if self.vm_file:
-            inode = self.vm_file.dentry.d_inode
-            major, minor = inode.i_sb.major, inode.i_sb.minor
-            ino = inode.i_ino
             pgoff = self.vm_pgoff << 12
+            
+            inode = self.vm_file.dentry.d_inode
+            if inode and inode.is_valid():
+                major, minor = inode.i_sb.major, inode.i_sb.minor
+                ino = inode.i_ino
+            else:
+                major, minor, ino = [0] * 3
         else:
             (major, minor, ino, pgoff) = [0] * 4
 

From ce100d39bc1d088594c11fc8c956eded55a4a48e Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 8 Jan 2018 20:45:34 -0600
Subject: [PATCH 182/304] Mac - update get_profile for new High Sierra profiles

---
 volatility/plugins/mac/get_profile.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index b5d4c1fb7..b3d83b55e 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -66,7 +66,18 @@
 ["MacSierra_10_12_5_16F73x64", 18446743523963562144, 18446743523964379136, 1],
 ["MacSierra_10_12_6_16G1036x64", 18446743523963564096, 18446743523964379136, 1],
 ["MacSierra_10_12_6_16G29x64", 18446743523963561936, 18446743523964379136, 1],
+["MacHighSierra_10_13_1_17B25cx64", 18446743523963490896, 18446743523964391424, 1],
+["MacHighSierra_10_13_1_17B35ax64", 18446743523963490832, 18446743523964391424, 1],
 ["MacHighSierra_10_13_1_17B48x64", 18446743523963490832, 18446743523964391424, 1],
+["MacHighSierra_10_13_2_17C88x64", 18446743523965584448, 18446743523966648320, 1],
+["MacHighSierra_10_13_2_Seed_17C60cx64", 18446743523965574112, 18446743523966648320, 1],
+["MacHighSierra_10_13_17A264cx64", 18446743523963492288, 18446743523964387328, 1],
+["MacHighSierra_10_13_17A291jx64", 18446743523963490112, 18446743523964387328, 1],
+["MacHighSierra_10_13_17A306fx64", 18446743523963487728, 18446743523964391424, 1],
+["MacHighSierra_10_13_17A315ix64", 18446743523963485344, 18446743523964391424, 1],
+["MacHighSierra_10_13_17A344bx64", 18446743523963492400, 18446743523964391424, 1],
+["MacHighSierra_10_13_17A352ax64", 18446743523963492416, 18446743523964391424, 1],
+["MacHighSierra_10_13_17A358ax64", 18446743523963492592, 18446743523964391424, 1],
 ["MacLeopard_10_5_3_Intelx86", 4850472, 1708032, 0],
 ["MacLeopard_10_5_4_Intelx86", 4850488, 1708032, 0],
 ["MacLeopard_10_5_5_Intelx86", 4850568, 1708032, 0],

From 049d1ff2b9f212cf84afc8ec48275619dc96a387 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 8 Jan 2018 21:00:13 -0600
Subject: [PATCH 183/304] Mac - add collision set for 10.13.1

---
 volatility/plugins/mac/get_profile.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index b3d83b55e..d9561e72d 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -142,7 +142,12 @@
     "MacSierra_10_12_2_16C67x64"  : "Thu Nov 17 20:23:58",
 }
 
-collision_sets = [collisions_10_8_5, collisions_10_12_2]
+collisions_10_13_1 = {
+    "MacHighSierra_10_13_1_17B35ax64" : "1 00:46:50 PDT",
+    "MacHighSierra_10_13_1_17B48x64"  : "Sep 29 18:27:05 PDT",
+}
+
+collision_sets = [collisions_10_8_5, collisions_10_12_2, collisions_10_13_1]
 
 class catfishScan(scan.BaseScanner):
     """ Scanner for Catfish string for Mountain Lion """

From 4fc4a4b02d3dd1235dc476fb0f02414a2ef671ed Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Wed, 10 Jan 2018 10:12:11 -0600
Subject: [PATCH 184/304] Windows - Add profiles for Windows 7 build 24000

---
 .../windows/win7_sp1_x64_24000_vtypes.py      | 9320 +++++++++++++++++
 .../windows/win7_sp1_x86_24000_vtypes.py      | 8880 ++++++++++++++++
 2 files changed, 18200 insertions(+)
 create mode 100644 volatility/plugins/overlays/windows/win7_sp1_x64_24000_vtypes.py
 create mode 100644 volatility/plugins/overlays/windows/win7_sp1_x86_24000_vtypes.py

diff --git a/volatility/plugins/overlays/windows/win7_sp1_x64_24000_vtypes.py b/volatility/plugins/overlays/windows/win7_sp1_x64_24000_vtypes.py
new file mode 100644
index 000000000..206c5f289
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win7_sp1_x64_24000_vtypes.py
@@ -0,0 +1,9320 @@
+ntkrnlmp_types = {
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x28, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+    'ActualLimit' : [ 0x20, ['unsigned long long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMWSLENTRY' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_INTERLOCK_SEQ' : [ 0x8, {
+    'Depth' : [ 0x0, ['unsigned short']],
+    'FreeEntryOffset' : [ 0x2, ['unsigned short']],
+    'OffsetAndDepth' : [ 0x0, ['unsigned long']],
+    'Sequence' : [ 0x4, ['unsigned long']],
+    'Exchg' : [ 0x0, ['long long']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_PEB32' : [ 0x248, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsLegacyProcess' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'HotpatchInformation' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['unsigned long']],
+    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
+    'FlsBitmap' : [ 0x218, ['unsigned long']],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pContextData' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_KBUGCHECK_ACTIVE_STATE' : [ 0x4, {
+    'BugCheckState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'BugCheckOwner' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['long']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_SYSTEM_IDLE' : [ 0x38, {
+    'AverageIdleness' : [ 0x0, ['long']],
+    'LowestIdleness' : [ 0x4, ['long']],
+    'Time' : [ 0x8, ['unsigned long']],
+    'Timeout' : [ 0xc, ['unsigned long']],
+    'LastUserInput' : [ 0x10, ['unsigned long']],
+    'Action' : [ 0x14, ['POWER_ACTION_POLICY']],
+    'MinState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SystemRequired' : [ 0x24, ['unsigned char']],
+    'IdleWorker' : [ 0x25, ['unsigned char']],
+    'Sampling' : [ 0x26, ['unsigned char']],
+    'LastTick' : [ 0x28, ['unsigned long long']],
+    'LastSystemRequiredTime' : [ 0x30, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x18, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x18, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x8, ['pointer64', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x10, ['long']],
+    'MissedMappingsCount' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2063' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2065' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2067' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2069' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_2067']],
+    'Translated' : [ 0x0, ['__unnamed_2065']],
+} ],
+  '__unnamed_206b' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_206d' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_206f' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2071' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2073' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2075' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2077' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_2063']],
+    'Port' : [ 0x0, ['__unnamed_2063']],
+    'Interrupt' : [ 0x0, ['__unnamed_2065']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2069']],
+    'Memory' : [ 0x0, ['__unnamed_2063']],
+    'Dma' : [ 0x0, ['__unnamed_206b']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_1f37']],
+    'BusNumber' : [ 0x0, ['__unnamed_206d']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_206f']],
+    'Memory40' : [ 0x0, ['__unnamed_2071']],
+    'Memory48' : [ 0x0, ['__unnamed_2073']],
+    'Memory64' : [ 0x0, ['__unnamed_2075']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2077']],
+} ],
+  '__unnamed_207c' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_207c']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_2086' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x8, ['__unnamed_2086']],
+} ],
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x48, {
+    'Parent' : [ 0x0, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x8, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x10, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0x18, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2090' : [ 0x8, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long long')]],
+    'Parent' : [ 0x0, ['pointer64', ['_MMSUBSECTION_NODE']]],
+} ],
+  '_MMSUBSECTION_NODE' : [ 0x28, {
+    'u' : [ 0x0, ['__unnamed_1fef']],
+    'StartingSector' : [ 0x4, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0x10, ['__unnamed_2090']],
+    'LeftChild' : [ 0x18, ['pointer64', ['_MMSUBSECTION_NODE']]],
+    'RightChild' : [ 0x20, ['pointer64', ['_MMSUBSECTION_NODE']]],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2098' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_209a' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2098']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x58, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'Volume' : [ 0x40, ['_LIST_ENTRY']],
+    'Specific' : [ 0x50, ['__unnamed_209a']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x68, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'KernelApcInProgress' : [ 0x28, ['unsigned char']],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPending' : [ 0x2a, ['unsigned char']],
+} ],
+  '_IA64_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x300, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x80, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x88, ['unsigned long']],
+    'LastCallbackId' : [ 0x8c, ['unsigned long']],
+    'PostCount' : [ 0x100, ['unsigned long']],
+    'ReturnCount' : [ 0x180, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x200, ['unsigned long']],
+    'UserLock' : [ 0x280, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x288, ['unsigned long long']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_DEVICE_MAP' : [ 0x40, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+} ],
+  '_HEAP_DEBUGGING_INFORMATION' : [ 0x30, {
+    'InterceptorFunction' : [ 0x0, ['pointer64', ['void']]],
+    'InterceptorValue' : [ 0x8, ['unsigned short']],
+    'ExtendedOptions' : [ 0xc, ['unsigned long']],
+    'StackTraceDepth' : [ 0x10, ['unsigned long']],
+    'MinTotalBlockSize' : [ 0x18, ['unsigned long long']],
+    'MaxTotalBlockSize' : [ 0x20, ['unsigned long long']],
+    'HeapLeakEnumerationRoutine' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MMBANKED_SECTION' : [ 0x38, {
+    'BasePhysicalPage' : [ 0x0, ['unsigned long long']],
+    'BasedPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BankSize' : [ 0x10, ['unsigned long']],
+    'BankShift' : [ 0x14, ['unsigned long']],
+    'BankedRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'CurrentMappedPte' : [ 0x28, ['pointer64', ['_MMPTE']]],
+    'BankTemplate' : [ 0x30, ['array', 1, ['_MMPTE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['array', 7, ['unsigned long long']]],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x68, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x38, ['_WORK_QUEUE_ITEM']],
+    'FailingDriver' : [ 0x58, ['pointer64', ['_DRIVER_OBJECT']]],
+    'ReferenceCount' : [ 0x60, ['long']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  '_SECTION_OBJECT' : [ 0x30, {
+    'StartingVa' : [ 0x0, ['pointer64', ['void']]],
+    'EndingVa' : [ 0x8, ['pointer64', ['void']]],
+    'Parent' : [ 0x10, ['pointer64', ['void']]],
+    'LeftChild' : [ 0x18, ['pointer64', ['void']]],
+    'RightChild' : [ 0x20, ['pointer64', ['void']]],
+    'Segment' : [ 0x28, ['pointer64', ['_SEGMENT_OBJECT']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['unsigned long']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2116' : [ 0x4, {
+    'AsULONG' : [ 0x0, ['unsigned long']],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_PERF_STATES' : [ 0xb0, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxFrequency' : [ 0x4, ['unsigned long']],
+    'PStateCap' : [ 0x8, ['unsigned long']],
+    'TStateCap' : [ 0xc, ['unsigned long']],
+    'MaxPerfState' : [ 0x10, ['unsigned long']],
+    'MinPerfState' : [ 0x14, ['unsigned long']],
+    'LowestPState' : [ 0x18, ['unsigned long']],
+    'IncreaseTime' : [ 0x1c, ['unsigned long']],
+    'DecreaseTime' : [ 0x20, ['unsigned long']],
+    'BusyAdjThreshold' : [ 0x24, ['unsigned char']],
+    'Reserved' : [ 0x25, ['unsigned char']],
+    'ThrottleStatesOnly' : [ 0x26, ['unsigned char']],
+    'PolicyType' : [ 0x27, ['unsigned char']],
+    'TimerInterval' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['__unnamed_2116']],
+    'TargetProcessors' : [ 0x30, ['_KAFFINITY_EX']],
+    'PStateHandler' : [ 0x58, ['pointer64', ['void']]],
+    'PStateContext' : [ 0x60, ['unsigned long long']],
+    'TStateHandler' : [ 0x68, ['pointer64', ['void']]],
+    'TStateContext' : [ 0x70, ['unsigned long long']],
+    'FeedbackHandler' : [ 0x78, ['pointer64', ['void']]],
+    'GetFFHThrottleState' : [ 0x80, ['pointer64', ['void']]],
+    'State' : [ 0x88, ['array', 1, ['_PPM_PERF_STATE']]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
+} ],
+  '_WMI_TRACE_PACKET' : [ 0x4, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HookId' : [ 0x2, ['unsigned short']],
+    'Type' : [ 0x2, ['unsigned char']],
+    'Group' : [ 0x3, ['unsigned char']],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x70, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CriticalSection' : [ 0x8, ['_RTL_CRITICAL_SECTION']],
+    'RtlHandleTable' : [ 0x30, ['_RTL_HANDLE_TABLE']],
+    'NumberOfBuckets' : [ 0x60, ['unsigned long']],
+    'Buckets' : [ 0x68, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POP_POWER_ACTION' : [ 0xc0, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'ProgrammedRTCTime' : [ 0x58, ['unsigned long long']],
+    'WakeOnRTC' : [ 0x60, ['unsigned char']],
+    'WakeTimerInfo' : [ 0x68, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+    'FilteredCapabilities' : [ 0x70, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['unsigned short']]],
+    'DriverName' : [ 0x50, ['pointer64', ['unsigned short']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x228, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTransitions' : [ 0x8, ['unsigned long']],
+    'FailedTransitions' : [ 0xc, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x10, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'IdleTimeBuckets' : [ 0x28, ['array', 16, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2158' : [ 0x4, {
+    'Level' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_215a' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_2158']],
+    'Button' : [ 0x10, ['__unnamed_215a']],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0x148, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x18, ['pointer64', ['void']]],
+    'EmInfFileSize' : [ 0x20, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x28, ['pointer64', ['void']]],
+    'LoaderPagesSpanned' : [ 0x30, ['unsigned long long']],
+    'HeadlessLoaderBlock' : [ 0x38, ['pointer64', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x40, ['pointer64', ['_SMBIOS_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x48, ['pointer64', ['void']]],
+    'DrvDBSize' : [ 0x50, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x58, ['pointer64', ['_NETWORK_LOADER_BLOCK']]],
+    'FirmwareDescriptorListHead' : [ 0x60, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x70, ['pointer64', ['void']]],
+    'AcpiTableSize' : [ 0x78, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x7c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x7c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x7c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'FeatureSettings' : [ 0x7c, ['BitField', dict(start_bit = 3, end_bit = 9, native_type='unsigned long')]],
+    'Reserved' : [ 0x7c, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x80, ['pointer64', ['_LOADER_PERFORMANCE_DATA']]],
+    'BootApplicationPersistentData' : [ 0x88, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0x98, ['pointer64', ['void']]],
+    'BootIdentifier' : [ 0xa0, ['_GUID']],
+    'ResumePages' : [ 0xb0, ['unsigned long']],
+    'DumpHeader' : [ 0xb8, ['pointer64', ['void']]],
+    'BgContext' : [ 0xc0, ['pointer64', ['void']]],
+    'NumaLocalityInfo' : [ 0xc8, ['pointer64', ['void']]],
+    'NumaGroupAssignment' : [ 0xd0, ['pointer64', ['void']]],
+    'AttachedHives' : [ 0xd8, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0xe8, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0xf0, ['pointer64', ['void']]],
+    'TpmBootEntropyResult' : [ 0xf8, ['_TPM_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0x140, ['unsigned long long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x400, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ALPC_MESSAGE_ZONE' : [ 0x30, {
+    'Mdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x8, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'SystemLimit' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_PROC_HISTORY_ENTRY' : [ 0x4, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'Frequency' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xd8, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_POOL_HEADER' : [ 0x10, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'BlockSize' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'PoolType' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+    'PoolTagHash' : [ 0xa, ['unsigned short']],
+} ],
+  '_ETW_PROVIDER_TABLE_ENTRY' : [ 0x18, {
+    'RefCount' : [ 0x0, ['long']],
+    'State' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'EtwProviderStateFree', 1: 'EtwProviderStateTransition', 2: 'EtwProviderStateActive', 3: 'EtwProviderStateMax'})]],
+    'RegEntry' : [ 0x8, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'Caller' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PEB64' : [ 0x380, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsLegacyProcess' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'HotpatchInformation' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['unsigned long long']],
+    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
+    'FlsBitmap' : [ 0x338, ['unsigned long long']],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pContextData' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_21ff' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x1f80, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_21ff']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'LastProcessSwappedOutTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'SessionPageDirectoryIndex' : [ 0x28, ['unsigned long long']],
+    'NonPagablePages' : [ 0x30, ['unsigned long long']],
+    'CommittedPages' : [ 0x38, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x40, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x50, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x58, ['pointer64', ['void']]],
+    'ResidentProcessCount' : [ 0x60, ['long']],
+    'SessionPoolAllocationFailures' : [ 0x64, ['array', 4, ['unsigned long']]],
+    'ImageList' : [ 0x78, ['_LIST_ENTRY']],
+    'LocaleId' : [ 0x88, ['unsigned long']],
+    'AttachCount' : [ 0x8c, ['unsigned long']],
+    'AttachGate' : [ 0x90, ['_KGATE']],
+    'WsListEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0xc0, ['array', 21, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xb40, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xb98, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xc00, ['_MMSUPPORT']],
+    'Wsle' : [ 0xc90, ['pointer64', ['_MMWSLE']]],
+    'DriverUnload' : [ 0xc98, ['pointer64', ['void']]],
+    'PagedPool' : [ 0xcc0, ['_POOL_DESCRIPTOR']],
+    'PageDirectory' : [ 0x1e00, ['_MMPTE']],
+    'SessionVaLock' : [ 0x1e08, ['_KGUARDED_MUTEX']],
+    'DynamicVaBitMap' : [ 0x1e40, ['_RTL_BITMAP']],
+    'DynamicVaHint' : [ 0x1e50, ['unsigned long']],
+    'SpecialPool' : [ 0x1e58, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1ea0, ['_KGUARDED_MUTEX']],
+    'PoolBigEntriesInUse' : [ 0x1ed8, ['long']],
+    'PagedPoolPdeCount' : [ 0x1edc, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1ee0, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1ee4, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1ee8, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1f30, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1f38, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x1f40, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1f48, ['unsigned long long']],
+    'IoState' : [ 0x1f50, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1f54, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1f58, ['_KEVENT']],
+    'CreateTime' : [ 0x1f70, ['unsigned long long']],
+    'CpuQuotaBlock' : [ 0x1f78, ['pointer64', ['_PS_CPU_QUOTA_BLOCK']]],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Rom' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SetMappedFileIoComplete' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CollidedFlush' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x68, {
+    'Mutex' : [ 0x0, ['_KGUARDED_MUTEX']],
+    'PagedPoolAllocationMap' : [ 0x38, ['_RTL_BITMAP']],
+    'FirstPteForPagedPool' : [ 0x48, ['pointer64', ['_MMPTE']]],
+    'PagedPoolHint' : [ 0x50, ['unsigned long']],
+    'PagedPoolCommit' : [ 0x58, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x60, ['unsigned long long']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'FeedbackHandler' : [ 0x40, ['pointer64', ['void']]],
+    'GetFFHThrottleState' : [ 0x48, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0x50, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x58, ['pointer64', ['void']]],
+    'PerfHandler' : [ 0x60, ['pointer64', ['void']]],
+    'Processors' : [ 0x68, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'PerfChangeTime' : [ 0x70, ['unsigned long long']],
+    'ProcessorCount' : [ 0x78, ['unsigned long']],
+    'PreviousFrequencyMhz' : [ 0x7c, ['unsigned long']],
+    'CurrentFrequencyMhz' : [ 0x80, ['unsigned long']],
+    'PreviousFrequency' : [ 0x84, ['unsigned long']],
+    'CurrentFrequency' : [ 0x88, ['unsigned long']],
+    'CurrentPerfContext' : [ 0x8c, ['unsigned long']],
+    'DesiredFrequency' : [ 0x90, ['unsigned long']],
+    'MaxFrequency' : [ 0x94, ['unsigned long']],
+    'MinPerfPercent' : [ 0x98, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x9c, ['unsigned long']],
+    'MaxPercent' : [ 0xa0, ['unsigned long']],
+    'MinPercent' : [ 0xa4, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0xa8, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0xac, ['unsigned long']],
+    'Coordination' : [ 0xb0, ['unsigned char']],
+    'PerfChangeIntervalCount' : [ 0xb4, ['long']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_RELATION_LIST' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'TagCount' : [ 0x4, ['unsigned long']],
+    'FirstLevel' : [ 0x8, ['unsigned long']],
+    'MaxLevel' : [ 0xc, ['unsigned long']],
+    'Entries' : [ 0x10, ['array', 1, ['pointer64', ['_RELATION_LIST_ENTRY']]]],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x48, {
+    'PteBase' : [ 0x0, ['pointer64', ['_MMPTE']]],
+    'Lock' : [ 0x8, ['unsigned long long']],
+    'Paged' : [ 0x10, ['_MI_SPECIAL_POOL_PTE_LIST']],
+    'NonPaged' : [ 0x20, ['_MI_SPECIAL_POOL_PTE_LIST']],
+    'PagesInUse' : [ 0x30, ['long long']],
+    'SpecialPoolPdes' : [ 0x38, ['_RTL_BITMAP']],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_KGUARDED_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_PPM_PERF_STATE' : [ 0x28, {
+    'Frequency' : [ 0x0, ['unsigned long']],
+    'Power' : [ 0x4, ['unsigned long']],
+    'PercentFrequency' : [ 0x8, ['unsigned char']],
+    'IncreaseLevel' : [ 0x9, ['unsigned char']],
+    'DecreaseLevel' : [ 0xa, ['unsigned char']],
+    'Type' : [ 0xb, ['unsigned char']],
+    'Control' : [ 0x10, ['unsigned long long']],
+    'Status' : [ 0x18, ['unsigned long long']],
+    'TotalHitCount' : [ 0x20, ['unsigned long']],
+    'DesiredCount' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KDPC_DATA' : [ 0x20, {
+    'DpcListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_228d' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_228f' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_228d']],
+    'Merged' : [ 0x10, ['__unnamed_228f']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '__unnamed_2297' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_2297']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_MSUBSECTION' : [ 0x70, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'NextMappedSubsection' : [ 0x10, ['pointer64', ['_MSUBSECTION']]],
+    'PtesInSubsection' : [ 0x18, ['unsigned long']],
+    'UnusedPtes' : [ 0x20, ['unsigned long']],
+    'GlobalPerSessionHead' : [ 0x20, ['pointer64', ['_MM_AVL_TABLE']]],
+    'u' : [ 0x28, ['__unnamed_1fef']],
+    'StartingSector' : [ 0x2c, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x30, ['unsigned long']],
+    'u1' : [ 0x38, ['__unnamed_2090']],
+    'LeftChild' : [ 0x40, ['pointer64', ['_MMSUBSECTION_NODE']]],
+    'RightChild' : [ 0x48, ['pointer64', ['_MMSUBSECTION_NODE']]],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x70, {
+    'GetTime' : [ 0x0, ['unsigned long long']],
+    'SetTime' : [ 0x8, ['unsigned long long']],
+    'GetWakeupTime' : [ 0x10, ['unsigned long long']],
+    'SetWakeupTime' : [ 0x18, ['unsigned long long']],
+    'SetVirtualAddressMap' : [ 0x20, ['unsigned long long']],
+    'ConvertPointer' : [ 0x28, ['unsigned long long']],
+    'GetVariable' : [ 0x30, ['unsigned long long']],
+    'GetNextVariableName' : [ 0x38, ['unsigned long long']],
+    'SetVariable' : [ 0x40, ['unsigned long long']],
+    'GetNextHighMonotonicCount' : [ 0x48, ['unsigned long long']],
+    'ResetSystem' : [ 0x50, ['unsigned long long']],
+    'UpdateCapsule' : [ 0x58, ['unsigned long long']],
+    'QueryCapsuleCapabilities' : [ 0x60, ['unsigned long long']],
+    'QueryVariableInfo' : [ 0x68, ['unsigned long long']],
+} ],
+  '_MI_SPECIAL_POOL_PTE_LIST' : [ 0x10, {
+    'FreePteHead' : [ 0x0, ['_MMPTE']],
+    'FreePteTail' : [ 0x8, ['_MMPTE']],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'spare2' : [ 0x12, ['array', 3, ['unsigned char']]],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'spare3' : [ 0x16, ['array', 8, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_22ad' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+} ],
+  '__unnamed_22b1' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x50, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_22ad']],
+    'u2' : [ 0x38, ['__unnamed_22b1']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+    'ThePtes' : [ 0x48, ['array', 1, ['_MMPTE']]],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_22ba' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_22bc' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_22ba']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x100, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_22bc']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'PoolPageHeaders' : [ 0x30, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x40, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x50, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x54, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x5c, ['unsigned long']],
+    'PagedBytes' : [ 0x60, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x70, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x80, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x84, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x88, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x8c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x90, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x94, ['unsigned long']],
+    'LockedBytes' : [ 0x98, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xa0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xc0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xd0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xe8, ['_LIST_ENTRY']],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'UlongFlags' : [ 0x0, ['unsigned long']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'ReadAheadSpinLock' : [ 0x48, ['unsigned long long']],
+    'PrivateLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'Spare' : [ 0xc, ['unsigned long']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_TPM_BOOT_ENTROPY_LDR_RESULT' : [ 0x48, {
+    'Policy' : [ 0x0, ['unsigned long long']],
+    'ResultCode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'TpmBootEntropyStructureUninitialized', 1: 'TpmBootEntropyDisabledByPolicy', 2: 'TpmBootEntropyNoTpmFound', 3: 'TpmBootEntropyTpmError', 4: 'TpmBootEntropySuccess'})]],
+    'ResultStatus' : [ 0xc, ['long']],
+    'Time' : [ 0x10, ['unsigned long long']],
+    'EntropyLength' : [ 0x18, ['unsigned long']],
+    'EntropyData' : [ 0x1c, ['array', 40, ['unsigned char']]],
+} ],
+  '_RTL_HANDLE_TABLE' : [ 0x30, {
+    'MaximumNumberOfHandles' : [ 0x0, ['unsigned long']],
+    'SizeOfHandleTableEntry' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['array', 2, ['unsigned long']]],
+    'FreeHandles' : [ 0x10, ['pointer64', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'CommittedHandles' : [ 0x18, ['pointer64', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'UnCommittedHandles' : [ 0x20, ['pointer64', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'MaxReservedHandles' : [ 0x28, ['pointer64', ['_RTL_HANDLE_TABLE_ENTRY']]],
+} ],
+  '_PTE_TRACKER' : [ 0x58, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'CallingAddress' : [ 0x48, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x20, {
+    'BlockAddress' : [ 0x0, ['unsigned long long']],
+    'BinAddress' : [ 0x8, ['unsigned long long']],
+    'CmView' : [ 0x10, ['pointer64', ['_CM_VIEW_OF_FILE']]],
+    'MemAlloc' : [ 0x18, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x18, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'ReferenceCount' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['unsigned char']],
+    'NameLength' : [ 0xf, ['unsigned char']],
+    'Name' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x10, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMSESSION' : [ 0x58, {
+    'SystemSpaceViewLock' : [ 0x0, ['_KGUARDED_MUTEX']],
+    'SystemSpaceViewLockPointer' : [ 0x38, ['pointer64', ['_KGUARDED_MUTEX']]],
+    'SystemSpaceViewTable' : [ 0x40, ['pointer64', ['_MMVIEW']]],
+    'SystemSpaceHashSize' : [ 0x48, ['unsigned long']],
+    'SystemSpaceHashEntries' : [ 0x4c, ['unsigned long']],
+    'SystemSpaceHashKey' : [ 0x50, ['unsigned long']],
+    'BitmapFailures' : [ 0x54, ['unsigned long']],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'Index' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned short']],
+    'EnableMask' : [ 0x34, ['unsigned char']],
+    'GroupEnableMask' : [ 0x35, ['unsigned char']],
+    'UseDescriptorType' : [ 0x36, ['unsigned char']],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'ReplyQueue' : [ 0x38, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x38, ['array', 4, ['pointer64', ['_ETW_REG_ENTRY']]]],
+    'Process' : [ 0x58, ['pointer64', ['_EPROCESS']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x60, ['pointer64', ['void']]],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x2f8, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'GetNewDeviceList' : [ 0x30, ['unsigned char']],
+    'Order' : [ 0x38, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x2d0, ['_LIST_ENTRY']],
+    'Status' : [ 0x2e0, ['long']],
+    'FailedDevice' : [ 0x2e8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x2f0, ['unsigned char']],
+    'Cancelled' : [ 0x2f1, ['unsigned char']],
+    'IgnoreErrors' : [ 0x2f2, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x2f3, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x2f4, ['unsigned char']],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'ExtraSharedWowSubsections' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WatchProto' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'FloppyMedia' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DefaultProtectionMask' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 22, native_type='unsigned long')]],
+    'Binary32' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ContainsDebug' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x58, {
+    'WorkerQueue' : [ 0x0, ['_KQUEUE']],
+    'DynamicThreadCount' : [ 0x40, ['unsigned long']],
+    'WorkItemsProcessed' : [ 0x44, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x48, ['unsigned long']],
+    'QueueDepthLastPass' : [ 0x4c, ['unsigned long']],
+    'Info' : [ 0x50, ['EX_QUEUE_WORKER_INFO']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0xfe4, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'SystemReserved1' : [ 0xcc, ['array', 54, ['unsigned long']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'SpareBytes' : [ 0x1ac, ['array', 36, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'EtwLocalData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'SoftPatchPtr1' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'SpareUlong0' : [ 0xfdc, ['unsigned long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x60, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'IdleCheck' : [ 0x28, ['pointer64', ['void']]],
+    'IdleHandler' : [ 0x30, ['pointer64', ['void']]],
+    'HvConfig' : [ 0x38, ['unsigned long long']],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Latency' : [ 0x48, ['unsigned long']],
+    'Power' : [ 0x4c, ['unsigned long']],
+    'TimeCheck' : [ 0x50, ['unsigned long']],
+    'StateFlags' : [ 0x54, ['unsigned long']],
+    'PromotePercent' : [ 0x58, ['unsigned char']],
+    'DemotePercent' : [ 0x59, ['unsigned char']],
+    'PromotePercentBase' : [ 0x5a, ['unsigned char']],
+    'DemotePercentBase' : [ 0x5b, ['unsigned char']],
+    'StateType' : [ 0x5c, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_2345' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x40, {
+    'Lock' : [ 0x0, ['long']],
+    'NodeToFree' : [ 0x8, ['pointer64', ['void']]],
+    'NodeRangeSize' : [ 0x10, ['unsigned long long']],
+    'NodeCount' : [ 0x18, ['unsigned long long']],
+    'Tables' : [ 0x20, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x28, ['unsigned long']],
+    'u1' : [ 0x2c, ['__unnamed_2345']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_ISR_THUNK' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_RELATION_LIST_ENTRY' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'Devices' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8168, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x8038, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x803c, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8040, ['unsigned long']],
+    'TotalReleases' : [ 0x8044, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x8048, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x804c, ['unsigned long']],
+    'Instigator' : [ 0x8050, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8058, ['unsigned long']],
+    'Participant' : [ 0x8060, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8160, ['long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x28, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SystemClass', 1: 'ProcessorClass', 2: 'CacheClass', 3: 'AdapterClass', 4: 'ControllerClass', 5: 'PeripheralClass', 6: 'MemoryClass', 7: 'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'ArcSystem', 1: 'CentralProcessor', 2: 'FloatingPointProcessor', 3: 'PrimaryIcache', 4: 'PrimaryDcache', 5: 'SecondaryIcache', 6: 'SecondaryDcache', 7: 'SecondaryCache', 8: 'EisaAdapter', 9: 'TcAdapter', 10: 'ScsiAdapter', 11: 'DtiAdapter', 12: 'MultiFunctionAdapter', 13: 'DiskController', 14: 'TapeController', 15: 'CdromController', 16: 'WormController', 17: 'SerialController', 18: 'NetworkController', 19: 'DisplayController', 20: 'ParallelController', 21: 'PointerController', 22: 'KeyboardController', 23: 'AudioController', 24: 'OtherController', 25: 'DiskPeripheral', 26: 'FloppyDiskPeripheral', 27: 'TapePeripheral', 28: 'ModemPeripheral', 29: 'MonitorPeripheral', 30: 'PrinterPeripheral', 31: 'PointerPeripheral', 32: 'KeyboardPeripheral', 33: 'TerminalPeripheral', 34: 'OtherPeripheral', 35: 'LinePeripheral', 36: 'NetworkPeripheral', 37: 'SystemMemory', 38: 'DockingInformation', 39: 'RealModeIrqRoutingTable', 40: 'RealModePCIEnumeration', 41: 'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer64', ['unsigned char']]],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_UOW' : [ 0x60, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x50, ['unsigned long']],
+    'OldValueCell' : [ 0x50, ['unsigned long']],
+    'NewValueCell' : [ 0x54, ['unsigned long']],
+    'UserFlags' : [ 0x50, ['unsigned long']],
+    'LastWriteTime' : [ 0x50, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x50, ['unsigned long']],
+    'OldChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x58, ['unsigned long']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2396' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2398' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2396']],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2398']],
+} ],
+  '_PSP_CPU_SHARE_CAPTURED_WEIGHT_DATA' : [ 0x8, {
+    'CapturedCpuShareWeight' : [ 0x0, ['unsigned long']],
+    'CapturedTotalWeight' : [ 0x4, ['unsigned long']],
+    'CombinedData' : [ 0x0, ['long long']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '__unnamed_23ab' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_23ab']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '_KIST_BASE_FRAME' : [ 0x20, {
+    'KernelGsBase' : [ 0x0, ['pointer64', ['_KPCR']]],
+    'IstStack' : [ 0x8, ['pointer64', ['_KIST_LINK_FRAME']]],
+    'PreviousGsBase' : [ 0x10, ['unsigned long long']],
+    'PreviousCr3' : [ 0x18, ['unsigned long long']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x48, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_HEAP_USERDATA_HEADER' : [ 0x20, {
+    'SFreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'SubSegment' : [ 0x0, ['pointer64', ['_HEAP_SUBSEGMENT']]],
+    'Reserved' : [ 0x8, ['pointer64', ['void']]],
+    'SizeIndex' : [ 0x10, ['unsigned long long']],
+    'Signature' : [ 0x18, ['unsigned long long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_DEFERRED_WRITE' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'GpValue' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0x70, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1b, {
+    'PerUserPolicy' : [ 0x0, ['array', 27, ['unsigned char']]],
+} ],
+  '__unnamed_2407' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2409' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_240d' : [ 0x8, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2411' : [ 0x10, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x8, ['unsigned char']],
+} ],
+  '__unnamed_2413' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2407']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2409']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_240d']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_2411']],
+    'Others' : [ 0x0, ['__unnamed_2413']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x110, {
+    'WriteToFile' : [ 0x0, ['unsigned char']],
+    'ReserveLoaderMemory' : [ 0x1, ['unsigned char']],
+    'ReserveFreeMemory' : [ 0x2, ['unsigned char']],
+    'Reset' : [ 0x3, ['unsigned char']],
+    'HiberFlags' : [ 0x4, ['unsigned char']],
+    'WroteHiberFile' : [ 0x5, ['unsigned char']],
+    'MapFrozen' : [ 0x6, ['unsigned char']],
+    'MemoryMap' : [ 0x8, ['_RTL_BITMAP']],
+    'DiscardedMemoryPages' : [ 0x18, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x28, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x38, ['unsigned long']],
+    'NextCloneRange' : [ 0x40, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x48, ['unsigned long long']],
+    'LoaderMdl' : [ 0x50, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x58, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x60, ['unsigned long long']],
+    'IoPages' : [ 0x68, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x70, ['unsigned long']],
+    'CurrentMcb' : [ 0x78, ['pointer64', ['void']]],
+    'DumpStack' : [ 0x80, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x88, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'PreferredIoWriteSize' : [ 0x90, ['unsigned long']],
+    'IoProgress' : [ 0x94, ['unsigned long']],
+    'HiberVa' : [ 0x98, ['unsigned long long']],
+    'HiberPte' : [ 0xa0, ['_LARGE_INTEGER']],
+    'Status' : [ 0xa8, ['long']],
+    'MemoryImage' : [ 0xb0, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'CompressionWorkspace' : [ 0xb8, ['pointer64', ['void']]],
+    'CompressedWriteBuffer' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'CompressedWriteBufferSize' : [ 0xc8, ['unsigned long']],
+    'MaxCompressedOutputSize' : [ 0xcc, ['unsigned long']],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'CompressionBlock' : [ 0xd8, ['pointer64', ['void']]],
+    'DmaIO' : [ 0xe0, ['pointer64', ['void']]],
+    'TemporaryHeap' : [ 0xe8, ['pointer64', ['void']]],
+    'BootLoaderLogMdl' : [ 0xf0, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0xf8, ['pointer64', ['_MDL']]],
+    'ResumeContext' : [ 0x100, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0x108, ['unsigned long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x110, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0xa0, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0xa8, ['pointer64', ['void']]],
+    'PointersLength' : [ 0xb0, ['unsigned long']],
+    'ModulePrefix' : [ 0xb8, ['pointer64', ['unsigned short']]],
+    'DriverList' : [ 0xc0, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0xd0, ['_STRING']],
+    'ProgMsg' : [ 0xe0, ['_STRING']],
+    'DoneMsg' : [ 0xf0, ['_STRING']],
+    'FileObject' : [ 0x100, ['pointer64', ['void']]],
+    'UsageType' : [ 0x108, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile'})]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_KIST_LINK_FRAME' : [ 0x20, {
+    'IstBaseFrame' : [ 0x0, ['pointer64', ['_KIST_BASE_FRAME']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'Reserved0' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x40, {
+    'ThreadHandle' : [ 0x0, ['pointer64', ['void']]],
+    'ThreadId' : [ 0x8, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x10, ['pointer64', ['void']]],
+    'Code' : [ 0x18, ['unsigned long']],
+    'Parameter1' : [ 0x20, ['unsigned long long']],
+    'Parameter2' : [ 0x28, ['unsigned long long']],
+    'Parameter3' : [ 0x30, ['unsigned long long']],
+    'Parameter4' : [ 0x38, ['unsigned long long']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_RTL_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NextFree' : [ 0x0, ['pointer64', ['_RTL_HANDLE_TABLE_ENTRY']]],
+} ],
+  '__unnamed_243c' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_243c']],
+} ],
+  '__unnamed_2440' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2440']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x128, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long']],
+    'HiberFlags' : [ 0x34, ['unsigned char']],
+    'spare' : [ 0x35, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x38, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'HiberPte' : [ 0x48, ['_LARGE_INTEGER']],
+    'NoFreePages' : [ 0x50, ['unsigned long']],
+    'FreeMapCheck' : [ 0x54, ['unsigned long']],
+    'WakeCheck' : [ 0x58, ['unsigned long']],
+    'FirstTablePage' : [ 0x60, ['unsigned long long']],
+    'PerfInfo' : [ 0x68, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0xc0, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0xc8, ['array', 1, ['unsigned long long']]],
+    'NoBootLoaderLogPages' : [ 0xd0, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0xd8, ['array', 8, ['unsigned long long']]],
+    'NotUsed' : [ 0x118, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x11c, ['unsigned long']],
+    'ResumeContextPages' : [ 0x120, ['unsigned long']],
+} ],
+  'EX_QUEUE_WORKER_INFO' : [ 0x4, {
+    'QueueDisabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MakeThreadsAsNecessary' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitMode' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WorkerCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'QueueWorkerInfo' : [ 0x0, ['long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x58, {
+    'IoTicks' : [ 0x0, ['unsigned long long']],
+    'InitTicks' : [ 0x8, ['unsigned long long']],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'ElapsedTicks' : [ 0x18, ['unsigned long long']],
+    'CompressTicks' : [ 0x20, ['unsigned long long']],
+    'ResumeAppTime' : [ 0x28, ['unsigned long long']],
+    'HiberFileResumeTime' : [ 0x30, ['unsigned long long']],
+    'BytesCopied' : [ 0x38, ['unsigned long long']],
+    'PagesProcessed' : [ 0x40, ['unsigned long long']],
+    'PagesWritten' : [ 0x48, ['unsigned long']],
+    'DumpCount' : [ 0x4c, ['unsigned long']],
+    'FileRuns' : [ 0x50, ['unsigned long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_MMVIEW' : [ 0x30, {
+    'Entry' : [ 0x0, ['unsigned long long']],
+    'Writable' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'ControlArea' : [ 0x8, ['pointer64', ['_CONTROL_AREA']]],
+    'ViewLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionViewVa' : [ 0x20, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x40, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'PciDeviceId' : [ 0x18, ['unsigned short']],
+    'PciVendorId' : [ 0x1a, ['unsigned short']],
+    'PciBusNumber' : [ 0x1c, ['unsigned char']],
+    'PciBusSegment' : [ 0x1e, ['unsigned short']],
+    'PciSlotNumber' : [ 0x20, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x21, ['unsigned char']],
+    'PciFlags' : [ 0x24, ['unsigned long']],
+    'SystemGUID' : [ 0x28, ['_GUID']],
+    'IsMMIODevice' : [ 0x38, ['unsigned char']],
+    'TerminalType' : [ 0x39, ['unsigned char']],
+} ],
+  '__unnamed_246a' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_246c' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_246e' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_246a']],
+    'Gpt' : [ 0x0, ['__unnamed_246c']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0xa0, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_246e']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x48, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Hint' : [ 0x14, ['unsigned long']],
+    'BasePte' : [ 0x18, ['pointer64', ['_MMPTE']]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'Vm' : [ 0x28, ['pointer64', ['_MMSUPPORT']]],
+    'TotalSystemPtes' : [ 0x30, ['long']],
+    'TotalFreeSystemPtes' : [ 0x34, ['long']],
+    'CachedPteCount' : [ 0x38, ['long']],
+    'PteFailures' : [ 0x3c, ['unsigned long']],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+    'GlobalMutex' : [ 0x40, ['pointer64', ['_KGUARDED_MUTEX']]],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x20, {
+    'DHCPServerACK' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x8, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x298, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 9, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x5f0, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'Reserved2' : [ 0x248, ['array', 7, ['unsigned long']]],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'AltArchitecturePad' : [ 0x2c4, ['array', 1, ['unsigned long']]],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['unsigned char']],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'TscQpcData' : [ 0x2ed, ['unsigned char']],
+    'TscQpcEnabled' : [ 0x2ed, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TscQpcSpareFlag' : [ 0x2ed, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'TscQpcShift' : [ 0x2ed, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'TscQpcPad' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgSystemDllRelocated' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgSEHValidationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'SystemCall' : [ 0x300, ['unsigned long']],
+    'SystemCallReturn' : [ 0x304, ['unsigned long']],
+    'SystemCallPad' : [ 0x308, ['array', 3, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'DEPRECATED_Wow64SharedInformation' : [ 0x340, ['array', 16, ['unsigned long']]],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved5' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'TscQpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned short']],
+    'Reserved4' : [ 0x3c6, ['unsigned short']],
+    'AitSamplingValue' : [ 0x3c8, ['unsigned long']],
+    'AppCompatFlag' : [ 0x3cc, ['unsigned long']],
+    'DEPRECATED_SystemDllNativeRelocation' : [ 0x3d0, ['unsigned long long']],
+    'DEPRECATED_SystemDllWowRelocation' : [ 0x3d8, ['unsigned long']],
+    'XStatePad' : [ 0x3dc, ['array', 1, ['unsigned long']]],
+    'XState' : [ 0x3e0, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1043' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1043']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1047' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1047']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_105f' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1061' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_105f']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_1061']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_INVALID'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TP_TASK' : [ 0x20, {
+    'Callbacks' : [ 0x0, ['pointer64', ['_TP_TASK_CALLBACKS']]],
+    'NumaNode' : [ 0x8, ['unsigned long']],
+    'IdealProcessor' : [ 0xc, ['unsigned char']],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_TP_TASK_CALLBACKS' : [ 0x10, {
+    'ExecuteCallback' : [ 0x0, ['pointer64', ['void']]],
+    'Unposted' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_TP_DIRECT' : [ 0x10, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'NumaNode' : [ 0x8, ['unsigned long']],
+    'IdealProcessor' : [ 0xc, ['unsigned char']],
+} ],
+  '_TEB' : [ 0x1818, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'SystemReserved1' : [ 0x110, ['array', 54, ['pointer64', ['void']]]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'SpareBytes' : [ 0x2d0, ['array', 24, ['unsigned char']]],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'EtwLocalData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'SoftPatchPtr1' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'SpareUlong0' : [ 0x180c, ['unsigned long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned short']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_KPCR' : [ 0x7080, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x6f00, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'PrcbPad00' : [ 0x21, ['array', 3, ['unsigned char']]],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PrcbPad01' : [ 0x38, ['unsigned long long']],
+    'ProcessorState' : [ 0x40, ['_KPROCESSOR_STATE']],
+    'CpuType' : [ 0x5f0, ['unsigned char']],
+    'CpuID' : [ 0x5f1, ['unsigned char']],
+    'CpuStep' : [ 0x5f2, ['unsigned short']],
+    'CpuStepping' : [ 0x5f2, ['unsigned char']],
+    'CpuModel' : [ 0x5f3, ['unsigned char']],
+    'MHz' : [ 0x5f4, ['unsigned long']],
+    'HalReserved' : [ 0x5f8, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x638, ['unsigned short']],
+    'MajorVersion' : [ 0x63a, ['unsigned short']],
+    'BuildType' : [ 0x63c, ['unsigned char']],
+    'CpuVendor' : [ 0x63d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x63e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x63f, ['unsigned char']],
+    'ApicMask' : [ 0x640, ['unsigned long']],
+    'CFlushSize' : [ 0x644, ['unsigned long']],
+    'AcpiReserved' : [ 0x648, ['pointer64', ['void']]],
+    'InitialApicId' : [ 0x650, ['unsigned long']],
+    'Stride' : [ 0x654, ['unsigned long']],
+    'Group' : [ 0x658, ['unsigned short']],
+    'GroupSetMember' : [ 0x660, ['unsigned long long']],
+    'GroupIndex' : [ 0x668, ['unsigned char']],
+    'LockQueue' : [ 0x670, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x780, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNPagedLookasideList' : [ 0x880, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x1480, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x2080, ['long']],
+    'DeferredReadyListHead' : [ 0x2088, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2090, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2094, ['long']],
+    'MmTransitionCount' : [ 0x2098, ['long']],
+    'MmDemandZeroCount' : [ 0x209c, ['long']],
+    'MmPageReadCount' : [ 0x20a0, ['long']],
+    'MmPageReadIoCount' : [ 0x20a4, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x20a8, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x20ac, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x20b0, ['long']],
+    'MmMappedWriteIoCount' : [ 0x20b4, ['long']],
+    'KeSystemCalls' : [ 0x20b8, ['unsigned long']],
+    'KeContextSwitches' : [ 0x20bc, ['unsigned long']],
+    'CcFastReadNoWait' : [ 0x20c0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x20c4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x20c8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x20cc, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x20d0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x20d4, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x20d8, ['long']],
+    'IoReadOperationCount' : [ 0x20dc, ['long']],
+    'IoWriteOperationCount' : [ 0x20e0, ['long']],
+    'IoOtherOperationCount' : [ 0x20e4, ['long']],
+    'IoReadTransferCount' : [ 0x20e8, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x20f0, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x20f8, ['_LARGE_INTEGER']],
+    'TargetCount' : [ 0x2100, ['long']],
+    'IpiFrozen' : [ 0x2104, ['unsigned long']],
+    'DpcData' : [ 0x2180, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x21c0, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x21c8, ['long']],
+    'DpcRequestRate' : [ 0x21cc, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x21d0, ['unsigned long']],
+    'DpcLastCount' : [ 0x21d4, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x21d8, ['unsigned char']],
+    'QuantumEnd' : [ 0x21d9, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x21da, ['unsigned char']],
+    'IdleSchedule' : [ 0x21db, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x21dc, ['long']],
+    'DpcRequestSlot' : [ 0x21dc, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x21dc, ['short']],
+    'DpcThreadActive' : [ 0x21de, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'ThreadDpcState' : [ 0x21de, ['short']],
+    'TimerHand' : [ 0x21e0, ['unsigned long']],
+    'MasterOffset' : [ 0x21e4, ['long']],
+    'LastTick' : [ 0x21e8, ['unsigned long']],
+    'UnusedPad' : [ 0x21ec, ['unsigned long']],
+    'TrappedSecurityDomain' : [ 0x21f0, ['unsigned long long']],
+    'BpbState' : [ 0x21f8, ['unsigned char']],
+    'BpbIbrsPresent' : [ 0x21f8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbStibpPresent' : [ 0x21f8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbSmepPresent' : [ 0x21f8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbReserved' : [ 0x21f8, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'BpbPad' : [ 0x21f9, ['array', 7, ['unsigned char']]],
+    'InterruptObject' : [ 0x2200, ['array', 256, ['pointer64', ['void']]]],
+    'TimerTable' : [ 0x2a00, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x4c00, ['_KGATE']],
+    'PrcbPad52' : [ 0x4c18, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x4c20, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x4c60, ['long']],
+    'ClockCheckSlot' : [ 0x4c64, ['unsigned char']],
+    'ClockPollCycle' : [ 0x4c65, ['unsigned char']],
+    'NmiActive' : [ 0x4c66, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x4c68, ['long']],
+    'DpcWatchdogCount' : [ 0x4c6c, ['long']],
+    'TickOffset' : [ 0x4c70, ['unsigned long long']],
+    'KeSpinLockOrdering' : [ 0x4c78, ['long']],
+    'PrcbPad70' : [ 0x4c7c, ['unsigned long']],
+    'WaitListHead' : [ 0x4c80, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x4c90, ['unsigned long long']],
+    'ReadySummary' : [ 0x4c98, ['unsigned long']],
+    'QueueIndex' : [ 0x4c9c, ['unsigned long']],
+    'TimerExpirationDpc' : [ 0x4ca0, ['_KDPC']],
+    'PrcbPad72' : [ 0x4ce0, ['array', 4, ['unsigned long long']]],
+    'DispatcherReadyListHead' : [ 0x4d00, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x4f00, ['unsigned long']],
+    'KernelTime' : [ 0x4f04, ['unsigned long']],
+    'UserTime' : [ 0x4f08, ['unsigned long']],
+    'DpcTime' : [ 0x4f0c, ['unsigned long']],
+    'InterruptTime' : [ 0x4f10, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4f14, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4f18, ['unsigned char']],
+    'PrcbPad80' : [ 0x4f19, ['array', 7, ['unsigned char']]],
+    'DpcTimeCount' : [ 0x4f20, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4f24, ['unsigned long']],
+    'PeriodicCount' : [ 0x4f28, ['unsigned long']],
+    'PeriodicBias' : [ 0x4f2c, ['unsigned long']],
+    'AvailableTime' : [ 0x4f30, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x4f34, ['unsigned long']],
+    'ParentNode' : [ 0x4f38, ['pointer64', ['_KNODE']]],
+    'StartCycles' : [ 0x4f40, ['unsigned long long']],
+    'PrcbPad82' : [ 0x4f48, ['array', 3, ['unsigned long long']]],
+    'MmSpinLockOrdering' : [ 0x4f60, ['long']],
+    'PageColor' : [ 0x4f64, ['unsigned long']],
+    'NodeColor' : [ 0x4f68, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x4f6c, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x4f70, ['unsigned long']],
+    'PrcbPad83' : [ 0x4f74, ['unsigned long']],
+    'CycleTime' : [ 0x4f78, ['unsigned long long']],
+    'CcFastMdlReadNoWait' : [ 0x4f80, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x4f84, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x4f88, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x4f8c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x4f90, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x4f94, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x4f98, ['unsigned long']],
+    'CcPinReadWait' : [ 0x4f9c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x4fa0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x4fa4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x4fa8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x4fac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x4fb0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x4fb4, ['unsigned long']],
+    'CcDataPages' : [ 0x4fb8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x4fbc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x4fc0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x4fc4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x4fc8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x4fcc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x4fd0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x4fd4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x4fd8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x4fdc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x4fe0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x4fe4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x4fe8, ['long']],
+    'MmCacheReadCount' : [ 0x4fec, ['long']],
+    'MmCacheIoCount' : [ 0x4ff0, ['long']],
+    'PrcbPad91' : [ 0x4ff4, ['array', 1, ['unsigned long']]],
+    'RuntimeAccumulation' : [ 0x4ff8, ['unsigned long long']],
+    'PowerState' : [ 0x5000, ['_PROCESSOR_POWER_STATE']],
+    'PrcbPad92' : [ 0x5100, ['array', 16, ['unsigned char']]],
+    'KeAlignmentFixupCount' : [ 0x5110, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x5118, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x5158, ['_KTIMER']],
+    'Cache' : [ 0x5198, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x51d4, ['unsigned long']],
+    'CachedCommit' : [ 0x51d8, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x51dc, ['unsigned long']],
+    'HyperPte' : [ 0x51e0, ['pointer64', ['void']]],
+    'WheaInfo' : [ 0x51e8, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x51f0, ['pointer64', ['void']]],
+    'InterruptObjectPool' : [ 0x5200, ['_SLIST_HEADER']],
+    'HypercallPageList' : [ 0x5210, ['_SLIST_HEADER']],
+    'HypercallPageVirtual' : [ 0x5220, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x5228, ['pointer64', ['void']]],
+    'StatisticsPage' : [ 0x5230, ['pointer64', ['unsigned long long']]],
+    'RateControl' : [ 0x5238, ['pointer64', ['void']]],
+    'CacheProcessorMask' : [ 0x5240, ['array', 5, ['unsigned long long']]],
+    'PackageProcessorSet' : [ 0x5268, ['_KAFFINITY_EX']],
+    'CoreProcessorSet' : [ 0x5290, ['unsigned long long']],
+    'PebsIndexAddress' : [ 0x5298, ['pointer64', ['void']]],
+    'PrcbPad93' : [ 0x52a0, ['array', 12, ['unsigned long long']]],
+    'SpinLockAcquireCount' : [ 0x5300, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x5304, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x5308, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0x530c, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x5310, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x5314, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x5318, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x531c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x5320, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x5324, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x5328, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x532c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x5330, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x5334, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x5338, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x533c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x5340, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x5344, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x5348, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x534c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x5350, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x5354, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x5358, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x535c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x5360, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x5364, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x5368, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x536c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x5370, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x5374, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x5378, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x537c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x5380, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x5384, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x5388, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x538c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x5390, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x5394, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x5398, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x539c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0x53a0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0x53a4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0x53a8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0x53ac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0x53b0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0x53b4, ['unsigned long']],
+    'VendorString' : [ 0x53b8, ['array', 13, ['unsigned char']]],
+    'PrcbPad10' : [ 0x53c5, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x53c8, ['unsigned long long']],
+    'PrcbPad11' : [ 0x53d0, ['unsigned long']],
+    'UpdateSignature' : [ 0x53d8, ['_LARGE_INTEGER']],
+    'Context' : [ 0x53e0, ['pointer64', ['_CONTEXT']]],
+    'ContextFlags' : [ 0x53e8, ['unsigned long']],
+    'ExtendedState' : [ 0x53f0, ['pointer64', ['_XSAVE_AREA']]],
+    'PrcbPad112' : [ 0x53f8, ['array', 7, ['unsigned long long']]],
+    'Mailbox' : [ 0x5480, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'PrcbPad130' : [ 0x5488, ['array', 7, ['unsigned long long']]],
+    'PrcbPad135' : [ 0x54c0, ['array', 2496, ['unsigned char']]],
+    'KernelDirectoryTableBase' : [ 0x5e80, ['unsigned long long']],
+    'RspBaseShadow' : [ 0x5e88, ['unsigned long long']],
+    'UserRspShadow' : [ 0x5e90, ['unsigned long long']],
+    'ShadowFlags' : [ 0x5e98, ['unsigned long']],
+    'PrcbPad139' : [ 0x5e9c, ['unsigned long']],
+    'PrcbPad140' : [ 0x5ea0, ['array', 508, ['unsigned long long']]],
+    'RequestMailbox' : [ 0x6e80, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '__unnamed_114d' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Virtual' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_114f' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Reserved2' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_1151' : [ 0x10, {
+    'Reserved' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_INVPCID_DESCRIPTOR' : [ 0x10, {
+    'IndividualAddress' : [ 0x0, ['__unnamed_114d']],
+    'SingleContext' : [ 0x0, ['__unnamed_114f']],
+    'AllContextAndGlobals' : [ 0x0, ['__unnamed_1151']],
+    'AllContext' : [ 0x0, ['__unnamed_1151']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTHREAD' : [ 0x368, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'KernelStack' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'WaitRegister' : [ 0x48, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x49, ['unsigned char']],
+    'Alerted' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'KernelStackResident' : [ 0x4c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x4c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessReadyQueue' : [ 0x4c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WaitNext' : [ 0x4c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x4c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Alertable' : [ 0x4c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GdiFlushActive' : [ 0x4c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x4c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x4c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x4c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x4c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x4c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'TimerActive' : [ 0x4c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SystemThread' : [ 0x4c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Reserved' : [ 0x4c, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x4c, ['long']],
+    'ApcState' : [ 0x50, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x50, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0x7b, ['unsigned char']],
+    'NextProcessor' : [ 0x7c, ['unsigned long']],
+    'DeferredProcessor' : [ 0x80, ['unsigned long']],
+    'ApcQueueLock' : [ 0x88, ['unsigned long long']],
+    'WaitStatus' : [ 0x90, ['long long']],
+    'WaitBlockList' : [ 0x98, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xa0, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xa0, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xb0, ['pointer64', ['_KQUEUE']]],
+    'Teb' : [ 0xb8, ['pointer64', ['void']]],
+    'Timer' : [ 0xc0, ['_KTIMER']],
+    'AutoAlignment' : [ 0x100, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x100, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EtwStackTraceApc1Inserted' : [ 0x100, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EtwStackTraceApc2Inserted' : [ 0x100, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x100, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x100, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x100, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x100, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x100, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'VdmSafe' : [ 0x100, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'UmsDispatched' : [ 0x100, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x100, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x100, ['long']],
+    'Spare0' : [ 0x104, ['unsigned long']],
+    'WaitBlock' : [ 0x108, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x108, ['array', 44, ['unsigned char']]],
+    'ContextSwitches' : [ 0x134, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x108, ['array', 92, ['unsigned char']]],
+    'State' : [ 0x164, ['unsigned char']],
+    'NpxState' : [ 0x165, ['unsigned char']],
+    'WaitIrql' : [ 0x166, ['unsigned char']],
+    'WaitMode' : [ 0x167, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x108, ['array', 140, ['unsigned char']]],
+    'WaitTime' : [ 0x194, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x108, ['array', 168, ['unsigned char']]],
+    'TebMappedLowVa' : [ 0x1b0, ['pointer64', ['void']]],
+    'Ucb' : [ 0x1b8, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'WaitBlockFill8' : [ 0x108, ['array', 188, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1c4, ['short']],
+    'SpecialApcDisable' : [ 0x1c6, ['short']],
+    'CombinedApcDisable' : [ 0x1c4, ['unsigned long']],
+    'QueueListEntry' : [ 0x1c8, ['_LIST_ENTRY']],
+    'TrapFrame' : [ 0x1d8, ['pointer64', ['_KTRAP_FRAME']]],
+    'FirstArgument' : [ 0x1e0, ['pointer64', ['void']]],
+    'CallbackStack' : [ 0x1e8, ['pointer64', ['void']]],
+    'CallbackDepth' : [ 0x1e8, ['unsigned long long']],
+    'ApcStateIndex' : [ 0x1f0, ['unsigned char']],
+    'BasePriority' : [ 0x1f1, ['unsigned char']],
+    'PriorityDecrement' : [ 0x1f2, ['unsigned char']],
+    'ForegroundBoost' : [ 0x1f2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x1f2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x1f3, ['unsigned char']],
+    'AdjustReason' : [ 0x1f4, ['unsigned char']],
+    'AdjustIncrement' : [ 0x1f5, ['unsigned char']],
+    'PreviousMode' : [ 0x1f6, ['unsigned char']],
+    'Saturation' : [ 0x1f7, ['unsigned char']],
+    'SystemCallNumber' : [ 0x1f8, ['unsigned long']],
+    'FreezeCount' : [ 0x1fc, ['unsigned long']],
+    'UserAffinity' : [ 0x200, ['_GROUP_AFFINITY']],
+    'Process' : [ 0x210, ['pointer64', ['_KPROCESS']]],
+    'Affinity' : [ 0x218, ['_GROUP_AFFINITY']],
+    'IdealProcessor' : [ 0x228, ['unsigned long']],
+    'UserIdealProcessor' : [ 0x22c, ['unsigned long']],
+    'ApcStatePointer' : [ 0x230, ['array', 2, ['pointer64', ['_KAPC_STATE']]]],
+    'SavedApcState' : [ 0x240, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x240, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x26b, ['unsigned char']],
+    'SuspendCount' : [ 0x26c, ['unsigned char']],
+    'Spare1' : [ 0x26d, ['unsigned char']],
+    'CodePatchInProgress' : [ 0x26e, ['unsigned char']],
+    'Win32Thread' : [ 0x270, ['pointer64', ['void']]],
+    'StackBase' : [ 0x278, ['pointer64', ['void']]],
+    'SuspendApc' : [ 0x280, ['_KAPC']],
+    'SuspendApcFill0' : [ 0x280, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x281, ['unsigned char']],
+    'SuspendApcFill1' : [ 0x280, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x283, ['unsigned char']],
+    'SuspendApcFill2' : [ 0x280, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x284, ['unsigned long']],
+    'SuspendApcFill3' : [ 0x280, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c0, ['pointer64', ['_KPRCB']]],
+    'SuspendApcFill4' : [ 0x280, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2c8, ['pointer64', ['void']]],
+    'SuspendApcFill5' : [ 0x280, ['array', 83, ['unsigned char']]],
+    'LargeStack' : [ 0x2d3, ['unsigned char']],
+    'UserTime' : [ 0x2d4, ['unsigned long']],
+    'SuspendSemaphore' : [ 0x2d8, ['_KSEMAPHORE']],
+    'SuspendSemaphorefill' : [ 0x2d8, ['array', 28, ['unsigned char']]],
+    'SListFaultCount' : [ 0x2f4, ['unsigned long']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'SListFaultAddress' : [ 0x318, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x320, ['long long']],
+    'WriteOperationCount' : [ 0x328, ['long long']],
+    'OtherOperationCount' : [ 0x330, ['long long']],
+    'ReadTransferCount' : [ 0x338, ['long long']],
+    'WriteTransferCount' : [ 0x340, ['long long']],
+    'OtherTransferCount' : [ 0x348, ['long long']],
+    'ThreadCounters' : [ 0x350, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'StateSaveArea' : [ 0x358, ['pointer64', ['_XSAVE_FORMAT']]],
+    'XStateSave' : [ 0x360, ['pointer64', ['_XSTATE_SAVE']]],
+} ],
+  '_KERNEL_STACK_CONTROL' : [ 0x50, {
+    'Current' : [ 0x0, ['_KERNEL_STACK_SEGMENT']],
+    'Previous' : [ 0x28, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x98, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'PrimaryFlags' : [ 0x88, ['unsigned long']],
+    'UmsContextHeaderReady' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsContextHeader' : [ 0x30, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'UmsWaitGate' : [ 0x38, ['_KGATE']],
+    'StagingArea' : [ 0x50, ['pointer64', ['void']]],
+    'Flags' : [ 0x58, ['long']],
+    'UmsForceQueueTermination' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x58, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsPrimaryDeliveredContext' : [ 0x58, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UmsPerformingSingleStep' : [ 0x58, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'TebSelector' : [ 0x90, ['unsigned short']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_11dc' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 25, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 64, native_type='unsigned long long')]],
+    'HeaderType' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Init' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 61, native_type='unsigned long long')]],
+    'Region' : [ 0x8, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_11e1' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'HeaderType' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Init' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_11e4' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'HeaderType' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'Header8' : [ 0x0, ['__unnamed_11dc']],
+    'Header16' : [ 0x0, ['__unnamed_11e1']],
+    'HeaderX64' : [ 0x0, ['__unnamed_11e4']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_IO_STATUS_BLOCK32' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_EX_PUSH_LOCK_CACHE_AWARE' : [ 0x100, {
+    'Locks' : [ 0x0, ['array', 32, ['pointer64', ['_EX_PUSH_LOCK']]]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_EX_PUSH_LOCK_WAIT_BLOCK' : [ 0x40, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Next' : [ 0x18, ['pointer64', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'Last' : [ 0x20, ['pointer64', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'Previous' : [ 0x28, ['pointer64', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'ShareCount' : [ 0x30, ['long']],
+    'Flags' : [ 0x34, ['long']],
+} ],
+  '_ETHREAD' : [ 0x4a8, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x368, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x370, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x370, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x380, ['long']],
+    'PostBlockList' : [ 0x388, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x388, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x390, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x398, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x398, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x398, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x3a0, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x3a8, ['_LIST_ENTRY']],
+    'Cid' : [ 0x3b8, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x3c8, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x3c8, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x3e8, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x3f0, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x400, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x408, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CpuQuotaApc' : [ 0x410, ['pointer64', ['_PSP_CPU_QUOTA_APC']]],
+    'Win32StartAddress' : [ 0x418, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x420, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x428, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x438, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x440, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x448, ['unsigned long']],
+    'MmLockOrdering' : [ 0x44c, ['long']],
+    'CrossThreadFlags' : [ 0x450, ['unsigned long']],
+    'Terminated' : [ 0x450, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x450, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x450, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x450, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x450, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x450, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x450, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x450, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x450, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x450, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x450, ['BitField', dict(start_bit = 10, end_bit = 13, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x450, ['BitField', dict(start_bit = 13, end_bit = 16, native_type='unsigned long')]],
+    'RundownFail' : [ 0x450, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NeedsWorkingSetAging' : [ 0x450, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x454, ['unsigned long']],
+    'ActiveExWorker' : [ 0x454, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerCanWaitUser' : [ 0x454, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x454, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x454, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x454, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RateApcState' : [ 0x454, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x454, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x458, ['unsigned long']],
+    'Spare' : [ 0x458, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x458, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EtwPageFaultCalloutActive' : [ 0x458, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'OwnsProcessWorkingSetExclusive' : [ 0x458, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'OwnsProcessWorkingSetShared' : [ 0x458, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsSystemCacheWorkingSetExclusive' : [ 0x458, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsSystemCacheWorkingSetShared' : [ 0x458, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsSessionWorkingSetExclusive' : [ 0x458, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'OwnsSessionWorkingSetShared' : [ 0x459, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x459, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x459, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x459, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Prefetching' : [ 0x459, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsDynamicMemoryShared' : [ 0x459, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsChangeControlAreaExclusive' : [ 0x459, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsChangeControlAreaShared' : [ 0x459, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'OwnsPagedPoolWorkingSetExclusive' : [ 0x45a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsPagedPoolWorkingSetShared' : [ 0x45a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'OwnsSystemPtesWorkingSetExclusive' : [ 0x45a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'OwnsSystemPtesWorkingSetShared' : [ 0x45a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'TrimTrigger' : [ 0x45a, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x45a, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'PriorityRegionActive' : [ 0x45b, ['unsigned char']],
+    'CacheManagerActive' : [ 0x45c, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x45d, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x45e, ['unsigned char']],
+    'LockOrderState' : [ 0x45f, ['unsigned char']],
+    'AlpcMessageId' : [ 0x460, ['unsigned long long']],
+    'AlpcMessage' : [ 0x468, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x468, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x470, ['_LIST_ENTRY']],
+    'CacheManagerCount' : [ 0x480, ['unsigned long']],
+    'IoBoostCount' : [ 0x484, ['unsigned long']],
+    'IrpListLock' : [ 0x488, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x490, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x498, ['_SINGLE_LIST_ENTRY']],
+    'KernelStackReference' : [ 0x4a0, ['unsigned long']],
+} ],
+  '_EPROCESS' : [ 0x4f8, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CreateTime' : [ 0x168, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x170, ['_LARGE_INTEGER']],
+    'RundownProtect' : [ 0x178, ['_EX_RUNDOWN_REF']],
+    'UniqueProcessId' : [ 0x180, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x188, ['_LIST_ENTRY']],
+    'ProcessQuotaUsage' : [ 0x198, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x1a8, ['array', 2, ['unsigned long long']]],
+    'CommitCharge' : [ 0x1b8, ['unsigned long long']],
+    'QuotaBlock' : [ 0x1c0, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'CpuQuotaBlock' : [ 0x1c8, ['pointer64', ['_PS_CPU_QUOTA_BLOCK']]],
+    'PeakVirtualSize' : [ 0x1d0, ['unsigned long long']],
+    'VirtualSize' : [ 0x1d8, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x1e0, ['_LIST_ENTRY']],
+    'DebugPort' : [ 0x1f0, ['pointer64', ['void']]],
+    'ExceptionPortData' : [ 0x1f8, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x1f8, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x1f8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'ObjectTable' : [ 0x200, ['pointer64', ['_HANDLE_TABLE']]],
+    'Token' : [ 0x208, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0x210, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x218, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x220, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x228, ['pointer64', ['_ETHREAD']]],
+    'HardwareTrigger' : [ 0x230, ['unsigned long long']],
+    'PhysicalVadRoot' : [ 0x238, ['pointer64', ['_MM_AVL_TABLE']]],
+    'CloneRoot' : [ 0x240, ['pointer64', ['void']]],
+    'NumberOfPrivatePages' : [ 0x248, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x250, ['unsigned long long']],
+    'Win32Process' : [ 0x258, ['pointer64', ['void']]],
+    'Job' : [ 0x260, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x268, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x270, ['pointer64', ['void']]],
+    'Cookie' : [ 0x278, ['unsigned long']],
+    'UmsScheduledThreads' : [ 0x27c, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x280, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x288, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x290, ['pointer64', ['void']]],
+    'LdtInformation' : [ 0x298, ['pointer64', ['void']]],
+    'Spare' : [ 0x2a0, ['pointer64', ['void']]],
+    'ConsoleHostProcess' : [ 0x2a8, ['unsigned long long']],
+    'DeviceMap' : [ 0x2b0, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x2b8, ['pointer64', ['void']]],
+    'FreeTebHint' : [ 0x2c0, ['pointer64', ['void']]],
+    'FreeUmsTebHint' : [ 0x2c8, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x2d0, ['_HARDWARE_PTE']],
+    'Filler' : [ 0x2d0, ['unsigned long long']],
+    'Session' : [ 0x2d8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x2e0, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x2ef, ['unsigned char']],
+    'JobLinks' : [ 0x2f0, ['_LIST_ENTRY']],
+    'LockedPagesList' : [ 0x300, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'SecurityPort' : [ 0x318, ['pointer64', ['void']]],
+    'Wow64Process' : [ 0x320, ['pointer64', ['void']]],
+    'ActiveThreads' : [ 0x328, ['unsigned long']],
+    'ImagePathHash' : [ 0x32c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x330, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x334, ['long']],
+    'Peb' : [ 0x338, ['pointer64', ['_PEB']]],
+    'PrefetchTrace' : [ 0x340, ['_EX_FAST_REF']],
+    'ReadOperationCount' : [ 0x348, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x350, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x358, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x360, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x368, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x370, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x378, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x380, ['unsigned long long']],
+    'AweInfo' : [ 0x388, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x390, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'Vm' : [ 0x398, ['_MMSUPPORT']],
+    'MmProcessLinks' : [ 0x428, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x438, ['unsigned long']],
+    'Flags2' : [ 0x43c, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x43c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x43c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x43c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x43c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x43c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x43c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ReportPhysicalPageChanges' : [ 0x43c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'HandleTableRundown' : [ 0x43c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x43c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x43c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'NumaAware' : [ 0x43c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProtectedProcess' : [ 0x43c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x43c, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x43c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x43c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x43c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x43c, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x43c, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x43c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x43c, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Spare1' : [ 0x43c, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x43c, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x43c, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'LowVaAccessible' : [ 0x43c, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'RestrictIndirectBranchPrediction' : [ 0x43c, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x43c, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'Flags' : [ 0x440, ['unsigned long']],
+    'CreateReported' : [ 0x440, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x440, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x440, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x440, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow64SplitPages' : [ 0x440, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x440, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x440, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x440, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ForkFailed' : [ 0x440, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x440, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x440, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x440, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x440, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x440, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x440, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x440, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x440, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x440, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x440, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'InjectInpageErrors' : [ 0x440, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x440, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x440, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x440, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x440, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x440, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x440, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x440, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x440, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x440, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ExitStatus' : [ 0x444, ['long']],
+    'VadRoot' : [ 0x448, ['_MM_AVL_TABLE']],
+    'AlpcContext' : [ 0x488, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x4a8, ['_LIST_ENTRY']],
+    'RequestedTimerResolution' : [ 0x4b8, ['unsigned long']],
+    'ActiveThreadsHighWatermark' : [ 0x4bc, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x4c0, ['unsigned long']],
+    'TimerResolutionStackRecord' : [ 0x4c8, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'SequenceNumber' : [ 0x4d0, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x4d8, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x4e0, ['unsigned long long']],
+    'SecurityDomain' : [ 0x4e8, ['unsigned long long']],
+    'HighestUserAddress' : [ 0x4f0, ['pointer64', ['void']]],
+} ],
+  '_KPROCESS' : [ 0x160, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long long']],
+    'Affinity' : [ 0x48, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x80, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x88, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0xb0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0xb0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0xb0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'ActiveGroupsMask' : [ 0xb0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0xb0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0xb0, ['long']],
+    'BasePriority' : [ 0xb4, ['unsigned char']],
+    'QuantumReset' : [ 0xb5, ['unsigned char']],
+    'Visited' : [ 0xb6, ['unsigned char']],
+    'Unused3' : [ 0xb7, ['unsigned char']],
+    'ThreadSeed' : [ 0xb8, ['array', 4, ['unsigned long']]],
+    'IdealNode' : [ 0xc8, ['array', 4, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0xd0, ['unsigned short']],
+    'Flags' : [ 0xd2, ['_KEXECUTE_OPTIONS']],
+    'Unused1' : [ 0xd3, ['unsigned char']],
+    'Unused2' : [ 0xd4, ['unsigned long']],
+    'Unused4' : [ 0xd8, ['unsigned long']],
+    'StackCount' : [ 0xdc, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0xf0, ['unsigned long long']],
+    'KernelTime' : [ 0xf8, ['unsigned long']],
+    'UserTime' : [ 0xfc, ['unsigned long']],
+    'InstrumentationCallback' : [ 0x100, ['pointer64', ['void']]],
+    'LdtFreeSelectorHint' : [ 0x108, ['unsigned short']],
+    'LdtTableLength' : [ 0x10a, ['unsigned short']],
+    'Spare2' : [ 0x108, ['array', 4, ['unsigned char']]],
+    'LdtSystemDescriptor' : [ 0x110, ['_KGDTENTRY64']],
+    'LdtBaseAddress' : [ 0x120, ['pointer64', ['void']]],
+    'LdtProcessLock' : [ 0x128, ['_KGUARDED_MUTEX']],
+    'UserDirectoryTableBase' : [ 0x110, ['unsigned long long']],
+    'AddressPolicy' : [ 0x118, ['unsigned char']],
+    'Spare3' : [ 0x119, ['array', 71, ['unsigned char']]],
+} ],
+  '__unnamed_12e9' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_12e9']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xd8, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+} ],
+  '__unnamed_12f8' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_12fd' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_12ff' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_12fd']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_130a' : [ 0x50, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_130c' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_130a']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_12f8']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_12ff']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_130c']],
+} ],
+  '__unnamed_1313' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1317' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_131b' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_131d' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1321' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1323' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1325' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_1327' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1329' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_132b' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_132f' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_1331' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1333' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1335' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1337' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1339' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_133d' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_1341' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1345' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1349' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_134f' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1353' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1357' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1359' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_135b' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_135f' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_1363' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1367' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile'})]],
+} ],
+  '__unnamed_136b' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_136f' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1377' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+} ],
+  '__unnamed_137b' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_137d' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_137f' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1381' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_1313']],
+    'CreatePipe' : [ 0x0, ['__unnamed_1317']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_131b']],
+    'Read' : [ 0x0, ['__unnamed_131d']],
+    'Write' : [ 0x0, ['__unnamed_131d']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_1321']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_1323']],
+    'QueryFile' : [ 0x0, ['__unnamed_1325']],
+    'SetFile' : [ 0x0, ['__unnamed_1327']],
+    'QueryEa' : [ 0x0, ['__unnamed_1329']],
+    'SetEa' : [ 0x0, ['__unnamed_132b']],
+    'QueryVolume' : [ 0x0, ['__unnamed_132f']],
+    'SetVolume' : [ 0x0, ['__unnamed_132f']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_1331']],
+    'LockControl' : [ 0x0, ['__unnamed_1333']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1335']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1337']],
+    'SetSecurity' : [ 0x0, ['__unnamed_1339']],
+    'MountVolume' : [ 0x0, ['__unnamed_133d']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_133d']],
+    'Scsi' : [ 0x0, ['__unnamed_1341']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1345']],
+    'SetQuota' : [ 0x0, ['__unnamed_132b']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1349']],
+    'QueryInterface' : [ 0x0, ['__unnamed_134f']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_1353']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1357']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1359']],
+    'SetLock' : [ 0x0, ['__unnamed_135b']],
+    'QueryId' : [ 0x0, ['__unnamed_135f']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_1363']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1367']],
+    'WaitWake' : [ 0x0, ['__unnamed_136b']],
+    'PowerSequence' : [ 0x0, ['__unnamed_136f']],
+    'Power' : [ 0x0, ['__unnamed_1377']],
+    'StartDevice' : [ 0x0, ['__unnamed_137b']],
+    'WMI' : [ 0x0, ['__unnamed_137d']],
+    'Others' : [ 0x0, ['__unnamed_137f']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_1381']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1397' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_1397']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x20, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x58, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_1503' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_1503']],
+} ],
+  '__unnamed_1514' : [ 0x10, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Ia64' : [ 0x0, ['_IA64_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0xf0, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x40, ['unsigned long long']],
+    'Prcb' : [ 0x48, ['unsigned long long']],
+    'Process' : [ 0x50, ['unsigned long long']],
+    'Thread' : [ 0x58, ['unsigned long long']],
+    'RegistryLength' : [ 0x60, ['unsigned long']],
+    'RegistryBase' : [ 0x68, ['pointer64', ['void']]],
+    'ConfigurationRoot' : [ 0x70, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0x78, ['pointer64', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0x80, ['pointer64', ['unsigned char']]],
+    'NtBootPathName' : [ 0x88, ['pointer64', ['unsigned char']]],
+    'NtHalPathName' : [ 0x90, ['pointer64', ['unsigned char']]],
+    'LoadOptions' : [ 0x98, ['pointer64', ['unsigned char']]],
+    'NlsData' : [ 0xa0, ['pointer64', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0xa8, ['pointer64', ['_ARC_DISK_INFORMATION']]],
+    'OemFontFile' : [ 0xb0, ['pointer64', ['void']]],
+    'Extension' : [ 0xb8, ['pointer64', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0xc0, ['__unnamed_1514']],
+    'FirmwareInformation' : [ 0xd0, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_154c' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'WsIndex' : [ 0x0, ['unsigned long']],
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer64', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_154e' : [ 0x8, {
+    'Blink' : [ 0x0, ['unsigned long long']],
+    'ImageProtoPte' : [ 0x0, ['pointer64', ['_MMPTE']]],
+    'ShareCount' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1551' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'VolatileReferenceCount' : [ 0x0, ['short']],
+    'ShortFlags' : [ 0x2, ['unsigned short']],
+} ],
+  '__unnamed_1553' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY']],
+    'e2' : [ 0x0, ['__unnamed_1551']],
+} ],
+  '__unnamed_155b' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 52, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 55, native_type='unsigned long long')]],
+    'PfnImageVerified' : [ 0x0, ['BitField', dict(start_bit = 55, end_bit = 56, native_type='unsigned long long')]],
+    'AweAllocation' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'u1' : [ 0x0, ['__unnamed_154c']],
+    'u2' : [ 0x8, ['__unnamed_154e']],
+    'PteAddress' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['long']],
+    'PteLong' : [ 0x10, ['unsigned long long']],
+    'u3' : [ 0x18, ['__unnamed_1553']],
+    'UsedPageTableEntries' : [ 0x1c, ['unsigned short']],
+    'VaType' : [ 0x1e, ['unsigned char']],
+    'ViewCount' : [ 0x1f, ['unsigned char']],
+    'OriginalPte' : [ 0x20, ['_MMPTE']],
+    'AweReferenceCount' : [ 0x20, ['long']],
+    'u4' : [ 0x28, ['__unnamed_155b']],
+} ],
+  '_MI_COLOR_BASE' : [ 0x10, {
+    'ColorPointer' : [ 0x0, ['pointer64', ['unsigned short']]],
+    'ColorMask' : [ 0x8, ['unsigned short']],
+    'ColorNode' : [ 0xa, ['unsigned short']],
+} ],
+  '_MMSUPPORT' : [ 0x90, {
+    'WorkingSetMutex' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ExitGate' : [ 0x8, ['pointer64', ['_KGATE']]],
+    'AccessLog' : [ 0x10, ['pointer64', ['void']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 7, ['unsigned long']]],
+    'MinimumWorkingSetSize' : [ 0x44, ['unsigned long']],
+    'WorkingSetSize' : [ 0x48, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x4c, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x50, ['unsigned long']],
+    'ChargedWslePages' : [ 0x54, ['unsigned long']],
+    'ActualWslePages' : [ 0x58, ['unsigned long']],
+    'WorkingSetSizeOverhead' : [ 0x5c, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x60, ['unsigned long']],
+    'HardFaultCount' : [ 0x64, ['unsigned long']],
+    'VmWorkingSetList' : [ 0x68, ['pointer64', ['_MMWSL']]],
+    'NextPageColor' : [ 0x70, ['unsigned short']],
+    'LastTrimStamp' : [ 0x72, ['unsigned short']],
+    'PageFaultCount' : [ 0x74, ['unsigned long']],
+    'RepurposeCount' : [ 0x78, ['unsigned long']],
+    'Spare' : [ 0x7c, ['array', 2, ['unsigned long']]],
+    'Flags' : [ 0x84, ['_MMSUPPORT_FLAGS']],
+    'ShadowMapping' : [ 0x88, ['pointer64', ['void']]],
+} ],
+  '_MMWSL' : [ 0x490, {
+    'FirstFree' : [ 0x0, ['unsigned long']],
+    'FirstDynamic' : [ 0x4, ['unsigned long']],
+    'LastEntry' : [ 0x8, ['unsigned long']],
+    'NextSlot' : [ 0xc, ['unsigned long']],
+    'Wsle' : [ 0x10, ['pointer64', ['_MMWSLE']]],
+    'LowestPagableAddress' : [ 0x18, ['pointer64', ['void']]],
+    'LastInitializedWsle' : [ 0x20, ['unsigned long']],
+    'NextAgingSlot' : [ 0x24, ['unsigned long']],
+    'NumberOfCommittedPageTables' : [ 0x28, ['unsigned long']],
+    'VadBitMapHint' : [ 0x2c, ['unsigned long']],
+    'NonDirectCount' : [ 0x30, ['unsigned long']],
+    'LastVadBit' : [ 0x34, ['unsigned long']],
+    'MaximumLastVadBit' : [ 0x38, ['unsigned long']],
+    'LastAllocationSizeHint' : [ 0x3c, ['unsigned long']],
+    'LastAllocationSize' : [ 0x40, ['unsigned long']],
+    'NonDirectHash' : [ 0x48, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x50, ['pointer64', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x58, ['pointer64', ['_MMWSLE_HASH']]],
+    'MaximumUserPageTablePages' : [ 0x60, ['unsigned long']],
+    'CheckingShadow' : [ 0x64, ['unsigned char']],
+    'SpareFlags' : [ 0x65, ['array', 3, ['unsigned char']]],
+    'MaximumUserPageDirectoryPages' : [ 0x68, ['unsigned long']],
+    'CommittedPageTables' : [ 0x70, ['pointer64', ['unsigned long']]],
+    'NumberOfCommittedPageDirectories' : [ 0x78, ['unsigned long']],
+    'CommittedPageDirectories' : [ 0x80, ['array', 128, ['unsigned long long']]],
+    'NumberOfCommittedPageDirectoryParents' : [ 0x480, ['unsigned long']],
+    'CommittedPageDirectoryParents' : [ 0x488, ['array', 1, ['unsigned long long']]],
+} ],
+  '__unnamed_1586' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_1586']],
+} ],
+  '__unnamed_1592' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_159c' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 30, native_type='unsigned long')]],
+    'BitMap64' : [ 0x4, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubsectionRoot' : [ 0x8, ['pointer64', ['_MM_SUBSECTION_AVL_TABLE']]],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_159e' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_159c']],
+} ],
+  '_CONTROL_AREA' : [ 0x80, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_1592']],
+    'FlushInProgressCount' : [ 0x3c, ['unsigned long']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'StartingFrame' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_159e']],
+    'LockedPages' : [ 0x68, ['unsigned long long']],
+    'ViewList' : [ 0x70, ['_LIST_ENTRY']],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPAGING_FILE' : [ 0x90, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'File' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x38, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PageFileName' : [ 0x48, ['_UNICODE_STRING']],
+    'Bitmap' : [ 0x58, ['pointer64', ['_RTL_BITMAP']]],
+    'EvictStoreBitmap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'BitmapHint' : [ 0x68, ['unsigned long']],
+    'LastAllocationSize' : [ 0x6c, ['unsigned long']],
+    'ToBeEvictedCount' : [ 0x70, ['unsigned long']],
+    'PageFileNumber' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'BootPartition' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Spare0' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x76, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare1' : [ 0x76, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'FileHandle' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['unsigned long long']],
+    'LockOwner' : [ 0x88, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_MM_AVL_TABLE' : [ 0x40, {
+    'BalancedRoot' : [ 0x0, ['_MMADDRESS_NODE']],
+    'DepthOfTree' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long long')]],
+    'Unused' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long long')]],
+    'NumberGenericTableElements' : [ 0x28, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='unsigned long long')]],
+    'NodeHint' : [ 0x30, ['pointer64', ['void']]],
+    'NodeFreeHint' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '__unnamed_15da' : [ 0x8, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long long')]],
+    'Parent' : [ 0x0, ['pointer64', ['_MMVAD']]],
+} ],
+  '__unnamed_15dd' : [ 0x8, {
+    'LongFlags' : [ 0x0, ['unsigned long long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_15e0' : [ 0x8, {
+    'LongFlags3' : [ 0x0, ['unsigned long long']],
+    'VadFlags3' : [ 0x0, ['_MMVAD_FLAGS3']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'u1' : [ 0x0, ['__unnamed_15da']],
+    'LeftChild' : [ 0x8, ['pointer64', ['_MMVAD']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_MMVAD']]],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u' : [ 0x28, ['__unnamed_15dd']],
+    'PushLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x38, ['__unnamed_15e0']],
+} ],
+  '__unnamed_15e8' : [ 0x8, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long long')]],
+    'Parent' : [ 0x0, ['pointer64', ['_MMADDRESS_NODE']]],
+} ],
+  '_MMADDRESS_NODE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_15e8']],
+    'LeftChild' : [ 0x8, ['pointer64', ['_MMADDRESS_NODE']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_MMADDRESS_NODE']]],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_15ed' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '_MMVAD' : [ 0x78, {
+    'u1' : [ 0x0, ['__unnamed_15da']],
+    'LeftChild' : [ 0x8, ['pointer64', ['_MMVAD']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_MMVAD']]],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u' : [ 0x28, ['__unnamed_15dd']],
+    'PushLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x38, ['__unnamed_15e0']],
+    'u2' : [ 0x40, ['__unnamed_15ed']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'MappedSubsection' : [ 0x48, ['pointer64', ['_MSUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+} ],
+  '__unnamed_15f8' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x68, {
+    'Status' : [ 0x0, ['long']],
+    'Priority' : [ 0x4, ['unsigned char']],
+    'IrpPriority' : [ 0x5, ['unsigned char']],
+    'CurrentTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x10, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x20, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x28, ['unsigned long long']],
+    'MdlHack' : [ 0x30, ['__unnamed_15f8']],
+} ],
+  '__unnamed_15fe' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '__unnamed_1600' : [ 0x8, {
+    'KeepForever' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_15fe']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['__unnamed_1600']],
+    'PagingFile' : [ 0x30, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x40, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x48, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x50, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'PointerMdl' : [ 0x60, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0x68, ['_MDL']],
+    'Page' : [ 0x98, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HHIVE' : [ 0x598, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileSetSize' : [ 0x28, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x30, ['pointer64', ['void']]],
+    'FileRead' : [ 0x38, ['pointer64', ['void']]],
+    'FileFlush' : [ 0x40, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x48, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x50, ['pointer64', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x58, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x68, ['unsigned long']],
+    'DirtyAlloc' : [ 0x6c, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x70, ['unsigned long']],
+    'Cluster' : [ 0x74, ['unsigned long']],
+    'Flat' : [ 0x78, ['unsigned char']],
+    'ReadOnly' : [ 0x79, ['unsigned char']],
+    'DirtyFlag' : [ 0x7a, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x7c, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x80, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x84, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x88, ['unsigned long']],
+    'HiveFlags' : [ 0x8c, ['unsigned long']],
+    'CurrentLog' : [ 0x90, ['unsigned long']],
+    'LogSize' : [ 0x94, ['array', 2, ['unsigned long']]],
+    'RefreshCount' : [ 0x9c, ['unsigned long']],
+    'StorageTypeCount' : [ 0xa0, ['unsigned long']],
+    'Version' : [ 0xa4, ['unsigned long']],
+    'Storage' : [ 0xa8, ['array', 2, ['_DUAL']]],
+} ],
+  '_CM_VIEW_OF_FILE' : [ 0x58, {
+    'MappedViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'PinnedViewLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'FlushedViewLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'CmHive' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'Bcb' : [ 0x38, ['pointer64', ['void']]],
+    'ViewAddress' : [ 0x40, ['pointer64', ['void']]],
+    'FileOffset' : [ 0x48, ['unsigned long']],
+    'Size' : [ 0x4c, ['unsigned long']],
+    'UseCount' : [ 0x50, ['unsigned long']],
+} ],
+  '_CMHIVE' : [ 0xbe8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x598, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0x5c8, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x5d8, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x5e8, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x5f8, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0x600, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0x610, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x618, ['unsigned long']],
+    'Identity' : [ 0x61c, ['unsigned long']],
+    'HiveLock' : [ 0x620, ['pointer64', ['_FAST_MUTEX']]],
+    'ViewLock' : [ 0x628, ['_EX_PUSH_LOCK']],
+    'ViewLockOwner' : [ 0x630, ['pointer64', ['_KTHREAD']]],
+    'ViewLockLast' : [ 0x638, ['unsigned long']],
+    'ViewUnLockLast' : [ 0x63c, ['unsigned long']],
+    'WriterLock' : [ 0x640, ['pointer64', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0x648, ['pointer64', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0x650, ['_RTL_BITMAP']],
+    'FlushOffsetArray' : [ 0x660, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'FlushOffsetArrayCount' : [ 0x668, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x66c, ['unsigned long']],
+    'FlushLock2' : [ 0x670, ['pointer64', ['_FAST_MUTEX']]],
+    'SecurityLock' : [ 0x678, ['_EX_PUSH_LOCK']],
+    'MappedViewList' : [ 0x680, ['_LIST_ENTRY']],
+    'PinnedViewList' : [ 0x690, ['_LIST_ENTRY']],
+    'FlushedViewList' : [ 0x6a0, ['_LIST_ENTRY']],
+    'MappedViewCount' : [ 0x6b0, ['unsigned short']],
+    'PinnedViewCount' : [ 0x6b2, ['unsigned short']],
+    'UseCount' : [ 0x6b4, ['unsigned long']],
+    'ViewsPerHive' : [ 0x6b8, ['unsigned long']],
+    'FileObject' : [ 0x6c0, ['pointer64', ['_FILE_OBJECT']]],
+    'LastShrinkHiveSize' : [ 0x6c8, ['unsigned long']],
+    'ActualFileSize' : [ 0x6d0, ['_LARGE_INTEGER']],
+    'FileFullPath' : [ 0x6d8, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x6e8, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x6f8, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x708, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x70c, ['unsigned long']],
+    'SecurityHitHint' : [ 0x710, ['long']],
+    'SecurityCache' : [ 0x718, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x720, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xb20, ['unsigned long']],
+    'UnloadEventArray' : [ 0xb28, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0xb30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0xb38, ['unsigned char']],
+    'UnloadWorkItem' : [ 0xb40, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0xb48, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0xb70, ['unsigned char']],
+    'GrowOffset' : [ 0xb74, ['unsigned long']],
+    'KcbConvertListHead' : [ 0xb78, ['_LIST_ENTRY']],
+    'KnodeConvertListHead' : [ 0xb88, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0xb98, ['pointer64', ['_CM_CELL_REMAP_BLOCK']]],
+    'Flags' : [ 0xba0, ['unsigned long']],
+    'TrustClassEntry' : [ 0xba8, ['_LIST_ENTRY']],
+    'FlushCount' : [ 0xbb8, ['unsigned long']],
+    'CmRm' : [ 0xbc0, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0xbc8, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0xbcc, ['long']],
+    'CreatorOwner' : [ 0xbd0, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0xbd8, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0xbe0, ['_LARGE_INTEGER']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x128, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Delete' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'DelayedDeref' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DelayedClose' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Parking' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyHash' : [ 0x10, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x10, ['unsigned long']],
+    'NextHash' : [ 0x18, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x20, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x28, ['unsigned long']],
+    'KcbPushlock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x38, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x38, ['long']],
+    'SlotHint' : [ 0x40, ['unsigned long']],
+    'ParentKcb' : [ 0x48, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x50, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x60, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x70, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x70, ['unsigned long']],
+    'SubKeyCount' : [ 0x70, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x78, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x88, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xb0, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xb2, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xb4, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb8, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '__unnamed_1684' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapAndCopy', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpReadFileImageAndBuildMap', 8: '_HvpRecoverData', 9: '_HvpRecoverWholeHive', 10: '_HvpMapFileImageAndBuildMap', 11: '_CmpValidateHiveSecurityDescriptors', 12: '_HvpEnlistBinInMap', 13: '_CmCheckRegistry', 14: '_CmRegistryIO', 15: '_CmCheckRegistry2', 16: '_CmpCheckKey', 17: '_CmpCheckValueList', 18: '_HvCheckHive', 19: '_HvCheckBin'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1687' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1689' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_168b' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_168d' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_1691' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_1695' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_1697' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'RecoverableIndex' : [ 0xc, ['unsigned long']],
+    'Locations' : [ 0x10, ['array', 8, ['__unnamed_1684']]],
+    'RecoverableLocations' : [ 0x70, ['array', 8, ['__unnamed_1684']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_1687']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_1689']],
+    'CheckKey' : [ 0xf0, ['__unnamed_168b']],
+    'CheckValueList' : [ 0x110, ['__unnamed_168d']],
+    'CheckHive' : [ 0x128, ['__unnamed_1691']],
+    'CheckHive1' : [ 0x138, ['__unnamed_1691']],
+    'CheckBin' : [ 0x148, ['__unnamed_1695']],
+    'RecoverData' : [ 0x158, ['__unnamed_1697']],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0x80, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'DpcCount' : [ 0x38, ['unsigned long']],
+    'DpcRate' : [ 0x3c, ['unsigned long']],
+    'C1Time' : [ 0x40, ['unsigned long long']],
+    'C2Time' : [ 0x48, ['unsigned long long']],
+    'C3Time' : [ 0x50, ['unsigned long long']],
+    'C1Transitions' : [ 0x58, ['unsigned long long']],
+    'C2Transitions' : [ 0x60, ['unsigned long long']],
+    'C3Transitions' : [ 0x68, ['unsigned long long']],
+    'ParkingStatus' : [ 0x70, ['unsigned long']],
+    'CurrentFrequency' : [ 0x74, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x78, ['unsigned long']],
+    'StateFlags' : [ 0x7c, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_CONTEXT32_UPDATE' : [ 0x4, {
+    'NumberEntries' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_KAFFINITY_EX' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 4, ['unsigned long long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0x18, {
+    'Affinity' : [ 0x0, ['pointer64', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x8, ['unsigned long long']],
+    'CurrentIndex' : [ 0x10, ['unsigned short']],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'TimeStampCKCL' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'TimeStampKlog' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'CodePatchCycle' : [ 0x18c, ['long']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'CallbackStack' : [ 0xd8, ['unsigned long long']],
+    'OutputBuffer' : [ 0xe0, ['unsigned long long']],
+    'OutputLength' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '__unnamed_1749' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_1750' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_1749']],
+    'Bits' : [ 0x4, ['__unnamed_1750']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_KPROCESSOR_DESCRIPTOR_AREA' : [ 0x4000, {
+    'Idt' : [ 0x0, ['array', 256, ['_KIDTENTRY64']]],
+    'Tss' : [ 0x1000, ['_KTSS64']],
+    'TssSpare' : [ 0x1068, ['unsigned long long']],
+    'KernelGsBase' : [ 0x1070, ['pointer64', ['_KPCR']]],
+    'IdleStack' : [ 0x1078, ['pointer64', ['void']]],
+    'TssPad' : [ 0x1080, ['array', 3968, ['unsigned char']]],
+    'Gdt' : [ 0x2000, ['array', 8, ['_KGDTENTRY64']]],
+    'GdtEndPadding' : [ 0x2080, ['array', 3968, ['unsigned char']]],
+    'TransitionStack' : [ 0x3000, ['array', 8, ['_KTRANSITION_STACK']]],
+} ],
+  '_KTRANSITION_STACK' : [ 0x200, {
+    'Stack' : [ 0x0, ['array', 512, ['unsigned char']]],
+    'IstStack' : [ 0x0, ['array', 480, ['unsigned char']]],
+    'IstFrame' : [ 0x1e0, ['_KIST_BASE_FRAME']],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependentList' : [ 0x50, ['_LIST_ENTRY']],
+    'ProviderList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_179a' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_179c' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_17a0' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['unsigned short']]],
+} ],
+  '_DEVICE_NODE' : [ 0x268, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Level' : [ 0x50, ['unsigned long']],
+    'Notify' : [ 0x58, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xc0, ['_PO_IRP_MANAGER']],
+    'State' : [ 0xe0, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0xe4, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0xe8, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x138, ['unsigned long']],
+    'CompletionStatus' : [ 0x13c, ['long']],
+    'Flags' : [ 0x140, ['unsigned long']],
+    'UserFlags' : [ 0x144, ['unsigned long']],
+    'Problem' : [ 0x148, ['unsigned long']],
+    'ResourceList' : [ 0x150, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x158, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x160, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x168, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x174, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x178, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x17c, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x180, ['unsigned short']],
+    'RemovalPolicy' : [ 0x182, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x183, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x188, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x198, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1a8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x1b8, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x1ba, ['unsigned short']],
+    'NoArbiterMask' : [ 0x1bc, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x1be, ['unsigned short']],
+    'OverUsed1' : [ 0x1c0, ['__unnamed_179a']],
+    'OverUsed2' : [ 0x1c8, ['__unnamed_179c']],
+    'BootResources' : [ 0x1d0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x1d8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x1e0, ['unsigned long']],
+    'DockInfo' : [ 0x1e8, ['__unnamed_17a0']],
+    'DisableableDepends' : [ 0x208, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x210, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x220, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x230, ['unsigned long']],
+    'PreviousParent' : [ 0x238, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x240, ['unsigned long']],
+    'NumaNodeIndex' : [ 0x244, ['unsigned long']],
+    'ContainerID' : [ 0x248, ['_GUID']],
+    'OverrideFlags' : [ 0x258, ['unsigned char']],
+    'RequiresUnloadedDriver' : [ 0x259, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x260, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+} ],
+  '_KNODE' : [ 0xc0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x10, ['array', 3, ['_SLIST_HEADER']]],
+    'Affinity' : [ 0x40, ['_GROUP_AFFINITY']],
+    'ProximityId' : [ 0x50, ['unsigned long']],
+    'NodeNumber' : [ 0x54, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x56, ['unsigned short']],
+    'MaximumProcessors' : [ 0x58, ['unsigned char']],
+    'Color' : [ 0x59, ['unsigned char']],
+    'Flags' : [ 0x5a, ['_flags']],
+    'NodePad0' : [ 0x5b, ['unsigned char']],
+    'Seed' : [ 0x5c, ['unsigned long']],
+    'MmShiftedColor' : [ 0x60, ['unsigned long']],
+    'FreeCount' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'Right' : [ 0x78, ['unsigned long']],
+    'Left' : [ 0x7c, ['unsigned long']],
+    'CachedKernelStacks' : [ 0x80, ['_CACHED_KSTACK_LIST']],
+    'ParkLock' : [ 0xa0, ['long']],
+    'NodePad1' : [ 0xa4, ['unsigned long']],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1848' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1848']],
+} ],
+  '__unnamed_184f' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_184f']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x38, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'DirtyPages' : [ 0x28, ['unsigned long long']],
+    'PagesQueuedToDisk' : [ 0x30, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x1f8, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'LogHandle' : [ 0xf0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DirtyPageThreshold' : [ 0x100, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x104, ['unsigned long']],
+    'UninitializeEvent' : [ 0x108, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x110, ['_KGUARDED_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x148, ['_LARGE_INTEGER']],
+    'Event' : [ 0x150, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x168, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x170, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1d8, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1e0, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x1e8, ['unsigned long']],
+    'WritesInProgress' : [ 0x1ec, ['unsigned long']],
+    'PipelinedReadAheadSize' : [ 0x1f0, ['unsigned long']],
+} ],
+  '__unnamed_18c1' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+} ],
+  '_VACB' : [ 0x30, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_18c1']],
+    'Links' : [ 0x18, ['_LIST_ENTRY']],
+    'ArrayHead' : [ 0x28, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_KGUARDED_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Gate' : [ 0x18, ['_KGATE']],
+    'KernelApcDisable' : [ 0x30, ['short']],
+    'SpecialApcDisable' : [ 0x32, ['short']],
+    'CombinedApcDisable' : [ 0x30, ['unsigned long']],
+} ],
+  '__unnamed_18df' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_18e1' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_18e3' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_18e5' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_18e7' : [ 0x8, {
+    'Read' : [ 0x0, ['__unnamed_18df']],
+    'Write' : [ 0x0, ['__unnamed_18e1']],
+    'Event' : [ 0x0, ['__unnamed_18e3']],
+    'Notification' : [ 0x0, ['__unnamed_18e5']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x20, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_18e7']],
+    'Function' : [ 0x18, ['unsigned char']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x208, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'PointerKey' : [ 0x90, ['unsigned long long']],
+    'Interceptor' : [ 0x98, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x9c, ['unsigned long']],
+    'Signature' : [ 0xa0, ['unsigned long']],
+    'SegmentReserve' : [ 0xa8, ['unsigned long long']],
+    'SegmentCommit' : [ 0xb0, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb8, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xc0, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc8, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xd0, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd8, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xda, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xe0, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe8, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xea, ['unsigned short']],
+    'TagEntries' : [ 0xf0, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf8, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x108, ['unsigned long long']],
+    'AlignMask' : [ 0x110, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x118, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x128, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x138, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x13c, ['unsigned long']],
+    'BlocksIndex' : [ 0x140, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x148, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x150, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x158, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x168, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x170, ['pointer64', ['void']]],
+    'FrontEndHeap' : [ 0x178, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x180, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x182, ['unsigned char']],
+    'Counters' : [ 0x188, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x1f8, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1938' : [ 0x28, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+} ],
+  '_HEAP_LOCK' : [ 0x28, {
+    'Lock' : [ 0x0, ['__unnamed_1938']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PEB' : [ 0x380, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsLegacyProcess' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['void']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'HotpatchInformation' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pContextData' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0xe0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'LoadedImports' : [ 0x80, ['pointer64', ['void']]],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'PatchInformation' : [ 0x90, ['pointer64', ['void']]],
+    'ForwarderLinks' : [ 0x98, ['_LIST_ENTRY']],
+    'ServiceTagLinks' : [ 0xa8, ['_LIST_ENTRY']],
+    'StaticLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'ContextInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'OriginalBase' : [ 0xd0, ['unsigned long long']],
+    'LoadTime' : [ 0xd8, ['_LARGE_INTEGER']],
+} ],
+  '_HEAP_SUBSEGMENT' : [ 0x30, {
+    'LocalInfo' : [ 0x0, ['pointer64', ['_HEAP_LOCAL_SEGMENT_INFO']]],
+    'UserBlocks' : [ 0x8, ['pointer64', ['_HEAP_USERDATA_HEADER']]],
+    'AggregateExchg' : [ 0x10, ['_INTERLOCK_SEQ']],
+    'BlockSize' : [ 0x18, ['unsigned short']],
+    'Flags' : [ 0x1a, ['unsigned short']],
+    'BlockCount' : [ 0x1c, ['unsigned short']],
+    'SizeIndex' : [ 0x1e, ['unsigned char']],
+    'AffinityIndex' : [ 0x1f, ['unsigned char']],
+    'Alignment' : [ 0x18, ['array', 2, ['unsigned long']]],
+    'SFreeListEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'Lock' : [ 0x28, ['unsigned long']],
+} ],
+  '__unnamed_19b6' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_19b8' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19b6']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_19ba' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_19bc' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_19ba']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_19b8']],
+    'u2' : [ 0x4, ['__unnamed_19bc']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x38, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'CreatedObjects' : [ 0xc, ['unsigned long']],
+    'DeletedObjects' : [ 0x10, ['unsigned long']],
+    'DeleteProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x28, ['unsigned long long']],
+    'LookasideIndex' : [ 0x30, ['unsigned long']],
+} ],
+  '__unnamed_19d5' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_19d7' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_19d5']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x20, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_19d7']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'Lock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_19ea' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_19ec' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19ea']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_19ec']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_19f2' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_19f4' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19f2']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_19f4']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_19fa' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_19fc' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19fa']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_19fc']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x40, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+} ],
+  '__unnamed_1a18' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1a1a' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1a18']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1a0, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'MainQueue' : [ 0x88, ['_LIST_ENTRY']],
+    'PendingQueue' : [ 0x98, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa8, ['_LIST_ENTRY']],
+    'WaitQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xc8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xc8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0xd0, ['_ALPC_PORT_ATTRIBUTES']],
+    'Lock' : [ 0x118, ['_EX_PUSH_LOCK']],
+    'ResourceListLock' : [ 0x120, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x128, ['_LIST_ENTRY']],
+    'CompletionList' : [ 0x138, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'MessageZone' : [ 0x140, ['pointer64', ['_ALPC_MESSAGE_ZONE']]],
+    'CallbackObject' : [ 0x148, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x150, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x158, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x168, ['long']],
+    'u1' : [ 0x16c, ['__unnamed_1a1a']],
+    'TargetQueuePort' : [ 0x170, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x178, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x180, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x188, ['unsigned long']],
+    'PendingQueueLength' : [ 0x18c, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x190, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x194, ['unsigned long']],
+    'WaitQueueLength' : [ 0x198, ['unsigned long']],
+} ],
+  '_OBJECT_TYPE' : [ 0xd0, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xb8, ['unsigned long']],
+    'CallbackList' : [ 0xc0, ['_LIST_ENTRY']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_19b8']],
+    'u2' : [ 0x4, ['__unnamed_19bc']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1a39' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_1a3b' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1a39']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x100, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtensionBuffer' : [ 0x10, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0x18, ['unsigned long long']],
+    'QuotaProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x20, ['pointer64', ['void']]],
+    'SequenceNo' : [ 0x28, ['long']],
+    'u1' : [ 0x2c, ['__unnamed_1a3b']],
+    'CancelSequencePort' : [ 0x30, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x40, ['long']],
+    'CancelListEntry' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'PortQueue' : [ 0x68, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x70, ['pointer64', ['_ALPC_PORT']]],
+    'MessageAttributes' : [ 0x78, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xb0, ['pointer64', ['void']]],
+    'DataSystemVa' : [ 0xb8, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xc0, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xc8, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xd0, ['pointer64', ['_ETHREAD']]],
+    'PortMessage' : [ 0xd8, ['_PORT_MESSAGE']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ObjectType' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['pointer64', ['_OB_DUPLICATE_OBJECT_STATE']]],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x38, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+} ],
+  '__unnamed_1a79' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1a7b' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1a79']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_1a7b']],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x38, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'TotalLength' : [ 0x2c, ['unsigned short']],
+    'Type' : [ 0x2e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x30, ['unsigned short']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x48, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x78, ['pointer64', ['void']]],
+    'Override' : [ 0x80, ['unsigned char']],
+    'QueryOnly' : [ 0x81, ['unsigned char']],
+    'DeleteOnly' : [ 0x82, ['unsigned char']],
+    'FullAttributes' : [ 0x83, ['unsigned char']],
+    'LocalFileObject' : [ 0x88, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x90, ['unsigned long']],
+    'DriverCreateContext' : [ 0x98, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x340, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'CollectionOn' : [ 0xc, ['long']],
+    'LoggerMode' : [ 0x10, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x14, ['long']],
+    'GetCpuClock' : [ 0x18, ['pointer64', ['void']]],
+    'StartTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'NBQHead' : [ 0x40, ['pointer64', ['void']]],
+    'OverflowNBQHead' : [ 0x48, ['pointer64', ['void']]],
+    'QueueBlockFreeList' : [ 0x50, ['_SLIST_HEADER']],
+    'GlobalList' : [ 0x60, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x70, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x70, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x78, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x98, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xa8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xb8, ['unsigned long']],
+    'MaximumFileSize' : [ 0xbc, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xc0, ['unsigned long']],
+    'FlushTimer' : [ 0xc4, ['unsigned long']],
+    'FlushThreshold' : [ 0xc8, ['unsigned long']],
+    'ByteOffset' : [ 0xd0, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xd8, ['unsigned long']],
+    'BuffersAvailable' : [ 0xdc, ['long']],
+    'NumberOfBuffers' : [ 0xe0, ['long']],
+    'MaximumBuffers' : [ 0xe4, ['unsigned long']],
+    'EventsLost' : [ 0xe8, ['unsigned long']],
+    'BuffersWritten' : [ 0xec, ['unsigned long']],
+    'LogBuffersLost' : [ 0xf0, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xf4, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xf8, ['unsigned long']],
+    'SequencePtr' : [ 0x100, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x108, ['unsigned long']],
+    'InstanceGuid' : [ 0x10c, ['_GUID']],
+    'FileCounter' : [ 0x11c, ['long']],
+    'BufferCallback' : [ 0x120, ['pointer64', ['void']]],
+    'PoolType' : [ 0x128, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x130, ['_ETW_REF_CLOCK']],
+    'Consumers' : [ 0x140, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x150, ['unsigned long']],
+    'TransitionConsumer' : [ 0x158, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x160, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x168, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x178, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x180, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x188, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x190, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x198, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1a0, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1a8, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1b8, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1c0, ['_KEVENT']],
+    'FlushEvent' : [ 0x1d8, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x1f0, ['_KTIMER']],
+    'FlushDpc' : [ 0x230, ['_KDPC']],
+    'LoggerMutex' : [ 0x270, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2a8, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2b0, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2b0, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2b8, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x300, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x308, ['_EX_FAST_REF']],
+    'BufferSequenceNumber' : [ 0x310, ['long long']],
+    'Flags' : [ 0x318, ['unsigned long']],
+    'Persistent' : [ 0x318, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x318, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x318, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x318, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x318, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x318, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x318, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x318, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x318, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x318, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x31c, ['unsigned long']],
+    'RequestNewFie' : [ 0x31c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RequestUpdateFile' : [ 0x31c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RequestFlush' : [ 0x31c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RequestDisableRealtime' : [ 0x31c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequestDisconnectConsumer' : [ 0x31c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RequestConnectConsumer' : [ 0x31c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x320, ['_RTL_BITMAP']],
+    'DisallowedGuids' : [ 0x330, ['_DISALLOWED_GUIDS']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_ETW_BUFFER_HANDLE' : [ 0x10, {
+    'TraceBuffer' : [ 0x0, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'BufferFastRef' : [ 0x8, ['pointer64', ['_EX_FAST_REF']]],
+} ],
+  '_SYSTEM_TRACE_HEADER' : [ 0x20, {
+    'Marker' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['unsigned char']],
+    'Header' : [ 0x4, ['unsigned long']],
+    'Packet' : [ 0x4, ['_WMI_TRACE_PACKET']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'SystemTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'KernelTime' : [ 0x18, ['unsigned long']],
+    'UserTime' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PERFINFO_TRACE_HEADER' : [ 0x18, {
+    'Marker' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['unsigned char']],
+    'Header' : [ 0x4, ['unsigned long']],
+    'Packet' : [ 0x4, ['_WMI_TRACE_PACKET']],
+    'TS' : [ 0x8, ['unsigned long long']],
+    'SystemTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'Data' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_NBQUEUE_BLOCK' : [ 0x20, {
+    'SListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'Next' : [ 0x10, ['unsigned long long']],
+    'Data' : [ 0x18, ['unsigned long long']],
+} ],
+  '_TlgProvider_t' : [ 0x40, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+    'AnnotationFunc' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'Abandoned' : [ 0x30, ['unsigned char']],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_TRACE_ENABLE_CONTEXT' : [ 0x8, {
+    'LoggerId' : [ 0x0, ['unsigned short']],
+    'Level' : [ 0x2, ['unsigned char']],
+    'InternalFlag' : [ 0x3, ['unsigned char']],
+    'EnableFlags' : [ 0x4, ['unsigned long']],
+} ],
+  '_TRACE_ENABLE_CONTEXT_EX' : [ 0x10, {
+    'LoggerId' : [ 0x0, ['unsigned short']],
+    'Level' : [ 0x2, ['unsigned char']],
+    'InternalFlag' : [ 0x3, ['unsigned char']],
+    'EnableFlags' : [ 0x4, ['unsigned long']],
+    'EnableFlagsHigh' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x1b0, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long']],
+    'Guid' : [ 0x14, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['array', 8, ['pointer64', ['_EVENT_FILTER_HEADER']]]],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x318, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x74, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x78, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x7c, ['unsigned long']],
+    'VariableLength' : [ 0x80, ['unsigned long']],
+    'DynamicCharged' : [ 0x84, ['unsigned long']],
+    'DynamicAvailable' : [ 0x88, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x8c, ['unsigned long']],
+    'UserAndGroups' : [ 0x90, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa0, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xa8, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb0, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xb8, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc0, ['unsigned long']],
+    'TokenInUse' : [ 0xc4, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xc8, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xcc, ['unsigned long']],
+    'LogonSession' : [ 0xd0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xd8, ['_LUID']],
+    'SidHash' : [ 0xe0, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f0, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x300, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'SessionObject' : [ 0x308, ['pointer64', ['void']]],
+    'VariablePart' : [ 0x310, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x50, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'pDeviceMap' : [ 0x20, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x28, ['pointer64', ['void']]],
+    'AccountName' : [ 0x30, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x40, ['_UNICODE_STRING']],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved' : [ 0x1a, ['unsigned short']],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+    'HashIndex' : [ 0x14, ['unsigned short']],
+    'DirectoryLocked' : [ 0x16, ['unsigned char']],
+    'LockedExclusive' : [ 0x17, ['unsigned char']],
+    'LockStateSignature' : [ 0x18, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x158, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'SessionId' : [ 0x138, ['unsigned long']],
+    'NamespaceEntry' : [ 0x140, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x148, ['pointer64', ['void']]],
+    'Flags' : [ 0x150, ['unsigned long']],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS3' : [ 0x8, {
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'Teb' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'SequentialAccess' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'LastSequentialTrim' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 24, native_type='unsigned long long')]],
+    'Spare2' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long long')]],
+    'LargePageCreating' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'Spare3' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'Reserved1' : [ 0xa8, ['array', 85, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'SharedWaiters' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeSummary' : [ 0x260, ['unsigned long']],
+    'FreeBins' : [ 0x268, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Coalescable' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KeepShifting' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'Abandoned' : [ 0x1, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'ThreadSpecControl' : [ 0x1, ['unsigned char']],
+    'SpecControlIbrs' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecControlStibp' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SpecControlReserved' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CpuThrottled' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved2' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DpcActive' : [ 0x3, ['unsigned char']],
+    'Lock' : [ 0x0, ['long']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_COUNTERS' : [ 0x70, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'CompactHeapCalls' : [ 0x48, ['unsigned long']],
+    'CompactedUCRs' : [ 0x4c, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x50, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x54, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x58, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x60, ['unsigned long long']],
+    'LastPolledSize' : [ 0x68, ['unsigned long long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Count' : [ 0x10, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x18, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x20, ['unsigned long long']],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0x10, {
+    'CommonDataArea' : [ 0x0, ['pointer64', ['void']]],
+    'MachineType' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x30, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x10, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x10, {
+    'Key' : [ 0x0, ['pointer64', ['void']]],
+    'Index' : [ 0x8, ['unsigned long']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '_HANDLE_TABLE' : [ 0x68, {
+    'TableCode' : [ 0x0, ['unsigned long long']],
+    'QuotaProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'UniqueProcessId' : [ 0x10, ['pointer64', ['void']]],
+    'HandleLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'HandleTableList' : [ 0x20, ['_LIST_ENTRY']],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'DebugInfo' : [ 0x38, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+    'ExtraInfoPages' : [ 0x40, ['long']],
+    'Flags' : [ 0x44, ['unsigned long']],
+    'StrictFIFO' : [ 0x44, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FirstFreeHandle' : [ 0x48, ['unsigned long']],
+    'LastFreeHandleEntry' : [ 0x50, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x58, ['unsigned long']],
+    'NextHandleNeedingPool' : [ 0x5c, ['unsigned long']],
+    'HandleCountHighWatermark' : [ 0x60, ['unsigned long']],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'PoolType' : [ 0xc, ['unsigned long']],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'OneSecured' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'MultipleSecured' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'LongVad' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ExtendableFile' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_CM_KEY_BODY' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KtmTrans' : [ 0x38, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'Object' : [ 0x18, ['pointer64', ['void']]],
+    'NextWaitBlock' : [ 0x20, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitKey' : [ 0x28, ['unsigned short']],
+    'WaitType' : [ 0x2a, ['unsigned char']],
+    'BlockState' : [ 0x2b, ['unsigned char']],
+    'SpareLong' : [ 0x2c, ['long']],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x78, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['_KAFFINITY_EX']],
+    'SamplingPeriod' : [ 0x38, ['unsigned long']],
+    'CurrentTemperature' : [ 0x3c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x40, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x44, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x48, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x4c, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x74, ['unsigned long']],
+} ],
+  '__unnamed_1d17' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d19' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_1d17']],
+    'Private' : [ 0x0, ['__unnamed_1d19']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DirtyPages' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x18, {
+    'SecurityContext' : [ 0x0, ['_IMAGE_SECURITY_CONTEXT']],
+    'DynamicRelocations' : [ 0x8, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x10, ['long']],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '__unnamed_1d3a' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'Secured' : [ 0x0, ['_MMADDRESS_LIST']],
+} ],
+  '__unnamed_1d40' : [ 0x8, {
+    'Banked' : [ 0x0, ['pointer64', ['_MMBANKED_SECTION']]],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD_LONG' : [ 0x90, {
+    'u1' : [ 0x0, ['__unnamed_15da']],
+    'LeftChild' : [ 0x8, ['pointer64', ['_MMVAD']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_MMVAD']]],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u' : [ 0x28, ['__unnamed_15dd']],
+    'PushLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x38, ['__unnamed_15e0']],
+    'u2' : [ 0x40, ['__unnamed_15ed']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u3' : [ 0x78, ['__unnamed_1d3a']],
+    'u4' : [ 0x88, ['__unnamed_1d40']],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_EJOB' : [ 0x1c8, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'TotalPageFaultCount' : [ 0xc0, ['unsigned long']],
+    'TotalProcesses' : [ 0xc4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xc8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xcc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xd0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xd8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xe0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xe8, ['unsigned long long']],
+    'LimitFlags' : [ 0xf0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xf4, ['unsigned long']],
+    'Affinity' : [ 0xf8, ['_KAFFINITY_EX']],
+    'PriorityClass' : [ 0x120, ['unsigned char']],
+    'AccessState' : [ 0x128, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'UIRestrictionsClass' : [ 0x130, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x134, ['unsigned long']],
+    'CompletionPort' : [ 0x138, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x140, ['pointer64', ['void']]],
+    'SessionId' : [ 0x148, ['unsigned long']],
+    'SchedulingClass' : [ 0x14c, ['unsigned long']],
+    'ReadOperationCount' : [ 0x150, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x158, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x160, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x168, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x170, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x178, ['unsigned long long']],
+    'ProcessMemoryLimit' : [ 0x180, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x188, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x190, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x198, ['unsigned long long']],
+    'CurrentJobMemoryUsed' : [ 0x1a0, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x1a8, ['_EX_PUSH_LOCK']],
+    'JobSetLinks' : [ 0x1b0, ['_LIST_ENTRY']],
+    'MemberLevel' : [ 0x1c0, ['unsigned long']],
+    'JobFlags' : [ 0x1c4, ['unsigned long']],
+} ],
+  '__unnamed_1d54' : [ 0x4, {
+    'AsULONG' : [ 0x0, ['unsigned long']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HvMaxCState' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0xa0, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['__unnamed_1d54']],
+    'TargetState' : [ 0x8, ['unsigned long']],
+    'ActualState' : [ 0xc, ['unsigned long']],
+    'OldState' : [ 0x10, ['unsigned long']],
+    'TargetProcessors' : [ 0x18, ['_KAFFINITY_EX']],
+    'State' : [ 0x40, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '__unnamed_1d5d' : [ 0x18, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x20, {
+    'FirmwareTypeEfi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_1d5d']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x88, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned long']],
+    'ShutDownRequested' : [ 0x5c, ['unsigned char']],
+    'NewBuffersLost' : [ 0x5d, ['unsigned char']],
+    'Disconnected' : [ 0x5e, ['unsigned char']],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'Wow' : [ 0x84, ['unsigned char']],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x8, ['_KGUARDED_MUTEX']],
+    'NonPagedLock' : [ 0x8, ['unsigned long long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'RunningDeAllocs' : [ 0x44, ['long']],
+    'TotalBigPages' : [ 0x48, ['long']],
+    'ThreadsProcessingDeferrals' : [ 0x4c, ['long']],
+    'TotalBytes' : [ 0x50, ['unsigned long long']],
+    'PoolIndex' : [ 0x80, ['unsigned long']],
+    'TotalPages' : [ 0xc0, ['long']],
+    'PendingFrees' : [ 0x100, ['pointer64', ['pointer64', ['void']]]],
+    'PendingFreeDepth' : [ 0x108, ['long']],
+    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x38, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_KINTERRUPT' : [ 0x90, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'Pad' : [ 0x65, ['array', 3, ['unsigned char']]],
+    'Mode' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptActiveHigh', 2: 'InterruptActiveLow'})]],
+    'ServiceCount' : [ 0x70, ['unsigned long']],
+    'DispatchCount' : [ 0x74, ['unsigned long']],
+    'Rsvd1' : [ 0x78, ['unsigned long long']],
+    'TrapFrame' : [ 0x80, ['pointer64', ['_KTRAP_FRAME']]],
+    'Reserved' : [ 0x88, ['pointer64', ['void']]],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'ObAttributes' : [ 0x0, ['unsigned long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'GrantedAccess' : [ 0x8, ['unsigned long']],
+    'GrantedAccessIndex' : [ 0x8, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xa, ['unsigned short']],
+    'NextFreeTableEntry' : [ 0x8, ['unsigned long']],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x88, {
+    'FileName' : [ 0x0, ['pointer64', ['unsigned short']]],
+    'BaseName' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x98, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x20, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x28, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x30, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x38, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x40, ['unsigned long long']],
+    'Header' : [ 0x48, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x50, ['pointer64', ['void']]],
+    'ListSize' : [ 0x58, ['unsigned long long']],
+    'Bitmap' : [ 0x60, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x68, ['unsigned long long']],
+    'Data' : [ 0x70, ['pointer64', ['void']]],
+    'DataSize' : [ 0x78, ['unsigned long long']],
+    'BitmapLimit' : [ 0x80, ['unsigned long']],
+    'BitmapNextHint' : [ 0x84, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x88, ['unsigned long']],
+    'AttributeFlags' : [ 0x8c, ['unsigned long']],
+    'AttributeSize' : [ 0x90, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_IO_WORKITEM' : [ 0x40, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'Type' : [ 0x38, ['unsigned long']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x8, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 51, native_type='unsigned long long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 55, native_type='unsigned long long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 55, end_bit = 56, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 61, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 63, native_type='unsigned long long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MMWSLE_HASH' : [ 0x4, {
+    'Index' : [ 0x0, ['unsigned long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x90, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'Data' : [ 0x40, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0x18, {
+    'AnsiCodePageData' : [ 0x0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0x8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_ALIGNED_AFFINITY_SUMMARY' : [ 0x80, {
+    'CpuSet' : [ 0x0, ['_KAFFINITY_EX']],
+    'SMTSet' : [ 0x28, ['_KAFFINITY_EX']],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x210, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OptimizedSave' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Features' : [ 0x10, ['array', 64, ['_XSTATE_FEATURE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 22, native_type='unsigned long long')]],
+    'InStore' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x540, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HasQuantumReq' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HasAffinityReq' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HasPriorityReq' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4f0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x4f8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'QuantumValue' : [ 0x500, ['unsigned long long']],
+    'AffinityMask' : [ 0x508, ['_GROUP_AFFINITY']],
+    'Priority' : [ 0x518, ['long']],
+    'PrimaryUmsContext' : [ 0x520, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x528, ['unsigned long']],
+    'KernelYieldCount' : [ 0x52c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x530, ['unsigned long']],
+    'YieldCount' : [ 0x534, ['unsigned long']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x28, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['long']],
+    'NonPagedFrees' : [ 0x8, ['long']],
+    'NonPagedBytes' : [ 0x10, ['unsigned long long']],
+    'PagedAllocs' : [ 0x18, ['unsigned long']],
+    'PagedFrees' : [ 0x1c, ['unsigned long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MM_SUBSECTION_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_MMSUBSECTION_NODE']],
+    'DepthOfTree' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long long')]],
+    'Unused' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long long')]],
+    'NumberGenericTableElements' : [ 0x28, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='unsigned long long')]],
+    'NodeHint' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x4, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'Padding0' : [ 0x20, ['array', 2, ['unsigned long']]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x100, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleAccounting' : [ 0x20, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'Hypervisor' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower'})]],
+    'PerfHistoryTotal' : [ 0x2c, ['unsigned long']],
+    'ThermalConstraint' : [ 0x30, ['unsigned char']],
+    'PerfHistoryCount' : [ 0x31, ['unsigned char']],
+    'PerfHistorySlot' : [ 0x32, ['unsigned char']],
+    'Reserved' : [ 0x33, ['unsigned char']],
+    'LastSysTime' : [ 0x34, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0x38, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0x40, ['long']],
+    'FFHThrottleStateInfo' : [ 0x48, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x68, ['_KDPC']],
+    'PerfActionMask' : [ 0xa8, ['long']],
+    'IdleCheck' : [ 0xb0, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0xc0, ['_PROC_IDLE_SNAP']],
+    'Domain' : [ 0xd0, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0xd8, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Load' : [ 0xe0, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0xe8, ['pointer64', ['_PROC_HISTORY_ENTRY']]],
+    'Utility' : [ 0xf0, ['unsigned long']],
+    'OverUtilizedHistory' : [ 0xf4, ['unsigned long']],
+    'AffinityCount' : [ 0xf8, ['unsigned long']],
+    'AffinityHistory' : [ 0xfc, ['unsigned long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMPFNENTRY' : [ 0x2, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Priority' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Rom' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'KernelStack' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEGMENT_OBJECT' : [ 0x40, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['_LARGE_INTEGER']],
+    'NonExtendedPtes' : [ 0x18, ['unsigned long']],
+    'ImageCommitment' : [ 0x1c, ['unsigned long']],
+    'ControlArea' : [ 0x20, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x28, ['pointer64', ['_SUBSECTION']]],
+    'MmSectionFlags' : [ 0x30, ['pointer64', ['_MMSECTION_FLAGS']]],
+    'MmSubSectionFlags' : [ 0x38, ['pointer64', ['_MMSUBSECTION_FLAGS']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'ModwriterAttached' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'TrimHard' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'MemoryPriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Available' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderReserve', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x2c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'BucketLimits' : [ 0x18, ['array', 16, ['unsigned long long']]],
+    'State' : [ 0x98, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_TEB64' : [ 0x1818, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'SystemReserved1' : [ 0x110, ['array', 54, ['unsigned long long']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'SpareBytes' : [ 0x2d0, ['array', 24, ['unsigned char']]],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'EtwLocalData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'SoftPatchPtr1' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'SpareUlong0' : [ 0x180c, ['unsigned long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xa0, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ActivityCounter' : [ 0x90, ['unsigned long']],
+    'PreviousActivityCounter' : [ 0x94, ['unsigned long']],
+    'WorkerTrimRequests' : [ 0x98, ['unsigned long']],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0x110, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'TimerApc' : [ 0x40, ['_KAPC']],
+    'TimerDpc' : [ 0x98, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Lock' : [ 0xe8, ['unsigned long long']],
+    'Period' : [ 0xf0, ['long']],
+    'ApcAssociated' : [ 0xf4, ['unsigned char']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_POOL_BLOCK_HEAD' : [ 0x20, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'List' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1ebb' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_1ebb']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x698, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['unsigned short']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x120, ['unsigned char']],
+    'TransactionEvent' : [ 0x128, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x130, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x138, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x140, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x148, ['pointer64', ['void']]],
+    'PdoDescriptionString' : [ 0x150, ['array', 336, ['wchar']]],
+    'PdoSymbolicNameString' : [ 0x3f0, ['array', 672, ['unsigned char']]],
+    'PdoAddressString' : [ 0x690, ['array', 1, ['wchar']]],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '__unnamed_1f14' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1f16' : [ 0x8, {
+    'Last' : [ 0x0, ['unsigned long']],
+    'u' : [ 0x4, ['__unnamed_1f14']],
+} ],
+  '__unnamed_1f18' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_1f14']],
+} ],
+  '__unnamed_1f1a' : [ 0x8, {
+    'OldCell' : [ 0x0, ['__unnamed_1f16']],
+    'NewCell' : [ 0x0, ['__unnamed_1f18']],
+} ],
+  '_HCELL' : [ 0xc, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_1f1a']],
+} ],
+  '_HMAP_TABLE' : [ 0x4000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x30, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'PercentageCap' : [ 0x10, ['unsigned long']],
+    'ThermalCap' : [ 0x14, ['unsigned long']],
+    'TargetFrequency' : [ 0x18, ['unsigned long']],
+    'AcumulatedFullFrequency' : [ 0x1c, ['unsigned long']],
+    'AcumulatedZeroFrequency' : [ 0x20, ['unsigned long']],
+    'FrequencyHistoryTotal' : [ 0x24, ['unsigned long']],
+    'AverageFrequency' : [ 0x28, ['unsigned long']],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'Pad0' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_1f2f' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1f33' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_1f35' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1f37' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_1f39' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1f3b' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1f3d' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1f3f' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1f41' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1f43' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_1f2f']],
+    'Memory' : [ 0x0, ['__unnamed_1f2f']],
+    'Interrupt' : [ 0x0, ['__unnamed_1f33']],
+    'Dma' : [ 0x0, ['__unnamed_1f35']],
+    'Generic' : [ 0x0, ['__unnamed_1f2f']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_1f37']],
+    'BusNumber' : [ 0x0, ['__unnamed_1f39']],
+    'ConfigData' : [ 0x0, ['__unnamed_1f3b']],
+    'Memory40' : [ 0x0, ['__unnamed_1f3d']],
+    'Memory48' : [ 0x0, ['__unnamed_1f3f']],
+    'Memory64' : [ 0x0, ['__unnamed_1f41']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_1f43']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x1e8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'State' : [ 0x10, ['unsigned char']],
+    'Flags' : [ 0x11, ['unsigned char']],
+    'Mode' : [ 0x12, ['unsigned char']],
+    'PendingMode' : [ 0x13, ['unsigned char']],
+    'ActivePoint' : [ 0x14, ['unsigned char']],
+    'PendingActivePoint' : [ 0x15, ['unsigned char']],
+    'Throttle' : [ 0x18, ['long']],
+    'LastTime' : [ 0x20, ['unsigned long long']],
+    'SampleRate' : [ 0x28, ['unsigned long']],
+    'LastTemp' : [ 0x2c, ['unsigned long']],
+    'PassiveTimer' : [ 0x30, ['_KTIMER']],
+    'PassiveDpc' : [ 0x70, ['_KDPC']],
+    'OverThrottled' : [ 0xb0, ['_POP_ACTION_TRIGGER']],
+    'Irp' : [ 0xc8, ['pointer64', ['_IRP']]],
+    'Info' : [ 0xd0, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0x148, ['_LARGE_INTEGER']],
+    'Metrics' : [ 0x150, ['_POP_THERMAL_ZONE_METRICS']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_POP_THERMAL_ZONE_METRICS' : [ 0x98, {
+    'MetricsResource' : [ 0x0, ['_ERESOURCE']],
+    'ActiveCount' : [ 0x68, ['unsigned long']],
+    'PassiveCount' : [ 0x6c, ['unsigned long']],
+    'LastActiveStartTick' : [ 0x70, ['_LARGE_INTEGER']],
+    'AverageActiveTime' : [ 0x78, ['_LARGE_INTEGER']],
+    'LastPassiveStartTick' : [ 0x80, ['_LARGE_INTEGER']],
+    'AveragePassiveTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'StartTickSinceLastReset' : [ 0x90, ['_LARGE_INTEGER']],
+} ],
+  '_CM_TRANS' : [ 0xa8, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KtmTrans' : [ 0x30, ['pointer64', ['void']]],
+    'CmRm' : [ 0x38, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x40, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x48, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x50, ['_GUID']],
+    'StartLsn' : [ 0x60, ['unsigned long long']],
+    'TransState' : [ 0x68, ['unsigned long']],
+    'HiveCount' : [ 0x6c, ['unsigned long']],
+    'HiveArray' : [ 0x70, ['array', 7, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '_POOL_HACKER' : [ 0x30, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'Contents' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1c, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1b, ['unsigned char']],
+} ],
+  '__unnamed_1f80' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1f82' : [ 0x18, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_1f80']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x30, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'u1' : [ 0x10, ['__unnamed_1f82']],
+    'VerifiedData' : [ 0x28, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '__unnamed_1f8a' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f8c' : [ 0x2, {
+    'DeviceIds' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f8e' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f90' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceIds' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f92' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1f94' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1f96' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f98' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_1f9a' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f9c' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_1f9e' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_1f8a']],
+    'TargetDevice' : [ 0x0, ['__unnamed_1f8c']],
+    'InstallDevice' : [ 0x0, ['__unnamed_1f8e']],
+    'CustomNotification' : [ 0x0, ['__unnamed_1f90']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_1f92']],
+    'PowerNotification' : [ 0x0, ['__unnamed_1f94']],
+    'VetoNotification' : [ 0x0, ['__unnamed_1f96']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_1f98']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_1f9a']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_1f9c']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_1f8e']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_1f9e']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '_PS_CPU_QUOTA_BLOCK' : [ 0x4080, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'CpuShareWeight' : [ 0x14, ['unsigned long']],
+    'CapturedWeightData' : [ 0x18, ['_PSP_CPU_SHARE_CAPTURED_WEIGHT_DATA']],
+    'DuplicateInputMarker' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x20, ['long']],
+    'BlockCurrentGenerationLock' : [ 0x0, ['unsigned long long']],
+    'CyclesAccumulated' : [ 0x8, ['unsigned long long']],
+    'CycleCredit' : [ 0x40, ['unsigned long long']],
+    'BlockCurrentGeneration' : [ 0x48, ['unsigned long']],
+    'CpuCyclePercent' : [ 0x4c, ['unsigned long']],
+    'CyclesFinishedForCurrentGeneration' : [ 0x50, ['unsigned char']],
+    'Cpu' : [ 0x80, ['array', 256, ['_PS_PER_CPU_QUOTA_CACHE_AWARE']]],
+} ],
+  '__unnamed_1fbc' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_1fbc']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x8, ['unsigned long long']],
+    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x70, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1fef' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'PtesInSubsection' : [ 0x18, ['unsigned long']],
+    'UnusedPtes' : [ 0x20, ['unsigned long']],
+    'GlobalPerSessionHead' : [ 0x20, ['pointer64', ['_MM_AVL_TABLE']]],
+    'u' : [ 0x28, ['__unnamed_1fef']],
+    'StartingSector' : [ 0x2c, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x30, ['unsigned long']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5b0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xe0, ['_CONTEXT']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PS_PER_CPU_QUOTA_CACHE_AWARE' : [ 0x40, {
+    'SortedListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'IdleOnlyListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CycleBaseAllowance' : [ 0x20, ['unsigned long long']],
+    'CyclesRemaining' : [ 0x28, ['long long']],
+    'CurrentGeneration' : [ 0x30, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+}
diff --git a/volatility/plugins/overlays/windows/win7_sp1_x86_24000_vtypes.py b/volatility/plugins/overlays/windows/win7_sp1_x86_24000_vtypes.py
new file mode 100644
index 000000000..ae1baedb9
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win7_sp1_x86_24000_vtypes.py
@@ -0,0 +1,8880 @@
+ntosx86_types = {
+  '__unnamed_2000' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2002' : [ 0xc, {
+    'Generic' : [ 0x0, ['__unnamed_1fee']],
+    'Port' : [ 0x0, ['__unnamed_1fee']],
+    'Interrupt' : [ 0x0, ['__unnamed_1ff0']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_1ff4']],
+    'Memory' : [ 0x0, ['__unnamed_1fee']],
+    'Dma' : [ 0x0, ['__unnamed_1ff6']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_1ed7']],
+    'BusNumber' : [ 0x0, ['__unnamed_1ff8']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_1ffa']],
+    'Memory40' : [ 0x0, ['__unnamed_1ffc']],
+    'Memory48' : [ 0x0, ['__unnamed_1ffe']],
+    'Memory64' : [ 0x0, ['__unnamed_2000']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2002']],
+} ],
+  '__unnamed_2007' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_2007']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x4, {
+    'ReserveDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_2011' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x54, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x4, ['__unnamed_2011']],
+} ],
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x34, {
+    'Parent' : [ 0x0, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x4, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x8, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0xc, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x30, ['pointer', ['void']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_201b' : [ 0x4, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long')]],
+    'Parent' : [ 0x0, ['pointer', ['_MMSUBSECTION_NODE']]],
+} ],
+  '_MMSUBSECTION_NODE' : [ 0x18, {
+    'u' : [ 0x0, ['__unnamed_1f8e']],
+    'StartingSector' : [ 0x4, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0xc, ['__unnamed_201b']],
+    'LeftChild' : [ 0x10, ['pointer', ['_MMSUBSECTION_NODE']]],
+    'RightChild' : [ 0x14, ['pointer', ['_MMSUBSECTION_NODE']]],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x8, {
+    'p' : [ 0x0, ['pointer', ['void']]],
+    'RangeSize' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2023' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2025' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2023']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x40, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceIdleNormal', 1: 'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'Volume' : [ 0x30, ['_LIST_ENTRY']],
+    'Specific' : [ 0x38, ['__unnamed_2025']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x38, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0xc, ['pointer', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x10, ['pointer', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x14, ['pointer', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x18, ['pointer', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x1c, ['pointer', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x20, ['pointer', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x24, ['pointer', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x28, ['pointer', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x2c, ['pointer', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x30, ['pointer', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_KENLISTMENT' : [ 0x168, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x4, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x18, ['_GUID']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NextSameTx' : [ 0x48, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x50, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x58, ['pointer', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0x5c, ['pointer', ['_KTRANSACTION']]],
+    'State' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+    'Flags' : [ 0x64, ['unsigned long']],
+    'NotificationMask' : [ 0x68, ['unsigned long']],
+    'Key' : [ 0x6c, ['pointer', ['void']]],
+    'KeyRefCount' : [ 0x70, ['unsigned long']],
+    'RecoveryInformation' : [ 0x74, ['pointer', ['void']]],
+    'RecoveryInformationLength' : [ 0x78, ['unsigned long']],
+    'DynamicNameInformation' : [ 0x7c, ['pointer', ['void']]],
+    'DynamicNameInformationLength' : [ 0x80, ['unsigned long']],
+    'FinalNotification' : [ 0x84, ['pointer', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0x88, ['pointer', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0x8c, ['pointer', ['void']]],
+    'SubordinateTxHandle' : [ 0x90, ['pointer', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x94, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0xa4, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0xb4, ['_GUID']],
+    'NextHistory' : [ 0xc4, ['unsigned long']],
+    'History' : [ 0xc8, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ArbiterHandler' : [ 0x10, ['pointer', ['void']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_KAPC_STATE' : [ 0x18, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x10, ['pointer', ['_KPROCESS']]],
+    'KernelApcInProgress' : [ 0x14, ['unsigned char']],
+    'KernelApcPending' : [ 0x15, ['unsigned char']],
+    'UserApcPending' : [ 0x16, ['unsigned char']],
+} ],
+  '_IA64_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x4, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x300, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x80, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x88, ['unsigned long']],
+    'LastCallbackId' : [ 0x8c, ['unsigned long']],
+    'PostCount' : [ 0x100, ['unsigned long']],
+    'ReturnCount' : [ 0x180, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x200, ['unsigned long']],
+    'UserLock' : [ 0x280, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x288, ['unsigned long long']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_DEVICE_MAP' : [ 0x34, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x4, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x8, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DriveMap' : [ 0x10, ['unsigned long']],
+    'DriveType' : [ 0x14, ['array', 32, ['unsigned char']]],
+} ],
+  '_HEAP_DEBUGGING_INFORMATION' : [ 0x1c, {
+    'InterceptorFunction' : [ 0x0, ['pointer', ['void']]],
+    'InterceptorValue' : [ 0x4, ['unsigned short']],
+    'ExtendedOptions' : [ 0x8, ['unsigned long']],
+    'StackTraceDepth' : [ 0xc, ['unsigned long']],
+    'MinTotalBlockSize' : [ 0x10, ['unsigned long']],
+    'MaxTotalBlockSize' : [ 0x14, ['unsigned long']],
+    'HeapLeakEnumerationRoutine' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MMBANKED_SECTION' : [ 0x28, {
+    'BasePhysicalPage' : [ 0x0, ['unsigned long']],
+    'BasedPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'BankSize' : [ 0x8, ['unsigned long']],
+    'BankShift' : [ 0xc, ['unsigned long']],
+    'BankedRoutine' : [ 0x10, ['pointer', ['void']]],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'CurrentMappedPte' : [ 0x18, ['pointer', ['_MMPTE']]],
+    'BankTemplate' : [ 0x20, ['array', 1, ['_MMPTE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['array', 7, ['unsigned long long']]],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x20, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x8, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x10, ['unsigned long']],
+    'ReserveSize' : [ 0x14, ['unsigned long']],
+    'BusyBlock' : [ 0x18, ['_HEAP_ENTRY']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'Context' : [ 0xc, ['pointer', ['void']]],
+    'CompletionState' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x14, ['unsigned long']],
+    'Status' : [ 0x18, ['long']],
+    'Information' : [ 0x1c, ['pointer', ['void']]],
+    'WorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'FailingDriver' : [ 0x30, ['pointer', ['_DRIVER_OBJECT']]],
+    'ReferenceCount' : [ 0x34, ['long']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x28, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DeviceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'DeviceContext' : [ 0x14, ['pointer', ['void']]],
+    'NumberOfMapRegisters' : [ 0x18, ['unsigned long']],
+    'DeviceObject' : [ 0x1c, ['pointer', ['void']]],
+    'CurrentIrp' : [ 0x20, ['pointer', ['void']]],
+    'BufferChainingDpc' : [ 0x24, ['pointer', ['_KDPC']]],
+} ],
+  '_SECTION_OBJECT' : [ 0x18, {
+    'StartingVa' : [ 0x0, ['pointer', ['void']]],
+    'EndingVa' : [ 0x4, ['pointer', ['void']]],
+    'Parent' : [ 0x8, ['pointer', ['void']]],
+    'LeftChild' : [ 0xc, ['pointer', ['void']]],
+    'RightChild' : [ 0x10, ['pointer', ['void']]],
+    'Segment' : [ 0x14, ['pointer', ['_SEGMENT_OBJECT']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x10, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x4, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0xc, ['unsigned short']],
+    'Name' : [ 0xe, ['array', 1, ['wchar']]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x48, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_20a3' : [ 0x4, {
+    'AsULONG' : [ 0x0, ['unsigned long']],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_PERF_STATES' : [ 0x80, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxFrequency' : [ 0x4, ['unsigned long']],
+    'PStateCap' : [ 0x8, ['unsigned long']],
+    'TStateCap' : [ 0xc, ['unsigned long']],
+    'MaxPerfState' : [ 0x10, ['unsigned long']],
+    'MinPerfState' : [ 0x14, ['unsigned long']],
+    'LowestPState' : [ 0x18, ['unsigned long']],
+    'IncreaseTime' : [ 0x1c, ['unsigned long']],
+    'DecreaseTime' : [ 0x20, ['unsigned long']],
+    'BusyAdjThreshold' : [ 0x24, ['unsigned char']],
+    'Reserved' : [ 0x25, ['unsigned char']],
+    'ThrottleStatesOnly' : [ 0x26, ['unsigned char']],
+    'PolicyType' : [ 0x27, ['unsigned char']],
+    'TimerInterval' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['__unnamed_20a3']],
+    'TargetProcessors' : [ 0x30, ['_KAFFINITY_EX']],
+    'PStateHandler' : [ 0x3c, ['pointer', ['void']]],
+    'PStateContext' : [ 0x40, ['unsigned long']],
+    'TStateHandler' : [ 0x44, ['pointer', ['void']]],
+    'TStateContext' : [ 0x48, ['unsigned long']],
+    'FeedbackHandler' : [ 0x4c, ['pointer', ['void']]],
+    'GetFFHThrottleState' : [ 0x50, ['pointer', ['void']]],
+    'State' : [ 0x58, ['array', 1, ['_PPM_PERF_STATE']]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x30, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x1c, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x20, ['unsigned long']],
+    'Counters' : [ 0x24, ['array', 2, ['unsigned long']]],
+} ],
+  '_WMI_TRACE_PACKET' : [ 0x4, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HookId' : [ 0x2, ['unsigned short']],
+    'Type' : [ 0x2, ['unsigned char']],
+    'Group' : [ 0x3, ['unsigned char']],
+} ],
+  '_KTIMER' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x10, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x20, ['pointer', ['_KDPC']]],
+    'Period' : [ 0x24, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x44, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CriticalSection' : [ 0x4, ['_RTL_CRITICAL_SECTION']],
+    'RtlHandleTable' : [ 0x1c, ['_RTL_HANDLE_TABLE']],
+    'NumberOfBuckets' : [ 0x3c, ['unsigned long']],
+    'Buckets' : [ 0x40, ['array', 1, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POP_POWER_ACTION' : [ 0xb0, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x34, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x38, ['pointer', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x40, ['unsigned long long']],
+    'SleepTime' : [ 0x48, ['unsigned long long']],
+    'ProgrammedRTCTime' : [ 0x50, ['unsigned long long']],
+    'WakeOnRTC' : [ 0x58, ['unsigned char']],
+    'WakeTimerInfo' : [ 0x5c, ['pointer', ['_DIAGNOSTIC_BUFFER']]],
+    'FilteredCapabilities' : [ 0x60, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x8, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x10, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x1c, ['unsigned char']],
+    'DeviceObject' : [ 0x20, ['pointer', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x24, ['pointer', ['unsigned short']]],
+    'DriverName' : [ 0x28, ['pointer', ['unsigned short']]],
+    'ChildCount' : [ 0x2c, ['unsigned long']],
+    'ActiveChild' : [ 0x30, ['unsigned long']],
+    'ParentCount' : [ 0x34, ['unsigned long']],
+    'ActiveParent' : [ 0x38, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x4, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x24, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x10, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x228, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTransitions' : [ 0x8, ['unsigned long']],
+    'FailedTransitions' : [ 0xc, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x10, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'IdleTimeBuckets' : [ 0x28, ['array', 16, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x4, {
+    'PageHashes' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_20e6' : [ 0x4, {
+    'Level' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_20e8' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x10, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PolicyDeviceSystemButton', 1: 'PolicyDeviceThermalZone', 2: 'PolicyDeviceBattery', 3: 'PolicyDeviceMemory', 4: 'PolicyInitiatePowerActionAPI', 5: 'PolicySetPowerStateAPI', 6: 'PolicyImmediateDozeS4', 7: 'PolicySystemIdle', 8: 'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0xc, ['__unnamed_20e6']],
+    'Button' : [ 0xc, ['__unnamed_20e8']],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KEnlistmentUninitialized', 256: 'KEnlistmentActive', 258: 'KEnlistmentPrepared', 259: 'KEnlistmentInDoubt', 260: 'KEnlistmentCommitted', 261: 'KEnlistmentCommittedNotify', 262: 'KEnlistmentCommitRequested', 257: 'KEnlistmentPreparing', 264: 'KEnlistmentDelegated', 265: 'KEnlistmentDelegatedDisconnected', 266: 'KEnlistmentPrePreparing', 263: 'KEnlistmentAborted', 268: 'KEnlistmentRecovering', 269: 'KEnlistmentAborting', 270: 'KEnlistmentReadOnly', 271: 'KEnlistmentOutcomeUnavailable', 272: 'KEnlistmentOffline', 273: 'KEnlistmentPrePrepared', 274: 'KEnlistmentInitialized', 267: 'KEnlistmentForgotten'})]],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0x70, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x4, ['pointer', ['void']]],
+    'FastIoRead' : [ 0x8, ['pointer', ['void']]],
+    'FastIoWrite' : [ 0xc, ['pointer', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x10, ['pointer', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x14, ['pointer', ['void']]],
+    'FastIoLock' : [ 0x18, ['pointer', ['void']]],
+    'FastIoUnlockSingle' : [ 0x1c, ['pointer', ['void']]],
+    'FastIoUnlockAll' : [ 0x20, ['pointer', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x24, ['pointer', ['void']]],
+    'FastIoDeviceControl' : [ 0x28, ['pointer', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x2c, ['pointer', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x30, ['pointer', ['void']]],
+    'FastIoDetachDevice' : [ 0x34, ['pointer', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x38, ['pointer', ['void']]],
+    'AcquireForModWrite' : [ 0x3c, ['pointer', ['void']]],
+    'MdlRead' : [ 0x40, ['pointer', ['void']]],
+    'MdlReadComplete' : [ 0x44, ['pointer', ['void']]],
+    'PrepareMdlWrite' : [ 0x48, ['pointer', ['void']]],
+    'MdlWriteComplete' : [ 0x4c, ['pointer', ['void']]],
+    'FastIoReadCompressed' : [ 0x50, ['pointer', ['void']]],
+    'FastIoWriteCompressed' : [ 0x54, ['pointer', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0x58, ['pointer', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0x5c, ['pointer', ['void']]],
+    'FastIoQueryOpen' : [ 0x60, ['pointer', ['void']]],
+    'ReleaseForModWrite' : [ 0x64, ['pointer', ['void']]],
+    'AcquireForCcFlush' : [ 0x68, ['pointer', ['void']]],
+    'ReleaseForCcFlush' : [ 0x6c, ['pointer', ['void']]],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0xc, {
+    'ChainLink' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0xe8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x14, ['pointer', ['void']]],
+    'EmInfFileSize' : [ 0x18, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x1c, ['pointer', ['void']]],
+    'LoaderPagesSpanned' : [ 0x20, ['unsigned long']],
+    'HeadlessLoaderBlock' : [ 0x24, ['pointer', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x28, ['pointer', ['_SMBIOS_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x2c, ['pointer', ['void']]],
+    'DrvDBSize' : [ 0x30, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x34, ['pointer', ['_NETWORK_LOADER_BLOCK']]],
+    'HalpIRQLToTPR' : [ 0x38, ['pointer', ['unsigned char']]],
+    'HalpVectorToIRQL' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'FirmwareDescriptorListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x48, ['pointer', ['void']]],
+    'AcpiTableSize' : [ 0x4c, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'FeatureSettings' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 9, native_type='unsigned long')]],
+    'Reserved' : [ 0x50, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x54, ['pointer', ['_LOADER_PERFORMANCE_DATA']]],
+    'BootApplicationPersistentData' : [ 0x58, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0x60, ['pointer', ['void']]],
+    'BootIdentifier' : [ 0x64, ['_GUID']],
+    'ResumePages' : [ 0x74, ['unsigned long']],
+    'DumpHeader' : [ 0x78, ['pointer', ['void']]],
+    'BgContext' : [ 0x7c, ['pointer', ['void']]],
+    'NumaLocalityInfo' : [ 0x80, ['pointer', ['void']]],
+    'NumaGroupAssignment' : [ 0x84, ['pointer', ['void']]],
+    'AttachedHives' : [ 0x88, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0x90, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0x94, ['pointer', ['void']]],
+    'TpmBootEntropyResult' : [ 0x98, ['_TPM_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0xe0, ['unsigned long long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x38, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x8, ['unsigned char']],
+    'ArbiterInterface' : [ 0xc, ['pointer', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x10, ['pointer', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x1c, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x24, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x2c, ['_LIST_ENTRY']],
+    'State' : [ 0x34, ['unsigned char']],
+    'ResourcesChanged' : [ 0x35, ['unsigned char']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Group' : [ 0x8, ['pointer', ['void']]],
+    'Sacl' : [ 0xc, ['pointer', ['_ACL']]],
+    'Dacl' : [ 0x10, ['pointer', ['_ACL']]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x298, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer', ['void']]],
+    'ConsoleFlags' : [ 0x14, ['unsigned long']],
+    'StandardInput' : [ 0x18, ['pointer', ['void']]],
+    'StandardOutput' : [ 0x1c, ['pointer', ['void']]],
+    'StandardError' : [ 0x20, ['pointer', ['void']]],
+    'CurrentDirectory' : [ 0x24, ['_CURDIR']],
+    'DllPath' : [ 0x30, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x38, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x40, ['_UNICODE_STRING']],
+    'Environment' : [ 0x48, ['pointer', ['void']]],
+    'StartingX' : [ 0x4c, ['unsigned long']],
+    'StartingY' : [ 0x50, ['unsigned long']],
+    'CountX' : [ 0x54, ['unsigned long']],
+    'CountY' : [ 0x58, ['unsigned long']],
+    'CountCharsX' : [ 0x5c, ['unsigned long']],
+    'CountCharsY' : [ 0x60, ['unsigned long']],
+    'FillAttribute' : [ 0x64, ['unsigned long']],
+    'WindowFlags' : [ 0x68, ['unsigned long']],
+    'ShowWindowFlags' : [ 0x6c, ['unsigned long']],
+    'WindowTitle' : [ 0x70, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0x78, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0x80, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0x88, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0x90, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x290, ['unsigned long']],
+    'EnvironmentVersion' : [ 0x294, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x8, {
+    'BasePage' : [ 0x0, ['unsigned long']],
+    'PageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ALPC_MESSAGE_ZONE' : [ 0x18, {
+    'Mdl' : [ 0x0, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x4, ['pointer', ['void']]],
+    'UserLimit' : [ 0x8, ['pointer', ['void']]],
+    'SystemVa' : [ 0xc, ['pointer', ['void']]],
+    'SystemLimit' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x14, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x10, ['unsigned char']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x10, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x4, ['pointer', ['void']]],
+    'AcquireForReadAhead' : [ 0x8, ['pointer', ['void']]],
+    'ReleaseFromReadAhead' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_PROC_HISTORY_ENTRY' : [ 0x4, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'Frequency' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_RTL_RANGE' : [ 0x20, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer', ['void']]],
+    'Owner' : [ 0x14, ['pointer', ['void']]],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'Flags' : [ 0x19, ['unsigned char']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_POOL_HEADER' : [ 0x8, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'AllocatorBackTraceIndex' : [ 0x4, ['unsigned short']],
+    'PoolTagHash' : [ 0x6, ['unsigned short']],
+} ],
+  '_ETW_PROVIDER_TABLE_ENTRY' : [ 0x10, {
+    'RefCount' : [ 0x0, ['long']],
+    'State' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'EtwProviderStateFree', 1: 'EtwProviderStateTransition', 2: 'EtwProviderStateActive', 3: 'EtwProviderStateMax'})]],
+    'RegEntry' : [ 0x8, ['pointer', ['_ETW_REG_ENTRY']]],
+    'Caller' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x4, {
+    'ImageFileName' : [ 0x0, ['pointer', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x8, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x4, ['unsigned long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x40, {
+    'Address' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0xc, ['array', 13, ['pointer', ['void']]]],
+} ],
+  '__unnamed_217c' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x2040, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_217c']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'LastProcessSwappedOutTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long']],
+    'NonPagablePages' : [ 0x24, ['unsigned long']],
+    'CommittedPages' : [ 0x28, ['unsigned long']],
+    'PagedPoolStart' : [ 0x2c, ['pointer', ['void']]],
+    'PagedPoolEnd' : [ 0x30, ['pointer', ['void']]],
+    'SessionObject' : [ 0x34, ['pointer', ['void']]],
+    'SessionObjectHandle' : [ 0x38, ['pointer', ['void']]],
+    'ResidentProcessCount' : [ 0x3c, ['long']],
+    'SessionPoolAllocationFailures' : [ 0x40, ['array', 4, ['unsigned long']]],
+    'ImageList' : [ 0x50, ['_LIST_ENTRY']],
+    'LocaleId' : [ 0x58, ['unsigned long']],
+    'AttachCount' : [ 0x5c, ['unsigned long']],
+    'AttachGate' : [ 0x60, ['_KGATE']],
+    'WsListEntry' : [ 0x70, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0x80, ['array', 25, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xd00, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xd38, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xd70, ['_MMSUPPORT']],
+    'Wsle' : [ 0xddc, ['pointer', ['_MMWSLE']]],
+    'DriverUnload' : [ 0xde0, ['pointer', ['void']]],
+    'PagedPool' : [ 0xe00, ['_POOL_DESCRIPTOR']],
+    'PageTables' : [ 0x1f40, ['pointer', ['_MMPTE']]],
+    'SpecialPool' : [ 0x1f48, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1f80, ['_KGUARDED_MUTEX']],
+    'PoolBigEntriesInUse' : [ 0x1fa0, ['long']],
+    'PagedPoolPdeCount' : [ 0x1fa4, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1fa8, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1fac, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1fb0, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1fe0, ['pointer', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1fe4, ['unsigned long']],
+    'PoolTrackBigPages' : [ 0x1fe8, ['pointer', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1fec, ['unsigned long']],
+    'IoState' : [ 0x1ff0, ['Enumeration', dict(target = 'long', choices = {1: 'IoSessionStateCreated', 2: 'IoSessionStateInitialized', 3: 'IoSessionStateConnected', 4: 'IoSessionStateDisconnected', 5: 'IoSessionStateDisconnectedLoggedOn', 6: 'IoSessionStateLoggedOn', 7: 'IoSessionStateLoggedOff', 8: 'IoSessionStateTerminated', 9: 'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1ff4, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1ff8, ['_KEVENT']],
+    'CreateTime' : [ 0x2008, ['unsigned long long']],
+    'SessionPoolPdes' : [ 0x2010, ['_RTL_BITMAP']],
+    'CpuQuotaBlock' : [ 0x2018, ['pointer', ['_PS_CPU_QUOTA_BLOCK']]],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x8, {
+    'Process' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'HandleCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CLIENT_ID' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['pointer', ['void']]],
+    'UniqueThread' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0x80, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'VfDeadlockUnknown', 1: 'VfDeadlockMutex', 2: 'VfDeadlockMutexAbandoned', 3: 'VfDeadlockFastMutex', 4: 'VfDeadlockFastMutexUnsafe', 5: 'VfDeadlockSpinLock', 6: 'VfDeadlockInStackQueuedSpinLock', 7: 'VfDeadlockUnusedSpinLock', 8: 'VfDeadlockEresource', 9: 'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer', ['void']]],
+    'ThreadOwner' : [ 0xc, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x20, ['array', 8, ['pointer', ['void']]]],
+    'LastAcquireTrace' : [ 0x40, ['array', 8, ['pointer', ['void']]]],
+    'LastReleaseTrace' : [ 0x60, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Rom' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SetMappedFileIoComplete' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CollidedFlush' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x3c, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0xc, ['pointer', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x10, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x11, ['unsigned char']],
+    'ServerIsRemote' : [ 0x12, ['unsigned char']],
+    'ClientTokenControl' : [ 0x14, ['_TOKEN_CONTROL']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x38, {
+    'Mutex' : [ 0x0, ['_KGUARDED_MUTEX']],
+    'PagedPoolAllocationMap' : [ 0x20, ['_RTL_BITMAP']],
+    'FirstPteForPagedPool' : [ 0x28, ['pointer', ['_MMPTE']]],
+    'PagedPoolHint' : [ 0x2c, ['unsigned long']],
+    'PagedPoolCommit' : [ 0x30, ['unsigned long']],
+    'AllocatedPagedPool' : [ 0x34, ['unsigned long']],
+} ],
+  '_BITMAP_RANGE' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x8, ['long long']],
+    'FirstDirtyPage' : [ 0x10, ['unsigned long']],
+    'LastDirtyPage' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'Bitmap' : [ 0x1c, ['pointer', ['unsigned long']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x10, {
+    'SecurityQos' : [ 0x0, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x4, ['pointer', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x8, ['unsigned long']],
+    'FullCreateOptions' : [ 0xc, ['unsigned long']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x78, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x8, ['pointer', ['_KPRCB']]],
+    'Members' : [ 0xc, ['_KAFFINITY_EX']],
+    'FeedbackHandler' : [ 0x18, ['pointer', ['void']]],
+    'GetFFHThrottleState' : [ 0x1c, ['pointer', ['void']]],
+    'BoostPolicyHandler' : [ 0x20, ['pointer', ['void']]],
+    'PerfSelectionHandler' : [ 0x24, ['pointer', ['void']]],
+    'PerfHandler' : [ 0x28, ['pointer', ['void']]],
+    'Processors' : [ 0x2c, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'PerfChangeTime' : [ 0x30, ['unsigned long long']],
+    'ProcessorCount' : [ 0x38, ['unsigned long']],
+    'PreviousFrequencyMhz' : [ 0x3c, ['unsigned long']],
+    'CurrentFrequencyMhz' : [ 0x40, ['unsigned long']],
+    'PreviousFrequency' : [ 0x44, ['unsigned long']],
+    'CurrentFrequency' : [ 0x48, ['unsigned long']],
+    'CurrentPerfContext' : [ 0x4c, ['unsigned long']],
+    'DesiredFrequency' : [ 0x50, ['unsigned long']],
+    'MaxFrequency' : [ 0x54, ['unsigned long']],
+    'MinPerfPercent' : [ 0x58, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x5c, ['unsigned long']],
+    'MaxPercent' : [ 0x60, ['unsigned long']],
+    'MinPercent' : [ 0x64, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0x68, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0x6c, ['unsigned long']],
+    'Coordination' : [ 0x70, ['unsigned char']],
+    'PerfChangeIntervalCount' : [ 0x74, ['long']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0x50, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Type' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0xa0, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x20, ['array', 128, ['unsigned char']]],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Link' : [ 0x14, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x1c, ['pointer', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_RELATION_LIST' : [ 0x14, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'TagCount' : [ 0x4, ['unsigned long']],
+    'FirstLevel' : [ 0x8, ['unsigned long']],
+    'MaxLevel' : [ 0xc, ['unsigned long']],
+    'Entries' : [ 0x10, ['array', 1, ['pointer', ['_RELATION_LIST_ENTRY']]]],
+} ],
+  '_IO_TIMER' : [ 0x18, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x4, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x38, {
+    'PteBase' : [ 0x0, ['pointer', ['_MMPTE']]],
+    'Lock' : [ 0x4, ['unsigned long']],
+    'Paged' : [ 0x8, ['_MI_SPECIAL_POOL_PTE_LIST']],
+    'NonPaged' : [ 0x18, ['_MI_SPECIAL_POOL_PTE_LIST']],
+    'PagesInUse' : [ 0x28, ['long']],
+    'SpecialPoolPdes' : [ 0x2c, ['_RTL_BITMAP']],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x10, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x4, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x8, ['pointer', ['unsigned long']]],
+    'Conflicts' : [ 0xc, ['pointer', ['pointer', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x10, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x4, ['unsigned long']],
+    'Run' : [ 0x8, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x4c, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x4, ['_KMUTANT']],
+    'Lock' : [ 0x24, ['_KGUARDED_MUTEX']],
+    'List' : [ 0x44, ['_LIST_ENTRY']],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x10, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x8, ['_PO_IRP_QUEUE']],
+} ],
+  '_PPM_PERF_STATE' : [ 0x28, {
+    'Frequency' : [ 0x0, ['unsigned long']],
+    'Power' : [ 0x4, ['unsigned long']],
+    'PercentFrequency' : [ 0x8, ['unsigned char']],
+    'IncreaseLevel' : [ 0x9, ['unsigned char']],
+    'DecreaseLevel' : [ 0xa, ['unsigned char']],
+    'Type' : [ 0xb, ['unsigned char']],
+    'Control' : [ 0x10, ['unsigned long long']],
+    'Status' : [ 0x18, ['unsigned long long']],
+    'TotalHitCount' : [ 0x20, ['unsigned long']],
+    'DesiredCount' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KDPC_DATA' : [ 0x14, {
+    'DpcListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'DpcLock' : [ 0x8, ['unsigned long']],
+    'DpcQueueDepth' : [ 0xc, ['long']],
+    'DpcCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2209' : [ 0x8, {
+    'UserData' : [ 0x0, ['pointer', ['void']]],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_220b' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2209']],
+    'Merged' : [ 0x10, ['__unnamed_220b']],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'PublicFlags' : [ 0x19, ['unsigned char']],
+    'PrivateFlags' : [ 0x1a, ['unsigned short']],
+    'ListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x4, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x8, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '__unnamed_2213' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_2213']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x4, ['_LIST_ENTRY']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_MSUBSECTION' : [ 0x3c, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'NextMappedSubsection' : [ 0x8, ['pointer', ['_MSUBSECTION']]],
+    'PtesInSubsection' : [ 0xc, ['unsigned long']],
+    'UnusedPtes' : [ 0x10, ['unsigned long']],
+    'GlobalPerSessionHead' : [ 0x10, ['pointer', ['_MM_AVL_TABLE']]],
+    'u' : [ 0x14, ['__unnamed_1f8e']],
+    'StartingSector' : [ 0x18, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x1c, ['unsigned long']],
+    'u1' : [ 0x20, ['__unnamed_201b']],
+    'LeftChild' : [ 0x24, ['pointer', ['_MMSUBSECTION_NODE']]],
+    'RightChild' : [ 0x28, ['pointer', ['_MMSUBSECTION_NODE']]],
+    'DereferenceList' : [ 0x2c, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x34, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x38, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x38, {
+    'GetTime' : [ 0x0, ['unsigned long']],
+    'SetTime' : [ 0x4, ['unsigned long']],
+    'GetWakeupTime' : [ 0x8, ['unsigned long']],
+    'SetWakeupTime' : [ 0xc, ['unsigned long']],
+    'SetVirtualAddressMap' : [ 0x10, ['unsigned long']],
+    'ConvertPointer' : [ 0x14, ['unsigned long']],
+    'GetVariable' : [ 0x18, ['unsigned long']],
+    'GetNextVariableName' : [ 0x1c, ['unsigned long']],
+    'SetVariable' : [ 0x20, ['unsigned long']],
+    'GetNextHighMonotonicCount' : [ 0x24, ['unsigned long']],
+    'ResetSystem' : [ 0x28, ['unsigned long']],
+    'UpdateCapsule' : [ 0x2c, ['unsigned long']],
+    'QueryCapsuleCapabilities' : [ 0x30, ['unsigned long']],
+    'QueryVariableInfo' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_SPECIAL_POOL_PTE_LIST' : [ 0x10, {
+    'FreePteHead' : [ 0x0, ['_MMPTE']],
+    'FreePteTail' : [ 0x8, ['_MMPTE']],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'spare2' : [ 0x12, ['array', 3, ['unsigned char']]],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'spare3' : [ 0x16, ['array', 8, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_2229' : [ 0x4, {
+    'ImageCommitment' : [ 0x0, ['unsigned long']],
+    'CreatingProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+} ],
+  '__unnamed_222d' : [ 0x4, {
+    'ImageInformation' : [ 0x0, ['pointer', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x20, ['__unnamed_2229']],
+    'u2' : [ 0x24, ['__unnamed_222d']],
+    'PrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+    'ThePtes' : [ 0x30, ['array', 1, ['_MMPTE']]],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x10, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2236' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2238' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_2236']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x90, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x4, ['pointer', ['void']]],
+    'EtwHandlesListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_2238']],
+    'Signature' : [ 0x14, ['unsigned long']],
+    'PoolPageHeaders' : [ 0x18, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x20, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x28, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x2c, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x30, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x34, ['unsigned long']],
+    'PagedBytes' : [ 0x38, ['unsigned long']],
+    'NonPagedBytes' : [ 0x3c, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x40, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x44, ['unsigned long']],
+    'RaiseIrqls' : [ 0x48, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x4c, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x50, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x54, ['unsigned long']],
+    'AllocationsFailed' : [ 0x58, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x5c, ['unsigned long']],
+    'LockedBytes' : [ 0x60, ['unsigned long']],
+    'PeakLockedBytes' : [ 0x64, ['unsigned long']],
+    'MappedLockedBytes' : [ 0x68, ['unsigned long']],
+    'PeakMappedLockedBytes' : [ 0x6c, ['unsigned long']],
+    'MappedIoSpaceBytes' : [ 0x70, ['unsigned long']],
+    'PeakMappedIoSpaceBytes' : [ 0x74, ['unsigned long']],
+    'PagesForMdlBytes' : [ 0x78, ['unsigned long']],
+    'PeakPagesForMdlBytes' : [ 0x7c, ['unsigned long']],
+    'ContiguousMemoryBytes' : [ 0x80, ['unsigned long']],
+    'PeakContiguousMemoryBytes' : [ 0x84, ['unsigned long']],
+    'ContiguousMemoryListHead' : [ 0x88, ['_LIST_ENTRY']],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x58, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'UlongFlags' : [ 0x0, ['unsigned long']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'ReadAheadSpinLock' : [ 0x48, ['unsigned long']],
+    'PrivateLinks' : [ 0x4c, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x54, ['pointer', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'Spare' : [ 0xc, ['unsigned long']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_TPM_BOOT_ENTROPY_LDR_RESULT' : [ 0x48, {
+    'Policy' : [ 0x0, ['unsigned long long']],
+    'ResultCode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'TpmBootEntropyStructureUninitialized', 1: 'TpmBootEntropyDisabledByPolicy', 2: 'TpmBootEntropyNoTpmFound', 3: 'TpmBootEntropyTpmError', 4: 'TpmBootEntropySuccess'})]],
+    'ResultStatus' : [ 0xc, ['long']],
+    'Time' : [ 0x10, ['unsigned long long']],
+    'EntropyLength' : [ 0x18, ['unsigned long']],
+    'EntropyData' : [ 0x1c, ['array', 40, ['unsigned char']]],
+} ],
+  '_RTL_HANDLE_TABLE' : [ 0x20, {
+    'MaximumNumberOfHandles' : [ 0x0, ['unsigned long']],
+    'SizeOfHandleTableEntry' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['array', 2, ['unsigned long']]],
+    'FreeHandles' : [ 0x10, ['pointer', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'CommittedHandles' : [ 0x14, ['pointer', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'UnCommittedHandles' : [ 0x18, ['pointer', ['_RTL_HANDLE_TABLE_ENTRY']]],
+    'MaxReservedHandles' : [ 0x1c, ['pointer', ['_RTL_HANDLE_TABLE_ENTRY']]],
+} ],
+  '_PTE_TRACKER' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'Count' : [ 0xc, ['unsigned long']],
+    'SystemVa' : [ 0x10, ['pointer', ['void']]],
+    'StartVa' : [ 0x14, ['pointer', ['void']]],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'IoMapping' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x24, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x24, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'Spare' : [ 0x24, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'CallingAddress' : [ 0x28, ['pointer', ['void']]],
+    'CallersCaller' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0xc, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x10, {
+    'BlockAddress' : [ 0x0, ['unsigned long']],
+    'BinAddress' : [ 0x4, ['unsigned long']],
+    'CmView' : [ 0x8, ['pointer', ['_CM_VIEW_OF_FILE']]],
+    'MemAlloc' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x10, {
+    'HashLink' : [ 0x0, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x4, ['unsigned short']],
+    'Atom' : [ 0x6, ['unsigned short']],
+    'ReferenceCount' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'NameLength' : [ 0xb, ['unsigned char']],
+    'Name' : [ 0xc, ['array', 1, ['wchar']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x10, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'AssignResources', 1: 'ClearDeviceProblem', 2: 'ClearProblem', 3: 'ClearEjectProblem', 4: 'HaltDevice', 5: 'QueryPowerRelations', 6: 'Rebalance', 7: 'ReenumerateBootDevices', 8: 'ReenumerateDeviceOnly', 9: 'ReenumerateDeviceTree', 10: 'ReenumerateRootDevices', 11: 'RequeryDeviceState', 12: 'ResetDevice', 13: 'ResourceRequirementsChanged', 14: 'RestartEnumeration', 15: 'SetDeviceProblem', 16: 'StartDevice', 17: 'StartSystemDevicesPass0', 18: 'StartSystemDevicesPass1'})]],
+    'ReorderingBarrier' : [ 0x10, ['unsigned char']],
+    'RequestArgument' : [ 0x14, ['unsigned long']],
+    'CompletionEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x1c, ['pointer', ['long']]],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PMCCounter', 1: 'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMSESSION' : [ 0x38, {
+    'SystemSpaceViewLock' : [ 0x0, ['_KGUARDED_MUTEX']],
+    'SystemSpaceViewLockPointer' : [ 0x20, ['pointer', ['_KGUARDED_MUTEX']]],
+    'SystemSpaceViewTable' : [ 0x24, ['pointer', ['_MMVIEW']]],
+    'SystemSpaceHashSize' : [ 0x28, ['unsigned long']],
+    'SystemSpaceHashEntries' : [ 0x2c, ['unsigned long']],
+    'SystemSpaceHashKey' : [ 0x30, ['unsigned long']],
+    'BitmapFailures' : [ 0x34, ['unsigned long']],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x3c, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x8, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x10, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x14, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'Index' : [ 0x18, ['unsigned short']],
+    'Flags' : [ 0x1a, ['unsigned short']],
+    'EnableMask' : [ 0x1c, ['unsigned char']],
+    'GroupEnableMask' : [ 0x1d, ['unsigned char']],
+    'UseDescriptorType' : [ 0x1e, ['unsigned char']],
+    'SessionId' : [ 0x20, ['unsigned long']],
+    'ReplyQueue' : [ 0x20, ['pointer', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x20, ['array', 4, ['pointer', ['_ETW_REG_ENTRY']]]],
+    'Process' : [ 0x30, ['pointer', ['_EPROCESS']]],
+    'Callback' : [ 0x30, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x34, ['pointer', ['void']]],
+    'Traits' : [ 0x38, ['pointer', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0xa4, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x4, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x8, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x18, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'ServerSectionBase' : [ 0x24, ['pointer', ['void']]],
+    'PortContext' : [ 0x28, ['pointer', ['void']]],
+    'ClientThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x3c, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0x78, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0x80, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MappingProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0x8c, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0x8e, ['unsigned short']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'WaitEvent' : [ 0x94, ['_KEVENT']],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x8, ['unsigned long']],
+    'Alternatives' : [ 0xc, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'WorkSpace' : [ 0x1c, ['long']],
+    'InterfaceType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x24, ['unsigned long']],
+    'BusNumber' : [ 0x28, ['unsigned long']],
+    'Assignment' : [ 0x2c, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x30, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterResultSuccess', 1: 'ArbiterResultExternalConflict', 2: 'ArbiterResultNullRequest', -1: 'ArbiterResultUndefined'})]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'Traits' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1a8, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x14, ['pointer', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x18, ['pointer', ['_KSEMAPHORE']]],
+    'GetNewDeviceList' : [ 0x1c, ['unsigned char']],
+    'Order' : [ 0x20, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x190, ['_LIST_ENTRY']],
+    'Status' : [ 0x198, ['long']],
+    'FailedDevice' : [ 0x19c, ['pointer', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1a0, ['unsigned char']],
+    'Cancelled' : [ 0x1a1, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1a2, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1a3, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1a4, ['unsigned char']],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'ExtraSharedWowSubsections' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WatchProto' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'FloppyMedia' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DefaultProtectionMask' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 22, native_type='unsigned long')]],
+    'Binary32' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ContainsDebug' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'CallerType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'KernelRequester', 1: 'UserProcessRequester', 2: 'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x8, ['unsigned long']],
+    'DevicePathOffset' : [ 0xc, ['unsigned long']],
+    'ReasonOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x3c, {
+    'WorkerQueue' : [ 0x0, ['_KQUEUE']],
+    'DynamicThreadCount' : [ 0x28, ['unsigned long']],
+    'WorkItemsProcessed' : [ 0x2c, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x30, ['unsigned long']],
+    'QueueDepthLastPass' : [ 0x34, ['unsigned long']],
+    'Info' : [ 0x38, ['EX_QUEUE_WORKER_INFO']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x4, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x8, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x14, ['unsigned long']],
+    'PagingCount' : [ 0x18, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x1c, ['unsigned char']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x40, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'IdleCheck' : [ 0xc, ['pointer', ['void']]],
+    'IdleHandler' : [ 0x10, ['pointer', ['void']]],
+    'HvConfig' : [ 0x18, ['unsigned long long']],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Latency' : [ 0x24, ['unsigned long']],
+    'Power' : [ 0x28, ['unsigned long']],
+    'TimeCheck' : [ 0x2c, ['unsigned long']],
+    'StateFlags' : [ 0x30, ['unsigned long']],
+    'PromotePercent' : [ 0x34, ['unsigned char']],
+    'DemotePercent' : [ 0x35, ['unsigned char']],
+    'PromotePercentBase' : [ 0x36, ['unsigned char']],
+    'DemotePercentBase' : [ 0x37, ['unsigned char']],
+    'StateType' : [ 0x38, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x154, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'State' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'KResourceManagerUninitialized', 1: 'KResourceManagerOffline', 2: 'KResourceManagerOnline'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x1c, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x3c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x50, ['_GUID']],
+    'NotificationQueue' : [ 0x60, ['_KQUEUE']],
+    'NotificationMutex' : [ 0x88, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0xa8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xb0, ['unsigned long']],
+    'NotificationRoutine' : [ 0xb4, ['pointer', ['void']]],
+    'Key' : [ 0xb8, ['pointer', ['void']]],
+    'ProtocolListHead' : [ 0xbc, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0xc4, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0xcc, ['_LIST_ENTRY']],
+    'Tm' : [ 0xd4, ['pointer', ['_KTM']]],
+    'Description' : [ 0xd8, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0xe0, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x140, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_22b3' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x40, {
+    'Lock' : [ 0x0, ['long']],
+    'NodeToFree' : [ 0x4, ['pointer', ['void']]],
+    'NodeRangeSize' : [ 0x8, ['unsigned long']],
+    'NodeCount' : [ 0xc, ['unsigned long']],
+    'Tables' : [ 0x10, ['pointer', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_22b3']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATION_LIST_ENTRY' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'Devices' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x40e0, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x14, ['unsigned long']],
+    'ResourceAddressRange' : [ 0x18, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x2010, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x2014, ['unsigned long']],
+    'ThreadAddressRange' : [ 0x2018, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x4010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x4014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x4018, ['unsigned long']],
+    'NodesSearched' : [ 0x401c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x4020, ['unsigned long']],
+    'SequenceNumber' : [ 0x4024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x4028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x402c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x4030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x4034, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x4038, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x403c, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x4040, ['unsigned long']],
+    'TotalReleases' : [ 0x4044, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x4048, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x404c, ['unsigned long']],
+    'Instigator' : [ 0x4050, ['pointer', ['void']]],
+    'NumberOfParticipants' : [ 0x4054, ['unsigned long']],
+    'Participant' : [ 0x4058, ['array', 32, ['pointer', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x40d8, ['long']],
+} ],
+  '_KTM' : [ 0x238, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x4, ['_KMUTANT']],
+    'State' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'KKtmUninitialized', 1: 'KKtmInitialized', 2: 'KKtmRecovering', 3: 'KKtmOnline', 4: 'KKtmRecoveryFailed', 5: 'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x28, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x3c, ['_GUID']],
+    'Flags' : [ 0x4c, ['unsigned long']],
+    'VolatileFlags' : [ 0x50, ['unsigned long']],
+    'LogFileName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x5c, ['pointer', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0x60, ['pointer', ['void']]],
+    'LogManagementContext' : [ 0x64, ['pointer', ['void']]],
+    'Transactions' : [ 0x68, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0xc8, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x128, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x148, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x150, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x158, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x178, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x180, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x188, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x190, ['pointer', ['void']]],
+    'TmRm' : [ 0x194, ['pointer', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x198, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x1b8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x1c0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x1d0, ['_ERESOURCE']],
+    'LogFlags' : [ 0x208, ['unsigned long']],
+    'LogFullStatus' : [ 0x20c, ['long']],
+    'RecoveryStatus' : [ 0x210, ['long']],
+    'LastCheckBaseLsn' : [ 0x218, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x220, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x228, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x24, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SystemClass', 1: 'ProcessorClass', 2: 'CacheClass', 3: 'AdapterClass', 4: 'ControllerClass', 5: 'PeripheralClass', 6: 'MemoryClass', 7: 'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'ArcSystem', 1: 'CentralProcessor', 2: 'FloatingPointProcessor', 3: 'PrimaryIcache', 4: 'PrimaryDcache', 5: 'SecondaryIcache', 6: 'SecondaryDcache', 7: 'SecondaryCache', 8: 'EisaAdapter', 9: 'TcAdapter', 10: 'ScsiAdapter', 11: 'DtiAdapter', 12: 'MultiFunctionAdapter', 13: 'DiskController', 14: 'TapeController', 15: 'CdromController', 16: 'WormController', 17: 'SerialController', 18: 'NetworkController', 19: 'DisplayController', 20: 'ParallelController', 21: 'PointerController', 22: 'KeyboardController', 23: 'AudioController', 24: 'OtherController', 25: 'DiskPeripheral', 26: 'FloppyDiskPeripheral', 27: 'TapePeripheral', 28: 'ModemPeripheral', 29: 'MonitorPeripheral', 30: 'PrinterPeripheral', 31: 'PointerPeripheral', 32: 'KeyboardPeripheral', 33: 'TerminalPeripheral', 34: 'OtherPeripheral', 35: 'LinePeripheral', 36: 'NetworkPeripheral', 37: 'SystemMemory', 38: 'DockingInformation', 39: 'RealModeIrqRoutingTable', 40: 'RealModePCIEnumeration', 41: 'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer', ['unsigned char']]],
+} ],
+  '_VF_BTS_RECORD' : [ 0xc, {
+    'JumpedFrom' : [ 0x0, ['pointer', ['void']]],
+    'JumpedTo' : [ 0x4, ['pointer', ['void']]],
+    'Unused1' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Predicted' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Unused2' : [ 0x8, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KTRANSACTION' : [ 0x1e0, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'Mutex' : [ 0x14, ['_KMUTANT']],
+    'TreeTx' : [ 0x34, ['pointer', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x38, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x4c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0x60, ['_GUID']],
+    'State' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: 'KTransactionUninitialized', 1: 'KTransactionActive', 2: 'KTransactionPreparing', 3: 'KTransactionPrepared', 4: 'KTransactionInDoubt', 5: 'KTransactionCommitted', 6: 'KTransactionAborted', 7: 'KTransactionDelegated', 8: 'KTransactionPrePreparing', 9: 'KTransactionForgotten', 10: 'KTransactionRecovering', 11: 'KTransactionPrePrepared'})]],
+    'Flags' : [ 0x74, ['unsigned long']],
+    'EnlistmentHead' : [ 0x78, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x80, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0x84, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0x88, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0x8c, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0x90, ['unsigned long']],
+    'PendingResponses' : [ 0x94, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0x98, ['pointer', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xa0, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0xb0, ['pointer', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0xb4, ['pointer', ['void']]],
+    'IsolationLevel' : [ 0xb8, ['unsigned long']],
+    'IsolationFlags' : [ 0xbc, ['unsigned long']],
+    'Timeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'Description' : [ 0xc8, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0xd0, ['pointer', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0xd4, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0xe4, ['_KDPC']],
+    'RollbackTimer' : [ 0x108, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x130, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x138, ['Enumeration', dict(target = 'long', choices = {0: 'KTxOutcomeUninitialized', 1: 'KTxOutcomeUndetermined', 2: 'KTxOutcomeCommitted', 3: 'KTxOutcomeAborted', 4: 'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x13c, ['pointer', ['_KTM']]],
+    'CommitReservation' : [ 0x140, ['long long']],
+    'TransactionHistory' : [ 0x148, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x198, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x19c, ['pointer', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x1a0, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x1a4, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x1c4, ['pointer', ['void']]],
+    'PendingPromotionCount' : [ 0x1c8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x1cc, ['_KEVENT']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_UOW' : [ 0x38, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x8, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0xc, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x18, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x1c, ['pointer', ['_CM_TRANS']]],
+    'UoWState' : [ 0x20, ['unsigned long']],
+    'ActionType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'UoWAddThisKey', 1: 'UoWAddChildKey', 2: 'UoWDeleteThisKey', 3: 'UoWDeleteChildKey', 4: 'UoWSetValueNew', 5: 'UoWSetValueExisting', 6: 'UoWDeleteValue', 7: 'UoWSetKeyUserFlags', 8: 'UoWSetLastWriteTime', 9: 'UoWSetSecurityDescriptor', 10: 'UoWRenameSubKey', 11: 'UoWRenameOldSubKey', 12: 'UoWRenameNewSubKey', 13: 'UoWIsolation', 14: 'UoWInvalid'})]],
+    'StorageType' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'Stable', 1: 'Volatile', 2: 'InvalidStorage'})]],
+    'ChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x30, ['unsigned long']],
+    'OldValueCell' : [ 0x30, ['unsigned long']],
+    'NewValueCell' : [ 0x34, ['unsigned long']],
+    'UserFlags' : [ 0x30, ['unsigned long']],
+    'LastWriteTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x30, ['unsigned long']],
+    'OldChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x34, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x34, ['unsigned long']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x320, {
+    'ContextFrame' : [ 0x0, ['_CONTEXT']],
+    'SpecialRegisters' : [ 0x2cc, ['_KSPECIAL_REGISTERS']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'DueTickCount' : [ 0xc, ['unsigned long']],
+    'Inserted' : [ 0x10, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x11, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x12, ['unsigned short']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2303' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2305' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2303']],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2305']],
+} ],
+  '_PSP_CPU_SHARE_CAPTURED_WEIGHT_DATA' : [ 0x8, {
+    'CapturedCpuShareWeight' : [ 0x0, ['unsigned long']],
+    'CapturedTotalWeight' : [ 0x4, ['unsigned long']],
+    'CombinedData' : [ 0x0, ['long long']],
+} ],
+  '_CM_NAME_HASH' : [ 0xc, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'Name' : [ 0xa, ['array', 1, ['wchar']]],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x8, {
+    'CurrentIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'PendingIrpList' : [ 0x4, ['pointer', ['_IRP']]],
+} ],
+  '__unnamed_2318' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0x6c, {
+    'Parent' : [ 0x0, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x4, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0xc, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'Root' : [ 0x1c, ['pointer', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x20, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x24, ['__unnamed_2318']],
+    'ChildrenCount' : [ 0x28, ['long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'ParentStackTrace' : [ 0x4c, ['array', 8, ['pointer', ['void']]]],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0x60, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x38, ['_KMUTANT']],
+    'LinksOffset' : [ 0x58, ['unsigned short']],
+    'GuidOffset' : [ 0x5a, ['unsigned short']],
+    'Expired' : [ 0x5c, ['unsigned char']],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x10, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x4, ['pointer', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x8, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x4, ['pointer', ['_HHIVE']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x8, {
+    'Stream' : [ 0x0, ['pointer', ['void']]],
+    'Detail' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x8, {
+    'Start' : [ 0x0, ['pointer', ['unsigned char']]],
+    'End' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x18, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x18, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x14, ['pointer', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x14, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x8, ['pointer', ['void']]],
+    'Key' : [ 0xc, ['unsigned long']],
+    'BindingProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x204, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'HashTable' : [ 0x4, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x38, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x2c, ['array', 3, ['unsigned long']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x38, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x30, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_HEAP_USERDATA_HEADER' : [ 0x10, {
+    'SFreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'SubSegment' : [ 0x0, ['pointer', ['_HEAP_SUBSEGMENT']]],
+    'Reserved' : [ 0x4, ['pointer', ['void']]],
+    'SizeIndex' : [ 0x8, ['unsigned long']],
+    'Signature' : [ 0xc, ['unsigned long']],
+} ],
+  '_STACK_TABLE' : [ 0x8040, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x4, ['array', 16, ['pointer', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x44, ['array', 16381, ['unsigned short']]],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_DEFERRED_WRITE' : [ 0x24, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x8, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'PostRoutine' : [ 0x18, ['pointer', ['void']]],
+    'Context1' : [ 0x1c, ['pointer', ['void']]],
+    'Context2' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x4, ['pointer', ['_ARBITER_ORDERING']]],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x30, {
+    'TransferAddress' : [ 0x0, ['pointer', ['void']]],
+    'ZeroBits' : [ 0x4, ['unsigned long']],
+    'MaximumStackSize' : [ 0x8, ['unsigned long']],
+    'CommittedStackSize' : [ 0xc, ['unsigned long']],
+    'SubSystemType' : [ 0x10, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x14, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x16, ['unsigned short']],
+    'SubSystemVersion' : [ 0x14, ['unsigned long']],
+    'GpValue' : [ 0x18, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x1c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x1e, ['unsigned short']],
+    'Machine' : [ 0x20, ['unsigned short']],
+    'ImageContainsCode' : [ 0x22, ['unsigned char']],
+    'ImageFlags' : [ 0x23, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x23, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x23, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x23, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x23, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x23, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x24, ['unsigned long']],
+    'ImageFileSize' : [ 0x28, ['unsigned long']],
+    'CheckSum' : [ 0x2c, ['unsigned long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0x3c, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x38, ['pointer', ['_VF_AVL_TREE_NODE']]],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1b, {
+    'PerUserPolicy' : [ 0x0, ['array', 27, ['unsigned char']]],
+} ],
+  '__unnamed_2370' : [ 0x8, {
+    'EndingOffset' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x4, ['pointer', ['pointer', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2372' : [ 0x4, {
+    'ResourceToRelease' : [ 0x0, ['pointer', ['_ERESOURCE']]],
+} ],
+  '__unnamed_2376' : [ 0x8, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'SyncTypeOther', 1: 'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_237a' : [ 0x8, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NotifyTypeCreate', 1: 'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x4, ['unsigned char']],
+} ],
+  '__unnamed_237c' : [ 0x14, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+    'Argument5' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x14, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2370']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2372']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2376']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_237a']],
+    'Others' : [ 0x0, ['__unnamed_237c']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0xa0, {
+    'WriteToFile' : [ 0x0, ['unsigned char']],
+    'ReserveLoaderMemory' : [ 0x1, ['unsigned char']],
+    'ReserveFreeMemory' : [ 0x2, ['unsigned char']],
+    'Reset' : [ 0x3, ['unsigned char']],
+    'HiberFlags' : [ 0x4, ['unsigned char']],
+    'WroteHiberFile' : [ 0x5, ['unsigned char']],
+    'MapFrozen' : [ 0x6, ['unsigned char']],
+    'MemoryMap' : [ 0x8, ['_RTL_BITMAP']],
+    'DiscardedMemoryPages' : [ 0x10, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x18, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x20, ['unsigned long']],
+    'NextCloneRange' : [ 0x24, ['pointer', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x28, ['unsigned long']],
+    'LoaderMdl' : [ 0x2c, ['pointer', ['_MDL']]],
+    'AllocatedMdl' : [ 0x30, ['pointer', ['_MDL']]],
+    'PagesOut' : [ 0x38, ['unsigned long long']],
+    'IoPages' : [ 0x40, ['pointer', ['void']]],
+    'IoPagesCount' : [ 0x44, ['unsigned long']],
+    'CurrentMcb' : [ 0x48, ['pointer', ['void']]],
+    'DumpStack' : [ 0x4c, ['pointer', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x50, ['pointer', ['_KPROCESSOR_STATE']]],
+    'PreferredIoWriteSize' : [ 0x54, ['unsigned long']],
+    'IoProgress' : [ 0x58, ['unsigned long']],
+    'HiberVa' : [ 0x5c, ['unsigned long']],
+    'HiberPte' : [ 0x60, ['_LARGE_INTEGER']],
+    'Status' : [ 0x68, ['long']],
+    'MemoryImage' : [ 0x6c, ['pointer', ['PO_MEMORY_IMAGE']]],
+    'CompressionWorkspace' : [ 0x70, ['pointer', ['void']]],
+    'CompressedWriteBuffer' : [ 0x74, ['pointer', ['unsigned char']]],
+    'CompressedWriteBufferSize' : [ 0x78, ['unsigned long']],
+    'MaxCompressedOutputSize' : [ 0x7c, ['unsigned long']],
+    'PerformanceStats' : [ 0x80, ['pointer', ['unsigned long']]],
+    'CompressionBlock' : [ 0x84, ['pointer', ['void']]],
+    'DmaIO' : [ 0x88, ['pointer', ['void']]],
+    'TemporaryHeap' : [ 0x8c, ['pointer', ['void']]],
+    'BootLoaderLogMdl' : [ 0x90, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'ResumeContext' : [ 0x98, ['pointer', ['void']]],
+    'ResumeContextPages' : [ 0x9c, ['unsigned long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x40, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x8, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0xb0, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x70, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x78, ['pointer', ['void']]],
+    'PointersLength' : [ 0x7c, ['unsigned long']],
+    'ModulePrefix' : [ 0x80, ['pointer', ['unsigned short']]],
+    'DriverList' : [ 0x84, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x8c, ['_STRING']],
+    'ProgMsg' : [ 0x94, ['_STRING']],
+    'DoneMsg' : [ 0x9c, ['_STRING']],
+    'FileObject' : [ 0xa4, ['pointer', ['void']]],
+    'UsageType' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile'})]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x20, {
+    'ThreadHandle' : [ 0x0, ['pointer', ['void']]],
+    'ThreadId' : [ 0x4, ['pointer', ['void']]],
+    'ProcessId' : [ 0x8, ['pointer', ['void']]],
+    'Code' : [ 0xc, ['unsigned long']],
+    'Parameter1' : [ 0x10, ['unsigned long']],
+    'Parameter2' : [ 0x14, ['unsigned long']],
+    'Parameter3' : [ 0x18, ['unsigned long']],
+    'Parameter4' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x20, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0xc, ['unsigned long']],
+    'CollectMultiple' : [ 0x10, ['unsigned char']],
+    'Buffer' : [ 0x14, ['pointer', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+} ],
+  '_RTL_HANDLE_TABLE_ENTRY' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NextFree' : [ 0x0, ['pointer', ['_RTL_HANDLE_TABLE_ENTRY']]],
+} ],
+  '__unnamed_23a0' : [ 0x10, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x10, {
+    'Parameters' : [ 0x0, ['__unnamed_23a0']],
+} ],
+  '__unnamed_23a4' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_23a4']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0xe0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long']],
+    'PageSize' : [ 0x14, ['unsigned long']],
+    'SystemTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x20, ['unsigned long long']],
+    'FeatureFlags' : [ 0x28, ['unsigned long']],
+    'HiberFlags' : [ 0x2c, ['unsigned char']],
+    'spare' : [ 0x2d, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x30, ['unsigned long']],
+    'HiberVa' : [ 0x34, ['unsigned long']],
+    'HiberPte' : [ 0x38, ['_LARGE_INTEGER']],
+    'NoFreePages' : [ 0x40, ['unsigned long']],
+    'FreeMapCheck' : [ 0x44, ['unsigned long']],
+    'WakeCheck' : [ 0x48, ['unsigned long']],
+    'FirstTablePage' : [ 0x4c, ['unsigned long']],
+    'PerfInfo' : [ 0x50, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0xa8, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0xac, ['array', 1, ['unsigned long']]],
+    'NoBootLoaderLogPages' : [ 0xb0, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0xb4, ['array', 8, ['unsigned long']]],
+    'NotUsed' : [ 0xd4, ['unsigned long']],
+    'ResumeContextCheck' : [ 0xd8, ['unsigned long']],
+    'ResumeContextPages' : [ 0xdc, ['unsigned long']],
+} ],
+  'EX_QUEUE_WORKER_INFO' : [ 0x4, {
+    'QueueDisabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MakeThreadsAsNecessary' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitMode' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WorkerCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'QueueWorkerInfo' : [ 0x0, ['long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_CURDIR' : [ 0xc, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x58, {
+    'IoTicks' : [ 0x0, ['unsigned long long']],
+    'InitTicks' : [ 0x8, ['unsigned long long']],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'ElapsedTicks' : [ 0x18, ['unsigned long long']],
+    'CompressTicks' : [ 0x20, ['unsigned long long']],
+    'ResumeAppTime' : [ 0x28, ['unsigned long long']],
+    'HiberFileResumeTime' : [ 0x30, ['unsigned long long']],
+    'BytesCopied' : [ 0x38, ['unsigned long long']],
+    'PagesProcessed' : [ 0x40, ['unsigned long long']],
+    'PagesWritten' : [ 0x48, ['unsigned long']],
+    'DumpCount' : [ 0x4c, ['unsigned long']],
+    'FileRuns' : [ 0x50, ['unsigned long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x10, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0xc, ['unsigned char']],
+    'Reserved' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_MMVIEW' : [ 0x18, {
+    'Entry' : [ 0x0, ['unsigned long']],
+    'Writable' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlArea' : [ 0x4, ['pointer', ['_CONTROL_AREA']]],
+    'ViewLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'SessionViewVa' : [ 0x10, ['pointer', ['void']]],
+    'SessionId' : [ 0x14, ['unsigned long']],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x34, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0xc, ['pointer', ['unsigned char']]],
+    'PciDeviceId' : [ 0x10, ['unsigned short']],
+    'PciVendorId' : [ 0x12, ['unsigned short']],
+    'PciBusNumber' : [ 0x14, ['unsigned char']],
+    'PciBusSegment' : [ 0x16, ['unsigned short']],
+    'PciSlotNumber' : [ 0x18, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x19, ['unsigned char']],
+    'PciFlags' : [ 0x1c, ['unsigned long']],
+    'SystemGUID' : [ 0x20, ['_GUID']],
+    'IsMMIODevice' : [ 0x30, ['unsigned char']],
+    'TerminalType' : [ 0x31, ['unsigned char']],
+} ],
+  '__unnamed_23cc' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_23ce' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_23d0' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_23cc']],
+    'Gpt' : [ 0x0, ['__unnamed_23ce']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x70, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer', ['void']]],
+    'CommonBuffer' : [ 0xc, ['array', 2, ['pointer', ['void']]]],
+    'PhysicalAddress' : [ 0x18, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x28, ['pointer', ['void']]],
+    'OpenRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'WriteRoutine' : [ 0x30, ['pointer', ['void']]],
+    'FinishRoutine' : [ 0x34, ['pointer', ['void']]],
+    'AdapterObject' : [ 0x38, ['pointer', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x3c, ['pointer', ['void']]],
+    'PortConfiguration' : [ 0x40, ['pointer', ['void']]],
+    'CrashDump' : [ 0x44, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x48, ['unsigned long']],
+    'CommonBufferSize' : [ 0x4c, ['unsigned long']],
+    'TargetAddress' : [ 0x50, ['pointer', ['void']]],
+    'WritePendingRoutine' : [ 0x54, ['pointer', ['void']]],
+    'PartitionStyle' : [ 0x58, ['unsigned long']],
+    'DiskInfo' : [ 0x5c, ['__unnamed_23d0']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x30, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Hint' : [ 0xc, ['unsigned long']],
+    'BasePte' : [ 0x10, ['pointer', ['_MMPTE']]],
+    'FailureCount' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Vm' : [ 0x18, ['pointer', ['_MMSUPPORT']]],
+    'TotalSystemPtes' : [ 0x1c, ['long']],
+    'TotalFreeSystemPtes' : [ 0x20, ['long']],
+    'CachedPteCount' : [ 0x24, ['long']],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x2c, ['unsigned long']],
+    'GlobalMutex' : [ 0x2c, ['pointer', ['_KGUARDED_MUTEX']]],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x10, {
+    'DHCPServerACK' : [ 0x0, ['pointer', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x4, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x8, ['pointer', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x170, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x4, ['pointer', ['pointer', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x8, ['array', 9, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x28, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x10, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x18, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x2c, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x28, ['long']],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x4, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['pointer', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0x54, {
+    'Cr0' : [ 0x0, ['unsigned long']],
+    'Cr2' : [ 0x4, ['unsigned long']],
+    'Cr3' : [ 0x8, ['unsigned long']],
+    'Cr4' : [ 0xc, ['unsigned long']],
+    'KernelDr0' : [ 0x10, ['unsigned long']],
+    'KernelDr1' : [ 0x14, ['unsigned long']],
+    'KernelDr2' : [ 0x18, ['unsigned long']],
+    'KernelDr3' : [ 0x1c, ['unsigned long']],
+    'KernelDr6' : [ 0x20, ['unsigned long']],
+    'KernelDr7' : [ 0x24, ['unsigned long']],
+    'Gdtr' : [ 0x28, ['_DESCRIPTOR']],
+    'Idtr' : [ 0x30, ['_DESCRIPTOR']],
+    'Tr' : [ 0x38, ['unsigned short']],
+    'Ldtr' : [ 0x3a, ['unsigned short']],
+    'Reserved' : [ 0x3c, ['array', 6, ['unsigned long']]],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0xc, {
+    'Previous' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x4, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x10, ['pointer', ['void']]],
+    'WhichOrderedElement' : [ 0x14, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x18, ['unsigned long']],
+    'DepthOfTree' : [ 0x1c, ['unsigned long']],
+    'RestartKey' : [ 0x20, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x24, ['unsigned long']],
+    'CompareRoutine' : [ 0x28, ['pointer', ['void']]],
+    'AllocateRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'FreeRoutine' : [ 0x30, ['pointer', ['void']]],
+    'TableContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: 'KTMOH_CommitTransaction_Result', 2: 'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_DESCRIPTOR' : [ 0x8, {
+    'Pad' : [ 0x0, ['unsigned short']],
+    'Limit' : [ 0x2, ['unsigned short']],
+    'Base' : [ 0x4, ['unsigned long']],
+} ],
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x5f0, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'Reserved2' : [ 0x248, ['array', 7, ['unsigned long']]],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: 'NtProductWinNt', 2: 'NtProductLanManNt', 3: 'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: 'StandardDesign', 1: 'NEC98x86', 2: 'EndAlternatives'})]],
+    'AltArchitecturePad' : [ 0x2c4, ['array', 1, ['unsigned long']]],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['unsigned char']],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'TscQpcData' : [ 0x2ed, ['unsigned char']],
+    'TscQpcEnabled' : [ 0x2ed, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TscQpcSpareFlag' : [ 0x2ed, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'TscQpcShift' : [ 0x2ed, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'TscQpcPad' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgSystemDllRelocated' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgSEHValidationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'SystemCall' : [ 0x300, ['unsigned long']],
+    'SystemCallReturn' : [ 0x304, ['unsigned long']],
+    'SystemCallPad' : [ 0x308, ['array', 3, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'DEPRECATED_Wow64SharedInformation' : [ 0x340, ['array', 16, ['unsigned long']]],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved5' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'TscQpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned short']],
+    'Reserved4' : [ 0x3c6, ['unsigned short']],
+    'AitSamplingValue' : [ 0x3c8, ['unsigned long']],
+    'AppCompatFlag' : [ 0x3cc, ['unsigned long']],
+    'DEPRECATED_SystemDllNativeRelocation' : [ 0x3d0, ['unsigned long long']],
+    'DEPRECATED_SystemDllWowRelocation' : [ 0x3d8, ['unsigned long']],
+    'XStatePad' : [ 0x3dc, ['array', 1, ['unsigned long']]],
+    'XState' : [ 0x3e0, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1041' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1041']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1045' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1045']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_105e' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1060' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_105e']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x4, ['pointer', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x8, ['pointer', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0xc, ['pointer', ['void']]],
+    'RaceDll' : [ 0x10, ['pointer', ['void']]],
+    'ActivationContext' : [ 0x14, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x18, ['pointer', ['void']]],
+    'u' : [ 0x1c, ['__unnamed_1060']],
+    'CallbackPriority' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'TP_CALLBACK_PRIORITY_HIGH', 1: 'TP_CALLBACK_PRIORITY_NORMAL', 2: 'TP_CALLBACK_PRIORITY_LOW', 3: 'TP_CALLBACK_PRIORITY_INVALID'})]],
+    'Size' : [ 0x24, ['unsigned long']],
+} ],
+  '_TP_TASK' : [ 0x14, {
+    'Callbacks' : [ 0x0, ['pointer', ['_TP_TASK_CALLBACKS']]],
+    'NumaNode' : [ 0x4, ['unsigned long']],
+    'IdealProcessor' : [ 0x8, ['unsigned char']],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+} ],
+  '_TP_TASK_CALLBACKS' : [ 0x8, {
+    'ExecuteCallback' : [ 0x0, ['pointer', ['void']]],
+    'Unposted' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_TP_DIRECT' : [ 0xc, {
+    'Callback' : [ 0x0, ['pointer', ['void']]],
+    'NumaNode' : [ 0x4, ['unsigned long']],
+    'IdealProcessor' : [ 0x8, ['unsigned char']],
+} ],
+  '_TEB' : [ 0xfe4, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x1c, ['pointer', ['void']]],
+    'ClientId' : [ 0x20, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['pointer', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x30, ['pointer', ['_PEB']]],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['pointer', ['void']]],
+    'Win32ThreadInfo' : [ 0x40, ['pointer', ['void']]],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['pointer', ['void']]],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'SystemReserved1' : [ 0xcc, ['array', 54, ['pointer', ['void']]]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['pointer', ['_ACTIVATION_CONTEXT_STACK']]],
+    'SpareBytes' : [ 0x1ac, ['array', 36, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['pointer', ['void']]],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['pointer', ['void']]],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['pointer', ['void']]]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['pointer', ['void']]],
+    'glSectionInfo' : [ 0xbe0, ['pointer', ['void']]],
+    'glSection' : [ 0xbe4, ['pointer', ['void']]],
+    'glTable' : [ 0xbe8, ['pointer', ['void']]],
+    'glCurrentRC' : [ 0xbec, ['pointer', ['void']]],
+    'glContext' : [ 0xbf0, ['pointer', ['void']]],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['pointer', ['void']]],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['pointer', ['void']]]],
+    'TlsLinks' : [ 0xf10, ['_LIST_ENTRY']],
+    'Vdm' : [ 0xf18, ['pointer', ['void']]],
+    'ReservedForNtRpc' : [ 0xf1c, ['pointer', ['void']]],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['pointer', ['void']]]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['pointer', ['void']]]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['pointer', ['void']]],
+    'EtwLocalData' : [ 0xf64, ['pointer', ['void']]],
+    'EtwTraceData' : [ 0xf68, ['pointer', ['void']]],
+    'WinSockData' : [ 0xf6c, ['pointer', ['void']]],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['pointer', ['void']]],
+    'ReservedForOle' : [ 0xf80, ['pointer', ['void']]],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['pointer', ['void']]],
+    'SoftPatchPtr1' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['pointer', ['void']]],
+    'TlsExpansionSlots' : [ 0xf94, ['pointer', ['pointer', ['void']]]],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['pointer', ['void']]],
+    'pShimData' : [ 0xfa4, ['pointer', ['void']]],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['pointer', ['void']]],
+    'ActiveFrame' : [ 0xfb0, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0xfb4, ['pointer', ['void']]],
+    'PreferredLanguages' : [ 0xfb8, ['pointer', ['void']]],
+    'UserPrefLanguages' : [ 0xfbc, ['pointer', ['void']]],
+    'MergedPrefLanguages' : [ 0xfc0, ['pointer', ['void']]],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['pointer', ['void']]],
+    'TxnScopeExitCallback' : [ 0xfd0, ['pointer', ['void']]],
+    'TxnScopeContext' : [ 0xfd4, ['pointer', ['void']]],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'SpareUlong0' : [ 0xfdc, ['unsigned long']],
+    'ResourceRetValue' : [ 0xfe0, ['pointer', ['void']]],
+} ],
+  '_LIST_ENTRY' : [ 0x8, {
+    'Flink' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x4, {
+    'Next' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0xc, {
+    'ChainHead' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x14, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ChainHead' : [ 0xc, ['pointer', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x24, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned short']]],
+} ],
+  '_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS' : [ 0xf8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_KPCR' : [ 0x3748, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'Used_ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Used_StackBase' : [ 0x4, ['pointer', ['void']]],
+    'Spare2' : [ 0x8, ['pointer', ['void']]],
+    'TssCopy' : [ 0xc, ['pointer', ['void']]],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'SetMemberCopy' : [ 0x14, ['unsigned long']],
+    'Used_Self' : [ 0x18, ['pointer', ['void']]],
+    'SelfPcr' : [ 0x1c, ['pointer', ['_KPCR']]],
+    'Prcb' : [ 0x20, ['pointer', ['_KPRCB']]],
+    'Irql' : [ 0x24, ['unsigned char']],
+    'IRR' : [ 0x28, ['unsigned long']],
+    'IrrActive' : [ 0x2c, ['unsigned long']],
+    'IDR' : [ 0x30, ['unsigned long']],
+    'KdVersionBlock' : [ 0x34, ['pointer', ['void']]],
+    'IDT' : [ 0x38, ['pointer', ['_KIDTENTRY']]],
+    'GDT' : [ 0x3c, ['pointer', ['_KGDTENTRY']]],
+    'TSS' : [ 0x40, ['pointer', ['_KTSS']]],
+    'MajorVersion' : [ 0x44, ['unsigned short']],
+    'MinorVersion' : [ 0x46, ['unsigned short']],
+    'SetMember' : [ 0x48, ['unsigned long']],
+    'StallScaleFactor' : [ 0x4c, ['unsigned long']],
+    'SpareUnused' : [ 0x50, ['unsigned char']],
+    'Number' : [ 0x51, ['unsigned char']],
+    'Spare0' : [ 0x52, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x53, ['unsigned char']],
+    'VdmAlert' : [ 0x54, ['unsigned long']],
+    'KernelReserved' : [ 0x58, ['array', 14, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0x90, ['unsigned long']],
+    'HalReserved' : [ 0x94, ['array', 16, ['unsigned long']]],
+    'InterruptMode' : [ 0xd4, ['unsigned long']],
+    'Spare1' : [ 0xd8, ['unsigned char']],
+    'KernelReserved2' : [ 0xdc, ['array', 17, ['unsigned long']]],
+    'PrcbData' : [ 0x120, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x3628, {
+    'MinorVersion' : [ 0x0, ['unsigned short']],
+    'MajorVersion' : [ 0x2, ['unsigned short']],
+    'CurrentThread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'NextThread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'IdleThread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'LegacyNumber' : [ 0x10, ['unsigned char']],
+    'NestingLevel' : [ 0x11, ['unsigned char']],
+    'BuildType' : [ 0x12, ['unsigned short']],
+    'CpuType' : [ 0x14, ['unsigned char']],
+    'CpuID' : [ 0x15, ['unsigned char']],
+    'CpuStep' : [ 0x16, ['unsigned short']],
+    'CpuStepping' : [ 0x16, ['unsigned char']],
+    'CpuModel' : [ 0x17, ['unsigned char']],
+    'ProcessorState' : [ 0x18, ['_KPROCESSOR_STATE']],
+    'KernelReserved' : [ 0x338, ['array', 16, ['unsigned long']]],
+    'HalReserved' : [ 0x378, ['array', 16, ['unsigned long']]],
+    'CFlushSize' : [ 0x3b8, ['unsigned long']],
+    'CoresPerPhysicalProcessor' : [ 0x3bc, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x3bd, ['unsigned char']],
+    'PrcbPad0' : [ 0x3be, ['array', 2, ['unsigned char']]],
+    'MHz' : [ 0x3c0, ['unsigned long']],
+    'CpuVendor' : [ 0x3c4, ['unsigned char']],
+    'GroupIndex' : [ 0x3c5, ['unsigned char']],
+    'Group' : [ 0x3c6, ['unsigned short']],
+    'GroupSetMember' : [ 0x3c8, ['unsigned long']],
+    'Number' : [ 0x3cc, ['unsigned long']],
+    'PrcbPad1' : [ 0x3d0, ['array', 72, ['unsigned char']]],
+    'LockQueue' : [ 0x418, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'NpxThread' : [ 0x4a0, ['pointer', ['_KTHREAD']]],
+    'InterruptCount' : [ 0x4a4, ['unsigned long']],
+    'KernelTime' : [ 0x4a8, ['unsigned long']],
+    'UserTime' : [ 0x4ac, ['unsigned long']],
+    'DpcTime' : [ 0x4b0, ['unsigned long']],
+    'DpcTimeCount' : [ 0x4b4, ['unsigned long']],
+    'InterruptTime' : [ 0x4b8, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4bc, ['unsigned long']],
+    'PageColor' : [ 0x4c0, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4c4, ['unsigned char']],
+    'NodeColor' : [ 0x4c5, ['unsigned char']],
+    'PrcbPad20' : [ 0x4c6, ['array', 2, ['unsigned char']]],
+    'NodeShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'ParentNode' : [ 0x4cc, ['pointer', ['_KNODE']]],
+    'SecondaryColorMask' : [ 0x4d0, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4d4, ['unsigned long']],
+    'PrcbPad21' : [ 0x4d8, ['array', 2, ['unsigned long']]],
+    'CcFastReadNoWait' : [ 0x4e0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x4e4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x4e8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x4ec, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x4f0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x4f4, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x4f8, ['long']],
+    'IoReadOperationCount' : [ 0x4fc, ['long']],
+    'IoWriteOperationCount' : [ 0x500, ['long']],
+    'IoOtherOperationCount' : [ 0x504, ['long']],
+    'IoReadTransferCount' : [ 0x508, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x510, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x518, ['_LARGE_INTEGER']],
+    'CcFastMdlReadNoWait' : [ 0x520, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x524, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x528, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x52c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x530, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x534, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x538, ['unsigned long']],
+    'CcPinReadWait' : [ 0x53c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x540, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x544, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x548, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x54c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x550, ['unsigned long']],
+    'CcDataFlushes' : [ 0x554, ['unsigned long']],
+    'CcDataPages' : [ 0x558, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x55c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x560, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x564, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x568, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x56c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x570, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x574, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x578, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x57c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x580, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x584, ['unsigned long']],
+    'KeAlignmentFixupCount' : [ 0x588, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x58c, ['unsigned long']],
+    'KeSystemCalls' : [ 0x590, ['unsigned long']],
+    'AvailableTime' : [ 0x594, ['unsigned long']],
+    'PrcbPad22' : [ 0x598, ['array', 2, ['unsigned long']]],
+    'PPLookasideList' : [ 0x5a0, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNPagedLookasideList' : [ 0x620, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0xf20, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x1820, ['unsigned long']],
+    'ReverseStall' : [ 0x1824, ['long']],
+    'IpiFrame' : [ 0x1828, ['pointer', ['void']]],
+    'PrcbPad3' : [ 0x182c, ['array', 52, ['unsigned char']]],
+    'CurrentPacket' : [ 0x1860, ['array', 3, ['pointer', ['void']]]],
+    'TargetSet' : [ 0x186c, ['unsigned long']],
+    'WorkerRoutine' : [ 0x1870, ['pointer', ['void']]],
+    'IpiFrozen' : [ 0x1874, ['unsigned long']],
+    'PrcbPad4' : [ 0x1878, ['array', 40, ['unsigned char']]],
+    'RequestSummary' : [ 0x18a0, ['unsigned long']],
+    'SignalDone' : [ 0x18a4, ['pointer', ['_KPRCB']]],
+    'TrappedSecurityDomain' : [ 0x18a8, ['unsigned long long']],
+    'BpbState' : [ 0x18b0, ['unsigned char']],
+    'BpbIbrsPresent' : [ 0x18b0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbStibpPresent' : [ 0x18b0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbSmepPresent' : [ 0x18b0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbCpuIdle' : [ 0x18b0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbReserved' : [ 0x18b0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'PrcbPad50' : [ 0x18b1, ['array', 47, ['unsigned char']]],
+    'DpcData' : [ 0x18e0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x1908, ['pointer', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x190c, ['long']],
+    'DpcRequestRate' : [ 0x1910, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x1914, ['unsigned long']],
+    'DpcLastCount' : [ 0x1918, ['unsigned long']],
+    'PrcbLock' : [ 0x191c, ['unsigned long']],
+    'DpcGate' : [ 0x1920, ['_KGATE']],
+    'ThreadDpcEnable' : [ 0x1930, ['unsigned char']],
+    'QuantumEnd' : [ 0x1931, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x1932, ['unsigned char']],
+    'IdleSchedule' : [ 0x1933, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x1934, ['long']],
+    'DpcRequestSlot' : [ 0x1934, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x1934, ['short']],
+    'DpcThreadActive' : [ 0x1936, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'ThreadDpcState' : [ 0x1936, ['short']],
+    'TimerHand' : [ 0x1938, ['unsigned long']],
+    'LastTick' : [ 0x193c, ['unsigned long']],
+    'MasterOffset' : [ 0x1940, ['long']],
+    'PrcbPad41' : [ 0x1944, ['array', 2, ['unsigned long']]],
+    'PeriodicCount' : [ 0x194c, ['unsigned long']],
+    'PeriodicBias' : [ 0x1950, ['unsigned long']],
+    'TickOffset' : [ 0x1958, ['unsigned long long']],
+    'TimerTable' : [ 0x1960, ['_KTIMER_TABLE']],
+    'CallDpc' : [ 0x31a0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x31c0, ['long']],
+    'ClockCheckSlot' : [ 0x31c4, ['unsigned char']],
+    'ClockPollCycle' : [ 0x31c5, ['unsigned char']],
+    'PrcbPad6' : [ 0x31c6, ['array', 2, ['unsigned char']]],
+    'DpcWatchdogPeriod' : [ 0x31c8, ['long']],
+    'DpcWatchdogCount' : [ 0x31cc, ['long']],
+    'ThreadWatchdogPeriod' : [ 0x31d0, ['long']],
+    'ThreadWatchdogCount' : [ 0x31d4, ['long']],
+    'KeSpinLockOrdering' : [ 0x31d8, ['long']],
+    'PrcbPad70' : [ 0x31dc, ['array', 1, ['unsigned long']]],
+    'WaitListHead' : [ 0x31e0, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x31e8, ['unsigned long']],
+    'ReadySummary' : [ 0x31ec, ['unsigned long']],
+    'QueueIndex' : [ 0x31f0, ['unsigned long']],
+    'DeferredReadyListHead' : [ 0x31f4, ['_SINGLE_LIST_ENTRY']],
+    'StartCycles' : [ 0x31f8, ['unsigned long long']],
+    'CycleTime' : [ 0x3200, ['unsigned long long']],
+    'HighCycleTime' : [ 0x3208, ['unsigned long']],
+    'PrcbPad71' : [ 0x320c, ['unsigned long']],
+    'PrcbPad72' : [ 0x3210, ['array', 2, ['unsigned long long']]],
+    'DispatcherReadyListHead' : [ 0x3220, ['array', 32, ['_LIST_ENTRY']]],
+    'ChainedInterruptList' : [ 0x3320, ['pointer', ['void']]],
+    'LookasideIrpFloat' : [ 0x3324, ['long']],
+    'MmPageFaultCount' : [ 0x3328, ['long']],
+    'MmCopyOnWriteCount' : [ 0x332c, ['long']],
+    'MmTransitionCount' : [ 0x3330, ['long']],
+    'MmCacheTransitionCount' : [ 0x3334, ['long']],
+    'MmDemandZeroCount' : [ 0x3338, ['long']],
+    'MmPageReadCount' : [ 0x333c, ['long']],
+    'MmPageReadIoCount' : [ 0x3340, ['long']],
+    'MmCacheReadCount' : [ 0x3344, ['long']],
+    'MmCacheIoCount' : [ 0x3348, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x334c, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x3350, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x3354, ['long']],
+    'MmMappedWriteIoCount' : [ 0x3358, ['long']],
+    'CachedCommit' : [ 0x335c, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x3360, ['unsigned long']],
+    'HyperPte' : [ 0x3364, ['pointer', ['void']]],
+    'PrcbPad8' : [ 0x3368, ['array', 4, ['unsigned char']]],
+    'VendorString' : [ 0x336c, ['array', 13, ['unsigned char']]],
+    'InitialApicId' : [ 0x3379, ['unsigned char']],
+    'LogicalProcessorsPerPhysicalProcessor' : [ 0x337a, ['unsigned char']],
+    'PrcbPad9' : [ 0x337b, ['array', 5, ['unsigned char']]],
+    'FeatureBits' : [ 0x3380, ['unsigned long']],
+    'UpdateSignature' : [ 0x3388, ['_LARGE_INTEGER']],
+    'IsrTime' : [ 0x3390, ['unsigned long long']],
+    'RuntimeAccumulation' : [ 0x3398, ['unsigned long long']],
+    'PowerState' : [ 0x33a0, ['_PROCESSOR_POWER_STATE']],
+    'DpcWatchdogDpc' : [ 0x3468, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x3488, ['_KTIMER']],
+    'WheaInfo' : [ 0x34b0, ['pointer', ['void']]],
+    'EtwSupport' : [ 0x34b4, ['pointer', ['void']]],
+    'InterruptObjectPool' : [ 0x34b8, ['_SLIST_HEADER']],
+    'HypercallPageList' : [ 0x34c0, ['_SLIST_HEADER']],
+    'HypercallPageVirtual' : [ 0x34c8, ['pointer', ['void']]],
+    'VirtualApicAssist' : [ 0x34cc, ['pointer', ['void']]],
+    'StatisticsPage' : [ 0x34d0, ['pointer', ['unsigned long long']]],
+    'RateControl' : [ 0x34d4, ['pointer', ['void']]],
+    'Cache' : [ 0x34d8, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x3514, ['unsigned long']],
+    'CacheProcessorMask' : [ 0x3518, ['array', 5, ['unsigned long']]],
+    'PackageProcessorSet' : [ 0x352c, ['_KAFFINITY_EX']],
+    'PrcbPad91' : [ 0x3538, ['array', 1, ['unsigned long']]],
+    'CoreProcessorSet' : [ 0x353c, ['unsigned long']],
+    'TimerExpirationDpc' : [ 0x3540, ['_KDPC']],
+    'SpinLockAcquireCount' : [ 0x3560, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x3564, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x3568, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0x356c, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x3570, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x3574, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x3578, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x357c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x3580, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x3584, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x3588, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x358c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x3590, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x3594, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x3598, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x359c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x35a0, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x35a4, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x35a8, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x35ac, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x35b0, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x35b4, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x35b8, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x35bc, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x35c0, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x35c4, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x35c8, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x35cc, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x35d0, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x35d4, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x35d8, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x35dc, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x35e0, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x35e4, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x35e8, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x35ec, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x35f0, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x35f4, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x35f8, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x35fc, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0x3600, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0x3604, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0x3608, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0x360c, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0x3610, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0x3614, ['unsigned long']],
+    'Context' : [ 0x3618, ['pointer', ['_CONTEXT']]],
+    'ContextFlags' : [ 0x361c, ['unsigned long']],
+    'ExtendedState' : [ 0x3620, ['pointer', ['_XSAVE_AREA']]],
+} ],
+  '_KAPC' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x14, ['pointer', ['void']]],
+    'RundownRoutine' : [ 0x18, ['pointer', ['void']]],
+    'NormalRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'NormalContext' : [ 0x20, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x24, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x28, ['pointer', ['void']]],
+    'ApcStateIndex' : [ 0x2c, ['unsigned char']],
+    'ApcMode' : [ 0x2d, ['unsigned char']],
+    'Inserted' : [ 0x2e, ['unsigned char']],
+} ],
+  '_KTHREAD' : [ 0x200, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'CycleTime' : [ 0x10, ['unsigned long long']],
+    'HighCycleTime' : [ 0x18, ['unsigned long']],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer', ['void']]],
+    'StackLimit' : [ 0x2c, ['pointer', ['void']]],
+    'KernelStack' : [ 0x30, ['pointer', ['void']]],
+    'ThreadLock' : [ 0x34, ['unsigned long']],
+    'WaitRegister' : [ 0x38, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x39, ['unsigned char']],
+    'Alerted' : [ 0x3a, ['array', 2, ['unsigned char']]],
+    'KernelStackResident' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessReadyQueue' : [ 0x3c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'WaitNext' : [ 0x3c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x3c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Alertable' : [ 0x3c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GdiFlushActive' : [ 0x3c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x3c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x3c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x3c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x3c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x3c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'TimerActive' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SystemThread' : [ 0x3c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Reserved' : [ 0x3c, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x3c, ['long']],
+    'ApcState' : [ 0x40, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x40, ['array', 23, ['unsigned char']]],
+    'Priority' : [ 0x57, ['unsigned char']],
+    'NextProcessor' : [ 0x58, ['unsigned long']],
+    'DeferredProcessor' : [ 0x5c, ['unsigned long']],
+    'ApcQueueLock' : [ 0x60, ['unsigned long']],
+    'ContextSwitches' : [ 0x64, ['unsigned long']],
+    'State' : [ 0x68, ['unsigned char']],
+    'NpxState' : [ 0x69, ['unsigned char']],
+    'WaitIrql' : [ 0x6a, ['unsigned char']],
+    'WaitMode' : [ 0x6b, ['unsigned char']],
+    'WaitStatus' : [ 0x6c, ['long']],
+    'WaitBlockList' : [ 0x70, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0x74, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x74, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0x7c, ['pointer', ['_KQUEUE']]],
+    'WaitTime' : [ 0x80, ['unsigned long']],
+    'KernelApcDisable' : [ 0x84, ['short']],
+    'SpecialApcDisable' : [ 0x86, ['short']],
+    'CombinedApcDisable' : [ 0x84, ['unsigned long']],
+    'Teb' : [ 0x88, ['pointer', ['void']]],
+    'Timer' : [ 0x90, ['_KTIMER']],
+    'AutoAlignment' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0xb8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EtwStackTraceApc1Inserted' : [ 0xb8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EtwStackTraceApc2Inserted' : [ 0xb8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CalloutActive' : [ 0xb8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0xb8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0xb8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0xb8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'VdmSafe' : [ 0xb8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'UmsDispatched' : [ 0xb8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0xb8, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0xb8, ['long']],
+    'ServiceTable' : [ 0xbc, ['pointer', ['void']]],
+    'WaitBlock' : [ 0xc0, ['array', 4, ['_KWAIT_BLOCK']]],
+    'QueueListEntry' : [ 0x120, ['_LIST_ENTRY']],
+    'TrapFrame' : [ 0x128, ['pointer', ['_KTRAP_FRAME']]],
+    'FirstArgument' : [ 0x12c, ['pointer', ['void']]],
+    'CallbackStack' : [ 0x130, ['pointer', ['void']]],
+    'CallbackDepth' : [ 0x130, ['unsigned long']],
+    'ApcStateIndex' : [ 0x134, ['unsigned char']],
+    'BasePriority' : [ 0x135, ['unsigned char']],
+    'PriorityDecrement' : [ 0x136, ['unsigned char']],
+    'ForegroundBoost' : [ 0x136, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x136, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x137, ['unsigned char']],
+    'AdjustReason' : [ 0x138, ['unsigned char']],
+    'AdjustIncrement' : [ 0x139, ['unsigned char']],
+    'PreviousMode' : [ 0x13a, ['unsigned char']],
+    'Saturation' : [ 0x13b, ['unsigned char']],
+    'SystemCallNumber' : [ 0x13c, ['unsigned long']],
+    'FreezeCount' : [ 0x140, ['unsigned long']],
+    'UserAffinity' : [ 0x144, ['_GROUP_AFFINITY']],
+    'Process' : [ 0x150, ['pointer', ['_KPROCESS']]],
+    'Affinity' : [ 0x154, ['_GROUP_AFFINITY']],
+    'IdealProcessor' : [ 0x160, ['unsigned long']],
+    'UserIdealProcessor' : [ 0x164, ['unsigned long']],
+    'ApcStatePointer' : [ 0x168, ['array', 2, ['pointer', ['_KAPC_STATE']]]],
+    'SavedApcState' : [ 0x170, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x170, ['array', 23, ['unsigned char']]],
+    'WaitReason' : [ 0x187, ['unsigned char']],
+    'SuspendCount' : [ 0x188, ['unsigned char']],
+    'Spare1' : [ 0x189, ['unsigned char']],
+    'OtherPlatformFill' : [ 0x18a, ['unsigned char']],
+    'Win32Thread' : [ 0x18c, ['pointer', ['void']]],
+    'StackBase' : [ 0x190, ['pointer', ['void']]],
+    'SuspendApc' : [ 0x194, ['_KAPC']],
+    'SuspendApcFill0' : [ 0x194, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x195, ['unsigned char']],
+    'SuspendApcFill1' : [ 0x194, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x197, ['unsigned char']],
+    'SuspendApcFill2' : [ 0x194, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x198, ['unsigned long']],
+    'SuspendApcFill3' : [ 0x194, ['array', 36, ['unsigned char']]],
+    'WaitPrcb' : [ 0x1b8, ['pointer', ['_KPRCB']]],
+    'SuspendApcFill4' : [ 0x194, ['array', 40, ['unsigned char']]],
+    'LegoData' : [ 0x1bc, ['pointer', ['void']]],
+    'SuspendApcFill5' : [ 0x194, ['array', 47, ['unsigned char']]],
+    'LargeStack' : [ 0x1c3, ['unsigned char']],
+    'UserTime' : [ 0x1c4, ['unsigned long']],
+    'SuspendSemaphore' : [ 0x1c8, ['_KSEMAPHORE']],
+    'SuspendSemaphorefill' : [ 0x1c8, ['array', 20, ['unsigned char']]],
+    'SListFaultCount' : [ 0x1dc, ['unsigned long']],
+    'ThreadListEntry' : [ 0x1e0, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x1e8, ['_LIST_ENTRY']],
+    'SListFaultAddress' : [ 0x1f0, ['pointer', ['void']]],
+    'ThreadCounters' : [ 0x1f4, ['pointer', ['_KTHREAD_COUNTERS']]],
+    'XStateSave' : [ 0x1f8, ['pointer', ['_XSTATE_SAVE']]],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Event' : [ 0xc, ['_KEVENT']],
+    'OldIrql' : [ 0x1c, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_SLIST_HEADER' : [ 0x8, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x4, ['unsigned short']],
+    'Sequence' : [ 0x6, ['unsigned short']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x48, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['unsigned long']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['_FAST_MUTEX']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer', ['void']]],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_EX_PUSH_LOCK_CACHE_AWARE' : [ 0x80, {
+    'Locks' : [ 0x0, ['array', 32, ['pointer', ['_EX_PUSH_LOCK']]]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x8, {
+    'P' : [ 0x0, ['pointer', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x4, ['pointer', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_EX_FAST_REF' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_EX_PUSH_LOCK_WAIT_BLOCK' : [ 0x30, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Next' : [ 0x10, ['pointer', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'Last' : [ 0x14, ['pointer', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'Previous' : [ 0x18, ['pointer', ['_EX_PUSH_LOCK_WAIT_BLOCK']]],
+    'ShareCount' : [ 0x1c, ['long']],
+    'Flags' : [ 0x20, ['long']],
+} ],
+  '_ETHREAD' : [ 0x2b8, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x200, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x208, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x208, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x210, ['long']],
+    'PostBlockList' : [ 0x214, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x214, ['pointer', ['void']]],
+    'StartAddress' : [ 0x218, ['pointer', ['void']]],
+    'TerminationPort' : [ 0x21c, ['pointer', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x21c, ['pointer', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x21c, ['pointer', ['void']]],
+    'ActiveTimerListLock' : [ 0x220, ['unsigned long']],
+    'ActiveTimerListHead' : [ 0x224, ['_LIST_ENTRY']],
+    'Cid' : [ 0x22c, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x234, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x234, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x248, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x24c, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x254, ['unsigned long']],
+    'DeviceToVerify' : [ 0x258, ['pointer', ['_DEVICE_OBJECT']]],
+    'CpuQuotaApc' : [ 0x25c, ['pointer', ['_PSP_CPU_QUOTA_APC']]],
+    'Win32StartAddress' : [ 0x260, ['pointer', ['void']]],
+    'LegacyPowerObject' : [ 0x264, ['pointer', ['void']]],
+    'ThreadListEntry' : [ 0x268, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x270, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x274, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x278, ['unsigned long']],
+    'MmLockOrdering' : [ 0x27c, ['long']],
+    'CrossThreadFlags' : [ 0x280, ['unsigned long']],
+    'Terminated' : [ 0x280, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x280, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x280, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x280, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x280, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x280, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x280, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x280, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x280, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x280, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x280, ['BitField', dict(start_bit = 10, end_bit = 13, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x280, ['BitField', dict(start_bit = 13, end_bit = 16, native_type='unsigned long')]],
+    'RundownFail' : [ 0x280, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NeedsWorkingSetAging' : [ 0x280, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x284, ['unsigned long']],
+    'ActiveExWorker' : [ 0x284, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerCanWaitUser' : [ 0x284, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x284, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x284, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x284, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RateApcState' : [ 0x284, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x284, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x288, ['unsigned long']],
+    'Spare' : [ 0x288, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x288, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EtwPageFaultCalloutActive' : [ 0x288, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'OwnsProcessWorkingSetExclusive' : [ 0x288, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'OwnsProcessWorkingSetShared' : [ 0x288, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsSystemCacheWorkingSetExclusive' : [ 0x288, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsSystemCacheWorkingSetShared' : [ 0x288, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsSessionWorkingSetExclusive' : [ 0x288, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'OwnsSessionWorkingSetShared' : [ 0x289, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x289, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x289, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x289, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Prefetching' : [ 0x289, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsDynamicMemoryShared' : [ 0x289, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsChangeControlAreaExclusive' : [ 0x289, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsChangeControlAreaShared' : [ 0x289, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'OwnsPagedPoolWorkingSetExclusive' : [ 0x28a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsPagedPoolWorkingSetShared' : [ 0x28a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'OwnsSystemPtesWorkingSetExclusive' : [ 0x28a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'OwnsSystemPtesWorkingSetShared' : [ 0x28a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'TrimTrigger' : [ 0x28a, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x28a, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'PriorityRegionActive' : [ 0x28b, ['unsigned char']],
+    'CacheManagerActive' : [ 0x28c, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x28d, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x28e, ['unsigned char']],
+    'LockOrderState' : [ 0x28f, ['unsigned char']],
+    'AlpcMessageId' : [ 0x290, ['unsigned long']],
+    'AlpcMessage' : [ 0x294, ['pointer', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x294, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x298, ['_LIST_ENTRY']],
+    'CacheManagerCount' : [ 0x2a0, ['unsigned long']],
+    'IoBoostCount' : [ 0x2a4, ['unsigned long']],
+    'IrpListLock' : [ 0x2a8, ['unsigned long']],
+    'ReservedForSynchTracking' : [ 0x2ac, ['pointer', ['void']]],
+    'CmCallbackListHead' : [ 0x2b0, ['_SINGLE_LIST_ENTRY']],
+    'KernelStackReference' : [ 0x2b4, ['unsigned long']],
+} ],
+  '_EPROCESS' : [ 0x2e0, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x98, ['_EX_PUSH_LOCK']],
+    'CreateTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'RundownProtect' : [ 0xb0, ['_EX_RUNDOWN_REF']],
+    'UniqueProcessId' : [ 0xb4, ['pointer', ['void']]],
+    'ActiveProcessLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'ProcessQuotaUsage' : [ 0xc0, ['array', 2, ['unsigned long']]],
+    'ProcessQuotaPeak' : [ 0xc8, ['array', 2, ['unsigned long']]],
+    'CommitCharge' : [ 0xd0, ['unsigned long']],
+    'QuotaBlock' : [ 0xd4, ['pointer', ['_EPROCESS_QUOTA_BLOCK']]],
+    'CpuQuotaBlock' : [ 0xd8, ['pointer', ['_PS_CPU_QUOTA_BLOCK']]],
+    'PeakVirtualSize' : [ 0xdc, ['unsigned long']],
+    'VirtualSize' : [ 0xe0, ['unsigned long']],
+    'SessionProcessLinks' : [ 0xe4, ['_LIST_ENTRY']],
+    'DebugPort' : [ 0xec, ['pointer', ['void']]],
+    'ExceptionPortData' : [ 0xf0, ['pointer', ['void']]],
+    'ExceptionPortValue' : [ 0xf0, ['unsigned long']],
+    'ExceptionPortState' : [ 0xf0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'ObjectTable' : [ 0xf4, ['pointer', ['_HANDLE_TABLE']]],
+    'Token' : [ 0xf8, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0xfc, ['unsigned long']],
+    'AddressCreationLock' : [ 0x100, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x104, ['pointer', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x108, ['pointer', ['_ETHREAD']]],
+    'HardwareTrigger' : [ 0x10c, ['unsigned long']],
+    'PhysicalVadRoot' : [ 0x110, ['pointer', ['_MM_AVL_TABLE']]],
+    'CloneRoot' : [ 0x114, ['pointer', ['void']]],
+    'NumberOfPrivatePages' : [ 0x118, ['unsigned long']],
+    'NumberOfLockedPages' : [ 0x11c, ['unsigned long']],
+    'Win32Process' : [ 0x120, ['pointer', ['void']]],
+    'Job' : [ 0x124, ['pointer', ['_EJOB']]],
+    'SectionObject' : [ 0x128, ['pointer', ['void']]],
+    'SectionBaseAddress' : [ 0x12c, ['pointer', ['void']]],
+    'Cookie' : [ 0x130, ['unsigned long']],
+    'Spare8' : [ 0x134, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x138, ['pointer', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x13c, ['pointer', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x140, ['pointer', ['void']]],
+    'LdtInformation' : [ 0x144, ['pointer', ['void']]],
+    'VdmObjects' : [ 0x148, ['pointer', ['void']]],
+    'ConsoleHostProcess' : [ 0x14c, ['unsigned long']],
+    'DeviceMap' : [ 0x150, ['pointer', ['void']]],
+    'EtwDataSource' : [ 0x154, ['pointer', ['void']]],
+    'FreeTebHint' : [ 0x158, ['pointer', ['void']]],
+    'PageDirectoryPte' : [ 0x160, ['_HARDWARE_PTE']],
+    'Filler' : [ 0x160, ['unsigned long long']],
+    'Session' : [ 0x168, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x16c, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x17b, ['unsigned char']],
+    'JobLinks' : [ 0x17c, ['_LIST_ENTRY']],
+    'LockedPagesList' : [ 0x184, ['pointer', ['void']]],
+    'ThreadListHead' : [ 0x188, ['_LIST_ENTRY']],
+    'SecurityPort' : [ 0x190, ['pointer', ['void']]],
+    'PaeTop' : [ 0x194, ['pointer', ['void']]],
+    'ActiveThreads' : [ 0x198, ['unsigned long']],
+    'ImagePathHash' : [ 0x19c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x1a0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x1a4, ['long']],
+    'Peb' : [ 0x1a8, ['pointer', ['_PEB']]],
+    'PrefetchTrace' : [ 0x1ac, ['_EX_FAST_REF']],
+    'ReadOperationCount' : [ 0x1b0, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x1b8, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x1c0, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x1c8, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x1d0, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x1e0, ['unsigned long']],
+    'CommitChargePeak' : [ 0x1e4, ['unsigned long']],
+    'AweInfo' : [ 0x1e8, ['pointer', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x1ec, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'Vm' : [ 0x1f0, ['_MMSUPPORT']],
+    'MmProcessLinks' : [ 0x25c, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x264, ['pointer', ['void']]],
+    'ModifiedPageCount' : [ 0x268, ['unsigned long']],
+    'Flags2' : [ 0x26c, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x26c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x26c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x26c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x26c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x26c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x26c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ReportPhysicalPageChanges' : [ 0x26c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'HandleTableRundown' : [ 0x26c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x26c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x26c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'NumaAware' : [ 0x26c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProtectedProcess' : [ 0x26c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x26c, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x26c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x26c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x26c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x26c, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x26c, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x26c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x26c, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Spare1' : [ 0x26c, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x26c, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x26c, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'LowVaAccessible' : [ 0x26c, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'RestrictIndirectBranchPrediction' : [ 0x26c, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x26c, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'Flags' : [ 0x270, ['unsigned long']],
+    'CreateReported' : [ 0x270, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x270, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x270, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x270, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow64SplitPages' : [ 0x270, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x270, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x270, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x270, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ForkFailed' : [ 0x270, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x270, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x270, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x270, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x270, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x270, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x270, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x270, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x270, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x270, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x270, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'InjectInpageErrors' : [ 0x270, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x270, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x270, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x270, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x270, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x270, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x270, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x270, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x270, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x270, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ExitStatus' : [ 0x274, ['long']],
+    'VadRoot' : [ 0x278, ['_MM_AVL_TABLE']],
+    'AlpcContext' : [ 0x298, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x2a8, ['_LIST_ENTRY']],
+    'RequestedTimerResolution' : [ 0x2b0, ['unsigned long']],
+    'ActiveThreadsHighWatermark' : [ 0x2b4, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x2b8, ['unsigned long']],
+    'TimerResolutionStackRecord' : [ 0x2bc, ['pointer', ['_PO_DIAG_STACK_RECORD']]],
+    'SequenceNumber' : [ 0x2c0, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x2c8, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x2d0, ['unsigned long long']],
+    'SecurityDomain' : [ 0x2d8, ['unsigned long long']],
+} ],
+  '_KPROCESS' : [ 0x98, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x18, ['unsigned long']],
+    'LdtDescriptor' : [ 0x1c, ['_KGDTENTRY']],
+    'Int21Descriptor' : [ 0x24, ['_KIDTENTRY']],
+    'ThreadListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x34, ['unsigned long']],
+    'Affinity' : [ 0x38, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x44, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x4c, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x50, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'ActiveGroupsMask' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x5c, ['long']],
+    'BasePriority' : [ 0x60, ['unsigned char']],
+    'QuantumReset' : [ 0x61, ['unsigned char']],
+    'Visited' : [ 0x62, ['unsigned char']],
+    'Unused3' : [ 0x63, ['unsigned char']],
+    'ThreadSeed' : [ 0x64, ['array', 1, ['unsigned long']]],
+    'IdealNode' : [ 0x68, ['array', 1, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x6a, ['unsigned short']],
+    'Flags' : [ 0x6c, ['_KEXECUTE_OPTIONS']],
+    'Unused1' : [ 0x6d, ['unsigned char']],
+    'IopmOffset' : [ 0x6e, ['unsigned short']],
+    'Unused4' : [ 0x70, ['unsigned long']],
+    'StackCount' : [ 0x74, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x80, ['unsigned long long']],
+    'KernelTime' : [ 0x88, ['unsigned long']],
+    'UserTime' : [ 0x8c, ['unsigned long']],
+    'VdmTrapcHandler' : [ 0x90, ['pointer', ['void']]],
+} ],
+  '__unnamed_1293' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0x74, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'AuxData' : [ 0x30, ['pointer', ['void']]],
+    'Privileges' : [ 0x34, ['__unnamed_1293']],
+    'AuditPrivileges' : [ 0x60, ['unsigned char']],
+    'ObjectName' : [ 0x64, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x6c, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xc0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x4, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x14, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x18, ['unsigned long']],
+    'TransactionId' : [ 0x1c, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x30, ['pointer', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x34, ['pointer', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x38, ['pointer', ['void']]],
+    'SDLock' : [ 0x3c, ['pointer', ['void']]],
+    'AccessReasons' : [ 0x40, ['_ACCESS_REASONS']],
+} ],
+  '__unnamed_12a2' : [ 0x4, {
+    'MasterIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_12a7' : [ 0x8, {
+    'UserApcRoutine' : [ 0x0, ['pointer', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer', ['void']]],
+    'UserApcContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_12a9' : [ 0x8, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_12a7']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_12b4' : [ 0x28, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer', ['void']]]],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x14, ['pointer', ['unsigned char']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x20, ['pointer', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x20, ['unsigned long']],
+    'OriginalFileObject' : [ 0x24, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_12b6' : [ 0x30, {
+    'Overlay' : [ 0x0, ['__unnamed_12b4']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IRP' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x4, ['pointer', ['_MDL']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AssociatedIrp' : [ 0xc, ['__unnamed_12a2']],
+    'ThreadListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x18, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x20, ['unsigned char']],
+    'PendingReturned' : [ 0x21, ['unsigned char']],
+    'StackCount' : [ 0x22, ['unsigned char']],
+    'CurrentLocation' : [ 0x23, ['unsigned char']],
+    'Cancel' : [ 0x24, ['unsigned char']],
+    'CancelIrql' : [ 0x25, ['unsigned char']],
+    'ApcEnvironment' : [ 0x26, ['unsigned char']],
+    'AllocationFlags' : [ 0x27, ['unsigned char']],
+    'UserIosb' : [ 0x28, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x2c, ['pointer', ['_KEVENT']]],
+    'Overlay' : [ 0x30, ['__unnamed_12a9']],
+    'CancelRoutine' : [ 0x38, ['pointer', ['void']]],
+    'UserBuffer' : [ 0x3c, ['pointer', ['void']]],
+    'Tail' : [ 0x40, ['__unnamed_12b6']],
+} ],
+  '__unnamed_12bd' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'FileAttributes' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'EaLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_12c1' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_12c5' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_12c7' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_12cb' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+    'FileIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_12cd' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_12cf' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+} ],
+  '__unnamed_12d1' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileDirectoryInformation', 2: 'FileFullDirectoryInformation', 3: 'FileBothDirectoryInformation', 4: 'FileBasicInformation', 5: 'FileStandardInformation', 6: 'FileInternalInformation', 7: 'FileEaInformation', 8: 'FileAccessInformation', 9: 'FileNameInformation', 10: 'FileRenameInformation', 11: 'FileLinkInformation', 12: 'FileNamesInformation', 13: 'FileDispositionInformation', 14: 'FilePositionInformation', 15: 'FileFullEaInformation', 16: 'FileModeInformation', 17: 'FileAlignmentInformation', 18: 'FileAllInformation', 19: 'FileAllocationInformation', 20: 'FileEndOfFileInformation', 21: 'FileAlternateNameInformation', 22: 'FileStreamInformation', 23: 'FilePipeInformation', 24: 'FilePipeLocalInformation', 25: 'FilePipeRemoteInformation', 26: 'FileMailslotQueryInformation', 27: 'FileMailslotSetInformation', 28: 'FileCompressionInformation', 29: 'FileObjectIdInformation', 30: 'FileCompletionInformation', 31: 'FileMoveClusterInformation', 32: 'FileQuotaInformation', 33: 'FileReparsePointInformation', 34: 'FileNetworkOpenInformation', 35: 'FileAttributeTagInformation', 36: 'FileTrackingInformation', 37: 'FileIdBothDirectoryInformation', 38: 'FileIdFullDirectoryInformation', 39: 'FileValidDataLengthInformation', 40: 'FileShortNameInformation', 41: 'FileIoCompletionNotificationInformation', 42: 'FileIoStatusBlockRangeInformation', 43: 'FileIoPriorityHintInformation', 44: 'FileSfioReserveInformation', 45: 'FileSfioVolumeInformation', 46: 'FileHardLinkInformation', 47: 'FileProcessIdsUsingFileInformation', 48: 'FileNormalizedNameInformation', 49: 'FileNetworkPhysicalNameInformation', 50: 'FileIdGlobalTxDirectoryInformation', 51: 'FileIsRemoteDeviceInformation', 52: 'FileAttributeCacheInformation', 53: 'FileNumaNodeInformation', 54: 'FileStandardLinkInformation', 55: 'FileRemoteProtocolInformation', 56: 'FileMaximumInformation'})]],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0xc, ['unsigned char']],
+    'AdvanceOnly' : [ 0xd, ['unsigned char']],
+    'ClusterCount' : [ 0xc, ['unsigned long']],
+    'DeleteHandle' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_12d3' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x4, ['pointer', ['void']]],
+    'EaListLength' : [ 0x8, ['unsigned long']],
+    'EaIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_12d5' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_12d9' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: 'FileFsVolumeInformation', 2: 'FileFsLabelInformation', 3: 'FileFsSizeInformation', 4: 'FileFsDeviceInformation', 5: 'FileFsAttributeInformation', 6: 'FileFsControlInformation', 7: 'FileFsFullSizeInformation', 8: 'FileFsObjectIdInformation', 9: 'FileFsDriverPathInformation', 10: 'FileFsVolumeFlagsInformation', 11: 'FileFsSectorSizeInformation', 12: 'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_12db' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'FsControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_12de' : [ 0x10, {
+    'Length' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_12e0' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'IoControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_12e2' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_12e4' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_12e8' : [ 0x8, {
+    'Vpb' : [ 0x0, ['pointer', ['_VPB']]],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_12ec' : [ 0x4, {
+    'Srb' : [ 0x0, ['pointer', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_12f0' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x4, ['pointer', ['void']]],
+    'SidList' : [ 0x8, ['pointer', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_12f4' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusRelations', 1: 'EjectionRelations', 2: 'PowerRelations', 3: 'RemovalRelations', 4: 'TargetDeviceRelation', 5: 'SingleBusRelations', 6: 'TransportRelations'})]],
+} ],
+  '__unnamed_12fa' : [ 0x10, {
+    'InterfaceType' : [ 0x0, ['pointer', ['_GUID']]],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned short']],
+    'Interface' : [ 0x8, ['pointer', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_12fe' : [ 0x4, {
+    'Capabilities' : [ 0x0, ['pointer', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1302' : [ 0x4, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1304' : [ 0x10, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['void']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+    'Length' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1306' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_130a' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BusQueryDeviceID', 1: 'BusQueryHardwareIDs', 2: 'BusQueryCompatibleIDs', 3: 'BusQueryInstanceID', 4: 'BusQueryDeviceSerialNumber', 5: 'BusQueryContainerID'})]],
+} ],
+  '__unnamed_130e' : [ 0x8, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceTextDescription', 1: 'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1312' : [ 0x8, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'DeviceUsageTypeUndefined', 1: 'DeviceUsageTypePaging', 2: 'DeviceUsageTypeHibernation', 3: 'DeviceUsageTypeDumpFile'})]],
+} ],
+  '__unnamed_1316' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_131a' : [ 0x4, {
+    'PowerSequence' : [ 0x0, ['pointer', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1322' : [ 0x10, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SystemPowerState', 1: 'DevicePowerState'})]],
+    'State' : [ 0x8, ['_POWER_STATE']],
+    'ShutdownType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'PowerActionNone', 1: 'PowerActionReserved', 2: 'PowerActionSleep', 3: 'PowerActionHibernate', 4: 'PowerActionShutdown', 5: 'PowerActionShutdownReset', 6: 'PowerActionShutdownOff', 7: 'PowerActionWarmEject'})]],
+} ],
+  '__unnamed_1326' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x4, ['pointer', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1328' : [ 0x10, {
+    'ProviderId' : [ 0x0, ['unsigned long']],
+    'DataPath' : [ 0x4, ['pointer', ['void']]],
+    'BufferSize' : [ 0x8, ['unsigned long']],
+    'Buffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_132a' : [ 0x10, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_132c' : [ 0x10, {
+    'Create' : [ 0x0, ['__unnamed_12bd']],
+    'CreatePipe' : [ 0x0, ['__unnamed_12c1']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_12c5']],
+    'Read' : [ 0x0, ['__unnamed_12c7']],
+    'Write' : [ 0x0, ['__unnamed_12c7']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_12cb']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_12cd']],
+    'QueryFile' : [ 0x0, ['__unnamed_12cf']],
+    'SetFile' : [ 0x0, ['__unnamed_12d1']],
+    'QueryEa' : [ 0x0, ['__unnamed_12d3']],
+    'SetEa' : [ 0x0, ['__unnamed_12d5']],
+    'QueryVolume' : [ 0x0, ['__unnamed_12d9']],
+    'SetVolume' : [ 0x0, ['__unnamed_12d9']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_12db']],
+    'LockControl' : [ 0x0, ['__unnamed_12de']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_12e0']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_12e2']],
+    'SetSecurity' : [ 0x0, ['__unnamed_12e4']],
+    'MountVolume' : [ 0x0, ['__unnamed_12e8']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_12e8']],
+    'Scsi' : [ 0x0, ['__unnamed_12ec']],
+    'QueryQuota' : [ 0x0, ['__unnamed_12f0']],
+    'SetQuota' : [ 0x0, ['__unnamed_12d5']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_12f4']],
+    'QueryInterface' : [ 0x0, ['__unnamed_12fa']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_12fe']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1302']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1304']],
+    'SetLock' : [ 0x0, ['__unnamed_1306']],
+    'QueryId' : [ 0x0, ['__unnamed_130a']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_130e']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1312']],
+    'WaitWake' : [ 0x0, ['__unnamed_1316']],
+    'PowerSequence' : [ 0x0, ['__unnamed_131a']],
+    'Power' : [ 0x0, ['__unnamed_1322']],
+    'StartDevice' : [ 0x0, ['__unnamed_1326']],
+    'WMI' : [ 0x0, ['__unnamed_1328']],
+    'Others' : [ 0x0, ['__unnamed_132a']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x24, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x4, ['__unnamed_132c']],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_1342' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x14, ['pointer', ['_IRP']]],
+    'Timer' : [ 0x18, ['pointer', ['_IO_TIMER']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Characteristics' : [ 0x20, ['unsigned long']],
+    'Vpb' : [ 0x24, ['pointer', ['_VPB']]],
+    'DeviceExtension' : [ 0x28, ['pointer', ['void']]],
+    'DeviceType' : [ 0x2c, ['unsigned long']],
+    'StackSize' : [ 0x30, ['unsigned char']],
+    'Queue' : [ 0x34, ['__unnamed_1342']],
+    'AlignmentRequirement' : [ 0x5c, ['unsigned long']],
+    'DeviceQueue' : [ 0x60, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0x74, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x94, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x98, ['pointer', ['void']]],
+    'DeviceLock' : [ 0x9c, ['_KEVENT']],
+    'SectorSize' : [ 0xac, ['unsigned short']],
+    'Spare1' : [ 0xae, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0xb0, ['pointer', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0xb4, ['pointer', ['void']]],
+} ],
+  '_KDPC' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'DeferredRoutine' : [ 0xc, ['pointer', ['void']]],
+    'DeferredContext' : [ 0x10, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x14, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x18, ['pointer', ['void']]],
+    'DpcData' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x10, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x4, ['pointer', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x8, ['pointer', ['void']]],
+    'TxnParameters' : [ 0xc, ['pointer', ['_TXN_PARAMETER_BLOCK']]],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IoPriorityVeryLow', 1: 'IoPriorityLow', 2: 'IoPriorityNormal', 3: 'IoPriorityHigh', 4: 'IoPriorityCritical', 5: 'MaxIoPriorityTypes'})]],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ObjectName' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x10, ['pointer', ['void']]],
+    'SecurityQualityOfService' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0x80, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x8, ['pointer', ['_VPB']]],
+    'FsContext' : [ 0xc, ['pointer', ['void']]],
+    'FsContext2' : [ 0x10, ['pointer', ['void']]],
+    'SectionObjectPointer' : [ 0x14, ['pointer', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x18, ['pointer', ['void']]],
+    'FinalStatus' : [ 0x1c, ['long']],
+    'RelatedFileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x24, ['unsigned char']],
+    'DeletePending' : [ 0x25, ['unsigned char']],
+    'ReadAccess' : [ 0x26, ['unsigned char']],
+    'WriteAccess' : [ 0x27, ['unsigned char']],
+    'DeleteAccess' : [ 0x28, ['unsigned char']],
+    'SharedRead' : [ 0x29, ['unsigned char']],
+    'SharedWrite' : [ 0x2a, ['unsigned char']],
+    'SharedDelete' : [ 0x2b, ['unsigned char']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x40, ['unsigned long']],
+    'Busy' : [ 0x44, ['unsigned long']],
+    'LastLock' : [ 0x48, ['pointer', ['void']]],
+    'Lock' : [ 0x4c, ['_KEVENT']],
+    'Event' : [ 0x5c, ['_KEVENT']],
+    'CompletionContext' : [ 0x6c, ['pointer', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0x70, ['unsigned long']],
+    'IrpList' : [ 0x74, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x4, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x38, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'MmPteAccessType', 1: 'MmCcReadAheadType', 2: 'MmPfnRepurposeType', 3: 'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0x8, ['unsigned long']],
+    'CurrentFileIndex' : [ 0x8, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+    'FirstFileEntry' : [ 0x28, ['pointer', ['unsigned long']]],
+    'Process' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer', ['unsigned long']]],
+    'LastPageFrameEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrTypeProcessor', 1: 'WheaErrTypeMemory', 2: 'WheaErrTypePCIExpress', 3: 'WheaErrTypeNMI', 4: 'WheaErrTypePCIXBus', 5: 'WheaErrTypePCIXDevice', 6: 'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSrcTypeMCE', 1: 'WheaErrSrcTypeCMC', 2: 'WheaErrSrcTypeCPE', 3: 'WheaErrSrcTypeNMI', 4: 'WheaErrSrcTypePCIe', 5: 'WheaErrSrcTypeGeneric', 6: 'WheaErrSrcTypeINIT', 7: 'WheaErrSrcTypeBOOT', 8: 'WheaErrSrcTypeSCIGeneric', 9: 'WheaErrSrcTypeIPFMCA', 10: 'WheaErrSrcTypeIPFCMC', 11: 'WheaErrSrcTypeIPFCPE', 12: 'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: 'WheaDataFormatIPFSalRecord', 1: 'WheaDataFormatXPFMCA', 2: 'WheaDataFormatMemory', 3: 'WheaDataFormatPCIExpress', 4: 'WheaDataFormatNMIPort', 5: 'WheaDataFormatPCIXBus', 6: 'WheaDataFormatPCIXDevice', 7: 'WheaDataFormatGeneric', 8: 'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x40, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0xc, ['pointer', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x10, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x28, ['pointer', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x2c, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x38, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_iobuf' : [ 0x20, {
+    '_ptr' : [ 0x0, ['pointer', ['unsigned char']]],
+    '_cnt' : [ 0x4, ['long']],
+    '_base' : [ 0x8, ['pointer', ['unsigned char']]],
+    '_flag' : [ 0xc, ['long']],
+    '_file' : [ 0x10, ['long']],
+    '_charbuf' : [ 0x14, ['long']],
+    '_bufsiz' : [ 0x18, ['long']],
+    '_tmpfname' : [ 0x1c, ['pointer', ['unsigned char']]],
+} ],
+  '__unnamed_14b0' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'HighLow' : [ 0x0, ['_MMPTE_HIGHLOW']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_14b0']],
+} ],
+  '__unnamed_14c1' : [ 0xc, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Ia64' : [ 0x0, ['_IA64_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0x88, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x28, ['unsigned long']],
+    'Prcb' : [ 0x2c, ['unsigned long']],
+    'Process' : [ 0x30, ['unsigned long']],
+    'Thread' : [ 0x34, ['unsigned long']],
+    'RegistryLength' : [ 0x38, ['unsigned long']],
+    'RegistryBase' : [ 0x3c, ['pointer', ['void']]],
+    'ConfigurationRoot' : [ 0x40, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0x44, ['pointer', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0x48, ['pointer', ['unsigned char']]],
+    'NtBootPathName' : [ 0x4c, ['pointer', ['unsigned char']]],
+    'NtHalPathName' : [ 0x50, ['pointer', ['unsigned char']]],
+    'LoadOptions' : [ 0x54, ['pointer', ['unsigned char']]],
+    'NlsData' : [ 0x58, ['pointer', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0x5c, ['pointer', ['_ARC_DISK_INFORMATION']]],
+    'OemFontFile' : [ 0x60, ['pointer', ['void']]],
+    'Extension' : [ 0x64, ['pointer', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0x68, ['__unnamed_14c1']],
+    'FirmwareInformation' : [ 0x74, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0xc, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x14, {
+    'Total' : [ 0x0, ['unsigned long']],
+    'ListName' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'ZeroedPageList', 1: 'FreePageList', 2: 'StandbyPageList', 3: 'ModifiedPageList', 4: 'ModifiedNoWritePageList', 5: 'BadPageList', 6: 'ActiveAndValid', 7: 'TransitionPage'})]],
+    'Flink' : [ 0x8, ['unsigned long']],
+    'Blink' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_14f4' : [ 0x4, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'WsIndex' : [ 0x0, ['unsigned long']],
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_14f6' : [ 0x4, {
+    'Blink' : [ 0x0, ['unsigned long']],
+    'ImageProtoPte' : [ 0x0, ['pointer', ['_MMPTE']]],
+    'ShareCount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_14f9' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'VolatileReferenceCount' : [ 0x0, ['short']],
+    'ShortFlags' : [ 0x2, ['unsigned short']],
+} ],
+  '__unnamed_14fb' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY']],
+    'e2' : [ 0x0, ['__unnamed_14f9']],
+} ],
+  '__unnamed_14ff' : [ 0x4, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'PfnImageVerified' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'AweAllocation' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MMPFN' : [ 0x1c, {
+    'u1' : [ 0x0, ['__unnamed_14f4']],
+    'u2' : [ 0x4, ['__unnamed_14f6']],
+    'PteAddress' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x8, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['long']],
+    'PteLong' : [ 0x8, ['unsigned long']],
+    'u3' : [ 0xc, ['__unnamed_14fb']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'AweReferenceCount' : [ 0x10, ['long']],
+    'u4' : [ 0x18, ['__unnamed_14ff']],
+} ],
+  '_MI_COLOR_BASE' : [ 0x8, {
+    'ColorPointer' : [ 0x0, ['pointer', ['unsigned short']]],
+    'ColorMask' : [ 0x4, ['unsigned short']],
+    'ColorNode' : [ 0x6, ['unsigned short']],
+} ],
+  '_MMSUPPORT' : [ 0x6c, {
+    'WorkingSetMutex' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ExitGate' : [ 0x4, ['pointer', ['_KGATE']]],
+    'AccessLog' : [ 0x8, ['pointer', ['void']]],
+    'WorkingSetExpansionLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x14, ['array', 7, ['unsigned long']]],
+    'MinimumWorkingSetSize' : [ 0x30, ['unsigned long']],
+    'WorkingSetSize' : [ 0x34, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x38, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x3c, ['unsigned long']],
+    'ChargedWslePages' : [ 0x40, ['unsigned long']],
+    'ActualWslePages' : [ 0x44, ['unsigned long']],
+    'WorkingSetSizeOverhead' : [ 0x48, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x4c, ['unsigned long']],
+    'HardFaultCount' : [ 0x50, ['unsigned long']],
+    'VmWorkingSetList' : [ 0x54, ['pointer', ['_MMWSL']]],
+    'NextPageColor' : [ 0x58, ['unsigned short']],
+    'LastTrimStamp' : [ 0x5a, ['unsigned short']],
+    'PageFaultCount' : [ 0x5c, ['unsigned long']],
+    'RepurposeCount' : [ 0x60, ['unsigned long']],
+    'Spare' : [ 0x64, ['array', 1, ['unsigned long']]],
+    'Flags' : [ 0x68, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_MMWSL' : [ 0xd0c, {
+    'FirstFree' : [ 0x0, ['unsigned long']],
+    'FirstDynamic' : [ 0x4, ['unsigned long']],
+    'LastEntry' : [ 0x8, ['unsigned long']],
+    'NextSlot' : [ 0xc, ['unsigned long']],
+    'Wsle' : [ 0x10, ['pointer', ['_MMWSLE']]],
+    'LowestPagableAddress' : [ 0x14, ['pointer', ['void']]],
+    'LastInitializedWsle' : [ 0x18, ['unsigned long']],
+    'NextAgingSlot' : [ 0x1c, ['unsigned long']],
+    'NumberOfCommittedPageTables' : [ 0x20, ['unsigned long']],
+    'VadBitMapHint' : [ 0x24, ['unsigned long']],
+    'NonDirectCount' : [ 0x28, ['unsigned long']],
+    'LastVadBit' : [ 0x2c, ['unsigned long']],
+    'MaximumLastVadBit' : [ 0x30, ['unsigned long']],
+    'LastAllocationSizeHint' : [ 0x34, ['unsigned long']],
+    'LastAllocationSize' : [ 0x38, ['unsigned long']],
+    'NonDirectHash' : [ 0x3c, ['pointer', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x40, ['pointer', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x44, ['pointer', ['_MMWSLE_HASH']]],
+    'CheckingShadow' : [ 0x48, ['unsigned char']],
+    'SpareFlags' : [ 0x49, ['array', 3, ['unsigned char']]],
+    'UsedPageTableEntries' : [ 0x4c, ['array', 1536, ['unsigned short']]],
+    'CommittedPageTables' : [ 0xc4c, ['array', 48, ['unsigned long']]],
+} ],
+  '__unnamed_152c' : [ 0x4, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_152c']],
+} ],
+  '__unnamed_1538' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_1542' : [ 0xc, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 30, native_type='unsigned long')]],
+    'BitMap64' : [ 0x4, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubsectionRoot' : [ 0x8, ['pointer', ['_MM_SUBSECTION_AVL_TABLE']]],
+    'SeImageStub' : [ 0x8, ['pointer', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_1544' : [ 0xc, {
+    'e2' : [ 0x0, ['__unnamed_1542']],
+} ],
+  '_CONTROL_AREA' : [ 0x50, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x4, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0xc, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x10, ['unsigned long']],
+    'NumberOfMappedViews' : [ 0x14, ['unsigned long']],
+    'NumberOfUserReferences' : [ 0x18, ['unsigned long']],
+    'u' : [ 0x1c, ['__unnamed_1538']],
+    'FlushInProgressCount' : [ 0x20, ['unsigned long']],
+    'FilePointer' : [ 0x24, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x28, ['long']],
+    'ModifiedWriteCount' : [ 0x2c, ['unsigned long']],
+    'StartingFrame' : [ 0x2c, ['unsigned long']],
+    'WaitList' : [ 0x30, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x34, ['__unnamed_1544']],
+    'LockedPages' : [ 0x40, ['unsigned long long']],
+    'ViewList' : [ 0x48, ['_LIST_ENTRY']],
+} ],
+  '_MM_STORE_KEY' : [ 0x4, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 28, native_type='unsigned long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireKey' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPAGING_FILE' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'MinimumSize' : [ 0x8, ['unsigned long']],
+    'FreeSpace' : [ 0xc, ['unsigned long']],
+    'PeakUsage' : [ 0x10, ['unsigned long']],
+    'HighestPage' : [ 0x14, ['unsigned long']],
+    'File' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x1c, ['array', 2, ['pointer', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PageFileName' : [ 0x24, ['_UNICODE_STRING']],
+    'Bitmap' : [ 0x2c, ['pointer', ['_RTL_BITMAP']]],
+    'EvictStoreBitmap' : [ 0x30, ['pointer', ['_RTL_BITMAP']]],
+    'BitmapHint' : [ 0x34, ['unsigned long']],
+    'LastAllocationSize' : [ 0x38, ['unsigned long']],
+    'ToBeEvictedCount' : [ 0x3c, ['unsigned long']],
+    'PageFileNumber' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'BootPartition' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Spare0' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x42, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare1' : [ 0x42, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'FileHandle' : [ 0x44, ['pointer', ['void']]],
+    'Lock' : [ 0x48, ['unsigned long']],
+    'LockOwner' : [ 0x4c, ['pointer', ['_ETHREAD']]],
+} ],
+  '_RTL_BITMAP' : [ 0x8, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_MM_AVL_TABLE' : [ 0x20, {
+    'BalancedRoot' : [ 0x0, ['_MMADDRESS_NODE']],
+    'DepthOfTree' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'Unused' : [ 0x14, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'NumberGenericTableElements' : [ 0x14, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'NodeHint' : [ 0x18, ['pointer', ['void']]],
+    'NodeFreeHint' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '__unnamed_1586' : [ 0x4, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long')]],
+    'Parent' : [ 0x0, ['pointer', ['_MMVAD']]],
+} ],
+  '__unnamed_1589' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_158c' : [ 0x4, {
+    'LongFlags3' : [ 0x0, ['unsigned long']],
+    'VadFlags3' : [ 0x0, ['_MMVAD_FLAGS3']],
+} ],
+  '_MMVAD_SHORT' : [ 0x20, {
+    'u1' : [ 0x0, ['__unnamed_1586']],
+    'LeftChild' : [ 0x4, ['pointer', ['_MMVAD']]],
+    'RightChild' : [ 0x8, ['pointer', ['_MMVAD']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u' : [ 0x14, ['__unnamed_1589']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x1c, ['__unnamed_158c']],
+} ],
+  '__unnamed_1594' : [ 0x4, {
+    'Balance' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='long')]],
+    'Parent' : [ 0x0, ['pointer', ['_MMADDRESS_NODE']]],
+} ],
+  '_MMADDRESS_NODE' : [ 0x14, {
+    'u1' : [ 0x0, ['__unnamed_1594']],
+    'LeftChild' : [ 0x4, ['pointer', ['_MMADDRESS_NODE']]],
+    'RightChild' : [ 0x8, ['pointer', ['_MMADDRESS_NODE']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_1599' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '_MMVAD' : [ 0x3c, {
+    'u1' : [ 0x0, ['__unnamed_1586']],
+    'LeftChild' : [ 0x4, ['pointer', ['_MMVAD']]],
+    'RightChild' : [ 0x8, ['pointer', ['_MMVAD']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u' : [ 0x14, ['__unnamed_1589']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x1c, ['__unnamed_158c']],
+    'u2' : [ 0x20, ['__unnamed_1599']],
+    'Subsection' : [ 0x24, ['pointer', ['_SUBSECTION']]],
+    'MappedSubsection' : [ 0x24, ['pointer', ['_MSUBSECTION']]],
+    'FirstPrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x2c, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x30, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x38, ['pointer', ['_EPROCESS']]],
+} ],
+  '__unnamed_15a4' : [ 0x20, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x1c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x40, {
+    'Status' : [ 0x0, ['long']],
+    'Priority' : [ 0x4, ['unsigned char']],
+    'IrpPriority' : [ 0x5, ['unsigned char']],
+    'CurrentTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x10, ['unsigned long']],
+    'ModifiedPagesTotal' : [ 0x14, ['unsigned long']],
+    'ModifiedPagefilePages' : [ 0x18, ['unsigned long']],
+    'ModifiedNoWritePages' : [ 0x1c, ['unsigned long']],
+    'MdlHack' : [ 0x20, ['__unnamed_15a4']],
+} ],
+  '__unnamed_15aa' : [ 0x8, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '__unnamed_15ac' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x60, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x8, ['__unnamed_15aa']],
+    'Irp' : [ 0x10, ['pointer', ['_IRP']]],
+    'u1' : [ 0x14, ['__unnamed_15ac']],
+    'PagingFile' : [ 0x18, ['pointer', ['_MMPAGING_FILE']]],
+    'File' : [ 0x1c, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x20, ['pointer', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x24, ['pointer', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x28, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'PointerMdl' : [ 0x38, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x3c, ['_MDL']],
+    'Page' : [ 0x58, ['array', 1, ['unsigned long']]],
+} ],
+  '_MDL' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MDL']]],
+    'Size' : [ 0x4, ['short']],
+    'MdlFlags' : [ 0x6, ['short']],
+    'Process' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0xc, ['pointer', ['void']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'ByteCount' : [ 0x14, ['unsigned long']],
+    'ByteOffset' : [ 0x18, ['unsigned long']],
+} ],
+  '_HHIVE' : [ 0x2ec, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x4, ['pointer', ['void']]],
+    'ReleaseCellRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Allocate' : [ 0xc, ['pointer', ['void']]],
+    'Free' : [ 0x10, ['pointer', ['void']]],
+    'FileSetSize' : [ 0x14, ['pointer', ['void']]],
+    'FileWrite' : [ 0x18, ['pointer', ['void']]],
+    'FileRead' : [ 0x1c, ['pointer', ['void']]],
+    'FileFlush' : [ 0x20, ['pointer', ['void']]],
+    'HiveLoadFailure' : [ 0x24, ['pointer', ['void']]],
+    'BaseBlock' : [ 0x28, ['pointer', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x2c, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x34, ['unsigned long']],
+    'DirtyAlloc' : [ 0x38, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x3c, ['unsigned long']],
+    'Cluster' : [ 0x40, ['unsigned long']],
+    'Flat' : [ 0x44, ['unsigned char']],
+    'ReadOnly' : [ 0x45, ['unsigned char']],
+    'DirtyFlag' : [ 0x46, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x48, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x4c, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x50, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x54, ['unsigned long']],
+    'HiveFlags' : [ 0x58, ['unsigned long']],
+    'CurrentLog' : [ 0x5c, ['unsigned long']],
+    'LogSize' : [ 0x60, ['array', 2, ['unsigned long']]],
+    'RefreshCount' : [ 0x68, ['unsigned long']],
+    'StorageTypeCount' : [ 0x6c, ['unsigned long']],
+    'Version' : [ 0x70, ['unsigned long']],
+    'Storage' : [ 0x74, ['array', 2, ['_DUAL']]],
+} ],
+  '_CM_VIEW_OF_FILE' : [ 0x30, {
+    'MappedViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'PinnedViewLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'FlushedViewLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'CmHive' : [ 0x18, ['pointer', ['_CMHIVE']]],
+    'Bcb' : [ 0x1c, ['pointer', ['void']]],
+    'ViewAddress' : [ 0x20, ['pointer', ['void']]],
+    'FileOffset' : [ 0x24, ['unsigned long']],
+    'Size' : [ 0x28, ['unsigned long']],
+    'UseCount' : [ 0x2c, ['unsigned long']],
+} ],
+  '_CMHIVE' : [ 0x638, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x2ec, ['array', 6, ['pointer', ['void']]]],
+    'NotifyList' : [ 0x304, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x30c, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x314, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x31c, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0x320, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0x328, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x32c, ['unsigned long']],
+    'Identity' : [ 0x330, ['unsigned long']],
+    'HiveLock' : [ 0x334, ['pointer', ['_FAST_MUTEX']]],
+    'ViewLock' : [ 0x338, ['_EX_PUSH_LOCK']],
+    'ViewLockOwner' : [ 0x33c, ['pointer', ['_KTHREAD']]],
+    'ViewLockLast' : [ 0x340, ['unsigned long']],
+    'ViewUnLockLast' : [ 0x344, ['unsigned long']],
+    'WriterLock' : [ 0x348, ['pointer', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0x34c, ['pointer', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0x350, ['_RTL_BITMAP']],
+    'FlushOffsetArray' : [ 0x358, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'FlushOffsetArrayCount' : [ 0x35c, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x360, ['unsigned long']],
+    'FlushLock2' : [ 0x364, ['pointer', ['_FAST_MUTEX']]],
+    'SecurityLock' : [ 0x368, ['_EX_PUSH_LOCK']],
+    'MappedViewList' : [ 0x36c, ['_LIST_ENTRY']],
+    'PinnedViewList' : [ 0x374, ['_LIST_ENTRY']],
+    'FlushedViewList' : [ 0x37c, ['_LIST_ENTRY']],
+    'MappedViewCount' : [ 0x384, ['unsigned short']],
+    'PinnedViewCount' : [ 0x386, ['unsigned short']],
+    'UseCount' : [ 0x388, ['unsigned long']],
+    'ViewsPerHive' : [ 0x38c, ['unsigned long']],
+    'FileObject' : [ 0x390, ['pointer', ['_FILE_OBJECT']]],
+    'LastShrinkHiveSize' : [ 0x394, ['unsigned long']],
+    'ActualFileSize' : [ 0x398, ['_LARGE_INTEGER']],
+    'FileFullPath' : [ 0x3a0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x3a8, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x3b0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x3b8, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x3bc, ['unsigned long']],
+    'SecurityHitHint' : [ 0x3c0, ['long']],
+    'SecurityCache' : [ 0x3c4, ['pointer', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x3c8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0x5c8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x5cc, ['pointer', ['pointer', ['_KEVENT']]]],
+    'RootKcb' : [ 0x5d0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x5d4, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x5d8, ['pointer', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x5dc, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0x5f0, ['unsigned char']],
+    'GrowOffset' : [ 0x5f4, ['unsigned long']],
+    'KcbConvertListHead' : [ 0x5f8, ['_LIST_ENTRY']],
+    'KnodeConvertListHead' : [ 0x600, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0x608, ['pointer', ['_CM_CELL_REMAP_BLOCK']]],
+    'Flags' : [ 0x60c, ['unsigned long']],
+    'TrustClassEntry' : [ 0x610, ['_LIST_ENTRY']],
+    'FlushCount' : [ 0x618, ['unsigned long']],
+    'CmRm' : [ 0x61c, ['pointer', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x620, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x624, ['long']],
+    'CreatorOwner' : [ 0x628, ['pointer', ['_KTHREAD']]],
+    'RundownThread' : [ 0x62c, ['pointer', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x630, ['_LARGE_INTEGER']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0xa0, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Delete' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'DelayedDeref' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DelayedClose' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Parking' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyHash' : [ 0xc, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0xc, ['unsigned long']],
+    'NextHash' : [ 0x10, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x14, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+    'KcbPushlock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x20, ['pointer', ['_KTHREAD']]],
+    'SharedCount' : [ 0x20, ['long']],
+    'SlotHint' : [ 0x24, ['unsigned long']],
+    'ParentKcb' : [ 0x28, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x2c, ['pointer', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x34, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x3c, ['pointer', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x3c, ['unsigned long']],
+    'SubKeyCount' : [ 0x3c, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x48, ['array', 4, ['pointer', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0x60, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0x62, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0x64, ['unsigned long']],
+    'KcbUserFlags' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KCBUoWListHead' : [ 0x6c, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0x74, ['_LIST_ENTRY']],
+    'Stolen' : [ 0x74, ['pointer', ['unsigned char']]],
+    'TransKCBOwner' : [ 0x7c, ['pointer', ['_CM_TRANS']]],
+    'KCBLock' : [ 0x80, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x88, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x90, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x98, ['pointer', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x9c, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Entry' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+} ],
+  '__unnamed_1631' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: '_None', 1: '_CmInitializeHive', 2: '_HvInitializeHive', 3: '_HvpBuildMap', 4: '_HvpBuildMapAndCopy', 5: '_HvpInitMap', 6: '_HvLoadHive', 7: '_HvpReadFileImageAndBuildMap', 8: '_HvpRecoverData', 9: '_HvpRecoverWholeHive', 10: '_HvpMapFileImageAndBuildMap', 11: '_CmpValidateHiveSecurityDescriptors', 12: '_HvpEnlistBinInMap', 13: '_CmCheckRegistry', 14: '_CmRegistryIO', 15: '_CmCheckRegistry2', 16: '_CmpCheckKey', 17: '_CmpCheckValueList', 18: '_HvCheckHive', 19: '_HvCheckBin'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1634' : [ 0xc, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x4, ['pointer', ['void']]],
+    'Status' : [ 0x8, ['long']],
+} ],
+  '__unnamed_1636' : [ 0x4, {
+    'CheckStack' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1638' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x4, ['pointer', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x8, ['pointer', ['void']]],
+    'Index' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_163a' : [ 0x10, {
+    'List' : [ 0x0, ['pointer', ['_CELL_DATA']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Cell' : [ 0x8, ['unsigned long']],
+    'CellPoint' : [ 0xc, ['pointer', ['_CELL_DATA']]],
+} ],
+  '__unnamed_163e' : [ 0xc, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer', ['_HBIN']]],
+} ],
+  '__unnamed_1642' : [ 0x8, {
+    'Bin' : [ 0x0, ['pointer', ['_HBIN']]],
+    'CellPoint' : [ 0x4, ['pointer', ['_HCELL']]],
+} ],
+  '__unnamed_1644' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x120, {
+    'Hive' : [ 0x0, ['pointer', ['_HHIVE']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'RecoverableIndex' : [ 0x8, ['unsigned long']],
+    'Locations' : [ 0xc, ['array', 8, ['__unnamed_1631']]],
+    'RecoverableLocations' : [ 0x6c, ['array', 8, ['__unnamed_1631']]],
+    'RegistryIO' : [ 0xcc, ['__unnamed_1634']],
+    'CheckRegistry2' : [ 0xd8, ['__unnamed_1636']],
+    'CheckKey' : [ 0xdc, ['__unnamed_1638']],
+    'CheckValueList' : [ 0xec, ['__unnamed_163a']],
+    'CheckHive' : [ 0xfc, ['__unnamed_163e']],
+    'CheckHive1' : [ 0x108, ['__unnamed_163e']],
+    'CheckBin' : [ 0x114, ['__unnamed_1642']],
+    'RecoverData' : [ 0x11c, ['__unnamed_1644']],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x8, ['unsigned long']],
+    'Counters' : [ 0xc, ['pointer', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0x80, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'DpcCount' : [ 0x38, ['unsigned long']],
+    'DpcRate' : [ 0x3c, ['unsigned long']],
+    'C1Time' : [ 0x40, ['unsigned long long']],
+    'C2Time' : [ 0x48, ['unsigned long long']],
+    'C3Time' : [ 0x50, ['unsigned long long']],
+    'C1Transitions' : [ 0x58, ['unsigned long long']],
+    'C2Transitions' : [ 0x60, ['unsigned long long']],
+    'C3Transitions' : [ 0x68, ['unsigned long long']],
+    'ParkingStatus' : [ 0x70, ['unsigned long']],
+    'CurrentFrequency' : [ 0x74, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x78, ['unsigned long']],
+    'StateFlags' : [ 0x7c, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x8, {
+    'Data' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_TEB32' : [ 0xfe4, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'SystemReserved1' : [ 0xcc, ['array', 54, ['unsigned long']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'SpareBytes' : [ 0x1ac, ['array', 36, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'EtwLocalData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'SoftPatchPtr1' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'SpareUlong0' : [ 0xfdc, ['unsigned long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+} ],
+  '_TEB64' : [ 0x1818, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'SystemReserved1' : [ 0x110, ['array', 54, ['unsigned long long']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'SpareBytes' : [ 0x2d0, ['array', 24, ['unsigned char']]],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'EtwLocalData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'SoftPatchPtr1' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'SpareUlong0' : [ 0x180c, ['unsigned long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+} ],
+  '_KTIMER_TABLE' : [ 0x1840, {
+    'TimerExpiry' : [ 0x0, ['array', 16, ['pointer', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x40, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Entry' : [ 0x4, ['_LIST_ENTRY']],
+    'Time' : [ 0x10, ['_ULARGE_INTEGER']],
+} ],
+  '_KAFFINITY_EX' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0xc, {
+    'Affinity' : [ 0x0, ['pointer', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x4, ['unsigned long']],
+    'CurrentIndex' : [ 0x8, ['unsigned short']],
+} ],
+  '_GROUP_AFFINITY' : [ 0xc, {
+    'Mask' : [ 0x0, ['unsigned long']],
+    'Group' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['array', 3, ['unsigned short']]],
+} ],
+  '_XSTATE_SAVE' : [ 0x20, {
+    'Reserved1' : [ 0x0, ['long long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+    'Prev' : [ 0xc, ['pointer', ['_XSTATE_SAVE']]],
+    'Reserved3' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Thread' : [ 0x14, ['pointer', ['_KTHREAD']]],
+    'Reserved4' : [ 0x18, ['pointer', ['void']]],
+    'Level' : [ 0x1c, ['unsigned char']],
+    'XStateContext' : [ 0x0, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_FXSAVE_FORMAT' : [ 0x1e0, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned short']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned long']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned long']],
+    'MXCsr' : [ 0x18, ['unsigned long']],
+    'MXCsrMask' : [ 0x1c, ['unsigned long']],
+    'RegisterArea' : [ 0x20, ['array', 128, ['unsigned char']]],
+    'Reserved3' : [ 0xa0, ['array', 128, ['unsigned char']]],
+    'Reserved4' : [ 0x120, ['array', 192, ['unsigned char']]],
+} ],
+  '_FNSAVE_FORMAT' : [ 0x6c, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+} ],
+  '_KSTACK_AREA' : [ 0x210, {
+    'FnArea' : [ 0x0, ['_FNSAVE_FORMAT']],
+    'NpxFrame' : [ 0x0, ['_FXSAVE_FORMAT']],
+    'StackControl' : [ 0x1e0, ['_KERNEL_STACK_CONTROL']],
+    'Cr0NpxState' : [ 0x1fc, ['unsigned long']],
+    'Padding' : [ 0x200, ['array', 4, ['unsigned long']]],
+} ],
+  '_KERNEL_STACK_CONTROL' : [ 0x1c, {
+    'PreviousTrapFrame' : [ 0x0, ['pointer', ['_KTRAP_FRAME']]],
+    'PreviousExceptionList' : [ 0x0, ['pointer', ['void']]],
+    'StackControlFlags' : [ 0x4, ['unsigned long']],
+    'PreviousLargeStack' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousSegmentsPresent' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExpandCalloutStack' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Previous' : [ 0x8, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned short']],
+    'Logging' : [ 0x12, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x13, ['unsigned char']],
+    'Reserved' : [ 0x13, ['unsigned char']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x2c, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x8, ['unsigned long']],
+    'CompletedList' : [ 0xc, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x14, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x28, ['unsigned long']],
+} ],
+  '_KSEMAPHORE' : [ 0x14, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x10, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x3c, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x8, ['unsigned long']],
+    'Dope' : [ 0xc, ['pointer', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x10, ['unsigned long']],
+    'DeviceNode' : [ 0x14, ['pointer', ['void']]],
+    'AttachedTo' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x1c, ['long']],
+    'StartIoKey' : [ 0x20, ['long']],
+    'StartIoFlags' : [ 0x24, ['unsigned long']],
+    'Vpb' : [ 0x28, ['pointer', ['_VPB']]],
+    'DependentList' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProviderList' : [ 0x34, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1746' : [ 0x4, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1748' : [ 0x4, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_174c' : [ 0x10, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'DOCK_NOTDOCKDEVICE', 1: 'DOCK_QUIESCENT', 2: 'DOCK_ARRIVING', 3: 'DOCK_DEPARTING', 4: 'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0xc, ['pointer', ['unsigned short']]],
+} ],
+  '_DEVICE_NODE' : [ 0x188, {
+    'Sibling' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Level' : [ 0x28, ['unsigned long']],
+    'Notify' : [ 0x2c, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x68, ['_PO_IRP_MANAGER']],
+    'State' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x7c, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x80, ['array', -80, ['Enumeration', dict(target = 'long', choices = {768: 'DeviceNodeUnspecified', 769: 'DeviceNodeUninitialized', 770: 'DeviceNodeInitialized', 771: 'DeviceNodeDriversAdded', 772: 'DeviceNodeResourcesAssigned', 773: 'DeviceNodeStartPending', 774: 'DeviceNodeStartCompletion', 775: 'DeviceNodeStartPostWork', 776: 'DeviceNodeStarted', 777: 'DeviceNodeQueryStopped', 778: 'DeviceNodeStopped', 779: 'DeviceNodeRestartCompletion', 780: 'DeviceNodeEnumeratePending', 781: 'DeviceNodeEnumerateCompletion', 782: 'DeviceNodeAwaitingQueuedDeletion', 783: 'DeviceNodeAwaitingQueuedRemoval', 784: 'DeviceNodeQueryRemoved', 785: 'DeviceNodeRemovePendingCloses', 786: 'DeviceNodeRemoved', 787: 'DeviceNodeDeletePendingCloses', 788: 'DeviceNodeDeleted', 789: 'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0xd0, ['unsigned long']],
+    'CompletionStatus' : [ 0xd4, ['long']],
+    'Flags' : [ 0xd8, ['unsigned long']],
+    'UserFlags' : [ 0xdc, ['unsigned long']],
+    'Problem' : [ 0xe0, ['unsigned long']],
+    'ResourceList' : [ 0xe4, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0xe8, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0xec, ['pointer', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0xf0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0xf4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0xf8, ['unsigned long']],
+    'ChildInterfaceType' : [ 0xfc, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x100, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x104, ['unsigned short']],
+    'RemovalPolicy' : [ 0x106, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x107, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x108, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x110, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x118, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x120, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x122, ['unsigned short']],
+    'NoArbiterMask' : [ 0x124, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x126, ['unsigned short']],
+    'OverUsed1' : [ 0x128, ['__unnamed_1746']],
+    'OverUsed2' : [ 0x12c, ['__unnamed_1748']],
+    'BootResources' : [ 0x130, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x134, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x138, ['unsigned long']],
+    'DockInfo' : [ 0x13c, ['__unnamed_174c']],
+    'DisableableDepends' : [ 0x14c, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x150, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x160, ['unsigned long']],
+    'PreviousParent' : [ 0x164, ['pointer', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x168, ['unsigned long']],
+    'NumaNodeIndex' : [ 0x16c, ['unsigned long']],
+    'ContainerID' : [ 0x170, ['_GUID']],
+    'OverrideFlags' : [ 0x180, ['unsigned char']],
+    'RequiresUnloadedDriver' : [ 0x181, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x184, ['pointer', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+} ],
+  '_KNODE' : [ 0x80, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x8, ['array', 3, ['_SLIST_HEADER']]],
+    'Affinity' : [ 0x20, ['_GROUP_AFFINITY']],
+    'ProximityId' : [ 0x2c, ['unsigned long']],
+    'NodeNumber' : [ 0x30, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x32, ['unsigned short']],
+    'MaximumProcessors' : [ 0x34, ['unsigned char']],
+    'Color' : [ 0x35, ['unsigned char']],
+    'Flags' : [ 0x36, ['_flags']],
+    'NodePad0' : [ 0x37, ['unsigned char']],
+    'Seed' : [ 0x38, ['unsigned long']],
+    'MmShiftedColor' : [ 0x3c, ['unsigned long']],
+    'FreeCount' : [ 0x40, ['array', 2, ['unsigned long']]],
+    'CachedKernelStacks' : [ 0x48, ['_CACHED_KSTACK_LIST']],
+    'ParkLock' : [ 0x60, ['long']],
+    'NodePad1' : [ 0x64, ['unsigned long']],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0xc, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x28, {
+    'PhysicalDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'AllocationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'ArbiterRequestLegacyReported', 1: 'ArbiterRequestHalReported', 2: 'ArbiterRequestLegacyAssigned', 3: 'ArbiterRequestPnpDetected', 4: 'ArbiterRequestPnpEnumerated', -1: 'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0xc, ['unsigned long']],
+    'Position' : [ 0x10, ['unsigned long']],
+    'ResourceRequirements' : [ 0x14, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x18, ['pointer', ['void']]],
+    'ResourceAssignment' : [ 0x1c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x20, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x24, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_17f5' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_17f5']],
+} ],
+  '__unnamed_17fc' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_17fc']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_X86_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_POP_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x20, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0x1c, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x160, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x28, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x30, ['array', 4, ['pointer', ['_VACB']]]],
+    'Vacbs' : [ 0x40, ['pointer', ['pointer', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x44, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x4c, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'Flags' : [ 0x60, ['unsigned long']],
+    'Status' : [ 0x64, ['long']],
+    'Mbcb' : [ 0x68, ['pointer', ['_MBCB']]],
+    'Section' : [ 0x6c, ['pointer', ['void']]],
+    'CreateEvent' : [ 0x70, ['pointer', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0x74, ['pointer', ['_KEVENT']]],
+    'PagesToWrite' : [ 0x78, ['unsigned long']],
+    'BeyondLastFlush' : [ 0x80, ['long long']],
+    'Callbacks' : [ 0x88, ['pointer', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0x8c, ['pointer', ['void']]],
+    'PrivateList' : [ 0x90, ['_LIST_ENTRY']],
+    'LogHandle' : [ 0x98, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x9c, ['pointer', ['void']]],
+    'DirtyPageThreshold' : [ 0xa0, ['unsigned long']],
+    'LazyWritePassCount' : [ 0xa4, ['unsigned long']],
+    'UninitializeEvent' : [ 0xa8, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0xac, ['_KGUARDED_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0xd0, ['_LARGE_INTEGER']],
+    'Event' : [ 0xd8, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0xe8, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0xf0, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x148, ['pointer', ['void']]],
+    'VolumeCacheMap' : [ 0x14c, ['pointer', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x150, ['unsigned long']],
+    'WritesInProgress' : [ 0x154, ['unsigned long']],
+    'PipelinedReadAheadSize' : [ 0x158, ['unsigned long']],
+} ],
+  '__unnamed_186c' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+} ],
+  '_VACB' : [ 0x20, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x8, ['__unnamed_186c']],
+    'Links' : [ 0x10, ['_LIST_ENTRY']],
+    'ArrayHead' : [ 0x18, ['pointer', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_KGUARDED_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+    'KernelApcDisable' : [ 0x1c, ['short']],
+    'SpecialApcDisable' : [ 0x1e, ['short']],
+    'CombinedApcDisable' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_188a' : [ 0x4, {
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_188c' : [ 0x4, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_188e' : [ 0x4, {
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+} ],
+  '__unnamed_1890' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1892' : [ 0x4, {
+    'Read' : [ 0x0, ['__unnamed_188a']],
+    'Write' : [ 0x0, ['__unnamed_188c']],
+    'Event' : [ 0x0, ['__unnamed_188e']],
+    'Notification' : [ 0x0, ['__unnamed_1890']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x10, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x8, ['__unnamed_1892']],
+    'Function' : [ 0xc, ['unsigned char']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x10, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x8, ['pointer', ['void']]],
+    'VacbLevelsAllocated' : [ 0xc, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x24, {
+    'ExtendedLookup' : [ 0x0, ['pointer', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x4, ['unsigned long']],
+    'ExtraItem' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x10, ['unsigned long']],
+    'BaseIndex' : [ 0x14, ['unsigned long']],
+    'ListHead' : [ 0x18, ['pointer', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'ListHints' : [ 0x20, ['pointer', ['pointer', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x138, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+    'Flags' : [ 0x40, ['unsigned long']],
+    'ForceFlags' : [ 0x44, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x48, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x4c, ['unsigned long']],
+    'Encoding' : [ 0x50, ['_HEAP_ENTRY']],
+    'PointerKey' : [ 0x58, ['unsigned long']],
+    'Interceptor' : [ 0x5c, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x60, ['unsigned long']],
+    'Signature' : [ 0x64, ['unsigned long']],
+    'SegmentReserve' : [ 0x68, ['unsigned long']],
+    'SegmentCommit' : [ 0x6c, ['unsigned long']],
+    'DeCommitFreeBlockThreshold' : [ 0x70, ['unsigned long']],
+    'DeCommitTotalFreeThreshold' : [ 0x74, ['unsigned long']],
+    'TotalFreeSize' : [ 0x78, ['unsigned long']],
+    'MaximumAllocationSize' : [ 0x7c, ['unsigned long']],
+    'ProcessHeapsListIndex' : [ 0x80, ['unsigned short']],
+    'HeaderValidateLength' : [ 0x82, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0x84, ['pointer', ['void']]],
+    'NextAvailableTagIndex' : [ 0x88, ['unsigned short']],
+    'MaximumTagIndex' : [ 0x8a, ['unsigned short']],
+    'TagEntries' : [ 0x8c, ['pointer', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0x90, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x98, ['unsigned long']],
+    'AlignMask' : [ 0x9c, ['unsigned long']],
+    'VirtualAllocdBlocks' : [ 0xa0, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0xa8, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0xb0, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0xb4, ['unsigned long']],
+    'BlocksIndex' : [ 0xb8, ['pointer', ['void']]],
+    'UCRIndex' : [ 0xbc, ['pointer', ['void']]],
+    'PseudoTagEntries' : [ 0xc0, ['pointer', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0xc4, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0xcc, ['pointer', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0xd0, ['pointer', ['void']]],
+    'FrontEndHeap' : [ 0xd4, ['pointer', ['void']]],
+    'FrontHeapLockCount' : [ 0xd8, ['unsigned short']],
+    'FrontEndHeapType' : [ 0xda, ['unsigned char']],
+    'Counters' : [ 0xdc, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x130, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_18e3' : [ 0x18, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+} ],
+  '_HEAP_LOCK' : [ 0x18, {
+    'Lock' : [ 0x0, ['__unnamed_18e3']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x18, {
+    'DebugInfo' : [ 0x0, ['pointer', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x4, ['long']],
+    'RecursionCount' : [ 0x8, ['long']],
+    'OwningThread' : [ 0xc, ['pointer', ['void']]],
+    'LockSemaphore' : [ 0x10, ['pointer', ['void']]],
+    'SpinCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_HEAP_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['pointer', ['void']]],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x40, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['pointer', ['void']]],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+    'FreeList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEB' : [ 0x248, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsLegacyProcess' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['pointer', ['void']]],
+    'ImageBaseAddress' : [ 0x8, ['pointer', ['void']]],
+    'Ldr' : [ 0xc, ['pointer', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x10, ['pointer', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x14, ['pointer', ['void']]],
+    'ProcessHeap' : [ 0x18, ['pointer', ['void']]],
+    'FastPebLock' : [ 0x1c, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x20, ['pointer', ['void']]],
+    'IFEOKey' : [ 0x24, ['pointer', ['void']]],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['pointer', ['void']]],
+    'UserSharedInfoPtr' : [ 0x2c, ['pointer', ['void']]],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['pointer', ['void']]],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['pointer', ['void']]],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['pointer', ['void']]],
+    'HotpatchInformation' : [ 0x50, ['pointer', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x54, ['pointer', ['pointer', ['void']]]],
+    'AnsiCodePageData' : [ 0x58, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x5c, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x60, ['pointer', ['void']]],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['pointer', ['pointer', ['void']]]],
+    'GdiSharedHandleTable' : [ 0x94, ['pointer', ['void']]],
+    'ProcessStarterHelper' : [ 0x98, ['pointer', ['void']]],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['pointer', ['void']]],
+    'TlsExpansionBitmap' : [ 0x150, ['pointer', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['pointer', ['void']]],
+    'AppCompatInfo' : [ 0x1ec, ['pointer', ['void']]],
+    'CSDVersion' : [ 0x1f0, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x1f8, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x200, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x204, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['pointer', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x210, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x218, ['pointer', ['void']]],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['pointer', ['void']]],
+    'WerShipAssertPtr' : [ 0x234, ['pointer', ['void']]],
+    'pContextData' : [ 0x238, ['pointer', ['void']]],
+    'pImageHeaderHash' : [ 0x23c, ['pointer', ['void']]],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer', ['void']]],
+    'InLoadOrderModuleList' : [ 0xc, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x14, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x24, ['pointer', ['void']]],
+    'ShutdownInProgress' : [ 0x28, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x78, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'LoadCount' : [ 0x38, ['unsigned short']],
+    'TlsIndex' : [ 0x3a, ['unsigned short']],
+    'HashLinks' : [ 0x3c, ['_LIST_ENTRY']],
+    'SectionPointer' : [ 0x3c, ['pointer', ['void']]],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+    'LoadedImports' : [ 0x44, ['pointer', ['void']]],
+    'EntryPointActivationContext' : [ 0x48, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'PatchInformation' : [ 0x4c, ['pointer', ['void']]],
+    'ForwarderLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'ServiceTagLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'StaticLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ContextInformation' : [ 0x68, ['pointer', ['void']]],
+    'OriginalBase' : [ 0x6c, ['unsigned long']],
+    'LoadTime' : [ 0x70, ['_LARGE_INTEGER']],
+} ],
+  '_HEAP_SUBSEGMENT' : [ 0x20, {
+    'LocalInfo' : [ 0x0, ['pointer', ['_HEAP_LOCAL_SEGMENT_INFO']]],
+    'UserBlocks' : [ 0x4, ['pointer', ['_HEAP_USERDATA_HEADER']]],
+    'AggregateExchg' : [ 0x8, ['_INTERLOCK_SEQ']],
+    'BlockSize' : [ 0x10, ['unsigned short']],
+    'Flags' : [ 0x12, ['unsigned short']],
+    'BlockCount' : [ 0x14, ['unsigned short']],
+    'SizeIndex' : [ 0x16, ['unsigned char']],
+    'AffinityIndex' : [ 0x17, ['unsigned char']],
+    'Alignment' : [ 0x10, ['array', 2, ['unsigned long']]],
+    'SFreeListEntry' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'Lock' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_1962' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1964' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1962']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1966' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1968' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1966']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1964']],
+    'u2' : [ 0x4, ['__unnamed_1968']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x24, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'BLOB_TYPE_UNKNOWN', 1: 'BLOB_TYPE_CONNECTION_INFO', 2: 'BLOB_TYPE_MESSAGE', 3: 'BLOB_TYPE_SECURITY_CONTEXT', 4: 'BLOB_TYPE_SECTION', 5: 'BLOB_TYPE_REGION', 6: 'BLOB_TYPE_VIEW', 7: 'BLOB_TYPE_RESERVE', 8: 'BLOB_TYPE_DIRECT_TRANSFER', 9: 'BLOB_TYPE_HANDLE_DATA', 10: 'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'CreatedObjects' : [ 0xc, ['unsigned long']],
+    'DeletedObjects' : [ 0x10, ['unsigned long']],
+    'DeleteProcedure' : [ 0x14, ['pointer', ['void']]],
+    'DestroyProcedure' : [ 0x18, ['pointer', ['void']]],
+    'UsualSize' : [ 0x1c, ['unsigned long']],
+    'LookasideIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_1984' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1986' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1984']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x18, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'u1' : [ 0x8, ['__unnamed_1986']],
+    'ResourceId' : [ 0x9, ['unsigned char']],
+    'CachedReferences' : [ 0xa, ['short']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Pad' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1998' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_199a' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1998']],
+} ],
+  '_KALPC_SECTION' : [ 0x28, {
+    'SectionObject' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'HandleTable' : [ 0x8, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0xc, ['pointer', ['void']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x14, ['pointer', ['_ALPC_PORT']]],
+    'u1' : [ 0x18, ['__unnamed_199a']],
+    'NumberOfRegions' : [ 0x1c, ['unsigned long']],
+    'RegionListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_19a0' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_19a2' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19a0']],
+} ],
+  '_KALPC_REGION' : [ 0x30, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x8, ['pointer', ['_KALPC_SECTION']]],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ViewSize' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_19a2']],
+    'NumberOfViews' : [ 0x1c, ['unsigned long']],
+    'ViewListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x28, ['pointer', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x2c, ['pointer', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_19a8' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_19aa' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19a8']],
+} ],
+  '_KALPC_VIEW' : [ 0x34, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x8, ['pointer', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'Address' : [ 0x14, ['pointer', ['void']]],
+    'Size' : [ 0x18, ['unsigned long']],
+    'SecureViewHandle' : [ 0x1c, ['pointer', ['void']]],
+    'WriteAccessHandle' : [ 0x20, ['pointer', ['void']]],
+    'u1' : [ 0x24, ['__unnamed_19aa']],
+    'NumberOfOwnerMessages' : [ 0x28, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x24, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x4, ['pointer', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0xc, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x14, ['_ALPC_HANDLE_TABLE']],
+} ],
+  '__unnamed_19c6' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_19c8' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19c6']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0xfc, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x10, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x14, ['pointer', ['void']]],
+    'CompletionPacketLookaside' : [ 0x18, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x1c, ['pointer', ['void']]],
+    'StaticSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'MainQueue' : [ 0x5c, ['_LIST_ENTRY']],
+    'PendingQueue' : [ 0x64, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0x6c, ['_LIST_ENTRY']],
+    'WaitQueue' : [ 0x74, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0x7c, ['pointer', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0x7c, ['pointer', ['_KEVENT']]],
+    'PortAttributes' : [ 0x80, ['_ALPC_PORT_ATTRIBUTES']],
+    'Lock' : [ 0xac, ['_EX_PUSH_LOCK']],
+    'ResourceListLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0xb4, ['_LIST_ENTRY']],
+    'CompletionList' : [ 0xbc, ['pointer', ['_ALPC_COMPLETION_LIST']]],
+    'MessageZone' : [ 0xc0, ['pointer', ['_ALPC_MESSAGE_ZONE']]],
+    'CallbackObject' : [ 0xc4, ['pointer', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0xc8, ['pointer', ['void']]],
+    'CanceledQueue' : [ 0xcc, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0xd4, ['long']],
+    'u1' : [ 0xd8, ['__unnamed_19c8']],
+    'TargetQueuePort' : [ 0xdc, ['pointer', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0xe0, ['pointer', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0xe4, ['pointer', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0xe8, ['unsigned long']],
+    'PendingQueueLength' : [ 0xec, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0xf0, ['unsigned long']],
+    'CanceledQueueLength' : [ 0xf4, ['unsigned long']],
+    'WaitQueueLength' : [ 0xf8, ['unsigned long']],
+} ],
+  '_OBJECT_TYPE' : [ 0x88, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x10, ['pointer', ['void']]],
+    'Index' : [ 0x14, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x18, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x1c, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x20, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x24, ['unsigned long']],
+    'TypeInfo' : [ 0x28, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0x7c, ['unsigned long']],
+    'CallbackList' : [ 0x80, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_19e1' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_19e3' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_19e1']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x88, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtensionBuffer' : [ 0x8, ['pointer', ['void']]],
+    'ExtensionBufferSize' : [ 0xc, ['unsigned long']],
+    'QuotaProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x10, ['pointer', ['void']]],
+    'SequenceNo' : [ 0x14, ['long']],
+    'u1' : [ 0x18, ['__unnamed_19e3']],
+    'CancelSequencePort' : [ 0x1c, ['pointer', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x20, ['pointer', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x24, ['long']],
+    'CancelListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitingThread' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'Reserve' : [ 0x34, ['pointer', ['_KALPC_RESERVE']]],
+    'PortQueue' : [ 0x38, ['pointer', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x3c, ['pointer', ['_ALPC_PORT']]],
+    'MessageAttributes' : [ 0x40, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0x5c, ['pointer', ['void']]],
+    'DataSystemVa' : [ 0x60, ['pointer', ['void']]],
+    'CommunicationInfo' : [ 0x64, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0x68, ['pointer', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0x6c, ['pointer', ['_ETHREAD']]],
+    'PortMessage' : [ 0x70, ['_PORT_MESSAGE']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x4, ['unsigned long']],
+    'ViewBase' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x14, {
+    'OwnerPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x4, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Message' : [ 0xc, ['pointer', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ObjectType' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['pointer', ['_OB_DUPLICATE_OBJECT_STATE']]],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x1c, {
+    'ClientContext' : [ 0x0, ['pointer', ['void']]],
+    'ServerContext' : [ 0x4, ['pointer', ['void']]],
+    'PortContext' : [ 0x8, ['pointer', ['void']]],
+    'CancelPortContext' : [ 0xc, ['pointer', ['void']]],
+    'SecurityData' : [ 0x10, ['pointer', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x14, ['pointer', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x18, ['pointer', ['_KALPC_HANDLE_DATA']]],
+} ],
+  '__unnamed_1a20' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1a22' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1a20']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x50, {
+    'HandleTable' : [ 0x0, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x4, ['pointer', ['void']]],
+    'OwningProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x10, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x4c, ['__unnamed_1a22']],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x8, ['unsigned long']],
+    'KeyContext' : [ 0xc, ['pointer', ['void']]],
+    'ApcContext' : [ 0x10, ['pointer', ['void']]],
+    'IoStatus' : [ 0x14, ['long']],
+    'IoStatusInformation' : [ 0x18, ['unsigned long']],
+    'MiniPacketCallback' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Allocated' : [ 0x24, ['unsigned char']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x20, {
+    'PortObject' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'Message' : [ 0x4, ['pointer', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'TargetPort' : [ 0x10, ['pointer', ['_ALPC_PORT']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'TotalLength' : [ 0x18, ['unsigned short']],
+    'Type' : [ 0x1a, ['unsigned short']],
+    'DataInfoOffset' : [ 0x1c, ['unsigned short']],
+} ],
+  '_DRIVER_OBJECT' : [ 0xa8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DriverStart' : [ 0xc, ['pointer', ['void']]],
+    'DriverSize' : [ 0x10, ['unsigned long']],
+    'DriverSection' : [ 0x14, ['pointer', ['void']]],
+    'DriverExtension' : [ 0x18, ['pointer', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x1c, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x28, ['pointer', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x2c, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x30, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x34, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x38, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x14, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0xc, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x24, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+    'FoIoPriorityHint' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'IopIoPriorityNotSet', 1: 'IopIoPriorityVeryLow', 2: 'IopIoPriorityLow', 3: 'IopIoPriorityNormal', 4: 'IopIoPriorityHigh', 5: 'IopIoPriorityCritical', 6: 'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x8, ['long']],
+    'Information' : [ 0xc, ['unsigned long']],
+    'ParseCheck' : [ 0x10, ['unsigned long']],
+    'RelatedFileObject' : [ 0x14, ['pointer', ['_FILE_OBJECT']]],
+    'OriginalAttributes' : [ 0x18, ['pointer', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x28, ['unsigned long']],
+    'FileAttributes' : [ 0x2c, ['unsigned short']],
+    'ShareAccess' : [ 0x2e, ['unsigned short']],
+    'EaBuffer' : [ 0x30, ['pointer', ['void']]],
+    'EaLength' : [ 0x34, ['unsigned long']],
+    'Options' : [ 0x38, ['unsigned long']],
+    'Disposition' : [ 0x3c, ['unsigned long']],
+    'BasicInformation' : [ 0x40, ['pointer', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x44, ['pointer', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: 'CreateFileTypeNone', 1: 'CreateFileTypeNamedPipe', 2: 'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x4c, ['pointer', ['void']]],
+    'Override' : [ 0x50, ['unsigned char']],
+    'QueryOnly' : [ 0x51, ['unsigned char']],
+    'DeleteOnly' : [ 0x52, ['unsigned char']],
+    'FullAttributes' : [ 0x53, ['unsigned char']],
+    'LocalFileObject' : [ 0x54, ['pointer', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x58, ['unsigned long']],
+    'DriverCreateContext' : [ 0x5c, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '_RTL_RB_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0xc, {
+    'Children' : [ 0x0, ['array', 2, ['pointer', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x4, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x248, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'CollectionOn' : [ 0xc, ['long']],
+    'LoggerMode' : [ 0x10, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x14, ['long']],
+    'GetCpuClock' : [ 0x18, ['pointer', ['void']]],
+    'StartTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x28, ['pointer', ['void']]],
+    'LoggerThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x30, ['long']],
+    'NBQHead' : [ 0x34, ['pointer', ['void']]],
+    'OverflowNBQHead' : [ 0x38, ['pointer', ['void']]],
+    'QueueBlockFreeList' : [ 0x40, ['_SLIST_HEADER']],
+    'GlobalList' : [ 0x48, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x50, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x50, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x5c, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x64, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0x6c, ['_UNICODE_STRING']],
+    'ClockType' : [ 0x74, ['unsigned long']],
+    'MaximumFileSize' : [ 0x78, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0x7c, ['unsigned long']],
+    'FlushTimer' : [ 0x80, ['unsigned long']],
+    'FlushThreshold' : [ 0x84, ['unsigned long']],
+    'ByteOffset' : [ 0x88, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0x90, ['unsigned long']],
+    'BuffersAvailable' : [ 0x94, ['long']],
+    'NumberOfBuffers' : [ 0x98, ['long']],
+    'MaximumBuffers' : [ 0x9c, ['unsigned long']],
+    'EventsLost' : [ 0xa0, ['unsigned long']],
+    'BuffersWritten' : [ 0xa4, ['unsigned long']],
+    'LogBuffersLost' : [ 0xa8, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xac, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xb0, ['unsigned long']],
+    'SequencePtr' : [ 0xb4, ['pointer', ['long']]],
+    'LocalSequence' : [ 0xb8, ['unsigned long']],
+    'InstanceGuid' : [ 0xbc, ['_GUID']],
+    'FileCounter' : [ 0xcc, ['long']],
+    'BufferCallback' : [ 0xd0, ['pointer', ['void']]],
+    'PoolType' : [ 0xd4, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0xd8, ['_ETW_REF_CLOCK']],
+    'Consumers' : [ 0xe8, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0xf0, ['unsigned long']],
+    'TransitionConsumer' : [ 0xf4, ['pointer', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0xf8, ['pointer', ['void']]],
+    'RealtimeLogfileName' : [ 0xfc, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x110, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x118, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x120, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x128, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x130, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x138, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x148, ['Enumeration', dict(target = 'long', choices = {0: 'EtwRtEventNoLoss', 1: 'EtwRtEventLost', 2: 'EtwRtBufferLost', 3: 'EtwRtBackupLost', 4: 'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x14c, ['_KEVENT']],
+    'FlushEvent' : [ 0x15c, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x170, ['_KTIMER']],
+    'FlushDpc' : [ 0x198, ['_KDPC']],
+    'LoggerMutex' : [ 0x1b8, ['_KMUTANT']],
+    'LoggerLock' : [ 0x1d8, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x1dc, ['unsigned long']],
+    'BufferListPushLock' : [ 0x1dc, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x1e0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x21c, ['pointer', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x220, ['_EX_FAST_REF']],
+    'BufferSequenceNumber' : [ 0x228, ['long long']],
+    'Flags' : [ 0x230, ['unsigned long']],
+    'Persistent' : [ 0x230, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x230, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x230, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x230, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x230, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x230, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x230, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x230, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x230, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x230, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x234, ['unsigned long']],
+    'RequestNewFie' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RequestUpdateFile' : [ 0x234, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RequestFlush' : [ 0x234, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RequestDisableRealtime' : [ 0x234, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequestDisconnectConsumer' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RequestConnectConsumer' : [ 0x234, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x238, ['_RTL_BITMAP']],
+    'DisallowedGuids' : [ 0x240, ['_DISALLOWED_GUIDS']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_ETW_BUFFER_HANDLE' : [ 0x8, {
+    'TraceBuffer' : [ 0x0, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'BufferFastRef' : [ 0x4, ['pointer', ['_EX_FAST_REF']]],
+} ],
+  '_SYSTEM_TRACE_HEADER' : [ 0x20, {
+    'Marker' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['unsigned char']],
+    'Header' : [ 0x4, ['unsigned long']],
+    'Packet' : [ 0x4, ['_WMI_TRACE_PACKET']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'SystemTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'KernelTime' : [ 0x18, ['unsigned long']],
+    'UserTime' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PERFINFO_TRACE_HEADER' : [ 0x18, {
+    'Marker' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['unsigned char']],
+    'Header' : [ 0x4, ['unsigned long']],
+    'Packet' : [ 0x4, ['_WMI_TRACE_PACKET']],
+    'TS' : [ 0x8, ['unsigned long long']],
+    'SystemTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'Data' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_NBQUEUE_BLOCK' : [ 0x18, {
+    'SListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x8, ['unsigned long long']],
+    'Data' : [ 0x10, ['unsigned long long']],
+} ],
+  '_TlgProvider_t' : [ 0x30, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x4, ['pointer', ['unsigned short']]],
+    'KeywordAny' : [ 0x8, ['unsigned long long']],
+    'KeywordAll' : [ 0x10, ['unsigned long long']],
+    'RegHandle' : [ 0x18, ['unsigned long long']],
+    'EnableCallback' : [ 0x20, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x24, ['pointer', ['void']]],
+    'AnnotationFunc' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KMUTANT' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x18, ['pointer', ['_KTHREAD']]],
+    'Abandoned' : [ 0x1c, ['unsigned char']],
+    'ApcDisable' : [ 0x1d, ['unsigned char']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_TRACE_ENABLE_CONTEXT' : [ 0x8, {
+    'LoggerId' : [ 0x0, ['unsigned short']],
+    'Level' : [ 0x2, ['unsigned char']],
+    'InternalFlag' : [ 0x3, ['unsigned char']],
+    'EnableFlags' : [ 0x4, ['unsigned long']],
+} ],
+  '_TRACE_ENABLE_CONTEXT_EX' : [ 0x10, {
+    'LoggerId' : [ 0x0, ['unsigned short']],
+    'Level' : [ 0x2, ['unsigned char']],
+    'InternalFlag' : [ 0x3, ['unsigned char']],
+    'EnableFlags' : [ 0x4, ['unsigned long']],
+    'EnableFlagsHigh' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x178, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x8, ['long']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'RegListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x24, ['pointer', ['void']]],
+    'LastEnable' : [ 0x28, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x28, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x38, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x58, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x158, ['array', 8, ['pointer', ['_EVENT_FILTER_HEADER']]]],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x1e8, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x34, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x74, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x78, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x7c, ['unsigned long']],
+    'VariableLength' : [ 0x80, ['unsigned long']],
+    'DynamicCharged' : [ 0x84, ['unsigned long']],
+    'DynamicAvailable' : [ 0x88, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x8c, ['unsigned long']],
+    'UserAndGroups' : [ 0x90, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x94, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0x98, ['pointer', ['void']]],
+    'DynamicPart' : [ 0x9c, ['pointer', ['unsigned long']]],
+    'DefaultDacl' : [ 0xa0, ['pointer', ['_ACL']]],
+    'TokenType' : [ 0xa4, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xac, ['unsigned long']],
+    'TokenInUse' : [ 0xb0, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xb4, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xb8, ['unsigned long']],
+    'LogonSession' : [ 0xbc, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xc0, ['_LUID']],
+    'SidHash' : [ 0xc8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x150, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x1d8, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'SessionObject' : [ 0x1dc, ['pointer', ['void']]],
+    'VariablePart' : [ 0x1e0, ['unsigned long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x34, {
+    'Next' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x4, ['_LUID']],
+    'BuddyLogonId' : [ 0xc, ['_LUID']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'pDeviceMap' : [ 0x1c, ['pointer', ['_DEVICE_MAP']]],
+    'Token' : [ 0x20, ['pointer', ['void']]],
+    'AccountName' : [ 0x24, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x2c, ['_UNICODE_STRING']],
+} ],
+  '_OBJECT_HEADER' : [ 0x20, {
+    'PointerCount' : [ 0x0, ['long']],
+    'HandleCount' : [ 0x4, ['long']],
+    'NextToFree' : [ 0x4, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0xc, ['unsigned char']],
+    'TraceFlags' : [ 0xd, ['unsigned char']],
+    'InfoMask' : [ 0xe, ['unsigned char']],
+    'Flags' : [ 0xf, ['unsigned char']],
+    'ObjectCreateInfo' : [ 0x10, ['pointer', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x10, ['pointer', ['void']]],
+    'SecurityDescriptor' : [ 0x14, ['pointer', ['void']]],
+    'Body' : [ 0x18, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x10, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x8, {
+    'ExclusiveProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x8, {
+    'HandleCountDataBase' : [ 0x0, ['pointer', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x10, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x4, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0xc, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x10, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x8, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x14, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+    'HashIndex' : [ 0xc, ['unsigned short']],
+    'DirectoryLocked' : [ 0xe, ['unsigned char']],
+    'LockedExclusive' : [ 0xf, ['unsigned char']],
+    'LockStateSignature' : [ 0x10, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0xac, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x94, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x98, ['pointer', ['_DEVICE_MAP']]],
+    'SessionId' : [ 0x9c, ['unsigned long']],
+    'NamespaceEntry' : [ 0xa0, ['pointer', ['void']]],
+    'SessionObject' : [ 0xa4, ['pointer', ['void']]],
+    'Flags' : [ 0xa8, ['unsigned long']],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x4, {
+    'ImpersonationData' : [ 0x0, ['unsigned long']],
+    'ImpersonationToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS3' : [ 0x4, {
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long')]],
+    'Teb' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SequentialAccess' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'LastSequentialTrim' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 24, native_type='unsigned long')]],
+    'Spare2' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x4, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer', ['_VI_POOL_ENTRY']]],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'Reserved1' : [ 0xa8, ['array', 85, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x8, ['pointer', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'SharedWaiters' : [ 0x10, ['pointer', ['_KSEMAPHORE']]],
+    'ExclusiveWaiters' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x18, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x30, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x4, ['unsigned long']],
+    'SenderPort' : [ 0x8, ['pointer', ['void']]],
+    'RepliedToThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'PortContext' : [ 0x10, ['pointer', ['void']]],
+    'Request' : [ 0x18, ['_PORT_MESSAGE']],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x13c, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x4, ['pointer', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x8, ['pointer', ['_HMAP_TABLE']]],
+    'Guard' : [ 0xc, ['unsigned long']],
+    'FreeDisplay' : [ 0x10, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeSummary' : [ 0x130, ['unsigned long']],
+    'FreeBins' : [ 0x134, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x2c, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long']],
+    'MemoryBandwidth' : [ 0x14, ['unsigned long']],
+    'MaxPoolUsage' : [ 0x18, ['unsigned long']],
+    'MaxSectionSize' : [ 0x1c, ['unsigned long']],
+    'MaxViewSize' : [ 0x20, ['unsigned long']],
+    'MaxTotalSectionSize' : [ 0x24, ['unsigned long']],
+    'DupObjectTypes' : [ 0x28, ['unsigned long']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_KQUEUE' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x18, ['unsigned long']],
+    'MaximumCount' : [ 0x1c, ['unsigned long']],
+    'ThreadListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Coalescable' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KeepShifting' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'Abandoned' : [ 0x1, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'ThreadSpecControl' : [ 0x1, ['unsigned char']],
+    'SpecControlIbrs' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecControlStibp' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SpecControlReserved' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CpuThrottled' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Processor' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved2' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DpcActive' : [ 0x3, ['unsigned char']],
+    'Lock' : [ 0x0, ['long']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x10, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'DontUse0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'PointerProtoPte' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'WaitResponse' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_COUNTERS' : [ 0x54, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long']],
+    'TotalMemoryCommitted' : [ 0x4, ['unsigned long']],
+    'TotalMemoryLargeUCR' : [ 0x8, ['unsigned long']],
+    'TotalSizeInVirtualBlocks' : [ 0xc, ['unsigned long']],
+    'TotalSegments' : [ 0x10, ['unsigned long']],
+    'TotalUCRs' : [ 0x14, ['unsigned long']],
+    'CommittOps' : [ 0x18, ['unsigned long']],
+    'DeCommitOps' : [ 0x1c, ['unsigned long']],
+    'LockAcquires' : [ 0x20, ['unsigned long']],
+    'LockCollisions' : [ 0x24, ['unsigned long']],
+    'CommitRate' : [ 0x28, ['unsigned long']],
+    'DecommittRate' : [ 0x2c, ['unsigned long']],
+    'CommitFailures' : [ 0x30, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x34, ['unsigned long']],
+    'CompactHeapCalls' : [ 0x38, ['unsigned long']],
+    'CompactedUCRs' : [ 0x3c, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x40, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x44, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x48, ['unsigned long']],
+    'HighWatermarkSize' : [ 0x4c, ['unsigned long']],
+    'LastPolledSize' : [ 0x50, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x10, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x8, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0xc, ['unsigned long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Count' : [ 0x8, ['unsigned long']],
+    'NumberOfEntries' : [ 0xc, ['unsigned long']],
+    'NumberOfEntriesPeak' : [ 0x10, ['unsigned long']],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0xc, ['pointer', ['void']]],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x18, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x1c, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x20, ['pointer', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Lock' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: 'IRPLOCK_CANCELABLE', 1: 'IRPLOCK_CANCEL_STARTED', 2: 'IRPLOCK_CANCEL_COMPLETE', 3: 'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x2c, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x30, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x31, ['unsigned char']],
+    'LightestSleepState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x38, ['pointer', ['DOCK_INTERFACE']]],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0xc, {
+    'CommonDataArea' : [ 0x0, ['pointer', ['void']]],
+    'MachineType' : [ 0x4, ['unsigned long']],
+    'VirtualBias' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x24, {
+    'SidHash' : [ 0x0, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x8, ['pointer', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0xc, ['_LUID']],
+    'TokenType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {1: 'TokenPrimary', 2: 'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x1c, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x8, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x8, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x4, ['unsigned long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x8, {
+    'Key' : [ 0x0, ['pointer', ['void']]],
+    'Index' : [ 0x4, ['unsigned long']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x1000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer', ['_HMAP_TABLE']]]],
+} ],
+  '_HANDLE_TABLE' : [ 0x3c, {
+    'TableCode' : [ 0x0, ['unsigned long']],
+    'QuotaProcess' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'UniqueProcessId' : [ 0x8, ['pointer', ['void']]],
+    'HandleLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'HandleTableList' : [ 0x10, ['_LIST_ENTRY']],
+    'HandleContentionEvent' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'DebugInfo' : [ 0x1c, ['pointer', ['_HANDLE_TRACE_DEBUG_INFO']]],
+    'ExtraInfoPages' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'StrictFIFO' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FirstFreeHandle' : [ 0x28, ['unsigned long']],
+    'LastFreeHandleEntry' : [ 0x2c, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x30, ['unsigned long']],
+    'NextHandleNeedingPool' : [ 0x34, ['unsigned long']],
+    'HandleCountHighWatermark' : [ 0x38, ['unsigned long']],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x10, {
+    'Va' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'PoolType' : [ 0x8, ['unsigned long']],
+    'NumberOfBytes' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'OneSecured' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'MultipleSecured' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'LongVad' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ExtendableFile' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x4, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x8, ['pointer', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_CM_KEY_BODY' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x8, ['pointer', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0xc, ['pointer', ['void']]],
+    'KeyBodyList' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x18, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KtmTrans' : [ 0x1c, ['pointer', ['void']]],
+    'KtmUow' : [ 0x20, ['pointer', ['_GUID']]],
+    'ContextListHead' : [ 0x24, ['_LIST_ENTRY']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x18, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'Object' : [ 0xc, ['pointer', ['void']]],
+    'NextWaitBlock' : [ 0x10, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitKey' : [ 0x14, ['unsigned short']],
+    'WaitType' : [ 0x16, ['unsigned char']],
+    'BlockState' : [ 0x17, ['unsigned char']],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['_KAFFINITY_EX']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x54, ['unsigned long']],
+} ],
+  '__unnamed_1cae' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_1cb0' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_1cae']],
+    'Private' : [ 0x0, ['__unnamed_1cb0']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x10, {
+    'IssueType' : [ 0x0, ['unsigned long']],
+    'Address' : [ 0x4, ['pointer', ['void']]],
+    'Parameters' : [ 0x8, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DirtyPages' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x8, {
+    'ExceptionRecord' : [ 0x0, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x4, ['pointer', ['_CONTEXT']]],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x1c, {
+    'ObjectHeader' : [ 0x0, ['pointer', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x18, ['unsigned short']],
+    'MaxStacks' : [ 0x1a, ['unsigned short']],
+    'StackInfo' : [ 0x1c, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0xc, {
+    'SecurityContext' : [ 0x0, ['_IMAGE_SECURITY_CONTEXT']],
+    'DynamicRelocations' : [ 0x4, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0x8, ['long']],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x40, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'TagIndex' : [ 0xc, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xe, ['unsigned short']],
+    'TagName' : [ 0x10, ['array', 24, ['wchar']]],
+} ],
+  '_MMPTE_HIGHLOW' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '__unnamed_1cd3' : [ 0x8, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'Secured' : [ 0x0, ['_MMADDRESS_LIST']],
+} ],
+  '__unnamed_1cd9' : [ 0x4, {
+    'Banked' : [ 0x0, ['pointer', ['_MMBANKED_SECTION']]],
+    'ExtendedInfo' : [ 0x0, ['pointer', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD_LONG' : [ 0x48, {
+    'u1' : [ 0x0, ['__unnamed_1586']],
+    'LeftChild' : [ 0x4, ['pointer', ['_MMVAD']]],
+    'RightChild' : [ 0x8, ['pointer', ['_MMVAD']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u' : [ 0x14, ['__unnamed_1589']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u5' : [ 0x1c, ['__unnamed_158c']],
+    'u2' : [ 0x20, ['__unnamed_1599']],
+    'Subsection' : [ 0x24, ['pointer', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x2c, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x30, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x38, ['pointer', ['_EPROCESS']]],
+    'u3' : [ 0x3c, ['__unnamed_1cd3']],
+    'u4' : [ 0x44, ['__unnamed_1cd9']],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x4, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 12, native_type='unsigned long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_NT_TIB' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x4, ['pointer', ['void']]],
+    'StackLimit' : [ 0x8, ['pointer', ['void']]],
+    'SubSystemTib' : [ 0xc, ['pointer', ['void']]],
+    'FiberData' : [ 0x10, ['pointer', ['void']]],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['pointer', ['void']]],
+    'Self' : [ 0x18, ['pointer', ['_NT_TIB']]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_EJOB' : [ 0x138, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x20, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0x60, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0x68, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'TotalPageFaultCount' : [ 0x78, ['unsigned long']],
+    'TotalProcesses' : [ 0x7c, ['unsigned long']],
+    'ActiveProcesses' : [ 0x80, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0x84, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0x88, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0x90, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0x98, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x9c, ['unsigned long']],
+    'LimitFlags' : [ 0xa0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xa4, ['unsigned long']],
+    'Affinity' : [ 0xa8, ['_KAFFINITY_EX']],
+    'PriorityClass' : [ 0xb4, ['unsigned char']],
+    'AccessState' : [ 0xb8, ['pointer', ['_JOB_ACCESS_STATE']]],
+    'UIRestrictionsClass' : [ 0xbc, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0xc0, ['unsigned long']],
+    'CompletionPort' : [ 0xc4, ['pointer', ['void']]],
+    'CompletionKey' : [ 0xc8, ['pointer', ['void']]],
+    'SessionId' : [ 0xcc, ['unsigned long']],
+    'SchedulingClass' : [ 0xd0, ['unsigned long']],
+    'ReadOperationCount' : [ 0xd8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0xe0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0xe8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0xf0, ['unsigned long long']],
+    'WriteTransferCount' : [ 0xf8, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x100, ['unsigned long long']],
+    'ProcessMemoryLimit' : [ 0x108, ['unsigned long']],
+    'JobMemoryLimit' : [ 0x10c, ['unsigned long']],
+    'PeakProcessMemoryUsed' : [ 0x110, ['unsigned long']],
+    'PeakJobMemoryUsed' : [ 0x114, ['unsigned long']],
+    'CurrentJobMemoryUsed' : [ 0x118, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x120, ['_EX_PUSH_LOCK']],
+    'JobSetLinks' : [ 0x124, ['_LIST_ENTRY']],
+    'MemberLevel' : [ 0x12c, ['unsigned long']],
+    'JobFlags' : [ 0x130, ['unsigned long']],
+} ],
+  '__unnamed_1ceb' : [ 0x4, {
+    'AsULONG' : [ 0x0, ['unsigned long']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HvMaxCState' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x60, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['__unnamed_1ceb']],
+    'TargetState' : [ 0x8, ['unsigned long']],
+    'ActualState' : [ 0xc, ['unsigned long']],
+    'OldState' : [ 0x10, ['unsigned long']],
+    'TargetProcessors' : [ 0x14, ['_KAFFINITY_EX']],
+    'State' : [ 0x20, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '__unnamed_1cf4' : [ 0x10, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x14, {
+    'FirmwareTypeEfi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_1cf4']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x50, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x8, ['pointer', ['void']]],
+    'ProcessObject' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x10, ['pointer', ['void']]],
+    'RealtimeConnectContext' : [ 0x14, ['pointer', ['void']]],
+    'DisconnectEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x1c, ['pointer', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x20, ['pointer', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x24, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x28, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x2c, ['unsigned long']],
+    'LoggerId' : [ 0x30, ['unsigned long']],
+    'ShutDownRequested' : [ 0x34, ['unsigned char']],
+    'NewBuffersLost' : [ 0x35, ['unsigned char']],
+    'Disconnected' : [ 0x36, ['unsigned char']],
+    'ReservedBufferSpaceBitMap' : [ 0x38, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x40, ['pointer', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x44, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x48, ['unsigned long']],
+    'UserPagesReused' : [ 0x4c, ['unsigned long']],
+} ],
+  '__unnamed_1cfd' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_1d03' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d05' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_1cfd']],
+    'Bits' : [ 0x0, ['__unnamed_1d03']],
+} ],
+  '_KGDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_1d05']],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x4, ['_KGUARDED_MUTEX']],
+    'NonPagedLock' : [ 0x4, ['unsigned long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'RunningDeAllocs' : [ 0x44, ['long']],
+    'TotalBigPages' : [ 0x48, ['long']],
+    'ThreadsProcessingDeferrals' : [ 0x4c, ['long']],
+    'TotalBytes' : [ 0x50, ['unsigned long']],
+    'PoolIndex' : [ 0x80, ['unsigned long']],
+    'TotalPages' : [ 0xc0, ['long']],
+    'PendingFrees' : [ 0x100, ['pointer', ['pointer', ['void']]]],
+    'PendingFreeDepth' : [ 0x104, ['long']],
+    'ListHeads' : [ 0x140, ['array', 512, ['_LIST_ENTRY']]],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'WheaErrSevRecoverable', 1: 'WheaErrSevFatal', 2: 'WheaErrSevCorrected', 3: 'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0xc, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x1c, {
+    'DriverObject' : [ 0x0, ['pointer', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x4, ['pointer', ['void']]],
+    'Count' : [ 0x8, ['unsigned long']],
+    'ServiceKeyName' : [ 0xc, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x14, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x18, ['pointer', ['_FS_FILTER_CALLBACKS']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x2c, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x8, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x14, ['pointer', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x18, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x18, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_KINTERRUPT' : [ 0x3f8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0xc, ['pointer', ['void']]],
+    'MessageServiceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'MessageIndex' : [ 0x14, ['unsigned long']],
+    'ServiceContext' : [ 0x18, ['pointer', ['void']]],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'TickCount' : [ 0x20, ['unsigned long']],
+    'ActualLock' : [ 0x24, ['pointer', ['unsigned long']]],
+    'DispatchAddress' : [ 0x28, ['pointer', ['void']]],
+    'Vector' : [ 0x2c, ['unsigned long']],
+    'Irql' : [ 0x30, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x31, ['unsigned char']],
+    'FloatingSave' : [ 0x32, ['unsigned char']],
+    'Connected' : [ 0x33, ['unsigned char']],
+    'Number' : [ 0x34, ['unsigned long']],
+    'ShareVector' : [ 0x38, ['unsigned char']],
+    'Pad' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'Mode' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'LevelSensitive', 1: 'Latched'})]],
+    'Polarity' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'InterruptPolarityUnknown', 1: 'InterruptActiveHigh', 2: 'InterruptActiveLow'})]],
+    'ServiceCount' : [ 0x44, ['unsigned long']],
+    'DispatchCount' : [ 0x48, ['unsigned long']],
+    'Rsvd1' : [ 0x50, ['unsigned long long']],
+    'DispatchCode' : [ 0x58, ['array', 232, ['unsigned long']]],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'ObAttributes' : [ 0x0, ['unsigned long']],
+    'InfoTable' : [ 0x0, ['pointer', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+    'GrantedAccessIndex' : [ 0x4, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x6, ['unsigned short']],
+    'NextFreeTableEntry' : [ 0x4, ['unsigned long']],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x18, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x4, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0xc, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x58, {
+    'FileName' : [ 0x0, ['pointer', ['unsigned short']]],
+    'BaseName' : [ 0x4, ['pointer', ['unsigned short']]],
+    'RegRootName' : [ 0x8, ['pointer', ['unsigned short']]],
+    'CmHive' : [ 0xc, ['pointer', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x10, ['unsigned long']],
+    'CmHiveFlags' : [ 0x14, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x18, ['unsigned long']],
+    'CmHive2' : [ 0x1c, ['pointer', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x20, ['unsigned char']],
+    'ThreadFinished' : [ 0x21, ['unsigned char']],
+    'ThreadStarted' : [ 0x22, ['unsigned char']],
+    'Allocate' : [ 0x23, ['unsigned char']],
+    'WinPERequired' : [ 0x24, ['unsigned char']],
+    'StartEvent' : [ 0x28, ['_KEVENT']],
+    'FinishedEvent' : [ 0x38, ['_KEVENT']],
+    'MountLock' : [ 0x48, ['_KEVENT']],
+} ],
+  '_CONTEXT' : [ 0x2cc, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+    'Dr0' : [ 0x4, ['unsigned long']],
+    'Dr1' : [ 0x8, ['unsigned long']],
+    'Dr2' : [ 0xc, ['unsigned long']],
+    'Dr3' : [ 0x10, ['unsigned long']],
+    'Dr6' : [ 0x14, ['unsigned long']],
+    'Dr7' : [ 0x18, ['unsigned long']],
+    'FloatSave' : [ 0x1c, ['_FLOATING_SAVE_AREA']],
+    'SegGs' : [ 0x8c, ['unsigned long']],
+    'SegFs' : [ 0x90, ['unsigned long']],
+    'SegEs' : [ 0x94, ['unsigned long']],
+    'SegDs' : [ 0x98, ['unsigned long']],
+    'Edi' : [ 0x9c, ['unsigned long']],
+    'Esi' : [ 0xa0, ['unsigned long']],
+    'Ebx' : [ 0xa4, ['unsigned long']],
+    'Edx' : [ 0xa8, ['unsigned long']],
+    'Ecx' : [ 0xac, ['unsigned long']],
+    'Eax' : [ 0xb0, ['unsigned long']],
+    'Ebp' : [ 0xb4, ['unsigned long']],
+    'Eip' : [ 0xb8, ['unsigned long']],
+    'SegCs' : [ 0xbc, ['unsigned long']],
+    'EFlags' : [ 0xc0, ['unsigned long']],
+    'Esp' : [ 0xc4, ['unsigned long']],
+    'SegSs' : [ 0xc8, ['unsigned long']],
+    'ExtendedRegisters' : [ 0xcc, ['array', 512, ['unsigned char']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x10, {
+    'Handles' : [ 0x0, ['pointer', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x8, {
+    'Port' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x100, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 62, ['pointer', ['void']]]],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'CallingAddress' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long']],
+    'Tag' : [ 0xc, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x54, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'Mdl' : [ 0xc, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x10, ['pointer', ['void']]],
+    'UserLimit' : [ 0x14, ['pointer', ['void']]],
+    'DataUserVa' : [ 0x18, ['pointer', ['void']]],
+    'SystemVa' : [ 0x1c, ['pointer', ['void']]],
+    'TotalSize' : [ 0x20, ['unsigned long']],
+    'Header' : [ 0x24, ['pointer', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x28, ['pointer', ['void']]],
+    'ListSize' : [ 0x2c, ['unsigned long']],
+    'Bitmap' : [ 0x30, ['pointer', ['void']]],
+    'BitmapSize' : [ 0x34, ['unsigned long']],
+    'Data' : [ 0x38, ['pointer', ['void']]],
+    'DataSize' : [ 0x3c, ['unsigned long']],
+    'BitmapLimit' : [ 0x40, ['unsigned long']],
+    'BitmapNextHint' : [ 0x44, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x48, ['unsigned long']],
+    'AttributeFlags' : [ 0x4c, ['unsigned long']],
+    'AttributeSize' : [ 0x50, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_LAZY_WRITER' : [ 0x50, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x20, ['_KTIMER']],
+    'ScanActive' : [ 0x48, ['unsigned char']],
+    'OtherWork' : [ 0x49, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x4a, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x4b, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x4c, ['unsigned char']],
+    'PendingPowerScan' : [ 0x4d, ['unsigned char']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x44, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer', ['unsigned char']]],
+    'DataPortMapped' : [ 0xc, ['unsigned char']],
+    'AddressPort' : [ 0x10, ['pointer', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x14, ['unsigned char']],
+    'CommandPort' : [ 0x18, ['pointer', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x1c, ['unsigned char']],
+    'NextSlotNumber' : [ 0x20, ['unsigned long']],
+    'DeviceList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x2c, ['pointer', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x30, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x38, ['unsigned long']],
+    'SystemPowerState' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x8, {
+    'Sid' : [ 0x0, ['pointer', ['void']]],
+    'Attributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_IO_WORKITEM' : [ 0x20, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x10, ['pointer', ['void']]],
+    'IoObject' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'Type' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_RM' : [ 0x58, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x10, ['pointer', ['void']]],
+    'Tm' : [ 0x14, ['pointer', ['void']]],
+    'RmHandle' : [ 0x18, ['pointer', ['void']]],
+    'KtmRm' : [ 0x1c, ['pointer', ['void']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'ContainerNum' : [ 0x24, ['unsigned long']],
+    'ContainerSize' : [ 0x28, ['unsigned long long']],
+    'CmHive' : [ 0x30, ['pointer', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x34, ['pointer', ['void']]],
+    'MarshallingContext' : [ 0x38, ['pointer', ['void']]],
+    'RmFlags' : [ 0x3c, ['unsigned long']],
+    'LogStartStatus1' : [ 0x40, ['long']],
+    'LogStartStatus2' : [ 0x44, ['long']],
+    'BaseLsn' : [ 0x48, ['unsigned long long']],
+    'RmLock' : [ 0x50, ['pointer', ['_ERESOURCE']]],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 19, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 23, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MMWSLE_HASH' : [ 0x4, {
+    'Index' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x18, {
+    'AllocAddress' : [ 0x0, ['unsigned long']],
+    'AllocTag' : [ 0x4, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x8, ['unsigned long']],
+    'ReAllocTag' : [ 0xc, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x10, ['unsigned long']],
+    'FreeTag' : [ 0x14, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0xc, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x8, ['pointer', ['void']]],
+    'CallersCaller' : [ 0xc, ['pointer', ['void']]],
+    'CallCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x8, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'Flags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0x6, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'OldIrql' : [ 0x4, ['unsigned char']],
+    'NewIrql' : [ 0x5, ['unsigned char']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'TickCount' : [ 0x8, ['unsigned long']],
+    'StackTrace' : [ 0xc, ['array', 5, ['pointer', ['void']]]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x64, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x8, ['unsigned long']],
+    'CallerEvent' : [ 0xc, ['pointer', ['_KEVENT']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'VetoType' : [ 0x18, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x1c, ['pointer', ['_UNICODE_STRING']]],
+    'Data' : [ 0x20, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0xc, {
+    'AnsiCodePageData' : [ 0x0, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x4, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_ALIGNED_AFFINITY_SUMMARY' : [ 0x40, {
+    'CpuSet' : [ 0x0, ['_KAFFINITY_EX']],
+    'SMTSet' : [ 0xc, ['_KAFFINITY_EX']],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x210, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OptimizedSave' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Features' : [ 0x10, ['array', 64, ['_XSTATE_FEATURE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x2c, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'RealRefCount' : [ 0x14, ['unsigned long']],
+    'Descriptor' : [ 0x18, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'InStore' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x1c, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['long']],
+    'NonPagedFrees' : [ 0x8, ['long']],
+    'NonPagedBytes' : [ 0xc, ['unsigned long']],
+    'PagedAllocs' : [ 0x10, ['unsigned long']],
+    'PagedFrees' : [ 0x14, ['unsigned long']],
+    'PagedBytes' : [ 0x18, ['unsigned long']],
+} ],
+  '_MM_SUBSECTION_AVL_TABLE' : [ 0x20, {
+    'BalancedRoot' : [ 0x0, ['_MMSUBSECTION_NODE']],
+    'DepthOfTree' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'Unused' : [ 0x18, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'NumberGenericTableElements' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'NodeHint' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x4, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'Internal', 1: 'Isa', 2: 'Eisa', 3: 'MicroChannel', 4: 'TurboChannel', 5: 'PCIBus', 6: 'VMEBus', 7: 'NuBus', 8: 'PCMCIABus', 9: 'CBus', 10: 'MPIBus', 11: 'MPSABus', 12: 'ProcessorInternal', 13: 'InternalPowerBus', 14: 'PNPISABus', 15: 'PNPBus', 16: 'Vmcs', 17: 'MaximumInterfaceType', -1: 'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'Padding0' : [ 0x20, ['array', 2, ['unsigned long']]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'EtwBufferStateFree', 1: 'EtwBufferStateGeneralLogging', 2: 'EtwBufferStateCSwitch', 3: 'EtwBufferStateFlush', 4: 'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer', ['void']]],
+    'Pointer1' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0xc8, {
+    'IdleStates' : [ 0x0, ['pointer', ['_PPM_IDLE_STATES']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleAccounting' : [ 0x20, ['pointer', ['_PROC_IDLE_ACCOUNTING']]],
+    'Hypervisor' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'ProcHypervisorNone', 1: 'ProcHypervisorPresent', 2: 'ProcHypervisorPower'})]],
+    'PerfHistoryTotal' : [ 0x28, ['unsigned long']],
+    'ThermalConstraint' : [ 0x2c, ['unsigned char']],
+    'PerfHistoryCount' : [ 0x2d, ['unsigned char']],
+    'PerfHistorySlot' : [ 0x2e, ['unsigned char']],
+    'Reserved' : [ 0x2f, ['unsigned char']],
+    'LastSysTime' : [ 0x30, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0x34, ['unsigned long']],
+    'WmiInterfaceEnabled' : [ 0x38, ['long']],
+    'FFHThrottleStateInfo' : [ 0x40, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x60, ['_KDPC']],
+    'PerfActionMask' : [ 0x80, ['long']],
+    'IdleCheck' : [ 0x88, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x98, ['_PROC_IDLE_SNAP']],
+    'Domain' : [ 0xa8, ['pointer', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0xac, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'Load' : [ 0xb0, ['pointer', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0xb4, ['pointer', ['_PROC_HISTORY_ENTRY']]],
+    'Utility' : [ 0xb8, ['unsigned long']],
+    'OverUtilizedHistory' : [ 0xbc, ['unsigned long']],
+    'AffinityCount' : [ 0xc0, ['unsigned long']],
+    'AffinityHistory' : [ 0xc4, ['unsigned long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMPFNENTRY' : [ 0x2, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Priority' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Rom' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'KernelStack' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEGMENT_OBJECT' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SizeOfSegment' : [ 0x8, ['_LARGE_INTEGER']],
+    'NonExtendedPtes' : [ 0x10, ['unsigned long']],
+    'ImageCommitment' : [ 0x14, ['unsigned long']],
+    'ControlArea' : [ 0x18, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x1c, ['pointer', ['_SUBSECTION']]],
+    'MmSectionFlags' : [ 0x20, ['pointer', ['_MMSECTION_FLAGS']]],
+    'MmSubSectionFlags' : [ 0x24, ['pointer', ['_MMSUBSECTION_FLAGS']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x20, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_KTSS' : [ 0x20ac, {
+    'Backlink' : [ 0x0, ['unsigned short']],
+    'Reserved0' : [ 0x2, ['unsigned short']],
+    'Esp0' : [ 0x4, ['unsigned long']],
+    'Ss0' : [ 0x8, ['unsigned short']],
+    'Reserved1' : [ 0xa, ['unsigned short']],
+    'NotUsed1' : [ 0xc, ['array', 4, ['unsigned long']]],
+    'CR3' : [ 0x1c, ['unsigned long']],
+    'Eip' : [ 0x20, ['unsigned long']],
+    'EFlags' : [ 0x24, ['unsigned long']],
+    'Eax' : [ 0x28, ['unsigned long']],
+    'Ecx' : [ 0x2c, ['unsigned long']],
+    'Edx' : [ 0x30, ['unsigned long']],
+    'Ebx' : [ 0x34, ['unsigned long']],
+    'Esp' : [ 0x38, ['unsigned long']],
+    'Ebp' : [ 0x3c, ['unsigned long']],
+    'Esi' : [ 0x40, ['unsigned long']],
+    'Edi' : [ 0x44, ['unsigned long']],
+    'Es' : [ 0x48, ['unsigned short']],
+    'Reserved2' : [ 0x4a, ['unsigned short']],
+    'Cs' : [ 0x4c, ['unsigned short']],
+    'Reserved3' : [ 0x4e, ['unsigned short']],
+    'Ss' : [ 0x50, ['unsigned short']],
+    'Reserved4' : [ 0x52, ['unsigned short']],
+    'Ds' : [ 0x54, ['unsigned short']],
+    'Reserved5' : [ 0x56, ['unsigned short']],
+    'Fs' : [ 0x58, ['unsigned short']],
+    'Reserved6' : [ 0x5a, ['unsigned short']],
+    'Gs' : [ 0x5c, ['unsigned short']],
+    'Reserved7' : [ 0x5e, ['unsigned short']],
+    'LDT' : [ 0x60, ['unsigned short']],
+    'Reserved8' : [ 0x62, ['unsigned short']],
+    'Flags' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+    'IoMaps' : [ 0x68, ['array', 1, ['_KiIoAccessMap']]],
+    'IntDirectionMap' : [ 0x208c, ['array', 32, ['unsigned char']]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_KIDTENTRY' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'Access' : [ 0x4, ['unsigned short']],
+    'ExtendedOffset' : [ 0x6, ['unsigned short']],
+} ],
+  'DOCK_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x10, ['pointer', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x14, ['pointer', ['void']]],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0xc, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x4, ['pointer', ['void']]],
+    'DataLength' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'ModwriterAttached' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'TrimHard' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'MemoryPriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Available' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER' : [ 0xe0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'ImageBase' : [ 0x1c, ['unsigned long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long']],
+    'SizeOfStackCommit' : [ 0x4c, ['unsigned long']],
+    'SizeOfHeapReserve' : [ 0x50, ['unsigned long']],
+    'SizeOfHeapCommit' : [ 0x54, ['unsigned long']],
+    'LoaderFlags' : [ 0x58, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x5c, ['unsigned long']],
+    'DataDirectory' : [ 0x60, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'ActiveCount' : [ 0x8, ['unsigned long']],
+    'PendingNullCount' : [ 0xc, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x10, ['unsigned long']],
+    'PendingDelete' : [ 0x14, ['unsigned long']],
+    'FreeListHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x1c, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x20, ['pointer', ['void']]],
+    'Entry' : [ 0x24, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'LoaderExceptionBlock', 1: 'LoaderSystemBlock', 2: 'LoaderFree', 3: 'LoaderBad', 4: 'LoaderLoadedProgram', 5: 'LoaderFirmwareTemporary', 6: 'LoaderFirmwarePermanent', 7: 'LoaderOsloaderHeap', 8: 'LoaderOsloaderStack', 9: 'LoaderSystemCode', 10: 'LoaderHalCode', 11: 'LoaderBootDriver', 12: 'LoaderConsoleInDriver', 13: 'LoaderConsoleOutDriver', 14: 'LoaderStartupDpcStack', 15: 'LoaderStartupKernelStack', 16: 'LoaderStartupPanicStack', 17: 'LoaderStartupPcrPage', 18: 'LoaderStartupPdrPage', 19: 'LoaderRegistryData', 20: 'LoaderMemoryData', 21: 'LoaderNlsData', 22: 'LoaderSpecialMemory', 23: 'LoaderBBTMemory', 24: 'LoaderReserve', 25: 'LoaderXIPRom', 26: 'LoaderHALCachedMemory', 27: 'LoaderLargePageFiller', 28: 'LoaderErrorLogMemory', 29: 'LoaderMaximum'})]],
+    'BasePage' : [ 0xc, ['unsigned long']],
+    'PageCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x8, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x4, ['pointer', ['pointer', ['_CM_KCB_UOW']]]],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x2c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'BucketLimits' : [ 0x18, ['array', 16, ['unsigned long long']]],
+    'State' : [ 0x98, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x4c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['unsigned long']],
+    'SamplingPeriod' : [ 0x10, ['unsigned long']],
+    'CurrentTemperature' : [ 0x14, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0x84, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long']],
+    'NonPagedBytes' : [ 0x54, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x5c, ['unsigned long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x60, ['unsigned long']],
+    'SessionTrims' : [ 0x64, ['unsigned long']],
+    'OptionChanges' : [ 0x68, ['unsigned long']],
+    'VerifyMode' : [ 0x6c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x70, ['_UNICODE_STRING']],
+    'ActivityCounter' : [ 0x78, ['unsigned long']],
+    'PreviousActivityCounter' : [ 0x7c, ['unsigned long']],
+    'WorkerTrimRequests' : [ 0x80, ['unsigned long']],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x24, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0xc, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x4, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_OWNER_ENTRY' : [ 0x8, {
+    'OwnerThread' : [ 0x0, ['unsigned long']],
+    'IoPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0x98, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'TimerApc' : [ 0x28, ['_KAPC']],
+    'TimerDpc' : [ 0x58, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'Lock' : [ 0x80, ['unsigned long']],
+    'Period' : [ 0x84, ['long']],
+    'ApcAssociated' : [ 0x88, ['unsigned char']],
+    'WakeReason' : [ 0x8c, ['pointer', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x90, ['_LIST_ENTRY']],
+} ],
+  '_FREE_DISPLAY' : [ 0xc, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Display' : [ 0x4, ['_RTL_BITMAP']],
+} ],
+  '_POOL_BLOCK_HEAD' : [ 0x10, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1e5b' : [ 0x4, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'StartVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_1e5b']],
+    'EndVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x5ec, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x4, ['pointer', ['_KEVENT']]],
+    'Name' : [ 0x8, ['pointer', ['unsigned short']]],
+    'OrderingName' : [ 0xc, ['pointer', ['unsigned short']]],
+    'ResourceType' : [ 0x10, ['long']],
+    'Allocation' : [ 0x14, ['pointer', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x18, ['pointer', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x1c, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x24, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x2c, ['long']],
+    'Interface' : [ 0x30, ['pointer', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x34, ['unsigned long']],
+    'AllocationStack' : [ 0x38, ['pointer', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x3c, ['pointer', ['void']]],
+    'PackResource' : [ 0x40, ['pointer', ['void']]],
+    'UnpackResource' : [ 0x44, ['pointer', ['void']]],
+    'ScoreRequirement' : [ 0x48, ['pointer', ['void']]],
+    'TestAllocation' : [ 0x4c, ['pointer', ['void']]],
+    'RetestAllocation' : [ 0x50, ['pointer', ['void']]],
+    'CommitAllocation' : [ 0x54, ['pointer', ['void']]],
+    'RollbackAllocation' : [ 0x58, ['pointer', ['void']]],
+    'BootAllocation' : [ 0x5c, ['pointer', ['void']]],
+    'QueryArbitrate' : [ 0x60, ['pointer', ['void']]],
+    'QueryConflict' : [ 0x64, ['pointer', ['void']]],
+    'AddReserved' : [ 0x68, ['pointer', ['void']]],
+    'StartArbiter' : [ 0x6c, ['pointer', ['void']]],
+    'PreprocessEntry' : [ 0x70, ['pointer', ['void']]],
+    'AllocateEntry' : [ 0x74, ['pointer', ['void']]],
+    'GetNextAllocationRange' : [ 0x78, ['pointer', ['void']]],
+    'FindSuitableRange' : [ 0x7c, ['pointer', ['void']]],
+    'AddAllocation' : [ 0x80, ['pointer', ['void']]],
+    'BacktrackAllocation' : [ 0x84, ['pointer', ['void']]],
+    'OverrideConflict' : [ 0x88, ['pointer', ['void']]],
+    'InitializeRangeList' : [ 0x8c, ['pointer', ['void']]],
+    'TransactionInProgress' : [ 0x90, ['unsigned char']],
+    'TransactionEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'Extension' : [ 0x98, ['pointer', ['void']]],
+    'BusDeviceObject' : [ 0x9c, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0xa0, ['pointer', ['void']]],
+    'ConflictCallback' : [ 0xa4, ['pointer', ['void']]],
+    'PdoDescriptionString' : [ 0xa8, ['array', 336, ['wchar']]],
+    'PdoSymbolicNameString' : [ 0x348, ['array', 672, ['unsigned char']]],
+    'PdoAddressString' : [ 0x5e8, ['array', 1, ['wchar']]],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x10, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x8, ['unsigned long']],
+    'Inserted' : [ 0xc, ['unsigned char']],
+} ],
+  '__unnamed_1eb4' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1eb6' : [ 0x8, {
+    'Last' : [ 0x0, ['unsigned long']],
+    'u' : [ 0x4, ['__unnamed_1eb4']],
+} ],
+  '__unnamed_1eb8' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_1eb4']],
+} ],
+  '__unnamed_1eba' : [ 0x8, {
+    'OldCell' : [ 0x0, ['__unnamed_1eb6']],
+    'NewCell' : [ 0x0, ['__unnamed_1eb8']],
+} ],
+  '_HCELL' : [ 0xc, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_1eba']],
+} ],
+  '_HMAP_TABLE' : [ 0x2000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x24, {
+    'Prcb' : [ 0x0, ['pointer', ['_KPRCB']]],
+    'PerfContext' : [ 0x4, ['unsigned long']],
+    'PercentageCap' : [ 0x8, ['unsigned long']],
+    'ThermalCap' : [ 0xc, ['unsigned long']],
+    'TargetFrequency' : [ 0x10, ['unsigned long']],
+    'AcumulatedFullFrequency' : [ 0x14, ['unsigned long']],
+    'AcumulatedZeroFrequency' : [ 0x18, ['unsigned long']],
+    'FrequencyHistoryTotal' : [ 0x1c, ['unsigned long']],
+    'AverageFrequency' : [ 0x20, ['unsigned long']],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', -28, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x18, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x8, ['long']],
+    'Misses' : [ 0xc, ['unsigned long']],
+    'MissesLast' : [ 0x10, ['unsigned long']],
+    'Pad0' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1ecf' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1ed3' : [ 0x14, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: 'IrqPriorityUndefined', 1: 'IrqPriorityLow', 2: 'IrqPriorityNormal', 3: 'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_1ed5' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1ed7' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_1ed9' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1edb' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1edd' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1edf' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1ee1' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1ee3' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_1ecf']],
+    'Memory' : [ 0x0, ['__unnamed_1ecf']],
+    'Interrupt' : [ 0x0, ['__unnamed_1ed3']],
+    'Dma' : [ 0x0, ['__unnamed_1ed5']],
+    'Generic' : [ 0x0, ['__unnamed_1ecf']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_1ed7']],
+    'BusNumber' : [ 0x0, ['__unnamed_1ed9']],
+    'ConfigData' : [ 0x0, ['__unnamed_1edb']],
+    'Memory40' : [ 0x0, ['__unnamed_1edd']],
+    'Memory48' : [ 0x0, ['__unnamed_1edf']],
+    'Memory64' : [ 0x0, ['__unnamed_1ee1']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_1ee3']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x150, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'State' : [ 0x8, ['unsigned char']],
+    'Flags' : [ 0x9, ['unsigned char']],
+    'Mode' : [ 0xa, ['unsigned char']],
+    'PendingMode' : [ 0xb, ['unsigned char']],
+    'ActivePoint' : [ 0xc, ['unsigned char']],
+    'PendingActivePoint' : [ 0xd, ['unsigned char']],
+    'Throttle' : [ 0x10, ['long']],
+    'LastTime' : [ 0x18, ['unsigned long long']],
+    'SampleRate' : [ 0x20, ['unsigned long']],
+    'LastTemp' : [ 0x24, ['unsigned long']],
+    'PassiveTimer' : [ 0x28, ['_KTIMER']],
+    'PassiveDpc' : [ 0x50, ['_KDPC']],
+    'OverThrottled' : [ 0x70, ['_POP_ACTION_TRIGGER']],
+    'Irp' : [ 0x80, ['pointer', ['_IRP']]],
+    'Info' : [ 0x84, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0xe0, ['_LARGE_INTEGER']],
+    'Metrics' : [ 0xe8, ['_POP_THERMAL_ZONE_METRICS']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0xc, {
+    'NextPage' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'VerifierEntry' : [ 0x4, ['pointer', ['void']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0x80, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0xc, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x2c, ['unsigned long']],
+    'TraceDb' : [ 0x30, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_CM_WORKITEM' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x8, ['unsigned long']],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Parameter' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_POP_THERMAL_ZONE_METRICS' : [ 0x68, {
+    'MetricsResource' : [ 0x0, ['_ERESOURCE']],
+    'ActiveCount' : [ 0x38, ['unsigned long']],
+    'PassiveCount' : [ 0x3c, ['unsigned long']],
+    'LastActiveStartTick' : [ 0x40, ['_LARGE_INTEGER']],
+    'AverageActiveTime' : [ 0x48, ['_LARGE_INTEGER']],
+    'LastPassiveStartTick' : [ 0x50, ['_LARGE_INTEGER']],
+    'AveragePassiveTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'StartTickSinceLastReset' : [ 0x60, ['_LARGE_INTEGER']],
+} ],
+  '_CM_TRANS' : [ 0x68, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KtmTrans' : [ 0x18, ['pointer', ['void']]],
+    'CmRm' : [ 0x1c, ['pointer', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x20, ['pointer', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x24, ['pointer', ['void']]],
+    'KtmUow' : [ 0x28, ['_GUID']],
+    'StartLsn' : [ 0x38, ['unsigned long long']],
+    'TransState' : [ 0x40, ['unsigned long']],
+    'HiveCount' : [ 0x44, ['unsigned long']],
+    'HiveArray' : [ 0x48, ['array', 7, ['pointer', ['_CMHIVE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'Stamp' : [ 0x10, ['unsigned long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x2c, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ProbeMode' : [ 0x8, ['unsigned char']],
+    'PagedPoolCharge' : [ 0xc, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x10, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x14, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x18, ['pointer', ['void']]],
+    'SecurityQos' : [ 0x1c, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x20, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x4, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x8, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+    'ContentionCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x1c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x1e, ['unsigned short']],
+} ],
+  '_POOL_HACKER' : [ 0x28, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'Contents' : [ 0x8, ['array', 8, ['unsigned long']]],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x8, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x4, ['array', 1, ['pointer', ['void']]]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0xc, {
+    'DataSectionObject' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['void']]],
+    'ImageSectionObject' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_VF_BTS_DATA_MANAGEMENT_AREA' : [ 0x34, {
+    'BTSBufferBase' : [ 0x0, ['pointer', ['void']]],
+    'BTSIndex' : [ 0x4, ['pointer', ['void']]],
+    'BTSMax' : [ 0x8, ['pointer', ['void']]],
+    'BTSInterruptThreshold' : [ 0xc, ['pointer', ['void']]],
+    'PEBSBufferBase' : [ 0x10, ['pointer', ['void']]],
+    'PEBSIndex' : [ 0x14, ['pointer', ['void']]],
+    'PEBSMax' : [ 0x18, ['pointer', ['void']]],
+    'PEBSInterruptThreshold' : [ 0x1c, ['pointer', ['void']]],
+    'PEBSCounterReset' : [ 0x20, ['array', 2, ['pointer', ['void']]]],
+    'Reserved' : [ 0x28, ['array', 12, ['unsigned char']]],
+} ],
+  '_FLOATING_SAVE_AREA' : [ 0x70, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+    'Cr0NpxState' : [ 0x6c, ['unsigned long']],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1c, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1b, ['unsigned char']],
+} ],
+  '__unnamed_1f23' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1f25' : [ 0xc, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_1f23']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x18, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'u1' : [ 0x8, ['__unnamed_1f25']],
+    'VerifiedData' : [ 0x14, ['pointer', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '__unnamed_1f2d' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f2f' : [ 0x2, {
+    'DeviceIds' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f31' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f33' : [ 0x8, {
+    'NotificationStructure' : [ 0x0, ['pointer', ['void']]],
+    'DeviceIds' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f35' : [ 0x4, {
+    'Notification' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1f37' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1f39' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PNP_VetoTypeUnknown', 1: 'PNP_VetoLegacyDevice', 2: 'PNP_VetoPendingClose', 3: 'PNP_VetoWindowsApp', 4: 'PNP_VetoWindowsService', 5: 'PNP_VetoOutstandingOpen', 6: 'PNP_VetoDevice', 7: 'PNP_VetoDriver', 8: 'PNP_VetoIllegalDeviceRequest', 9: 'PNP_VetoInsufficientPower', 10: 'PNP_VetoNonDisableable', 11: 'PNP_VetoLegacyDriver', 12: 'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f3b' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_1f3d' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_1f3f' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_1f41' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_1f2d']],
+    'TargetDevice' : [ 0x0, ['__unnamed_1f2f']],
+    'InstallDevice' : [ 0x0, ['__unnamed_1f31']],
+    'CustomNotification' : [ 0x0, ['__unnamed_1f33']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_1f35']],
+    'PowerNotification' : [ 0x0, ['__unnamed_1f37']],
+    'VetoNotification' : [ 0x0, ['__unnamed_1f39']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_1f3b']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_1f3d']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_1f3f']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_1f31']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x44, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: 'HardwareProfileChangeEvent', 1: 'TargetDeviceChangeEvent', 2: 'DeviceClassChangeEvent', 3: 'CustomDeviceEvent', 4: 'DeviceInstallEvent', 5: 'DeviceArrivalEvent', 6: 'VetoEvent', 7: 'BlockedDriverEvent', 8: 'InvalidIDEvent', 9: 'DevicePropertyChangeEvent', 10: 'DeviceInstanceRemovalEvent', 11: 'MaxPlugEventCategory'})]],
+    'Result' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalSize' : [ 0x1c, ['unsigned long']],
+    'DeviceObject' : [ 0x20, ['pointer', ['void']]],
+    'u' : [ 0x24, ['__unnamed_1f41']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x8, ['unsigned long']],
+    'Unloads' : [ 0xc, ['unsigned long']],
+    'BaseName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x88, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x8, ['array', 32, ['unsigned long']]],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Reserved2' : [ 0x14, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer', ['void']]],
+    'Reserved3' : [ 0x1c, ['unsigned long']],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 8, ['_M128A']]],
+    'Reserved4' : [ 0x120, ['array', 192, ['unsigned char']]],
+    'StackControl' : [ 0x1e0, ['array', 7, ['unsigned long']]],
+    'Cr0NpxState' : [ 0x1fc, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0x88, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x18, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x20, ['long long']],
+    'BitmapRange1' : [ 0x28, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x48, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x68, ['_BITMAP_RANGE']],
+} ],
+  '_PS_CPU_QUOTA_BLOCK' : [ 0x880, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'CpuShareWeight' : [ 0xc, ['unsigned long']],
+    'CapturedWeightData' : [ 0x10, ['_PSP_CPU_SHARE_CAPTURED_WEIGHT_DATA']],
+    'DuplicateInputMarker' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x18, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x18, ['long']],
+    'BlockCurrentGenerationLock' : [ 0x0, ['unsigned long']],
+    'CyclesAccumulated' : [ 0x8, ['unsigned long long']],
+    'CycleCredit' : [ 0x40, ['unsigned long long']],
+    'BlockCurrentGeneration' : [ 0x48, ['unsigned long']],
+    'CpuCyclePercent' : [ 0x4c, ['unsigned long']],
+    'CyclesFinishedForCurrentGeneration' : [ 0x50, ['unsigned char']],
+    'Cpu' : [ 0x80, ['array', 32, ['_PS_PER_CPU_QUOTA_CACHE_AWARE']]],
+} ],
+  '__unnamed_1f5d' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_1f5d']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'BusExtension' : [ 0x4, ['pointer', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['unsigned long']],
+    'RealKcb' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x14, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Busy' : [ 0x10, ['unsigned char']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x50, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: 'NonPagedPool', 1: 'PagedPool', 2: 'NonPagedPoolMustSucceed', 3: 'DontUseThisType', 4: 'NonPagedPoolCacheAligned', 5: 'PagedPoolCacheAligned', 6: 'NonPagedPoolCacheAlignedMustS', 7: 'MaxPoolType', 34: 'NonPagedPoolMustSucceedSession', 35: 'DontUseThisTypeSession', 32: 'NonPagedPoolSession', 36: 'NonPagedPoolCacheAlignedSession', 33: 'PagedPoolSession', 38: 'NonPagedPoolCacheAlignedMustSSession', 37: 'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer', ['void']]],
+    'OpenProcedure' : [ 0x34, ['pointer', ['void']]],
+    'CloseProcedure' : [ 0x38, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x3c, ['pointer', ['void']]],
+    'ParseProcedure' : [ 0x40, ['pointer', ['void']]],
+    'SecurityProcedure' : [ 0x44, ['pointer', ['void']]],
+    'QueryNameProcedure' : [ 0x48, ['pointer', ['void']]],
+    'OkayToCloseProcedure' : [ 0x4c, ['pointer', ['void']]],
+} ],
+  '__unnamed_1f8e' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '_SUBSECTION' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'PtesInSubsection' : [ 0xc, ['unsigned long']],
+    'UnusedPtes' : [ 0x10, ['unsigned long']],
+    'GlobalPerSessionHead' : [ 0x10, ['pointer', ['_MM_AVL_TABLE']]],
+    'u' : [ 0x14, ['__unnamed_1f8e']],
+    'StartingSector' : [ 0x18, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x1c, ['unsigned long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x8, {
+    'NextExtension' : [ 0x0, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PS_PER_CPU_QUOTA_CACHE_AWARE' : [ 0x40, {
+    'SortedListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'IdleOnlyListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'CycleBaseAllowance' : [ 0x10, ['unsigned long long']],
+    'CyclesRemaining' : [ 0x18, ['long long']],
+    'CurrentGeneration' : [ 0x20, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x14, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'StackLimit' : [ 0x4, ['unsigned long']],
+    'KernelStack' : [ 0x8, ['unsigned long']],
+    'InitialStack' : [ 0xc, ['unsigned long']],
+    'ActualLimit' : [ 0x10, ['unsigned long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Parameter' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x24, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x28, ['unsigned long']],
+    'Alternatives' : [ 0x2c, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x30, ['unsigned short']],
+    'RangeAttributes' : [ 0x32, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x33, ['unsigned char']],
+    'WorkSpace' : [ 0x34, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMWSLENTRY' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_INTERLOCK_SEQ' : [ 0x8, {
+    'Depth' : [ 0x0, ['unsigned short']],
+    'FreeEntryOffset' : [ 0x2, ['unsigned short']],
+    'OffsetAndDepth' : [ 0x0, ['unsigned long']],
+    'Sequence' : [ 0x4, ['unsigned long']],
+    'Exchg' : [ 0x0, ['long long']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_VPB' : [ 0x58, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'VolumeLabel' : [ 0x18, ['array', 32, ['wchar']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: 'CacheUnified', 1: 'CacheInstruction', 2: 'CacheData', 3: 'CacheTrace'})]],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x10, {
+    'ClientToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: 'SecurityAnonymous', 1: 'SecurityIdentification', 2: 'SecurityImpersonation', 3: 'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x8, ['pointer', ['void']]],
+    'ProcessAuditId' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_KiIoAccessMap' : [ 0x2024, {
+    'DirectionMap' : [ 0x0, ['array', 32, ['unsigned char']]],
+    'IoMap' : [ 0x20, ['array', 8196, ['unsigned char']]],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x40, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0xc, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x1c, ['unsigned long']],
+    'AccessBufferList' : [ 0x20, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x28, ['long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x30, ['long']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_POP_SYSTEM_IDLE' : [ 0x38, {
+    'AverageIdleness' : [ 0x0, ['long']],
+    'LowestIdleness' : [ 0x4, ['long']],
+    'Time' : [ 0x8, ['unsigned long']],
+    'Timeout' : [ 0xc, ['unsigned long']],
+    'LastUserInput' : [ 0x10, ['unsigned long']],
+    'Action' : [ 0x14, ['POWER_ACTION_POLICY']],
+    'MinState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'SystemRequired' : [ 0x24, ['unsigned char']],
+    'IdleWorker' : [ 0x25, ['unsigned char']],
+    'Sampling' : [ 0x26, ['unsigned char']],
+    'LastTick' : [ 0x28, ['unsigned long long']],
+    'LastSystemRequiredTime' : [ 0x30, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0xc, {
+    'SharedExportThunks' : [ 0x0, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x4, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x8, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x18, {
+    'SourceProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x4, ['pointer', ['void']]],
+    'Object' : [ 0x8, ['pointer', ['void']]],
+    'TargetAccess' : [ 0xc, ['unsigned long']],
+    'ObjectInfo' : [ 0x10, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerSystemUnspecified', 1: 'PowerSystemWorking', 2: 'PowerSystemSleeping1', 3: 'PowerSystemSleeping2', 4: 'PowerSystemSleeping3', 5: 'PowerSystemHibernate', 6: 'PowerSystemShutdown', 7: 'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: 'PowerDeviceUnspecified', 1: 'PowerDeviceD0', 2: 'PowerDeviceD1', 3: 'PowerDeviceD2', 4: 'PowerDeviceD3', 5: 'PowerDeviceMaximum'})]],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x10, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x4, ['pointer', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x8, ['long']],
+    'MissedMappingsCount' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1fee' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1ff0' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1ff2' : [ 0xc, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1ff4' : [ 0xc, {
+    'Raw' : [ 0x0, ['__unnamed_1ff2']],
+    'Translated' : [ 0x0, ['__unnamed_1ff0']],
+} ],
+  '__unnamed_1ff6' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1ff8' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1ffa' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1ffc' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1ffe' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+}

From afd684e4416850d08866caf71f1b53d1ae2e2427 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Wed, 10 Jan 2018 10:13:10 -0600
Subject: [PATCH 185/304] Windows - Add profiles for Windows 7 build 24000 -
 commit 2

---
 volatility/plugins/overlays/windows/win7.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/volatility/plugins/overlays/windows/win7.py b/volatility/plugins/overlays/windows/win7.py
index 7c8ea05e6..ecbd3a70f 100644
--- a/volatility/plugins/overlays/windows/win7.py
+++ b/volatility/plugins/overlays/windows/win7.py
@@ -219,6 +219,16 @@ class Win7SP1x86_23418(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x86_BBA98F40_vtypes'
     _md_product = ["NtProductWinNt"]
 
+class Win7SP1x86_24000(obj.Profile):
+    """ A Profile for Windows 7 SP1 x86 (6.1.7601.24000 / 2018-01-09) """
+    _md_memory_model = '32bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 1
+    _md_build = 7601
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x86_24000_vtypes'
+    _md_product = ["NtProductWinNt"]
+
 class Win7SP0x64(obj.Profile):
     """ A Profile for Windows 7 SP0 x64 """
     _md_memory_model = '64bit'
@@ -249,6 +259,16 @@ class Win7SP1x64_23418(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x64_632B36E0_vtypes'
     _md_product = ["NtProductWinNt"]
 
+class Win7SP1x64_24000(obj.Profile):
+    """ A Profile for Windows 7 SP1 x64 (6.1.7601.24000 / 2018-01-09) """
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 1
+    _md_build = 7601
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win7_sp1_x64_24000_vtypes'
+    _md_product = ["NtProductWinNt"]
+
 class Win2008R2SP0x64(Win7SP0x64):
     """ A Profile for Windows 2008 R2 SP0 x64 """
     _md_product = ["NtProductLanManNt", "NtProductServer"]

From e9047178edf0a447f803a417f9cdaec66f863c5f Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 10 Jan 2018 12:05:47 -0600
Subject: [PATCH 186/304] Add big page table magic offsets for 10.0.16299.192
 (windows 10 64-bit)

---
 volatility/plugins/bigpagepools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index fcf65863e..2e8f0031e 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32]],
             (6, 4, '32bit') : [[-168, -164]],
         }
 

From 8bb09e01dd950bc4d52b379f4a8b2f5a5e3f07ab Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 16 Jan 2018 10:53:26 -0600
Subject: [PATCH 187/304] Windows - add tighter contstraints to Idle process
 scanning

---
 volatility/plugins/overlays/basic.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/basic.py b/volatility/plugins/overlays/basic.py
index cb7f4b766..8328056c7 100644
--- a/volatility/plugins/overlays/basic.py
+++ b/volatility/plugins/overlays/basic.py
@@ -219,8 +219,12 @@ def generate_suggestions(self):
             while found >= 0:
                 proc = obj.Object("_EPROCESS", offset = offset + found,
                                   vm = self.obj_vm)
-                if 'Idle' in proc.ImageFileName.v():
+                if 'Idle\x00\x00\x00\x00\x00\x00\x00\x00' in proc.ImageFileName.v() and \
+                    int(proc.UniqueProcessId) == 0 and \
+                    proc.Peb.v() == 0:
+
                     yield proc.Pcb.DirectoryTableBase.v()
+
                 found = data.find(str(self.obj_parent.DTBSignature), found + 1)
 
             offset += len(data)

From 1707a8f03269dbab0db66b692a4ed4dd34b16855 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 16 Jan 2018 13:38:16 -0600
Subject: [PATCH 188/304] Windows - skip invalid x64 SSDT entries

---
 volatility/plugins/ssdt.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/volatility/plugins/ssdt.py b/volatility/plugins/ssdt.py
index 86d99a638..ded7f6c99 100644
--- a/volatility/plugins/ssdt.py
+++ b/volatility/plugins/ssdt.py
@@ -224,6 +224,9 @@ def generator(self, data):
                     # These must be signed long for x64 because they are RVAs relative
                     # to the base of the table and can be negative. 
                     offset = obj.Object('long', table + (i * 4), vm).v()
+                    if offset == None:
+                        continue
+
                     # The offset is the top 20 bits of the 32 bit number. 
                     syscall_addr = table + (offset >> 4)
                 try:
@@ -293,6 +296,9 @@ def render_text(self, outfd, data):
                     # These must be signed long for x64 because they are RVAs relative
                     # to the base of the table and can be negative. 
                     offset = obj.Object('long', table + (i * 4), vm).v()
+                    if offset == None:
+                        continue
+
                     # The offset is the top 20 bits of the 32 bit number. 
                     syscall_addr = table + (offset >> 4)
                 try:

From 80fc44f0505ea6af7e77d491e4c46ec79b3e2cf3 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 16 Jan 2018 19:20:01 -0600
Subject: [PATCH 189/304] Fixing the ssdt plugin on Windows 10.0.10586.x

---
 volatility/plugins/overlays/windows/win10.py | 8 ++++----
 volatility/plugins/ssdt.py                   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 0af94d26e..990e9dddc 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -648,7 +648,7 @@ def modification(self, profile):
                 profile.object_classes.update({
                     "_HANDLE_TABLE": _HANDLE_TABLE_10_DD08DD42})
             
-        elif build >= 10240:
+        elif build >= 10586:
             header = _OBJECT_HEADER_10_1AC738FB
         else:
             header = _OBJECT_HEADER_10
@@ -689,7 +689,7 @@ class Win10PoolHeader(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows',
                   'major': lambda x: x == 6,
                   'minor': lambda x: x == 4,
-                  'build': lambda x: x == 10240}
+                  'build': lambda x: x == 10586}
 
     def modification(self, profile):
 
@@ -738,7 +738,7 @@ class Win10x64_10586(obj.Profile):
     _md_os = 'windows'
     _md_major = 6
     _md_minor = 4
-    _md_build = 10240
+    _md_build = 10586
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_1AC738FB_vtypes'
     _md_product = ["NtProductWinNt"]
 
@@ -768,7 +768,7 @@ class Win10x86_10586(obj.Profile):
     _md_os = 'windows'
     _md_major = 6
     _md_minor = 4
-    _md_build = 10240
+    _md_build = 10586
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_44B89EEA_vtypes'
     _md_product = ["NtProductWinNt"]
 
diff --git a/volatility/plugins/ssdt.py b/volatility/plugins/ssdt.py
index 86d99a638..4fa24be3d 100644
--- a/volatility/plugins/ssdt.py
+++ b/volatility/plugins/ssdt.py
@@ -86,7 +86,7 @@ def find_tables(nt_base, start_addr, vm):
             if op.mnemonic == 'CMP' and op.operands[0].dispSize == 32 and op.operands[0].value == 0:
                 if op.size == 9:
                     service_tables.append(nt_base + op.operands[0].disp)
-                elif op.size == 7:
+                elif op.size in [7, 8]:
                     service_tables.append(op.address + op.size + op.operands[0].disp)
             elif op.mnemonic == 'LEA' and op.size == 7 and op.operands[1].dispSize == 32 and op.operands[1].disp > 0:
                 service_tables.append(nt_base + op.operands[1].disp)

From 913c18c2121f72faae2fcb680c975f2496d8abb3 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Thu, 25 Jan 2018 17:19:36 -0600
Subject: [PATCH 190/304] Mac - strengthen validation of bash hash entries

---
 volatility/plugins/overlays/mac/mac.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 1ba24c270..353f41516 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -536,7 +536,7 @@ def bash_hash_entries(self):
                                 continue
 
                             if bucket.key != None and bucket.data != None and pdata.is_valid() and (0 <= pdata.flags <= 2):
-                                if len(str(bucket.key)) > 0 or len(str(bucket.data.path)) > 0:
+                                if (len(str(bucket.key)) > 0 or len(str(bucket.data.path)) > 0) and (0 < bucket.times_found <= 1024):
                                     yield bucket
 
                             bucket = bucket.next_bucket()

From 8200f565fb7a58431eee6e9ece12fdc2d16ab4b5 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Thu, 25 Jan 2018 17:40:50 -0600
Subject: [PATCH 191/304] Mac - Add 10_13_3_17D47 profile

---
 volatility/plugins/mac/get_profile.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index d9561e72d..804fede26 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -71,6 +71,7 @@
 ["MacHighSierra_10_13_1_17B48x64", 18446743523963490832, 18446743523964391424, 1],
 ["MacHighSierra_10_13_2_17C88x64", 18446743523965584448, 18446743523966648320, 1],
 ["MacHighSierra_10_13_2_Seed_17C60cx64", 18446743523965574112, 18446743523966648320, 1],
+["MacHighSierra_10_13_3_17D47x64", 18446743523965582400, 18446743523966648320, 1],
 ["MacHighSierra_10_13_17A264cx64", 18446743523963492288, 18446743523964387328, 1],
 ["MacHighSierra_10_13_17A291jx64", 18446743523963490112, 18446743523964387328, 1],
 ["MacHighSierra_10_13_17A306fx64", 18446743523963487728, 18446743523964391424, 1],

From 5ea6d075e4c64727d0401c371a884d1ad758ec6d Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 6 Feb 2018 08:12:55 -0600
Subject: [PATCH 192/304] Refs #490 refactor _EPROCESS.Peb32 for wow64 DLLs

---
 .../plugins/overlays/windows/windows.py       | 33 ++++++++++---------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index dd4247767..6825b87fd 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -407,25 +407,28 @@ def Peb32(self):
         space so we need to switch address spaces when we look at
         it. This method ensures this happens automatically.
         """
-        wow64process = self.Wow64Process
+        process_as = self.get_process_address_space()
+        if process_as == None:
+            return obj.NoneObject("Unable to create process AS")
 
-        if wow64process.is_valid():
-            process_ad = self.get_process_address_space()
-            if process_ad:
+        # get the address but don't dereference 
+        ptr = obj.Object("address", offset = self.Wow64Process.v(), vm = process_as)
 
-                # starting with windows 10 the Wow64Process member
-                # points to an _EWOW64PROCESS with a Peb
-                try:
-                    offset = wow64process.Peb
-                except AttributeError:
-                    offset = wow64process
+        # make sure the validity check happens with a process AS 
+        if not ptr.is_valid():
+            return obj.NoneObject("The Wow64Process pointer is not valid in process AS")
 
-                peb32 = obj.Object("_PEB32", offset = offset, vm = process_ad, name = "Peb32", parent = self)
+        # windows 10 
+        if process_as.profile.has_type("_EWOW64PROCESS"):
+            return ptr.cast("_EWOW64PROCESS").Peb.dereference_as("_PEB32")
 
-                if peb32.is_valid():
-                    return peb32
-        
-        return obj.NoneObject("Peb32 not found")
+        # vista sp0-sp1 and 2003 sp1-sp2
+        elif process_as.profile.has_type("_WOW64_PROCESS"):
+            return ptr.cast("_WOW64_PROCESS").Wow64.dereference_as("_PEB32")
+
+        # everything else 
+        else:
+            return ptr.cast("_PEB32") 
 
     def get_process_address_space(self):
         """ Gets a process address space for a task given in _EPROCESS """

From 493c5cec08bbe3f9fa5a7e3b92c88d4bf1faeaa8 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Tue, 6 Feb 2018 13:26:19 -0600
Subject: [PATCH 193/304] Windows - update EPROCESS.is_valid()

---
 .../plugins/overlays/windows/windows.py       | 25 +++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index dd4247767..2a437b200 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -698,12 +698,33 @@ def is_valid(self):
         if not obj.CType.is_valid(self):
             return False
 
-        if (self.Pcb.DirectoryTableBase == 0):
+        name = str(self.ImageFileName)
+        if not name or len(name) == 0 or name[0] == "\x00":
+            return False
+
+        # The System/PID 4 process has no create time
+        if not (str(name) == "System" and self.UniqueProcessId == 4):
+            if self.CreateTime.v() == 0:
+                return False
+                
+            ctime = self.CreateTime.as_datetime()
+            if ctime == None:
+                return False
+
+            if not (1998 < ctime.year < 2030):
+                return False
+                
+        # NT pids are divisible by 4
+        if self.UniqueProcessId % 4 != 0:
             return False
 
-        if (self.Pcb.DirectoryTableBase % 0x20 != 0):
+        if (self.Pcb.DirectoryTableBase == 0):
             return False
 
+        # check for all 0s besides the PCID entries
+        if self.Pcb.DirectoryTableBase & ~0xfff == 0:
+            return False
+    
         list_head = self.ThreadListHead
         kernel = 0x80000000
 

From 682b340ae3f2eca1291e2d32987b408878c16c86 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Thu, 22 Feb 2018 14:24:28 -0600
Subject: [PATCH 194/304] Linux - update psscan to debug.warning instead of
 debug.error

---
 volatility/plugins/linux/psscan.py | 35 ++++++++++--------------------
 1 file changed, 12 insertions(+), 23 deletions(-)

diff --git a/volatility/plugins/linux/psscan.py b/volatility/plugins/linux/psscan.py
index 3064ca6d9..e5b7e3762 100644
--- a/volatility/plugins/linux/psscan.py
+++ b/volatility/plugins/linux/psscan.py
@@ -61,32 +61,21 @@ def calculate(self):
                 needles.append(struct.pack(fmt, addr)) 
 
         if len(needles) == 0:
-            debug.error("Unable to scan for processes. Please file a bug report.")
-
-        back_offset = phys_addr_space.profile.get_obj_offset("task_struct", "sched_class")
-
-        scanner = poolscan.MultiPoolScanner(needles)    
-
-        for _, offset in scanner.scan(phys_addr_space):
-            ptask = obj.Object("task_struct", offset = offset - back_offset, vm = phys_addr_space)
-
-            if not ptask.exit_state.v() in [0, 16, 32, 16|32]:
-                continue
-
-            if not (0 < ptask.pid < 66000):
-                continue
-
-            yield ptask
-
-        
-
-
-
-
-
+            debug.warning("Unable to scan for processes. Please file a bug report.")
+        else:
+            back_offset = phys_addr_space.profile.get_obj_offset("task_struct", "sched_class")
 
+            scanner = poolscan.MultiPoolScanner(needles)    
 
+            for _, offset in scanner.scan(phys_addr_space):
+                ptask = obj.Object("task_struct", offset = offset - back_offset, vm = phys_addr_space)
 
+                if not ptask.exit_state.v() in [0, 16, 32, 16|32]:
+                    continue
 
+                if not (0 < ptask.pid < 66000):
+                    continue
 
+                yield ptask
 
+            

From bfb7a297c7b42549da57d08fb77d2b486fb66859 Mon Sep 17 00:00:00 2001
From: Jamie Levy <jamie@memoryanalysis.net>
Date: Tue, 27 Feb 2018 10:55:26 -0500
Subject: [PATCH 195/304] Adding fixes to pyinstaller hooks for most recent
 version

---
 pyinstaller/hook-distorm3.py | 6 ++++--
 pyinstaller/hook-openpyxl.py | 4 ++--
 pyinstaller/hook-yara.py     | 6 ++++--
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/pyinstaller/hook-distorm3.py b/pyinstaller/hook-distorm3.py
index 254f9c708..883f5ac82 100755
--- a/pyinstaller/hook-distorm3.py
+++ b/pyinstaller/hook-distorm3.py
@@ -15,6 +15,8 @@
 datas = []
 
 for path in sys.path:
-  datas.append((os.path.join(path, "distorm3", "distorm3.dll"), ""))
-  datas.append((os.path.join(path, "distorm3", "libdistorm3.so"), ""))
+    if os.path.exists(os.path.join(path, "distorm3", "distorm3.dll")):
+        datas.append((os.path.join(path, "distorm3", "distorm3.dll"), ""))
+    if os.path.exists(os.path.join(path, "distorm3", "libdistorm3.so")):
+        datas.append((os.path.join(path, "distorm3", "libdistorm3.so"), ""))
 
diff --git a/pyinstaller/hook-openpyxl.py b/pyinstaller/hook-openpyxl.py
index bf81de55c..8174c176a 100755
--- a/pyinstaller/hook-openpyxl.py
+++ b/pyinstaller/hook-openpyxl.py
@@ -15,5 +15,5 @@
 datas = []
 
 for path in sys.path:
-  datas.append((os.path.join(path, "openpyxl", ".constants.json"), ""))
-
+    if os.path.exists(os.path.join(path, "openpyxl", ".constants.json")):
+        datas.append((os.path.join(path, "openpyxl", ".constants.json"), ""))
diff --git a/pyinstaller/hook-yara.py b/pyinstaller/hook-yara.py
index a59943e7f..7481404d6 100644
--- a/pyinstaller/hook-yara.py
+++ b/pyinstaller/hook-yara.py
@@ -4,5 +4,7 @@
 datas = []
 
 for path in sys.path:
-  datas.append(("yara.pyd", ""))
-  datas.append(("yara.so", ""))
\ No newline at end of file
+    if os.path.exists(os.path.join(path, "yara.pyd")):
+        datas.append((os.path.join(path, "yara.pyd"), ""))
+    if os.path.exists(os.path.join(path, "yara.so")):
+        datas.append((os.path.join(path, "yara.so"), ""))

From 19e4c5f0018a88a499c1d4a029c710fd533341d9 Mon Sep 17 00:00:00 2001
From: Muted Mouse <mutedmouse@gmail.com>
Date: Sat, 24 Mar 2018 17:22:36 -0400
Subject: [PATCH 196/304] add unified output

---
 volatility/plugins/linux/netstat.py | 47 ++++++++++++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/netstat.py b/volatility/plugins/linux/netstat.py
index fd815540c..ce17a26b1 100644
--- a/volatility/plugins/linux/netstat.py
+++ b/volatility/plugins/linux/netstat.py
@@ -29,6 +29,7 @@
 import volatility.plugins.linux.common as linux_common
 import volatility.plugins.linux.lsof as linux_lsof
 import volatility.plugins.linux.pslist as linux_pslist
+from volatility.renderers import TreeGrid
 
 class linux_netstat(linux_pslist.linux_pslist):
     """Lists open sockets"""
@@ -36,8 +37,52 @@ class linux_netstat(linux_pslist.linux_pslist):
     def __init__(self, config, *args, **kwargs):
         linux_pslist.linux_pslist.__init__(self, config, *args, **kwargs)
         self._config.add_option('IGNORE_UNIX', short_option = 'U', default = None, help = 'ignore unix sockets', action = 'store_true')
-    
+
+    def unified_output(self,data):
+        return TreeGrid([("Proto", str),
+                         ("Local IP", str),
+                         ("Local Port", int),
+                         ("Remote IP", str),
+                         ("Remote Port", int),
+                         ("State", str),
+                         ("Process", str),
+                         ("PID", str),
+                         ("Name", str),
+                         ],
+                         self.generator(data))
+
+    def generator(self, data):
+        for task in data:
+            for ents in task.netstat():
+                if ents[0] == socket.AF_INET:
+                    (_, proto, saddr, sport, daddr, dport, state) = ents[1]
+                    yield(0, [
+                              str(proto),
+                              str(saddr),
+                              int(sport),
+                              str(daddr),
+                              int(dport),
+                              str(state),
+                              str(task.comm),
+                              str(task.pid),
+                              str(name),
+                              ])
+
+                elif ents[0] == 1 and not self._config.IGNORE_UNIX:
+                    (name, inum) = ents[1]
+                    yield(0, [
+                              str("UNIX "+str(inum)),
+                              "-",
+                              0,
+                              "-",
+                              0,
+                              "-",
+                              str(task.comm),
+                              str(task.pid),
+                              str(name),
+                              ])
             # its a socket!
+            
     def render_text(self, outfd, data):
         linux_common.set_plugin_members(self)
 

From 25b4fd9f0ea7e030b2aa4f63dddc6288357e3a26 Mon Sep 17 00:00:00 2001
From: Muted Mouse <mutedmouse@gmail.com>
Date: Sat, 24 Mar 2018 17:25:09 -0400
Subject: [PATCH 197/304] added ppid to pslist unified and test output

---
 volatility/plugins/mac/pslist.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/volatility/plugins/mac/pslist.py b/volatility/plugins/mac/pslist.py
index e411ab097..1de712ff2 100644
--- a/volatility/plugins/mac/pslist.py
+++ b/volatility/plugins/mac/pslist.py
@@ -43,7 +43,7 @@ def virtual_process_from_physical_offset(addr_space, offset):
         pspace = utils.load_as(addr_space.get_config(), astype = 'physical')
         proc = obj.Object("proc", vm = pspace,     offset = offset)
         task = obj.Object("task", vm = addr_space, offset = proc.task)
-        
+
         return task.bsd_info.dereference_as("proc")
 
     def allprocs(self):
@@ -99,6 +99,7 @@ def unified_output(self, data):
                                   ("Bits", str),
                                   ("DTB", Address),
                                   ("Start time", str),
+                                  ("PPID", int),
                                   ], self.generator(data))
     def generator(self, data):
         for proc in data:
@@ -118,6 +119,7 @@ def generator(self, data):
                        str(bit_string),
                        Address(proc.task.dereference_as("task").map.pmap.pm_cr3),
                        str(proc.start_time()),
+                       int(proc.p_ppid),
                        ])
 
     def render_text(self, outfd, data):
@@ -127,9 +129,11 @@ def render_text(self, outfd, data):
                           ("Uid", "8"),
                           ("Gid", "8"),
                           ("PGID", "8"),
-                          ("Bits", "12"), 
+                          ("Bits", "12"),
                           ("DTB", "#018x"),
-                          ("Start Time", "")])
+                          ("Start Time", ""),
+                          ("Ppid", "8"),
+                          ])
 
         for proc in data:
             if not proc.is_valid() or len(proc.p_comm) == 0:
@@ -146,4 +150,5 @@ def render_text(self, outfd, data):
                                   str(proc.p_pgrpid),
                                   bit_string,
                                   proc.task.dereference_as("task").map.pmap.pm_cr3,
-                                  proc.start_time())
+                                  proc.start_time(),
+                                  str(proc.p_ppid))

From c043acfb1420fe0d5da378a654028107add7bc5b Mon Sep 17 00:00:00 2001
From: Muted Mouse <mutedmouse@gmail.com>
Date: Sun, 25 Mar 2018 19:46:09 +0000
Subject: [PATCH 198/304] add unified_output to editbox plugin

---
 volatility/plugins/gui/editbox.py | 40 +++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/volatility/plugins/gui/editbox.py b/volatility/plugins/gui/editbox.py
index 51204da2a..e3025da35 100644
--- a/volatility/plugins/gui/editbox.py
+++ b/volatility/plugins/gui/editbox.py
@@ -39,6 +39,7 @@
 import volatility.plugins.common as common
 import volatility.plugins.gui.messagehooks as messagehooks
 import volatility.win32 as win32
+from volatility.renderers import TreeGrid
 
 supported_controls = {
     'edit'   : 'COMCTL_EDIT',
@@ -444,6 +445,45 @@ def render_table(self, outfd, data):
             # context, atom_class and is_wow64 are ignored
             self.table_row(outfd, pid, proc_name, str(ctrl))
 
+    def unified_output(self, data):
+        #output as volatility json format
+        return TreeGrid([("Wnd Context", str),
+                         ("Process ID", int),
+                         ("ImageFileName", str),
+                         ("IsWow64", str),
+                         ("atom_class", str),
+                         ("value-of WndExtra", str),
+                         ("nChars", int),
+                         ("selStart", int),
+                         ("selEnd", int),
+                         ("isPwdControl", int),
+                         ("undoPos", int),
+                         ("undoLen", int),
+                         ("address-of undoBuf", str),
+                         ("undoBuf", str),
+                         ("Data", str),
+                        ], self.generator(data))
+
+    def generator(self, data):
+        for context, atom_class, pid, proc_name, is_wow64, ctrl in data:
+            yield (0, [
+                str(context),
+                int(pid),
+                str(proc_name),
+                str('Yes' if is_wow64 else 'No'),
+                str(atom_class),
+                str(hex(int(ctrl.v()))),
+                int(ctrl.nChars),
+                int(ctrl.selStart),
+                int(ctrl.is_pwd()),
+                int(ctrl.undoPos),
+                int(ctrl.undoLen),
+                int(ctrl.selEnd),
+                str(ctrl.undoBuf),
+                str(ctrl.get_undo(no_crlf=True)),
+                str(ctrl.get_text()),
+                ])
+
     def render_text(self, outfd, data):
         """Output the results as a text report
         

From 3b463b85149657ad81f7f8323df35136176af882 Mon Sep 17 00:00:00 2001
From: Miika Turkia <miika.turkia@gmail.com>
Date: Wed, 11 Apr 2018 10:36:17 +0300
Subject: [PATCH 199/304] Fix iehistory plugin to not override scan selection

All the tags are erroneously overwritten by only DEST. This results in
the plugin missing most of the data it should gather.
---
 volatility/plugins/iehistory.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/volatility/plugins/iehistory.py b/volatility/plugins/iehistory.py
index c7f106383..3fbd77136 100644
--- a/volatility/plugins/iehistory.py
+++ b/volatility/plugins/iehistory.py
@@ -156,8 +156,6 @@ def calculate(self):
             tags.append("LEAK")
         if self._config.REDR:
             tags.append("REDR")
-            
-        tags = ["DEST"]
 
         ## Define the record type based on the tag
         tag_records = {

From f567ace9a3e58502111072c50bac730018c77f9a Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 17 Apr 2018 08:35:06 -0500
Subject: [PATCH 200/304] Linux - check tree height in file cache

---
 volatility/plugins/linux/find_file.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/find_file.py b/volatility/plugins/linux/find_file.py
index f568ca66e..21ba7cdbf 100644
--- a/volatility/plugins/linux/find_file.py
+++ b/volatility/plugins/linux/find_file.py
@@ -239,6 +239,9 @@ def radix_tree_lookup_slot(self, root, index):
             height = node.height
         elif hasattr(node, "path"):
             height = node.path
+
+            if height > 4096:
+                height = 4096
         else:
             post_4_11 = True
         
@@ -254,7 +257,7 @@ def radix_tree_lookup_slot(self, root, index):
                 return page
 
             node = self.radix_tree_indirect_to_ptr(node)
-            
+
             if hasattr(node, "shift"):
                 shift = node.shift
             else:

From 1b81b83a6a0c7f8a621481d066ec26343333edb9 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 24 Apr 2018 00:12:26 -0500
Subject: [PATCH 201/304] Linux - fix height calculation

---
 volatility/plugins/linux/find_file.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/linux/find_file.py b/volatility/plugins/linux/find_file.py
index 21ba7cdbf..0ee07236a 100644
--- a/volatility/plugins/linux/find_file.py
+++ b/volatility/plugins/linux/find_file.py
@@ -233,6 +233,9 @@ def radix_tree_lookup_slot(self, root, index):
 
         node = root.rnode
 
+        if not node.is_valid():
+            return None
+
         post_4_11 = False
 
         if hasattr(node, "height"):
@@ -240,11 +243,16 @@ def radix_tree_lookup_slot(self, root, index):
         elif hasattr(node, "path"):
             height = node.path
 
-            if height > 4096:
-                height = 4096
+            height = height & 0xfff
+            # this check is needed as gcc seems to produce a 0 value when a shift value is negative
+            # Python throws a backtrace in this situation though
+            # setting to 0 will cause the later -1 to equal 0, and match the runtime behaviour of the kernel
+            if height == 0:
+                height = 1
+
         else:
             post_4_11 = True
-        
+
         if post_4_11:
             slot = self.find_slot_post_4_11(root, index)
         else:

From 6fd90ce8a4f8f37cce629bc390b81d882d5aed49 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 24 Apr 2018 08:00:11 -0500
Subject: [PATCH 202/304] Add profiles for 10.0.10240.17770 (2018-02-10)

---
 volatility/plugins/overlays/windows/win10.py  |    20 +
 .../windows/win10_x64_10240_17770_vtypes.py   | 13262 ++++++++++++++++
 .../windows/win10_x86_10240_17770_vtypes.py   | 12718 +++++++++++++++
 3 files changed, 26000 insertions(+)
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_10240_17770_vtypes.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x86_10240_17770_vtypes.py

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 990e9dddc..fbb55c969 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -732,6 +732,16 @@ class Win10x64(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_vtypes'
     _md_product = ["NtProductWinNt"]
 
+class Win10x64_10240_17770(obj.Profile):
+    """ A Profile for Windows 10 x64 (10.0.10240.17770 / 2018-02-10) """
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 10240
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_10240_17770_vtypes'
+    _md_product = ["NtProductWinNt"]
+
 class Win10x64_10586(obj.Profile):
     """ A Profile for Windows 10 x64 (10.0.10586.306 / 2016-04-23) """
     _md_memory_model = '64bit'
@@ -762,6 +772,16 @@ class Win10x86(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_vtypes'
     _md_product = ["NtProductWinNt"]
 
+class Win10x86_10240_17770(obj.Profile):
+    """ A Profile for Windows 10 x86 (10.0.10240.17770 / 2018-02-10) """
+    _md_memory_model = '32bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 10240
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_10240_17770_vtypes'
+    _md_product = ["NtProductWinNt"]
+
 class Win10x86_10586(obj.Profile):
     """ A Profile for Windows 10 x86 (10.0.10586.420 / 2016-05-28) """
     _md_memory_model = '32bit'
diff --git a/volatility/plugins/overlays/windows/win10_x64_10240_17770_vtypes.py b/volatility/plugins/overlays/windows/win10_x64_10240_17770_vtypes.py
new file mode 100644
index 000000000..a24030319
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_10240_17770_vtypes.py
@@ -0,0 +1,13262 @@
+ntkrnlmp_10240_x64_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'Reserved12' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCallPad' : [ 0x308, ['array', 3, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'Reserved8' : [ 0x36c, ['array', 20, ['unsigned char']]],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1080' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1080']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1098' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_109a' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_1098']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_109a']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['pointer64', ['void']]]],
+    'SystemReserved1' : [ 0x190, ['array', 38, ['pointer64', ['void']]]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0x18, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned short']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_1108' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1108']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x8040, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x7ec0, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IdleState' : [ 0x23, ['unsigned char']],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'ProcessorState' : [ 0x40, ['_KPROCESSOR_STATE']],
+    'CpuType' : [ 0x5f0, ['unsigned char']],
+    'CpuID' : [ 0x5f1, ['unsigned char']],
+    'CpuStep' : [ 0x5f2, ['unsigned short']],
+    'CpuStepping' : [ 0x5f2, ['unsigned char']],
+    'CpuModel' : [ 0x5f3, ['unsigned char']],
+    'MHz' : [ 0x5f4, ['unsigned long']],
+    'HalReserved' : [ 0x5f8, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x638, ['unsigned short']],
+    'MajorVersion' : [ 0x63a, ['unsigned short']],
+    'BuildType' : [ 0x63c, ['unsigned char']],
+    'CpuVendor' : [ 0x63d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x63e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x63f, ['unsigned char']],
+    'ParentNode' : [ 0x640, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0x648, ['unsigned long long']],
+    'Group' : [ 0x650, ['unsigned char']],
+    'GroupIndex' : [ 0x651, ['unsigned char']],
+    'PrcbPad05' : [ 0x652, ['array', 2, ['unsigned char']]],
+    'InitialApicId' : [ 0x654, ['unsigned long']],
+    'ScbOffset' : [ 0x658, ['unsigned long']],
+    'ApicMask' : [ 0x65c, ['unsigned long']],
+    'AcpiReserved' : [ 0x660, ['pointer64', ['void']]],
+    'CFlushSize' : [ 0x668, ['unsigned long']],
+    'PrcbPad10' : [ 0x66c, ['unsigned long']],
+    'LockQueue' : [ 0x670, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x780, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x880, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0x1480, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x2080, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PrcbPad20' : [ 0x2c80, ['unsigned long long']],
+    'DeferredReadyListHead' : [ 0x2c88, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2c90, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2c94, ['long']],
+    'MmTransitionCount' : [ 0x2c98, ['long']],
+    'MmDemandZeroCount' : [ 0x2c9c, ['long']],
+    'MmPageReadCount' : [ 0x2ca0, ['long']],
+    'MmPageReadIoCount' : [ 0x2ca4, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x2ca8, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x2cac, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x2cb0, ['long']],
+    'MmMappedWriteIoCount' : [ 0x2cb4, ['long']],
+    'KeSystemCalls' : [ 0x2cb8, ['unsigned long']],
+    'KeContextSwitches' : [ 0x2cbc, ['unsigned long']],
+    'PrcbPad40' : [ 0x2cc0, ['unsigned long']],
+    'CcFastReadNoWait' : [ 0x2cc4, ['unsigned long']],
+    'CcFastReadWait' : [ 0x2cc8, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x2ccc, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x2cd0, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x2cd4, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x2cd8, ['unsigned long']],
+    'IoReadOperationCount' : [ 0x2cdc, ['long']],
+    'IoWriteOperationCount' : [ 0x2ce0, ['long']],
+    'IoOtherOperationCount' : [ 0x2ce4, ['long']],
+    'IoReadTransferCount' : [ 0x2ce8, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x2cf0, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x2cf8, ['_LARGE_INTEGER']],
+    'PacketBarrier' : [ 0x2d00, ['long']],
+    'TargetCount' : [ 0x2d04, ['long']],
+    'IpiFrozen' : [ 0x2d08, ['unsigned long']],
+    'IsrDpcStats' : [ 0x2d10, ['pointer64', ['void']]],
+    'DeviceInterrupts' : [ 0x2d18, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x2d1c, ['long']],
+    'InterruptLastCount' : [ 0x2d20, ['unsigned long']],
+    'InterruptRate' : [ 0x2d24, ['unsigned long']],
+    'TrappedSecurityDomain' : [ 0x2d28, ['unsigned long long']],
+    'BpbState' : [ 0x2d30, ['unsigned char']],
+    'BpbIbrsPresent' : [ 0x2d30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbStibpPresent' : [ 0x2d30, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbSmepPresent' : [ 0x2d30, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbSimulateIbrs' : [ 0x2d30, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbSimulateIbpb' : [ 0x2d30, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'BpbReserved' : [ 0x2d30, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'BpbPad' : [ 0x2d31, ['array', 7, ['unsigned char']]],
+    'PrcbPad41' : [ 0x2d38, ['array', 18, ['unsigned long']]],
+    'DpcData' : [ 0x2d80, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2dd0, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2dd8, ['long']],
+    'DpcRequestRate' : [ 0x2ddc, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x2de0, ['unsigned long']],
+    'DpcLastCount' : [ 0x2de4, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x2de8, ['unsigned char']],
+    'QuantumEnd' : [ 0x2de9, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x2dea, ['unsigned char']],
+    'IdleSchedule' : [ 0x2deb, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x2dec, ['long']],
+    'DpcRequestSlot' : [ 0x2dec, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x2dec, ['short']],
+    'ThreadDpcState' : [ 0x2dee, ['short']],
+    'DpcNormalProcessingActive' : [ 0x2dec, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x2dec, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x2dec, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x2dec, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x2dec, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x2dec, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x2dec, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x2dec, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x2dec, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x2dec, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2df0, ['unsigned long']],
+    'LastTick' : [ 0x2df4, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2df8, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2dfc, ['unsigned long']],
+    'InterruptObject' : [ 0x2e00, ['array', 256, ['pointer64', ['void']]]],
+    'TimerTable' : [ 0x3600, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x5800, ['_KGATE']],
+    'PrcbPad52' : [ 0x5818, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x5820, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x5860, ['long']],
+    'PrcbPad60' : [ 0x5864, ['array', 2, ['unsigned char']]],
+    'NmiActive' : [ 0x5866, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x5868, ['long']],
+    'DpcWatchdogCount' : [ 0x586c, ['long']],
+    'KeSpinLockOrdering' : [ 0x5870, ['long']],
+    'PrcbPad70' : [ 0x5874, ['array', 1, ['unsigned long']]],
+    'CachedPtes' : [ 0x5878, ['pointer64', ['void']]],
+    'WaitListHead' : [ 0x5880, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x5890, ['unsigned long long']],
+    'ReadySummary' : [ 0x5898, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x589c, ['long']],
+    'QueueIndex' : [ 0x58a0, ['unsigned long']],
+    'PrcbPad75' : [ 0x58a4, ['array', 3, ['unsigned long']]],
+    'TimerExpirationDpc' : [ 0x58b0, ['_KDPC']],
+    'ScbQueue' : [ 0x58f0, ['_RTL_RB_TREE']],
+    'DispatcherReadyListHead' : [ 0x5900, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x5b00, ['unsigned long']],
+    'KernelTime' : [ 0x5b04, ['unsigned long']],
+    'UserTime' : [ 0x5b08, ['unsigned long']],
+    'DpcTime' : [ 0x5b0c, ['unsigned long']],
+    'InterruptTime' : [ 0x5b10, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x5b14, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x5b18, ['unsigned char']],
+    'GroupSchedulingOverQuota' : [ 0x5b19, ['unsigned char']],
+    'DeepSleep' : [ 0x5b1a, ['unsigned char']],
+    'PrcbPad80' : [ 0x5b1b, ['array', 5, ['unsigned char']]],
+    'DpcTimeCount' : [ 0x5b20, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x5b24, ['unsigned long']],
+    'PeriodicCount' : [ 0x5b28, ['unsigned long']],
+    'PeriodicBias' : [ 0x5b2c, ['unsigned long']],
+    'AvailableTime' : [ 0x5b30, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x5b34, ['unsigned long']],
+    'StartCycles' : [ 0x5b38, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x5b40, ['unsigned long long']],
+    'TaggedCycles' : [ 0x5b48, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x5b58, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x5b60, ['unsigned long long']],
+    'PrcbPad81' : [ 0x5b68, ['array', 29, ['unsigned long']]],
+    'MmSpinLockOrdering' : [ 0x5bdc, ['long']],
+    'PageColor' : [ 0x5be0, ['unsigned long']],
+    'NodeColor' : [ 0x5be4, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x5be8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x5bec, ['unsigned long']],
+    'PrcbPad83' : [ 0x5bf0, ['unsigned long']],
+    'CycleTime' : [ 0x5bf8, ['unsigned long long']],
+    'Cycles' : [ 0x5c00, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad84' : [ 0x5c40, ['array', 16, ['unsigned long']]],
+    'CcFastMdlReadNoWait' : [ 0x5c80, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x5c84, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x5c88, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x5c8c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x5c90, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x5c94, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x5c98, ['unsigned long']],
+    'CcPinReadWait' : [ 0x5c9c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x5ca0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x5ca4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x5ca8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x5cac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x5cb0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x5cb4, ['unsigned long']],
+    'CcDataPages' : [ 0x5cb8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x5cbc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x5cc0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x5cc4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x5cc8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x5ccc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x5cd0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x5cd4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x5cd8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x5cdc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x5ce0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x5ce4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x5ce8, ['long']],
+    'MmCacheReadCount' : [ 0x5cec, ['long']],
+    'MmCacheIoCount' : [ 0x5cf0, ['long']],
+    'PrcbPad91' : [ 0x5cf4, ['array', 3, ['unsigned long']]],
+    'PowerState' : [ 0x5d00, ['_PROCESSOR_POWER_STATE']],
+    'ScbList' : [ 0x5ed0, ['_LIST_ENTRY']],
+    'PrcbPad92' : [ 0x5ee0, ['array', 7, ['unsigned long']]],
+    'KeAlignmentFixupCount' : [ 0x5efc, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x5f00, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x5f40, ['_KTIMER']],
+    'Cache' : [ 0x5f80, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x5fbc, ['unsigned long']],
+    'CachedCommit' : [ 0x5fc0, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x5fc4, ['unsigned long']],
+    'HyperPte' : [ 0x5fc8, ['pointer64', ['void']]],
+    'WheaInfo' : [ 0x5fd0, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x5fd8, ['pointer64', ['void']]],
+    'InterruptObjectPool' : [ 0x5fe0, ['_SLIST_HEADER']],
+    'HypercallPageList' : [ 0x5ff0, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x6000, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x6008, ['pointer64', ['void']]],
+    'StatisticsPage' : [ 0x6010, ['pointer64', ['unsigned long long']]],
+    'PackageProcessorSet' : [ 0x6018, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x60c0, ['unsigned long long']],
+    'SharedReadyQueue' : [ 0x60c8, ['pointer64', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x60d0, ['unsigned long']],
+    'ScanSiblingIndex' : [ 0x60d4, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x60d8, ['unsigned long long']],
+    'ScanSiblingMask' : [ 0x60e0, ['unsigned long long']],
+    'LLCMask' : [ 0x60e8, ['unsigned long long']],
+    'CacheProcessorMask' : [ 0x60f0, ['array', 5, ['unsigned long long']]],
+    'ProcessorProfileControlArea' : [ 0x6118, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x6120, ['pointer64', ['void']]],
+    'PrcbPad94' : [ 0x6128, ['array', 11, ['unsigned long long']]],
+    'SynchCounters' : [ 0x6180, ['_SYNCH_COUNTERS']],
+    'PteBitCache' : [ 0x6238, ['unsigned long long']],
+    'PteBitOffset' : [ 0x6240, ['unsigned long']],
+    'FsCounters' : [ 0x6248, ['_FILESYSTEM_DISK_COUNTERS']],
+    'VendorString' : [ 0x6258, ['array', 13, ['unsigned char']]],
+    'PrcbPad100' : [ 0x6265, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x6268, ['unsigned long long']],
+    'PrcbPad110' : [ 0x6270, ['unsigned long']],
+    'UpdateSignature' : [ 0x6278, ['_LARGE_INTEGER']],
+    'Context' : [ 0x6280, ['pointer64', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x6288, ['unsigned long']],
+    'ExtendedState' : [ 0x6290, ['pointer64', ['_XSAVE_AREA']]],
+    'IsrStack' : [ 0x6298, ['pointer64', ['void']]],
+    'EntropyTimingState' : [ 0x62a0, ['_KENTROPY_TIMING_STATE']],
+    'PrcbPad111' : [ 0x63f0, ['unsigned long long']],
+    'PrcbPad112' : [ 0x63f8, ['array', 7, ['unsigned long long']]],
+    'AbSelfIoBoostsList' : [ 0x6430, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x6438, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x6440, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x6480, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x64d4, ['_IOP_IRP_STACK_PROFILER']],
+    'LocalSharedReadyQueue' : [ 0x6540, ['_KSHARED_READY_QUEUE']],
+    'TimerExpirationTrace' : [ 0x67a0, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x68a0, ['unsigned long']],
+    'ExSaPageArray' : [ 0x68a8, ['pointer64', ['void']]],
+    'Mailbox' : [ 0x68c0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'PrcbPad130' : [ 0x68c8, ['array', 183, ['unsigned long long']]],
+    'KernelDirectoryTableBase' : [ 0x6e80, ['unsigned long long']],
+    'RspBaseShadow' : [ 0x6e88, ['unsigned long long']],
+    'UserRspShadow' : [ 0x6e90, ['unsigned long long']],
+    'ShadowFlags' : [ 0x6e98, ['unsigned long']],
+    'PrcbPad139' : [ 0x6e9c, ['unsigned long']],
+    'PrcbPad140' : [ 0x6ea0, ['array', 508, ['unsigned long long']]],
+    'RequestMailbox' : [ 0x7e80, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KFLOATING_SAVE' : [ 0x4, {
+    'Dummy' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_11bf' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Virtual' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_11c1' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Reserved2' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_11c3' : [ 0x10, {
+    'Reserved' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_INVPCID_DESCRIPTOR' : [ 0x10, {
+    'IndividualAddress' : [ 0x0, ['__unnamed_11bf']],
+    'SingleContext' : [ 0x0, ['__unnamed_11c1']],
+    'AllContextAndGlobals' : [ 0x0, ['__unnamed_11c3']],
+    'AllContext' : [ 0x0, ['__unnamed_11c3']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_KPROCESS' : [ 0x2d8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long']],
+    'Spare0' : [ 0x44, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x48, ['unsigned long long']],
+    'Affinity' : [ 0x50, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x110, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x1b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x1b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x1b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'DeepFreeze' : [ 0x1b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x1b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x1b8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SpareFlags0' : [ 0x1b8, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x1b8, ['BitField', dict(start_bit = 8, end_bit = 28, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x1b8, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x1b8, ['long']],
+    'BasePriority' : [ 0x1bc, ['unsigned char']],
+    'QuantumReset' : [ 0x1bd, ['unsigned char']],
+    'Visited' : [ 0x1be, ['unsigned char']],
+    'Flags' : [ 0x1bf, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x1c0, ['array', 20, ['unsigned long']]],
+    'IdealNode' : [ 0x210, ['array', 20, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x238, ['unsigned short']],
+    'Spare1' : [ 0x23a, ['unsigned short']],
+    'StackCount' : [ 0x23c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x240, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x250, ['unsigned long long']],
+    'ContextSwitches' : [ 0x258, ['unsigned long long']],
+    'SchedulingGroup' : [ 0x260, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'FreezeCount' : [ 0x268, ['unsigned long']],
+    'KernelTime' : [ 0x26c, ['unsigned long']],
+    'UserTime' : [ 0x270, ['unsigned long']],
+    'UserDirectoryTableBase' : [ 0x278, ['unsigned long long']],
+    'AddressPolicy' : [ 0x280, ['unsigned char']],
+    'Spare2' : [ 0x281, ['array', 71, ['unsigned char']]],
+    'InstrumentationCallback' : [ 0x2c8, ['pointer64', ['void']]],
+    'SecurePid' : [ 0x2d0, ['unsigned long long']],
+} ],
+  '_KTHREAD' : [ 0x5d8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'StackBase' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'CycleTime' : [ 0x48, ['unsigned long long']],
+    'CurrentRunTime' : [ 0x50, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
+    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
+    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x71, ['unsigned char']],
+    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x74, ['long']],
+    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlagsSpare0' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CommitFailTerminateRequest' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x78, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x78, ['BitField', dict(start_bit = 19, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x78, ['long']],
+    'Tag' : [ 0x7c, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x7d, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x7f, ['unsigned char']],
+    'SystemCallNumber' : [ 0x80, ['unsigned long']],
+    'Spare10' : [ 0x84, ['unsigned long']],
+    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
+    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x98, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0xc3, ['unsigned char']],
+    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
+    'WaitStatus' : [ 0xc8, ['long long']],
+    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xf0, ['pointer64', ['void']]],
+    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
+    'Timer' : [ 0x100, ['_KTIMER']],
+    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
+    'ContextSwitches' : [ 0x154, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
+    'State' : [ 0x184, ['unsigned char']],
+    'Spare13' : [ 0x185, ['unsigned char']],
+    'WaitIrql' : [ 0x186, ['unsigned char']],
+    'WaitMode' : [ 0x187, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
+    'WaitTime' : [ 0x1b4, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1e4, ['short']],
+    'SpecialApcDisable' : [ 0x1e6, ['short']],
+    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
+    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
+    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
+    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
+    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
+    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
+    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'Spare21' : [ 0x200, ['pointer64', ['void']]],
+    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x218, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x21c, ['long']],
+    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
+    'PreviousMode' : [ 0x232, ['unsigned char']],
+    'BasePriority' : [ 0x233, ['unsigned char']],
+    'PriorityDecrement' : [ 0x234, ['unsigned char']],
+    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x235, ['unsigned char']],
+    'AdjustReason' : [ 0x236, ['unsigned char']],
+    'AdjustIncrement' : [ 0x237, ['unsigned char']],
+    'AffinityVersion' : [ 0x238, ['unsigned long long']],
+    'Affinity' : [ 0x240, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x240, ['array', 10, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x24a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x24b, ['unsigned char']],
+    'IdealProcessor' : [ 0x24c, ['unsigned long']],
+    'NpxState' : [ 0x250, ['unsigned long long']],
+    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x283, ['unsigned char']],
+    'SuspendCount' : [ 0x284, ['unsigned char']],
+    'Saturation' : [ 0x285, ['unsigned char']],
+    'SListFaultCount' : [ 0x286, ['unsigned short']],
+    'SchedulerApc' : [ 0x288, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x289, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x28b, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x28c, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
+    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
+    'UserTime' : [ 0x2dc, ['unsigned long']],
+    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x318, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x319, ['unsigned char']],
+    'Spare20' : [ 0x31a, ['unsigned short']],
+    'SecureThreadCookie' : [ 0x31c, ['unsigned long']],
+    'LockEntries' : [ 0x320, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x568, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x570, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x580, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x584, ['long']],
+    'KeReferenceCount' : [ 0x588, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x58a, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x58b, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x58c, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x590, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x590, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x598, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x5a0, ['long long']],
+    'WriteOperationCount' : [ 0x5a8, ['long long']],
+    'OtherOperationCount' : [ 0x5b0, ['long long']],
+    'ReadTransferCount' : [ 0x5b8, ['long long']],
+    'WriteTransferCount' : [ 0x5c0, ['long long']],
+    'OtherTransferCount' : [ 0x5c8, ['long long']],
+    'QueuedScb' : [ 0x5d0, ['pointer64', ['_KSCB']]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x30, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'ActualLimit' : [ 0x8, ['unsigned long long']],
+    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_125f' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'HeaderX64' : [ 0x0, ['__unnamed_125f']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x100, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long long']],
+    'IdleSmtSet' : [ 0x8, ['unsigned long long']],
+    'IdleCpuSet' : [ 0x10, ['unsigned long long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long long']],
+    'IdleConstrainedSet' : [ 0x48, ['unsigned long long']],
+    'NonParkedSet' : [ 0x50, ['unsigned long long']],
+    'ParkLock' : [ 0x58, ['long']],
+    'Seed' : [ 0x5c, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x88, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x88, ['array', 10, ['unsigned char']]],
+    'NodeNumber' : [ 0x92, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x94, ['unsigned short']],
+    'Stride' : [ 0x96, ['unsigned char']],
+    'Spare0' : [ 0x97, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x98, ['unsigned long long']],
+    'ProximityId' : [ 0xa0, ['unsigned long']],
+    'Lowest' : [ 0xa4, ['unsigned long']],
+    'Highest' : [ 0xa8, ['unsigned long']],
+    'MaximumProcessors' : [ 0xac, ['unsigned char']],
+    'Flags' : [ 0xad, ['_flags']],
+    'Spare10' : [ 0xae, ['unsigned char']],
+    'HeteroSets' : [ 0xb0, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+} ],
+  '_ENODE' : [ 0x540, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'ExWorkQueues' : [ 0x100, ['array', 8, ['pointer64', ['_EX_WORK_QUEUE']]]],
+    'ExWorkQueue' : [ 0x140, ['_EX_WORK_QUEUE']],
+    'ExpThreadSetManagerEvent' : [ 0x410, ['_KEVENT']],
+    'ExpDeadlockTimer' : [ 0x428, ['_KTIMER']],
+    'ExpThreadReaperEvent' : [ 0x468, ['_KEVENT']],
+    'WaitBlocks' : [ 0x480, ['array', 3, ['_KWAIT_BLOCK']]],
+    'ExpWorkerThreadBalanceManagerPtr' : [ 0x510, ['pointer64', ['_ETHREAD']]],
+    'ExpWorkerSeed' : [ 0x518, ['unsigned long']],
+    'ExWorkerFullInit' : [ 0x51c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerStructInit' : [ 0x51c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExWorkerFlags' : [ 0x51c, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long long']],
+    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x2c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
+    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x4, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'VolatileLowValue' : [ 0x0, ['long long']],
+    'LowValue' : [ 0x0, ['long long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x8, ['long long']],
+    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
+    'RefCountField' : [ 0x0, ['long long']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
+    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+    'Spare2' : [ 0xc, ['unsigned long']],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1356' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_1356']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xe0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x7c0, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x5d8, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x5e0, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x5e0, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x5f0, ['pointer64', ['void']]],
+    'PostBlockList' : [ 0x5f8, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x5f8, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x600, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x608, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x608, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x608, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x610, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x618, ['_LIST_ENTRY']],
+    'Cid' : [ 0x628, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x638, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x638, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x658, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x660, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x670, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x678, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x680, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x688, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x690, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x6a0, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x6a8, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x6b0, ['unsigned long']],
+    'MmLockOrdering' : [ 0x6b4, ['long']],
+    'CmLockOrdering' : [ 0x6b8, ['long']],
+    'CrossThreadFlags' : [ 0x6bc, ['unsigned long']],
+    'Terminated' : [ 0x6bc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x6bc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x6bc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x6bc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x6bc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x6bc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x6bc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x6bc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x6bc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x6bc, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x6bc, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x6bc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x6bc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6bc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x6bc, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x6c0, ['unsigned long']],
+    'ActiveExWorker' : [ 0x6c0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x6c0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x6c0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x6c0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x6c0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x6c0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x6c0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x6c4, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x6c4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x6c4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x6c4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x6c4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x6c4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x6c4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x6c4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x6c4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x6c5, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x6c5, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x6c8, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x6c9, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x6ca, ['unsigned char']],
+    'LockOrderState' : [ 0x6cb, ['unsigned char']],
+    'AlpcMessageId' : [ 0x6d0, ['unsigned long long']],
+    'AlpcMessage' : [ 0x6d8, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x6d8, ['unsigned long']],
+    'ExitStatus' : [ 0x6e0, ['long']],
+    'AlpcWaitListEntry' : [ 0x6e8, ['_LIST_ENTRY']],
+    'CacheManagerCount' : [ 0x6f8, ['unsigned long']],
+    'IoBoostCount' : [ 0x6fc, ['unsigned long']],
+    'BoostList' : [ 0x700, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x710, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x720, ['unsigned long long']],
+    'IrpListLock' : [ 0x728, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x730, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x738, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x740, ['pointer64', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x748, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x750, ['pointer64', ['void']]],
+    'KernelStackReference' : [ 0x758, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x760, ['pointer64', ['void']]],
+    'WorkingOnBehalfClient' : [ 0x768, ['pointer64', ['void']]],
+    'PropertySet' : [ 0x770, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x788, ['pointer64', ['void']]],
+    'UserFsBase' : [ 0x790, ['unsigned long']],
+    'UserGsBase' : [ 0x798, ['unsigned long long']],
+    'EnergyValues' : [ 0x7a0, ['pointer64', ['_THREAD_ENERGY_VALUES']]],
+    'CmCellReferences' : [ 0x7a8, ['unsigned long']],
+    'SelectedCpuSets' : [ 0x7b0, ['unsigned long long']],
+    'SelectedCpuSetsIndirect' : [ 0x7b0, ['pointer64', ['unsigned long long']]],
+    'Silo' : [ 0x7b8, ['pointer64', ['_ESILO']]],
+} ],
+  '_EPROCESS' : [ 0x7a8, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x2d8, ['_EX_PUSH_LOCK']],
+    'RundownProtect' : [ 0x2e0, ['_EX_RUNDOWN_REF']],
+    'UniqueProcessId' : [ 0x2e8, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x2f0, ['_LIST_ENTRY']],
+    'Flags2' : [ 0x300, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x304, ['unsigned long']],
+    'CreateReported' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x304, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ControlFlowGuardEnabled' : [ 0x304, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x304, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x304, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x304, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0x304, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x304, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x304, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x304, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x304, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x304, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x304, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x304, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x304, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0x304, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x304, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x304, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x304, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x304, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0x304, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x304, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x304, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x304, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x304, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0x308, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x320, ['array', 2, ['unsigned long long']]],
+    'PeakVirtualSize' : [ 0x330, ['unsigned long long']],
+    'VirtualSize' : [ 0x338, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x340, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x350, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x350, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x350, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Token' : [ 0x358, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0x360, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x368, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x370, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x378, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x380, ['pointer64', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x388, ['pointer64', ['_EJOB']]],
+    'CloneRoot' : [ 0x390, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x398, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x3a0, ['unsigned long long']],
+    'Win32Process' : [ 0x3a8, ['pointer64', ['void']]],
+    'Job' : [ 0x3b0, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x3b8, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x3c0, ['pointer64', ['void']]],
+    'Cookie' : [ 0x3c8, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x3d0, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x3d8, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x3e0, ['pointer64', ['void']]],
+    'LdtInformation' : [ 0x3e8, ['pointer64', ['void']]],
+    'OwnerProcessId' : [ 0x3f0, ['unsigned long long']],
+    'Peb' : [ 0x3f8, ['pointer64', ['_PEB']]],
+    'Session' : [ 0x400, ['pointer64', ['void']]],
+    'AweInfo' : [ 0x408, ['pointer64', ['void']]],
+    'QuotaBlock' : [ 0x410, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x418, ['pointer64', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x420, ['pointer64', ['void']]],
+    'Wow64Process' : [ 0x428, ['pointer64', ['void']]],
+    'DeviceMap' : [ 0x430, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x438, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x440, ['unsigned long long']],
+    'ImageFileName' : [ 0x448, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x457, ['unsigned char']],
+    'SecurityPort' : [ 0x458, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x460, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x468, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x478, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x480, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x490, ['unsigned long']],
+    'ImagePathHash' : [ 0x494, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x498, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x49c, ['long']],
+    'PrefetchTrace' : [ 0x4a0, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x4a8, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x4b0, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x4b8, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x4c0, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x4c8, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x4d0, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x4d8, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x4e0, ['unsigned long long']],
+    'CommitCharge' : [ 0x4e8, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x4f0, ['unsigned long long']],
+    'Vm' : [ 0x4f8, ['_MMSUPPORT']],
+    'MmProcessLinks' : [ 0x5f8, ['_LIST_ENTRY']],
+    'VadRoot' : [ 0x608, ['_RTL_AVL_TREE']],
+    'ModifiedPageCount' : [ 0x610, ['unsigned long']],
+    'ExitStatus' : [ 0x614, ['long']],
+    'VadHint' : [ 0x618, ['pointer64', ['void']]],
+    'VadCount' : [ 0x620, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x628, ['unsigned long long']],
+    'VadPhysicalPagesLimit' : [ 0x630, ['unsigned long long']],
+    'AlpcContext' : [ 0x638, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x658, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x668, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x670, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x674, ['unsigned long']],
+    'ExitTime' : [ 0x678, ['_LARGE_INTEGER']],
+    'InvertedFunctionTable' : [ 0x680, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
+    'InvertedFunctionTableLock' : [ 0x688, ['_EX_PUSH_LOCK']],
+    'ActiveThreadsHighWatermark' : [ 0x690, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x694, ['unsigned long']],
+    'ThreadListLock' : [ 0x698, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x6a0, ['pointer64', ['void']]],
+    'Spare0' : [ 0x6a8, ['unsigned long long']],
+    'SignatureLevel' : [ 0x6b0, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x6b1, ['unsigned char']],
+    'Protection' : [ 0x6b2, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x6b3, ['unsigned char']],
+    'Flags3' : [ 0x6b4, ['unsigned long']],
+    'Minimal' : [ 0x6b4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x6b4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x6b4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x6b4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Crashed' : [ 0x6b4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x6b4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x6b4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x6b4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x6b4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6b4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'InPrivate' : [ 0x6b4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x6b4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'RestrictIndirectBranchPrediction' : [ 0x6b4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x6b8, ['long']],
+    'SvmData' : [ 0x6c0, ['pointer64', ['void']]],
+    'SvmProcessLock' : [ 0x6c8, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x6d0, ['unsigned long long']],
+    'SvmProcessDeviceListHead' : [ 0x6d8, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x6e8, ['unsigned long long']],
+    'DiskCounters' : [ 0x6f0, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x6f8, ['pointer64', ['void']]],
+    'TrustletIdentity' : [ 0x700, ['unsigned long long']],
+    'KeepAliveCounter' : [ 0x708, ['unsigned long']],
+    'NoWakeKeepAliveCounter' : [ 0x70c, ['unsigned long']],
+    'HighPriorityFaultsAllowed' : [ 0x710, ['unsigned long']],
+    'EnergyValues' : [ 0x718, ['pointer64', ['_PROCESS_ENERGY_VALUES']]],
+    'VmContext' : [ 0x720, ['pointer64', ['void']]],
+    'Silo' : [ 0x728, ['pointer64', ['_ESILO']]],
+    'SiloEntry' : [ 0x730, ['_LIST_ENTRY']],
+    'SequenceNumber' : [ 0x740, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x748, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x750, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x758, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x760, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x768, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x768, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x770, ['unsigned long long']],
+    'SharedCommitLock' : [ 0x778, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x780, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x790, ['unsigned long long']],
+    'DefaultCpuSets' : [ 0x798, ['unsigned long long']],
+    'AllowedCpuSetsIndirect' : [ 0x790, ['pointer64', ['unsigned long long']]],
+    'DefaultCpuSetsIndirect' : [ 0x798, ['pointer64', ['unsigned long long']]],
+    'SecurityDomain' : [ 0x7a0, ['unsigned long long']],
+} ],
+  '__unnamed_13b9' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13bf' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13c1' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13bf']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13cc' : [ 0x58, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13ce' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_13cc']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_13b9']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_13c1']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_13ce']],
+} ],
+  '__unnamed_13d5' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13d9' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13dd' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13df' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13e3' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13e5' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_13e7' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13e9' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13eb' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_13ed' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13f1' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13f3' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13f5' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13f7' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13f9' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_13fb' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_13ff' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_1403' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1407' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_140b' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_140f' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1413' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1417' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1419' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_141b' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_141f' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_1423' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1427' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_142b' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_142f' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1437' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_143b' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_143d' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_143f' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1441' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_13d5']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13d9']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13dd']],
+    'Read' : [ 0x0, ['__unnamed_13df']],
+    'Write' : [ 0x0, ['__unnamed_13df']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13e3']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13e5']],
+    'QueryFile' : [ 0x0, ['__unnamed_13e7']],
+    'SetFile' : [ 0x0, ['__unnamed_13e9']],
+    'QueryEa' : [ 0x0, ['__unnamed_13eb']],
+    'SetEa' : [ 0x0, ['__unnamed_13ed']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13f1']],
+    'SetVolume' : [ 0x0, ['__unnamed_13f1']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13f3']],
+    'LockControl' : [ 0x0, ['__unnamed_13f5']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_13f7']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_13f9']],
+    'SetSecurity' : [ 0x0, ['__unnamed_13fb']],
+    'MountVolume' : [ 0x0, ['__unnamed_13ff']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_13ff']],
+    'Scsi' : [ 0x0, ['__unnamed_1403']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1407']],
+    'SetQuota' : [ 0x0, ['__unnamed_13ed']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_140b']],
+    'QueryInterface' : [ 0x0, ['__unnamed_140f']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_1413']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1417']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1419']],
+    'SetLock' : [ 0x0, ['__unnamed_141b']],
+    'QueryId' : [ 0x0, ['__unnamed_141f']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_1423']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1427']],
+    'WaitWake' : [ 0x0, ['__unnamed_142b']],
+    'PowerSequence' : [ 0x0, ['__unnamed_142f']],
+    'Power' : [ 0x0, ['__unnamed_1437']],
+    'StartDevice' : [ 0x0, ['__unnamed_143b']],
+    'WMI' : [ 0x0, ['__unnamed_143d']],
+    'Others' : [ 0x0, ['__unnamed_143f']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_1441']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1457' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_1457']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x20, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x70, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x60, ['pointer64', ['void']]],
+    'UserContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'Oplock' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '_TlgProvider_t' : [ 0x40, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+    'AnnotationFunc' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_1623' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_1623']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0x10, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x8, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0xc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
+    'WaiterPriority' : [ 0x1b, ['unsigned char']],
+    'SharedWaiters' : [ 0x20, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_165b' : [ 0x8, {
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
+    'WsIndex' : [ 0x0, ['unsigned long long']],
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer64', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_165f' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'ShortFlags' : [ 0x2, ['unsigned short']],
+    'VolatileShortFlags' : [ 0x2, ['unsigned short']],
+} ],
+  '__unnamed_1661' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY']],
+    'e2' : [ 0x0, ['__unnamed_165f']],
+} ],
+  '__unnamed_166d' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'Channel' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 50, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 52, native_type='unsigned long long')]],
+    'FileOnly' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_165b']],
+    'PteAddress' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x8, ['pointer64', ['void']]],
+    'PteLong' : [ 0x8, ['unsigned long long']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'u2' : [ 0x18, ['_MIPFNBLINK']],
+    'u3' : [ 0x20, ['__unnamed_1661']],
+    'NodeBlinkLow' : [ 0x24, ['unsigned short']],
+    'Unused' : [ 0x26, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'VaType' : [ 0x26, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ViewCount' : [ 0x27, ['unsigned char']],
+    'NodeFlinkLow' : [ 0x27, ['unsigned char']],
+    'u4' : [ 0x28, ['__unnamed_166d']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x60, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSpecialPoolNonPaged', 14: u'MiVaMaximumType', 15: u'MiVaSystemPtesLarge'})]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x30, ['unsigned long long']],
+    'GlobalPushLock' : [ 0x30, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'Vm' : [ 0x38, ['pointer64', ['_MMSUPPORT']]],
+    'TotalSystemPtes' : [ 0x40, ['unsigned long long']],
+    'Hint' : [ 0x48, ['unsigned long long']],
+    'CachedPtes' : [ 0x50, ['pointer64', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x58, ['unsigned long long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x50, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer64', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0x18, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x20, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x28, ['unsigned long long']],
+    'NumberOfReferences' : [ 0x30, ['unsigned long long']],
+    'CloneHeader' : [ 0x38, ['pointer64', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x40, ['unsigned long long']],
+    'NestingLevel' : [ 0x48, ['unsigned long long']],
+} ],
+  '__unnamed_169f' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_169f']],
+} ],
+  '_MMWSL' : [ 0x300, {
+    'FirstFree' : [ 0x0, ['unsigned long long']],
+    'FirstDynamic' : [ 0x8, ['unsigned long long']],
+    'LastEntry' : [ 0x10, ['unsigned long long']],
+    'NextSlot' : [ 0x18, ['unsigned long long']],
+    'LastInitializedWsle' : [ 0x20, ['unsigned long long']],
+    'NextAgingSlot' : [ 0x28, ['unsigned long long']],
+    'NextAccessClearingSlot' : [ 0x30, ['unsigned long long']],
+    'LastAccessClearingRemainder' : [ 0x38, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x3c, ['unsigned long']],
+    'WsleSize' : [ 0x40, ['unsigned long']],
+    'NonDirectCount' : [ 0x48, ['unsigned long long']],
+    'LowestPagableAddress' : [ 0x50, ['pointer64', ['void']]],
+    'NonDirectHash' : [ 0x58, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x60, ['pointer64', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x68, ['pointer64', ['_MMWSLE_HASH']]],
+    'ActiveWsleCounts' : [ 0x70, ['array', 16, ['unsigned long long']]],
+    'ActiveWsles' : [ 0xf0, ['array', 16, ['_MI_ACTIVE_WSLE_LISTHEAD']]],
+    'Wsle' : [ 0x1f0, ['pointer64', ['_MMWSLE']]],
+    'UserVaInfo' : [ 0x1f8, ['_MI_USER_VA_INFO']],
+} ],
+  '_MMSUPPORT' : [ 0x100, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'ExitOutswapGate' : [ 0x8, ['pointer64', ['_KGATE']]],
+    'AccessLog' : [ 0x10, ['pointer64', ['void']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 7, ['unsigned long long']]],
+    'MinimumWorkingSetSize' : [ 0x60, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x68, ['unsigned long long']],
+    'WorkingSetLeafPrivateSize' : [ 0x70, ['unsigned long long']],
+    'WorkingSetSize' : [ 0x78, ['unsigned long long']],
+    'WorkingSetPrivateSize' : [ 0x80, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0x88, ['unsigned long long']],
+    'ChargedWslePages' : [ 0x90, ['unsigned long long']],
+    'ActualWslePages' : [ 0x98, ['unsigned long long']],
+    'WorkingSetSizeOverhead' : [ 0xa0, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0xa8, ['unsigned long long']],
+    'HardFaultCount' : [ 0xb0, ['unsigned long']],
+    'PartitionId' : [ 0xb4, ['unsigned short']],
+    'Pad0' : [ 0xb6, ['unsigned short']],
+    'VmWorkingSetList' : [ 0xb8, ['pointer64', ['_MMWSL']]],
+    'NextPageColor' : [ 0xc0, ['unsigned short']],
+    'LastTrimStamp' : [ 0xc2, ['unsigned short']],
+    'PageFaultCount' : [ 0xc4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0xc8, ['unsigned long long']],
+    'ForceTrimPages' : [ 0xd0, ['unsigned long long']],
+    'Flags' : [ 0xd8, ['_MMSUPPORT_FLAGS']],
+    'ReleasedCommitDebt' : [ 0xe0, ['unsigned long long']],
+    'WsSwapSupport' : [ 0xe8, ['pointer64', ['void']]],
+    'CommitReAcquireFailSupport' : [ 0xf0, ['pointer64', ['void']]],
+    'ShadowMapping' : [ 0xf8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_16ba' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+} ],
+  '__unnamed_16be' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x48, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_16ba']],
+    'u2' : [ 0x38, ['__unnamed_16be']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_16c3' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_16c6' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS2']],
+} ],
+  '__unnamed_16d1' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 25, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_16d3' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_16d1']],
+} ],
+  '_CONTROL_AREA' : [ 0x78, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_16c3']],
+    'u1' : [ 0x3c, ['__unnamed_16c6']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_16d3']],
+    'LockedPages' : [ 0x68, ['unsigned long long']],
+    'FileObjectLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_16dd' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_16e0' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
+    'StartingVpn' : [ 0x18, ['unsigned long']],
+    'EndingVpn' : [ 0x1c, ['unsigned long']],
+    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
+    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
+    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
+    'SpareNT64VadUChar' : [ 0x23, ['unsigned char']],
+    'ReferenceCount' : [ 0x24, ['long']],
+    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x30, ['__unnamed_16dd']],
+    'u1' : [ 0x34, ['__unnamed_16e0']],
+    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MI_PARTITION' : [ 0x25c0, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0x168, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x410, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x490, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x5c0, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0x1280, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0x12b8, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0x1300, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x1488, ['pointer64', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x1490, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0x14c0, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPAGING_FILE' : [ 0x100, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
+    'LargestReserveCluster' : [ 0x38, ['unsigned long long']],
+    'File' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x48, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x60, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x70, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x80, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x88, ['unsigned long']],
+    'ReservationBitmapHint' : [ 0x8c, ['unsigned long']],
+    'LargestNonReservedClusterSize' : [ 0x90, ['unsigned long']],
+    'RefreshClusterSize' : [ 0x94, ['unsigned long']],
+    'LastRefreshClusterSize' : [ 0x98, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x9c, ['unsigned long']],
+    'ToBeEvictedCount' : [ 0xa0, ['unsigned long']],
+    'HybridPriority' : [ 0xa0, ['unsigned long']],
+    'PageFileNumber' : [ 0xa4, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0xa4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0xa4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0xa4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0xa4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0xa4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0xa4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0xa4, ['BitField', dict(start_bit = 10, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0xa6, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0xa6, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xa7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0xa8, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0xac, ['unsigned long']],
+    'PageHash' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'FileHandle' : [ 0xb8, ['pointer64', ['void']]],
+    'Lock' : [ 0xc0, ['unsigned long long']],
+    'LockOwner' : [ 0xc8, ['pointer64', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0xd0, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0xd8, ['pointer64', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x68, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '__unnamed_1720' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmInitializeHive', 2: u'_HvInitializeHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1723' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1725' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1729' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_172b' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_172f' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_1733' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_1735' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'RecoverableIndex' : [ 0xc, ['unsigned long']],
+    'Locations' : [ 0x10, ['array', 8, ['__unnamed_1720']]],
+    'RecoverableLocations' : [ 0x70, ['array', 8, ['__unnamed_1720']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_1723']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_1725']],
+    'CheckKey' : [ 0xf0, ['__unnamed_1729']],
+    'CheckValueList' : [ 0x110, ['__unnamed_172b']],
+    'CheckHive' : [ 0x128, ['__unnamed_172f']],
+    'CheckHive1' : [ 0x138, ['__unnamed_172f']],
+    'CheckBin' : [ 0x148, ['__unnamed_1733']],
+    'RecoverData' : [ 0x158, ['__unnamed_1735']],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0xc, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 38, ['unsigned long']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 38, ['unsigned long long']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x260, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ReadySummary' : [ 0x8, ['unsigned long']],
+    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
+    'Span' : [ 0x250, ['unsigned char']],
+    'LowProcIndex' : [ 0x251, ['unsigned char']],
+    'QueueIndex' : [ 0x252, ['unsigned char']],
+    'ProcCount' : [ 0x253, ['unsigned char']],
+    'ScanOwner' : [ 0x254, ['unsigned char']],
+    'Spare' : [ 0x255, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x258, ['unsigned long long']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'Spare1' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
+    'OutputLength' : [ 0xe0, ['unsigned long long']],
+    'Spare2' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'TimeStampCKCL' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'TimeStampKlog' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'Fill4' : [ 0x18c, ['unsigned long']],
+} ],
+  '__unnamed_1823' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_1829' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_1823']],
+    'Bits' : [ 0x4, ['__unnamed_1829']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'DataLow' : [ 0x0, ['long long']],
+    'DataHigh' : [ 0x8, ['long long']],
+} ],
+  '_KPROCESSOR_DESCRIPTOR_AREA' : [ 0x5000, {
+    'Idt' : [ 0x0, ['array', 256, ['_KIDTENTRY64']]],
+    'Tss' : [ 0x1000, ['_KTSS64']],
+    'TssSpare' : [ 0x1068, ['unsigned long long']],
+    'KernelGsBase' : [ 0x1070, ['pointer64', ['_KPCR']]],
+    'IdleStack' : [ 0x1078, ['pointer64', ['void']]],
+    'TssPad' : [ 0x1080, ['array', 3884, ['unsigned char']]],
+    'GdtPadTemp' : [ 0x1fac, ['array', 4096, ['unsigned char']]],
+    'Gdt' : [ 0x2fb0, ['array', 5, ['_KGDTENTRY64']]],
+    'GdtCmTebDescriptor' : [ 0x3000, ['_KLDTENTRY']],
+    'GdtEndPadding' : [ 0x3008, ['array', 4088, ['unsigned char']]],
+    'TransitionStack' : [ 0x4000, ['array', 8, ['_KTRANSITION_STACK']]],
+} ],
+  '_KTRANSITION_STACK' : [ 0x200, {
+    'Stack' : [ 0x0, ['array', 512, ['unsigned char']]],
+    'IstStack' : [ 0x0, ['array', 480, ['unsigned char']]],
+    'IstFrame' : [ 0x1e0, ['_KIST_BASE_FRAME']],
+} ],
+  '__unnamed_184f' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1851' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1855' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['unsigned short']]],
+} ],
+  '_DEVICE_NODE' : [ 0x2c8, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x58, ['long']],
+    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
+    'FxActivationCount' : [ 0x78, ['long']],
+    'FxSleepCount' : [ 0x7c, ['long']],
+    'Plugin' : [ 0x80, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x88, ['unsigned long']],
+    'CurrentPowerState' : [ 0x8c, ['_POWER_STATE']],
+    'Notify' : [ 0x90, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xf8, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0x118, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0x128, ['unsigned long']],
+    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x134, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
+    'CompletionStatus' : [ 0x188, ['long']],
+    'Flags' : [ 0x18c, ['unsigned long']],
+    'UserFlags' : [ 0x190, ['unsigned long']],
+    'Problem' : [ 0x194, ['unsigned long']],
+    'ProblemStatus' : [ 0x198, ['long']],
+    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x1c4, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
+    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
+    'OverUsed1' : [ 0x210, ['__unnamed_184f']],
+    'OverUsed2' : [ 0x218, ['__unnamed_1851']],
+    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x230, ['unsigned long']],
+    'DockInfo' : [ 0x238, ['__unnamed_1855']],
+    'DisableableDepends' : [ 0x258, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
+    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x290, ['long']],
+    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
+    'ContainerID' : [ 0x298, ['_GUID']],
+    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x2c0, ['unsigned long']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
+    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x68, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
+    'InterruptContext' : [ 0x58, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KAFFINITY_EX' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1952' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1952']],
+} ],
+  '__unnamed_1959' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1959']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x18, ['pointer64', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x20, ['pointer64', ['unsigned short']]],
+    'PinCount' : [ 0x28, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x2a, ['unsigned char']],
+    'ResourceSourceName' : [ 0x30, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x40, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x30, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'SlaveAddress' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x28, ['unsigned long']],
+    'RxBufferSize' : [ 0x2c, ['unsigned short']],
+    'TxBufferSize' : [ 0x2e, ['unsigned short']],
+    'Parity' : [ 0x30, ['unsigned char']],
+    'LinesInUse' : [ 0x31, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'DataBitLength' : [ 0x2c, ['unsigned char']],
+    'Phase' : [ 0x2d, ['unsigned char']],
+    'Polarity' : [ 0x2e, ['unsigned char']],
+    'DeviceSelection' : [ 0x30, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x1c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x18, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x20, ['pointer64', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x28, ['pointer64', ['void']]],
+    'Accounting' : [ 0x30, ['pointer64', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0xb30, {
+    'Name' : [ 0x0, ['pointer64', ['unsigned short']]],
+    'Id' : [ 0x8, ['unsigned char']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Priority' : [ 0x20, ['unsigned char']],
+    'Settings' : [ 0x28, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0xb08, ['unsigned long long']],
+    'Count' : [ 0xb10, ['unsigned long long']],
+    'MaxDuration' : [ 0xb18, ['unsigned long long']],
+    'MinDuration' : [ 0xb20, ['unsigned long long']],
+    'TotalDuration' : [ 0xb28, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0x570, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfBoostPolicy' : [ 0x2c, ['unsigned long']],
+    'PerfBoostMode' : [ 0x30, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x34, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x38, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x3c, ['unsigned long']],
+    'AutonomousPreference' : [ 0x40, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x41, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x43, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x45, ['unsigned char']],
+    'ParkingPerfState' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x48, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x49, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x4a, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x4b, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x4c, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x4d, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x4e, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x50, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x54, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x58, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x5a, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x5c, ['unsigned char']],
+    'IdleDisabled' : [ 0x5d, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x60, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x64, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x65, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x66, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x67, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x68, ['array', 640, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x2e8, ['array', 640, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0x568, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0x569, ['unsigned char']],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0xd0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x20, ['unsigned long long']],
+    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0xc0, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x210, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
+    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
+    'Event' : [ 0x158, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
+    'WritesInProgress' : [ 0x204, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x208, ['unsigned long']],
+} ],
+  '__unnamed_1a3d' : [ 0x10, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_1a3d']],
+    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '__unnamed_1a61' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_1a63' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1a65' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_1a67' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1a69' : [ 0x30, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_1a6d' : [ 0x58, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'PrefetchList' : [ 0x20, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x28, ['unsigned long']],
+    'Mdl' : [ 0x30, ['pointer64', ['_MDL']]],
+    'IoStatusBlock' : [ 0x38, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x40, ['pointer64', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x48, ['pointer64', ['_EPROCESS']]],
+    'RequestorMode' : [ 0x50, ['unsigned char']],
+    'NestingLevel' : [ 0x54, ['unsigned long']],
+} ],
+  '__unnamed_1a6f' : [ 0x58, {
+    'Read' : [ 0x0, ['__unnamed_1a61']],
+    'Write' : [ 0x0, ['__unnamed_1a63']],
+    'Event' : [ 0x0, ['__unnamed_1a65']],
+    'Notification' : [ 0x0, ['__unnamed_1a67']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1a69']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1a6d']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x70, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_1a6f']],
+    'Function' : [ 0x68, ['unsigned char']],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
+    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x90, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x298, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x90, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
+    'Signature' : [ 0x98, ['unsigned long']],
+    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
+    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
+    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x100, ['unsigned long long']],
+    'AlignMask' : [ 0x108, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
+    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
+    'FrontEndHeap' : [ 0x170, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x178, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x17a, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0x17b, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0x180, ['pointer64', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0x188, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0x18a, ['array', 129, ['unsigned char']]],
+    'Counters' : [ 0x210, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x288, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1adb' : [ 0x68, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x68, {
+    'Lock' : [ 0x0, ['__unnamed_1adb']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1b2e' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1b30' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b2e']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1b32' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1b34' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1b32']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_1b30']],
+    'u2' : [ 0x4, ['__unnamed_1b34']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x30, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_1b4f' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1b51' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1b4f']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x30, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_1b51']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1b63' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b65' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b63']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_1b65']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1b6e' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b70' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b6e']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_1b70']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1b76' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b78' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b76']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_1b78']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1b96' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b98' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b96']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1d8, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0xd0, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0xe8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xf8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xf8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0x100, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0x148, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x150, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0x168, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0x170, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x178, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x180, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x190, ['long']],
+    'ReferenceNo' : [ 0x194, ['long']],
+    'ReferenceNoWait' : [ 0x198, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0x1a0, ['__unnamed_1b98']],
+    'TargetQueuePort' : [ 0x1a8, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x1b0, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x1b8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x1c0, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x1c4, ['unsigned long']],
+    'PendingQueueLength' : [ 0x1c8, ['unsigned long']],
+    'DirectQueueLength' : [ 0x1cc, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x1d0, ['unsigned long']],
+    'WaitQueueLength' : [ 0x1d4, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x28, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x48, ['unsigned long long']],
+    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x58, ['pointer64', ['void']]],
+    'ListSize' : [ 0x60, ['unsigned long long']],
+    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x70, ['unsigned long long']],
+    'Data' : [ 0x78, ['pointer64', ['void']]],
+    'DataSize' : [ 0x80, ['unsigned long long']],
+    'BitmapLimit' : [ 0x88, ['unsigned long']],
+    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
+    'AttributeFlags' : [ 0x94, ['unsigned long']],
+    'AttributeSize' : [ 0x98, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0xd8, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xc0, ['unsigned long']],
+    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x18, ['long']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1b30']],
+    'u2' : [ 0x4, ['__unnamed_1b34']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1bbe' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bc0' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bbe']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x108, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'u1' : [ 0x28, ['__unnamed_1bc0']],
+    'SequenceNo' : [ 0x2c, ['long']],
+    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
+    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x48, ['long']],
+    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xa8, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xb0, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xb8, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xc0, ['pointer64', ['_ETHREAD']]],
+    'WakeReference' : [ 0xc8, ['pointer64', ['void']]],
+    'ExtensionBuffer' : [ 0xd0, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0xd8, ['unsigned long long']],
+    'PortMessage' : [ 0xe0, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x40, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x28, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'TotalLength' : [ 0x34, ['unsigned short']],
+    'Type' : [ 0x36, ['unsigned short']],
+    'DataInfoOffset' : [ 0x38, ['unsigned short']],
+    'SignalCompletion' : [ 0x3a, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x3b, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x30, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ObjectType' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x40, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x38, ['_KALPC_DIRECT_EVENT']],
+} ],
+  '__unnamed_1c04' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1c06' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1c04']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_1c06']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x8, {
+    'Event' : [ 0x0, ['unsigned long long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x30, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
+    'ActivityId' : [ 0x10, ['_GUID']],
+    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x20, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x20, ['pointer64', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x28, ['long long']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x48, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x78, ['pointer64', ['void']]],
+    'Override' : [ 0x80, ['unsigned char']],
+    'QueryOnly' : [ 0x81, ['unsigned char']],
+    'DeleteOnly' : [ 0x82, ['unsigned char']],
+    'FullAttributes' : [ 0x83, ['unsigned char']],
+    'LocalFileObject' : [ 0x88, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x90, ['unsigned long']],
+    'AccessMode' : [ 0x94, ['unsigned char']],
+    'DriverCreateContext' : [ 0x98, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1ccf' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1ccf']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer64', ['unsigned short']]],
+    'LogFileName' : [ 0x40, ['pointer64', ['unsigned short']]],
+    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x110, ['unsigned long']],
+    'BuffersLost' : [ 0x114, ['unsigned long']],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x398, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'ErrorMarker' : [ 0x1c, ['unsigned long']],
+    'SizeMask' : [ 0x20, ['unsigned long']],
+    'GetCpuClock' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'FailureReason' : [ 0x3c, ['unsigned long']],
+    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x58, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x70, ['_LIST_ENTRY']],
+    'ProviderBinaryList' : [ 0x80, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x90, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x90, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x98, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0xa8, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0xb8, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xc8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xd8, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'FlushThreshold' : [ 0xe4, ['unsigned long']],
+    'ByteOffset' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xf0, ['unsigned long']],
+    'BuffersAvailable' : [ 0xf4, ['long']],
+    'NumberOfBuffers' : [ 0xf8, ['long']],
+    'MaximumBuffers' : [ 0xfc, ['unsigned long']],
+    'EventsLost' : [ 0x100, ['unsigned long']],
+    'PeakBuffersCount' : [ 0x104, ['long']],
+    'BuffersWritten' : [ 0x108, ['unsigned long']],
+    'LogBuffersLost' : [ 0x10c, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0x110, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0x114, ['unsigned long']],
+    'SequencePtr' : [ 0x118, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x120, ['unsigned long']],
+    'InstanceGuid' : [ 0x124, ['_GUID']],
+    'MaximumFileSize' : [ 0x134, ['unsigned long']],
+    'FileCounter' : [ 0x138, ['long']],
+    'PoolType' : [ 0x13c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x140, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0x150, ['long']],
+    'ProviderInfoSize' : [ 0x154, ['unsigned long']],
+    'Consumers' : [ 0x158, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x168, ['unsigned long']],
+    'TransitionConsumer' : [ 0x170, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x178, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x180, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x190, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x198, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x1a0, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x1a8, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x1b0, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1b8, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1c0, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1d0, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1d8, ['_KEVENT']],
+    'FlushEvent' : [ 0x1f0, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x208, ['_KTIMER']],
+    'LoggerDpc' : [ 0x248, ['_KDPC']],
+    'LoggerMutex' : [ 0x288, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2c8, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2c8, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2d0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x318, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x320, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x328, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x330, ['pointer64', ['void']]],
+    'BufferSequenceNumber' : [ 0x338, ['long long']],
+    'Flags' : [ 0x340, ['unsigned long']],
+    'Persistent' : [ 0x340, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x340, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x340, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x340, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x340, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x340, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x340, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x340, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x340, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x340, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x340, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x340, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x340, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x340, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x340, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'SpareFlags1' : [ 0x340, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x340, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x340, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x340, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x344, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x344, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x344, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x344, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x344, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x344, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x344, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x344, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x344, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x344, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x348, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x358, ['pointer64', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x360, ['pointer64', ['_ETW_PMC_SUPPORT']]],
+    'WinRtProviderBinaryList' : [ 0x368, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x378, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x380, ['_DISALLOWED_GUIDS']],
+    'ServerSilo' : [ 0x390, ['pointer64', ['_ESILO']]],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x28, {
+    'Source' : [ 0x0, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x10, ['unsigned long']],
+    'HookId' : [ 0x14, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x1c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x20, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0x1b0, {
+    'EtwpSecurityProviderPID' : [ 0x0, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x8, ['_ETW_GUID_ENTRY']],
+    'AuditLoggerId' : [ 0x188, ['unsigned long']],
+    'EtwPsProvRegHandle' : [ 0x190, ['unsigned long long']],
+    'EtwpSecurityLoggers' : [ 0x198, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0x1a8, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0x1a9, ['unsigned char']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x480, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc8, ['unsigned long']],
+    'TokenInUse' : [ 0xcc, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
+    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
+    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x310, ['pointer64', ['void']]],
+    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x320, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_LOWBOX_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
+    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
+    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'SessionObject' : [ 0x470, ['pointer64', ['void']]],
+    'VariablePart' : [ 0x478, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0xa8, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x30, ['pointer64', ['void']]],
+    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
+    'LowBoxHandlesTable' : [ 0x58, ['_SEP_LOWBOX_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x80, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0xa0, ['pointer64', ['_ESILO']]],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare' : [ 0x1c, ['unsigned long']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved' : [ 0x1a, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
+    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_REVOCATION_INFO' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x10, ['pointer64', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'Padding1' : [ 0x18, ['array', 4, ['unsigned char']]],
+    'Padding2' : [ 0x1c, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0x18, ['unsigned long']],
+    'HashIndex' : [ 0x1c, ['unsigned short']],
+    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
+    'LockedExclusive' : [ 0x1f, ['unsigned char']],
+    'LockStateSignature' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x160, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x138, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'SessionId' : [ 0x140, ['unsigned long']],
+    'NamespaceEntry' : [ 0x148, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x150, ['pointer64', ['void']]],
+    'Flags' : [ 0x158, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x80, {
+    'SystemDeviceMap' : [ 0x0, ['pointer64', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x8, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+} ],
+  '_DEVICE_MAP' : [ 0x40, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0x18, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x428, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x10, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
+    'ErrorCount' : [ 0x18, ['long']],
+    'RecordCount' : [ 0x1c, ['unsigned long']],
+    'RecordLength' : [ 0x20, ['unsigned long']],
+    'PoolTag' : [ 0x24, ['unsigned long']],
+    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x38, ['pointer64', ['void']]],
+    'SectionCount' : [ 0x40, ['unsigned long']],
+    'SectionLength' : [ 0x44, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
+    'TotalErrors' : [ 0x54, ['unsigned long']],
+    'Deferred' : [ 0x58, ['unsigned char']],
+    'Descriptor' : [ 0x59, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x10, ['unsigned long']],
+    'ProcessorNumber' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x1c, ['long']],
+    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'ConnectLock' : [ 0x8, ['_KEVENT']],
+    'LineMasked' : [ 0x20, ['unsigned char']],
+    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long long']],
+    'WorkQueue' : [ 0x20, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
+    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
+    'AcceptAcpiNotification' : [ 0x70, ['pointer64', ['void']]],
+    'WorkOrderCount' : [ 0x78, ['unsigned long']],
+    'WorkOrders' : [ 0x80, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x110, {
+    'DeleteSubsectionCleanup' : [ 0x0, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x18, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x30, ['unsigned long long']],
+    'DereferenceSegmentHeader' : [ 0x38, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x68, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x78, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0xb8, ['unsigned char']],
+    'DeleteOnCloseCount' : [ 0xbc, ['unsigned long']],
+    'UnusedSegmentList' : [ 0xc0, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0xd0, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0xe0, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0xf0, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x150, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x108, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x20, ['unsigned short']],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Reserved1' : [ 0x2, ['unsigned char']],
+    'Timer2Reserved2' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadSpecControl' : [ 0x1, ['unsigned char']],
+    'SpecControlIbrs' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecControlStibp' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SpecControlReserved' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x180, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long long']],
+    'Guid' : [ 0x18, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['pointer64', ['_ETW_FILTER_HEADER']]],
+    'ServerSilo' : [ 0x178, ['pointer64', ['_ESILO']]],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_HEAP_COUNTERS' : [ 0x78, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x50, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
+    'LastPolledSize' : [ 0x70, ['unsigned long long']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0x1100, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x8, ['unsigned long long']],
+    'NumberOfPhysicalPages' : [ 0x10, ['unsigned long long']],
+    'NumberOfPagingFiles' : [ 0x18, ['unsigned long']],
+    'PagingFile' : [ 0x20, ['array', 16, ['pointer64', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0xc0, ['unsigned long long']],
+    'ResidentAvailablePages' : [ 0x100, ['unsigned long long']],
+    'TotalCommittedPages' : [ 0x108, ['unsigned long long']],
+    'ModifiedPageListHead' : [ 0x140, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x180, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x1a8, ['unsigned long long']],
+    'TotalPagesForPagingFile' : [ 0x1b0, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x1b8, ['unsigned long long']],
+    'ProcessLockedFilePages' : [ 0x1c0, ['unsigned long long']],
+    'ChargeCommitmentFailures' : [ 0x1c8, ['array', 4, ['unsigned long']]],
+    'PageTableBitmapPages' : [ 0x1d8, ['unsigned long long']],
+    'PageFileTraceIndex' : [ 0x1e0, ['long']],
+    'PageFileTraces' : [ 0x1e8, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x20, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x118, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x100, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x108, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x110, ['unsigned long long']],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_MI_ACTIVE_WSLE_LISTHEAD' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x68, ['unsigned char']],
+    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0x180, {
+    'Latency' : [ 0x0, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x4, ['unsigned long']],
+    'VetoAccounting' : [ 0x8, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x30, ['unsigned char']],
+    'Platform' : [ 0x31, ['unsigned char']],
+    'DependencyListCount' : [ 0x34, ['unsigned long']],
+    'Processors' : [ 0x38, ['_KAFFINITY_EX']],
+    'Name' : [ 0xe0, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0xf0, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0xf8, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x100, ['unsigned long long']],
+    'RefCount' : [ 0x140, ['long']],
+    'CacheAlign0' : [ 0x140, ['array', 64, ['unsigned char']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x48, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x58, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'AppContainerNumber' : [ 0x30, ['unsigned long']],
+    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
+    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
+    'SecurityAttributes' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x10, {
+    'Key' : [ 0x0, ['pointer64', ['void']]],
+    'Index' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x20, ['long']],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'FloppyMedia' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['unsigned long long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Pattern' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x50, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 1, ['_GUID']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x30, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x18, ['_KEVENT']],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_CM_KEY_BODY' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KtmTrans' : [ 0x38, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x10, ['unsigned char']],
+    'BlockState' : [ 0x11, ['unsigned char']],
+    'WaitKey' : [ 0x12, ['unsigned short']],
+    'SpareLong' : [ 0x14, ['long']],
+    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
+    'Object' : [ 0x20, ['pointer64', ['void']]],
+    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+} ],
+  '__unnamed_1eb3' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_1eb5' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_1eb3']],
+    'Private' : [ 0x0, ['__unnamed_1eb5']],
+} ],
+  '_KTIMER2' : [ 0x88, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x18, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x48, ['unsigned long long']],
+    'MaximumDueTime' : [ 0x50, ['unsigned long long']],
+    'Period' : [ 0x58, ['long long']],
+    'Callback' : [ 0x60, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x68, ['pointer64', ['void']]],
+    'DisableCallback' : [ 0x70, ['pointer64', ['void']]],
+    'DisableContext' : [ 0x78, ['pointer64', ['void']]],
+    'AbsoluteSystemTime' : [ 0x80, ['unsigned char']],
+    'TypeFlags' : [ 0x81, ['unsigned char']],
+    'Plain' : [ 0x81, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x81, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x81, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x81, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NoWakeFinite' : [ 0x81, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Unused' : [ 0x81, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DirtyPages' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'Abandoned' : [ 0x30, ['unsigned char']],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x18, {
+    'DynamicRelocations' : [ 0x0, ['pointer64', ['void']]],
+    'SecurityContext' : [ 0x8, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x10, ['unsigned long long']],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 28, native_type='unsigned long long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_EJOB' : [ 0x528, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
+    'TotalProcesses' : [ 0xd4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
+    'LimitFlags' : [ 0x100, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
+    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
+    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
+    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
+    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
+    'SessionId' : [ 0x1e0, ['unsigned long']],
+    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
+    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
+    'JobTotalMemoryLimit' : [ 0x250, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x258, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x260, ['unsigned long long']],
+    'EffectiveAffinity' : [ 0x268, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x310, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x318, ['unsigned long long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x320, ['unsigned long long']],
+    'EffectiveProcessMemoryLimit' : [ 0x328, ['unsigned long long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x338, ['pointer64', ['_EJOB']]],
+    'EffectiveDiskIoRateLimitJob' : [ 0x340, ['pointer64', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x348, ['pointer64', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x350, ['pointer64', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x358, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x35c, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x360, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x364, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x368, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x36c, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x370, ['unsigned char']],
+    'PriorityClass' : [ 0x371, ['unsigned char']],
+    'NestingDepth' : [ 0x372, ['unsigned char']],
+    'Reserved1' : [ 0x373, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x374, ['unsigned long']],
+    'WakeChannel' : [ 0x378, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x378, ['_PS_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x3b0, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x3b8, ['unsigned long']],
+    'OwnedHighEdgeFilters' : [ 0x3bc, ['unsigned long']],
+    'NotificationLink' : [ 0x3c0, ['pointer64', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x3c8, ['unsigned long long']],
+    'NotificationInfo' : [ 0x3d0, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x3d8, ['pointer64', ['void']]],
+    'NotificationPacket' : [ 0x3e0, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x3e8, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x3f0, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x3f8, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x400, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x408, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x418, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x428, ['pointer64', ['_EJOB']]],
+    'RootJob' : [ 0x430, ['pointer64', ['_EJOB']]],
+    'IteratorListHead' : [ 0x438, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x448, ['unsigned long long']],
+    'Ancestors' : [ 0x450, ['pointer64', ['pointer64', ['_EJOB']]]],
+    'SessionObject' : [ 0x450, ['pointer64', ['void']]],
+    'Accounting' : [ 0x458, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x4a8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x4ac, ['unsigned long']],
+    'SequenceNumber' : [ 0x4b0, ['unsigned long']],
+    'TimerListLock' : [ 0x4b8, ['unsigned long long']],
+    'TimerListHead' : [ 0x4c0, ['_LIST_ENTRY']],
+    'ContainerId' : [ 0x4d0, ['_GUID']],
+    'Container' : [ 0x4e0, ['pointer64', ['_ESILO']]],
+    'PropertySet' : [ 0x4e8, ['_PS_PROPERTY_SET']],
+    'NetRateControl' : [ 0x500, ['pointer64', ['_JOB_NET_RATE_CONTROL']]],
+    'IoRateControl' : [ 0x508, ['pointer64', ['_JOB_IO_RATE_CONTROL']]],
+    'JobFlags' : [ 0x510, ['unsigned long']],
+    'CloseDone' : [ 0x510, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x510, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x510, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x510, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x510, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x510, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x510, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x510, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x510, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x510, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x510, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x510, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x510, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x510, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x510, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x510, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x510, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x510, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x510, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x510, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x510, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x510, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x510, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x510, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x510, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IsContainerRoot' : [ 0x510, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'SpareJobFlags' : [ 0x510, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+    'EffectiveHighEdgeFilters' : [ 0x514, ['unsigned long']],
+    'EnergyValues' : [ 0x518, ['pointer64', ['_PROCESS_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x520, ['unsigned long long']],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x418, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'ForceIdle' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ReasonFlags' : [ 0x24, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x28, ['unsigned long long']],
+    'PreviousStatus' : [ 0x30, ['long']],
+    'PreviousCancelReason' : [ 0x34, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x38, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0xe0, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x188, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x190, ['pointer64', ['void']]],
+    'IdleExecute' : [ 0x198, ['pointer64', ['void']]],
+    'IdlePreselect' : [ 0x1a0, ['pointer64', ['void']]],
+    'IdleTest' : [ 0x1a8, ['pointer64', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x1b0, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x1b8, ['pointer64', ['void']]],
+    'IdleCancel' : [ 0x1c0, ['pointer64', ['void']]],
+    'IdleIsHalted' : [ 0x1c8, ['pointer64', ['void']]],
+    'IdleInitiateWake' : [ 0x1d0, ['pointer64', ['void']]],
+    'PrepareInfo' : [ 0x1d8, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0x230, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0x2d8, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0x2e0, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0x2e8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0x2f8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0x308, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x320, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x28, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PreallocatedVetoCount' : [ 0x18, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x20, ['pointer64', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_PEB' : [ 0x388, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['void']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'SparePvoid0' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pUnused' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x98, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned short']],
+    'Flags' : [ 0x5a, ['unsigned char']],
+    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x8, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x8, ['unsigned long long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'RunningDeAllocs' : [ 0x44, ['long']],
+    'TotalBigPages' : [ 0x48, ['long']],
+    'ThreadsProcessingDeferrals' : [ 0x4c, ['long']],
+    'TotalBytes' : [ 0x50, ['unsigned long long']],
+    'PoolIndex' : [ 0x80, ['unsigned long']],
+    'TotalPages' : [ 0xc0, ['long']],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'PendingFreeDepth' : [ 0x108, ['long']],
+    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x50, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
+    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x88, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x10, ['unsigned long long']],
+    'ItemCount' : [ 0x18, ['long']],
+    'Dpc' : [ 0x20, ['_KDPC']],
+    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0x100, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
+    'ActiveCount' : [ 0x66, ['unsigned short']],
+    'InternalState' : [ 0x68, ['long']],
+    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x74, ['unsigned long']],
+    'DispatchCount' : [ 0x78, ['unsigned long']],
+    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x90, ['pointer64', ['void']]],
+    'ServiceThread' : [ 0x98, ['pointer64', ['_KTHREAD']]],
+    'ConnectionData' : [ 0xa0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0xa8, ['pointer64', ['void']]],
+    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xf0, ['pointer64', ['void']]],
+    'Padding' : [ 0xf8, ['array', 8, ['unsigned char']]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x98, {
+    'FileName' : [ 0x0, ['pointer64', ['unsigned short']]],
+    'BaseName' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+    'FilePath' : [ 0x88, ['_UNICODE_STRING']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1f90' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_1f90']],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x2d0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Node' : [ 0x2b0, ['pointer64', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x2b8, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x2bc, ['unsigned long']],
+    'ThreadCount' : [ 0x2c0, ['long']],
+    'MinThreads' : [ 0x2c4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x2c4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x2c8, ['long']],
+    'QueueIndex' : [ 0x2cc, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'ExPoolTrusted', 8: u'ExPoolMax'})]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ZeroNonCachedByConverting' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ZeroWriteCombinedByConverting' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'KvaShadow' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 23, native_type='unsigned long')]],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_IO_WORKITEM' : [ 0x58, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'WorkingOnBehalfClient' : [ 0x38, ['pointer64', ['void']]],
+    'Type' : [ 0x40, ['unsigned long']],
+    'ActivityId' : [ 0x44, ['_GUID']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'Teb' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 31, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MMWSLE_HASH' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long long']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x88, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x40, ['_KDPC']],
+    'WorkOrder' : [ 0x80, ['pointer64', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'SecureInfo' : [ 0x10, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP_EX']],
+    'InPageSupport' : [ 0x10, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x10, ['pointer64', ['_MI_LARGEPAGE_MEMORY_INFO']]],
+    'CreatingThread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x18, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MIPFNBLINK' : [ 0x8, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 62, native_type='unsigned long long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+    'Lock' : [ 0x0, ['long long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x18, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long long']],
+    'NumberOfProcessReferences' : [ 0x8, ['unsigned long long']],
+    'ClonePtes' : [ 0x10, ['pointer64', ['_MMCLONE_BLOCK']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xb8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'Lock' : [ 0x44, ['unsigned long']],
+    'Cancel' : [ 0x48, ['unsigned char']],
+    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x58, ['_GUID']],
+    'Data' : [ 0x68, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PS_WAKE_INFORMATION' : [ 0x38, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 5, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x30, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x48, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x8, {
+    'Head' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_RTL_BITMAP_EX' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0xcc0, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer64', ['_MMPFNLIST']]]],
+    'FreePageSlist' : [ 0x10, ['array', 2, ['pointer64', ['_SLIST_HEADER']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x280, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x500, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x780, ['_MMPFNLIST']],
+    'PageLocationList' : [ 0x7a8, ['array', 8, ['pointer64', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x7e8, ['array', 8, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x808, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x988, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x9a8, ['unsigned long']],
+    'LastDecayHandUpdateTime' : [ 0x9b0, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x9b8, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0xa00, ['unsigned long long']],
+    'AvailablePageWaitStates' : [ 0xa08, ['array', 2, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'LowMemoryThreshold' : [ 0xa48, ['unsigned long long']],
+    'HighMemoryThreshold' : [ 0xa50, ['unsigned long long']],
+    'TransitionPrivatePages' : [ 0xa80, ['unsigned long long']],
+    'RebuildLargePagesInitialized' : [ 0xa88, ['unsigned char']],
+    'RebuildLargePagesItem' : [ 0xa90, ['_MI_REBUILD_LARGE_PAGES']],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x128, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Delete' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'DelayedDeref' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DelayedClose' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Parking' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyHash' : [ 0x10, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x10, ['unsigned long']],
+    'NextHash' : [ 0x18, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x20, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x28, ['unsigned long']],
+    'KcbPushlock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x38, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x38, ['long']],
+    'SlotHint' : [ 0x40, ['unsigned long']],
+    'ParentKcb' : [ 0x48, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x50, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x60, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x70, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x70, ['unsigned long']],
+    'SubKeyCount' : [ 0x70, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x78, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x88, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xb0, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xb2, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xb4, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb8, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_KLOCK_ENTRY' : [ 0x60, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0x18, ['unsigned long']],
+    'EntryOffset' : [ 0x18, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0x19, ['unsigned char']],
+    'WaitingBit' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0x1a, ['unsigned char']],
+    'AcquiredBit' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0x1b, ['unsigned char']],
+    'HeadNodeBit' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'SpareFlags' : [ 0x1c, ['unsigned long']],
+    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
+    'InTreeByte' : [ 0x27, ['unsigned char']],
+    'SessionState' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+    'SessionPad' : [ 0x2c, ['unsigned long']],
+    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
+    'EntryLock' : [ 0x50, ['unsigned long long']],
+    'AllBoosts' : [ 0x58, ['unsigned short']],
+    'IoBoost' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'CpuBoostsBitmap' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x5a, ['unsigned short']],
+    'SparePad' : [ 0x5c, ['unsigned short']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 24, native_type='unsigned long long')]],
+    'LocalPartition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_206a' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x108, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_206a']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
+    'ByteCount' : [ 0x88, ['unsigned long']],
+    'ChargedPages' : [ 0x8c, ['unsigned long']],
+    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'Partition' : [ 0xc0, ['pointer64', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xd0, ['_MDL']],
+    'Page' : [ 0x100, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x38, {
+    'PeakCommitment' : [ 0x0, ['unsigned long long']],
+    'TotalCommitLimitMaximum' : [ 0x8, ['unsigned long long']],
+    'Popups' : [ 0x10, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x18, ['unsigned long long']],
+    'HighCommitThreshold' : [ 0x20, ['unsigned long long']],
+    'EventLock' : [ 0x28, ['unsigned long long']],
+    'SystemCommitReserve' : [ 0x30, ['unsigned long long']],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x28, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['unsigned long']],
+    'NonPagedFrees' : [ 0x8, ['unsigned long']],
+    'NonPagedBytes' : [ 0x10, ['unsigned long long']],
+    'PagedAllocs' : [ 0x18, ['unsigned long']],
+    'PagedFrees' : [ 0x1c, ['unsigned long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x50, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'CycleTime' : [ 0x10, ['unsigned long long']],
+    'ContextSwitches' : [ 0x18, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x20, ['long long']],
+    'WriteOperationCount' : [ 0x28, ['long long']],
+    'OtherOperationCount' : [ 0x30, ['long long']],
+    'ReadTransferCount' : [ 0x38, ['long long']],
+    'WriteTransferCount' : [ 0x40, ['long long']],
+    'OtherTransferCount' : [ 0x48, ['long long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x1d0, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x28, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x30, ['unsigned char']],
+    'PepWokenTransition' : [ 0x31, ['unsigned char']],
+    'Class' : [ 0x32, ['unsigned char']],
+    'TargetIdleState' : [ 0x34, ['unsigned long']],
+    'IdlePolicy' : [ 0x38, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x40, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x48, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xdc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xe0, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0xe8, ['long']],
+    'FFHThrottleStateInfo' : [ 0xf0, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x110, ['_KDPC']],
+    'PerfActionMask' : [ 0x150, ['long']],
+    'HvIdleCheck' : [ 0x158, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x168, ['pointer64', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x170, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x178, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x180, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x188, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x190, ['pointer64', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x198, ['unsigned char']],
+    'HvTargetState' : [ 0x199, ['unsigned char']],
+    'Parked' : [ 0x19a, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x19c, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x1a0, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x1a4, ['unsigned long']],
+    'RelativePerformance' : [ 0x1a8, ['unsigned long']],
+    'Utility' : [ 0x1ac, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x1b0, ['unsigned long']],
+    'SnapTimeLast' : [ 0x1b8, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x1b8, ['unsigned long long']],
+    'ActiveTime' : [ 0x1c0, ['unsigned long long']],
+    'TotalTime' : [ 0x1c8, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMPFNENTRY' : [ 0x2, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Priority' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0x40, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_SEGMENT_OBJECT' : [ 0x40, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['_LARGE_INTEGER']],
+    'NonExtendedPtes' : [ 0x18, ['unsigned long']],
+    'ImageCommitment' : [ 0x1c, ['unsigned long']],
+    'ControlArea' : [ 0x20, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x28, ['pointer64', ['_SUBSECTION']]],
+    'MmSectionFlags' : [ 0x30, ['pointer64', ['_MMSECTION_FLAGS']]],
+    'MmSubSectionFlags' : [ 0x38, ['pointer64', ['_MMSUBSECTION_FLAGS']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x20, {
+    'CompletionRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'RequestorMode' : [ 0x18, ['unsigned char']],
+    'NestingLevel' : [ 0x1c, ['unsigned long']],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_CMHIVE' : [ 0x17a8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0xa68, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0xa98, ['_LIST_ENTRY']],
+    'HiveList' : [ 0xaa8, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0xab8, ['_LIST_ENTRY']],
+    'FailedUnloadList' : [ 0xac8, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0xad8, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0xae0, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0xaf0, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0xaf8, ['unsigned long']],
+    'DeletedKcbTable' : [ 0xb00, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0xb08, ['unsigned long']],
+    'Identity' : [ 0xb0c, ['unsigned long']],
+    'HiveLock' : [ 0xb10, ['pointer64', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0xb18, ['pointer64', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0xb20, ['pointer64', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0xb28, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0xb38, ['unsigned long']],
+    'FlushLogEntry' : [ 0xb40, ['pointer64', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0xb48, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0xb4c, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0xb50, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0xb58, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0xb68, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0xb70, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0xb78, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0xb80, ['pointer64', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0xb88, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0xb90, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0xb94, ['unsigned long']],
+    'ActualFileSize' : [ 0xb98, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0xba0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0xbb0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0xbc0, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0xbd0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0xbe0, ['unsigned long']],
+    'SecurityCacheSize' : [ 0xbe4, ['unsigned long']],
+    'SecurityHitHint' : [ 0xbe8, ['long']],
+    'SecurityCache' : [ 0xbf0, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0xbf8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xff8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x1000, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0x1008, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x1010, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x1018, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x1020, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0x1048, ['unsigned char']],
+    'GrowOffset' : [ 0x104c, ['unsigned long']],
+    'KcbConvertListHead' : [ 0x1050, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0x1060, ['pointer64', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0x1068, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x14f0, ['unsigned long']],
+    'TrustClassEntry' : [ 0x14f8, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x1508, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x1510, ['unsigned long long']],
+    'CmRm' : [ 0x1518, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x1520, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x1524, ['long']],
+    'CreatorOwner' : [ 0x1528, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0x1530, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x1538, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x1540, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x1558, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x1570, ['unsigned long']],
+    'FlushActive' : [ 0x1570, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0x1570, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0x1570, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x1570, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x1574, ['unsigned long']],
+    'ReferenceCount' : [ 0x1578, ['long']],
+    'UnloadHistoryIndex' : [ 0x157c, ['long']],
+    'UnloadHistory' : [ 0x1580, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0x1780, ['unsigned long']],
+    'UnaccessedStart' : [ 0x1784, ['unsigned long']],
+    'UnaccessedEnd' : [ 0x1788, ['unsigned long']],
+    'LoadedKeyCount' : [ 0x178c, ['unsigned long']],
+    'HandleClosePending' : [ 0x1790, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0x1798, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0x17a0, ['unsigned char']],
+    'FailedUnload' : [ 0x17a1, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
+    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
+    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
+    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
+    'AvailableHistory' : [ 0x30, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'ForceCredits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x18, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x400, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x20, ['unsigned char']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xa8, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+} ],
+  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
+    'CurrentSize' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'Epoch' : [ 0x8, ['unsigned long']],
+    'Overflow' : [ 0xc, ['unsigned char']],
+    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x100, {
+    'DriverInit' : [ 0x0, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x8, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x10, ['pointer64', ['void']]],
+    'AddDevice' : [ 0x18, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x20, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x18, {
+    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x10, ['unsigned long']],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x10, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x88, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
+    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
+    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsFlags' : [ 0x50, ['unsigned long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_ETIMER' : [ 0x138, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x40, ['unsigned long long']],
+    'TimerApc' : [ 0x48, ['_KAPC']],
+    'TimerDpc' : [ 0xa0, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Period' : [ 0xf0, ['unsigned long']],
+    'TimerFlags' : [ 0xf4, ['unsigned char']],
+    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0xf5, ['unsigned char']],
+    'Spare2' : [ 0xf6, ['unsigned short']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x128, ['unsigned long long']],
+    'CoalescingWindow' : [ 0x130, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x90, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'Count' : [ 0x28, ['unsigned long long']],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'StackTrace' : [ 0x40, ['array', 8, ['pointer64', ['void']]]],
+    'Who' : [ 0x80, ['unsigned long']],
+    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_POOL_BLOCK_HEAD' : [ 0x20, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'List' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_EXHANDLE' : [ 0x8, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_214c' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_214c']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x150, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['unsigned short']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x120, ['unsigned char']],
+    'TransactionEvent' : [ 0x128, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x130, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x138, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x140, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x148, ['pointer64', ['void']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x1bc0, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x100, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x380, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x430, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x4c0, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x520, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x600, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x8c0, ['_MI_COMBINE_STATE']],
+    'Partitions' : [ 0xa60, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0xab8, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0xb38, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0xc00, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0xc80, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0xdc0, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0xe80, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x1000, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x1060, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x10b0, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x1140, ['_MI_SYSTEM_TRIM_STATE']],
+    'ResTrack' : [ 0x1180, ['_MI_RESAVAIL_TRACKER']],
+    'Cookie' : [ 0x1540, ['unsigned long long']],
+    'ZeroingDisabled' : [ 0x1548, ['long']],
+    'BootRegistryRuns' : [ 0x1550, ['pointer64', ['pointer64', ['void']]]],
+    'FullyInitialized' : [ 0x1558, ['unsigned char']],
+    'SafeBooted' : [ 0x1559, ['unsigned char']],
+    'LargePfnBitMap' : [ 0x1560, ['_RTL_BITMAP_EX']],
+    'TraceLogging' : [ 0x1570, ['pointer64', ['_TlgProvider_t']]],
+    'Vs' : [ 0x1580, ['_MI_VISIBLE_STATE']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0x18, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x8, ['_PPM_SELECTION_MENU']],
+} ],
+  '__unnamed_21c6' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_21c8' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_21c6']],
+} ],
+  '__unnamed_21ca' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_21c8']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_21ca']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0x640, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x50, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x68, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0xa0, ['unsigned long long']],
+    'SizeOfPagedPoolInPages' : [ 0xa8, ['unsigned long long']],
+    'SystemPteInfo' : [ 0xb0, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0x110, ['unsigned long long']],
+    'BootCommit' : [ 0x118, ['unsigned long long']],
+    'MdlPagesAllocated' : [ 0x120, ['unsigned long long']],
+    'SystemPageTableCommit' : [ 0x128, ['unsigned long long']],
+    'SpecialPagesInUse' : [ 0x130, ['unsigned long long']],
+    'WsOverheadPages' : [ 0x138, ['unsigned long long']],
+    'VadBitmapPages' : [ 0x140, ['unsigned long long']],
+    'ProcessCommit' : [ 0x148, ['unsigned long long']],
+    'SharedCommit' : [ 0x150, ['unsigned long long']],
+    'DriverCommit' : [ 0x158, ['long']],
+    'SystemWs' : [ 0x180, ['array', 3, ['_MMSUPPORT']]],
+    'MapCacheFailures' : [ 0x480, ['unsigned long']],
+    'LastUnloadedDriver' : [ 0x484, ['unsigned long']],
+    'UnloadedDrivers' : [ 0x488, ['pointer64', ['_UNLOADED_DRIVERS']]],
+    'PagefileHashPages' : [ 0x490, ['unsigned long long']],
+    'PteHeader' : [ 0x498, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x5b0, ['pointer64', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x5b8, ['array', 14, ['unsigned long long']]],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_HMAP_TABLE' : [ 0x5000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '_SEP_LOWBOX_HANDLES_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'HandleCount' : [ 0x28, ['unsigned long']],
+    'Handles' : [ 0x30, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x58, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'ProcCap' : [ 0x10, ['unsigned long']],
+    'ProcFloor' : [ 0x14, ['unsigned long']],
+    'PlatformCap' : [ 0x18, ['unsigned long']],
+    'ThermalCap' : [ 0x1c, ['unsigned long']],
+    'LimitReasons' : [ 0x20, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x28, ['unsigned long long']],
+    'TargetPercent' : [ 0x30, ['unsigned long']],
+    'SelectedPercent' : [ 0x34, ['unsigned long']],
+    'SelectedFrequency' : [ 0x38, ['unsigned long']],
+    'PreviousFrequency' : [ 0x3c, ['unsigned long']],
+    'PreviousPercent' : [ 0x40, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x44, ['unsigned long']],
+    'SelectedState' : [ 0x48, ['unsigned long long']],
+    'Force' : [ 0x50, ['unsigned char']],
+} ],
+  '__unnamed_21e8' : [ 0x20, {
+    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
+    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
+    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_21eb' : [ 0x10, {
+    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0xf8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x30, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x78, ['_KDPC']],
+    'MinorFunction' : [ 0xb8, ['unsigned char']],
+    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0xc0, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
+    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0xd0, ['unsigned char']],
+    'NotifyPEP' : [ 0xd1, ['unsigned char']],
+    'Device' : [ 0xd8, ['__unnamed_21e8']],
+    'System' : [ 0xd8, ['__unnamed_21eb']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xa8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'ProbeRaises' : [ 0x38, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x74, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x7c, ['array', 2, ['unsigned long']]],
+    'WsLinear' : [ 0x84, ['unsigned long']],
+    'PageHashErrors' : [ 0x88, ['unsigned long']],
+    'CheckZeroCount' : [ 0x8c, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x90, ['long']],
+    'BadPagesDetected' : [ 0x94, ['long']],
+    'ScrubPasses' : [ 0x98, ['long']],
+    'ScrubBadPagesFound' : [ 0x9c, ['long']],
+    'PendingBadPages' : [ 0xa0, ['unsigned char']],
+    'InitFailure' : [ 0xa1, ['unsigned char']],
+    'StopBadMaps' : [ 0xa2, ['unsigned char']],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_MI_USER_VA_INFO' : [ 0x108, {
+    'NumberOfCommittedPageTables' : [ 0x0, ['unsigned long']],
+    'VadBitMapHint' : [ 0x4, ['unsigned long']],
+    'LastAllocationSizeHint' : [ 0x8, ['unsigned long']],
+    'LastAllocationSize' : [ 0xc, ['unsigned long']],
+    'LowestBottomUpVadBit' : [ 0x10, ['unsigned long']],
+    'VadBitMapSize' : [ 0x14, ['unsigned long']],
+    'VadBitMapCommitment' : [ 0x18, ['unsigned long']],
+    'MaximumLastVadBit' : [ 0x1c, ['unsigned long']],
+    'VadsBeingDeleted' : [ 0x20, ['long']],
+    'PhysicalMappingCount' : [ 0x28, ['unsigned long long']],
+    'LastVadDeletionEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'VadBitBuffer' : [ 0x38, ['pointer64', ['unsigned long']]],
+    'LowestBottomUpAllocationAddress' : [ 0x40, ['pointer64', ['void']]],
+    'HighestTopDownAllocationAddress' : [ 0x48, ['pointer64', ['void']]],
+    'FreeTebHint' : [ 0x50, ['pointer64', ['void']]],
+    'NumaAware' : [ 0x58, ['unsigned char']],
+    'SpareFlags' : [ 0x59, ['array', 2, ['unsigned char']]],
+    'CheckingShadow' : [ 0x5b, ['unsigned char']],
+    'CloneNestingLevel' : [ 0x60, ['unsigned long long']],
+    'PrivateFixupVadCount' : [ 0x68, ['unsigned long long']],
+    'CfgBitMap' : [ 0x70, ['array', 2, ['_MI_CFG_BITMAP_INFO']]],
+    'CommittedPageTableBufferForTopLevel' : [ 0xa0, ['array', 8, ['unsigned long']]],
+    'CommittedPageTableBitmaps' : [ 0xc0, ['array', 3, ['_RTL_BITMAP']]],
+    'PageTableBitmapPages' : [ 0xf0, ['array', 3, ['unsigned long']]],
+    'FreeUmsTebHint' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_PROC_FEEDBACK' : [ 0x90, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
+    'UnscaledTime' : [ 0x30, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x38, ['long long']],
+    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
+    'UserTimeLast' : [ 0x60, ['unsigned long']],
+    'KernelTimeLast' : [ 0x64, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x68, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x70, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x78, ['unsigned long long']],
+    'StallTime' : [ 0x80, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x88, ['unsigned char']],
+} ],
+  '__unnamed_2203' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2207' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2209' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_220b' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_220d' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_220f' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2211' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2213' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2215' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2217' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2219' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_221b' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_2203']],
+    'Memory' : [ 0x0, ['__unnamed_2203']],
+    'Interrupt' : [ 0x0, ['__unnamed_2207']],
+    'Dma' : [ 0x0, ['__unnamed_2209']],
+    'DmaV3' : [ 0x0, ['__unnamed_220b']],
+    'Generic' : [ 0x0, ['__unnamed_2203']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_220d']],
+    'BusNumber' : [ 0x0, ['__unnamed_220f']],
+    'ConfigData' : [ 0x0, ['__unnamed_2211']],
+    'Memory40' : [ 0x0, ['__unnamed_2213']],
+    'Memory48' : [ 0x0, ['__unnamed_2215']],
+    'Memory64' : [ 0x0, ['__unnamed_2217']],
+    'Connection' : [ 0x0, ['__unnamed_2219']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_221b']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x338, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+    'State' : [ 0x40, ['unsigned char']],
+    'Flags' : [ 0x41, ['unsigned char']],
+    'Removing' : [ 0x42, ['unsigned char']],
+    'Mode' : [ 0x43, ['unsigned char']],
+    'PendingMode' : [ 0x44, ['unsigned char']],
+    'ActivePoint' : [ 0x45, ['unsigned char']],
+    'PendingActivePoint' : [ 0x46, ['unsigned char']],
+    'Critical' : [ 0x47, ['unsigned char']],
+    'ThermalStandby' : [ 0x48, ['unsigned char']],
+    'OverThrottled' : [ 0x49, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x4c, ['long']],
+    'Throttle' : [ 0x50, ['long']],
+    'PendingThrottle' : [ 0x54, ['long']],
+    'ThrottleReasons' : [ 0x58, ['unsigned long']],
+    'LastTime' : [ 0x60, ['unsigned long long']],
+    'SampleRate' : [ 0x68, ['unsigned long']],
+    'LastTemp' : [ 0x6c, ['unsigned long']],
+    'PassiveTimer' : [ 0x70, ['_KTIMER']],
+    'PassiveDpc' : [ 0xb0, ['_KDPC']],
+    'Info' : [ 0xf0, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0x148, ['_LARGE_INTEGER']],
+    'Policy' : [ 0x150, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0x168, ['unsigned char']],
+    'LastActiveStartTime' : [ 0x170, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x178, ['unsigned long long']],
+    'WorkItem' : [ 0x180, ['_WORK_QUEUE_ITEM']],
+    'Lock' : [ 0x1a0, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x1b0, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x1c8, ['_KEVENT']],
+    'InstanceId' : [ 0x1e0, ['unsigned long']],
+    'TelemetryTracker' : [ 0x1e8, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_REBUILD_LARGE_PAGES' : [ 0x228, {
+    'Active' : [ 0x0, ['long']],
+    'Timer' : [ 0x4, ['array', 64, ['array', 4, ['_MI_REBUILD_LARGE_PAGE_COUNTDOWN']]]],
+    'WorkItem' : [ 0x208, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_HHIVE' : [ 0xa68, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x28, ['pointer64', ['void']]],
+    'FileRead' : [ 0x30, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x38, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x40, ['pointer64', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x48, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x58, ['unsigned long']],
+    'DirtyAlloc' : [ 0x5c, ['unsigned long']],
+    'UnreconciledVector' : [ 0x60, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x70, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x74, ['unsigned long']],
+    'Cluster' : [ 0x78, ['unsigned long']],
+    'Flat' : [ 0x7c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x7c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SystemCacheBacked' : [ 0x7c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x7c, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x7d, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x80, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x84, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x88, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x8c, ['unsigned long']],
+    'HiveFlags' : [ 0x90, ['unsigned long']],
+    'CurrentLog' : [ 0x94, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x98, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x9c, ['unsigned long']],
+    'CurrentLogOffset' : [ 0xa0, ['unsigned long']],
+    'MinimumLogSequence' : [ 0xa4, ['unsigned long']],
+    'LogFileSizeCap' : [ 0xa8, ['unsigned long']],
+    'LogDataPresent' : [ 0xac, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0xae, ['unsigned char']],
+    'BaseBlockDirty' : [ 0xaf, ['unsigned char']],
+    'LastLogSwapTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0xb8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0xb8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0xb8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0xb8, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0xba, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0xbc, ['unsigned long']],
+    'StorageTypeCount' : [ 0xc0, ['unsigned long']],
+    'Version' : [ 0xc4, ['unsigned long']],
+    'ViewMap' : [ 0xc8, ['_HVIEW_MAP']],
+    'Storage' : [ 0x578, ['array', 2, ['_DUAL']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x48, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkFilter' : [ 0x28, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'EventIdFilter' : [ 0x30, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x38, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x40, ['pointer64', ['_EVENT_FILTER_HEADER']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_CM_TRANS' : [ 0xa8, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KtmTrans' : [ 0x30, ['pointer64', ['void']]],
+    'CmRm' : [ 0x38, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x40, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x48, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x50, ['_GUID']],
+    'StartLsn' : [ 0x60, ['unsigned long long']],
+    'TransState' : [ 0x68, ['unsigned long']],
+    'HiveCount' : [ 0x6c, ['unsigned long']],
+    'HiveArray' : [ 0x70, ['array', 7, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x150, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 20, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb0, ['array', 20, ['unsigned long long']]],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_HVIEW_MAP' : [ 0x4b0, {
+    'MappedLength' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Directory' : [ 0x18, ['pointer64', ['_HVIEW_MAP_DIRECTORY']]],
+    'PagesCharged' : [ 0x20, ['unsigned long']],
+    'PinLog' : [ 0x28, ['_HVIEW_MAP_PIN_LOG']],
+} ],
+  '_POOL_HACKER' : [ 0x30, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'Contents' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_HVIEW_MAP_DIRECTORY' : [ 0x400, {
+    'Tables' : [ 0x0, ['array', 128, ['pointer64', ['_HVIEW_MAP_TABLE']]]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '__unnamed_2296' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2298' : [ 0x20, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_2296']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x38, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'u1' : [ 0x10, ['__unnamed_2298']],
+    'VerifiedData' : [ 0x30, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '__unnamed_22a1' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22a3' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22a5' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22a7' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_22a9' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_22ab' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22ad' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_22af' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_22b1' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_22b3' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_22a1']],
+    'TargetDevice' : [ 0x0, ['__unnamed_22a3']],
+    'InstallDevice' : [ 0x0, ['__unnamed_22a3']],
+    'CustomNotification' : [ 0x0, ['__unnamed_22a5']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_22a7']],
+    'PowerNotification' : [ 0x0, ['__unnamed_22a9']],
+    'VetoNotification' : [ 0x0, ['__unnamed_22ab']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_22ad']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_22af']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_22b1']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_22a3']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_22a3']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_22b3']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x58, {
+    'Context' : [ 0x0, ['pointer64', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x4c, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x50, ['unsigned long']],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '__unnamed_22d0' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_22d0']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x8, ['unsigned long long']],
+    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0xb8, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NodeGraph' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x10, ['pointer64', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaLastRangeIndex' : [ 0x18, ['unsigned long']],
+    'NumaMemoryRanges' : [ 0x20, ['pointer64', ['_HAL_NODE_RANGE']]],
+    'NumaTableCaptured' : [ 0x28, ['unsigned char']],
+    'NodeShift' : [ 0x29, ['unsigned char']],
+    'ChannelMemoryRanges' : [ 0x30, ['pointer64', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'ChannelShift' : [ 0x38, ['unsigned char']],
+    'SecondLevelCacheSize' : [ 0x3c, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x40, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x44, ['unsigned long']],
+    'WriteCombiningPtes' : [ 0x48, ['unsigned char']],
+    'AllMainMemoryMustBeCached' : [ 0x49, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x50, ['unsigned long long']],
+    'SecondaryColorMask' : [ 0x58, ['unsigned long']],
+    'SecondaryColors' : [ 0x5c, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x60, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x64, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x68, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x6c, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x70, ['unsigned long long']],
+    'AttributeChangeRequiresReZero' : [ 0x78, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x80, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'PrimaryPfns' : [ 0xa0, ['unsigned long long']],
+    'HighestPossiblePhysicalPage' : [ 0xa8, ['unsigned long long']],
+    'GlobalBitPolarity' : [ 0xb0, ['array', 2, ['unsigned char']]],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
+} ],
+  '__unnamed_2316' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_2318' : [ 0x4, {
+    'NumberOfChildViews' : [ 0x0, ['unsigned long']],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'FileExtents' : [ 0x18, ['pointer64', ['_MI_FILE_EXTENTS']]],
+    'GlobalPerSessionHead' : [ 0x18, ['_RTL_AVL_TREE']],
+    'SessionDriverProtos' : [ 0x18, ['pointer64', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x20, ['__unnamed_2316']],
+    'StartingSector' : [ 0x24, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x28, ['unsigned long']],
+    'PtesInSubsection' : [ 0x2c, ['unsigned long']],
+    'u1' : [ 0x30, ['__unnamed_2318']],
+    'UnusedPtes' : [ 0x34, ['unsigned long']],
+    'AlignmentNoAccessPtes' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_231d' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_231d']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5b0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xe0, ['_CONTEXT']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x10, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x2c0, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long long']],
+    'AvailableSystemCacheVa' : [ 0x8, ['unsigned long long']],
+    'DynamicBitMapSystemPtes' : [ 0x10, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapDriverImages' : [ 0x60, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapPagedPool' : [ 0x100, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSpecialPool' : [ 0x150, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSystemCache' : [ 0x1a0, ['_MI_DYNAMIC_BITMAP']],
+    'VaRegionShadowed' : [ 0x1f0, ['array', 8, ['unsigned long']]],
+    'WorkingSetListHashStart' : [ 0x210, ['pointer64', ['_MMWSLE_HASH']]],
+    'WorkingSetListHashEnd' : [ 0x218, ['pointer64', ['_MMWSLE_HASH']]],
+    'WorkingSetListIndirectHashStart' : [ 0x220, ['pointer64', ['_MMWSLE_NONDIRECT_HASH']]],
+    'FreeSystemCacheVa' : [ 0x228, ['_KEVENT']],
+    'SystemVaLock' : [ 0x240, ['unsigned long long']],
+    'DeleteKvaLock' : [ 0x248, ['long']],
+    'FreeSystemCache' : [ 0x250, ['_MI_PTE_CHAIN_HEAD']],
+    'SystemCacheViewLock' : [ 0x268, ['unsigned long long']],
+    'UnusableWsles' : [ 0x270, ['array', 5, ['unsigned long long']]],
+    'PossibleWsles' : [ 0x298, ['array', 5, ['unsigned long long']]],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
+    'DirtyPages' : [ 0x0, ['unsigned long long']],
+    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
+    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x118, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x10, ['unsigned long']],
+    'InDebugger' : [ 0x14, ['long']],
+    'Pfns' : [ 0x18, ['array', 32, ['pointer64', ['void']]]],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x60, {
+    'ColorSeed' : [ 0x0, ['unsigned long']],
+    'CloneDereferenceEvent' : [ 0x8, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x20, ['_SLIST_HEADER']],
+    'SystemDllBase' : [ 0x30, ['pointer64', ['void']]],
+    'RotatingUniprocessorNumber' : [ 0x38, ['long']],
+    'CriticalSectionTimeout' : [ 0x40, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x48, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMWSLENTRY' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'HighActiveFlink' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'HighActiveBlink' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_COUNTDOWN' : [ 0x2, {
+    'SecondsLeft' : [ 0x0, ['unsigned char']],
+    'SecondsAssigned' : [ 0x1, ['unsigned char']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['unsigned long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
+    'NodeTargetCount' : [ 0x38, ['long']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_PEB32' : [ 0x250, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'SparePvoid0' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['unsigned long']],
+    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
+    'FlsBitmap' : [ 0x218, ['unsigned long']],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pUnused' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x10, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_MI_SESSION_STATE' : [ 0x88, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'CodePageEdited' : [ 0x20, ['unsigned char']],
+    'DynamicVaBitBuffer' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'DynamicVaBitBufferPages' : [ 0x30, ['unsigned long long']],
+    'DynamicPoolBitBuffer' : [ 0x38, ['pointer64', ['unsigned long']]],
+    'DynamicVaStart' : [ 0x40, ['pointer64', ['void']]],
+    'DynamicPtesBitBuffer' : [ 0x48, ['pointer64', ['unsigned long']]],
+    'IdLock' : [ 0x50, ['_EX_PUSH_LOCK']],
+    'DetachTimeStamp' : [ 0x58, ['unsigned long']],
+    'LeaderProcess' : [ 0x60, ['pointer64', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x70, ['pointer64', ['_MMWSL']]],
+    'WsHashStart' : [ 0x78, ['pointer64', ['_MMWSLE_HASH']]],
+    'WsHashEnd' : [ 0x80, ['pointer64', ['_MMWSLE_HASH']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '_MMSESSION' : [ 0x20, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x8, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x10, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x18, ['unsigned long']],
+    'BitmapFailures' : [ 0x1c, ['unsigned long']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x8, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_23a1' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0x168, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_23a1']],
+    'ReferenceCount' : [ 0x8, ['unsigned long long']],
+    'ParentPartition' : [ 0x10, ['pointer64', ['_MI_PARTITION']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeInformation' : [ 0x28, ['pointer64', ['_MI_NODE_INFORMATION']]],
+    'MdlPhysicalMemoryBlock' : [ 0x30, ['pointer64', ['_MDL']]],
+    'MemoryNodeRuns' : [ 0x38, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'Stats' : [ 0x40, ['_MI_PARTITION_STATISTICS']],
+    'MemoryRuns' : [ 0x90, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x98, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0xb0, ['array', 5, ['pointer64', ['void']]]],
+    'PartitionObject' : [ 0xd8, ['pointer64', ['void']]],
+    'PartitionObjectHandle' : [ 0xe0, ['pointer64', ['void']]],
+    'DynamicMemoryPushLock' : [ 0xe8, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0xf0, ['long']],
+    'TemporaryMemoryEvent' : [ 0xf8, ['_KEVENT']],
+    'MemoryEvents' : [ 0x110, ['array', 11, ['pointer64', ['_KEVENT']]]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x2a0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x60, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0xc0, ['unsigned long long']],
+    'NumberOfMappedMdlsInUse' : [ 0xc8, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0xcc, ['unsigned long']],
+    'MappedFileHeader' : [ 0xd0, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0xf8, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0xf9, ['unsigned char']],
+    'TransitionInserted' : [ 0xfa, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0xfc, ['long']],
+    'LastMappedWriteError' : [ 0x100, ['long']],
+    'MappedFileWriteSucceeded' : [ 0x104, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0x108, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0x10c, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0x110, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0x128, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0x130, ['unsigned long long']],
+    'ModifiedPageWriterEvent' : [ 0x138, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0x150, ['long']],
+    'WriteAllMappedPages' : [ 0x154, ['long']],
+    'MappedPageWriterEvent' : [ 0x158, ['_KEVENT']],
+    'ModWriteData' : [ 0x170, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x1b0, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x1c8, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x1f0, ['pointer64', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x1f8, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x200, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x220, ['unsigned long']],
+    'ClusterWritesDisabled' : [ 0x224, ['array', 2, ['long']]],
+    'DelayMappedWrite' : [ 0x22c, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x230, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x238, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x240, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x260, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x268, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x288, ['long']],
+    'WorkingSetSwapLock' : [ 0x290, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x298, ['long']],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_KPRIQUEUE' : [ 0x2b0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x298, ['unsigned long']],
+    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_23bf' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x538, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long long']]],
+    'LargePages' : [ 0x10, ['array', 2, ['array', 2, ['array', 4, ['_LIST_ENTRY']]]]],
+    'LargePagesCount' : [ 0x110, ['array', 2, ['array', 2, ['array', 4, ['unsigned long long']]]]],
+    'StandbyPageList' : [ 0x190, ['array', 4, ['array', 8, ['_MMPFNLIST_SHORT']]]],
+    'FreeCount' : [ 0x490, ['array', 2, ['unsigned long long']]],
+    'TotalPages' : [ 0x4a0, ['array', 4, ['unsigned long long']]],
+    'TotalPagesEntireNode' : [ 0x4c0, ['unsigned long long']],
+    'MmShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'Color' : [ 0x4cc, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x4d0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'Flags' : [ 0x510, ['__unnamed_23bf']],
+    'NodeLock' : [ 0x518, ['_EX_PUSH_LOCK']],
+    'ChannelStatus' : [ 0x520, ['unsigned char']],
+    'ChannelOrdering' : [ 0x521, ['array', 4, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x525, ['array', 4, ['unsigned char']]],
+    'PowerAttribute' : [ 0x529, ['array', 4, ['unsigned char']]],
+    'LargePageLock' : [ 0x530, ['unsigned long long']],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_WAITING_IRP' : [ 0x38, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'Information' : [ 0x30, ['unsigned long']],
+    'BreakAllRH' : [ 0x34, ['unsigned char']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x8, ['pointer64', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x240, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'SchedulingGroupList' : [ 0x28, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x28, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x38, ['pointer64', ['_KDPC']]],
+    'ChildList' : [ 0x40, ['_LIST_ENTRY']],
+    'Parent' : [ 0x50, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
+    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x28, ['unsigned char']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+} ],
+  '_MI_SECTION_STATE' : [ 0x280, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'SectionObjectPointersLock' : [ 0x40, ['long']],
+    'SectionExtendLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'SectionExtendSetLock' : [ 0x50, ['_EX_PUSH_LOCK']],
+    'SectionBasedRoot' : [ 0x58, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x60, ['_EX_PUSH_LOCK']],
+    'UnusedSubsectionPagedPool' : [ 0x68, ['unsigned long long']],
+    'UnusedSegmentForceFree' : [ 0x70, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x74, ['unsigned long']],
+    'HighSectionBase' : [ 0x78, ['pointer64', ['void']]],
+    'PhysicalSubsection' : [ 0x80, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0xf0, ['_CONTROL_AREA']],
+    'PageFileSectionHead' : [ 0x168, ['_RTL_AVL_TREE']],
+    'PageFileSectionListSpinLock' : [ 0x170, ['long']],
+    'SharedSegmentCharges' : [ 0x178, ['_MI_CROSS_PARTITION_CHARGES']],
+    'SharedPageCombineCharges' : [ 0x1a0, ['_MI_CROSS_PARTITION_CHARGES']],
+    'ImageBias' : [ 0x1c8, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0x1d0, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0x1d8, ['_RTL_BITMAP']],
+    'ImageBias64Low' : [ 0x1e8, ['unsigned long']],
+    'ImageBias64High' : [ 0x1ec, ['unsigned long']],
+    'ImageBitMap64Low' : [ 0x1f0, ['_RTL_BITMAP']],
+    'ImageBitMap64High' : [ 0x200, ['_RTL_BITMAP']],
+    'ImageBitMapWow64Dll' : [ 0x210, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0x220, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x228, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0x230, ['unsigned long long']],
+    'LostDataFiles' : [ 0x238, ['unsigned long']],
+    'LostDataPages' : [ 0x23c, ['unsigned long']],
+    'ImageFailureReason' : [ 0x240, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x248, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x250, ['pointer64', ['_CONTROL_AREA']]],
+    'CfgBitMapSection64' : [ 0x258, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea64' : [ 0x260, ['pointer64', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x268, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x26c, ['long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_23f7' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23f9' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_23fb' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_23fd' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_23fb']],
+    'Translated' : [ 0x0, ['__unnamed_23f9']],
+} ],
+  '__unnamed_23ff' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2401' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_2403' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2405' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2407' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2409' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_240b' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_240d' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_23f7']],
+    'Port' : [ 0x0, ['__unnamed_23f7']],
+    'Interrupt' : [ 0x0, ['__unnamed_23f9']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_23fd']],
+    'Memory' : [ 0x0, ['__unnamed_23f7']],
+    'Dma' : [ 0x0, ['__unnamed_23ff']],
+    'DmaV3' : [ 0x0, ['__unnamed_2401']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_220d']],
+    'BusNumber' : [ 0x0, ['__unnamed_2403']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_2405']],
+    'Memory40' : [ 0x0, ['__unnamed_2407']],
+    'Memory48' : [ 0x0, ['__unnamed_2409']],
+    'Memory64' : [ 0x0, ['__unnamed_240b']],
+    'Connection' : [ 0x0, ['__unnamed_2219']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_240d']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2415' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_2415']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
+    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
+    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'SizeOfTable' : [ 0x14, ['unsigned long']],
+} ],
+  '_UNLOADED_DRIVERS' : [ 0x28, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'StartAddress' : [ 0x10, ['pointer64', ['void']]],
+    'EndAddress' : [ 0x18, ['pointer64', ['void']]],
+    'CurrentTime' : [ 0x20, ['_LARGE_INTEGER']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x38, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'FirstPteForPagedPool' : [ 0x18, ['pointer64', ['_MMPTE']]],
+    'MaximumSize' : [ 0x20, ['unsigned long long']],
+    'PagedPoolHint' : [ 0x28, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x30, ['unsigned long long']],
+} ],
+  '__unnamed_2429' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x8, ['__unnamed_2429']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x18, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0x10, ['pointer64', ['unsigned long']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0x188, {
+    'Partition' : [ 0x0, ['pointer64', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0x18, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x40, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x48, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x58, ['unsigned long long']],
+    'CombinePageListHeads' : [ 0x60, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0x160, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_DEVICE' : [ 0x278, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DevNode' : [ 0x30, ['pointer64', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x50, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x58, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x68, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x70, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0xa8, ['pointer64', ['void']]],
+    'AcpiLink' : [ 0xb0, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0xc0, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0xd0, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0xf0, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x110, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0x148, ['unsigned long long']],
+    'IdleTimer' : [ 0x150, ['_KTIMER']],
+    'IdleDpc' : [ 0x190, ['_KDPC']],
+    'IdleTimeout' : [ 0x1d0, ['unsigned long long']],
+    'IdleStamp' : [ 0x1d8, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x1e0, ['array', 2, ['pointer64', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x1f0, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x1f8, ['array', 2, ['pointer64', ['void']]]],
+    'NextIrpCallerContext' : [ 0x208, ['array', 2, ['pointer64', ['void']]]],
+    'IrpCompleteEvent' : [ 0x218, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x230, ['pointer64', ['void']]],
+    'Accounting' : [ 0x238, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x268, ['unsigned long']],
+    'ComponentCount' : [ 0x26c, ['unsigned long']],
+    'Components' : [ 0x270, ['pointer64', ['pointer64', ['_POP_FX_COMPONENT']]]],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2451' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2453' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2451']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x60, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x40, ['pointer64', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x48, ['_LIST_ENTRY']],
+    'Specific' : [ 0x58, ['__unnamed_2453']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '__unnamed_2459' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_245b' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_245d' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_2459']],
+    'Bits' : [ 0x0, ['__unnamed_245b']],
+} ],
+  '_KLDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_245d']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x1a0, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+    'CrossPartition' : [ 0x18, ['_MI_PAGE_COMBINING_SUPPORT']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x30, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long long']],
+    'BadPagesDetected' : [ 0x8, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
+    'ScrubPasses' : [ 0x10, ['long']],
+    'ScrubBadPagesFound' : [ 0x14, ['long']],
+    'PageHashErrors' : [ 0x18, ['unsigned long']],
+    'FeatureBits' : [ 0x20, ['unsigned long long']],
+    'TimeZoneId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x68, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '_DELAY_ACK_FO' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x28, {
+    'CurrentCharges' : [ 0x0, ['unsigned long long']],
+    'ChargeFailures' : [ 0x8, ['unsigned long long']],
+    'ChargePeak' : [ 0x10, ['unsigned long long']],
+    'ChargeMinimum' : [ 0x18, ['unsigned long long']],
+    'ChargeMaximum' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x38, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long long']],
+    'TrimInProgressCount' : [ 0x8, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x10, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x28, ['array', 3, ['unsigned long']]],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SpareUlong' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATISTICS' : [ 0x50, {
+    'DeleteYield' : [ 0x0, ['unsigned long']],
+    'DeleteBad' : [ 0x4, ['unsigned long']],
+    'DeleteTrulyBad' : [ 0x8, ['unsigned long']],
+    'DeleteLargePage' : [ 0xc, ['unsigned long']],
+    'DeleteLargePageRetry' : [ 0x10, ['unsigned long']],
+    'DeleteZeroFree' : [ 0x14, ['unsigned long']],
+    'DeleteTransition' : [ 0x18, ['unsigned long']],
+    'DeleteStandbyReferenced' : [ 0x1c, ['unsigned long']],
+    'DeleteStandbyRelinkFailed' : [ 0x20, ['unsigned long']],
+    'DeleteStandbySharedPagefile' : [ 0x24, ['unsigned long']],
+    'DeleteStandbySharedFile' : [ 0x28, ['unsigned long']],
+    'DeleteModifiedReferenced' : [ 0x2c, ['unsigned long']],
+    'DeleteModified' : [ 0x30, ['unsigned long']],
+    'DeleteModifiedNoWrite' : [ 0x34, ['unsigned long']],
+    'DeleteModifiedSharedPagefile' : [ 0x38, ['unsigned long']],
+    'DeleteModifiedSharedFile' : [ 0x3c, ['unsigned long']],
+    'DeleteActiveSharedPagefile1' : [ 0x40, ['unsigned long']],
+    'DeleteActiveSharedPagefile2' : [ 0x44, ['unsigned long']],
+    'DeleteActiveSharedFile' : [ 0x48, ['unsigned long']],
+    'DeleteWriteDelay' : [ 0x4c, ['unsigned long']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_RESAVAIL_TRACKER' : [ 0x3c0, {
+    'AllocateKernelStack' : [ 0x0, ['unsigned long long']],
+    'AllocateGrowKernelStack' : [ 0x8, ['unsigned long long']],
+    'FreeKernelStack' : [ 0x10, ['unsigned long long']],
+    'FreeKernelStackError' : [ 0x18, ['unsigned long long']],
+    'FreeGrowKernelStackError' : [ 0x20, ['unsigned long long']],
+    'AllocateCreateProcess' : [ 0x28, ['unsigned long long']],
+    'FreeCreateProcessError' : [ 0x30, ['unsigned long long']],
+    'FreeDeleteProcess' : [ 0x38, ['unsigned long long']],
+    'FreeCleanProcess' : [ 0x40, ['unsigned long long']],
+    'FreeCleanProcessError' : [ 0x48, ['unsigned long long']],
+    'AllocateAddProcessWsMetaPage' : [ 0x50, ['unsigned long long']],
+    'AllocateWsIncrease' : [ 0x58, ['unsigned long long']],
+    'FreeWsIncreaseError' : [ 0x60, ['unsigned long long']],
+    'FreeWsIncreaseErrorMax' : [ 0x68, ['unsigned long long']],
+    'FreeWsDecrease' : [ 0x70, ['unsigned long long']],
+    'AllocateWorkingSetPage' : [ 0x78, ['unsigned long long']],
+    'FreeWorkingSetPageError' : [ 0x80, ['unsigned long long']],
+    'FreeDeletePteRange' : [ 0x88, ['unsigned long long']],
+    'AllocatePageTablesForProcessMetadata' : [ 0x90, ['unsigned long long']],
+    'FreePageTablesForProcessMetadataError2' : [ 0x98, ['unsigned long long']],
+    'AllocatePageTablesForSystem' : [ 0xa0, ['unsigned long long']],
+    'FreePageTablesExcess' : [ 0xa8, ['unsigned long long']],
+    'FreeSystemVaPageTables' : [ 0xb0, ['unsigned long long']],
+    'FreeSessionVaPageTables' : [ 0xb8, ['unsigned long long']],
+    'AllocateCreateSession' : [ 0xc0, ['unsigned long long']],
+    'FreeSessionWsDereference' : [ 0xc8, ['unsigned long long']],
+    'FreeSessionDereference' : [ 0xd0, ['unsigned long long']],
+    'AllocateLockedSessionImage' : [ 0xd8, ['unsigned long long']],
+    'FreeLockedSessionImage' : [ 0xe0, ['unsigned long long']],
+    'FreeSessionImageConversion' : [ 0xe8, ['unsigned long long']],
+    'AllocateWsAdjustPageTable' : [ 0xf0, ['unsigned long long']],
+    'FreeWsAdjustPageTable' : [ 0xf8, ['unsigned long long']],
+    'FreeWsAdjustPageTableError' : [ 0x100, ['unsigned long long']],
+    'AllocateNoLowMemory' : [ 0x108, ['unsigned long long']],
+    'AllocatePagedPoolLockedDown' : [ 0x110, ['unsigned long long']],
+    'FreePagedPoolLockedDown' : [ 0x118, ['unsigned long long']],
+    'AllocateSystemBitmaps' : [ 0x120, ['unsigned long long']],
+    'FreeSystemBitmapsError' : [ 0x128, ['unsigned long long']],
+    'AllocateForMdl' : [ 0x130, ['unsigned long long']],
+    'FreeFromMdl' : [ 0x138, ['unsigned long long']],
+    'AllocateForMdlPartition' : [ 0x140, ['unsigned long long']],
+    'FreeFromMdlPartition' : [ 0x148, ['unsigned long long']],
+    'FreeMdlExcess' : [ 0x150, ['unsigned long long']],
+    'AllocateExpansionNonPagedPool' : [ 0x158, ['unsigned long long']],
+    'FreeExpansionNonPagedPool' : [ 0x160, ['unsigned long long']],
+    'AllocateVad' : [ 0x168, ['unsigned long long']],
+    'RemoveVad' : [ 0x170, ['unsigned long long']],
+    'FreeVad' : [ 0x178, ['unsigned long long']],
+    'AllocateContiguous' : [ 0x180, ['unsigned long long']],
+    'FreeContiguousPages' : [ 0x188, ['unsigned long long']],
+    'FreeContiguousError' : [ 0x190, ['unsigned long long']],
+    'FreeLargePageMemory' : [ 0x198, ['unsigned long long']],
+    'AllocateSystemWsles' : [ 0x1a0, ['unsigned long long']],
+    'FreeSystemWsles' : [ 0x1a8, ['unsigned long long']],
+    'AllocateSystemInitWs' : [ 0x1b0, ['unsigned long long']],
+    'AllocateSessionInitWs' : [ 0x1b8, ['unsigned long long']],
+    'FreeSessionInitWsError' : [ 0x1c0, ['unsigned long long']],
+    'AllocateSystemImage' : [ 0x1c8, ['unsigned long long']],
+    'AllocateSystemImageLoad' : [ 0x1d0, ['unsigned long long']],
+    'AllocateSessionSharedImage' : [ 0x1d8, ['unsigned long long']],
+    'FreeSystemImageInitCode' : [ 0x1e0, ['unsigned long long']],
+    'FreeSystemImageLargePageConversion' : [ 0x1e8, ['unsigned long long']],
+    'FreeSystemImageError' : [ 0x1f0, ['unsigned long long']],
+    'FreeSystemImageLoadExcess' : [ 0x1f8, ['unsigned long long']],
+    'FreeUnloadSystemImage' : [ 0x200, ['unsigned long long']],
+    'FreeReloadBootImageLarge' : [ 0x208, ['unsigned long long']],
+    'FreeIndependent' : [ 0x210, ['unsigned long long']],
+    'AllocateHotAdd' : [ 0x218, ['unsigned long long']],
+    'AllocateHotRemove' : [ 0x220, ['unsigned long long']],
+    'FreeHotAdd' : [ 0x228, ['unsigned long long']],
+    'FreeHotAddEcc' : [ 0x230, ['unsigned long long']],
+    'FreeHotAddError' : [ 0x238, ['unsigned long long']],
+    'FreeHotAddUnmap' : [ 0x240, ['unsigned long long']],
+    'AllocateBoot' : [ 0x248, ['unsigned long long']],
+    'FreeLoaderBlock' : [ 0x250, ['unsigned long long']],
+    'AllocateNonPagedSpecialPool' : [ 0x258, ['unsigned long long']],
+    'FreeNonPagedSpecialPoolError' : [ 0x260, ['unsigned long long']],
+    'FreeNonPagedSpecialPool' : [ 0x268, ['unsigned long long']],
+    'AllocateSharedSegmentPage' : [ 0x270, ['unsigned long long']],
+    'FreeSharedSegmentPage' : [ 0x278, ['unsigned long long']],
+    'AllocateZeroPage' : [ 0x280, ['unsigned long long']],
+    'FreeZeroPage' : [ 0x288, ['unsigned long long']],
+    'AllocateForPo' : [ 0x290, ['unsigned long long']],
+    'AllocateForPoForce' : [ 0x298, ['unsigned long long']],
+    'FreeForPo' : [ 0x2a0, ['unsigned long long']],
+    'AllocateThreadHardFaultBehavior' : [ 0x2a8, ['unsigned long long']],
+    'FreeThreadHardFaultBehavior' : [ 0x2b0, ['unsigned long long']],
+    'ObtainFaultCharges' : [ 0x2b8, ['unsigned long long']],
+    'FreeFaultCharges' : [ 0x2c0, ['unsigned long long']],
+    'AllocateStoreCharges' : [ 0x2c8, ['unsigned long long']],
+    'FreeStoreCharges' : [ 0x2d0, ['unsigned long long']],
+    'ObtainLockedPageCharge' : [ 0x300, ['unsigned long long']],
+    'FreeLockedPageCharge' : [ 0x340, ['unsigned long long']],
+    'AllocateStore' : [ 0x348, ['unsigned long long']],
+    'FreeStore' : [ 0x350, ['unsigned long long']],
+    'AllocateSystemImageProtos' : [ 0x358, ['unsigned long long']],
+    'FreeSystemImageProtos' : [ 0x360, ['unsigned long long']],
+    'AllocateModWriterCharge' : [ 0x368, ['unsigned long long']],
+    'FreeModWriterCharge' : [ 0x370, ['unsigned long long']],
+    'AllocateMappedWriterCharge' : [ 0x378, ['unsigned long long']],
+    'FreeMappedWriterCharge' : [ 0x380, ['unsigned long long']],
+    'AllocateRegistryCharges' : [ 0x388, ['unsigned long long']],
+    'FreeRegistryCharges' : [ 0x390, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x38, ['long']],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x10, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x8, ['long']],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '__unnamed_24cf' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_24d1' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_24d3' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_24d5' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_24cf']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_24d1']],
+    'Raw' : [ 0x0, ['__unnamed_24d3']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0xc, ['__unnamed_24d5']],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0x1a0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x10, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x40, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x70, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedBitMapMaximum' : [ 0xb0, ['unsigned long long']],
+    'DynamicBitMapNonPagedPool' : [ 0xb8, ['_MI_DYNAMIC_BITMAP']],
+    'NonPagedPoolLowestPage' : [ 0x108, ['unsigned long long']],
+    'NonPagedPoolHighestPage' : [ 0x110, ['unsigned long long']],
+    'AllocatedNonPagedPool' : [ 0x118, ['unsigned long long']],
+    'PartialLargePoolRegions' : [ 0x120, ['unsigned long long']],
+    'PagesInPartialLargePoolRegions' : [ 0x128, ['unsigned long long']],
+    'CachedNonPagedPoolCount' : [ 0x130, ['unsigned long long']],
+    'NonPagedPoolSpinLock' : [ 0x138, ['unsigned long long']],
+    'CachedNonPagedPool' : [ 0x140, ['pointer64', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x148, ['pointer64', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x150, ['pointer64', ['void']]],
+    'NonPagedBitMap' : [ 0x158, ['array', 3, ['_RTL_BITMAP_EX']]],
+    'NonPagedHint' : [ 0x188, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LockState' : [ 0x0, ['pointer64', ['void']]],
+    'SessionState' : [ 0x8, ['pointer64', ['void']]],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'SessionPad' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_24e5' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x80, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_24e5']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'EvictionThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x28, ['_KEVENT']],
+    'EvictFlushCompleteEvent' : [ 0x40, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x60, ['_SLIST_HEADER']],
+    'EvictFlushLock' : [ 0x70, ['long']],
+    'ModifiedWriteFailedBitmap' : [ 0x78, ['pointer64', ['_RTL_BITMAP']]],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x10, ['unsigned long']],
+    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  '_SECTION_OBJECT' : [ 0x30, {
+    'StartingVa' : [ 0x0, ['pointer64', ['void']]],
+    'EndingVa' : [ 0x8, ['pointer64', ['void']]],
+    'Parent' : [ 0x10, ['pointer64', ['void']]],
+    'LeftChild' : [ 0x18, ['pointer64', ['void']]],
+    'RightChild' : [ 0x20, ['pointer64', ['void']]],
+    'Segment' : [ 0x28, ['pointer64', ['_SEGMENT_OBJECT']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['unsigned long']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
+    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '__unnamed_2525' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x108, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x60, ['array', 3, ['__unnamed_2525']]],
+    'WakeAlarmPaused' : [ 0xa8, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb0, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xb8, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x28, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPending' : [ 0x2a, ['unsigned char']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['unsigned short']]],
+    'DriverName' : [ 0x50, ['pointer64', ['unsigned short']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3d8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0x98, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x18, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0x10, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x28, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0x18, ['_RTL_BITMAP']],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x28, {
+    'NextEntry' : [ 0x0, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x410, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
+    'ProcessGroupId' : [ 0x408, ['unsigned long']],
+    'LoaderThreads' : [ 0x40c, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_LOCK_HEADER' : [ 0x20, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x8, ['unsigned long long']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+    'Valid' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MMSECTION_FLAGS2' : [ 0x4, {
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'NumberOfChildViews' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xe0, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+    'Xcr0' : [ 0xd8, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_POOL_HEADER' : [ 0x10, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+    'PoolTagHash' : [ 0xa, ['unsigned short']],
+} ],
+  '_PEB64' : [ 0x388, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'SparePvoid0' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['unsigned long long']],
+    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
+    'FlsBitmap' : [ 0x338, ['unsigned long long']],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pUnused' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MSUBSECTION' : [ 0x70, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x38, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long long']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_25f2' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x1f40, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_25f2']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
+    'NonPagablePages' : [ 0x28, ['unsigned long long']],
+    'CommittedPages' : [ 0x30, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x58, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x68, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x70, ['unsigned long']],
+    'AttachCount' : [ 0x74, ['unsigned long']],
+    'AttachGate' : [ 0x78, ['_KGATE']],
+    'WsListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0xc0, ['array', 21, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xb40, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xb60, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xb98, ['_MMSUPPORT']],
+    'Wsle' : [ 0xc98, ['pointer64', ['_MMWSLE']]],
+    'DriverUnload' : [ 0xca0, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PagedPool' : [ 0xcc0, ['_POOL_DESCRIPTOR']],
+    'PageDirectory' : [ 0x1e00, ['_MMPTE']],
+    'SessionVaLock' : [ 0x1e08, ['_EX_PUSH_LOCK']],
+    'DynamicVaBitMap' : [ 0x1e10, ['_RTL_BITMAP']],
+    'DynamicVaHint' : [ 0x1e20, ['unsigned long']],
+    'SpecialPool' : [ 0x1e28, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1e78, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x1e80, ['long']],
+    'PagedPoolPdeCount' : [ 0x1e84, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1e88, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1e8c, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1e90, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1ef0, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1ef8, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x1f00, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1f08, ['unsigned long long']],
+    'IoState' : [ 0x1f10, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1f14, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1f18, ['_KEVENT']],
+    'ServerSilo' : [ 0x1f30, ['pointer64', ['_ESILO']]],
+    'CreateTime' : [ 0x1f38, ['unsigned long long']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x60, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x20, ['unsigned long long']],
+    'ActualExpansion' : [ 0x28, ['unsigned long long']],
+    'Event' : [ 0x30, ['_KEVENT']],
+    'InProgress' : [ 0x48, ['long']],
+    'u' : [ 0x4c, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+    'ActiveEntry' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'AttemptForCantExtend' : [ 0x58, ['unsigned char']],
+    'PageFileContract' : [ 0x59, ['unsigned char']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '__unnamed_2603' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_2606' : [ 0x8, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x88, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x40, ['__unnamed_2603']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u4' : [ 0x78, ['__unnamed_2606']],
+    'FileObject' : [ 0x80, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x8, ['long long']],
+    'SidCount' : [ 0x10, ['unsigned long']],
+    'SidValuesStart' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x58, {
+    'PartitionLock' : [ 0x0, ['unsigned long long']],
+    'PartitionIdLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x10, ['unsigned long long']],
+    'PartitionList' : [ 0x18, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x30, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x40, ['array', 1, ['pointer64', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x48, ['pointer64', ['pointer64', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x50, ['unsigned long long']],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x20, ['unsigned char']],
+    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
+    'OplockState' : [ 0x90, ['unsigned long']],
+    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
+} ],
+  '_MI_LARGEPAGE_MEMORY_INFO' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ColoredPageInfoBase' : [ 0x10, ['pointer64', ['_COLORED_PAGE_INFO']]],
+    'PagesNeedZeroing' : [ 0x18, ['unsigned long']],
+    'LargeImageBias' : [ 0x1c, ['unsigned char']],
+    'Spare' : [ 0x1d, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x20, ['unsigned long long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x90, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Foreground' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'WindowInformation' : [ 0x68, ['unsigned long']],
+    'PixelArea' : [ 0x6c, ['unsigned long']],
+    'PixelReportTimestamp' : [ 0x70, ['long long']],
+    'PixelTime' : [ 0x78, ['unsigned long long']],
+    'ForegroundReportTimestamp' : [ 0x80, ['long long']],
+    'ForegroundTime' : [ 0x88, ['unsigned long long']],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x88, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x8, ['unsigned long long']],
+    'DummyPagePfn' : [ 0x10, ['pointer64', ['_MMPFN']]],
+    'DummyPage' : [ 0x18, ['unsigned long long']],
+    'PageOfZeroes' : [ 0x20, ['unsigned long long']],
+    'ZeroMapping' : [ 0x28, ['pointer64', ['void']]],
+    'OnesMapping' : [ 0x30, ['pointer64', ['void']]],
+    'BitmapGapFrames' : [ 0x38, ['array', 4, ['unsigned long long']]],
+    'PfnGapFrames' : [ 0x58, ['array', 4, ['unsigned long long']]],
+    'PageTableOfOnes' : [ 0x78, ['unsigned long long']],
+    'PdeOfOnes' : [ 0x80, ['_MMPTE']],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_2632' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x30, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SessionId' : [ 0x18, ['unsigned long']],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x20, ['pointer64', ['_MMPTE']]],
+    'u2' : [ 0x28, ['__unnamed_2632']],
+} ],
+  '_MMPFNLIST_SHORT' : [ 0x18, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Flink' : [ 0x8, ['unsigned long long']],
+    'Blink' : [ 0x10, ['unsigned long long']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x28, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
+    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
+    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_264d' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x78, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x20, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x28, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x30, ['unsigned long long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x38, ['unsigned long long']],
+    'MdlHack' : [ 0x40, ['__unnamed_264d']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x190, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'ProcessorCount' : [ 0xc0, ['unsigned long']],
+    'Class' : [ 0xc4, ['unsigned char']],
+    'Spare' : [ 0xc5, ['array', 3, ['unsigned char']]],
+    'Processors' : [ 0xc8, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0xd0, ['pointer64', ['void']]],
+    'TimeWindowHandler' : [ 0xd8, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0xe0, ['pointer64', ['void']]],
+    'BoostModeHandler' : [ 0xe8, ['pointer64', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0xf0, ['pointer64', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0xf8, ['pointer64', ['void']]],
+    'AutonomousModeHandler' : [ 0x100, ['pointer64', ['void']]],
+    'ReinitializeHandler' : [ 0x108, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x110, ['pointer64', ['void']]],
+    'PerfControlHandler' : [ 0x118, ['pointer64', ['void']]],
+    'MaxFrequency' : [ 0x120, ['unsigned long']],
+    'NominalFrequency' : [ 0x124, ['unsigned long']],
+    'MaxPercent' : [ 0x128, ['unsigned long']],
+    'MinPerfPercent' : [ 0x12c, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x130, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x138, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x140, ['unsigned long long']],
+    'Coordination' : [ 0x148, ['unsigned char']],
+    'HardPlatformCap' : [ 0x149, ['unsigned char']],
+    'AffinitizeControl' : [ 0x14a, ['unsigned char']],
+    'EfficientThrottle' : [ 0x14b, ['unsigned char']],
+    'AutonomousMode' : [ 0x14c, ['unsigned char']],
+    'SelectedPercent' : [ 0x150, ['unsigned long']],
+    'SelectedFrequency' : [ 0x154, ['unsigned long']],
+    'DesiredPercent' : [ 0x158, ['unsigned long']],
+    'MaxPolicyPercent' : [ 0x15c, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x160, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0x164, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0x168, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x16c, ['unsigned long']],
+    'TolerancePercent' : [ 0x170, ['unsigned long']],
+    'SelectedState' : [ 0x178, ['unsigned long long']],
+    'PerfChangeTime' : [ 0x180, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x188, ['unsigned long']],
+    'Force' : [ 0x18c, ['unsigned char']],
+    'ProvideGuidance' : [ 0x18d, ['unsigned char']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_TABLE' : [ 0x800, {
+    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x8, ['pointer64', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x10, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_RELATION_LIST' : [ 0x10, {
+    'DeviceObjectList' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x8, ['unsigned char']],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MI_STANDBY_STATE' : [ 0xc0, {
+    'TransitionSharedPages' : [ 0x0, ['unsigned long long']],
+    'TransitionSharedPagesPeak' : [ 0x8, ['array', 3, ['unsigned long long']]],
+    'FirstDecayPage' : [ 0x20, ['unsigned long long']],
+    'PfnDecayFreeSList' : [ 0x30, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x40, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x48, ['_KDPC']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'Enabled' : [ 0x8, ['unsigned long']],
+    'DisableAccessLogging' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'MinLoggingPriority' : [ 0x30, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x18, {
+    'QueueHead' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueTail' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x10, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0x40, ['_RTL_BITMAP']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
+    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x18, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_FAST_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x80, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x10, ['short']],
+    'SpecialApcDisable' : [ 0x12, ['short']],
+    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
+    'Irql' : [ 0x14, ['unsigned char']],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_DYNAMIC_FUNCTION_TABLE' : [ 0x58, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
+    'MinimumAddress' : [ 0x20, ['unsigned long long']],
+    'MaximumAddress' : [ 0x28, ['unsigned long long']],
+    'BaseAddress' : [ 0x30, ['unsigned long long']],
+    'Callback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['unsigned short']]],
+    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'RF_SORTED', 1: u'RF_UNSORTED', 2: u'RF_CALLBACK', 3: u'RF_KERNEL_DYNAMIC'})]],
+    'EntryCount' : [ 0x54, ['unsigned long']],
+} ],
+  '_SEP_LOWBOX_HANDLES_TABLE' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_26b1' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_26b3' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_26b1']],
+    'Button' : [ 0x10, ['__unnamed_26b3']],
+} ],
+  '_KDPC_DATA' : [ 0x28, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_KSCB' : [ 0x198, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x70, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x70, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x70, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x70, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x70, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare1' : [ 0x70, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x71, ['unsigned char']],
+    'ReadySummary' : [ 0x72, ['unsigned short']],
+    'Rank' : [ 0x74, ['unsigned long']],
+    'ReadyListHead' : [ 0x78, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0x178, ['_RTL_RB_TREE']],
+    'Parent' : [ 0x188, ['pointer64', ['_KSCB']]],
+    'Root' : [ 0x190, ['pointer64', ['_KSCB']]],
+} ],
+  '__unnamed_26c2' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_26c3' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_26c2']],
+    'Merged' : [ 0x10, ['__unnamed_26c3']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x48, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x18, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x1c, ['long']],
+    'FirstReservedZeroingPte' : [ 0x20, ['pointer64', ['_MMPTE']]],
+    'RebalanceZeroFreeWorkItem' : [ 0x28, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
+    'BeginAddress' : [ 0x0, ['unsigned long']],
+    'EndAddress' : [ 0x4, ['unsigned long']],
+    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
+    'UnwindData' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_26d2' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_26d2']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Processors' : [ 0x8, ['unsigned long']],
+    'ActiveProcessors' : [ 0xc, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_26ea' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_26ec' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_26ea']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x110, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_26ec']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'PoolPageHeaders' : [ 0x30, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x40, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x50, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x54, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x5c, ['unsigned long']],
+    'PagedBytes' : [ 0x60, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x70, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x80, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x84, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x88, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x8c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x90, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x94, ['unsigned long']],
+    'LockedBytes' : [ 0x98, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xa0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xc0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xd0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xe8, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0xf8, ['unsigned long']],
+    'ExecutePageProtections' : [ 0xfc, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x100, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x104, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x108, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x58, {
+    'Sibling' : [ 0x0, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x78, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
+    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
+    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned long']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0xb0, {
+    'FixupLock' : [ 0x0, ['long']],
+    'FixupList' : [ 0x8, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x18, ['_KMUTANT']],
+    'FirstLoadEver' : [ 0x50, ['unsigned char']],
+    'LargePageAll' : [ 0x51, ['unsigned char']],
+    'LastPage' : [ 0x58, ['unsigned long long']],
+    'LargePageList' : [ 0x60, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x70, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x80, ['array', 2, ['pointer64', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x90, ['unsigned long long']],
+    'PageCounts' : [ 0x98, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0xa8, ['_EX_PUSH_LOCK']],
+} ],
+  '_PTE_TRACKER' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x4, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'IsInTempBin' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2719' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x10, ['pointer64', ['void']]],
+    'ExceptionTableSize' : [ 0x18, ['unsigned long']],
+    'GpValue' : [ 0x20, ['pointer64', ['void']]],
+    'NonPagedDebugInfo' : [ 0x28, ['pointer64', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'u1' : [ 0x6e, ['__unnamed_2719']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x7c, ['unsigned long']],
+    'CoverageSection' : [ 0x80, ['pointer64', ['void']]],
+    'LoadedImports' : [ 0x88, ['pointer64', ['void']]],
+    'Spare' : [ 0x90, ['pointer64', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x98, ['unsigned long']],
+    'TimeDateStamp' : [ 0x9c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
+    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'Scaling' : [ 0x22, ['unsigned char']],
+    'Context' : [ 0x28, ['unsigned long long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x50, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x8, ['long']],
+    'PrefetchSeekThreshold' : [ 0xc, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x30, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x34, ['unsigned long']],
+    'DelayPageFaults' : [ 0x38, ['long']],
+    'FileCompressionBoundary' : [ 0x3c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x40, ['unsigned char']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_FILE_EXTENTS' : [ 0x8, {
+    'WaitList' : [ 0x0, ['pointer64', ['_MI_FILE_EXTENTS_WAIT_BLOCK']]],
+} ],
+  '_HMAP_ENTRY' : [ 0x28, {
+    'BlockOffset' : [ 0x0, ['unsigned long long']],
+    'PermanentBinAddress' : [ 0x8, ['unsigned long long']],
+    'TemporaryBinAddress' : [ 0x10, ['unsigned long long']],
+    'TemporaryBinRundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+    'MemAlloc' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x28, ['unsigned char']],
+    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x3f8, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'TimeUnit' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x270, ['unsigned long']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_274b' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_274e' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x1b0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Event' : [ 0x20, ['_KEVENT']],
+    'CollidedEvent' : [ 0x38, ['_KEVENT']],
+    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
+    'ApcState' : [ 0x68, ['_KAPC_STATE']],
+    'Thread' : [ 0x98, ['pointer64', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0xa0, ['pointer64', ['_MMPFN']]],
+    'PteContents' : [ 0xa8, ['_MMPTE']],
+    'WaitCount' : [ 0xb0, ['long']],
+    'ByteCount' : [ 0xb4, ['unsigned long']],
+    'u3' : [ 0xb8, ['__unnamed_274b']],
+    'u1' : [ 0xbc, ['__unnamed_274e']],
+    'FilePointer' : [ 0xc0, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xc8, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0xc8, ['pointer64', ['_SUBSECTION']]],
+    'Autoboost' : [ 0xd0, ['pointer64', ['void']]],
+    'FaultingAddress' : [ 0xd8, ['pointer64', ['void']]],
+    'PointerPte' : [ 0xe0, ['pointer64', ['_MMPTE']]],
+    'BasePte' : [ 0xe8, ['pointer64', ['_MMPTE']]],
+    'Pfn' : [ 0xf0, ['pointer64', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0xf8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0x100, ['_MDL']],
+    'Page' : [ 0x130, ['array', 16, ['unsigned long long']]],
+    'FlowThrough' : [ 0x130, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x20, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'PaddingFor16ByteAlignment' : [ 0x8, ['unsigned long long']],
+    'CloneCommitCount' : [ 0x10, ['unsigned long long']],
+    'u1' : [ 0x10, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0x18, ['unsigned long long']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+    'ActivityId' : [ 0x38, ['_GUID']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'LowboxNumber' : [ 0x28, ['unsigned long']],
+    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x20, ['pointer64', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x28, ['long']],
+    'Active' : [ 0x2c, ['long']],
+    'FreeWhenDone' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_CFG_BITMAP_INFO' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'RegionSize' : [ 0x8, ['unsigned long long']],
+    'BitmapVad' : [ 0x10, ['pointer64', ['_MMVAD']]],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x80, {
+    'StandbyListDiscard' : [ 0x0, ['unsigned long']],
+    'CrashDumpInitialized' : [ 0x4, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x5, ['unsigned char']],
+    'SystemShutdown' : [ 0x8, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0xc, ['long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'FreeListDiscard' : [ 0x48, ['unsigned char']],
+    'MirrorHoldsPfn' : [ 0x50, ['pointer64', ['_ETHREAD']]],
+    'MirroringActive' : [ 0x58, ['unsigned long']],
+    'MirrorBitMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP_EX']]],
+    'MirrorBitMapInterlocked' : [ 0x68, ['pointer64', ['_RTL_BITMAP_EX']]],
+    'MirrorListLocks' : [ 0x70, ['pointer64', ['void']]],
+    'CrashDumpPte' : [ 0x78, ['pointer64', ['_MMPTE']]],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x30, ['pointer64', ['void']]],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'Index' : [ 0x60, ['unsigned short']],
+    'Flags' : [ 0x62, ['unsigned char']],
+    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'EnableMask' : [ 0x63, ['unsigned char']],
+    'GroupEnableMask' : [ 0x64, ['unsigned char']],
+    'UseDescriptorType' : [ 0x65, ['unsigned char']],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_HVIEW_MAP_PIN_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x3c, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x58, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x8, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 59, native_type='unsigned long long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x118, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x90, ['pointer64', ['void']]],
+    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0xb0, ['pointer64', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
+    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
+    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0xf8, ['unsigned long long']],
+    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
+    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
+    'ReferenceCount' : [ 0x114, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'AllStacksInUse' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_DRIVER_VA' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'Hint' : [ 0x20, ['unsigned long']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x50, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0x18, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x1c, ['unsigned long']],
+    'LowestLink' : [ 0x20, ['unsigned long']],
+    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
+    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x48, ['unsigned long']],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1d0, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x1a8, ['_LIST_ENTRY']],
+    'Status' : [ 0x1b8, ['long']],
+    'FailedDevice' : [ 0x1c0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1c8, ['unsigned char']],
+    'Cancelled' : [ 0x1c9, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1ca, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1cb, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x10, {
+    'PreferredMask' : [ 0x0, ['unsigned long long']],
+    'AvailableMask' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0xf8, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xa8, ['_UNICODE_STRING']],
+    'Latency' : [ 0xb8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xbc, ['unsigned long']],
+    'Power' : [ 0xc0, ['unsigned long']],
+    'StateFlags' : [ 0xc4, ['unsigned long']],
+    'VetoAccounting' : [ 0xc8, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0xf0, ['unsigned char']],
+    'InterruptsEnabled' : [ 0xf1, ['unsigned char']],
+    'Interruptible' : [ 0xf2, ['unsigned char']],
+    'ContextRetained' : [ 0xf3, ['unsigned char']],
+    'CacheCoherent' : [ 0xf4, ['unsigned char']],
+    'WakesSpuriously' : [ 0xf5, ['unsigned char']],
+    'PlatformOnly' : [ 0xf6, ['unsigned char']],
+    'NoCState' : [ 0xf7, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'DeadPteTrackerSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x10, ['unsigned long long']],
+    'MdlTrackerLookaside' : [ 0x40, ['_NPAGED_LOOKASIDE_LIST']],
+    'PteTrackingBitmap' : [ 0xc0, ['_RTL_BITMAP_EX']],
+    'CachedPteHeads' : [ 0xd0, ['pointer64', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xd8, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPages' : [ 0x138, ['unsigned char']],
+    'QueuedStacks' : [ 0x140, ['_SLIST_HEADER']],
+    'StackGrowthFailures' : [ 0x150, ['unsigned long']],
+    'TrackPtesAborted' : [ 0x154, ['unsigned char']],
+    'AdjustCounter' : [ 0x155, ['unsigned char']],
+    'QueuedStacksWorkItem' : [ 0x158, ['_MI_QUEUED_DEADSTACK_WORKITEM']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x18, ['long']],
+    'HighWaterMark' : [ 0x1c, ['unsigned long']],
+    'Reserved' : [ 0x20, ['array', 8, ['unsigned long']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_27ec' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x20, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
+    'NodeCount' : [ 0x8, ['unsigned long long']],
+    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x18, ['unsigned long']],
+    'u1' : [ 0x1c, ['__unnamed_27ec']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned char']],
+    'DripsRequiredState' : [ 0xc, ['unsigned long']],
+    'Level' : [ 0x10, ['long']],
+    'ActiveStamp' : [ 0x18, ['long long']],
+    'CsActiveTime' : [ 0x20, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x28, ['long long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x38, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ISR_THUNK' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x2b0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x100, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x60, ['long']],
+    'ActiveEvent' : [ 0x68, ['_KEVENT']],
+    'IdleLock' : [ 0x80, ['unsigned long long']],
+    'IdleConditionComplete' : [ 0x88, ['long']],
+    'IdleStateComplete' : [ 0x8c, ['long']],
+    'IdleStamp' : [ 0x90, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x98, ['unsigned long']],
+    'IdleStateCount' : [ 0x9c, ['unsigned long']],
+    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
+    'ProviderCount' : [ 0xac, ['unsigned long']],
+    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
+    'DependentCount' : [ 0xbc, ['unsigned long']],
+    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0xf8, ['pointer64', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x38, {
+    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
+    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
+    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
+    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
+    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
+    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
+    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PROVIDER_BINARY_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x10, ['unsigned char']],
+    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0x14, ['unsigned long']],
+    'DebugId' : [ 0x18, ['_CVDD']],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'StackLimitHits' : [ 0x8038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
+    'TotalReleases' : [ 0x8048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
+    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
+    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8168, ['long']],
+    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
+    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x40, {
+    'PagesLoad' : [ 0x0, ['long long']],
+    'PagesAverage' : [ 0x8, ['unsigned long long']],
+    'AverageAvailablePages' : [ 0x10, ['unsigned long long']],
+    'PagesWritten' : [ 0x18, ['unsigned long long']],
+    'WritesIssued' : [ 0x20, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x24, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x28, ['unsigned long']],
+    'WriteBurstCount' : [ 0x2c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x30, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x38, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x3e, ['unsigned short']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3e0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_UOW' : [ 0x60, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x50, ['unsigned long']],
+    'OldValueCell' : [ 0x50, ['unsigned long']],
+    'NewValueCell' : [ 0x54, ['unsigned long']],
+    'UserFlags' : [ 0x50, ['unsigned long']],
+    'LastWriteTime' : [ 0x50, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x50, ['unsigned long']],
+    'OldChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x50, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x58, ['unsigned long']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2867' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2869' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2867']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2869']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_287e' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_287e']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_HVIEW_MAP_ENTRY' : [ 0x20, {
+    'ViewStart' : [ 0x0, ['pointer64', ['void']]],
+    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Bcb' : [ 0x8, ['pointer64', ['void']]],
+    'PinnedPages' : [ 0x10, ['unsigned long long']],
+    'Size' : [ 0x18, ['unsigned long']],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '_KIST_BASE_FRAME' : [ 0x20, {
+    'KernelGsBase' : [ 0x0, ['pointer64', ['_KPCR']]],
+    'IstStack' : [ 0x8, ['pointer64', ['_KIST_LINK_FRAME']]],
+    'PreviousGsBase' : [ 0x10, ['unsigned long long']],
+    'PreviousCr3' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Lock' : [ 0x20, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x38, ['pointer64', ['void']]],
+    'Enabled' : [ 0x40, ['unsigned char']],
+    'ActiveEngaged' : [ 0x41, ['unsigned char']],
+    'ThrottleLimit' : [ 0x42, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x43, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x48, ['pointer64', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Interface' : [ 0x58, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'HashKey' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x520, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x508, ['unsigned long']],
+    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x510, ['unsigned long']],
+    'YieldCount' : [ 0x514, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COLORED_PAGE_INFO' : [ 0x18, {
+    'BeingZeroed' : [ 0x0, ['long']],
+    'Processor' : [ 0x4, ['unsigned long']],
+    'PagesQueued' : [ 0x8, ['unsigned long long']],
+    'PfnAllocation' : [ 0x10, ['pointer64', ['_MMPFN']]],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_MI_POOL_STATE' : [ 0xf0, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long long']],
+    'NonPagedPoolSListMaximum' : [ 0x8, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x18, ['unsigned long long']],
+    'BadPoolHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'PoolFailures' : [ 0x28, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x4c, ['array', 11, ['unsigned long']]],
+    'LowPagedPoolThreshold' : [ 0x78, ['unsigned long long']],
+    'HighPagedPoolThreshold' : [ 0x80, ['unsigned long long']],
+    'PagedPoolSListMaximum' : [ 0x88, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x8c, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0xa0, ['unsigned long long']],
+    'SpecialPoolRejected' : [ 0xa8, ['array', 9, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0xd0, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0xd8, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0xdc, ['unsigned long']],
+    'TotalPagedPoolQuota' : [ 0xe0, ['unsigned long long']],
+    'TotalNonPagedPoolQuota' : [ 0xe8, ['unsigned long long']],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x13c, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'OffloadedAudio' : [ 0x12d, ['unsigned char']],
+    'NonOffloadedAudio' : [ 0x12e, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12f, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsUserAwaySetting' : [ 0x134, ['unsigned char']],
+    'WiFiInStandby' : [ 0x138, ['unsigned long']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_DEFERRED_WRITE' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_28fa' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_28fc' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_28fa']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_28fc']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x58, {
+    'IoPfnLock' : [ 0x0, ['unsigned long long']],
+    'IoPfnRoot' : [ 0x8, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x20, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x30, ['unsigned long']],
+    'IoCacheStats' : [ 0x38, ['_MI_IO_CACHE_STATS']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_VF_AVL_TABLE' : [ 0xc0, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['long']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DeviceNode' : [ 0x30, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '__unnamed_2914' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2916' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_291c' : [ 0x10, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer64', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_2920' : [ 0x10, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NotifyTypeCreate', 1: u'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x8, ['unsigned char']],
+} ],
+  '__unnamed_2922' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2914']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2916']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_291c']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_2920']],
+    'Others' : [ 0x0, ['__unnamed_2922']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
+    'Function' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long long']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x70, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '__unnamed_2930' : [ 0x8, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_SECTION' : [ 0x40, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u1' : [ 0x28, ['__unnamed_2930']],
+    'SizeOfSection' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_16c3']],
+    'InitialPageProtection' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x3c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x38, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ActiveCooling' : [ 0x28, ['pointer64', ['void']]],
+    'PassiveCooling' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x28, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_PROC_PERF_CHECK' : [ 0xc0, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'Snap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'TempSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'TaggedThreadPercent' : [ 0xb8, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0xba, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0xbb, ['unsigned char']],
+} ],
+  '__unnamed_293f' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2941' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2943' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_293f']],
+    'Interrupt' : [ 0x0, ['__unnamed_2941']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_2941']],
+    'Sci' : [ 0x0, ['__unnamed_2941']],
+    'Nmi' : [ 0x0, ['__unnamed_2941']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_2943']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x1d0, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'VerifyKernelPhaseOnResume' : [ 0x3, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x4, ['unsigned char']],
+    'InitializationFinished' : [ 0x5, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x30, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x50, ['unsigned long']],
+    'ClonedPageCount' : [ 0x58, ['unsigned long long']],
+    'CurrentMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x68, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x70, ['unsigned long long']],
+    'LoaderMdl' : [ 0x78, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x80, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x88, ['unsigned long long']],
+    'IoPages' : [ 0x90, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x98, ['unsigned long']],
+    'CurrentMcb' : [ 0xa0, ['pointer64', ['void']]],
+    'DumpStack' : [ 0xa8, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0xb0, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0xb8, ['unsigned long']],
+    'Status' : [ 0xbc, ['long']],
+    'GraphicsProc' : [ 0xc0, ['unsigned long']],
+    'MemoryImage' : [ 0xc8, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0xd8, ['pointer64', ['_MDL']]],
+    'SiLogOffset' : [ 0xe0, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0xe8, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0xf0, ['pointer64', ['void']]],
+    'ResumeContext' : [ 0xf8, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0x100, ['unsigned long']],
+    'SecurePages' : [ 0x104, ['unsigned long']],
+    'ProcessorCount' : [ 0x108, ['unsigned long']],
+    'ProcessorContext' : [ 0x110, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0x118, ['pointer64', ['unsigned char']]],
+    'ProdConsSize' : [ 0x120, ['unsigned long']],
+    'MaxDataPages' : [ 0x124, ['unsigned long']],
+    'ExtraBuffer' : [ 0x128, ['pointer64', ['void']]],
+    'ExtraBufferSize' : [ 0x130, ['unsigned long long']],
+    'ExtraMapVa' : [ 0x138, ['pointer64', ['void']]],
+    'BitlockerKeyPFN' : [ 0x140, ['unsigned long long']],
+    'IoInfo' : [ 0x148, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x1b8, ['pointer64', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x1c0, ['unsigned long long']],
+    'HardwareConfigurationSignature' : [ 0x1c8, ['unsigned long']],
+    'IumEnabled' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0xa0, {
+    'Component' : [ 0x0, ['pointer64', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x8, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x30, ['pointer64', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x38, ['unsigned long']],
+    'LastChangeStamp' : [ 0x40, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x48, ['unsigned char']],
+    'PepRegistered' : [ 0x49, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x4a, ['unsigned char']],
+    'RequestDriverContext' : [ 0x50, ['pointer64', ['void']]],
+    'WorkOrder' : [ 0x58, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x90, ['unsigned long']],
+    'Sets' : [ 0x98, ['pointer64', ['_POP_FX_PERF_SET']]],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'MpnId' : [ 0x8, ['unsigned short']],
+    'Node' : [ 0xa, ['unsigned short']],
+    'Channel' : [ 0xc, ['unsigned short']],
+    'IsPowerManageable' : [ 0xe, ['unsigned char']],
+    'DeepPowerState' : [ 0xf, ['unsigned char']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x178, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
+    'PointersLength' : [ 0x118, ['unsigned long']],
+    'ModulePrefix' : [ 0x120, ['pointer64', ['unsigned short']]],
+    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x138, ['_STRING']],
+    'ProgMsg' : [ 0x148, ['_STRING']],
+    'DoneMsg' : [ 0x158, ['_STRING']],
+    'FileObject' : [ 0x168, ['pointer64', ['void']]],
+    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_KIST_LINK_FRAME' : [ 0x20, {
+    'IstBaseFrame' : [ 0x0, ['pointer64', ['_KIST_BASE_FRAME']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'Reserved0' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
+    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
+    'Code' : [ 0x20, ['unsigned long']],
+    'Parameter1' : [ 0x28, ['unsigned long long']],
+    'Parameter2' : [ 0x30, ['unsigned long long']],
+    'Parameter3' : [ 0x38, ['unsigned long long']],
+    'Parameter4' : [ 0x40, ['unsigned long long']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x48, {
+    'ViewOffset' : [ 0x0, ['unsigned long']],
+    'Pinned' : [ 0x4, ['unsigned char']],
+    'PinMask' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_2986' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_2986']],
+} ],
+  '__unnamed_298a' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_298a']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_FILE_EXTENTS_WAIT_BLOCK' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_FILE_EXTENTS_WAIT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x3b0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long long']],
+    'HiberFlags' : [ 0x38, ['unsigned char']],
+    'spare' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'NoFreePages' : [ 0x48, ['unsigned long']],
+    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
+    'WakeCheck' : [ 0x50, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
+    'FirstSecureRestorePage' : [ 0x60, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x68, ['unsigned long long']],
+    'FirstKernelRestorePage' : [ 0x70, ['unsigned long long']],
+    'FirstChecksumRestorePage' : [ 0x78, ['unsigned long long']],
+    'NoChecksumEntries' : [ 0x80, ['unsigned long long']],
+    'PerfInfo' : [ 0x88, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x268, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x270, ['array', 1, ['unsigned long long']]],
+    'SiLogOffset' : [ 0x278, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x27c, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x280, ['array', 24, ['unsigned long long']]],
+    'NotUsed' : [ 0x340, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x344, ['unsigned long']],
+    'ResumeContextPages' : [ 0x348, ['unsigned long']],
+    'Hiberboot' : [ 0x34c, ['unsigned char']],
+    'HvCr3' : [ 0x350, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x358, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x360, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x368, ['unsigned long long']],
+    'BootFlags' : [ 0x370, ['unsigned long long']],
+    'HalEntryPointPhysical' : [ 0x378, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x380, ['unsigned long long']],
+    'BitlockerKeyPfns' : [ 0x388, ['array', 4, ['unsigned long long']]],
+    'HardwareSignature' : [ 0x3a8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned short']],
+    'Flags' : [ 0x16, ['unsigned short']],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1e0, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x48, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x4c, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x50, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x58, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x60, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x68, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x78, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x80, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xc8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xd0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xd8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xe0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xe8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0xf0, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0xf8, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x100, ['unsigned long long']],
+    'IoBoundedness' : [ 0x108, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x110, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x118, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x120, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x128, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x130, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x138, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x140, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x148, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x150, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x158, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x160, ['unsigned long long']],
+    'AnimationStart' : [ 0x168, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x170, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x178, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x180, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x188, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x190, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x198, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1a0, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1a8, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1b0, ['unsigned long long']],
+    'BytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'PagesWritten' : [ 0x1c0, ['unsigned long']],
+    'FileRuns' : [ 0x1c4, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1c8, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1cc, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1d0, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1d8, ['unsigned long long']],
+} ],
+  '_MI_QUEUED_DEADSTACK_WORKITEM' : [ 0x28, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x38, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long long']]],
+    'InitialInPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x10, ['pointer64', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['_RTL_BALANCED_NODE']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
+    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
+    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'CopyTicks' : [ 0x20, ['unsigned long long']],
+    'CompressTicks' : [ 0x28, ['unsigned long long']],
+    'BytesCopied' : [ 0x30, ['unsigned long long']],
+    'PagesProcessed' : [ 0x38, ['unsigned long long']],
+    'DecompressTicks' : [ 0x40, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x78, ['unsigned long']],
+    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x20, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_MI_DYNAMIC_BITMAP' : [ 0x50, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'MaximumSize' : [ 0x10, ['unsigned long long']],
+    'Hint' : [ 0x18, ['unsigned long long']],
+    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
+    'SizeTopDown' : [ 0x28, ['unsigned long long']],
+    'HintTopDown' : [ 0x30, ['unsigned long long']],
+    'BaseVaTopDown' : [ 0x38, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+    'Vm' : [ 0x48, ['pointer64', ['_MMSUPPORT']]],
+} ],
+  '_POP_IO_INFO' : [ 0x70, {
+    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x10, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
+    'RequestSize' : [ 0x28, ['unsigned long long']],
+    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x38, ['unsigned long long']],
+    'Buffer' : [ 0x40, ['pointer64', ['void']]],
+    'AsyncCapable' : [ 0x48, ['unsigned char']],
+    'BytesToRead' : [ 0x50, ['unsigned long long']],
+    'Pages' : [ 0x58, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x60, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x68, ['unsigned short']],
+} ],
+  '_LDRP_CSLIST' : [ 0x8, {
+    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer64', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '__unnamed_29c9' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_29cb' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29ce' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_29d2' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x50, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x38, ['__unnamed_29c9']],
+    'XapicMessage' : [ 0x40, ['__unnamed_29cb']],
+    'Hypertransport' : [ 0x40, ['__unnamed_29ce']],
+    'GenericMessage' : [ 0x40, ['__unnamed_29cb']],
+    'MessageRequest' : [ 0x40, ['__unnamed_29d2']],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_29e0' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['pointer64', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_29e2' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x30, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'Unit' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x20, ['__unnamed_29e0']],
+    'Range' : [ 0x20, ['__unnamed_29e2']],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_29f3' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_29f5' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_29f7' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_29f3']],
+    'Gpt' : [ 0x0, ['__unnamed_29f5']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
+    'HiberResume' : [ 0x6a, ['unsigned char']],
+    'Reserved1' : [ 0x6b, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_29f7']],
+    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
+    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
+    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x20, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long long']],
+    'ActiveCacheMatch' : [ 0x8, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x14, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x30, ['unsigned short']],
+    'ReplyIndex' : [ 0x32, ['unsigned short']],
+    'Flags' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_KDPC_LIST' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x178, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '__unnamed_2a2c' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a2e' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2a2c']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2a31' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a33' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2a31']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2a2e']],
+    'HighPart' : [ 0x4, ['__unnamed_2a33']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2a43' : [ 0x8, {
+    'MessageAddressLow' : [ 0x0, ['unsigned long']],
+    'MessageData' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+} ],
+  '__unnamed_2a45' : [ 0x8, {
+    'RemappedFormat' : [ 0x0, ['_ULARGE_INTEGER']],
+    'Msi' : [ 0x0, ['__unnamed_2a43']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_2a45']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x8, ['pointer64', ['unsigned short']]],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+} ],
+}
diff --git a/volatility/plugins/overlays/windows/win10_x86_10240_17770_vtypes.py b/volatility/plugins/overlays/windows/win10_x86_10240_17770_vtypes.py
new file mode 100644
index 000000000..36f2bbaba
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_10240_17770_vtypes.py
@@ -0,0 +1,12718 @@
+ntkrpamp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'Reserved12' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCallPad' : [ 0x308, ['array', 3, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'Reserved8' : [ 0x36c, ['array', 20, ['unsigned char']]],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_107d' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_107d']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1081' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1081']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_109c' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_109e' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_109c']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x4, ['pointer', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x8, ['pointer', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0xc, ['pointer', ['void']]],
+    'RaceDll' : [ 0x10, ['pointer', ['void']]],
+    'ActivationContext' : [ 0x14, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x18, ['pointer', ['void']]],
+    'u' : [ 0x1c, ['__unnamed_109e']],
+    'CallbackPriority' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x24, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x1c, ['pointer', ['void']]],
+    'ClientId' : [ 0x20, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['pointer', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x30, ['pointer', ['_PEB']]],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['pointer', ['void']]],
+    'Win32ThreadInfo' : [ 0x40, ['pointer', ['void']]],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['pointer', ['void']]],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['pointer', ['void']]]],
+    'SystemReserved1' : [ 0x10c, ['array', 38, ['pointer', ['void']]]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['pointer', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['pointer', ['void']]],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['pointer', ['void']]],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['pointer', ['void']]]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['pointer', ['void']]],
+    'glSectionInfo' : [ 0xbe0, ['pointer', ['void']]],
+    'glSection' : [ 0xbe4, ['pointer', ['void']]],
+    'glTable' : [ 0xbe8, ['pointer', ['void']]],
+    'glCurrentRC' : [ 0xbec, ['pointer', ['void']]],
+    'glContext' : [ 0xbf0, ['pointer', ['void']]],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['pointer', ['void']]],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['pointer', ['void']]]],
+    'TlsLinks' : [ 0xf10, ['_LIST_ENTRY']],
+    'Vdm' : [ 0xf18, ['pointer', ['void']]],
+    'ReservedForNtRpc' : [ 0xf1c, ['pointer', ['void']]],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['pointer', ['void']]]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['pointer', ['void']]]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['pointer', ['void']]],
+    'PerflibData' : [ 0xf64, ['pointer', ['void']]],
+    'EtwTraceData' : [ 0xf68, ['pointer', ['void']]],
+    'WinSockData' : [ 0xf6c, ['pointer', ['void']]],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['pointer', ['void']]],
+    'ReservedForOle' : [ 0xf80, ['pointer', ['void']]],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['pointer', ['void']]],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['pointer', ['void']]],
+    'TlsExpansionSlots' : [ 0xf94, ['pointer', ['pointer', ['void']]]],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['pointer', ['void']]],
+    'pShimData' : [ 0xfa4, ['pointer', ['void']]],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['pointer', ['void']]],
+    'ActiveFrame' : [ 0xfb0, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0xfb4, ['pointer', ['void']]],
+    'PreferredLanguages' : [ 0xfb8, ['pointer', ['void']]],
+    'UserPrefLanguages' : [ 0xfbc, ['pointer', ['void']]],
+    'MergedPrefLanguages' : [ 0xfc0, ['pointer', ['void']]],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['pointer', ['void']]],
+    'TxnScopeExitCallback' : [ 0xfd0, ['pointer', ['void']]],
+    'TxnScopeContext' : [ 0xfd4, ['pointer', ['void']]],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['pointer', ['void']]],
+    'ReservedForWdf' : [ 0xfe4, ['pointer', ['void']]],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x8, {
+    'Flink' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x4, {
+    'Next' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0xc, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0xc, {
+    'ChainHead' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x14, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0xc, ['pointer', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x24, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned short']]],
+} ],
+  '_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_IMAGE_NT_HEADERS' : [ 0xf8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Min' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0xc, {
+    'Children' : [ 0x0, ['array', 2, ['pointer', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x4, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x6020, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'Used_ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Used_StackBase' : [ 0x4, ['pointer', ['void']]],
+    'MxCsr' : [ 0x8, ['unsigned long']],
+    'TssCopy' : [ 0xc, ['pointer', ['void']]],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'SetMemberCopy' : [ 0x14, ['unsigned long']],
+    'Used_Self' : [ 0x18, ['pointer', ['void']]],
+    'SelfPcr' : [ 0x1c, ['pointer', ['_KPCR']]],
+    'Prcb' : [ 0x20, ['pointer', ['_KPRCB']]],
+    'Irql' : [ 0x24, ['unsigned char']],
+    'IRR' : [ 0x28, ['unsigned long']],
+    'IrrActive' : [ 0x2c, ['unsigned long']],
+    'IDR' : [ 0x30, ['unsigned long']],
+    'KdVersionBlock' : [ 0x34, ['pointer', ['void']]],
+    'IDT' : [ 0x38, ['pointer', ['_KIDTENTRY']]],
+    'GDT' : [ 0x3c, ['pointer', ['_KGDTENTRY']]],
+    'TSS' : [ 0x40, ['pointer', ['_KTSS']]],
+    'MajorVersion' : [ 0x44, ['unsigned short']],
+    'MinorVersion' : [ 0x46, ['unsigned short']],
+    'SetMember' : [ 0x48, ['unsigned long']],
+    'StallScaleFactor' : [ 0x4c, ['unsigned long']],
+    'SpareUnused' : [ 0x50, ['unsigned char']],
+    'Number' : [ 0x51, ['unsigned char']],
+    'Spare0' : [ 0x52, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x53, ['unsigned char']],
+    'VdmAlert' : [ 0x54, ['unsigned long']],
+    'KernelReserved' : [ 0x58, ['array', 14, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0x90, ['unsigned long']],
+    'HalReserved' : [ 0x94, ['array', 16, ['unsigned long']]],
+    'InterruptMode' : [ 0xd4, ['unsigned long']],
+    'Spare1' : [ 0xd8, ['unsigned char']],
+    'KernelReserved2' : [ 0xdc, ['array', 17, ['unsigned long']]],
+    'PrcbData' : [ 0x120, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x5f00, {
+    'MinorVersion' : [ 0x0, ['unsigned short']],
+    'MajorVersion' : [ 0x2, ['unsigned short']],
+    'CurrentThread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'NextThread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'IdleThread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'LegacyNumber' : [ 0x10, ['unsigned char']],
+    'NestingLevel' : [ 0x11, ['unsigned char']],
+    'BuildType' : [ 0x12, ['unsigned short']],
+    'CpuType' : [ 0x14, ['unsigned char']],
+    'CpuID' : [ 0x15, ['unsigned char']],
+    'CpuStep' : [ 0x16, ['unsigned short']],
+    'CpuStepping' : [ 0x16, ['unsigned char']],
+    'CpuModel' : [ 0x17, ['unsigned char']],
+    'ProcessorState' : [ 0x18, ['_KPROCESSOR_STATE']],
+    'ParentNode' : [ 0x338, ['pointer', ['_KNODE']]],
+    'PriorityState' : [ 0x33c, ['pointer', ['unsigned char']]],
+    'KernelReserved' : [ 0x340, ['array', 14, ['unsigned long']]],
+    'HalReserved' : [ 0x378, ['array', 16, ['unsigned long']]],
+    'CFlushSize' : [ 0x3b8, ['unsigned long']],
+    'CoresPerPhysicalProcessor' : [ 0x3bc, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x3bd, ['unsigned char']],
+    'CpuVendor' : [ 0x3be, ['unsigned char']],
+    'PrcbPad0' : [ 0x3bf, ['array', 1, ['unsigned char']]],
+    'MHz' : [ 0x3c0, ['unsigned long']],
+    'GroupIndex' : [ 0x3c4, ['unsigned char']],
+    'Group' : [ 0x3c5, ['unsigned char']],
+    'PrcbPad05' : [ 0x3c6, ['array', 2, ['unsigned char']]],
+    'GroupSetMember' : [ 0x3c8, ['unsigned long']],
+    'Number' : [ 0x3cc, ['unsigned long']],
+    'ClockOwner' : [ 0x3d0, ['unsigned char']],
+    'PendingTickFlags' : [ 0x3d1, ['unsigned char']],
+    'PendingTick' : [ 0x3d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x3d1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PrcbPad10' : [ 0x3d2, ['array', 70, ['unsigned char']]],
+    'LockQueue' : [ 0x418, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'InterruptCount' : [ 0x4a0, ['unsigned long']],
+    'KernelTime' : [ 0x4a4, ['unsigned long']],
+    'UserTime' : [ 0x4a8, ['unsigned long']],
+    'DpcTime' : [ 0x4ac, ['unsigned long']],
+    'DpcTimeCount' : [ 0x4b0, ['unsigned long']],
+    'InterruptTime' : [ 0x4b4, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4b8, ['unsigned long']],
+    'PageColor' : [ 0x4bc, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4c0, ['unsigned char']],
+    'NodeColor' : [ 0x4c1, ['unsigned char']],
+    'DeepSleep' : [ 0x4c2, ['unsigned char']],
+    'PrcbPad20' : [ 0x4c3, ['array', 5, ['unsigned char']]],
+    'NodeShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x4cc, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4d0, ['unsigned long']],
+    'PrcbPad21' : [ 0x4d4, ['array', 3, ['unsigned long']]],
+    'CcFastReadNoWait' : [ 0x4e0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x4e4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x4e8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x4ec, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x4f0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x4f4, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x4f8, ['long']],
+    'IoReadOperationCount' : [ 0x4fc, ['long']],
+    'IoWriteOperationCount' : [ 0x500, ['long']],
+    'IoOtherOperationCount' : [ 0x504, ['long']],
+    'IoReadTransferCount' : [ 0x508, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x510, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x518, ['_LARGE_INTEGER']],
+    'CcFastMdlReadNoWait' : [ 0x520, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x524, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x528, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x52c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x530, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x534, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x538, ['unsigned long']],
+    'CcPinReadWait' : [ 0x53c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x540, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x544, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x548, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x54c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x550, ['unsigned long']],
+    'CcDataFlushes' : [ 0x554, ['unsigned long']],
+    'CcDataPages' : [ 0x558, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x55c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x560, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x564, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x568, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x56c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x570, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x574, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x578, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x57c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x580, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x584, ['unsigned long']],
+    'KeAlignmentFixupCount' : [ 0x588, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x58c, ['unsigned long']],
+    'KeSystemCalls' : [ 0x590, ['unsigned long']],
+    'AvailableTime' : [ 0x594, ['unsigned long']],
+    'PrcbPad22' : [ 0x598, ['array', 2, ['unsigned long']]],
+    'PPLookasideList' : [ 0x5a0, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x620, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0xf20, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x1820, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x2120, ['long']],
+    'ReverseStall' : [ 0x2124, ['long']],
+    'IpiFrame' : [ 0x2128, ['pointer', ['void']]],
+    'PrcbPad3' : [ 0x212c, ['array', 52, ['unsigned char']]],
+    'CurrentPacket' : [ 0x2160, ['array', 3, ['pointer', ['void']]]],
+    'TargetSet' : [ 0x216c, ['unsigned long']],
+    'WorkerRoutine' : [ 0x2170, ['pointer', ['void']]],
+    'IpiFrozen' : [ 0x2174, ['unsigned long']],
+    'PrcbPad4' : [ 0x2178, ['array', 40, ['unsigned char']]],
+    'RequestSummary' : [ 0x21a0, ['unsigned long']],
+    'TargetCount' : [ 0x21a4, ['long']],
+    'TrappedSecurityDomain' : [ 0x21a8, ['unsigned long long']],
+    'BpbState' : [ 0x21b0, ['unsigned char']],
+    'BpbIbrsPresent' : [ 0x21b0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbStibpPresent' : [ 0x21b0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbSmepPresent' : [ 0x21b0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbSimulateIbrs' : [ 0x21b0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbSimulateIbpb' : [ 0x21b0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'BpbCpuIdle' : [ 0x21b0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'BpbReserved' : [ 0x21b0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'PrcbPad50' : [ 0x21b1, ['array', 31, ['unsigned char']]],
+    'InterruptLastCount' : [ 0x21d0, ['unsigned long']],
+    'InterruptRate' : [ 0x21d4, ['unsigned long']],
+    'DeviceInterrupts' : [ 0x21d8, ['unsigned long']],
+    'IsrDpcStats' : [ 0x21dc, ['pointer', ['void']]],
+    'DpcData' : [ 0x21e0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2210, ['pointer', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2214, ['long']],
+    'DpcRequestRate' : [ 0x2218, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x221c, ['unsigned long']],
+    'DpcLastCount' : [ 0x2220, ['unsigned long']],
+    'PrcbLock' : [ 0x2224, ['unsigned long']],
+    'DpcGate' : [ 0x2228, ['_KGATE']],
+    'IdleState' : [ 0x2238, ['unsigned char']],
+    'QuantumEnd' : [ 0x2239, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x223a, ['unsigned char']],
+    'IdleSchedule' : [ 0x223b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x223c, ['long']],
+    'DpcRequestSlot' : [ 0x223c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x223c, ['short']],
+    'ThreadDpcState' : [ 0x223e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x223c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x223c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x223c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x223c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x223c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x223c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x223c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x223c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x223c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x223c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2240, ['unsigned long']],
+    'LastTick' : [ 0x2244, ['unsigned long']],
+    'PeriodicCount' : [ 0x2248, ['unsigned long']],
+    'PeriodicBias' : [ 0x224c, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2250, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2254, ['unsigned long']],
+    'GroupSchedulingOverQuota' : [ 0x2258, ['unsigned char']],
+    'ThreadDpcEnable' : [ 0x2259, ['unsigned char']],
+    'PrcbPad41' : [ 0x225a, ['array', 2, ['unsigned char']]],
+    'TimerTable' : [ 0x2260, ['_KTIMER_TABLE']],
+    'CallDpc' : [ 0x3aa0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x3ac0, ['long']],
+    'PrcbPad6' : [ 0x3ac4, ['array', 4, ['unsigned char']]],
+    'DpcWatchdogPeriod' : [ 0x3ac8, ['long']],
+    'DpcWatchdogCount' : [ 0x3acc, ['long']],
+    'KeSpinLockOrdering' : [ 0x3ad0, ['long']],
+    'PrcbPad70' : [ 0x3ad4, ['array', 1, ['unsigned long']]],
+    'QueueIndex' : [ 0x3ad8, ['unsigned long']],
+    'DeferredReadyListHead' : [ 0x3adc, ['_SINGLE_LIST_ENTRY']],
+    'ReadySummary' : [ 0x3ae0, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x3ae4, ['long']],
+    'WaitLock' : [ 0x3ae8, ['unsigned long']],
+    'WaitListHead' : [ 0x3aec, ['_LIST_ENTRY']],
+    'ScbOffset' : [ 0x3af4, ['unsigned long']],
+    'StartCycles' : [ 0x3af8, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x3b00, ['unsigned long long']],
+    'TaggedCycles' : [ 0x3b08, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x3b18, ['unsigned long long']],
+    'CycleTime' : [ 0x3b20, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x3b28, ['unsigned long long']],
+    'HighCycleTime' : [ 0x3b30, ['unsigned long']],
+    'Cycles' : [ 0x3b38, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad71' : [ 0x3b78, ['array', 10, ['unsigned long']]],
+    'DispatcherReadyListHead' : [ 0x3ba0, ['array', 32, ['_LIST_ENTRY']]],
+    'ChainedInterruptList' : [ 0x3ca0, ['pointer', ['void']]],
+    'LookasideIrpFloat' : [ 0x3ca4, ['long']],
+    'ScbQueue' : [ 0x3ca8, ['_RTL_RB_TREE']],
+    'ScbList' : [ 0x3cb0, ['_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x3cb8, ['long']],
+    'MmCopyOnWriteCount' : [ 0x3cbc, ['long']],
+    'MmTransitionCount' : [ 0x3cc0, ['long']],
+    'MmCacheTransitionCount' : [ 0x3cc4, ['long']],
+    'MmDemandZeroCount' : [ 0x3cc8, ['long']],
+    'MmPageReadCount' : [ 0x3ccc, ['long']],
+    'MmPageReadIoCount' : [ 0x3cd0, ['long']],
+    'MmCacheReadCount' : [ 0x3cd4, ['long']],
+    'MmCacheIoCount' : [ 0x3cd8, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x3cdc, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x3ce0, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x3ce4, ['long']],
+    'MmMappedWriteIoCount' : [ 0x3ce8, ['long']],
+    'CachedCommit' : [ 0x3cec, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x3cf0, ['unsigned long']],
+    'HyperPte' : [ 0x3cf4, ['pointer', ['void']]],
+    'PrcbPad8' : [ 0x3cf8, ['array', 4, ['unsigned char']]],
+    'VendorString' : [ 0x3cfc, ['array', 13, ['unsigned char']]],
+    'InitialApicId' : [ 0x3d09, ['unsigned char']],
+    'LogicalProcessorsPerPhysicalProcessor' : [ 0x3d0a, ['unsigned char']],
+    'PrcbPad9' : [ 0x3d0b, ['array', 1, ['unsigned char']]],
+    'FeatureBits' : [ 0x3d10, ['unsigned long long']],
+    'UpdateSignature' : [ 0x3d18, ['_LARGE_INTEGER']],
+    'IsrTime' : [ 0x3d20, ['unsigned long long']],
+    'PrcbPad90' : [ 0x3d28, ['array', 2, ['unsigned long']]],
+    'PowerState' : [ 0x3d30, ['_PROCESSOR_POWER_STATE']],
+    'PrcbPad91' : [ 0x3eb0, ['array', 17, ['unsigned long']]],
+    'DpcWatchdogDpc' : [ 0x3ef4, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x3f18, ['_KTIMER']],
+    'HypercallPageList' : [ 0x3f40, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x3f48, ['pointer', ['void']]],
+    'VirtualApicAssist' : [ 0x3f4c, ['pointer', ['void']]],
+    'StatisticsPage' : [ 0x3f50, ['pointer', ['unsigned long long']]],
+    'Cache' : [ 0x3f54, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x3f90, ['unsigned long']],
+    'PackageProcessorSet' : [ 0x3f94, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x3fa0, ['unsigned long']],
+    'SharedReadyQueue' : [ 0x3fa4, ['pointer', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x3fa8, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x3fac, ['unsigned long']],
+    'ScanSiblingMask' : [ 0x3fb0, ['unsigned long']],
+    'LLCMask' : [ 0x3fb4, ['unsigned long']],
+    'CacheProcessorMask' : [ 0x3fb8, ['array', 5, ['unsigned long']]],
+    'ScanSiblingIndex' : [ 0x3fcc, ['unsigned long']],
+    'WheaInfo' : [ 0x3fd0, ['pointer', ['void']]],
+    'EtwSupport' : [ 0x3fd4, ['pointer', ['void']]],
+    'InterruptObjectPool' : [ 0x3fd8, ['_SLIST_HEADER']],
+    'PrcbPad92' : [ 0x3fe0, ['array', 3, ['unsigned long']]],
+    'PteBitCache' : [ 0x3fec, ['unsigned long']],
+    'PteBitOffset' : [ 0x3ff0, ['unsigned long']],
+    'PrcbPad93' : [ 0x3ff4, ['unsigned long']],
+    'ProcessorProfileControlArea' : [ 0x3ff8, ['pointer', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x3ffc, ['pointer', ['void']]],
+    'TimerExpirationDpc' : [ 0x4000, ['_KDPC']],
+    'SynchCounters' : [ 0x4020, ['_SYNCH_COUNTERS']],
+    'FsCounters' : [ 0x40d8, ['_FILESYSTEM_DISK_COUNTERS']],
+    'Context' : [ 0x40e8, ['pointer', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x40ec, ['unsigned long']],
+    'ExtendedState' : [ 0x40f0, ['pointer', ['_XSAVE_AREA']]],
+    'EntropyTimingState' : [ 0x40f4, ['_KENTROPY_TIMING_STATE']],
+    'IsrStack' : [ 0x421c, ['pointer', ['void']]],
+    'VectorToInterruptObject' : [ 0x4220, ['array', 208, ['pointer', ['_KINTERRUPT']]]],
+    'AbSelfIoBoostsList' : [ 0x4560, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x4564, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x4568, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x4588, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x45dc, ['_IOP_IRP_STACK_PROFILER']],
+    'TimerExpirationTrace' : [ 0x4630, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x4730, ['unsigned long']],
+    'ExSaPageArray' : [ 0x4734, ['pointer', ['void']]],
+    'PrcbPad100' : [ 0x4738, ['array', 10, ['unsigned long']]],
+    'LocalSharedReadyQueue' : [ 0x4760, ['_KSHARED_READY_QUEUE']],
+    'PrcbPad95' : [ 0x4894, ['array', 12, ['unsigned char']]],
+    'Mailbox' : [ 0x48a0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'PrcbPad' : [ 0x48a4, ['array', 1596, ['unsigned char']]],
+    'KernelDirectoryTableBase' : [ 0x4ee0, ['unsigned long']],
+    'EspBaseShadow' : [ 0x4ee4, ['unsigned long']],
+    'UserEspShadow' : [ 0x4ee8, ['unsigned long']],
+    'ShadowFlags' : [ 0x4eec, ['unsigned long']],
+    'UserDS' : [ 0x4ef0, ['unsigned long']],
+    'UserES' : [ 0x4ef4, ['unsigned long']],
+    'UserFS' : [ 0x4ef8, ['unsigned long']],
+    'EspIretd' : [ 0x4efc, ['pointer', ['void']]],
+    'RestoreSegOption' : [ 0x4f00, ['unsigned long']],
+    'SavedEsi' : [ 0x4f04, ['unsigned long']],
+    'DbgLogs' : [ 0x4f08, ['array', 512, ['unsigned long']]],
+    'DbgCount' : [ 0x5708, ['unsigned long']],
+    'PrcbPadRemaingPage' : [ 0x570c, ['array', 501, ['unsigned long']]],
+    'RequestMailbox' : [ 0x5ee0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KAPC' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x14, ['pointer', ['void']]],
+    'RundownRoutine' : [ 0x18, ['pointer', ['void']]],
+    'NormalRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Reserved' : [ 0x14, ['array', 3, ['pointer', ['void']]]],
+    'NormalContext' : [ 0x20, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x24, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x28, ['pointer', ['void']]],
+    'ApcStateIndex' : [ 0x2c, ['unsigned char']],
+    'ApcMode' : [ 0x2d, ['unsigned char']],
+    'Inserted' : [ 0x2e, ['unsigned char']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_KPROCESS' : [ 0xa8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x18, ['unsigned long']],
+    'LdtDescriptor' : [ 0x1c, ['_KGDTENTRY']],
+    'Int21Descriptor' : [ 0x24, ['_KIDTENTRY']],
+    'ThreadListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x34, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x38, ['unsigned long long']],
+    'Affinity' : [ 0x40, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x4c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x54, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x58, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x64, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'DisableBoost' : [ 0x64, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='long')]],
+    'DisableQuantum' : [ 0x64, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='long')]],
+    'DeepFreeze' : [ 0x64, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x64, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x64, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SpareFlags0' : [ 0x64, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x64, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x64, ['BitField', dict(start_bit = 9, end_bit = 32, native_type='long')]],
+    'ProcessFlags' : [ 0x64, ['long']],
+    'BasePriority' : [ 0x68, ['unsigned char']],
+    'QuantumReset' : [ 0x69, ['unsigned char']],
+    'Visited' : [ 0x6a, ['unsigned char']],
+    'Flags' : [ 0x6b, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x6c, ['array', 1, ['unsigned long']]],
+    'IdealNode' : [ 0x70, ['array', 1, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x72, ['unsigned short']],
+    'AddressPolicy' : [ 0x74, ['unsigned char']],
+    'Spare1' : [ 0x75, ['unsigned char']],
+    'IopmOffset' : [ 0x76, ['unsigned short']],
+    'SchedulingGroup' : [ 0x78, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'StackCount' : [ 0x7c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x80, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x88, ['unsigned long long']],
+    'ContextSwitches' : [ 0x90, ['unsigned long long']],
+    'FreezeCount' : [ 0x98, ['unsigned long']],
+    'KernelTime' : [ 0x9c, ['unsigned long']],
+    'UserTime' : [ 0xa0, ['unsigned long']],
+    'VdmTrapcHandler' : [ 0xa4, ['pointer', ['void']]],
+} ],
+  '_KTHREAD' : [ 0x348, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x10, ['pointer', ['void']]],
+    'QuantumTarget' : [ 0x18, ['unsigned long long']],
+    'InitialStack' : [ 0x20, ['pointer', ['void']]],
+    'StackLimit' : [ 0x24, ['pointer', ['void']]],
+    'StackBase' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLock' : [ 0x2c, ['unsigned long']],
+    'CycleTime' : [ 0x30, ['unsigned long long']],
+    'HighCycleTime' : [ 0x38, ['unsigned long']],
+    'ServiceTable' : [ 0x3c, ['pointer', ['void']]],
+    'CurrentRunTime' : [ 0x40, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x44, ['unsigned long']],
+    'KernelStack' : [ 0x48, ['pointer', ['void']]],
+    'StateSaveArea' : [ 0x4c, ['pointer', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x50, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x54, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x55, ['unsigned char']],
+    'Alerted' : [ 0x56, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x58, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x58, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x58, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x58, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x58, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x58, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x58, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x58, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x58, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x58, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x58, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x58, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x58, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x58, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x58, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x58, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x58, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x58, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x58, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x58, ['long']],
+    'AutoAlignment' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlagsSpare0' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'GuiThread' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x5c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x5c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x5c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x5c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x5c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x5c, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x5c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x5c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CommitFailTerminateRequest' : [ 0x5c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x5c, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x5c, ['BitField', dict(start_bit = 19, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x5c, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x5c, ['long']],
+    'Tag' : [ 0x60, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x61, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x63, ['unsigned char']],
+    'SystemCallNumber' : [ 0x64, ['unsigned long']],
+    'FirstArgument' : [ 0x68, ['pointer', ['void']]],
+    'TrapFrame' : [ 0x6c, ['pointer', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x70, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x70, ['array', 23, ['unsigned char']]],
+    'Priority' : [ 0x87, ['unsigned char']],
+    'UserIdealProcessor' : [ 0x88, ['unsigned long']],
+    'ContextSwitches' : [ 0x8c, ['unsigned long']],
+    'State' : [ 0x90, ['unsigned char']],
+    'Spare12' : [ 0x91, ['unsigned char']],
+    'WaitIrql' : [ 0x92, ['unsigned char']],
+    'WaitMode' : [ 0x93, ['unsigned char']],
+    'WaitStatus' : [ 0x94, ['long']],
+    'WaitBlockList' : [ 0x98, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0x9c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x9c, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xa4, ['pointer', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xa8, ['pointer', ['void']]],
+    'RelativeTimerBias' : [ 0xb0, ['unsigned long long']],
+    'Timer' : [ 0xb8, ['_KTIMER']],
+    'WaitBlock' : [ 0xe0, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill8' : [ 0xe0, ['array', 20, ['unsigned char']]],
+    'ThreadCounters' : [ 0xf4, ['pointer', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0xe0, ['array', 44, ['unsigned char']]],
+    'XStateSave' : [ 0x10c, ['pointer', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0xe0, ['array', 68, ['unsigned char']]],
+    'Win32Thread' : [ 0x124, ['pointer', ['void']]],
+    'WaitBlockFill11' : [ 0xe0, ['array', 88, ['unsigned char']]],
+    'WaitTime' : [ 0x138, ['unsigned long']],
+    'KernelApcDisable' : [ 0x13c, ['short']],
+    'SpecialApcDisable' : [ 0x13e, ['short']],
+    'CombinedApcDisable' : [ 0x13c, ['unsigned long']],
+    'QueueListEntry' : [ 0x140, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x148, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x148, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x148, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x14c, ['long']],
+    'Process' : [ 0x150, ['pointer', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x154, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x154, ['array', 6, ['unsigned char']]],
+    'PreviousMode' : [ 0x15a, ['unsigned char']],
+    'BasePriority' : [ 0x15b, ['unsigned char']],
+    'PriorityDecrement' : [ 0x15c, ['unsigned char']],
+    'ForegroundBoost' : [ 0x15c, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x15c, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x15d, ['unsigned char']],
+    'AdjustReason' : [ 0x15e, ['unsigned char']],
+    'AdjustIncrement' : [ 0x15f, ['unsigned char']],
+    'AffinityVersion' : [ 0x160, ['unsigned long']],
+    'Affinity' : [ 0x164, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x164, ['array', 6, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x16a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x16b, ['unsigned char']],
+    'IdealProcessor' : [ 0x16c, ['unsigned long']],
+    'Spare15' : [ 0x170, ['array', 1, ['unsigned long']]],
+    'SavedApcState' : [ 0x174, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x174, ['array', 23, ['unsigned char']]],
+    'WaitReason' : [ 0x18b, ['unsigned char']],
+    'SuspendCount' : [ 0x18c, ['unsigned char']],
+    'Saturation' : [ 0x18d, ['unsigned char']],
+    'SListFaultCount' : [ 0x18e, ['unsigned short']],
+    'SchedulerApc' : [ 0x190, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x190, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x191, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x190, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x193, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x190, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x194, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x190, ['array', 36, ['unsigned char']]],
+    'WaitPrcb' : [ 0x1b4, ['pointer', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x190, ['array', 40, ['unsigned char']]],
+    'LegoData' : [ 0x1b8, ['pointer', ['void']]],
+    'SchedulerApcFill5' : [ 0x190, ['array', 47, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x1bf, ['unsigned char']],
+    'UserTime' : [ 0x1c0, ['unsigned long']],
+    'SuspendEvent' : [ 0x1c4, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x1d4, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x1dc, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x1e4, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x1e5, ['unsigned char']],
+    'Spare20' : [ 0x1e6, ['unsigned short']],
+    'LockEntries' : [ 0x1e8, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x308, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x30c, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x310, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x320, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x324, ['long']],
+    'KeReferenceCount' : [ 0x328, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x32a, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x32b, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x32c, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x330, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x330, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x334, ['unsigned long']],
+    'QueuedScb' : [ 0x338, ['pointer', ['_KSCB']]],
+    'NpxState' : [ 0x340, ['unsigned long long']],
+} ],
+  '_KSTACK_CONTROL' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'ActualLimit' : [ 0x4, ['unsigned long']],
+    'StackExpansion' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousTrapFrame' : [ 0x8, ['pointer', ['_KTRAP_FRAME']]],
+    'PreviousExceptionList' : [ 0xc, ['pointer', ['void']]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Event' : [ 0xc, ['_KEVENT']],
+    'OldIrql' : [ 0x1c, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_SLIST_HEADER' : [ 0x8, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x4, ['unsigned short']],
+    'CpuId' : [ 0x6, ['unsigned short']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x48, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['unsigned long']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['_FAST_MUTEX']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer', ['void']]],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Parameter' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer', ['void']]],
+    'DeleteContext' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x8, {
+    'P' : [ 0x0, ['pointer', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x4, ['pointer', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x100, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long']],
+    'IdleSmtSet' : [ 0x4, ['unsigned long']],
+    'IdleCpuSet' : [ 0x8, ['unsigned long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long']],
+    'IdleConstrainedSet' : [ 0x44, ['unsigned long']],
+    'NonParkedSet' : [ 0x48, ['unsigned long']],
+    'ParkLock' : [ 0x4c, ['long']],
+    'Seed' : [ 0x50, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x84, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x84, ['array', 6, ['unsigned char']]],
+    'NodeNumber' : [ 0x8a, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x8c, ['unsigned short']],
+    'Stride' : [ 0x8e, ['unsigned char']],
+    'Spare0' : [ 0x8f, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x90, ['unsigned long']],
+    'ProximityId' : [ 0x94, ['unsigned long']],
+    'Lowest' : [ 0x98, ['unsigned long']],
+    'Highest' : [ 0x9c, ['unsigned long']],
+    'MaximumProcessors' : [ 0xa0, ['unsigned char']],
+    'Flags' : [ 0xa1, ['_flags']],
+    'Spare10' : [ 0xa2, ['unsigned char']],
+    'HeteroSets' : [ 0xa4, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+} ],
+  '_ENODE' : [ 0x380, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'ExWorkQueues' : [ 0x100, ['array', 8, ['pointer', ['_EX_WORK_QUEUE']]]],
+    'ExWorkQueue' : [ 0x120, ['_EX_WORK_QUEUE']],
+    'ExpThreadSetManagerEvent' : [ 0x2d8, ['_KEVENT']],
+    'ExpDeadlockTimer' : [ 0x2e8, ['_KTIMER']],
+    'ExpThreadReaperEvent' : [ 0x310, ['_KEVENT']],
+    'WaitBlocks' : [ 0x320, ['array', 3, ['_KWAIT_BLOCK']]],
+    'ExpWorkerThreadBalanceManagerPtr' : [ 0x368, ['pointer', ['_ETHREAD']]],
+    'ExpWorkerSeed' : [ 0x36c, ['unsigned long']],
+    'ExWorkerFullInit' : [ 0x370, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ExWorkerStructInit' : [ 0x370, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ExWorkerFlags' : [ 0x370, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE' : [ 0x5c, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long']],
+    'QuotaProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x10, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'StrictFIFO' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x1c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x1c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x24, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x28, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x28, ['array', 20, ['unsigned char']]],
+    'DebugInfo' : [ 0x3c, ['pointer', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x4, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'VolatileLowValue' : [ 0x0, ['long']],
+    'LowValue' : [ 0x0, ['long']],
+    'InfoTable' : [ 0x0, ['pointer', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x4, ['long']],
+    'NextFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x4, ['_EXHANDLE']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'RefCountField' : [ 0x4, ['long']],
+    'GrantedAccessBits' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'ProtectFromClose' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'RefCnt' : [ 0x4, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_FAST_REF' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1321' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0x74, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'AuxData' : [ 0x30, ['pointer', ['void']]],
+    'Privileges' : [ 0x34, ['__unnamed_1321']],
+    'AuditPrivileges' : [ 0x60, ['unsigned char']],
+    'ObjectName' : [ 0x64, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x6c, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xc4, {
+    'PrivilegesUsed' : [ 0x0, ['pointer', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x4, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x14, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x18, ['unsigned long']],
+    'TransactionId' : [ 0x1c, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x30, ['pointer', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x34, ['pointer', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x38, ['pointer', ['void']]],
+    'SDLock' : [ 0x3c, ['pointer', ['void']]],
+    'AccessReasons' : [ 0x40, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xc0, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x458, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x348, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x350, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x350, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x358, ['pointer', ['void']]],
+    'PostBlockList' : [ 0x35c, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x35c, ['pointer', ['void']]],
+    'StartAddress' : [ 0x360, ['pointer', ['void']]],
+    'TerminationPort' : [ 0x364, ['pointer', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x364, ['pointer', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x364, ['pointer', ['void']]],
+    'ActiveTimerListLock' : [ 0x368, ['unsigned long']],
+    'ActiveTimerListHead' : [ 0x36c, ['_LIST_ENTRY']],
+    'Cid' : [ 0x374, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x37c, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x37c, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x390, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x394, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x39c, ['unsigned long']],
+    'DeviceToVerify' : [ 0x3a0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x3a4, ['pointer', ['void']]],
+    'LegacyPowerObject' : [ 0x3a8, ['pointer', ['void']]],
+    'ThreadListEntry' : [ 0x3ac, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x3b4, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x3b8, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x3bc, ['unsigned long']],
+    'MmLockOrdering' : [ 0x3c0, ['long']],
+    'CmLockOrdering' : [ 0x3c4, ['long']],
+    'CrossThreadFlags' : [ 0x3c8, ['unsigned long']],
+    'Terminated' : [ 0x3c8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x3c8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x3c8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x3c8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x3c8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x3c8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x3c8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x3c8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x3c8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x3c8, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x3c8, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x3c8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x3c8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x3c8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x3c8, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x3cc, ['unsigned long']],
+    'ActiveExWorker' : [ 0x3cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x3cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x3cc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x3cc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x3cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x3cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x3cc, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x3d0, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x3d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x3d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x3d0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x3d0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x3d0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x3d0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x3d0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x3d0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x3d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x3d1, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x3d4, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x3d5, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x3d6, ['unsigned char']],
+    'LockOrderState' : [ 0x3d7, ['unsigned char']],
+    'AlpcMessageId' : [ 0x3d8, ['unsigned long']],
+    'AlpcMessage' : [ 0x3dc, ['pointer', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x3dc, ['unsigned long']],
+    'ExitStatus' : [ 0x3e0, ['long']],
+    'AlpcWaitListEntry' : [ 0x3e4, ['_LIST_ENTRY']],
+    'CacheManagerCount' : [ 0x3ec, ['unsigned long']],
+    'IoBoostCount' : [ 0x3f0, ['unsigned long']],
+    'BoostList' : [ 0x3f4, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x3fc, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x404, ['unsigned long']],
+    'IrpListLock' : [ 0x408, ['unsigned long']],
+    'ReservedForSynchTracking' : [ 0x40c, ['pointer', ['void']]],
+    'CmCallbackListHead' : [ 0x410, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x414, ['pointer', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x418, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x41c, ['pointer', ['void']]],
+    'KernelStackReference' : [ 0x420, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x424, ['pointer', ['void']]],
+    'WorkingOnBehalfClient' : [ 0x428, ['pointer', ['void']]],
+    'PropertySet' : [ 0x42c, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x438, ['pointer', ['void']]],
+    'UserFsBase' : [ 0x43c, ['unsigned long']],
+    'UserGsBase' : [ 0x440, ['unsigned long']],
+    'EnergyValues' : [ 0x444, ['pointer', ['_THREAD_ENERGY_VALUES']]],
+    'CmCellReferences' : [ 0x448, ['unsigned long']],
+    'SelectedCpuSets' : [ 0x44c, ['unsigned long']],
+    'SelectedCpuSetsIndirect' : [ 0x44c, ['pointer', ['unsigned long']]],
+    'Silo' : [ 0x450, ['pointer', ['_ESILO']]],
+} ],
+  '_EPROCESS' : [ 0x388, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0xa8, ['_EX_PUSH_LOCK']],
+    'RundownProtect' : [ 0xac, ['_EX_RUNDOWN_REF']],
+    'VdmObjects' : [ 0xb0, ['pointer', ['void']]],
+    'UniqueProcessId' : [ 0xb4, ['pointer', ['void']]],
+    'ActiveProcessLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'Flags2' : [ 0xc0, ['unsigned long']],
+    'JobNotReallyActive' : [ 0xc0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0xc0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0xc0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0xc0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0xc0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0xc0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0xc0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0xc0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0xc0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0xc0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0xc0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0xc0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0xc0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0xc0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0xc0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0xc0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0xc0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0xc0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0xc0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0xc0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0xc0, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0xc0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0xc0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0xc0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0xc0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0xc0, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0xc0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0xc0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'CreateReported' : [ 0xc4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0xc4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0xc4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0xc4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ControlFlowGuardEnabled' : [ 0xc4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0xc4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0xc4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0xc4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0xc4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0xc4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0xc4, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0xc4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0xc4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0xc4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0xc4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0xc4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0xc4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0xc4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0xc4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0xc4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0xc4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0xc4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0xc4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0xc4, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0xc4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0xc4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0xc4, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0xc4, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0xc4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0xc8, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0xd0, ['array', 2, ['unsigned long']]],
+    'ProcessQuotaPeak' : [ 0xd8, ['array', 2, ['unsigned long']]],
+    'PeakVirtualSize' : [ 0xe0, ['unsigned long']],
+    'VirtualSize' : [ 0xe4, ['unsigned long']],
+    'SessionProcessLinks' : [ 0xe8, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0xf0, ['pointer', ['void']]],
+    'ExceptionPortValue' : [ 0xf0, ['unsigned long']],
+    'ExceptionPortState' : [ 0xf0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Token' : [ 0xf4, ['_EX_FAST_REF']],
+    'WorkingSetPage' : [ 0xf8, ['unsigned long']],
+    'AddressCreationLock' : [ 0xfc, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x100, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x104, ['pointer', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x108, ['pointer', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x10c, ['pointer', ['_EJOB']]],
+    'CloneRoot' : [ 0x110, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x114, ['unsigned long']],
+    'NumberOfLockedPages' : [ 0x118, ['unsigned long']],
+    'Win32Process' : [ 0x11c, ['pointer', ['void']]],
+    'Job' : [ 0x120, ['pointer', ['_EJOB']]],
+    'SectionObject' : [ 0x124, ['pointer', ['void']]],
+    'SectionBaseAddress' : [ 0x128, ['pointer', ['void']]],
+    'Cookie' : [ 0x12c, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x130, ['pointer', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x134, ['pointer', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x138, ['pointer', ['void']]],
+    'LdtInformation' : [ 0x13c, ['pointer', ['void']]],
+    'OwnerProcessId' : [ 0x140, ['unsigned long']],
+    'Peb' : [ 0x144, ['pointer', ['_PEB']]],
+    'Session' : [ 0x148, ['pointer', ['void']]],
+    'AweInfo' : [ 0x14c, ['pointer', ['void']]],
+    'QuotaBlock' : [ 0x150, ['pointer', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x154, ['pointer', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x158, ['pointer', ['void']]],
+    'PaeTop' : [ 0x15c, ['pointer', ['void']]],
+    'DeviceMap' : [ 0x160, ['pointer', ['void']]],
+    'EtwDataSource' : [ 0x164, ['pointer', ['void']]],
+    'PageDirectoryPte' : [ 0x168, ['unsigned long long']],
+    'ImageFileName' : [ 0x170, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x17f, ['unsigned char']],
+    'SecurityPort' : [ 0x180, ['pointer', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x184, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x188, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x190, ['pointer', ['void']]],
+    'ThreadListHead' : [ 0x194, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x19c, ['unsigned long']],
+    'ImagePathHash' : [ 0x1a0, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x1a4, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x1a8, ['long']],
+    'PrefetchTrace' : [ 0x1ac, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x1b0, ['pointer', ['void']]],
+    'ReadOperationCount' : [ 0x1b8, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x1c0, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x1c8, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x1d0, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x1e8, ['unsigned long']],
+    'CommitCharge' : [ 0x1ec, ['unsigned long']],
+    'CommitChargePeak' : [ 0x1f0, ['unsigned long']],
+    'Vm' : [ 0x1f4, ['_MMSUPPORT']],
+    'MmProcessLinks' : [ 0x278, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x280, ['unsigned long']],
+    'ExitStatus' : [ 0x284, ['long']],
+    'VadRoot' : [ 0x288, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x28c, ['pointer', ['void']]],
+    'VadCount' : [ 0x290, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x294, ['unsigned long']],
+    'VadPhysicalPagesLimit' : [ 0x298, ['unsigned long']],
+    'AlpcContext' : [ 0x29c, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x2ac, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x2b4, ['pointer', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x2b8, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x2bc, ['unsigned long']],
+    'ExitTime' : [ 0x2c0, ['_LARGE_INTEGER']],
+    'ActiveThreadsHighWatermark' : [ 0x2c8, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x2cc, ['unsigned long']],
+    'ThreadListLock' : [ 0x2d0, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x2d4, ['pointer', ['void']]],
+    'Spare0' : [ 0x2d8, ['unsigned long']],
+    'SignatureLevel' : [ 0x2dc, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x2dd, ['unsigned char']],
+    'Protection' : [ 0x2de, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x2df, ['unsigned char']],
+    'Flags3' : [ 0x2e0, ['unsigned long']],
+    'Minimal' : [ 0x2e0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x2e0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x2e0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x2e0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Crashed' : [ 0x2e0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x2e0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x2e0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x2e0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x2e0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x2e0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'InPrivate' : [ 0x2e0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x2e0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'RestrictIndirectBranchPrediction' : [ 0x2e0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x2e4, ['long']],
+    'SvmData' : [ 0x2e8, ['pointer', ['void']]],
+    'SvmProcessLock' : [ 0x2ec, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x2f0, ['unsigned long']],
+    'SvmProcessDeviceListHead' : [ 0x2f4, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x300, ['unsigned long long']],
+    'DiskCounters' : [ 0x308, ['pointer', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x30c, ['pointer', ['void']]],
+    'KeepAliveCounter' : [ 0x310, ['unsigned long']],
+    'NoWakeKeepAliveCounter' : [ 0x314, ['unsigned long']],
+    'HighPriorityFaultsAllowed' : [ 0x318, ['unsigned long']],
+    'InstrumentationCallback' : [ 0x31c, ['pointer', ['void']]],
+    'EnergyValues' : [ 0x320, ['pointer', ['_PROCESS_ENERGY_VALUES']]],
+    'VmContext' : [ 0x324, ['pointer', ['void']]],
+    'Silo' : [ 0x328, ['pointer', ['_ESILO']]],
+    'SiloEntry' : [ 0x32c, ['_LIST_ENTRY']],
+    'SequenceNumber' : [ 0x338, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x340, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x348, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x350, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x358, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x360, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x360, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x368, ['unsigned long']],
+    'SharedCommitLock' : [ 0x36c, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x370, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x378, ['unsigned long']],
+    'DefaultCpuSets' : [ 0x37c, ['unsigned long']],
+    'AllowedCpuSetsIndirect' : [ 0x378, ['pointer', ['unsigned long']]],
+    'DefaultCpuSetsIndirect' : [ 0x37c, ['pointer', ['unsigned long']]],
+    'SecurityDomain' : [ 0x380, ['unsigned long long']],
+} ],
+  '__unnamed_1379' : [ 0x4, {
+    'MasterIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_137f' : [ 0x8, {
+    'UserApcRoutine' : [ 0x0, ['pointer', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer', ['void']]],
+    'UserApcContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1381' : [ 0x8, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_137f']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_138c' : [ 0x2c, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer', ['void']]]],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x14, ['pointer', ['unsigned char']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x20, ['pointer', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x20, ['unsigned long']],
+    'OriginalFileObject' : [ 0x24, ['pointer', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '__unnamed_138e' : [ 0x30, {
+    'Overlay' : [ 0x0, ['__unnamed_138c']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IRP' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x4, ['pointer', ['_MDL']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AssociatedIrp' : [ 0xc, ['__unnamed_1379']],
+    'ThreadListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x18, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x20, ['unsigned char']],
+    'PendingReturned' : [ 0x21, ['unsigned char']],
+    'StackCount' : [ 0x22, ['unsigned char']],
+    'CurrentLocation' : [ 0x23, ['unsigned char']],
+    'Cancel' : [ 0x24, ['unsigned char']],
+    'CancelIrql' : [ 0x25, ['unsigned char']],
+    'ApcEnvironment' : [ 0x26, ['unsigned char']],
+    'AllocationFlags' : [ 0x27, ['unsigned char']],
+    'UserIosb' : [ 0x28, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x2c, ['pointer', ['_KEVENT']]],
+    'Overlay' : [ 0x30, ['__unnamed_1381']],
+    'CancelRoutine' : [ 0x38, ['pointer', ['void']]],
+    'UserBuffer' : [ 0x3c, ['pointer', ['void']]],
+    'Tail' : [ 0x40, ['__unnamed_138e']],
+} ],
+  '__unnamed_1395' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'FileAttributes' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'EaLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1399' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_139d' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_139f' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13a3' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13a5' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13a7' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13a9' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0xc, ['unsigned char']],
+    'AdvanceOnly' : [ 0xd, ['unsigned char']],
+    'ClusterCount' : [ 0xc, ['unsigned long']],
+    'DeleteHandle' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13ab' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x4, ['pointer', ['void']]],
+    'EaListLength' : [ 0x8, ['unsigned long']],
+    'EaIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13ad' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13b1' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13b3' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'FsControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13b6' : [ 0x10, {
+    'Length' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13b8' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'IoControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13ba' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13bc' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_13c0' : [ 0x8, {
+    'Vpb' : [ 0x0, ['pointer', ['_VPB']]],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_13c4' : [ 0x4, {
+    'Srb' : [ 0x0, ['pointer', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_13c8' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x4, ['pointer', ['void']]],
+    'SidList' : [ 0x8, ['pointer', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13cc' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_13d0' : [ 0x10, {
+    'InterfaceType' : [ 0x0, ['pointer', ['_GUID']]],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned short']],
+    'Interface' : [ 0x8, ['pointer', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13d4' : [ 0x4, {
+    'Capabilities' : [ 0x0, ['pointer', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_13d8' : [ 0x4, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_13da' : [ 0x10, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['void']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+    'Length' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13dc' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_13e0' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_13e4' : [ 0x8, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13e8' : [ 0x8, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_13ec' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_13f0' : [ 0x4, {
+    'PowerSequence' : [ 0x0, ['pointer', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_13f8' : [ 0x10, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x8, ['_POWER_STATE']],
+    'ShutdownType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_13fc' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x4, ['pointer', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_13fe' : [ 0x10, {
+    'ProviderId' : [ 0x0, ['unsigned long']],
+    'DataPath' : [ 0x4, ['pointer', ['void']]],
+    'BufferSize' : [ 0x8, ['unsigned long']],
+    'Buffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1400' : [ 0x10, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1402' : [ 0x10, {
+    'Create' : [ 0x0, ['__unnamed_1395']],
+    'CreatePipe' : [ 0x0, ['__unnamed_1399']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_139d']],
+    'Read' : [ 0x0, ['__unnamed_139f']],
+    'Write' : [ 0x0, ['__unnamed_139f']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13a3']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13a5']],
+    'QueryFile' : [ 0x0, ['__unnamed_13a7']],
+    'SetFile' : [ 0x0, ['__unnamed_13a9']],
+    'QueryEa' : [ 0x0, ['__unnamed_13ab']],
+    'SetEa' : [ 0x0, ['__unnamed_13ad']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13b1']],
+    'SetVolume' : [ 0x0, ['__unnamed_13b1']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13b3']],
+    'LockControl' : [ 0x0, ['__unnamed_13b6']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_13b8']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_13ba']],
+    'SetSecurity' : [ 0x0, ['__unnamed_13bc']],
+    'MountVolume' : [ 0x0, ['__unnamed_13c0']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_13c0']],
+    'Scsi' : [ 0x0, ['__unnamed_13c4']],
+    'QueryQuota' : [ 0x0, ['__unnamed_13c8']],
+    'SetQuota' : [ 0x0, ['__unnamed_13ad']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_13cc']],
+    'QueryInterface' : [ 0x0, ['__unnamed_13d0']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_13d4']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_13d8']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_13da']],
+    'SetLock' : [ 0x0, ['__unnamed_13dc']],
+    'QueryId' : [ 0x0, ['__unnamed_13e0']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_13e4']],
+    'UsageNotification' : [ 0x0, ['__unnamed_13e8']],
+    'WaitWake' : [ 0x0, ['__unnamed_13ec']],
+    'PowerSequence' : [ 0x0, ['__unnamed_13f0']],
+    'Power' : [ 0x0, ['__unnamed_13f8']],
+    'StartDevice' : [ 0x0, ['__unnamed_13fc']],
+    'WMI' : [ 0x0, ['__unnamed_13fe']],
+    'Others' : [ 0x0, ['__unnamed_1400']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x24, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x4, ['__unnamed_1402']],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_1418' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x14, ['pointer', ['_IRP']]],
+    'Timer' : [ 0x18, ['pointer', ['_IO_TIMER']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Characteristics' : [ 0x20, ['unsigned long']],
+    'Vpb' : [ 0x24, ['pointer', ['_VPB']]],
+    'DeviceExtension' : [ 0x28, ['pointer', ['void']]],
+    'DeviceType' : [ 0x2c, ['unsigned long']],
+    'StackSize' : [ 0x30, ['unsigned char']],
+    'Queue' : [ 0x34, ['__unnamed_1418']],
+    'AlignmentRequirement' : [ 0x5c, ['unsigned long']],
+    'DeviceQueue' : [ 0x60, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0x74, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x94, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x98, ['pointer', ['void']]],
+    'DeviceLock' : [ 0x9c, ['_KEVENT']],
+    'SectorSize' : [ 0xac, ['unsigned short']],
+    'Spare1' : [ 0xae, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0xb0, ['pointer', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0xb4, ['pointer', ['void']]],
+} ],
+  '_KDPC' : [ 0x20, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x8, ['unsigned long']],
+    'DeferredRoutine' : [ 0xc, ['pointer', ['void']]],
+    'DeferredContext' : [ 0x10, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x14, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x18, ['pointer', ['void']]],
+    'DpcData' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x10, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x4, ['pointer', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x8, ['pointer', ['void']]],
+    'TxnParameters' : [ 0xc, ['pointer', ['_TXN_PARAMETER_BLOCK']]],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MDL']]],
+    'Size' : [ 0x4, ['short']],
+    'MdlFlags' : [ 0x6, ['short']],
+    'Process' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0xc, ['pointer', ['void']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'ByteCount' : [ 0x14, ['unsigned long']],
+    'ByteOffset' : [ 0x18, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x68, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x5c, ['pointer', ['void']]],
+    'UserContext' : [ 0x60, ['pointer', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0x80, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x8, ['pointer', ['_VPB']]],
+    'FsContext' : [ 0xc, ['pointer', ['void']]],
+    'FsContext2' : [ 0x10, ['pointer', ['void']]],
+    'SectionObjectPointer' : [ 0x14, ['pointer', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x18, ['pointer', ['void']]],
+    'FinalStatus' : [ 0x1c, ['long']],
+    'RelatedFileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x24, ['unsigned char']],
+    'DeletePending' : [ 0x25, ['unsigned char']],
+    'ReadAccess' : [ 0x26, ['unsigned char']],
+    'WriteAccess' : [ 0x27, ['unsigned char']],
+    'DeleteAccess' : [ 0x28, ['unsigned char']],
+    'SharedRead' : [ 0x29, ['unsigned char']],
+    'SharedWrite' : [ 0x2a, ['unsigned char']],
+    'SharedDelete' : [ 0x2b, ['unsigned char']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x40, ['unsigned long']],
+    'Busy' : [ 0x44, ['unsigned long']],
+    'LastLock' : [ 0x48, ['pointer', ['void']]],
+    'Lock' : [ 0x4c, ['_KEVENT']],
+    'Event' : [ 0x5c, ['_KEVENT']],
+    'CompletionContext' : [ 0x6c, ['pointer', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0x70, ['unsigned long']],
+    'IrpList' : [ 0x74, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x4, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x38, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0x8, ['unsigned long']],
+    'CurrentFileIndex' : [ 0x8, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+    'FirstFileEntry' : [ 0x28, ['pointer', ['unsigned long']]],
+    'Process' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer', ['unsigned long']]],
+    'LastPageFrameEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0xc, ['pointer', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x10, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x28, ['pointer', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x2c, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x38, ['pointer', ['pointer', ['void']]]],
+    'Oplock' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedForRemote' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedContext' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_iobuf' : [ 0x20, {
+    '_ptr' : [ 0x0, ['pointer', ['unsigned char']]],
+    '_cnt' : [ 0x4, ['long']],
+    '_base' : [ 0x8, ['pointer', ['unsigned char']]],
+    '_flag' : [ 0xc, ['long']],
+    '_file' : [ 0x10, ['long']],
+    '_charbuf' : [ 0x14, ['long']],
+    '_bufsiz' : [ 0x18, ['long']],
+    '_tmpfname' : [ 0x1c, ['pointer', ['unsigned char']]],
+} ],
+  '_TlgProvider_t' : [ 0x30, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x4, ['pointer', ['unsigned short']]],
+    'KeywordAny' : [ 0x8, ['unsigned long long']],
+    'KeywordAll' : [ 0x10, ['unsigned long long']],
+    'RegHandle' : [ 0x18, ['unsigned long long']],
+    'EnableCallback' : [ 0x20, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x24, ['pointer', ['void']]],
+    'AnnotationFunc' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_15e6' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'HighLow' : [ 0x0, ['_MMPTE_HIGHLOW']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_15e6']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0xc, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x4, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0x8, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x8, ['pointer', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'ReservedLowFlags' : [ 0xe, ['unsigned char']],
+    'WaiterPriority' : [ 0xf, ['unsigned char']],
+    'SharedWaiters' : [ 0x10, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'OwnerEntry' : [ 0x18, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0xc, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x14, {
+    'Total' : [ 0x0, ['unsigned long']],
+    'ListName' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x8, ['unsigned long']],
+    'Blink' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_161e' : [ 0x4, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'WsIndex' : [ 0x0, ['unsigned long']],
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'VolatileNext' : [ 0x0, ['pointer', ['void']]],
+    'KernelStackOwner' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'NextStackPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '__unnamed_1622' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'ShortFlags' : [ 0x2, ['unsigned short']],
+    'VolatileShortFlags' : [ 0x2, ['unsigned short']],
+} ],
+  '__unnamed_1624' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY']],
+    'e2' : [ 0x0, ['__unnamed_1622']],
+} ],
+  '__unnamed_1629' : [ 0x4, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 27, native_type='unsigned long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPFN' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_161e']],
+    'PteAddress' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x4, ['pointer', ['void']]],
+    'PteLong' : [ 0x4, ['unsigned long']],
+    'OriginalPte' : [ 0x8, ['_MMPTE']],
+    'u2' : [ 0x10, ['_MIPFNBLINK']],
+    'u3' : [ 0x14, ['__unnamed_1624']],
+    'u4' : [ 0x18, ['__unnamed_1629']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x34, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'BasePte' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'VaType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSpecialPoolNonPaged', 14: u'MiVaPagedProtoPool', 15: u'MiVaMaximumType', 16: u'MiVaSystemPtesLarge'})]],
+    'FailureCount' : [ 0x14, ['pointer', ['unsigned long']]],
+    'PteFailures' : [ 0x18, ['unsigned long']],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'GlobalPushLock' : [ 0x1c, ['pointer', ['_EX_PUSH_LOCK']]],
+    'Vm' : [ 0x20, ['pointer', ['_MMSUPPORT']]],
+    'TotalSystemPtes' : [ 0x24, ['unsigned long']],
+    'Hint' : [ 0x28, ['unsigned long']],
+    'CachedPtes' : [ 0x2c, ['pointer', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x30, ['unsigned long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x30, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0xc, ['pointer', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x10, ['pointer', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x14, ['unsigned long']],
+    'NumberOfReferences' : [ 0x18, ['unsigned long']],
+    'CloneHeader' : [ 0x1c, ['pointer', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x20, ['unsigned long']],
+    'NestingLevel' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_165c' : [ 0x4, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MMWSLENTRY']],
+    'e2' : [ 0x0, ['_MMWSLE_FREE_ENTRY']],
+} ],
+  '_MMWSLE' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_165c']],
+} ],
+  '_MMWSL' : [ 0xe20, {
+    'FirstFree' : [ 0x0, ['unsigned long']],
+    'FirstDynamic' : [ 0x4, ['unsigned long']],
+    'LastEntry' : [ 0x8, ['unsigned long']],
+    'NextSlot' : [ 0xc, ['unsigned long']],
+    'LastInitializedWsle' : [ 0x10, ['unsigned long']],
+    'NextAgingSlot' : [ 0x14, ['unsigned long']],
+    'NextAccessClearingSlot' : [ 0x18, ['unsigned long']],
+    'LastAccessClearingRemainder' : [ 0x1c, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x20, ['unsigned long']],
+    'WsleSize' : [ 0x24, ['unsigned long']],
+    'NonDirectCount' : [ 0x28, ['unsigned long']],
+    'LowestPagableAddress' : [ 0x2c, ['pointer', ['void']]],
+    'NonDirectHash' : [ 0x30, ['pointer', ['_MMWSLE_NONDIRECT_HASH']]],
+    'HashTableStart' : [ 0x34, ['pointer', ['_MMWSLE_HASH']]],
+    'HighestPermittedHashAddress' : [ 0x38, ['pointer', ['_MMWSLE_HASH']]],
+    'ActiveWsleCounts' : [ 0x3c, ['array', 16, ['unsigned long']]],
+    'ActiveWsles' : [ 0x7c, ['array', 16, ['_MI_ACTIVE_WSLE_LISTHEAD']]],
+    'Wsle' : [ 0xfc, ['pointer', ['_MMWSLE']]],
+    'UserVaInfo' : [ 0x100, ['_MI_USER_VA_INFO']],
+} ],
+  '_MMSUPPORT' : [ 0x84, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'ExitOutswapGate' : [ 0x4, ['pointer', ['_KGATE']]],
+    'AccessLog' : [ 0x8, ['pointer', ['void']]],
+    'WorkingSetExpansionLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x14, ['array', 7, ['unsigned long']]],
+    'MinimumWorkingSetSize' : [ 0x30, ['unsigned long']],
+    'WorkingSetLeafSize' : [ 0x34, ['unsigned long']],
+    'WorkingSetLeafPrivateSize' : [ 0x38, ['unsigned long']],
+    'WorkingSetSize' : [ 0x3c, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x40, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x44, ['unsigned long']],
+    'ChargedWslePages' : [ 0x48, ['unsigned long']],
+    'ActualWslePages' : [ 0x4c, ['unsigned long']],
+    'WorkingSetSizeOverhead' : [ 0x50, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x54, ['unsigned long']],
+    'HardFaultCount' : [ 0x58, ['unsigned long']],
+    'VmWorkingSetList' : [ 0x5c, ['pointer', ['_MMWSL']]],
+    'NextPageColor' : [ 0x60, ['unsigned short']],
+    'LastTrimStamp' : [ 0x62, ['unsigned short']],
+    'PageFaultCount' : [ 0x64, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x68, ['unsigned long']],
+    'ForceTrimPages' : [ 0x6c, ['unsigned long']],
+    'Flags' : [ 0x70, ['_MMSUPPORT_FLAGS']],
+    'ReleasedCommitDebt' : [ 0x74, ['unsigned long']],
+    'WsSwapSupport' : [ 0x78, ['pointer', ['void']]],
+    'CommitReAcquireFailSupport' : [ 0x7c, ['pointer', ['void']]],
+    'ShadowMapping' : [ 0x80, ['pointer', ['void']]],
+} ],
+  '__unnamed_1677' : [ 0x4, {
+    'ImageCommitment' : [ 0x0, ['unsigned long']],
+    'CreatingProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+} ],
+  '__unnamed_167b' : [ 0x4, {
+    'ImageInformation' : [ 0x0, ['pointer', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x20, ['__unnamed_1677']],
+    'u2' : [ 0x24, ['__unnamed_167b']],
+    'PrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_1680' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_168b' : [ 0xc, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 25, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_168d' : [ 0xc, {
+    'e2' : [ 0x0, ['__unnamed_168b']],
+} ],
+  '_CONTROL_AREA' : [ 0x50, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'ListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0xc, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x10, ['unsigned long']],
+    'NumberOfMappedViews' : [ 0x14, ['unsigned long']],
+    'NumberOfUserReferences' : [ 0x18, ['unsigned long']],
+    'u' : [ 0x1c, ['__unnamed_1680']],
+    'FilePointer' : [ 0x20, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x24, ['long']],
+    'ModifiedWriteCount' : [ 0x28, ['unsigned long']],
+    'WaitList' : [ 0x2c, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x30, ['__unnamed_168d']],
+    'LockedPages' : [ 0x40, ['unsigned long long']],
+    'FileObjectLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_169e' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+} ],
+  '__unnamed_16a1' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x28, {
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'NextVad' : [ 0x0, ['pointer', ['_MMVAD_SHORT']]],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x1c, ['__unnamed_169e']],
+    'u1' : [ 0x20, ['__unnamed_16a1']],
+    'EventList' : [ 0x24, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MI_PARTITION' : [ 0x1740, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0xe8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x298, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x2e8, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x3c0, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0xa80, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0xaa0, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0xad0, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0xba8, ['pointer', ['void']]],
+    'WorkingSetExpansionHead' : [ 0xbac, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0xbc0, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_MM_STORE_KEY' : [ 0x4, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 28, native_type='unsigned long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireKey' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPAGING_FILE' : [ 0x90, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'MinimumSize' : [ 0x8, ['unsigned long']],
+    'FreeSpace' : [ 0xc, ['unsigned long']],
+    'PeakUsage' : [ 0x10, ['unsigned long']],
+    'HighestPage' : [ 0x14, ['unsigned long']],
+    'FreeReservationSpace' : [ 0x18, ['unsigned long']],
+    'LargestReserveCluster' : [ 0x1c, ['unsigned long']],
+    'File' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x24, ['array', 2, ['pointer', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x30, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x38, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x40, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x44, ['unsigned long']],
+    'ReservationBitmapHint' : [ 0x48, ['unsigned long']],
+    'LargestNonReservedClusterSize' : [ 0x4c, ['unsigned long']],
+    'RefreshClusterSize' : [ 0x50, ['unsigned long']],
+    'LastRefreshClusterSize' : [ 0x54, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x58, ['unsigned long']],
+    'ToBeEvictedCount' : [ 0x5c, ['unsigned long']],
+    'HybridPriority' : [ 0x5c, ['unsigned long']],
+    'PageFileNumber' : [ 0x60, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0x60, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0x60, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0x60, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0x60, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0x60, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0x60, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x60, ['BitField', dict(start_bit = 10, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x63, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0x64, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0x68, ['unsigned long']],
+    'PageHash' : [ 0x6c, ['pointer', ['unsigned long']]],
+    'FileHandle' : [ 0x70, ['pointer', ['void']]],
+    'Lock' : [ 0x74, ['unsigned long']],
+    'LockOwner' : [ 0x78, ['pointer', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0x7c, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x80, ['pointer', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x84, ['_RTL_BALANCED_NODE']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x68, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '__unnamed_16e2' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmInitializeHive', 2: u'_HvInitializeHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_16e5' : [ 0xc, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x4, ['pointer', ['void']]],
+    'Status' : [ 0x8, ['long']],
+} ],
+  '__unnamed_16e7' : [ 0x4, {
+    'CheckStack' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_16eb' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x4, ['pointer', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x8, ['pointer', ['void']]],
+    'Index' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_16ed' : [ 0x10, {
+    'List' : [ 0x0, ['pointer', ['_CELL_DATA']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Cell' : [ 0x8, ['unsigned long']],
+    'CellPoint' : [ 0xc, ['pointer', ['_CELL_DATA']]],
+} ],
+  '__unnamed_16f1' : [ 0xc, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer', ['_HBIN']]],
+} ],
+  '__unnamed_16f5' : [ 0x8, {
+    'Bin' : [ 0x0, ['pointer', ['_HBIN']]],
+    'CellPoint' : [ 0x4, ['pointer', ['_HCELL']]],
+} ],
+  '__unnamed_16f7' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x120, {
+    'Hive' : [ 0x0, ['pointer', ['_HHIVE']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'RecoverableIndex' : [ 0x8, ['unsigned long']],
+    'Locations' : [ 0xc, ['array', 8, ['__unnamed_16e2']]],
+    'RecoverableLocations' : [ 0x6c, ['array', 8, ['__unnamed_16e2']]],
+    'RegistryIO' : [ 0xcc, ['__unnamed_16e5']],
+    'CheckRegistry2' : [ 0xd8, ['__unnamed_16e7']],
+    'CheckKey' : [ 0xdc, ['__unnamed_16eb']],
+    'CheckValueList' : [ 0xec, ['__unnamed_16ed']],
+    'CheckHive' : [ 0xfc, ['__unnamed_16f1']],
+    'CheckHive1' : [ 0x108, ['__unnamed_16f1']],
+    'CheckBin' : [ 0x114, ['__unnamed_16f5']],
+    'RecoverData' : [ 0x11c, ['__unnamed_16f7']],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x8, ['unsigned long']],
+    'Counters' : [ 0xc, ['pointer', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x8, {
+    'Data' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0xc, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 38, ['unsigned long']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 38, ['unsigned long long']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x1840, {
+    'TimerExpiry' : [ 0x0, ['array', 16, ['pointer', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x40, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Entry' : [ 0x4, ['_LIST_ENTRY']],
+    'Time' : [ 0x10, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x20, {
+    'Reserved1' : [ 0x0, ['long long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+    'Prev' : [ 0xc, ['pointer', ['_XSTATE_SAVE']]],
+    'Reserved3' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Thread' : [ 0x14, ['pointer', ['_KTHREAD']]],
+    'Reserved4' : [ 0x18, ['pointer', ['void']]],
+    'Level' : [ 0x1c, ['unsigned char']],
+    'XStateContext' : [ 0x0, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x134, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'ReadySummary' : [ 0x4, ['unsigned long']],
+    'ReadyListHead' : [ 0x8, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x108, ['array', 32, ['unsigned char']]],
+    'Span' : [ 0x128, ['unsigned char']],
+    'LowProcIndex' : [ 0x129, ['unsigned char']],
+    'QueueIndex' : [ 0x12a, ['unsigned char']],
+    'ProcCount' : [ 0x12b, ['unsigned char']],
+    'ScanOwner' : [ 0x12c, ['unsigned char']],
+    'Spare' : [ 0x12d, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x130, ['unsigned long']],
+} ],
+  '_KAFFINITY_EX' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0xc, {
+    'Affinity' : [ 0x0, ['pointer', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x4, ['unsigned long']],
+    'CurrentIndex' : [ 0x8, ['unsigned short']],
+} ],
+  '__unnamed_1807' : [ 0x4, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1809' : [ 0x4, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_180d' : [ 0x10, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0xc, ['pointer', ['unsigned short']]],
+} ],
+  '_DEVICE_NODE' : [ 0x1cc, {
+    'Sibling' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x2c, ['long']],
+    'FxRemoveEvent' : [ 0x30, ['_KEVENT']],
+    'FxActivationCount' : [ 0x40, ['long']],
+    'FxSleepCount' : [ 0x44, ['long']],
+    'Plugin' : [ 0x48, ['pointer', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x4c, ['unsigned long']],
+    'CurrentPowerState' : [ 0x50, ['_POWER_STATE']],
+    'Notify' : [ 0x54, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x90, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0xa0, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0xa8, ['unsigned long']],
+    'State' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0xb0, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0xb4, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x104, ['unsigned long']],
+    'CompletionStatus' : [ 0x108, ['long']],
+    'Flags' : [ 0x10c, ['unsigned long']],
+    'UserFlags' : [ 0x110, ['unsigned long']],
+    'Problem' : [ 0x114, ['unsigned long']],
+    'ProblemStatus' : [ 0x118, ['long']],
+    'ResourceList' : [ 0x11c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x120, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x124, ['pointer', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x128, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x130, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x134, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x138, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x13c, ['unsigned short']],
+    'RemovalPolicy' : [ 0x13e, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x13f, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x140, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x148, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x150, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x158, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x15a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x15c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x15e, ['unsigned short']],
+    'OverUsed1' : [ 0x160, ['__unnamed_1807']],
+    'OverUsed2' : [ 0x164, ['__unnamed_1809']],
+    'BootResources' : [ 0x168, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x16c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x170, ['unsigned long']],
+    'DockInfo' : [ 0x174, ['__unnamed_180d']],
+    'DisableableDepends' : [ 0x184, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x188, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x190, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x198, ['unsigned long']],
+    'PreviousParent' : [ 0x19c, ['pointer', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x1a0, ['long']],
+    'NumaNodeIndex' : [ 0x1a4, ['unsigned long']],
+    'ContainerID' : [ 0x1a8, ['_GUID']],
+    'OverrideFlags' : [ 0x1b8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x1bc, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x1c0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x1c4, ['pointer', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x1c8, ['unsigned long']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x38, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x2c, ['pointer', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x30, ['pointer', ['unsigned long long']]],
+    'EnableLevel' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x2c, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x8, ['unsigned long']],
+    'CompletedList' : [ 0xc, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x14, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x28, ['unsigned long']],
+} ],
+  '_KSEMAPHORE' : [ 0x14, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x10, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x38, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x8, ['unsigned long']],
+    'Dope' : [ 0xc, ['pointer', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x10, ['unsigned long']],
+    'DeviceNode' : [ 0x14, ['pointer', ['void']]],
+    'AttachedTo' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x1c, ['long']],
+    'StartIoKey' : [ 0x20, ['long']],
+    'StartIoFlags' : [ 0x24, ['unsigned long']],
+    'Vpb' : [ 0x28, ['pointer', ['_VPB']]],
+    'DependencyNode' : [ 0x2c, ['pointer', ['void']]],
+    'InterruptContext' : [ 0x30, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0xc, {
+    'Mask' : [ 0x0, ['unsigned long']],
+    'Group' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['array', 3, ['unsigned short']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0xc, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x28, {
+    'PhysicalDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'AllocationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0xc, ['unsigned long']],
+    'Position' : [ 0x10, ['unsigned long']],
+    'ResourceRequirements' : [ 0x14, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x18, ['pointer', ['void']]],
+    'ResourceAssignment' : [ 0x1c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x20, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x24, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1907' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1907']],
+} ],
+  '__unnamed_190e' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_190e']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_X86_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x14, ['pointer', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x30, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x1c, ['pointer', ['unsigned short']]],
+    'PinCount' : [ 0x20, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x22, ['unsigned char']],
+    'ResourceSourceName' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x28, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x20, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'SlaveAddress' : [ 0x1c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x18, ['unsigned long']],
+    'RxBufferSize' : [ 0x1c, ['unsigned short']],
+    'TxBufferSize' : [ 0x1e, ['unsigned short']],
+    'Parity' : [ 0x20, ['unsigned char']],
+    'LinesInUse' : [ 0x21, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'DataBitLength' : [ 0x1c, ['unsigned char']],
+    'Phase' : [ 0x1d, ['unsigned char']],
+    'Polarity' : [ 0x1e, ['unsigned char']],
+    'DeviceSelection' : [ 0x20, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x100, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x14, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x18, ['pointer', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x1c, ['pointer', ['void']]],
+    'Accounting' : [ 0x20, ['pointer', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_POP_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x1a8, {
+    'Name' : [ 0x0, ['pointer', ['unsigned short']]],
+    'Id' : [ 0x4, ['unsigned char']],
+    'Guid' : [ 0x8, ['_GUID']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Priority' : [ 0x1c, ['unsigned char']],
+    'Settings' : [ 0x20, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x180, ['unsigned long long']],
+    'Count' : [ 0x188, ['unsigned long long']],
+    'MaxDuration' : [ 0x190, ['unsigned long long']],
+    'MinDuration' : [ 0x198, ['unsigned long long']],
+    'TotalDuration' : [ 0x1a0, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xb0, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfBoostPolicy' : [ 0x2c, ['unsigned long']],
+    'PerfBoostMode' : [ 0x30, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x34, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x38, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x3c, ['unsigned long']],
+    'AutonomousPreference' : [ 0x40, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x41, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x43, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x45, ['unsigned char']],
+    'ParkingPerfState' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x48, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x49, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x4a, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x4b, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x4c, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x4d, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x4e, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x50, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x54, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x58, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x5a, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x5c, ['unsigned char']],
+    'IdleDisabled' : [ 0x5d, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x60, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x64, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x65, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x66, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x67, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x68, ['array', 32, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x88, ['array', 32, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xa8, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xa9, ['unsigned char']],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x90, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x14, ['unsigned long']],
+    'LogHandleContext' : [ 0x18, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0x84, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0x88, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x178, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x28, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x30, ['array', 4, ['pointer', ['_VACB']]]],
+    'Vacbs' : [ 0x40, ['pointer', ['pointer', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x44, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x4c, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'Flags' : [ 0x60, ['unsigned long']],
+    'Status' : [ 0x64, ['long']],
+    'Mbcb' : [ 0x68, ['pointer', ['_MBCB']]],
+    'Section' : [ 0x6c, ['pointer', ['void']]],
+    'CreateEvent' : [ 0x70, ['pointer', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0x74, ['pointer', ['_KEVENT']]],
+    'PagesToWrite' : [ 0x78, ['unsigned long']],
+    'BeyondLastFlush' : [ 0x80, ['long long']],
+    'Callbacks' : [ 0x88, ['pointer', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0x8c, ['pointer', ['void']]],
+    'PrivateList' : [ 0x90, ['_LIST_ENTRY']],
+    'V1' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0xa0, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0xa8, ['unsigned long']],
+    'LazyWritePassCount' : [ 0xac, ['unsigned long']],
+    'UninitializeEvent' : [ 0xb0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0xb4, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0xd8, ['_LARGE_INTEGER']],
+    'Event' : [ 0xe0, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0xf8, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x160, ['pointer', ['void']]],
+    'VolumeCacheMap' : [ 0x164, ['pointer', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x168, ['unsigned long']],
+    'WritesInProgress' : [ 0x16c, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x170, ['unsigned long']],
+} ],
+  '__unnamed_19f4' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x8, ['__unnamed_19f4']],
+    'ArrayHead' : [ 0x10, ['pointer', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '__unnamed_1a19' : [ 0x4, {
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_1a1b' : [ 0x4, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1a1d' : [ 0x4, {
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+} ],
+  '__unnamed_1a1f' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1a21' : [ 0x1c, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x4, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x8, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_1a25' : [ 0x38, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'PrefetchList' : [ 0x18, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x1c, ['unsigned long']],
+    'Mdl' : [ 0x20, ['pointer', ['_MDL']]],
+    'IoStatusBlock' : [ 0x24, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'RequestorMode' : [ 0x30, ['unsigned char']],
+    'NestingLevel' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_1a27' : [ 0x38, {
+    'Read' : [ 0x0, ['__unnamed_1a19']],
+    'Write' : [ 0x0, ['__unnamed_1a1b']],
+    'Event' : [ 0x0, ['__unnamed_1a1d']],
+    'Notification' : [ 0x0, ['__unnamed_1a1f']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1a21']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1a25']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x48, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x8, ['__unnamed_1a27']],
+    'Function' : [ 0x40, ['unsigned char']],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x18, {
+    'Callback' : [ 0x0, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0x4, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x68, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x8, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0xc, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x18, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x40, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x44, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x48, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x50, ['pointer', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x54, ['unsigned long']],
+    'LastLWTimeStamp' : [ 0x58, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x60, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0x88, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x18, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x20, ['long long']],
+    'BitmapRange1' : [ 0x28, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x48, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x68, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x8, ['long long']],
+    'FirstDirtyPage' : [ 0x10, ['unsigned long']],
+    'LastDirtyPage' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'Bitmap' : [ 0x1c, ['pointer', ['unsigned long']]],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x10, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x8, ['pointer', ['void']]],
+    'VacbLevelsAllocated' : [ 0xc, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x24, {
+    'ExtendedLookup' : [ 0x0, ['pointer', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x4, ['unsigned long']],
+    'ExtraItem' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x10, ['unsigned long']],
+    'BaseIndex' : [ 0x14, ['unsigned long']],
+    'ListHead' : [ 0x18, ['pointer', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'ListHints' : [ 0x20, ['pointer', ['pointer', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x248, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+    'Flags' : [ 0x40, ['unsigned long']],
+    'ForceFlags' : [ 0x44, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x48, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x4c, ['unsigned long']],
+    'Encoding' : [ 0x50, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x58, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x5c, ['unsigned long']],
+    'Signature' : [ 0x60, ['unsigned long']],
+    'SegmentReserve' : [ 0x64, ['unsigned long']],
+    'SegmentCommit' : [ 0x68, ['unsigned long']],
+    'DeCommitFreeBlockThreshold' : [ 0x6c, ['unsigned long']],
+    'DeCommitTotalFreeThreshold' : [ 0x70, ['unsigned long']],
+    'TotalFreeSize' : [ 0x74, ['unsigned long']],
+    'MaximumAllocationSize' : [ 0x78, ['unsigned long']],
+    'ProcessHeapsListIndex' : [ 0x7c, ['unsigned short']],
+    'HeaderValidateLength' : [ 0x7e, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0x80, ['pointer', ['void']]],
+    'NextAvailableTagIndex' : [ 0x84, ['unsigned short']],
+    'MaximumTagIndex' : [ 0x86, ['unsigned short']],
+    'TagEntries' : [ 0x88, ['pointer', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0x8c, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x94, ['unsigned long']],
+    'AlignMask' : [ 0x98, ['unsigned long']],
+    'VirtualAllocdBlocks' : [ 0x9c, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0xa4, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0xac, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0xb0, ['unsigned long']],
+    'BlocksIndex' : [ 0xb4, ['pointer', ['void']]],
+    'UCRIndex' : [ 0xb8, ['pointer', ['void']]],
+    'PseudoTagEntries' : [ 0xbc, ['pointer', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0xc0, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0xc8, ['pointer', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0xcc, ['pointer', ['void']]],
+    'FrontEndHeap' : [ 0xd0, ['pointer', ['void']]],
+    'FrontHeapLockCount' : [ 0xd4, ['unsigned short']],
+    'FrontEndHeapType' : [ 0xd6, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0xd7, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0xd8, ['pointer', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0xdc, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0xde, ['array', 257, ['unsigned char']]],
+    'Counters' : [ 0x1e0, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x23c, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1a92' : [ 0x38, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x38, {
+    'Lock' : [ 0x0, ['__unnamed_1a92']],
+} ],
+  '_HEAP_ENTRY' : [ 0x8, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x40, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x20, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x8, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x10, ['unsigned long']],
+    'ReserveSize' : [ 0x14, ['unsigned long']],
+    'BusyBlock' : [ 0x18, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x10, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+    'FreeList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1ae5' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1ae7' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1ae5']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1ae9' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1aeb' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1ae9']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1ae7']],
+    'u2' : [ 0x4, ['__unnamed_1aeb']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x20, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer', ['_BLOB_COUNTERS']]],
+    'DeleteProcedure' : [ 0x14, ['pointer', ['void']]],
+    'DestroyProcedure' : [ 0x18, ['pointer', ['void']]],
+    'UsualSize' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_1b08' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1b0a' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1b08']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x18, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'u1' : [ 0x8, ['__unnamed_1b0a']],
+    'ResourceId' : [ 0x9, ['unsigned char']],
+    'CachedReferences' : [ 0xa, ['short']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Pad' : [ 0x10, ['unsigned long']],
+    'Lock' : [ 0x14, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1b1e' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b20' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b1e']],
+} ],
+  '_KALPC_SECTION' : [ 0x28, {
+    'SectionObject' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'HandleTable' : [ 0x8, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0xc, ['pointer', ['void']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x14, ['pointer', ['_ALPC_PORT']]],
+    'u1' : [ 0x18, ['__unnamed_1b20']],
+    'NumberOfRegions' : [ 0x1c, ['unsigned long']],
+    'RegionListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1b29' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b2b' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b29']],
+} ],
+  '_KALPC_REGION' : [ 0x30, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x8, ['pointer', ['_KALPC_SECTION']]],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ViewSize' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_1b2b']],
+    'NumberOfViews' : [ 0x1c, ['unsigned long']],
+    'ViewListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x28, ['pointer', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x2c, ['pointer', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1b31' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b33' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b31']],
+} ],
+  '_KALPC_VIEW' : [ 0x34, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x8, ['pointer', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'Address' : [ 0x14, ['pointer', ['void']]],
+    'Size' : [ 0x18, ['unsigned long']],
+    'SecureViewHandle' : [ 0x1c, ['pointer', ['void']]],
+    'WriteAccessHandle' : [ 0x20, ['pointer', ['void']]],
+    'u1' : [ 0x24, ['__unnamed_1b33']],
+    'NumberOfOwnerMessages' : [ 0x28, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x28, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x4, ['pointer', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0xc, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x14, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x24, ['pointer', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1b50' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b52' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b50']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x11c, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x10, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x14, ['pointer', ['void']]],
+    'CompletionPacketLookaside' : [ 0x18, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x1c, ['pointer', ['void']]],
+    'StaticSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x60, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0x74, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0x7c, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0x80, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0x8c, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0x94, ['pointer', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'PortAttributes' : [ 0x98, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0xc4, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0xd0, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0xd4, ['pointer', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0xd8, ['pointer', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0xdc, ['pointer', ['void']]],
+    'CanceledQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0xe8, ['long']],
+    'ReferenceNo' : [ 0xec, ['long']],
+    'ReferenceNoWait' : [ 0xf0, ['pointer', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0xf4, ['__unnamed_1b52']],
+    'TargetQueuePort' : [ 0xf8, ['pointer', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0xfc, ['pointer', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x100, ['pointer', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x104, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x108, ['unsigned long']],
+    'PendingQueueLength' : [ 0x10c, ['unsigned long']],
+    'DirectQueueLength' : [ 0x110, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x114, ['unsigned long']],
+    'WaitQueueLength' : [ 0x118, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x58, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x10, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x14, ['pointer', ['void']]],
+    'UserLimit' : [ 0x18, ['pointer', ['void']]],
+    'DataUserVa' : [ 0x1c, ['pointer', ['void']]],
+    'SystemVa' : [ 0x20, ['pointer', ['void']]],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'Header' : [ 0x28, ['pointer', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x2c, ['pointer', ['void']]],
+    'ListSize' : [ 0x30, ['unsigned long']],
+    'Bitmap' : [ 0x34, ['pointer', ['void']]],
+    'BitmapSize' : [ 0x38, ['unsigned long']],
+    'Data' : [ 0x3c, ['pointer', ['void']]],
+    'DataSize' : [ 0x40, ['unsigned long']],
+    'BitmapLimit' : [ 0x44, ['unsigned long']],
+    'BitmapNextHint' : [ 0x48, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x4c, ['unsigned long']],
+    'AttributeFlags' : [ 0x50, ['unsigned long']],
+    'AttributeSize' : [ 0x54, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ObjectName' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x10, ['pointer', ['void']]],
+    'SecurityQualityOfService' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0x90, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x10, ['pointer', ['void']]],
+    'Index' : [ 0x14, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x18, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x1c, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x20, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x24, ['unsigned long']],
+    'TypeInfo' : [ 0x28, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0x84, ['unsigned long']],
+    'CallbackList' : [ 0x88, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x14, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1b75' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReserveReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1b77' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1b75']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x90, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'u1' : [ 0x14, ['__unnamed_1b77']],
+    'SequenceNo' : [ 0x18, ['long']],
+    'QuotaProcess' : [ 0x1c, ['pointer', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x1c, ['pointer', ['void']]],
+    'CancelSequencePort' : [ 0x20, ['pointer', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x24, ['pointer', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x28, ['long']],
+    'CancelListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x34, ['pointer', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x38, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0x58, ['pointer', ['void']]],
+    'CommunicationInfo' : [ 0x5c, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0x60, ['pointer', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0x64, ['pointer', ['_ETHREAD']]],
+    'WakeReference' : [ 0x68, ['pointer', ['void']]],
+    'ExtensionBuffer' : [ 0x6c, ['pointer', ['void']]],
+    'ExtensionBufferSize' : [ 0x70, ['unsigned long']],
+    'PortMessage' : [ 0x78, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x24, {
+    'PortObject' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'Message' : [ 0x4, ['pointer', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'TargetPort' : [ 0x10, ['pointer', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x14, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalLength' : [ 0x1c, ['unsigned short']],
+    'Type' : [ 0x1e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x20, ['unsigned short']],
+    'SignalCompletion' : [ 0x22, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x23, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x4, ['unsigned long']],
+    'ViewBase' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x14, {
+    'OwnerPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x4, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Message' : [ 0xc, ['pointer', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x20, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ObjectType' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x20, {
+    'ClientContext' : [ 0x0, ['pointer', ['void']]],
+    'ServerContext' : [ 0x4, ['pointer', ['void']]],
+    'PortContext' : [ 0x8, ['pointer', ['void']]],
+    'CancelPortContext' : [ 0xc, ['pointer', ['void']]],
+    'SecurityData' : [ 0x10, ['pointer', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x14, ['pointer', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x18, ['pointer', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x1c, ['_KALPC_DIRECT_EVENT']],
+} ],
+  '__unnamed_1bba' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1bbc' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1bba']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x50, {
+    'HandleTable' : [ 0x0, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x4, ['pointer', ['void']]],
+    'OwningProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x10, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x4c, ['__unnamed_1bbc']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x4, {
+    'Event' : [ 0x0, ['unsigned long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x8, ['unsigned long']],
+    'KeyContext' : [ 0xc, ['pointer', ['void']]],
+    'ApcContext' : [ 0x10, ['pointer', ['void']]],
+    'IoStatus' : [ 0x14, ['long']],
+    'IoStatusInformation' : [ 0x18, ['unsigned long']],
+    'MiniPacketCallback' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Allocated' : [ 0x24, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x28, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer', ['void']]],
+    'ActivityId' : [ 0xc, ['_GUID']],
+    'Timestamp' : [ 0x1c, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x1c, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x1c, ['pointer', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x20, ['long long']],
+} ],
+  '_DRIVER_OBJECT' : [ 0xa8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DriverStart' : [ 0xc, ['pointer', ['void']]],
+    'DriverSize' : [ 0x10, ['unsigned long']],
+    'DriverSection' : [ 0x14, ['pointer', ['void']]],
+    'DriverExtension' : [ 0x18, ['pointer', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x1c, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x28, ['pointer', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x2c, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x30, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x34, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x38, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x14, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0xc, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x24, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+    'FoIoPriorityHint' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x8, ['long']],
+    'Information' : [ 0xc, ['unsigned long']],
+    'ParseCheck' : [ 0x10, ['unsigned long']],
+    'RelatedFileObject' : [ 0x14, ['pointer', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x18, ['pointer', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x28, ['unsigned long']],
+    'FileAttributes' : [ 0x2c, ['unsigned short']],
+    'ShareAccess' : [ 0x2e, ['unsigned short']],
+    'EaBuffer' : [ 0x30, ['pointer', ['void']]],
+    'EaLength' : [ 0x34, ['unsigned long']],
+    'Options' : [ 0x38, ['unsigned long']],
+    'Disposition' : [ 0x3c, ['unsigned long']],
+    'BasicInformation' : [ 0x40, ['pointer', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x44, ['pointer', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'CreateFileType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x4c, ['pointer', ['void']]],
+    'Override' : [ 0x50, ['unsigned char']],
+    'QueryOnly' : [ 0x51, ['unsigned char']],
+    'DeleteOnly' : [ 0x52, ['unsigned char']],
+    'FullAttributes' : [ 0x53, ['unsigned char']],
+    'LocalFileObject' : [ 0x54, ['pointer', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x58, ['unsigned long']],
+    'AccessMode' : [ 0x5c, ['unsigned char']],
+    'DriverCreateContext' : [ 0x60, ['_IO_DRIVER_CREATE_CONTEXT']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1c87' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x110, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1c87']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer', ['unsigned short']]],
+    'LogFileName' : [ 0x3c, ['pointer', ['unsigned short']]],
+    'TimeZone' : [ 0x40, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0xf8, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x108, ['unsigned long']],
+    'BuffersLost' : [ 0x10c, ['unsigned long']],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x288, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 1, ['unsigned long']]],
+    'ErrorMarker' : [ 0x18, ['unsigned long']],
+    'SizeMask' : [ 0x1c, ['unsigned long']],
+    'GetCpuClock' : [ 0x20, ['pointer', ['void']]],
+    'LoggerThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x28, ['long']],
+    'FailureReason' : [ 0x2c, ['unsigned long']],
+    'BufferQueue' : [ 0x30, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x3c, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x48, ['_LIST_ENTRY']],
+    'ProviderBinaryList' : [ 0x50, ['_LIST_ENTRY']],
+    'BatchedBufferList' : [ 0x58, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x58, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x5c, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x64, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x6c, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0x74, ['_UNICODE_STRING']],
+    'ClockType' : [ 0x7c, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0x80, ['unsigned long']],
+    'FlushTimer' : [ 0x84, ['unsigned long']],
+    'FlushThreshold' : [ 0x88, ['unsigned long']],
+    'ByteOffset' : [ 0x90, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0x98, ['unsigned long']],
+    'BuffersAvailable' : [ 0x9c, ['long']],
+    'NumberOfBuffers' : [ 0xa0, ['long']],
+    'MaximumBuffers' : [ 0xa4, ['unsigned long']],
+    'EventsLost' : [ 0xa8, ['unsigned long']],
+    'PeakBuffersCount' : [ 0xac, ['long']],
+    'BuffersWritten' : [ 0xb0, ['unsigned long']],
+    'LogBuffersLost' : [ 0xb4, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xb8, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xbc, ['unsigned long']],
+    'SequencePtr' : [ 0xc0, ['pointer', ['long']]],
+    'LocalSequence' : [ 0xc4, ['unsigned long']],
+    'InstanceGuid' : [ 0xc8, ['_GUID']],
+    'MaximumFileSize' : [ 0xd8, ['unsigned long']],
+    'FileCounter' : [ 0xdc, ['long']],
+    'PoolType' : [ 0xe0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0xe8, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0xf8, ['long']],
+    'ProviderInfoSize' : [ 0xfc, ['unsigned long']],
+    'Consumers' : [ 0x100, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x108, ['unsigned long']],
+    'TransitionConsumer' : [ 0x10c, ['pointer', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x110, ['pointer', ['void']]],
+    'RealtimeLogfileName' : [ 0x114, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x120, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x128, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x130, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x138, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x140, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x148, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x150, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x160, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x164, ['_KEVENT']],
+    'FlushEvent' : [ 0x174, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x188, ['_KTIMER']],
+    'LoggerDpc' : [ 0x1b0, ['_KDPC']],
+    'LoggerMutex' : [ 0x1d0, ['_KMUTANT']],
+    'LoggerLock' : [ 0x1f0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x1f4, ['unsigned long']],
+    'BufferListPushLock' : [ 0x1f4, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x1f8, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x234, ['pointer', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x238, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x240, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x248, ['pointer', ['void']]],
+    'BufferSequenceNumber' : [ 0x250, ['long long']],
+    'Flags' : [ 0x258, ['unsigned long']],
+    'Persistent' : [ 0x258, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x258, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x258, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x258, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x258, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x258, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x258, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x258, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x258, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x258, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x258, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x258, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x258, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x258, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x258, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'SpareFlags1' : [ 0x258, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x258, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x258, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x258, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x25c, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x25c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x25c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x25c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x25c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x25c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x25c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x25c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x25c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x25c, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'HookIdMap' : [ 0x260, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x268, ['pointer', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x26c, ['pointer', ['_ETW_PMC_SUPPORT']]],
+    'WinRtProviderBinaryList' : [ 0x270, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x278, ['pointer', ['pointer', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x27c, ['_DISALLOWED_GUIDS']],
+    'ServerSilo' : [ 0x284, ['pointer', ['_ESILO']]],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x24, {
+    'Source' : [ 0x0, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x10, ['unsigned long']],
+    'HookId' : [ 0x14, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x1c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x20, ['array', 1, ['pointer', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0x190, {
+    'EtwpSecurityProviderPID' : [ 0x0, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x8, ['_ETW_GUID_ENTRY']],
+    'AuditLoggerId' : [ 0x168, ['unsigned long']],
+    'EtwPsProvRegHandle' : [ 0x170, ['unsigned long long']],
+    'EtwpSecurityLoggers' : [ 0x178, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0x188, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0x189, ['unsigned char']],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x298, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x34, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x94, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x98, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0x9c, ['pointer', ['void']]],
+    'DynamicPart' : [ 0xa0, ['pointer', ['unsigned long']]],
+    'DefaultDacl' : [ 0xa4, ['pointer', ['_ACL']]],
+    'TokenType' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xb0, ['unsigned long']],
+    'TokenInUse' : [ 0xb4, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xb8, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xbc, ['unsigned long']],
+    'LogonSession' : [ 0xc0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xc4, ['_LUID']],
+    'SidHash' : [ 0xcc, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x154, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x1dc, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x1e0, ['pointer', ['void']]],
+    'Capabilities' : [ 0x1e4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x1e8, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x1ec, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x274, ['pointer', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x278, ['pointer', ['_SEP_LOWBOX_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x27c, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x280, ['pointer', ['void']]],
+    'TrustLinkedToken' : [ 0x284, ['pointer', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x288, ['pointer', ['void']]],
+    'TokenSidValues' : [ 0x28c, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'SessionObject' : [ 0x290, ['pointer', ['void']]],
+    'VariablePart' : [ 0x294, ['unsigned long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x5c, {
+    'Next' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x4, ['_LUID']],
+    'BuddyLogonId' : [ 0xc, ['_LUID']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'pDeviceMap' : [ 0x1c, ['pointer', ['_DEVICE_MAP']]],
+    'Token' : [ 0x20, ['pointer', ['void']]],
+    'AccountName' : [ 0x24, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x2c, ['_UNICODE_STRING']],
+    'LowBoxHandlesTable' : [ 0x34, ['_SEP_LOWBOX_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x40, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x44, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x48, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0x58, ['pointer', ['_ESILO']]],
+} ],
+  '_OBJECT_HEADER' : [ 0x20, {
+    'PointerCount' : [ 0x0, ['long']],
+    'HandleCount' : [ 0x4, ['long']],
+    'NextToFree' : [ 0x4, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0xc, ['unsigned char']],
+    'TraceFlags' : [ 0xd, ['unsigned char']],
+    'DbgRefTrace' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0xe, ['unsigned char']],
+    'Flags' : [ 0xf, ['unsigned char']],
+    'NewObject' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0xf, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0xf, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0xf, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0xf, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectCreateInfo' : [ 0x10, ['pointer', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x10, ['pointer', ['void']]],
+    'SecurityDescriptor' : [ 0x14, ['pointer', ['void']]],
+    'Body' : [ 0x18, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x10, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x8, {
+    'ExclusiveProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x8, {
+    'HandleCountDataBase' : [ 0x0, ['pointer', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x10, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x4, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0xc, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x10, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x8, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x8, {
+    'SecurityDescriptor' : [ 0x0, ['pointer', ['void']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_REVOCATION_INFO' : [ 0x10, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x8, ['pointer', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'Padding1' : [ 0xc, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x18, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'EntryLink' : [ 0x8, ['pointer', ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0xc, ['unsigned long']],
+    'HashIndex' : [ 0x10, ['unsigned short']],
+    'DirectoryLocked' : [ 0x12, ['unsigned char']],
+    'LockedExclusive' : [ 0x13, ['unsigned char']],
+    'LockStateSignature' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0xb0, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x94, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x98, ['pointer', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x9c, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'SessionId' : [ 0xa0, ['unsigned long']],
+    'NamespaceEntry' : [ 0xa4, ['pointer', ['void']]],
+    'SessionObject' : [ 0xa8, ['pointer', ['void']]],
+    'Flags' : [ 0xac, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x74, {
+    'SystemDeviceMap' : [ 0x0, ['pointer', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x4, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+} ],
+  '_DEVICE_MAP' : [ 0x34, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x4, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x8, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'DriveMap' : [ 0x10, ['unsigned long']],
+    'DriveType' : [ 0x14, ['array', 32, ['unsigned char']]],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0xc, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x4, ['pointer', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x8, ['pointer', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x418, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x8, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0xc, ['unsigned long']],
+    'ErrorCount' : [ 0x10, ['long']],
+    'RecordCount' : [ 0x14, ['unsigned long']],
+    'RecordLength' : [ 0x18, ['unsigned long']],
+    'PoolTag' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x24, ['pointer', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x28, ['pointer', ['void']]],
+    'SectionCount' : [ 0x2c, ['unsigned long']],
+    'SectionLength' : [ 0x30, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x38, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x40, ['unsigned long']],
+    'TotalErrors' : [ 0x44, ['unsigned long']],
+    'Deferred' : [ 0x48, ['unsigned char']],
+    'Descriptor' : [ 0x49, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xe4, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'ProcessorNumber' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x14, ['long']],
+    'ErrorSource' : [ 0x18, ['pointer', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x1c, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x1c, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'ConnectLock' : [ 0x4, ['_KEVENT']],
+    'LineMasked' : [ 0x14, ['unsigned char']],
+    'InterruptList' : [ 0x18, ['pointer', ['_KINTERRUPT']]],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x4, {
+    'ImpersonationData' : [ 0x0, ['unsigned long']],
+    'ImpersonationToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x4, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer', ['_VI_POOL_ENTRY']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'WorkQueue' : [ 0x18, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x40, ['pointer', ['void']]],
+    'AcceptProcessorNotification' : [ 0x44, ['pointer', ['void']]],
+    'AcceptAcpiNotification' : [ 0x48, ['pointer', ['void']]],
+    'WorkOrderCount' : [ 0x4c, ['unsigned long']],
+    'WorkOrders' : [ 0x50, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x30, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x4, ['unsigned long']],
+    'SenderPort' : [ 0x8, ['pointer', ['void']]],
+    'RepliedToThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'PortContext' : [ 0x10, ['pointer', ['void']]],
+    'Request' : [ 0x18, ['_PORT_MESSAGE']],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x2c, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long']],
+    'MemoryBandwidth' : [ 0x14, ['unsigned long']],
+    'MaxPoolUsage' : [ 0x18, ['unsigned long']],
+    'MaxSectionSize' : [ 0x1c, ['unsigned long']],
+    'MaxViewSize' : [ 0x20, ['unsigned long']],
+    'MaxTotalSectionSize' : [ 0x24, ['unsigned long']],
+    'DupObjectTypes' : [ 0x28, ['unsigned long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0xa8, {
+    'DeleteSubsectionCleanup' : [ 0x0, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x10, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x20, ['unsigned long']],
+    'DereferenceSegmentHeader' : [ 0x24, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x40, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x48, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0x70, ['unsigned char']],
+    'DeleteOnCloseCount' : [ 0x74, ['unsigned long']],
+    'UnusedSegmentList' : [ 0x78, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0x80, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0x88, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0x90, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0xa0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x128, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x104, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x124, ['unsigned long']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0xc, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x10, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x14, ['unsigned short']],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x10, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Processor' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Reserved1' : [ 0x2, ['unsigned char']],
+    'Timer2Reserved2' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadSpecControl' : [ 0x1, ['unsigned char']],
+    'SpecControlIbrs' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecControlStibp' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SpecControlReserved' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Instrumented' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x160, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x8, ['long']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'RegListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x24, ['pointer', ['void']]],
+    'LastEnable' : [ 0x28, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x28, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x38, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x58, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x158, ['pointer', ['_ETW_FILTER_HEADER']]],
+    'ServerSilo' : [ 0x15c, ['pointer', ['_ESILO']]],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x10, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'DontUse0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'PointerProtoPte' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'WaitResponse' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+} ],
+  '_HEAP_COUNTERS' : [ 0x5c, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long']],
+    'TotalMemoryCommitted' : [ 0x4, ['unsigned long']],
+    'TotalMemoryLargeUCR' : [ 0x8, ['unsigned long']],
+    'TotalSizeInVirtualBlocks' : [ 0xc, ['unsigned long']],
+    'TotalSegments' : [ 0x10, ['unsigned long']],
+    'TotalUCRs' : [ 0x14, ['unsigned long']],
+    'CommittOps' : [ 0x18, ['unsigned long']],
+    'DeCommitOps' : [ 0x1c, ['unsigned long']],
+    'LockAcquires' : [ 0x20, ['unsigned long']],
+    'LockCollisions' : [ 0x24, ['unsigned long']],
+    'CommitRate' : [ 0x28, ['unsigned long']],
+    'DecommittRate' : [ 0x2c, ['unsigned long']],
+    'CommitFailures' : [ 0x30, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x34, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x38, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x3c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x40, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x44, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x48, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x4c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x50, ['unsigned long']],
+    'HighWatermarkSize' : [ 0x54, ['unsigned long']],
+    'LastPolledSize' : [ 0x58, ['unsigned long']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0xb80, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long']],
+    'HighestPhysicalPage' : [ 0x4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x8, ['unsigned long']],
+    'NumberOfPagingFiles' : [ 0xc, ['unsigned long']],
+    'PagingFile' : [ 0x10, ['array', 16, ['pointer', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0x80, ['unsigned long']],
+    'ResidentAvailablePages' : [ 0xc0, ['unsigned long']],
+    'TotalCommittedPages' : [ 0xc4, ['unsigned long']],
+    'ModifiedPageListHead' : [ 0x100, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x140, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x154, ['unsigned long']],
+    'TotalPagesForPagingFile' : [ 0x158, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x15c, ['unsigned long']],
+    'ProcessLockedFilePages' : [ 0x160, ['unsigned long']],
+    'ChargeCommitmentFailures' : [ 0x164, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x174, ['long']],
+    'PageFileTraces' : [ 0x178, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x10, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x8c, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x80, ['unsigned long']],
+    'NumberOfEntries' : [ 0x84, ['unsigned long']],
+    'NumberOfEntriesPeak' : [ 0x88, ['unsigned long']],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0xc, ['pointer', ['void']]],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_MI_ACTIVE_WSLE_LISTHEAD' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x44, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x18, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x1c, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x20, ['pointer', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Lock' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x2c, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x30, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x31, ['unsigned char']],
+    'LightestSleepState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x38, ['pointer', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x3c, ['unsigned char']],
+    'DeleteType' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0xc0, {
+    'Latency' : [ 0x0, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x4, ['unsigned long']],
+    'VetoAccounting' : [ 0x8, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x1c, ['unsigned char']],
+    'Platform' : [ 0x1d, ['unsigned char']],
+    'DependencyListCount' : [ 0x20, ['unsigned long']],
+    'Processors' : [ 0x24, ['_KAFFINITY_EX']],
+    'Name' : [ 0x30, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0x38, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x3c, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x40, ['unsigned long long']],
+    'RefCount' : [ 0x80, ['long']],
+    'CacheAlign0' : [ 0x80, ['array', 64, ['unsigned char']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x38, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x30, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x38, {
+    'SidHash' : [ 0x0, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x8, ['pointer', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0xc, ['_LUID']],
+    'TokenType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x1c, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'AppContainerNumber' : [ 0x24, ['unsigned long']],
+    'PackageSid' : [ 0x28, ['pointer', ['void']]],
+    'CapabilitiesHash' : [ 0x2c, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x30, ['pointer', ['void']]],
+    'SecurityAttributes' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x8, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x4, ['unsigned long']],
+} ],
+  '_MMWSLE_NONDIRECT_HASH' : [ 0x8, {
+    'Key' : [ 0x0, ['pointer', ['void']]],
+    'Index' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x1c, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x10, ['long']],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'WatchdogTimerInfo' : [ 0x18, ['pointer', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'FloppyMedia' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x10, {
+    'Va' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'Pattern' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0x8, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0x8, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0xc, ['unsigned long']],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x50, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 1, ['_GUID']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x10, ['_KEVENT']],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x4, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x8, ['pointer', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_CM_KEY_BODY' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x8, ['pointer', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0xc, ['pointer', ['void']]],
+    'KeyBodyList' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x18, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KtmTrans' : [ 0x1c, ['pointer', ['void']]],
+    'KtmUow' : [ 0x20, ['pointer', ['_GUID']]],
+    'ContextListHead' : [ 0x24, ['_LIST_ENTRY']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x18, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x8, ['unsigned char']],
+    'BlockState' : [ 0x9, ['unsigned char']],
+    'WaitKey' : [ 0xa, ['unsigned short']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0xc, ['pointer', ['_KQUEUE']]],
+    'Object' : [ 0x10, ['pointer', ['void']]],
+    'SparePtr' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+} ],
+  '__unnamed_1e59' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_1e5b' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_1e59']],
+    'Private' : [ 0x0, ['__unnamed_1e5b']],
+} ],
+  '_KTIMER2' : [ 0x58, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x10, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x28, ['unsigned long long']],
+    'MaximumDueTime' : [ 0x30, ['unsigned long long']],
+    'Period' : [ 0x38, ['long long']],
+    'Callback' : [ 0x40, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x44, ['pointer', ['void']]],
+    'DisableCallback' : [ 0x48, ['pointer', ['void']]],
+    'DisableContext' : [ 0x4c, ['pointer', ['void']]],
+    'AbsoluteSystemTime' : [ 0x50, ['unsigned char']],
+    'TypeFlags' : [ 0x51, ['unsigned char']],
+    'Plain' : [ 0x51, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x51, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x51, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x51, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NoWakeFinite' : [ 0x51, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Unused' : [ 0x51, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x10, {
+    'IssueType' : [ 0x0, ['unsigned long']],
+    'Address' : [ 0x4, ['pointer', ['void']]],
+    'Parameters' : [ 0x8, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DirtyPages' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x8, {
+    'ExceptionRecord' : [ 0x0, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x4, ['pointer', ['_CONTEXT']]],
+} ],
+  '_KMUTANT' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x18, ['pointer', ['_KTHREAD']]],
+    'Abandoned' : [ 0x1c, ['unsigned char']],
+    'ApcDisable' : [ 0x1d, ['unsigned char']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x1c, {
+    'ObjectHeader' : [ 0x0, ['pointer', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x18, ['unsigned short']],
+    'MaxStacks' : [ 0x1a, ['unsigned short']],
+    'StackInfo' : [ 0x1c, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0xc, {
+    'DynamicRelocations' : [ 0x0, ['pointer', ['void']]],
+    'SecurityContext' : [ 0x4, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x8, ['unsigned long']],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x130, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x8, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0xc, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x10, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x98, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x120, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x124, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x128, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x12c, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x40, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'TagIndex' : [ 0xc, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xe, ['unsigned short']],
+    'TagName' : [ 0x10, ['array', 24, ['wchar']]],
+} ],
+  '_MMPTE_HIGHLOW' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MMWSLE_FREE_ENTRY' : [ 0x4, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousFree' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 12, native_type='unsigned long')]],
+    'NextFree' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_NT_TIB' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x4, ['pointer', ['void']]],
+    'StackLimit' : [ 0x8, ['pointer', ['void']]],
+    'SubSystemTib' : [ 0xc, ['pointer', ['void']]],
+    'FiberData' : [ 0x10, ['pointer', ['void']]],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['pointer', ['void']]],
+    'Self' : [ 0x18, ['pointer', ['_NT_TIB']]],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_EJOB' : [ 0x2f8, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x20, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0x60, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0x68, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0x78, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0x80, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0x88, ['unsigned long']],
+    'TotalProcesses' : [ 0x8c, ['unsigned long']],
+    'ActiveProcesses' : [ 0x90, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0x94, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0x98, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xa0, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xa8, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0xac, ['unsigned long']],
+    'LimitFlags' : [ 0xb0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xb4, ['unsigned long']],
+    'Affinity' : [ 0xb8, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0xc4, ['pointer', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0xc8, ['pointer', ['void']]],
+    'UIRestrictionsClass' : [ 0xcc, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0xd0, ['unsigned long']],
+    'CompletionPort' : [ 0xd4, ['pointer', ['void']]],
+    'CompletionKey' : [ 0xd8, ['pointer', ['void']]],
+    'CompletionCount' : [ 0xe0, ['unsigned long long']],
+    'SessionId' : [ 0xe8, ['unsigned long']],
+    'SchedulingClass' : [ 0xec, ['unsigned long']],
+    'ReadOperationCount' : [ 0xf0, ['unsigned long long']],
+    'WriteOperationCount' : [ 0xf8, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x100, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x108, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x110, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x118, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x120, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x148, ['unsigned long']],
+    'JobMemoryLimit' : [ 0x14c, ['unsigned long']],
+    'JobTotalMemoryLimit' : [ 0x150, ['unsigned long']],
+    'PeakProcessMemoryUsed' : [ 0x154, ['unsigned long']],
+    'PeakJobMemoryUsed' : [ 0x158, ['unsigned long']],
+    'EffectiveAffinity' : [ 0x15c, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x168, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x170, ['unsigned long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x174, ['unsigned long']],
+    'EffectiveProcessMemoryLimit' : [ 0x178, ['unsigned long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x17c, ['pointer', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x180, ['pointer', ['_EJOB']]],
+    'EffectiveDiskIoRateLimitJob' : [ 0x184, ['pointer', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x188, ['pointer', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x18c, ['pointer', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x190, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x194, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x198, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x19c, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x1a0, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x1a4, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x1a8, ['unsigned char']],
+    'PriorityClass' : [ 0x1a9, ['unsigned char']],
+    'NestingDepth' : [ 0x1aa, ['unsigned char']],
+    'Reserved1' : [ 0x1ab, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x1ac, ['unsigned long']],
+    'WakeChannel' : [ 0x1b0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x1b0, ['_PS_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x1e8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x1f0, ['unsigned long']],
+    'OwnedHighEdgeFilters' : [ 0x1f4, ['unsigned long']],
+    'NotificationLink' : [ 0x1f8, ['pointer', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x200, ['unsigned long long']],
+    'NotificationInfo' : [ 0x208, ['pointer', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x20c, ['pointer', ['void']]],
+    'NotificationPacket' : [ 0x210, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x214, ['pointer', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x218, ['pointer', ['void']]],
+    'ReadyTime' : [ 0x220, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x228, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x22c, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x234, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x23c, ['pointer', ['_EJOB']]],
+    'RootJob' : [ 0x240, ['pointer', ['_EJOB']]],
+    'IteratorListHead' : [ 0x244, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x24c, ['unsigned long']],
+    'Ancestors' : [ 0x250, ['pointer', ['pointer', ['_EJOB']]]],
+    'SessionObject' : [ 0x250, ['pointer', ['void']]],
+    'Accounting' : [ 0x258, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x2a8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x2ac, ['unsigned long']],
+    'SequenceNumber' : [ 0x2b0, ['unsigned long']],
+    'TimerListLock' : [ 0x2b4, ['unsigned long']],
+    'TimerListHead' : [ 0x2b8, ['_LIST_ENTRY']],
+    'ContainerId' : [ 0x2c0, ['_GUID']],
+    'Container' : [ 0x2d0, ['pointer', ['_ESILO']]],
+    'PropertySet' : [ 0x2d4, ['_PS_PROPERTY_SET']],
+    'NetRateControl' : [ 0x2e0, ['pointer', ['_JOB_NET_RATE_CONTROL']]],
+    'IoRateControl' : [ 0x2e4, ['pointer', ['_JOB_IO_RATE_CONTROL']]],
+    'JobFlags' : [ 0x2e8, ['unsigned long']],
+    'CloseDone' : [ 0x2e8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x2e8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x2e8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x2e8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x2e8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x2e8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x2e8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x2e8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x2e8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x2e8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x2e8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x2e8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x2e8, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x2e8, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x2e8, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x2e8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x2e8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x2e8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x2e8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x2e8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x2e8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x2e8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x2e8, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x2e8, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x2e8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x2e8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x2e8, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x2e8, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x2e8, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IsContainerRoot' : [ 0x2e8, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'SpareJobFlags' : [ 0x2e8, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+    'EffectiveHighEdgeFilters' : [ 0x2ec, ['unsigned long']],
+    'EnergyValues' : [ 0x2f0, ['pointer', ['_PROCESS_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x2f4, ['unsigned long']],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x140, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'ForceIdle' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0x8, ['unsigned long']],
+    'TargetState' : [ 0xc, ['unsigned long']],
+    'ActualState' : [ 0x10, ['unsigned long']],
+    'OldState' : [ 0x14, ['unsigned long']],
+    'OverrideIndex' : [ 0x18, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ReasonFlags' : [ 0x24, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x28, ['unsigned long long']],
+    'PreviousStatus' : [ 0x30, ['long']],
+    'PreviousCancelReason' : [ 0x34, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x38, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0x44, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x50, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x54, ['pointer', ['void']]],
+    'IdleExecute' : [ 0x58, ['pointer', ['void']]],
+    'IdlePreselect' : [ 0x5c, ['pointer', ['void']]],
+    'IdleTest' : [ 0x60, ['pointer', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x64, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x68, ['pointer', ['void']]],
+    'IdleCancel' : [ 0x6c, ['pointer', ['void']]],
+    'IdleIsHalted' : [ 0x70, ['pointer', ['void']]],
+    'IdleInitiateWake' : [ 0x74, ['pointer', ['void']]],
+    'PrepareInfo' : [ 0x78, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0xc8, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0xd4, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0xd8, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0xdc, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0xe4, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0xec, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0xfc, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x14, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PreallocatedVetoCount' : [ 0xc, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x10, ['pointer', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_PEB' : [ 0x250, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SpareBits' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['pointer', ['void']]],
+    'ImageBaseAddress' : [ 0x8, ['pointer', ['void']]],
+    'Ldr' : [ 0xc, ['pointer', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x10, ['pointer', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x14, ['pointer', ['void']]],
+    'ProcessHeap' : [ 0x18, ['pointer', ['void']]],
+    'FastPebLock' : [ 0x1c, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x20, ['pointer', ['void']]],
+    'IFEOKey' : [ 0x24, ['pointer', ['void']]],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['pointer', ['void']]],
+    'UserSharedInfoPtr' : [ 0x2c, ['pointer', ['void']]],
+    'SystemReserved' : [ 0x30, ['array', 1, ['unsigned long']]],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['pointer', ['void']]],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['pointer', ['void']]],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['pointer', ['void']]],
+    'SparePvoid0' : [ 0x50, ['pointer', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x54, ['pointer', ['pointer', ['void']]]],
+    'AnsiCodePageData' : [ 0x58, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x5c, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x60, ['pointer', ['void']]],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['pointer', ['pointer', ['void']]]],
+    'GdiSharedHandleTable' : [ 0x94, ['pointer', ['void']]],
+    'ProcessStarterHelper' : [ 0x98, ['pointer', ['void']]],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['pointer', ['void']]],
+    'TlsExpansionBitmap' : [ 0x150, ['pointer', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['pointer', ['void']]],
+    'AppCompatInfo' : [ 0x1ec, ['pointer', ['void']]],
+    'CSDVersion' : [ 0x1f0, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x1f8, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x200, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x204, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['pointer', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x210, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x218, ['pointer', ['void']]],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['pointer', ['void']]],
+    'WerShipAssertPtr' : [ 0x234, ['pointer', ['void']]],
+    'pUnused' : [ 0x238, ['pointer', ['void']]],
+    'pImageHeaderHash' : [ 0x23c, ['pointer', ['void']]],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x54, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x8, ['pointer', ['void']]],
+    'ProcessObject' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x10, ['pointer', ['void']]],
+    'RealtimeConnectContext' : [ 0x14, ['pointer', ['void']]],
+    'DisconnectEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x1c, ['pointer', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x20, ['pointer', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x24, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x28, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x2c, ['unsigned long']],
+    'LoggerId' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned char']],
+    'ShutDownRequested' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x34, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x40, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x44, ['unsigned long']],
+    'UserPagesReused' : [ 0x48, ['unsigned long']],
+    'EventsLostCount' : [ 0x4c, ['pointer', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x50, ['pointer', ['unsigned long']]],
+} ],
+  '__unnamed_1ed3' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_1ed8' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1eda' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_1ed3']],
+    'Bits' : [ 0x0, ['__unnamed_1ed8']],
+} ],
+  '_KGDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_1eda']],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x4, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x4, ['unsigned long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'RunningDeAllocs' : [ 0x44, ['long']],
+    'TotalBigPages' : [ 0x48, ['long']],
+    'ThreadsProcessingDeferrals' : [ 0x4c, ['long']],
+    'TotalBytes' : [ 0x50, ['unsigned long']],
+    'PoolIndex' : [ 0x80, ['unsigned long']],
+    'TotalPages' : [ 0xc0, ['long']],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'PendingFreeDepth' : [ 0x104, ['long']],
+    'ListHeads' : [ 0x140, ['array', 512, ['_LIST_ENTRY']]],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0xc, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x28, {
+    'DriverObject' : [ 0x0, ['pointer', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x4, ['pointer', ['void']]],
+    'Count' : [ 0x8, ['unsigned long']],
+    'ServiceKeyName' : [ 0xc, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x14, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x18, ['pointer', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x1c, ['pointer', ['void']]],
+    'DvCallbacks' : [ 0x20, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x44, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['long']],
+    'Dpc' : [ 0x10, ['_KDPC']],
+    'WorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x2c, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x8, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x14, ['pointer', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x18, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x18, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0xb0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0xc, ['pointer', ['void']]],
+    'MessageServiceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'MessageIndex' : [ 0x14, ['unsigned long']],
+    'ServiceContext' : [ 0x18, ['pointer', ['void']]],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'TickCount' : [ 0x20, ['unsigned long']],
+    'ActualLock' : [ 0x24, ['pointer', ['unsigned long']]],
+    'DispatchAddress' : [ 0x28, ['pointer', ['void']]],
+    'Vector' : [ 0x2c, ['unsigned long']],
+    'Irql' : [ 0x30, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x31, ['unsigned char']],
+    'FloatingSave' : [ 0x32, ['unsigned char']],
+    'Connected' : [ 0x33, ['unsigned char']],
+    'Number' : [ 0x34, ['unsigned long']],
+    'ShareVector' : [ 0x38, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x39, ['unsigned char']],
+    'ActiveCount' : [ 0x3a, ['unsigned short']],
+    'InternalState' : [ 0x3c, ['long']],
+    'Mode' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x48, ['unsigned long']],
+    'DispatchCount' : [ 0x4c, ['unsigned long']],
+    'PassiveEvent' : [ 0x50, ['pointer', ['_KEVENT']]],
+    'TrapFrame' : [ 0x54, ['pointer', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x58, ['pointer', ['void']]],
+    'ServiceThread' : [ 0x5c, ['pointer', ['_KTHREAD']]],
+    'ConnectionData' : [ 0x60, ['pointer', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0x64, ['pointer', ['void']]],
+    'IsrDpcStats' : [ 0x68, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xa8, ['pointer', ['void']]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x18, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x4, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0xc, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x60, {
+    'FileName' : [ 0x0, ['pointer', ['unsigned short']]],
+    'BaseName' : [ 0x4, ['pointer', ['unsigned short']]],
+    'RegRootName' : [ 0x8, ['pointer', ['unsigned short']]],
+    'CmHive' : [ 0xc, ['pointer', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x10, ['unsigned long']],
+    'CmHiveFlags' : [ 0x14, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x18, ['unsigned long']],
+    'CmHive2' : [ 0x1c, ['pointer', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x20, ['unsigned char']],
+    'ThreadFinished' : [ 0x21, ['unsigned char']],
+    'ThreadStarted' : [ 0x22, ['unsigned char']],
+    'Allocate' : [ 0x23, ['unsigned char']],
+    'WinPERequired' : [ 0x24, ['unsigned char']],
+    'StartEvent' : [ 0x28, ['_KEVENT']],
+    'FinishedEvent' : [ 0x38, ['_KEVENT']],
+    'MountLock' : [ 0x48, ['_KEVENT']],
+    'FilePath' : [ 0x58, ['_UNICODE_STRING']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x1000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer', ['_HMAP_TABLE']]]],
+} ],
+  '_CONTEXT' : [ 0x2cc, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+    'Dr0' : [ 0x4, ['unsigned long']],
+    'Dr1' : [ 0x8, ['unsigned long']],
+    'Dr2' : [ 0xc, ['unsigned long']],
+    'Dr3' : [ 0x10, ['unsigned long']],
+    'Dr6' : [ 0x14, ['unsigned long']],
+    'Dr7' : [ 0x18, ['unsigned long']],
+    'FloatSave' : [ 0x1c, ['_FLOATING_SAVE_AREA']],
+    'SegGs' : [ 0x8c, ['unsigned long']],
+    'SegFs' : [ 0x90, ['unsigned long']],
+    'SegEs' : [ 0x94, ['unsigned long']],
+    'SegDs' : [ 0x98, ['unsigned long']],
+    'Edi' : [ 0x9c, ['unsigned long']],
+    'Esi' : [ 0xa0, ['unsigned long']],
+    'Ebx' : [ 0xa4, ['unsigned long']],
+    'Edx' : [ 0xa8, ['unsigned long']],
+    'Ecx' : [ 0xac, ['unsigned long']],
+    'Eax' : [ 0xb0, ['unsigned long']],
+    'Ebp' : [ 0xb4, ['unsigned long']],
+    'Eip' : [ 0xb8, ['unsigned long']],
+    'SegCs' : [ 0xbc, ['unsigned long']],
+    'EFlags' : [ 0xc0, ['unsigned long']],
+    'Esp' : [ 0xc4, ['unsigned long']],
+    'SegSs' : [ 0xc8, ['unsigned long']],
+    'ExtendedRegisters' : [ 0xcc, ['array', 512, ['unsigned char']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x10, {
+    'Handles' : [ 0x0, ['pointer', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1f3c' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_1f3c']],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x8, {
+    'Port' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x1b8, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Node' : [ 0x19c, ['pointer', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x1a0, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x1a4, ['unsigned long']],
+    'ThreadCount' : [ 0x1a8, ['long']],
+    'MinThreads' : [ 0x1ac, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x1ac, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x1b0, ['long']],
+    'QueueIndex' : [ 0x1b4, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'ExPoolTrusted', 8: u'ExPoolMax'})]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x100, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 62, ['pointer', ['void']]]],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'CallingAddress' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long']],
+    'Tag' : [ 0xc, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x50, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x20, ['_KTIMER']],
+    'ScanActive' : [ 0x48, ['unsigned char']],
+    'OtherWork' : [ 0x49, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x4a, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x4b, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x4c, ['unsigned char']],
+    'PendingPowerScan' : [ 0x4d, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x4e, ['unsigned char']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x44, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer', ['unsigned char']]],
+    'DataPortMapped' : [ 0xc, ['unsigned char']],
+    'AddressPort' : [ 0x10, ['pointer', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x14, ['unsigned char']],
+    'CommandPort' : [ 0x18, ['pointer', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x1c, ['unsigned char']],
+    'NextSlotNumber' : [ 0x20, ['unsigned long']],
+    'DeviceList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x2c, ['pointer', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x30, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x38, ['unsigned long']],
+    'SystemPowerState' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x8, {
+    'Sid' : [ 0x0, ['pointer', ['void']]],
+    'Attributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_IO_WORKITEM' : [ 0x34, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x10, ['pointer', ['void']]],
+    'IoObject' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'WorkingOnBehalfClient' : [ 0x1c, ['pointer', ['void']]],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ActivityId' : [ 0x24, ['_GUID']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'Teb' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 31, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MMWSLE_HASH' : [ 0x4, {
+    'Index' : [ 0x0, ['unsigned long']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x50, {
+    'Timer' : [ 0x0, ['_KTIMER']],
+    'Dpc' : [ 0x28, ['_KDPC']],
+    'WorkOrder' : [ 0x48, ['pointer', ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x18, {
+    'Next' : [ 0x0, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'SecureInfo' : [ 0x8, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'InPageSupport' : [ 0x8, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x8, ['pointer', ['_MI_LARGEPAGE_MEMORY_INFO']]],
+    'CreatingThread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x18, {
+    'AllocAddress' : [ 0x0, ['unsigned long']],
+    'AllocTag' : [ 0x4, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x8, ['unsigned long']],
+    'ReAllocTag' : [ 0xc, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x10, ['unsigned long']],
+    'FreeTag' : [ 0x14, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0xc, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x8, ['pointer', ['void']]],
+    'CallersCaller' : [ 0xc, ['pointer', ['void']]],
+    'CallCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MIPFNBLINK' : [ 0x4, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 28, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x0, ['long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x8, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'Flags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0x6, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'OldIrql' : [ 0x4, ['unsigned char']],
+    'NewIrql' : [ 0x5, ['unsigned char']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'TickCount' : [ 0x8, ['unsigned long']],
+    'StackTrace' : [ 0xc, ['array', 5, ['pointer', ['void']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0xc, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long']],
+    'NumberOfProcessReferences' : [ 0x4, ['unsigned long']],
+    'ClonePtes' : [ 0x8, ['pointer', ['_MMCLONE_BLOCK']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'LowboxMap' : [ 0xc, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_PEB_LDR_DATA' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer', ['void']]],
+    'InLoadOrderModuleList' : [ 0xc, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x14, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x24, ['pointer', ['void']]],
+    'ShutdownInProgress' : [ 0x28, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x84, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x8, ['unsigned long']],
+    'CallerEvent' : [ 0xc, ['pointer', ['_KEVENT']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'VetoType' : [ 0x18, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x1c, ['pointer', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'Lock' : [ 0x24, ['unsigned long']],
+    'Cancel' : [ 0x28, ['unsigned char']],
+    'Parent' : [ 0x2c, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x30, ['_GUID']],
+    'Data' : [ 0x40, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PS_WAKE_INFORMATION' : [ 0x38, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 5, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x30, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x8, ['pointer', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x14, ['pointer', ['_ETHREAD']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'AtomicLinks' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x4, {
+    'Head' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0x6c0, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer', ['_MMPFNLIST']]]],
+    'FreePageSlist' : [ 0x8, ['array', 2, ['pointer', ['_SLIST_HEADER']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x1c0, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x200, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x340, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x480, ['_MMPFNLIST']],
+    'PageLocationList' : [ 0x494, ['array', 8, ['pointer', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x4b4, ['array', 8, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x4d4, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x5d4, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x5e4, ['unsigned long']],
+    'LastDecayHandUpdateTime' : [ 0x5e8, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x5f0, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0x640, ['unsigned long']],
+    'AvailablePageWaitStates' : [ 0x644, ['array', 2, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'LowMemoryThreshold' : [ 0x66c, ['unsigned long']],
+    'HighMemoryThreshold' : [ 0x670, ['unsigned long']],
+    'TransitionPrivatePages' : [ 0x680, ['unsigned long']],
+    'RebuildLargePagesInitialized' : [ 0x684, ['unsigned char']],
+    'RebuildLargePagesItem' : [ 0x688, ['_MI_REBUILD_LARGE_PAGES']],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0xa0, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Delete' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'LockTablePresent' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'DelayedDeref' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DelayedClose' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Parking' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'KeyHash' : [ 0xc, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0xc, ['unsigned long']],
+    'NextHash' : [ 0x10, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x14, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+    'KcbPushlock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x20, ['pointer', ['_KTHREAD']]],
+    'SharedCount' : [ 0x20, ['long']],
+    'SlotHint' : [ 0x24, ['unsigned long']],
+    'ParentKcb' : [ 0x28, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x2c, ['pointer', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x34, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x3c, ['pointer', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x3c, ['unsigned long']],
+    'SubKeyCount' : [ 0x3c, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x48, ['array', 4, ['pointer', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0x60, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0x62, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0x64, ['unsigned long']],
+    'KcbUserFlags' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'KCBUoWListHead' : [ 0x6c, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0x74, ['_LIST_ENTRY']],
+    'Stolen' : [ 0x74, ['pointer', ['unsigned char']]],
+    'TransKCBOwner' : [ 0x7c, ['pointer', ['_CM_TRANS']]],
+    'KCBLock' : [ 0x80, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x88, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x90, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x98, ['pointer', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x9c, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_KLOCK_ENTRY' : [ 0x30, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0xc, ['unsigned long']],
+    'EntryOffset' : [ 0xc, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0xd, ['unsigned char']],
+    'WaitingBit' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0xe, ['unsigned char']],
+    'AcquiredBit' : [ 0xe, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0xf, ['unsigned char']],
+    'HeadNodeBit' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x10, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x10, ['pointer', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x10, ['unsigned char']],
+    'Reserved' : [ 0x11, ['array', 2, ['unsigned char']]],
+    'InTreeByte' : [ 0x13, ['unsigned char']],
+    'SessionState' : [ 0x14, ['pointer', ['void']]],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'OwnerTree' : [ 0x18, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x20, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x18, ['unsigned char']],
+    'EntryLock' : [ 0x28, ['unsigned long']],
+    'AllBoosts' : [ 0x2c, ['unsigned short']],
+    'IoBoost' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'CpuBoostsBitmap' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2e, ['unsigned short']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2005' : [ 0x8, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x8, ['__unnamed_2005']],
+    'Irp' : [ 0x10, ['pointer', ['_IRP']]],
+    'u1' : [ 0x14, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x18, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x1c, ['_KAPC']],
+    'ByteCount' : [ 0x4c, ['unsigned long']],
+    'ChargedPages' : [ 0x50, ['unsigned long']],
+    'PagingFile' : [ 0x54, ['pointer', ['_MMPAGING_FILE']]],
+    'File' : [ 0x58, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x5c, ['pointer', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x60, ['pointer', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'Partition' : [ 0x78, ['pointer', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0x7c, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x80, ['_MDL']],
+    'Page' : [ 0x9c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x20, {
+    'PeakCommitment' : [ 0x0, ['unsigned long']],
+    'TotalCommitLimitMaximum' : [ 0x4, ['unsigned long']],
+    'Popups' : [ 0x8, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x10, ['unsigned long']],
+    'HighCommitThreshold' : [ 0x14, ['unsigned long']],
+    'EventLock' : [ 0x18, ['unsigned long']],
+    'SystemCommitReserve' : [ 0x1c, ['unsigned long']],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x1c, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedAllocs' : [ 0x4, ['unsigned long']],
+    'NonPagedFrees' : [ 0x8, ['unsigned long']],
+    'NonPagedBytes' : [ 0xc, ['unsigned long']],
+    'PagedAllocs' : [ 0x10, ['unsigned long']],
+    'PagedFrees' : [ 0x14, ['unsigned long']],
+    'PagedBytes' : [ 0x18, ['unsigned long']],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer', ['void']]],
+    'Pointer1' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x50, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'CycleTime' : [ 0x10, ['unsigned long long']],
+    'ContextSwitches' : [ 0x18, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x20, ['long long']],
+    'WriteOperationCount' : [ 0x28, ['long long']],
+    'OtherOperationCount' : [ 0x30, ['long long']],
+    'ReadTransferCount' : [ 0x38, ['long long']],
+    'WriteTransferCount' : [ 0x40, ['long long']],
+    'OtherTransferCount' : [ 0x48, ['long long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x180, {
+    'IdleStates' : [ 0x0, ['pointer', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x4, ['pointer', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x20, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x28, ['unsigned char']],
+    'PepWokenTransition' : [ 0x29, ['unsigned char']],
+    'Class' : [ 0x2a, ['unsigned char']],
+    'TargetIdleState' : [ 0x2c, ['unsigned long']],
+    'IdlePolicy' : [ 0x30, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x38, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x40, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xcc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xd0, ['unsigned long']],
+    'WmiInterfaceEnabled' : [ 0xd4, ['long']],
+    'FFHThrottleStateInfo' : [ 0xd8, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0xf8, ['_KDPC']],
+    'PerfActionMask' : [ 0x118, ['long']],
+    'HvIdleCheck' : [ 0x120, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x130, ['pointer', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x134, ['pointer', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x138, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x13c, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x140, ['pointer', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x144, ['pointer', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x148, ['unsigned char']],
+    'HvTargetState' : [ 0x149, ['unsigned char']],
+    'Parked' : [ 0x14a, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x14c, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x150, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x154, ['unsigned long']],
+    'RelativePerformance' : [ 0x158, ['unsigned long']],
+    'Utility' : [ 0x15c, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x160, ['unsigned long']],
+    'SnapTimeLast' : [ 0x168, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x168, ['unsigned long long']],
+    'ActiveTime' : [ 0x170, ['unsigned long long']],
+    'TotalTime' : [ 0x178, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMPFNENTRY' : [ 0x2, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Priority' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0x40, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_SEGMENT_OBJECT' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SizeOfSegment' : [ 0x8, ['_LARGE_INTEGER']],
+    'NonExtendedPtes' : [ 0x10, ['unsigned long']],
+    'ImageCommitment' : [ 0x14, ['unsigned long']],
+    'ControlArea' : [ 0x18, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x1c, ['pointer', ['_SUBSECTION']]],
+    'MmSectionFlags' : [ 0x20, ['pointer', ['_MMSECTION_FLAGS']]],
+    'MmSubSectionFlags' : [ 0x24, ['pointer', ['_MMSUBSECTION_FLAGS']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x20, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x14, {
+    'CompletionRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'RequestorMode' : [ 0xc, ['unsigned char']],
+    'NestingLevel' : [ 0x10, ['unsigned long']],
+} ],
+  '_KTSS' : [ 0x20ac, {
+    'Backlink' : [ 0x0, ['unsigned short']],
+    'Reserved0' : [ 0x2, ['unsigned short']],
+    'Esp0' : [ 0x4, ['unsigned long']],
+    'Ss0' : [ 0x8, ['unsigned short']],
+    'Reserved1' : [ 0xa, ['unsigned short']],
+    'NotUsed1' : [ 0xc, ['array', 4, ['unsigned long']]],
+    'CR3' : [ 0x1c, ['unsigned long']],
+    'Eip' : [ 0x20, ['unsigned long']],
+    'EFlags' : [ 0x24, ['unsigned long']],
+    'Eax' : [ 0x28, ['unsigned long']],
+    'Ecx' : [ 0x2c, ['unsigned long']],
+    'Edx' : [ 0x30, ['unsigned long']],
+    'Ebx' : [ 0x34, ['unsigned long']],
+    'Esp' : [ 0x38, ['unsigned long']],
+    'Ebp' : [ 0x3c, ['unsigned long']],
+    'Esi' : [ 0x40, ['unsigned long']],
+    'Edi' : [ 0x44, ['unsigned long']],
+    'Es' : [ 0x48, ['unsigned short']],
+    'Reserved2' : [ 0x4a, ['unsigned short']],
+    'Cs' : [ 0x4c, ['unsigned short']],
+    'Reserved3' : [ 0x4e, ['unsigned short']],
+    'Ss' : [ 0x50, ['unsigned short']],
+    'Reserved4' : [ 0x52, ['unsigned short']],
+    'Ds' : [ 0x54, ['unsigned short']],
+    'Reserved5' : [ 0x56, ['unsigned short']],
+    'Fs' : [ 0x58, ['unsigned short']],
+    'Reserved6' : [ 0x5a, ['unsigned short']],
+    'Gs' : [ 0x5c, ['unsigned short']],
+    'Reserved7' : [ 0x5e, ['unsigned short']],
+    'LDT' : [ 0x60, ['unsigned short']],
+    'Reserved8' : [ 0x62, ['unsigned short']],
+    'Flags' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+    'IoMaps' : [ 0x68, ['array', 1, ['_KiIoAccessMap']]],
+    'IntDirectionMap' : [ 0x208c, ['array', 32, ['unsigned char']]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_CMHIVE' : [ 0xf20, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x6f0, ['array', 6, ['pointer', ['void']]]],
+    'NotifyList' : [ 0x708, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x710, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x718, ['_LIST_ENTRY']],
+    'FailedUnloadList' : [ 0x720, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x728, ['_EX_RUNDOWN_REF']],
+    'ParseCacheEntries' : [ 0x72c, ['_LIST_ENTRY']],
+    'KcbCacheTable' : [ 0x734, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x738, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x73c, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x740, ['unsigned long']],
+    'Identity' : [ 0x744, ['unsigned long']],
+    'HiveLock' : [ 0x748, ['pointer', ['_FAST_MUTEX']]],
+    'WriterLock' : [ 0x74c, ['pointer', ['_FAST_MUTEX']]],
+    'FlusherLock' : [ 0x750, ['pointer', ['_ERESOURCE']]],
+    'FlushDirtyVector' : [ 0x754, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x75c, ['unsigned long']],
+    'FlushLogEntry' : [ 0x760, ['pointer', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0x764, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x768, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x76c, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x770, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x778, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x77c, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x780, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x784, ['pointer', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x788, ['_EX_PUSH_LOCK']],
+    'UseCount' : [ 0x78c, ['unsigned long']],
+    'LastShrinkHiveSize' : [ 0x790, ['unsigned long']],
+    'ActualFileSize' : [ 0x798, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x7a0, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x7b0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x7b8, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x7c0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x7c8, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x7cc, ['unsigned long']],
+    'SecurityHitHint' : [ 0x7d0, ['long']],
+    'SecurityCache' : [ 0x7d4, ['pointer', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x7d8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0x9d8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x9dc, ['pointer', ['pointer', ['_KEVENT']]]],
+    'RootKcb' : [ 0x9e0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x9e4, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x9e8, ['pointer', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x9ec, ['_CM_WORKITEM']],
+    'GrowOnlyMode' : [ 0xa00, ['unsigned char']],
+    'GrowOffset' : [ 0xa04, ['unsigned long']],
+    'KcbConvertListHead' : [ 0xa08, ['_LIST_ENTRY']],
+    'CellRemapArray' : [ 0xa10, ['pointer', ['_CM_CELL_REMAP_BLOCK']]],
+    'DirtyVectorLog' : [ 0xa14, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0xc9c, ['unsigned long']],
+    'TrustClassEntry' : [ 0xca0, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0xca8, ['unsigned long long']],
+    'UnreconciledTime' : [ 0xcb0, ['unsigned long long']],
+    'CmRm' : [ 0xcb8, ['pointer', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0xcbc, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0xcc0, ['long']],
+    'CreatorOwner' : [ 0xcc4, ['pointer', ['_KTHREAD']]],
+    'RundownThread' : [ 0xcc8, ['pointer', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0xcd0, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0xcd8, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0xce4, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0xcf0, ['unsigned long']],
+    'FlushActive' : [ 0xcf0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0xcf0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0xcf0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0xcf0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0xcf4, ['unsigned long']],
+    'ReferenceCount' : [ 0xcf8, ['long']],
+    'UnloadHistoryIndex' : [ 0xcfc, ['long']],
+    'UnloadHistory' : [ 0xd00, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0xf00, ['unsigned long']],
+    'UnaccessedStart' : [ 0xf04, ['unsigned long']],
+    'UnaccessedEnd' : [ 0xf08, ['unsigned long']],
+    'LoadedKeyCount' : [ 0xf0c, ['unsigned long']],
+    'HandleClosePending' : [ 0xf10, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0xf14, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0xf18, ['unsigned char']],
+    'FailedUnload' : [ 0xf19, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_KIDTENTRY' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'Access' : [ 0x4, ['unsigned short']],
+    'ExtendedOffset' : [ 0x6, ['unsigned short']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x28, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long']],
+    'DirtyPageThresholdTop' : [ 0x4, ['unsigned long']],
+    'DirtyPageThresholdBottom' : [ 0x8, ['unsigned long']],
+    'DirtyPageTarget' : [ 0xc, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x10, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x18, ['unsigned long long']],
+    'AvailableHistory' : [ 0x20, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x10, ['pointer', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x14, ['pointer', ['void']]],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0xc, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x4, ['pointer', ['void']]],
+    'DataLength' : [ 0x8, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'ForceCredits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'VmExiting' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ExpansionFailed' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x10, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_IMAGE_OPTIONAL_HEADER' : [ 0xe0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'ImageBase' : [ 0x1c, ['unsigned long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long']],
+    'SizeOfStackCommit' : [ 0x4c, ['unsigned long']],
+    'SizeOfHeapReserve' : [ 0x50, ['unsigned long']],
+    'SizeOfHeapCommit' : [ 0x54, ['unsigned long']],
+    'LoaderFlags' : [ 0x58, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x5c, ['unsigned long']],
+    'DataDirectory' : [ 0x60, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'ActiveCount' : [ 0x8, ['unsigned long']],
+    'PendingNullCount' : [ 0xc, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x10, ['unsigned long']],
+    'PendingDelete' : [ 0x14, ['unsigned long']],
+    'FreeListHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x1c, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x20, ['pointer', ['void']]],
+    'Entry' : [ 0x24, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_TERMINATION_PORT' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderMaximum'})]],
+    'BasePage' : [ 0xc, ['unsigned long']],
+    'PageCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x8, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x4, ['pointer', ['pointer', ['_CM_KCB_UOW']]]],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x400, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x4c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['unsigned long']],
+    'SamplingPeriod' : [ 0x10, ['unsigned long']],
+    'CurrentTemperature' : [ 0x14, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x14, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'HashTable' : [ 0xc, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x10, ['unsigned char']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0x8c, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long']],
+    'NonPagedBytes' : [ 0x54, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x5c, ['unsigned long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x60, ['unsigned long']],
+    'SessionTrims' : [ 0x64, ['unsigned long']],
+    'OptionChanges' : [ 0x68, ['unsigned long']],
+    'VerifyMode' : [ 0x6c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x70, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x78, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x7c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x80, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x84, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x88, ['unsigned long']],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x80, {
+    'DriverInit' : [ 0x0, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x4, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x8, ['pointer', ['void']]],
+    'AddDevice' : [ 0xc, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x10, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0xc, {
+    'ActiveThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'WaitList' : [ 0x4, ['pointer', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x8, ['unsigned long']],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x24, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x8, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0xc, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x4, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_OWNER_ENTRY' : [ 0x8, {
+    'OwnerThread' : [ 0x0, ['unsigned long']],
+    'IoPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0xb8, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'TimerApc' : [ 0x2c, ['_KAPC']],
+    'TimerDpc' : [ 0x5c, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0x7c, ['_LIST_ENTRY']],
+    'Period' : [ 0x84, ['unsigned long']],
+    'TimerFlags' : [ 0x88, ['unsigned char']],
+    'ApcAssociated' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0x88, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0x88, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0x89, ['unsigned char']],
+    'Spare2' : [ 0x8a, ['unsigned short']],
+    'WakeReason' : [ 0x8c, ['pointer', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x98, ['pointer', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x9c, ['_LIST_ENTRY']],
+    'DueTime' : [ 0xa8, ['unsigned long long']],
+    'CoalescingWindow' : [ 0xb0, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0xc, {
+    'ChainLink' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x4c, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0xc, ['pointer', ['_MDL']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'StackTrace' : [ 0x24, ['array', 8, ['pointer', ['void']]]],
+    'Who' : [ 0x44, ['unsigned long']],
+    'Process' : [ 0x48, ['pointer', ['_EPROCESS']]],
+} ],
+  '_POOL_BLOCK_HEAD' : [ 0x10, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_EXHANDLE' : [ 0x4, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_20e9' : [ 0x4, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_20e9']],
+    'EndVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x288, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0xa8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x4, ['pointer', ['_KEVENT']]],
+    'Name' : [ 0x8, ['pointer', ['unsigned short']]],
+    'OrderingName' : [ 0xc, ['pointer', ['unsigned short']]],
+    'ResourceType' : [ 0x10, ['long']],
+    'Allocation' : [ 0x14, ['pointer', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x18, ['pointer', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x1c, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x24, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x2c, ['long']],
+    'Interface' : [ 0x30, ['pointer', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x34, ['unsigned long']],
+    'AllocationStack' : [ 0x38, ['pointer', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x3c, ['pointer', ['void']]],
+    'PackResource' : [ 0x40, ['pointer', ['void']]],
+    'UnpackResource' : [ 0x44, ['pointer', ['void']]],
+    'ScoreRequirement' : [ 0x48, ['pointer', ['void']]],
+    'TestAllocation' : [ 0x4c, ['pointer', ['void']]],
+    'RetestAllocation' : [ 0x50, ['pointer', ['void']]],
+    'CommitAllocation' : [ 0x54, ['pointer', ['void']]],
+    'RollbackAllocation' : [ 0x58, ['pointer', ['void']]],
+    'BootAllocation' : [ 0x5c, ['pointer', ['void']]],
+    'QueryArbitrate' : [ 0x60, ['pointer', ['void']]],
+    'QueryConflict' : [ 0x64, ['pointer', ['void']]],
+    'AddReserved' : [ 0x68, ['pointer', ['void']]],
+    'StartArbiter' : [ 0x6c, ['pointer', ['void']]],
+    'PreprocessEntry' : [ 0x70, ['pointer', ['void']]],
+    'AllocateEntry' : [ 0x74, ['pointer', ['void']]],
+    'GetNextAllocationRange' : [ 0x78, ['pointer', ['void']]],
+    'FindSuitableRange' : [ 0x7c, ['pointer', ['void']]],
+    'AddAllocation' : [ 0x80, ['pointer', ['void']]],
+    'BacktrackAllocation' : [ 0x84, ['pointer', ['void']]],
+    'OverrideConflict' : [ 0x88, ['pointer', ['void']]],
+    'InitializeRangeList' : [ 0x8c, ['pointer', ['void']]],
+    'TransactionInProgress' : [ 0x90, ['unsigned char']],
+    'TransactionEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'Extension' : [ 0x98, ['pointer', ['void']]],
+    'BusDeviceObject' : [ 0x9c, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0xa0, ['pointer', ['void']]],
+    'ConflictCallback' : [ 0xa4, ['pointer', ['void']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x3d40, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x500, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x640, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x6a4, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x16e0, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x1760, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1800, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x2d40, ['_MI_COMBINE_STATE']],
+    'Partitions' : [ 0x2d58, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x2d88, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x2dd8, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x2e80, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x2f00, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x2fc0, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x3040, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x31c0, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x31f8, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x3230, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x3280, ['_MI_SYSTEM_TRIM_STATE']],
+    'ResTrack' : [ 0x32c0, ['_MI_RESAVAIL_TRACKER']],
+    'Cookie' : [ 0x34c0, ['unsigned long']],
+    'ZeroingDisabled' : [ 0x34c4, ['long']],
+    'BootRegistryRuns' : [ 0x34c8, ['pointer', ['pointer', ['void']]]],
+    'FullyInitialized' : [ 0x34cc, ['unsigned char']],
+    'SafeBooted' : [ 0x34cd, ['unsigned char']],
+    'LargePfnBitMap' : [ 0x34d0, ['_RTL_BITMAP']],
+    'PfnBitMap' : [ 0x34d8, ['_RTL_BITMAP']],
+    'TraceLogging' : [ 0x34e0, ['pointer', ['_TlgProvider_t']]],
+    'Vs' : [ 0x3500, ['_MI_VISIBLE_STATE']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x10, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x8, ['unsigned long']],
+    'Inserted' : [ 0xc, ['unsigned char']],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0xc, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x4, ['_PPM_SELECTION_MENU']],
+} ],
+  '__unnamed_2163' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2165' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2163']],
+} ],
+  '__unnamed_2167' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_2165']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2167']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0x840, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x48, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x50, ['pointer', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x54, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x70, ['unsigned long']],
+    'SizeOfPagedPoolInPages' : [ 0x74, ['unsigned long']],
+    'SystemPteInfo' : [ 0x78, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0xac, ['unsigned long']],
+    'BootCommit' : [ 0xb0, ['unsigned long']],
+    'MdlPagesAllocated' : [ 0xb4, ['unsigned long']],
+    'SystemPageTableCommit' : [ 0xb8, ['unsigned long']],
+    'SpecialPagesInUse' : [ 0xbc, ['unsigned long']],
+    'WsOverheadPages' : [ 0xc0, ['unsigned long']],
+    'VadBitmapPages' : [ 0xc4, ['unsigned long']],
+    'ProcessCommit' : [ 0xc8, ['unsigned long']],
+    'SharedCommit' : [ 0xcc, ['unsigned long']],
+    'DriverCommit' : [ 0xd0, ['long']],
+    'SystemWs' : [ 0x100, ['array', 3, ['_MMSUPPORT']]],
+    'MapCacheFailures' : [ 0x28c, ['unsigned long']],
+    'LastUnloadedDriver' : [ 0x290, ['unsigned long']],
+    'UnloadedDrivers' : [ 0x294, ['pointer', ['_UNLOADED_DRIVERS']]],
+    'PagefileHashPages' : [ 0x298, ['unsigned long']],
+    'PteHeader' : [ 0x29c, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x328, ['pointer', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x32c, ['array', 15, ['unsigned long']]],
+    'SystemVaType' : [ 0x368, ['array', 1024, ['unsigned char']]],
+    'SystemVaTypeCountFailures' : [ 0x768, ['array', 15, ['unsigned long']]],
+    'SystemVaTypeCountLimit' : [ 0x7a4, ['array', 15, ['unsigned long']]],
+    'SystemVaTypeCountPeak' : [ 0x7e0, ['array', 15, ['unsigned long']]],
+    'SystemAvailableVa' : [ 0x81c, ['unsigned long']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_HMAP_TABLE' : [ 0x2800, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '_SEP_LOWBOX_HANDLES_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'HandleCount' : [ 0x14, ['unsigned long']],
+    'Handles' : [ 0x18, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x50, {
+    'Prcb' : [ 0x0, ['pointer', ['_KPRCB']]],
+    'PerfContext' : [ 0x4, ['unsigned long']],
+    'ProcCap' : [ 0x8, ['unsigned long']],
+    'ProcFloor' : [ 0xc, ['unsigned long']],
+    'PlatformCap' : [ 0x10, ['unsigned long']],
+    'ThermalCap' : [ 0x14, ['unsigned long']],
+    'LimitReasons' : [ 0x18, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x20, ['unsigned long long']],
+    'TargetPercent' : [ 0x28, ['unsigned long']],
+    'SelectedPercent' : [ 0x2c, ['unsigned long']],
+    'SelectedFrequency' : [ 0x30, ['unsigned long']],
+    'PreviousFrequency' : [ 0x34, ['unsigned long']],
+    'PreviousPercent' : [ 0x38, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x3c, ['unsigned long']],
+    'SelectedState' : [ 0x40, ['unsigned long long']],
+    'Force' : [ 0x48, ['unsigned char']],
+} ],
+  '__unnamed_2186' : [ 0x10, {
+    'CallerCompletion' : [ 0x0, ['pointer', ['void']]],
+    'CallerContext' : [ 0x4, ['pointer', ['void']]],
+    'CallerDevice' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0xc, ['unsigned char']],
+} ],
+  '__unnamed_2189' : [ 0x8, {
+    'NotifyDevice' : [ 0x0, ['pointer', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x4, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x18, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x20, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'MinorFunction' : [ 0x68, ['unsigned char']],
+    'PowerStateType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0x70, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0x74, ['unsigned char']],
+    'FxDevice' : [ 0x78, ['pointer', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0x7c, ['unsigned char']],
+    'NotifyPEP' : [ 0x7d, ['unsigned char']],
+    'Device' : [ 0x80, ['__unnamed_2186']],
+    'System' : [ 0x80, ['__unnamed_2189']],
+} ],
+  '_MI_ERROR_STATE' : [ 0x98, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'ProbeRaises' : [ 0x28, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x64, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x6c, ['array', 2, ['unsigned long']]],
+    'WsLinear' : [ 0x74, ['unsigned long']],
+    'PageHashErrors' : [ 0x78, ['unsigned long']],
+    'CheckZeroCount' : [ 0x7c, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x80, ['long']],
+    'BadPagesDetected' : [ 0x84, ['long']],
+    'ScrubPasses' : [ 0x88, ['long']],
+    'ScrubBadPagesFound' : [ 0x8c, ['long']],
+    'PendingBadPages' : [ 0x90, ['unsigned char']],
+    'InitFailure' : [ 0x91, ['unsigned char']],
+    'StopBadMaps' : [ 0x92, ['unsigned char']],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_MI_USER_VA_INFO' : [ 0xd20, {
+    'NumberOfCommittedPageTables' : [ 0x0, ['unsigned long']],
+    'VadBitMapHint' : [ 0x4, ['unsigned long']],
+    'LastAllocationSizeHint' : [ 0x8, ['unsigned long']],
+    'LastAllocationSize' : [ 0xc, ['unsigned long']],
+    'LowestBottomUpVadBit' : [ 0x10, ['unsigned long']],
+    'VadBitMapSize' : [ 0x14, ['unsigned long']],
+    'VadBitMapCommitment' : [ 0x18, ['unsigned long']],
+    'MaximumLastVadBit' : [ 0x1c, ['unsigned long']],
+    'VadsBeingDeleted' : [ 0x20, ['long']],
+    'PhysicalMappingCount' : [ 0x24, ['unsigned long']],
+    'LastVadDeletionEvent' : [ 0x28, ['pointer', ['_KEVENT']]],
+    'VadBitBuffer' : [ 0x2c, ['pointer', ['unsigned long']]],
+    'LowestBottomUpAllocationAddress' : [ 0x30, ['pointer', ['void']]],
+    'HighestTopDownAllocationAddress' : [ 0x34, ['pointer', ['void']]],
+    'FreeTebHint' : [ 0x38, ['pointer', ['void']]],
+    'NumaAware' : [ 0x3c, ['unsigned char']],
+    'SpareFlags' : [ 0x3d, ['array', 2, ['unsigned char']]],
+    'CheckingShadow' : [ 0x3f, ['unsigned char']],
+    'CloneNestingLevel' : [ 0x40, ['unsigned long long']],
+    'PrivateFixupVadCount' : [ 0x48, ['unsigned long']],
+    'CfgBitMap' : [ 0x4c, ['array', 1, ['_MI_CFG_BITMAP_INFO']]],
+    'CommittedPageTableBufferForTopLevel' : [ 0x58, ['array', 48, ['unsigned long']]],
+    'CommittedPageTableBitmaps' : [ 0x118, ['array', 1, ['_RTL_BITMAP']]],
+    'UsedPageTableEntries' : [ 0x120, ['array', 1536, ['unsigned short']]],
+} ],
+  '_PROC_FEEDBACK' : [ 0x88, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x20, ['unsigned long long']],
+    'UnscaledTime' : [ 0x28, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x30, ['long long']],
+    'ScaledTime' : [ 0x38, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x48, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x50, ['unsigned long long']],
+    'UserTimeLast' : [ 0x58, ['unsigned long']],
+    'KernelTimeLast' : [ 0x5c, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x60, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x68, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x80, ['unsigned char']],
+} ],
+  '__unnamed_21a3' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_21a7' : [ 0x14, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_21a9' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_21ab' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_21ad' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_21af' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_21b1' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_21b3' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_21b5' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_21b7' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_21b9' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_21bb' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_21a3']],
+    'Memory' : [ 0x0, ['__unnamed_21a3']],
+    'Interrupt' : [ 0x0, ['__unnamed_21a7']],
+    'Dma' : [ 0x0, ['__unnamed_21a9']],
+    'DmaV3' : [ 0x0, ['__unnamed_21ab']],
+    'Generic' : [ 0x0, ['__unnamed_21a3']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_21ad']],
+    'BusNumber' : [ 0x0, ['__unnamed_21af']],
+    'ConfigData' : [ 0x0, ['__unnamed_21b1']],
+    'Memory40' : [ 0x0, ['__unnamed_21b3']],
+    'Memory48' : [ 0x0, ['__unnamed_21b5']],
+    'Memory64' : [ 0x0, ['__unnamed_21b7']],
+    'Connection' : [ 0x0, ['__unnamed_21b9']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_21bb']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x2b8, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+    'State' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+    'Removing' : [ 0x22, ['unsigned char']],
+    'Mode' : [ 0x23, ['unsigned char']],
+    'PendingMode' : [ 0x24, ['unsigned char']],
+    'ActivePoint' : [ 0x25, ['unsigned char']],
+    'PendingActivePoint' : [ 0x26, ['unsigned char']],
+    'Critical' : [ 0x27, ['unsigned char']],
+    'ThermalStandby' : [ 0x28, ['unsigned char']],
+    'OverThrottled' : [ 0x29, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x2c, ['long']],
+    'Throttle' : [ 0x30, ['long']],
+    'PendingThrottle' : [ 0x34, ['long']],
+    'ThrottleReasons' : [ 0x38, ['unsigned long']],
+    'LastTime' : [ 0x40, ['unsigned long long']],
+    'SampleRate' : [ 0x48, ['unsigned long']],
+    'LastTemp' : [ 0x4c, ['unsigned long']],
+    'PassiveTimer' : [ 0x50, ['_KTIMER']],
+    'PassiveDpc' : [ 0x78, ['_KDPC']],
+    'Info' : [ 0x98, ['_THERMAL_INFORMATION_EX']],
+    'InfoLastUpdateTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'Policy' : [ 0xf8, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0x110, ['unsigned char']],
+    'LastActiveStartTime' : [ 0x118, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x120, ['unsigned long long']],
+    'WorkItem' : [ 0x128, ['_WORK_QUEUE_ITEM']],
+    'Lock' : [ 0x138, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x140, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x150, ['_KEVENT']],
+    'InstanceId' : [ 0x160, ['unsigned long']],
+    'TelemetryTracker' : [ 0x168, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0xc, {
+    'NextPage' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'VerifierEntry' : [ 0x4, ['pointer', ['void']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_REBUILD_LARGE_PAGES' : [ 0x34, {
+    'Active' : [ 0x0, ['long']],
+    'Timer' : [ 0x4, ['array', 16, ['array', 1, ['_MI_REBUILD_LARGE_PAGE_COUNTDOWN']]]],
+    'WorkItem' : [ 0x24, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0x80, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0xc, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x2c, ['unsigned long']],
+    'TraceDb' : [ 0x30, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_HHIVE' : [ 0x6f0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x4, ['pointer', ['void']]],
+    'ReleaseCellRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Allocate' : [ 0xc, ['pointer', ['void']]],
+    'Free' : [ 0x10, ['pointer', ['void']]],
+    'FileWrite' : [ 0x14, ['pointer', ['void']]],
+    'FileRead' : [ 0x18, ['pointer', ['void']]],
+    'HiveLoadFailure' : [ 0x1c, ['pointer', ['void']]],
+    'BaseBlock' : [ 0x20, ['pointer', ['_HBASE_BLOCK']]],
+    'DirtyVector' : [ 0x24, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x2c, ['unsigned long']],
+    'DirtyAlloc' : [ 0x30, ['unsigned long']],
+    'UnreconciledVector' : [ 0x34, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x3c, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x40, ['unsigned long']],
+    'Cluster' : [ 0x44, ['unsigned long']],
+    'Flat' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SystemCacheBacked' : [ 0x48, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x49, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x4c, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x50, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x54, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x58, ['unsigned long']],
+    'HiveFlags' : [ 0x5c, ['unsigned long']],
+    'CurrentLog' : [ 0x60, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x64, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x68, ['unsigned long']],
+    'CurrentLogOffset' : [ 0x6c, ['unsigned long']],
+    'MinimumLogSequence' : [ 0x70, ['unsigned long']],
+    'LogFileSizeCap' : [ 0x74, ['unsigned long']],
+    'LogDataPresent' : [ 0x78, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0x7a, ['unsigned char']],
+    'BaseBlockDirty' : [ 0x7b, ['unsigned char']],
+    'LastLogSwapTime' : [ 0x80, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0x88, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0x88, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0x88, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0x88, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0x8a, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0x8c, ['unsigned long']],
+    'StorageTypeCount' : [ 0x90, ['unsigned long']],
+    'Version' : [ 0x94, ['unsigned long']],
+    'ViewMap' : [ 0x98, ['_HVIEW_MAP']],
+    'Storage' : [ 0x3b8, ['array', 2, ['_DUAL']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x24, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x4, ['pointer', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x8, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0xc, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x10, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkFilter' : [ 0x14, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'EventIdFilter' : [ 0x18, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x1c, ['pointer', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x20, ['pointer', ['_EVENT_FILTER_HEADER']]],
+} ],
+  '_CM_WORKITEM' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x8, ['unsigned long']],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Parameter' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_CM_TRANS' : [ 0x68, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KtmTrans' : [ 0x18, ['pointer', ['void']]],
+    'CmRm' : [ 0x1c, ['pointer', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x20, ['pointer', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x24, ['pointer', ['void']]],
+    'KtmUow' : [ 0x28, ['_GUID']],
+    'StartLsn' : [ 0x38, ['unsigned long long']],
+    'TransState' : [ 0x40, ['unsigned long']],
+    'HiveCount' : [ 0x44, ['unsigned long']],
+    'HiveArray' : [ 0x48, ['array', 7, ['pointer', ['_CMHIVE']]]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'Stamp' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x150, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 20, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb0, ['array', 20, ['unsigned long long']]],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x2c, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ProbeMode' : [ 0x8, ['unsigned char']],
+    'PagedPoolCharge' : [ 0xc, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x10, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x14, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x18, ['pointer', ['void']]],
+    'SecurityQos' : [ 0x1c, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x20, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_HVIEW_MAP' : [ 0x320, {
+    'MappedLength' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'Directory' : [ 0xc, ['pointer', ['_HVIEW_MAP_DIRECTORY']]],
+    'PagesCharged' : [ 0x10, ['unsigned long']],
+    'PinLog' : [ 0x18, ['_HVIEW_MAP_PIN_LOG']],
+} ],
+  '_POOL_HACKER' : [ 0x28, {
+    'Header' : [ 0x0, ['_POOL_HEADER']],
+    'Contents' : [ 0x8, ['array', 8, ['unsigned long']]],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_HVIEW_MAP_DIRECTORY' : [ 0x200, {
+    'Tables' : [ 0x0, ['array', 128, ['pointer', ['_HVIEW_MAP_TABLE']]]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x8, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x4, ['array', 1, ['pointer', ['void']]]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0xc, {
+    'DataSectionObject' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['void']]],
+    'ImageSectionObject' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_VF_BTS_DATA_MANAGEMENT_AREA' : [ 0x34, {
+    'BTSBufferBase' : [ 0x0, ['pointer', ['void']]],
+    'BTSIndex' : [ 0x4, ['pointer', ['void']]],
+    'BTSMax' : [ 0x8, ['pointer', ['void']]],
+    'BTSInterruptThreshold' : [ 0xc, ['pointer', ['void']]],
+    'PEBSBufferBase' : [ 0x10, ['pointer', ['void']]],
+    'PEBSIndex' : [ 0x14, ['pointer', ['void']]],
+    'PEBSMax' : [ 0x18, ['pointer', ['void']]],
+    'PEBSInterruptThreshold' : [ 0x1c, ['pointer', ['void']]],
+    'PEBSCounterReset' : [ 0x20, ['array', 2, ['pointer', ['void']]]],
+    'Reserved' : [ 0x28, ['array', 12, ['unsigned char']]],
+} ],
+  '_FLOATING_SAVE_AREA' : [ 0x70, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+    'Spare0' : [ 0x6c, ['unsigned long']],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '__unnamed_223b' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_223d' : [ 0x10, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_223b']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x1c, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'u1' : [ 0x8, ['__unnamed_223d']],
+    'VerifiedData' : [ 0x18, ['pointer', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_RTL_BITMAP' : [ 0x8, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '__unnamed_2248' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_224a' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_224c' : [ 0x8, {
+    'NotificationStructure' : [ 0x0, ['pointer', ['void']]],
+    'DeviceId' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_224e' : [ 0x4, {
+    'Notification' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_2250' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2252' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2254' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2256' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2258' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_225a' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_2248']],
+    'TargetDevice' : [ 0x0, ['__unnamed_224a']],
+    'InstallDevice' : [ 0x0, ['__unnamed_224a']],
+    'CustomNotification' : [ 0x0, ['__unnamed_224c']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_224e']],
+    'PowerNotification' : [ 0x0, ['__unnamed_2250']],
+    'VetoNotification' : [ 0x0, ['__unnamed_2252']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_2254']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_2256']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_2258']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_224a']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_224a']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x44, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalSize' : [ 0x1c, ['unsigned long']],
+    'DeviceObject' : [ 0x20, ['pointer', ['void']]],
+    'u' : [ 0x24, ['__unnamed_225a']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x8, ['unsigned long']],
+    'Unloads' : [ 0xc, ['unsigned long']],
+    'BaseName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x88, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x8, ['array', 32, ['unsigned long']]],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Reserved2' : [ 0x14, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer', ['void']]],
+    'Reserved3' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x50, {
+    'Context' : [ 0x0, ['pointer', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x44, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x4c, ['unsigned long']],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 8, ['_M128A']]],
+    'Reserved4' : [ 0x120, ['array', 224, ['unsigned char']]],
+} ],
+  '__unnamed_2275' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_2275']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'BusExtension' : [ 0x4, ['pointer', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['unsigned long']],
+    'RealKcb' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x14, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Busy' : [ 0x10, ['unsigned char']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0x80, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NodeGraph' : [ 0x4, ['pointer', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x8, ['pointer', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaLastRangeIndex' : [ 0xc, ['unsigned long']],
+    'NumaMemoryRanges' : [ 0x10, ['pointer', ['_HAL_NODE_RANGE']]],
+    'NumaTableCaptured' : [ 0x14, ['unsigned char']],
+    'NodeShift' : [ 0x15, ['unsigned char']],
+    'ChannelMemoryRanges' : [ 0x18, ['pointer', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'ChannelShift' : [ 0x1c, ['unsigned char']],
+    'SecondLevelCacheSize' : [ 0x20, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x24, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x28, ['unsigned long']],
+    'WriteCombiningPtes' : [ 0x2c, ['unsigned char']],
+    'AllMainMemoryMustBeCached' : [ 0x2d, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x30, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x34, ['unsigned long']],
+    'SecondaryColors' : [ 0x38, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x3c, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x40, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x44, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x48, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x4c, ['unsigned long']],
+    'AttributeChangeRequiresReZero' : [ 0x50, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x58, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'HighestPossiblePhysicalPage' : [ 0x78, ['unsigned long']],
+    'GlobalBitPolarity' : [ 0x7c, ['array', 2, ['unsigned char']]],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned char']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer', ['void']]],
+    'OpenProcedure' : [ 0x34, ['pointer', ['void']]],
+    'CloseProcedure' : [ 0x38, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x3c, ['pointer', ['void']]],
+    'ParseProcedure' : [ 0x40, ['pointer', ['void']]],
+    'SecurityProcedure' : [ 0x44, ['pointer', ['void']]],
+    'QueryNameProcedure' : [ 0x48, ['pointer', ['void']]],
+    'OkayToCloseProcedure' : [ 0x4c, ['pointer', ['void']]],
+    'WaitObjectFlagMask' : [ 0x50, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x54, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x56, ['unsigned short']],
+} ],
+  '__unnamed_22b9' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_22bb' : [ 0x4, {
+    'NumberOfChildViews' : [ 0x0, ['unsigned long']],
+} ],
+  '_SUBSECTION' : [ 0x28, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'FileExtents' : [ 0xc, ['pointer', ['_MI_FILE_EXTENTS']]],
+    'GlobalPerSessionHead' : [ 0xc, ['_RTL_AVL_TREE']],
+    'SessionDriverProtos' : [ 0xc, ['pointer', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x10, ['__unnamed_22b9']],
+    'StartingSector' : [ 0x14, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x18, ['unsigned long']],
+    'PtesInSubsection' : [ 0x1c, ['unsigned long']],
+    'u1' : [ 0x20, ['__unnamed_22bb']],
+    'UnusedPtes' : [ 0x24, ['unsigned long']],
+    'AlignmentNoAccessPtes' : [ 0x24, ['unsigned long']],
+} ],
+  '__unnamed_22c0' : [ 0x4, {
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_22c0']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x8, {
+    'NextExtension' : [ 0x0, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x8, {
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x1540, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long']],
+    'SystemVaBias' : [ 0x4, ['unsigned long']],
+    'SystemAvailableVaLow' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+    'HyperSpaceEnd' : [ 0x10, ['pointer', ['void']]],
+    'HyperSpaceEndPte' : [ 0x14, ['pointer', ['_MMPTE']]],
+    'SystemRangeStart' : [ 0x18, ['pointer', ['void']]],
+    'SystemCachePdeCount' : [ 0x1c, ['array', 1024, ['unsigned char']]],
+    'SystemCacheReverseMaps' : [ 0x41c, ['array', 1024, ['pointer', ['void']]]],
+    'VaRegionShadowed' : [ 0x141c, ['array', 32, ['unsigned long']]],
+    'WorkingSetListHashStart' : [ 0x149c, ['pointer', ['_MMWSLE_HASH']]],
+    'WorkingSetListHashEnd' : [ 0x14a0, ['pointer', ['_MMWSLE_HASH']]],
+    'WorkingSetListIndirectHashStart' : [ 0x14a4, ['pointer', ['_MMWSLE_NONDIRECT_HASH']]],
+    'FreeSystemCacheVa' : [ 0x14a8, ['_KEVENT']],
+    'SystemVaLock' : [ 0x14b8, ['unsigned long']],
+    'DeleteKvaLock' : [ 0x14bc, ['long']],
+    'FreeSystemCache' : [ 0x14c0, ['_MI_PTE_CHAIN_HEAD']],
+    'SystemCacheViewLock' : [ 0x14d8, ['unsigned long']],
+    'UnusableWsles' : [ 0x14dc, ['array', 5, ['unsigned long']]],
+    'PossibleWsles' : [ 0x14f0, ['array', 5, ['unsigned long']]],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0xc, {
+    'DirtyPages' : [ 0x0, ['unsigned long']],
+    'DirtyPagesLastScan' : [ 0x4, ['unsigned long']],
+    'DirtyPagesScheduledLastScan' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x10, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'StackLimit' : [ 0x4, ['unsigned long']],
+    'KernelStack' : [ 0x8, ['unsigned long']],
+    'InitialStack' : [ 0xc, ['unsigned long']],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x90, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x8, ['unsigned long']],
+    'InDebugger' : [ 0xc, ['long']],
+    'Pfns' : [ 0x10, ['array', 32, ['pointer', ['void']]]],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x80, {
+    'ColorSeed' : [ 0x0, ['unsigned long']],
+    'CloneDereferenceEvent' : [ 0x4, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x18, ['_SLIST_HEADER']],
+    'SystemDllBase' : [ 0x20, ['pointer', ['void']]],
+    'RotatingUniprocessorNumber' : [ 0x24, ['long']],
+    'CriticalSectionTimeout' : [ 0x28, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x30, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x38, ['pointer', ['_MMPTE']]],
+    'PaeGroups' : [ 0x3c, ['unsigned long']],
+    'ShadowedSystemwidePage' : [ 0x40, ['unsigned long']],
+    'ShadowedSystemwidePageVa' : [ 0x44, ['pointer', ['_MMPTE']]],
+    'FreePaeEntries' : [ 0x48, ['unsigned long']],
+    'FirstFreePae' : [ 0x50, ['_PAE_ENTRY']],
+    'AllocatedPaePages' : [ 0x70, ['long']],
+    'PaeLock' : [ 0x74, ['unsigned long']],
+    'PaeEntrySList' : [ 0x78, ['_SLIST_HEADER']],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x24, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x28, ['unsigned long']],
+    'Alternatives' : [ 0x2c, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x30, ['unsigned short']],
+    'RangeAttributes' : [ 0x32, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x33, ['unsigned char']],
+    'WorkSpace' : [ 0x34, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_MMWSLENTRY' : [ 0x4, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Hashed' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Direct' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 9, native_type='unsigned long')]],
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'VirtualPageNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_COUNTDOWN' : [ 0x2, {
+    'SecondsLeft' : [ 0x0, ['unsigned char']],
+    'SecondsAssigned' : [ 0x1, ['unsigned char']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x4, ['unsigned long']],
+    'RequestPacket' : [ 0x8, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x18, ['pointer', ['long']]],
+    'NodeTargetCount' : [ 0x1c, ['long']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x8, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_VPB' : [ 0x58, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'VolumeLabel' : [ 0x18, ['array', 32, ['wchar']]],
+} ],
+  '_MI_SESSION_STATE' : [ 0x1038, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'CodePageEdited' : [ 0x14, ['unsigned char']],
+    'VaReferenceCount' : [ 0x18, ['array', 1024, ['long']]],
+    'DynamicPtesBitBuffer' : [ 0x1018, ['pointer', ['unsigned long']]],
+    'IdLock' : [ 0x101c, ['_EX_PUSH_LOCK']],
+    'DetachTimeStamp' : [ 0x1020, ['unsigned long']],
+    'LeaderProcess' : [ 0x1024, ['pointer', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x1028, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x102c, ['pointer', ['_MMWSL']]],
+    'WsHashStart' : [ 0x1030, ['pointer', ['_MMWSLE_HASH']]],
+    'WsHashEnd' : [ 0x1034, ['pointer', ['_MMWSLE_HASH']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '_MMSESSION' : [ 0x14, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x4, ['pointer', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0xc, ['unsigned long']],
+    'BitmapFailures' : [ 0x10, ['unsigned long']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x10, {
+    'ClientToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x8, ['pointer', ['void']]],
+    'ProcessAuditId' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x4, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_KiIoAccessMap' : [ 0x2024, {
+    'DirectionMap' : [ 0x0, ['array', 32, ['unsigned char']]],
+    'IoMap' : [ 0x20, ['array', 8196, ['unsigned char']]],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x40, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0xc, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x1c, ['unsigned long']],
+    'AccessBufferList' : [ 0x20, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x28, ['long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x30, ['long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Entry' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_2342' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0xe8, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2342']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+    'ParentPartition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'NodeInformation' : [ 0x18, ['pointer', ['_MI_NODE_INFORMATION']]],
+    'MdlPhysicalMemoryBlock' : [ 0x1c, ['pointer', ['_MDL']]],
+    'MemoryNodeRuns' : [ 0x20, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'Stats' : [ 0x24, ['_MI_PARTITION_STATISTICS']],
+    'MemoryRuns' : [ 0x74, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x78, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x88, ['array', 5, ['pointer', ['void']]]],
+    'PartitionObject' : [ 0x9c, ['pointer', ['void']]],
+    'PartitionObjectHandle' : [ 0xa0, ['pointer', ['void']]],
+    'DynamicMemoryPushLock' : [ 0xa4, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0xa8, ['long']],
+    'TemporaryMemoryEvent' : [ 0xac, ['_KEVENT']],
+    'MemoryEvents' : [ 0xbc, ['array', 11, ['pointer', ['_KEVENT']]]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x1b0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x38, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0x70, ['unsigned long']],
+    'NumberOfMappedMdlsInUse' : [ 0x74, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0x78, ['unsigned long']],
+    'MappedFileHeader' : [ 0x7c, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0x94, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0x95, ['unsigned char']],
+    'TransitionInserted' : [ 0x96, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0x98, ['long']],
+    'LastMappedWriteError' : [ 0x9c, ['long']],
+    'MappedFileWriteSucceeded' : [ 0xa0, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0xa4, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xa8, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0xac, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0xbc, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0xc0, ['unsigned long']],
+    'ModifiedPageWriterEvent' : [ 0xc4, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0xd4, ['long']],
+    'WriteAllMappedPages' : [ 0xd8, ['long']],
+    'MappedPageWriterEvent' : [ 0xdc, ['_KEVENT']],
+    'ModWriteData' : [ 0xf0, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x120, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x130, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x148, ['pointer', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x14c, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x150, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x160, ['unsigned long']],
+    'ClusterWritesDisabled' : [ 0x164, ['array', 2, ['long']]],
+    'DelayMappedWrite' : [ 0x16c, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x170, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x174, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x178, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x188, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x190, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x1a0, ['long']],
+    'WorkingSetSwapLock' : [ 0x1a4, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x1a8, ['long']],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_KPRIQUEUE' : [ 0x19c, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x110, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x190, ['unsigned long']],
+    'ThreadListHead' : [ 0x194, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_235c' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x68, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long']]],
+    'LargePages' : [ 0x8, ['array', 2, ['array', 2, ['array', 1, ['_LIST_ENTRY']]]]],
+    'LargePagesCount' : [ 0x28, ['array', 2, ['array', 2, ['array', 1, ['unsigned long']]]]],
+    'FreeCount' : [ 0x38, ['array', 2, ['unsigned long']]],
+    'TotalPages' : [ 0x40, ['array', 1, ['unsigned long']]],
+    'TotalPagesEntireNode' : [ 0x44, ['unsigned long']],
+    'MmShiftedColor' : [ 0x48, ['unsigned long']],
+    'Color' : [ 0x4c, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x50, ['array', 1, ['array', 2, ['unsigned long']]]],
+    'Flags' : [ 0x58, ['__unnamed_235c']],
+    'NodeLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'ChannelStatus' : [ 0x60, ['unsigned char']],
+    'ChannelOrdering' : [ 0x61, ['array', 1, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x62, ['array', 1, ['unsigned char']]],
+    'PowerAttribute' : [ 0x63, ['array', 1, ['unsigned char']]],
+    'LargePageLock' : [ 0x64, ['unsigned long']],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_WAITING_IRP' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'CompletionRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'Information' : [ 0x18, ['unsigned long']],
+    'BreakAllRH' : [ 0x1c, ['unsigned char']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x4, ['pointer', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x10, {
+    'SharedExportThunks' : [ 0x0, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x4, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x8, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0xc, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x140, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'SchedulingGroupList' : [ 0x28, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x28, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x30, ['pointer', ['_KDPC']]],
+    'ChildList' : [ 0x34, ['_LIST_ENTRY']],
+    'Parent' : [ 0x3c, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x40, ['array', 1, ['_KSCB']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x18, {
+    'SourceProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x4, ['pointer', ['void']]],
+    'Object' : [ 0x8, ['pointer', ['void']]],
+    'TargetAccess' : [ 0xc, ['unsigned long']],
+    'ObjectInfo' : [ 0x10, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x18, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'Irp' : [ 0xc, ['pointer', ['_IRP']]],
+    'Device' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x14, ['unsigned char']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+} ],
+  '_MI_SECTION_STATE' : [ 0x140, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'SectionObjectPointersLock' : [ 0x40, ['long']],
+    'SectionExtendLock' : [ 0x44, ['_EX_PUSH_LOCK']],
+    'SectionExtendSetLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'SectionBasedRoot' : [ 0x4c, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x50, ['_EX_PUSH_LOCK']],
+    'UnusedSubsectionPagedPool' : [ 0x54, ['unsigned long']],
+    'UnusedSegmentForceFree' : [ 0x58, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x5c, ['unsigned long']],
+    'HighSectionBase' : [ 0x60, ['pointer', ['void']]],
+    'PhysicalSubsection' : [ 0x64, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0xa8, ['_CONTROL_AREA']],
+    'PageFileSectionHead' : [ 0xf8, ['_RTL_AVL_TREE']],
+    'PageFileSectionListSpinLock' : [ 0xfc, ['long']],
+    'ImageBias' : [ 0x100, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0x104, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0x108, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0x110, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x114, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0x118, ['unsigned long']],
+    'LostDataFiles' : [ 0x11c, ['unsigned long']],
+    'LostDataPages' : [ 0x120, ['unsigned long']],
+    'ImageFailureReason' : [ 0x124, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x128, ['pointer', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x12c, ['pointer', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x130, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x134, ['long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_2393' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2395' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2397' : [ 0xc, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2399' : [ 0xc, {
+    'Raw' : [ 0x0, ['__unnamed_2397']],
+    'Translated' : [ 0x0, ['__unnamed_2395']],
+} ],
+  '__unnamed_239b' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_239d' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_239f' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23a1' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23a3' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23a5' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23a7' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_23a9' : [ 0xc, {
+    'Generic' : [ 0x0, ['__unnamed_2393']],
+    'Port' : [ 0x0, ['__unnamed_2393']],
+    'Interrupt' : [ 0x0, ['__unnamed_2395']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2399']],
+    'Memory' : [ 0x0, ['__unnamed_2393']],
+    'Dma' : [ 0x0, ['__unnamed_239b']],
+    'DmaV3' : [ 0x0, ['__unnamed_239d']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_21ad']],
+    'BusNumber' : [ 0x0, ['__unnamed_239f']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_23a1']],
+    'Memory40' : [ 0x0, ['__unnamed_23a3']],
+    'Memory48' : [ 0x0, ['__unnamed_23a5']],
+    'Memory64' : [ 0x0, ['__unnamed_23a7']],
+    'Connection' : [ 0x0, ['__unnamed_21b9']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_23a9']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_23b1' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_23b1']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_UNLOADED_DRIVERS' : [ 0x18, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'StartAddress' : [ 0x8, ['pointer', ['void']]],
+    'EndAddress' : [ 0xc, ['pointer', ['void']]],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x4, {
+    'ReserveDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x1c, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x4, ['_RTL_BITMAP']],
+    'FirstPteForPagedPool' : [ 0xc, ['pointer', ['_MMPTE']]],
+    'MaximumSize' : [ 0x10, ['unsigned long']],
+    'PagedPoolHint' : [ 0x14, ['unsigned long']],
+    'AllocatedPagedPool' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_23bf' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x54, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x4, ['__unnamed_23bf']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x10, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0xc, ['pointer', ['unsigned long']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PAE_ENTRY' : [ 0x20, {
+    'PteEntry' : [ 0x0, ['array', 4, ['_MMPTE']]],
+    'PaeEntry' : [ 0x0, ['_PAE_PAGEINFO']],
+    'NextPae' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0xd8, {
+    'Partition' : [ 0x0, ['pointer', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x4, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0xc, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x20, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x24, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x2c, ['unsigned long']],
+    'CombinePageListHeads' : [ 0x30, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0xb0, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x8, {
+    'p' : [ 0x0, ['pointer', ['void']]],
+    'RangeSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_DEVICE' : [ 0x188, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DevNode' : [ 0x1c, ['pointer', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x20, ['pointer', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x24, ['pointer', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x28, ['pointer', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x2c, ['pointer', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x30, ['pointer', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x38, ['pointer', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x3c, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0x58, ['pointer', ['void']]],
+    'AcpiLink' : [ 0x5c, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0x64, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0x6c, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x84, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x9c, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0xb8, ['unsigned long']],
+    'IdleTimer' : [ 0xc0, ['_KTIMER']],
+    'IdleDpc' : [ 0xe8, ['_KDPC']],
+    'IdleTimeout' : [ 0x108, ['unsigned long long']],
+    'IdleStamp' : [ 0x110, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x118, ['array', 2, ['pointer', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x120, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x128, ['array', 2, ['pointer', ['void']]]],
+    'NextIrpCallerContext' : [ 0x130, ['array', 2, ['pointer', ['void']]]],
+    'IrpCompleteEvent' : [ 0x138, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x148, ['pointer', ['void']]],
+    'Accounting' : [ 0x150, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x178, ['unsigned long']],
+    'ComponentCount' : [ 0x17c, ['unsigned long']],
+    'Components' : [ 0x180, ['pointer', ['pointer', ['_POP_FX_COMPONENT']]]],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_23eb' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_23ed' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_23eb']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x44, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x30, ['pointer', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x34, ['_LIST_ENTRY']],
+    'Specific' : [ 0x3c, ['__unnamed_23ed']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x18, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x1c, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ListHead' : [ 0x14, ['_LIST_ENTRY']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long']],
+    'BadPagesDetected' : [ 0x4, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x8, ['long']],
+    'ScrubPasses' : [ 0xc, ['long']],
+    'ScrubBadPagesFound' : [ 0x10, ['long']],
+    'PageHashErrors' : [ 0x14, ['unsigned long']],
+    'FeatureBits' : [ 0x18, ['unsigned long long']],
+    'TimeZoneId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x28, ['pointer', ['void']]],
+    'ExceptionChainTerminator' : [ 0x2c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'ExceptionChainTerminatorRecord' : [ 0x30, ['_EXCEPTION_REGISTRATION_RECORD']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x38, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0xc, ['pointer', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x10, ['pointer', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x14, ['pointer', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x18, ['pointer', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x1c, ['pointer', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x20, ['pointer', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x24, ['pointer', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x28, ['pointer', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x2c, ['pointer', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x30, ['pointer', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_KENLISTMENT' : [ 0x168, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x4, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x18, ['_GUID']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NextSameTx' : [ 0x48, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x50, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x58, ['pointer', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0x5c, ['pointer', ['_KTRANSACTION']]],
+    'State' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0x64, ['unsigned long']],
+    'NotificationMask' : [ 0x68, ['unsigned long']],
+    'Key' : [ 0x6c, ['pointer', ['void']]],
+    'KeyRefCount' : [ 0x70, ['unsigned long']],
+    'RecoveryInformation' : [ 0x74, ['pointer', ['void']]],
+    'RecoveryInformationLength' : [ 0x78, ['unsigned long']],
+    'DynamicNameInformation' : [ 0x7c, ['pointer', ['void']]],
+    'DynamicNameInformationLength' : [ 0x80, ['unsigned long']],
+    'FinalNotification' : [ 0x84, ['pointer', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0x88, ['pointer', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0x8c, ['pointer', ['void']]],
+    'SubordinateTxHandle' : [ 0x90, ['pointer', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x94, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0xa4, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0xb4, ['_GUID']],
+    'NextHistory' : [ 0xc4, ['unsigned long']],
+    'History' : [ 0xc8, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ArbiterHandler' : [ 0x10, ['pointer', ['void']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_DELAY_ACK_FO' : [ 0xc, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x4, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x28, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long']],
+    'TrimInProgressCount' : [ 0x4, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x8, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x18, ['array', 3, ['unsigned long']]],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SpareUlong' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATISTICS' : [ 0x50, {
+    'DeleteYield' : [ 0x0, ['unsigned long']],
+    'DeleteBad' : [ 0x4, ['unsigned long']],
+    'DeleteTrulyBad' : [ 0x8, ['unsigned long']],
+    'DeleteLargePage' : [ 0xc, ['unsigned long']],
+    'DeleteLargePageRetry' : [ 0x10, ['unsigned long']],
+    'DeleteZeroFree' : [ 0x14, ['unsigned long']],
+    'DeleteTransition' : [ 0x18, ['unsigned long']],
+    'DeleteStandbyReferenced' : [ 0x1c, ['unsigned long']],
+    'DeleteStandbyRelinkFailed' : [ 0x20, ['unsigned long']],
+    'DeleteStandbySharedPagefile' : [ 0x24, ['unsigned long']],
+    'DeleteStandbySharedFile' : [ 0x28, ['unsigned long']],
+    'DeleteModifiedReferenced' : [ 0x2c, ['unsigned long']],
+    'DeleteModified' : [ 0x30, ['unsigned long']],
+    'DeleteModifiedNoWrite' : [ 0x34, ['unsigned long']],
+    'DeleteModifiedSharedPagefile' : [ 0x38, ['unsigned long']],
+    'DeleteModifiedSharedFile' : [ 0x3c, ['unsigned long']],
+    'DeleteActiveSharedPagefile1' : [ 0x40, ['unsigned long']],
+    'DeleteActiveSharedPagefile2' : [ 0x44, ['unsigned long']],
+    'DeleteActiveSharedFile' : [ 0x48, ['unsigned long']],
+    'DeleteWriteDelay' : [ 0x4c, ['unsigned long']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_RESAVAIL_TRACKER' : [ 0x200, {
+    'AllocateKernelStack' : [ 0x0, ['unsigned long']],
+    'AllocateGrowKernelStack' : [ 0x4, ['unsigned long']],
+    'FreeKernelStack' : [ 0x8, ['unsigned long']],
+    'FreeKernelStackError' : [ 0xc, ['unsigned long']],
+    'FreeGrowKernelStackError' : [ 0x10, ['unsigned long']],
+    'AllocateCreateProcess' : [ 0x14, ['unsigned long']],
+    'FreeCreateProcessError' : [ 0x18, ['unsigned long']],
+    'FreeDeleteProcess' : [ 0x1c, ['unsigned long']],
+    'FreeCleanProcess' : [ 0x20, ['unsigned long']],
+    'FreeCleanProcessError' : [ 0x24, ['unsigned long']],
+    'AllocateAddProcessWsMetaPage' : [ 0x28, ['unsigned long']],
+    'AllocateWsIncrease' : [ 0x2c, ['unsigned long']],
+    'FreeWsIncreaseError' : [ 0x30, ['unsigned long']],
+    'FreeWsIncreaseErrorMax' : [ 0x34, ['unsigned long']],
+    'FreeWsDecrease' : [ 0x38, ['unsigned long']],
+    'AllocateWorkingSetPage' : [ 0x3c, ['unsigned long']],
+    'FreeWorkingSetPageError' : [ 0x40, ['unsigned long']],
+    'FreeDeletePteRange' : [ 0x44, ['unsigned long']],
+    'AllocatePageTablesForProcessMetadata' : [ 0x48, ['unsigned long']],
+    'FreePageTablesForProcessMetadataError2' : [ 0x4c, ['unsigned long']],
+    'AllocatePageTablesForSystem' : [ 0x50, ['unsigned long']],
+    'FreePageTablesExcess' : [ 0x54, ['unsigned long']],
+    'FreeSystemVaPageTables' : [ 0x58, ['unsigned long']],
+    'FreeSessionVaPageTables' : [ 0x5c, ['unsigned long']],
+    'AllocateCreateSession' : [ 0x60, ['unsigned long']],
+    'FreeSessionWsDereference' : [ 0x64, ['unsigned long']],
+    'FreeSessionDereference' : [ 0x68, ['unsigned long']],
+    'AllocateLockedSessionImage' : [ 0x6c, ['unsigned long']],
+    'FreeLockedSessionImage' : [ 0x70, ['unsigned long']],
+    'FreeSessionImageConversion' : [ 0x74, ['unsigned long']],
+    'AllocateWsAdjustPageTable' : [ 0x78, ['unsigned long']],
+    'FreeWsAdjustPageTable' : [ 0x7c, ['unsigned long']],
+    'FreeWsAdjustPageTableError' : [ 0x80, ['unsigned long']],
+    'AllocateNoLowMemory' : [ 0x84, ['unsigned long']],
+    'AllocatePagedPoolLockedDown' : [ 0x88, ['unsigned long']],
+    'FreePagedPoolLockedDown' : [ 0x8c, ['unsigned long']],
+    'AllocateSystemBitmaps' : [ 0x90, ['unsigned long']],
+    'FreeSystemBitmapsError' : [ 0x94, ['unsigned long']],
+    'AllocateForMdl' : [ 0x98, ['unsigned long']],
+    'FreeFromMdl' : [ 0x9c, ['unsigned long']],
+    'AllocateForMdlPartition' : [ 0xa0, ['unsigned long']],
+    'FreeFromMdlPartition' : [ 0xa4, ['unsigned long']],
+    'FreeMdlExcess' : [ 0xa8, ['unsigned long']],
+    'AllocateExpansionNonPagedPool' : [ 0xac, ['unsigned long']],
+    'FreeExpansionNonPagedPool' : [ 0xb0, ['unsigned long']],
+    'AllocateVad' : [ 0xb4, ['unsigned long']],
+    'RemoveVad' : [ 0xb8, ['unsigned long']],
+    'FreeVad' : [ 0xbc, ['unsigned long']],
+    'AllocateContiguous' : [ 0xc0, ['unsigned long']],
+    'FreeContiguousPages' : [ 0xc4, ['unsigned long']],
+    'FreeContiguousError' : [ 0xc8, ['unsigned long']],
+    'FreeLargePageMemory' : [ 0xcc, ['unsigned long']],
+    'AllocateSystemWsles' : [ 0xd0, ['unsigned long']],
+    'FreeSystemWsles' : [ 0xd4, ['unsigned long']],
+    'AllocateSystemInitWs' : [ 0xd8, ['unsigned long']],
+    'AllocateSessionInitWs' : [ 0xdc, ['unsigned long']],
+    'FreeSessionInitWsError' : [ 0xe0, ['unsigned long']],
+    'AllocateSystemImage' : [ 0xe4, ['unsigned long']],
+    'AllocateSystemImageLoad' : [ 0xe8, ['unsigned long']],
+    'AllocateSessionSharedImage' : [ 0xec, ['unsigned long']],
+    'FreeSystemImageInitCode' : [ 0xf0, ['unsigned long']],
+    'FreeSystemImageLargePageConversion' : [ 0xf4, ['unsigned long']],
+    'FreeSystemImageError' : [ 0xf8, ['unsigned long']],
+    'FreeSystemImageLoadExcess' : [ 0xfc, ['unsigned long']],
+    'FreeUnloadSystemImage' : [ 0x100, ['unsigned long']],
+    'FreeReloadBootImageLarge' : [ 0x104, ['unsigned long']],
+    'FreeIndependent' : [ 0x108, ['unsigned long']],
+    'AllocateHotAdd' : [ 0x10c, ['unsigned long']],
+    'AllocateHotRemove' : [ 0x110, ['unsigned long']],
+    'FreeHotAdd' : [ 0x114, ['unsigned long']],
+    'FreeHotAddEcc' : [ 0x118, ['unsigned long']],
+    'FreeHotAddError' : [ 0x11c, ['unsigned long']],
+    'FreeHotAddUnmap' : [ 0x120, ['unsigned long']],
+    'AllocateBoot' : [ 0x124, ['unsigned long']],
+    'FreeLoaderBlock' : [ 0x128, ['unsigned long']],
+    'AllocateNonPagedSpecialPool' : [ 0x12c, ['unsigned long']],
+    'FreeNonPagedSpecialPoolError' : [ 0x130, ['unsigned long']],
+    'FreeNonPagedSpecialPool' : [ 0x134, ['unsigned long']],
+    'AllocateSharedSegmentPage' : [ 0x138, ['unsigned long']],
+    'FreeSharedSegmentPage' : [ 0x13c, ['unsigned long']],
+    'AllocateZeroPage' : [ 0x140, ['unsigned long']],
+    'FreeZeroPage' : [ 0x144, ['unsigned long']],
+    'AllocateForPo' : [ 0x148, ['unsigned long']],
+    'AllocateForPoForce' : [ 0x14c, ['unsigned long']],
+    'FreeForPo' : [ 0x150, ['unsigned long']],
+    'AllocateThreadHardFaultBehavior' : [ 0x154, ['unsigned long']],
+    'FreeThreadHardFaultBehavior' : [ 0x158, ['unsigned long']],
+    'ObtainFaultCharges' : [ 0x15c, ['unsigned long']],
+    'FreeFaultCharges' : [ 0x160, ['unsigned long']],
+    'AllocateStoreCharges' : [ 0x164, ['unsigned long']],
+    'FreeStoreCharges' : [ 0x168, ['unsigned long']],
+    'ObtainLockedPageCharge' : [ 0x180, ['unsigned long']],
+    'FreeLockedPageCharge' : [ 0x1c0, ['unsigned long']],
+    'AllocateStore' : [ 0x1c4, ['unsigned long']],
+    'FreeStore' : [ 0x1c8, ['unsigned long']],
+    'AllocateSystemImageProtos' : [ 0x1cc, ['unsigned long']],
+    'FreeSystemImageProtos' : [ 0x1d0, ['unsigned long']],
+    'AllocateModWriterCharge' : [ 0x1d4, ['unsigned long']],
+    'FreeModWriterCharge' : [ 0x1d8, ['unsigned long']],
+    'AllocateMappedWriterCharge' : [ 0x1dc, ['unsigned long']],
+    'FreeMappedWriterCharge' : [ 0x1e0, ['unsigned long']],
+    'AllocateRegistryCharges' : [ 0x1e4, ['unsigned long']],
+    'FreeRegistryCharges' : [ 0x1e8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x18, {
+    'DebugInfo' : [ 0x0, ['pointer', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x4, ['long']],
+    'RecursionCount' : [ 0x8, ['long']],
+    'OwningThread' : [ 0xc, ['pointer', ['void']]],
+    'LockSemaphore' : [ 0x10, ['pointer', ['void']]],
+    'SpinCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'Context' : [ 0xc, ['pointer', ['void']]],
+    'CompletionState' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x14, ['unsigned long']],
+    'Status' : [ 0x18, ['long']],
+    'Information' : [ 0x1c, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x4, ['long']],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x10, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x4, ['unsigned long']],
+    'Run' : [ 0x8, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '__unnamed_2462' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2464' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2466' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2468' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2462']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_2464']],
+    'Raw' : [ 0x0, ['__unnamed_2466']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x28, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'Operation' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0x8, ['__unnamed_2468']],
+    'Stack' : [ 0x10, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x46, ['unsigned char']],
+    'PreviousIrql' : [ 0x47, ['unsigned char']],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0xb0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x8, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x20, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x38, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedPoolLowestPage' : [ 0x68, ['unsigned long']],
+    'NonPagedPoolHighestPage' : [ 0x6c, ['unsigned long']],
+    'AllocatedNonPagedPool' : [ 0x70, ['unsigned long']],
+    'PartialLargePoolRegions' : [ 0x74, ['unsigned long']],
+    'PagesInPartialLargePoolRegions' : [ 0x78, ['unsigned long']],
+    'CachedNonPagedPoolCount' : [ 0x7c, ['unsigned long']],
+    'NonPagedPoolSpinLock' : [ 0x80, ['unsigned long']],
+    'CachedNonPagedPool' : [ 0x84, ['pointer', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x88, ['pointer', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x8c, ['pointer', ['void']]],
+    'NonPagedBitMap' : [ 0x90, ['array', 3, ['_RTL_BITMAP']]],
+    'NonPagedHint' : [ 0xa8, ['array', 2, ['unsigned long']]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x8, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 31, native_type='unsigned long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x0, ['pointer', ['void']]],
+    'SessionState' : [ 0x4, ['pointer', ['void']]],
+    'SessionId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_247a' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x50, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_247a']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'EvictionThread' : [ 0x1c, ['pointer', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x20, ['_KEVENT']],
+    'EvictFlushCompleteEvent' : [ 0x30, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x40, ['_SLIST_HEADER']],
+    'EvictFlushLock' : [ 0x48, ['long']],
+    'ModifiedWriteFailedBitmap' : [ 0x4c, ['pointer', ['_RTL_BITMAP']]],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x28, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x8, ['unsigned long']],
+    'SyncCallback' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'DeviceContext' : [ 0x14, ['pointer', ['void']]],
+    'NumberOfMapRegisters' : [ 0x18, ['unsigned long']],
+    'DeviceObject' : [ 0x1c, ['pointer', ['void']]],
+    'CurrentIrp' : [ 0x20, ['pointer', ['void']]],
+    'BufferChainingDpc' : [ 0x24, ['pointer', ['_KDPC']]],
+} ],
+  '_SECTION_OBJECT' : [ 0x18, {
+    'StartingVa' : [ 0x0, ['pointer', ['void']]],
+    'EndingVa' : [ 0x4, ['pointer', ['void']]],
+    'Parent' : [ 0x8, ['pointer', ['void']]],
+    'LeftChild' : [ 0xc, ['pointer', ['void']]],
+    'RightChild' : [ 0x10, ['pointer', ['void']]],
+    'Segment' : [ 0x14, ['pointer', ['_SEGMENT_OBJECT']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x10, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x4, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'NextHash' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0xc, ['unsigned short']],
+    'Name' : [ 0xe, ['array', 1, ['wchar']]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x48, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ZeroNonCachedByConverting' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ZeroWriteCombinedByConverting' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'KvaShadow' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 23, native_type='unsigned long')]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x30, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x1c, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x20, ['unsigned long']],
+    'Counters' : [ 0x24, ['array', 2, ['unsigned long']]],
+} ],
+  '_KTIMER' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x10, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x20, ['pointer', ['_KDPC']]],
+    'Period' : [ 0x24, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0xc, ['pointer', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x14, ['unsigned long']],
+    'Buckets' : [ 0x18, ['array', 1, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '__unnamed_24bb' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x100, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x34, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x38, ['pointer', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x40, ['unsigned long long']],
+    'SleepTime' : [ 0x48, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x58, ['array', 3, ['__unnamed_24bb']]],
+    'WakeAlarmPaused' : [ 0xa0, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xa8, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xb0, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_HASH' : [ 0x10, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x8, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0xc, ['unsigned long']],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_KAPC_STATE' : [ 0x18, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x10, ['pointer', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x14, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x15, ['unsigned char']],
+    'UserApcPending' : [ 0x16, ['unsigned char']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x8, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x10, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x1c, ['unsigned char']],
+    'DeviceObject' : [ 0x20, ['pointer', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x24, ['pointer', ['unsigned short']]],
+    'DriverName' : [ 0x28, ['pointer', ['unsigned short']]],
+    'ChildCount' : [ 0x2c, ['unsigned long']],
+    'ActiveChild' : [ 0x30, ['unsigned long']],
+    'ParentCount' : [ 0x34, ['unsigned long']],
+    'ActiveParent' : [ 0x38, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x4, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x24, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x10, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3d8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0x98, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x4, {
+    'PageHashes' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0x70, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x4, ['pointer', ['void']]],
+    'FastIoRead' : [ 0x8, ['pointer', ['void']]],
+    'FastIoWrite' : [ 0xc, ['pointer', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x10, ['pointer', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x14, ['pointer', ['void']]],
+    'FastIoLock' : [ 0x18, ['pointer', ['void']]],
+    'FastIoUnlockSingle' : [ 0x1c, ['pointer', ['void']]],
+    'FastIoUnlockAll' : [ 0x20, ['pointer', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x24, ['pointer', ['void']]],
+    'FastIoDeviceControl' : [ 0x28, ['pointer', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x2c, ['pointer', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x30, ['pointer', ['void']]],
+    'FastIoDetachDevice' : [ 0x34, ['pointer', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x38, ['pointer', ['void']]],
+    'AcquireForModWrite' : [ 0x3c, ['pointer', ['void']]],
+    'MdlRead' : [ 0x40, ['pointer', ['void']]],
+    'MdlReadComplete' : [ 0x44, ['pointer', ['void']]],
+    'PrepareMdlWrite' : [ 0x48, ['pointer', ['void']]],
+    'MdlWriteComplete' : [ 0x4c, ['pointer', ['void']]],
+    'FastIoReadCompressed' : [ 0x50, ['pointer', ['void']]],
+    'FastIoWriteCompressed' : [ 0x54, ['pointer', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0x58, ['pointer', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0x5c, ['pointer', ['void']]],
+    'FastIoQueryOpen' : [ 0x60, ['pointer', ['void']]],
+    'ReleaseForModWrite' : [ 0x64, ['pointer', ['void']]],
+    'AcquireForCcFlush' : [ 0x68, ['pointer', ['void']]],
+    'ReleaseForCcFlush' : [ 0x6c, ['pointer', ['void']]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_CELL_REMAP_BLOCK' : [ 0x8, {
+    'OldCell' : [ 0x0, ['unsigned long']],
+    'NewCell' : [ 0x4, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x38, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x8, ['unsigned char']],
+    'ArbiterInterface' : [ 0xc, ['pointer', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x10, ['pointer', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x1c, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x24, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x2c, ['_LIST_ENTRY']],
+    'State' : [ 0x34, ['unsigned char']],
+    'ResourcesChanged' : [ 0x35, ['unsigned char']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Group' : [ 0x8, ['pointer', ['void']]],
+    'Sacl' : [ 0xc, ['pointer', ['_ACL']]],
+    'Dacl' : [ 0x10, ['pointer', ['_ACL']]],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x10, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0xc, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0xc, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0xc, ['_RTL_BITMAP']],
+} ],
+  '_KQUEUE' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x18, ['unsigned long']],
+    'MaximumCount' : [ 0x1c, ['unsigned long']],
+    'ThreadListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x14, {
+    'NextEntry' : [ 0x0, ['pointer', ['void']]],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x2a4, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer', ['void']]],
+    'ConsoleFlags' : [ 0x14, ['unsigned long']],
+    'StandardInput' : [ 0x18, ['pointer', ['void']]],
+    'StandardOutput' : [ 0x1c, ['pointer', ['void']]],
+    'StandardError' : [ 0x20, ['pointer', ['void']]],
+    'CurrentDirectory' : [ 0x24, ['_CURDIR']],
+    'DllPath' : [ 0x30, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x38, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x40, ['_UNICODE_STRING']],
+    'Environment' : [ 0x48, ['pointer', ['void']]],
+    'StartingX' : [ 0x4c, ['unsigned long']],
+    'StartingY' : [ 0x50, ['unsigned long']],
+    'CountX' : [ 0x54, ['unsigned long']],
+    'CountY' : [ 0x58, ['unsigned long']],
+    'CountCharsX' : [ 0x5c, ['unsigned long']],
+    'CountCharsY' : [ 0x60, ['unsigned long']],
+    'FillAttribute' : [ 0x64, ['unsigned long']],
+    'WindowFlags' : [ 0x68, ['unsigned long']],
+    'ShowWindowFlags' : [ 0x6c, ['unsigned long']],
+    'WindowTitle' : [ 0x70, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0x78, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0x80, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0x88, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0x90, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x290, ['unsigned long']],
+    'EnvironmentVersion' : [ 0x294, ['unsigned long']],
+    'PackageDependencyData' : [ 0x298, ['pointer', ['void']]],
+    'ProcessGroupId' : [ 0x29c, ['unsigned long']],
+    'LoaderThreads' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x8, {
+    'BasePage' : [ 0x0, ['unsigned long']],
+    'PageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x14, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x10, ['unsigned char']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x10, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x4, ['pointer', ['void']]],
+    'AcquireForReadAhead' : [ 0x8, ['pointer', ['void']]],
+    'ReleaseFromReadAhead' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_RTL_RANGE' : [ 0x20, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer', ['void']]],
+    'Owner' : [ 0x14, ['pointer', ['void']]],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'Flags' : [ 0x19, ['unsigned char']],
+} ],
+  '_LOCK_HEADER' : [ 0x10, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Lock' : [ 0x8, ['unsigned long']],
+    'Valid' : [ 0xc, ['unsigned long']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_POOL_HEADER' : [ 0x8, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'AllocatorBackTraceIndex' : [ 0x4, ['unsigned short']],
+    'PoolTagHash' : [ 0x6, ['unsigned short']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MSUBSECTION' : [ 0x44, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x28, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x34, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x3c, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x40, ['unsigned long']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x4, {
+    'ImageFileName' : [ 0x0, ['pointer', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x8, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x4, ['unsigned long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x40, {
+    'Address' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0xc, ['array', 13, ['pointer', ['void']]]],
+} ],
+  '__unnamed_2578' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x2000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2578']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x18, ['unsigned long']],
+    'NonPagablePages' : [ 0x1c, ['unsigned long']],
+    'CommittedPages' : [ 0x20, ['unsigned long']],
+    'PagedPoolStart' : [ 0x24, ['pointer', ['void']]],
+    'PagedPoolEnd' : [ 0x28, ['pointer', ['void']]],
+    'SessionObject' : [ 0x2c, ['pointer', ['void']]],
+    'SessionObjectHandle' : [ 0x30, ['pointer', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x34, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x44, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x48, ['unsigned long']],
+    'AttachCount' : [ 0x4c, ['unsigned long']],
+    'AttachGate' : [ 0x50, ['_KGATE']],
+    'WsListEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'Lookaside' : [ 0x80, ['array', 24, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xc80, ['_MMSESSION']],
+    'PagedPoolInfo' : [ 0xc94, ['_MM_PAGED_POOL_INFO']],
+    'Vm' : [ 0xcb0, ['_MMSUPPORT']],
+    'Wsle' : [ 0xd34, ['pointer', ['_MMWSLE']]],
+    'DriverUnload' : [ 0xd38, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'PagedPool' : [ 0xd40, ['_POOL_DESCRIPTOR']],
+    'PageTables' : [ 0x1e80, ['pointer', ['_MMPTE']]],
+    'PagedPoolBitBuffer' : [ 0x1e84, ['array', 32, ['unsigned long']]],
+    'SpecialPool' : [ 0x1f08, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1f50, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x1f54, ['long']],
+    'PagedPoolPdeCount' : [ 0x1f58, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1f5c, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1f60, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1f64, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x1f98, ['pointer', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x1f9c, ['unsigned long']],
+    'PoolTrackBigPages' : [ 0x1fa0, ['pointer', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x1fa4, ['unsigned long']],
+    'IoState' : [ 0x1fa8, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x1fac, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x1fb0, ['_KEVENT']],
+    'ServerSilo' : [ 0x1fc0, ['pointer', ['_ESILO']]],
+    'CreateTime' : [ 0x1fc8, ['unsigned long long']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x38, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x4, ['_LIST_ENTRY']],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x10, ['unsigned long']],
+    'ActualExpansion' : [ 0x14, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'InProgress' : [ 0x28, ['long']],
+    'u' : [ 0x2c, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+    'ActiveEntry' : [ 0x30, ['pointer', ['pointer', ['void']]]],
+    'AttemptForCantExtend' : [ 0x34, ['unsigned char']],
+    'PageFileContract' : [ 0x35, ['unsigned char']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '__unnamed_2589' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_258c' : [ 0x4, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x4c, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x28, ['__unnamed_2589']],
+    'Subsection' : [ 0x2c, ['pointer', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x30, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x34, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x38, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x40, ['pointer', ['_EPROCESS']]],
+    'u4' : [ 0x44, ['__unnamed_258c']],
+    'FileObject' : [ 0x48, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x10, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'SidCount' : [ 0x8, ['unsigned long']],
+    'SidValuesStart' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x30, {
+    'PartitionLock' : [ 0x0, ['unsigned long']],
+    'PartitionIdLock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x8, ['unsigned long long']],
+    'PartitionList' : [ 0x10, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x18, ['pointer', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x1c, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x24, ['array', 1, ['pointer', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x28, ['pointer', ['pointer', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x2c, ['unsigned long']],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_CM_RM' : [ 0x58, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x10, ['pointer', ['void']]],
+    'Tm' : [ 0x14, ['pointer', ['void']]],
+    'RmHandle' : [ 0x18, ['pointer', ['void']]],
+    'KtmRm' : [ 0x1c, ['pointer', ['void']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'ContainerNum' : [ 0x24, ['unsigned long']],
+    'ContainerSize' : [ 0x28, ['unsigned long long']],
+    'CmHive' : [ 0x30, ['pointer', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x34, ['pointer', ['void']]],
+    'MarshallingContext' : [ 0x38, ['pointer', ['void']]],
+    'RmFlags' : [ 0x3c, ['unsigned long']],
+    'LogStartStatus1' : [ 0x40, ['long']],
+    'LogStartStatus2' : [ 0x44, ['long']],
+    'BaseLsn' : [ 0x48, ['unsigned long long']],
+    'RmLock' : [ 0x50, ['pointer', ['_ERESOURCE']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0x50, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x10, ['unsigned char']],
+    'IrpOplocksR' : [ 0x14, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x1c, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x24, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x2c, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x34, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x3c, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x44, ['pointer', ['_GUID']]],
+    'OplockState' : [ 0x48, ['unsigned long']],
+    'FastMutex' : [ 0x4c, ['pointer', ['_FAST_MUTEX']]],
+} ],
+  '_MI_LARGEPAGE_MEMORY_INFO' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ColoredPageInfoBase' : [ 0x8, ['pointer', ['_COLORED_PAGE_INFO']]],
+    'PagesNeedZeroing' : [ 0xc, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x8, {
+    'Process' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'HandleCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x90, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Foreground' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'WindowInformation' : [ 0x68, ['unsigned long']],
+    'PixelArea' : [ 0x6c, ['unsigned long']],
+    'PixelReportTimestamp' : [ 0x70, ['long long']],
+    'PixelTime' : [ 0x78, ['unsigned long long']],
+    'ForegroundReportTimestamp' : [ 0x80, ['long long']],
+    'ForegroundTime' : [ 0x88, ['unsigned long long']],
+} ],
+  '_CLIENT_ID' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['pointer', ['void']]],
+    'UniqueThread' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x49, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x2c, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x4, ['unsigned long']],
+    'DummyPagePfn' : [ 0x8, ['pointer', ['_MMPFN']]],
+    'DummyPage' : [ 0xc, ['unsigned long']],
+    'PageOfZeroes' : [ 0x10, ['unsigned long']],
+    'ZeroMapping' : [ 0x14, ['pointer', ['void']]],
+    'OnesMapping' : [ 0x18, ['pointer', ['void']]],
+    'BitmapGapFrames' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'PfnGapFrames' : [ 0x24, ['array', 2, ['unsigned long']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0x80, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer', ['void']]],
+    'ThreadOwner' : [ 0xc, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x20, ['array', 8, ['pointer', ['void']]]],
+    'LastAcquireTrace' : [ 0x40, ['array', 8, ['pointer', ['void']]]],
+    'LastReleaseTrace' : [ 0x60, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '__unnamed_25b7' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x18, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer', ['void']]],
+    'SessionId' : [ 0xc, ['unsigned long']],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+    'u2' : [ 0x14, ['__unnamed_25b7']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x3c, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0xc, ['pointer', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x10, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x11, ['unsigned char']],
+    'ServerIsRemote' : [ 0x12, ['unsigned char']],
+    'ClientTokenControl' : [ 0x14, ['_TOKEN_CONTROL']],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x18, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x8, ['pointer', ['void']]],
+    'SessionViewVa' : [ 0x8, ['pointer', ['void']]],
+    'VadsProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'Type' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SectionOffset' : [ 0x10, ['unsigned long long']],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x10, {
+    'SecurityQos' : [ 0x0, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x4, ['pointer', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x8, ['unsigned long']],
+    'FullCreateOptions' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_25d0' : [ 0x20, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x1c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x50, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long']],
+    'ModifiedPagesTotal' : [ 0x1c, ['unsigned long']],
+    'ModifiedPagefilePages' : [ 0x20, ['unsigned long']],
+    'ModifiedNoWritePages' : [ 0x24, ['unsigned long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x28, ['unsigned long']],
+    'MdlHack' : [ 0x2c, ['__unnamed_25d0']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x8, ['pointer', ['_KPRCB']]],
+    'Members' : [ 0xc, ['_KAFFINITY_EX']],
+    'ProcessorCount' : [ 0x18, ['unsigned long']],
+    'Class' : [ 0x1c, ['unsigned char']],
+    'Spare' : [ 0x1d, ['array', 3, ['unsigned char']]],
+    'Processors' : [ 0x20, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0x24, ['pointer', ['void']]],
+    'TimeWindowHandler' : [ 0x28, ['pointer', ['void']]],
+    'BoostPolicyHandler' : [ 0x2c, ['pointer', ['void']]],
+    'BoostModeHandler' : [ 0x30, ['pointer', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0x34, ['pointer', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x38, ['pointer', ['void']]],
+    'AutonomousModeHandler' : [ 0x3c, ['pointer', ['void']]],
+    'ReinitializeHandler' : [ 0x40, ['pointer', ['void']]],
+    'PerfSelectionHandler' : [ 0x44, ['pointer', ['void']]],
+    'PerfControlHandler' : [ 0x48, ['pointer', ['void']]],
+    'MaxFrequency' : [ 0x4c, ['unsigned long']],
+    'NominalFrequency' : [ 0x50, ['unsigned long']],
+    'MaxPercent' : [ 0x54, ['unsigned long']],
+    'MinPerfPercent' : [ 0x58, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x5c, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x60, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x68, ['unsigned long long']],
+    'Coordination' : [ 0x70, ['unsigned char']],
+    'HardPlatformCap' : [ 0x71, ['unsigned char']],
+    'AffinitizeControl' : [ 0x72, ['unsigned char']],
+    'EfficientThrottle' : [ 0x73, ['unsigned char']],
+    'AutonomousMode' : [ 0x74, ['unsigned char']],
+    'SelectedPercent' : [ 0x78, ['unsigned long']],
+    'SelectedFrequency' : [ 0x7c, ['unsigned long']],
+    'DesiredPercent' : [ 0x80, ['unsigned long']],
+    'MaxPolicyPercent' : [ 0x84, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x88, ['unsigned long']],
+    'ConstrainedMaxPercent' : [ 0x8c, ['unsigned long']],
+    'ConstrainedMinPercent' : [ 0x90, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x94, ['unsigned long']],
+    'TolerancePercent' : [ 0x98, ['unsigned long']],
+    'SelectedState' : [ 0xa0, ['unsigned long long']],
+    'PerfChangeTime' : [ 0xa8, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0xb0, ['unsigned long']],
+    'Force' : [ 0xb4, ['unsigned char']],
+    'ProvideGuidance' : [ 0xb5, ['unsigned char']],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_TABLE' : [ 0x600, {
+    'Entries' : [ 0x0, ['array', 64, ['_HVIEW_MAP_ENTRY']]],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0x50, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Type' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0xa0, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x20, ['array', 128, ['unsigned char']]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0xc, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x4, ['pointer', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x8, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_RELATION_LIST' : [ 0x8, {
+    'DeviceObjectList' : [ 0x0, ['pointer', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x4, ['unsigned char']],
+} ],
+  '_IO_TIMER' : [ 0x18, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x4, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x80, {
+    'TransitionSharedPages' : [ 0x0, ['unsigned long']],
+    'TransitionSharedPagesPeak' : [ 0x4, ['array', 3, ['unsigned long']]],
+    'FirstDecayPage' : [ 0x10, ['unsigned long']],
+    'PfnDecayFreeSList' : [ 0x18, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x24, ['_KDPC']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'Enabled' : [ 0x4, ['unsigned long']],
+    'DisableAccessLogging' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'MinLoggingPriority' : [ 0x18, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0xc, {
+    'QueueHead' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'QueueTail' : [ 0x4, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x48, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long']],
+    'SpecialPoolPdes' : [ 0x3c, ['_RTL_BITMAP']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x4, {
+    'LogHandleContext' : [ 0x0, ['pointer', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x10, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x4, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x8, ['pointer', ['unsigned long']]],
+    'Conflicts' : [ 0xc, ['pointer', ['pointer', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x10, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0xc, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x4c, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x4, ['_KMUTANT']],
+    'Lock' : [ 0x24, ['_FAST_MUTEX']],
+    'List' : [ 0x44, ['_LIST_ENTRY']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x40, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x8, ['short']],
+    'SpecialApcDisable' : [ 0xa, ['short']],
+    'CombinedApcDisable' : [ 0x8, ['unsigned long']],
+    'Irql' : [ 0xc, ['unsigned char']],
+    'StackTrace' : [ 0x10, ['array', 12, ['pointer', ['void']]]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x10, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x8, ['_PO_IRP_QUEUE']],
+} ],
+  '_SEP_LOWBOX_HANDLES_TABLE' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x4, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2632' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2634' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x10, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0xc, ['__unnamed_2632']],
+    'Button' : [ 0xc, ['__unnamed_2634']],
+} ],
+  '_KDPC_DATA' : [ 0x18, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x8, ['unsigned long']],
+    'DpcQueueDepth' : [ 0xc, ['long']],
+    'DpcCount' : [ 0x10, ['unsigned long']],
+    'ActiveDpc' : [ 0x14, ['pointer', ['_KDPC']]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_KSCB' : [ 0xf8, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x50, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare1' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x5d, ['unsigned char']],
+    'ReadySummary' : [ 0x5e, ['unsigned short']],
+    'Rank' : [ 0x60, ['unsigned long']],
+    'ReadyListHead' : [ 0x64, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0xe4, ['_RTL_RB_TREE']],
+    'Parent' : [ 0xec, ['pointer', ['_KSCB']]],
+    'Root' : [ 0xf0, ['pointer', ['_KSCB']]],
+} ],
+  '__unnamed_2643' : [ 0x8, {
+    'UserData' : [ 0x0, ['pointer', ['void']]],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_2644' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2643']],
+    'Merged' : [ 0x10, ['__unnamed_2644']],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'PublicFlags' : [ 0x19, ['unsigned char']],
+    'PrivateFlags' : [ 0x1a, ['unsigned short']],
+    'ListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x4, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x8, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x2c, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x10, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x14, ['long']],
+    'FirstReservedZeroingPte' : [ 0x18, ['pointer', ['_MMPTE']]],
+    'RebalanceZeroFreeWorkItem' : [ 0x1c, ['_WORK_QUEUE_ITEM']],
+} ],
+  '__unnamed_2651' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_2651']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x4, ['_LIST_ENTRY']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Processors' : [ 0x4, ['unsigned long']],
+    'ActiveProcessors' : [ 0x8, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x10, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_266a' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_266c' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_266a']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0xa8, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x4, ['pointer', ['void']]],
+    'EtwHandlesListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_266c']],
+    'Signature' : [ 0x14, ['unsigned long']],
+    'PoolPageHeaders' : [ 0x18, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x20, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x28, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x2c, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x30, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x34, ['unsigned long']],
+    'PagedBytes' : [ 0x38, ['unsigned long']],
+    'NonPagedBytes' : [ 0x3c, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x40, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x44, ['unsigned long']],
+    'RaiseIrqls' : [ 0x48, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x4c, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x50, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x54, ['unsigned long']],
+    'AllocationsFailed' : [ 0x58, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x5c, ['unsigned long']],
+    'LockedBytes' : [ 0x60, ['unsigned long']],
+    'PeakLockedBytes' : [ 0x64, ['unsigned long']],
+    'MappedLockedBytes' : [ 0x68, ['unsigned long']],
+    'PeakMappedLockedBytes' : [ 0x6c, ['unsigned long']],
+    'MappedIoSpaceBytes' : [ 0x70, ['unsigned long']],
+    'PeakMappedIoSpaceBytes' : [ 0x74, ['unsigned long']],
+    'PagesForMdlBytes' : [ 0x78, ['unsigned long']],
+    'PeakPagesForMdlBytes' : [ 0x7c, ['unsigned long']],
+    'ContiguousMemoryBytes' : [ 0x80, ['unsigned long']],
+    'PeakContiguousMemoryBytes' : [ 0x84, ['unsigned long']],
+    'ContiguousMemoryListHead' : [ 0x88, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x2c, {
+    'Sibling' : [ 0x0, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long']],
+    'PipelinedReadAheadRequestSize' : [ 0x54, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x58, ['unsigned long']],
+    'PrivateLinks' : [ 0x5c, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned long']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0x64, {
+    'FixupLock' : [ 0x0, ['long']],
+    'FixupList' : [ 0x4, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0xc, ['_KMUTANT']],
+    'FirstLoadEver' : [ 0x2c, ['unsigned char']],
+    'LargePageAll' : [ 0x2d, ['unsigned char']],
+    'LastPage' : [ 0x30, ['unsigned long']],
+    'LargePageList' : [ 0x34, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x3c, ['pointer', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x40, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x44, ['array', 2, ['pointer', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x4c, ['unsigned long']],
+    'PageCounts' : [ 0x50, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0x60, ['_EX_PUSH_LOCK']],
+} ],
+  '_PTE_TRACKER' : [ 0x44, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'Count' : [ 0xc, ['unsigned long']],
+    'SystemVa' : [ 0x10, ['pointer', ['void']]],
+    'StartVa' : [ 0x14, ['pointer', ['void']]],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'IoMapping' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x24, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x24, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x24, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x24, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x28, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x4, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'IsInTempBin' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0xc, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2699' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0x5c, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x8, ['pointer', ['void']]],
+    'ExceptionTableSize' : [ 0xc, ['unsigned long']],
+    'GpValue' : [ 0x10, ['pointer', ['void']]],
+    'NonPagedDebugInfo' : [ 0x14, ['pointer', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'LoadCount' : [ 0x38, ['unsigned short']],
+    'u1' : [ 0x3a, ['__unnamed_2699']],
+    'SectionPointer' : [ 0x3c, ['pointer', ['void']]],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x44, ['unsigned long']],
+    'CoverageSection' : [ 0x48, ['pointer', ['void']]],
+    'LoadedImports' : [ 0x4c, ['pointer', ['void']]],
+    'Spare' : [ 0x50, ['pointer', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x54, ['unsigned long']],
+    'TimeDateStamp' : [ 0x58, ['unsigned long']],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x28, {
+    'InstantaneousRead' : [ 0x0, ['pointer', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'Scaling' : [ 0x22, ['unsigned char']],
+    'Context' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x38, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x4, ['long']],
+    'PrefetchSeekThreshold' : [ 0x8, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x24, ['unsigned long']],
+    'DelayPageFaults' : [ 0x28, ['long']],
+    'FileCompressionBoundary' : [ 0x2c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x30, ['unsigned char']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_FILE_EXTENTS' : [ 0x4, {
+    'WaitList' : [ 0x0, ['pointer', ['_MI_FILE_EXTENTS_WAIT_BLOCK']]],
+} ],
+  '_HMAP_ENTRY' : [ 0x14, {
+    'BlockOffset' : [ 0x0, ['unsigned long']],
+    'PermanentBinAddress' : [ 0x4, ['unsigned long']],
+    'TemporaryBinAddress' : [ 0x8, ['unsigned long']],
+    'TemporaryBinRundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+    'MemAlloc' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x1c, {
+    'HashLink' : [ 0x0, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x4, ['unsigned short']],
+    'Atom' : [ 0x6, ['unsigned short']],
+    'Reference' : [ 0x8, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x18, ['unsigned char']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x3f8, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'TimeUnit' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_DUAL' : [ 0x19c, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x4, ['pointer', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x8, ['pointer', ['_HMAP_TABLE']]],
+    'Guard' : [ 0xc, ['unsigned long']],
+    'FreeDisplay' : [ 0x10, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x190, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x198, ['unsigned long']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x4, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_26cd' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_26d0' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0xf8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'CollidedEvent' : [ 0x20, ['_KEVENT']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ApcState' : [ 0x40, ['_KAPC_STATE']],
+    'Thread' : [ 0x58, ['pointer', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0x5c, ['pointer', ['_MMPFN']]],
+    'PteContents' : [ 0x60, ['_MMPTE']],
+    'WaitCount' : [ 0x68, ['long']],
+    'ByteCount' : [ 0x6c, ['unsigned long']],
+    'u3' : [ 0x70, ['__unnamed_26cd']],
+    'u1' : [ 0x74, ['__unnamed_26d0']],
+    'FilePointer' : [ 0x78, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x7c, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x7c, ['pointer', ['_SUBSECTION']]],
+    'Autoboost' : [ 0x80, ['pointer', ['void']]],
+    'FaultingAddress' : [ 0x84, ['pointer', ['void']]],
+    'PointerPte' : [ 0x88, ['pointer', ['_MMPTE']]],
+    'BasePte' : [ 0x8c, ['pointer', ['_MMPTE']]],
+    'Pfn' : [ 0x90, ['pointer', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x98, ['_MDL']],
+    'Page' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'FlowThrough' : [ 0xb4, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x8, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'Node' : [ 0x4, ['unsigned long']],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x10, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CloneCommitCount' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0x8, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset'})]],
+    'ReorderingBarrier' : [ 0x10, ['unsigned char']],
+    'RequestArgument' : [ 0x14, ['unsigned long']],
+    'CompletionEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x1c, ['pointer', ['long']]],
+    'ActivityId' : [ 0x20, ['_GUID']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'LowboxNumber' : [ 0x14, ['unsigned long']],
+    'AtomTable' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x20, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x14, ['long']],
+    'Active' : [ 0x18, ['long']],
+    'FreeWhenDone' : [ 0x1c, ['unsigned char']],
+} ],
+  '_MI_CFG_BITMAP_INFO' : [ 0xc, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'RegionSize' : [ 0x4, ['unsigned long']],
+    'BitmapVad' : [ 0x8, ['pointer', ['_MMVAD']]],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x4c, {
+    'StandbyListDiscard' : [ 0x0, ['unsigned long']],
+    'CrashDumpInitialized' : [ 0x4, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x5, ['unsigned char']],
+    'SystemShutdown' : [ 0x8, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0xc, ['long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'FreeListDiscard' : [ 0x30, ['unsigned char']],
+    'MirrorHoldsPfn' : [ 0x34, ['pointer', ['_ETHREAD']]],
+    'MirroringActive' : [ 0x38, ['unsigned long']],
+    'MirrorBitMap' : [ 0x3c, ['pointer', ['_RTL_BITMAP']]],
+    'MirrorBitMapInterlocked' : [ 0x40, ['pointer', ['_RTL_BITMAP']]],
+    'MirrorListLocks' : [ 0x44, ['pointer', ['void']]],
+    'CrashDumpPte' : [ 0x48, ['pointer', ['_MMPTE']]],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x30, {
+    'TransferAddress' : [ 0x0, ['pointer', ['void']]],
+    'ZeroBits' : [ 0x4, ['unsigned long']],
+    'MaximumStackSize' : [ 0x8, ['unsigned long']],
+    'CommittedStackSize' : [ 0xc, ['unsigned long']],
+    'SubSystemType' : [ 0x10, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x14, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x16, ['unsigned short']],
+    'SubSystemVersion' : [ 0x14, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x18, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x1a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x18, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x1c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x1e, ['unsigned short']],
+    'Machine' : [ 0x20, ['unsigned short']],
+    'ImageContainsCode' : [ 0x22, ['unsigned char']],
+    'ImageFlags' : [ 0x23, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x23, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x23, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x23, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x23, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x23, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x23, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x23, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x24, ['unsigned long']],
+    'ImageFileSize' : [ 0x28, ['unsigned long']],
+    'CheckSum' : [ 0x2c, ['unsigned long']],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x3c, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x8, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x10, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x14, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x18, ['pointer', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x18, ['array', 4, ['pointer', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x18, ['pointer', ['void']]],
+    'SessionId' : [ 0x1c, ['unsigned long']],
+    'Process' : [ 0x28, ['pointer', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['void']]],
+    'Callback' : [ 0x2c, ['pointer', ['void']]],
+    'Index' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned char']],
+    'DbgKernelRegistration' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgUserRegistration' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgReplyRegistration' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DbgClassicRegistration' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'DbgSessionSpaceRegistration' : [ 0x32, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DbgModernRegistration' : [ 0x32, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DbgClosed' : [ 0x32, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DbgInserted' : [ 0x32, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'EnableMask' : [ 0x33, ['unsigned char']],
+    'GroupEnableMask' : [ 0x34, ['unsigned char']],
+    'UseDescriptorType' : [ 0x35, ['unsigned char']],
+    'Traits' : [ 0x38, ['pointer', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0xa4, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x4, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x8, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x18, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'ServerSectionBase' : [ 0x24, ['pointer', ['void']]],
+    'PortContext' : [ 0x28, ['pointer', ['void']]],
+    'ClientThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x3c, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0x78, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0x80, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MappingProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0x8c, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0x8e, ['unsigned short']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'WaitEvent' : [ 0x94, ['_KEVENT']],
+} ],
+  '_HVIEW_MAP_PIN_LOG' : [ 0x308, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Entries' : [ 0x8, ['array', 16, ['_HVIEW_MAP_PIN_LOG_ENTRY']]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x8, ['unsigned long']],
+    'Alternatives' : [ 0xc, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'WorkSpace' : [ 0x1c, ['long']],
+    'InterfaceType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x24, ['unsigned long']],
+    'BusNumber' : [ 0x28, ['unsigned long']],
+    'Assignment' : [ 0x2c, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x30, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x3c, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'Traits' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x50, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x4, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x34, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'PackagedBinary' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x34, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x34, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x34, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x34, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x34, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x34, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x34, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x34, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x34, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x34, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x34, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x34, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x34, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x34, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x34, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x34, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x34, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x34, ['BitField', dict(start_bit = 25, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x34, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x34, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x38, ['unsigned short']],
+    'TlsIndex' : [ 0x3a, ['unsigned short']],
+    'HashLinks' : [ 0x3c, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x48, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x4c, ['pointer', ['void']]],
+    'DdagNode' : [ 0x50, ['pointer', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0x54, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0x5c, ['pointer', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0x60, ['pointer', ['void']]],
+    'SwitchBackContext' : [ 0x64, ['pointer', ['void']]],
+    'BaseAddressIndexNode' : [ 0x68, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0x74, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0x80, ['unsigned long']],
+    'LoadTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x90, ['unsigned long']],
+    'LoadReason' : [ 0x94, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x98, ['unsigned long']],
+    'ReferenceCount' : [ 0x9c, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x18, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x8, ['long']],
+    'Misses' : [ 0xc, ['unsigned long']],
+    'MissesLast' : [ 0x10, ['unsigned long']],
+    'AllStacksInUse' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_DRIVER_VA' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'Hint' : [ 0x10, ['unsigned long']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x2c, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x8, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0xc, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x10, ['unsigned long']],
+    'LowestLink' : [ 0x14, ['unsigned long']],
+    'Dependencies' : [ 0x18, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x1c, ['_LDRP_CSLIST']],
+    'State' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x28, ['unsigned long']],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x104, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x14, ['pointer', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x18, ['pointer', ['_KSEMAPHORE']]],
+    'Order' : [ 0x1c, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0xec, ['_LIST_ENTRY']],
+    'Status' : [ 0xf4, ['long']],
+    'FailedDevice' : [ 0xf8, ['pointer', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0xfc, ['unsigned char']],
+    'Cancelled' : [ 0xfd, ['unsigned char']],
+    'IgnoreErrors' : [ 0xfe, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0xff, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x100, ['unsigned char']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x8, {
+    'PreferredMask' : [ 0x0, ['unsigned long']],
+    'AvailableMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x8, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'CallerType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x8, ['unsigned long']],
+    'DevicePathOffset' : [ 0xc, ['unsigned long']],
+    'ReasonOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x4, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x8, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x14, ['unsigned long']],
+    'PagingCount' : [ 0x18, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x1c, ['unsigned char']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x40, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xc, ['_UNICODE_STRING']],
+    'Latency' : [ 0x14, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x18, ['unsigned long']],
+    'Power' : [ 0x1c, ['unsigned long']],
+    'StateFlags' : [ 0x20, ['unsigned long']],
+    'VetoAccounting' : [ 0x24, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0x38, ['unsigned char']],
+    'InterruptsEnabled' : [ 0x39, ['unsigned char']],
+    'Interruptible' : [ 0x3a, ['unsigned char']],
+    'ContextRetained' : [ 0x3b, ['unsigned char']],
+    'CacheCoherent' : [ 0x3c, ['unsigned char']],
+    'WakesSpuriously' : [ 0x3d, ['unsigned char']],
+    'PlatformOnly' : [ 0x3e, ['unsigned char']],
+    'NoCState' : [ 0x3f, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x154, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'State' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x1c, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x3c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x50, ['_GUID']],
+    'NotificationQueue' : [ 0x60, ['_KQUEUE']],
+    'NotificationMutex' : [ 0x88, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0xa8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xb0, ['unsigned long']],
+    'NotificationRoutine' : [ 0xb4, ['pointer', ['void']]],
+    'Key' : [ 0xb8, ['pointer', ['void']]],
+    'ProtocolListHead' : [ 0xbc, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0xc4, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0xcc, ['_LIST_ENTRY']],
+    'Tm' : [ 0xd4, ['pointer', ['_KTM']]],
+    'Description' : [ 0xd8, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0xe0, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x140, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'DeadPteTrackerSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x8, ['unsigned long']],
+    'MdlTrackerLookaside' : [ 0x40, ['_NPAGED_LOOKASIDE_LIST']],
+    'PteTrackingBitmap' : [ 0x100, ['_RTL_BITMAP']],
+    'CachedPteHeads' : [ 0x108, ['pointer', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0x10c, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPages' : [ 0x140, ['unsigned char']],
+    'QueuedStacks' : [ 0x148, ['_SLIST_HEADER']],
+    'StackGrowthFailures' : [ 0x150, ['unsigned long']],
+    'TrackPtesAborted' : [ 0x154, ['unsigned char']],
+    'AdjustCounter' : [ 0x155, ['unsigned char']],
+    'QueuedStacksWorkItem' : [ 0x158, ['_MI_QUEUED_DEADSTACK_WORKITEM']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x34, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x8, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0xc, ['long']],
+    'HighWaterMark' : [ 0x10, ['unsigned long']],
+    'Reserved' : [ 0x14, ['array', 8, ['unsigned long']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_276c' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x14, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long']],
+    'NodeCount' : [ 0x4, ['unsigned long']],
+    'Tables' : [ 0x8, ['pointer', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0xc, ['unsigned long']],
+    'u1' : [ 0x10, ['__unnamed_276c']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['unsigned char']],
+    'DripsRequiredState' : [ 0x8, ['unsigned long']],
+    'Level' : [ 0xc, ['long']],
+    'ActiveStamp' : [ 0x10, ['long long']],
+    'CsActiveTime' : [ 0x18, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x20, ['long long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x20, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Link' : [ 0x14, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x1c, ['pointer', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x19c, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0xc0, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x14, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x30, ['pointer', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x34, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x3c, ['long']],
+    'ActiveEvent' : [ 0x40, ['_KEVENT']],
+    'IdleLock' : [ 0x50, ['unsigned long']],
+    'IdleConditionComplete' : [ 0x54, ['long']],
+    'IdleStateComplete' : [ 0x58, ['long']],
+    'IdleStamp' : [ 0x60, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x68, ['unsigned long']],
+    'IdleStateCount' : [ 0x6c, ['unsigned long']],
+    'IdleStates' : [ 0x70, ['pointer', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0x74, ['unsigned long']],
+    'ProviderCount' : [ 0x78, ['unsigned long']],
+    'Providers' : [ 0x7c, ['pointer', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0x80, ['unsigned long']],
+    'DependentCount' : [ 0x84, ['unsigned long']],
+    'Dependents' : [ 0x88, ['pointer', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0x90, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0xb8, ['pointer', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x1c, {
+    'ComponentActive' : [ 0x0, ['pointer', ['void']]],
+    'ComponentIdle' : [ 0x4, ['pointer', ['void']]],
+    'ComponentIdleState' : [ 0x8, ['pointer', ['void']]],
+    'DevicePowerRequired' : [ 0xc, ['pointer', ['void']]],
+    'DevicePowerNotRequired' : [ 0x10, ['pointer', ['void']]],
+    'PowerControl' : [ 0x14, ['pointer', ['void']]],
+    'ComponentCriticalTransition' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PROVIDER_BINARY_ENTRY' : [ 0x2c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x8, ['unsigned char']],
+    'Spare' : [ 0x9, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0xc, ['unsigned long']],
+    'DebugId' : [ 0x10, ['_CVDD']],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x40f0, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x14, ['unsigned long']],
+    'ResourceAddressRange' : [ 0x18, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x2010, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x2014, ['unsigned long']],
+    'ThreadAddressRange' : [ 0x2018, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x4010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x4014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x4018, ['unsigned long']],
+    'NodesSearched' : [ 0x401c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x4020, ['unsigned long']],
+    'SequenceNumber' : [ 0x4024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x4028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x402c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x4030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x4034, ['unsigned long']],
+    'StackLimitHits' : [ 0x4038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x403c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x4040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x4044, ['unsigned long']],
+    'TotalReleases' : [ 0x4048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x404c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x4050, ['unsigned long']],
+    'Instigator' : [ 0x4054, ['pointer', ['void']]],
+    'NumberOfParticipants' : [ 0x4058, ['unsigned long']],
+    'Participant' : [ 0x405c, ['array', 32, ['pointer', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x40dc, ['long']],
+    'StackType' : [ 0x40e0, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x40e4, ['unsigned long']],
+    'StackHighLimit' : [ 0x40e8, ['unsigned long']],
+} ],
+  '_KTM' : [ 0x238, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x4, ['_KMUTANT']],
+    'State' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x28, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x3c, ['_GUID']],
+    'Flags' : [ 0x4c, ['unsigned long']],
+    'VolatileFlags' : [ 0x50, ['unsigned long']],
+    'LogFileName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x5c, ['pointer', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0x60, ['pointer', ['void']]],
+    'LogManagementContext' : [ 0x64, ['pointer', ['void']]],
+    'Transactions' : [ 0x68, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0xc8, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x128, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x148, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x150, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x158, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x178, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x180, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x188, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x190, ['pointer', ['void']]],
+    'TmRm' : [ 0x194, ['pointer', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x198, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x1b8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x1c0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x1d0, ['_ERESOURCE']],
+    'LogFlags' : [ 0x208, ['unsigned long']],
+    'LogFullStatus' : [ 0x20c, ['long']],
+    'RecoveryStatus' : [ 0x210, ['long']],
+    'LastCheckBaseLsn' : [ 0x218, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x220, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x228, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x30, {
+    'PagesLoad' : [ 0x0, ['long']],
+    'PagesAverage' : [ 0x4, ['unsigned long']],
+    'AverageAvailablePages' : [ 0x8, ['unsigned long']],
+    'PagesWritten' : [ 0xc, ['unsigned long']],
+    'WritesIssued' : [ 0x10, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x14, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x18, ['unsigned long']],
+    'WriteBurstCount' : [ 0x1c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x20, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x28, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x2e, ['unsigned short']],
+} ],
+  '_VF_BTS_RECORD' : [ 0xc, {
+    'JumpedFrom' : [ 0x0, ['pointer', ['void']]],
+    'JumpedTo' : [ 0x4, ['pointer', ['void']]],
+    'Unused1' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Predicted' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Unused2' : [ 0x8, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3e0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_KTRANSACTION' : [ 0x1e0, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'Mutex' : [ 0x14, ['_KMUTANT']],
+    'TreeTx' : [ 0x34, ['pointer', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x38, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x4c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0x60, ['_GUID']],
+    'State' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0x74, ['unsigned long']],
+    'EnlistmentHead' : [ 0x78, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x80, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0x84, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0x88, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0x8c, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0x90, ['unsigned long']],
+    'PendingResponses' : [ 0x94, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0x98, ['pointer', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xa0, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0xb0, ['pointer', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0xb4, ['pointer', ['void']]],
+    'IsolationLevel' : [ 0xb8, ['unsigned long']],
+    'IsolationFlags' : [ 0xbc, ['unsigned long']],
+    'Timeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'Description' : [ 0xc8, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0xd0, ['pointer', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0xd4, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0xe4, ['_KDPC']],
+    'RollbackTimer' : [ 0x108, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x130, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x138, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x13c, ['pointer', ['_KTM']]],
+    'CommitReservation' : [ 0x140, ['long long']],
+    'TransactionHistory' : [ 0x148, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x198, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x19c, ['pointer', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x1a0, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x1a4, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x1c4, ['pointer', ['void']]],
+    'PendingPromotionCount' : [ 0x1c8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x1cc, ['_KEVENT']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_UOW' : [ 0x38, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x8, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0xc, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x18, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x1c, ['pointer', ['_CM_TRANS']]],
+    'UoWState' : [ 0x20, ['unsigned long']],
+    'ActionType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x30, ['unsigned long']],
+    'OldValueCell' : [ 0x30, ['unsigned long']],
+    'NewValueCell' : [ 0x34, ['unsigned long']],
+    'UserFlags' : [ 0x30, ['unsigned long']],
+    'LastWriteTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'TxSecurityCell' : [ 0x30, ['unsigned long']],
+    'OldChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x34, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x34, ['unsigned long']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x320, {
+    'ContextFrame' : [ 0x0, ['_CONTEXT']],
+    'SpecialRegisters' : [ 0x2cc, ['_KSPECIAL_REGISTERS']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x10, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'DueTickCount' : [ 0xc, ['unsigned long']],
+    'Inserted' : [ 0x10, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x11, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_27e7' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_27e9' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_27e7']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_27e9']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x2c, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'RealRefCount' : [ 0x14, ['unsigned long']],
+    'Descriptor' : [ 0x18, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_CM_NAME_HASH' : [ 0xc, {
+    'ConvKey' : [ 0x0, ['unsigned long']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'Name' : [ 0xa, ['array', 1, ['wchar']]],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x8, {
+    'CurrentIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'PendingIrpList' : [ 0x4, ['pointer', ['_IRP']]],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_27fe' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0x6c, {
+    'Parent' : [ 0x0, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x4, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0xc, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'Root' : [ 0x1c, ['pointer', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x20, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x24, ['__unnamed_27fe']],
+    'ChildrenCount' : [ 0x28, ['long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'ParentStackTrace' : [ 0x4c, ['array', 8, ['pointer', ['void']]]],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0x60, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x38, ['_KMUTANT']],
+    'LinksOffset' : [ 0x58, ['unsigned short']],
+    'GuidOffset' : [ 0x5a, ['unsigned short']],
+    'Expired' : [ 0x5c, ['unsigned char']],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x10, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x4, ['pointer', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x8, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x4, ['pointer', ['_HHIVE']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_HVIEW_MAP_ENTRY' : [ 0x18, {
+    'ViewStart' : [ 0x0, ['pointer', ['void']]],
+    'IsPinned' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Bcb' : [ 0x4, ['pointer', ['void']]],
+    'PinnedPages' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x8, {
+    'Stream' : [ 0x0, ['pointer', ['void']]],
+    'Detail' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x48, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x1c, ['pointer', ['void']]],
+    'Enabled' : [ 0x20, ['unsigned char']],
+    'ActiveEngaged' : [ 0x21, ['unsigned char']],
+    'ThrottleLimit' : [ 0x22, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x23, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x24, ['pointer', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x28, ['pointer', ['_KEVENT']]],
+    'Interface' : [ 0x2c, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'HashKey' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x8, {
+    'Start' : [ 0x0, ['pointer', ['unsigned char']]],
+    'End' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x18, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'DosDeviceDriveIndex' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x18, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x14, ['pointer', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x14, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x8, ['pointer', ['void']]],
+    'Key' : [ 0xc, ['unsigned long']],
+    'BindingProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x204, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'HashTable' : [ 0x4, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x38, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x2c, ['array', 3, ['unsigned long']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x14, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x10, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COLORED_PAGE_INFO' : [ 0x10, {
+    'BeingZeroed' : [ 0x0, ['long']],
+    'Processor' : [ 0x4, ['unsigned long']],
+    'PagesQueued' : [ 0x8, ['unsigned long']],
+    'PfnAllocation' : [ 0xc, ['pointer', ['_MMPFN']]],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x8, ['pointer', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_MI_POOL_STATE' : [ 0x4e0, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolSListMaximum' : [ 0x4, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x10, ['unsigned long']],
+    'BadPoolHead' : [ 0x14, ['_SINGLE_LIST_ENTRY']],
+    'PoolFailures' : [ 0x18, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x3c, ['array', 11, ['unsigned long']]],
+    'LowPagedPoolThreshold' : [ 0x68, ['unsigned long']],
+    'HighPagedPoolThreshold' : [ 0x6c, ['unsigned long']],
+    'SpecialPoolPdesMax' : [ 0x70, ['long']],
+    'NonPagedPoolNodes' : [ 0x74, ['array', 1024, ['unsigned char']]],
+    'PagedProtoPoolInfo' : [ 0x474, ['_MM_PAGED_POOL_INFO']],
+    'PagedPoolSListMaximum' : [ 0x490, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x494, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0x4a4, ['unsigned long']],
+    'SpecialPoolRejected' : [ 0x4a8, ['array', 9, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0x4cc, ['unsigned long']],
+    'SpecialPoolPdes' : [ 0x4d0, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0x4d4, ['unsigned long']],
+    'TotalPagedPoolQuota' : [ 0x4d8, ['unsigned long']],
+    'TotalNonPagedPoolQuota' : [ 0x4dc, ['unsigned long']],
+} ],
+  '_STACK_TABLE' : [ 0x8040, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x4, ['array', 16, ['pointer', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x44, ['array', 16381, ['unsigned short']]],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x13c, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'OffloadedAudio' : [ 0x12d, ['unsigned char']],
+    'NonOffloadedAudio' : [ 0x12e, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12f, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsUserAwaySetting' : [ 0x134, ['unsigned char']],
+    'WiFiInStandby' : [ 0x138, ['unsigned long']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_DEFERRED_WRITE' : [ 0x24, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x8, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'PostRoutine' : [ 0x18, ['pointer', ['void']]],
+    'Context1' : [ 0x1c, ['pointer', ['void']]],
+    'Context2' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_286d' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_286f' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_286d']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_286f']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x34, {
+    'IoPfnLock' : [ 0x0, ['unsigned long']],
+    'IoPfnRoot' : [ 0x4, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x10, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x18, ['unsigned long']],
+    'IoCacheStats' : [ 0x1c, ['_MI_IO_CACHE_STATS']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x4, ['pointer', ['_ARBITER_ORDERING']]],
+} ],
+  '_VF_AVL_TABLE' : [ 0x80, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x38, ['pointer', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x3c, ['pointer', ['void']]],
+    'Lock' : [ 0x40, ['long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['long']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DeviceNode' : [ 0x1c, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '__unnamed_2887' : [ 0x8, {
+    'EndingOffset' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x4, ['pointer', ['pointer', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2889' : [ 0x4, {
+    'ResourceToRelease' : [ 0x0, ['pointer', ['_ERESOURCE']]],
+} ],
+  '__unnamed_288f' : [ 0xc, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_2893' : [ 0x8, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NotifyTypeCreate', 1: u'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x4, ['unsigned char']],
+} ],
+  '__unnamed_2895' : [ 0x14, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+    'Argument5' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x14, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2887']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2889']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_288f']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_2893']],
+    'Others' : [ 0x0, ['__unnamed_2895']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x4, {
+    'Function' : [ 0x0, ['pointer', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x70, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x4, ['unsigned long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '__unnamed_28a3' : [ 0x4, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_SECTION' : [ 0x28, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u1' : [ 0x14, ['__unnamed_28a3']],
+    'SizeOfSection' : [ 0x18, ['unsigned long long']],
+    'u' : [ 0x20, ['__unnamed_1680']],
+    'InitialPageProtection' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x24, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ActiveCooling' : [ 0x14, ['pointer', ['void']]],
+    'PassiveCooling' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x18, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Next' : [ 0x14, ['pointer', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_PROC_PERF_CHECK' : [ 0xc0, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'Snap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'TempSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'TaggedThreadPercent' : [ 0xb8, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0xba, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0xbb, ['unsigned char']],
+} ],
+  '__unnamed_28b2' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_28b4' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_28b6' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_28b2']],
+    'Interrupt' : [ 0x0, ['__unnamed_28b4']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_28b4']],
+    'Sci' : [ 0x0, ['__unnamed_28b4']],
+    'Nmi' : [ 0x0, ['__unnamed_28b4']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_28b6']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x140, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'VerifyKernelPhaseOnResume' : [ 0x3, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x4, ['unsigned char']],
+    'InitializationFinished' : [ 0x5, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x28, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x30, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x38, ['unsigned long']],
+    'ClonedPageCount' : [ 0x40, ['unsigned long long']],
+    'CurrentMap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x4c, ['pointer', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x50, ['unsigned long']],
+    'LoaderMdl' : [ 0x54, ['pointer', ['_MDL']]],
+    'AllocatedMdl' : [ 0x58, ['pointer', ['_MDL']]],
+    'PagesOut' : [ 0x60, ['unsigned long long']],
+    'IoPages' : [ 0x68, ['pointer', ['void']]],
+    'IoPagesCount' : [ 0x6c, ['unsigned long']],
+    'CurrentMcb' : [ 0x70, ['pointer', ['void']]],
+    'DumpStack' : [ 0x74, ['pointer', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x78, ['pointer', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0x7c, ['unsigned long']],
+    'Status' : [ 0x80, ['long']],
+    'GraphicsProc' : [ 0x84, ['unsigned long']],
+    'MemoryImage' : [ 0x88, ['pointer', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0x8c, ['pointer', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0x90, ['pointer', ['_MDL']]],
+    'SiLogOffset' : [ 0x94, ['unsigned long']],
+    'FirmwareRuntimeInformationMdl' : [ 0x98, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0x9c, ['pointer', ['void']]],
+    'ResumeContext' : [ 0xa0, ['pointer', ['void']]],
+    'ResumeContextPages' : [ 0xa4, ['unsigned long']],
+    'ProcessorCount' : [ 0xa8, ['unsigned long']],
+    'ProcessorContext' : [ 0xac, ['pointer', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0xb0, ['pointer', ['unsigned char']]],
+    'ProdConsSize' : [ 0xb4, ['unsigned long']],
+    'MaxDataPages' : [ 0xb8, ['unsigned long']],
+    'ExtraBuffer' : [ 0xbc, ['pointer', ['void']]],
+    'ExtraBufferSize' : [ 0xc0, ['unsigned long']],
+    'ExtraMapVa' : [ 0xc4, ['pointer', ['void']]],
+    'BitlockerKeyPFN' : [ 0xc8, ['unsigned long']],
+    'IoInfo' : [ 0xd0, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x130, ['pointer', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x134, ['unsigned long']],
+    'HardwareConfigurationSignature' : [ 0x138, ['unsigned long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x40, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x8, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0x60, {
+    'Component' : [ 0x0, ['pointer', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x4, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x14, ['pointer', ['void']]],
+    'Flags' : [ 0x18, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x1c, ['pointer', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x20, ['unsigned long']],
+    'LastChangeStamp' : [ 0x28, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x30, ['unsigned char']],
+    'PepRegistered' : [ 0x31, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x32, ['unsigned char']],
+    'RequestDriverContext' : [ 0x34, ['pointer', ['void']]],
+    'WorkOrder' : [ 0x38, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x54, ['unsigned long']],
+    'Sets' : [ 0x58, ['pointer', ['_POP_FX_PERF_SET']]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0xc, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'MpnId' : [ 0x4, ['unsigned short']],
+    'Node' : [ 0x6, ['unsigned short']],
+    'Channel' : [ 0x8, ['unsigned short']],
+    'IsPowerManageable' : [ 0xa, ['unsigned char']],
+    'DeepPowerState' : [ 0xb, ['unsigned char']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x100, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0xc0, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0xc8, ['pointer', ['void']]],
+    'PointersLength' : [ 0xcc, ['unsigned long']],
+    'ModulePrefix' : [ 0xd0, ['pointer', ['unsigned short']]],
+    'DriverList' : [ 0xd4, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0xdc, ['_STRING']],
+    'ProgMsg' : [ 0xe4, ['_STRING']],
+    'DoneMsg' : [ 0xec, ['_STRING']],
+    'FileObject' : [ 0xf4, ['pointer', ['void']]],
+    'UsageType' : [ 0xf8, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_PAE_PAGEINFO' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'PageFrameNumber' : [ 0x8, ['unsigned long']],
+    'EntriesInUse' : [ 0xc, ['unsigned long']],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x4, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x24, {
+    'InitiatingThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ThreadId' : [ 0x8, ['pointer', ['void']]],
+    'ProcessId' : [ 0xc, ['pointer', ['void']]],
+    'Code' : [ 0x10, ['unsigned long']],
+    'Parameter1' : [ 0x14, ['unsigned long']],
+    'Parameter2' : [ 0x18, ['unsigned long']],
+    'Parameter3' : [ 0x1c, ['unsigned long']],
+    'Parameter4' : [ 0x20, ['unsigned long']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x20, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0xc, ['unsigned long']],
+    'CollectMultiple' : [ 0x10, ['unsigned char']],
+    'Buffer' : [ 0x14, ['pointer', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+  '_HVIEW_MAP_PIN_LOG_ENTRY' : [ 0x30, {
+    'ViewOffset' : [ 0x0, ['unsigned long']],
+    'Pinned' : [ 0x4, ['unsigned char']],
+    'PinMask' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer', ['_KTHREAD']]],
+    'Stack' : [ 0x14, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '__unnamed_28f6' : [ 0x10, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x10, {
+    'Parameters' : [ 0x0, ['__unnamed_28f6']],
+} ],
+  '__unnamed_28fa' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_28fa']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_FILE_EXTENTS_WAIT_BLOCK' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_MI_FILE_EXTENTS_WAIT_BLOCK']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x310, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long']],
+    'PageSize' : [ 0x14, ['unsigned long']],
+    'SystemTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x20, ['unsigned long long']],
+    'FeatureFlags' : [ 0x28, ['unsigned long long']],
+    'HiberFlags' : [ 0x30, ['unsigned char']],
+    'spare' : [ 0x31, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x34, ['unsigned long']],
+    'HiberVa' : [ 0x38, ['unsigned long']],
+    'NoFreePages' : [ 0x3c, ['unsigned long']],
+    'FreeMapCheck' : [ 0x40, ['unsigned long']],
+    'WakeCheck' : [ 0x44, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x48, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x50, ['unsigned long']],
+    'FirstKernelRestorePage' : [ 0x54, ['unsigned long']],
+    'FirstChecksumRestorePage' : [ 0x58, ['unsigned long']],
+    'NoChecksumEntries' : [ 0x60, ['unsigned long long']],
+    'PerfInfo' : [ 0x68, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x248, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x24c, ['array', 1, ['unsigned long']]],
+    'SiLogOffset' : [ 0x250, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x254, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x258, ['array', 24, ['unsigned long']]],
+    'NotUsed' : [ 0x2b8, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x2bc, ['unsigned long']],
+    'ResumeContextPages' : [ 0x2c0, ['unsigned long']],
+    'Hiberboot' : [ 0x2c4, ['unsigned char']],
+    'HvCr3' : [ 0x2c8, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x2d0, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x2d8, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x2e0, ['unsigned long long']],
+    'BootFlags' : [ 0x2e8, ['unsigned long long']],
+    'HalEntryPointPhysical' : [ 0x2f0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x2f8, ['unsigned long']],
+    'BitlockerKeyPfns' : [ 0x2fc, ['array', 4, ['unsigned long']]],
+    'HardwareSignature' : [ 0x30c, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x10, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['unsigned short']],
+} ],
+  '_CURDIR' : [ 0xc, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1e0, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x48, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x4c, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x50, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x58, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x60, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x68, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x78, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x80, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xc8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xd0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xd8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xe0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xe8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0xf0, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0xf8, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x100, ['unsigned long long']],
+    'IoBoundedness' : [ 0x108, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x110, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x118, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x120, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x128, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x130, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x138, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x140, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x148, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x150, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x158, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x160, ['unsigned long long']],
+    'AnimationStart' : [ 0x168, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x170, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x178, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x180, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x188, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x190, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x198, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1a0, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1a8, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1b0, ['unsigned long long']],
+    'BytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'PagesWritten' : [ 0x1c0, ['unsigned long']],
+    'FileRuns' : [ 0x1c4, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1c8, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1cc, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1d0, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1d8, ['unsigned long long']],
+} ],
+  '_MI_QUEUED_DEADSTACK_WORKITEM' : [ 0x14, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x10, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0xc, ['unsigned char']],
+    'Reserved' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_FREE_DISPLAY' : [ 0x10, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x1c, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'InitialInPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x8, ['pointer', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0xc, ['unsigned long']],
+    'Node' : [ 0x10, ['_RTL_BALANCED_NODE']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x70, {
+    'UncompressedData' : [ 0x0, ['pointer', ['unsigned char']]],
+    'MappingVa' : [ 0x4, ['pointer', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x8, ['pointer', ['void']]],
+    'CompressedDataBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'CompressTicks' : [ 0x18, ['unsigned long long']],
+    'BytesCopied' : [ 0x20, ['unsigned long long']],
+    'PagesProcessed' : [ 0x28, ['unsigned long long']],
+    'DecompressTicks' : [ 0x30, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x38, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x40, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x68, ['unsigned long']],
+    'HuffCompressCount' : [ 0x6c, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x18, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '_POP_IO_INFO' : [ 0x60, {
+    'DumpMdl' : [ 0x0, ['pointer', ['_MDL']]],
+    'IoStatus' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x8, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x10, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x18, ['unsigned long long']],
+    'RequestSize' : [ 0x20, ['unsigned long long']],
+    'IoLocation' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x30, ['unsigned long long']],
+    'Buffer' : [ 0x38, ['pointer', ['void']]],
+    'AsyncCapable' : [ 0x3c, ['unsigned char']],
+    'BytesToRead' : [ 0x40, ['unsigned long long']],
+    'Pages' : [ 0x48, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x50, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x58, ['unsigned short']],
+} ],
+  '_LDRP_CSLIST' : [ 0x4, {
+    'Tail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x4, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x8, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+    'ContentionCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x1c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x1e, ['unsigned short']],
+} ],
+  '__unnamed_2937' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2939' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_293c' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_2940' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x14, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x20, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x30, ['__unnamed_2937']],
+    'XapicMessage' : [ 0x38, ['__unnamed_2939']],
+    'Hypertransport' : [ 0x38, ['__unnamed_293c']],
+    'GenericMessage' : [ 0x38, ['__unnamed_2939']],
+    'MessageRequest' : [ 0x38, ['__unnamed_2940']],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_294e' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x4, ['pointer', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_2950' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x28, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x8, ['unsigned long long']],
+    'Unit' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x18, ['__unnamed_294e']],
+    'Range' : [ 0x18, ['__unnamed_2950']],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2961' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2963' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2965' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2961']],
+    'Gpt' : [ 0x0, ['__unnamed_2963']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0xc0, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer', ['void']]],
+    'CommonBuffer' : [ 0xc, ['array', 2, ['pointer', ['void']]]],
+    'PhysicalAddress' : [ 0x18, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x28, ['pointer', ['void']]],
+    'OpenRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'WriteRoutine' : [ 0x30, ['pointer', ['void']]],
+    'FinishRoutine' : [ 0x34, ['pointer', ['void']]],
+    'AdapterObject' : [ 0x38, ['pointer', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x3c, ['pointer', ['void']]],
+    'PortConfiguration' : [ 0x40, ['pointer', ['void']]],
+    'CrashDump' : [ 0x44, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x45, ['unsigned char']],
+    'HiberResume' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x47, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x48, ['unsigned long']],
+    'CommonBufferSize' : [ 0x4c, ['unsigned long']],
+    'TargetAddress' : [ 0x50, ['pointer', ['void']]],
+    'WritePendingRoutine' : [ 0x54, ['pointer', ['void']]],
+    'PartitionStyle' : [ 0x58, ['unsigned long']],
+    'DiskInfo' : [ 0x5c, ['__unnamed_2965']],
+    'ReadRoutine' : [ 0x6c, ['pointer', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0x70, ['pointer', ['void']]],
+    'LogSectionTruncateSize' : [ 0x74, ['unsigned long']],
+    'Parameters' : [ 0x78, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xb8, ['pointer', ['void']]],
+    'DumpNotifyRoutine' : [ 0xbc, ['pointer', ['void']]],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x18, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long']],
+    'ActiveCacheMatch' : [ 0x4, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0x8, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x14, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x8, ['pointer', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0xc, ['pointer', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x10, ['pointer', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x14, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned short']],
+    'ReplyIndex' : [ 0x1a, ['unsigned short']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x10, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_KDPC_LIST' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x4, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0xd0, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x4, ['pointer', ['pointer', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x8, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x18, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x28, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x10, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x18, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '__unnamed_2998' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_299a' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2998']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_299d' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_299f' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_299d']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_299a']],
+    'HighPart' : [ 0x4, ['__unnamed_299f']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x2c, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x28, ['long']],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x4, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['pointer', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_29af' : [ 0x8, {
+    'MessageAddressLow' : [ 0x0, ['unsigned long']],
+    'MessageData' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+} ],
+  '__unnamed_29b1' : [ 0x8, {
+    'RemappedFormat' : [ 0x0, ['_ULARGE_INTEGER']],
+    'Msi' : [ 0x0, ['__unnamed_29af']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_29b1']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0x54, {
+    'Cr0' : [ 0x0, ['unsigned long']],
+    'Cr2' : [ 0x4, ['unsigned long']],
+    'Cr3' : [ 0x8, ['unsigned long']],
+    'Cr4' : [ 0xc, ['unsigned long']],
+    'KernelDr0' : [ 0x10, ['unsigned long']],
+    'KernelDr1' : [ 0x14, ['unsigned long']],
+    'KernelDr2' : [ 0x18, ['unsigned long']],
+    'KernelDr3' : [ 0x1c, ['unsigned long']],
+    'KernelDr6' : [ 0x20, ['unsigned long']],
+    'KernelDr7' : [ 0x24, ['unsigned long']],
+    'Gdtr' : [ 0x28, ['_DESCRIPTOR']],
+    'Idtr' : [ 0x30, ['_DESCRIPTOR']],
+    'Tr' : [ 0x38, ['unsigned short']],
+    'Ldtr' : [ 0x3a, ['unsigned short']],
+    'Xcr0' : [ 0x3c, ['unsigned long long']],
+    'ExceptionList' : [ 0x44, ['unsigned long']],
+    'Reserved' : [ 0x48, ['array', 3, ['unsigned long']]],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0xc, {
+    'Previous' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x4, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x4, ['pointer', ['unsigned short']]],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x10, ['pointer', ['void']]],
+    'WhichOrderedElement' : [ 0x14, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x18, ['unsigned long']],
+    'DepthOfTree' : [ 0x1c, ['unsigned long']],
+    'RestartKey' : [ 0x20, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x24, ['unsigned long']],
+    'CompareRoutine' : [ 0x28, ['pointer', ['void']]],
+    'AllocateRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'FreeRoutine' : [ 0x30, ['pointer', ['void']]],
+    'TableContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_DESCRIPTOR' : [ 0x8, {
+    'Pad' : [ 0x0, ['unsigned short']],
+    'Limit' : [ 0x2, ['unsigned short']],
+    'Base' : [ 0x4, ['unsigned long']],
+} ],
+}

From 5ea27484dd025c06595e19cba887facfd718855c Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Mon, 30 Apr 2018 12:59:38 -0500
Subject: [PATCH 203/304] add some sanity checks on invalid tokens / sids

---
 volatility/plugins/overlays/windows/windows.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index be64c3e22..de6f7d81f 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -750,6 +750,12 @@ def get_sids(self):
         if self.UserAndGroupCount < 0xFFFF:
             for sa in self.UserAndGroups.dereference():
                 sid = sa.Sid.dereference_as('_SID')
+                # catch invalid pointers (UserAndGroupCount is too high)
+                if sid == None:
+                    raise StopIteration
+                # this mimics the windows API IsValidSid
+                if sid.Revision & 0xF != 1 or sid.SubAuthorityCount > 15:
+                    raise StopIteration
                 id_auth = ""
                 for i in sid.IdentifierAuthority.Value:
                     id_auth = i

From 5399524c0d08717fe380df164e245e2ca8b98a29 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Mon, 7 May 2018 09:16:47 -0500
Subject: [PATCH 204/304] hashdump backtraced when reading corrupt registry
 values for the user name

---
 volatility/win32/hashdump.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/volatility/win32/hashdump.py b/volatility/win32/hashdump.py
index 7f22ee6be..aef1b3280 100644
--- a/volatility/win32/hashdump.py
+++ b/volatility/win32/hashdump.py
@@ -289,6 +289,9 @@ def get_user_name(user_key):
     name_offset = unpack("<L", V[0x0c:0x10])[0] + 0xCC
     name_length = unpack("<L", V[0x10:0x14])[0]
 
+    if name_length > len(V):
+        return None
+
     username = V[name_offset:name_offset + name_length].decode('utf-16-le')
     return username
 
@@ -328,7 +331,11 @@ def dump_hashes(sysaddr, samaddr):
                     nthash = empty_nt
                 ## temporary fix to prevent UnicodeDecodeError backtraces 
                 ## however this can cause truncated user names as a result
-                name = get_user_name(user).encode('ascii', 'ignore')
+                name = get_user_name(user)
+                if name is not None:
+                    name = name.encode('ascii', 'ignore')
+                else:
+                    name = "(unavailable)"
                 yield "{0}:{1}:{2}:{3}:::".format(name, int(str(user.Name), 16),
                                                   lmhash.encode('hex'), nthash.encode('hex'))
     else:

From 67851fe71e3e6515f527945081ed942015d45e42 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 7 May 2018 10:49:06 -0500
Subject: [PATCH 205/304] Mac - update get_profile

---
 volatility/plugins/mac/get_profile.py | 36 +++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index 804fede26..b7465730e 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -34,6 +34,7 @@
 from volatility.renderers.basic import Address
 
 profiles = [
+["MacYosemite_10_10_1_14b25_14a389x64", 18446743523963612480, 18446743523964534784, 1],
 ["MacYosemite_10_10_2_14C1514x64", 18446743523963607600, 18446743523964534784, 1],
 ["MacYosemite_10_10_3_14D131_14D136x64", 18446743523963609408, 18446743523964534784, 1],
 ["MacYosemite_10_10_4_14E46x64", 18446743523963610496, 18446743523964534784, 1],
@@ -41,37 +42,63 @@
 ["MacYosemite_10_10_5_14F1912x64", 18446743523963609312, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F2009_14F2109x64", 18446743523963609536, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F2315x64", 18446743523963601344, 18446743523964534784, 1],
+["MacYosemite_10_10_5_14F2411x64", 18446743523963601536, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F2511x64", 18446743523963610096, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F27x64", 18446743523963608608, 18446743523964534784, 1],
 ["MacYosemite_10_10_14A389_14B25x64", 18446743523963612480, 18446743523964534784, 1],
 ["MacElCapitan_10_11_1_15B42x64", 18446743523963517744, 18446743523964555264, 1],
 ["MacElCapitan_10_11_2_15C50x64", 18446743523963517440, 18446743523964555264, 1],
 ["MacElCapitan_10_11_3_15D21_15D13bx64", 18446743523963520864, 18446743523964555264, 1],
+["MacElCapitan_10_11_4_15E27ex64", 18446743523963514048, 18446743523964555264, 1],
+["MacElCapitan_10_11_4_15E39dx64", 18446743523963503008, 18446743523964555264, 1],
+["MacElCapitan_10_11_4_15E49ax64", 18446743523963511504, 18446743523964555264, 1],
 ["MacElCapitan_10_11_4_15E65x64", 18446743523963511520, 18446743523964555264, 1],
+["MacElCapitan_10_11_5_15F18b_15F24bx64", 18446743523963513456, 18446743523964555264, 1],
 ["MacElCapitan_10_11_5_15F34x64", 18446743523963513456, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1004_15G1108x64", 18446743523963516032, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1212x64", 18446743523963503888, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1217x64", 18446743523963503456, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G12ax64", 18446743523963518048, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1421x64", 18446743523963503440, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1510x64", 18446743523963503632, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1611x64", 18446743523963517424, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G17023x64", 18446743523963518416, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G19ax64", 18446743523963519296, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G24b_15G31x64", 18446743523963515680, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G7ax64", 18446743523963517680, 18446743523964555264, 1],
 ["MacElCapitan_10_11_15A284x64", 18446743523963516960, 18446743523964547072, 1],
 ["MacSierra_10_12_0_16A323x64", 18446743523963569392, 18446743523964379136, 1],
+["MacSierra_10_12_1_16B2327ex64", 18446743523963564272, 18446743523964379136, 1],
+["MacSierra_10_12_1_16B2338cx64", 18446743523963569952, 18446743523964379136, 1],
 ["MacSierra_10_12_1_16B2657x64", 18446743523963568512, 18446743523964379136, 1],
+["MacSierra_10_12_2_16C48bx64", 18446743523963567216, 18446743523964379136, 1],
 ["MacSierra_10_12_2_16C63ax64", 18446743523963567232, 18446743523964379136, 1],
 ["MacSierra_10_12_2_16C67x64", 18446743523963567232, 18446743523964379136, 1],
+["MacSierra_10_12_3_16D30ax64", 18446743523963567520, 18446743523964379136, 1],
 ["MacSierra_10_12_3_16D32x64", 18446743523963567520, 18446743523964379136, 1],
+["MacSierra_10_12_4_16E144fx64", 18446743523963559152, 18446743523964379136, 1],
+["MacSierra_10_12_4_16E163fx64", 18446743523963558176, 18446743523964379136, 1],
+["MacSierra_10_12_4_16E183bx64", 18446743523963564384, 18446743523964379136, 1],
 ["MacSierra_10_12_4_16E195x64", 18446743523963564384, 18446743523964379136, 1],
 ["MacSierra_10_12_5_16F73x64", 18446743523963562144, 18446743523964379136, 1],
 ["MacSierra_10_12_6_16G1036x64", 18446743523963564096, 18446743523964379136, 1],
+["MacSierra_10_12_6_16G18ax64", 18446743523963561920, 18446743523964379136, 1],
+["MacSierra_10_12_6_16G23ax64", 18446743523963561936, 18446743523964379136, 1],
 ["MacSierra_10_12_6_16G29x64", 18446743523963561936, 18446743523964379136, 1],
+["MacSierra_10_12_16A323x64", 18446743523963569392, 18446743523964379136, 1],
 ["MacHighSierra_10_13_1_17B25cx64", 18446743523963490896, 18446743523964391424, 1],
 ["MacHighSierra_10_13_1_17B35ax64", 18446743523963490832, 18446743523964391424, 1],
+["MacHighSierra_10_13_1_17B46a_17B42a_17B45ax64", 18446743523963490832, 18446743523964391424, 1],
 ["MacHighSierra_10_13_1_17B48x64", 18446743523963490832, 18446743523964391424, 1],
 ["MacHighSierra_10_13_2_17C88x64", 18446743523965584448, 18446743523966648320, 1],
 ["MacHighSierra_10_13_2_Seed_17C60cx64", 18446743523965574112, 18446743523966648320, 1],
 ["MacHighSierra_10_13_3_17D47x64", 18446743523965582400, 18446743523966648320, 1],
+["MacHighSierra_10_13_4_17E150gx64", 18446743523965573200, 18446743523966652416, 1],
+["MacHighSierra_10_13_4_17E160ex64", 18446743523963477200, 18446743523964555264, 1],
+["MacHighSierra_10_13_4_17E170cx64", 18446743523963477952, 18446743523964555264, 1],
+["MacHighSierra_10_13_4_17E182ax64", 18446743523963484064, 18446743523964555264, 1],
+["MacHighSierra_10_13_4_17E202x64", 18446743523963484064, 18446743523964555264, 1],
+["MacHighSierra_10_13_5_17F45cx64", 18446743523963468032, 18446743523964555264, 1],
 ["MacHighSierra_10_13_17A264cx64", 18446743523963492288, 18446743523964387328, 1],
 ["MacHighSierra_10_13_17A291jx64", 18446743523963490112, 18446743523964387328, 1],
 ["MacHighSierra_10_13_17A306fx64", 18446743523963487728, 18446743523964391424, 1],
@@ -79,6 +106,7 @@
 ["MacHighSierra_10_13_17A344bx64", 18446743523963492400, 18446743523964391424, 1],
 ["MacHighSierra_10_13_17A352ax64", 18446743523963492416, 18446743523964391424, 1],
 ["MacHighSierra_10_13_17A358ax64", 18446743523963492592, 18446743523964391424, 1],
+["MacHighSierra_10_13_17A360a_17A362ax64", 18446743523963492592, 18446743523964391424, 1],
 ["MacLeopard_10_5_3_Intelx86", 4850472, 1708032, 0],
 ["MacLeopard_10_5_4_Intelx86", 4850488, 1708032, 0],
 ["MacLeopard_10_5_5_Intelx86", 4850568, 1708032, 0],
@@ -120,18 +148,22 @@
 ["MacMountainLion_10_8_5_12F2518_AMDx64", 18446743523961347136, 18446743523962273792, 1],
 ["MacMountainLion_10_8_5_12f37_AMDx64", 18446743523961347136, 18446743523962273792, 1],
 ["MacMountainLion_10_8_5_12f45_AMDx64", 18446743523961347136, 18446743523962273792, 1],
+["MacMavericks_10_9_1_13b42_13a603x64", 18446743523961749984, 18446743523962273792, 1],
 ["MacMavericks_10_9_1_AMDx64", 18446743523961749984, 18446743523962273792, 1],
 ["MacMavericks_10_9_2_13C1021_AMDx64", 18446743523961751392, 18446743523962273792, 1],
+["MacMavericks_10_9_2_13c64x64", 18446743523961753424, 18446743523962273792, 1],
 ["MacMavericks_10_9_2_13C64_AMDx64", 18446743523961753424, 18446743523962273792, 1],
+["MacMavericks_10_9_3_13d65x64", 18446743523961765744, 18446743523962273792, 1],
 ["MacMavericks_10_9_3_AMDx64", 18446743523961765744, 18446743523962273792, 1],
+["MacMavericks_10_9_4_13e28x64", 18446743523961767008, 18446743523962273792, 1],
 ["MacMavericks_10_9_4_AMDx64", 18446743523961767008, 18446743523962273792, 1],
 ["MacMavericks_10_9_5_13F1077_AMDx64", 18446743523961774256, 18446743523962273792, 1],
 ["MacMavericks_10_9_5_13F1911_AMDx64", 18446743523961774096, 18446743523962273792, 1],
+["MacMavericks_10_9_5_13f34x64", 18446743523961765968, 18446743523962273792, 1],
 ["MacMavericks_10_9_5_AMDx64", 18446743523961765968, 18446743523962273792, 1],
+["MacMavericks_10_9_13F1077x64", 18446743523961774256, 18446743523962273792, 1],
 ]
 
-
-
 collisions_10_8_5 = {
     "MacMountainLion_10_8_5_12F2518_AMDx64" : "xnu-2050.48.19~1",
     "MacMountainLion_10_8_5_12f37_AMDx64"   : "xnu-2050.48.11~1",

From 8e4eb4162ab9851fce6795bc31fe8a1689e4e32c Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Tue, 8 May 2018 21:20:52 -0500
Subject: [PATCH 206/304] Mac - update get_profile

---
 volatility/plugins/mac/get_profile.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index b7465730e..b4b9edcac 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -63,7 +63,10 @@
 ["MacElCapitan_10_11_6_15G1510x64", 18446743523963503632, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G1611x64", 18446743523963517424, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G17023x64", 18446743523963518416, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G18013x64", 18446743523963514960, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G19009x64", 18446743523963517920, 18446743523964706816, 1],
 ["MacElCapitan_10_11_6_15G19ax64", 18446743523963519296, 18446743523964555264, 1],
+["MacElCapitan_10_11_6_15G20015x64", 18446743523963517456, 18446743523964706816, 1],
 ["MacElCapitan_10_11_6_15G24b_15G31x64", 18446743523963515680, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G7ax64", 18446743523963517680, 18446743523964555264, 1],
 ["MacElCapitan_10_11_15A284x64", 18446743523963516960, 18446743523964547072, 1],
@@ -74,14 +77,16 @@
 ["MacSierra_10_12_2_16C48bx64", 18446743523963567216, 18446743523964379136, 1],
 ["MacSierra_10_12_2_16C63ax64", 18446743523963567232, 18446743523964379136, 1],
 ["MacSierra_10_12_2_16C67x64", 18446743523963567232, 18446743523964379136, 1],
-["MacSierra_10_12_3_16D30ax64", 18446743523963567520, 18446743523964379136, 1],
-["MacSierra_10_12_3_16D32x64", 18446743523963567520, 18446743523964379136, 1],
+["MacSierra_10_12_3_16D30a_16D32x64", 18446743523963567520, 18446743523964379136, 1],
 ["MacSierra_10_12_4_16E144fx64", 18446743523963559152, 18446743523964379136, 1],
 ["MacSierra_10_12_4_16E163fx64", 18446743523963558176, 18446743523964379136, 1],
 ["MacSierra_10_12_4_16E183bx64", 18446743523963564384, 18446743523964379136, 1],
 ["MacSierra_10_12_4_16E195x64", 18446743523963564384, 18446743523964379136, 1],
 ["MacSierra_10_12_5_16F73x64", 18446743523963562144, 18446743523964379136, 1],
 ["MacSierra_10_12_6_16G1036x64", 18446743523963564096, 18446743523964379136, 1],
+["MacSierra_10_12_6_16G1114x64", 18446743523963562848, 18446743523964379136, 1],
+["MacSierra_10_12_6_16G1212x64", 18446743523963563696, 18446743523964538880, 1],
+["MacSierra_10_12_6_16G1314x64", 18446743523963562432, 18446743523964538880, 1],
 ["MacSierra_10_12_6_16G18ax64", 18446743523963561920, 18446743523964379136, 1],
 ["MacSierra_10_12_6_16G23ax64", 18446743523963561936, 18446743523964379136, 1],
 ["MacSierra_10_12_6_16G29x64", 18446743523963561936, 18446743523964379136, 1],
@@ -99,6 +104,8 @@
 ["MacHighSierra_10_13_4_17E182ax64", 18446743523963484064, 18446743523964555264, 1],
 ["MacHighSierra_10_13_4_17E202x64", 18446743523963484064, 18446743523964555264, 1],
 ["MacHighSierra_10_13_5_17F45cx64", 18446743523963468032, 18446743523964555264, 1],
+["MacHighSierra_10_13_5_17F59bx64", 18446743523963481040, 18446743523964555264, 1],
+["MacHighSierra_10_13_5_17F66ax64", 18446743523963481088, 18446743523964555264, 1],
 ["MacHighSierra_10_13_17A264cx64", 18446743523963492288, 18446743523964387328, 1],
 ["MacHighSierra_10_13_17A291jx64", 18446743523963490112, 18446743523964387328, 1],
 ["MacHighSierra_10_13_17A306fx64", 18446743523963487728, 18446743523964391424, 1],

From d88dd6c6855211622139642e888cafa0e3d577f7 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 9 May 2018 09:38:01 -0500
Subject: [PATCH 207/304] initial commit for spring creators support

---
 volatility/plugins/bigpagepools.py            |     4 +-
 volatility/plugins/overlays/windows/win10.py  |   103 +-
 .../windows/win10_x64_17134_vtypes.py         | 15648 ++++++++++++++++
 .../windows/win10_x86_17134_vtypes.py         | 15052 +++++++++++++++
 volatility/win32/hive.py                      |    20 +-
 5 files changed, 30822 insertions(+), 5 deletions(-)
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_17134_vtypes.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x86_17134_vtypes.py

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index 2e8f0031e..083166f5b 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,8 +68,8 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32]],
-            (6, 4, '32bit') : [[-168, -164]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288]],
+            (6, 4, '32bit') : [[-168, -164], [-160, -172]],
         }
 
         version = (m.get('major', 0), m.get('minor', 0), m.get('memory_model', '32bit'))
diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index fbb55c969..36e1ff30f 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -601,7 +601,78 @@ class _OBJECT_HEADER_10_16299(_OBJECT_HEADER_10):
         64: 'DxgkSharedBundleObject',
         65: 'VRegConfigurationContext',
     	}
-    
+
+class _OBJECT_HEADER_10_17134(_OBJECT_HEADER_10):
+
+    type_map = {
+        2: "Type",
+        3: "Directory",
+        4: "SymbolicLink",
+        5: "Token",
+        6: "Job",
+        7: "Process",
+        8: "Thread",
+        9: "Partition",
+        10: "UserApcReserve",
+        11: "IoCompletionReserve",
+        12: "ActivityReference",
+        13: "PsSiloContextPaged",
+        14: "PsSiloContextNonPaged",
+        15: "DebugObject",
+        16: "Event",
+        17: "Mutant",
+        18: "Callback",
+        19: "Semaphore",
+        20: "Timer",
+        21: "IRTimer",
+        22: "Profile",
+        23: "KeyedEvent",
+        24: "WindowStation",
+        25: "Desktop",
+        26: "Composition",
+        27: "RawInputManager",
+        28: "CoreMessaging",
+        29: "TpWorkerFactory",
+        30: "Adapter",
+        31: "Controller",
+        32: "Device",
+        33: "Driver",
+        34: "IoCompletion",
+        35: "WaitCompletionPacket",
+        36: "File",
+        37: "TmTm",
+        38: "TmTx",
+        39: "TmRm",
+        40: "TmEn",
+        41: "Section",
+        42: "Session",
+        43: "Key",
+        44: "RegistryTransaction",
+        45: "ALPC",
+        46: "EnergyTracker",
+        47: "PowerRequest",
+        48: "WmiGuid",
+        49: "EtwRegistration",
+        50: "EtwSessionDemuxEntry",
+        51: "EtwConsumer",
+        52: "CoverageSampler",
+        53: "DmaAdapter",
+        54: "PcwObject",
+        55: "FilterConnectionPort",
+        56: "FilterCommunicationPort",
+        57: "NdisCmState",
+        58: "DxgkSharedResource",
+        59: "DxgkSharedKeyedMutexObject",
+        60: "DxgkSharedSyncObject",
+        61: "DxgkSharedSwapChainObject",
+        62: "DxgkDisplayManagerObject",
+        63: "DxgkCurrentDxgProcessObject",
+        64: "DxgkSharedProtectedSessionObject",
+        65: "DxgkSharedBundleObject",
+        66: "DxgkCompositionObject",
+        67: "VRegConfigurationContext",
+    }
+
 class _HANDLE_TABLE_10_DD08DD42(win8._HANDLE_TABLE_81R264):
     
     def decode_pointer(self, value):
@@ -624,7 +695,15 @@ def modification(self, profile):
         metadata = profile.metadata
         build = metadata.get("build", 0)
 
-        if build >= 16299:
+        if build >= 17134:
+            header = _OBJECT_HEADER_10_17134
+
+            ## update the handle table here as well
+            if metadata.get("memory_model") == "64bit":
+                profile.object_classes.update({
+                    "_HANDLE_TABLE": _HANDLE_TABLE_10_DD08DD42})
+
+        elif build >= 16299:
             header = _OBJECT_HEADER_10_16299
 
             ## update the handle table here as well
@@ -832,6 +911,16 @@ class Win10x86_16299(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_16299_vtypes'
     _md_product = ["NtProductWinNt"]
 
+class Win10x86_17134(obj.Profile):
+    """ A Profile for Windows 10 x86 (10.0.17134.1 / 2018-04-11) """
+    _md_memory_model = '32bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 17134
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_17134_vtypes'
+    _md_product = ["NtProductWinNt"]
+
 class Win10x64_15063(obj.Profile):
     """ A Profile for Windows 10 x64 (10.0.15063.0 / 2017-04-04) """
     _md_memory_model = '64bit'
@@ -851,3 +940,13 @@ class Win10x64_16299(obj.Profile):
     _md_build = 16299
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_16299_vtypes'
     _md_product = ["NtProductWinNt"]
+
+class Win10x64_17134(obj.Profile):
+    """ A Profile for Windows 10 x64 (10.0.17134.1 / 2018-04-11) """
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 17134
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_17134_vtypes'
+    _md_product = ["NtProductWinNt"]
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win10_x64_17134_vtypes.py b/volatility/plugins/overlays/windows/win10_x64_17134_vtypes.py
new file mode 100644
index 000000000..44e916f08
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_17134_vtypes.py
@@ -0,0 +1,15648 @@
+ntkrnlmp_10_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PS_MITIGATION_AUDIT_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgStateSeparationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'TelemetryCoverageRound' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_108b' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_108b']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_10a3' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_10a5' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_10a3']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_10a5']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['pointer64', ['void']]]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['pointer64', ['void']]]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x281, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0x18, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_1117' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1117']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_CUSTOM_SYSTEM_EVENT_TRIGGER_CONFIG' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'TriggerId' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x8040, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x7ec0, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IdleState' : [ 0x23, ['unsigned char']],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'CpuType' : [ 0x40, ['unsigned char']],
+    'CpuID' : [ 0x41, ['unsigned char']],
+    'CpuStep' : [ 0x42, ['unsigned short']],
+    'CpuStepping' : [ 0x42, ['unsigned char']],
+    'CpuModel' : [ 0x43, ['unsigned char']],
+    'MHz' : [ 0x44, ['unsigned long']],
+    'HalReserved' : [ 0x48, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x88, ['unsigned short']],
+    'MajorVersion' : [ 0x8a, ['unsigned short']],
+    'BuildType' : [ 0x8c, ['unsigned char']],
+    'CpuVendor' : [ 0x8d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x8e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x8f, ['unsigned char']],
+    'PrcbPad04' : [ 0x90, ['array', 6, ['unsigned long long']]],
+    'ParentNode' : [ 0xc0, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0xc8, ['unsigned long long']],
+    'Group' : [ 0xd0, ['unsigned char']],
+    'GroupIndex' : [ 0xd1, ['unsigned char']],
+    'PrcbPad05' : [ 0xd2, ['array', 2, ['unsigned char']]],
+    'InitialApicId' : [ 0xd4, ['unsigned long']],
+    'ScbOffset' : [ 0xd8, ['unsigned long']],
+    'ApicMask' : [ 0xdc, ['unsigned long']],
+    'AcpiReserved' : [ 0xe0, ['pointer64', ['void']]],
+    'CFlushSize' : [ 0xe8, ['unsigned long']],
+    'PrcbFlags' : [ 0xec, ['_KPRCBFLAG']],
+    'TrappedSecurityDomain' : [ 0xf0, ['unsigned long long']],
+    'BpbState' : [ 0xf8, ['unsigned short']],
+    'BpbIbrsPresent' : [ 0xf8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'BpbStibpPresent' : [ 0xf8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'BpbSmepPresent' : [ 0xf8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'BpbSimulateSpecCtrl' : [ 0xf8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'BpbSimulateIbpb' : [ 0xf8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'BpbIbpbPresent' : [ 0xf8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'BpbCpuIdle' : [ 0xf8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'BpbClearSpecCtrlOnIdle' : [ 0xf8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'BpbHTDisabled' : [ 0xf8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'BpbUserToUserOnly' : [ 0xf8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BpbReserved' : [ 0xf8, ['BitField', dict(start_bit = 10, end_bit = 16, native_type='unsigned short')]],
+    'BpbSpecCtrlValue' : [ 0xfa, ['unsigned char']],
+    'BpbCtxSwapSetValue' : [ 0xfb, ['unsigned char']],
+    'BpbPad' : [ 0xfc, ['array', 4, ['unsigned char']]],
+    'PrcbPad11' : [ 0xf0, ['array', 2, ['unsigned long long']]],
+    'ProcessorState' : [ 0x100, ['_KPROCESSOR_STATE']],
+    'ExtendedSupervisorState' : [ 0x6c0, ['pointer64', ['_XSAVE_AREA_HEADER']]],
+    'PrcbPad12' : [ 0x6c8, ['array', 5, ['unsigned long long']]],
+    'LockQueue' : [ 0x6f0, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x800, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x900, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0x1500, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x2100, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PrcbPad20' : [ 0x2d00, ['unsigned long long']],
+    'DeferredReadyListHead' : [ 0x2d08, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2d10, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2d14, ['long']],
+    'MmTransitionCount' : [ 0x2d18, ['long']],
+    'MmDemandZeroCount' : [ 0x2d1c, ['long']],
+    'MmPageReadCount' : [ 0x2d20, ['long']],
+    'MmPageReadIoCount' : [ 0x2d24, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x2d28, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x2d2c, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x2d30, ['long']],
+    'MmMappedWriteIoCount' : [ 0x2d34, ['long']],
+    'KeSystemCalls' : [ 0x2d38, ['unsigned long']],
+    'KeContextSwitches' : [ 0x2d3c, ['unsigned long']],
+    'PrcbPad40' : [ 0x2d40, ['unsigned long']],
+    'CcFastReadNoWait' : [ 0x2d44, ['unsigned long']],
+    'CcFastReadWait' : [ 0x2d48, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x2d4c, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x2d50, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x2d54, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x2d58, ['unsigned long']],
+    'IoReadOperationCount' : [ 0x2d5c, ['long']],
+    'IoWriteOperationCount' : [ 0x2d60, ['long']],
+    'IoOtherOperationCount' : [ 0x2d64, ['long']],
+    'IoReadTransferCount' : [ 0x2d68, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x2d70, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x2d78, ['_LARGE_INTEGER']],
+    'PacketBarrier' : [ 0x2d80, ['long']],
+    'TargetCount' : [ 0x2d84, ['long']],
+    'IpiFrozen' : [ 0x2d88, ['unsigned long']],
+    'PrcbPad30' : [ 0x2d8c, ['unsigned long']],
+    'IsrDpcStats' : [ 0x2d90, ['pointer64', ['void']]],
+    'DeviceInterrupts' : [ 0x2d98, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x2d9c, ['long']],
+    'InterruptLastCount' : [ 0x2da0, ['unsigned long']],
+    'InterruptRate' : [ 0x2da4, ['unsigned long']],
+    'LastNonHrTimerExpiration' : [ 0x2da8, ['unsigned long long']],
+    'PrcbPad35' : [ 0x2db0, ['array', 2, ['unsigned long long']]],
+    'InterruptObjectPool' : [ 0x2dc0, ['_SLIST_HEADER']],
+    'PrcbPad41' : [ 0x2dd0, ['array', 6, ['unsigned long long']]],
+    'DpcData' : [ 0x2e00, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2e50, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2e58, ['long']],
+    'DpcRequestRate' : [ 0x2e5c, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x2e60, ['unsigned long']],
+    'DpcLastCount' : [ 0x2e64, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x2e68, ['unsigned char']],
+    'QuantumEnd' : [ 0x2e69, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x2e6a, ['unsigned char']],
+    'IdleSchedule' : [ 0x2e6b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x2e6c, ['long']],
+    'DpcRequestSlot' : [ 0x2e6c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x2e6c, ['short']],
+    'ThreadDpcState' : [ 0x2e6e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x2e6c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x2e6c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x2e6c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x2e6c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x2e6c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x2e6c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x2e6c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x2e6c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x2e6c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x2e6c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2e70, ['unsigned long']],
+    'LastTick' : [ 0x2e74, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2e78, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2e7c, ['unsigned long']],
+    'InterruptObject' : [ 0x2e80, ['array', 256, ['pointer64', ['void']]]],
+    'TimerTable' : [ 0x3680, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x5880, ['_KGATE']],
+    'PrcbPad52' : [ 0x5898, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x58a0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x58e0, ['long']],
+    'PrcbPad60' : [ 0x58e4, ['array', 2, ['unsigned char']]],
+    'NmiActive' : [ 0x58e6, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x58e8, ['long']],
+    'DpcWatchdogCount' : [ 0x58ec, ['long']],
+    'KeSpinLockOrdering' : [ 0x58f0, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x58f4, ['unsigned long']],
+    'CachedPtes' : [ 0x58f8, ['pointer64', ['void']]],
+    'WaitListHead' : [ 0x5900, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x5910, ['unsigned long long']],
+    'ReadySummary' : [ 0x5918, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x591c, ['long']],
+    'QueueIndex' : [ 0x5920, ['unsigned long']],
+    'PrcbPad75' : [ 0x5924, ['array', 3, ['unsigned long']]],
+    'TimerExpirationDpc' : [ 0x5930, ['_KDPC']],
+    'ScbQueue' : [ 0x5970, ['_RTL_RB_TREE']],
+    'DispatcherReadyListHead' : [ 0x5980, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x5b80, ['unsigned long']],
+    'KernelTime' : [ 0x5b84, ['unsigned long']],
+    'UserTime' : [ 0x5b88, ['unsigned long']],
+    'DpcTime' : [ 0x5b8c, ['unsigned long']],
+    'InterruptTime' : [ 0x5b90, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x5b94, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x5b98, ['unsigned char']],
+    'GroupSchedulingOverQuota' : [ 0x5b99, ['unsigned char']],
+    'DeepSleep' : [ 0x5b9a, ['unsigned char']],
+    'PrcbPad80' : [ 0x5b9b, ['unsigned char']],
+    'DpcTimeCount' : [ 0x5b9c, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x5ba0, ['unsigned long']],
+    'PeriodicCount' : [ 0x5ba4, ['unsigned long']],
+    'PeriodicBias' : [ 0x5ba8, ['unsigned long']],
+    'AvailableTime' : [ 0x5bac, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x5bb0, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x5bb4, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x5bb8, ['unsigned long long']],
+    'StartCycles' : [ 0x5bc0, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x5bc8, ['unsigned long long']],
+    'TaggedCycles' : [ 0x5bd0, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x5be0, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x5be8, ['unsigned long long']],
+    'ImportantCycles' : [ 0x5bf0, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x5bf8, ['unsigned long long']],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x5c00, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x5c04, ['long']],
+    'CachedStack' : [ 0x5c08, ['pointer64', ['void']]],
+    'PageColor' : [ 0x5c10, ['unsigned long']],
+    'NodeColor' : [ 0x5c14, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x5c18, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x5c1c, ['unsigned long']],
+    'PrcbPad81' : [ 0x5c20, ['array', 7, ['unsigned char']]],
+    'TbFlushListActive' : [ 0x5c27, ['unsigned char']],
+    'PrcbPad82' : [ 0x5c28, ['array', 2, ['unsigned long long']]],
+    'CycleTime' : [ 0x5c38, ['unsigned long long']],
+    'Cycles' : [ 0x5c40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CcFastMdlReadNoWait' : [ 0x5c80, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x5c84, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x5c88, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x5c8c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x5c90, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x5c94, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x5c98, ['unsigned long']],
+    'CcPinReadWait' : [ 0x5c9c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x5ca0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x5ca4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x5ca8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x5cac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x5cb0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x5cb4, ['unsigned long']],
+    'CcDataPages' : [ 0x5cb8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x5cbc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x5cc0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x5cc4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x5cc8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x5ccc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x5cd0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x5cd4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x5cd8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x5cdc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x5ce0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x5ce4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x5ce8, ['long']],
+    'MmCacheReadCount' : [ 0x5cec, ['long']],
+    'MmCacheIoCount' : [ 0x5cf0, ['long']],
+    'PrcbPad91' : [ 0x5cf4, ['unsigned long']],
+    'MmFlushList' : [ 0x5cf8, ['pointer64', ['void']]],
+    'PowerState' : [ 0x5d00, ['_PROCESSOR_POWER_STATE']],
+    'HyperPte' : [ 0x5f00, ['pointer64', ['void']]],
+    'ScbList' : [ 0x5f08, ['_LIST_ENTRY']],
+    'ForceIdleDpc' : [ 0x5f18, ['_KDPC']],
+    'DpcWatchdogDpc' : [ 0x5f58, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x5f98, ['_KTIMER']],
+    'Cache' : [ 0x5fd8, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x6014, ['unsigned long']],
+    'CachedCommit' : [ 0x6018, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x601c, ['unsigned long']],
+    'WheaInfo' : [ 0x6020, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x6028, ['pointer64', ['void']]],
+    'ExSaPageArray' : [ 0x6030, ['pointer64', ['void']]],
+    'KeAlignmentFixupCount' : [ 0x6038, ['unsigned long']],
+    'PrcbPad95' : [ 0x603c, ['unsigned long']],
+    'HypercallPageList' : [ 0x6040, ['_SLIST_HEADER']],
+    'StatisticsPage' : [ 0x6050, ['pointer64', ['unsigned long long']]],
+    'PrcbPad85' : [ 0x6058, ['array', 5, ['unsigned long long']]],
+    'HypercallCachedPages' : [ 0x6080, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x6088, ['pointer64', ['void']]],
+    'PackageProcessorSet' : [ 0x6090, ['_KAFFINITY_EX']],
+    'PrcbPad86' : [ 0x6138, ['unsigned long long']],
+    'SharedReadyQueueMask' : [ 0x6140, ['unsigned long long']],
+    'SharedReadyQueue' : [ 0x6148, ['pointer64', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x6150, ['unsigned long']],
+    'ScanSiblingIndex' : [ 0x6154, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x6158, ['unsigned long long']],
+    'ScanSiblingMask' : [ 0x6160, ['unsigned long long']],
+    'LLCMask' : [ 0x6168, ['unsigned long long']],
+    'CacheProcessorMask' : [ 0x6170, ['array', 5, ['unsigned long long']]],
+    'ProcessorProfileControlArea' : [ 0x6198, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x61a0, ['pointer64', ['void']]],
+    'DpcWatchdogProfile' : [ 0x61a8, ['pointer64', ['pointer64', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x61b0, ['pointer64', ['pointer64', ['void']]]],
+    'SchedulerAssist' : [ 0x61b8, ['pointer64', ['void']]],
+    'SynchCounters' : [ 0x61c0, ['_SYNCH_COUNTERS']],
+    'PrcbPad94' : [ 0x6278, ['unsigned long long']],
+    'FsCounters' : [ 0x6280, ['_FILESYSTEM_DISK_COUNTERS']],
+    'VendorString' : [ 0x6290, ['array', 13, ['unsigned char']]],
+    'PrcbPad100' : [ 0x629d, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x62a0, ['unsigned long long']],
+    'UpdateSignature' : [ 0x62a8, ['_LARGE_INTEGER']],
+    'PteBitCache' : [ 0x62b0, ['unsigned long long']],
+    'PteBitOffset' : [ 0x62b8, ['unsigned long']],
+    'PrcbPad105' : [ 0x62bc, ['unsigned long']],
+    'Context' : [ 0x62c0, ['pointer64', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x62c8, ['unsigned long']],
+    'PrcbPad115' : [ 0x62cc, ['unsigned long']],
+    'ExtendedState' : [ 0x62d0, ['pointer64', ['_XSAVE_AREA']]],
+    'IsrStack' : [ 0x62d8, ['pointer64', ['void']]],
+    'EntropyTimingState' : [ 0x62e0, ['_KENTROPY_TIMING_STATE']],
+    'PrcbPad110' : [ 0x6430, ['unsigned long long']],
+    'PrcbPad111' : [ 0x6438, ['array', 7, ['unsigned long long']]],
+    'AbSelfIoBoostsList' : [ 0x6470, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x6478, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x6480, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x64c0, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x6514, ['_IOP_IRP_STACK_PROFILER']],
+    'SecureFault' : [ 0x6568, ['_KSECURE_FAULT_INFORMATION']],
+    'PrcbPad120' : [ 0x6578, ['unsigned long long']],
+    'LocalSharedReadyQueue' : [ 0x6580, ['_KSHARED_READY_QUEUE']],
+    'PrcbPad125' : [ 0x67f0, ['array', 2, ['unsigned long long']]],
+    'TimerExpirationTraceCount' : [ 0x6800, ['unsigned long']],
+    'PrcbPad127' : [ 0x6804, ['unsigned long']],
+    'TimerExpirationTrace' : [ 0x6808, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'PrcbPad128' : [ 0x6908, ['array', 7, ['unsigned long long']]],
+    'Mailbox' : [ 0x6940, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'PrcbPad130' : [ 0x6948, ['array', 7, ['unsigned long long']]],
+    'SelfmapLockHandle' : [ 0x6980, ['array', 4, ['_KLOCK_QUEUE_HANDLE']]],
+    'PrcbPad135' : [ 0x69e0, ['array', 1184, ['unsigned char']]],
+    'KernelDirectoryTableBase' : [ 0x6e80, ['unsigned long long']],
+    'RspBaseShadow' : [ 0x6e88, ['unsigned long long']],
+    'UserRspShadow' : [ 0x6e90, ['unsigned long long']],
+    'ShadowFlags' : [ 0x6e98, ['unsigned long']],
+    'PrcbPad139' : [ 0x6e9c, ['unsigned long']],
+    'PrcbPad140' : [ 0x6ea0, ['array', 508, ['unsigned long long']]],
+    'RequestMailbox' : [ 0x7e80, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KFLOATING_SAVE' : [ 0x4, {
+    'Dummy' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_11e8' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Virtual' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_11ea' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Reserved2' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_11ec' : [ 0x10, {
+    'Reserved' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_INVPCID_DESCRIPTOR' : [ 0x10, {
+    'IndividualAddress' : [ 0x0, ['__unnamed_11e8']],
+    'SingleContext' : [ 0x0, ['__unnamed_11ea']],
+    'AllContextAndGlobals' : [ 0x0, ['__unnamed_11ec']],
+    'AllContext' : [ 0x0, ['__unnamed_11ec']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '__unnamed_1235' : [ 0x8, {
+    'SecureProcess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '__unnamed_1237' : [ 0x8, {
+    'SecureHandle' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x0, ['__unnamed_1235']],
+} ],
+  '_KPROCESS' : [ 0x2d8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x44, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x48, ['unsigned long long']],
+    'Affinity' : [ 0x50, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x110, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x1b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x1b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x1b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeepFreeze' : [ 0x1b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x1b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x1b8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x1b8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x1b8, ['BitField', dict(start_bit = 7, end_bit = 10, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x1b8, ['BitField', dict(start_bit = 10, end_bit = 30, native_type='unsigned long')]],
+    'VaSpaceDeleted' : [ 0x1b8, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x1b8, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ProcessFlags' : [ 0x1b8, ['long']],
+    'BasePriority' : [ 0x1bc, ['unsigned char']],
+    'QuantumReset' : [ 0x1bd, ['unsigned char']],
+    'Visited' : [ 0x1be, ['unsigned char']],
+    'Flags' : [ 0x1bf, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x1c0, ['array', 20, ['unsigned long']]],
+    'IdealNode' : [ 0x210, ['array', 20, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x238, ['unsigned short']],
+    'Spare1' : [ 0x23a, ['unsigned short']],
+    'StackCount' : [ 0x23c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x240, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x250, ['unsigned long long']],
+    'ContextSwitches' : [ 0x258, ['unsigned long long']],
+    'SchedulingGroup' : [ 0x260, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'FreezeCount' : [ 0x268, ['unsigned long']],
+    'KernelTime' : [ 0x26c, ['unsigned long']],
+    'UserTime' : [ 0x270, ['unsigned long']],
+    'ReadyTime' : [ 0x274, ['unsigned long']],
+    'UserDirectoryTableBase' : [ 0x278, ['unsigned long long']],
+    'AddressPolicy' : [ 0x280, ['unsigned char']],
+    'Spare2' : [ 0x281, ['array', 71, ['unsigned char']]],
+    'InstrumentationCallback' : [ 0x2c8, ['pointer64', ['void']]],
+    'SecureState' : [ 0x2d0, ['__unnamed_1237']],
+} ],
+  '_KTHREAD' : [ 0x5f0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'StackBase' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'CycleTime' : [ 0x48, ['unsigned long long']],
+    'CurrentRunTime' : [ 0x50, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
+    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
+    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x71, ['unsigned char']],
+    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x74, ['long']],
+    'BamQosLevel' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x78, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x78, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x78, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'VpBackingThread' : [ 0x78, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x78, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x78, ['long']],
+    'Tag' : [ 0x7c, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x7d, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x7f, ['unsigned char']],
+    'SystemCallNumber' : [ 0x80, ['unsigned long']],
+    'ReadyTime' : [ 0x84, ['unsigned long']],
+    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
+    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x98, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0xc3, ['unsigned char']],
+    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
+    'WaitStatus' : [ 0xc8, ['long long']],
+    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xf0, ['pointer64', ['void']]],
+    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
+    'Timer' : [ 0x100, ['_KTIMER']],
+    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
+    'ContextSwitches' : [ 0x154, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
+    'State' : [ 0x184, ['unsigned char']],
+    'Spare13' : [ 0x185, ['unsigned char']],
+    'WaitIrql' : [ 0x186, ['unsigned char']],
+    'WaitMode' : [ 0x187, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
+    'WaitTime' : [ 0x1b4, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1e4, ['short']],
+    'SpecialApcDisable' : [ 0x1e6, ['short']],
+    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
+    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
+    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
+    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
+    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
+    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
+    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'Spare21' : [ 0x200, ['pointer64', ['void']]],
+    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x218, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x21c, ['long']],
+    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
+    'PreviousMode' : [ 0x232, ['unsigned char']],
+    'BasePriority' : [ 0x233, ['unsigned char']],
+    'PriorityDecrement' : [ 0x234, ['unsigned char']],
+    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x235, ['unsigned char']],
+    'AdjustReason' : [ 0x236, ['unsigned char']],
+    'AdjustIncrement' : [ 0x237, ['unsigned char']],
+    'AffinityVersion' : [ 0x238, ['unsigned long long']],
+    'Affinity' : [ 0x240, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x240, ['array', 10, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x24a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x24b, ['unsigned char']],
+    'IdealProcessor' : [ 0x24c, ['unsigned long']],
+    'NpxState' : [ 0x250, ['unsigned long long']],
+    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x283, ['unsigned char']],
+    'SuspendCount' : [ 0x284, ['unsigned char']],
+    'Saturation' : [ 0x285, ['unsigned char']],
+    'SListFaultCount' : [ 0x286, ['unsigned short']],
+    'SchedulerApc' : [ 0x288, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x289, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x28b, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x28c, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
+    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
+    'UserTime' : [ 0x2dc, ['unsigned long']],
+    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x318, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x319, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x31a, ['unsigned char']],
+    'SystemPriority' : [ 0x31b, ['unsigned char']],
+    'SecureThreadCookie' : [ 0x31c, ['unsigned long']],
+    'LockEntries' : [ 0x320, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x568, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x570, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x580, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x584, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x588, ['long']],
+    'KeReferenceCount' : [ 0x58c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x58e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x58f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x590, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x598, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x598, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x5a0, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x5a8, ['long long']],
+    'WriteOperationCount' : [ 0x5b0, ['long long']],
+    'OtherOperationCount' : [ 0x5b8, ['long long']],
+    'ReadTransferCount' : [ 0x5c0, ['long long']],
+    'WriteTransferCount' : [ 0x5c8, ['long long']],
+    'OtherTransferCount' : [ 0x5d0, ['long long']],
+    'QueuedScb' : [ 0x5d8, ['pointer64', ['_KSCB']]],
+    'ThreadTimerDelay' : [ 0x5e0, ['unsigned long']],
+    'ThreadFlags2' : [ 0x5e4, ['long']],
+    'PpmPolicy' : [ 0x5e4, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlags2Reserved' : [ 0x5e4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'SchedulerAssist' : [ 0x5e8, ['pointer64', ['void']]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x30, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'ActualLimit' : [ 0x8, ['unsigned long long']],
+    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_12a6' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'HeaderX64' : [ 0x0, ['__unnamed_12a6']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x180, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long long']],
+    'IdleSmtSet' : [ 0x8, ['unsigned long long']],
+    'IdleCpuSet' : [ 0x10, ['unsigned long long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long long']],
+    'IdleConstrainedSet' : [ 0x48, ['unsigned long long']],
+    'NonParkedSet' : [ 0x50, ['unsigned long long']],
+    'NonIsrTargetedSet' : [ 0x58, ['unsigned long long']],
+    'ParkLock' : [ 0x60, ['long']],
+    'Seed' : [ 0x64, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x88, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x88, ['array', 10, ['unsigned char']]],
+    'NodeNumber' : [ 0x92, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x94, ['unsigned short']],
+    'Stride' : [ 0x96, ['unsigned char']],
+    'Spare0' : [ 0x97, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x98, ['unsigned long long']],
+    'ProximityId' : [ 0xa0, ['unsigned long']],
+    'Lowest' : [ 0xa4, ['unsigned long']],
+    'Highest' : [ 0xa8, ['unsigned long']],
+    'MaximumProcessors' : [ 0xac, ['unsigned char']],
+    'Flags' : [ 0xad, ['_flags']],
+    'Spare10' : [ 0xae, ['unsigned char']],
+    'HeteroSets' : [ 0xb0, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+    'PpmConfiguredQosSets' : [ 0x128, ['array', 4, ['unsigned long long']]],
+} ],
+  '_ENODE' : [ 0x1c0, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'HotAddProcessorWorkItem' : [ 0x180, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long long']],
+    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x2c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
+    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'VolatileLowValue' : [ 0x0, ['long long']],
+    'LowValue' : [ 0x0, ['long long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x8, ['long long']],
+    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
+    'RefCountField' : [ 0x0, ['long long']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
+    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+    'Spare2' : [ 0xc, ['unsigned long']],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1392' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_1392']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xe0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x818, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x5f0, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x5f8, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x5f8, ['_LIST_ENTRY']],
+    'PostBlockList' : [ 0x608, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x608, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x610, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x618, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x618, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x618, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x620, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x628, ['_LIST_ENTRY']],
+    'Cid' : [ 0x638, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x648, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x648, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x668, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x670, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x680, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x688, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x690, ['pointer64', ['void']]],
+    'ChargeOnlySession' : [ 0x698, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x6a0, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x6a8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x6b8, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x6c0, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x6c8, ['unsigned long']],
+    'MmLockOrdering' : [ 0x6cc, ['long']],
+    'CrossThreadFlags' : [ 0x6d0, ['unsigned long']],
+    'Terminated' : [ 0x6d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x6d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x6d0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x6d0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x6d0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x6d0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x6d0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x6d0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x6d0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x6d0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x6d0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x6d0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x6d0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6d0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x6d0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x6d0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x6d0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x6d0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ForcedSelfTrimActive' : [ 0x6d0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SamplingCoverage' : [ 0x6d0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x6d0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x6d4, ['unsigned long']],
+    'ActiveExWorker' : [ 0x6d4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x6d4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x6d4, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x6d4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x6d4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x6d4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x6d4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x6d4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SecureContext' : [ 0x6d4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ZeroPageThread' : [ 0x6d4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x6d4, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x6d8, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x6d8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x6d8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x6d8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x6d8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x6d8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x6d8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x6d8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x6d8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x6d9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x6d9, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'AllowWritesToExecutableMemory' : [ 0x6d9, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x6dc, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x6dd, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x6de, ['unsigned char']],
+    'LockOrderState' : [ 0x6df, ['unsigned char']],
+    'AlpcMessageId' : [ 0x6e0, ['unsigned long long']],
+    'AlpcMessage' : [ 0x6e8, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x6e8, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x6f0, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x700, ['long']],
+    'CacheManagerCount' : [ 0x704, ['unsigned long']],
+    'IoBoostCount' : [ 0x708, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x70c, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x710, ['unsigned long']],
+    'BoostList' : [ 0x718, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x728, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x738, ['unsigned long long']],
+    'IrpListLock' : [ 0x740, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x748, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x750, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x758, ['pointer64', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x760, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x768, ['pointer64', ['void']]],
+    'KernelStackReference' : [ 0x770, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x778, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x780, ['pointer64', ['void']]],
+    'PropertySet' : [ 0x788, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x7a0, ['pointer64', ['void']]],
+    'UserFsBase' : [ 0x7a8, ['unsigned long long']],
+    'UserGsBase' : [ 0x7b0, ['unsigned long long']],
+    'EnergyValues' : [ 0x7b8, ['pointer64', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x7c0, ['pointer64', ['void']]],
+    'SelectedCpuSets' : [ 0x7c8, ['unsigned long long']],
+    'SelectedCpuSetsIndirect' : [ 0x7c8, ['pointer64', ['unsigned long long']]],
+    'Silo' : [ 0x7d0, ['pointer64', ['_EJOB']]],
+    'ThreadName' : [ 0x7d8, ['pointer64', ['_UNICODE_STRING']]],
+    'SetContextState' : [ 0x7e0, ['pointer64', ['_CONTEXT']]],
+    'LastExpectedRunTime' : [ 0x7e8, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x7f0, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x800, ['unsigned long long']],
+    'DisownedOwnerEntryListHead' : [ 0x808, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_13e8' : [ 0x4, {
+    'ControlFlowGuardEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditDisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'AuditDisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'AuditProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'AuditProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinaries' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinariesAllowStore' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AuditLoaderIntegrityContinuity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'EnableModuleTamperingProtection' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'EnableModuleTamperingProtectionNoInherit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+} ],
+  '__unnamed_13ea' : [ 0x4, {
+    'EnableExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AuditExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'EnableRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuditRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuditRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'EnableRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AuditRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'EnableImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_EPROCESS' : [ 0x848, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x2d8, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0x2e0, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x2e8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x2f8, ['_EX_RUNDOWN_REF']],
+    'Flags2' : [ 0x300, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PicoCreated' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'EnableReadVmLogging' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'EnableWriteVmLogging' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'InPrivate' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x304, ['unsigned long']],
+    'CreateReported' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x304, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ManageExecutableMemoryWrites' : [ 0x304, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x304, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x304, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x304, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0x304, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x304, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x304, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x304, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x304, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x304, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x304, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x304, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x304, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0x304, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x304, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x304, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x304, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x304, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0x304, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x304, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x304, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x304, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x304, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0x308, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x320, ['array', 2, ['unsigned long long']]],
+    'PeakVirtualSize' : [ 0x330, ['unsigned long long']],
+    'VirtualSize' : [ 0x338, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x340, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x350, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x350, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x350, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Token' : [ 0x358, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x360, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x368, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x370, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x378, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x380, ['pointer64', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x388, ['pointer64', ['_EJOB']]],
+    'CloneRoot' : [ 0x390, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x398, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x3a0, ['unsigned long long']],
+    'Win32Process' : [ 0x3a8, ['pointer64', ['void']]],
+    'Job' : [ 0x3b0, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x3b8, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x3c0, ['pointer64', ['void']]],
+    'Cookie' : [ 0x3c8, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x3d0, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x3d8, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x3e0, ['pointer64', ['void']]],
+    'LdtInformation' : [ 0x3e8, ['pointer64', ['void']]],
+    'OwnerProcessId' : [ 0x3f0, ['unsigned long long']],
+    'Peb' : [ 0x3f8, ['pointer64', ['_PEB']]],
+    'Session' : [ 0x400, ['pointer64', ['_MM_SESSION_SPACE']]],
+    'AweInfo' : [ 0x408, ['pointer64', ['void']]],
+    'QuotaBlock' : [ 0x410, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x418, ['pointer64', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x420, ['pointer64', ['void']]],
+    'WoW64Process' : [ 0x428, ['pointer64', ['_EWOW64PROCESS']]],
+    'DeviceMap' : [ 0x430, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x438, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x440, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x448, ['pointer64', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x450, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x45f, ['unsigned char']],
+    'SecurityPort' : [ 0x460, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x468, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x470, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x480, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x488, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x498, ['unsigned long']],
+    'ImagePathHash' : [ 0x49c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x4a0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x4a4, ['long']],
+    'PrefetchTrace' : [ 0x4a8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x4b0, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x4b8, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x4c0, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x4c8, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x4d0, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x4d8, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x4e0, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x4e8, ['unsigned long long']],
+    'CommitCharge' : [ 0x4f0, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x4f8, ['unsigned long long']],
+    'Vm' : [ 0x500, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x610, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x620, ['unsigned long']],
+    'ExitStatus' : [ 0x624, ['long']],
+    'VadRoot' : [ 0x628, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x630, ['pointer64', ['void']]],
+    'VadCount' : [ 0x638, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x640, ['unsigned long long']],
+    'VadPhysicalPagesLimit' : [ 0x648, ['unsigned long long']],
+    'AlpcContext' : [ 0x650, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x670, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x680, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x688, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x68c, ['unsigned long']],
+    'ExitTime' : [ 0x690, ['_LARGE_INTEGER']],
+    'InvertedFunctionTable' : [ 0x698, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
+    'InvertedFunctionTableLock' : [ 0x6a0, ['_EX_PUSH_LOCK']],
+    'ActiveThreadsHighWatermark' : [ 0x6a8, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x6ac, ['unsigned long']],
+    'ThreadListLock' : [ 0x6b0, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x6b8, ['pointer64', ['void']]],
+    'ServerSilo' : [ 0x6c0, ['pointer64', ['_EJOB']]],
+    'SignatureLevel' : [ 0x6c8, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x6c9, ['unsigned char']],
+    'Protection' : [ 0x6ca, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x6cb, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'GhostCount' : [ 0x6cb, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Flags3' : [ 0x6cc, ['unsigned long']],
+    'Minimal' : [ 0x6cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x6cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Crashed' : [ 0x6cc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x6cc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x6cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x6cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x6cc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6cc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x6cc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x6cc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x6cc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x6cc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SystemProcess' : [ 0x6cc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'HideImageBaseAddresses' : [ 0x6cc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x6cc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProcessFirstResume' : [ 0x6cc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ForegroundExternal' : [ 0x6cc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ForegroundSystem' : [ 0x6cc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HighMemoryPriority' : [ 0x6cc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x6d0, ['long']],
+    'SvmData' : [ 0x6d8, ['pointer64', ['void']]],
+    'SvmProcessLock' : [ 0x6e0, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x6e8, ['unsigned long long']],
+    'SvmProcessDeviceListHead' : [ 0x6f0, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x700, ['unsigned long long']],
+    'DiskCounters' : [ 0x708, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x710, ['pointer64', ['void']]],
+    'TrustletIdentity' : [ 0x718, ['unsigned long long']],
+    'EnclaveTable' : [ 0x720, ['pointer64', ['void']]],
+    'EnclaveNumber' : [ 0x728, ['unsigned long long']],
+    'EnclaveLock' : [ 0x730, ['_EX_PUSH_LOCK']],
+    'HighPriorityFaultsAllowed' : [ 0x738, ['unsigned long']],
+    'EnergyContext' : [ 0x740, ['pointer64', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x748, ['pointer64', ['void']]],
+    'SequenceNumber' : [ 0x750, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x758, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x760, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x768, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x770, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x778, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x778, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x780, ['unsigned long long']],
+    'SharedCommitLock' : [ 0x788, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x790, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x7a0, ['unsigned long long']],
+    'DefaultCpuSets' : [ 0x7a8, ['unsigned long long']],
+    'AllowedCpuSetsIndirect' : [ 0x7a0, ['pointer64', ['unsigned long long']]],
+    'DefaultCpuSetsIndirect' : [ 0x7a8, ['pointer64', ['unsigned long long']]],
+    'DiskIoAttribution' : [ 0x7b0, ['pointer64', ['void']]],
+    'DxgProcess' : [ 0x7b8, ['pointer64', ['void']]],
+    'Win32KFilterSet' : [ 0x7c0, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x7c8, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x7d0, ['unsigned long']],
+    'KTimer2Sets' : [ 0x7d4, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x7d8, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x7e0, ['unsigned long long']],
+    'VirtualTimerListHead' : [ 0x7e8, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x7f8, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x7f8, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'MitigationFlags' : [ 0x828, ['unsigned long']],
+    'MitigationFlagsValues' : [ 0x828, ['__unnamed_13e8']],
+    'MitigationFlags2' : [ 0x82c, ['unsigned long']],
+    'MitigationFlags2Values' : [ 0x82c, ['__unnamed_13ea']],
+    'PartitionObject' : [ 0x830, ['pointer64', ['void']]],
+    'SecurityDomain' : [ 0x838, ['unsigned long long']],
+    'CoverageSamplerContext' : [ 0x840, ['pointer64', ['void']]],
+} ],
+  '_EWOW64PROCESS' : [ 0x10, {
+    'Peb' : [ 0x0, ['pointer64', ['void']]],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'NtdllType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PsNativeSystemDll', 1: u'PsWowX86SystemDll', 2: u'PsWowArm32SystemDll', 3: u'PsWowAmd64SystemDll', 4: u'PsWowChpeX86SystemDll', 5: u'PsVsmEnclaveRuntimeDll', 6: u'PsSystemDllTotalTypes'})]],
+} ],
+  '__unnamed_140a' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1410' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1412' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_1410']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_141b' : [ 0x58, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '__unnamed_141d' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_141b']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_140a']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_1412']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_141d']],
+} ],
+  '__unnamed_1424' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1428' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_142c' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_142e' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1432' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1434' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1438' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+    'DirectoryNotifyInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'DirectoryNotifyInformation', 2: u'DirectoryNotifyExtendedInformation'})]],
+} ],
+  '__unnamed_143a' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_143c' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_143e' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1440' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1444' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_1446' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1448' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_144a' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_144c' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_144e' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1452' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_1456' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_145a' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_145e' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_1462' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1466' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_146a' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_146c' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_146e' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_1472' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_1476' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_147a' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_147e' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_1482' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_148a' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_148e' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1490' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1492' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1494' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_1424']],
+    'CreatePipe' : [ 0x0, ['__unnamed_1428']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_142c']],
+    'Read' : [ 0x0, ['__unnamed_142e']],
+    'Write' : [ 0x0, ['__unnamed_142e']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_1432']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_1434']],
+    'NotifyDirectoryEx' : [ 0x0, ['__unnamed_1438']],
+    'QueryFile' : [ 0x0, ['__unnamed_143a']],
+    'SetFile' : [ 0x0, ['__unnamed_143c']],
+    'QueryEa' : [ 0x0, ['__unnamed_143e']],
+    'SetEa' : [ 0x0, ['__unnamed_1440']],
+    'QueryVolume' : [ 0x0, ['__unnamed_1444']],
+    'SetVolume' : [ 0x0, ['__unnamed_1444']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_1446']],
+    'LockControl' : [ 0x0, ['__unnamed_1448']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_144a']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_144c']],
+    'SetSecurity' : [ 0x0, ['__unnamed_144e']],
+    'MountVolume' : [ 0x0, ['__unnamed_1452']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_1452']],
+    'Scsi' : [ 0x0, ['__unnamed_1456']],
+    'QueryQuota' : [ 0x0, ['__unnamed_145a']],
+    'SetQuota' : [ 0x0, ['__unnamed_1440']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_145e']],
+    'QueryInterface' : [ 0x0, ['__unnamed_1462']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_1466']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_146a']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_146c']],
+    'SetLock' : [ 0x0, ['__unnamed_146e']],
+    'QueryId' : [ 0x0, ['__unnamed_1472']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_1476']],
+    'UsageNotification' : [ 0x0, ['__unnamed_147a']],
+    'WaitWake' : [ 0x0, ['__unnamed_147e']],
+    'PowerSequence' : [ 0x0, ['__unnamed_1482']],
+    'Power' : [ 0x0, ['__unnamed_148a']],
+    'StartDevice' : [ 0x0, ['__unnamed_148e']],
+    'WMI' : [ 0x0, ['__unnamed_1490']],
+    'Others' : [ 0x0, ['__unnamed_1492']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_1494']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_14aa' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_14aa']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x28, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x20, ['pointer64', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x620, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
+    'TotalProcesses' : [ 0xd4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
+    'LimitFlags' : [ 0x100, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
+    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
+    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
+    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
+    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
+    'SessionId' : [ 0x1e0, ['unsigned long']],
+    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
+    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
+    'JobTotalMemoryLimit' : [ 0x250, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x258, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x260, ['unsigned long long']],
+    'EffectiveAffinity' : [ 0x268, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x310, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x318, ['unsigned long long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x320, ['unsigned long long']],
+    'EffectiveProcessMemoryLimit' : [ 0x328, ['unsigned long long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x338, ['pointer64', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x340, ['pointer64', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x348, ['pointer64', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x350, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x354, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x358, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x35c, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x360, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x364, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x368, ['unsigned char']],
+    'PriorityClass' : [ 0x369, ['unsigned char']],
+    'NestingDepth' : [ 0x36a, ['unsigned char']],
+    'Reserved1' : [ 0x36b, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x36c, ['unsigned long']],
+    'WakeChannel' : [ 0x370, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x370, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x3b8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x3c0, ['unsigned long']],
+    'NotificationLink' : [ 0x3c8, ['pointer64', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x3d0, ['unsigned long long']],
+    'NotificationInfo' : [ 0x3d8, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x3e0, ['pointer64', ['void']]],
+    'NotificationPacket' : [ 0x3e8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x3f0, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x3f8, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x400, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x408, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x410, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x420, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x430, ['pointer64', ['_EJOB']]],
+    'RootJob' : [ 0x438, ['pointer64', ['_EJOB']]],
+    'IteratorListHead' : [ 0x440, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x450, ['unsigned long long']],
+    'Ancestors' : [ 0x458, ['pointer64', ['pointer64', ['_EJOB']]]],
+    'SessionObject' : [ 0x458, ['pointer64', ['void']]],
+    'Accounting' : [ 0x460, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x4b8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x4bc, ['unsigned long']],
+    'SequenceNumber' : [ 0x4c0, ['unsigned long']],
+    'JobId' : [ 0x4c4, ['unsigned long']],
+    'ContainerId' : [ 0x4c8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x4d8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x4e8, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x4f0, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x508, ['pointer64', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x510, ['pointer64', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x518, ['unsigned long']],
+    'CloseDone' : [ 0x518, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x518, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x518, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x518, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x518, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x518, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x518, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x518, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x518, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x518, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x518, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x518, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x518, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x518, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x518, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x518, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x518, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x518, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x518, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x518, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x518, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x518, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x518, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x518, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x51c, ['unsigned long']],
+    'ParentLocked' : [ 0x51c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x51c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x51c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x520, ['pointer64', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x528, ['unsigned long long']],
+    'DiskIoAttributionUserRefCount' : [ 0x530, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x534, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x538, ['pointer64', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x538, ['pointer64', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x540, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x568, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x5a0, ['long']],
+    'VolumeIoControlTree' : [ 0x5a8, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x5b8, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x5c0, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x5c4, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x5c8, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x5cc, ['unsigned long']],
+    'LastThrottledIoTime' : [ 0x5d0, ['unsigned long long']],
+    'IoControlLock' : [ 0x5d8, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x5e0, ['unsigned long long']],
+    'RundownWorkItem' : [ 0x5e8, ['_WORK_QUEUE_ITEM']],
+    'PartitionObject' : [ 0x608, ['pointer64', ['void']]],
+    'PartitionOwnerJob' : [ 0x610, ['pointer64', ['_EJOB']]],
+    'EnergyTrackingState' : [ 0x618, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x70, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x60, ['pointer64', ['void']]],
+    'UserContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x1b0, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'Oplock' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '_RTL_HASH_TABLE' : [ 0x10, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x10, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0x18, {
+    'Hash' : [ 0x0, ['pointer64', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x8, ['pointer64', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x10, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x18, {
+    'Table' : [ 0x0, ['pointer64', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x8, ['unsigned long']],
+    'EntryMax' : [ 0xc, ['unsigned long']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x8, {
+    'Key' : [ 0x0, ['unsigned long long']],
+} ],
+  '_TlgProvider_t' : [ 0x40, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+    'AnnotationFunc' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_1701' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_1701']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0x10, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x8, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0xc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
+    'WaiterPriority' : [ 0x1b, ['unsigned char']],
+    'SharedWaiters' : [ 0x20, ['pointer64', ['void']]],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['void']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x70, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer64', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0x18, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x20, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x28, ['unsigned long long']],
+    'NumberOfReferences' : [ 0x30, ['unsigned long long']],
+    'CloneHeader' : [ 0x38, ['pointer64', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x40, ['unsigned long long']],
+    'DeleteList' : [ 0x50, ['_SLIST_ENTRY']],
+    'NestingLevel' : [ 0x60, ['unsigned long long']],
+} ],
+  '__unnamed_1740' : [ 0x8, {
+    'NextSlistPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
+    'Active' : [ 0x0, ['_MI_ACTIVE_PFN']],
+} ],
+  '__unnamed_1745' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_1747' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1749' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_1745']],
+    'e4' : [ 0x0, ['__unnamed_1747']],
+} ],
+  '__unnamed_1755' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'Channel' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 50, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 52, native_type='unsigned long long')]],
+    'FileOnly' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_1740']],
+    'PteAddress' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x8, ['pointer64', ['void']]],
+    'PteLong' : [ 0x8, ['unsigned long long']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'u2' : [ 0x18, ['_MIPFNBLINK']],
+    'u3' : [ 0x20, ['__unnamed_1749']],
+    'NodeBlinkLow' : [ 0x24, ['unsigned short']],
+    'Unused' : [ 0x26, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Unused2' : [ 0x26, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ViewCount' : [ 0x27, ['unsigned char']],
+    'NodeFlinkLow' : [ 0x27, ['unsigned char']],
+    'u4' : [ 0x28, ['__unnamed_1755']],
+} ],
+  '__unnamed_1760' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1764' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x48, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_1760']],
+    'u2' : [ 0x38, ['__unnamed_1764']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_1769' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_176c' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS2']],
+} ],
+  '__unnamed_1774' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'LargePage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 23, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_1776' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_1774']],
+} ],
+  '__unnamed_1778' : [ 0x8, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x80, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_1769']],
+    'u1' : [ 0x3c, ['__unnamed_176c']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_1776']],
+    'FileObjectLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x70, ['unsigned long long']],
+    'u3' : [ 0x78, ['__unnamed_1778']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x60, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSpecialPoolNonPaged', 14: u'MiVaSystemPtesLarge', 15: u'MiVaKernelStacks', 16: u'MiVaMaximumType'})]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x30, ['unsigned long long']],
+    'GlobalPushLock' : [ 0x30, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'TotalSystemPtes' : [ 0x38, ['unsigned long long']],
+    'Hint' : [ 0x40, ['unsigned long long']],
+    'LowestBitEverAllocated' : [ 0x48, ['unsigned long long']],
+    'CachedPtes' : [ 0x50, ['pointer64', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x58, ['unsigned long long']],
+} ],
+  '__unnamed_1790' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+    'VolatileVadLong' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1793' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
+    'ExtraCreateInfo' : [ 0x8, ['pointer64', ['void']]],
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long']],
+    'EndingVpn' : [ 0x1c, ['unsigned long']],
+    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
+    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
+    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
+    'SpareNT64VadUChar' : [ 0x23, ['unsigned char']],
+    'ReferenceCount' : [ 0x24, ['long']],
+    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x30, ['__unnamed_1790']],
+    'u1' : [ 0x34, ['__unnamed_1793']],
+    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_PARTITION' : [ 0x2cc0, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0x1a8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x470, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x500, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x840, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0x1800, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0x1880, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0x18e8, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x1a70, ['pointer64', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x1a78, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0x1ac0, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_EPARTITION' : [ 0x80, {
+    'MmPartition' : [ 0x0, ['pointer64', ['void']]],
+    'CcPartition' : [ 0x8, ['pointer64', ['void']]],
+    'ExPartition' : [ 0x10, ['pointer64', ['void']]],
+    'HardReferenceCount' : [ 0x18, ['long long']],
+    'OpenHandleCount' : [ 0x20, ['long long']],
+    'ActivePartitionLinks' : [ 0x28, ['_LIST_ENTRY']],
+    'ParentPartition' : [ 0x38, ['pointer64', ['_EPARTITION']]],
+    'TeardownWorkItem' : [ 0x40, ['_WORK_QUEUE_ITEM']],
+    'TeardownLock' : [ 0x60, ['_EX_PUSH_LOCK']],
+    'SystemProcess' : [ 0x68, ['pointer64', ['_EPROCESS']]],
+    'SystemProcessHandle' : [ 0x70, ['pointer64', ['void']]],
+    'PartitionFlags' : [ 0x78, ['unsigned long']],
+    'PairedWithJob' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '_HHIVE' : [ 0x600, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x28, ['pointer64', ['void']]],
+    'FileRead' : [ 0x30, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x38, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x40, ['pointer64', ['_HBASE_BLOCK']]],
+    'FlusherLock' : [ 0x48, ['_CMSI_RW_LOCK']],
+    'WriterLock' : [ 0x50, ['_CMSI_RW_LOCK']],
+    'DirtyVector' : [ 0x58, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x68, ['unsigned long']],
+    'DirtyAlloc' : [ 0x6c, ['unsigned long']],
+    'UnreconciledVector' : [ 0x70, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x80, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x84, ['unsigned long']],
+    'Cluster' : [ 0x88, ['unsigned long']],
+    'Flat' : [ 0x8c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x8c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x8c, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x8d, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x90, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x94, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x98, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x9c, ['unsigned long']],
+    'HiveFlags' : [ 0xa0, ['unsigned long']],
+    'CurrentLog' : [ 0xa4, ['unsigned long']],
+    'CurrentLogSequence' : [ 0xa8, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0xac, ['unsigned long']],
+    'CurrentLogOffset' : [ 0xb0, ['unsigned long']],
+    'MinimumLogSequence' : [ 0xb4, ['unsigned long']],
+    'LogFileSizeCap' : [ 0xb8, ['unsigned long']],
+    'LogDataPresent' : [ 0xbc, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0xbe, ['unsigned char']],
+    'BaseBlockDirty' : [ 0xbf, ['unsigned char']],
+    'LastLogSwapTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0xc8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0xc8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0xc8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0xc8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0xc8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0xc8, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0xca, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0xcc, ['unsigned long']],
+    'StorageTypeCount' : [ 0xd0, ['unsigned long']],
+    'Version' : [ 0xd4, ['unsigned long']],
+    'ViewMap' : [ 0xd8, ['_HVP_VIEW_MAP']],
+    'Storage' : [ 0x110, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x130, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SpareExtFlag' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x18, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x20, ['unsigned long']],
+    'KcbPushlock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x30, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x30, ['long']],
+    'DelayedDeref' : [ 0x38, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x38, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x38, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x39, ['unsigned char']],
+    'LayerHeight' : [ 0x3a, ['short']],
+    'Spare1' : [ 0x3c, ['unsigned long']],
+    'ParentKcb' : [ 0x40, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x48, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x50, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x58, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x68, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x68, ['unsigned long']],
+    'SubKeyCount' : [ 0x68, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x70, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x80, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xa8, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xaa, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xac, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Spare3' : [ 0xb4, ['unsigned long']],
+    'LayerInfo' : [ 0xb8, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0x120, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x120, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'SequenceNumber' : [ 0x128, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x60, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+    'EnumerationResumeContext' : [ 0x58, ['pointer64', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_CMHIVE' : [ 0x12f8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x600, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0x630, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x640, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x650, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x660, ['_EX_RUNDOWN_REF']],
+    'KcbCacheTable' : [ 0x668, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x670, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x678, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x680, ['unsigned long']],
+    'Identity' : [ 0x684, ['unsigned long']],
+    'HiveLock' : [ 0x688, ['_CMSI_RW_LOCK']],
+    'FlushDirtyVector' : [ 0x690, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x6a0, ['unsigned long']],
+    'FlushLogEntry' : [ 0x6a8, ['pointer64', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0x6b0, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x6b4, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x6b8, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x6c0, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x6d0, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x6d8, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x6e0, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x6e8, ['pointer64', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x6f0, ['_EX_PUSH_LOCK']],
+    'LastShrinkHiveSize' : [ 0x6f8, ['unsigned long']],
+    'ActualFileSize' : [ 0x700, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x708, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x718, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x728, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x738, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x748, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x74c, ['unsigned long']],
+    'SecurityHitHint' : [ 0x750, ['long']],
+    'SecurityCache' : [ 0x758, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x760, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xb60, ['unsigned long']],
+    'UnloadEventArray' : [ 0xb68, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0xb70, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0xb78, ['unsigned char']],
+    'UnloadWorkItem' : [ 0xb80, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0xb88, ['_CM_WORKITEM']],
+    'DirtyVectorLog' : [ 0xbb0, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x1038, ['unsigned long']],
+    'TrustClassEntry' : [ 0x1040, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x1050, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x1058, ['unsigned long long']],
+    'CmRm' : [ 0x1060, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x1068, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x106c, ['long']],
+    'CreatorOwner' : [ 0x1070, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0x1078, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x1080, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x1088, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x10a0, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x10b8, ['unsigned long']],
+    'FlushActive' : [ 0x10b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0x10b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0x10b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x10b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x10bc, ['unsigned long']],
+    'ReferenceCount' : [ 0x10c0, ['long']],
+    'UnloadHistoryIndex' : [ 0x10c4, ['long']],
+    'UnloadHistory' : [ 0x10c8, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0x12c8, ['unsigned long']],
+    'UnaccessedStart' : [ 0x12cc, ['unsigned long']],
+    'UnaccessedEnd' : [ 0x12d0, ['unsigned long']],
+    'LoadedKeyCount' : [ 0x12d4, ['unsigned long']],
+    'HandleClosePending' : [ 0x12d8, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0x12e0, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0x12e8, ['unsigned char']],
+    'VolumeContext' : [ 0x12f0, ['pointer64', ['_CMP_VOLUME_CONTEXT']]],
+} ],
+  '__unnamed_1851' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmCreateHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread', 23: u'_CmpCheckLeaf', 24: u'_HvHiveStartFileBacked', 25: u'_HvStartHiveMemoryBacked', 26: u'_HvpEnlistFreeCells', 27: u'_HvpPerformLogFileRecovery'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1854' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1856' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1858' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_185a' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_185e' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_1862' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_1864' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned short']],
+    'RecoverableIndex' : [ 0xa, ['unsigned short']],
+    'Locations' : [ 0xc, ['array', 8, ['__unnamed_1851']]],
+    'RecoverableLocations' : [ 0x6c, ['array', 8, ['__unnamed_1851']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_1854']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_1856']],
+    'CheckKey' : [ 0xf0, ['__unnamed_1858']],
+    'CheckValueList' : [ 0x110, ['__unnamed_185a']],
+    'CheckHive' : [ 0x128, ['__unnamed_185e']],
+    'CheckHive1' : [ 0x138, ['__unnamed_185e']],
+    'CheckBin' : [ 0x148, ['__unnamed_1862']],
+    'RecoverData' : [ 0x158, ['__unnamed_1864']],
+} ],
+  '_CM_KCB_UOW' : [ 0x78, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ParentUoW' : [ 0x50, ['pointer64', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x58, ['unsigned long']],
+    'OldValueCell' : [ 0x58, ['unsigned long']],
+    'NewValueCell' : [ 0x5c, ['unsigned long']],
+    'UserFlags' : [ 0x58, ['unsigned long']],
+    'LastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x60, ['unsigned long']],
+    'OldChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x60, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x60, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x68, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x68, ['pointer64', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x70, ['pointer64', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x70, ['pointer64', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0xb8, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x30, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x30, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x30, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x30, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x30, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x30, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x30, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x30, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x30, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x30, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x30, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x30, ['unsigned long']],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x40, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x48, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x50, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x58, ['_GUID']],
+    'StartLsn' : [ 0x68, ['unsigned long long']],
+    'HiveCount' : [ 0x70, ['unsigned long']],
+    'HiveArray' : [ 0x78, ['array', 8, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['unsigned long']]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x175, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['unsigned long long']]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x281, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SyntheticTimeUnhaltedTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'S1DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'AccessRootSchedulerReg' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x270, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ReadySummary' : [ 0x8, ['unsigned long']],
+    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
+    'Span' : [ 0x250, ['unsigned char']],
+    'LowProcIndex' : [ 0x251, ['unsigned char']],
+    'QueueIndex' : [ 0x252, ['unsigned char']],
+    'ProcCount' : [ 0x253, ['unsigned char']],
+    'ScanOwner' : [ 0x254, ['unsigned char']],
+    'Spare' : [ 0x255, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x258, ['unsigned long long']],
+    'ReadyThreadCount' : [ 0x260, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x268, ['unsigned long long']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'Spare1' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
+    'OutputLength' : [ 0xe0, ['unsigned long long']],
+    'Spare2' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'Fill4' : [ 0x18c, ['unsigned long']],
+} ],
+  '__unnamed_198e' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1990' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1994' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x2d8, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x58, ['long']],
+    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
+    'FxActivationCount' : [ 0x78, ['long']],
+    'FxSleepCount' : [ 0x7c, ['long']],
+    'Plugin' : [ 0x80, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x88, ['unsigned long']],
+    'CurrentPowerState' : [ 0x8c, ['_POWER_STATE']],
+    'Notify' : [ 0x90, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xf8, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0x118, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0x128, ['unsigned long']],
+    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x134, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
+    'CompletionStatus' : [ 0x188, ['long']],
+    'Flags' : [ 0x18c, ['unsigned long']],
+    'UserFlags' : [ 0x190, ['unsigned long']],
+    'Problem' : [ 0x194, ['unsigned long']],
+    'ProblemStatus' : [ 0x198, ['long']],
+    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x1c4, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
+    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
+    'OverUsed1' : [ 0x210, ['__unnamed_198e']],
+    'OverUsed2' : [ 0x218, ['__unnamed_1990']],
+    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x230, ['unsigned long']],
+    'DockInfo' : [ 0x238, ['__unnamed_1994']],
+    'DisableableDepends' : [ 0x258, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
+    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x290, ['long']],
+    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
+    'ContainerID' : [ 0x298, ['_GUID']],
+    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x2c0, ['unsigned long']],
+    'RebalanceContext' : [ 0x2c8, ['pointer64', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+    'IommuExtension' : [ 0x2d0, ['pointer64', ['_DEVICE_NODE_IOMMU_EXTENSION']]],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
+    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x68, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
+    'InterruptContext' : [ 0x58, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KAFFINITY_EX' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1a8a' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1a8a']],
+} ],
+  '__unnamed_1a91' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1a91']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'ParameterBlockOffset' : [ 0xc, ['unsigned long']],
+    'ParameterBlockLength' : [ 0x10, ['unsigned long']],
+    'DataSetRangesOffset' : [ 0x14, ['unsigned long']],
+    'DataSetRangesLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_DATA_SET_RANGE' : [ 0x10, {
+    'StartingOffset' : [ 0x0, ['long long']],
+    'LengthInBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DEVICE_DSM_DEFINITION' : [ 0x1c, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'SingleRange' : [ 0x4, ['unsigned char']],
+    'ParameterBlockAlignment' : [ 0x8, ['unsigned long']],
+    'ParameterBlockLength' : [ 0xc, ['unsigned long']],
+    'HasOutput' : [ 0x10, ['unsigned char']],
+    'OutputBlockAlignment' : [ 0x14, ['unsigned long']],
+    'OutputBlockLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES_OUTPUT' : [ 0x24, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'OperationStatus' : [ 0xc, ['unsigned long']],
+    'ExtendedError' : [ 0x10, ['unsigned long']],
+    'TargetDetailedError' : [ 0x14, ['unsigned long']],
+    'ReservedStatus' : [ 0x18, ['unsigned long']],
+    'OutputBlockOffset' : [ 0x1c, ['unsigned long']],
+    'OutputBlockLength' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x18, ['pointer64', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x20, ['pointer64', ['unsigned short']]],
+    'PinCount' : [ 0x28, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x2a, ['unsigned char']],
+    'ResourceSourceName' : [ 0x30, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x40, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x30, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'SlaveAddress' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x28, ['unsigned long']],
+    'RxBufferSize' : [ 0x2c, ['unsigned short']],
+    'TxBufferSize' : [ 0x2e, ['unsigned short']],
+    'Parity' : [ 0x30, ['unsigned char']],
+    'LinesInUse' : [ 0x31, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'DataBitLength' : [ 0x2c, ['unsigned char']],
+    'Phase' : [ 0x2d, ['unsigned char']],
+    'Polarity' : [ 0x2e, ['unsigned char']],
+    'DeviceSelection' : [ 0x30, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x1c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x18, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x20, ['pointer64', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x28, ['pointer64', ['void']]],
+    'Accounting' : [ 0x30, ['pointer64', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'DeepSleepEnabled' : [ 0x38, ['unsigned char']],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x1550, {
+    'Name' : [ 0x0, ['pointer64', ['wchar']]],
+    'Id' : [ 0x8, ['unsigned char']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Priority' : [ 0x20, ['unsigned char']],
+    'Settings' : [ 0x28, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x1528, ['unsigned long long']],
+    'Count' : [ 0x1530, ['unsigned long long']],
+    'MaxDuration' : [ 0x1538, ['unsigned long long']],
+    'MinDuration' : [ 0x1540, ['unsigned long long']],
+    'TotalDuration' : [ 0x1548, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xa80, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x44, ['unsigned long']],
+    'AutonomousPreference' : [ 0x48, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x49, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4b, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x4d, ['unsigned char']],
+    'ParkingPerfState' : [ 0x4e, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x50, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x51, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x52, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x53, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x54, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x55, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x56, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x58, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x5c, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x60, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x62, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x64, ['unsigned char']],
+    'IdleDisabled' : [ 0x65, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x68, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x6c, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x6d, ['unsigned char']],
+    'IdleStateMax' : [ 0x6e, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x6f, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x70, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x71, ['array', 1280, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x571, ['array', 1280, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xa71, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xa72, ['unsigned char']],
+    'ThreadPolicies' : [ 0xa74, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuPolicyAll', 1: u'KHeteroCpuPolicyLarge', 2: u'KHeteroCpuPolicyLargeOrIdle', 3: u'KHeteroCpuPolicySmall', 4: u'KHeteroCpuPolicySmallOrIdle', 5: u'KHeteroCpuPolicyStaticMax', 6: u'KHeteroCpuPolicyBiasedSmall', 7: u'KHeteroCpuPolicyBiasedLarge', 8: u'KHeteroCpuPolicyDefault', 9: u'KHeteroCpuPolicyMax'})]]],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x480, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x2e0, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x310, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x360, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x368, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x370, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x378, ['pointer64', ['void']]],
+    'HardErrorState' : [ 0x380, ['unsigned long']],
+    'WnfSiloState' : [ 0x388, ['_WNF_SILODRIVERSTATE']],
+    'DbgkSiloState' : [ 0x3c0, ['_DBGK_SILOSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x3e0, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x3f0, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x400, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x408, ['pointer64', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x410, ['unsigned char']],
+    'NtSystemRoot' : [ 0x418, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x428, ['_UNICODE_STRING']],
+    'Storage' : [ 0x438, ['pointer64', ['_PSP_STORAGE']]],
+    'State' : [ 0x440, ['Enumeration', dict(target = 'long', choices = {0: u'SERVERSILO_INITING', 1: u'SERVERSILO_STARTED', 2: u'SERVERSILO_SHUTTING_DOWN', 3: u'SERVERSILO_TERMINATING', 4: u'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x444, ['long']],
+    'DeleteEvent' : [ 0x448, ['pointer64', ['_KEVENT']]],
+    'UserSharedData' : [ 0x450, ['pointer64', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x458, ['pointer64', ['void']]],
+    'TerminateWorkItem' : [ 0x460, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SIrpBlocked' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BlockFastResume' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0xd0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x20, ['unsigned long long']],
+    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0xc0, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x218, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
+    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
+    'Event' : [ 0x158, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
+    'WritesInProgress' : [ 0x204, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x208, ['unsigned long']],
+    'Partition' : [ 0x210, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '__unnamed_1baf' : [ 0x10, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_1baf']],
+    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x400, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'PartitionObject' : [ 0x8, ['pointer64', ['_EPARTITION']]],
+    'CleanSharedCacheMapList' : [ 0x10, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0x20, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0x30, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriteCursor' : [ 0x48, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0x60, ['_LIST_ENTRY']],
+    'PrivateLock' : [ 0x80, ['unsigned long long']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0x88, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0x8c, ['unsigned char']],
+    'WorkQueueLock' : [ 0xc0, ['unsigned long long']],
+    'NumberWorkerThreads' : [ 0xc8, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0xcc, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0xd0, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0xf0, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0x100, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0x110, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0x120, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0x130, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0x134, ['unsigned long']],
+    'QueueThrottle' : [ 0x138, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0x13c, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0x140, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0x144, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0x148, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0x14c, ['unsigned long']],
+    'LowMemoryEvent' : [ 0x150, ['_KEVENT']],
+    'PowerEvent' : [ 0x168, ['_KEVENT']],
+    'PeriodicEvent' : [ 0x180, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x198, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x1b0, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x1c8, ['unsigned long']],
+    'LazyWriter' : [ 0x1d0, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x258, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x270, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x2a8, ['pointer64', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x2b0, ['long']],
+    'AverageAvailablePages' : [ 0x2b8, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x2c0, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x2c8, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x2d0, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x2d8, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x2e0, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x2e1, ['unsigned char']],
+    'DeferredWrites' : [ 0x2e8, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x300, ['unsigned long long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x308, ['pointer64', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x310, ['pointer64', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x318, ['pointer64', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x320, ['pointer64', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x328, ['pointer64', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x330, ['pointer64', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x338, ['pointer64', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x340, ['_EX_PUSH_LOCK']],
+    'VacbFreeHighPriorityList' : [ 0x348, ['_LIST_ENTRY']],
+    'NumberOfFreeHighPriorityVacbs' : [ 0x358, ['unsigned long']],
+    'LowPriWorkerThread' : [ 0x360, ['pointer64', ['_ETHREAD']]],
+    'LowPriSharedCacheMap' : [ 0x368, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'LowPriOldCpuPriority' : [ 0x370, ['long']],
+    'LowPriOldIoPriority' : [ 0x374, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+    'LowPriorityWorkerThreadLock' : [ 0x378, ['_EX_PUSH_LOCK']],
+    'MaxNumberOfWriteBehindThreads' : [ 0x380, ['unsigned long']],
+    'CoalescingState' : [ 0x384, ['unsigned char']],
+    'ActivePartition' : [ 0x385, ['unsigned char']],
+    'RundownPhase' : [ 0x386, ['unsigned char']],
+    'RefCount' : [ 0x388, ['long long']],
+    'ExitEvent' : [ 0x390, ['_KEVENT']],
+    'FinalDereferenceEvent' : [ 0x3a8, ['_KEVENT']],
+    'LazyWriteScanThreadHandle' : [ 0x3c0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1bd5' : [ 0x10, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1bd7' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1bd9' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_1bdb' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1bdd' : [ 0x30, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_1be1' : [ 0x68, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'PrefetchList' : [ 0x20, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x28, ['unsigned long']],
+    'Mdl' : [ 0x30, ['pointer64', ['_MDL']]],
+    'IoStatusBlock' : [ 0x38, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x40, ['pointer64', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x48, ['pointer64', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x50, ['pointer64', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x58, ['pointer64', ['void']]],
+    'RequestorMode' : [ 0x60, ['unsigned char']],
+    'NestingLevel' : [ 0x64, ['unsigned long']],
+} ],
+  '__unnamed_1be3' : [ 0x68, {
+    'Read' : [ 0x0, ['__unnamed_1bd5']],
+    'Write' : [ 0x0, ['__unnamed_1bd7']],
+    'Event' : [ 0x0, ['__unnamed_1bd9']],
+    'Notification' : [ 0x0, ['__unnamed_1bdb']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1bdd']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1be1']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x88, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_1be3']],
+    'Function' : [ 0x78, ['unsigned char']],
+    'Partition' : [ 0x80, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x50, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+    'Partition' : [ 0x48, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
+    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x90, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x28, {
+    'Allocate' : [ 0x0, ['unsigned long long']],
+    'Free' : [ 0x8, ['unsigned long long']],
+    'Commit' : [ 0x10, ['unsigned long long']],
+    'Decommit' : [ 0x18, ['unsigned long long']],
+    'ExtendContext' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SEGMENT_HEAP_EXTRA' : [ 0x10, {
+    'AllocationTag' : [ 0x0, ['unsigned short']],
+    'InterceptorIndex' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UserFlags' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ExtraSizeInUnits' : [ 0x3, ['unsigned char']],
+    'Settable' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_RTL_CSPARSE_BITMAP' : [ 0x40, {
+    'CommitDirectory' : [ 0x0, ['unsigned long long']],
+    'CommitBitmap' : [ 0x8, ['pointer64', ['unsigned long long']]],
+    'UserBitmap' : [ 0x10, ['pointer64', ['unsigned long long']]],
+    'BitCount' : [ 0x18, ['long long']],
+    'BitmapLock' : [ 0x20, ['unsigned long long']],
+    'DecommitPageIndex' : [ 0x28, ['unsigned long long']],
+    'RtlpCSparseBitmapWakeLock' : [ 0x30, ['unsigned long long']],
+    'LockType' : [ 0x38, ['unsigned char']],
+    'AddressSpace' : [ 0x39, ['unsigned char']],
+    'MemType' : [ 0x3a, ['unsigned char']],
+    'AllocAlignment' : [ 0x3b, ['unsigned char']],
+} ],
+  '_RTL_SPARSE_ARRAY' : [ 0x50, {
+    'Bitmap' : [ 0x0, ['_RTL_CSPARSE_BITMAP']],
+    'ElementCount' : [ 0x40, ['unsigned long long']],
+    'ElementSizeShift' : [ 0x48, ['unsigned long']],
+} ],
+  '_HEAP_VAMGR_ALLOCATOR' : [ 0x30, {
+    'TreeLock' : [ 0x0, ['unsigned long long']],
+    'FreeRanges' : [ 0x8, ['_RTL_RB_TREE']],
+    'VaSpace' : [ 0x18, ['pointer64', ['_HEAP_VAMGR_VASPACE']]],
+    'PartitionHandle' : [ 0x20, ['pointer64', ['void']]],
+    'ChunksPerRegion' : [ 0x28, ['unsigned short']],
+    'RefCount' : [ 0x2a, ['unsigned short']],
+    'AllocatorIndex' : [ 0x2c, ['unsigned char']],
+    'NumaNode' : [ 0x2d, ['unsigned char']],
+    'LockType' : [ 0x2e, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MemoryType' : [ 0x2e, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'ConstrainedVA' : [ 0x2e, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'AllowFreeHead' : [ 0x2e, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare0' : [ 0x2e, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x2f, ['unsigned char']],
+} ],
+  '_HEAP_VAMGR_VASPACE' : [ 0x60, {
+    'AddressSpaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'HeapAddressUser', 1: u'HeapAddressKernel', 2: u'HeapAddressSession', 3: u'HeapAddressTypeMax'})]],
+    'BaseAddress' : [ 0x8, ['unsigned long long']],
+    'VaRangeArray' : [ 0x10, ['_RTL_SPARSE_ARRAY']],
+} ],
+  '_HEAP_VAMGR_RANGE' : [ 0x20, {
+    'RbNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Standalone' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'AllocatorIndex' : [ 0x1, ['unsigned char']],
+    'OwnerCtx' : [ 0x8, ['unsigned long long']],
+    'Spare1' : [ 0x10, ['unsigned long long']],
+    'SizeInChunks' : [ 0x18, ['unsigned long long']],
+    'ChunkCount' : [ 0x18, ['unsigned short']],
+    'PrevChunkCount' : [ 0x1a, ['unsigned short']],
+    'Signature' : [ 0x18, ['unsigned long long']],
+} ],
+  '_RTLP_HP_HEAP_MANAGER' : [ 0x30d0, {
+    'Globals' : [ 0x0, ['pointer64', ['_RTLP_HP_HEAP_GLOBALS']]],
+    'AllocTracker' : [ 0x8, ['_RTLP_HP_ALLOC_TRACKER']],
+    'VaMgr' : [ 0x50, ['_HEAP_VAMGR_CTX']],
+    'MetadataHeaps' : [ 0x3090, ['array', 3, ['_RTLP_HP_METADATA_HEAP_CTX']]],
+    'SubAllocConfigs' : [ 0x30c0, ['_RTL_HP_SUB_ALLOCATOR_CONFIGS']],
+} ],
+  '_RTLP_HP_ALLOC_TRACKER' : [ 0x48, {
+    'AllocTrackerBitmap' : [ 0x0, ['_RTL_CSPARSE_BITMAP']],
+    'BaseAddress' : [ 0x40, ['unsigned long long']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x2a0, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x90, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
+    'Signature' : [ 0x98, ['unsigned long']],
+    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
+    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
+    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x100, ['unsigned long long']],
+    'AlignMask' : [ 0x108, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
+    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
+    'StackTraceInitVar' : [ 0x170, ['_RTL_RUN_ONCE']],
+    'FrontEndHeap' : [ 0x178, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x180, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x182, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0x183, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0x188, ['pointer64', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0x190, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0x192, ['array', 129, ['unsigned char']]],
+    'Counters' : [ 0x218, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x290, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1cdc' : [ 0x68, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x68, {
+    'Lock' : [ 0x0, ['__unnamed_1cdc']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_HP_PADDING_HEADER' : [ 0x10, {
+    'PaddingSize' : [ 0x0, ['unsigned long long']],
+    'Spare' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_1d2f' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1d31' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d2f']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1d33' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1d35' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1d33']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_1d31']],
+    'u2' : [ 0x4, ['__unnamed_1d35']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x38, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
+    'CleanupProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x28, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x30, ['unsigned long long']],
+} ],
+  '__unnamed_1d50' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1d52' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1d50']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x30, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_1d52']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1d66' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d68' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d66']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_1d68']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1d71' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d73' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d71']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_1d73']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1d79' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemSpace' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d7b' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d79']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_1d7b']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1d99' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d9b' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d99']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1d8, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0xd0, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0xe8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xf8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xf8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0x100, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0x148, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x150, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0x168, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0x170, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x178, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x180, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x190, ['long']],
+    'ReferenceNo' : [ 0x194, ['long']],
+    'ReferenceNoWait' : [ 0x198, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0x1a0, ['__unnamed_1d9b']],
+    'TargetQueuePort' : [ 0x1a8, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x1b0, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x1b8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x1c0, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x1c4, ['unsigned long']],
+    'PendingQueueLength' : [ 0x1c8, ['unsigned long']],
+    'DirectQueueLength' : [ 0x1cc, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x1d0, ['unsigned long']],
+    'WaitQueueLength' : [ 0x1d4, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x28, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x48, ['unsigned long long']],
+    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x58, ['pointer64', ['void']]],
+    'ListSize' : [ 0x60, ['unsigned long long']],
+    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x70, ['unsigned long long']],
+    'Data' : [ 0x78, ['pointer64', ['void']]],
+    'DataSize' : [ 0x80, ['unsigned long long']],
+    'BitmapLimit' : [ 0x88, ['unsigned long']],
+    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
+    'AttributeFlags' : [ 0x94, ['unsigned long']],
+    'AttributeSize' : [ 0x98, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0xd8, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xc0, ['unsigned long']],
+    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x18, ['long']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1d31']],
+    'u2' : [ 0x4, ['__unnamed_1d35']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1dc1' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_1dc3' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1dc1']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x118, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'u1' : [ 0x28, ['__unnamed_1dc3']],
+    'SequenceNo' : [ 0x2c, ['long']],
+    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
+    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x48, ['long']],
+    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xb0, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xb8, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xc0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xc8, ['pointer64', ['_ETHREAD']]],
+    'WakeReference' : [ 0xd0, ['pointer64', ['void']]],
+    'WakeReference2' : [ 0xd8, ['pointer64', ['void']]],
+    'ExtensionBuffer' : [ 0xe0, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0xe8, ['unsigned long long']],
+    'PortMessage' : [ 0xf0, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x40, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x28, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'TotalLength' : [ 0x34, ['unsigned short']],
+    'Type' : [ 0x36, ['unsigned short']],
+    'DataInfoOffset' : [ 0x38, ['unsigned short']],
+    'SignalCompletion' : [ 0x3a, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x3b, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x30, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x48, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x38, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x40, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_1e06' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1e08' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1e06']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_1e08']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x8, {
+    'Event' : [ 0x0, ['unsigned long long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x38, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
+    'DiskIoAttributionHandle' : [ 0x10, ['unsigned long long']],
+    'ActivityId' : [ 0x18, ['_GUID']],
+    'Timestamp' : [ 0x28, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x28, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x28, ['pointer64', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x30, ['long long']],
+    'AdapterCryptoParameters' : [ 0x28, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x58, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 9, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x70, ['pointer64', ['void']]],
+    'CreateFileType' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x80, ['pointer64', ['void']]],
+    'Override' : [ 0x88, ['unsigned char']],
+    'QueryOnly' : [ 0x89, ['unsigned char']],
+    'DeleteOnly' : [ 0x8a, ['unsigned char']],
+    'FullAttributes' : [ 0x8b, ['unsigned char']],
+    'LocalFileObject' : [ 0x90, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x98, ['unsigned long']],
+    'AccessMode' : [ 0x9c, ['unsigned char']],
+    'DriverCreateContext' : [ 0xa0, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0xcc, ['unsigned long']],
+    'FilterQuery' : [ 0xd0, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1ed2' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1ed2']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer64', ['wchar']]],
+    'LogFileName' : [ 0x40, ['pointer64', ['wchar']]],
+    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x110, ['unsigned long']],
+    'BuffersLost' : [ 0x114, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x10, {
+    'QueueTail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStatePendingCompression', 5: u'EtwBufferStateCompressed', 6: u'EtwBufferStatePlaceholder', 7: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x510, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'ErrorMarker' : [ 0x1c, ['unsigned long']],
+    'SizeMask' : [ 0x20, ['unsigned long']],
+    'GetCpuClock' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'FailureReason' : [ 0x3c, ['unsigned long']],
+    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x50, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x60, ['_LIST_ENTRY']],
+    'DebugIdTrackingList' : [ 0x70, ['_LIST_ENTRY']],
+    'DecodeControlList' : [ 0x80, ['pointer64', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'DecodeControlCount' : [ 0x88, ['unsigned long']],
+    'BatchedBufferList' : [ 0x90, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x90, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x98, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0xa8, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0xb8, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xc8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xd8, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'FlushThreshold' : [ 0xe4, ['unsigned long']],
+    'ByteOffset' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xf0, ['unsigned long']],
+    'BuffersAvailable' : [ 0xf4, ['long']],
+    'NumberOfBuffers' : [ 0xf8, ['long']],
+    'MaximumBuffers' : [ 0xfc, ['unsigned long']],
+    'EventsLost' : [ 0x100, ['unsigned long']],
+    'PeakBuffersCount' : [ 0x104, ['long']],
+    'BuffersWritten' : [ 0x108, ['unsigned long']],
+    'LogBuffersLost' : [ 0x10c, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0x110, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0x114, ['unsigned long']],
+    'SequencePtr' : [ 0x118, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x120, ['unsigned long']],
+    'InstanceGuid' : [ 0x124, ['_GUID']],
+    'MaximumFileSize' : [ 0x134, ['unsigned long']],
+    'FileCounter' : [ 0x138, ['long']],
+    'PoolType' : [ 0x13c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x140, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0x150, ['long']],
+    'ProviderInfoSize' : [ 0x154, ['unsigned long']],
+    'Consumers' : [ 0x158, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x168, ['unsigned long']],
+    'TransitionConsumer' : [ 0x170, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x178, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x180, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x190, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x198, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x1a0, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x1a8, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x1b0, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1b8, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1c0, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1d0, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1d8, ['_KEVENT']],
+    'FlushEvent' : [ 0x1f0, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x208, ['_KTIMER']],
+    'LoggerDpc' : [ 0x248, ['_KDPC']],
+    'LoggerMutex' : [ 0x288, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2c8, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2c8, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2d0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x318, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x320, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x328, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x330, ['pointer64', ['void']]],
+    'BufferSequenceNumber' : [ 0x338, ['long long']],
+    'Flags' : [ 0x340, ['unsigned long']],
+    'Persistent' : [ 0x340, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x340, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x340, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x340, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x340, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x340, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x340, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x340, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x340, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x340, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x340, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x340, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x340, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x340, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x340, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LastBranchTracing' : [ 0x340, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x340, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x340, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProviderTracking' : [ 0x340, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessorTrace' : [ 0x340, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x340, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x344, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x344, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x344, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x344, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x344, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x344, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x344, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x344, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x344, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x344, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'StackTraceBlock' : [ 0x350, ['_ETW_STACK_TRACE_BLOCK']],
+    'HookIdMap' : [ 0x3d0, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x3e0, ['pointer64', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x3e8, ['pointer64', ['_ETW_PMC_SUPPORT']]],
+    'LbrData' : [ 0x3f0, ['pointer64', ['_ETW_LBR_SUPPORT']]],
+    'IptData' : [ 0x3f8, ['pointer64', ['_ETW_IPT_SUPPORT']]],
+    'BinaryTrackingList' : [ 0x400, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x410, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x418, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x428, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x430, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x440, ['pointer64', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x448, ['Enumeration', dict(target = 'long', choices = {0: u'EtwpPeriodicTimerUnset', 1: u'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x450, ['pointer64', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x458, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x460, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x480, ['long']],
+    'CompressionLock' : [ 0x488, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x490, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x498, ['pointer64', ['void']]],
+    'CompressionOn' : [ 0x4a0, ['long']],
+    'CompressionRatioGuess' : [ 0x4a4, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x4a8, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x4ac, ['Enumeration', dict(target = 'long', choices = {0: u'EtwCompressionModeRestart', 1: u'EtwCompressionModeNoDisable', 2: u'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x4b0, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x4b8, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x4f8, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x500, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x508, ['_LARGE_INTEGER']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x38, {
+    'Source' : [ 0x0, ['array', 8, ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x20, ['unsigned long']],
+    'HookId' : [ 0x24, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x2c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x30, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LBR_SUPPORT' : [ 0x14, {
+    'LbrHandle' : [ 0x0, ['unsigned long']],
+    'LbrOptions' : [ 0x4, ['unsigned long']],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_IPT_SUPPORT' : [ 0x28, {
+    'IptHandle' : [ 0x0, ['pointer64', ['void']]],
+    'IptOption' : [ 0x8, ['unsigned long long']],
+    'EtwHwTraceExtInterface' : [ 0x10, ['pointer64', ['_ETW_HW_TRACE_EXT_INTERFACE']]],
+    'HookIdCount' : [ 0x18, ['unsigned long']],
+    'HookId' : [ 0x1c, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0x11c0, {
+    'Silo' : [ 0x0, ['pointer64', ['_EJOB']]],
+    'SiloGlobals' : [ 0x8, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'MaxLoggers' : [ 0x10, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x18, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x1a8, ['pointer64', ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'EtwpLoggerContext' : [ 0x1b0, ['pointer64', ['pointer64', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x1b8, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0xfb8, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0xfc8, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0xfcc, ['long']],
+    'EtwpSecurityProviderPID' : [ 0xfd0, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0xfd8, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0xff8, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0x1008, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0x1010, ['pointer64', ['_ETW_SILO_TRACING_BLOCK']]],
+    'ContainerRestoreWnfSubscription' : [ 0x1018, ['pointer64', ['_EX_WNF_SUBSCRIPTION']]],
+    'PartitionId' : [ 0x1020, ['_GUID']],
+    'ParentId' : [ 0x1030, ['_GUID']],
+    'QpcOffsetFromRoot' : [ 0x1040, ['_LARGE_INTEGER']],
+    'PartitionType' : [ 0x1048, ['unsigned long']],
+    'SystemLoggerSettings' : [ 0x104c, ['_ETW_SYSTEM_LOGGER_SETTINGS']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x30, {
+    'SystemLogonSession' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x10, ['pointer64', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0x18, ['pointer64', ['void']]],
+    'UncSystemPaths' : [ 0x20, ['pointer64', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x28, ['pointer64', ['_CI_NGEN_PATHS']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x498, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc8, ['unsigned long']],
+    'TokenInUse' : [ 0xcc, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
+    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
+    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x310, ['pointer64', ['void']]],
+    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x320, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
+    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
+    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x470, ['pointer64', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x478, ['pointer64', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x480, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x488, ['pointer64', ['void']]],
+    'VariablePart' : [ 0x490, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0xc0, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x30, ['pointer64', ['void']]],
+    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x58, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x80, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0xa0, ['pointer64', ['_EJOB']]],
+    'SiblingAuthId' : [ 0xa8, ['_LUID']],
+    'TokenList' : [ 0xb0, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved2' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved1' : [ 0x1a, ['unsigned short']],
+    'Reserved2' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
+    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x10, {
+    'Footer' : [ 0x0, ['pointer64', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x30, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x20, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x10, {
+    'Context1' : [ 0x0, ['pointer64', ['void']]],
+    'Context2' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x10, ['pointer64', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0x18, ['unsigned char']],
+    'Padding1' : [ 0x19, ['array', 3, ['unsigned char']]],
+    'Padding2' : [ 0x1c, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0x18, ['unsigned long']],
+    'HashIndex' : [ 0x1c, ['unsigned short']],
+    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
+    'LockedExclusive' : [ 0x1f, ['unsigned char']],
+    'LockStateSignature' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x158, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x138, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0x140, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x148, ['pointer64', ['void']]],
+    'Flags' : [ 0x150, ['unsigned long']],
+    'SessionId' : [ 0x154, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x2e0, {
+    'SystemDeviceMap' : [ 0x0, ['pointer64', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x8, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x80, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0x18, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x428, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x10, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
+    'ErrorCount' : [ 0x18, ['long']],
+    'RecordCount' : [ 0x1c, ['unsigned long']],
+    'RecordLength' : [ 0x20, ['unsigned long']],
+    'PoolTag' : [ 0x24, ['unsigned long']],
+    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x38, ['pointer64', ['void']]],
+    'SectionCount' : [ 0x40, ['unsigned long']],
+    'SectionLength' : [ 0x44, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
+    'TotalErrors' : [ 0x54, ['unsigned long']],
+    'Deferred' : [ 0x58, ['unsigned char']],
+    'Descriptor' : [ 0x59, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x10, ['unsigned long']],
+    'ProcessorNumber' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x1c, ['long']],
+    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x20, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x18, ['long']],
+    'HighWaterMark' : [ 0x1c, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x28, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_205c' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x5000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_205c']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
+    'NonPagablePages' : [ 0x28, ['unsigned long long']],
+    'CommittedPages' : [ 0x30, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x58, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x68, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x70, ['unsigned long']],
+    'AttachCount' : [ 0x74, ['unsigned long']],
+    'AttachGate' : [ 0x78, ['_KGATE']],
+    'WsListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'PagedPoolInfo' : [ 0xa0, ['_MM_PAGED_POOL_INFO']],
+    'Lookaside' : [ 0x100, ['array', 21, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xb80, ['_MMSESSION']],
+    'Vm' : [ 0xbc0, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0xd00, ['_MMWSL_INSTANCE']],
+    'AggregateSessionWs' : [ 0xd40, ['_MMSUPPORT_AGGREGATION']],
+    'HeapState' : [ 0xd60, ['pointer64', ['void']]],
+    'PagedPool' : [ 0xd80, ['_POOL_DESCRIPTOR']],
+    'DriverUnload' : [ 0x1ec0, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'TopLevelPteLockBits' : [ 0x1ec8, ['array', 32, ['unsigned long']]],
+    'PageDirectory' : [ 0x1f48, ['_MMPTE']],
+    'SessionVaLock' : [ 0x1f50, ['_EX_PUSH_LOCK']],
+    'DynamicVaBitMap' : [ 0x1f58, ['_RTL_BITMAP_EX']],
+    'DynamicVaHint' : [ 0x1f68, ['unsigned long long']],
+    'SpecialPool' : [ 0x1f70, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1fb0, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x1fb8, ['long']],
+    'PagedPoolPdeCount' : [ 0x1fbc, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1fc0, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1fc4, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1fc8, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x2028, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x2030, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x2038, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x2040, ['unsigned long long']],
+    'PermittedFaultsTree' : [ 0x2048, ['_RTL_AVL_TREE']],
+    'IoState' : [ 0x2050, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x2054, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x2058, ['_KEVENT']],
+    'ServerSilo' : [ 0x2070, ['pointer64', ['_EJOB']]],
+    'CreateTime' : [ 0x2078, ['unsigned long long']],
+    'PoolTags' : [ 0x3000, ['array', 8192, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x260, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x250, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x258, ['unsigned long']],
+} ],
+  '_CMP_VOLUME_CONTEXT' : [ 0x48, {
+    'VolumeContextListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'VolumeManager' : [ 0x10, ['pointer64', ['_CMP_VOLUME_MANAGER']]],
+    'RefCount' : [ 0x18, ['long long']],
+    'VolumeGuid' : [ 0x20, ['_GUID']],
+    'VolumeFileObject' : [ 0x30, ['pointer64', ['void']]],
+    'VolumeContextLock' : [ 0x38, ['_CMSI_RW_LOCK']],
+    'DeviceUsageNotificationSent' : [ 0x40, ['unsigned char']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'ParseProcedureEx' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x60, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0x18, ['unsigned long']],
+    'EntryOffset' : [ 0x18, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0x19, ['unsigned char']],
+    'WaitingBit' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0x1a, ['unsigned char']],
+    'AcquiredBit' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0x1b, ['unsigned char']],
+    'HeadNodeBit' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'SpareFlags' : [ 0x1c, ['unsigned long']],
+    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
+    'InTreeByte' : [ 0x27, ['unsigned char']],
+    'SessionState' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+    'SessionPad' : [ 0x2c, ['unsigned long']],
+    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
+    'EntryLock' : [ 0x50, ['unsigned long long']],
+    'BoostBitmap' : [ 0x58, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+    'SparePad' : [ 0x5c, ['unsigned long']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'RfgControlStack' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 27, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x78, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x50, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
+    'LastPolledSize' : [ 0x70, ['unsigned long long']],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
+    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_20c7' : [ 0x20, {
+    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
+    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
+    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_20ca' : [ 0x10, {
+    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0xf8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x30, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x78, ['_KDPC']],
+    'MinorFunction' : [ 0xb8, ['unsigned char']],
+    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0xc0, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
+    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0xd0, ['unsigned char']],
+    'NotifyPEP' : [ 0xd1, ['unsigned char']],
+    'IrpSequenceID' : [ 0xd4, ['long']],
+    'Device' : [ 0xd8, ['__unnamed_20c7']],
+    'System' : [ 0xd8, ['__unnamed_20ca']],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x38, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedBytes' : [ 0x8, ['unsigned long long']],
+    'NonPagedAllocs' : [ 0x10, ['unsigned long long']],
+    'NonPagedFrees' : [ 0x18, ['unsigned long long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+    'PagedAllocs' : [ 0x28, ['unsigned long long']],
+    'PagedFrees' : [ 0x30, ['unsigned long long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_CMP_VOLUME_MANAGER' : [ 0x18, {
+    'VolumeContextListLock' : [ 0x0, ['_CMSI_RW_LOCK']],
+    'VolumeContextListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGK_SILOSTATE' : [ 0x20, {
+    'ErrorPortLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ErrorPort' : [ 0x8, ['pointer64', ['_DBGKP_ERROR_PORT']]],
+    'ErrorProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ErrorPortRegisteredEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x428, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'StrictVetoBias' : [ 0x8, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0xc, ['unsigned long']],
+    'TargetState' : [ 0x10, ['unsigned long']],
+    'ActualState' : [ 0x14, ['unsigned long']],
+    'OldState' : [ 0x18, ['unsigned long']],
+    'OverrideIndex' : [ 0x1c, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0xf0, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x198, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x1a0, ['pointer64', ['void']]],
+    'IdleExecute' : [ 0x1a8, ['pointer64', ['void']]],
+    'IdlePreselect' : [ 0x1b0, ['pointer64', ['void']]],
+    'IdleTest' : [ 0x1b8, ['pointer64', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x1c0, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x1c8, ['pointer64', ['void']]],
+    'IdleCancel' : [ 0x1d0, ['pointer64', ['void']]],
+    'IdleIsHalted' : [ 0x1d8, ['pointer64', ['void']]],
+    'IdleInitiateWake' : [ 0x1e0, ['pointer64', ['void']]],
+    'PrepareInfo' : [ 0x1e8, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0x240, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0x2e8, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0x2f0, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0x2f8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0x308, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0x318, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x330, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x38, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_2121' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_2121']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x120, {
+    'ProcessCid' : [ 0x0, ['pointer64', ['void']]],
+    'ThreadCid' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x20, ['unsigned long']],
+    'CreateTrace' : [ 0x28, ['array', 30, ['unsigned long long']]],
+    'Count' : [ 0x118, ['long']],
+    'CaptureCount' : [ 0x11c, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ShortThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'IdleStateMax' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x240, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x48, ['pointer64', ['_KDPC']]],
+    'ChildList' : [ 0x50, ['_LIST_ENTRY']],
+    'Parent' : [ 0x60, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ChildOfVgaEnabledBridge' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DecodeIoOnBoot' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x28, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'LockMdlSwitchedTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x10, ['unsigned long long']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Valid' : [ 0x20, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x48, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'EntryDescriptor' : [ 0x20, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x38, ['unsigned long']],
+    'Handles' : [ 0x40, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x18, {
+    'IdealMask' : [ 0x0, ['unsigned long long']],
+    'PreferredMask' : [ 0x8, ['unsigned long long']],
+    'AvailableMask' : [ 0x10, ['unsigned long long']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_MMSESSION' : [ 0x20, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x8, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x10, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x18, ['unsigned long']],
+    'BitmapFailures' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x20, {
+    'CompletionRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'RequestorMode' : [ 0x18, ['unsigned char']],
+    'NestingLevel' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
+    'DirtyPages' : [ 0x0, ['unsigned long long']],
+    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
+    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SK_CRASH_MINIDUMP' : [ 0x1000, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'ModuleCount' : [ 0x8, ['unsigned long']],
+    'FrameCount' : [ 0xc, ['unsigned long']],
+    'Modules' : [ 0x10, ['array', 16, ['_SK_CRASH_MODULE']]],
+    'StackFrames' : [ 0x490, ['array', 366, ['_SK_CRASH_STACK_FRAME']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_SK_CRASH_STACK_FRAME' : [ 0x8, {
+    'ModuleId' : [ 0x0, ['unsigned long']],
+    'Rva' : [ 0x4, ['unsigned long']],
+    'Pc' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DEVICE_MAP' : [ 0x48, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x40, ['pointer64', ['_EJOB']]],
+} ],
+  '_RTL_BITMAP_EX' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ColdPage' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long long')]],
+    'ExecutePrivilege' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x8, ['pointer64', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x10, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x18, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'ReservedForHardware' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'ReservedForSoftware' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'WsleProtection' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SessionHeapInitialized' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SessionHeapDestroyed' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x28, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer64', ['void']]],
+    'OverQuotaHistory' : [ 0x8, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x20, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '__unnamed_21dc' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x90, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_21dc']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'WritesOutstanding' : [ 0x1c, ['unsigned long']],
+    'EvictFlushLock' : [ 0x20, ['long']],
+    'EvictionThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x30, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x50, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x60, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x78, ['pointer64', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x80, ['pointer64', ['_EPROCESS']]],
+    'DeleteStoredPages' : [ 0x88, ['unsigned long']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x2b0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+    'IdleStateMax' : [ 0x2e, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x88, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x10, ['unsigned long long']],
+    'ItemCount' : [ 0x18, ['long']],
+    'Dpc' : [ 0x20, ['_KDPC']],
+    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x8, {
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXHANDLE' : [ 0x8, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_FAST_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['wchar']]],
+    'DriverName' : [ 0x50, ['pointer64', ['wchar']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x270, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x48, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'SecureInfo' : [ 0x8, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'InPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x8, ['_MI_LARGEPAGE_IMAGE_INFO']],
+    'CreatingThread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'PebTebRfg' : [ 0x8, ['_MI_SUB64K_FREE_RANGES']],
+    'RfgProtectedStack' : [ 0x8, ['_MI_RFG_PROTECTED_STACK']],
+    'PlaceholderVad' : [ 0x8, ['pointer64', ['_MMVAD_SHORT']]],
+    'WaitReason' : [ 0x40, ['unsigned long']],
+} ],
+  '__unnamed_222b' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_222e' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0x18, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0x18, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0x18, ['pointer64', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x20, ['__unnamed_222b']],
+    'StartingSector' : [ 0x24, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x28, ['unsigned long']],
+    'PtesInSubsection' : [ 0x2c, ['unsigned long']],
+    'u1' : [ 0x30, ['__unnamed_222e']],
+    'UnusedPtes' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x34, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['unsigned long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
+    'NodeTargetCount' : [ 0x38, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x68, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'Reserved2' : [ 0x18, ['unsigned long']],
+    'Reserved3' : [ 0x20, ['array', 4, ['pointer64', ['void']]]],
+    'Reserved4' : [ 0x40, ['array', 4, ['unsigned long']]],
+    'Reserved5' : [ 0x50, ['pointer64', ['void']]],
+    'Reserved6' : [ 0x58, ['array', 2, ['pointer64', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x10, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x50, {
+    'LsaProcessHandle' : [ 0x0, ['pointer64', ['void']]],
+    'LsaCommandPortHandle' : [ 0x8, ['pointer64', ['void']]],
+    'SepRmThreadHandle' : [ 0x10, ['pointer64', ['void']]],
+    'RmCommandPortHandle' : [ 0x18, ['pointer64', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x20, ['pointer64', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x28, ['pointer64', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x30, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x38, ['pointer64', ['void']]],
+    'RmViewPortMemory' : [ 0x40, ['pointer64', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x48, ['long']],
+    'LsaCommandPortActive' : [ 0x4c, ['unsigned char']],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x30, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x10, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0x18, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x38, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'FirstPteForPagedPool' : [ 0x18, ['pointer64', ['_MMPTE']]],
+    'MaximumSize' : [ 0x20, ['unsigned long long']],
+    'PagedPoolHint' : [ 0x28, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x30, ['unsigned long long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0xf8, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xa8, ['_UNICODE_STRING']],
+    'Latency' : [ 0xb8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xbc, ['unsigned long']],
+    'Power' : [ 0xc0, ['unsigned long']],
+    'StateFlags' : [ 0xc4, ['unsigned long']],
+    'VetoAccounting' : [ 0xc8, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0xf0, ['unsigned char']],
+    'InterruptsEnabled' : [ 0xf1, ['unsigned char']],
+    'Interruptible' : [ 0xf2, ['unsigned char']],
+    'ContextRetained' : [ 0xf3, ['unsigned char']],
+    'CacheCoherent' : [ 0xf4, ['unsigned char']],
+    'WakesSpuriously' : [ 0xf5, ['unsigned char']],
+    'PlatformOnly' : [ 0xf6, ['unsigned char']],
+    'NoCState' : [ 0xf7, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x8, ['unsigned long long']],
+    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_2268' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_226a' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_2268']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x120, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_226a']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'SeSigningLevel' : [ 0x30, ['unsigned char']],
+    'PoolPageHeaders' : [ 0x40, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x50, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x60, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x64, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x68, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x6c, ['unsigned long']],
+    'PagedBytes' : [ 0x70, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x80, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x88, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x90, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x94, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x98, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x9c, ['unsigned long']],
+    'AllocationsFailed' : [ 0xa0, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0xa4, ['unsigned long']],
+    'LockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xc0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xd0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xe8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xf0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x108, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x10c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x110, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x114, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x118, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x11c, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Luid' : [ 0x20, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x28, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x38, {
+    'ProtosNode' : [ 0x0, ['_MI_PROTOTYPE_PTES_NODE']],
+    'DynamicRelocations' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityContext' : [ 0x28, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x30, ['unsigned long long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderEnclaveMemory', 34: u'LoaderFirmwareKsr', 35: u'LoaderEnclaveKsr', 36: u'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x38, {
+    'ScopeMap' : [ 0x0, ['pointer64', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x8, ['pointer64', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x10, ['pointer64', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x18, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x20, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x28, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x30, ['long long']],
+} ],
+  '_DELAY_ACK_FO' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadSpecControl' : [ 0x1, ['unsigned char']],
+    'SpecControlIbrs' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecControlStibp' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SpecControlReserved' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SchedulerAssist' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x20, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
+    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
+    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
+    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
+    'AvailableHistory' : [ 0x30, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x90, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'Count' : [ 0x28, ['unsigned long long']],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Who' : [ 0x38, ['unsigned long']],
+    'Hash' : [ 0x3c, ['unsigned long']],
+    'Page' : [ 0x40, ['unsigned long long']],
+    'StackTrace' : [ 0x48, ['array', 8, ['pointer64', ['void']]]],
+    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_MMSECTION_FLAGS2' : [ 0x4, {
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'NoCrossPartitionAccess' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SubsectionCrossPartitionReferenceOverflow' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  'HAL_PRIVATE_DISPATCH' : [ 0x458, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'HalHandlerForBus' : [ 0x8, ['pointer64', ['void']]],
+    'HalHandlerForConfigSpace' : [ 0x10, ['pointer64', ['void']]],
+    'HalLocateHiberRanges' : [ 0x18, ['pointer64', ['void']]],
+    'HalRegisterBusHandler' : [ 0x20, ['pointer64', ['void']]],
+    'HalSetWakeEnable' : [ 0x28, ['pointer64', ['void']]],
+    'HalSetWakeAlarm' : [ 0x30, ['pointer64', ['void']]],
+    'HalPciTranslateBusAddress' : [ 0x38, ['pointer64', ['void']]],
+    'HalPciAssignSlotResources' : [ 0x40, ['pointer64', ['void']]],
+    'HalHaltSystem' : [ 0x48, ['pointer64', ['void']]],
+    'HalFindBusAddressTranslation' : [ 0x50, ['pointer64', ['void']]],
+    'HalResetDisplay' : [ 0x58, ['pointer64', ['void']]],
+    'HalAllocateMapRegisters' : [ 0x60, ['pointer64', ['void']]],
+    'KdSetupPciDeviceForDebugging' : [ 0x68, ['pointer64', ['void']]],
+    'KdReleasePciDeviceForDebugging' : [ 0x70, ['pointer64', ['void']]],
+    'KdGetAcpiTablePhase0' : [ 0x78, ['pointer64', ['void']]],
+    'KdCheckPowerButton' : [ 0x80, ['pointer64', ['void']]],
+    'HalVectorToIDTEntry' : [ 0x88, ['pointer64', ['void']]],
+    'KdMapPhysicalMemory64' : [ 0x90, ['pointer64', ['void']]],
+    'KdUnmapVirtualAddress' : [ 0x98, ['pointer64', ['void']]],
+    'KdGetPciDataByOffset' : [ 0xa0, ['pointer64', ['void']]],
+    'KdSetPciDataByOffset' : [ 0xa8, ['pointer64', ['void']]],
+    'HalGetInterruptVectorOverride' : [ 0xb0, ['pointer64', ['void']]],
+    'HalGetVectorInputOverride' : [ 0xb8, ['pointer64', ['void']]],
+    'HalLoadMicrocode' : [ 0xc0, ['pointer64', ['void']]],
+    'HalUnloadMicrocode' : [ 0xc8, ['pointer64', ['void']]],
+    'HalPostMicrocodeUpdate' : [ 0xd0, ['pointer64', ['void']]],
+    'HalAllocateMessageTargetOverride' : [ 0xd8, ['pointer64', ['void']]],
+    'HalFreeMessageTargetOverride' : [ 0xe0, ['pointer64', ['void']]],
+    'HalDpReplaceBegin' : [ 0xe8, ['pointer64', ['void']]],
+    'HalDpReplaceTarget' : [ 0xf0, ['pointer64', ['void']]],
+    'HalDpReplaceControl' : [ 0xf8, ['pointer64', ['void']]],
+    'HalDpReplaceEnd' : [ 0x100, ['pointer64', ['void']]],
+    'HalPrepareForBugcheck' : [ 0x108, ['pointer64', ['void']]],
+    'HalQueryWakeTime' : [ 0x110, ['pointer64', ['void']]],
+    'HalReportIdleStateUsage' : [ 0x118, ['pointer64', ['void']]],
+    'HalTscSynchronization' : [ 0x120, ['pointer64', ['void']]],
+    'HalWheaInitProcessorGenericSection' : [ 0x128, ['pointer64', ['void']]],
+    'HalStopLegacyUsbInterrupts' : [ 0x130, ['pointer64', ['void']]],
+    'HalReadWheaPhysicalMemory' : [ 0x138, ['pointer64', ['void']]],
+    'HalWriteWheaPhysicalMemory' : [ 0x140, ['pointer64', ['void']]],
+    'HalDpMaskLevelTriggeredInterrupts' : [ 0x148, ['pointer64', ['void']]],
+    'HalDpUnmaskLevelTriggeredInterrupts' : [ 0x150, ['pointer64', ['void']]],
+    'HalDpGetInterruptReplayState' : [ 0x158, ['pointer64', ['void']]],
+    'HalDpReplayInterrupts' : [ 0x160, ['pointer64', ['void']]],
+    'HalQueryIoPortAccessSupported' : [ 0x168, ['pointer64', ['void']]],
+    'KdSetupIntegratedDeviceForDebugging' : [ 0x170, ['pointer64', ['void']]],
+    'KdReleaseIntegratedDeviceForDebugging' : [ 0x178, ['pointer64', ['void']]],
+    'HalGetEnlightenmentInformation' : [ 0x180, ['pointer64', ['void']]],
+    'HalAllocateEarlyPages' : [ 0x188, ['pointer64', ['void']]],
+    'HalMapEarlyPages' : [ 0x190, ['pointer64', ['void']]],
+    'Dummy1' : [ 0x198, ['pointer64', ['void']]],
+    'Dummy2' : [ 0x1a0, ['pointer64', ['void']]],
+    'HalNotifyProcessorFreeze' : [ 0x1a8, ['pointer64', ['void']]],
+    'HalPrepareProcessorForIdle' : [ 0x1b0, ['pointer64', ['void']]],
+    'HalRegisterLogRoutine' : [ 0x1b8, ['pointer64', ['void']]],
+    'HalResumeProcessorFromIdle' : [ 0x1c0, ['pointer64', ['void']]],
+    'Dummy' : [ 0x1c8, ['pointer64', ['void']]],
+    'HalVectorToIDTEntryEx' : [ 0x1d0, ['pointer64', ['void']]],
+    'HalSecondaryInterruptQueryPrimaryInformation' : [ 0x1d8, ['pointer64', ['void']]],
+    'HalMaskInterrupt' : [ 0x1e0, ['pointer64', ['void']]],
+    'HalUnmaskInterrupt' : [ 0x1e8, ['pointer64', ['void']]],
+    'HalIsInterruptTypeSecondary' : [ 0x1f0, ['pointer64', ['void']]],
+    'HalAllocateGsivForSecondaryInterrupt' : [ 0x1f8, ['pointer64', ['void']]],
+    'HalAddInterruptRemapping' : [ 0x200, ['pointer64', ['void']]],
+    'HalRemoveInterruptRemapping' : [ 0x208, ['pointer64', ['void']]],
+    'HalSaveAndDisableHvEnlightenment' : [ 0x210, ['pointer64', ['void']]],
+    'HalRestoreHvEnlightenment' : [ 0x218, ['pointer64', ['void']]],
+    'HalFlushIoBuffersExternalCache' : [ 0x220, ['pointer64', ['void']]],
+    'HalFlushExternalCache' : [ 0x228, ['pointer64', ['void']]],
+    'HalPciEarlyRestore' : [ 0x230, ['pointer64', ['void']]],
+    'HalGetProcessorId' : [ 0x238, ['pointer64', ['void']]],
+    'HalAllocatePmcCounterSet' : [ 0x240, ['pointer64', ['void']]],
+    'HalCollectPmcCounters' : [ 0x248, ['pointer64', ['void']]],
+    'HalFreePmcCounterSet' : [ 0x250, ['pointer64', ['void']]],
+    'HalProcessorHalt' : [ 0x258, ['pointer64', ['void']]],
+    'HalTimerQueryCycleCounter' : [ 0x260, ['pointer64', ['void']]],
+    'Dummy3' : [ 0x268, ['pointer64', ['void']]],
+    'HalPciMarkHiberPhase' : [ 0x270, ['pointer64', ['void']]],
+    'HalQueryProcessorRestartEntryPoint' : [ 0x278, ['pointer64', ['void']]],
+    'HalRequestInterrupt' : [ 0x280, ['pointer64', ['void']]],
+    'HalEnumerateUnmaskedInterrupts' : [ 0x288, ['pointer64', ['void']]],
+    'HalFlushAndInvalidatePageExternalCache' : [ 0x290, ['pointer64', ['void']]],
+    'KdEnumerateDebuggingDevices' : [ 0x298, ['pointer64', ['void']]],
+    'HalFlushIoRectangleExternalCache' : [ 0x2a0, ['pointer64', ['void']]],
+    'HalPowerEarlyRestore' : [ 0x2a8, ['pointer64', ['void']]],
+    'HalQueryCapsuleCapabilities' : [ 0x2b0, ['pointer64', ['void']]],
+    'HalUpdateCapsule' : [ 0x2b8, ['pointer64', ['void']]],
+    'HalPciMultiStageResumeCapable' : [ 0x2c0, ['pointer64', ['void']]],
+    'HalDmaFreeCrashDumpRegisters' : [ 0x2c8, ['pointer64', ['void']]],
+    'HalAcpiAoacCapable' : [ 0x2d0, ['pointer64', ['void']]],
+    'HalInterruptSetDestination' : [ 0x2d8, ['pointer64', ['void']]],
+    'HalGetClockConfiguration' : [ 0x2e0, ['pointer64', ['void']]],
+    'HalClockTimerActivate' : [ 0x2e8, ['pointer64', ['void']]],
+    'HalClockTimerInitialize' : [ 0x2f0, ['pointer64', ['void']]],
+    'HalClockTimerStop' : [ 0x2f8, ['pointer64', ['void']]],
+    'HalClockTimerArm' : [ 0x300, ['pointer64', ['void']]],
+    'HalTimerOnlyClockInterruptPending' : [ 0x308, ['pointer64', ['void']]],
+    'HalAcpiGetMultiNode' : [ 0x310, ['pointer64', ['void']]],
+    'HalPowerSetRebootHandler' : [ 0x318, ['pointer64', ['void']]],
+    'HalIommuRegisterDispatchTable' : [ 0x320, ['pointer64', ['void']]],
+    'HalTimerWatchdogStart' : [ 0x328, ['pointer64', ['void']]],
+    'HalTimerWatchdogResetCountdown' : [ 0x330, ['pointer64', ['void']]],
+    'HalTimerWatchdogStop' : [ 0x338, ['pointer64', ['void']]],
+    'HalTimerWatchdogGeneratedLastReset' : [ 0x340, ['pointer64', ['void']]],
+    'HalTimerWatchdogTriggerSystemReset' : [ 0x348, ['pointer64', ['void']]],
+    'HalInterruptVectorDataToGsiv' : [ 0x350, ['pointer64', ['void']]],
+    'HalInterruptGetHighestPriorityInterrupt' : [ 0x358, ['pointer64', ['void']]],
+    'HalProcessorOn' : [ 0x360, ['pointer64', ['void']]],
+    'HalProcessorOff' : [ 0x368, ['pointer64', ['void']]],
+    'HalProcessorFreeze' : [ 0x370, ['pointer64', ['void']]],
+    'HalDmaLinkDeviceObjectByToken' : [ 0x378, ['pointer64', ['void']]],
+    'HalDmaCheckAdapterToken' : [ 0x380, ['pointer64', ['void']]],
+    'Dummy4' : [ 0x388, ['pointer64', ['void']]],
+    'HalTimerConvertPerformanceCounterToAuxiliaryCounter' : [ 0x390, ['pointer64', ['void']]],
+    'HalTimerConvertAuxiliaryCounterToPerformanceCounter' : [ 0x398, ['pointer64', ['void']]],
+    'HalTimerQueryAuxiliaryCounterFrequency' : [ 0x3a0, ['pointer64', ['void']]],
+    'HalConnectThermalInterrupt' : [ 0x3a8, ['pointer64', ['void']]],
+    'HalIsEFIRuntimeActive' : [ 0x3b0, ['pointer64', ['void']]],
+    'HalTimerQueryAndResetRtcErrors' : [ 0x3b8, ['pointer64', ['void']]],
+    'HalAcpiLateRestore' : [ 0x3c0, ['pointer64', ['void']]],
+    'KdWatchdogDelayExpiration' : [ 0x3c8, ['pointer64', ['void']]],
+    'HalGetProcessorStats' : [ 0x3d0, ['pointer64', ['void']]],
+    'HalTimerWatchdogQueryDueTime' : [ 0x3d8, ['pointer64', ['void']]],
+    'HalConnectSyntheticInterrupt' : [ 0x3e0, ['pointer64', ['void']]],
+    'HalPreprocessNmi' : [ 0x3e8, ['pointer64', ['void']]],
+    'HalEnumerateEnvironmentVariablesWithFilter' : [ 0x3f0, ['pointer64', ['void']]],
+    'HalCaptureLastBranchRecordStack' : [ 0x3f8, ['pointer64', ['void']]],
+    'HalClearLastBranchRecordStack' : [ 0x400, ['pointer64', ['void']]],
+    'HalConfigureLastBranchRecord' : [ 0x408, ['pointer64', ['void']]],
+    'HalGetLastBranchInformation' : [ 0x410, ['pointer64', ['void']]],
+    'HalResumeLastBranchRecord' : [ 0x418, ['pointer64', ['void']]],
+    'HalStartLastBranchRecord' : [ 0x420, ['pointer64', ['void']]],
+    'HalStopLastBranchRecord' : [ 0x428, ['pointer64', ['void']]],
+    'HalIommuBlockDevice' : [ 0x430, ['pointer64', ['void']]],
+    'HalIommuUnblockDevice' : [ 0x438, ['pointer64', ['void']]],
+    'HalGetIommuInterface' : [ 0x440, ['pointer64', ['void']]],
+    'HalRequestGenericErrorRecovery' : [ 0x448, ['pointer64', ['void']]],
+    'HalTimerQueryHostPerformanceCounter' : [ 0x450, ['pointer64', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KSECURE_FAULT_INFORMATION' : [ 0x10, {
+    'FaultCode' : [ 0x0, ['unsigned long long']],
+    'FaultVa' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '__unnamed_23dd' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_23df' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_23dd']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_23df']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x20, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long long']],
+    'NumberOfProcessReferences' : [ 0x8, ['unsigned long long']],
+    'ClonePtes' : [ 0x10, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x2080, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x180, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x400, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x4c0, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x548, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x590, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x700, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0xc00, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0xc18, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0xc40, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0xca0, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0xd18, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0xe00, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0xe80, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0xfa0, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x1040, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x1240, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x12b0, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x1300, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x13c0, ['_MI_SYSTEM_TRIM_STATE']],
+    'Cookie' : [ 0x1400, ['unsigned long long']],
+    'BootRegistryRuns' : [ 0x1408, ['pointer64', ['pointer64', ['void']]]],
+    'ZeroingDisabled' : [ 0x1410, ['long']],
+    'FullyInitialized' : [ 0x1414, ['unsigned char']],
+    'SafeBooted' : [ 0x1415, ['unsigned char']],
+    'TraceLogging' : [ 0x1418, ['pointer64', ['_TlgProvider_t']]],
+    'Vs' : [ 0x1440, ['_MI_VISIBLE_STATE']],
+} ],
+  '_CMSI_RW_LOCK' : [ 0x8, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x40, {
+    'ProcessorBuffers' : [ 0x0, ['pointer64', ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0x1200, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x8, ['unsigned long long']],
+    'NumberOfPhysicalPages' : [ 0x10, ['unsigned long long']],
+    'NumberOfPagingFiles' : [ 0x18, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x1c, ['unsigned char']],
+    'PagingFile' : [ 0x20, ['array', 16, ['pointer64', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0xc0, ['unsigned long long']],
+    'ResidentAvailablePages' : [ 0x100, ['unsigned long long']],
+    'PartitionWs' : [ 0x140, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x200, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x228, ['unsigned long long']],
+    'ModifiedPageListHead' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x280, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x2a8, ['unsigned long long']],
+    'TotalPagesForPagingFile' : [ 0x2b0, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x2b8, ['unsigned long long']],
+    'ProcessLockedFilePages' : [ 0x2c0, ['unsigned long long']],
+    'SharedCommit' : [ 0x2c8, ['unsigned long long']],
+    'ChargeCommitmentFailures' : [ 0x2d0, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x2e0, ['long']],
+    'PageFileTraces' : [ 0x2e8, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x30, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x18, ['_KEVENT']],
+} ],
+  '_ETW_DECODE_CONTROL_ENTRY' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'Decode' : [ 0x8, ['_GUID']],
+    'Control' : [ 0x18, ['_GUID']],
+    'ConsumersNotified' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_241a' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_241c' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_241a']],
+} ],
+  '__unnamed_241e' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_241c']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_241e']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_2426' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_2426']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MI_LARGEPAGE_IMAGE_INFO' : [ 0x10, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2433' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x28, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
+    'NodeCount' : [ 0x8, ['unsigned long long']],
+    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x18, ['unsigned long']],
+    'UseSessionId' : [ 0x1c, ['unsigned char']],
+    'u1' : [ 0x20, ['__unnamed_2433']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x110, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0xc0, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x48, {
+    'SystemDllBase' : [ 0x0, ['pointer64', ['void']]],
+    'ColorSeed' : [ 0x8, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0xc, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x28, ['array', 2, ['pointer64', ['_MMPTE']]]],
+    'HypervisorSharedVa' : [ 0x38, ['pointer64', ['void']]],
+    'VadSecureCookie' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_AGGREGATION' : [ 0x20, {
+    'PageFaultCount' : [ 0x0, ['unsigned long']],
+    'WorkingSetSize' : [ 0x8, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x10, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x78, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
+    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
+    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x190, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long long']],
+    'Guid' : [ 0x18, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['pointer64', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x178, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x180, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x188, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x150, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['wchar']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['wchar']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x120, ['unsigned char']],
+    'TransactionEvent' : [ 0x128, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x130, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x138, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x140, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x148, ['pointer64', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_RTLP_HP_HEAP_GLOBALS' : [ 0x18, {
+    'HeapKey' : [ 0x0, ['unsigned long long']],
+    'LfhKey' : [ 0x8, ['unsigned long long']],
+    'FailureInfo' : [ 0x10, ['pointer64', ['_HEAP_FAILURE_INFORMATION']]],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0xc0, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x10, ['_KMUTANT']],
+    'FixupLock' : [ 0x48, ['long']],
+    'FirstLoadEver' : [ 0x4c, ['unsigned char']],
+    'LargePageAll' : [ 0x4d, ['unsigned char']],
+    'LastPage' : [ 0x50, ['unsigned long long']],
+    'LargePageList' : [ 0x58, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x68, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x78, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x88, ['array', 2, ['pointer64', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x98, ['unsigned long long']],
+    'PageCounts' : [ 0xa0, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'ImageTree' : [ 0xb8, ['_RTL_AVL_TREE']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SlatKernelCodeProtected' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ExceptionHandlingReady' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x68, ['unsigned char']],
+    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x10, ['unsigned long']],
+    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x8, {
+    'Head' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x100, {
+    'DriverInit' : [ 0x0, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x8, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x10, ['pointer64', ['void']]],
+    'AddDevice' : [ 0x18, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x20, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x60, {
+    'PartitionLock' : [ 0x0, ['unsigned long long']],
+    'PartitionIdLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x10, ['unsigned long long']],
+    'PartitionList' : [ 0x18, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x30, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x40, ['array', 1, ['pointer64', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x48, ['pointer64', ['pointer64', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x50, ['unsigned long long']],
+    'CrossPartitionDenials' : [ 0x58, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x5c, ['unsigned char']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x368, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+    'State' : [ 0x40, ['unsigned char']],
+    'Flags' : [ 0x41, ['unsigned char']],
+    'Removing' : [ 0x42, ['unsigned char']],
+    'Mode' : [ 0x43, ['unsigned char']],
+    'PendingMode' : [ 0x44, ['unsigned char']],
+    'ActivePoint' : [ 0x45, ['unsigned char']],
+    'PendingActivePoint' : [ 0x46, ['unsigned char']],
+    'Critical' : [ 0x47, ['unsigned char']],
+    'ThermalStandby' : [ 0x48, ['unsigned char']],
+    'OverThrottled' : [ 0x49, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x4c, ['long']],
+    'Throttle' : [ 0x50, ['long']],
+    'PendingThrottle' : [ 0x54, ['long']],
+    'ThrottleReasons' : [ 0x58, ['unsigned long']],
+    'LastPassiveTime' : [ 0x60, ['unsigned long long']],
+    'SampleRate' : [ 0x68, ['unsigned long']],
+    'LastTemp' : [ 0x6c, ['unsigned long']],
+    'Info' : [ 0x70, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xcc, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xe4, ['unsigned char']],
+    'PollingRate' : [ 0xe8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xf0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xf8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x100, ['unsigned long long']],
+    'WorkItem' : [ 0x108, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0x128, ['_KTIMER2']],
+    'Lock' : [ 0x1b0, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x1c0, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x1d8, ['_KEVENT']],
+    'InstanceId' : [ 0x1f0, ['unsigned long']],
+    'TelemetryTracker' : [ 0x1f8, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x358, ['_UNICODE_STRING']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '__unnamed_250f' : [ 0x4, {
+    'Bus' : [ 0x0, ['unsigned char']],
+    'Device' : [ 0x1, ['unsigned char']],
+    'Function' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2511' : [ 0x2, {
+    'SecondaryBus' : [ 0x0, ['unsigned char']],
+    'SubordinateBus' : [ 0x1, ['unsigned char']],
+} ],
+  '_PCI_BUSMASTER_DESCRIPTOR' : [ 0xc, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusmasterRidFromDeviceRid', 1: u'BusmasterRidFromBridgeRid', 2: u'BusmasterRidFromMultipleBridges'})]],
+    'Segment' : [ 0x4, ['unsigned long']],
+    'DeviceRid' : [ 0x8, ['__unnamed_250f']],
+    'BridgeRid' : [ 0x8, ['__unnamed_250f']],
+    'MultipleBridges' : [ 0x8, ['__unnamed_2511']],
+} ],
+  '_HVP_VIEW_MAP' : [ 0x38, {
+    'SectionReference' : [ 0x0, ['pointer64', ['void']]],
+    'StorageEndFileOffset' : [ 0x8, ['long long']],
+    'SectionEndFileOffset' : [ 0x10, ['long long']],
+    'ProcessTuple' : [ 0x18, ['pointer64', ['_CMSI_PROCESS_TUPLE']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ViewTree' : [ 0x28, ['_RTL_RB_TREE']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x18, {
+    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x10, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HAL_LOG_REGISTER_CONTEXT' : [ 0x10, {
+    'LogRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Flag' : [ 0x8, ['unsigned long']],
+} ],
+  '_DEVICE_OBJECT_LIST_ENTRY' : [ 0x18, {
+    'DeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'RELATION_LEVEL_REMOVE_EJECT', 1: u'RELATION_LEVEL_DEPENDENT', 2: u'RELATION_LEVEL_DIRECT_DESCENDANT'})]],
+    'Ordinal' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x8, ['long long']],
+    'SidCount' : [ 0x10, ['unsigned long']],
+    'SidValuesStart' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x18, {
+    'RunRefs' : [ 0x0, ['pointer64', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x8, ['pointer64', ['void']]],
+    'RunRefSize' : [ 0x10, ['unsigned long']],
+    'Number' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
+    'Function' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_2549' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_254b' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_2549']],
+    'Private' : [ 0x0, ['__unnamed_254b']],
+} ],
+  '_CM_TRANS_PTR' : [ 0x8, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'TransPtr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x38, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x10, ['unsigned long long']],
+    'VolumeKey' : [ 0x18, ['unsigned long long']],
+    'Rundown' : [ 0x20, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x28, ['pointer64', ['void']]],
+    'VolumeIoAttribution' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x8, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x8, ['unsigned long long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x48, ['unsigned long long']],
+    'BigPagesAllocated' : [ 0x50, ['unsigned long long']],
+    'BytesAllocated' : [ 0x58, ['unsigned long long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x88, ['unsigned long long']],
+    'BigPagesDeallocated' : [ 0x90, ['unsigned long long']],
+    'BytesDeallocated' : [ 0x98, ['unsigned long long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+    'PoolTypeCopy' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'ThreadsProcessingDeferrals' : [ 0x108, ['long']],
+    'PendingFreeDepth' : [ 0x10c, ['long']],
+    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KPRCBFLAG' : [ 0x4, {
+    'PrcbFlags' : [ 0x0, ['long']],
+    'BamQosLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'PendingQosUpdate' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PrcbFlagsReserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_25c2' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_25c4' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_25c2']],
+    'Button' : [ 0x10, ['__unnamed_25c4']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
+    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x88, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x18, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x58, ['long long']],
+    'Callback' : [ 0x60, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x68, ['pointer64', ['void']]],
+    'DisableCallback' : [ 0x70, ['pointer64', ['void']]],
+    'DisableContext' : [ 0x78, ['pointer64', ['void']]],
+    'AbsoluteSystemTime' : [ 0x80, ['unsigned char']],
+    'TypeFlags' : [ 0x81, ['unsigned char']],
+    'Unused' : [ 0x81, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x81, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x81, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x81, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x81, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x82, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x88, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'DetachTimeStamp' : [ 0x20, ['unsigned long']],
+    'CodePageEdited' : [ 0x24, ['unsigned char']],
+    'DynamicPoolBitBuffer' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'DynamicVaBitBuffer' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'DynamicVaBitBufferPages' : [ 0x38, ['unsigned long long']],
+    'DynamicVaStart' : [ 0x40, ['pointer64', ['void']]],
+    'ImageVaStart' : [ 0x48, ['pointer64', ['void']]],
+    'DynamicPtesBitBuffer' : [ 0x50, ['pointer64', ['unsigned long']]],
+    'IdLock' : [ 0x58, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x60, ['pointer64', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x70, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x78, ['pointer64', ['void']]],
+    'SessionCore' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x10, ['pointer64', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'AccessMask' : [ 0x20, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x280, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'UnusedSegmentPagedPool' : [ 0x18, ['unsigned long long']],
+    'DataSectionProtectionMask' : [ 0x20, ['unsigned long']],
+    'HighSectionBase' : [ 0x28, ['pointer64', ['void']]],
+    'PhysicalSubsection' : [ 0x30, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0xc0, ['_CONTROL_AREA']],
+    'PurgingExtentPages' : [ 0x140, ['_MMPFNLIST']],
+    'DanglingExtentPages' : [ 0x168, ['pointer64', ['_MMPFN']]],
+    'DanglingExtentsWorkItem' : [ 0x170, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsWorkerActive' : [ 0x190, ['unsigned char']],
+    'PurgingExtentsNeedWatchdog' : [ 0x191, ['unsigned char']],
+    'PrototypePtesTree' : [ 0x198, ['_RTL_AVL_TREE']],
+    'PrototypePtesTreeSpinLock' : [ 0x1a0, ['long']],
+    'ImageBias' : [ 0x1a4, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0x1a8, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0x1b0, ['_RTL_BITMAP']],
+    'ImageBias64Low' : [ 0x1c0, ['unsigned long']],
+    'ImageBias64High' : [ 0x1c4, ['unsigned long']],
+    'ImageBitMap64Low' : [ 0x1c8, ['_RTL_BITMAP']],
+    'ImageBitMap64High' : [ 0x1d8, ['_RTL_BITMAP']],
+    'ImageBitMapWow64Dll' : [ 0x1e8, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0x1f8, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x200, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0x208, ['unsigned long long']],
+    'LostDataFiles' : [ 0x210, ['unsigned long']],
+    'LostDataPages' : [ 0x214, ['unsigned long']],
+    'ImageFailureReason' : [ 0x218, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x220, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x228, ['pointer64', ['_CONTROL_AREA']]],
+    'CfgBitMapSection64' : [ 0x230, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea64' : [ 0x238, ['pointer64', ['_CONTROL_AREA']]],
+    'KernelCfgBitMap' : [ 0x240, ['_RTL_BITMAP_EX']],
+    'KernelCfgBitMapLock' : [ 0x250, ['_EX_PUSH_LOCK']],
+    'ImageCfgFailure' : [ 0x258, ['unsigned long']],
+    'ImageChecksumBreakpoint' : [ 0x25c, ['unsigned long']],
+    'ImageSizeBreakpoint' : [ 0x260, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x264, ['long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x28, ['unsigned char']],
+    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x60, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkIdFilter' : [ 0x28, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'StackWalkNameFilter' : [ 0x30, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+    'StackWalkLevelKwFilter' : [ 0x38, ['pointer64', ['_EVENT_FILTER_LEVEL_KW']]],
+    'EventIdFilter' : [ 0x40, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x48, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x50, ['pointer64', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x58, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 24, native_type='unsigned long long')]],
+    'ColdPage' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xa8, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xa4, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x7b8, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'SharedData' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pUnused' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['pointer64', ['void']]]],
+    'TelemetryCoverageHeader' : [ 0x7a0, ['pointer64', ['void']]],
+    'CloudFileFlags' : [ 0x7a8, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x7ac, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x7b0, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x7b1, ['array', 7, ['unsigned char']]],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_2643' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2647' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_2643']],
+    'Bits' : [ 0x4, ['__unnamed_2647']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'DataLow' : [ 0x0, ['long long']],
+    'DataHigh' : [ 0x8, ['long long']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_SYSTEM_LOGGER_SETTINGS' : [ 0x174, {
+    'EtwpSystemLogger' : [ 0x0, ['array', 8, ['_ETW_SYSTEM_LOGGER']]],
+    'EtwpActiveSystemLoggers' : [ 0x10, ['unsigned long']],
+    'SiloGlobalGroupMask' : [ 0x14, ['_PERFINFO_GROUPMASK']],
+    'EtwpGroupMasks' : [ 0x34, ['array', 10, ['_PERFINFO_GROUPMASK']]],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x38, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Vad' : [ 0x20, ['pointer64', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x28, ['unsigned long']],
+    'FullSetBits' : [ 0x2c, ['unsigned long']],
+    'SubListIndex' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_2663' : [ 0x30, {
+    'ApcState' : [ 0x0, ['_KAPC_STATE']],
+    'HardFaultState' : [ 0x0, ['_MI_HARD_FAULT_STATE']],
+} ],
+  '__unnamed_2665' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2668' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x1b8, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Event' : [ 0x20, ['_KEVENT']],
+    'CollidedEvent' : [ 0x38, ['_KEVENT']],
+    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
+    'u2' : [ 0x68, ['__unnamed_2663']],
+    'Thread' : [ 0x98, ['pointer64', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0xa0, ['pointer64', ['_MMPFN']]],
+    'PteContents' : [ 0xa8, ['_MMPTE']],
+    'WaitCount' : [ 0xb0, ['long']],
+    'ByteCount' : [ 0xb4, ['unsigned long']],
+    'u3' : [ 0xb8, ['__unnamed_2665']],
+    'u1' : [ 0xbc, ['__unnamed_2668']],
+    'FilePointer' : [ 0xc0, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xc8, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0xc8, ['pointer64', ['_SUBSECTION']]],
+    'Autoboost' : [ 0xd0, ['pointer64', ['void']]],
+    'FaultingAddress' : [ 0xd8, ['pointer64', ['void']]],
+    'PointerPte' : [ 0xe0, ['pointer64', ['_MMPTE']]],
+    'BasePte' : [ 0xe8, ['pointer64', ['_MMPTE']]],
+    'Pfn' : [ 0xf0, ['pointer64', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0xf8, ['pointer64', ['_MDL']]],
+    'ProbeCount' : [ 0x100, ['long long']],
+    'Mdl' : [ 0x108, ['_MDL']],
+    'Page' : [ 0x138, ['array', 16, ['unsigned long long']]],
+    'FlowThrough' : [ 0x138, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2672' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2674' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2676' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2678' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2672']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_2674']],
+    'Raw' : [ 0x0, ['__unnamed_2676']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0xc, ['__unnamed_2678']],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x20, {
+    'BaseKcb' : [ 0x0, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x8, ['long']],
+    'ClonedKcbListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset', 25: u'ClearDmaGuardProblem'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+    'ActivityId' : [ 0x38, ['_GUID']],
+    'RefCount' : [ 0x48, ['long']],
+    'Dequeued' : [ 0x4c, ['unsigned char']],
+    'CancelLock' : [ 0x50, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x58, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0x180, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x38, ['unsigned char']],
+    'Platform' : [ 0x39, ['unsigned char']],
+    'DependencyListCount' : [ 0x3c, ['unsigned long']],
+    'Processors' : [ 0x40, ['_KAFFINITY_EX']],
+    'Name' : [ 0xe8, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0xf8, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x100, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x108, ['unsigned long long']],
+    'RefCount' : [ 0x140, ['long']],
+    'CacheAlign0' : [ 0x140, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0xfc0, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer64', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x280, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x500, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x780, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x7c0, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x7e8, ['array', 2, ['pointer64', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x7f8, ['array', 8, ['pointer64', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x838, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x880, ['unsigned long long']],
+    'TransitionSharedPagesPeak' : [ 0x888, ['array', 6, ['unsigned long long']]],
+    'MappedPageListHeadEvent' : [ 0x8b8, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0xa38, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0xa58, ['unsigned long']],
+    'StandbyListDiscard' : [ 0xa5c, ['unsigned char']],
+    'FreeListDiscard' : [ 0xa5d, ['unsigned char']],
+    'LargePfnBitMapsReady' : [ 0xa5e, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0xa60, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0xa68, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0xac0, ['unsigned long long']],
+    'AvailablePageWaitStates' : [ 0xac8, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0xb28, ['pointer64', ['void']]],
+    'TransitionPrivatePages' : [ 0xb40, ['unsigned long long']],
+    'LargePfnBitMap' : [ 0xb48, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'LargePageListHeads' : [ 0xb68, ['pointer64', ['_MI_FREE_LARGE_PAGE_LIST']]],
+    'LargePageCandidates' : [ 0xb70, ['array', 2, ['_MI_LARGE_PAGE_CANDIDATES']]],
+    'RebuildLargePageWorkItem' : [ 0xf80, ['_WORK_QUEUE_ITEM']],
+    'RebuildLargePageActive' : [ 0xfa0, ['unsigned char']],
+    'LargePageRebuildLock' : [ 0xfa4, ['long']],
+    'LowMemoryThreshold' : [ 0xfa8, ['unsigned long long']],
+    'HighMemoryThreshold' : [ 0xfb0, ['unsigned long long']],
+} ],
+  '__unnamed_26a4' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_26a4']],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '__unnamed_26bc' : [ 0x8, {
+    'AllocationType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Inserted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+} ],
+  '__unnamed_26be' : [ 0x8, {
+    'PrototypePtesFlags' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_26c0' : [ 0x8, {
+    'e1' : [ 0x0, ['__unnamed_26bc']],
+    'e2' : [ 0x0, ['__unnamed_26be']],
+} ],
+  '_MI_PROTOTYPE_PTES_NODE' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x18, ['__unnamed_26c0']],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0x188, {
+    'Partition' : [ 0x0, ['pointer64', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0x18, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x40, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x48, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x58, ['unsigned long long']],
+    'CombinePageListHeads' : [ 0x60, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0x160, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'LowboxNumber' : [ 0x28, ['unsigned long']],
+    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x8, ['pointer64', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID' : [ 0x18, {
+    'DeviceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'EXT_IOMMU_DEVICE_TYPE_INVALID', 1: u'EXT_IOMMU_DEVICE_TYPE_PCI', 2: u'EXT_IOMMU_DEVICE_TYPE_ACPI', 3: u'EXT_IOMMU_DEVICE_TYPE_IOAPIC', 4: u'EXT_IOMMU_DEVICE_TYPE_LOGICAL', 5: u'EXT_IOMMU_DEVICE_TYPE_TEST', 6: u'EXT_IOMMU_DEVICE_TYPE_MAX'})]],
+    'Pci' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_PCI']],
+    'Acpi' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_ACPI']],
+    'IoApicId' : [ 0x8, ['unsigned char']],
+    'LogicalId' : [ 0x8, ['unsigned long long']],
+    'Test' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_TEST']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_26e5' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_26e7' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_26ea' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_26ee' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x58, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x38, ['__unnamed_26e5']],
+    'HvDeviceId' : [ 0x40, ['unsigned long long']],
+    'XapicMessage' : [ 0x48, ['__unnamed_26e7']],
+    'Hypertransport' : [ 0x48, ['__unnamed_26ea']],
+    'GenericMessage' : [ 0x48, ['__unnamed_26e7']],
+    'MessageRequest' : [ 0x48, ['__unnamed_26ee']],
+} ],
+  '__unnamed_26f3' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_26f5' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_26f3']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_26f9' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_26fb' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_26f9']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_26f5']],
+    'HighPart' : [ 0x4, ['__unnamed_26fb']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'KernelSoftReboot' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_KINTERRUPT' : [ 0x100, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
+    'ActiveCount' : [ 0x66, ['unsigned short']],
+    'InternalState' : [ 0x68, ['long']],
+    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x74, ['unsigned long']],
+    'DispatchCount' : [ 0x78, ['unsigned long']],
+    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x90, ['pointer64', ['void']]],
+    'ServiceThread' : [ 0x98, ['pointer64', ['_KTHREAD']]],
+    'ConnectionData' : [ 0xa0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0xa8, ['pointer64', ['void']]],
+    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xf0, ['pointer64', ['void']]],
+    'Padding' : [ 0xf8, ['array', 8, ['unsigned char']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x58, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x38, ['pointer64', ['_ETHREAD']]],
+    'Type' : [ 0x40, ['unsigned long']],
+    'ActivityId' : [ 0x44, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x28, {
+    'NextPteToTrim' : [ 0x0, ['pointer64', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0x18, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x1c, ['unsigned long']],
+    'LockedEntries' : [ 0x20, ['unsigned long long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x50, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+    'Extended' : [ 0x49, ['unsigned char']],
+    'RankNumber' : [ 0x4a, ['unsigned short']],
+    'CardHandle' : [ 0x4c, ['unsigned short']],
+    'ModuleHandle' : [ 0x4e, ['unsigned short']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_SK_CRASH_MODULE' : [ 0x48, {
+    'ImageName' : [ 0x0, ['array', 32, ['wchar']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5c0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xf0, ['_CONTEXT']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x28, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPending' : [ 0x2a, ['unsigned char']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer64', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_HEAP_VAMGR_CTX' : [ 0x3040, {
+    'VaSpace' : [ 0x0, ['_HEAP_VAMGR_VASPACE']],
+    'AllocatorLock' : [ 0x60, ['unsigned long long']],
+    'AllocatorCount' : [ 0x68, ['unsigned long']],
+    'Allocators' : [ 0x70, ['array', 255, ['_HEAP_VAMGR_ALLOCATOR']]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DEBUG_DEVICE_DESCRIPTOR' : [ 0xf8, {
+    'Bus' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'Segment' : [ 0x8, ['unsigned short']],
+    'VendorID' : [ 0xa, ['unsigned short']],
+    'DeviceID' : [ 0xc, ['unsigned short']],
+    'BaseClass' : [ 0xe, ['unsigned char']],
+    'SubClass' : [ 0xf, ['unsigned char']],
+    'ProgIf' : [ 0x10, ['unsigned char']],
+    'Flags' : [ 0x11, ['unsigned char']],
+    'DbgHalScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgBarsMapped' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Initialized' : [ 0x12, ['unsigned char']],
+    'Configured' : [ 0x13, ['unsigned char']],
+    'BaseAddress' : [ 0x18, ['array', 6, ['DEBUG_DEVICE_ADDRESS']]],
+    'Memory' : [ 0xa8, ['DEBUG_MEMORY_REQUIREMENTS']],
+    'PortType' : [ 0xc8, ['unsigned short']],
+    'PortSubtype' : [ 0xca, ['unsigned short']],
+    'OemData' : [ 0xd0, ['pointer64', ['void']]],
+    'OemDataLength' : [ 0xd8, ['unsigned long']],
+    'NameSpace' : [ 0xdc, ['Enumeration', dict(target = 'long', choices = {0: u'KdNameSpacePCI', 1: u'KdNameSpaceACPI', 2: u'KdNameSpaceAny', 3: u'KdNameSpaceNone', 4: u'KdNameSpaceMax'})]],
+    'NameSpacePath' : [ 0xe0, ['pointer64', ['wchar']]],
+    'NameSpacePathLength' : [ 0xe8, ['unsigned long']],
+    'TransportType' : [ 0xec, ['unsigned long']],
+    'TransportData' : [ 0xf0, ['_DEBUG_TRANSPORT_DATA']],
+} ],
+  '__unnamed_2761' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2763' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2765' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_2761']],
+    'Interrupt' : [ 0x0, ['__unnamed_2763']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_2763']],
+    'Sci' : [ 0x0, ['__unnamed_2763']],
+    'Nmi' : [ 0x0, ['__unnamed_2763']],
+    'Sea' : [ 0x0, ['__unnamed_2763']],
+    'Sei' : [ 0x0, ['__unnamed_2763']],
+    'Gsiv' : [ 0x0, ['__unnamed_2763']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_2765']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
+    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x2b0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x298, ['unsigned long']],
+    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x2e0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Partition' : [ 0x2b0, ['pointer64', ['_EX_PARTITION']]],
+    'Node' : [ 0x2b8, ['pointer64', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x2c0, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x2c4, ['unsigned long']],
+    'ThreadCount' : [ 0x2c8, ['long']],
+    'MinThreads' : [ 0x2cc, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x2cc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x2d0, ['long']],
+    'QueueIndex' : [ 0x2d4, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'IoPoolUntrusted', 8: u'ExPoolMax'})]],
+    'AllThreadsExitedEvent' : [ 0x2d8, ['pointer64', ['_KEVENT']]],
+} ],
+  '_KSCB' : [ 0x1a8, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x70, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x70, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x70, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x70, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x70, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x70, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x70, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x71, ['unsigned char']],
+    'ReadySummary' : [ 0x72, ['unsigned short']],
+    'Rank' : [ 0x74, ['unsigned long']],
+    'ShareRank' : [ 0x78, ['pointer64', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x80, ['unsigned long']],
+    'ReadyListHead' : [ 0x88, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0x188, ['_RTL_RB_TREE']],
+    'Parent' : [ 0x198, ['pointer64', ['_KSCB']]],
+    'Root' : [ 0x1a0, ['pointer64', ['_KSCB']]],
+} ],
+  '__unnamed_278c' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x10, ['pointer64', ['void']]],
+    'ExceptionTableSize' : [ 0x18, ['unsigned long']],
+    'GpValue' : [ 0x20, ['pointer64', ['void']]],
+    'NonPagedDebugInfo' : [ 0x28, ['pointer64', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'u1' : [ 0x6e, ['__unnamed_278c']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x7c, ['unsigned long']],
+    'CoverageSection' : [ 0x80, ['pointer64', ['void']]],
+    'LoadedImports' : [ 0x88, ['pointer64', ['void']]],
+    'Spare' : [ 0x90, ['pointer64', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x98, ['unsigned long']],
+    'TimeDateStamp' : [ 0x9c, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long long']],
+    'TrimInProgressCount' : [ 0x8, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x10, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x28, ['array', 3, ['unsigned long']]],
+} ],
+  '_RTLP_HP_METADATA_HEAP_CTX' : [ 0x10, {
+    'Heap' : [ 0x0, ['pointer64', ['_SEGMENT_HEAP']]],
+    'InitOnce' : [ 0x8, ['_RTL_RUN_ONCE']],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'Abandoned' : [ 0x30, ['unsigned char']],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '__unnamed_279e' : [ 0x8, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 44, native_type='unsigned long long')]],
+} ],
+  '__unnamed_27a4' : [ 0x8, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'OldestWsleLeafEntries' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 14, native_type='unsigned long long')]],
+    'OldestWsleLeafAge' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 17, native_type='unsigned long long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 60, native_type='unsigned long long')]],
+} ],
+  '_MI_ACTIVE_PFN' : [ 0x8, {
+    'Leaf' : [ 0x0, ['__unnamed_279e']],
+    'PageTable' : [ 0x0, ['__unnamed_27a4']],
+    'EntireActiveField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x28, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x2c, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_HMAP_TABLE' : [ 0x3000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_27cf' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_27d1' : [ 0x20, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_27cf']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x40, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0x18, ['__unnamed_27d1']],
+    'VerifiedData' : [ 0x38, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x30, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
+    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
+    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SystemCacheAttributes' : [ 0x20, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x200, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0x80, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x90, ['unsigned long long']],
+    'PteTrackingBitmap' : [ 0x98, ['_RTL_BITMAP_EX']],
+    'CachedPteHeads' : [ 0xa8, ['pointer64', ['_MI_CACHED_PTES']]],
+    'CachedKernelStackPteHeads' : [ 0xb0, ['pointer64', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xb8, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPteInfo' : [ 0x118, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x178, ['unsigned long']],
+    'KernelStackPages' : [ 0x17c, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x17d, ['unsigned char']],
+    'AdjustCounter' : [ 0x17e, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x180, ['long']],
+    'ReservedMappingTree' : [ 0x188, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x190, ['pointer64', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x198, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x1a0, ['long']],
+    'UltraSpaceContext' : [ 0x1a8, ['_MI_ULTRA_VA_CONTEXT']],
+    'NumberOfUltraMdlMaps' : [ 0x1e8, ['unsigned long']],
+    'UltraMdlNodeMappings' : [ 0x1f0, ['pointer64', ['_MI_ULTRA_MDL_NODE']]],
+} ],
+  '__unnamed_27e6' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0x1a8, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_27e6']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'NodeInformation' : [ 0x10, ['pointer64', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x18, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x20, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x28, ['unsigned long long']],
+    'PfnUnmapWorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x50, ['unsigned long long']],
+    'PfnUnmapWaitList' : [ 0x58, ['pointer64', ['void']]],
+    'MemoryRuns' : [ 0x60, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x68, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x80, ['array', 5, ['pointer64', ['void']]]],
+    'PartitionObject' : [ 0xa8, ['pointer64', ['_EPARTITION']]],
+    'PartitionSystemThreadsLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0xc0, ['long']],
+    'PfnUnmapActive' : [ 0xc4, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0xc8, ['_KEVENT']],
+    'RootDirectory' : [ 0xe0, ['pointer64', ['void']]],
+    'KernelObjectsDirectory' : [ 0xe8, ['pointer64', ['void']]],
+    'MemoryEvents' : [ 0xf0, ['array', 11, ['pointer64', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0x148, ['array', 11, ['pointer64', ['void']]]],
+    'NonChargedSecurePages' : [ 0x1a0, ['unsigned long long']],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0xc0, {
+    'NextPageColor' : [ 0x0, ['unsigned long']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long long']],
+    'VmWorkingSetList' : [ 0x10, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 8, ['unsigned long long']]],
+    'ExitOutswapGate' : [ 0x68, ['pointer64', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x70, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x78, ['unsigned long long']],
+    'WorkingSetLeafPrivateSize' : [ 0x80, ['unsigned long long']],
+    'WorkingSetSize' : [ 0x88, ['unsigned long long']],
+    'WorkingSetPrivateSize' : [ 0x90, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0x98, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0xa0, ['unsigned long long']],
+    'HardFaultCount' : [ 0xa8, ['unsigned long']],
+    'LastTrimStamp' : [ 0xac, ['unsigned short']],
+    'PartitionId' : [ 0xae, ['unsigned short']],
+    'SelfmapLock' : [ 0xb0, ['unsigned long long']],
+    'Flags' : [ 0xb8, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x10, ['unsigned char']],
+    'BlockState' : [ 0x11, ['unsigned char']],
+    'WaitKey' : [ 0x12, ['unsigned short']],
+    'SpareLong' : [ 0x14, ['long']],
+    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
+    'Object' : [ 0x20, ['pointer64', ['void']]],
+    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x18, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0x10, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+} ],
+  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
+    'CurrentSize' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'Epoch' : [ 0x8, ['unsigned long']],
+    'Overflow' : [ 0xc, ['unsigned char']],
+    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long long']],
+    'WorkQueue' : [ 0x20, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
+    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
+    'AcceptAcpiNotification' : [ 0x70, ['pointer64', ['void']]],
+    'WorkOrderCount' : [ 0x78, ['unsigned long']],
+    'WorkOrders' : [ 0x80, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_2816' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x78, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x20, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x28, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x30, ['unsigned long long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x38, ['unsigned long long']],
+    'MdlHack' : [ 0x40, ['__unnamed_2816']],
+} ],
+  '_HAL_LBR_ENTRY' : [ 0x18, {
+    'FromAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ToAddress' : [ 0x8, ['pointer64', ['void']]],
+    'Reserved' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x30, ['pointer64', ['void']]],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'Index' : [ 0x60, ['unsigned short']],
+    'Flags' : [ 0x62, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x62, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'DbgUseDescriptorType' : [ 0x62, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'DbgDropProviderTraits' : [ 0x62, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'EnableMask' : [ 0x64, ['unsigned char']],
+    'GroupEnableMask' : [ 0x65, ['unsigned char']],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HAL_DP_REPLACE_PARAMETERS' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'TargetProcessors' : [ 0x8, ['pointer64', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+    'SpareProcessors' : [ 0x10, ['pointer64', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x28, {
+    'NextEntry' : [ 0x0, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x500, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long long']],
+    'AvailableSystemCacheVa' : [ 0x8, ['unsigned long long']],
+    'DynamicBitMapKernelStacks' : [ 0x10, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSystemPtes' : [ 0x58, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapDriverImages' : [ 0xa0, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapPagedPool' : [ 0x130, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSpecialPool' : [ 0x178, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapSystemCache' : [ 0x208, ['_MI_DYNAMIC_BITMAP']],
+    'HalPrivateVaStart' : [ 0x250, ['pointer64', ['void']]],
+    'HalPrivateVaSize' : [ 0x258, ['unsigned long long']],
+    'SystemVaAssignment' : [ 0x260, ['array', 8, ['unsigned long']]],
+    'SystemVaAssignmentHint' : [ 0x280, ['unsigned long']],
+    'TopLevelPteLockBits' : [ 0x284, ['array', 32, ['unsigned long']]],
+    'DeleteKvaLock' : [ 0x304, ['long']],
+    'WsleArrays' : [ 0x308, ['array', 8, ['pointer64', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x348, ['pointer64', ['_MI_HYPER_SPACE']]],
+    'HyperSpaceEnd' : [ 0x350, ['pointer64', ['void']]],
+    'FreeSystemCacheVa' : [ 0x358, ['_KEVENT']],
+    'SystemVaLock' : [ 0x370, ['unsigned long long']],
+    'SystemCacheViewLock' : [ 0x378, ['unsigned long long']],
+    'SystemWorkingSetList' : [ 0x380, ['array', 8, ['_MMWSL_INSTANCE']]],
+    'SelfmapLock' : [ 0x4c0, ['array', 4, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x50, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'GoodCitizenWaiting' : [ 0x4, ['long']],
+    'ReleasedCommitDebt' : [ 0x8, ['unsigned long long']],
+    'ResetPagesRepurposedCount' : [ 0x10, ['unsigned long long']],
+    'WsSwapSupport' : [ 0x18, ['pointer64', ['void']]],
+    'CommitReleaseContext' : [ 0x20, ['pointer64', ['void']]],
+    'WorkingSetCoreLock' : [ 0x28, ['long']],
+    'AccessLog' : [ 0x30, ['pointer64', ['void']]],
+    'ChargedWslePages' : [ 0x38, ['unsigned long long']],
+    'ActualWslePages' : [ 0x40, ['unsigned long long']],
+    'ShadowMapping' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_ETW_SYSTEM_LOGGER' : [ 0x2, {
+    'LoggerId' : [ 0x0, ['unsigned char']],
+    'ClockType' : [ 0x1, ['unsigned char']],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_ACPI' : [ 0x8, {
+    'ObjectName' : [ 0x0, ['pointer64', ['unsigned char']]],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PNP_REPLACE_PROCESSOR_LIST' : [ 0x18, {
+    'Affinity' : [ 0x0, ['pointer64', ['unsigned long long']]],
+    'GroupCount' : [ 0x8, ['unsigned long']],
+    'AllocatedCount' : [ 0xc, ['unsigned long']],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ApicIds' : [ 0x14, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_ULTRA_VA_CONTEXT' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ZeroMapping' : [ 0x8, ['pointer64', ['void']]],
+    'AllocationHintBit' : [ 0x10, ['unsigned long long']],
+    'Bitmap' : [ 0x18, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'ConcurrencyMaximum' : [ 0x38, ['long']],
+    'ConcurrencyCount' : [ 0x3c, ['long']],
+} ],
+  '_ETW_HW_TRACE_EXT_INTERFACE' : [ 0x18, {
+    'StartProcessorTraceOnEachCore' : [ 0x0, ['pointer64', ['void']]],
+    'StopProcessorTraceOnEachCore' : [ 0x8, ['pointer64', ['void']]],
+    'LogProcessorTraceOnCurrentCore' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_LARGE_PAGE_CANDIDATES' : [ 0x208, {
+    'Hand' : [ 0x0, ['unsigned short']],
+    'ActiveEntryCount' : [ 0x2, ['unsigned short']],
+    'Overflowed' : [ 0x4, ['unsigned char']],
+    'PageFrames' : [ 0x8, ['array', 64, ['unsigned long long']]],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x20, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CrossPartitionReferences' : [ 0x8, ['unsigned long long']],
+    'CloneCommitCount' : [ 0x10, ['unsigned long long']],
+    'u1' : [ 0x10, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0x18, ['unsigned long long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_TEST' : [ 0x8, {
+    'UniqueId' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_28a1' : [ 0x8, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_SECTION' : [ 0x40, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u1' : [ 0x28, ['__unnamed_28a1']],
+    'SizeOfSection' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_1769']],
+    'InitialPageProtection' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x3c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x48, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer64', ['void']]]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xc0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'ArgumentStatus' : [ 0x14, ['long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'Lock' : [ 0x44, ['unsigned long']],
+    'Cancel' : [ 0x48, ['unsigned char']],
+    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x58, ['_GUID']],
+    'Watchdog' : [ 0x68, ['pointer64', ['_PNP_WATCHDOG']]],
+    'Data' : [ 0x70, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_GLOBAL_APPCOMPAT_FLAGS' : [ 0x4, {
+    'SafeInputValidation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Padding' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CommitLFHSubsegments' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AllocateHeapFromEnv' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0xa0, {
+    'Timelines' : [ 0x0, ['array', 14, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+    'InputTimeline' : [ 0x48, ['_TIMELINE_BITMAP']],
+    'AudioInTimeline' : [ 0x50, ['_TIMELINE_BITMAP']],
+    'AudioOutTimeline' : [ 0x58, ['_TIMELINE_BITMAP']],
+    'DisplayRequiredTimeline' : [ 0x60, ['_TIMELINE_BITMAP']],
+    'KeyboardInputTimeline' : [ 0x68, ['_TIMELINE_BITMAP']],
+    'Durations' : [ 0x70, ['array', 5, ['_ENERGY_STATE_DURATION']]],
+    'InputDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'AudioInDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'AudioOutDuration' : [ 0x80, ['_ENERGY_STATE_DURATION']],
+    'DisplayRequiredDuration' : [ 0x88, ['_ENERGY_STATE_DURATION']],
+    'PSMBackgroundDuration' : [ 0x90, ['_ENERGY_STATE_DURATION']],
+    'KeyboardInput' : [ 0x98, ['unsigned long']],
+    'MouseInput' : [ 0x9c, ['unsigned long']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x20, ['pointer64', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x28, ['long']],
+    'Active' : [ 0x2c, ['long']],
+    'FreeWhenDone' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x118, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x10, ['unsigned long']],
+    'InDebugger' : [ 0x14, ['long']],
+    'Pfns' : [ 0x18, ['array', 32, ['pointer64', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LockState' : [ 0x0, ['pointer64', ['void']]],
+    'SessionState' : [ 0x8, ['pointer64', ['void']]],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'SessionPad' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0x138, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x40, ['unsigned long long']],
+    'TimerApc' : [ 0x48, ['_KAPC']],
+    'TimerDpc' : [ 0xa0, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Period' : [ 0xf0, ['unsigned long']],
+    'TimerFlags' : [ 0xf4, ['unsigned char']],
+    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0xf5, ['unsigned char']],
+    'Spare2' : [ 0xf6, ['unsigned short']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x128, ['unsigned long long']],
+    'CoalescingWindow' : [ 0x130, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x78, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x48, ['pointer64', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x50, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'CrashDumpPte' : [ 0x70, ['pointer64', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x20, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0x18, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x10, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x200, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x28, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x30, ['unsigned char']],
+    'PepWokenTransition' : [ 0x31, ['unsigned char']],
+    'EfficiencyClass' : [ 0x32, ['unsigned char']],
+    'SchedulingClass' : [ 0x33, ['unsigned char']],
+    'TargetIdleState' : [ 0x34, ['unsigned long']],
+    'IdlePolicy' : [ 0x38, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x40, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x48, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xdc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xe0, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0xe8, ['long']],
+    'FFHThrottleStateInfo' : [ 0xf0, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x110, ['_KDPC']],
+    'PerfActionMask' : [ 0x150, ['long']],
+    'HvIdleCheck' : [ 0x158, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x168, ['pointer64', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x170, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x178, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x180, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x188, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x190, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x198, ['pointer64', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x1a0, ['unsigned char']],
+    'HvTargetState' : [ 0x1a1, ['unsigned char']],
+    'Parked' : [ 0x1a2, ['unsigned char']],
+    'LongPriorQosPeriod' : [ 0x1a3, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x1a4, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x1a8, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x1ac, ['unsigned long']],
+    'RelativePerformance' : [ 0x1b0, ['unsigned long']],
+    'Utility' : [ 0x1b4, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x1b8, ['unsigned long']],
+    'SnapTimeLast' : [ 0x1c0, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x1c0, ['unsigned long long']],
+    'ActiveTime' : [ 0x1c8, ['unsigned long long']],
+    'TotalTime' : [ 0x1d0, ['unsigned long long']],
+    'FxDevice' : [ 0x1d8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'LastQosTranstionTsc' : [ 0x1e0, ['unsigned long long']],
+    'QosTransitionHysteresis' : [ 0x1e8, ['unsigned long long']],
+    'RequestedQosClass' : [ 0x1f0, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'ResolvedQosClass' : [ 0x1f4, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'QosEquivalencyMask' : [ 0x1f8, ['unsigned long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x340, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'CloneHeaderCount' : [ 0x18, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x20, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x38, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x50, ['unsigned long long']],
+    'AttemptForCantExtend' : [ 0x58, ['_MMPAGE_FILE_EXPANSION']],
+    'DereferenceSegmentHeader' : [ 0xb0, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x100, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x110, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0x150, ['unsigned char']],
+    'SegmentDereferenceThreadExists' : [ 0x151, ['unsigned char']],
+    'UnusedSegmentPagedPool' : [ 0x158, ['unsigned long long']],
+    'UnusedSegmentList' : [ 0x160, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0x170, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0x180, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0x190, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x1a8, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0x1b0, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0x1c8, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x1e0, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0x1f0, ['_EX_PUSH_LOCK']],
+    'PagefileExtensionWaiters' : [ 0x1f8, ['unsigned long']],
+    'PagefileExtensionRequests' : [ 0x1fc, ['unsigned long']],
+    'PagefileExtensionWaitEvent' : [ 0x200, ['_KEVENT']],
+    'SharedCharges' : [ 0x218, ['array', 7, ['_MI_CROSS_PARTITION_CHARGES']]],
+    'SharedChargesDrainEvent' : [ 0x2f8, ['pointer64', ['_KEVENT']]],
+    'ControlAreasDrainEvent' : [ 0x300, ['pointer64', ['_KEVENT']]],
+    'CloneHeaderDrainEvent' : [ 0x308, ['pointer64', ['_KEVENT']]],
+    'ProbeRundownReference' : [ 0x310, ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_BUS_HANDLER' : [ 0xb0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ConfigurationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'Cmos', 1: u'EisaConfiguration', 2: u'Pos', 3: u'CbusConfiguration', 4: u'PCIConfiguration', 5: u'VMEConfiguration', 6: u'NuBusConfiguration', 7: u'PCMCIAConfiguration', 8: u'MPIConfiguration', 9: u'MPSAConfiguration', 10: u'PNPISAConfiguration', 11: u'SgiInternalConfiguration', 12: u'MaximumBusDataType', -1: u'ConfigurationSpaceUndefined'})]],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ParentHandler' : [ 0x18, ['pointer64', ['_BUS_HANDLER']]],
+    'BusData' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceControlExtensionSize' : [ 0x28, ['unsigned long']],
+    'BusAddresses' : [ 0x30, ['pointer64', ['_SUPPORTED_RANGES']]],
+    'Reserved' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'GetBusData' : [ 0x48, ['pointer64', ['void']]],
+    'SetBusData' : [ 0x50, ['pointer64', ['void']]],
+    'AdjustResourceList' : [ 0x58, ['pointer64', ['void']]],
+    'AssignSlotResources' : [ 0x60, ['pointer64', ['void']]],
+    'TranslateBusAddress' : [ 0x68, ['pointer64', ['void']]],
+    'Spare1' : [ 0x70, ['pointer64', ['void']]],
+    'Spare2' : [ 0x78, ['pointer64', ['void']]],
+    'Spare3' : [ 0x80, ['pointer64', ['void']]],
+    'Spare4' : [ 0x88, ['pointer64', ['void']]],
+    'Spare5' : [ 0x90, ['pointer64', ['void']]],
+    'Spare6' : [ 0x98, ['pointer64', ['void']]],
+    'Spare7' : [ 0xa0, ['pointer64', ['void']]],
+    'Spare8' : [ 0xa8, ['pointer64', ['void']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x18, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_DEVICE' : [ 0x318, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DevNode' : [ 0x30, ['pointer64', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x50, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x58, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x68, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x70, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0xb0, ['pointer64', ['void']]],
+    'AcpiLink' : [ 0xb8, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0xc8, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0xd8, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0xf8, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x118, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0x150, ['unsigned long long']],
+    'IdleTimer' : [ 0x158, ['_KTIMER']],
+    'IdleDpc' : [ 0x198, ['_KDPC']],
+    'IdleTimeout' : [ 0x1d8, ['unsigned long long']],
+    'IdleStamp' : [ 0x1e0, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x1e8, ['array', 2, ['pointer64', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x1f8, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x200, ['array', 2, ['pointer64', ['void']]]],
+    'NextIrpCallerContext' : [ 0x210, ['array', 2, ['pointer64', ['void']]]],
+    'IrpCompleteEvent' : [ 0x220, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x238, ['pointer64', ['void']]],
+    'Accounting' : [ 0x240, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x2c0, ['unsigned long']],
+    'ComponentCount' : [ 0x2c4, ['unsigned long']],
+    'Components' : [ 0x2c8, ['pointer64', ['pointer64', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x2d0, ['unsigned long']],
+    'Log' : [ 0x2d8, ['pointer64', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x2e0, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x2e8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'DripsWatchdogContext' : [ 0x2f0, ['_POP_FX_DRIPS_WATCHDOG_CONTEXT']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x80, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x10, ['short']],
+    'SpecialApcDisable' : [ 0x12, ['short']],
+    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
+    'Irql' : [ 0x14, ['unsigned char']],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x8, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 59, native_type='unsigned long long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer64', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Processors' : [ 0x8, ['unsigned long']],
+    'ActiveProcessors' : [ 0xc, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_RTL_HP_SUB_ALLOCATOR_CONFIGS' : [ 0x10, {
+    'LfhConfigs' : [ 0x0, ['_RTL_HP_LFH_CONFIG']],
+    'VsConfigs' : [ 0xc, ['_RTL_HP_VS_CONFIG']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0x18, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SepCachedHandlesEntryLowbox', 1: u'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x8, ['pointer64', ['void']]],
+    'IsolationPrefix' : [ 0x8, ['_UNICODE_STRING']],
+} ],
+  '_MI_ULTRA_MDL_NODE' : [ 0x200, {
+    'UltraMdlMaps' : [ 0x0, ['array', 8, ['_MI_ALIGNED_SLIST']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0xc0, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['long']],
+} ],
+  '__unnamed_2977' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2979' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2977']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x60, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x40, ['pointer64', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x48, ['_LIST_ENTRY']],
+    'Specific' : [ 0x58, ['__unnamed_2979']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x38, ['long']],
+    'PnpDeviceCompletionQueueWatchdogLock' : [ 0x40, ['_FAST_MUTEX']],
+    'Watchdog' : [ 0x78, ['pointer64', ['_PNP_WATCHDOG']]],
+} ],
+  '_ETW_STACK_TRACE_BLOCK' : [ 0x80, {
+    'RelatedTimestamp' : [ 0x0, ['_LARGE_INTEGER']],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackWalkDpc' : [ 0x10, ['_KDPC']],
+    'ApcListHead' : [ 0x50, ['_SLIST_HEADER']],
+    'ApcEntry' : [ 0x60, ['pointer64', ['_ETW_APC_ENTRY']]],
+    'ApcEntryCount' : [ 0x68, ['unsigned long']],
+    'Flags' : [ 0x6c, ['long']],
+    'ApcCount' : [ 0x70, ['long']],
+    'MaxApcCount' : [ 0x74, ['long']],
+} ],
+  '_EVENT_FILTER_LEVEL_KW' : [ 0x18, {
+    'MatchAnyKeyword' : [ 0x0, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x8, ['unsigned long long']],
+    'Level' : [ 0x10, ['unsigned char']],
+    'FilterIn' : [ 0x11, ['unsigned char']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '__unnamed_2998' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x58, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x20, ['unsigned long long']],
+    'ActualExpansion' : [ 0x28, ['unsigned long long']],
+    'Event' : [ 0x30, ['_KEVENT']],
+    'InProgress' : [ 0x48, ['long']],
+    'u1' : [ 0x4c, ['__unnamed_2998']],
+    'ActiveEntry' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x160, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb8, ['array', 21, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MAP_REGISTER_ENTRY' : [ 0x10, {
+    'MapRegister' : [ 0x0, ['pointer64', ['void']]],
+    'WriteToDevice' : [ 0x8, ['unsigned char']],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x58, {
+    'Context' : [ 0x0, ['pointer64', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x4c, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x50, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x70, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceReasonUnknown', 1: u'RebalanceReasonRequirementsChanged', 2: u'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceFailureNone', 1: u'RebalanceFailureDisabled', 2: u'RebalanceFailureNoMemory', 3: u'RebalanceFailureQueryStopUnexpectedVeto', 4: u'RebalanceFailureNoRequirements', 5: u'RebalanceFailureNoCandidates', 6: u'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x20, ['unsigned char']],
+    'TriggerRoot' : [ 0x28, ['pointer64', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x30, ['unsigned char']],
+    'BeginTime' : [ 0x38, ['unsigned long long']],
+    'VetoNode' : [ 0x40, ['array', 2, ['pointer64', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x50, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceQueryRebalanceSucceeded', 1: u'DeviceQueryStopFailed', 2: u'DeviceFailedGetNewResourceRequirement', 3: u'DeviceInUnexpectedState', 4: u'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x58, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0x18, {
+    'BlockOffset' : [ 0x0, ['unsigned long long']],
+    'PermanentBinAddress' : [ 0x8, ['unsigned long long']],
+    'MemAlloc' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_29e6' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x118, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x58, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x68, ['array', 3, ['__unnamed_29e6']]],
+    'WakeAlarmPaused' : [ 0xb0, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb8, ['unsigned long long']],
+    'DozeDeferralStartTime' : [ 0xc0, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc8, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_WNF_LOCK' : [ 0x8, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  '_RELATION_LIST' : [ 0x10, {
+    'DeviceObjectList' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x8, ['unsigned char']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_ISR_THUNK' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x68, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x18, ['unsigned char']],
+    'ThreadPriorityStatic' : [ 0x19, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x1c, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x40, ['long']],
+    'Gate' : [ 0x48, ['_KGATE']],
+    'ThreadContext' : [ 0x60, ['pointer64', ['_MI_ZERO_THREAD_CONTEXT']]],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x40, {
+    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
+    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
+    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
+    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
+    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
+    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
+    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
+    'DripsWatchdogCallback' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x10, ['pointer64', ['void']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'SharedWaiters' : [ 0x20, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x28, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'ReservedWin64OnlyPointer' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 48, native_type='unsigned long long')]],
+} ],
+  '_WAITING_IRP' : [ 0x40, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'Information' : [ 0x30, ['unsigned long']],
+    'BreakAllRH' : [ 0x34, ['unsigned char']],
+    'OplockBreakNotify' : [ 0x35, ['unsigned char']],
+    'FileObject' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_MI_DYNAMIC_BITMAP' : [ 0x48, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'MaximumSize' : [ 0x10, ['unsigned long long']],
+    'Hint' : [ 0x18, ['unsigned long long']],
+    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
+    'SizeTopDown' : [ 0x28, ['unsigned long long']],
+    'HintTopDown' : [ 0x30, ['unsigned long long']],
+    'BaseVaTopDown' : [ 0x38, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x90, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
+    'UnscaledTime' : [ 0x30, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x38, ['long long']],
+    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
+    'UserTimeLast' : [ 0x60, ['unsigned long']],
+    'KernelTimeLast' : [ 0x64, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x68, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x70, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x78, ['unsigned long long']],
+    'StallTime' : [ 0x80, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x88, ['unsigned char']],
+    'CounterDiscardsIdleTime' : [ 0x89, ['unsigned char']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
+    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'DiscardIdleTime' : [ 0x22, ['unsigned char']],
+    'Scaling' : [ 0x23, ['unsigned char']],
+    'Context' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'Hint' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_PEB64' : [ 0x7b8, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'SharedData' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['unsigned long long']],
+    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
+    'FlsBitmap' : [ 0x338, ['unsigned long long']],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pUnused' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['LIST_ENTRY64']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['unsigned long long']]],
+    'TelemetryCoverageHeader' : [ 0x7a0, ['unsigned long long']],
+    'CloudFileFlags' : [ 0x7a8, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x7ac, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x7b0, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x7b1, ['array', 7, ['unsigned char']]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned short']],
+    'Flags' : [ 0x5a, ['unsigned char']],
+    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
+    'SiloState' : [ 0x98, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x1c8, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x30, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x50, ['unsigned long']],
+    'ClonedPageCount' : [ 0x58, ['unsigned long long']],
+    'CurrentMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x68, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x70, ['unsigned long long']],
+    'LoaderMdl' : [ 0x78, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x80, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x88, ['unsigned long long']],
+    'IoPages' : [ 0x90, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x98, ['unsigned long']],
+    'CurrentMcb' : [ 0xa0, ['pointer64', ['void']]],
+    'DumpStack' : [ 0xa8, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0xb0, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0xb8, ['unsigned long']],
+    'Status' : [ 0xbc, ['long']],
+    'GraphicsProc' : [ 0xc0, ['unsigned long']],
+    'MemoryImage' : [ 0xc8, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0xd8, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0xe0, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0xe8, ['pointer64', ['void']]],
+    'ResumeContext' : [ 0xf0, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0xf8, ['unsigned long']],
+    'SecurePages' : [ 0xfc, ['unsigned long']],
+    'ProcessorCount' : [ 0x100, ['unsigned long']],
+    'ProcessorContext' : [ 0x108, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0x110, ['pointer64', ['unsigned char']]],
+    'ProdConsSize' : [ 0x118, ['unsigned long']],
+    'MaxDataPages' : [ 0x11c, ['unsigned long']],
+    'ExtraBuffer' : [ 0x120, ['pointer64', ['void']]],
+    'ExtraBufferSize' : [ 0x128, ['unsigned long long']],
+    'ExtraMapVa' : [ 0x130, ['pointer64', ['void']]],
+    'BitlockerKeyPFN' : [ 0x138, ['unsigned long long']],
+    'IoInfo' : [ 0x140, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x1b0, ['pointer64', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x1b8, ['unsigned long long']],
+    'HardwareConfigurationSignature' : [ 0x1c0, ['unsigned long']],
+    'IumEnabled' : [ 0x1c4, ['unsigned char']],
+    'SecureBoot' : [ 0x1c5, ['unsigned char']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2a70' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_2a70']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long long']],
+    'TotalCommitLimitMaximum' : [ 0x8, ['unsigned long long']],
+    'Popups' : [ 0x10, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x18, ['unsigned long long']],
+    'HighCommitThreshold' : [ 0x20, ['unsigned long long']],
+    'EventLock' : [ 0x28, ['unsigned long long']],
+    'SystemCommitReserve' : [ 0x30, ['unsigned long long']],
+    'OverCommit' : [ 0x40, ['unsigned long long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x58, {
+    'Sibling' : [ 0x0, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
+    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
+    'Code' : [ 0x20, ['unsigned long']],
+    'Parameter1' : [ 0x28, ['unsigned long long']],
+    'Parameter2' : [ 0x30, ['unsigned long long']],
+    'Parameter3' : [ 0x38, ['unsigned long long']],
+    'Parameter4' : [ 0x40, ['unsigned long long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'StackLimitHits' : [ 0x8038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
+    'TotalReleases' : [ 0x8048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
+    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
+    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8168, ['long']],
+    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'DebuggerStackLimits', 8: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
+    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x3d8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long long']],
+    'HiberFlags' : [ 0x38, ['unsigned char']],
+    'spare' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'NoFreePages' : [ 0x48, ['unsigned long']],
+    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
+    'WakeCheck' : [ 0x50, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
+    'FirstSecureRestorePage' : [ 0x60, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x68, ['unsigned long long']],
+    'FirstKernelRestorePage' : [ 0x70, ['unsigned long long']],
+    'FirstChecksumRestorePage' : [ 0x78, ['unsigned long long']],
+    'NoChecksumEntries' : [ 0x80, ['unsigned long long']],
+    'PerfInfo' : [ 0x88, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x280, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x288, ['array', 1, ['unsigned long long']]],
+    'SpareUlong' : [ 0x290, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x294, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x298, ['array', 24, ['unsigned long long']]],
+    'NotUsed' : [ 0x358, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x35c, ['unsigned long']],
+    'ResumeContextPages' : [ 0x360, ['unsigned long']],
+    'Hiberboot' : [ 0x364, ['unsigned char']],
+    'SecureLaunched' : [ 0x365, ['unsigned char']],
+    'SecureBoot' : [ 0x366, ['unsigned char']],
+    'HvCr3' : [ 0x368, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x370, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x378, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x380, ['unsigned long long']],
+    'BootFlags' : [ 0x388, ['unsigned long long']],
+    'RestoreProcessorStateRoutine' : [ 0x390, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x398, ['unsigned long long']],
+    'BitlockerKeyPfns' : [ 0x3a0, ['array', 4, ['unsigned long long']]],
+    'HardwareSignature' : [ 0x3c0, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x3d0, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x3d4, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x3d5, ['unsigned char']],
+    'HiberResumeXhciHandoffSkip' : [ 0x3d6, ['unsigned char']],
+} ],
+  'DEBUG_MEMORY_REQUIREMENTS' : [ 0x20, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'MaxEnd' : [ 0x8, ['_LARGE_INTEGER']],
+    'VirtualAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'Cached' : [ 0x1c, ['unsigned char']],
+    'Aligned' : [ 0x1d, ['unsigned char']],
+} ],
+  'DEBUG_DEVICE_ADDRESS' : [ 0x18, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Valid' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 2, ['unsigned char']]],
+    'BitWidth' : [ 0x2, ['unsigned char']],
+    'AccessSize' : [ 0x3, ['unsigned char']],
+    'TranslatedAddress' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x50, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x8, ['long']],
+    'PrefetchSeekThreshold' : [ 0xc, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x30, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x34, ['unsigned long']],
+    'DelayPageFaults' : [ 0x38, ['long']],
+    'FileCompressionBoundary' : [ 0x3c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x40, ['unsigned char']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x90, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long long']],
+    'PfnDecayFreeSList' : [ 0x10, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x28, ['_KDPC']],
+    'PageHeatListSlist' : [ 0x70, ['_SLIST_HEADER']],
+    'PageHeatListDisableAllocation' : [ 0x80, ['long']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x8, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x150, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x108, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x20, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_PCI' : [ 0x10, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'PciSegmentNumber' : [ 0x0, ['unsigned short']],
+    'PhantomFunctionBits' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned short')]],
+    'BusRange' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DevicePathLength' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'StartBusNumber' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Bdf' : [ 0x4, ['unsigned short']],
+    'SubordinateBus' : [ 0x4, ['unsigned char']],
+    'SecondaryBus' : [ 0x5, ['unsigned char']],
+    'DevicePath' : [ 0x8, ['pointer64', ['unsigned short']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x38, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long long']]],
+    'InitialInPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x10, ['pointer64', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x18, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_PTE_TRACKER' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x28, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0x18, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0x120, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
+    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x40, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x50, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x60, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x70, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x78, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x7c, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x80, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x84, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x88, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x8c, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x90, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0xa0, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0xb0, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0xc0, ['pointer64', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0xc8, ['unsigned long']],
+    'HybridPriority' : [ 0xc8, ['unsigned long']],
+    'PageFileNumber' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'Spare0' : [ 0xcc, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0xce, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0xce, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0xcf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0xcf, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0xd0, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0xd4, ['unsigned long']],
+    'PageHash' : [ 0xd8, ['pointer64', ['unsigned long']]],
+    'FileHandle' : [ 0xe0, ['pointer64', ['void']]],
+    'Lock' : [ 0xe8, ['unsigned long long']],
+    'LockOwner' : [ 0xf0, ['pointer64', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0xf8, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x100, ['pointer64', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x108, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x20, ['long']],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned short']],
+    'Flags' : [ 0x16, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x28, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ActiveZeroSpinLock' : [ 0x10, ['long']],
+    'ActiveZeroThreadTree' : [ 0x18, ['_RTL_AVL_TREE']],
+    'NumberOfLargePageListHeads' : [ 0x20, ['unsigned long']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x30, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x20, ['unsigned long']],
+    'ModuleSize' : [ 0x24, ['unsigned long']],
+    'Offset' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_2b1a' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2b1c' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2b1a']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2b1c']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x10, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x70, {
+    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x10, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
+    'RequestSize' : [ 0x28, ['unsigned long long']],
+    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x38, ['unsigned long long']],
+    'Buffer' : [ 0x40, ['pointer64', ['void']]],
+    'AsyncCapable' : [ 0x48, ['unsigned char']],
+    'BytesToRead' : [ 0x50, ['unsigned long long']],
+    'Pages' : [ 0x58, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x60, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x68, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x58, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'AppContainerNumber' : [ 0x30, ['unsigned long']],
+    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
+    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
+    'SecurityAttributes' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x8, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 62, native_type='unsigned long long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+    'Lock' : [ 0x0, ['long long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x18, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0x10, ['pointer64', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_DMA_IOMMU_INTERFACE' : [ 0x68, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'CreateDomain' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteDomain' : [ 0x10, ['pointer64', ['void']]],
+    'AttachDevice' : [ 0x18, ['pointer64', ['void']]],
+    'DetachDevice' : [ 0x20, ['pointer64', ['void']]],
+    'ConfigureDomain' : [ 0x28, ['pointer64', ['void']]],
+    'FlushDomain' : [ 0x30, ['pointer64', ['void']]],
+    'FlushDomainByVaList' : [ 0x38, ['pointer64', ['void']]],
+    'QueryInputMappings' : [ 0x40, ['pointer64', ['void']]],
+    'MapLogicalRange' : [ 0x48, ['pointer64', ['void']]],
+    'UnmapLogicalRange' : [ 0x50, ['pointer64', ['void']]],
+    'MapIdentityRange' : [ 0x58, ['pointer64', ['void']]],
+    'UnmapIdentityRange' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['unsigned long long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Pattern' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2b86' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_2b86']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '__unnamed_2b98' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_2b9b' : [ 0x8, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x88, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x40, ['__unnamed_2b98']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u4' : [ 0x78, ['__unnamed_2b9b']],
+    'FileObject' : [ 0x80, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_CMSI_PROCESS_TUPLE' : [ 0x10, {
+    'ProcessHandle' : [ 0x0, ['pointer64', ['void']]],
+    'ProcessReference' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HEAP_FAILURE_INFORMATION' : [ 0x6d0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'StructureSize' : [ 0x4, ['unsigned long']],
+    'FailureType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'heap_failure_internal', 1: u'heap_failure_unknown', 2: u'heap_failure_generic', 3: u'heap_failure_entry_corruption', 4: u'heap_failure_multiple_entries_corruption', 5: u'heap_failure_virtual_block_corruption', 6: u'heap_failure_buffer_overrun', 7: u'heap_failure_buffer_underrun', 8: u'heap_failure_block_not_busy', 9: u'heap_failure_invalid_argument', 10: u'heap_failure_invalid_allocation_type', 11: u'heap_failure_usage_after_free', 12: u'heap_failure_cross_heap_operation', 13: u'heap_failure_freelists_corruption', 14: u'heap_failure_listentry_corruption', 15: u'heap_failure_lfh_bitmap_mismatch', 16: u'heap_failure_segment_lfh_bitmap_corruption', 17: u'heap_failure_segment_lfh_double_free', 18: u'heap_failure_vs_subsegment_corruption', 19: u'heap_failure_null_heap'})]],
+    'HeapAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Address' : [ 0x18, ['pointer64', ['void']]],
+    'Param1' : [ 0x20, ['pointer64', ['void']]],
+    'Param2' : [ 0x28, ['pointer64', ['void']]],
+    'Param3' : [ 0x30, ['pointer64', ['void']]],
+    'PreviousBlock' : [ 0x38, ['pointer64', ['void']]],
+    'NextBlock' : [ 0x40, ['pointer64', ['void']]],
+    'ExpectedDecodedEntry' : [ 0x48, ['_FAKE_HEAP_ENTRY']],
+    'StackTrace' : [ 0x58, ['array', 32, ['pointer64', ['void']]]],
+    'HeapMajorVersion' : [ 0x158, ['unsigned char']],
+    'HeapMinorVersion' : [ 0x159, ['unsigned char']],
+    'ExceptionRecord' : [ 0x160, ['_EXCEPTION_RECORD']],
+    'ContextRecord' : [ 0x200, ['_CONTEXT']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x88, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
+    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
+    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsFlags' : [ 0x50, ['unsigned long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x120, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ChpeImage' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x90, ['pointer64', ['void']]],
+    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0xb0, ['pointer64', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
+    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
+    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0xf8, ['unsigned long long']],
+    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
+    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', 7: u'LoadReasonEnclavePrimary', 8: u'LoadReasonEnclaveDependency', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
+    'ReferenceCount' : [ 0x114, ['unsigned long']],
+    'DependentLoadFlags' : [ 0x118, ['unsigned long']],
+    'SigningLevel' : [ 0x11c, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x18, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2bcd' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2bcf' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_2bd1' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_2bcd']],
+    'e2' : [ 0x0, ['__unnamed_2bcf']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_2bd1']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x2c0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x58, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0xb0, ['unsigned long long']],
+    'NumberOfMappedMdlsInUse' : [ 0xb8, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0xbc, ['unsigned long']],
+    'MappedFileHeader' : [ 0xc0, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0xe8, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0xe9, ['unsigned char']],
+    'ModwriterActive' : [ 0xea, ['unsigned char']],
+    'TransitionInserted' : [ 0xeb, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0xec, ['long']],
+    'LastMappedWriteError' : [ 0xf0, ['long']],
+    'MappedFileWriteSucceeded' : [ 0xf4, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0xf8, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xfc, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0x100, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0x118, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0x120, ['unsigned long long']],
+    'ModifiedPageWriterEvent' : [ 0x128, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0x140, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0x158, ['long']],
+    'WriteAllMappedPages' : [ 0x15c, ['long']],
+    'MappedPageWriterEvent' : [ 0x160, ['_KEVENT']],
+    'ModWriteData' : [ 0x178, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x1b8, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x1d0, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x1f8, ['pointer64', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x200, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x208, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x228, ['unsigned long']],
+    'ClusterRestrictionLock' : [ 0x22c, ['long']],
+    'ClusterRestrictions' : [ 0x230, ['array', 2, ['_MI_RESTRICTED_MODWRITES']]],
+    'NotifyStoreMemoryConditions' : [ 0x238, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x250, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x254, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x258, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x260, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x280, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x288, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x2a8, ['long']],
+    'WorkingSetSwapLock' : [ 0x2b0, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x2b8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer64', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x10, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x8, ['long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_HAL_INTEL_ENLIGHTENMENT_INFORMATION' : [ 0x1e0, {
+    'Enlightenments' : [ 0x0, ['unsigned long']],
+    'HypervisorConnected' : [ 0x4, ['unsigned long']],
+    'EndOfInterrupt' : [ 0x8, ['pointer64', ['void']]],
+    'ApicWriteIcr' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved0' : [ 0x18, ['unsigned long']],
+    'SpinCountMask' : [ 0x1c, ['unsigned long']],
+    'LongSpinWait' : [ 0x20, ['pointer64', ['void']]],
+    'GetReferenceTime' : [ 0x28, ['pointer64', ['void']]],
+    'SetSystemSleepProperty' : [ 0x30, ['pointer64', ['void']]],
+    'EnterSleepState' : [ 0x38, ['pointer64', ['void']]],
+    'NotifyDebugDeviceAvailable' : [ 0x40, ['pointer64', ['void']]],
+    'MapDeviceInterrupt' : [ 0x48, ['pointer64', ['void']]],
+    'UnmapDeviceInterrupt' : [ 0x50, ['pointer64', ['void']]],
+    'RetargetDeviceInterrupt' : [ 0x58, ['pointer64', ['void']]],
+    'SetHpetConfig' : [ 0x60, ['pointer64', ['void']]],
+    'NotifyHpetEnabled' : [ 0x68, ['pointer64', ['void']]],
+    'QueryAssociatedProcessors' : [ 0x70, ['pointer64', ['void']]],
+    'ReadMultipleMsr' : [ 0x78, ['pointer64', ['void']]],
+    'WriteMultipleMsr' : [ 0x80, ['pointer64', ['void']]],
+    'ReadCpuid' : [ 0x88, ['pointer64', ['void']]],
+    'LpWritebackInvalidate' : [ 0x90, ['pointer64', ['void']]],
+    'GetMachineCheckContext' : [ 0x98, ['pointer64', ['void']]],
+    'SuspendPartition' : [ 0xa0, ['pointer64', ['void']]],
+    'ResumePartition' : [ 0xa8, ['pointer64', ['void']]],
+    'SetSystemMachineCheckProperty' : [ 0xb0, ['pointer64', ['void']]],
+    'WheaErrorNotification' : [ 0xb8, ['pointer64', ['void']]],
+    'GetProcessorIndexFromVpIndex' : [ 0xc0, ['pointer64', ['void']]],
+    'SyntheticClusterIpi' : [ 0xc8, ['pointer64', ['void']]],
+    'VpStartEnabled' : [ 0xd0, ['pointer64', ['void']]],
+    'StartVirtualProcessor' : [ 0xd8, ['pointer64', ['void']]],
+    'GetVpIndexFromApicId' : [ 0xe0, ['pointer64', ['void']]],
+    'IumAccessPciDevice' : [ 0xe8, ['pointer64', ['void']]],
+    'IumEfiRuntimeService' : [ 0xf0, ['pointer64', ['void']]],
+    'SvmGetSystemCapabilities' : [ 0xf8, ['pointer64', ['void']]],
+    'SvmGetDeviceCapabilities' : [ 0x100, ['pointer64', ['void']]],
+    'SvmCreatePasidSpace' : [ 0x108, ['pointer64', ['void']]],
+    'SvmSetPasidAddressSpace' : [ 0x110, ['pointer64', ['void']]],
+    'SvmFlushPasid' : [ 0x118, ['pointer64', ['void']]],
+    'SvmAttachPasidSpace' : [ 0x120, ['pointer64', ['void']]],
+    'SvmDetachPasidSpace' : [ 0x128, ['pointer64', ['void']]],
+    'SvmEnablePasid' : [ 0x130, ['pointer64', ['void']]],
+    'SvmDisablePasid' : [ 0x138, ['pointer64', ['void']]],
+    'SvmAcknowledgePageRequest' : [ 0x140, ['pointer64', ['void']]],
+    'SvmCreatePrQueue' : [ 0x148, ['pointer64', ['void']]],
+    'SvmDeletePrQueue' : [ 0x150, ['pointer64', ['void']]],
+    'SvmClearPrqStalled' : [ 0x158, ['pointer64', ['void']]],
+    'SvmSetDeviceEnabled' : [ 0x160, ['pointer64', ['void']]],
+    'HvDebuggerPowerHandler' : [ 0x168, ['pointer64', ['void']]],
+    'SetQpcBias' : [ 0x170, ['pointer64', ['void']]],
+    'GetQpcBias' : [ 0x178, ['pointer64', ['void']]],
+    'RegisterDeviceId' : [ 0x180, ['pointer64', ['void']]],
+    'UnregisterDeviceId' : [ 0x188, ['pointer64', ['void']]],
+    'AllocateDeviceDomain' : [ 0x190, ['pointer64', ['void']]],
+    'AttachDeviceDomain' : [ 0x198, ['pointer64', ['void']]],
+    'DetachDeviceDomain' : [ 0x1a0, ['pointer64', ['void']]],
+    'DeleteDeviceDomain' : [ 0x1a8, ['pointer64', ['void']]],
+    'MapDeviceLogicalRange' : [ 0x1b0, ['pointer64', ['void']]],
+    'UnmapDeviceLogicalRange' : [ 0x1b8, ['pointer64', ['void']]],
+    'MapDeviceSparsePages' : [ 0x1c0, ['pointer64', ['void']]],
+    'UnmapDeviceSparsePages' : [ 0x1c8, ['pointer64', ['void']]],
+    'GetDmaGuardEnabled' : [ 0x1d0, ['pointer64', ['void']]],
+    'UpdateMicrocode' : [ 0x1d8, ['pointer64', ['void']]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x80, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned char']],
+    'DripsRequiredState' : [ 0xc, ['unsigned long']],
+    'Level' : [ 0x10, ['long']],
+    'ActiveStamp' : [ 0x18, ['long long']],
+    'CsActiveTime' : [ 0x20, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x28, ['long long']],
+    'CriticalActiveTimeBuckets' : [ 0x30, ['array', 5, ['unsigned long long']]],
+    'CsActiveTimeBuckets' : [ 0x58, ['array', 5, ['unsigned long long']]],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_DOMAIN_CONFIGURATION' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DomainConfigurationArm64', 1: u'DomainConfigurationInvalid'})]],
+    'Arm64' : [ 0x8, ['_DOMAIN_CONFIGURATION_ARM64']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+} ],
+  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
+    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
+    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'SizeOfTable' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x48, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer64', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MI_FREE_LARGE_PAGE_LIST' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_RFG_PROTECTED_STACK' : [ 0x18, {
+    'ControlStackBase' : [ 0x0, ['pointer64', ['void']]],
+    'ControlStackVad' : [ 0x8, ['pointer64', ['_MMVAD_SHORT']]],
+    'OwnerThread' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x150, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x60, ['long']],
+    'ActiveEvent' : [ 0x68, ['_KEVENT']],
+    'IdleLock' : [ 0x80, ['unsigned long long']],
+    'IdleConditionComplete' : [ 0x88, ['long']],
+    'IdleStateComplete' : [ 0x8c, ['long']],
+    'IdleStamp' : [ 0x90, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x98, ['unsigned long']],
+    'IdleStateCount' : [ 0x9c, ['unsigned long']],
+    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
+    'ProviderCount' : [ 0xac, ['unsigned long']],
+    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
+    'DependentCount' : [ 0xbc, ['unsigned long']],
+    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0x148, ['pointer64', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_DYNAMIC_FUNCTION_TABLE' : [ 0x70, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
+    'MinimumAddress' : [ 0x20, ['unsigned long long']],
+    'MaximumAddress' : [ 0x28, ['unsigned long long']],
+    'BaseAddress' : [ 0x30, ['unsigned long long']],
+    'Callback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['wchar']]],
+    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'RF_SORTED', 1: u'RF_UNSORTED', 2: u'RF_CALLBACK', 3: u'RF_KERNEL_DYNAMIC'})]],
+    'EntryCount' : [ 0x54, ['unsigned long']],
+    'TreeNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x20, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '__unnamed_2cca' : [ 0x10, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Arm' : [ 0x0, ['_ARM_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0x160, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OsLoaderSecurityVersion' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'EarlyLaunchListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'CoreDriverListHead' : [ 0x50, ['_LIST_ENTRY']],
+    'CoreExtensionsDriverListHead' : [ 0x60, ['_LIST_ENTRY']],
+    'TpmCoreDriverListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x80, ['unsigned long long']],
+    'Prcb' : [ 0x88, ['unsigned long long']],
+    'Process' : [ 0x90, ['unsigned long long']],
+    'Thread' : [ 0x98, ['unsigned long long']],
+    'KernelStackSize' : [ 0xa0, ['unsigned long']],
+    'RegistryLength' : [ 0xa4, ['unsigned long']],
+    'RegistryBase' : [ 0xa8, ['pointer64', ['void']]],
+    'ConfigurationRoot' : [ 0xb0, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0xb8, ['pointer64', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'NtBootPathName' : [ 0xc8, ['pointer64', ['unsigned char']]],
+    'NtHalPathName' : [ 0xd0, ['pointer64', ['unsigned char']]],
+    'LoadOptions' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'NlsData' : [ 0xe0, ['pointer64', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0xe8, ['pointer64', ['_ARC_DISK_INFORMATION']]],
+    'Extension' : [ 0xf0, ['pointer64', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0xf8, ['__unnamed_2cca']],
+    'FirmwareInformation' : [ 0x108, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+    'OsBootstatPathName' : [ 0x148, ['pointer64', ['unsigned char']]],
+    'ArcOSDataDeviceName' : [ 0x150, ['pointer64', ['unsigned char']]],
+    'ArcWindowsSysPartName' : [ 0x158, ['pointer64', ['unsigned char']]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2cd2' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_2cd2']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x10, ['unsigned char']],
+    'Disowned' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0x12, ['unsigned char']],
+    'IsWaiting' : [ 0x13, ['unsigned char']],
+    'LockAddress' : [ 0x18, ['pointer64', ['void']]],
+    'ThreadAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SublistHead' : [ 0x28, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0x148, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long long']],
+    'NonPagedPoolSListMaximum' : [ 0x8, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x18, ['unsigned long long']],
+    'BadPoolHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x28, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x2c, ['unsigned char']],
+    'PoolFailures' : [ 0x30, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x54, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x80, ['unsigned long long']],
+    'HighPagedPoolThreshold' : [ 0x88, ['unsigned long long']],
+    'PagedPoolSListMaximum' : [ 0x90, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x94, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0xa8, ['unsigned long long']],
+    'SpecialPoolRejected' : [ 0xb0, ['array', 6, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0xc8, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0xd0, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0xd4, ['unsigned long']],
+    'PermittedFaultsLock' : [ 0xd8, ['long']],
+    'PermittedFaultsTree' : [ 0xe0, ['_RTL_AVL_TREE']],
+    'PermittedFaultsInitialNode' : [ 0xe8, ['array', 2, ['_MI_ACCESS_VIOLATION_RANGE']]],
+    'TotalPagedPoolQuota' : [ 0x138, ['unsigned long long']],
+    'TotalNonPagedPoolQuota' : [ 0x140, ['unsigned long long']],
+} ],
+  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
+    'BeginAddress' : [ 0x0, ['unsigned long']],
+    'EndAddress' : [ 0x4, ['unsigned long']],
+    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
+    'UnwindData' : [ 0x8, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'ConnectLock' : [ 0x8, ['_KEVENT']],
+    'LineMasked' : [ 0x20, ['unsigned char']],
+    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0x18, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x8, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '__unnamed_2cef' : [ 0x4, {
+    'PageAlignLargeAllocs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_RTL_HP_VS_CONFIG' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_2cef']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0x138, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaLastRangeIndex' : [ 0x4, ['unsigned long']],
+    'NumaTableCaptured' : [ 0x8, ['unsigned char']],
+    'NodeShift' : [ 0x9, ['unsigned char']],
+    'ChannelShift' : [ 0xa, ['unsigned char']],
+    'NodeGraph' : [ 0x10, ['pointer64', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x18, ['pointer64', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaMemoryRanges' : [ 0x20, ['pointer64', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x28, ['pointer64', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'SecondLevelCacheSize' : [ 0x30, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x34, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x38, ['unsigned long']],
+    'TotalPagesAllowed' : [ 0x40, ['unsigned long long']],
+    'SecondaryColorMask' : [ 0x48, ['unsigned long']],
+    'SecondaryColors' : [ 0x4c, ['unsigned long']],
+    'LargePageColors' : [ 0x50, ['array', 3, ['unsigned long']]],
+    'FlushTbForAttributeChange' : [ 0x5c, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x60, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x64, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x68, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x70, ['unsigned long long']],
+    'OptimalZeroingAttribute' : [ 0x78, ['array', 4, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'MiNonCached', 1: u'MiCached', 2: u'MiWriteCombined', 3: u'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0xb8, ['unsigned char']],
+    'ZeroCostCounts' : [ 0xc0, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'PrimaryPfns' : [ 0xe0, ['unsigned long long']],
+    'HighestPossiblePhysicalPage' : [ 0xe8, ['unsigned long long']],
+    'EnclaveRegions' : [ 0xf0, ['_RTL_AVL_TREE']],
+    'EnclaveMetadataPage' : [ 0xf8, ['pointer64', ['void']]],
+    'EnclaveMetadataBitMap' : [ 0x100, ['pointer64', ['_RTL_BITMAP']]],
+    'EnclaveMetadataEntryLock' : [ 0x108, ['_EX_PUSH_LOCK']],
+    'EnclaveMetadataPageLock' : [ 0x110, ['long']],
+    'VsmKernelPageCount' : [ 0x118, ['unsigned long long']],
+    'ColorCount' : [ 0x120, ['array', 3, ['unsigned long long']]],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x28, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0x18, ['unsigned char']],
+    'BlocksDrips' : [ 0x19, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x1c, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x20, ['pointer64', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_EX_PARTITION' : [ 0x20, {
+    'PartitionObject' : [ 0x0, ['pointer64', ['_EPARTITION']]],
+    'WorkQueues' : [ 0x8, ['pointer64', ['pointer64', ['pointer64', ['_EX_WORK_QUEUE']]]]],
+    'WorkQueueManagers' : [ 0x10, ['pointer64', ['pointer64', ['_EX_WORK_QUEUE_MANAGER']]]],
+    'QueueAllocationMask' : [ 0x18, ['long']],
+} ],
+  '__unnamed_2d10' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2d10']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x118, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x100, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x108, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x110, ['unsigned long long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xc8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x38, ['unsigned long long']],
+    'ProbeRaises' : [ 0x40, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x84, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x8c, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x90, ['unsigned long']],
+    'CheckZeroCount' : [ 0x94, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x98, ['long']],
+    'BadPagesDetected' : [ 0x9c, ['long']],
+    'ScrubPasses' : [ 0xa0, ['long']],
+    'ScrubBadPagesFound' : [ 0xa4, ['long']],
+    'UserViewFailures' : [ 0xa8, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0xac, ['unsigned long']],
+    'UserAllocateFailures' : [ 0xb0, ['unsigned long']],
+    'UserAllocateCollisionFailures' : [ 0xb4, ['unsigned long']],
+    'ResavailFailures' : [ 0xb8, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xc0, ['unsigned char']],
+    'InitFailure' : [ 0xc1, ['unsigned char']],
+    'StopBadMaps' : [ 0xc2, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x2b8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0xc0, ['unsigned long long']],
+    'ProcessorCount' : [ 0xc8, ['unsigned long']],
+    'EfficiencyClass' : [ 0xcc, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0xcd, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0xce, ['unsigned char']],
+    'Spare' : [ 0xcf, ['unsigned char']],
+    'Processors' : [ 0xd0, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0xd8, ['pointer64', ['void']]],
+    'TimeWindowHandler' : [ 0xe0, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0xe8, ['pointer64', ['void']]],
+    'BoostModeHandler' : [ 0xf0, ['pointer64', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0xf8, ['pointer64', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x100, ['pointer64', ['void']]],
+    'AutonomousModeHandler' : [ 0x108, ['pointer64', ['void']]],
+    'ReinitializeHandler' : [ 0x110, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x118, ['pointer64', ['void']]],
+    'PerfControlHandler' : [ 0x120, ['pointer64', ['void']]],
+    'DomainPerfControlHandler' : [ 0x128, ['pointer64', ['void']]],
+    'MaxFrequency' : [ 0x130, ['unsigned long']],
+    'NominalFrequency' : [ 0x134, ['unsigned long']],
+    'MaxPercent' : [ 0x138, ['unsigned long']],
+    'MinPerfPercent' : [ 0x13c, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x140, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x148, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x150, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x158, ['unsigned char']],
+    'Coordination' : [ 0x159, ['unsigned char']],
+    'HardPlatformCap' : [ 0x15a, ['unsigned char']],
+    'AffinitizeControl' : [ 0x15b, ['unsigned char']],
+    'EfficientThrottle' : [ 0x15c, ['unsigned char']],
+    'AllowSchedulerDirectedPerfStates' : [ 0x15d, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x15e, ['unsigned char']],
+    'AutonomousMode' : [ 0x15f, ['unsigned char']],
+    'ProvideGuidance' : [ 0x160, ['unsigned char']],
+    'DesiredPercent' : [ 0x164, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x168, ['unsigned long']],
+    'QosPolicies' : [ 0x16c, ['array', 4, ['_PROC_PERF_QOS_CLASS_POLICY']]],
+    'QosDisableReasons' : [ 0x1dc, ['array', 4, ['unsigned long']]],
+    'QosEquivalencyMasks' : [ 0x1ec, ['array', 4, ['unsigned long']]],
+    'QosSupported' : [ 0x1fc, ['unsigned char']],
+    'SelectionGeneration' : [ 0x200, ['unsigned long']],
+    'QosSelection' : [ 0x208, ['array', 4, ['_PERF_CONTROL_STATE_SELECTION']]],
+    'PerfChangeTime' : [ 0x2a8, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x2b0, ['unsigned long']],
+    'Force' : [ 0x2b4, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0xa8, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x8, ['unsigned long long']],
+    'DummyPagePfn' : [ 0x10, ['pointer64', ['_MMPFN']]],
+    'DummyPage' : [ 0x18, ['unsigned long long']],
+    'PageOfZeroes' : [ 0x20, ['unsigned long long']],
+    'ZeroMapping' : [ 0x28, ['pointer64', ['void']]],
+    'OnesMapping' : [ 0x30, ['pointer64', ['void']]],
+    'ZeroCrc' : [ 0x38, ['unsigned long long']],
+    'OnesCrc' : [ 0x40, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x48, ['array', 4, ['unsigned long long']]],
+    'PfnGapFrames' : [ 0x68, ['array', 4, ['unsigned long long']]],
+    'PageTableOfZeroes' : [ 0x88, ['unsigned long long']],
+    'PdeOfZeroes' : [ 0x90, ['_MMPTE']],
+    'PageTableOfOnes' : [ 0x98, ['unsigned long long']],
+    'PdeOfOnes' : [ 0xa0, ['_MMPTE']],
+} ],
+  '_HAL_HV_DMA_DOMAIN_INFO' : [ 0x8, {
+    'DomainId' : [ 0x0, ['unsigned long']],
+    'IsStage1' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x10, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+} ],
+  '_SUPPORTED_RANGES' : [ 0xc0, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Sorted' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'NoIO' : [ 0x4, ['unsigned long']],
+    'IO' : [ 0x8, ['_SUPPORTED_RANGE']],
+    'NoMemory' : [ 0x30, ['unsigned long']],
+    'Memory' : [ 0x38, ['_SUPPORTED_RANGE']],
+    'NoPrefetchMemory' : [ 0x60, ['unsigned long']],
+    'PrefetchMemory' : [ 0x68, ['_SUPPORTED_RANGE']],
+    'NoDma' : [ 0x90, ['unsigned long']],
+    'Dma' : [ 0x98, ['_SUPPORTED_RANGE']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DEVICE_OBJECT_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'TagCount' : [ 0x8, ['unsigned long']],
+    'OperationCode' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+    'Devices' : [ 0x10, ['array', 1, ['_DEVICE_OBJECT_LIST_ENTRY']]],
+} ],
+  '_DEBUG_TRANSPORT_DATA' : [ 0x8, {
+    'HwContextSize' : [ 0x0, ['unsigned long']],
+    'UseSerialFraming' : [ 0x4, ['unsigned char']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_HAL_HV_SVM_DEVICE_CAPABILITIES' : [ 0xc, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PciExecute' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 31, native_type='unsigned long')]],
+    'OverflowPossible' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'PasidCount' : [ 0x4, ['unsigned long']],
+    'IommuIndex' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Lock' : [ 0x20, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x38, ['pointer64', ['void']]],
+    'Enabled' : [ 0x40, ['unsigned char']],
+    'ActiveEngaged' : [ 0x41, ['unsigned char']],
+    'ThrottleLimit' : [ 0x42, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x43, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x48, ['pointer64', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Interface' : [ 0x58, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '__unnamed_2d53' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x8, ['__unnamed_2d53']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x10, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+    'PoolTagHash' : [ 0xa, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x144, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+    'UserPresencePredictionEnabled' : [ 0x140, ['unsigned long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_2d66' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_2d66']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_HAL_IOMMU_DISPATCH' : [ 0x98, {
+    'HalIommuSupportEnabled' : [ 0x0, ['pointer64', ['void']]],
+    'HalIommuGetConfiguration' : [ 0x8, ['pointer64', ['void']]],
+    'HalIommuGetLibraryContext' : [ 0x10, ['pointer64', ['void']]],
+    'HalIommuMapDevice' : [ 0x18, ['pointer64', ['void']]],
+    'HalIommuEnableDevicePasid' : [ 0x20, ['pointer64', ['void']]],
+    'HalIommuSetAddressSpace' : [ 0x28, ['pointer64', ['void']]],
+    'HalIommuDisableDevicePasid' : [ 0x30, ['pointer64', ['void']]],
+    'HalIommuUnmapDevice' : [ 0x38, ['pointer64', ['void']]],
+    'HalIommuFreeLibraryContext' : [ 0x40, ['pointer64', ['void']]],
+    'HalIommuFlushTb' : [ 0x48, ['pointer64', ['void']]],
+    'HalIommuFlushAllPasid' : [ 0x50, ['pointer64', ['void']]],
+    'HalIommuProcessPageRequestQueue' : [ 0x58, ['pointer64', ['void']]],
+    'HalIommuFaultRoutine' : [ 0x60, ['pointer64', ['void']]],
+    'HalIommuReferenceAsid' : [ 0x68, ['pointer64', ['void']]],
+    'HalIommuDereferenceAsid' : [ 0x70, ['pointer64', ['void']]],
+    'HalIommuServicePageFault' : [ 0x78, ['pointer64', ['void']]],
+    'HalIommuDevicePowerChange' : [ 0x80, ['pointer64', ['void']]],
+    'HalIommuBeginDeviceReset' : [ 0x88, ['pointer64', ['void']]],
+    'HalIommuFinalizeDeviceReset' : [ 0x90, ['pointer64', ['void']]],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0xb0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Timer' : [ 0x10, ['_KTIMER']],
+    'Dpc' : [ 0x50, ['_KDPC']],
+    'WorkOrder' : [ 0x90, ['pointer64', ['_POP_FX_WORK_ORDER']]],
+    'CurrentWorkInfo' : [ 0x98, ['pointer64', ['_PEP_WORK_INFORMATION']]],
+    'WatchdogStart' : [ 0xa0, ['unsigned long long']],
+    'WorkerThread' : [ 0xa8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '__unnamed_2d97' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_2d97']],
+} ],
+  '__unnamed_2d9b' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2d9f' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2da1' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2da3' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2da5' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_2da7' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2da9' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2dab' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2dad' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2daf' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2db1' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2db3' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_2d9b']],
+    'Memory' : [ 0x0, ['__unnamed_2d9b']],
+    'Interrupt' : [ 0x0, ['__unnamed_2d9f']],
+    'Dma' : [ 0x0, ['__unnamed_2da1']],
+    'DmaV3' : [ 0x0, ['__unnamed_2da3']],
+    'Generic' : [ 0x0, ['__unnamed_2d9b']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2da5']],
+    'BusNumber' : [ 0x0, ['__unnamed_2da7']],
+    'ConfigData' : [ 0x0, ['__unnamed_2da9']],
+    'Memory40' : [ 0x0, ['__unnamed_2dab']],
+    'Memory48' : [ 0x0, ['__unnamed_2dad']],
+    'Memory64' : [ 0x0, ['__unnamed_2daf']],
+    'Connection' : [ 0x0, ['__unnamed_2db1']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_2db3']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x50, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
+    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x30, ['unsigned short']],
+    'ReplyIndex' : [ 0x32, ['unsigned short']],
+    'Flags' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x60, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '__unnamed_2dd0' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_2dd2' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_2dd0']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_2dd2']],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '__unnamed_2ddc' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x108, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_2ddc']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
+    'ByteCount' : [ 0x88, ['unsigned long']],
+    'ChargedPages' : [ 0x8c, ['unsigned long']],
+    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'Partition' : [ 0xc0, ['pointer64', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xd0, ['_MDL']],
+    'Page' : [ 0x100, ['array', 1, ['unsigned long long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x20, ['unsigned char']],
+    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
+    'OplockState' : [ 0x90, ['unsigned long']],
+    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
+} ],
+  '_HAL_HV_SVM_SYSTEM_CAPABILITIES' : [ 0x18, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GpaAlwaysValid' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MaxPasidSpaceCount' : [ 0x4, ['unsigned long']],
+    'MaxPasidSpacePasidCount' : [ 0x8, ['unsigned long']],
+    'MaxPrqSize' : [ 0xc, ['unsigned long']],
+    'IommuCount' : [ 0x10, ['unsigned long']],
+    'MinIommuPasidCount' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2de7' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2de8' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2de7']],
+    'Merged' : [ 0x10, ['__unnamed_2de8']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2dec' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2dee' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2df0' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2df2' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_2df0']],
+    'Translated' : [ 0x0, ['__unnamed_2dee']],
+} ],
+  '__unnamed_2df4' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2df6' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_2df8' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2dfa' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2dfc' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2dfe' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2e00' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2e02' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_2dec']],
+    'Port' : [ 0x0, ['__unnamed_2dec']],
+    'Interrupt' : [ 0x0, ['__unnamed_2dee']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2df2']],
+    'Memory' : [ 0x0, ['__unnamed_2dec']],
+    'Dma' : [ 0x0, ['__unnamed_2df4']],
+    'DmaV3' : [ 0x0, ['__unnamed_2df6']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2da5']],
+    'BusNumber' : [ 0x0, ['__unnamed_2df8']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_2dfa']],
+    'Memory40' : [ 0x0, ['__unnamed_2dfc']],
+    'Memory48' : [ 0x0, ['__unnamed_2dfe']],
+    'Memory64' : [ 0x0, ['__unnamed_2e00']],
+    'Connection' : [ 0x0, ['__unnamed_2db1']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2e02']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0xc40, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x40, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x50, ['pointer64', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x58, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x90, ['unsigned long long']],
+    'SizeOfPagedPoolInPages' : [ 0x98, ['unsigned long long']],
+    'SystemPteInfo' : [ 0xa0, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0x100, ['unsigned long long']],
+    'SmallNonPagedPtesCommit' : [ 0x108, ['unsigned long long']],
+    'BootCommit' : [ 0x110, ['unsigned long long']],
+    'MdlPagesAllocated' : [ 0x118, ['unsigned long long']],
+    'SystemPageTableCommit' : [ 0x120, ['unsigned long long']],
+    'SpecialPagesInUse' : [ 0x128, ['unsigned long long']],
+    'ProcessCommit' : [ 0x130, ['unsigned long long']],
+    'DriverCommit' : [ 0x138, ['long']],
+    'PfnDatabaseCommit' : [ 0x140, ['unsigned long long']],
+    'SystemWs' : [ 0x180, ['array', 6, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x800, ['_MMSUPPORT_SHARED']],
+    'AggregateSystemWs' : [ 0x880, ['array', 1, ['_MMSUPPORT_AGGREGATION']]],
+    'MapCacheFailures' : [ 0x8a0, ['unsigned long']],
+    'PagefileHashPages' : [ 0x8a8, ['unsigned long long']],
+    'PteHeader' : [ 0x8b0, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x9c8, ['pointer64', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x9d0, ['array', 16, ['unsigned long long']]],
+    'SystemVaType' : [ 0xa50, ['array', 256, ['unsigned char']]],
+    'SystemVaRegions' : [ 0xb50, ['array', 14, ['_MI_SYSTEM_VA_ASSIGNMENT']]],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xf0, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+    'Xcr0' : [ 0xd8, ['unsigned long long']],
+    'MsrFsBase' : [ 0xe0, ['unsigned long long']],
+    'SpecialPadding0' : [ 0xe8, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x48, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x90, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x38, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long']],
+    'LargeViews' : [ 0x6c, ['unsigned long']],
+    'ProtosNode' : [ 0x70, ['_MI_PROTOTYPE_PTES_NODE']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x118, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastPerfCheckSnap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xb8, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x108, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x10c, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x110, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x112, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x113, ['unsigned char']],
+} ],
+  '_MI_HARD_FAULT_STATE' : [ 0x10, {
+    'SwapPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'StoreFlags' : [ 0x8, ['_MI_STORE_INPAGE_COMPLETE_FLAGS']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_PEB32' : [ 0x470, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'SharedData' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['unsigned long']],
+    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
+    'FlsBitmap' : [ 0x218, ['unsigned long']],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pUnused' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['LIST_ENTRY32']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['unsigned long']]],
+    'TelemetryCoverageHeader' : [ 0x45c, ['unsigned long']],
+    'CloudFileFlags' : [ 0x460, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x464, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x468, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x469, ['array', 7, ['unsigned char']]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1d8, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x1b0, ['_LIST_ENTRY']],
+    'Status' : [ 0x1c0, ['long']],
+    'FailedDevice' : [ 0x1c8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1d0, ['unsigned char']],
+    'Cancelled' : [ 0x1d1, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1d2, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1d3, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1d4, ['unsigned char']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x98, {
+    'FileName' : [ 0x0, ['pointer64', ['wchar']]],
+    'BaseName' : [ 0x8, ['pointer64', ['wchar']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['wchar']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+    'FilePath' : [ 0x88, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x180, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+    'Flags' : [ 0x178, ['unsigned long']],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'HitCount' : [ 0x18, ['unsigned long long']],
+    'LastActivationTime' : [ 0x20, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x28, ['unsigned long long']],
+    'CsActivationTime' : [ 0x30, ['unsigned long long']],
+    'CsActiveTime' : [ 0x38, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x38, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HAL_CLOCK_TIMER_CONFIGURATION' : [ 0x20, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'AlwaysOnTimer' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'HighLatency' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PerCpuTimer' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DynamicTickSupported' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'KnownType' : [ 0x4, ['unsigned long']],
+    'Capabilities' : [ 0x8, ['unsigned long']],
+    'MaxIncrement' : [ 0x10, ['unsigned long long']],
+    'MinIncrement' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_DEBUGID_TRACKING_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x10, ['unsigned char']],
+    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0x14, ['unsigned long']],
+    'DebugId' : [ 0x18, ['_CVDD']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x48, {
+    'Parent' : [ 0x0, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x8, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x10, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0x18, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x20, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x50, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ControlAreaDeleteListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'UnusedSegmentDeleteListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'PagefileExtensionListHead' : [ 0x40, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2e6d' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x7c0, {
+    'FreeLargePages' : [ 0x0, ['array', 3, ['_MI_FREE_LARGE_PAGES']]],
+    'LargePageRebuildTimer' : [ 0x330, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'StandbyPageList' : [ 0x358, ['array', 4, ['array', 8, ['_MMPFNLIST_SHORT']]]],
+    'FreePageListHeadsBitmap' : [ 0x680, ['array', 2, ['_RTL_BITMAP']]],
+    'FreePageListHeadsBitmapBuffer' : [ 0x6a0, ['array', 16, ['unsigned long']]],
+    'FreeCount' : [ 0x6e0, ['array', 2, ['unsigned long long']]],
+    'TotalPages' : [ 0x6f0, ['array', 4, ['unsigned long long']]],
+    'TotalPagesEntireNode' : [ 0x710, ['unsigned long long']],
+    'MmShiftedColor' : [ 0x718, ['unsigned long']],
+    'Color' : [ 0x71c, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x720, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'Flags' : [ 0x760, ['__unnamed_2e6d']],
+    'NodeLock' : [ 0x768, ['_EX_PUSH_LOCK']],
+    'ZeroThreadHugeMapLock' : [ 0x770, ['unsigned long long']],
+    'LargeListMoveInProgress' : [ 0x778, ['unsigned char']],
+    'ChannelStatus' : [ 0x779, ['unsigned char']],
+    'ChannelOrdering' : [ 0x77a, ['array', 4, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x77e, ['array', 4, ['unsigned char']]],
+    'PowerAttribute' : [ 0x782, ['array', 4, ['unsigned char']]],
+    'LargePageLock' : [ 0x788, ['unsigned long long']],
+    'PageColorTable' : [ 0x790, ['_MI_PAGE_COLORS']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION' : [ 0xc0, {
+    'ValidBits' : [ 0x0, ['_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS']],
+    'ProcessorType' : [ 0x8, ['unsigned char']],
+    'InstructionSet' : [ 0x9, ['unsigned char']],
+    'ErrorType' : [ 0xa, ['unsigned char']],
+    'Operation' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned char']],
+    'Level' : [ 0xd, ['unsigned char']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'CPUVersion' : [ 0x10, ['unsigned long long']],
+    'CPUBrandString' : [ 0x18, ['array', 128, ['unsigned char']]],
+    'ProcessorId' : [ 0x98, ['unsigned long long']],
+    'TargetAddress' : [ 0xa0, ['unsigned long long']],
+    'RequesterId' : [ 0xa8, ['unsigned long long']],
+    'ResponderId' : [ 0xb0, ['unsigned long long']],
+    'InstructionPointer' : [ 0xb8, ['unsigned long long']],
+} ],
+  '_MI_HYPER_SPACE' : [ 0x10804000, {
+    'VadBitmap' : [ 0x0, ['array', 268435456, ['unsigned char']]],
+    'PageDirectoryCommitmentBitmap' : [ 0x10000000, ['array', 16384, ['unsigned char']]],
+    'PageTableCommitmentBitmap' : [ 0x10004000, ['array', 8388608, ['unsigned char']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['long']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DeviceNode' : [ 0x30, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_DOMAIN_CONFIGURATION_ARM64' : [ 0x20, {
+    'Ttbr0' : [ 0x0, ['_LARGE_INTEGER']],
+    'Ttbr1' : [ 0x8, ['_LARGE_INTEGER']],
+    'Mair0' : [ 0x10, ['unsigned long']],
+    'Mair1' : [ 0x14, ['unsigned long']],
+    'InputSize0' : [ 0x18, ['unsigned char']],
+    'InputSize1' : [ 0x19, ['unsigned char']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0x190, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x10, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x40, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x70, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedBitMapMaximum' : [ 0xb0, ['unsigned long long']],
+    'DynamicBitMapNonPagedPool' : [ 0xb8, ['_MI_DYNAMIC_BITMAP']],
+    'NonPagedPoolLowestPage' : [ 0x100, ['unsigned long long']],
+    'NonPagedPoolHighestPage' : [ 0x108, ['unsigned long long']],
+    'AllocatedNonPagedPool' : [ 0x110, ['unsigned long long']],
+    'PartialLargePoolRegions' : [ 0x118, ['unsigned long long']],
+    'PagesInPartialLargePoolRegions' : [ 0x120, ['unsigned long long']],
+    'CachedNonPagedPoolCount' : [ 0x128, ['unsigned long long']],
+    'NonPagedPoolSpinLock' : [ 0x130, ['unsigned long long']],
+    'CachedNonPagedPool' : [ 0x138, ['pointer64', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x140, ['pointer64', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x148, ['pointer64', ['void']]],
+    'NonPagedBitMap' : [ 0x150, ['array', 3, ['_RTL_BITMAP_EX']]],
+    'NonPagedHint' : [ 0x180, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PROC_PERF_QOS_CLASS_POLICY' : [ 0x1c, {
+    'MaxPolicyPercent' : [ 0x0, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x4, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x8, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0xc, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x10, ['unsigned long']],
+    'ProvideGuidance' : [ 0x14, ['unsigned char']],
+    'AllowThrottling' : [ 0x15, ['unsigned char']],
+    'PerfBoostMode' : [ 0x16, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x17, ['unsigned char']],
+    'TrackDesiredCrossClass' : [ 0x18, ['unsigned char']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long long']],
+    'BadPagesDetected' : [ 0x8, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
+    'ScrubPasses' : [ 0x10, ['long']],
+    'ScrubBadPagesFound' : [ 0x14, ['long']],
+    'PageHashErrors' : [ 0x18, ['unsigned long']],
+    'FeatureBits' : [ 0x20, ['unsigned long long']],
+    'TimeZoneId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x28, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x20, ['unsigned char']],
+    'RebuildActive' : [ 0x21, ['unsigned char']],
+    'NextPassDelta' : [ 0x22, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x23, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x68, {
+    'IoPfnLock' : [ 0x0, ['long']],
+    'IoPfnRoot' : [ 0x8, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x20, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x30, ['unsigned long']],
+    'IoCacheStats' : [ 0x38, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x60, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0xc40, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x18, ['pointer64', ['void']]],
+    'EmInfFileSize' : [ 0x20, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x28, ['pointer64', ['void']]],
+    'HeadlessLoaderBlock' : [ 0x30, ['pointer64', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x38, ['pointer64', ['_SMBIOS3_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x40, ['pointer64', ['void']]],
+    'DrvDBSize' : [ 0x48, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x50, ['pointer64', ['_NETWORK_LOADER_BLOCK']]],
+    'FirmwareDescriptorListHead' : [ 0x58, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x68, ['pointer64', ['void']]],
+    'AcpiTableSize' : [ 0x70, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardStrongCodeGuarantees' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SidSharingDisabled' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'TpmInitialized' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'VsmConfigured' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IumEnabled' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'IsSmbboot' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BootLogEnabled' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'FeatureSettings' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 19, native_type='unsigned long')]],
+    'FeatureSimulations' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 25, native_type='unsigned long')]],
+    'MicrocodeOptedOut' : [ 0x74, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'XhciLegacyHandoffSkip' : [ 0x74, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x78, ['pointer64', ['_LOADER_PERFORMANCE_DATA']]],
+    'BootApplicationPersistentData' : [ 0x80, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0x90, ['pointer64', ['void']]],
+    'BootIdentifier' : [ 0x98, ['_GUID']],
+    'ResumePages' : [ 0xa8, ['unsigned long']],
+    'DumpHeader' : [ 0xb0, ['pointer64', ['void']]],
+    'BgContext' : [ 0xb8, ['pointer64', ['void']]],
+    'NumaLocalityInfo' : [ 0xc0, ['pointer64', ['void']]],
+    'NumaGroupAssignment' : [ 0xc8, ['pointer64', ['void']]],
+    'AttachedHives' : [ 0xd0, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0xe0, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0xe8, ['pointer64', ['void']]],
+    'BootEntropyResult' : [ 0xf0, ['_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0x888, ['unsigned long long']],
+    'HypervisorExtension' : [ 0x890, ['_LOADER_PARAMETER_HYPERVISOR_EXTENSION']],
+    'HardwareConfigurationId' : [ 0x8c8, ['_GUID']],
+    'HalExtensionModuleList' : [ 0x8d8, ['_LIST_ENTRY']],
+    'SystemTime' : [ 0x8e8, ['_LARGE_INTEGER']],
+    'TimeStampAtSystemTimeRead' : [ 0x8f0, ['unsigned long long']],
+    'BootFlags' : [ 0x8f8, ['unsigned long long']],
+    'DbgMenuOsSelection' : [ 0x8f8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgHiberBoot' : [ 0x8f8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgSoftRestart' : [ 0x8f8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'InternalBootFlags' : [ 0x900, ['unsigned long long']],
+    'DbgUtcBootTime' : [ 0x900, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgRtcBootTime' : [ 0x900, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgNoLegacyServices' : [ 0x900, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WfsFPData' : [ 0x908, ['pointer64', ['void']]],
+    'WfsFPDataSize' : [ 0x910, ['unsigned long']],
+    'BugcheckParameters' : [ 0x918, ['_LOADER_BUGCHECK_PARAMETERS']],
+    'ApiSetSchema' : [ 0x940, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0x948, ['unsigned long']],
+    'ApiSetSchemaExtensions' : [ 0x950, ['_LIST_ENTRY']],
+    'AcpiBiosVersion' : [ 0x960, ['_UNICODE_STRING']],
+    'SmbiosVersion' : [ 0x970, ['_UNICODE_STRING']],
+    'EfiVersion' : [ 0x980, ['_UNICODE_STRING']],
+    'KdDebugDevice' : [ 0x990, ['pointer64', ['_DEBUG_DEVICE_DESCRIPTOR']]],
+    'OfflineCrashdumpConfigurationTable' : [ 0x998, ['_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2']],
+    'ManufacturingProfile' : [ 0x9b8, ['_UNICODE_STRING']],
+    'BbtBuffer' : [ 0x9c8, ['pointer64', ['void']]],
+    'XsaveAllowedFeatures' : [ 0x9d0, ['unsigned long long']],
+    'XsaveFlags' : [ 0x9d8, ['unsigned long']],
+    'BootOptions' : [ 0x9e0, ['pointer64', ['void']]],
+    'IumEnablement' : [ 0x9e8, ['unsigned long']],
+    'IumPolicy' : [ 0x9ec, ['unsigned long']],
+    'IumStatus' : [ 0x9f0, ['long']],
+    'BootId' : [ 0x9f4, ['unsigned long']],
+    'CodeIntegrityData' : [ 0x9f8, ['pointer64', ['_LOADER_PARAMETER_CI_EXTENSION']]],
+    'CodeIntegrityDataSize' : [ 0xa00, ['unsigned long']],
+    'SystemHiveRecoveryInfo' : [ 0xa04, ['_LOADER_HIVE_RECOVERY_INFO']],
+    'SoftRestartCount' : [ 0xa18, ['unsigned long']],
+    'SoftRestartTime' : [ 0xa20, ['long long']],
+    'HypercallCodeVa' : [ 0xa28, ['pointer64', ['void']]],
+    'HalVirtualAddress' : [ 0xa30, ['pointer64', ['void']]],
+    'HalNumberOfBytes' : [ 0xa38, ['unsigned long long']],
+    'MajorRelease' : [ 0xa40, ['unsigned long']],
+    'Reserved1' : [ 0xa44, ['unsigned long']],
+    'NtBuildLab' : [ 0xa48, ['array', 224, ['unsigned char']]],
+    'NtBuildLabEx' : [ 0xb28, ['array', 224, ['unsigned char']]],
+    'ResetReason' : [ 0xc08, ['_LOADER_RESET_REASON']],
+    'MaxPciBusNumber' : [ 0xc38, ['unsigned long']],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0x18, {
+    'AnsiCodePageData' : [ 0x0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0x8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x20, {
+    'CurrentCharges' : [ 0x0, ['unsigned long long']],
+    'ChargeFailures' : [ 0x8, ['unsigned long long']],
+    'ChargePeak' : [ 0x10, ['unsigned long long']],
+    'ChargeMinimum' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_2ecb' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x58, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ProtosNode' : [ 0x18, ['_MI_PROTOTYPE_PTES_NODE']],
+    'NumberOfPtes' : [ 0x38, ['unsigned long long']],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'Subsection' : [ 0x40, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x48, ['pointer64', ['_MMPTE']]],
+    'u2' : [ 0x50, ['__unnamed_2ecb']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x40, {
+    'PagesLoad' : [ 0x0, ['long long']],
+    'PagesAverage' : [ 0x8, ['unsigned long long']],
+    'AverageAvailablePages' : [ 0x10, ['unsigned long long']],
+    'PagesWritten' : [ 0x18, ['unsigned long long']],
+    'WritesIssued' : [ 0x20, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x24, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x28, ['unsigned long']],
+    'WriteBurstCount' : [ 0x2c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x30, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x38, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x3e, ['unsigned short']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_INFORMATION' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['_HAL_UNMASKED_INTERRUPT_FLAGS']],
+    'Mode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Gsiv' : [ 0x10, ['unsigned long']],
+    'PinNumber' : [ 0x14, ['unsigned short']],
+    'DeviceHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_FAKE_HEAP_ENTRY' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'PreviousSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x44, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'NoPageTablesAllowed' : [ 0x3c, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x40, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '_LOADER_BUGCHECK_PARAMETERS' : [ 0x28, {
+    'BugcheckCode' : [ 0x0, ['unsigned long']],
+    'BugcheckParameter1' : [ 0x8, ['unsigned long long']],
+    'BugcheckParameter2' : [ 0x10, ['unsigned long long']],
+    'BugcheckParameter3' : [ 0x18, ['unsigned long long']],
+    'BugcheckParameter4' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_FX_DRIPS_WATCHDOG_CONTEXT' : [ 0x28, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'ComponentIndex' : [ 0x10, ['unsigned long']],
+    'ChildDevices' : [ 0x18, ['pointer64', ['pointer64', ['_DEVICE_NODE']]]],
+    'ChildDeviceCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_SUPPORTED_RANGE' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_SUPPORTED_RANGE']]],
+    'SystemAddressSpace' : [ 0x8, ['unsigned long']],
+    'SystemBase' : [ 0x10, ['long long']],
+    'Base' : [ 0x18, ['long long']],
+    'Limit' : [ 0x20, ['long long']],
+} ],
+  '__unnamed_2ef8' : [ 0x8, {
+    'NumberOfEntries' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long long')]],
+    'Va' : [ 0x0, ['pointer64', ['void']]],
+    'VaLong' : [ 0x0, ['unsigned long long']],
+} ],
+  '_KTB_FLUSH_VA' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2ef8']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x50, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0x18, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x1c, ['unsigned long']],
+    'LowestLink' : [ 0x20, ['unsigned long']],
+    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
+    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x48, ['unsigned long']],
+} ],
+  '_MI_PAGE_COLORS' : [ 0x10, {
+    'PageSize' : [ 0x0, ['array', 4, ['unsigned long']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x178, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
+    'StorageInfo' : [ 0x110, ['pointer64', ['void']]],
+    'UseStorageInfo' : [ 0x118, ['unsigned char']],
+    'PointersLength' : [ 0x11c, ['unsigned long']],
+    'ModulePrefix' : [ 0x120, ['pointer64', ['wchar']]],
+    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x138, ['_STRING']],
+    'ProgMsg' : [ 0x148, ['_STRING']],
+    'DoneMsg' : [ 0x158, ['_STRING']],
+    'FileObject' : [ 0x168, ['pointer64', ['void']]],
+    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_PNP_WATCHDOG' : [ 0xd8, {
+    'WatchdogStart' : [ 0x0, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x8, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'WatchdogEnabled' : [ 0x88, ['unsigned char']],
+    'WatchdogSecondChance' : [ 0x89, ['unsigned char']],
+    'WatchdogComplete' : [ 0x90, ['_KEVENT']],
+    'WatchdogWorkItem' : [ 0xa8, ['_WORK_QUEUE_ITEM']],
+    'WatchdogContextType' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {1: u'PNP_EVENT_WORKER_WATCHDOG', 2: u'PNP_DEVICE_COMPLETION_QUEUE_WATCHDOG', 3: u'PNP_DELAYED_REMOVE_WORKER_WATCHDOG'})]],
+    'WatchdogContext' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['unsigned long']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x10, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x38, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0x18, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x520, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x508, ['unsigned long']],
+    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x510, ['unsigned long']],
+    'YieldCount' : [ 0x514, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x38, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_INPUT_MAPPING_ELEMENT' : [ 0x4, {
+    'InputMappingId' : [ 0x0, ['unsigned long']],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2f29' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2f2b' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2f2d' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2f2f' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2f31' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2f33' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2f35' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2f37' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2f39' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_2f3b' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_2f29']],
+    'TargetDevice' : [ 0x0, ['__unnamed_2f2b']],
+    'InstallDevice' : [ 0x0, ['__unnamed_2f2b']],
+    'CustomNotification' : [ 0x0, ['__unnamed_2f2d']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_2f2f']],
+    'PowerNotification' : [ 0x0, ['__unnamed_2f31']],
+    'VetoNotification' : [ 0x0, ['__unnamed_2f33']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_2f35']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_2f37']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_2f39']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_2f2b']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_2f2b']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_2f3b']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ProcessorType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'InstructionSet' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Operation' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Flags' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Level' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'CPUVersion' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'CPUBrandString' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'ProcessorId' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'TargetAddress' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'InstructionPointer' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'AllStacksInUse' : [ 0x1c, ['unsigned long']],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0x10, {
+    'CommonDataArea' : [ 0x0, ['pointer64', ['void']]],
+    'MachineType' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2f4c' : [ 0x8, {
+    'Pch' : [ 0x0, ['unsigned char']],
+    'EmbeddedController' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 6, ['unsigned char']]],
+} ],
+  '__unnamed_2f4e' : [ 0x8, {
+    'Component' : [ 0x0, ['__unnamed_2f4c']],
+    'AsULONG64' : [ 0x0, ['unsigned long long']],
+    'AsBytes' : [ 0x0, ['array', 8, ['unsigned char']]],
+} ],
+  '_LOADER_RESET_REASON' : [ 0x30, {
+    'Supplied' : [ 0x0, ['unsigned char']],
+    'Basic' : [ 0x8, ['__unnamed_2f4e']],
+    'AdditionalInfo' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'MpnId' : [ 0x8, ['unsigned short']],
+    'Node' : [ 0xa, ['unsigned short']],
+    'Channel' : [ 0xc, ['unsigned short']],
+    'IsPowerManageable' : [ 0xe, ['unsigned char']],
+    'DeepPowerState' : [ 0xf, ['unsigned char']],
+} ],
+  '_LOADER_HIVE_RECOVERY_INFO' : [ 0x14, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LegacyRecovery' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SoftRebootConflict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MostRecentLog' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'LogNextSequence' : [ 0x8, ['unsigned long']],
+    'LogMinimumSequence' : [ 0xc, ['unsigned long']],
+    'LogCurrentOffset' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2f5f' : [ 0x38, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x40, {
+    'FirmwareTypeUefi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EfiRuntimeUseIum' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EfiRuntimePageProtectionSupported' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_2f5f']],
+} ],
+  '__unnamed_2f63' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Consumed' : [ 0x8, ['unsigned char']],
+    'ErrorCode' : [ 0xa, ['unsigned short']],
+    'ErrorIpValid' : [ 0xc, ['unsigned char']],
+    'RestartIpValid' : [ 0xd, ['unsigned char']],
+} ],
+  '_WHEA_RECOVERY_CONTEXT' : [ 0x20, {
+    'MemoryError' : [ 0x0, ['__unnamed_2f63']],
+    'PartitionId' : [ 0x10, ['unsigned long long']],
+    'VpIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x80, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'PlatformCap' : [ 0x10, ['unsigned long']],
+    'ThermalCap' : [ 0x14, ['unsigned long']],
+    'LimitReasons' : [ 0x18, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x20, ['unsigned long long']],
+    'ProcCap' : [ 0x28, ['unsigned long']],
+    'ProcFloor' : [ 0x2c, ['unsigned long']],
+    'TargetPercent' : [ 0x30, ['unsigned long']],
+    'Selection' : [ 0x38, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x60, ['unsigned long']],
+    'PreviousFrequency' : [ 0x64, ['unsigned long']],
+    'PreviousPercent' : [ 0x68, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x6c, ['unsigned long']],
+    'Force' : [ 0x70, ['unsigned char']],
+    'UseQosUpdateLock' : [ 0x71, ['unsigned char']],
+    'QosUpdateLock' : [ 0x78, ['unsigned long long']],
+} ],
+  '_MI_ALIGNED_SLIST' : [ 0x40, {
+    'SList' : [ 0x0, ['_SLIST_HEADER']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x40, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'PciDeviceId' : [ 0x18, ['unsigned short']],
+    'PciVendorId' : [ 0x1a, ['unsigned short']],
+    'PciBusNumber' : [ 0x1c, ['unsigned char']],
+    'PciBusSegment' : [ 0x1e, ['unsigned short']],
+    'PciSlotNumber' : [ 0x20, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x21, ['unsigned char']],
+    'PciFlags' : [ 0x24, ['unsigned long']],
+    'SystemGUID' : [ 0x28, ['_GUID']],
+    'IsMMIODevice' : [ 0x38, ['unsigned char']],
+    'TerminalType' : [ 0x39, ['unsigned char']],
+    'InterfaceType' : [ 0x3a, ['unsigned char']],
+    'RegisterBitWidth' : [ 0x3b, ['unsigned char']],
+    'RegisterAccessSize' : [ 0x3c, ['unsigned char']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'RankNumber' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'CardHandle' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'ModuleHandle' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'ExtendedRow' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'BankGroup' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'BankAddress' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'ChipIdentification' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UserModeOnly' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoInherit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x410, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
+    'ProcessGroupId' : [ 0x408, ['unsigned long']],
+    'LoaderThreads' : [ 0x40c, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x28, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long long']],
+    'ActiveCacheMatch' : [ 0x8, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x14, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x1c, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_2f85' : [ 0x4, {
+    'PasidMaxWidth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'PasidExePerm' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PasidPrivMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AtsPageAlignedRequest' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AtsGlobalInvalidate' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AtsInvalidateQueueDepth' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 14, native_type='unsigned long')]],
+} ],
+  '_IOMMU_SVM_CAPABILITIES' : [ 0xc, {
+    'AtsCapability' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PriCapability' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PasidCapability' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CapReg' : [ 0x4, ['__unnamed_2f85']],
+    'Rsvd' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2f92' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2f94' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2f96' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2f92']],
+    'Gpt' : [ 0x0, ['__unnamed_2f94']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
+    'HiberResume' : [ 0x6a, ['unsigned char']],
+    'Reserved1' : [ 0x6b, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_2f96']],
+    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
+    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
+    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x38, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ActiveCooling' : [ 0x28, ['pointer64', ['void']]],
+    'PassiveCooling' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PEP_WORK_INFORMATION' : [ 0x40, {
+    'WorkType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepWorkActiveComplete', 1: u'PepWorkRequestIdleState', 2: u'PepWorkDevicePower', 3: u'PepWorkRequestPowerControl', 4: u'PepWorkDeviceIdle', 5: u'PepWorkCompleteIdleState', 6: u'PepWorkCompletePerfState', 7: u'PepWorkAcpiNotify', 8: u'PepWorkAcpiEvaluateControlMethodComplete', 9: u'PepWorkMax'})]],
+    'ActiveComplete' : [ 0x8, ['_PEP_WORK_ACTIVE_COMPLETE']],
+    'IdleState' : [ 0x8, ['_PEP_WORK_IDLE_STATE']],
+    'DevicePower' : [ 0x8, ['_PEP_WORK_DEVICE_POWER']],
+    'PowerControl' : [ 0x8, ['_PEP_WORK_POWER_CONTROL']],
+    'DeviceIdle' : [ 0x8, ['_PEP_WORK_DEVICE_IDLE']],
+    'CompleteIdleState' : [ 0x8, ['_PEP_WORK_COMPLETE_IDLE_STATE']],
+    'CompletePerfState' : [ 0x8, ['_PEP_WORK_COMPLETE_PERF_STATE']],
+    'AcpiNotify' : [ 0x8, ['_PEP_WORK_ACPI_NOTIFY']],
+    'ControlMethodComplete' : [ 0x8, ['_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0xa0, {
+    'Component' : [ 0x0, ['pointer64', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x8, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x30, ['pointer64', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x38, ['unsigned long']],
+    'LastChangeStamp' : [ 0x40, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x48, ['unsigned char']],
+    'PepRegistered' : [ 0x49, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x4a, ['unsigned char']],
+    'RequestDriverContext' : [ 0x50, ['pointer64', ['void']]],
+    'WorkOrder' : [ 0x58, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x90, ['unsigned long']],
+    'Sets' : [ 0x98, ['pointer64', ['_POP_FX_PERF_SET']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '__unnamed_2fca' : [ 0x4, {
+    'ForceEnable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '_RTL_HP_LFH_CONFIG' : [ 0xc, {
+    'MaxBlockSize' : [ 0x0, ['unsigned long']],
+    'MaxSubsegmentSize' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['__unnamed_2fca']],
+} ],
+  '_MI_ACCESS_VIOLATION_RANGE' : [ 0x28, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Va' : [ 0x18, ['pointer64', ['void']]],
+    'EndVaInclusive' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE' : [ 0x28, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'CompletionFlags' : [ 0x8, ['unsigned long']],
+    'MethodStatus' : [ 0xc, ['long']],
+    'CompletionContext' : [ 0x10, ['pointer64', ['void']]],
+    'OutputArgumentSize' : [ 0x18, ['unsigned long long']],
+    'OutputArguments' : [ 0x20, ['pointer64', ['_ACPI_METHOD_ARGUMENT_V1']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'AttemptForCantExtend' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'UnusedSegmentDeletion' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileContract' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNLIST_SHORT' : [ 0x18, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Flink' : [ 0x8, ['unsigned long long']],
+    'Blink' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_RESTRICTED_MODWRITES' : [ 0x3, {
+    'MaximumClusterPages' : [ 0x0, ['unsigned char']],
+    'ReducedClusterWrites' : [ 0x1, ['unsigned char']],
+    'ImposeDelay' : [ 0x2, ['unsigned char']],
+} ],
+  '_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'AbnormalResetOccurred' : [ 0x4, ['unsigned long']],
+    'OfflineMemoryDumpCapable' : [ 0x8, ['unsigned long']],
+    'ResetDataAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'ResetDataSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_ACPI_METHOD_ARGUMENT_V1' : [ 0x8, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'DataLength' : [ 0x2, ['unsigned short']],
+    'Argument' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x4, ['array', 1, ['unsigned char']]],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PEP_WORK_ACPI_NOTIFY' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'NotifyCode' : [ 0x8, ['unsigned long']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x28, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0x18, ['_RTL_BITMAP']],
+} ],
+  '_MI_SYSTEM_VA_ASSIGNMENT' : [ 0x10, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
+    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
+    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'CopyTicks' : [ 0x20, ['unsigned long long']],
+    'CompressTicks' : [ 0x28, ['unsigned long long']],
+    'BytesCopied' : [ 0x30, ['unsigned long long']],
+    'PagesProcessed' : [ 0x38, ['unsigned long long']],
+    'DecompressTicks' : [ 0x40, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x78, ['unsigned long']],
+    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
+} ],
+  '_ETW_APC_ENTRY' : [ 0x60, {
+    'SListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'Apc' : [ 0x0, ['_KAPC']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x28, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SystemClass', 1: u'ProcessorClass', 2: u'CacheClass', 3: u'AdapterClass', 4: u'ControllerClass', 5: u'PeripheralClass', 6: u'MemoryClass', 7: u'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ArcSystem', 1: u'CentralProcessor', 2: u'FloatingPointProcessor', 3: u'PrimaryIcache', 4: u'PrimaryDcache', 5: u'SecondaryIcache', 6: u'SecondaryDcache', 7: u'SecondaryCache', 8: u'EisaAdapter', 9: u'TcAdapter', 10: u'ScsiAdapter', 11: u'DtiAdapter', 12: u'MultiFunctionAdapter', 13: u'DiskController', 14: u'TapeController', 15: u'CdromController', 16: u'WormController', 17: u'SerialController', 18: u'NetworkController', 19: u'DisplayController', 20: u'ParallelController', 21: u'PointerController', 22: u'KeyboardController', 23: u'AudioController', 24: u'OtherController', 25: u'DiskPeripheral', 26: u'FloppyDiskPeripheral', 27: u'TapePeripheral', 28: u'ModemPeripheral', 29: u'MonitorPeripheral', 30: u'PrinterPeripheral', 31: u'PointerPeripheral', 32: u'KeyboardPeripheral', 33: u'TerminalPeripheral', 34: u'OtherPeripheral', 35: u'LinePeripheral', 36: u'NetworkPeripheral', 37: u'SystemMemory', 38: u'DockingInformation', 39: u'RealModeIrqRoutingTable', 40: u'RealModePCIEnumeration', 41: u'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer64', ['unsigned char']]],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_FLAGS' : [ 0x2, {
+    'SecondaryInterrupt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARM_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x18, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_PEP_WORK_COMPLETE_PERF_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+    'Succeeded' : [ 0xc, ['unsigned char']],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x10, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_FREE_LARGE_PAGES' : [ 0x110, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long long']]],
+    'LargePagesCount' : [ 0x10, ['array', 2, ['array', 2, ['array', 4, ['unsigned long long']]]]],
+    'LargePageEntries' : [ 0x90, ['array', 2, ['array', 2, ['array', 4, ['pointer64', ['_MI_FREE_LARGE_PAGE_LIST']]]]]],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x38, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x8, ['pointer64', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x10, ['long']],
+    'MissedMappingsCount' : [ 0x14, ['unsigned long']],
+    'FirmwareResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'EfiMemoryMap' : [ 0x28, ['pointer64', ['void']]],
+    'EfiMemoryMapSize' : [ 0x30, ['unsigned long']],
+    'EfiMemoryMapDescriptorSize' : [ 0x34, ['unsigned long']],
+} ],
+  '_PEP_WORK_IDLE_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+    'State' : [ 0xc, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_SMBIOS3_TABLE_HEADER' : [ 0x18, {
+    'Signature' : [ 0x0, ['array', 5, ['unsigned char']]],
+    'Checksum' : [ 0x5, ['unsigned char']],
+    'Length' : [ 0x6, ['unsigned char']],
+    'MajorVersion' : [ 0x7, ['unsigned char']],
+    'MinorVersion' : [ 0x8, ['unsigned char']],
+    'Docrev' : [ 0x9, ['unsigned char']],
+    'EntryPointRevision' : [ 0xa, ['unsigned char']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'StructureTableMaximumSize' : [ 0xc, ['unsigned long']],
+    'StructureTableAddress' : [ 0x10, ['unsigned long long']],
+} ],
+  '_LOADER_PARAMETER_CI_EXTENSION' : [ 0x50, {
+    'CodeIntegrityOptions' : [ 0x0, ['unsigned long']],
+    'UpgradeInProgress' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsWinPE' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CustomKernelSignersAllowed' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'WhqlEnforcementDate' : [ 0x8, ['_LARGE_INTEGER']],
+    'RevocationListOffset' : [ 0x10, ['unsigned long']],
+    'RevocationListSize' : [ 0x14, ['unsigned long']],
+    'CodeIntegrityPolicyOffset' : [ 0x18, ['unsigned long']],
+    'CodeIntegrityPolicySize' : [ 0x1c, ['unsigned long']],
+    'CodeIntegrityPolicyHashOffset' : [ 0x20, ['unsigned long']],
+    'CodeIntegrityPolicyHashSize' : [ 0x24, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashOffset' : [ 0x28, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashSize' : [ 0x2c, ['unsigned long']],
+    'WeakCryptoPolicyLoadStatus' : [ 0x30, ['long']],
+    'WeakCryptoPolicyOffset' : [ 0x34, ['unsigned long']],
+    'WeakCryptoPolicySize' : [ 0x38, ['unsigned long']],
+    'SecureBootPolicyOffset' : [ 0x3c, ['unsigned long']],
+    'SecureBootPolicySize' : [ 0x40, ['unsigned long']],
+    'Reserved2' : [ 0x44, ['unsigned long']],
+    'SerializedData' : [ 0x48, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_LDRP_CSLIST' : [ 0x8, {
+    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x70, {
+    'GetTime' : [ 0x0, ['unsigned long long']],
+    'SetTime' : [ 0x8, ['unsigned long long']],
+    'GetWakeupTime' : [ 0x10, ['unsigned long long']],
+    'SetWakeupTime' : [ 0x18, ['unsigned long long']],
+    'SetVirtualAddressMap' : [ 0x20, ['unsigned long long']],
+    'ConvertPointer' : [ 0x28, ['unsigned long long']],
+    'GetVariable' : [ 0x30, ['unsigned long long']],
+    'GetNextVariableName' : [ 0x38, ['unsigned long long']],
+    'SetVariable' : [ 0x40, ['unsigned long long']],
+    'GetNextHighMonotonicCount' : [ 0x48, ['unsigned long long']],
+    'ResetSystem' : [ 0x50, ['unsigned long long']],
+    'UpdateCapsule' : [ 0x58, ['unsigned long long']],
+    'QueryCapsuleCapabilities' : [ 0x60, ['unsigned long long']],
+    'QueryVariableInfo' : [ 0x68, ['unsigned long long']],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_STORE_INPAGE_COMPLETE_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['unsigned long']],
+    'StoreFault' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LowResourceFailure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned long')]],
+    'RemainingPageCount' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_WORK_QUEUE_MANAGER' : [ 0x118, {
+    'Partition' : [ 0x0, ['pointer64', ['_EX_PARTITION']]],
+    'Node' : [ 0x8, ['pointer64', ['_ENODE']]],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'DeadlockTimer' : [ 0x28, ['_KTIMER']],
+    'ReaperEvent' : [ 0x68, ['_KEVENT']],
+    'ReaperTimer' : [ 0x80, ['_KTIMER2']],
+    'ThreadHandle' : [ 0x108, ['pointer64', ['void']]],
+    'ExitThread' : [ 0x110, ['unsigned long']],
+    'ThreadSeed' : [ 0x114, ['unsigned long']],
+} ],
+  '_LOADER_PARAMETER_HYPERVISOR_EXTENSION' : [ 0x38, {
+    'HypervisorCrashdumpAreaPageCount' : [ 0x0, ['unsigned long']],
+    'HypervisorCrashdumpAreaSpa' : [ 0x8, ['unsigned long long']],
+    'HypervisorLaunchStatus' : [ 0x10, ['unsigned long long']],
+    'HypervisorLaunchStatusArg1' : [ 0x18, ['unsigned long long']],
+    'HypervisorLaunchStatusArg2' : [ 0x20, ['unsigned long long']],
+    'HypervisorLaunchStatusArg3' : [ 0x28, ['unsigned long long']],
+    'HypervisorLaunchStatusArg4' : [ 0x30, ['unsigned long long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_PEP_WORK_POWER_CONTROL' : [ 0x38, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'PowerControlCode' : [ 0x8, ['pointer64', ['_GUID']]],
+    'RequestContext' : [ 0x10, ['pointer64', ['void']]],
+    'InBuffer' : [ 0x18, ['pointer64', ['void']]],
+    'InBufferSize' : [ 0x20, ['unsigned long long']],
+    'OutBuffer' : [ 0x28, ['pointer64', ['void']]],
+    'OutBufferSize' : [ 0x30, ['unsigned long long']],
+} ],
+  '_PEP_WORK_DEVICE_POWER' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'PowerRequired' : [ 0x8, ['unsigned char']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeFilteredPrivateLogger', 12: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x20, {
+    'DHCPServerACK' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x8, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_BOOT_ENTROPY_LDR_RESULT' : [ 0x798, {
+    'maxEntropySources' : [ 0x0, ['unsigned long']],
+    'EntropySourceResult' : [ 0x8, ['array', 8, ['_BOOT_ENTROPY_SOURCE_LDR_RESULT']]],
+    'SeedBytesForCng' : [ 0x348, ['array', 48, ['unsigned char']]],
+    'RngBytesForNtoskrnl' : [ 0x378, ['array', 1024, ['unsigned char']]],
+    'KdEntropy' : [ 0x778, ['array', 32, ['unsigned char']]],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x78, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+    'PreQueryOpen' : [ 0x68, ['pointer64', ['void']]],
+    'PostQueryOpen' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer64', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PEP_WORK_COMPLETE_IDLE_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PEP_WORK_ACTIVE_COMPLETE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_3074' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['pointer64', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_3076' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x30, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'Unit' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x20, ['__unnamed_3074']],
+    'Range' : [ 0x20, ['__unnamed_3076']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_BOOT_ENTROPY_SOURCE_LDR_RESULT' : [ 0x68, {
+    'SourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceNone', 1: u'BootEntropySourceSeedfile', 2: u'BootEntropySourceExternal', 3: u'BootEntropySourceTpm', 4: u'BootEntropySourceRdrand', 5: u'BootEntropySourceTime', 6: u'BootEntropySourceAcpiOem0', 7: u'BootEntropySourceUefi', 8: u'BootMaxEntropySources'})]],
+    'Policy' : [ 0x8, ['unsigned long long']],
+    'ResultCode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceStructureUninitialized', 1: u'BootEntropySourceDisabledByPolicy', 2: u'BootEntropySourceNotPresent', 3: u'BootEntropySourceError', 4: u'BootEntropySourceSuccess'})]],
+    'ResultStatus' : [ 0x14, ['long']],
+    'Time' : [ 0x18, ['unsigned long long']],
+    'EntropyLength' : [ 0x20, ['unsigned long']],
+    'EntropyData' : [ 0x24, ['array', 64, ['unsigned char']]],
+} ],
+  'POHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_3087' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_3089' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_308f' : [ 0x10, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer64', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_3093' : [ 0x10, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NotifyTypeCreate', 1: u'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x8, ['unsigned char']],
+} ],
+  '__unnamed_3095' : [ 0x20, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileInformation' : [ 0x8, ['pointer64', ['void']]],
+    'Length' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'FileInformationClass' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileMaximumInformation'})]],
+    'CompletionStatus' : [ 0x1c, ['long']],
+} ],
+  '__unnamed_3097' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_3087']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_3089']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_308f']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_3093']],
+    'QueryOpen' : [ 0x0, ['__unnamed_3095']],
+    'Others' : [ 0x0, ['__unnamed_3097']],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_PEP_WORK_DEVICE_IDLE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'IgnoreIdleTimeout' : [ 0x8, ['unsigned char']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+}
diff --git a/volatility/plugins/overlays/windows/win10_x86_17134_vtypes.py b/volatility/plugins/overlays/windows/win10_x86_17134_vtypes.py
new file mode 100644
index 000000000..afd279f0a
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_17134_vtypes.py
@@ -0,0 +1,15052 @@
+ntkrpamp_10_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PS_MITIGATION_AUDIT_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x708, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgStateSeparationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'TelemetryCoverageRound' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1088' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1088']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_108c' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_108c']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_10a7' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_10a9' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_10a7']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x4, ['pointer', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x8, ['pointer', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0xc, ['pointer', ['void']]],
+    'RaceDll' : [ 0x10, ['pointer', ['void']]],
+    'ActivationContext' : [ 0x14, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x18, ['pointer', ['void']]],
+    'u' : [ 0x1c, ['__unnamed_10a9']],
+    'CallbackPriority' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x24, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x1c, ['pointer', ['void']]],
+    'ClientId' : [ 0x20, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['pointer', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x30, ['pointer', ['_PEB']]],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['pointer', ['void']]],
+    'Win32ThreadInfo' : [ 0x40, ['pointer', ['void']]],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['pointer', ['void']]],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['pointer', ['void']]]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['pointer', ['void']]]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x175, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['pointer', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['pointer', ['void']]],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['pointer', ['void']]],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['pointer', ['void']]]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['pointer', ['void']]],
+    'glSectionInfo' : [ 0xbe0, ['pointer', ['void']]],
+    'glSection' : [ 0xbe4, ['pointer', ['void']]],
+    'glTable' : [ 0xbe8, ['pointer', ['void']]],
+    'glCurrentRC' : [ 0xbec, ['pointer', ['void']]],
+    'glContext' : [ 0xbf0, ['pointer', ['void']]],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['pointer', ['void']]],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['pointer', ['void']]]],
+    'TlsLinks' : [ 0xf10, ['_LIST_ENTRY']],
+    'Vdm' : [ 0xf18, ['pointer', ['void']]],
+    'ReservedForNtRpc' : [ 0xf1c, ['pointer', ['void']]],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['pointer', ['void']]]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['pointer', ['void']]]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['pointer', ['void']]],
+    'PerflibData' : [ 0xf64, ['pointer', ['void']]],
+    'EtwTraceData' : [ 0xf68, ['pointer', ['void']]],
+    'WinSockData' : [ 0xf6c, ['pointer', ['void']]],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['pointer', ['void']]],
+    'ReservedForOle' : [ 0xf80, ['pointer', ['void']]],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['pointer', ['void']]],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['pointer', ['void']]],
+    'TlsExpansionSlots' : [ 0xf94, ['pointer', ['pointer', ['void']]]],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['pointer', ['void']]],
+    'pShimData' : [ 0xfa4, ['pointer', ['void']]],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['pointer', ['void']]],
+    'ActiveFrame' : [ 0xfb0, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0xfb4, ['pointer', ['void']]],
+    'PreferredLanguages' : [ 0xfb8, ['pointer', ['void']]],
+    'UserPrefLanguages' : [ 0xfbc, ['pointer', ['void']]],
+    'MergedPrefLanguages' : [ 0xfc0, ['pointer', ['void']]],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['pointer', ['void']]],
+    'TxnScopeExitCallback' : [ 0xfd0, ['pointer', ['void']]],
+    'TxnScopeContext' : [ 0xfd4, ['pointer', ['void']]],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['pointer', ['void']]],
+    'ReservedForWdf' : [ 0xfe4, ['pointer', ['void']]],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x8, {
+    'Flink' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x4, {
+    'Next' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0xc, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0xc, {
+    'ChainHead' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x14, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0xc, ['pointer', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x24, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_CUSTOM_SYSTEM_EVENT_TRIGGER_CONFIG' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'TriggerId' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_IMAGE_NT_HEADERS' : [ 0xf8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0xc, {
+    'Children' : [ 0x0, ['array', 2, ['pointer', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_AVL_TREE' : [ 0x4, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x6020, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'Used_ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Used_StackBase' : [ 0x4, ['pointer', ['void']]],
+    'MxCsr' : [ 0x8, ['unsigned long']],
+    'TssCopy' : [ 0xc, ['pointer', ['void']]],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'SetMemberCopy' : [ 0x14, ['unsigned long']],
+    'Used_Self' : [ 0x18, ['pointer', ['void']]],
+    'SelfPcr' : [ 0x1c, ['pointer', ['_KPCR']]],
+    'Prcb' : [ 0x20, ['pointer', ['_KPRCB']]],
+    'Irql' : [ 0x24, ['unsigned char']],
+    'IRR' : [ 0x28, ['unsigned long']],
+    'IrrActive' : [ 0x2c, ['unsigned long']],
+    'IDR' : [ 0x30, ['unsigned long']],
+    'KdVersionBlock' : [ 0x34, ['pointer', ['void']]],
+    'IDT' : [ 0x38, ['pointer', ['_KIDTENTRY']]],
+    'GDT' : [ 0x3c, ['pointer', ['_KGDTENTRY']]],
+    'TSS' : [ 0x40, ['pointer', ['_KTSS']]],
+    'MajorVersion' : [ 0x44, ['unsigned short']],
+    'MinorVersion' : [ 0x46, ['unsigned short']],
+    'SetMember' : [ 0x48, ['unsigned long']],
+    'StallScaleFactor' : [ 0x4c, ['unsigned long']],
+    'SpareUnused' : [ 0x50, ['unsigned char']],
+    'Number' : [ 0x51, ['unsigned char']],
+    'Spare0' : [ 0x52, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x53, ['unsigned char']],
+    'VdmAlert' : [ 0x54, ['unsigned long']],
+    'KernelReserved' : [ 0x58, ['array', 14, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0x90, ['unsigned long']],
+    'HalReserved' : [ 0x94, ['array', 16, ['unsigned long']]],
+    'InterruptMode' : [ 0xd4, ['unsigned long']],
+    'Spare1' : [ 0xd8, ['unsigned char']],
+    'KernelReserved2' : [ 0xdc, ['array', 17, ['unsigned long']]],
+    'PrcbData' : [ 0x120, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x5f00, {
+    'MinorVersion' : [ 0x0, ['unsigned short']],
+    'MajorVersion' : [ 0x2, ['unsigned short']],
+    'CurrentThread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'NextThread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'IdleThread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'LegacyNumber' : [ 0x10, ['unsigned char']],
+    'NestingLevel' : [ 0x11, ['unsigned char']],
+    'BuildType' : [ 0x12, ['unsigned short']],
+    'CpuType' : [ 0x14, ['unsigned char']],
+    'CpuID' : [ 0x15, ['unsigned char']],
+    'CpuStep' : [ 0x16, ['unsigned short']],
+    'CpuStepping' : [ 0x16, ['unsigned char']],
+    'CpuModel' : [ 0x17, ['unsigned char']],
+    'ProcessorState' : [ 0x18, ['_KPROCESSOR_STATE']],
+    'ParentNode' : [ 0x338, ['pointer', ['_KNODE']]],
+    'PriorityState' : [ 0x33c, ['pointer', ['unsigned char']]],
+    'KernelReserved' : [ 0x340, ['array', 14, ['unsigned long']]],
+    'HalReserved' : [ 0x378, ['array', 16, ['unsigned long']]],
+    'CFlushSize' : [ 0x3b8, ['unsigned long']],
+    'CoresPerPhysicalProcessor' : [ 0x3bc, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x3bd, ['unsigned char']],
+    'CpuVendor' : [ 0x3be, ['unsigned char']],
+    'PrcbPad0' : [ 0x3bf, ['array', 1, ['unsigned char']]],
+    'MHz' : [ 0x3c0, ['unsigned long']],
+    'GroupIndex' : [ 0x3c4, ['unsigned char']],
+    'Group' : [ 0x3c5, ['unsigned char']],
+    'PrcbPad05' : [ 0x3c6, ['array', 2, ['unsigned char']]],
+    'GroupSetMember' : [ 0x3c8, ['unsigned long']],
+    'Number' : [ 0x3cc, ['unsigned long']],
+    'ClockOwner' : [ 0x3d0, ['unsigned char']],
+    'PendingTickFlags' : [ 0x3d1, ['unsigned char']],
+    'PendingTick' : [ 0x3d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x3d1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PrcbPad10' : [ 0x3d2, ['array', 70, ['unsigned char']]],
+    'LockQueue' : [ 0x418, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'InterruptCount' : [ 0x4a0, ['unsigned long']],
+    'KernelTime' : [ 0x4a4, ['unsigned long']],
+    'UserTime' : [ 0x4a8, ['unsigned long']],
+    'DpcTime' : [ 0x4ac, ['unsigned long']],
+    'DpcTimeCount' : [ 0x4b0, ['unsigned long']],
+    'InterruptTime' : [ 0x4b4, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4b8, ['unsigned long']],
+    'PageColor' : [ 0x4bc, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4c0, ['unsigned char']],
+    'NodeColor' : [ 0x4c1, ['unsigned char']],
+    'DeepSleep' : [ 0x4c2, ['unsigned char']],
+    'TbFlushListActive' : [ 0x4c3, ['unsigned char']],
+    'CachedStack' : [ 0x4c4, ['pointer', ['void']]],
+    'NodeShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x4cc, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4d0, ['unsigned long']],
+    'MmFlushList' : [ 0x4d4, ['pointer', ['void']]],
+    'PrcbFlags' : [ 0x4d8, ['_KPRCBFLAG']],
+    'SchedulerAssist' : [ 0x4dc, ['pointer', ['void']]],
+    'CcFastReadNoWait' : [ 0x4e0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x4e4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x4e8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x4ec, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x4f0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x4f4, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x4f8, ['long']],
+    'IoReadOperationCount' : [ 0x4fc, ['long']],
+    'IoWriteOperationCount' : [ 0x500, ['long']],
+    'IoOtherOperationCount' : [ 0x504, ['long']],
+    'IoReadTransferCount' : [ 0x508, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x510, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x518, ['_LARGE_INTEGER']],
+    'CcFastMdlReadNoWait' : [ 0x520, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x524, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x528, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x52c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x530, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x534, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x538, ['unsigned long']],
+    'CcPinReadWait' : [ 0x53c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x540, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x544, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x548, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x54c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x550, ['unsigned long']],
+    'CcDataFlushes' : [ 0x554, ['unsigned long']],
+    'CcDataPages' : [ 0x558, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x55c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x560, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x564, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x568, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x56c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x570, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x574, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x578, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x57c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x580, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x584, ['unsigned long']],
+    'KeAlignmentFixupCount' : [ 0x588, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x58c, ['unsigned long']],
+    'KeSystemCalls' : [ 0x590, ['unsigned long']],
+    'AvailableTime' : [ 0x594, ['unsigned long']],
+    'PrcbPad22' : [ 0x598, ['array', 2, ['unsigned long']]],
+    'PPLookasideList' : [ 0x5a0, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x620, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0xf20, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x1820, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x2120, ['long']],
+    'ReverseStall' : [ 0x2124, ['long']],
+    'IpiFrame' : [ 0x2128, ['pointer', ['void']]],
+    'PrcbPad3' : [ 0x212c, ['array', 52, ['unsigned char']]],
+    'CurrentPacket' : [ 0x2160, ['array', 3, ['pointer', ['void']]]],
+    'TargetSet' : [ 0x216c, ['unsigned long']],
+    'WorkerRoutine' : [ 0x2170, ['pointer', ['void']]],
+    'IpiFrozen' : [ 0x2174, ['unsigned long']],
+    'PrcbPad4' : [ 0x2178, ['array', 40, ['unsigned char']]],
+    'RequestSummary' : [ 0x21a0, ['unsigned long']],
+    'TargetCount' : [ 0x21a4, ['long']],
+    'LastNonHrTimerExpiration' : [ 0x21a8, ['unsigned long long']],
+    'TrappedSecurityDomain' : [ 0x21b0, ['unsigned long long']],
+    'BpbState' : [ 0x21b8, ['unsigned short']],
+    'BpbIbrsPresent' : [ 0x21b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'BpbStibpPresent' : [ 0x21b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'BpbSmepPresent' : [ 0x21b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'BpbSimulateSpecCtrl' : [ 0x21b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'BpbSimulateIbpb' : [ 0x21b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'BpbIbpbPresent' : [ 0x21b8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'BpbCpuIdle' : [ 0x21b8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'BpbClearSpecCtrlOnIdle' : [ 0x21b8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'BpbHTDisabled' : [ 0x21b8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'BpbUserToUserOnly' : [ 0x21b8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BpbReserved' : [ 0x21b8, ['BitField', dict(start_bit = 10, end_bit = 16, native_type='unsigned short')]],
+    'BpbSpecCtrlValue' : [ 0x21ba, ['unsigned char']],
+    'BpbCtxSwapSetValue' : [ 0x21bb, ['unsigned char']],
+    'PrcbPad50' : [ 0x21bc, ['array', 20, ['unsigned char']]],
+    'InterruptLastCount' : [ 0x21d0, ['unsigned long']],
+    'InterruptRate' : [ 0x21d4, ['unsigned long']],
+    'DeviceInterrupts' : [ 0x21d8, ['unsigned long']],
+    'IsrDpcStats' : [ 0x21dc, ['pointer', ['void']]],
+    'DpcData' : [ 0x21e0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2210, ['pointer', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2214, ['long']],
+    'DpcRequestRate' : [ 0x2218, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x221c, ['unsigned long']],
+    'DpcLastCount' : [ 0x2220, ['unsigned long']],
+    'PrcbLock' : [ 0x2224, ['unsigned long']],
+    'DpcGate' : [ 0x2228, ['_KGATE']],
+    'IdleState' : [ 0x2238, ['unsigned char']],
+    'QuantumEnd' : [ 0x2239, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x223a, ['unsigned char']],
+    'IdleSchedule' : [ 0x223b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x223c, ['long']],
+    'DpcRequestSlot' : [ 0x223c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x223c, ['short']],
+    'ThreadDpcState' : [ 0x223e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x223c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x223c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x223c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x223c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x223c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x223c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x223c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x223c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x223c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x223c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2240, ['unsigned long']],
+    'LastTick' : [ 0x2244, ['unsigned long']],
+    'PeriodicCount' : [ 0x2248, ['unsigned long']],
+    'PeriodicBias' : [ 0x224c, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2250, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2254, ['unsigned long']],
+    'GroupSchedulingOverQuota' : [ 0x2258, ['unsigned char']],
+    'ThreadDpcEnable' : [ 0x2259, ['unsigned char']],
+    'PrcbPad41' : [ 0x225a, ['array', 2, ['unsigned char']]],
+    'TimerTable' : [ 0x2260, ['_KTIMER_TABLE']],
+    'CallDpc' : [ 0x3aa0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x3ac0, ['long']],
+    'PrcbPad6' : [ 0x3ac4, ['array', 4, ['unsigned char']]],
+    'DpcWatchdogPeriod' : [ 0x3ac8, ['long']],
+    'DpcWatchdogCount' : [ 0x3acc, ['long']],
+    'KeSpinLockOrdering' : [ 0x3ad0, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x3ad4, ['unsigned long']],
+    'QueueIndex' : [ 0x3ad8, ['unsigned long']],
+    'DeferredReadyListHead' : [ 0x3adc, ['_SINGLE_LIST_ENTRY']],
+    'ReadySummary' : [ 0x3ae0, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x3ae4, ['long']],
+    'WaitLock' : [ 0x3ae8, ['unsigned long']],
+    'WaitListHead' : [ 0x3aec, ['_LIST_ENTRY']],
+    'ScbOffset' : [ 0x3af4, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x3af8, ['unsigned long']],
+    'StartCycles' : [ 0x3b00, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x3b08, ['unsigned long long']],
+    'TaggedCycles' : [ 0x3b10, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x3b20, ['unsigned long long']],
+    'CycleTime' : [ 0x3b28, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x3b30, ['unsigned long long']],
+    'ImportantCycles' : [ 0x3b38, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x3b40, ['unsigned long long']],
+    'ReadyQueueExpectedRunTime' : [ 0x3b48, ['unsigned long long']],
+    'HighCycleTime' : [ 0x3b50, ['unsigned long']],
+    'Cycles' : [ 0x3b58, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad71' : [ 0x3b98, ['array', 2, ['unsigned long']]],
+    'DispatcherReadyListHead' : [ 0x3ba0, ['array', 32, ['_LIST_ENTRY']]],
+    'ChainedInterruptList' : [ 0x3ca0, ['pointer', ['void']]],
+    'LookasideIrpFloat' : [ 0x3ca4, ['long']],
+    'ScbQueue' : [ 0x3ca8, ['_RTL_RB_TREE']],
+    'ScbList' : [ 0x3cb0, ['_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x3cb8, ['long']],
+    'MmCopyOnWriteCount' : [ 0x3cbc, ['long']],
+    'MmTransitionCount' : [ 0x3cc0, ['long']],
+    'MmCacheTransitionCount' : [ 0x3cc4, ['long']],
+    'MmDemandZeroCount' : [ 0x3cc8, ['long']],
+    'MmPageReadCount' : [ 0x3ccc, ['long']],
+    'MmPageReadIoCount' : [ 0x3cd0, ['long']],
+    'MmCacheReadCount' : [ 0x3cd4, ['long']],
+    'MmCacheIoCount' : [ 0x3cd8, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x3cdc, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x3ce0, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x3ce4, ['long']],
+    'MmMappedWriteIoCount' : [ 0x3ce8, ['long']],
+    'CachedCommit' : [ 0x3cec, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x3cf0, ['unsigned long']],
+    'HyperPte' : [ 0x3cf4, ['pointer', ['void']]],
+    'PrcbPad8' : [ 0x3cf8, ['array', 4, ['unsigned char']]],
+    'VendorString' : [ 0x3cfc, ['array', 13, ['unsigned char']]],
+    'InitialApicId' : [ 0x3d09, ['unsigned char']],
+    'LogicalProcessorsPerPhysicalProcessor' : [ 0x3d0a, ['unsigned char']],
+    'PrcbPad9' : [ 0x3d0b, ['array', 1, ['unsigned char']]],
+    'FeatureBits' : [ 0x3d10, ['unsigned long long']],
+    'UpdateSignature' : [ 0x3d18, ['_LARGE_INTEGER']],
+    'IsrTime' : [ 0x3d20, ['unsigned long long']],
+    'PrcbPad90' : [ 0x3d28, ['array', 2, ['unsigned long']]],
+    'PowerState' : [ 0x3d30, ['_PROCESSOR_POWER_STATE']],
+    'ForceIdleDpc' : [ 0x3ed8, ['_KDPC']],
+    'PrcbPad91' : [ 0x3ef8, ['array', 14, ['unsigned long']]],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x3f30, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x3f34, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x3f58, ['_KTIMER']],
+    'HypercallPageList' : [ 0x3f80, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x3f88, ['pointer', ['void']]],
+    'VirtualApicAssist' : [ 0x3f8c, ['pointer', ['void']]],
+    'StatisticsPage' : [ 0x3f90, ['pointer', ['unsigned long long']]],
+    'Cache' : [ 0x3f94, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x3fd0, ['unsigned long']],
+    'PackageProcessorSet' : [ 0x3fd4, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x3fe0, ['unsigned long']],
+    'SharedReadyQueue' : [ 0x3fe4, ['pointer', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x3fe8, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x3fec, ['unsigned long']],
+    'ScanSiblingMask' : [ 0x3ff0, ['unsigned long']],
+    'LLCMask' : [ 0x3ff4, ['unsigned long']],
+    'CacheProcessorMask' : [ 0x3ff8, ['array', 5, ['unsigned long']]],
+    'ScanSiblingIndex' : [ 0x400c, ['unsigned long']],
+    'WheaInfo' : [ 0x4010, ['pointer', ['void']]],
+    'EtwSupport' : [ 0x4014, ['pointer', ['void']]],
+    'InterruptObjectPool' : [ 0x4018, ['_SLIST_HEADER']],
+    'DpcWatchdogProfile' : [ 0x4020, ['pointer', ['pointer', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x4024, ['pointer', ['pointer', ['void']]]],
+    'PrcbPad92' : [ 0x4028, ['array', 1, ['unsigned long']]],
+    'PteBitCache' : [ 0x402c, ['unsigned long']],
+    'PteBitOffset' : [ 0x4030, ['unsigned long']],
+    'PrcbPad93' : [ 0x4034, ['unsigned long']],
+    'ProcessorProfileControlArea' : [ 0x4038, ['pointer', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x403c, ['pointer', ['void']]],
+    'TimerExpirationDpc' : [ 0x4040, ['_KDPC']],
+    'SynchCounters' : [ 0x4060, ['_SYNCH_COUNTERS']],
+    'FsCounters' : [ 0x4118, ['_FILESYSTEM_DISK_COUNTERS']],
+    'Context' : [ 0x4128, ['pointer', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x412c, ['unsigned long']],
+    'ExtendedState' : [ 0x4130, ['pointer', ['_XSAVE_AREA']]],
+    'EntropyTimingState' : [ 0x4134, ['_KENTROPY_TIMING_STATE']],
+    'IsrStack' : [ 0x425c, ['pointer', ['void']]],
+    'VectorToInterruptObject' : [ 0x4260, ['array', 208, ['pointer', ['_KINTERRUPT']]]],
+    'AbSelfIoBoostsList' : [ 0x45a0, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x45a4, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x45a8, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x45c8, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x461c, ['_IOP_IRP_STACK_PROFILER']],
+    'TimerExpirationTrace' : [ 0x4670, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x4770, ['unsigned long']],
+    'ExSaPageArray' : [ 0x4774, ['pointer', ['void']]],
+    'ExtendedSupervisorState' : [ 0x4778, ['pointer', ['_XSAVE_AREA_HEADER']]],
+    'PrcbPad100' : [ 0x477c, ['array', 9, ['unsigned long']]],
+    'LocalSharedReadyQueue' : [ 0x47a0, ['_KSHARED_READY_QUEUE']],
+    'Mailbox' : [ 0x48e0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'PrcbPad' : [ 0x48e4, ['array', 1532, ['unsigned char']]],
+    'KernelDirectoryTableBase' : [ 0x4ee0, ['unsigned long']],
+    'EspBaseShadow' : [ 0x4ee4, ['unsigned long']],
+    'UserEspShadow' : [ 0x4ee8, ['unsigned long']],
+    'ShadowFlags' : [ 0x4eec, ['unsigned long']],
+    'UserDS' : [ 0x4ef0, ['unsigned long']],
+    'UserES' : [ 0x4ef4, ['unsigned long']],
+    'UserFS' : [ 0x4ef8, ['unsigned long']],
+    'EspIretd' : [ 0x4efc, ['pointer', ['void']]],
+    'RestoreSegOption' : [ 0x4f00, ['unsigned long']],
+    'SavedEsi' : [ 0x4f04, ['unsigned long']],
+    'DbgLogs' : [ 0x4f08, ['array', 512, ['unsigned long']]],
+    'DbgCount' : [ 0x5708, ['unsigned long']],
+    'PrcbPadRemaingPage' : [ 0x570c, ['array', 501, ['unsigned long']]],
+    'RequestMailbox' : [ 0x5ee0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KAPC' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x14, ['pointer', ['void']]],
+    'RundownRoutine' : [ 0x18, ['pointer', ['void']]],
+    'NormalRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Reserved' : [ 0x14, ['array', 3, ['pointer', ['void']]]],
+    'NormalContext' : [ 0x20, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x24, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x28, ['pointer', ['void']]],
+    'ApcStateIndex' : [ 0x2c, ['unsigned char']],
+    'ApcMode' : [ 0x2d, ['unsigned char']],
+    'Inserted' : [ 0x2e, ['unsigned char']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0xb0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x18, ['unsigned long']],
+    'LdtDescriptor' : [ 0x1c, ['_KGDTENTRY']],
+    'Int21Descriptor' : [ 0x24, ['_KIDTENTRY']],
+    'ThreadListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x34, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x38, ['unsigned long long']],
+    'Affinity' : [ 0x40, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x4c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x54, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x58, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x64, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x64, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x64, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeepFreeze' : [ 0x64, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x64, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x64, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x64, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x64, ['BitField', dict(start_bit = 7, end_bit = 10, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x64, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'VaSpaceDeleted' : [ 0x64, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x64, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'ProcessFlags' : [ 0x64, ['long']],
+    'BasePriority' : [ 0x68, ['unsigned char']],
+    'QuantumReset' : [ 0x69, ['unsigned char']],
+    'Visited' : [ 0x6a, ['unsigned char']],
+    'Flags' : [ 0x6b, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x6c, ['array', 1, ['unsigned long']]],
+    'IdealNode' : [ 0x70, ['array', 1, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x72, ['unsigned short']],
+    'Spare1' : [ 0x74, ['unsigned short']],
+    'IopmOffset' : [ 0x76, ['unsigned short']],
+    'SchedulingGroup' : [ 0x78, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'StackCount' : [ 0x7c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x80, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x88, ['unsigned long long']],
+    'ContextSwitches' : [ 0x90, ['unsigned long long']],
+    'FreezeCount' : [ 0x98, ['unsigned long']],
+    'KernelTime' : [ 0x9c, ['unsigned long']],
+    'UserTime' : [ 0xa0, ['unsigned long']],
+    'ReadyTime' : [ 0xa4, ['unsigned long']],
+    'VdmTrapcHandler' : [ 0xa8, ['pointer', ['void']]],
+    'ProcessTimerDelay' : [ 0xac, ['unsigned long']],
+} ],
+  '_KTHREAD' : [ 0x350, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x10, ['pointer', ['void']]],
+    'QuantumTarget' : [ 0x18, ['unsigned long long']],
+    'InitialStack' : [ 0x20, ['pointer', ['void']]],
+    'StackLimit' : [ 0x24, ['pointer', ['void']]],
+    'StackBase' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLock' : [ 0x2c, ['unsigned long']],
+    'CycleTime' : [ 0x30, ['unsigned long long']],
+    'HighCycleTime' : [ 0x38, ['unsigned long']],
+    'ServiceTable' : [ 0x3c, ['pointer', ['void']]],
+    'CurrentRunTime' : [ 0x40, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x44, ['unsigned long']],
+    'KernelStack' : [ 0x48, ['pointer', ['void']]],
+    'StateSaveArea' : [ 0x4c, ['pointer', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x50, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x54, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x55, ['unsigned char']],
+    'Alerted' : [ 0x56, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x58, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x58, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x58, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x58, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x58, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x58, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x58, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x58, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x58, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x58, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x58, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x58, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x58, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x58, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x58, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x58, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x58, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x58, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Reserved' : [ 0x58, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x58, ['long']],
+    'BamQosLevel' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'AutoAlignment' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x5c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x5c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x5c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x5c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x5c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x5c, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x5c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x5c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x5c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x5c, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x5c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x5c, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'VpBackingThread' : [ 0x5c, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x5c, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x5c, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x5c, ['long']],
+    'Tag' : [ 0x60, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x61, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x63, ['unsigned char']],
+    'SystemCallNumber' : [ 0x64, ['unsigned long']],
+    'FirstArgument' : [ 0x68, ['pointer', ['void']]],
+    'TrapFrame' : [ 0x6c, ['pointer', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x70, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x70, ['array', 23, ['unsigned char']]],
+    'Priority' : [ 0x87, ['unsigned char']],
+    'UserIdealProcessor' : [ 0x88, ['unsigned long']],
+    'ContextSwitches' : [ 0x8c, ['unsigned long']],
+    'State' : [ 0x90, ['unsigned char']],
+    'Spare12' : [ 0x91, ['unsigned char']],
+    'WaitIrql' : [ 0x92, ['unsigned char']],
+    'WaitMode' : [ 0x93, ['unsigned char']],
+    'WaitStatus' : [ 0x94, ['long']],
+    'WaitBlockList' : [ 0x98, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0x9c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x9c, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xa4, ['pointer', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xa8, ['pointer', ['void']]],
+    'RelativeTimerBias' : [ 0xb0, ['unsigned long long']],
+    'Timer' : [ 0xb8, ['_KTIMER']],
+    'WaitBlock' : [ 0xe0, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill8' : [ 0xe0, ['array', 20, ['unsigned char']]],
+    'ThreadCounters' : [ 0xf4, ['pointer', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0xe0, ['array', 44, ['unsigned char']]],
+    'XStateSave' : [ 0x10c, ['pointer', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0xe0, ['array', 68, ['unsigned char']]],
+    'Win32Thread' : [ 0x124, ['pointer', ['void']]],
+    'WaitBlockFill11' : [ 0xe0, ['array', 88, ['unsigned char']]],
+    'WaitTime' : [ 0x138, ['unsigned long']],
+    'KernelApcDisable' : [ 0x13c, ['short']],
+    'SpecialApcDisable' : [ 0x13e, ['short']],
+    'CombinedApcDisable' : [ 0x13c, ['unsigned long']],
+    'QueueListEntry' : [ 0x140, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x148, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x148, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x148, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x14c, ['long']],
+    'Process' : [ 0x150, ['pointer', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x154, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x154, ['array', 6, ['unsigned char']]],
+    'PreviousMode' : [ 0x15a, ['unsigned char']],
+    'BasePriority' : [ 0x15b, ['unsigned char']],
+    'PriorityDecrement' : [ 0x15c, ['unsigned char']],
+    'ForegroundBoost' : [ 0x15c, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x15c, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x15d, ['unsigned char']],
+    'AdjustReason' : [ 0x15e, ['unsigned char']],
+    'AdjustIncrement' : [ 0x15f, ['unsigned char']],
+    'AffinityVersion' : [ 0x160, ['unsigned long']],
+    'Affinity' : [ 0x164, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x164, ['array', 6, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x16a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x16b, ['unsigned char']],
+    'IdealProcessor' : [ 0x16c, ['unsigned long']],
+    'ReadyTime' : [ 0x170, ['unsigned long']],
+    'SavedApcState' : [ 0x174, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x174, ['array', 23, ['unsigned char']]],
+    'WaitReason' : [ 0x18b, ['unsigned char']],
+    'SuspendCount' : [ 0x18c, ['unsigned char']],
+    'Saturation' : [ 0x18d, ['unsigned char']],
+    'SListFaultCount' : [ 0x18e, ['unsigned short']],
+    'SchedulerApc' : [ 0x190, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x190, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x191, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x190, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x193, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x190, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x194, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x190, ['array', 36, ['unsigned char']]],
+    'WaitPrcb' : [ 0x1b4, ['pointer', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x190, ['array', 40, ['unsigned char']]],
+    'LegoData' : [ 0x1b8, ['pointer', ['void']]],
+    'SchedulerApcFill5' : [ 0x190, ['array', 47, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x1bf, ['unsigned char']],
+    'UserTime' : [ 0x1c0, ['unsigned long']],
+    'SuspendEvent' : [ 0x1c4, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x1d4, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x1dc, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x1e4, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x1e5, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x1e6, ['unsigned char']],
+    'SystemPriority' : [ 0x1e7, ['unsigned char']],
+    'LockEntries' : [ 0x1e8, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x308, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x30c, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x310, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x320, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x324, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x328, ['long']],
+    'KeReferenceCount' : [ 0x32c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x32e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x32f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x330, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x334, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x334, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x338, ['unsigned long']],
+    'QueuedScb' : [ 0x33c, ['pointer', ['_KSCB']]],
+    'NpxState' : [ 0x340, ['unsigned long long']],
+    'ThreadTimerDelay' : [ 0x348, ['unsigned long']],
+    'ThreadFlags2' : [ 0x34c, ['long']],
+    'PpmPolicy' : [ 0x34c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlags2Reserved' : [ 0x34c, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'ActualLimit' : [ 0x4, ['unsigned long']],
+    'StackExpansion' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousTrapFrame' : [ 0x8, ['pointer', ['_KTRAP_FRAME']]],
+    'PreviousExceptionList' : [ 0xc, ['pointer', ['void']]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Event' : [ 0xc, ['_KEVENT']],
+    'OldIrql' : [ 0x1c, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_SLIST_HEADER' : [ 0x8, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x4, ['unsigned short']],
+    'CpuId' : [ 0x6, ['unsigned short']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x48, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['unsigned long']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['_FAST_MUTEX']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer', ['void']]],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Parameter' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer', ['void']]],
+    'DeleteContext' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x8, {
+    'P' : [ 0x0, ['pointer', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x4, ['pointer', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x100, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long']],
+    'IdleSmtSet' : [ 0x4, ['unsigned long']],
+    'IdleCpuSet' : [ 0x8, ['unsigned long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long']],
+    'IdleConstrainedSet' : [ 0x44, ['unsigned long']],
+    'NonParkedSet' : [ 0x48, ['unsigned long']],
+    'NonIsrTargetedSet' : [ 0x4c, ['unsigned long']],
+    'ParkLock' : [ 0x50, ['long']],
+    'Seed' : [ 0x54, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x84, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x84, ['array', 6, ['unsigned char']]],
+    'NodeNumber' : [ 0x8a, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x8c, ['unsigned short']],
+    'Stride' : [ 0x8e, ['unsigned char']],
+    'Spare0' : [ 0x8f, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x90, ['unsigned long']],
+    'ProximityId' : [ 0x94, ['unsigned long']],
+    'Lowest' : [ 0x98, ['unsigned long']],
+    'Highest' : [ 0x9c, ['unsigned long']],
+    'MaximumProcessors' : [ 0xa0, ['unsigned char']],
+    'Flags' : [ 0xa1, ['_flags']],
+    'Spare10' : [ 0xa2, ['unsigned char']],
+    'HeteroSets' : [ 0xa4, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+    'PpmConfiguredQosSets' : [ 0xe0, ['array', 4, ['unsigned long']]],
+} ],
+  '_ENODE' : [ 0x140, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'HotAddProcessorWorkItem' : [ 0x100, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long']],
+    'QuotaProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x10, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'StrictFIFO' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x1c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x1c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x24, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 20, ['unsigned char']]],
+    'DebugInfo' : [ 0x54, ['pointer', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'VolatileLowValue' : [ 0x0, ['long']],
+    'LowValue' : [ 0x0, ['long']],
+    'InfoTable' : [ 0x0, ['pointer', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x4, ['long']],
+    'NextFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x4, ['_EXHANDLE']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'RefCountField' : [ 0x4, ['long']],
+    'GrantedAccessBits' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'ProtectFromClose' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'RefCnt' : [ 0x4, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_FAST_REF' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1358' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0x74, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'AuxData' : [ 0x30, ['pointer', ['void']]],
+    'Privileges' : [ 0x34, ['__unnamed_1358']],
+    'AuditPrivileges' : [ 0x60, ['unsigned char']],
+    'ObjectName' : [ 0x64, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x6c, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xc4, {
+    'PrivilegesUsed' : [ 0x0, ['pointer', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x4, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x14, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x18, ['unsigned long']],
+    'TransactionId' : [ 0x1c, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x30, ['pointer', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x34, ['pointer', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x38, ['pointer', ['void']]],
+    'SDLock' : [ 0x3c, ['pointer', ['void']]],
+    'AccessReasons' : [ 0x40, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xc0, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x480, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x350, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x358, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x358, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x360, ['pointer', ['void']]],
+    'PostBlockList' : [ 0x364, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x364, ['pointer', ['void']]],
+    'StartAddress' : [ 0x368, ['pointer', ['void']]],
+    'TerminationPort' : [ 0x36c, ['pointer', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x36c, ['pointer', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x36c, ['pointer', ['void']]],
+    'ActiveTimerListLock' : [ 0x370, ['unsigned long']],
+    'ActiveTimerListHead' : [ 0x374, ['_LIST_ENTRY']],
+    'Cid' : [ 0x37c, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x384, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x384, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x398, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x39c, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x3a4, ['unsigned long']],
+    'DeviceToVerify' : [ 0x3a8, ['pointer', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x3ac, ['pointer', ['void']]],
+    'LegacyPowerObject' : [ 0x3b0, ['pointer', ['void']]],
+    'ThreadListEntry' : [ 0x3b4, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x3bc, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x3c0, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x3c4, ['unsigned long']],
+    'MmLockOrdering' : [ 0x3c8, ['long']],
+    'CrossThreadFlags' : [ 0x3cc, ['unsigned long']],
+    'Terminated' : [ 0x3cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x3cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x3cc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x3cc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x3cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x3cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x3cc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x3cc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x3cc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x3cc, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x3cc, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x3cc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x3cc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x3cc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x3cc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x3cc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x3cc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x3cc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ForcedSelfTrimActive' : [ 0x3cc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SamplingCoverage' : [ 0x3cc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x3cc, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x3d0, ['unsigned long']],
+    'ActiveExWorker' : [ 0x3d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x3d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x3d0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x3d0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x3d0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x3d0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x3d0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x3d0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SecureContext' : [ 0x3d0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ZeroPageThread' : [ 0x3d0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x3d0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x3d4, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x3d4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x3d4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x3d4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x3d4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x3d4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x3d4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x3d4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x3d4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x3d5, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x3d5, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'AllowWritesToExecutableMemory' : [ 0x3d5, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x3d8, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x3d9, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x3da, ['unsigned char']],
+    'LockOrderState' : [ 0x3db, ['unsigned char']],
+    'AlpcMessageId' : [ 0x3dc, ['unsigned long']],
+    'AlpcMessage' : [ 0x3e0, ['pointer', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x3e0, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x3e4, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x3ec, ['long']],
+    'CacheManagerCount' : [ 0x3f0, ['unsigned long']],
+    'IoBoostCount' : [ 0x3f4, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x3f8, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x3fc, ['unsigned long']],
+    'BoostList' : [ 0x400, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x408, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x410, ['unsigned long']],
+    'IrpListLock' : [ 0x414, ['unsigned long']],
+    'ReservedForSynchTracking' : [ 0x418, ['pointer', ['void']]],
+    'CmCallbackListHead' : [ 0x41c, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x420, ['pointer', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x424, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x428, ['pointer', ['void']]],
+    'KernelStackReference' : [ 0x42c, ['unsigned long']],
+    'AdjustedClientToken' : [ 0x430, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x434, ['pointer', ['void']]],
+    'PropertySet' : [ 0x438, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x444, ['pointer', ['void']]],
+    'UserFsBase' : [ 0x448, ['unsigned long']],
+    'UserGsBase' : [ 0x44c, ['unsigned long']],
+    'EnergyValues' : [ 0x450, ['pointer', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x454, ['pointer', ['void']]],
+    'SelectedCpuSets' : [ 0x458, ['unsigned long']],
+    'SelectedCpuSetsIndirect' : [ 0x458, ['pointer', ['unsigned long']]],
+    'Silo' : [ 0x45c, ['pointer', ['_EJOB']]],
+    'ThreadName' : [ 0x460, ['pointer', ['_UNICODE_STRING']]],
+    'LastExpectedRunTime' : [ 0x464, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x468, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x470, ['unsigned long']],
+    'DisownedOwnerEntryListHead' : [ 0x474, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_13a9' : [ 0x4, {
+    'ControlFlowGuardEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditDisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'AuditDisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'AuditProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'AuditProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinaries' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinariesAllowStore' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AuditLoaderIntegrityContinuity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'EnableModuleTamperingProtection' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'EnableModuleTamperingProtectionNoInherit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+} ],
+  '__unnamed_13ab' : [ 0x4, {
+    'EnableExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AuditExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'EnableRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuditRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuditRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'EnableRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AuditRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'EnableImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_EPROCESS' : [ 0x400, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0xb4, ['pointer', ['void']]],
+    'ActiveProcessLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0xc0, ['_EX_RUNDOWN_REF']],
+    'VdmObjects' : [ 0xc4, ['pointer', ['void']]],
+    'Flags2' : [ 0xc8, ['unsigned long']],
+    'JobNotReallyActive' : [ 0xc8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0xc8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0xc8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0xc8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0xc8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0xc8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0xc8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0xc8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0xc8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0xc8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PicoCreated' : [ 0xc8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0xc8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0xc8, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0xc8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0xc8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0xc8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0xc8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0xc8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0xc8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0xc8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0xc8, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'EnableReadVmLogging' : [ 0xc8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'EnableWriteVmLogging' : [ 0xc8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0xc8, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0xc8, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0xc8, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0xc8, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'InPrivate' : [ 0xc8, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0xcc, ['unsigned long']],
+    'CreateReported' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0xcc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0xcc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0xcc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ManageExecutableMemoryWrites' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0xcc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0xcc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0xcc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0xcc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0xcc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0xcc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0xcc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0xcc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0xcc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0xcc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0xcc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0xcc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0xcc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0xcc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0xcc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0xcc, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0xcc, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0xcc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0xd0, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0xd8, ['array', 2, ['unsigned long']]],
+    'ProcessQuotaPeak' : [ 0xe0, ['array', 2, ['unsigned long']]],
+    'PeakVirtualSize' : [ 0xe8, ['unsigned long']],
+    'VirtualSize' : [ 0xec, ['unsigned long']],
+    'SessionProcessLinks' : [ 0xf0, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0xf8, ['pointer', ['void']]],
+    'ExceptionPortValue' : [ 0xf8, ['unsigned long']],
+    'ExceptionPortState' : [ 0xf8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Token' : [ 0xfc, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x100, ['unsigned long']],
+    'AddressCreationLock' : [ 0x104, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x108, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x10c, ['pointer', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x110, ['pointer', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x114, ['pointer', ['_EJOB']]],
+    'CloneRoot' : [ 0x118, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x11c, ['unsigned long']],
+    'NumberOfLockedPages' : [ 0x120, ['unsigned long']],
+    'Win32Process' : [ 0x124, ['pointer', ['void']]],
+    'Job' : [ 0x128, ['pointer', ['_EJOB']]],
+    'SectionObject' : [ 0x12c, ['pointer', ['void']]],
+    'SectionBaseAddress' : [ 0x130, ['pointer', ['void']]],
+    'Cookie' : [ 0x134, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x138, ['pointer', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x13c, ['pointer', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x140, ['pointer', ['void']]],
+    'LdtInformation' : [ 0x144, ['pointer', ['void']]],
+    'OwnerProcessId' : [ 0x148, ['unsigned long']],
+    'Peb' : [ 0x14c, ['pointer', ['_PEB']]],
+    'Session' : [ 0x150, ['pointer', ['_MM_SESSION_SPACE']]],
+    'AweInfo' : [ 0x154, ['pointer', ['void']]],
+    'QuotaBlock' : [ 0x158, ['pointer', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x15c, ['pointer', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x160, ['pointer', ['void']]],
+    'PaeTop' : [ 0x164, ['pointer', ['void']]],
+    'DeviceMap' : [ 0x168, ['pointer', ['void']]],
+    'EtwDataSource' : [ 0x16c, ['pointer', ['void']]],
+    'PageDirectoryPte' : [ 0x170, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x178, ['pointer', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x17c, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x18b, ['unsigned char']],
+    'SecurityPort' : [ 0x18c, ['pointer', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x190, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x194, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x19c, ['pointer', ['void']]],
+    'ThreadListHead' : [ 0x1a0, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x1a8, ['unsigned long']],
+    'ImagePathHash' : [ 0x1ac, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x1b0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x1b4, ['long']],
+    'PrefetchTrace' : [ 0x1b8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x1bc, ['pointer', ['void']]],
+    'ReadOperationCount' : [ 0x1c0, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x1c8, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x1d0, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x1e8, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x1f0, ['unsigned long']],
+    'CommitCharge' : [ 0x1f4, ['unsigned long']],
+    'CommitChargePeak' : [ 0x1f8, ['unsigned long']],
+    'Vm' : [ 0x1fc, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x28c, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x294, ['unsigned long']],
+    'ExitStatus' : [ 0x298, ['long']],
+    'VadRoot' : [ 0x29c, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x2a0, ['pointer', ['void']]],
+    'VadCount' : [ 0x2a4, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x2a8, ['unsigned long']],
+    'VadPhysicalPagesLimit' : [ 0x2ac, ['unsigned long']],
+    'AlpcContext' : [ 0x2b0, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x2c0, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x2c8, ['pointer', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x2cc, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x2d0, ['unsigned long']],
+    'ExitTime' : [ 0x2d8, ['_LARGE_INTEGER']],
+    'ActiveThreadsHighWatermark' : [ 0x2e0, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x2e4, ['unsigned long']],
+    'ThreadListLock' : [ 0x2e8, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x2ec, ['pointer', ['void']]],
+    'ServerSilo' : [ 0x2f0, ['pointer', ['_EJOB']]],
+    'SignatureLevel' : [ 0x2f4, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x2f5, ['unsigned char']],
+    'Protection' : [ 0x2f6, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x2f7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'GhostCount' : [ 0x2f7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Flags3' : [ 0x2f8, ['unsigned long']],
+    'Minimal' : [ 0x2f8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x2f8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Crashed' : [ 0x2f8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x2f8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x2f8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x2f8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x2f8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x2f8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x2f8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x2f8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x2f8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x2f8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SystemProcess' : [ 0x2f8, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'HideImageBaseAddresses' : [ 0x2f8, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x2f8, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProcessFirstResume' : [ 0x2f8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ForegroundExternal' : [ 0x2f8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ForegroundSystem' : [ 0x2f8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HighMemoryPriority' : [ 0x2f8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x2fc, ['long']],
+    'SvmData' : [ 0x300, ['pointer', ['void']]],
+    'SvmProcessLock' : [ 0x304, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x308, ['unsigned long']],
+    'SvmProcessDeviceListHead' : [ 0x30c, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x318, ['unsigned long long']],
+    'DiskCounters' : [ 0x320, ['pointer', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x324, ['pointer', ['void']]],
+    'HighPriorityFaultsAllowed' : [ 0x328, ['unsigned long']],
+    'InstrumentationCallback' : [ 0x32c, ['pointer', ['void']]],
+    'EnergyContext' : [ 0x330, ['pointer', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x334, ['pointer', ['void']]],
+    'SequenceNumber' : [ 0x338, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x340, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x348, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x350, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x358, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x360, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x360, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x368, ['unsigned long']],
+    'SharedCommitLock' : [ 0x36c, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x370, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x378, ['unsigned long']],
+    'DefaultCpuSets' : [ 0x37c, ['unsigned long']],
+    'AllowedCpuSetsIndirect' : [ 0x378, ['pointer', ['unsigned long']]],
+    'DefaultCpuSetsIndirect' : [ 0x37c, ['pointer', ['unsigned long']]],
+    'DiskIoAttribution' : [ 0x380, ['pointer', ['void']]],
+    'DxgProcess' : [ 0x384, ['pointer', ['void']]],
+    'Win32KFilterSet' : [ 0x388, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x390, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x398, ['unsigned long']],
+    'KTimer2Sets' : [ 0x39c, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x3a0, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x3a4, ['unsigned long']],
+    'VirtualTimerListHead' : [ 0x3a8, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x3b0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x3b0, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'MitigationFlags' : [ 0x3e0, ['unsigned long']],
+    'MitigationFlagsValues' : [ 0x3e0, ['__unnamed_13a9']],
+    'MitigationFlags2' : [ 0x3e4, ['unsigned long']],
+    'MitigationFlags2Values' : [ 0x3e4, ['__unnamed_13ab']],
+    'PartitionObject' : [ 0x3e8, ['pointer', ['void']]],
+    'SecurityDomain' : [ 0x3f0, ['unsigned long long']],
+    'CoverageSamplerContext' : [ 0x3f8, ['pointer', ['void']]],
+} ],
+  '__unnamed_13be' : [ 0x4, {
+    'MasterIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_13c4' : [ 0x8, {
+    'UserApcRoutine' : [ 0x0, ['pointer', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer', ['void']]],
+    'UserApcContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_13c6' : [ 0x8, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13c4']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13cf' : [ 0x2c, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer', ['void']]]],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x14, ['pointer', ['unsigned char']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x20, ['pointer', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x20, ['unsigned long']],
+    'OriginalFileObject' : [ 0x24, ['pointer', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '__unnamed_13d1' : [ 0x30, {
+    'Overlay' : [ 0x0, ['__unnamed_13cf']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IRP' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x4, ['pointer', ['_MDL']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AssociatedIrp' : [ 0xc, ['__unnamed_13be']],
+    'ThreadListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x18, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x20, ['unsigned char']],
+    'PendingReturned' : [ 0x21, ['unsigned char']],
+    'StackCount' : [ 0x22, ['unsigned char']],
+    'CurrentLocation' : [ 0x23, ['unsigned char']],
+    'Cancel' : [ 0x24, ['unsigned char']],
+    'CancelIrql' : [ 0x25, ['unsigned char']],
+    'ApcEnvironment' : [ 0x26, ['unsigned char']],
+    'AllocationFlags' : [ 0x27, ['unsigned char']],
+    'UserIosb' : [ 0x28, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x2c, ['pointer', ['_KEVENT']]],
+    'Overlay' : [ 0x30, ['__unnamed_13c6']],
+    'CancelRoutine' : [ 0x38, ['pointer', ['void']]],
+    'UserBuffer' : [ 0x3c, ['pointer', ['void']]],
+    'Tail' : [ 0x40, ['__unnamed_13d1']],
+} ],
+  '__unnamed_13d8' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'FileAttributes' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'EaLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13dc' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13e0' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13e2' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13e6' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13e8' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13ec' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+    'DirectoryNotifyInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'DirectoryNotifyInformation', 2: u'DirectoryNotifyExtendedInformation'})]],
+} ],
+  '__unnamed_13ee' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13f0' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0xc, ['unsigned char']],
+    'AdvanceOnly' : [ 0xd, ['unsigned char']],
+    'ClusterCount' : [ 0xc, ['unsigned long']],
+    'DeleteHandle' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13f2' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x4, ['pointer', ['void']]],
+    'EaListLength' : [ 0x8, ['unsigned long']],
+    'EaIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13f4' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13f8' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13fa' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'FsControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13fd' : [ 0x10, {
+    'Length' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13ff' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'IoControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1401' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1403' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1407' : [ 0x8, {
+    'Vpb' : [ 0x0, ['pointer', ['_VPB']]],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_140b' : [ 0x4, {
+    'Srb' : [ 0x0, ['pointer', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_140f' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x4, ['pointer', ['void']]],
+    'SidList' : [ 0x8, ['pointer', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1413' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_1417' : [ 0x10, {
+    'InterfaceType' : [ 0x0, ['pointer', ['_GUID']]],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned short']],
+    'Interface' : [ 0x8, ['pointer', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_141b' : [ 0x4, {
+    'Capabilities' : [ 0x0, ['pointer', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_141f' : [ 0x4, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1421' : [ 0x10, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['void']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+    'Length' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1423' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_1427' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_142b' : [ 0x8, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_142f' : [ 0x8, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_1433' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_1437' : [ 0x4, {
+    'PowerSequence' : [ 0x0, ['pointer', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_143f' : [ 0x10, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x8, ['_POWER_STATE']],
+    'ShutdownType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_1443' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x4, ['pointer', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1445' : [ 0x10, {
+    'ProviderId' : [ 0x0, ['unsigned long']],
+    'DataPath' : [ 0x4, ['pointer', ['void']]],
+    'BufferSize' : [ 0x8, ['unsigned long']],
+    'Buffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1447' : [ 0x10, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1449' : [ 0x10, {
+    'Create' : [ 0x0, ['__unnamed_13d8']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13dc']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13e0']],
+    'Read' : [ 0x0, ['__unnamed_13e2']],
+    'Write' : [ 0x0, ['__unnamed_13e2']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13e6']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13e8']],
+    'NotifyDirectoryEx' : [ 0x0, ['__unnamed_13ec']],
+    'QueryFile' : [ 0x0, ['__unnamed_13ee']],
+    'SetFile' : [ 0x0, ['__unnamed_13f0']],
+    'QueryEa' : [ 0x0, ['__unnamed_13f2']],
+    'SetEa' : [ 0x0, ['__unnamed_13f4']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13f8']],
+    'SetVolume' : [ 0x0, ['__unnamed_13f8']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13fa']],
+    'LockControl' : [ 0x0, ['__unnamed_13fd']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_13ff']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1401']],
+    'SetSecurity' : [ 0x0, ['__unnamed_1403']],
+    'MountVolume' : [ 0x0, ['__unnamed_1407']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_1407']],
+    'Scsi' : [ 0x0, ['__unnamed_140b']],
+    'QueryQuota' : [ 0x0, ['__unnamed_140f']],
+    'SetQuota' : [ 0x0, ['__unnamed_13f4']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1413']],
+    'QueryInterface' : [ 0x0, ['__unnamed_1417']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_141b']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_141f']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1421']],
+    'SetLock' : [ 0x0, ['__unnamed_1423']],
+    'QueryId' : [ 0x0, ['__unnamed_1427']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_142b']],
+    'UsageNotification' : [ 0x0, ['__unnamed_142f']],
+    'WaitWake' : [ 0x0, ['__unnamed_1433']],
+    'PowerSequence' : [ 0x0, ['__unnamed_1437']],
+    'Power' : [ 0x0, ['__unnamed_143f']],
+    'StartDevice' : [ 0x0, ['__unnamed_1443']],
+    'WMI' : [ 0x0, ['__unnamed_1445']],
+    'Others' : [ 0x0, ['__unnamed_1447']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x24, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x4, ['__unnamed_1449']],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_145f' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x14, ['pointer', ['_IRP']]],
+    'Timer' : [ 0x18, ['pointer', ['_IO_TIMER']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Characteristics' : [ 0x20, ['unsigned long']],
+    'Vpb' : [ 0x24, ['pointer', ['_VPB']]],
+    'DeviceExtension' : [ 0x28, ['pointer', ['void']]],
+    'DeviceType' : [ 0x2c, ['unsigned long']],
+    'StackSize' : [ 0x30, ['unsigned char']],
+    'Queue' : [ 0x34, ['__unnamed_145f']],
+    'AlignmentRequirement' : [ 0x5c, ['unsigned long']],
+    'DeviceQueue' : [ 0x60, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0x74, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x94, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x98, ['pointer', ['void']]],
+    'DeviceLock' : [ 0x9c, ['_KEVENT']],
+    'SectorSize' : [ 0xac, ['unsigned short']],
+    'Spare1' : [ 0xae, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0xb0, ['pointer', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0xb4, ['pointer', ['void']]],
+} ],
+  '_KDPC' : [ 0x20, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x8, ['unsigned long']],
+    'DeferredRoutine' : [ 0xc, ['pointer', ['void']]],
+    'DeferredContext' : [ 0x10, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x14, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x18, ['pointer', ['void']]],
+    'DpcData' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x14, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x4, ['pointer', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x8, ['pointer', ['void']]],
+    'TxnParameters' : [ 0xc, ['pointer', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x10, ['pointer', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x3a0, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x20, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0x60, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0x68, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0x78, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0x80, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0x88, ['unsigned long']],
+    'TotalProcesses' : [ 0x8c, ['unsigned long']],
+    'ActiveProcesses' : [ 0x90, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0x94, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0x98, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xa0, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xa8, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0xac, ['unsigned long']],
+    'LimitFlags' : [ 0xb0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xb4, ['unsigned long']],
+    'Affinity' : [ 0xb8, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0xc4, ['pointer', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0xc8, ['pointer', ['void']]],
+    'UIRestrictionsClass' : [ 0xcc, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0xd0, ['unsigned long']],
+    'CompletionPort' : [ 0xd4, ['pointer', ['void']]],
+    'CompletionKey' : [ 0xd8, ['pointer', ['void']]],
+    'CompletionCount' : [ 0xe0, ['unsigned long long']],
+    'SessionId' : [ 0xe8, ['unsigned long']],
+    'SchedulingClass' : [ 0xec, ['unsigned long']],
+    'ReadOperationCount' : [ 0xf0, ['unsigned long long']],
+    'WriteOperationCount' : [ 0xf8, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x100, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x108, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x110, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x118, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x120, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x148, ['unsigned long']],
+    'JobMemoryLimit' : [ 0x14c, ['unsigned long']],
+    'JobTotalMemoryLimit' : [ 0x150, ['unsigned long']],
+    'PeakProcessMemoryUsed' : [ 0x154, ['unsigned long']],
+    'PeakJobMemoryUsed' : [ 0x158, ['unsigned long']],
+    'EffectiveAffinity' : [ 0x15c, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x168, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x170, ['unsigned long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x174, ['unsigned long']],
+    'EffectiveProcessMemoryLimit' : [ 0x178, ['unsigned long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x17c, ['pointer', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x180, ['pointer', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x184, ['pointer', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x188, ['pointer', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x18c, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x190, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x194, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x198, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x19c, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x1a0, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x1a4, ['unsigned char']],
+    'PriorityClass' : [ 0x1a5, ['unsigned char']],
+    'NestingDepth' : [ 0x1a6, ['unsigned char']],
+    'Reserved1' : [ 0x1a7, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x1a8, ['unsigned long']],
+    'WakeChannel' : [ 0x1b0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x1b0, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x1f8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x200, ['unsigned long']],
+    'NotificationLink' : [ 0x204, ['pointer', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x208, ['unsigned long long']],
+    'NotificationInfo' : [ 0x210, ['pointer', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x214, ['pointer', ['void']]],
+    'NotificationPacket' : [ 0x218, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x21c, ['pointer', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x220, ['pointer', ['void']]],
+    'ReadyTime' : [ 0x228, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x230, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x234, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x23c, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x244, ['pointer', ['_EJOB']]],
+    'RootJob' : [ 0x248, ['pointer', ['_EJOB']]],
+    'IteratorListHead' : [ 0x24c, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x254, ['unsigned long']],
+    'Ancestors' : [ 0x258, ['pointer', ['pointer', ['_EJOB']]]],
+    'SessionObject' : [ 0x258, ['pointer', ['void']]],
+    'Accounting' : [ 0x260, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x2b8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x2bc, ['unsigned long']],
+    'SequenceNumber' : [ 0x2c0, ['unsigned long']],
+    'JobId' : [ 0x2c4, ['unsigned long']],
+    'ContainerId' : [ 0x2c8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x2d8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x2e8, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x2ec, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x2f8, ['pointer', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x2fc, ['pointer', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x300, ['unsigned long']],
+    'CloseDone' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x300, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x300, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x300, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x304, ['unsigned long']],
+    'ParentLocked' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x308, ['pointer', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x30c, ['unsigned long']],
+    'DiskIoAttributionUserRefCount' : [ 0x310, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x314, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x318, ['pointer', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x318, ['pointer', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x31c, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x330, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x34c, ['long']],
+    'VolumeIoControlTree' : [ 0x350, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x358, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x360, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x364, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x368, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x36c, ['unsigned long']],
+    'LastThrottledIoTime' : [ 0x370, ['unsigned long long']],
+    'IoControlLock' : [ 0x378, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x37c, ['unsigned long']],
+    'RundownWorkItem' : [ 0x380, ['_WORK_QUEUE_ITEM']],
+    'PartitionObject' : [ 0x390, ['pointer', ['void']]],
+    'PartitionOwnerJob' : [ 0x394, ['pointer', ['_EJOB']]],
+    'EnergyTrackingState' : [ 0x398, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MDL']]],
+    'Size' : [ 0x4, ['short']],
+    'MdlFlags' : [ 0x6, ['short']],
+    'Process' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0xc, ['pointer', ['void']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'ByteCount' : [ 0x14, ['unsigned long']],
+    'ByteOffset' : [ 0x18, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x68, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x5c, ['pointer', ['void']]],
+    'UserContext' : [ 0x60, ['pointer', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0x80, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x8, ['pointer', ['_VPB']]],
+    'FsContext' : [ 0xc, ['pointer', ['void']]],
+    'FsContext2' : [ 0x10, ['pointer', ['void']]],
+    'SectionObjectPointer' : [ 0x14, ['pointer', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x18, ['pointer', ['void']]],
+    'FinalStatus' : [ 0x1c, ['long']],
+    'RelatedFileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x24, ['unsigned char']],
+    'DeletePending' : [ 0x25, ['unsigned char']],
+    'ReadAccess' : [ 0x26, ['unsigned char']],
+    'WriteAccess' : [ 0x27, ['unsigned char']],
+    'DeleteAccess' : [ 0x28, ['unsigned char']],
+    'SharedRead' : [ 0x29, ['unsigned char']],
+    'SharedWrite' : [ 0x2a, ['unsigned char']],
+    'SharedDelete' : [ 0x2b, ['unsigned char']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x40, ['unsigned long']],
+    'Busy' : [ 0x44, ['unsigned long']],
+    'LastLock' : [ 0x48, ['pointer', ['void']]],
+    'Lock' : [ 0x4c, ['_KEVENT']],
+    'Event' : [ 0x5c, ['_KEVENT']],
+    'CompletionContext' : [ 0x6c, ['pointer', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0x70, ['unsigned long']],
+    'IrpList' : [ 0x74, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x4, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x38, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0x8, ['unsigned long']],
+    'CurrentFileIndex' : [ 0x8, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+    'FirstFileEntry' : [ 0x28, ['pointer', ['unsigned long']]],
+    'Process' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer', ['unsigned long']]],
+    'LastPageFrameEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x1b0, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0xc, ['pointer', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x10, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x28, ['pointer', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x2c, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x38, ['pointer', ['pointer', ['void']]]],
+    'Oplock' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedForRemote' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedContext' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_iobuf' : [ 0x20, {
+    '_ptr' : [ 0x0, ['pointer', ['unsigned char']]],
+    '_cnt' : [ 0x4, ['long']],
+    '_base' : [ 0x8, ['pointer', ['unsigned char']]],
+    '_flag' : [ 0xc, ['long']],
+    '_file' : [ 0x10, ['long']],
+    '_charbuf' : [ 0x14, ['long']],
+    '_bufsiz' : [ 0x18, ['long']],
+    '_tmpfname' : [ 0x1c, ['pointer', ['unsigned char']]],
+} ],
+  '_RTL_HASH_TABLE' : [ 0xc, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x8, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0xc, {
+    'Hash' : [ 0x0, ['pointer', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x4, ['pointer', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x10, {
+    'Table' : [ 0x0, ['pointer', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x4, ['unsigned long']],
+    'EntryMax' : [ 0x8, ['unsigned long']],
+    'EntryCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x4, {
+    'Key' : [ 0x0, ['unsigned long']],
+} ],
+  '_TlgProvider_t' : [ 0x30, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x4, ['pointer', ['unsigned short']]],
+    'KeywordAny' : [ 0x8, ['unsigned long long']],
+    'KeywordAll' : [ 0x10, ['unsigned long long']],
+    'RegHandle' : [ 0x18, ['unsigned long long']],
+    'EnableCallback' : [ 0x20, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x24, ['pointer', ['void']]],
+    'AnnotationFunc' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '__unnamed_16b1' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'HighLow' : [ 0x0, ['_MMPTE_HIGHLOW']],
+    'Flush' : [ 0x0, ['_HARDWARE_PTE']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_16b1']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0xc, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x4, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0x8, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x8, ['pointer', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'ReservedLowFlags' : [ 0xe, ['unsigned char']],
+    'WaiterPriority' : [ 0xf, ['unsigned char']],
+    'SharedWaiters' : [ 0x10, ['pointer', ['void']]],
+    'ExclusiveWaiters' : [ 0x14, ['pointer', ['void']]],
+    'OwnerEntry' : [ 0x18, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0xc, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x14, {
+    'Total' : [ 0x0, ['unsigned long']],
+    'ListName' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x8, ['unsigned long']],
+    'Blink' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x30, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0xc, ['pointer', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x10, ['pointer', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x14, ['unsigned long']],
+    'NumberOfReferences' : [ 0x18, ['unsigned long']],
+    'CloneHeader' : [ 0x1c, ['pointer', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x20, ['unsigned long']],
+    'DeleteList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'NestingLevel' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_16f4' : [ 0x4, {
+    'NextSlistPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x0, ['_MI_ACTIVE_PFN']],
+} ],
+  '__unnamed_16f9' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_16fb' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_16fd' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_16f9']],
+    'e4' : [ 0x0, ['__unnamed_16fb']],
+} ],
+  '__unnamed_1702' : [ 0x4, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 27, native_type='unsigned long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPFN' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_16f4']],
+    'PteAddress' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'VolatilePteAddress' : [ 0x4, ['pointer', ['void']]],
+    'PteLong' : [ 0x4, ['unsigned long']],
+    'OriginalPte' : [ 0x8, ['_MMPTE']],
+    'u2' : [ 0x10, ['_MIPFNBLINK']],
+    'u3' : [ 0x14, ['__unnamed_16fd']],
+    'u4' : [ 0x18, ['__unnamed_1702']],
+} ],
+  '__unnamed_170d' : [ 0x4, {
+    'ImageCommitment' : [ 0x0, ['unsigned long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1711' : [ 0x4, {
+    'ImageInformation' : [ 0x0, ['pointer', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x20, ['__unnamed_170d']],
+    'u2' : [ 0x24, ['__unnamed_1711']],
+    'PrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_1716' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_171e' : [ 0xc, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'LargePage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 23, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_1720' : [ 0xc, {
+    'e2' : [ 0x0, ['__unnamed_171e']],
+} ],
+  '__unnamed_1725' : [ 0x4, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 20, native_type='unsigned long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x50, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'ListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'NumberOfSectionReferences' : [ 0xc, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x10, ['unsigned long']],
+    'NumberOfMappedViews' : [ 0x14, ['unsigned long']],
+    'NumberOfUserReferences' : [ 0x18, ['unsigned long']],
+    'u' : [ 0x1c, ['__unnamed_1716']],
+    'FilePointer' : [ 0x20, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x24, ['long']],
+    'ModifiedWriteCount' : [ 0x28, ['unsigned long']],
+    'WaitList' : [ 0x2c, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x30, ['__unnamed_1720']],
+    'FileObjectLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x40, ['unsigned long long']],
+    'u3' : [ 0x48, ['__unnamed_1725']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x34, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'BasePte' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'VaType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSpecialPoolNonPaged', 14: u'MiVaSystemPtesLarge', 15: u'MiVaKernelStacks', 16: u'MiVaMaximumType'})]],
+    'FailureCount' : [ 0x14, ['pointer', ['unsigned long']]],
+    'PteFailures' : [ 0x18, ['unsigned long']],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'GlobalPushLock' : [ 0x1c, ['pointer', ['_EX_PUSH_LOCK']]],
+    'TotalSystemPtes' : [ 0x20, ['unsigned long']],
+    'Hint' : [ 0x24, ['unsigned long']],
+    'LowestBitEverAllocated' : [ 0x28, ['unsigned long']],
+    'CachedPtes' : [ 0x2c, ['pointer', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x30, ['unsigned long']],
+} ],
+  '__unnamed_1744' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+    'VolatileVadLong' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1747' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x28, {
+    'NextVad' : [ 0x0, ['pointer', ['_MMVAD_SHORT']]],
+    'ExtraCreateInfo' : [ 0x4, ['pointer', ['void']]],
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x1c, ['__unnamed_1744']],
+    'u1' : [ 0x20, ['__unnamed_1747']],
+    'EventList' : [ 0x24, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x4, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 28, native_type='unsigned long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireKey' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PARTITION' : [ 0x1b80, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0xe8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x2b8, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x340, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x540, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0xdc0, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0xe40, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0xe80, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0xf58, ['pointer', ['void']]],
+    'WorkingSetExpansionHead' : [ 0xf5c, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0xf80, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_EPARTITION' : [ 0x40, {
+    'MmPartition' : [ 0x0, ['pointer', ['void']]],
+    'CcPartition' : [ 0x4, ['pointer', ['void']]],
+    'ExPartition' : [ 0x8, ['pointer', ['void']]],
+    'HardReferenceCount' : [ 0xc, ['long']],
+    'OpenHandleCount' : [ 0x10, ['long']],
+    'ActivePartitionLinks' : [ 0x14, ['_LIST_ENTRY']],
+    'ParentPartition' : [ 0x1c, ['pointer', ['_EPARTITION']]],
+    'TeardownWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'TeardownLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'SystemProcess' : [ 0x34, ['pointer', ['_EPROCESS']]],
+    'SystemProcessHandle' : [ 0x38, ['pointer', ['void']]],
+    'PartitionFlags' : [ 0x3c, ['unsigned long']],
+    'PairedWithJob' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '_HHIVE' : [ 0x400, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x4, ['pointer', ['void']]],
+    'ReleaseCellRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Allocate' : [ 0xc, ['pointer', ['void']]],
+    'Free' : [ 0x10, ['pointer', ['void']]],
+    'FileWrite' : [ 0x14, ['pointer', ['void']]],
+    'FileRead' : [ 0x18, ['pointer', ['void']]],
+    'HiveLoadFailure' : [ 0x1c, ['pointer', ['void']]],
+    'BaseBlock' : [ 0x20, ['pointer', ['_HBASE_BLOCK']]],
+    'FlusherLock' : [ 0x24, ['_CMSI_RW_LOCK']],
+    'WriterLock' : [ 0x28, ['_CMSI_RW_LOCK']],
+    'DirtyVector' : [ 0x2c, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x34, ['unsigned long']],
+    'DirtyAlloc' : [ 0x38, ['unsigned long']],
+    'UnreconciledVector' : [ 0x3c, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x44, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x48, ['unsigned long']],
+    'Cluster' : [ 0x4c, ['unsigned long']],
+    'Flat' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x51, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x54, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x58, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x5c, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x60, ['unsigned long']],
+    'HiveFlags' : [ 0x64, ['unsigned long']],
+    'CurrentLog' : [ 0x68, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x6c, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x70, ['unsigned long']],
+    'CurrentLogOffset' : [ 0x74, ['unsigned long']],
+    'MinimumLogSequence' : [ 0x78, ['unsigned long']],
+    'LogFileSizeCap' : [ 0x7c, ['unsigned long']],
+    'LogDataPresent' : [ 0x80, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0x82, ['unsigned char']],
+    'BaseBlockDirty' : [ 0x83, ['unsigned char']],
+    'LastLogSwapTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0x90, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0x90, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0x90, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0x90, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0x90, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0x90, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0x92, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0x94, ['unsigned long']],
+    'StorageTypeCount' : [ 0x98, ['unsigned long']],
+    'Version' : [ 0x9c, ['unsigned long']],
+    'ViewMap' : [ 0xa0, ['_HVP_VIEW_MAP']],
+    'Storage' : [ 0xc8, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0xb0, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SpareExtFlag' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0xc, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0x14, ['unsigned long']],
+    'KcbPushlock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x1c, ['pointer', ['_KTHREAD']]],
+    'SharedCount' : [ 0x1c, ['long']],
+    'DelayedDeref' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x20, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x20, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x21, ['unsigned char']],
+    'LayerHeight' : [ 0x22, ['short']],
+    'ParentKcb' : [ 0x24, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x28, ['pointer', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x2c, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x30, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x38, ['pointer', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x38, ['unsigned long']],
+    'SubKeyCount' : [ 0x38, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x3c, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x3c, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x44, ['array', 4, ['pointer', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0x60, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0x62, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0x64, ['unsigned long']],
+    'KcbUserFlags' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'LayerInfo' : [ 0x6c, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'KCBUoWListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'Stolen' : [ 0x78, ['pointer', ['unsigned char']]],
+    'TransKCBOwner' : [ 0x80, ['pointer', ['_CM_TRANS']]],
+    'KCBLock' : [ 0x84, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x8c, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x94, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x9c, ['pointer', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0xa0, ['pointer', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0xa0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0xa0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0xa8, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x8, ['pointer', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0xc, ['pointer', ['void']]],
+    'KeyBodyList' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x18, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x20, ['pointer', ['_GUID']]],
+    'ContextListHead' : [ 0x24, ['_LIST_ENTRY']],
+    'EnumerationResumeContext' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x10, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x4, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0xc, ['unsigned short']],
+    'Name' : [ 0xe, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x10, {
+    'ClientToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x8, ['pointer', ['void']]],
+    'ProcessAuditId' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_CMHIVE' : [ 0xc00, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x400, ['array', 6, ['pointer', ['void']]]],
+    'NotifyList' : [ 0x418, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x420, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x428, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x430, ['_EX_RUNDOWN_REF']],
+    'KcbCacheTable' : [ 0x434, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x438, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x43c, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x440, ['unsigned long']],
+    'Identity' : [ 0x444, ['unsigned long']],
+    'HiveLock' : [ 0x448, ['_CMSI_RW_LOCK']],
+    'FlushDirtyVector' : [ 0x44c, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x454, ['unsigned long']],
+    'FlushLogEntry' : [ 0x458, ['pointer', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0x45c, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x460, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x464, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x468, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x470, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x474, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x478, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x47c, ['pointer', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x480, ['_EX_PUSH_LOCK']],
+    'LastShrinkHiveSize' : [ 0x484, ['unsigned long']],
+    'ActualFileSize' : [ 0x488, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x490, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x4a0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x4a8, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x4b0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x4b8, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x4bc, ['unsigned long']],
+    'SecurityHitHint' : [ 0x4c0, ['long']],
+    'SecurityCache' : [ 0x4c4, ['pointer', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x4c8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0x6c8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x6cc, ['pointer', ['pointer', ['_KEVENT']]]],
+    'RootKcb' : [ 0x6d0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x6d4, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x6d8, ['pointer', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x6dc, ['_CM_WORKITEM']],
+    'DirtyVectorLog' : [ 0x6f0, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x978, ['unsigned long']],
+    'TrustClassEntry' : [ 0x97c, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x988, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x990, ['unsigned long long']],
+    'CmRm' : [ 0x998, ['pointer', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x99c, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x9a0, ['long']],
+    'CreatorOwner' : [ 0x9a4, ['pointer', ['_KTHREAD']]],
+    'RundownThread' : [ 0x9a8, ['pointer', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x9b0, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x9b8, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x9c4, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x9d0, ['unsigned long']],
+    'FlushActive' : [ 0x9d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0x9d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0x9d0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x9d0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x9d4, ['unsigned long']],
+    'ReferenceCount' : [ 0x9d8, ['long']],
+    'UnloadHistoryIndex' : [ 0x9dc, ['long']],
+    'UnloadHistory' : [ 0x9e0, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0xbe0, ['unsigned long']],
+    'UnaccessedStart' : [ 0xbe4, ['unsigned long']],
+    'UnaccessedEnd' : [ 0xbe8, ['unsigned long']],
+    'LoadedKeyCount' : [ 0xbec, ['unsigned long']],
+    'HandleClosePending' : [ 0xbf0, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0xbf4, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0xbf8, ['unsigned char']],
+    'VolumeContext' : [ 0xbfc, ['pointer', ['_CMP_VOLUME_CONTEXT']]],
+} ],
+  '__unnamed_1801' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmCreateHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread', 23: u'_CmpCheckLeaf', 24: u'_HvHiveStartFileBacked', 25: u'_HvStartHiveMemoryBacked', 26: u'_HvpEnlistFreeCells', 27: u'_HvpPerformLogFileRecovery'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1804' : [ 0xc, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x4, ['pointer', ['void']]],
+    'Status' : [ 0x8, ['long']],
+} ],
+  '__unnamed_1806' : [ 0x4, {
+    'CheckStack' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1808' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x4, ['pointer', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x8, ['pointer', ['void']]],
+    'Index' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_180a' : [ 0x10, {
+    'List' : [ 0x0, ['pointer', ['_CELL_DATA']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Cell' : [ 0x8, ['unsigned long']],
+    'CellPoint' : [ 0xc, ['pointer', ['_CELL_DATA']]],
+} ],
+  '__unnamed_180e' : [ 0xc, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer', ['_HBIN']]],
+} ],
+  '__unnamed_1812' : [ 0x8, {
+    'Bin' : [ 0x0, ['pointer', ['_HBIN']]],
+    'CellPoint' : [ 0x4, ['pointer', ['_HCELL']]],
+} ],
+  '__unnamed_1814' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x11c, {
+    'Hive' : [ 0x0, ['pointer', ['_HHIVE']]],
+    'Index' : [ 0x4, ['unsigned short']],
+    'RecoverableIndex' : [ 0x6, ['unsigned short']],
+    'Locations' : [ 0x8, ['array', 8, ['__unnamed_1801']]],
+    'RecoverableLocations' : [ 0x68, ['array', 8, ['__unnamed_1801']]],
+    'RegistryIO' : [ 0xc8, ['__unnamed_1804']],
+    'CheckRegistry2' : [ 0xd4, ['__unnamed_1806']],
+    'CheckKey' : [ 0xd8, ['__unnamed_1808']],
+    'CheckValueList' : [ 0xe8, ['__unnamed_180a']],
+    'CheckHive' : [ 0xf8, ['__unnamed_180e']],
+    'CheckHive1' : [ 0x104, ['__unnamed_180e']],
+    'CheckBin' : [ 0x110, ['__unnamed_1812']],
+    'RecoverData' : [ 0x118, ['__unnamed_1814']],
+} ],
+  '_CM_KCB_UOW' : [ 0x40, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x8, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0xc, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x18, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x1c, ['pointer', ['_CM_TRANS']]],
+    'UoWState' : [ 0x20, ['unsigned long']],
+    'ActionType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ParentUoW' : [ 0x2c, ['pointer', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x30, ['unsigned long']],
+    'OldValueCell' : [ 0x30, ['unsigned long']],
+    'NewValueCell' : [ 0x34, ['unsigned long']],
+    'UserFlags' : [ 0x30, ['unsigned long']],
+    'LastWriteTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x34, ['unsigned long']],
+    'OldChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x34, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x34, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x38, ['pointer', ['void']]],
+    'SecurityData' : [ 0x38, ['pointer', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x38, ['pointer', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x38, ['pointer', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x3c, ['pointer', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x3c, ['pointer', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0x70, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x18, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x18, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x18, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x18, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x18, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x18, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x18, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x18, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x18, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x18, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x18, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x18, ['unsigned long']],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x20, ['pointer', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x24, ['pointer', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x28, ['pointer', ['void']]],
+    'KtmUow' : [ 0x2c, ['_GUID']],
+    'StartLsn' : [ 0x40, ['unsigned long long']],
+    'HiveCount' : [ 0x48, ['unsigned long']],
+    'HiveArray' : [ 0x4c, ['array', 8, ['pointer', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x8, ['unsigned long']],
+    'Counters' : [ 0xc, ['pointer', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x8, {
+    'Data' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['unsigned long']]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x175, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapVirtualAffinity' : [ 0xfa8, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0xfaa, ['unsigned short']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['unsigned long long']]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x281, ['array', 11, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'Padding1' : [ 0x2ed, ['array', 3, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapVirtualAffinity' : [ 0x17b0, ['unsigned short']],
+    'LowFragHeapDataSlot' : [ 0x17b2, ['unsigned short']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SyntheticTimeUnhaltedTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'S1DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'AccessRootSchedulerReg' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x1840, {
+    'TimerExpiry' : [ 0x0, ['array', 16, ['pointer', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x40, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Entry' : [ 0x4, ['_LIST_ENTRY']],
+    'Time' : [ 0x10, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x20, {
+    'Reserved1' : [ 0x0, ['long long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+    'Prev' : [ 0xc, ['pointer', ['_XSTATE_SAVE']]],
+    'Reserved3' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Thread' : [ 0x14, ['pointer', ['_KTHREAD']]],
+    'Reserved4' : [ 0x18, ['pointer', ['void']]],
+    'Level' : [ 0x1c, ['unsigned char']],
+    'XStateContext' : [ 0x0, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x140, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'ReadySummary' : [ 0x4, ['unsigned long']],
+    'ReadyListHead' : [ 0x8, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x108, ['array', 32, ['unsigned char']]],
+    'Span' : [ 0x128, ['unsigned char']],
+    'LowProcIndex' : [ 0x129, ['unsigned char']],
+    'QueueIndex' : [ 0x12a, ['unsigned char']],
+    'ProcCount' : [ 0x12b, ['unsigned char']],
+    'ScanOwner' : [ 0x12c, ['unsigned char']],
+    'Spare' : [ 0x12d, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x130, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x134, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KAFFINITY_EX' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0xc, {
+    'Affinity' : [ 0x0, ['pointer', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x4, ['unsigned long']],
+    'CurrentIndex' : [ 0x8, ['unsigned short']],
+} ],
+  '__unnamed_194e' : [ 0x4, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1950' : [ 0x4, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1954' : [ 0x10, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0xc, ['pointer', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x1d4, {
+    'Sibling' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x2c, ['long']],
+    'FxRemoveEvent' : [ 0x30, ['_KEVENT']],
+    'FxActivationCount' : [ 0x40, ['long']],
+    'FxSleepCount' : [ 0x44, ['long']],
+    'Plugin' : [ 0x48, ['pointer', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x4c, ['unsigned long']],
+    'CurrentPowerState' : [ 0x50, ['_POWER_STATE']],
+    'Notify' : [ 0x54, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x90, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0xa0, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0xa8, ['unsigned long']],
+    'State' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0xb0, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0xb4, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x104, ['unsigned long']],
+    'CompletionStatus' : [ 0x108, ['long']],
+    'Flags' : [ 0x10c, ['unsigned long']],
+    'UserFlags' : [ 0x110, ['unsigned long']],
+    'Problem' : [ 0x114, ['unsigned long']],
+    'ProblemStatus' : [ 0x118, ['long']],
+    'ResourceList' : [ 0x11c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x120, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x124, ['pointer', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x128, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x130, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x134, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x138, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x13c, ['unsigned short']],
+    'RemovalPolicy' : [ 0x13e, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x13f, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x140, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x148, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x150, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x158, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x15a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x15c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x15e, ['unsigned short']],
+    'OverUsed1' : [ 0x160, ['__unnamed_194e']],
+    'OverUsed2' : [ 0x164, ['__unnamed_1950']],
+    'BootResources' : [ 0x168, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x16c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x170, ['unsigned long']],
+    'DockInfo' : [ 0x174, ['__unnamed_1954']],
+    'DisableableDepends' : [ 0x184, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x188, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x190, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x198, ['unsigned long']],
+    'PreviousParent' : [ 0x19c, ['pointer', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x1a0, ['long']],
+    'NumaNodeIndex' : [ 0x1a4, ['unsigned long']],
+    'ContainerID' : [ 0x1a8, ['_GUID']],
+    'OverrideFlags' : [ 0x1b8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x1bc, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x1c0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x1c4, ['pointer', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x1c8, ['unsigned long']],
+    'RebalanceContext' : [ 0x1cc, ['pointer', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+    'IommuExtension' : [ 0x1d0, ['pointer', ['_DEVICE_NODE_IOMMU_EXTENSION']]],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x38, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x2c, ['pointer', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x30, ['pointer', ['unsigned long long']]],
+    'EnableLevel' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x2c, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x8, ['unsigned long']],
+    'CompletedList' : [ 0xc, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x14, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x28, ['unsigned long']],
+} ],
+  '_KSEMAPHORE' : [ 0x14, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x10, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x38, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x8, ['unsigned long']],
+    'Dope' : [ 0xc, ['pointer', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x10, ['unsigned long']],
+    'DeviceNode' : [ 0x14, ['pointer', ['void']]],
+    'AttachedTo' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x1c, ['long']],
+    'StartIoKey' : [ 0x20, ['long']],
+    'StartIoFlags' : [ 0x24, ['unsigned long']],
+    'Vpb' : [ 0x28, ['pointer', ['_VPB']]],
+    'DependencyNode' : [ 0x2c, ['pointer', ['void']]],
+    'InterruptContext' : [ 0x30, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0xc, {
+    'Mask' : [ 0x0, ['unsigned long']],
+    'Group' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['array', 3, ['unsigned short']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0xc, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x28, {
+    'PhysicalDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'AllocationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0xc, ['unsigned long']],
+    'Position' : [ 0x10, ['unsigned long']],
+    'ResourceRequirements' : [ 0x14, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x18, ['pointer', ['void']]],
+    'ResourceAssignment' : [ 0x1c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x20, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x24, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1a49' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1a49']],
+} ],
+  '__unnamed_1a50' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1a50']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_X86_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'ParameterBlockOffset' : [ 0xc, ['unsigned long']],
+    'ParameterBlockLength' : [ 0x10, ['unsigned long']],
+    'DataSetRangesOffset' : [ 0x14, ['unsigned long']],
+    'DataSetRangesLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_DATA_SET_RANGE' : [ 0x10, {
+    'StartingOffset' : [ 0x0, ['long long']],
+    'LengthInBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DEVICE_DSM_DEFINITION' : [ 0x1c, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'SingleRange' : [ 0x4, ['unsigned char']],
+    'ParameterBlockAlignment' : [ 0x8, ['unsigned long']],
+    'ParameterBlockLength' : [ 0xc, ['unsigned long']],
+    'HasOutput' : [ 0x10, ['unsigned char']],
+    'OutputBlockAlignment' : [ 0x14, ['unsigned long']],
+    'OutputBlockLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES_OUTPUT' : [ 0x24, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'OperationStatus' : [ 0xc, ['unsigned long']],
+    'ExtendedError' : [ 0x10, ['unsigned long']],
+    'TargetDetailedError' : [ 0x14, ['unsigned long']],
+    'ReservedStatus' : [ 0x18, ['unsigned long']],
+    'OutputBlockOffset' : [ 0x1c, ['unsigned long']],
+    'OutputBlockLength' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x14, ['pointer', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x30, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x1c, ['pointer', ['unsigned short']]],
+    'PinCount' : [ 0x20, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x22, ['unsigned char']],
+    'ResourceSourceName' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x28, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x20, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'SlaveAddress' : [ 0x1c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x18, ['unsigned long']],
+    'RxBufferSize' : [ 0x1c, ['unsigned short']],
+    'TxBufferSize' : [ 0x1e, ['unsigned short']],
+    'Parity' : [ 0x20, ['unsigned char']],
+    'LinesInUse' : [ 0x21, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'DataBitLength' : [ 0x1c, ['unsigned char']],
+    'Phase' : [ 0x1d, ['unsigned char']],
+    'Polarity' : [ 0x1e, ['unsigned char']],
+    'DeviceSelection' : [ 0x20, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x100, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x14, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x18, ['pointer', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x1c, ['pointer', ['void']]],
+    'Accounting' : [ 0x20, ['pointer', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'DeepSleepEnabled' : [ 0x24, ['unsigned char']],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_POP_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x1c8, {
+    'Name' : [ 0x0, ['pointer', ['wchar']]],
+    'Id' : [ 0x4, ['unsigned char']],
+    'Guid' : [ 0x8, ['_GUID']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Priority' : [ 0x1c, ['unsigned char']],
+    'Settings' : [ 0x20, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x1a0, ['unsigned long long']],
+    'Count' : [ 0x1a8, ['unsigned long long']],
+    'MaxDuration' : [ 0x1b0, ['unsigned long long']],
+    'MinDuration' : [ 0x1b8, ['unsigned long long']],
+    'TotalDuration' : [ 0x1c0, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xc0, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x44, ['unsigned long']],
+    'AutonomousPreference' : [ 0x48, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x49, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4b, ['array', 2, ['unsigned char']]],
+    'DutyCycling' : [ 0x4d, ['unsigned char']],
+    'ParkingPerfState' : [ 0x4e, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x50, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x51, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x52, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x53, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x54, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x55, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x56, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x58, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x5c, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x60, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x62, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x64, ['unsigned char']],
+    'IdleDisabled' : [ 0x65, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x68, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x6c, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x6d, ['unsigned char']],
+    'IdleStateMax' : [ 0x6e, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x6f, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x70, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x71, ['array', 32, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x91, ['array', 32, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xb1, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xb2, ['unsigned char']],
+    'ThreadPolicies' : [ 0xb4, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuPolicyAll', 1: u'KHeteroCpuPolicyLarge', 2: u'KHeteroCpuPolicyLargeOrIdle', 3: u'KHeteroCpuPolicySmall', 4: u'KHeteroCpuPolicySmallOrIdle', 5: u'KHeteroCpuPolicyStaticMax', 6: u'KHeteroCpuPolicyBiasedSmall', 7: u'KHeteroCpuPolicyBiasedLarge', 8: u'KHeteroCpuPolicyDefault', 9: u'KHeteroCpuPolicyMax'})]]],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x2a0, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x1a4, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x1c0, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x1f0, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x1f4, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x1f8, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x1fc, ['pointer', ['void']]],
+    'HardErrorState' : [ 0x200, ['unsigned long']],
+    'WnfSiloState' : [ 0x208, ['_WNF_SILODRIVERSTATE']],
+    'DbgkSiloState' : [ 0x238, ['_DBGK_SILOSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x248, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x250, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x258, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x25c, ['pointer', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x260, ['unsigned char']],
+    'NtSystemRoot' : [ 0x264, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x26c, ['_UNICODE_STRING']],
+    'Storage' : [ 0x274, ['pointer', ['_PSP_STORAGE']]],
+    'State' : [ 0x278, ['Enumeration', dict(target = 'long', choices = {0: u'SERVERSILO_INITING', 1: u'SERVERSILO_STARTED', 2: u'SERVERSILO_SHUTTING_DOWN', 3: u'SERVERSILO_TERMINATING', 4: u'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x27c, ['long']],
+    'DeleteEvent' : [ 0x280, ['pointer', ['_KEVENT']]],
+    'UserSharedData' : [ 0x284, ['pointer', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x288, ['pointer', ['void']]],
+    'TerminateWorkItem' : [ 0x28c, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SIrpBlocked' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BlockFastResume' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x90, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x14, ['unsigned long']],
+    'LogHandleContext' : [ 0x18, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0x84, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0x88, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x178, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x28, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x30, ['array', 4, ['pointer', ['_VACB']]]],
+    'Vacbs' : [ 0x40, ['pointer', ['pointer', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x44, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x4c, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'Flags' : [ 0x60, ['unsigned long']],
+    'Status' : [ 0x64, ['long']],
+    'Mbcb' : [ 0x68, ['pointer', ['_MBCB']]],
+    'Section' : [ 0x6c, ['pointer', ['void']]],
+    'CreateEvent' : [ 0x70, ['pointer', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0x74, ['pointer', ['_KEVENT']]],
+    'PagesToWrite' : [ 0x78, ['unsigned long']],
+    'BeyondLastFlush' : [ 0x80, ['long long']],
+    'Callbacks' : [ 0x88, ['pointer', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0x8c, ['pointer', ['void']]],
+    'PrivateList' : [ 0x90, ['_LIST_ENTRY']],
+    'V1' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0xa0, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0xa8, ['unsigned long']],
+    'LazyWritePassCount' : [ 0xac, ['unsigned long']],
+    'UninitializeEvent' : [ 0xb0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0xb4, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0xd8, ['_LARGE_INTEGER']],
+    'Event' : [ 0xe0, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0xf8, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x160, ['pointer', ['void']]],
+    'VolumeCacheMap' : [ 0x164, ['pointer', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x168, ['unsigned long']],
+    'WritesInProgress' : [ 0x16c, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x170, ['unsigned long']],
+    'Partition' : [ 0x174, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '__unnamed_1b6d' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x8, ['__unnamed_1b6d']],
+    'ArrayHead' : [ 0x10, ['pointer', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x280, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'PartitionObject' : [ 0x4, ['pointer', ['_EPARTITION']]],
+    'CleanSharedCacheMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0x18, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriteCursor' : [ 0x24, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0x30, ['_LIST_ENTRY']],
+    'PrivateLock' : [ 0x40, ['unsigned long']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0x44, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0x48, ['unsigned char']],
+    'WorkQueueLock' : [ 0x80, ['unsigned long']],
+    'NumberWorkerThreads' : [ 0x84, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0x88, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0x8c, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0x94, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0x9c, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0xa4, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0xac, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0xb4, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0xbc, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0xc0, ['unsigned long']],
+    'QueueThrottle' : [ 0xc4, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0xc8, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0xcc, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0xd0, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0xd4, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0xd8, ['unsigned long']],
+    'LowMemoryEvent' : [ 0xdc, ['_KEVENT']],
+    'PowerEvent' : [ 0xec, ['_KEVENT']],
+    'PeriodicEvent' : [ 0xfc, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x10c, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x11c, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x12c, ['unsigned long']],
+    'LazyWriter' : [ 0x130, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x180, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x190, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x1b8, ['pointer', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x1bc, ['long']],
+    'AverageAvailablePages' : [ 0x1c0, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x1c8, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x1d0, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x1e8, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x1e9, ['unsigned char']],
+    'DeferredWrites' : [ 0x1ec, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x200, ['unsigned long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x204, ['pointer', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x208, ['pointer', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x20c, ['pointer', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x210, ['pointer', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x214, ['pointer', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x218, ['pointer', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x21c, ['pointer', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x220, ['_EX_PUSH_LOCK']],
+    'VacbFreeHighPriorityList' : [ 0x224, ['_LIST_ENTRY']],
+    'NumberOfFreeHighPriorityVacbs' : [ 0x22c, ['unsigned long']],
+    'LowPriWorkerThread' : [ 0x230, ['pointer', ['_ETHREAD']]],
+    'LowPriSharedCacheMap' : [ 0x234, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'LowPriOldCpuPriority' : [ 0x238, ['long']],
+    'LowPriOldIoPriority' : [ 0x23c, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+    'LowPriorityWorkerThreadLock' : [ 0x240, ['_EX_PUSH_LOCK']],
+    'MaxNumberOfWriteBehindThreads' : [ 0x244, ['unsigned long']],
+    'CoalescingState' : [ 0x248, ['unsigned char']],
+    'ActivePartition' : [ 0x249, ['unsigned char']],
+    'RundownPhase' : [ 0x24a, ['unsigned char']],
+    'RefCount' : [ 0x24c, ['long']],
+    'ExitEvent' : [ 0x250, ['_KEVENT']],
+    'FinalDereferenceEvent' : [ 0x260, ['_KEVENT']],
+    'LazyWriteScanThreadHandle' : [ 0x270, ['pointer', ['void']]],
+} ],
+  '__unnamed_1b93' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1b95' : [ 0x4, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1b97' : [ 0x4, {
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+} ],
+  '__unnamed_1b99' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1b9b' : [ 0x1c, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x4, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x8, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_1b9f' : [ 0x40, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'PrefetchList' : [ 0x18, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x1c, ['unsigned long']],
+    'Mdl' : [ 0x20, ['pointer', ['_MDL']]],
+    'IoStatusBlock' : [ 0x24, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x34, ['pointer', ['void']]],
+    'RequestorMode' : [ 0x38, ['unsigned char']],
+    'NestingLevel' : [ 0x3c, ['unsigned long']],
+} ],
+  '__unnamed_1ba1' : [ 0x40, {
+    'Read' : [ 0x0, ['__unnamed_1b93']],
+    'Write' : [ 0x0, ['__unnamed_1b95']],
+    'Event' : [ 0x0, ['__unnamed_1b97']],
+    'Notification' : [ 0x0, ['__unnamed_1b99']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1b9b']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1b9f']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x50, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x8, ['__unnamed_1ba1']],
+    'Function' : [ 0x48, ['unsigned char']],
+    'Partition' : [ 0x4c, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x28, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x8, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'PostRoutine' : [ 0x18, ['pointer', ['void']]],
+    'Context1' : [ 0x1c, ['pointer', ['void']]],
+    'Context2' : [ 0x20, ['pointer', ['void']]],
+    'Partition' : [ 0x24, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0xc, {
+    'DataSectionObject' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['void']]],
+    'ImageSectionObject' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x18, {
+    'Callback' : [ 0x0, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0x4, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x10, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x8, ['pointer', ['void']]],
+    'VacbLevelsAllocated' : [ 0xc, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x68, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x8, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0xc, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x18, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x40, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x44, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x48, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x50, ['pointer', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x54, ['unsigned long']],
+    'LastLWTimeStamp' : [ 0x58, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x60, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0x88, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x18, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x20, ['long long']],
+    'BitmapRange1' : [ 0x28, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x48, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x68, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x8, ['long long']],
+    'FirstDirtyPage' : [ 0x10, ['unsigned long']],
+    'LastDirtyPage' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'Bitmap' : [ 0x1c, ['pointer', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0xc, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x50, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x20, ['_KTIMER']],
+    'ScanActive' : [ 0x48, ['unsigned char']],
+    'OtherWork' : [ 0x49, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x4a, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x4b, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x4c, ['unsigned char']],
+    'PendingPowerScan' : [ 0x4d, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x4e, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x14, {
+    'Allocate' : [ 0x0, ['unsigned long']],
+    'Free' : [ 0x4, ['unsigned long']],
+    'Commit' : [ 0x8, ['unsigned long']],
+    'Decommit' : [ 0xc, ['unsigned long']],
+    'ExtendContext' : [ 0x10, ['unsigned long']],
+} ],
+  '_SEGMENT_HEAP_EXTRA' : [ 0x8, {
+    'AllocationTag' : [ 0x0, ['unsigned short']],
+    'InterceptorIndex' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UserFlags' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ExtraSizeInUnits' : [ 0x3, ['unsigned char']],
+    'Settable' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_RTL_CSPARSE_BITMAP' : [ 0x20, {
+    'CommitDirectory' : [ 0x0, ['unsigned long']],
+    'CommitBitmap' : [ 0x4, ['pointer', ['unsigned long']]],
+    'UserBitmap' : [ 0x8, ['pointer', ['unsigned long']]],
+    'BitCount' : [ 0xc, ['long']],
+    'BitmapLock' : [ 0x10, ['unsigned long']],
+    'DecommitPageIndex' : [ 0x14, ['unsigned long']],
+    'RtlpCSparseBitmapWakeLock' : [ 0x18, ['unsigned long']],
+    'LockType' : [ 0x1c, ['unsigned char']],
+    'AddressSpace' : [ 0x1d, ['unsigned char']],
+    'MemType' : [ 0x1e, ['unsigned char']],
+    'AllocAlignment' : [ 0x1f, ['unsigned char']],
+} ],
+  '_RTL_SPARSE_ARRAY' : [ 0x28, {
+    'Bitmap' : [ 0x0, ['_RTL_CSPARSE_BITMAP']],
+    'ElementCount' : [ 0x20, ['unsigned long']],
+    'ElementSizeShift' : [ 0x24, ['unsigned long']],
+} ],
+  '_HEAP_VAMGR_ALLOCATOR' : [ 0x1c, {
+    'TreeLock' : [ 0x0, ['unsigned long']],
+    'FreeRanges' : [ 0x4, ['_RTL_RB_TREE']],
+    'VaSpace' : [ 0xc, ['pointer', ['_HEAP_VAMGR_VASPACE']]],
+    'PartitionHandle' : [ 0x10, ['pointer', ['void']]],
+    'ChunksPerRegion' : [ 0x14, ['unsigned short']],
+    'RefCount' : [ 0x16, ['unsigned short']],
+    'AllocatorIndex' : [ 0x18, ['unsigned char']],
+    'NumaNode' : [ 0x19, ['unsigned char']],
+    'LockType' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MemoryType' : [ 0x1a, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'ConstrainedVA' : [ 0x1a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'AllowFreeHead' : [ 0x1a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare0' : [ 0x1a, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['unsigned char']],
+} ],
+  '_HEAP_VAMGR_VASPACE' : [ 0x30, {
+    'AddressSpaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'HeapAddressUser', 1: u'HeapAddressKernel', 2: u'HeapAddressSession', 3: u'HeapAddressTypeMax'})]],
+    'BaseAddress' : [ 0x4, ['unsigned long']],
+    'VaRangeArray' : [ 0x8, ['_RTL_SPARSE_ARRAY']],
+} ],
+  '_HEAP_VAMGR_RANGE' : [ 0x10, {
+    'RbNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Standalone' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'AllocatorIndex' : [ 0x1, ['unsigned char']],
+    'OwnerCtx' : [ 0x4, ['unsigned long']],
+    'Spare1' : [ 0x8, ['unsigned long']],
+    'SizeInChunks' : [ 0xc, ['unsigned long']],
+    'ChunkCount' : [ 0xc, ['unsigned short']],
+    'PrevChunkCount' : [ 0xe, ['unsigned short']],
+    'Signature' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTLP_HP_HEAP_MANAGER' : [ 0x1c6c, {
+    'Globals' : [ 0x0, ['pointer', ['_RTLP_HP_HEAP_GLOBALS']]],
+    'AllocTracker' : [ 0x4, ['_RTLP_HP_ALLOC_TRACKER']],
+    'VaMgr' : [ 0x28, ['_HEAP_VAMGR_CTX']],
+    'MetadataHeaps' : [ 0x1c44, ['array', 3, ['_RTLP_HP_METADATA_HEAP_CTX']]],
+    'SubAllocConfigs' : [ 0x1c5c, ['_RTL_HP_SUB_ALLOCATOR_CONFIGS']],
+} ],
+  '_RTLP_HP_ALLOC_TRACKER' : [ 0x24, {
+    'AllocTrackerBitmap' : [ 0x0, ['_RTL_CSPARSE_BITMAP']],
+    'BaseAddress' : [ 0x20, ['unsigned long']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x24, {
+    'ExtendedLookup' : [ 0x0, ['pointer', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x4, ['unsigned long']],
+    'ExtraItem' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x10, ['unsigned long']],
+    'BaseIndex' : [ 0x14, ['unsigned long']],
+    'ListHead' : [ 0x18, ['pointer', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'ListHints' : [ 0x20, ['pointer', ['pointer', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x248, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+    'Flags' : [ 0x40, ['unsigned long']],
+    'ForceFlags' : [ 0x44, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x48, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x4c, ['unsigned long']],
+    'Encoding' : [ 0x50, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x58, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x5c, ['unsigned long']],
+    'Signature' : [ 0x60, ['unsigned long']],
+    'SegmentReserve' : [ 0x64, ['unsigned long']],
+    'SegmentCommit' : [ 0x68, ['unsigned long']],
+    'DeCommitFreeBlockThreshold' : [ 0x6c, ['unsigned long']],
+    'DeCommitTotalFreeThreshold' : [ 0x70, ['unsigned long']],
+    'TotalFreeSize' : [ 0x74, ['unsigned long']],
+    'MaximumAllocationSize' : [ 0x78, ['unsigned long']],
+    'ProcessHeapsListIndex' : [ 0x7c, ['unsigned short']],
+    'HeaderValidateLength' : [ 0x7e, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0x80, ['pointer', ['void']]],
+    'NextAvailableTagIndex' : [ 0x84, ['unsigned short']],
+    'MaximumTagIndex' : [ 0x86, ['unsigned short']],
+    'TagEntries' : [ 0x88, ['pointer', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0x8c, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x94, ['unsigned long']],
+    'AlignMask' : [ 0x98, ['unsigned long']],
+    'VirtualAllocdBlocks' : [ 0x9c, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0xa4, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0xac, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0xb0, ['unsigned long']],
+    'BlocksIndex' : [ 0xb4, ['pointer', ['void']]],
+    'UCRIndex' : [ 0xb8, ['pointer', ['void']]],
+    'PseudoTagEntries' : [ 0xbc, ['pointer', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0xc0, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0xc8, ['pointer', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0xcc, ['pointer', ['void']]],
+    'StackTraceInitVar' : [ 0xd0, ['_RTL_RUN_ONCE']],
+    'FrontEndHeap' : [ 0xd4, ['pointer', ['void']]],
+    'FrontHeapLockCount' : [ 0xd8, ['unsigned short']],
+    'FrontEndHeapType' : [ 0xda, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0xdb, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0xdc, ['pointer', ['unsigned short']]],
+    'FrontEndHeapMaximumIndex' : [ 0xe0, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0xe2, ['array', 257, ['unsigned char']]],
+    'Counters' : [ 0x1e4, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x240, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1c9a' : [ 0x38, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x38, {
+    'Lock' : [ 0x0, ['__unnamed_1c9a']],
+} ],
+  '_HEAP_ENTRY' : [ 0x8, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x40, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x20, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x8, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x10, ['unsigned long']],
+    'ReserveSize' : [ 0x14, ['unsigned long']],
+    'BusyBlock' : [ 0x18, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x10, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+    'FreeList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_HP_PADDING_HEADER' : [ 0x8, {
+    'PaddingSize' : [ 0x0, ['unsigned long']],
+    'Spare' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1ced' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1cef' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1ced']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1cf1' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1cf3' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1cf1']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1cef']],
+    'u2' : [ 0x4, ['__unnamed_1cf3']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x24, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer', ['_BLOB_COUNTERS']]],
+    'CleanupProcedure' : [ 0x14, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x18, ['pointer', ['void']]],
+    'DestroyProcedure' : [ 0x1c, ['pointer', ['void']]],
+    'UsualSize' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_1d10' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1d12' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1d10']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x18, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'u1' : [ 0x8, ['__unnamed_1d12']],
+    'ResourceId' : [ 0x9, ['unsigned char']],
+    'CachedReferences' : [ 0xa, ['short']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Pad' : [ 0x10, ['unsigned long']],
+    'Lock' : [ 0x14, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1d26' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d28' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d26']],
+} ],
+  '_KALPC_SECTION' : [ 0x28, {
+    'SectionObject' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'HandleTable' : [ 0x8, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0xc, ['pointer', ['void']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x14, ['pointer', ['_ALPC_PORT']]],
+    'u1' : [ 0x18, ['__unnamed_1d28']],
+    'NumberOfRegions' : [ 0x1c, ['unsigned long']],
+    'RegionListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1d31' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d33' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d31']],
+} ],
+  '_KALPC_REGION' : [ 0x30, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x8, ['pointer', ['_KALPC_SECTION']]],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ViewSize' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_1d33']],
+    'NumberOfViews' : [ 0x1c, ['unsigned long']],
+    'ViewListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x28, ['pointer', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x2c, ['pointer', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1d39' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemSpace' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d3b' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d39']],
+} ],
+  '_KALPC_VIEW' : [ 0x34, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x8, ['pointer', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'Address' : [ 0x14, ['pointer', ['void']]],
+    'Size' : [ 0x18, ['unsigned long']],
+    'SecureViewHandle' : [ 0x1c, ['pointer', ['void']]],
+    'WriteAccessHandle' : [ 0x20, ['pointer', ['void']]],
+    'u1' : [ 0x24, ['__unnamed_1d3b']],
+    'NumberOfOwnerMessages' : [ 0x28, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x28, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x4, ['pointer', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0xc, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x14, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x24, ['pointer', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1d58' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d5a' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d58']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x11c, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x10, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x14, ['pointer', ['void']]],
+    'CompletionPacketLookaside' : [ 0x18, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x1c, ['pointer', ['void']]],
+    'StaticSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x60, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0x74, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0x7c, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0x80, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0x8c, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0x94, ['pointer', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'PortAttributes' : [ 0x98, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0xc4, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0xd0, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0xd4, ['pointer', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0xd8, ['pointer', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0xdc, ['pointer', ['void']]],
+    'CanceledQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0xe8, ['long']],
+    'ReferenceNo' : [ 0xec, ['long']],
+    'ReferenceNoWait' : [ 0xf0, ['pointer', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0xf4, ['__unnamed_1d5a']],
+    'TargetQueuePort' : [ 0xf8, ['pointer', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0xfc, ['pointer', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x100, ['pointer', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x104, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x108, ['unsigned long']],
+    'PendingQueueLength' : [ 0x10c, ['unsigned long']],
+    'DirectQueueLength' : [ 0x110, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x114, ['unsigned long']],
+    'WaitQueueLength' : [ 0x118, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x58, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x10, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x14, ['pointer', ['void']]],
+    'UserLimit' : [ 0x18, ['pointer', ['void']]],
+    'DataUserVa' : [ 0x1c, ['pointer', ['void']]],
+    'SystemVa' : [ 0x20, ['pointer', ['void']]],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'Header' : [ 0x28, ['pointer', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x2c, ['pointer', ['void']]],
+    'ListSize' : [ 0x30, ['unsigned long']],
+    'Bitmap' : [ 0x34, ['pointer', ['void']]],
+    'BitmapSize' : [ 0x38, ['unsigned long']],
+    'Data' : [ 0x3c, ['pointer', ['void']]],
+    'DataSize' : [ 0x40, ['unsigned long']],
+    'BitmapLimit' : [ 0x44, ['unsigned long']],
+    'BitmapNextHint' : [ 0x48, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x4c, ['unsigned long']],
+    'AttributeFlags' : [ 0x50, ['unsigned long']],
+    'AttributeSize' : [ 0x54, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ObjectName' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x10, ['pointer', ['void']]],
+    'SecurityQualityOfService' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0x90, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x10, ['pointer', ['void']]],
+    'Index' : [ 0x14, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x18, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x1c, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x20, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x24, ['unsigned long']],
+    'TypeInfo' : [ 0x28, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0x84, ['unsigned long']],
+    'CallbackList' : [ 0x88, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x14, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1d7f' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_1d81' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1d7f']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x98, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'u1' : [ 0x14, ['__unnamed_1d81']],
+    'SequenceNo' : [ 0x18, ['long']],
+    'QuotaProcess' : [ 0x1c, ['pointer', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x1c, ['pointer', ['void']]],
+    'CancelSequencePort' : [ 0x20, ['pointer', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x24, ['pointer', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x28, ['long']],
+    'CancelListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x34, ['pointer', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x38, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0x60, ['pointer', ['void']]],
+    'CommunicationInfo' : [ 0x64, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0x68, ['pointer', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0x6c, ['pointer', ['_ETHREAD']]],
+    'WakeReference' : [ 0x70, ['pointer', ['void']]],
+    'WakeReference2' : [ 0x74, ['pointer', ['void']]],
+    'ExtensionBuffer' : [ 0x78, ['pointer', ['void']]],
+    'ExtensionBufferSize' : [ 0x7c, ['unsigned long']],
+    'PortMessage' : [ 0x80, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x24, {
+    'PortObject' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'Message' : [ 0x4, ['pointer', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'TargetPort' : [ 0x10, ['pointer', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x14, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalLength' : [ 0x1c, ['unsigned short']],
+    'Type' : [ 0x1e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x20, ['unsigned short']],
+    'SignalCompletion' : [ 0x22, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x23, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x4, ['unsigned long']],
+    'ViewBase' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x14, {
+    'OwnerPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x4, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Message' : [ 0xc, ['pointer', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x24, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x28, {
+    'ClientContext' : [ 0x0, ['pointer', ['void']]],
+    'ServerContext' : [ 0x4, ['pointer', ['void']]],
+    'PortContext' : [ 0x8, ['pointer', ['void']]],
+    'CancelPortContext' : [ 0xc, ['pointer', ['void']]],
+    'SecurityData' : [ 0x10, ['pointer', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x14, ['pointer', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x18, ['pointer', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x1c, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x20, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_1dc2' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1dc4' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1dc2']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x50, {
+    'HandleTable' : [ 0x0, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x4, ['pointer', ['void']]],
+    'OwningProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x10, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x4c, ['__unnamed_1dc4']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x4, {
+    'Event' : [ 0x0, ['unsigned long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x8, ['unsigned long']],
+    'KeyContext' : [ 0xc, ['pointer', ['void']]],
+    'ApcContext' : [ 0x10, ['pointer', ['void']]],
+    'IoStatus' : [ 0x14, ['long']],
+    'IoStatusInformation' : [ 0x18, ['unsigned long']],
+    'MiniPacketCallback' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Allocated' : [ 0x24, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x30, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer', ['void']]],
+    'DiskIoAttributionHandle' : [ 0xc, ['unsigned long']],
+    'ActivityId' : [ 0x10, ['_GUID']],
+    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x20, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x20, ['pointer', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x24, ['long long']],
+    'AdapterCryptoParameters' : [ 0x20, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+} ],
+  '_DRIVER_OBJECT' : [ 0xa8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DriverStart' : [ 0xc, ['pointer', ['void']]],
+    'DriverSize' : [ 0x10, ['unsigned long']],
+    'DriverSection' : [ 0x14, ['pointer', ['void']]],
+    'DriverExtension' : [ 0x18, ['pointer', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x1c, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x28, ['pointer', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x2c, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x30, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x34, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x38, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x14, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0xc, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x2c, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x4, ['array', 9, ['pointer', ['void']]]],
+    'FoIoPriorityHint' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0x88, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x8, ['long']],
+    'Information' : [ 0xc, ['unsigned long']],
+    'ParseCheck' : [ 0x10, ['unsigned long']],
+    'RelatedFileObject' : [ 0x14, ['pointer', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x18, ['pointer', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x28, ['unsigned long']],
+    'FileAttributes' : [ 0x2c, ['unsigned short']],
+    'ShareAccess' : [ 0x2e, ['unsigned short']],
+    'EaBuffer' : [ 0x30, ['pointer', ['void']]],
+    'EaLength' : [ 0x34, ['unsigned long']],
+    'Options' : [ 0x38, ['unsigned long']],
+    'Disposition' : [ 0x3c, ['unsigned long']],
+    'BasicInformation' : [ 0x40, ['pointer', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x44, ['pointer', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x48, ['pointer', ['void']]],
+    'CreateFileType' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x50, ['pointer', ['void']]],
+    'Override' : [ 0x54, ['unsigned char']],
+    'QueryOnly' : [ 0x55, ['unsigned char']],
+    'DeleteOnly' : [ 0x56, ['unsigned char']],
+    'FullAttributes' : [ 0x57, ['unsigned char']],
+    'LocalFileObject' : [ 0x58, ['pointer', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x5c, ['unsigned long']],
+    'AccessMode' : [ 0x60, ['unsigned char']],
+    'DriverCreateContext' : [ 0x64, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0x7c, ['unsigned long']],
+    'FilterQuery' : [ 0x80, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1e90' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x110, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1e90']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer', ['wchar']]],
+    'LogFileName' : [ 0x3c, ['pointer', ['wchar']]],
+    'TimeZone' : [ 0x40, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0xf8, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x108, ['unsigned long']],
+    'BuffersLost' : [ 0x10c, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x8, {
+    'QueueTail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStatePendingCompression', 5: u'EtwBufferStateCompressed', 6: u'EtwBufferStatePlaceholder', 7: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer', ['void']]],
+    'Pointer1' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x370, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 1, ['unsigned long']]],
+    'ErrorMarker' : [ 0x18, ['unsigned long']],
+    'SizeMask' : [ 0x1c, ['unsigned long']],
+    'GetCpuClock' : [ 0x20, ['pointer', ['void']]],
+    'LoggerThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x28, ['long']],
+    'FailureReason' : [ 0x2c, ['unsigned long']],
+    'BufferQueue' : [ 0x30, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x38, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x40, ['_LIST_ENTRY']],
+    'DebugIdTrackingList' : [ 0x48, ['_LIST_ENTRY']],
+    'DecodeControlList' : [ 0x50, ['pointer', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'DecodeControlCount' : [ 0x54, ['unsigned long']],
+    'BatchedBufferList' : [ 0x58, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x58, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x5c, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x64, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x6c, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0x74, ['_UNICODE_STRING']],
+    'ClockType' : [ 0x7c, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0x80, ['unsigned long']],
+    'FlushTimer' : [ 0x84, ['unsigned long']],
+    'FlushThreshold' : [ 0x88, ['unsigned long']],
+    'ByteOffset' : [ 0x90, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0x98, ['unsigned long']],
+    'BuffersAvailable' : [ 0x9c, ['long']],
+    'NumberOfBuffers' : [ 0xa0, ['long']],
+    'MaximumBuffers' : [ 0xa4, ['unsigned long']],
+    'EventsLost' : [ 0xa8, ['unsigned long']],
+    'PeakBuffersCount' : [ 0xac, ['long']],
+    'BuffersWritten' : [ 0xb0, ['unsigned long']],
+    'LogBuffersLost' : [ 0xb4, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xb8, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xbc, ['unsigned long']],
+    'SequencePtr' : [ 0xc0, ['pointer', ['long']]],
+    'LocalSequence' : [ 0xc4, ['unsigned long']],
+    'InstanceGuid' : [ 0xc8, ['_GUID']],
+    'MaximumFileSize' : [ 0xd8, ['unsigned long']],
+    'FileCounter' : [ 0xdc, ['long']],
+    'PoolType' : [ 0xe0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0xe8, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0xf8, ['long']],
+    'ProviderInfoSize' : [ 0xfc, ['unsigned long']],
+    'Consumers' : [ 0x100, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x108, ['unsigned long']],
+    'TransitionConsumer' : [ 0x10c, ['pointer', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x110, ['pointer', ['void']]],
+    'RealtimeLogfileName' : [ 0x114, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x120, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x128, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x130, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x138, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x140, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x148, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x150, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x160, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x164, ['_KEVENT']],
+    'FlushEvent' : [ 0x174, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x188, ['_KTIMER']],
+    'LoggerDpc' : [ 0x1b0, ['_KDPC']],
+    'LoggerMutex' : [ 0x1d0, ['_KMUTANT']],
+    'LoggerLock' : [ 0x1f0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x1f4, ['unsigned long']],
+    'BufferListPushLock' : [ 0x1f4, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x1f8, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x234, ['pointer', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x238, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x240, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x248, ['pointer', ['void']]],
+    'BufferSequenceNumber' : [ 0x250, ['long long']],
+    'Flags' : [ 0x258, ['unsigned long']],
+    'Persistent' : [ 0x258, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x258, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x258, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x258, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x258, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x258, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x258, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x258, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x258, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x258, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x258, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x258, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x258, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x258, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x258, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LastBranchTracing' : [ 0x258, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x258, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x258, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProviderTracking' : [ 0x258, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessorTrace' : [ 0x258, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x258, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x25c, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x25c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x25c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x25c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x25c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x25c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x25c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x25c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x25c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x25c, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'StackTraceBlock' : [ 0x260, ['_ETW_STACK_TRACE_BLOCK']],
+    'HookIdMap' : [ 0x2b0, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x2b8, ['pointer', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x2bc, ['pointer', ['_ETW_PMC_SUPPORT']]],
+    'LbrData' : [ 0x2c0, ['pointer', ['_ETW_LBR_SUPPORT']]],
+    'IptData' : [ 0x2c4, ['pointer', ['_ETW_IPT_SUPPORT']]],
+    'BinaryTrackingList' : [ 0x2c8, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x2d0, ['pointer', ['pointer', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x2d4, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x2e0, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x2e8, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x2f0, ['pointer', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x2f4, ['Enumeration', dict(target = 'long', choices = {0: u'EtwpPeriodicTimerUnset', 1: u'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x2f8, ['pointer', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x2fc, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x300, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x310, ['long']],
+    'CompressionLock' : [ 0x314, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x318, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x31c, ['pointer', ['void']]],
+    'CompressionOn' : [ 0x320, ['long']],
+    'CompressionRatioGuess' : [ 0x324, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x328, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x32c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwCompressionModeRestart', 1: u'EtwCompressionModeNoDisable', 2: u'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x330, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x334, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x358, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x360, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x368, ['_LARGE_INTEGER']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x34, {
+    'Source' : [ 0x0, ['array', 8, ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x20, ['unsigned long']],
+    'HookId' : [ 0x24, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x2c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x30, ['array', 1, ['pointer', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LBR_SUPPORT' : [ 0x14, {
+    'LbrHandle' : [ 0x0, ['unsigned long']],
+    'LbrOptions' : [ 0x4, ['unsigned long']],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_IPT_SUPPORT' : [ 0x20, {
+    'IptHandle' : [ 0x0, ['pointer', ['void']]],
+    'IptOption' : [ 0x8, ['unsigned long long']],
+    'EtwHwTraceExtInterface' : [ 0x10, ['pointer', ['_ETW_HW_TRACE_EXT_INTERFACE']]],
+    'HookIdCount' : [ 0x14, ['unsigned long']],
+    'HookId' : [ 0x18, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0xa70, {
+    'Silo' : [ 0x0, ['pointer', ['_EJOB']]],
+    'SiloGlobals' : [ 0x4, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'MaxLoggers' : [ 0x8, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x10, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x178, ['pointer', ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'EtwpLoggerContext' : [ 0x17c, ['pointer', ['pointer', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x180, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0x880, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0x890, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0x894, ['long']],
+    'EtwpSecurityProviderPID' : [ 0x898, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0x89c, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0x8ac, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0x8c0, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0x8c8, ['pointer', ['_ETW_SILO_TRACING_BLOCK']]],
+    'ContainerRestoreWnfSubscription' : [ 0x8cc, ['pointer', ['_EX_WNF_SUBSCRIPTION']]],
+    'PartitionId' : [ 0x8d0, ['_GUID']],
+    'ParentId' : [ 0x8e0, ['_GUID']],
+    'QpcOffsetFromRoot' : [ 0x8f0, ['_LARGE_INTEGER']],
+    'PartitionType' : [ 0x8f8, ['unsigned long']],
+    'SystemLoggerSettings' : [ 0x8fc, ['_ETW_SYSTEM_LOGGER_SETTINGS']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x18, {
+    'SystemLogonSession' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x4, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x8, ['pointer', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0xc, ['pointer', ['void']]],
+    'UncSystemPaths' : [ 0x10, ['pointer', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x14, ['pointer', ['_CI_NGEN_PATHS']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x2a8, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x34, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x94, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x98, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0x9c, ['pointer', ['void']]],
+    'DynamicPart' : [ 0xa0, ['pointer', ['unsigned long']]],
+    'DefaultDacl' : [ 0xa4, ['pointer', ['_ACL']]],
+    'TokenType' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xb0, ['unsigned long']],
+    'TokenInUse' : [ 0xb4, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xb8, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xbc, ['unsigned long']],
+    'LogonSession' : [ 0xc0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xc4, ['_LUID']],
+    'SidHash' : [ 0xcc, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x154, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x1dc, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x1e0, ['pointer', ['void']]],
+    'Capabilities' : [ 0x1e4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x1e8, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x1ec, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x274, ['pointer', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x278, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x27c, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x280, ['pointer', ['void']]],
+    'TrustLinkedToken' : [ 0x284, ['pointer', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x288, ['pointer', ['void']]],
+    'TokenSidValues' : [ 0x28c, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x290, ['pointer', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x294, ['pointer', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x298, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x29c, ['pointer', ['void']]],
+    'VariablePart' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x6c, {
+    'Next' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x4, ['_LUID']],
+    'BuddyLogonId' : [ 0xc, ['_LUID']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'pDeviceMap' : [ 0x1c, ['pointer', ['_DEVICE_MAP']]],
+    'Token' : [ 0x20, ['pointer', ['void']]],
+    'AccountName' : [ 0x24, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x2c, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x34, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x40, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x44, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x48, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0x58, ['pointer', ['_EJOB']]],
+    'SiblingAuthId' : [ 0x5c, ['_LUID']],
+    'TokenList' : [ 0x64, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x20, {
+    'PointerCount' : [ 0x0, ['long']],
+    'HandleCount' : [ 0x4, ['long']],
+    'NextToFree' : [ 0x4, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0xc, ['unsigned char']],
+    'TraceFlags' : [ 0xd, ['unsigned char']],
+    'DbgRefTrace' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0xe, ['unsigned char']],
+    'Flags' : [ 0xf, ['unsigned char']],
+    'NewObject' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0xf, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0xf, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0xf, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0xf, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectCreateInfo' : [ 0x10, ['pointer', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x10, ['pointer', ['void']]],
+    'SecurityDescriptor' : [ 0x14, ['pointer', ['void']]],
+    'Body' : [ 0x18, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x10, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x8, {
+    'ExclusiveProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x8, {
+    'HandleCountDataBase' : [ 0x0, ['pointer', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x10, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x4, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0xc, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x10, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x8, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0xc, ['unsigned short']],
+    'Reserved1' : [ 0xe, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x8, {
+    'SecurityDescriptor' : [ 0x0, ['pointer', ['void']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x8, {
+    'Footer' : [ 0x0, ['pointer', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x18, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x10, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x8, {
+    'Context1' : [ 0x0, ['pointer', ['void']]],
+    'Context2' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x10, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x8, ['pointer', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0xc, ['unsigned char']],
+    'Padding1' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x18, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'EntryLink' : [ 0x8, ['pointer', ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0xc, ['unsigned long']],
+    'HashIndex' : [ 0x10, ['unsigned short']],
+    'DirectoryLocked' : [ 0x12, ['unsigned char']],
+    'LockedExclusive' : [ 0x13, ['unsigned char']],
+    'LockStateSignature' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0xb0, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x94, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x98, ['pointer', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x9c, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0xa0, ['pointer', ['void']]],
+    'SessionObject' : [ 0xa4, ['pointer', ['void']]],
+    'Flags' : [ 0xa8, ['unsigned long']],
+    'SessionId' : [ 0xac, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x1a4, {
+    'SystemDeviceMap' : [ 0x0, ['pointer', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x4, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x74, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0xc, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x4, ['pointer', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x8, ['pointer', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x418, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x8, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0xc, ['unsigned long']],
+    'ErrorCount' : [ 0x10, ['long']],
+    'RecordCount' : [ 0x14, ['unsigned long']],
+    'RecordLength' : [ 0x18, ['unsigned long']],
+    'PoolTag' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x24, ['pointer', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x28, ['pointer', ['void']]],
+    'SectionCount' : [ 0x2c, ['unsigned long']],
+    'SectionLength' : [ 0x30, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x38, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x40, ['unsigned long']],
+    'TotalErrors' : [ 0x44, ['unsigned long']],
+    'Deferred' : [ 0x48, ['unsigned char']],
+    'Descriptor' : [ 0x49, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xe4, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'ProcessorNumber' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x14, ['long']],
+    'ErrorSource' : [ 0x18, ['pointer', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x1c, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x48, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x20, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0xc, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x10, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x14, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x8, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0xc, ['long']],
+    'HighWaterMark' : [ 0x10, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x18, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x8, ['unsigned long']],
+    'DpcQueueDepth' : [ 0xc, ['long']],
+    'DpcCount' : [ 0x10, ['unsigned long']],
+    'ActiveDpc' : [ 0x14, ['pointer', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_2018' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x7000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2018']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x18, ['unsigned long']],
+    'NonPagablePages' : [ 0x1c, ['unsigned long']],
+    'CommittedPages' : [ 0x20, ['unsigned long']],
+    'PagedPoolStart' : [ 0x24, ['pointer', ['void']]],
+    'PagedPoolEnd' : [ 0x28, ['pointer', ['void']]],
+    'SessionObject' : [ 0x2c, ['pointer', ['void']]],
+    'SessionObjectHandle' : [ 0x30, ['pointer', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x34, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x44, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x48, ['unsigned long']],
+    'AttachCount' : [ 0x4c, ['unsigned long']],
+    'AttachGate' : [ 0x50, ['_KGATE']],
+    'WsListEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'PagedPoolInfo' : [ 0x68, ['_MM_PAGED_POOL_INFO']],
+    'Lookaside' : [ 0xc0, ['array', 24, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xcc0, ['_MMSESSION']],
+    'Vm' : [ 0xd00, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0xdc0, ['_MMWSL_INSTANCE']],
+    'HeapState' : [ 0xdd8, ['pointer', ['void']]],
+    'PagedPool' : [ 0xe00, ['_POOL_DESCRIPTOR']],
+    'DriverUnload' : [ 0x1f40, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'TopLevelPteLockBits' : [ 0x1f44, ['array', 128, ['unsigned long']]],
+    'PageTables' : [ 0x2148, ['array', 1024, ['_MMPTE']]],
+    'PagedPoolBitBuffer' : [ 0x4148, ['array', 32, ['unsigned long']]],
+    'SpecialPool' : [ 0x41c8, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x4208, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x420c, ['long']],
+    'PagedPoolPdeCount' : [ 0x4210, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x4214, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x4218, ['unsigned long']],
+    'SystemPteInfo' : [ 0x421c, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x4250, ['pointer', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x4254, ['unsigned long']],
+    'PoolTrackBigPages' : [ 0x4258, ['pointer', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x425c, ['unsigned long']],
+    'PermittedFaultsTree' : [ 0x4260, ['_RTL_AVL_TREE']],
+    'IoState' : [ 0x4264, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x4268, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x426c, ['_KEVENT']],
+    'ServerSilo' : [ 0x427c, ['pointer', ['_EJOB']]],
+    'CreateTime' : [ 0x4280, ['unsigned long long']],
+    'PoolTags' : [ 0x5000, ['array', 8192, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x130, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x12c, ['unsigned long']],
+} ],
+  '_CMP_VOLUME_CONTEXT' : [ 0x2c, {
+    'VolumeContextListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'VolumeManager' : [ 0x8, ['pointer', ['_CMP_VOLUME_MANAGER']]],
+    'RefCount' : [ 0xc, ['long']],
+    'VolumeGuid' : [ 0x10, ['_GUID']],
+    'VolumeFileObject' : [ 0x20, ['pointer', ['void']]],
+    'VolumeContextLock' : [ 0x24, ['_CMSI_RW_LOCK']],
+    'DeviceUsageNotificationSent' : [ 0x28, ['unsigned char']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer', ['void']]],
+    'OpenProcedure' : [ 0x34, ['pointer', ['void']]],
+    'CloseProcedure' : [ 0x38, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x3c, ['pointer', ['void']]],
+    'ParseProcedure' : [ 0x40, ['pointer', ['void']]],
+    'ParseProcedureEx' : [ 0x40, ['pointer', ['void']]],
+    'SecurityProcedure' : [ 0x44, ['pointer', ['void']]],
+    'QueryNameProcedure' : [ 0x48, ['pointer', ['void']]],
+    'OkayToCloseProcedure' : [ 0x4c, ['pointer', ['void']]],
+    'WaitObjectFlagMask' : [ 0x50, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x54, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x56, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x30, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0xc, ['unsigned long']],
+    'EntryOffset' : [ 0xc, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0xd, ['unsigned char']],
+    'WaitingBit' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0xe, ['unsigned char']],
+    'AcquiredBit' : [ 0xe, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0xf, ['unsigned char']],
+    'HeadNodeBit' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x10, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x10, ['pointer', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x10, ['unsigned char']],
+    'Reserved' : [ 0x11, ['array', 2, ['unsigned char']]],
+    'InTreeByte' : [ 0x13, ['unsigned char']],
+    'SessionState' : [ 0x14, ['pointer', ['void']]],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'OwnerTree' : [ 0x18, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x20, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x18, ['unsigned char']],
+    'EntryLock' : [ 0x28, ['unsigned long']],
+    'BoostBitmap' : [ 0x2c, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x40, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'TagIndex' : [ 0xc, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xe, ['unsigned short']],
+    'TagName' : [ 0x10, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'RfgControlStack' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 27, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x5c, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long']],
+    'TotalMemoryCommitted' : [ 0x4, ['unsigned long']],
+    'TotalMemoryLargeUCR' : [ 0x8, ['unsigned long']],
+    'TotalSizeInVirtualBlocks' : [ 0xc, ['unsigned long']],
+    'TotalSegments' : [ 0x10, ['unsigned long']],
+    'TotalUCRs' : [ 0x14, ['unsigned long']],
+    'CommittOps' : [ 0x18, ['unsigned long']],
+    'DeCommitOps' : [ 0x1c, ['unsigned long']],
+    'LockAcquires' : [ 0x20, ['unsigned long']],
+    'LockCollisions' : [ 0x24, ['unsigned long']],
+    'CommitRate' : [ 0x28, ['unsigned long']],
+    'DecommittRate' : [ 0x2c, ['unsigned long']],
+    'CommitFailures' : [ 0x30, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x34, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x38, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x3c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x40, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x44, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x48, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x4c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x50, ['unsigned long']],
+    'HighWatermarkSize' : [ 0x54, ['unsigned long']],
+    'LastPolledSize' : [ 0x58, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0xc, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x18, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'Irp' : [ 0xc, ['pointer', ['_IRP']]],
+    'Device' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x14, ['unsigned char']],
+} ],
+  '__unnamed_2083' : [ 0x10, {
+    'CallerCompletion' : [ 0x0, ['pointer', ['void']]],
+    'CallerContext' : [ 0x4, ['pointer', ['void']]],
+    'CallerDevice' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0xc, ['unsigned char']],
+} ],
+  '__unnamed_2086' : [ 0x8, {
+    'NotifyDevice' : [ 0x0, ['pointer', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x4, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0x98, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x18, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x20, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'MinorFunction' : [ 0x68, ['unsigned char']],
+    'PowerStateType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0x70, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0x74, ['unsigned char']],
+    'FxDevice' : [ 0x78, ['pointer', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0x7c, ['unsigned char']],
+    'NotifyPEP' : [ 0x7d, ['unsigned char']],
+    'IrpSequenceID' : [ 0x80, ['long']],
+    'Device' : [ 0x84, ['__unnamed_2083']],
+    'System' : [ 0x84, ['__unnamed_2086']],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CLIENT_ID' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['pointer', ['void']]],
+    'UniqueThread' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x30, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedBytes' : [ 0x4, ['unsigned long']],
+    'NonPagedAllocs' : [ 0x8, ['unsigned long long']],
+    'NonPagedFrees' : [ 0x10, ['unsigned long long']],
+    'PagedBytes' : [ 0x18, ['unsigned long']],
+    'PagedAllocs' : [ 0x20, ['unsigned long long']],
+    'PagedFrees' : [ 0x28, ['unsigned long long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_CMP_VOLUME_MANAGER' : [ 0xc, {
+    'VolumeContextListLock' : [ 0x0, ['_CMSI_RW_LOCK']],
+    'VolumeContextListHead' : [ 0x4, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGK_SILOSTATE' : [ 0x10, {
+    'ErrorPortLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ErrorPort' : [ 0x4, ['pointer', ['_DBGKP_ERROR_PORT']]],
+    'ErrorProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ErrorPortRegisteredEvent' : [ 0xc, ['pointer', ['_KEVENT']]],
+} ],
+  '_STACK_TABLE' : [ 0x8040, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x4, ['array', 16, ['pointer', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x44, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x150, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'StrictVetoBias' : [ 0x8, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0xc, ['unsigned long']],
+    'TargetState' : [ 0x10, ['unsigned long']],
+    'ActualState' : [ 0x14, ['unsigned long']],
+    'OldState' : [ 0x18, ['unsigned long']],
+    'OverrideIndex' : [ 0x1c, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0x54, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x60, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x64, ['pointer', ['void']]],
+    'IdleExecute' : [ 0x68, ['pointer', ['void']]],
+    'IdlePreselect' : [ 0x6c, ['pointer', ['void']]],
+    'IdleTest' : [ 0x70, ['pointer', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x74, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x78, ['pointer', ['void']]],
+    'IdleCancel' : [ 0x7c, ['pointer', ['void']]],
+    'IdleIsHalted' : [ 0x80, ['pointer', ['void']]],
+    'IdleInitiateWake' : [ 0x84, ['pointer', ['void']]],
+    'PrepareInfo' : [ 0x88, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0xd8, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0xe4, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0xe8, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0xec, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0xf4, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0xfc, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x10c, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x1c, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_20df' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_20df']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0x80, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer', ['void']]],
+    'ThreadOwner' : [ 0xc, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x20, ['array', 8, ['pointer', ['void']]]],
+    'LastAcquireTrace' : [ 0x40, ['array', 8, ['pointer', ['void']]]],
+    'LastReleaseTrace' : [ 0x60, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x9c, {
+    'ProcessCid' : [ 0x0, ['pointer', ['void']]],
+    'ThreadCid' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x18, ['unsigned long']],
+    'CreateTrace' : [ 0x1c, ['array', 30, ['unsigned long']]],
+    'Count' : [ 0x94, ['long']],
+    'CaptureCount' : [ 0x98, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0xa0, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x20, ['array', 128, ['unsigned char']]],
+} ],
+  '_VF_BTS_DATA_MANAGEMENT_AREA' : [ 0x34, {
+    'BTSBufferBase' : [ 0x0, ['pointer', ['void']]],
+    'BTSIndex' : [ 0x4, ['pointer', ['void']]],
+    'BTSMax' : [ 0x8, ['pointer', ['void']]],
+    'BTSInterruptThreshold' : [ 0xc, ['pointer', ['void']]],
+    'PEBSBufferBase' : [ 0x10, ['pointer', ['void']]],
+    'PEBSIndex' : [ 0x14, ['pointer', ['void']]],
+    'PEBSMax' : [ 0x18, ['pointer', ['void']]],
+    'PEBSInterruptThreshold' : [ 0x1c, ['pointer', ['void']]],
+    'PEBSCounterReset' : [ 0x20, ['array', 2, ['pointer', ['void']]]],
+    'Reserved' : [ 0x28, ['array', 12, ['unsigned char']]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ShortThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'IdleStateMax' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x180, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x40, ['pointer', ['_KDPC']]],
+    'ChildList' : [ 0x44, ['_LIST_ENTRY']],
+    'Parent' : [ 0x4c, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x8, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x4, ['pointer', ['pointer', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x130, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x8, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0xc, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x10, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x98, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x120, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x124, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x128, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x12c, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x4, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x8, ['pointer', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ChildOfVgaEnabledBridge' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DecodeIoOnBoot' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x14, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'LockMdlSwitchedTree' : [ 0x4, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Valid' : [ 0x10, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x24, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'EntryDescriptor' : [ 0x10, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x1c, ['unsigned long']],
+    'Handles' : [ 0x20, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0xc, {
+    'IdealMask' : [ 0x0, ['unsigned long']],
+    'PreferredMask' : [ 0x4, ['unsigned long']],
+    'AvailableMask' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_NAME_HASH' : [ 0xc, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'Name' : [ 0xa, ['array', 1, ['wchar']]],
+} ],
+  '_MMSESSION' : [ 0x14, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x4, ['pointer', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0xc, ['unsigned long']],
+    'BitmapFailures' : [ 0x10, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x14, {
+    'CompletionRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'RequestorMode' : [ 0xc, ['unsigned char']],
+    'NestingLevel' : [ 0x10, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0xc, {
+    'DirtyPages' : [ 0x0, ['unsigned long']],
+    'DirtyPagesLastScan' : [ 0x4, ['unsigned long']],
+    'DirtyPagesScheduledLastScan' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x8, {
+    'Sid' : [ 0x0, ['pointer', ['void']]],
+    'Attributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_MAP' : [ 0x38, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x4, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x8, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'DriveMap' : [ 0x10, ['unsigned long']],
+    'DriveType' : [ 0x14, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x34, ['pointer', ['_EJOB']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x4, ['pointer', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x8, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x4, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x10, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0xc, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x10, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x4, ['unsigned long']],
+    'Run' : [ 0x8, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SessionHeapInitialized' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SessionHeapDestroyed' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0xc, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x4, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x14, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer', ['void']]],
+    'OverQuotaHistory' : [ 0x4, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x8, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x8, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x4, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x30, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x4, ['unsigned long']],
+    'SenderPort' : [ 0x8, ['pointer', ['void']]],
+    'RepliedToThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'PortContext' : [ 0x10, ['pointer', ['void']]],
+    'Request' : [ 0x18, ['_PORT_MESSAGE']],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x20, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0xc, ['unsigned long']],
+    'CollectMultiple' : [ 0x10, ['unsigned char']],
+    'Buffer' : [ 0x14, ['pointer', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x1c, {
+    'ObjectHeader' : [ 0x0, ['pointer', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x18, ['unsigned short']],
+    'MaxStacks' : [ 0x1a, ['unsigned short']],
+    'StackInfo' : [ 0x1c, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '__unnamed_218f' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x60, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_218f']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'WritesOutstanding' : [ 0x1c, ['unsigned long']],
+    'EvictFlushLock' : [ 0x20, ['long']],
+    'EvictionThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x28, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x38, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x40, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x50, ['pointer', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x54, ['pointer', ['_EPROCESS']]],
+    'DeleteStoredPages' : [ 0x58, ['unsigned long']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['unsigned long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x19c, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_VF_BTS_RECORD' : [ 0xc, {
+    'JumpedFrom' : [ 0x0, ['pointer', ['void']]],
+    'JumpedTo' : [ 0x4, ['pointer', ['void']]],
+    'Unused1' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Predicted' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Unused2' : [ 0x8, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+    'IdleStateMax' : [ 0x2e, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x2c, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long']],
+    'MemoryBandwidth' : [ 0x14, ['unsigned long']],
+    'MaxPoolUsage' : [ 0x18, ['unsigned long']],
+    'MaxSectionSize' : [ 0x1c, ['unsigned long']],
+    'MaxViewSize' : [ 0x20, ['unsigned long']],
+    'MaxTotalSectionSize' : [ 0x24, ['unsigned long']],
+    'DupObjectTypes' : [ 0x28, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x44, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['long']],
+    'Dpc' : [ 0x10, ['_KDPC']],
+    'WorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0xc, ['pointer', ['void']]],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x4, {
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXHANDLE' : [ 0x4, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Group' : [ 0x8, ['pointer', ['void']]],
+    'Sacl' : [ 0xc, ['pointer', ['_ACL']]],
+    'Dacl' : [ 0x10, ['pointer', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x4c, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x4, ['_KMUTANT']],
+    'Lock' : [ 0x24, ['_FAST_MUTEX']],
+    'List' : [ 0x44, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x8, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x10, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x1c, ['unsigned char']],
+    'DeviceObject' : [ 0x20, ['pointer', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x24, ['pointer', ['wchar']]],
+    'DriverName' : [ 0x28, ['pointer', ['wchar']]],
+    'ChildCount' : [ 0x2c, ['unsigned long']],
+    'ActiveChild' : [ 0x30, ['unsigned long']],
+    'ParentCount' : [ 0x34, ['unsigned long']],
+    'ActiveParent' : [ 0x38, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x19c, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x4, ['pointer', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x8, ['pointer', ['_HMAP_TABLE']]],
+    'Guard' : [ 0xc, ['unsigned long']],
+    'FreeDisplay' : [ 0x10, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x190, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x198, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+    'SecureInfo' : [ 0x4, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x4, ['_RTL_BITMAP']],
+    'InPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x4, ['_MI_LARGEPAGE_IMAGE_INFO']],
+    'CreatingThread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'PebTebRfg' : [ 0x4, ['_MI_SUB64K_FREE_RANGES']],
+    'RfgProtectedStack' : [ 0x4, ['_MI_RFG_PROTECTED_STACK']],
+    'PlaceholderVad' : [ 0x4, ['pointer', ['_MMVAD_SHORT']]],
+    'WaitReason' : [ 0x24, ['unsigned long']],
+} ],
+  '__unnamed_21e2' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_21e5' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_SUBSECTION' : [ 0x28, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0xc, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0xc, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0xc, ['pointer', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x10, ['__unnamed_21e2']],
+    'StartingSector' : [ 0x14, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x18, ['unsigned long']],
+    'PtesInSubsection' : [ 0x1c, ['unsigned long']],
+    'u1' : [ 0x20, ['__unnamed_21e5']],
+    'UnusedPtes' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x24, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x4, ['unsigned long']],
+    'RequestPacket' : [ 0x8, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x18, ['pointer', ['long']]],
+    'NodeTargetCount' : [ 0x1c, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x4, ['_LIST_ENTRY']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0xc, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x4, ['pointer', ['void']]],
+    'DataLength' : [ 0x8, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x38, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'Reserved3' : [ 0x10, ['array', 4, ['pointer', ['void']]]],
+    'Reserved4' : [ 0x20, ['array', 4, ['unsigned long']]],
+    'Reserved6' : [ 0x30, ['array', 2, ['pointer', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x8, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x18, {
+    'AllocAddress' : [ 0x0, ['unsigned long']],
+    'AllocTag' : [ 0x4, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x8, ['unsigned long']],
+    'ReAllocTag' : [ 0xc, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x10, ['unsigned long']],
+    'FreeTag' : [ 0x14, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x30, {
+    'LsaProcessHandle' : [ 0x0, ['pointer', ['void']]],
+    'LsaCommandPortHandle' : [ 0x4, ['pointer', ['void']]],
+    'SepRmThreadHandle' : [ 0x8, ['pointer', ['void']]],
+    'RmCommandPortHandle' : [ 0xc, ['pointer', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x10, ['pointer', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x14, ['pointer', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x20, ['pointer', ['void']]],
+    'RmViewPortMemory' : [ 0x24, ['pointer', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x28, ['long']],
+    'LsaCommandPortActive' : [ 0x2c, ['unsigned char']],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x18, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x8, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0xc, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x58, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x10, ['pointer', ['void']]],
+    'Tm' : [ 0x14, ['pointer', ['void']]],
+    'RmHandle' : [ 0x18, ['pointer', ['void']]],
+    'KtmRm' : [ 0x1c, ['pointer', ['void']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'ContainerNum' : [ 0x24, ['unsigned long']],
+    'ContainerSize' : [ 0x28, ['unsigned long long']],
+    'CmHive' : [ 0x30, ['pointer', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x34, ['pointer', ['void']]],
+    'MarshallingContext' : [ 0x38, ['pointer', ['void']]],
+    'RmFlags' : [ 0x3c, ['unsigned long']],
+    'LogStartStatus1' : [ 0x40, ['long']],
+    'LogStartStatus2' : [ 0x44, ['long']],
+    'BaseLsn' : [ 0x48, ['unsigned long long']],
+    'RmLock' : [ 0x50, ['pointer', ['_ERESOURCE']]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x1c, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x4, ['_RTL_BITMAP']],
+    'FirstPteForPagedPool' : [ 0xc, ['pointer', ['_MMPTE']]],
+    'MaximumSize' : [ 0x10, ['unsigned long']],
+    'PagedPoolHint' : [ 0x14, ['unsigned long']],
+    'AllocatedPagedPool' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x44, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xc, ['_UNICODE_STRING']],
+    'Latency' : [ 0x14, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x18, ['unsigned long']],
+    'Power' : [ 0x1c, ['unsigned long']],
+    'StateFlags' : [ 0x20, ['unsigned long']],
+    'VetoAccounting' : [ 0x24, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0x3c, ['unsigned char']],
+    'InterruptsEnabled' : [ 0x3d, ['unsigned char']],
+    'Interruptible' : [ 0x3e, ['unsigned char']],
+    'ContextRetained' : [ 0x3f, ['unsigned char']],
+    'CacheCoherent' : [ 0x40, ['unsigned char']],
+    'WakesSpuriously' : [ 0x41, ['unsigned char']],
+    'PlatformOnly' : [ 0x42, ['unsigned char']],
+    'NoCState' : [ 0x43, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['unsigned long']],
+    'RealKcb' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_221d' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_221f' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_221d']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0xb0, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x4, ['pointer', ['void']]],
+    'EtwHandlesListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_221f']],
+    'Signature' : [ 0x14, ['unsigned long']],
+    'SeSigningLevel' : [ 0x18, ['unsigned char']],
+    'PoolPageHeaders' : [ 0x20, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x28, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x30, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x34, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x38, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x3c, ['unsigned long']],
+    'PagedBytes' : [ 0x40, ['unsigned long']],
+    'NonPagedBytes' : [ 0x44, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x4c, ['unsigned long']],
+    'RaiseIrqls' : [ 0x50, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x54, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x58, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x5c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x60, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x64, ['unsigned long']],
+    'LockedBytes' : [ 0x68, ['unsigned long']],
+    'PeakLockedBytes' : [ 0x6c, ['unsigned long']],
+    'MappedLockedBytes' : [ 0x70, ['unsigned long']],
+    'PeakMappedLockedBytes' : [ 0x74, ['unsigned long']],
+    'MappedIoSpaceBytes' : [ 0x78, ['unsigned long']],
+    'PeakMappedIoSpaceBytes' : [ 0x7c, ['unsigned long']],
+    'PagesForMdlBytes' : [ 0x80, ['unsigned long']],
+    'PeakPagesForMdlBytes' : [ 0x84, ['unsigned long']],
+    'ContiguousMemoryBytes' : [ 0x88, ['unsigned long']],
+    'PeakContiguousMemoryBytes' : [ 0x8c, ['unsigned long']],
+    'ContiguousMemoryListHead' : [ 0x90, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x98, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x9c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0xa0, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0xa4, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa8, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xac, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Luid' : [ 0x10, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x18, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x20, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x1c, {
+    'ProtosNode' : [ 0x0, ['_MI_PROTOTYPE_PTES_NODE']],
+    'DynamicRelocations' : [ 0x10, ['pointer', ['void']]],
+    'SecurityContext' : [ 0x14, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x18, ['unsigned long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderEnclaveMemory', 34: u'LoaderFirmwareKsr', 35: u'LoaderEnclaveKsr', 36: u'LoaderMaximum'})]],
+    'BasePage' : [ 0xc, ['unsigned long']],
+    'PageCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x30, {
+    'ScopeMap' : [ 0x0, ['pointer', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x4, ['pointer', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x8, ['pointer', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x10, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x18, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x20, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x28, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x8, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_DELAY_ACK_FO' : [ 0xc, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x8, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x4, ['pointer', ['_HHIVE']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x10, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Processor' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadSpecControl' : [ 0x1, ['unsigned char']],
+    'SpecControlIbrs' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecControlStibp' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'SpecControlReserved' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SchedulerAssist' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Instrumented' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x10, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x28, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long']],
+    'DirtyPageThresholdTop' : [ 0x4, ['unsigned long']],
+    'DirtyPageThresholdBottom' : [ 0x8, ['unsigned long']],
+    'DirtyPageTarget' : [ 0xc, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x10, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x18, ['unsigned long long']],
+    'AvailableHistory' : [ 0x20, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x50, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0xc, ['pointer', ['_MDL']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Who' : [ 0x20, ['unsigned long']],
+    'Hash' : [ 0x24, ['unsigned long']],
+    'Page' : [ 0x28, ['unsigned long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'Process' : [ 0x4c, ['pointer', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x2cc, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+    'Dr0' : [ 0x4, ['unsigned long']],
+    'Dr1' : [ 0x8, ['unsigned long']],
+    'Dr2' : [ 0xc, ['unsigned long']],
+    'Dr3' : [ 0x10, ['unsigned long']],
+    'Dr6' : [ 0x14, ['unsigned long']],
+    'Dr7' : [ 0x18, ['unsigned long']],
+    'FloatSave' : [ 0x1c, ['_FLOATING_SAVE_AREA']],
+    'SegGs' : [ 0x8c, ['unsigned long']],
+    'SegFs' : [ 0x90, ['unsigned long']],
+    'SegEs' : [ 0x94, ['unsigned long']],
+    'SegDs' : [ 0x98, ['unsigned long']],
+    'Edi' : [ 0x9c, ['unsigned long']],
+    'Esi' : [ 0xa0, ['unsigned long']],
+    'Ebx' : [ 0xa4, ['unsigned long']],
+    'Edx' : [ 0xa8, ['unsigned long']],
+    'Ecx' : [ 0xac, ['unsigned long']],
+    'Eax' : [ 0xb0, ['unsigned long']],
+    'Ebp' : [ 0xb4, ['unsigned long']],
+    'Eip' : [ 0xb8, ['unsigned long']],
+    'SegCs' : [ 0xbc, ['unsigned long']],
+    'EFlags' : [ 0xc0, ['unsigned long']],
+    'Esp' : [ 0xc4, ['unsigned long']],
+    'SegSs' : [ 0xc8, ['unsigned long']],
+    'ExtendedRegisters' : [ 0xcc, ['array', 512, ['unsigned char']]],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0x80, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0xc, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x2c, ['unsigned long']],
+    'TraceDb' : [ 0x30, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x10, {
+    'Handles' : [ 0x0, ['pointer', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  'HAL_PRIVATE_DISPATCH' : [ 0x22c, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'HalHandlerForBus' : [ 0x4, ['pointer', ['void']]],
+    'HalHandlerForConfigSpace' : [ 0x8, ['pointer', ['void']]],
+    'HalLocateHiberRanges' : [ 0xc, ['pointer', ['void']]],
+    'HalRegisterBusHandler' : [ 0x10, ['pointer', ['void']]],
+    'HalSetWakeEnable' : [ 0x14, ['pointer', ['void']]],
+    'HalSetWakeAlarm' : [ 0x18, ['pointer', ['void']]],
+    'HalPciTranslateBusAddress' : [ 0x1c, ['pointer', ['void']]],
+    'HalPciAssignSlotResources' : [ 0x20, ['pointer', ['void']]],
+    'HalHaltSystem' : [ 0x24, ['pointer', ['void']]],
+    'HalFindBusAddressTranslation' : [ 0x28, ['pointer', ['void']]],
+    'HalResetDisplay' : [ 0x2c, ['pointer', ['void']]],
+    'HalAllocateMapRegisters' : [ 0x30, ['pointer', ['void']]],
+    'KdSetupPciDeviceForDebugging' : [ 0x34, ['pointer', ['void']]],
+    'KdReleasePciDeviceForDebugging' : [ 0x38, ['pointer', ['void']]],
+    'KdGetAcpiTablePhase0' : [ 0x3c, ['pointer', ['void']]],
+    'KdCheckPowerButton' : [ 0x40, ['pointer', ['void']]],
+    'HalVectorToIDTEntry' : [ 0x44, ['pointer', ['void']]],
+    'KdMapPhysicalMemory64' : [ 0x48, ['pointer', ['void']]],
+    'KdUnmapVirtualAddress' : [ 0x4c, ['pointer', ['void']]],
+    'KdGetPciDataByOffset' : [ 0x50, ['pointer', ['void']]],
+    'KdSetPciDataByOffset' : [ 0x54, ['pointer', ['void']]],
+    'HalGetInterruptVectorOverride' : [ 0x58, ['pointer', ['void']]],
+    'HalGetVectorInputOverride' : [ 0x5c, ['pointer', ['void']]],
+    'HalLoadMicrocode' : [ 0x60, ['pointer', ['void']]],
+    'HalUnloadMicrocode' : [ 0x64, ['pointer', ['void']]],
+    'HalPostMicrocodeUpdate' : [ 0x68, ['pointer', ['void']]],
+    'HalAllocateMessageTargetOverride' : [ 0x6c, ['pointer', ['void']]],
+    'HalFreeMessageTargetOverride' : [ 0x70, ['pointer', ['void']]],
+    'HalDpReplaceBegin' : [ 0x74, ['pointer', ['void']]],
+    'HalDpReplaceTarget' : [ 0x78, ['pointer', ['void']]],
+    'HalDpReplaceControl' : [ 0x7c, ['pointer', ['void']]],
+    'HalDpReplaceEnd' : [ 0x80, ['pointer', ['void']]],
+    'HalPrepareForBugcheck' : [ 0x84, ['pointer', ['void']]],
+    'HalQueryWakeTime' : [ 0x88, ['pointer', ['void']]],
+    'HalReportIdleStateUsage' : [ 0x8c, ['pointer', ['void']]],
+    'HalTscSynchronization' : [ 0x90, ['pointer', ['void']]],
+    'HalWheaInitProcessorGenericSection' : [ 0x94, ['pointer', ['void']]],
+    'HalStopLegacyUsbInterrupts' : [ 0x98, ['pointer', ['void']]],
+    'HalReadWheaPhysicalMemory' : [ 0x9c, ['pointer', ['void']]],
+    'HalWriteWheaPhysicalMemory' : [ 0xa0, ['pointer', ['void']]],
+    'HalDpMaskLevelTriggeredInterrupts' : [ 0xa4, ['pointer', ['void']]],
+    'HalDpUnmaskLevelTriggeredInterrupts' : [ 0xa8, ['pointer', ['void']]],
+    'HalDpGetInterruptReplayState' : [ 0xac, ['pointer', ['void']]],
+    'HalDpReplayInterrupts' : [ 0xb0, ['pointer', ['void']]],
+    'HalQueryIoPortAccessSupported' : [ 0xb4, ['pointer', ['void']]],
+    'KdSetupIntegratedDeviceForDebugging' : [ 0xb8, ['pointer', ['void']]],
+    'KdReleaseIntegratedDeviceForDebugging' : [ 0xbc, ['pointer', ['void']]],
+    'HalGetEnlightenmentInformation' : [ 0xc0, ['pointer', ['void']]],
+    'HalAllocateEarlyPages' : [ 0xc4, ['pointer', ['void']]],
+    'HalMapEarlyPages' : [ 0xc8, ['pointer', ['void']]],
+    'Dummy1' : [ 0xcc, ['pointer', ['void']]],
+    'Dummy2' : [ 0xd0, ['pointer', ['void']]],
+    'HalNotifyProcessorFreeze' : [ 0xd4, ['pointer', ['void']]],
+    'HalPrepareProcessorForIdle' : [ 0xd8, ['pointer', ['void']]],
+    'HalRegisterLogRoutine' : [ 0xdc, ['pointer', ['void']]],
+    'HalResumeProcessorFromIdle' : [ 0xe0, ['pointer', ['void']]],
+    'Dummy' : [ 0xe4, ['pointer', ['void']]],
+    'HalVectorToIDTEntryEx' : [ 0xe8, ['pointer', ['void']]],
+    'HalSecondaryInterruptQueryPrimaryInformation' : [ 0xec, ['pointer', ['void']]],
+    'HalMaskInterrupt' : [ 0xf0, ['pointer', ['void']]],
+    'HalUnmaskInterrupt' : [ 0xf4, ['pointer', ['void']]],
+    'HalIsInterruptTypeSecondary' : [ 0xf8, ['pointer', ['void']]],
+    'HalAllocateGsivForSecondaryInterrupt' : [ 0xfc, ['pointer', ['void']]],
+    'HalAddInterruptRemapping' : [ 0x100, ['pointer', ['void']]],
+    'HalRemoveInterruptRemapping' : [ 0x104, ['pointer', ['void']]],
+    'HalSaveAndDisableHvEnlightenment' : [ 0x108, ['pointer', ['void']]],
+    'HalRestoreHvEnlightenment' : [ 0x10c, ['pointer', ['void']]],
+    'HalFlushIoBuffersExternalCache' : [ 0x110, ['pointer', ['void']]],
+    'HalFlushExternalCache' : [ 0x114, ['pointer', ['void']]],
+    'HalPciEarlyRestore' : [ 0x118, ['pointer', ['void']]],
+    'HalGetProcessorId' : [ 0x11c, ['pointer', ['void']]],
+    'HalAllocatePmcCounterSet' : [ 0x120, ['pointer', ['void']]],
+    'HalCollectPmcCounters' : [ 0x124, ['pointer', ['void']]],
+    'HalFreePmcCounterSet' : [ 0x128, ['pointer', ['void']]],
+    'HalProcessorHalt' : [ 0x12c, ['pointer', ['void']]],
+    'HalTimerQueryCycleCounter' : [ 0x130, ['pointer', ['void']]],
+    'Dummy3' : [ 0x134, ['pointer', ['void']]],
+    'HalPciMarkHiberPhase' : [ 0x138, ['pointer', ['void']]],
+    'HalQueryProcessorRestartEntryPoint' : [ 0x13c, ['pointer', ['void']]],
+    'HalRequestInterrupt' : [ 0x140, ['pointer', ['void']]],
+    'HalEnumerateUnmaskedInterrupts' : [ 0x144, ['pointer', ['void']]],
+    'HalFlushAndInvalidatePageExternalCache' : [ 0x148, ['pointer', ['void']]],
+    'KdEnumerateDebuggingDevices' : [ 0x14c, ['pointer', ['void']]],
+    'HalFlushIoRectangleExternalCache' : [ 0x150, ['pointer', ['void']]],
+    'HalPowerEarlyRestore' : [ 0x154, ['pointer', ['void']]],
+    'HalQueryCapsuleCapabilities' : [ 0x158, ['pointer', ['void']]],
+    'HalUpdateCapsule' : [ 0x15c, ['pointer', ['void']]],
+    'HalPciMultiStageResumeCapable' : [ 0x160, ['pointer', ['void']]],
+    'HalDmaFreeCrashDumpRegisters' : [ 0x164, ['pointer', ['void']]],
+    'HalAcpiAoacCapable' : [ 0x168, ['pointer', ['void']]],
+    'HalInterruptSetDestination' : [ 0x16c, ['pointer', ['void']]],
+    'HalGetClockConfiguration' : [ 0x170, ['pointer', ['void']]],
+    'HalClockTimerActivate' : [ 0x174, ['pointer', ['void']]],
+    'HalClockTimerInitialize' : [ 0x178, ['pointer', ['void']]],
+    'HalClockTimerStop' : [ 0x17c, ['pointer', ['void']]],
+    'HalClockTimerArm' : [ 0x180, ['pointer', ['void']]],
+    'HalTimerOnlyClockInterruptPending' : [ 0x184, ['pointer', ['void']]],
+    'HalAcpiGetMultiNode' : [ 0x188, ['pointer', ['void']]],
+    'HalPowerSetRebootHandler' : [ 0x18c, ['pointer', ['void']]],
+    'HalIommuRegisterDispatchTable' : [ 0x190, ['pointer', ['void']]],
+    'HalTimerWatchdogStart' : [ 0x194, ['pointer', ['void']]],
+    'HalTimerWatchdogResetCountdown' : [ 0x198, ['pointer', ['void']]],
+    'HalTimerWatchdogStop' : [ 0x19c, ['pointer', ['void']]],
+    'HalTimerWatchdogGeneratedLastReset' : [ 0x1a0, ['pointer', ['void']]],
+    'HalTimerWatchdogTriggerSystemReset' : [ 0x1a4, ['pointer', ['void']]],
+    'HalInterruptVectorDataToGsiv' : [ 0x1a8, ['pointer', ['void']]],
+    'HalInterruptGetHighestPriorityInterrupt' : [ 0x1ac, ['pointer', ['void']]],
+    'HalProcessorOn' : [ 0x1b0, ['pointer', ['void']]],
+    'HalProcessorOff' : [ 0x1b4, ['pointer', ['void']]],
+    'HalProcessorFreeze' : [ 0x1b8, ['pointer', ['void']]],
+    'HalDmaLinkDeviceObjectByToken' : [ 0x1bc, ['pointer', ['void']]],
+    'HalDmaCheckAdapterToken' : [ 0x1c0, ['pointer', ['void']]],
+    'Dummy4' : [ 0x1c4, ['pointer', ['void']]],
+    'HalTimerConvertPerformanceCounterToAuxiliaryCounter' : [ 0x1c8, ['pointer', ['void']]],
+    'HalTimerConvertAuxiliaryCounterToPerformanceCounter' : [ 0x1cc, ['pointer', ['void']]],
+    'HalTimerQueryAuxiliaryCounterFrequency' : [ 0x1d0, ['pointer', ['void']]],
+    'HalConnectThermalInterrupt' : [ 0x1d4, ['pointer', ['void']]],
+    'HalIsEFIRuntimeActive' : [ 0x1d8, ['pointer', ['void']]],
+    'HalTimerQueryAndResetRtcErrors' : [ 0x1dc, ['pointer', ['void']]],
+    'HalAcpiLateRestore' : [ 0x1e0, ['pointer', ['void']]],
+    'KdWatchdogDelayExpiration' : [ 0x1e4, ['pointer', ['void']]],
+    'HalGetProcessorStats' : [ 0x1e8, ['pointer', ['void']]],
+    'HalTimerWatchdogQueryDueTime' : [ 0x1ec, ['pointer', ['void']]],
+    'HalConnectSyntheticInterrupt' : [ 0x1f0, ['pointer', ['void']]],
+    'HalPreprocessNmi' : [ 0x1f4, ['pointer', ['void']]],
+    'HalEnumerateEnvironmentVariablesWithFilter' : [ 0x1f8, ['pointer', ['void']]],
+    'HalCaptureLastBranchRecordStack' : [ 0x1fc, ['pointer', ['void']]],
+    'HalClearLastBranchRecordStack' : [ 0x200, ['pointer', ['void']]],
+    'HalConfigureLastBranchRecord' : [ 0x204, ['pointer', ['void']]],
+    'HalGetLastBranchInformation' : [ 0x208, ['pointer', ['void']]],
+    'HalResumeLastBranchRecord' : [ 0x20c, ['pointer', ['void']]],
+    'HalStartLastBranchRecord' : [ 0x210, ['pointer', ['void']]],
+    'HalStopLastBranchRecord' : [ 0x214, ['pointer', ['void']]],
+    'HalIommuBlockDevice' : [ 0x218, ['pointer', ['void']]],
+    'HalIommuUnblockDevice' : [ 0x21c, ['pointer', ['void']]],
+    'HalGetIommuInterface' : [ 0x220, ['pointer', ['void']]],
+    'HalRequestGenericErrorRecovery' : [ 0x224, ['pointer', ['void']]],
+    'HalTimerQueryHostPerformanceCounter' : [ 0x228, ['pointer', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x10, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '__unnamed_2388' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_238a' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2388']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_238a']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long']],
+    'NumberOfProcessReferences' : [ 0x4, ['unsigned long']],
+    'ClonePtes' : [ 0x8, ['pointer', ['_MMCLONE_BLOCK']]],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x4fc0, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x500, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x640, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x6b0, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x16f0, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x1758, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1840, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x3f80, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0x3f98, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0x3fb0, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x3fe8, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x4030, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x4100, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x4180, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x4210, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x4280, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x4400, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x4440, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x4478, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x44c0, ['_MI_SYSTEM_TRIM_STATE']],
+    'Cookie' : [ 0x4500, ['unsigned long']],
+    'BootRegistryRuns' : [ 0x4504, ['pointer', ['pointer', ['void']]]],
+    'ZeroingDisabled' : [ 0x4508, ['long']],
+    'FullyInitialized' : [ 0x450c, ['unsigned char']],
+    'SafeBooted' : [ 0x450d, ['unsigned char']],
+    'PfnBitMap' : [ 0x4510, ['_RTL_BITMAP']],
+    'TraceLogging' : [ 0x4518, ['pointer', ['_TlgProvider_t']]],
+    'Vs' : [ 0x4540, ['_MI_VISIBLE_STATE']],
+} ],
+  '_CMSI_RW_LOCK' : [ 0x4, {
+    'Reserved' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x40, {
+    'ProcessorBuffers' : [ 0x0, ['pointer', ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x4, ['pointer', ['unsigned long long']]],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0xc00, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long']],
+    'HighestPhysicalPage' : [ 0x4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x8, ['unsigned long']],
+    'NumberOfPagingFiles' : [ 0xc, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x10, ['unsigned char']],
+    'PagingFile' : [ 0x14, ['array', 16, ['pointer', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0x80, ['unsigned long']],
+    'ResidentAvailablePages' : [ 0xc0, ['unsigned long']],
+    'PartitionWs' : [ 0x100, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x164, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x17c, ['unsigned long']],
+    'ModifiedPageListHead' : [ 0x180, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x1c0, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x1d4, ['unsigned long']],
+    'TotalPagesForPagingFile' : [ 0x1d8, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x1dc, ['unsigned long']],
+    'ProcessLockedFilePages' : [ 0x1e0, ['unsigned long']],
+    'SharedCommit' : [ 0x1e4, ['unsigned long']],
+    'ChargeCommitmentFailures' : [ 0x1e8, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x1f8, ['long']],
+    'PageFileTraces' : [ 0x200, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x10, ['_KEVENT']],
+} ],
+  '_ETW_DECODE_CONTROL_ENTRY' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'Decode' : [ 0x4, ['_GUID']],
+    'Control' : [ 0x14, ['_GUID']],
+    'ConsumersNotified' : [ 0x24, ['unsigned char']],
+} ],
+  '__unnamed_23c5' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_23c7' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_23c5']],
+} ],
+  '__unnamed_23c9' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_23c7']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_23c9']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x1000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_23d1' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_23d1']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x8, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_LARGEPAGE_IMAGE_INFO' : [ 0x8, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_23de' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x18, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long']],
+    'NodeCount' : [ 0x4, ['unsigned long']],
+    'Tables' : [ 0x8, ['pointer', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0xc, ['unsigned long']],
+    'UseSessionId' : [ 0x10, ['unsigned char']],
+    'u1' : [ 0x14, ['__unnamed_23de']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x10, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x4, ['pointer', ['void']]],
+    'AcquireForReadAhead' : [ 0x8, ['pointer', ['void']]],
+    'ReleaseFromReadAhead' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x90, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0x64, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x68, {
+    'SystemDllBase' : [ 0x0, ['pointer', ['void']]],
+    'ColorSeed' : [ 0x4, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0x8, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x20, ['array', 2, ['pointer', ['_MMPTE']]]],
+    'HypervisorSharedVa' : [ 0x28, ['pointer', ['void']]],
+    'VadSecureCookie' : [ 0x2c, ['unsigned long']],
+    'PaeGroups' : [ 0x30, ['unsigned long']],
+    'FreePaeEntries' : [ 0x34, ['unsigned long']],
+    'FirstFreePae' : [ 0x38, ['_PAE_ENTRY']],
+    'AllocatedPaePages' : [ 0x58, ['long']],
+    'PaeLock' : [ 0x5c, ['unsigned long']],
+    'PaeEntrySList' : [ 0x60, ['_SLIST_HEADER']],
+} ],
+  '_KIDTENTRY' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'Access' : [ 0x4, ['unsigned short']],
+    'ExtendedOffset' : [ 0x6, ['unsigned short']],
+} ],
+  '_IO_TIMER' : [ 0x18, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x4, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x8, {
+    'ExceptionRecord' : [ 0x0, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x4, ['pointer', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long']],
+    'PipelinedReadAheadRequestSize' : [ 0x54, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x58, ['unsigned long']],
+    'PrivateLinks' : [ 0x5c, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x168, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x8, ['long']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'RegListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x24, ['pointer', ['void']]],
+    'LastEnable' : [ 0x28, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x28, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x38, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x58, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x158, ['pointer', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x15c, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x164, ['pointer', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0xa8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x4, ['pointer', ['_KEVENT']]],
+    'Name' : [ 0x8, ['pointer', ['wchar']]],
+    'OrderingName' : [ 0xc, ['pointer', ['wchar']]],
+    'ResourceType' : [ 0x10, ['long']],
+    'Allocation' : [ 0x14, ['pointer', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x18, ['pointer', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x1c, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x24, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x2c, ['long']],
+    'Interface' : [ 0x30, ['pointer', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x34, ['unsigned long']],
+    'AllocationStack' : [ 0x38, ['pointer', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x3c, ['pointer', ['void']]],
+    'PackResource' : [ 0x40, ['pointer', ['void']]],
+    'UnpackResource' : [ 0x44, ['pointer', ['void']]],
+    'ScoreRequirement' : [ 0x48, ['pointer', ['void']]],
+    'TestAllocation' : [ 0x4c, ['pointer', ['void']]],
+    'RetestAllocation' : [ 0x50, ['pointer', ['void']]],
+    'CommitAllocation' : [ 0x54, ['pointer', ['void']]],
+    'RollbackAllocation' : [ 0x58, ['pointer', ['void']]],
+    'BootAllocation' : [ 0x5c, ['pointer', ['void']]],
+    'QueryArbitrate' : [ 0x60, ['pointer', ['void']]],
+    'QueryConflict' : [ 0x64, ['pointer', ['void']]],
+    'AddReserved' : [ 0x68, ['pointer', ['void']]],
+    'StartArbiter' : [ 0x6c, ['pointer', ['void']]],
+    'PreprocessEntry' : [ 0x70, ['pointer', ['void']]],
+    'AllocateEntry' : [ 0x74, ['pointer', ['void']]],
+    'GetNextAllocationRange' : [ 0x78, ['pointer', ['void']]],
+    'FindSuitableRange' : [ 0x7c, ['pointer', ['void']]],
+    'AddAllocation' : [ 0x80, ['pointer', ['void']]],
+    'BacktrackAllocation' : [ 0x84, ['pointer', ['void']]],
+    'OverrideConflict' : [ 0x88, ['pointer', ['void']]],
+    'InitializeRangeList' : [ 0x8c, ['pointer', ['void']]],
+    'TransactionInProgress' : [ 0x90, ['unsigned char']],
+    'TransactionEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'Extension' : [ 0x98, ['pointer', ['void']]],
+    'BusDeviceObject' : [ 0x9c, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0xa0, ['pointer', ['void']]],
+    'ConflictCallback' : [ 0xa4, ['pointer', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x3c, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0xc, ['pointer', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x10, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x11, ['unsigned char']],
+    'ServerIsRemote' : [ 0x12, ['unsigned char']],
+    'ClientTokenControl' : [ 0x14, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x40, {
+    'Address' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0xc, ['array', 13, ['pointer', ['void']]]],
+} ],
+  '_RTLP_HP_HEAP_GLOBALS' : [ 0xc, {
+    'HeapKey' : [ 0x0, ['unsigned long']],
+    'LfhKey' : [ 0x4, ['unsigned long']],
+    'FailureInfo' : [ 0x8, ['pointer', ['_HEAP_FAILURE_INFORMATION']]],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0x70, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x8, ['_KMUTANT']],
+    'FixupLock' : [ 0x28, ['long']],
+    'FirstLoadEver' : [ 0x2c, ['unsigned char']],
+    'LargePageAll' : [ 0x2d, ['unsigned char']],
+    'LastPage' : [ 0x30, ['unsigned long']],
+    'LargePageList' : [ 0x34, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x3c, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x44, ['pointer', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x4c, ['array', 2, ['pointer', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x54, ['unsigned long']],
+    'PageCounts' : [ 0x58, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'ImageTree' : [ 0x6c, ['_RTL_AVL_TREE']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x24, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x44, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x18, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x1c, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x20, ['pointer', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Lock' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x2c, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x30, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x31, ['unsigned char']],
+    'LightestSleepState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x38, ['pointer', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x3c, ['unsigned char']],
+    'DeleteType' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x18, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x4, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0xc, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x28, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x8, ['unsigned long']],
+    'SyncCallback' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'DeviceContext' : [ 0x14, ['pointer', ['void']]],
+    'NumberOfMapRegisters' : [ 0x18, ['unsigned long']],
+    'DeviceObject' : [ 0x1c, ['pointer', ['void']]],
+    'CurrentIrp' : [ 0x20, ['pointer', ['void']]],
+    'BufferChainingDpc' : [ 0x24, ['pointer', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x4, {
+    'Head' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'ActiveCount' : [ 0x8, ['unsigned long']],
+    'PendingNullCount' : [ 0xc, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x10, ['unsigned long']],
+    'PendingDelete' : [ 0x14, ['unsigned long']],
+    'FreeListHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x1c, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x20, ['pointer', ['void']]],
+    'Entry' : [ 0x24, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x80, {
+    'DriverInit' : [ 0x0, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x4, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x8, ['pointer', ['void']]],
+    'AddDevice' : [ 0xc, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x10, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x38, {
+    'PartitionLock' : [ 0x0, ['unsigned long']],
+    'PartitionIdLock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x8, ['unsigned long long']],
+    'PartitionList' : [ 0x10, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x18, ['pointer', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x1c, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x24, ['array', 1, ['pointer', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x28, ['pointer', ['pointer', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x2c, ['unsigned long']],
+    'CrossPartitionDenials' : [ 0x30, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x34, ['unsigned char']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x2e8, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+    'State' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+    'Removing' : [ 0x22, ['unsigned char']],
+    'Mode' : [ 0x23, ['unsigned char']],
+    'PendingMode' : [ 0x24, ['unsigned char']],
+    'ActivePoint' : [ 0x25, ['unsigned char']],
+    'PendingActivePoint' : [ 0x26, ['unsigned char']],
+    'Critical' : [ 0x27, ['unsigned char']],
+    'ThermalStandby' : [ 0x28, ['unsigned char']],
+    'OverThrottled' : [ 0x29, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x2c, ['long']],
+    'Throttle' : [ 0x30, ['long']],
+    'PendingThrottle' : [ 0x34, ['long']],
+    'ThrottleReasons' : [ 0x38, ['unsigned long']],
+    'LastPassiveTime' : [ 0x40, ['unsigned long long']],
+    'SampleRate' : [ 0x48, ['unsigned long']],
+    'LastTemp' : [ 0x4c, ['unsigned long']],
+    'Info' : [ 0x50, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xac, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xc4, ['unsigned char']],
+    'PollingRate' : [ 0xc8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xd0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xd8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0xe0, ['unsigned long long']],
+    'WorkItem' : [ 0xe8, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0xf8, ['_KTIMER2']],
+    'Lock' : [ 0x150, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x158, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x168, ['_KEVENT']],
+    'InstanceId' : [ 0x178, ['unsigned long']],
+    'TelemetryTracker' : [ 0x180, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x2e0, ['_UNICODE_STRING']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x288, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '__unnamed_24b5' : [ 0x4, {
+    'Bus' : [ 0x0, ['unsigned char']],
+    'Device' : [ 0x1, ['unsigned char']],
+    'Function' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_24b7' : [ 0x2, {
+    'SecondaryBus' : [ 0x0, ['unsigned char']],
+    'SubordinateBus' : [ 0x1, ['unsigned char']],
+} ],
+  '_PCI_BUSMASTER_DESCRIPTOR' : [ 0xc, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusmasterRidFromDeviceRid', 1: u'BusmasterRidFromBridgeRid', 2: u'BusmasterRidFromMultipleBridges'})]],
+    'Segment' : [ 0x4, ['unsigned long']],
+    'DeviceRid' : [ 0x8, ['__unnamed_24b5']],
+    'BridgeRid' : [ 0x8, ['__unnamed_24b5']],
+    'MultipleBridges' : [ 0x8, ['__unnamed_24b7']],
+} ],
+  '_HVP_VIEW_MAP' : [ 0x28, {
+    'SectionReference' : [ 0x0, ['pointer', ['void']]],
+    'StorageEndFileOffset' : [ 0x8, ['long long']],
+    'SectionEndFileOffset' : [ 0x10, ['long long']],
+    'ProcessTuple' : [ 0x18, ['pointer', ['_CMSI_PROCESS_TUPLE']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'ViewTree' : [ 0x20, ['_RTL_RB_TREE']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0xc, {
+    'ActiveThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'WaitList' : [ 0x4, ['pointer', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x8, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'BusExtension' : [ 0x4, ['pointer', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HAL_LOG_REGISTER_CONTEXT' : [ 0x8, {
+    'LogRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Flag' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_OBJECT_LIST_ENTRY' : [ 0x10, {
+    'DeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'RELATION_LEVEL_REMOVE_EJECT', 1: u'RELATION_LEVEL_DEPENDENT', 2: u'RELATION_LEVEL_DIRECT_DESCENDANT'})]],
+    'Ordinal' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x10, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'SidCount' : [ 0x8, ['unsigned long']],
+    'SidValuesStart' : [ 0xc, ['unsigned long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'DontUse0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'PointerProtoPte' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x10, {
+    'RunRefs' : [ 0x0, ['pointer', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x4, ['pointer', ['void']]],
+    'RunRefSize' : [ 0x8, ['unsigned long']],
+    'Number' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x4, {
+    'Function' : [ 0x0, ['pointer', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_24f1' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_24f3' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_24f1']],
+    'Private' : [ 0x0, ['__unnamed_24f3']],
+} ],
+  '_CM_TRANS_PTR' : [ 0x4, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'TransPtr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_CM_WORKITEM' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x8, ['unsigned long']],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Parameter' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x10, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x8, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0xc, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0x70, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x4, ['pointer', ['void']]],
+    'FastIoRead' : [ 0x8, ['pointer', ['void']]],
+    'FastIoWrite' : [ 0xc, ['pointer', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x10, ['pointer', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x14, ['pointer', ['void']]],
+    'FastIoLock' : [ 0x18, ['pointer', ['void']]],
+    'FastIoUnlockSingle' : [ 0x1c, ['pointer', ['void']]],
+    'FastIoUnlockAll' : [ 0x20, ['pointer', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x24, ['pointer', ['void']]],
+    'FastIoDeviceControl' : [ 0x28, ['pointer', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x2c, ['pointer', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x30, ['pointer', ['void']]],
+    'FastIoDetachDevice' : [ 0x34, ['pointer', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x38, ['pointer', ['void']]],
+    'AcquireForModWrite' : [ 0x3c, ['pointer', ['void']]],
+    'MdlRead' : [ 0x40, ['pointer', ['void']]],
+    'MdlReadComplete' : [ 0x44, ['pointer', ['void']]],
+    'PrepareMdlWrite' : [ 0x48, ['pointer', ['void']]],
+    'MdlWriteComplete' : [ 0x4c, ['pointer', ['void']]],
+    'FastIoReadCompressed' : [ 0x50, ['pointer', ['void']]],
+    'FastIoWriteCompressed' : [ 0x54, ['pointer', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0x58, ['pointer', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0x5c, ['pointer', ['void']]],
+    'FastIoQueryOpen' : [ 0x60, ['pointer', ['void']]],
+    'ReleaseForModWrite' : [ 0x64, ['pointer', ['void']]],
+    'AcquireForCcFlush' : [ 0x68, ['pointer', ['void']]],
+    'ReleaseForCcFlush' : [ 0x6c, ['pointer', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x1c, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x8, ['unsigned long']],
+    'VolumeKey' : [ 0xc, ['unsigned long']],
+    'Rundown' : [ 0x10, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x14, ['pointer', ['void']]],
+    'VolumeIoAttribution' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x8, {
+    'Port' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x8, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'Flags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0x6, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x4, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x4, ['unsigned long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x44, ['unsigned long']],
+    'BigPagesAllocated' : [ 0x48, ['unsigned long']],
+    'BytesAllocated' : [ 0x4c, ['unsigned long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x84, ['unsigned long']],
+    'BigPagesDeallocated' : [ 0x88, ['unsigned long']],
+    'BytesDeallocated' : [ 0x8c, ['unsigned long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+    'PoolTypeCopy' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'ThreadsProcessingDeferrals' : [ 0x104, ['long']],
+    'PendingFreeDepth' : [ 0x108, ['long']],
+    'ListHeads' : [ 0x140, ['array', 512, ['_LIST_ENTRY']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER' : [ 0xe0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'ImageBase' : [ 0x1c, ['unsigned long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long']],
+    'SizeOfStackCommit' : [ 0x4c, ['unsigned long']],
+    'SizeOfHeapReserve' : [ 0x50, ['unsigned long']],
+    'SizeOfHeapCommit' : [ 0x54, ['unsigned long']],
+    'LoaderFlags' : [ 0x58, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x5c, ['unsigned long']],
+    'DataDirectory' : [ 0x60, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x4, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x8, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x14, ['unsigned long']],
+    'PagingCount' : [ 0x18, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x1c, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KPRCBFLAG' : [ 0x4, {
+    'PrcbFlags' : [ 0x0, ['long']],
+    'BamQosLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'PendingQosUpdate' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PrcbFlagsReserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_256a' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_256c' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x10, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0xc, ['__unnamed_256a']],
+    'Button' : [ 0xc, ['__unnamed_256c']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0xc, ['pointer', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x14, ['unsigned long']],
+    'Buckets' : [ 0x18, ['array', 1, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x58, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x10, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x28, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x38, ['long long']],
+    'Callback' : [ 0x40, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x44, ['pointer', ['void']]],
+    'DisableCallback' : [ 0x48, ['pointer', ['void']]],
+    'DisableContext' : [ 0x4c, ['pointer', ['void']]],
+    'AbsoluteSystemTime' : [ 0x50, ['unsigned char']],
+    'TypeFlags' : [ 0x51, ['unsigned char']],
+    'Unused' : [ 0x51, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x51, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x51, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x51, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x51, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x52, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x103c, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'DetachTimeStamp' : [ 0x14, ['unsigned long']],
+    'CodePageEdited' : [ 0x18, ['unsigned char']],
+    'DynamicPoolBitBuffer' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'VaReferenceCount' : [ 0x20, ['array', 1024, ['long']]],
+    'DynamicPtesBitBuffer' : [ 0x1020, ['pointer', ['unsigned long']]],
+    'IdLock' : [ 0x1024, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x1028, ['pointer', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x102c, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x1030, ['pointer', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x1034, ['pointer', ['void']]],
+    'SessionCore' : [ 0x1038, ['pointer', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x330, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer', ['void']]],
+    'CallbackContext' : [ 0xc, ['pointer', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'AccessMask' : [ 0x18, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x140, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x4, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'UnusedSegmentPagedPool' : [ 0xc, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x10, ['unsigned long']],
+    'HighSectionBase' : [ 0x14, ['pointer', ['void']]],
+    'PhysicalSubsection' : [ 0x18, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0x70, ['_CONTROL_AREA']],
+    'PurgingExtentPages' : [ 0xc0, ['_MMPFNLIST']],
+    'DanglingExtentPages' : [ 0xd4, ['pointer', ['_MMPFN']]],
+    'DanglingExtentsWorkItem' : [ 0xd8, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsWorkerActive' : [ 0xe8, ['unsigned char']],
+    'PurgingExtentsNeedWatchdog' : [ 0xe9, ['unsigned char']],
+    'PrototypePtesTree' : [ 0xec, ['_RTL_AVL_TREE']],
+    'PrototypePtesTreeSpinLock' : [ 0xf0, ['long']],
+    'ImageBias' : [ 0xf4, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0xf8, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0xfc, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0x104, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x108, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0x10c, ['unsigned long']],
+    'LostDataFiles' : [ 0x110, ['unsigned long']],
+    'LostDataPages' : [ 0x114, ['unsigned long']],
+    'ImageFailureReason' : [ 0x118, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x11c, ['pointer', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x120, ['pointer', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x124, ['unsigned long']],
+    'ImageChecksumBreakpoint' : [ 0x128, ['unsigned long']],
+    'ImageSizeBreakpoint' : [ 0x12c, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x130, ['long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x1c, {
+    'HashLink' : [ 0x0, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x4, ['unsigned short']],
+    'Atom' : [ 0x6, ['unsigned short']],
+    'Reference' : [ 0x8, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x18, ['unsigned char']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'WaitResponse' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x18, {
+    'DebugInfo' : [ 0x0, ['pointer', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x4, ['long']],
+    'RecursionCount' : [ 0x8, ['long']],
+    'OwningThread' : [ 0xc, ['pointer', ['void']]],
+    'LockSemaphore' : [ 0x10, ['pointer', ['void']]],
+    'SpinCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x38, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x8, ['unsigned char']],
+    'ArbiterInterface' : [ 0xc, ['pointer', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x10, ['pointer', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x1c, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x24, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x2c, ['_LIST_ENTRY']],
+    'State' : [ 0x34, ['unsigned char']],
+    'ResourcesChanged' : [ 0x35, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x30, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x4, ['pointer', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x8, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0xc, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x10, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkIdFilter' : [ 0x14, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'StackWalkNameFilter' : [ 0x18, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+    'StackWalkLevelKwFilter' : [ 0x1c, ['pointer', ['_EVENT_FILTER_LEVEL_KW']]],
+    'EventIdFilter' : [ 0x20, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x24, ['pointer', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x28, ['pointer', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x2c, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0x90, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long']],
+    'NonPagedBytes' : [ 0x54, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x5c, ['unsigned long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x60, ['unsigned long']],
+    'SessionTrims' : [ 0x64, ['unsigned long']],
+    'OptionChanges' : [ 0x68, ['unsigned long']],
+    'VerifyMode' : [ 0x6c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x70, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x78, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x7c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x80, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x84, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x88, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x8c, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x470, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['pointer', ['void']]],
+    'ImageBaseAddress' : [ 0x8, ['pointer', ['void']]],
+    'Ldr' : [ 0xc, ['pointer', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x10, ['pointer', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x14, ['pointer', ['void']]],
+    'ProcessHeap' : [ 0x18, ['pointer', ['void']]],
+    'FastPebLock' : [ 0x1c, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x20, ['pointer', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x24, ['pointer', ['void']]],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['pointer', ['void']]],
+    'UserSharedInfoPtr' : [ 0x2c, ['pointer', ['void']]],
+    'SystemReserved' : [ 0x30, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x34, ['pointer', ['_SLIST_HEADER']]],
+    'ApiSetMap' : [ 0x38, ['pointer', ['void']]],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['pointer', ['void']]],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['pointer', ['void']]],
+    'SharedData' : [ 0x50, ['pointer', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x54, ['pointer', ['pointer', ['void']]]],
+    'AnsiCodePageData' : [ 0x58, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x5c, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x60, ['pointer', ['void']]],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['pointer', ['pointer', ['void']]]],
+    'GdiSharedHandleTable' : [ 0x94, ['pointer', ['void']]],
+    'ProcessStarterHelper' : [ 0x98, ['pointer', ['void']]],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['pointer', ['void']]],
+    'TlsExpansionBitmap' : [ 0x150, ['pointer', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['pointer', ['void']]],
+    'AppCompatInfo' : [ 0x1ec, ['pointer', ['void']]],
+    'CSDVersion' : [ 0x1f0, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x1f8, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x200, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x204, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['pointer', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x210, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x218, ['pointer', ['void']]],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['pointer', ['void']]],
+    'WerShipAssertPtr' : [ 0x234, ['pointer', ['void']]],
+    'pUnused' : [ 0x238, ['pointer', ['void']]],
+    'pImageHeaderHash' : [ 0x23c, ['pointer', ['void']]],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['pointer', ['void']]]],
+    'TelemetryCoverageHeader' : [ 0x45c, ['pointer', ['void']]],
+    'CloudFileFlags' : [ 0x460, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x464, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x468, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x469, ['array', 7, ['unsigned char']]],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x8, ['unsigned long']],
+    'Unloads' : [ 0xc, ['unsigned long']],
+    'BaseName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x10, {
+    'IssueType' : [ 0x0, ['unsigned long']],
+    'Address' : [ 0x4, ['pointer', ['void']]],
+    'Parameters' : [ 0x8, ['array', 2, ['unsigned long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x14, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Busy' : [ 0x10, ['unsigned char']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x24, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x28, ['unsigned long']],
+    'Alternatives' : [ 0x2c, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x30, ['unsigned short']],
+    'RangeAttributes' : [ 0x32, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x33, ['unsigned char']],
+    'WorkSpace' : [ 0x34, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x8, {
+    'BasePage' : [ 0x0, ['unsigned long']],
+    'PageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_25f1' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_25f5' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_25f7' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_25f1']],
+    'Bits' : [ 0x0, ['__unnamed_25f5']],
+} ],
+  '_KGDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_25f7']],
+} ],
+  '_ETW_SYSTEM_LOGGER_SETTINGS' : [ 0x174, {
+    'EtwpSystemLogger' : [ 0x0, ['array', 8, ['_ETW_SYSTEM_LOGGER']]],
+    'EtwpActiveSystemLoggers' : [ 0x10, ['unsigned long']],
+    'SiloGlobalGroupMask' : [ 0x14, ['_PERFINFO_GROUPMASK']],
+    'EtwpGroupMasks' : [ 0x34, ['array', 10, ['_PERFINFO_GROUPMASK']]],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x20, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP']],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Vad' : [ 0x10, ['pointer', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x14, ['unsigned long']],
+    'FullSetBits' : [ 0x18, ['unsigned long']],
+    'SubListIndex' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_2605' : [ 0x18, {
+    'ApcState' : [ 0x0, ['_KAPC_STATE']],
+    'HardFaultState' : [ 0x0, ['_MI_HARD_FAULT_STATE']],
+} ],
+  '__unnamed_2607' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_260a' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x100, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'CollidedEvent' : [ 0x20, ['_KEVENT']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'u2' : [ 0x40, ['__unnamed_2605']],
+    'Thread' : [ 0x58, ['pointer', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0x5c, ['pointer', ['_MMPFN']]],
+    'PteContents' : [ 0x60, ['_MMPTE']],
+    'WaitCount' : [ 0x68, ['long']],
+    'ByteCount' : [ 0x6c, ['unsigned long']],
+    'u3' : [ 0x70, ['__unnamed_2607']],
+    'u1' : [ 0x74, ['__unnamed_260a']],
+    'FilePointer' : [ 0x78, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x7c, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x7c, ['pointer', ['_SUBSECTION']]],
+    'Autoboost' : [ 0x80, ['pointer', ['void']]],
+    'FaultingAddress' : [ 0x84, ['pointer', ['void']]],
+    'PointerPte' : [ 0x88, ['pointer', ['_MMPTE']]],
+    'BasePte' : [ 0x8c, ['pointer', ['_MMPTE']]],
+    'Pfn' : [ 0x90, ['pointer', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'ProbeCount' : [ 0x98, ['long long']],
+    'Mdl' : [ 0xa0, ['_MDL']],
+    'Page' : [ 0xbc, ['array', 16, ['unsigned long']]],
+    'FlowThrough' : [ 0xbc, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2614' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2616' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2618' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_261a' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2614']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_2616']],
+    'Raw' : [ 0x0, ['__unnamed_2618']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x28, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'Operation' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0x8, ['__unnamed_261a']],
+    'Stack' : [ 0x10, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x10, {
+    'BaseKcb' : [ 0x0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x4, ['long']],
+    'ClonedKcbListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset', 25: u'ClearDmaGuardProblem'})]],
+    'ReorderingBarrier' : [ 0x10, ['unsigned char']],
+    'RequestArgument' : [ 0x14, ['unsigned long']],
+    'CompletionEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x1c, ['pointer', ['long']]],
+    'ActivityId' : [ 0x20, ['_GUID']],
+    'RefCount' : [ 0x30, ['long']],
+    'Dequeued' : [ 0x34, ['unsigned char']],
+    'CancelLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x3c, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0xc0, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x28, ['unsigned char']],
+    'Platform' : [ 0x29, ['unsigned char']],
+    'DependencyListCount' : [ 0x2c, ['unsigned long']],
+    'Processors' : [ 0x30, ['_KAFFINITY_EX']],
+    'Name' : [ 0x3c, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0x44, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x48, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x50, ['unsigned long long']],
+    'RefCount' : [ 0x80, ['long']],
+    'CacheAlign0' : [ 0x80, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer', ['void']]],
+    'InLoadOrderModuleList' : [ 0xc, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x14, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x24, ['pointer', ['void']]],
+    'ShutdownInProgress' : [ 0x28, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0x880, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x1c0, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x200, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x340, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x480, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x4c0, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x4d4, ['array', 2, ['pointer', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x4dc, ['array', 8, ['pointer', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x4fc, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x540, ['unsigned long']],
+    'TransitionSharedPagesPeak' : [ 0x544, ['array', 6, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x55c, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x65c, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x66c, ['unsigned long']],
+    'StandbyListDiscard' : [ 0x670, ['unsigned char']],
+    'FreeListDiscard' : [ 0x671, ['unsigned char']],
+    'LargePfnBitMapsReady' : [ 0x672, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0x678, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x680, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0x6c0, ['unsigned long']],
+    'AvailablePageWaitStates' : [ 0x6c4, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0x700, ['pointer', ['void']]],
+    'TransitionPrivatePages' : [ 0x740, ['unsigned long']],
+    'LargePfnBitMap' : [ 0x744, ['array', 1, ['_RTL_BITMAP']]],
+    'LargePageListHeads' : [ 0x74c, ['pointer', ['_MI_FREE_LARGE_PAGE_LIST']]],
+    'LargePageCandidates' : [ 0x750, ['array', 1, ['_MI_LARGE_PAGE_CANDIDATES']]],
+    'RebuildLargePageWorkItem' : [ 0x858, ['_WORK_QUEUE_ITEM']],
+    'RebuildLargePageActive' : [ 0x868, ['unsigned char']],
+    'LargePageRebuildLock' : [ 0x86c, ['long']],
+    'LowMemoryThreshold' : [ 0x870, ['unsigned long']],
+    'HighMemoryThreshold' : [ 0x874, ['unsigned long']],
+} ],
+  '__unnamed_2647' : [ 0x4, {
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_2647']],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '__unnamed_2655' : [ 0x4, {
+    'AllocationType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Inserted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_2657' : [ 0x4, {
+    'PrototypePtesFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2659' : [ 0x4, {
+    'e1' : [ 0x0, ['__unnamed_2655']],
+    'e2' : [ 0x0, ['__unnamed_2657']],
+} ],
+  '_MI_PROTOTYPE_PTES_NODE' : [ 0x10, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0xc, ['__unnamed_2659']],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0xd8, {
+    'Partition' : [ 0x0, ['pointer', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x4, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0xc, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x20, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x24, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x2c, ['unsigned long']],
+    'CombinePageListHeads' : [ 0x30, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0xb0, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'LowboxNumber' : [ 0x14, ['unsigned long']],
+    'AtomTable' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x4, ['pointer', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID' : [ 0x18, {
+    'DeviceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'EXT_IOMMU_DEVICE_TYPE_INVALID', 1: u'EXT_IOMMU_DEVICE_TYPE_PCI', 2: u'EXT_IOMMU_DEVICE_TYPE_ACPI', 3: u'EXT_IOMMU_DEVICE_TYPE_IOAPIC', 4: u'EXT_IOMMU_DEVICE_TYPE_LOGICAL', 5: u'EXT_IOMMU_DEVICE_TYPE_TEST', 6: u'EXT_IOMMU_DEVICE_TYPE_MAX'})]],
+    'Pci' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_PCI']],
+    'Acpi' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_ACPI']],
+    'IoApicId' : [ 0x8, ['unsigned char']],
+    'LogicalId' : [ 0x8, ['unsigned long long']],
+    'Test' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_TEST']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_267c' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_267e' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2681' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_2685' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x50, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x14, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x20, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x30, ['__unnamed_267c']],
+    'HvDeviceId' : [ 0x38, ['unsigned long long']],
+    'XapicMessage' : [ 0x40, ['__unnamed_267e']],
+    'Hypertransport' : [ 0x40, ['__unnamed_2681']],
+    'GenericMessage' : [ 0x40, ['__unnamed_267e']],
+    'MessageRequest' : [ 0x40, ['__unnamed_2685']],
+} ],
+  '__unnamed_268a' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_268c' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_268a']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_268f' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2691' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_268f']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_268c']],
+    'HighPart' : [ 0x4, ['__unnamed_2691']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'KernelSoftReboot' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x46, ['unsigned char']],
+    'PreviousIrql' : [ 0x47, ['unsigned char']],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_MMPTE_HIGHLOW' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0xb0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0xc, ['pointer', ['void']]],
+    'MessageServiceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'MessageIndex' : [ 0x14, ['unsigned long']],
+    'ServiceContext' : [ 0x18, ['pointer', ['void']]],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'TickCount' : [ 0x20, ['unsigned long']],
+    'ActualLock' : [ 0x24, ['pointer', ['unsigned long']]],
+    'DispatchAddress' : [ 0x28, ['pointer', ['void']]],
+    'Vector' : [ 0x2c, ['unsigned long']],
+    'Irql' : [ 0x30, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x31, ['unsigned char']],
+    'FloatingSave' : [ 0x32, ['unsigned char']],
+    'Connected' : [ 0x33, ['unsigned char']],
+    'Number' : [ 0x34, ['unsigned long']],
+    'ShareVector' : [ 0x38, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x39, ['unsigned char']],
+    'ActiveCount' : [ 0x3a, ['unsigned short']],
+    'InternalState' : [ 0x3c, ['long']],
+    'Mode' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x48, ['unsigned long']],
+    'DispatchCount' : [ 0x4c, ['unsigned long']],
+    'PassiveEvent' : [ 0x50, ['pointer', ['_KEVENT']]],
+    'TrapFrame' : [ 0x54, ['pointer', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x58, ['pointer', ['void']]],
+    'ServiceThread' : [ 0x5c, ['pointer', ['_KTHREAD']]],
+    'ConnectionData' : [ 0x60, ['pointer', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0x64, ['pointer', ['void']]],
+    'IsrDpcStats' : [ 0x68, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xa8, ['pointer', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x34, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x10, ['pointer', ['void']]],
+    'IoObject' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x1c, ['pointer', ['_ETHREAD']]],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ActivityId' : [ 0x24, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x18, {
+    'NextPteToTrim' : [ 0x0, ['pointer', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0xc, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x10, ['unsigned long']],
+    'LockedEntries' : [ 0x14, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x44, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer', ['unsigned char']]],
+    'DataPortMapped' : [ 0xc, ['unsigned char']],
+    'AddressPort' : [ 0x10, ['pointer', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x14, ['unsigned char']],
+    'CommandPort' : [ 0x18, ['pointer', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x1c, ['unsigned char']],
+    'NextSlotNumber' : [ 0x20, ['unsigned long']],
+    'DeviceList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x2c, ['pointer', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x30, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x38, ['unsigned long']],
+    'SystemPowerState' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x50, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+    'Extended' : [ 0x49, ['unsigned char']],
+    'RankNumber' : [ 0x4a, ['unsigned short']],
+    'CardHandle' : [ 0x4c, ['unsigned short']],
+    'ModuleHandle' : [ 0x4e, ['unsigned short']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KAPC_STATE' : [ 0x18, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x10, ['pointer', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x14, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x15, ['unsigned char']],
+    'UserApcPending' : [ 0x16, ['unsigned char']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x10, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x8, ['unsigned long']],
+    'Inserted' : [ 0xc, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_HEAP_VAMGR_CTX' : [ 0x1c1c, {
+    'VaSpace' : [ 0x0, ['_HEAP_VAMGR_VASPACE']],
+    'AllocatorLock' : [ 0x30, ['unsigned long']],
+    'AllocatorCount' : [ 0x34, ['unsigned long']],
+    'Allocators' : [ 0x38, ['array', 255, ['_HEAP_VAMGR_ALLOCATOR']]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DEBUG_DEVICE_DESCRIPTOR' : [ 0xa8, {
+    'Bus' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'Segment' : [ 0x8, ['unsigned short']],
+    'VendorID' : [ 0xa, ['unsigned short']],
+    'DeviceID' : [ 0xc, ['unsigned short']],
+    'BaseClass' : [ 0xe, ['unsigned char']],
+    'SubClass' : [ 0xf, ['unsigned char']],
+    'ProgIf' : [ 0x10, ['unsigned char']],
+    'Flags' : [ 0x11, ['unsigned char']],
+    'DbgHalScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgBarsMapped' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Initialized' : [ 0x12, ['unsigned char']],
+    'Configured' : [ 0x13, ['unsigned char']],
+    'BaseAddress' : [ 0x14, ['array', 6, ['DEBUG_DEVICE_ADDRESS']]],
+    'Memory' : [ 0x60, ['DEBUG_MEMORY_REQUIREMENTS']],
+    'PortType' : [ 0x80, ['unsigned short']],
+    'PortSubtype' : [ 0x82, ['unsigned short']],
+    'OemData' : [ 0x84, ['pointer', ['void']]],
+    'OemDataLength' : [ 0x88, ['unsigned long']],
+    'NameSpace' : [ 0x8c, ['Enumeration', dict(target = 'long', choices = {0: u'KdNameSpacePCI', 1: u'KdNameSpaceACPI', 2: u'KdNameSpaceAny', 3: u'KdNameSpaceNone', 4: u'KdNameSpaceMax'})]],
+    'NameSpacePath' : [ 0x90, ['pointer', ['wchar']]],
+    'NameSpacePathLength' : [ 0x94, ['unsigned long']],
+    'TransportType' : [ 0x98, ['unsigned long']],
+    'TransportData' : [ 0x9c, ['_DEBUG_TRANSPORT_DATA']],
+} ],
+  '__unnamed_26ee' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_26f0' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_26f2' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_26ee']],
+    'Interrupt' : [ 0x0, ['__unnamed_26f0']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_26f0']],
+    'Sci' : [ 0x0, ['__unnamed_26f0']],
+    'Nmi' : [ 0x0, ['__unnamed_26f0']],
+    'Sea' : [ 0x0, ['__unnamed_26f0']],
+    'Sei' : [ 0x0, ['__unnamed_26f0']],
+    'Gsiv' : [ 0x0, ['__unnamed_26f0']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_26f2']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x4, {
+    'LogHandleContext' : [ 0x0, ['pointer', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x19c, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x110, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x190, ['unsigned long']],
+    'ThreadListHead' : [ 0x194, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x2c, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'RealRefCount' : [ 0x14, ['unsigned long']],
+    'Descriptor' : [ 0x18, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x1c0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Partition' : [ 0x19c, ['pointer', ['_EX_PARTITION']]],
+    'Node' : [ 0x1a0, ['pointer', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x1a4, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x1a8, ['unsigned long']],
+    'ThreadCount' : [ 0x1ac, ['long']],
+    'MinThreads' : [ 0x1b0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x1b0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x1b4, ['long']],
+    'QueueIndex' : [ 0x1b8, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'IoPoolUntrusted', 8: u'ExPoolMax'})]],
+    'AllThreadsExitedEvent' : [ 0x1bc, ['pointer', ['_KEVENT']]],
+} ],
+  '_KSCB' : [ 0x100, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x50, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x5d, ['unsigned char']],
+    'ReadySummary' : [ 0x5e, ['unsigned short']],
+    'Rank' : [ 0x60, ['unsigned long']],
+    'ShareRank' : [ 0x64, ['pointer', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x68, ['unsigned long']],
+    'ReadyListHead' : [ 0x6c, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0xec, ['_RTL_RB_TREE']],
+    'Parent' : [ 0xf4, ['pointer', ['_KSCB']]],
+    'Root' : [ 0xf8, ['pointer', ['_KSCB']]],
+} ],
+  '__unnamed_2719' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0x5c, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x8, ['pointer', ['void']]],
+    'ExceptionTableSize' : [ 0xc, ['unsigned long']],
+    'GpValue' : [ 0x10, ['pointer', ['void']]],
+    'NonPagedDebugInfo' : [ 0x14, ['pointer', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'LoadCount' : [ 0x38, ['unsigned short']],
+    'u1' : [ 0x3a, ['__unnamed_2719']],
+    'SectionPointer' : [ 0x3c, ['pointer', ['void']]],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x44, ['unsigned long']],
+    'CoverageSection' : [ 0x48, ['pointer', ['void']]],
+    'LoadedImports' : [ 0x4c, ['pointer', ['void']]],
+    'Spare' : [ 0x50, ['pointer', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x54, ['unsigned long']],
+    'TimeDateStamp' : [ 0x58, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_KTSS' : [ 0x20ac, {
+    'Backlink' : [ 0x0, ['unsigned short']],
+    'Reserved0' : [ 0x2, ['unsigned short']],
+    'Esp0' : [ 0x4, ['unsigned long']],
+    'Ss0' : [ 0x8, ['unsigned short']],
+    'Reserved1' : [ 0xa, ['unsigned short']],
+    'NotUsed1' : [ 0xc, ['array', 4, ['unsigned long']]],
+    'CR3' : [ 0x1c, ['unsigned long']],
+    'Eip' : [ 0x20, ['unsigned long']],
+    'EFlags' : [ 0x24, ['unsigned long']],
+    'Eax' : [ 0x28, ['unsigned long']],
+    'Ecx' : [ 0x2c, ['unsigned long']],
+    'Edx' : [ 0x30, ['unsigned long']],
+    'Ebx' : [ 0x34, ['unsigned long']],
+    'Esp' : [ 0x38, ['unsigned long']],
+    'Ebp' : [ 0x3c, ['unsigned long']],
+    'Esi' : [ 0x40, ['unsigned long']],
+    'Edi' : [ 0x44, ['unsigned long']],
+    'Es' : [ 0x48, ['unsigned short']],
+    'Reserved2' : [ 0x4a, ['unsigned short']],
+    'Cs' : [ 0x4c, ['unsigned short']],
+    'Reserved3' : [ 0x4e, ['unsigned short']],
+    'Ss' : [ 0x50, ['unsigned short']],
+    'Reserved4' : [ 0x52, ['unsigned short']],
+    'Ds' : [ 0x54, ['unsigned short']],
+    'Reserved5' : [ 0x56, ['unsigned short']],
+    'Fs' : [ 0x58, ['unsigned short']],
+    'Reserved6' : [ 0x5a, ['unsigned short']],
+    'Gs' : [ 0x5c, ['unsigned short']],
+    'Reserved7' : [ 0x5e, ['unsigned short']],
+    'LDT' : [ 0x60, ['unsigned short']],
+    'Reserved8' : [ 0x62, ['unsigned short']],
+    'Flags' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+    'IoMaps' : [ 0x68, ['array', 1, ['_KiIoAccessMap']]],
+    'IntDirectionMap' : [ 0x208c, ['array', 32, ['unsigned char']]],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long']],
+    'TrimInProgressCount' : [ 0x4, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x8, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x18, ['array', 3, ['unsigned long']]],
+} ],
+  '_RTLP_HP_METADATA_HEAP_CTX' : [ 0x8, {
+    'Heap' : [ 0x0, ['pointer', ['_SEGMENT_HEAP']]],
+    'InitOnce' : [ 0x4, ['_RTL_RUN_ONCE']],
+} ],
+  '_KMUTANT' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x18, ['pointer', ['_KTHREAD']]],
+    'Abandoned' : [ 0x1c, ['unsigned char']],
+    'ApcDisable' : [ 0x1d, ['unsigned char']],
+} ],
+  '__unnamed_272f' : [ 0x4, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 29, native_type='unsigned long')]],
+} ],
+  '__unnamed_2732' : [ 0x4, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_ACTIVE_PFN' : [ 0x4, {
+    'Leaf' : [ 0x0, ['__unnamed_272f']],
+    'PageTable' : [ 0x0, ['__unnamed_2732']],
+    'EntireActiveField' : [ 0x0, ['unsigned long']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x4, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x168, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x4, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x18, ['_GUID']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NextSameTx' : [ 0x48, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x50, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x58, ['pointer', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0x5c, ['pointer', ['_KTRANSACTION']]],
+    'State' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0x64, ['unsigned long']],
+    'NotificationMask' : [ 0x68, ['unsigned long']],
+    'Key' : [ 0x6c, ['pointer', ['void']]],
+    'KeyRefCount' : [ 0x70, ['unsigned long']],
+    'RecoveryInformation' : [ 0x74, ['pointer', ['void']]],
+    'RecoveryInformationLength' : [ 0x78, ['unsigned long']],
+    'DynamicNameInformation' : [ 0x7c, ['pointer', ['void']]],
+    'DynamicNameInformationLength' : [ 0x80, ['unsigned long']],
+    'FinalNotification' : [ 0x84, ['pointer', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0x88, ['pointer', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0x8c, ['pointer', ['void']]],
+    'SubordinateTxHandle' : [ 0x90, ['pointer', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x94, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0xa4, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0xb4, ['_GUID']],
+    'NextHistory' : [ 0xc4, ['unsigned long']],
+    'History' : [ 0xc8, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x14, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x18, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long']],
+} ],
+  '_HMAP_TABLE' : [ 0x1800, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_275d' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_275f' : [ 0x10, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_275d']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x20, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0xc, ['__unnamed_275f']],
+    'VerifiedData' : [ 0x1c, ['pointer', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x10, {
+    'SecurityQos' : [ 0x0, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x4, ['pointer', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x8, ['unsigned long']],
+    'FullCreateOptions' : [ 0xc, ['unsigned long']],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x20, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x8, ['pointer', ['void']]],
+    'SessionViewVa' : [ 0x8, ['pointer', ['void']]],
+    'VadsProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'Type' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SystemCacheAttributes' : [ 0x10, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0xc0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0xc8, ['unsigned long']],
+    'PteTrackingBitmap' : [ 0xcc, ['_RTL_BITMAP']],
+    'CachedPteHeads' : [ 0xd4, ['pointer', ['_MI_CACHED_PTES']]],
+    'CachedKernelStackPteHeads' : [ 0xd8, ['pointer', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xdc, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPteInfo' : [ 0x110, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x144, ['unsigned long']],
+    'KernelStackPages' : [ 0x148, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x149, ['unsigned char']],
+    'AdjustCounter' : [ 0x14a, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x14c, ['long']],
+    'ReservedMappingTree' : [ 0x150, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x154, ['pointer', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x158, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x15c, ['long']],
+} ],
+  '__unnamed_276f' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0xe4, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_276f']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'NodeInformation' : [ 0x10, ['pointer', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x14, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x18, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x1c, ['unsigned long']],
+    'PfnUnmapWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x30, ['unsigned long']],
+    'PfnUnmapWaitList' : [ 0x34, ['pointer', ['void']]],
+    'MemoryRuns' : [ 0x38, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x3c, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x4c, ['array', 5, ['pointer', ['void']]]],
+    'PartitionObject' : [ 0x60, ['pointer', ['_EPARTITION']]],
+    'PartitionSystemThreadsLock' : [ 0x64, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0x6c, ['long']],
+    'PfnUnmapActive' : [ 0x70, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0x74, ['_KEVENT']],
+    'RootDirectory' : [ 0x84, ['pointer', ['void']]],
+    'KernelObjectsDirectory' : [ 0x88, ['pointer', ['void']]],
+    'MemoryEvents' : [ 0x8c, ['array', 11, ['pointer', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0xb8, ['array', 11, ['pointer', ['void']]]],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0x64, {
+    'NextPageColor' : [ 0x0, ['unsigned long']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long']],
+    'VmWorkingSetList' : [ 0xc, ['pointer', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x18, ['array', 8, ['unsigned long']]],
+    'ExitOutswapGate' : [ 0x38, ['pointer', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x3c, ['unsigned long']],
+    'WorkingSetLeafSize' : [ 0x40, ['unsigned long']],
+    'WorkingSetLeafPrivateSize' : [ 0x44, ['unsigned long']],
+    'WorkingSetSize' : [ 0x48, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x4c, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x50, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x54, ['unsigned long']],
+    'HardFaultCount' : [ 0x58, ['unsigned long']],
+    'LastTrimStamp' : [ 0x5c, ['unsigned short']],
+    'Unused0' : [ 0x5e, ['unsigned short']],
+    'Flags' : [ 0x60, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x18, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x8, ['unsigned char']],
+    'BlockState' : [ 0x9, ['unsigned char']],
+    'WaitKey' : [ 0xa, ['unsigned short']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0xc, ['pointer', ['_KQUEUE']]],
+    'Object' : [ 0x10, ['pointer', ['void']]],
+    'SparePtr' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x10, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0xc, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x58, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'VolumeLabel' : [ 0x18, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'WorkQueue' : [ 0x18, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x40, ['pointer', ['void']]],
+    'AcceptProcessorNotification' : [ 0x44, ['pointer', ['void']]],
+    'AcceptAcpiNotification' : [ 0x48, ['pointer', ['void']]],
+    'WorkOrderCount' : [ 0x4c, ['unsigned long']],
+    'WorkOrders' : [ 0x50, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 16, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_279c' : [ 0x20, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x1c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x50, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long']],
+    'ModifiedPagesTotal' : [ 0x1c, ['unsigned long']],
+    'ModifiedPagefilePages' : [ 0x20, ['unsigned long']],
+    'ModifiedNoWritePages' : [ 0x24, ['unsigned long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x28, ['unsigned long']],
+    'MdlHack' : [ 0x2c, ['__unnamed_279c']],
+} ],
+  '_HAL_LBR_ENTRY' : [ 0xc, {
+    'FromAddress' : [ 0x0, ['pointer', ['void']]],
+    'ToAddress' : [ 0x4, ['pointer', ['void']]],
+    'Reserved' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_NT_TIB' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x4, ['pointer', ['void']]],
+    'StackLimit' : [ 0x8, ['pointer', ['void']]],
+    'SubSystemTib' : [ 0xc, ['pointer', ['void']]],
+    'FiberData' : [ 0x10, ['pointer', ['void']]],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['pointer', ['void']]],
+    'Self' : [ 0x18, ['pointer', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x3c, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x8, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x10, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x14, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x18, ['pointer', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x18, ['array', 4, ['pointer', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x18, ['pointer', ['void']]],
+    'SessionId' : [ 0x1c, ['unsigned long']],
+    'Process' : [ 0x28, ['pointer', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['void']]],
+    'Callback' : [ 0x2c, ['pointer', ['void']]],
+    'Index' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x32, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x32, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x32, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x32, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x32, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'DbgUseDescriptorType' : [ 0x32, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'DbgDropProviderTraits' : [ 0x32, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'EnableMask' : [ 0x34, ['unsigned char']],
+    'GroupEnableMask' : [ 0x35, ['unsigned char']],
+    'Traits' : [ 0x38, ['pointer', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HAL_DP_REPLACE_PARAMETERS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'TargetProcessors' : [ 0x4, ['pointer', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+    'SpareProcessors' : [ 0x8, ['pointer', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x14, {
+    'NextEntry' : [ 0x0, ['pointer', ['void']]],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x2740, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long']],
+    'SystemVaBias' : [ 0x4, ['unsigned long']],
+    'SystemAvailableVaLow' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+    'SystemRangeStart' : [ 0x10, ['pointer', ['void']]],
+    'SystemCachePdeCount' : [ 0x14, ['array', 1024, ['unsigned char']]],
+    'SystemCacheReverseMaps' : [ 0x414, ['array', 1024, ['pointer', ['void']]]],
+    'VaRegion' : [ 0x1414, ['array', 1024, ['_MI_SYSTEM_REGION_REFERENCE']]],
+    'TopLevelPteLockBits' : [ 0x2414, ['array', 128, ['unsigned long']]],
+    'TopLevelPteAlternateLockBits' : [ 0x2614, ['array', 4, ['unsigned long']]],
+    'DeleteKvaLock' : [ 0x2624, ['long']],
+    'WsleArrays' : [ 0x2628, ['array', 8, ['pointer', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x2648, ['pointer', ['_MI_HYPER_SPACE']]],
+    'HyperSpaceEnd' : [ 0x264c, ['pointer', ['void']]],
+    'FreeSystemCacheVa' : [ 0x2650, ['_KEVENT']],
+    'SystemVaLock' : [ 0x2660, ['unsigned long']],
+    'SystemCacheViewLock' : [ 0x2664, ['unsigned long']],
+    'SystemWorkingSetList' : [ 0x2668, ['array', 8, ['_MMWSL_INSTANCE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x2c, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'GoodCitizenWaiting' : [ 0x4, ['long']],
+    'ReleasedCommitDebt' : [ 0x8, ['unsigned long']],
+    'ResetPagesRepurposedCount' : [ 0xc, ['unsigned long']],
+    'WsSwapSupport' : [ 0x10, ['pointer', ['void']]],
+    'CommitReleaseContext' : [ 0x14, ['pointer', ['void']]],
+    'WorkingSetCoreLock' : [ 0x18, ['long']],
+    'AccessLog' : [ 0x1c, ['pointer', ['void']]],
+    'ChargedWslePages' : [ 0x20, ['unsigned long']],
+    'ActualWslePages' : [ 0x24, ['unsigned long']],
+    'ShadowMapping' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_ETW_SYSTEM_LOGGER' : [ 0x2, {
+    'LoggerId' : [ 0x0, ['unsigned char']],
+    'ClockType' : [ 0x1, ['unsigned char']],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_ACPI' : [ 0x4, {
+    'ObjectName' : [ 0x0, ['pointer', ['unsigned char']]],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PNP_REPLACE_PROCESSOR_LIST' : [ 0x14, {
+    'Affinity' : [ 0x0, ['pointer', ['unsigned long']]],
+    'GroupCount' : [ 0x4, ['unsigned long']],
+    'AllocatedCount' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'ApicIds' : [ 0x10, ['array', 1, ['unsigned long']]],
+} ],
+  '_ETW_HW_TRACE_EXT_INTERFACE' : [ 0xc, {
+    'StartProcessorTraceOnEachCore' : [ 0x0, ['pointer', ['void']]],
+    'StopProcessorTraceOnEachCore' : [ 0x4, ['pointer', ['void']]],
+    'LogProcessorTraceOnCurrentCore' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x4, {
+    'ImpersonationData' : [ 0x0, ['unsigned long']],
+    'ImpersonationToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x4, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x8, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x10, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x8, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PAE_ENTRY' : [ 0x20, {
+    'PteEntry' : [ 0x0, ['array', 4, ['_MMPTE']]],
+    'PaeEntry' : [ 0x0, ['_PAE_PAGEINFO']],
+    'NextPae' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_MI_LARGE_PAGE_CANDIDATES' : [ 0x108, {
+    'Hand' : [ 0x0, ['unsigned short']],
+    'ActiveEntryCount' : [ 0x2, ['unsigned short']],
+    'Overflowed' : [ 0x4, ['unsigned char']],
+    'PageFrames' : [ 0x8, ['array', 64, ['unsigned long']]],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x10, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CloneCommitCount' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0x8, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_TEST' : [ 0x8, {
+    'UniqueId' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_282a' : [ 0x4, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_SECTION' : [ 0x28, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u1' : [ 0x14, ['__unnamed_282a']],
+    'SizeOfSection' : [ 0x18, ['unsigned long long']],
+    'u' : [ 0x20, ['__unnamed_1716']],
+    'InitialPageProtection' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x24, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x24, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer', ['void']]]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x8c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x8, ['unsigned long']],
+    'ArgumentStatus' : [ 0xc, ['long']],
+    'CallerEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'Callback' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'VetoType' : [ 0x1c, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x20, ['pointer', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x24, ['unsigned long']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'Cancel' : [ 0x2c, ['unsigned char']],
+    'Parent' : [ 0x30, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x34, ['_GUID']],
+    'Watchdog' : [ 0x44, ['pointer', ['_PNP_WATCHDOG']]],
+    'Data' : [ 0x48, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_GLOBAL_APPCOMPAT_FLAGS' : [ 0x4, {
+    'SafeInputValidation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Padding' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CommitLFHSubsegments' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AllocateHeapFromEnv' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x8, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x4, ['array', 1, ['pointer', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0xa0, {
+    'Timelines' : [ 0x0, ['array', 14, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+    'InputTimeline' : [ 0x48, ['_TIMELINE_BITMAP']],
+    'AudioInTimeline' : [ 0x50, ['_TIMELINE_BITMAP']],
+    'AudioOutTimeline' : [ 0x58, ['_TIMELINE_BITMAP']],
+    'DisplayRequiredTimeline' : [ 0x60, ['_TIMELINE_BITMAP']],
+    'KeyboardInputTimeline' : [ 0x68, ['_TIMELINE_BITMAP']],
+    'Durations' : [ 0x70, ['array', 5, ['_ENERGY_STATE_DURATION']]],
+    'InputDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'AudioInDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'AudioOutDuration' : [ 0x80, ['_ENERGY_STATE_DURATION']],
+    'DisplayRequiredDuration' : [ 0x88, ['_ENERGY_STATE_DURATION']],
+    'PSMBackgroundDuration' : [ 0x90, ['_ENERGY_STATE_DURATION']],
+    'KeyboardInput' : [ 0x98, ['unsigned long']],
+    'MouseInput' : [ 0x9c, ['unsigned long']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x20, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x14, ['long']],
+    'Active' : [ 0x18, ['long']],
+    'FreeWhenDone' : [ 0x1c, ['unsigned char']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x90, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x8, ['unsigned long']],
+    'InDebugger' : [ 0xc, ['long']],
+    'Pfns' : [ 0x10, ['array', 32, ['pointer', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x8, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 31, native_type='unsigned long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x0, ['pointer', ['void']]],
+    'SessionState' : [ 0x4, ['pointer', ['void']]],
+    'SessionId' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x20, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer', ['void']]],
+    'Owner' : [ 0x14, ['pointer', ['void']]],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'Flags' : [ 0x19, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0xb8, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'TimerApc' : [ 0x2c, ['_KAPC']],
+    'TimerDpc' : [ 0x5c, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0x7c, ['_LIST_ENTRY']],
+    'Period' : [ 0x84, ['unsigned long']],
+    'TimerFlags' : [ 0x88, ['unsigned char']],
+    'ApcAssociated' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0x88, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0x88, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0x89, ['unsigned char']],
+    'Spare2' : [ 0x8a, ['unsigned short']],
+    'WakeReason' : [ 0x8c, ['pointer', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x98, ['pointer', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x9c, ['_LIST_ENTRY']],
+    'DueTime' : [ 0xa8, ['unsigned long long']],
+    'CoalescingWindow' : [ 0xb0, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x48, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x34, ['array', 2, ['_RTL_BITMAP']]],
+    'CrashDumpPte' : [ 0x44, ['pointer', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'OldIrql' : [ 0x4, ['unsigned char']],
+    'NewIrql' : [ 0x5, ['unsigned char']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'TickCount' : [ 0x8, ['unsigned long']],
+    'StackTrace' : [ 0xc, ['array', 5, ['pointer', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0xc, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x8, {
+    'OwnerThread' : [ 0x0, ['unsigned long']],
+    'IoPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Entry' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x8, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x4, {
+    'ImageFileName' : [ 0x0, ['pointer', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x1a8, {
+    'IdleStates' : [ 0x0, ['pointer', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x4, ['pointer', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x20, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x28, ['unsigned char']],
+    'PepWokenTransition' : [ 0x29, ['unsigned char']],
+    'EfficiencyClass' : [ 0x2a, ['unsigned char']],
+    'SchedulingClass' : [ 0x2b, ['unsigned char']],
+    'TargetIdleState' : [ 0x2c, ['unsigned long']],
+    'IdlePolicy' : [ 0x30, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x38, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x40, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xcc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xd0, ['unsigned long']],
+    'WmiInterfaceEnabled' : [ 0xd4, ['long']],
+    'FFHThrottleStateInfo' : [ 0xd8, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0xf8, ['_KDPC']],
+    'PerfActionMask' : [ 0x118, ['long']],
+    'HvIdleCheck' : [ 0x120, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x130, ['pointer', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x134, ['pointer', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x138, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x13c, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x140, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x144, ['pointer', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x148, ['pointer', ['_PROC_PERF_HISTORY']]],
+    'GuaranteedPerformancePercent' : [ 0x14c, ['unsigned char']],
+    'HvTargetState' : [ 0x14d, ['unsigned char']],
+    'Parked' : [ 0x14e, ['unsigned char']],
+    'LongPriorQosPeriod' : [ 0x14f, ['unsigned char']],
+    'LatestPerformancePercent' : [ 0x150, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x154, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x158, ['unsigned long']],
+    'RelativePerformance' : [ 0x15c, ['unsigned long']],
+    'Utility' : [ 0x160, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x164, ['unsigned long']],
+    'SnapTimeLast' : [ 0x168, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x168, ['unsigned long long']],
+    'ActiveTime' : [ 0x170, ['unsigned long long']],
+    'TotalTime' : [ 0x178, ['unsigned long long']],
+    'FxDevice' : [ 0x180, ['pointer', ['_POP_FX_DEVICE']]],
+    'LastQosTranstionTsc' : [ 0x188, ['unsigned long long']],
+    'QosTransitionHysteresis' : [ 0x190, ['unsigned long long']],
+    'RequestedQosClass' : [ 0x198, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'ResolvedQosClass' : [ 0x19c, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'QosEquivalencyMask' : [ 0x1a0, ['unsigned long']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x200, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'CloneHeaderCount' : [ 0x18, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x20, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x30, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x40, ['unsigned long']],
+    'AttemptForCantExtend' : [ 0x44, ['_MMPAGE_FILE_EXPANSION']],
+    'DereferenceSegmentHeader' : [ 0x78, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0xa4, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0xb0, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0xd8, ['unsigned char']],
+    'SegmentDereferenceThreadExists' : [ 0xd9, ['unsigned char']],
+    'UnusedSegmentPagedPool' : [ 0xdc, ['unsigned long']],
+    'UnusedSegmentList' : [ 0xe0, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0xe8, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0xf0, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0xf8, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0x110, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0x128, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x138, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0x140, ['_EX_PUSH_LOCK']],
+    'PagefileExtensionWaiters' : [ 0x144, ['unsigned long']],
+    'PagefileExtensionRequests' : [ 0x148, ['unsigned long']],
+    'PagefileExtensionWaitEvent' : [ 0x14c, ['_KEVENT']],
+    'SharedCharges' : [ 0x15c, ['array', 7, ['_MI_CROSS_PARTITION_CHARGES']]],
+    'SharedChargesDrainEvent' : [ 0x1cc, ['pointer', ['_KEVENT']]],
+    'ControlAreasDrainEvent' : [ 0x1d0, ['pointer', ['_KEVENT']]],
+    'CloneHeaderDrainEvent' : [ 0x1d4, ['pointer', ['_KEVENT']]],
+    'ProbeRundownReference' : [ 0x1d8, ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]],
+} ],
+  '_KiIoAccessMap' : [ 0x2024, {
+    'DirectionMap' : [ 0x0, ['array', 32, ['unsigned char']]],
+    'IoMap' : [ 0x20, ['array', 8196, ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_BUS_HANDLER' : [ 0x68, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ConfigurationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'Cmos', 1: u'EisaConfiguration', 2: u'Pos', 3: u'CbusConfiguration', 4: u'PCIConfiguration', 5: u'VMEConfiguration', 6: u'NuBusConfiguration', 7: u'PCMCIAConfiguration', 8: u'MPIConfiguration', 9: u'MPSAConfiguration', 10: u'PNPISAConfiguration', 11: u'SgiInternalConfiguration', 12: u'MaximumBusDataType', -1: u'ConfigurationSpaceUndefined'})]],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'ParentHandler' : [ 0x14, ['pointer', ['_BUS_HANDLER']]],
+    'BusData' : [ 0x18, ['pointer', ['void']]],
+    'DeviceControlExtensionSize' : [ 0x1c, ['unsigned long']],
+    'BusAddresses' : [ 0x20, ['pointer', ['_SUPPORTED_RANGES']]],
+    'Reserved' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GetBusData' : [ 0x34, ['pointer', ['void']]],
+    'SetBusData' : [ 0x38, ['pointer', ['void']]],
+    'AdjustResourceList' : [ 0x3c, ['pointer', ['void']]],
+    'AssignSlotResources' : [ 0x40, ['pointer', ['void']]],
+    'TranslateBusAddress' : [ 0x44, ['pointer', ['void']]],
+    'Spare1' : [ 0x48, ['pointer', ['void']]],
+    'Spare2' : [ 0x4c, ['pointer', ['void']]],
+    'Spare3' : [ 0x50, ['pointer', ['void']]],
+    'Spare4' : [ 0x54, ['pointer', ['void']]],
+    'Spare5' : [ 0x58, ['pointer', ['void']]],
+    'Spare6' : [ 0x5c, ['pointer', ['void']]],
+    'Spare7' : [ 0x60, ['pointer', ['void']]],
+    'Spare8' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x14, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x154, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'State' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x1c, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x3c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x50, ['_GUID']],
+    'NotificationQueue' : [ 0x60, ['_KQUEUE']],
+    'NotificationMutex' : [ 0x88, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0xa8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xb0, ['unsigned long']],
+    'NotificationRoutine' : [ 0xb4, ['pointer', ['void']]],
+    'Key' : [ 0xb8, ['pointer', ['void']]],
+    'ProtocolListHead' : [ 0xbc, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0xc4, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0xcc, ['_LIST_ENTRY']],
+    'Tm' : [ 0xd4, ['pointer', ['_KTM']]],
+    'Description' : [ 0xd8, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0xe0, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x140, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_DEVICE' : [ 0x1f8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DevNode' : [ 0x1c, ['pointer', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x20, ['pointer', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x24, ['pointer', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x28, ['pointer', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x2c, ['pointer', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x30, ['pointer', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x38, ['pointer', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x3c, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0x5c, ['pointer', ['void']]],
+    'AcpiLink' : [ 0x60, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0x68, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0x70, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x88, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0xa0, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0xbc, ['unsigned long']],
+    'IdleTimer' : [ 0xc0, ['_KTIMER']],
+    'IdleDpc' : [ 0xe8, ['_KDPC']],
+    'IdleTimeout' : [ 0x108, ['unsigned long long']],
+    'IdleStamp' : [ 0x110, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x118, ['array', 2, ['pointer', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x120, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x128, ['array', 2, ['pointer', ['void']]]],
+    'NextIrpCallerContext' : [ 0x130, ['array', 2, ['pointer', ['void']]]],
+    'IrpCompleteEvent' : [ 0x138, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x148, ['pointer', ['void']]],
+    'Accounting' : [ 0x150, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x1c8, ['unsigned long']],
+    'ComponentCount' : [ 0x1cc, ['unsigned long']],
+    'Components' : [ 0x1d0, ['pointer', ['pointer', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x1d4, ['unsigned long']],
+    'Log' : [ 0x1d8, ['pointer', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x1dc, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x1e0, ['pointer', ['_DRIVER_OBJECT']]],
+    'DripsWatchdogContext' : [ 0x1e4, ['_POP_FX_DRIPS_WATCHDOG_CONTEXT']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x40, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x8, ['short']],
+    'SpecialApcDisable' : [ 0xa, ['short']],
+    'CombinedApcDisable' : [ 0x8, ['unsigned long']],
+    'Irql' : [ 0xc, ['unsigned char']],
+    'StackTrace' : [ 0x10, ['array', 12, ['pointer', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x4, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'InjectRetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CrossThreadPadding' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'PrefetchSystemVmType' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'VaPrefetchReadBlock' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'CollidedFlowThrough' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ForceCollisions' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'InPageExpanded' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IssuedAtLowPriority' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'FaultFromStore' : [ 0x1, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PagePriority' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'PerformRelocations' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ClusteredPagePriority' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'MakeClusterValid' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ZeroLastPage' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserFault' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'StandbyProtectionNeeded' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'PteChanged' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileFault' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'PageFilePageHashActive' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CoalescedIo' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'VmLockNotNeeded' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Processors' : [ 0x4, ['unsigned long']],
+    'ActiveProcessors' : [ 0x8, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_RTL_HP_SUB_ALLOCATOR_CONFIGS' : [ 0x10, {
+    'LfhConfigs' : [ 0x0, ['_RTL_HP_LFH_CONFIG']],
+    'VsConfigs' : [ 0xc, ['_RTL_HP_VS_CONFIG']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0xc, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SepCachedHandlesEntryLowbox', 1: u'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x4, ['pointer', ['void']]],
+    'IsolationPrefix' : [ 0x4, ['_UNICODE_STRING']],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x8, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x4, ['unsigned long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0x80, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x38, ['pointer', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x3c, ['pointer', ['void']]],
+    'Lock' : [ 0x40, ['long']],
+} ],
+  '_FLOATING_SAVE_AREA' : [ 0x70, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+    'Spare0' : [ 0x6c, ['unsigned long']],
+} ],
+  '__unnamed_2904' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2906' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2904']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x44, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x30, ['pointer', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x34, ['_LIST_ENTRY']],
+    'Specific' : [ 0x3c, ['__unnamed_2906']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0xc, {
+    'ChainLink' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'Context' : [ 0xc, ['pointer', ['void']]],
+    'CompletionState' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x14, ['unsigned long']],
+    'Status' : [ 0x18, ['long']],
+    'Information' : [ 0x1c, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0x20, ['long']],
+    'PnpDeviceCompletionQueueWatchdogLock' : [ 0x24, ['_FAST_MUTEX']],
+    'Watchdog' : [ 0x44, ['pointer', ['_PNP_WATCHDOG']]],
+} ],
+  '_ETW_STACK_TRACE_BLOCK' : [ 0x50, {
+    'RelatedTimestamp' : [ 0x0, ['_LARGE_INTEGER']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackWalkDpc' : [ 0xc, ['_KDPC']],
+    'ApcListHead' : [ 0x30, ['_SLIST_HEADER']],
+    'ApcEntry' : [ 0x38, ['pointer', ['_ETW_APC_ENTRY']]],
+    'ApcEntryCount' : [ 0x3c, ['unsigned long']],
+    'Flags' : [ 0x40, ['long']],
+    'ApcCount' : [ 0x44, ['long']],
+    'MaxApcCount' : [ 0x48, ['long']],
+} ],
+  '_EVENT_FILTER_LEVEL_KW' : [ 0x18, {
+    'MatchAnyKeyword' : [ 0x0, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x8, ['unsigned long long']],
+    'Level' : [ 0x10, ['unsigned char']],
+    'FilterIn' : [ 0x11, ['unsigned char']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x4, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer', ['_VI_POOL_ENTRY']]],
+} ],
+  '__unnamed_2925' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x34, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x4, ['_LIST_ENTRY']],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x10, ['unsigned long']],
+    'ActualExpansion' : [ 0x14, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'InProgress' : [ 0x28, ['long']],
+    'u1' : [ 0x2c, ['__unnamed_2925']],
+    'ActiveEntry' : [ 0x30, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x4, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0xa4, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x4, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x8, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x18, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'ServerSectionBase' : [ 0x24, ['pointer', ['void']]],
+    'PortContext' : [ 0x28, ['pointer', ['void']]],
+    'ClientThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x3c, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0x78, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0x80, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MappingProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0x8c, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0x8e, ['unsigned short']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'WaitEvent' : [ 0x94, ['_KEVENT']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_RTL_SRWLOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x100, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 62, ['pointer', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x10, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x4, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x8, ['pointer', ['unsigned long']]],
+    'Conflicts' : [ 0xc, ['pointer', ['pointer', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x160, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb8, ['array', 21, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x8, {
+    'Process' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'HandleCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x10, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MAP_REGISTER_ENTRY' : [ 0x8, {
+    'MapRegister' : [ 0x0, ['pointer', ['void']]],
+    'WriteToDevice' : [ 0x4, ['unsigned char']],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x50, {
+    'Context' : [ 0x0, ['pointer', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x44, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x4c, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x50, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceReasonUnknown', 1: u'RebalanceReasonRequirementsChanged', 2: u'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceFailureNone', 1: u'RebalanceFailureDisabled', 2: u'RebalanceFailureNoMemory', 3: u'RebalanceFailureQueryStopUnexpectedVeto', 4: u'RebalanceFailureNoRequirements', 5: u'RebalanceFailureNoCandidates', 6: u'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x1c, ['unsigned char']],
+    'TriggerRoot' : [ 0x20, ['pointer', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x24, ['unsigned char']],
+    'BeginTime' : [ 0x28, ['unsigned long long']],
+    'VetoNode' : [ 0x30, ['array', 2, ['pointer', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x38, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceQueryRebalanceSucceeded', 1: u'DeviceQueryStopFailed', 2: u'DeviceFailedGetNewResourceRequirement', 3: u'DeviceInUnexpectedState', 4: u'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x40, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_HMAP_ENTRY' : [ 0xc, {
+    'BlockOffset' : [ 0x0, ['unsigned long']],
+    'PermanentBinAddress' : [ 0x4, ['unsigned long']],
+    'MemAlloc' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2974' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x110, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x34, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x38, ['pointer', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x40, ['unsigned long long']],
+    'SleepTime' : [ 0x48, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x50, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x60, ['array', 3, ['__unnamed_2974']]],
+    'WakeAlarmPaused' : [ 0xa8, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb0, ['unsigned long long']],
+    'DozeDeferralStartTime' : [ 0xb8, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc0, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'Stamp' : [ 0x10, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_WNF_LOCK' : [ 0x4, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  '_RELATION_LIST' : [ 0x8, {
+    'DeviceObjectList' : [ 0x0, ['pointer', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x4, ['unsigned char']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x40, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x10, ['unsigned char']],
+    'ThreadPriorityStatic' : [ 0x11, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x14, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x28, ['long']],
+    'Gate' : [ 0x2c, ['_KGATE']],
+    'ThreadContext' : [ 0x3c, ['pointer', ['_MI_ZERO_THREAD_CONTEXT']]],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x10, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'StackLimit' : [ 0x4, ['unsigned long']],
+    'KernelStack' : [ 0x8, ['unsigned long']],
+    'InitialStack' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x20, {
+    'ComponentActive' : [ 0x0, ['pointer', ['void']]],
+    'ComponentIdle' : [ 0x4, ['pointer', ['void']]],
+    'ComponentIdleState' : [ 0x8, ['pointer', ['void']]],
+    'DevicePowerRequired' : [ 0xc, ['pointer', ['void']]],
+    'DevicePowerNotRequired' : [ 0x10, ['pointer', ['void']]],
+    'PowerControl' : [ 0x14, ['pointer', ['void']]],
+    'ComponentCriticalTransition' : [ 0x18, ['pointer', ['void']]],
+    'DripsWatchdogCallback' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x8, ['pointer', ['void']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'SharedWaiters' : [ 0x10, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x14, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 48, native_type='unsigned long long')]],
+} ],
+  '_WAITING_IRP' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'CompletionRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'Information' : [ 0x18, ['unsigned long']],
+    'BreakAllRH' : [ 0x1c, ['unsigned char']],
+    'OplockBreakNotify' : [ 0x1d, ['unsigned char']],
+    'FileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x88, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x20, ['unsigned long long']],
+    'UnscaledTime' : [ 0x28, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x30, ['long long']],
+    'ScaledTime' : [ 0x38, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x48, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x50, ['unsigned long long']],
+    'UserTimeLast' : [ 0x58, ['unsigned long']],
+    'KernelTimeLast' : [ 0x5c, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x60, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x68, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x80, ['unsigned char']],
+    'CounterDiscardsIdleTime' : [ 0x81, ['unsigned char']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x320, {
+    'ContextFrame' : [ 0x0, ['_CONTEXT']],
+    'SpecialRegisters' : [ 0x2cc, ['_KSPECIAL_REGISTERS']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x28, {
+    'InstantaneousRead' : [ 0x0, ['pointer', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'DiscardIdleTime' : [ 0x22, ['unsigned char']],
+    'Scaling' : [ 0x23, ['unsigned char']],
+    'Context' : [ 0x24, ['unsigned long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x18, {
+    'Next' : [ 0x0, ['pointer', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'Hint' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x58, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x8, ['pointer', ['void']]],
+    'ProcessObject' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x10, ['pointer', ['void']]],
+    'RealtimeConnectContext' : [ 0x14, ['pointer', ['void']]],
+    'DisconnectEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x1c, ['pointer', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x20, ['pointer', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x24, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x28, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x2c, ['unsigned long']],
+    'LoggerId' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned char']],
+    'ShutDownRequested' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x34, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x40, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x44, ['unsigned long']],
+    'UserPagesReused' : [ 0x48, ['unsigned long']],
+    'EventsLostCount' : [ 0x4c, ['pointer', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x50, ['pointer', ['unsigned long']]],
+    'SiloState' : [ 0x54, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_PAE_PAGEINFO' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'PageFrameNumber' : [ 0x8, ['unsigned long']],
+    'EntriesInUse' : [ 0xc, ['unsigned long']],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x138, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x28, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x30, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x38, ['unsigned long']],
+    'ClonedPageCount' : [ 0x40, ['unsigned long long']],
+    'CurrentMap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x4c, ['pointer', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x50, ['unsigned long']],
+    'LoaderMdl' : [ 0x54, ['pointer', ['_MDL']]],
+    'AllocatedMdl' : [ 0x58, ['pointer', ['_MDL']]],
+    'PagesOut' : [ 0x60, ['unsigned long long']],
+    'IoPages' : [ 0x68, ['pointer', ['void']]],
+    'IoPagesCount' : [ 0x6c, ['unsigned long']],
+    'CurrentMcb' : [ 0x70, ['pointer', ['void']]],
+    'DumpStack' : [ 0x74, ['pointer', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x78, ['pointer', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0x7c, ['unsigned long']],
+    'Status' : [ 0x80, ['long']],
+    'GraphicsProc' : [ 0x84, ['unsigned long']],
+    'MemoryImage' : [ 0x88, ['pointer', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0x8c, ['pointer', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0x90, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0x98, ['pointer', ['void']]],
+    'ResumeContext' : [ 0x9c, ['pointer', ['void']]],
+    'ResumeContextPages' : [ 0xa0, ['unsigned long']],
+    'ProcessorCount' : [ 0xa4, ['unsigned long']],
+    'ProcessorContext' : [ 0xa8, ['pointer', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0xac, ['pointer', ['unsigned char']]],
+    'ProdConsSize' : [ 0xb0, ['unsigned long']],
+    'MaxDataPages' : [ 0xb4, ['unsigned long']],
+    'ExtraBuffer' : [ 0xb8, ['pointer', ['void']]],
+    'ExtraBufferSize' : [ 0xbc, ['unsigned long']],
+    'ExtraMapVa' : [ 0xc0, ['pointer', ['void']]],
+    'BitlockerKeyPFN' : [ 0xc4, ['unsigned long']],
+    'IoInfo' : [ 0xc8, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x128, ['pointer', ['unsigned short']]],
+    'IoChecksumsSize' : [ 0x12c, ['unsigned long']],
+    'HardwareConfigurationSignature' : [ 0x130, ['unsigned long']],
+    'SecureBoot' : [ 0x134, ['unsigned char']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x4, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_29f1' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0x6c, {
+    'Parent' : [ 0x0, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x4, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0xc, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'Root' : [ 0x1c, ['pointer', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x20, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x24, ['__unnamed_29f1']],
+    'ChildrenCount' : [ 0x28, ['long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'ParentStackTrace' : [ 0x4c, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x8, {
+    'p' : [ 0x0, ['pointer', ['void']]],
+    'RangeSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long']],
+    'TotalCommitLimitMaximum' : [ 0x4, ['unsigned long']],
+    'Popups' : [ 0x8, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x10, ['unsigned long']],
+    'HighCommitThreshold' : [ 0x14, ['unsigned long']],
+    'EventLock' : [ 0x18, ['unsigned long']],
+    'SystemCommitReserve' : [ 0x1c, ['unsigned long']],
+    'OverCommit' : [ 0x40, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x2c, {
+    'Sibling' : [ 0x0, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'CallerType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x8, ['unsigned long']],
+    'DevicePathOffset' : [ 0xc, ['unsigned long']],
+    'ReasonOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x38, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x2c, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x24, {
+    'InitiatingThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ThreadId' : [ 0x8, ['pointer', ['void']]],
+    'ProcessId' : [ 0xc, ['pointer', ['void']]],
+    'Code' : [ 0x10, ['unsigned long']],
+    'Parameter1' : [ 0x14, ['unsigned long']],
+    'Parameter2' : [ 0x18, ['unsigned long']],
+    'Parameter3' : [ 0x1c, ['unsigned long']],
+    'Parameter4' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x2c, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ProbeMode' : [ 0x8, ['unsigned char']],
+    'PagedPoolCharge' : [ 0xc, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x10, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x14, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x18, ['pointer', ['void']]],
+    'SecurityQos' : [ 0x1c, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x20, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x40f0, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x14, ['unsigned long']],
+    'ResourceAddressRange' : [ 0x18, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x2010, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x2014, ['unsigned long']],
+    'ThreadAddressRange' : [ 0x2018, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x4010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x4014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x4018, ['unsigned long']],
+    'NodesSearched' : [ 0x401c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x4020, ['unsigned long']],
+    'SequenceNumber' : [ 0x4024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x4028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x402c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x4030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x4034, ['unsigned long']],
+    'StackLimitHits' : [ 0x4038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x403c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x4040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x4044, ['unsigned long']],
+    'TotalReleases' : [ 0x4048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x404c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x4050, ['unsigned long']],
+    'Instigator' : [ 0x4054, ['pointer', ['void']]],
+    'NumberOfParticipants' : [ 0x4058, ['unsigned long']],
+    'Participant' : [ 0x405c, ['array', 32, ['pointer', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x40dc, ['long']],
+    'StackType' : [ 0x40e0, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'DebuggerStackLimits', 8: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x40e4, ['unsigned long']],
+    'StackHighLimit' : [ 0x40e8, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x10, ['pointer', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x14, ['pointer', ['void']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x338, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long']],
+    'PageSize' : [ 0x14, ['unsigned long']],
+    'SystemTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x20, ['unsigned long long']],
+    'FeatureFlags' : [ 0x28, ['unsigned long long']],
+    'HiberFlags' : [ 0x30, ['unsigned char']],
+    'spare' : [ 0x31, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x34, ['unsigned long']],
+    'HiberVa' : [ 0x38, ['unsigned long']],
+    'NoFreePages' : [ 0x3c, ['unsigned long']],
+    'FreeMapCheck' : [ 0x40, ['unsigned long']],
+    'WakeCheck' : [ 0x44, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x48, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x50, ['unsigned long']],
+    'FirstKernelRestorePage' : [ 0x54, ['unsigned long']],
+    'FirstChecksumRestorePage' : [ 0x58, ['unsigned long']],
+    'NoChecksumEntries' : [ 0x60, ['unsigned long long']],
+    'PerfInfo' : [ 0x68, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x260, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x264, ['array', 1, ['unsigned long']]],
+    'SpareUlong' : [ 0x268, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x26c, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x270, ['array', 24, ['unsigned long']]],
+    'NotUsed' : [ 0x2d0, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x2d4, ['unsigned long']],
+    'ResumeContextPages' : [ 0x2d8, ['unsigned long']],
+    'Hiberboot' : [ 0x2dc, ['unsigned char']],
+    'SecureLaunched' : [ 0x2dd, ['unsigned char']],
+    'SecureBoot' : [ 0x2de, ['unsigned char']],
+    'HvCr3' : [ 0x2e0, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x2e8, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x2f0, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x2f8, ['unsigned long long']],
+    'BootFlags' : [ 0x300, ['unsigned long long']],
+    'RestoreProcessorStateRoutine' : [ 0x308, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x310, ['unsigned long']],
+    'BitlockerKeyPfns' : [ 0x314, ['array', 4, ['unsigned long']]],
+    'HardwareSignature' : [ 0x324, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x328, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x330, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x334, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x335, ['unsigned char']],
+    'HiberResumeXhciHandoffSkip' : [ 0x336, ['unsigned char']],
+} ],
+  'DEBUG_MEMORY_REQUIREMENTS' : [ 0x20, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'MaxEnd' : [ 0x8, ['_LARGE_INTEGER']],
+    'VirtualAddress' : [ 0x10, ['pointer', ['void']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Cached' : [ 0x18, ['unsigned char']],
+    'Aligned' : [ 0x19, ['unsigned char']],
+} ],
+  'DEBUG_DEVICE_ADDRESS' : [ 0xc, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Valid' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 2, ['unsigned char']]],
+    'BitWidth' : [ 0x2, ['unsigned char']],
+    'AccessSize' : [ 0x3, ['unsigned char']],
+    'TranslatedAddress' : [ 0x4, ['pointer', ['unsigned char']]],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x10, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x20, ['pointer', ['_KDPC']]],
+    'Period' : [ 0x24, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x4, {
+    'PageHashes' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x8, ['unsigned long']],
+    'Alternatives' : [ 0xc, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'WorkSpace' : [ 0x1c, ['long']],
+    'InterfaceType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x24, ['unsigned long']],
+    'BusNumber' : [ 0x28, ['unsigned long']],
+    'Assignment' : [ 0x2c, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x30, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x38, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x4, ['long']],
+    'PrefetchSeekThreshold' : [ 0x8, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x24, ['unsigned long']],
+    'DelayPageFaults' : [ 0x28, ['long']],
+    'FileCompressionBoundary' : [ 0x2c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x48, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long']],
+    'PfnDecayFreeSList' : [ 0x8, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x10, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x14, ['_KDPC']],
+    'PageHeatListSlist' : [ 0x38, ['_SLIST_HEADER']],
+    'PageHeatListDisableAllocation' : [ 0x40, ['long']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x4, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x128, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x104, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x124, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x8, ['pointer', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x10, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_PCI' : [ 0x10, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'PciSegmentNumber' : [ 0x0, ['unsigned short']],
+    'PhantomFunctionBits' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned short')]],
+    'BusRange' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DevicePathLength' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'StartBusNumber' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Bdf' : [ 0x4, ['unsigned short']],
+    'SubordinateBus' : [ 0x4, ['unsigned char']],
+    'SecondaryBus' : [ 0x5, ['unsigned char']],
+    'DevicePath' : [ 0x8, ['pointer', ['unsigned short']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x1c, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'InitialInPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x8, ['pointer', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0xc, ['unsigned long']],
+    'Node' : [ 0x10, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x18, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0x50, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Type' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_PTE_TRACKER' : [ 0x44, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'Count' : [ 0xc, ['unsigned long']],
+    'SystemVa' : [ 0x10, ['pointer', ['void']]],
+    'StartVa' : [ 0x14, ['pointer', ['void']]],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'IoMapping' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x24, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x24, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x24, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x24, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x28, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x18, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Next' : [ 0x14, ['pointer', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0xc, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0xa8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'MinimumSize' : [ 0x8, ['unsigned long']],
+    'FreeSpace' : [ 0xc, ['unsigned long']],
+    'PeakUsage' : [ 0x10, ['unsigned long']],
+    'HighestPage' : [ 0x14, ['unsigned long']],
+    'FreeReservationSpace' : [ 0x18, ['unsigned long']],
+    'File' : [ 0x1c, ['pointer', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x20, ['array', 2, ['pointer', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x28, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x30, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x38, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x3c, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x40, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x44, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x48, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x4c, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x50, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x54, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0x5c, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0x64, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0x6c, ['pointer', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0x70, ['unsigned long']],
+    'HybridPriority' : [ 0x70, ['unsigned long']],
+    'PageFileNumber' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'Spare0' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x76, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x76, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0x77, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0x77, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0x78, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0x7c, ['unsigned long']],
+    'PageHash' : [ 0x80, ['pointer', ['unsigned long']]],
+    'FileHandle' : [ 0x84, ['pointer', ['void']]],
+    'Lock' : [ 0x88, ['unsigned long']],
+    'LockOwner' : [ 0x8c, ['pointer', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0x90, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x94, ['pointer', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x98, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x88, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x8, ['array', 32, ['unsigned long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x1c, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x10, ['long']],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'WatchdogTimerInfo' : [ 0x18, ['pointer', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x10, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x14, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x4, ['_RTL_AVL_TREE']],
+    'ActiveZeroSpinLock' : [ 0x8, ['long']],
+    'ActiveZeroThreadTree' : [ 0xc, ['_RTL_AVL_TREE']],
+    'NumberOfLargePageListHeads' : [ 0x10, ['unsigned long']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x28, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x18, ['unsigned long']],
+    'ModuleSize' : [ 0x1c, ['unsigned long']],
+    'Offset' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_2a9c' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2a9e' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2a9c']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2a9e']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x204, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'HashTable' : [ 0x4, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x8, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x4, ['pointer', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'LowboxMap' : [ 0xc, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x60, {
+    'DumpMdl' : [ 0x0, ['pointer', ['_MDL']]],
+    'IoStatus' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x8, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x10, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x18, ['unsigned long long']],
+    'RequestSize' : [ 0x20, ['unsigned long long']],
+    'IoLocation' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x30, ['unsigned long long']],
+    'Buffer' : [ 0x38, ['pointer', ['void']]],
+    'AsyncCapable' : [ 0x3c, ['unsigned char']],
+    'BytesToRead' : [ 0x40, ['unsigned long long']],
+    'Pages' : [ 0x48, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x50, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x58, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x38, {
+    'SidHash' : [ 0x0, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x8, ['pointer', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0xc, ['_LUID']],
+    'TokenType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x1c, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'AppContainerNumber' : [ 0x24, ['unsigned long']],
+    'PackageSid' : [ 0x28, ['pointer', ['void']]],
+    'CapabilitiesHash' : [ 0x2c, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x30, ['pointer', ['void']]],
+    'SecurityAttributes' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x4, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 28, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x0, ['long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x1c, {
+    'SourceProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x4, ['pointer', ['void']]],
+    'Object' : [ 0x8, ['pointer', ['void']]],
+    'TargetAccess' : [ 0xc, ['unsigned long']],
+    'ObjectInfo' : [ 0x10, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x10, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0xc, ['pointer', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x14, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x8, ['pointer', ['void']]],
+    'Key' : [ 0xc, ['unsigned long']],
+    'BindingProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_DMA_IOMMU_INTERFACE' : [ 0x34, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'CreateDomain' : [ 0x4, ['pointer', ['void']]],
+    'DeleteDomain' : [ 0x8, ['pointer', ['void']]],
+    'AttachDevice' : [ 0xc, ['pointer', ['void']]],
+    'DetachDevice' : [ 0x10, ['pointer', ['void']]],
+    'ConfigureDomain' : [ 0x14, ['pointer', ['void']]],
+    'FlushDomain' : [ 0x18, ['pointer', ['void']]],
+    'FlushDomainByVaList' : [ 0x1c, ['pointer', ['void']]],
+    'QueryInputMappings' : [ 0x20, ['pointer', ['void']]],
+    'MapLogicalRange' : [ 0x24, ['pointer', ['void']]],
+    'UnmapLogicalRange' : [ 0x28, ['pointer', ['void']]],
+    'MapIdentityRange' : [ 0x2c, ['pointer', ['void']]],
+    'UnmapIdentityRange' : [ 0x30, ['pointer', ['void']]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x10, {
+    'Va' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'Pattern' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0x8, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0x8, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2b04' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_2b04']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x30, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x1c, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x20, ['unsigned long']],
+    'Counters' : [ 0x24, ['array', 2, ['unsigned long']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x4, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '__unnamed_2b16' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_2b19' : [ 0x4, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x4c, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x28, ['__unnamed_2b16']],
+    'Subsection' : [ 0x2c, ['pointer', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x30, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x34, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x38, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x40, ['pointer', ['_EPROCESS']]],
+    'u4' : [ 0x44, ['__unnamed_2b19']],
+    'FileObject' : [ 0x48, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_CMSI_PROCESS_TUPLE' : [ 0x8, {
+    'ProcessHandle' : [ 0x0, ['pointer', ['void']]],
+    'ProcessReference' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HEAP_FAILURE_INFORMATION' : [ 0x3d0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'StructureSize' : [ 0x4, ['unsigned long']],
+    'FailureType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'heap_failure_internal', 1: u'heap_failure_unknown', 2: u'heap_failure_generic', 3: u'heap_failure_entry_corruption', 4: u'heap_failure_multiple_entries_corruption', 5: u'heap_failure_virtual_block_corruption', 6: u'heap_failure_buffer_overrun', 7: u'heap_failure_buffer_underrun', 8: u'heap_failure_block_not_busy', 9: u'heap_failure_invalid_argument', 10: u'heap_failure_invalid_allocation_type', 11: u'heap_failure_usage_after_free', 12: u'heap_failure_cross_heap_operation', 13: u'heap_failure_freelists_corruption', 14: u'heap_failure_listentry_corruption', 15: u'heap_failure_lfh_bitmap_mismatch', 16: u'heap_failure_segment_lfh_bitmap_corruption', 17: u'heap_failure_segment_lfh_double_free', 18: u'heap_failure_vs_subsegment_corruption', 19: u'heap_failure_null_heap'})]],
+    'HeapAddress' : [ 0xc, ['pointer', ['void']]],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Param1' : [ 0x14, ['pointer', ['void']]],
+    'Param2' : [ 0x18, ['pointer', ['void']]],
+    'Param3' : [ 0x1c, ['pointer', ['void']]],
+    'PreviousBlock' : [ 0x20, ['pointer', ['void']]],
+    'NextBlock' : [ 0x24, ['pointer', ['void']]],
+    'ExpectedDecodedEntry' : [ 0x28, ['_FAKE_HEAP_ENTRY']],
+    'StackTrace' : [ 0x30, ['array', 32, ['pointer', ['void']]]],
+    'HeapMajorVersion' : [ 0xb0, ['unsigned char']],
+    'HeapMinorVersion' : [ 0xb1, ['unsigned char']],
+    'ExceptionRecord' : [ 0xb4, ['_EXCEPTION_RECORD']],
+    'ContextRecord' : [ 0x104, ['_CONTEXT']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_KTM' : [ 0x238, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x4, ['_KMUTANT']],
+    'State' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x28, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x3c, ['_GUID']],
+    'Flags' : [ 0x4c, ['unsigned long']],
+    'VolatileFlags' : [ 0x50, ['unsigned long']],
+    'LogFileName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x5c, ['pointer', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0x60, ['pointer', ['void']]],
+    'LogManagementContext' : [ 0x64, ['pointer', ['void']]],
+    'Transactions' : [ 0x68, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0xc8, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x128, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x148, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x150, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x158, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x178, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x180, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x188, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x190, ['pointer', ['void']]],
+    'TmRm' : [ 0x194, ['pointer', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x198, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x1b8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x1c0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x1d0, ['_ERESOURCE']],
+    'LogFlags' : [ 0x208, ['unsigned long']],
+    'LogFullStatus' : [ 0x20c, ['long']],
+    'RecoveryStatus' : [ 0x210, ['long']],
+    'LastCheckBaseLsn' : [ 0x218, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x220, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x228, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x8, {
+    'CurrentIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'PendingIrpList' : [ 0x4, ['pointer', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x2c, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x8, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x14, ['pointer', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x18, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x18, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0xa8, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x34, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'PackagedBinary' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x34, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x34, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x34, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x34, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x34, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x34, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x34, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x34, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x34, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x34, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x34, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x34, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x34, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x34, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x34, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x34, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x34, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ChpeImage' : [ 0x34, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x34, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x34, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x34, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x38, ['unsigned short']],
+    'TlsIndex' : [ 0x3a, ['unsigned short']],
+    'HashLinks' : [ 0x3c, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x48, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x4c, ['pointer', ['void']]],
+    'DdagNode' : [ 0x50, ['pointer', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0x54, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0x5c, ['pointer', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0x60, ['pointer', ['void']]],
+    'SwitchBackContext' : [ 0x64, ['pointer', ['void']]],
+    'BaseAddressIndexNode' : [ 0x68, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0x74, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0x80, ['unsigned long']],
+    'LoadTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x90, ['unsigned long']],
+    'LoadReason' : [ 0x94, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', 7: u'LoadReasonEnclavePrimary', 8: u'LoadReasonEnclaveDependency', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x98, ['unsigned long']],
+    'ReferenceCount' : [ 0x9c, ['unsigned long']],
+    'DependentLoadFlags' : [ 0xa0, ['unsigned long']],
+    'SigningLevel' : [ 0xa4, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2b47' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2b49' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_2b4b' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_2b47']],
+    'e2' : [ 0x0, ['__unnamed_2b49']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_2b4b']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'DueTickCount' : [ 0xc, ['unsigned long']],
+    'Inserted' : [ 0x10, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x11, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x12, ['unsigned short']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x1d0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x34, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0x68, ['unsigned long']],
+    'NumberOfMappedMdlsInUse' : [ 0x6c, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0x70, ['unsigned long']],
+    'MappedFileHeader' : [ 0x74, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0x8c, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0x8d, ['unsigned char']],
+    'ModwriterActive' : [ 0x8e, ['unsigned char']],
+    'TransitionInserted' : [ 0x8f, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0x90, ['long']],
+    'LastMappedWriteError' : [ 0x94, ['long']],
+    'MappedFileWriteSucceeded' : [ 0x98, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0x9c, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xa0, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0xa4, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0xb4, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0xb8, ['unsigned long']],
+    'ModifiedPageWriterEvent' : [ 0xbc, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0xcc, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0xdc, ['long']],
+    'WriteAllMappedPages' : [ 0xe0, ['long']],
+    'MappedPageWriterEvent' : [ 0xe4, ['_KEVENT']],
+    'ModWriteData' : [ 0xf8, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x128, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x138, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x150, ['pointer', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x154, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x158, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x168, ['unsigned long']],
+    'ClusterRestrictionLock' : [ 0x16c, ['long']],
+    'ClusterRestrictions' : [ 0x170, ['array', 2, ['_MI_RESTRICTED_MODWRITES']]],
+    'NotifyStoreMemoryConditions' : [ 0x178, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x188, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x18c, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x190, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x194, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x1a8, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x1b0, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x1c0, ['long']],
+    'WorkingSetSwapLock' : [ 0x1c4, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x1c8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x4, ['long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x10, ['pointer', ['void']]],
+    'WhichOrderedElement' : [ 0x14, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x18, ['unsigned long']],
+    'DepthOfTree' : [ 0x1c, ['unsigned long']],
+    'RestartKey' : [ 0x20, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x24, ['unsigned long']],
+    'CompareRoutine' : [ 0x28, ['pointer', ['void']]],
+    'AllocateRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'FreeRoutine' : [ 0x30, ['pointer', ['void']]],
+    'TableContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_HAL_INTEL_ENLIGHTENMENT_INFORMATION' : [ 0xf8, {
+    'Enlightenments' : [ 0x0, ['unsigned long']],
+    'HypervisorConnected' : [ 0x4, ['unsigned long']],
+    'EndOfInterrupt' : [ 0x8, ['pointer', ['void']]],
+    'ApicWriteIcr' : [ 0xc, ['pointer', ['void']]],
+    'Reserved0' : [ 0x10, ['unsigned long']],
+    'SpinCountMask' : [ 0x14, ['unsigned long']],
+    'LongSpinWait' : [ 0x18, ['pointer', ['void']]],
+    'GetReferenceTime' : [ 0x1c, ['pointer', ['void']]],
+    'SetSystemSleepProperty' : [ 0x20, ['pointer', ['void']]],
+    'EnterSleepState' : [ 0x24, ['pointer', ['void']]],
+    'NotifyDebugDeviceAvailable' : [ 0x28, ['pointer', ['void']]],
+    'MapDeviceInterrupt' : [ 0x2c, ['pointer', ['void']]],
+    'UnmapDeviceInterrupt' : [ 0x30, ['pointer', ['void']]],
+    'RetargetDeviceInterrupt' : [ 0x34, ['pointer', ['void']]],
+    'SetHpetConfig' : [ 0x38, ['pointer', ['void']]],
+    'NotifyHpetEnabled' : [ 0x3c, ['pointer', ['void']]],
+    'QueryAssociatedProcessors' : [ 0x40, ['pointer', ['void']]],
+    'ReadMultipleMsr' : [ 0x44, ['pointer', ['void']]],
+    'WriteMultipleMsr' : [ 0x48, ['pointer', ['void']]],
+    'ReadCpuid' : [ 0x4c, ['pointer', ['void']]],
+    'LpWritebackInvalidate' : [ 0x50, ['pointer', ['void']]],
+    'GetMachineCheckContext' : [ 0x54, ['pointer', ['void']]],
+    'SuspendPartition' : [ 0x58, ['pointer', ['void']]],
+    'ResumePartition' : [ 0x5c, ['pointer', ['void']]],
+    'SetSystemMachineCheckProperty' : [ 0x60, ['pointer', ['void']]],
+    'WheaErrorNotification' : [ 0x64, ['pointer', ['void']]],
+    'GetProcessorIndexFromVpIndex' : [ 0x68, ['pointer', ['void']]],
+    'SyntheticClusterIpi' : [ 0x6c, ['pointer', ['void']]],
+    'VpStartEnabled' : [ 0x70, ['pointer', ['void']]],
+    'StartVirtualProcessor' : [ 0x74, ['pointer', ['void']]],
+    'GetVpIndexFromApicId' : [ 0x78, ['pointer', ['void']]],
+    'IumAccessPciDevice' : [ 0x7c, ['pointer', ['void']]],
+    'IumEfiRuntimeService' : [ 0x80, ['pointer', ['void']]],
+    'SvmGetSystemCapabilities' : [ 0x84, ['pointer', ['void']]],
+    'SvmGetDeviceCapabilities' : [ 0x88, ['pointer', ['void']]],
+    'SvmCreatePasidSpace' : [ 0x8c, ['pointer', ['void']]],
+    'SvmSetPasidAddressSpace' : [ 0x90, ['pointer', ['void']]],
+    'SvmFlushPasid' : [ 0x94, ['pointer', ['void']]],
+    'SvmAttachPasidSpace' : [ 0x98, ['pointer', ['void']]],
+    'SvmDetachPasidSpace' : [ 0x9c, ['pointer', ['void']]],
+    'SvmEnablePasid' : [ 0xa0, ['pointer', ['void']]],
+    'SvmDisablePasid' : [ 0xa4, ['pointer', ['void']]],
+    'SvmAcknowledgePageRequest' : [ 0xa8, ['pointer', ['void']]],
+    'SvmCreatePrQueue' : [ 0xac, ['pointer', ['void']]],
+    'SvmDeletePrQueue' : [ 0xb0, ['pointer', ['void']]],
+    'SvmClearPrqStalled' : [ 0xb4, ['pointer', ['void']]],
+    'SvmSetDeviceEnabled' : [ 0xb8, ['pointer', ['void']]],
+    'HvDebuggerPowerHandler' : [ 0xbc, ['pointer', ['void']]],
+    'SetQpcBias' : [ 0xc0, ['pointer', ['void']]],
+    'GetQpcBias' : [ 0xc4, ['pointer', ['void']]],
+    'RegisterDeviceId' : [ 0xc8, ['pointer', ['void']]],
+    'UnregisterDeviceId' : [ 0xcc, ['pointer', ['void']]],
+    'AllocateDeviceDomain' : [ 0xd0, ['pointer', ['void']]],
+    'AttachDeviceDomain' : [ 0xd4, ['pointer', ['void']]],
+    'DetachDeviceDomain' : [ 0xd8, ['pointer', ['void']]],
+    'DeleteDeviceDomain' : [ 0xdc, ['pointer', ['void']]],
+    'MapDeviceLogicalRange' : [ 0xe0, ['pointer', ['void']]],
+    'UnmapDeviceLogicalRange' : [ 0xe4, ['pointer', ['void']]],
+    'MapDeviceSparsePages' : [ 0xe8, ['pointer', ['void']]],
+    'UnmapDeviceSparsePages' : [ 0xec, ['pointer', ['void']]],
+    'GetDmaGuardEnabled' : [ 0xf0, ['pointer', ['void']]],
+    'UpdateMicrocode' : [ 0xf4, ['pointer', ['void']]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x4, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x8, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+    'ContentionCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x1c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x1e, ['unsigned short']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0x78, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['unsigned char']],
+    'DripsRequiredState' : [ 0x8, ['unsigned long']],
+    'Level' : [ 0xc, ['long']],
+    'ActiveStamp' : [ 0x10, ['long long']],
+    'CsActiveTime' : [ 0x18, ['unsigned long long']],
+    'CriticalActiveTime' : [ 0x20, ['long long']],
+    'CriticalActiveTimeBuckets' : [ 0x28, ['array', 5, ['unsigned long long']]],
+    'CsActiveTimeBuckets' : [ 0x50, ['array', 5, ['unsigned long long']]],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_DOMAIN_CONFIGURATION' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DomainConfigurationArm64', 1: u'DomainConfigurationInvalid'})]],
+    'Arm64' : [ 0x8, ['_DOMAIN_CONFIGURATION_ARM64']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x38, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x30, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MI_FREE_LARGE_PAGE_LIST' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_RFG_PROTECTED_STACK' : [ 0xc, {
+    'ControlStackBase' : [ 0x0, ['pointer', ['void']]],
+    'ControlStackVad' : [ 0x4, ['pointer', ['_MMVAD_SHORT']]],
+    'OwnerThread' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x110, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x14, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x30, ['pointer', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x34, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x3c, ['long']],
+    'ActiveEvent' : [ 0x40, ['_KEVENT']],
+    'IdleLock' : [ 0x50, ['unsigned long']],
+    'IdleConditionComplete' : [ 0x54, ['long']],
+    'IdleStateComplete' : [ 0x58, ['long']],
+    'IdleStamp' : [ 0x60, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x68, ['unsigned long']],
+    'IdleStateCount' : [ 0x6c, ['unsigned long']],
+    'IdleStates' : [ 0x70, ['pointer', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0x74, ['unsigned long']],
+    'ProviderCount' : [ 0x78, ['unsigned long']],
+    'Providers' : [ 0x7c, ['pointer', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0x80, ['unsigned long']],
+    'DependentCount' : [ 0x84, ['unsigned long']],
+    'Dependents' : [ 0x88, ['pointer', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0x90, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0x108, ['pointer', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 8, ['_M128A']]],
+    'Reserved4' : [ 0x120, ['array', 224, ['unsigned char']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Reserved2' : [ 0x14, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer', ['void']]],
+    'Reserved3' : [ 0x1c, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x18, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '__unnamed_2c39' : [ 0xc, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Arm' : [ 0x0, ['_ARM_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0xc8, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OsLoaderSecurityVersion' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'EarlyLaunchListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'CoreDriverListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'CoreExtensionsDriverListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'TpmCoreDriverListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x48, ['unsigned long']],
+    'Prcb' : [ 0x4c, ['unsigned long']],
+    'Process' : [ 0x50, ['unsigned long']],
+    'Thread' : [ 0x54, ['unsigned long']],
+    'KernelStackSize' : [ 0x58, ['unsigned long']],
+    'RegistryLength' : [ 0x5c, ['unsigned long']],
+    'RegistryBase' : [ 0x60, ['pointer', ['void']]],
+    'ConfigurationRoot' : [ 0x64, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0x68, ['pointer', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0x6c, ['pointer', ['unsigned char']]],
+    'NtBootPathName' : [ 0x70, ['pointer', ['unsigned char']]],
+    'NtHalPathName' : [ 0x74, ['pointer', ['unsigned char']]],
+    'LoadOptions' : [ 0x78, ['pointer', ['unsigned char']]],
+    'NlsData' : [ 0x7c, ['pointer', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0x80, ['pointer', ['_ARC_DISK_INFORMATION']]],
+    'Extension' : [ 0x84, ['pointer', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0x88, ['__unnamed_2c39']],
+    'FirmwareInformation' : [ 0x94, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+    'OsBootstatPathName' : [ 0xbc, ['pointer', ['unsigned char']]],
+    'ArcOSDataDeviceName' : [ 0xc0, ['pointer', ['unsigned char']]],
+    'ArcWindowsSysPartName' : [ 0xc4, ['pointer', ['unsigned char']]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x8, {
+    'Stream' : [ 0x0, ['pointer', ['void']]],
+    'Detail' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2c41' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_2c41']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x8, ['unsigned char']],
+    'Disowned' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0xa, ['unsigned char']],
+    'IsWaiting' : [ 0xb, ['unsigned char']],
+    'LockAddress' : [ 0xc, ['pointer', ['void']]],
+    'ThreadAddress' : [ 0x10, ['pointer', ['void']]],
+    'SublistHead' : [ 0x14, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0x4f0, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolSListMaximum' : [ 0x4, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x10, ['unsigned long']],
+    'BadPoolHead' : [ 0x14, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x18, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x1c, ['unsigned char']],
+    'PoolFailures' : [ 0x20, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x44, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x70, ['unsigned long']],
+    'HighPagedPoolThreshold' : [ 0x74, ['unsigned long']],
+    'SpecialPoolPdesMax' : [ 0x78, ['long']],
+    'NonPagedPoolNodes' : [ 0x7c, ['array', 1024, ['unsigned char']]],
+    'PagedPoolSListMaximum' : [ 0x47c, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x480, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0x490, ['unsigned long']],
+    'SpecialPoolRejected' : [ 0x494, ['array', 6, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0x4ac, ['unsigned long']],
+    'SpecialPoolPdes' : [ 0x4b0, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0x4b4, ['unsigned long']],
+    'PermittedFaultsLock' : [ 0x4b8, ['long']],
+    'PermittedFaultsTree' : [ 0x4bc, ['_RTL_AVL_TREE']],
+    'PermittedFaultsInitialNode' : [ 0x4c0, ['array', 2, ['_MI_ACCESS_VIOLATION_RANGE']]],
+    'TotalPagedPoolQuota' : [ 0x4e8, ['unsigned long']],
+    'TotalNonPagedPoolQuota' : [ 0x4ec, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x30, {
+    'TransferAddress' : [ 0x0, ['pointer', ['void']]],
+    'ZeroBits' : [ 0x4, ['unsigned long']],
+    'MaximumStackSize' : [ 0x8, ['unsigned long']],
+    'CommittedStackSize' : [ 0xc, ['unsigned long']],
+    'SubSystemType' : [ 0x10, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x14, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x16, ['unsigned short']],
+    'SubSystemVersion' : [ 0x14, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x18, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x1a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x18, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x1c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x1e, ['unsigned short']],
+    'Machine' : [ 0x20, ['unsigned short']],
+    'ImageContainsCode' : [ 0x22, ['unsigned char']],
+    'ImageFlags' : [ 0x23, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x23, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x23, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x23, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x23, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x23, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x23, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x23, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x24, ['unsigned long']],
+    'ImageFileSize' : [ 0x28, ['unsigned long']],
+    'CheckSum' : [ 0x2c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x1c, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'ConnectLock' : [ 0x4, ['_KEVENT']],
+    'LineMasked' : [ 0x14, ['unsigned char']],
+    'InterruptList' : [ 0x18, ['pointer', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0xc, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x4, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '__unnamed_2c5b' : [ 0x4, {
+    'PageAlignLargeAllocs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_RTL_HP_VS_CONFIG' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_2c5b']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x4, ['pointer', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0xe0, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaLastRangeIndex' : [ 0x4, ['unsigned long']],
+    'NumaTableCaptured' : [ 0x8, ['unsigned char']],
+    'NodeShift' : [ 0x9, ['unsigned char']],
+    'ChannelShift' : [ 0xa, ['unsigned char']],
+    'NodeGraph' : [ 0xc, ['pointer', ['unsigned short']]],
+    'SystemNodeInformation' : [ 0x10, ['pointer', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaMemoryRanges' : [ 0x14, ['pointer', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x18, ['pointer', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'SecondLevelCacheSize' : [ 0x1c, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x20, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x24, ['unsigned long']],
+    'TotalPagesAllowed' : [ 0x28, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x2c, ['unsigned long']],
+    'SecondaryColors' : [ 0x30, ['unsigned long']],
+    'LargePageColors' : [ 0x34, ['array', 2, ['unsigned long']]],
+    'FlushTbForAttributeChange' : [ 0x3c, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x40, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x44, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x48, ['unsigned long']],
+    'FlushTbThreshold' : [ 0x4c, ['unsigned long']],
+    'OptimalZeroingAttribute' : [ 0x50, ['array', 4, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'MiNonCached', 1: u'MiCached', 2: u'MiWriteCombined', 3: u'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0x90, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x98, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'HighestPossiblePhysicalPage' : [ 0xb8, ['unsigned long']],
+    'EnclaveRegions' : [ 0xbc, ['_RTL_AVL_TREE']],
+    'EnclaveMetadataPage' : [ 0xc0, ['pointer', ['void']]],
+    'EnclaveMetadataBitMap' : [ 0xc4, ['pointer', ['_RTL_BITMAP']]],
+    'EnclaveMetadataEntryLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'EnclaveMetadataPageLock' : [ 0xcc, ['long']],
+    'VsmKernelPageCount' : [ 0xd0, ['unsigned long']],
+    'ColorCount' : [ 0xd4, ['array', 2, ['unsigned long']]],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x18, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0xc, ['unsigned char']],
+    'BlocksDrips' : [ 0xd, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x10, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x14, ['pointer', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_EX_PARTITION' : [ 0x10, {
+    'PartitionObject' : [ 0x0, ['pointer', ['_EPARTITION']]],
+    'WorkQueues' : [ 0x4, ['pointer', ['pointer', ['pointer', ['_EX_WORK_QUEUE']]]]],
+    'WorkQueueManagers' : [ 0x8, ['pointer', ['pointer', ['_EX_WORK_QUEUE_MANAGER']]]],
+    'QueueAllocationMask' : [ 0xc, ['long']],
+} ],
+  '__unnamed_2c7b' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2c7b']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x8c, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x80, ['unsigned long']],
+    'NumberOfEntries' : [ 0x84, ['unsigned long']],
+    'NumberOfEntriesPeak' : [ 0x88, ['unsigned long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xb0, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x28, ['unsigned long']],
+    'ProbeRaises' : [ 0x2c, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x70, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x78, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x7c, ['unsigned long']],
+    'CheckZeroCount' : [ 0x80, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x84, ['long']],
+    'BadPagesDetected' : [ 0x88, ['long']],
+    'ScrubPasses' : [ 0x8c, ['long']],
+    'ScrubBadPagesFound' : [ 0x90, ['long']],
+    'UserViewFailures' : [ 0x94, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0x98, ['unsigned long']],
+    'UserAllocateFailures' : [ 0x9c, ['unsigned long']],
+    'UserAllocateCollisionFailures' : [ 0xa0, ['unsigned long']],
+    'ResavailFailures' : [ 0xa4, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xac, ['unsigned char']],
+    'InitFailure' : [ 0xad, ['unsigned char']],
+    'StopBadMaps' : [ 0xae, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x1d8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x8, ['pointer', ['_KPRCB']]],
+    'Members' : [ 0xc, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0x18, ['unsigned long']],
+    'ProcessorCount' : [ 0x1c, ['unsigned long']],
+    'EfficiencyClass' : [ 0x20, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0x21, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0x22, ['unsigned char']],
+    'Spare' : [ 0x23, ['unsigned char']],
+    'Processors' : [ 0x24, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0x28, ['pointer', ['void']]],
+    'TimeWindowHandler' : [ 0x2c, ['pointer', ['void']]],
+    'BoostPolicyHandler' : [ 0x30, ['pointer', ['void']]],
+    'BoostModeHandler' : [ 0x34, ['pointer', ['void']]],
+    'EnergyPerfPreferenceHandler' : [ 0x38, ['pointer', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x3c, ['pointer', ['void']]],
+    'AutonomousModeHandler' : [ 0x40, ['pointer', ['void']]],
+    'ReinitializeHandler' : [ 0x44, ['pointer', ['void']]],
+    'PerfSelectionHandler' : [ 0x48, ['pointer', ['void']]],
+    'PerfControlHandler' : [ 0x4c, ['pointer', ['void']]],
+    'DomainPerfControlHandler' : [ 0x50, ['pointer', ['void']]],
+    'MaxFrequency' : [ 0x54, ['unsigned long']],
+    'NominalFrequency' : [ 0x58, ['unsigned long']],
+    'MaxPercent' : [ 0x5c, ['unsigned long']],
+    'MinPerfPercent' : [ 0x60, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x64, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x68, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x70, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x78, ['unsigned char']],
+    'Coordination' : [ 0x79, ['unsigned char']],
+    'HardPlatformCap' : [ 0x7a, ['unsigned char']],
+    'AffinitizeControl' : [ 0x7b, ['unsigned char']],
+    'EfficientThrottle' : [ 0x7c, ['unsigned char']],
+    'AllowSchedulerDirectedPerfStates' : [ 0x7d, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x7e, ['unsigned char']],
+    'AutonomousMode' : [ 0x7f, ['unsigned char']],
+    'ProvideGuidance' : [ 0x80, ['unsigned char']],
+    'DesiredPercent' : [ 0x84, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x88, ['unsigned long']],
+    'QosPolicies' : [ 0x8c, ['array', 4, ['_PROC_PERF_QOS_CLASS_POLICY']]],
+    'QosDisableReasons' : [ 0xfc, ['array', 4, ['unsigned long']]],
+    'QosEquivalencyMasks' : [ 0x10c, ['array', 4, ['unsigned long']]],
+    'QosSupported' : [ 0x11c, ['unsigned char']],
+    'SelectionGeneration' : [ 0x120, ['unsigned long']],
+    'QosSelection' : [ 0x128, ['array', 4, ['_PERF_CONTROL_STATE_SELECTION']]],
+    'PerfChangeTime' : [ 0x1c8, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x1d0, ['unsigned long']],
+    'Force' : [ 0x1d4, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x40, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x4, ['unsigned long']],
+    'DummyPagePfn' : [ 0x8, ['pointer', ['_MMPFN']]],
+    'DummyPage' : [ 0xc, ['unsigned long']],
+    'PageOfZeroes' : [ 0x10, ['unsigned long']],
+    'ZeroMapping' : [ 0x14, ['pointer', ['void']]],
+    'OnesMapping' : [ 0x18, ['pointer', ['void']]],
+    'ZeroCrc' : [ 0x20, ['unsigned long long']],
+    'OnesCrc' : [ 0x28, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x30, ['array', 2, ['unsigned long']]],
+    'PfnGapFrames' : [ 0x38, ['array', 2, ['unsigned long']]],
+} ],
+  '_HAL_HV_DMA_DOMAIN_INFO' : [ 0x8, {
+    'DomainId' : [ 0x0, ['unsigned long']],
+    'IsStage1' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x10, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0xc, ['unsigned char']],
+    'Reserved' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x8, {
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+} ],
+  '_SUPPORTED_RANGES' : [ 0xa0, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Sorted' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'NoIO' : [ 0x4, ['unsigned long']],
+    'IO' : [ 0x8, ['_SUPPORTED_RANGE']],
+    'NoMemory' : [ 0x28, ['unsigned long']],
+    'Memory' : [ 0x30, ['_SUPPORTED_RANGE']],
+    'NoPrefetchMemory' : [ 0x50, ['unsigned long']],
+    'PrefetchMemory' : [ 0x58, ['_SUPPORTED_RANGE']],
+    'NoDma' : [ 0x78, ['unsigned long']],
+    'Dma' : [ 0x80, ['_SUPPORTED_RANGE']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DEVICE_OBJECT_LIST' : [ 0x20, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'TagCount' : [ 0x8, ['unsigned long']],
+    'OperationCode' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+    'Devices' : [ 0x10, ['array', 1, ['_DEVICE_OBJECT_LIST_ENTRY']]],
+} ],
+  '_DEBUG_TRANSPORT_DATA' : [ 0x8, {
+    'HwContextSize' : [ 0x0, ['unsigned long']],
+    'UseSerialFraming' : [ 0x4, ['unsigned char']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_HAL_HV_SVM_DEVICE_CAPABILITIES' : [ 0xc, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PciExecute' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 31, native_type='unsigned long')]],
+    'OverflowPossible' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'PasidCount' : [ 0x4, ['unsigned long']],
+    'IommuIndex' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x48, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x1c, ['pointer', ['void']]],
+    'Enabled' : [ 0x20, ['unsigned char']],
+    'ActiveEngaged' : [ 0x21, ['unsigned char']],
+    'ThrottleLimit' : [ 0x22, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x23, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x24, ['pointer', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x28, ['pointer', ['_KEVENT']]],
+    'Interface' : [ 0x2c, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '__unnamed_2cc2' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x54, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x4, ['__unnamed_2cc2']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x14, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x10, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x8, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'AllocatorBackTraceIndex' : [ 0x4, ['unsigned short']],
+    'PoolTagHash' : [ 0x6, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x144, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+    'UserPresencePredictionEnabled' : [ 0x140, ['unsigned long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_2cd5' : [ 0x4, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2cd5']],
+    'EndVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_HAL_IOMMU_DISPATCH' : [ 0x4c, {
+    'HalIommuSupportEnabled' : [ 0x0, ['pointer', ['void']]],
+    'HalIommuGetConfiguration' : [ 0x4, ['pointer', ['void']]],
+    'HalIommuGetLibraryContext' : [ 0x8, ['pointer', ['void']]],
+    'HalIommuMapDevice' : [ 0xc, ['pointer', ['void']]],
+    'HalIommuEnableDevicePasid' : [ 0x10, ['pointer', ['void']]],
+    'HalIommuSetAddressSpace' : [ 0x14, ['pointer', ['void']]],
+    'HalIommuDisableDevicePasid' : [ 0x18, ['pointer', ['void']]],
+    'HalIommuUnmapDevice' : [ 0x1c, ['pointer', ['void']]],
+    'HalIommuFreeLibraryContext' : [ 0x20, ['pointer', ['void']]],
+    'HalIommuFlushTb' : [ 0x24, ['pointer', ['void']]],
+    'HalIommuFlushAllPasid' : [ 0x28, ['pointer', ['void']]],
+    'HalIommuProcessPageRequestQueue' : [ 0x2c, ['pointer', ['void']]],
+    'HalIommuFaultRoutine' : [ 0x30, ['pointer', ['void']]],
+    'HalIommuReferenceAsid' : [ 0x34, ['pointer', ['void']]],
+    'HalIommuDereferenceAsid' : [ 0x38, ['pointer', ['void']]],
+    'HalIommuServicePageFault' : [ 0x3c, ['pointer', ['void']]],
+    'HalIommuDevicePowerChange' : [ 0x40, ['pointer', ['void']]],
+    'HalIommuBeginDeviceReset' : [ 0x44, ['pointer', ['void']]],
+    'HalIommuFinalizeDeviceReset' : [ 0x48, ['pointer', ['void']]],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Timer' : [ 0x8, ['_KTIMER']],
+    'Dpc' : [ 0x30, ['_KDPC']],
+    'WorkOrder' : [ 0x50, ['pointer', ['_POP_FX_WORK_ORDER']]],
+    'CurrentWorkInfo' : [ 0x54, ['pointer', ['_PEP_WORK_INFORMATION']]],
+    'WatchdogStart' : [ 0x58, ['unsigned long long']],
+    'WorkerThread' : [ 0x60, ['pointer', ['_KTHREAD']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ArbiterHandler' : [ 0x10, ['pointer', ['void']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2d05' : [ 0x10, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x10, {
+    'Parameters' : [ 0x0, ['__unnamed_2d05']],
+} ],
+  '__unnamed_2d09' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2d0d' : [ 0x14, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2d0f' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2d11' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2d13' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_2d15' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2d17' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d19' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2d1b' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2d1d' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2d1f' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d21' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_2d09']],
+    'Memory' : [ 0x0, ['__unnamed_2d09']],
+    'Interrupt' : [ 0x0, ['__unnamed_2d0d']],
+    'Dma' : [ 0x0, ['__unnamed_2d0f']],
+    'DmaV3' : [ 0x0, ['__unnamed_2d11']],
+    'Generic' : [ 0x0, ['__unnamed_2d09']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2d13']],
+    'BusNumber' : [ 0x0, ['__unnamed_2d15']],
+    'ConfigData' : [ 0x0, ['__unnamed_2d17']],
+    'Memory40' : [ 0x0, ['__unnamed_2d19']],
+    'Memory48' : [ 0x0, ['__unnamed_2d1b']],
+    'Memory64' : [ 0x0, ['__unnamed_2d1d']],
+    'Connection' : [ 0x0, ['__unnamed_2d1f']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_2d21']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x28, {
+    'DriverObject' : [ 0x0, ['pointer', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x4, ['pointer', ['void']]],
+    'Count' : [ 0x8, ['unsigned long']],
+    'ServiceKeyName' : [ 0xc, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x14, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x18, ['pointer', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x1c, ['pointer', ['void']]],
+    'DvCallbacks' : [ 0x20, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'Traits' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x8, ['pointer', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0xc, ['pointer', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x10, ['pointer', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x14, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned short']],
+    'ReplyIndex' : [ 0x1a, ['unsigned short']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x58, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '__unnamed_2d3e' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_2d40' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_2d3e']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_2d40']],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x4, {
+    'ReserveDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '__unnamed_2d4a' : [ 0x8, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x8, ['__unnamed_2d4a']],
+    'Irp' : [ 0x10, ['pointer', ['_IRP']]],
+    'u1' : [ 0x14, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x18, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x1c, ['_KAPC']],
+    'ByteCount' : [ 0x4c, ['unsigned long']],
+    'ChargedPages' : [ 0x50, ['unsigned long']],
+    'PagingFile' : [ 0x54, ['pointer', ['_MMPAGING_FILE']]],
+    'File' : [ 0x58, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x5c, ['pointer', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x60, ['pointer', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'Partition' : [ 0x78, ['pointer', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0x7c, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x80, ['_MDL']],
+    'Page' : [ 0x9c, ['array', 1, ['unsigned long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0x50, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x10, ['unsigned char']],
+    'IrpOplocksR' : [ 0x14, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x1c, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x24, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x2c, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x34, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x3c, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x44, ['pointer', ['_GUID']]],
+    'OplockState' : [ 0x48, ['unsigned long']],
+    'FastMutex' : [ 0x4c, ['pointer', ['_FAST_MUTEX']]],
+} ],
+  '_HAL_HV_SVM_SYSTEM_CAPABILITIES' : [ 0x18, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GpaAlwaysValid' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MaxPasidSpaceCount' : [ 0x4, ['unsigned long']],
+    'MaxPasidSpacePasidCount' : [ 0x8, ['unsigned long']],
+    'MaxPrqSize' : [ 0xc, ['unsigned long']],
+    'IommuCount' : [ 0x10, ['unsigned long']],
+    'MinIommuPasidCount' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2d55' : [ 0x8, {
+    'UserData' : [ 0x0, ['pointer', ['void']]],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_2d56' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2d55']],
+    'Merged' : [ 0x10, ['__unnamed_2d56']],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'PublicFlags' : [ 0x19, ['unsigned char']],
+    'PrivateFlags' : [ 0x1a, ['unsigned short']],
+    'ListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2d5a' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d5c' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d5e' : [ 0xc, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d60' : [ 0xc, {
+    'Raw' : [ 0x0, ['__unnamed_2d5e']],
+    'Translated' : [ 0x0, ['__unnamed_2d5c']],
+} ],
+  '__unnamed_2d62' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d64' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_2d66' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d68' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d6a' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d6c' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d6e' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d70' : [ 0xc, {
+    'Generic' : [ 0x0, ['__unnamed_2d5a']],
+    'Port' : [ 0x0, ['__unnamed_2d5a']],
+    'Interrupt' : [ 0x0, ['__unnamed_2d5c']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2d60']],
+    'Memory' : [ 0x0, ['__unnamed_2d5a']],
+    'Dma' : [ 0x0, ['__unnamed_2d62']],
+    'DmaV3' : [ 0x0, ['__unnamed_2d64']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2d13']],
+    'BusNumber' : [ 0x0, ['__unnamed_2d66']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_2d68']],
+    'Memory40' : [ 0x0, ['__unnamed_2d6a']],
+    'Memory48' : [ 0x0, ['__unnamed_2d6c']],
+    'Memory64' : [ 0x0, ['__unnamed_2d6e']],
+    'Connection' : [ 0x0, ['__unnamed_2d1f']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2d70']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x40, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0xa80, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x40, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x4c, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x68, ['unsigned long']],
+    'SizeOfPagedPoolInPages' : [ 0x6c, ['unsigned long']],
+    'SystemPteInfo' : [ 0x70, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0xa4, ['unsigned long']],
+    'SmallNonPagedPtesCommit' : [ 0xa8, ['unsigned long']],
+    'BootCommit' : [ 0xac, ['unsigned long']],
+    'MdlPagesAllocated' : [ 0xb0, ['unsigned long']],
+    'SystemPageTableCommit' : [ 0xb4, ['unsigned long']],
+    'SpecialPagesInUse' : [ 0xb8, ['unsigned long']],
+    'ProcessCommit' : [ 0xbc, ['unsigned long']],
+    'DriverCommit' : [ 0xc0, ['long']],
+    'PfnDatabaseCommit' : [ 0xc4, ['unsigned long']],
+    'SystemWs' : [ 0x100, ['array', 6, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x480, ['_MMSUPPORT_SHARED']],
+    'MapCacheFailures' : [ 0x4ac, ['unsigned long']],
+    'PagefileHashPages' : [ 0x4b0, ['unsigned long']],
+    'PteHeader' : [ 0x4b4, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x540, ['pointer', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x544, ['array', 16, ['unsigned long']]],
+    'SystemVaType' : [ 0x584, ['array', 1024, ['unsigned char']]],
+    'SystemVaTypeCountFailures' : [ 0x984, ['array', 16, ['unsigned long']]],
+    'SystemVaTypeCountLimit' : [ 0x9c4, ['array', 16, ['unsigned long']]],
+    'SystemVaTypeCountPeak' : [ 0xa04, ['array', 16, ['unsigned long']]],
+    'SystemAvailableVa' : [ 0xa44, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0x54, {
+    'Cr0' : [ 0x0, ['unsigned long']],
+    'Cr2' : [ 0x4, ['unsigned long']],
+    'Cr3' : [ 0x8, ['unsigned long']],
+    'Cr4' : [ 0xc, ['unsigned long']],
+    'KernelDr0' : [ 0x10, ['unsigned long']],
+    'KernelDr1' : [ 0x14, ['unsigned long']],
+    'KernelDr2' : [ 0x18, ['unsigned long']],
+    'KernelDr3' : [ 0x1c, ['unsigned long']],
+    'KernelDr6' : [ 0x20, ['unsigned long']],
+    'KernelDr7' : [ 0x24, ['unsigned long']],
+    'Gdtr' : [ 0x28, ['_DESCRIPTOR']],
+    'Idtr' : [ 0x30, ['_DESCRIPTOR']],
+    'Tr' : [ 0x38, ['unsigned short']],
+    'Ldtr' : [ 0x3a, ['unsigned short']],
+    'Xcr0' : [ 0x3c, ['unsigned long long']],
+    'ExceptionList' : [ 0x44, ['unsigned long']],
+    'Reserved' : [ 0x48, ['array', 3, ['unsigned long']]],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x8, ['pointer', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x14, ['pointer', ['_ETHREAD']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'AtomicLinks' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x54, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x28, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x34, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x3c, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x40, ['unsigned long']],
+    'ProtosNode' : [ 0x44, ['_MI_PROTOTYPE_PTES_NODE']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x118, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastPerfCheckSnap' : [ 0x18, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x68, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xb8, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x108, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x10c, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x110, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x112, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x113, ['unsigned char']],
+} ],
+  '_MI_HARD_FAULT_STATE' : [ 0x8, {
+    'SwapPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'StoreFlags' : [ 0x4, ['_MI_STORE_INPAGE_COMPLETE_FLAGS']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x108, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x14, ['pointer', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x18, ['pointer', ['_KSEMAPHORE']]],
+    'Order' : [ 0x1c, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0xf0, ['_LIST_ENTRY']],
+    'Status' : [ 0xf8, ['long']],
+    'FailedDevice' : [ 0xfc, ['pointer', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x100, ['unsigned char']],
+    'Cancelled' : [ 0x101, ['unsigned char']],
+    'IgnoreErrors' : [ 0x102, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x103, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x104, ['unsigned char']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x4c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['unsigned long']],
+    'SamplingPeriod' : [ 0x10, ['unsigned long']],
+    'CurrentTemperature' : [ 0x14, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x60, {
+    'FileName' : [ 0x0, ['pointer', ['wchar']]],
+    'BaseName' : [ 0x4, ['pointer', ['wchar']]],
+    'RegRootName' : [ 0x8, ['pointer', ['wchar']]],
+    'CmHive' : [ 0xc, ['pointer', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x10, ['unsigned long']],
+    'CmHiveFlags' : [ 0x14, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x18, ['unsigned long']],
+    'CmHive2' : [ 0x1c, ['pointer', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x20, ['unsigned char']],
+    'ThreadFinished' : [ 0x21, ['unsigned char']],
+    'ThreadStarted' : [ 0x22, ['unsigned char']],
+    'Allocate' : [ 0x23, ['unsigned char']],
+    'WinPERequired' : [ 0x24, ['unsigned char']],
+    'StartEvent' : [ 0x28, ['_KEVENT']],
+    'FinishedEvent' : [ 0x38, ['_KEVENT']],
+    'MountLock' : [ 0x48, ['_KEVENT']],
+    'FilePath' : [ 0x58, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0xd4, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x4, ['pointer', ['pointer', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x8, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+    'Flags' : [ 0xd0, ['unsigned long']],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'HitCount' : [ 0x10, ['unsigned long long']],
+    'LastActivationTime' : [ 0x18, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x20, ['unsigned long long']],
+    'CsActivationTime' : [ 0x28, ['unsigned long long']],
+    'CsActiveTime' : [ 0x30, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x28, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HAL_CLOCK_TIMER_CONFIGURATION' : [ 0x20, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'AlwaysOnTimer' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'HighLatency' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PerCpuTimer' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DynamicTickSupported' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'KnownType' : [ 0x4, ['unsigned long']],
+    'Capabilities' : [ 0x8, ['unsigned long']],
+    'MaxIncrement' : [ 0x10, ['unsigned long long']],
+    'MinIncrement' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_DEBUGID_TRACKING_ENTRY' : [ 0x2c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x8, ['unsigned char']],
+    'Spare' : [ 0x9, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0xc, ['unsigned long']],
+    'DebugId' : [ 0x10, ['_CVDD']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_2db9' : [ 0x4, {
+    'Anchor' : [ 0x0, ['_MI_SYSTEM_REGION_ANCHOR']],
+    'EntireReference' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_REGION_REFERENCE' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_2db9']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x34, {
+    'Parent' : [ 0x0, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x4, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x8, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0xc, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x30, ['pointer', ['void']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x14, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'HashTable' : [ 0xc, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x2c, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ControlAreaDeleteListHead' : [ 0x14, ['_LIST_ENTRY']],
+    'UnusedSegmentDeleteListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'PagefileExtensionListHead' : [ 0x24, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2dd0' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x140, {
+    'FreeLargePages' : [ 0x0, ['array', 2, ['_MI_FREE_LARGE_PAGES']]],
+    'LargePageRebuildTimer' : [ 0x50, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'FreePageListHeadsBitmap' : [ 0x80, ['array', 2, ['_RTL_BITMAP']]],
+    'FreePageListHeadsBitmapBuffer' : [ 0x90, ['array', 16, ['unsigned long']]],
+    'FreeCount' : [ 0xd0, ['array', 2, ['unsigned long']]],
+    'TotalPages' : [ 0xd8, ['array', 1, ['unsigned long']]],
+    'TotalPagesEntireNode' : [ 0xdc, ['unsigned long']],
+    'MmShiftedColor' : [ 0xe0, ['unsigned long']],
+    'Color' : [ 0xe4, ['unsigned long']],
+    'ChannelFreeCount' : [ 0xe8, ['array', 1, ['array', 2, ['unsigned long']]]],
+    'Flags' : [ 0xf0, ['__unnamed_2dd0']],
+    'NodeLock' : [ 0xf4, ['_EX_PUSH_LOCK']],
+    'LargeListMoveInProgress' : [ 0xf8, ['unsigned char']],
+    'ChannelStatus' : [ 0xf9, ['unsigned char']],
+    'ChannelOrdering' : [ 0xfa, ['array', 1, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0xfb, ['array', 1, ['unsigned char']]],
+    'PowerAttribute' : [ 0xfc, ['array', 1, ['unsigned char']]],
+    'LargePageLock' : [ 0x100, ['unsigned long']],
+    'PageColorTable' : [ 0x104, ['_MI_PAGE_COLORS']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION' : [ 0xc0, {
+    'ValidBits' : [ 0x0, ['_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS']],
+    'ProcessorType' : [ 0x8, ['unsigned char']],
+    'InstructionSet' : [ 0x9, ['unsigned char']],
+    'ErrorType' : [ 0xa, ['unsigned char']],
+    'Operation' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned char']],
+    'Level' : [ 0xd, ['unsigned char']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'CPUVersion' : [ 0x10, ['unsigned long long']],
+    'CPUBrandString' : [ 0x18, ['array', 128, ['unsigned char']]],
+    'ProcessorId' : [ 0x98, ['unsigned long long']],
+    'TargetAddress' : [ 0xa0, ['unsigned long long']],
+    'RequesterId' : [ 0xa8, ['unsigned long long']],
+    'ResponderId' : [ 0xb0, ['unsigned long long']],
+    'InstructionPointer' : [ 0xb8, ['unsigned long long']],
+} ],
+  '_MI_HYPER_SPACE' : [ 0x2000, {
+    'VadBitmap' : [ 0x0, ['array', 6144, ['unsigned char']]],
+    'PaddingToPageBoundary' : [ 0x1800, ['array', 2048, ['unsigned char']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['long']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DeviceNode' : [ 0x1c, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x10, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x4, ['pointer', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x40, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0xc, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x1c, ['unsigned long']],
+    'AccessBufferList' : [ 0x20, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x28, ['long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x30, ['long']],
+} ],
+  '_DOMAIN_CONFIGURATION_ARM64' : [ 0x20, {
+    'Ttbr0' : [ 0x0, ['_LARGE_INTEGER']],
+    'Ttbr1' : [ 0x8, ['_LARGE_INTEGER']],
+    'Mair0' : [ 0x10, ['unsigned long']],
+    'Mair1' : [ 0x14, ['unsigned long']],
+    'InputSize0' : [ 0x18, ['unsigned char']],
+    'InputSize1' : [ 0x19, ['unsigned char']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x8, ['pointer', ['void']]],
+    'CallersCaller' : [ 0xc, ['pointer', ['void']]],
+    'CallCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0xc, {
+    'Previous' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x4, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x10, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0xb0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x8, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x20, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x38, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedPoolLowestPage' : [ 0x68, ['unsigned long']],
+    'NonPagedPoolHighestPage' : [ 0x6c, ['unsigned long']],
+    'AllocatedNonPagedPool' : [ 0x70, ['unsigned long']],
+    'PartialLargePoolRegions' : [ 0x74, ['unsigned long']],
+    'PagesInPartialLargePoolRegions' : [ 0x78, ['unsigned long']],
+    'CachedNonPagedPoolCount' : [ 0x7c, ['unsigned long']],
+    'NonPagedPoolSpinLock' : [ 0x80, ['unsigned long']],
+    'CachedNonPagedPool' : [ 0x84, ['pointer', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x88, ['pointer', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x8c, ['pointer', ['void']]],
+    'NonPagedBitMap' : [ 0x90, ['array', 3, ['_RTL_BITMAP']]],
+    'NonPagedHint' : [ 0xa8, ['array', 2, ['unsigned long']]],
+} ],
+  '_PROC_PERF_QOS_CLASS_POLICY' : [ 0x1c, {
+    'MaxPolicyPercent' : [ 0x0, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x4, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x8, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0xc, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x10, ['unsigned long']],
+    'ProvideGuidance' : [ 0x14, ['unsigned char']],
+    'AllowThrottling' : [ 0x15, ['unsigned char']],
+    'PerfBoostMode' : [ 0x16, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x17, ['unsigned char']],
+    'TrackDesiredCrossClass' : [ 0x18, ['unsigned char']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long']],
+    'BadPagesDetected' : [ 0x4, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x8, ['long']],
+    'ScrubPasses' : [ 0xc, ['long']],
+    'ScrubBadPagesFound' : [ 0x10, ['long']],
+    'PageHashErrors' : [ 0x14, ['unsigned long']],
+    'FeatureBits' : [ 0x18, ['unsigned long long']],
+    'TimeZoneId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x28, ['pointer', ['void']]],
+    'ExceptionChainTerminator' : [ 0x2c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'ExceptionChainTerminatorRecord' : [ 0x30, ['_EXCEPTION_REGISTRATION_RECORD']],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x10, {
+    'SharedExportThunks' : [ 0x0, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x4, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x8, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0xc, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x14, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x10, ['unsigned char']],
+    'RebuildActive' : [ 0x11, ['unsigned char']],
+    'NextPassDelta' : [ 0x12, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x13, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x40, {
+    'IoPfnLock' : [ 0x0, ['long']],
+    'IoPfnRoot' : [ 0x4, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x10, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x18, ['unsigned long']],
+    'IoCacheStats' : [ 0x1c, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x3c, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x2c, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x28, ['long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0xb68, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x14, ['pointer', ['void']]],
+    'EmInfFileSize' : [ 0x18, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x1c, ['pointer', ['void']]],
+    'HeadlessLoaderBlock' : [ 0x20, ['pointer', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x24, ['pointer', ['_SMBIOS3_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x28, ['pointer', ['void']]],
+    'DrvDBSize' : [ 0x2c, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x30, ['pointer', ['_NETWORK_LOADER_BLOCK']]],
+    'HalpIRQLToTPR' : [ 0x34, ['pointer', ['unsigned char']]],
+    'HalpVectorToIRQL' : [ 0x38, ['pointer', ['unsigned char']]],
+    'FirmwareDescriptorListHead' : [ 0x3c, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x44, ['pointer', ['void']]],
+    'AcpiTableSize' : [ 0x48, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x4c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x4c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x4c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x4c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x4c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardStrongCodeGuarantees' : [ 0x4c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SidSharingDisabled' : [ 0x4c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'TpmInitialized' : [ 0x4c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'VsmConfigured' : [ 0x4c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IumEnabled' : [ 0x4c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'IsSmbboot' : [ 0x4c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BootLogEnabled' : [ 0x4c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'FeatureSettings' : [ 0x4c, ['BitField', dict(start_bit = 12, end_bit = 19, native_type='unsigned long')]],
+    'FeatureSimulations' : [ 0x4c, ['BitField', dict(start_bit = 19, end_bit = 25, native_type='unsigned long')]],
+    'MicrocodeOptedOut' : [ 0x4c, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'XhciLegacyHandoffSkip' : [ 0x4c, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'Reserved' : [ 0x4c, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x50, ['pointer', ['_LOADER_PERFORMANCE_DATA']]],
+    'BootApplicationPersistentData' : [ 0x54, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0x5c, ['pointer', ['void']]],
+    'BootIdentifier' : [ 0x60, ['_GUID']],
+    'ResumePages' : [ 0x70, ['unsigned long']],
+    'DumpHeader' : [ 0x74, ['pointer', ['void']]],
+    'BgContext' : [ 0x78, ['pointer', ['void']]],
+    'NumaLocalityInfo' : [ 0x7c, ['pointer', ['void']]],
+    'NumaGroupAssignment' : [ 0x80, ['pointer', ['void']]],
+    'AttachedHives' : [ 0x84, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0x8c, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0x90, ['pointer', ['void']]],
+    'BootEntropyResult' : [ 0x98, ['_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0x830, ['unsigned long long']],
+    'HypervisorExtension' : [ 0x838, ['_LOADER_PARAMETER_HYPERVISOR_EXTENSION']],
+    'HardwareConfigurationId' : [ 0x870, ['_GUID']],
+    'HalExtensionModuleList' : [ 0x880, ['_LIST_ENTRY']],
+    'SystemTime' : [ 0x888, ['_LARGE_INTEGER']],
+    'TimeStampAtSystemTimeRead' : [ 0x890, ['unsigned long long']],
+    'BootFlags' : [ 0x898, ['unsigned long long']],
+    'DbgMenuOsSelection' : [ 0x898, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgHiberBoot' : [ 0x898, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgSoftRestart' : [ 0x898, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'InternalBootFlags' : [ 0x8a0, ['unsigned long long']],
+    'DbgUtcBootTime' : [ 0x8a0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgRtcBootTime' : [ 0x8a0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgNoLegacyServices' : [ 0x8a0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WfsFPData' : [ 0x8a8, ['pointer', ['void']]],
+    'WfsFPDataSize' : [ 0x8ac, ['unsigned long']],
+    'BugcheckParameters' : [ 0x8b0, ['_LOADER_BUGCHECK_PARAMETERS']],
+    'ApiSetSchema' : [ 0x8c4, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0x8c8, ['unsigned long']],
+    'ApiSetSchemaExtensions' : [ 0x8cc, ['_LIST_ENTRY']],
+    'AcpiBiosVersion' : [ 0x8d4, ['_UNICODE_STRING']],
+    'SmbiosVersion' : [ 0x8dc, ['_UNICODE_STRING']],
+    'EfiVersion' : [ 0x8e4, ['_UNICODE_STRING']],
+    'KdDebugDevice' : [ 0x8ec, ['pointer', ['_DEBUG_DEVICE_DESCRIPTOR']]],
+    'OfflineCrashdumpConfigurationTable' : [ 0x8f0, ['_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2']],
+    'ManufacturingProfile' : [ 0x910, ['_UNICODE_STRING']],
+    'BbtBuffer' : [ 0x918, ['pointer', ['void']]],
+    'XsaveAllowedFeatures' : [ 0x920, ['unsigned long long']],
+    'XsaveFlags' : [ 0x928, ['unsigned long']],
+    'BootOptions' : [ 0x92c, ['pointer', ['void']]],
+    'IumEnablement' : [ 0x930, ['unsigned long']],
+    'IumPolicy' : [ 0x934, ['unsigned long']],
+    'IumStatus' : [ 0x938, ['long']],
+    'BootId' : [ 0x93c, ['unsigned long']],
+    'CodeIntegrityData' : [ 0x940, ['pointer', ['_LOADER_PARAMETER_CI_EXTENSION']]],
+    'CodeIntegrityDataSize' : [ 0x944, ['unsigned long']],
+    'SystemHiveRecoveryInfo' : [ 0x948, ['_LOADER_HIVE_RECOVERY_INFO']],
+    'SoftRestartCount' : [ 0x95c, ['unsigned long']],
+    'SoftRestartTime' : [ 0x960, ['long long']],
+    'MajorRelease' : [ 0x968, ['unsigned long']],
+    'Reserved1' : [ 0x96c, ['unsigned long']],
+    'NtBuildLab' : [ 0x970, ['array', 224, ['unsigned char']]],
+    'NtBuildLabEx' : [ 0xa50, ['array', 224, ['unsigned char']]],
+    'ResetReason' : [ 0xb30, ['_LOADER_RESET_REASON']],
+    'MaxPciBusNumber' : [ 0xb60, ['unsigned long']],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0xc, {
+    'AnsiCodePageData' : [ 0x0, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x4, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x10, {
+    'CurrentCharges' : [ 0x0, ['unsigned long']],
+    'ChargeFailures' : [ 0x4, ['unsigned long']],
+    'ChargePeak' : [ 0x8, ['unsigned long']],
+    'ChargeMinimum' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2e2e' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x2c, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer', ['void']]],
+    'ProtosNode' : [ 0xc, ['_MI_PROTOTYPE_PTES_NODE']],
+    'NumberOfPtes' : [ 0x1c, ['unsigned long']],
+    'SessionId' : [ 0x20, ['unsigned long']],
+    'Subsection' : [ 0x20, ['pointer', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x24, ['pointer', ['_MMPTE']]],
+    'u2' : [ 0x28, ['__unnamed_2e2e']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x30, {
+    'PagesLoad' : [ 0x0, ['long']],
+    'PagesAverage' : [ 0x4, ['unsigned long']],
+    'AverageAvailablePages' : [ 0x8, ['unsigned long']],
+    'PagesWritten' : [ 0xc, ['unsigned long']],
+    'WritesIssued' : [ 0x10, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x14, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x18, ['unsigned long']],
+    'WriteBurstCount' : [ 0x1c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x20, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x28, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x2e, ['unsigned short']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_INFORMATION' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['_HAL_UNMASKED_INTERRUPT_FLAGS']],
+    'Mode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Gsiv' : [ 0x10, ['unsigned long']],
+    'PinNumber' : [ 0x14, ['unsigned short']],
+    'DeviceHandle' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_KTRANSACTION' : [ 0x1e0, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'Mutex' : [ 0x14, ['_KMUTANT']],
+    'TreeTx' : [ 0x34, ['pointer', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x38, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x4c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0x60, ['_GUID']],
+    'State' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0x74, ['unsigned long']],
+    'EnlistmentHead' : [ 0x78, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x80, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0x84, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0x88, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0x8c, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0x90, ['unsigned long']],
+    'PendingResponses' : [ 0x94, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0x98, ['pointer', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xa0, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0xb0, ['pointer', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0xb4, ['pointer', ['void']]],
+    'IsolationLevel' : [ 0xb8, ['unsigned long']],
+    'IsolationFlags' : [ 0xbc, ['unsigned long']],
+    'Timeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'Description' : [ 0xc8, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0xd0, ['pointer', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0xd4, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0xe4, ['_KDPC']],
+    'RollbackTimer' : [ 0x108, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x130, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x138, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x13c, ['pointer', ['_KTM']]],
+    'CommitReservation' : [ 0x140, ['long long']],
+    'TransactionHistory' : [ 0x148, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x198, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x19c, ['pointer', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x1a0, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x1a4, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x1c4, ['pointer', ['void']]],
+    'PendingPromotionCount' : [ 0x1c8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x1cc, ['_KEVENT']],
+} ],
+  '_FAKE_HEAP_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x44, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'NoPageTablesAllowed' : [ 0x3c, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x40, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0x60, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x38, ['_KMUTANT']],
+    'LinksOffset' : [ 0x58, ['unsigned short']],
+    'GuidOffset' : [ 0x5a, ['unsigned short']],
+    'Expired' : [ 0x5c, ['unsigned char']],
+} ],
+  '_LOADER_BUGCHECK_PARAMETERS' : [ 0x14, {
+    'BugcheckCode' : [ 0x0, ['unsigned long']],
+    'BugcheckParameter1' : [ 0x4, ['unsigned long']],
+    'BugcheckParameter2' : [ 0x8, ['unsigned long']],
+    'BugcheckParameter3' : [ 0xc, ['unsigned long']],
+    'BugcheckParameter4' : [ 0x10, ['unsigned long']],
+} ],
+  '_POP_FX_DRIPS_WATCHDOG_CONTEXT' : [ 0x14, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'ComponentIndex' : [ 0x8, ['unsigned long']],
+    'ChildDevices' : [ 0xc, ['pointer', ['pointer', ['_DEVICE_NODE']]]],
+    'ChildDeviceCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SUPPORTED_RANGE' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_SUPPORTED_RANGE']]],
+    'SystemAddressSpace' : [ 0x4, ['unsigned long']],
+    'SystemBase' : [ 0x8, ['long long']],
+    'Base' : [ 0x10, ['long long']],
+    'Limit' : [ 0x18, ['long long']],
+} ],
+  '__unnamed_2e5a' : [ 0x4, {
+    'NumberOfEntries' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Va' : [ 0x0, ['pointer', ['void']]],
+    'VaLong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTB_FLUSH_VA' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_2e5a']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x2c, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x8, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0xc, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x10, ['unsigned long']],
+    'LowestLink' : [ 0x14, ['unsigned long']],
+    'Dependencies' : [ 0x18, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x1c, ['_LDRP_CSLIST']],
+    'State' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x28, ['unsigned long']],
+} ],
+  '_MI_PAGE_COLORS' : [ 0xc, {
+    'PageSize' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x100, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0xc0, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0xc8, ['pointer', ['void']]],
+    'StorageInfo' : [ 0xc8, ['pointer', ['void']]],
+    'UseStorageInfo' : [ 0xcc, ['unsigned char']],
+    'PointersLength' : [ 0xd0, ['unsigned long']],
+    'ModulePrefix' : [ 0xd4, ['pointer', ['wchar']]],
+    'DriverList' : [ 0xd8, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0xe0, ['_STRING']],
+    'ProgMsg' : [ 0xe8, ['_STRING']],
+    'DoneMsg' : [ 0xf0, ['_STRING']],
+    'FileObject' : [ 0xf8, ['pointer', ['void']]],
+    'UsageType' : [ 0xfc, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_PNP_WATCHDOG' : [ 0x80, {
+    'WatchdogStart' : [ 0x0, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x8, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x30, ['_KDPC']],
+    'WatchdogEnabled' : [ 0x50, ['unsigned char']],
+    'WatchdogSecondChance' : [ 0x51, ['unsigned char']],
+    'WatchdogComplete' : [ 0x54, ['_KEVENT']],
+    'WatchdogWorkItem' : [ 0x64, ['_WORK_QUEUE_ITEM']],
+    'WatchdogContextType' : [ 0x74, ['Enumeration', dict(target = 'long', choices = {1: u'PNP_EVENT_WORKER_WATCHDOG', 2: u'PNP_DEVICE_COMPLETION_QUEUE_WATCHDOG', 3: u'PNP_DELAYED_REMOVE_WORKER_WATCHDOG'})]],
+    'WatchdogContext' : [ 0x78, ['pointer', ['void']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x8, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'Node' : [ 0x4, ['unsigned long']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x8, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_KQUEUE' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x18, ['unsigned long']],
+    'MaximumCount' : [ 0x1c, ['unsigned long']],
+    'ThreadListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x20, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0xc, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x20, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_INPUT_MAPPING_ELEMENT' : [ 0x4, {
+    'InputMappingId' : [ 0x0, ['unsigned long']],
+} ],
+  '_DESCRIPTOR' : [ 0x8, {
+    'Pad' : [ 0x0, ['unsigned short']],
+    'Limit' : [ 0x2, ['unsigned short']],
+    'Base' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2e82' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2e84' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2e86' : [ 0x8, {
+    'NotificationStructure' : [ 0x0, ['pointer', ['void']]],
+    'DeviceId' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2e88' : [ 0x4, {
+    'Notification' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_2e8a' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2e8c' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2e8e' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2e90' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_2e92' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_2e94' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_2e82']],
+    'TargetDevice' : [ 0x0, ['__unnamed_2e84']],
+    'InstallDevice' : [ 0x0, ['__unnamed_2e84']],
+    'CustomNotification' : [ 0x0, ['__unnamed_2e86']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_2e88']],
+    'PowerNotification' : [ 0x0, ['__unnamed_2e8a']],
+    'VetoNotification' : [ 0x0, ['__unnamed_2e8c']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_2e8e']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_2e90']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_2e92']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_2e84']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_2e84']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x44, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalSize' : [ 0x1c, ['unsigned long']],
+    'DeviceObject' : [ 0x20, ['pointer', ['void']]],
+    'u' : [ 0x24, ['__unnamed_2e94']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ProcessorType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'InstructionSet' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Operation' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Flags' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Level' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'CPUVersion' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'CPUBrandString' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'ProcessorId' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'TargetAddress' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'InstructionPointer' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x18, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x8, ['long']],
+    'Misses' : [ 0xc, ['unsigned long']],
+    'MissesLast' : [ 0x10, ['unsigned long']],
+    'AllStacksInUse' : [ 0x14, ['unsigned long']],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0xc, {
+    'CommonDataArea' : [ 0x0, ['pointer', ['void']]],
+    'MachineType' : [ 0x4, ['unsigned long']],
+    'VirtualBias' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2ea5' : [ 0x8, {
+    'Pch' : [ 0x0, ['unsigned char']],
+    'EmbeddedController' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 6, ['unsigned char']]],
+} ],
+  '__unnamed_2ea7' : [ 0x8, {
+    'Component' : [ 0x0, ['__unnamed_2ea5']],
+    'AsULONG64' : [ 0x0, ['unsigned long long']],
+    'AsBytes' : [ 0x0, ['array', 8, ['unsigned char']]],
+} ],
+  '_LOADER_RESET_REASON' : [ 0x30, {
+    'Supplied' : [ 0x0, ['unsigned char']],
+    'Basic' : [ 0x8, ['__unnamed_2ea7']],
+    'AdditionalInfo' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x4, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['pointer', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0xc, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'MpnId' : [ 0x4, ['unsigned short']],
+    'Node' : [ 0x6, ['unsigned short']],
+    'Channel' : [ 0x8, ['unsigned short']],
+    'IsPowerManageable' : [ 0xa, ['unsigned char']],
+    'DeepPowerState' : [ 0xb, ['unsigned char']],
+} ],
+  '_LOADER_HIVE_RECOVERY_INFO' : [ 0x14, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LegacyRecovery' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SoftRebootConflict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MostRecentLog' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'LogNextSequence' : [ 0x8, ['unsigned long']],
+    'LogMinimumSequence' : [ 0xc, ['unsigned long']],
+    'LogCurrentOffset' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2eb7' : [ 0x24, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x28, {
+    'FirmwareTypeUefi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EfiRuntimeUseIum' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EfiRuntimePageProtectionSupported' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_2eb7']],
+} ],
+  '__unnamed_2ebb' : [ 0xc, {
+    'Address' : [ 0x0, ['unsigned long']],
+    'Consumed' : [ 0x4, ['unsigned char']],
+    'ErrorCode' : [ 0x6, ['unsigned short']],
+    'ErrorIpValid' : [ 0x8, ['unsigned char']],
+    'RestartIpValid' : [ 0x9, ['unsigned char']],
+} ],
+  '_WHEA_RECOVERY_CONTEXT' : [ 0x20, {
+    'MemoryError' : [ 0x0, ['__unnamed_2ebb']],
+    'PartitionId' : [ 0x10, ['unsigned long long']],
+    'VpIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Link' : [ 0x14, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x1c, ['pointer', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x70, {
+    'Prcb' : [ 0x0, ['pointer', ['_KPRCB']]],
+    'PerfContext' : [ 0x4, ['unsigned long']],
+    'PlatformCap' : [ 0x8, ['unsigned long']],
+    'ThermalCap' : [ 0xc, ['unsigned long']],
+    'LimitReasons' : [ 0x10, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x18, ['unsigned long long']],
+    'ProcCap' : [ 0x20, ['unsigned long']],
+    'ProcFloor' : [ 0x24, ['unsigned long']],
+    'TargetPercent' : [ 0x28, ['unsigned long']],
+    'Selection' : [ 0x30, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x58, ['unsigned long']],
+    'PreviousFrequency' : [ 0x5c, ['unsigned long']],
+    'PreviousPercent' : [ 0x60, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x64, ['unsigned long']],
+    'Force' : [ 0x68, ['unsigned char']],
+    'UseQosUpdateLock' : [ 0x69, ['unsigned char']],
+    'QosUpdateLock' : [ 0x6c, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x38, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0xc, ['pointer', ['unsigned char']]],
+    'PciDeviceId' : [ 0x10, ['unsigned short']],
+    'PciVendorId' : [ 0x12, ['unsigned short']],
+    'PciBusNumber' : [ 0x14, ['unsigned char']],
+    'PciBusSegment' : [ 0x16, ['unsigned short']],
+    'PciSlotNumber' : [ 0x18, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x19, ['unsigned char']],
+    'PciFlags' : [ 0x1c, ['unsigned long']],
+    'SystemGUID' : [ 0x20, ['_GUID']],
+    'IsMMIODevice' : [ 0x30, ['unsigned char']],
+    'TerminalType' : [ 0x31, ['unsigned char']],
+    'InterfaceType' : [ 0x32, ['unsigned char']],
+    'RegisterBitWidth' : [ 0x33, ['unsigned char']],
+    'RegisterAccessSize' : [ 0x34, ['unsigned char']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'RankNumber' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'CardHandle' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'ModuleHandle' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'ExtendedRow' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'BankGroup' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'BankAddress' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'ChipIdentification' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x18, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UserModeOnly' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoInherit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x2a4, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer', ['void']]],
+    'ConsoleFlags' : [ 0x14, ['unsigned long']],
+    'StandardInput' : [ 0x18, ['pointer', ['void']]],
+    'StandardOutput' : [ 0x1c, ['pointer', ['void']]],
+    'StandardError' : [ 0x20, ['pointer', ['void']]],
+    'CurrentDirectory' : [ 0x24, ['_CURDIR']],
+    'DllPath' : [ 0x30, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x38, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x40, ['_UNICODE_STRING']],
+    'Environment' : [ 0x48, ['pointer', ['void']]],
+    'StartingX' : [ 0x4c, ['unsigned long']],
+    'StartingY' : [ 0x50, ['unsigned long']],
+    'CountX' : [ 0x54, ['unsigned long']],
+    'CountY' : [ 0x58, ['unsigned long']],
+    'CountCharsX' : [ 0x5c, ['unsigned long']],
+    'CountCharsY' : [ 0x60, ['unsigned long']],
+    'FillAttribute' : [ 0x64, ['unsigned long']],
+    'WindowFlags' : [ 0x68, ['unsigned long']],
+    'ShowWindowFlags' : [ 0x6c, ['unsigned long']],
+    'WindowTitle' : [ 0x70, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0x78, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0x80, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0x88, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0x90, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x290, ['unsigned long']],
+    'EnvironmentVersion' : [ 0x294, ['unsigned long']],
+    'PackageDependencyData' : [ 0x298, ['pointer', ['void']]],
+    'ProcessGroupId' : [ 0x29c, ['unsigned long']],
+    'LoaderThreads' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x20, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long']],
+    'ActiveCacheMatch' : [ 0x4, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0x8, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x14, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_2edc' : [ 0x4, {
+    'PasidMaxWidth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'PasidExePerm' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PasidPrivMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AtsPageAlignedRequest' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AtsGlobalInvalidate' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AtsInvalidateQueueDepth' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 14, native_type='unsigned long')]],
+} ],
+  '_IOMMU_SVM_CAPABILITIES' : [ 0xc, {
+    'AtsCapability' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PriCapability' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PasidCapability' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CapReg' : [ 0x4, ['__unnamed_2edc']],
+    'Rsvd' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2ee9' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2eeb' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_2eed' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_2ee9']],
+    'Gpt' : [ 0x0, ['__unnamed_2eeb']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0xc0, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer', ['void']]],
+    'CommonBuffer' : [ 0xc, ['array', 2, ['pointer', ['void']]]],
+    'PhysicalAddress' : [ 0x18, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x28, ['pointer', ['void']]],
+    'OpenRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'WriteRoutine' : [ 0x30, ['pointer', ['void']]],
+    'FinishRoutine' : [ 0x34, ['pointer', ['void']]],
+    'AdapterObject' : [ 0x38, ['pointer', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x3c, ['pointer', ['void']]],
+    'PortConfiguration' : [ 0x40, ['pointer', ['void']]],
+    'CrashDump' : [ 0x44, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x45, ['unsigned char']],
+    'HiberResume' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x47, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x48, ['unsigned long']],
+    'CommonBufferSize' : [ 0x4c, ['unsigned long']],
+    'TargetAddress' : [ 0x50, ['pointer', ['void']]],
+    'WritePendingRoutine' : [ 0x54, ['pointer', ['void']]],
+    'PartitionStyle' : [ 0x58, ['unsigned long']],
+    'DiskInfo' : [ 0x5c, ['__unnamed_2eed']],
+    'ReadRoutine' : [ 0x6c, ['pointer', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0x70, ['pointer', ['void']]],
+    'LogSectionTruncateSize' : [ 0x74, ['unsigned long']],
+    'Parameters' : [ 0x78, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xb8, ['pointer', ['void']]],
+    'DumpNotifyRoutine' : [ 0xbc, ['pointer', ['void']]],
+} ],
+  '_MI_SYSTEM_REGION_ANCHOR' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ActiveCooling' : [ 0x14, ['pointer', ['void']]],
+    'PassiveCooling' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PEP_WORK_INFORMATION' : [ 0x20, {
+    'WorkType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepWorkActiveComplete', 1: u'PepWorkRequestIdleState', 2: u'PepWorkDevicePower', 3: u'PepWorkRequestPowerControl', 4: u'PepWorkDeviceIdle', 5: u'PepWorkCompleteIdleState', 6: u'PepWorkCompletePerfState', 7: u'PepWorkAcpiNotify', 8: u'PepWorkAcpiEvaluateControlMethodComplete', 9: u'PepWorkMax'})]],
+    'ActiveComplete' : [ 0x4, ['_PEP_WORK_ACTIVE_COMPLETE']],
+    'IdleState' : [ 0x4, ['_PEP_WORK_IDLE_STATE']],
+    'DevicePower' : [ 0x4, ['_PEP_WORK_DEVICE_POWER']],
+    'PowerControl' : [ 0x4, ['_PEP_WORK_POWER_CONTROL']],
+    'DeviceIdle' : [ 0x4, ['_PEP_WORK_DEVICE_IDLE']],
+    'CompleteIdleState' : [ 0x4, ['_PEP_WORK_COMPLETE_IDLE_STATE']],
+    'CompletePerfState' : [ 0x4, ['_PEP_WORK_COMPLETE_PERF_STATE']],
+    'AcpiNotify' : [ 0x4, ['_PEP_WORK_ACPI_NOTIFY']],
+    'ControlMethodComplete' : [ 0x4, ['_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x8, {
+    'Start' : [ 0x0, ['pointer', ['unsigned char']]],
+    'End' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0x60, {
+    'Component' : [ 0x0, ['pointer', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x4, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x14, ['pointer', ['void']]],
+    'Flags' : [ 0x18, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x1c, ['pointer', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x20, ['unsigned long']],
+    'LastChangeStamp' : [ 0x28, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x30, ['unsigned char']],
+    'PepRegistered' : [ 0x31, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x32, ['unsigned char']],
+    'RequestDriverContext' : [ 0x34, ['pointer', ['void']]],
+    'WorkOrder' : [ 0x38, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x54, ['unsigned long']],
+    'Sets' : [ 0x58, ['pointer', ['_POP_FX_PERF_SET']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '__unnamed_2f21' : [ 0x4, {
+    'ForceEnable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '_RTL_HP_LFH_CONFIG' : [ 0xc, {
+    'MaxBlockSize' : [ 0x0, ['unsigned long']],
+    'MaxSubsegmentSize' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['__unnamed_2f21']],
+} ],
+  '_MI_ACCESS_VIOLATION_RANGE' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Va' : [ 0xc, ['pointer', ['void']]],
+    'EndVaInclusive' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE' : [ 0x18, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'CompletionFlags' : [ 0x4, ['unsigned long']],
+    'MethodStatus' : [ 0x8, ['long']],
+    'CompletionContext' : [ 0xc, ['pointer', ['void']]],
+    'OutputArgumentSize' : [ 0x10, ['unsigned long']],
+    'OutputArguments' : [ 0x14, ['pointer', ['_ACPI_METHOD_ARGUMENT_V1']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'AttemptForCantExtend' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'UnusedSegmentDeletion' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileContract' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_RESTRICTED_MODWRITES' : [ 0x3, {
+    'MaximumClusterPages' : [ 0x0, ['unsigned char']],
+    'ReducedClusterWrites' : [ 0x1, ['unsigned char']],
+    'ImposeDelay' : [ 0x2, ['unsigned char']],
+} ],
+  '_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'AbnormalResetOccurred' : [ 0x4, ['unsigned long']],
+    'OfflineMemoryDumpCapable' : [ 0x8, ['unsigned long']],
+    'ResetDataAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'ResetDataSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_ACPI_METHOD_ARGUMENT_V1' : [ 0x8, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'DataLength' : [ 0x2, ['unsigned short']],
+    'Argument' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x4, ['array', 1, ['unsigned char']]],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x4, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_WORK_ACPI_NOTIFY' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'NotifyCode' : [ 0x4, ['unsigned long']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x10, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x10, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0xc, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0xc, ['_RTL_BITMAP']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x70, {
+    'UncompressedData' : [ 0x0, ['pointer', ['unsigned char']]],
+    'MappingVa' : [ 0x4, ['pointer', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x8, ['pointer', ['void']]],
+    'CompressedDataBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'CompressTicks' : [ 0x18, ['unsigned long long']],
+    'BytesCopied' : [ 0x20, ['unsigned long long']],
+    'PagesProcessed' : [ 0x28, ['unsigned long long']],
+    'DecompressTicks' : [ 0x30, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x38, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x40, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x68, ['unsigned long']],
+    'HuffCompressCount' : [ 0x6c, ['unsigned long']],
+} ],
+  '_ETW_APC_ENTRY' : [ 0x30, {
+    'SListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Apc' : [ 0x0, ['_KAPC']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x24, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SystemClass', 1: u'ProcessorClass', 2: u'CacheClass', 3: u'AdapterClass', 4: u'ControllerClass', 5: u'PeripheralClass', 6: u'MemoryClass', 7: u'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ArcSystem', 1: u'CentralProcessor', 2: u'FloatingPointProcessor', 3: u'PrimaryIcache', 4: u'PrimaryDcache', 5: u'SecondaryIcache', 6: u'SecondaryDcache', 7: u'SecondaryCache', 8: u'EisaAdapter', 9: u'TcAdapter', 10: u'ScsiAdapter', 11: u'DtiAdapter', 12: u'MultiFunctionAdapter', 13: u'DiskController', 14: u'TapeController', 15: u'CdromController', 16: u'WormController', 17: u'SerialController', 18: u'NetworkController', 19: u'DisplayController', 20: u'ParallelController', 21: u'PointerController', 22: u'KeyboardController', 23: u'AudioController', 24: u'OtherController', 25: u'DiskPeripheral', 26: u'FloppyDiskPeripheral', 27: u'TapePeripheral', 28: u'ModemPeripheral', 29: u'MonitorPeripheral', 30: u'PrinterPeripheral', 31: u'PointerPeripheral', 32: u'KeyboardPeripheral', 33: u'TerminalPeripheral', 34: u'OtherPeripheral', 35: u'LinePeripheral', 36: u'NetworkPeripheral', 37: u'SystemMemory', 38: u'DockingInformation', 39: u'RealModeIrqRoutingTable', 40: u'RealModePCIEnumeration', 41: u'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer', ['unsigned char']]],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x50, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_FLAGS' : [ 0x2, {
+    'SecondaryInterrupt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARM_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x10, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_PEP_WORK_COMPLETE_PERF_STATE' : [ 0xc, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+    'Succeeded' : [ 0x8, ['unsigned char']],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x10, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_FREE_LARGE_PAGES' : [ 0x28, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long']]],
+    'LargePagesCount' : [ 0x8, ['array', 2, ['array', 2, ['array', 1, ['unsigned long']]]]],
+    'LargePageEntries' : [ 0x18, ['array', 2, ['array', 2, ['array', 1, ['pointer', ['_MI_FREE_LARGE_PAGE_LIST']]]]]],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x24, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x4, ['pointer', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x8, ['long']],
+    'MissedMappingsCount' : [ 0xc, ['unsigned long']],
+    'FirmwareResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'EfiMemoryMap' : [ 0x18, ['pointer', ['void']]],
+    'EfiMemoryMapSize' : [ 0x1c, ['unsigned long']],
+    'EfiMemoryMapDescriptorSize' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_WORK_IDLE_STATE' : [ 0xc, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+    'State' : [ 0x8, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'CallingAddress' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long']],
+    'Tag' : [ 0xc, ['unsigned long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x8, {
+    'NextExtension' : [ 0x0, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_SMBIOS3_TABLE_HEADER' : [ 0x18, {
+    'Signature' : [ 0x0, ['array', 5, ['unsigned char']]],
+    'Checksum' : [ 0x5, ['unsigned char']],
+    'Length' : [ 0x6, ['unsigned char']],
+    'MajorVersion' : [ 0x7, ['unsigned char']],
+    'MinorVersion' : [ 0x8, ['unsigned char']],
+    'Docrev' : [ 0x9, ['unsigned char']],
+    'EntryPointRevision' : [ 0xa, ['unsigned char']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'StructureTableMaximumSize' : [ 0xc, ['unsigned long']],
+    'StructureTableAddress' : [ 0x10, ['unsigned long long']],
+} ],
+  '_LOADER_PARAMETER_CI_EXTENSION' : [ 0x50, {
+    'CodeIntegrityOptions' : [ 0x0, ['unsigned long']],
+    'UpgradeInProgress' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsWinPE' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CustomKernelSignersAllowed' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'WhqlEnforcementDate' : [ 0x8, ['_LARGE_INTEGER']],
+    'RevocationListOffset' : [ 0x10, ['unsigned long']],
+    'RevocationListSize' : [ 0x14, ['unsigned long']],
+    'CodeIntegrityPolicyOffset' : [ 0x18, ['unsigned long']],
+    'CodeIntegrityPolicySize' : [ 0x1c, ['unsigned long']],
+    'CodeIntegrityPolicyHashOffset' : [ 0x20, ['unsigned long']],
+    'CodeIntegrityPolicyHashSize' : [ 0x24, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashOffset' : [ 0x28, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashSize' : [ 0x2c, ['unsigned long']],
+    'WeakCryptoPolicyLoadStatus' : [ 0x30, ['long']],
+    'WeakCryptoPolicyOffset' : [ 0x34, ['unsigned long']],
+    'WeakCryptoPolicySize' : [ 0x38, ['unsigned long']],
+    'SecureBootPolicyOffset' : [ 0x3c, ['unsigned long']],
+    'SecureBootPolicySize' : [ 0x40, ['unsigned long']],
+    'Reserved2' : [ 0x44, ['unsigned long']],
+    'SerializedData' : [ 0x48, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_LDRP_CSLIST' : [ 0x4, {
+    'Tail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x38, {
+    'GetTime' : [ 0x0, ['unsigned long']],
+    'SetTime' : [ 0x4, ['unsigned long']],
+    'GetWakeupTime' : [ 0x8, ['unsigned long']],
+    'SetWakeupTime' : [ 0xc, ['unsigned long']],
+    'SetVirtualAddressMap' : [ 0x10, ['unsigned long']],
+    'ConvertPointer' : [ 0x14, ['unsigned long']],
+    'GetVariable' : [ 0x18, ['unsigned long']],
+    'GetNextVariableName' : [ 0x1c, ['unsigned long']],
+    'SetVariable' : [ 0x20, ['unsigned long']],
+    'GetNextHighMonotonicCount' : [ 0x24, ['unsigned long']],
+    'ResetSystem' : [ 0x28, ['unsigned long']],
+    'UpdateCapsule' : [ 0x2c, ['unsigned long']],
+    'QueryCapsuleCapabilities' : [ 0x30, ['unsigned long']],
+    'QueryVariableInfo' : [ 0x34, ['unsigned long']],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0xc, {
+    'NextPage' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'VerifierEntry' : [ 0x4, ['pointer', ['void']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SlatKernelCodeProtected' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ExceptionHandlingReady' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_MI_STORE_INPAGE_COMPLETE_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['unsigned long']],
+    'StoreFault' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LowResourceFailure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned long')]],
+    'RemainingPageCount' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_WORK_QUEUE_MANAGER' : [ 0xb8, {
+    'Partition' : [ 0x0, ['pointer', ['_EX_PARTITION']]],
+    'Node' : [ 0x4, ['pointer', ['_ENODE']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+    'DeadlockTimer' : [ 0x18, ['_KTIMER']],
+    'ReaperEvent' : [ 0x40, ['_KEVENT']],
+    'ReaperTimer' : [ 0x50, ['_KTIMER2']],
+    'ThreadHandle' : [ 0xa8, ['pointer', ['void']]],
+    'ExitThread' : [ 0xac, ['unsigned long']],
+    'ThreadSeed' : [ 0xb0, ['unsigned long']],
+} ],
+  '_LOADER_PARAMETER_HYPERVISOR_EXTENSION' : [ 0x38, {
+    'HypervisorCrashdumpAreaPageCount' : [ 0x0, ['unsigned long']],
+    'HypervisorCrashdumpAreaSpa' : [ 0x8, ['unsigned long long']],
+    'HypervisorLaunchStatus' : [ 0x10, ['unsigned long long']],
+    'HypervisorLaunchStatusArg1' : [ 0x18, ['unsigned long long']],
+    'HypervisorLaunchStatusArg2' : [ 0x20, ['unsigned long long']],
+    'HypervisorLaunchStatusArg3' : [ 0x28, ['unsigned long long']],
+    'HypervisorLaunchStatusArg4' : [ 0x30, ['unsigned long long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x28, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x10, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x18, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_PEP_WORK_POWER_CONTROL' : [ 0x1c, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'PowerControlCode' : [ 0x4, ['pointer', ['_GUID']]],
+    'RequestContext' : [ 0x8, ['pointer', ['void']]],
+    'InBuffer' : [ 0xc, ['pointer', ['void']]],
+    'InBufferSize' : [ 0x10, ['unsigned long']],
+    'OutBuffer' : [ 0x14, ['pointer', ['void']]],
+    'OutBufferSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_PEP_WORK_DEVICE_POWER' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'PowerRequired' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeFilteredPrivateLogger', 12: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0x8, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x10, {
+    'DHCPServerACK' : [ 0x0, ['pointer', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x4, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x8, ['pointer', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0xc, ['unsigned long']],
+} ],
+  '_BOOT_ENTROPY_LDR_RESULT' : [ 0x798, {
+    'maxEntropySources' : [ 0x0, ['unsigned long']],
+    'EntropySourceResult' : [ 0x8, ['array', 8, ['_BOOT_ENTROPY_SOURCE_LDR_RESULT']]],
+    'SeedBytesForCng' : [ 0x348, ['array', 48, ['unsigned char']]],
+    'RngBytesForNtoskrnl' : [ 0x378, ['array', 1024, ['unsigned char']]],
+    'KdEntropy' : [ 0x778, ['array', 32, ['unsigned char']]],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x40, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0xc, ['pointer', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x10, ['pointer', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x14, ['pointer', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x18, ['pointer', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x1c, ['pointer', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x20, ['pointer', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x24, ['pointer', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x28, ['pointer', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x2c, ['pointer', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x30, ['pointer', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x34, ['pointer', ['void']]],
+    'PreQueryOpen' : [ 0x38, ['pointer', ['void']]],
+    'PostQueryOpen' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x18, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x14, ['pointer', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PEP_WORK_COMPLETE_IDLE_STATE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x4, ['unsigned long']],
+} ],
+  '_PEP_WORK_ACTIVE_COMPLETE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x24, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x10, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_2fca' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x4, ['pointer', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_2fcc' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x28, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x8, ['unsigned long long']],
+    'Unit' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x18, ['__unnamed_2fca']],
+    'Range' : [ 0x18, ['__unnamed_2fcc']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CURDIR' : [ 0xc, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_BOOT_ENTROPY_SOURCE_LDR_RESULT' : [ 0x68, {
+    'SourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceNone', 1: u'BootEntropySourceSeedfile', 2: u'BootEntropySourceExternal', 3: u'BootEntropySourceTpm', 4: u'BootEntropySourceRdrand', 5: u'BootEntropySourceTime', 6: u'BootEntropySourceAcpiOem0', 7: u'BootEntropySourceUefi', 8: u'BootMaxEntropySources'})]],
+    'Policy' : [ 0x8, ['unsigned long long']],
+    'ResultCode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceStructureUninitialized', 1: u'BootEntropySourceDisabledByPolicy', 2: u'BootEntropySourceNotPresent', 3: u'BootEntropySourceError', 4: u'BootEntropySourceSuccess'})]],
+    'ResultStatus' : [ 0x14, ['long']],
+    'Time' : [ 0x18, ['unsigned long long']],
+    'EntropyLength' : [ 0x20, ['unsigned long']],
+    'EntropyData' : [ 0x24, ['array', 64, ['unsigned char']]],
+} ],
+  'POHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '__unnamed_2fdd' : [ 0x8, {
+    'EndingOffset' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x4, ['pointer', ['pointer', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_2fdf' : [ 0x4, {
+    'ResourceToRelease' : [ 0x0, ['pointer', ['_ERESOURCE']]],
+} ],
+  '__unnamed_2fe5' : [ 0xc, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_2fe9' : [ 0x8, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NotifyTypeCreate', 1: u'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x4, ['unsigned char']],
+} ],
+  '__unnamed_2feb' : [ 0x14, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileInformation' : [ 0x4, ['pointer', ['void']]],
+    'Length' : [ 0x8, ['pointer', ['unsigned long']]],
+    'FileInformationClass' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileMaximumInformation'})]],
+    'CompletionStatus' : [ 0x10, ['long']],
+} ],
+  '__unnamed_2fed' : [ 0x14, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+    'Argument5' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x14, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_2fdd']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_2fdf']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_2fe5']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_2fe9']],
+    'QueryOpen' : [ 0x0, ['__unnamed_2feb']],
+    'Others' : [ 0x0, ['__unnamed_2fed']],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_PEP_WORK_DEVICE_IDLE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'IgnoreIdleTimeout' : [ 0x4, ['unsigned char']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+}
diff --git a/volatility/win32/hive.py b/volatility/win32/hive.py
index e968ac8d5..2bab7e9fe 100644
--- a/volatility/win32/hive.py
+++ b/volatility/win32/hive.py
@@ -28,6 +28,7 @@
 
 import volatility.obj as obj
 import volatility.addrspace as addrspace
+import volatility.win32 as win32
 import struct
 import sys
 
@@ -47,8 +48,25 @@
 class HiveAddressSpace(addrspace.BaseAddressSpace):
     def __init__(self, base, config, hive_addr, **kwargs):
         addrspace.BaseAddressSpace.__init__(self, base, config)
-        self.base = base
         self.hive = obj.Object("_HHIVE", hive_addr, base)
+
+        # Win10_17063 introduced the Registry process, change base to its address space
+        meta = self.profile.metadata
+        version = (meta.get("major", 0), meta.get("minor", 0), meta.get("build", 0))
+        if version >= (6, 4, 17063):
+            for t in win32.tasks.pslist(self.base):
+                if str(t.ImageFileName) == "Registry" and int(t.InheritedFromUniqueProcessId) == 4:
+                    reg_proc = t
+                    break
+            if reg_proc:
+                self.base = reg_proc.get_process_address_space()
+            else:
+                ## If we get here we couldn't find the Registry process so address translation
+                ## probably won't work
+                debug.warning("Couldn't locate Registry process. Registry address translation may fail.")
+        else:
+            self.base = base
+
         self.baseblock = self.hive.BaseBlock.v()
         self.flat = self.hive.Flat.v() > 0
 

From e68c0c803b0fe674e97f159acdff24b9bd343c77 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Wed, 9 May 2018 09:44:57 -0500
Subject: [PATCH 208/304] Mac - update get_profile

---
 volatility/plugins/mac/get_profile.py | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/volatility/plugins/mac/get_profile.py b/volatility/plugins/mac/get_profile.py
index b4b9edcac..e2a7ee348 100644
--- a/volatility/plugins/mac/get_profile.py
+++ b/volatility/plugins/mac/get_profile.py
@@ -45,7 +45,6 @@
 ["MacYosemite_10_10_5_14F2411x64", 18446743523963601536, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F2511x64", 18446743523963610096, 18446743523964534784, 1],
 ["MacYosemite_10_10_5_14F27x64", 18446743523963608608, 18446743523964534784, 1],
-["MacYosemite_10_10_14A389_14B25x64", 18446743523963612480, 18446743523964534784, 1],
 ["MacElCapitan_10_11_1_15B42x64", 18446743523963517744, 18446743523964555264, 1],
 ["MacElCapitan_10_11_2_15C50x64", 18446743523963517440, 18446743523964555264, 1],
 ["MacElCapitan_10_11_3_15D21_15D13bx64", 18446743523963520864, 18446743523964555264, 1],
@@ -70,7 +69,6 @@
 ["MacElCapitan_10_11_6_15G24b_15G31x64", 18446743523963515680, 18446743523964555264, 1],
 ["MacElCapitan_10_11_6_15G7ax64", 18446743523963517680, 18446743523964555264, 1],
 ["MacElCapitan_10_11_15A284x64", 18446743523963516960, 18446743523964547072, 1],
-["MacSierra_10_12_0_16A323x64", 18446743523963569392, 18446743523964379136, 1],
 ["MacSierra_10_12_1_16B2327ex64", 18446743523963564272, 18446743523964379136, 1],
 ["MacSierra_10_12_1_16B2338cx64", 18446743523963569952, 18446743523964379136, 1],
 ["MacSierra_10_12_1_16B2657x64", 18446743523963568512, 18446743523964379136, 1],
@@ -156,21 +154,20 @@
 ["MacMountainLion_10_8_5_12f37_AMDx64", 18446743523961347136, 18446743523962273792, 1],
 ["MacMountainLion_10_8_5_12f45_AMDx64", 18446743523961347136, 18446743523962273792, 1],
 ["MacMavericks_10_9_1_13b42_13a603x64", 18446743523961749984, 18446743523962273792, 1],
-["MacMavericks_10_9_1_AMDx64", 18446743523961749984, 18446743523962273792, 1],
 ["MacMavericks_10_9_2_13C1021_AMDx64", 18446743523961751392, 18446743523962273792, 1],
 ["MacMavericks_10_9_2_13c64x64", 18446743523961753424, 18446743523962273792, 1],
-["MacMavericks_10_9_2_13C64_AMDx64", 18446743523961753424, 18446743523962273792, 1],
 ["MacMavericks_10_9_3_13d65x64", 18446743523961765744, 18446743523962273792, 1],
-["MacMavericks_10_9_3_AMDx64", 18446743523961765744, 18446743523962273792, 1],
 ["MacMavericks_10_9_4_13e28x64", 18446743523961767008, 18446743523962273792, 1],
-["MacMavericks_10_9_4_AMDx64", 18446743523961767008, 18446743523962273792, 1],
-["MacMavericks_10_9_5_13F1077_AMDx64", 18446743523961774256, 18446743523962273792, 1],
 ["MacMavericks_10_9_5_13F1911_AMDx64", 18446743523961774096, 18446743523962273792, 1],
 ["MacMavericks_10_9_5_13f34x64", 18446743523961765968, 18446743523962273792, 1],
-["MacMavericks_10_9_5_AMDx64", 18446743523961765968, 18446743523962273792, 1],
 ["MacMavericks_10_9_13F1077x64", 18446743523961774256, 18446743523962273792, 1],
 ]
 
+collisions_10_13_4 = {
+    "MacHighSierra_10_13_4_17E202x64" : "root:xnu-4570.51.2~1/RELEASE_X86_64",
+    "MacHighSierra_10_13_1_17B35ax64" : "root:xnu-4570.51.1~2/RELEASE_X86_64", 
+}
+
 collisions_10_8_5 = {
     "MacMountainLion_10_8_5_12F2518_AMDx64" : "xnu-2050.48.19~1",
     "MacMountainLion_10_8_5_12f37_AMDx64"   : "xnu-2050.48.11~1",
@@ -187,7 +184,7 @@
     "MacHighSierra_10_13_1_17B48x64"  : "Sep 29 18:27:05 PDT",
 }
 
-collision_sets = [collisions_10_8_5, collisions_10_12_2, collisions_10_13_1]
+collision_sets = [collisions_10_8_5, collisions_10_12_2, collisions_10_13_1, collisions_10_13_4]
 
 class catfishScan(scan.BaseScanner):
     """ Scanner for Catfish string for Mountain Lion """

From 1bbd7bc37f2f6416414eeca135d28070e65ba004 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 14 May 2018 16:15:39 -0500
Subject: [PATCH 209/304] Update bash and env processing for speed and ifconfig
 for new versions

---
 volatility/plugins/mac/ifconfig.py     |   5 +-
 volatility/plugins/overlays/mac/mac.py | 146 ++++++++++++++-----------
 2 files changed, 86 insertions(+), 65 deletions(-)

diff --git a/volatility/plugins/mac/ifconfig.py b/volatility/plugins/mac/ifconfig.py
index b83c60a4c..0736763dd 100644
--- a/volatility/plugins/mac/ifconfig.py
+++ b/volatility/plugins/mac/ifconfig.py
@@ -33,7 +33,10 @@ class mac_ifconfig(common.AbstractMacCommand):
     def calculate(self):
         common.set_plugin_members(self)    
 
-        list_head_addr = self.addr_space.profile.get_symbol("_dlil_ifnet_head")
+        list_head_addr = self.addr_space.profile.get_symbol("_ifnet_head")
+        if list_head_addr == None:
+             list_head_addr = self.addr_space.profile.get_symbol("_dlil_ifnet_head")
+
         list_head_ptr = obj.Object("Pointer", offset = list_head_addr, vm = self.addr_space)
         ifnet = list_head_ptr.dereference_as("ifnet")
 
diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 353f41516..b27b9b7f7 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -491,6 +491,8 @@ def bash_hash_entries(self):
             htable_type     = "mac64_bash_hash_table"
             nbuckets_offset = self.obj_vm.profile.get_obj_offset(htable_type, "nbuckets") 
 
+        range_end = 4096 - nbuckets_offset - 8
+
         for map in self.get_proc_maps():
             if shared_start <= map.start <= shared_end:
                 continue
@@ -506,42 +508,52 @@ def bash_hash_entries(self):
             if map.end - map.start > 0x40000000:
                 continue
 
-            off = map.start
+            chunk_off = int(map.start)
+            end       = int(map.end)
 
-            while off < map.end:
-                # test the number of buckets
-                dr = proc_as.read(off + nbuckets_offset, 4)
-                if dr == None:
-                    new_off = (off & ~0xfff) + 0xfff + 1
-                    off = new_off
-                    continue
+            while chunk_off < end: 
+                data = proc_as.read(chunk_off, 4096)
+
+                prev_off = chunk_off
+ 
+                chunk_off = chunk_off + 4096
 
-                test = struct.unpack("<I", dr)[0]
-                if test != 64:
-                    off = off + 1
+                if data == None:
                     continue
 
-                htable = obj.Object(htable_type, offset = off, vm = proc_as)
+                off = 0
                 
-                if htable.is_valid():
-                    bucket_array = obj.Object(theType="Array", targetType=addr_type, offset = htable.bucket_array, vm = htable.nbuckets.obj_vm, count = 64)
+                while off < range_end:
+                    read_off = prev_off + off 
+
+                    # test the number of buckets
+                    dr = data[off + nbuckets_offset : off + nbuckets_offset + 4]
+                    test = struct.unpack("<I", dr)[0]
+                    if test != 64:
+                        off = off + 4
+                        continue
 
-                    for bucket_ptr in bucket_array:
-                        bucket = obj.Object(bucket_contents_type, offset = bucket_ptr, vm = htable.nbuckets.obj_vm)
-                        while bucket != None and bucket.times_found > 0:  
-                            pdata = bucket.data 
+                    htable = obj.Object(htable_type, offset = read_off, vm = proc_as)
+                    
+                    if htable.is_valid():
+                        bucket_array = obj.Object(theType="Array", targetType=addr_type, offset = htable.bucket_array, vm = htable.nbuckets.obj_vm, count = 64)
 
-                            if pdata == None:
-                                bucket = bucket.next_bucket()
-                                continue
+                        for bucket_ptr in bucket_array:
+                            bucket = obj.Object(bucket_contents_type, offset = bucket_ptr, vm = htable.nbuckets.obj_vm)
+                            while bucket != None and bucket.times_found > 0:  
+                                pdata = bucket.data 
 
-                            if bucket.key != None and bucket.data != None and pdata.is_valid() and (0 <= pdata.flags <= 2):
-                                if (len(str(bucket.key)) > 0 or len(str(bucket.data.path)) > 0) and (0 < bucket.times_found <= 1024):
-                                    yield bucket
+                                if pdata == None:
+                                    bucket = bucket.next_bucket()
+                                    continue
 
-                            bucket = bucket.next_bucket()
-                
-                off = off + 1
+                                if bucket.key != None and bucket.data != None and pdata.is_valid() and (0 <= pdata.flags <= 2):
+                                    if (len(str(bucket.key)) > 0 or len(str(bucket.data.path)) > 0) and (0 < bucket.times_found <= 1024):
+                                        yield bucket
+
+                                bucket = bucket.next_bucket()
+                    
+                    off = off + 4
 
     def bash_history_entries(self):
         proc_as = self.get_process_address_space()
@@ -627,54 +639,60 @@ def _carve_mappings_for_env(self, proc_as, mappings):
             if env_start:
                 break
 
-            off = start
-          
             if length >= 0x1000000:
                 continue
+            
+            chunk_offset = start
           
-            while off < end:
+            while chunk_offset < end:
                 if env_start:
                     break
 
-                # check the first index
-                addrstr = proc_as.read(off, self.pack_size)
-                if not addrstr:
-                    off = (off & ~0xfff) + 0xfff + 1
+                data = proc_as.read(chunk_offset, 4096)
+                
+                chunk_offset = chunk_offset + 4096
+                
+                if data == None:
                     continue
-               
-                off = off + 4
  
-                addr = struct.unpack(self.pack_fmt, addrstr)[0]
-                if addr in seen_ptrs:
-                    continue
-
-                seen_ptrs[addr] = 1
-    
-                # check first idx...
-                if addr:
-                    firstaddrstr = proc_as.read(addr, self.pack_size)
-                    if not firstaddrstr or len(firstaddrstr) != self.pack_size:
-                        continue
-                    firstaddr = struct.unpack(self.pack_fmt, firstaddrstr)[0]
-                    if firstaddr in seen_firsts:
-                        continue
-                    
-                    seen_firsts[firstaddr] = 1
+                off = 0
+                # read from the buffer
+                while off < 4096 - 4:
+                    addrstr = data[off:off+self.pack_size]
+               
+                    off = off + 4
 
-                    buf = proc_as.read(firstaddr, 64)
-                    if not buf:
+                    addr = struct.unpack(self.pack_fmt, addrstr)[0]
+                    if addr in seen_ptrs:
                         continue
-                    eqidx = buf.find("=")
-                    if eqidx > 0:
-                        nullidx = buf.find("\x00")
-                        # single char name, =
-                        if nullidx >= eqidx:
-                            env_start = addr
 
-                            if not dynamic_env_hint:
-                                dynamic_env_hint = [start, end, length]
-
-                            break
+                    seen_ptrs[addr] = 1
+        
+                    # check first idx...
+                    if addr:
+                        firstaddrstr = proc_as.read(addr, self.pack_size)
+                        if not firstaddrstr or len(firstaddrstr) != self.pack_size:
+                            continue
+                        firstaddr = struct.unpack(self.pack_fmt, firstaddrstr)[0]
+                        if firstaddr in seen_firsts:
+                            continue
+                        
+                        seen_firsts[firstaddr] = 1
+
+                        buf = proc_as.read(firstaddr, 64)
+                        if not buf:
+                            continue
+                        eqidx = buf.find("=")
+                        if eqidx > 0:
+                            nullidx = buf.find("\x00")
+                            # single char name, =
+                            if nullidx >= eqidx:
+                                env_start = addr
+
+                                if not dynamic_env_hint:
+                                    dynamic_env_hint = [start, end, length]
+
+                                break
 
         return env_start         
 

From e13baff1b52334904f5b583682b15d2594941204 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 15 May 2018 17:31:25 -0500
Subject: [PATCH 210/304] add Win2008R2SP1x64_24000

---
 volatility/plugins/overlays/windows/win7.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/volatility/plugins/overlays/windows/win7.py b/volatility/plugins/overlays/windows/win7.py
index ecbd3a70f..4bc9b0be2 100644
--- a/volatility/plugins/overlays/windows/win7.py
+++ b/volatility/plugins/overlays/windows/win7.py
@@ -280,3 +280,8 @@ class Win2008R2SP1x64(Win7SP1x64):
 class Win2008R2SP1x64_23418(Win7SP1x64_23418):
     """ A Profile for Windows 2008 R2 SP1 x64 (6.1.7601.23418 / 2016-04-09) """
     _md_product = ["NtProductLanManNt", "NtProductServer"]
+
+class Win2008R2SP1x64_24000(Win7SP1x64_24000):
+    """ A Profile for Windows 2008 R2 SP1 x64 (6.1.7601.24000 / 2016-04-09) """
+    _md_product = ["NtProductLanManNt", "NtProductServer"]
+

From cee0f9ceca9da02c899d3bfdc64ec4b3bfd7dac1 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 22 May 2018 09:26:24 -0500
Subject: [PATCH 211/304] add additional sanity checks for invalid service
 records

---
 volatility/plugins/malware/svcscan.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/malware/svcscan.py b/volatility/plugins/malware/svcscan.py
index 96f20c1e5..54d0182c2 100644
--- a/volatility/plugins/malware/svcscan.py
+++ b/volatility/plugins/malware/svcscan.py
@@ -141,7 +141,10 @@ def Pid(self):
 
     def is_valid(self):
         "Check some fields for validity"
-        return obj.CType.is_valid(self) and self.Order > 0 and self.Order < 0xFFFF
+        return obj.CType.is_valid(self) and self.Order > 0 and \
+               self.Order < 0xFFFF and \
+               self.State.v() in SERVICE_STATE_ENUM and \
+               self.Start.v() in SERVICE_START_ENUM
 
     def traverse(self):
 

From 83efee3974c50e251464eaa774422464e6126067 Mon Sep 17 00:00:00 2001
From: gleeda <jamie@memoryanalysis.net>
Date: Wed, 23 May 2018 15:59:36 -0400
Subject: [PATCH 212/304] Adding back silent option for mutantscan.

Fixes issue #388
---
 volatility/plugins/filescan.py | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/volatility/plugins/filescan.py b/volatility/plugins/filescan.py
index 6b67da21b..d3fa58022 100644
--- a/volatility/plugins/filescan.py
+++ b/volatility/plugins/filescan.py
@@ -273,11 +273,14 @@ def unified_output(self, data):
     def generator(self, data):
         for mutant in data:
             header = mutant.get_object_header()
+            name = str(header.NameInfo.Name or '')
+            CID = ""
             if mutant.OwnerThread.is_valid():
                 thread = mutant.OwnerThread.dereference_as('_ETHREAD')
                 CID = "{0}:{1}".format(thread.Cid.UniqueProcess, thread.Cid.UniqueThread)
-            else:
-                CID = ""
+
+            if self._config.SILENT and not CID and not name:
+                continue
 
             yield (0, [Address(mutant.obj_offset),
                        int(header.PointerCount),
@@ -285,7 +288,7 @@ def generator(self, data):
                        str(mutant.Header.SignalState),
                        Address(mutant.OwnerThread),
                        str(CID),
-                       str(header.NameInfo.Name or '')])
+                       name])
 
     def render_text(self, outfd, data):
         self.table_header(outfd, [(self.offset_column(), '#018x'),
@@ -299,12 +302,14 @@ def render_text(self, outfd, data):
 
         for mutant in data:
             header = mutant.get_object_header()
-
+            name = str(header.NameInfo.Name or '')
+            CID = ""
             if mutant.OwnerThread.is_valid():
                 thread = mutant.OwnerThread.dereference_as('_ETHREAD')
                 CID = "{0}:{1}".format(thread.Cid.UniqueProcess, thread.Cid.UniqueThread)
-            else:
-                CID = ""
+
+            if self._config.SILENT and not CID and not name:
+                continue
 
             self.table_row(outfd,
                          mutant.obj_offset,
@@ -312,7 +317,7 @@ def render_text(self, outfd, data):
                          header.HandleCount,
                          mutant.Header.SignalState,
                          mutant.OwnerThread, CID,
-                         str(header.NameInfo.Name or ''))
+                         name)
 
 
 class PoolScanProcess(poolscan.PoolScanner):

From 9ad2619a95721d0a697e2412941c8eb41101b282 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Wed, 6 Jun 2018 11:19:28 -0500
Subject: [PATCH 213/304] Linux - add pidhashtable sanity checks

---
 volatility/plugins/linux/pidhashtable.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/pidhashtable.py b/volatility/plugins/linux/pidhashtable.py
index ba54d91ce..9b25f06cd 100644
--- a/volatility/plugins/linux/pidhashtable.py
+++ b/volatility/plugins/linux/pidhashtable.py
@@ -212,7 +212,9 @@ def calculate(self):
         func = self.determine_func()
 
         for task in func():
-            yield task
+            if 0 < task.pid < 66000:
+                if task.parent.is_valid():
+                    yield task
 
 
 

From e7eaee242af20e6b75ed042ec82c51c115cefd9b Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 11 Jun 2018 09:49:41 -0500
Subject: [PATCH 214/304] Linux - make type check specific in check_syscall

---
 volatility/plugins/linux/check_syscall.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/check_syscall.py b/volatility/plugins/linux/check_syscall.py
index a85879fac..d6d43c526 100644
--- a/volatility/plugins/linux/check_syscall.py
+++ b/volatility/plugins/linux/check_syscall.py
@@ -187,7 +187,7 @@ def get_syscalls(self, index_info = None, get_hidden = False, compute_name = Tru
         else:
             visible_mods = []
 
-        if not index_info:
+        if index_info == None:
             index_info = self._find_and_parse_index_file()
 
         table_name = self.addr_space.profile.metadata.get('memory_model', '32bit')

From 62b516682d08a3af7af4b79c435086a40929cdff Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 11 Jun 2018 13:08:47 -0500
Subject: [PATCH 215/304] Linux - add cache for per-process file path lookups

---
 volatility/plugins/linux/common.py         | 9 +++++++--
 volatility/plugins/overlays/linux/linux.py | 2 ++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/linux/common.py b/volatility/plugins/linux/common.py
index 037cecb33..f1bbcce5b 100644
--- a/volatility/plugins/linux/common.py
+++ b/volatility/plugins/linux/common.py
@@ -186,8 +186,13 @@ def _get_path_file(task, filp):
     rmnt    = task.fs.get_root_mnt()
     dentry  = filp.dentry
     vfsmnt  = filp.vfsmnt
-    
-    return do_get_path(rdentry, rmnt, dentry, vfsmnt)
+   
+    key = "%x|%x|%x|%x" % (rdentry.v(), rmnt.v(), dentry.v(), vfsmnt.v())
+
+    if not key in task.obj_vm.profile.dentry_cache:
+        task.obj_vm.profile.dentry_cache[key] = do_get_path(rdentry, rmnt, dentry, vfsmnt)
+
+    return task.obj_vm.profile.dentry_cache[key]
 
 def get_new_sock_pipe_path(task, filp):
     dentry = filp.dentry
diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 83ffc8c60..c798399a4 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -212,6 +212,7 @@ def __init__(self, *args, **kwargs):
             # change the name to catch any code referencing the old hash table
             self.sys_map = {}
             self.sym_addr_cache = {}
+            self.dentry_cache = {}
             self.physical_shift = 0
             self.virtual_shift = 0
             obj.Profile.__init__(self, *args, **kwargs)
@@ -220,6 +221,7 @@ def clear(self):
             """Clear out the system map, and everything else"""
             self.sys_map = {}
             self.sym_addr_cache = {}
+            self.dentry_cache = {}
             self.physical_shift = 0
             self.virtual_shift = 0
             obj.Profile.clear(self)

From 0e41cc5db6a1b8d2c8d79ad9fb4b6347d3669675 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 11 Jun 2018 13:48:31 -0500
Subject: [PATCH 216/304] Linux - speed up bash environment variable recovery

---
 volatility/plugins/overlays/linux/linux.py | 50 ++++++++++++++++------
 1 file changed, 38 insertions(+), 12 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index c798399a4..62151c2d2 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -1627,22 +1627,35 @@ def bash_history_entries(self):
             yield hist              
 
     def _dynamic_env(self, proc_as, pack_format, addr_sz):
+        # preload address 0
+        addr_cache = {0 : 1}
+
         for vma in self.get_proc_maps():
             if not (vma.vm_file and str(vma.vm_flags) == "rw-"):
                 continue
             
             fname = vma.info(self)[0]
 
-            if fname.find("ld") == -1 and fname != "/bin/bash":
+            if fname.find("ld") == -1 and (not fname.endswith(("/bin/bash", "/bin/dash", "/bin/sh"))):
                 continue
 
             env_start = 0
-            for off in range(vma.vm_start, vma.vm_end):
+       
+            vma_start = int(vma.vm_start)
+            vma_end = int(vma.vm_end)
+            vma_len = vma_end - vma_start
+            vma_data = proc_as.zread(vma_start, vma_len)
+
+            for off in range(0, vma_len - addr_sz, 4):
                 # check the first index
-                addrstr = proc_as.read(off, addr_sz)
-                if not addrstr or len(addrstr) != addr_sz:
-                    continue
+                addrstr = vma_data[off:off+addr_sz]
                 addr = struct.unpack(pack_format, addrstr)[0]
+
+                if addr in addr_cache:
+                    continue
+
+                addr_cache[addr] = 1
+
                 # check first idx...
                 if addr:
                     firstaddrstr = proc_as.read(addr, addr_sz)
@@ -1693,12 +1706,17 @@ def _dynamic_env(self, proc_as, pack_format, addr_sz):
                         break
 
     def _shell_variables(self, proc_as, pack_format, addr_sz):
+        # preload cache with address 0
+        ptr_cache = {0 : 1}
+            
+        nbuckets_offset = self.obj_vm.profile.get_obj_offset("_bash_hash_table", "nbuckets") 
+
         bash_was_last = False
         for vma in self.get_proc_maps():
             if vma.vm_file:
                 fname = vma.info(self)[0]
        
-                if fname.endswith("/bin/bash"):
+                if fname.endswith(("/bin/bash", "/bin/dash", "/bin/sh")):
                     bash_was_last = True
                 else:
                     bash_was_last = False
@@ -1711,15 +1729,20 @@ def _shell_variables(self, proc_as, pack_format, addr_sz):
             if bash_was_last == False:
                 continue
         
-            nbuckets_offset = self.obj_vm.profile.get_obj_offset("_bash_hash_table", "nbuckets") 
+            vma_start = int(vma.vm_start)
+            vma_end = int(vma.vm_end)
+            vma_len = vma_end - vma_start
+            vma_data = proc_as.zread(vma_start, vma_len)
 
-            for off in range(vma.vm_start, vma.vm_end, 4):
-                ptr_test = proc_as.read(off, addr_sz)
-                if not ptr_test:
+            for off in range(0, vma_len - addr_sz, 4):
+                ptr_test = vma_data[off:off+addr_sz]
+                
+                ptr = struct.unpack(pack_format, ptr_test)[0]
+                if ptr in ptr_cache:
                     continue
 
-                ptr = struct.unpack(pack_format, ptr_test)[0]
-                
+                ptr_cache[ptr] = 1
+
                 ptr_test2 = proc_as.read(ptr + 20, addr_sz)
                 if not ptr_test2:
                     continue
@@ -1745,6 +1768,9 @@ def bash_environment(self):
         # In cases when mm is an invalid pointer 
         if not proc_as:
             return
+        
+        if str(self.comm) not in ["sh", "dash", "bash"]:
+            return
 
         # Are we dealing with 32 or 64-bit pointers
         if self.obj_vm.profile.metadata.get('memory_model', '32bit') == '32bit':

From be4dad11316265c81642d4eaef513f71a643735a Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 11 Jun 2018 17:57:37 -0500
Subject: [PATCH 217/304] Linux - add sanity checks to uid/gid

---
 volatility/plugins/overlays/linux/linux.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 62151c2d2..4bee36c72 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -1285,6 +1285,9 @@ def uid(self):
         if type(ret) in [obj.CType, obj.NativeType]:
             ret = ret.v()
 
+        if ret > 1000000:
+            ret = -1
+
         return ret
 
     @property
@@ -1304,6 +1307,9 @@ def gid(self):
         if type(ret) == obj.CType:
             ret = ret.v()
 
+        if ret > 1000000:
+            ret = -1
+
         return ret
 
     @property

From a48aa66856bb59980c733b96fafb7b5cec7b00f9 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Tue, 12 Jun 2018 13:38:15 -0500
Subject: [PATCH 218/304] Linux - sanity check height member

---
 volatility/plugins/linux/find_file.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/volatility/plugins/linux/find_file.py b/volatility/plugins/linux/find_file.py
index 0ee07236a..1a46e38ca 100644
--- a/volatility/plugins/linux/find_file.py
+++ b/volatility/plugins/linux/find_file.py
@@ -240,6 +240,14 @@ def radix_tree_lookup_slot(self, root, index):
 
         if hasattr(node, "height"):
             height = node.height
+
+            height = height & 0xfff
+            # this check is needed as gcc seems to produce a 0 value when a shift value is negative
+            # Python throws a backtrace in this situation though
+            # setting to 0 will cause the later -1 to equal 0, and match the runtime behaviour of the kernel
+            if height == 0:
+                height = 1
+
         elif hasattr(node, "path"):
             height = node.path
 

From cbb24d78c8ce9638a9bbca84092be3fa97a7819c Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Thu, 14 Jun 2018 12:43:02 -0500
Subject: [PATCH 219/304] Add is_valid method to route enumeration

---
 volatility/plugins/overlays/mac/mac.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index b27b9b7f7..81dca3832 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1272,6 +1272,11 @@ def lsof(self):
                 yield f, path, i
 
 class rtentry(obj.CType):
+    def is_valid(self):
+        return str(self.source_ip) != "" and \
+                str(self.dest_ip) != "" and \
+                (0 <= int(self.sent) < 50000000000) and \
+                (0 <= int(self.rx) < 50000000000)
 
     def get_time(self):
         if not hasattr(self, "base_calendartime"):

From aa6b960c1077e447bda9d64df507ec02f8fcc958 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Thu, 14 Jun 2018 12:43:52 -0500
Subject: [PATCH 220/304] Add is_valid method to route enumeration

---
 volatility/plugins/mac/route.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/mac/route.py b/volatility/plugins/mac/route.py
index 8031594ce..cffb4d3b5 100644
--- a/volatility/plugins/mac/route.py
+++ b/volatility/plugins/mac/route.py
@@ -85,7 +85,8 @@ def calculate(self):
         rts = self._get_table(ipv4table)
 
         for rt in rts:
-            yield rt
+            if rt.is_valid():
+                yield rt
 
     def unified_output(self, data):
 

From dc389a370c147565bd94515c3452daa2b78e3732 Mon Sep 17 00:00:00 2001
From: Jamie Levy <jamie@memoryanalysis.net>
Date: Tue, 3 Jul 2018 10:45:33 -0500
Subject: [PATCH 221/304] dumpfiles:

fixes a crash that occurs when dumping a specific file
at a given physical address and using the output renderers
---
 volatility/plugins/dumpfiles.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/dumpfiles.py b/volatility/plugins/dumpfiles.py
index 5f5fdc7c5..e480665db 100644
--- a/volatility/plugins/dumpfiles.py
+++ b/volatility/plugins/dumpfiles.py
@@ -1076,7 +1076,7 @@ def generator(self, data):
                     summaryfo.write("\n")
                 yield(0, ["DataSectionObject",
                     Address(summaryinfo['fobj']),
-                    int(summaryinfo['pid']),
+                    int(summaryinfo['pid']) if summaryinfo['pid'] else -1,
                     str(summaryinfo['name']),
                     str(summaryinfo['ofpath']),
                     Bytes(of.getvalue())])
@@ -1143,7 +1143,7 @@ def generator(self, data):
                     summaryfo.write("\n")
                 yield(0, ["SharedCacheMap",
                     Address(summaryinfo['fobj']),
-                    int(summaryinfo['pid']),
+                    int(summaryinfo['pid']) if summaryinfo['pid'] else -1,
                     str(summaryinfo['name']),
                     str(summaryinfo['ofpath']),
                     Bytes(of.getvalue())])

From ce39efd207deaa54d9d97643e5196245bd460750 Mon Sep 17 00:00:00 2001
From: Dave Lassalle <dave@superponible.com>
Date: Fri, 20 Jul 2018 12:23:19 -0500
Subject: [PATCH 222/304] additional Win10 17134 updates

---
 volatility/plugins/bigpagepools.py    | 2 +-
 volatility/plugins/malware/svcscan.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index 083166f5b..5b9e63d04 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344]],
             (6, 4, '32bit') : [[-168, -164], [-160, -172]],
         }
 
diff --git a/volatility/plugins/malware/svcscan.py b/volatility/plugins/malware/svcscan.py
index 54d0182c2..982cca2e1 100644
--- a/volatility/plugins/malware/svcscan.py
+++ b/volatility/plugins/malware/svcscan.py
@@ -331,7 +331,7 @@ class Service10_16299x64(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows',
                   'major': lambda x: x == 6,
                   'minor': lambda x: x == 4,
-                  'build': lambda x: x == 16299,
+                  'build': lambda x: x >= 16299,
                   'memory_model': lambda x: x == '64bit'}
 
     def modification(self, profile):
@@ -403,7 +403,7 @@ class Service10_16299x86(obj.ProfileModification):
     conditions = {'os': lambda x: x == 'windows',
                   'major': lambda x: x == 6,
                   'minor': lambda x: x == 4,
-                  'build': lambda x: x == 16299,
+                  'build': lambda x: x >= 16299,
                   'memory_model': lambda x: x == '32bit'}
 
     def modification(self, profile):

From 8284cbdf5e92437a701e0e5177b66b29ab5f0620 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Mon, 13 Aug 2018 16:40:19 -0500
Subject: [PATCH 223/304] add additional registry offsets for recent windows 10
 patches

---
 volatility/plugins/bigpagepools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index 5b9e63d04..86679cc62 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200]],
             (6, 4, '32bit') : [[-168, -164], [-160, -172]],
         }
 

From c374159750cfbef445889cfbfae61dbb93cdba3f Mon Sep 17 00:00:00 2001
From: Dave Lassalle <dave@superponible.com>
Date: Fri, 17 Aug 2018 11:59:46 -0500
Subject: [PATCH 224/304] update full_key_name() for version of win10

---
 volatility/plugins/overlays/windows/win10.py | 33 ++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 36e1ff30f..972dc5ed9 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -31,6 +31,7 @@
 import volatility.win32.tasks as tasks 
 import volatility.debug as debug
 import volatility.plugins.overlays.windows.win8 as win8
+from volatility.win32.rawreg import KEY_FLAGS
 
 try:
     import distorm3
@@ -44,6 +45,32 @@ class _HMAP_ENTRY(obj.CType):
     def BlockAddress(self):
         return self.PermanentBinAddress & 0xFFFFFFFFFFF0
 
+class _CM_KEY_BODY(windows._CM_KEY_BODY):
+    """Registry key"""
+
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x >= 14393,
+                  }
+
+    def full_key_name(self):
+        output = []
+        kcb = self.KeyControlBlock
+        seen = []
+        while kcb.ParentKcb and kcb.ParentKcb.obj_offset not in seen:
+            if kcb.NameBlock.Name == None:
+                break
+            # Win10/Win2016 14393 and later skip KCB's with KEY_HIVE_ENTRY flag set
+            if (kcb.Flags & KEY_FLAGS["KEY_HIVE_ENTRY"] == KEY_FLAGS["KEY_HIVE_ENTRY"]):
+                kcb = kcb.ParentKcb
+                if not kcb:
+                    break
+            output.append(str(kcb.NameBlock.Name))
+            kcb = kcb.ParentKcb
+            seen.append(kcb.obj_offset)
+        return "\\".join(reversed(output))
+
 class Win10Registry(obj.ProfileModification):
     """The Windows 10 registry HMAP"""
 
@@ -93,6 +120,12 @@ def modification(self, profile):
             'DTBSignature' : [ None, ['VolatilityMagic', dict(value = signature)]],
             }]})
 
+class Win10ObjectClasses(obj.ProfileModification):
+    before = ['WindowsOverlay', 'WindowsObjectClasses']
+
+    def modification(self, profile):
+        profile.object_classes.update({'_CM_KEY_BODY' : _CM_KEY_BODY,})
+
 class Win10KDBG(windows.AbstractKDBGMod):
     """The Windows 10 KDBG signatures"""
 

From 8615b01c4664d1036436c0d003324d8af5577a0f Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Fri, 24 Aug 2018 20:36:59 -0500
Subject: [PATCH 225/304] Update for Linux scanning to support thread_info
 member of task_struct

---
 volatility/plugins/overlays/linux/linux.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 4bee36c72..dcbe2c970 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2344,6 +2344,7 @@ def generate_suggestions(self):
        
         comm_offset   = profile.get_obj_offset("task_struct", "comm")
         pid_offset    = profile.get_obj_offset("task_struct", "pid")
+        state_offset  = profile.get_obj_offset("task_struct", "state")
         files_offset  = profile.get_obj_offset("task_struct", "files") 
         mm_offset     = profile.get_obj_offset("task_struct", "active_mm")
         pas           = self.obj_vm
@@ -2373,7 +2374,7 @@ def generate_suggestions(self):
             for swapper_offset in scanner.scan(self.obj_vm):
                 swapper_address = swapper_offset - comm_offset
 
-                if pas.read(swapper_address, 4) != "\x00\x00\x00\x00":
+                if pas.read(swapper_address + state_offset, 4) != "\x00\x00\x00\x00":
                     continue
 
                 if pas.read(swapper_address + pid_offset, 4) != "\x00\x00\x00\x00":

From 1159a217ca63db61fe4124183b6da36148a0bd2e Mon Sep 17 00:00:00 2001
From: Dave Lassalle <dave@superponible.com>
Date: Wed, 5 Sep 2018 16:08:57 -0500
Subject: [PATCH 226/304] additional bigpagepool offset

---
 volatility/plugins/bigpagepools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index 86679cc62..76a7e2a0d 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200], [40, 32]],
             (6, 4, '32bit') : [[-168, -164], [-160, -172]],
         }
 

From 76c3f09ee45b68b4de198c81741a355a76c10a32 Mon Sep 17 00:00:00 2001
From: Fabio <pagabuc@gmail.com>
Date: Mon, 24 Sep 2018 14:06:37 +0200
Subject: [PATCH 227/304] refactor in plt_hook_info to avoid to gather the
 mappings of the process for every elf relocation

---
 volatility/plugins/overlays/linux/linux.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index dcbe2c970..9c56b29fc 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -1419,7 +1419,8 @@ def ldrmodules(self):
 
     def plt_hook_info(self):
         elfs = dict()
-
+        task_proc_maps = list(self.get_proc_maps())
+        
         for elf, elf_start, elf_end, soname, needed in self.elfs():
             elfs[(self, soname)] = (elf, elf_start, elf_end, needed)
 
@@ -1473,7 +1474,7 @@ def plt_hook_info(self):
 
                 hookdesc = ''
                 vma = None
-                for i in task.get_proc_maps():
+                for i in task_proc_maps:
                     if addr >= i.vm_start and addr < i.vm_end:
                         vma = i
                         break                    

From 1ed98b827bc772e68233d20d807625532a5cba7e Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Mon, 24 Sep 2018 10:16:04 -0500
Subject: [PATCH 228/304] add a good amount of new big pool offsets (for
 registry analysis of win10 samples)

---
 volatility/plugins/bigpagepools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index 76a7e2a0d..a8c3d8bf7 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200], [40, 32]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200], [40, 32], [-5200, -5208], [64, 24], [-10328, -10320], [32, 40], [-56, -64], [-10312, -10320], [24, 64], [-10304, -10344], [-64, -72], [-10328, -10336], [40, 48], [10304, 10296], [10304, 16], [-5192, -5184], [10320, 10312], [-64, -56], [-40, -64], [-10320, -10344], [-48, -72], [-72, -64], [-10304, -10328], [-56, -48]],
             (6, 4, '32bit') : [[-168, -164], [-160, -172]],
         }
 

From 4eb70b302a10e567a7fa689d5db943df0b5032dc Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Thu, 27 Sep 2018 13:22:16 -0500
Subject: [PATCH 229/304] Fix DTB finding to account for multiple copies of the
 init_task structure

---
 volatility/plugins/overlays/linux/linux.py | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index dcbe2c970..84e521c32 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2347,8 +2347,17 @@ def generate_suggestions(self):
         state_offset  = profile.get_obj_offset("task_struct", "state")
         files_offset  = profile.get_obj_offset("task_struct", "files") 
         mm_offset     = profile.get_obj_offset("task_struct", "active_mm")
-        pas           = self.obj_vm
         
+        # this appeared around 2.6.24, which we only need it for samples with KASLR, which came much later
+        try:
+            sched_class_offset = profile.get_obj_offset("task_struct", "sched_class")
+            idle_class_addr    = tbl["idle_sched_class"][0][0] + virtual_shift_address
+        except KeyError:
+            sched_class_offset = -1
+            idle_class_addr    = -1
+
+        pas           = self.obj_vm
+
         if physical_shift_address != 0 and virtual_shift_address != 0:
             good_dtb = (dtb_sym_addr - shifts[0] - virtual_shift_address) + physical_shift_address
             self.obj_vm.profile.physical_shift = physical_shift_address 
@@ -2389,6 +2398,13 @@ def generate_suggestions(self):
                 if pas.zread(good_dtb, 8) != "\x00\x00\x00\x00\x00\x00\x00\x00":
                     continue
 
+                if sched_class_offset != -1:
+                    sched_class_val = pas.read(swapper_address + sched_class_offset, read_sz)
+                    sched_class_addr = struct.unpack(fmt, sched_class_val)[0]
+ 
+                    if (sched_class_addr & 0xfff) != (idle_class_addr & 0xfff):
+                        continue
+
                 files_buf  = pas.read(swapper_address + files_offset, read_sz)
                 files_addr = struct.unpack(fmt, files_buf)[0]
 
@@ -2398,7 +2414,7 @@ def generate_suggestions(self):
                 self.obj_vm.profile.virtual_shift  = tmp_virtual_shift
  
                 break
-        
+
         yield good_dtb
 
 # the intel check, simply checks for the static paging of init_task

From 2ce4c7f039d4ddc9be65de4f165ca1e6d7593879 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 1 Oct 2018 12:41:25 -0500
Subject: [PATCH 230/304] Add support for the new process tracking radix tree
 in kernels 4.15+

---
 volatility/plugins/linux/pidhashtable.py | 100 ++++++++++++++++++++++-
 1 file changed, 99 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/pidhashtable.py b/volatility/plugins/linux/pidhashtable.py
index 9b25f06cd..a35ae688b 100644
--- a/volatility/plugins/linux/pidhashtable.py
+++ b/volatility/plugins/linux/pidhashtable.py
@@ -191,10 +191,102 @@ def get_both(self):
 
         return func
 
+    def radix_tree_is_internal_node(self, ptr):
+        if hasattr(ptr, "v"):
+            ptr = ptr.v()
+
+        return ptr & 3 == 1
+
+    def radix_tree_is_indirect_ptr(self, ptr):
+        return ptr & 1
+
+    def radix_tree_indirect_to_ptr(self, ptr):
+        return obj.Object("radix_tree_node", offset = ptr & ~1, vm = self.addr_space)
+
+
+    def _walk_idr_node(self, node, height, idx):
+        for i in range(self.RADIX_TREE_MAP_SIZE):
+            shift = (height - 1) * self.RADIX_TREE_MAP_SHIFT  
+
+            slot = node.slots[i]
+
+            if slot == 0:
+                continue
+
+            slot = self.radix_tree_indirect_to_ptr(slot)
+
+            if height == 1:
+                yield slot
+            else:
+                child_index = idx | (i << shift)
+                for child_slot in self._walk_idr_node(slot, height - 1, child_index):
+                    yield child_slot
+
+    # adapted from tools.c of crash
+    def _walk_pid_ns_idr(self):
+        self.RADIX_TREE_MAP_SHIFT = 6
+        self.RADIX_TREE_MAP_SIZE = 1 << self.RADIX_TREE_MAP_SHIFT
+        self.RADIX_TREE_MAP_MASK = self.RADIX_TREE_MAP_SIZE - 1
+
+        ns_addr = self.addr_space.profile.get_symbol("init_pid_ns")
+        ns = obj.Object("pid_namespace", offset = ns_addr, vm = self.addr_space)
+        
+        root = ns.idr.idr_rt
+
+        node = root.rnode
+        if not node.is_valid():
+            return 
+
+        height = 0
+
+        if hasattr(node, "height"):
+            height = node.height
+
+            if height == 0:
+                height = 1
+
+        is_indirect = self.radix_tree_is_indirect_ptr(node)
+        node = self.radix_tree_indirect_to_ptr(node)
+        
+        if is_indirect and hasattr(node, "shift"):
+            height = (node.shift / self.RADIX_TREE_MAP_SHIFT) + 1
+
+        if height == 0:
+            yield node  
+        else:
+            for child_node in self._walk_idr_node(node, height, 0):
+                yield child_node
+
+    def _task_for_radix_pid_node(self, node):
+        pid = obj.Object("pid", offset = node.v(), vm = self.addr_space)
+
+        pid_tasks_0 = pid.tasks[0].first
+
+        if pid_tasks_0 == 0:
+            task = None
+        else:
+            if self.addr_space.profile.obj_has_member("task_struct", "pids"):
+                offset = self.addr_space.profile.get_obj_offset("task_struct", "pids")
+            elif self.addr_space.profile.obj_has_member("task_struct", "pid_links"):
+                offset = self.addr_space.profile.get_obj_offset("task_struct", "pid_links")
+            else:
+                debug.error("Unable to determine task_struct pids member")
+            
+            task = obj.Object("task_struct", offset = pid_tasks_0 - offset, vm = self.addr_space)
+        
+        return task 
+        
+    def pid_namespace_idr(self):
+        for node in self._walk_pid_ns_idr():
+            task = self._task_for_radix_pid_node(node)
+            if task != None:
+                yield task    
+
     def determine_func(self):
         pidhash = self.addr_space.profile.get_symbol("pidhash")
         pid_hash = self.addr_space.profile.get_symbol("pid_hash")
         pidhash_shift = self.addr_space.profile.get_symbol("pidhash_shift")
+        pid_idr  = self.profile.obj_has_member("pid_namespace", "idr")
 
         if pid_hash and pidhash_shift:
             func = self.get_both()
@@ -205,12 +297,18 @@ def determine_func(self):
         elif pidhash:
             func = self.refresh_pid_hash_task_table
 
+        elif pid_idr:
+            func = self.pid_namespace_idr            
+
+        else:
+            self.profile_unsupported("determine_func")             
+
         return func
 
     def calculate(self):
         linux_common.set_plugin_members(self)
         func = self.determine_func()
-
+        
         for task in func():
             if 0 < task.pid < 66000:
                 if task.parent.is_valid():

From 49896432af4ac64e4d44978b40d36bae6e309dca Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Mon, 8 Oct 2018 09:11:03 -0500
Subject: [PATCH 231/304] Linux - update types to support ssizetype

---
 volatility/dwarf.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/volatility/dwarf.py b/volatility/dwarf.py
index 211cdb42b..89feb7131 100644
--- a/volatility/dwarf.py
+++ b/volatility/dwarf.py
@@ -49,6 +49,7 @@ class DWARFParser(object):
         'unsigned char': 'unsigned char',
         'unsigned int': 'unsigned int',
         'sizetype' : 'unsigned long',
+        'ssizetype' : 'long',
     }
 
 

From 725ae29b351b3d44e90cc2519da92d56cca1ded0 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Tue, 9 Oct 2018 20:39:17 -0500
Subject: [PATCH 232/304] Linux - prevent enumerating memory mappings of
 smeared processes

---
 volatility/plugins/overlays/linux/linux.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 84e521c32..9f5362ef9 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -1915,7 +1915,7 @@ def threads(self):
         return threads
 
     def get_proc_maps(self):
-        if not self.mm:
+        if not self.mm or self.get_process_address_space() == None:
             return
         seen = {}
         for vma in linux_common.walk_internal_list("vm_area_struct", "vm_next", self.mm.mmap):

From 343753c64f25a28688b89318303cf1a2fa6d091e Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Wed, 10 Oct 2018 22:43:57 -0500
Subject: [PATCH 233/304] Linux - update operations member checking to avoid
 RedHat stupidity

---
 volatility/plugins/linux/common.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/volatility/plugins/linux/common.py b/volatility/plugins/linux/common.py
index f1bbcce5b..efe68cb20 100644
--- a/volatility/plugins/linux/common.py
+++ b/volatility/plugins/linux/common.py
@@ -102,6 +102,10 @@ def verify_ops(self, ops, op_members, modules):
             return
 
         for check in op_members:
+            # redhat-specific garbage
+            if check.startswith("__UNIQUE_ID_rh_kabi_hide"):
+                continue
+
             addr = int(ops.m(check))
 
             if addr and addr != 0 and addr != -1:

From 57c69e5ae1d3bbdc205d3d24d45d8e2b0d93316c Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Wed, 10 Oct 2018 23:12:12 -0500
Subject: [PATCH 234/304] Linux - skip smeared vm_area_struct instances

---
 volatility/plugins/overlays/linux/linux.py | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index 9f5362ef9..caed3ffa1 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -1080,6 +1080,23 @@ def is_valid(self):
         return valid
 
 class vm_area_struct(obj.CType):
+    def is_valid(self):
+        start = self.vm_start.v()
+        end   = self.vm_end.v()
+        pgoff = self.vm_pgoff.v()
+
+        valid = True
+
+        if  (start > end) or \
+            (end - start > 100000000000) or \
+            (start > 0xff00000000000000) or \
+            (end > 0xff00000000000000) or \
+            (pgoff > 100000000000):
+
+            valid = False
+
+        return valid           
+
     def vm_name(self, task):
         if self.vm_file:
             fname = linux_common.get_path(task, self.vm_file)
@@ -1922,7 +1939,10 @@ def get_proc_maps(self):
             val = vma.v()
             if val in seen:
                 break
-
+           
+            if not vma.is_valid():
+                break
+ 
             yield vma
 
             seen[val] = 1

From d2bdef18589c494f127c7d3deb2f2f4dfc17c730 Mon Sep 17 00:00:00 2001
From: Brian Caswell <bmc@shmoo.com>
Date: Tue, 30 Oct 2018 16:37:50 -0400
Subject: [PATCH 235/304] prevent infinite looping handling fops

---
 volatility/plugins/linux/check_fops.py          | 4 ++++
 volatility/plugins/linux/check_inline_kernel.py | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/volatility/plugins/linux/check_fops.py b/volatility/plugins/linux/check_fops.py
index 237acd0af..5b250860b 100644
--- a/volatility/plugins/linux/check_fops.py
+++ b/volatility/plugins/linux/check_fops.py
@@ -121,6 +121,8 @@ def _walk_proc_old(self, cur, f_op_members, modules, parent):
                 if cur.obj_offset == last_cur:
                     break
 
+                if cur == cur.next:
+                    break
                 cur = cur.next
                 continue
 
@@ -139,6 +141,8 @@ def _walk_proc_old(self, cur, f_op_members, modules, parent):
                 subdir = subdir.next
 
             last_cur = cur.obj_offset
+            if cur == cur.next:
+                break
             cur = cur.next
 
     def _walk_rb(self, rb):
diff --git a/volatility/plugins/linux/check_inline_kernel.py b/volatility/plugins/linux/check_inline_kernel.py
index 1fc4c3bac..6d046123d 100644
--- a/volatility/plugins/linux/check_inline_kernel.py
+++ b/volatility/plugins/linux/check_inline_kernel.py
@@ -170,6 +170,8 @@ def check_proc_fop(self, f_op_members, modules):
     def walk_proc(self, cur, f_op_members, modules, parent = ""):
         while cur:
             if cur.obj_offset in self.seen_proc:
+                if cur == cur.next:
+                    break
                 cur = cur.next
                 continue
 
@@ -192,6 +194,8 @@ def walk_proc(self, cur, f_op_members, modules, parent = ""):
                     yield (sub_name, hooked_member, hook_type, hook_address)
                 subdir = subdir.next
 
+            if cur == cur.next:
+                break
             cur = cur.next
 
     def check_proc_root_fops(self, f_op_members, modules):   

From 13c6343e8433f39367049bdcd3a2c5be7f730ed8 Mon Sep 17 00:00:00 2001
From: mattura <mattura@hotmail.com>
Date: Tue, 6 Nov 2018 14:04:48 +0000
Subject: [PATCH 236/304] Fix updated pyinstaller "empty DEST" issue

Current version of pyinstaller cannot accept an empty DESTINATION, assuming current directory.
https://github.com/pyinstaller/pyinstaller/issues/3066.
This affects "hook-yara.py", "hook-distorm3.py" and "hook-openpyxl.py"
---
 pyinstaller/hook-distorm3.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyinstaller/hook-distorm3.py b/pyinstaller/hook-distorm3.py
index 883f5ac82..65cf61fa5 100755
--- a/pyinstaller/hook-distorm3.py
+++ b/pyinstaller/hook-distorm3.py
@@ -16,7 +16,7 @@
 
 for path in sys.path:
     if os.path.exists(os.path.join(path, "distorm3", "distorm3.dll")):
-        datas.append((os.path.join(path, "distorm3", "distorm3.dll"), ""))
+        datas.append((os.path.join(path, "distorm3", "distorm3.dll"), "."))
     if os.path.exists(os.path.join(path, "distorm3", "libdistorm3.so")):
-        datas.append((os.path.join(path, "distorm3", "libdistorm3.so"), ""))
+        datas.append((os.path.join(path, "distorm3", "libdistorm3.so"), "."))
 

From 4821ab67df55b5df370c90abe0e37ac1c59e00c4 Mon Sep 17 00:00:00 2001
From: mattura <mattura@hotmail.com>
Date: Tue, 6 Nov 2018 14:05:26 +0000
Subject: [PATCH 237/304] Fix updated pyinstaller "empty DEST" issue

Current version of pyinstaller cannot accept an empty DESTINATION, assuming current directory.
https://github.com/pyinstaller/pyinstaller/issues/3066.
This affects "hook-yara.py", "hook-distorm3.py" and "hook-openpyxl.py"
---
 pyinstaller/hook-openpyxl.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyinstaller/hook-openpyxl.py b/pyinstaller/hook-openpyxl.py
index 8174c176a..9d8b69346 100755
--- a/pyinstaller/hook-openpyxl.py
+++ b/pyinstaller/hook-openpyxl.py
@@ -16,4 +16,4 @@
 
 for path in sys.path:
     if os.path.exists(os.path.join(path, "openpyxl", ".constants.json")):
-        datas.append((os.path.join(path, "openpyxl", ".constants.json"), ""))
+        datas.append((os.path.join(path, "openpyxl", ".constants.json"), "."))

From 6e3b2e8100a902ede627da210df5f8b3c802f944 Mon Sep 17 00:00:00 2001
From: mattura <mattura@hotmail.com>
Date: Tue, 6 Nov 2018 14:06:01 +0000
Subject: [PATCH 238/304] Fix updated pyinstaller "empty DEST" issue

Current version of pyinstaller cannot accept an empty DESTINATION, assuming current directory.
https://github.com/pyinstaller/pyinstaller/issues/3066.
This affects "hook-yara.py", "hook-distorm3.py" and "hook-openpyxl.py"
---
 pyinstaller/hook-yara.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyinstaller/hook-yara.py b/pyinstaller/hook-yara.py
index 7481404d6..405e76230 100644
--- a/pyinstaller/hook-yara.py
+++ b/pyinstaller/hook-yara.py
@@ -5,6 +5,6 @@
 
 for path in sys.path:
     if os.path.exists(os.path.join(path, "yara.pyd")):
-        datas.append((os.path.join(path, "yara.pyd"), ""))
+        datas.append((os.path.join(path, "yara.pyd"), "."))
     if os.path.exists(os.path.join(path, "yara.so")):
-        datas.append((os.path.join(path, "yara.so"), ""))
+        datas.append((os.path.join(path, "yara.so"), "."))

From 720edbd8c1e328e0e190907d7edb104790b857c3 Mon Sep 17 00:00:00 2001
From: xtrm0 <afonso.tfaria21@gmail.com>
Date: Tue, 13 Nov 2018 15:27:13 +0000
Subject: [PATCH 239/304] Fix #565

---
 volatility/plugins/mbrparser.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/mbrparser.py b/volatility/plugins/mbrparser.py
index fb30eb0f0..8acdbd4a5 100644
--- a/volatility/plugins/mbrparser.py
+++ b/volatility/plugins/mbrparser.py
@@ -266,7 +266,8 @@ def calculate(self):
             file = open(self._config.DISK, "rb")
             self.disk_mbr = file.read(440)
             file.close()
-
+        
+        all_zeros = None
         if self._config.OFFSET:
             PARTITION_TABLE = obj.Object('PARTITION_TABLE', vm = address_space,
                                offset = self._config.OFFSET)

From ca5bee569068fa7b7735fbac045459b38430a0d4 Mon Sep 17 00:00:00 2001
From: Mifraz Murthaja <mmtech95@gmail.com>
Date: Sat, 24 Nov 2018 15:02:38 +0530
Subject: [PATCH 240/304] Bug on shellbags command when the output is json

Update html.py for bug on shellbags command when the output is set to json
---
 volatility/renderers/html.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/renderers/html.py b/volatility/renderers/html.py
index 6827f6205..8d264eee4 100644
--- a/volatility/renderers/html.py
+++ b/volatility/renderers/html.py
@@ -48,4 +48,4 @@ def render(self, outfd, data):
             raise NotImplementedError("JSON output for trees has not yet been implemented")
         # TODO: Output (basic) type information in JSON
         json_input = {"columns": [column.name for column in data.columns], "rows": data.visit(None, self.render_row, [])}
-        return outfd.write(json.dumps(json_input))
+        return outfd.write(json.dumps(json_input,ensure_ascii=False))

From 9df8aa6daabc29c74bf261574ffb5cde2315c7f8 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 29 Nov 2018 13:53:11 -0600
Subject: [PATCH 241/304] Linux - update heap processing code to find correct
 regions

---
 volatility/plugins/overlays/linux/linux.py | 23 ++--------------------
 1 file changed, 2 insertions(+), 21 deletions(-)

diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index caed3ffa1..3b9e53d68 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -1103,7 +1103,7 @@ def vm_name(self, task):
             if fname == []:
                 fname = ""
 
-        elif self.vm_start <= task.mm.start_brk and self.vm_end >= task.mm.brk:
+        elif self.vm_start <= task.mm.brk and self.vm_end >= task.mm.start_brk:
             fname = "[heap]"
         elif self.vm_start <= task.mm.start_stack and self.vm_end >= task.mm.start_stack:
             fname = "[stack]"
@@ -1342,26 +1342,9 @@ def euid(self):
 
         return ret
 
-    def find_heap_vma(self):
-        ret = None
-
-        for vma in self.get_proc_maps():
-            # find the data section of bash
-            if vma.vm_start <= self.mm.start_brk and vma.vm_end >= self.mm.brk:
-                ret = vma
-                break
-
-        return ret
-
     def bash_hash_entries(self):
         nbuckets_offset = self.obj_vm.profile.get_obj_offset("_bash_hash_table", "nbuckets") 
         
-        heap_vma = self.find_heap_vma()
-
-        if heap_vma == None:
-            debug.debug("Unable to find heap for pid %d" % self.pid)
-            return
-
         proc_as = self.get_process_address_space()
         if proc_as == None:
             return
@@ -1373,8 +1356,6 @@ def bash_hash_entries(self):
             for ent in htable:
                 yield ent            
 
-            off = off + 1
-
     def ldrmodules(self):
         proc_maps = {}
         dl_maps   = {}
@@ -1994,7 +1975,7 @@ def search_process_memory(self, s, heap_only = False):
 
         for vma in self.get_proc_maps():
             if heap_only:
-                if not (vma.vm_start <= self.mm.start_brk and vma.vm_end >= self.mm.brk):
+                if not (vma.vm_start <= self.mm.brk and vma.vm_end >= self.mm.start_brk):
                     continue
 
             offset = vma.vm_start

From ec395d7ed90aace81cdf2bc2906c0b35d9afe8fd Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 5 Dec 2018 12:06:33 -0600
Subject: [PATCH 242/304] add registry offsets for recent windows 10 updates

---
 volatility/plugins/bigpagepools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index a8c3d8bf7..f5baa0ef2 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200], [40, 32], [-5200, -5208], [64, 24], [-10328, -10320], [32, 40], [-56, -64], [-10312, -10320], [24, 64], [-10304, -10344], [-64, -72], [-10328, -10336], [40, 48], [10304, 10296], [10304, 16], [-5192, -5184], [10320, 10312], [-64, -56], [-40, -64], [-10320, -10344], [-48, -72], [-72, -64], [-10304, -10328], [-56, -48]],
+            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200], [40, 32], [-5200, -5208], [64, 24], [-10328, -10320], [32, 40], [-56, -64], [-10312, -10320], [24, 64], [-10304, -10344], [-64, -72], [-10328, -10336], [40, 48], [10304, 10296], [10304, 16], [-5192, -5184], [10320, 10312], [-64, -56], [-40, -64], [-10320, -10344], [-48, -72], [-72, -64], [-10304, -10328], [-56, -48], [-5224, -5216], [-10336, -10312], [-5168, -5208]],
             (6, 4, '32bit') : [[-168, -164], [-160, -172]],
         }
 

From 530588f2f4e1087fc8759254db49621cb08d52bf Mon Sep 17 00:00:00 2001
From: atoptsoglou <26309908+atoptsoglou@users.noreply.github.com>
Date: Tue, 18 Dec 2018 18:10:40 +0100
Subject: [PATCH 243/304] Bump to 2.6.1

Trying to package for OpenSUSE the update 2.6.1 I discovered that the constant version is still in 2.6. Maybe it would be better to modify it to 2.6.1.
---
 volatility/constants.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/constants.py b/volatility/constants.py
index 6d1044fe1..15e5f3963 100644
--- a/volatility/constants.py
+++ b/volatility/constants.py
@@ -23,7 +23,7 @@
 
 import os, sys
 
-VERSION = "2.6"
+VERSION = "2.6.1"
 
 SCAN_BLOCKSIZE = 1024 * 1024 * 10
 

From 68aeefbf64b3f76bc34c6e4f797a6d79f734e4c9 Mon Sep 17 00:00:00 2001
From: Antoine <ant1@users.noreply.github.com>
Date: Fri, 21 Dec 2018 10:12:23 +0000
Subject: [PATCH 244/304] Fix the offset printed when using yarascan -R

---
 volatility/plugins/malware/malfind.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/malware/malfind.py b/volatility/plugins/malware/malfind.py
index c5c112467..6fa5113d0 100644
--- a/volatility/plugins/malware/malfind.py
+++ b/volatility/plugins/malware/malfind.py
@@ -244,7 +244,7 @@ def _scan_process_memory(self, addr_space, rules):
         for task in self.filter_tasks(tasks.pslist(addr_space)):
             scanner = VadYaraScanner(task = task, rules = rules)
             for hit, address in scanner.scan(maxlen = self._config.MAX_SIZE):
-                yield (task, address, hit, scanner.address_space.zread(address - self._config.REVERSE, self._config.SIZE))
+                yield (task, address - self._config.REVERSE, hit, scanner.address_space.zread(address - self._config.REVERSE, self._config.SIZE))
 
     def _scan_kernel_memory(self, addr_space, rules):
         # Find KDBG so we know where kernel memory begins. Do not assume
@@ -282,7 +282,7 @@ def _scan_kernel_memory(self, addr_space, rules):
 
             for hit, address in scanner.scan(start_offset = start):
                 module = tasks.find_module(mods, mod_addrs, addr_space.address_mask(address))
-                yield (module, address, hit, session_space.zread(address - self._config.REVERSE, self._config.SIZE))  
+                yield (module, address - self._config.REVERSE, hit, session_space.zread(address - self._config.REVERSE, self._config.SIZE))
 
     def calculate(self):
         if not has_yara:

From df6c40aa1ba91d2071747b908fc87129685f302c Mon Sep 17 00:00:00 2001
From: Antoine <ant1@users.noreply.github.com>
Date: Mon, 24 Dec 2018 07:31:10 +0000
Subject: [PATCH 245/304] Fix the offset printed when using mac_yarascan -R

---
 volatility/plugins/mac/mac_yarascan.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/mac/mac_yarascan.py b/volatility/plugins/mac/mac_yarascan.py
index bdb4b8834..cf7f0f208 100644
--- a/volatility/plugins/mac/mac_yarascan.py
+++ b/volatility/plugins/mac/mac_yarascan.py
@@ -117,7 +117,7 @@ def calculate(self):
                                                    address_space = self.addr_space) 
       
             for hit, address in scanner.scan(start_offset = kernel_start):
-                yield (None, address, hit, 
+                yield (None, address - self._config.REVERSE, hit,
                         scanner.address_space.zread(address - self._config.REVERSE, self._config.SIZE))
         else:
             # Scan each process memory block 
@@ -128,7 +128,7 @@ def calculate(self):
                     continue
                 scanner = MapYaraScanner(task = task, rules = rules)
                 for hit, address in scanner.scan(max_size = self._config.MAX_SIZE):
-                    yield (task, address, hit, 
+                    yield (task, address - self._config.REVERSE, hit,
                             scanner.address_space.zread(address - self._config.REVERSE, self._config.SIZE))
     
     def render_text(self, outfd, data):

From 73077d6fe6513ec6a9a9b44e0310ba2ef1841493 Mon Sep 17 00:00:00 2001
From: Antoine <ant1@users.noreply.github.com>
Date: Mon, 24 Dec 2018 07:40:16 +0000
Subject: [PATCH 246/304] Fix the offset printed when using linux_yarascan -R

---
 volatility/plugins/linux/linux_yarascan.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/linux/linux_yarascan.py b/volatility/plugins/linux/linux_yarascan.py
index 2b84d5050..06ac48d96 100644
--- a/volatility/plugins/linux/linux_yarascan.py
+++ b/volatility/plugins/linux/linux_yarascan.py
@@ -103,14 +103,14 @@ def calculate(self):
                                                    address_space = self.addr_space)
                                                    
             for hit, address in scanner.scan(start_offset = kernel_start):
-                yield (None, address, hit, 
+                yield (None, address - self._config.REVERSE, hit,
                         scanner.address_space.zread(address - self._config.REVERSE, self._config.SIZE))
         else:
             tasks = self.filter_tasks()
             for task in tasks: 
                 scanner = VmaYaraScanner(task = task, rules = rules)
                 for hit, address in scanner.scan():
-                    yield (task, address, hit, 
+                    yield (task, address - self._config.REVERSE, hit,
                                 scanner.address_space.zread(address - self._config.REVERSE, self._config.SIZE))
     
     def render_text(self, outfd, data):

From 61a77adc33ee73cc1d5d71ee47a36da14160c49a Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 7 Jan 2019 11:33:53 -0600
Subject: [PATCH 247/304] Linux - update pidhashtable with more smear
 protection

---
 volatility/plugins/linux/pidhashtable.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/linux/pidhashtable.py b/volatility/plugins/linux/pidhashtable.py
index a35ae688b..6295a9d63 100644
--- a/volatility/plugins/linux/pidhashtable.py
+++ b/volatility/plugins/linux/pidhashtable.py
@@ -50,7 +50,7 @@ def _task_for_pid(self, upid, pid):
         chained = 0
 
         pid_tasks_0 = pid.tasks[0].first
-
+        
         if pid_tasks_0 == 0:
             chained = 1
             pnext_addr = upid.obj_offset + self.profile.get_obj_offset("upid", "pid_chain") + self.profile.get_obj_offset("hlist_node", "next")
@@ -65,8 +65,9 @@ def _task_for_pid(self, upid, pid):
                 yield task
 
     def _walk_upid(self, upid):
-
-        while upid:
+        seen = set()
+        while upid and upid.is_valid() and upid.v() not in seen:
+            seen.add(upid.v())
 
             pid = self.get_obj(upid.obj_offset, "pid", "numbers")
 
@@ -100,6 +101,8 @@ def calculate_v3(self):
 
         pidhash = self._get_pidhash_array()
 
+        seen_upid = set()
+
         for hlist in pidhash:
             # each entry in the hlist is a upid which is wrapped in a pid
             ent = hlist.first
@@ -107,6 +110,10 @@ def calculate_v3(self):
             while ent.v():
                 upid = self.get_obj(ent.obj_offset, "upid", "pid_chain")
 
+                if upid.v() in seen_upid:
+                    break
+                seen_upid.add(upid.v())
+
                 for task in self._walk_upid(upid):
                     if not task.obj_offset in self.seen_tasks:
                         self.seen_tasks[task.obj_offset] = 1

From 99d1de83e4550fda1ab30d4218680f5cfd4f0463 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 15 Jan 2019 09:52:08 -0600
Subject: [PATCH 248/304] Linux - Update check_fops for 4.20

---
 tools/linux/module.c                   | 4 ++++
 volatility/plugins/linux/check_fops.py | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/tools/linux/module.c b/tools/linux/module.c
index f384bc4a0..cd9410d65 100644
--- a/tools/linux/module.c
+++ b/tools/linux/module.c
@@ -17,6 +17,10 @@ symbols and then read the DWARF symbols from it.
 #include <linux/inetdevice.h>
 #include <net/protocol.h>
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,20,0)
+struct xa_node xa;
+#endif
+
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,11,0)
 #include <linux/lockref.h>
 struct lockref lockref;
diff --git a/volatility/plugins/linux/check_fops.py b/volatility/plugins/linux/check_fops.py
index 237acd0af..a81fc4871 100644
--- a/volatility/plugins/linux/check_fops.py
+++ b/volatility/plugins/linux/check_fops.py
@@ -219,6 +219,8 @@ def calculate(self):
             
         f_op_members = self.profile.types['file_operations'].keywords["members"].keys()
         f_op_members.remove('owner')
+        if 'mmap_supported_flags' in f_op_members:
+            f_op_members.remove('mmap_supported_flags')
 
         if self._config.INODE:
             inode = obj.Object("inode", offset=self._config.INODE, vm=self.addr_space)

From 8c05ce05a0640f9c9ef2c109af48e4cdc6c71a52 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 15 Jan 2019 09:54:57 -0600
Subject: [PATCH 249/304] Linux - update check syscall

---
 volatility/plugins/linux/check_syscall.py | 28 ++++++++++++-----------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/volatility/plugins/linux/check_syscall.py b/volatility/plugins/linux/check_syscall.py
index d6d43c526..7e468d01f 100644
--- a/volatility/plugins/linux/check_syscall.py
+++ b/volatility/plugins/linux/check_syscall.py
@@ -90,23 +90,25 @@ def _get_table_info_distorm(self):
 
         if memory_model == '32bit':
             mode = distorm3.Decode32Bits
-            func = "sysenter_do_call"
+            funcs = ["sysenter_do_call"]
         else:
             mode = distorm3.Decode64Bits
-            func = "system_call_fastpath"
+            funcs = ["system_call_fastpath", "do_int80_syscall_32"]
 
-        func_addr = self.addr_space.profile.get_symbol(func)
+        for func in funcs:
+            func_addr = self.addr_space.profile.get_symbol(func)
+            if func_addr:
+                data = self.addr_space.read(func_addr, 64)
 
-        if func_addr:
-            data = self.addr_space.read(func_addr, 6)
-            
-            for op in distorm3.Decompose(func_addr, data, mode):
-                if not op.valid:
-                    continue
+                for op in distorm3.Decompose(func_addr, data, mode):
+                    if not op.valid:
+                        continue
 
-                if op.mnemonic == 'CMP':
-                    table_size = (op.operands[1].value) & 0xffffffff
-                    break
+                    if op.mnemonic == 'CMP':
+                        table_size = (op.operands[1].value) & 0xffffffff
+                        break
+
+                break
 
         return table_size
 
@@ -202,7 +204,7 @@ def get_syscalls(self, index_info = None, get_hidden = False, compute_name = Tru
             addrs.append(("32bit", ia32_info))
 
         for (table_name, (tableaddr, tblsz)) in addrs:
-            table = obj.Object(theType = 'Array', offset = tableaddr, vm = self.addr_space, targetType = 'unsigned long', count = tblsz)
+            table = obj.Object(theType = 'Array', offset = tableaddr, vm = self.addr_space, targetType = 'unsigned long', count = tblsz + 1)
 
             for (i, call_addr) in enumerate(table):
                 if not call_addr:

From 79b61a9ceaadec834ecff0cd8964e87a1d073a23 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 15 Jan 2019 09:55:40 -0600
Subject: [PATCH 250/304] Linux - update cached file extraction for 4.20

---
 volatility/plugins/linux/find_file.py | 53 ++++++++++++++++++++++++---
 1 file changed, 47 insertions(+), 6 deletions(-)

diff --git a/volatility/plugins/linux/find_file.py b/volatility/plugins/linux/find_file.py
index 1a46e38ca..53243f4ec 100644
--- a/volatility/plugins/linux/find_file.py
+++ b/volatility/plugins/linux/find_file.py
@@ -298,13 +298,54 @@ def radix_tree_lookup_slot(self, root, index):
     def SHMEM_I(self, inode):
         offset = self.profile.get_obj_offset("shmem_inode_info", "vfs_inode")
         return obj.Object("shmem_inode_info", offset = inode.obj_offset - offset, vm = self.addr_space)
+    
+    def xa_is_internal(self, entry):
+        return (int(entry) & 3) == 2
 
-    def find_get_page(self, inode, offset):
-        page = self.radix_tree_lookup_slot(inode.i_mapping.page_tree, offset)
+    def xa_is_node(self, entry):
+        return entry and self.xa_is_internal(entry) and int(entry) > 4096
+
+    def xa_get_offset(self, index, node):
+        return (index >> node.shift) & 63
+
+    def xa_get_entry_from_offset(self, offset, node):
+        ent_ptr = node.slots.obj_offset + (8 * offset) 
+        return obj.Object(theType="Pointer", targetType="unsigned long", offset = ent_ptr, vm = self.addr_space)
+
+    def xas_descend(self, offset, node):
+        offset = self.xa_get_offset(offset, node)
+        
+        entry = self.xa_get_entry_from_offset(offset, node)
+        if entry == None:
+            return entry
+
+        p = entry.v()
+        if p & 3 == 2 and p < 250:
+            offset = p >> 2
+            entry = self.xa_get_entry_from_offset(offset, node)
+            if entry == None:
+                return entry
+        
+        return entry
 
-        #if not page:
-            # FUTURE swapper_space support
-            # print "no page"
+    def walk_xarray(self, inode, offset):
+        entry = inode.i_mapping.i_pages.xa_head #.obj_offset
+
+        while self.xa_is_node(entry):
+            node = obj.Object("xa_node", offset = entry - 2, vm = self.addr_space)
+
+            if node.shift < 0:
+                break
+    
+            entry = self.xas_descend(offset, node)
+
+        return entry
+
+    def find_get_page(self, inode, offset):
+        if hasattr(inode.i_mapping, "page_tree"):
+            page = self.radix_tree_lookup_slot(inode.i_mapping.page_tree, offset)
+        else:
+            page = self.walk_xarray(inode, offset)
 
         return page
 
@@ -315,7 +356,7 @@ def get_page_contents(self, inode, idx):
             page = obj.Object("page", offset = page_addr, vm = self.addr_space)
             phys_offset = page.to_paddr()
 
-            if phys_offset > 0:
+            if page and phys_offset > 0:
                 phys_as = utils.load_as(self._config, astype = 'physical')
                 data = phys_as.zread(phys_offset, 4096)
             else:

From 355773b9bb8eaa40317defd3ebce7b5e992d8659 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 15 Jan 2019 09:56:04 -0600
Subject: [PATCH 251/304] Linux - update process hash table enumeration for
 4.20

---
 volatility/plugins/linux/pidhashtable.py | 64 +++++++++++++++++++++++-
 1 file changed, 62 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/linux/pidhashtable.py b/volatility/plugins/linux/pidhashtable.py
index 6295a9d63..29fda1e7b 100644
--- a/volatility/plugins/linux/pidhashtable.py
+++ b/volatility/plugins/linux/pidhashtable.py
@@ -29,6 +29,7 @@
 
 import volatility.plugins.linux.common as linux_common
 import volatility.plugins.linux.pslist as linux_pslist
+import volatility.plugins.linux.find_file as find_file
 
 PIDTYPE_PID = 0
 
@@ -280,11 +281,70 @@ def _task_for_radix_pid_node(self, node):
                 debug.error("Unable to determine task_struct pids member")
             
             task = obj.Object("task_struct", offset = pid_tasks_0 - offset, vm = self.addr_space)
-        
+      
         return task 
+    
+    def _do_walk_xarray(self, ff, node, height, index):
+        shift = (height - 1) * self.XA_CHUNK_SHIFT
         
+        for i in range(self.XA_CHUNK_SIZE):
+            slot = ff.xa_get_entry_from_offset(i, node)
+            if slot == None:
+                continue
+
+            if (slot.v() & self.XARRAY_TAG_MASK) == self.XARRAY_TAG_INTERNAL:
+                slot = obj.Object("xa_node", offset = slot.v() & ~self.XARRAY_TAG_INTERNAL, vm = self.addr_space)
+
+            if height == 1:
+                yield slot   
+            else:
+                new_index = index | (i << shift)
+                for new_slot in self._do_walk_xarray(ff, slot, height - 1, new_index):
+                    yield new_slot 
+
+    def _walk_xarray_pids(self):
+        ff = find_file.linux_find_file(self._config)
+        linux_common.set_plugin_members(ff)
+
+        self.XARRAY_TAG_MASK     = 3
+        self.XARRAY_TAG_INTERNAL = 2
+
+        self.XA_CHUNK_SHIFT = 6
+        self.XA_CHUNK_SIZE  = 1 << self.XA_CHUNK_SHIFT
+        self.XA_CHUNK_MASK  = self.XA_CHUNK_SIZE - 1
+
+        ns_addr = self.addr_space.profile.get_symbol("init_pid_ns")
+        ns = obj.Object("pid_namespace", offset = ns_addr, vm = self.addr_space)
+ 
+        xarray = ns.idr.idr_rt
+
+        if not xarray.is_valid():
+            return
+
+        root = xarray.xa_head.v()
+
+        is_internal = ff.xa_is_internal(root)
+
+        if root & self.XARRAY_TAG_MASK != 0:
+            root = root & ~self.XARRAY_TAG_MASK
+
+        height = 0
+        node   = obj.Object("xa_node", offset = root, vm = self.addr_space)
+        
+        if is_internal and hasattr(node, "shift"):
+            height = (node.shift / self.XA_CHUNK_SHIFT) + 1
+
+        for node in self._do_walk_xarray(ff, node, height, 0):
+            if node and node.is_valid():
+                yield node
+
     def pid_namespace_idr(self):
-        for node in self._walk_pid_ns_idr():
+        if hasattr("radix_tree_root", "rnode"):
+            func = self._walk_pid_ns_idr
+        else:
+            func = self._walk_xarray_pids
+
+        for node in func():
             task = self._task_for_radix_pid_node(node)
             if task != None:
                 yield task    

From 569b7b971a529c801c3395e2ac8fa7e9041c36f7 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 21 Jan 2019 21:25:32 -0600
Subject: [PATCH 252/304] Linux - add further smear protection

---
 volatility/plugins/linux/find_file.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/volatility/plugins/linux/find_file.py b/volatility/plugins/linux/find_file.py
index 53243f4ec..7591fcc4c 100644
--- a/volatility/plugins/linux/find_file.py
+++ b/volatility/plugins/linux/find_file.py
@@ -46,6 +46,7 @@ def __init__(self, config, *args, **kwargs):
         config.add_option('LISTFILES', short_option = 'L', default = None, help = 'list all files cached in memory', action = 'count')
     
         self.ptr_size = -1
+        self.seen_dents = set()
 
     def _walk_sb(self, dentry_param, parent):
         ret = []
@@ -56,13 +57,20 @@ def _walk_sb(self, dentry_param, parent):
             walk_member = "d_u"
 
         for dentry in dentry_param.d_subdirs.list_of_type("dentry", walk_member):
+            dentry_addr = dentry.v()
+            
             # corruption
-            if dentry.v() == dentry_param.v():
+            if dentry_addr == dentry_param.v():
                 continue
 
+            if dentry_addr in self.seen_dents:
+                break
+ 
+            self.seen_dents.add(dentry_addr) 
+
             if not dentry.d_name.name.is_valid():
                 continue
-            
+
             inode = dentry.d_inode
             
             ivalid = False
@@ -70,7 +78,7 @@ def _walk_sb(self, dentry_param, parent):
                 if inode.i_ino == 0 or inode.i_ino > 100000000000:
                     continue
                 ivalid = True
-            
+
             # do not use os.path.join
             # this allows us to have consistent paths from the user
             name  = dentry.d_name.name.dereference_as("String", length = 255)
@@ -104,7 +112,7 @@ def walk_sbs(self, sbs = []):
             rname  = sb.s_root.d_name.name.dereference_as("String", length = 255)
             if rname and len(rname) > 0:
                 yield (sb, sb_path, sb_path, sb.s_root)
-            
+
             for (file_path, file_dentry) in self._walk_sb(sb.s_root, parent):
                 yield (sb, sb_path, file_path, file_dentry)
 

From 5865a1539f05f17f736bde3034b17170e2201ec1 Mon Sep 17 00:00:00 2001
From: superponible <dave@superponible.com>
Date: Tue, 29 Jan 2019 14:37:30 -0600
Subject: [PATCH 253/304] add Win10 17763 profiles, October 2018 Update

---
 volatility/plugins/bigpagepools.py            |     2 +-
 volatility/plugins/overlays/windows/win10.py  |    61 +-
 .../windows/win10_x64_17763_vtypes.py         | 16117 ++++++++++++++++
 .../windows/win10_x86_17763_vtypes.py         | 15477 +++++++++++++++
 4 files changed, 31641 insertions(+), 16 deletions(-)
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_17763_vtypes.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x86_17763_vtypes.py

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index f5baa0ef2..7c74a001d 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200], [40, 32], [-5200, -5208], [64, 24], [-10328, -10320], [32, 40], [-56, -64], [-10312, -10320], [24, 64], [-10304, -10344], [-64, -72], [-10328, -10336], [40, 48], [10304, 10296], [10304, 16], [-5192, -5184], [10320, 10312], [-64, -56], [-40, -64], [-10320, -10344], [-48, -72], [-72, -64], [-10304, -10328], [-56, -48], [-5224, -5216], [-10336, -10312], [-5168, -5208]],
+            (6, 4, '64bit') : [[-48, -10328], [208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200], [40, 32], [-5200, -5208], [64, 24], [-10328, -10320], [32, 40], [-56, -64], [-10312, -10320], [24, 64], [-10304, -10344], [-64, -72], [-10328, -10336], [40, 48], [10304, 10296], [10304, 16], [-5192, -5184], [10320, 10312], [-64, -56], [-40, -64], [-10320, -10344], [-48, -72], [-72, -64], [-10304, -10328], [-56, -48], [-5224, -5216], [-10336, -10312], [-5168, -5208]],
             (6, 4, '32bit') : [[-168, -164], [-160, -172]],
         }
 
diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 972dc5ed9..56a8721e1 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -45,14 +45,18 @@ class _HMAP_ENTRY(obj.CType):
     def BlockAddress(self):
         return self.PermanentBinAddress & 0xFFFFFFFFFFF0
 
-class _CM_KEY_BODY(windows._CM_KEY_BODY):
-    """Registry key"""
+class Win10Registry(obj.ProfileModification):
+    """The Windows 10 registry HMAP"""
 
     conditions = {'os': lambda x: x == 'windows',
                   'major': lambda x: x == 6,
-                  'minor': lambda x: x == 4,
-                  'build': lambda x: x >= 14393,
-                  }
+                  'minor': lambda x: x == 4}
+
+    def modification(self, profile):
+        profile.object_classes.update({"_HMAP_ENTRY": _HMAP_ENTRY})
+
+class _CM_KEY_BODY(windows._CM_KEY_BODY):
+    """Registry key"""
 
     def full_key_name(self):
         output = []
@@ -71,16 +75,6 @@ def full_key_name(self):
             seen.append(kcb.obj_offset)
         return "\\".join(reversed(output))
 
-class Win10Registry(obj.ProfileModification):
-    """The Windows 10 registry HMAP"""
-
-    conditions = {'os': lambda x: x == 'windows',
-                  'major': lambda x: x == 6,
-                  'minor': lambda x: x == 4}
-
-    def modification(self, profile):
-        profile.object_classes.update({"_HMAP_ENTRY": _HMAP_ENTRY})
-
 class Win10x64DTB(obj.ProfileModification):
     """The Windows 10 64-bit DTB signature"""
 
@@ -123,6 +117,12 @@ def modification(self, profile):
 class Win10ObjectClasses(obj.ProfileModification):
     before = ['WindowsOverlay', 'WindowsObjectClasses']
 
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x >= 14393,
+                  }
+
     def modification(self, profile):
         profile.object_classes.update({'_CM_KEY_BODY' : _CM_KEY_BODY,})
 
@@ -137,6 +137,17 @@ class Win10KDBG(windows.AbstractKDBGMod):
 
     kdbgsize = 0x368
 
+class Win10_17763KDBG(windows.AbstractKDBGMod):
+    """The Windows 10 17763 KDBG signatures"""
+
+    before = ['Win8KDBG', 'Win10KDBG']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x >= 17763}
+
+    kdbgsize = 0x380
+
 class ObHeaderCookieStore(object):
     """A class for finding and storing the nt!ObHeaderCookie value"""
 
@@ -954,6 +965,16 @@ class Win10x86_17134(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_17134_vtypes'
     _md_product = ["NtProductWinNt"]
 
+class Win10x86_17763(obj.Profile):
+    """ A Profile for Windows 10 x86 (10.0.17763.0 / 2018-10-12) """
+    _md_memory_model = '32bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 17763
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_17763_vtypes'
+    _md_product = ["NtProductWinNt"]
+
 class Win10x64_15063(obj.Profile):
     """ A Profile for Windows 10 x64 (10.0.15063.0 / 2017-04-04) """
     _md_memory_model = '64bit'
@@ -982,4 +1003,14 @@ class Win10x64_17134(obj.Profile):
     _md_minor = 4
     _md_build = 17134
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_17134_vtypes'
+    _md_product = ["NtProductWinNt"]
+
+class Win10x64_17763(obj.Profile):
+    """ A Profile for Windows 10 x64 (10.0.17763.0 / 2018-10-12) """
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 17763
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_17763_vtypes'
     _md_product = ["NtProductWinNt"]
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win10_x64_17763_vtypes.py b/volatility/plugins/overlays/windows/win10_x64_17763_vtypes.py
new file mode 100644
index 000000000..1c2811d3b
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_17763_vtypes.py
@@ -0,0 +1,16117 @@
+ntkrnlmp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PS_MITIGATION_AUDIT_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x710, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgStateSeparationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'TelemetryCoverageRound' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_108b' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_108b']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_10a3' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_10a5' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_10a3']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_10a5']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['pointer64', ['void']]]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['pointer64', ['void']]]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x281, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x282, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'UnalignedLoadStoreExceptions' : [ 0x2ed, ['unsigned char']],
+    'Padding1' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapData' : [ 0x17b0, ['unsigned long']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0x18, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_1119' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1119']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_CUSTOM_SYSTEM_EVENT_TRIGGER_CONFIG' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'TriggerId' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x8040, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '__unnamed_11d9' : [ 0x38, {
+    'UpdateCycle' : [ 0x0, ['unsigned long']],
+    'PairLocal' : [ 0x4, ['short']],
+    'PairLocalLow' : [ 0x4, ['unsigned char']],
+    'PairLocalForceStibp' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x5, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned char')]],
+    'Frozen' : [ 0x5, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ForceUntrusted' : [ 0x5, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SynchIpi' : [ 0x5, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PairRemote' : [ 0x6, ['short']],
+    'PairRemoteLow' : [ 0x6, ['unsigned char']],
+    'Reserved2' : [ 0x7, ['unsigned char']],
+    'Trace' : [ 0x8, ['array', 24, ['unsigned char']]],
+    'LocalDomain' : [ 0x20, ['unsigned long long']],
+    'RemoteDomain' : [ 0x28, ['unsigned long long']],
+    'Thread' : [ 0x30, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_KPRCB' : [ 0x7ec0, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IdleState' : [ 0x23, ['unsigned char']],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'CpuType' : [ 0x40, ['unsigned char']],
+    'CpuID' : [ 0x41, ['unsigned char']],
+    'CpuStep' : [ 0x42, ['unsigned short']],
+    'CpuStepping' : [ 0x42, ['unsigned char']],
+    'CpuModel' : [ 0x43, ['unsigned char']],
+    'MHz' : [ 0x44, ['unsigned long']],
+    'HalReserved' : [ 0x48, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x88, ['unsigned short']],
+    'MajorVersion' : [ 0x8a, ['unsigned short']],
+    'BuildType' : [ 0x8c, ['unsigned char']],
+    'CpuVendor' : [ 0x8d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x8e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x8f, ['unsigned char']],
+    'PrcbPad04' : [ 0x90, ['array', 6, ['unsigned long long']]],
+    'ParentNode' : [ 0xc0, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0xc8, ['unsigned long long']],
+    'Group' : [ 0xd0, ['unsigned char']],
+    'GroupIndex' : [ 0xd1, ['unsigned char']],
+    'PrcbPad05' : [ 0xd2, ['array', 2, ['unsigned char']]],
+    'InitialApicId' : [ 0xd4, ['unsigned long']],
+    'ScbOffset' : [ 0xd8, ['unsigned long']],
+    'ApicMask' : [ 0xdc, ['unsigned long']],
+    'AcpiReserved' : [ 0xe0, ['pointer64', ['void']]],
+    'CFlushSize' : [ 0xe8, ['unsigned long']],
+    'PrcbFlags' : [ 0xec, ['_KPRCBFLAG']],
+    'TrappedSecurityDomain' : [ 0xf0, ['unsigned long long']],
+    'BpbState' : [ 0xf8, ['unsigned char']],
+    'BpbCpuIdle' : [ 0xf8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbFlushRsbOnTrap' : [ 0xf8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbIbpbOnReturn' : [ 0xf8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbIbpbOnTrap' : [ 0xf8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbIbpbOnRetpolineExit' : [ 0xf8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'BpbStateReserved' : [ 0xf8, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'BpbFeatures' : [ 0xf9, ['unsigned char']],
+    'BpbClearOnIdle' : [ 0xf9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbEnabled' : [ 0xf9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbSmep' : [ 0xf9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbFeaturesReserved' : [ 0xf9, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'BpbCurrentSpecCtrl' : [ 0xfa, ['unsigned char']],
+    'BpbKernelSpecCtrl' : [ 0xfb, ['unsigned char']],
+    'BpbNmiSpecCtrl' : [ 0xfc, ['unsigned char']],
+    'BpbUserSpecCtrl' : [ 0xfd, ['unsigned char']],
+    'PairRegister' : [ 0xfe, ['short']],
+    'PrcbPad11' : [ 0xf0, ['array', 2, ['unsigned long long']]],
+    'ProcessorState' : [ 0x100, ['_KPROCESSOR_STATE']],
+    'ExtendedSupervisorState' : [ 0x6c0, ['pointer64', ['_XSAVE_AREA_HEADER']]],
+    'ProcessorSignature' : [ 0x6c8, ['unsigned long']],
+    'ProcessorFlags' : [ 0x6cc, ['unsigned long']],
+    'BpbRetpolineExitSpecCtrl' : [ 0x6d0, ['unsigned char']],
+    'BpbTrappedRetpolineExitSpecCtrl' : [ 0x6d1, ['unsigned char']],
+    'BpbTrappedBpbState' : [ 0x6d2, ['unsigned char']],
+    'BpbTrappedCpuIdle' : [ 0x6d2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbTrappedFlushRsbOnTrap' : [ 0x6d2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbTrappedIbpbOnReturn' : [ 0x6d2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbTrappedIbpbOnTrap' : [ 0x6d2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbTrappedIbpbOnRetpolineExit' : [ 0x6d2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'BpbtrappedBpbStateReserved' : [ 0x6d2, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'BpbRetpolineState' : [ 0x6d3, ['unsigned char']],
+    'BpbRunningNonRetpolineCode' : [ 0x6d3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbIndirectCallsSafe' : [ 0x6d3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbRetpolineEnabled' : [ 0x6d3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbRetpolineStateReserved' : [ 0x6d3, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'PrcbPad12b' : [ 0x6d4, ['unsigned long']],
+    'PrcbPad12a' : [ 0x6d0, ['unsigned long long']],
+    'PrcbPad12' : [ 0x6d8, ['array', 3, ['unsigned long long']]],
+    'LockQueue' : [ 0x6f0, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x800, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x900, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0x1500, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x2100, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PrcbPad20' : [ 0x2d00, ['unsigned long long']],
+    'DeferredReadyListHead' : [ 0x2d08, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2d10, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2d14, ['long']],
+    'MmTransitionCount' : [ 0x2d18, ['long']],
+    'MmDemandZeroCount' : [ 0x2d1c, ['long']],
+    'MmPageReadCount' : [ 0x2d20, ['long']],
+    'MmPageReadIoCount' : [ 0x2d24, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x2d28, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x2d2c, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x2d30, ['long']],
+    'MmMappedWriteIoCount' : [ 0x2d34, ['long']],
+    'KeSystemCalls' : [ 0x2d38, ['unsigned long']],
+    'KeContextSwitches' : [ 0x2d3c, ['unsigned long']],
+    'PrcbPad40' : [ 0x2d40, ['unsigned long']],
+    'CcFastReadNoWait' : [ 0x2d44, ['unsigned long']],
+    'CcFastReadWait' : [ 0x2d48, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x2d4c, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x2d50, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x2d54, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x2d58, ['unsigned long']],
+    'IoReadOperationCount' : [ 0x2d5c, ['long']],
+    'IoWriteOperationCount' : [ 0x2d60, ['long']],
+    'IoOtherOperationCount' : [ 0x2d64, ['long']],
+    'IoReadTransferCount' : [ 0x2d68, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x2d70, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x2d78, ['_LARGE_INTEGER']],
+    'PacketBarrier' : [ 0x2d80, ['long']],
+    'TargetCount' : [ 0x2d84, ['long']],
+    'IpiFrozen' : [ 0x2d88, ['unsigned long']],
+    'PrcbPad30' : [ 0x2d8c, ['unsigned long']],
+    'IsrDpcStats' : [ 0x2d90, ['pointer64', ['void']]],
+    'DeviceInterrupts' : [ 0x2d98, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x2d9c, ['long']],
+    'InterruptLastCount' : [ 0x2da0, ['unsigned long']],
+    'InterruptRate' : [ 0x2da4, ['unsigned long']],
+    'LastNonHrTimerExpiration' : [ 0x2da8, ['unsigned long long']],
+    'PairPrcb' : [ 0x2db0, ['pointer64', ['_KPRCB']]],
+    'PrcbPad35' : [ 0x2db8, ['array', 1, ['unsigned long long']]],
+    'InterruptObjectPool' : [ 0x2dc0, ['_SLIST_HEADER']],
+    'PrcbPad41' : [ 0x2dd0, ['array', 6, ['unsigned long long']]],
+    'DpcData' : [ 0x2e00, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2e50, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2e58, ['long']],
+    'DpcRequestRate' : [ 0x2e5c, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x2e60, ['unsigned long']],
+    'DpcLastCount' : [ 0x2e64, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x2e68, ['unsigned char']],
+    'QuantumEnd' : [ 0x2e69, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x2e6a, ['unsigned char']],
+    'IdleSchedule' : [ 0x2e6b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x2e6c, ['long']],
+    'DpcRequestSlot' : [ 0x2e6c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x2e6c, ['short']],
+    'ThreadDpcState' : [ 0x2e6e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x2e6c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x2e6c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x2e6c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x2e6c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x2e6c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x2e6c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x2e6c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x2e6c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x2e6c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x2e6c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2e70, ['unsigned long']],
+    'LastTick' : [ 0x2e74, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2e78, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2e7c, ['unsigned long']],
+    'InterruptObject' : [ 0x2e80, ['array', 256, ['pointer64', ['void']]]],
+    'TimerTable' : [ 0x3680, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x5880, ['_KGATE']],
+    'PrcbPad52' : [ 0x5898, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x58a0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x58e0, ['long']],
+    'PrcbPad60' : [ 0x58e4, ['array', 2, ['unsigned char']]],
+    'NmiActive' : [ 0x58e6, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x58e8, ['long']],
+    'DpcWatchdogCount' : [ 0x58ec, ['long']],
+    'KeSpinLockOrdering' : [ 0x58f0, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x58f4, ['unsigned long']],
+    'CachedPtes' : [ 0x58f8, ['pointer64', ['void']]],
+    'WaitListHead' : [ 0x5900, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x5910, ['unsigned long long']],
+    'ReadySummary' : [ 0x5918, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x591c, ['long']],
+    'QueueIndex' : [ 0x5920, ['unsigned long']],
+    'PrcbPad75' : [ 0x5924, ['array', 3, ['unsigned long']]],
+    'TimerExpirationDpc' : [ 0x5930, ['_KDPC']],
+    'ScbQueue' : [ 0x5970, ['_RTL_RB_TREE']],
+    'DispatcherReadyListHead' : [ 0x5980, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x5b80, ['unsigned long']],
+    'KernelTime' : [ 0x5b84, ['unsigned long']],
+    'UserTime' : [ 0x5b88, ['unsigned long']],
+    'DpcTime' : [ 0x5b8c, ['unsigned long']],
+    'InterruptTime' : [ 0x5b90, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x5b94, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x5b98, ['unsigned char']],
+    'GroupSchedulingOverQuota' : [ 0x5b99, ['unsigned char']],
+    'DeepSleep' : [ 0x5b9a, ['unsigned char']],
+    'PrcbPad80' : [ 0x5b9b, ['unsigned char']],
+    'DpcTimeCount' : [ 0x5b9c, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x5ba0, ['unsigned long']],
+    'PeriodicCount' : [ 0x5ba4, ['unsigned long']],
+    'PeriodicBias' : [ 0x5ba8, ['unsigned long']],
+    'AvailableTime' : [ 0x5bac, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x5bb0, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x5bb4, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x5bb8, ['unsigned long long']],
+    'StartCycles' : [ 0x5bc0, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x5bc8, ['unsigned long long']],
+    'TaggedCycles' : [ 0x5bd0, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x5be0, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x5be8, ['unsigned long long']],
+    'ImportantCycles' : [ 0x5bf0, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x5bf8, ['unsigned long long']],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x5c00, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x5c04, ['long']],
+    'CachedStack' : [ 0x5c08, ['pointer64', ['void']]],
+    'PageColor' : [ 0x5c10, ['unsigned long']],
+    'NodeColor' : [ 0x5c14, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x5c18, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x5c1c, ['unsigned long']],
+    'PrcbPad81' : [ 0x5c20, ['array', 7, ['unsigned char']]],
+    'TbFlushListActive' : [ 0x5c27, ['unsigned char']],
+    'PrcbPad82' : [ 0x5c28, ['array', 2, ['unsigned long long']]],
+    'CycleTime' : [ 0x5c38, ['unsigned long long']],
+    'Cycles' : [ 0x5c40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CcFastMdlReadNoWait' : [ 0x5c80, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x5c84, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x5c88, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x5c8c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x5c90, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x5c94, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x5c98, ['unsigned long']],
+    'CcPinReadWait' : [ 0x5c9c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x5ca0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x5ca4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x5ca8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x5cac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x5cb0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x5cb4, ['unsigned long']],
+    'CcDataPages' : [ 0x5cb8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x5cbc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x5cc0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x5cc4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x5cc8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x5ccc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x5cd0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x5cd4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x5cd8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x5cdc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x5ce0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x5ce4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x5ce8, ['long']],
+    'MmCacheReadCount' : [ 0x5cec, ['long']],
+    'MmCacheIoCount' : [ 0x5cf0, ['long']],
+    'PrcbPad91' : [ 0x5cf4, ['unsigned long']],
+    'MmInternal' : [ 0x5cf8, ['pointer64', ['void']]],
+    'PowerState' : [ 0x5d00, ['_PROCESSOR_POWER_STATE']],
+    'HyperPte' : [ 0x5f00, ['pointer64', ['void']]],
+    'ScbList' : [ 0x5f08, ['_LIST_ENTRY']],
+    'ForceIdleDpc' : [ 0x5f18, ['_KDPC']],
+    'DpcWatchdogDpc' : [ 0x5f58, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x5f98, ['_KTIMER']],
+    'Cache' : [ 0x5fd8, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x6014, ['unsigned long']],
+    'CachedCommit' : [ 0x6018, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x601c, ['unsigned long']],
+    'WheaInfo' : [ 0x6020, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x6028, ['pointer64', ['void']]],
+    'ExSaPageArray' : [ 0x6030, ['pointer64', ['void']]],
+    'KeAlignmentFixupCount' : [ 0x6038, ['unsigned long']],
+    'PrcbPad95' : [ 0x603c, ['unsigned long']],
+    'HypercallPageList' : [ 0x6040, ['_SLIST_HEADER']],
+    'StatisticsPage' : [ 0x6050, ['pointer64', ['unsigned long long']]],
+    'PrcbPad85' : [ 0x6058, ['array', 5, ['unsigned long long']]],
+    'HypercallCachedPages' : [ 0x6080, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x6088, ['pointer64', ['void']]],
+    'PackageProcessorSet' : [ 0x6090, ['_KAFFINITY_EX']],
+    'PrcbPad86' : [ 0x6138, ['unsigned long long']],
+    'SharedReadyQueueMask' : [ 0x6140, ['unsigned long long']],
+    'SharedReadyQueue' : [ 0x6148, ['pointer64', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x6150, ['unsigned long']],
+    'ScanSiblingIndex' : [ 0x6154, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x6158, ['unsigned long long']],
+    'ScanSiblingMask' : [ 0x6160, ['unsigned long long']],
+    'LLCMask' : [ 0x6168, ['unsigned long long']],
+    'CacheProcessorMask' : [ 0x6170, ['array', 5, ['unsigned long long']]],
+    'ProcessorProfileControlArea' : [ 0x6198, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x61a0, ['pointer64', ['void']]],
+    'DpcWatchdogProfile' : [ 0x61a8, ['pointer64', ['pointer64', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x61b0, ['pointer64', ['pointer64', ['void']]]],
+    'SchedulerAssist' : [ 0x61b8, ['pointer64', ['void']]],
+    'SynchCounters' : [ 0x61c0, ['_SYNCH_COUNTERS']],
+    'PrcbPad94' : [ 0x6278, ['unsigned long long']],
+    'FsCounters' : [ 0x6280, ['_FILESYSTEM_DISK_COUNTERS']],
+    'VendorString' : [ 0x6290, ['array', 13, ['unsigned char']]],
+    'PrcbPad100' : [ 0x629d, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x62a0, ['unsigned long long']],
+    'UpdateSignature' : [ 0x62a8, ['_LARGE_INTEGER']],
+    'PteBitCache' : [ 0x62b0, ['unsigned long long']],
+    'PteBitOffset' : [ 0x62b8, ['unsigned long']],
+    'PrcbPad105' : [ 0x62bc, ['unsigned long']],
+    'Context' : [ 0x62c0, ['pointer64', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x62c8, ['unsigned long']],
+    'PrcbPad115' : [ 0x62cc, ['unsigned long']],
+    'ExtendedState' : [ 0x62d0, ['pointer64', ['_XSAVE_AREA']]],
+    'IsrStack' : [ 0x62d8, ['pointer64', ['void']]],
+    'EntropyTimingState' : [ 0x62e0, ['_KENTROPY_TIMING_STATE']],
+    'PrcbPad110' : [ 0x6430, ['unsigned long long']],
+    'StibpPairingTrace' : [ 0x6438, ['__unnamed_11d9']],
+    'AbSelfIoBoostsList' : [ 0x6470, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x6478, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x6480, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x64c0, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x6514, ['_IOP_IRP_STACK_PROFILER']],
+    'SecureFault' : [ 0x6568, ['_KSECURE_FAULT_INFORMATION']],
+    'PrcbPad120' : [ 0x6578, ['unsigned long long']],
+    'LocalSharedReadyQueue' : [ 0x6580, ['_KSHARED_READY_QUEUE']],
+    'PrcbPad125' : [ 0x67f0, ['array', 2, ['unsigned long long']]],
+    'TimerExpirationTraceCount' : [ 0x6800, ['unsigned long']],
+    'PrcbPad127' : [ 0x6804, ['unsigned long']],
+    'TimerExpirationTrace' : [ 0x6808, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'PrcbPad128' : [ 0x6908, ['array', 7, ['unsigned long long']]],
+    'Mailbox' : [ 0x6940, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'PrcbPad130' : [ 0x6948, ['array', 7, ['unsigned long long']]],
+    'McheckContext' : [ 0x6980, ['array', 2, ['_MACHINE_CHECK_CONTEXT']]],
+    'PrcbPad134' : [ 0x6a20, ['array', 4, ['unsigned long long']]],
+    'SelfmapLockHandle' : [ 0x6a40, ['array', 4, ['_KLOCK_QUEUE_HANDLE']]],
+    'PrcbPad134a' : [ 0x6aa0, ['array', 4, ['unsigned long long']]],
+    'PrcbPad138' : [ 0x6ac0, ['array', 960, ['unsigned char']]],
+    'KernelDirectoryTableBase' : [ 0x6e80, ['unsigned long long']],
+    'RspBaseShadow' : [ 0x6e88, ['unsigned long long']],
+    'UserRspShadow' : [ 0x6e90, ['unsigned long long']],
+    'ShadowFlags' : [ 0x6e98, ['unsigned long']],
+    'DbgMceNestingLevel' : [ 0x6e9c, ['unsigned long']],
+    'DbgMceFlags' : [ 0x6ea0, ['unsigned long']],
+    'PrcbPad139' : [ 0x6ea4, ['unsigned long']],
+    'PrcbPad140' : [ 0x6ea8, ['array', 507, ['unsigned long long']]],
+    'RequestMailbox' : [ 0x7e80, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KFLOATING_SAVE' : [ 0x4, {
+    'Dummy' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_11f6' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Virtual' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_11f8' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Reserved2' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_11fa' : [ 0x10, {
+    'Reserved' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_INVPCID_DESCRIPTOR' : [ 0x10, {
+    'IndividualAddress' : [ 0x0, ['__unnamed_11f6']],
+    'SingleContext' : [ 0x0, ['__unnamed_11f8']],
+    'AllContextAndGlobals' : [ 0x0, ['__unnamed_11fa']],
+    'AllContext' : [ 0x0, ['__unnamed_11fa']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '__unnamed_1242' : [ 0x8, {
+    'SecureProcess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '__unnamed_1244' : [ 0x8, {
+    'SecureHandle' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x0, ['__unnamed_1242']],
+} ],
+  '_KPROCESS' : [ 0x2d8, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x44, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x48, ['unsigned long long']],
+    'Affinity' : [ 0x50, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x110, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x1b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x1b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x1b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeepFreeze' : [ 0x1b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x1b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x1b8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x1b8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x1b8, ['BitField', dict(start_bit = 7, end_bit = 10, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x1b8, ['BitField', dict(start_bit = 10, end_bit = 30, native_type='unsigned long')]],
+    'VaSpaceDeleted' : [ 0x1b8, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x1b8, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ProcessFlags' : [ 0x1b8, ['long']],
+    'BasePriority' : [ 0x1bc, ['unsigned char']],
+    'QuantumReset' : [ 0x1bd, ['unsigned char']],
+    'Visited' : [ 0x1be, ['unsigned char']],
+    'Flags' : [ 0x1bf, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x1c0, ['array', 20, ['unsigned long']]],
+    'IdealNode' : [ 0x210, ['array', 20, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x238, ['unsigned short']],
+    'Spare1' : [ 0x23a, ['unsigned short']],
+    'StackCount' : [ 0x23c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x240, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x250, ['unsigned long long']],
+    'ContextSwitches' : [ 0x258, ['unsigned long long']],
+    'SchedulingGroup' : [ 0x260, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'FreezeCount' : [ 0x268, ['unsigned long']],
+    'KernelTime' : [ 0x26c, ['unsigned long']],
+    'UserTime' : [ 0x270, ['unsigned long']],
+    'ReadyTime' : [ 0x274, ['unsigned long']],
+    'UserDirectoryTableBase' : [ 0x278, ['unsigned long long']],
+    'AddressPolicy' : [ 0x280, ['unsigned char']],
+    'Spare2' : [ 0x281, ['array', 71, ['unsigned char']]],
+    'InstrumentationCallback' : [ 0x2c8, ['pointer64', ['void']]],
+    'SecureState' : [ 0x2d0, ['__unnamed_1244']],
+} ],
+  '_KTHREAD' : [ 0x5f0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'StackBase' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'CycleTime' : [ 0x48, ['unsigned long long']],
+    'CurrentRunTime' : [ 0x50, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
+    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
+    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x71, ['unsigned char']],
+    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CetShadowStack' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x74, ['long']],
+    'BamQosLevel' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x78, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x78, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x78, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'VpBackingThread' : [ 0x78, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x78, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x78, ['long']],
+    'Tag' : [ 0x7c, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x7d, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'RunningNonRetpolineCode' : [ 0x7f, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecCtrlSpare' : [ 0x7f, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'SpecCtrl' : [ 0x7f, ['unsigned char']],
+    'SystemCallNumber' : [ 0x80, ['unsigned long']],
+    'ReadyTime' : [ 0x84, ['unsigned long']],
+    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
+    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x98, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0xc3, ['unsigned char']],
+    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
+    'WaitStatus' : [ 0xc8, ['long long']],
+    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xf0, ['pointer64', ['void']]],
+    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
+    'Timer' : [ 0x100, ['_KTIMER']],
+    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
+    'ContextSwitches' : [ 0x154, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
+    'State' : [ 0x184, ['unsigned char']],
+    'Spare13' : [ 0x185, ['unsigned char']],
+    'WaitIrql' : [ 0x186, ['unsigned char']],
+    'WaitMode' : [ 0x187, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
+    'WaitTime' : [ 0x1b4, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1e4, ['short']],
+    'SpecialApcDisable' : [ 0x1e6, ['short']],
+    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
+    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
+    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
+    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
+    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
+    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
+    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'Spare21' : [ 0x200, ['pointer64', ['void']]],
+    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x218, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x21c, ['long']],
+    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
+    'PreviousMode' : [ 0x232, ['unsigned char']],
+    'BasePriority' : [ 0x233, ['unsigned char']],
+    'PriorityDecrement' : [ 0x234, ['unsigned char']],
+    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x235, ['unsigned char']],
+    'AdjustReason' : [ 0x236, ['unsigned char']],
+    'AdjustIncrement' : [ 0x237, ['unsigned char']],
+    'AffinityVersion' : [ 0x238, ['unsigned long long']],
+    'Affinity' : [ 0x240, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x240, ['array', 10, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x24a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x24b, ['unsigned char']],
+    'IdealProcessor' : [ 0x24c, ['unsigned long']],
+    'NpxState' : [ 0x250, ['unsigned long long']],
+    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x283, ['unsigned char']],
+    'SuspendCount' : [ 0x284, ['unsigned char']],
+    'Saturation' : [ 0x285, ['unsigned char']],
+    'SListFaultCount' : [ 0x286, ['unsigned short']],
+    'SchedulerApc' : [ 0x288, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x289, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x28b, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x28c, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
+    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
+    'UserTime' : [ 0x2dc, ['unsigned long']],
+    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x318, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x319, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x31a, ['unsigned char']],
+    'SystemPriority' : [ 0x31b, ['unsigned char']],
+    'SecureThreadCookie' : [ 0x31c, ['unsigned long']],
+    'LockEntries' : [ 0x320, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x568, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x570, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x580, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x584, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x588, ['long']],
+    'KeReferenceCount' : [ 0x58c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x58e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x58f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x590, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x598, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x598, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x5a0, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x5a8, ['long long']],
+    'WriteOperationCount' : [ 0x5b0, ['long long']],
+    'OtherOperationCount' : [ 0x5b8, ['long long']],
+    'ReadTransferCount' : [ 0x5c0, ['long long']],
+    'WriteTransferCount' : [ 0x5c8, ['long long']],
+    'OtherTransferCount' : [ 0x5d0, ['long long']],
+    'QueuedScb' : [ 0x5d8, ['pointer64', ['_KSCB']]],
+    'ThreadTimerDelay' : [ 0x5e0, ['unsigned long']],
+    'ThreadFlags2' : [ 0x5e4, ['long']],
+    'PpmPolicy' : [ 0x5e4, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlags2Reserved' : [ 0x5e4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'SchedulerAssist' : [ 0x5e8, ['pointer64', ['void']]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x30, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'ActualLimit' : [ 0x8, ['unsigned long long']],
+    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_12b5' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'HeaderX64' : [ 0x0, ['__unnamed_12b5']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x180, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long long']],
+    'IdleSmtSet' : [ 0x8, ['unsigned long long']],
+    'IdleCpuSet' : [ 0x10, ['unsigned long long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long long']],
+    'IdleConstrainedSet' : [ 0x48, ['unsigned long long']],
+    'NonParkedSet' : [ 0x50, ['unsigned long long']],
+    'NonIsrTargetedSet' : [ 0x58, ['unsigned long long']],
+    'ParkLock' : [ 0x60, ['long']],
+    'Seed' : [ 0x64, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x88, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x88, ['array', 10, ['unsigned char']]],
+    'NodeNumber' : [ 0x92, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x94, ['unsigned short']],
+    'Stride' : [ 0x96, ['unsigned char']],
+    'Spare0' : [ 0x97, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x98, ['unsigned long long']],
+    'ProximityId' : [ 0xa0, ['unsigned long']],
+    'Lowest' : [ 0xa4, ['unsigned long']],
+    'Highest' : [ 0xa8, ['unsigned long']],
+    'MaximumProcessors' : [ 0xac, ['unsigned char']],
+    'Flags' : [ 0xad, ['_flags']],
+    'Spare10' : [ 0xae, ['unsigned char']],
+    'HeteroSets' : [ 0xb0, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+    'PpmConfiguredQosSets' : [ 0x128, ['array', 4, ['unsigned long long']]],
+} ],
+  '_ENODE' : [ 0x1c0, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'HotAddProcessorWorkItem' : [ 0x180, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long long']],
+    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x2c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
+    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'VolatileLowValue' : [ 0x0, ['long long']],
+    'LowValue' : [ 0x0, ['long long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x8, ['long long']],
+    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
+    'RefCountField' : [ 0x0, ['long long']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
+    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+    'Spare2' : [ 0xc, ['unsigned long']],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_139d' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_139d']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xe0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x810, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x5f0, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x5f8, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x5f8, ['_LIST_ENTRY']],
+    'PostBlockList' : [ 0x608, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x608, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x610, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x618, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x618, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x618, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x620, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x628, ['_LIST_ENTRY']],
+    'Cid' : [ 0x638, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x648, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x648, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x668, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x670, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x680, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x688, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x690, ['pointer64', ['void']]],
+    'ChargeOnlySession' : [ 0x698, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x6a0, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x6a8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x6b8, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x6c0, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x6c8, ['unsigned long']],
+    'MmLockOrdering' : [ 0x6cc, ['long']],
+    'CrossThreadFlags' : [ 0x6d0, ['unsigned long']],
+    'Terminated' : [ 0x6d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x6d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x6d0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x6d0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x6d0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x6d0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x6d0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x6d0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x6d0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x6d0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x6d0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x6d0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x6d0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6d0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x6d0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x6d0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x6d0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x6d0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ForcedSelfTrimActive' : [ 0x6d0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SamplingCoverage' : [ 0x6d0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x6d0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x6d4, ['unsigned long']],
+    'ActiveExWorker' : [ 0x6d4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x6d4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x6d4, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x6d4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x6d4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x6d4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x6d4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x6d4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SecureContext' : [ 0x6d4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ZeroPageThread' : [ 0x6d4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WorkloadClass' : [ 0x6d4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x6d4, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x6d8, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x6d8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x6d8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x6d8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x6d8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x6d8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x6d8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x6d8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x6d8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x6d9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x6d9, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'AllowWritesToExecutableMemory' : [ 0x6d9, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsVadShared' : [ 0x6d9, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x6dc, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x6dd, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x6de, ['unsigned char']],
+    'LockOrderState' : [ 0x6df, ['unsigned char']],
+    'AlpcMessageId' : [ 0x6e0, ['unsigned long long']],
+    'AlpcMessage' : [ 0x6e8, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x6e8, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x6f0, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x700, ['long']],
+    'CacheManagerCount' : [ 0x704, ['unsigned long']],
+    'IoBoostCount' : [ 0x708, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x70c, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x710, ['unsigned long']],
+    'KernelStackReference' : [ 0x714, ['unsigned long']],
+    'BoostList' : [ 0x718, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x728, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x738, ['unsigned long long']],
+    'IrpListLock' : [ 0x740, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x748, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x750, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x758, ['pointer64', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x760, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x768, ['pointer64', ['void']]],
+    'AdjustedClientToken' : [ 0x770, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x778, ['pointer64', ['void']]],
+    'PropertySet' : [ 0x780, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x798, ['pointer64', ['void']]],
+    'UserFsBase' : [ 0x7a0, ['unsigned long long']],
+    'UserGsBase' : [ 0x7a8, ['unsigned long long']],
+    'EnergyValues' : [ 0x7b0, ['pointer64', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x7b8, ['pointer64', ['void']]],
+    'SelectedCpuSets' : [ 0x7c0, ['unsigned long long']],
+    'SelectedCpuSetsIndirect' : [ 0x7c0, ['pointer64', ['unsigned long long']]],
+    'Silo' : [ 0x7c8, ['pointer64', ['_EJOB']]],
+    'ThreadName' : [ 0x7d0, ['pointer64', ['_UNICODE_STRING']]],
+    'SetContextState' : [ 0x7d8, ['pointer64', ['_CONTEXT']]],
+    'LastExpectedRunTime' : [ 0x7e0, ['unsigned long']],
+    'HeapData' : [ 0x7e4, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x7e8, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x7f8, ['unsigned long long']],
+    'DisownedOwnerEntryListHead' : [ 0x800, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_13f7' : [ 0x4, {
+    'ControlFlowGuardEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditDisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'AuditDisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'AuditProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'AuditProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinaries' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinariesAllowStore' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AuditLoaderIntegrityContinuity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'EnableModuleTamperingProtection' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'EnableModuleTamperingProtectionNoInherit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RestrictIndirectBranchPrediction' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IsolateSecurityDomain' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_13f9' : [ 0x4, {
+    'EnableExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AuditExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'EnableRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuditRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuditRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'EnableRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AuditRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'EnableImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisablePageCombine' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SpeculativeStoreBypassDisable' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'CetShadowStacks' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+} ],
+  '_EPROCESS' : [ 0x850, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x2d8, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0x2e0, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x2e8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x2f8, ['_EX_RUNDOWN_REF']],
+    'Flags2' : [ 0x300, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PicoCreated' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'EnableReadVmLogging' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'EnableWriteVmLogging' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'InPrivate' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x304, ['unsigned long']],
+    'CreateReported' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x304, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ManageExecutableMemoryWrites' : [ 0x304, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x304, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x304, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x304, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0x304, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x304, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x304, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x304, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x304, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x304, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x304, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x304, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x304, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x304, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0x304, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x304, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x304, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x304, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x304, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0x304, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x304, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x304, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x304, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x304, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0x308, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x320, ['array', 2, ['unsigned long long']]],
+    'PeakVirtualSize' : [ 0x330, ['unsigned long long']],
+    'VirtualSize' : [ 0x338, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x340, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x350, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x350, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x350, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Token' : [ 0x358, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x360, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x368, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x370, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x378, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x380, ['pointer64', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x388, ['pointer64', ['_EJOB']]],
+    'CloneRoot' : [ 0x390, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x398, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x3a0, ['unsigned long long']],
+    'Win32Process' : [ 0x3a8, ['pointer64', ['void']]],
+    'Job' : [ 0x3b0, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x3b8, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x3c0, ['pointer64', ['void']]],
+    'Cookie' : [ 0x3c8, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x3d0, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x3d8, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x3e0, ['pointer64', ['void']]],
+    'Spare0' : [ 0x3e8, ['pointer64', ['void']]],
+    'OwnerProcessId' : [ 0x3f0, ['unsigned long long']],
+    'Peb' : [ 0x3f8, ['pointer64', ['_PEB']]],
+    'Session' : [ 0x400, ['pointer64', ['_MM_SESSION_SPACE']]],
+    'Spare1' : [ 0x408, ['pointer64', ['void']]],
+    'QuotaBlock' : [ 0x410, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x418, ['pointer64', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x420, ['pointer64', ['void']]],
+    'WoW64Process' : [ 0x428, ['pointer64', ['_EWOW64PROCESS']]],
+    'DeviceMap' : [ 0x430, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x438, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x440, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x448, ['pointer64', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x450, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x45f, ['unsigned char']],
+    'SecurityPort' : [ 0x460, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x468, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x470, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x480, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x488, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x498, ['unsigned long']],
+    'ImagePathHash' : [ 0x49c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x4a0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x4a4, ['long']],
+    'PrefetchTrace' : [ 0x4a8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x4b0, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x4b8, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x4c0, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x4c8, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x4d0, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x4d8, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x4e0, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x4e8, ['unsigned long long']],
+    'CommitCharge' : [ 0x4f0, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x4f8, ['unsigned long long']],
+    'Vm' : [ 0x500, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x610, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x620, ['unsigned long']],
+    'ExitStatus' : [ 0x624, ['long']],
+    'VadRoot' : [ 0x628, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x630, ['pointer64', ['void']]],
+    'VadCount' : [ 0x638, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x640, ['unsigned long long']],
+    'VadPhysicalPagesLimit' : [ 0x648, ['unsigned long long']],
+    'AlpcContext' : [ 0x650, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x670, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x680, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x688, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x68c, ['unsigned long']],
+    'ExitTime' : [ 0x690, ['_LARGE_INTEGER']],
+    'InvertedFunctionTable' : [ 0x698, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
+    'InvertedFunctionTableLock' : [ 0x6a0, ['_EX_PUSH_LOCK']],
+    'ActiveThreadsHighWatermark' : [ 0x6a8, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x6ac, ['unsigned long']],
+    'ThreadListLock' : [ 0x6b0, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x6b8, ['pointer64', ['void']]],
+    'ServerSilo' : [ 0x6c0, ['pointer64', ['_EJOB']]],
+    'SignatureLevel' : [ 0x6c8, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x6c9, ['unsigned char']],
+    'Protection' : [ 0x6ca, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x6cb, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'GhostCount' : [ 0x6cb, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'PrefilterException' : [ 0x6cb, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Flags3' : [ 0x6cc, ['unsigned long']],
+    'Minimal' : [ 0x6cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x6cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Crashed' : [ 0x6cc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x6cc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x6cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x6cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x6cc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6cc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x6cc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x6cc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x6cc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x6cc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SystemProcess' : [ 0x6cc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'HideImageBaseAddresses' : [ 0x6cc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x6cc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProcessFirstResume' : [ 0x6cc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ForegroundExternal' : [ 0x6cc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ForegroundSystem' : [ 0x6cc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HighMemoryPriority' : [ 0x6cc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'EnableProcessSuspendResumeLogging' : [ 0x6cc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'EnableThreadSuspendResumeLogging' : [ 0x6cc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SecurityDomainChanged' : [ 0x6cc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'SecurityFreezeComplete' : [ 0x6cc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'VmProcessorHost' : [ 0x6cc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x6d0, ['long']],
+    'SvmData' : [ 0x6d8, ['pointer64', ['void']]],
+    'SvmProcessLock' : [ 0x6e0, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x6e8, ['unsigned long long']],
+    'SvmProcessDeviceListHead' : [ 0x6f0, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x700, ['unsigned long long']],
+    'DiskCounters' : [ 0x708, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x710, ['pointer64', ['void']]],
+    'EnclaveTable' : [ 0x718, ['pointer64', ['void']]],
+    'EnclaveNumber' : [ 0x720, ['unsigned long long']],
+    'EnclaveLock' : [ 0x728, ['_EX_PUSH_LOCK']],
+    'HighPriorityFaultsAllowed' : [ 0x730, ['unsigned long']],
+    'EnergyContext' : [ 0x738, ['pointer64', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x740, ['pointer64', ['void']]],
+    'SequenceNumber' : [ 0x748, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x750, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x758, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x760, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x768, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x770, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x770, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x778, ['unsigned long long']],
+    'SharedCommitLock' : [ 0x780, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x788, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x798, ['unsigned long long']],
+    'DefaultCpuSets' : [ 0x7a0, ['unsigned long long']],
+    'AllowedCpuSetsIndirect' : [ 0x798, ['pointer64', ['unsigned long long']]],
+    'DefaultCpuSetsIndirect' : [ 0x7a0, ['pointer64', ['unsigned long long']]],
+    'DiskIoAttribution' : [ 0x7a8, ['pointer64', ['void']]],
+    'DxgProcess' : [ 0x7b0, ['pointer64', ['void']]],
+    'Win32KFilterSet' : [ 0x7b8, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x7c0, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x7c8, ['unsigned long']],
+    'KTimer2Sets' : [ 0x7cc, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x7d0, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x7d8, ['unsigned long long']],
+    'VirtualTimerListHead' : [ 0x7e0, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x7f0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x7f0, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'MitigationFlags' : [ 0x820, ['unsigned long']],
+    'MitigationFlagsValues' : [ 0x820, ['__unnamed_13f7']],
+    'MitigationFlags2' : [ 0x824, ['unsigned long']],
+    'MitigationFlags2Values' : [ 0x824, ['__unnamed_13f9']],
+    'PartitionObject' : [ 0x828, ['pointer64', ['void']]],
+    'SecurityDomain' : [ 0x830, ['unsigned long long']],
+    'ParentSecurityDomain' : [ 0x838, ['unsigned long long']],
+    'CoverageSamplerContext' : [ 0x840, ['pointer64', ['void']]],
+    'MmHotPatchContext' : [ 0x848, ['pointer64', ['void']]],
+} ],
+  '_EWOW64PROCESS' : [ 0x10, {
+    'Peb' : [ 0x0, ['pointer64', ['void']]],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'NtdllType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PsNativeSystemDll', 1: u'PsWowX86SystemDll', 2: u'PsWowArm32SystemDll', 3: u'PsWowAmd64SystemDll', 4: u'PsWowChpeX86SystemDll', 5: u'PsVsmEnclaveRuntimeDll', 6: u'PsSystemDllTotalTypes'})]],
+} ],
+  '__unnamed_1416' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_141c' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_141e' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_141c']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1427' : [ 0x58, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1429' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_1427']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_1416']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_141e']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_1429']],
+} ],
+  '__unnamed_1430' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1434' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_1438' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_143a' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_143e' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1440' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1444' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+    'DirectoryNotifyInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'DirectoryNotifyInformation', 2: u'DirectoryNotifyExtendedInformation'})]],
+} ],
+  '__unnamed_1446' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_1448' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_144a' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_144c' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1450' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsFullSizeInformationEx', 15: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_1452' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1454' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1456' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1458' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_145a' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_145e' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_1462' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1466' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_146a' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_146e' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1472' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1476' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1478' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_147a' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_147e' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_1482' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1486' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_148a' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_148e' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1496' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_149a' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_149c' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_149e' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_14a0' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_1430']],
+    'CreatePipe' : [ 0x0, ['__unnamed_1434']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_1438']],
+    'Read' : [ 0x0, ['__unnamed_143a']],
+    'Write' : [ 0x0, ['__unnamed_143a']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_143e']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_1440']],
+    'NotifyDirectoryEx' : [ 0x0, ['__unnamed_1444']],
+    'QueryFile' : [ 0x0, ['__unnamed_1446']],
+    'SetFile' : [ 0x0, ['__unnamed_1448']],
+    'QueryEa' : [ 0x0, ['__unnamed_144a']],
+    'SetEa' : [ 0x0, ['__unnamed_144c']],
+    'QueryVolume' : [ 0x0, ['__unnamed_1450']],
+    'SetVolume' : [ 0x0, ['__unnamed_1450']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_1452']],
+    'LockControl' : [ 0x0, ['__unnamed_1454']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1456']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1458']],
+    'SetSecurity' : [ 0x0, ['__unnamed_145a']],
+    'MountVolume' : [ 0x0, ['__unnamed_145e']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_145e']],
+    'Scsi' : [ 0x0, ['__unnamed_1462']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1466']],
+    'SetQuota' : [ 0x0, ['__unnamed_144c']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_146a']],
+    'QueryInterface' : [ 0x0, ['__unnamed_146e']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_1472']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1476']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1478']],
+    'SetLock' : [ 0x0, ['__unnamed_147a']],
+    'QueryId' : [ 0x0, ['__unnamed_147e']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_1482']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1486']],
+    'WaitWake' : [ 0x0, ['__unnamed_148a']],
+    'PowerSequence' : [ 0x0, ['__unnamed_148e']],
+    'Power' : [ 0x0, ['__unnamed_1496']],
+    'StartDevice' : [ 0x0, ['__unnamed_149a']],
+    'WMI' : [ 0x0, ['__unnamed_149c']],
+    'Others' : [ 0x0, ['__unnamed_149e']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_14a0']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_14b6' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_14b6']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x28, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x20, ['pointer64', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x620, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
+    'TotalProcesses' : [ 0xd4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
+    'LimitFlags' : [ 0x100, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
+    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
+    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
+    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
+    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
+    'SessionId' : [ 0x1e0, ['unsigned long']],
+    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
+    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
+    'JobTotalMemoryLimit' : [ 0x250, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x258, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x260, ['unsigned long long']],
+    'EffectiveAffinity' : [ 0x268, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x310, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x318, ['unsigned long long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x320, ['unsigned long long']],
+    'EffectiveProcessMemoryLimit' : [ 0x328, ['unsigned long long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x338, ['pointer64', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x340, ['pointer64', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x348, ['pointer64', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x350, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x354, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x358, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x35c, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x360, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x364, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x368, ['unsigned char']],
+    'PriorityClass' : [ 0x369, ['unsigned char']],
+    'NestingDepth' : [ 0x36a, ['unsigned char']],
+    'Reserved1' : [ 0x36b, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x36c, ['unsigned long']],
+    'WakeChannel' : [ 0x370, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x370, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x3b8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x3c0, ['unsigned long']],
+    'NotificationLink' : [ 0x3c8, ['pointer64', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x3d0, ['unsigned long long']],
+    'NotificationInfo' : [ 0x3d8, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x3e0, ['pointer64', ['void']]],
+    'NotificationPacket' : [ 0x3e8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x3f0, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x3f8, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x400, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x408, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x410, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x420, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x430, ['pointer64', ['_EJOB']]],
+    'RootJob' : [ 0x438, ['pointer64', ['_EJOB']]],
+    'IteratorListHead' : [ 0x440, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x450, ['unsigned long long']],
+    'Ancestors' : [ 0x458, ['pointer64', ['pointer64', ['_EJOB']]]],
+    'SessionObject' : [ 0x458, ['pointer64', ['void']]],
+    'Accounting' : [ 0x460, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x4b8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x4bc, ['unsigned long']],
+    'SequenceNumber' : [ 0x4c0, ['unsigned long']],
+    'JobId' : [ 0x4c4, ['unsigned long']],
+    'ContainerId' : [ 0x4c8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x4d8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x4e8, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x4f0, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x508, ['pointer64', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x510, ['pointer64', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x518, ['unsigned long']],
+    'CloseDone' : [ 0x518, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x518, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x518, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x518, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x518, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x518, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x518, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x518, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x518, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x518, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x518, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x518, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x518, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x518, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x518, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x518, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x518, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x518, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x518, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x518, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x518, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x518, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x518, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x518, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x51c, ['unsigned long']],
+    'ParentLocked' : [ 0x51c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x51c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x51c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x520, ['pointer64', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x528, ['unsigned long long']],
+    'DiskIoAttributionUserRefCount' : [ 0x530, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x534, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x538, ['pointer64', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x538, ['pointer64', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x540, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x568, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x5a0, ['long']],
+    'VolumeIoControlTree' : [ 0x5a8, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x5b8, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x5c0, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x5c4, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x5c8, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x5cc, ['unsigned long']],
+    'LastThrottledIoTime' : [ 0x5d0, ['unsigned long long']],
+    'IoControlLock' : [ 0x5d8, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x5e0, ['unsigned long long']],
+    'RundownWorkItem' : [ 0x5e8, ['_WORK_QUEUE_ITEM']],
+    'PartitionObject' : [ 0x608, ['pointer64', ['void']]],
+    'PartitionOwnerJob' : [ 0x610, ['pointer64', ['_EJOB']]],
+    'EnergyTrackingState' : [ 0x618, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x70, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x60, ['pointer64', ['void']]],
+    'UserContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MCUPDATE_INFO' : [ 0x30, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'Status' : [ 0x10, ['unsigned long']],
+    'Id' : [ 0x18, ['unsigned long long']],
+    'VendorScratch' : [ 0x20, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x1b0, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY' : [ 0x20, {
+    'Header' : [ 0x0, ['_WHEA_EVENT_LOG_ENTRY_HEADER']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_FLAGS' : [ 0x4, {
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'Oplock' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '_RTL_HASH_TABLE' : [ 0x10, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x10, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0x18, {
+    'Hash' : [ 0x0, ['pointer64', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x8, ['pointer64', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x10, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x18, {
+    'Table' : [ 0x0, ['pointer64', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x8, ['unsigned long']],
+    'EntryMax' : [ 0xc, ['unsigned long']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x8, {
+    'Key' : [ 0x0, ['unsigned long long']],
+} ],
+  '_TlgProvider_t' : [ 0x38, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  'wil_details_FeaturePropertyCache' : [ 0x4, {
+    'cache' : [ 0x0, ['wil_details_FeatureProperties']],
+    'variant' : [ 0x0, ['wil_details_VariantProperties']],
+    'var' : [ 0x0, ['long']],
+} ],
+  'wil_details_SetPropertyFlagContext' : [ 0x10, {
+    'result' : [ 0x0, ['pointer64', ['wil_details_RecordUsageResult']]],
+    'flags' : [ 0x8, ['unsigned long']],
+    'ignoreReporting' : [ 0xc, ['long']],
+} ],
+  'wil_details_RecordUsageResult' : [ 0x18, {
+    'queueBackground' : [ 0x0, ['long']],
+    'countImmediate' : [ 0x4, ['unsigned long']],
+    'kindImmediate' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_ServiceReportingKind_UniqueUsage', 1: u'wil_details_ServiceReportingKind_UniqueOpportunity', 2: u'wil_details_ServiceReportingKind_DeviceUsage', 3: u'wil_details_ServiceReportingKind_DeviceOpportunity', 4: u'wil_details_ServiceReportingKind_PotentialUniqueUsage', 5: u'wil_details_ServiceReportingKind_PotentialUniqueOpportunity', 6: u'wil_details_ServiceReportingKind_PotentialDeviceUsage', 7: u'wil_details_ServiceReportingKind_PotentialDeviceOpportunity', 8: u'wil_details_ServiceReportingKind_EnabledTotalDuration', 9: u'wil_details_ServiceReportingKind_EnabledPausedDuration', 10: u'wil_details_ServiceReportingKind_DisabledTotalDuration', 11: u'wil_details_ServiceReportingKind_DisabledPausedDuration', 256: u'wil_details_ServiceReportingKind_VariantDevicePotentialBase', 320: u'wil_details_ServiceReportingKind_VariantDeviceUsageBase', 384: u'wil_details_ServiceReportingKind_VariantUniquePotentialBase', 448: u'wil_details_ServiceReportingKind_VariantUniqueUsageBase', 150: u'wil_details_ServiceReportingKind_CustomDisabledBase', 100: u'wil_details_ServiceReportingKind_CustomEnabledBase', 254: u'wil_details_ServiceReportingKind_Store', 255: u'wil_details_ServiceReportingKind_None'})]],
+    'payloadId' : [ 0xc, ['unsigned long']],
+    'ignoredUse' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_SetPropertyCacheUsageContext' : [ 0x18, {
+    'result' : [ 0x0, ['pointer64', ['wil_details_RecordUsageResult']]],
+    'kind' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_ServiceReportingKind_UniqueUsage', 1: u'wil_details_ServiceReportingKind_UniqueOpportunity', 2: u'wil_details_ServiceReportingKind_DeviceUsage', 3: u'wil_details_ServiceReportingKind_DeviceOpportunity', 4: u'wil_details_ServiceReportingKind_PotentialUniqueUsage', 5: u'wil_details_ServiceReportingKind_PotentialUniqueOpportunity', 6: u'wil_details_ServiceReportingKind_PotentialDeviceUsage', 7: u'wil_details_ServiceReportingKind_PotentialDeviceOpportunity', 8: u'wil_details_ServiceReportingKind_EnabledTotalDuration', 9: u'wil_details_ServiceReportingKind_EnabledPausedDuration', 10: u'wil_details_ServiceReportingKind_DisabledTotalDuration', 11: u'wil_details_ServiceReportingKind_DisabledPausedDuration', 256: u'wil_details_ServiceReportingKind_VariantDevicePotentialBase', 320: u'wil_details_ServiceReportingKind_VariantDeviceUsageBase', 384: u'wil_details_ServiceReportingKind_VariantUniquePotentialBase', 448: u'wil_details_ServiceReportingKind_VariantUniqueUsageBase', 150: u'wil_details_ServiceReportingKind_CustomDisabledBase', 100: u'wil_details_ServiceReportingKind_CustomEnabledBase', 254: u'wil_details_ServiceReportingKind_Store', 255: u'wil_details_ServiceReportingKind_None'})]],
+    'addend' : [ 0x10, ['unsigned long long']],
+} ],
+  'FEATURE_ERROR' : [ 0x68, {
+    'hr' : [ 0x0, ['unsigned long']],
+    'lineNumber' : [ 0x4, ['unsigned short']],
+    'file' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'process' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'modulePath' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'callerReturnAddressOffset' : [ 0x20, ['unsigned long']],
+    'callerModule' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'message' : [ 0x30, ['pointer64', ['unsigned char']]],
+    'originLineNumber' : [ 0x38, ['unsigned short']],
+    'originFile' : [ 0x40, ['pointer64', ['unsigned char']]],
+    'originModule' : [ 0x48, ['pointer64', ['unsigned char']]],
+    'originCallerReturnAddressOffset' : [ 0x50, ['unsigned long']],
+    'originCallerModule' : [ 0x58, ['pointer64', ['unsigned char']]],
+    'originName' : [ 0x60, ['pointer64', ['unsigned char']]],
+} ],
+  'FEATURE_LOGGED_TRAITS' : [ 0x6, {
+    'version' : [ 0x0, ['unsigned short']],
+    'baseVersion' : [ 0x2, ['unsigned short']],
+    'stage' : [ 0x4, ['unsigned char']],
+} ],
+  'wil_details_FeatureVariantPropertyCache' : [ 0x8, {
+    'propertyCache' : [ 0x0, ['wil_details_FeaturePropertyCache']],
+    'payloadId' : [ 0x4, ['unsigned long']],
+} ],
+  'wil_details_StagingConfigFeature' : [ 0xc, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'changedInSession' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'unused1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned long')]],
+    'serviceState' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 10, native_type='unsigned long')]],
+    'userState' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'testState' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 14, native_type='unsigned long')]],
+    'unused2' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned long')]],
+    'unused3' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'variant' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'payloadKind' : [ 0x4, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+    'payload' : [ 0x8, ['unsigned long']],
+} ],
+  'wil_details_StagingConfig' : [ 0x58, {
+    'store' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureStore_Machine', 1: u'wil_FeatureStore_User', 2: u'wil_FeatureStore_All'})]],
+    'forUpdate' : [ 0x4, ['long']],
+    'readChangeStamp' : [ 0x8, ['unsigned long']],
+    'readVersion' : [ 0xc, ['unsigned char']],
+    'modified' : [ 0x10, ['long']],
+    'header' : [ 0x18, ['pointer64', ['wil_details_StagingConfigHeader']]],
+    'features' : [ 0x20, ['pointer64', ['wil_details_StagingConfigFeature']]],
+    'triggers' : [ 0x28, ['pointer64', ['wil_details_StagingConfigUsageTrigger']]],
+    'changedInSession' : [ 0x30, ['long']],
+    'buffer' : [ 0x38, ['pointer64', ['void']]],
+    'bufferSize' : [ 0x40, ['unsigned long long']],
+    'bufferAlloc' : [ 0x48, ['unsigned long long']],
+    'bufferOwned' : [ 0x50, ['long']],
+} ],
+  'wil_details_StagingConfigHeader' : [ 0x10, {
+    'version' : [ 0x0, ['unsigned char']],
+    'versionMinor' : [ 0x1, ['unsigned char']],
+    'headerSizeBytes' : [ 0x2, ['unsigned short']],
+    'featureCount' : [ 0x4, ['unsigned short']],
+    'featureUsageTriggerCount' : [ 0x6, ['unsigned short']],
+    'sessionProperties' : [ 0x8, ['wil_details_StagingConfigHeaderProperties']],
+    'properties' : [ 0xc, ['wil_details_StagingConfigHeaderProperties']],
+} ],
+  'wil_details_StagingConfigUsageTrigger' : [ 0x10, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'trigger' : [ 0x4, ['wil_details_StagingConfigWnfStateName']],
+    'serviceReportingKind' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'unused' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_details_StagingConfigHeaderProperties' : [ 0x4, {
+    'ignoreServiceState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ignoreUserState' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ignoreTestState' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ignoreVariants' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_FeatureState' : [ 0x18, {
+    'enabledState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0x4, ['unsigned char']],
+    'payloadKind' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureVariantPayloadKind_None', 1: u'wil_FeatureVariantPayloadKind_Resident', 2: u'wil_FeatureVariantPayloadKind_External'})]],
+    'payload' : [ 0xc, ['unsigned long']],
+    'hasNotification' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_FeatureTestState' : [ 0x20, {
+    'kind' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_FeatureTestStateKind_EnabledState', 1: u'wil_details_FeatureTestStateKind_Variant'})]],
+    'featureId' : [ 0x4, ['unsigned long']],
+    'state' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0xc, ['unsigned char']],
+    'payload' : [ 0x10, ['unsigned long']],
+    'next' : [ 0x18, ['pointer64', ['wil_details_FeatureTestState']]],
+} ],
+  '__WIL__WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_wil_details_UsageSubscriptionData' : [ 0x8, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'serviceReportingKind' : [ 0x4, ['unsigned short']],
+} ],
+  '__unnamed_1833' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_1833']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0x10, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x8, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0xc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
+    'WaiterPriority' : [ 0x1b, ['unsigned char']],
+    'SharedWaiters' : [ 0x20, ['pointer64', ['void']]],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['void']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x70, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer64', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0x18, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x20, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x28, ['unsigned long long']],
+    'NumberOfReferences' : [ 0x30, ['unsigned long long']],
+    'CloneHeader' : [ 0x38, ['pointer64', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x40, ['unsigned long long']],
+    'DeleteList' : [ 0x50, ['_SLIST_ENTRY']],
+    'NestingLevel' : [ 0x60, ['unsigned long long']],
+} ],
+  '__unnamed_1872' : [ 0x8, {
+    'NextSlistPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
+    'Active' : [ 0x0, ['_MI_ACTIVE_PFN']],
+} ],
+  '__unnamed_1877' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_1879' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_187b' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_1877']],
+    'e4' : [ 0x0, ['__unnamed_1879']],
+} ],
+  '__unnamed_1887' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'Channel' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 50, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 52, native_type='unsigned long long')]],
+    'FileOnly' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_1872']],
+    'PteAddress' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PteLong' : [ 0x8, ['unsigned long long']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'u2' : [ 0x18, ['_MIPFNBLINK']],
+    'u3' : [ 0x20, ['__unnamed_187b']],
+    'NodeBlinkLow' : [ 0x24, ['unsigned short']],
+    'Unused' : [ 0x26, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Unused2' : [ 0x26, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ViewCount' : [ 0x27, ['unsigned char']],
+    'NodeFlinkLow' : [ 0x27, ['unsigned char']],
+    'u4' : [ 0x28, ['__unnamed_1887']],
+} ],
+  '__unnamed_1892' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1896' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x48, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_1892']],
+    'u2' : [ 0x38, ['__unnamed_1896']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_189b' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_189e' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS2']],
+} ],
+  '__unnamed_18a6' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'LargePage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AweSection' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 21, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ImageBaseOkToReuse' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_18a8' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_18a6']],
+} ],
+  '__unnamed_18aa' : [ 0x8, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x80, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'AweContext' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_189b']],
+    'u1' : [ 0x3c, ['__unnamed_189e']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_18a8']],
+    'FileObjectLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x70, ['unsigned long long']],
+    'u3' : [ 0x78, ['__unnamed_18aa']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x60, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSpecialPoolNonPaged', 14: u'MiVaSystemPtesLarge', 15: u'MiVaKernelStacks', 16: u'MiVaMaximumType'})]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x30, ['unsigned long long']],
+    'GlobalPushLock' : [ 0x30, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'TotalSystemPtes' : [ 0x38, ['unsigned long long']],
+    'Hint' : [ 0x40, ['unsigned long long']],
+    'LowestBitEverAllocated' : [ 0x48, ['unsigned long long']],
+    'CachedPtes' : [ 0x50, ['pointer64', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x58, ['unsigned long long']],
+} ],
+  '__unnamed_18c2x' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+    'VolatileVadLong' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_18c5x' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
+    'ExtraCreateInfo' : [ 0x8, ['pointer64', ['void']]],
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long']],
+    'EndingVpn' : [ 0x1c, ['unsigned long']],
+    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
+    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
+    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
+    'SpareNT64VadUChar' : [ 0x23, ['unsigned char']],
+    'ReferenceCount' : [ 0x24, ['long']],
+    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x30, ['__unnamed_18c2x']],
+    'u1' : [ 0x34, ['__unnamed_18c5x']],
+    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_PARTITION' : [ 0x2dc0, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0x1a8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x470, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x500, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x840, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0x1900, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0x1980, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0x19e8, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x1b70, ['pointer64', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x1b78, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0x1bc0, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_EPARTITION' : [ 0x80, {
+    'MmPartition' : [ 0x0, ['pointer64', ['void']]],
+    'CcPartition' : [ 0x8, ['pointer64', ['void']]],
+    'ExPartition' : [ 0x10, ['pointer64', ['void']]],
+    'HardReferenceCount' : [ 0x18, ['long long']],
+    'OpenHandleCount' : [ 0x20, ['long long']],
+    'ActivePartitionLinks' : [ 0x28, ['_LIST_ENTRY']],
+    'ParentPartition' : [ 0x38, ['pointer64', ['_EPARTITION']]],
+    'TeardownWorkItem' : [ 0x40, ['_WORK_QUEUE_ITEM']],
+    'TeardownLock' : [ 0x60, ['_EX_PUSH_LOCK']],
+    'SystemProcess' : [ 0x68, ['pointer64', ['_EPROCESS']]],
+    'SystemProcessHandle' : [ 0x70, ['pointer64', ['void']]],
+    'PartitionFlags' : [ 0x78, ['unsigned long']],
+    'PairedWithJob' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '_HHIVE' : [ 0x600, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x28, ['pointer64', ['void']]],
+    'FileRead' : [ 0x30, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x38, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x40, ['pointer64', ['_HBASE_BLOCK']]],
+    'FlusherLock' : [ 0x48, ['_CMSI_RW_LOCK']],
+    'WriterLock' : [ 0x50, ['_CMSI_RW_LOCK']],
+    'DirtyVector' : [ 0x58, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x68, ['unsigned long']],
+    'DirtyAlloc' : [ 0x6c, ['unsigned long']],
+    'UnreconciledVector' : [ 0x70, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x80, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x84, ['unsigned long']],
+    'Cluster' : [ 0x88, ['unsigned long']],
+    'Flat' : [ 0x8c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x8c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x8c, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x8d, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x90, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x94, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x98, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x9c, ['unsigned long']],
+    'HiveFlags' : [ 0xa0, ['unsigned long']],
+    'CurrentLog' : [ 0xa4, ['unsigned long']],
+    'CurrentLogSequence' : [ 0xa8, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0xac, ['unsigned long']],
+    'CurrentLogOffset' : [ 0xb0, ['unsigned long']],
+    'MinimumLogSequence' : [ 0xb4, ['unsigned long']],
+    'LogFileSizeCap' : [ 0xb8, ['unsigned long']],
+    'LogDataPresent' : [ 0xbc, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0xbe, ['unsigned char']],
+    'BaseBlockDirty' : [ 0xbf, ['unsigned char']],
+    'LastLogSwapTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0xc8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0xc8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0xc8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0xc8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0xc8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0xc8, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0xca, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0xcc, ['unsigned long']],
+    'StorageTypeCount' : [ 0xd0, ['unsigned long']],
+    'Version' : [ 0xd4, ['unsigned long']],
+    'ViewMap' : [ 0xd8, ['_HVP_VIEW_MAP']],
+    'Storage' : [ 0x110, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x130, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SpareExtFlag' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x18, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x20, ['unsigned long']],
+    'KcbPushlock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x30, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x30, ['long']],
+    'DelayedDeref' : [ 0x38, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x38, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x38, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x39, ['unsigned char']],
+    'LayerHeight' : [ 0x3a, ['short']],
+    'Spare1' : [ 0x3c, ['unsigned long']],
+    'ParentKcb' : [ 0x40, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x48, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x50, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x58, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x68, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x68, ['unsigned long']],
+    'SubKeyCount' : [ 0x68, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x70, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x80, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xa8, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xaa, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xac, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Spare3' : [ 0xb4, ['unsigned long']],
+    'LayerInfo' : [ 0xb8, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'RealKeyName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xe8, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf0, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x100, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x110, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x118, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x120, ['pointer64', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0x120, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x120, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'SequenceNumber' : [ 0x128, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x60, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+    'EnumerationResumeContext' : [ 0x58, ['pointer64', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_CMHIVE' : [ 0x12f8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x600, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0x630, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x640, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x650, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x660, ['_EX_RUNDOWN_REF']],
+    'KcbCacheTable' : [ 0x668, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x670, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x678, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x680, ['unsigned long']],
+    'Identity' : [ 0x684, ['unsigned long']],
+    'HiveLock' : [ 0x688, ['_CMSI_RW_LOCK']],
+    'FlushDirtyVector' : [ 0x690, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x6a0, ['unsigned long']],
+    'FlushLogEntry' : [ 0x6a8, ['pointer64', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0x6b0, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x6b4, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x6b8, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x6c0, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x6d0, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x6d8, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x6e0, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x6e8, ['pointer64', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x6f0, ['_EX_PUSH_LOCK']],
+    'LastShrinkHiveSize' : [ 0x6f8, ['unsigned long']],
+    'ActualFileSize' : [ 0x700, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x708, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x718, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x728, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x738, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x748, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x74c, ['unsigned long']],
+    'SecurityHitHint' : [ 0x750, ['long']],
+    'SecurityCache' : [ 0x758, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x760, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xb60, ['unsigned long']],
+    'UnloadEventArray' : [ 0xb68, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0xb70, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0xb78, ['unsigned char']],
+    'UnloadWorkItem' : [ 0xb80, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0xb88, ['_CM_WORKITEM']],
+    'DirtyVectorLog' : [ 0xbb0, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x1038, ['unsigned long']],
+    'TrustClassEntry' : [ 0x1040, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x1050, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x1058, ['unsigned long long']],
+    'CmRm' : [ 0x1060, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x1068, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x106c, ['long']],
+    'CreatorOwner' : [ 0x1070, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0x1078, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x1080, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x1088, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x10a0, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x10b8, ['unsigned long']],
+    'FlushActive' : [ 0x10b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0x10b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0x10b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x10b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x10bc, ['unsigned long']],
+    'ReferenceCount' : [ 0x10c0, ['long']],
+    'UnloadHistoryIndex' : [ 0x10c4, ['long']],
+    'UnloadHistory' : [ 0x10c8, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0x12c8, ['unsigned long']],
+    'UnaccessedStart' : [ 0x12cc, ['unsigned long']],
+    'UnaccessedEnd' : [ 0x12d0, ['unsigned long']],
+    'LoadedKeyCount' : [ 0x12d4, ['unsigned long']],
+    'HandleClosePending' : [ 0x12d8, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0x12e0, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0x12e8, ['unsigned char']],
+    'VolumeContext' : [ 0x12f0, ['pointer64', ['_CMP_VOLUME_CONTEXT']]],
+} ],
+  '__unnamed_1983' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmCreateHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread', 23: u'_CmpCheckLeaf', 24: u'_HvHiveStartFileBacked', 25: u'_HvStartHiveMemoryBacked', 26: u'_HvpEnlistFreeCells', 27: u'_HvpPerformLogFileRecovery'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1986' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1988' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_198a' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_198c' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_1990' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_1994' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_1996' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned short']],
+    'RecoverableIndex' : [ 0xa, ['unsigned short']],
+    'Locations' : [ 0xc, ['array', 8, ['__unnamed_1983']]],
+    'RecoverableLocations' : [ 0x6c, ['array', 8, ['__unnamed_1983']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_1986']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_1988']],
+    'CheckKey' : [ 0xf0, ['__unnamed_198a']],
+    'CheckValueList' : [ 0x110, ['__unnamed_198c']],
+    'CheckHive' : [ 0x128, ['__unnamed_1990']],
+    'CheckHive1' : [ 0x138, ['__unnamed_1990']],
+    'CheckBin' : [ 0x148, ['__unnamed_1994']],
+    'RecoverData' : [ 0x158, ['__unnamed_1996']],
+} ],
+  '_CM_KCB_UOW' : [ 0x78, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ParentUoW' : [ 0x50, ['pointer64', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x58, ['unsigned long']],
+    'OldValueCell' : [ 0x58, ['unsigned long']],
+    'NewValueCell' : [ 0x5c, ['unsigned long']],
+    'UserFlags' : [ 0x58, ['unsigned long']],
+    'LastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x60, ['unsigned long']],
+    'OldChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x60, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x60, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x68, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x68, ['pointer64', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x70, ['pointer64', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x70, ['pointer64', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0xb8, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x30, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x30, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x30, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x30, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x30, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x30, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x30, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x30, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x30, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x30, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x30, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x30, ['unsigned long']],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x40, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x48, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x50, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x58, ['_GUID']],
+    'StartLsn' : [ 0x68, ['unsigned long long']],
+    'HiveCount' : [ 0x70, ['unsigned long']],
+    'HiveArray' : [ 0x78, ['array', 8, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['unsigned long']]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x175, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x176, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapData' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['unsigned long long']]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x281, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x282, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'UnalignedLoadStoreExceptions' : [ 0x2ed, ['unsigned char']],
+    'Padding1' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapData' : [ 0x17b0, ['unsigned long']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SyntheticTimeUnhaltedTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'S1DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LbrAvailable' : [ 0xc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'AccessRootSchedulerReg' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Isolation' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 55, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 55, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x270, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ReadySummary' : [ 0x8, ['unsigned long']],
+    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
+    'Span' : [ 0x250, ['unsigned char']],
+    'LowProcIndex' : [ 0x251, ['unsigned char']],
+    'QueueIndex' : [ 0x252, ['unsigned char']],
+    'ProcCount' : [ 0x253, ['unsigned char']],
+    'ScanOwner' : [ 0x254, ['unsigned char']],
+    'Spare' : [ 0x255, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x258, ['unsigned long long']],
+    'ReadyThreadCount' : [ 0x260, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x268, ['unsigned long long']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'Spare1' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
+    'OutputLength' : [ 0xe0, ['unsigned long long']],
+    'Spare2' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'InterruptRetpolineState' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'Fill4' : [ 0x18c, ['unsigned long']],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '_KIST_BASE_FRAME' : [ 0x20, {
+    'KernelGsBase' : [ 0x0, ['pointer64', ['_KPCR']]],
+    'IstStack' : [ 0x8, ['pointer64', ['_KIST_LINK_FRAME']]],
+    'PreviousGsBase' : [ 0x10, ['unsigned long long']],
+    'PreviousCr3' : [ 0x18, ['unsigned long long']],
+} ],
+  '_KIST_LINK_FRAME' : [ 0x20, {
+    'IstBaseFrame' : [ 0x0, ['pointer64', ['_KIST_BASE_FRAME']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'Reserved0' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '__unnamed_1acd' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1acf' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1ad3' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x310, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x58, ['long']],
+    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
+    'FxActivationCount' : [ 0x78, ['long']],
+    'FxSleepCount' : [ 0x7c, ['long']],
+    'Plugin' : [ 0x80, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x88, ['unsigned long']],
+    'CurrentPowerState' : [ 0x8c, ['_POWER_STATE']],
+    'Notify' : [ 0x90, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xf8, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0x118, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0x128, ['unsigned long']],
+    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x134, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
+    'CompletionStatus' : [ 0x188, ['long']],
+    'Flags' : [ 0x18c, ['unsigned long']],
+    'UserFlags' : [ 0x190, ['unsigned long']],
+    'Problem' : [ 0x194, ['unsigned long']],
+    'ProblemStatus' : [ 0x198, ['long']],
+    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x1c4, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
+    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
+    'OverUsed1' : [ 0x210, ['__unnamed_1acd']],
+    'OverUsed2' : [ 0x218, ['__unnamed_1acf']],
+    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x230, ['unsigned long']],
+    'DockInfo' : [ 0x238, ['__unnamed_1ad3']],
+    'DisableableDepends' : [ 0x258, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
+    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x290, ['long']],
+    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
+    'ContainerID' : [ 0x298, ['_GUID']],
+    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x2c0, ['unsigned long']],
+    'RebalanceContext' : [ 0x2c8, ['pointer64', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+    'IommuExtension' : [ 0x2d0, ['pointer64', ['_DEVICE_NODE_IOMMU_EXTENSION']]],
+    'DirectedDripsState' : [ 0x2d8, ['_PO_DIRECTED_DRIPS_STATE']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
+    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x68, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
+    'InterruptContext' : [ 0x58, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KAFFINITY_EX' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1bcb' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1bcb']],
+} ],
+  '__unnamed_1bd2' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1bd2']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'ParameterBlockOffset' : [ 0xc, ['unsigned long']],
+    'ParameterBlockLength' : [ 0x10, ['unsigned long']],
+    'DataSetRangesOffset' : [ 0x14, ['unsigned long']],
+    'DataSetRangesLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_DATA_SET_RANGE' : [ 0x10, {
+    'StartingOffset' : [ 0x0, ['long long']],
+    'LengthInBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DEVICE_DSM_DEFINITION' : [ 0x1c, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'SingleRange' : [ 0x4, ['unsigned char']],
+    'ParameterBlockAlignment' : [ 0x8, ['unsigned long']],
+    'ParameterBlockLength' : [ 0xc, ['unsigned long']],
+    'HasOutput' : [ 0x10, ['unsigned char']],
+    'OutputBlockAlignment' : [ 0x14, ['unsigned long']],
+    'OutputBlockLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES_OUTPUT' : [ 0x24, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'OperationStatus' : [ 0xc, ['unsigned long']],
+    'ExtendedError' : [ 0x10, ['unsigned long']],
+    'TargetDetailedError' : [ 0x14, ['unsigned long']],
+    'ReservedStatus' : [ 0x18, ['unsigned long']],
+    'OutputBlockOffset' : [ 0x1c, ['unsigned long']],
+    'OutputBlockLength' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x18, ['pointer64', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x20, ['pointer64', ['wchar']]],
+    'PinCount' : [ 0x28, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x2a, ['unsigned char']],
+    'ResourceSourceName' : [ 0x30, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x40, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x30, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'SlaveAddress' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x28, ['unsigned long']],
+    'RxBufferSize' : [ 0x2c, ['unsigned short']],
+    'TxBufferSize' : [ 0x2e, ['unsigned short']],
+    'Parity' : [ 0x30, ['unsigned char']],
+    'LinesInUse' : [ 0x31, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'DataBitLength' : [ 0x2c, ['unsigned char']],
+    'Phase' : [ 0x2d, ['unsigned char']],
+    'Polarity' : [ 0x2e, ['unsigned char']],
+    'DeviceSelection' : [ 0x30, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x1c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x18, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x20, ['pointer64', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x28, ['pointer64', ['void']]],
+    'Accounting' : [ 0x30, ['pointer64', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'DeepSleepEnabled' : [ 0x38, ['unsigned char']],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x15a0, {
+    'Name' : [ 0x0, ['pointer64', ['wchar']]],
+    'Id' : [ 0x8, ['unsigned char']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Priority' : [ 0x20, ['unsigned char']],
+    'Settings' : [ 0x28, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x1578, ['unsigned long long']],
+    'Count' : [ 0x1580, ['unsigned long long']],
+    'MaxDuration' : [ 0x1588, ['unsigned long long']],
+    'MinDuration' : [ 0x1590, ['unsigned long long']],
+    'TotalDuration' : [ 0x1598, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xaa8, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['array', 2, ['unsigned long']]],
+    'AutonomousActivityWindow' : [ 0x48, ['unsigned long']],
+    'AutonomousPreference' : [ 0x4c, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x4d, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4f, ['array', 2, ['unsigned char']]],
+    'ResponsivenessDisableThreshold' : [ 0x54, ['array', 2, ['unsigned long']]],
+    'ResponsivenessEnableThreshold' : [ 0x5c, ['array', 2, ['unsigned long']]],
+    'ResponsivenessDisableTime' : [ 0x64, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEnableTime' : [ 0x66, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEppCeiling' : [ 0x68, ['array', 2, ['unsigned long']]],
+    'ResponsivenessPerfFloor' : [ 0x70, ['array', 2, ['unsigned long']]],
+    'DutyCycling' : [ 0x78, ['unsigned char']],
+    'ParkingPerfState' : [ 0x79, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x7b, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x7c, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x7d, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x7e, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x7f, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x80, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x81, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x84, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x88, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x8c, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x8e, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x90, ['unsigned char']],
+    'IdleDisabled' : [ 0x91, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x94, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x98, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x99, ['unsigned char']],
+    'IdleStateMax' : [ 0x9a, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x9b, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x9c, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x9d, ['array', 1280, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x59d, ['array', 1280, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xa9d, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xa9e, ['unsigned char']],
+    'ThreadPolicies' : [ 0xaa0, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuPolicyAll', 1: u'KHeteroCpuPolicyLarge', 2: u'KHeteroCpuPolicyLargeOrIdle', 3: u'KHeteroCpuPolicySmall', 4: u'KHeteroCpuPolicySmallOrIdle', 5: u'KHeteroCpuPolicyStaticMax', 6: u'KHeteroCpuPolicyBiasedSmall', 7: u'KHeteroCpuPolicyBiasedLarge', 8: u'KHeteroCpuPolicyDefault', 9: u'KHeteroCpuPolicyMax'})]]],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x480, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x2e0, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x310, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x360, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x368, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x370, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x378, ['pointer64', ['void']]],
+    'HardErrorState' : [ 0x380, ['unsigned long']],
+    'WnfSiloState' : [ 0x388, ['_WNF_SILODRIVERSTATE']],
+    'DbgkSiloState' : [ 0x3c0, ['_DBGK_SILOSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x3e0, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x3f0, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x400, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x408, ['pointer64', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x410, ['unsigned char']],
+    'NtSystemRoot' : [ 0x418, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x428, ['_UNICODE_STRING']],
+    'Storage' : [ 0x438, ['pointer64', ['_PSP_STORAGE']]],
+    'State' : [ 0x440, ['Enumeration', dict(target = 'long', choices = {0: u'SERVERSILO_INITING', 1: u'SERVERSILO_STARTED', 2: u'SERVERSILO_SHUTTING_DOWN', 3: u'SERVERSILO_TERMINATING', 4: u'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x444, ['long']],
+    'DeleteEvent' : [ 0x448, ['pointer64', ['_KEVENT']]],
+    'UserSharedData' : [ 0x450, ['pointer64', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x458, ['pointer64', ['void']]],
+    'TerminateWorkItem' : [ 0x460, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SIrpBlocked' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BlockFastResume' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DirectedPoweredDown' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DirectedTransitionInProgress' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0xd0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x20, ['unsigned long long']],
+    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0xc0, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x220, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
+    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
+    'Event' : [ 0x158, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
+    'WritesInProgress' : [ 0x204, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x208, ['unsigned long']],
+    'Partition' : [ 0x210, ['pointer64', ['_CC_PARTITION']]],
+    'InternalRefCount' : [ 0x218, ['unsigned long']],
+} ],
+  '__unnamed_1cec' : [ 0x10, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_1cec']],
+    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x400, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'PartitionObject' : [ 0x8, ['pointer64', ['_EPARTITION']]],
+    'CleanSharedCacheMapList' : [ 0x10, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0x20, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0x30, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriteCursor' : [ 0x48, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0x60, ['_LIST_ENTRY']],
+    'PrivateLock' : [ 0x80, ['unsigned long long']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0x88, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0x8c, ['unsigned char']],
+    'WorkQueueLock' : [ 0xc0, ['unsigned long long']],
+    'NumberWorkerThreads' : [ 0xc8, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0xcc, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0xd0, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0xf0, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0x100, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0x110, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0x120, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0x130, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0x134, ['unsigned long']],
+    'QueueThrottle' : [ 0x138, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0x13c, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0x140, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0x144, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0x148, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0x14c, ['unsigned long']],
+    'LowMemoryEvent' : [ 0x150, ['_KEVENT']],
+    'PowerEvent' : [ 0x168, ['_KEVENT']],
+    'PeriodicEvent' : [ 0x180, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x198, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x1b0, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x1c8, ['unsigned long']],
+    'LazyWriter' : [ 0x1d0, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x258, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x270, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x2a8, ['pointer64', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x2b0, ['long']],
+    'AverageAvailablePages' : [ 0x2b8, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x2c0, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x2c8, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x2d0, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x2d8, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x2e0, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x2e1, ['unsigned char']],
+    'DeferredWrites' : [ 0x2e8, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x300, ['unsigned long long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x308, ['pointer64', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x310, ['pointer64', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x318, ['pointer64', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x320, ['pointer64', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x328, ['pointer64', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x330, ['pointer64', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x338, ['pointer64', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x340, ['_EX_PUSH_LOCK']],
+    'VacbFreeHighPriorityList' : [ 0x348, ['_LIST_ENTRY']],
+    'NumberOfFreeHighPriorityVacbs' : [ 0x358, ['unsigned long']],
+    'LowPriWorkerThread' : [ 0x360, ['pointer64', ['_ETHREAD']]],
+    'LowPriSharedCacheMap' : [ 0x368, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'LowPriOldCpuPriority' : [ 0x370, ['long']],
+    'LowPriOldIoPriority' : [ 0x374, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+    'LowPriorityWorkerThreadLock' : [ 0x378, ['_EX_PUSH_LOCK']],
+    'MaxNumberOfWriteBehindThreads' : [ 0x380, ['unsigned long']],
+    'CoalescingState' : [ 0x384, ['unsigned char']],
+    'ActivePartition' : [ 0x385, ['unsigned char']],
+    'RundownPhase' : [ 0x386, ['unsigned char']],
+    'RefCount' : [ 0x388, ['long long']],
+    'ExitEvent' : [ 0x390, ['_KEVENT']],
+    'FinalDereferenceEvent' : [ 0x3a8, ['_KEVENT']],
+    'LazyWriteScanThreadHandle' : [ 0x3c0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1d12' : [ 0x10, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1d14' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1d16' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_1d18' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1d1a' : [ 0x30, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_1d1e' : [ 0x68, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'PrefetchList' : [ 0x20, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x28, ['unsigned long']],
+    'Mdl' : [ 0x30, ['pointer64', ['_MDL']]],
+    'IoStatusBlock' : [ 0x38, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x40, ['pointer64', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x48, ['pointer64', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x50, ['pointer64', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x58, ['pointer64', ['void']]],
+    'RequestorMode' : [ 0x60, ['unsigned char']],
+    'NestingLevel' : [ 0x64, ['unsigned long']],
+} ],
+  '__unnamed_1d20' : [ 0x68, {
+    'Read' : [ 0x0, ['__unnamed_1d12']],
+    'Write' : [ 0x0, ['__unnamed_1d14']],
+    'Event' : [ 0x0, ['__unnamed_1d16']],
+    'Notification' : [ 0x0, ['__unnamed_1d18']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1d1a']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1d1e']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x88, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_1d20']],
+    'Function' : [ 0x78, ['unsigned char']],
+    'Partition' : [ 0x80, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x50, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+    'Partition' : [ 0x48, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
+    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x90, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x28, {
+    'Allocate' : [ 0x0, ['unsigned long long']],
+    'Free' : [ 0x8, ['unsigned long long']],
+    'Commit' : [ 0x10, ['unsigned long long']],
+    'Decommit' : [ 0x18, ['unsigned long long']],
+    'ExtendContext' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SEGMENT_HEAP_EXTRA' : [ 0x10, {
+    'AllocationTag' : [ 0x0, ['unsigned short']],
+    'InterceptorIndex' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UserFlags' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ExtraSizeInUnits' : [ 0x3, ['unsigned char']],
+    'Settable' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_RTL_CSPARSE_BITMAP' : [ 0x40, {
+    'CommitDirectory' : [ 0x0, ['unsigned long long']],
+    'CommitBitmap' : [ 0x8, ['pointer64', ['unsigned long long']]],
+    'UserBitmap' : [ 0x10, ['pointer64', ['unsigned long long']]],
+    'BitCount' : [ 0x18, ['long long']],
+    'BitmapLock' : [ 0x20, ['unsigned long long']],
+    'DecommitPageIndex' : [ 0x28, ['unsigned long long']],
+    'RtlpCSparseBitmapWakeLock' : [ 0x30, ['unsigned long long']],
+    'LockType' : [ 0x38, ['unsigned char']],
+    'AddressSpace' : [ 0x39, ['unsigned char']],
+    'MemType' : [ 0x3a, ['unsigned char']],
+    'AllocAlignment' : [ 0x3b, ['unsigned char']],
+} ],
+  '_RTL_SPARSE_ARRAY' : [ 0x50, {
+    'Bitmap' : [ 0x0, ['_RTL_CSPARSE_BITMAP']],
+    'ElementCount' : [ 0x40, ['unsigned long long']],
+    'ElementSizeShift' : [ 0x48, ['unsigned long']],
+} ],
+  '_HEAP_VAMGR_ALLOCATOR' : [ 0x30, {
+    'TreeLock' : [ 0x0, ['unsigned long long']],
+    'FreeRanges' : [ 0x8, ['_RTL_RB_TREE']],
+    'VaSpace' : [ 0x18, ['pointer64', ['_HEAP_VAMGR_VASPACE']]],
+    'PartitionHandle' : [ 0x20, ['pointer64', ['void']]],
+    'ChunksPerRegion' : [ 0x28, ['unsigned short']],
+    'RefCount' : [ 0x2a, ['unsigned short']],
+    'AllocatorIndex' : [ 0x2c, ['unsigned char']],
+    'NumaNode' : [ 0x2d, ['unsigned char']],
+    'LockType' : [ 0x2e, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MemoryType' : [ 0x2e, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'ConstrainedVA' : [ 0x2e, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'AllowFreeHead' : [ 0x2e, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare0' : [ 0x2e, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x2f, ['unsigned char']],
+} ],
+  '_HEAP_VAMGR_VASPACE' : [ 0x60, {
+    'AddressSpaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'HeapAddressUser', 1: u'HeapAddressKernel', 2: u'HeapAddressSession', 3: u'HeapAddressTypeMax'})]],
+    'BaseAddress' : [ 0x8, ['unsigned long long']],
+    'VaRangeArray' : [ 0x10, ['_RTL_SPARSE_ARRAY']],
+} ],
+  '_HEAP_VAMGR_RANGE' : [ 0x20, {
+    'RbNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Standalone' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'AllocatorIndex' : [ 0x1, ['unsigned char']],
+    'OwnerCtx' : [ 0x8, ['array', 2, ['unsigned long long']]],
+    'SizeInChunks' : [ 0x18, ['unsigned long long']],
+    'ChunkCount' : [ 0x18, ['unsigned short']],
+    'PrevChunkCount' : [ 0x1a, ['unsigned short']],
+    'Signature' : [ 0x18, ['unsigned long long']],
+} ],
+  '_RTLP_HP_HEAP_MANAGER' : [ 0x30c8, {
+    'Globals' : [ 0x0, ['pointer64', ['_RTLP_HP_HEAP_GLOBALS']]],
+    'AllocTracker' : [ 0x8, ['_RTLP_HP_ALLOC_TRACKER']],
+    'VaMgr' : [ 0x50, ['_HEAP_VAMGR_CTX']],
+    'MetadataHeaps' : [ 0x3090, ['array', 3, ['_RTLP_HP_METADATA_HEAP_CTX']]],
+    'SubAllocConfigs' : [ 0x30c0, ['_RTL_HP_SUB_ALLOCATOR_CONFIGS']],
+} ],
+  '_RTLP_HP_ALLOC_TRACKER' : [ 0x48, {
+    'AllocTrackerBitmap' : [ 0x0, ['_RTL_CSPARSE_BITMAP']],
+    'BaseAddress' : [ 0x40, ['unsigned long long']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x2c0, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x90, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
+    'Signature' : [ 0x98, ['unsigned long']],
+    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
+    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
+    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x100, ['unsigned long long']],
+    'AlignMask' : [ 0x108, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
+    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
+    'StackTraceInitVar' : [ 0x170, ['_RTL_RUN_ONCE']],
+    'CommitLimitData' : [ 0x178, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+    'FrontEndHeap' : [ 0x198, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x1a0, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x1a2, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0x1a3, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0x1a8, ['pointer64', ['wchar']]],
+    'FrontEndHeapMaximumIndex' : [ 0x1b0, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0x1b2, ['array', 129, ['unsigned char']]],
+    'Counters' : [ 0x238, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x2b0, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1e18' : [ 0x68, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x68, {
+    'Lock' : [ 0x0, ['__unnamed_1e18']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_HP_PADDING_HEADER' : [ 0x10, {
+    'PaddingSize' : [ 0x0, ['unsigned long long']],
+    'Spare' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_1e6b' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1e6d' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1e6b']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1e6f' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1e71' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1e6f']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_1e6d']],
+    'u2' : [ 0x4, ['__unnamed_1e71']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x38, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
+    'CleanupProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x28, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x30, ['unsigned long long']],
+} ],
+  '__unnamed_1e8c' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1e8e' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1e8c']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x30, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_1e8e']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1ea2' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1ea4' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1ea2']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_1ea4']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1ead' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1eaf' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1ead']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_1eaf']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1eb5' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemSpace' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_1eb7' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1eb5']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_1eb7']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1ed5' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1ed7' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1ed5']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1d8, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0xd0, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0xe8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xf8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xf8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0x100, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0x148, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x150, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0x168, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0x170, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x178, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x180, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x190, ['long']],
+    'ReferenceNo' : [ 0x194, ['long']],
+    'ReferenceNoWait' : [ 0x198, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0x1a0, ['__unnamed_1ed7']],
+    'TargetQueuePort' : [ 0x1a8, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x1b0, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x1b8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x1c0, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x1c4, ['unsigned long']],
+    'PendingQueueLength' : [ 0x1c8, ['unsigned long']],
+    'DirectQueueLength' : [ 0x1cc, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x1d0, ['unsigned long']],
+    'WaitQueueLength' : [ 0x1d4, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x28, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x48, ['unsigned long long']],
+    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x58, ['pointer64', ['void']]],
+    'ListSize' : [ 0x60, ['unsigned long long']],
+    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x70, ['unsigned long long']],
+    'Data' : [ 0x78, ['pointer64', ['void']]],
+    'DataSize' : [ 0x80, ['unsigned long long']],
+    'BitmapLimit' : [ 0x88, ['unsigned long']],
+    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
+    'AttributeFlags' : [ 0x94, ['unsigned long']],
+    'AttributeSize' : [ 0x98, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0xd8, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xc0, ['unsigned long']],
+    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x18, ['long']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1e6d']],
+    'u2' : [ 0x4, ['__unnamed_1e71']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_1efd' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_1eff' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1efd']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x118, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'u1' : [ 0x28, ['__unnamed_1eff']],
+    'SequenceNo' : [ 0x2c, ['long']],
+    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
+    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x48, ['long']],
+    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xb0, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xb8, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xc0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xc8, ['pointer64', ['_ETHREAD']]],
+    'WakeReference' : [ 0xd0, ['pointer64', ['void']]],
+    'WakeReference2' : [ 0xd8, ['pointer64', ['void']]],
+    'ExtensionBuffer' : [ 0xe0, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0xe8, ['unsigned long long']],
+    'PortMessage' : [ 0xf0, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x40, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x28, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'TotalLength' : [ 0x34, ['unsigned short']],
+    'Type' : [ 0x36, ['unsigned short']],
+    'DataInfoOffset' : [ 0x38, ['unsigned short']],
+    'SignalCompletion' : [ 0x3a, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x3b, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x30, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x48, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x38, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x40, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_1f42' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1f44' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1f42']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_1f44']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x8, {
+    'Event' : [ 0x0, ['unsigned long long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x38, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
+    'DiskIoAttributionHandle' : [ 0x10, ['unsigned long long']],
+    'ActivityId' : [ 0x18, ['_GUID']],
+    'Timestamp' : [ 0x28, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x28, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x28, ['pointer64', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x30, ['long long']],
+    'AdapterCryptoParameters' : [ 0x28, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x58, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 9, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x70, ['pointer64', ['void']]],
+    'CreateFileType' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x80, ['pointer64', ['void']]],
+    'Override' : [ 0x88, ['unsigned char']],
+    'QueryOnly' : [ 0x89, ['unsigned char']],
+    'DeleteOnly' : [ 0x8a, ['unsigned char']],
+    'FullAttributes' : [ 0x8b, ['unsigned char']],
+    'LocalFileObject' : [ 0x90, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x98, ['unsigned long']],
+    'AccessMode' : [ 0x9c, ['unsigned char']],
+    'DriverCreateContext' : [ 0xa0, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0xcc, ['unsigned long']],
+    'FilterQuery' : [ 0xd0, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_2015' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_2015']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer64', ['wchar']]],
+    'LogFileName' : [ 0x40, ['pointer64', ['wchar']]],
+    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x110, ['unsigned long']],
+    'BuffersLost' : [ 0x114, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x10, {
+    'QueueTail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStatePendingCompression', 5: u'EtwBufferStateCompressed', 6: u'EtwBufferStatePlaceholder', 7: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x520, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'ErrorMarker' : [ 0x1c, ['unsigned long']],
+    'SizeMask' : [ 0x20, ['unsigned long']],
+    'GetCpuClock' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'FailureReason' : [ 0x3c, ['unsigned long']],
+    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x50, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x60, ['_LIST_ENTRY']],
+    'DebugIdTrackingList' : [ 0x70, ['_LIST_ENTRY']],
+    'DecodeControlList' : [ 0x80, ['pointer64', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'DecodeControlCount' : [ 0x88, ['unsigned long']],
+    'BatchedBufferList' : [ 0x90, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x90, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x98, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0xa8, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0xb8, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xc8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xd8, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'FlushThreshold' : [ 0xe4, ['unsigned long']],
+    'ByteOffset' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xf0, ['unsigned long']],
+    'BuffersAvailable' : [ 0xf4, ['long']],
+    'NumberOfBuffers' : [ 0xf8, ['long']],
+    'MaximumBuffers' : [ 0xfc, ['unsigned long']],
+    'EventsLost' : [ 0x100, ['unsigned long']],
+    'PeakBuffersCount' : [ 0x104, ['long']],
+    'BuffersWritten' : [ 0x108, ['unsigned long']],
+    'LogBuffersLost' : [ 0x10c, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0x110, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0x114, ['unsigned long']],
+    'SequencePtr' : [ 0x118, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x120, ['unsigned long']],
+    'InstanceGuid' : [ 0x124, ['_GUID']],
+    'MaximumFileSize' : [ 0x134, ['unsigned long']],
+    'FileCounter' : [ 0x138, ['long']],
+    'PoolType' : [ 0x13c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x140, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0x150, ['long']],
+    'ProviderInfoSize' : [ 0x154, ['unsigned long']],
+    'Consumers' : [ 0x158, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x168, ['unsigned long']],
+    'TransitionConsumer' : [ 0x170, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x178, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x180, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x190, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x198, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x1a0, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x1a8, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x1b0, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1b8, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1c0, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1d0, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1d8, ['_KEVENT']],
+    'FlushEvent' : [ 0x1f0, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x208, ['_KTIMER']],
+    'LoggerDpc' : [ 0x248, ['_KDPC']],
+    'LoggerMutex' : [ 0x288, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2c8, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2c8, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2d0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x318, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x320, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x328, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x330, ['pointer64', ['void']]],
+    'BufferSequenceNumber' : [ 0x338, ['long long']],
+    'Flags' : [ 0x340, ['unsigned long']],
+    'Persistent' : [ 0x340, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x340, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x340, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x340, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x340, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x340, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x340, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x340, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x340, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x340, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x340, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x340, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x340, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x340, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x340, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LastBranchTracing' : [ 0x340, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x340, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x340, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProviderTracking' : [ 0x340, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessorTrace' : [ 0x340, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'QpcDeltaTracking' : [ 0x340, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x340, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x344, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x344, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x344, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x344, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x344, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x344, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x344, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x344, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x344, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x344, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'StackTraceBlock' : [ 0x350, ['_ETW_STACK_TRACE_BLOCK']],
+    'HookIdMap' : [ 0x3d0, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x3e0, ['pointer64', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x3e8, ['pointer64', ['_ETW_PMC_SUPPORT']]],
+    'LbrData' : [ 0x3f0, ['pointer64', ['_ETW_LBR_SUPPORT']]],
+    'IptData' : [ 0x3f8, ['pointer64', ['_ETW_IPT_SUPPORT']]],
+    'BinaryTrackingList' : [ 0x400, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x410, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x418, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x428, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x430, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x440, ['pointer64', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x448, ['Enumeration', dict(target = 'long', choices = {0: u'EtwpPeriodicTimerUnset', 1: u'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x450, ['pointer64', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x458, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x460, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x480, ['long']],
+    'CompressionLock' : [ 0x488, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x490, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x498, ['pointer64', ['void']]],
+    'CompressionOn' : [ 0x4a0, ['long']],
+    'CompressionRatioGuess' : [ 0x4a4, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x4a8, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x4ac, ['Enumeration', dict(target = 'long', choices = {0: u'EtwCompressionModeRestart', 1: u'EtwCompressionModeNoDisable', 2: u'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x4b0, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x4b8, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x4f8, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x500, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x508, ['_LARGE_INTEGER']],
+    'ReferenceQpcDelta' : [ 0x510, ['long long']],
+    'CallbackContext' : [ 0x518, ['pointer64', ['_ETW_EVENT_CALLBACK_CONTEXT']]],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x38, {
+    'Source' : [ 0x0, ['array', 8, ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x20, ['unsigned long']],
+    'HookId' : [ 0x24, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x2c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x30, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LBR_SUPPORT' : [ 0x14, {
+    'LbrHandle' : [ 0x0, ['unsigned long']],
+    'LbrOptions' : [ 0x4, ['unsigned long']],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_IPT_SUPPORT' : [ 0x28, {
+    'IptHandle' : [ 0x0, ['pointer64', ['void']]],
+    'IptOption' : [ 0x8, ['unsigned long long']],
+    'EtwHwTraceExtInterface' : [ 0x10, ['pointer64', ['_ETW_HW_TRACE_EXT_INTERFACE']]],
+    'HookIdCount' : [ 0x18, ['unsigned long']],
+    'HookId' : [ 0x1c, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0x11c0, {
+    'Silo' : [ 0x0, ['pointer64', ['_EJOB']]],
+    'SiloGlobals' : [ 0x8, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'MaxLoggers' : [ 0x10, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x18, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x1a8, ['pointer64', ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'EtwpLoggerContext' : [ 0x1b0, ['pointer64', ['pointer64', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x1b8, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0xfb8, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0xfc8, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0xfcc, ['long']],
+    'EtwpSecurityProviderPID' : [ 0xfd0, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0xfd8, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0xff8, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0x1008, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0x1010, ['pointer64', ['_ETW_SILO_TRACING_BLOCK']]],
+    'ContainerRestoreWnfSubscription' : [ 0x1018, ['pointer64', ['_EX_WNF_SUBSCRIPTION']]],
+    'PartitionId' : [ 0x1020, ['_GUID']],
+    'ParentId' : [ 0x1030, ['_GUID']],
+    'QpcOffsetFromRoot' : [ 0x1040, ['_LARGE_INTEGER']],
+    'PartitionType' : [ 0x1048, ['unsigned long']],
+    'SystemLoggerSettings' : [ 0x104c, ['_ETW_SYSTEM_LOGGER_SETTINGS']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x30, {
+    'SystemLogonSession' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x10, ['pointer64', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0x18, ['pointer64', ['void']]],
+    'UncSystemPaths' : [ 0x20, ['pointer64', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x28, ['pointer64', ['_CI_NGEN_PATHS']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x498, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc8, ['unsigned long']],
+    'TokenInUse' : [ 0xcc, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
+    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
+    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x310, ['pointer64', ['void']]],
+    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x320, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
+    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
+    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x470, ['pointer64', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x478, ['pointer64', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x480, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x488, ['pointer64', ['void']]],
+    'VariablePart' : [ 0x490, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0xc0, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x30, ['pointer64', ['void']]],
+    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x58, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x80, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0xa0, ['pointer64', ['_EJOB']]],
+    'SiblingAuthId' : [ 0xa8, ['_LUID']],
+    'TokenList' : [ 0xb0, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved2' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved1' : [ 0x1a, ['unsigned short']],
+    'Reserved2' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
+    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x10, {
+    'Footer' : [ 0x0, ['pointer64', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x30, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x20, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x10, {
+    'Context1' : [ 0x0, ['pointer64', ['void']]],
+    'Context2' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x10, ['pointer64', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0x18, ['unsigned char']],
+    'Padding1' : [ 0x19, ['array', 3, ['unsigned char']]],
+    'Padding2' : [ 0x1c, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0x18, ['unsigned long']],
+    'HashIndex' : [ 0x1c, ['unsigned short']],
+    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
+    'LockedExclusive' : [ 0x1f, ['unsigned char']],
+    'LockStateSignature' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x158, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x138, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0x140, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x148, ['pointer64', ['void']]],
+    'Flags' : [ 0x150, ['unsigned long']],
+    'SessionId' : [ 0x154, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x2e0, {
+    'SystemDeviceMap' : [ 0x0, ['pointer64', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x8, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x80, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0x18, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x428, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x10, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
+    'ErrorCount' : [ 0x18, ['long']],
+    'RecordCount' : [ 0x1c, ['unsigned long']],
+    'RecordLength' : [ 0x20, ['unsigned long']],
+    'PoolTag' : [ 0x24, ['unsigned long']],
+    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x38, ['pointer64', ['void']]],
+    'SectionCount' : [ 0x40, ['unsigned long']],
+    'SectionLength' : [ 0x44, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
+    'TotalErrors' : [ 0x54, ['unsigned long']],
+    'Deferred' : [ 0x58, ['unsigned char']],
+    'Descriptor' : [ 0x59, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x10, ['unsigned long']],
+    'ProcessorNumber' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x1c, ['long']],
+    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x20, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x18, ['long']],
+    'HighWaterMark' : [ 0x1c, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x28, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_219d' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x5000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_219d']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
+    'NonPagablePages' : [ 0x28, ['unsigned long long']],
+    'CommittedPages' : [ 0x30, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x58, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x68, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x70, ['unsigned long']],
+    'AttachCount' : [ 0x74, ['unsigned long']],
+    'AttachGate' : [ 0x78, ['_KGATE']],
+    'WsListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'PagedPoolInfo' : [ 0xa0, ['_MM_PAGED_POOL_INFO']],
+    'Lookaside' : [ 0x100, ['array', 21, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xb80, ['_MMSESSION']],
+    'Vm' : [ 0xbc0, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0xd00, ['_MMWSL_INSTANCE']],
+    'AggregateSessionWs' : [ 0xd40, ['_MMSUPPORT_AGGREGATION']],
+    'HeapState' : [ 0xd60, ['pointer64', ['void']]],
+    'PagedPool' : [ 0xd80, ['_POOL_DESCRIPTOR']],
+    'DriverUnload' : [ 0x1ec0, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'TopLevelPteLockBits' : [ 0x1ec8, ['array', 32, ['unsigned long']]],
+    'PageDirectory' : [ 0x1f48, ['_MMPTE']],
+    'SessionVaLock' : [ 0x1f50, ['_EX_PUSH_LOCK']],
+    'DynamicVaBitMap' : [ 0x1f58, ['_RTL_BITMAP_EX']],
+    'DynamicVaHint' : [ 0x1f68, ['unsigned long long']],
+    'SpecialPool' : [ 0x1f70, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x1fb0, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x1fb8, ['long']],
+    'PagedPoolPdeCount' : [ 0x1fbc, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x1fc0, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x1fc4, ['unsigned long']],
+    'SystemPteInfo' : [ 0x1fc8, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x2028, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x2030, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x2038, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x2040, ['unsigned long long']],
+    'PermittedFaultsTree' : [ 0x2048, ['_RTL_AVL_TREE']],
+    'IoState' : [ 0x2050, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x2054, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x2058, ['_KEVENT']],
+    'ServerSilo' : [ 0x2070, ['pointer64', ['_EJOB']]],
+    'CreateTime' : [ 0x2078, ['unsigned long long']],
+    'PoolTags' : [ 0x3000, ['array', 8192, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x260, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x250, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x258, ['unsigned long']],
+} ],
+  '_CMP_VOLUME_CONTEXT' : [ 0x48, {
+    'VolumeContextListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'VolumeManager' : [ 0x10, ['pointer64', ['_CMP_VOLUME_MANAGER']]],
+    'RefCount' : [ 0x18, ['long long']],
+    'VolumeGuid' : [ 0x20, ['_GUID']],
+    'VolumeFileObject' : [ 0x30, ['pointer64', ['void']]],
+    'VolumeContextLock' : [ 0x38, ['_CMSI_RW_LOCK']],
+    'DeviceUsageNotificationSent' : [ 0x40, ['unsigned char']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'ParseProcedureEx' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x60, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0x18, ['unsigned long']],
+    'EntryOffset' : [ 0x18, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0x19, ['unsigned char']],
+    'WaitingBit' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0x1a, ['unsigned char']],
+    'AcquiredBit' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0x1b, ['unsigned char']],
+    'HeadNodeBit' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'SpareFlags' : [ 0x1c, ['unsigned long']],
+    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
+    'InTreeByte' : [ 0x27, ['unsigned char']],
+    'SessionState' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+    'SessionPad' : [ 0x2c, ['unsigned long']],
+    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
+    'EntryLock' : [ 0x50, ['unsigned long long']],
+    'BoostBitmap' : [ 0x58, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+    'SparePad' : [ 0x5c, ['unsigned long']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'Graphics' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ShadowStack' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'HotPatchAllowed' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x78, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x50, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
+    'LastPolledSize' : [ 0x70, ['unsigned long long']],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
+    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_220b' : [ 0x20, {
+    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
+    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
+    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_220e' : [ 0x10, {
+    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0xf8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x30, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x78, ['_KDPC']],
+    'MinorFunction' : [ 0xb8, ['unsigned char']],
+    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0xc0, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
+    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0xd0, ['unsigned char']],
+    'NotifyPEP' : [ 0xd1, ['unsigned char']],
+    'IrpSequenceID' : [ 0xd4, ['long']],
+    'Device' : [ 0xd8, ['__unnamed_220b']],
+    'System' : [ 0xd8, ['__unnamed_220e']],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x38, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedBytes' : [ 0x8, ['unsigned long long']],
+    'NonPagedAllocs' : [ 0x10, ['unsigned long long']],
+    'NonPagedFrees' : [ 0x18, ['unsigned long long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+    'PagedAllocs' : [ 0x28, ['unsigned long long']],
+    'PagedFrees' : [ 0x30, ['unsigned long long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_CMP_VOLUME_MANAGER' : [ 0x18, {
+    'VolumeContextListLock' : [ 0x0, ['_CMSI_RW_LOCK']],
+    'VolumeContextListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGK_SILOSTATE' : [ 0x20, {
+    'ErrorPortLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ErrorPort' : [ 0x8, ['pointer64', ['_DBGKP_ERROR_PORT']]],
+    'ErrorProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ErrorPortRegisteredEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x428, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'StrictVetoBias' : [ 0x8, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0xc, ['unsigned long']],
+    'TargetState' : [ 0x10, ['unsigned long']],
+    'ActualState' : [ 0x14, ['unsigned long']],
+    'OldState' : [ 0x18, ['unsigned long']],
+    'OverrideIndex' : [ 0x1c, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0xf0, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x198, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x1a0, ['pointer64', ['void']]],
+    'IdleExecute' : [ 0x1a8, ['pointer64', ['void']]],
+    'IdlePreselect' : [ 0x1b0, ['pointer64', ['void']]],
+    'IdleTest' : [ 0x1b8, ['pointer64', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x1c0, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x1c8, ['pointer64', ['void']]],
+    'IdleCancel' : [ 0x1d0, ['pointer64', ['void']]],
+    'IdleIsHalted' : [ 0x1d8, ['pointer64', ['void']]],
+    'IdleInitiateWake' : [ 0x1e0, ['pointer64', ['void']]],
+    'PrepareInfo' : [ 0x1e8, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0x240, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0x2e8, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0x2f0, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0x2f8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0x308, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0x318, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x330, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x38, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_2266' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_2266']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_RTL_HEAP_MEMORY_LIMIT_DATA' : [ 0x20, {
+    'CommitLimitBytes' : [ 0x0, ['unsigned long long']],
+    'CommitLimitFailureCode' : [ 0x8, ['unsigned long long']],
+    'MaxAllocationSizeBytes' : [ 0x10, ['unsigned long long']],
+    'AllocationLimitFailureCode' : [ 0x18, ['unsigned long long']],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x120, {
+    'ProcessCid' : [ 0x0, ['pointer64', ['void']]],
+    'ThreadCid' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x20, ['unsigned long']],
+    'CreateTrace' : [ 0x28, ['array', 30, ['unsigned long long']]],
+    'Count' : [ 0x118, ['long']],
+    'CaptureCount' : [ 0x11c, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ShortThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'IdleStateMax' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ResponsivenessDisableThreshold' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ResponsivenessEnableThreshold' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ResponsivenessDisableTime' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ResponsivenessEnableTime' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ResponsivenessEppCeiling' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ResponsivenessPerfFloor' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x240, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x48, ['pointer64', ['_KDPC']]],
+    'ChildList' : [ 0x50, ['_LIST_ENTRY']],
+    'Parent' : [ 0x60, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ChildOfVgaEnabledBridge' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DecodeIoOnBoot' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x28, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'LockMdlSwitchedTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x10, ['unsigned long long']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Valid' : [ 0x20, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x48, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'EntryDescriptor' : [ 0x20, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x38, ['unsigned long']],
+    'Handles' : [ 0x40, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x18, {
+    'IdealMask' : [ 0x0, ['unsigned long long']],
+    'PreferredMask' : [ 0x8, ['unsigned long long']],
+    'AvailableMask' : [ 0x10, ['unsigned long long']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_MMSESSION' : [ 0x20, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x8, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x10, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x18, ['unsigned long']],
+    'BitmapFailures' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x20, {
+    'CompletionRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'RequestorMode' : [ 0x18, ['unsigned char']],
+    'NestingLevel' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
+    'DirtyPages' : [ 0x0, ['unsigned long long']],
+    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
+    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SK_CRASH_MINIDUMP' : [ 0x1000, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'ModuleCount' : [ 0x8, ['unsigned long']],
+    'FrameCount' : [ 0xc, ['unsigned long']],
+    'Modules' : [ 0x10, ['array', 16, ['_SK_CRASH_MODULE']]],
+    'StackFrames' : [ 0x490, ['array', 366, ['_SK_CRASH_STACK_FRAME']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_SK_CRASH_STACK_FRAME' : [ 0x8, {
+    'ModuleId' : [ 0x0, ['unsigned long']],
+    'Rva' : [ 0x4, ['unsigned long']],
+    'Pc' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DEVICE_MAP' : [ 0x48, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x40, ['pointer64', ['_EJOB']]],
+} ],
+  '_RTL_BITMAP_EX' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ColdPage' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long long')]],
+    'ExecutePrivilege' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x8, ['pointer64', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x10, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x18, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'ReservedForHardware' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'ReservedForSoftware' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'WsleProtection' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SessionHeapInitialized' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SessionHeapDestroyed' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x28, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer64', ['void']]],
+    'OverQuotaHistory' : [ 0x8, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x20, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_PO_DIRECTED_DRIPS_STATE' : [ 0x38, {
+    'QueueLink' : [ 0x0, ['_LIST_ENTRY']],
+    'VisitedQueueLink' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'CachedFlags' : [ 0x24, ['unsigned long']],
+    'DeviceUsageCount' : [ 0x28, ['unsigned long']],
+    'Diagnostic' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '__unnamed_2325' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x90, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_2325']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'WritesOutstanding' : [ 0x1c, ['unsigned long']],
+    'EvictFlushLock' : [ 0x20, ['long']],
+    'EvictionThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x30, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x50, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x60, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x78, ['pointer64', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x80, ['pointer64', ['_EPROCESS']]],
+    'DeleteStoredPages' : [ 0x88, ['unsigned long']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x2b0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+    'IdleStateMax' : [ 0x2e, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x88, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x10, ['unsigned long long']],
+    'ItemCount' : [ 0x18, ['long']],
+    'Dpc' : [ 0x20, ['_KDPC']],
+    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x8, {
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXHANDLE' : [ 0x8, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_FAST_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['wchar']]],
+    'DriverName' : [ 0x50, ['pointer64', ['wchar']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x270, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x48, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'SecureInfo' : [ 0x8, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'InPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x8, ['_MI_LARGEPAGE_IMAGE_INFO']],
+    'CreatingThread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'PebTeb' : [ 0x8, ['_MI_SUB64K_FREE_RANGES']],
+    'PlaceholderVad' : [ 0x8, ['pointer64', ['_MMVAD_SHORT']]],
+    'WaitReason' : [ 0x40, ['unsigned long']],
+} ],
+  '__unnamed_2379' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_237c' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0x18, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0x18, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0x18, ['pointer64', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x20, ['__unnamed_2379']],
+    'StartingSector' : [ 0x24, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x28, ['unsigned long']],
+    'PtesInSubsection' : [ 0x2c, ['unsigned long']],
+    'u1' : [ 0x30, ['__unnamed_237c']],
+    'UnusedPtes' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x34, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['unsigned long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
+    'NodeTargetCount' : [ 0x38, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x68, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'Reserved2' : [ 0x18, ['unsigned long']],
+    'Reserved3' : [ 0x20, ['array', 4, ['pointer64', ['void']]]],
+    'Reserved4' : [ 0x40, ['array', 4, ['unsigned long']]],
+    'Reserved5' : [ 0x50, ['pointer64', ['void']]],
+    'Reserved6' : [ 0x58, ['array', 2, ['pointer64', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x10, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x50, {
+    'LsaProcessHandle' : [ 0x0, ['pointer64', ['void']]],
+    'LsaCommandPortHandle' : [ 0x8, ['pointer64', ['void']]],
+    'SepRmThreadHandle' : [ 0x10, ['pointer64', ['void']]],
+    'RmCommandPortHandle' : [ 0x18, ['pointer64', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x20, ['pointer64', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x28, ['pointer64', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x30, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x38, ['pointer64', ['void']]],
+    'RmViewPortMemory' : [ 0x40, ['pointer64', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x48, ['long']],
+    'LsaCommandPortActive' : [ 0x4c, ['unsigned char']],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x30, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x10, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0x18, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x38, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'FirstPteForPagedPool' : [ 0x18, ['pointer64', ['_MMPTE']]],
+    'MaximumSize' : [ 0x20, ['unsigned long long']],
+    'PagedPoolHint' : [ 0x28, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x30, ['unsigned long long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0xf8, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xa8, ['_UNICODE_STRING']],
+    'Latency' : [ 0xb8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xbc, ['unsigned long']],
+    'Power' : [ 0xc0, ['unsigned long']],
+    'StateFlags' : [ 0xc4, ['unsigned long']],
+    'VetoAccounting' : [ 0xc8, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0xf0, ['unsigned char']],
+    'InterruptsEnabled' : [ 0xf1, ['unsigned char']],
+    'Interruptible' : [ 0xf2, ['unsigned char']],
+    'ContextRetained' : [ 0xf3, ['unsigned char']],
+    'CacheCoherent' : [ 0xf4, ['unsigned char']],
+    'WakesSpuriously' : [ 0xf5, ['unsigned char']],
+    'PlatformOnly' : [ 0xf6, ['unsigned char']],
+    'NoCState' : [ 0xf7, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x8, ['unsigned long long']],
+    'RealKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_23b6' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_23b8' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_23b6']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x120, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_23b8']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'SeSigningLevel' : [ 0x30, ['unsigned char']],
+    'PoolPageHeaders' : [ 0x40, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x50, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x60, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x64, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x68, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x6c, ['unsigned long']],
+    'PagedBytes' : [ 0x70, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x80, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x88, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x90, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x94, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x98, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x9c, ['unsigned long']],
+    'AllocationsFailed' : [ 0xa0, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0xa4, ['unsigned long']],
+    'LockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xc0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xd0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xe8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xf0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x108, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x10c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x110, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x114, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x118, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x11c, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Luid' : [ 0x20, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x28, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x38, {
+    'ProtosNode' : [ 0x0, ['_MI_PROTOTYPE_PTES_NODE']],
+    'DynamicRelocations' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityContext' : [ 0x28, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x30, ['unsigned long long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderEnclaveMemory', 34: u'LoaderFirmwareKsr', 35: u'LoaderEnclaveKsr', 36: u'LoaderSkMemory', 37: u'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x38, {
+    'ScopeMap' : [ 0x0, ['pointer64', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x8, ['pointer64', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x10, ['pointer64', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x18, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x20, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x28, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x30, ['long long']],
+} ],
+  '_DELAY_ACK_FO' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SchedulerAssist' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x20, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
+    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
+    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
+    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
+    'AvailableHistory' : [ 0x30, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x90, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'Count' : [ 0x28, ['unsigned long long']],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Who' : [ 0x38, ['unsigned long']],
+    'Hash' : [ 0x3c, ['unsigned long']],
+    'Page' : [ 0x40, ['unsigned long long']],
+    'StackTrace' : [ 0x48, ['array', 8, ['pointer64', ['void']]]],
+    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_MMSECTION_FLAGS2' : [ 0x4, {
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'NoCrossPartitionAccess' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SubsectionCrossPartitionReferenceOverflow' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  'HAL_PRIVATE_DISPATCH' : [ 0x478, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'HalHandlerForBus' : [ 0x8, ['pointer64', ['void']]],
+    'HalHandlerForConfigSpace' : [ 0x10, ['pointer64', ['void']]],
+    'HalLocateHiberRanges' : [ 0x18, ['pointer64', ['void']]],
+    'HalRegisterBusHandler' : [ 0x20, ['pointer64', ['void']]],
+    'HalSetWakeEnable' : [ 0x28, ['pointer64', ['void']]],
+    'HalSetWakeAlarm' : [ 0x30, ['pointer64', ['void']]],
+    'HalPciTranslateBusAddress' : [ 0x38, ['pointer64', ['void']]],
+    'HalPciAssignSlotResources' : [ 0x40, ['pointer64', ['void']]],
+    'HalHaltSystem' : [ 0x48, ['pointer64', ['void']]],
+    'HalFindBusAddressTranslation' : [ 0x50, ['pointer64', ['void']]],
+    'HalResetDisplay' : [ 0x58, ['pointer64', ['void']]],
+    'HalAllocateMapRegisters' : [ 0x60, ['pointer64', ['void']]],
+    'KdSetupPciDeviceForDebugging' : [ 0x68, ['pointer64', ['void']]],
+    'KdReleasePciDeviceForDebugging' : [ 0x70, ['pointer64', ['void']]],
+    'KdGetAcpiTablePhase0' : [ 0x78, ['pointer64', ['void']]],
+    'KdCheckPowerButton' : [ 0x80, ['pointer64', ['void']]],
+    'HalVectorToIDTEntry' : [ 0x88, ['pointer64', ['void']]],
+    'KdMapPhysicalMemory64' : [ 0x90, ['pointer64', ['void']]],
+    'KdUnmapVirtualAddress' : [ 0x98, ['pointer64', ['void']]],
+    'KdGetPciDataByOffset' : [ 0xa0, ['pointer64', ['void']]],
+    'KdSetPciDataByOffset' : [ 0xa8, ['pointer64', ['void']]],
+    'HalGetInterruptVectorOverride' : [ 0xb0, ['pointer64', ['void']]],
+    'HalGetVectorInputOverride' : [ 0xb8, ['pointer64', ['void']]],
+    'HalLoadMicrocode' : [ 0xc0, ['pointer64', ['void']]],
+    'HalUnloadMicrocode' : [ 0xc8, ['pointer64', ['void']]],
+    'HalPostMicrocodeUpdate' : [ 0xd0, ['pointer64', ['void']]],
+    'HalAllocateMessageTargetOverride' : [ 0xd8, ['pointer64', ['void']]],
+    'HalFreeMessageTargetOverride' : [ 0xe0, ['pointer64', ['void']]],
+    'HalDpReplaceBegin' : [ 0xe8, ['pointer64', ['void']]],
+    'HalDpReplaceTarget' : [ 0xf0, ['pointer64', ['void']]],
+    'HalDpReplaceControl' : [ 0xf8, ['pointer64', ['void']]],
+    'HalDpReplaceEnd' : [ 0x100, ['pointer64', ['void']]],
+    'HalPrepareForBugcheck' : [ 0x108, ['pointer64', ['void']]],
+    'HalQueryWakeTime' : [ 0x110, ['pointer64', ['void']]],
+    'HalReportIdleStateUsage' : [ 0x118, ['pointer64', ['void']]],
+    'HalTscSynchronization' : [ 0x120, ['pointer64', ['void']]],
+    'HalWheaInitProcessorGenericSection' : [ 0x128, ['pointer64', ['void']]],
+    'HalStopLegacyUsbInterrupts' : [ 0x130, ['pointer64', ['void']]],
+    'HalReadWheaPhysicalMemory' : [ 0x138, ['pointer64', ['void']]],
+    'HalWriteWheaPhysicalMemory' : [ 0x140, ['pointer64', ['void']]],
+    'HalDpMaskLevelTriggeredInterrupts' : [ 0x148, ['pointer64', ['void']]],
+    'HalDpUnmaskLevelTriggeredInterrupts' : [ 0x150, ['pointer64', ['void']]],
+    'HalDpGetInterruptReplayState' : [ 0x158, ['pointer64', ['void']]],
+    'HalDpReplayInterrupts' : [ 0x160, ['pointer64', ['void']]],
+    'HalQueryIoPortAccessSupported' : [ 0x168, ['pointer64', ['void']]],
+    'KdSetupIntegratedDeviceForDebugging' : [ 0x170, ['pointer64', ['void']]],
+    'KdReleaseIntegratedDeviceForDebugging' : [ 0x178, ['pointer64', ['void']]],
+    'HalGetEnlightenmentInformation' : [ 0x180, ['pointer64', ['void']]],
+    'HalAllocateEarlyPages' : [ 0x188, ['pointer64', ['void']]],
+    'HalMapEarlyPages' : [ 0x190, ['pointer64', ['void']]],
+    'Dummy1' : [ 0x198, ['pointer64', ['void']]],
+    'Dummy2' : [ 0x1a0, ['pointer64', ['void']]],
+    'HalNotifyProcessorFreeze' : [ 0x1a8, ['pointer64', ['void']]],
+    'HalPrepareProcessorForIdle' : [ 0x1b0, ['pointer64', ['void']]],
+    'HalRegisterLogRoutine' : [ 0x1b8, ['pointer64', ['void']]],
+    'HalResumeProcessorFromIdle' : [ 0x1c0, ['pointer64', ['void']]],
+    'Dummy' : [ 0x1c8, ['pointer64', ['void']]],
+    'HalVectorToIDTEntryEx' : [ 0x1d0, ['pointer64', ['void']]],
+    'HalSecondaryInterruptQueryPrimaryInformation' : [ 0x1d8, ['pointer64', ['void']]],
+    'HalMaskInterrupt' : [ 0x1e0, ['pointer64', ['void']]],
+    'HalUnmaskInterrupt' : [ 0x1e8, ['pointer64', ['void']]],
+    'HalIsInterruptTypeSecondary' : [ 0x1f0, ['pointer64', ['void']]],
+    'HalAllocateGsivForSecondaryInterrupt' : [ 0x1f8, ['pointer64', ['void']]],
+    'HalAddInterruptRemapping' : [ 0x200, ['pointer64', ['void']]],
+    'HalRemoveInterruptRemapping' : [ 0x208, ['pointer64', ['void']]],
+    'HalSaveAndDisableHvEnlightenment' : [ 0x210, ['pointer64', ['void']]],
+    'HalRestoreHvEnlightenment' : [ 0x218, ['pointer64', ['void']]],
+    'HalFlushIoBuffersExternalCache' : [ 0x220, ['pointer64', ['void']]],
+    'HalFlushExternalCache' : [ 0x228, ['pointer64', ['void']]],
+    'HalPciEarlyRestore' : [ 0x230, ['pointer64', ['void']]],
+    'HalGetProcessorId' : [ 0x238, ['pointer64', ['void']]],
+    'HalAllocatePmcCounterSet' : [ 0x240, ['pointer64', ['void']]],
+    'HalCollectPmcCounters' : [ 0x248, ['pointer64', ['void']]],
+    'HalFreePmcCounterSet' : [ 0x250, ['pointer64', ['void']]],
+    'HalProcessorHalt' : [ 0x258, ['pointer64', ['void']]],
+    'HalTimerQueryCycleCounter' : [ 0x260, ['pointer64', ['void']]],
+    'Dummy3' : [ 0x268, ['pointer64', ['void']]],
+    'HalPciMarkHiberPhase' : [ 0x270, ['pointer64', ['void']]],
+    'HalQueryProcessorRestartEntryPoint' : [ 0x278, ['pointer64', ['void']]],
+    'HalRequestInterrupt' : [ 0x280, ['pointer64', ['void']]],
+    'HalEnumerateUnmaskedInterrupts' : [ 0x288, ['pointer64', ['void']]],
+    'HalFlushAndInvalidatePageExternalCache' : [ 0x290, ['pointer64', ['void']]],
+    'KdEnumerateDebuggingDevices' : [ 0x298, ['pointer64', ['void']]],
+    'HalFlushIoRectangleExternalCache' : [ 0x2a0, ['pointer64', ['void']]],
+    'HalPowerEarlyRestore' : [ 0x2a8, ['pointer64', ['void']]],
+    'HalQueryCapsuleCapabilities' : [ 0x2b0, ['pointer64', ['void']]],
+    'HalUpdateCapsule' : [ 0x2b8, ['pointer64', ['void']]],
+    'HalPciMultiStageResumeCapable' : [ 0x2c0, ['pointer64', ['void']]],
+    'HalDmaFreeCrashDumpRegisters' : [ 0x2c8, ['pointer64', ['void']]],
+    'HalAcpiAoacCapable' : [ 0x2d0, ['pointer64', ['void']]],
+    'HalInterruptSetDestination' : [ 0x2d8, ['pointer64', ['void']]],
+    'HalGetClockConfiguration' : [ 0x2e0, ['pointer64', ['void']]],
+    'HalClockTimerActivate' : [ 0x2e8, ['pointer64', ['void']]],
+    'HalClockTimerInitialize' : [ 0x2f0, ['pointer64', ['void']]],
+    'HalClockTimerStop' : [ 0x2f8, ['pointer64', ['void']]],
+    'HalClockTimerArm' : [ 0x300, ['pointer64', ['void']]],
+    'HalTimerOnlyClockInterruptPending' : [ 0x308, ['pointer64', ['void']]],
+    'HalAcpiGetMultiNode' : [ 0x310, ['pointer64', ['void']]],
+    'HalPowerSetRebootHandler' : [ 0x318, ['pointer64', ['void']]],
+    'HalIommuRegisterDispatchTable' : [ 0x320, ['pointer64', ['void']]],
+    'HalTimerWatchdogStart' : [ 0x328, ['pointer64', ['void']]],
+    'HalTimerWatchdogResetCountdown' : [ 0x330, ['pointer64', ['void']]],
+    'HalTimerWatchdogStop' : [ 0x338, ['pointer64', ['void']]],
+    'HalTimerWatchdogGeneratedLastReset' : [ 0x340, ['pointer64', ['void']]],
+    'HalTimerWatchdogTriggerSystemReset' : [ 0x348, ['pointer64', ['void']]],
+    'HalInterruptVectorDataToGsiv' : [ 0x350, ['pointer64', ['void']]],
+    'HalInterruptGetHighestPriorityInterrupt' : [ 0x358, ['pointer64', ['void']]],
+    'HalProcessorOn' : [ 0x360, ['pointer64', ['void']]],
+    'HalProcessorOff' : [ 0x368, ['pointer64', ['void']]],
+    'HalProcessorFreeze' : [ 0x370, ['pointer64', ['void']]],
+    'HalDmaLinkDeviceObjectByToken' : [ 0x378, ['pointer64', ['void']]],
+    'HalDmaCheckAdapterToken' : [ 0x380, ['pointer64', ['void']]],
+    'Dummy4' : [ 0x388, ['pointer64', ['void']]],
+    'HalTimerConvertPerformanceCounterToAuxiliaryCounter' : [ 0x390, ['pointer64', ['void']]],
+    'HalTimerConvertAuxiliaryCounterToPerformanceCounter' : [ 0x398, ['pointer64', ['void']]],
+    'HalTimerQueryAuxiliaryCounterFrequency' : [ 0x3a0, ['pointer64', ['void']]],
+    'HalConnectThermalInterrupt' : [ 0x3a8, ['pointer64', ['void']]],
+    'HalIsEFIRuntimeActive' : [ 0x3b0, ['pointer64', ['void']]],
+    'HalTimerQueryAndResetRtcErrors' : [ 0x3b8, ['pointer64', ['void']]],
+    'HalAcpiLateRestore' : [ 0x3c0, ['pointer64', ['void']]],
+    'KdWatchdogDelayExpiration' : [ 0x3c8, ['pointer64', ['void']]],
+    'HalGetProcessorStats' : [ 0x3d0, ['pointer64', ['void']]],
+    'HalTimerWatchdogQueryDueTime' : [ 0x3d8, ['pointer64', ['void']]],
+    'HalConnectSyntheticInterrupt' : [ 0x3e0, ['pointer64', ['void']]],
+    'HalPreprocessNmi' : [ 0x3e8, ['pointer64', ['void']]],
+    'HalEnumerateEnvironmentVariablesWithFilter' : [ 0x3f0, ['pointer64', ['void']]],
+    'HalCaptureLastBranchRecordStack' : [ 0x3f8, ['pointer64', ['void']]],
+    'HalClearLastBranchRecordStack' : [ 0x400, ['pointer64', ['void']]],
+    'HalConfigureLastBranchRecord' : [ 0x408, ['pointer64', ['void']]],
+    'HalGetLastBranchInformation' : [ 0x410, ['pointer64', ['void']]],
+    'HalResumeLastBranchRecord' : [ 0x418, ['pointer64', ['void']]],
+    'HalStartLastBranchRecord' : [ 0x420, ['pointer64', ['void']]],
+    'HalStopLastBranchRecord' : [ 0x428, ['pointer64', ['void']]],
+    'HalIommuBlockDevice' : [ 0x430, ['pointer64', ['void']]],
+    'HalIommuUnblockDevice' : [ 0x438, ['pointer64', ['void']]],
+    'HalGetIommuInterface' : [ 0x440, ['pointer64', ['void']]],
+    'HalRequestGenericErrorRecovery' : [ 0x448, ['pointer64', ['void']]],
+    'HalTimerQueryHostPerformanceCounter' : [ 0x450, ['pointer64', ['void']]],
+    'HalTopologyQueryProcessorRelationships' : [ 0x458, ['pointer64', ['void']]],
+    'HalInitPlatformDebugTriggers' : [ 0x460, ['pointer64', ['void']]],
+    'HalRunPlatformDebugTriggers' : [ 0x468, ['pointer64', ['void']]],
+    'HalTimerGetReferencePage' : [ 0x470, ['pointer64', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KSECURE_FAULT_INFORMATION' : [ 0x10, {
+    'FaultCode' : [ 0x0, ['unsigned long long']],
+    'FaultVa' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '__unnamed_2532' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2534' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2532']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2534']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x20, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long long']],
+    'NumberOfProcessReferences' : [ 0x8, ['unsigned long long']],
+    'ClonePtes' : [ 0x10, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x3180, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x180, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x4c0, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x580, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x1608, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x1680, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1800, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x1d00, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0x1d18, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0x1d40, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x1da0, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x1e18, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x1f00, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x1f80, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x20a0, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x2140, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x2340, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x23b0, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x2400, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x24c0, ['_MI_SYSTEM_TRIM_STATE']],
+    'Cookie' : [ 0x2500, ['unsigned long long']],
+    'BootRegistryRuns' : [ 0x2508, ['pointer64', ['pointer64', ['void']]]],
+    'ZeroingDisabled' : [ 0x2510, ['long']],
+    'FullyInitialized' : [ 0x2514, ['unsigned char']],
+    'SafeBooted' : [ 0x2515, ['unsigned char']],
+    'TraceLogging' : [ 0x2518, ['pointer64', ['_TlgProvider_t']]],
+    'Vs' : [ 0x2540, ['_MI_VISIBLE_STATE']],
+} ],
+  '_CMSI_RW_LOCK' : [ 0x8, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x40, {
+    'ProcessorBuffers' : [ 0x0, ['pointer64', ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x8, ['pointer64', ['unsigned long long']]],
+    'QpcDelta' : [ 0x10, ['pointer64', ['long long']]],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0x1200, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x8, ['unsigned long long']],
+    'NumberOfPhysicalPages' : [ 0x10, ['unsigned long long']],
+    'NumberOfPagingFiles' : [ 0x18, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x1c, ['unsigned char']],
+    'PagingFile' : [ 0x20, ['array', 16, ['pointer64', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0xc0, ['unsigned long long']],
+    'ResidentAvailablePages' : [ 0x100, ['unsigned long long']],
+    'PartitionWs' : [ 0x140, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x200, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x228, ['unsigned long long']],
+    'ModifiedPageListHead' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x280, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x2a8, ['unsigned long long']],
+    'TotalPagesForPagingFile' : [ 0x2b0, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x2b8, ['unsigned long long']],
+    'ProcessLockedFilePages' : [ 0x2c0, ['unsigned long long']],
+    'SharedCommit' : [ 0x2c8, ['unsigned long long']],
+    'SlabAllocatorPages' : [ 0x2d0, ['unsigned long long']],
+    'ChargeCommitmentFailures' : [ 0x2d8, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x2e8, ['long']],
+    'PageFileTraces' : [ 0x2f0, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x30, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x18, ['_KEVENT']],
+} ],
+  '_ETW_DECODE_CONTROL_ENTRY' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'Decode' : [ 0x8, ['_GUID']],
+    'Control' : [ 0x18, ['_GUID']],
+    'ConsumersNotified' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_2570' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2572' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2570']],
+} ],
+  '__unnamed_2574' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_2572']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2574']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_257c' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_257c']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MI_LARGEPAGE_IMAGE_INFO' : [ 0x10, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2589' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x28, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
+    'NodeCount' : [ 0x8, ['unsigned long long']],
+    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x18, ['unsigned long']],
+    'UseSessionId' : [ 0x1c, ['unsigned char']],
+    'u1' : [ 0x20, ['__unnamed_2589']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x110, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0xc0, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x48, {
+    'SystemDllBase' : [ 0x0, ['pointer64', ['void']]],
+    'ColorSeed' : [ 0x8, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0xc, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x28, ['array', 2, ['pointer64', ['_MMPTE']]]],
+    'HypervisorSharedVa' : [ 0x38, ['pointer64', ['void']]],
+    'VadSecureCookie' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_AGGREGATION' : [ 0x20, {
+    'PageFaultCount' : [ 0x0, ['unsigned long']],
+    'WorkingSetSize' : [ 0x8, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x10, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x78, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
+    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
+    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x190, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long long']],
+    'Guid' : [ 0x18, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['pointer64', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x178, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x180, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x188, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x158, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['wchar']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['wchar']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'DeleteOwnerRanges' : [ 0x120, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x128, ['unsigned char']],
+    'TransactionEvent' : [ 0x130, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x138, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x140, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x148, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x150, ['pointer64', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_RTLP_HP_HEAP_GLOBALS' : [ 0x38, {
+    'HeapKey' : [ 0x0, ['unsigned long long']],
+    'LfhKey' : [ 0x8, ['unsigned long long']],
+    'FailureInfo' : [ 0x10, ['pointer64', ['_HEAP_FAILURE_INFORMATION']]],
+    'CommitLimitData' : [ 0x18, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0xc0, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x10, ['_KMUTANT']],
+    'FixupLock' : [ 0x48, ['long']],
+    'FirstLoadEver' : [ 0x4c, ['unsigned char']],
+    'LargePageAll' : [ 0x4d, ['unsigned char']],
+    'LastPage' : [ 0x50, ['unsigned long long']],
+    'LargePageList' : [ 0x58, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x68, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x78, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x88, ['array', 2, ['pointer64', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x98, ['unsigned long long']],
+    'PageCounts' : [ 0xa0, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'ImageTree' : [ 0xb8, ['_RTL_AVL_TREE']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ExceptionHandlingReady' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ShadowStacksSupported' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AccessBitFenceRequired' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'PfnDatabaseExists' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x68, ['unsigned char']],
+    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x10, ['unsigned long']],
+    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 3, end_bit = 12, native_type='unsigned long')]],
+    'NumberOfRemapPages' : [ 0x14, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x8, {
+    'Head' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x100, {
+    'DriverInit' : [ 0x0, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x8, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x10, ['pointer64', ['void']]],
+    'AddDevice' : [ 0x18, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x20, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x60, {
+    'PartitionLock' : [ 0x0, ['unsigned long long']],
+    'PartitionIdLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x10, ['unsigned long long']],
+    'PartitionList' : [ 0x18, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x30, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x40, ['array', 1, ['pointer64', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x48, ['pointer64', ['pointer64', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x50, ['unsigned long long']],
+    'CrossPartitionDenials' : [ 0x58, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x5c, ['unsigned char']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x368, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+    'State' : [ 0x40, ['unsigned char']],
+    'Flags' : [ 0x41, ['unsigned char']],
+    'Removing' : [ 0x42, ['unsigned char']],
+    'Mode' : [ 0x43, ['unsigned char']],
+    'PendingMode' : [ 0x44, ['unsigned char']],
+    'ActivePoint' : [ 0x45, ['unsigned char']],
+    'PendingActivePoint' : [ 0x46, ['unsigned char']],
+    'Critical' : [ 0x47, ['unsigned char']],
+    'ThermalStandby' : [ 0x48, ['unsigned char']],
+    'OverThrottled' : [ 0x49, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x4c, ['long']],
+    'Throttle' : [ 0x50, ['long']],
+    'PendingThrottle' : [ 0x54, ['long']],
+    'ThrottleReasons' : [ 0x58, ['unsigned long']],
+    'LastPassiveTime' : [ 0x60, ['unsigned long long']],
+    'SampleRate' : [ 0x68, ['unsigned long']],
+    'LastTemp' : [ 0x6c, ['unsigned long']],
+    'Info' : [ 0x70, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xcc, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xe4, ['unsigned char']],
+    'PollingRate' : [ 0xe8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xf0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xf8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x100, ['unsigned long long']],
+    'WorkItem' : [ 0x108, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0x128, ['_KTIMER2']],
+    'Lock' : [ 0x1b0, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x1c0, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x1d8, ['_KEVENT']],
+    'InstanceId' : [ 0x1f0, ['unsigned long']],
+    'TelemetryTracker' : [ 0x1f8, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x358, ['_UNICODE_STRING']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '__unnamed_266c' : [ 0x4, {
+    'Bus' : [ 0x0, ['unsigned char']],
+    'Device' : [ 0x1, ['unsigned char']],
+    'Function' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_266e' : [ 0x2, {
+    'SecondaryBus' : [ 0x0, ['unsigned char']],
+    'SubordinateBus' : [ 0x1, ['unsigned char']],
+} ],
+  '_PCI_BUSMASTER_DESCRIPTOR' : [ 0xc, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusmasterRidFromDeviceRid', 1: u'BusmasterRidFromBridgeRid', 2: u'BusmasterRidFromMultipleBridges'})]],
+    'Segment' : [ 0x4, ['unsigned long']],
+    'DeviceRid' : [ 0x8, ['__unnamed_266c']],
+    'BridgeRid' : [ 0x8, ['__unnamed_266c']],
+    'MultipleBridges' : [ 0x8, ['__unnamed_266e']],
+} ],
+  '_HVP_VIEW_MAP' : [ 0x38, {
+    'SectionReference' : [ 0x0, ['pointer64', ['void']]],
+    'StorageEndFileOffset' : [ 0x8, ['long long']],
+    'SectionEndFileOffset' : [ 0x10, ['long long']],
+    'ProcessTuple' : [ 0x18, ['pointer64', ['_CMSI_PROCESS_TUPLE']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ViewTree' : [ 0x28, ['_RTL_RB_TREE']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x18, {
+    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x10, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HAL_LOG_REGISTER_CONTEXT' : [ 0x10, {
+    'LogRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Flag' : [ 0x8, ['unsigned long']],
+} ],
+  '_DEVICE_OBJECT_LIST_ENTRY' : [ 0x18, {
+    'DeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'RELATION_LEVEL_REMOVE_EJECT', 1: u'RELATION_LEVEL_DEPENDENT', 2: u'RELATION_LEVEL_DIRECT_DESCENDANT'})]],
+    'Ordinal' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x8, ['long long']],
+    'SidCount' : [ 0x10, ['unsigned long']],
+    'SidValuesStart' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x18, {
+    'RunRefs' : [ 0x0, ['pointer64', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x8, ['pointer64', ['void']]],
+    'RunRefSize' : [ 0x10, ['unsigned long']],
+    'Number' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
+    'Function' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_26a6' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_26a8' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_26a6']],
+    'Private' : [ 0x0, ['__unnamed_26a8']],
+} ],
+  '_CM_TRANS_PTR' : [ 0x8, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'TransPtr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x38, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x10, ['unsigned long long']],
+    'VolumeKey' : [ 0x18, ['unsigned long long']],
+    'Rundown' : [ 0x20, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x28, ['pointer64', ['void']]],
+    'VolumeIoAttribution' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x8, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x8, ['unsigned long long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x48, ['unsigned long long']],
+    'BigPagesAllocated' : [ 0x50, ['unsigned long long']],
+    'BytesAllocated' : [ 0x58, ['unsigned long long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x88, ['unsigned long long']],
+    'BigPagesDeallocated' : [ 0x90, ['unsigned long long']],
+    'BytesDeallocated' : [ 0x98, ['unsigned long long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+    'PoolTypeCopy' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'ThreadsProcessingDeferrals' : [ 0x108, ['long']],
+    'PendingFreeDepth' : [ 0x10c, ['long']],
+    'ListHeads' : [ 0x140, ['array', 256, ['_LIST_ENTRY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KPRCBFLAG' : [ 0x4, {
+    'PrcbFlags' : [ 0x0, ['long']],
+    'BamQosLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'PendingQosUpdate' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PrcbFlagsReserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2721' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2723' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_2721']],
+    'Button' : [ 0x10, ['__unnamed_2723']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
+    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x88, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x18, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x58, ['long long']],
+    'Callback' : [ 0x60, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x68, ['pointer64', ['void']]],
+    'DisableCallback' : [ 0x70, ['pointer64', ['void']]],
+    'DisableContext' : [ 0x78, ['pointer64', ['void']]],
+    'AbsoluteSystemTime' : [ 0x80, ['unsigned char']],
+    'TypeFlags' : [ 0x81, ['unsigned char']],
+    'Unused' : [ 0x81, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x81, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x81, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x81, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x81, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x82, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x1088, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'DetachTimeStamp' : [ 0x20, ['unsigned long']],
+    'CodePageEdited' : [ 0x24, ['unsigned char']],
+    'DynamicPoolBitBuffer' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'DynamicVaBitBuffer' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'DynamicVaBitBufferPages' : [ 0x38, ['unsigned long long']],
+    'DynamicVaStart' : [ 0x40, ['pointer64', ['void']]],
+    'ImageVaStart' : [ 0x48, ['pointer64', ['void']]],
+    'SystemViewBuckets' : [ 0x50, ['array', 256, ['_MI_HUGE_SYSTEM_VIEW_HEAD']]],
+    'DynamicPtesBitBuffer' : [ 0x1050, ['pointer64', ['unsigned long']]],
+    'IdLock' : [ 0x1058, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x1060, ['pointer64', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x1068, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x1070, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x1078, ['pointer64', ['void']]],
+    'SessionCore' : [ 0x1080, ['pointer64', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x338, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+    'EnabledUserVisibleSupervisorFeatures' : [ 0x330, ['unsigned long long']],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x10, ['pointer64', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'AccessMask' : [ 0x20, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x340, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'UnusedSegmentPagedPool' : [ 0x18, ['unsigned long long']],
+    'DataSectionProtectionMask' : [ 0x20, ['unsigned long']],
+    'HighSectionBase' : [ 0x28, ['pointer64', ['void']]],
+    'PhysicalSubsection' : [ 0x30, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0xc0, ['_CONTROL_AREA']],
+    'PurgingExtentPages' : [ 0x140, ['_MMPFNLIST']],
+    'DanglingExtentPages' : [ 0x168, ['pointer64', ['_MMPFN']]],
+    'DanglingExtentsWorkItem' : [ 0x170, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsDeletionComplete' : [ 0x190, ['_KEVENT']],
+    'DanglingExtentsWorkerActive' : [ 0x1a8, ['unsigned char']],
+    'PurgingExtentsNeedWatchdog' : [ 0x1a9, ['unsigned char']],
+    'PrototypePtesTree' : [ 0x1b0, ['_RTL_AVL_TREE']],
+    'PrototypePtesTreeSpinLock' : [ 0x1b8, ['long']],
+    'ImageBias' : [ 0x1bc, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0x1c0, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0x1c8, ['_RTL_BITMAP']],
+    'ImageBias64Low' : [ 0x1d8, ['unsigned long']],
+    'ImageBias64High' : [ 0x1dc, ['unsigned long']],
+    'ImageBitMap64Low' : [ 0x1e0, ['_RTL_BITMAP']],
+    'ImageBitMap64High' : [ 0x1f0, ['_RTL_BITMAP']],
+    'ImageBitMapWow64Dll' : [ 0x200, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0x210, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x218, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0x220, ['unsigned long long']],
+    'LostDataFiles' : [ 0x228, ['unsigned long']],
+    'LostDataPages' : [ 0x22c, ['unsigned long']],
+    'ImageFailureReason' : [ 0x230, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x238, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x240, ['pointer64', ['_CONTROL_AREA']]],
+    'CfgBitMapSection64' : [ 0x248, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea64' : [ 0x250, ['pointer64', ['_CONTROL_AREA']]],
+    'KernelCfgBitMap' : [ 0x258, ['_RTL_BITMAP_EX']],
+    'KernelCfgBitMapLock' : [ 0x268, ['_EX_PUSH_LOCK']],
+    'ImageCfgFailure' : [ 0x270, ['unsigned long']],
+    'RetpolineStubMdl' : [ 0x278, ['pointer64', ['_MDL']]],
+    'RetpolineStubStart' : [ 0x280, ['pointer64', ['void']]],
+    'RetpolineStubPages' : [ 0x288, ['unsigned long']],
+    'KernelRetpolineBitMap' : [ 0x290, ['_RTL_BITMAP_EX']],
+    'RetpolineRoutines' : [ 0x2a0, ['_RTL_RETPOLINE_ROUTINES']],
+    'RetpolineRevertPte' : [ 0x2f0, ['pointer64', ['_MMPTE']]],
+    'ImageChecksumBreakpoint' : [ 0x2f8, ['unsigned long']],
+    'ImageSizeBreakpoint' : [ 0x2fc, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x300, ['long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x28, ['unsigned char']],
+    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x60, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkIdFilter' : [ 0x28, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'StackWalkNameFilter' : [ 0x30, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+    'StackWalkLevelKwFilter' : [ 0x38, ['pointer64', ['_EVENT_FILTER_LEVEL_KW']]],
+    'EventIdFilter' : [ 0x40, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x48, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x50, ['pointer64', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x58, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'ColdPage' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 26, native_type='unsigned long long')]],
+    'ShadowStack' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xa8, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xa4, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x7c8, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'SharedData' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['pointer64', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x328, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x338, ['pointer64', ['void']]],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pUnused' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['pointer64', ['void']]]],
+    'TelemetryCoverageHeader' : [ 0x7a0, ['pointer64', ['void']]],
+    'CloudFileFlags' : [ 0x7a8, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x7ac, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x7b0, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x7b1, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x7b8, ['pointer64', ['_LEAP_SECOND_DATA']]],
+    'LeapSecondFlags' : [ 0x7c0, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x7c0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x7c0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x7c4, ['unsigned long']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_27b3' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_27b7' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_27b3']],
+    'Bits' : [ 0x4, ['__unnamed_27b7']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'DataLow' : [ 0x0, ['long long']],
+    'DataHigh' : [ 0x8, ['long long']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_SYSTEM_LOGGER_SETTINGS' : [ 0x174, {
+    'EtwpSystemLogger' : [ 0x0, ['array', 8, ['_ETW_SYSTEM_LOGGER']]],
+    'EtwpActiveSystemLoggers' : [ 0x10, ['unsigned long']],
+    'SiloGlobalGroupMask' : [ 0x14, ['_PERFINFO_GROUPMASK']],
+    'EtwpGroupMasks' : [ 0x34, ['array', 10, ['_PERFINFO_GROUPMASK']]],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x38, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Vad' : [ 0x20, ['pointer64', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x28, ['unsigned long']],
+    'FullSetBits' : [ 0x2c, ['unsigned long']],
+    'SubListIndex' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_27d3' : [ 0x30, {
+    'ApcState' : [ 0x0, ['_KAPC_STATE']],
+    'HardFaultState' : [ 0x0, ['_MI_HARD_FAULT_STATE']],
+} ],
+  '__unnamed_27d5' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_27d8' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x1c0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Event' : [ 0x20, ['_KEVENT']],
+    'CollidedEvent' : [ 0x38, ['_KEVENT']],
+    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
+    'u2' : [ 0x68, ['__unnamed_27d3']],
+    'Thread' : [ 0x98, ['pointer64', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0xa0, ['pointer64', ['_MMPFN']]],
+    'PteContents' : [ 0xa8, ['_MMPTE']],
+    'WaitCount' : [ 0xb0, ['long']],
+    'InjectRetry' : [ 0xb4, ['long']],
+    'ByteCount' : [ 0xb8, ['unsigned long']],
+    'u3' : [ 0xbc, ['__unnamed_27d5']],
+    'u1' : [ 0xc0, ['__unnamed_27d8']],
+    'FilePointer' : [ 0xc8, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xd0, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0xd0, ['pointer64', ['_SUBSECTION']]],
+    'Autoboost' : [ 0xd8, ['pointer64', ['void']]],
+    'FaultingAddress' : [ 0xe0, ['pointer64', ['void']]],
+    'PointerPte' : [ 0xe8, ['pointer64', ['_MMPTE']]],
+    'BasePte' : [ 0xf0, ['pointer64', ['_MMPTE']]],
+    'Pfn' : [ 0xf8, ['pointer64', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x100, ['pointer64', ['_MDL']]],
+    'ProbeCount' : [ 0x108, ['long long']],
+    'Mdl' : [ 0x110, ['_MDL']],
+    'Page' : [ 0x140, ['array', 16, ['unsigned long long']]],
+    'FlowThrough' : [ 0x140, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_27e8' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_27ea' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_27ec' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_27ee' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_27e8']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_27ea']],
+    'Raw' : [ 0x0, ['__unnamed_27ec']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0xc, ['__unnamed_27ee']],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x20, {
+    'BaseKcb' : [ 0x0, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x8, ['long']],
+    'ClonedKcbListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset', 25: u'ClearDmaGuardProblem'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+    'ActivityId' : [ 0x38, ['_GUID']],
+    'RefCount' : [ 0x48, ['long']],
+    'Dequeued' : [ 0x4c, ['unsigned char']],
+    'CancelLock' : [ 0x50, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x58, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0x180, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x38, ['unsigned char']],
+    'Platform' : [ 0x39, ['unsigned char']],
+    'DependencyListCount' : [ 0x3c, ['unsigned long']],
+    'Processors' : [ 0x40, ['_KAFFINITY_EX']],
+    'Name' : [ 0xe8, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0xf8, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x100, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x108, ['unsigned long long']],
+    'RefCount' : [ 0x140, ['long']],
+    'CacheAlign0' : [ 0x140, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0x10c0, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer64', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x280, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x500, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x780, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x7c0, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x7e8, ['array', 2, ['pointer64', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x7f8, ['array', 8, ['pointer64', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x838, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x880, ['unsigned long long']],
+    'TransitionSharedPagesPeak' : [ 0x888, ['array', 6, ['unsigned long long']]],
+    'MappedPageListHeadEvent' : [ 0x8b8, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0xa38, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0xa58, ['unsigned long']],
+    'StandbyListDiscard' : [ 0xa5c, ['unsigned char']],
+    'FreeListDiscard' : [ 0xa5d, ['unsigned char']],
+    'PfnBitMapsReady' : [ 0xa5e, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0xa60, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0xa68, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0xac0, ['unsigned long long']],
+    'AvailablePageWaitStates' : [ 0xac8, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0xb28, ['pointer64', ['void']]],
+    'TransitionPrivatePages' : [ 0xb40, ['unsigned long long']],
+    'LargePfnBitMap' : [ 0xb48, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'LargePageListHeads' : [ 0xb68, ['pointer64', ['_MI_FREE_LARGE_PAGE_LIST']]],
+    'LargePageCandidates' : [ 0xb70, ['array', 2, ['_MI_LARGE_PAGE_CANDIDATES']]],
+    'RebuildLargePageWorkItem' : [ 0xf80, ['_WORK_QUEUE_ITEM']],
+    'RebuildLargePageActive' : [ 0xfa0, ['unsigned char']],
+    'LargePageRebuildLock' : [ 0xfa4, ['long']],
+    'LowMemoryThreshold' : [ 0xfa8, ['unsigned long long']],
+    'HighMemoryThreshold' : [ 0xfb0, ['unsigned long long']],
+    'SlabContexts' : [ 0xfb8, ['array', 3, ['_MI_SLAB_ALLOCATOR_CONTEXT']]],
+    'SlabPfnBitMap' : [ 0x1090, ['_RTL_BITMAP_EX']],
+} ],
+  '__unnamed_281c' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_281c']],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '__unnamed_2839' : [ 0x8, {
+    'AllocationType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Inserted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+} ],
+  '__unnamed_283b' : [ 0x8, {
+    'PrototypePtesFlags' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_283d' : [ 0x8, {
+    'e1' : [ 0x0, ['__unnamed_2839']],
+    'e2' : [ 0x0, ['__unnamed_283b']],
+} ],
+  '_MI_PROTOTYPE_PTES_NODE' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x18, ['__unnamed_283d']],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0x188, {
+    'Partition' : [ 0x0, ['pointer64', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0x18, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x40, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x48, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x58, ['unsigned long long']],
+    'CombinePageListHeads' : [ 0x60, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0x160, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'LowboxNumber' : [ 0x28, ['unsigned long']],
+    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x8, ['pointer64', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID' : [ 0x18, {
+    'DeviceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'EXT_IOMMU_DEVICE_TYPE_INVALID', 1: u'EXT_IOMMU_DEVICE_TYPE_PCI', 2: u'EXT_IOMMU_DEVICE_TYPE_ACPI', 3: u'EXT_IOMMU_DEVICE_TYPE_IOAPIC', 4: u'EXT_IOMMU_DEVICE_TYPE_LOGICAL', 5: u'EXT_IOMMU_DEVICE_TYPE_GIC', 6: u'EXT_IOMMU_DEVICE_TYPE_TEST', 7: u'EXT_IOMMU_DEVICE_TYPE_MAX'})]],
+    'Pci' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_PCI']],
+    'Acpi' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_ACPI']],
+    'IoApicId' : [ 0x8, ['unsigned char']],
+    'LogicalId' : [ 0x8, ['unsigned long long']],
+    'Test' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_TEST']],
+    'Gic' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_GIC']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2865' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2867' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_286a' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_286e' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x58, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x38, ['__unnamed_2865']],
+    'HvDeviceId' : [ 0x40, ['unsigned long long']],
+    'XapicMessage' : [ 0x48, ['__unnamed_2867']],
+    'Hypertransport' : [ 0x48, ['__unnamed_286a']],
+    'GenericMessage' : [ 0x48, ['__unnamed_2867']],
+    'MessageRequest' : [ 0x48, ['__unnamed_286e']],
+} ],
+  '__unnamed_2873' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2875' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2873']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2879' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_287b' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2879']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2875']],
+    'HighPart' : [ 0x4, ['__unnamed_287b']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'KernelSoftReboot' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DirectedDripsTransition' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_KINTERRUPT' : [ 0x100, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
+    'ActiveCount' : [ 0x66, ['unsigned short']],
+    'InternalState' : [ 0x68, ['long']],
+    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x74, ['unsigned long']],
+    'DispatchCount' : [ 0x78, ['unsigned long']],
+    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x90, ['pointer64', ['void']]],
+    'ServiceThread' : [ 0x98, ['pointer64', ['_KTHREAD']]],
+    'ConnectionData' : [ 0xa0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0xa8, ['pointer64', ['void']]],
+    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xf0, ['pointer64', ['void']]],
+    'Padding' : [ 0xf8, ['array', 8, ['unsigned char']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x58, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x38, ['pointer64', ['_ETHREAD']]],
+    'Type' : [ 0x40, ['unsigned long']],
+    'ActivityId' : [ 0x44, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x28, {
+    'NextPteToTrim' : [ 0x0, ['pointer64', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0x18, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x1c, ['unsigned long']],
+    'LockedEntries' : [ 0x20, ['unsigned long long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x50, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+    'Extended' : [ 0x49, ['unsigned char']],
+    'RankNumber' : [ 0x4a, ['unsigned short']],
+    'CardHandle' : [ 0x4c, ['unsigned short']],
+    'ModuleHandle' : [ 0x4e, ['unsigned short']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_SK_CRASH_MODULE' : [ 0x48, {
+    'ImageName' : [ 0x0, ['array', 32, ['wchar']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5c0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xf0, ['_CONTEXT']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x28, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPendingAll' : [ 0x2a, ['unsigned char']],
+    'SpecialUserApcPending' : [ 0x2a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserApcPending' : [ 0x2a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer64', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_HEAP_VAMGR_CTX' : [ 0x3040, {
+    'VaSpace' : [ 0x0, ['_HEAP_VAMGR_VASPACE']],
+    'AllocatorLock' : [ 0x60, ['unsigned long long']],
+    'AllocatorCount' : [ 0x68, ['unsigned long']],
+    'Allocators' : [ 0x70, ['array', 255, ['_HEAP_VAMGR_ALLOCATOR']]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DEBUG_DEVICE_DESCRIPTOR' : [ 0xf8, {
+    'Bus' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'Segment' : [ 0x8, ['unsigned short']],
+    'VendorID' : [ 0xa, ['unsigned short']],
+    'DeviceID' : [ 0xc, ['unsigned short']],
+    'BaseClass' : [ 0xe, ['unsigned char']],
+    'SubClass' : [ 0xf, ['unsigned char']],
+    'ProgIf' : [ 0x10, ['unsigned char']],
+    'Flags' : [ 0x11, ['unsigned char']],
+    'DbgHalScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgBarsMapped' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Initialized' : [ 0x12, ['unsigned char']],
+    'Configured' : [ 0x13, ['unsigned char']],
+    'BaseAddress' : [ 0x18, ['array', 6, ['DEBUG_DEVICE_ADDRESS']]],
+    'Memory' : [ 0xa8, ['DEBUG_MEMORY_REQUIREMENTS']],
+    'PortType' : [ 0xc8, ['unsigned short']],
+    'PortSubtype' : [ 0xca, ['unsigned short']],
+    'OemData' : [ 0xd0, ['pointer64', ['void']]],
+    'OemDataLength' : [ 0xd8, ['unsigned long']],
+    'NameSpace' : [ 0xdc, ['Enumeration', dict(target = 'long', choices = {0: u'KdNameSpacePCI', 1: u'KdNameSpaceACPI', 2: u'KdNameSpaceAny', 3: u'KdNameSpaceNone', 4: u'KdNameSpaceMax'})]],
+    'NameSpacePath' : [ 0xe0, ['pointer64', ['wchar']]],
+    'NameSpacePathLength' : [ 0xe8, ['unsigned long']],
+    'TransportType' : [ 0xec, ['unsigned long']],
+    'TransportData' : [ 0xf0, ['_DEBUG_TRANSPORT_DATA']],
+} ],
+  '__unnamed_28e3' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_28e5' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_28e7' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_28e3']],
+    'Interrupt' : [ 0x0, ['__unnamed_28e5']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_28e5']],
+    'Sci' : [ 0x0, ['__unnamed_28e5']],
+    'Nmi' : [ 0x0, ['__unnamed_28e5']],
+    'Sea' : [ 0x0, ['__unnamed_28e5']],
+    'Sei' : [ 0x0, ['__unnamed_28e5']],
+    'Gsiv' : [ 0x0, ['__unnamed_28e5']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_28e7']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
+    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x2b0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x298, ['unsigned long']],
+    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x2e0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Partition' : [ 0x2b0, ['pointer64', ['_EX_PARTITION']]],
+    'Node' : [ 0x2b8, ['pointer64', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x2c0, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x2c4, ['unsigned long']],
+    'ThreadCount' : [ 0x2c8, ['long']],
+    'MinThreads' : [ 0x2cc, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x2cc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x2d0, ['long']],
+    'QueueIndex' : [ 0x2d4, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'IoPoolUntrusted', 8: u'ExPoolMax'})]],
+    'AllThreadsExitedEvent' : [ 0x2d8, ['pointer64', ['_KEVENT']]],
+} ],
+  '_KSCB' : [ 0x1a8, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x70, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x70, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x70, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x70, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x70, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x70, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x70, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x71, ['unsigned char']],
+    'ReadySummary' : [ 0x72, ['unsigned short']],
+    'Rank' : [ 0x74, ['unsigned long']],
+    'ShareRank' : [ 0x78, ['pointer64', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x80, ['unsigned long']],
+    'ReadyListHead' : [ 0x88, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0x188, ['_RTL_RB_TREE']],
+    'Parent' : [ 0x198, ['pointer64', ['_KSCB']]],
+    'Root' : [ 0x1a0, ['pointer64', ['_KSCB']]],
+} ],
+  '__unnamed_290e' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x10, ['pointer64', ['void']]],
+    'ExceptionTableSize' : [ 0x18, ['unsigned long']],
+    'GpValue' : [ 0x20, ['pointer64', ['void']]],
+    'NonPagedDebugInfo' : [ 0x28, ['pointer64', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'u1' : [ 0x6e, ['__unnamed_290e']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x7c, ['unsigned long']],
+    'CoverageSection' : [ 0x80, ['pointer64', ['void']]],
+    'LoadedImports' : [ 0x88, ['pointer64', ['void']]],
+    'Spare' : [ 0x90, ['pointer64', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x98, ['unsigned long']],
+    'TimeDateStamp' : [ 0x9c, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long long']],
+    'TrimInProgressCount' : [ 0x8, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x10, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x28, ['array', 3, ['unsigned long']]],
+} ],
+  '_RTLP_HP_METADATA_HEAP_CTX' : [ 0x10, {
+    'Heap' : [ 0x0, ['pointer64', ['_SEGMENT_HEAP']]],
+    'InitOnce' : [ 0x8, ['_RTL_RUN_ONCE']],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'Abandoned' : [ 0x30, ['unsigned char']],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '__unnamed_2920' : [ 0x8, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 44, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2925' : [ 0x8, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'OldestWsleLeafEntries' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 14, native_type='unsigned long long')]],
+    'OldestWsleLeafAge' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 17, native_type='unsigned long long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 60, native_type='unsigned long long')]],
+} ],
+  '_MI_ACTIVE_PFN' : [ 0x8, {
+    'Leaf' : [ 0x0, ['__unnamed_2920']],
+    'PageTable' : [ 0x0, ['__unnamed_2925']],
+    'EntireActiveField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x28, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x2c, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_HMAP_TABLE' : [ 0x3000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_2950' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2952' : [ 0x20, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_2950']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x40, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0x18, ['__unnamed_2952']],
+    'VerifiedData' : [ 0x38, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x30, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
+    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
+    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SystemCacheAttributes' : [ 0x20, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x200, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0x80, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x90, ['unsigned long long']],
+    'PteTrackingBitmap' : [ 0x98, ['_RTL_BITMAP_EX']],
+    'CachedPteHeads' : [ 0xa8, ['pointer64', ['_MI_CACHED_PTES']]],
+    'CachedKernelStackPteHeads' : [ 0xb0, ['pointer64', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xb8, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPteInfo' : [ 0x118, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x178, ['unsigned long']],
+    'KernelStackPages' : [ 0x17c, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x17d, ['unsigned char']],
+    'AdjustCounter' : [ 0x17e, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x180, ['long']],
+    'ReservedMappingTree' : [ 0x188, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x190, ['pointer64', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x198, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x1a0, ['long']],
+    'UltraSpaceContext' : [ 0x1a8, ['_MI_ULTRA_VA_CONTEXT']],
+    'NumberOfUltraMdlMaps' : [ 0x1e8, ['unsigned long']],
+    'UltraMdlNodeMappings' : [ 0x1f0, ['pointer64', ['_MI_ULTRA_MDL_NODE']]],
+} ],
+  '__unnamed_2967' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0x1a8, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2967']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'NodeInformation' : [ 0x10, ['pointer64', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x18, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x20, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x28, ['unsigned long long']],
+    'PfnUnmapWorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x50, ['unsigned long long']],
+    'PfnUnmapWaitList' : [ 0x58, ['pointer64', ['void']]],
+    'MemoryRuns' : [ 0x60, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x68, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x80, ['array', 5, ['pointer64', ['void']]]],
+    'PartitionObject' : [ 0xa8, ['pointer64', ['_EPARTITION']]],
+    'PartitionSystemThreadsLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0xc0, ['long']],
+    'PfnUnmapActive' : [ 0xc4, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0xc8, ['_KEVENT']],
+    'RootDirectory' : [ 0xe0, ['pointer64', ['void']]],
+    'KernelObjectsDirectory' : [ 0xe8, ['pointer64', ['void']]],
+    'MemoryEvents' : [ 0xf0, ['array', 11, ['pointer64', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0x148, ['array', 11, ['pointer64', ['void']]]],
+    'NonChargedSecurePages' : [ 0x1a0, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0xc0, {
+    'NextPageColor' : [ 0x0, ['unsigned long']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long long']],
+    'VmWorkingSetList' : [ 0x10, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 8, ['unsigned long long']]],
+    'ExitOutswapGate' : [ 0x68, ['pointer64', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x70, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x78, ['unsigned long long']],
+    'WorkingSetLeafPrivateSize' : [ 0x80, ['unsigned long long']],
+    'WorkingSetSize' : [ 0x88, ['unsigned long long']],
+    'WorkingSetPrivateSize' : [ 0x90, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0x98, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0xa0, ['unsigned long long']],
+    'HardFaultCount' : [ 0xa8, ['unsigned long']],
+    'LastTrimStamp' : [ 0xac, ['unsigned short']],
+    'PartitionId' : [ 0xae, ['unsigned short']],
+    'SelfmapLock' : [ 0xb0, ['unsigned long long']],
+    'Flags' : [ 0xb8, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x10, ['unsigned char']],
+    'BlockState' : [ 0x11, ['unsigned char']],
+    'WaitKey' : [ 0x12, ['unsigned short']],
+    'SpareLong' : [ 0x14, ['long']],
+    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
+    'Object' : [ 0x20, ['pointer64', ['void']]],
+    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x18, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0x10, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+} ],
+  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
+    'CurrentSize' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'Epoch' : [ 0x8, ['unsigned long']],
+    'Overflow' : [ 0xc, ['unsigned char']],
+    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long long']],
+    'WorkQueue' : [ 0x20, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
+    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
+    'AcceptAcpiNotification' : [ 0x70, ['pointer64', ['void']]],
+    'WorkOrderCount' : [ 0x78, ['unsigned long']],
+    'WorkOrders' : [ 0x80, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_2993' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x78, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x20, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x28, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x30, ['unsigned long long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x38, ['unsigned long long']],
+    'MdlHack' : [ 0x40, ['__unnamed_2993']],
+} ],
+  '_HAL_LBR_ENTRY' : [ 0x18, {
+    'FromAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ToAddress' : [ 0x8, ['pointer64', ['void']]],
+    'Reserved' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x30, ['pointer64', ['void']]],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'Index' : [ 0x60, ['unsigned short']],
+    'Flags' : [ 0x62, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x62, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'DbgUseDescriptorType' : [ 0x62, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'DbgDropProviderTraits' : [ 0x62, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'EnableMask' : [ 0x64, ['unsigned char']],
+    'GroupEnableMask' : [ 0x65, ['unsigned char']],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HAL_DP_REPLACE_PARAMETERS' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'TargetProcessors' : [ 0x8, ['pointer64', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+    'SpareProcessors' : [ 0x10, ['pointer64', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x28, {
+    'NextEntry' : [ 0x0, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x500, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long long']],
+    'AvailableSystemCacheVa' : [ 0x8, ['unsigned long long']],
+    'DynamicBitMapKernelStacks' : [ 0x10, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSystemPtes' : [ 0x58, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapDriverImages' : [ 0xa0, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapPagedPool' : [ 0x130, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSpecialPool' : [ 0x178, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapSystemCache' : [ 0x208, ['_MI_DYNAMIC_BITMAP']],
+    'HalPrivateVaStart' : [ 0x250, ['pointer64', ['void']]],
+    'HalPrivateVaSize' : [ 0x258, ['unsigned long long']],
+    'SystemVaAssignment' : [ 0x260, ['array', 8, ['unsigned long']]],
+    'SystemVaAssignmentHint' : [ 0x280, ['unsigned long']],
+    'TopLevelPteLockBits' : [ 0x284, ['array', 32, ['unsigned long']]],
+    'DeleteKvaLock' : [ 0x304, ['long']],
+    'WsleArrays' : [ 0x308, ['array', 8, ['pointer64', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x348, ['pointer64', ['_MI_HYPER_SPACE']]],
+    'HyperSpaceEnd' : [ 0x350, ['pointer64', ['void']]],
+    'FreeSystemCacheVa' : [ 0x358, ['_KEVENT']],
+    'SystemVaLock' : [ 0x370, ['unsigned long long']],
+    'SystemCacheViewLock' : [ 0x378, ['unsigned long long']],
+    'SystemWorkingSetList' : [ 0x380, ['array', 8, ['_MMWSL_INSTANCE']]],
+    'SelfmapLock' : [ 0x4c0, ['array', 4, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x50, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'GoodCitizenWaiting' : [ 0x4, ['long']],
+    'ReleasedCommitDebt' : [ 0x8, ['unsigned long long']],
+    'ResetPagesRepurposedCount' : [ 0x10, ['unsigned long long']],
+    'WsSwapSupport' : [ 0x18, ['pointer64', ['void']]],
+    'CommitReleaseContext' : [ 0x20, ['pointer64', ['void']]],
+    'WorkingSetCoreLock' : [ 0x28, ['long']],
+    'AccessLog' : [ 0x30, ['pointer64', ['void']]],
+    'ChargedWslePages' : [ 0x38, ['unsigned long long']],
+    'ActualWslePages' : [ 0x40, ['unsigned long long']],
+    'ShadowMapping' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_ETW_SYSTEM_LOGGER' : [ 0x2, {
+    'LoggerId' : [ 0x0, ['unsigned char']],
+    'ClockType' : [ 0x1, ['unsigned char']],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_ACPI' : [ 0x8, {
+    'ObjectName' : [ 0x0, ['pointer64', ['unsigned char']]],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '__WIL__WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PNP_REPLACE_PROCESSOR_LIST' : [ 0x18, {
+    'Affinity' : [ 0x0, ['pointer64', ['unsigned long long']]],
+    'GroupCount' : [ 0x8, ['unsigned long']],
+    'AllocatedCount' : [ 0xc, ['unsigned long']],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ApicIds' : [ 0x14, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_ULTRA_VA_CONTEXT' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ZeroMapping' : [ 0x8, ['pointer64', ['void']]],
+    'AllocationHintBit' : [ 0x10, ['unsigned long long']],
+    'Bitmap' : [ 0x18, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'ConcurrencyMaximum' : [ 0x38, ['long']],
+    'ConcurrencyCount' : [ 0x3c, ['long']],
+} ],
+  '_ETW_HW_TRACE_EXT_INTERFACE' : [ 0x18, {
+    'StartProcessorTraceOnEachCore' : [ 0x0, ['pointer64', ['void']]],
+    'StopProcessorTraceOnEachCore' : [ 0x8, ['pointer64', ['void']]],
+    'LogProcessorTraceOnCurrentCore' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_LARGE_PAGE_CANDIDATES' : [ 0x208, {
+    'Hand' : [ 0x0, ['unsigned short']],
+    'ActiveEntryCount' : [ 0x2, ['unsigned short']],
+    'Overflowed' : [ 0x4, ['unsigned char']],
+    'PageFrames' : [ 0x8, ['array', 64, ['unsigned long long']]],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x20, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CrossPartitionReferences' : [ 0x8, ['unsigned long long']],
+    'CloneCommitCount' : [ 0x10, ['unsigned long long']],
+    'u1' : [ 0x10, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MACHINE_CHECK_CONTEXT' : [ 0x50, {
+    'MachineFrame' : [ 0x0, ['_MACHINE_FRAME']],
+    'Rax' : [ 0x28, ['unsigned long long']],
+    'Rcx' : [ 0x30, ['unsigned long long']],
+    'Rdx' : [ 0x38, ['unsigned long long']],
+    'GsBase' : [ 0x40, ['unsigned long long']],
+    'Cr3' : [ 0x48, ['unsigned long long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_TEST' : [ 0x8, {
+    'UniqueId' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_HEADER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaEventLogEntryTypeInformational', 1: u'WheaEventLogEntryTypeWarning', 2: u'WheaEventLogEntryTypeError'})]],
+    'OwnerTag' : [ 0x10, ['unsigned long']],
+    'Id' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {-2147483647: u'WheaEventLogEntryIdCmcPollingTimeout', -2147483646: u'WheaEventLogEntryIdWheaInit', -2147483645: u'WheaEventLogEntryIdMax'})]],
+    'Flags' : [ 0x18, ['_WHEA_EVENT_LOG_ENTRY_FLAGS']],
+    'PayloadLength' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_2a25' : [ 0x8, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_SECTION' : [ 0x40, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u1' : [ 0x28, ['__unnamed_2a25']],
+    'SizeOfSection' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_189b']],
+    'InitialPageProtection' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x3c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x48, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer64', ['void']]]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xc0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'ArgumentStatus' : [ 0x14, ['long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'Lock' : [ 0x44, ['unsigned long']],
+    'Cancel' : [ 0x48, ['unsigned char']],
+    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x58, ['_GUID']],
+    'Watchdog' : [ 0x68, ['pointer64', ['_PNP_WATCHDOG']]],
+    'Data' : [ 0x70, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_GLOBAL_APPCOMPAT_FLAGS' : [ 0x4, {
+    'SafeInputValidation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Padding' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CommitLFHSubsegments' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AllocateHeapFromEnv' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0xa0, {
+    'Timelines' : [ 0x0, ['array', 14, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+    'InputTimeline' : [ 0x48, ['_TIMELINE_BITMAP']],
+    'AudioInTimeline' : [ 0x50, ['_TIMELINE_BITMAP']],
+    'AudioOutTimeline' : [ 0x58, ['_TIMELINE_BITMAP']],
+    'DisplayRequiredTimeline' : [ 0x60, ['_TIMELINE_BITMAP']],
+    'KeyboardInputTimeline' : [ 0x68, ['_TIMELINE_BITMAP']],
+    'Durations' : [ 0x70, ['array', 5, ['_ENERGY_STATE_DURATION']]],
+    'InputDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'AudioInDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'AudioOutDuration' : [ 0x80, ['_ENERGY_STATE_DURATION']],
+    'DisplayRequiredDuration' : [ 0x88, ['_ENERGY_STATE_DURATION']],
+    'PSMBackgroundDuration' : [ 0x90, ['_ENERGY_STATE_DURATION']],
+    'KeyboardInput' : [ 0x98, ['unsigned long']],
+    'MouseInput' : [ 0x9c, ['unsigned long']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x20, ['pointer64', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x28, ['long']],
+    'Active' : [ 0x2c, ['long']],
+    'FreeWhenDone' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x118, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x10, ['unsigned long']],
+    'InDebugger' : [ 0x14, ['long']],
+    'Pfns' : [ 0x18, ['array', 32, ['pointer64', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LockState' : [ 0x0, ['pointer64', ['void']]],
+    'SessionState' : [ 0x8, ['pointer64', ['void']]],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'SessionPad' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0x138, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x40, ['unsigned long long']],
+    'TimerApc' : [ 0x48, ['_KAPC']],
+    'TimerDpc' : [ 0xa0, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Period' : [ 0xf0, ['unsigned long']],
+    'TimerFlags' : [ 0xf4, ['unsigned char']],
+    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0xf5, ['unsigned char']],
+    'Spare2' : [ 0xf6, ['unsigned short']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x128, ['unsigned long long']],
+    'CoalescingWindow' : [ 0x130, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x78, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x48, ['pointer64', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x50, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'CrashDumpPte' : [ 0x70, ['pointer64', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x20, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0x18, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x10, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x200, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x28, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x30, ['unsigned char']],
+    'PepWokenTransition' : [ 0x31, ['unsigned char']],
+    'HvTargetState' : [ 0x32, ['unsigned char']],
+    'Reserved' : [ 0x33, ['unsigned char']],
+    'TargetIdleState' : [ 0x34, ['unsigned long']],
+    'IdlePolicy' : [ 0x38, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x40, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x48, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xdc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xe0, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0xe8, ['long']],
+    'FFHThrottleStateInfo' : [ 0xf0, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x110, ['_KDPC']],
+    'PerfActionMask' : [ 0x150, ['long']],
+    'HvIdleCheck' : [ 0x158, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x168, ['pointer64', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x170, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x178, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x180, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x188, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x190, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x198, ['pointer64', ['_PROC_PERF_HISTORY']]],
+    'ArchitecturalEfficiencyClass' : [ 0x1a0, ['unsigned char']],
+    'PerformanceSchedulingClass' : [ 0x1a1, ['unsigned char']],
+    'EfficiencySchedulingClass' : [ 0x1a2, ['unsigned char']],
+    'GuaranteedPerformancePercent' : [ 0x1a3, ['unsigned char']],
+    'Parked' : [ 0x1a4, ['unsigned char']],
+    'LongPriorQosPeriod' : [ 0x1a5, ['unsigned char']],
+    'LatestAffinitizedPercent' : [ 0x1a6, ['unsigned short']],
+    'LatestPerformancePercent' : [ 0x1a8, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x1ac, ['unsigned long']],
+    'RelativePerformance' : [ 0x1b0, ['unsigned long']],
+    'Utility' : [ 0x1b4, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x1b8, ['unsigned long']],
+    'SnapTimeLast' : [ 0x1c0, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x1c0, ['unsigned long long']],
+    'ActiveTime' : [ 0x1c8, ['unsigned long long']],
+    'TotalTime' : [ 0x1d0, ['unsigned long long']],
+    'FxDevice' : [ 0x1d8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'LastQosTranstionTsc' : [ 0x1e0, ['unsigned long long']],
+    'QosTransitionHysteresis' : [ 0x1e8, ['unsigned long long']],
+    'RequestedQosClass' : [ 0x1f0, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'ResolvedQosClass' : [ 0x1f4, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'QosEquivalencyMask' : [ 0x1f8, ['unsigned short']],
+    'HwFeedbackTableIndex' : [ 0x1fa, ['unsigned short']],
+    'HwFeedbackParkHint' : [ 0x1fc, ['unsigned char']],
+    'HwFeedbackPerformanceClass' : [ 0x1fd, ['unsigned char']],
+    'HwFeedbackEfficiencyClass' : [ 0x1fe, ['unsigned char']],
+    'HeteroCoreType' : [ 0x1ff, ['unsigned char']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x340, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'CloneHeaderCount' : [ 0x18, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x20, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x38, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x50, ['unsigned long long']],
+    'AttemptForCantExtend' : [ 0x58, ['_MMPAGE_FILE_EXPANSION']],
+    'DereferenceSegmentHeader' : [ 0xb0, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x100, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x110, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0x150, ['unsigned char']],
+    'SegmentDereferenceThreadExists' : [ 0x151, ['unsigned char']],
+    'SegmentDereferenceActiveControlArea' : [ 0x158, ['pointer64', ['void']]],
+    'UnusedSegmentPagedPool' : [ 0x160, ['unsigned long long']],
+    'UnusedSegmentList' : [ 0x168, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0x178, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0x188, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0x198, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x1b0, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0x1b8, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0x1d0, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x1f0, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0x200, ['_EX_PUSH_LOCK']],
+    'PagefileExtensionWaiters' : [ 0x208, ['unsigned long']],
+    'PagefileExtensionRequests' : [ 0x20c, ['unsigned long']],
+    'PagefileExtensionWaitEvent' : [ 0x210, ['_KEVENT']],
+    'SharedCharges' : [ 0x228, ['array', 7, ['_MI_CROSS_PARTITION_CHARGES']]],
+    'SharedChargesDrainEvent' : [ 0x308, ['pointer64', ['_KEVENT']]],
+    'ControlAreasDrainEvent' : [ 0x310, ['pointer64', ['_KEVENT']]],
+    'CloneHeaderDrainEvent' : [ 0x318, ['pointer64', ['_KEVENT']]],
+    'ProbeRundownReference' : [ 0x320, ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_BUS_HANDLER' : [ 0xb0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ConfigurationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'Cmos', 1: u'EisaConfiguration', 2: u'Pos', 3: u'CbusConfiguration', 4: u'PCIConfiguration', 5: u'VMEConfiguration', 6: u'NuBusConfiguration', 7: u'PCMCIAConfiguration', 8: u'MPIConfiguration', 9: u'MPSAConfiguration', 10: u'PNPISAConfiguration', 11: u'SgiInternalConfiguration', 12: u'MaximumBusDataType', -1: u'ConfigurationSpaceUndefined'})]],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ParentHandler' : [ 0x18, ['pointer64', ['_BUS_HANDLER']]],
+    'BusData' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceControlExtensionSize' : [ 0x28, ['unsigned long']],
+    'BusAddresses' : [ 0x30, ['pointer64', ['_SUPPORTED_RANGES']]],
+    'Reserved' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'GetBusData' : [ 0x48, ['pointer64', ['void']]],
+    'SetBusData' : [ 0x50, ['pointer64', ['void']]],
+    'AdjustResourceList' : [ 0x58, ['pointer64', ['void']]],
+    'AssignSlotResources' : [ 0x60, ['pointer64', ['void']]],
+    'TranslateBusAddress' : [ 0x68, ['pointer64', ['void']]],
+    'Spare1' : [ 0x70, ['pointer64', ['void']]],
+    'Spare2' : [ 0x78, ['pointer64', ['void']]],
+    'Spare3' : [ 0x80, ['pointer64', ['void']]],
+    'Spare4' : [ 0x88, ['pointer64', ['void']]],
+    'Spare5' : [ 0x90, ['pointer64', ['void']]],
+    'Spare6' : [ 0x98, ['pointer64', ['void']]],
+    'Spare7' : [ 0xa0, ['pointer64', ['void']]],
+    'Spare8' : [ 0xa8, ['pointer64', ['void']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x18, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_DEVICE' : [ 0x3e0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DevNode' : [ 0x30, ['pointer64', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x50, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x58, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x68, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x70, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0xb8, ['pointer64', ['void']]],
+    'AcpiLink' : [ 0xc0, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0xd0, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0xe0, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x100, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x120, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0x158, ['unsigned long long']],
+    'IdleTimer' : [ 0x160, ['_KTIMER']],
+    'IdleDpc' : [ 0x1a0, ['_KDPC']],
+    'IdleTimeout' : [ 0x1e0, ['unsigned long long']],
+    'IdleStamp' : [ 0x1e8, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x1f0, ['array', 2, ['pointer64', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x200, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x208, ['array', 2, ['pointer64', ['void']]]],
+    'NextIrpCallerContext' : [ 0x218, ['array', 2, ['pointer64', ['void']]]],
+    'IrpCompleteEvent' : [ 0x228, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x240, ['pointer64', ['void']]],
+    'Accounting' : [ 0x248, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x328, ['unsigned long']],
+    'ComponentCount' : [ 0x32c, ['unsigned long']],
+    'Components' : [ 0x330, ['pointer64', ['pointer64', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x338, ['unsigned long']],
+    'Log' : [ 0x340, ['pointer64', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x348, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x350, ['pointer64', ['_DRIVER_OBJECT']]],
+    'DripsWatchdogContext' : [ 0x358, ['_POP_FX_DRIPS_WATCHDOG_CONTEXT']],
+    'DirectedTimeout' : [ 0x380, ['unsigned long']],
+    'DirectedWorkOrder' : [ 0x388, ['_POP_FX_WORK_ORDER']],
+    'DirectedTransitionCallCount' : [ 0x3c0, ['long']],
+    'DirectedTransitionCompletionContext' : [ 0x3c8, ['pointer64', ['void']]],
+    'FriendlyName' : [ 0x3d0, ['_UNICODE_STRING']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x80, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x10, ['short']],
+    'SpecialApcDisable' : [ 0x12, ['short']],
+    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
+    'Irql' : [ 0x14, ['unsigned char']],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x8, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 59, native_type='unsigned long long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  'FEATURE_STATE_CHANGE_SUBSCRIPTION__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PrefetchSystemVmType' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'VaPrefetchReadBlock' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CollidedFlowThrough' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ForceCollisions' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InPageExpanded' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IssuedAtLowPriority' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FaultFromStore' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ClusteredPagePriority' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'MakeClusterValid' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PerformRelocations' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ZeroLastPage' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'UserFault' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StandbyProtectionNeeded' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PteChanged' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PageFileFault' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'PageFilePageHashActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoalescedIo' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VmLockNotNeeded' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer64', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Processors' : [ 0x8, ['unsigned long']],
+    'ActiveProcessors' : [ 0xc, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_RTL_HP_SUB_ALLOCATOR_CONFIGS' : [ 0x8, {
+    'LfhConfigs' : [ 0x0, ['_RTL_HP_LFH_CONFIG']],
+    'VsConfigs' : [ 0x4, ['_RTL_HP_VS_CONFIG']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0x18, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SepCachedHandlesEntryLowbox', 1: u'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x8, ['pointer64', ['void']]],
+    'IsolationPrefix' : [ 0x8, ['_UNICODE_STRING']],
+} ],
+  '_MI_ULTRA_MDL_NODE' : [ 0x200, {
+    'UltraMdlMaps' : [ 0x0, ['array', 8, ['_MI_ALIGNED_SLIST']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0xc0, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['long']],
+} ],
+  '_LEAP_SECOND_DATA' : [ 0x10, {
+    'Enabled' : [ 0x0, ['unsigned char']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['array', 1, ['_LARGE_INTEGER']]],
+} ],
+  '__unnamed_2b01' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2b03' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2b01']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x60, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x40, ['pointer64', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x48, ['_LIST_ENTRY']],
+    'Specific' : [ 0x58, ['__unnamed_2b03']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x38, ['long']],
+    'PnpDeviceCompletionQueueWatchdogLock' : [ 0x40, ['_FAST_MUTEX']],
+    'Watchdog' : [ 0x78, ['pointer64', ['_PNP_WATCHDOG']]],
+} ],
+  '_ETW_STACK_TRACE_BLOCK' : [ 0x80, {
+    'RelatedTimestamp' : [ 0x0, ['_LARGE_INTEGER']],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackWalkDpc' : [ 0x10, ['_KDPC']],
+    'ApcListHead' : [ 0x50, ['_SLIST_HEADER']],
+    'ApcEntry' : [ 0x60, ['pointer64', ['_ETW_APC_ENTRY']]],
+    'ApcEntryCount' : [ 0x68, ['unsigned long']],
+    'Flags' : [ 0x6c, ['long']],
+    'ApcCount' : [ 0x70, ['long']],
+    'MaxApcCount' : [ 0x74, ['long']],
+} ],
+  '_EVENT_FILTER_LEVEL_KW' : [ 0x18, {
+    'MatchAnyKeyword' : [ 0x0, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x8, ['unsigned long long']],
+    'Level' : [ 0x10, ['unsigned char']],
+    'FilterIn' : [ 0x11, ['unsigned char']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '__unnamed_2b22' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x58, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x20, ['unsigned long long']],
+    'ActualExpansion' : [ 0x28, ['unsigned long long']],
+    'Event' : [ 0x30, ['_KEVENT']],
+    'InProgress' : [ 0x48, ['long']],
+    'u1' : [ 0x4c, ['__unnamed_2b22']],
+    'ActiveEntry' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x160, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb8, ['array', 21, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  'wil_details_StagingConfigWnfStateName' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MAP_REGISTER_ENTRY' : [ 0x10, {
+    'MapRegister' : [ 0x0, ['pointer64', ['void']]],
+    'WriteToDevice' : [ 0x8, ['unsigned char']],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x58, {
+    'Context' : [ 0x0, ['pointer64', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x4c, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x50, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x70, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceReasonUnknown', 1: u'RebalanceReasonRequirementsChanged', 2: u'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceFailureNone', 1: u'RebalanceFailureDisabled', 2: u'RebalanceFailureNoMemory', 3: u'RebalanceFailureQueryStopUnexpectedVeto', 4: u'RebalanceFailureNoRequirements', 5: u'RebalanceFailureNoCandidates', 6: u'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x20, ['unsigned char']],
+    'TriggerRoot' : [ 0x28, ['pointer64', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x30, ['unsigned char']],
+    'BeginTime' : [ 0x38, ['unsigned long long']],
+    'VetoNode' : [ 0x40, ['array', 2, ['pointer64', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x50, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceQueryRebalanceSucceeded', 1: u'DeviceQueryStopFailed', 2: u'DeviceFailedGetNewResourceRequirement', 3: u'DeviceInUnexpectedState', 4: u'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x58, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  'wil_details_VariantProperties' : [ 0x4, {
+    'enabledState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'isVariant' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'queuedForReporting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'hasNotificationState' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'recordedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'variant' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 13, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HMAP_ENTRY' : [ 0x18, {
+    'BlockOffset' : [ 0x0, ['unsigned long long']],
+    'PermanentBinAddress' : [ 0x8, ['unsigned long long']],
+    'MemAlloc' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2b78' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x118, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x58, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x68, ['array', 3, ['__unnamed_2b78']]],
+    'WakeAlarmPaused' : [ 0xb0, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb8, ['unsigned long long']],
+    'DozeDeferralStartTime' : [ 0xc0, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc8, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_WNF_LOCK' : [ 0x8, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  '_RELATION_LIST' : [ 0x10, {
+    'DeviceObjectList' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x8, ['unsigned char']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_ISR_THUNK' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x68, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x18, ['unsigned char']],
+    'ThreadPriorityStatic' : [ 0x19, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x1c, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x40, ['long']],
+    'Gate' : [ 0x48, ['_KGATE']],
+    'ThreadContext' : [ 0x60, ['pointer64', ['_MI_ZERO_THREAD_CONTEXT']]],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x48, {
+    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
+    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
+    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
+    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
+    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
+    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
+    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
+    'DripsWatchdogCallback' : [ 0x38, ['pointer64', ['void']]],
+    'DirectedPowerTransitionCallback' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x10, ['pointer64', ['void']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'SharedWaiters' : [ 0x20, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x28, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'ReservedWin64OnlyPointer' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 48, native_type='unsigned long long')]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_GIC' : [ 0x4, {
+    'LineNumber' : [ 0x0, ['unsigned long']],
+} ],
+  '_WAITING_IRP' : [ 0x40, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'Information' : [ 0x30, ['unsigned long']],
+    'BreakAllRH' : [ 0x34, ['unsigned char']],
+    'OplockBreakNotify' : [ 0x35, ['unsigned char']],
+    'FileObject' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_MI_DYNAMIC_BITMAP' : [ 0x48, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'MaximumSize' : [ 0x10, ['unsigned long long']],
+    'Hint' : [ 0x18, ['unsigned long long']],
+    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
+    'SizeTopDown' : [ 0x28, ['unsigned long long']],
+    'HintTopDown' : [ 0x30, ['unsigned long long']],
+    'BaseVaTopDown' : [ 0x38, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x90, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
+    'UnscaledTime' : [ 0x30, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x38, ['long long']],
+    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
+    'UserTimeLast' : [ 0x60, ['unsigned long']],
+    'KernelTimeLast' : [ 0x64, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x68, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x70, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x78, ['unsigned long long']],
+    'StallTime' : [ 0x80, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x88, ['unsigned char']],
+    'CounterDiscardsIdleTime' : [ 0x89, ['unsigned char']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
+    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'DiscardIdleTime' : [ 0x22, ['unsigned char']],
+    'Scaling' : [ 0x23, ['unsigned char']],
+    'Context' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'Hint' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_PEB64' : [ 0x7c8, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'SharedData' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'FlsCallback' : [ 0x320, ['unsigned long long']],
+    'FlsListHead' : [ 0x328, ['LIST_ENTRY64']],
+    'FlsBitmap' : [ 0x338, ['unsigned long long']],
+    'FlsBitmapBits' : [ 0x340, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x350, ['unsigned long']],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pUnused' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['LIST_ENTRY64']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['unsigned long long']]],
+    'TelemetryCoverageHeader' : [ 0x7a0, ['unsigned long long']],
+    'CloudFileFlags' : [ 0x7a8, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x7ac, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x7b0, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x7b1, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x7b8, ['unsigned long long']],
+    'LeapSecondFlags' : [ 0x7c0, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x7c0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x7c0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x7c4, ['unsigned long']],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned short']],
+    'Flags' : [ 0x5a, ['unsigned char']],
+    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
+    'SiloState' : [ 0x98, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  'wil_details_FeatureProperties' : [ 0x4, {
+    'enabledState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'isVariant' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'queuedForReporting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'hasNotificationState' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'usageCount' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 15, native_type='unsigned long')]],
+    'usageCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'reportedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'reportedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'reportedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'reportedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'recordedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'recordedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'recordedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'recordedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'opportunityCount' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 31, native_type='unsigned long')]],
+    'opportunityCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x1c8, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x30, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x50, ['unsigned long']],
+    'ClonedPageCount' : [ 0x58, ['unsigned long long']],
+    'CurrentMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x68, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x70, ['unsigned long long']],
+    'LoaderMdl' : [ 0x78, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x80, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x88, ['unsigned long long']],
+    'IoPages' : [ 0x90, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x98, ['unsigned long']],
+    'CurrentMcb' : [ 0xa0, ['pointer64', ['void']]],
+    'DumpStack' : [ 0xa8, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0xb0, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0xb8, ['unsigned long']],
+    'Status' : [ 0xbc, ['long']],
+    'GraphicsProc' : [ 0xc0, ['unsigned long']],
+    'MemoryImage' : [ 0xc8, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0xd8, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0xe0, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0xe8, ['pointer64', ['void']]],
+    'ResumeContext' : [ 0xf0, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0xf8, ['unsigned long']],
+    'SecurePages' : [ 0xfc, ['unsigned long']],
+    'ProcessorCount' : [ 0x100, ['unsigned long']],
+    'ProcessorContext' : [ 0x108, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0x110, ['pointer64', ['unsigned char']]],
+    'ProdConsSize' : [ 0x118, ['unsigned long']],
+    'MaxDataPages' : [ 0x11c, ['unsigned long']],
+    'ExtraBuffer' : [ 0x120, ['pointer64', ['void']]],
+    'ExtraBufferSize' : [ 0x128, ['unsigned long long']],
+    'ExtraMapVa' : [ 0x130, ['pointer64', ['void']]],
+    'BitlockerKeyPFN' : [ 0x138, ['unsigned long long']],
+    'IoInfo' : [ 0x140, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x1b0, ['pointer64', ['wchar']]],
+    'IoChecksumsSize' : [ 0x1b8, ['unsigned long long']],
+    'HardwareConfigurationSignature' : [ 0x1c0, ['unsigned long']],
+    'IumEnabled' : [ 0x1c4, ['unsigned char']],
+    'SecureBoot' : [ 0x1c5, ['unsigned char']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_MI_HUGE_SYSTEM_VIEW_HEAD' : [ 0x10, {
+    'ViewRoot' : [ 0x0, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['long']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2c0c' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_2c0c']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long long']],
+    'TotalCommitLimitMaximum' : [ 0x8, ['unsigned long long']],
+    'Popups' : [ 0x10, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x18, ['unsigned long long']],
+    'HighCommitThreshold' : [ 0x20, ['unsigned long long']],
+    'EventLock' : [ 0x28, ['unsigned long long']],
+    'SystemCommitReserve' : [ 0x30, ['unsigned long long']],
+    'OverCommit' : [ 0x40, ['unsigned long long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x58, {
+    'Sibling' : [ 0x0, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
+    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
+    'Code' : [ 0x20, ['unsigned long']],
+    'Parameter1' : [ 0x28, ['unsigned long long']],
+    'Parameter2' : [ 0x30, ['unsigned long long']],
+    'Parameter3' : [ 0x38, ['unsigned long long']],
+    'Parameter4' : [ 0x40, ['unsigned long long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'StackLimitHits' : [ 0x8038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
+    'TotalReleases' : [ 0x8048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
+    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
+    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8168, ['long']],
+    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'DebuggerStackLimits', 8: u'NmiStackLimits', 9: u'MachineCheckStackLimits', 10: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
+    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x3e0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long long']],
+    'HiberFlags' : [ 0x38, ['unsigned char']],
+    'spare' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'NoFreePages' : [ 0x48, ['unsigned long']],
+    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
+    'WakeCheck' : [ 0x50, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
+    'FirstSecureRestorePage' : [ 0x60, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x68, ['unsigned long long']],
+    'FirstKernelRestorePage' : [ 0x70, ['unsigned long long']],
+    'FirstChecksumRestorePage' : [ 0x78, ['unsigned long long']],
+    'NoChecksumEntries' : [ 0x80, ['unsigned long long']],
+    'PerfInfo' : [ 0x88, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x280, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x288, ['array', 1, ['unsigned long long']]],
+    'SpareUlong' : [ 0x290, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x294, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x298, ['array', 24, ['unsigned long long']]],
+    'NotUsed' : [ 0x358, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x35c, ['unsigned long']],
+    'ResumeContextPages' : [ 0x360, ['unsigned long']],
+    'Hiberboot' : [ 0x364, ['unsigned char']],
+    'SecureLaunched' : [ 0x365, ['unsigned char']],
+    'SecureBoot' : [ 0x366, ['unsigned char']],
+    'HvCr3' : [ 0x368, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x370, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x378, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x380, ['unsigned long long']],
+    'BootFlags' : [ 0x388, ['unsigned long long']],
+    'RestoreProcessorStateRoutine' : [ 0x390, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x398, ['unsigned long long']],
+    'BitlockerKeyPfns' : [ 0x3a0, ['array', 4, ['unsigned long long']]],
+    'HardwareSignature' : [ 0x3c0, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x3d0, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x3d4, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x3d5, ['unsigned char']],
+    'HiberResumeXhciHandoffSkip' : [ 0x3d6, ['unsigned char']],
+    'InitializeUSBCore' : [ 0x3d7, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x3d8, ['unsigned char']],
+    'USBCoreId' : [ 0x3d9, ['unsigned char']],
+    'SkipMemoryMapValidation' : [ 0x3da, ['unsigned char']],
+} ],
+  'DEBUG_MEMORY_REQUIREMENTS' : [ 0x20, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'MaxEnd' : [ 0x8, ['_LARGE_INTEGER']],
+    'VirtualAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'Cached' : [ 0x1c, ['unsigned char']],
+    'Aligned' : [ 0x1d, ['unsigned char']],
+} ],
+  'DEBUG_DEVICE_ADDRESS' : [ 0x18, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Valid' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 2, ['unsigned char']]],
+    'BitWidth' : [ 0x2, ['unsigned char']],
+    'AccessSize' : [ 0x3, ['unsigned char']],
+    'TranslatedAddress' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x50, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x8, ['long']],
+    'PrefetchSeekThreshold' : [ 0xc, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x30, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x34, ['unsigned long']],
+    'DelayPageFaults' : [ 0x38, ['long']],
+    'FileCompressionBoundary' : [ 0x3c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x40, ['unsigned char']],
+} ],
+  '__unnamed_2c68' : [ 0x4, {
+    'EntryBecameEmpty' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'AllFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_SLAB_ALLOCATOR_CONTEXT' : [ 0x48, {
+    'AllocationsTree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x10, ['long']],
+    'SlabEntryHint' : [ 0x18, ['pointer64', ['_MI_SLAB_ALLOCATOR_ENTRY']]],
+    'FreePageCount' : [ 0x20, ['unsigned long long']],
+    'SlabEntryCount' : [ 0x28, ['unsigned long long']],
+    'Protection' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'MiSlabAllocatorProtectionReadExecute', 1: u'MiSlabAllocatorProtectionReadOnly', 2: u'MiSlabAllocatorProtectionNoAccess', 3: u'MiSlabAllocatorProtectionMax'})]],
+    'Flags' : [ 0x34, ['__unnamed_2c68']],
+    'LastReplenishTime' : [ 0x38, ['unsigned long long']],
+    'LastFailureTime' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x90, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long long']],
+    'PfnDecayFreeSList' : [ 0x10, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x28, ['_KDPC']],
+    'PageHeatListSlist' : [ 0x70, ['_SLIST_HEADER']],
+    'PageHeatListDisableAllocation' : [ 0x80, ['long']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x8, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x150, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x108, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x20, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_PCI' : [ 0x10, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'PciSegmentNumber' : [ 0x0, ['unsigned short']],
+    'PhantomFunctionBits' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned short')]],
+    'BusRange' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DevicePathLength' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'StartBusNumber' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Bdf' : [ 0x4, ['unsigned short']],
+    'SubordinateBus' : [ 0x4, ['unsigned char']],
+    'SecondaryBus' : [ 0x5, ['unsigned char']],
+    'DevicePath' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x38, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long long']]],
+    'InitialInPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x10, ['pointer64', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x18, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PTE_TRACKER' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x28, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0x18, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0x120, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
+    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x40, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x50, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x60, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x70, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x78, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x7c, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x80, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x84, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x88, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x8c, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x90, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0xa0, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0xb0, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0xc0, ['pointer64', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0xc8, ['unsigned long']],
+    'HybridPriority' : [ 0xc8, ['unsigned long']],
+    'PageFileNumber' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'Spare0' : [ 0xcc, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0xce, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0xce, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0xcf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0xcf, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0xd0, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0xd4, ['unsigned long']],
+    'PageHash' : [ 0xd8, ['pointer64', ['unsigned long']]],
+    'FileHandle' : [ 0xe0, ['pointer64', ['void']]],
+    'Lock' : [ 0xe8, ['unsigned long long']],
+    'LockOwner' : [ 0xf0, ['pointer64', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0xf8, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x100, ['pointer64', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x108, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x20, ['long']],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned short']],
+    'Flags' : [ 0x16, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x28, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ActiveZeroSpinLock' : [ 0x10, ['long']],
+    'ActiveZeroThreadTree' : [ 0x18, ['_RTL_AVL_TREE']],
+    'NumberOfLargePageListHeads' : [ 0x20, ['unsigned long']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x30, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x20, ['unsigned long']],
+    'ModuleSize' : [ 0x24, ['unsigned long']],
+    'Offset' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_2cc6' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2cc8' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2cc6']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2cc8']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x10, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x70, {
+    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x10, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
+    'RequestSize' : [ 0x28, ['unsigned long long']],
+    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x38, ['unsigned long long']],
+    'Buffer' : [ 0x40, ['pointer64', ['void']]],
+    'AsyncCapable' : [ 0x48, ['unsigned char']],
+    'BytesToRead' : [ 0x50, ['unsigned long long']],
+    'Pages' : [ 0x58, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x60, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x68, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x58, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'AppContainerNumber' : [ 0x30, ['unsigned long']],
+    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
+    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
+    'SecurityAttributes' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x8, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 62, native_type='unsigned long long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+    'Lock' : [ 0x0, ['long long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x18, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0x10, ['pointer64', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_DMA_IOMMU_INTERFACE' : [ 0x70, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'CreateDomain' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteDomain' : [ 0x10, ['pointer64', ['void']]],
+    'AttachDevice' : [ 0x18, ['pointer64', ['void']]],
+    'DetachDevice' : [ 0x20, ['pointer64', ['void']]],
+    'FlushDomain' : [ 0x28, ['pointer64', ['void']]],
+    'FlushDomainByVaList' : [ 0x30, ['pointer64', ['void']]],
+    'QueryInputMappings' : [ 0x38, ['pointer64', ['void']]],
+    'MapLogicalRange' : [ 0x40, ['pointer64', ['void']]],
+    'UnmapLogicalRange' : [ 0x48, ['pointer64', ['void']]],
+    'MapIdentityRange' : [ 0x50, ['pointer64', ['void']]],
+    'UnmapIdentityRange' : [ 0x58, ['pointer64', ['void']]],
+    'SetDeviceFaultReporting' : [ 0x60, ['pointer64', ['void']]],
+    'ConfigureDomain' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['unsigned long long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Pattern' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2d39' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_2d39']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'Counters' : [ 0x2c, ['array', 2, ['unsigned long']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '__unnamed_2d4b' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_2d4e' : [ 0x8, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x88, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x40, ['__unnamed_2d4b']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u4' : [ 0x78, ['__unnamed_2d4e']],
+    'FileObject' : [ 0x80, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_CMSI_PROCESS_TUPLE' : [ 0x10, {
+    'ProcessHandle' : [ 0x0, ['pointer64', ['void']]],
+    'ProcessReference' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HEAP_FAILURE_INFORMATION' : [ 0x6d0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'StructureSize' : [ 0x4, ['unsigned long']],
+    'FailureType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'heap_failure_internal', 1: u'heap_failure_unknown', 2: u'heap_failure_generic', 3: u'heap_failure_entry_corruption', 4: u'heap_failure_multiple_entries_corruption', 5: u'heap_failure_virtual_block_corruption', 6: u'heap_failure_buffer_overrun', 7: u'heap_failure_buffer_underrun', 8: u'heap_failure_block_not_busy', 9: u'heap_failure_invalid_argument', 10: u'heap_failure_invalid_allocation_type', 11: u'heap_failure_usage_after_free', 12: u'heap_failure_cross_heap_operation', 13: u'heap_failure_freelists_corruption', 14: u'heap_failure_listentry_corruption', 15: u'heap_failure_lfh_bitmap_mismatch', 16: u'heap_failure_segment_lfh_bitmap_corruption', 17: u'heap_failure_segment_lfh_double_free', 18: u'heap_failure_vs_subsegment_corruption', 19: u'heap_failure_null_heap', 20: u'heap_failure_allocation_limit', 21: u'heap_failure_commit_limit'})]],
+    'HeapAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Address' : [ 0x18, ['pointer64', ['void']]],
+    'Param1' : [ 0x20, ['pointer64', ['void']]],
+    'Param2' : [ 0x28, ['pointer64', ['void']]],
+    'Param3' : [ 0x30, ['pointer64', ['void']]],
+    'PreviousBlock' : [ 0x38, ['pointer64', ['void']]],
+    'NextBlock' : [ 0x40, ['pointer64', ['void']]],
+    'ExpectedDecodedEntry' : [ 0x48, ['_FAKE_HEAP_ENTRY']],
+    'StackTrace' : [ 0x58, ['array', 32, ['pointer64', ['void']]]],
+    'HeapMajorVersion' : [ 0x158, ['unsigned char']],
+    'HeapMinorVersion' : [ 0x159, ['unsigned char']],
+    'ExceptionRecord' : [ 0x160, ['_EXCEPTION_RECORD']],
+    'ContextRecord' : [ 0x200, ['_CONTEXT']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x88, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
+    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
+    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsFlags' : [ 0x50, ['unsigned long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x120, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ChpeImage' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x90, ['pointer64', ['void']]],
+    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0xb0, ['pointer64', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
+    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
+    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0xf8, ['unsigned long long']],
+    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
+    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', 7: u'LoadReasonEnclavePrimary', 8: u'LoadReasonEnclaveDependency', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
+    'ReferenceCount' : [ 0x114, ['unsigned long']],
+    'DependentLoadFlags' : [ 0x118, ['unsigned long']],
+    'SigningLevel' : [ 0x11c, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x18, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2d81' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2d83' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_2d85' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_2d81']],
+    'e2' : [ 0x0, ['__unnamed_2d83']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_2d85']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x2c0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x58, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0xb0, ['unsigned long long']],
+    'NumberOfMappedMdlsInUse' : [ 0xb8, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0xbc, ['unsigned long']],
+    'MappedFileHeader' : [ 0xc0, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0xe8, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0xe9, ['unsigned char']],
+    'ModwriterActive' : [ 0xea, ['unsigned char']],
+    'TransitionInserted' : [ 0xeb, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0xec, ['long']],
+    'LastMappedWriteError' : [ 0xf0, ['long']],
+    'MappedFileWriteSucceeded' : [ 0xf4, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0xf8, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xfc, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0x100, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0x118, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0x120, ['unsigned long long']],
+    'ModifiedPageWriterEvent' : [ 0x128, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0x140, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0x158, ['long']],
+    'WriteAllMappedPages' : [ 0x15c, ['long']],
+    'MappedPageWriterEvent' : [ 0x160, ['_KEVENT']],
+    'ModWriteData' : [ 0x178, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x1b8, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x1d0, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x1f8, ['pointer64', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x200, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x208, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x228, ['unsigned long']],
+    'ClusterRestrictionLock' : [ 0x22c, ['long']],
+    'ClusterRestrictions' : [ 0x230, ['array', 2, ['_MI_RESTRICTED_MODWRITES']]],
+    'NotifyStoreMemoryConditions' : [ 0x238, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x250, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x254, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x258, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x260, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x280, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x288, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x2a8, ['long']],
+    'WorkingSetSwapLock' : [ 0x2b0, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x2b8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer64', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x10, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x8, ['long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_HAL_INTEL_ENLIGHTENMENT_INFORMATION' : [ 0x1e0, {
+    'Enlightenments' : [ 0x0, ['unsigned long']],
+    'HypervisorConnected' : [ 0x4, ['unsigned long']],
+    'EndOfInterrupt' : [ 0x8, ['pointer64', ['void']]],
+    'ApicWriteIcr' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved0' : [ 0x18, ['unsigned long']],
+    'SpinCountMask' : [ 0x1c, ['unsigned long']],
+    'LongSpinWait' : [ 0x20, ['pointer64', ['void']]],
+    'GetReferenceTime' : [ 0x28, ['pointer64', ['void']]],
+    'SetSystemSleepProperty' : [ 0x30, ['pointer64', ['void']]],
+    'EnterSleepState' : [ 0x38, ['pointer64', ['void']]],
+    'NotifyDebugDeviceAvailable' : [ 0x40, ['pointer64', ['void']]],
+    'MapDeviceInterrupt' : [ 0x48, ['pointer64', ['void']]],
+    'UnmapDeviceInterrupt' : [ 0x50, ['pointer64', ['void']]],
+    'RetargetDeviceInterrupt' : [ 0x58, ['pointer64', ['void']]],
+    'SetHpetConfig' : [ 0x60, ['pointer64', ['void']]],
+    'NotifyHpetEnabled' : [ 0x68, ['pointer64', ['void']]],
+    'QueryAssociatedProcessors' : [ 0x70, ['pointer64', ['void']]],
+    'ReadMultipleMsr' : [ 0x78, ['pointer64', ['void']]],
+    'WriteMultipleMsr' : [ 0x80, ['pointer64', ['void']]],
+    'ReadCpuid' : [ 0x88, ['pointer64', ['void']]],
+    'LpWritebackInvalidate' : [ 0x90, ['pointer64', ['void']]],
+    'GetMachineCheckContext' : [ 0x98, ['pointer64', ['void']]],
+    'SuspendPartition' : [ 0xa0, ['pointer64', ['void']]],
+    'ResumePartition' : [ 0xa8, ['pointer64', ['void']]],
+    'SetSystemMachineCheckProperty' : [ 0xb0, ['pointer64', ['void']]],
+    'WheaErrorNotification' : [ 0xb8, ['pointer64', ['void']]],
+    'GetProcessorIndexFromVpIndex' : [ 0xc0, ['pointer64', ['void']]],
+    'SyntheticClusterIpi' : [ 0xc8, ['pointer64', ['void']]],
+    'VpStartEnabled' : [ 0xd0, ['pointer64', ['void']]],
+    'StartVirtualProcessor' : [ 0xd8, ['pointer64', ['void']]],
+    'GetVpIndexFromApicId' : [ 0xe0, ['pointer64', ['void']]],
+    'IumAccessPciDevice' : [ 0xe8, ['pointer64', ['void']]],
+    'IumEfiRuntimeService' : [ 0xf0, ['pointer64', ['void']]],
+    'SvmGetSystemCapabilities' : [ 0xf8, ['pointer64', ['void']]],
+    'SvmGetDeviceCapabilities' : [ 0x100, ['pointer64', ['void']]],
+    'SvmCreatePasidSpace' : [ 0x108, ['pointer64', ['void']]],
+    'SvmSetPasidAddressSpace' : [ 0x110, ['pointer64', ['void']]],
+    'SvmFlushPasid' : [ 0x118, ['pointer64', ['void']]],
+    'SvmAttachPasidSpace' : [ 0x120, ['pointer64', ['void']]],
+    'SvmDetachPasidSpace' : [ 0x128, ['pointer64', ['void']]],
+    'SvmEnablePasid' : [ 0x130, ['pointer64', ['void']]],
+    'SvmDisablePasid' : [ 0x138, ['pointer64', ['void']]],
+    'SvmAcknowledgePageRequest' : [ 0x140, ['pointer64', ['void']]],
+    'SvmCreatePrQueue' : [ 0x148, ['pointer64', ['void']]],
+    'SvmDeletePrQueue' : [ 0x150, ['pointer64', ['void']]],
+    'SvmClearPrqStalled' : [ 0x158, ['pointer64', ['void']]],
+    'SvmSetDeviceEnabled' : [ 0x160, ['pointer64', ['void']]],
+    'HvDebuggerPowerHandler' : [ 0x168, ['pointer64', ['void']]],
+    'SetQpcBias' : [ 0x170, ['pointer64', ['void']]],
+    'GetQpcBias' : [ 0x178, ['pointer64', ['void']]],
+    'RegisterDeviceId' : [ 0x180, ['pointer64', ['void']]],
+    'UnregisterDeviceId' : [ 0x188, ['pointer64', ['void']]],
+    'AllocateDeviceDomain' : [ 0x190, ['pointer64', ['void']]],
+    'AttachDeviceDomain' : [ 0x198, ['pointer64', ['void']]],
+    'DetachDeviceDomain' : [ 0x1a0, ['pointer64', ['void']]],
+    'DeleteDeviceDomain' : [ 0x1a8, ['pointer64', ['void']]],
+    'MapDeviceLogicalRange' : [ 0x1b0, ['pointer64', ['void']]],
+    'UnmapDeviceLogicalRange' : [ 0x1b8, ['pointer64', ['void']]],
+    'MapDeviceSparsePages' : [ 0x1c0, ['pointer64', ['void']]],
+    'UnmapDeviceSparsePages' : [ 0x1c8, ['pointer64', ['void']]],
+    'GetDmaGuardEnabled' : [ 0x1d0, ['pointer64', ['void']]],
+    'UpdateMicrocode' : [ 0x1d8, ['pointer64', ['void']]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0xe0, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned char']],
+    'DripsRequiredState' : [ 0xc, ['unsigned long']],
+    'Level' : [ 0x10, ['long']],
+    'ActiveStamp' : [ 0x18, ['long long']],
+    'CsActiveTimeAccounting' : [ 0x20, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+    'CsCriticalActiveTimeAccounting' : [ 0x80, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_DOMAIN_CONFIGURATION' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DomainConfigurationArm64', 1: u'DomainConfigurationInvalid'})]],
+    'Arm64' : [ 0x8, ['_DOMAIN_CONFIGURATION_ARM64']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+} ],
+  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
+    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
+    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'SizeOfTable' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x50, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer64', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MI_FREE_LARGE_PAGE_LIST' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x1b0, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x60, ['long']],
+    'ActiveEvent' : [ 0x68, ['_KEVENT']],
+    'IdleLock' : [ 0x80, ['unsigned long long']],
+    'IdleConditionComplete' : [ 0x88, ['long']],
+    'IdleStateComplete' : [ 0x8c, ['long']],
+    'IdleStamp' : [ 0x90, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x98, ['unsigned long']],
+    'IdleStateCount' : [ 0x9c, ['unsigned long']],
+    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
+    'ProviderCount' : [ 0xac, ['unsigned long']],
+    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
+    'DependentCount' : [ 0xbc, ['unsigned long']],
+    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0x1a8, ['pointer64', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_DYNAMIC_FUNCTION_TABLE' : [ 0x70, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
+    'MinimumAddress' : [ 0x20, ['unsigned long long']],
+    'MaximumAddress' : [ 0x28, ['unsigned long long']],
+    'BaseAddress' : [ 0x30, ['unsigned long long']],
+    'Callback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['wchar']]],
+    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'RF_SORTED', 1: u'RF_UNSORTED', 2: u'RF_CALLBACK', 3: u'RF_KERNEL_DYNAMIC'})]],
+    'EntryCount' : [ 0x54, ['unsigned long']],
+    'TreeNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x20, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '__unnamed_2e7d' : [ 0x10, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Arm' : [ 0x0, ['_ARM_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0x160, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OsLoaderSecurityVersion' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'EarlyLaunchListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'CoreDriverListHead' : [ 0x50, ['_LIST_ENTRY']],
+    'CoreExtensionsDriverListHead' : [ 0x60, ['_LIST_ENTRY']],
+    'TpmCoreDriverListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x80, ['unsigned long long']],
+    'Prcb' : [ 0x88, ['unsigned long long']],
+    'Process' : [ 0x90, ['unsigned long long']],
+    'Thread' : [ 0x98, ['unsigned long long']],
+    'KernelStackSize' : [ 0xa0, ['unsigned long']],
+    'RegistryLength' : [ 0xa4, ['unsigned long']],
+    'RegistryBase' : [ 0xa8, ['pointer64', ['void']]],
+    'ConfigurationRoot' : [ 0xb0, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0xb8, ['pointer64', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'NtBootPathName' : [ 0xc8, ['pointer64', ['unsigned char']]],
+    'NtHalPathName' : [ 0xd0, ['pointer64', ['unsigned char']]],
+    'LoadOptions' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'NlsData' : [ 0xe0, ['pointer64', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0xe8, ['pointer64', ['_ARC_DISK_INFORMATION']]],
+    'Extension' : [ 0xf0, ['pointer64', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0xf8, ['__unnamed_2e7d']],
+    'FirmwareInformation' : [ 0x108, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+    'OsBootstatPathName' : [ 0x148, ['pointer64', ['unsigned char']]],
+    'ArcOSDataDeviceName' : [ 0x150, ['pointer64', ['unsigned char']]],
+    'ArcWindowsSysPartName' : [ 0x158, ['pointer64', ['unsigned char']]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2e85' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_2e85']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x10, ['unsigned char']],
+    'Disowned' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0x12, ['unsigned char']],
+    'IsWaiting' : [ 0x13, ['unsigned char']],
+    'LockAddress' : [ 0x18, ['pointer64', ['void']]],
+    'ThreadAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SublistHead' : [ 0x28, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0x148, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long long']],
+    'NonPagedPoolSListMaximum' : [ 0x8, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x18, ['unsigned long long']],
+    'BadPoolHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x28, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x2c, ['unsigned char']],
+    'PoolFailures' : [ 0x30, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x54, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x80, ['unsigned long long']],
+    'HighPagedPoolThreshold' : [ 0x88, ['unsigned long long']],
+    'PagedPoolSListMaximum' : [ 0x90, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x94, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0xa8, ['unsigned long long']],
+    'SpecialPoolRejected' : [ 0xb0, ['array', 6, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0xc8, ['unsigned long long']],
+    'SpecialPoolPdes' : [ 0xd0, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0xd4, ['unsigned long']],
+    'PermittedFaultsLock' : [ 0xd8, ['long']],
+    'PermittedFaultsTree' : [ 0xe0, ['_RTL_AVL_TREE']],
+    'PermittedFaultsInitialNode' : [ 0xe8, ['array', 2, ['_MI_ACCESS_VIOLATION_RANGE']]],
+    'TotalPagedPoolQuota' : [ 0x138, ['unsigned long long']],
+    'TotalNonPagedPoolQuota' : [ 0x140, ['unsigned long long']],
+} ],
+  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
+    'BeginAddress' : [ 0x0, ['unsigned long']],
+    'EndAddress' : [ 0x4, ['unsigned long']],
+    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
+    'UnwindData' : [ 0x8, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'ConnectLock' : [ 0x8, ['_KEVENT']],
+    'LineMasked' : [ 0x20, ['unsigned char']],
+    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0x18, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x8, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '__unnamed_2ea2' : [ 0x4, {
+    'PageAlignLargeAllocs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_RTL_HP_VS_CONFIG' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_2ea2']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0x180, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaLastRangeIndex' : [ 0x4, ['unsigned long']],
+    'NumaTableCaptured' : [ 0x8, ['unsigned char']],
+    'NodeShift' : [ 0x9, ['unsigned char']],
+    'ChannelShift' : [ 0xa, ['unsigned char']],
+    'NodeGraph' : [ 0x10, ['pointer64', ['wchar']]],
+    'SystemNodeInformation' : [ 0x18, ['pointer64', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaMemoryRanges' : [ 0x20, ['pointer64', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x28, ['pointer64', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'SecondLevelCacheSize' : [ 0x30, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x34, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x38, ['unsigned long']],
+    'ProcessorCachesFlushedOnPowerLoss' : [ 0x3c, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x40, ['unsigned long long']],
+    'SecondaryColorMask' : [ 0x48, ['unsigned long']],
+    'SecondaryColors' : [ 0x4c, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x50, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x54, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x58, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x5c, ['unsigned long']],
+    'InvalidPteMask' : [ 0x80, ['unsigned long long']],
+    'LargePageColors' : [ 0xc0, ['array', 3, ['unsigned long']]],
+    'FlushTbThreshold' : [ 0xd0, ['unsigned long long']],
+    'OptimalZeroingAttribute' : [ 0xd8, ['array', 4, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'MiNonCached', 1: u'MiCached', 2: u'MiWriteCombined', 3: u'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0x118, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x120, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'VsmKernelPageCount' : [ 0x140, ['unsigned long long']],
+    'EnclaveRegions' : [ 0x148, ['_RTL_AVL_TREE']],
+    'EnclaveMetadataPage' : [ 0x150, ['pointer64', ['void']]],
+    'EnclaveMetadataBitMap' : [ 0x158, ['pointer64', ['_RTL_BITMAP']]],
+    'EnclaveMetadataEntryLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'EnclaveMetadataPageLock' : [ 0x168, ['long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x28, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0x18, ['unsigned char']],
+    'BlocksDrips' : [ 0x19, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x1c, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x20, ['pointer64', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_EX_PARTITION' : [ 0x20, {
+    'PartitionObject' : [ 0x0, ['pointer64', ['_EPARTITION']]],
+    'WorkQueues' : [ 0x8, ['pointer64', ['pointer64', ['pointer64', ['_EX_WORK_QUEUE']]]]],
+    'WorkQueueManagers' : [ 0x10, ['pointer64', ['pointer64', ['_EX_WORK_QUEUE_MANAGER']]]],
+    'QueueAllocationMask' : [ 0x18, ['long']],
+} ],
+  '__unnamed_2ec2' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2ec2']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x118, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x100, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x108, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x110, ['unsigned long long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xc8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x38, ['unsigned long long']],
+    'ProbeRaises' : [ 0x40, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x84, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x8c, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x90, ['unsigned long']],
+    'CheckZeroCount' : [ 0x94, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x98, ['long']],
+    'BadPagesDetected' : [ 0x9c, ['long']],
+    'ScrubPasses' : [ 0xa0, ['long']],
+    'ScrubBadPagesFound' : [ 0xa4, ['long']],
+    'UserViewFailures' : [ 0xa8, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0xac, ['unsigned long']],
+    'UserAllocateFailures' : [ 0xb0, ['unsigned long']],
+    'UserAllocateCollisionFailures' : [ 0xb4, ['unsigned long']],
+    'ResavailFailures' : [ 0xb8, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xc0, ['unsigned char']],
+    'InitFailure' : [ 0xc1, ['unsigned char']],
+    'StopBadMaps' : [ 0xc2, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x2a8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0xc0, ['unsigned long long']],
+    'ProcessorCount' : [ 0xc8, ['unsigned long']],
+    'EfficiencyClass' : [ 0xcc, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0xcd, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0xce, ['unsigned char']],
+    'Spare' : [ 0xcf, ['unsigned char']],
+    'Processors' : [ 0xd0, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0xd8, ['pointer64', ['void']]],
+    'TimeWindowHandler' : [ 0xe0, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0xe8, ['pointer64', ['void']]],
+    'BoostModeHandler' : [ 0xf0, ['pointer64', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0xf8, ['pointer64', ['void']]],
+    'AutonomousModeHandler' : [ 0x100, ['pointer64', ['void']]],
+    'ReinitializeHandler' : [ 0x108, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x110, ['pointer64', ['void']]],
+    'PerfControlHandler' : [ 0x118, ['pointer64', ['void']]],
+    'DomainPerfControlHandler' : [ 0x120, ['pointer64', ['void']]],
+    'MaxFrequency' : [ 0x128, ['unsigned long']],
+    'NominalFrequency' : [ 0x12c, ['unsigned long']],
+    'MaxPercent' : [ 0x130, ['unsigned long']],
+    'MinPerfPercent' : [ 0x134, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x138, ['unsigned long']],
+    'AdvertizedMaximumFrequency' : [ 0x13c, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x140, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x148, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x150, ['unsigned char']],
+    'Coordination' : [ 0x151, ['unsigned char']],
+    'HardPlatformCap' : [ 0x152, ['unsigned char']],
+    'AffinitizeControl' : [ 0x153, ['unsigned char']],
+    'EfficientThrottle' : [ 0x154, ['unsigned char']],
+    'AllowSchedulerDirectedPerfStates' : [ 0x155, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x156, ['unsigned char']],
+    'AutonomousMode' : [ 0x157, ['unsigned char']],
+    'ProvideGuidance' : [ 0x158, ['unsigned char']],
+    'DesiredPercent' : [ 0x15c, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x160, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x164, ['unsigned char']],
+    'QosPolicies' : [ 0x168, ['array', 4, ['_PROC_PERF_QOS_CLASS_POLICY']]],
+    'QosDisableReasons' : [ 0x1d8, ['array', 4, ['unsigned long']]],
+    'QosEquivalencyMasks' : [ 0x1e8, ['array', 4, ['unsigned short']]],
+    'QosSupported' : [ 0x1f0, ['unsigned char']],
+    'SelectionGeneration' : [ 0x1f4, ['unsigned long']],
+    'QosSelection' : [ 0x1f8, ['array', 4, ['_PERF_CONTROL_STATE_SELECTION']]],
+    'PerfChangeTime' : [ 0x298, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x2a0, ['unsigned long']],
+    'Force' : [ 0x2a4, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0xa8, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x8, ['unsigned long long']],
+    'DummyPagePfn' : [ 0x10, ['pointer64', ['_MMPFN']]],
+    'DummyPage' : [ 0x18, ['unsigned long long']],
+    'PageOfZeroes' : [ 0x20, ['unsigned long long']],
+    'ZeroMapping' : [ 0x28, ['pointer64', ['void']]],
+    'OnesMapping' : [ 0x30, ['pointer64', ['void']]],
+    'ZeroCrc' : [ 0x38, ['unsigned long long']],
+    'OnesCrc' : [ 0x40, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x48, ['array', 4, ['unsigned long long']]],
+    'PfnGapFrames' : [ 0x68, ['array', 4, ['unsigned long long']]],
+    'PageTableOfZeroes' : [ 0x88, ['unsigned long long']],
+    'PdeOfZeroes' : [ 0x90, ['_MMPTE']],
+    'PageTableOfOnes' : [ 0x98, ['unsigned long long']],
+    'PdeOfOnes' : [ 0xa0, ['_MMPTE']],
+} ],
+  '_HAL_HV_DMA_DOMAIN_INFO' : [ 0x8, {
+    'DomainId' : [ 0x0, ['unsigned long']],
+    'IsStage1' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x10, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+} ],
+  '_SUPPORTED_RANGES' : [ 0xc0, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Sorted' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'NoIO' : [ 0x4, ['unsigned long']],
+    'IO' : [ 0x8, ['_SUPPORTED_RANGE']],
+    'NoMemory' : [ 0x30, ['unsigned long']],
+    'Memory' : [ 0x38, ['_SUPPORTED_RANGE']],
+    'NoPrefetchMemory' : [ 0x60, ['unsigned long']],
+    'PrefetchMemory' : [ 0x68, ['_SUPPORTED_RANGE']],
+    'NoDma' : [ 0x90, ['unsigned long']],
+    'Dma' : [ 0x98, ['_SUPPORTED_RANGE']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DEVICE_OBJECT_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'TagCount' : [ 0x8, ['unsigned long']],
+    'OperationCode' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+    'Devices' : [ 0x10, ['array', 1, ['_DEVICE_OBJECT_LIST_ENTRY']]],
+} ],
+  '_DEBUG_TRANSPORT_DATA' : [ 0x8, {
+    'HwContextSize' : [ 0x0, ['unsigned long']],
+    'UseSerialFraming' : [ 0x4, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x5, ['unsigned char']],
+    'USBCoreId' : [ 0x6, ['unsigned char']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_HAL_HV_SVM_DEVICE_CAPABILITIES' : [ 0xc, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PciExecute' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 31, native_type='unsigned long')]],
+    'OverflowPossible' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'PasidCount' : [ 0x4, ['unsigned long']],
+    'IommuIndex' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Lock' : [ 0x20, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x38, ['pointer64', ['void']]],
+    'Enabled' : [ 0x40, ['unsigned char']],
+    'ActiveEngaged' : [ 0x41, ['unsigned char']],
+    'ThrottleLimit' : [ 0x42, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x43, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x48, ['pointer64', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Interface' : [ 0x58, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '__unnamed_2f04' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x58, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x8, ['__unnamed_2f04']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x10, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+    'PoolTagHash' : [ 0xa, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x148, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+    'UserPresencePredictionEnabled' : [ 0x140, ['unsigned long']],
+    'AirplaneModeEnabled' : [ 0x144, ['unsigned char']],
+    'BluetoothDeviceCharging' : [ 0x145, ['unsigned char']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_2f17' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_2f17']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_HAL_IOMMU_DISPATCH' : [ 0x98, {
+    'HalIommuSupportEnabled' : [ 0x0, ['pointer64', ['void']]],
+    'HalIommuGetConfiguration' : [ 0x8, ['pointer64', ['void']]],
+    'HalIommuGetLibraryContext' : [ 0x10, ['pointer64', ['void']]],
+    'HalIommuMapDevice' : [ 0x18, ['pointer64', ['void']]],
+    'HalIommuEnableDevicePasid' : [ 0x20, ['pointer64', ['void']]],
+    'HalIommuSetAddressSpace' : [ 0x28, ['pointer64', ['void']]],
+    'HalIommuDisableDevicePasid' : [ 0x30, ['pointer64', ['void']]],
+    'HalIommuUnmapDevice' : [ 0x38, ['pointer64', ['void']]],
+    'HalIommuFreeLibraryContext' : [ 0x40, ['pointer64', ['void']]],
+    'HalIommuFlushTb' : [ 0x48, ['pointer64', ['void']]],
+    'HalIommuFlushAllPasid' : [ 0x50, ['pointer64', ['void']]],
+    'HalIommuProcessPageRequestQueue' : [ 0x58, ['pointer64', ['void']]],
+    'HalIommuFaultRoutine' : [ 0x60, ['pointer64', ['void']]],
+    'HalIommuReferenceAsid' : [ 0x68, ['pointer64', ['void']]],
+    'HalIommuDereferenceAsid' : [ 0x70, ['pointer64', ['void']]],
+    'HalIommuServicePageFault' : [ 0x78, ['pointer64', ['void']]],
+    'HalIommuDevicePowerChange' : [ 0x80, ['pointer64', ['void']]],
+    'HalIommuBeginDeviceReset' : [ 0x88, ['pointer64', ['void']]],
+    'HalIommuFinalizeDeviceReset' : [ 0x90, ['pointer64', ['void']]],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0xb0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Timer' : [ 0x10, ['_KTIMER']],
+    'Dpc' : [ 0x50, ['_KDPC']],
+    'WorkOrder' : [ 0x90, ['pointer64', ['_POP_FX_WORK_ORDER']]],
+    'CurrentWorkInfo' : [ 0x98, ['pointer64', ['_PEP_WORK_INFORMATION']]],
+    'WatchdogStart' : [ 0xa0, ['unsigned long long']],
+    'WorkerThread' : [ 0xa8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '__unnamed_2f4b' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_2f4b']],
+} ],
+  '__unnamed_2f4f' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2f53' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2f55' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2f57' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2f59' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_2f5b' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2f5d' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2f5f' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2f61' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2f63' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2f65' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2f67' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_2f4f']],
+    'Memory' : [ 0x0, ['__unnamed_2f4f']],
+    'Interrupt' : [ 0x0, ['__unnamed_2f53']],
+    'Dma' : [ 0x0, ['__unnamed_2f55']],
+    'DmaV3' : [ 0x0, ['__unnamed_2f57']],
+    'Generic' : [ 0x0, ['__unnamed_2f4f']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2f59']],
+    'BusNumber' : [ 0x0, ['__unnamed_2f5b']],
+    'ConfigData' : [ 0x0, ['__unnamed_2f5d']],
+    'Memory40' : [ 0x0, ['__unnamed_2f5f']],
+    'Memory48' : [ 0x0, ['__unnamed_2f61']],
+    'Memory64' : [ 0x0, ['__unnamed_2f63']],
+    'Connection' : [ 0x0, ['__unnamed_2f65']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_2f67']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x50, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
+    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x30, ['unsigned short']],
+    'ReplyIndex' : [ 0x32, ['unsigned short']],
+    'Flags' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UseSlabAllocators' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ZeroPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x60, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '__unnamed_2f84' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_2f86' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_2f84']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_2f86']],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '__unnamed_2f90' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x108, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_2f90']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
+    'ByteCount' : [ 0x88, ['unsigned long']],
+    'ChargedPages' : [ 0x8c, ['unsigned long']],
+    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'Partition' : [ 0xc0, ['pointer64', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xd0, ['_MDL']],
+    'Page' : [ 0x100, ['array', 1, ['unsigned long long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x20, ['unsigned char']],
+    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
+    'OplockState' : [ 0x90, ['unsigned long']],
+    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
+} ],
+  '_HAL_HV_SVM_SYSTEM_CAPABILITIES' : [ 0x18, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GpaAlwaysValid' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MaxPasidSpaceCount' : [ 0x4, ['unsigned long']],
+    'MaxPasidSpacePasidCount' : [ 0x8, ['unsigned long']],
+    'MaxPrqSize' : [ 0xc, ['unsigned long']],
+    'IommuCount' : [ 0x10, ['unsigned long']],
+    'MinIommuPasidCount' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2f9b' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2f9c' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2f9b']],
+    'Merged' : [ 0x10, ['__unnamed_2f9c']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2fa0' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2fa2' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2fa4' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2fa6' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_2fa4']],
+    'Translated' : [ 0x0, ['__unnamed_2fa2']],
+} ],
+  '__unnamed_2fa8' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2faa' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_2fac' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2fae' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2fb0' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2fb2' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2fb4' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2fb6' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_2fa0']],
+    'Port' : [ 0x0, ['__unnamed_2fa0']],
+    'Interrupt' : [ 0x0, ['__unnamed_2fa2']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2fa6']],
+    'Memory' : [ 0x0, ['__unnamed_2fa0']],
+    'Dma' : [ 0x0, ['__unnamed_2fa8']],
+    'DmaV3' : [ 0x0, ['__unnamed_2faa']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2f59']],
+    'BusNumber' : [ 0x0, ['__unnamed_2fac']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_2fae']],
+    'Memory40' : [ 0x0, ['__unnamed_2fb0']],
+    'Memory48' : [ 0x0, ['__unnamed_2fb2']],
+    'Memory64' : [ 0x0, ['__unnamed_2fb4']],
+    'Connection' : [ 0x0, ['__unnamed_2f65']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2fb6']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0xc40, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x40, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x50, ['pointer64', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x58, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x90, ['unsigned long long']],
+    'SizeOfPagedPoolInPages' : [ 0x98, ['unsigned long long']],
+    'SystemPteInfo' : [ 0xa0, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0x100, ['unsigned long long']],
+    'SmallNonPagedPtesCommit' : [ 0x108, ['unsigned long long']],
+    'BootCommit' : [ 0x110, ['unsigned long long']],
+    'MdlPagesAllocated' : [ 0x118, ['unsigned long long']],
+    'SystemPageTableCommit' : [ 0x120, ['unsigned long long']],
+    'SpecialPagesInUse' : [ 0x128, ['unsigned long long']],
+    'ProcessCommit' : [ 0x130, ['unsigned long long']],
+    'DriverCommit' : [ 0x138, ['long']],
+    'PfnDatabaseCommit' : [ 0x140, ['unsigned long long']],
+    'SystemWs' : [ 0x180, ['array', 6, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x800, ['_MMSUPPORT_SHARED']],
+    'AggregateSystemWs' : [ 0x880, ['array', 1, ['_MMSUPPORT_AGGREGATION']]],
+    'MapCacheFailures' : [ 0x8a0, ['unsigned long']],
+    'PagefileHashPages' : [ 0x8a8, ['unsigned long long']],
+    'PteHeader' : [ 0x8b0, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x9c8, ['pointer64', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x9d0, ['array', 16, ['unsigned long long']]],
+    'SystemVaType' : [ 0xa50, ['array', 256, ['unsigned char']]],
+    'SystemVaRegions' : [ 0xb50, ['array', 14, ['_MI_SYSTEM_VA_ASSIGNMENT']]],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xf0, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+    'Xcr0' : [ 0xd8, ['unsigned long long']],
+    'MsrFsBase' : [ 0xe0, ['unsigned long long']],
+    'SpecialPadding0' : [ 0xe8, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x48, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x90, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x38, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long']],
+    'LargeViews' : [ 0x6c, ['unsigned long']],
+    'ProtosNode' : [ 0x70, ['_MI_PROTOTYPE_PTES_NODE']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x138, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastResponsivenessEvents' : [ 0x18, ['unsigned long']],
+    'LastPerfCheckSnap' : [ 0x20, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x78, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xd0, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x128, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x12c, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x130, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x132, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x133, ['unsigned char']],
+    'CurrentResponsivenessEvents' : [ 0x134, ['unsigned long']],
+} ],
+  '_MI_HARD_FAULT_STATE' : [ 0x10, {
+    'SwapPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'StoreFlags' : [ 0x8, ['_MI_STORE_INPAGE_COMPLETE_FLAGS']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_PEB32' : [ 0x480, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'SharedData' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['unsigned long']],
+    'FlsListHead' : [ 0x210, ['LIST_ENTRY32']],
+    'FlsBitmap' : [ 0x218, ['unsigned long']],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pUnused' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['LIST_ENTRY32']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['unsigned long']]],
+    'TelemetryCoverageHeader' : [ 0x45c, ['unsigned long']],
+    'CloudFileFlags' : [ 0x460, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x464, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x468, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x469, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x470, ['unsigned long']],
+    'LeapSecondFlags' : [ 0x474, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x474, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x474, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x478, ['unsigned long']],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1d8, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x1b0, ['_LIST_ENTRY']],
+    'Status' : [ 0x1c0, ['long']],
+    'FailedDevice' : [ 0x1c8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1d0, ['unsigned char']],
+    'Cancelled' : [ 0x1d1, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1d2, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1d3, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1d4, ['unsigned char']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x98, {
+    'FileName' : [ 0x0, ['pointer64', ['wchar']]],
+    'BaseName' : [ 0x8, ['pointer64', ['wchar']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['wchar']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+    'FilePath' : [ 0x88, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x180, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+    'Flags' : [ 0x178, ['unsigned long']],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'HitCount' : [ 0x18, ['unsigned long long']],
+    'LastActivationTime' : [ 0x20, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x28, ['unsigned long long']],
+    'CsActivationTime' : [ 0x30, ['unsigned long long']],
+    'CsActiveTime' : [ 0x38, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x38, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HAL_CLOCK_TIMER_CONFIGURATION' : [ 0x20, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'AlwaysOnTimer' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'HighLatency' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PerCpuTimer' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DynamicTickSupported' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'KnownType' : [ 0x4, ['unsigned long']],
+    'Capabilities' : [ 0x8, ['unsigned long']],
+    'MaxIncrement' : [ 0x10, ['unsigned long long']],
+    'MinIncrement' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_DEBUGID_TRACKING_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x10, ['unsigned char']],
+    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0x14, ['unsigned long']],
+    'DebugId' : [ 0x18, ['_CVDD']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'Event' : [ 0x18, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x48, {
+    'Parent' : [ 0x0, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x8, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x10, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0x18, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x20, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x50, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ControlAreaDeleteListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'UnusedSegmentDeleteListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'PagefileExtensionListHead' : [ 0x40, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_3025' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x7c0, {
+    'FreeLargePages' : [ 0x0, ['array', 3, ['_MI_FREE_LARGE_PAGES']]],
+    'LargePageRebuildTimer' : [ 0x330, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'StandbyPageList' : [ 0x358, ['array', 4, ['array', 8, ['_MMPFNLIST_SHORT']]]],
+    'FreePageListHeadsBitmap' : [ 0x680, ['array', 2, ['_RTL_BITMAP']]],
+    'FreePageListHeadsBitmapBuffer' : [ 0x6a0, ['array', 16, ['unsigned long']]],
+    'FreeCount' : [ 0x6e0, ['array', 2, ['unsigned long long']]],
+    'TotalPages' : [ 0x6f0, ['array', 4, ['unsigned long long']]],
+    'TotalPagesEntireNode' : [ 0x710, ['unsigned long long']],
+    'MmShiftedColor' : [ 0x718, ['unsigned long']],
+    'Color' : [ 0x71c, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x720, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'Flags' : [ 0x760, ['__unnamed_3025']],
+    'NodeLock' : [ 0x768, ['_EX_PUSH_LOCK']],
+    'ZeroThreadHugeMapLock' : [ 0x770, ['unsigned long long']],
+    'LargeListMoveInProgress' : [ 0x778, ['unsigned char']],
+    'ChannelStatus' : [ 0x779, ['unsigned char']],
+    'ChannelOrdering' : [ 0x77a, ['array', 4, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x77e, ['array', 4, ['unsigned char']]],
+    'PowerAttribute' : [ 0x782, ['array', 4, ['unsigned char']]],
+    'LargePageLock' : [ 0x788, ['unsigned long long']],
+    'PageColorTable' : [ 0x790, ['_MI_PAGE_COLORS']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION' : [ 0xc0, {
+    'ValidBits' : [ 0x0, ['_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS']],
+    'ProcessorType' : [ 0x8, ['unsigned char']],
+    'InstructionSet' : [ 0x9, ['unsigned char']],
+    'ErrorType' : [ 0xa, ['unsigned char']],
+    'Operation' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned char']],
+    'Level' : [ 0xd, ['unsigned char']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'CPUVersion' : [ 0x10, ['unsigned long long']],
+    'CPUBrandString' : [ 0x18, ['array', 128, ['unsigned char']]],
+    'ProcessorId' : [ 0x98, ['unsigned long long']],
+    'TargetAddress' : [ 0xa0, ['unsigned long long']],
+    'RequesterId' : [ 0xa8, ['unsigned long long']],
+    'ResponderId' : [ 0xb0, ['unsigned long long']],
+    'InstructionPointer' : [ 0xb8, ['unsigned long long']],
+} ],
+  '_MI_HYPER_SPACE' : [ 0x10804000, {
+    'VadBitmap' : [ 0x0, ['array', 268435456, ['unsigned char']]],
+    'PageDirectoryCommitmentBitmap' : [ 0x10000000, ['array', 16384, ['unsigned char']]],
+    'PageTableCommitmentBitmap' : [ 0x10004000, ['array', 8388608, ['unsigned char']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['long']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DeviceNode' : [ 0x30, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_DOMAIN_CONFIGURATION_ARM64' : [ 0x20, {
+    'Ttbr0' : [ 0x0, ['_LARGE_INTEGER']],
+    'Ttbr1' : [ 0x8, ['_LARGE_INTEGER']],
+    'Mair0' : [ 0x10, ['unsigned long']],
+    'Mair1' : [ 0x14, ['unsigned long']],
+    'InputSize0' : [ 0x18, ['unsigned char']],
+    'InputSize1' : [ 0x19, ['unsigned char']],
+    'CoherentTableWalks' : [ 0x1a, ['unsigned char']],
+    'TranslationEnabled' : [ 0x1b, ['unsigned char']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0x190, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x10, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x40, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x70, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedBitMapMaximum' : [ 0xb0, ['unsigned long long']],
+    'DynamicBitMapNonPagedPool' : [ 0xb8, ['_MI_DYNAMIC_BITMAP']],
+    'NonPagedPoolLowestPage' : [ 0x100, ['unsigned long long']],
+    'NonPagedPoolHighestPage' : [ 0x108, ['unsigned long long']],
+    'AllocatedNonPagedPool' : [ 0x110, ['unsigned long long']],
+    'PartialLargePoolRegions' : [ 0x118, ['unsigned long long']],
+    'PagesInPartialLargePoolRegions' : [ 0x120, ['unsigned long long']],
+    'CachedNonPagedPoolCount' : [ 0x128, ['unsigned long long']],
+    'NonPagedPoolSpinLock' : [ 0x130, ['unsigned long long']],
+    'CachedNonPagedPool' : [ 0x138, ['pointer64', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x140, ['pointer64', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x148, ['pointer64', ['void']]],
+    'NonPagedBitMap' : [ 0x150, ['array', 3, ['_RTL_BITMAP_EX']]],
+    'NonPagedHint' : [ 0x180, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PROC_PERF_QOS_CLASS_POLICY' : [ 0x1c, {
+    'MaxPolicyPercent' : [ 0x0, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x4, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x8, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0xc, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x10, ['unsigned long']],
+    'ProvideGuidance' : [ 0x14, ['unsigned char']],
+    'AllowThrottling' : [ 0x15, ['unsigned char']],
+    'PerfBoostMode' : [ 0x16, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x17, ['unsigned char']],
+    'TrackDesiredCrossClass' : [ 0x18, ['unsigned char']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long long']],
+    'BadPagesDetected' : [ 0x8, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
+    'ScrubPasses' : [ 0x10, ['long']],
+    'ScrubBadPagesFound' : [ 0x14, ['long']],
+    'PageHashErrors' : [ 0x18, ['unsigned long']],
+    'FeatureBits' : [ 0x20, ['unsigned long long']],
+    'TimeZoneId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x28, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x20, ['unsigned char']],
+    'RebuildActive' : [ 0x21, ['unsigned char']],
+    'NextPassDelta' : [ 0x22, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x23, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x68, {
+    'IoPfnLock' : [ 0x0, ['long']],
+    'IoPfnRoot' : [ 0x8, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x20, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x30, ['unsigned long']],
+    'IoCacheStats' : [ 0x38, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x60, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0xd60, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x18, ['pointer64', ['void']]],
+    'EmInfFileSize' : [ 0x20, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x28, ['pointer64', ['void']]],
+    'HeadlessLoaderBlock' : [ 0x30, ['pointer64', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x38, ['pointer64', ['_SMBIOS3_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x40, ['pointer64', ['void']]],
+    'DrvDBSize' : [ 0x48, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x50, ['pointer64', ['_NETWORK_LOADER_BLOCK']]],
+    'FirmwareDescriptorListHead' : [ 0x58, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x68, ['pointer64', ['void']]],
+    'AcpiTableSize' : [ 0x70, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardStrongCodeGuarantees' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SidSharingDisabled' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'TpmInitialized' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'VsmConfigured' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IumEnabled' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'IsSmbboot' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BootLogEnabled' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DriverVerifierEnabled' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Unused' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 21, native_type='unsigned long')]],
+    'FeatureSimulations' : [ 0x74, ['BitField', dict(start_bit = 21, end_bit = 27, native_type='unsigned long')]],
+    'MicrocodeSelfHosting' : [ 0x74, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'XhciLegacyHandoffSkip' : [ 0x74, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisableInsiderOptInHVCI' : [ 0x74, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'MicrocodeMinVerSupported' : [ 0x74, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'GpuIommuEnabled' : [ 0x74, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x78, ['_LOADER_PERFORMANCE_DATA']],
+    'BootApplicationPersistentData' : [ 0xc0, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0xd0, ['pointer64', ['void']]],
+    'BootIdentifier' : [ 0xd8, ['_GUID']],
+    'ResumePages' : [ 0xe8, ['unsigned long']],
+    'DumpHeader' : [ 0xf0, ['pointer64', ['void']]],
+    'BgContext' : [ 0xf8, ['pointer64', ['void']]],
+    'NumaLocalityInfo' : [ 0x100, ['pointer64', ['void']]],
+    'NumaGroupAssignment' : [ 0x108, ['pointer64', ['void']]],
+    'AttachedHives' : [ 0x110, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0x120, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0x128, ['pointer64', ['void']]],
+    'BootEntropyResult' : [ 0x130, ['_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0x998, ['unsigned long long']],
+    'HypervisorExtension' : [ 0x9a0, ['_LOADER_PARAMETER_HYPERVISOR_EXTENSION']],
+    'HardwareConfigurationId' : [ 0x9e0, ['_GUID']],
+    'HalExtensionModuleList' : [ 0x9f0, ['_LIST_ENTRY']],
+    'SystemTime' : [ 0xa00, ['_LARGE_INTEGER']],
+    'TimeStampAtSystemTimeRead' : [ 0xa08, ['unsigned long long']],
+    'BootFlags' : [ 0xa10, ['unsigned long long']],
+    'DbgMenuOsSelection' : [ 0xa10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgHiberBoot' : [ 0xa10, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgSoftRestart' : [ 0xa10, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'DbgMeasuredLaunch' : [ 0xa10, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'InternalBootFlags' : [ 0xa18, ['unsigned long long']],
+    'DbgUtcBootTime' : [ 0xa18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgRtcBootTime' : [ 0xa18, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgNoLegacyServices' : [ 0xa18, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WfsFPData' : [ 0xa20, ['pointer64', ['void']]],
+    'WfsFPDataSize' : [ 0xa28, ['unsigned long']],
+    'BugcheckParameters' : [ 0xa30, ['_LOADER_BUGCHECK_PARAMETERS']],
+    'ApiSetSchema' : [ 0xa58, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0xa60, ['unsigned long']],
+    'ApiSetSchemaExtensions' : [ 0xa68, ['_LIST_ENTRY']],
+    'AcpiBiosVersion' : [ 0xa78, ['_UNICODE_STRING']],
+    'SmbiosVersion' : [ 0xa88, ['_UNICODE_STRING']],
+    'EfiVersion' : [ 0xa98, ['_UNICODE_STRING']],
+    'KdDebugDevice' : [ 0xaa8, ['pointer64', ['_DEBUG_DEVICE_DESCRIPTOR']]],
+    'OfflineCrashdumpConfigurationTable' : [ 0xab0, ['_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2']],
+    'ManufacturingProfile' : [ 0xad0, ['_UNICODE_STRING']],
+    'BbtBuffer' : [ 0xae0, ['pointer64', ['void']]],
+    'XsaveAllowedFeatures' : [ 0xae8, ['unsigned long long']],
+    'XsaveFlags' : [ 0xaf0, ['unsigned long']],
+    'BootOptions' : [ 0xaf8, ['pointer64', ['void']]],
+    'IumEnablement' : [ 0xb00, ['unsigned long']],
+    'IumPolicy' : [ 0xb04, ['unsigned long']],
+    'IumStatus' : [ 0xb08, ['long']],
+    'BootId' : [ 0xb0c, ['unsigned long']],
+    'CodeIntegrityData' : [ 0xb10, ['pointer64', ['_LOADER_PARAMETER_CI_EXTENSION']]],
+    'CodeIntegrityDataSize' : [ 0xb18, ['unsigned long']],
+    'SystemHiveRecoveryInfo' : [ 0xb1c, ['_LOADER_HIVE_RECOVERY_INFO']],
+    'SoftRestartCount' : [ 0xb30, ['unsigned long']],
+    'SoftRestartTime' : [ 0xb38, ['long long']],
+    'HypercallCodeVa' : [ 0xb40, ['pointer64', ['void']]],
+    'HalVirtualAddress' : [ 0xb48, ['pointer64', ['void']]],
+    'HalNumberOfBytes' : [ 0xb50, ['unsigned long long']],
+    'LeapSecondData' : [ 0xb58, ['pointer64', ['_LEAP_SECOND_DATA']]],
+    'MajorRelease' : [ 0xb60, ['unsigned long']],
+    'Reserved1' : [ 0xb64, ['unsigned long']],
+    'NtBuildLab' : [ 0xb68, ['array', 224, ['unsigned char']]],
+    'NtBuildLabEx' : [ 0xc48, ['array', 224, ['unsigned char']]],
+    'ResetReason' : [ 0xd28, ['_LOADER_RESET_REASON']],
+    'MaxPciBusNumber' : [ 0xd58, ['unsigned long']],
+    'FeatureSettings' : [ 0xd5c, ['unsigned long']],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0x18, {
+    'AnsiCodePageData' : [ 0x0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0x8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x20, {
+    'CurrentCharges' : [ 0x0, ['unsigned long long']],
+    'ChargeFailures' : [ 0x8, ['unsigned long long']],
+    'ChargePeak' : [ 0x10, ['unsigned long long']],
+    'ChargeMinimum' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_3082' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x58, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ProtosNode' : [ 0x18, ['_MI_PROTOTYPE_PTES_NODE']],
+    'NumberOfPtes' : [ 0x38, ['unsigned long long']],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'Subsection' : [ 0x40, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x48, ['pointer64', ['_MMPTE']]],
+    'u2' : [ 0x50, ['__unnamed_3082']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x40, {
+    'PagesLoad' : [ 0x0, ['long long']],
+    'PagesAverage' : [ 0x8, ['unsigned long long']],
+    'AverageAvailablePages' : [ 0x10, ['unsigned long long']],
+    'PagesWritten' : [ 0x18, ['unsigned long long']],
+    'WritesIssued' : [ 0x20, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x24, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x28, ['unsigned long']],
+    'WriteBurstCount' : [ 0x2c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x30, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x38, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x3e, ['unsigned short']],
+} ],
+  '_MACHINE_FRAME' : [ 0x28, {
+    'Rip' : [ 0x0, ['unsigned long long']],
+    'SegCs' : [ 0x8, ['unsigned short']],
+    'Fill1' : [ 0xa, ['array', 3, ['unsigned short']]],
+    'EFlags' : [ 0x10, ['unsigned long']],
+    'Fill2' : [ 0x14, ['unsigned long']],
+    'Rsp' : [ 0x18, ['unsigned long long']],
+    'SegSs' : [ 0x20, ['unsigned short']],
+    'Fill3' : [ 0x22, ['array', 3, ['unsigned short']]],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_INFORMATION' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['_HAL_UNMASKED_INTERRUPT_FLAGS']],
+    'Mode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Gsiv' : [ 0x10, ['unsigned long']],
+    'PinNumber' : [ 0x14, ['unsigned short']],
+    'DeviceHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_FAKE_HEAP_ENTRY' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'PreviousSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x44, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'NoPageTablesAllowed' : [ 0x3c, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x40, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '_LOADER_BUGCHECK_PARAMETERS' : [ 0x28, {
+    'BugcheckCode' : [ 0x0, ['unsigned long']],
+    'BugcheckParameter1' : [ 0x8, ['unsigned long long']],
+    'BugcheckParameter2' : [ 0x10, ['unsigned long long']],
+    'BugcheckParameter3' : [ 0x18, ['unsigned long long']],
+    'BugcheckParameter4' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_FX_DRIPS_WATCHDOG_CONTEXT' : [ 0x28, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'ComponentIndex' : [ 0x10, ['unsigned long']],
+    'ChildDevices' : [ 0x18, ['pointer64', ['pointer64', ['_DEVICE_NODE']]]],
+    'ChildDeviceCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_SUPPORTED_RANGE' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_SUPPORTED_RANGE']]],
+    'SystemAddressSpace' : [ 0x8, ['unsigned long']],
+    'SystemBase' : [ 0x10, ['long long']],
+    'Base' : [ 0x18, ['long long']],
+    'Limit' : [ 0x20, ['long long']],
+} ],
+  '__unnamed_30b1' : [ 0x8, {
+    'NumberOfEntries' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long long')]],
+    'Va' : [ 0x0, ['pointer64', ['void']]],
+    'VaLong' : [ 0x0, ['unsigned long long']],
+} ],
+  '_KTB_FLUSH_VA' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_30b1']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x50, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0x18, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x1c, ['unsigned long']],
+    'LowestLink' : [ 0x20, ['unsigned long']],
+    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
+    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x48, ['unsigned long']],
+} ],
+  '_MI_PAGE_COLORS' : [ 0x10, {
+    'PageSize' : [ 0x0, ['array', 4, ['unsigned long']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x178, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
+    'StorageInfo' : [ 0x110, ['pointer64', ['void']]],
+    'UseStorageInfo' : [ 0x118, ['unsigned char']],
+    'PointersLength' : [ 0x11c, ['unsigned long']],
+    'ModulePrefix' : [ 0x120, ['pointer64', ['wchar']]],
+    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x138, ['_STRING']],
+    'ProgMsg' : [ 0x148, ['_STRING']],
+    'DoneMsg' : [ 0x158, ['_STRING']],
+    'FileObject' : [ 0x168, ['pointer64', ['void']]],
+    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_PNP_WATCHDOG' : [ 0xd8, {
+    'WatchdogStart' : [ 0x0, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x8, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'WatchdogEnabled' : [ 0x88, ['unsigned char']],
+    'WatchdogSecondChance' : [ 0x89, ['unsigned char']],
+    'WatchdogComplete' : [ 0x90, ['_KEVENT']],
+    'WatchdogWorkItem' : [ 0xa8, ['_WORK_QUEUE_ITEM']],
+    'WatchdogContextType' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {1: u'PNP_EVENT_WORKER_WATCHDOG', 2: u'PNP_DEVICE_COMPLETION_QUEUE_WATCHDOG', 3: u'PNP_DELAYED_REMOVE_WORKER_WATCHDOG'})]],
+    'WatchdogContext' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RTL_RETPOLINE_ROUTINES' : [ 0x4c, {
+    'SwitchtableJump' : [ 0x0, ['array', 16, ['unsigned long']]],
+    'CfgIndirectRax' : [ 0x40, ['unsigned long']],
+    'NonCfgIndirectRax' : [ 0x44, ['unsigned long']],
+    'ImportR10' : [ 0x48, ['unsigned long']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['unsigned long']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x10, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_FAULT_CONFIGURATION' : [ 0x10, {
+    'FaultHandler' : [ 0x0, ['pointer64', ['void']]],
+    'FaultContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x38, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0x18, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x520, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x508, ['unsigned long']],
+    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x510, ['unsigned long']],
+    'YieldCount' : [ 0x514, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x38, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_INPUT_MAPPING_ELEMENT' : [ 0x4, {
+    'InputMappingId' : [ 0x0, ['unsigned long']],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_30eb' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_30ed' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_30ef' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_30f1' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_30f3' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_30f5' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_30f7' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_30f9' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_30fb' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_30fd' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_30eb']],
+    'TargetDevice' : [ 0x0, ['__unnamed_30ed']],
+    'InstallDevice' : [ 0x0, ['__unnamed_30ed']],
+    'CustomNotification' : [ 0x0, ['__unnamed_30ef']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_30f1']],
+    'PowerNotification' : [ 0x0, ['__unnamed_30f3']],
+    'VetoNotification' : [ 0x0, ['__unnamed_30f5']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_30f7']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_30f9']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_30fb']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_30ed']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_30ed']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_30fd']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ProcessorType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'InstructionSet' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Operation' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Flags' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Level' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'CPUVersion' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'CPUBrandString' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'ProcessorId' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'TargetAddress' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'InstructionPointer' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'AllStacksInUse' : [ 0x1c, ['unsigned long']],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0x10, {
+    'CommonDataArea' : [ 0x0, ['pointer64', ['void']]],
+    'MachineType' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_310e' : [ 0x8, {
+    'Pch' : [ 0x0, ['unsigned char']],
+    'EmbeddedController' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 6, ['unsigned char']]],
+} ],
+  '__unnamed_3110' : [ 0x8, {
+    'Component' : [ 0x0, ['__unnamed_310e']],
+    'AsULONG64' : [ 0x0, ['unsigned long long']],
+    'AsBytes' : [ 0x0, ['array', 8, ['unsigned char']]],
+} ],
+  '_LOADER_RESET_REASON' : [ 0x30, {
+    'Supplied' : [ 0x0, ['unsigned char']],
+    'Basic' : [ 0x8, ['__unnamed_3110']],
+    'AdditionalInfo' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'MpnId' : [ 0x8, ['unsigned short']],
+    'Node' : [ 0xa, ['unsigned short']],
+    'Channel' : [ 0xc, ['unsigned short']],
+    'IsPowerManageable' : [ 0xe, ['unsigned char']],
+    'DeepPowerState' : [ 0xf, ['unsigned char']],
+} ],
+  '_LOADER_HIVE_RECOVERY_INFO' : [ 0x14, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LegacyRecovery' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SoftRebootConflict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MostRecentLog' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'LogNextSequence' : [ 0x8, ['unsigned long']],
+    'LogMinimumSequence' : [ 0xc, ['unsigned long']],
+    'LogCurrentOffset' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_3121' : [ 0x38, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x40, {
+    'FirmwareTypeUefi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EfiRuntimeUseIum' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EfiRuntimePageProtectionSupported' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_3121']],
+} ],
+  '__unnamed_3125' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Consumed' : [ 0x8, ['unsigned char']],
+    'ErrorCode' : [ 0xa, ['unsigned short']],
+    'ErrorIpValid' : [ 0xc, ['unsigned char']],
+    'RestartIpValid' : [ 0xd, ['unsigned char']],
+} ],
+  '_WHEA_RECOVERY_CONTEXT' : [ 0x20, {
+    'MemoryError' : [ 0x0, ['__unnamed_3125']],
+    'PartitionId' : [ 0x10, ['unsigned long long']],
+    'VpIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x80, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'PlatformCap' : [ 0x10, ['unsigned long']],
+    'ThermalCap' : [ 0x14, ['unsigned long']],
+    'LimitReasons' : [ 0x18, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x20, ['unsigned long long']],
+    'ProcCap' : [ 0x28, ['unsigned long']],
+    'ProcFloor' : [ 0x2c, ['unsigned long']],
+    'TargetPercent' : [ 0x30, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x34, ['unsigned char']],
+    'ResponsivenessChangeCount' : [ 0x35, ['unsigned char']],
+    'Selection' : [ 0x38, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x60, ['unsigned long']],
+    'PreviousFrequency' : [ 0x64, ['unsigned long']],
+    'PreviousPercent' : [ 0x68, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x6c, ['unsigned long']],
+    'Force' : [ 0x70, ['unsigned char']],
+    'UseQosUpdateLock' : [ 0x71, ['unsigned char']],
+    'QosUpdateLock' : [ 0x78, ['unsigned long long']],
+} ],
+  '_MI_ALIGNED_SLIST' : [ 0x40, {
+    'SList' : [ 0x0, ['_SLIST_HEADER']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x40, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'PciDeviceId' : [ 0x18, ['unsigned short']],
+    'PciVendorId' : [ 0x1a, ['unsigned short']],
+    'PciBusNumber' : [ 0x1c, ['unsigned char']],
+    'PciBusSegment' : [ 0x1e, ['unsigned short']],
+    'PciSlotNumber' : [ 0x20, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x21, ['unsigned char']],
+    'PciFlags' : [ 0x24, ['unsigned long']],
+    'SystemGUID' : [ 0x28, ['_GUID']],
+    'IsMMIODevice' : [ 0x38, ['unsigned char']],
+    'TerminalType' : [ 0x39, ['unsigned char']],
+    'InterfaceType' : [ 0x3a, ['unsigned char']],
+    'RegisterBitWidth' : [ 0x3b, ['unsigned char']],
+    'RegisterAccessSize' : [ 0x3c, ['unsigned char']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'RankNumber' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'CardHandle' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'ModuleHandle' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'ExtendedRow' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'BankGroup' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'BankAddress' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'ChipIdentification' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UserModeOnly' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoInherit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CheckVad' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x420, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
+    'ProcessGroupId' : [ 0x408, ['unsigned long']],
+    'LoaderThreads' : [ 0x40c, ['unsigned long']],
+    'RedirectionDllName' : [ 0x410, ['_UNICODE_STRING']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x28, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long long']],
+    'ActiveCacheMatch' : [ 0x8, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x14, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x1c, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_3147' : [ 0x4, {
+    'PasidMaxWidth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'PasidExePerm' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PasidPrivMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AtsPageAlignedRequest' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AtsGlobalInvalidate' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AtsInvalidateQueueDepth' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 14, native_type='unsigned long')]],
+} ],
+  '_IOMMU_SVM_CAPABILITIES' : [ 0xc, {
+    'AtsCapability' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PriCapability' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PasidCapability' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CapReg' : [ 0x4, ['__unnamed_3147']],
+    'Rsvd' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_3154' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_3156' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_3158' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_3154']],
+    'Gpt' : [ 0x0, ['__unnamed_3156']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
+    'HiberResume' : [ 0x6a, ['unsigned char']],
+    'Reserved1' : [ 0x6b, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_3158']],
+    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
+    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
+    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x38, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ActiveCooling' : [ 0x28, ['pointer64', ['void']]],
+    'PassiveCooling' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PEP_WORK_INFORMATION' : [ 0x40, {
+    'WorkType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepWorkActiveComplete', 1: u'PepWorkRequestIdleState', 2: u'PepWorkDevicePower', 3: u'PepWorkRequestPowerControl', 4: u'PepWorkDeviceIdle', 5: u'PepWorkCompleteIdleState', 6: u'PepWorkCompletePerfState', 7: u'PepWorkAcpiNotify', 8: u'PepWorkAcpiEvaluateControlMethodComplete', 9: u'PepWorkMax'})]],
+    'ActiveComplete' : [ 0x8, ['_PEP_WORK_ACTIVE_COMPLETE']],
+    'IdleState' : [ 0x8, ['_PEP_WORK_IDLE_STATE']],
+    'DevicePower' : [ 0x8, ['_PEP_WORK_DEVICE_POWER']],
+    'PowerControl' : [ 0x8, ['_PEP_WORK_POWER_CONTROL']],
+    'DeviceIdle' : [ 0x8, ['_PEP_WORK_DEVICE_IDLE']],
+    'CompleteIdleState' : [ 0x8, ['_PEP_WORK_COMPLETE_IDLE_STATE']],
+    'CompletePerfState' : [ 0x8, ['_PEP_WORK_COMPLETE_PERF_STATE']],
+    'AcpiNotify' : [ 0x8, ['_PEP_WORK_ACPI_NOTIFY']],
+    'ControlMethodComplete' : [ 0x8, ['_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0xa0, {
+    'Component' : [ 0x0, ['pointer64', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x8, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x30, ['pointer64', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x38, ['unsigned long']],
+    'LastChangeStamp' : [ 0x40, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x48, ['unsigned char']],
+    'PepRegistered' : [ 0x49, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x4a, ['unsigned char']],
+    'RequestDriverContext' : [ 0x50, ['pointer64', ['void']]],
+    'WorkOrder' : [ 0x58, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x90, ['unsigned long']],
+    'Sets' : [ 0x98, ['pointer64', ['_POP_FX_PERF_SET']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_RTL_HP_LFH_CONFIG' : [ 0x4, {
+    'MaxBlockSize' : [ 0x0, ['unsigned short']],
+    'MaxSubsegmentPages' : [ 0x2, ['unsigned short']],
+} ],
+  '_MI_ACCESS_VIOLATION_RANGE' : [ 0x28, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Va' : [ 0x18, ['pointer64', ['void']]],
+    'EndVaInclusive' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE' : [ 0x28, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'CompletionFlags' : [ 0x8, ['unsigned long']],
+    'MethodStatus' : [ 0xc, ['long']],
+    'CompletionContext' : [ 0x10, ['pointer64', ['void']]],
+    'OutputArgumentSize' : [ 0x18, ['unsigned long long']],
+    'OutputArguments' : [ 0x20, ['pointer64', ['_ACPI_METHOD_ARGUMENT_V1']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'AttemptForCantExtend' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'UnusedSegmentDeletion' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileContract' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNLIST_SHORT' : [ 0x18, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Flink' : [ 0x8, ['unsigned long long']],
+    'Blink' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_RESTRICTED_MODWRITES' : [ 0x3, {
+    'MaximumClusterPages' : [ 0x0, ['unsigned char']],
+    'ReducedClusterWrites' : [ 0x1, ['unsigned char']],
+    'ImposeDelay' : [ 0x2, ['unsigned char']],
+} ],
+  '_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'AbnormalResetOccurred' : [ 0x4, ['unsigned long']],
+    'OfflineMemoryDumpCapable' : [ 0x8, ['unsigned long']],
+    'ResetDataAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'ResetDataSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_ACPI_METHOD_ARGUMENT_V1' : [ 0x8, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'DataLength' : [ 0x2, ['unsigned short']],
+    'Argument' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x4, ['array', 1, ['unsigned char']]],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_POP_FX_ACTIVE_TIME_ACCOUNTING' : [ 0x60, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Unattributed' : [ 0x8, ['unsigned long long']],
+    'Buckets' : [ 0x10, ['array', 5, ['unsigned long long']]],
+    'PerBucket' : [ 0x38, ['array', 5, ['unsigned long long']]],
+} ],
+  '_PEP_WORK_ACPI_NOTIFY' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'NotifyCode' : [ 0x8, ['unsigned long']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x28, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0x18, ['_RTL_BITMAP']],
+} ],
+  '_MI_SYSTEM_VA_ASSIGNMENT' : [ 0x10, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
+    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
+    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'CopyTicks' : [ 0x20, ['unsigned long long']],
+    'CompressTicks' : [ 0x28, ['unsigned long long']],
+    'BytesCopied' : [ 0x30, ['unsigned long long']],
+    'PagesProcessed' : [ 0x38, ['unsigned long long']],
+    'DecompressTicks' : [ 0x40, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x78, ['unsigned long']],
+    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
+} ],
+  '_ETW_APC_ENTRY' : [ 0x60, {
+    'SListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'Apc' : [ 0x0, ['_KAPC']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x28, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SystemClass', 1: u'ProcessorClass', 2: u'CacheClass', 3: u'AdapterClass', 4: u'ControllerClass', 5: u'PeripheralClass', 6: u'MemoryClass', 7: u'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ArcSystem', 1: u'CentralProcessor', 2: u'FloatingPointProcessor', 3: u'PrimaryIcache', 4: u'PrimaryDcache', 5: u'SecondaryIcache', 6: u'SecondaryDcache', 7: u'SecondaryCache', 8: u'EisaAdapter', 9: u'TcAdapter', 10: u'ScsiAdapter', 11: u'DtiAdapter', 12: u'MultiFunctionAdapter', 13: u'DiskController', 14: u'TapeController', 15: u'CdromController', 16: u'WormController', 17: u'SerialController', 18: u'NetworkController', 19: u'DisplayController', 20: u'ParallelController', 21: u'PointerController', 22: u'KeyboardController', 23: u'AudioController', 24: u'OtherController', 25: u'DiskPeripheral', 26: u'FloppyDiskPeripheral', 27: u'TapePeripheral', 28: u'ModemPeripheral', 29: u'MonitorPeripheral', 30: u'PrinterPeripheral', 31: u'PointerPeripheral', 32: u'KeyboardPeripheral', 33: u'TerminalPeripheral', 34: u'OtherPeripheral', 35: u'LinePeripheral', 36: u'NetworkPeripheral', 37: u'SystemMemory', 38: u'DockingInformation', 39: u'RealModeIrqRoutingTable', 40: u'RealModePCIEnumeration', 41: u'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer64', ['unsigned char']]],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x58, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'ResponsivenessEvents' : [ 0x50, ['unsigned long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_FLAGS' : [ 0x2, {
+    'SecondaryInterrupt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARM_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x18, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_PEP_WORK_COMPLETE_PERF_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+    'Succeeded' : [ 0xc, ['unsigned char']],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x48, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+    'PreloadEndTime' : [ 0x10, ['unsigned long long']],
+    'TcbLoaderStartTime' : [ 0x18, ['unsigned long long']],
+    'LoadHypervisorTime' : [ 0x20, ['unsigned long long']],
+    'LaunchHypervisorTime' : [ 0x28, ['unsigned long long']],
+    'LoadVsmTime' : [ 0x30, ['unsigned long long']],
+    'LaunchVsmTime' : [ 0x38, ['unsigned long long']],
+    'LoadDriversTime' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MI_FREE_LARGE_PAGES' : [ 0x110, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long long']]],
+    'LargePagesCount' : [ 0x10, ['array', 2, ['array', 2, ['array', 4, ['unsigned long long']]]]],
+    'LargePageEntries' : [ 0x90, ['array', 2, ['array', 2, ['array', 4, ['pointer64', ['_MI_FREE_LARGE_PAGE_LIST']]]]]],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x38, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x8, ['pointer64', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x10, ['long']],
+    'MissedMappingsCount' : [ 0x14, ['unsigned long']],
+    'FirmwareResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'EfiMemoryMap' : [ 0x28, ['pointer64', ['void']]],
+    'EfiMemoryMapSize' : [ 0x30, ['unsigned long']],
+    'EfiMemoryMapDescriptorSize' : [ 0x34, ['unsigned long']],
+} ],
+  '_PEP_WORK_IDLE_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+    'State' : [ 0xc, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_SMBIOS3_TABLE_HEADER' : [ 0x18, {
+    'Signature' : [ 0x0, ['array', 5, ['unsigned char']]],
+    'Checksum' : [ 0x5, ['unsigned char']],
+    'Length' : [ 0x6, ['unsigned char']],
+    'MajorVersion' : [ 0x7, ['unsigned char']],
+    'MinorVersion' : [ 0x8, ['unsigned char']],
+    'Docrev' : [ 0x9, ['unsigned char']],
+    'EntryPointRevision' : [ 0xa, ['unsigned char']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'StructureTableMaximumSize' : [ 0xc, ['unsigned long']],
+    'StructureTableAddress' : [ 0x10, ['unsigned long long']],
+} ],
+  '_LOADER_PARAMETER_CI_EXTENSION' : [ 0x50, {
+    'CodeIntegrityOptions' : [ 0x0, ['unsigned long']],
+    'UpgradeInProgress' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsWinPE' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CustomKernelSignersAllowed' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'WhqlEnforcementDate' : [ 0x8, ['_LARGE_INTEGER']],
+    'RevocationListOffset' : [ 0x10, ['unsigned long']],
+    'RevocationListSize' : [ 0x14, ['unsigned long']],
+    'CodeIntegrityPolicyOffset' : [ 0x18, ['unsigned long']],
+    'CodeIntegrityPolicySize' : [ 0x1c, ['unsigned long']],
+    'CodeIntegrityPolicyHashOffset' : [ 0x20, ['unsigned long']],
+    'CodeIntegrityPolicyHashSize' : [ 0x24, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashOffset' : [ 0x28, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashSize' : [ 0x2c, ['unsigned long']],
+    'WeakCryptoPolicyLoadStatus' : [ 0x30, ['long']],
+    'WeakCryptoPolicyOffset' : [ 0x34, ['unsigned long']],
+    'WeakCryptoPolicySize' : [ 0x38, ['unsigned long']],
+    'SecureBootPolicyOffset' : [ 0x3c, ['unsigned long']],
+    'SecureBootPolicySize' : [ 0x40, ['unsigned long']],
+    'Reserved2' : [ 0x44, ['unsigned long']],
+    'SerializedData' : [ 0x48, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_LDRP_CSLIST' : [ 0x8, {
+    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x70, {
+    'GetTime' : [ 0x0, ['unsigned long long']],
+    'SetTime' : [ 0x8, ['unsigned long long']],
+    'GetWakeupTime' : [ 0x10, ['unsigned long long']],
+    'SetWakeupTime' : [ 0x18, ['unsigned long long']],
+    'SetVirtualAddressMap' : [ 0x20, ['unsigned long long']],
+    'ConvertPointer' : [ 0x28, ['unsigned long long']],
+    'GetVariable' : [ 0x30, ['unsigned long long']],
+    'GetNextVariableName' : [ 0x38, ['unsigned long long']],
+    'SetVariable' : [ 0x40, ['unsigned long long']],
+    'GetNextHighMonotonicCount' : [ 0x48, ['unsigned long long']],
+    'ResetSystem' : [ 0x50, ['unsigned long long']],
+    'UpdateCapsule' : [ 0x58, ['unsigned long long']],
+    'QueryCapsuleCapabilities' : [ 0x60, ['unsigned long long']],
+    'QueryVariableInfo' : [ 0x68, ['unsigned long long']],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_STORE_INPAGE_COMPLETE_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['unsigned long']],
+    'StoreFault' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LowResourceFailure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned long')]],
+    'RemainingPageCount' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_WORK_QUEUE_MANAGER' : [ 0x118, {
+    'Partition' : [ 0x0, ['pointer64', ['_EX_PARTITION']]],
+    'Node' : [ 0x8, ['pointer64', ['_ENODE']]],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'DeadlockTimer' : [ 0x28, ['_KTIMER']],
+    'ReaperEvent' : [ 0x68, ['_KEVENT']],
+    'ReaperTimer' : [ 0x80, ['_KTIMER2']],
+    'ThreadHandle' : [ 0x108, ['pointer64', ['void']]],
+    'ExitThread' : [ 0x110, ['unsigned long']],
+    'ThreadSeed' : [ 0x114, ['unsigned long']],
+} ],
+  '_LOADER_PARAMETER_HYPERVISOR_EXTENSION' : [ 0x40, {
+    'InitialHypervisorCrashdumpAreaPageCount' : [ 0x0, ['unsigned long']],
+    'HypervisorCrashdumpAreaPageCount' : [ 0x4, ['unsigned long']],
+    'InitialHypervisorCrashdumpAreaSpa' : [ 0x8, ['unsigned long long']],
+    'HypervisorCrashdumpAreaSpa' : [ 0x10, ['unsigned long long']],
+    'HypervisorLaunchStatus' : [ 0x18, ['unsigned long long']],
+    'HypervisorLaunchStatusArg1' : [ 0x20, ['unsigned long long']],
+    'HypervisorLaunchStatusArg2' : [ 0x28, ['unsigned long long']],
+    'HypervisorLaunchStatusArg3' : [ 0x30, ['unsigned long long']],
+    'HypervisorLaunchStatusArg4' : [ 0x38, ['unsigned long long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_PEP_WORK_POWER_CONTROL' : [ 0x38, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'PowerControlCode' : [ 0x8, ['pointer64', ['_GUID']]],
+    'RequestContext' : [ 0x10, ['pointer64', ['void']]],
+    'InBuffer' : [ 0x18, ['pointer64', ['void']]],
+    'InBufferSize' : [ 0x20, ['unsigned long long']],
+    'OutBuffer' : [ 0x28, ['pointer64', ['void']]],
+    'OutBufferSize' : [ 0x30, ['unsigned long long']],
+} ],
+  '_PEP_WORK_DEVICE_POWER' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'PowerRequired' : [ 0x8, ['unsigned char']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeFilteredPrivateLogger', 12: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0xc, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+    'TimeDateStamp' : [ 0x8, ['unsigned long']],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x20, {
+    'DHCPServerACK' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x8, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_BOOT_ENTROPY_LDR_RESULT' : [ 0x868, {
+    'maxEntropySources' : [ 0x0, ['unsigned long']],
+    'EntropySourceResult' : [ 0x8, ['array', 10, ['_BOOT_ENTROPY_SOURCE_LDR_RESULT']]],
+    'SeedBytesForCng' : [ 0x418, ['array', 48, ['unsigned char']]],
+    'RngBytesForNtoskrnl' : [ 0x448, ['array', 1024, ['unsigned char']]],
+    'KdEntropy' : [ 0x848, ['array', 32, ['unsigned char']]],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x78, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+    'PreQueryOpen' : [ 0x68, ['pointer64', ['void']]],
+    'PostQueryOpen' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer64', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_FAULT_INFORMATION' : [ 0x30, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'FaultInformationInvalid', 1: u'FaultInformationArm64'})]],
+    'Arm64' : [ 0x8, ['_FAULT_INFORMATION_ARM64']],
+} ],
+  '_PEP_WORK_COMPLETE_IDLE_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PEP_WORK_ACTIVE_COMPLETE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_323b' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['pointer64', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_323d' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x30, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'Unit' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x20, ['__unnamed_323b']],
+    'Range' : [ 0x20, ['__unnamed_323d']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_BOOT_ENTROPY_SOURCE_LDR_RESULT' : [ 0x68, {
+    'SourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceNone', 1: u'BootEntropySourceSeedfile', 2: u'BootEntropySourceExternal', 3: u'BootEntropySourceTpm', 4: u'BootEntropySourceRdrand', 5: u'BootEntropySourceTime', 6: u'BootEntropySourceAcpiOem0', 7: u'BootEntropySourceUefi', 8: u'BootEntropySourceCng', 9: u'BootEntropySourceTcbTpm', 10: u'BootMaxEntropySources'})]],
+    'Policy' : [ 0x8, ['unsigned long long']],
+    'ResultCode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceStructureUninitialized', 1: u'BootEntropySourceDisabledByPolicy', 2: u'BootEntropySourceNotPresent', 3: u'BootEntropySourceError', 4: u'BootEntropySourceSuccess'})]],
+    'ResultStatus' : [ 0x14, ['long']],
+    'Time' : [ 0x18, ['unsigned long long']],
+    'EntropyLength' : [ 0x20, ['unsigned long']],
+    'EntropyData' : [ 0x24, ['array', 64, ['unsigned char']]],
+} ],
+  'POHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_324e' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_3250' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_3256' : [ 0x10, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer64', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_325a' : [ 0x10, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NotifyTypeCreate', 1: u'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x8, ['unsigned char']],
+} ],
+  '__unnamed_325c' : [ 0x20, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileInformation' : [ 0x8, ['pointer64', ['void']]],
+    'Length' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'FileInformationClass' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'CompletionStatus' : [ 0x1c, ['long']],
+} ],
+  '__unnamed_325e' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_324e']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_3250']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_3256']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_325a']],
+    'QueryOpen' : [ 0x0, ['__unnamed_325c']],
+    'Others' : [ 0x0, ['__unnamed_325e']],
+} ],
+  '_FAULT_INFORMATION_ARM64' : [ 0x28, {
+    'DomainHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FaultAddress' : [ 0x8, ['pointer64', ['void']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InputMappingId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['_FAULT_INFORMATION_ARM64_FLAGS']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'UnsupportedUpstreamTransaction', 1: u'AddressSizeFault', 2: u'TlbMatchConflict', 3: u'ExternalFault', 4: u'PermissionFault', 5: u'AccessFlagFault', 6: u'TranslationFault', 7: u'MaxFaultType'})]],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_PEP_WORK_DEVICE_IDLE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'IgnoreIdleTimeout' : [ 0x8, ['unsigned char']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+  '_FAULT_INFORMATION_ARM64_FLAGS' : [ 0x4, {
+    'WriteNotRead' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'InstructionNotData' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Privileged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'FaultAddressValid' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+}
diff --git a/volatility/plugins/overlays/windows/win10_x86_17763_vtypes.py b/volatility/plugins/overlays/windows/win10_x86_17763_vtypes.py
new file mode 100644
index 000000000..635b8a2ab
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_17763_vtypes.py
@@ -0,0 +1,15477 @@
+ntkrpamp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PS_MITIGATION_AUDIT_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x710, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Reserved6' : [ 0x2d6, ['array', 2, ['unsigned char']]],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgStateSeparationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'TelemetryCoverageRound' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1088' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1088']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_108c' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_108c']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_10a7' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_10a9' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_10a7']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x4, ['pointer', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x8, ['pointer', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0xc, ['pointer', ['void']]],
+    'RaceDll' : [ 0x10, ['pointer', ['void']]],
+    'ActivationContext' : [ 0x14, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x18, ['pointer', ['void']]],
+    'u' : [ 0x1c, ['__unnamed_10a9']],
+    'CallbackPriority' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x24, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x1c, ['pointer', ['void']]],
+    'ClientId' : [ 0x20, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['pointer', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x30, ['pointer', ['_PEB']]],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['pointer', ['void']]],
+    'Win32ThreadInfo' : [ 0x40, ['pointer', ['void']]],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['pointer', ['void']]],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['pointer', ['void']]]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['pointer', ['void']]]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x175, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x176, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['pointer', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['pointer', ['void']]],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['pointer', ['void']]],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['pointer', ['void']]]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['pointer', ['void']]],
+    'glSectionInfo' : [ 0xbe0, ['pointer', ['void']]],
+    'glSection' : [ 0xbe4, ['pointer', ['void']]],
+    'glTable' : [ 0xbe8, ['pointer', ['void']]],
+    'glCurrentRC' : [ 0xbec, ['pointer', ['void']]],
+    'glContext' : [ 0xbf0, ['pointer', ['void']]],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['pointer', ['void']]],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['pointer', ['void']]]],
+    'TlsLinks' : [ 0xf10, ['_LIST_ENTRY']],
+    'Vdm' : [ 0xf18, ['pointer', ['void']]],
+    'ReservedForNtRpc' : [ 0xf1c, ['pointer', ['void']]],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['pointer', ['void']]]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['pointer', ['void']]]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['pointer', ['void']]],
+    'PerflibData' : [ 0xf64, ['pointer', ['void']]],
+    'EtwTraceData' : [ 0xf68, ['pointer', ['void']]],
+    'WinSockData' : [ 0xf6c, ['pointer', ['void']]],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['pointer', ['void']]],
+    'ReservedForOle' : [ 0xf80, ['pointer', ['void']]],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['pointer', ['void']]],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['pointer', ['void']]],
+    'TlsExpansionSlots' : [ 0xf94, ['pointer', ['pointer', ['void']]]],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['pointer', ['void']]],
+    'pShimData' : [ 0xfa4, ['pointer', ['void']]],
+    'HeapData' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['pointer', ['void']]],
+    'ActiveFrame' : [ 0xfb0, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0xfb4, ['pointer', ['void']]],
+    'PreferredLanguages' : [ 0xfb8, ['pointer', ['void']]],
+    'UserPrefLanguages' : [ 0xfbc, ['pointer', ['void']]],
+    'MergedPrefLanguages' : [ 0xfc0, ['pointer', ['void']]],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['pointer', ['void']]],
+    'TxnScopeExitCallback' : [ 0xfd0, ['pointer', ['void']]],
+    'TxnScopeContext' : [ 0xfd4, ['pointer', ['void']]],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['pointer', ['void']]],
+    'ReservedForWdf' : [ 0xfe4, ['pointer', ['void']]],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x8, {
+    'Flink' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x4, {
+    'Next' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0xc, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0xc, {
+    'ChainHead' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x14, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0xc, ['pointer', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x24, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_CUSTOM_SYSTEM_EVENT_TRIGGER_CONFIG' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'TriggerId' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_IMAGE_NT_HEADERS' : [ 0xf8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0xc, {
+    'Children' : [ 0x0, ['array', 2, ['pointer', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_AVL_TREE' : [ 0x4, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x6020, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'Used_ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Used_StackBase' : [ 0x4, ['pointer', ['void']]],
+    'MxCsr' : [ 0x8, ['unsigned long']],
+    'TssCopy' : [ 0xc, ['pointer', ['void']]],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'SetMemberCopy' : [ 0x14, ['unsigned long']],
+    'Used_Self' : [ 0x18, ['pointer', ['void']]],
+    'SelfPcr' : [ 0x1c, ['pointer', ['_KPCR']]],
+    'Prcb' : [ 0x20, ['pointer', ['_KPRCB']]],
+    'Irql' : [ 0x24, ['unsigned char']],
+    'IRR' : [ 0x28, ['unsigned long']],
+    'IrrActive' : [ 0x2c, ['unsigned long']],
+    'IDR' : [ 0x30, ['unsigned long']],
+    'KdVersionBlock' : [ 0x34, ['pointer', ['void']]],
+    'IDT' : [ 0x38, ['pointer', ['_KIDTENTRY']]],
+    'GDT' : [ 0x3c, ['pointer', ['_KGDTENTRY']]],
+    'TSS' : [ 0x40, ['pointer', ['_KTSS']]],
+    'MajorVersion' : [ 0x44, ['unsigned short']],
+    'MinorVersion' : [ 0x46, ['unsigned short']],
+    'SetMember' : [ 0x48, ['unsigned long']],
+    'StallScaleFactor' : [ 0x4c, ['unsigned long']],
+    'SpareUnused' : [ 0x50, ['unsigned char']],
+    'Number' : [ 0x51, ['unsigned char']],
+    'Spare0' : [ 0x52, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x53, ['unsigned char']],
+    'VdmAlert' : [ 0x54, ['unsigned long']],
+    'KernelReserved' : [ 0x58, ['array', 14, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0x90, ['unsigned long']],
+    'HalReserved' : [ 0x94, ['array', 16, ['unsigned long']]],
+    'InterruptMode' : [ 0xd4, ['unsigned long']],
+    'Spare1' : [ 0xd8, ['unsigned char']],
+    'KernelReserved2' : [ 0xdc, ['array', 17, ['unsigned long']]],
+    'PrcbData' : [ 0x120, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x5f00, {
+    'MinorVersion' : [ 0x0, ['unsigned short']],
+    'MajorVersion' : [ 0x2, ['unsigned short']],
+    'CurrentThread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'NextThread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'IdleThread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'LegacyNumber' : [ 0x10, ['unsigned char']],
+    'NestingLevel' : [ 0x11, ['unsigned char']],
+    'BuildType' : [ 0x12, ['unsigned short']],
+    'CpuType' : [ 0x14, ['unsigned char']],
+    'CpuID' : [ 0x15, ['unsigned char']],
+    'CpuStep' : [ 0x16, ['unsigned short']],
+    'CpuStepping' : [ 0x16, ['unsigned char']],
+    'CpuModel' : [ 0x17, ['unsigned char']],
+    'ProcessorState' : [ 0x18, ['_KPROCESSOR_STATE']],
+    'ParentNode' : [ 0x338, ['pointer', ['_KNODE']]],
+    'PriorityState' : [ 0x33c, ['pointer', ['unsigned char']]],
+    'KernelReserved' : [ 0x340, ['array', 14, ['unsigned long']]],
+    'HalReserved' : [ 0x378, ['array', 16, ['unsigned long']]],
+    'CFlushSize' : [ 0x3b8, ['unsigned long']],
+    'CoresPerPhysicalProcessor' : [ 0x3bc, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x3bd, ['unsigned char']],
+    'CpuVendor' : [ 0x3be, ['unsigned char']],
+    'PrcbPad0' : [ 0x3bf, ['array', 1, ['unsigned char']]],
+    'MHz' : [ 0x3c0, ['unsigned long']],
+    'GroupIndex' : [ 0x3c4, ['unsigned char']],
+    'Group' : [ 0x3c5, ['unsigned char']],
+    'PrcbPad05' : [ 0x3c6, ['array', 2, ['unsigned char']]],
+    'GroupSetMember' : [ 0x3c8, ['unsigned long']],
+    'Number' : [ 0x3cc, ['unsigned long']],
+    'ClockOwner' : [ 0x3d0, ['unsigned char']],
+    'PendingTickFlags' : [ 0x3d1, ['unsigned char']],
+    'PendingTick' : [ 0x3d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x3d1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PrcbPad10' : [ 0x3d2, ['array', 70, ['unsigned char']]],
+    'LockQueue' : [ 0x418, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'InterruptCount' : [ 0x4a0, ['unsigned long']],
+    'KernelTime' : [ 0x4a4, ['unsigned long']],
+    'UserTime' : [ 0x4a8, ['unsigned long']],
+    'DpcTime' : [ 0x4ac, ['unsigned long']],
+    'DpcTimeCount' : [ 0x4b0, ['unsigned long']],
+    'InterruptTime' : [ 0x4b4, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4b8, ['unsigned long']],
+    'PageColor' : [ 0x4bc, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4c0, ['unsigned char']],
+    'NodeColor' : [ 0x4c1, ['unsigned char']],
+    'DeepSleep' : [ 0x4c2, ['unsigned char']],
+    'TbFlushListActive' : [ 0x4c3, ['unsigned char']],
+    'CachedStack' : [ 0x4c4, ['pointer', ['void']]],
+    'NodeShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x4cc, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4d0, ['unsigned long']],
+    'MmInternal' : [ 0x4d4, ['pointer', ['void']]],
+    'PrcbFlags' : [ 0x4d8, ['_KPRCBFLAG']],
+    'SchedulerAssist' : [ 0x4dc, ['pointer', ['void']]],
+    'CcFastReadNoWait' : [ 0x4e0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x4e4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x4e8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x4ec, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x4f0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x4f4, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x4f8, ['long']],
+    'IoReadOperationCount' : [ 0x4fc, ['long']],
+    'IoWriteOperationCount' : [ 0x500, ['long']],
+    'IoOtherOperationCount' : [ 0x504, ['long']],
+    'IoReadTransferCount' : [ 0x508, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x510, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x518, ['_LARGE_INTEGER']],
+    'CcFastMdlReadNoWait' : [ 0x520, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x524, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x528, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x52c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x530, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x534, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x538, ['unsigned long']],
+    'CcPinReadWait' : [ 0x53c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x540, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x544, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x548, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x54c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x550, ['unsigned long']],
+    'CcDataFlushes' : [ 0x554, ['unsigned long']],
+    'CcDataPages' : [ 0x558, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x55c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x560, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x564, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x568, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x56c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x570, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x574, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x578, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x57c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x580, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x584, ['unsigned long']],
+    'KeAlignmentFixupCount' : [ 0x588, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x58c, ['unsigned long']],
+    'KeSystemCalls' : [ 0x590, ['unsigned long']],
+    'AvailableTime' : [ 0x594, ['unsigned long']],
+    'PrcbPad22' : [ 0x598, ['array', 2, ['unsigned long']]],
+    'PPLookasideList' : [ 0x5a0, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x620, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0xf20, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x1820, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x2120, ['long']],
+    'ReverseStall' : [ 0x2124, ['long']],
+    'IpiFrame' : [ 0x2128, ['pointer', ['void']]],
+    'PrcbPad3' : [ 0x212c, ['array', 52, ['unsigned char']]],
+    'CurrentPacket' : [ 0x2160, ['array', 3, ['pointer', ['void']]]],
+    'TargetSet' : [ 0x216c, ['unsigned long']],
+    'WorkerRoutine' : [ 0x2170, ['pointer', ['void']]],
+    'IpiFrozen' : [ 0x2174, ['unsigned long']],
+    'PrcbPad4' : [ 0x2178, ['array', 40, ['unsigned char']]],
+    'RequestSummary' : [ 0x21a0, ['unsigned long']],
+    'TargetCount' : [ 0x21a4, ['long']],
+    'LastNonHrTimerExpiration' : [ 0x21a8, ['unsigned long long']],
+    'TrappedSecurityDomain' : [ 0x21b0, ['unsigned long long']],
+    'BpbState' : [ 0x21b8, ['unsigned char']],
+    'BpbCpuIdle' : [ 0x21b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbFlushRsbOnTrap' : [ 0x21b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbIbpbOnReturn' : [ 0x21b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbIbpbOnTrap' : [ 0x21b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbReserved' : [ 0x21b8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'BpbFeatures' : [ 0x21b9, ['unsigned char']],
+    'BpbClearOnIdle' : [ 0x21b9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbEnabled' : [ 0x21b9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbSmep' : [ 0x21b9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbFeaturesReserved' : [ 0x21b9, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'BpbCurrentSpecCtrl' : [ 0x21ba, ['unsigned char']],
+    'BpbKernelSpecCtrl' : [ 0x21bb, ['unsigned char']],
+    'BpbNmiSpecCtrl' : [ 0x21bc, ['unsigned char']],
+    'BpbUserSpecCtrl' : [ 0x21bd, ['unsigned char']],
+    'PrcbPad49' : [ 0x21be, ['array', 2, ['unsigned char']]],
+    'ProcessorSignature' : [ 0x21c0, ['unsigned long']],
+    'ProcessorFlags' : [ 0x21c4, ['unsigned long']],
+    'PrcbPad50' : [ 0x21c8, ['array', 8, ['unsigned char']]],
+    'InterruptLastCount' : [ 0x21d0, ['unsigned long']],
+    'InterruptRate' : [ 0x21d4, ['unsigned long']],
+    'DeviceInterrupts' : [ 0x21d8, ['unsigned long']],
+    'IsrDpcStats' : [ 0x21dc, ['pointer', ['void']]],
+    'DpcData' : [ 0x21e0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2210, ['pointer', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2214, ['long']],
+    'DpcRequestRate' : [ 0x2218, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x221c, ['unsigned long']],
+    'DpcLastCount' : [ 0x2220, ['unsigned long']],
+    'PrcbLock' : [ 0x2224, ['unsigned long']],
+    'DpcGate' : [ 0x2228, ['_KGATE']],
+    'IdleState' : [ 0x2238, ['unsigned char']],
+    'QuantumEnd' : [ 0x2239, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x223a, ['unsigned char']],
+    'IdleSchedule' : [ 0x223b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x223c, ['long']],
+    'DpcRequestSlot' : [ 0x223c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x223c, ['short']],
+    'ThreadDpcState' : [ 0x223e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x223c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x223c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x223c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x223c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x223c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x223c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x223c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x223c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x223c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x223c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2240, ['unsigned long']],
+    'LastTick' : [ 0x2244, ['unsigned long']],
+    'PeriodicCount' : [ 0x2248, ['unsigned long']],
+    'PeriodicBias' : [ 0x224c, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2250, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2254, ['unsigned long']],
+    'GroupSchedulingOverQuota' : [ 0x2258, ['unsigned char']],
+    'ThreadDpcEnable' : [ 0x2259, ['unsigned char']],
+    'PrcbPad41' : [ 0x225a, ['array', 2, ['unsigned char']]],
+    'TimerTable' : [ 0x2260, ['_KTIMER_TABLE']],
+    'CallDpc' : [ 0x3aa0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x3ac0, ['long']],
+    'PrcbPad6' : [ 0x3ac4, ['array', 4, ['unsigned char']]],
+    'DpcWatchdogPeriod' : [ 0x3ac8, ['long']],
+    'DpcWatchdogCount' : [ 0x3acc, ['long']],
+    'KeSpinLockOrdering' : [ 0x3ad0, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x3ad4, ['unsigned long']],
+    'QueueIndex' : [ 0x3ad8, ['unsigned long']],
+    'DeferredReadyListHead' : [ 0x3adc, ['_SINGLE_LIST_ENTRY']],
+    'ReadySummary' : [ 0x3ae0, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x3ae4, ['long']],
+    'WaitLock' : [ 0x3ae8, ['unsigned long']],
+    'WaitListHead' : [ 0x3aec, ['_LIST_ENTRY']],
+    'ScbOffset' : [ 0x3af4, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x3af8, ['unsigned long']],
+    'StartCycles' : [ 0x3b00, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x3b08, ['unsigned long long']],
+    'TaggedCycles' : [ 0x3b10, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x3b20, ['unsigned long long']],
+    'CycleTime' : [ 0x3b28, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x3b30, ['unsigned long long']],
+    'ImportantCycles' : [ 0x3b38, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x3b40, ['unsigned long long']],
+    'ReadyQueueExpectedRunTime' : [ 0x3b48, ['unsigned long long']],
+    'HighCycleTime' : [ 0x3b50, ['unsigned long']],
+    'Cycles' : [ 0x3b58, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad71' : [ 0x3b98, ['array', 2, ['unsigned long']]],
+    'DispatcherReadyListHead' : [ 0x3ba0, ['array', 32, ['_LIST_ENTRY']]],
+    'ChainedInterruptList' : [ 0x3ca0, ['pointer', ['void']]],
+    'LookasideIrpFloat' : [ 0x3ca4, ['long']],
+    'ScbQueue' : [ 0x3ca8, ['_RTL_RB_TREE']],
+    'ScbList' : [ 0x3cb0, ['_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x3cb8, ['long']],
+    'MmCopyOnWriteCount' : [ 0x3cbc, ['long']],
+    'MmTransitionCount' : [ 0x3cc0, ['long']],
+    'MmCacheTransitionCount' : [ 0x3cc4, ['long']],
+    'MmDemandZeroCount' : [ 0x3cc8, ['long']],
+    'MmPageReadCount' : [ 0x3ccc, ['long']],
+    'MmPageReadIoCount' : [ 0x3cd0, ['long']],
+    'MmCacheReadCount' : [ 0x3cd4, ['long']],
+    'MmCacheIoCount' : [ 0x3cd8, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x3cdc, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x3ce0, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x3ce4, ['long']],
+    'MmMappedWriteIoCount' : [ 0x3ce8, ['long']],
+    'CachedCommit' : [ 0x3cec, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x3cf0, ['unsigned long']],
+    'HyperPte' : [ 0x3cf4, ['pointer', ['void']]],
+    'PrcbPad8' : [ 0x3cf8, ['array', 4, ['unsigned char']]],
+    'VendorString' : [ 0x3cfc, ['array', 13, ['unsigned char']]],
+    'InitialApicId' : [ 0x3d09, ['unsigned char']],
+    'LogicalProcessorsPerPhysicalProcessor' : [ 0x3d0a, ['unsigned char']],
+    'PrcbPad9' : [ 0x3d0b, ['array', 1, ['unsigned char']]],
+    'FeatureBits' : [ 0x3d10, ['unsigned long long']],
+    'UpdateSignature' : [ 0x3d18, ['_LARGE_INTEGER']],
+    'IsrTime' : [ 0x3d20, ['unsigned long long']],
+    'PrcbPad90' : [ 0x3d28, ['array', 2, ['unsigned long']]],
+    'PowerState' : [ 0x3d30, ['_PROCESSOR_POWER_STATE']],
+    'ForceIdleDpc' : [ 0x3ed8, ['_KDPC']],
+    'PrcbPad91' : [ 0x3ef8, ['array', 14, ['unsigned long']]],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x3f30, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x3f34, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x3f58, ['_KTIMER']],
+    'HypercallPageList' : [ 0x3f80, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x3f88, ['pointer', ['void']]],
+    'VirtualApicAssist' : [ 0x3f8c, ['pointer', ['void']]],
+    'StatisticsPage' : [ 0x3f90, ['pointer', ['unsigned long long']]],
+    'Cache' : [ 0x3f94, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x3fd0, ['unsigned long']],
+    'PackageProcessorSet' : [ 0x3fd4, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x3fe0, ['unsigned long']],
+    'SharedReadyQueue' : [ 0x3fe4, ['pointer', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x3fe8, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x3fec, ['unsigned long']],
+    'ScanSiblingMask' : [ 0x3ff0, ['unsigned long']],
+    'LLCMask' : [ 0x3ff4, ['unsigned long']],
+    'CacheProcessorMask' : [ 0x3ff8, ['array', 5, ['unsigned long']]],
+    'ScanSiblingIndex' : [ 0x400c, ['unsigned long']],
+    'WheaInfo' : [ 0x4010, ['pointer', ['void']]],
+    'EtwSupport' : [ 0x4014, ['pointer', ['void']]],
+    'InterruptObjectPool' : [ 0x4018, ['_SLIST_HEADER']],
+    'DpcWatchdogProfile' : [ 0x4020, ['pointer', ['pointer', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x4024, ['pointer', ['pointer', ['void']]]],
+    'PrcbPad92' : [ 0x4028, ['array', 1, ['unsigned long']]],
+    'PteBitCache' : [ 0x402c, ['unsigned long']],
+    'PteBitOffset' : [ 0x4030, ['unsigned long']],
+    'PrcbPad93' : [ 0x4034, ['unsigned long']],
+    'ProcessorProfileControlArea' : [ 0x4038, ['pointer', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x403c, ['pointer', ['void']]],
+    'TimerExpirationDpc' : [ 0x4040, ['_KDPC']],
+    'SynchCounters' : [ 0x4060, ['_SYNCH_COUNTERS']],
+    'FsCounters' : [ 0x4118, ['_FILESYSTEM_DISK_COUNTERS']],
+    'Context' : [ 0x4128, ['pointer', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x412c, ['unsigned long']],
+    'ExtendedState' : [ 0x4130, ['pointer', ['_XSAVE_AREA']]],
+    'EntropyTimingState' : [ 0x4134, ['_KENTROPY_TIMING_STATE']],
+    'IsrStack' : [ 0x425c, ['pointer', ['void']]],
+    'VectorToInterruptObject' : [ 0x4260, ['array', 208, ['pointer', ['_KINTERRUPT']]]],
+    'AbSelfIoBoostsList' : [ 0x45a0, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x45a4, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x45a8, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x45c8, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x461c, ['_IOP_IRP_STACK_PROFILER']],
+    'TimerExpirationTrace' : [ 0x4670, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x4770, ['unsigned long']],
+    'ExSaPageArray' : [ 0x4774, ['pointer', ['void']]],
+    'ExtendedSupervisorState' : [ 0x4778, ['pointer', ['_XSAVE_AREA_HEADER']]],
+    'PrcbPad100' : [ 0x477c, ['array', 9, ['unsigned long']]],
+    'LocalSharedReadyQueue' : [ 0x47a0, ['_KSHARED_READY_QUEUE']],
+    'Mailbox' : [ 0x48e0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'PrcbPad' : [ 0x48e4, ['array', 1532, ['unsigned char']]],
+    'KernelDirectoryTableBase' : [ 0x4ee0, ['unsigned long']],
+    'EspBaseShadow' : [ 0x4ee4, ['unsigned long']],
+    'UserEspShadow' : [ 0x4ee8, ['unsigned long']],
+    'ShadowFlags' : [ 0x4eec, ['unsigned long']],
+    'UserDS' : [ 0x4ef0, ['unsigned long']],
+    'UserES' : [ 0x4ef4, ['unsigned long']],
+    'UserFS' : [ 0x4ef8, ['unsigned long']],
+    'EspIretd' : [ 0x4efc, ['pointer', ['void']]],
+    'RestoreSegOption' : [ 0x4f00, ['unsigned long']],
+    'SavedEsi' : [ 0x4f04, ['unsigned long']],
+    'DbgLogs' : [ 0x4f08, ['array', 512, ['unsigned long']]],
+    'DbgCount' : [ 0x5708, ['unsigned long']],
+    'PrcbPadRemaingPage' : [ 0x570c, ['array', 501, ['unsigned long']]],
+    'RequestMailbox' : [ 0x5ee0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KAPC' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x14, ['pointer', ['void']]],
+    'RundownRoutine' : [ 0x18, ['pointer', ['void']]],
+    'NormalRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Reserved' : [ 0x14, ['array', 3, ['pointer', ['void']]]],
+    'NormalContext' : [ 0x20, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x24, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x28, ['pointer', ['void']]],
+    'ApcStateIndex' : [ 0x2c, ['unsigned char']],
+    'ApcMode' : [ 0x2d, ['unsigned char']],
+    'Inserted' : [ 0x2e, ['unsigned char']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0xb0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x18, ['unsigned long']],
+    'LdtDescriptor' : [ 0x1c, ['_KGDTENTRY']],
+    'Int21Descriptor' : [ 0x24, ['_KIDTENTRY']],
+    'ThreadListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x34, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x38, ['unsigned long long']],
+    'Affinity' : [ 0x40, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x4c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x54, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x58, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x64, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x64, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x64, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeepFreeze' : [ 0x64, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x64, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x64, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x64, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x64, ['BitField', dict(start_bit = 7, end_bit = 10, native_type='unsigned long')]],
+    'ActiveGroupsMask' : [ 0x64, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'VaSpaceDeleted' : [ 0x64, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x64, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'ProcessFlags' : [ 0x64, ['long']],
+    'BasePriority' : [ 0x68, ['unsigned char']],
+    'QuantumReset' : [ 0x69, ['unsigned char']],
+    'Visited' : [ 0x6a, ['unsigned char']],
+    'Flags' : [ 0x6b, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x6c, ['array', 1, ['unsigned long']]],
+    'IdealNode' : [ 0x70, ['array', 1, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x72, ['unsigned short']],
+    'Spare1' : [ 0x74, ['unsigned short']],
+    'IopmOffset' : [ 0x76, ['unsigned short']],
+    'SchedulingGroup' : [ 0x78, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'StackCount' : [ 0x7c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x80, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x88, ['unsigned long long']],
+    'ContextSwitches' : [ 0x90, ['unsigned long long']],
+    'FreezeCount' : [ 0x98, ['unsigned long']],
+    'KernelTime' : [ 0x9c, ['unsigned long']],
+    'UserTime' : [ 0xa0, ['unsigned long']],
+    'ReadyTime' : [ 0xa4, ['unsigned long']],
+    'VdmTrapcHandler' : [ 0xa8, ['pointer', ['void']]],
+    'ProcessTimerDelay' : [ 0xac, ['unsigned long']],
+} ],
+  '_KTHREAD' : [ 0x350, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x10, ['pointer', ['void']]],
+    'QuantumTarget' : [ 0x18, ['unsigned long long']],
+    'InitialStack' : [ 0x20, ['pointer', ['void']]],
+    'StackLimit' : [ 0x24, ['pointer', ['void']]],
+    'StackBase' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLock' : [ 0x2c, ['unsigned long']],
+    'CycleTime' : [ 0x30, ['unsigned long long']],
+    'HighCycleTime' : [ 0x38, ['unsigned long']],
+    'ServiceTable' : [ 0x3c, ['pointer', ['void']]],
+    'CurrentRunTime' : [ 0x40, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x44, ['unsigned long']],
+    'KernelStack' : [ 0x48, ['pointer', ['void']]],
+    'StateSaveArea' : [ 0x4c, ['pointer', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x50, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x54, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x55, ['unsigned char']],
+    'Alerted' : [ 0x56, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x58, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x58, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x58, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x58, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x58, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x58, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x58, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x58, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x58, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x58, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x58, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x58, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x58, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x58, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x58, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x58, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x58, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x58, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CetShadowStack' : [ 0x58, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved' : [ 0x58, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x58, ['long']],
+    'BamQosLevel' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'AutoAlignment' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x5c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x5c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x5c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x5c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x5c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x5c, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x5c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x5c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x5c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x5c, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x5c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x5c, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'VpBackingThread' : [ 0x5c, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x5c, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x5c, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x5c, ['long']],
+    'Tag' : [ 0x60, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x61, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x63, ['unsigned char']],
+    'SystemCallNumber' : [ 0x64, ['unsigned long']],
+    'FirstArgument' : [ 0x68, ['pointer', ['void']]],
+    'TrapFrame' : [ 0x6c, ['pointer', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x70, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x70, ['array', 23, ['unsigned char']]],
+    'Priority' : [ 0x87, ['unsigned char']],
+    'UserIdealProcessor' : [ 0x88, ['unsigned long']],
+    'ContextSwitches' : [ 0x8c, ['unsigned long']],
+    'State' : [ 0x90, ['unsigned char']],
+    'Spare12' : [ 0x91, ['unsigned char']],
+    'WaitIrql' : [ 0x92, ['unsigned char']],
+    'WaitMode' : [ 0x93, ['unsigned char']],
+    'WaitStatus' : [ 0x94, ['long']],
+    'WaitBlockList' : [ 0x98, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0x9c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x9c, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xa4, ['pointer', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xa8, ['pointer', ['void']]],
+    'RelativeTimerBias' : [ 0xb0, ['unsigned long long']],
+    'Timer' : [ 0xb8, ['_KTIMER']],
+    'WaitBlock' : [ 0xe0, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill8' : [ 0xe0, ['array', 20, ['unsigned char']]],
+    'ThreadCounters' : [ 0xf4, ['pointer', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0xe0, ['array', 44, ['unsigned char']]],
+    'XStateSave' : [ 0x10c, ['pointer', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0xe0, ['array', 68, ['unsigned char']]],
+    'Win32Thread' : [ 0x124, ['pointer', ['void']]],
+    'WaitBlockFill11' : [ 0xe0, ['array', 88, ['unsigned char']]],
+    'WaitTime' : [ 0x138, ['unsigned long']],
+    'KernelApcDisable' : [ 0x13c, ['short']],
+    'SpecialApcDisable' : [ 0x13e, ['short']],
+    'CombinedApcDisable' : [ 0x13c, ['unsigned long']],
+    'QueueListEntry' : [ 0x140, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x148, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x148, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x148, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x14c, ['long']],
+    'Process' : [ 0x150, ['pointer', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x154, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x154, ['array', 6, ['unsigned char']]],
+    'PreviousMode' : [ 0x15a, ['unsigned char']],
+    'BasePriority' : [ 0x15b, ['unsigned char']],
+    'PriorityDecrement' : [ 0x15c, ['unsigned char']],
+    'ForegroundBoost' : [ 0x15c, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x15c, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x15d, ['unsigned char']],
+    'AdjustReason' : [ 0x15e, ['unsigned char']],
+    'AdjustIncrement' : [ 0x15f, ['unsigned char']],
+    'AffinityVersion' : [ 0x160, ['unsigned long']],
+    'Affinity' : [ 0x164, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x164, ['array', 6, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x16a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x16b, ['unsigned char']],
+    'IdealProcessor' : [ 0x16c, ['unsigned long']],
+    'ReadyTime' : [ 0x170, ['unsigned long']],
+    'SavedApcState' : [ 0x174, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x174, ['array', 23, ['unsigned char']]],
+    'WaitReason' : [ 0x18b, ['unsigned char']],
+    'SuspendCount' : [ 0x18c, ['unsigned char']],
+    'Saturation' : [ 0x18d, ['unsigned char']],
+    'SListFaultCount' : [ 0x18e, ['unsigned short']],
+    'SchedulerApc' : [ 0x190, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x190, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x191, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x190, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x193, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x190, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x194, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x190, ['array', 36, ['unsigned char']]],
+    'WaitPrcb' : [ 0x1b4, ['pointer', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x190, ['array', 40, ['unsigned char']]],
+    'LegoData' : [ 0x1b8, ['pointer', ['void']]],
+    'SchedulerApcFill5' : [ 0x190, ['array', 47, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x1bf, ['unsigned char']],
+    'UserTime' : [ 0x1c0, ['unsigned long']],
+    'SuspendEvent' : [ 0x1c4, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x1d4, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x1dc, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x1e4, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x1e5, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x1e6, ['unsigned char']],
+    'SystemPriority' : [ 0x1e7, ['unsigned char']],
+    'LockEntries' : [ 0x1e8, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x308, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x30c, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x310, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x320, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x324, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x328, ['long']],
+    'KeReferenceCount' : [ 0x32c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x32e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x32f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x330, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x334, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x334, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x338, ['unsigned long']],
+    'QueuedScb' : [ 0x33c, ['pointer', ['_KSCB']]],
+    'NpxState' : [ 0x340, ['unsigned long long']],
+    'ThreadTimerDelay' : [ 0x348, ['unsigned long']],
+    'ThreadFlags2' : [ 0x34c, ['long']],
+    'PpmPolicy' : [ 0x34c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlags2Reserved' : [ 0x34c, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'ActualLimit' : [ 0x4, ['unsigned long']],
+    'StackExpansion' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousTrapFrame' : [ 0x8, ['pointer', ['_KTRAP_FRAME']]],
+    'PreviousExceptionList' : [ 0xc, ['pointer', ['void']]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Event' : [ 0xc, ['_KEVENT']],
+    'OldIrql' : [ 0x1c, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_SLIST_HEADER' : [ 0x8, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x4, ['unsigned short']],
+    'CpuId' : [ 0x6, ['unsigned short']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x48, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['unsigned long']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['_FAST_MUTEX']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer', ['void']]],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Parameter' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer', ['void']]],
+    'DeleteContext' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x8, {
+    'P' : [ 0x0, ['pointer', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x4, ['pointer', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x100, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long']],
+    'IdleSmtSet' : [ 0x4, ['unsigned long']],
+    'IdleCpuSet' : [ 0x8, ['unsigned long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long']],
+    'IdleConstrainedSet' : [ 0x44, ['unsigned long']],
+    'NonParkedSet' : [ 0x48, ['unsigned long']],
+    'NonIsrTargetedSet' : [ 0x4c, ['unsigned long']],
+    'ParkLock' : [ 0x50, ['long']],
+    'Seed' : [ 0x54, ['unsigned long']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x84, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x84, ['array', 6, ['unsigned char']]],
+    'NodeNumber' : [ 0x8a, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x8c, ['unsigned short']],
+    'Stride' : [ 0x8e, ['unsigned char']],
+    'Spare0' : [ 0x8f, ['unsigned char']],
+    'SharedReadyQueueLeaders' : [ 0x90, ['unsigned long']],
+    'ProximityId' : [ 0x94, ['unsigned long']],
+    'Lowest' : [ 0x98, ['unsigned long']],
+    'Highest' : [ 0x9c, ['unsigned long']],
+    'MaximumProcessors' : [ 0xa0, ['unsigned char']],
+    'Flags' : [ 0xa1, ['_flags']],
+    'Spare10' : [ 0xa2, ['unsigned char']],
+    'HeteroSets' : [ 0xa4, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+    'PpmConfiguredQosSets' : [ 0xe0, ['array', 4, ['unsigned long']]],
+} ],
+  '_ENODE' : [ 0x140, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'HotAddProcessorWorkItem' : [ 0x100, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long']],
+    'QuotaProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x10, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'StrictFIFO' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x1c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x1c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x24, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 20, ['unsigned char']]],
+    'DebugInfo' : [ 0x54, ['pointer', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'VolatileLowValue' : [ 0x0, ['long']],
+    'LowValue' : [ 0x0, ['long']],
+    'InfoTable' : [ 0x0, ['pointer', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x4, ['long']],
+    'NextFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x4, ['_EXHANDLE']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'RefCountField' : [ 0x4, ['long']],
+    'GrantedAccessBits' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'ProtectFromClose' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'RefCnt' : [ 0x4, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_FAST_REF' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1358' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0x74, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'AuxData' : [ 0x30, ['pointer', ['void']]],
+    'Privileges' : [ 0x34, ['__unnamed_1358']],
+    'AuditPrivileges' : [ 0x60, ['unsigned char']],
+    'ObjectName' : [ 0x64, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x6c, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xc4, {
+    'PrivilegesUsed' : [ 0x0, ['pointer', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x4, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x14, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x18, ['unsigned long']],
+    'TransactionId' : [ 0x1c, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x30, ['pointer', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x34, ['pointer', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x38, ['pointer', ['void']]],
+    'SDLock' : [ 0x3c, ['pointer', ['void']]],
+    'AccessReasons' : [ 0x40, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xc0, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x480, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x350, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x358, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x358, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x360, ['pointer', ['void']]],
+    'PostBlockList' : [ 0x364, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x364, ['pointer', ['void']]],
+    'StartAddress' : [ 0x368, ['pointer', ['void']]],
+    'TerminationPort' : [ 0x36c, ['pointer', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x36c, ['pointer', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x36c, ['pointer', ['void']]],
+    'ActiveTimerListLock' : [ 0x370, ['unsigned long']],
+    'ActiveTimerListHead' : [ 0x374, ['_LIST_ENTRY']],
+    'Cid' : [ 0x37c, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x384, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x384, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x398, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x39c, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x3a4, ['unsigned long']],
+    'DeviceToVerify' : [ 0x3a8, ['pointer', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x3ac, ['pointer', ['void']]],
+    'LegacyPowerObject' : [ 0x3b0, ['pointer', ['void']]],
+    'ThreadListEntry' : [ 0x3b4, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x3bc, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x3c0, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x3c4, ['unsigned long']],
+    'MmLockOrdering' : [ 0x3c8, ['long']],
+    'CrossThreadFlags' : [ 0x3cc, ['unsigned long']],
+    'Terminated' : [ 0x3cc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x3cc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x3cc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x3cc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x3cc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x3cc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x3cc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x3cc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x3cc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x3cc, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x3cc, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x3cc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x3cc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x3cc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x3cc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x3cc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x3cc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x3cc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ForcedSelfTrimActive' : [ 0x3cc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SamplingCoverage' : [ 0x3cc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x3cc, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x3d0, ['unsigned long']],
+    'ActiveExWorker' : [ 0x3d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x3d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x3d0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x3d0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x3d0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x3d0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x3d0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x3d0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SecureContext' : [ 0x3d0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ZeroPageThread' : [ 0x3d0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WorkloadClass' : [ 0x3d0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x3d0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x3d4, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x3d4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x3d4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x3d4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x3d4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x3d4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x3d4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x3d4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x3d4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x3d5, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x3d5, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'AllowWritesToExecutableMemory' : [ 0x3d5, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'OwnsVadShared' : [ 0x3d5, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x3d8, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x3d9, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x3da, ['unsigned char']],
+    'LockOrderState' : [ 0x3db, ['unsigned char']],
+    'AlpcMessageId' : [ 0x3dc, ['unsigned long']],
+    'AlpcMessage' : [ 0x3e0, ['pointer', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x3e0, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x3e4, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x3ec, ['long']],
+    'CacheManagerCount' : [ 0x3f0, ['unsigned long']],
+    'IoBoostCount' : [ 0x3f4, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x3f8, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x3fc, ['unsigned long']],
+    'KernelStackReference' : [ 0x400, ['unsigned long']],
+    'BoostList' : [ 0x404, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x40c, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x414, ['unsigned long']],
+    'IrpListLock' : [ 0x418, ['unsigned long']],
+    'ReservedForSynchTracking' : [ 0x41c, ['pointer', ['void']]],
+    'CmCallbackListHead' : [ 0x420, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x424, ['pointer', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x428, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x42c, ['pointer', ['void']]],
+    'AdjustedClientToken' : [ 0x430, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x434, ['pointer', ['void']]],
+    'PropertySet' : [ 0x438, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x444, ['pointer', ['void']]],
+    'UserFsBase' : [ 0x448, ['unsigned long']],
+    'UserGsBase' : [ 0x44c, ['unsigned long']],
+    'EnergyValues' : [ 0x450, ['pointer', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x454, ['pointer', ['void']]],
+    'SelectedCpuSets' : [ 0x458, ['unsigned long']],
+    'SelectedCpuSetsIndirect' : [ 0x458, ['pointer', ['unsigned long']]],
+    'Silo' : [ 0x45c, ['pointer', ['_EJOB']]],
+    'ThreadName' : [ 0x460, ['pointer', ['_UNICODE_STRING']]],
+    'LastExpectedRunTime' : [ 0x464, ['unsigned long']],
+    'HeapData' : [ 0x468, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x46c, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x474, ['unsigned long']],
+    'DisownedOwnerEntryListHead' : [ 0x478, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_13ae' : [ 0x4, {
+    'ControlFlowGuardEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditDisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'AuditDisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'AuditProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'AuditProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinaries' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinariesAllowStore' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AuditLoaderIntegrityContinuity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'EnableModuleTamperingProtection' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'EnableModuleTamperingProtectionNoInherit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RestrictIndirectBranchPrediction' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IsolateSecurityDomain' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_13b0' : [ 0x4, {
+    'EnableExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AuditExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'EnableRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuditRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuditRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'EnableRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AuditRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'EnableImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisablePageCombine' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SpeculativeStoreBypassDisable' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'CetShadowStacks' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+} ],
+  '_EPROCESS' : [ 0x408, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0xb4, ['pointer', ['void']]],
+    'ActiveProcessLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0xc0, ['_EX_RUNDOWN_REF']],
+    'VdmObjects' : [ 0xc4, ['pointer', ['void']]],
+    'Flags2' : [ 0xc8, ['unsigned long']],
+    'JobNotReallyActive' : [ 0xc8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0xc8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0xc8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0xc8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0xc8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0xc8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0xc8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0xc8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0xc8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0xc8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PicoCreated' : [ 0xc8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0xc8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0xc8, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0xc8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0xc8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0xc8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0xc8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0xc8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0xc8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0xc8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0xc8, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'EnableReadVmLogging' : [ 0xc8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'EnableWriteVmLogging' : [ 0xc8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0xc8, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0xc8, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0xc8, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0xc8, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'InPrivate' : [ 0xc8, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0xcc, ['unsigned long']],
+    'CreateReported' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0xcc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0xcc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0xcc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ManageExecutableMemoryWrites' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0xcc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0xcc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0xcc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0xcc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0xcc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0xcc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0xcc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0xcc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0xcc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0xcc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0xcc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0xcc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0xcc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0xcc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0xcc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0xcc, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0xcc, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0xcc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0xd0, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0xd8, ['array', 2, ['unsigned long']]],
+    'ProcessQuotaPeak' : [ 0xe0, ['array', 2, ['unsigned long']]],
+    'PeakVirtualSize' : [ 0xe8, ['unsigned long']],
+    'VirtualSize' : [ 0xec, ['unsigned long']],
+    'SessionProcessLinks' : [ 0xf0, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0xf8, ['pointer', ['void']]],
+    'ExceptionPortValue' : [ 0xf8, ['unsigned long']],
+    'ExceptionPortState' : [ 0xf8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Token' : [ 0xfc, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x100, ['unsigned long']],
+    'AddressCreationLock' : [ 0x104, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x108, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x10c, ['pointer', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x110, ['pointer', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x114, ['pointer', ['_EJOB']]],
+    'CloneRoot' : [ 0x118, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x11c, ['unsigned long']],
+    'NumberOfLockedPages' : [ 0x120, ['unsigned long']],
+    'Win32Process' : [ 0x124, ['pointer', ['void']]],
+    'Job' : [ 0x128, ['pointer', ['_EJOB']]],
+    'SectionObject' : [ 0x12c, ['pointer', ['void']]],
+    'SectionBaseAddress' : [ 0x130, ['pointer', ['void']]],
+    'Cookie' : [ 0x134, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x138, ['pointer', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x13c, ['pointer', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x140, ['pointer', ['void']]],
+    'LdtInformation' : [ 0x144, ['pointer', ['void']]],
+    'OwnerProcessId' : [ 0x148, ['unsigned long']],
+    'Peb' : [ 0x14c, ['pointer', ['_PEB']]],
+    'Session' : [ 0x150, ['pointer', ['_MM_SESSION_SPACE']]],
+    'Spare1' : [ 0x154, ['pointer', ['void']]],
+    'QuotaBlock' : [ 0x158, ['pointer', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x15c, ['pointer', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x160, ['pointer', ['void']]],
+    'PaeTop' : [ 0x164, ['pointer', ['void']]],
+    'DeviceMap' : [ 0x168, ['pointer', ['void']]],
+    'EtwDataSource' : [ 0x16c, ['pointer', ['void']]],
+    'PageDirectoryPte' : [ 0x170, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x178, ['pointer', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x17c, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x18b, ['unsigned char']],
+    'SecurityPort' : [ 0x18c, ['pointer', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x190, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x194, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x19c, ['pointer', ['void']]],
+    'ThreadListHead' : [ 0x1a0, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x1a8, ['unsigned long']],
+    'ImagePathHash' : [ 0x1ac, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x1b0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x1b4, ['long']],
+    'PrefetchTrace' : [ 0x1b8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x1bc, ['pointer', ['void']]],
+    'ReadOperationCount' : [ 0x1c0, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x1c8, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x1d0, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x1e8, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x1f0, ['unsigned long']],
+    'CommitCharge' : [ 0x1f4, ['unsigned long']],
+    'CommitChargePeak' : [ 0x1f8, ['unsigned long']],
+    'Vm' : [ 0x1fc, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x28c, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x294, ['unsigned long']],
+    'ExitStatus' : [ 0x298, ['long']],
+    'VadRoot' : [ 0x29c, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x2a0, ['pointer', ['void']]],
+    'VadCount' : [ 0x2a4, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x2a8, ['unsigned long']],
+    'VadPhysicalPagesLimit' : [ 0x2ac, ['unsigned long']],
+    'AlpcContext' : [ 0x2b0, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x2c0, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x2c8, ['pointer', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x2cc, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x2d0, ['unsigned long']],
+    'ExitTime' : [ 0x2d8, ['_LARGE_INTEGER']],
+    'ActiveThreadsHighWatermark' : [ 0x2e0, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x2e4, ['unsigned long']],
+    'ThreadListLock' : [ 0x2e8, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x2ec, ['pointer', ['void']]],
+    'ServerSilo' : [ 0x2f0, ['pointer', ['_EJOB']]],
+    'SignatureLevel' : [ 0x2f4, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x2f5, ['unsigned char']],
+    'Protection' : [ 0x2f6, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x2f7, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'GhostCount' : [ 0x2f7, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'PrefilterException' : [ 0x2f7, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Flags3' : [ 0x2f8, ['unsigned long']],
+    'Minimal' : [ 0x2f8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x2f8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Crashed' : [ 0x2f8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x2f8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x2f8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x2f8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x2f8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x2f8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x2f8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x2f8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x2f8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x2f8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SystemProcess' : [ 0x2f8, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'HideImageBaseAddresses' : [ 0x2f8, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x2f8, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProcessFirstResume' : [ 0x2f8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ForegroundExternal' : [ 0x2f8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ForegroundSystem' : [ 0x2f8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HighMemoryPriority' : [ 0x2f8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'EnableProcessSuspendResumeLogging' : [ 0x2f8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'EnableThreadSuspendResumeLogging' : [ 0x2f8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SecurityDomainChanged' : [ 0x2f8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'SecurityFreezeComplete' : [ 0x2f8, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'VmProcessorHost' : [ 0x2f8, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x2fc, ['long']],
+    'SvmData' : [ 0x300, ['pointer', ['void']]],
+    'SvmProcessLock' : [ 0x304, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x308, ['unsigned long']],
+    'SvmProcessDeviceListHead' : [ 0x30c, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x318, ['unsigned long long']],
+    'DiskCounters' : [ 0x320, ['pointer', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x324, ['pointer', ['void']]],
+    'HighPriorityFaultsAllowed' : [ 0x328, ['unsigned long']],
+    'InstrumentationCallback' : [ 0x32c, ['pointer', ['void']]],
+    'EnergyContext' : [ 0x330, ['pointer', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x334, ['pointer', ['void']]],
+    'SequenceNumber' : [ 0x338, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x340, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x348, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x350, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x358, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x360, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x360, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x368, ['unsigned long']],
+    'SharedCommitLock' : [ 0x36c, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x370, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x378, ['unsigned long']],
+    'DefaultCpuSets' : [ 0x37c, ['unsigned long']],
+    'AllowedCpuSetsIndirect' : [ 0x378, ['pointer', ['unsigned long']]],
+    'DefaultCpuSetsIndirect' : [ 0x37c, ['pointer', ['unsigned long']]],
+    'DiskIoAttribution' : [ 0x380, ['pointer', ['void']]],
+    'DxgProcess' : [ 0x384, ['pointer', ['void']]],
+    'Win32KFilterSet' : [ 0x388, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x390, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x398, ['unsigned long']],
+    'KTimer2Sets' : [ 0x39c, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x3a0, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x3a4, ['unsigned long']],
+    'VirtualTimerListHead' : [ 0x3a8, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x3b0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x3b0, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'MitigationFlags' : [ 0x3e0, ['unsigned long']],
+    'MitigationFlagsValues' : [ 0x3e0, ['__unnamed_13ae']],
+    'MitigationFlags2' : [ 0x3e4, ['unsigned long']],
+    'MitigationFlags2Values' : [ 0x3e4, ['__unnamed_13b0']],
+    'PartitionObject' : [ 0x3e8, ['pointer', ['void']]],
+    'SecurityDomain' : [ 0x3f0, ['unsigned long long']],
+    'ParentSecurityDomain' : [ 0x3f8, ['unsigned long long']],
+    'CoverageSamplerContext' : [ 0x400, ['pointer', ['void']]],
+    'MmHotPatchContext' : [ 0x404, ['pointer', ['void']]],
+} ],
+  '__unnamed_13c3' : [ 0x4, {
+    'MasterIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_13c9' : [ 0x8, {
+    'UserApcRoutine' : [ 0x0, ['pointer', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer', ['void']]],
+    'UserApcContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_13cb' : [ 0x8, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13c9']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13d4' : [ 0x2c, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer', ['void']]]],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x14, ['pointer', ['unsigned char']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x20, ['pointer', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x20, ['unsigned long']],
+    'OriginalFileObject' : [ 0x24, ['pointer', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '__unnamed_13d6' : [ 0x30, {
+    'Overlay' : [ 0x0, ['__unnamed_13d4']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IRP' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x4, ['pointer', ['_MDL']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AssociatedIrp' : [ 0xc, ['__unnamed_13c3']],
+    'ThreadListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x18, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x20, ['unsigned char']],
+    'PendingReturned' : [ 0x21, ['unsigned char']],
+    'StackCount' : [ 0x22, ['unsigned char']],
+    'CurrentLocation' : [ 0x23, ['unsigned char']],
+    'Cancel' : [ 0x24, ['unsigned char']],
+    'CancelIrql' : [ 0x25, ['unsigned char']],
+    'ApcEnvironment' : [ 0x26, ['unsigned char']],
+    'AllocationFlags' : [ 0x27, ['unsigned char']],
+    'UserIosb' : [ 0x28, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x2c, ['pointer', ['_KEVENT']]],
+    'Overlay' : [ 0x30, ['__unnamed_13cb']],
+    'CancelRoutine' : [ 0x38, ['pointer', ['void']]],
+    'UserBuffer' : [ 0x3c, ['pointer', ['void']]],
+    'Tail' : [ 0x40, ['__unnamed_13d6']],
+} ],
+  '__unnamed_13dd' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'FileAttributes' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'EaLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13e1' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13e5' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13e7' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13eb' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13ed' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13f1' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+    'DirectoryNotifyInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'DirectoryNotifyInformation', 2: u'DirectoryNotifyExtendedInformation'})]],
+} ],
+  '__unnamed_13f3' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_13f5' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0xc, ['unsigned char']],
+    'AdvanceOnly' : [ 0xd, ['unsigned char']],
+    'ClusterCount' : [ 0xc, ['unsigned long']],
+    'DeleteHandle' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_13f7' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x4, ['pointer', ['void']]],
+    'EaListLength' : [ 0x8, ['unsigned long']],
+    'EaIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13f9' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13fd' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsFullSizeInformationEx', 15: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_13ff' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'FsControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1402' : [ 0x10, {
+    'Length' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1404' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'IoControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1406' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1408' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_140c' : [ 0x8, {
+    'Vpb' : [ 0x0, ['pointer', ['_VPB']]],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_1410' : [ 0x4, {
+    'Srb' : [ 0x0, ['pointer', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1414' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x4, ['pointer', ['void']]],
+    'SidList' : [ 0x8, ['pointer', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1418' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_141c' : [ 0x10, {
+    'InterfaceType' : [ 0x0, ['pointer', ['_GUID']]],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned short']],
+    'Interface' : [ 0x8, ['pointer', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1420' : [ 0x4, {
+    'Capabilities' : [ 0x0, ['pointer', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1424' : [ 0x4, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1426' : [ 0x10, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['void']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+    'Length' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1428' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_142c' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_1430' : [ 0x8, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1434' : [ 0x8, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '__unnamed_1438' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_143c' : [ 0x4, {
+    'PowerSequence' : [ 0x0, ['pointer', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1444' : [ 0x10, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x8, ['_POWER_STATE']],
+    'ShutdownType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_1448' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x4, ['pointer', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_144a' : [ 0x10, {
+    'ProviderId' : [ 0x0, ['unsigned long']],
+    'DataPath' : [ 0x4, ['pointer', ['void']]],
+    'BufferSize' : [ 0x8, ['unsigned long']],
+    'Buffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_144c' : [ 0x10, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_144e' : [ 0x10, {
+    'Create' : [ 0x0, ['__unnamed_13dd']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13e1']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13e5']],
+    'Read' : [ 0x0, ['__unnamed_13e7']],
+    'Write' : [ 0x0, ['__unnamed_13e7']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13eb']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13ed']],
+    'NotifyDirectoryEx' : [ 0x0, ['__unnamed_13f1']],
+    'QueryFile' : [ 0x0, ['__unnamed_13f3']],
+    'SetFile' : [ 0x0, ['__unnamed_13f5']],
+    'QueryEa' : [ 0x0, ['__unnamed_13f7']],
+    'SetEa' : [ 0x0, ['__unnamed_13f9']],
+    'QueryVolume' : [ 0x0, ['__unnamed_13fd']],
+    'SetVolume' : [ 0x0, ['__unnamed_13fd']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_13ff']],
+    'LockControl' : [ 0x0, ['__unnamed_1402']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1404']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1406']],
+    'SetSecurity' : [ 0x0, ['__unnamed_1408']],
+    'MountVolume' : [ 0x0, ['__unnamed_140c']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_140c']],
+    'Scsi' : [ 0x0, ['__unnamed_1410']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1414']],
+    'SetQuota' : [ 0x0, ['__unnamed_13f9']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1418']],
+    'QueryInterface' : [ 0x0, ['__unnamed_141c']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_1420']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1424']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1426']],
+    'SetLock' : [ 0x0, ['__unnamed_1428']],
+    'QueryId' : [ 0x0, ['__unnamed_142c']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_1430']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1434']],
+    'WaitWake' : [ 0x0, ['__unnamed_1438']],
+    'PowerSequence' : [ 0x0, ['__unnamed_143c']],
+    'Power' : [ 0x0, ['__unnamed_1444']],
+    'StartDevice' : [ 0x0, ['__unnamed_1448']],
+    'WMI' : [ 0x0, ['__unnamed_144a']],
+    'Others' : [ 0x0, ['__unnamed_144c']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x24, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x4, ['__unnamed_144e']],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_1464' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x14, ['pointer', ['_IRP']]],
+    'Timer' : [ 0x18, ['pointer', ['_IO_TIMER']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Characteristics' : [ 0x20, ['unsigned long']],
+    'Vpb' : [ 0x24, ['pointer', ['_VPB']]],
+    'DeviceExtension' : [ 0x28, ['pointer', ['void']]],
+    'DeviceType' : [ 0x2c, ['unsigned long']],
+    'StackSize' : [ 0x30, ['unsigned char']],
+    'Queue' : [ 0x34, ['__unnamed_1464']],
+    'AlignmentRequirement' : [ 0x5c, ['unsigned long']],
+    'DeviceQueue' : [ 0x60, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0x74, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x94, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x98, ['pointer', ['void']]],
+    'DeviceLock' : [ 0x9c, ['_KEVENT']],
+    'SectorSize' : [ 0xac, ['unsigned short']],
+    'Spare1' : [ 0xae, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0xb0, ['pointer', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0xb4, ['pointer', ['void']]],
+} ],
+  '_KDPC' : [ 0x20, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x8, ['unsigned long']],
+    'DeferredRoutine' : [ 0xc, ['pointer', ['void']]],
+    'DeferredContext' : [ 0x10, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x14, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x18, ['pointer', ['void']]],
+    'DpcData' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x14, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x4, ['pointer', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x8, ['pointer', ['void']]],
+    'TxnParameters' : [ 0xc, ['pointer', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x10, ['pointer', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x3a0, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x20, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0x60, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0x68, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0x78, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0x80, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0x88, ['unsigned long']],
+    'TotalProcesses' : [ 0x8c, ['unsigned long']],
+    'ActiveProcesses' : [ 0x90, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0x94, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0x98, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xa0, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xa8, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0xac, ['unsigned long']],
+    'LimitFlags' : [ 0xb0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xb4, ['unsigned long']],
+    'Affinity' : [ 0xb8, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0xc4, ['pointer', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0xc8, ['pointer', ['void']]],
+    'UIRestrictionsClass' : [ 0xcc, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0xd0, ['unsigned long']],
+    'CompletionPort' : [ 0xd4, ['pointer', ['void']]],
+    'CompletionKey' : [ 0xd8, ['pointer', ['void']]],
+    'CompletionCount' : [ 0xe0, ['unsigned long long']],
+    'SessionId' : [ 0xe8, ['unsigned long']],
+    'SchedulingClass' : [ 0xec, ['unsigned long']],
+    'ReadOperationCount' : [ 0xf0, ['unsigned long long']],
+    'WriteOperationCount' : [ 0xf8, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x100, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x108, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x110, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x118, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x120, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x148, ['unsigned long']],
+    'JobMemoryLimit' : [ 0x14c, ['unsigned long']],
+    'JobTotalMemoryLimit' : [ 0x150, ['unsigned long']],
+    'PeakProcessMemoryUsed' : [ 0x154, ['unsigned long']],
+    'PeakJobMemoryUsed' : [ 0x158, ['unsigned long']],
+    'EffectiveAffinity' : [ 0x15c, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x168, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x170, ['unsigned long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x174, ['unsigned long']],
+    'EffectiveProcessMemoryLimit' : [ 0x178, ['unsigned long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x17c, ['pointer', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x180, ['pointer', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x184, ['pointer', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x188, ['pointer', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x18c, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x190, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x194, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x198, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x19c, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x1a0, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x1a4, ['unsigned char']],
+    'PriorityClass' : [ 0x1a5, ['unsigned char']],
+    'NestingDepth' : [ 0x1a6, ['unsigned char']],
+    'Reserved1' : [ 0x1a7, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x1a8, ['unsigned long']],
+    'WakeChannel' : [ 0x1b0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x1b0, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x1f8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x200, ['unsigned long']],
+    'NotificationLink' : [ 0x204, ['pointer', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x208, ['unsigned long long']],
+    'NotificationInfo' : [ 0x210, ['pointer', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x214, ['pointer', ['void']]],
+    'NotificationPacket' : [ 0x218, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x21c, ['pointer', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x220, ['pointer', ['void']]],
+    'ReadyTime' : [ 0x228, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x230, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x234, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x23c, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x244, ['pointer', ['_EJOB']]],
+    'RootJob' : [ 0x248, ['pointer', ['_EJOB']]],
+    'IteratorListHead' : [ 0x24c, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x254, ['unsigned long']],
+    'Ancestors' : [ 0x258, ['pointer', ['pointer', ['_EJOB']]]],
+    'SessionObject' : [ 0x258, ['pointer', ['void']]],
+    'Accounting' : [ 0x260, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x2b8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x2bc, ['unsigned long']],
+    'SequenceNumber' : [ 0x2c0, ['unsigned long']],
+    'JobId' : [ 0x2c4, ['unsigned long']],
+    'ContainerId' : [ 0x2c8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x2d8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x2e8, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x2ec, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x2f8, ['pointer', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x2fc, ['pointer', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x300, ['unsigned long']],
+    'CloseDone' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x300, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x300, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x300, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x304, ['unsigned long']],
+    'ParentLocked' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x308, ['pointer', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x30c, ['unsigned long']],
+    'DiskIoAttributionUserRefCount' : [ 0x310, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x314, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x318, ['pointer', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x318, ['pointer', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x31c, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x330, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x34c, ['long']],
+    'VolumeIoControlTree' : [ 0x350, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x358, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x360, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x364, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x368, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x36c, ['unsigned long']],
+    'LastThrottledIoTime' : [ 0x370, ['unsigned long long']],
+    'IoControlLock' : [ 0x378, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x37c, ['unsigned long']],
+    'RundownWorkItem' : [ 0x380, ['_WORK_QUEUE_ITEM']],
+    'PartitionObject' : [ 0x390, ['pointer', ['void']]],
+    'PartitionOwnerJob' : [ 0x394, ['pointer', ['_EJOB']]],
+    'EnergyTrackingState' : [ 0x398, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MDL']]],
+    'Size' : [ 0x4, ['short']],
+    'MdlFlags' : [ 0x6, ['short']],
+    'Process' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0xc, ['pointer', ['void']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'ByteCount' : [ 0x14, ['unsigned long']],
+    'ByteOffset' : [ 0x18, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x68, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x5c, ['pointer', ['void']]],
+    'UserContext' : [ 0x60, ['pointer', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0x80, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x8, ['pointer', ['_VPB']]],
+    'FsContext' : [ 0xc, ['pointer', ['void']]],
+    'FsContext2' : [ 0x10, ['pointer', ['void']]],
+    'SectionObjectPointer' : [ 0x14, ['pointer', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x18, ['pointer', ['void']]],
+    'FinalStatus' : [ 0x1c, ['long']],
+    'RelatedFileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x24, ['unsigned char']],
+    'DeletePending' : [ 0x25, ['unsigned char']],
+    'ReadAccess' : [ 0x26, ['unsigned char']],
+    'WriteAccess' : [ 0x27, ['unsigned char']],
+    'DeleteAccess' : [ 0x28, ['unsigned char']],
+    'SharedRead' : [ 0x29, ['unsigned char']],
+    'SharedWrite' : [ 0x2a, ['unsigned char']],
+    'SharedDelete' : [ 0x2b, ['unsigned char']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x40, ['unsigned long']],
+    'Busy' : [ 0x44, ['unsigned long']],
+    'LastLock' : [ 0x48, ['pointer', ['void']]],
+    'Lock' : [ 0x4c, ['_KEVENT']],
+    'Event' : [ 0x5c, ['_KEVENT']],
+    'CompletionContext' : [ 0x6c, ['pointer', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0x70, ['unsigned long']],
+    'IrpList' : [ 0x74, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x4, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x38, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0x8, ['unsigned long']],
+    'CurrentFileIndex' : [ 0x8, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+    'FirstFileEntry' : [ 0x28, ['pointer', ['unsigned long']]],
+    'Process' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer', ['unsigned long']]],
+    'LastPageFrameEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+} ],
+  '_MCUPDATE_INFO' : [ 0x28, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'Status' : [ 0x8, ['unsigned long']],
+    'Id' : [ 0x10, ['unsigned long long']],
+    'VendorScratch' : [ 0x18, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x1b0, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY' : [ 0x20, {
+    'Header' : [ 0x0, ['_WHEA_EVENT_LOG_ENTRY_HEADER']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_FLAGS' : [ 0x4, {
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0xc, ['pointer', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x10, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x28, ['pointer', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x2c, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x38, ['pointer', ['pointer', ['void']]]],
+    'Oplock' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedForRemote' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedContext' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_iobuf' : [ 0x20, {
+    '_ptr' : [ 0x0, ['pointer', ['unsigned char']]],
+    '_cnt' : [ 0x4, ['long']],
+    '_base' : [ 0x8, ['pointer', ['unsigned char']]],
+    '_flag' : [ 0xc, ['long']],
+    '_file' : [ 0x10, ['long']],
+    '_charbuf' : [ 0x14, ['long']],
+    '_bufsiz' : [ 0x18, ['long']],
+    '_tmpfname' : [ 0x1c, ['pointer', ['unsigned char']]],
+} ],
+  '_RTL_HASH_TABLE' : [ 0xc, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x8, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0xc, {
+    'Hash' : [ 0x0, ['pointer', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x4, ['pointer', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x10, {
+    'Table' : [ 0x0, ['pointer', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x4, ['unsigned long']],
+    'EntryMax' : [ 0x8, ['unsigned long']],
+    'EntryCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x4, {
+    'Key' : [ 0x0, ['unsigned long']],
+} ],
+  '_TlgProvider_t' : [ 0x28, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x4, ['pointer', ['unsigned short']]],
+    'KeywordAny' : [ 0x8, ['unsigned long long']],
+    'KeywordAll' : [ 0x10, ['unsigned long long']],
+    'RegHandle' : [ 0x18, ['unsigned long long']],
+    'EnableCallback' : [ 0x20, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  'wil_details_FeaturePropertyCache' : [ 0x4, {
+    'cache' : [ 0x0, ['wil_details_FeatureProperties']],
+    'variant' : [ 0x0, ['wil_details_VariantProperties']],
+    'var' : [ 0x0, ['long']],
+} ],
+  'wil_details_SetPropertyFlagContext' : [ 0xc, {
+    'result' : [ 0x0, ['pointer', ['wil_details_RecordUsageResult']]],
+    'flags' : [ 0x4, ['unsigned long']],
+    'ignoreReporting' : [ 0x8, ['long']],
+} ],
+  'wil_details_RecordUsageResult' : [ 0x18, {
+    'queueBackground' : [ 0x0, ['long']],
+    'countImmediate' : [ 0x4, ['unsigned long']],
+    'kindImmediate' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_ServiceReportingKind_UniqueUsage', 1: u'wil_details_ServiceReportingKind_UniqueOpportunity', 2: u'wil_details_ServiceReportingKind_DeviceUsage', 3: u'wil_details_ServiceReportingKind_DeviceOpportunity', 4: u'wil_details_ServiceReportingKind_PotentialUniqueUsage', 5: u'wil_details_ServiceReportingKind_PotentialUniqueOpportunity', 6: u'wil_details_ServiceReportingKind_PotentialDeviceUsage', 7: u'wil_details_ServiceReportingKind_PotentialDeviceOpportunity', 8: u'wil_details_ServiceReportingKind_EnabledTotalDuration', 9: u'wil_details_ServiceReportingKind_EnabledPausedDuration', 10: u'wil_details_ServiceReportingKind_DisabledTotalDuration', 11: u'wil_details_ServiceReportingKind_DisabledPausedDuration', 256: u'wil_details_ServiceReportingKind_VariantDevicePotentialBase', 320: u'wil_details_ServiceReportingKind_VariantDeviceUsageBase', 384: u'wil_details_ServiceReportingKind_VariantUniquePotentialBase', 448: u'wil_details_ServiceReportingKind_VariantUniqueUsageBase', 150: u'wil_details_ServiceReportingKind_CustomDisabledBase', 100: u'wil_details_ServiceReportingKind_CustomEnabledBase', 254: u'wil_details_ServiceReportingKind_Store', 255: u'wil_details_ServiceReportingKind_None'})]],
+    'payloadId' : [ 0xc, ['unsigned long']],
+    'ignoredUse' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_SetPropertyCacheUsageContext' : [ 0xc, {
+    'result' : [ 0x0, ['pointer', ['wil_details_RecordUsageResult']]],
+    'kind' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_ServiceReportingKind_UniqueUsage', 1: u'wil_details_ServiceReportingKind_UniqueOpportunity', 2: u'wil_details_ServiceReportingKind_DeviceUsage', 3: u'wil_details_ServiceReportingKind_DeviceOpportunity', 4: u'wil_details_ServiceReportingKind_PotentialUniqueUsage', 5: u'wil_details_ServiceReportingKind_PotentialUniqueOpportunity', 6: u'wil_details_ServiceReportingKind_PotentialDeviceUsage', 7: u'wil_details_ServiceReportingKind_PotentialDeviceOpportunity', 8: u'wil_details_ServiceReportingKind_EnabledTotalDuration', 9: u'wil_details_ServiceReportingKind_EnabledPausedDuration', 10: u'wil_details_ServiceReportingKind_DisabledTotalDuration', 11: u'wil_details_ServiceReportingKind_DisabledPausedDuration', 256: u'wil_details_ServiceReportingKind_VariantDevicePotentialBase', 320: u'wil_details_ServiceReportingKind_VariantDeviceUsageBase', 384: u'wil_details_ServiceReportingKind_VariantUniquePotentialBase', 448: u'wil_details_ServiceReportingKind_VariantUniqueUsageBase', 150: u'wil_details_ServiceReportingKind_CustomDisabledBase', 100: u'wil_details_ServiceReportingKind_CustomEnabledBase', 254: u'wil_details_ServiceReportingKind_Store', 255: u'wil_details_ServiceReportingKind_None'})]],
+    'addend' : [ 0x8, ['unsigned long']],
+} ],
+  'FEATURE_ERROR' : [ 0x38, {
+    'hr' : [ 0x0, ['unsigned long']],
+    'lineNumber' : [ 0x4, ['unsigned short']],
+    'file' : [ 0x8, ['pointer', ['unsigned char']]],
+    'process' : [ 0xc, ['pointer', ['unsigned char']]],
+    'modulePath' : [ 0x10, ['pointer', ['unsigned char']]],
+    'callerReturnAddressOffset' : [ 0x14, ['unsigned long']],
+    'callerModule' : [ 0x18, ['pointer', ['unsigned char']]],
+    'message' : [ 0x1c, ['pointer', ['unsigned char']]],
+    'originLineNumber' : [ 0x20, ['unsigned short']],
+    'originFile' : [ 0x24, ['pointer', ['unsigned char']]],
+    'originModule' : [ 0x28, ['pointer', ['unsigned char']]],
+    'originCallerReturnAddressOffset' : [ 0x2c, ['unsigned long']],
+    'originCallerModule' : [ 0x30, ['pointer', ['unsigned char']]],
+    'originName' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  'FEATURE_LOGGED_TRAITS' : [ 0x6, {
+    'version' : [ 0x0, ['unsigned short']],
+    'baseVersion' : [ 0x2, ['unsigned short']],
+    'stage' : [ 0x4, ['unsigned char']],
+} ],
+  'wil_details_FeatureVariantPropertyCache' : [ 0x8, {
+    'propertyCache' : [ 0x0, ['wil_details_FeaturePropertyCache']],
+    'payloadId' : [ 0x4, ['unsigned long']],
+} ],
+  'wil_details_StagingConfigFeature' : [ 0xc, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'changedInSession' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'unused1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned long')]],
+    'serviceState' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 10, native_type='unsigned long')]],
+    'userState' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'testState' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 14, native_type='unsigned long')]],
+    'unused2' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned long')]],
+    'unused3' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'variant' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'payloadKind' : [ 0x4, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+    'payload' : [ 0x8, ['unsigned long']],
+} ],
+  'wil_details_StagingConfig' : [ 0x34, {
+    'store' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureStore_Machine', 1: u'wil_FeatureStore_User', 2: u'wil_FeatureStore_All'})]],
+    'forUpdate' : [ 0x4, ['long']],
+    'readChangeStamp' : [ 0x8, ['unsigned long']],
+    'readVersion' : [ 0xc, ['unsigned char']],
+    'modified' : [ 0x10, ['long']],
+    'header' : [ 0x14, ['pointer', ['wil_details_StagingConfigHeader']]],
+    'features' : [ 0x18, ['pointer', ['wil_details_StagingConfigFeature']]],
+    'triggers' : [ 0x1c, ['pointer', ['wil_details_StagingConfigUsageTrigger']]],
+    'changedInSession' : [ 0x20, ['long']],
+    'buffer' : [ 0x24, ['pointer', ['void']]],
+    'bufferSize' : [ 0x28, ['unsigned long']],
+    'bufferAlloc' : [ 0x2c, ['unsigned long']],
+    'bufferOwned' : [ 0x30, ['long']],
+} ],
+  'wil_details_StagingConfigHeader' : [ 0x10, {
+    'version' : [ 0x0, ['unsigned char']],
+    'versionMinor' : [ 0x1, ['unsigned char']],
+    'headerSizeBytes' : [ 0x2, ['unsigned short']],
+    'featureCount' : [ 0x4, ['unsigned short']],
+    'featureUsageTriggerCount' : [ 0x6, ['unsigned short']],
+    'sessionProperties' : [ 0x8, ['wil_details_StagingConfigHeaderProperties']],
+    'properties' : [ 0xc, ['wil_details_StagingConfigHeaderProperties']],
+} ],
+  'wil_details_StagingConfigUsageTrigger' : [ 0x10, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'trigger' : [ 0x4, ['wil_details_StagingConfigWnfStateName']],
+    'serviceReportingKind' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'unused' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_details_StagingConfigHeaderProperties' : [ 0x4, {
+    'ignoreServiceState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ignoreUserState' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ignoreTestState' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ignoreVariants' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_FeatureState' : [ 0x18, {
+    'enabledState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0x4, ['unsigned char']],
+    'payloadKind' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureVariantPayloadKind_None', 1: u'wil_FeatureVariantPayloadKind_Resident', 2: u'wil_FeatureVariantPayloadKind_External'})]],
+    'payload' : [ 0xc, ['unsigned long']],
+    'hasNotification' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_FeatureTestState' : [ 0x18, {
+    'kind' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_FeatureTestStateKind_EnabledState', 1: u'wil_details_FeatureTestStateKind_Variant'})]],
+    'featureId' : [ 0x4, ['unsigned long']],
+    'state' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0xc, ['unsigned char']],
+    'payload' : [ 0x10, ['unsigned long']],
+    'next' : [ 0x14, ['pointer', ['wil_details_FeatureTestState']]],
+} ],
+  '__WIL__WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_wil_details_UsageSubscriptionData' : [ 0x8, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'serviceReportingKind' : [ 0x4, ['unsigned short']],
+} ],
+  '__unnamed_17dc' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'HighLow' : [ 0x0, ['_MMPTE_HIGHLOW']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_17dc']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0xc, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x4, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0x8, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x8, ['pointer', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'ReservedLowFlags' : [ 0xe, ['unsigned char']],
+    'WaiterPriority' : [ 0xf, ['unsigned char']],
+    'SharedWaiters' : [ 0x10, ['pointer', ['void']]],
+    'ExclusiveWaiters' : [ 0x14, ['pointer', ['void']]],
+    'OwnerEntry' : [ 0x18, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0xc, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x14, {
+    'Total' : [ 0x0, ['unsigned long']],
+    'ListName' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x8, ['unsigned long']],
+    'Blink' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x30, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0xc, ['pointer', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x10, ['pointer', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x14, ['unsigned long']],
+    'NumberOfReferences' : [ 0x18, ['unsigned long']],
+    'CloneHeader' : [ 0x1c, ['pointer', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x20, ['unsigned long']],
+    'DeleteList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'NestingLevel' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_181e' : [ 0x4, {
+    'NextSlistPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x0, ['_MI_ACTIVE_PFN']],
+} ],
+  '__unnamed_1823' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_1825' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1827' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_1823']],
+    'e4' : [ 0x0, ['__unnamed_1825']],
+} ],
+  '__unnamed_182c' : [ 0x4, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 27, native_type='unsigned long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPFN' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_181e']],
+    'PteAddress' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PteLong' : [ 0x4, ['unsigned long']],
+    'OriginalPte' : [ 0x8, ['_MMPTE']],
+    'u2' : [ 0x10, ['_MIPFNBLINK']],
+    'u3' : [ 0x14, ['__unnamed_1827']],
+    'u4' : [ 0x18, ['__unnamed_182c']],
+} ],
+  '__unnamed_1837' : [ 0x4, {
+    'ImageCommitment' : [ 0x0, ['unsigned long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_183b' : [ 0x4, {
+    'ImageInformation' : [ 0x0, ['pointer', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x20, ['__unnamed_1837']],
+    'u2' : [ 0x24, ['__unnamed_183b']],
+    'PrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_1840' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_1848' : [ 0xc, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'LargePage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AweSection' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 21, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ImageBaseOkToReuse' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_184a' : [ 0xc, {
+    'e2' : [ 0x0, ['__unnamed_1848']],
+} ],
+  '__unnamed_184f' : [ 0x4, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 20, native_type='unsigned long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x50, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'ListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'AweContext' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfSectionReferences' : [ 0xc, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x10, ['unsigned long']],
+    'NumberOfMappedViews' : [ 0x14, ['unsigned long']],
+    'NumberOfUserReferences' : [ 0x18, ['unsigned long']],
+    'u' : [ 0x1c, ['__unnamed_1840']],
+    'FilePointer' : [ 0x20, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x24, ['long']],
+    'ModifiedWriteCount' : [ 0x28, ['unsigned long']],
+    'WaitList' : [ 0x2c, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x30, ['__unnamed_184a']],
+    'FileObjectLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x40, ['unsigned long long']],
+    'u3' : [ 0x48, ['__unnamed_184f']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x34, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'BasePte' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'VaType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSpecialPoolNonPaged', 14: u'MiVaSystemPtesLarge', 15: u'MiVaKernelStacks', 16: u'MiVaMaximumType'})]],
+    'FailureCount' : [ 0x14, ['pointer', ['unsigned long']]],
+    'PteFailures' : [ 0x18, ['unsigned long']],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'GlobalPushLock' : [ 0x1c, ['pointer', ['_EX_PUSH_LOCK']]],
+    'TotalSystemPtes' : [ 0x20, ['unsigned long']],
+    'Hint' : [ 0x24, ['unsigned long']],
+    'LowestBitEverAllocated' : [ 0x28, ['unsigned long']],
+    'CachedPtes' : [ 0x2c, ['pointer', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x30, ['unsigned long']],
+} ],
+  '__unnamed_186e' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+    'VolatileVadLong' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1871' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x28, {
+    'NextVad' : [ 0x0, ['pointer', ['_MMVAD_SHORT']]],
+    'ExtraCreateInfo' : [ 0x4, ['pointer', ['void']]],
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x1c, ['__unnamed_186e']],
+    'u1' : [ 0x20, ['__unnamed_1871']],
+    'EventList' : [ 0x24, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x4, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 28, native_type='unsigned long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireKey' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PARTITION' : [ 0x1c40, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0xe8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x2b8, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x340, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x540, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0xe80, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0xf00, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0xf40, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x1018, ['pointer', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x101c, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'Vp' : [ 0x1040, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_EPARTITION' : [ 0x40, {
+    'MmPartition' : [ 0x0, ['pointer', ['void']]],
+    'CcPartition' : [ 0x4, ['pointer', ['void']]],
+    'ExPartition' : [ 0x8, ['pointer', ['void']]],
+    'HardReferenceCount' : [ 0xc, ['long']],
+    'OpenHandleCount' : [ 0x10, ['long']],
+    'ActivePartitionLinks' : [ 0x14, ['_LIST_ENTRY']],
+    'ParentPartition' : [ 0x1c, ['pointer', ['_EPARTITION']]],
+    'TeardownWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'TeardownLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'SystemProcess' : [ 0x34, ['pointer', ['_EPROCESS']]],
+    'SystemProcessHandle' : [ 0x38, ['pointer', ['void']]],
+    'PartitionFlags' : [ 0x3c, ['unsigned long']],
+    'PairedWithJob' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '_MI_IMAGE_LOAD_CONFIG' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'CfgAlignmentBias' : [ 0x4, ['unsigned long']],
+    'RvaList' : [ 0x8, ['pointer', ['_RTL_RVA_LIST']]],
+    'RetpolineRelocations' : [ 0xc, ['pointer', ['_MI_RETPOLINE_RELOCATION_INFORMATION']]],
+} ],
+  '__unnamed_18a0' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_18a5' : [ 0x4, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x4c, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x28, ['__unnamed_18a0']],
+    'Subsection' : [ 0x2c, ['pointer', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x30, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x34, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x38, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x40, ['pointer', ['_EPROCESS']]],
+    'u4' : [ 0x44, ['__unnamed_18a5']],
+    'FileObject' : [ 0x48, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+    'SecureInfo' : [ 0x4, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x4, ['_RTL_BITMAP']],
+    'InPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x4, ['_MI_LARGEPAGE_IMAGE_INFO']],
+    'CreatingThread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'PebTeb' : [ 0x4, ['_MI_SUB64K_FREE_RANGES']],
+    'PlaceholderVad' : [ 0x4, ['pointer', ['_MMVAD_SHORT']]],
+    'WaitReason' : [ 0x24, ['unsigned long']],
+} ],
+  '_HHIVE' : [ 0x400, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x4, ['pointer', ['void']]],
+    'ReleaseCellRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Allocate' : [ 0xc, ['pointer', ['void']]],
+    'Free' : [ 0x10, ['pointer', ['void']]],
+    'FileWrite' : [ 0x14, ['pointer', ['void']]],
+    'FileRead' : [ 0x18, ['pointer', ['void']]],
+    'HiveLoadFailure' : [ 0x1c, ['pointer', ['void']]],
+    'BaseBlock' : [ 0x20, ['pointer', ['_HBASE_BLOCK']]],
+    'FlusherLock' : [ 0x24, ['_CMSI_RW_LOCK']],
+    'WriterLock' : [ 0x28, ['_CMSI_RW_LOCK']],
+    'DirtyVector' : [ 0x2c, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x34, ['unsigned long']],
+    'DirtyAlloc' : [ 0x38, ['unsigned long']],
+    'UnreconciledVector' : [ 0x3c, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x44, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x48, ['unsigned long']],
+    'Cluster' : [ 0x4c, ['unsigned long']],
+    'Flat' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x51, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x54, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x58, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x5c, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x60, ['unsigned long']],
+    'HiveFlags' : [ 0x64, ['unsigned long']],
+    'CurrentLog' : [ 0x68, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x6c, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x70, ['unsigned long']],
+    'CurrentLogOffset' : [ 0x74, ['unsigned long']],
+    'MinimumLogSequence' : [ 0x78, ['unsigned long']],
+    'LogFileSizeCap' : [ 0x7c, ['unsigned long']],
+    'LogDataPresent' : [ 0x80, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0x82, ['unsigned char']],
+    'BaseBlockDirty' : [ 0x83, ['unsigned char']],
+    'LastLogSwapTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0x90, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0x90, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0x90, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0x90, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0x90, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0x90, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0x92, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0x94, ['unsigned long']],
+    'StorageTypeCount' : [ 0x98, ['unsigned long']],
+    'Version' : [ 0x9c, ['unsigned long']],
+    'ViewMap' : [ 0xa0, ['_HVP_VIEW_MAP']],
+    'Storage' : [ 0xc8, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0xb0, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'PrivateAlloc' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SpareExtFlag' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0xc, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0x14, ['unsigned long']],
+    'KcbPushlock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x1c, ['pointer', ['_KTHREAD']]],
+    'SharedCount' : [ 0x1c, ['long']],
+    'DelayedDeref' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x20, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x20, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x21, ['unsigned char']],
+    'LayerHeight' : [ 0x22, ['short']],
+    'ParentKcb' : [ 0x24, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x28, ['pointer', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x2c, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueCache' : [ 0x30, ['_CACHED_CHILD_LIST']],
+    'IndexHint' : [ 0x38, ['pointer', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x38, ['unsigned long']],
+    'SubKeyCount' : [ 0x38, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x3c, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x3c, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x44, ['array', 4, ['pointer', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0x60, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0x62, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0x64, ['unsigned long']],
+    'KcbUserFlags' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'LayerInfo' : [ 0x6c, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'KCBUoWListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'Stolen' : [ 0x78, ['pointer', ['unsigned char']]],
+    'TransKCBOwner' : [ 0x80, ['pointer', ['_CM_TRANS']]],
+    'KCBLock' : [ 0x84, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x8c, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x94, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x9c, ['pointer', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0xa0, ['pointer', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0xa0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0xa0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0xa8, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x8, ['pointer', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0xc, ['pointer', ['void']]],
+    'KeyBodyList' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x18, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x20, ['pointer', ['_GUID']]],
+    'ContextListHead' : [ 0x24, ['_LIST_ENTRY']],
+    'EnumerationResumeContext' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x10, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x4, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0xc, ['unsigned short']],
+    'Name' : [ 0xe, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x10, {
+    'ClientToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x8, ['pointer', ['void']]],
+    'ProcessAuditId' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_CMHIVE' : [ 0xc00, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x400, ['array', 6, ['pointer', ['void']]]],
+    'NotifyList' : [ 0x418, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x420, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x428, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x430, ['_EX_RUNDOWN_REF']],
+    'KcbCacheTable' : [ 0x434, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x438, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x43c, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x440, ['unsigned long']],
+    'Identity' : [ 0x444, ['unsigned long']],
+    'HiveLock' : [ 0x448, ['_CMSI_RW_LOCK']],
+    'FlushDirtyVector' : [ 0x44c, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x454, ['unsigned long']],
+    'FlushLogEntry' : [ 0x458, ['pointer', ['unsigned char']]],
+    'FlushLogEntrySize' : [ 0x45c, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x460, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x464, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x468, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x470, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x474, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x478, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x47c, ['pointer', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x480, ['_EX_PUSH_LOCK']],
+    'LastShrinkHiveSize' : [ 0x484, ['unsigned long']],
+    'ActualFileSize' : [ 0x488, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x490, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x4a0, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x4a8, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x4b0, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x4b8, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x4bc, ['unsigned long']],
+    'SecurityHitHint' : [ 0x4c0, ['long']],
+    'SecurityCache' : [ 0x4c4, ['pointer', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x4c8, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0x6c8, ['unsigned long']],
+    'UnloadEventArray' : [ 0x6cc, ['pointer', ['pointer', ['_KEVENT']]]],
+    'RootKcb' : [ 0x6d0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x6d4, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x6d8, ['pointer', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x6dc, ['_CM_WORKITEM']],
+    'DirtyVectorLog' : [ 0x6f0, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x978, ['unsigned long']],
+    'TrustClassEntry' : [ 0x97c, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x988, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x990, ['unsigned long long']],
+    'CmRm' : [ 0x998, ['pointer', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x99c, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x9a0, ['long']],
+    'CreatorOwner' : [ 0x9a4, ['pointer', ['_KTHREAD']]],
+    'RundownThread' : [ 0x9a8, ['pointer', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x9b0, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x9b8, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x9c4, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x9d0, ['unsigned long']],
+    'FlushActive' : [ 0x9d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReconcileActive' : [ 0x9d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFilePurged' : [ 0x9d0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x9d0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x9d4, ['unsigned long']],
+    'ReferenceCount' : [ 0x9d8, ['long']],
+    'UnloadHistoryIndex' : [ 0x9dc, ['long']],
+    'UnloadHistory' : [ 0x9e0, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0xbe0, ['unsigned long']],
+    'UnaccessedStart' : [ 0xbe4, ['unsigned long']],
+    'UnaccessedEnd' : [ 0xbe8, ['unsigned long']],
+    'LoadedKeyCount' : [ 0xbec, ['unsigned long']],
+    'HandleClosePending' : [ 0xbf0, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0xbf4, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0xbf8, ['unsigned char']],
+    'VolumeContext' : [ 0xbfc, ['pointer', ['_CMP_VOLUME_CONTEXT']]],
+} ],
+  '__unnamed_1946' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmCreateHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread', 23: u'_CmpCheckLeaf', 24: u'_HvHiveStartFileBacked', 25: u'_HvStartHiveMemoryBacked', 26: u'_HvpEnlistFreeCells', 27: u'_HvpPerformLogFileRecovery'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1949' : [ 0xc, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x4, ['pointer', ['void']]],
+    'Status' : [ 0x8, ['long']],
+} ],
+  '__unnamed_194b' : [ 0x4, {
+    'CheckStack' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_194d' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x4, ['pointer', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x8, ['pointer', ['void']]],
+    'Index' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_194f' : [ 0x10, {
+    'List' : [ 0x0, ['pointer', ['_CELL_DATA']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Cell' : [ 0x8, ['unsigned long']],
+    'CellPoint' : [ 0xc, ['pointer', ['_CELL_DATA']]],
+} ],
+  '__unnamed_1953' : [ 0xc, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer', ['_HBIN']]],
+} ],
+  '__unnamed_1957' : [ 0x8, {
+    'Bin' : [ 0x0, ['pointer', ['_HBIN']]],
+    'CellPoint' : [ 0x4, ['pointer', ['_HCELL']]],
+} ],
+  '__unnamed_1959' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x11c, {
+    'Hive' : [ 0x0, ['pointer', ['_HHIVE']]],
+    'Index' : [ 0x4, ['unsigned short']],
+    'RecoverableIndex' : [ 0x6, ['unsigned short']],
+    'Locations' : [ 0x8, ['array', 8, ['__unnamed_1946']]],
+    'RecoverableLocations' : [ 0x68, ['array', 8, ['__unnamed_1946']]],
+    'RegistryIO' : [ 0xc8, ['__unnamed_1949']],
+    'CheckRegistry2' : [ 0xd4, ['__unnamed_194b']],
+    'CheckKey' : [ 0xd8, ['__unnamed_194d']],
+    'CheckValueList' : [ 0xe8, ['__unnamed_194f']],
+    'CheckHive' : [ 0xf8, ['__unnamed_1953']],
+    'CheckHive1' : [ 0x104, ['__unnamed_1953']],
+    'CheckBin' : [ 0x110, ['__unnamed_1957']],
+    'RecoverData' : [ 0x118, ['__unnamed_1959']],
+} ],
+  '_CM_KCB_UOW' : [ 0x40, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x8, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0xc, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x18, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x1c, ['pointer', ['_CM_TRANS']]],
+    'UoWState' : [ 0x20, ['unsigned long']],
+    'ActionType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ParentUoW' : [ 0x2c, ['pointer', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x30, ['unsigned long']],
+    'OldValueCell' : [ 0x30, ['unsigned long']],
+    'NewValueCell' : [ 0x34, ['unsigned long']],
+    'UserFlags' : [ 0x30, ['unsigned long']],
+    'LastWriteTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x34, ['unsigned long']],
+    'OldChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x34, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x34, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x38, ['pointer', ['void']]],
+    'SecurityData' : [ 0x38, ['pointer', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x38, ['pointer', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x38, ['pointer', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x3c, ['pointer', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x3c, ['pointer', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0x70, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x18, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x18, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x18, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x18, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x18, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x18, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x18, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x18, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x18, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x18, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x18, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x18, ['unsigned long']],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x20, ['pointer', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x24, ['pointer', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x28, ['pointer', ['void']]],
+    'KtmUow' : [ 0x2c, ['_GUID']],
+    'StartLsn' : [ 0x40, ['unsigned long long']],
+    'HiveCount' : [ 0x48, ['unsigned long']],
+    'HiveArray' : [ 0x4c, ['array', 8, ['pointer', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x8, ['unsigned long']],
+    'Counters' : [ 0xc, ['pointer', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x8, {
+    'Data' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['unsigned long']]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x175, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x176, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapData' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['unsigned long long']]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x281, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x282, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'UnalignedLoadStoreExceptions' : [ 0x2ed, ['unsigned char']],
+    'Padding1' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapData' : [ 0x17b0, ['unsigned long']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SyntheticTimeUnhaltedTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'S1DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LbrAvailable' : [ 0xc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'AccessRootSchedulerReg' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Isolation' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 55, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 55, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x1840, {
+    'TimerExpiry' : [ 0x0, ['array', 16, ['pointer', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x40, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Entry' : [ 0x4, ['_LIST_ENTRY']],
+    'Time' : [ 0x10, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x20, {
+    'Reserved1' : [ 0x0, ['long long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+    'Prev' : [ 0xc, ['pointer', ['_XSTATE_SAVE']]],
+    'Reserved3' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Thread' : [ 0x14, ['pointer', ['_KTHREAD']]],
+    'Reserved4' : [ 0x18, ['pointer', ['void']]],
+    'Level' : [ 0x1c, ['unsigned char']],
+    'XStateContext' : [ 0x0, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x140, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'ReadySummary' : [ 0x4, ['unsigned long']],
+    'ReadyListHead' : [ 0x8, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x108, ['array', 32, ['unsigned char']]],
+    'Span' : [ 0x128, ['unsigned char']],
+    'LowProcIndex' : [ 0x129, ['unsigned char']],
+    'QueueIndex' : [ 0x12a, ['unsigned char']],
+    'ProcCount' : [ 0x12b, ['unsigned char']],
+    'ScanOwner' : [ 0x12c, ['unsigned char']],
+    'Spare' : [ 0x12d, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x130, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x134, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KAFFINITY_EX' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0xc, {
+    'Affinity' : [ 0x0, ['pointer', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x4, ['unsigned long']],
+    'CurrentIndex' : [ 0x8, ['unsigned short']],
+} ],
+  '__unnamed_1a92' : [ 0x4, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1a94' : [ 0x4, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1a98' : [ 0x10, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0xc, ['pointer', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x1f4, {
+    'Sibling' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x2c, ['long']],
+    'FxRemoveEvent' : [ 0x30, ['_KEVENT']],
+    'FxActivationCount' : [ 0x40, ['long']],
+    'FxSleepCount' : [ 0x44, ['long']],
+    'Plugin' : [ 0x48, ['pointer', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x4c, ['unsigned long']],
+    'CurrentPowerState' : [ 0x50, ['_POWER_STATE']],
+    'Notify' : [ 0x54, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x90, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0xa0, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0xa8, ['unsigned long']],
+    'State' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0xb0, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0xb4, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x104, ['unsigned long']],
+    'CompletionStatus' : [ 0x108, ['long']],
+    'Flags' : [ 0x10c, ['unsigned long']],
+    'UserFlags' : [ 0x110, ['unsigned long']],
+    'Problem' : [ 0x114, ['unsigned long']],
+    'ProblemStatus' : [ 0x118, ['long']],
+    'ResourceList' : [ 0x11c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x120, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x124, ['pointer', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x128, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x130, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x134, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x138, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x13c, ['unsigned short']],
+    'RemovalPolicy' : [ 0x13e, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x13f, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x140, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x148, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x150, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x158, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x15a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x15c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x15e, ['unsigned short']],
+    'OverUsed1' : [ 0x160, ['__unnamed_1a92']],
+    'OverUsed2' : [ 0x164, ['__unnamed_1a94']],
+    'BootResources' : [ 0x168, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x16c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x170, ['unsigned long']],
+    'DockInfo' : [ 0x174, ['__unnamed_1a98']],
+    'DisableableDepends' : [ 0x184, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x188, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x190, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x198, ['unsigned long']],
+    'PreviousParent' : [ 0x19c, ['pointer', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x1a0, ['long']],
+    'NumaNodeIndex' : [ 0x1a4, ['unsigned long']],
+    'ContainerID' : [ 0x1a8, ['_GUID']],
+    'OverrideFlags' : [ 0x1b8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x1bc, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x1c0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x1c4, ['pointer', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x1c8, ['unsigned long']],
+    'RebalanceContext' : [ 0x1cc, ['pointer', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+    'IommuExtension' : [ 0x1d0, ['pointer', ['_DEVICE_NODE_IOMMU_EXTENSION']]],
+    'DirectedDripsState' : [ 0x1d4, ['_PO_DIRECTED_DRIPS_STATE']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x38, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x2c, ['pointer', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x30, ['pointer', ['unsigned long long']]],
+    'EnableLevel' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x2c, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x8, ['unsigned long']],
+    'CompletedList' : [ 0xc, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x14, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x28, ['unsigned long']],
+} ],
+  '_KSEMAPHORE' : [ 0x14, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x10, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x38, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x8, ['unsigned long']],
+    'Dope' : [ 0xc, ['pointer', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x10, ['unsigned long']],
+    'DeviceNode' : [ 0x14, ['pointer', ['void']]],
+    'AttachedTo' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x1c, ['long']],
+    'StartIoKey' : [ 0x20, ['long']],
+    'StartIoFlags' : [ 0x24, ['unsigned long']],
+    'Vpb' : [ 0x28, ['pointer', ['_VPB']]],
+    'DependencyNode' : [ 0x2c, ['pointer', ['void']]],
+    'InterruptContext' : [ 0x30, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0xc, {
+    'Mask' : [ 0x0, ['unsigned long']],
+    'Group' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['array', 3, ['unsigned short']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0xc, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x28, {
+    'PhysicalDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'AllocationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0xc, ['unsigned long']],
+    'Position' : [ 0x10, ['unsigned long']],
+    'ResourceRequirements' : [ 0x14, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x18, ['pointer', ['void']]],
+    'ResourceAssignment' : [ 0x1c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x20, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x24, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1b8f' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1b8f']],
+} ],
+  '__unnamed_1b96' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1b96']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_X86_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'ParameterBlockOffset' : [ 0xc, ['unsigned long']],
+    'ParameterBlockLength' : [ 0x10, ['unsigned long']],
+    'DataSetRangesOffset' : [ 0x14, ['unsigned long']],
+    'DataSetRangesLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_DATA_SET_RANGE' : [ 0x10, {
+    'StartingOffset' : [ 0x0, ['long long']],
+    'LengthInBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DEVICE_DSM_DEFINITION' : [ 0x1c, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'SingleRange' : [ 0x4, ['unsigned char']],
+    'ParameterBlockAlignment' : [ 0x8, ['unsigned long']],
+    'ParameterBlockLength' : [ 0xc, ['unsigned long']],
+    'HasOutput' : [ 0x10, ['unsigned char']],
+    'OutputBlockAlignment' : [ 0x14, ['unsigned long']],
+    'OutputBlockLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES_OUTPUT' : [ 0x24, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'OperationStatus' : [ 0xc, ['unsigned long']],
+    'ExtendedError' : [ 0x10, ['unsigned long']],
+    'TargetDetailedError' : [ 0x14, ['unsigned long']],
+    'ReservedStatus' : [ 0x18, ['unsigned long']],
+    'OutputBlockOffset' : [ 0x1c, ['unsigned long']],
+    'OutputBlockLength' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x14, ['pointer', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x30, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x1c, ['pointer', ['wchar']]],
+    'PinCount' : [ 0x20, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x22, ['unsigned char']],
+    'ResourceSourceName' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x28, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x20, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'SlaveAddress' : [ 0x1c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x18, ['unsigned long']],
+    'RxBufferSize' : [ 0x1c, ['unsigned short']],
+    'TxBufferSize' : [ 0x1e, ['unsigned short']],
+    'Parity' : [ 0x20, ['unsigned char']],
+    'LinesInUse' : [ 0x21, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'DataBitLength' : [ 0x1c, ['unsigned char']],
+    'Phase' : [ 0x1d, ['unsigned char']],
+    'Polarity' : [ 0x1e, ['unsigned char']],
+    'DeviceSelection' : [ 0x20, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x100, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x14, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x18, ['pointer', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x1c, ['pointer', ['void']]],
+    'Accounting' : [ 0x20, ['pointer', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'DeepSleepEnabled' : [ 0x24, ['unsigned char']],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_POP_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x218, {
+    'Name' : [ 0x0, ['pointer', ['wchar']]],
+    'Id' : [ 0x4, ['unsigned char']],
+    'Guid' : [ 0x8, ['_GUID']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Priority' : [ 0x1c, ['unsigned char']],
+    'Settings' : [ 0x20, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x1f0, ['unsigned long long']],
+    'Count' : [ 0x1f8, ['unsigned long long']],
+    'MaxDuration' : [ 0x200, ['unsigned long long']],
+    'MinDuration' : [ 0x208, ['unsigned long long']],
+    'TotalDuration' : [ 0x210, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xe8, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['array', 2, ['unsigned long']]],
+    'AutonomousActivityWindow' : [ 0x48, ['unsigned long']],
+    'AutonomousPreference' : [ 0x4c, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x4d, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4f, ['array', 2, ['unsigned char']]],
+    'ResponsivenessDisableThreshold' : [ 0x54, ['array', 2, ['unsigned long']]],
+    'ResponsivenessEnableThreshold' : [ 0x5c, ['array', 2, ['unsigned long']]],
+    'ResponsivenessDisableTime' : [ 0x64, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEnableTime' : [ 0x66, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEppCeiling' : [ 0x68, ['array', 2, ['unsigned long']]],
+    'ResponsivenessPerfFloor' : [ 0x70, ['array', 2, ['unsigned long']]],
+    'DutyCycling' : [ 0x78, ['unsigned char']],
+    'ParkingPerfState' : [ 0x79, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x7b, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x7c, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x7d, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x7e, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x7f, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x80, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x81, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x84, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x88, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x8c, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x8e, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x90, ['unsigned char']],
+    'IdleDisabled' : [ 0x91, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x94, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x98, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x99, ['unsigned char']],
+    'IdleStateMax' : [ 0x9a, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x9b, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x9c, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x9d, ['array', 32, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0xbd, ['array', 32, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xdd, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xde, ['unsigned char']],
+    'ThreadPolicies' : [ 0xe0, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuPolicyAll', 1: u'KHeteroCpuPolicyLarge', 2: u'KHeteroCpuPolicyLargeOrIdle', 3: u'KHeteroCpuPolicySmall', 4: u'KHeteroCpuPolicySmallOrIdle', 5: u'KHeteroCpuPolicyStaticMax', 6: u'KHeteroCpuPolicyBiasedSmall', 7: u'KHeteroCpuPolicyBiasedLarge', 8: u'KHeteroCpuPolicyDefault', 9: u'KHeteroCpuPolicyMax'})]]],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x2a0, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x1a4, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x1c0, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x1f0, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x1f4, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x1f8, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x1fc, ['pointer', ['void']]],
+    'HardErrorState' : [ 0x200, ['unsigned long']],
+    'WnfSiloState' : [ 0x208, ['_WNF_SILODRIVERSTATE']],
+    'DbgkSiloState' : [ 0x238, ['_DBGK_SILOSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x248, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x250, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x258, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x25c, ['pointer', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x260, ['unsigned char']],
+    'NtSystemRoot' : [ 0x264, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x26c, ['_UNICODE_STRING']],
+    'Storage' : [ 0x274, ['pointer', ['_PSP_STORAGE']]],
+    'State' : [ 0x278, ['Enumeration', dict(target = 'long', choices = {0: u'SERVERSILO_INITING', 1: u'SERVERSILO_STARTED', 2: u'SERVERSILO_SHUTTING_DOWN', 3: u'SERVERSILO_TERMINATING', 4: u'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x27c, ['long']],
+    'DeleteEvent' : [ 0x280, ['pointer', ['_KEVENT']]],
+    'UserSharedData' : [ 0x284, ['pointer', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x288, ['pointer', ['void']]],
+    'TerminateWorkItem' : [ 0x28c, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SIrpBlocked' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BlockFastResume' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DirectedPoweredDown' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DirectedTransitionInProgress' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x90, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x14, ['unsigned long']],
+    'LogHandleContext' : [ 0x18, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0x84, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0x88, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x180, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x28, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x30, ['array', 4, ['pointer', ['_VACB']]]],
+    'Vacbs' : [ 0x40, ['pointer', ['pointer', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x44, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x4c, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'Flags' : [ 0x60, ['unsigned long']],
+    'Status' : [ 0x64, ['long']],
+    'Mbcb' : [ 0x68, ['pointer', ['_MBCB']]],
+    'Section' : [ 0x6c, ['pointer', ['void']]],
+    'CreateEvent' : [ 0x70, ['pointer', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0x74, ['pointer', ['_KEVENT']]],
+    'PagesToWrite' : [ 0x78, ['unsigned long']],
+    'BeyondLastFlush' : [ 0x80, ['long long']],
+    'Callbacks' : [ 0x88, ['pointer', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0x8c, ['pointer', ['void']]],
+    'PrivateList' : [ 0x90, ['_LIST_ENTRY']],
+    'V1' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0xa0, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0xa8, ['unsigned long']],
+    'LazyWritePassCount' : [ 0xac, ['unsigned long']],
+    'UninitializeEvent' : [ 0xb0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0xb4, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0xd8, ['_LARGE_INTEGER']],
+    'Event' : [ 0xe0, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0xf8, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x160, ['pointer', ['void']]],
+    'VolumeCacheMap' : [ 0x164, ['pointer', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x168, ['unsigned long']],
+    'WritesInProgress' : [ 0x16c, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x170, ['unsigned long']],
+    'Partition' : [ 0x174, ['pointer', ['_CC_PARTITION']]],
+    'InternalRefCount' : [ 0x178, ['unsigned long']],
+} ],
+  '__unnamed_1cb1' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x8, ['__unnamed_1cb1']],
+    'ArrayHead' : [ 0x10, ['pointer', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x280, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'PartitionObject' : [ 0x4, ['pointer', ['_EPARTITION']]],
+    'CleanSharedCacheMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0x18, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriteCursor' : [ 0x24, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0x30, ['_LIST_ENTRY']],
+    'PrivateLock' : [ 0x40, ['unsigned long']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0x44, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0x48, ['unsigned char']],
+    'WorkQueueLock' : [ 0x80, ['unsigned long']],
+    'NumberWorkerThreads' : [ 0x84, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0x88, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0x8c, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0x94, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0x9c, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0xa4, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0xac, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0xb4, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0xbc, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0xc0, ['unsigned long']],
+    'QueueThrottle' : [ 0xc4, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0xc8, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0xcc, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0xd0, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0xd4, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0xd8, ['unsigned long']],
+    'LowMemoryEvent' : [ 0xdc, ['_KEVENT']],
+    'PowerEvent' : [ 0xec, ['_KEVENT']],
+    'PeriodicEvent' : [ 0xfc, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x10c, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x11c, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x12c, ['unsigned long']],
+    'LazyWriter' : [ 0x130, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x180, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x190, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x1b8, ['pointer', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x1bc, ['long']],
+    'AverageAvailablePages' : [ 0x1c0, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x1c8, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x1d0, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x1e8, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x1e9, ['unsigned char']],
+    'DeferredWrites' : [ 0x1ec, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x200, ['unsigned long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x204, ['pointer', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x208, ['pointer', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x20c, ['pointer', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x210, ['pointer', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x214, ['pointer', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x218, ['pointer', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x21c, ['pointer', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x220, ['_EX_PUSH_LOCK']],
+    'VacbFreeHighPriorityList' : [ 0x224, ['_LIST_ENTRY']],
+    'NumberOfFreeHighPriorityVacbs' : [ 0x22c, ['unsigned long']],
+    'LowPriWorkerThread' : [ 0x230, ['pointer', ['_ETHREAD']]],
+    'LowPriSharedCacheMap' : [ 0x234, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'LowPriOldCpuPriority' : [ 0x238, ['long']],
+    'LowPriOldIoPriority' : [ 0x23c, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+    'LowPriorityWorkerThreadLock' : [ 0x240, ['_EX_PUSH_LOCK']],
+    'MaxNumberOfWriteBehindThreads' : [ 0x244, ['unsigned long']],
+    'CoalescingState' : [ 0x248, ['unsigned char']],
+    'ActivePartition' : [ 0x249, ['unsigned char']],
+    'RundownPhase' : [ 0x24a, ['unsigned char']],
+    'RefCount' : [ 0x24c, ['long']],
+    'ExitEvent' : [ 0x250, ['_KEVENT']],
+    'FinalDereferenceEvent' : [ 0x260, ['_KEVENT']],
+    'LazyWriteScanThreadHandle' : [ 0x270, ['pointer', ['void']]],
+} ],
+  '__unnamed_1cd7' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1cd9' : [ 0x4, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1cdb' : [ 0x4, {
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+} ],
+  '__unnamed_1cdd' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1cdf' : [ 0x1c, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x4, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x8, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_1ce3' : [ 0x40, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'PrefetchList' : [ 0x18, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x1c, ['unsigned long']],
+    'Mdl' : [ 0x20, ['pointer', ['_MDL']]],
+    'IoStatusBlock' : [ 0x24, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x34, ['pointer', ['void']]],
+    'RequestorMode' : [ 0x38, ['unsigned char']],
+    'NestingLevel' : [ 0x3c, ['unsigned long']],
+} ],
+  '__unnamed_1ce5' : [ 0x40, {
+    'Read' : [ 0x0, ['__unnamed_1cd7']],
+    'Write' : [ 0x0, ['__unnamed_1cd9']],
+    'Event' : [ 0x0, ['__unnamed_1cdb']],
+    'Notification' : [ 0x0, ['__unnamed_1cdd']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1cdf']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1ce3']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x50, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x8, ['__unnamed_1ce5']],
+    'Function' : [ 0x48, ['unsigned char']],
+    'Partition' : [ 0x4c, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x28, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x8, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'PostRoutine' : [ 0x18, ['pointer', ['void']]],
+    'Context1' : [ 0x1c, ['pointer', ['void']]],
+    'Context2' : [ 0x20, ['pointer', ['void']]],
+    'Partition' : [ 0x24, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0xc, {
+    'DataSectionObject' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['void']]],
+    'ImageSectionObject' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x18, {
+    'Callback' : [ 0x0, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0x4, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x10, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x8, ['pointer', ['void']]],
+    'VacbLevelsAllocated' : [ 0xc, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x68, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x8, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0xc, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x18, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x40, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x44, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x48, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x50, ['pointer', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x54, ['unsigned long']],
+    'LastLWTimeStamp' : [ 0x58, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x60, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0x88, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x18, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x20, ['long long']],
+    'BitmapRange1' : [ 0x28, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x48, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x68, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x8, ['long long']],
+    'FirstDirtyPage' : [ 0x10, ['unsigned long']],
+    'LastDirtyPage' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'Bitmap' : [ 0x1c, ['pointer', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0xc, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x50, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x20, ['_KTIMER']],
+    'ScanActive' : [ 0x48, ['unsigned char']],
+    'OtherWork' : [ 0x49, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x4a, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x4b, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x4c, ['unsigned char']],
+    'PendingPowerScan' : [ 0x4d, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x4e, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x14, {
+    'Allocate' : [ 0x0, ['unsigned long']],
+    'Free' : [ 0x4, ['unsigned long']],
+    'Commit' : [ 0x8, ['unsigned long']],
+    'Decommit' : [ 0xc, ['unsigned long']],
+    'ExtendContext' : [ 0x10, ['unsigned long']],
+} ],
+  '_SEGMENT_HEAP_EXTRA' : [ 0x8, {
+    'AllocationTag' : [ 0x0, ['unsigned short']],
+    'InterceptorIndex' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UserFlags' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ExtraSizeInUnits' : [ 0x3, ['unsigned char']],
+    'Settable' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_RTL_CSPARSE_BITMAP' : [ 0x20, {
+    'CommitDirectory' : [ 0x0, ['unsigned long']],
+    'CommitBitmap' : [ 0x4, ['pointer', ['unsigned long']]],
+    'UserBitmap' : [ 0x8, ['pointer', ['unsigned long']]],
+    'BitCount' : [ 0xc, ['long']],
+    'BitmapLock' : [ 0x10, ['unsigned long']],
+    'DecommitPageIndex' : [ 0x14, ['unsigned long']],
+    'RtlpCSparseBitmapWakeLock' : [ 0x18, ['unsigned long']],
+    'LockType' : [ 0x1c, ['unsigned char']],
+    'AddressSpace' : [ 0x1d, ['unsigned char']],
+    'MemType' : [ 0x1e, ['unsigned char']],
+    'AllocAlignment' : [ 0x1f, ['unsigned char']],
+} ],
+  '_RTL_SPARSE_ARRAY' : [ 0x28, {
+    'Bitmap' : [ 0x0, ['_RTL_CSPARSE_BITMAP']],
+    'ElementCount' : [ 0x20, ['unsigned long']],
+    'ElementSizeShift' : [ 0x24, ['unsigned long']],
+} ],
+  '_HEAP_VAMGR_ALLOCATOR' : [ 0x1c, {
+    'TreeLock' : [ 0x0, ['unsigned long']],
+    'FreeRanges' : [ 0x4, ['_RTL_RB_TREE']],
+    'VaSpace' : [ 0xc, ['pointer', ['_HEAP_VAMGR_VASPACE']]],
+    'PartitionHandle' : [ 0x10, ['pointer', ['void']]],
+    'ChunksPerRegion' : [ 0x14, ['unsigned short']],
+    'RefCount' : [ 0x16, ['unsigned short']],
+    'AllocatorIndex' : [ 0x18, ['unsigned char']],
+    'NumaNode' : [ 0x19, ['unsigned char']],
+    'LockType' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MemoryType' : [ 0x1a, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'ConstrainedVA' : [ 0x1a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'AllowFreeHead' : [ 0x1a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare0' : [ 0x1a, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['unsigned char']],
+} ],
+  '_HEAP_VAMGR_VASPACE' : [ 0x30, {
+    'AddressSpaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'HeapAddressUser', 1: u'HeapAddressKernel', 2: u'HeapAddressSession', 3: u'HeapAddressTypeMax'})]],
+    'BaseAddress' : [ 0x4, ['unsigned long']],
+    'VaRangeArray' : [ 0x8, ['_RTL_SPARSE_ARRAY']],
+} ],
+  '_HEAP_VAMGR_RANGE' : [ 0x10, {
+    'RbNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Standalone' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'AllocatorIndex' : [ 0x1, ['unsigned char']],
+    'OwnerCtx' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'SizeInChunks' : [ 0xc, ['unsigned long']],
+    'ChunkCount' : [ 0xc, ['unsigned short']],
+    'PrevChunkCount' : [ 0xe, ['unsigned short']],
+    'Signature' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTLP_HP_HEAP_MANAGER' : [ 0x1c64, {
+    'Globals' : [ 0x0, ['pointer', ['_RTLP_HP_HEAP_GLOBALS']]],
+    'AllocTracker' : [ 0x4, ['_RTLP_HP_ALLOC_TRACKER']],
+    'VaMgr' : [ 0x28, ['_HEAP_VAMGR_CTX']],
+    'MetadataHeaps' : [ 0x1c44, ['array', 3, ['_RTLP_HP_METADATA_HEAP_CTX']]],
+    'SubAllocConfigs' : [ 0x1c5c, ['_RTL_HP_SUB_ALLOCATOR_CONFIGS']],
+} ],
+  '_RTLP_HP_ALLOC_TRACKER' : [ 0x24, {
+    'AllocTrackerBitmap' : [ 0x0, ['_RTL_CSPARSE_BITMAP']],
+    'BaseAddress' : [ 0x20, ['unsigned long']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x24, {
+    'ExtendedLookup' : [ 0x0, ['pointer', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x4, ['unsigned long']],
+    'ExtraItem' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x10, ['unsigned long']],
+    'BaseIndex' : [ 0x14, ['unsigned long']],
+    'ListHead' : [ 0x18, ['pointer', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'ListHints' : [ 0x20, ['pointer', ['pointer', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x258, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+    'Flags' : [ 0x40, ['unsigned long']],
+    'ForceFlags' : [ 0x44, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x48, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x4c, ['unsigned long']],
+    'Encoding' : [ 0x50, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x58, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x5c, ['unsigned long']],
+    'Signature' : [ 0x60, ['unsigned long']],
+    'SegmentReserve' : [ 0x64, ['unsigned long']],
+    'SegmentCommit' : [ 0x68, ['unsigned long']],
+    'DeCommitFreeBlockThreshold' : [ 0x6c, ['unsigned long']],
+    'DeCommitTotalFreeThreshold' : [ 0x70, ['unsigned long']],
+    'TotalFreeSize' : [ 0x74, ['unsigned long']],
+    'MaximumAllocationSize' : [ 0x78, ['unsigned long']],
+    'ProcessHeapsListIndex' : [ 0x7c, ['unsigned short']],
+    'HeaderValidateLength' : [ 0x7e, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0x80, ['pointer', ['void']]],
+    'NextAvailableTagIndex' : [ 0x84, ['unsigned short']],
+    'MaximumTagIndex' : [ 0x86, ['unsigned short']],
+    'TagEntries' : [ 0x88, ['pointer', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0x8c, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x94, ['unsigned long']],
+    'AlignMask' : [ 0x98, ['unsigned long']],
+    'VirtualAllocdBlocks' : [ 0x9c, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0xa4, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0xac, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0xb0, ['unsigned long']],
+    'BlocksIndex' : [ 0xb4, ['pointer', ['void']]],
+    'UCRIndex' : [ 0xb8, ['pointer', ['void']]],
+    'PseudoTagEntries' : [ 0xbc, ['pointer', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0xc0, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0xc8, ['pointer', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0xcc, ['pointer', ['void']]],
+    'StackTraceInitVar' : [ 0xd0, ['_RTL_RUN_ONCE']],
+    'CommitLimitData' : [ 0xd4, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+    'FrontEndHeap' : [ 0xe4, ['pointer', ['void']]],
+    'FrontHeapLockCount' : [ 0xe8, ['unsigned short']],
+    'FrontEndHeapType' : [ 0xea, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0xeb, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0xec, ['pointer', ['wchar']]],
+    'FrontEndHeapMaximumIndex' : [ 0xf0, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0xf2, ['array', 257, ['unsigned char']]],
+    'Counters' : [ 0x1f4, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x250, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1dde' : [ 0x38, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x38, {
+    'Lock' : [ 0x0, ['__unnamed_1dde']],
+} ],
+  '_HEAP_ENTRY' : [ 0x8, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x40, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x20, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x8, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x10, ['unsigned long']],
+    'ReserveSize' : [ 0x14, ['unsigned long']],
+    'BusyBlock' : [ 0x18, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x10, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+    'FreeList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_HP_PADDING_HEADER' : [ 0x8, {
+    'PaddingSize' : [ 0x0, ['unsigned long']],
+    'Spare' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1e31' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1e33' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1e31']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1e35' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1e37' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1e35']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1e33']],
+    'u2' : [ 0x4, ['__unnamed_1e37']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x24, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer', ['_BLOB_COUNTERS']]],
+    'CleanupProcedure' : [ 0x14, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x18, ['pointer', ['void']]],
+    'DestroyProcedure' : [ 0x1c, ['pointer', ['void']]],
+    'UsualSize' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_1e54' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1e56' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1e54']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x18, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'u1' : [ 0x8, ['__unnamed_1e56']],
+    'ResourceId' : [ 0x9, ['unsigned char']],
+    'CachedReferences' : [ 0xa, ['short']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Pad' : [ 0x10, ['unsigned long']],
+    'Lock' : [ 0x14, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1e6a' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1e6c' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1e6a']],
+} ],
+  '_KALPC_SECTION' : [ 0x28, {
+    'SectionObject' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'HandleTable' : [ 0x8, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0xc, ['pointer', ['void']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x14, ['pointer', ['_ALPC_PORT']]],
+    'u1' : [ 0x18, ['__unnamed_1e6c']],
+    'NumberOfRegions' : [ 0x1c, ['unsigned long']],
+    'RegionListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1e75' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1e77' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1e75']],
+} ],
+  '_KALPC_REGION' : [ 0x30, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x8, ['pointer', ['_KALPC_SECTION']]],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ViewSize' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_1e77']],
+    'NumberOfViews' : [ 0x1c, ['unsigned long']],
+    'ViewListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x28, ['pointer', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x2c, ['pointer', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1e7d' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemSpace' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_1e7f' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1e7d']],
+} ],
+  '_KALPC_VIEW' : [ 0x34, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x8, ['pointer', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'Address' : [ 0x14, ['pointer', ['void']]],
+    'Size' : [ 0x18, ['unsigned long']],
+    'SecureViewHandle' : [ 0x1c, ['pointer', ['void']]],
+    'WriteAccessHandle' : [ 0x20, ['pointer', ['void']]],
+    'u1' : [ 0x24, ['__unnamed_1e7f']],
+    'NumberOfOwnerMessages' : [ 0x28, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x28, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x4, ['pointer', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0xc, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x14, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x24, ['pointer', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1e9c' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1e9e' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1e9c']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x11c, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x10, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x14, ['pointer', ['void']]],
+    'CompletionPacketLookaside' : [ 0x18, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x1c, ['pointer', ['void']]],
+    'StaticSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x60, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0x74, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0x7c, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0x80, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0x8c, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0x94, ['pointer', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'PortAttributes' : [ 0x98, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0xc4, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0xd0, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0xd4, ['pointer', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0xd8, ['pointer', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0xdc, ['pointer', ['void']]],
+    'CanceledQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0xe8, ['long']],
+    'ReferenceNo' : [ 0xec, ['long']],
+    'ReferenceNoWait' : [ 0xf0, ['pointer', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0xf4, ['__unnamed_1e9e']],
+    'TargetQueuePort' : [ 0xf8, ['pointer', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0xfc, ['pointer', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x100, ['pointer', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x104, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x108, ['unsigned long']],
+    'PendingQueueLength' : [ 0x10c, ['unsigned long']],
+    'DirectQueueLength' : [ 0x110, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x114, ['unsigned long']],
+    'WaitQueueLength' : [ 0x118, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x58, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x10, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x14, ['pointer', ['void']]],
+    'UserLimit' : [ 0x18, ['pointer', ['void']]],
+    'DataUserVa' : [ 0x1c, ['pointer', ['void']]],
+    'SystemVa' : [ 0x20, ['pointer', ['void']]],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'Header' : [ 0x28, ['pointer', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x2c, ['pointer', ['void']]],
+    'ListSize' : [ 0x30, ['unsigned long']],
+    'Bitmap' : [ 0x34, ['pointer', ['void']]],
+    'BitmapSize' : [ 0x38, ['unsigned long']],
+    'Data' : [ 0x3c, ['pointer', ['void']]],
+    'DataSize' : [ 0x40, ['unsigned long']],
+    'BitmapLimit' : [ 0x44, ['unsigned long']],
+    'BitmapNextHint' : [ 0x48, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x4c, ['unsigned long']],
+    'AttributeFlags' : [ 0x50, ['unsigned long']],
+    'AttributeSize' : [ 0x54, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ObjectName' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x10, ['pointer', ['void']]],
+    'SecurityQualityOfService' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0x90, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x10, ['pointer', ['void']]],
+    'Index' : [ 0x14, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x18, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x1c, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x20, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x24, ['unsigned long']],
+    'TypeInfo' : [ 0x28, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0x84, ['unsigned long']],
+    'CallbackList' : [ 0x88, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x14, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1ec3' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_1ec5' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1ec3']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x98, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'u1' : [ 0x14, ['__unnamed_1ec5']],
+    'SequenceNo' : [ 0x18, ['long']],
+    'QuotaProcess' : [ 0x1c, ['pointer', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x1c, ['pointer', ['void']]],
+    'CancelSequencePort' : [ 0x20, ['pointer', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x24, ['pointer', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x28, ['long']],
+    'CancelListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x34, ['pointer', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x38, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0x60, ['pointer', ['void']]],
+    'CommunicationInfo' : [ 0x64, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0x68, ['pointer', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0x6c, ['pointer', ['_ETHREAD']]],
+    'WakeReference' : [ 0x70, ['pointer', ['void']]],
+    'WakeReference2' : [ 0x74, ['pointer', ['void']]],
+    'ExtensionBuffer' : [ 0x78, ['pointer', ['void']]],
+    'ExtensionBufferSize' : [ 0x7c, ['unsigned long']],
+    'PortMessage' : [ 0x80, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x24, {
+    'PortObject' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'Message' : [ 0x4, ['pointer', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'TargetPort' : [ 0x10, ['pointer', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x14, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalLength' : [ 0x1c, ['unsigned short']],
+    'Type' : [ 0x1e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x20, ['unsigned short']],
+    'SignalCompletion' : [ 0x22, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x23, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x4, ['unsigned long']],
+    'ViewBase' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x14, {
+    'OwnerPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x4, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Message' : [ 0xc, ['pointer', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x24, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x28, {
+    'ClientContext' : [ 0x0, ['pointer', ['void']]],
+    'ServerContext' : [ 0x4, ['pointer', ['void']]],
+    'PortContext' : [ 0x8, ['pointer', ['void']]],
+    'CancelPortContext' : [ 0xc, ['pointer', ['void']]],
+    'SecurityData' : [ 0x10, ['pointer', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x14, ['pointer', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x18, ['pointer', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x1c, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x20, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_1f06' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1f08' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1f06']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x50, {
+    'HandleTable' : [ 0x0, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x4, ['pointer', ['void']]],
+    'OwningProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x10, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x4c, ['__unnamed_1f08']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x4, {
+    'Event' : [ 0x0, ['unsigned long']],
+    'Referenced' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x8, ['unsigned long']],
+    'KeyContext' : [ 0xc, ['pointer', ['void']]],
+    'ApcContext' : [ 0x10, ['pointer', ['void']]],
+    'IoStatus' : [ 0x14, ['long']],
+    'IoStatusInformation' : [ 0x18, ['unsigned long']],
+    'MiniPacketCallback' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Allocated' : [ 0x24, ['unsigned char']],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x30, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer', ['void']]],
+    'DiskIoAttributionHandle' : [ 0xc, ['unsigned long']],
+    'ActivityId' : [ 0x10, ['_GUID']],
+    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x20, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x20, ['pointer', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x24, ['long long']],
+    'AdapterCryptoParameters' : [ 0x20, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+} ],
+  '_DRIVER_OBJECT' : [ 0xa8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DriverStart' : [ 0xc, ['pointer', ['void']]],
+    'DriverSize' : [ 0x10, ['unsigned long']],
+    'DriverSection' : [ 0x14, ['pointer', ['void']]],
+    'DriverExtension' : [ 0x18, ['pointer', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x1c, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x28, ['pointer', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x2c, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x30, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x34, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x38, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x14, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0xc, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x2c, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x4, ['array', 9, ['pointer', ['void']]]],
+    'FoIoPriorityHint' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0x88, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x8, ['long']],
+    'Information' : [ 0xc, ['unsigned long']],
+    'ParseCheck' : [ 0x10, ['unsigned long']],
+    'RelatedFileObject' : [ 0x14, ['pointer', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x18, ['pointer', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x28, ['unsigned long']],
+    'FileAttributes' : [ 0x2c, ['unsigned short']],
+    'ShareAccess' : [ 0x2e, ['unsigned short']],
+    'EaBuffer' : [ 0x30, ['pointer', ['void']]],
+    'EaLength' : [ 0x34, ['unsigned long']],
+    'Options' : [ 0x38, ['unsigned long']],
+    'Disposition' : [ 0x3c, ['unsigned long']],
+    'BasicInformation' : [ 0x40, ['pointer', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x44, ['pointer', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x48, ['pointer', ['void']]],
+    'CreateFileType' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x50, ['pointer', ['void']]],
+    'Override' : [ 0x54, ['unsigned char']],
+    'QueryOnly' : [ 0x55, ['unsigned char']],
+    'DeleteOnly' : [ 0x56, ['unsigned char']],
+    'FullAttributes' : [ 0x57, ['unsigned char']],
+    'LocalFileObject' : [ 0x58, ['pointer', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x5c, ['unsigned long']],
+    'AccessMode' : [ 0x60, ['unsigned char']],
+    'DriverCreateContext' : [ 0x64, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0x7c, ['unsigned long']],
+    'FilterQuery' : [ 0x80, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_1fd4' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x110, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_1fd4']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer', ['wchar']]],
+    'LogFileName' : [ 0x3c, ['pointer', ['wchar']]],
+    'TimeZone' : [ 0x40, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0xf8, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x108, ['unsigned long']],
+    'BuffersLost' : [ 0x10c, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x8, {
+    'QueueTail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStatePendingCompression', 5: u'EtwBufferStateCompressed', 6: u'EtwBufferStatePlaceholder', 7: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer', ['void']]],
+    'Pointer1' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x380, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 1, ['unsigned long']]],
+    'ErrorMarker' : [ 0x18, ['unsigned long']],
+    'SizeMask' : [ 0x1c, ['unsigned long']],
+    'GetCpuClock' : [ 0x20, ['pointer', ['void']]],
+    'LoggerThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x28, ['long']],
+    'FailureReason' : [ 0x2c, ['unsigned long']],
+    'BufferQueue' : [ 0x30, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x38, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x40, ['_LIST_ENTRY']],
+    'DebugIdTrackingList' : [ 0x48, ['_LIST_ENTRY']],
+    'DecodeControlList' : [ 0x50, ['pointer', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'DecodeControlCount' : [ 0x54, ['unsigned long']],
+    'BatchedBufferList' : [ 0x58, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x58, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x5c, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x64, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x6c, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0x74, ['_UNICODE_STRING']],
+    'ClockType' : [ 0x7c, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0x80, ['unsigned long']],
+    'FlushTimer' : [ 0x84, ['unsigned long']],
+    'FlushThreshold' : [ 0x88, ['unsigned long']],
+    'ByteOffset' : [ 0x90, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0x98, ['unsigned long']],
+    'BuffersAvailable' : [ 0x9c, ['long']],
+    'NumberOfBuffers' : [ 0xa0, ['long']],
+    'MaximumBuffers' : [ 0xa4, ['unsigned long']],
+    'EventsLost' : [ 0xa8, ['unsigned long']],
+    'PeakBuffersCount' : [ 0xac, ['long']],
+    'BuffersWritten' : [ 0xb0, ['unsigned long']],
+    'LogBuffersLost' : [ 0xb4, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xb8, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xbc, ['unsigned long']],
+    'SequencePtr' : [ 0xc0, ['pointer', ['long']]],
+    'LocalSequence' : [ 0xc4, ['unsigned long']],
+    'InstanceGuid' : [ 0xc8, ['_GUID']],
+    'MaximumFileSize' : [ 0xd8, ['unsigned long']],
+    'FileCounter' : [ 0xdc, ['long']],
+    'PoolType' : [ 0xe0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0xe8, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0xf8, ['long']],
+    'ProviderInfoSize' : [ 0xfc, ['unsigned long']],
+    'Consumers' : [ 0x100, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x108, ['unsigned long']],
+    'TransitionConsumer' : [ 0x10c, ['pointer', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x110, ['pointer', ['void']]],
+    'RealtimeLogfileName' : [ 0x114, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x120, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x128, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x130, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x138, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x140, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x148, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x150, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x160, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x164, ['_KEVENT']],
+    'FlushEvent' : [ 0x174, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x188, ['_KTIMER']],
+    'LoggerDpc' : [ 0x1b0, ['_KDPC']],
+    'LoggerMutex' : [ 0x1d0, ['_KMUTANT']],
+    'LoggerLock' : [ 0x1f0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x1f4, ['unsigned long']],
+    'BufferListPushLock' : [ 0x1f4, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x1f8, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x234, ['pointer', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x238, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x240, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x248, ['pointer', ['void']]],
+    'BufferSequenceNumber' : [ 0x250, ['long long']],
+    'Flags' : [ 0x258, ['unsigned long']],
+    'Persistent' : [ 0x258, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x258, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x258, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x258, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x258, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x258, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x258, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x258, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x258, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x258, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x258, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x258, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x258, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x258, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x258, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LastBranchTracing' : [ 0x258, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x258, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x258, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProviderTracking' : [ 0x258, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessorTrace' : [ 0x258, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'QpcDeltaTracking' : [ 0x258, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x258, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x25c, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x25c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x25c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x25c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x25c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x25c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x25c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x25c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x25c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x25c, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'StackTraceBlock' : [ 0x260, ['_ETW_STACK_TRACE_BLOCK']],
+    'HookIdMap' : [ 0x2b0, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x2b8, ['pointer', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x2bc, ['pointer', ['_ETW_PMC_SUPPORT']]],
+    'LbrData' : [ 0x2c0, ['pointer', ['_ETW_LBR_SUPPORT']]],
+    'IptData' : [ 0x2c4, ['pointer', ['_ETW_IPT_SUPPORT']]],
+    'BinaryTrackingList' : [ 0x2c8, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x2d0, ['pointer', ['pointer', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x2d4, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x2e0, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x2e8, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x2f0, ['pointer', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x2f4, ['Enumeration', dict(target = 'long', choices = {0: u'EtwpPeriodicTimerUnset', 1: u'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x2f8, ['pointer', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x2fc, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x300, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x310, ['long']],
+    'CompressionLock' : [ 0x314, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x318, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x31c, ['pointer', ['void']]],
+    'CompressionOn' : [ 0x320, ['long']],
+    'CompressionRatioGuess' : [ 0x324, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x328, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x32c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwCompressionModeRestart', 1: u'EtwCompressionModeNoDisable', 2: u'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x330, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x334, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x358, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x360, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x368, ['_LARGE_INTEGER']],
+    'ReferenceQpcDelta' : [ 0x370, ['long long']],
+    'CallbackContext' : [ 0x378, ['pointer', ['_ETW_EVENT_CALLBACK_CONTEXT']]],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x34, {
+    'Source' : [ 0x0, ['array', 8, ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x20, ['unsigned long']],
+    'HookId' : [ 0x24, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x2c, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x30, ['array', 1, ['pointer', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LBR_SUPPORT' : [ 0x14, {
+    'LbrHandle' : [ 0x0, ['unsigned long']],
+    'LbrOptions' : [ 0x4, ['unsigned long']],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_IPT_SUPPORT' : [ 0x20, {
+    'IptHandle' : [ 0x0, ['pointer', ['void']]],
+    'IptOption' : [ 0x8, ['unsigned long long']],
+    'EtwHwTraceExtInterface' : [ 0x10, ['pointer', ['_ETW_HW_TRACE_EXT_INTERFACE']]],
+    'HookIdCount' : [ 0x14, ['unsigned long']],
+    'HookId' : [ 0x18, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0xa70, {
+    'Silo' : [ 0x0, ['pointer', ['_EJOB']]],
+    'SiloGlobals' : [ 0x4, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'MaxLoggers' : [ 0x8, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x10, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x178, ['pointer', ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'EtwpLoggerContext' : [ 0x17c, ['pointer', ['pointer', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x180, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0x880, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0x890, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0x894, ['long']],
+    'EtwpSecurityProviderPID' : [ 0x898, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0x89c, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0x8ac, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0x8c0, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0x8c8, ['pointer', ['_ETW_SILO_TRACING_BLOCK']]],
+    'ContainerRestoreWnfSubscription' : [ 0x8cc, ['pointer', ['_EX_WNF_SUBSCRIPTION']]],
+    'PartitionId' : [ 0x8d0, ['_GUID']],
+    'ParentId' : [ 0x8e0, ['_GUID']],
+    'QpcOffsetFromRoot' : [ 0x8f0, ['_LARGE_INTEGER']],
+    'PartitionType' : [ 0x8f8, ['unsigned long']],
+    'SystemLoggerSettings' : [ 0x8fc, ['_ETW_SYSTEM_LOGGER_SETTINGS']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x18, {
+    'SystemLogonSession' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x4, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x8, ['pointer', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0xc, ['pointer', ['void']]],
+    'UncSystemPaths' : [ 0x10, ['pointer', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x14, ['pointer', ['_CI_NGEN_PATHS']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x2a8, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x34, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x94, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x98, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0x9c, ['pointer', ['void']]],
+    'DynamicPart' : [ 0xa0, ['pointer', ['unsigned long']]],
+    'DefaultDacl' : [ 0xa4, ['pointer', ['_ACL']]],
+    'TokenType' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xb0, ['unsigned long']],
+    'TokenInUse' : [ 0xb4, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xb8, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xbc, ['unsigned long']],
+    'LogonSession' : [ 0xc0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xc4, ['_LUID']],
+    'SidHash' : [ 0xcc, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x154, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x1dc, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x1e0, ['pointer', ['void']]],
+    'Capabilities' : [ 0x1e4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x1e8, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x1ec, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x274, ['pointer', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x278, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x27c, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x280, ['pointer', ['void']]],
+    'TrustLinkedToken' : [ 0x284, ['pointer', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x288, ['pointer', ['void']]],
+    'TokenSidValues' : [ 0x28c, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x290, ['pointer', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x294, ['pointer', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x298, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x29c, ['pointer', ['void']]],
+    'VariablePart' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x6c, {
+    'Next' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x4, ['_LUID']],
+    'BuddyLogonId' : [ 0xc, ['_LUID']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'pDeviceMap' : [ 0x1c, ['pointer', ['_DEVICE_MAP']]],
+    'Token' : [ 0x20, ['pointer', ['void']]],
+    'AccountName' : [ 0x24, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x2c, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x34, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x40, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x44, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x48, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0x58, ['pointer', ['_EJOB']]],
+    'SiblingAuthId' : [ 0x5c, ['_LUID']],
+    'TokenList' : [ 0x64, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x20, {
+    'PointerCount' : [ 0x0, ['long']],
+    'HandleCount' : [ 0x4, ['long']],
+    'NextToFree' : [ 0x4, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0xc, ['unsigned char']],
+    'TraceFlags' : [ 0xd, ['unsigned char']],
+    'DbgRefTrace' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0xe, ['unsigned char']],
+    'Flags' : [ 0xf, ['unsigned char']],
+    'NewObject' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0xf, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0xf, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0xf, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0xf, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectCreateInfo' : [ 0x10, ['pointer', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x10, ['pointer', ['void']]],
+    'SecurityDescriptor' : [ 0x14, ['pointer', ['void']]],
+    'Body' : [ 0x18, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x10, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x8, {
+    'ExclusiveProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x8, {
+    'HandleCountDataBase' : [ 0x0, ['pointer', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x10, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x4, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0xc, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x10, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x8, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0xc, ['unsigned short']],
+    'Reserved1' : [ 0xe, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x8, {
+    'SecurityDescriptor' : [ 0x0, ['pointer', ['void']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x8, {
+    'Footer' : [ 0x0, ['pointer', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x18, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x10, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x8, {
+    'Context1' : [ 0x0, ['pointer', ['void']]],
+    'Context2' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x10, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x8, ['pointer', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0xc, ['unsigned char']],
+    'Padding1' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x18, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'EntryLink' : [ 0x8, ['pointer', ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0xc, ['unsigned long']],
+    'HashIndex' : [ 0x10, ['unsigned short']],
+    'DirectoryLocked' : [ 0x12, ['unsigned char']],
+    'LockedExclusive' : [ 0x13, ['unsigned char']],
+    'LockStateSignature' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0xb0, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x94, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x98, ['pointer', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x9c, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0xa0, ['pointer', ['void']]],
+    'SessionObject' : [ 0xa4, ['pointer', ['void']]],
+    'Flags' : [ 0xa8, ['unsigned long']],
+    'SessionId' : [ 0xac, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x1a4, {
+    'SystemDeviceMap' : [ 0x0, ['pointer', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x4, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x74, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0xc, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x4, ['pointer', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x8, ['pointer', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x418, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x8, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0xc, ['unsigned long']],
+    'ErrorCount' : [ 0x10, ['long']],
+    'RecordCount' : [ 0x14, ['unsigned long']],
+    'RecordLength' : [ 0x18, ['unsigned long']],
+    'PoolTag' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x24, ['pointer', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x28, ['pointer', ['void']]],
+    'SectionCount' : [ 0x2c, ['unsigned long']],
+    'SectionLength' : [ 0x30, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x38, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x40, ['unsigned long']],
+    'TotalErrors' : [ 0x44, ['unsigned long']],
+    'Deferred' : [ 0x48, ['unsigned char']],
+    'Descriptor' : [ 0x49, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xe4, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'ProcessorNumber' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x14, ['long']],
+    'ErrorSource' : [ 0x18, ['pointer', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x1c, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x48, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x20, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0xc, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x10, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x14, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x8, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0xc, ['long']],
+    'HighWaterMark' : [ 0x10, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x18, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x8, ['unsigned long']],
+    'DpcQueueDepth' : [ 0xc, ['long']],
+    'DpcCount' : [ 0x10, ['unsigned long']],
+    'ActiveDpc' : [ 0x14, ['pointer', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_215d' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x7000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_215d']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x18, ['unsigned long']],
+    'NonPagablePages' : [ 0x1c, ['unsigned long']],
+    'CommittedPages' : [ 0x20, ['unsigned long']],
+    'PagedPoolStart' : [ 0x24, ['pointer', ['void']]],
+    'PagedPoolEnd' : [ 0x28, ['pointer', ['void']]],
+    'SessionObject' : [ 0x2c, ['pointer', ['void']]],
+    'SessionObjectHandle' : [ 0x30, ['pointer', ['void']]],
+    'SessionPoolAllocationFailures' : [ 0x34, ['array', 4, ['unsigned long']]],
+    'ImageTree' : [ 0x44, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x48, ['unsigned long']],
+    'AttachCount' : [ 0x4c, ['unsigned long']],
+    'AttachGate' : [ 0x50, ['_KGATE']],
+    'WsListEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'PagedPoolInfo' : [ 0x68, ['_MM_PAGED_POOL_INFO']],
+    'Lookaside' : [ 0xc0, ['array', 24, ['_GENERAL_LOOKASIDE']]],
+    'Session' : [ 0xcc0, ['_MMSESSION']],
+    'Vm' : [ 0xd00, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0xdc0, ['_MMWSL_INSTANCE']],
+    'HeapState' : [ 0xdd8, ['pointer', ['void']]],
+    'PagedPool' : [ 0xe00, ['_POOL_DESCRIPTOR']],
+    'DriverUnload' : [ 0x1f40, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'TopLevelPteLockBits' : [ 0x1f44, ['array', 128, ['unsigned long']]],
+    'PageTables' : [ 0x2148, ['array', 1024, ['_MMPTE']]],
+    'PagedPoolBitBuffer' : [ 0x4148, ['array', 32, ['unsigned long']]],
+    'SpecialPool' : [ 0x41c8, ['_MI_SPECIAL_POOL']],
+    'SessionPteLock' : [ 0x4208, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x420c, ['long']],
+    'PagedPoolPdeCount' : [ 0x4210, ['unsigned long']],
+    'SpecialPoolPdeCount' : [ 0x4214, ['unsigned long']],
+    'DynamicSessionPdeCount' : [ 0x4218, ['unsigned long']],
+    'SystemPteInfo' : [ 0x421c, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x4250, ['pointer', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x4254, ['unsigned long']],
+    'PoolTrackBigPages' : [ 0x4258, ['pointer', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x425c, ['unsigned long']],
+    'PermittedFaultsTree' : [ 0x4260, ['_RTL_AVL_TREE']],
+    'IoState' : [ 0x4264, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x4268, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x426c, ['_KEVENT']],
+    'ServerSilo' : [ 0x427c, ['pointer', ['_EJOB']]],
+    'CreateTime' : [ 0x4280, ['unsigned long long']],
+    'PoolTags' : [ 0x5000, ['array', 8192, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x130, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x12c, ['unsigned long']],
+} ],
+  '_CMP_VOLUME_CONTEXT' : [ 0x2c, {
+    'VolumeContextListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'VolumeManager' : [ 0x8, ['pointer', ['_CMP_VOLUME_MANAGER']]],
+    'RefCount' : [ 0xc, ['long']],
+    'VolumeGuid' : [ 0x10, ['_GUID']],
+    'VolumeFileObject' : [ 0x20, ['pointer', ['void']]],
+    'VolumeContextLock' : [ 0x24, ['_CMSI_RW_LOCK']],
+    'DeviceUsageNotificationSent' : [ 0x28, ['unsigned char']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer', ['void']]],
+    'OpenProcedure' : [ 0x34, ['pointer', ['void']]],
+    'CloseProcedure' : [ 0x38, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x3c, ['pointer', ['void']]],
+    'ParseProcedure' : [ 0x40, ['pointer', ['void']]],
+    'ParseProcedureEx' : [ 0x40, ['pointer', ['void']]],
+    'SecurityProcedure' : [ 0x44, ['pointer', ['void']]],
+    'QueryNameProcedure' : [ 0x48, ['pointer', ['void']]],
+    'OkayToCloseProcedure' : [ 0x4c, ['pointer', ['void']]],
+    'WaitObjectFlagMask' : [ 0x50, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x54, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x56, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x30, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0xc, ['unsigned long']],
+    'EntryOffset' : [ 0xc, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0xd, ['unsigned char']],
+    'WaitingBit' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0xe, ['unsigned char']],
+    'AcquiredBit' : [ 0xe, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0xf, ['unsigned char']],
+    'HeadNodeBit' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x10, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x10, ['pointer', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x10, ['unsigned char']],
+    'Reserved' : [ 0x11, ['array', 2, ['unsigned char']]],
+    'InTreeByte' : [ 0x13, ['unsigned char']],
+    'SessionState' : [ 0x14, ['pointer', ['void']]],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'OwnerTree' : [ 0x18, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x20, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x18, ['unsigned char']],
+    'EntryLock' : [ 0x28, ['unsigned long']],
+    'BoostBitmap' : [ 0x2c, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x40, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'TagIndex' : [ 0xc, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xe, ['unsigned short']],
+    'TagName' : [ 0x10, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'Graphics' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ShadowStack' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'HotPatchAllowed' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ManySubsections' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x5c, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long']],
+    'TotalMemoryCommitted' : [ 0x4, ['unsigned long']],
+    'TotalMemoryLargeUCR' : [ 0x8, ['unsigned long']],
+    'TotalSizeInVirtualBlocks' : [ 0xc, ['unsigned long']],
+    'TotalSegments' : [ 0x10, ['unsigned long']],
+    'TotalUCRs' : [ 0x14, ['unsigned long']],
+    'CommittOps' : [ 0x18, ['unsigned long']],
+    'DeCommitOps' : [ 0x1c, ['unsigned long']],
+    'LockAcquires' : [ 0x20, ['unsigned long']],
+    'LockCollisions' : [ 0x24, ['unsigned long']],
+    'CommitRate' : [ 0x28, ['unsigned long']],
+    'DecommittRate' : [ 0x2c, ['unsigned long']],
+    'CommitFailures' : [ 0x30, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x34, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x38, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x3c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x40, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x44, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x48, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x4c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x50, ['unsigned long']],
+    'HighWatermarkSize' : [ 0x54, ['unsigned long']],
+    'LastPolledSize' : [ 0x58, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0xc, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x18, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'Irp' : [ 0xc, ['pointer', ['_IRP']]],
+    'Device' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x14, ['unsigned char']],
+} ],
+  '__unnamed_21cc' : [ 0x10, {
+    'CallerCompletion' : [ 0x0, ['pointer', ['void']]],
+    'CallerContext' : [ 0x4, ['pointer', ['void']]],
+    'CallerDevice' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0xc, ['unsigned char']],
+} ],
+  '__unnamed_21cf' : [ 0x8, {
+    'NotifyDevice' : [ 0x0, ['pointer', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x4, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0x98, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x18, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x20, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'MinorFunction' : [ 0x68, ['unsigned char']],
+    'PowerStateType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0x70, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0x74, ['unsigned char']],
+    'FxDevice' : [ 0x78, ['pointer', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0x7c, ['unsigned char']],
+    'NotifyPEP' : [ 0x7d, ['unsigned char']],
+    'IrpSequenceID' : [ 0x80, ['long']],
+    'Device' : [ 0x84, ['__unnamed_21cc']],
+    'System' : [ 0x84, ['__unnamed_21cf']],
+} ],
+  '__unnamed_21d4' : [ 0x4, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_21d4']],
+    'EndVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CLIENT_ID' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['pointer', ['void']]],
+    'UniqueThread' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x30, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedBytes' : [ 0x4, ['unsigned long']],
+    'NonPagedAllocs' : [ 0x8, ['unsigned long long']],
+    'NonPagedFrees' : [ 0x10, ['unsigned long long']],
+    'PagedBytes' : [ 0x18, ['unsigned long']],
+    'PagedAllocs' : [ 0x20, ['unsigned long long']],
+    'PagedFrees' : [ 0x28, ['unsigned long long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_CMP_VOLUME_MANAGER' : [ 0xc, {
+    'VolumeContextListLock' : [ 0x0, ['_CMSI_RW_LOCK']],
+    'VolumeContextListHead' : [ 0x4, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGK_SILOSTATE' : [ 0x10, {
+    'ErrorPortLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ErrorPort' : [ 0x4, ['pointer', ['_DBGKP_ERROR_PORT']]],
+    'ErrorProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ErrorPortRegisteredEvent' : [ 0xc, ['pointer', ['_KEVENT']]],
+} ],
+  '_STACK_TABLE' : [ 0x8040, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x4, ['array', 16, ['pointer', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x44, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x150, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'StrictVetoBias' : [ 0x8, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0xc, ['unsigned long']],
+    'TargetState' : [ 0x10, ['unsigned long']],
+    'ActualState' : [ 0x14, ['unsigned long']],
+    'OldState' : [ 0x18, ['unsigned long']],
+    'OverrideIndex' : [ 0x1c, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0x54, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x60, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x64, ['pointer', ['void']]],
+    'IdleExecute' : [ 0x68, ['pointer', ['void']]],
+    'IdlePreselect' : [ 0x6c, ['pointer', ['void']]],
+    'IdleTest' : [ 0x70, ['pointer', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x74, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x78, ['pointer', ['void']]],
+    'IdleCancel' : [ 0x7c, ['pointer', ['void']]],
+    'IdleIsHalted' : [ 0x80, ['pointer', ['void']]],
+    'IdleInitiateWake' : [ 0x84, ['pointer', ['void']]],
+    'PrepareInfo' : [ 0x88, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0xd8, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0xe4, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0xe8, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0xec, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0xf4, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0xfc, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x10c, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x1c, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_222e' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_222e']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0x80, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer', ['void']]],
+    'ThreadOwner' : [ 0xc, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x20, ['array', 8, ['pointer', ['void']]]],
+    'LastAcquireTrace' : [ 0x40, ['array', 8, ['pointer', ['void']]]],
+    'LastReleaseTrace' : [ 0x60, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_RTL_HEAP_MEMORY_LIMIT_DATA' : [ 0x10, {
+    'CommitLimitBytes' : [ 0x0, ['unsigned long']],
+    'CommitLimitFailureCode' : [ 0x4, ['unsigned long']],
+    'MaxAllocationSizeBytes' : [ 0x8, ['unsigned long']],
+    'AllocationLimitFailureCode' : [ 0xc, ['unsigned long']],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x9c, {
+    'ProcessCid' : [ 0x0, ['pointer', ['void']]],
+    'ThreadCid' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x18, ['unsigned long']],
+    'CreateTrace' : [ 0x1c, ['array', 30, ['unsigned long']]],
+    'Count' : [ 0x94, ['long']],
+    'CaptureCount' : [ 0x98, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0xa0, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x20, ['array', 128, ['unsigned char']]],
+} ],
+  '_VF_BTS_DATA_MANAGEMENT_AREA' : [ 0x34, {
+    'BTSBufferBase' : [ 0x0, ['pointer', ['void']]],
+    'BTSIndex' : [ 0x4, ['pointer', ['void']]],
+    'BTSMax' : [ 0x8, ['pointer', ['void']]],
+    'BTSInterruptThreshold' : [ 0xc, ['pointer', ['void']]],
+    'PEBSBufferBase' : [ 0x10, ['pointer', ['void']]],
+    'PEBSIndex' : [ 0x14, ['pointer', ['void']]],
+    'PEBSMax' : [ 0x18, ['pointer', ['void']]],
+    'PEBSInterruptThreshold' : [ 0x1c, ['pointer', ['void']]],
+    'PEBSCounterReset' : [ 0x20, ['array', 2, ['pointer', ['void']]]],
+    'Reserved' : [ 0x28, ['array', 12, ['unsigned char']]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ShortThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'IdleStateMax' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ResponsivenessDisableThreshold' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ResponsivenessEnableThreshold' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ResponsivenessDisableTime' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ResponsivenessEnableTime' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ResponsivenessEppCeiling' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ResponsivenessPerfFloor' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2254' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_2257' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_SUBSECTION' : [ 0x28, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0xc, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0xc, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0xc, ['pointer', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x10, ['__unnamed_2254']],
+    'StartingSector' : [ 0x14, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x18, ['unsigned long']],
+    'PtesInSubsection' : [ 0x1c, ['unsigned long']],
+    'u1' : [ 0x20, ['__unnamed_2257']],
+    'UnusedPtes' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x24, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x180, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x40, ['pointer', ['_KDPC']]],
+    'ChildList' : [ 0x44, ['_LIST_ENTRY']],
+    'Parent' : [ 0x4c, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x8, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x4, ['pointer', ['pointer', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x130, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x8, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0xc, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x10, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x98, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x120, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x124, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x128, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x12c, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x4, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x8, ['pointer', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ChildOfVgaEnabledBridge' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DecodeIoOnBoot' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x14, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'LockMdlSwitchedTree' : [ 0x4, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Valid' : [ 0x10, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x24, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'EntryDescriptor' : [ 0x10, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x1c, ['unsigned long']],
+    'Handles' : [ 0x20, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0x60, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0xc, {
+    'IdealMask' : [ 0x0, ['unsigned long']],
+    'PreferredMask' : [ 0x4, ['unsigned long']],
+    'AvailableMask' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_NAME_HASH' : [ 0xc, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'Name' : [ 0xa, ['array', 1, ['wchar']]],
+} ],
+  '_MMSESSION' : [ 0x14, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x4, ['pointer', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0xc, ['unsigned long']],
+    'BitmapFailures' : [ 0x10, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x14, {
+    'CompletionRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'RequestorMode' : [ 0xc, ['unsigned char']],
+    'NestingLevel' : [ 0x10, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0xc, {
+    'DirtyPages' : [ 0x0, ['unsigned long']],
+    'DirtyPagesLastScan' : [ 0x4, ['unsigned long']],
+    'DirtyPagesScheduledLastScan' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x8, {
+    'Sid' : [ 0x0, ['pointer', ['void']]],
+    'Attributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_MAP' : [ 0x38, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x4, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x8, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'DriveMap' : [ 0x10, ['unsigned long']],
+    'DriveType' : [ 0x14, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x34, ['pointer', ['_EJOB']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x4, ['pointer', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x8, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x4, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x10, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0xc, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x10, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x4, ['unsigned long']],
+    'Run' : [ 0x8, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SessionHeapInitialized' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SessionHeapDestroyed' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0xc, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x4, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x14, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer', ['void']]],
+    'OverQuotaHistory' : [ 0x4, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x8, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x8, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x4, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x30, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x4, ['unsigned long']],
+    'SenderPort' : [ 0x8, ['pointer', ['void']]],
+    'RepliedToThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'PortContext' : [ 0x10, ['pointer', ['void']]],
+    'Request' : [ 0x18, ['_PORT_MESSAGE']],
+} ],
+  '_MI_SPECIAL_POOL' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Paged' : [ 0x8, ['_MI_PTE_CHAIN_HEAD']],
+    'NonPaged' : [ 0x20, ['_MI_PTE_CHAIN_HEAD']],
+    'PagesInUse' : [ 0x38, ['unsigned long']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x20, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0xc, ['unsigned long']],
+    'CollectMultiple' : [ 0x10, ['unsigned char']],
+    'Buffer' : [ 0x14, ['pointer', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+} ],
+  '_PO_DIRECTED_DRIPS_STATE' : [ 0x20, {
+    'QueueLink' : [ 0x0, ['_LIST_ENTRY']],
+    'VisitedQueueLink' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'CachedFlags' : [ 0x14, ['unsigned long']],
+    'DeviceUsageCount' : [ 0x18, ['unsigned long']],
+    'Diagnostic' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x1c, {
+    'ObjectHeader' : [ 0x0, ['pointer', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x18, ['unsigned short']],
+    'MaxStacks' : [ 0x1a, ['unsigned short']],
+    'StackInfo' : [ 0x1c, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '__unnamed_22ed' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x60, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_22ed']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'WritesOutstanding' : [ 0x1c, ['unsigned long']],
+    'EvictFlushLock' : [ 0x20, ['long']],
+    'EvictionThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x28, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x38, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x40, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x50, ['pointer', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x54, ['pointer', ['_EPROCESS']]],
+    'DeleteStoredPages' : [ 0x58, ['unsigned long']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['unsigned long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x19c, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_VF_BTS_RECORD' : [ 0xc, {
+    'JumpedFrom' : [ 0x0, ['pointer', ['void']]],
+    'JumpedTo' : [ 0x4, ['pointer', ['void']]],
+    'Unused1' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Predicted' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Unused2' : [ 0x8, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_RETPOLINE_RELOCATION_INFORMATION' : [ 0x20, {
+    'BinaryInfo' : [ 0x0, ['_RTL_RETPOLINE_BINARY_INFO']],
+    'RelocationBuffer' : [ 0x18, ['pointer', ['void']]],
+    'Index' : [ 0x1c, ['array', 1, ['pointer', ['_RTL_RETPOLINE_RELOCATION_INDEX']]]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+    'IdleStateMax' : [ 0x2e, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x2c, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long']],
+    'MemoryBandwidth' : [ 0x14, ['unsigned long']],
+    'MaxPoolUsage' : [ 0x18, ['unsigned long']],
+    'MaxSectionSize' : [ 0x1c, ['unsigned long']],
+    'MaxViewSize' : [ 0x20, ['unsigned long']],
+    'MaxTotalSectionSize' : [ 0x24, ['unsigned long']],
+    'DupObjectTypes' : [ 0x28, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x44, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['long']],
+    'Dpc' : [ 0x10, ['_KDPC']],
+    'WorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0xc, ['pointer', ['void']]],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x4, {
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXHANDLE' : [ 0x4, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Group' : [ 0x8, ['pointer', ['void']]],
+    'Sacl' : [ 0xc, ['pointer', ['_ACL']]],
+    'Dacl' : [ 0x10, ['pointer', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x4c, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x4, ['_KMUTANT']],
+    'Lock' : [ 0x24, ['_FAST_MUTEX']],
+    'List' : [ 0x44, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x8, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x10, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x1c, ['unsigned char']],
+    'DeviceObject' : [ 0x20, ['pointer', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x24, ['pointer', ['wchar']]],
+    'DriverName' : [ 0x28, ['pointer', ['wchar']]],
+    'ChildCount' : [ 0x2c, ['unsigned long']],
+    'ActiveChild' : [ 0x30, ['unsigned long']],
+    'ParentCount' : [ 0x34, ['unsigned long']],
+    'ActiveParent' : [ 0x38, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x19c, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x4, ['pointer', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x8, ['pointer', ['_HMAP_TABLE']]],
+    'Guard' : [ 0xc, ['unsigned long']],
+    'FreeDisplay' : [ 0x10, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x190, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x198, ['unsigned long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x4, ['unsigned long']],
+    'RequestPacket' : [ 0x8, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x18, ['pointer', ['long']]],
+    'NodeTargetCount' : [ 0x1c, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x4, ['_LIST_ENTRY']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0xc, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x4, ['pointer', ['void']]],
+    'DataLength' : [ 0x8, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x38, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'Reserved3' : [ 0x10, ['array', 4, ['pointer', ['void']]]],
+    'Reserved4' : [ 0x20, ['array', 4, ['unsigned long']]],
+    'Reserved6' : [ 0x30, ['array', 2, ['pointer', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x8, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x18, {
+    'AllocAddress' : [ 0x0, ['unsigned long']],
+    'AllocTag' : [ 0x4, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x8, ['unsigned long']],
+    'ReAllocTag' : [ 0xc, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x10, ['unsigned long']],
+    'FreeTag' : [ 0x14, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x30, {
+    'LsaProcessHandle' : [ 0x0, ['pointer', ['void']]],
+    'LsaCommandPortHandle' : [ 0x4, ['pointer', ['void']]],
+    'SepRmThreadHandle' : [ 0x8, ['pointer', ['void']]],
+    'RmCommandPortHandle' : [ 0xc, ['pointer', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x10, ['pointer', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x14, ['pointer', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x20, ['pointer', ['void']]],
+    'RmViewPortMemory' : [ 0x24, ['pointer', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x28, ['long']],
+    'LsaCommandPortActive' : [ 0x2c, ['unsigned char']],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x18, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x8, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0xc, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x58, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x10, ['pointer', ['void']]],
+    'Tm' : [ 0x14, ['pointer', ['void']]],
+    'RmHandle' : [ 0x18, ['pointer', ['void']]],
+    'KtmRm' : [ 0x1c, ['pointer', ['void']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'ContainerNum' : [ 0x24, ['unsigned long']],
+    'ContainerSize' : [ 0x28, ['unsigned long long']],
+    'CmHive' : [ 0x30, ['pointer', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x34, ['pointer', ['void']]],
+    'MarshallingContext' : [ 0x38, ['pointer', ['void']]],
+    'RmFlags' : [ 0x3c, ['unsigned long']],
+    'LogStartStatus1' : [ 0x40, ['long']],
+    'LogStartStatus2' : [ 0x44, ['long']],
+    'BaseLsn' : [ 0x48, ['unsigned long long']],
+    'RmLock' : [ 0x50, ['pointer', ['_ERESOURCE']]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x1c, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'PagedPoolAllocationMap' : [ 0x4, ['_RTL_BITMAP']],
+    'FirstPteForPagedPool' : [ 0xc, ['pointer', ['_MMPTE']]],
+    'MaximumSize' : [ 0x10, ['unsigned long']],
+    'PagedPoolHint' : [ 0x14, ['unsigned long']],
+    'AllocatedPagedPool' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x44, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xc, ['_UNICODE_STRING']],
+    'Latency' : [ 0x14, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x18, ['unsigned long']],
+    'Power' : [ 0x1c, ['unsigned long']],
+    'StateFlags' : [ 0x20, ['unsigned long']],
+    'VetoAccounting' : [ 0x24, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0x3c, ['unsigned char']],
+    'InterruptsEnabled' : [ 0x3d, ['unsigned char']],
+    'Interruptible' : [ 0x3e, ['unsigned char']],
+    'ContextRetained' : [ 0x3f, ['unsigned char']],
+    'CacheCoherent' : [ 0x40, ['unsigned char']],
+    'WakesSpuriously' : [ 0x41, ['unsigned char']],
+    'PlatformOnly' : [ 0x42, ['unsigned char']],
+    'NoCState' : [ 0x43, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_CACHED_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['unsigned long']],
+    'RealKcb' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2371' : [ 0x4, {
+    'Import' : [ 0x0, ['_IMAGE_IMPORT_CONTROL_TRANSFER_DYNAMIC_RELOCATION']],
+    'Indir' : [ 0x0, ['_IMAGE_INDIR_CONTROL_TRANSFER_DYNAMIC_RELOCATION']],
+    'SwitchJump' : [ 0x0, ['_IMAGE_SWITCHTABLE_BRANCH_DYNAMIC_RELOCATION']],
+} ],
+  '_RTL_RETPOLINE_RELOCATION_INDEX' : [ 0xc, {
+    'ImportRelocationSize' : [ 0x0, ['unsigned short']],
+    'IndirectRelocationSize' : [ 0x2, ['unsigned short']],
+    'SwitchJumpRelocationSize' : [ 0x4, ['unsigned short']],
+    'StraddleType' : [ 0x6, ['unsigned short']],
+    'StraddleReloc' : [ 0x8, ['__unnamed_2371']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_237a' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_237c' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_237a']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0xb0, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x4, ['pointer', ['void']]],
+    'EtwHandlesListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_237c']],
+    'Signature' : [ 0x14, ['unsigned long']],
+    'SeSigningLevel' : [ 0x18, ['unsigned char']],
+    'PoolPageHeaders' : [ 0x20, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x28, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x30, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x34, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x38, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x3c, ['unsigned long']],
+    'PagedBytes' : [ 0x40, ['unsigned long']],
+    'NonPagedBytes' : [ 0x44, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x4c, ['unsigned long']],
+    'RaiseIrqls' : [ 0x50, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x54, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x58, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x5c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x60, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x64, ['unsigned long']],
+    'LockedBytes' : [ 0x68, ['unsigned long']],
+    'PeakLockedBytes' : [ 0x6c, ['unsigned long']],
+    'MappedLockedBytes' : [ 0x70, ['unsigned long']],
+    'PeakMappedLockedBytes' : [ 0x74, ['unsigned long']],
+    'MappedIoSpaceBytes' : [ 0x78, ['unsigned long']],
+    'PeakMappedIoSpaceBytes' : [ 0x7c, ['unsigned long']],
+    'PagesForMdlBytes' : [ 0x80, ['unsigned long']],
+    'PeakPagesForMdlBytes' : [ 0x84, ['unsigned long']],
+    'ContiguousMemoryBytes' : [ 0x88, ['unsigned long']],
+    'PeakContiguousMemoryBytes' : [ 0x8c, ['unsigned long']],
+    'ContiguousMemoryListHead' : [ 0x90, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x98, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x9c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0xa0, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0xa4, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa8, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xac, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Luid' : [ 0x10, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x18, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x20, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x1c, {
+    'ProtosNode' : [ 0x0, ['_MI_PROTOTYPE_PTES_NODE']],
+    'DynamicRelocations' : [ 0x10, ['pointer', ['void']]],
+    'SecurityContext' : [ 0x14, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x18, ['unsigned long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderEnclaveMemory', 34: u'LoaderFirmwareKsr', 35: u'LoaderEnclaveKsr', 36: u'LoaderSkMemory', 37: u'LoaderMaximum'})]],
+    'BasePage' : [ 0xc, ['unsigned long']],
+    'PageCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x30, {
+    'ScopeMap' : [ 0x0, ['pointer', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x4, ['pointer', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x8, ['pointer', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x10, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x18, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x20, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x28, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x8, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_DELAY_ACK_FO' : [ 0xc, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x8, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x4, ['pointer', ['_HHIVE']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x10, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Processor' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SchedulerAssist' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Instrumented' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0x60, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsCounterReset0' : [ 0x40, ['unsigned long long']],
+    'PebsCounterReset1' : [ 0x48, ['unsigned long long']],
+    'PebsCounterReset2' : [ 0x50, ['unsigned long long']],
+    'PebsCounterReset3' : [ 0x58, ['unsigned long long']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x10, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x28, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long']],
+    'DirtyPageThresholdTop' : [ 0x4, ['unsigned long']],
+    'DirtyPageThresholdBottom' : [ 0x8, ['unsigned long']],
+    'DirtyPageTarget' : [ 0xc, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x10, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x18, ['unsigned long long']],
+    'AvailableHistory' : [ 0x20, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x50, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0xc, ['pointer', ['_MDL']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Who' : [ 0x20, ['unsigned long']],
+    'Hash' : [ 0x24, ['unsigned long']],
+    'Page' : [ 0x28, ['unsigned long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'Process' : [ 0x4c, ['pointer', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x2cc, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+    'Dr0' : [ 0x4, ['unsigned long']],
+    'Dr1' : [ 0x8, ['unsigned long']],
+    'Dr2' : [ 0xc, ['unsigned long']],
+    'Dr3' : [ 0x10, ['unsigned long']],
+    'Dr6' : [ 0x14, ['unsigned long']],
+    'Dr7' : [ 0x18, ['unsigned long']],
+    'FloatSave' : [ 0x1c, ['_FLOATING_SAVE_AREA']],
+    'SegGs' : [ 0x8c, ['unsigned long']],
+    'SegFs' : [ 0x90, ['unsigned long']],
+    'SegEs' : [ 0x94, ['unsigned long']],
+    'SegDs' : [ 0x98, ['unsigned long']],
+    'Edi' : [ 0x9c, ['unsigned long']],
+    'Esi' : [ 0xa0, ['unsigned long']],
+    'Ebx' : [ 0xa4, ['unsigned long']],
+    'Edx' : [ 0xa8, ['unsigned long']],
+    'Ecx' : [ 0xac, ['unsigned long']],
+    'Eax' : [ 0xb0, ['unsigned long']],
+    'Ebp' : [ 0xb4, ['unsigned long']],
+    'Eip' : [ 0xb8, ['unsigned long']],
+    'SegCs' : [ 0xbc, ['unsigned long']],
+    'EFlags' : [ 0xc0, ['unsigned long']],
+    'Esp' : [ 0xc4, ['unsigned long']],
+    'SegSs' : [ 0xc8, ['unsigned long']],
+    'ExtendedRegisters' : [ 0xcc, ['array', 512, ['unsigned char']]],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0x80, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0xc, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x2c, ['unsigned long']],
+    'TraceDb' : [ 0x30, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x10, {
+    'Handles' : [ 0x0, ['pointer', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  'HAL_PRIVATE_DISPATCH' : [ 0x23c, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'HalHandlerForBus' : [ 0x4, ['pointer', ['void']]],
+    'HalHandlerForConfigSpace' : [ 0x8, ['pointer', ['void']]],
+    'HalLocateHiberRanges' : [ 0xc, ['pointer', ['void']]],
+    'HalRegisterBusHandler' : [ 0x10, ['pointer', ['void']]],
+    'HalSetWakeEnable' : [ 0x14, ['pointer', ['void']]],
+    'HalSetWakeAlarm' : [ 0x18, ['pointer', ['void']]],
+    'HalPciTranslateBusAddress' : [ 0x1c, ['pointer', ['void']]],
+    'HalPciAssignSlotResources' : [ 0x20, ['pointer', ['void']]],
+    'HalHaltSystem' : [ 0x24, ['pointer', ['void']]],
+    'HalFindBusAddressTranslation' : [ 0x28, ['pointer', ['void']]],
+    'HalResetDisplay' : [ 0x2c, ['pointer', ['void']]],
+    'HalAllocateMapRegisters' : [ 0x30, ['pointer', ['void']]],
+    'KdSetupPciDeviceForDebugging' : [ 0x34, ['pointer', ['void']]],
+    'KdReleasePciDeviceForDebugging' : [ 0x38, ['pointer', ['void']]],
+    'KdGetAcpiTablePhase0' : [ 0x3c, ['pointer', ['void']]],
+    'KdCheckPowerButton' : [ 0x40, ['pointer', ['void']]],
+    'HalVectorToIDTEntry' : [ 0x44, ['pointer', ['void']]],
+    'KdMapPhysicalMemory64' : [ 0x48, ['pointer', ['void']]],
+    'KdUnmapVirtualAddress' : [ 0x4c, ['pointer', ['void']]],
+    'KdGetPciDataByOffset' : [ 0x50, ['pointer', ['void']]],
+    'KdSetPciDataByOffset' : [ 0x54, ['pointer', ['void']]],
+    'HalGetInterruptVectorOverride' : [ 0x58, ['pointer', ['void']]],
+    'HalGetVectorInputOverride' : [ 0x5c, ['pointer', ['void']]],
+    'HalLoadMicrocode' : [ 0x60, ['pointer', ['void']]],
+    'HalUnloadMicrocode' : [ 0x64, ['pointer', ['void']]],
+    'HalPostMicrocodeUpdate' : [ 0x68, ['pointer', ['void']]],
+    'HalAllocateMessageTargetOverride' : [ 0x6c, ['pointer', ['void']]],
+    'HalFreeMessageTargetOverride' : [ 0x70, ['pointer', ['void']]],
+    'HalDpReplaceBegin' : [ 0x74, ['pointer', ['void']]],
+    'HalDpReplaceTarget' : [ 0x78, ['pointer', ['void']]],
+    'HalDpReplaceControl' : [ 0x7c, ['pointer', ['void']]],
+    'HalDpReplaceEnd' : [ 0x80, ['pointer', ['void']]],
+    'HalPrepareForBugcheck' : [ 0x84, ['pointer', ['void']]],
+    'HalQueryWakeTime' : [ 0x88, ['pointer', ['void']]],
+    'HalReportIdleStateUsage' : [ 0x8c, ['pointer', ['void']]],
+    'HalTscSynchronization' : [ 0x90, ['pointer', ['void']]],
+    'HalWheaInitProcessorGenericSection' : [ 0x94, ['pointer', ['void']]],
+    'HalStopLegacyUsbInterrupts' : [ 0x98, ['pointer', ['void']]],
+    'HalReadWheaPhysicalMemory' : [ 0x9c, ['pointer', ['void']]],
+    'HalWriteWheaPhysicalMemory' : [ 0xa0, ['pointer', ['void']]],
+    'HalDpMaskLevelTriggeredInterrupts' : [ 0xa4, ['pointer', ['void']]],
+    'HalDpUnmaskLevelTriggeredInterrupts' : [ 0xa8, ['pointer', ['void']]],
+    'HalDpGetInterruptReplayState' : [ 0xac, ['pointer', ['void']]],
+    'HalDpReplayInterrupts' : [ 0xb0, ['pointer', ['void']]],
+    'HalQueryIoPortAccessSupported' : [ 0xb4, ['pointer', ['void']]],
+    'KdSetupIntegratedDeviceForDebugging' : [ 0xb8, ['pointer', ['void']]],
+    'KdReleaseIntegratedDeviceForDebugging' : [ 0xbc, ['pointer', ['void']]],
+    'HalGetEnlightenmentInformation' : [ 0xc0, ['pointer', ['void']]],
+    'HalAllocateEarlyPages' : [ 0xc4, ['pointer', ['void']]],
+    'HalMapEarlyPages' : [ 0xc8, ['pointer', ['void']]],
+    'Dummy1' : [ 0xcc, ['pointer', ['void']]],
+    'Dummy2' : [ 0xd0, ['pointer', ['void']]],
+    'HalNotifyProcessorFreeze' : [ 0xd4, ['pointer', ['void']]],
+    'HalPrepareProcessorForIdle' : [ 0xd8, ['pointer', ['void']]],
+    'HalRegisterLogRoutine' : [ 0xdc, ['pointer', ['void']]],
+    'HalResumeProcessorFromIdle' : [ 0xe0, ['pointer', ['void']]],
+    'Dummy' : [ 0xe4, ['pointer', ['void']]],
+    'HalVectorToIDTEntryEx' : [ 0xe8, ['pointer', ['void']]],
+    'HalSecondaryInterruptQueryPrimaryInformation' : [ 0xec, ['pointer', ['void']]],
+    'HalMaskInterrupt' : [ 0xf0, ['pointer', ['void']]],
+    'HalUnmaskInterrupt' : [ 0xf4, ['pointer', ['void']]],
+    'HalIsInterruptTypeSecondary' : [ 0xf8, ['pointer', ['void']]],
+    'HalAllocateGsivForSecondaryInterrupt' : [ 0xfc, ['pointer', ['void']]],
+    'HalAddInterruptRemapping' : [ 0x100, ['pointer', ['void']]],
+    'HalRemoveInterruptRemapping' : [ 0x104, ['pointer', ['void']]],
+    'HalSaveAndDisableHvEnlightenment' : [ 0x108, ['pointer', ['void']]],
+    'HalRestoreHvEnlightenment' : [ 0x10c, ['pointer', ['void']]],
+    'HalFlushIoBuffersExternalCache' : [ 0x110, ['pointer', ['void']]],
+    'HalFlushExternalCache' : [ 0x114, ['pointer', ['void']]],
+    'HalPciEarlyRestore' : [ 0x118, ['pointer', ['void']]],
+    'HalGetProcessorId' : [ 0x11c, ['pointer', ['void']]],
+    'HalAllocatePmcCounterSet' : [ 0x120, ['pointer', ['void']]],
+    'HalCollectPmcCounters' : [ 0x124, ['pointer', ['void']]],
+    'HalFreePmcCounterSet' : [ 0x128, ['pointer', ['void']]],
+    'HalProcessorHalt' : [ 0x12c, ['pointer', ['void']]],
+    'HalTimerQueryCycleCounter' : [ 0x130, ['pointer', ['void']]],
+    'Dummy3' : [ 0x134, ['pointer', ['void']]],
+    'HalPciMarkHiberPhase' : [ 0x138, ['pointer', ['void']]],
+    'HalQueryProcessorRestartEntryPoint' : [ 0x13c, ['pointer', ['void']]],
+    'HalRequestInterrupt' : [ 0x140, ['pointer', ['void']]],
+    'HalEnumerateUnmaskedInterrupts' : [ 0x144, ['pointer', ['void']]],
+    'HalFlushAndInvalidatePageExternalCache' : [ 0x148, ['pointer', ['void']]],
+    'KdEnumerateDebuggingDevices' : [ 0x14c, ['pointer', ['void']]],
+    'HalFlushIoRectangleExternalCache' : [ 0x150, ['pointer', ['void']]],
+    'HalPowerEarlyRestore' : [ 0x154, ['pointer', ['void']]],
+    'HalQueryCapsuleCapabilities' : [ 0x158, ['pointer', ['void']]],
+    'HalUpdateCapsule' : [ 0x15c, ['pointer', ['void']]],
+    'HalPciMultiStageResumeCapable' : [ 0x160, ['pointer', ['void']]],
+    'HalDmaFreeCrashDumpRegisters' : [ 0x164, ['pointer', ['void']]],
+    'HalAcpiAoacCapable' : [ 0x168, ['pointer', ['void']]],
+    'HalInterruptSetDestination' : [ 0x16c, ['pointer', ['void']]],
+    'HalGetClockConfiguration' : [ 0x170, ['pointer', ['void']]],
+    'HalClockTimerActivate' : [ 0x174, ['pointer', ['void']]],
+    'HalClockTimerInitialize' : [ 0x178, ['pointer', ['void']]],
+    'HalClockTimerStop' : [ 0x17c, ['pointer', ['void']]],
+    'HalClockTimerArm' : [ 0x180, ['pointer', ['void']]],
+    'HalTimerOnlyClockInterruptPending' : [ 0x184, ['pointer', ['void']]],
+    'HalAcpiGetMultiNode' : [ 0x188, ['pointer', ['void']]],
+    'HalPowerSetRebootHandler' : [ 0x18c, ['pointer', ['void']]],
+    'HalIommuRegisterDispatchTable' : [ 0x190, ['pointer', ['void']]],
+    'HalTimerWatchdogStart' : [ 0x194, ['pointer', ['void']]],
+    'HalTimerWatchdogResetCountdown' : [ 0x198, ['pointer', ['void']]],
+    'HalTimerWatchdogStop' : [ 0x19c, ['pointer', ['void']]],
+    'HalTimerWatchdogGeneratedLastReset' : [ 0x1a0, ['pointer', ['void']]],
+    'HalTimerWatchdogTriggerSystemReset' : [ 0x1a4, ['pointer', ['void']]],
+    'HalInterruptVectorDataToGsiv' : [ 0x1a8, ['pointer', ['void']]],
+    'HalInterruptGetHighestPriorityInterrupt' : [ 0x1ac, ['pointer', ['void']]],
+    'HalProcessorOn' : [ 0x1b0, ['pointer', ['void']]],
+    'HalProcessorOff' : [ 0x1b4, ['pointer', ['void']]],
+    'HalProcessorFreeze' : [ 0x1b8, ['pointer', ['void']]],
+    'HalDmaLinkDeviceObjectByToken' : [ 0x1bc, ['pointer', ['void']]],
+    'HalDmaCheckAdapterToken' : [ 0x1c0, ['pointer', ['void']]],
+    'Dummy4' : [ 0x1c4, ['pointer', ['void']]],
+    'HalTimerConvertPerformanceCounterToAuxiliaryCounter' : [ 0x1c8, ['pointer', ['void']]],
+    'HalTimerConvertAuxiliaryCounterToPerformanceCounter' : [ 0x1cc, ['pointer', ['void']]],
+    'HalTimerQueryAuxiliaryCounterFrequency' : [ 0x1d0, ['pointer', ['void']]],
+    'HalConnectThermalInterrupt' : [ 0x1d4, ['pointer', ['void']]],
+    'HalIsEFIRuntimeActive' : [ 0x1d8, ['pointer', ['void']]],
+    'HalTimerQueryAndResetRtcErrors' : [ 0x1dc, ['pointer', ['void']]],
+    'HalAcpiLateRestore' : [ 0x1e0, ['pointer', ['void']]],
+    'KdWatchdogDelayExpiration' : [ 0x1e4, ['pointer', ['void']]],
+    'HalGetProcessorStats' : [ 0x1e8, ['pointer', ['void']]],
+    'HalTimerWatchdogQueryDueTime' : [ 0x1ec, ['pointer', ['void']]],
+    'HalConnectSyntheticInterrupt' : [ 0x1f0, ['pointer', ['void']]],
+    'HalPreprocessNmi' : [ 0x1f4, ['pointer', ['void']]],
+    'HalEnumerateEnvironmentVariablesWithFilter' : [ 0x1f8, ['pointer', ['void']]],
+    'HalCaptureLastBranchRecordStack' : [ 0x1fc, ['pointer', ['void']]],
+    'HalClearLastBranchRecordStack' : [ 0x200, ['pointer', ['void']]],
+    'HalConfigureLastBranchRecord' : [ 0x204, ['pointer', ['void']]],
+    'HalGetLastBranchInformation' : [ 0x208, ['pointer', ['void']]],
+    'HalResumeLastBranchRecord' : [ 0x20c, ['pointer', ['void']]],
+    'HalStartLastBranchRecord' : [ 0x210, ['pointer', ['void']]],
+    'HalStopLastBranchRecord' : [ 0x214, ['pointer', ['void']]],
+    'HalIommuBlockDevice' : [ 0x218, ['pointer', ['void']]],
+    'HalIommuUnblockDevice' : [ 0x21c, ['pointer', ['void']]],
+    'HalGetIommuInterface' : [ 0x220, ['pointer', ['void']]],
+    'HalRequestGenericErrorRecovery' : [ 0x224, ['pointer', ['void']]],
+    'HalTimerQueryHostPerformanceCounter' : [ 0x228, ['pointer', ['void']]],
+    'HalTopologyQueryProcessorRelationships' : [ 0x22c, ['pointer', ['void']]],
+    'HalInitPlatformDebugTriggers' : [ 0x230, ['pointer', ['void']]],
+    'HalRunPlatformDebugTriggers' : [ 0x234, ['pointer', ['void']]],
+    'HalTimerGetReferencePage' : [ 0x238, ['pointer', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x10, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '__unnamed_24ed' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_24ef' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_24ed']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_24ef']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long']],
+    'NumberOfProcessReferences' : [ 0x4, ['unsigned long']],
+    'ClonePtes' : [ 0x8, ['pointer', ['_MMCLONE_BLOCK']]],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x50c0, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x500, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x680, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x6f0, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x1730, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x17c0, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1940, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x4080, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0x4098, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0x40b0, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x40e8, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x4130, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x4200, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x4280, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x4310, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x4380, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x4500, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x4540, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x4578, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x45c0, ['_MI_SYSTEM_TRIM_STATE']],
+    'Cookie' : [ 0x4600, ['unsigned long']],
+    'BootRegistryRuns' : [ 0x4604, ['pointer', ['pointer', ['void']]]],
+    'ZeroingDisabled' : [ 0x4608, ['long']],
+    'FullyInitialized' : [ 0x460c, ['unsigned char']],
+    'SafeBooted' : [ 0x460d, ['unsigned char']],
+    'PfnBitMap' : [ 0x4610, ['_RTL_BITMAP']],
+    'TraceLogging' : [ 0x4618, ['pointer', ['_TlgProvider_t']]],
+    'Vs' : [ 0x4640, ['_MI_VISIBLE_STATE']],
+} ],
+  '_CMSI_RW_LOCK' : [ 0x4, {
+    'Reserved' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x40, {
+    'ProcessorBuffers' : [ 0x0, ['pointer', ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x4, ['pointer', ['unsigned long long']]],
+    'QpcDelta' : [ 0x8, ['pointer', ['long long']]],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0xc00, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long']],
+    'HighestPhysicalPage' : [ 0x4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x8, ['unsigned long']],
+    'NumberOfPagingFiles' : [ 0xc, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x10, ['unsigned char']],
+    'PagingFile' : [ 0x14, ['array', 16, ['pointer', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0x80, ['unsigned long']],
+    'ResidentAvailablePages' : [ 0xc0, ['unsigned long']],
+    'PartitionWs' : [ 0x100, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x164, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x17c, ['unsigned long']],
+    'ModifiedPageListHead' : [ 0x180, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x1c0, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x1d4, ['unsigned long']],
+    'TotalPagesForPagingFile' : [ 0x1d8, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x1dc, ['unsigned long']],
+    'ProcessLockedFilePages' : [ 0x1e0, ['unsigned long']],
+    'SharedCommit' : [ 0x1e4, ['unsigned long']],
+    'SlabAllocatorPages' : [ 0x1e8, ['unsigned long']],
+    'ChargeCommitmentFailures' : [ 0x1ec, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x1fc, ['long']],
+    'PageFileTraces' : [ 0x200, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'Items' : [ 0x8, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x10, ['_KEVENT']],
+} ],
+  '_ETW_DECODE_CONTROL_ENTRY' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'Decode' : [ 0x4, ['_GUID']],
+    'Control' : [ 0x14, ['_GUID']],
+    'ConsumersNotified' : [ 0x24, ['unsigned char']],
+} ],
+  '__unnamed_252b' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_252d' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_252b']],
+} ],
+  '__unnamed_252f' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_252d']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_252f']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x1000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_2537' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_2537']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x8, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_LARGEPAGE_IMAGE_INFO' : [ 0x8, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2544' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x18, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long']],
+    'NodeCount' : [ 0x4, ['unsigned long']],
+    'Tables' : [ 0x8, ['pointer', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0xc, ['unsigned long']],
+    'UseSessionId' : [ 0x10, ['unsigned char']],
+    'u1' : [ 0x14, ['__unnamed_2544']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x10, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x4, ['pointer', ['void']]],
+    'AcquireForReadAhead' : [ 0x8, ['pointer', ['void']]],
+    'ReleaseFromReadAhead' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x90, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0x64, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x68, {
+    'SystemDllBase' : [ 0x0, ['pointer', ['void']]],
+    'ColorSeed' : [ 0x4, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0x8, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x20, ['array', 2, ['pointer', ['_MMPTE']]]],
+    'HypervisorSharedVa' : [ 0x28, ['pointer', ['void']]],
+    'VadSecureCookie' : [ 0x2c, ['unsigned long']],
+    'PaeGroups' : [ 0x30, ['unsigned long']],
+    'FreePaeEntries' : [ 0x34, ['unsigned long']],
+    'FirstFreePae' : [ 0x38, ['_PAE_ENTRY']],
+    'AllocatedPaePages' : [ 0x58, ['long']],
+    'PaeLock' : [ 0x5c, ['unsigned long']],
+    'PaeEntrySList' : [ 0x60, ['_SLIST_HEADER']],
+} ],
+  '_KIDTENTRY' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'Access' : [ 0x4, ['unsigned short']],
+    'ExtendedOffset' : [ 0x6, ['unsigned short']],
+} ],
+  '_IO_TIMER' : [ 0x18, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x4, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x8, {
+    'ExceptionRecord' : [ 0x0, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x4, ['pointer', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long']],
+    'PipelinedReadAheadRequestSize' : [ 0x54, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x58, ['unsigned long']],
+    'PrivateLinks' : [ 0x5c, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x168, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x8, ['long']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'RegListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x24, ['pointer', ['void']]],
+    'LastEnable' : [ 0x28, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x28, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x38, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x58, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x158, ['pointer', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x15c, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x164, ['pointer', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0xac, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x4, ['pointer', ['_KEVENT']]],
+    'Name' : [ 0x8, ['pointer', ['wchar']]],
+    'OrderingName' : [ 0xc, ['pointer', ['wchar']]],
+    'ResourceType' : [ 0x10, ['long']],
+    'Allocation' : [ 0x14, ['pointer', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x18, ['pointer', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x1c, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x24, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x2c, ['long']],
+    'Interface' : [ 0x30, ['pointer', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x34, ['unsigned long']],
+    'AllocationStack' : [ 0x38, ['pointer', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x3c, ['pointer', ['void']]],
+    'PackResource' : [ 0x40, ['pointer', ['void']]],
+    'UnpackResource' : [ 0x44, ['pointer', ['void']]],
+    'ScoreRequirement' : [ 0x48, ['pointer', ['void']]],
+    'TestAllocation' : [ 0x4c, ['pointer', ['void']]],
+    'RetestAllocation' : [ 0x50, ['pointer', ['void']]],
+    'CommitAllocation' : [ 0x54, ['pointer', ['void']]],
+    'RollbackAllocation' : [ 0x58, ['pointer', ['void']]],
+    'BootAllocation' : [ 0x5c, ['pointer', ['void']]],
+    'QueryArbitrate' : [ 0x60, ['pointer', ['void']]],
+    'QueryConflict' : [ 0x64, ['pointer', ['void']]],
+    'AddReserved' : [ 0x68, ['pointer', ['void']]],
+    'StartArbiter' : [ 0x6c, ['pointer', ['void']]],
+    'PreprocessEntry' : [ 0x70, ['pointer', ['void']]],
+    'AllocateEntry' : [ 0x74, ['pointer', ['void']]],
+    'GetNextAllocationRange' : [ 0x78, ['pointer', ['void']]],
+    'FindSuitableRange' : [ 0x7c, ['pointer', ['void']]],
+    'AddAllocation' : [ 0x80, ['pointer', ['void']]],
+    'BacktrackAllocation' : [ 0x84, ['pointer', ['void']]],
+    'OverrideConflict' : [ 0x88, ['pointer', ['void']]],
+    'InitializeRangeList' : [ 0x8c, ['pointer', ['void']]],
+    'DeleteOwnerRanges' : [ 0x90, ['pointer', ['void']]],
+    'TransactionInProgress' : [ 0x94, ['unsigned char']],
+    'TransactionEvent' : [ 0x98, ['pointer', ['_KEVENT']]],
+    'Extension' : [ 0x9c, ['pointer', ['void']]],
+    'BusDeviceObject' : [ 0xa0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0xa4, ['pointer', ['void']]],
+    'ConflictCallback' : [ 0xa8, ['pointer', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x3c, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0xc, ['pointer', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x10, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x11, ['unsigned char']],
+    'ServerIsRemote' : [ 0x12, ['unsigned char']],
+    'ClientTokenControl' : [ 0x14, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x40, {
+    'Address' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0xc, ['array', 13, ['pointer', ['void']]]],
+} ],
+  '_RTLP_HP_HEAP_GLOBALS' : [ 0x1c, {
+    'HeapKey' : [ 0x0, ['unsigned long']],
+    'LfhKey' : [ 0x4, ['unsigned long']],
+    'FailureInfo' : [ 0x8, ['pointer', ['_HEAP_FAILURE_INFORMATION']]],
+    'CommitLimitData' : [ 0xc, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0x70, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x8, ['_KMUTANT']],
+    'FixupLock' : [ 0x28, ['long']],
+    'FirstLoadEver' : [ 0x2c, ['unsigned char']],
+    'LargePageAll' : [ 0x2d, ['unsigned char']],
+    'LastPage' : [ 0x30, ['unsigned long']],
+    'LargePageList' : [ 0x34, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x3c, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x44, ['pointer', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x4c, ['array', 2, ['pointer', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x54, ['unsigned long']],
+    'PageCounts' : [ 0x58, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'ImageTree' : [ 0x6c, ['_RTL_AVL_TREE']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x24, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x44, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x18, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x1c, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x20, ['pointer', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Lock' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x2c, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x30, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x31, ['unsigned char']],
+    'LightestSleepState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x38, ['pointer', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x3c, ['unsigned char']],
+    'DeleteType' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x18, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x4, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0xc, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x28, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x8, ['unsigned long']],
+    'SyncCallback' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 12, native_type='unsigned long')]],
+    'NumberOfRemapPages' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'DeviceContext' : [ 0x14, ['pointer', ['void']]],
+    'NumberOfMapRegisters' : [ 0x18, ['unsigned long']],
+    'DeviceObject' : [ 0x1c, ['pointer', ['void']]],
+    'CurrentIrp' : [ 0x20, ['pointer', ['void']]],
+    'BufferChainingDpc' : [ 0x24, ['pointer', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x4, {
+    'Head' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'ActiveCount' : [ 0x8, ['unsigned long']],
+    'PendingNullCount' : [ 0xc, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x10, ['unsigned long']],
+    'PendingDelete' : [ 0x14, ['unsigned long']],
+    'FreeListHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x1c, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x20, ['pointer', ['void']]],
+    'Entry' : [ 0x24, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x80, {
+    'DriverInit' : [ 0x0, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x4, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x8, ['pointer', ['void']]],
+    'AddDevice' : [ 0xc, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x10, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x38, {
+    'PartitionLock' : [ 0x0, ['unsigned long']],
+    'PartitionIdLock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x8, ['unsigned long long']],
+    'PartitionList' : [ 0x10, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x18, ['pointer', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x1c, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x24, ['array', 1, ['pointer', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x28, ['pointer', ['pointer', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x2c, ['unsigned long']],
+    'CrossPartitionDenials' : [ 0x30, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x34, ['unsigned char']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x2e8, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+    'State' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+    'Removing' : [ 0x22, ['unsigned char']],
+    'Mode' : [ 0x23, ['unsigned char']],
+    'PendingMode' : [ 0x24, ['unsigned char']],
+    'ActivePoint' : [ 0x25, ['unsigned char']],
+    'PendingActivePoint' : [ 0x26, ['unsigned char']],
+    'Critical' : [ 0x27, ['unsigned char']],
+    'ThermalStandby' : [ 0x28, ['unsigned char']],
+    'OverThrottled' : [ 0x29, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x2c, ['long']],
+    'Throttle' : [ 0x30, ['long']],
+    'PendingThrottle' : [ 0x34, ['long']],
+    'ThrottleReasons' : [ 0x38, ['unsigned long']],
+    'LastPassiveTime' : [ 0x40, ['unsigned long long']],
+    'SampleRate' : [ 0x48, ['unsigned long']],
+    'LastTemp' : [ 0x4c, ['unsigned long']],
+    'Info' : [ 0x50, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xac, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xc4, ['unsigned char']],
+    'PollingRate' : [ 0xc8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xd0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xd8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0xe0, ['unsigned long long']],
+    'WorkItem' : [ 0xe8, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0xf8, ['_KTIMER2']],
+    'Lock' : [ 0x150, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x158, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x168, ['_KEVENT']],
+    'InstanceId' : [ 0x178, ['unsigned long']],
+    'TelemetryTracker' : [ 0x180, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x2e0, ['_UNICODE_STRING']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x288, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '__unnamed_2623' : [ 0x4, {
+    'Bus' : [ 0x0, ['unsigned char']],
+    'Device' : [ 0x1, ['unsigned char']],
+    'Function' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2625' : [ 0x2, {
+    'SecondaryBus' : [ 0x0, ['unsigned char']],
+    'SubordinateBus' : [ 0x1, ['unsigned char']],
+} ],
+  '_PCI_BUSMASTER_DESCRIPTOR' : [ 0xc, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusmasterRidFromDeviceRid', 1: u'BusmasterRidFromBridgeRid', 2: u'BusmasterRidFromMultipleBridges'})]],
+    'Segment' : [ 0x4, ['unsigned long']],
+    'DeviceRid' : [ 0x8, ['__unnamed_2623']],
+    'BridgeRid' : [ 0x8, ['__unnamed_2623']],
+    'MultipleBridges' : [ 0x8, ['__unnamed_2625']],
+} ],
+  '_HVP_VIEW_MAP' : [ 0x28, {
+    'SectionReference' : [ 0x0, ['pointer', ['void']]],
+    'StorageEndFileOffset' : [ 0x8, ['long long']],
+    'SectionEndFileOffset' : [ 0x10, ['long long']],
+    'ProcessTuple' : [ 0x18, ['pointer', ['_CMSI_PROCESS_TUPLE']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'ViewTree' : [ 0x20, ['_RTL_RB_TREE']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UserModeOnly' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoInherit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CheckVad' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0xc, {
+    'ActiveThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'WaitList' : [ 0x4, ['pointer', ['_HIVE_WAIT_PACKET']]],
+    'OwnerBoosted' : [ 0x8, ['unsigned long']],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'BusExtension' : [ 0x4, ['pointer', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HAL_LOG_REGISTER_CONTEXT' : [ 0x8, {
+    'LogRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Flag' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_OBJECT_LIST_ENTRY' : [ 0x10, {
+    'DeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'RELATION_LEVEL_REMOVE_EJECT', 1: u'RELATION_LEVEL_DEPENDENT', 2: u'RELATION_LEVEL_DIRECT_DESCENDANT'})]],
+    'Ordinal' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x10, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'SidCount' : [ 0x8, ['unsigned long']],
+    'SidValuesStart' : [ 0xc, ['unsigned long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'DontUse0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'PointerProtoPte' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x10, {
+    'RunRefs' : [ 0x0, ['pointer', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x4, ['pointer', ['void']]],
+    'RunRefSize' : [ 0x8, ['unsigned long']],
+    'Number' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x4, {
+    'Function' : [ 0x0, ['pointer', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2661' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_2663' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_2661']],
+    'Private' : [ 0x0, ['__unnamed_2663']],
+} ],
+  '_CM_TRANS_PTR' : [ 0x4, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'TransPtr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_CM_WORKITEM' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x8, ['unsigned long']],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Parameter' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x10, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x8, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0xc, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0x70, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x4, ['pointer', ['void']]],
+    'FastIoRead' : [ 0x8, ['pointer', ['void']]],
+    'FastIoWrite' : [ 0xc, ['pointer', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x10, ['pointer', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x14, ['pointer', ['void']]],
+    'FastIoLock' : [ 0x18, ['pointer', ['void']]],
+    'FastIoUnlockSingle' : [ 0x1c, ['pointer', ['void']]],
+    'FastIoUnlockAll' : [ 0x20, ['pointer', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x24, ['pointer', ['void']]],
+    'FastIoDeviceControl' : [ 0x28, ['pointer', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x2c, ['pointer', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x30, ['pointer', ['void']]],
+    'FastIoDetachDevice' : [ 0x34, ['pointer', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x38, ['pointer', ['void']]],
+    'AcquireForModWrite' : [ 0x3c, ['pointer', ['void']]],
+    'MdlRead' : [ 0x40, ['pointer', ['void']]],
+    'MdlReadComplete' : [ 0x44, ['pointer', ['void']]],
+    'PrepareMdlWrite' : [ 0x48, ['pointer', ['void']]],
+    'MdlWriteComplete' : [ 0x4c, ['pointer', ['void']]],
+    'FastIoReadCompressed' : [ 0x50, ['pointer', ['void']]],
+    'FastIoWriteCompressed' : [ 0x54, ['pointer', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0x58, ['pointer', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0x5c, ['pointer', ['void']]],
+    'FastIoQueryOpen' : [ 0x60, ['pointer', ['void']]],
+    'ReleaseForModWrite' : [ 0x64, ['pointer', ['void']]],
+    'AcquireForCcFlush' : [ 0x68, ['pointer', ['void']]],
+    'ReleaseForCcFlush' : [ 0x6c, ['pointer', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x1c, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x8, ['unsigned long']],
+    'VolumeKey' : [ 0xc, ['unsigned long']],
+    'Rundown' : [ 0x10, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x14, ['pointer', ['void']]],
+    'VolumeIoAttribution' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x8, {
+    'Port' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x8, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'Flags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0x6, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x1140, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PagedLock' : [ 0x4, ['_FAST_MUTEX']],
+    'NonPagedLock' : [ 0x4, ['unsigned long']],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x44, ['unsigned long']],
+    'BigPagesAllocated' : [ 0x48, ['unsigned long']],
+    'BytesAllocated' : [ 0x4c, ['unsigned long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x84, ['unsigned long']],
+    'BigPagesDeallocated' : [ 0x88, ['unsigned long']],
+    'BytesDeallocated' : [ 0x8c, ['unsigned long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+    'PoolTypeCopy' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'PendingFrees' : [ 0x100, ['_SINGLE_LIST_ENTRY']],
+    'ThreadsProcessingDeferrals' : [ 0x104, ['long']],
+    'PendingFreeDepth' : [ 0x108, ['long']],
+    'ListHeads' : [ 0x140, ['array', 512, ['_LIST_ENTRY']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER' : [ 0xe0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'ImageBase' : [ 0x1c, ['unsigned long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long']],
+    'SizeOfStackCommit' : [ 0x4c, ['unsigned long']],
+    'SizeOfHeapReserve' : [ 0x50, ['unsigned long']],
+    'SizeOfHeapCommit' : [ 0x54, ['unsigned long']],
+    'LoaderFlags' : [ 0x58, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x5c, ['unsigned long']],
+    'DataDirectory' : [ 0x60, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x4, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x8, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x14, ['unsigned long']],
+    'PagingCount' : [ 0x18, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x1c, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KPRCBFLAG' : [ 0x4, {
+    'PrcbFlags' : [ 0x0, ['long']],
+    'BamQosLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'PendingQosUpdate' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PrcbFlagsReserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_26dc' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_26de' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x10, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0xc, ['__unnamed_26dc']],
+    'Button' : [ 0xc, ['__unnamed_26de']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0xc, ['pointer', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x14, ['unsigned long']],
+    'Buckets' : [ 0x18, ['array', 1, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x58, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x10, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x28, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x38, ['long long']],
+    'Callback' : [ 0x40, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x44, ['pointer', ['void']]],
+    'DisableCallback' : [ 0x48, ['pointer', ['void']]],
+    'DisableContext' : [ 0x4c, ['pointer', ['void']]],
+    'AbsoluteSystemTime' : [ 0x50, ['unsigned char']],
+    'TypeFlags' : [ 0x51, ['unsigned char']],
+    'Unused' : [ 0x51, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x51, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x51, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x51, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x51, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x52, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x103c, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'DetachTimeStamp' : [ 0x14, ['unsigned long']],
+    'CodePageEdited' : [ 0x18, ['unsigned char']],
+    'DynamicPoolBitBuffer' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'VaReferenceCount' : [ 0x20, ['array', 1024, ['long']]],
+    'DynamicPtesBitBuffer' : [ 0x1020, ['pointer', ['unsigned long']]],
+    'IdLock' : [ 0x1024, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x1028, ['pointer', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x102c, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x1030, ['pointer', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x1034, ['pointer', ['void']]],
+    'SessionCore' : [ 0x1038, ['pointer', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x338, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+    'EnabledUserVisibleSupervisorFeatures' : [ 0x330, ['unsigned long long']],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer', ['void']]],
+    'CallbackContext' : [ 0xc, ['pointer', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'AccessMask' : [ 0x18, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x180, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x4, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'UnusedSegmentPagedPool' : [ 0xc, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x10, ['unsigned long']],
+    'HighSectionBase' : [ 0x14, ['pointer', ['void']]],
+    'PhysicalSubsection' : [ 0x18, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0x70, ['_CONTROL_AREA']],
+    'PurgingExtentPages' : [ 0xc0, ['_MMPFNLIST']],
+    'DanglingExtentPages' : [ 0xd4, ['pointer', ['_MMPFN']]],
+    'DanglingExtentsWorkItem' : [ 0xd8, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsDeletionComplete' : [ 0xe8, ['_KEVENT']],
+    'DanglingExtentsWorkerActive' : [ 0xf8, ['unsigned char']],
+    'PurgingExtentsNeedWatchdog' : [ 0xf9, ['unsigned char']],
+    'PrototypePtesTree' : [ 0xfc, ['_RTL_AVL_TREE']],
+    'PrototypePtesTreeSpinLock' : [ 0x100, ['long']],
+    'ImageBias' : [ 0x104, ['unsigned long']],
+    'RelocateBitmapsLock' : [ 0x108, ['_EX_PUSH_LOCK']],
+    'ImageBitMap' : [ 0x10c, ['_RTL_BITMAP']],
+    'ApiSetSection' : [ 0x114, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x118, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0x11c, ['unsigned long']],
+    'LostDataFiles' : [ 0x120, ['unsigned long']],
+    'LostDataPages' : [ 0x124, ['unsigned long']],
+    'ImageFailureReason' : [ 0x128, ['unsigned long']],
+    'CfgBitMapSection32' : [ 0x12c, ['pointer', ['_SECTION']]],
+    'CfgBitMapControlArea32' : [ 0x130, ['pointer', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x134, ['unsigned long']],
+    'ImageChecksumBreakpoint' : [ 0x138, ['unsigned long']],
+    'ImageSizeBreakpoint' : [ 0x13c, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x140, ['long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x4, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x1c, {
+    'HashLink' : [ 0x0, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x4, ['unsigned short']],
+    'Atom' : [ 0x6, ['unsigned short']],
+    'Reference' : [ 0x8, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x18, ['unsigned char']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'WaitResponse' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x18, {
+    'DebugInfo' : [ 0x0, ['pointer', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x4, ['long']],
+    'RecursionCount' : [ 0x8, ['long']],
+    'OwningThread' : [ 0xc, ['pointer', ['void']]],
+    'LockSemaphore' : [ 0x10, ['pointer', ['void']]],
+    'SpinCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x38, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x8, ['unsigned char']],
+    'ArbiterInterface' : [ 0xc, ['pointer', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x10, ['pointer', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x1c, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x24, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x2c, ['_LIST_ENTRY']],
+    'State' : [ 0x34, ['unsigned char']],
+    'ResourcesChanged' : [ 0x35, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x30, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x4, ['pointer', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x8, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0xc, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x10, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkIdFilter' : [ 0x14, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'StackWalkNameFilter' : [ 0x18, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+    'StackWalkLevelKwFilter' : [ 0x1c, ['pointer', ['_EVENT_FILTER_LEVEL_KW']]],
+    'EventIdFilter' : [ 0x20, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x24, ['pointer', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x28, ['pointer', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x2c, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0x90, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long']],
+    'NonPagedBytes' : [ 0x54, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x5c, ['unsigned long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x60, ['unsigned long']],
+    'SessionTrims' : [ 0x64, ['unsigned long']],
+    'OptionChanges' : [ 0x68, ['unsigned long']],
+    'VerifyMode' : [ 0x6c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x70, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x78, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x7c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x80, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x84, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x88, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x8c, ['unsigned long']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x480, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['pointer', ['void']]],
+    'ImageBaseAddress' : [ 0x8, ['pointer', ['void']]],
+    'Ldr' : [ 0xc, ['pointer', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x10, ['pointer', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x14, ['pointer', ['void']]],
+    'ProcessHeap' : [ 0x18, ['pointer', ['void']]],
+    'FastPebLock' : [ 0x1c, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x20, ['pointer', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x24, ['pointer', ['void']]],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['pointer', ['void']]],
+    'UserSharedInfoPtr' : [ 0x2c, ['pointer', ['void']]],
+    'SystemReserved' : [ 0x30, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x34, ['pointer', ['_SLIST_HEADER']]],
+    'ApiSetMap' : [ 0x38, ['pointer', ['void']]],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['pointer', ['void']]],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['pointer', ['void']]],
+    'SharedData' : [ 0x50, ['pointer', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x54, ['pointer', ['pointer', ['void']]]],
+    'AnsiCodePageData' : [ 0x58, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x5c, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x60, ['pointer', ['void']]],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['pointer', ['pointer', ['void']]]],
+    'GdiSharedHandleTable' : [ 0x94, ['pointer', ['void']]],
+    'ProcessStarterHelper' : [ 0x98, ['pointer', ['void']]],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['pointer', ['void']]],
+    'TlsExpansionBitmap' : [ 0x150, ['pointer', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['pointer', ['void']]],
+    'AppCompatInfo' : [ 0x1ec, ['pointer', ['void']]],
+    'CSDVersion' : [ 0x1f0, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x1f8, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x200, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x204, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'FlsCallback' : [ 0x20c, ['pointer', ['_FLS_CALLBACK_INFO']]],
+    'FlsListHead' : [ 0x210, ['_LIST_ENTRY']],
+    'FlsBitmap' : [ 0x218, ['pointer', ['void']]],
+    'FlsBitmapBits' : [ 0x21c, ['array', 4, ['unsigned long']]],
+    'FlsHighIndex' : [ 0x22c, ['unsigned long']],
+    'WerRegistrationData' : [ 0x230, ['pointer', ['void']]],
+    'WerShipAssertPtr' : [ 0x234, ['pointer', ['void']]],
+    'pUnused' : [ 0x238, ['pointer', ['void']]],
+    'pImageHeaderHash' : [ 0x23c, ['pointer', ['void']]],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['pointer', ['void']]]],
+    'TelemetryCoverageHeader' : [ 0x45c, ['pointer', ['void']]],
+    'CloudFileFlags' : [ 0x460, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x464, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x468, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x469, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x470, ['pointer', ['_LEAP_SECOND_DATA']]],
+    'LeapSecondFlags' : [ 0x474, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x474, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x474, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x478, ['unsigned long']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x8, ['unsigned long']],
+    'Unloads' : [ 0xc, ['unsigned long']],
+    'BaseName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x10, {
+    'IssueType' : [ 0x0, ['unsigned long']],
+    'Address' : [ 0x4, ['pointer', ['void']]],
+    'Parameters' : [ 0x8, ['array', 2, ['unsigned long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x14, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Busy' : [ 0x10, ['unsigned char']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x24, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x28, ['unsigned long']],
+    'Alternatives' : [ 0x2c, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x30, ['unsigned short']],
+    'RangeAttributes' : [ 0x32, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x33, ['unsigned char']],
+    'WorkSpace' : [ 0x34, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x8, {
+    'BasePage' : [ 0x0, ['unsigned long']],
+    'PageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2774' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2778' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_277a' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_2774']],
+    'Bits' : [ 0x0, ['__unnamed_2778']],
+} ],
+  '_KGDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_277a']],
+} ],
+  '_ETW_SYSTEM_LOGGER_SETTINGS' : [ 0x174, {
+    'EtwpSystemLogger' : [ 0x0, ['array', 8, ['_ETW_SYSTEM_LOGGER']]],
+    'EtwpActiveSystemLoggers' : [ 0x10, ['unsigned long']],
+    'SiloGlobalGroupMask' : [ 0x14, ['_PERFINFO_GROUPMASK']],
+    'EtwpGroupMasks' : [ 0x34, ['array', 10, ['_PERFINFO_GROUPMASK']]],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x20, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP']],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Vad' : [ 0x10, ['pointer', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x14, ['unsigned long']],
+    'FullSetBits' : [ 0x18, ['unsigned long']],
+    'SubListIndex' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_2788' : [ 0x18, {
+    'ApcState' : [ 0x0, ['_KAPC_STATE']],
+    'HardFaultState' : [ 0x0, ['_MI_HARD_FAULT_STATE']],
+} ],
+  '__unnamed_278a' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_278d' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x108, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'CollidedEvent' : [ 0x20, ['_KEVENT']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'u2' : [ 0x40, ['__unnamed_2788']],
+    'Thread' : [ 0x58, ['pointer', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0x5c, ['pointer', ['_MMPFN']]],
+    'PteContents' : [ 0x60, ['_MMPTE']],
+    'WaitCount' : [ 0x68, ['long']],
+    'InjectRetry' : [ 0x6c, ['long']],
+    'ByteCount' : [ 0x70, ['unsigned long']],
+    'u3' : [ 0x74, ['__unnamed_278a']],
+    'u1' : [ 0x78, ['__unnamed_278d']],
+    'FilePointer' : [ 0x7c, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x80, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x80, ['pointer', ['_SUBSECTION']]],
+    'Autoboost' : [ 0x84, ['pointer', ['void']]],
+    'FaultingAddress' : [ 0x88, ['pointer', ['void']]],
+    'PointerPte' : [ 0x8c, ['pointer', ['_MMPTE']]],
+    'BasePte' : [ 0x90, ['pointer', ['_MMPTE']]],
+    'Pfn' : [ 0x94, ['pointer', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x98, ['pointer', ['_MDL']]],
+    'ProbeCount' : [ 0xa0, ['long long']],
+    'Mdl' : [ 0xa8, ['_MDL']],
+    'Page' : [ 0xc4, ['array', 16, ['unsigned long']]],
+    'FlowThrough' : [ 0xc4, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_279d' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_279f' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_27a1' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_27a3' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_279d']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_279f']],
+    'Raw' : [ 0x0, ['__unnamed_27a1']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x28, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'Operation' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0x8, ['__unnamed_27a3']],
+    'Stack' : [ 0x10, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x10, {
+    'BaseKcb' : [ 0x0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x4, ['long']],
+    'ClonedKcbListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset', 25: u'ClearDmaGuardProblem'})]],
+    'ReorderingBarrier' : [ 0x10, ['unsigned char']],
+    'RequestArgument' : [ 0x14, ['unsigned long']],
+    'CompletionEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x1c, ['pointer', ['long']]],
+    'ActivityId' : [ 0x20, ['_GUID']],
+    'RefCount' : [ 0x30, ['long']],
+    'Dequeued' : [ 0x34, ['unsigned char']],
+    'CancelLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x3c, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0xc0, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x28, ['unsigned char']],
+    'Platform' : [ 0x29, ['unsigned char']],
+    'DependencyListCount' : [ 0x2c, ['unsigned long']],
+    'Processors' : [ 0x30, ['_KAFFINITY_EX']],
+    'Name' : [ 0x3c, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0x44, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x48, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x50, ['unsigned long long']],
+    'RefCount' : [ 0x80, ['long']],
+    'CacheAlign0' : [ 0x80, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer', ['void']]],
+    'InLoadOrderModuleList' : [ 0xc, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x14, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x24, ['pointer', ['void']]],
+    'ShutdownInProgress' : [ 0x28, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0x940, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x1c0, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x200, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x340, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x480, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x4c0, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x4d4, ['array', 2, ['pointer', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x4dc, ['array', 8, ['pointer', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x4fc, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x540, ['unsigned long']],
+    'TransitionSharedPagesPeak' : [ 0x544, ['array', 6, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x55c, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x65c, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x66c, ['unsigned long']],
+    'StandbyListDiscard' : [ 0x670, ['unsigned char']],
+    'FreeListDiscard' : [ 0x671, ['unsigned char']],
+    'PfnBitMapsReady' : [ 0x672, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0x678, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x680, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0x6c0, ['unsigned long']],
+    'AvailablePageWaitStates' : [ 0x6c4, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0x700, ['pointer', ['void']]],
+    'TransitionPrivatePages' : [ 0x740, ['unsigned long']],
+    'LargePfnBitMap' : [ 0x744, ['array', 1, ['_RTL_BITMAP']]],
+    'LargePageListHeads' : [ 0x74c, ['pointer', ['_MI_FREE_LARGE_PAGE_LIST']]],
+    'LargePageCandidates' : [ 0x750, ['array', 1, ['_MI_LARGE_PAGE_CANDIDATES']]],
+    'RebuildLargePageWorkItem' : [ 0x858, ['_WORK_QUEUE_ITEM']],
+    'RebuildLargePageActive' : [ 0x868, ['unsigned char']],
+    'LargePageRebuildLock' : [ 0x86c, ['long']],
+    'LowMemoryThreshold' : [ 0x870, ['unsigned long']],
+    'HighMemoryThreshold' : [ 0x874, ['unsigned long']],
+    'SlabContexts' : [ 0x878, ['array', 3, ['_MI_SLAB_ALLOCATOR_CONTEXT']]],
+    'SlabPfnBitMap' : [ 0x908, ['_RTL_BITMAP']],
+} ],
+  '__unnamed_27d2' : [ 0x4, {
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_27d2']],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '__unnamed_27e5' : [ 0x4, {
+    'AllocationType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Inserted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_27e7' : [ 0x4, {
+    'PrototypePtesFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_27e9' : [ 0x4, {
+    'e1' : [ 0x0, ['__unnamed_27e5']],
+    'e2' : [ 0x0, ['__unnamed_27e7']],
+} ],
+  '_MI_PROTOTYPE_PTES_NODE' : [ 0x10, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0xc, ['__unnamed_27e9']],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0xd8, {
+    'Partition' : [ 0x0, ['pointer', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x4, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0xc, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x20, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x24, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x2c, ['unsigned long']],
+    'CombinePageListHeads' : [ 0x30, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'PageCombineStats' : [ 0xb0, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'LowboxNumber' : [ 0x14, ['unsigned long']],
+    'AtomTable' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x4, ['pointer', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID' : [ 0x18, {
+    'DeviceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'EXT_IOMMU_DEVICE_TYPE_INVALID', 1: u'EXT_IOMMU_DEVICE_TYPE_PCI', 2: u'EXT_IOMMU_DEVICE_TYPE_ACPI', 3: u'EXT_IOMMU_DEVICE_TYPE_IOAPIC', 4: u'EXT_IOMMU_DEVICE_TYPE_LOGICAL', 5: u'EXT_IOMMU_DEVICE_TYPE_GIC', 6: u'EXT_IOMMU_DEVICE_TYPE_TEST', 7: u'EXT_IOMMU_DEVICE_TYPE_MAX'})]],
+    'Pci' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_PCI']],
+    'Acpi' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_ACPI']],
+    'IoApicId' : [ 0x8, ['unsigned char']],
+    'LogicalId' : [ 0x8, ['unsigned long long']],
+    'Test' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_TEST']],
+    'Gic' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_GIC']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_280f' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2811' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2814' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_2818' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x50, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x14, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x20, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x30, ['__unnamed_280f']],
+    'HvDeviceId' : [ 0x38, ['unsigned long long']],
+    'XapicMessage' : [ 0x40, ['__unnamed_2811']],
+    'Hypertransport' : [ 0x40, ['__unnamed_2814']],
+    'GenericMessage' : [ 0x40, ['__unnamed_2811']],
+    'MessageRequest' : [ 0x40, ['__unnamed_2818']],
+} ],
+  '__unnamed_281d' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_281f' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_281d']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2822' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2824' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2822']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_281f']],
+    'HighPart' : [ 0x4, ['__unnamed_2824']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'KernelSoftReboot' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DirectedDripsTransition' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x46, ['unsigned char']],
+    'PreviousIrql' : [ 0x47, ['unsigned char']],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_MMPTE_HIGHLOW' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0xb0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0xc, ['pointer', ['void']]],
+    'MessageServiceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'MessageIndex' : [ 0x14, ['unsigned long']],
+    'ServiceContext' : [ 0x18, ['pointer', ['void']]],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'TickCount' : [ 0x20, ['unsigned long']],
+    'ActualLock' : [ 0x24, ['pointer', ['unsigned long']]],
+    'DispatchAddress' : [ 0x28, ['pointer', ['void']]],
+    'Vector' : [ 0x2c, ['unsigned long']],
+    'Irql' : [ 0x30, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x31, ['unsigned char']],
+    'FloatingSave' : [ 0x32, ['unsigned char']],
+    'Connected' : [ 0x33, ['unsigned char']],
+    'Number' : [ 0x34, ['unsigned long']],
+    'ShareVector' : [ 0x38, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x39, ['unsigned char']],
+    'ActiveCount' : [ 0x3a, ['unsigned short']],
+    'InternalState' : [ 0x3c, ['long']],
+    'Mode' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x48, ['unsigned long']],
+    'DispatchCount' : [ 0x4c, ['unsigned long']],
+    'PassiveEvent' : [ 0x50, ['pointer', ['_KEVENT']]],
+    'TrapFrame' : [ 0x54, ['pointer', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x58, ['pointer', ['void']]],
+    'ServiceThread' : [ 0x5c, ['pointer', ['_KTHREAD']]],
+    'ConnectionData' : [ 0x60, ['pointer', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0x64, ['pointer', ['void']]],
+    'IsrDpcStats' : [ 0x68, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xa8, ['pointer', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x34, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x10, ['pointer', ['void']]],
+    'IoObject' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x1c, ['pointer', ['_ETHREAD']]],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ActivityId' : [ 0x24, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x18, {
+    'NextPteToTrim' : [ 0x0, ['pointer', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0xc, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x10, ['unsigned long']],
+    'LockedEntries' : [ 0x14, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x44, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer', ['unsigned char']]],
+    'DataPortMapped' : [ 0xc, ['unsigned char']],
+    'AddressPort' : [ 0x10, ['pointer', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x14, ['unsigned char']],
+    'CommandPort' : [ 0x18, ['pointer', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x1c, ['unsigned char']],
+    'NextSlotNumber' : [ 0x20, ['unsigned long']],
+    'DeviceList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x2c, ['pointer', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x30, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x38, ['unsigned long']],
+    'SystemPowerState' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x50, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+    'Extended' : [ 0x49, ['unsigned char']],
+    'RankNumber' : [ 0x4a, ['unsigned short']],
+    'CardHandle' : [ 0x4c, ['unsigned short']],
+    'ModuleHandle' : [ 0x4e, ['unsigned short']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KAPC_STATE' : [ 0x18, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x10, ['pointer', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x14, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x15, ['unsigned char']],
+    'UserApcPendingAll' : [ 0x16, ['unsigned char']],
+    'SpecialUserApcPending' : [ 0x16, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserApcPending' : [ 0x16, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x10, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x8, ['unsigned long']],
+    'Inserted' : [ 0xc, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_HEAP_VAMGR_CTX' : [ 0x1c1c, {
+    'VaSpace' : [ 0x0, ['_HEAP_VAMGR_VASPACE']],
+    'AllocatorLock' : [ 0x30, ['unsigned long']],
+    'AllocatorCount' : [ 0x34, ['unsigned long']],
+    'Allocators' : [ 0x38, ['array', 255, ['_HEAP_VAMGR_ALLOCATOR']]],
+} ],
+  '_IMAGE_IMPORT_CONTROL_TRANSFER_DYNAMIC_RELOCATION' : [ 0x4, {
+    'PageRelativeOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'IndirectCall' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'IATIndex' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DEBUG_DEVICE_DESCRIPTOR' : [ 0xa8, {
+    'Bus' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'Segment' : [ 0x8, ['unsigned short']],
+    'VendorID' : [ 0xa, ['unsigned short']],
+    'DeviceID' : [ 0xc, ['unsigned short']],
+    'BaseClass' : [ 0xe, ['unsigned char']],
+    'SubClass' : [ 0xf, ['unsigned char']],
+    'ProgIf' : [ 0x10, ['unsigned char']],
+    'Flags' : [ 0x11, ['unsigned char']],
+    'DbgHalScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgBarsMapped' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Initialized' : [ 0x12, ['unsigned char']],
+    'Configured' : [ 0x13, ['unsigned char']],
+    'BaseAddress' : [ 0x14, ['array', 6, ['DEBUG_DEVICE_ADDRESS']]],
+    'Memory' : [ 0x60, ['DEBUG_MEMORY_REQUIREMENTS']],
+    'PortType' : [ 0x80, ['unsigned short']],
+    'PortSubtype' : [ 0x82, ['unsigned short']],
+    'OemData' : [ 0x84, ['pointer', ['void']]],
+    'OemDataLength' : [ 0x88, ['unsigned long']],
+    'NameSpace' : [ 0x8c, ['Enumeration', dict(target = 'long', choices = {0: u'KdNameSpacePCI', 1: u'KdNameSpaceACPI', 2: u'KdNameSpaceAny', 3: u'KdNameSpaceNone', 4: u'KdNameSpaceMax'})]],
+    'NameSpacePath' : [ 0x90, ['pointer', ['wchar']]],
+    'NameSpacePathLength' : [ 0x94, ['unsigned long']],
+    'TransportType' : [ 0x98, ['unsigned long']],
+    'TransportData' : [ 0x9c, ['_DEBUG_TRANSPORT_DATA']],
+} ],
+  '__unnamed_2886' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2888' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_288a' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_2886']],
+    'Interrupt' : [ 0x0, ['__unnamed_2888']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_2888']],
+    'Sci' : [ 0x0, ['__unnamed_2888']],
+    'Nmi' : [ 0x0, ['__unnamed_2888']],
+    'Sea' : [ 0x0, ['__unnamed_2888']],
+    'Sei' : [ 0x0, ['__unnamed_2888']],
+    'Gsiv' : [ 0x0, ['__unnamed_2888']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_288a']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x4, {
+    'LogHandleContext' : [ 0x0, ['pointer', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x19c, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x110, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x190, ['unsigned long']],
+    'ThreadListHead' : [ 0x194, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x2c, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'RealRefCount' : [ 0x14, ['unsigned long']],
+    'Descriptor' : [ 0x18, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x1c0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Partition' : [ 0x19c, ['pointer', ['_EX_PARTITION']]],
+    'Node' : [ 0x1a0, ['pointer', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x1a4, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x1a8, ['unsigned long']],
+    'ThreadCount' : [ 0x1ac, ['long']],
+    'MinThreads' : [ 0x1b0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x1b0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x1b4, ['long']],
+    'QueueIndex' : [ 0x1b8, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'IoPoolUntrusted', 8: u'ExPoolMax'})]],
+    'AllThreadsExitedEvent' : [ 0x1bc, ['pointer', ['_KEVENT']]],
+} ],
+  '_KSCB' : [ 0x100, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x50, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x5d, ['unsigned char']],
+    'ReadySummary' : [ 0x5e, ['unsigned short']],
+    'Rank' : [ 0x60, ['unsigned long']],
+    'ShareRank' : [ 0x64, ['pointer', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x68, ['unsigned long']],
+    'ReadyListHead' : [ 0x6c, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0xec, ['_RTL_RB_TREE']],
+    'Parent' : [ 0xf4, ['pointer', ['_KSCB']]],
+    'Root' : [ 0xf8, ['pointer', ['_KSCB']]],
+} ],
+  '__unnamed_28b1' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0x5c, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x8, ['pointer', ['void']]],
+    'ExceptionTableSize' : [ 0xc, ['unsigned long']],
+    'GpValue' : [ 0x10, ['pointer', ['void']]],
+    'NonPagedDebugInfo' : [ 0x14, ['pointer', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'LoadCount' : [ 0x38, ['unsigned short']],
+    'u1' : [ 0x3a, ['__unnamed_28b1']],
+    'SectionPointer' : [ 0x3c, ['pointer', ['void']]],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x44, ['unsigned long']],
+    'CoverageSection' : [ 0x48, ['pointer', ['void']]],
+    'LoadedImports' : [ 0x4c, ['pointer', ['void']]],
+    'Spare' : [ 0x50, ['pointer', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x54, ['unsigned long']],
+    'TimeDateStamp' : [ 0x58, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_KTSS' : [ 0x20ac, {
+    'Backlink' : [ 0x0, ['unsigned short']],
+    'Reserved0' : [ 0x2, ['unsigned short']],
+    'Esp0' : [ 0x4, ['unsigned long']],
+    'Ss0' : [ 0x8, ['unsigned short']],
+    'Reserved1' : [ 0xa, ['unsigned short']],
+    'NotUsed1' : [ 0xc, ['array', 4, ['unsigned long']]],
+    'CR3' : [ 0x1c, ['unsigned long']],
+    'Eip' : [ 0x20, ['unsigned long']],
+    'EFlags' : [ 0x24, ['unsigned long']],
+    'Eax' : [ 0x28, ['unsigned long']],
+    'Ecx' : [ 0x2c, ['unsigned long']],
+    'Edx' : [ 0x30, ['unsigned long']],
+    'Ebx' : [ 0x34, ['unsigned long']],
+    'Esp' : [ 0x38, ['unsigned long']],
+    'Ebp' : [ 0x3c, ['unsigned long']],
+    'Esi' : [ 0x40, ['unsigned long']],
+    'Edi' : [ 0x44, ['unsigned long']],
+    'Es' : [ 0x48, ['unsigned short']],
+    'Reserved2' : [ 0x4a, ['unsigned short']],
+    'Cs' : [ 0x4c, ['unsigned short']],
+    'Reserved3' : [ 0x4e, ['unsigned short']],
+    'Ss' : [ 0x50, ['unsigned short']],
+    'Reserved4' : [ 0x52, ['unsigned short']],
+    'Ds' : [ 0x54, ['unsigned short']],
+    'Reserved5' : [ 0x56, ['unsigned short']],
+    'Fs' : [ 0x58, ['unsigned short']],
+    'Reserved6' : [ 0x5a, ['unsigned short']],
+    'Gs' : [ 0x5c, ['unsigned short']],
+    'Reserved7' : [ 0x5e, ['unsigned short']],
+    'LDT' : [ 0x60, ['unsigned short']],
+    'Reserved8' : [ 0x62, ['unsigned short']],
+    'Flags' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+    'IoMaps' : [ 0x68, ['array', 1, ['_KiIoAccessMap']]],
+    'IntDirectionMap' : [ 0x208c, ['array', 32, ['unsigned char']]],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long']],
+    'TrimInProgressCount' : [ 0x4, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x8, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x18, ['array', 3, ['unsigned long']]],
+} ],
+  '_RTLP_HP_METADATA_HEAP_CTX' : [ 0x8, {
+    'Heap' : [ 0x0, ['pointer', ['_SEGMENT_HEAP']]],
+    'InitOnce' : [ 0x4, ['_RTL_RUN_ONCE']],
+} ],
+  '_KMUTANT' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x18, ['pointer', ['_KTHREAD']]],
+    'Abandoned' : [ 0x1c, ['unsigned char']],
+    'ApcDisable' : [ 0x1d, ['unsigned char']],
+} ],
+  '__unnamed_28c7' : [ 0x4, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 29, native_type='unsigned long')]],
+} ],
+  '__unnamed_28ca' : [ 0x4, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_ACTIVE_PFN' : [ 0x4, {
+    'Leaf' : [ 0x0, ['__unnamed_28c7']],
+    'PageTable' : [ 0x0, ['__unnamed_28ca']],
+    'EntireActiveField' : [ 0x0, ['unsigned long']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x4, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x168, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x4, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x18, ['_GUID']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NextSameTx' : [ 0x48, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x50, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x58, ['pointer', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0x5c, ['pointer', ['_KTRANSACTION']]],
+    'State' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0x64, ['unsigned long']],
+    'NotificationMask' : [ 0x68, ['unsigned long']],
+    'Key' : [ 0x6c, ['pointer', ['void']]],
+    'KeyRefCount' : [ 0x70, ['unsigned long']],
+    'RecoveryInformation' : [ 0x74, ['pointer', ['void']]],
+    'RecoveryInformationLength' : [ 0x78, ['unsigned long']],
+    'DynamicNameInformation' : [ 0x7c, ['pointer', ['void']]],
+    'DynamicNameInformationLength' : [ 0x80, ['unsigned long']],
+    'FinalNotification' : [ 0x84, ['pointer', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0x88, ['pointer', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0x8c, ['pointer', ['void']]],
+    'SubordinateTxHandle' : [ 0x90, ['pointer', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x94, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0xa4, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0xb4, ['_GUID']],
+    'NextHistory' : [ 0xc4, ['unsigned long']],
+    'History' : [ 0xc8, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x14, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x18, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long']],
+} ],
+  '_HMAP_TABLE' : [ 0x1800, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_28f5' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_28f7' : [ 0x10, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_28f5']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x20, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0xc, ['__unnamed_28f7']],
+    'VerifiedData' : [ 0x1c, ['pointer', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x10, {
+    'SecurityQos' : [ 0x0, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x4, ['pointer', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x8, ['unsigned long']],
+    'FullCreateOptions' : [ 0xc, ['unsigned long']],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IMAGE_INDIR_CONTROL_TRANSFER_DYNAMIC_RELOCATION' : [ 0x2, {
+    'PageRelativeOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'IndirectCall' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'RexWPrefix' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'CfgCheck' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x20, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x8, ['pointer', ['void']]],
+    'SessionViewVa' : [ 0x8, ['pointer', ['void']]],
+    'VadsProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'Type' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SystemCacheAttributes' : [ 0x10, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0xc0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0xc8, ['unsigned long']],
+    'PteTrackingBitmap' : [ 0xcc, ['_RTL_BITMAP']],
+    'CachedPteHeads' : [ 0xd4, ['pointer', ['_MI_CACHED_PTES']]],
+    'CachedKernelStackPteHeads' : [ 0xd8, ['pointer', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xdc, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPteInfo' : [ 0x110, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x144, ['unsigned long']],
+    'KernelStackPages' : [ 0x148, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x149, ['unsigned char']],
+    'AdjustCounter' : [ 0x14a, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x14c, ['long']],
+    'ReservedMappingTree' : [ 0x150, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x154, ['pointer', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x158, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x15c, ['long']],
+} ],
+  '__unnamed_290a' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0xe4, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_290a']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'NodeInformation' : [ 0x10, ['pointer', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x14, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x18, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x1c, ['unsigned long']],
+    'PfnUnmapWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x30, ['unsigned long']],
+    'PfnUnmapWaitList' : [ 0x34, ['pointer', ['void']]],
+    'MemoryRuns' : [ 0x38, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x3c, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x4c, ['array', 5, ['pointer', ['void']]]],
+    'PartitionObject' : [ 0x60, ['pointer', ['_EPARTITION']]],
+    'PartitionSystemThreadsLock' : [ 0x64, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0x6c, ['long']],
+    'PfnUnmapActive' : [ 0x70, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0x74, ['_KEVENT']],
+    'RootDirectory' : [ 0x84, ['pointer', ['void']]],
+    'KernelObjectsDirectory' : [ 0x88, ['pointer', ['void']]],
+    'MemoryEvents' : [ 0x8c, ['array', 11, ['pointer', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0xb8, ['array', 11, ['pointer', ['void']]]],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0x64, {
+    'NextPageColor' : [ 0x0, ['unsigned long']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long']],
+    'VmWorkingSetList' : [ 0xc, ['pointer', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x18, ['array', 8, ['unsigned long']]],
+    'ExitOutswapGate' : [ 0x38, ['pointer', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x3c, ['unsigned long']],
+    'WorkingSetLeafSize' : [ 0x40, ['unsigned long']],
+    'WorkingSetLeafPrivateSize' : [ 0x44, ['unsigned long']],
+    'WorkingSetSize' : [ 0x48, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x4c, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x50, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x54, ['unsigned long']],
+    'HardFaultCount' : [ 0x58, ['unsigned long']],
+    'LastTrimStamp' : [ 0x5c, ['unsigned short']],
+    'Unused0' : [ 0x5e, ['unsigned short']],
+    'Flags' : [ 0x60, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x18, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x8, ['unsigned char']],
+    'BlockState' : [ 0x9, ['unsigned char']],
+    'WaitKey' : [ 0xa, ['unsigned short']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0xc, ['pointer', ['_KQUEUE']]],
+    'Object' : [ 0x10, ['pointer', ['void']]],
+    'SparePtr' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x10, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0xc, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x58, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'VolumeLabel' : [ 0x18, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'WorkQueue' : [ 0x18, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x40, ['pointer', ['void']]],
+    'AcceptProcessorNotification' : [ 0x44, ['pointer', ['void']]],
+    'AcceptAcpiNotification' : [ 0x48, ['pointer', ['void']]],
+    'WorkOrderCount' : [ 0x4c, ['unsigned long']],
+    'WorkOrders' : [ 0x50, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2935' : [ 0x20, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x1c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x50, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long']],
+    'ModifiedPagesTotal' : [ 0x1c, ['unsigned long']],
+    'ModifiedPagefilePages' : [ 0x20, ['unsigned long']],
+    'ModifiedNoWritePages' : [ 0x24, ['unsigned long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x28, ['unsigned long']],
+    'MdlHack' : [ 0x2c, ['__unnamed_2935']],
+} ],
+  '_HAL_LBR_ENTRY' : [ 0xc, {
+    'FromAddress' : [ 0x0, ['pointer', ['void']]],
+    'ToAddress' : [ 0x4, ['pointer', ['void']]],
+    'Reserved' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_NT_TIB' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x4, ['pointer', ['void']]],
+    'StackLimit' : [ 0x8, ['pointer', ['void']]],
+    'SubSystemTib' : [ 0xc, ['pointer', ['void']]],
+    'FiberData' : [ 0x10, ['pointer', ['void']]],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['pointer', ['void']]],
+    'Self' : [ 0x18, ['pointer', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x3c, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x8, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x10, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x14, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x18, ['pointer', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x18, ['array', 4, ['pointer', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x18, ['pointer', ['void']]],
+    'SessionId' : [ 0x1c, ['unsigned long']],
+    'Process' : [ 0x28, ['pointer', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['void']]],
+    'Callback' : [ 0x2c, ['pointer', ['void']]],
+    'Index' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x32, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x32, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x32, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x32, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x32, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'DbgUseDescriptorType' : [ 0x32, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'DbgDropProviderTraits' : [ 0x32, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'EnableMask' : [ 0x34, ['unsigned char']],
+    'GroupEnableMask' : [ 0x35, ['unsigned char']],
+    'Traits' : [ 0x38, ['pointer', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HAL_DP_REPLACE_PARAMETERS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'TargetProcessors' : [ 0x4, ['pointer', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+    'SpareProcessors' : [ 0x8, ['pointer', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x14, {
+    'NextEntry' : [ 0x0, ['pointer', ['void']]],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x2740, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long']],
+    'SystemVaBias' : [ 0x4, ['unsigned long']],
+    'SystemAvailableVaLow' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+    'SystemRangeStart' : [ 0x10, ['pointer', ['void']]],
+    'SystemCachePdeCount' : [ 0x14, ['array', 1024, ['unsigned char']]],
+    'SystemCacheReverseMaps' : [ 0x414, ['array', 1024, ['pointer', ['void']]]],
+    'VaRegion' : [ 0x1414, ['array', 1024, ['_MI_SYSTEM_REGION_REFERENCE']]],
+    'TopLevelPteLockBits' : [ 0x2414, ['array', 128, ['unsigned long']]],
+    'TopLevelPteAlternateLockBits' : [ 0x2614, ['array', 4, ['unsigned long']]],
+    'DeleteKvaLock' : [ 0x2624, ['long']],
+    'WsleArrays' : [ 0x2628, ['array', 8, ['pointer', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x2648, ['pointer', ['_MI_HYPER_SPACE']]],
+    'HyperSpaceEnd' : [ 0x264c, ['pointer', ['void']]],
+    'FreeSystemCacheVa' : [ 0x2650, ['_KEVENT']],
+    'SystemVaLock' : [ 0x2660, ['unsigned long']],
+    'SystemCacheViewLock' : [ 0x2664, ['unsigned long']],
+    'SystemWorkingSetList' : [ 0x2668, ['array', 8, ['_MMWSL_INSTANCE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x2c, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'GoodCitizenWaiting' : [ 0x4, ['long']],
+    'ReleasedCommitDebt' : [ 0x8, ['unsigned long']],
+    'ResetPagesRepurposedCount' : [ 0xc, ['unsigned long']],
+    'WsSwapSupport' : [ 0x10, ['pointer', ['void']]],
+    'CommitReleaseContext' : [ 0x14, ['pointer', ['void']]],
+    'WorkingSetCoreLock' : [ 0x18, ['long']],
+    'AccessLog' : [ 0x1c, ['pointer', ['void']]],
+    'ChargedWslePages' : [ 0x20, ['unsigned long']],
+    'ActualWslePages' : [ 0x24, ['unsigned long']],
+    'ShadowMapping' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_ETW_SYSTEM_LOGGER' : [ 0x2, {
+    'LoggerId' : [ 0x0, ['unsigned char']],
+    'ClockType' : [ 0x1, ['unsigned char']],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_ACPI' : [ 0x4, {
+    'ObjectName' : [ 0x0, ['pointer', ['unsigned char']]],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '__WIL__WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PNP_REPLACE_PROCESSOR_LIST' : [ 0x14, {
+    'Affinity' : [ 0x0, ['pointer', ['unsigned long']]],
+    'GroupCount' : [ 0x4, ['unsigned long']],
+    'AllocatedCount' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'ApicIds' : [ 0x10, ['array', 1, ['unsigned long']]],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ETW_HW_TRACE_EXT_INTERFACE' : [ 0xc, {
+    'StartProcessorTraceOnEachCore' : [ 0x0, ['pointer', ['void']]],
+    'StopProcessorTraceOnEachCore' : [ 0x4, ['pointer', ['void']]],
+    'LogProcessorTraceOnCurrentCore' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x4, {
+    'ImpersonationData' : [ 0x0, ['unsigned long']],
+    'ImpersonationToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x4, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x8, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x10, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x8, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PAE_ENTRY' : [ 0x20, {
+    'PteEntry' : [ 0x0, ['array', 4, ['_MMPTE']]],
+    'PaeEntry' : [ 0x0, ['_PAE_PAGEINFO']],
+    'NextPae' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_MI_LARGE_PAGE_CANDIDATES' : [ 0x108, {
+    'Hand' : [ 0x0, ['unsigned short']],
+    'ActiveEntryCount' : [ 0x2, ['unsigned short']],
+    'Overflowed' : [ 0x4, ['unsigned char']],
+    'PageFrames' : [ 0x8, ['array', 64, ['unsigned long']]],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x10, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CloneCommitCount' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0x8, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_TEST' : [ 0x8, {
+    'UniqueId' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_HEADER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaEventLogEntryTypeInformational', 1: u'WheaEventLogEntryTypeWarning', 2: u'WheaEventLogEntryTypeError'})]],
+    'OwnerTag' : [ 0x10, ['unsigned long']],
+    'Id' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {-2147483647: u'WheaEventLogEntryIdCmcPollingTimeout', -2147483646: u'WheaEventLogEntryIdWheaInit', -2147483645: u'WheaEventLogEntryIdMax'})]],
+    'Flags' : [ 0x18, ['_WHEA_EVENT_LOG_ENTRY_FLAGS']],
+    'PayloadLength' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_29c8' : [ 0x4, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_SECTION' : [ 0x28, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u1' : [ 0x14, ['__unnamed_29c8']],
+    'SizeOfSection' : [ 0x18, ['unsigned long long']],
+    'u' : [ 0x20, ['__unnamed_1840']],
+    'InitialPageProtection' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x24, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x24, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer', ['void']]]],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x8c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x8, ['unsigned long']],
+    'ArgumentStatus' : [ 0xc, ['long']],
+    'CallerEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'Callback' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'VetoType' : [ 0x1c, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]]],
+    'VetoName' : [ 0x20, ['pointer', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x24, ['unsigned long']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'Cancel' : [ 0x2c, ['unsigned char']],
+    'Parent' : [ 0x30, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x34, ['_GUID']],
+    'Watchdog' : [ 0x44, ['pointer', ['_PNP_WATCHDOG']]],
+    'Data' : [ 0x48, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_GLOBAL_APPCOMPAT_FLAGS' : [ 0x4, {
+    'SafeInputValidation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Padding' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CommitLFHSubsegments' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AllocateHeapFromEnv' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x8, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x4, ['array', 1, ['pointer', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0xa0, {
+    'Timelines' : [ 0x0, ['array', 14, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+    'InputTimeline' : [ 0x48, ['_TIMELINE_BITMAP']],
+    'AudioInTimeline' : [ 0x50, ['_TIMELINE_BITMAP']],
+    'AudioOutTimeline' : [ 0x58, ['_TIMELINE_BITMAP']],
+    'DisplayRequiredTimeline' : [ 0x60, ['_TIMELINE_BITMAP']],
+    'KeyboardInputTimeline' : [ 0x68, ['_TIMELINE_BITMAP']],
+    'Durations' : [ 0x70, ['array', 5, ['_ENERGY_STATE_DURATION']]],
+    'InputDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'AudioInDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'AudioOutDuration' : [ 0x80, ['_ENERGY_STATE_DURATION']],
+    'DisplayRequiredDuration' : [ 0x88, ['_ENERGY_STATE_DURATION']],
+    'PSMBackgroundDuration' : [ 0x90, ['_ENERGY_STATE_DURATION']],
+    'KeyboardInput' : [ 0x98, ['unsigned long']],
+    'MouseInput' : [ 0x9c, ['unsigned long']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x20, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x14, ['long']],
+    'Active' : [ 0x18, ['long']],
+    'FreeWhenDone' : [ 0x1c, ['unsigned char']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x90, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x8, ['unsigned long']],
+    'InDebugger' : [ 0xc, ['long']],
+    'Pfns' : [ 0x10, ['array', 32, ['pointer', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x8, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 31, native_type='unsigned long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x0, ['pointer', ['void']]],
+    'SessionState' : [ 0x4, ['pointer', ['void']]],
+    'SessionId' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x20, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer', ['void']]],
+    'Owner' : [ 0x14, ['pointer', ['void']]],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'Flags' : [ 0x19, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0xb8, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'TimerApc' : [ 0x2c, ['_KAPC']],
+    'TimerDpc' : [ 0x5c, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0x7c, ['_LIST_ENTRY']],
+    'Period' : [ 0x84, ['unsigned long']],
+    'TimerFlags' : [ 0x88, ['unsigned char']],
+    'ApcAssociated' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0x88, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0x88, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0x89, ['unsigned char']],
+    'Spare2' : [ 0x8a, ['unsigned short']],
+    'WakeReason' : [ 0x8c, ['pointer', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x98, ['pointer', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x9c, ['_LIST_ENTRY']],
+    'DueTime' : [ 0xa8, ['unsigned long long']],
+    'CoalescingWindow' : [ 0xb0, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x48, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x34, ['array', 2, ['_RTL_BITMAP']]],
+    'CrashDumpPte' : [ 0x44, ['pointer', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'OldIrql' : [ 0x4, ['unsigned char']],
+    'NewIrql' : [ 0x5, ['unsigned char']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'TickCount' : [ 0x8, ['unsigned long']],
+    'StackTrace' : [ 0xc, ['array', 5, ['pointer', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0xc, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x8, {
+    'OwnerThread' : [ 0x0, ['unsigned long']],
+    'IoPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Entry' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x8, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x4, {
+    'ImageFileName' : [ 0x0, ['pointer', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x1a8, {
+    'IdleStates' : [ 0x0, ['pointer', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x4, ['pointer', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x20, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x28, ['unsigned char']],
+    'PepWokenTransition' : [ 0x29, ['unsigned char']],
+    'HvTargetState' : [ 0x2a, ['unsigned char']],
+    'Reserved' : [ 0x2b, ['unsigned char']],
+    'TargetIdleState' : [ 0x2c, ['unsigned long']],
+    'IdlePolicy' : [ 0x30, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x38, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x40, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xcc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xd0, ['unsigned long']],
+    'WmiInterfaceEnabled' : [ 0xd4, ['long']],
+    'FFHThrottleStateInfo' : [ 0xd8, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0xf8, ['_KDPC']],
+    'PerfActionMask' : [ 0x118, ['long']],
+    'HvIdleCheck' : [ 0x120, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x130, ['pointer', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x134, ['pointer', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x138, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x13c, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x140, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x144, ['pointer', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x148, ['pointer', ['_PROC_PERF_HISTORY']]],
+    'ArchitecturalEfficiencyClass' : [ 0x14c, ['unsigned char']],
+    'PerformanceSchedulingClass' : [ 0x14d, ['unsigned char']],
+    'EfficiencySchedulingClass' : [ 0x14e, ['unsigned char']],
+    'GuaranteedPerformancePercent' : [ 0x14f, ['unsigned char']],
+    'Parked' : [ 0x150, ['unsigned char']],
+    'LongPriorQosPeriod' : [ 0x151, ['unsigned char']],
+    'LatestAffinitizedPercent' : [ 0x152, ['unsigned short']],
+    'LatestPerformancePercent' : [ 0x154, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x158, ['unsigned long']],
+    'RelativePerformance' : [ 0x15c, ['unsigned long']],
+    'Utility' : [ 0x160, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x164, ['unsigned long']],
+    'SnapTimeLast' : [ 0x168, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x168, ['unsigned long long']],
+    'ActiveTime' : [ 0x170, ['unsigned long long']],
+    'TotalTime' : [ 0x178, ['unsigned long long']],
+    'FxDevice' : [ 0x180, ['pointer', ['_POP_FX_DEVICE']]],
+    'LastQosTranstionTsc' : [ 0x188, ['unsigned long long']],
+    'QosTransitionHysteresis' : [ 0x190, ['unsigned long long']],
+    'RequestedQosClass' : [ 0x198, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'ResolvedQosClass' : [ 0x19c, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'QosEquivalencyMask' : [ 0x1a0, ['unsigned short']],
+    'HwFeedbackTableIndex' : [ 0x1a2, ['unsigned short']],
+    'HwFeedbackParkHint' : [ 0x1a4, ['unsigned char']],
+    'HwFeedbackPerformanceClass' : [ 0x1a5, ['unsigned char']],
+    'HwFeedbackEfficiencyClass' : [ 0x1a6, ['unsigned char']],
+    'HeteroCoreType' : [ 0x1a7, ['unsigned char']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x200, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'CloneHeaderCount' : [ 0x18, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x20, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x30, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x40, ['unsigned long']],
+    'AttemptForCantExtend' : [ 0x44, ['_MMPAGE_FILE_EXPANSION']],
+    'DereferenceSegmentHeader' : [ 0x78, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0xa4, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0xb0, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0xd8, ['unsigned char']],
+    'SegmentDereferenceThreadExists' : [ 0xd9, ['unsigned char']],
+    'SegmentDereferenceActiveControlArea' : [ 0xdc, ['pointer', ['void']]],
+    'UnusedSegmentPagedPool' : [ 0xe0, ['unsigned long']],
+    'UnusedSegmentList' : [ 0xe4, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0xec, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0xf4, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0xfc, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x10c, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0x110, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0x128, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x138, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0x140, ['_EX_PUSH_LOCK']],
+    'PagefileExtensionWaiters' : [ 0x144, ['unsigned long']],
+    'PagefileExtensionRequests' : [ 0x148, ['unsigned long']],
+    'PagefileExtensionWaitEvent' : [ 0x14c, ['_KEVENT']],
+    'SharedCharges' : [ 0x15c, ['array', 7, ['_MI_CROSS_PARTITION_CHARGES']]],
+    'SharedChargesDrainEvent' : [ 0x1cc, ['pointer', ['_KEVENT']]],
+    'ControlAreasDrainEvent' : [ 0x1d0, ['pointer', ['_KEVENT']]],
+    'CloneHeaderDrainEvent' : [ 0x1d4, ['pointer', ['_KEVENT']]],
+    'ProbeRundownReference' : [ 0x1d8, ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]],
+} ],
+  '_KiIoAccessMap' : [ 0x2024, {
+    'DirectionMap' : [ 0x0, ['array', 32, ['unsigned char']]],
+    'IoMap' : [ 0x20, ['array', 8196, ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_BUS_HANDLER' : [ 0x68, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ConfigurationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'Cmos', 1: u'EisaConfiguration', 2: u'Pos', 3: u'CbusConfiguration', 4: u'PCIConfiguration', 5: u'VMEConfiguration', 6: u'NuBusConfiguration', 7: u'PCMCIAConfiguration', 8: u'MPIConfiguration', 9: u'MPSAConfiguration', 10: u'PNPISAConfiguration', 11: u'SgiInternalConfiguration', 12: u'MaximumBusDataType', -1: u'ConfigurationSpaceUndefined'})]],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'ParentHandler' : [ 0x14, ['pointer', ['_BUS_HANDLER']]],
+    'BusData' : [ 0x18, ['pointer', ['void']]],
+    'DeviceControlExtensionSize' : [ 0x1c, ['unsigned long']],
+    'BusAddresses' : [ 0x20, ['pointer', ['_SUPPORTED_RANGES']]],
+    'Reserved' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GetBusData' : [ 0x34, ['pointer', ['void']]],
+    'SetBusData' : [ 0x38, ['pointer', ['void']]],
+    'AdjustResourceList' : [ 0x3c, ['pointer', ['void']]],
+    'AssignSlotResources' : [ 0x40, ['pointer', ['void']]],
+    'TranslateBusAddress' : [ 0x44, ['pointer', ['void']]],
+    'Spare1' : [ 0x48, ['pointer', ['void']]],
+    'Spare2' : [ 0x4c, ['pointer', ['void']]],
+    'Spare3' : [ 0x50, ['pointer', ['void']]],
+    'Spare4' : [ 0x54, ['pointer', ['void']]],
+    'Spare5' : [ 0x58, ['pointer', ['void']]],
+    'Spare6' : [ 0x5c, ['pointer', ['void']]],
+    'Spare7' : [ 0x60, ['pointer', ['void']]],
+    'Spare8' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x14, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x154, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'State' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x1c, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x3c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x50, ['_GUID']],
+    'NotificationQueue' : [ 0x60, ['_KQUEUE']],
+    'NotificationMutex' : [ 0x88, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0xa8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xb0, ['unsigned long']],
+    'NotificationRoutine' : [ 0xb4, ['pointer', ['void']]],
+    'Key' : [ 0xb8, ['pointer', ['void']]],
+    'ProtocolListHead' : [ 0xbc, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0xc4, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0xcc, ['_LIST_ENTRY']],
+    'Tm' : [ 0xd4, ['pointer', ['_KTM']]],
+    'Description' : [ 0xd8, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0xe0, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x140, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_DEVICE' : [ 0x290, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DevNode' : [ 0x1c, ['pointer', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x20, ['pointer', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x24, ['pointer', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x28, ['pointer', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x2c, ['pointer', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x30, ['pointer', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x38, ['pointer', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x3c, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0x60, ['pointer', ['void']]],
+    'AcpiLink' : [ 0x64, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0x6c, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0x74, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x8c, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0xa4, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0xc0, ['unsigned long']],
+    'IdleTimer' : [ 0xc8, ['_KTIMER']],
+    'IdleDpc' : [ 0xf0, ['_KDPC']],
+    'IdleTimeout' : [ 0x110, ['unsigned long long']],
+    'IdleStamp' : [ 0x118, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x120, ['array', 2, ['pointer', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x128, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x130, ['array', 2, ['pointer', ['void']]]],
+    'NextIrpCallerContext' : [ 0x138, ['array', 2, ['pointer', ['void']]]],
+    'IrpCompleteEvent' : [ 0x140, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x150, ['pointer', ['void']]],
+    'Accounting' : [ 0x158, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x230, ['unsigned long']],
+    'ComponentCount' : [ 0x234, ['unsigned long']],
+    'Components' : [ 0x238, ['pointer', ['pointer', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x23c, ['unsigned long']],
+    'Log' : [ 0x240, ['pointer', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x244, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x248, ['pointer', ['_DRIVER_OBJECT']]],
+    'DripsWatchdogContext' : [ 0x24c, ['_POP_FX_DRIPS_WATCHDOG_CONTEXT']],
+    'DirectedTimeout' : [ 0x260, ['unsigned long']],
+    'DirectedWorkOrder' : [ 0x264, ['_POP_FX_WORK_ORDER']],
+    'DirectedTransitionCallCount' : [ 0x280, ['long']],
+    'DirectedTransitionCompletionContext' : [ 0x284, ['pointer', ['void']]],
+    'FriendlyName' : [ 0x288, ['_UNICODE_STRING']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x40, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x8, ['short']],
+    'SpecialApcDisable' : [ 0xa, ['short']],
+    'CombinedApcDisable' : [ 0x8, ['unsigned long']],
+    'Irql' : [ 0xc, ['unsigned char']],
+    'StackTrace' : [ 0x10, ['array', 12, ['pointer', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x4, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'FEATURE_STATE_CHANGE_SUBSCRIPTION__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PrefetchSystemVmType' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'VaPrefetchReadBlock' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CollidedFlowThrough' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ForceCollisions' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InPageExpanded' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IssuedAtLowPriority' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FaultFromStore' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ClusteredPagePriority' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'MakeClusterValid' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PerformRelocations' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ZeroLastPage' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'UserFault' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StandbyProtectionNeeded' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PteChanged' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PageFileFault' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'PageFilePageHashActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoalescedIo' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VmLockNotNeeded' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Processors' : [ 0x4, ['unsigned long']],
+    'ActiveProcessors' : [ 0x8, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_RTL_HP_SUB_ALLOCATOR_CONFIGS' : [ 0x8, {
+    'LfhConfigs' : [ 0x0, ['_RTL_HP_LFH_CONFIG']],
+    'VsConfigs' : [ 0x4, ['_RTL_HP_VS_CONFIG']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0xc, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SepCachedHandlesEntryLowbox', 1: u'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x4, ['pointer', ['void']]],
+    'IsolationPrefix' : [ 0x4, ['_UNICODE_STRING']],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x8, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x4, ['unsigned long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0x80, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x38, ['pointer', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x3c, ['pointer', ['void']]],
+    'Lock' : [ 0x40, ['long']],
+} ],
+  '_FLOATING_SAVE_AREA' : [ 0x70, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+    'Spare0' : [ 0x6c, ['unsigned long']],
+} ],
+  '_LEAP_SECOND_DATA' : [ 0x10, {
+    'Enabled' : [ 0x0, ['unsigned char']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['array', 1, ['_LARGE_INTEGER']]],
+} ],
+  '__unnamed_2aa7' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2aa9' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2aa7']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x44, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x30, ['pointer', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x34, ['_LIST_ENTRY']],
+    'Specific' : [ 0x3c, ['__unnamed_2aa9']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0xc, {
+    'ChainLink' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'Context' : [ 0xc, ['pointer', ['void']]],
+    'CompletionState' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x14, ['unsigned long']],
+    'Status' : [ 0x18, ['long']],
+    'Information' : [ 0x1c, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0x20, ['long']],
+    'PnpDeviceCompletionQueueWatchdogLock' : [ 0x24, ['_FAST_MUTEX']],
+    'Watchdog' : [ 0x44, ['pointer', ['_PNP_WATCHDOG']]],
+} ],
+  '_ETW_STACK_TRACE_BLOCK' : [ 0x50, {
+    'RelatedTimestamp' : [ 0x0, ['_LARGE_INTEGER']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackWalkDpc' : [ 0xc, ['_KDPC']],
+    'ApcListHead' : [ 0x30, ['_SLIST_HEADER']],
+    'ApcEntry' : [ 0x38, ['pointer', ['_ETW_APC_ENTRY']]],
+    'ApcEntryCount' : [ 0x3c, ['unsigned long']],
+    'Flags' : [ 0x40, ['long']],
+    'ApcCount' : [ 0x44, ['long']],
+    'MaxApcCount' : [ 0x48, ['long']],
+} ],
+  '_EVENT_FILTER_LEVEL_KW' : [ 0x18, {
+    'MatchAnyKeyword' : [ 0x0, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x8, ['unsigned long long']],
+    'Level' : [ 0x10, ['unsigned char']],
+    'FilterIn' : [ 0x11, ['unsigned char']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_VERIFIER_POOL_HEADER' : [ 0x4, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer', ['_VI_POOL_ENTRY']]],
+} ],
+  '__unnamed_2ac8' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x34, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x4, ['_LIST_ENTRY']],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x10, ['unsigned long']],
+    'ActualExpansion' : [ 0x14, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'InProgress' : [ 0x28, ['long']],
+    'u1' : [ 0x2c, ['__unnamed_2ac8']],
+    'ActiveEntry' : [ 0x30, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x4, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0xa4, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x4, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x8, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x18, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'ServerSectionBase' : [ 0x24, ['pointer', ['void']]],
+    'PortContext' : [ 0x28, ['pointer', ['void']]],
+    'ClientThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x3c, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0x78, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0x80, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MappingProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0x8c, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0x8e, ['unsigned short']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'WaitEvent' : [ 0x94, ['_KEVENT']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_RTL_SRWLOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x100, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 62, ['pointer', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x10, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x4, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x8, ['pointer', ['unsigned long']]],
+    'Conflicts' : [ 0xc, ['pointer', ['pointer', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x160, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x10, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xb8, ['array', 21, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  'wil_details_StagingConfigWnfStateName' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x8, {
+    'Process' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'HandleCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x10, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MAP_REGISTER_ENTRY' : [ 0x8, {
+    'MapRegister' : [ 0x0, ['pointer', ['void']]],
+    'WriteToDevice' : [ 0x4, ['unsigned char']],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x50, {
+    'Context' : [ 0x0, ['pointer', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x44, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x4c, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x50, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceReasonUnknown', 1: u'RebalanceReasonRequirementsChanged', 2: u'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceFailureNone', 1: u'RebalanceFailureDisabled', 2: u'RebalanceFailureNoMemory', 3: u'RebalanceFailureQueryStopUnexpectedVeto', 4: u'RebalanceFailureNoRequirements', 5: u'RebalanceFailureNoCandidates', 6: u'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x1c, ['unsigned char']],
+    'TriggerRoot' : [ 0x20, ['pointer', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x24, ['unsigned char']],
+    'BeginTime' : [ 0x28, ['unsigned long long']],
+    'VetoNode' : [ 0x30, ['array', 2, ['pointer', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x38, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceQueryRebalanceSucceeded', 1: u'DeviceQueryStopFailed', 2: u'DeviceFailedGetNewResourceRequirement', 3: u'DeviceInUnexpectedState', 4: u'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x40, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  'wil_details_VariantProperties' : [ 0x4, {
+    'enabledState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'isVariant' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'queuedForReporting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'hasNotificationState' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'recordedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'variant' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 13, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HMAP_ENTRY' : [ 0xc, {
+    'BlockOffset' : [ 0x0, ['unsigned long']],
+    'PermanentBinAddress' : [ 0x4, ['unsigned long']],
+    'MemAlloc' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2b1e' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x110, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x34, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x38, ['pointer', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x40, ['unsigned long long']],
+    'SleepTime' : [ 0x48, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x50, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x60, ['array', 3, ['__unnamed_2b1e']]],
+    'WakeAlarmPaused' : [ 0xa8, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb0, ['unsigned long long']],
+    'DozeDeferralStartTime' : [ 0xb8, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc0, ['SYSTEM_POWER_CAPABILITIES']],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'Stamp' : [ 0x10, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_WNF_LOCK' : [ 0x4, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  '_RELATION_LIST' : [ 0x8, {
+    'DeviceObjectList' : [ 0x0, ['pointer', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x4, ['unsigned char']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x40, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x10, ['unsigned char']],
+    'ThreadPriorityStatic' : [ 0x11, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x14, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x28, ['long']],
+    'Gate' : [ 0x2c, ['_KGATE']],
+    'ThreadContext' : [ 0x3c, ['pointer', ['_MI_ZERO_THREAD_CONTEXT']]],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x10, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'StackLimit' : [ 0x4, ['unsigned long']],
+    'KernelStack' : [ 0x8, ['unsigned long']],
+    'InitialStack' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x24, {
+    'ComponentActive' : [ 0x0, ['pointer', ['void']]],
+    'ComponentIdle' : [ 0x4, ['pointer', ['void']]],
+    'ComponentIdleState' : [ 0x8, ['pointer', ['void']]],
+    'DevicePowerRequired' : [ 0xc, ['pointer', ['void']]],
+    'DevicePowerNotRequired' : [ 0x10, ['pointer', ['void']]],
+    'PowerControl' : [ 0x14, ['pointer', ['void']]],
+    'ComponentCriticalTransition' : [ 0x18, ['pointer', ['void']]],
+    'DripsWatchdogCallback' : [ 0x1c, ['pointer', ['void']]],
+    'DirectedPowerTransitionCallback' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x8, ['pointer', ['void']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'SharedWaiters' : [ 0x10, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x14, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 48, native_type='unsigned long long')]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_GIC' : [ 0x4, {
+    'LineNumber' : [ 0x0, ['unsigned long']],
+} ],
+  '_WAITING_IRP' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'CompletionRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'Information' : [ 0x18, ['unsigned long']],
+    'BreakAllRH' : [ 0x1c, ['unsigned char']],
+    'OplockBreakNotify' : [ 0x1d, ['unsigned char']],
+    'FileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler2' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x88, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x20, ['unsigned long long']],
+    'UnscaledTime' : [ 0x28, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x30, ['long long']],
+    'ScaledTime' : [ 0x38, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x48, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x50, ['unsigned long long']],
+    'UserTimeLast' : [ 0x58, ['unsigned long']],
+    'KernelTimeLast' : [ 0x5c, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x60, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x68, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x80, ['unsigned char']],
+    'CounterDiscardsIdleTime' : [ 0x81, ['unsigned char']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x320, {
+    'ContextFrame' : [ 0x0, ['_CONTEXT']],
+    'SpecialRegisters' : [ 0x2cc, ['_KSPECIAL_REGISTERS']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x28, {
+    'InstantaneousRead' : [ 0x0, ['pointer', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'DiscardIdleTime' : [ 0x22, ['unsigned char']],
+    'Scaling' : [ 0x23, ['unsigned char']],
+    'Context' : [ 0x24, ['unsigned long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x18, {
+    'Next' : [ 0x0, ['pointer', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'Hint' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x58, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x8, ['pointer', ['void']]],
+    'ProcessObject' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x10, ['pointer', ['void']]],
+    'RealtimeConnectContext' : [ 0x14, ['pointer', ['void']]],
+    'DisconnectEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x1c, ['pointer', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x20, ['pointer', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x24, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x28, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x2c, ['unsigned long']],
+    'LoggerId' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned char']],
+    'ShutDownRequested' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x34, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x40, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x44, ['unsigned long']],
+    'UserPagesReused' : [ 0x48, ['unsigned long']],
+    'EventsLostCount' : [ 0x4c, ['pointer', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x50, ['pointer', ['unsigned long']]],
+    'SiloState' : [ 0x54, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_PAE_PAGEINFO' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'PageFrameNumber' : [ 0x8, ['unsigned long']],
+    'EntriesInUse' : [ 0xc, ['unsigned long']],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  'wil_details_FeatureProperties' : [ 0x4, {
+    'enabledState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'isVariant' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'queuedForReporting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'hasNotificationState' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'usageCount' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 15, native_type='unsigned long')]],
+    'usageCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'reportedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'reportedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'reportedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'reportedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'recordedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'recordedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'recordedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'recordedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'opportunityCount' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 31, native_type='unsigned long')]],
+    'opportunityCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x138, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x28, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x30, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x38, ['unsigned long']],
+    'ClonedPageCount' : [ 0x40, ['unsigned long long']],
+    'CurrentMap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x4c, ['pointer', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x50, ['unsigned long']],
+    'LoaderMdl' : [ 0x54, ['pointer', ['_MDL']]],
+    'AllocatedMdl' : [ 0x58, ['pointer', ['_MDL']]],
+    'PagesOut' : [ 0x60, ['unsigned long long']],
+    'IoPages' : [ 0x68, ['pointer', ['void']]],
+    'IoPagesCount' : [ 0x6c, ['unsigned long']],
+    'CurrentMcb' : [ 0x70, ['pointer', ['void']]],
+    'DumpStack' : [ 0x74, ['pointer', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x78, ['pointer', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0x7c, ['unsigned long']],
+    'Status' : [ 0x80, ['long']],
+    'GraphicsProc' : [ 0x84, ['unsigned long']],
+    'MemoryImage' : [ 0x88, ['pointer', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0x8c, ['pointer', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0x90, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0x98, ['pointer', ['void']]],
+    'ResumeContext' : [ 0x9c, ['pointer', ['void']]],
+    'ResumeContextPages' : [ 0xa0, ['unsigned long']],
+    'ProcessorCount' : [ 0xa4, ['unsigned long']],
+    'ProcessorContext' : [ 0xa8, ['pointer', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0xac, ['pointer', ['unsigned char']]],
+    'ProdConsSize' : [ 0xb0, ['unsigned long']],
+    'MaxDataPages' : [ 0xb4, ['unsigned long']],
+    'ExtraBuffer' : [ 0xb8, ['pointer', ['void']]],
+    'ExtraBufferSize' : [ 0xbc, ['unsigned long']],
+    'ExtraMapVa' : [ 0xc0, ['pointer', ['void']]],
+    'BitlockerKeyPFN' : [ 0xc4, ['unsigned long']],
+    'IoInfo' : [ 0xc8, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x128, ['pointer', ['wchar']]],
+    'IoChecksumsSize' : [ 0x12c, ['unsigned long']],
+    'HardwareConfigurationSignature' : [ 0x130, ['unsigned long']],
+    'SecureBoot' : [ 0x134, ['unsigned char']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x4, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2ba2' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0x6c, {
+    'Parent' : [ 0x0, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x4, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0xc, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'Root' : [ 0x1c, ['pointer', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x20, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x24, ['__unnamed_2ba2']],
+    'ChildrenCount' : [ 0x28, ['long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'ParentStackTrace' : [ 0x4c, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x8, {
+    'p' : [ 0x0, ['pointer', ['void']]],
+    'RangeSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long']],
+    'TotalCommitLimitMaximum' : [ 0x4, ['unsigned long']],
+    'Popups' : [ 0x8, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x10, ['unsigned long']],
+    'HighCommitThreshold' : [ 0x14, ['unsigned long']],
+    'EventLock' : [ 0x18, ['unsigned long']],
+    'SystemCommitReserve' : [ 0x1c, ['unsigned long']],
+    'OverCommit' : [ 0x40, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x2c, {
+    'Sibling' : [ 0x0, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'CallerType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x8, ['unsigned long']],
+    'DevicePathOffset' : [ 0xc, ['unsigned long']],
+    'ReasonOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x38, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x2c, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x24, {
+    'InitiatingThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ThreadId' : [ 0x8, ['pointer', ['void']]],
+    'ProcessId' : [ 0xc, ['pointer', ['void']]],
+    'Code' : [ 0x10, ['unsigned long']],
+    'Parameter1' : [ 0x14, ['unsigned long']],
+    'Parameter2' : [ 0x18, ['unsigned long']],
+    'Parameter3' : [ 0x1c, ['unsigned long']],
+    'Parameter4' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x2c, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ProbeMode' : [ 0x8, ['unsigned char']],
+    'PagedPoolCharge' : [ 0xc, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x10, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x14, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x18, ['pointer', ['void']]],
+    'SecurityQos' : [ 0x1c, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x20, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x40f0, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x14, ['unsigned long']],
+    'ResourceAddressRange' : [ 0x18, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x2010, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x2014, ['unsigned long']],
+    'ThreadAddressRange' : [ 0x2018, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x4010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x4014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x4018, ['unsigned long']],
+    'NodesSearched' : [ 0x401c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x4020, ['unsigned long']],
+    'SequenceNumber' : [ 0x4024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x4028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x402c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x4030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x4034, ['unsigned long']],
+    'StackLimitHits' : [ 0x4038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x403c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x4040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x4044, ['unsigned long']],
+    'TotalReleases' : [ 0x4048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x404c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x4050, ['unsigned long']],
+    'Instigator' : [ 0x4054, ['pointer', ['void']]],
+    'NumberOfParticipants' : [ 0x4058, ['unsigned long']],
+    'Participant' : [ 0x405c, ['array', 32, ['pointer', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x40dc, ['long']],
+    'StackType' : [ 0x40e0, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'DebuggerStackLimits', 8: u'NmiStackLimits', 9: u'MachineCheckStackLimits', 10: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x40e4, ['unsigned long']],
+    'StackHighLimit' : [ 0x40e8, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x10, ['pointer', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x14, ['pointer', ['void']]],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x340, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long']],
+    'PageSize' : [ 0x14, ['unsigned long']],
+    'SystemTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x20, ['unsigned long long']],
+    'FeatureFlags' : [ 0x28, ['unsigned long long']],
+    'HiberFlags' : [ 0x30, ['unsigned char']],
+    'spare' : [ 0x31, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x34, ['unsigned long']],
+    'HiberVa' : [ 0x38, ['unsigned long']],
+    'NoFreePages' : [ 0x3c, ['unsigned long']],
+    'FreeMapCheck' : [ 0x40, ['unsigned long']],
+    'WakeCheck' : [ 0x44, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x48, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x50, ['unsigned long']],
+    'FirstKernelRestorePage' : [ 0x54, ['unsigned long']],
+    'FirstChecksumRestorePage' : [ 0x58, ['unsigned long']],
+    'NoChecksumEntries' : [ 0x60, ['unsigned long long']],
+    'PerfInfo' : [ 0x68, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x260, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x264, ['array', 1, ['unsigned long']]],
+    'SpareUlong' : [ 0x268, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x26c, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x270, ['array', 24, ['unsigned long']]],
+    'NotUsed' : [ 0x2d0, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x2d4, ['unsigned long']],
+    'ResumeContextPages' : [ 0x2d8, ['unsigned long']],
+    'Hiberboot' : [ 0x2dc, ['unsigned char']],
+    'SecureLaunched' : [ 0x2dd, ['unsigned char']],
+    'SecureBoot' : [ 0x2de, ['unsigned char']],
+    'HvCr3' : [ 0x2e0, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x2e8, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x2f0, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x2f8, ['unsigned long long']],
+    'BootFlags' : [ 0x300, ['unsigned long long']],
+    'RestoreProcessorStateRoutine' : [ 0x308, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x310, ['unsigned long']],
+    'BitlockerKeyPfns' : [ 0x314, ['array', 4, ['unsigned long']]],
+    'HardwareSignature' : [ 0x324, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x328, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x330, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x334, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x335, ['unsigned char']],
+    'HiberResumeXhciHandoffSkip' : [ 0x336, ['unsigned char']],
+    'InitializeUSBCore' : [ 0x337, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x338, ['unsigned char']],
+    'USBCoreId' : [ 0x339, ['unsigned char']],
+    'SkipMemoryMapValidation' : [ 0x33a, ['unsigned char']],
+} ],
+  'DEBUG_MEMORY_REQUIREMENTS' : [ 0x20, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'MaxEnd' : [ 0x8, ['_LARGE_INTEGER']],
+    'VirtualAddress' : [ 0x10, ['pointer', ['void']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Cached' : [ 0x18, ['unsigned char']],
+    'Aligned' : [ 0x19, ['unsigned char']],
+} ],
+  'DEBUG_DEVICE_ADDRESS' : [ 0xc, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Valid' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 2, ['unsigned char']]],
+    'BitWidth' : [ 0x2, ['unsigned char']],
+    'AccessSize' : [ 0x3, ['unsigned char']],
+    'TranslatedAddress' : [ 0x4, ['pointer', ['unsigned char']]],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x10, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x20, ['pointer', ['_KDPC']]],
+    'Period' : [ 0x24, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x4, {
+    'PageHashes' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x8, ['unsigned long']],
+    'Alternatives' : [ 0xc, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'WorkSpace' : [ 0x1c, ['long']],
+    'InterfaceType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x24, ['unsigned long']],
+    'BusNumber' : [ 0x28, ['unsigned long']],
+    'Assignment' : [ 0x2c, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x30, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x38, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x4, ['long']],
+    'PrefetchSeekThreshold' : [ 0x8, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x24, ['unsigned long']],
+    'DelayPageFaults' : [ 0x28, ['long']],
+    'FileCompressionBoundary' : [ 0x2c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x30, ['unsigned char']],
+} ],
+  '__unnamed_2bfe' : [ 0x4, {
+    'EntryBecameEmpty' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'AllFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_SLAB_ALLOCATOR_CONTEXT' : [ 0x30, {
+    'AllocationsTree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x8, ['long']],
+    'SlabEntryHint' : [ 0xc, ['pointer', ['_MI_SLAB_ALLOCATOR_ENTRY']]],
+    'FreePageCount' : [ 0x10, ['unsigned long']],
+    'SlabEntryCount' : [ 0x14, ['unsigned long']],
+    'Protection' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'MiSlabAllocatorProtectionReadExecute', 1: u'MiSlabAllocatorProtectionReadOnly', 2: u'MiSlabAllocatorProtectionNoAccess', 3: u'MiSlabAllocatorProtectionMax'})]],
+    'Flags' : [ 0x1c, ['__unnamed_2bfe']],
+    'LastReplenishTime' : [ 0x20, ['unsigned long long']],
+    'LastFailureTime' : [ 0x28, ['unsigned long long']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x48, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long']],
+    'PfnDecayFreeSList' : [ 0x8, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x10, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x14, ['_KDPC']],
+    'PageHeatListSlist' : [ 0x38, ['_SLIST_HEADER']],
+    'PageHeatListDisableAllocation' : [ 0x40, ['long']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x4, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x128, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x104, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x124, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x8, ['pointer', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x10, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_PCI' : [ 0x10, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'PciSegmentNumber' : [ 0x0, ['unsigned short']],
+    'PhantomFunctionBits' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned short')]],
+    'BusRange' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DevicePathLength' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'StartBusNumber' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Bdf' : [ 0x4, ['unsigned short']],
+    'SubordinateBus' : [ 0x4, ['unsigned char']],
+    'SecondaryBus' : [ 0x5, ['unsigned char']],
+    'DevicePath' : [ 0x8, ['pointer', ['wchar']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x1c, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'InitialInPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x8, ['pointer', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0xc, ['unsigned long']],
+    'Node' : [ 0x10, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x18, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ZeroPageHashValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0x50, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Type' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_PTE_TRACKER' : [ 0x44, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'Count' : [ 0xc, ['unsigned long']],
+    'SystemVa' : [ 0x10, ['pointer', ['void']]],
+    'StartVa' : [ 0x14, ['pointer', ['void']]],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'IoMapping' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x24, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x24, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x24, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x24, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x28, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x18, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Next' : [ 0x14, ['pointer', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0xc, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0xa8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'MinimumSize' : [ 0x8, ['unsigned long']],
+    'FreeSpace' : [ 0xc, ['unsigned long']],
+    'PeakUsage' : [ 0x10, ['unsigned long']],
+    'HighestPage' : [ 0x14, ['unsigned long']],
+    'FreeReservationSpace' : [ 0x18, ['unsigned long']],
+    'File' : [ 0x1c, ['pointer', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x20, ['array', 2, ['pointer', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x28, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x30, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x38, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x3c, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x40, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x44, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x48, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x4c, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x50, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x54, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0x5c, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0x64, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0x6c, ['pointer', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0x70, ['unsigned long']],
+    'HybridPriority' : [ 0x70, ['unsigned long']],
+    'PageFileNumber' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'Spare0' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x76, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x76, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0x77, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0x77, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0x78, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0x7c, ['unsigned long']],
+    'PageHash' : [ 0x80, ['pointer', ['unsigned long']]],
+    'FileHandle' : [ 0x84, ['pointer', ['void']]],
+    'Lock' : [ 0x88, ['unsigned long']],
+    'LockOwner' : [ 0x8c, ['pointer', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0x90, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x94, ['pointer', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x98, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x88, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x8, ['array', 32, ['unsigned long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x1c, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x10, ['long']],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'WatchdogTimerInfo' : [ 0x18, ['pointer', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x10, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x14, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x4, ['_RTL_AVL_TREE']],
+    'ActiveZeroSpinLock' : [ 0x8, ['long']],
+    'ActiveZeroThreadTree' : [ 0xc, ['_RTL_AVL_TREE']],
+    'NumberOfLargePageListHeads' : [ 0x10, ['unsigned long']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x28, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x18, ['unsigned long']],
+    'ModuleSize' : [ 0x1c, ['unsigned long']],
+    'Offset' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_2c5c' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2c5e' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2c5c']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2c5e']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x204, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'HashTable' : [ 0x4, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x8, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x4, ['pointer', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'LowboxMap' : [ 0xc, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x60, {
+    'DumpMdl' : [ 0x0, ['pointer', ['_MDL']]],
+    'IoStatus' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x8, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x10, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x18, ['unsigned long long']],
+    'RequestSize' : [ 0x20, ['unsigned long long']],
+    'IoLocation' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x30, ['unsigned long long']],
+    'Buffer' : [ 0x38, ['pointer', ['void']]],
+    'AsyncCapable' : [ 0x3c, ['unsigned char']],
+    'BytesToRead' : [ 0x40, ['unsigned long long']],
+    'Pages' : [ 0x48, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x50, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x58, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x38, {
+    'SidHash' : [ 0x0, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x8, ['pointer', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0xc, ['_LUID']],
+    'TokenType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x1c, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'AppContainerNumber' : [ 0x24, ['unsigned long']],
+    'PackageSid' : [ 0x28, ['pointer', ['void']]],
+    'CapabilitiesHash' : [ 0x2c, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x30, ['pointer', ['void']]],
+    'SecurityAttributes' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x4, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 28, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x0, ['long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x1c, {
+    'SourceProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x4, ['pointer', ['void']]],
+    'Object' : [ 0x8, ['pointer', ['void']]],
+    'TargetAccess' : [ 0xc, ['unsigned long']],
+    'ObjectInfo' : [ 0x10, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x10, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0xc, ['pointer', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x14, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x8, ['pointer', ['void']]],
+    'Key' : [ 0xc, ['unsigned long']],
+    'BindingProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_DMA_IOMMU_INTERFACE' : [ 0x38, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'CreateDomain' : [ 0x4, ['pointer', ['void']]],
+    'DeleteDomain' : [ 0x8, ['pointer', ['void']]],
+    'AttachDevice' : [ 0xc, ['pointer', ['void']]],
+    'DetachDevice' : [ 0x10, ['pointer', ['void']]],
+    'FlushDomain' : [ 0x14, ['pointer', ['void']]],
+    'FlushDomainByVaList' : [ 0x18, ['pointer', ['void']]],
+    'QueryInputMappings' : [ 0x1c, ['pointer', ['void']]],
+    'MapLogicalRange' : [ 0x20, ['pointer', ['void']]],
+    'UnmapLogicalRange' : [ 0x24, ['pointer', ['void']]],
+    'MapIdentityRange' : [ 0x28, ['pointer', ['void']]],
+    'UnmapIdentityRange' : [ 0x2c, ['pointer', ['void']]],
+    'SetDeviceFaultReporting' : [ 0x30, ['pointer', ['void']]],
+    'ConfigureDomain' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x10, {
+    'Va' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'Pattern' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0x8, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0x8, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2cc9' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_2cc9']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_IMAGE_SWITCHTABLE_BRANCH_DYNAMIC_RELOCATION' : [ 0x2, {
+    'PageRelativeOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'RegisterNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_HEAP_LOOKASIDE' : [ 0x30, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x1c, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x20, ['unsigned long']],
+    'Counters' : [ 0x24, ['array', 2, ['unsigned long']]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x4, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_CMSI_PROCESS_TUPLE' : [ 0x8, {
+    'ProcessHandle' : [ 0x0, ['pointer', ['void']]],
+    'ProcessReference' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HEAP_FAILURE_INFORMATION' : [ 0x3d0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'StructureSize' : [ 0x4, ['unsigned long']],
+    'FailureType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'heap_failure_internal', 1: u'heap_failure_unknown', 2: u'heap_failure_generic', 3: u'heap_failure_entry_corruption', 4: u'heap_failure_multiple_entries_corruption', 5: u'heap_failure_virtual_block_corruption', 6: u'heap_failure_buffer_overrun', 7: u'heap_failure_buffer_underrun', 8: u'heap_failure_block_not_busy', 9: u'heap_failure_invalid_argument', 10: u'heap_failure_invalid_allocation_type', 11: u'heap_failure_usage_after_free', 12: u'heap_failure_cross_heap_operation', 13: u'heap_failure_freelists_corruption', 14: u'heap_failure_listentry_corruption', 15: u'heap_failure_lfh_bitmap_mismatch', 16: u'heap_failure_segment_lfh_bitmap_corruption', 17: u'heap_failure_segment_lfh_double_free', 18: u'heap_failure_vs_subsegment_corruption', 19: u'heap_failure_null_heap', 20: u'heap_failure_allocation_limit', 21: u'heap_failure_commit_limit'})]],
+    'HeapAddress' : [ 0xc, ['pointer', ['void']]],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Param1' : [ 0x14, ['pointer', ['void']]],
+    'Param2' : [ 0x18, ['pointer', ['void']]],
+    'Param3' : [ 0x1c, ['pointer', ['void']]],
+    'PreviousBlock' : [ 0x20, ['pointer', ['void']]],
+    'NextBlock' : [ 0x24, ['pointer', ['void']]],
+    'ExpectedDecodedEntry' : [ 0x28, ['_FAKE_HEAP_ENTRY']],
+    'StackTrace' : [ 0x30, ['array', 32, ['pointer', ['void']]]],
+    'HeapMajorVersion' : [ 0xb0, ['unsigned char']],
+    'HeapMinorVersion' : [ 0xb1, ['unsigned char']],
+    'ExceptionRecord' : [ 0xb4, ['_EXCEPTION_RECORD']],
+    'ContextRecord' : [ 0x104, ['_CONTEXT']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_KTM' : [ 0x238, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x4, ['_KMUTANT']],
+    'State' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x28, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x3c, ['_GUID']],
+    'Flags' : [ 0x4c, ['unsigned long']],
+    'VolatileFlags' : [ 0x50, ['unsigned long']],
+    'LogFileName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x5c, ['pointer', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0x60, ['pointer', ['void']]],
+    'LogManagementContext' : [ 0x64, ['pointer', ['void']]],
+    'Transactions' : [ 0x68, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0xc8, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x128, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x148, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x150, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x158, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x178, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x180, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x188, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x190, ['pointer', ['void']]],
+    'TmRm' : [ 0x194, ['pointer', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x198, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x1b8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x1c0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x1d0, ['_ERESOURCE']],
+    'LogFlags' : [ 0x208, ['unsigned long']],
+    'LogFullStatus' : [ 0x20c, ['long']],
+    'RecoveryStatus' : [ 0x210, ['long']],
+    'LastCheckBaseLsn' : [ 0x218, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x220, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x228, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x8, {
+    'CurrentIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'PendingIrpList' : [ 0x4, ['pointer', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x2c, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x8, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x14, ['pointer', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x18, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x18, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0xa8, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x34, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'PackagedBinary' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x34, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x34, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x34, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x34, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x34, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x34, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x34, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x34, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x34, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x34, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x34, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x34, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x34, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x34, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x34, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x34, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x34, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ChpeImage' : [ 0x34, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x34, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x34, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x34, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x38, ['unsigned short']],
+    'TlsIndex' : [ 0x3a, ['unsigned short']],
+    'HashLinks' : [ 0x3c, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x48, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x4c, ['pointer', ['void']]],
+    'DdagNode' : [ 0x50, ['pointer', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0x54, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0x5c, ['pointer', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0x60, ['pointer', ['void']]],
+    'SwitchBackContext' : [ 0x64, ['pointer', ['void']]],
+    'BaseAddressIndexNode' : [ 0x68, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0x74, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0x80, ['unsigned long']],
+    'LoadTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x90, ['unsigned long']],
+    'LoadReason' : [ 0x94, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', 7: u'LoadReasonEnclavePrimary', 8: u'LoadReasonEnclaveDependency', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x98, ['unsigned long']],
+    'ReferenceCount' : [ 0x9c, ['unsigned long']],
+    'DependentLoadFlags' : [ 0xa0, ['unsigned long']],
+    'SigningLevel' : [ 0xa4, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2d06' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2d08' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_2d0a' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_2d06']],
+    'e2' : [ 0x0, ['__unnamed_2d08']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_2d0a']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'DueTickCount' : [ 0xc, ['unsigned long']],
+    'Inserted' : [ 0x10, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x11, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x12, ['unsigned short']],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x1d0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x34, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0x68, ['unsigned long']],
+    'NumberOfMappedMdlsInUse' : [ 0x6c, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0x70, ['unsigned long']],
+    'MappedFileHeader' : [ 0x74, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0x8c, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0x8d, ['unsigned char']],
+    'ModwriterActive' : [ 0x8e, ['unsigned char']],
+    'TransitionInserted' : [ 0x8f, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0x90, ['long']],
+    'LastMappedWriteError' : [ 0x94, ['long']],
+    'MappedFileWriteSucceeded' : [ 0x98, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0x9c, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xa0, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0xa4, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0xb4, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0xb8, ['unsigned long']],
+    'ModifiedPageWriterEvent' : [ 0xbc, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0xcc, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0xdc, ['long']],
+    'WriteAllMappedPages' : [ 0xe0, ['long']],
+    'MappedPageWriterEvent' : [ 0xe4, ['_KEVENT']],
+    'ModWriteData' : [ 0xf8, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x128, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x138, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x150, ['pointer', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x154, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x158, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x168, ['unsigned long']],
+    'ClusterRestrictionLock' : [ 0x16c, ['long']],
+    'ClusterRestrictions' : [ 0x170, ['array', 2, ['_MI_RESTRICTED_MODWRITES']]],
+    'NotifyStoreMemoryConditions' : [ 0x178, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x188, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x18c, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x190, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x194, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x1a8, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x1b0, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x1c0, ['long']],
+    'WorkingSetSwapLock' : [ 0x1c4, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x1c8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x4, ['long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x10, ['pointer', ['void']]],
+    'WhichOrderedElement' : [ 0x14, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x18, ['unsigned long']],
+    'DepthOfTree' : [ 0x1c, ['unsigned long']],
+    'RestartKey' : [ 0x20, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x24, ['unsigned long']],
+    'CompareRoutine' : [ 0x28, ['pointer', ['void']]],
+    'AllocateRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'FreeRoutine' : [ 0x30, ['pointer', ['void']]],
+    'TableContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_HAL_INTEL_ENLIGHTENMENT_INFORMATION' : [ 0xf8, {
+    'Enlightenments' : [ 0x0, ['unsigned long']],
+    'HypervisorConnected' : [ 0x4, ['unsigned long']],
+    'EndOfInterrupt' : [ 0x8, ['pointer', ['void']]],
+    'ApicWriteIcr' : [ 0xc, ['pointer', ['void']]],
+    'Reserved0' : [ 0x10, ['unsigned long']],
+    'SpinCountMask' : [ 0x14, ['unsigned long']],
+    'LongSpinWait' : [ 0x18, ['pointer', ['void']]],
+    'GetReferenceTime' : [ 0x1c, ['pointer', ['void']]],
+    'SetSystemSleepProperty' : [ 0x20, ['pointer', ['void']]],
+    'EnterSleepState' : [ 0x24, ['pointer', ['void']]],
+    'NotifyDebugDeviceAvailable' : [ 0x28, ['pointer', ['void']]],
+    'MapDeviceInterrupt' : [ 0x2c, ['pointer', ['void']]],
+    'UnmapDeviceInterrupt' : [ 0x30, ['pointer', ['void']]],
+    'RetargetDeviceInterrupt' : [ 0x34, ['pointer', ['void']]],
+    'SetHpetConfig' : [ 0x38, ['pointer', ['void']]],
+    'NotifyHpetEnabled' : [ 0x3c, ['pointer', ['void']]],
+    'QueryAssociatedProcessors' : [ 0x40, ['pointer', ['void']]],
+    'ReadMultipleMsr' : [ 0x44, ['pointer', ['void']]],
+    'WriteMultipleMsr' : [ 0x48, ['pointer', ['void']]],
+    'ReadCpuid' : [ 0x4c, ['pointer', ['void']]],
+    'LpWritebackInvalidate' : [ 0x50, ['pointer', ['void']]],
+    'GetMachineCheckContext' : [ 0x54, ['pointer', ['void']]],
+    'SuspendPartition' : [ 0x58, ['pointer', ['void']]],
+    'ResumePartition' : [ 0x5c, ['pointer', ['void']]],
+    'SetSystemMachineCheckProperty' : [ 0x60, ['pointer', ['void']]],
+    'WheaErrorNotification' : [ 0x64, ['pointer', ['void']]],
+    'GetProcessorIndexFromVpIndex' : [ 0x68, ['pointer', ['void']]],
+    'SyntheticClusterIpi' : [ 0x6c, ['pointer', ['void']]],
+    'VpStartEnabled' : [ 0x70, ['pointer', ['void']]],
+    'StartVirtualProcessor' : [ 0x74, ['pointer', ['void']]],
+    'GetVpIndexFromApicId' : [ 0x78, ['pointer', ['void']]],
+    'IumAccessPciDevice' : [ 0x7c, ['pointer', ['void']]],
+    'IumEfiRuntimeService' : [ 0x80, ['pointer', ['void']]],
+    'SvmGetSystemCapabilities' : [ 0x84, ['pointer', ['void']]],
+    'SvmGetDeviceCapabilities' : [ 0x88, ['pointer', ['void']]],
+    'SvmCreatePasidSpace' : [ 0x8c, ['pointer', ['void']]],
+    'SvmSetPasidAddressSpace' : [ 0x90, ['pointer', ['void']]],
+    'SvmFlushPasid' : [ 0x94, ['pointer', ['void']]],
+    'SvmAttachPasidSpace' : [ 0x98, ['pointer', ['void']]],
+    'SvmDetachPasidSpace' : [ 0x9c, ['pointer', ['void']]],
+    'SvmEnablePasid' : [ 0xa0, ['pointer', ['void']]],
+    'SvmDisablePasid' : [ 0xa4, ['pointer', ['void']]],
+    'SvmAcknowledgePageRequest' : [ 0xa8, ['pointer', ['void']]],
+    'SvmCreatePrQueue' : [ 0xac, ['pointer', ['void']]],
+    'SvmDeletePrQueue' : [ 0xb0, ['pointer', ['void']]],
+    'SvmClearPrqStalled' : [ 0xb4, ['pointer', ['void']]],
+    'SvmSetDeviceEnabled' : [ 0xb8, ['pointer', ['void']]],
+    'HvDebuggerPowerHandler' : [ 0xbc, ['pointer', ['void']]],
+    'SetQpcBias' : [ 0xc0, ['pointer', ['void']]],
+    'GetQpcBias' : [ 0xc4, ['pointer', ['void']]],
+    'RegisterDeviceId' : [ 0xc8, ['pointer', ['void']]],
+    'UnregisterDeviceId' : [ 0xcc, ['pointer', ['void']]],
+    'AllocateDeviceDomain' : [ 0xd0, ['pointer', ['void']]],
+    'AttachDeviceDomain' : [ 0xd4, ['pointer', ['void']]],
+    'DetachDeviceDomain' : [ 0xd8, ['pointer', ['void']]],
+    'DeleteDeviceDomain' : [ 0xdc, ['pointer', ['void']]],
+    'MapDeviceLogicalRange' : [ 0xe0, ['pointer', ['void']]],
+    'UnmapDeviceLogicalRange' : [ 0xe4, ['pointer', ['void']]],
+    'MapDeviceSparsePages' : [ 0xe8, ['pointer', ['void']]],
+    'UnmapDeviceSparsePages' : [ 0xec, ['pointer', ['void']]],
+    'GetDmaGuardEnabled' : [ 0xf0, ['pointer', ['void']]],
+    'UpdateMicrocode' : [ 0xf4, ['pointer', ['void']]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x4, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x8, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+    'ContentionCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x1c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x1e, ['unsigned short']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0xd8, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['unsigned char']],
+    'DripsRequiredState' : [ 0x8, ['unsigned long']],
+    'Level' : [ 0xc, ['long']],
+    'ActiveStamp' : [ 0x10, ['long long']],
+    'CsActiveTimeAccounting' : [ 0x18, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+    'CsCriticalActiveTimeAccounting' : [ 0x78, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_RETPOLINE_BINARY_INFO' : [ 0x18, {
+    'RetpolineStubsStartRva' : [ 0x0, ['long']],
+    'CfgDispatchFunctionPtrRva' : [ 0x4, ['unsigned long']],
+    'IATRva' : [ 0x8, ['unsigned long']],
+    'ImportRvas' : [ 0xc, ['pointer', ['long']]],
+    'IAT' : [ 0x10, ['pointer', ['unsigned long']]],
+    'ImageBase' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_DOMAIN_CONFIGURATION' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DomainConfigurationArm64', 1: u'DomainConfigurationInvalid'})]],
+    'Arm64' : [ 0x8, ['_DOMAIN_CONFIGURATION_ARM64']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x3c, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x30, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MI_FREE_LARGE_PAGE_LIST' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x170, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x14, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x30, ['pointer', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x34, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x3c, ['long']],
+    'ActiveEvent' : [ 0x40, ['_KEVENT']],
+    'IdleLock' : [ 0x50, ['unsigned long']],
+    'IdleConditionComplete' : [ 0x54, ['long']],
+    'IdleStateComplete' : [ 0x58, ['long']],
+    'IdleStamp' : [ 0x60, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x68, ['unsigned long']],
+    'IdleStateCount' : [ 0x6c, ['unsigned long']],
+    'IdleStates' : [ 0x70, ['pointer', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0x74, ['unsigned long']],
+    'ProviderCount' : [ 0x78, ['unsigned long']],
+    'Providers' : [ 0x7c, ['pointer', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0x80, ['unsigned long']],
+    'DependentCount' : [ 0x84, ['unsigned long']],
+    'Dependents' : [ 0x88, ['pointer', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0x90, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0x168, ['pointer', ['_POP_FX_PERF_INFO']]],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 8, ['_M128A']]],
+    'Reserved4' : [ 0x120, ['array', 224, ['unsigned char']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Reserved2' : [ 0x14, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer', ['void']]],
+    'Reserved3' : [ 0x1c, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x18, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '__unnamed_2df6' : [ 0xc, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Arm' : [ 0x0, ['_ARM_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0xc8, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OsLoaderSecurityVersion' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'EarlyLaunchListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'CoreDriverListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'CoreExtensionsDriverListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'TpmCoreDriverListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x48, ['unsigned long']],
+    'Prcb' : [ 0x4c, ['unsigned long']],
+    'Process' : [ 0x50, ['unsigned long']],
+    'Thread' : [ 0x54, ['unsigned long']],
+    'KernelStackSize' : [ 0x58, ['unsigned long']],
+    'RegistryLength' : [ 0x5c, ['unsigned long']],
+    'RegistryBase' : [ 0x60, ['pointer', ['void']]],
+    'ConfigurationRoot' : [ 0x64, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0x68, ['pointer', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0x6c, ['pointer', ['unsigned char']]],
+    'NtBootPathName' : [ 0x70, ['pointer', ['unsigned char']]],
+    'NtHalPathName' : [ 0x74, ['pointer', ['unsigned char']]],
+    'LoadOptions' : [ 0x78, ['pointer', ['unsigned char']]],
+    'NlsData' : [ 0x7c, ['pointer', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0x80, ['pointer', ['_ARC_DISK_INFORMATION']]],
+    'Extension' : [ 0x84, ['pointer', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0x88, ['__unnamed_2df6']],
+    'FirmwareInformation' : [ 0x94, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+    'OsBootstatPathName' : [ 0xbc, ['pointer', ['unsigned char']]],
+    'ArcOSDataDeviceName' : [ 0xc0, ['pointer', ['unsigned char']]],
+    'ArcWindowsSysPartName' : [ 0xc4, ['pointer', ['unsigned char']]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x8, {
+    'Stream' : [ 0x0, ['pointer', ['void']]],
+    'Detail' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2dfe' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_2dfe']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x8, ['unsigned char']],
+    'Disowned' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0xa, ['unsigned char']],
+    'IsWaiting' : [ 0xb, ['unsigned char']],
+    'LockAddress' : [ 0xc, ['pointer', ['void']]],
+    'ThreadAddress' : [ 0x10, ['pointer', ['void']]],
+    'SublistHead' : [ 0x14, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0x4f0, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolSListMaximum' : [ 0x4, ['array', 3, ['unsigned long']]],
+    'AllocatedNonPagedPool' : [ 0x10, ['unsigned long']],
+    'BadPoolHead' : [ 0x14, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x18, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x1c, ['unsigned char']],
+    'PoolFailures' : [ 0x20, ['array', 3, ['array', 3, ['unsigned long']]]],
+    'PoolFailureReasons' : [ 0x44, ['_MI_POOL_FAILURE_REASONS']],
+    'LowPagedPoolThreshold' : [ 0x70, ['unsigned long']],
+    'HighPagedPoolThreshold' : [ 0x74, ['unsigned long']],
+    'SpecialPoolPdesMax' : [ 0x78, ['long']],
+    'NonPagedPoolNodes' : [ 0x7c, ['array', 1024, ['unsigned char']]],
+    'PagedPoolSListMaximum' : [ 0x47c, ['unsigned long']],
+    'PreemptiveTrims' : [ 0x480, ['array', 4, ['unsigned long']]],
+    'SpecialPagesInUsePeak' : [ 0x490, ['unsigned long']],
+    'SpecialPoolRejected' : [ 0x494, ['array', 6, ['unsigned long']]],
+    'SpecialPagesNonPaged' : [ 0x4ac, ['unsigned long']],
+    'SpecialPoolPdes' : [ 0x4b0, ['long']],
+    'SessionSpecialPoolPdesMax' : [ 0x4b4, ['unsigned long']],
+    'PermittedFaultsLock' : [ 0x4b8, ['long']],
+    'PermittedFaultsTree' : [ 0x4bc, ['_RTL_AVL_TREE']],
+    'PermittedFaultsInitialNode' : [ 0x4c0, ['array', 2, ['_MI_ACCESS_VIOLATION_RANGE']]],
+    'TotalPagedPoolQuota' : [ 0x4e8, ['unsigned long']],
+    'TotalNonPagedPoolQuota' : [ 0x4ec, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x30, {
+    'TransferAddress' : [ 0x0, ['pointer', ['void']]],
+    'ZeroBits' : [ 0x4, ['unsigned long']],
+    'MaximumStackSize' : [ 0x8, ['unsigned long']],
+    'CommittedStackSize' : [ 0xc, ['unsigned long']],
+    'SubSystemType' : [ 0x10, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x14, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x16, ['unsigned short']],
+    'SubSystemVersion' : [ 0x14, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x18, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x1a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x18, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x1c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x1e, ['unsigned short']],
+    'Machine' : [ 0x20, ['unsigned short']],
+    'ImageContainsCode' : [ 0x22, ['unsigned char']],
+    'ImageFlags' : [ 0x23, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x23, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x23, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x23, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x23, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x23, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x23, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x23, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x24, ['unsigned long']],
+    'ImageFileSize' : [ 0x28, ['unsigned long']],
+    'CheckSum' : [ 0x2c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x1c, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'ConnectLock' : [ 0x4, ['_KEVENT']],
+    'LineMasked' : [ 0x14, ['unsigned char']],
+    'InterruptList' : [ 0x18, ['pointer', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0xc, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x4, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '__unnamed_2e16' : [ 0x4, {
+    'PageAlignLargeAllocs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_RTL_HP_VS_CONFIG' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_2e16']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x4, ['pointer', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0x180, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaLastRangeIndex' : [ 0x4, ['unsigned long']],
+    'NumaTableCaptured' : [ 0x8, ['unsigned char']],
+    'NodeShift' : [ 0x9, ['unsigned char']],
+    'ChannelShift' : [ 0xa, ['unsigned char']],
+    'NodeGraph' : [ 0xc, ['pointer', ['wchar']]],
+    'SystemNodeInformation' : [ 0x10, ['pointer', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'NumaMemoryRanges' : [ 0x14, ['pointer', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x18, ['pointer', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'SecondLevelCacheSize' : [ 0x1c, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x20, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x24, ['unsigned long']],
+    'ProcessorCachesFlushedOnPowerLoss' : [ 0x28, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x2c, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x30, ['unsigned long']],
+    'SecondaryColors' : [ 0x34, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x38, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x3c, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x40, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x44, ['unsigned long']],
+    'InvalidPteMask' : [ 0x80, ['unsigned long long']],
+    'LargePageColors' : [ 0xc0, ['array', 2, ['unsigned long']]],
+    'FlushTbThreshold' : [ 0xc8, ['unsigned long']],
+    'OptimalZeroingAttribute' : [ 0xcc, ['array', 4, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'MiNonCached', 1: u'MiCached', 2: u'MiWriteCombined', 3: u'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0x10c, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x110, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'HighestPossiblePhysicalPage' : [ 0x130, ['unsigned long']],
+    'VsmKernelPageCount' : [ 0x134, ['unsigned long']],
+    'EnclaveRegions' : [ 0x138, ['_RTL_AVL_TREE']],
+    'EnclaveMetadataPage' : [ 0x13c, ['pointer', ['void']]],
+    'EnclaveMetadataBitMap' : [ 0x140, ['pointer', ['_RTL_BITMAP']]],
+    'EnclaveMetadataEntryLock' : [ 0x144, ['_EX_PUSH_LOCK']],
+    'EnclaveMetadataPageLock' : [ 0x148, ['long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x18, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0xc, ['unsigned char']],
+    'BlocksDrips' : [ 0xd, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x10, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x14, ['pointer', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_EX_PARTITION' : [ 0x10, {
+    'PartitionObject' : [ 0x0, ['pointer', ['_EPARTITION']]],
+    'WorkQueues' : [ 0x4, ['pointer', ['pointer', ['pointer', ['_EX_WORK_QUEUE']]]]],
+    'WorkQueueManagers' : [ 0x8, ['pointer', ['pointer', ['_EX_WORK_QUEUE_MANAGER']]]],
+    'QueueAllocationMask' : [ 0xc, ['long']],
+} ],
+  '__unnamed_2e36' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2e36']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x8c, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x80, ['unsigned long']],
+    'NumberOfEntries' : [ 0x84, ['unsigned long']],
+    'NumberOfEntriesPeak' : [ 0x88, ['unsigned long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xb0, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x28, ['unsigned long']],
+    'ProbeRaises' : [ 0x2c, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x70, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x78, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x7c, ['unsigned long']],
+    'CheckZeroCount' : [ 0x80, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x84, ['long']],
+    'BadPagesDetected' : [ 0x88, ['long']],
+    'ScrubPasses' : [ 0x8c, ['long']],
+    'ScrubBadPagesFound' : [ 0x90, ['long']],
+    'UserViewFailures' : [ 0x94, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0x98, ['unsigned long']],
+    'UserAllocateFailures' : [ 0x9c, ['unsigned long']],
+    'UserAllocateCollisionFailures' : [ 0xa0, ['unsigned long']],
+    'ResavailFailures' : [ 0xa4, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xac, ['unsigned char']],
+    'InitFailure' : [ 0xad, ['unsigned char']],
+    'StopBadMaps' : [ 0xae, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x1d0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x8, ['pointer', ['_KPRCB']]],
+    'Members' : [ 0xc, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0x18, ['unsigned long']],
+    'ProcessorCount' : [ 0x1c, ['unsigned long']],
+    'EfficiencyClass' : [ 0x20, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0x21, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0x22, ['unsigned char']],
+    'Spare' : [ 0x23, ['unsigned char']],
+    'Processors' : [ 0x24, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0x28, ['pointer', ['void']]],
+    'TimeWindowHandler' : [ 0x2c, ['pointer', ['void']]],
+    'BoostPolicyHandler' : [ 0x30, ['pointer', ['void']]],
+    'BoostModeHandler' : [ 0x34, ['pointer', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x38, ['pointer', ['void']]],
+    'AutonomousModeHandler' : [ 0x3c, ['pointer', ['void']]],
+    'ReinitializeHandler' : [ 0x40, ['pointer', ['void']]],
+    'PerfSelectionHandler' : [ 0x44, ['pointer', ['void']]],
+    'PerfControlHandler' : [ 0x48, ['pointer', ['void']]],
+    'DomainPerfControlHandler' : [ 0x4c, ['pointer', ['void']]],
+    'MaxFrequency' : [ 0x50, ['unsigned long']],
+    'NominalFrequency' : [ 0x54, ['unsigned long']],
+    'MaxPercent' : [ 0x58, ['unsigned long']],
+    'MinPerfPercent' : [ 0x5c, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x60, ['unsigned long']],
+    'AdvertizedMaximumFrequency' : [ 0x64, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x68, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x70, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x78, ['unsigned char']],
+    'Coordination' : [ 0x79, ['unsigned char']],
+    'HardPlatformCap' : [ 0x7a, ['unsigned char']],
+    'AffinitizeControl' : [ 0x7b, ['unsigned char']],
+    'EfficientThrottle' : [ 0x7c, ['unsigned char']],
+    'AllowSchedulerDirectedPerfStates' : [ 0x7d, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x7e, ['unsigned char']],
+    'AutonomousMode' : [ 0x7f, ['unsigned char']],
+    'ProvideGuidance' : [ 0x80, ['unsigned char']],
+    'DesiredPercent' : [ 0x84, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x88, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x8c, ['unsigned char']],
+    'QosPolicies' : [ 0x90, ['array', 4, ['_PROC_PERF_QOS_CLASS_POLICY']]],
+    'QosDisableReasons' : [ 0x100, ['array', 4, ['unsigned long']]],
+    'QosEquivalencyMasks' : [ 0x110, ['array', 4, ['unsigned short']]],
+    'QosSupported' : [ 0x118, ['unsigned char']],
+    'SelectionGeneration' : [ 0x11c, ['unsigned long']],
+    'QosSelection' : [ 0x120, ['array', 4, ['_PERF_CONTROL_STATE_SELECTION']]],
+    'PerfChangeTime' : [ 0x1c0, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x1c8, ['unsigned long']],
+    'Force' : [ 0x1cc, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x40, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x4, ['unsigned long']],
+    'DummyPagePfn' : [ 0x8, ['pointer', ['_MMPFN']]],
+    'DummyPage' : [ 0xc, ['unsigned long']],
+    'PageOfZeroes' : [ 0x10, ['unsigned long']],
+    'ZeroMapping' : [ 0x14, ['pointer', ['void']]],
+    'OnesMapping' : [ 0x18, ['pointer', ['void']]],
+    'ZeroCrc' : [ 0x20, ['unsigned long long']],
+    'OnesCrc' : [ 0x28, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x30, ['array', 2, ['unsigned long']]],
+    'PfnGapFrames' : [ 0x38, ['array', 2, ['unsigned long']]],
+} ],
+  '_HAL_HV_DMA_DOMAIN_INFO' : [ 0x8, {
+    'DomainId' : [ 0x0, ['unsigned long']],
+    'IsStage1' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x10, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0xc, ['unsigned char']],
+    'Reserved' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x8, {
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+} ],
+  '_SUPPORTED_RANGES' : [ 0xa0, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Sorted' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'NoIO' : [ 0x4, ['unsigned long']],
+    'IO' : [ 0x8, ['_SUPPORTED_RANGE']],
+    'NoMemory' : [ 0x28, ['unsigned long']],
+    'Memory' : [ 0x30, ['_SUPPORTED_RANGE']],
+    'NoPrefetchMemory' : [ 0x50, ['unsigned long']],
+    'PrefetchMemory' : [ 0x58, ['_SUPPORTED_RANGE']],
+    'NoDma' : [ 0x78, ['unsigned long']],
+    'Dma' : [ 0x80, ['_SUPPORTED_RANGE']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DEVICE_OBJECT_LIST' : [ 0x20, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'TagCount' : [ 0x8, ['unsigned long']],
+    'OperationCode' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+    'Devices' : [ 0x10, ['array', 1, ['_DEVICE_OBJECT_LIST_ENTRY']]],
+} ],
+  '_DEBUG_TRANSPORT_DATA' : [ 0x8, {
+    'HwContextSize' : [ 0x0, ['unsigned long']],
+    'UseSerialFraming' : [ 0x4, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x5, ['unsigned char']],
+    'USBCoreId' : [ 0x6, ['unsigned char']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_HAL_HV_SVM_DEVICE_CAPABILITIES' : [ 0xc, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PciExecute' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 31, native_type='unsigned long')]],
+    'OverflowPossible' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'PasidCount' : [ 0x4, ['unsigned long']],
+    'IommuIndex' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x48, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x1c, ['pointer', ['void']]],
+    'Enabled' : [ 0x20, ['unsigned char']],
+    'ActiveEngaged' : [ 0x21, ['unsigned char']],
+    'ThrottleLimit' : [ 0x22, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x23, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x24, ['pointer', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x28, ['pointer', ['_KEVENT']]],
+    'Interface' : [ 0x2c, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '__unnamed_2e7c' : [ 0x50, {
+    'CellData' : [ 0x0, ['_CELL_DATA']],
+    'List' : [ 0x0, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_CACHED_VALUE_INDEX' : [ 0x54, {
+    'CellIndex' : [ 0x0, ['unsigned long']],
+    'Data' : [ 0x4, ['__unnamed_2e7c']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x14, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x10, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x8, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'AllocatorBackTraceIndex' : [ 0x4, ['unsigned short']],
+    'PoolTagHash' : [ 0x6, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x148, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+    'UserPresencePredictionEnabled' : [ 0x140, ['unsigned long']],
+    'AirplaneModeEnabled' : [ 0x144, ['unsigned char']],
+    'BluetoothDeviceCharging' : [ 0x145, ['unsigned char']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_HAL_IOMMU_DISPATCH' : [ 0x4c, {
+    'HalIommuSupportEnabled' : [ 0x0, ['pointer', ['void']]],
+    'HalIommuGetConfiguration' : [ 0x4, ['pointer', ['void']]],
+    'HalIommuGetLibraryContext' : [ 0x8, ['pointer', ['void']]],
+    'HalIommuMapDevice' : [ 0xc, ['pointer', ['void']]],
+    'HalIommuEnableDevicePasid' : [ 0x10, ['pointer', ['void']]],
+    'HalIommuSetAddressSpace' : [ 0x14, ['pointer', ['void']]],
+    'HalIommuDisableDevicePasid' : [ 0x18, ['pointer', ['void']]],
+    'HalIommuUnmapDevice' : [ 0x1c, ['pointer', ['void']]],
+    'HalIommuFreeLibraryContext' : [ 0x20, ['pointer', ['void']]],
+    'HalIommuFlushTb' : [ 0x24, ['pointer', ['void']]],
+    'HalIommuFlushAllPasid' : [ 0x28, ['pointer', ['void']]],
+    'HalIommuProcessPageRequestQueue' : [ 0x2c, ['pointer', ['void']]],
+    'HalIommuFaultRoutine' : [ 0x30, ['pointer', ['void']]],
+    'HalIommuReferenceAsid' : [ 0x34, ['pointer', ['void']]],
+    'HalIommuDereferenceAsid' : [ 0x38, ['pointer', ['void']]],
+    'HalIommuServicePageFault' : [ 0x3c, ['pointer', ['void']]],
+    'HalIommuDevicePowerChange' : [ 0x40, ['pointer', ['void']]],
+    'HalIommuBeginDeviceReset' : [ 0x44, ['pointer', ['void']]],
+    'HalIommuFinalizeDeviceReset' : [ 0x48, ['pointer', ['void']]],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Timer' : [ 0x8, ['_KTIMER']],
+    'Dpc' : [ 0x30, ['_KDPC']],
+    'WorkOrder' : [ 0x50, ['pointer', ['_POP_FX_WORK_ORDER']]],
+    'CurrentWorkInfo' : [ 0x54, ['pointer', ['_PEP_WORK_INFORMATION']]],
+    'WatchdogStart' : [ 0x58, ['unsigned long long']],
+    'WorkerThread' : [ 0x60, ['pointer', ['_KTHREAD']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ArbiterHandler' : [ 0x10, ['pointer', ['void']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2ebd' : [ 0x10, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x10, {
+    'Parameters' : [ 0x0, ['__unnamed_2ebd']],
+} ],
+  '__unnamed_2ec1' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2ec5' : [ 0x14, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2ec7' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2ec9' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2ecb' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_2ecd' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2ecf' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2ed1' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2ed3' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2ed5' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2ed7' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2ed9' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_2ec1']],
+    'Memory' : [ 0x0, ['__unnamed_2ec1']],
+    'Interrupt' : [ 0x0, ['__unnamed_2ec5']],
+    'Dma' : [ 0x0, ['__unnamed_2ec7']],
+    'DmaV3' : [ 0x0, ['__unnamed_2ec9']],
+    'Generic' : [ 0x0, ['__unnamed_2ec1']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2ecb']],
+    'BusNumber' : [ 0x0, ['__unnamed_2ecd']],
+    'ConfigData' : [ 0x0, ['__unnamed_2ecf']],
+    'Memory40' : [ 0x0, ['__unnamed_2ed1']],
+    'Memory48' : [ 0x0, ['__unnamed_2ed3']],
+    'Memory64' : [ 0x0, ['__unnamed_2ed5']],
+    'Connection' : [ 0x0, ['__unnamed_2ed7']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_2ed9']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x28, {
+    'DriverObject' : [ 0x0, ['pointer', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x4, ['pointer', ['void']]],
+    'Count' : [ 0x8, ['unsigned long']],
+    'ServiceKeyName' : [ 0xc, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x14, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x18, ['pointer', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x1c, ['pointer', ['void']]],
+    'DvCallbacks' : [ 0x20, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'Traits' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x8, ['pointer', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0xc, ['pointer', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x10, ['pointer', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x14, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned short']],
+    'ReplyIndex' : [ 0x1a, ['unsigned short']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UseSlabAllocators' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ZeroPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_RTL_RVA_LIST' : [ 0x20, {
+    'RvaCount' : [ 0x0, ['unsigned long']],
+    'StateBitsPerRva' : [ 0x4, ['unsigned long']],
+    'CompressedBuffer' : [ 0x8, ['pointer', ['unsigned char']]],
+    'CompressedBufferSize' : [ 0xc, ['unsigned long']],
+    'RvaStateBitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'StateBitValueMap' : [ 0x18, ['pointer', ['unsigned long']]],
+    'ExtensionBuffer' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x58, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '__unnamed_2ef8' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_2efa' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_2ef8']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_2efa']],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x4, {
+    'ReserveDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '__unnamed_2f04' : [ 0x8, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x8, ['__unnamed_2f04']],
+    'Irp' : [ 0x10, ['pointer', ['_IRP']]],
+    'u1' : [ 0x14, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x18, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x1c, ['_KAPC']],
+    'ByteCount' : [ 0x4c, ['unsigned long']],
+    'ChargedPages' : [ 0x50, ['unsigned long']],
+    'PagingFile' : [ 0x54, ['pointer', ['_MMPAGING_FILE']]],
+    'File' : [ 0x58, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x5c, ['pointer', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x60, ['pointer', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'Partition' : [ 0x78, ['pointer', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0x7c, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x80, ['_MDL']],
+    'Page' : [ 0x9c, ['array', 1, ['unsigned long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0x50, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x10, ['unsigned char']],
+    'IrpOplocksR' : [ 0x14, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x1c, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x24, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x2c, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x34, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x3c, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x44, ['pointer', ['_GUID']]],
+    'OplockState' : [ 0x48, ['unsigned long']],
+    'FastMutex' : [ 0x4c, ['pointer', ['_FAST_MUTEX']]],
+} ],
+  '_HAL_HV_SVM_SYSTEM_CAPABILITIES' : [ 0x18, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GpaAlwaysValid' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MaxPasidSpaceCount' : [ 0x4, ['unsigned long']],
+    'MaxPasidSpacePasidCount' : [ 0x8, ['unsigned long']],
+    'MaxPrqSize' : [ 0xc, ['unsigned long']],
+    'IommuCount' : [ 0x10, ['unsigned long']],
+    'MinIommuPasidCount' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2f0f' : [ 0x8, {
+    'UserData' : [ 0x0, ['pointer', ['void']]],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_2f10' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_2f0f']],
+    'Merged' : [ 0x10, ['__unnamed_2f10']],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'PublicFlags' : [ 0x19, ['unsigned char']],
+    'PrivateFlags' : [ 0x1a, ['unsigned short']],
+    'ListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_2f14' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2f16' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2f18' : [ 0xc, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2f1a' : [ 0xc, {
+    'Raw' : [ 0x0, ['__unnamed_2f18']],
+    'Translated' : [ 0x0, ['__unnamed_2f16']],
+} ],
+  '__unnamed_2f1c' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2f1e' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_2f20' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2f22' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2f24' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2f26' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2f28' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2f2a' : [ 0xc, {
+    'Generic' : [ 0x0, ['__unnamed_2f14']],
+    'Port' : [ 0x0, ['__unnamed_2f14']],
+    'Interrupt' : [ 0x0, ['__unnamed_2f16']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_2f1a']],
+    'Memory' : [ 0x0, ['__unnamed_2f14']],
+    'Dma' : [ 0x0, ['__unnamed_2f1c']],
+    'DmaV3' : [ 0x0, ['__unnamed_2f1e']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_2ecb']],
+    'BusNumber' : [ 0x0, ['__unnamed_2f20']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_2f22']],
+    'Memory40' : [ 0x0, ['__unnamed_2f24']],
+    'Memory48' : [ 0x0, ['__unnamed_2f26']],
+    'Memory64' : [ 0x0, ['__unnamed_2f28']],
+    'Connection' : [ 0x0, ['__unnamed_2ed7']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2f2a']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x40, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0xa80, {
+    'SpecialPool' : [ 0x0, ['_MI_SPECIAL_POOL']],
+    'SessionWsList' : [ 0x40, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x4c, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x68, ['unsigned long']],
+    'SizeOfPagedPoolInPages' : [ 0x6c, ['unsigned long']],
+    'SystemPteInfo' : [ 0x70, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0xa4, ['unsigned long']],
+    'SmallNonPagedPtesCommit' : [ 0xa8, ['unsigned long']],
+    'BootCommit' : [ 0xac, ['unsigned long']],
+    'MdlPagesAllocated' : [ 0xb0, ['unsigned long']],
+    'SystemPageTableCommit' : [ 0xb4, ['unsigned long']],
+    'SpecialPagesInUse' : [ 0xb8, ['unsigned long']],
+    'ProcessCommit' : [ 0xbc, ['unsigned long']],
+    'DriverCommit' : [ 0xc0, ['long']],
+    'PfnDatabaseCommit' : [ 0xc4, ['unsigned long']],
+    'SystemWs' : [ 0x100, ['array', 6, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x480, ['_MMSUPPORT_SHARED']],
+    'MapCacheFailures' : [ 0x4ac, ['unsigned long']],
+    'PagefileHashPages' : [ 0x4b0, ['unsigned long']],
+    'PteHeader' : [ 0x4b4, ['_SYSPTES_HEADER']],
+    'SessionSpecialPool' : [ 0x540, ['pointer', ['_MI_SPECIAL_POOL']]],
+    'SystemVaTypeCount' : [ 0x544, ['array', 16, ['unsigned long']]],
+    'SystemVaType' : [ 0x584, ['array', 1024, ['unsigned char']]],
+    'SystemVaTypeCountFailures' : [ 0x984, ['array', 16, ['unsigned long']]],
+    'SystemVaTypeCountLimit' : [ 0x9c4, ['array', 16, ['unsigned long']]],
+    'SystemVaTypeCountPeak' : [ 0xa04, ['array', 16, ['unsigned long']]],
+    'SystemAvailableVa' : [ 0xa44, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0x54, {
+    'Cr0' : [ 0x0, ['unsigned long']],
+    'Cr2' : [ 0x4, ['unsigned long']],
+    'Cr3' : [ 0x8, ['unsigned long']],
+    'Cr4' : [ 0xc, ['unsigned long']],
+    'KernelDr0' : [ 0x10, ['unsigned long']],
+    'KernelDr1' : [ 0x14, ['unsigned long']],
+    'KernelDr2' : [ 0x18, ['unsigned long']],
+    'KernelDr3' : [ 0x1c, ['unsigned long']],
+    'KernelDr6' : [ 0x20, ['unsigned long']],
+    'KernelDr7' : [ 0x24, ['unsigned long']],
+    'Gdtr' : [ 0x28, ['_DESCRIPTOR']],
+    'Idtr' : [ 0x30, ['_DESCRIPTOR']],
+    'Tr' : [ 0x38, ['unsigned short']],
+    'Ldtr' : [ 0x3a, ['unsigned short']],
+    'Xcr0' : [ 0x3c, ['unsigned long long']],
+    'ExceptionList' : [ 0x44, ['unsigned long']],
+    'Reserved' : [ 0x48, ['array', 3, ['unsigned long']]],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x8, ['pointer', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x14, ['pointer', ['_ETHREAD']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'AtomicLinks' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x54, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x28, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x34, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x3c, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x40, ['unsigned long']],
+    'ProtosNode' : [ 0x44, ['_MI_PROTOTYPE_PTES_NODE']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x138, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastResponsivenessEvents' : [ 0x18, ['unsigned long']],
+    'LastPerfCheckSnap' : [ 0x20, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x78, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xd0, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x128, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x12c, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x130, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x132, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x133, ['unsigned char']],
+    'CurrentResponsivenessEvents' : [ 0x134, ['unsigned long']],
+} ],
+  '_MI_HARD_FAULT_STATE' : [ 0x8, {
+    'SwapPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'StoreFlags' : [ 0x4, ['_MI_STORE_INPAGE_COMPLETE_FLAGS']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x108, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x14, ['pointer', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x18, ['pointer', ['_KSEMAPHORE']]],
+    'Order' : [ 0x1c, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0xf0, ['_LIST_ENTRY']],
+    'Status' : [ 0xf8, ['long']],
+    'FailedDevice' : [ 0xfc, ['pointer', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x100, ['unsigned char']],
+    'Cancelled' : [ 0x101, ['unsigned char']],
+    'IgnoreErrors' : [ 0x102, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x103, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x104, ['unsigned char']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x4c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['unsigned long']],
+    'SamplingPeriod' : [ 0x10, ['unsigned long']],
+    'CurrentTemperature' : [ 0x14, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x60, {
+    'FileName' : [ 0x0, ['pointer', ['wchar']]],
+    'BaseName' : [ 0x4, ['pointer', ['wchar']]],
+    'RegRootName' : [ 0x8, ['pointer', ['wchar']]],
+    'CmHive' : [ 0xc, ['pointer', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x10, ['unsigned long']],
+    'CmHiveFlags' : [ 0x14, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x18, ['unsigned long']],
+    'CmHive2' : [ 0x1c, ['pointer', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x20, ['unsigned char']],
+    'ThreadFinished' : [ 0x21, ['unsigned char']],
+    'ThreadStarted' : [ 0x22, ['unsigned char']],
+    'Allocate' : [ 0x23, ['unsigned char']],
+    'WinPERequired' : [ 0x24, ['unsigned char']],
+    'StartEvent' : [ 0x28, ['_KEVENT']],
+    'FinishedEvent' : [ 0x38, ['_KEVENT']],
+    'MountLock' : [ 0x48, ['_KEVENT']],
+    'FilePath' : [ 0x58, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0xd4, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x4, ['pointer', ['pointer', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x8, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+    'Flags' : [ 0xd0, ['unsigned long']],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'HitCount' : [ 0x10, ['unsigned long long']],
+    'LastActivationTime' : [ 0x18, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x20, ['unsigned long long']],
+    'CsActivationTime' : [ 0x28, ['unsigned long long']],
+    'CsActiveTime' : [ 0x30, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x28, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HAL_CLOCK_TIMER_CONFIGURATION' : [ 0x20, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'AlwaysOnTimer' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'HighLatency' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PerCpuTimer' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DynamicTickSupported' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'KnownType' : [ 0x4, ['unsigned long']],
+    'Capabilities' : [ 0x8, ['unsigned long']],
+    'MaxIncrement' : [ 0x10, ['unsigned long long']],
+    'MinIncrement' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_DEBUGID_TRACKING_ENTRY' : [ 0x2c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x8, ['unsigned char']],
+    'Spare' : [ 0x9, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0xc, ['unsigned long']],
+    'DebugId' : [ 0x10, ['_CVDD']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'Event' : [ 0xc, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_2f75' : [ 0x4, {
+    'Anchor' : [ 0x0, ['_MI_SYSTEM_REGION_ANCHOR']],
+    'EntireReference' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_REGION_REFERENCE' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_2f75']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x34, {
+    'Parent' : [ 0x0, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x4, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x8, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0xc, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x30, ['pointer', ['void']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x14, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'HashTable' : [ 0xc, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x2c, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ControlAreaDeleteListHead' : [ 0x14, ['_LIST_ENTRY']],
+    'UnusedSegmentDeleteListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'PagefileExtensionListHead' : [ 0x24, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2f8c' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x140, {
+    'FreeLargePages' : [ 0x0, ['array', 2, ['_MI_FREE_LARGE_PAGES']]],
+    'LargePageRebuildTimer' : [ 0x50, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'FreePageListHeadsBitmap' : [ 0x80, ['array', 2, ['_RTL_BITMAP']]],
+    'FreePageListHeadsBitmapBuffer' : [ 0x90, ['array', 16, ['unsigned long']]],
+    'FreeCount' : [ 0xd0, ['array', 2, ['unsigned long']]],
+    'TotalPages' : [ 0xd8, ['array', 1, ['unsigned long']]],
+    'TotalPagesEntireNode' : [ 0xdc, ['unsigned long']],
+    'MmShiftedColor' : [ 0xe0, ['unsigned long']],
+    'Color' : [ 0xe4, ['unsigned long']],
+    'ChannelFreeCount' : [ 0xe8, ['array', 1, ['array', 2, ['unsigned long']]]],
+    'Flags' : [ 0xf0, ['__unnamed_2f8c']],
+    'NodeLock' : [ 0xf4, ['_EX_PUSH_LOCK']],
+    'LargeListMoveInProgress' : [ 0xf8, ['unsigned char']],
+    'ChannelStatus' : [ 0xf9, ['unsigned char']],
+    'ChannelOrdering' : [ 0xfa, ['array', 1, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0xfb, ['array', 1, ['unsigned char']]],
+    'PowerAttribute' : [ 0xfc, ['array', 1, ['unsigned char']]],
+    'LargePageLock' : [ 0x100, ['unsigned long']],
+    'PageColorTable' : [ 0x104, ['_MI_PAGE_COLORS']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION' : [ 0xc0, {
+    'ValidBits' : [ 0x0, ['_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS']],
+    'ProcessorType' : [ 0x8, ['unsigned char']],
+    'InstructionSet' : [ 0x9, ['unsigned char']],
+    'ErrorType' : [ 0xa, ['unsigned char']],
+    'Operation' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned char']],
+    'Level' : [ 0xd, ['unsigned char']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'CPUVersion' : [ 0x10, ['unsigned long long']],
+    'CPUBrandString' : [ 0x18, ['array', 128, ['unsigned char']]],
+    'ProcessorId' : [ 0x98, ['unsigned long long']],
+    'TargetAddress' : [ 0xa0, ['unsigned long long']],
+    'RequesterId' : [ 0xa8, ['unsigned long long']],
+    'ResponderId' : [ 0xb0, ['unsigned long long']],
+    'InstructionPointer' : [ 0xb8, ['unsigned long long']],
+} ],
+  '_MI_HYPER_SPACE' : [ 0x2000, {
+    'VadBitmap' : [ 0x0, ['array', 6144, ['unsigned char']]],
+    'PaddingToPageBoundary' : [ 0x1800, ['array', 2048, ['unsigned char']]],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['long']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DeviceNode' : [ 0x1c, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x10, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x4, ['pointer', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x40, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0xc, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x1c, ['unsigned long']],
+    'AccessBufferList' : [ 0x20, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x28, ['long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x30, ['long']],
+} ],
+  '_DOMAIN_CONFIGURATION_ARM64' : [ 0x20, {
+    'Ttbr0' : [ 0x0, ['_LARGE_INTEGER']],
+    'Ttbr1' : [ 0x8, ['_LARGE_INTEGER']],
+    'Mair0' : [ 0x10, ['unsigned long']],
+    'Mair1' : [ 0x14, ['unsigned long']],
+    'InputSize0' : [ 0x18, ['unsigned char']],
+    'InputSize1' : [ 0x19, ['unsigned char']],
+    'CoherentTableWalks' : [ 0x1a, ['unsigned char']],
+    'TranslationEnabled' : [ 0x1b, ['unsigned char']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x8, ['pointer', ['void']]],
+    'CallersCaller' : [ 0xc, ['pointer', ['void']]],
+    'CallCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0xc, {
+    'Previous' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x4, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x10, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0xb0, {
+    'PagedPoolSListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'NonPagedPoolSListHead' : [ 0x8, ['array', 3, ['_SLIST_HEADER']]],
+    'NonPagedPoolSListHeadNx' : [ 0x20, ['array', 3, ['_SLIST_HEADER']]],
+    'CachedKernelStacks' : [ 0x38, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'NonPagedPoolLowestPage' : [ 0x68, ['unsigned long']],
+    'NonPagedPoolHighestPage' : [ 0x6c, ['unsigned long']],
+    'AllocatedNonPagedPool' : [ 0x70, ['unsigned long']],
+    'PartialLargePoolRegions' : [ 0x74, ['unsigned long']],
+    'PagesInPartialLargePoolRegions' : [ 0x78, ['unsigned long']],
+    'CachedNonPagedPoolCount' : [ 0x7c, ['unsigned long']],
+    'NonPagedPoolSpinLock' : [ 0x80, ['unsigned long']],
+    'CachedNonPagedPool' : [ 0x84, ['pointer', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x88, ['pointer', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x8c, ['pointer', ['void']]],
+    'NonPagedBitMap' : [ 0x90, ['array', 3, ['_RTL_BITMAP']]],
+    'NonPagedHint' : [ 0xa8, ['array', 2, ['unsigned long']]],
+} ],
+  '_PROC_PERF_QOS_CLASS_POLICY' : [ 0x1c, {
+    'MaxPolicyPercent' : [ 0x0, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x4, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x8, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0xc, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x10, ['unsigned long']],
+    'ProvideGuidance' : [ 0x14, ['unsigned char']],
+    'AllowThrottling' : [ 0x15, ['unsigned char']],
+    'PerfBoostMode' : [ 0x16, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x17, ['unsigned char']],
+    'TrackDesiredCrossClass' : [ 0x18, ['unsigned char']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long']],
+    'BadPagesDetected' : [ 0x4, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x8, ['long']],
+    'ScrubPasses' : [ 0xc, ['long']],
+    'ScrubBadPagesFound' : [ 0x10, ['long']],
+    'PageHashErrors' : [ 0x14, ['unsigned long']],
+    'FeatureBits' : [ 0x18, ['unsigned long long']],
+    'TimeZoneId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x28, ['pointer', ['void']]],
+    'ExceptionChainTerminator' : [ 0x2c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'ExceptionChainTerminatorRecord' : [ 0x30, ['_EXCEPTION_REGISTRATION_RECORD']],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x10, {
+    'SharedExportThunks' : [ 0x0, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x4, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x8, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0xc, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x14, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x10, ['unsigned char']],
+    'RebuildActive' : [ 0x11, ['unsigned char']],
+    'NextPassDelta' : [ 0x12, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x13, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x40, {
+    'IoPfnLock' : [ 0x0, ['long']],
+    'IoPfnRoot' : [ 0x4, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x10, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x18, ['unsigned long']],
+    'IoCacheStats' : [ 0x1c, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x3c, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x2c, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x28, ['long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0xc88, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x14, ['pointer', ['void']]],
+    'EmInfFileSize' : [ 0x18, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x1c, ['pointer', ['void']]],
+    'HeadlessLoaderBlock' : [ 0x20, ['pointer', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x24, ['pointer', ['_SMBIOS3_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x28, ['pointer', ['void']]],
+    'DrvDBSize' : [ 0x2c, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x30, ['pointer', ['_NETWORK_LOADER_BLOCK']]],
+    'HalpIRQLToTPR' : [ 0x34, ['pointer', ['unsigned char']]],
+    'HalpVectorToIRQL' : [ 0x38, ['pointer', ['unsigned char']]],
+    'FirmwareDescriptorListHead' : [ 0x3c, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x44, ['pointer', ['void']]],
+    'AcpiTableSize' : [ 0x48, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x4c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x4c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x4c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x4c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x4c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardStrongCodeGuarantees' : [ 0x4c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SidSharingDisabled' : [ 0x4c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'TpmInitialized' : [ 0x4c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'VsmConfigured' : [ 0x4c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IumEnabled' : [ 0x4c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'IsSmbboot' : [ 0x4c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BootLogEnabled' : [ 0x4c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DriverVerifierEnabled' : [ 0x4c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Unused' : [ 0x4c, ['BitField', dict(start_bit = 13, end_bit = 21, native_type='unsigned long')]],
+    'FeatureSimulations' : [ 0x4c, ['BitField', dict(start_bit = 21, end_bit = 27, native_type='unsigned long')]],
+    'MicrocodeSelfHosting' : [ 0x4c, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'XhciLegacyHandoffSkip' : [ 0x4c, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisableInsiderOptInHVCI' : [ 0x4c, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'MicrocodeMinVerSupported' : [ 0x4c, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'GpuIommuEnabled' : [ 0x4c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x50, ['_LOADER_PERFORMANCE_DATA']],
+    'BootApplicationPersistentData' : [ 0x98, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0xa0, ['pointer', ['void']]],
+    'BootIdentifier' : [ 0xa4, ['_GUID']],
+    'ResumePages' : [ 0xb4, ['unsigned long']],
+    'DumpHeader' : [ 0xb8, ['pointer', ['void']]],
+    'BgContext' : [ 0xbc, ['pointer', ['void']]],
+    'NumaLocalityInfo' : [ 0xc0, ['pointer', ['void']]],
+    'NumaGroupAssignment' : [ 0xc4, ['pointer', ['void']]],
+    'AttachedHives' : [ 0xc8, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0xd0, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0xd4, ['pointer', ['void']]],
+    'BootEntropyResult' : [ 0xd8, ['_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0x940, ['unsigned long long']],
+    'HypervisorExtension' : [ 0x948, ['_LOADER_PARAMETER_HYPERVISOR_EXTENSION']],
+    'HardwareConfigurationId' : [ 0x988, ['_GUID']],
+    'HalExtensionModuleList' : [ 0x998, ['_LIST_ENTRY']],
+    'SystemTime' : [ 0x9a0, ['_LARGE_INTEGER']],
+    'TimeStampAtSystemTimeRead' : [ 0x9a8, ['unsigned long long']],
+    'BootFlags' : [ 0x9b0, ['unsigned long long']],
+    'DbgMenuOsSelection' : [ 0x9b0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgHiberBoot' : [ 0x9b0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgSoftRestart' : [ 0x9b0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'DbgMeasuredLaunch' : [ 0x9b0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'InternalBootFlags' : [ 0x9b8, ['unsigned long long']],
+    'DbgUtcBootTime' : [ 0x9b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgRtcBootTime' : [ 0x9b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgNoLegacyServices' : [ 0x9b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WfsFPData' : [ 0x9c0, ['pointer', ['void']]],
+    'WfsFPDataSize' : [ 0x9c4, ['unsigned long']],
+    'BugcheckParameters' : [ 0x9c8, ['_LOADER_BUGCHECK_PARAMETERS']],
+    'ApiSetSchema' : [ 0x9dc, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0x9e0, ['unsigned long']],
+    'ApiSetSchemaExtensions' : [ 0x9e4, ['_LIST_ENTRY']],
+    'AcpiBiosVersion' : [ 0x9ec, ['_UNICODE_STRING']],
+    'SmbiosVersion' : [ 0x9f4, ['_UNICODE_STRING']],
+    'EfiVersion' : [ 0x9fc, ['_UNICODE_STRING']],
+    'KdDebugDevice' : [ 0xa04, ['pointer', ['_DEBUG_DEVICE_DESCRIPTOR']]],
+    'OfflineCrashdumpConfigurationTable' : [ 0xa08, ['_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2']],
+    'ManufacturingProfile' : [ 0xa28, ['_UNICODE_STRING']],
+    'BbtBuffer' : [ 0xa30, ['pointer', ['void']]],
+    'XsaveAllowedFeatures' : [ 0xa38, ['unsigned long long']],
+    'XsaveFlags' : [ 0xa40, ['unsigned long']],
+    'BootOptions' : [ 0xa44, ['pointer', ['void']]],
+    'IumEnablement' : [ 0xa48, ['unsigned long']],
+    'IumPolicy' : [ 0xa4c, ['unsigned long']],
+    'IumStatus' : [ 0xa50, ['long']],
+    'BootId' : [ 0xa54, ['unsigned long']],
+    'CodeIntegrityData' : [ 0xa58, ['pointer', ['_LOADER_PARAMETER_CI_EXTENSION']]],
+    'CodeIntegrityDataSize' : [ 0xa5c, ['unsigned long']],
+    'SystemHiveRecoveryInfo' : [ 0xa60, ['_LOADER_HIVE_RECOVERY_INFO']],
+    'SoftRestartCount' : [ 0xa74, ['unsigned long']],
+    'SoftRestartTime' : [ 0xa78, ['long long']],
+    'LeapSecondData' : [ 0xa80, ['pointer', ['_LEAP_SECOND_DATA']]],
+    'MajorRelease' : [ 0xa84, ['unsigned long']],
+    'Reserved1' : [ 0xa88, ['unsigned long']],
+    'NtBuildLab' : [ 0xa8c, ['array', 224, ['unsigned char']]],
+    'NtBuildLabEx' : [ 0xb6c, ['array', 224, ['unsigned char']]],
+    'ResetReason' : [ 0xc50, ['_LOADER_RESET_REASON']],
+    'MaxPciBusNumber' : [ 0xc80, ['unsigned long']],
+    'FeatureSettings' : [ 0xc84, ['unsigned long']],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0xc, {
+    'AnsiCodePageData' : [ 0x0, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x4, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x10, {
+    'CurrentCharges' : [ 0x0, ['unsigned long']],
+    'ChargeFailures' : [ 0x4, ['unsigned long']],
+    'ChargePeak' : [ 0x8, ['unsigned long']],
+    'ChargeMinimum' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_2fe9' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x2c, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer', ['void']]],
+    'ProtosNode' : [ 0xc, ['_MI_PROTOTYPE_PTES_NODE']],
+    'NumberOfPtes' : [ 0x1c, ['unsigned long']],
+    'SessionId' : [ 0x20, ['unsigned long']],
+    'Subsection' : [ 0x20, ['pointer', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x24, ['pointer', ['_MMPTE']]],
+    'u2' : [ 0x28, ['__unnamed_2fe9']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x30, {
+    'PagesLoad' : [ 0x0, ['long']],
+    'PagesAverage' : [ 0x4, ['unsigned long']],
+    'AverageAvailablePages' : [ 0x8, ['unsigned long']],
+    'PagesWritten' : [ 0xc, ['unsigned long']],
+    'WritesIssued' : [ 0x10, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x14, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x18, ['unsigned long']],
+    'WriteBurstCount' : [ 0x1c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x20, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x28, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x2e, ['unsigned short']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_INFORMATION' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['_HAL_UNMASKED_INTERRUPT_FLAGS']],
+    'Mode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Gsiv' : [ 0x10, ['unsigned long']],
+    'PinNumber' : [ 0x14, ['unsigned short']],
+    'DeviceHandle' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_KTRANSACTION' : [ 0x1e0, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'Mutex' : [ 0x14, ['_KMUTANT']],
+    'TreeTx' : [ 0x34, ['pointer', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x38, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x4c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0x60, ['_GUID']],
+    'State' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0x74, ['unsigned long']],
+    'EnlistmentHead' : [ 0x78, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x80, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0x84, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0x88, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0x8c, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0x90, ['unsigned long']],
+    'PendingResponses' : [ 0x94, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0x98, ['pointer', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xa0, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0xb0, ['pointer', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0xb4, ['pointer', ['void']]],
+    'IsolationLevel' : [ 0xb8, ['unsigned long']],
+    'IsolationFlags' : [ 0xbc, ['unsigned long']],
+    'Timeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'Description' : [ 0xc8, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0xd0, ['pointer', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0xd4, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0xe4, ['_KDPC']],
+    'RollbackTimer' : [ 0x108, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x130, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x138, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x13c, ['pointer', ['_KTM']]],
+    'CommitReservation' : [ 0x140, ['long long']],
+    'TransactionHistory' : [ 0x148, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x198, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x19c, ['pointer', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x1a0, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x1a4, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x1c4, ['pointer', ['void']]],
+    'PendingPromotionCount' : [ 0x1c8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x1cc, ['_KEVENT']],
+} ],
+  '_FAKE_HEAP_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x44, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'NoPageTablesAllowed' : [ 0x3c, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x40, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0x60, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x38, ['_KMUTANT']],
+    'LinksOffset' : [ 0x58, ['unsigned short']],
+    'GuidOffset' : [ 0x5a, ['unsigned short']],
+    'Expired' : [ 0x5c, ['unsigned char']],
+} ],
+  '_LOADER_BUGCHECK_PARAMETERS' : [ 0x14, {
+    'BugcheckCode' : [ 0x0, ['unsigned long']],
+    'BugcheckParameter1' : [ 0x4, ['unsigned long']],
+    'BugcheckParameter2' : [ 0x8, ['unsigned long']],
+    'BugcheckParameter3' : [ 0xc, ['unsigned long']],
+    'BugcheckParameter4' : [ 0x10, ['unsigned long']],
+} ],
+  '_POP_FX_DRIPS_WATCHDOG_CONTEXT' : [ 0x14, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'ComponentIndex' : [ 0x8, ['unsigned long']],
+    'ChildDevices' : [ 0xc, ['pointer', ['pointer', ['_DEVICE_NODE']]]],
+    'ChildDeviceCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SUPPORTED_RANGE' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_SUPPORTED_RANGE']]],
+    'SystemAddressSpace' : [ 0x4, ['unsigned long']],
+    'SystemBase' : [ 0x8, ['long long']],
+    'Base' : [ 0x10, ['long long']],
+    'Limit' : [ 0x18, ['long long']],
+} ],
+  '__unnamed_3015' : [ 0x4, {
+    'NumberOfEntries' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Va' : [ 0x0, ['pointer', ['void']]],
+    'VaLong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTB_FLUSH_VA' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_3015']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x2c, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x8, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0xc, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x10, ['unsigned long']],
+    'LowestLink' : [ 0x14, ['unsigned long']],
+    'Dependencies' : [ 0x18, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x1c, ['_LDRP_CSLIST']],
+    'State' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x28, ['unsigned long']],
+} ],
+  '_MI_PAGE_COLORS' : [ 0xc, {
+    'PageSize' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x100, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0xc0, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0xc8, ['pointer', ['void']]],
+    'StorageInfo' : [ 0xc8, ['pointer', ['void']]],
+    'UseStorageInfo' : [ 0xcc, ['unsigned char']],
+    'PointersLength' : [ 0xd0, ['unsigned long']],
+    'ModulePrefix' : [ 0xd4, ['pointer', ['wchar']]],
+    'DriverList' : [ 0xd8, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0xe0, ['_STRING']],
+    'ProgMsg' : [ 0xe8, ['_STRING']],
+    'DoneMsg' : [ 0xf0, ['_STRING']],
+    'FileObject' : [ 0xf8, ['pointer', ['void']]],
+    'UsageType' : [ 0xfc, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay'})]],
+} ],
+  '_PNP_WATCHDOG' : [ 0x80, {
+    'WatchdogStart' : [ 0x0, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x8, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x30, ['_KDPC']],
+    'WatchdogEnabled' : [ 0x50, ['unsigned char']],
+    'WatchdogSecondChance' : [ 0x51, ['unsigned char']],
+    'WatchdogComplete' : [ 0x54, ['_KEVENT']],
+    'WatchdogWorkItem' : [ 0x64, ['_WORK_QUEUE_ITEM']],
+    'WatchdogContextType' : [ 0x74, ['Enumeration', dict(target = 'long', choices = {1: u'PNP_EVENT_WORKER_WATCHDOG', 2: u'PNP_DEVICE_COMPLETION_QUEUE_WATCHDOG', 3: u'PNP_DELAYED_REMOVE_WORKER_WATCHDOG'})]],
+    'WatchdogContext' : [ 0x78, ['pointer', ['void']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x8, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'Node' : [ 0x4, ['unsigned long']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x8, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_KQUEUE' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x18, ['unsigned long']],
+    'MaximumCount' : [ 0x1c, ['unsigned long']],
+    'ThreadListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_FAULT_CONFIGURATION' : [ 0x8, {
+    'FaultHandler' : [ 0x0, ['pointer', ['void']]],
+    'FaultContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x20, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0xc, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x20, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_INPUT_MAPPING_ELEMENT' : [ 0x4, {
+    'InputMappingId' : [ 0x0, ['unsigned long']],
+} ],
+  '_DESCRIPTOR' : [ 0x8, {
+    'Pad' : [ 0x0, ['unsigned short']],
+    'Limit' : [ 0x2, ['unsigned short']],
+    'Base' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_3044' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_3046' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_3048' : [ 0x8, {
+    'NotificationStructure' : [ 0x0, ['pointer', ['void']]],
+    'DeviceId' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_304a' : [ 0x4, {
+    'Notification' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_304c' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_304e' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_3050' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_3052' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_3054' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_3056' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_3044']],
+    'TargetDevice' : [ 0x0, ['__unnamed_3046']],
+    'InstallDevice' : [ 0x0, ['__unnamed_3046']],
+    'CustomNotification' : [ 0x0, ['__unnamed_3048']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_304a']],
+    'PowerNotification' : [ 0x0, ['__unnamed_304c']],
+    'VetoNotification' : [ 0x0, ['__unnamed_304e']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_3050']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_3052']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_3054']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_3046']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_3046']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x44, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalSize' : [ 0x1c, ['unsigned long']],
+    'DeviceObject' : [ 0x20, ['pointer', ['void']]],
+    'u' : [ 0x24, ['__unnamed_3056']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ProcessorType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'InstructionSet' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Operation' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Flags' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Level' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'CPUVersion' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'CPUBrandString' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'ProcessorId' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'TargetAddress' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'InstructionPointer' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x18, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x8, ['long']],
+    'Misses' : [ 0xc, ['unsigned long']],
+    'MissesLast' : [ 0x10, ['unsigned long']],
+    'AllStacksInUse' : [ 0x14, ['unsigned long']],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0xc, {
+    'CommonDataArea' : [ 0x0, ['pointer', ['void']]],
+    'MachineType' : [ 0x4, ['unsigned long']],
+    'VirtualBias' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_3067' : [ 0x8, {
+    'Pch' : [ 0x0, ['unsigned char']],
+    'EmbeddedController' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 6, ['unsigned char']]],
+} ],
+  '__unnamed_3069' : [ 0x8, {
+    'Component' : [ 0x0, ['__unnamed_3067']],
+    'AsULONG64' : [ 0x0, ['unsigned long long']],
+    'AsBytes' : [ 0x0, ['array', 8, ['unsigned char']]],
+} ],
+  '_LOADER_RESET_REASON' : [ 0x30, {
+    'Supplied' : [ 0x0, ['unsigned char']],
+    'Basic' : [ 0x8, ['__unnamed_3069']],
+    'AdditionalInfo' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x4, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['pointer', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0xc, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'MpnId' : [ 0x4, ['unsigned short']],
+    'Node' : [ 0x6, ['unsigned short']],
+    'Channel' : [ 0x8, ['unsigned short']],
+    'IsPowerManageable' : [ 0xa, ['unsigned char']],
+    'DeepPowerState' : [ 0xb, ['unsigned char']],
+} ],
+  '_LOADER_HIVE_RECOVERY_INFO' : [ 0x14, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LegacyRecovery' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SoftRebootConflict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MostRecentLog' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'LogNextSequence' : [ 0x8, ['unsigned long']],
+    'LogMinimumSequence' : [ 0xc, ['unsigned long']],
+    'LogCurrentOffset' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_3079' : [ 0x24, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x28, {
+    'FirmwareTypeUefi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EfiRuntimeUseIum' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EfiRuntimePageProtectionSupported' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_3079']],
+} ],
+  '__unnamed_307d' : [ 0xc, {
+    'Address' : [ 0x0, ['unsigned long']],
+    'Consumed' : [ 0x4, ['unsigned char']],
+    'ErrorCode' : [ 0x6, ['unsigned short']],
+    'ErrorIpValid' : [ 0x8, ['unsigned char']],
+    'RestartIpValid' : [ 0x9, ['unsigned char']],
+} ],
+  '_WHEA_RECOVERY_CONTEXT' : [ 0x20, {
+    'MemoryError' : [ 0x0, ['__unnamed_307d']],
+    'PartitionId' : [ 0x10, ['unsigned long long']],
+    'VpIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Link' : [ 0x14, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x1c, ['pointer', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x70, {
+    'Prcb' : [ 0x0, ['pointer', ['_KPRCB']]],
+    'PerfContext' : [ 0x4, ['unsigned long']],
+    'PlatformCap' : [ 0x8, ['unsigned long']],
+    'ThermalCap' : [ 0xc, ['unsigned long']],
+    'LimitReasons' : [ 0x10, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x18, ['unsigned long long']],
+    'ProcCap' : [ 0x20, ['unsigned long']],
+    'ProcFloor' : [ 0x24, ['unsigned long']],
+    'TargetPercent' : [ 0x28, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x2c, ['unsigned char']],
+    'ResponsivenessChangeCount' : [ 0x2d, ['unsigned char']],
+    'Selection' : [ 0x30, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x58, ['unsigned long']],
+    'PreviousFrequency' : [ 0x5c, ['unsigned long']],
+    'PreviousPercent' : [ 0x60, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x64, ['unsigned long']],
+    'Force' : [ 0x68, ['unsigned char']],
+    'UseQosUpdateLock' : [ 0x69, ['unsigned char']],
+    'QosUpdateLock' : [ 0x6c, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x38, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0xc, ['pointer', ['unsigned char']]],
+    'PciDeviceId' : [ 0x10, ['unsigned short']],
+    'PciVendorId' : [ 0x12, ['unsigned short']],
+    'PciBusNumber' : [ 0x14, ['unsigned char']],
+    'PciBusSegment' : [ 0x16, ['unsigned short']],
+    'PciSlotNumber' : [ 0x18, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x19, ['unsigned char']],
+    'PciFlags' : [ 0x1c, ['unsigned long']],
+    'SystemGUID' : [ 0x20, ['_GUID']],
+    'IsMMIODevice' : [ 0x30, ['unsigned char']],
+    'TerminalType' : [ 0x31, ['unsigned char']],
+    'InterfaceType' : [ 0x32, ['unsigned char']],
+    'RegisterBitWidth' : [ 0x33, ['unsigned char']],
+    'RegisterAccessSize' : [ 0x34, ['unsigned char']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'RankNumber' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'CardHandle' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'ModuleHandle' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'ExtendedRow' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'BankGroup' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'BankAddress' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'ChipIdentification' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x18, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x2ac, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer', ['void']]],
+    'ConsoleFlags' : [ 0x14, ['unsigned long']],
+    'StandardInput' : [ 0x18, ['pointer', ['void']]],
+    'StandardOutput' : [ 0x1c, ['pointer', ['void']]],
+    'StandardError' : [ 0x20, ['pointer', ['void']]],
+    'CurrentDirectory' : [ 0x24, ['_CURDIR']],
+    'DllPath' : [ 0x30, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x38, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x40, ['_UNICODE_STRING']],
+    'Environment' : [ 0x48, ['pointer', ['void']]],
+    'StartingX' : [ 0x4c, ['unsigned long']],
+    'StartingY' : [ 0x50, ['unsigned long']],
+    'CountX' : [ 0x54, ['unsigned long']],
+    'CountY' : [ 0x58, ['unsigned long']],
+    'CountCharsX' : [ 0x5c, ['unsigned long']],
+    'CountCharsY' : [ 0x60, ['unsigned long']],
+    'FillAttribute' : [ 0x64, ['unsigned long']],
+    'WindowFlags' : [ 0x68, ['unsigned long']],
+    'ShowWindowFlags' : [ 0x6c, ['unsigned long']],
+    'WindowTitle' : [ 0x70, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0x78, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0x80, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0x88, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0x90, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x290, ['unsigned long']],
+    'EnvironmentVersion' : [ 0x294, ['unsigned long']],
+    'PackageDependencyData' : [ 0x298, ['pointer', ['void']]],
+    'ProcessGroupId' : [ 0x29c, ['unsigned long']],
+    'LoaderThreads' : [ 0x2a0, ['unsigned long']],
+    'RedirectionDllName' : [ 0x2a4, ['_UNICODE_STRING']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x20, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long']],
+    'ActiveCacheMatch' : [ 0x4, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0x8, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x14, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_309c' : [ 0x4, {
+    'PasidMaxWidth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'PasidExePerm' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PasidPrivMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AtsPageAlignedRequest' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AtsGlobalInvalidate' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AtsInvalidateQueueDepth' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 14, native_type='unsigned long')]],
+} ],
+  '_IOMMU_SVM_CAPABILITIES' : [ 0xc, {
+    'AtsCapability' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PriCapability' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PasidCapability' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CapReg' : [ 0x4, ['__unnamed_309c']],
+    'Rsvd' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_30a9' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_30ab' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_30ad' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_30a9']],
+    'Gpt' : [ 0x0, ['__unnamed_30ab']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0xc0, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer', ['void']]],
+    'CommonBuffer' : [ 0xc, ['array', 2, ['pointer', ['void']]]],
+    'PhysicalAddress' : [ 0x18, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x28, ['pointer', ['void']]],
+    'OpenRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'WriteRoutine' : [ 0x30, ['pointer', ['void']]],
+    'FinishRoutine' : [ 0x34, ['pointer', ['void']]],
+    'AdapterObject' : [ 0x38, ['pointer', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x3c, ['pointer', ['void']]],
+    'PortConfiguration' : [ 0x40, ['pointer', ['void']]],
+    'CrashDump' : [ 0x44, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x45, ['unsigned char']],
+    'HiberResume' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x47, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x48, ['unsigned long']],
+    'CommonBufferSize' : [ 0x4c, ['unsigned long']],
+    'TargetAddress' : [ 0x50, ['pointer', ['void']]],
+    'WritePendingRoutine' : [ 0x54, ['pointer', ['void']]],
+    'PartitionStyle' : [ 0x58, ['unsigned long']],
+    'DiskInfo' : [ 0x5c, ['__unnamed_30ad']],
+    'ReadRoutine' : [ 0x6c, ['pointer', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0x70, ['pointer', ['void']]],
+    'LogSectionTruncateSize' : [ 0x74, ['unsigned long']],
+    'Parameters' : [ 0x78, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xb8, ['pointer', ['void']]],
+    'DumpNotifyRoutine' : [ 0xbc, ['pointer', ['void']]],
+} ],
+  '_MI_SYSTEM_REGION_ANCHOR' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ActiveCooling' : [ 0x14, ['pointer', ['void']]],
+    'PassiveCooling' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PEP_WORK_INFORMATION' : [ 0x20, {
+    'WorkType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepWorkActiveComplete', 1: u'PepWorkRequestIdleState', 2: u'PepWorkDevicePower', 3: u'PepWorkRequestPowerControl', 4: u'PepWorkDeviceIdle', 5: u'PepWorkCompleteIdleState', 6: u'PepWorkCompletePerfState', 7: u'PepWorkAcpiNotify', 8: u'PepWorkAcpiEvaluateControlMethodComplete', 9: u'PepWorkMax'})]],
+    'ActiveComplete' : [ 0x4, ['_PEP_WORK_ACTIVE_COMPLETE']],
+    'IdleState' : [ 0x4, ['_PEP_WORK_IDLE_STATE']],
+    'DevicePower' : [ 0x4, ['_PEP_WORK_DEVICE_POWER']],
+    'PowerControl' : [ 0x4, ['_PEP_WORK_POWER_CONTROL']],
+    'DeviceIdle' : [ 0x4, ['_PEP_WORK_DEVICE_IDLE']],
+    'CompleteIdleState' : [ 0x4, ['_PEP_WORK_COMPLETE_IDLE_STATE']],
+    'CompletePerfState' : [ 0x4, ['_PEP_WORK_COMPLETE_PERF_STATE']],
+    'AcpiNotify' : [ 0x4, ['_PEP_WORK_ACPI_NOTIFY']],
+    'ControlMethodComplete' : [ 0x4, ['_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x8, {
+    'Start' : [ 0x0, ['pointer', ['unsigned char']]],
+    'End' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0x60, {
+    'Component' : [ 0x0, ['pointer', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x4, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x14, ['pointer', ['void']]],
+    'Flags' : [ 0x18, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x1c, ['pointer', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x20, ['unsigned long']],
+    'LastChangeStamp' : [ 0x28, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x30, ['unsigned char']],
+    'PepRegistered' : [ 0x31, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x32, ['unsigned char']],
+    'RequestDriverContext' : [ 0x34, ['pointer', ['void']]],
+    'WorkOrder' : [ 0x38, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x54, ['unsigned long']],
+    'Sets' : [ 0x58, ['pointer', ['_POP_FX_PERF_SET']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_RTL_HP_LFH_CONFIG' : [ 0x4, {
+    'MaxBlockSize' : [ 0x0, ['unsigned short']],
+    'MaxSubsegmentPages' : [ 0x2, ['unsigned short']],
+} ],
+  '_MI_ACCESS_VIOLATION_RANGE' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Va' : [ 0xc, ['pointer', ['void']]],
+    'EndVaInclusive' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE' : [ 0x18, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'CompletionFlags' : [ 0x4, ['unsigned long']],
+    'MethodStatus' : [ 0x8, ['long']],
+    'CompletionContext' : [ 0xc, ['pointer', ['void']]],
+    'OutputArgumentSize' : [ 0x10, ['unsigned long']],
+    'OutputArguments' : [ 0x14, ['pointer', ['_ACPI_METHOD_ARGUMENT_V1']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'AttemptForCantExtend' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'UnusedSegmentDeletion' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileContract' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_RESTRICTED_MODWRITES' : [ 0x3, {
+    'MaximumClusterPages' : [ 0x0, ['unsigned char']],
+    'ReducedClusterWrites' : [ 0x1, ['unsigned char']],
+    'ImposeDelay' : [ 0x2, ['unsigned char']],
+} ],
+  '_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'AbnormalResetOccurred' : [ 0x4, ['unsigned long']],
+    'OfflineMemoryDumpCapable' : [ 0x8, ['unsigned long']],
+    'ResetDataAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'ResetDataSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_ACPI_METHOD_ARGUMENT_V1' : [ 0x8, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'DataLength' : [ 0x2, ['unsigned short']],
+    'Argument' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x4, ['array', 1, ['unsigned char']]],
+} ],
+  '_POP_FX_ACTIVE_TIME_ACCOUNTING' : [ 0x60, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Unattributed' : [ 0x8, ['unsigned long long']],
+    'Buckets' : [ 0x10, ['array', 5, ['unsigned long long']]],
+    'PerBucket' : [ 0x38, ['array', 5, ['unsigned long long']]],
+} ],
+  '_PEP_WORK_ACPI_NOTIFY' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'NotifyCode' : [ 0x4, ['unsigned long']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x10, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x10, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0xc, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0xc, ['_RTL_BITMAP']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x70, {
+    'UncompressedData' : [ 0x0, ['pointer', ['unsigned char']]],
+    'MappingVa' : [ 0x4, ['pointer', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x8, ['pointer', ['void']]],
+    'CompressedDataBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'CompressTicks' : [ 0x18, ['unsigned long long']],
+    'BytesCopied' : [ 0x20, ['unsigned long long']],
+    'PagesProcessed' : [ 0x28, ['unsigned long long']],
+    'DecompressTicks' : [ 0x30, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x38, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x40, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x68, ['unsigned long']],
+    'HuffCompressCount' : [ 0x6c, ['unsigned long']],
+} ],
+  '_ETW_APC_ENTRY' : [ 0x30, {
+    'SListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Apc' : [ 0x0, ['_KAPC']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x24, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SystemClass', 1: u'ProcessorClass', 2: u'CacheClass', 3: u'AdapterClass', 4: u'ControllerClass', 5: u'PeripheralClass', 6: u'MemoryClass', 7: u'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ArcSystem', 1: u'CentralProcessor', 2: u'FloatingPointProcessor', 3: u'PrimaryIcache', 4: u'PrimaryDcache', 5: u'SecondaryIcache', 6: u'SecondaryDcache', 7: u'SecondaryCache', 8: u'EisaAdapter', 9: u'TcAdapter', 10: u'ScsiAdapter', 11: u'DtiAdapter', 12: u'MultiFunctionAdapter', 13: u'DiskController', 14: u'TapeController', 15: u'CdromController', 16: u'WormController', 17: u'SerialController', 18: u'NetworkController', 19: u'DisplayController', 20: u'ParallelController', 21: u'PointerController', 22: u'KeyboardController', 23: u'AudioController', 24: u'OtherController', 25: u'DiskPeripheral', 26: u'FloppyDiskPeripheral', 27: u'TapePeripheral', 28: u'ModemPeripheral', 29: u'MonitorPeripheral', 30: u'PrinterPeripheral', 31: u'PointerPeripheral', 32: u'KeyboardPeripheral', 33: u'TerminalPeripheral', 34: u'OtherPeripheral', 35: u'LinePeripheral', 36: u'NetworkPeripheral', 37: u'SystemMemory', 38: u'DockingInformation', 39: u'RealModeIrqRoutingTable', 40: u'RealModePCIEnumeration', 41: u'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer', ['unsigned char']]],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x58, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'ResponsivenessEvents' : [ 0x50, ['unsigned long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_FLAGS' : [ 0x2, {
+    'SecondaryInterrupt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARM_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x10, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MI_POOL_FAILURE_REASONS' : [ 0x2c, {
+    'NonPagedNoPtes' : [ 0x0, ['unsigned long']],
+    'PriorityTooLow' : [ 0x4, ['unsigned long']],
+    'NonPagedNoPagesAvailable' : [ 0x8, ['unsigned long']],
+    'PagedNoPtes' : [ 0xc, ['unsigned long']],
+    'SessionPagedNoPtes' : [ 0x10, ['unsigned long']],
+    'PagedNoPagesAvailable' : [ 0x14, ['unsigned long']],
+    'SessionPagedNoPagesAvailable' : [ 0x18, ['unsigned long']],
+    'PagedNoCommit' : [ 0x1c, ['unsigned long']],
+    'SessionPagedNoCommit' : [ 0x20, ['unsigned long']],
+    'NonPagedNoResidentAvailable' : [ 0x24, ['unsigned long']],
+    'NonPagedNoCommit' : [ 0x28, ['unsigned long']],
+} ],
+  '_PEP_WORK_COMPLETE_PERF_STATE' : [ 0xc, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+    'Succeeded' : [ 0x8, ['unsigned char']],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x48, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+    'PreloadEndTime' : [ 0x10, ['unsigned long long']],
+    'TcbLoaderStartTime' : [ 0x18, ['unsigned long long']],
+    'LoadHypervisorTime' : [ 0x20, ['unsigned long long']],
+    'LaunchHypervisorTime' : [ 0x28, ['unsigned long long']],
+    'LoadVsmTime' : [ 0x30, ['unsigned long long']],
+    'LaunchVsmTime' : [ 0x38, ['unsigned long long']],
+    'LoadDriversTime' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MI_FREE_LARGE_PAGES' : [ 0x28, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long']]],
+    'LargePagesCount' : [ 0x8, ['array', 2, ['array', 2, ['array', 1, ['unsigned long']]]]],
+    'LargePageEntries' : [ 0x18, ['array', 2, ['array', 2, ['array', 1, ['pointer', ['_MI_FREE_LARGE_PAGE_LIST']]]]]],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x24, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x4, ['pointer', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x8, ['long']],
+    'MissedMappingsCount' : [ 0xc, ['unsigned long']],
+    'FirmwareResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'EfiMemoryMap' : [ 0x18, ['pointer', ['void']]],
+    'EfiMemoryMapSize' : [ 0x1c, ['unsigned long']],
+    'EfiMemoryMapDescriptorSize' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_WORK_IDLE_STATE' : [ 0xc, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+    'State' : [ 0x8, ['unsigned long']],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'CallingAddress' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long']],
+    'Tag' : [ 0xc, ['unsigned long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x8, {
+    'NextExtension' : [ 0x0, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_SMBIOS3_TABLE_HEADER' : [ 0x18, {
+    'Signature' : [ 0x0, ['array', 5, ['unsigned char']]],
+    'Checksum' : [ 0x5, ['unsigned char']],
+    'Length' : [ 0x6, ['unsigned char']],
+    'MajorVersion' : [ 0x7, ['unsigned char']],
+    'MinorVersion' : [ 0x8, ['unsigned char']],
+    'Docrev' : [ 0x9, ['unsigned char']],
+    'EntryPointRevision' : [ 0xa, ['unsigned char']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'StructureTableMaximumSize' : [ 0xc, ['unsigned long']],
+    'StructureTableAddress' : [ 0x10, ['unsigned long long']],
+} ],
+  '_LOADER_PARAMETER_CI_EXTENSION' : [ 0x50, {
+    'CodeIntegrityOptions' : [ 0x0, ['unsigned long']],
+    'UpgradeInProgress' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsWinPE' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CustomKernelSignersAllowed' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'WhqlEnforcementDate' : [ 0x8, ['_LARGE_INTEGER']],
+    'RevocationListOffset' : [ 0x10, ['unsigned long']],
+    'RevocationListSize' : [ 0x14, ['unsigned long']],
+    'CodeIntegrityPolicyOffset' : [ 0x18, ['unsigned long']],
+    'CodeIntegrityPolicySize' : [ 0x1c, ['unsigned long']],
+    'CodeIntegrityPolicyHashOffset' : [ 0x20, ['unsigned long']],
+    'CodeIntegrityPolicyHashSize' : [ 0x24, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashOffset' : [ 0x28, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashSize' : [ 0x2c, ['unsigned long']],
+    'WeakCryptoPolicyLoadStatus' : [ 0x30, ['long']],
+    'WeakCryptoPolicyOffset' : [ 0x34, ['unsigned long']],
+    'WeakCryptoPolicySize' : [ 0x38, ['unsigned long']],
+    'SecureBootPolicyOffset' : [ 0x3c, ['unsigned long']],
+    'SecureBootPolicySize' : [ 0x40, ['unsigned long']],
+    'Reserved2' : [ 0x44, ['unsigned long']],
+    'SerializedData' : [ 0x48, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_LDRP_CSLIST' : [ 0x4, {
+    'Tail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x38, {
+    'GetTime' : [ 0x0, ['unsigned long']],
+    'SetTime' : [ 0x4, ['unsigned long']],
+    'GetWakeupTime' : [ 0x8, ['unsigned long']],
+    'SetWakeupTime' : [ 0xc, ['unsigned long']],
+    'SetVirtualAddressMap' : [ 0x10, ['unsigned long']],
+    'ConvertPointer' : [ 0x14, ['unsigned long']],
+    'GetVariable' : [ 0x18, ['unsigned long']],
+    'GetNextVariableName' : [ 0x1c, ['unsigned long']],
+    'SetVariable' : [ 0x20, ['unsigned long']],
+    'GetNextHighMonotonicCount' : [ 0x24, ['unsigned long']],
+    'ResetSystem' : [ 0x28, ['unsigned long']],
+    'UpdateCapsule' : [ 0x2c, ['unsigned long']],
+    'QueryCapsuleCapabilities' : [ 0x30, ['unsigned long']],
+    'QueryVariableInfo' : [ 0x34, ['unsigned long']],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0xc, {
+    'NextPage' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'VerifierEntry' : [ 0x4, ['pointer', ['void']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ExceptionHandlingReady' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ShadowStacksSupported' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AccessBitFenceRequired' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'PfnDatabaseExists' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_MI_STORE_INPAGE_COMPLETE_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['unsigned long']],
+    'StoreFault' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LowResourceFailure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned long')]],
+    'RemainingPageCount' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_WORK_QUEUE_MANAGER' : [ 0xb8, {
+    'Partition' : [ 0x0, ['pointer', ['_EX_PARTITION']]],
+    'Node' : [ 0x4, ['pointer', ['_ENODE']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+    'DeadlockTimer' : [ 0x18, ['_KTIMER']],
+    'ReaperEvent' : [ 0x40, ['_KEVENT']],
+    'ReaperTimer' : [ 0x50, ['_KTIMER2']],
+    'ThreadHandle' : [ 0xa8, ['pointer', ['void']]],
+    'ExitThread' : [ 0xac, ['unsigned long']],
+    'ThreadSeed' : [ 0xb0, ['unsigned long']],
+} ],
+  '_LOADER_PARAMETER_HYPERVISOR_EXTENSION' : [ 0x40, {
+    'InitialHypervisorCrashdumpAreaPageCount' : [ 0x0, ['unsigned long']],
+    'HypervisorCrashdumpAreaPageCount' : [ 0x4, ['unsigned long']],
+    'InitialHypervisorCrashdumpAreaSpa' : [ 0x8, ['unsigned long long']],
+    'HypervisorCrashdumpAreaSpa' : [ 0x10, ['unsigned long long']],
+    'HypervisorLaunchStatus' : [ 0x18, ['unsigned long long']],
+    'HypervisorLaunchStatusArg1' : [ 0x20, ['unsigned long long']],
+    'HypervisorLaunchStatusArg2' : [ 0x28, ['unsigned long long']],
+    'HypervisorLaunchStatusArg3' : [ 0x30, ['unsigned long long']],
+    'HypervisorLaunchStatusArg4' : [ 0x38, ['unsigned long long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x28, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x10, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x18, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_PEP_WORK_POWER_CONTROL' : [ 0x1c, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'PowerControlCode' : [ 0x4, ['pointer', ['_GUID']]],
+    'RequestContext' : [ 0x8, ['pointer', ['void']]],
+    'InBuffer' : [ 0xc, ['pointer', ['void']]],
+    'InBufferSize' : [ 0x10, ['unsigned long']],
+    'OutBuffer' : [ 0x14, ['pointer', ['void']]],
+    'OutBufferSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_PEP_WORK_DEVICE_POWER' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'PowerRequired' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeFilteredPrivateLogger', 12: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0xc, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+    'TimeDateStamp' : [ 0x8, ['unsigned long']],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x10, {
+    'DHCPServerACK' : [ 0x0, ['pointer', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x4, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x8, ['pointer', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0xc, ['unsigned long']],
+} ],
+  '_BOOT_ENTROPY_LDR_RESULT' : [ 0x868, {
+    'maxEntropySources' : [ 0x0, ['unsigned long']],
+    'EntropySourceResult' : [ 0x8, ['array', 10, ['_BOOT_ENTROPY_SOURCE_LDR_RESULT']]],
+    'SeedBytesForCng' : [ 0x418, ['array', 48, ['unsigned char']]],
+    'RngBytesForNtoskrnl' : [ 0x448, ['array', 1024, ['unsigned char']]],
+    'KdEntropy' : [ 0x848, ['array', 32, ['unsigned char']]],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x40, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0xc, ['pointer', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x10, ['pointer', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x14, ['pointer', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x18, ['pointer', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x1c, ['pointer', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x20, ['pointer', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x24, ['pointer', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x28, ['pointer', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x2c, ['pointer', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x30, ['pointer', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x34, ['pointer', ['void']]],
+    'PreQueryOpen' : [ 0x38, ['pointer', ['void']]],
+    'PostQueryOpen' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x18, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x14, ['pointer', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_FAULT_INFORMATION' : [ 0x1c, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'FaultInformationInvalid', 1: u'FaultInformationArm64'})]],
+    'Arm64' : [ 0x4, ['_FAULT_INFORMATION_ARM64']],
+} ],
+  '_PEP_WORK_COMPLETE_IDLE_STATE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x4, ['unsigned long']],
+} ],
+  '_PEP_WORK_ACTIVE_COMPLETE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x24, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x10, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_318d' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x4, ['pointer', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_318f' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x28, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x8, ['unsigned long long']],
+    'Unit' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x18, ['__unnamed_318d']],
+    'Range' : [ 0x18, ['__unnamed_318f']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CURDIR' : [ 0xc, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_BOOT_ENTROPY_SOURCE_LDR_RESULT' : [ 0x68, {
+    'SourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceNone', 1: u'BootEntropySourceSeedfile', 2: u'BootEntropySourceExternal', 3: u'BootEntropySourceTpm', 4: u'BootEntropySourceRdrand', 5: u'BootEntropySourceTime', 6: u'BootEntropySourceAcpiOem0', 7: u'BootEntropySourceUefi', 8: u'BootEntropySourceCng', 9: u'BootEntropySourceTcbTpm', 10: u'BootMaxEntropySources'})]],
+    'Policy' : [ 0x8, ['unsigned long long']],
+    'ResultCode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceStructureUninitialized', 1: u'BootEntropySourceDisabledByPolicy', 2: u'BootEntropySourceNotPresent', 3: u'BootEntropySourceError', 4: u'BootEntropySourceSuccess'})]],
+    'ResultStatus' : [ 0x14, ['long']],
+    'Time' : [ 0x18, ['unsigned long long']],
+    'EntropyLength' : [ 0x20, ['unsigned long']],
+    'EntropyData' : [ 0x24, ['array', 64, ['unsigned char']]],
+} ],
+  'POHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '__unnamed_31a0' : [ 0x8, {
+    'EndingOffset' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x4, ['pointer', ['pointer', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_31a2' : [ 0x4, {
+    'ResourceToRelease' : [ 0x0, ['pointer', ['_ERESOURCE']]],
+} ],
+  '__unnamed_31a8' : [ 0xc, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_31ac' : [ 0x8, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NotifyTypeCreate', 1: u'NotifyTypeRetired'})]],
+    'SafeToRecurse' : [ 0x4, ['unsigned char']],
+} ],
+  '__unnamed_31ae' : [ 0x14, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileInformation' : [ 0x4, ['pointer', ['void']]],
+    'Length' : [ 0x8, ['pointer', ['unsigned long']]],
+    'FileInformationClass' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'CompletionStatus' : [ 0x10, ['long']],
+} ],
+  '__unnamed_31b0' : [ 0x14, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+    'Argument5' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x14, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_31a0']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_31a2']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_31a8']],
+    'NotifyStreamFileObject' : [ 0x0, ['__unnamed_31ac']],
+    'QueryOpen' : [ 0x0, ['__unnamed_31ae']],
+    'Others' : [ 0x0, ['__unnamed_31b0']],
+} ],
+  '_FAULT_INFORMATION_ARM64' : [ 0x18, {
+    'DomainHandle' : [ 0x0, ['pointer', ['void']]],
+    'FaultAddress' : [ 0x4, ['pointer', ['void']]],
+    'PhysicalDeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'InputMappingId' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_FAULT_INFORMATION_ARM64_FLAGS']],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'UnsupportedUpstreamTransaction', 1: u'AddressSizeFault', 2: u'TlbMatchConflict', 3: u'ExternalFault', 4: u'PermissionFault', 5: u'AccessFlagFault', 6: u'TranslationFault', 7: u'MaxFaultType'})]],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_PEP_WORK_DEVICE_IDLE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'IgnoreIdleTimeout' : [ 0x4, ['unsigned char']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+  '_FAULT_INFORMATION_ARM64_FLAGS' : [ 0x4, {
+    'WriteNotRead' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'InstructionNotData' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Privileged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'FaultAddressValid' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+}

From 34267585fec4a37933f8aa260bd8e6886d936799 Mon Sep 17 00:00:00 2001
From: superponible <dave@superponible.com>
Date: Wed, 6 Feb 2019 22:22:05 -0600
Subject: [PATCH 254/304] force ordering of copy_data_block offsets

---
 volatility/plugins/overlays/windows/win8_kdbg.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/volatility/plugins/overlays/windows/win8_kdbg.py b/volatility/plugins/overlays/windows/win8_kdbg.py
index a602aa80d..9febf1027 100644
--- a/volatility/plugins/overlays/windows/win8_kdbg.py
+++ b/volatility/plugins/overlays/windows/win8_kdbg.py
@@ -179,7 +179,8 @@ def copy_data_block(self, full_addr):
 
         for op in before_ret:
             # cmp cs:KdpDataBlockEncoded, 0
-            if (not block_encoded and op.mnemonic == "CMP" and 
+            if (not (block_encoded or kdbg_block or wait_never or wait_always) and 
+                        op.mnemonic == "CMP" and
                         op.operands[0].type == "AbsoluteMemory" and 
                         op.operands[1].type == "Immediate" and 
                         op.operands[1].value == 0):
@@ -189,14 +190,16 @@ def copy_data_block(self, full_addr):
                                         offset = offset,
                                         vm = addr_space)
             # lea rdx, KdDebuggerDataBlock
-            elif (not kdbg_block and op.mnemonic == "LEA" and 
+            elif (not (kdbg_block or wait_never or wait_always) and 
+                        op.mnemonic == "LEA" and
                         op.operands[0].type == "Register" and 
                         op.operands[0].size == 64 and 
                         op.operands[1].type == "AbsoluteMemory" and 
                         op.operands[1].dispSize == 32):
                 kdbg_block = op.address + op.size + op.operands[1].disp 
             # mov r10, cs:KiWaitNever
-            elif (not wait_never and op.mnemonic == "MOV" and 
+            elif (not (wait_never or wait_always) and 
+                        op.mnemonic == "MOV" and
                         op.operands[0].type == "Register" and 
                         op.operands[0].size == 64 and 
                         op.operands[1].type == "AbsoluteMemory" and 
@@ -207,7 +210,8 @@ def copy_data_block(self, full_addr):
                                         vm = addr_space)
             # mov r11, cs:KiWaitAlways (Win 8 x64)
             # xor rdx, cs:KiWaitAlways (Win 8.1 x64)
-            elif (not wait_always and op.mnemonic in ["MOV", "XOR"] and 
+            elif (not wait_always and 
+                        op.mnemonic in ["MOV", "XOR"] and 
                         op.operands[0].type == "Register" and 
                         op.operands[0].size == 64 and 
                         op.operands[1].type == "AbsoluteMemory" and 

From 5c728c8d2b3bb885993bd71d8e80f78215b93a89 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 11 Feb 2019 13:31:30 -0600
Subject: [PATCH 255/304] Linux - fix the 1000th iteration mount list
 corruption

---
 volatility/plugins/linux/mount.py | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/volatility/plugins/linux/mount.py b/volatility/plugins/linux/mount.py
index 92f39e3eb..327f77df7 100644
--- a/volatility/plugins/linux/mount.py
+++ b/volatility/plugins/linux/mount.py
@@ -93,6 +93,7 @@ def calculate(self):
                 continue
 
             seen = {}
+            mseen = {}
             for mnt in outerlist.list_of_type(mnttype, "mnt_hash"):
                 if mnt.v() in seen:
                     break
@@ -103,20 +104,30 @@ def calculate(self):
                     break
 
                 if mnt.is_valid():
-                    hash_mnts[mnt]            = 1
+                    mkey = mnt.v()
+                    if not mkey in mseen:
+                        hash_mnts[mnt] = 1
+                        mseen[mkey] = 1 
                 else:
                     break
 
                 if mnt.mnt_parent.is_valid():
-                    hash_mnts[mnt.mnt_parent] = 1
-    
-                if mnt.mnt_parent.mnt_parent.is_valid():    
-                    hash_mnts[mnt.mnt_parent.mnt_parent] = 1
+                    mkey = mnt.mnt_parent.v()
+                    if not mkey in mseen:        
+                        hash_mnts[mnt.mnt_parent] = 1
+                        mseen[mkey] = 1
+
+                if mnt.mnt_parent.mnt_parent.is_valid(): 
+                    mkey = mnt.mnt_parent.mnt_parent.v()
+                    if not mkey in mseen:   
+                        hash_mnts[mnt.mnt_parent.mnt_parent] = 1
+                        mseen[mkey] = 1
 
         child_mnts = {}
         for mnt in hash_mnts:
             cseen = {}
             for child_mnt in mnt.mnt_child.list_of_type(mnttype, "mnt_child"):
+                
                 if not child_mnt.is_valid():
                     break
                 
@@ -125,6 +136,9 @@ def calculate(self):
                 if child_mnt.v() in cseen:
                     break
 
+                if len(child_mnts.keys()) > 1024:
+                    break
+
                 cseen[child_mnt.v()] = 1
   
                 if child_mnt.mnt_parent.is_valid():

From 82cfd41b4b04b6714e488de63d26416375790134 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 11 Feb 2019 13:45:49 -0600
Subject: [PATCH 256/304] Mac - fix smearing corruption in route cache
 gathering

---
 volatility/plugins/mac/route.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/mac/route.py b/volatility/plugins/mac/route.py
index cffb4d3b5..f9a6530bc 100644
--- a/volatility/plugins/mac/route.py
+++ b/volatility/plugins/mac/route.py
@@ -53,13 +53,14 @@ def _get_table(self, tbl):
 
             rn = rn.rn_parent.rn_u.rn_node.rn_R
 
-            while rn.is_valid() and rn.rn_bit >= 0:
+            i = 0
+            while i < 1024 and rn.is_valid() and rn.rn_bit >= 0:
                 rn = rn.rn_u.rn_node.rn_L
+                i = i + 1
 
             nextptr = rn
 
             while base.v() != 0:
-    
                 rn = base
                 base = rn.rn_u.rn_leaf.rn_Dupedkey
 

From ef758329d4802275dd0899b832cf118436be8b13 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 11 Feb 2019 14:15:01 -0600
Subject: [PATCH 257/304] Linux - update check_idt for new data structure

---
 volatility/plugins/linux/check_idt.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/linux/check_idt.py b/volatility/plugins/linux/check_idt.py
index b9887db65..311472641 100644
--- a/volatility/plugins/linux/check_idt.py
+++ b/volatility/plugins/linux/check_idt.py
@@ -70,10 +70,15 @@ def calculate(self):
         check_idxs = list(range(0, 20)) + [128]
 
         if self.profile.metadata.get('memory_model', '32bit') == "32bit":
-            idt_type = "desc_struct"
+            if self.profile.has_type("gate_struct"):
+                idt_type = "gate_struct"
+            else:
+                idt_type = "desc_struct"
         else:
             if self.profile.has_type("gate_struct64"):
                 idt_type = "gate_struct64"
+            elif self.profile.has_type("gate_struct"):
+                idt_type = "gate_struct"
             else:
                 idt_type = "idt_desc"
 
@@ -95,7 +100,11 @@ def calculate(self):
                 else:
                     low    = ent.offset_low
                     middle = ent.offset_middle
-                    high   = ent.offset_high
+                    
+                    if hasattr(ent, "offset_high"):
+                        high   = ent.offset_high
+                    else:
+                        high = 0
 
                     idt_addr = (high << 32) | (middle << 16) | low
 

From 975b5578475036ff4b554656e07426a6f9fb844b Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 11 Feb 2019 17:37:34 -0600
Subject: [PATCH 258/304] Linux - update pidhashtable to fix bug

---
 volatility/plugins/linux/pidhashtable.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/pidhashtable.py b/volatility/plugins/linux/pidhashtable.py
index 29fda1e7b..336128cb8 100644
--- a/volatility/plugins/linux/pidhashtable.py
+++ b/volatility/plugins/linux/pidhashtable.py
@@ -339,7 +339,7 @@ def _walk_xarray_pids(self):
                 yield node
 
     def pid_namespace_idr(self):
-        if hasattr("radix_tree_root", "rnode"):
+        if self.addr_space.profile.obj_has_member("radix_tree_root", "rnode"):
             func = self._walk_pid_ns_idr
         else:
             func = self._walk_xarray_pids

From 753bfa87b62ecf4652f1850ebb8dd8d719a953a8 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 11 Feb 2019 18:47:58 -0600
Subject: [PATCH 259/304] Linux - fix smear issue in check_fop

---
 volatility/plugins/linux/check_fops.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/check_fops.py b/volatility/plugins/linux/check_fops.py
index a81fc4871..72ae9e40b 100644
--- a/volatility/plugins/linux/check_fops.py
+++ b/volatility/plugins/linux/check_fops.py
@@ -122,7 +122,10 @@ def _walk_proc_old(self, cur, f_op_members, modules, parent):
                     break
 
                 cur = cur.next
-                continue
+                if cur.obj_offset in self.seen_proc:
+                    break
+                else:
+                    continue
 
             self.seen_proc[cur.obj_offset] = 1
                 

From 1e2a985861ce38b92174580802e19a321466218b Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 27 Feb 2019 13:51:49 -0600
Subject: [PATCH 260/304] Mac - smear protection on process maps walking and
 task enumeration

---
 volatility/plugins/mac/pstasks.py      | 18 ++++++++++++------
 volatility/plugins/overlays/mac/mac.py | 11 ++++++++++-
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/volatility/plugins/mac/pstasks.py b/volatility/plugins/mac/pstasks.py
index c7749f3f9..fbfa91e94 100644
--- a/volatility/plugins/mac/pstasks.py
+++ b/volatility/plugins/mac/pstasks.py
@@ -37,12 +37,18 @@ def allprocs(self):
         tasksaddr = self.addr_space.profile.get_symbol("_tasks")
         queue_entry = obj.Object("queue_entry", offset = tasksaddr, vm = self.addr_space)
 
-        seen = [tasksaddr]
+        seen = { tasksaddr : 1 }
 
         for task in queue_entry.walk_list(list_head = tasksaddr):
-            if (task.bsd_info and task.obj_offset not in seen):
-                proc = task.bsd_info.dereference_as("proc") 
-                yield proc
-            
-            seen.append(task.obj_offset)
+            if task.obj_offset not in seen:
+                seen[task.obj_offset] = 0
+
+                if task.bsd_info:
+                    proc = task.bsd_info.dereference_as("proc") 
+                    yield proc
+            else:
+                if seen[task.obj_offset] > 3:
+                    break
+
+                seen[task.obj_offset] = seen[task.obj_offset] + 1
 
diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 81dca3832..66eec5d0d 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1099,7 +1099,13 @@ def get_dyld_maps(self):
     def get_proc_maps(self):
         map = self.task.map.hdr.links.next
 
+        seen = set()
+
         for i in xrange(self.task.map.hdr.nentries):
+            if map.v() in seen:
+                break
+            seen.add(map.v())
+
             if not map:
                 break
             yield map
@@ -1517,9 +1523,12 @@ def get_path(self):
             ret = vnode  
         elif vnode:
             path = []
-            while vnode:
+            seen = set()
+            while vnode and vnode.v() not in seen:
+                seen.add(vnode.v())
                 path.append(str(vnode.v_name.dereference() or ''))
                 vnode = vnode.v_parent
+
             path.reverse()
             ret = "/".join(path)
         else:

From e2712e586fd5cf88bff333c66e5565660cae8674 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 27 Feb 2019 18:02:43 -0600
Subject: [PATCH 261/304] Mac - protect against list_files smearing

---
 volatility/plugins/mac/list_files.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/mac/list_files.py b/volatility/plugins/mac/list_files.py
index b9a655281..5e80e979f 100644
--- a/volatility/plugins/mac/list_files.py
+++ b/volatility/plugins/mac/list_files.py
@@ -112,7 +112,7 @@ def list_files(config):
         
                 entry = [str(name), par_offset, parent]
                 vnodes[parent.obj_offset] = entry
-                
+               
                 parent = next_parent  
 
         ## build the full paths for all directories
@@ -132,7 +132,11 @@ def list_files(config):
                 full_path = parent_vnodes[parent] + "/" + name
             else:
                 paths = [name]
-                while parent:
+                seen_subs = set()
+
+                while parent and parent not in seen_subs:
+                    seen_subs.add(parent)
+
                     entry = vnodes.get(parent)
                 
                     ## a vnode's parent wasn't found or 

From 794d15e4adb4dc3c4190c70ac51f31e3f0c0de97 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 27 Feb 2019 20:47:24 -0600
Subject: [PATCH 262/304] Mac - update full path calc with smear protection

---
 volatility/plugins/overlays/mac/mac.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 66eec5d0d..3b2d07f0b 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -305,18 +305,23 @@ def is_dir(self):
     def is_reg(self):
         return self.v_type == 1
 
-    def _do_calc_path(self, ret, vnodeobj, vname):
+    def _do_calc_path(self, ret, vnodeobj, vname, vnode_offsets):
         if vnodeobj == None:
             return 
 
+        if vnodeobj.v() in vnode_offsets:
+            return
+
+        vnode_offsets.append(vnodeobj.v())
+
         if vname:
             ret.append(vname)
 
         if vnodeobj.v_flag.v() & 0x000001 != 0 and vnodeobj.v_mount.v() != 0: 
             if vnodeobj.v_mount.mnt_vnodecovered.v() != 0:
-                self._do_calc_path(ret, vnodeobj.v_mount.mnt_vnodecovered, vnodeobj.v_mount.mnt_vnodecovered.v_name)
+                self._do_calc_path(ret, vnodeobj.v_mount.mnt_vnodecovered, vnodeobj.v_mount.mnt_vnodecovered.v_name, vnode_offsets)
         else:  
-            self._do_calc_path(ret, vnodeobj.v_parent, vnodeobj.v_parent.v_name)
+            self._do_calc_path(ret, vnodeobj.v_parent, vnodeobj.v_parent.v_name, vnode_offsets)
                 
     def full_path(self):
         if self.v_flag.v() & 0x000001 != 0 and self.v_mount.v() != 0 and self.v_mount.mnt_flag.v() & 0x00004000 != 0:
@@ -325,7 +330,7 @@ def full_path(self):
             elements = []
             files = []
 
-            self._do_calc_path(elements, self, self.v_name)
+            self._do_calc_path(elements, self, self.v_name, [])
             elements.reverse()
 
             for e in elements:

From 2c2fad914fd764af7c3e3a41eec4109add86d282 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Mon, 1 Apr 2019 10:18:03 -0500
Subject: [PATCH 263/304] add an additional sanity check to windows services,
 exclude those without valid service type values

---
 volatility/plugins/malware/svcscan.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/malware/svcscan.py b/volatility/plugins/malware/svcscan.py
index 982cca2e1..dc14a249f 100644
--- a/volatility/plugins/malware/svcscan.py
+++ b/volatility/plugins/malware/svcscan.py
@@ -141,10 +141,12 @@ def Pid(self):
 
     def is_valid(self):
         "Check some fields for validity"
+        type_flags_max = sum([(1 << v) for v in SERVICE_TYPE_FLAGS.values()])
         return obj.CType.is_valid(self) and self.Order > 0 and \
                self.Order < 0xFFFF and \
                self.State.v() in SERVICE_STATE_ENUM and \
-               self.Start.v() in SERVICE_START_ENUM
+               self.Start.v() in SERVICE_START_ENUM and \
+               self.Type.v() < type_flags_max
 
     def traverse(self):
 

From 76685dbf9541aab14dce9b75a7c5a6fdeeb163bc Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Mon, 1 Apr 2019 11:05:37 -0500
Subject: [PATCH 264/304] patch the windows handles() plugin for older no PAT
 systems

---
 volatility/plugins/overlays/windows/windows.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index de6f7d81f..f4ec6edcd 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -848,6 +848,12 @@ def _make_handle_array(self, offset, level, depth = 0):
             count = 0x1000 / self.obj_vm.profile.get_obj_size("_HANDLE_TABLE_ENTRY")
             targetType = "_HANDLE_TABLE_ENTRY"
 
+        # as seen on an XP 32-bit system with no PAT, the kernel address 0 can
+        # be valid, leading to successful instantiation of a handle array at
+        # address zero, and lots of wasted resources from then on. stop it here.
+        if offset == 0:
+            raise StopIteration
+
         table = obj.Object("Array", offset = offset, vm = self.obj_vm, count = count,
                            targetType = targetType, parent = self, native_vm = self.obj_native_vm)
 

From 63f31e7359b52e133eda11dcf87591d802c934c9 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Tue, 2 Apr 2019 08:37:31 -0500
Subject: [PATCH 265/304] handle cases where a service's ImagePath is
 REG_MULTI_SZ

in the observed case, the ImagePath was REG_MULTI_SZ but all strings except the first were blank/empty, so they should be safe to discard
---
 volatility/plugins/malware/svcscan.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/volatility/plugins/malware/svcscan.py b/volatility/plugins/malware/svcscan.py
index dc14a249f..206f63d0e 100644
--- a/volatility/plugins/malware/svcscan.py
+++ b/volatility/plugins/malware/svcscan.py
@@ -530,6 +530,9 @@ def get_service_info(regapi):
 
             image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey)
             if image_path:
+                # this could be REG_SZ or REG_MULTI_SZ
+                if isinstance(image_path, list):
+                    image_path = image_path[0]
                 path_value = utils.remove_unprintable(image_path)
 
             failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey)

From 1cd33e071ca139764799864c42c5eef352d2e9b3 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 22 Apr 2019 14:01:20 -0500
Subject: [PATCH 266/304] Update mount enumeration v1

---
 volatility/plugins/linux/mount.py | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/linux/mount.py b/volatility/plugins/linux/mount.py
index 327f77df7..52947c8a2 100644
--- a/volatility/plugins/linux/mount.py
+++ b/volatility/plugins/linux/mount.py
@@ -42,6 +42,26 @@ def _parse_mnt(self, mnt, ns, fs_types):
         if not dev_name.is_valid():
             return ret
 
+        if len(dev_name) < 3:
+            return ret
+
+        new_name = False
+
+        for nn in str(dev_name)[:3]:
+            n = ord(nn)
+            if n < 32 or n > 126 or n == 63: # 63 = ?
+                new_name = True
+                break
+ 
+        if new_name == True:
+            s = obj.Object("Pointer", offset = mnt.mnt_devname.obj_offset + 16, vm = self.addr_space)
+            if not s.is_valid():
+                return ret
+
+            dev_name = s.dereference_as("String", length = linux_common.MAX_STRING_LENGTH)
+            if not dev_name.is_valid() or len(dev_name) < 3:
+                return ret
+
         fstype = mnt.mnt_sb.s_type.name.dereference_as("String", length = linux_common.MAX_STRING_LENGTH)
 
         if not fstype.is_valid():
@@ -153,8 +173,7 @@ def calculate(self):
         for t in tmp_mnts:
             tt = t.mnt_devname.dereference_as("String", length = linux_common.MAX_STRING_LENGTH)
             if tt:
-                tmp = str(tt)
-                if len(str(tmp)) > 2 and (str(tmp)[0] == '/' or tmp in ['devtmpfs', 'proc', 'sysfs', 'nfsd', 'tmpfs', 'sunrpc', 'devpts', 'none']):
+                if len(str(tt)) > 2:
                     all_mnts.append(t)
 
         list_mnts    = {} 

From b87c4648eda8fe20e40badddf30002545f565d1a Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 22 Apr 2019 14:07:38 -0500
Subject: [PATCH 267/304] Update mount enumeration v2

---
 volatility/plugins/linux/common.py | 10 +++++-----
 volatility/plugins/linux/mount.py  |  7 +------
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/volatility/plugins/linux/common.py b/volatility/plugins/linux/common.py
index efe68cb20..f714f249b 100644
--- a/volatility/plugins/linux/common.py
+++ b/volatility/plugins/linux/common.py
@@ -144,7 +144,7 @@ def walk_internal_list(struct_name, list_member, list_start, addr_space = None):
         list_start = getattr(list_struct, list_member)
 
 # based on __d_path
-def do_get_path(rdentry, rmnt, dentry, vfsmnt):
+def do_get_path(dentry, rmnt, rdentry, vfsmnt):
     ret_path = []
 
     inode = dentry.d_inode
@@ -153,16 +153,16 @@ def do_get_path(rdentry, rmnt, dentry, vfsmnt):
         return []
 
     while (dentry != rdentry or vfsmnt != rmnt) and dentry.d_name.name.is_valid():
-        dname = dentry.d_name.name.dereference_as("String", length = MAX_STRING_LENGTH)
-
-        ret_path.append(dname.strip('/'))
-
         if dentry == vfsmnt.mnt_root or dentry == dentry.d_parent:
+            ret_path.append('')
             if vfsmnt.mnt_parent == vfsmnt.v():
                 break
             dentry = vfsmnt.mnt_mountpoint
             vfsmnt = vfsmnt.mnt_parent
             continue
+        
+        dname = dentry.d_name.name.dereference_as("String", length = MAX_STRING_LENGTH)
+        ret_path.append(dname.strip('/'))
 
         parent = dentry.d_parent
         dentry = parent
diff --git a/volatility/plugins/linux/mount.py b/volatility/plugins/linux/mount.py
index 52947c8a2..d5e2fcd48 100644
--- a/volatility/plugins/linux/mount.py
+++ b/volatility/plugins/linux/mount.py
@@ -67,12 +67,7 @@ def _parse_mnt(self, mnt, ns, fs_types):
         if not fstype.is_valid():
             return ret
 
-        #print fs_types
-        #if str(fstype) not in fs_types:
-        #    return ret
-
         path = linux_common.do_get_path(mnt.mnt_sb.s_root, mnt.mnt_parent, mnt.mnt_root, mnt)
-
         if path == []:
             return ret
 
@@ -173,7 +168,7 @@ def calculate(self):
         for t in tmp_mnts:
             tt = t.mnt_devname.dereference_as("String", length = linux_common.MAX_STRING_LENGTH)
             if tt:
-                if len(str(tt)) > 2:
+                if len(str(tt)) > 2 or str(tt)[0] == '/':
                     all_mnts.append(t)
 
         list_mnts    = {} 

From c87f60b514beccbba925236c843d50a1f70faf15 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 29 Apr 2019 10:33:29 -0500
Subject: [PATCH 268/304] Filter out invalid macho headers from AS loading

---
 volatility/plugins/addrspaces/macho.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/volatility/plugins/addrspaces/macho.py b/volatility/plugins/addrspaces/macho.py
index 58f006b8e..10ddb1dbd 100644
--- a/volatility/plugins/addrspaces/macho.py
+++ b/volatility/plugins/addrspaces/macho.py
@@ -86,5 +86,10 @@ def parse_macho(self):
             self.segs.append(seg)
             # Since these values will be used a lot, make sure they aren't reread (ie, no objects in the runs list)
             run = (int(seg.vmaddr), int(seg.fileoff), int(seg.vmsize))
+
+            self.as_assert(seg.vmaddr > 4096, "Invalid run address")
+            self.as_assert(self.vmsize >= 4096, "Invalid run size")
+
             self.runs.append(run)
+
             offset = offset + seg.cmdsize

From 17a2dfa9527856cad1a663ffc758faba531d6357 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 29 Apr 2019 14:20:34 -0500
Subject: [PATCH 269/304] Mac - add more sources of vnodes for cached file
 enumeration

---
 volatility/plugins/mac/list_files.py | 34 +++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/mac/list_files.py b/volatility/plugins/mac/list_files.py
index 5e80e979f..1aabfd9bb 100644
--- a/volatility/plugins/mac/list_files.py
+++ b/volatility/plugins/mac/list_files.py
@@ -41,6 +41,20 @@ def __init__(self, config, *args, **kwargs):
             help = 'Show orphans (vnodes without a parent)', 
             action = 'store_true')
 
+    @staticmethod
+    def walk_vnodelist(listhead, loop_vnodes):
+        seen = set()
+
+        vnode = listhead.tqh_first.dereference()
+        while vnode:
+            if vnode in seen:
+                break
+
+            loop_vnodes.add(vnode)
+            vnode = vnode.v_mntvnodes.tqe_next.dereference()
+        
+        return loop_vnodes
+
     @staticmethod
     def list_files(config):
     
@@ -48,11 +62,24 @@ def list_files(config):
         mounts = plugin.calculate()
         vnodes = {}
         parent_vnodes = {}
+        loop_vnodes = set()
 
+        seen = set()
         ## build an initial table of all vnodes 
         for mount in mounts:
-            vnode = mount.mnt_vnodelist.tqh_first.dereference()
+            loop_vnodes = mac_list_files.walk_vnodelist(mount.mnt_vnodelist, loop_vnodes)
+
+            loop_vnodes = mac_list_files.walk_vnodelist(mount.mnt_workerqueue, loop_vnodes)
+
+            loop_vnodes = mac_list_files.walk_vnodelist(mount.mnt_newvnodes, loop_vnodes)
+
+            loop_vnodes.add(mount.mnt_vnodecovered)
 
+            loop_vnodes.add(mount.mnt_realrootvp)
+
+            loop_vnodes.add(mount.mnt_devvp)
+
+        for vnode in loop_vnodes:
             while vnode:
                 ## abort here to prevent going in a loop 
                 if vnode.obj_offset in vnodes:
@@ -66,6 +93,7 @@ def list_files(config):
                 
                     entry = [name, None, vnode]
                     vnodes[vnode.obj_offset] = entry
+                
  
                 else:
                     name = vnode.v_name.dereference()
@@ -82,7 +110,7 @@ def list_files(config):
             
                     entry = [name, par_offset, vnode]
                     vnodes[vnode.obj_offset] = entry
-                
+                    
                 vnode = vnode.v_mntvnodes.tqe_next.dereference() 
 
         ## account for vnodes that aren't in the list but are 
@@ -114,7 +142,7 @@ def list_files(config):
                 vnodes[parent.obj_offset] = entry
                
                 parent = next_parent  
-
+        
         ## build the full paths for all directories
         for key, val in vnodes.items():
             name, parent, vnode = val

From 56c491b499b20167bca7d8adbf7ca74b8136a30b Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 30 Apr 2019 08:41:03 -0500
Subject: [PATCH 270/304] Mac - better protect notifiers from smear

---
 volatility/plugins/mac/notifiers.py | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/volatility/plugins/mac/notifiers.py b/volatility/plugins/mac/notifiers.py
index 85750f822..472f8b7da 100644
--- a/volatility/plugins/mac/notifiers.py
+++ b/volatility/plugins/mac/notifiers.py
@@ -53,6 +53,9 @@ def calculate(self):
         p = obj.Object("Pointer", offset = gnotify_addr, vm = self.addr_space)
         gnotifications = p.dereference_as(self._struct_or_class("OSDictionary"))
 
+        if gnotifications.count > 1024:
+            return
+
         ents = obj.Object('Array', offset = gnotifications.dictionary, 
                           vm = self.addr_space, 
                           targetType = self._struct_or_class("dictEntry"), 
@@ -60,7 +63,6 @@ def calculate(self):
 
         # walk the current set of notifications
         for ent in ents:
-
             if ent == None or not ent.is_valid():
                 continue
 
@@ -68,12 +70,17 @@ def calculate(self):
 
             # get the value
             valset = ent.value.dereference_as(self._struct_or_class("OSOrderedSet"))
+            if valset == None or valset.count > 1024:
+                continue
 
             notifiers_ptrs = obj.Object('Array', offset = valset.array, 
                                         vm = self.addr_space, 
                                         targetType = 'Pointer', 
                                         count = valset.count)
-            
+ 
+            if notifiers_ptrs == None:
+                continue
+ 
             for ptr in notifiers_ptrs:
                 notifier = ptr.dereference_as(self._struct_or_class("_IOServiceNotifier"))
 
@@ -81,6 +88,8 @@ def calculate(self):
                     continue
 
                 matches = self.get_matching(notifier)
+                if matches == []:
+                    continue
 
                 # this is the function that handles whatever the notification is for
                 # this should be only in the kernel or in one of the known IOKit 
@@ -98,18 +107,22 @@ def calculate(self):
     # returns the list of matching notifiers (serviceMatch) for a notifier as a string
     def get_matching(self, notifier):
         matches = []
-   
+
+        if notifier.matching.count > 1024:
+            return matches  
+ 
         ents = obj.Object('Array', offset = notifier.matching.dictionary, 
                           vm = self.addr_space, 
                           targetType = self._struct_or_class("dictEntry"), 
                           count = notifier.matching.count)
 
         for ent in ents:
-            if ent == None:
+            if ent == None or ent.value == None:
                 continue
-
+ 
             match = ent.value.dereference_as(self._struct_or_class("OSString"))        
-            matches.append(str(match))
+            if len(str(match)) > 0:
+                matches.append(str(match))
 
         return ",".join(matches)
 

From 781d74acf3f72b435e7e76abc21b523cf5178ac1 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 30 Apr 2019 14:16:02 -0500
Subject: [PATCH 271/304] Mac - fix bug in list_files

---
 volatility/plugins/mac/list_files.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/volatility/plugins/mac/list_files.py b/volatility/plugins/mac/list_files.py
index 1aabfd9bb..aae0b7169 100644
--- a/volatility/plugins/mac/list_files.py
+++ b/volatility/plugins/mac/list_files.py
@@ -50,7 +50,10 @@ def walk_vnodelist(listhead, loop_vnodes):
             if vnode in seen:
                 break
 
+            seen.add(vnode)
+
             loop_vnodes.add(vnode)
+
             vnode = vnode.v_mntvnodes.tqe_next.dereference()
         
         return loop_vnodes

From 74f1134865d386563acf4221befcacbc767521f4 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 21 May 2019 14:33:24 -0500
Subject: [PATCH 272/304] Linux - more smear protection

---
 volatility/plugins/linux/mount.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/linux/mount.py b/volatility/plugins/linux/mount.py
index d5e2fcd48..13360b223 100644
--- a/volatility/plugins/linux/mount.py
+++ b/volatility/plugins/linux/mount.py
@@ -62,11 +62,21 @@ def _parse_mnt(self, mnt, ns, fs_types):
             if not dev_name.is_valid() or len(dev_name) < 3:
                 return ret
 
+            for nn in str(dev_name)[:3]:
+                n = ord(nn)
+                if n < 32 or n > 126 or n == 63: # 63 = ?
+                    return ret
+ 
         fstype = mnt.mnt_sb.s_type.name.dereference_as("String", length = linux_common.MAX_STRING_LENGTH)
 
-        if not fstype.is_valid():
+        if not fstype.is_valid() or len(fstype) < 3:
             return ret
 
+        for nn in str(fstype)[:3]:
+            n = ord(nn)
+            if n < 32 or n > 126 or n == 63: # 63 = ?
+                return ret
+
         path = linux_common.do_get_path(mnt.mnt_sb.s_root, mnt.mnt_parent, mnt.mnt_root, mnt)
         if path == []:
             return ret
@@ -168,7 +178,7 @@ def calculate(self):
         for t in tmp_mnts:
             tt = t.mnt_devname.dereference_as("String", length = linux_common.MAX_STRING_LENGTH)
             if tt:
-                if len(str(tt)) > 2 or str(tt)[0] == '/':
+                if len(str(tt)) > 2 or (len(str(tt)) > 1 and str(tt)[0] == '/'):
                     all_mnts.append(t)
 
         list_mnts    = {} 

From f44fe060a452682ceba3bbb999d86da6724da017 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 21 May 2019 14:37:01 -0500
Subject: [PATCH 273/304] Mac - route cache smear protection

---
 volatility/plugins/mac/route.py | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/mac/route.py b/volatility/plugins/mac/route.py
index f9a6530bc..1167e7ee1 100644
--- a/volatility/plugins/mac/route.py
+++ b/volatility/plugins/mac/route.py
@@ -34,10 +34,15 @@ class mac_route(common.AbstractMacCommand):
     def _get_table(self, tbl):
         rnh = tbl #obj.Object("radix_node", offset=tbl.v(), vm=self.addr_space)
         rn = rnh.rnh_treetop
-        
+       
+        seen = set() 
         while rn.is_valid() and rn.rn_bit >= 0:
-            rn = rn.rn_u.rn_node.rn_L
+            if rn.v() in seen:
+                break
+            seen.add(rn.v())
 
+            rn = rn.rn_u.rn_node.rn_L
+            
         rnhash = {}
 
         while rn.is_valid():
@@ -48,7 +53,12 @@ def _get_table(self, tbl):
 
             rnhash[rn] = 1
 
+            seen = set() 
             while rn.is_valid() and rn.rn_parent.rn_u.rn_node.rn_R == rn and rn.rn_flags & 2 == 0:
+                if rn.v() in seen:
+                    break
+                seen.add(rn.v())
+
                 rn = rn.rn_parent
 
             rn = rn.rn_parent.rn_u.rn_node.rn_R
@@ -60,7 +70,12 @@ def _get_table(self, tbl):
 
             nextptr = rn
 
+            seen = set()
             while base.v() != 0:
+                if base.v() in seen:
+                    break
+                seen.add(base.v())
+
                 rn = base
                 base = rn.rn_u.rn_leaf.rn_Dupedkey
 

From 019b0f9fdccac233d856333bb75b48ed7b9ff337 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 22 May 2019 13:30:12 -0500
Subject: [PATCH 274/304] Linux - add file extraction support for 4.18-4.20

---
 volatility/plugins/linux/find_file.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/volatility/plugins/linux/find_file.py b/volatility/plugins/linux/find_file.py
index 7591fcc4c..0a69a62a0 100644
--- a/volatility/plugins/linux/find_file.py
+++ b/volatility/plugins/linux/find_file.py
@@ -352,6 +352,8 @@ def walk_xarray(self, inode, offset):
     def find_get_page(self, inode, offset):
         if hasattr(inode.i_mapping, "page_tree"):
             page = self.radix_tree_lookup_slot(inode.i_mapping.page_tree, offset)
+        elif hasattr(inode.i_mapping.i_pages, "rnode"):
+            page = self.radix_tree_lookup_slot(inode.i_mapping.i_pages, offset)
         else:
             page = self.walk_xarray(inode, offset)
 

From 73cc683ab8715b619536655856423617d545e74f Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 12 Jun 2019 13:15:45 -0500
Subject: [PATCH 275/304] Mac - prevent smeared process memory ranges from
 being reported

---
 volatility/plugins/overlays/mac/mac.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 3b2d07f0b..668a3753e 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1113,7 +1113,12 @@ def get_proc_maps(self):
 
             if not map:
                 break
-            yield map
+
+            map_size = int(map.links.end - map.links.start)
+
+            if 4095 < map_size < 0x800000000000 and map_size % 4096 == 0:
+                yield map
+
             map = map.links.next
 
     def find_heap_map(self):

From d5b5ad8ed99916b877c94b07d9e084a40e123a4e Mon Sep 17 00:00:00 2001
From: Fabio <pagabuc@gmail.com>
Date: Wed, 4 Jul 2018 17:40:44 +0200
Subject: [PATCH 276/304] Handling kuid_t/kgid_t types in struct inode

---
 volatility/plugins/linux/dentry_cache.py       |  2 +-
 volatility/plugins/linux/recover_filesystem.py |  2 +-
 volatility/plugins/overlays/linux/linux.py     | 18 ++++++++++++++++++
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/linux/dentry_cache.py b/volatility/plugins/linux/dentry_cache.py
index c5845c3c3..b4fbfd2cf 100644
--- a/volatility/plugins/linux/dentry_cache.py
+++ b/volatility/plugins/linux/dentry_cache.py
@@ -47,7 +47,7 @@ def make_body(self, dentry):
         i = dentry.d_inode
         
         if i:
-            ret = [0, path, i.i_ino, 0, i.i_uid, i.i_gid, i.i_size, i.i_atime, i.i_mtime, 0, i.i_ctime]
+            ret = [0, path, i.i_ino, 0, i.uid, i.gid, i.i_size, i.i_atime, i.i_mtime, 0, i.i_ctime]
         else:
             ret = [0, path] + [0] * 8
             
diff --git a/volatility/plugins/linux/recover_filesystem.py b/volatility/plugins/linux/recover_filesystem.py
index ccfc9cb70..0b5bd3d93 100644
--- a/volatility/plugins/linux/recover_filesystem.py
+++ b/volatility/plugins/linux/recover_filesystem.py
@@ -47,7 +47,7 @@ def _fix_metadata(self, file_path, file_dentry):
             out_path = os.path.join(self._config.DUMP_DIR, *ents)
 
             os.chmod(out_path, inode.i_mode & 00777)
-            os.chown(out_path, inode.i_uid, inode.i_gid)
+            os.chown(out_path, inode.uid, inode.gid)
             os.utime(out_path, (inode.i_atime.tv_sec, inode.i_mtime.tv_sec))
 
     def _write_file(self, ff, file_path, file_dentry):
diff --git a/volatility/plugins/overlays/linux/linux.py b/volatility/plugins/overlays/linux/linux.py
index eb19d3446..d0df4ecc3 100644
--- a/volatility/plugins/overlays/linux/linux.py
+++ b/volatility/plugins/overlays/linux/linux.py
@@ -2244,7 +2244,25 @@ def minor(self):
         return self.s_dev & ((1 << 20) - 1)
 
 class inode(obj.CType):
+    @property
+    def uid(self):
+        
+        try:
+            ret = int(self.i_uid)
+        except TypeError:
+            ret = int(self.i_uid.val)
+
+        return ret
 
+    @property
+    def gid(self):
+        
+        try:
+            ret = int(self.i_gid)
+        except TypeError:
+            ret = int(self.i_gid.val)
+        return ret
+    
     def is_dir(self):
         """Mimic the S_ISDIR macro"""
         return self.i_mode & linux_flags.S_IFMT == linux_flags.S_IFDIR

From d1e3c41ff01943a2334bfe39adf935c9cb8be66c Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 10 Jul 2019 11:22:39 -0500
Subject: [PATCH 277/304] Update pidhashtable for 4.18+

---
 volatility/plugins/linux/pidhashtable.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/pidhashtable.py b/volatility/plugins/linux/pidhashtable.py
index 336128cb8..d41341100 100644
--- a/volatility/plugins/linux/pidhashtable.py
+++ b/volatility/plugins/linux/pidhashtable.py
@@ -339,7 +339,9 @@ def _walk_xarray_pids(self):
                 yield node
 
     def pid_namespace_idr(self):
-        if self.addr_space.profile.obj_has_member("radix_tree_root", "rnode"):
+        if not self.addr_space.profile.has_type("radix_tree_root"):
+            func = self._walk_xarray_pids
+        elif self.addr_space.profile.obj_has_member("radix_tree_root", "rnode"):
             func = self._walk_pid_ns_idr
         else:
             func = self._walk_xarray_pids

From 8769579a8312603450129dd18b0a101152ba3d48 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 10 Jul 2019 11:22:51 -0500
Subject: [PATCH 278/304] Update check_afinfo for 4.18+

---
 volatility/plugins/linux/check_afinfo.py | 50 +++++++++++++++++-------
 1 file changed, 35 insertions(+), 15 deletions(-)

diff --git a/volatility/plugins/linux/check_afinfo.py b/volatility/plugins/linux/check_afinfo.py
index 31f483b2e..6905daf11 100644
--- a/volatility/plugins/linux/check_afinfo.py
+++ b/volatility/plugins/linux/check_afinfo.py
@@ -32,43 +32,34 @@
 class linux_check_afinfo(linux_common.AbstractLinuxCommand):
     """Verifies the operation function pointers of network protocols"""
 
-    def check_members(self, var_ops, var_name, members, modules):
-
+    def check_members(self, var_ops, members, modules):
         for (hooked_member, hook_address) in self.verify_ops(var_ops, members, modules):
             yield (hooked_member, hook_address)
 
     def check_afinfo(self, var_name, var, op_members, seq_members, modules):
-
-        for (hooked_member, hook_address) in self.check_members(var.seq_fops, var_name, op_members,  modules):
+        for (hooked_member, hook_address) in self.check_members(var.seq_fops, op_members,  modules):
             yield (var_name, hooked_member, hook_address)
-
+        
         # newer kernels
         if hasattr(var, "seq_ops"):
-            for (hooked_member, hook_address) in self.check_members(var.seq_ops, var_name, seq_members, modules):
+            for (hooked_member, hook_address) in self.check_members(var.seq_ops, seq_members, modules):
                 yield (var_name, hooked_member, hook_address) 
                 
         elif not self.is_known_address(var.seq_show, modules):
             yield (var_name, "show", var.seq_show)
 
-    def calculate(self):
-        linux_common.set_plugin_members(self)
-        
-        modules  = linux_lsmod.linux_lsmod(self._config).get_modules()
+    def _pre_4_18(self, modules, seq_members):
         op_members  = self.profile.types['file_operations'].keywords["members"].keys()
-        seq_members = self.profile.types['seq_operations'].keywords["members"].keys()       
 
         tcp = ("tcp_seq_afinfo", ["tcp6_seq_afinfo", "tcp4_seq_afinfo"])
         udp = ("udp_seq_afinfo", ["udplite6_seq_afinfo", "udp6_seq_afinfo", "udplite4_seq_afinfo", "udp4_seq_afinfo"])
         protocols = [tcp, udp]
 
-        for proto in protocols:
-            
+        for proto in protocols:    
             struct_type = proto[0]
 
             for global_var_name in proto[1]:
-                
                 global_var_addr = self.addr_space.profile.get_symbol(global_var_name)
-
                 if not global_var_addr:
                     continue
 
@@ -76,6 +67,35 @@ def calculate(self):
 
                 for (name, member, address) in self.check_afinfo(global_var_name, global_var, op_members, seq_members, modules):
                     yield (name, member, address)
+    
+    # https://lore.kernel.org/patchwork/patch/901043/
+    def _4_18_plus(self, modules, seq_members):
+        ops_structs = ["raw_seq_ops", "udp_seq_ops", "arp_seq_ops", "unix_seq_ops", "udp6_seq_ops"
+                       "raw6_seq_ops", "tcp_seq_ops", "tcp4_seq_ops", "tcp6_seq_ops", "packet_seq_ops"]
+
+        for op_struct in ops_structs:
+            var_addr = self.profile.get_symbol(op_struct)
+            if var_addr == None:
+                continue
+
+            var = obj.Object("seq_operations", offset = var_addr, vm = self.addr_space)
+
+            for hooked_member, hook_address in self.check_members(var, seq_members, modules):
+                yield op_struct, hooked_member, hook_address
+ 
+    def calculate(self):
+        linux_common.set_plugin_members(self)
+        
+        modules  = linux_lsmod.linux_lsmod(self._config).get_modules()
+        seq_members = self.profile.types['seq_operations'].keywords["members"].keys()       
+        
+        if self.addr_space.profile.obj_has_member("tcp_seq_afinfo", "seq_fops"):
+            func = self._pre_4_18
+        else:
+            func = self._4_18_plus
+
+        for name, member, address in func(modules, seq_members):
+            yield name, member, address
         
     def render_text(self, outfd, data):
 

From 370cb983428e979d325b5ccaee3bd1fe5a8d1e53 Mon Sep 17 00:00:00 2001
From: iSmellPowder <52776539+iSmellPowder@users.noreply.github.com>
Date: Tue, 23 Jul 2019 10:55:57 +0800
Subject: [PATCH 279/304] Update tty_check.py to support unified output

Added in codes to support JSON/unified output
---
 volatility/plugins/linux/tty_check.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/volatility/plugins/linux/tty_check.py b/volatility/plugins/linux/tty_check.py
index ac5f6652f..627f8f222 100644
--- a/volatility/plugins/linux/tty_check.py
+++ b/volatility/plugins/linux/tty_check.py
@@ -27,6 +27,8 @@
 import volatility.debug as debug
 import volatility.plugins.linux.common as linux_common
 import volatility.plugins.linux.lsmod as linux_lsmod
+from volatility.renderers import TreeGrid
+from volatility.renderers.basic import Address
 
 class linux_check_tty(linux_common.AbstractLinuxCommand):
     """Checks tty devices for hooks"""
@@ -70,6 +72,16 @@ def calculate(self):
                 
                 yield (name, recv_buf, sym_name, hooked)
 
+    def unified_output(self, data):
+        return TreeGrid([("Name", str),
+                         ("Address", Address),
+                         ("Symbol", str)],
+                        self.generator(data))
+
+    def generator(self, data):
+        for name, call_addr, sym_name, _hooked in data:
+            yield (0, [str(name), Address(call_addr), str(sym_name)])
+
     def render_text(self, outfd, data):
         self.table_header(outfd, [("Name", "<16"), ("Address", "[addrpad]"), ("Symbol", "<30")])
         for name, call_addr, sym_name, _hooked in data: 

From 861837051ebac374227be64b4601c5592cb8027d Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Fri, 26 Jul 2019 12:26:34 -0500
Subject: [PATCH 280/304] update mount for smear protection

---
 volatility/plugins/linux/mount.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/mount.py b/volatility/plugins/linux/mount.py
index 13360b223..33ac56e5e 100644
--- a/volatility/plugins/linux/mount.py
+++ b/volatility/plugins/linux/mount.py
@@ -78,7 +78,7 @@ def _parse_mnt(self, mnt, ns, fs_types):
                 return ret
 
         path = linux_common.do_get_path(mnt.mnt_sb.s_root, mnt.mnt_parent, mnt.mnt_root, mnt)
-        if path == []:
+        if path == [] or len(path) > 4096:
             return ret
 
         mnt_string = self._calc_mnt_string(mnt)

From 459d529b2e3de95f81a7fcde20ef96da2e196781 Mon Sep 17 00:00:00 2001
From: superponible <dave@superponible.com>
Date: Wed, 14 Aug 2019 18:36:47 -0500
Subject: [PATCH 281/304] fix registry BlockAddress for Win10

---
 volatility/plugins/overlays/windows/win10.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index 56a8721e1..ab15ce1b4 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -43,7 +43,7 @@ class _HMAP_ENTRY(obj.CType):
 
     @property
     def BlockAddress(self):
-        return self.PermanentBinAddress & 0xFFFFFFFFFFF0
+        return (self.PermanentBinAddress & 0xFFFFFFFFFFF0) + self.BlockOffset
 
 class Win10Registry(obj.ProfileModification):
     """The Windows 10 registry HMAP"""

From ce246c87fd6b6550d6ce2137fa9a6a5595584a0c Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 28 Aug 2019 16:41:46 -0500
Subject: [PATCH 282/304] update some registry offsets

---
 volatility/plugins/bigpagepools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index 7c74a001d..a4480b6cc 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -68,7 +68,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[-48, -10328], [208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200], [40, 32], [-5200, -5208], [64, 24], [-10328, -10320], [32, 40], [-56, -64], [-10312, -10320], [24, 64], [-10304, -10344], [-64, -72], [-10328, -10336], [40, 48], [10304, 10296], [10304, 16], [-5192, -5184], [10320, 10312], [-64, -56], [-40, -64], [-10320, -10344], [-48, -72], [-72, -64], [-10304, -10328], [-56, -48], [-5224, -5216], [-10336, -10312], [-5168, -5208]],
+            (6, 4, '64bit') : [[-48, -10328], [208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200], [40, 32], [-5200, -5208], [64, 24], [-10328, -10320], [32, 40], [-56, -64], [-10312, -10320], [24, 64], [-10304, -10344], [-64, -72], [-10328, -10336], [40, 48], [10304, 10296], [10304, 16], [-5192, -5184], [10320, 10312], [-64, -56], [-40, -64], [-10320, -10344], [-48, -72], [-72, -64], [-10304, -10328], [-56, -48], [-5224, -5216], [-10336, -10312], [-5168, -5208], [10304, 24], [10288, 24], [32, 72], [10336, 10328]],
             (6, 4, '32bit') : [[-168, -164], [-160, -172]],
         }
 

From e9fccc2db26962200a6b9808fb0941a71167160e Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Tue, 1 Oct 2019 10:20:28 -0500
Subject: [PATCH 283/304] Mac - list_files smear protection

---
 volatility/plugins/mac/list_files.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/volatility/plugins/mac/list_files.py b/volatility/plugins/mac/list_files.py
index aae0b7169..a74d95aa9 100644
--- a/volatility/plugins/mac/list_files.py
+++ b/volatility/plugins/mac/list_files.py
@@ -96,8 +96,6 @@ def list_files(config):
                 
                     entry = [name, None, vnode]
                     vnodes[vnode.obj_offset] = entry
-                
- 
                 else:
                     name = vnode.v_name.dereference()
                     parent = vnode.v_parent.dereference()
@@ -108,7 +106,8 @@ def list_files(config):
                         if config.SHOW_ORPHANS:
                             par_offset = None
                         else:
-                            vnode = vnode.v_mntvnodes.tqe_next.dereference() 
+                            vnode = vnode.v_mntvnodes.tqe_next.dereference()
+                            vnodes[vnode.obj_offset] = [None, None, vnode]
                             continue
             
                     entry = [name, par_offset, vnode]
@@ -129,7 +128,6 @@ def list_files(config):
                 vm = vnode.obj_vm)
                 
             while parent:
-            
                 if parent.obj_offset in vnodes:
                     break
 

From cde27bb359ea9932027f9c7a4cdf81e585b68863 Mon Sep 17 00:00:00 2001
From: superponible <dave@superponible.com>
Date: Wed, 2 Oct 2019 13:34:11 -0500
Subject: [PATCH 284/304] add Win10_18362, May 2019 Update support

---
 volatility/plugins/malware/svcscan.py         |    86 +-
 volatility/plugins/overlays/windows/win10.py  |   111 +-
 .../windows/win10_x64_18362_vtypes.py         | 16755 ++++++++++++++++
 .../windows/win10_x86_18362_vtypes.py         | 16055 +++++++++++++++
 4 files changed, 33002 insertions(+), 5 deletions(-)
 create mode 100755 volatility/plugins/overlays/windows/win10_x64_18362_vtypes.py
 create mode 100755 volatility/plugins/overlays/windows/win10_x86_18362_vtypes.py

diff --git a/volatility/plugins/malware/svcscan.py b/volatility/plugins/malware/svcscan.py
index 206f63d0e..3d44cdb62 100644
--- a/volatility/plugins/malware/svcscan.py
+++ b/volatility/plugins/malware/svcscan.py
@@ -304,7 +304,7 @@ def modification(self, profile):
 class Service10_15063x64(obj.ProfileModification):
     """Service structures for Win10 15063 (Creators)"""
 
-    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x64', 'ServiceVistax64']
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x64']
     conditions = {'os': lambda x: x == 'windows',
                   'major': lambda x: x == 6,
                   'minor': lambda x: x == 4,
@@ -329,7 +329,8 @@ def modification(self, profile):
 class Service10_16299x64(obj.ProfileModification):
     """Service structures for Win10 16299 (Fall Creators)"""
 
-    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x64']
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x64',
+              'Service10_15063x64']
     conditions = {'os': lambda x: x == 'windows',
                   'major': lambda x: x == 6,
                   'minor': lambda x: x == 4,
@@ -343,6 +344,32 @@ def modification(self, profile):
             'ProcessId': [ 0x28, ['unsigned int']],
             }]})
 
+class Service10_18362x64(obj.ProfileModification):
+    """Service structures for Win10 18362 (May 2019)"""
+
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x64',
+              'Service10_15063x64', 'Service10_16299x64']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x >= 18362,
+                  'memory_model': lambda x: x == '64bit'}
+
+    def modification(self, profile):
+        profile.merge_overlay({
+            '_SERVICE_RECORD' : [ None, {
+            'PrevEntry': [ 0x10, ['pointer', ['_SERVICE_RECORD']]],
+            'ServiceName' : [ 0x38, ['pointer', ['String', dict(encoding = 'utf16', length = 512)]]],
+            'DisplayName' : [ 0x40, ['pointer', ['String', dict(encoding = 'utf16', length = 512)]]],
+            'Order' : [ 0x20, ['unsigned int']],
+            'DriverName' : [ 0xf0, ['pointer', ['String', dict(encoding = 'utf16', length = 256)]]],
+            'ServiceProcess' : [ 0xf0, ['pointer', ['_SERVICE_PROCESS']]],
+            'Type' : [ 0x48, ['Flags', {'bitmap': SERVICE_TYPE_FLAGS}]],
+            'State' : [ 0x4C, ['Enumeration', dict(target = 'long', choices = SERVICE_STATE_ENUM)]],
+            'Start' : [ 0x24, ['Enumeration', dict(target = 'long', choices = SERVICE_START_ENUM)]],
+            } ],
+        })
+
 class Service8x86(obj.ProfileModification):
     """Service structures for Win8/8.1 32-bit"""
 
@@ -401,7 +428,8 @@ def modification(self, profile):
 class Service10_16299x86(obj.ProfileModification):
     """Service structures for Win10 16299 (Fall Creators)"""
 
-    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x86']
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x86',
+              'Service10_15063x86']
     conditions = {'os': lambda x: x == 'windows',
                   'major': lambda x: x == 6,
                   'minor': lambda x: x == 4,
@@ -415,6 +443,58 @@ def modification(self, profile):
             'ProcessId': [ 0x14, ['unsigned int']],
             }]})
 
+class Service10_17763x86(obj.ProfileModification):
+    """Service structures for Win10 17763 (October 2018)"""
+
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x86',
+              'Service10_15063x86', 'Service10_16299x86']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x >= 17763,
+                  'memory_model': lambda x: x == '32bit'}
+
+    def modification(self, profile):
+        profile.vtypes.update({
+            '_SERVICE_RECORD' : [ None, {
+            'PrevEntry': [ 0xC, ['pointer', ['_SERVICE_RECORD']]],
+            'ServiceName' : [ 0x2C, ['pointer', ['String', dict(encoding = 'utf16', length = 512)]]],
+            'DisplayName' : [ 0x30, ['pointer', ['String', dict(encoding = 'utf16', length = 512)]]],
+            'Order' : [ 0x14, ['unsigned int']],
+            'DriverName' : [ 0xA0, ['pointer', ['String', dict(encoding = 'utf16', length = 256)]]],
+            'ServiceProcess' : [ 0xA0, ['pointer', ['_SERVICE_PROCESS']]],
+            'Type' : [ 0x34, ['Flags', {'bitmap': SERVICE_TYPE_FLAGS}]],
+            'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = SERVICE_STATE_ENUM)]],
+            'Start' : [ 0x18, ['Enumeration', dict(target = 'long', choices = SERVICE_START_ENUM)]],
+            } ],
+        })
+
+class Service10_18362x86(obj.ProfileModification):
+    """Service structures for Win10 18362 (May 2019)"""
+
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x86',
+              'Service10_15063x86', 'Service10_16299x86', 'Service10_17763x86']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x >= 18362,
+                  'memory_model': lambda x: x == '32bit'}
+
+    def modification(self, profile):
+        profile.vtypes.update({
+            '_SERVICE_RECORD' : [ None, {
+            'PrevEntry': [ 0xC, ['pointer', ['_SERVICE_RECORD']]],
+            'ServiceName' : [ 0x2C, ['pointer', ['String', dict(encoding = 'utf16', length = 512)]]],
+            'DisplayName' : [ 0x30, ['pointer', ['String', dict(encoding = 'utf16', length = 512)]]],
+            'Order' : [ 0x14, ['unsigned int']],
+            'DriverName' : [ 0xA4, ['pointer', ['String', dict(encoding = 'utf16', length = 256)]]],
+            'ServiceProcess' : [ 0xA4, ['pointer', ['_SERVICE_PROCESS']]],
+            'Type' : [ 0x34, ['Flags', {'bitmap': SERVICE_TYPE_FLAGS}]],
+            'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = SERVICE_STATE_ENUM)]],
+            'Start' : [ 0x18, ['Enumeration', dict(target = 'long', choices = SERVICE_START_ENUM)]],
+            } ],
+        })
+
 #--------------------------------------------------------------------------------
 # svcscan plugin 
 #--------------------------------------------------------------------------------
diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index ab15ce1b4..dfa6a21c9 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -86,9 +86,16 @@ class Win10x64DTB(obj.ProfileModification):
                   }
 
     def modification(self, profile):
+        build = profile.metadata.get("build", 0)
+
+        if build >= 18362:
+            signature = "\x03\x00\xb8\x00"
+        else:
+            signature = "\x03\x00\xb6\x00"
+
         profile.merge_overlay({
             'VOLATILITY_MAGIC': [ None, {
-            'DTBSignature' : [ None, ['VolatilityMagic', dict(value = "\x03\x00\xb6\x00")]],
+            'DTBSignature' : [ None, ['VolatilityMagic', dict(value = signature)]],
             }]})
 
 class Win10x86DTB(obj.ProfileModification):
@@ -717,6 +724,78 @@ class _OBJECT_HEADER_10_17134(_OBJECT_HEADER_10):
         67: "VRegConfigurationContext",
     }
 
+class _OBJECT_HEADER_10_18362(_OBJECT_HEADER_10):
+
+    type_map = {
+        2: "Type",
+        3: "Directory",
+        4: "SymbolicLink",
+        5: "Token",
+        6: "Job",
+        7: "Process",
+        8: "Thread",
+        9: "Partition",
+        10: "UserApcReserve",
+        11: "IoCompletionReserve",
+        12: "ActivityReference",
+        13: "PsSiloContextPaged",
+        14: "PsSiloContextNonPaged",
+        15: "DebugObject",
+        16: "Event",
+        17: "Mutant",
+        18: "Callback",
+        19: "Semaphore",
+        20: "Timer",
+        21: "IRTimer",
+        22: "Profile",
+        23: "KeyedEvent",
+        24: "WindowStation",
+        25: "Desktop",
+        26: "Composition",
+        27: "RawInputManager",
+        28: "CoreMessaging",
+        29: "ActivationObject",
+        30: "TpWorkerFactory",
+        31: "Adapter",
+        32: "Controller",
+        33: "Device",
+        34: "Driver",
+        35: "IoCompletion",
+        36: "WaitCompletionPacket",
+        37: "File",
+        38: "TmTm",
+        39: "TmTx",
+        40: "TmRm",
+        41: "TmEn",
+        42: "Section",
+        43: "Session",
+        44: "Key",
+        45: "RegistryTransaction",
+        46: "ALPC",
+        47: "EnergyTracker",
+        48: "PowerRequest",
+        49: "WmiGuid",
+        50: "EtwRegistration",
+        51: "EtwSessionDemuxEntry",
+        52: "EtwConsumer",
+        53: "CoverageSampler",
+        54: "DmaAdapter",
+        55: "PcwObject",
+        56: "FilterConnectionPort",
+        57: "FilterCommunicationPort",
+        58: "NdisCmState",
+        59: "DxgkSharedResource",
+        60: "DxgkSharedKeyedMutexObject",
+        61: "DxgkSharedSyncObject",
+        62: "DxgkSharedSwapChainObject",
+        63: "DxgkDisplayManagerObject",
+        64: "DxgkCurrentDxgProcessObject",
+        65: "DxgkSharedProtectedSessionObject",
+        66: "DxgkSharedBundleObject",
+        67: "DxgkCompositionObject",
+        68: "VRegConfigurationContext",
+    }
+
 class _HANDLE_TABLE_10_DD08DD42(win8._HANDLE_TABLE_81R264):
     
     def decode_pointer(self, value):
@@ -739,7 +818,15 @@ def modification(self, profile):
         metadata = profile.metadata
         build = metadata.get("build", 0)
 
-        if build >= 17134:
+        if build >= 18362:
+            header = _OBJECT_HEADER_10_18362
+
+            ## update the handle table here as well
+            if metadata.get("memory_model") == "64bit":
+                profile.object_classes.update({
+                    "_HANDLE_TABLE": _HANDLE_TABLE_10_DD08DD42})
+
+        elif build >= 17134:
             header = _OBJECT_HEADER_10_17134
 
             ## update the handle table here as well
@@ -975,6 +1062,16 @@ class Win10x86_17763(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_17763_vtypes'
     _md_product = ["NtProductWinNt"]
 
+class Win10x86_18362(obj.Profile):
+    """ A Profile for Windows 10 x86 (10.0.18362.0 / 2019-04-23) """
+    _md_memory_model = '32bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 18362
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_18362_vtypes'
+    _md_product = ["NtProductWinNt"]
+
 class Win10x64_15063(obj.Profile):
     """ A Profile for Windows 10 x64 (10.0.15063.0 / 2017-04-04) """
     _md_memory_model = '64bit'
@@ -1013,4 +1110,14 @@ class Win10x64_17763(obj.Profile):
     _md_minor = 4
     _md_build = 17763
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_17763_vtypes'
+    _md_product = ["NtProductWinNt"]
+
+class Win10x64_18362(obj.Profile):
+    """ A Profile for Windows 10 x64 (10.0.18362.0 / 2019-04-23) """
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 18362
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_18362_vtypes'
     _md_product = ["NtProductWinNt"]
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win10_x64_18362_vtypes.py b/volatility/plugins/overlays/windows/win10_x64_18362_vtypes.py
new file mode 100755
index 000000000..853574565
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_18362_vtypes.py
@@ -0,0 +1,16755 @@
+ntkrnlmp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PS_MITIGATION_AUDIT_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x710, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'CyclesPerYield' : [ 0x2d6, ['unsigned short']],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgStateSeparationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'TelemetryCoverageRound' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_108b' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_108b']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_10a3' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_10a5' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_10a3']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_10a5']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['pointer64', ['void']]]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['pointer64', ['void']]]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x281, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x282, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'UnalignedLoadStoreExceptions' : [ 0x2ed, ['unsigned char']],
+    'Padding1' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapData' : [ 0x17b0, ['unsigned long']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0x18, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '__unnamed_1119' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1119']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_CUSTOM_SYSTEM_EVENT_TRIGGER_CONFIG' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'TriggerId' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x9080, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '__unnamed_11db' : [ 0x38, {
+    'UpdateCycle' : [ 0x0, ['unsigned long']],
+    'PairLocal' : [ 0x4, ['short']],
+    'PairLocalLow' : [ 0x4, ['unsigned char']],
+    'PairLocalForceStibp' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x5, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned char')]],
+    'Frozen' : [ 0x5, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ForceUntrusted' : [ 0x5, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SynchIpi' : [ 0x5, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PairRemote' : [ 0x6, ['short']],
+    'PairRemoteLow' : [ 0x6, ['unsigned char']],
+    'Reserved2' : [ 0x7, ['unsigned char']],
+    'Trace' : [ 0x8, ['array', 24, ['unsigned char']]],
+    'LocalDomain' : [ 0x20, ['unsigned long long']],
+    'RemoteDomain' : [ 0x28, ['unsigned long long']],
+    'Thread' : [ 0x30, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_KPRCB' : [ 0x8f00, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IdleState' : [ 0x23, ['unsigned char']],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'CpuType' : [ 0x40, ['unsigned char']],
+    'CpuID' : [ 0x41, ['unsigned char']],
+    'CpuStep' : [ 0x42, ['unsigned short']],
+    'CpuStepping' : [ 0x42, ['unsigned char']],
+    'CpuModel' : [ 0x43, ['unsigned char']],
+    'MHz' : [ 0x44, ['unsigned long']],
+    'HalReserved' : [ 0x48, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x88, ['unsigned short']],
+    'MajorVersion' : [ 0x8a, ['unsigned short']],
+    'BuildType' : [ 0x8c, ['unsigned char']],
+    'CpuVendor' : [ 0x8d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x8e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x8f, ['unsigned char']],
+    'TscFrequency' : [ 0x90, ['unsigned long long']],
+    'PrcbPad04' : [ 0x98, ['array', 5, ['unsigned long long']]],
+    'ParentNode' : [ 0xc0, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0xc8, ['unsigned long long']],
+    'Group' : [ 0xd0, ['unsigned char']],
+    'GroupIndex' : [ 0xd1, ['unsigned char']],
+    'PrcbPad05' : [ 0xd2, ['array', 2, ['unsigned char']]],
+    'InitialApicId' : [ 0xd4, ['unsigned long']],
+    'ScbOffset' : [ 0xd8, ['unsigned long']],
+    'ApicMask' : [ 0xdc, ['unsigned long']],
+    'AcpiReserved' : [ 0xe0, ['pointer64', ['void']]],
+    'CFlushSize' : [ 0xe8, ['unsigned long']],
+    'PrcbFlags' : [ 0xec, ['_KPRCBFLAG']],
+    'TrappedSecurityDomain' : [ 0xf0, ['unsigned long long']],
+    'BpbState' : [ 0xf8, ['unsigned char']],
+    'BpbCpuIdle' : [ 0xf8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbFlushRsbOnTrap' : [ 0xf8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbIbpbOnReturn' : [ 0xf8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbIbpbOnTrap' : [ 0xf8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbIbpbOnRetpolineExit' : [ 0xf8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'BpbStateReserved' : [ 0xf8, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'BpbFeatures' : [ 0xf9, ['unsigned char']],
+    'BpbClearOnIdle' : [ 0xf9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbEnabled' : [ 0xf9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbSmep' : [ 0xf9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbFeaturesReserved' : [ 0xf9, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'BpbCurrentSpecCtrl' : [ 0xfa, ['unsigned char']],
+    'BpbKernelSpecCtrl' : [ 0xfb, ['unsigned char']],
+    'BpbNmiSpecCtrl' : [ 0xfc, ['unsigned char']],
+    'BpbUserSpecCtrl' : [ 0xfd, ['unsigned char']],
+    'PairRegister' : [ 0xfe, ['short']],
+    'PrcbPad11' : [ 0xf0, ['array', 2, ['unsigned long long']]],
+    'ProcessorState' : [ 0x100, ['_KPROCESSOR_STATE']],
+    'ExtendedSupervisorState' : [ 0x6c0, ['pointer64', ['_XSAVE_AREA_HEADER']]],
+    'ProcessorSignature' : [ 0x6c8, ['unsigned long']],
+    'ProcessorFlags' : [ 0x6cc, ['unsigned long']],
+    'BpbRetpolineExitSpecCtrl' : [ 0x6d0, ['unsigned char']],
+    'BpbTrappedRetpolineExitSpecCtrl' : [ 0x6d1, ['unsigned char']],
+    'BpbTrappedBpbState' : [ 0x6d2, ['unsigned char']],
+    'BpbTrappedCpuIdle' : [ 0x6d2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbTrappedFlushRsbOnTrap' : [ 0x6d2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbTrappedIbpbOnReturn' : [ 0x6d2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbTrappedIbpbOnTrap' : [ 0x6d2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbTrappedIbpbOnRetpolineExit' : [ 0x6d2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'BpbtrappedBpbStateReserved' : [ 0x6d2, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'BpbRetpolineState' : [ 0x6d3, ['unsigned char']],
+    'BpbRunningNonRetpolineCode' : [ 0x6d3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbIndirectCallsSafe' : [ 0x6d3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbRetpolineEnabled' : [ 0x6d3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbRetpolineStateReserved' : [ 0x6d3, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'PrcbPad12b' : [ 0x6d4, ['unsigned long']],
+    'PrcbPad12a' : [ 0x6d0, ['unsigned long long']],
+    'PrcbPad12' : [ 0x6d8, ['array', 3, ['unsigned long long']]],
+    'LockQueue' : [ 0x6f0, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x800, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x900, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0x1500, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x2100, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PrcbPad20' : [ 0x2d00, ['unsigned long long']],
+    'DeferredReadyListHead' : [ 0x2d08, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2d10, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2d14, ['long']],
+    'MmTransitionCount' : [ 0x2d18, ['long']],
+    'MmDemandZeroCount' : [ 0x2d1c, ['long']],
+    'MmPageReadCount' : [ 0x2d20, ['long']],
+    'MmPageReadIoCount' : [ 0x2d24, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x2d28, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x2d2c, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x2d30, ['long']],
+    'MmMappedWriteIoCount' : [ 0x2d34, ['long']],
+    'KeSystemCalls' : [ 0x2d38, ['unsigned long']],
+    'KeContextSwitches' : [ 0x2d3c, ['unsigned long']],
+    'PrcbPad40' : [ 0x2d40, ['unsigned long']],
+    'CcFastReadNoWait' : [ 0x2d44, ['unsigned long']],
+    'CcFastReadWait' : [ 0x2d48, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x2d4c, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x2d50, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x2d54, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x2d58, ['unsigned long']],
+    'IoReadOperationCount' : [ 0x2d5c, ['long']],
+    'IoWriteOperationCount' : [ 0x2d60, ['long']],
+    'IoOtherOperationCount' : [ 0x2d64, ['long']],
+    'IoReadTransferCount' : [ 0x2d68, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x2d70, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x2d78, ['_LARGE_INTEGER']],
+    'PacketBarrier' : [ 0x2d80, ['long']],
+    'TargetCount' : [ 0x2d84, ['long']],
+    'IpiFrozen' : [ 0x2d88, ['unsigned long']],
+    'PrcbPad30' : [ 0x2d8c, ['unsigned long']],
+    'IsrDpcStats' : [ 0x2d90, ['pointer64', ['void']]],
+    'DeviceInterrupts' : [ 0x2d98, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x2d9c, ['long']],
+    'InterruptLastCount' : [ 0x2da0, ['unsigned long']],
+    'InterruptRate' : [ 0x2da4, ['unsigned long']],
+    'LastNonHrTimerExpiration' : [ 0x2da8, ['unsigned long long']],
+    'PairPrcb' : [ 0x2db0, ['pointer64', ['_KPRCB']]],
+    'PrcbPad35' : [ 0x2db8, ['array', 1, ['unsigned long long']]],
+    'InterruptObjectPool' : [ 0x2dc0, ['_SLIST_HEADER']],
+    'PrcbPad41' : [ 0x2dd0, ['array', 6, ['unsigned long long']]],
+    'DpcData' : [ 0x2e00, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2e50, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2e58, ['long']],
+    'DpcRequestRate' : [ 0x2e5c, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x2e60, ['unsigned long']],
+    'DpcLastCount' : [ 0x2e64, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x2e68, ['unsigned char']],
+    'QuantumEnd' : [ 0x2e69, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x2e6a, ['unsigned char']],
+    'IdleSchedule' : [ 0x2e6b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x2e6c, ['long']],
+    'DpcRequestSlot' : [ 0x2e6c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x2e6c, ['short']],
+    'ThreadDpcState' : [ 0x2e6e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x2e6c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x2e6c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x2e6c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x2e6c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x2e6c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x2e6c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x2e6c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x2e6c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x2e6c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x2e6c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2e70, ['unsigned long']],
+    'LastTick' : [ 0x2e74, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2e78, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2e7c, ['unsigned long']],
+    'InterruptObject' : [ 0x2e80, ['array', 256, ['pointer64', ['void']]]],
+    'TimerTable' : [ 0x3680, ['_KTIMER_TABLE']],
+    'DpcGate' : [ 0x5880, ['_KGATE']],
+    'PrcbPad52' : [ 0x5898, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x58a0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x58e0, ['long']],
+    'PrcbPad60' : [ 0x58e4, ['array', 2, ['unsigned char']]],
+    'NmiActive' : [ 0x58e6, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x58e8, ['long']],
+    'DpcWatchdogCount' : [ 0x58ec, ['long']],
+    'KeSpinLockOrdering' : [ 0x58f0, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x58f4, ['unsigned long']],
+    'CachedPtes' : [ 0x58f8, ['pointer64', ['void']]],
+    'WaitListHead' : [ 0x5900, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x5910, ['unsigned long long']],
+    'ReadySummary' : [ 0x5918, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x591c, ['long']],
+    'QueueIndex' : [ 0x5920, ['unsigned long']],
+    'PrcbPad75' : [ 0x5924, ['array', 3, ['unsigned long']]],
+    'TimerExpirationDpc' : [ 0x5930, ['_KDPC']],
+    'ScbQueue' : [ 0x5970, ['_RTL_RB_TREE']],
+    'DispatcherReadyListHead' : [ 0x5980, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x5b80, ['unsigned long']],
+    'KernelTime' : [ 0x5b84, ['unsigned long']],
+    'UserTime' : [ 0x5b88, ['unsigned long']],
+    'DpcTime' : [ 0x5b8c, ['unsigned long']],
+    'InterruptTime' : [ 0x5b90, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x5b94, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x5b98, ['unsigned char']],
+    'GroupSchedulingOverQuota' : [ 0x5b99, ['unsigned char']],
+    'DeepSleep' : [ 0x5b9a, ['unsigned char']],
+    'PrcbPad80' : [ 0x5b9b, ['unsigned char']],
+    'DpcTimeCount' : [ 0x5b9c, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x5ba0, ['unsigned long']],
+    'PeriodicCount' : [ 0x5ba4, ['unsigned long']],
+    'PeriodicBias' : [ 0x5ba8, ['unsigned long']],
+    'AvailableTime' : [ 0x5bac, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x5bb0, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x5bb4, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x5bb8, ['unsigned long long']],
+    'StartCycles' : [ 0x5bc0, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x5bc8, ['unsigned long long']],
+    'TaggedCycles' : [ 0x5bd0, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x5be0, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x5be8, ['unsigned long long']],
+    'ImportantCycles' : [ 0x5bf0, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x5bf8, ['unsigned long long']],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x5c00, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x5c04, ['long']],
+    'CachedStack' : [ 0x5c08, ['pointer64', ['void']]],
+    'PageColor' : [ 0x5c10, ['unsigned long']],
+    'NodeColor' : [ 0x5c14, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x5c18, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x5c1c, ['unsigned long']],
+    'PrcbPad81' : [ 0x5c20, ['array', 6, ['unsigned char']]],
+    'ExceptionStackActive' : [ 0x5c26, ['unsigned char']],
+    'TbFlushListActive' : [ 0x5c27, ['unsigned char']],
+    'ExceptionStack' : [ 0x5c28, ['pointer64', ['void']]],
+    'PrcbPad82' : [ 0x5c30, ['array', 1, ['unsigned long long']]],
+    'CycleTime' : [ 0x5c38, ['unsigned long long']],
+    'Cycles' : [ 0x5c40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CcFastMdlReadNoWait' : [ 0x5c80, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x5c84, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x5c88, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x5c8c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x5c90, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x5c94, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x5c98, ['unsigned long']],
+    'CcPinReadWait' : [ 0x5c9c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x5ca0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x5ca4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x5ca8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x5cac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x5cb0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x5cb4, ['unsigned long']],
+    'CcDataPages' : [ 0x5cb8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x5cbc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x5cc0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x5cc4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x5cc8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x5ccc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x5cd0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x5cd4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x5cd8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x5cdc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x5ce0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x5ce4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x5ce8, ['long']],
+    'MmCacheReadCount' : [ 0x5cec, ['long']],
+    'MmCacheIoCount' : [ 0x5cf0, ['long']],
+    'PrcbPad91' : [ 0x5cf4, ['unsigned long']],
+    'MmInternal' : [ 0x5cf8, ['pointer64', ['void']]],
+    'PowerState' : [ 0x5d00, ['_PROCESSOR_POWER_STATE']],
+    'HyperPte' : [ 0x5f00, ['pointer64', ['void']]],
+    'ScbList' : [ 0x5f08, ['_LIST_ENTRY']],
+    'ForceIdleDpc' : [ 0x5f18, ['_KDPC']],
+    'DpcWatchdogDpc' : [ 0x5f58, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x5f98, ['_KTIMER']],
+    'Cache' : [ 0x5fd8, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x6014, ['unsigned long']],
+    'CachedCommit' : [ 0x6018, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x601c, ['unsigned long']],
+    'WheaInfo' : [ 0x6020, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x6028, ['pointer64', ['void']]],
+    'ExSaPageArray' : [ 0x6030, ['pointer64', ['void']]],
+    'KeAlignmentFixupCount' : [ 0x6038, ['unsigned long']],
+    'PrcbPad95' : [ 0x603c, ['unsigned long']],
+    'HypercallPageList' : [ 0x6040, ['_SLIST_HEADER']],
+    'StatisticsPage' : [ 0x6050, ['pointer64', ['unsigned long long']]],
+    'PrcbPad85' : [ 0x6058, ['array', 5, ['unsigned long long']]],
+    'HypercallCachedPages' : [ 0x6080, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x6088, ['pointer64', ['void']]],
+    'PackageProcessorSet' : [ 0x6090, ['_KAFFINITY_EX']],
+    'PackageId' : [ 0x6138, ['unsigned long']],
+    'PrcbPad86' : [ 0x613c, ['unsigned long']],
+    'SharedReadyQueueMask' : [ 0x6140, ['unsigned long long']],
+    'SharedReadyQueue' : [ 0x6148, ['pointer64', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x6150, ['unsigned long']],
+    'ScanSiblingIndex' : [ 0x6154, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x6158, ['unsigned long long']],
+    'ScanSiblingMask' : [ 0x6160, ['unsigned long long']],
+    'LLCMask' : [ 0x6168, ['unsigned long long']],
+    'CacheProcessorMask' : [ 0x6170, ['array', 5, ['unsigned long long']]],
+    'ProcessorProfileControlArea' : [ 0x6198, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x61a0, ['pointer64', ['void']]],
+    'DpcWatchdogProfile' : [ 0x61a8, ['pointer64', ['pointer64', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x61b0, ['pointer64', ['pointer64', ['void']]]],
+    'SchedulerAssist' : [ 0x61b8, ['pointer64', ['void']]],
+    'SynchCounters' : [ 0x61c0, ['_SYNCH_COUNTERS']],
+    'PrcbPad94' : [ 0x6278, ['unsigned long long']],
+    'FsCounters' : [ 0x6280, ['_FILESYSTEM_DISK_COUNTERS']],
+    'VendorString' : [ 0x6290, ['array', 13, ['unsigned char']]],
+    'PrcbPad100' : [ 0x629d, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x62a0, ['unsigned long long']],
+    'UpdateSignature' : [ 0x62a8, ['_LARGE_INTEGER']],
+    'PteBitCache' : [ 0x62b0, ['unsigned long long']],
+    'PteBitOffset' : [ 0x62b8, ['unsigned long']],
+    'PrcbPad105' : [ 0x62bc, ['unsigned long']],
+    'Context' : [ 0x62c0, ['pointer64', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x62c8, ['unsigned long']],
+    'PrcbPad115' : [ 0x62cc, ['unsigned long']],
+    'ExtendedState' : [ 0x62d0, ['pointer64', ['_XSAVE_AREA']]],
+    'IsrStack' : [ 0x62d8, ['pointer64', ['void']]],
+    'EntropyTimingState' : [ 0x62e0, ['_KENTROPY_TIMING_STATE']],
+    'PrcbPad110' : [ 0x6430, ['unsigned long long']],
+    'StibpPairingTrace' : [ 0x6438, ['__unnamed_11db']],
+    'AbSelfIoBoostsList' : [ 0x6470, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x6478, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x6480, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x64c0, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x6514, ['_IOP_IRP_STACK_PROFILER']],
+    'SecureFault' : [ 0x6568, ['_KSECURE_FAULT_INFORMATION']],
+    'PrcbPad120' : [ 0x6578, ['unsigned long long']],
+    'LocalSharedReadyQueue' : [ 0x6580, ['_KSHARED_READY_QUEUE']],
+    'PrcbPad125' : [ 0x67f0, ['array', 2, ['unsigned long long']]],
+    'TimerExpirationTraceCount' : [ 0x6800, ['unsigned long']],
+    'PrcbPad127' : [ 0x6804, ['unsigned long']],
+    'TimerExpirationTrace' : [ 0x6808, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'PrcbPad128' : [ 0x6908, ['array', 7, ['unsigned long long']]],
+    'Mailbox' : [ 0x6940, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'PrcbPad130' : [ 0x6948, ['array', 7, ['unsigned long long']]],
+    'McheckContext' : [ 0x6980, ['array', 2, ['_MACHINE_CHECK_CONTEXT']]],
+    'PrcbPad134' : [ 0x6a20, ['array', 4, ['unsigned long long']]],
+    'SelfmapLockHandle' : [ 0x6a40, ['array', 4, ['_KLOCK_QUEUE_HANDLE']]],
+    'PrcbPad134a' : [ 0x6aa0, ['array', 4, ['unsigned long long']]],
+    'PrcbPad138' : [ 0x6ac0, ['array', 896, ['unsigned char']]],
+    'PrcbPad138a' : [ 0x6e40, ['array', 64, ['unsigned char']]],
+    'KernelDirectoryTableBase' : [ 0x6e80, ['unsigned long long']],
+    'RspBaseShadow' : [ 0x6e88, ['unsigned long long']],
+    'UserRspShadow' : [ 0x6e90, ['unsigned long long']],
+    'ShadowFlags' : [ 0x6e98, ['unsigned long']],
+    'PrcbPad138b' : [ 0x6e9c, ['unsigned long']],
+    'PrcbPad138c' : [ 0x6ea0, ['unsigned long long']],
+    'PrcbPad138d' : [ 0x6ea8, ['unsigned short']],
+    'PrcbPad138e' : [ 0x6eaa, ['unsigned short']],
+    'DbgMceNestingLevel' : [ 0x6eac, ['unsigned long']],
+    'DbgMceFlags' : [ 0x6eb0, ['unsigned long']],
+    'PrcbPad139b' : [ 0x6eb4, ['unsigned long']],
+    'PrcbPad140' : [ 0x6eb8, ['array', 505, ['unsigned long long']]],
+    'PrcbPad140a' : [ 0x7e80, ['array', 8, ['unsigned long long']]],
+    'PrcbPad141' : [ 0x7ec0, ['array', 504, ['unsigned long long']]],
+    'PrcbPad141a' : [ 0x8e80, ['array', 64, ['unsigned char']]],
+    'RequestMailbox' : [ 0x8ec0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KFLOATING_SAVE' : [ 0x4, {
+    'Dummy' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_11f9' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Virtual' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_11fb' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Reserved2' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_11fd' : [ 0x10, {
+    'Reserved' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_INVPCID_DESCRIPTOR' : [ 0x10, {
+    'IndividualAddress' : [ 0x0, ['__unnamed_11f9']],
+    'SingleContext' : [ 0x0, ['__unnamed_11fb']],
+    'AllContextAndGlobals' : [ 0x0, ['__unnamed_11fd']],
+    'AllContext' : [ 0x0, ['__unnamed_11fd']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '__unnamed_1247' : [ 0x8, {
+    'SecureProcess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '__unnamed_1249' : [ 0x8, {
+    'SecureHandle' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x0, ['__unnamed_1247']],
+} ],
+  '_KPROCESS' : [ 0x2e0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x44, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x48, ['unsigned long long']],
+    'Affinity' : [ 0x50, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x108, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x110, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x1b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x1b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x1b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeepFreeze' : [ 0x1b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x1b8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x1b8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x1b8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x1b8, ['BitField', dict(start_bit = 7, end_bit = 10, native_type='unsigned long')]],
+    'VaSpaceDeleted' : [ 0x1b8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x1b8, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'ProcessFlags' : [ 0x1b8, ['long']],
+    'ActiveGroupsMask' : [ 0x1bc, ['unsigned long']],
+    'BasePriority' : [ 0x1c0, ['unsigned char']],
+    'QuantumReset' : [ 0x1c1, ['unsigned char']],
+    'Visited' : [ 0x1c2, ['unsigned char']],
+    'Flags' : [ 0x1c3, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x1c4, ['array', 20, ['unsigned short']]],
+    'IdealProcessor' : [ 0x1ec, ['array', 20, ['unsigned short']]],
+    'IdealNode' : [ 0x214, ['array', 20, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x23c, ['unsigned short']],
+    'Spare1' : [ 0x23e, ['unsigned short']],
+    'StackCount' : [ 0x240, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x248, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x258, ['unsigned long long']],
+    'ContextSwitches' : [ 0x260, ['unsigned long long']],
+    'SchedulingGroup' : [ 0x268, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'FreezeCount' : [ 0x270, ['unsigned long']],
+    'KernelTime' : [ 0x274, ['unsigned long']],
+    'UserTime' : [ 0x278, ['unsigned long']],
+    'ReadyTime' : [ 0x27c, ['unsigned long']],
+    'UserDirectoryTableBase' : [ 0x280, ['unsigned long long']],
+    'AddressPolicy' : [ 0x288, ['unsigned char']],
+    'Spare2' : [ 0x289, ['array', 71, ['unsigned char']]],
+    'InstrumentationCallback' : [ 0x2d0, ['pointer64', ['void']]],
+    'SecureState' : [ 0x2d8, ['__unnamed_1249']],
+} ],
+  '_KTHREAD' : [ 0x600, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'StackBase' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'CycleTime' : [ 0x48, ['unsigned long long']],
+    'CurrentRunTime' : [ 0x50, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
+    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
+    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x71, ['unsigned char']],
+    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CetUserShadowStack' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BypassProcessFreeze' : [ 0x74, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x74, ['long']],
+    'BamQosLevel' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x78, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x78, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x78, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'VpBackingThread' : [ 0x78, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x78, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x78, ['long']],
+    'Tag' : [ 0x7c, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x7d, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'RunningNonRetpolineCode' : [ 0x7f, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecCtrlSpare' : [ 0x7f, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'SpecCtrl' : [ 0x7f, ['unsigned char']],
+    'SystemCallNumber' : [ 0x80, ['unsigned long']],
+    'ReadyTime' : [ 0x84, ['unsigned long']],
+    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
+    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x98, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0xc3, ['unsigned char']],
+    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
+    'WaitStatus' : [ 0xc8, ['long long']],
+    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xf0, ['pointer64', ['void']]],
+    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
+    'Timer' : [ 0x100, ['_KTIMER']],
+    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
+    'ContextSwitches' : [ 0x154, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
+    'State' : [ 0x184, ['unsigned char']],
+    'Spare13' : [ 0x185, ['unsigned char']],
+    'WaitIrql' : [ 0x186, ['unsigned char']],
+    'WaitMode' : [ 0x187, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
+    'WaitTime' : [ 0x1b4, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1e4, ['short']],
+    'SpecialApcDisable' : [ 0x1e6, ['short']],
+    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
+    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
+    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
+    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
+    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
+    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
+    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'Spare21' : [ 0x200, ['pointer64', ['void']]],
+    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x218, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x21c, ['long']],
+    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
+    'PreviousMode' : [ 0x232, ['unsigned char']],
+    'BasePriority' : [ 0x233, ['unsigned char']],
+    'PriorityDecrement' : [ 0x234, ['unsigned char']],
+    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x235, ['unsigned char']],
+    'AdjustReason' : [ 0x236, ['unsigned char']],
+    'AdjustIncrement' : [ 0x237, ['unsigned char']],
+    'AffinityVersion' : [ 0x238, ['unsigned long long']],
+    'Affinity' : [ 0x240, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x240, ['array', 10, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x24a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x24b, ['unsigned char']],
+    'IdealProcessor' : [ 0x24c, ['unsigned long']],
+    'NpxState' : [ 0x250, ['unsigned long long']],
+    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x283, ['unsigned char']],
+    'SuspendCount' : [ 0x284, ['unsigned char']],
+    'Saturation' : [ 0x285, ['unsigned char']],
+    'SListFaultCount' : [ 0x286, ['unsigned short']],
+    'SchedulerApc' : [ 0x288, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x289, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x28b, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x28c, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
+    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
+    'UserTime' : [ 0x2dc, ['unsigned long']],
+    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x318, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x319, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x31a, ['unsigned char']],
+    'SystemPriority' : [ 0x31b, ['unsigned char']],
+    'SecureThreadCookie' : [ 0x31c, ['unsigned long']],
+    'LockEntries' : [ 0x320, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x560, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x568, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x570, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x580, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x584, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x588, ['long']],
+    'KeReferenceCount' : [ 0x58c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x58e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x58f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x590, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x598, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x598, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x5a0, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x5a8, ['long long']],
+    'WriteOperationCount' : [ 0x5b0, ['long long']],
+    'OtherOperationCount' : [ 0x5b8, ['long long']],
+    'ReadTransferCount' : [ 0x5c0, ['long long']],
+    'WriteTransferCount' : [ 0x5c8, ['long long']],
+    'OtherTransferCount' : [ 0x5d0, ['long long']],
+    'QueuedScb' : [ 0x5d8, ['pointer64', ['_KSCB']]],
+    'ThreadTimerDelay' : [ 0x5e0, ['unsigned long']],
+    'ThreadFlags2' : [ 0x5e4, ['long']],
+    'PpmPolicy' : [ 0x5e4, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlags2Reserved' : [ 0x5e4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'TracingPrivate' : [ 0x5e8, ['array', 1, ['unsigned long long']]],
+    'SchedulerAssist' : [ 0x5f0, ['pointer64', ['void']]],
+    'AbWaitObject' : [ 0x5f8, ['pointer64', ['void']]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x30, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'ActualLimit' : [ 0x8, ['unsigned long long']],
+    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '__unnamed_12bb' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'HeaderX64' : [ 0x0, ['__unnamed_12bb']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x180, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long long']],
+    'IdleSmtSet' : [ 0x8, ['unsigned long long']],
+    'IdleCpuSet' : [ 0x10, ['unsigned long long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long long']],
+    'IdleConstrainedSet' : [ 0x48, ['unsigned long long']],
+    'NonParkedSet' : [ 0x50, ['unsigned long long']],
+    'NonIsrTargetedSet' : [ 0x58, ['unsigned long long']],
+    'ParkLock' : [ 0x60, ['long']],
+    'ThreadSeed' : [ 0x64, ['unsigned short']],
+    'ProcessSeed' : [ 0x66, ['unsigned short']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x88, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x88, ['array', 10, ['unsigned char']]],
+    'NodeNumber' : [ 0x92, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x94, ['unsigned short']],
+    'Spare0' : [ 0x96, ['unsigned short']],
+    'SharedReadyQueueMask' : [ 0x98, ['unsigned long long']],
+    'StrideMask' : [ 0xa0, ['unsigned long long']],
+    'ProximityId' : [ 0xa8, ['unsigned long']],
+    'Lowest' : [ 0xac, ['unsigned long']],
+    'Highest' : [ 0xb0, ['unsigned long']],
+    'MaximumProcessors' : [ 0xb4, ['unsigned char']],
+    'Flags' : [ 0xb5, ['_flags']],
+    'Spare10' : [ 0xb6, ['unsigned char']],
+    'HeteroSets' : [ 0xb8, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+    'PpmConfiguredQosSets' : [ 0x130, ['array', 4, ['unsigned long long']]],
+    'LLCLeaders' : [ 0x150, ['unsigned long long']],
+} ],
+  '_ENODE' : [ 0x1c0, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'HotAddProcessorWorkItem' : [ 0x180, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long long']],
+    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x2c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
+    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'VolatileLowValue' : [ 0x0, ['long long']],
+    'LowValue' : [ 0x0, ['long long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x8, ['long long']],
+    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
+    'RefCountField' : [ 0x0, ['long long']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
+    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+    'Spare2' : [ 0xc, ['unsigned long']],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_13a3' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_13a3']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xe0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x820, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x600, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x608, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x608, ['_LIST_ENTRY']],
+    'PostBlockList' : [ 0x618, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x618, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x620, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x628, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x628, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x628, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x630, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x638, ['_LIST_ENTRY']],
+    'Cid' : [ 0x648, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x658, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x658, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x678, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x680, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x690, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x698, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x6a0, ['pointer64', ['void']]],
+    'ChargeOnlySession' : [ 0x6a8, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x6b0, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x6b8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x6c8, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x6d0, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x6d8, ['unsigned long']],
+    'MmLockOrdering' : [ 0x6dc, ['long']],
+    'CrossThreadFlags' : [ 0x6e0, ['unsigned long']],
+    'Terminated' : [ 0x6e0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x6e0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x6e0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x6e0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x6e0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x6e0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x6e0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x6e0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x6e0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x6e0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x6e0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x6e0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x6e0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6e0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x6e0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x6e0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x6e0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x6e0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ForcedSelfTrimActive' : [ 0x6e0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SamplingCoverage' : [ 0x6e0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x6e0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x6e4, ['unsigned long']],
+    'ActiveExWorker' : [ 0x6e4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x6e4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x6e4, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x6e4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x6e4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x6e4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x6e4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x6e4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SecureContext' : [ 0x6e4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ZeroPageThread' : [ 0x6e4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WorkloadClass' : [ 0x6e4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x6e4, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x6e8, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x6e8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x6e8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x6e8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x6e8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x6e8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x6e8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x6e8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x6e8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x6e9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x6e9, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'AllowUserWritesToExecutableMemory' : [ 0x6e9, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'AllowKernelWritesToExecutableMemory' : [ 0x6e9, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsVadShared' : [ 0x6e9, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x6ec, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x6ed, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x6ee, ['unsigned char']],
+    'LockOrderState' : [ 0x6ef, ['unsigned char']],
+    'AlpcMessageId' : [ 0x6f0, ['unsigned long long']],
+    'AlpcMessage' : [ 0x6f8, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x6f8, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x700, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x710, ['long']],
+    'CacheManagerCount' : [ 0x714, ['unsigned long']],
+    'IoBoostCount' : [ 0x718, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x71c, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x720, ['unsigned long']],
+    'KernelStackReference' : [ 0x724, ['unsigned long']],
+    'BoostList' : [ 0x728, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x738, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x748, ['unsigned long long']],
+    'IrpListLock' : [ 0x750, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x758, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x760, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x768, ['pointer64', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x770, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x778, ['pointer64', ['void']]],
+    'AdjustedClientToken' : [ 0x780, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x788, ['pointer64', ['void']]],
+    'PropertySet' : [ 0x790, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x7a8, ['pointer64', ['void']]],
+    'UserFsBase' : [ 0x7b0, ['unsigned long long']],
+    'UserGsBase' : [ 0x7b8, ['unsigned long long']],
+    'EnergyValues' : [ 0x7c0, ['pointer64', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x7c8, ['pointer64', ['void']]],
+    'SelectedCpuSets' : [ 0x7d0, ['unsigned long long']],
+    'SelectedCpuSetsIndirect' : [ 0x7d0, ['pointer64', ['unsigned long long']]],
+    'Silo' : [ 0x7d8, ['pointer64', ['_EJOB']]],
+    'ThreadName' : [ 0x7e0, ['pointer64', ['_UNICODE_STRING']]],
+    'SetContextState' : [ 0x7e8, ['pointer64', ['_CONTEXT']]],
+    'LastExpectedRunTime' : [ 0x7f0, ['unsigned long']],
+    'HeapData' : [ 0x7f4, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x7f8, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x808, ['unsigned long long']],
+    'DisownedOwnerEntryListHead' : [ 0x810, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_13fe' : [ 0x4, {
+    'ControlFlowGuardEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditDisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'AuditDisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'AuditProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'AuditProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinaries' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinariesAllowStore' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AuditLoaderIntegrityContinuity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'EnableModuleTamperingProtection' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'EnableModuleTamperingProtectionNoInherit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RestrictIndirectBranchPrediction' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IsolateSecurityDomain' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1400' : [ 0x4, {
+    'EnableExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AuditExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'EnableRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuditRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuditRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'EnableRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AuditRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'EnableImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisablePageCombine' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SpeculativeStoreBypassDisable' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'CetUserShadowStacks' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+} ],
+  '_EPROCESS' : [ 0x880, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x2e0, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0x2e8, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x2f0, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x300, ['_EX_RUNDOWN_REF']],
+    'Flags2' : [ 0x308, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x308, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x308, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x308, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x308, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x308, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x308, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0x308, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x308, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x308, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x308, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PicoCreated' : [ 0x308, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0x308, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x308, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x308, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x308, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0x308, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x308, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x308, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x308, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x308, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0x308, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'EnableReadVmLogging' : [ 0x308, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'EnableWriteVmLogging' : [ 0x308, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0x308, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0x308, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0x308, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0x308, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'InPrivate' : [ 0x308, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x30c, ['unsigned long']],
+    'CreateReported' : [ 0x30c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x30c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x30c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x30c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ManageExecutableMemoryWrites' : [ 0x30c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x30c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x30c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x30c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0x30c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x30c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x30c, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x30c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x30c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x30c, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x30c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x30c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x30c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x30c, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x30c, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0x30c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x30c, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x30c, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x30c, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x30c, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0x30c, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x30c, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x30c, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x30c, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x30c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0x310, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0x318, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x328, ['array', 2, ['unsigned long long']]],
+    'PeakVirtualSize' : [ 0x338, ['unsigned long long']],
+    'VirtualSize' : [ 0x340, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x348, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x358, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x358, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x358, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Token' : [ 0x360, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x368, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x370, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x378, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x380, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x388, ['pointer64', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x390, ['pointer64', ['_EJOB']]],
+    'CloneRoot' : [ 0x398, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x3a0, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x3a8, ['unsigned long long']],
+    'Win32Process' : [ 0x3b0, ['pointer64', ['void']]],
+    'Job' : [ 0x3b8, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x3c0, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x3c8, ['pointer64', ['void']]],
+    'Cookie' : [ 0x3d0, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x3d8, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x3e0, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x3e8, ['pointer64', ['void']]],
+    'OwnerProcessId' : [ 0x3f0, ['unsigned long long']],
+    'Peb' : [ 0x3f8, ['pointer64', ['_PEB']]],
+    'Session' : [ 0x400, ['pointer64', ['_MM_SESSION_SPACE']]],
+    'Spare1' : [ 0x408, ['pointer64', ['void']]],
+    'QuotaBlock' : [ 0x410, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x418, ['pointer64', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x420, ['pointer64', ['void']]],
+    'WoW64Process' : [ 0x428, ['pointer64', ['_EWOW64PROCESS']]],
+    'DeviceMap' : [ 0x430, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x438, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x440, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x448, ['pointer64', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x450, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x45f, ['unsigned char']],
+    'SecurityPort' : [ 0x460, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x468, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x470, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x480, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x488, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x498, ['unsigned long']],
+    'ImagePathHash' : [ 0x49c, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x4a0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x4a4, ['long']],
+    'PrefetchTrace' : [ 0x4a8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x4b0, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x4b8, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x4c0, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x4c8, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x4d0, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x4d8, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x4e0, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x4e8, ['unsigned long long']],
+    'CommitCharge' : [ 0x4f0, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x4f8, ['unsigned long long']],
+    'Vm' : [ 0x500, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x640, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x650, ['unsigned long']],
+    'ExitStatus' : [ 0x654, ['long']],
+    'VadRoot' : [ 0x658, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x660, ['pointer64', ['void']]],
+    'VadCount' : [ 0x668, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x670, ['unsigned long long']],
+    'VadPhysicalPagesLimit' : [ 0x678, ['unsigned long long']],
+    'AlpcContext' : [ 0x680, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x6a0, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x6b0, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x6b8, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x6bc, ['unsigned long']],
+    'ExitTime' : [ 0x6c0, ['_LARGE_INTEGER']],
+    'InvertedFunctionTable' : [ 0x6c8, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
+    'InvertedFunctionTableLock' : [ 0x6d0, ['_EX_PUSH_LOCK']],
+    'ActiveThreadsHighWatermark' : [ 0x6d8, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x6dc, ['unsigned long']],
+    'ThreadListLock' : [ 0x6e0, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x6e8, ['pointer64', ['void']]],
+    'ServerSilo' : [ 0x6f0, ['pointer64', ['_EJOB']]],
+    'SignatureLevel' : [ 0x6f8, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x6f9, ['unsigned char']],
+    'Protection' : [ 0x6fa, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x6fb, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'GhostCount' : [ 0x6fb, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'PrefilterException' : [ 0x6fb, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Flags3' : [ 0x6fc, ['unsigned long']],
+    'Minimal' : [ 0x6fc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x6fc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Crashed' : [ 0x6fc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x6fc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x6fc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x6fc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x6fc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x6fc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x6fc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x6fc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x6fc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x6fc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SystemProcess' : [ 0x6fc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'HideImageBaseAddresses' : [ 0x6fc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x6fc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProcessFirstResume' : [ 0x6fc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ForegroundExternal' : [ 0x6fc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ForegroundSystem' : [ 0x6fc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HighMemoryPriority' : [ 0x6fc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'EnableProcessSuspendResumeLogging' : [ 0x6fc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'EnableThreadSuspendResumeLogging' : [ 0x6fc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SecurityDomainChanged' : [ 0x6fc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'SecurityFreezeComplete' : [ 0x6fc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'VmProcessorHost' : [ 0x6fc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x700, ['long']],
+    'SvmData' : [ 0x708, ['pointer64', ['void']]],
+    'SvmProcessLock' : [ 0x710, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x718, ['unsigned long long']],
+    'SvmProcessDeviceListHead' : [ 0x720, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x730, ['unsigned long long']],
+    'DiskCounters' : [ 0x738, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x740, ['pointer64', ['void']]],
+    'EnclaveTable' : [ 0x748, ['pointer64', ['void']]],
+    'EnclaveNumber' : [ 0x750, ['unsigned long long']],
+    'EnclaveLock' : [ 0x758, ['_EX_PUSH_LOCK']],
+    'HighPriorityFaultsAllowed' : [ 0x760, ['unsigned long']],
+    'EnergyContext' : [ 0x768, ['pointer64', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x770, ['pointer64', ['void']]],
+    'SequenceNumber' : [ 0x778, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x780, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x788, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x790, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x798, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x7a0, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x7a0, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x7a8, ['unsigned long long']],
+    'SharedCommitLock' : [ 0x7b0, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x7b8, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x7c8, ['unsigned long long']],
+    'DefaultCpuSets' : [ 0x7d0, ['unsigned long long']],
+    'AllowedCpuSetsIndirect' : [ 0x7c8, ['pointer64', ['unsigned long long']]],
+    'DefaultCpuSetsIndirect' : [ 0x7d0, ['pointer64', ['unsigned long long']]],
+    'DiskIoAttribution' : [ 0x7d8, ['pointer64', ['void']]],
+    'DxgProcess' : [ 0x7e0, ['pointer64', ['void']]],
+    'Win32KFilterSet' : [ 0x7e8, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x7f0, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x7f8, ['unsigned long']],
+    'KTimer2Sets' : [ 0x7fc, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x800, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x808, ['unsigned long long']],
+    'VirtualTimerListHead' : [ 0x810, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x820, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x820, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'MitigationFlags' : [ 0x850, ['unsigned long']],
+    'MitigationFlagsValues' : [ 0x850, ['__unnamed_13fe']],
+    'MitigationFlags2' : [ 0x854, ['unsigned long']],
+    'MitigationFlags2Values' : [ 0x854, ['__unnamed_1400']],
+    'PartitionObject' : [ 0x858, ['pointer64', ['void']]],
+    'SecurityDomain' : [ 0x860, ['unsigned long long']],
+    'ParentSecurityDomain' : [ 0x868, ['unsigned long long']],
+    'CoverageSamplerContext' : [ 0x870, ['pointer64', ['void']]],
+    'MmHotPatchContext' : [ 0x878, ['pointer64', ['void']]],
+} ],
+  '_EWOW64PROCESS' : [ 0x10, {
+    'Peb' : [ 0x0, ['pointer64', ['void']]],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'NtdllType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PsNativeSystemDll', 1: u'PsWowX86SystemDll', 2: u'PsWowArm32SystemDll', 3: u'PsWowAmd64SystemDll', 4: u'PsWowChpeX86SystemDll', 5: u'PsVsmEnclaveRuntimeDll', 6: u'PsSystemDllTotalTypes'})]],
+} ],
+  '__unnamed_141d' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1423' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1425' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_1423']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_142e' : [ 0x58, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1430' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_142e']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_141d']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_1425']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_1430']],
+} ],
+  '__unnamed_1437' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_143b' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_143f' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_1441' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1445' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1447' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_144b' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+    'DirectoryNotifyInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'DirectoryNotifyInformation', 2: u'DirectoryNotifyExtendedInformation'})]],
+} ],
+  '__unnamed_144d' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_144f' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1451' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1453' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1457' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsFullSizeInformationEx', 15: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_1459' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_145b' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_145d' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_145f' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1461' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1465' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_1469' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_146d' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1471' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_1475' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1479' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_147d' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_147f' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1481' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_1485' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_1489' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_148d' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay', 6: u'DeviceUsageTypeGuestAssigned'})]],
+} ],
+  '__unnamed_1491' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_1495' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_149d' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_14a1' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_14a3' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_14a5' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_14a7' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_1437']],
+    'CreatePipe' : [ 0x0, ['__unnamed_143b']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_143f']],
+    'Read' : [ 0x0, ['__unnamed_1441']],
+    'Write' : [ 0x0, ['__unnamed_1441']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_1445']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_1447']],
+    'NotifyDirectoryEx' : [ 0x0, ['__unnamed_144b']],
+    'QueryFile' : [ 0x0, ['__unnamed_144d']],
+    'SetFile' : [ 0x0, ['__unnamed_144f']],
+    'QueryEa' : [ 0x0, ['__unnamed_1451']],
+    'SetEa' : [ 0x0, ['__unnamed_1453']],
+    'QueryVolume' : [ 0x0, ['__unnamed_1457']],
+    'SetVolume' : [ 0x0, ['__unnamed_1457']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_1459']],
+    'LockControl' : [ 0x0, ['__unnamed_145b']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_145d']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_145f']],
+    'SetSecurity' : [ 0x0, ['__unnamed_1461']],
+    'MountVolume' : [ 0x0, ['__unnamed_1465']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_1465']],
+    'Scsi' : [ 0x0, ['__unnamed_1469']],
+    'QueryQuota' : [ 0x0, ['__unnamed_146d']],
+    'SetQuota' : [ 0x0, ['__unnamed_1453']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1471']],
+    'QueryInterface' : [ 0x0, ['__unnamed_1475']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_1479']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_147d']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_147f']],
+    'SetLock' : [ 0x0, ['__unnamed_1481']],
+    'QueryId' : [ 0x0, ['__unnamed_1485']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_1489']],
+    'UsageNotification' : [ 0x0, ['__unnamed_148d']],
+    'WaitWake' : [ 0x0, ['__unnamed_1491']],
+    'PowerSequence' : [ 0x0, ['__unnamed_1495']],
+    'Power' : [ 0x0, ['__unnamed_149d']],
+    'StartDevice' : [ 0x0, ['__unnamed_14a1']],
+    'WMI' : [ 0x0, ['__unnamed_14a3']],
+    'Others' : [ 0x0, ['__unnamed_14a5']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_14a7']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_14bd' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_14bd']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x28, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x20, ['pointer64', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x620, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
+    'TotalProcesses' : [ 0xd4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
+    'LimitFlags' : [ 0x100, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
+    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
+    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
+    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
+    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
+    'SessionId' : [ 0x1e0, ['unsigned long']],
+    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
+    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
+    'JobTotalMemoryLimit' : [ 0x250, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x258, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x260, ['unsigned long long']],
+    'EffectiveAffinity' : [ 0x268, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x310, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x318, ['unsigned long long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x320, ['unsigned long long']],
+    'EffectiveProcessMemoryLimit' : [ 0x328, ['unsigned long long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x338, ['pointer64', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x340, ['pointer64', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x348, ['pointer64', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x350, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x354, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x358, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x35c, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x360, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x364, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x368, ['unsigned char']],
+    'PriorityClass' : [ 0x369, ['unsigned char']],
+    'NestingDepth' : [ 0x36a, ['unsigned char']],
+    'Reserved1' : [ 0x36b, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x36c, ['unsigned long']],
+    'WakeChannel' : [ 0x370, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x370, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x3b8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x3c0, ['unsigned long']],
+    'NotificationLink' : [ 0x3c8, ['pointer64', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x3d0, ['unsigned long long']],
+    'NotificationInfo' : [ 0x3d8, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x3e0, ['pointer64', ['void']]],
+    'NotificationPacket' : [ 0x3e8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x3f0, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x3f8, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x400, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x408, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x410, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x420, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x430, ['pointer64', ['_EJOB']]],
+    'RootJob' : [ 0x438, ['pointer64', ['_EJOB']]],
+    'IteratorListHead' : [ 0x440, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x450, ['unsigned long long']],
+    'Ancestors' : [ 0x458, ['pointer64', ['pointer64', ['_EJOB']]]],
+    'SessionObject' : [ 0x458, ['pointer64', ['void']]],
+    'Accounting' : [ 0x460, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x4b8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x4bc, ['unsigned long']],
+    'SequenceNumber' : [ 0x4c0, ['unsigned long']],
+    'JobId' : [ 0x4c4, ['unsigned long']],
+    'ContainerId' : [ 0x4c8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x4d8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x4e8, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x4f0, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x508, ['pointer64', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x510, ['pointer64', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x518, ['unsigned long']],
+    'CloseDone' : [ 0x518, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x518, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x518, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x518, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x518, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x518, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x518, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x518, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x518, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x518, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x518, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x518, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x518, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x518, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x518, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x518, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x518, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x518, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x518, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x518, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x518, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x518, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x518, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x518, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x518, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x518, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x518, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x51c, ['unsigned long']],
+    'ParentLocked' : [ 0x51c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x51c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x51c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x520, ['pointer64', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x528, ['unsigned long long']],
+    'DiskIoAttributionUserRefCount' : [ 0x530, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x534, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x538, ['pointer64', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x538, ['pointer64', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x540, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x568, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x5a0, ['long']],
+    'VolumeIoControlTree' : [ 0x5a8, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x5b8, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x5c0, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x5c4, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x5c8, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x5cc, ['unsigned long']],
+    'LastThrottledIoTime' : [ 0x5d0, ['unsigned long long']],
+    'IoControlLock' : [ 0x5d8, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x5e0, ['unsigned long long']],
+    'RundownWorkItem' : [ 0x5e8, ['_WORK_QUEUE_ITEM']],
+    'PartitionObject' : [ 0x608, ['pointer64', ['void']]],
+    'PartitionOwnerJob' : [ 0x610, ['pointer64', ['_EJOB']]],
+    'EnergyTrackingState' : [ 0x618, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x70, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x60, ['pointer64', ['void']]],
+    'UserContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MCUPDATE_INFO' : [ 0x30, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'Status' : [ 0x10, ['unsigned long']],
+    'Id' : [ 0x18, ['unsigned long long']],
+    'VendorScratch' : [ 0x20, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x1b0, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY' : [ 0x20, {
+    'Header' : [ 0x0, ['_WHEA_EVENT_LOG_ENTRY_HEADER']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_FLAGS' : [ 0x4, {
+    'LogTelemetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LogInternalEtw' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LogBlackbox' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LogSel' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RawSel' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric', 7: u'WheaErrTypePmem'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'Oplock' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '_RTL_HASH_TABLE' : [ 0x10, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x10, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0x18, {
+    'Hash' : [ 0x0, ['pointer64', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x8, ['pointer64', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x10, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x18, {
+    'Table' : [ 0x0, ['pointer64', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x8, ['unsigned long']],
+    'EntryMax' : [ 0xc, ['unsigned long']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x8, {
+    'Key' : [ 0x0, ['unsigned long long']],
+} ],
+  '_TlgProvider_t' : [ 0x38, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  'wil_details_FeaturePropertyCache' : [ 0x4, {
+    'cache' : [ 0x0, ['wil_details_FeatureProperties']],
+    'variant' : [ 0x0, ['wil_details_VariantProperties']],
+    'var' : [ 0x0, ['long']],
+} ],
+  'wil_details_SetPropertyFlagContext' : [ 0x10, {
+    'result' : [ 0x0, ['pointer64', ['wil_details_RecordUsageResult']]],
+    'flags' : [ 0x8, ['unsigned long']],
+    'ignoreReporting' : [ 0xc, ['long']],
+} ],
+  'wil_details_RecordUsageResult' : [ 0x18, {
+    'queueBackground' : [ 0x0, ['long']],
+    'countImmediate' : [ 0x4, ['unsigned long']],
+    'kindImmediate' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_ServiceReportingKind_UniqueUsage', 1: u'wil_details_ServiceReportingKind_UniqueOpportunity', 2: u'wil_details_ServiceReportingKind_DeviceUsage', 3: u'wil_details_ServiceReportingKind_DeviceOpportunity', 4: u'wil_details_ServiceReportingKind_PotentialUniqueUsage', 5: u'wil_details_ServiceReportingKind_PotentialUniqueOpportunity', 6: u'wil_details_ServiceReportingKind_PotentialDeviceUsage', 7: u'wil_details_ServiceReportingKind_PotentialDeviceOpportunity', 8: u'wil_details_ServiceReportingKind_EnabledTotalDuration', 9: u'wil_details_ServiceReportingKind_EnabledPausedDuration', 10: u'wil_details_ServiceReportingKind_DisabledTotalDuration', 11: u'wil_details_ServiceReportingKind_DisabledPausedDuration', 256: u'wil_details_ServiceReportingKind_VariantDevicePotentialBase', 320: u'wil_details_ServiceReportingKind_VariantDeviceUsageBase', 384: u'wil_details_ServiceReportingKind_VariantUniquePotentialBase', 448: u'wil_details_ServiceReportingKind_VariantUniqueUsageBase', 150: u'wil_details_ServiceReportingKind_CustomDisabledBase', 100: u'wil_details_ServiceReportingKind_CustomEnabledBase', 254: u'wil_details_ServiceReportingKind_Store', 255: u'wil_details_ServiceReportingKind_None'})]],
+    'payloadId' : [ 0xc, ['unsigned long']],
+    'ignoredUse' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_SetPropertyCacheUsageContext' : [ 0x18, {
+    'result' : [ 0x0, ['pointer64', ['wil_details_RecordUsageResult']]],
+    'kind' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_ServiceReportingKind_UniqueUsage', 1: u'wil_details_ServiceReportingKind_UniqueOpportunity', 2: u'wil_details_ServiceReportingKind_DeviceUsage', 3: u'wil_details_ServiceReportingKind_DeviceOpportunity', 4: u'wil_details_ServiceReportingKind_PotentialUniqueUsage', 5: u'wil_details_ServiceReportingKind_PotentialUniqueOpportunity', 6: u'wil_details_ServiceReportingKind_PotentialDeviceUsage', 7: u'wil_details_ServiceReportingKind_PotentialDeviceOpportunity', 8: u'wil_details_ServiceReportingKind_EnabledTotalDuration', 9: u'wil_details_ServiceReportingKind_EnabledPausedDuration', 10: u'wil_details_ServiceReportingKind_DisabledTotalDuration', 11: u'wil_details_ServiceReportingKind_DisabledPausedDuration', 256: u'wil_details_ServiceReportingKind_VariantDevicePotentialBase', 320: u'wil_details_ServiceReportingKind_VariantDeviceUsageBase', 384: u'wil_details_ServiceReportingKind_VariantUniquePotentialBase', 448: u'wil_details_ServiceReportingKind_VariantUniqueUsageBase', 150: u'wil_details_ServiceReportingKind_CustomDisabledBase', 100: u'wil_details_ServiceReportingKind_CustomEnabledBase', 254: u'wil_details_ServiceReportingKind_Store', 255: u'wil_details_ServiceReportingKind_None'})]],
+    'addend' : [ 0x10, ['unsigned long long']],
+} ],
+  'FEATURE_ERROR' : [ 0x68, {
+    'hr' : [ 0x0, ['unsigned long']],
+    'lineNumber' : [ 0x4, ['unsigned short']],
+    'file' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'process' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'modulePath' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'callerReturnAddressOffset' : [ 0x20, ['unsigned long']],
+    'callerModule' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'message' : [ 0x30, ['pointer64', ['unsigned char']]],
+    'originLineNumber' : [ 0x38, ['unsigned short']],
+    'originFile' : [ 0x40, ['pointer64', ['unsigned char']]],
+    'originModule' : [ 0x48, ['pointer64', ['unsigned char']]],
+    'originCallerReturnAddressOffset' : [ 0x50, ['unsigned long']],
+    'originCallerModule' : [ 0x58, ['pointer64', ['unsigned char']]],
+    'originName' : [ 0x60, ['pointer64', ['unsigned char']]],
+} ],
+  'FEATURE_LOGGED_TRAITS' : [ 0x6, {
+    'version' : [ 0x0, ['unsigned short']],
+    'baseVersion' : [ 0x2, ['unsigned short']],
+    'stage' : [ 0x4, ['unsigned char']],
+} ],
+  'wil_details_FeatureVariantPropertyCache' : [ 0x8, {
+    'propertyCache' : [ 0x0, ['wil_details_FeaturePropertyCache']],
+    'payloadId' : [ 0x4, ['unsigned long']],
+} ],
+  'wil_details_StagingConfigFeature' : [ 0xc, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'changedInSession' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'unused1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned long')]],
+    'serviceState' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 10, native_type='unsigned long')]],
+    'userState' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'testState' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 14, native_type='unsigned long')]],
+    'unused2' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned long')]],
+    'unused3' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'variant' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'payloadKind' : [ 0x4, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+    'payload' : [ 0x8, ['unsigned long']],
+} ],
+  'wil_details_StagingConfig' : [ 0x58, {
+    'store' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureStore_Machine', 1: u'wil_FeatureStore_User', 2: u'wil_FeatureStore_All'})]],
+    'forUpdate' : [ 0x4, ['long']],
+    'readChangeStamp' : [ 0x8, ['unsigned long']],
+    'readVersion' : [ 0xc, ['unsigned char']],
+    'modified' : [ 0x10, ['long']],
+    'header' : [ 0x18, ['pointer64', ['wil_details_StagingConfigHeader']]],
+    'features' : [ 0x20, ['pointer64', ['wil_details_StagingConfigFeature']]],
+    'triggers' : [ 0x28, ['pointer64', ['wil_details_StagingConfigUsageTrigger']]],
+    'changedInSession' : [ 0x30, ['long']],
+    'buffer' : [ 0x38, ['pointer64', ['void']]],
+    'bufferSize' : [ 0x40, ['unsigned long long']],
+    'bufferAlloc' : [ 0x48, ['unsigned long long']],
+    'bufferOwned' : [ 0x50, ['long']],
+} ],
+  'wil_details_StagingConfigHeader' : [ 0x10, {
+    'version' : [ 0x0, ['unsigned char']],
+    'versionMinor' : [ 0x1, ['unsigned char']],
+    'headerSizeBytes' : [ 0x2, ['unsigned short']],
+    'featureCount' : [ 0x4, ['unsigned short']],
+    'featureUsageTriggerCount' : [ 0x6, ['unsigned short']],
+    'sessionProperties' : [ 0x8, ['wil_details_StagingConfigHeaderProperties']],
+    'properties' : [ 0xc, ['wil_details_StagingConfigHeaderProperties']],
+} ],
+  'wil_details_StagingConfigUsageTrigger' : [ 0x10, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'trigger' : [ 0x4, ['wil_details_StagingConfigWnfStateName']],
+    'serviceReportingKind' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'unused' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_details_StagingConfigHeaderProperties' : [ 0x4, {
+    'ignoreServiceState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ignoreUserState' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ignoreTestState' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ignoreVariants' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_FeatureState' : [ 0x18, {
+    'enabledState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0x4, ['unsigned char']],
+    'payloadKind' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureVariantPayloadKind_None', 1: u'wil_FeatureVariantPayloadKind_Resident', 2: u'wil_FeatureVariantPayloadKind_External'})]],
+    'payload' : [ 0xc, ['unsigned long']],
+    'hasNotification' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_FeatureTestState' : [ 0x20, {
+    'kind' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_FeatureTestStateKind_EnabledState', 1: u'wil_details_FeatureTestStateKind_Variant'})]],
+    'featureId' : [ 0x4, ['unsigned long']],
+    'state' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0xc, ['unsigned char']],
+    'payload' : [ 0x10, ['unsigned long']],
+    'next' : [ 0x18, ['pointer64', ['wil_details_FeatureTestState']]],
+} ],
+  '__WIL__WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_wil_details_UsageSubscriptionData' : [ 0x8, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'serviceReportingKind' : [ 0x4, ['unsigned short']],
+} ],
+  '__unnamed_183a' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_183a']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0x10, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x8, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0xc, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
+    'WaiterPriority' : [ 0x1b, ['unsigned char']],
+    'SharedWaiters' : [ 0x20, ['pointer64', ['void']]],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['void']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x70, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer64', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0x18, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x20, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x28, ['unsigned long long']],
+    'NumberOfReferences' : [ 0x30, ['unsigned long long']],
+    'CloneHeader' : [ 0x38, ['pointer64', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x40, ['unsigned long long']],
+    'DeleteList' : [ 0x50, ['_SLIST_ENTRY']],
+    'NestingLevel' : [ 0x60, ['unsigned long long']],
+} ],
+  '__unnamed_1879' : [ 0x8, {
+    'NextSlistPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
+    'Active' : [ 0x0, ['_MI_ACTIVE_PFN']],
+} ],
+  '__unnamed_187e' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_1880' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1882' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_187e']],
+    'e4' : [ 0x0, ['__unnamed_1880']],
+} ],
+  '__unnamed_188e' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'Channel' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 50, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 52, native_type='unsigned long long')]],
+    'FileOnly' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 57, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_1879']],
+    'PteAddress' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PteLong' : [ 0x8, ['unsigned long long']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'u2' : [ 0x18, ['_MIPFNBLINK']],
+    'u3' : [ 0x20, ['__unnamed_1882']],
+    'NodeBlinkLow' : [ 0x24, ['unsigned short']],
+    'Unused' : [ 0x26, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Unused2' : [ 0x26, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ViewCount' : [ 0x27, ['unsigned char']],
+    'NodeFlinkLow' : [ 0x27, ['unsigned char']],
+    'u4' : [ 0x28, ['__unnamed_188e']],
+} ],
+  '__unnamed_1899' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_189d' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x48, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_1899']],
+    'u2' : [ 0x38, ['__unnamed_189d']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_18a2' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_18a5' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS2']],
+} ],
+  '__unnamed_18ad' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 22, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ImageBaseOkToReuse' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_18af' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_18ad']],
+} ],
+  '__unnamed_18b1' : [ 0x8, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x80, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'AweContext' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_18a2']],
+    'u1' : [ 0x3c, ['__unnamed_18a5']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_18af']],
+    'FileObjectLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x70, ['unsigned long long']],
+    'u3' : [ 0x78, ['__unnamed_18b1']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x60, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSystemPtesLarge', 14: u'MiVaKernelStacks', 15: u'MiVaMaximumType'})]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x30, ['unsigned long long']],
+    'GlobalPushLock' : [ 0x30, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'TotalSystemPtes' : [ 0x38, ['unsigned long long']],
+    'Hint' : [ 0x40, ['unsigned long long']],
+    'LowestBitEverAllocated' : [ 0x48, ['unsigned long long']],
+    'CachedPtes' : [ 0x50, ['pointer64', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x58, ['unsigned long long']],
+} ],
+  '__unnamed_18cc' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+    'PrivateVadFlags' : [ 0x0, ['_MM_PRIVATE_VAD_FLAGS']],
+    'GraphicsVadFlags' : [ 0x0, ['_MM_GRAPHICS_VAD_FLAGS']],
+    'SharedVadFlags' : [ 0x0, ['_MM_SHARED_VAD_FLAGS']],
+    'VolatileVadLong' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_18cf' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
+    'ExtraCreateInfo' : [ 0x8, ['pointer64', ['void']]],
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long']],
+    'EndingVpn' : [ 0x1c, ['unsigned long']],
+    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
+    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
+    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
+    'SpareNT64VadUChar' : [ 0x23, ['unsigned char']],
+    'ReferenceCount' : [ 0x24, ['long']],
+    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x30, ['__unnamed_18cc']],
+    'u1' : [ 0x34, ['__unnamed_18cf']],
+    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_PARTITION' : [ 0x30c0, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0x1b0, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x470, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x500, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x840, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0x1c00, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0x1c80, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0x1ce8, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x1e78, ['pointer64', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x1e80, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'SessionDetachTimeStamp' : [ 0x1e90, ['unsigned long']],
+    'Vp' : [ 0x1ec0, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_EPARTITION' : [ 0x80, {
+    'MmPartition' : [ 0x0, ['pointer64', ['void']]],
+    'CcPartition' : [ 0x8, ['pointer64', ['void']]],
+    'ExPartition' : [ 0x10, ['pointer64', ['void']]],
+    'HardReferenceCount' : [ 0x18, ['long long']],
+    'OpenHandleCount' : [ 0x20, ['long long']],
+    'ActivePartitionLinks' : [ 0x28, ['_LIST_ENTRY']],
+    'ParentPartition' : [ 0x38, ['pointer64', ['_EPARTITION']]],
+    'TeardownWorkItem' : [ 0x40, ['_WORK_QUEUE_ITEM']],
+    'TeardownLock' : [ 0x60, ['_EX_PUSH_LOCK']],
+    'SystemProcess' : [ 0x68, ['pointer64', ['_EPROCESS']]],
+    'SystemProcessHandle' : [ 0x70, ['pointer64', ['void']]],
+    'PartitionFlags' : [ 0x78, ['unsigned long']],
+    'PairedWithJob' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '_HHIVE' : [ 0x600, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x28, ['pointer64', ['void']]],
+    'FileRead' : [ 0x30, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x38, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x40, ['pointer64', ['_HBASE_BLOCK']]],
+    'FlusherLock' : [ 0x48, ['_CMSI_RW_LOCK']],
+    'WriterLock' : [ 0x50, ['_CMSI_RW_LOCK']],
+    'DirtyVector' : [ 0x58, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x68, ['unsigned long']],
+    'DirtyAlloc' : [ 0x6c, ['unsigned long']],
+    'UnreconciledVector' : [ 0x70, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x80, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x84, ['unsigned long']],
+    'Cluster' : [ 0x88, ['unsigned long']],
+    'Flat' : [ 0x8c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x8c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x8c, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x8d, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x90, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x94, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x98, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x9c, ['unsigned long']],
+    'HiveFlags' : [ 0xa0, ['unsigned long']],
+    'CurrentLog' : [ 0xa4, ['unsigned long']],
+    'CurrentLogSequence' : [ 0xa8, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0xac, ['unsigned long']],
+    'CurrentLogOffset' : [ 0xb0, ['unsigned long']],
+    'MinimumLogSequence' : [ 0xb4, ['unsigned long']],
+    'LogFileSizeCap' : [ 0xb8, ['unsigned long']],
+    'LogDataPresent' : [ 0xbc, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0xbe, ['unsigned char']],
+    'BaseBlockDirty' : [ 0xbf, ['unsigned char']],
+    'LastLogSwapTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0xc8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0xc8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0xc8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0xc8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0xc8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0xc8, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0xca, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0xcc, ['unsigned long']],
+    'StorageTypeCount' : [ 0xd0, ['unsigned long']],
+    'Version' : [ 0xd4, ['unsigned long']],
+    'ViewMap' : [ 0xd8, ['_HVP_VIEW_MAP']],
+    'Storage' : [ 0x110, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x138, {
+    'RefCount' : [ 0x0, ['unsigned long long']],
+    'ExtFlags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Freed' : [ 0x8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SpareExtFlag' : [ 0x8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x8, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x10, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x10, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x18, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x20, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x28, ['unsigned long']],
+    'KcbPushlock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x38, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x38, ['long']],
+    'DelayedDeref' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x41, ['unsigned char']],
+    'LayerHeight' : [ 0x42, ['short']],
+    'Spare1' : [ 0x44, ['unsigned long']],
+    'ParentKcb' : [ 0x48, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x50, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueList' : [ 0x60, ['_CHILD_LIST']],
+    'LinkTarget' : [ 0x68, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'IndexHint' : [ 0x70, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x70, ['unsigned long']],
+    'SubKeyCount' : [ 0x70, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x78, ['_LIST_ENTRY']],
+    'ClonedListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x88, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xb0, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xb2, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xb4, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb8, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Spare3' : [ 0xbc, ['unsigned long']],
+    'LayerInfo' : [ 0xc0, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'RealKeyName' : [ 0xc8, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xd0, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xe0, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xf0, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf8, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x108, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x118, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x120, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x128, ['pointer64', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0x128, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x128, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'SequenceNumber' : [ 0x130, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x60, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+    'EnumerationResumeContext' : [ 0x58, ['pointer64', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_CMHIVE' : [ 0x12e8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x600, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0x630, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x640, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x650, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x660, ['_EX_RUNDOWN_REF']],
+    'KcbCacheTable' : [ 0x668, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x670, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x678, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x680, ['unsigned long']],
+    'Identity' : [ 0x684, ['unsigned long']],
+    'HiveLock' : [ 0x688, ['_CMSI_RW_LOCK']],
+    'FlushDirtyVector' : [ 0x690, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x6a0, ['unsigned long']],
+    'FlushLogEntryOffsetArray' : [ 0x6a8, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'FlushLogEntryOffsetArrayCount' : [ 0x6b0, ['unsigned long']],
+    'FlushLogEntrySize' : [ 0x6b4, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x6b8, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x6bc, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x6c0, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x6d0, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x6d8, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x6e0, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x6e8, ['pointer64', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x6f0, ['_EX_PUSH_LOCK']],
+    'LastShrinkHiveSize' : [ 0x6f8, ['unsigned long']],
+    'ActualFileSize' : [ 0x700, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x708, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x718, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x728, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x738, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x748, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x74c, ['unsigned long']],
+    'SecurityHitHint' : [ 0x750, ['long']],
+    'SecurityCache' : [ 0x758, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x760, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xb60, ['unsigned long']],
+    'UnloadEventArray' : [ 0xb68, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0xb70, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0xb78, ['unsigned char']],
+    'UnloadWorkItem' : [ 0xb80, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0xb88, ['_CM_WORKITEM']],
+    'DirtyVectorLog' : [ 0xbb0, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x1038, ['unsigned long']],
+    'TrustClassEntry' : [ 0x1040, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x1050, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x1058, ['unsigned long long']],
+    'CmRm' : [ 0x1060, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x1068, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x106c, ['long']],
+    'CreatorOwner' : [ 0x1070, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0x1078, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x1080, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x1088, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x1098, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x10a8, ['unsigned long']],
+    'PrimaryFilePurged' : [ 0x10a8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x10a8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x10ac, ['unsigned long']],
+    'ReferenceCount' : [ 0x10b0, ['long']],
+    'UnloadHistoryIndex' : [ 0x10b4, ['long']],
+    'UnloadHistory' : [ 0x10b8, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0x12b8, ['unsigned long']],
+    'UnaccessedStart' : [ 0x12bc, ['unsigned long']],
+    'UnaccessedEnd' : [ 0x12c0, ['unsigned long']],
+    'LoadedKeyCount' : [ 0x12c4, ['unsigned long']],
+    'HandleClosePending' : [ 0x12c8, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0x12d0, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0x12d8, ['unsigned char']],
+    'VolumeContext' : [ 0x12e0, ['pointer64', ['_CMP_VOLUME_CONTEXT']]],
+} ],
+  '__unnamed_198f' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmCreateHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread', 23: u'_CmpCheckLeaf', 24: u'_HvHiveStartFileBacked', 25: u'_HvStartHiveMemoryBacked', 26: u'_HvpEnlistFreeCells', 27: u'_HvpPerformLogFileRecovery'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1992' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1994' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1996' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1998' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_199c' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_19a0' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_19a2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x160, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned short']],
+    'RecoverableIndex' : [ 0xa, ['unsigned short']],
+    'Locations' : [ 0xc, ['array', 8, ['__unnamed_198f']]],
+    'RecoverableLocations' : [ 0x6c, ['array', 8, ['__unnamed_198f']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_1992']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_1994']],
+    'CheckKey' : [ 0xf0, ['__unnamed_1996']],
+    'CheckValueList' : [ 0x110, ['__unnamed_1998']],
+    'CheckHive' : [ 0x128, ['__unnamed_199c']],
+    'CheckHive1' : [ 0x138, ['__unnamed_199c']],
+    'CheckBin' : [ 0x148, ['__unnamed_19a0']],
+    'RecoverData' : [ 0x158, ['__unnamed_19a2']],
+} ],
+  '_CM_KCB_UOW' : [ 0x78, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ParentUoW' : [ 0x50, ['pointer64', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x58, ['unsigned long']],
+    'OldValueCell' : [ 0x58, ['unsigned long']],
+    'NewValueCell' : [ 0x5c, ['unsigned long']],
+    'UserFlags' : [ 0x58, ['unsigned long']],
+    'LastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x60, ['unsigned long']],
+    'OldChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x60, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x60, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x68, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x68, ['pointer64', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x70, ['pointer64', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x70, ['pointer64', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0xb8, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x30, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x30, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x30, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x30, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x30, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x30, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x30, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x30, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x30, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x30, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x30, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x30, ['unsigned long']],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x40, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x48, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x50, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x58, ['_GUID']],
+    'StartLsn' : [ 0x68, ['unsigned long long']],
+    'HiveCount' : [ 0x70, ['unsigned long']],
+    'HiveArray' : [ 0x78, ['array', 8, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['unsigned long']]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x175, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x176, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapData' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['unsigned long long']]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x281, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x282, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'UnalignedLoadStoreExceptions' : [ 0x2ed, ['unsigned char']],
+    'Padding1' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapData' : [ 0x17b0, ['unsigned long']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SyntheticTimeUnhaltedTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'S1DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LbrAvailable' : [ 0xc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IptAvailable' : [ 0xc, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'CrossVtlFlushAvailable' : [ 0xc, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'AccessRootSchedulerReg' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Isolation' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 55, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 55, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x2200, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'Spare1' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
+    'OutputLength' : [ 0xe0, ['unsigned long long']],
+    'Spare2' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'InterruptRetpolineState' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'Fill4' : [ 0x18c, ['unsigned long']],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '_KIST_BASE_FRAME' : [ 0x30, {
+    'KernelGsBase' : [ 0x0, ['pointer64', ['_KPCR']]],
+    'IstStack' : [ 0x8, ['pointer64', ['_KIST_LINK_FRAME']]],
+    'PreviousGsBase' : [ 0x10, ['unsigned long long']],
+    'PreviousCr3' : [ 0x18, ['unsigned long long']],
+    'IstPad' : [ 0x20, ['unsigned long long']],
+    'Reserved' : [ 0x28, ['unsigned long long']],
+} ],
+  '_KIST_LINK_FRAME' : [ 0x20, {
+    'IstBaseFrame' : [ 0x0, ['pointer64', ['_KIST_BASE_FRAME']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'Reserved0' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '__unnamed_1ad7' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1ad9' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1add' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x310, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x58, ['long']],
+    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
+    'FxActivationCount' : [ 0x78, ['long']],
+    'FxSleepCount' : [ 0x7c, ['long']],
+    'Plugin' : [ 0x80, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x88, ['unsigned long']],
+    'CurrentPowerState' : [ 0x8c, ['_POWER_STATE']],
+    'Notify' : [ 0x90, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0xf8, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0x118, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0x128, ['unsigned long']],
+    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x134, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
+    'CompletionStatus' : [ 0x188, ['long']],
+    'Flags' : [ 0x18c, ['unsigned long']],
+    'UserFlags' : [ 0x190, ['unsigned long']],
+    'Problem' : [ 0x194, ['unsigned long']],
+    'ProblemStatus' : [ 0x198, ['long']],
+    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x1c4, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
+    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
+    'OverUsed1' : [ 0x210, ['__unnamed_1ad7']],
+    'OverUsed2' : [ 0x218, ['__unnamed_1ad9']],
+    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x230, ['unsigned long']],
+    'DockInfo' : [ 0x238, ['__unnamed_1add']],
+    'DisableableDepends' : [ 0x258, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
+    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x290, ['long']],
+    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
+    'ContainerID' : [ 0x298, ['_GUID']],
+    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x2c0, ['unsigned long']],
+    'RebalanceContext' : [ 0x2c8, ['pointer64', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+    'IommuExtension' : [ 0x2d0, ['pointer64', ['_DEVICE_NODE_IOMMU_EXTENSION']]],
+    'DirectedDripsState' : [ 0x2d8, ['_PO_DIRECTED_DRIPS_STATE']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
+    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x68, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
+    'InterruptContext' : [ 0x58, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_KAFFINITY_EX' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1bd5' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1bd5']],
+} ],
+  '__unnamed_1bdc' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1bdc']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'ParameterBlockOffset' : [ 0xc, ['unsigned long']],
+    'ParameterBlockLength' : [ 0x10, ['unsigned long']],
+    'DataSetRangesOffset' : [ 0x14, ['unsigned long']],
+    'DataSetRangesLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_DATA_SET_RANGE' : [ 0x10, {
+    'StartingOffset' : [ 0x0, ['long long']],
+    'LengthInBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DEVICE_DSM_DEFINITION' : [ 0x1c, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'SingleRange' : [ 0x4, ['unsigned char']],
+    'ParameterBlockAlignment' : [ 0x8, ['unsigned long']],
+    'ParameterBlockLength' : [ 0xc, ['unsigned long']],
+    'HasOutput' : [ 0x10, ['unsigned char']],
+    'OutputBlockAlignment' : [ 0x14, ['unsigned long']],
+    'OutputBlockLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES_OUTPUT' : [ 0x24, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'OperationStatus' : [ 0xc, ['unsigned long']],
+    'ExtendedError' : [ 0x10, ['unsigned long']],
+    'TargetDetailedError' : [ 0x14, ['unsigned long']],
+    'ReservedStatus' : [ 0x18, ['unsigned long']],
+    'OutputBlockOffset' : [ 0x1c, ['unsigned long']],
+    'OutputBlockLength' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x18, ['pointer64', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x20, ['pointer64', ['wchar']]],
+    'PinCount' : [ 0x28, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x2a, ['unsigned char']],
+    'ResourceSourceName' : [ 0x30, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x40, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x30, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'SlaveAddress' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x28, ['unsigned long']],
+    'RxBufferSize' : [ 0x2c, ['unsigned short']],
+    'TxBufferSize' : [ 0x2e, ['unsigned short']],
+    'Parity' : [ 0x30, ['unsigned char']],
+    'LinesInUse' : [ 0x31, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'DataBitLength' : [ 0x2c, ['unsigned char']],
+    'Phase' : [ 0x2d, ['unsigned char']],
+    'Polarity' : [ 0x2e, ['unsigned char']],
+    'DeviceSelection' : [ 0x30, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x1c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x18, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x20, ['pointer64', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x28, ['pointer64', ['void']]],
+    'Accounting' : [ 0x30, ['pointer64', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'DeepSleepEnabled' : [ 0x38, ['unsigned char']],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x15a0, {
+    'Name' : [ 0x0, ['pointer64', ['wchar']]],
+    'Id' : [ 0x8, ['unsigned char']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Priority' : [ 0x20, ['unsigned char']],
+    'Settings' : [ 0x28, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x1578, ['unsigned long long']],
+    'Count' : [ 0x1580, ['unsigned long long']],
+    'MaxDuration' : [ 0x1588, ['unsigned long long']],
+    'MinDuration' : [ 0x1590, ['unsigned long long']],
+    'TotalDuration' : [ 0x1598, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xaa8, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['array', 2, ['unsigned long']]],
+    'AutonomousActivityWindow' : [ 0x48, ['unsigned long']],
+    'AutonomousPreference' : [ 0x4c, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x4d, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4f, ['array', 2, ['unsigned char']]],
+    'ResponsivenessDisableThreshold' : [ 0x54, ['array', 2, ['unsigned long']]],
+    'ResponsivenessEnableThreshold' : [ 0x5c, ['array', 2, ['unsigned long']]],
+    'ResponsivenessDisableTime' : [ 0x64, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEnableTime' : [ 0x66, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEppCeiling' : [ 0x68, ['array', 2, ['unsigned long']]],
+    'ResponsivenessPerfFloor' : [ 0x70, ['array', 2, ['unsigned long']]],
+    'DutyCycling' : [ 0x78, ['unsigned char']],
+    'ParkingPerfState' : [ 0x79, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x7b, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x7c, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x7d, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x7e, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x7f, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x80, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x81, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x84, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x88, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x8c, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x8e, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x90, ['unsigned char']],
+    'IdleDisabled' : [ 0x91, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x94, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x98, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x99, ['unsigned char']],
+    'IdleStateMax' : [ 0x9a, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x9b, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x9c, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x9d, ['array', 1280, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x59d, ['array', 1280, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xa9d, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xa9e, ['unsigned char']],
+    'ThreadPolicies' : [ 0xaa0, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuPolicyAll', 1: u'KHeteroCpuPolicyLarge', 2: u'KHeteroCpuPolicyLargeOrIdle', 3: u'KHeteroCpuPolicySmall', 4: u'KHeteroCpuPolicySmallOrIdle', 5: u'KHeteroCpuPolicyStaticMax', 6: u'KHeteroCpuPolicyBiasedSmall', 7: u'KHeteroCpuPolicyBiasedLarge', 8: u'KHeteroCpuPolicyDefault', 9: u'KHeteroCpuPolicyMax'})]]],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x480, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x2e0, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x310, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x360, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x368, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x370, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x378, ['pointer64', ['void']]],
+    'HardErrorState' : [ 0x380, ['unsigned long']],
+    'WnfSiloState' : [ 0x388, ['_WNF_SILODRIVERSTATE']],
+    'DbgkSiloState' : [ 0x3c0, ['_DBGK_SILOSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x3e0, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x3f0, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x400, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x408, ['pointer64', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x410, ['unsigned char']],
+    'NtSystemRoot' : [ 0x418, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x428, ['_UNICODE_STRING']],
+    'Storage' : [ 0x438, ['pointer64', ['_PSP_STORAGE']]],
+    'State' : [ 0x440, ['Enumeration', dict(target = 'long', choices = {0: u'SERVERSILO_INITING', 1: u'SERVERSILO_STARTED', 2: u'SERVERSILO_SHUTTING_DOWN', 3: u'SERVERSILO_TERMINATING', 4: u'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x444, ['long']],
+    'DeleteEvent' : [ 0x448, ['pointer64', ['_KEVENT']]],
+    'UserSharedData' : [ 0x450, ['pointer64', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x458, ['pointer64', ['void']]],
+    'TerminateWorkItem' : [ 0x460, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SIrpBlocked' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BlockFastResume' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DirectedPoweredDown' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DirectedTransitionInProgress' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0xd0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x20, ['unsigned long long']],
+    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0xc0, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x228, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
+    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
+    'Event' : [ 0x158, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
+    'WritesInProgress' : [ 0x204, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x208, ['unsigned long']],
+    'Partition' : [ 0x210, ['pointer64', ['_CC_PARTITION']]],
+    'InternalRefCount' : [ 0x218, ['unsigned long']],
+    'NumMappedVacb' : [ 0x21c, ['unsigned long']],
+    'NumActiveVacb' : [ 0x220, ['unsigned long']],
+} ],
+  '__unnamed_1cf9' : [ 0x10, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_1cf9']],
+    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x400, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'PartitionObject' : [ 0x8, ['pointer64', ['_EPARTITION']]],
+    'CleanSharedCacheMapList' : [ 0x10, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0x20, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0x30, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriteCursor' : [ 0x48, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0x60, ['_LIST_ENTRY']],
+    'PrivateLock' : [ 0x80, ['unsigned long long']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0x88, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0x8c, ['unsigned char']],
+    'WorkQueueLock' : [ 0xc0, ['unsigned long long']],
+    'NumberWorkerThreads' : [ 0xc8, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0xcc, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0xd0, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0xf0, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0x100, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0x110, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0x120, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0x130, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0x134, ['unsigned long']],
+    'QueueThrottle' : [ 0x138, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0x13c, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0x140, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0x144, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0x148, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0x14c, ['unsigned long']],
+    'LowMemoryEvent' : [ 0x150, ['_KEVENT']],
+    'PowerEvent' : [ 0x168, ['_KEVENT']],
+    'PeriodicEvent' : [ 0x180, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x198, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x1b0, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x1c8, ['unsigned long']],
+    'LazyWriter' : [ 0x1d0, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x258, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x270, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x2a8, ['pointer64', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x2b0, ['long']],
+    'AverageAvailablePages' : [ 0x2b8, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x2c0, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x2c8, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x2d0, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x2d8, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x2e0, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x2e1, ['unsigned char']],
+    'DeferredWrites' : [ 0x2e8, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x300, ['unsigned long long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x308, ['pointer64', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x310, ['pointer64', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x318, ['pointer64', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x320, ['pointer64', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x328, ['pointer64', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x330, ['pointer64', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x338, ['pointer64', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x340, ['_EX_PUSH_LOCK']],
+    'VacbFreeHighPriorityList' : [ 0x348, ['_LIST_ENTRY']],
+    'NumberOfFreeHighPriorityVacbs' : [ 0x358, ['unsigned long']],
+    'LowPriWorkerThread' : [ 0x360, ['pointer64', ['_ETHREAD']]],
+    'LowPriSharedCacheMap' : [ 0x368, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'LowPriOldCpuPriority' : [ 0x370, ['long']],
+    'LowPriOldIoPriority' : [ 0x374, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+    'LowPriorityWorkerThreadLock' : [ 0x378, ['_EX_PUSH_LOCK']],
+    'MaxNumberOfWriteBehindThreads' : [ 0x380, ['unsigned long']],
+    'CoalescingState' : [ 0x384, ['unsigned char']],
+    'ActivePartition' : [ 0x385, ['unsigned char']],
+    'RundownPhase' : [ 0x386, ['unsigned char']],
+    'RefCount' : [ 0x388, ['long long']],
+    'ExitEvent' : [ 0x390, ['_KEVENT']],
+    'FinalDereferenceEvent' : [ 0x3a8, ['_KEVENT']],
+    'LazyWriteScanThreadHandle' : [ 0x3c0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1d1f' : [ 0x10, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1d21' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1d23' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_1d25' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1d27' : [ 0x30, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_1d2b' : [ 0x68, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'PrefetchList' : [ 0x20, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x28, ['unsigned long']],
+    'Mdl' : [ 0x30, ['pointer64', ['_MDL']]],
+    'IoStatusBlock' : [ 0x38, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x40, ['pointer64', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x48, ['pointer64', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x50, ['pointer64', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x58, ['pointer64', ['void']]],
+    'RequestorMode' : [ 0x60, ['unsigned char']],
+    'NestingLevel' : [ 0x64, ['unsigned long']],
+} ],
+  '__unnamed_1d2d' : [ 0x68, {
+    'Read' : [ 0x0, ['__unnamed_1d1f']],
+    'Write' : [ 0x0, ['__unnamed_1d21']],
+    'Event' : [ 0x0, ['__unnamed_1d23']],
+    'Notification' : [ 0x0, ['__unnamed_1d25']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1d27']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1d2b']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x88, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_1d2d']],
+    'Function' : [ 0x78, ['unsigned char']],
+    'Partition' : [ 0x80, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x50, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+    'Partition' : [ 0x48, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
+    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x90, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x28, {
+    'Allocate' : [ 0x0, ['unsigned long long']],
+    'Free' : [ 0x8, ['unsigned long long']],
+    'Commit' : [ 0x10, ['unsigned long long']],
+    'Decommit' : [ 0x18, ['unsigned long long']],
+    'ExtendContext' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SEGMENT_HEAP_EXTRA' : [ 0x10, {
+    'AllocationTag' : [ 0x0, ['unsigned short']],
+    'InterceptorIndex' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UserFlags' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ExtraSizeInUnits' : [ 0x3, ['unsigned char']],
+    'Settable' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_RTL_CSPARSE_BITMAP' : [ 0x40, {
+    'CommitBitmap' : [ 0x0, ['pointer64', ['unsigned long long']]],
+    'UserBitmap' : [ 0x8, ['pointer64', ['unsigned long long']]],
+    'BitCount' : [ 0x10, ['long long']],
+    'BitmapLock' : [ 0x18, ['unsigned long long']],
+    'DecommitPageIndex' : [ 0x20, ['unsigned long long']],
+    'RtlpCSparseBitmapWakeLock' : [ 0x28, ['unsigned long long']],
+    'LockType' : [ 0x30, ['unsigned char']],
+    'AddressSpace' : [ 0x31, ['unsigned char']],
+    'MemType' : [ 0x32, ['unsigned char']],
+    'AllocAlignment' : [ 0x33, ['unsigned char']],
+    'CommitDirectoryMaxSize' : [ 0x34, ['unsigned long']],
+    'CommitDirectory' : [ 0x38, ['array', 1, ['unsigned long long']]],
+} ],
+  '_RTL_SPARSE_ARRAY' : [ 0x50, {
+    'ElementCount' : [ 0x0, ['unsigned long long']],
+    'ElementSizeShift' : [ 0x8, ['unsigned long']],
+    'Bitmap' : [ 0x10, ['_RTL_CSPARSE_BITMAP']],
+} ],
+  '_HEAP_VAMGR_ALLOCATOR' : [ 0x30, {
+    'TreeLock' : [ 0x0, ['unsigned long long']],
+    'FreeRanges' : [ 0x8, ['_RTL_RB_TREE']],
+    'VaSpace' : [ 0x18, ['pointer64', ['_HEAP_VAMGR_VASPACE']]],
+    'PartitionHandle' : [ 0x20, ['pointer64', ['void']]],
+    'ChunksPerRegion' : [ 0x28, ['unsigned short']],
+    'RefCount' : [ 0x2a, ['unsigned short']],
+    'AllocatorIndex' : [ 0x2c, ['unsigned char']],
+    'NumaNode' : [ 0x2d, ['unsigned char']],
+    'LockType' : [ 0x2e, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MemoryType' : [ 0x2e, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'ConstrainedVA' : [ 0x2e, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'AllowFreeHead' : [ 0x2e, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare0' : [ 0x2e, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x2f, ['unsigned char']],
+} ],
+  '_HEAP_VAMGR_VASPACE' : [ 0x860, {
+    'AddressSpaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'HeapAddressUser', 1: u'HeapAddressKernel', 2: u'HeapAddressSession', 3: u'HeapAddressTypeMax'})]],
+    'BaseAddress' : [ 0x8, ['unsigned long long']],
+    'VaRangeArray' : [ 0x10, ['_RTL_SPARSE_ARRAY']],
+    'VaRangeArrayBuffer' : [ 0x10, ['array', 2128, ['unsigned char']]],
+} ],
+  '_HEAP_VAMGR_RANGE' : [ 0x20, {
+    'RbNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Standalone' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'AllocatorIndex' : [ 0x1, ['unsigned char']],
+    'OwnerCtx' : [ 0x8, ['array', 2, ['unsigned long long']]],
+    'SizeInChunks' : [ 0x18, ['unsigned long long']],
+    'ChunkCount' : [ 0x18, ['unsigned short']],
+    'PrevChunkCount' : [ 0x1a, ['unsigned short']],
+    'Signature' : [ 0x18, ['unsigned long long']],
+} ],
+  '_RTLP_HP_HEAP_MANAGER' : [ 0x38d0, {
+    'Globals' : [ 0x0, ['pointer64', ['_RTLP_HP_HEAP_GLOBALS']]],
+    'AllocTracker' : [ 0x8, ['_RTLP_HP_ALLOC_TRACKER']],
+    'VaMgr' : [ 0x58, ['_HEAP_VAMGR_CTX']],
+    'MetadataHeaps' : [ 0x3898, ['array', 3, ['_RTLP_HP_METADATA_HEAP_CTX']]],
+    'SubAllocConfigs' : [ 0x38c8, ['_RTL_HP_SUB_ALLOCATOR_CONFIGS']],
+} ],
+  '_RTLP_HP_ALLOC_TRACKER' : [ 0x50, {
+    'BaseAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTrackerBitmap' : [ 0x8, ['_RTL_CSPARSE_BITMAP']],
+    'AllocTrackerBitmapBuffer' : [ 0x8, ['array', 72, ['unsigned char']]],
+} ],
+  '_RTL_STACKDB_CONTEXT' : [ 0x48, {
+    'StackSegmentTable' : [ 0x0, ['_RTL_HASH_TABLE']],
+    'StackEntryTable' : [ 0x10, ['_RTL_HASH_TABLE']],
+    'StackEntryTableLock' : [ 0x20, ['_RTL_SRWLOCK']],
+    'SegmentTableLock' : [ 0x28, ['_RTL_SRWLOCK']],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'AllocatorContext' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_HEAP_LFH_FAST_REF' : [ 0x8, {
+    'Target' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_OWNER' : [ 0x38, {
+    'IsBucket' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'BucketIndex' : [ 0x1, ['unsigned char']],
+    'SlotCount' : [ 0x2, ['unsigned char']],
+    'SlotIndex' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'AvailableSubsegmentCount' : [ 0x8, ['unsigned long long']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+    'AvailableSubsegmentList' : [ 0x18, ['_LIST_ENTRY']],
+    'FullSubsegmentList' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_LFH_CONTEXT' : [ 0x4c0, {
+    'BackendCtx' : [ 0x0, ['pointer64', ['void']]],
+    'Callbacks' : [ 0x8, ['_HEAP_SUBALLOCATOR_CALLBACKS']],
+    'AffinityModArray' : [ 0x30, ['pointer64', ['unsigned char']]],
+    'MaxAffinity' : [ 0x38, ['unsigned char']],
+    'LockType' : [ 0x39, ['unsigned char']],
+    'MemStatsOffset' : [ 0x3a, ['short']],
+    'Config' : [ 0x3c, ['_RTL_HP_LFH_CONFIG']],
+    'BucketStats' : [ 0x40, ['_HEAP_LFH_SUBSEGMENT_STATS']],
+    'SubsegmentCreationLock' : [ 0x48, ['unsigned long long']],
+    'Buckets' : [ 0x80, ['array', 129, ['pointer64', ['_HEAP_LFH_BUCKET']]]],
+} ],
+  '_HEAP_LFH_BUCKET' : [ 0x68, {
+    'State' : [ 0x0, ['_HEAP_LFH_SUBSEGMENT_OWNER']],
+    'TotalBlockCount' : [ 0x38, ['unsigned long long']],
+    'TotalSubsegmentCount' : [ 0x40, ['unsigned long long']],
+    'ReciprocalBlockSize' : [ 0x48, ['unsigned long']],
+    'Shift' : [ 0x4c, ['unsigned char']],
+    'ContentionCount' : [ 0x4d, ['unsigned char']],
+    'AffinityMappingLock' : [ 0x50, ['unsigned long long']],
+    'ProcAffinityMapping' : [ 0x58, ['pointer64', ['unsigned char']]],
+    'AffinitySlots' : [ 0x60, ['pointer64', ['pointer64', ['_HEAP_LFH_AFFINITY_SLOT']]]],
+} ],
+  '_HEAP_LFH_ONDEMAND_POINTER' : [ 0x8, {
+    'Invalid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'AllocationInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'UsageData' : [ 0x2, ['unsigned short']],
+    'AllBits' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_ENCODED_OFFSETS' : [ 0x4, {
+    'BlockSize' : [ 0x0, ['unsigned short']],
+    'FirstBlockOffset' : [ 0x2, ['unsigned short']],
+    'EncodedData' : [ 0x0, ['unsigned long']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Owner' : [ 0x10, ['pointer64', ['_HEAP_LFH_SUBSEGMENT_OWNER']]],
+    'DelayFree' : [ 0x10, ['_HEAP_LFH_SUBSEGMENT_DELAY_FREE']],
+    'CommitLock' : [ 0x18, ['unsigned long long']],
+    'FreeCount' : [ 0x20, ['unsigned short']],
+    'BlockCount' : [ 0x22, ['unsigned short']],
+    'InterlockedShort' : [ 0x20, ['short']],
+    'InterlockedLong' : [ 0x20, ['long']],
+    'FreeHint' : [ 0x24, ['unsigned short']],
+    'Location' : [ 0x26, ['unsigned char']],
+    'WitheldBlockCount' : [ 0x27, ['unsigned char']],
+    'BlockOffsets' : [ 0x28, ['_HEAP_LFH_SUBSEGMENT_ENCODED_OFFSETS']],
+    'CommitUnitShift' : [ 0x2c, ['unsigned char']],
+    'CommitUnitCount' : [ 0x2d, ['unsigned char']],
+    'CommitStateOffset' : [ 0x2e, ['unsigned short']],
+    'BlockBitmap' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_HEAP_LFH_UNUSED_BYTES_INFO' : [ 0x2, {
+    'UnusedBytes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 14, native_type='unsigned short')]],
+    'ExtraPresent' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'OneByteUnused' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Bytes' : [ 0x0, ['array', 2, ['unsigned char']]],
+} ],
+  '_RTLP_HP_QUEUE_LOCK_HANDLE' : [ 0x18, {
+    'Reserved1' : [ 0x0, ['unsigned long long']],
+    'LockPtr' : [ 0x8, ['unsigned long long']],
+    'HandleData' : [ 0x10, ['unsigned long long']],
+} ],
+  '_HEAP_VS_CONTEXT' : [ 0xc0, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'LockType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'HeapLockPaged', 1: u'HeapLockNonPaged', 2: u'HeapLockTypeMax'})]],
+    'FreeChunkTree' : [ 0x10, ['_RTL_RB_TREE']],
+    'SubsegmentList' : [ 0x20, ['_LIST_ENTRY']],
+    'TotalCommittedUnits' : [ 0x30, ['unsigned long long']],
+    'FreeCommittedUnits' : [ 0x38, ['unsigned long long']],
+    'DelayFreeContext' : [ 0x40, ['_HEAP_VS_DELAY_FREE_CONTEXT']],
+    'BackendCtx' : [ 0x80, ['pointer64', ['void']]],
+    'Callbacks' : [ 0x88, ['_HEAP_SUBALLOCATOR_CALLBACKS']],
+    'Config' : [ 0xb0, ['_RTL_HP_VS_CONFIG']],
+    'Flags' : [ 0xb4, ['unsigned long']],
+} ],
+  '_HEAP_VS_CHUNK_HEADER' : [ 0x10, {
+    'Sizes' : [ 0x0, ['_HEAP_VS_CHUNK_HEADER_SIZE']],
+    'EncodedSegmentPageOffset' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'UnusedBytes' : [ 0x8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SkipDuringWalk' : [ 0x8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare' : [ 0x8, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'AllocatedChunkBits' : [ 0x8, ['unsigned long']],
+} ],
+  '_HEAP_VS_CHUNK_HEADER_SIZE' : [ 0x8, {
+    'MemoryCost' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UnsafeSize' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'UnsafePrevSize' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Allocated' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'KeyUShort' : [ 0x0, ['unsigned short']],
+    'KeyULong' : [ 0x0, ['unsigned long']],
+    'HeaderBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_VS_CHUNK_FREE_HEADER' : [ 0x20, {
+    'Header' : [ 0x0, ['_HEAP_VS_CHUNK_HEADER']],
+    'OverlapsHeader' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['_RTL_BALANCED_NODE']],
+} ],
+  '_HEAP_VS_SUBSEGMENT' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommitBitmap' : [ 0x10, ['unsigned long long']],
+    'CommitLock' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned short']],
+    'Signature' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'FullCommit' : [ 0x22, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_HEAP_VS_UNUSED_BYTES_INFO' : [ 0x2, {
+    'UnusedBytes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 13, native_type='unsigned short')]],
+    'LfhSubsegment' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'ExtraPresent' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'OneByteUnused' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Bytes' : [ 0x0, ['array', 2, ['unsigned char']]],
+} ],
+  '_HEAP_PAGE_RANGE_DESCRIPTOR' : [ 0x20, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'TreeSignature' : [ 0x0, ['unsigned long']],
+    'UnusedBytes' : [ 0x4, ['unsigned long']],
+    'ExtraPresent' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare0' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'RangeFlags' : [ 0x18, ['unsigned char']],
+    'CommittedPageCount' : [ 0x19, ['unsigned char']],
+    'Spare' : [ 0x1a, ['unsigned short']],
+    'Key' : [ 0x1c, ['_HEAP_DESCRIPTOR_KEY']],
+    'Align' : [ 0x1c, ['array', 3, ['unsigned char']]],
+    'UnitOffset' : [ 0x1f, ['unsigned char']],
+    'UnitSize' : [ 0x1f, ['unsigned char']],
+} ],
+  '_HEAP_PAGE_SEGMENT' : [ 0x2000, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+    'SegmentCommitState' : [ 0x18, ['pointer64', ['_HEAP_SEGMENT_MGR_COMMIT_STATE']]],
+    'UnusedWatermark' : [ 0x20, ['unsigned char']],
+    'DescArray' : [ 0x0, ['array', 256, ['_HEAP_PAGE_RANGE_DESCRIPTOR']]],
+} ],
+  '__unnamed_1ec2' : [ 0x1, {
+    'LargePagePolicy' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReleaseEmptySegments' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'AllFlags' : [ 0x0, ['unsigned char']],
+} ],
+  '_HEAP_SEG_CONTEXT' : [ 0xc0, {
+    'SegmentMask' : [ 0x0, ['unsigned long long']],
+    'UnitShift' : [ 0x8, ['unsigned char']],
+    'PagesPerUnitShift' : [ 0x9, ['unsigned char']],
+    'FirstDescriptorIndex' : [ 0xa, ['unsigned char']],
+    'CachedCommitSoftShift' : [ 0xb, ['unsigned char']],
+    'CachedCommitHighShift' : [ 0xc, ['unsigned char']],
+    'Flags' : [ 0xd, ['__unnamed_1ec2']],
+    'MaxAllocationSize' : [ 0x10, ['unsigned long']],
+    'OlpStatsOffset' : [ 0x14, ['short']],
+    'MemStatsOffset' : [ 0x16, ['short']],
+    'LfhContext' : [ 0x18, ['pointer64', ['void']]],
+    'VsContext' : [ 0x20, ['pointer64', ['void']]],
+    'EnvHandle' : [ 0x28, ['RTL_HP_ENV_HANDLE']],
+    'Heap' : [ 0x38, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x40, ['unsigned long long']],
+    'SegmentListHead' : [ 0x48, ['_LIST_ENTRY']],
+    'SegmentCount' : [ 0x58, ['unsigned long long']],
+    'FreePageRanges' : [ 0x60, ['_RTL_RB_TREE']],
+    'FreeSegmentListLock' : [ 0x70, ['unsigned long long']],
+    'FreeSegmentList' : [ 0x78, ['array', 2, ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_HEAP_RUNTIME_MEMORY_STATS' : [ 0x58, {
+    'TotalReservedPages' : [ 0x0, ['unsigned long long']],
+    'TotalCommittedPages' : [ 0x8, ['unsigned long long']],
+    'FreeCommittedPages' : [ 0x10, ['unsigned long long']],
+    'LfhFreeCommittedPages' : [ 0x18, ['unsigned long long']],
+    'LargePageStats' : [ 0x20, ['array', 2, ['_HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS']]],
+    'LargePageUtilizationPolicy' : [ 0x40, ['_RTL_HP_SEG_ALLOC_POLICY']],
+} ],
+  '_HEAP_DESCRIPTOR_KEY' : [ 0x4, {
+    'Key' : [ 0x0, ['unsigned long']],
+    'EncodedCommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'LargePageCost' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'UnitCount' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'RTL_HP_ENV_HANDLE' : [ 0x10, {
+    'h' : [ 0x0, ['array', 2, ['pointer64', ['void']]]],
+} ],
+  '_SEGMENT_HEAP' : [ 0x800, {
+    'EnvHandle' : [ 0x0, ['RTL_HP_ENV_HANDLE']],
+    'Signature' : [ 0x10, ['unsigned long']],
+    'GlobalFlags' : [ 0x14, ['unsigned long']],
+    'Interceptor' : [ 0x18, ['unsigned long']],
+    'ProcessHeapListIndex' : [ 0x1c, ['unsigned short']],
+    'AllocatedFromMetadata' : [ 0x1e, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'CommitLimitData' : [ 0x20, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+    'ReservedMustBeZero1' : [ 0x20, ['unsigned long long']],
+    'UserContext' : [ 0x28, ['pointer64', ['void']]],
+    'ReservedMustBeZero2' : [ 0x30, ['unsigned long long']],
+    'Spare' : [ 0x38, ['pointer64', ['void']]],
+    'LargeMetadataLock' : [ 0x40, ['unsigned long long']],
+    'LargeAllocMetadata' : [ 0x48, ['_RTL_RB_TREE']],
+    'LargeReservedPages' : [ 0x58, ['unsigned long long']],
+    'LargeCommittedPages' : [ 0x60, ['unsigned long long']],
+    'StackTraceInitVar' : [ 0x68, ['_RTL_RUN_ONCE']],
+    'MemStats' : [ 0x80, ['_HEAP_RUNTIME_MEMORY_STATS']],
+    'GlobalLockCount' : [ 0xd8, ['unsigned short']],
+    'GlobalLockOwner' : [ 0xdc, ['unsigned long']],
+    'ContextExtendLock' : [ 0xe0, ['unsigned long long']],
+    'AllocatedBase' : [ 0xe8, ['pointer64', ['unsigned char']]],
+    'UncommittedBase' : [ 0xf0, ['pointer64', ['unsigned char']]],
+    'ReservedLimit' : [ 0xf8, ['pointer64', ['unsigned char']]],
+    'SegContexts' : [ 0x100, ['array', 2, ['_HEAP_SEG_CONTEXT']]],
+    'VsContext' : [ 0x280, ['_HEAP_VS_CONTEXT']],
+    'LfhContext' : [ 0x340, ['_HEAP_LFH_CONTEXT']],
+} ],
+  '_RTL_DYNAMIC_LOOKASIDE' : [ 0x1040, {
+    'EnabledBucketBitmap' : [ 0x0, ['unsigned long long']],
+    'BucketCount' : [ 0x8, ['unsigned long']],
+    'ActiveBucketCount' : [ 0xc, ['unsigned long']],
+    'Buckets' : [ 0x40, ['array', 64, ['_RTL_LOOKASIDE']]],
+} ],
+  '_RTL_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'LastTotalFrees' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x2c0, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x90, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
+    'Signature' : [ 0x98, ['unsigned long']],
+    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
+    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
+    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x100, ['unsigned long long']],
+    'AlignMask' : [ 0x108, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
+    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
+    'StackTraceInitVar' : [ 0x170, ['_RTL_RUN_ONCE']],
+    'CommitLimitData' : [ 0x178, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+    'FrontEndHeap' : [ 0x198, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x1a0, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x1a2, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0x1a3, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0x1a8, ['pointer64', ['wchar']]],
+    'FrontEndHeapMaximumIndex' : [ 0x1b0, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0x1b2, ['array', 129, ['unsigned char']]],
+    'Counters' : [ 0x238, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x2b0, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1f1f' : [ 0x68, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x68, {
+    'Lock' : [ 0x0, ['__unnamed_1f1f']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_HP_PADDING_HEADER' : [ 0x10, {
+    'PaddingSize' : [ 0x0, ['unsigned long long']],
+    'Spare' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_LARGE_ALLOC_DATA' : [ 0x28, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'VirtualAddress' : [ 0x18, ['unsigned long long']],
+    'UnusedBytes' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'ExtraPresent' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'GuardPageCount' : [ 0x20, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'GuardPageAlignment' : [ 0x20, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned long long')]],
+    'Spare' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long long')]],
+    'AllocatedPages' : [ 0x20, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_1f78' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1f7a' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1f78']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1f7c' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1f7e' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1f7c']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_1f7a']],
+    'u2' : [ 0x4, ['__unnamed_1f7e']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x38, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
+    'CleanupProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x28, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x30, ['unsigned long long']],
+} ],
+  '__unnamed_1f97' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1f99' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1f97']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x30, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_1f99']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1fad' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1faf' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1fad']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_1faf']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1fb8' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1fba' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1fb8']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_1fba']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1fc0' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemSpace' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_1fc2' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1fc0']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_1fc2']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1fe0' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1fe2' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1fe0']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1d8, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0xd0, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0xe8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xf8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xf8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0x100, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0x148, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x150, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0x168, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0x170, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x178, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x180, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x190, ['long']],
+    'ReferenceNo' : [ 0x194, ['long']],
+    'ReferenceNoWait' : [ 0x198, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0x1a0, ['__unnamed_1fe2']],
+    'TargetQueuePort' : [ 0x1a8, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x1b0, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x1b8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x1c0, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x1c4, ['unsigned long']],
+    'PendingQueueLength' : [ 0x1c8, ['unsigned long']],
+    'DirectQueueLength' : [ 0x1cc, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x1d0, ['unsigned long']],
+    'WaitQueueLength' : [ 0x1d4, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x28, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x48, ['unsigned long long']],
+    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x58, ['pointer64', ['void']]],
+    'ListSize' : [ 0x60, ['unsigned long long']],
+    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x70, ['unsigned long long']],
+    'Data' : [ 0x78, ['pointer64', ['void']]],
+    'DataSize' : [ 0x80, ['unsigned long long']],
+    'BitmapLimit' : [ 0x88, ['unsigned long']],
+    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
+    'AttributeFlags' : [ 0x94, ['unsigned long']],
+    'AttributeSize' : [ 0x98, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0xd8, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xc0, ['unsigned long']],
+    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x18, ['long']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1f7a']],
+    'u2' : [ 0x4, ['__unnamed_1f7e']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2008' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_200a' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_2008']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x118, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'u1' : [ 0x28, ['__unnamed_200a']],
+    'SequenceNo' : [ 0x2c, ['long']],
+    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
+    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x48, ['long']],
+    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xb0, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xb8, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xc0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xc8, ['pointer64', ['_ETHREAD']]],
+    'WakeReference' : [ 0xd0, ['pointer64', ['void']]],
+    'WakeReference2' : [ 0xd8, ['pointer64', ['void']]],
+    'ExtensionBuffer' : [ 0xe0, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0xe8, ['unsigned long long']],
+    'PortMessage' : [ 0xf0, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x40, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x28, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'TotalLength' : [ 0x34, ['unsigned short']],
+    'Type' : [ 0x36, ['unsigned short']],
+    'DataInfoOffset' : [ 0x38, ['unsigned short']],
+    'SignalCompletion' : [ 0x3a, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x3b, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x28, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x20, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x30, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x48, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x38, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x40, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_204d' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_204f' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_204d']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_204f']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'DirectType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'EventReferenced' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'EventObjectBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '__unnamed_2098' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UserFlags' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 32, native_type='unsigned long long')]],
+    'SystemFlags' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 48, native_type='unsigned long long')]],
+    'UserFlagsId' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x40, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
+    'DiskIoAttributionHandle' : [ 0x10, ['unsigned long long']],
+    'ActivityId' : [ 0x18, ['_GUID']],
+    'Timestamp' : [ 0x28, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x28, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x28, ['pointer64', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x30, ['long long']],
+    'AdapterCryptoParameters' : [ 0x28, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+    'DriverFlags' : [ 0x38, ['__unnamed_2098']],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x58, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 9, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x70, ['pointer64', ['void']]],
+    'CreateFileType' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x80, ['pointer64', ['void']]],
+    'Override' : [ 0x88, ['unsigned char']],
+    'QueryOnly' : [ 0x89, ['unsigned char']],
+    'DeleteOnly' : [ 0x8a, ['unsigned char']],
+    'FullAttributes' : [ 0x8b, ['unsigned char']],
+    'LocalFileObject' : [ 0x90, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x98, ['unsigned long']],
+    'AccessMode' : [ 0x9c, ['unsigned char']],
+    'DriverCreateContext' : [ 0xa0, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0xcc, ['unsigned long']],
+    'FilterQuery' : [ 0xd0, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_2125' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_2125']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer64', ['wchar']]],
+    'LogFileName' : [ 0x40, ['pointer64', ['wchar']]],
+    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x110, ['unsigned long']],
+    'BuffersLost' : [ 0x114, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x10, {
+    'QueueTail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStatePendingCompression', 5: u'EtwBufferStateCompressed', 6: u'EtwBufferStatePlaceholder', 7: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x540, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'ErrorMarker' : [ 0x1c, ['unsigned long']],
+    'SizeMask' : [ 0x20, ['unsigned long']],
+    'GetCpuClock' : [ 0x28, ['pointer64', ['void']]],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'FailureReason' : [ 0x3c, ['unsigned long']],
+    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x50, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x60, ['_LIST_ENTRY']],
+    'DebugIdTrackingList' : [ 0x70, ['_LIST_ENTRY']],
+    'DecodeControlList' : [ 0x80, ['pointer64', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'DecodeControlCount' : [ 0x88, ['unsigned long']],
+    'BatchedBufferList' : [ 0x90, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x90, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x98, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0xa8, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0xb8, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xc8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xd8, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'FlushThreshold' : [ 0xe4, ['unsigned long']],
+    'ByteOffset' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xf0, ['unsigned long']],
+    'BuffersAvailable' : [ 0xf4, ['long']],
+    'NumberOfBuffers' : [ 0xf8, ['long']],
+    'MaximumBuffers' : [ 0xfc, ['unsigned long']],
+    'EventsLost' : [ 0x100, ['unsigned long']],
+    'PeakBuffersCount' : [ 0x104, ['long']],
+    'BuffersWritten' : [ 0x108, ['unsigned long']],
+    'LogBuffersLost' : [ 0x10c, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0x110, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0x114, ['unsigned long']],
+    'SequencePtr' : [ 0x118, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x120, ['unsigned long']],
+    'InstanceGuid' : [ 0x124, ['_GUID']],
+    'MaximumFileSize' : [ 0x134, ['unsigned long']],
+    'FileCounter' : [ 0x138, ['long']],
+    'PoolType' : [ 0x13c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x140, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0x150, ['long']],
+    'ProviderInfoSize' : [ 0x154, ['unsigned long']],
+    'Consumers' : [ 0x158, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x168, ['unsigned long']],
+    'TransitionConsumer' : [ 0x170, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x178, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x180, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x190, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x198, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x1a0, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x1a8, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x1b0, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1b8, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1c0, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1d0, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1d8, ['_KEVENT']],
+    'FlushEvent' : [ 0x1f0, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x208, ['_KTIMER']],
+    'LoggerDpc' : [ 0x248, ['_KDPC']],
+    'LoggerMutex' : [ 0x288, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2c8, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2c8, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2d0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x318, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x320, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x328, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x330, ['pointer64', ['void']]],
+    'BufferSequenceNumber' : [ 0x338, ['long long']],
+    'Flags' : [ 0x340, ['unsigned long']],
+    'Persistent' : [ 0x340, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x340, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x340, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x340, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x340, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x340, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x340, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x340, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x340, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x340, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x340, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x340, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x340, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x340, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x340, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LastBranchTracing' : [ 0x340, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x340, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x340, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProviderTracking' : [ 0x340, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessorTrace' : [ 0x340, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'QpcDeltaTracking' : [ 0x340, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'MarkerBufferSaved' : [ 0x340, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x340, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x344, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x344, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x344, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x344, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x344, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x344, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x344, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x344, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x344, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x344, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'StackTraceBlock' : [ 0x350, ['_ETW_STACK_TRACE_BLOCK']],
+    'HookIdMap' : [ 0x3d0, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x3e0, ['pointer64', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x3e8, ['pointer64', ['_ETW_PMC_SUPPORT']]],
+    'LbrData' : [ 0x3f0, ['pointer64', ['_ETW_LBR_SUPPORT']]],
+    'IptData' : [ 0x3f8, ['pointer64', ['_ETW_IPT_SUPPORT']]],
+    'BinaryTrackingList' : [ 0x400, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x410, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x418, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x428, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x430, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x440, ['pointer64', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x448, ['Enumeration', dict(target = 'long', choices = {0: u'EtwpPeriodicTimerUnset', 1: u'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x450, ['pointer64', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x458, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x460, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x480, ['long']],
+    'CompressionLock' : [ 0x488, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x490, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x498, ['pointer64', ['void']]],
+    'CompressionOn' : [ 0x4a0, ['long']],
+    'CompressionRatioGuess' : [ 0x4a4, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x4a8, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x4ac, ['Enumeration', dict(target = 'long', choices = {0: u'EtwCompressionModeRestart', 1: u'EtwCompressionModeNoDisable', 2: u'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x4b0, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x4b8, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x4f8, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x500, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x508, ['_LARGE_INTEGER']],
+    'ReferenceQpcDelta' : [ 0x510, ['long long']],
+    'CallbackContext' : [ 0x518, ['pointer64', ['_ETW_EVENT_CALLBACK_CONTEXT']]],
+    'LastDroppedTime' : [ 0x520, ['pointer64', ['_LARGE_INTEGER']]],
+    'FlushingLastDroppedTime' : [ 0x528, ['pointer64', ['_LARGE_INTEGER']]],
+    'FlushingSequenceNumber' : [ 0x530, ['long long']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x20, {
+    'Source' : [ 0x0, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x14, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x18, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LBR_SUPPORT' : [ 0x14, {
+    'LbrHandle' : [ 0x0, ['unsigned long']],
+    'LbrOptions' : [ 0x4, ['unsigned long']],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_IPT_SUPPORT' : [ 0x28, {
+    'IptHandle' : [ 0x0, ['pointer64', ['void']]],
+    'IptOption' : [ 0x8, ['unsigned long long']],
+    'EtwHwTraceExtInterface' : [ 0x10, ['pointer64', ['_ETW_HW_TRACE_EXT_INTERFACE']]],
+    'HookIdCount' : [ 0x18, ['unsigned long']],
+    'HookId' : [ 0x1c, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0x11f8, {
+    'Silo' : [ 0x0, ['pointer64', ['_EJOB']]],
+    'SiloGlobals' : [ 0x8, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'MaxLoggers' : [ 0x10, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x18, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x1a8, ['pointer64', ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'EtwpLoggerContext' : [ 0x1b0, ['pointer64', ['pointer64', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x1b8, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0xfb8, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0xfc8, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0xfcc, ['long']],
+    'EtwpSecurityProviderPID' : [ 0xfd0, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0xfd8, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0xff8, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0x1008, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0x1010, ['pointer64', ['_ETW_SILO_TRACING_BLOCK']]],
+    'ContainerRestoreWnfSubscription' : [ 0x1018, ['pointer64', ['_EX_WNF_SUBSCRIPTION']]],
+    'PartitionId' : [ 0x1020, ['_GUID']],
+    'ParentId' : [ 0x1030, ['_GUID']],
+    'QpcOffsetFromRoot' : [ 0x1040, ['_LARGE_INTEGER']],
+    'PartitionType' : [ 0x1048, ['unsigned long']],
+    'SystemLoggerSettings' : [ 0x104c, ['_ETW_SYSTEM_LOGGER_SETTINGS']],
+    'EtwpStartTraceMutex' : [ 0x11c0, ['_KMUTANT']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x30, {
+    'SystemLogonSession' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x10, ['pointer64', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0x18, ['pointer64', ['void']]],
+    'UncSystemPaths' : [ 0x20, ['pointer64', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x28, ['pointer64', ['_CI_NGEN_PATHS']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x498, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc8, ['unsigned long']],
+    'TokenInUse' : [ 0xcc, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
+    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
+    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x310, ['pointer64', ['void']]],
+    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x320, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
+    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
+    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x470, ['pointer64', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x478, ['pointer64', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x480, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x488, ['pointer64', ['void']]],
+    'VariablePart' : [ 0x490, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0xc0, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x30, ['pointer64', ['void']]],
+    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x58, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x80, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0xa0, ['pointer64', ['_EJOB']]],
+    'SiblingAuthId' : [ 0xa8, ['_LUID']],
+    'TokenList' : [ 0xb0, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved2' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved1' : [ 0x1a, ['unsigned short']],
+    'Reserved2' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
+    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x10, {
+    'Footer' : [ 0x0, ['pointer64', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x30, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x20, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x10, {
+    'Context1' : [ 0x0, ['pointer64', ['void']]],
+    'Context2' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x10, ['pointer64', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0x18, ['unsigned char']],
+    'Padding1' : [ 0x19, ['array', 3, ['unsigned char']]],
+    'Padding2' : [ 0x1c, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0x18, ['unsigned long']],
+    'HashIndex' : [ 0x1c, ['unsigned short']],
+    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
+    'LockedExclusive' : [ 0x1f, ['unsigned char']],
+    'LockStateSignature' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x158, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x138, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0x140, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x148, ['pointer64', ['void']]],
+    'Flags' : [ 0x150, ['unsigned long']],
+    'SessionId' : [ 0x154, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x2e0, {
+    'SystemDeviceMap' : [ 0x0, ['pointer64', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x8, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x80, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0x18, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x430, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x10, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
+    'ErrorCount' : [ 0x18, ['long']],
+    'RecordCount' : [ 0x1c, ['unsigned long']],
+    'RecordLength' : [ 0x20, ['unsigned long']],
+    'PoolTag' : [ 0x24, ['unsigned long']],
+    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x38, ['pointer64', ['void']]],
+    'SectionCount' : [ 0x40, ['unsigned long']],
+    'SectionLength' : [ 0x44, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
+    'TotalErrors' : [ 0x54, ['unsigned long']],
+    'Deferred' : [ 0x58, ['unsigned char']],
+    'Busy' : [ 0x5c, ['long']],
+    'Descriptor' : [ 0x60, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x10, ['unsigned long']],
+    'ProcessorNumber' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x1c, ['long']],
+    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_WNF_NODE_HEADER' : [ 0x4, {
+    'NodeTypeCode' : [ 0x0, ['unsigned short']],
+    'NodeByteSize' : [ 0x2, ['unsigned short']],
+} ],
+  '_WNF_LOCK' : [ 0x8, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  '_WNF_STATE_NAME_STRUCT' : [ 0x8, {
+    'Version' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NameLifetime' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long long')]],
+    'DataScope' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 10, native_type='unsigned long long')]],
+    'PermanentData' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WNF_SCOPE_INSTANCE' : [ 0x50, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'DataScope' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WnfDataScopeSystem', 1: u'WnfDataScopeSession', 2: u'WnfDataScopeUser', 3: u'WnfDataScopeProcess', 4: u'WnfDataScopeMachine'})]],
+    'InstanceIdSize' : [ 0x14, ['unsigned long']],
+    'InstanceIdData' : [ 0x18, ['pointer64', ['void']]],
+    'ResolverListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'NameSetLock' : [ 0x30, ['_WNF_LOCK']],
+    'NameSet' : [ 0x38, ['_RTL_AVL_TREE']],
+    'PermanentDataStore' : [ 0x40, ['pointer64', ['void']]],
+    'VolatilePermanentDataStore' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_WNF_NAME_INSTANCE' : [ 0xa8, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'TreeLinks' : [ 0x10, ['_RTL_BALANCED_NODE']],
+    'StateName' : [ 0x28, ['_WNF_STATE_NAME_STRUCT']],
+    'ScopeInstance' : [ 0x30, ['pointer64', ['_WNF_SCOPE_INSTANCE']]],
+    'StateNameInfo' : [ 0x38, ['_WNF_STATE_NAME_REGISTRATION']],
+    'StateDataLock' : [ 0x50, ['_WNF_LOCK']],
+    'StateData' : [ 0x58, ['pointer64', ['_WNF_STATE_DATA']]],
+    'CurrentChangeStamp' : [ 0x60, ['unsigned long']],
+    'PermanentDataStore' : [ 0x68, ['pointer64', ['void']]],
+    'StateSubscriptionListLock' : [ 0x70, ['_WNF_LOCK']],
+    'StateSubscriptionListHead' : [ 0x78, ['_LIST_ENTRY']],
+    'TemporaryNameListEntry' : [ 0x88, ['_LIST_ENTRY']],
+    'CreatorProcess' : [ 0x98, ['pointer64', ['_EPROCESS']]],
+    'DataSubscribersCount' : [ 0xa0, ['long']],
+    'CurrentDeliveryCount' : [ 0xa4, ['long']],
+} ],
+  '_WNF_SUBSCRIPTION' : [ 0x88, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'SubscriptionId' : [ 0x10, ['unsigned long long']],
+    'ProcessSubscriptionListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Process' : [ 0x28, ['pointer64', ['_EPROCESS']]],
+    'NameInstance' : [ 0x30, ['pointer64', ['_WNF_NAME_INSTANCE']]],
+    'StateName' : [ 0x38, ['_WNF_STATE_NAME_STRUCT']],
+    'StateSubscriptionListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'CallbackRoutine' : [ 0x50, ['unsigned long long']],
+    'CallbackContext' : [ 0x58, ['pointer64', ['void']]],
+    'CurrentChangeStamp' : [ 0x60, ['unsigned long']],
+    'SubscribedEventSet' : [ 0x64, ['unsigned long']],
+    'PendingSubscriptionListEntry' : [ 0x68, ['_LIST_ENTRY']],
+    'SubscriptionState' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {0: u'WNF_SUB_STATE_QUIESCENT', 1: u'WNF_SUB_STATE_READY_TO_DELIVER', 2: u'WNF_SUB_STATE_IN_DELIVERY', 3: u'WNF_SUB_STATE_RETRY'})]],
+    'SignaledEventSet' : [ 0x7c, ['unsigned long']],
+    'InDeliveryEventSet' : [ 0x80, ['unsigned long']],
+} ],
+  '_WNF_PROCESS_CONTEXT' : [ 0x88, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'WnfProcessesListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'ImplicitScopeInstances' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'TemporaryNamesListLock' : [ 0x38, ['_WNF_LOCK']],
+    'TemporaryNamesListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'ProcessSubscriptionListLock' : [ 0x50, ['_WNF_LOCK']],
+    'ProcessSubscriptionListHead' : [ 0x58, ['_LIST_ENTRY']],
+    'DeliveryPendingListLock' : [ 0x68, ['_WNF_LOCK']],
+    'DeliveryPendingListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'NotificationEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x38, {
+    'ScopeMap' : [ 0x0, ['pointer64', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x8, ['pointer64', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x10, ['pointer64', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x18, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x20, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x28, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x30, ['long long']],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_WNF_DISPATCHER' : [ 0x30, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'State' : [ 0x28, ['long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x20, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x18, ['long']],
+    'HighWaterMark' : [ 0x1c, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x28, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_22dc' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x5000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_22dc']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
+    'NonPagablePages' : [ 0x28, ['unsigned long long']],
+    'CommittedPages' : [ 0x30, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ImageTree' : [ 0x58, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x60, ['unsigned long']],
+    'AttachCount' : [ 0x64, ['unsigned long']],
+    'AttachGate' : [ 0x68, ['_KGATE']],
+    'WsListEntry' : [ 0x80, ['_LIST_ENTRY']],
+    'PagedPoolInfo' : [ 0x90, ['_MM_PAGED_POOL_INFO']],
+    'Session' : [ 0xa8, ['_MMSESSION']],
+    'CombineDomain' : [ 0xc8, ['unsigned long long']],
+    'Vm' : [ 0x100, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0x240, ['_MMWSL_INSTANCE']],
+    'AggregateSessionWs' : [ 0x280, ['_MMSUPPORT_AGGREGATION']],
+    'HeapState' : [ 0x2a0, ['pointer64', ['void']]],
+    'PagedPool' : [ 0x2c0, ['_POOL_DESCRIPTOR']],
+    'DriverUnload' : [ 0x3c0, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'TopLevelPteLockBits' : [ 0x3c8, ['array', 32, ['unsigned long']]],
+    'PageDirectory' : [ 0x448, ['_MMPTE']],
+    'SessionVaLock' : [ 0x450, ['_EX_PUSH_LOCK']],
+    'DynamicVaBitMap' : [ 0x458, ['_RTL_BITMAP_EX']],
+    'DynamicVaHint' : [ 0x468, ['unsigned long long']],
+    'SessionPteLock' : [ 0x470, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x478, ['long']],
+    'PagedPoolPdeCount' : [ 0x47c, ['long']],
+    'DynamicSessionPdeCount' : [ 0x480, ['unsigned long']],
+    'SystemPteInfo' : [ 0x488, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x4e8, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x4f0, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x4f8, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x500, ['unsigned long long']],
+    'PermittedFaultsTree' : [ 0x508, ['_RTL_AVL_TREE']],
+    'IoState' : [ 0x510, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x514, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x518, ['_KEVENT']],
+    'ServerSilo' : [ 0x530, ['pointer64', ['_EJOB']]],
+    'CreateTime' : [ 0x538, ['unsigned long long']],
+    'PoolTags' : [ 0x1000, ['array', 16384, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x260, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x250, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x258, ['unsigned long']],
+} ],
+  '_CMP_VOLUME_CONTEXT' : [ 0x48, {
+    'VolumeContextListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'VolumeManager' : [ 0x10, ['pointer64', ['_CMP_VOLUME_MANAGER']]],
+    'RefCount' : [ 0x18, ['long long']],
+    'VolumeGuid' : [ 0x20, ['_GUID']],
+    'VolumeFileObject' : [ 0x30, ['pointer64', ['void']]],
+    'VolumeContextLock' : [ 0x38, ['_CMSI_RW_LOCK']],
+    'DeviceUsageNotificationSent' : [ 0x40, ['unsigned char']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'ParseProcedureEx' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x60, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0x18, ['unsigned long']],
+    'EntryOffset' : [ 0x18, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0x19, ['unsigned char']],
+    'WaitingBit' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0x1a, ['unsigned char']],
+    'AcquiredBit' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0x1b, ['unsigned char']],
+    'HeadNodeBit' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'SpareFlags' : [ 0x1c, ['unsigned long']],
+    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
+    'InTreeByte' : [ 0x27, ['unsigned char']],
+    'SessionState' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+    'SessionPad' : [ 0x2c, ['unsigned long']],
+    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
+    'EntryLock' : [ 0x50, ['unsigned long long']],
+    'BoostBitmap' : [ 0x58, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+    'SparePad' : [ 0x5c, ['unsigned long']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x78, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x50, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
+    'LastPolledSize' : [ 0x70, ['unsigned long long']],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
+    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_234a' : [ 0x20, {
+    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
+    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
+    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_234d' : [ 0x10, {
+    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0x100, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x30, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x78, ['_KDPC']],
+    'MinorFunction' : [ 0xb8, ['unsigned char']],
+    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0xc0, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
+    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0xd0, ['unsigned char']],
+    'NotifyPEP' : [ 0xd1, ['unsigned char']],
+    'IrpSequenceID' : [ 0xd4, ['long']],
+    'Device' : [ 0xd8, ['__unnamed_234a']],
+    'System' : [ 0xd8, ['__unnamed_234d']],
+    'DStateReason' : [ 0xf8, ['Enumeration', dict(target = 'long', choices = {0: u'PepNotifyDeviceDStateReasonNone', 1: u'PepNotifyDeviceDStateReasonSystemTransition', 2: u'PepNotifyDeviceDStateReasonDfx', 3: u'PepNotifyDeviceDStateReasonMax'})]],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x38, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedBytes' : [ 0x8, ['unsigned long long']],
+    'NonPagedAllocs' : [ 0x10, ['unsigned long long']],
+    'NonPagedFrees' : [ 0x18, ['unsigned long long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+    'PagedAllocs' : [ 0x28, ['unsigned long long']],
+    'PagedFrees' : [ 0x30, ['unsigned long long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_CMP_VOLUME_MANAGER' : [ 0x18, {
+    'VolumeContextListLock' : [ 0x0, ['_CMSI_RW_LOCK']],
+    'VolumeContextListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGK_SILOSTATE' : [ 0x20, {
+    'ErrorPortLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ErrorPort' : [ 0x8, ['pointer64', ['_DBGKP_ERROR_PORT']]],
+    'ErrorProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ErrorPortRegisteredEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x428, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'StrictVetoBias' : [ 0x8, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0xc, ['unsigned long']],
+    'TargetState' : [ 0x10, ['unsigned long']],
+    'ActualState' : [ 0x14, ['unsigned long']],
+    'OldState' : [ 0x18, ['unsigned long']],
+    'OverrideIndex' : [ 0x1c, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0xf0, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x198, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x1a0, ['pointer64', ['void']]],
+    'IdleExecute' : [ 0x1a8, ['pointer64', ['void']]],
+    'IdlePreselect' : [ 0x1b0, ['pointer64', ['void']]],
+    'IdleTest' : [ 0x1b8, ['pointer64', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x1c0, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x1c8, ['pointer64', ['void']]],
+    'IdleCancel' : [ 0x1d0, ['pointer64', ['void']]],
+    'IdleIsHalted' : [ 0x1d8, ['pointer64', ['void']]],
+    'IdleInitiateWake' : [ 0x1e0, ['pointer64', ['void']]],
+    'PrepareInfo' : [ 0x1e8, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0x240, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0x2e8, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0x2f0, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0x2f8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0x308, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0x318, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x330, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MM_PRIVATE_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'FixedLargePageSize' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ZeroFillPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Graphics' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ShadowStack' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x38, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_23a4' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+    'DeviceDriverDescriptor' : [ 0x0, ['_WHEA_DEVICE_DRIVER_DESCRIPTOR']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted', 3: u'WheaErrSrcStateRemoved', 4: u'WheaErrSrcStateRemovePending'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_23a4']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_RTL_HEAP_MEMORY_LIMIT_DATA' : [ 0x20, {
+    'CommitLimitBytes' : [ 0x0, ['unsigned long long']],
+    'CommitLimitFailureCode' : [ 0x8, ['unsigned long long']],
+    'MaxAllocationSizeBytes' : [ 0x10, ['unsigned long long']],
+    'AllocationLimitFailureCode' : [ 0x18, ['unsigned long long']],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x120, {
+    'ProcessCid' : [ 0x0, ['pointer64', ['void']]],
+    'ThreadCid' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x20, ['unsigned long']],
+    'CreateTrace' : [ 0x28, ['array', 30, ['unsigned long long']]],
+    'Count' : [ 0x118, ['long']],
+    'CaptureCount' : [ 0x11c, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ShortThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'IdleStateMax' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ResponsivenessDisableThreshold' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ResponsivenessEnableThreshold' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ResponsivenessDisableTime' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ResponsivenessEnableTime' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ResponsivenessEppCeiling' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ResponsivenessPerfFloor' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x240, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x48, ['pointer64', ['_KDPC']]],
+    'ChildList' : [ 0x50, ['_LIST_ENTRY']],
+    'Parent' : [ 0x60, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ChildOfVgaEnabledBridge' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DecodeIoOnBoot' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x28, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'LockMdlSwitchedTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x10, ['unsigned long long']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Valid' : [ 0x20, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x48, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'EntryDescriptor' : [ 0x20, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x38, ['unsigned long']],
+    'Handles' : [ 0x40, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0xa0, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x18, {
+    'IdealMask' : [ 0x0, ['unsigned long long']],
+    'PreferredMask' : [ 0x8, ['unsigned long long']],
+    'AvailableMask' : [ 0x10, ['unsigned long long']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_MMSESSION' : [ 0x20, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x8, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x10, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x18, ['unsigned long']],
+    'BitmapFailures' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x20, {
+    'CompletionRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'RequestorMode' : [ 0x18, ['unsigned char']],
+    'NestingLevel' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
+    'DirtyPages' : [ 0x0, ['unsigned long long']],
+    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
+    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SK_CRASH_MINIDUMP' : [ 0x1000, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'ModuleCount' : [ 0x8, ['unsigned long']],
+    'FrameCount' : [ 0xc, ['unsigned long']],
+    'Modules' : [ 0x10, ['array', 16, ['_SK_CRASH_MODULE']]],
+    'StackFrames' : [ 0x490, ['array', 366, ['_SK_CRASH_STACK_FRAME']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_SK_CRASH_STACK_FRAME' : [ 0x8, {
+    'ModuleId' : [ 0x0, ['unsigned long']],
+    'Rva' : [ 0x4, ['unsigned long']],
+    'Pc' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DEVICE_MAP' : [ 0x48, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x40, ['pointer64', ['_EJOB']]],
+} ],
+  '_RTL_BITMAP_EX' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ColdPage' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long long')]],
+    'ExecutePrivilege' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x8, ['pointer64', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x10, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x18, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'ReservedForHardware' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'ReservedForSoftware' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'WsleProtection' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SessionHeapInitialized' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SessionHeapDestroyed' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x28, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer64', ['void']]],
+    'OverQuotaHistory' : [ 0x8, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x20, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_PO_DIRECTED_DRIPS_STATE' : [ 0x38, {
+    'QueueLink' : [ 0x0, ['_LIST_ENTRY']],
+    'VisitedQueueLink' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'CachedFlags' : [ 0x24, ['unsigned long']],
+    'DeviceUsageCount' : [ 0x28, ['unsigned long']],
+    'Diagnostic' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '__unnamed_2461' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x90, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_2461']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'WritesOutstanding' : [ 0x1c, ['unsigned long']],
+    'EvictFlushLock' : [ 0x20, ['long']],
+    'EvictionThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x30, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x50, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x60, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x78, ['pointer64', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x80, ['pointer64', ['_EPROCESS']]],
+    'DeleteStoredPages' : [ 0x88, ['unsigned long']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x2b0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+    'IdleStateMax' : [ 0x2e, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x88, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x10, ['unsigned long long']],
+    'ItemCount' : [ 0x18, ['long']],
+    'Dpc' : [ 0x20, ['_KDPC']],
+    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x8, {
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2489' : [ 0x4, {
+    'PageAlignLargeAllocs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableDelayFree' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_RTL_HP_VS_CONFIG' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_2489']],
+} ],
+  '_EXHANDLE' : [ 0x8, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_FAST_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['wchar']]],
+    'DriverName' : [ 0x50, ['pointer64', ['wchar']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x270, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x48, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'SecureInfo' : [ 0x8, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'InPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x8, ['_MI_LARGEPAGE_VAD_INFO']],
+    'CreatingThread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'PebTeb' : [ 0x8, ['_MI_SUB64K_FREE_RANGES']],
+    'PlaceholderVad' : [ 0x8, ['pointer64', ['_MMVAD_SHORT']]],
+    'WaitReason' : [ 0x40, ['unsigned long']],
+} ],
+  '__unnamed_24b7' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_24ba' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0x18, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0x18, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0x18, ['pointer64', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x20, ['__unnamed_24b7']],
+    'StartingSector' : [ 0x24, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x28, ['unsigned long']],
+    'PtesInSubsection' : [ 0x2c, ['unsigned long']],
+    'u1' : [ 0x30, ['__unnamed_24ba']],
+    'UnusedPtes' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x34, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['unsigned long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
+    'NodeTargetCount' : [ 0x38, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x68, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'Reserved2' : [ 0x18, ['unsigned long']],
+    'Reserved3' : [ 0x20, ['array', 4, ['pointer64', ['void']]]],
+    'Reserved4' : [ 0x40, ['array', 4, ['unsigned long']]],
+    'Reserved5' : [ 0x50, ['pointer64', ['void']]],
+    'Reserved6' : [ 0x58, ['array', 2, ['pointer64', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x10, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x50, {
+    'LsaProcessHandle' : [ 0x0, ['pointer64', ['void']]],
+    'LsaCommandPortHandle' : [ 0x8, ['pointer64', ['void']]],
+    'SepRmThreadHandle' : [ 0x10, ['pointer64', ['void']]],
+    'RmCommandPortHandle' : [ 0x18, ['pointer64', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x20, ['pointer64', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x28, ['pointer64', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x30, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x38, ['pointer64', ['void']]],
+    'RmViewPortMemory' : [ 0x40, ['pointer64', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x48, ['long']],
+    'LsaCommandPortActive' : [ 0x4c, ['unsigned char']],
+} ],
+  '_MM_GRAPHICS_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'FixedLargePageSize' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ZeroFillPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'GraphicsAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'GraphicsUseCoherentBus' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'GraphicsPageProtection' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 29, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x30, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x10, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0x18, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0xf8, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xa8, ['_UNICODE_STRING']],
+    'Latency' : [ 0xb8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xbc, ['unsigned long']],
+    'Power' : [ 0xc0, ['unsigned long']],
+    'StateFlags' : [ 0xc4, ['unsigned long']],
+    'VetoAccounting' : [ 0xc8, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0xf0, ['unsigned char']],
+    'InterruptsEnabled' : [ 0xf1, ['unsigned char']],
+    'Interruptible' : [ 0xf2, ['unsigned char']],
+    'ContextRetained' : [ 0xf3, ['unsigned char']],
+    'CacheCoherent' : [ 0xf4, ['unsigned char']],
+    'WakesSpuriously' : [ 0xf5, ['unsigned char']],
+    'PlatformOnly' : [ 0xf6, ['unsigned char']],
+    'NoCState' : [ 0xf7, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_EX_HEAP_SESSION_STATE' : [ 0x38f0, {
+    'HeapManager' : [ 0x0, ['_RTLP_HP_HEAP_MANAGER']],
+    'PagedEnv' : [ 0x38d0, ['RTL_HP_ENV_HANDLE']],
+    'PagedHeap' : [ 0x38e0, ['pointer64', ['_SEGMENT_HEAP']]],
+    'SpecialPoolHeap' : [ 0x38e8, ['pointer64', ['_SEGMENT_HEAP']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_24f8' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsBootDriver' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_24fa' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_24f8']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x120, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_24fa']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'SeSigningLevel' : [ 0x30, ['unsigned char']],
+    'PoolPageHeaders' : [ 0x40, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x50, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x60, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x64, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x68, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x6c, ['unsigned long']],
+    'PagedBytes' : [ 0x70, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x78, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x80, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x88, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x90, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x94, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x98, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x9c, ['unsigned long']],
+    'AllocationsFailed' : [ 0xa0, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0xa4, ['unsigned long']],
+    'LockedBytes' : [ 0xa8, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xb0, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xb8, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xc0, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xc8, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xd0, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xd8, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xe0, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xe8, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xf0, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0xf8, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x108, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x10c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x110, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x114, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x118, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x11c, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Luid' : [ 0x20, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x28, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x30, ['unsigned char']],
+} ],
+  '__unnamed_2502' : [ 0x8, {
+    'ImageFileExtents' : [ 0x0, ['pointer64', ['void']]],
+    'ImageFileExtentsUlongPtr' : [ 0x0, ['unsigned long long']],
+    'FilesystemWantsRva' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x40, {
+    'ProtosNode' : [ 0x0, ['_MI_PROTOTYPE_PTES_NODE']],
+    'DynamicRelocations' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityContext' : [ 0x28, ['_IMAGE_SECURITY_CONTEXT']],
+    'u1' : [ 0x30, ['__unnamed_2502']],
+    'StrongImageReference' : [ 0x38, ['unsigned long long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderEnclaveMemory', 34: u'LoaderFirmwareKsr', 35: u'LoaderEnclaveKsr', 36: u'LoaderSkMemory', 37: u'LoaderSkFirmwareReserved', 38: u'LoaderIoSpaceMemoryZeroed', 39: u'LoaderIoSpaceMemoryFree', 40: u'LoaderIoSpaceMemoryKsr', 41: u'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_DELAY_ACK_FO' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_WNF_SCOPE_MAP' : [ 0x90, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'SystemScopeInstance' : [ 0x8, ['pointer64', ['_WNF_SCOPE_INSTANCE']]],
+    'MachineScopeInstance' : [ 0x10, ['pointer64', ['_WNF_SCOPE_INSTANCE']]],
+    'ByDataScope' : [ 0x18, ['array', 5, ['_WNF_SCOPE_MAP_ENTRY']]],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SchedulerAssist' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0xa0, {
+    'As32Bit' : [ 0x0, ['_PEBS_DS_SAVE_AREA32']],
+    'As64Bit' : [ 0x0, ['_PEBS_DS_SAVE_AREA64']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x20, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
+    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
+    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
+    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
+    'AvailableHistory' : [ 0x30, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x90, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'Count' : [ 0x28, ['unsigned long long']],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Who' : [ 0x38, ['unsigned long']],
+    'Hash' : [ 0x3c, ['unsigned long']],
+    'Page' : [ 0x40, ['unsigned long long']],
+    'StackTrace' : [ 0x48, ['array', 8, ['pointer64', ['void']]]],
+    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_WNF_STATE_NAME_REGISTRATION' : [ 0x18, {
+    'MaxStateSize' : [ 0x0, ['unsigned long']],
+    'TypeId' : [ 0x8, ['pointer64', ['_WNF_TYPE_ID']]],
+    'SecurityDescriptor' : [ 0x10, ['pointer64', ['_SECURITY_DESCRIPTOR']]],
+} ],
+  '_MMSECTION_FLAGS2' : [ 0x4, {
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'NoCrossPartitionAccess' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SubsectionCrossPartitionReferenceOverflow' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  'HAL_PRIVATE_DISPATCH' : [ 0x4a0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'HalHandlerForBus' : [ 0x8, ['pointer64', ['void']]],
+    'HalHandlerForConfigSpace' : [ 0x10, ['pointer64', ['void']]],
+    'HalLocateHiberRanges' : [ 0x18, ['pointer64', ['void']]],
+    'HalRegisterBusHandler' : [ 0x20, ['pointer64', ['void']]],
+    'HalSetWakeEnable' : [ 0x28, ['pointer64', ['void']]],
+    'HalSetWakeAlarm' : [ 0x30, ['pointer64', ['void']]],
+    'HalPciTranslateBusAddress' : [ 0x38, ['pointer64', ['void']]],
+    'HalPciAssignSlotResources' : [ 0x40, ['pointer64', ['void']]],
+    'HalHaltSystem' : [ 0x48, ['pointer64', ['void']]],
+    'HalFindBusAddressTranslation' : [ 0x50, ['pointer64', ['void']]],
+    'HalResetDisplay' : [ 0x58, ['pointer64', ['void']]],
+    'HalAllocateMapRegisters' : [ 0x60, ['pointer64', ['void']]],
+    'KdSetupPciDeviceForDebugging' : [ 0x68, ['pointer64', ['void']]],
+    'KdReleasePciDeviceForDebugging' : [ 0x70, ['pointer64', ['void']]],
+    'KdGetAcpiTablePhase0' : [ 0x78, ['pointer64', ['void']]],
+    'KdCheckPowerButton' : [ 0x80, ['pointer64', ['void']]],
+    'HalVectorToIDTEntry' : [ 0x88, ['pointer64', ['void']]],
+    'KdMapPhysicalMemory64' : [ 0x90, ['pointer64', ['void']]],
+    'KdUnmapVirtualAddress' : [ 0x98, ['pointer64', ['void']]],
+    'KdGetPciDataByOffset' : [ 0xa0, ['pointer64', ['void']]],
+    'KdSetPciDataByOffset' : [ 0xa8, ['pointer64', ['void']]],
+    'HalGetInterruptVectorOverride' : [ 0xb0, ['pointer64', ['void']]],
+    'HalGetVectorInputOverride' : [ 0xb8, ['pointer64', ['void']]],
+    'HalLoadMicrocode' : [ 0xc0, ['pointer64', ['void']]],
+    'HalUnloadMicrocode' : [ 0xc8, ['pointer64', ['void']]],
+    'HalPostMicrocodeUpdate' : [ 0xd0, ['pointer64', ['void']]],
+    'HalAllocateMessageTargetOverride' : [ 0xd8, ['pointer64', ['void']]],
+    'HalFreeMessageTargetOverride' : [ 0xe0, ['pointer64', ['void']]],
+    'HalDpReplaceBegin' : [ 0xe8, ['pointer64', ['void']]],
+    'HalDpReplaceTarget' : [ 0xf0, ['pointer64', ['void']]],
+    'HalDpReplaceControl' : [ 0xf8, ['pointer64', ['void']]],
+    'HalDpReplaceEnd' : [ 0x100, ['pointer64', ['void']]],
+    'HalPrepareForBugcheck' : [ 0x108, ['pointer64', ['void']]],
+    'HalQueryWakeTime' : [ 0x110, ['pointer64', ['void']]],
+    'HalReportIdleStateUsage' : [ 0x118, ['pointer64', ['void']]],
+    'HalTscSynchronization' : [ 0x120, ['pointer64', ['void']]],
+    'HalWheaInitProcessorGenericSection' : [ 0x128, ['pointer64', ['void']]],
+    'HalStopLegacyUsbInterrupts' : [ 0x130, ['pointer64', ['void']]],
+    'HalReadWheaPhysicalMemory' : [ 0x138, ['pointer64', ['void']]],
+    'HalWriteWheaPhysicalMemory' : [ 0x140, ['pointer64', ['void']]],
+    'HalDpMaskLevelTriggeredInterrupts' : [ 0x148, ['pointer64', ['void']]],
+    'HalDpUnmaskLevelTriggeredInterrupts' : [ 0x150, ['pointer64', ['void']]],
+    'HalDpGetInterruptReplayState' : [ 0x158, ['pointer64', ['void']]],
+    'HalDpReplayInterrupts' : [ 0x160, ['pointer64', ['void']]],
+    'HalQueryIoPortAccessSupported' : [ 0x168, ['pointer64', ['void']]],
+    'KdSetupIntegratedDeviceForDebugging' : [ 0x170, ['pointer64', ['void']]],
+    'KdReleaseIntegratedDeviceForDebugging' : [ 0x178, ['pointer64', ['void']]],
+    'HalGetEnlightenmentInformation' : [ 0x180, ['pointer64', ['void']]],
+    'HalAllocateEarlyPages' : [ 0x188, ['pointer64', ['void']]],
+    'HalMapEarlyPages' : [ 0x190, ['pointer64', ['void']]],
+    'Dummy1' : [ 0x198, ['pointer64', ['void']]],
+    'Dummy2' : [ 0x1a0, ['pointer64', ['void']]],
+    'HalNotifyProcessorFreeze' : [ 0x1a8, ['pointer64', ['void']]],
+    'HalPrepareProcessorForIdle' : [ 0x1b0, ['pointer64', ['void']]],
+    'HalRegisterLogRoutine' : [ 0x1b8, ['pointer64', ['void']]],
+    'HalResumeProcessorFromIdle' : [ 0x1c0, ['pointer64', ['void']]],
+    'Dummy' : [ 0x1c8, ['pointer64', ['void']]],
+    'HalVectorToIDTEntryEx' : [ 0x1d0, ['pointer64', ['void']]],
+    'HalSecondaryInterruptQueryPrimaryInformation' : [ 0x1d8, ['pointer64', ['void']]],
+    'HalMaskInterrupt' : [ 0x1e0, ['pointer64', ['void']]],
+    'HalUnmaskInterrupt' : [ 0x1e8, ['pointer64', ['void']]],
+    'HalIsInterruptTypeSecondary' : [ 0x1f0, ['pointer64', ['void']]],
+    'HalAllocateGsivForSecondaryInterrupt' : [ 0x1f8, ['pointer64', ['void']]],
+    'HalAddInterruptRemapping' : [ 0x200, ['pointer64', ['void']]],
+    'HalRemoveInterruptRemapping' : [ 0x208, ['pointer64', ['void']]],
+    'HalSaveAndDisableHvEnlightenment' : [ 0x210, ['pointer64', ['void']]],
+    'HalRestoreHvEnlightenment' : [ 0x218, ['pointer64', ['void']]],
+    'HalFlushIoBuffersExternalCache' : [ 0x220, ['pointer64', ['void']]],
+    'HalFlushExternalCache' : [ 0x228, ['pointer64', ['void']]],
+    'HalPciEarlyRestore' : [ 0x230, ['pointer64', ['void']]],
+    'HalGetProcessorId' : [ 0x238, ['pointer64', ['void']]],
+    'HalAllocatePmcCounterSet' : [ 0x240, ['pointer64', ['void']]],
+    'HalCollectPmcCounters' : [ 0x248, ['pointer64', ['void']]],
+    'HalFreePmcCounterSet' : [ 0x250, ['pointer64', ['void']]],
+    'HalProcessorHalt' : [ 0x258, ['pointer64', ['void']]],
+    'HalTimerQueryCycleCounter' : [ 0x260, ['pointer64', ['void']]],
+    'Dummy3' : [ 0x268, ['pointer64', ['void']]],
+    'HalPciMarkHiberPhase' : [ 0x270, ['pointer64', ['void']]],
+    'HalQueryProcessorRestartEntryPoint' : [ 0x278, ['pointer64', ['void']]],
+    'HalRequestInterrupt' : [ 0x280, ['pointer64', ['void']]],
+    'HalEnumerateUnmaskedInterrupts' : [ 0x288, ['pointer64', ['void']]],
+    'HalFlushAndInvalidatePageExternalCache' : [ 0x290, ['pointer64', ['void']]],
+    'KdEnumerateDebuggingDevices' : [ 0x298, ['pointer64', ['void']]],
+    'HalFlushIoRectangleExternalCache' : [ 0x2a0, ['pointer64', ['void']]],
+    'HalPowerEarlyRestore' : [ 0x2a8, ['pointer64', ['void']]],
+    'HalQueryCapsuleCapabilities' : [ 0x2b0, ['pointer64', ['void']]],
+    'HalUpdateCapsule' : [ 0x2b8, ['pointer64', ['void']]],
+    'HalPciMultiStageResumeCapable' : [ 0x2c0, ['pointer64', ['void']]],
+    'HalDmaFreeCrashDumpRegisters' : [ 0x2c8, ['pointer64', ['void']]],
+    'HalAcpiAoacCapable' : [ 0x2d0, ['pointer64', ['void']]],
+    'HalInterruptSetDestination' : [ 0x2d8, ['pointer64', ['void']]],
+    'HalGetClockConfiguration' : [ 0x2e0, ['pointer64', ['void']]],
+    'HalClockTimerActivate' : [ 0x2e8, ['pointer64', ['void']]],
+    'HalClockTimerInitialize' : [ 0x2f0, ['pointer64', ['void']]],
+    'HalClockTimerStop' : [ 0x2f8, ['pointer64', ['void']]],
+    'HalClockTimerArm' : [ 0x300, ['pointer64', ['void']]],
+    'HalTimerOnlyClockInterruptPending' : [ 0x308, ['pointer64', ['void']]],
+    'HalAcpiGetMultiNode' : [ 0x310, ['pointer64', ['void']]],
+    'HalPowerSetRebootHandler' : [ 0x318, ['pointer64', ['void']]],
+    'HalIommuRegisterDispatchTable' : [ 0x320, ['pointer64', ['void']]],
+    'HalTimerWatchdogStart' : [ 0x328, ['pointer64', ['void']]],
+    'HalTimerWatchdogResetCountdown' : [ 0x330, ['pointer64', ['void']]],
+    'HalTimerWatchdogStop' : [ 0x338, ['pointer64', ['void']]],
+    'HalTimerWatchdogGeneratedLastReset' : [ 0x340, ['pointer64', ['void']]],
+    'HalTimerWatchdogTriggerSystemReset' : [ 0x348, ['pointer64', ['void']]],
+    'HalInterruptVectorDataToGsiv' : [ 0x350, ['pointer64', ['void']]],
+    'HalInterruptGetHighestPriorityInterrupt' : [ 0x358, ['pointer64', ['void']]],
+    'HalProcessorOn' : [ 0x360, ['pointer64', ['void']]],
+    'HalProcessorOff' : [ 0x368, ['pointer64', ['void']]],
+    'HalProcessorFreeze' : [ 0x370, ['pointer64', ['void']]],
+    'HalDmaLinkDeviceObjectByToken' : [ 0x378, ['pointer64', ['void']]],
+    'HalDmaCheckAdapterToken' : [ 0x380, ['pointer64', ['void']]],
+    'Dummy4' : [ 0x388, ['pointer64', ['void']]],
+    'HalTimerConvertPerformanceCounterToAuxiliaryCounter' : [ 0x390, ['pointer64', ['void']]],
+    'HalTimerConvertAuxiliaryCounterToPerformanceCounter' : [ 0x398, ['pointer64', ['void']]],
+    'HalTimerQueryAuxiliaryCounterFrequency' : [ 0x3a0, ['pointer64', ['void']]],
+    'HalConnectThermalInterrupt' : [ 0x3a8, ['pointer64', ['void']]],
+    'HalIsEFIRuntimeActive' : [ 0x3b0, ['pointer64', ['void']]],
+    'HalTimerQueryAndResetRtcErrors' : [ 0x3b8, ['pointer64', ['void']]],
+    'HalAcpiLateRestore' : [ 0x3c0, ['pointer64', ['void']]],
+    'KdWatchdogDelayExpiration' : [ 0x3c8, ['pointer64', ['void']]],
+    'HalGetProcessorStats' : [ 0x3d0, ['pointer64', ['void']]],
+    'HalTimerWatchdogQueryDueTime' : [ 0x3d8, ['pointer64', ['void']]],
+    'HalConnectSyntheticInterrupt' : [ 0x3e0, ['pointer64', ['void']]],
+    'HalPreprocessNmi' : [ 0x3e8, ['pointer64', ['void']]],
+    'HalEnumerateEnvironmentVariablesWithFilter' : [ 0x3f0, ['pointer64', ['void']]],
+    'HalCaptureLastBranchRecordStack' : [ 0x3f8, ['pointer64', ['void']]],
+    'HalClearLastBranchRecordStack' : [ 0x400, ['pointer64', ['void']]],
+    'HalConfigureLastBranchRecord' : [ 0x408, ['pointer64', ['void']]],
+    'HalGetLastBranchInformation' : [ 0x410, ['pointer64', ['void']]],
+    'HalResumeLastBranchRecord' : [ 0x418, ['pointer64', ['void']]],
+    'HalStartLastBranchRecord' : [ 0x420, ['pointer64', ['void']]],
+    'HalStopLastBranchRecord' : [ 0x428, ['pointer64', ['void']]],
+    'HalIommuBlockDevice' : [ 0x430, ['pointer64', ['void']]],
+    'HalIommuUnblockDevice' : [ 0x438, ['pointer64', ['void']]],
+    'HalGetIommuInterface' : [ 0x440, ['pointer64', ['void']]],
+    'HalRequestGenericErrorRecovery' : [ 0x448, ['pointer64', ['void']]],
+    'HalTimerQueryHostPerformanceCounter' : [ 0x450, ['pointer64', ['void']]],
+    'HalTopologyQueryProcessorRelationships' : [ 0x458, ['pointer64', ['void']]],
+    'HalInitPlatformDebugTriggers' : [ 0x460, ['pointer64', ['void']]],
+    'HalRunPlatformDebugTriggers' : [ 0x468, ['pointer64', ['void']]],
+    'HalTimerGetReferencePage' : [ 0x470, ['pointer64', ['void']]],
+    'HalGetHiddenProcessorPowerInterface' : [ 0x478, ['pointer64', ['void']]],
+    'HalGetHiddenProcessorPackageId' : [ 0x480, ['pointer64', ['void']]],
+    'HalGetHiddenPackageProcessorCount' : [ 0x488, ['pointer64', ['void']]],
+    'HalGetHiddenProcessorApicIdByIndex' : [ 0x490, ['pointer64', ['void']]],
+    'HalRegisterHiddenProcessorIdleState' : [ 0x498, ['pointer64', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KSECURE_FAULT_INFORMATION' : [ 0x10, {
+    'FaultCode' : [ 0x0, ['unsigned long long']],
+    'FaultVa' : [ 0x8, ['unsigned long long']],
+} ],
+  '_WNF_STATE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'AllocatedSize' : [ 0x4, ['unsigned long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'ChangeStamp' : [ 0xc, ['unsigned long']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '__unnamed_2681' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2683' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2681']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2683']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x20, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long long']],
+    'NumberOfProcessReferences' : [ 0x8, ['unsigned long long']],
+    'ClonePtes' : [ 0x10, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x3100, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0xc0, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x400, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x4a0, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x1520, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x1580, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1740, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x1bc0, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0x1be0, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0x1c40, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x1d00, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x1d78, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x1e40, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x1ec0, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x1fe0, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x2080, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x2280, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x22f0, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x2340, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x2400, ['_MI_SYSTEM_TRIM_STATE']],
+    'Cookie' : [ 0x2440, ['unsigned long long']],
+    'BootRegistryRuns' : [ 0x2448, ['pointer64', ['pointer64', ['void']]]],
+    'ZeroingDisabled' : [ 0x2450, ['long']],
+    'FullyInitialized' : [ 0x2454, ['unsigned char']],
+    'SafeBooted' : [ 0x2455, ['unsigned char']],
+    'TraceLogging' : [ 0x2458, ['pointer64', ['_TlgProvider_t']]],
+    'Vs' : [ 0x2480, ['_MI_VISIBLE_STATE']],
+} ],
+  '_CMSI_RW_LOCK' : [ 0x8, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x40, {
+    'ProcessorBuffers' : [ 0x0, ['pointer64', ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x8, ['pointer64', ['unsigned long long']]],
+    'QpcDelta' : [ 0x10, ['pointer64', ['long long']]],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0x1200, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x8, ['unsigned long long']],
+    'NumberOfPhysicalPages' : [ 0x10, ['unsigned long long']],
+    'NumberOfPagingFiles' : [ 0x18, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x1c, ['unsigned char']],
+    'PagingFile' : [ 0x20, ['array', 16, ['pointer64', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0xc0, ['unsigned long long']],
+    'ResidentAvailablePages' : [ 0x100, ['unsigned long long']],
+    'PartitionWs' : [ 0x140, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x200, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x228, ['unsigned long long']],
+    'ModifiedPageListHead' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x280, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x2a8, ['unsigned long long']],
+    'TotalPagesForPagingFile' : [ 0x2b0, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x2b8, ['unsigned long long']],
+    'ProcessLockedFilePages' : [ 0x2c0, ['unsigned long long']],
+    'SharedCommit' : [ 0x2c8, ['unsigned long long']],
+    'SlabAllocatorPages' : [ 0x2d0, ['unsigned long long']],
+    'ChargeCommitmentFailures' : [ 0x2d8, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x2e8, ['long']],
+    'PageFileTraces' : [ 0x2f0, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x38, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'NextId' : [ 0x8, ['unsigned long']],
+    'Items' : [ 0x10, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x20, ['_KEVENT']],
+} ],
+  '_ETW_DECODE_CONTROL_ENTRY' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'Decode' : [ 0x8, ['_GUID']],
+    'Control' : [ 0x18, ['_GUID']],
+    'ConsumersNotified' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_26bf' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_26c1' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_26bf']],
+} ],
+  '__unnamed_26c3' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_26c1']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_26c3']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_26cb' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_26cb']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_26d6' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x28, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
+    'NodeCount' : [ 0x8, ['unsigned long long']],
+    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x18, ['unsigned long']],
+    'UseSessionId' : [ 0x1c, ['unsigned char']],
+    'u1' : [ 0x20, ['__unnamed_26d6']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x140, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0xc0, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x48, {
+    'SystemDllBase' : [ 0x0, ['pointer64', ['void']]],
+    'ColorSeed' : [ 0x8, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0xc, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x28, ['array', 2, ['pointer64', ['_MMPTE']]]],
+    'HypervisorSharedVa' : [ 0x38, ['pointer64', ['void']]],
+    'VadSecureCookie' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_AGGREGATION' : [ 0x20, {
+    'PageFaultCount' : [ 0x0, ['unsigned long']],
+    'WorkingSetSize' : [ 0x8, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x10, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x78, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
+    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
+    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x190, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long long']],
+    'Guid' : [ 0x18, ['_GUID']],
+    'RegListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x40, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x40, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x50, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x70, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x170, ['pointer64', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x178, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x180, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x188, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x158, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['wchar']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['wchar']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'DeleteOwnerRanges' : [ 0x120, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x128, ['unsigned char']],
+    'TransactionEvent' : [ 0x130, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x138, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x140, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x148, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x150, ['pointer64', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_RTLP_HP_HEAP_GLOBALS' : [ 0x38, {
+    'HeapKey' : [ 0x0, ['unsigned long long']],
+    'LfhKey' : [ 0x8, ['unsigned long long']],
+    'FailureInfo' : [ 0x10, ['pointer64', ['_HEAP_FAILURE_INFORMATION']]],
+    'CommitLimitData' : [ 0x18, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0xa0, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'LoadLockOwner' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'LoadLockCount' : [ 0x20, ['unsigned long']],
+    'FixupLock' : [ 0x24, ['long']],
+    'FirstLoadEver' : [ 0x28, ['unsigned char']],
+    'LargePageAll' : [ 0x29, ['unsigned char']],
+    'LastPage' : [ 0x30, ['unsigned long long']],
+    'LargePageList' : [ 0x38, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x48, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x58, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x60, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x68, ['array', 2, ['pointer64', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x78, ['unsigned long long']],
+    'PageCounts' : [ 0x80, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0x90, ['_EX_PUSH_LOCK']],
+    'ImageTree' : [ 0x98, ['_RTL_AVL_TREE']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ExceptionHandlingReady' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ShadowStacksSupported' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AccessBitFenceRequired' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'PfnDatabaseExists' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'DeferredHotAddsCompleted' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'KernelHalLargeSectionAlignment' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_HEAP_VS_DELAY_FREE_CONTEXT' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x68, ['unsigned char']],
+    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x10, ['unsigned long']],
+    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 3, end_bit = 12, native_type='unsigned long')]],
+    'NumberOfRemapPages' : [ 0x14, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x8, {
+    'Head' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x100, {
+    'DriverInit' : [ 0x0, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x8, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x10, ['pointer64', ['void']]],
+    'AddDevice' : [ 0x18, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x20, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0xc0, {
+    'PartitionLock' : [ 0x0, ['unsigned long long']],
+    'PartitionIdLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x10, ['unsigned long long']],
+    'PartitionList' : [ 0x18, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x30, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x40, ['array', 1, ['pointer64', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x48, ['pointer64', ['pointer64', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x50, ['unsigned long long']],
+    'CrossPartitionDenials' : [ 0x58, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x5c, ['unsigned char']],
+    'HugeIoPfnBitMap' : [ 0x60, ['_RTL_BITMAP_EX']],
+    'HugePfnDatabase' : [ 0x70, ['pointer64', ['_MI_HUGE_PFN']]],
+    'HugeRangesLock' : [ 0x80, ['unsigned long long']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x420, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+    'State' : [ 0x40, ['unsigned char']],
+    'Flags' : [ 0x41, ['unsigned char']],
+    'Removing' : [ 0x42, ['unsigned char']],
+    'Mode' : [ 0x43, ['unsigned char']],
+    'PendingMode' : [ 0x44, ['unsigned char']],
+    'ActivePoint' : [ 0x45, ['unsigned char']],
+    'PendingActivePoint' : [ 0x46, ['unsigned char']],
+    'Critical' : [ 0x47, ['unsigned char']],
+    'ThermalStandby' : [ 0x48, ['unsigned char']],
+    'OverThrottled' : [ 0x49, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x4c, ['long']],
+    'Throttle' : [ 0x50, ['long']],
+    'PendingThrottle' : [ 0x54, ['long']],
+    'ThrottleReasons' : [ 0x58, ['unsigned long']],
+    'LastPassiveTime' : [ 0x60, ['unsigned long long']],
+    'SampleRate' : [ 0x68, ['unsigned long']],
+    'LastTemp' : [ 0x6c, ['unsigned long']],
+    'Info' : [ 0x70, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xcc, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xe4, ['unsigned char']],
+    'PollingRate' : [ 0xe8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xf0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xf8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x100, ['unsigned long long']],
+    'WorkItem' : [ 0x108, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0x128, ['_KTIMER2']],
+    'Lock' : [ 0x1b0, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x1c0, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x1d8, ['_KEVENT']],
+    'InstanceId' : [ 0x1f0, ['unsigned long']],
+    'TelemetryTracker' : [ 0x1f8, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x410, ['_UNICODE_STRING']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '__unnamed_27bf' : [ 0x4, {
+    'Bus' : [ 0x0, ['unsigned char']],
+    'Device' : [ 0x1, ['unsigned char']],
+    'Function' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_27c1' : [ 0x2, {
+    'SecondaryBus' : [ 0x0, ['unsigned char']],
+    'SubordinateBus' : [ 0x1, ['unsigned char']],
+} ],
+  '_PCI_BUSMASTER_DESCRIPTOR' : [ 0xc, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusmasterRidFromDeviceRid', 1: u'BusmasterRidFromBridgeRid', 2: u'BusmasterRidFromMultipleBridges'})]],
+    'Segment' : [ 0x4, ['unsigned long']],
+    'DeviceRid' : [ 0x8, ['__unnamed_27bf']],
+    'BridgeRid' : [ 0x8, ['__unnamed_27bf']],
+    'MultipleBridges' : [ 0x8, ['__unnamed_27c1']],
+} ],
+  '_HVP_VIEW_MAP' : [ 0x38, {
+    'SectionReference' : [ 0x0, ['pointer64', ['void']]],
+    'StorageEndFileOffset' : [ 0x8, ['long long']],
+    'SectionEndFileOffset' : [ 0x10, ['long long']],
+    'ProcessTuple' : [ 0x18, ['pointer64', ['_CMSI_PROCESS_TUPLE']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ViewTree' : [ 0x28, ['_RTL_RB_TREE']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x10, {
+    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HAL_LOG_REGISTER_CONTEXT' : [ 0x10, {
+    'LogRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Flag' : [ 0x8, ['unsigned long']],
+} ],
+  '_DEVICE_OBJECT_LIST_ENTRY' : [ 0x18, {
+    'DeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'RELATION_LEVEL_REMOVE_EJECT', 1: u'RELATION_LEVEL_DEPENDENT', 2: u'RELATION_LEVEL_DIRECT_DESCENDANT'})]],
+    'Ordinal' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x8, ['long long']],
+    'SidCount' : [ 0x10, ['unsigned long']],
+    'SidValuesStart' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x18, {
+    'RunRefs' : [ 0x0, ['pointer64', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x8, ['pointer64', ['void']]],
+    'RunRefSize' : [ 0x10, ['unsigned long']],
+    'Number' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
+    'Function' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_27fb' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_27fd' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_27fb']],
+    'Private' : [ 0x0, ['__unnamed_27fd']],
+} ],
+  '_MM_SHARED_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysClear' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'HotPatchAllowed' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+} ],
+  '_CM_TRANS_PTR' : [ 0x8, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'TransPtr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ProcessorOnly' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x38, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x10, ['unsigned long long']],
+    'VolumeKey' : [ 0x18, ['unsigned long long']],
+    'Rundown' : [ 0x20, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x28, ['pointer64', ['void']]],
+    'VolumeIoAttribution' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '__unnamed_2860' : [ 0x8, {
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_2868' : [ 0x8, {
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 18, native_type='unsigned long long')]],
+    'PageState' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long long')]],
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 38, native_type='unsigned long long')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'HasError' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 51, native_type='unsigned long long')]],
+    'NodeNumber' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 57, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_286a' : [ 0x8, {
+    'e1' : [ 0x0, ['__unnamed_2860']],
+    'e2' : [ 0x0, ['__unnamed_2868']],
+} ],
+  '_MI_HUGE_PFN' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_286a']],
+} ],
+  '_RTL_HP_LFH_CONFIG' : [ 0x4, {
+    'MaxBlockSize' : [ 0x0, ['unsigned short']],
+    'WitholdPageCrossingBlocks' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DisableRandomization' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_HEAP_LFH_AFFINITY_SLOT' : [ 0x40, {
+    'State' : [ 0x0, ['_HEAP_LFH_SUBSEGMENT_OWNER']],
+    'ActiveSubsegment' : [ 0x38, ['_HEAP_LFH_FAST_REF']],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x100, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x48, ['unsigned long long']],
+    'BigPagesAllocated' : [ 0x50, ['unsigned long long']],
+    'BytesAllocated' : [ 0x58, ['unsigned long long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x88, ['unsigned long long']],
+    'BigPagesDeallocated' : [ 0x90, ['unsigned long long']],
+    'BytesDeallocated' : [ 0x98, ['unsigned long long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KPRCBFLAG' : [ 0x4, {
+    'PrcbFlags' : [ 0x0, ['long']],
+    'BamQosLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'PendingQosUpdate' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PrcbFlagsReserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_288c' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_288e' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_288c']],
+    'Button' : [ 0x10, ['__unnamed_288e']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
+    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x88, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x18, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x58, ['long long']],
+    'Callback' : [ 0x60, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x68, ['pointer64', ['void']]],
+    'DisableCallback' : [ 0x70, ['pointer64', ['void']]],
+    'DisableContext' : [ 0x78, ['pointer64', ['void']]],
+    'AbsoluteSystemTime' : [ 0x80, ['unsigned char']],
+    'TypeFlags' : [ 0x81, ['unsigned char']],
+    'Unused' : [ 0x81, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x81, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x81, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x81, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x81, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x82, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x1080, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'CodePageEdited' : [ 0x20, ['unsigned char']],
+    'DynamicVaBitBuffer' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'DynamicVaBitBufferPages' : [ 0x30, ['unsigned long long']],
+    'DynamicVaStart' : [ 0x38, ['pointer64', ['void']]],
+    'ImageVaStart' : [ 0x40, ['pointer64', ['void']]],
+    'SystemViewBuckets' : [ 0x48, ['array', 256, ['_MI_HUGE_SYSTEM_VIEW_HEAD']]],
+    'DynamicPtesBitBuffer' : [ 0x1048, ['pointer64', ['unsigned long']]],
+    'IdLock' : [ 0x1050, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x1058, ['pointer64', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x1060, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x1068, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x1070, ['pointer64', ['void']]],
+    'SessionCore' : [ 0x1078, ['pointer64', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x338, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+    'EnabledUserVisibleSupervisorFeatures' : [ 0x330, ['unsigned long long']],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x10, ['pointer64', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'AccessMask' : [ 0x20, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x340, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'UnusedSegmentPagedPool' : [ 0x18, ['unsigned long long']],
+    'DataSectionProtectionMask' : [ 0x20, ['unsigned long']],
+    'HighSectionBase' : [ 0x28, ['pointer64', ['void']]],
+    'PhysicalSubsection' : [ 0x30, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0xc0, ['_CONTROL_AREA']],
+    'PurgingExtentPages' : [ 0x140, ['_MMPFNLIST']],
+    'DanglingExtentPages' : [ 0x168, ['pointer64', ['_MMPFN']]],
+    'DanglingExtentsWorkItem' : [ 0x170, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsDeletionWaitList' : [ 0x190, ['_MI_EXTENT_DELETION_WAIT_BLOCK']],
+    'FileOnlyMemoryPfnsCreated' : [ 0x1b0, ['unsigned char']],
+    'DanglingExtentsWorkerActive' : [ 0x1b1, ['unsigned char']],
+    'PurgingExtentsNeedWatchdog' : [ 0x1b2, ['unsigned char']],
+    'PrototypePtesTree' : [ 0x1b8, ['_RTL_AVL_TREE']],
+    'PrototypePtesTreeSpinLock' : [ 0x1c0, ['long']],
+    'RelocateBitmapsLock' : [ 0x1c8, ['_EX_PUSH_LOCK']],
+    'ImageBitMapNative' : [ 0x1d0, ['_RTL_BITMAP_EX']],
+    'ImageBiasNative' : [ 0x1e0, ['unsigned long long']],
+    'OverflowArea' : [ 0x1e8, ['_MI_DLL_OVERFLOW_AREA']],
+    'Wow' : [ 0x208, ['array', 1, ['_MI_SECTION_WOW_STATE']]],
+    'ImageBiasWow' : [ 0x248, ['unsigned long long']],
+    'ImageBitMapWowScratch' : [ 0x250, ['_RTL_BITMAP_EX']],
+    'ImageBitMap64Low' : [ 0x260, ['_RTL_BITMAP_EX']],
+    'ImageBias64Low' : [ 0x270, ['unsigned long long']],
+    'ApiSetSection' : [ 0x278, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x280, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0x288, ['unsigned long long']],
+    'LostDataFiles' : [ 0x290, ['unsigned long']],
+    'LostDataPages' : [ 0x294, ['unsigned long']],
+    'ImageFailureReason' : [ 0x298, ['unsigned long']],
+    'CfgBitMapSection' : [ 0x2a0, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea' : [ 0x2a8, ['pointer64', ['_CONTROL_AREA']]],
+    'KernelCfgBitMap' : [ 0x2b0, ['_RTL_BITMAP_EX']],
+    'KernelCfgBitMapLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'ImageCfgFailure' : [ 0x2c8, ['unsigned long']],
+    'RetpolineReservePages' : [ 0x2cc, ['unsigned long']],
+    'RetpolineStubMdl' : [ 0x2d0, ['pointer64', ['_MDL']]],
+    'KernelRetpolineBitMap' : [ 0x2d8, ['_RTL_BITMAP_EX']],
+    'RetpolineRoutines' : [ 0x2e8, ['pointer64', ['_RTL_RETPOLINE_ROUTINES']]],
+    'RetpolineRevertPte' : [ 0x2f0, ['pointer64', ['_MMPTE']]],
+    'NonRetpolineImageLoadList' : [ 0x2f8, ['_LIST_ENTRY']],
+    'RetpolineStubPages' : [ 0x308, ['unsigned long']],
+    'ImageBreakpointEnabled' : [ 0x30c, ['unsigned long']],
+    'ImageBreakpointChecksum' : [ 0x310, ['unsigned long']],
+    'ImageBreakpointSize' : [ 0x314, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x318, ['long']],
+    'ImageExtentTree' : [ 0x320, ['_RTL_AVL_TREE']],
+    'ImageExtentTreeLock' : [ 0x328, ['_EX_PUSH_LOCK']],
+    'HotPatchReserveSize' : [ 0x330, ['unsigned long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x28, ['unsigned char']],
+    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x60, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkIdFilter' : [ 0x28, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'StackWalkNameFilter' : [ 0x30, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+    'StackWalkLevelKwFilter' : [ 0x38, ['pointer64', ['_EVENT_FILTER_LEVEL_KW']]],
+    'EventIdFilter' : [ 0x40, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x48, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x50, ['pointer64', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x58, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'ColdPage' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 26, native_type='unsigned long long')]],
+    'ShadowStack' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xa8, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xa4, ['unsigned long']],
+} ],
+  '_HEAP_SEGMENT_MGR_COMMIT_STATE' : [ 0x2, {
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned short')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 14, native_type='unsigned short')]],
+    'LargePageOperationInProgress' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'LargePageCommit' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'EntireUShortV' : [ 0x0, ['unsigned short']],
+    'EntireUShort' : [ 0x0, ['unsigned short']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x7c8, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'SharedData' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'SparePointers' : [ 0x320, ['array', 4, ['pointer64', ['void']]]],
+    'SpareUlongs' : [ 0x340, ['array', 5, ['unsigned long']]],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pUnused' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['pointer64', ['void']]]],
+    'TelemetryCoverageHeader' : [ 0x7a0, ['pointer64', ['void']]],
+    'CloudFileFlags' : [ 0x7a8, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x7ac, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x7b0, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x7b1, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x7b8, ['pointer64', ['_LEAP_SECOND_DATA']]],
+    'LeapSecondFlags' : [ 0x7c0, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x7c0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x7c0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x7c4, ['unsigned long']],
+} ],
+  '_RTL_HP_SEG_ALLOC_POLICY' : [ 0x18, {
+    'MinLargePages' : [ 0x0, ['unsigned long long']],
+    'MaxLargePages' : [ 0x8, ['unsigned long long']],
+    'MinUtilization' : [ 0x10, ['unsigned char']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_2925' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2929' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_2925']],
+    'Bits' : [ 0x4, ['__unnamed_2929']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'DataLow' : [ 0x0, ['long long']],
+    'DataHigh' : [ 0x8, ['long long']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_SYSTEM_LOGGER_SETTINGS' : [ 0x174, {
+    'EtwpSystemLogger' : [ 0x0, ['array', 8, ['_ETW_SYSTEM_LOGGER']]],
+    'EtwpActiveSystemLoggers' : [ 0x10, ['unsigned long']],
+    'SiloGlobalGroupMask' : [ 0x14, ['_PERFINFO_GROUPMASK']],
+    'EtwpGroupMasks' : [ 0x34, ['array', 10, ['_PERFINFO_GROUPMASK']]],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x38, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Vad' : [ 0x20, ['pointer64', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x28, ['unsigned long']],
+    'FullSetBits' : [ 0x2c, ['unsigned long']],
+    'SubListIndex' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_2943' : [ 0x30, {
+    'ApcState' : [ 0x0, ['_KAPC_STATE']],
+    'HardFaultState' : [ 0x0, ['_MI_HARD_FAULT_STATE']],
+} ],
+  '__unnamed_2945' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2948' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x1c0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Event' : [ 0x20, ['_KEVENT']],
+    'CollidedEvent' : [ 0x38, ['_KEVENT']],
+    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
+    'u2' : [ 0x68, ['__unnamed_2943']],
+    'Thread' : [ 0x98, ['pointer64', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0xa0, ['pointer64', ['_MMPFN']]],
+    'PteContents' : [ 0xa8, ['_MMPTE']],
+    'WaitCount' : [ 0xb0, ['long']],
+    'InjectRetry' : [ 0xb4, ['long']],
+    'ByteCount' : [ 0xb8, ['unsigned long']],
+    'u3' : [ 0xbc, ['__unnamed_2945']],
+    'u1' : [ 0xc0, ['__unnamed_2948']],
+    'FilePointer' : [ 0xc8, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xd0, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0xd0, ['pointer64', ['_SUBSECTION']]],
+    'Autoboost' : [ 0xd8, ['pointer64', ['void']]],
+    'FaultingAddress' : [ 0xe0, ['pointer64', ['void']]],
+    'PointerPte' : [ 0xe8, ['pointer64', ['_MMPTE']]],
+    'BasePte' : [ 0xf0, ['pointer64', ['_MMPTE']]],
+    'Pfn' : [ 0xf8, ['pointer64', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x100, ['pointer64', ['_MDL']]],
+    'ProbeCount' : [ 0x108, ['long long']],
+    'Mdl' : [ 0x110, ['_MDL']],
+    'Page' : [ 0x140, ['array', 16, ['unsigned long long']]],
+    'FlowThrough' : [ 0x140, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2958' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_295a' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_295c' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_295e' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2958']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_295a']],
+    'Raw' : [ 0x0, ['__unnamed_295c']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0xc, ['__unnamed_295e']],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x20, {
+    'BaseKcb' : [ 0x0, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x8, ['long']],
+    'ClonedKcbListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset', 25: u'ClearDmaGuardProblem', 26: u'PnpDeviceActionRequestMax'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+    'ActivityId' : [ 0x38, ['_GUID']],
+    'RefCount' : [ 0x48, ['long']],
+    'Dequeued' : [ 0x4c, ['unsigned char']],
+    'CancelLock' : [ 0x50, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x58, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0x180, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x38, ['unsigned char']],
+    'Platform' : [ 0x39, ['unsigned char']],
+    'DependencyListCount' : [ 0x3c, ['unsigned long']],
+    'Processors' : [ 0x40, ['_KAFFINITY_EX']],
+    'Name' : [ 0xe8, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0xf8, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x100, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x108, ['unsigned long long']],
+    'RefCount' : [ 0x140, ['long']],
+    'CacheAlign0' : [ 0x140, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0x13c0, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer64', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x280, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x500, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x780, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x7c0, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x7e8, ['array', 2, ['pointer64', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x7f8, ['array', 8, ['pointer64', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x838, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x880, ['unsigned long long']],
+    'TransitionSharedPagesPeak' : [ 0x888, ['array', 6, ['unsigned long long']]],
+    'MappedPageListHeadEvent' : [ 0x8b8, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0xa38, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0xa58, ['unsigned long']],
+    'StandbyListDiscard' : [ 0xa5c, ['unsigned char']],
+    'FreeListDiscard' : [ 0xa5d, ['unsigned char']],
+    'PfnBitMapsReady' : [ 0xa5e, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0xa60, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0xa68, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0xac0, ['unsigned long long']],
+    'AvailablePageWaitStates' : [ 0xac8, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0xb28, ['pointer64', ['void']]],
+    'TransitionPrivatePages' : [ 0xb40, ['unsigned long long']],
+    'LargePfnBitMap' : [ 0xb48, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'LargePageListHeads' : [ 0xb68, ['pointer64', ['_MI_FREE_LARGE_PAGE_LIST']]],
+    'LargePageCandidates' : [ 0xb70, ['array', 2, ['_MI_LARGE_PAGE_CANDIDATES']]],
+    'RebuildLargePageWorkItem' : [ 0xf80, ['_WORK_QUEUE_ITEM']],
+    'RebuildLargePageCandidates' : [ 0xfa0, ['unsigned char']],
+    'RebuildLargePageActive' : [ 0xfa1, ['unsigned char']],
+    'LargePageRebuildLock' : [ 0xfa4, ['long']],
+    'LowMemoryThreshold' : [ 0xfa8, ['unsigned long long']],
+    'HighMemoryThreshold' : [ 0xfb0, ['unsigned long long']],
+    'SlabContexts' : [ 0xfb8, ['array', 2, ['array', 4, ['_MI_SLAB_ALLOCATOR_CONTEXT']]]],
+    'SlabPfnBitMap' : [ 0x1378, ['_RTL_BITMAP_EX']],
+    'HugePfnLists' : [ 0x1388, ['pointer64', ['void']]],
+    'AvailableHugeIoRanges' : [ 0x1390, ['unsigned long long']],
+} ],
+  '__unnamed_298d' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_298d']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_STATS' : [ 0x8, {
+    'Buckets' : [ 0x0, ['array', 4, ['_HEAP_LFH_SUBSEGMENT_STAT']]],
+    'AllStats' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_HIDDEN_PROCESSOR_POWER_INTERFACE' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'ReadPerfMsr' : [ 0x8, ['pointer64', ['void']]],
+    'WritePerfMsr' : [ 0x10, ['pointer64', ['void']]],
+    'ReadPerfIoPort' : [ 0x18, ['pointer64', ['void']]],
+    'WritePerfIoPort' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '__unnamed_29bc' : [ 0x8, {
+    'AllocationType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Inserted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+} ],
+  '__unnamed_29be' : [ 0x8, {
+    'PrototypePtesFlags' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_29c0' : [ 0x8, {
+    'e1' : [ 0x0, ['__unnamed_29bc']],
+    'e2' : [ 0x0, ['__unnamed_29be']],
+} ],
+  '_MI_PROTOTYPE_PTES_NODE' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x18, ['__unnamed_29c0']],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_WNF_DELIVERY_DESCRIPTOR' : [ 0x30, {
+    'SubscriptionId' : [ 0x0, ['unsigned long long']],
+    'StateName' : [ 0x8, ['_WNF_STATE_NAME']],
+    'ChangeStamp' : [ 0x10, ['unsigned long']],
+    'StateDataSize' : [ 0x14, ['unsigned long']],
+    'EventMask' : [ 0x18, ['unsigned long']],
+    'TypeId' : [ 0x1c, ['_WNF_TYPE_ID']],
+    'StateDataOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0x190, {
+    'Partition' : [ 0x0, ['pointer64', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0x18, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x40, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x48, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x58, ['unsigned long long']],
+    'CombinePageListHeads' : [ 0x60, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'CommonPageCombineDomain' : [ 0x160, ['unsigned long long']],
+    'PageCombineStats' : [ 0x168, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'LowboxNumber' : [ 0x28, ['unsigned long']],
+    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x8, ['pointer64', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID' : [ 0x18, {
+    'DeviceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'EXT_IOMMU_DEVICE_TYPE_INVALID', 1: u'EXT_IOMMU_DEVICE_TYPE_PCI', 2: u'EXT_IOMMU_DEVICE_TYPE_ACPI', 3: u'EXT_IOMMU_DEVICE_TYPE_IOAPIC', 4: u'EXT_IOMMU_DEVICE_TYPE_LOGICAL', 5: u'EXT_IOMMU_DEVICE_TYPE_GIC', 6: u'EXT_IOMMU_DEVICE_TYPE_TEST', 7: u'EXT_IOMMU_DEVICE_TYPE_MAX'})]],
+    'Pci' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_PCI']],
+    'Acpi' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_ACPI']],
+    'IoApicId' : [ 0x8, ['unsigned char']],
+    'LogicalId' : [ 0x8, ['unsigned long long']],
+    'Test' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_TEST']],
+    'Gic' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_GIC']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_29eb' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_29ed' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29f0' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_29f4' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x58, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x38, ['__unnamed_29eb']],
+    'HvDeviceId' : [ 0x40, ['unsigned long long']],
+    'XapicMessage' : [ 0x48, ['__unnamed_29ed']],
+    'Hypertransport' : [ 0x48, ['__unnamed_29f0']],
+    'GenericMessage' : [ 0x48, ['__unnamed_29ed']],
+    'MessageRequest' : [ 0x48, ['__unnamed_29f4']],
+} ],
+  '__unnamed_29f9' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_29fb' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_29f9']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_29ff' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a01' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_29ff']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_29fb']],
+    'HighPart' : [ 0x4, ['__unnamed_2a01']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'KernelSoftReboot' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DirectedDripsTransition' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_KINTERRUPT' : [ 0x100, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
+    'ActiveCount' : [ 0x66, ['unsigned short']],
+    'InternalState' : [ 0x68, ['long']],
+    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x74, ['unsigned long']],
+    'DispatchCount' : [ 0x78, ['unsigned long']],
+    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x90, ['pointer64', ['void']]],
+    'ServiceThread' : [ 0x98, ['pointer64', ['_KTHREAD']]],
+    'ConnectionData' : [ 0xa0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0xa8, ['pointer64', ['void']]],
+    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xf0, ['pointer64', ['void']]],
+    'Padding' : [ 0xf8, ['array', 8, ['unsigned char']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x58, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x38, ['pointer64', ['_ETHREAD']]],
+    'Type' : [ 0x40, ['unsigned long']],
+    'ActivityId' : [ 0x44, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x28, {
+    'NextPteToTrim' : [ 0x0, ['pointer64', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0x18, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x1c, ['unsigned long']],
+    'LockedEntries' : [ 0x20, ['unsigned long long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x50, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+    'Extended' : [ 0x49, ['unsigned char']],
+    'RankNumber' : [ 0x4a, ['unsigned short']],
+    'CardHandle' : [ 0x4c, ['unsigned short']],
+    'ModuleHandle' : [ 0x4e, ['unsigned short']],
+} ],
+  '_EX_POOL_HEAP_MANAGER_STATE' : [ 0x86940, {
+    'HeapManager' : [ 0x0, ['_RTLP_HP_HEAP_MANAGER']],
+    'NumberOfPools' : [ 0x38d0, ['unsigned long']],
+    'PoolNode' : [ 0x3900, ['array', 64, ['_EX_HEAP_POOL_NODE']]],
+    'SpecialHeaps' : [ 0x86900, ['array', 3, ['pointer64', ['_SEGMENT_HEAP']]]],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_SK_CRASH_MODULE' : [ 0x48, {
+    'ImageName' : [ 0x0, ['array', 32, ['wchar']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5c0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xf0, ['_CONTEXT']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x28, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPendingAll' : [ 0x2a, ['unsigned char']],
+    'SpecialUserApcPending' : [ 0x2a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserApcPending' : [ 0x2a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer64', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_HEAP_VAMGR_CTX' : [ 0x3840, {
+    'VaSpace' : [ 0x0, ['_HEAP_VAMGR_VASPACE']],
+    'AllocatorLock' : [ 0x860, ['unsigned long long']],
+    'AllocatorCount' : [ 0x868, ['unsigned long']],
+    'Allocators' : [ 0x870, ['array', 255, ['_HEAP_VAMGR_ALLOCATOR']]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DEBUG_DEVICE_DESCRIPTOR' : [ 0xf8, {
+    'Bus' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'Segment' : [ 0x8, ['unsigned short']],
+    'VendorID' : [ 0xa, ['unsigned short']],
+    'DeviceID' : [ 0xc, ['unsigned short']],
+    'BaseClass' : [ 0xe, ['unsigned char']],
+    'SubClass' : [ 0xf, ['unsigned char']],
+    'ProgIf' : [ 0x10, ['unsigned char']],
+    'Flags' : [ 0x11, ['unsigned char']],
+    'DbgHalScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgBarsMapped' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Initialized' : [ 0x12, ['unsigned char']],
+    'Configured' : [ 0x13, ['unsigned char']],
+    'BaseAddress' : [ 0x18, ['array', 6, ['DEBUG_DEVICE_ADDRESS']]],
+    'Memory' : [ 0xa8, ['DEBUG_MEMORY_REQUIREMENTS']],
+    'Dbg2TableIndex' : [ 0xc8, ['unsigned long']],
+    'PortType' : [ 0xcc, ['unsigned short']],
+    'PortSubtype' : [ 0xce, ['unsigned short']],
+    'OemData' : [ 0xd0, ['pointer64', ['void']]],
+    'OemDataLength' : [ 0xd8, ['unsigned long']],
+    'NameSpace' : [ 0xdc, ['Enumeration', dict(target = 'long', choices = {0: u'KdNameSpacePCI', 1: u'KdNameSpaceACPI', 2: u'KdNameSpaceAny', 3: u'KdNameSpaceNone', 4: u'KdNameSpaceMax'})]],
+    'NameSpacePath' : [ 0xe0, ['pointer64', ['wchar']]],
+    'NameSpacePathLength' : [ 0xe8, ['unsigned long']],
+    'TransportType' : [ 0xec, ['unsigned long']],
+    'TransportData' : [ 0xf0, ['_DEBUG_TRANSPORT_DATA']],
+} ],
+  '__unnamed_2a6f' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2a71' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2a73' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_2a6f']],
+    'Interrupt' : [ 0x0, ['__unnamed_2a71']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_2a71']],
+    'Sci' : [ 0x0, ['__unnamed_2a71']],
+    'Nmi' : [ 0x0, ['__unnamed_2a71']],
+    'Sea' : [ 0x0, ['__unnamed_2a71']],
+    'Sei' : [ 0x0, ['__unnamed_2a71']],
+    'Gsiv' : [ 0x0, ['__unnamed_2a71']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_2a73']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'PassiveCoolingDevicesPresent' : [ 0x21, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
+    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x2b0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x298, ['unsigned long']],
+    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x2e0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Partition' : [ 0x2b0, ['pointer64', ['_EX_PARTITION']]],
+    'Node' : [ 0x2b8, ['pointer64', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x2c0, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x2c4, ['unsigned long']],
+    'ThreadCount' : [ 0x2c8, ['long']],
+    'MinThreads' : [ 0x2cc, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x2cc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x2d0, ['long']],
+    'QueueIndex' : [ 0x2d4, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'IoPoolUntrusted', 8: u'ExPoolMax'})]],
+    'AllThreadsExitedEvent' : [ 0x2d8, ['pointer64', ['_KEVENT']]],
+} ],
+  '_KSCB' : [ 0x1a8, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x70, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x70, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x70, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x70, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x70, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x70, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x70, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x71, ['unsigned char']],
+    'ReadySummary' : [ 0x72, ['unsigned short']],
+    'Rank' : [ 0x74, ['unsigned long']],
+    'ShareRank' : [ 0x78, ['pointer64', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x80, ['unsigned long']],
+    'ReadyListHead' : [ 0x88, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0x188, ['_RTL_RB_TREE']],
+    'Parent' : [ 0x198, ['pointer64', ['_KSCB']]],
+    'Root' : [ 0x1a0, ['pointer64', ['_KSCB']]],
+} ],
+  '__unnamed_2a9b' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x10, ['pointer64', ['void']]],
+    'ExceptionTableSize' : [ 0x18, ['unsigned long']],
+    'GpValue' : [ 0x20, ['pointer64', ['void']]],
+    'NonPagedDebugInfo' : [ 0x28, ['pointer64', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'u1' : [ 0x6e, ['__unnamed_2a9b']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x7c, ['unsigned long']],
+    'CoverageSection' : [ 0x80, ['pointer64', ['void']]],
+    'LoadedImports' : [ 0x88, ['pointer64', ['void']]],
+    'Spare' : [ 0x90, ['pointer64', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x98, ['unsigned long']],
+    'TimeDateStamp' : [ 0x9c, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long long']],
+    'TrimInProgressCount' : [ 0x8, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x10, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x28, ['array', 3, ['unsigned long']]],
+} ],
+  '_RTLP_HP_METADATA_HEAP_CTX' : [ 0x10, {
+    'Heap' : [ 0x0, ['pointer64', ['_SEGMENT_HEAP']]],
+    'InitOnce' : [ 0x8, ['_RTL_RUN_ONCE']],
+} ],
+  '_RTL_RETPOLINE_ROUTINES' : [ 0x50, {
+    'UnwindDataOffset' : [ 0x0, ['unsigned long']],
+    'SwitchtableJump' : [ 0x4, ['array', 16, ['unsigned long']]],
+    'CfgIndirectRax' : [ 0x44, ['unsigned long']],
+    'NonCfgIndirectRax' : [ 0x48, ['unsigned long']],
+    'ImportR10' : [ 0x4c, ['unsigned long']],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'MutantFlags' : [ 0x30, ['unsigned char']],
+    'Abandoned' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x30, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'Abandoned2' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'AbEnabled' : [ 0x30, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare2' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '__unnamed_2aad' : [ 0x8, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 44, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2ab2' : [ 0x8, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'OldestWsleLeafEntries' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 14, native_type='unsigned long long')]],
+    'OldestWsleLeafAge' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 17, native_type='unsigned long long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 60, native_type='unsigned long long')]],
+} ],
+  '_MI_ACTIVE_PFN' : [ 0x8, {
+    'Leaf' : [ 0x0, ['__unnamed_2aad']],
+    'PageTable' : [ 0x0, ['__unnamed_2ab2']],
+    'EntireActiveField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x28, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x2c, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_HMAP_TABLE' : [ 0x3000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_2add' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2adf' : [ 0x20, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_2add']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x40, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0x18, ['__unnamed_2adf']],
+    'VerifiedData' : [ 0x38, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x28, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
+    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
+    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SystemCacheAttributes' : [ 0x20, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x200, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0x80, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x90, ['unsigned long long']],
+    'PteTrackingBitmap' : [ 0x98, ['_RTL_BITMAP_EX']],
+    'CachedPteHeads' : [ 0xa8, ['pointer64', ['_MI_CACHED_PTES']]],
+    'CachedKernelStackPteHeads' : [ 0xb0, ['pointer64', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xb8, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPteInfo' : [ 0x118, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x178, ['unsigned long']],
+    'KernelStackPages' : [ 0x17c, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x17d, ['unsigned char']],
+    'AdjustCounter' : [ 0x17e, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x180, ['long']],
+    'ReservedMappingTree' : [ 0x188, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x190, ['pointer64', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x198, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x1a0, ['long']],
+    'UltraSpaceContext' : [ 0x1a8, ['_MI_ULTRA_VA_CONTEXT']],
+    'NumberOfUltraMdlMaps' : [ 0x1e8, ['unsigned long']],
+    'UltraMdlNodeMappings' : [ 0x1f0, ['pointer64', ['_MI_ULTRA_MDL_NODE']]],
+} ],
+  '__unnamed_2af9' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0x1b0, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2af9']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'NodeInformation' : [ 0x10, ['pointer64', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x18, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x20, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x28, ['unsigned long long']],
+    'PfnUnmapWorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x50, ['unsigned long long']],
+    'PfnUnmapWaitList' : [ 0x58, ['pointer64', ['void']]],
+    'MemoryRuns' : [ 0x60, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x68, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x80, ['array', 5, ['pointer64', ['void']]]],
+    'PartitionObject' : [ 0xa8, ['pointer64', ['_EPARTITION']]],
+    'PartitionSystemThreadsLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0xc0, ['long']],
+    'PfnUnmapActive' : [ 0xc4, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0xc8, ['_KEVENT']],
+    'RootDirectory' : [ 0xe0, ['pointer64', ['void']]],
+    'KernelObjectsDirectory' : [ 0xe8, ['pointer64', ['void']]],
+    'MemoryEvents' : [ 0xf0, ['array', 11, ['pointer64', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0x148, ['array', 11, ['pointer64', ['void']]]],
+    'TotalHugeIoRanges' : [ 0x1a0, ['unsigned long long']],
+    'NonChargedSecurePages' : [ 0x1a8, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0xc0, {
+    'NextPageColor' : [ 0x0, ['unsigned long']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long long']],
+    'VmWorkingSetList' : [ 0x10, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 8, ['unsigned long long']]],
+    'ExitOutswapGate' : [ 0x68, ['pointer64', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x70, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x78, ['unsigned long long']],
+    'WorkingSetLeafPrivateSize' : [ 0x80, ['unsigned long long']],
+    'WorkingSetSize' : [ 0x88, ['unsigned long long']],
+    'WorkingSetPrivateSize' : [ 0x90, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0x98, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0xa0, ['unsigned long long']],
+    'HardFaultCount' : [ 0xa8, ['unsigned long']],
+    'LastTrimStamp' : [ 0xac, ['unsigned short']],
+    'PartitionId' : [ 0xae, ['unsigned short']],
+    'SelfmapLock' : [ 0xb0, ['unsigned long long']],
+    'Flags' : [ 0xb8, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x10, ['unsigned char']],
+    'BlockState' : [ 0x11, ['unsigned char']],
+    'WaitKey' : [ 0x12, ['unsigned short']],
+    'SpareLong' : [ 0x14, ['long']],
+    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
+    'Object' : [ 0x20, ['pointer64', ['void']]],
+    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x18, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0x10, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+} ],
+  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
+    'CurrentSize' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'Epoch' : [ 0x8, ['unsigned long']],
+    'Overflow' : [ 0xc, ['unsigned char']],
+    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
+} ],
+  '_LFH_RANDOM_DATA' : [ 0x100, {
+    'Bytes' : [ 0x0, ['array', 256, ['unsigned char']]],
+    'Words' : [ 0x0, ['array', 128, ['unsigned short']]],
+    'Quadwords' : [ 0x0, ['array', 32, ['unsigned long long']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0xb8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long long']],
+    'WorkQueue' : [ 0x20, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
+    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
+    'AcceptAcpiNotification' : [ 0x70, ['pointer64', ['void']]],
+    'WorkOrderCount' : [ 0x78, ['unsigned long']],
+    'WorkOrders' : [ 0x80, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_2b2b' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x78, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x20, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x28, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x30, ['unsigned long long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x38, ['unsigned long long']],
+    'MdlHack' : [ 0x40, ['__unnamed_2b2b']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x270, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ReadySummary' : [ 0x8, ['unsigned long']],
+    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
+    'Span' : [ 0x250, ['unsigned char']],
+    'LowProcIndex' : [ 0x251, ['unsigned char']],
+    'QueueIndex' : [ 0x252, ['unsigned char']],
+    'ProcCount' : [ 0x253, ['unsigned char']],
+    'ScanOwner' : [ 0x254, ['unsigned char']],
+    'Spare' : [ 0x255, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x258, ['unsigned long long']],
+    'ReadyThreadCount' : [ 0x260, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x268, ['unsigned long long']],
+} ],
+  '_HAL_LBR_ENTRY' : [ 0x18, {
+    'FromAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ToAddress' : [ 0x8, ['pointer64', ['void']]],
+    'Reserved' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x30, ['pointer64', ['void']]],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'Index' : [ 0x60, ['unsigned short']],
+    'Flags' : [ 0x62, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x62, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'DbgUseDescriptorType' : [ 0x62, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'DbgDropProviderTraits' : [ 0x62, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'EnableMask' : [ 0x64, ['unsigned char']],
+    'GroupEnableMask' : [ 0x65, ['unsigned char']],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HAL_DP_REPLACE_PARAMETERS' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'TargetProcessors' : [ 0x8, ['pointer64', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+    'SpareProcessors' : [ 0x10, ['pointer64', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x28, {
+    'NextEntry' : [ 0x0, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x480, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long long']],
+    'AvailableSystemCacheVa' : [ 0x8, ['unsigned long long']],
+    'DynamicBitMapKernelStacks' : [ 0x10, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSystemPtes' : [ 0x58, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapDriverImages' : [ 0xa0, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapPagedPool' : [ 0x130, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSystemCache' : [ 0x178, ['_MI_DYNAMIC_BITMAP']],
+    'HalPrivateVaStart' : [ 0x1c0, ['pointer64', ['void']]],
+    'HalPrivateVaSize' : [ 0x1c8, ['unsigned long long']],
+    'SystemVaAssignment' : [ 0x1d0, ['array', 8, ['unsigned long']]],
+    'SystemVaAssignmentHint' : [ 0x1f0, ['unsigned long']],
+    'TopLevelPteLockBits' : [ 0x1f4, ['array', 32, ['unsigned long']]],
+    'DeleteKvaLock' : [ 0x274, ['long']],
+    'WsleArrays' : [ 0x278, ['array', 8, ['pointer64', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x2b8, ['pointer64', ['void']]],
+    'HyperSpaceEnd' : [ 0x2c0, ['pointer64', ['void']]],
+    'PagableHyperSpaceBytes' : [ 0x2c8, ['unsigned long long']],
+    'PageTableCommitmentOffset' : [ 0x2d0, ['array', 2, ['unsigned long long']]],
+    'FreeSystemCacheVa' : [ 0x2e0, ['_KEVENT']],
+    'SystemVaLock' : [ 0x2f8, ['unsigned long long']],
+    'SystemCacheViewLock' : [ 0x300, ['unsigned long long']],
+    'SystemWorkingSetList' : [ 0x308, ['array', 8, ['_MMWSL_INSTANCE']]],
+    'SelfmapLock' : [ 0x448, ['array', 4, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x80, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'GoodCitizenWaiting' : [ 0x4, ['long']],
+    'ReleasedCommitDebt' : [ 0x8, ['unsigned long long']],
+    'ResetPagesRepurposedCount' : [ 0x10, ['unsigned long long']],
+    'WsSwapSupport' : [ 0x18, ['pointer64', ['void']]],
+    'CommitReleaseContext' : [ 0x20, ['pointer64', ['void']]],
+    'AccessLog' : [ 0x28, ['pointer64', ['void']]],
+    'ChargedWslePages' : [ 0x30, ['unsigned long long']],
+    'ActualWslePages' : [ 0x38, ['unsigned long long']],
+    'WorkingSetCoreLock' : [ 0x40, ['unsigned long long']],
+    'ShadowMapping' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_ETW_SYSTEM_LOGGER' : [ 0x2, {
+    'LoggerId' : [ 0x0, ['unsigned char']],
+    'ClockType' : [ 0x1, ['unsigned char']],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_ACPI' : [ 0x8, {
+    'ObjectName' : [ 0x0, ['pointer64', ['unsigned char']]],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '__WIL__WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PNP_REPLACE_PROCESSOR_LIST' : [ 0x18, {
+    'Affinity' : [ 0x0, ['pointer64', ['unsigned long long']]],
+    'GroupCount' : [ 0x8, ['unsigned long']],
+    'AllocatedCount' : [ 0xc, ['unsigned long']],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ApicIds' : [ 0x14, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_ULTRA_VA_CONTEXT' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ZeroMapping' : [ 0x8, ['pointer64', ['void']]],
+    'AllocationHintBit' : [ 0x10, ['unsigned long long']],
+    'Bitmap' : [ 0x18, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'ConcurrencyMaximum' : [ 0x38, ['long']],
+    'ConcurrencyCount' : [ 0x3c, ['long']],
+} ],
+  '_ETW_HW_TRACE_EXT_INTERFACE' : [ 0x18, {
+    'StartProcessorTraceOnEachCore' : [ 0x0, ['pointer64', ['void']]],
+    'StopProcessorTraceOnEachCore' : [ 0x8, ['pointer64', ['void']]],
+    'LogProcessorTraceOnCurrentCore' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_LARGE_PAGE_CANDIDATES' : [ 0x208, {
+    'Hand' : [ 0x0, ['unsigned short']],
+    'ActiveEntryCount' : [ 0x2, ['unsigned short']],
+    'Overflowed' : [ 0x4, ['unsigned char']],
+    'PageFrames' : [ 0x8, ['array', 64, ['unsigned long long']]],
+} ],
+  '_MI_DLL_OVERFLOW_AREA' : [ 0x20, {
+    'RangeStart' : [ 0x0, ['pointer64', ['void']]],
+    'NextVa' : [ 0x8, ['pointer64', ['void']]],
+    'RangeStartAbove2gb' : [ 0x10, ['pointer64', ['void']]],
+    'NextVaAbove2gb' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x20, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CrossPartitionReferences' : [ 0x8, ['unsigned long long']],
+    'CloneCommitCount' : [ 0x10, ['unsigned long long']],
+    'u1' : [ 0x10, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MACHINE_CHECK_CONTEXT' : [ 0x50, {
+    'MachineFrame' : [ 0x0, ['_MACHINE_FRAME']],
+    'Rax' : [ 0x28, ['unsigned long long']],
+    'Rcx' : [ 0x30, ['unsigned long long']],
+    'Rdx' : [ 0x38, ['unsigned long long']],
+    'GsBase' : [ 0x40, ['unsigned long long']],
+    'Cr3' : [ 0x48, ['unsigned long long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_TEST' : [ 0x8, {
+    'UniqueId' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_HEADER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaEventLogEntryTypeInformational', 1: u'WheaEventLogEntryTypeWarning', 2: u'WheaEventLogEntryTypeError'})]],
+    'OwnerTag' : [ 0x10, ['unsigned long']],
+    'Id' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {-2147483647: u'WheaEventLogEntryIdCmcPollingTimeout', -2147483646: u'WheaEventLogEntryIdWheaInit', -2147483645: u'WheaEventLogEntryIdCmcSwitchToPolling', -2147483644: u'WheaEventLogEntryIdDroppedCorrectedError', -2147483643: u'WheaEventLogEntryIdStartedReportHwError', -2147483642: u'WheaEventLogEntryIdPFAMemoryOfflined', -2147483641: u'WheaEventLogEntryIdPFAMemoryRemoveMonitor', -2147483640: u'WheaEventLogEntryIdPFAMemoryPolicy', -2147483639: u'WheaEventLogEntryIdPshedInjectError', -2147483638: u'WheaEventLogEntryIdOscCapabilities', -2147483637: u'WheaEventLogEntryIdPshedPluginRegister', -2147483636: u'WheaEventLogEntryIdAddRemoveErrorSource', -2147483635: u'WheaEventLogEntryIdWorkQueueItem', -2147483634: u'WheaEventLogEntryIdAttemptErrorRecovery', -2147483633: u'WheaEventLogEntryIdMcaFoundErrorInBank', -2147483632: u'WheaEventLogEntryIdMcaStuckErrorCheck', -2147483631: u'WheaEventLogEntryIdMcaErrorCleared', -2147483630: u'WheaEventLogEntryIdClearedPoison', -2147483629: u'WheaEventLogEntryIdProcessEINJ', -2147483628: u'WheaEventLogEntryIdProcessHEST', -2147483627: u'WheaEventLogEntryIdCreateGenericRecord', -2147483626: u'WheaEventLogEntryIdErrorRecord', -2147483625: u'WheaEventLogEntryIdErrorRecordLimit', -2147483624: u'WheaEventLogEntryIdSELEventFailed', -2147483623: u'WheaEventLogEntryIdErrSrcArrayInvalid', -2147483616: u'WheaEventLogEntryIdErrSrcInvalid', -2147483615: u'WheaEventLogEntryIdGenericErrMemMap', -2147483614: u'WheaEventLogEntryIdPshedCallbackCollision', -2147483613: u'WheaEventLogEntryIdSELBugCheckProgress'})]],
+    'Flags' : [ 0x18, ['_WHEA_EVENT_LOG_ENTRY_FLAGS']],
+    'PayloadLength' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_2bc4' : [ 0x8, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_SECTION' : [ 0x40, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u1' : [ 0x28, ['__unnamed_2bc4']],
+    'SizeOfSection' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_18a2']],
+    'InitialPageProtection' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x3c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x48, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer64', ['void']]]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_STAT' : [ 0x2, {
+    'Index' : [ 0x0, ['unsigned char']],
+    'Count' : [ 0x1, ['unsigned char']],
+} ],
+  '_WHEA_DEVICE_DRIVER_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'Config' : [ 0x4, ['_WHEA_ERROR_SOURCE_CONFIGURATION_DD']],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xc0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'ArgumentStatus' : [ 0x14, ['long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights', 13: u'PNP_VetoAlreadyRemoved'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'Lock' : [ 0x44, ['unsigned long']],
+    'Cancel' : [ 0x48, ['unsigned char']],
+    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x58, ['_GUID']],
+    'Watchdog' : [ 0x68, ['pointer64', ['_PNP_WATCHDOG']]],
+    'Data' : [ 0x70, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_GLOBAL_APPCOMPAT_FLAGS' : [ 0x4, {
+    'SafeInputValidation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Padding' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CommitLFHSubsegments' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AllocateHeapFromEnv' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0xa0, {
+    'Timelines' : [ 0x0, ['array', 14, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+    'InputTimeline' : [ 0x48, ['_TIMELINE_BITMAP']],
+    'AudioInTimeline' : [ 0x50, ['_TIMELINE_BITMAP']],
+    'AudioOutTimeline' : [ 0x58, ['_TIMELINE_BITMAP']],
+    'DisplayRequiredTimeline' : [ 0x60, ['_TIMELINE_BITMAP']],
+    'KeyboardInputTimeline' : [ 0x68, ['_TIMELINE_BITMAP']],
+    'Durations' : [ 0x70, ['array', 5, ['_ENERGY_STATE_DURATION']]],
+    'InputDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'AudioInDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'AudioOutDuration' : [ 0x80, ['_ENERGY_STATE_DURATION']],
+    'DisplayRequiredDuration' : [ 0x88, ['_ENERGY_STATE_DURATION']],
+    'PSMBackgroundDuration' : [ 0x90, ['_ENERGY_STATE_DURATION']],
+    'KeyboardInput' : [ 0x98, ['unsigned long']],
+    'MouseInput' : [ 0x9c, ['unsigned long']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x20, ['pointer64', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x28, ['long']],
+    'Active' : [ 0x2c, ['long']],
+    'FreeWhenDone' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x118, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x10, ['unsigned long']],
+    'InDebugger' : [ 0x14, ['long']],
+    'Pfns' : [ 0x18, ['array', 32, ['pointer64', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LockState' : [ 0x0, ['pointer64', ['void']]],
+    'SessionState' : [ 0x8, ['pointer64', ['void']]],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'SessionPad' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0x138, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x40, ['unsigned long long']],
+    'TimerApc' : [ 0x48, ['_KAPC']],
+    'TimerDpc' : [ 0xa0, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Period' : [ 0xf0, ['unsigned long']],
+    'TimerFlags' : [ 0xf4, ['unsigned char']],
+    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0xf5, ['unsigned char']],
+    'Spare2' : [ 0xf6, ['unsigned short']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x128, ['unsigned long long']],
+    'CoalescingWindow' : [ 0x130, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x78, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x48, ['pointer64', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x50, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'CrashDumpPte' : [ 0x70, ['pointer64', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x20, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0x18, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x10, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'DEBUG_MEMORY_REQUIREMENTS' : [ 0x20, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'MaxEnd' : [ 0x8, ['_LARGE_INTEGER']],
+    'VirtualAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'Cached' : [ 0x1c, ['unsigned char']],
+    'Aligned' : [ 0x1d, ['unsigned char']],
+} ],
+  'DEBUG_DEVICE_ADDRESS' : [ 0x18, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Valid' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 2, ['unsigned char']]],
+    'BitWidth' : [ 0x2, ['unsigned char']],
+    'AccessSize' : [ 0x3, ['unsigned char']],
+    'TranslatedAddress' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x200, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x28, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x30, ['unsigned char']],
+    'PepWokenTransition' : [ 0x31, ['unsigned char']],
+    'HvTargetState' : [ 0x32, ['unsigned char']],
+    'Reserved' : [ 0x33, ['unsigned char']],
+    'TargetIdleState' : [ 0x34, ['unsigned long']],
+    'IdlePolicy' : [ 0x38, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x40, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x48, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xdc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xe0, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0xe8, ['long']],
+    'FFHThrottleStateInfo' : [ 0xf0, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x110, ['_KDPC']],
+    'PerfActionMask' : [ 0x150, ['long']],
+    'HvIdleCheck' : [ 0x158, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x168, ['pointer64', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x170, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x178, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x180, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x188, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x190, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x198, ['pointer64', ['_PROC_PERF_HISTORY']]],
+    'ArchitecturalEfficiencyClass' : [ 0x1a0, ['unsigned char']],
+    'PerformanceSchedulingClass' : [ 0x1a1, ['unsigned char']],
+    'EfficiencySchedulingClass' : [ 0x1a2, ['unsigned char']],
+    'GuaranteedPerformancePercent' : [ 0x1a3, ['unsigned char']],
+    'Parked' : [ 0x1a4, ['unsigned char']],
+    'LongPriorQosPeriod' : [ 0x1a5, ['unsigned char']],
+    'LatestAffinitizedPercent' : [ 0x1a6, ['unsigned short']],
+    'LatestPerformancePercent' : [ 0x1a8, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x1ac, ['unsigned long']],
+    'RelativePerformance' : [ 0x1b0, ['unsigned long']],
+    'Utility' : [ 0x1b4, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x1b8, ['unsigned long']],
+    'SnapTimeLast' : [ 0x1c0, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x1c0, ['unsigned long long']],
+    'ActiveTime' : [ 0x1c8, ['unsigned long long']],
+    'TotalTime' : [ 0x1d0, ['unsigned long long']],
+    'FxDevice' : [ 0x1d8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'LastQosTranstionTsc' : [ 0x1e0, ['unsigned long long']],
+    'QosTransitionHysteresis' : [ 0x1e8, ['unsigned long long']],
+    'RequestedQosClass' : [ 0x1f0, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'ResolvedQosClass' : [ 0x1f4, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'QosEquivalencyMask' : [ 0x1f8, ['unsigned short']],
+    'HwFeedbackTableIndex' : [ 0x1fa, ['unsigned short']],
+    'HwFeedbackParkHint' : [ 0x1fc, ['unsigned char']],
+    'HwFeedbackPerformanceClass' : [ 0x1fd, ['unsigned char']],
+    'HwFeedbackEfficiencyClass' : [ 0x1fe, ['unsigned char']],
+    'HeteroCoreType' : [ 0x1ff, ['unsigned char']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x340, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'CloneHeaderCount' : [ 0x18, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x20, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x38, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x50, ['unsigned long long']],
+    'AttemptForCantExtend' : [ 0x58, ['_MMPAGE_FILE_EXPANSION']],
+    'DereferenceSegmentHeader' : [ 0xb0, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x100, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x110, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0x150, ['unsigned char']],
+    'SegmentDereferenceThreadExists' : [ 0x151, ['unsigned char']],
+    'SegmentDereferenceActiveControlArea' : [ 0x158, ['pointer64', ['void']]],
+    'UnusedSegmentPagedPool' : [ 0x160, ['unsigned long long']],
+    'UnusedSegmentList' : [ 0x168, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0x178, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0x188, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0x198, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x1b0, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0x1b8, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0x1d0, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x1f0, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0x200, ['_EX_PUSH_LOCK']],
+    'PagefileExtensionWaiters' : [ 0x208, ['unsigned long']],
+    'PagefileExtensionRequests' : [ 0x20c, ['unsigned long']],
+    'PagefileExtensionWaitEvent' : [ 0x210, ['_KEVENT']],
+    'SharedCharges' : [ 0x228, ['array', 7, ['_MI_CROSS_PARTITION_CHARGES']]],
+    'SharedChargesDrainEvent' : [ 0x308, ['pointer64', ['_KEVENT']]],
+    'ControlAreasDrainEvent' : [ 0x310, ['pointer64', ['_KEVENT']]],
+    'CloneHeaderDrainEvent' : [ 0x318, ['pointer64', ['_KEVENT']]],
+    'ProbeRundownReference' : [ 0x320, ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_BUS_HANDLER' : [ 0xb0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ConfigurationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'Cmos', 1: u'EisaConfiguration', 2: u'Pos', 3: u'CbusConfiguration', 4: u'PCIConfiguration', 5: u'VMEConfiguration', 6: u'NuBusConfiguration', 7: u'PCMCIAConfiguration', 8: u'MPIConfiguration', 9: u'MPSAConfiguration', 10: u'PNPISAConfiguration', 11: u'SgiInternalConfiguration', 12: u'MaximumBusDataType', -1: u'ConfigurationSpaceUndefined'})]],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ParentHandler' : [ 0x18, ['pointer64', ['_BUS_HANDLER']]],
+    'BusData' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceControlExtensionSize' : [ 0x28, ['unsigned long']],
+    'BusAddresses' : [ 0x30, ['pointer64', ['_SUPPORTED_RANGES']]],
+    'Reserved' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'GetBusData' : [ 0x48, ['pointer64', ['void']]],
+    'SetBusData' : [ 0x50, ['pointer64', ['void']]],
+    'AdjustResourceList' : [ 0x58, ['pointer64', ['void']]],
+    'AssignSlotResources' : [ 0x60, ['pointer64', ['void']]],
+    'TranslateBusAddress' : [ 0x68, ['pointer64', ['void']]],
+    'Spare1' : [ 0x70, ['pointer64', ['void']]],
+    'Spare2' : [ 0x78, ['pointer64', ['void']]],
+    'Spare3' : [ 0x80, ['pointer64', ['void']]],
+    'Spare4' : [ 0x88, ['pointer64', ['void']]],
+    'Spare5' : [ 0x90, ['pointer64', ['void']]],
+    'Spare6' : [ 0x98, ['pointer64', ['void']]],
+    'Spare7' : [ 0xa0, ['pointer64', ['void']]],
+    'Spare8' : [ 0xa8, ['pointer64', ['void']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x18, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_DEVICE' : [ 0x4b0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DevNode' : [ 0x30, ['pointer64', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x50, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x58, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x68, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x70, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0xc0, ['pointer64', ['void']]],
+    'AcpiLink' : [ 0xc8, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0xd8, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0xe8, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x108, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x128, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0x160, ['unsigned long long']],
+    'IdleTimer' : [ 0x168, ['_KTIMER']],
+    'IdleDpc' : [ 0x1a8, ['_KDPC']],
+    'IdleTimeout' : [ 0x1e8, ['unsigned long long']],
+    'IdleStamp' : [ 0x1f0, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x1f8, ['array', 2, ['pointer64', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x208, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x210, ['array', 2, ['pointer64', ['void']]]],
+    'NextIrpCallerContext' : [ 0x220, ['array', 2, ['pointer64', ['void']]]],
+    'IrpCompleteEvent' : [ 0x230, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x248, ['pointer64', ['void']]],
+    'Accounting' : [ 0x250, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x330, ['unsigned long']],
+    'ComponentCount' : [ 0x334, ['unsigned long']],
+    'Components' : [ 0x338, ['pointer64', ['pointer64', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x340, ['unsigned long']],
+    'Log' : [ 0x348, ['pointer64', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x350, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x358, ['pointer64', ['_DRIVER_OBJECT']]],
+    'DripsWatchdogContext' : [ 0x360, ['_POP_FX_DRIPS_WATCHDOG_CONTEXT']],
+    'DirectedTimeout' : [ 0x388, ['unsigned long']],
+    'DirectedWorkOrder' : [ 0x390, ['_POP_FX_WORK_ORDER']],
+    'DirectedWorkWatchdogInfo' : [ 0x3c8, ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']],
+    'DirectedLock' : [ 0x478, ['unsigned long long']],
+    'DirectedTransitionCallCount' : [ 0x480, ['long']],
+    'DirectedTransitionState' : [ 0x488, ['_POP_FX_DEVICE_DIRECTED_TRANSITION_STATE']],
+    'PowerProfile' : [ 0x498, ['pointer64', ['_POP_DEVICE_POWER_PROFILE']]],
+    'FriendlyName' : [ 0x4a0, ['_UNICODE_STRING']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x80, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x10, ['short']],
+    'SpecialApcDisable' : [ 0x12, ['short']],
+    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
+    'Irql' : [ 0x14, ['unsigned char']],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x8, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 59, native_type='unsigned long long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  'FEATURE_STATE_CHANGE_SUBSCRIPTION__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PrefetchSystemVmType' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'VaPrefetchReadBlock' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CollidedFlowThrough' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ForceCollisions' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InPageExpanded' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IssuedAtLowPriority' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FaultFromStore' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ClusteredPagePriority' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'MakeClusterValid' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PerformRelocations' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ZeroLastPage' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'UserFault' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StandbyProtectionNeeded' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PteChanged' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PageFileFault' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'PageFilePageHashActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoalescedIo' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VmLockNotNeeded' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer64', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Processors' : [ 0x8, ['unsigned long']],
+    'ActiveProcessors' : [ 0xc, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_RTL_HP_SUB_ALLOCATOR_CONFIGS' : [ 0x8, {
+    'LfhConfigs' : [ 0x0, ['_RTL_HP_LFH_CONFIG']],
+    'VsConfigs' : [ 0x4, ['_RTL_HP_VS_CONFIG']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0x18, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SepCachedHandlesEntryLowbox', 1: u'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x8, ['pointer64', ['void']]],
+    'IsolationPrefix' : [ 0x8, ['_UNICODE_STRING']],
+} ],
+  '_MI_ULTRA_MDL_NODE' : [ 0x200, {
+    'UltraMdlMaps' : [ 0x0, ['array', 8, ['_MI_ALIGNED_SLIST']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_SECTION_WOW_STATE' : [ 0x40, {
+    'ImageBitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'OverflowArea' : [ 0x10, ['_MI_DLL_OVERFLOW_AREA']],
+    'CfgBitMapSection' : [ 0x30, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea' : [ 0x38, ['pointer64', ['_CONTROL_AREA']]],
+} ],
+  '_VF_AVL_TABLE' : [ 0xc0, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['long']],
+} ],
+  '_PEBS_DS_SAVE_AREA64' : [ 0xa0, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsGpCounterReset' : [ 0x40, ['array', 8, ['unsigned long long']]],
+    'PebsFixedCounterReset' : [ 0x80, ['array', 4, ['unsigned long long']]],
+} ],
+  '_LEAP_SECOND_DATA' : [ 0x10, {
+    'Enabled' : [ 0x0, ['unsigned char']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['array', 1, ['_LARGE_INTEGER']]],
+} ],
+  '__unnamed_2cc9' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2ccb' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2cc9']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x60, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x40, ['pointer64', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x48, ['_LIST_ENTRY']],
+    'Specific' : [ 0x58, ['__unnamed_2ccb']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x38, ['long']],
+    'Watchdog' : [ 0x40, ['pointer64', ['_PNP_WATCHDOG']]],
+} ],
+  '_ETW_STACK_TRACE_BLOCK' : [ 0x80, {
+    'RelatedTimestamp' : [ 0x0, ['_LARGE_INTEGER']],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackWalkDpc' : [ 0x10, ['_KDPC']],
+    'ApcListHead' : [ 0x50, ['_SLIST_HEADER']],
+    'ApcEntry' : [ 0x60, ['pointer64', ['_ETW_APC_ENTRY']]],
+    'ApcEntryCount' : [ 0x68, ['unsigned long']],
+    'Flags' : [ 0x6c, ['long']],
+    'ApcCount' : [ 0x70, ['long']],
+    'MaxApcCount' : [ 0x74, ['long']],
+} ],
+  '_EVENT_FILTER_LEVEL_KW' : [ 0x18, {
+    'MatchAnyKeyword' : [ 0x0, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x8, ['unsigned long long']],
+    'Level' : [ 0x10, ['unsigned char']],
+    'FilterIn' : [ 0x11, ['unsigned char']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2ce5' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x58, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x20, ['unsigned long long']],
+    'ActualExpansion' : [ 0x28, ['unsigned long long']],
+    'Event' : [ 0x30, ['_KEVENT']],
+    'InProgress' : [ 0x48, ['long']],
+    'u1' : [ 0x4c, ['__unnamed_2ce5']],
+    'ActiveEntry' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x218, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'ActiveLevels' : [ 0x1, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'LastActiveUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x18, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xc0, ['array', 21, ['unsigned long long']]],
+    'TotalActiveTime' : [ 0x168, ['array', 10, ['unsigned long long']]],
+    'ActiveTimeSnap' : [ 0x1b8, ['array', 10, ['unsigned long long']]],
+    'TotalTime' : [ 0x208, ['unsigned long long']],
+    'TotalTimeSnap' : [ 0x210, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_DELAY_FREE' : [ 0x8, {
+    'DelayFree' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Count' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'AllBits' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  'wil_details_StagingConfigWnfStateName' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  'RTLP_HP_LFH_PERF_FLAGS' : [ 0x4, {
+    'HotspotDetection' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HotspotFullCommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ActiveSubsegment' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SmallerSubsegment' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SingleAffinitySlot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ApplyLfhDecommitPolicy' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableGarbageCollection' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LargePagePreCommit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'OpportunisticLargePreCommit' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'LfhForcedAffinity' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'LfhCachelinePadding' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MAP_REGISTER_ENTRY' : [ 0x10, {
+    'MapRegister' : [ 0x0, ['pointer64', ['void']]],
+    'WriteToDevice' : [ 0x8, ['unsigned char']],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x58, {
+    'Context' : [ 0x0, ['pointer64', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x4c, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x50, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x70, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceReasonUnknown', 1: u'RebalanceReasonRequirementsChanged', 2: u'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceFailureNone', 1: u'RebalanceFailureDisabled', 2: u'RebalanceFailureNoMemory', 3: u'RebalanceFailureQueryStopUnexpectedVeto', 4: u'RebalanceFailureNoRequirements', 5: u'RebalanceFailureNoCandidates', 6: u'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x20, ['unsigned char']],
+    'TriggerRoot' : [ 0x28, ['pointer64', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x30, ['unsigned char']],
+    'BeginTime' : [ 0x38, ['unsigned long long']],
+    'VetoNode' : [ 0x40, ['array', 2, ['pointer64', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x50, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceQueryRebalanceSucceeded', 1: u'DeviceQueryStopFailed', 2: u'DeviceFailedGetNewResourceRequirement', 3: u'DeviceInUnexpectedState', 4: u'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x58, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  'wil_details_VariantProperties' : [ 0x4, {
+    'enabledState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'isVariant' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'queuedForReporting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'hasNotificationState' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'recordedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'variant' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 13, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_HEAP_POOL_NODE' : [ 0x20c0, {
+    'Heaps' : [ 0x0, ['array', 4, ['pointer64', ['_SEGMENT_HEAP']]]],
+    'Lookasides' : [ 0x40, ['array', 2, ['_RTL_DYNAMIC_LOOKASIDE']]],
+} ],
+  '_HMAP_ENTRY' : [ 0x18, {
+    'BlockOffset' : [ 0x0, ['unsigned long long']],
+    'PermanentBinAddress' : [ 0x8, ['unsigned long long']],
+    'MemAlloc' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_2d43' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x1c0, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x58, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x68, ['array', 3, ['__unnamed_2d43']]],
+    'WakeAlarmPaused' : [ 0xb0, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb8, ['unsigned long long']],
+    'DozeDeferralStartTime' : [ 0xc0, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc8, ['SYSTEM_POWER_CAPABILITIES']],
+    'WatchdogDpc' : [ 0x118, ['_KDPC']],
+    'WatchdogTimer' : [ 0x158, ['_KTIMER']],
+    'WatchdogInitialized' : [ 0x198, ['unsigned char']],
+    'WatchdogState' : [ 0x19c, ['Enumeration', dict(target = 'long', choices = {0: u'PopPowerActionWatchdogStateDisabled', 1: u'PopPowerActionWatchdogStateTransitioning', 2: u'PopPowerActionWatchdogStateResuming', 3: u'PopPowerActionWatchdogStateMax'})]],
+    'WatchdogStartTime' : [ 0x1a0, ['unsigned long long']],
+    'ActionWorkerThread' : [ 0x1a8, ['pointer64', ['_KTHREAD']]],
+    'PromoteActionWorkerThread' : [ 0x1b0, ['pointer64', ['_KTHREAD']]],
+    'UnlockAfterSleepWorkerThread' : [ 0x1b8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_RELATION_LIST' : [ 0x10, {
+    'DeviceObjectList' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x8, ['unsigned char']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_ISR_THUNK' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x68, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x18, ['unsigned char']],
+    'ThreadPriorityStatic' : [ 0x19, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x1c, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x40, ['long']],
+    'Gate' : [ 0x48, ['_KGATE']],
+    'ThreadContext' : [ 0x60, ['pointer64', ['_MI_ZERO_THREAD_CONTEXT']]],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x50, {
+    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
+    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
+    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
+    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
+    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
+    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
+    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
+    'DripsWatchdogCallback' : [ 0x38, ['pointer64', ['void']]],
+    'DirectedPowerUpCallback' : [ 0x40, ['pointer64', ['void']]],
+    'DirectedPowerDownCallback' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x10, ['pointer64', ['void']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'SharedWaiters' : [ 0x20, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x28, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'ReservedWin64OnlyPointer' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x8, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_GIC' : [ 0x4, {
+    'LineNumber' : [ 0x0, ['unsigned long']],
+} ],
+  '_WAITING_IRP' : [ 0x40, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'Information' : [ 0x30, ['unsigned long']],
+    'BreakAllRH' : [ 0x34, ['unsigned char']],
+    'OplockBreakNotify' : [ 0x35, ['unsigned char']],
+    'FileObject' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_MI_DYNAMIC_BITMAP' : [ 0x48, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'MaximumSize' : [ 0x10, ['unsigned long long']],
+    'Hint' : [ 0x18, ['unsigned long long']],
+    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
+    'SizeTopDown' : [ 0x28, ['unsigned long long']],
+    'HintTopDown' : [ 0x30, ['unsigned long long']],
+    'BaseVaTopDown' : [ 0x38, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x90, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
+    'UnscaledTime' : [ 0x30, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x38, ['long long']],
+    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
+    'UserTimeLast' : [ 0x60, ['unsigned long']],
+    'KernelTimeLast' : [ 0x64, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x68, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x70, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x78, ['unsigned long long']],
+    'StallTime' : [ 0x80, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x88, ['unsigned char']],
+    'CounterDiscardsIdleTime' : [ 0x89, ['unsigned char']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
+    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'DiscardIdleTime' : [ 0x22, ['unsigned char']],
+    'Scaling' : [ 0x23, ['unsigned char']],
+    'Context' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'Hint' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_PEB64' : [ 0x7c8, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'SharedData' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'SparePointers' : [ 0x320, ['array', 4, ['unsigned long long']]],
+    'SpareUlongs' : [ 0x340, ['array', 5, ['unsigned long']]],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pUnused' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['LIST_ENTRY64']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['unsigned long long']]],
+    'TelemetryCoverageHeader' : [ 0x7a0, ['unsigned long long']],
+    'CloudFileFlags' : [ 0x7a8, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x7ac, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x7b0, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x7b1, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x7b8, ['unsigned long long']],
+    'LeapSecondFlags' : [ 0x7c0, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x7c0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x7c0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x7c4, ['unsigned long']],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned short']],
+    'Flags' : [ 0x5a, ['unsigned char']],
+    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
+    'SiloState' : [ 0x98, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  'wil_details_FeatureProperties' : [ 0x4, {
+    'enabledState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'isVariant' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'queuedForReporting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'hasNotificationState' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'usageCount' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 15, native_type='unsigned long')]],
+    'usageCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'reportedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'reportedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'reportedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'reportedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'recordedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'recordedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'recordedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'recordedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'opportunityCount' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 31, native_type='unsigned long')]],
+    'opportunityCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x1c8, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x30, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x50, ['unsigned long']],
+    'ClonedPageCount' : [ 0x58, ['unsigned long long']],
+    'CurrentMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x68, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x70, ['unsigned long long']],
+    'LoaderMdl' : [ 0x78, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x80, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x88, ['unsigned long long']],
+    'IoPages' : [ 0x90, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x98, ['unsigned long']],
+    'CurrentMcb' : [ 0xa0, ['pointer64', ['void']]],
+    'DumpStack' : [ 0xa8, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0xb0, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0xb8, ['unsigned long']],
+    'Status' : [ 0xbc, ['long']],
+    'GraphicsProc' : [ 0xc0, ['unsigned long']],
+    'MemoryImage' : [ 0xc8, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0xd8, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0xe0, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0xe8, ['pointer64', ['void']]],
+    'ResumeContext' : [ 0xf0, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0xf8, ['unsigned long']],
+    'SecurePages' : [ 0xfc, ['unsigned long']],
+    'ProcessorCount' : [ 0x100, ['unsigned long']],
+    'ProcessorContext' : [ 0x108, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0x110, ['pointer64', ['unsigned char']]],
+    'ProdConsSize' : [ 0x118, ['unsigned long']],
+    'MaxDataPages' : [ 0x11c, ['unsigned long']],
+    'ExtraBuffer' : [ 0x120, ['pointer64', ['void']]],
+    'ExtraBufferSize' : [ 0x128, ['unsigned long long']],
+    'ExtraMapVa' : [ 0x130, ['pointer64', ['void']]],
+    'BitlockerKeyPFN' : [ 0x138, ['unsigned long long']],
+    'IoInfo' : [ 0x140, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x1b0, ['pointer64', ['wchar']]],
+    'IoChecksumsSize' : [ 0x1b8, ['unsigned long long']],
+    'HardwareConfigurationSignature' : [ 0x1c0, ['unsigned long']],
+    'IumEnabled' : [ 0x1c4, ['unsigned char']],
+    'SecureBoot' : [ 0x1c5, ['unsigned char']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_MI_HUGE_SYSTEM_VIEW_HEAD' : [ 0x10, {
+    'ViewRoot' : [ 0x0, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['long']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2dd4' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_2dd4']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long long']],
+    'TotalCommitLimitMaximum' : [ 0x8, ['unsigned long long']],
+    'Popups' : [ 0x10, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x18, ['unsigned long long']],
+    'HighCommitThreshold' : [ 0x20, ['unsigned long long']],
+    'EventLock' : [ 0x28, ['unsigned long long']],
+    'SystemCommitReserve' : [ 0x30, ['unsigned long long']],
+    'OverCommit' : [ 0x40, ['unsigned long long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x58, {
+    'Sibling' : [ 0x0, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_SOURCE_CONFIGURATION_DD' : [ 0x20, {
+    'Initialize' : [ 0x0, ['pointer64', ['void']]],
+    'Uninitialize' : [ 0x8, ['pointer64', ['void']]],
+    'Ready' : [ 0x10, ['pointer64', ['void']]],
+    'Correct' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
+    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
+    'Code' : [ 0x20, ['unsigned long']],
+    'Parameter1' : [ 0x28, ['unsigned long long']],
+    'Parameter2' : [ 0x30, ['unsigned long long']],
+    'Parameter3' : [ 0x38, ['unsigned long long']],
+    'Parameter4' : [ 0x40, ['unsigned long long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'StackLimitHits' : [ 0x8038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
+    'TotalReleases' : [ 0x8048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
+    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
+    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8168, ['long']],
+    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'DebuggerStackLimits', 8: u'NmiStackLimits', 9: u'MachineCheckStackLimits', 10: u'ExceptionStackLimits', 11: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
+    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned long']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x50, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x8, ['long']],
+    'PrefetchSeekThreshold' : [ 0xc, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x30, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x34, ['unsigned long']],
+    'DelayPageFaults' : [ 0x38, ['long']],
+    'FileCompressionBoundary' : [ 0x3c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x40, ['unsigned char']],
+} ],
+  '__unnamed_2e1b' : [ 0x4, {
+    'EntryBecameEmpty' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'AllFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_SLAB_ALLOCATOR_CONTEXT' : [ 0x78, {
+    'AllocationsTree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x10, ['long']],
+    'SlabEntryHint' : [ 0x18, ['pointer64', ['_MI_SLAB_ALLOCATOR_ENTRY']]],
+    'FreePageCount' : [ 0x20, ['unsigned long long']],
+    'SlabEntryCount' : [ 0x28, ['unsigned long long']],
+    'Type' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'MiSlabAllocatorTypeSlatProtected', 1: u'MiSlabAllocatorTypeUnprotected', 2: u'MiSlabAllocatorTypeMax'})]],
+    'Protection' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'MiSlabAllocatorProtectionReadExecute', 1: u'MiSlabAllocatorProtectionReadOnly', 2: u'MiSlabAllocatorProtectionNoAccess', 3: u'MiSlabAllocatorProtectionReadWrite', 4: u'MiSlabAllocatorProtectionMax'})]],
+    'Flags' : [ 0x38, ['__unnamed_2e1b']],
+    'StandbyList' : [ 0x40, ['_MMPFNLIST']],
+    'LastReplenishTime' : [ 0x68, ['unsigned long long']],
+    'LastFailureTime' : [ 0x70, ['unsigned long long']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x90, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long long']],
+    'PfnDecayFreeSList' : [ 0x10, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x28, ['_KDPC']],
+    'PageHeatListSlist' : [ 0x70, ['_SLIST_HEADER']],
+    'PageHeatListDisableAllocation' : [ 0x80, ['long']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x8, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x150, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x108, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x20, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_PCI' : [ 0x10, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'PciSegmentNumber' : [ 0x0, ['unsigned short']],
+    'PhantomFunctionBits' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned short')]],
+    'BusRange' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DevicePathLength' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'StartBusNumber' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Bdf' : [ 0x4, ['unsigned short']],
+    'SubordinateBus' : [ 0x4, ['unsigned char']],
+    'SecondaryBus' : [ 0x5, ['unsigned char']],
+    'DevicePath' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x38, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long long']]],
+    'InitialInPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x10, ['pointer64', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x20, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'CommonPageCombineDomain' : [ 0x10, ['unsigned long long']],
+    'CommonCombineDomainAssigned' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_PTE_TRACKER' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x28, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0x18, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0x120, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
+    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x40, ['array', 2, ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x50, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x60, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x70, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x78, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x7c, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x80, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x84, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x88, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x8c, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x90, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0xa0, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0xb0, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0xc0, ['pointer64', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0xc8, ['unsigned long']],
+    'HybridPriority' : [ 0xc8, ['unsigned long']],
+    'PageFileNumber' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'Spare0' : [ 0xcc, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0xce, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0xce, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0xcf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0xcf, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0xd0, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0xd4, ['unsigned long']],
+    'PageHash' : [ 0xd8, ['pointer64', ['unsigned long']]],
+    'FileHandle' : [ 0xe0, ['pointer64', ['void']]],
+    'Lock' : [ 0xe8, ['unsigned long long']],
+    'LockOwner' : [ 0xf0, ['pointer64', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0xf8, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x100, ['pointer64', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x108, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x20, ['long']],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned short']],
+    'Flags' : [ 0x16, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x28, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ActiveZeroSpinLock' : [ 0x10, ['long']],
+    'ActiveZeroThreadTree' : [ 0x18, ['_RTL_AVL_TREE']],
+    'NumberOfLargePageListHeads' : [ 0x20, ['unsigned long']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x30, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x20, ['unsigned long']],
+    'ModuleSize' : [ 0x24, ['unsigned long']],
+    'Offset' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_2e75' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2e77' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2e75']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2e77']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x10, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x70, {
+    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x10, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
+    'RequestSize' : [ 0x28, ['unsigned long long']],
+    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x38, ['unsigned long long']],
+    'Buffer' : [ 0x40, ['pointer64', ['void']]],
+    'AsyncCapable' : [ 0x48, ['unsigned char']],
+    'BytesToRead' : [ 0x50, ['unsigned long long']],
+    'Pages' : [ 0x58, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x60, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x68, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x58, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'AppContainerNumber' : [ 0x30, ['unsigned long']],
+    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
+    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
+    'SecurityAttributes' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x8, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 62, native_type='unsigned long long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+    'Lock' : [ 0x0, ['long long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x18, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0x10, ['pointer64', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_DMA_IOMMU_INTERFACE' : [ 0x70, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'CreateDomain' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteDomain' : [ 0x10, ['pointer64', ['void']]],
+    'AttachDevice' : [ 0x18, ['pointer64', ['void']]],
+    'DetachDevice' : [ 0x20, ['pointer64', ['void']]],
+    'FlushDomain' : [ 0x28, ['pointer64', ['void']]],
+    'FlushDomainByVaList' : [ 0x30, ['pointer64', ['void']]],
+    'QueryInputMappings' : [ 0x38, ['pointer64', ['void']]],
+    'MapLogicalRange' : [ 0x40, ['pointer64', ['void']]],
+    'UnmapLogicalRange' : [ 0x48, ['pointer64', ['void']]],
+    'MapIdentityRange' : [ 0x50, ['pointer64', ['void']]],
+    'UnmapIdentityRange' : [ 0x58, ['pointer64', ['void']]],
+    'SetDeviceFaultReporting' : [ 0x60, ['pointer64', ['void']]],
+    'ConfigureDomain' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['unsigned long long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Pattern' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  '_HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS' : [ 0x10, {
+    'SmallPagesInUseWithinLarge' : [ 0x0, ['unsigned long long']],
+    'OpportunisticLargePageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2eea' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_2eea']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '__unnamed_2ef9' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_2efc' : [ 0x8, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x88, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x40, ['__unnamed_2ef9']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u4' : [ 0x78, ['__unnamed_2efc']],
+    'FileObject' : [ 0x80, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_CMSI_PROCESS_TUPLE' : [ 0x10, {
+    'ProcessHandle' : [ 0x0, ['pointer64', ['void']]],
+    'ProcessReference' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HEAP_FAILURE_INFORMATION' : [ 0x6d0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'StructureSize' : [ 0x4, ['unsigned long']],
+    'FailureType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'heap_failure_internal', 1: u'heap_failure_unknown', 2: u'heap_failure_generic', 3: u'heap_failure_entry_corruption', 4: u'heap_failure_multiple_entries_corruption', 5: u'heap_failure_virtual_block_corruption', 6: u'heap_failure_buffer_overrun', 7: u'heap_failure_buffer_underrun', 8: u'heap_failure_block_not_busy', 9: u'heap_failure_invalid_argument', 10: u'heap_failure_invalid_allocation_type', 11: u'heap_failure_usage_after_free', 12: u'heap_failure_cross_heap_operation', 13: u'heap_failure_freelists_corruption', 14: u'heap_failure_listentry_corruption', 15: u'heap_failure_lfh_bitmap_mismatch', 16: u'heap_failure_segment_lfh_bitmap_corruption', 17: u'heap_failure_segment_lfh_double_free', 18: u'heap_failure_vs_subsegment_corruption', 19: u'heap_failure_null_heap', 20: u'heap_failure_allocation_limit', 21: u'heap_failure_commit_limit', 22: u'heap_failure_invalid_va_mgr_query'})]],
+    'HeapAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Address' : [ 0x18, ['pointer64', ['void']]],
+    'Param1' : [ 0x20, ['pointer64', ['void']]],
+    'Param2' : [ 0x28, ['pointer64', ['void']]],
+    'Param3' : [ 0x30, ['pointer64', ['void']]],
+    'PreviousBlock' : [ 0x38, ['pointer64', ['void']]],
+    'NextBlock' : [ 0x40, ['pointer64', ['void']]],
+    'ExpectedDecodedEntry' : [ 0x48, ['_FAKE_HEAP_ENTRY']],
+    'StackTrace' : [ 0x58, ['array', 32, ['pointer64', ['void']]]],
+    'HeapMajorVersion' : [ 0x158, ['unsigned char']],
+    'HeapMinorVersion' : [ 0x159, ['unsigned char']],
+    'ExceptionRecord' : [ 0x160, ['_EXCEPTION_RECORD']],
+    'ContextRecord' : [ 0x200, ['_CONTEXT']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x88, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
+    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
+    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsFlags' : [ 0x50, ['unsigned long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x120, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ChpeImage' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x90, ['pointer64', ['void']]],
+    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0xb0, ['pointer64', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
+    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
+    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0xf8, ['unsigned long long']],
+    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
+    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', 7: u'LoadReasonEnclavePrimary', 8: u'LoadReasonEnclaveDependency', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
+    'ReferenceCount' : [ 0x114, ['unsigned long']],
+    'DependentLoadFlags' : [ 0x118, ['unsigned long']],
+    'SigningLevel' : [ 0x11c, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x18, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2f30' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2f32' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_2f34' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_2f30']],
+    'e2' : [ 0x0, ['__unnamed_2f32']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_2f34']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x2c0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x58, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0xb0, ['unsigned long long']],
+    'NumberOfMappedMdlsInUse' : [ 0xb8, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0xbc, ['unsigned long']],
+    'MappedFileHeader' : [ 0xc0, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0xe8, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0xe9, ['unsigned char']],
+    'ModwriterActive' : [ 0xea, ['unsigned char']],
+    'TransitionInserted' : [ 0xeb, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0xec, ['long']],
+    'LastMappedWriteError' : [ 0xf0, ['long']],
+    'MappedFileWriteSucceeded' : [ 0xf4, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0xf8, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xfc, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0x100, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0x118, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0x120, ['unsigned long long']],
+    'ModifiedPageWriterEvent' : [ 0x128, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0x140, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0x158, ['long']],
+    'WriteAllMappedPages' : [ 0x15c, ['long']],
+    'MappedPageWriterEvent' : [ 0x160, ['_KEVENT']],
+    'ModWriteData' : [ 0x178, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x1b8, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x1d0, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x1f8, ['pointer64', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x200, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x208, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x228, ['unsigned long']],
+    'ClusterRestrictionLock' : [ 0x22c, ['long']],
+    'ClusterRestrictions' : [ 0x230, ['array', 2, ['_MI_RESTRICTED_MODWRITES']]],
+    'NotifyStoreMemoryConditions' : [ 0x238, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x250, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x254, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x258, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x260, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x280, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x288, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x2a8, ['long']],
+    'WorkingSetSwapLock' : [ 0x2b0, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x2b8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer64', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x10, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x8, ['long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_EXTENT_DELETION_WAIT_BLOCK' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_EXTENT_DELETION_WAIT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+} ],
+  '_HAL_INTEL_ENLIGHTENMENT_INFORMATION' : [ 0x1e0, {
+    'Enlightenments' : [ 0x0, ['unsigned long']],
+    'HypervisorConnected' : [ 0x4, ['unsigned long']],
+    'EndOfInterrupt' : [ 0x8, ['pointer64', ['void']]],
+    'ApicWriteIcr' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved0' : [ 0x18, ['unsigned long']],
+    'SpinCountMask' : [ 0x1c, ['unsigned long']],
+    'LongSpinWait' : [ 0x20, ['pointer64', ['void']]],
+    'GetReferenceTime' : [ 0x28, ['pointer64', ['void']]],
+    'SetSystemSleepProperty' : [ 0x30, ['pointer64', ['void']]],
+    'EnterSleepState' : [ 0x38, ['pointer64', ['void']]],
+    'NotifyDebugDeviceAvailable' : [ 0x40, ['pointer64', ['void']]],
+    'MapDeviceInterrupt' : [ 0x48, ['pointer64', ['void']]],
+    'UnmapDeviceInterrupt' : [ 0x50, ['pointer64', ['void']]],
+    'RetargetDeviceInterrupt' : [ 0x58, ['pointer64', ['void']]],
+    'SetHpetConfig' : [ 0x60, ['pointer64', ['void']]],
+    'NotifyHpetEnabled' : [ 0x68, ['pointer64', ['void']]],
+    'QueryAssociatedProcessors' : [ 0x70, ['pointer64', ['void']]],
+    'ReadMultipleMsr' : [ 0x78, ['pointer64', ['void']]],
+    'WriteMultipleMsr' : [ 0x80, ['pointer64', ['void']]],
+    'ReadCpuid' : [ 0x88, ['pointer64', ['void']]],
+    'LpWritebackInvalidate' : [ 0x90, ['pointer64', ['void']]],
+    'GetMachineCheckContext' : [ 0x98, ['pointer64', ['void']]],
+    'SuspendPartition' : [ 0xa0, ['pointer64', ['void']]],
+    'ResumePartition' : [ 0xa8, ['pointer64', ['void']]],
+    'SetSystemMachineCheckProperty' : [ 0xb0, ['pointer64', ['void']]],
+    'WheaErrorNotification' : [ 0xb8, ['pointer64', ['void']]],
+    'GetProcessorIndexFromVpIndex' : [ 0xc0, ['pointer64', ['void']]],
+    'SyntheticClusterIpi' : [ 0xc8, ['pointer64', ['void']]],
+    'VpStartEnabled' : [ 0xd0, ['pointer64', ['void']]],
+    'StartVirtualProcessor' : [ 0xd8, ['pointer64', ['void']]],
+    'GetVpIndexFromApicId' : [ 0xe0, ['pointer64', ['void']]],
+    'IumAccessPciDevice' : [ 0xe8, ['pointer64', ['void']]],
+    'IumEfiRuntimeService' : [ 0xf0, ['pointer64', ['void']]],
+    'SvmGetSystemCapabilities' : [ 0xf8, ['pointer64', ['void']]],
+    'SvmGetDeviceCapabilities' : [ 0x100, ['pointer64', ['void']]],
+    'SvmCreatePasidSpace' : [ 0x108, ['pointer64', ['void']]],
+    'SvmSetPasidAddressSpace' : [ 0x110, ['pointer64', ['void']]],
+    'SvmFlushPasid' : [ 0x118, ['pointer64', ['void']]],
+    'SvmAttachPasidSpace' : [ 0x120, ['pointer64', ['void']]],
+    'SvmDetachPasidSpace' : [ 0x128, ['pointer64', ['void']]],
+    'SvmEnablePasid' : [ 0x130, ['pointer64', ['void']]],
+    'SvmDisablePasid' : [ 0x138, ['pointer64', ['void']]],
+    'SvmAcknowledgePageRequest' : [ 0x140, ['pointer64', ['void']]],
+    'SvmCreatePrQueue' : [ 0x148, ['pointer64', ['void']]],
+    'SvmDeletePrQueue' : [ 0x150, ['pointer64', ['void']]],
+    'SvmClearPrqStalled' : [ 0x158, ['pointer64', ['void']]],
+    'SvmSetDeviceEnabled' : [ 0x160, ['pointer64', ['void']]],
+    'HvDebuggerPowerHandler' : [ 0x168, ['pointer64', ['void']]],
+    'SetQpcBias' : [ 0x170, ['pointer64', ['void']]],
+    'GetQpcBias' : [ 0x178, ['pointer64', ['void']]],
+    'RegisterDeviceId' : [ 0x180, ['pointer64', ['void']]],
+    'UnregisterDeviceId' : [ 0x188, ['pointer64', ['void']]],
+    'AllocateDeviceDomain' : [ 0x190, ['pointer64', ['void']]],
+    'AttachDeviceDomain' : [ 0x198, ['pointer64', ['void']]],
+    'DetachDeviceDomain' : [ 0x1a0, ['pointer64', ['void']]],
+    'DeleteDeviceDomain' : [ 0x1a8, ['pointer64', ['void']]],
+    'MapDeviceLogicalRange' : [ 0x1b0, ['pointer64', ['void']]],
+    'UnmapDeviceLogicalRange' : [ 0x1b8, ['pointer64', ['void']]],
+    'MapDeviceSparsePages' : [ 0x1c0, ['pointer64', ['void']]],
+    'UnmapDeviceSparsePages' : [ 0x1c8, ['pointer64', ['void']]],
+    'GetDmaGuardEnabled' : [ 0x1d0, ['pointer64', ['void']]],
+    'UpdateMicrocode' : [ 0x1d8, ['pointer64', ['void']]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0xe0, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned char']],
+    'DripsRequiredState' : [ 0xc, ['unsigned long']],
+    'Level' : [ 0x10, ['long']],
+    'ActiveStamp' : [ 0x18, ['long long']],
+    'CsActiveTimeAccounting' : [ 0x20, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+    'CsCriticalActiveTimeAccounting' : [ 0x80, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_DOMAIN_CONFIGURATION' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DomainConfigurationArm64', 1: u'DomainConfigurationInvalid'})]],
+    'Arm64' : [ 0x8, ['_DOMAIN_CONFIGURATION_ARM64']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+} ],
+  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
+    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
+    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'SizeOfTable' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x50, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer64', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_POP_FX_DEVICE_DIRECTED_TRANSITION_STATE' : [ 0x10, {
+    'CompletionContext' : [ 0x0, ['pointer64', ['void']]],
+    'CompletionStatus' : [ 0x8, ['long']],
+    'DIrpPending' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DIrpCompleted' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MI_FREE_LARGE_PAGE_LIST' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x1b8, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x60, ['long']],
+    'ActiveEvent' : [ 0x68, ['_KEVENT']],
+    'IdleLock' : [ 0x80, ['unsigned long long']],
+    'IdleConditionComplete' : [ 0x88, ['long']],
+    'IdleStateComplete' : [ 0x8c, ['long']],
+    'IdleStamp' : [ 0x90, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x98, ['unsigned long']],
+    'IdleStateCount' : [ 0x9c, ['unsigned long']],
+    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
+    'ProviderCount' : [ 0xac, ['unsigned long']],
+    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
+    'DependentCount' : [ 0xbc, ['unsigned long']],
+    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0x1a8, ['pointer64', ['_POP_FX_PERF_INFO']]],
+    'PowerProfile' : [ 0x1b0, ['pointer64', ['_POP_COMPONENT_POWER_PROFILE']]],
+} ],
+  '_DYNAMIC_FUNCTION_TABLE' : [ 0x70, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
+    'MinimumAddress' : [ 0x20, ['unsigned long long']],
+    'MaximumAddress' : [ 0x28, ['unsigned long long']],
+    'BaseAddress' : [ 0x30, ['unsigned long long']],
+    'Callback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['wchar']]],
+    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'RF_SORTED', 1: u'RF_UNSORTED', 2: u'RF_CALLBACK', 3: u'RF_KERNEL_DYNAMIC'})]],
+    'EntryCount' : [ 0x54, ['unsigned long']],
+    'TreeNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x20, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '__unnamed_3033' : [ 0x10, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Arm' : [ 0x0, ['_ARM_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0x160, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OsLoaderSecurityVersion' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'EarlyLaunchListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'CoreDriverListHead' : [ 0x50, ['_LIST_ENTRY']],
+    'CoreExtensionsDriverListHead' : [ 0x60, ['_LIST_ENTRY']],
+    'TpmCoreDriverListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x80, ['unsigned long long']],
+    'Prcb' : [ 0x88, ['unsigned long long']],
+    'Process' : [ 0x90, ['unsigned long long']],
+    'Thread' : [ 0x98, ['unsigned long long']],
+    'KernelStackSize' : [ 0xa0, ['unsigned long']],
+    'RegistryLength' : [ 0xa4, ['unsigned long']],
+    'RegistryBase' : [ 0xa8, ['pointer64', ['void']]],
+    'ConfigurationRoot' : [ 0xb0, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0xb8, ['pointer64', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'NtBootPathName' : [ 0xc8, ['pointer64', ['unsigned char']]],
+    'NtHalPathName' : [ 0xd0, ['pointer64', ['unsigned char']]],
+    'LoadOptions' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'NlsData' : [ 0xe0, ['pointer64', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0xe8, ['pointer64', ['_ARC_DISK_INFORMATION']]],
+    'Extension' : [ 0xf0, ['pointer64', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0xf8, ['__unnamed_3033']],
+    'FirmwareInformation' : [ 0x108, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+    'OsBootstatPathName' : [ 0x148, ['pointer64', ['unsigned char']]],
+    'ArcOSDataDeviceName' : [ 0x150, ['pointer64', ['unsigned char']]],
+    'ArcWindowsSysPartName' : [ 0x158, ['pointer64', ['unsigned char']]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_303b' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_303b']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x10, ['unsigned char']],
+    'Disowned' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0x12, ['unsigned char']],
+    'IsWaiting' : [ 0x13, ['unsigned char']],
+    'LockAddress' : [ 0x18, ['pointer64', ['void']]],
+    'ThreadAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SublistHead' : [ 0x28, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0xa0, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long long']],
+    'AllocatedNonPagedPool' : [ 0x8, ['unsigned long long']],
+    'BadPoolHead' : [ 0x10, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x18, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x1c, ['unsigned char']],
+    'LowPagedPoolThreshold' : [ 0x20, ['unsigned long long']],
+    'HighPagedPoolThreshold' : [ 0x28, ['unsigned long long']],
+    'PermittedFaultsLock' : [ 0x30, ['long']],
+    'PermittedFaultsTree' : [ 0x38, ['_RTL_AVL_TREE']],
+    'PermittedFaultsInitialNode' : [ 0x40, ['array', 2, ['_MI_ACCESS_VIOLATION_RANGE']]],
+    'TotalPagedPoolQuota' : [ 0x90, ['unsigned long long']],
+    'TotalNonPagedPoolQuota' : [ 0x98, ['unsigned long long']],
+} ],
+  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
+    'BeginAddress' : [ 0x0, ['unsigned long']],
+    'EndAddress' : [ 0x4, ['unsigned long']],
+    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
+    'UnwindData' : [ 0x8, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'ConnectLock' : [ 0x8, ['_KEVENT']],
+    'LineMasked' : [ 0x20, ['unsigned char']],
+    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0x18, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x8, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_WNF_SCOPE_MAP_ENTRY' : [ 0x18, {
+    'MapEntryLock' : [ 0x0, ['_WNF_LOCK']],
+    'MapEntryHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0x1c0, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaHintIndex' : [ 0x4, ['unsigned long']],
+    'NumaLastRangeIndexInclusive' : [ 0x8, ['unsigned long']],
+    'NumaTableCaptured' : [ 0xc, ['unsigned char']],
+    'NodeShift' : [ 0xd, ['unsigned char']],
+    'ChannelShift' : [ 0xe, ['unsigned char']],
+    'NodeGraph' : [ 0x10, ['pointer64', ['_MI_NODE_NUMBER_ZERO_BASED']]],
+    'SystemNodeInformation' : [ 0x18, ['pointer64', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'TemporaryNumaRanges' : [ 0x20, ['array', 2, ['_HAL_NODE_RANGE']]],
+    'NumaMemoryRanges' : [ 0x40, ['pointer64', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x48, ['pointer64', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'NumaNodeLock' : [ 0x50, ['long']],
+    'SecondLevelCacheSize' : [ 0x54, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x58, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x5c, ['unsigned long']],
+    'ProcessorCachesFlushedOnPowerLoss' : [ 0x60, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x68, ['unsigned long long']],
+    'SecondaryColorMask' : [ 0x70, ['unsigned long']],
+    'SecondaryColors' : [ 0x74, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x78, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x7c, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x80, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x84, ['unsigned long']],
+    'InvalidPteMask' : [ 0xc0, ['unsigned long long']],
+    'LargePageColors' : [ 0x100, ['array', 3, ['unsigned long']]],
+    'FlushTbThreshold' : [ 0x110, ['unsigned long long']],
+    'OptimalZeroingAttribute' : [ 0x118, ['array', 4, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'MiNonCached', 1: u'MiCached', 2: u'MiWriteCombined', 3: u'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0x158, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x160, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'VsmKernelPageCount' : [ 0x180, ['unsigned long long']],
+    'EnclaveRegions' : [ 0x188, ['_RTL_AVL_TREE']],
+    'EnclaveMetadataPage' : [ 0x190, ['pointer64', ['void']]],
+    'EnclaveMetadataBitMap' : [ 0x198, ['pointer64', ['_RTL_BITMAP']]],
+    'EnclaveMetadataEntryLock' : [ 0x1a0, ['_EX_PUSH_LOCK']],
+    'EnclaveMetadataPageLock' : [ 0x1a8, ['long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x28, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0x18, ['unsigned char']],
+    'BlocksDrips' : [ 0x19, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x1c, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x20, ['pointer64', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_EX_PARTITION' : [ 0x20, {
+    'PartitionObject' : [ 0x0, ['pointer64', ['_EPARTITION']]],
+    'WorkQueues' : [ 0x8, ['pointer64', ['pointer64', ['pointer64', ['_EX_WORK_QUEUE']]]]],
+    'WorkQueueManagers' : [ 0x10, ['pointer64', ['pointer64', ['_EX_WORK_QUEUE_MANAGER']]]],
+    'QueueAllocationMask' : [ 0x18, ['long']],
+} ],
+  '__unnamed_3076' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_3076']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x118, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x100, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x108, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x110, ['unsigned long long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xc8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x38, ['unsigned long long']],
+    'ProbeRaises' : [ 0x40, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x84, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x8c, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x90, ['unsigned long']],
+    'CheckZeroCount' : [ 0x94, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x98, ['long']],
+    'BadPagesDetected' : [ 0x9c, ['long']],
+    'ScrubPasses' : [ 0xa0, ['long']],
+    'ScrubBadPagesFound' : [ 0xa4, ['long']],
+    'UserViewFailures' : [ 0xa8, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0xac, ['unsigned long']],
+    'UserAllocateFailures' : [ 0xb0, ['unsigned long']],
+    'UserAllocateCollisionFailures' : [ 0xb4, ['unsigned long']],
+    'ResavailFailures' : [ 0xb8, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xc0, ['unsigned char']],
+    'InitFailure' : [ 0xc1, ['unsigned char']],
+    'StopBadMaps' : [ 0xc2, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x2b0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_KPRCB']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0xc0, ['unsigned long long']],
+    'ProcessorCount' : [ 0xc8, ['unsigned long']],
+    'EfficiencyClass' : [ 0xcc, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0xcd, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0xce, ['unsigned char']],
+    'Hidden' : [ 0xcf, ['unsigned char']],
+    'Processors' : [ 0xd0, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0xd8, ['pointer64', ['void']]],
+    'TimeWindowHandler' : [ 0xe0, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0xe8, ['pointer64', ['void']]],
+    'BoostModeHandler' : [ 0xf0, ['pointer64', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0xf8, ['pointer64', ['void']]],
+    'AutonomousModeHandler' : [ 0x100, ['pointer64', ['void']]],
+    'ReinitializeHandler' : [ 0x108, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x110, ['pointer64', ['void']]],
+    'PerfControlHandler' : [ 0x118, ['pointer64', ['void']]],
+    'PerfControlHandlerHidden' : [ 0x120, ['pointer64', ['void']]],
+    'DomainPerfControlHandler' : [ 0x128, ['pointer64', ['void']]],
+    'MaxFrequency' : [ 0x130, ['unsigned long']],
+    'NominalFrequency' : [ 0x134, ['unsigned long']],
+    'MaxPercent' : [ 0x138, ['unsigned long']],
+    'MinPerfPercent' : [ 0x13c, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x140, ['unsigned long']],
+    'AdvertizedMaximumFrequency' : [ 0x144, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x148, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x150, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x158, ['unsigned char']],
+    'Coordination' : [ 0x159, ['unsigned char']],
+    'HardPlatformCap' : [ 0x15a, ['unsigned char']],
+    'AffinitizeControl' : [ 0x15b, ['unsigned char']],
+    'EfficientThrottle' : [ 0x15c, ['unsigned char']],
+    'AllowSchedulerDirectedPerfStates' : [ 0x15d, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x15e, ['unsigned char']],
+    'AutonomousMode' : [ 0x15f, ['unsigned char']],
+    'ProvideGuidance' : [ 0x160, ['unsigned char']],
+    'DesiredPercent' : [ 0x164, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x168, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x16c, ['unsigned char']],
+    'QosPolicies' : [ 0x170, ['array', 4, ['_PROC_PERF_QOS_CLASS_POLICY']]],
+    'QosDisableReasons' : [ 0x1e0, ['array', 4, ['unsigned long']]],
+    'QosEquivalencyMasks' : [ 0x1f0, ['array', 4, ['unsigned short']]],
+    'QosSupported' : [ 0x1f8, ['unsigned char']],
+    'SelectionGeneration' : [ 0x1fc, ['unsigned long']],
+    'QosSelection' : [ 0x200, ['array', 4, ['_PERF_CONTROL_STATE_SELECTION']]],
+    'PerfChangeTime' : [ 0x2a0, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x2a8, ['unsigned long']],
+    'Force' : [ 0x2ac, ['unsigned char']],
+    'Update' : [ 0x2ad, ['unsigned char']],
+    'Apply' : [ 0x2ae, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0xa8, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x8, ['unsigned long long']],
+    'DummyPagePfn' : [ 0x10, ['pointer64', ['_MMPFN']]],
+    'DummyPage' : [ 0x18, ['unsigned long long']],
+    'PageOfZeroes' : [ 0x20, ['unsigned long long']],
+    'ZeroMapping' : [ 0x28, ['pointer64', ['void']]],
+    'OnesMapping' : [ 0x30, ['pointer64', ['void']]],
+    'ZeroCrc' : [ 0x38, ['unsigned long long']],
+    'OnesCrc' : [ 0x40, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x48, ['array', 4, ['unsigned long long']]],
+    'PfnGapFrames' : [ 0x68, ['array', 4, ['unsigned long long']]],
+    'PageTableOfZeroes' : [ 0x88, ['unsigned long long']],
+    'PdeOfZeroes' : [ 0x90, ['_MMPTE']],
+    'PageTableOfOnes' : [ 0x98, ['unsigned long long']],
+    'PdeOfOnes' : [ 0xa0, ['_MMPTE']],
+} ],
+  '_HAL_HV_DMA_DOMAIN_INFO' : [ 0x8, {
+    'DomainId' : [ 0x0, ['unsigned long']],
+    'IsStage1' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x10, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+} ],
+  '_SUPPORTED_RANGES' : [ 0xc0, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Sorted' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'NoIO' : [ 0x4, ['unsigned long']],
+    'IO' : [ 0x8, ['_SUPPORTED_RANGE']],
+    'NoMemory' : [ 0x30, ['unsigned long']],
+    'Memory' : [ 0x38, ['_SUPPORTED_RANGE']],
+    'NoPrefetchMemory' : [ 0x60, ['unsigned long']],
+    'PrefetchMemory' : [ 0x68, ['_SUPPORTED_RANGE']],
+    'NoDma' : [ 0x90, ['unsigned long']],
+    'Dma' : [ 0x98, ['_SUPPORTED_RANGE']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DEVICE_OBJECT_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'TagCount' : [ 0x8, ['unsigned long']],
+    'OperationCode' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+    'Devices' : [ 0x10, ['array', 1, ['_DEVICE_OBJECT_LIST_ENTRY']]],
+} ],
+  '_DEBUG_TRANSPORT_DATA' : [ 0x8, {
+    'HwContextSize' : [ 0x0, ['unsigned long']],
+    'UseSerialFraming' : [ 0x4, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x5, ['unsigned char']],
+    'USBCoreId' : [ 0x6, ['unsigned char']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_HAL_HV_SVM_DEVICE_CAPABILITIES' : [ 0xc, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PciExecute' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 31, native_type='unsigned long')]],
+    'OverflowPossible' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'PasidCount' : [ 0x4, ['unsigned long']],
+    'IommuIndex' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Lock' : [ 0x20, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x38, ['pointer64', ['void']]],
+    'Enabled' : [ 0x40, ['unsigned char']],
+    'ActiveEngaged' : [ 0x41, ['unsigned char']],
+    'ThrottleLimit' : [ 0x42, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x43, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x48, ['pointer64', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Interface' : [ 0x58, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x10, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+    'PoolTagHash' : [ 0xa, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x148, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+    'UserPresencePredictionEnabled' : [ 0x140, ['unsigned long']],
+    'AirplaneModeEnabled' : [ 0x144, ['unsigned char']],
+    'BluetoothDeviceCharging' : [ 0x145, ['unsigned char']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_30c6' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_30c6']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_HAL_IOMMU_DISPATCH' : [ 0x98, {
+    'HalIommuSupportEnabled' : [ 0x0, ['pointer64', ['void']]],
+    'HalIommuGetConfiguration' : [ 0x8, ['pointer64', ['void']]],
+    'HalIommuGetLibraryContext' : [ 0x10, ['pointer64', ['void']]],
+    'HalIommuMapDevice' : [ 0x18, ['pointer64', ['void']]],
+    'HalIommuEnableDevicePasid' : [ 0x20, ['pointer64', ['void']]],
+    'HalIommuSetAddressSpace' : [ 0x28, ['pointer64', ['void']]],
+    'HalIommuDisableDevicePasid' : [ 0x30, ['pointer64', ['void']]],
+    'HalIommuUnmapDevice' : [ 0x38, ['pointer64', ['void']]],
+    'HalIommuFreeLibraryContext' : [ 0x40, ['pointer64', ['void']]],
+    'HalIommuFlushTb' : [ 0x48, ['pointer64', ['void']]],
+    'HalIommuFlushAllPasid' : [ 0x50, ['pointer64', ['void']]],
+    'HalIommuProcessPageRequestQueue' : [ 0x58, ['pointer64', ['void']]],
+    'HalIommuFaultRoutine' : [ 0x60, ['pointer64', ['void']]],
+    'HalIommuReferenceAsid' : [ 0x68, ['pointer64', ['void']]],
+    'HalIommuDereferenceAsid' : [ 0x70, ['pointer64', ['void']]],
+    'HalIommuServicePageFault' : [ 0x78, ['pointer64', ['void']]],
+    'HalIommuDevicePowerChange' : [ 0x80, ['pointer64', ['void']]],
+    'HalIommuBeginDeviceReset' : [ 0x88, ['pointer64', ['void']]],
+    'HalIommuFinalizeDeviceReset' : [ 0x90, ['pointer64', ['void']]],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0xb0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Timer' : [ 0x10, ['_KTIMER']],
+    'Dpc' : [ 0x50, ['_KDPC']],
+    'WorkOrder' : [ 0x90, ['pointer64', ['_POP_FX_WORK_ORDER']]],
+    'CurrentWorkInfo' : [ 0x98, ['pointer64', ['_PEP_WORK_INFORMATION']]],
+    'WatchdogStart' : [ 0xa0, ['unsigned long long']],
+    'WorkerThread' : [ 0xa8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '__unnamed_30fa' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_30fa']],
+} ],
+  '__unnamed_30fe' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_3102' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_3104' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_3106' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_3108' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_310a' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_310c' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_310e' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_3110' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_3112' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_3114' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_3116' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_30fe']],
+    'Memory' : [ 0x0, ['__unnamed_30fe']],
+    'Interrupt' : [ 0x0, ['__unnamed_3102']],
+    'Dma' : [ 0x0, ['__unnamed_3104']],
+    'DmaV3' : [ 0x0, ['__unnamed_3106']],
+    'Generic' : [ 0x0, ['__unnamed_30fe']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_3108']],
+    'BusNumber' : [ 0x0, ['__unnamed_310a']],
+    'ConfigData' : [ 0x0, ['__unnamed_310c']],
+    'Memory40' : [ 0x0, ['__unnamed_310e']],
+    'Memory48' : [ 0x0, ['__unnamed_3110']],
+    'Memory64' : [ 0x0, ['__unnamed_3112']],
+    'Connection' : [ 0x0, ['__unnamed_3114']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_3116']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x50, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
+    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x30, ['unsigned short']],
+    'ReplyIndex' : [ 0x32, ['unsigned short']],
+    'Flags' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UseProtectedSlabAllocators' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UseUnprotectedSlabAllocators' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ZeroPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x60, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '__unnamed_3133' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_3135' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_3133']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_3135']],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '__unnamed_313f' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x108, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_313f']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
+    'ByteCount' : [ 0x88, ['unsigned long']],
+    'ChargedPages' : [ 0x8c, ['unsigned long']],
+    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'Partition' : [ 0xc0, ['pointer64', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xd0, ['_MDL']],
+    'Page' : [ 0x100, ['array', 1, ['unsigned long long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x20, ['unsigned char']],
+    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
+    'OplockState' : [ 0x90, ['unsigned long']],
+    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
+} ],
+  '_HAL_HV_SVM_SYSTEM_CAPABILITIES' : [ 0x18, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GpaAlwaysValid' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MaxPasidSpaceCount' : [ 0x4, ['unsigned long']],
+    'MaxPasidSpacePasidCount' : [ 0x8, ['unsigned long']],
+    'MaxPrqSize' : [ 0xc, ['unsigned long']],
+    'IommuCount' : [ 0x10, ['unsigned long']],
+    'MinIommuPasidCount' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_314a' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_314b' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_314a']],
+    'Merged' : [ 0x10, ['__unnamed_314b']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_314f' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_3151' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_3153' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_3155' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_3153']],
+    'Translated' : [ 0x0, ['__unnamed_3151']],
+} ],
+  '__unnamed_3157' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_3159' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_315b' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_315d' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_315f' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_3161' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_3163' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_3165' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_314f']],
+    'Port' : [ 0x0, ['__unnamed_314f']],
+    'Interrupt' : [ 0x0, ['__unnamed_3151']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_3155']],
+    'Memory' : [ 0x0, ['__unnamed_314f']],
+    'Dma' : [ 0x0, ['__unnamed_3157']],
+    'DmaV3' : [ 0x0, ['__unnamed_3159']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_3108']],
+    'BusNumber' : [ 0x0, ['__unnamed_315b']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_315d']],
+    'Memory40' : [ 0x0, ['__unnamed_315f']],
+    'Memory48' : [ 0x0, ['__unnamed_3161']],
+    'Memory64' : [ 0x0, ['__unnamed_3163']],
+    'Connection' : [ 0x0, ['__unnamed_3114']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_3165']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0xc80, {
+    'SessionWsList' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x10, ['pointer64', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x18, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x30, ['unsigned long long']],
+    'SizeOfPagedPoolInPages' : [ 0x38, ['unsigned long long']],
+    'SystemPteInfo' : [ 0x40, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0xa0, ['unsigned long long']],
+    'SmallNonPagedPtesCommit' : [ 0xa8, ['unsigned long long']],
+    'BootCommit' : [ 0xb0, ['unsigned long long']],
+    'MdlPagesAllocated' : [ 0xb8, ['unsigned long long']],
+    'SystemPageTableCommit' : [ 0xc0, ['unsigned long long']],
+    'ProcessCommit' : [ 0xc8, ['unsigned long long']],
+    'DriverCommit' : [ 0xd0, ['long']],
+    'PagingLevels' : [ 0xd4, ['unsigned char']],
+    'PfnDatabaseCommit' : [ 0xd8, ['unsigned long long']],
+    'SystemWs' : [ 0x100, ['array', 6, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x880, ['_MMSUPPORT_SHARED']],
+    'AggregateSystemWs' : [ 0x900, ['array', 1, ['_MMSUPPORT_AGGREGATION']]],
+    'MapCacheFailures' : [ 0x920, ['unsigned long']],
+    'PagefileHashPages' : [ 0x928, ['unsigned long long']],
+    'PteHeader' : [ 0x930, ['_SYSPTES_HEADER']],
+    'SystemVaTypeCount' : [ 0xa48, ['array', 15, ['unsigned long long']]],
+    'SystemVaType' : [ 0xac0, ['array', 256, ['unsigned char']]],
+    'SystemVaRegions' : [ 0xbc0, ['array', 12, ['_MI_SYSTEM_VA_ASSIGNMENT']]],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xf0, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+    'Xcr0' : [ 0xd8, ['unsigned long long']],
+    'MsrFsBase' : [ 0xe0, ['unsigned long long']],
+    'SpecialPadding0' : [ 0xe8, ['unsigned long long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x48, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x90, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x38, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long']],
+    'LargeViews' : [ 0x6c, ['unsigned long']],
+    'ProtosNode' : [ 0x70, ['_MI_PROTOTYPE_PTES_NODE']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x138, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastResponsivenessEvents' : [ 0x18, ['unsigned long']],
+    'LastPerfCheckSnap' : [ 0x20, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x78, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xd0, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x128, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x12c, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x130, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x132, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x133, ['unsigned char']],
+    'CurrentResponsivenessEvents' : [ 0x134, ['unsigned long']],
+} ],
+  '_MI_LARGEPAGE_VAD_INFO' : [ 0x18, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x8, ['unsigned long long']],
+    'ReferencedPartition' : [ 0x10, ['pointer64', ['_EPARTITION']]],
+} ],
+  '_MI_HARD_FAULT_STATE' : [ 0x10, {
+    'SwapPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'StoreFlags' : [ 0x8, ['_MI_STORE_INPAGE_COMPLETE_FLAGS']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_PEB32' : [ 0x480, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'SharedData' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'SparePointers' : [ 0x20c, ['array', 4, ['unsigned long']]],
+    'SpareUlongs' : [ 0x21c, ['array', 5, ['unsigned long']]],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pUnused' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['LIST_ENTRY32']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['unsigned long']]],
+    'TelemetryCoverageHeader' : [ 0x45c, ['unsigned long']],
+    'CloudFileFlags' : [ 0x460, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x464, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x468, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x469, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x470, ['unsigned long']],
+    'LeapSecondFlags' : [ 0x474, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x474, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x474, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x478, ['unsigned long']],
+} ],
+  '_POP_DEVICE_POWER_PROFILE' : [ 0x58, {
+    'DeviceId' : [ 0x0, ['_UNICODE_STRING']],
+    'PowerPlane' : [ 0x10, ['pointer64', ['_POP_POWER_PLANE']]],
+    'FxDevice' : [ 0x18, ['pointer64', ['_POP_FX_DEVICE']]],
+    'PowerDrawMw' : [ 0x20, ['long']],
+    'DxPower' : [ 0x24, ['array', 4, ['_PO_POWER_PLANE_PROFILE']]],
+    'ComponentCount' : [ 0x48, ['unsigned long long']],
+    'Components' : [ 0x50, ['pointer64', ['pointer64', ['_POP_COMPONENT_POWER_PROFILE']]]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1d8, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x1b0, ['_LIST_ENTRY']],
+    'Status' : [ 0x1c0, ['long']],
+    'FailedDevice' : [ 0x1c8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1d0, ['unsigned char']],
+    'Cancelled' : [ 0x1d1, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1d2, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1d3, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1d4, ['unsigned char']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x98, {
+    'FileName' : [ 0x0, ['pointer64', ['wchar']]],
+    'BaseName' : [ 0x8, ['pointer64', ['wchar']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['wchar']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+    'FilePath' : [ 0x88, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x180, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+    'Flags' : [ 0x178, ['unsigned long']],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'HitCount' : [ 0x18, ['unsigned long long']],
+    'LastActivationTime' : [ 0x20, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x28, ['unsigned long long']],
+    'CsActivationTime' : [ 0x30, ['unsigned long long']],
+    'CsActiveTime' : [ 0x38, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x38, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HAL_CLOCK_TIMER_CONFIGURATION' : [ 0x20, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'AlwaysOnTimer' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'HighLatency' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PerCpuTimer' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DynamicTickSupported' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'KnownType' : [ 0x4, ['unsigned long']],
+    'Capabilities' : [ 0x8, ['unsigned long']],
+    'MaxIncrement' : [ 0x10, ['unsigned long long']],
+    'MinIncrement' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_DEBUGID_TRACKING_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x10, ['unsigned char']],
+    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0x14, ['unsigned long']],
+    'DebugId' : [ 0x18, ['_CVDD']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'Event' : [ 0x18, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x48, {
+    'Parent' : [ 0x0, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x8, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x10, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0x18, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x20, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x50, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ControlAreaDeleteListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'UnusedSegmentDeleteListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'PagefileExtensionListHead' : [ 0x40, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_31dc' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x7c0, {
+    'FreeLargePages' : [ 0x0, ['array', 3, ['_MI_FREE_LARGE_PAGES']]],
+    'LargePageRebuildTimer' : [ 0x330, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'StandbyPageList' : [ 0x358, ['array', 4, ['array', 8, ['_MMPFNLIST_SHORT']]]],
+    'FreePageListHeadsBitmap' : [ 0x680, ['array', 2, ['_RTL_BITMAP']]],
+    'FreePageListHeadsBitmapBuffer' : [ 0x6a0, ['array', 16, ['unsigned long']]],
+    'FreeCount' : [ 0x6e0, ['array', 2, ['unsigned long long']]],
+    'TotalPages' : [ 0x6f0, ['array', 4, ['unsigned long long']]],
+    'TotalPagesEntireNode' : [ 0x710, ['unsigned long long']],
+    'CurrentHugeRangeColor' : [ 0x718, ['unsigned long']],
+    'HugeIoRangeFreeCount' : [ 0x720, ['array', 2, ['unsigned long long']]],
+    'MmShiftedColor' : [ 0x730, ['unsigned long']],
+    'Color' : [ 0x734, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x738, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'Flags' : [ 0x778, ['__unnamed_31dc']],
+    'NodeLock' : [ 0x780, ['_EX_PUSH_LOCK']],
+    'ZeroThreadHugeMapLock' : [ 0x788, ['unsigned long long']],
+    'LargeListMoveInProgress' : [ 0x790, ['unsigned char']],
+    'ChannelStatus' : [ 0x791, ['unsigned char']],
+    'ChannelOrdering' : [ 0x792, ['array', 4, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x796, ['array', 4, ['unsigned char']]],
+    'PowerAttribute' : [ 0x79a, ['array', 4, ['unsigned char']]],
+    'LargePageLock' : [ 0x7a0, ['unsigned long long']],
+    'PageColorTable' : [ 0x7a8, ['_MI_PAGE_COLORS']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION' : [ 0xc0, {
+    'ValidBits' : [ 0x0, ['_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS']],
+    'ProcessorType' : [ 0x8, ['unsigned char']],
+    'InstructionSet' : [ 0x9, ['unsigned char']],
+    'ErrorType' : [ 0xa, ['unsigned char']],
+    'Operation' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned char']],
+    'Level' : [ 0xd, ['unsigned char']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'CPUVersion' : [ 0x10, ['unsigned long long']],
+    'CPUBrandString' : [ 0x18, ['array', 128, ['unsigned char']]],
+    'ProcessorId' : [ 0x98, ['unsigned long long']],
+    'TargetAddress' : [ 0xa0, ['unsigned long long']],
+    'RequesterId' : [ 0xa8, ['unsigned long long']],
+    'ResponderId' : [ 0xb0, ['unsigned long long']],
+    'InstructionPointer' : [ 0xb8, ['unsigned long long']],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['long']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DeviceNode' : [ 0x30, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_DOMAIN_CONFIGURATION_ARM64' : [ 0x20, {
+    'Ttbr0' : [ 0x0, ['_LARGE_INTEGER']],
+    'Ttbr1' : [ 0x8, ['_LARGE_INTEGER']],
+    'Mair0' : [ 0x10, ['unsigned long']],
+    'Mair1' : [ 0x14, ['unsigned long']],
+    'InputSize0' : [ 0x18, ['unsigned char']],
+    'InputSize1' : [ 0x19, ['unsigned char']],
+    'CoherentTableWalks' : [ 0x1a, ['unsigned char']],
+    'TranslationEnabled' : [ 0x1b, ['unsigned char']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0xb0, {
+    'CachedKernelStacks' : [ 0x0, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'DynamicBitMapNonPagedPool' : [ 0x40, ['_MI_DYNAMIC_BITMAP']],
+    'CachedNonPagedPoolCount' : [ 0x88, ['unsigned long long']],
+    'NonPagedPoolSpinLock' : [ 0x90, ['unsigned long long']],
+    'CachedNonPagedPool' : [ 0x98, ['pointer64', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0xa0, ['pointer64', ['void']]],
+    'NonPagedPoolLastVa' : [ 0xa8, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_QOS_CLASS_POLICY' : [ 0x1c, {
+    'MaxPolicyPercent' : [ 0x0, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x4, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x8, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0xc, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x10, ['unsigned long']],
+    'ProvideGuidance' : [ 0x14, ['unsigned char']],
+    'AllowThrottling' : [ 0x15, ['unsigned char']],
+    'PerfBoostMode' : [ 0x16, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x17, ['unsigned char']],
+    'TrackDesiredCrossClass' : [ 0x18, ['unsigned char']],
+} ],
+  '_MI_NODE_NUMBER_ZERO_BASED' : [ 0x4, {
+    'ZeroBased' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long long']],
+    'BadPagesDetected' : [ 0x8, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
+    'ScrubPasses' : [ 0x10, ['long']],
+    'ScrubBadPagesFound' : [ 0x14, ['long']],
+    'PageHashErrors' : [ 0x18, ['unsigned long']],
+    'FeatureBits' : [ 0x20, ['unsigned long long']],
+    'TimeZoneId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_POP_COMPONENT_POWER_PROFILE' : [ 0x28, {
+    'ComponentGuid' : [ 0x0, ['_GUID']],
+    'Device' : [ 0x10, ['pointer64', ['_POP_DEVICE_POWER_PROFILE']]],
+    'FxCount' : [ 0x18, ['unsigned long long']],
+    'FxPower' : [ 0x20, ['array', 1, ['_PO_POWER_PLANE_PROFILE']]],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x28, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x20, ['unsigned char']],
+    'RebuildActive' : [ 0x21, ['unsigned char']],
+    'NextPassDelta' : [ 0x22, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x23, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x68, {
+    'IoPfnLock' : [ 0x0, ['long']],
+    'IoPfnRoot' : [ 0x8, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x20, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x30, ['unsigned long']],
+    'IoCacheStats' : [ 0x38, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x60, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '__unnamed_322f' : [ 0x10, {
+    'CodeBase' : [ 0x0, ['pointer64', ['void']]],
+    'CodeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0xdd0, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x18, ['pointer64', ['void']]],
+    'EmInfFileSize' : [ 0x20, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x28, ['pointer64', ['void']]],
+    'HeadlessLoaderBlock' : [ 0x30, ['pointer64', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x38, ['pointer64', ['_SMBIOS3_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x40, ['pointer64', ['void']]],
+    'DrvDBSize' : [ 0x48, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x50, ['pointer64', ['_NETWORK_LOADER_BLOCK']]],
+    'FirmwareDescriptorListHead' : [ 0x58, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x68, ['pointer64', ['void']]],
+    'AcpiTableSize' : [ 0x70, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardStrongCodeGuarantees' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SidSharingDisabled' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'TpmInitialized' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'VsmConfigured' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IumEnabled' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'IsSmbboot' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BootLogEnabled' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DriverVerifierEnabled' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SuppressMonitorX' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Unused' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 21, native_type='unsigned long')]],
+    'FeatureSimulations' : [ 0x74, ['BitField', dict(start_bit = 21, end_bit = 27, native_type='unsigned long')]],
+    'MicrocodeSelfHosting' : [ 0x74, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'XhciLegacyHandoffSkip' : [ 0x74, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisableInsiderOptInHVCI' : [ 0x74, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'MicrocodeMinVerSupported' : [ 0x74, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'GpuIommuEnabled' : [ 0x74, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x78, ['_LOADER_PERFORMANCE_DATA']],
+    'BootApplicationPersistentData' : [ 0xd8, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0xe8, ['pointer64', ['void']]],
+    'BootIdentifier' : [ 0xf0, ['_GUID']],
+    'ResumePages' : [ 0x100, ['unsigned long']],
+    'DumpHeader' : [ 0x108, ['pointer64', ['void']]],
+    'BgContext' : [ 0x110, ['pointer64', ['void']]],
+    'NumaLocalityInfo' : [ 0x118, ['pointer64', ['void']]],
+    'NumaGroupAssignment' : [ 0x120, ['pointer64', ['void']]],
+    'AttachedHives' : [ 0x128, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0x138, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0x140, ['pointer64', ['void']]],
+    'BootEntropyResult' : [ 0x148, ['_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0x9b0, ['unsigned long long']],
+    'HypervisorExtension' : [ 0x9b8, ['_LOADER_PARAMETER_HYPERVISOR_EXTENSION']],
+    'HardwareConfigurationId' : [ 0x9f8, ['_GUID']],
+    'HalExtensionModuleList' : [ 0xa08, ['_LIST_ENTRY']],
+    'SystemTime' : [ 0xa18, ['_LARGE_INTEGER']],
+    'TimeStampAtSystemTimeRead' : [ 0xa20, ['unsigned long long']],
+    'BootFlags' : [ 0xa28, ['unsigned long long']],
+    'DbgMenuOsSelection' : [ 0xa28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgHiberBoot' : [ 0xa28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgSoftRestart' : [ 0xa28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'DbgMeasuredLaunch' : [ 0xa28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'InternalBootFlags' : [ 0xa30, ['unsigned long long']],
+    'DbgUtcBootTime' : [ 0xa30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgRtcBootTime' : [ 0xa30, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgNoLegacyServices' : [ 0xa30, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WfsFPData' : [ 0xa38, ['pointer64', ['void']]],
+    'WfsFPDataSize' : [ 0xa40, ['unsigned long']],
+    'BugcheckParameters' : [ 0xa48, ['_LOADER_BUGCHECK_PARAMETERS']],
+    'ApiSetSchema' : [ 0xa70, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0xa78, ['unsigned long']],
+    'ApiSetSchemaExtensions' : [ 0xa80, ['_LIST_ENTRY']],
+    'AcpiBiosVersion' : [ 0xa90, ['_UNICODE_STRING']],
+    'SmbiosVersion' : [ 0xaa0, ['_UNICODE_STRING']],
+    'EfiVersion' : [ 0xab0, ['_UNICODE_STRING']],
+    'KdDebugDevice' : [ 0xac0, ['pointer64', ['_DEBUG_DEVICE_DESCRIPTOR']]],
+    'OfflineCrashdumpConfigurationTable' : [ 0xac8, ['_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2']],
+    'ManufacturingProfile' : [ 0xae8, ['_UNICODE_STRING']],
+    'BbtBuffer' : [ 0xaf8, ['pointer64', ['void']]],
+    'XsaveAllowedFeatures' : [ 0xb00, ['unsigned long long']],
+    'XsaveFlags' : [ 0xb08, ['unsigned long']],
+    'BootOptions' : [ 0xb10, ['pointer64', ['void']]],
+    'IumEnablement' : [ 0xb18, ['unsigned long']],
+    'IumPolicy' : [ 0xb1c, ['unsigned long']],
+    'IumStatus' : [ 0xb20, ['long']],
+    'BootId' : [ 0xb24, ['unsigned long']],
+    'CodeIntegrityData' : [ 0xb28, ['pointer64', ['_LOADER_PARAMETER_CI_EXTENSION']]],
+    'CodeIntegrityDataSize' : [ 0xb30, ['unsigned long']],
+    'SystemHiveRecoveryInfo' : [ 0xb34, ['_LOADER_HIVE_RECOVERY_INFO']],
+    'SoftRestartCount' : [ 0xb48, ['unsigned long']],
+    'SoftRestartTime' : [ 0xb50, ['long long']],
+    'HypercallCodeVa' : [ 0xb58, ['pointer64', ['void']]],
+    'HalVirtualAddress' : [ 0xb60, ['pointer64', ['void']]],
+    'HalNumberOfBytes' : [ 0xb68, ['unsigned long long']],
+    'LeapSecondData' : [ 0xb70, ['pointer64', ['_LEAP_SECOND_DATA']]],
+    'MajorRelease' : [ 0xb78, ['unsigned long']],
+    'Reserved1' : [ 0xb7c, ['unsigned long']],
+    'NtBuildLab' : [ 0xb80, ['array', 224, ['unsigned char']]],
+    'NtBuildLabEx' : [ 0xc60, ['array', 224, ['unsigned char']]],
+    'ResetReason' : [ 0xd40, ['_LOADER_RESET_REASON']],
+    'MaxPciBusNumber' : [ 0xd70, ['unsigned long']],
+    'FeatureSettings' : [ 0xd74, ['unsigned long']],
+    'HotPatchReserveSize' : [ 0xd78, ['unsigned long']],
+    'RetpolineReserveSize' : [ 0xd7c, ['unsigned long']],
+    'MiniExecutive' : [ 0xd80, ['__unnamed_322f']],
+    'VsmPerformanceData' : [ 0xd90, ['_VSM_PERFORMANCE_DATA']],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0x18, {
+    'AnsiCodePageData' : [ 0x0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0x8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x20, {
+    'CurrentCharges' : [ 0x0, ['unsigned long long']],
+    'ChargeFailures' : [ 0x8, ['unsigned long long']],
+    'ChargePeak' : [ 0x10, ['unsigned long long']],
+    'ChargeMinimum' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_323a' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x58, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ProtosNode' : [ 0x18, ['_MI_PROTOTYPE_PTES_NODE']],
+    'NumberOfPtes' : [ 0x38, ['unsigned long long']],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'Subsection' : [ 0x40, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x48, ['pointer64', ['_MMPTE']]],
+    'u2' : [ 0x50, ['__unnamed_323a']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_PEBS_DS_SAVE_AREA32' : [ 0x80, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long']],
+    'BtsIndex' : [ 0x4, ['unsigned long']],
+    'BtsAbsoluteMaximum' : [ 0x8, ['unsigned long']],
+    'BtsInterruptThreshold' : [ 0xc, ['unsigned long']],
+    'PebsBufferBase' : [ 0x10, ['unsigned long']],
+    'PebsIndex' : [ 0x14, ['unsigned long']],
+    'PebsAbsoluteMaximum' : [ 0x18, ['unsigned long']],
+    'PebsInterruptThreshold' : [ 0x1c, ['unsigned long']],
+    'PebsGpCounterReset' : [ 0x20, ['array', 8, ['unsigned long long']]],
+    'PebsFixedCounterReset' : [ 0x60, ['array', 4, ['unsigned long long']]],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x40, {
+    'PagesLoad' : [ 0x0, ['long long']],
+    'PagesAverage' : [ 0x8, ['unsigned long long']],
+    'AverageAvailablePages' : [ 0x10, ['unsigned long long']],
+    'PagesWritten' : [ 0x18, ['unsigned long long']],
+    'WritesIssued' : [ 0x20, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x24, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x28, ['unsigned long']],
+    'WriteBurstCount' : [ 0x2c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x30, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x38, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x3e, ['unsigned short']],
+} ],
+  '_MACHINE_FRAME' : [ 0x28, {
+    'Rip' : [ 0x0, ['unsigned long long']],
+    'SegCs' : [ 0x8, ['unsigned short']],
+    'Fill1' : [ 0xa, ['array', 3, ['unsigned short']]],
+    'EFlags' : [ 0x10, ['unsigned long']],
+    'Fill2' : [ 0x14, ['unsigned long']],
+    'Rsp' : [ 0x18, ['unsigned long long']],
+    'SegSs' : [ 0x20, ['unsigned short']],
+    'Fill3' : [ 0x22, ['array', 3, ['unsigned short']]],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_INFORMATION' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['_HAL_UNMASKED_INTERRUPT_FLAGS']],
+    'Mode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Gsiv' : [ 0x10, ['unsigned long']],
+    'PinNumber' : [ 0x14, ['unsigned short']],
+    'DeviceHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_FAKE_HEAP_ENTRY' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'PreviousSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x44, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'NoPageTablesAllowed' : [ 0x3c, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x40, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '_LOADER_BUGCHECK_PARAMETERS' : [ 0x28, {
+    'BugcheckCode' : [ 0x0, ['unsigned long']],
+    'BugcheckParameter1' : [ 0x8, ['unsigned long long']],
+    'BugcheckParameter2' : [ 0x10, ['unsigned long long']],
+    'BugcheckParameter3' : [ 0x18, ['unsigned long long']],
+    'BugcheckParameter4' : [ 0x20, ['unsigned long long']],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x3e0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long long']],
+    'HiberFlags' : [ 0x38, ['unsigned char']],
+    'spare' : [ 0x39, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'NoFreePages' : [ 0x48, ['unsigned long']],
+    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
+    'WakeCheck' : [ 0x50, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
+    'FirstSecureRestorePage' : [ 0x60, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x68, ['unsigned long long']],
+    'FirstKernelRestorePage' : [ 0x70, ['unsigned long long']],
+    'FirstChecksumRestorePage' : [ 0x78, ['unsigned long long']],
+    'NoChecksumEntries' : [ 0x80, ['unsigned long long']],
+    'PerfInfo' : [ 0x88, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x280, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x288, ['array', 1, ['unsigned long long']]],
+    'SpareUlong' : [ 0x290, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x294, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x298, ['array', 24, ['unsigned long long']]],
+    'NotUsed' : [ 0x358, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x35c, ['unsigned long']],
+    'ResumeContextPages' : [ 0x360, ['unsigned long']],
+    'Hiberboot' : [ 0x364, ['unsigned char']],
+    'SecureLaunched' : [ 0x365, ['unsigned char']],
+    'SecureBoot' : [ 0x366, ['unsigned char']],
+    'HvPageTableRoot' : [ 0x368, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x370, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x378, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x380, ['unsigned long long']],
+    'BootFlags' : [ 0x388, ['unsigned long long']],
+    'RestoreProcessorStateRoutine' : [ 0x390, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x398, ['unsigned long long']],
+    'BitlockerKeyPfns' : [ 0x3a0, ['array', 4, ['unsigned long long']]],
+    'HardwareSignature' : [ 0x3c0, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x3d0, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x3d4, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x3d5, ['unsigned char']],
+    'HiberResumeXhciHandoffSkip' : [ 0x3d6, ['unsigned char']],
+    'InitializeUSBCore' : [ 0x3d7, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x3d8, ['unsigned char']],
+    'USBCoreId' : [ 0x3d9, ['unsigned char']],
+    'SkipMemoryMapValidation' : [ 0x3da, ['unsigned char']],
+} ],
+  '_POP_FX_DRIPS_WATCHDOG_CONTEXT' : [ 0x28, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'ComponentIndex' : [ 0x10, ['unsigned long']],
+    'ChildDevices' : [ 0x18, ['pointer64', ['pointer64', ['_DEVICE_NODE']]]],
+    'ChildDeviceCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_SUPPORTED_RANGE' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_SUPPORTED_RANGE']]],
+    'SystemAddressSpace' : [ 0x8, ['unsigned long']],
+    'SystemBase' : [ 0x10, ['long long']],
+    'Base' : [ 0x18, ['long long']],
+    'Limit' : [ 0x20, ['long long']],
+} ],
+  '__unnamed_326d' : [ 0x8, {
+    'NumberOfEntries' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long long')]],
+    'Va' : [ 0x0, ['pointer64', ['void']]],
+    'VaLong' : [ 0x0, ['unsigned long long']],
+} ],
+  '_KTB_FLUSH_VA' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_326d']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x50, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0x18, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x1c, ['unsigned long']],
+    'LowestLink' : [ 0x20, ['unsigned long']],
+    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
+    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x48, ['unsigned long']],
+} ],
+  '_MI_PAGE_COLORS' : [ 0x10, {
+    'PageSize' : [ 0x0, ['array', 4, ['unsigned long']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x178, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
+    'StorageInfo' : [ 0x110, ['pointer64', ['void']]],
+    'UseStorageInfo' : [ 0x118, ['unsigned char']],
+    'PointersLength' : [ 0x11c, ['unsigned long']],
+    'ModulePrefix' : [ 0x120, ['pointer64', ['wchar']]],
+    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x138, ['_STRING']],
+    'ProgMsg' : [ 0x148, ['_STRING']],
+    'DoneMsg' : [ 0x158, ['_STRING']],
+    'FileObject' : [ 0x168, ['pointer64', ['void']]],
+    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay', 6: u'DeviceUsageTypeGuestAssigned'})]],
+} ],
+  '_PNP_WATCHDOG' : [ 0x110, {
+    'WatchdogStart' : [ 0x0, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x8, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'WatchdogEnabled' : [ 0x88, ['unsigned char']],
+    'WatchdogSecondChance' : [ 0x89, ['unsigned char']],
+    'WatchdogComplete' : [ 0x90, ['_KEVENT']],
+    'WatchdogWorkItem' : [ 0xa8, ['_WORK_QUEUE_ITEM']],
+    'WatchdogContextType' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {1: u'PNP_EVENT_WORKER_WATCHDOG', 2: u'PNP_DEVICE_COMPLETION_QUEUE_WATCHDOG', 3: u'PNP_DELAYED_REMOVE_WORKER_WATCHDOG'})]],
+    'WatchdogLock' : [ 0xd0, ['_FAST_MUTEX']],
+    'WatchdogContext' : [ 0x108, ['pointer64', ['void']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x10, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_FAULT_CONFIGURATION' : [ 0x10, {
+    'FaultHandler' : [ 0x0, ['pointer64', ['void']]],
+    'FaultContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x38, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0x18, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x520, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x508, ['unsigned long']],
+    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x510, ['unsigned long']],
+    'YieldCount' : [ 0x514, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x38, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_INPUT_MAPPING_ELEMENT' : [ 0x4, {
+    'InputMappingId' : [ 0x0, ['unsigned long']],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_32a3' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_32a5' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_32a7' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_32a9' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_32ab' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_32ad' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights', 13: u'PNP_VetoAlreadyRemoved'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_32af' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_32b1' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_32b3' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_32b5' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_32a3']],
+    'TargetDevice' : [ 0x0, ['__unnamed_32a5']],
+    'InstallDevice' : [ 0x0, ['__unnamed_32a5']],
+    'CustomNotification' : [ 0x0, ['__unnamed_32a7']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_32a9']],
+    'PowerNotification' : [ 0x0, ['__unnamed_32ab']],
+    'VetoNotification' : [ 0x0, ['__unnamed_32ad']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_32af']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_32b1']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_32b3']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_32a5']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_32a5']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_32b5']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ProcessorType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'InstructionSet' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Operation' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Flags' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Level' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'CPUVersion' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'CPUBrandString' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'ProcessorId' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'TargetAddress' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'InstructionPointer' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VSM_PERFORMANCE_DATA' : [ 0x40, {
+    'LaunchVsmMark' : [ 0x0, ['array', 8, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeviceDriver' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'AllStacksInUse' : [ 0x1c, ['unsigned long']],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0x10, {
+    'CommonDataArea' : [ 0x0, ['pointer64', ['void']]],
+    'MachineType' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_32ca' : [ 0x8, {
+    'Pch' : [ 0x0, ['unsigned char']],
+    'EmbeddedController' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 6, ['unsigned char']]],
+} ],
+  '__unnamed_32cc' : [ 0x8, {
+    'Component' : [ 0x0, ['__unnamed_32ca']],
+    'AsULONG64' : [ 0x0, ['unsigned long long']],
+    'AsBytes' : [ 0x0, ['array', 8, ['unsigned char']]],
+} ],
+  '_LOADER_RESET_REASON' : [ 0x30, {
+    'Supplied' : [ 0x0, ['unsigned char']],
+    'Basic' : [ 0x8, ['__unnamed_32cc']],
+    'AdditionalInfo' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'MpnId' : [ 0x8, ['unsigned short']],
+    'Node' : [ 0xa, ['unsigned short']],
+    'Channel' : [ 0xc, ['unsigned short']],
+    'IsPowerManageable' : [ 0xe, ['unsigned char']],
+    'DeepPowerState' : [ 0xf, ['unsigned char']],
+} ],
+  '_LOADER_HIVE_RECOVERY_INFO' : [ 0x14, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LegacyRecovery' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SoftRebootConflict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MostRecentLog' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'LogNextSequence' : [ 0x8, ['unsigned long']],
+    'LogMinimumSequence' : [ 0xc, ['unsigned long']],
+    'LogCurrentOffset' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_32dd' : [ 0x38, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x40, {
+    'FirmwareTypeUefi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EfiRuntimeUseIum' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EfiRuntimePageProtectionSupported' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_32dd']],
+} ],
+  '__unnamed_32e1' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Consumed' : [ 0x8, ['unsigned char']],
+    'ErrorCode' : [ 0xa, ['unsigned short']],
+    'ErrorIpValid' : [ 0xc, ['unsigned char']],
+    'RestartIpValid' : [ 0xd, ['unsigned char']],
+    'ClearPoison' : [ 0xe, ['unsigned char']],
+} ],
+  '__unnamed_32e3' : [ 0x8, {
+    'PmemErrInfo' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_RECOVERY_CONTEXT' : [ 0x20, {
+    'MemoryError' : [ 0x0, ['__unnamed_32e1']],
+    'PmemError' : [ 0x0, ['__unnamed_32e3']],
+    'PartitionId' : [ 0x10, ['unsigned long long']],
+    'VpIndex' : [ 0x18, ['unsigned long']],
+    'ErrorType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {1: u'WheaRecoveryContextErrorTypeMemory', 2: u'WheaRecoveryContextErrorTypePmem', 3: u'WheaRecoveryContextErrorTypeMax'})]],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x88, {
+    'Prcb' : [ 0x0, ['pointer64', ['_KPRCB']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'HiddenProcessor' : [ 0x10, ['unsigned char']],
+    'HiddenProcessorId' : [ 0x14, ['unsigned long']],
+    'PlatformCap' : [ 0x18, ['unsigned long']],
+    'ThermalCap' : [ 0x1c, ['unsigned long']],
+    'LimitReasons' : [ 0x20, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x28, ['unsigned long long']],
+    'ProcCap' : [ 0x30, ['unsigned long']],
+    'ProcFloor' : [ 0x34, ['unsigned long']],
+    'TargetPercent' : [ 0x38, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x3c, ['unsigned char']],
+    'ResponsivenessChangeCount' : [ 0x3d, ['unsigned char']],
+    'Selection' : [ 0x40, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x68, ['unsigned long']],
+    'PreviousFrequency' : [ 0x6c, ['unsigned long']],
+    'PreviousPercent' : [ 0x70, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x74, ['unsigned long']],
+    'Force' : [ 0x78, ['unsigned char']],
+    'UseQosUpdateLock' : [ 0x79, ['unsigned char']],
+    'QosUpdateLock' : [ 0x80, ['unsigned long long']],
+} ],
+  '_MI_ALIGNED_SLIST' : [ 0x40, {
+    'SList' : [ 0x0, ['_SLIST_HEADER']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x40, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'PciDeviceId' : [ 0x18, ['unsigned short']],
+    'PciVendorId' : [ 0x1a, ['unsigned short']],
+    'PciBusNumber' : [ 0x1c, ['unsigned char']],
+    'PciBusSegment' : [ 0x1e, ['unsigned short']],
+    'PciSlotNumber' : [ 0x20, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x21, ['unsigned char']],
+    'PciFlags' : [ 0x24, ['unsigned long']],
+    'SystemGUID' : [ 0x28, ['_GUID']],
+    'IsMMIODevice' : [ 0x38, ['unsigned char']],
+    'TerminalType' : [ 0x39, ['unsigned char']],
+    'InterfaceType' : [ 0x3a, ['unsigned char']],
+    'RegisterBitWidth' : [ 0x3b, ['unsigned char']],
+    'RegisterAccessSize' : [ 0x3c, ['unsigned char']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'RankNumber' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'CardHandle' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'ModuleHandle' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'ExtendedRow' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'BankGroup' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'BankAddress' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'ChipIdentification' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UserModeOnly' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoInherit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CheckVad' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x440, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
+    'ProcessGroupId' : [ 0x408, ['unsigned long']],
+    'LoaderThreads' : [ 0x40c, ['unsigned long']],
+    'RedirectionDllName' : [ 0x410, ['_UNICODE_STRING']],
+    'HeapPartitionName' : [ 0x420, ['_UNICODE_STRING']],
+    'DefaultThreadpoolCpuSetMasks' : [ 0x430, ['pointer64', ['unsigned long long']]],
+    'DefaultThreadpoolCpuSetMaskCount' : [ 0x438, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x28, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long long']],
+    'ActiveCacheMatch' : [ 0x8, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x14, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x1c, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_3307' : [ 0x4, {
+    'PasidMaxWidth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'PasidExePerm' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PasidPrivMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AtsPageAlignedRequest' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AtsGlobalInvalidate' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AtsInvalidateQueueDepth' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 14, native_type='unsigned long')]],
+} ],
+  '_IOMMU_SVM_CAPABILITIES' : [ 0xc, {
+    'AtsCapability' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PriCapability' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PasidCapability' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CapReg' : [ 0x4, ['__unnamed_3307']],
+    'Rsvd' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_3314' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_3316' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_3318' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_3314']],
+    'Gpt' : [ 0x0, ['__unnamed_3316']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
+    'HiberResume' : [ 0x6a, ['unsigned char']],
+    'Reserved1' : [ 0x6b, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_3318']],
+    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
+    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
+    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x38, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ActiveCooling' : [ 0x28, ['pointer64', ['void']]],
+    'PassiveCooling' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PEP_WORK_INFORMATION' : [ 0x40, {
+    'WorkType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepWorkActiveComplete', 1: u'PepWorkRequestIdleState', 2: u'PepWorkDevicePower', 3: u'PepWorkRequestPowerControl', 4: u'PepWorkDeviceIdle', 5: u'PepWorkCompleteIdleState', 6: u'PepWorkCompletePerfState', 7: u'PepWorkAcpiNotify', 8: u'PepWorkAcpiEvaluateControlMethodComplete', 9: u'PepWorkMax'})]],
+    'ActiveComplete' : [ 0x8, ['_PEP_WORK_ACTIVE_COMPLETE']],
+    'IdleState' : [ 0x8, ['_PEP_WORK_IDLE_STATE']],
+    'DevicePower' : [ 0x8, ['_PEP_WORK_DEVICE_POWER']],
+    'PowerControl' : [ 0x8, ['_PEP_WORK_POWER_CONTROL']],
+    'DeviceIdle' : [ 0x8, ['_PEP_WORK_DEVICE_IDLE']],
+    'CompleteIdleState' : [ 0x8, ['_PEP_WORK_COMPLETE_IDLE_STATE']],
+    'CompletePerfState' : [ 0x8, ['_PEP_WORK_COMPLETE_PERF_STATE']],
+    'AcpiNotify' : [ 0x8, ['_PEP_WORK_ACPI_NOTIFY']],
+    'ControlMethodComplete' : [ 0x8, ['_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0xa0, {
+    'Component' : [ 0x0, ['pointer64', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x8, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x30, ['pointer64', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x38, ['unsigned long']],
+    'LastChangeStamp' : [ 0x40, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x48, ['unsigned char']],
+    'PepRegistered' : [ 0x49, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x4a, ['unsigned char']],
+    'RequestDriverContext' : [ 0x50, ['pointer64', ['void']]],
+    'WorkOrder' : [ 0x58, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x90, ['unsigned long']],
+    'Sets' : [ 0x98, ['pointer64', ['_POP_FX_PERF_SET']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_MI_ACCESS_VIOLATION_RANGE' : [ 0x28, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Va' : [ 0x18, ['pointer64', ['void']]],
+    'EndVaInclusive' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE' : [ 0x28, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'CompletionFlags' : [ 0x8, ['unsigned long']],
+    'MethodStatus' : [ 0xc, ['long']],
+    'CompletionContext' : [ 0x10, ['pointer64', ['void']]],
+    'OutputArgumentSize' : [ 0x18, ['unsigned long long']],
+    'OutputArguments' : [ 0x20, ['pointer64', ['_ACPI_METHOD_ARGUMENT_V1']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'AttemptForCantExtend' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'UnusedSegmentDeletion' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileContract' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NoWait' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNLIST_SHORT' : [ 0x18, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Flink' : [ 0x8, ['unsigned long long']],
+    'Blink' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_RESTRICTED_MODWRITES' : [ 0x3, {
+    'MaximumClusterPages' : [ 0x0, ['unsigned char']],
+    'ReducedClusterWrites' : [ 0x1, ['unsigned char']],
+    'ImposeDelay' : [ 0x2, ['unsigned char']],
+} ],
+  '_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'AbnormalResetOccurred' : [ 0x4, ['unsigned long']],
+    'OfflineMemoryDumpCapable' : [ 0x8, ['unsigned long']],
+    'ResetDataAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'ResetDataSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_ACPI_METHOD_ARGUMENT_V1' : [ 0x8, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'DataLength' : [ 0x2, ['unsigned short']],
+    'Argument' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x4, ['array', 1, ['unsigned char']]],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_POP_FX_ACTIVE_TIME_ACCOUNTING' : [ 0x60, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Unattributed' : [ 0x8, ['unsigned long long']],
+    'Buckets' : [ 0x10, ['array', 5, ['unsigned long long']]],
+    'PerBucket' : [ 0x38, ['array', 5, ['unsigned long long']]],
+} ],
+  '_PEP_WORK_ACPI_NOTIFY' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'NotifyCode' : [ 0x8, ['unsigned long']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x28, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0x18, ['_RTL_BITMAP']],
+} ],
+  '_MI_SYSTEM_VA_ASSIGNMENT' : [ 0x10, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
+    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
+    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'CopyTicks' : [ 0x20, ['unsigned long long']],
+    'CompressTicks' : [ 0x28, ['unsigned long long']],
+    'BytesCopied' : [ 0x30, ['unsigned long long']],
+    'PagesProcessed' : [ 0x38, ['unsigned long long']],
+    'DecompressTicks' : [ 0x40, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x78, ['unsigned long']],
+    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
+} ],
+  '_ETW_APC_ENTRY' : [ 0x60, {
+    'SListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'Apc' : [ 0x0, ['_KAPC']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x28, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SystemClass', 1: u'ProcessorClass', 2: u'CacheClass', 3: u'AdapterClass', 4: u'ControllerClass', 5: u'PeripheralClass', 6: u'MemoryClass', 7: u'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ArcSystem', 1: u'CentralProcessor', 2: u'FloatingPointProcessor', 3: u'PrimaryIcache', 4: u'PrimaryDcache', 5: u'SecondaryIcache', 6: u'SecondaryDcache', 7: u'SecondaryCache', 8: u'EisaAdapter', 9: u'TcAdapter', 10: u'ScsiAdapter', 11: u'DtiAdapter', 12: u'MultiFunctionAdapter', 13: u'DiskController', 14: u'TapeController', 15: u'CdromController', 16: u'WormController', 17: u'SerialController', 18: u'NetworkController', 19: u'DisplayController', 20: u'ParallelController', 21: u'PointerController', 22: u'KeyboardController', 23: u'AudioController', 24: u'OtherController', 25: u'DiskPeripheral', 26: u'FloppyDiskPeripheral', 27: u'TapePeripheral', 28: u'ModemPeripheral', 29: u'MonitorPeripheral', 30: u'PrinterPeripheral', 31: u'PointerPeripheral', 32: u'KeyboardPeripheral', 33: u'TerminalPeripheral', 34: u'OtherPeripheral', 35: u'LinePeripheral', 36: u'NetworkPeripheral', 37: u'SystemMemory', 38: u'DockingInformation', 39: u'RealModeIrqRoutingTable', 40: u'RealModePCIEnumeration', 41: u'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer64', ['unsigned char']]],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x58, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'ResponsivenessEvents' : [ 0x50, ['unsigned long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_FLAGS' : [ 0x2, {
+    'SecondaryInterrupt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_POWER_PLANE_PROFILE' : [ 0x8, {
+    'ExclusivePowerMw' : [ 0x0, ['unsigned long']],
+    'PeakPowerMw' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARM_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x18, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PEP_WORK_COMPLETE_PERF_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+    'Succeeded' : [ 0xc, ['unsigned char']],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x60, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+    'PreloadEndTime' : [ 0x10, ['unsigned long long']],
+    'TcbLoaderStartTime' : [ 0x18, ['unsigned long long']],
+    'LoadHypervisorTime' : [ 0x20, ['unsigned long long']],
+    'LaunchHypervisorTime' : [ 0x28, ['unsigned long long']],
+    'LoadVsmTime' : [ 0x30, ['unsigned long long']],
+    'LaunchVsmTime' : [ 0x38, ['unsigned long long']],
+    'ExecuteTransitionStartTime' : [ 0x40, ['unsigned long long']],
+    'ExecuteTransitionEndTime' : [ 0x48, ['unsigned long long']],
+    'LoadDriversTime' : [ 0x50, ['unsigned long long']],
+    'CleanupVsmTime' : [ 0x58, ['unsigned long long']],
+} ],
+  '_MI_FREE_LARGE_PAGES' : [ 0x110, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long long']]],
+    'LargePagesCount' : [ 0x10, ['array', 2, ['array', 2, ['array', 4, ['unsigned long long']]]]],
+    'LargePageEntries' : [ 0x90, ['array', 2, ['array', 2, ['array', 4, ['pointer64', ['_MI_FREE_LARGE_PAGE_LIST']]]]]],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x38, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x8, ['pointer64', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x10, ['long']],
+    'MissedMappingsCount' : [ 0x14, ['unsigned long']],
+    'FirmwareResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'EfiMemoryMap' : [ 0x28, ['pointer64', ['void']]],
+    'EfiMemoryMapSize' : [ 0x30, ['unsigned long']],
+    'EfiMemoryMapDescriptorSize' : [ 0x34, ['unsigned long']],
+} ],
+  '_PEP_WORK_IDLE_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+    'State' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_POWER_PLANE' : [ 0x40, {
+    'PowerPlaneId' : [ 0x0, ['_UNICODE_STRING']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+    'OldIrql' : [ 0x18, ['unsigned char']],
+    'DevicePowerMw' : [ 0x1c, ['long']],
+    'PmaxHandle' : [ 0x20, ['pointer64', ['void']]],
+    'NotifyDevicePowerDraw' : [ 0x28, ['pointer64', ['void']]],
+    'DeviceCount' : [ 0x30, ['unsigned long long']],
+    'Devices' : [ 0x38, ['pointer64', ['pointer64', ['_POP_DEVICE_POWER_PROFILE']]]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_SMBIOS3_TABLE_HEADER' : [ 0x18, {
+    'Signature' : [ 0x0, ['array', 5, ['unsigned char']]],
+    'Checksum' : [ 0x5, ['unsigned char']],
+    'Length' : [ 0x6, ['unsigned char']],
+    'MajorVersion' : [ 0x7, ['unsigned char']],
+    'MinorVersion' : [ 0x8, ['unsigned char']],
+    'Docrev' : [ 0x9, ['unsigned char']],
+    'EntryPointRevision' : [ 0xa, ['unsigned char']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'StructureTableMaximumSize' : [ 0xc, ['unsigned long']],
+    'StructureTableAddress' : [ 0x10, ['unsigned long long']],
+} ],
+  '_LOADER_PARAMETER_CI_EXTENSION' : [ 0x50, {
+    'CodeIntegrityOptions' : [ 0x0, ['unsigned long']],
+    'UpgradeInProgress' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsWinPE' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CustomKernelSignersAllowed' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'WhqlEnforcementDate' : [ 0x8, ['_LARGE_INTEGER']],
+    'RevocationListOffset' : [ 0x10, ['unsigned long']],
+    'RevocationListSize' : [ 0x14, ['unsigned long']],
+    'CodeIntegrityPolicyOffset' : [ 0x18, ['unsigned long']],
+    'CodeIntegrityPolicySize' : [ 0x1c, ['unsigned long']],
+    'CodeIntegrityPolicyHashOffset' : [ 0x20, ['unsigned long']],
+    'CodeIntegrityPolicyHashSize' : [ 0x24, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashOffset' : [ 0x28, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashSize' : [ 0x2c, ['unsigned long']],
+    'WeakCryptoPolicyLoadStatus' : [ 0x30, ['long']],
+    'WeakCryptoPolicyOffset' : [ 0x34, ['unsigned long']],
+    'WeakCryptoPolicySize' : [ 0x38, ['unsigned long']],
+    'SecureBootPolicyOffset' : [ 0x3c, ['unsigned long']],
+    'SecureBootPolicySize' : [ 0x40, ['unsigned long']],
+    'Reserved2' : [ 0x44, ['unsigned long']],
+    'SerializedData' : [ 0x48, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_LDRP_CSLIST' : [ 0x8, {
+    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x70, {
+    'GetTime' : [ 0x0, ['unsigned long long']],
+    'SetTime' : [ 0x8, ['unsigned long long']],
+    'GetWakeupTime' : [ 0x10, ['unsigned long long']],
+    'SetWakeupTime' : [ 0x18, ['unsigned long long']],
+    'SetVirtualAddressMap' : [ 0x20, ['unsigned long long']],
+    'ConvertPointer' : [ 0x28, ['unsigned long long']],
+    'GetVariable' : [ 0x30, ['unsigned long long']],
+    'GetNextVariableName' : [ 0x38, ['unsigned long long']],
+    'SetVariable' : [ 0x40, ['unsigned long long']],
+    'GetNextHighMonotonicCount' : [ 0x48, ['unsigned long long']],
+    'ResetSystem' : [ 0x50, ['unsigned long long']],
+    'UpdateCapsule' : [ 0x58, ['unsigned long long']],
+    'QueryCapsuleCapabilities' : [ 0x60, ['unsigned long long']],
+    'QueryVariableInfo' : [ 0x68, ['unsigned long long']],
+} ],
+  '_MI_STORE_INPAGE_COMPLETE_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['unsigned long']],
+    'StoreFault' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LowResourceFailure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned long')]],
+    'RemainingPageCount' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_WORK_QUEUE_MANAGER' : [ 0x118, {
+    'Partition' : [ 0x0, ['pointer64', ['_EX_PARTITION']]],
+    'Node' : [ 0x8, ['pointer64', ['_ENODE']]],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'DeadlockTimer' : [ 0x28, ['_KTIMER']],
+    'ReaperEvent' : [ 0x68, ['_KEVENT']],
+    'ReaperTimer' : [ 0x80, ['_KTIMER2']],
+    'ThreadHandle' : [ 0x108, ['pointer64', ['void']]],
+    'ExitThread' : [ 0x110, ['unsigned long']],
+    'ThreadSeed' : [ 0x114, ['unsigned short']],
+} ],
+  '_LOADER_PARAMETER_HYPERVISOR_EXTENSION' : [ 0x40, {
+    'InitialHypervisorCrashdumpAreaPageCount' : [ 0x0, ['unsigned long']],
+    'HypervisorCrashdumpAreaPageCount' : [ 0x4, ['unsigned long']],
+    'InitialHypervisorCrashdumpAreaSpa' : [ 0x8, ['unsigned long long']],
+    'HypervisorCrashdumpAreaSpa' : [ 0x10, ['unsigned long long']],
+    'HypervisorLaunchStatus' : [ 0x18, ['unsigned long long']],
+    'HypervisorLaunchStatusArg1' : [ 0x20, ['unsigned long long']],
+    'HypervisorLaunchStatusArg2' : [ 0x28, ['unsigned long long']],
+    'HypervisorLaunchStatusArg3' : [ 0x30, ['unsigned long long']],
+    'HypervisorLaunchStatusArg4' : [ 0x38, ['unsigned long long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_PEP_WORK_POWER_CONTROL' : [ 0x38, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'PowerControlCode' : [ 0x8, ['pointer64', ['_GUID']]],
+    'RequestContext' : [ 0x10, ['pointer64', ['void']]],
+    'InBuffer' : [ 0x18, ['pointer64', ['void']]],
+    'InBufferSize' : [ 0x20, ['unsigned long long']],
+    'OutBuffer' : [ 0x28, ['pointer64', ['void']]],
+    'OutBufferSize' : [ 0x30, ['unsigned long long']],
+} ],
+  '_PEP_WORK_DEVICE_POWER' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'PowerRequired' : [ 0x8, ['unsigned char']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeFilteredPrivateLogger', 12: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0xc, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+    'TimeDateStamp' : [ 0x8, ['unsigned long']],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x20, {
+    'DHCPServerACK' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x8, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_BOOT_ENTROPY_LDR_RESULT' : [ 0x868, {
+    'maxEntropySources' : [ 0x0, ['unsigned long']],
+    'EntropySourceResult' : [ 0x8, ['array', 10, ['_BOOT_ENTROPY_SOURCE_LDR_RESULT']]],
+    'SeedBytesForCng' : [ 0x418, ['array', 48, ['unsigned char']]],
+    'RngBytesForNtoskrnl' : [ 0x448, ['array', 1024, ['unsigned char']]],
+    'KdEntropy' : [ 0x848, ['array', 32, ['unsigned char']]],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x78, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+    'PreQueryOpen' : [ 0x68, ['pointer64', ['void']]],
+    'PostQueryOpen' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer64', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_FAULT_INFORMATION' : [ 0x30, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'FaultInformationInvalid', 1: u'FaultInformationArm64'})]],
+    'Arm64' : [ 0x8, ['_FAULT_INFORMATION_ARM64']],
+} ],
+  '_PEP_WORK_COMPLETE_IDLE_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PEP_WORK_ACTIVE_COMPLETE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_33f6' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['pointer64', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_33f8' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x30, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'Unit' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x20, ['__unnamed_33f6']],
+    'Range' : [ 0x20, ['__unnamed_33f8']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_BOOT_ENTROPY_SOURCE_LDR_RESULT' : [ 0x68, {
+    'SourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceNone', 1: u'BootEntropySourceSeedfile', 2: u'BootEntropySourceExternal', 3: u'BootEntropySourceTpm', 4: u'BootEntropySourceRdrand', 5: u'BootEntropySourceTime', 6: u'BootEntropySourceAcpiOem0', 7: u'BootEntropySourceUefi', 8: u'BootEntropySourceCng', 9: u'BootEntropySourceTcbTpm', 10: u'BootMaxEntropySources'})]],
+    'Policy' : [ 0x8, ['unsigned long long']],
+    'ResultCode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceStructureUninitialized', 1: u'BootEntropySourceDisabledByPolicy', 2: u'BootEntropySourceNotPresent', 3: u'BootEntropySourceError', 4: u'BootEntropySourceSuccess'})]],
+    'ResultStatus' : [ 0x14, ['long']],
+    'Time' : [ 0x18, ['unsigned long long']],
+    'EntropyLength' : [ 0x20, ['unsigned long']],
+    'EntropyData' : [ 0x24, ['array', 64, ['unsigned char']]],
+} ],
+  'POHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_3409' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_340b' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_3411' : [ 0x10, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer64', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_3413' : [ 0x20, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileInformation' : [ 0x8, ['pointer64', ['void']]],
+    'Length' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'FileInformationClass' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'CompletionStatus' : [ 0x1c, ['long']],
+} ],
+  '__unnamed_3415' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_3409']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_340b']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_3411']],
+    'QueryOpen' : [ 0x0, ['__unnamed_3413']],
+    'Others' : [ 0x0, ['__unnamed_3415']],
+} ],
+  '_FAULT_INFORMATION_ARM64' : [ 0x28, {
+    'DomainHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FaultAddress' : [ 0x8, ['pointer64', ['void']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InputMappingId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['_FAULT_INFORMATION_ARM64_FLAGS']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'UnsupportedUpstreamTransaction', 1: u'AddressSizeFault', 2: u'TlbMatchConflict', 3: u'ExternalFault', 4: u'PermissionFault', 5: u'AccessFlagFault', 6: u'TranslationFault', 7: u'MaxFaultType'})]],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_PEP_WORK_DEVICE_IDLE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'IgnoreIdleTimeout' : [ 0x8, ['unsigned char']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+  '_FAULT_INFORMATION_ARM64_FLAGS' : [ 0x4, {
+    'WriteNotRead' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'InstructionNotData' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Privileged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'FaultAddressValid' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+}
diff --git a/volatility/plugins/overlays/windows/win10_x86_18362_vtypes.py b/volatility/plugins/overlays/windows/win10_x86_18362_vtypes.py
new file mode 100755
index 000000000..03cf3d0ac
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_18362_vtypes.py
@@ -0,0 +1,16055 @@
+ntkrpamp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PS_MITIGATION_AUDIT_OPTIONS_MAP' : [ 0x10, {
+    'Map' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x710, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'CyclesPerYield' : [ 0x2d6, ['unsigned short']],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgStateSeparationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'SystemCallPad0' : [ 0x30c, ['unsigned long']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'TelemetryCoverageRound' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+} ],
+  '__unnamed_1088' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1088']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_108c' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_108c']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_10a7' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_10a9' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_10a7']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x4, ['pointer', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x8, ['pointer', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0xc, ['pointer', ['void']]],
+    'RaceDll' : [ 0x10, ['pointer', ['void']]],
+    'ActivationContext' : [ 0x14, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x18, ['pointer', ['void']]],
+    'u' : [ 0x1c, ['__unnamed_10a9']],
+    'CallbackPriority' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x24, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x1c, ['pointer', ['void']]],
+    'ClientId' : [ 0x20, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['pointer', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x30, ['pointer', ['_PEB']]],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['pointer', ['void']]],
+    'Win32ThreadInfo' : [ 0x40, ['pointer', ['void']]],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['pointer', ['void']]],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['pointer', ['void']]]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['pointer', ['void']]]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x175, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x176, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['pointer', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['pointer', ['void']]],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['pointer', ['void']]],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['pointer', ['void']]]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['pointer', ['void']]],
+    'glSectionInfo' : [ 0xbe0, ['pointer', ['void']]],
+    'glSection' : [ 0xbe4, ['pointer', ['void']]],
+    'glTable' : [ 0xbe8, ['pointer', ['void']]],
+    'glCurrentRC' : [ 0xbec, ['pointer', ['void']]],
+    'glContext' : [ 0xbf0, ['pointer', ['void']]],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['pointer', ['void']]],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['pointer', ['void']]]],
+    'TlsLinks' : [ 0xf10, ['_LIST_ENTRY']],
+    'Vdm' : [ 0xf18, ['pointer', ['void']]],
+    'ReservedForNtRpc' : [ 0xf1c, ['pointer', ['void']]],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['pointer', ['void']]]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['pointer', ['void']]]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['pointer', ['void']]],
+    'PerflibData' : [ 0xf64, ['pointer', ['void']]],
+    'EtwTraceData' : [ 0xf68, ['pointer', ['void']]],
+    'WinSockData' : [ 0xf6c, ['pointer', ['void']]],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['pointer', ['void']]],
+    'ReservedForOle' : [ 0xf80, ['pointer', ['void']]],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['pointer', ['void']]],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['pointer', ['void']]],
+    'TlsExpansionSlots' : [ 0xf94, ['pointer', ['pointer', ['void']]]],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['pointer', ['void']]],
+    'pShimData' : [ 0xfa4, ['pointer', ['void']]],
+    'HeapData' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['pointer', ['void']]],
+    'ActiveFrame' : [ 0xfb0, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0xfb4, ['pointer', ['void']]],
+    'PreferredLanguages' : [ 0xfb8, ['pointer', ['void']]],
+    'UserPrefLanguages' : [ 0xfbc, ['pointer', ['void']]],
+    'MergedPrefLanguages' : [ 0xfc0, ['pointer', ['void']]],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['pointer', ['void']]],
+    'TxnScopeExitCallback' : [ 0xfd0, ['pointer', ['void']]],
+    'TxnScopeContext' : [ 0xfd4, ['pointer', ['void']]],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['pointer', ['void']]],
+    'ReservedForWdf' : [ 0xfe4, ['pointer', ['void']]],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x8, {
+    'Flink' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x4, {
+    'Next' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0xc, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0xc, {
+    'ChainHead' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x14, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0xc, ['pointer', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x24, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_CUSTOM_SYSTEM_EVENT_TRIGGER_CONFIG' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'TriggerId' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_IMAGE_NT_HEADERS' : [ 0xf8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0xc, {
+    'Children' : [ 0x0, ['array', 2, ['pointer', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x4, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x6020, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'Used_ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Used_StackBase' : [ 0x4, ['pointer', ['void']]],
+    'MxCsr' : [ 0x8, ['unsigned long']],
+    'TssCopy' : [ 0xc, ['pointer', ['void']]],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'SetMemberCopy' : [ 0x14, ['unsigned long']],
+    'Used_Self' : [ 0x18, ['pointer', ['void']]],
+    'SelfPcr' : [ 0x1c, ['pointer', ['_KPCR']]],
+    'Prcb' : [ 0x20, ['pointer', ['_KPRCB']]],
+    'Irql' : [ 0x24, ['unsigned char']],
+    'IRR' : [ 0x28, ['unsigned long']],
+    'IrrActive' : [ 0x2c, ['unsigned long']],
+    'IDR' : [ 0x30, ['unsigned long']],
+    'KdVersionBlock' : [ 0x34, ['pointer', ['void']]],
+    'IDT' : [ 0x38, ['pointer', ['_KIDTENTRY']]],
+    'GDT' : [ 0x3c, ['pointer', ['_KGDTENTRY']]],
+    'TSS' : [ 0x40, ['pointer', ['_KTSS']]],
+    'MajorVersion' : [ 0x44, ['unsigned short']],
+    'MinorVersion' : [ 0x46, ['unsigned short']],
+    'SetMember' : [ 0x48, ['unsigned long']],
+    'StallScaleFactor' : [ 0x4c, ['unsigned long']],
+    'SpareUnused' : [ 0x50, ['unsigned char']],
+    'Number' : [ 0x51, ['unsigned char']],
+    'Spare0' : [ 0x52, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x53, ['unsigned char']],
+    'VdmAlert' : [ 0x54, ['unsigned long']],
+    'KernelReserved' : [ 0x58, ['array', 14, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0x90, ['unsigned long']],
+    'HalReserved' : [ 0x94, ['array', 16, ['unsigned long']]],
+    'InterruptMode' : [ 0xd4, ['unsigned long']],
+    'Spare1' : [ 0xd8, ['unsigned char']],
+    'KernelReserved2' : [ 0xdc, ['array', 17, ['unsigned long']]],
+    'PrcbData' : [ 0x120, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x5f00, {
+    'MinorVersion' : [ 0x0, ['unsigned short']],
+    'MajorVersion' : [ 0x2, ['unsigned short']],
+    'CurrentThread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'NextThread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'IdleThread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'LegacyNumber' : [ 0x10, ['unsigned char']],
+    'NestingLevel' : [ 0x11, ['unsigned char']],
+    'BuildType' : [ 0x12, ['unsigned short']],
+    'CpuType' : [ 0x14, ['unsigned char']],
+    'CpuID' : [ 0x15, ['unsigned char']],
+    'CpuStep' : [ 0x16, ['unsigned short']],
+    'CpuStepping' : [ 0x16, ['unsigned char']],
+    'CpuModel' : [ 0x17, ['unsigned char']],
+    'ProcessorState' : [ 0x18, ['_KPROCESSOR_STATE']],
+    'ParentNode' : [ 0x338, ['pointer', ['_KNODE']]],
+    'PriorityState' : [ 0x33c, ['pointer', ['unsigned char']]],
+    'KernelReserved' : [ 0x340, ['array', 14, ['unsigned long']]],
+    'HalReserved' : [ 0x378, ['array', 16, ['unsigned long']]],
+    'CFlushSize' : [ 0x3b8, ['unsigned long']],
+    'CoresPerPhysicalProcessor' : [ 0x3bc, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x3bd, ['unsigned char']],
+    'CpuVendor' : [ 0x3be, ['unsigned char']],
+    'PrcbPad0' : [ 0x3bf, ['array', 1, ['unsigned char']]],
+    'MHz' : [ 0x3c0, ['unsigned long']],
+    'GroupIndex' : [ 0x3c4, ['unsigned char']],
+    'Group' : [ 0x3c5, ['unsigned char']],
+    'PrcbPad05' : [ 0x3c6, ['array', 2, ['unsigned char']]],
+    'GroupSetMember' : [ 0x3c8, ['unsigned long']],
+    'Number' : [ 0x3cc, ['unsigned long']],
+    'ClockOwner' : [ 0x3d0, ['unsigned char']],
+    'PendingTickFlags' : [ 0x3d1, ['unsigned char']],
+    'PendingTick' : [ 0x3d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x3d1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PrcbPad10' : [ 0x3d2, ['array', 70, ['unsigned char']]],
+    'LockQueue' : [ 0x418, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'InterruptCount' : [ 0x4a0, ['unsigned long']],
+    'KernelTime' : [ 0x4a4, ['unsigned long']],
+    'UserTime' : [ 0x4a8, ['unsigned long']],
+    'DpcTime' : [ 0x4ac, ['unsigned long']],
+    'DpcTimeCount' : [ 0x4b0, ['unsigned long']],
+    'InterruptTime' : [ 0x4b4, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4b8, ['unsigned long']],
+    'PageColor' : [ 0x4bc, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4c0, ['unsigned char']],
+    'NodeColor' : [ 0x4c1, ['unsigned char']],
+    'DeepSleep' : [ 0x4c2, ['unsigned char']],
+    'TbFlushListActive' : [ 0x4c3, ['unsigned char']],
+    'CachedStack' : [ 0x4c4, ['pointer', ['void']]],
+    'NodeShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x4cc, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4d0, ['unsigned long']],
+    'MmInternal' : [ 0x4d4, ['pointer', ['void']]],
+    'PrcbFlags' : [ 0x4d8, ['_KPRCBFLAG']],
+    'SchedulerAssist' : [ 0x4dc, ['pointer', ['void']]],
+    'CcFastReadNoWait' : [ 0x4e0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x4e4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x4e8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x4ec, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x4f0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x4f4, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x4f8, ['long']],
+    'IoReadOperationCount' : [ 0x4fc, ['long']],
+    'IoWriteOperationCount' : [ 0x500, ['long']],
+    'IoOtherOperationCount' : [ 0x504, ['long']],
+    'IoReadTransferCount' : [ 0x508, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x510, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x518, ['_LARGE_INTEGER']],
+    'CcFastMdlReadNoWait' : [ 0x520, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x524, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x528, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x52c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x530, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x534, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x538, ['unsigned long']],
+    'CcPinReadWait' : [ 0x53c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x540, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x544, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x548, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x54c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x550, ['unsigned long']],
+    'CcDataFlushes' : [ 0x554, ['unsigned long']],
+    'CcDataPages' : [ 0x558, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x55c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x560, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x564, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x568, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x56c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x570, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x574, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x578, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x57c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x580, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x584, ['unsigned long']],
+    'KeAlignmentFixupCount' : [ 0x588, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x58c, ['unsigned long']],
+    'KeSystemCalls' : [ 0x590, ['unsigned long']],
+    'AvailableTime' : [ 0x594, ['unsigned long']],
+    'PrcbPad22' : [ 0x598, ['array', 2, ['unsigned long']]],
+    'PPLookasideList' : [ 0x5a0, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x620, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0xf20, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x1820, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x2120, ['long']],
+    'ReverseStall' : [ 0x2124, ['long']],
+    'IpiFrame' : [ 0x2128, ['pointer', ['void']]],
+    'PrcbPad3' : [ 0x212c, ['array', 52, ['unsigned char']]],
+    'CurrentPacket' : [ 0x2160, ['array', 3, ['pointer', ['void']]]],
+    'TargetSet' : [ 0x216c, ['unsigned long']],
+    'WorkerRoutine' : [ 0x2170, ['pointer', ['void']]],
+    'IpiFrozen' : [ 0x2174, ['unsigned long']],
+    'PrcbPad4' : [ 0x2178, ['array', 40, ['unsigned char']]],
+    'RequestSummary' : [ 0x21a0, ['unsigned long']],
+    'TargetCount' : [ 0x21a4, ['long']],
+    'LastNonHrTimerExpiration' : [ 0x21a8, ['unsigned long long']],
+    'TrappedSecurityDomain' : [ 0x21b0, ['unsigned long long']],
+    'BpbState' : [ 0x21b8, ['unsigned char']],
+    'BpbCpuIdle' : [ 0x21b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbFlushRsbOnTrap' : [ 0x21b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbIbpbOnReturn' : [ 0x21b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbIbpbOnTrap' : [ 0x21b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbReserved' : [ 0x21b8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'BpbFeatures' : [ 0x21b9, ['unsigned char']],
+    'BpbClearOnIdle' : [ 0x21b9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbEnabled' : [ 0x21b9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbSmep' : [ 0x21b9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbFeaturesReserved' : [ 0x21b9, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'BpbCurrentSpecCtrl' : [ 0x21ba, ['unsigned char']],
+    'BpbKernelSpecCtrl' : [ 0x21bb, ['unsigned char']],
+    'BpbNmiSpecCtrl' : [ 0x21bc, ['unsigned char']],
+    'BpbUserSpecCtrl' : [ 0x21bd, ['unsigned char']],
+    'PrcbPad49' : [ 0x21be, ['array', 2, ['unsigned char']]],
+    'ProcessorSignature' : [ 0x21c0, ['unsigned long']],
+    'ProcessorFlags' : [ 0x21c4, ['unsigned long']],
+    'PrcbPad50' : [ 0x21c8, ['array', 8, ['unsigned char']]],
+    'InterruptLastCount' : [ 0x21d0, ['unsigned long']],
+    'InterruptRate' : [ 0x21d4, ['unsigned long']],
+    'DeviceInterrupts' : [ 0x21d8, ['unsigned long']],
+    'IsrDpcStats' : [ 0x21dc, ['pointer', ['void']]],
+    'DpcData' : [ 0x21e0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2210, ['pointer', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2214, ['long']],
+    'DpcRequestRate' : [ 0x2218, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x221c, ['unsigned long']],
+    'DpcLastCount' : [ 0x2220, ['unsigned long']],
+    'PrcbLock' : [ 0x2224, ['unsigned long']],
+    'DpcGate' : [ 0x2228, ['_KGATE']],
+    'IdleState' : [ 0x2238, ['unsigned char']],
+    'QuantumEnd' : [ 0x2239, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x223a, ['unsigned char']],
+    'IdleSchedule' : [ 0x223b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x223c, ['long']],
+    'DpcRequestSlot' : [ 0x223c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x223c, ['short']],
+    'ThreadDpcState' : [ 0x223e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x223c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x223c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x223c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x223c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x223c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x223c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x223c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x223c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x223c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x223c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTimerHand' : [ 0x2240, ['unsigned long']],
+    'LastTick' : [ 0x2244, ['unsigned long']],
+    'PeriodicCount' : [ 0x2248, ['unsigned long']],
+    'PeriodicBias' : [ 0x224c, ['unsigned long']],
+    'ClockInterrupts' : [ 0x2250, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2254, ['unsigned long']],
+    'GroupSchedulingOverQuota' : [ 0x2258, ['unsigned char']],
+    'ThreadDpcEnable' : [ 0x2259, ['unsigned char']],
+    'PrcbPad41' : [ 0x225a, ['array', 2, ['unsigned char']]],
+    'TimerTable' : [ 0x2260, ['_KTIMER_TABLE']],
+    'CallDpc' : [ 0x3aa0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x3ac0, ['long']],
+    'PrcbPad6' : [ 0x3ac4, ['array', 4, ['unsigned char']]],
+    'DpcWatchdogPeriod' : [ 0x3ac8, ['long']],
+    'DpcWatchdogCount' : [ 0x3acc, ['long']],
+    'KeSpinLockOrdering' : [ 0x3ad0, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x3ad4, ['unsigned long']],
+    'QueueIndex' : [ 0x3ad8, ['unsigned long']],
+    'DeferredReadyListHead' : [ 0x3adc, ['_SINGLE_LIST_ENTRY']],
+    'ReadySummary' : [ 0x3ae0, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x3ae4, ['long']],
+    'WaitLock' : [ 0x3ae8, ['unsigned long']],
+    'WaitListHead' : [ 0x3aec, ['_LIST_ENTRY']],
+    'ScbOffset' : [ 0x3af4, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x3af8, ['unsigned long']],
+    'StartCycles' : [ 0x3b00, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x3b08, ['unsigned long long']],
+    'TaggedCycles' : [ 0x3b10, ['array', 2, ['unsigned long long']]],
+    'GenerationTarget' : [ 0x3b20, ['unsigned long long']],
+    'CycleTime' : [ 0x3b28, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x3b30, ['unsigned long long']],
+    'ImportantCycles' : [ 0x3b38, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x3b40, ['unsigned long long']],
+    'ReadyQueueExpectedRunTime' : [ 0x3b48, ['unsigned long long']],
+    'HighCycleTime' : [ 0x3b50, ['unsigned long']],
+    'Cycles' : [ 0x3b58, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad71' : [ 0x3b98, ['array', 2, ['unsigned long']]],
+    'DispatcherReadyListHead' : [ 0x3ba0, ['array', 32, ['_LIST_ENTRY']]],
+    'ChainedInterruptList' : [ 0x3ca0, ['pointer', ['void']]],
+    'LookasideIrpFloat' : [ 0x3ca4, ['long']],
+    'ScbQueue' : [ 0x3ca8, ['_RTL_RB_TREE']],
+    'ScbList' : [ 0x3cb0, ['_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x3cb8, ['long']],
+    'MmCopyOnWriteCount' : [ 0x3cbc, ['long']],
+    'MmTransitionCount' : [ 0x3cc0, ['long']],
+    'MmCacheTransitionCount' : [ 0x3cc4, ['long']],
+    'MmDemandZeroCount' : [ 0x3cc8, ['long']],
+    'MmPageReadCount' : [ 0x3ccc, ['long']],
+    'MmPageReadIoCount' : [ 0x3cd0, ['long']],
+    'MmCacheReadCount' : [ 0x3cd4, ['long']],
+    'MmCacheIoCount' : [ 0x3cd8, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x3cdc, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x3ce0, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x3ce4, ['long']],
+    'MmMappedWriteIoCount' : [ 0x3ce8, ['long']],
+    'CachedCommit' : [ 0x3cec, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x3cf0, ['unsigned long']],
+    'HyperPte' : [ 0x3cf4, ['pointer', ['void']]],
+    'PrcbPad8' : [ 0x3cf8, ['array', 4, ['unsigned char']]],
+    'VendorString' : [ 0x3cfc, ['array', 13, ['unsigned char']]],
+    'InitialApicId' : [ 0x3d09, ['unsigned char']],
+    'LogicalProcessorsPerPhysicalProcessor' : [ 0x3d0a, ['unsigned char']],
+    'PrcbPad9' : [ 0x3d0b, ['array', 1, ['unsigned char']]],
+    'FeatureBits' : [ 0x3d10, ['unsigned long long']],
+    'UpdateSignature' : [ 0x3d18, ['_LARGE_INTEGER']],
+    'IsrTime' : [ 0x3d20, ['unsigned long long']],
+    'PrcbPad90' : [ 0x3d28, ['array', 2, ['unsigned long']]],
+    'PowerState' : [ 0x3d30, ['_PROCESSOR_POWER_STATE']],
+    'ForceIdleDpc' : [ 0x3ed8, ['_KDPC']],
+    'PrcbPad91' : [ 0x3ef8, ['array', 14, ['unsigned long']]],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x3f30, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x3f34, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x3f58, ['_KTIMER']],
+    'HypercallPageList' : [ 0x3f80, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x3f88, ['pointer', ['void']]],
+    'VirtualApicAssist' : [ 0x3f8c, ['pointer', ['void']]],
+    'StatisticsPage' : [ 0x3f90, ['pointer', ['unsigned long long']]],
+    'Cache' : [ 0x3f94, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x3fd0, ['unsigned long']],
+    'PackageProcessorSet' : [ 0x3fd4, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x3fe0, ['unsigned long']],
+    'SharedReadyQueue' : [ 0x3fe4, ['pointer', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x3fe8, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x3fec, ['unsigned long']],
+    'ScanSiblingMask' : [ 0x3ff0, ['unsigned long']],
+    'LLCMask' : [ 0x3ff4, ['unsigned long']],
+    'CacheProcessorMask' : [ 0x3ff8, ['array', 5, ['unsigned long']]],
+    'ScanSiblingIndex' : [ 0x400c, ['unsigned long']],
+    'WheaInfo' : [ 0x4010, ['pointer', ['void']]],
+    'EtwSupport' : [ 0x4014, ['pointer', ['void']]],
+    'InterruptObjectPool' : [ 0x4018, ['_SLIST_HEADER']],
+    'DpcWatchdogProfile' : [ 0x4020, ['pointer', ['pointer', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x4024, ['pointer', ['pointer', ['void']]]],
+    'PackageId' : [ 0x4028, ['unsigned long']],
+    'PteBitCache' : [ 0x402c, ['unsigned long']],
+    'PteBitOffset' : [ 0x4030, ['unsigned long']],
+    'PrcbPad93' : [ 0x4034, ['unsigned long']],
+    'ProcessorProfileControlArea' : [ 0x4038, ['pointer', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x403c, ['pointer', ['void']]],
+    'TimerExpirationDpc' : [ 0x4040, ['_KDPC']],
+    'SynchCounters' : [ 0x4060, ['_SYNCH_COUNTERS']],
+    'FsCounters' : [ 0x4118, ['_FILESYSTEM_DISK_COUNTERS']],
+    'Context' : [ 0x4128, ['pointer', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x412c, ['unsigned long']],
+    'ExtendedState' : [ 0x4130, ['pointer', ['_XSAVE_AREA']]],
+    'EntropyTimingState' : [ 0x4134, ['_KENTROPY_TIMING_STATE']],
+    'IsrStack' : [ 0x425c, ['pointer', ['void']]],
+    'VectorToInterruptObject' : [ 0x4260, ['array', 208, ['pointer', ['_KINTERRUPT']]]],
+    'AbSelfIoBoostsList' : [ 0x45a0, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x45a4, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x45a8, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x45c8, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x461c, ['_IOP_IRP_STACK_PROFILER']],
+    'TimerExpirationTrace' : [ 0x4670, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x4770, ['unsigned long']],
+    'ExSaPageArray' : [ 0x4774, ['pointer', ['void']]],
+    'ExtendedSupervisorState' : [ 0x4778, ['pointer', ['_XSAVE_AREA_HEADER']]],
+    'PrcbPad100' : [ 0x477c, ['array', 9, ['unsigned long']]],
+    'LocalSharedReadyQueue' : [ 0x47a0, ['_KSHARED_READY_QUEUE']],
+    'Mailbox' : [ 0x48e0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'PrcbPad' : [ 0x48e4, ['array', 1532, ['unsigned char']]],
+    'KernelDirectoryTableBase' : [ 0x4ee0, ['unsigned long']],
+    'EspBaseShadow' : [ 0x4ee4, ['unsigned long']],
+    'UserEspShadow' : [ 0x4ee8, ['unsigned long']],
+    'ShadowFlags' : [ 0x4eec, ['unsigned long']],
+    'UserDS' : [ 0x4ef0, ['unsigned long']],
+    'UserES' : [ 0x4ef4, ['unsigned long']],
+    'UserFS' : [ 0x4ef8, ['unsigned long']],
+    'EspIretd' : [ 0x4efc, ['pointer', ['void']]],
+    'RestoreSegOption' : [ 0x4f00, ['unsigned long']],
+    'SavedEsi' : [ 0x4f04, ['unsigned long']],
+    'DbgLogs' : [ 0x4f08, ['array', 512, ['unsigned long']]],
+    'DbgCount' : [ 0x5708, ['unsigned long']],
+    'PrcbPadRemaingPage' : [ 0x570c, ['array', 501, ['unsigned long']]],
+    'RequestMailbox' : [ 0x5ee0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KAPC' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x14, ['pointer', ['void']]],
+    'RundownRoutine' : [ 0x18, ['pointer', ['void']]],
+    'NormalRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Reserved' : [ 0x14, ['array', 3, ['pointer', ['void']]]],
+    'NormalContext' : [ 0x20, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x24, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x28, ['pointer', ['void']]],
+    'ApcStateIndex' : [ 0x2c, ['unsigned char']],
+    'ApcMode' : [ 0x2d, ['unsigned char']],
+    'Inserted' : [ 0x2e, ['unsigned char']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0xb0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x18, ['unsigned long']],
+    'LdtDescriptor' : [ 0x1c, ['_KGDTENTRY']],
+    'Int21Descriptor' : [ 0x24, ['_KIDTENTRY']],
+    'ThreadListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x34, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x38, ['unsigned long long']],
+    'Affinity' : [ 0x40, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x4c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x54, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x58, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x64, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x64, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x64, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeepFreeze' : [ 0x64, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x64, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x64, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x64, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x64, ['BitField', dict(start_bit = 7, end_bit = 10, native_type='unsigned long')]],
+    'VaSpaceDeleted' : [ 0x64, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x64, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'ProcessFlags' : [ 0x64, ['long']],
+    'BasePriority' : [ 0x68, ['unsigned char']],
+    'QuantumReset' : [ 0x69, ['unsigned char']],
+    'Visited' : [ 0x6a, ['unsigned char']],
+    'Flags' : [ 0x6b, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x6c, ['array', 1, ['unsigned short']]],
+    'IdealProcessor' : [ 0x6e, ['array', 1, ['unsigned short']]],
+    'IdealNode' : [ 0x70, ['array', 1, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x72, ['unsigned short']],
+    'Spare1' : [ 0x74, ['unsigned short']],
+    'IopmOffset' : [ 0x76, ['unsigned short']],
+    'SchedulingGroup' : [ 0x78, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'StackCount' : [ 0x7c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x80, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x88, ['unsigned long long']],
+    'ContextSwitches' : [ 0x90, ['unsigned long long']],
+    'FreezeCount' : [ 0x98, ['unsigned long']],
+    'KernelTime' : [ 0x9c, ['unsigned long']],
+    'UserTime' : [ 0xa0, ['unsigned long']],
+    'ReadyTime' : [ 0xa4, ['unsigned long']],
+    'VdmTrapcHandler' : [ 0xa8, ['pointer', ['void']]],
+    'ProcessTimerDelay' : [ 0xac, ['unsigned long']],
+} ],
+  '_KTHREAD' : [ 0x358, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x10, ['pointer', ['void']]],
+    'QuantumTarget' : [ 0x18, ['unsigned long long']],
+    'InitialStack' : [ 0x20, ['pointer', ['void']]],
+    'StackLimit' : [ 0x24, ['pointer', ['void']]],
+    'StackBase' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLock' : [ 0x2c, ['unsigned long']],
+    'CycleTime' : [ 0x30, ['unsigned long long']],
+    'HighCycleTime' : [ 0x38, ['unsigned long']],
+    'ServiceTable' : [ 0x3c, ['pointer', ['void']]],
+    'CurrentRunTime' : [ 0x40, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x44, ['unsigned long']],
+    'KernelStack' : [ 0x48, ['pointer', ['void']]],
+    'StateSaveArea' : [ 0x4c, ['pointer', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x50, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x54, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x55, ['unsigned char']],
+    'Alerted' : [ 0x56, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x58, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x58, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x58, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x58, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x58, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x58, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x58, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x58, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x58, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x58, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x58, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x58, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x58, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x58, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x58, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x58, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x58, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x58, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CetUserShadowStack' : [ 0x58, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BypassProcessFreeze' : [ 0x58, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved' : [ 0x58, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x58, ['long']],
+    'BamQosLevel' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'AutoAlignment' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x5c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x5c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x5c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x5c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x5c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x5c, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x5c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x5c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x5c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x5c, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x5c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x5c, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'VpBackingThread' : [ 0x5c, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ThreadFlagsSpare' : [ 0x5c, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x5c, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x5c, ['long']],
+    'Tag' : [ 0x60, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x61, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x63, ['unsigned char']],
+    'SystemCallNumber' : [ 0x64, ['unsigned long']],
+    'FirstArgument' : [ 0x68, ['pointer', ['void']]],
+    'TrapFrame' : [ 0x6c, ['pointer', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x70, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x70, ['array', 23, ['unsigned char']]],
+    'Priority' : [ 0x87, ['unsigned char']],
+    'UserIdealProcessor' : [ 0x88, ['unsigned long']],
+    'ContextSwitches' : [ 0x8c, ['unsigned long']],
+    'State' : [ 0x90, ['unsigned char']],
+    'Spare12' : [ 0x91, ['unsigned char']],
+    'WaitIrql' : [ 0x92, ['unsigned char']],
+    'WaitMode' : [ 0x93, ['unsigned char']],
+    'WaitStatus' : [ 0x94, ['long']],
+    'WaitBlockList' : [ 0x98, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0x9c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x9c, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xa4, ['pointer', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xa8, ['pointer', ['void']]],
+    'RelativeTimerBias' : [ 0xb0, ['unsigned long long']],
+    'Timer' : [ 0xb8, ['_KTIMER']],
+    'WaitBlock' : [ 0xe0, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill8' : [ 0xe0, ['array', 20, ['unsigned char']]],
+    'ThreadCounters' : [ 0xf4, ['pointer', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0xe0, ['array', 44, ['unsigned char']]],
+    'XStateSave' : [ 0x10c, ['pointer', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0xe0, ['array', 68, ['unsigned char']]],
+    'Win32Thread' : [ 0x124, ['pointer', ['void']]],
+    'WaitBlockFill11' : [ 0xe0, ['array', 88, ['unsigned char']]],
+    'WaitTime' : [ 0x138, ['unsigned long']],
+    'KernelApcDisable' : [ 0x13c, ['short']],
+    'SpecialApcDisable' : [ 0x13e, ['short']],
+    'CombinedApcDisable' : [ 0x13c, ['unsigned long']],
+    'QueueListEntry' : [ 0x140, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x148, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x148, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x148, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x14c, ['long']],
+    'Process' : [ 0x150, ['pointer', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x154, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x154, ['array', 6, ['unsigned char']]],
+    'PreviousMode' : [ 0x15a, ['unsigned char']],
+    'BasePriority' : [ 0x15b, ['unsigned char']],
+    'PriorityDecrement' : [ 0x15c, ['unsigned char']],
+    'ForegroundBoost' : [ 0x15c, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x15c, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x15d, ['unsigned char']],
+    'AdjustReason' : [ 0x15e, ['unsigned char']],
+    'AdjustIncrement' : [ 0x15f, ['unsigned char']],
+    'AffinityVersion' : [ 0x160, ['unsigned long']],
+    'Affinity' : [ 0x164, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x164, ['array', 6, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x16a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x16b, ['unsigned char']],
+    'IdealProcessor' : [ 0x16c, ['unsigned long']],
+    'ReadyTime' : [ 0x170, ['unsigned long']],
+    'SavedApcState' : [ 0x174, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x174, ['array', 23, ['unsigned char']]],
+    'WaitReason' : [ 0x18b, ['unsigned char']],
+    'SuspendCount' : [ 0x18c, ['unsigned char']],
+    'Saturation' : [ 0x18d, ['unsigned char']],
+    'SListFaultCount' : [ 0x18e, ['unsigned short']],
+    'SchedulerApc' : [ 0x190, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x190, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x191, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x190, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x193, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x190, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x194, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x190, ['array', 36, ['unsigned char']]],
+    'WaitPrcb' : [ 0x1b4, ['pointer', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x190, ['array', 40, ['unsigned char']]],
+    'LegoData' : [ 0x1b8, ['pointer', ['void']]],
+    'SchedulerApcFill5' : [ 0x190, ['array', 47, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x1bf, ['unsigned char']],
+    'UserTime' : [ 0x1c0, ['unsigned long']],
+    'SuspendEvent' : [ 0x1c4, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x1d4, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x1dc, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x1e4, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x1e5, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x1e6, ['unsigned char']],
+    'SystemPriority' : [ 0x1e7, ['unsigned char']],
+    'LockEntries' : [ 0x1e8, ['array', 6, ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x308, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x30c, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x310, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x320, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x324, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x328, ['long']],
+    'KeReferenceCount' : [ 0x32c, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x32e, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x32f, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x330, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x334, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x334, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x338, ['unsigned long']],
+    'QueuedScb' : [ 0x33c, ['pointer', ['_KSCB']]],
+    'NpxState' : [ 0x340, ['unsigned long long']],
+    'ThreadTimerDelay' : [ 0x348, ['unsigned long']],
+    'ThreadFlags2' : [ 0x34c, ['long']],
+    'PpmPolicy' : [ 0x34c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'ThreadFlags2Reserved' : [ 0x34c, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AbWaitObject' : [ 0x350, ['pointer', ['void']]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'ActualLimit' : [ 0x4, ['unsigned long']],
+    'StackExpansion' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousTrapFrame' : [ 0x8, ['pointer', ['_KTRAP_FRAME']]],
+    'PreviousExceptionList' : [ 0xc, ['pointer', ['void']]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Event' : [ 0xc, ['_KEVENT']],
+    'OldIrql' : [ 0x1c, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_SLIST_HEADER' : [ 0x8, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x4, ['unsigned short']],
+    'CpuId' : [ 0x6, ['unsigned short']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x48, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['unsigned long']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['_FAST_MUTEX']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer', ['void']]],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Parameter' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer', ['void']]],
+    'DeleteContext' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x8, {
+    'P' : [ 0x0, ['pointer', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x4, ['pointer', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x100, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long']],
+    'IdleSmtSet' : [ 0x4, ['unsigned long']],
+    'IdleCpuSet' : [ 0x8, ['unsigned long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long']],
+    'IdleConstrainedSet' : [ 0x44, ['unsigned long']],
+    'NonParkedSet' : [ 0x48, ['unsigned long']],
+    'NonIsrTargetedSet' : [ 0x4c, ['unsigned long']],
+    'ParkLock' : [ 0x50, ['long']],
+    'ThreadSeed' : [ 0x54, ['unsigned short']],
+    'ProcessSeed' : [ 0x56, ['unsigned short']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x84, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x84, ['array', 6, ['unsigned char']]],
+    'NodeNumber' : [ 0x8a, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x8c, ['unsigned short']],
+    'Spare0' : [ 0x8e, ['unsigned short']],
+    'SharedReadyQueueMask' : [ 0x90, ['unsigned long']],
+    'StrideMask' : [ 0x94, ['unsigned long']],
+    'ProximityId' : [ 0x98, ['unsigned long']],
+    'Lowest' : [ 0x9c, ['unsigned long']],
+    'Highest' : [ 0xa0, ['unsigned long']],
+    'MaximumProcessors' : [ 0xa4, ['unsigned char']],
+    'Flags' : [ 0xa5, ['_flags']],
+    'Spare10' : [ 0xa6, ['unsigned char']],
+    'HeteroSets' : [ 0xa8, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+    'PpmConfiguredQosSets' : [ 0xe4, ['array', 4, ['unsigned long']]],
+    'LLCLeaders' : [ 0xf4, ['unsigned long']],
+} ],
+  '_ENODE' : [ 0x140, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'HotAddProcessorWorkItem' : [ 0x100, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long']],
+    'QuotaProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x10, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'StrictFIFO' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x1c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x1c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x24, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 20, ['unsigned char']]],
+    'DebugInfo' : [ 0x54, ['pointer', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'VolatileLowValue' : [ 0x0, ['long']],
+    'LowValue' : [ 0x0, ['long']],
+    'InfoTable' : [ 0x0, ['pointer', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x4, ['long']],
+    'NextFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x4, ['_EXHANDLE']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'RefCountField' : [ 0x4, ['long']],
+    'GrantedAccessBits' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'ProtectFromClose' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'RefCnt' : [ 0x4, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_FAST_REF' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1365' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0x74, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'AuxData' : [ 0x30, ['pointer', ['void']]],
+    'Privileges' : [ 0x34, ['__unnamed_1365']],
+    'AuditPrivileges' : [ 0x60, ['unsigned char']],
+    'ObjectName' : [ 0x64, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x6c, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xc4, {
+    'PrivilegesUsed' : [ 0x0, ['pointer', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x4, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x14, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x18, ['unsigned long']],
+    'TransactionId' : [ 0x1c, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x30, ['pointer', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x34, ['pointer', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x38, ['pointer', ['void']]],
+    'SDLock' : [ 0x3c, ['pointer', ['void']]],
+    'AccessReasons' : [ 0x40, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xc0, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x488, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x358, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x360, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x360, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x368, ['pointer', ['void']]],
+    'PostBlockList' : [ 0x36c, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x36c, ['pointer', ['void']]],
+    'StartAddress' : [ 0x370, ['pointer', ['void']]],
+    'TerminationPort' : [ 0x374, ['pointer', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x374, ['pointer', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x374, ['pointer', ['void']]],
+    'ActiveTimerListLock' : [ 0x378, ['unsigned long']],
+    'ActiveTimerListHead' : [ 0x37c, ['_LIST_ENTRY']],
+    'Cid' : [ 0x384, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x38c, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x38c, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x3a0, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x3a4, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x3ac, ['unsigned long']],
+    'DeviceToVerify' : [ 0x3b0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x3b4, ['pointer', ['void']]],
+    'LegacyPowerObject' : [ 0x3b8, ['pointer', ['void']]],
+    'ThreadListEntry' : [ 0x3bc, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x3c4, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x3c8, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x3cc, ['unsigned long']],
+    'MmLockOrdering' : [ 0x3d0, ['long']],
+    'CrossThreadFlags' : [ 0x3d4, ['unsigned long']],
+    'Terminated' : [ 0x3d4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x3d4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x3d4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x3d4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x3d4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x3d4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x3d4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x3d4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x3d4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x3d4, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x3d4, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x3d4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x3d4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x3d4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x3d4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x3d4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x3d4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x3d4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ForcedSelfTrimActive' : [ 0x3d4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SamplingCoverage' : [ 0x3d4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x3d4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x3d8, ['unsigned long']],
+    'ActiveExWorker' : [ 0x3d8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x3d8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x3d8, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x3d8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x3d8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x3d8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x3d8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x3d8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SecureContext' : [ 0x3d8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ZeroPageThread' : [ 0x3d8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WorkloadClass' : [ 0x3d8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x3d8, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x3dc, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x3dc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x3dc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x3dc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x3dc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x3dc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x3dc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x3dc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x3dc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x3dd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x3dd, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'AllowUserWritesToExecutableMemory' : [ 0x3dd, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'AllowKernelWritesToExecutableMemory' : [ 0x3dd, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsVadShared' : [ 0x3dd, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x3e0, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x3e1, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x3e2, ['unsigned char']],
+    'LockOrderState' : [ 0x3e3, ['unsigned char']],
+    'AlpcMessageId' : [ 0x3e4, ['unsigned long']],
+    'AlpcMessage' : [ 0x3e8, ['pointer', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x3e8, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x3ec, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x3f4, ['long']],
+    'CacheManagerCount' : [ 0x3f8, ['unsigned long']],
+    'IoBoostCount' : [ 0x3fc, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x400, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x404, ['unsigned long']],
+    'KernelStackReference' : [ 0x408, ['unsigned long']],
+    'BoostList' : [ 0x40c, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x414, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x41c, ['unsigned long']],
+    'IrpListLock' : [ 0x420, ['unsigned long']],
+    'ReservedForSynchTracking' : [ 0x424, ['pointer', ['void']]],
+    'CmCallbackListHead' : [ 0x428, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x42c, ['pointer', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x430, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x434, ['pointer', ['void']]],
+    'AdjustedClientToken' : [ 0x438, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x43c, ['pointer', ['void']]],
+    'PropertySet' : [ 0x440, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x44c, ['pointer', ['void']]],
+    'UserFsBase' : [ 0x450, ['unsigned long']],
+    'UserGsBase' : [ 0x454, ['unsigned long']],
+    'EnergyValues' : [ 0x458, ['pointer', ['_THREAD_ENERGY_VALUES']]],
+    'CmDbgInfo' : [ 0x45c, ['pointer', ['void']]],
+    'SelectedCpuSets' : [ 0x460, ['unsigned long']],
+    'SelectedCpuSetsIndirect' : [ 0x460, ['pointer', ['unsigned long']]],
+    'Silo' : [ 0x464, ['pointer', ['_EJOB']]],
+    'ThreadName' : [ 0x468, ['pointer', ['_UNICODE_STRING']]],
+    'LastExpectedRunTime' : [ 0x46c, ['unsigned long']],
+    'HeapData' : [ 0x470, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x474, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x47c, ['unsigned long']],
+    'DisownedOwnerEntryListHead' : [ 0x480, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_13bc' : [ 0x4, {
+    'ControlFlowGuardEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditDisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'AuditDisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'AuditProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'AuditProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinaries' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinariesAllowStore' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AuditLoaderIntegrityContinuity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'EnableModuleTamperingProtection' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'EnableModuleTamperingProtectionNoInherit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RestrictIndirectBranchPrediction' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IsolateSecurityDomain' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_13be' : [ 0x4, {
+    'EnableExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AuditExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'EnableRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuditRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuditRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'EnableRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AuditRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'EnableImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisablePageCombine' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SpeculativeStoreBypassDisable' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'CetUserShadowStacks' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+} ],
+  '_EPROCESS' : [ 0x480, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0xb4, ['pointer', ['void']]],
+    'ActiveProcessLinks' : [ 0xb8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0xc0, ['_EX_RUNDOWN_REF']],
+    'VdmObjects' : [ 0xc4, ['pointer', ['void']]],
+    'Flags2' : [ 0xc8, ['unsigned long']],
+    'JobNotReallyActive' : [ 0xc8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0xc8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0xc8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0xc8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0xc8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0xc8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0xc8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0xc8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0xc8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0xc8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PicoCreated' : [ 0xc8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0xc8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0xc8, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0xc8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0xc8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0xc8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0xc8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0xc8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0xc8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0xc8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0xc8, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'EnableReadVmLogging' : [ 0xc8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'EnableWriteVmLogging' : [ 0xc8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0xc8, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0xc8, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0xc8, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0xc8, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'InPrivate' : [ 0xc8, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0xcc, ['unsigned long']],
+    'CreateReported' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0xcc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0xcc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0xcc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ManageExecutableMemoryWrites' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0xcc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0xcc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0xcc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0xcc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0xcc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0xcc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0xcc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0xcc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0xcc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0xcc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0xcc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0xcc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0xcc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0xcc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0xcc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0xcc, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0xcc, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0xcc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0xd0, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0xd8, ['array', 2, ['unsigned long']]],
+    'ProcessQuotaPeak' : [ 0xe0, ['array', 2, ['unsigned long']]],
+    'PeakVirtualSize' : [ 0xe8, ['unsigned long']],
+    'VirtualSize' : [ 0xec, ['unsigned long']],
+    'SessionProcessLinks' : [ 0xf0, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0xf8, ['pointer', ['void']]],
+    'ExceptionPortValue' : [ 0xf8, ['unsigned long']],
+    'ExceptionPortState' : [ 0xf8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Token' : [ 0xfc, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x100, ['unsigned long']],
+    'AddressCreationLock' : [ 0x104, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x108, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x10c, ['pointer', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x110, ['pointer', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x114, ['pointer', ['_EJOB']]],
+    'CloneRoot' : [ 0x118, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x11c, ['unsigned long']],
+    'NumberOfLockedPages' : [ 0x120, ['unsigned long']],
+    'Win32Process' : [ 0x124, ['pointer', ['void']]],
+    'Job' : [ 0x128, ['pointer', ['_EJOB']]],
+    'SectionObject' : [ 0x12c, ['pointer', ['void']]],
+    'SectionBaseAddress' : [ 0x130, ['pointer', ['void']]],
+    'Cookie' : [ 0x134, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x138, ['pointer', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x13c, ['pointer', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x140, ['pointer', ['void']]],
+    'LdtInformation' : [ 0x144, ['pointer', ['void']]],
+    'OwnerProcessId' : [ 0x148, ['unsigned long']],
+    'Peb' : [ 0x14c, ['pointer', ['_PEB']]],
+    'Session' : [ 0x150, ['pointer', ['_MM_SESSION_SPACE']]],
+    'Spare1' : [ 0x154, ['pointer', ['void']]],
+    'QuotaBlock' : [ 0x158, ['pointer', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x15c, ['pointer', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x160, ['pointer', ['void']]],
+    'PaeTop' : [ 0x164, ['pointer', ['void']]],
+    'DeviceMap' : [ 0x168, ['pointer', ['void']]],
+    'EtwDataSource' : [ 0x16c, ['pointer', ['void']]],
+    'PageDirectoryPte' : [ 0x170, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x178, ['pointer', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x17c, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x18b, ['unsigned char']],
+    'SecurityPort' : [ 0x18c, ['pointer', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x190, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x194, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x19c, ['pointer', ['void']]],
+    'ThreadListHead' : [ 0x1a0, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x1a8, ['unsigned long']],
+    'ImagePathHash' : [ 0x1ac, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x1b0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x1b4, ['long']],
+    'PrefetchTrace' : [ 0x1b8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x1bc, ['pointer', ['void']]],
+    'ReadOperationCount' : [ 0x1c0, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x1c8, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x1d0, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x1e8, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x1f0, ['unsigned long']],
+    'CommitCharge' : [ 0x1f4, ['unsigned long']],
+    'CommitChargePeak' : [ 0x1f8, ['unsigned long']],
+    'Vm' : [ 0x200, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x300, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x308, ['unsigned long']],
+    'ExitStatus' : [ 0x30c, ['long']],
+    'VadRoot' : [ 0x310, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x314, ['pointer', ['void']]],
+    'VadCount' : [ 0x318, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x31c, ['unsigned long']],
+    'VadPhysicalPagesLimit' : [ 0x320, ['unsigned long']],
+    'AlpcContext' : [ 0x324, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x334, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x33c, ['pointer', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x340, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x344, ['unsigned long']],
+    'ExitTime' : [ 0x348, ['_LARGE_INTEGER']],
+    'ActiveThreadsHighWatermark' : [ 0x350, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x354, ['unsigned long']],
+    'ThreadListLock' : [ 0x358, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x35c, ['pointer', ['void']]],
+    'ServerSilo' : [ 0x360, ['pointer', ['_EJOB']]],
+    'SignatureLevel' : [ 0x364, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x365, ['unsigned char']],
+    'Protection' : [ 0x366, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x367, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'GhostCount' : [ 0x367, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'PrefilterException' : [ 0x367, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Flags3' : [ 0x368, ['unsigned long']],
+    'Minimal' : [ 0x368, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x368, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Crashed' : [ 0x368, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x368, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x368, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x368, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x368, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x368, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x368, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x368, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x368, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x368, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SystemProcess' : [ 0x368, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'HideImageBaseAddresses' : [ 0x368, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x368, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProcessFirstResume' : [ 0x368, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ForegroundExternal' : [ 0x368, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ForegroundSystem' : [ 0x368, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HighMemoryPriority' : [ 0x368, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'EnableProcessSuspendResumeLogging' : [ 0x368, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'EnableThreadSuspendResumeLogging' : [ 0x368, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SecurityDomainChanged' : [ 0x368, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'SecurityFreezeComplete' : [ 0x368, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'VmProcessorHost' : [ 0x368, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x36c, ['long']],
+    'SvmData' : [ 0x370, ['pointer', ['void']]],
+    'SvmProcessLock' : [ 0x374, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x378, ['unsigned long']],
+    'SvmProcessDeviceListHead' : [ 0x37c, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x388, ['unsigned long long']],
+    'DiskCounters' : [ 0x390, ['pointer', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x394, ['pointer', ['void']]],
+    'HighPriorityFaultsAllowed' : [ 0x398, ['unsigned long']],
+    'InstrumentationCallback' : [ 0x39c, ['pointer', ['void']]],
+    'EnergyContext' : [ 0x3a0, ['pointer', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x3a4, ['pointer', ['void']]],
+    'SequenceNumber' : [ 0x3a8, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x3b0, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x3b8, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x3c0, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x3c8, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x3d0, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x3d0, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x3d8, ['unsigned long']],
+    'SharedCommitLock' : [ 0x3dc, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x3e0, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x3e8, ['unsigned long']],
+    'DefaultCpuSets' : [ 0x3ec, ['unsigned long']],
+    'AllowedCpuSetsIndirect' : [ 0x3e8, ['pointer', ['unsigned long']]],
+    'DefaultCpuSetsIndirect' : [ 0x3ec, ['pointer', ['unsigned long']]],
+    'DiskIoAttribution' : [ 0x3f0, ['pointer', ['void']]],
+    'DxgProcess' : [ 0x3f4, ['pointer', ['void']]],
+    'Win32KFilterSet' : [ 0x3f8, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x400, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x408, ['unsigned long']],
+    'KTimer2Sets' : [ 0x40c, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x410, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x414, ['unsigned long']],
+    'VirtualTimerListHead' : [ 0x418, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x420, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x420, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'MitigationFlags' : [ 0x450, ['unsigned long']],
+    'MitigationFlagsValues' : [ 0x450, ['__unnamed_13bc']],
+    'MitigationFlags2' : [ 0x454, ['unsigned long']],
+    'MitigationFlags2Values' : [ 0x454, ['__unnamed_13be']],
+    'PartitionObject' : [ 0x458, ['pointer', ['void']]],
+    'SecurityDomain' : [ 0x460, ['unsigned long long']],
+    'ParentSecurityDomain' : [ 0x468, ['unsigned long long']],
+    'CoverageSamplerContext' : [ 0x470, ['pointer', ['void']]],
+    'MmHotPatchContext' : [ 0x474, ['pointer', ['void']]],
+} ],
+  '__unnamed_13d1' : [ 0x4, {
+    'MasterIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_13d7' : [ 0x8, {
+    'UserApcRoutine' : [ 0x0, ['pointer', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer', ['void']]],
+    'UserApcContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_13d9' : [ 0x8, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13d7']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13e2' : [ 0x2c, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer', ['void']]]],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x14, ['pointer', ['unsigned char']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x20, ['pointer', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x20, ['unsigned long']],
+    'OriginalFileObject' : [ 0x24, ['pointer', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '__unnamed_13e4' : [ 0x30, {
+    'Overlay' : [ 0x0, ['__unnamed_13e2']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IRP' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x4, ['pointer', ['_MDL']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AssociatedIrp' : [ 0xc, ['__unnamed_13d1']],
+    'ThreadListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x18, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x20, ['unsigned char']],
+    'PendingReturned' : [ 0x21, ['unsigned char']],
+    'StackCount' : [ 0x22, ['unsigned char']],
+    'CurrentLocation' : [ 0x23, ['unsigned char']],
+    'Cancel' : [ 0x24, ['unsigned char']],
+    'CancelIrql' : [ 0x25, ['unsigned char']],
+    'ApcEnvironment' : [ 0x26, ['unsigned char']],
+    'AllocationFlags' : [ 0x27, ['unsigned char']],
+    'UserIosb' : [ 0x28, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x2c, ['pointer', ['_KEVENT']]],
+    'Overlay' : [ 0x30, ['__unnamed_13d9']],
+    'CancelRoutine' : [ 0x38, ['pointer', ['void']]],
+    'UserBuffer' : [ 0x3c, ['pointer', ['void']]],
+    'Tail' : [ 0x40, ['__unnamed_13e4']],
+} ],
+  '__unnamed_13eb' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'FileAttributes' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'EaLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13ef' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13f3' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_13f5' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_13f9' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_13fb' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_13ff' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+    'DirectoryNotifyInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'DirectoryNotifyInformation', 2: u'DirectoryNotifyExtendedInformation'})]],
+} ],
+  '__unnamed_1401' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_1403' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0xc, ['unsigned char']],
+    'AdvanceOnly' : [ 0xd, ['unsigned char']],
+    'ClusterCount' : [ 0xc, ['unsigned long']],
+    'DeleteHandle' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1405' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x4, ['pointer', ['void']]],
+    'EaListLength' : [ 0x8, ['unsigned long']],
+    'EaIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1407' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_140b' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsFullSizeInformationEx', 15: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_140d' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'FsControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1410' : [ 0x10, {
+    'Length' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1412' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'IoControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1414' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1416' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_141a' : [ 0x8, {
+    'Vpb' : [ 0x0, ['pointer', ['_VPB']]],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_141e' : [ 0x4, {
+    'Srb' : [ 0x0, ['pointer', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1422' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x4, ['pointer', ['void']]],
+    'SidList' : [ 0x8, ['pointer', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1426' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_142a' : [ 0x10, {
+    'InterfaceType' : [ 0x0, ['pointer', ['_GUID']]],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned short']],
+    'Interface' : [ 0x8, ['pointer', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_142e' : [ 0x4, {
+    'Capabilities' : [ 0x0, ['pointer', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1432' : [ 0x4, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1434' : [ 0x10, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['void']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+    'Length' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1436' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_143a' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_143e' : [ 0x8, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1442' : [ 0x8, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay', 6: u'DeviceUsageTypeGuestAssigned'})]],
+} ],
+  '__unnamed_1446' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_144a' : [ 0x4, {
+    'PowerSequence' : [ 0x0, ['pointer', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1452' : [ 0x10, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x8, ['_POWER_STATE']],
+    'ShutdownType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_1456' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x4, ['pointer', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1458' : [ 0x10, {
+    'ProviderId' : [ 0x0, ['unsigned long']],
+    'DataPath' : [ 0x4, ['pointer', ['void']]],
+    'BufferSize' : [ 0x8, ['unsigned long']],
+    'Buffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_145a' : [ 0x10, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_145c' : [ 0x10, {
+    'Create' : [ 0x0, ['__unnamed_13eb']],
+    'CreatePipe' : [ 0x0, ['__unnamed_13ef']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_13f3']],
+    'Read' : [ 0x0, ['__unnamed_13f5']],
+    'Write' : [ 0x0, ['__unnamed_13f5']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_13f9']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_13fb']],
+    'NotifyDirectoryEx' : [ 0x0, ['__unnamed_13ff']],
+    'QueryFile' : [ 0x0, ['__unnamed_1401']],
+    'SetFile' : [ 0x0, ['__unnamed_1403']],
+    'QueryEa' : [ 0x0, ['__unnamed_1405']],
+    'SetEa' : [ 0x0, ['__unnamed_1407']],
+    'QueryVolume' : [ 0x0, ['__unnamed_140b']],
+    'SetVolume' : [ 0x0, ['__unnamed_140b']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_140d']],
+    'LockControl' : [ 0x0, ['__unnamed_1410']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1412']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1414']],
+    'SetSecurity' : [ 0x0, ['__unnamed_1416']],
+    'MountVolume' : [ 0x0, ['__unnamed_141a']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_141a']],
+    'Scsi' : [ 0x0, ['__unnamed_141e']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1422']],
+    'SetQuota' : [ 0x0, ['__unnamed_1407']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1426']],
+    'QueryInterface' : [ 0x0, ['__unnamed_142a']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_142e']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1432']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1434']],
+    'SetLock' : [ 0x0, ['__unnamed_1436']],
+    'QueryId' : [ 0x0, ['__unnamed_143a']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_143e']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1442']],
+    'WaitWake' : [ 0x0, ['__unnamed_1446']],
+    'PowerSequence' : [ 0x0, ['__unnamed_144a']],
+    'Power' : [ 0x0, ['__unnamed_1452']],
+    'StartDevice' : [ 0x0, ['__unnamed_1456']],
+    'WMI' : [ 0x0, ['__unnamed_1458']],
+    'Others' : [ 0x0, ['__unnamed_145a']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x24, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x4, ['__unnamed_145c']],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_1472' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x14, ['pointer', ['_IRP']]],
+    'Timer' : [ 0x18, ['pointer', ['_IO_TIMER']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Characteristics' : [ 0x20, ['unsigned long']],
+    'Vpb' : [ 0x24, ['pointer', ['_VPB']]],
+    'DeviceExtension' : [ 0x28, ['pointer', ['void']]],
+    'DeviceType' : [ 0x2c, ['unsigned long']],
+    'StackSize' : [ 0x30, ['unsigned char']],
+    'Queue' : [ 0x34, ['__unnamed_1472']],
+    'AlignmentRequirement' : [ 0x5c, ['unsigned long']],
+    'DeviceQueue' : [ 0x60, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0x74, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x94, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x98, ['pointer', ['void']]],
+    'DeviceLock' : [ 0x9c, ['_KEVENT']],
+    'SectorSize' : [ 0xac, ['unsigned short']],
+    'Spare1' : [ 0xae, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0xb0, ['pointer', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0xb4, ['pointer', ['void']]],
+} ],
+  '_KDPC' : [ 0x20, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x8, ['unsigned long']],
+    'DeferredRoutine' : [ 0xc, ['pointer', ['void']]],
+    'DeferredContext' : [ 0x10, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x14, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x18, ['pointer', ['void']]],
+    'DpcData' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x14, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x4, ['pointer', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x8, ['pointer', ['void']]],
+    'TxnParameters' : [ 0xc, ['pointer', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x10, ['pointer', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x3a0, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x20, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0x60, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0x68, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0x78, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0x80, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0x88, ['unsigned long']],
+    'TotalProcesses' : [ 0x8c, ['unsigned long']],
+    'ActiveProcesses' : [ 0x90, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0x94, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0x98, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xa0, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xa8, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0xac, ['unsigned long']],
+    'LimitFlags' : [ 0xb0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xb4, ['unsigned long']],
+    'Affinity' : [ 0xb8, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0xc4, ['pointer', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0xc8, ['pointer', ['void']]],
+    'UIRestrictionsClass' : [ 0xcc, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0xd0, ['unsigned long']],
+    'CompletionPort' : [ 0xd4, ['pointer', ['void']]],
+    'CompletionKey' : [ 0xd8, ['pointer', ['void']]],
+    'CompletionCount' : [ 0xe0, ['unsigned long long']],
+    'SessionId' : [ 0xe8, ['unsigned long']],
+    'SchedulingClass' : [ 0xec, ['unsigned long']],
+    'ReadOperationCount' : [ 0xf0, ['unsigned long long']],
+    'WriteOperationCount' : [ 0xf8, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x100, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x108, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x110, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x118, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x120, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x148, ['unsigned long']],
+    'JobMemoryLimit' : [ 0x14c, ['unsigned long']],
+    'JobTotalMemoryLimit' : [ 0x150, ['unsigned long']],
+    'PeakProcessMemoryUsed' : [ 0x154, ['unsigned long']],
+    'PeakJobMemoryUsed' : [ 0x158, ['unsigned long']],
+    'EffectiveAffinity' : [ 0x15c, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x168, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x170, ['unsigned long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x174, ['unsigned long']],
+    'EffectiveProcessMemoryLimit' : [ 0x178, ['unsigned long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x17c, ['pointer', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x180, ['pointer', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x184, ['pointer', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x188, ['pointer', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x18c, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x190, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x194, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x198, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x19c, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x1a0, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x1a4, ['unsigned char']],
+    'PriorityClass' : [ 0x1a5, ['unsigned char']],
+    'NestingDepth' : [ 0x1a6, ['unsigned char']],
+    'Reserved1' : [ 0x1a7, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x1a8, ['unsigned long']],
+    'WakeChannel' : [ 0x1b0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x1b0, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x1f8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x200, ['unsigned long']],
+    'NotificationLink' : [ 0x204, ['pointer', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x208, ['unsigned long long']],
+    'NotificationInfo' : [ 0x210, ['pointer', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x214, ['pointer', ['void']]],
+    'NotificationPacket' : [ 0x218, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x21c, ['pointer', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x220, ['pointer', ['void']]],
+    'ReadyTime' : [ 0x228, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x230, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x234, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x23c, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x244, ['pointer', ['_EJOB']]],
+    'RootJob' : [ 0x248, ['pointer', ['_EJOB']]],
+    'IteratorListHead' : [ 0x24c, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x254, ['unsigned long']],
+    'Ancestors' : [ 0x258, ['pointer', ['pointer', ['_EJOB']]]],
+    'SessionObject' : [ 0x258, ['pointer', ['void']]],
+    'Accounting' : [ 0x260, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x2b8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x2bc, ['unsigned long']],
+    'SequenceNumber' : [ 0x2c0, ['unsigned long']],
+    'JobId' : [ 0x2c4, ['unsigned long']],
+    'ContainerId' : [ 0x2c8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x2d8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x2e8, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x2ec, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x2f8, ['pointer', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x2fc, ['pointer', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x300, ['unsigned long']],
+    'CloseDone' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x300, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x300, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x300, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x300, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x300, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x300, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x300, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x300, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x300, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x300, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x300, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x300, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x300, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x300, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x300, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x300, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x300, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x304, ['unsigned long']],
+    'ParentLocked' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x308, ['pointer', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x30c, ['unsigned long']],
+    'DiskIoAttributionUserRefCount' : [ 0x310, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x314, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x318, ['pointer', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x318, ['pointer', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x31c, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x330, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x34c, ['long']],
+    'VolumeIoControlTree' : [ 0x350, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x358, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x360, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x364, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x368, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x36c, ['unsigned long']],
+    'LastThrottledIoTime' : [ 0x370, ['unsigned long long']],
+    'IoControlLock' : [ 0x378, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x37c, ['unsigned long']],
+    'RundownWorkItem' : [ 0x380, ['_WORK_QUEUE_ITEM']],
+    'PartitionObject' : [ 0x390, ['pointer', ['void']]],
+    'PartitionOwnerJob' : [ 0x394, ['pointer', ['_EJOB']]],
+    'EnergyTrackingState' : [ 0x398, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MDL']]],
+    'Size' : [ 0x4, ['short']],
+    'MdlFlags' : [ 0x6, ['short']],
+    'Process' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0xc, ['pointer', ['void']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'ByteCount' : [ 0x14, ['unsigned long']],
+    'ByteOffset' : [ 0x18, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x68, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x5c, ['pointer', ['void']]],
+    'UserContext' : [ 0x60, ['pointer', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0x80, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x8, ['pointer', ['_VPB']]],
+    'FsContext' : [ 0xc, ['pointer', ['void']]],
+    'FsContext2' : [ 0x10, ['pointer', ['void']]],
+    'SectionObjectPointer' : [ 0x14, ['pointer', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x18, ['pointer', ['void']]],
+    'FinalStatus' : [ 0x1c, ['long']],
+    'RelatedFileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x24, ['unsigned char']],
+    'DeletePending' : [ 0x25, ['unsigned char']],
+    'ReadAccess' : [ 0x26, ['unsigned char']],
+    'WriteAccess' : [ 0x27, ['unsigned char']],
+    'DeleteAccess' : [ 0x28, ['unsigned char']],
+    'SharedRead' : [ 0x29, ['unsigned char']],
+    'SharedWrite' : [ 0x2a, ['unsigned char']],
+    'SharedDelete' : [ 0x2b, ['unsigned char']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x40, ['unsigned long']],
+    'Busy' : [ 0x44, ['unsigned long']],
+    'LastLock' : [ 0x48, ['pointer', ['void']]],
+    'Lock' : [ 0x4c, ['_KEVENT']],
+    'Event' : [ 0x5c, ['_KEVENT']],
+    'CompletionContext' : [ 0x6c, ['pointer', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0x70, ['unsigned long']],
+    'IrpList' : [ 0x74, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x4, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x38, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0x8, ['unsigned long']],
+    'CurrentFileIndex' : [ 0x8, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+    'FirstFileEntry' : [ 0x28, ['pointer', ['unsigned long']]],
+    'Process' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer', ['unsigned long']]],
+    'LastPageFrameEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+} ],
+  '_MCUPDATE_INFO' : [ 0x28, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'Status' : [ 0x8, ['unsigned long']],
+    'Id' : [ 0x10, ['unsigned long long']],
+    'VendorScratch' : [ 0x18, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x1b0, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY' : [ 0x20, {
+    'Header' : [ 0x0, ['_WHEA_EVENT_LOG_ENTRY_HEADER']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_FLAGS' : [ 0x4, {
+    'LogTelemetry' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LogInternalEtw' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LogBlackbox' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LogSel' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RawSel' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric', 7: u'WheaErrTypePmem'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0xc, ['pointer', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x10, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x28, ['pointer', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x2c, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x38, ['pointer', ['pointer', ['void']]]],
+    'Oplock' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedForRemote' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedContext' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_iobuf' : [ 0x20, {
+    '_ptr' : [ 0x0, ['pointer', ['unsigned char']]],
+    '_cnt' : [ 0x4, ['long']],
+    '_base' : [ 0x8, ['pointer', ['unsigned char']]],
+    '_flag' : [ 0xc, ['long']],
+    '_file' : [ 0x10, ['long']],
+    '_charbuf' : [ 0x14, ['long']],
+    '_bufsiz' : [ 0x18, ['long']],
+    '_tmpfname' : [ 0x1c, ['pointer', ['unsigned char']]],
+} ],
+  '_RTL_HASH_TABLE' : [ 0xc, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x8, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0xc, {
+    'Hash' : [ 0x0, ['pointer', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x4, ['pointer', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x10, {
+    'Table' : [ 0x0, ['pointer', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x4, ['unsigned long']],
+    'EntryMax' : [ 0x8, ['unsigned long']],
+    'EntryCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x4, {
+    'Key' : [ 0x0, ['unsigned long']],
+} ],
+  '_TlgProvider_t' : [ 0x28, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x4, ['pointer', ['unsigned short']]],
+    'KeywordAny' : [ 0x8, ['unsigned long long']],
+    'KeywordAll' : [ 0x10, ['unsigned long long']],
+    'RegHandle' : [ 0x18, ['unsigned long long']],
+    'EnableCallback' : [ 0x20, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_TlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  'wil_details_FeaturePropertyCache' : [ 0x4, {
+    'cache' : [ 0x0, ['wil_details_FeatureProperties']],
+    'variant' : [ 0x0, ['wil_details_VariantProperties']],
+    'var' : [ 0x0, ['long']],
+} ],
+  'wil_details_SetPropertyFlagContext' : [ 0xc, {
+    'result' : [ 0x0, ['pointer', ['wil_details_RecordUsageResult']]],
+    'flags' : [ 0x4, ['unsigned long']],
+    'ignoreReporting' : [ 0x8, ['long']],
+} ],
+  'wil_details_RecordUsageResult' : [ 0x18, {
+    'queueBackground' : [ 0x0, ['long']],
+    'countImmediate' : [ 0x4, ['unsigned long']],
+    'kindImmediate' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_ServiceReportingKind_UniqueUsage', 1: u'wil_details_ServiceReportingKind_UniqueOpportunity', 2: u'wil_details_ServiceReportingKind_DeviceUsage', 3: u'wil_details_ServiceReportingKind_DeviceOpportunity', 4: u'wil_details_ServiceReportingKind_PotentialUniqueUsage', 5: u'wil_details_ServiceReportingKind_PotentialUniqueOpportunity', 6: u'wil_details_ServiceReportingKind_PotentialDeviceUsage', 7: u'wil_details_ServiceReportingKind_PotentialDeviceOpportunity', 8: u'wil_details_ServiceReportingKind_EnabledTotalDuration', 9: u'wil_details_ServiceReportingKind_EnabledPausedDuration', 10: u'wil_details_ServiceReportingKind_DisabledTotalDuration', 11: u'wil_details_ServiceReportingKind_DisabledPausedDuration', 256: u'wil_details_ServiceReportingKind_VariantDevicePotentialBase', 320: u'wil_details_ServiceReportingKind_VariantDeviceUsageBase', 384: u'wil_details_ServiceReportingKind_VariantUniquePotentialBase', 448: u'wil_details_ServiceReportingKind_VariantUniqueUsageBase', 150: u'wil_details_ServiceReportingKind_CustomDisabledBase', 100: u'wil_details_ServiceReportingKind_CustomEnabledBase', 254: u'wil_details_ServiceReportingKind_Store', 255: u'wil_details_ServiceReportingKind_None'})]],
+    'payloadId' : [ 0xc, ['unsigned long']],
+    'ignoredUse' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_SetPropertyCacheUsageContext' : [ 0xc, {
+    'result' : [ 0x0, ['pointer', ['wil_details_RecordUsageResult']]],
+    'kind' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_ServiceReportingKind_UniqueUsage', 1: u'wil_details_ServiceReportingKind_UniqueOpportunity', 2: u'wil_details_ServiceReportingKind_DeviceUsage', 3: u'wil_details_ServiceReportingKind_DeviceOpportunity', 4: u'wil_details_ServiceReportingKind_PotentialUniqueUsage', 5: u'wil_details_ServiceReportingKind_PotentialUniqueOpportunity', 6: u'wil_details_ServiceReportingKind_PotentialDeviceUsage', 7: u'wil_details_ServiceReportingKind_PotentialDeviceOpportunity', 8: u'wil_details_ServiceReportingKind_EnabledTotalDuration', 9: u'wil_details_ServiceReportingKind_EnabledPausedDuration', 10: u'wil_details_ServiceReportingKind_DisabledTotalDuration', 11: u'wil_details_ServiceReportingKind_DisabledPausedDuration', 256: u'wil_details_ServiceReportingKind_VariantDevicePotentialBase', 320: u'wil_details_ServiceReportingKind_VariantDeviceUsageBase', 384: u'wil_details_ServiceReportingKind_VariantUniquePotentialBase', 448: u'wil_details_ServiceReportingKind_VariantUniqueUsageBase', 150: u'wil_details_ServiceReportingKind_CustomDisabledBase', 100: u'wil_details_ServiceReportingKind_CustomEnabledBase', 254: u'wil_details_ServiceReportingKind_Store', 255: u'wil_details_ServiceReportingKind_None'})]],
+    'addend' : [ 0x8, ['unsigned long']],
+} ],
+  'FEATURE_ERROR' : [ 0x38, {
+    'hr' : [ 0x0, ['unsigned long']],
+    'lineNumber' : [ 0x4, ['unsigned short']],
+    'file' : [ 0x8, ['pointer', ['unsigned char']]],
+    'process' : [ 0xc, ['pointer', ['unsigned char']]],
+    'modulePath' : [ 0x10, ['pointer', ['unsigned char']]],
+    'callerReturnAddressOffset' : [ 0x14, ['unsigned long']],
+    'callerModule' : [ 0x18, ['pointer', ['unsigned char']]],
+    'message' : [ 0x1c, ['pointer', ['unsigned char']]],
+    'originLineNumber' : [ 0x20, ['unsigned short']],
+    'originFile' : [ 0x24, ['pointer', ['unsigned char']]],
+    'originModule' : [ 0x28, ['pointer', ['unsigned char']]],
+    'originCallerReturnAddressOffset' : [ 0x2c, ['unsigned long']],
+    'originCallerModule' : [ 0x30, ['pointer', ['unsigned char']]],
+    'originName' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  'FEATURE_LOGGED_TRAITS' : [ 0x6, {
+    'version' : [ 0x0, ['unsigned short']],
+    'baseVersion' : [ 0x2, ['unsigned short']],
+    'stage' : [ 0x4, ['unsigned char']],
+} ],
+  'wil_details_FeatureVariantPropertyCache' : [ 0x8, {
+    'propertyCache' : [ 0x0, ['wil_details_FeaturePropertyCache']],
+    'payloadId' : [ 0x4, ['unsigned long']],
+} ],
+  'wil_details_StagingConfigFeature' : [ 0xc, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'changedInSession' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'unused1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned long')]],
+    'serviceState' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 10, native_type='unsigned long')]],
+    'userState' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'testState' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 14, native_type='unsigned long')]],
+    'unused2' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned long')]],
+    'unused3' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'variant' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'payloadKind' : [ 0x4, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+    'payload' : [ 0x8, ['unsigned long']],
+} ],
+  'wil_details_StagingConfig' : [ 0x34, {
+    'store' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureStore_Machine', 1: u'wil_FeatureStore_User', 2: u'wil_FeatureStore_All'})]],
+    'forUpdate' : [ 0x4, ['long']],
+    'readChangeStamp' : [ 0x8, ['unsigned long']],
+    'readVersion' : [ 0xc, ['unsigned char']],
+    'modified' : [ 0x10, ['long']],
+    'header' : [ 0x14, ['pointer', ['wil_details_StagingConfigHeader']]],
+    'features' : [ 0x18, ['pointer', ['wil_details_StagingConfigFeature']]],
+    'triggers' : [ 0x1c, ['pointer', ['wil_details_StagingConfigUsageTrigger']]],
+    'changedInSession' : [ 0x20, ['long']],
+    'buffer' : [ 0x24, ['pointer', ['void']]],
+    'bufferSize' : [ 0x28, ['unsigned long']],
+    'bufferAlloc' : [ 0x2c, ['unsigned long']],
+    'bufferOwned' : [ 0x30, ['long']],
+} ],
+  'wil_details_StagingConfigHeader' : [ 0x10, {
+    'version' : [ 0x0, ['unsigned char']],
+    'versionMinor' : [ 0x1, ['unsigned char']],
+    'headerSizeBytes' : [ 0x2, ['unsigned short']],
+    'featureCount' : [ 0x4, ['unsigned short']],
+    'featureUsageTriggerCount' : [ 0x6, ['unsigned short']],
+    'sessionProperties' : [ 0x8, ['wil_details_StagingConfigHeaderProperties']],
+    'properties' : [ 0xc, ['wil_details_StagingConfigHeaderProperties']],
+} ],
+  'wil_details_StagingConfigUsageTrigger' : [ 0x10, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'trigger' : [ 0x4, ['wil_details_StagingConfigWnfStateName']],
+    'serviceReportingKind' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'unused' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_details_StagingConfigHeaderProperties' : [ 0x4, {
+    'ignoreServiceState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ignoreUserState' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ignoreTestState' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ignoreVariants' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_FeatureState' : [ 0x18, {
+    'enabledState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0x4, ['unsigned char']],
+    'payloadKind' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureVariantPayloadKind_None', 1: u'wil_FeatureVariantPayloadKind_Resident', 2: u'wil_FeatureVariantPayloadKind_External'})]],
+    'payload' : [ 0xc, ['unsigned long']],
+    'hasNotification' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_FeatureTestState' : [ 0x18, {
+    'kind' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_FeatureTestStateKind_EnabledState', 1: u'wil_details_FeatureTestStateKind_Variant'})]],
+    'featureId' : [ 0x4, ['unsigned long']],
+    'state' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0xc, ['unsigned char']],
+    'payload' : [ 0x10, ['unsigned long']],
+    'next' : [ 0x14, ['pointer', ['wil_details_FeatureTestState']]],
+} ],
+  '__WIL__WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_wil_details_UsageSubscriptionData' : [ 0x8, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'serviceReportingKind' : [ 0x4, ['unsigned short']],
+} ],
+  '__unnamed_17e8' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'HighLow' : [ 0x0, ['_MMPTE_HIGHLOW']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_17e8']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0xc, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x4, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0x8, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x8, ['pointer', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'ReservedLowFlags' : [ 0xe, ['unsigned char']],
+    'WaiterPriority' : [ 0xf, ['unsigned char']],
+    'SharedWaiters' : [ 0x10, ['pointer', ['void']]],
+    'ExclusiveWaiters' : [ 0x14, ['pointer', ['void']]],
+    'OwnerEntry' : [ 0x18, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0xc, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x14, {
+    'Total' : [ 0x0, ['unsigned long']],
+    'ListName' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x8, ['unsigned long']],
+    'Blink' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x30, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0xc, ['pointer', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x10, ['pointer', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x14, ['unsigned long']],
+    'NumberOfReferences' : [ 0x18, ['unsigned long']],
+    'CloneHeader' : [ 0x1c, ['pointer', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x20, ['unsigned long']],
+    'DeleteList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'NestingLevel' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_182a' : [ 0x4, {
+    'NextSlistPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x0, ['_MI_ACTIVE_PFN']],
+} ],
+  '__unnamed_182f' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_1831' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1833' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_182f']],
+    'e4' : [ 0x0, ['__unnamed_1831']],
+} ],
+  '__unnamed_1838' : [ 0x4, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 27, native_type='unsigned long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PageColor' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPFN' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_182a']],
+    'PteAddress' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PteLong' : [ 0x4, ['unsigned long']],
+    'OriginalPte' : [ 0x8, ['_MMPTE']],
+    'u2' : [ 0x10, ['_MIPFNBLINK']],
+    'u3' : [ 0x14, ['__unnamed_1833']],
+    'u4' : [ 0x18, ['__unnamed_1838']],
+} ],
+  '__unnamed_1843' : [ 0x4, {
+    'ImageCommitment' : [ 0x0, ['unsigned long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1847' : [ 0x4, {
+    'ImageInformation' : [ 0x0, ['pointer', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x20, ['__unnamed_1843']],
+    'u2' : [ 0x24, ['__unnamed_1847']],
+    'PrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_184c' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_1854' : [ 0xc, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 22, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ImageBaseOkToReuse' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_1856' : [ 0xc, {
+    'e2' : [ 0x0, ['__unnamed_1854']],
+} ],
+  '__unnamed_185b' : [ 0x4, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 20, native_type='unsigned long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x50, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'ListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'AweContext' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfSectionReferences' : [ 0xc, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x10, ['unsigned long']],
+    'NumberOfMappedViews' : [ 0x14, ['unsigned long']],
+    'NumberOfUserReferences' : [ 0x18, ['unsigned long']],
+    'u' : [ 0x1c, ['__unnamed_184c']],
+    'FilePointer' : [ 0x20, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x24, ['long']],
+    'ModifiedWriteCount' : [ 0x28, ['unsigned long']],
+    'WaitList' : [ 0x2c, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x30, ['__unnamed_1856']],
+    'FileObjectLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x40, ['unsigned long long']],
+    'u3' : [ 0x48, ['__unnamed_185b']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x34, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'BasePte' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'VaType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSystemPtesLarge', 14: u'MiVaKernelStacks', 15: u'MiVaMaximumType'})]],
+    'FailureCount' : [ 0x14, ['pointer', ['unsigned long']]],
+    'PteFailures' : [ 0x18, ['unsigned long']],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'GlobalPushLock' : [ 0x1c, ['pointer', ['_EX_PUSH_LOCK']]],
+    'TotalSystemPtes' : [ 0x20, ['unsigned long']],
+    'Hint' : [ 0x24, ['unsigned long']],
+    'LowestBitEverAllocated' : [ 0x28, ['unsigned long']],
+    'CachedPtes' : [ 0x2c, ['pointer', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x30, ['unsigned long']],
+} ],
+  '__unnamed_187d' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+    'PrivateVadFlags' : [ 0x0, ['_MM_PRIVATE_VAD_FLAGS']],
+    'GraphicsVadFlags' : [ 0x0, ['_MM_GRAPHICS_VAD_FLAGS']],
+    'SharedVadFlags' : [ 0x0, ['_MM_SHARED_VAD_FLAGS']],
+    'VolatileVadLong' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1880' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x28, {
+    'NextVad' : [ 0x0, ['pointer', ['_MMVAD_SHORT']]],
+    'ExtraCreateInfo' : [ 0x4, ['pointer', ['void']]],
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x1c, ['__unnamed_187d']],
+    'u1' : [ 0x20, ['__unnamed_1880']],
+    'EventList' : [ 0x24, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x4, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 28, native_type='unsigned long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireKey' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PARTITION' : [ 0x1dc0, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0xe8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x2b8, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x340, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x540, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0x1000, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0x1080, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0x10c0, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x11a0, ['pointer', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x11a4, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'SessionDetachTimeStamp' : [ 0x11ac, ['unsigned long']],
+    'Vp' : [ 0x11c0, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_EPARTITION' : [ 0x40, {
+    'MmPartition' : [ 0x0, ['pointer', ['void']]],
+    'CcPartition' : [ 0x4, ['pointer', ['void']]],
+    'ExPartition' : [ 0x8, ['pointer', ['void']]],
+    'HardReferenceCount' : [ 0xc, ['long']],
+    'OpenHandleCount' : [ 0x10, ['long']],
+    'ActivePartitionLinks' : [ 0x14, ['_LIST_ENTRY']],
+    'ParentPartition' : [ 0x1c, ['pointer', ['_EPARTITION']]],
+    'TeardownWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'TeardownLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'SystemProcess' : [ 0x34, ['pointer', ['_EPROCESS']]],
+    'SystemProcessHandle' : [ 0x38, ['pointer', ['void']]],
+    'PartitionFlags' : [ 0x3c, ['unsigned long']],
+    'PairedWithJob' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '_MI_IMAGE_LOAD_CONFIG' : [ 0x14, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'CfgAlignmentBias' : [ 0x4, ['unsigned long']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'RvaList' : [ 0xc, ['pointer', ['_RTL_RVA_LIST']]],
+    'RetpolineRelocations' : [ 0x10, ['pointer', ['_MI_RETPOLINE_RELOCATION_INFORMATION']]],
+} ],
+  '__unnamed_18af' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_18b4' : [ 0x4, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x4c, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x28, ['__unnamed_18af']],
+    'Subsection' : [ 0x2c, ['pointer', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x30, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x34, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x38, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x40, ['pointer', ['_EPROCESS']]],
+    'u4' : [ 0x44, ['__unnamed_18b4']],
+    'FileObject' : [ 0x48, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+    'SecureInfo' : [ 0x4, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x4, ['_RTL_BITMAP']],
+    'InPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x4, ['_MI_LARGEPAGE_VAD_INFO']],
+    'CreatingThread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'PebTeb' : [ 0x4, ['_MI_SUB64K_FREE_RANGES']],
+    'PlaceholderVad' : [ 0x4, ['pointer', ['_MMVAD_SHORT']]],
+    'WaitReason' : [ 0x24, ['unsigned long']],
+} ],
+  '_HHIVE' : [ 0x400, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x4, ['pointer', ['void']]],
+    'ReleaseCellRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Allocate' : [ 0xc, ['pointer', ['void']]],
+    'Free' : [ 0x10, ['pointer', ['void']]],
+    'FileWrite' : [ 0x14, ['pointer', ['void']]],
+    'FileRead' : [ 0x18, ['pointer', ['void']]],
+    'HiveLoadFailure' : [ 0x1c, ['pointer', ['void']]],
+    'BaseBlock' : [ 0x20, ['pointer', ['_HBASE_BLOCK']]],
+    'FlusherLock' : [ 0x24, ['_CMSI_RW_LOCK']],
+    'WriterLock' : [ 0x28, ['_CMSI_RW_LOCK']],
+    'DirtyVector' : [ 0x2c, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x34, ['unsigned long']],
+    'DirtyAlloc' : [ 0x38, ['unsigned long']],
+    'UnreconciledVector' : [ 0x3c, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x44, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x48, ['unsigned long']],
+    'Cluster' : [ 0x4c, ['unsigned long']],
+    'Flat' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x51, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x54, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x58, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x5c, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x60, ['unsigned long']],
+    'HiveFlags' : [ 0x64, ['unsigned long']],
+    'CurrentLog' : [ 0x68, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x6c, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x70, ['unsigned long']],
+    'CurrentLogOffset' : [ 0x74, ['unsigned long']],
+    'MinimumLogSequence' : [ 0x78, ['unsigned long']],
+    'LogFileSizeCap' : [ 0x7c, ['unsigned long']],
+    'LogDataPresent' : [ 0x80, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0x82, ['unsigned char']],
+    'BaseBlockDirty' : [ 0x83, ['unsigned char']],
+    'LastLogSwapTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0x90, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0x90, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0x90, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0x90, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0x90, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0x90, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0x92, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0x94, ['unsigned long']],
+    'StorageTypeCount' : [ 0x98, ['unsigned long']],
+    'Version' : [ 0x9c, ['unsigned long']],
+    'ViewMap' : [ 0xa0, ['_HVP_VIEW_MAP']],
+    'Storage' : [ 0xc8, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0xb0, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Freed' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SpareExtFlag' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0xc, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0x14, ['unsigned long']],
+    'KcbPushlock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x1c, ['pointer', ['_KTHREAD']]],
+    'SharedCount' : [ 0x1c, ['long']],
+    'DelayedDeref' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x20, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x20, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x21, ['unsigned char']],
+    'LayerHeight' : [ 0x22, ['short']],
+    'ParentKcb' : [ 0x24, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x28, ['pointer', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x2c, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueList' : [ 0x30, ['_CHILD_LIST']],
+    'LinkTarget' : [ 0x38, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'IndexHint' : [ 0x3c, ['pointer', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x3c, ['unsigned long']],
+    'SubKeyCount' : [ 0x3c, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x48, ['array', 4, ['pointer', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0x60, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0x62, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0x64, ['unsigned long']],
+    'KcbUserFlags' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'LayerInfo' : [ 0x6c, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'KCBUoWListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'Stolen' : [ 0x78, ['pointer', ['unsigned char']]],
+    'TransKCBOwner' : [ 0x80, ['pointer', ['_CM_TRANS']]],
+    'KCBLock' : [ 0x84, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x8c, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x94, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x9c, ['pointer', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0xa0, ['pointer', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0xa0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0xa0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0xa8, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x8, ['pointer', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0xc, ['pointer', ['void']]],
+    'KeyBodyList' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x18, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x20, ['pointer', ['_GUID']]],
+    'ContextListHead' : [ 0x24, ['_LIST_ENTRY']],
+    'EnumerationResumeContext' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x10, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x4, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0xc, ['unsigned short']],
+    'Name' : [ 0xe, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x10, {
+    'ClientToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x8, ['pointer', ['void']]],
+    'ProcessAuditId' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_CMHIVE' : [ 0xc00, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x400, ['array', 6, ['pointer', ['void']]]],
+    'NotifyList' : [ 0x418, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x420, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x428, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x430, ['_EX_RUNDOWN_REF']],
+    'KcbCacheTable' : [ 0x434, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x438, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x43c, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x440, ['unsigned long']],
+    'Identity' : [ 0x444, ['unsigned long']],
+    'HiveLock' : [ 0x448, ['_CMSI_RW_LOCK']],
+    'FlushDirtyVector' : [ 0x44c, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x454, ['unsigned long']],
+    'FlushLogEntryOffsetArray' : [ 0x458, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'FlushLogEntryOffsetArrayCount' : [ 0x45c, ['unsigned long']],
+    'FlushLogEntrySize' : [ 0x460, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x464, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x468, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x46c, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x474, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x478, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x47c, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x480, ['pointer', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x484, ['_EX_PUSH_LOCK']],
+    'LastShrinkHiveSize' : [ 0x488, ['unsigned long']],
+    'ActualFileSize' : [ 0x490, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x498, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x4a8, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x4b0, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x4b8, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x4c0, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x4c4, ['unsigned long']],
+    'SecurityHitHint' : [ 0x4c8, ['long']],
+    'SecurityCache' : [ 0x4cc, ['pointer', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x4d0, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0x6d0, ['unsigned long']],
+    'UnloadEventArray' : [ 0x6d4, ['pointer', ['pointer', ['_KEVENT']]]],
+    'RootKcb' : [ 0x6d8, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x6dc, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x6e0, ['pointer', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x6e4, ['_CM_WORKITEM']],
+    'DirtyVectorLog' : [ 0x6f8, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x980, ['unsigned long']],
+    'TrustClassEntry' : [ 0x984, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x990, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x998, ['unsigned long long']],
+    'CmRm' : [ 0x9a0, ['pointer', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x9a4, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x9a8, ['long']],
+    'CreatorOwner' : [ 0x9ac, ['pointer', ['_KTHREAD']]],
+    'RundownThread' : [ 0x9b0, ['pointer', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x9b8, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x9c0, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x9c8, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x9d0, ['unsigned long']],
+    'PrimaryFilePurged' : [ 0x9d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x9d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x9d4, ['unsigned long']],
+    'ReferenceCount' : [ 0x9d8, ['long']],
+    'UnloadHistoryIndex' : [ 0x9dc, ['long']],
+    'UnloadHistory' : [ 0x9e0, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0xbe0, ['unsigned long']],
+    'UnaccessedStart' : [ 0xbe4, ['unsigned long']],
+    'UnaccessedEnd' : [ 0xbe8, ['unsigned long']],
+    'LoadedKeyCount' : [ 0xbec, ['unsigned long']],
+    'HandleClosePending' : [ 0xbf0, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0xbf4, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0xbf8, ['unsigned char']],
+    'VolumeContext' : [ 0xbfc, ['pointer', ['_CMP_VOLUME_CONTEXT']]],
+} ],
+  '__unnamed_1954' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmCreateHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread', 23: u'_CmpCheckLeaf', 24: u'_HvHiveStartFileBacked', 25: u'_HvStartHiveMemoryBacked', 26: u'_HvpEnlistFreeCells', 27: u'_HvpPerformLogFileRecovery'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1957' : [ 0xc, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x4, ['pointer', ['void']]],
+    'Status' : [ 0x8, ['long']],
+} ],
+  '__unnamed_1959' : [ 0x4, {
+    'CheckStack' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_195b' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x4, ['pointer', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x8, ['pointer', ['void']]],
+    'Index' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_195d' : [ 0x10, {
+    'List' : [ 0x0, ['pointer', ['_CELL_DATA']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Cell' : [ 0x8, ['unsigned long']],
+    'CellPoint' : [ 0xc, ['pointer', ['_CELL_DATA']]],
+} ],
+  '__unnamed_1961' : [ 0xc, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer', ['_HBIN']]],
+} ],
+  '__unnamed_1965' : [ 0x8, {
+    'Bin' : [ 0x0, ['pointer', ['_HBIN']]],
+    'CellPoint' : [ 0x4, ['pointer', ['_HCELL']]],
+} ],
+  '__unnamed_1967' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x11c, {
+    'Hive' : [ 0x0, ['pointer', ['_HHIVE']]],
+    'Index' : [ 0x4, ['unsigned short']],
+    'RecoverableIndex' : [ 0x6, ['unsigned short']],
+    'Locations' : [ 0x8, ['array', 8, ['__unnamed_1954']]],
+    'RecoverableLocations' : [ 0x68, ['array', 8, ['__unnamed_1954']]],
+    'RegistryIO' : [ 0xc8, ['__unnamed_1957']],
+    'CheckRegistry2' : [ 0xd4, ['__unnamed_1959']],
+    'CheckKey' : [ 0xd8, ['__unnamed_195b']],
+    'CheckValueList' : [ 0xe8, ['__unnamed_195d']],
+    'CheckHive' : [ 0xf8, ['__unnamed_1961']],
+    'CheckHive1' : [ 0x104, ['__unnamed_1961']],
+    'CheckBin' : [ 0x110, ['__unnamed_1965']],
+    'RecoverData' : [ 0x118, ['__unnamed_1967']],
+} ],
+  '_CM_KCB_UOW' : [ 0x40, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x8, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0xc, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x18, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x1c, ['pointer', ['_CM_TRANS']]],
+    'UoWState' : [ 0x20, ['unsigned long']],
+    'ActionType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ParentUoW' : [ 0x2c, ['pointer', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x30, ['unsigned long']],
+    'OldValueCell' : [ 0x30, ['unsigned long']],
+    'NewValueCell' : [ 0x34, ['unsigned long']],
+    'UserFlags' : [ 0x30, ['unsigned long']],
+    'LastWriteTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x34, ['unsigned long']],
+    'OldChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x34, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x34, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x38, ['pointer', ['void']]],
+    'SecurityData' : [ 0x38, ['pointer', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x38, ['pointer', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x38, ['pointer', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x3c, ['pointer', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x3c, ['pointer', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0x70, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x18, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x18, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x18, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x18, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x18, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x18, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x18, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x18, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x18, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x18, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x18, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x18, ['unsigned long']],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x20, ['pointer', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x24, ['pointer', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x28, ['pointer', ['void']]],
+    'KtmUow' : [ 0x2c, ['_GUID']],
+    'StartLsn' : [ 0x40, ['unsigned long long']],
+    'HiveCount' : [ 0x48, ['unsigned long']],
+    'HiveArray' : [ 0x4c, ['array', 8, ['pointer', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x8, ['unsigned long']],
+    'Counters' : [ 0xc, ['pointer', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc0, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+} ],
+  '_PCW_DATA' : [ 0x8, {
+    'Data' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['unsigned long']]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x175, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x176, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapData' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['unsigned long long']]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x281, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x282, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'UnalignedLoadStoreExceptions' : [ 0x2ed, ['unsigned char']],
+    'Padding1' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapData' : [ 0x17b0, ['unsigned long']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SyntheticTimeUnhaltedTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'S1DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LbrAvailable' : [ 0xc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IptAvailable' : [ 0xc, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'CrossVtlFlushAvailable' : [ 0xc, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'AccessRootSchedulerReg' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Isolation' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 55, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 55, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x1840, {
+    'TimerExpiry' : [ 0x0, ['array', 16, ['pointer', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x40, ['array', 256, ['_KTIMER_TABLE_ENTRY']]],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Entry' : [ 0x4, ['_LIST_ENTRY']],
+    'Time' : [ 0x10, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x20, {
+    'Reserved1' : [ 0x0, ['long long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+    'Prev' : [ 0xc, ['pointer', ['_XSTATE_SAVE']]],
+    'Reserved3' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Thread' : [ 0x14, ['pointer', ['_KTHREAD']]],
+    'Reserved4' : [ 0x18, ['pointer', ['void']]],
+    'Level' : [ 0x1c, ['unsigned char']],
+    'XStateContext' : [ 0x0, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KAFFINITY_EX' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0xc, {
+    'Affinity' : [ 0x0, ['pointer', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x4, ['unsigned long']],
+    'CurrentIndex' : [ 0x8, ['unsigned short']],
+} ],
+  '__unnamed_1a9e' : [ 0x4, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1aa0' : [ 0x4, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1aa4' : [ 0x10, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0xc, ['pointer', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x1f4, {
+    'Sibling' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x2c, ['long']],
+    'FxRemoveEvent' : [ 0x30, ['_KEVENT']],
+    'FxActivationCount' : [ 0x40, ['long']],
+    'FxSleepCount' : [ 0x44, ['long']],
+    'Plugin' : [ 0x48, ['pointer', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x4c, ['unsigned long']],
+    'CurrentPowerState' : [ 0x50, ['_POWER_STATE']],
+    'Notify' : [ 0x54, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x90, ['_PO_IRP_MANAGER']],
+    'UniqueId' : [ 0xa0, ['_UNICODE_STRING']],
+    'PowerFlags' : [ 0xa8, ['unsigned long']],
+    'State' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0xb0, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0xb4, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x104, ['unsigned long']],
+    'CompletionStatus' : [ 0x108, ['long']],
+    'Flags' : [ 0x10c, ['unsigned long']],
+    'UserFlags' : [ 0x110, ['unsigned long']],
+    'Problem' : [ 0x114, ['unsigned long']],
+    'ProblemStatus' : [ 0x118, ['long']],
+    'ResourceList' : [ 0x11c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x120, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x124, ['pointer', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x128, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x130, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x134, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x138, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x13c, ['unsigned short']],
+    'RemovalPolicy' : [ 0x13e, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x13f, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x140, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x148, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x150, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x158, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x15a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x15c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x15e, ['unsigned short']],
+    'OverUsed1' : [ 0x160, ['__unnamed_1a9e']],
+    'OverUsed2' : [ 0x164, ['__unnamed_1aa0']],
+    'BootResources' : [ 0x168, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x16c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x170, ['unsigned long']],
+    'DockInfo' : [ 0x174, ['__unnamed_1aa4']],
+    'DisableableDepends' : [ 0x184, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x188, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x190, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x198, ['unsigned long']],
+    'PreviousParent' : [ 0x19c, ['pointer', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x1a0, ['long']],
+    'NumaNodeIndex' : [ 0x1a4, ['unsigned long']],
+    'ContainerID' : [ 0x1a8, ['_GUID']],
+    'OverrideFlags' : [ 0x1b8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x1bc, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x1c0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x1c4, ['pointer', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x1c8, ['unsigned long']],
+    'RebalanceContext' : [ 0x1cc, ['pointer', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+    'IommuExtension' : [ 0x1d0, ['pointer', ['_DEVICE_NODE_IOMMU_EXTENSION']]],
+    'DirectedDripsState' : [ 0x1d4, ['_PO_DIRECTED_DRIPS_STATE']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x38, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x2c, ['pointer', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x30, ['pointer', ['unsigned long long']]],
+    'EnableLevel' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x2c, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x8, ['unsigned long']],
+    'CompletedList' : [ 0xc, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x14, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x28, ['unsigned long']],
+} ],
+  '_KSEMAPHORE' : [ 0x14, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x10, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x38, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x8, ['unsigned long']],
+    'Dope' : [ 0xc, ['pointer', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x10, ['unsigned long']],
+    'DeviceNode' : [ 0x14, ['pointer', ['void']]],
+    'AttachedTo' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x1c, ['long']],
+    'StartIoKey' : [ 0x20, ['long']],
+    'StartIoFlags' : [ 0x24, ['unsigned long']],
+    'Vpb' : [ 0x28, ['pointer', ['_VPB']]],
+    'DependencyNode' : [ 0x2c, ['pointer', ['void']]],
+    'InterruptContext' : [ 0x30, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0xc, {
+    'Mask' : [ 0x0, ['unsigned long']],
+    'Group' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['array', 3, ['unsigned short']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0xc, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x28, {
+    'PhysicalDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'AllocationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0xc, ['unsigned long']],
+    'Position' : [ 0x10, ['unsigned long']],
+    'ResourceRequirements' : [ 0x14, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x18, ['pointer', ['void']]],
+    'ResourceAssignment' : [ 0x1c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x20, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x24, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1b9b' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1b9b']],
+} ],
+  '__unnamed_1ba2' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1ba2']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_X86_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'ParameterBlockOffset' : [ 0xc, ['unsigned long']],
+    'ParameterBlockLength' : [ 0x10, ['unsigned long']],
+    'DataSetRangesOffset' : [ 0x14, ['unsigned long']],
+    'DataSetRangesLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_DATA_SET_RANGE' : [ 0x10, {
+    'StartingOffset' : [ 0x0, ['long long']],
+    'LengthInBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DEVICE_DSM_DEFINITION' : [ 0x1c, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'SingleRange' : [ 0x4, ['unsigned char']],
+    'ParameterBlockAlignment' : [ 0x8, ['unsigned long']],
+    'ParameterBlockLength' : [ 0xc, ['unsigned long']],
+    'HasOutput' : [ 0x10, ['unsigned char']],
+    'OutputBlockAlignment' : [ 0x14, ['unsigned long']],
+    'OutputBlockLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES_OUTPUT' : [ 0x24, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'OperationStatus' : [ 0xc, ['unsigned long']],
+    'ExtendedError' : [ 0x10, ['unsigned long']],
+    'TargetDetailedError' : [ 0x14, ['unsigned long']],
+    'ReservedStatus' : [ 0x18, ['unsigned long']],
+    'OutputBlockOffset' : [ 0x1c, ['unsigned long']],
+    'OutputBlockLength' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x14, ['pointer', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x30, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x1c, ['pointer', ['wchar']]],
+    'PinCount' : [ 0x20, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x22, ['unsigned char']],
+    'ResourceSourceName' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x28, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x20, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'SlaveAddress' : [ 0x1c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x18, ['unsigned long']],
+    'RxBufferSize' : [ 0x1c, ['unsigned short']],
+    'TxBufferSize' : [ 0x1e, ['unsigned short']],
+    'Parity' : [ 0x20, ['unsigned char']],
+    'LinesInUse' : [ 0x21, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'DataBitLength' : [ 0x1c, ['unsigned char']],
+    'Phase' : [ 0x1d, ['unsigned char']],
+    'Polarity' : [ 0x1e, ['unsigned char']],
+    'DeviceSelection' : [ 0x20, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x100, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x14, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x18, ['pointer', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x1c, ['pointer', ['void']]],
+    'Accounting' : [ 0x20, ['pointer', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'DeepSleepEnabled' : [ 0x24, ['unsigned char']],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_POP_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x218, {
+    'Name' : [ 0x0, ['pointer', ['wchar']]],
+    'Id' : [ 0x4, ['unsigned char']],
+    'Guid' : [ 0x8, ['_GUID']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Priority' : [ 0x1c, ['unsigned char']],
+    'Settings' : [ 0x20, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x1f0, ['unsigned long long']],
+    'Count' : [ 0x1f8, ['unsigned long long']],
+    'MaxDuration' : [ 0x200, ['unsigned long long']],
+    'MinDuration' : [ 0x208, ['unsigned long long']],
+    'TotalDuration' : [ 0x210, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xe8, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['array', 2, ['unsigned long']]],
+    'AutonomousActivityWindow' : [ 0x48, ['unsigned long']],
+    'AutonomousPreference' : [ 0x4c, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x4d, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4f, ['array', 2, ['unsigned char']]],
+    'ResponsivenessDisableThreshold' : [ 0x54, ['array', 2, ['unsigned long']]],
+    'ResponsivenessEnableThreshold' : [ 0x5c, ['array', 2, ['unsigned long']]],
+    'ResponsivenessDisableTime' : [ 0x64, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEnableTime' : [ 0x66, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEppCeiling' : [ 0x68, ['array', 2, ['unsigned long']]],
+    'ResponsivenessPerfFloor' : [ 0x70, ['array', 2, ['unsigned long']]],
+    'DutyCycling' : [ 0x78, ['unsigned char']],
+    'ParkingPerfState' : [ 0x79, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x7b, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x7c, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x7d, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x7e, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x7f, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x80, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x81, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x84, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x88, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x8c, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x8e, ['array', 2, ['unsigned char']]],
+    'AllowScaling' : [ 0x90, ['unsigned char']],
+    'IdleDisabled' : [ 0x91, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x94, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x98, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x99, ['unsigned char']],
+    'IdleStateMax' : [ 0x9a, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x9b, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0x9c, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0x9d, ['array', 32, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0xbd, ['array', 32, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xdd, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xde, ['unsigned char']],
+    'ThreadPolicies' : [ 0xe0, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuPolicyAll', 1: u'KHeteroCpuPolicyLarge', 2: u'KHeteroCpuPolicyLargeOrIdle', 3: u'KHeteroCpuPolicySmall', 4: u'KHeteroCpuPolicySmallOrIdle', 5: u'KHeteroCpuPolicyStaticMax', 6: u'KHeteroCpuPolicyBiasedSmall', 7: u'KHeteroCpuPolicyBiasedLarge', 8: u'KHeteroCpuPolicyDefault', 9: u'KHeteroCpuPolicyMax'})]]],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x2a0, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x1a4, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x1c0, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x1f0, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x1f4, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x1f8, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x1fc, ['pointer', ['void']]],
+    'HardErrorState' : [ 0x200, ['unsigned long']],
+    'WnfSiloState' : [ 0x208, ['_WNF_SILODRIVERSTATE']],
+    'DbgkSiloState' : [ 0x238, ['_DBGK_SILOSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x248, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x250, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x258, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x25c, ['pointer', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x260, ['unsigned char']],
+    'NtSystemRoot' : [ 0x264, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x26c, ['_UNICODE_STRING']],
+    'Storage' : [ 0x274, ['pointer', ['_PSP_STORAGE']]],
+    'State' : [ 0x278, ['Enumeration', dict(target = 'long', choices = {0: u'SERVERSILO_INITING', 1: u'SERVERSILO_STARTED', 2: u'SERVERSILO_SHUTTING_DOWN', 3: u'SERVERSILO_TERMINATING', 4: u'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x27c, ['long']],
+    'DeleteEvent' : [ 0x280, ['pointer', ['_KEVENT']]],
+    'UserSharedData' : [ 0x284, ['pointer', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x288, ['pointer', ['void']]],
+    'TerminateWorkItem' : [ 0x28c, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SIrpBlocked' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BlockFastResume' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DirectedPoweredDown' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DirectedTransitionInProgress' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x90, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x14, ['unsigned long']],
+    'LogHandleContext' : [ 0x18, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0x84, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0x88, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x188, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x28, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x30, ['array', 4, ['pointer', ['_VACB']]]],
+    'Vacbs' : [ 0x40, ['pointer', ['pointer', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x44, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x4c, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'Flags' : [ 0x60, ['unsigned long']],
+    'Status' : [ 0x64, ['long']],
+    'Mbcb' : [ 0x68, ['pointer', ['_MBCB']]],
+    'Section' : [ 0x6c, ['pointer', ['void']]],
+    'CreateEvent' : [ 0x70, ['pointer', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0x74, ['pointer', ['_KEVENT']]],
+    'PagesToWrite' : [ 0x78, ['unsigned long']],
+    'BeyondLastFlush' : [ 0x80, ['long long']],
+    'Callbacks' : [ 0x88, ['pointer', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0x8c, ['pointer', ['void']]],
+    'PrivateList' : [ 0x90, ['_LIST_ENTRY']],
+    'V1' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0xa0, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0xa8, ['unsigned long']],
+    'LazyWritePassCount' : [ 0xac, ['unsigned long']],
+    'UninitializeEvent' : [ 0xb0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0xb4, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0xd8, ['_LARGE_INTEGER']],
+    'Event' : [ 0xe0, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0xf8, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x160, ['pointer', ['void']]],
+    'VolumeCacheMap' : [ 0x164, ['pointer', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x168, ['unsigned long']],
+    'WritesInProgress' : [ 0x16c, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x170, ['unsigned long']],
+    'Partition' : [ 0x174, ['pointer', ['_CC_PARTITION']]],
+    'InternalRefCount' : [ 0x178, ['unsigned long']],
+    'NumMappedVacb' : [ 0x17c, ['unsigned long']],
+    'NumActiveVacb' : [ 0x180, ['unsigned long']],
+} ],
+  '__unnamed_1cc0' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x8, ['__unnamed_1cc0']],
+    'ArrayHead' : [ 0x10, ['pointer', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x280, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'PartitionObject' : [ 0x4, ['pointer', ['_EPARTITION']]],
+    'CleanSharedCacheMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0x18, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriteCursor' : [ 0x24, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0x30, ['_LIST_ENTRY']],
+    'PrivateLock' : [ 0x40, ['unsigned long']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0x44, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0x48, ['unsigned char']],
+    'WorkQueueLock' : [ 0x80, ['unsigned long']],
+    'NumberWorkerThreads' : [ 0x84, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0x88, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0x8c, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0x94, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0x9c, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0xa4, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0xac, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0xb4, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0xbc, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0xc0, ['unsigned long']],
+    'QueueThrottle' : [ 0xc4, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0xc8, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0xcc, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0xd0, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0xd4, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0xd8, ['unsigned long']],
+    'LowMemoryEvent' : [ 0xdc, ['_KEVENT']],
+    'PowerEvent' : [ 0xec, ['_KEVENT']],
+    'PeriodicEvent' : [ 0xfc, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x10c, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x11c, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x12c, ['unsigned long']],
+    'LazyWriter' : [ 0x130, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x180, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x190, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x1b8, ['pointer', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x1bc, ['long']],
+    'AverageAvailablePages' : [ 0x1c0, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x1c8, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x1d0, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x1d8, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x1e0, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x1e8, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x1e9, ['unsigned char']],
+    'DeferredWrites' : [ 0x1ec, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x200, ['unsigned long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x204, ['pointer', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x208, ['pointer', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x20c, ['pointer', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x210, ['pointer', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x214, ['pointer', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x218, ['pointer', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x21c, ['pointer', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x220, ['_EX_PUSH_LOCK']],
+    'VacbFreeHighPriorityList' : [ 0x224, ['_LIST_ENTRY']],
+    'NumberOfFreeHighPriorityVacbs' : [ 0x22c, ['unsigned long']],
+    'LowPriWorkerThread' : [ 0x230, ['pointer', ['_ETHREAD']]],
+    'LowPriSharedCacheMap' : [ 0x234, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'LowPriOldCpuPriority' : [ 0x238, ['long']],
+    'LowPriOldIoPriority' : [ 0x23c, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+    'LowPriorityWorkerThreadLock' : [ 0x240, ['_EX_PUSH_LOCK']],
+    'MaxNumberOfWriteBehindThreads' : [ 0x244, ['unsigned long']],
+    'CoalescingState' : [ 0x248, ['unsigned char']],
+    'ActivePartition' : [ 0x249, ['unsigned char']],
+    'RundownPhase' : [ 0x24a, ['unsigned char']],
+    'RefCount' : [ 0x24c, ['long']],
+    'ExitEvent' : [ 0x250, ['_KEVENT']],
+    'FinalDereferenceEvent' : [ 0x260, ['_KEVENT']],
+    'LazyWriteScanThreadHandle' : [ 0x270, ['pointer', ['void']]],
+} ],
+  '__unnamed_1ce6' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1ce8' : [ 0x4, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1cea' : [ 0x4, {
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+} ],
+  '__unnamed_1cec' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1cee' : [ 0x1c, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x4, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x8, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_1cf2' : [ 0x40, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'PrefetchList' : [ 0x18, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x1c, ['unsigned long']],
+    'Mdl' : [ 0x20, ['pointer', ['_MDL']]],
+    'IoStatusBlock' : [ 0x24, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x34, ['pointer', ['void']]],
+    'RequestorMode' : [ 0x38, ['unsigned char']],
+    'NestingLevel' : [ 0x3c, ['unsigned long']],
+} ],
+  '__unnamed_1cf4' : [ 0x40, {
+    'Read' : [ 0x0, ['__unnamed_1ce6']],
+    'Write' : [ 0x0, ['__unnamed_1ce8']],
+    'Event' : [ 0x0, ['__unnamed_1cea']],
+    'Notification' : [ 0x0, ['__unnamed_1cec']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1cee']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1cf2']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x50, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x8, ['__unnamed_1cf4']],
+    'Function' : [ 0x48, ['unsigned char']],
+    'Partition' : [ 0x4c, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x28, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x8, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'PostRoutine' : [ 0x18, ['pointer', ['void']]],
+    'Context1' : [ 0x1c, ['pointer', ['void']]],
+    'Context2' : [ 0x20, ['pointer', ['void']]],
+    'Partition' : [ 0x24, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0xc, {
+    'DataSectionObject' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['void']]],
+    'ImageSectionObject' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x18, {
+    'Callback' : [ 0x0, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0x4, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x10, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x8, ['pointer', ['void']]],
+    'VacbLevelsAllocated' : [ 0xc, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x68, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x8, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0xc, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x18, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x40, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x44, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x48, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x50, ['pointer', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x54, ['unsigned long']],
+    'LastLWTimeStamp' : [ 0x58, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x60, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0x88, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x18, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x20, ['long long']],
+    'BitmapRange1' : [ 0x28, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x48, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x68, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x8, ['long long']],
+    'FirstDirtyPage' : [ 0x10, ['unsigned long']],
+    'LastDirtyPage' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'Bitmap' : [ 0x1c, ['pointer', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0xc, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x50, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x20, ['_KTIMER']],
+    'ScanActive' : [ 0x48, ['unsigned char']],
+    'OtherWork' : [ 0x49, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x4a, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x4b, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x4c, ['unsigned char']],
+    'PendingPowerScan' : [ 0x4d, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x4e, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x14, {
+    'Allocate' : [ 0x0, ['unsigned long']],
+    'Free' : [ 0x4, ['unsigned long']],
+    'Commit' : [ 0x8, ['unsigned long']],
+    'Decommit' : [ 0xc, ['unsigned long']],
+    'ExtendContext' : [ 0x10, ['unsigned long']],
+} ],
+  '_SEGMENT_HEAP_EXTRA' : [ 0x8, {
+    'AllocationTag' : [ 0x0, ['unsigned short']],
+    'InterceptorIndex' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UserFlags' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ExtraSizeInUnits' : [ 0x3, ['unsigned char']],
+    'Settable' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_RTL_CSPARSE_BITMAP' : [ 0x24, {
+    'CommitBitmap' : [ 0x0, ['pointer', ['unsigned long']]],
+    'UserBitmap' : [ 0x4, ['pointer', ['unsigned long']]],
+    'BitCount' : [ 0x8, ['long']],
+    'BitmapLock' : [ 0xc, ['unsigned long']],
+    'DecommitPageIndex' : [ 0x10, ['unsigned long']],
+    'RtlpCSparseBitmapWakeLock' : [ 0x14, ['unsigned long']],
+    'LockType' : [ 0x18, ['unsigned char']],
+    'AddressSpace' : [ 0x19, ['unsigned char']],
+    'MemType' : [ 0x1a, ['unsigned char']],
+    'AllocAlignment' : [ 0x1b, ['unsigned char']],
+    'CommitDirectoryMaxSize' : [ 0x1c, ['unsigned long']],
+    'CommitDirectory' : [ 0x20, ['array', 1, ['unsigned long']]],
+} ],
+  '_RTL_SPARSE_ARRAY' : [ 0x2c, {
+    'ElementCount' : [ 0x0, ['unsigned long']],
+    'ElementSizeShift' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['_RTL_CSPARSE_BITMAP']],
+} ],
+  '_HEAP_VAMGR_ALLOCATOR' : [ 0x1c, {
+    'TreeLock' : [ 0x0, ['unsigned long']],
+    'FreeRanges' : [ 0x4, ['_RTL_RB_TREE']],
+    'VaSpace' : [ 0xc, ['pointer', ['_HEAP_VAMGR_VASPACE']]],
+    'PartitionHandle' : [ 0x10, ['pointer', ['void']]],
+    'ChunksPerRegion' : [ 0x14, ['unsigned short']],
+    'RefCount' : [ 0x16, ['unsigned short']],
+    'AllocatorIndex' : [ 0x18, ['unsigned char']],
+    'NumaNode' : [ 0x19, ['unsigned char']],
+    'LockType' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MemoryType' : [ 0x1a, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'ConstrainedVA' : [ 0x1a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'AllowFreeHead' : [ 0x1a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare0' : [ 0x1a, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['unsigned char']],
+} ],
+  '_HEAP_VAMGR_VASPACE' : [ 0x34, {
+    'AddressSpaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'HeapAddressUser', 1: u'HeapAddressKernel', 2: u'HeapAddressSession', 3: u'HeapAddressTypeMax'})]],
+    'BaseAddress' : [ 0x4, ['unsigned long']],
+    'VaRangeArray' : [ 0x8, ['_RTL_SPARSE_ARRAY']],
+    'VaRangeArrayBuffer' : [ 0x8, ['array', 44, ['unsigned char']]],
+} ],
+  '_HEAP_VAMGR_RANGE' : [ 0x10, {
+    'RbNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Standalone' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'AllocatorIndex' : [ 0x1, ['unsigned char']],
+    'OwnerCtx' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'SizeInChunks' : [ 0xc, ['unsigned long']],
+    'ChunkCount' : [ 0xc, ['unsigned short']],
+    'PrevChunkCount' : [ 0xe, ['unsigned short']],
+    'Signature' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTLP_HP_HEAP_MANAGER' : [ 0x1c70, {
+    'Globals' : [ 0x0, ['pointer', ['_RTLP_HP_HEAP_GLOBALS']]],
+    'AllocTracker' : [ 0x4, ['_RTLP_HP_ALLOC_TRACKER']],
+    'VaMgr' : [ 0x30, ['_HEAP_VAMGR_CTX']],
+    'MetadataHeaps' : [ 0x1c50, ['array', 3, ['_RTLP_HP_METADATA_HEAP_CTX']]],
+    'SubAllocConfigs' : [ 0x1c68, ['_RTL_HP_SUB_ALLOCATOR_CONFIGS']],
+} ],
+  '_RTLP_HP_ALLOC_TRACKER' : [ 0x2c, {
+    'BaseAddress' : [ 0x0, ['unsigned long']],
+    'AllocTrackerBitmap' : [ 0x4, ['_RTL_CSPARSE_BITMAP']],
+    'AllocTrackerBitmapBuffer' : [ 0x4, ['array', 40, ['unsigned char']]],
+} ],
+  '_RTL_STACKDB_CONTEXT' : [ 0x2c, {
+    'StackSegmentTable' : [ 0x0, ['_RTL_HASH_TABLE']],
+    'StackEntryTable' : [ 0xc, ['_RTL_HASH_TABLE']],
+    'StackEntryTableLock' : [ 0x18, ['_RTL_SRWLOCK']],
+    'SegmentTableLock' : [ 0x1c, ['_RTL_SRWLOCK']],
+    'Allocate' : [ 0x20, ['pointer', ['void']]],
+    'Free' : [ 0x24, ['pointer', ['void']]],
+    'AllocatorContext' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_HEAP_LFH_FAST_REF' : [ 0x4, {
+    'Target' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_OWNER' : [ 0x1c, {
+    'IsBucket' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'BucketIndex' : [ 0x1, ['unsigned char']],
+    'SlotCount' : [ 0x2, ['unsigned char']],
+    'SlotIndex' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'AvailableSubsegmentCount' : [ 0x4, ['unsigned long']],
+    'Lock' : [ 0x8, ['unsigned long']],
+    'AvailableSubsegmentList' : [ 0xc, ['_LIST_ENTRY']],
+    'FullSubsegmentList' : [ 0x14, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_LFH_CONTEXT' : [ 0x2c0, {
+    'BackendCtx' : [ 0x0, ['pointer', ['void']]],
+    'Callbacks' : [ 0x4, ['_HEAP_SUBALLOCATOR_CALLBACKS']],
+    'AffinityModArray' : [ 0x18, ['pointer', ['unsigned char']]],
+    'MaxAffinity' : [ 0x1c, ['unsigned char']],
+    'LockType' : [ 0x1d, ['unsigned char']],
+    'MemStatsOffset' : [ 0x1e, ['short']],
+    'Config' : [ 0x20, ['_RTL_HP_LFH_CONFIG']],
+    'BucketStats' : [ 0x40, ['_HEAP_LFH_SUBSEGMENT_STATS']],
+    'SubsegmentCreationLock' : [ 0x44, ['unsigned long']],
+    'Buckets' : [ 0x80, ['array', 129, ['pointer', ['_HEAP_LFH_BUCKET']]]],
+} ],
+  '_HEAP_LFH_BUCKET' : [ 0x38, {
+    'State' : [ 0x0, ['_HEAP_LFH_SUBSEGMENT_OWNER']],
+    'TotalBlockCount' : [ 0x1c, ['unsigned long']],
+    'TotalSubsegmentCount' : [ 0x20, ['unsigned long']],
+    'ReciprocalBlockSize' : [ 0x24, ['unsigned long']],
+    'Shift' : [ 0x28, ['unsigned char']],
+    'ContentionCount' : [ 0x29, ['unsigned char']],
+    'AffinityMappingLock' : [ 0x2c, ['unsigned long']],
+    'ProcAffinityMapping' : [ 0x30, ['pointer', ['unsigned char']]],
+    'AffinitySlots' : [ 0x34, ['pointer', ['pointer', ['_HEAP_LFH_AFFINITY_SLOT']]]],
+} ],
+  '_HEAP_LFH_ONDEMAND_POINTER' : [ 0x4, {
+    'Invalid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'AllocationInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'UsageData' : [ 0x2, ['unsigned short']],
+    'AllBits' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_ENCODED_OFFSETS' : [ 0x4, {
+    'BlockSize' : [ 0x0, ['unsigned short']],
+    'FirstBlockOffset' : [ 0x2, ['unsigned short']],
+    'EncodedData' : [ 0x0, ['unsigned long']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Owner' : [ 0x8, ['pointer', ['_HEAP_LFH_SUBSEGMENT_OWNER']]],
+    'DelayFree' : [ 0x8, ['_HEAP_LFH_SUBSEGMENT_DELAY_FREE']],
+    'CommitLock' : [ 0xc, ['unsigned long']],
+    'FreeCount' : [ 0x10, ['unsigned short']],
+    'BlockCount' : [ 0x12, ['unsigned short']],
+    'InterlockedShort' : [ 0x10, ['short']],
+    'InterlockedLong' : [ 0x10, ['long']],
+    'FreeHint' : [ 0x14, ['unsigned short']],
+    'Location' : [ 0x16, ['unsigned char']],
+    'WitheldBlockCount' : [ 0x17, ['unsigned char']],
+    'BlockOffsets' : [ 0x18, ['_HEAP_LFH_SUBSEGMENT_ENCODED_OFFSETS']],
+    'CommitUnitShift' : [ 0x1c, ['unsigned char']],
+    'CommitUnitCount' : [ 0x1d, ['unsigned char']],
+    'CommitStateOffset' : [ 0x1e, ['unsigned short']],
+    'BlockBitmap' : [ 0x20, ['array', 1, ['unsigned long']]],
+} ],
+  '_HEAP_LFH_UNUSED_BYTES_INFO' : [ 0x2, {
+    'UnusedBytes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 14, native_type='unsigned short')]],
+    'ExtraPresent' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'OneByteUnused' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Bytes' : [ 0x0, ['array', 2, ['unsigned char']]],
+} ],
+  '_RTLP_HP_QUEUE_LOCK_HANDLE' : [ 0xc, {
+    'Reserved1' : [ 0x0, ['unsigned long']],
+    'LockPtr' : [ 0x4, ['unsigned long']],
+    'HandleData' : [ 0x8, ['unsigned long']],
+} ],
+  '_HEAP_VS_CONTEXT' : [ 0xc0, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'LockType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'HeapLockPaged', 1: u'HeapLockNonPaged', 2: u'HeapLockTypeMax'})]],
+    'FreeChunkTree' : [ 0x8, ['_RTL_RB_TREE']],
+    'SubsegmentList' : [ 0x10, ['_LIST_ENTRY']],
+    'TotalCommittedUnits' : [ 0x18, ['unsigned long']],
+    'FreeCommittedUnits' : [ 0x1c, ['unsigned long']],
+    'DelayFreeContext' : [ 0x40, ['_HEAP_VS_DELAY_FREE_CONTEXT']],
+    'BackendCtx' : [ 0x80, ['pointer', ['void']]],
+    'Callbacks' : [ 0x84, ['_HEAP_SUBALLOCATOR_CALLBACKS']],
+    'Config' : [ 0x98, ['_RTL_HP_VS_CONFIG']],
+    'Flags' : [ 0x9c, ['unsigned long']],
+} ],
+  '_HEAP_VS_CHUNK_HEADER' : [ 0x8, {
+    'Sizes' : [ 0x0, ['_HEAP_VS_CHUNK_HEADER_SIZE']],
+    'EncodedSegmentPageOffset' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'UnusedBytes' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SkipDuringWalk' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'AllocatedChunkBits' : [ 0x4, ['unsigned long']],
+} ],
+  '_HEAP_VS_CHUNK_HEADER_SIZE' : [ 0x4, {
+    'MemoryCost' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UnsafeSize' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned long')]],
+    'UnsafePrevSize' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 31, native_type='unsigned long')]],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'KeyUShort' : [ 0x0, ['unsigned short']],
+    'KeyULong' : [ 0x0, ['unsigned long']],
+    'HeaderBits' : [ 0x0, ['unsigned long']],
+} ],
+  '_HEAP_VS_CHUNK_FREE_HEADER' : [ 0x10, {
+    'Header' : [ 0x0, ['_HEAP_VS_CHUNK_HEADER']],
+    'OverlapsHeader' : [ 0x0, ['unsigned long']],
+    'Node' : [ 0x4, ['_RTL_BALANCED_NODE']],
+} ],
+  '_HEAP_VS_SUBSEGMENT' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommitBitmap' : [ 0x8, ['unsigned long long']],
+    'CommitLock' : [ 0x10, ['unsigned long']],
+    'Size' : [ 0x14, ['unsigned short']],
+    'Signature' : [ 0x16, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'FullCommit' : [ 0x16, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_HEAP_VS_UNUSED_BYTES_INFO' : [ 0x2, {
+    'UnusedBytes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 13, native_type='unsigned short')]],
+    'LfhSubsegment' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'ExtraPresent' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'OneByteUnused' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Bytes' : [ 0x0, ['array', 2, ['unsigned char']]],
+} ],
+  '_HEAP_PAGE_RANGE_DESCRIPTOR' : [ 0x10, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'TreeSignature' : [ 0x0, ['unsigned long']],
+    'UnusedBytes' : [ 0x4, ['unsigned long']],
+    'ExtraPresent' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare0' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'RangeFlags' : [ 0xc, ['unsigned char']],
+    'RangeFlagBits' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned char')]],
+    'CommittedPageCount' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Key' : [ 0xc, ['_HEAP_DESCRIPTOR_KEY']],
+    'Align' : [ 0xc, ['array', 3, ['unsigned char']]],
+    'UnitOffset' : [ 0xf, ['unsigned char']],
+    'UnitSize' : [ 0xf, ['unsigned char']],
+} ],
+  '_HEAP_PAGE_SEGMENT' : [ 0x1000, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'SegmentCommitState' : [ 0xc, ['pointer', ['_HEAP_SEGMENT_MGR_COMMIT_STATE']]],
+    'UnusedWatermark' : [ 0x10, ['unsigned char']],
+    'DescArray' : [ 0x0, ['array', 256, ['_HEAP_PAGE_RANGE_DESCRIPTOR']]],
+} ],
+  '__unnamed_1e8d' : [ 0x1, {
+    'LargePagePolicy' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReleaseEmptySegments' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'AllFlags' : [ 0x0, ['unsigned char']],
+} ],
+  '_HEAP_SEG_CONTEXT' : [ 0x80, {
+    'SegmentMask' : [ 0x0, ['unsigned long']],
+    'UnitShift' : [ 0x4, ['unsigned char']],
+    'PagesPerUnitShift' : [ 0x5, ['unsigned char']],
+    'FirstDescriptorIndex' : [ 0x6, ['unsigned char']],
+    'CachedCommitSoftShift' : [ 0x7, ['unsigned char']],
+    'CachedCommitHighShift' : [ 0x8, ['unsigned char']],
+    'Flags' : [ 0x9, ['__unnamed_1e8d']],
+    'MaxAllocationSize' : [ 0xc, ['unsigned long']],
+    'OlpStatsOffset' : [ 0x10, ['short']],
+    'MemStatsOffset' : [ 0x12, ['short']],
+    'LfhContext' : [ 0x14, ['pointer', ['void']]],
+    'VsContext' : [ 0x18, ['pointer', ['void']]],
+    'EnvHandle' : [ 0x1c, ['RTL_HP_ENV_HANDLE']],
+    'Heap' : [ 0x24, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x40, ['unsigned long']],
+    'SegmentListHead' : [ 0x44, ['_LIST_ENTRY']],
+    'SegmentCount' : [ 0x4c, ['unsigned long']],
+    'FreePageRanges' : [ 0x50, ['_RTL_RB_TREE']],
+    'FreeSegmentListLock' : [ 0x58, ['unsigned long']],
+    'FreeSegmentList' : [ 0x5c, ['array', 2, ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_HEAP_RUNTIME_MEMORY_STATS' : [ 0x2c, {
+    'TotalReservedPages' : [ 0x0, ['unsigned long']],
+    'TotalCommittedPages' : [ 0x4, ['unsigned long']],
+    'FreeCommittedPages' : [ 0x8, ['unsigned long']],
+    'LfhFreeCommittedPages' : [ 0xc, ['unsigned long']],
+    'LargePageStats' : [ 0x10, ['array', 2, ['_HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS']]],
+    'LargePageUtilizationPolicy' : [ 0x20, ['_RTL_HP_SEG_ALLOC_POLICY']],
+} ],
+  '_HEAP_DESCRIPTOR_KEY' : [ 0x4, {
+    'Key' : [ 0x0, ['unsigned long']],
+    'Ignore' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'EncodedCommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 24, native_type='unsigned long')]],
+    'UnitCount' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'RTL_HP_ENV_HANDLE' : [ 0x8, {
+    'h' : [ 0x0, ['array', 2, ['pointer', ['void']]]],
+} ],
+  '_SEGMENT_HEAP' : [ 0x580, {
+    'EnvHandle' : [ 0x0, ['RTL_HP_ENV_HANDLE']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'GlobalFlags' : [ 0xc, ['unsigned long']],
+    'Interceptor' : [ 0x10, ['unsigned long']],
+    'ProcessHeapListIndex' : [ 0x14, ['unsigned short']],
+    'AllocatedFromMetadata' : [ 0x16, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'CommitLimitData' : [ 0x18, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+    'ReservedMustBeZero1' : [ 0x18, ['unsigned long']],
+    'UserContext' : [ 0x1c, ['pointer', ['void']]],
+    'ReservedMustBeZero2' : [ 0x20, ['unsigned long']],
+    'Spare' : [ 0x24, ['pointer', ['void']]],
+    'LargeMetadataLock' : [ 0x40, ['unsigned long']],
+    'LargeAllocMetadata' : [ 0x44, ['_RTL_RB_TREE']],
+    'LargeReservedPages' : [ 0x4c, ['unsigned long']],
+    'LargeCommittedPages' : [ 0x50, ['unsigned long']],
+    'StackTraceInitVar' : [ 0x54, ['_RTL_RUN_ONCE']],
+    'MemStats' : [ 0x80, ['_HEAP_RUNTIME_MEMORY_STATS']],
+    'GlobalLockCount' : [ 0xac, ['unsigned short']],
+    'GlobalLockOwner' : [ 0xb0, ['unsigned long']],
+    'ContextExtendLock' : [ 0xb4, ['unsigned long']],
+    'AllocatedBase' : [ 0xb8, ['pointer', ['unsigned char']]],
+    'UncommittedBase' : [ 0xbc, ['pointer', ['unsigned char']]],
+    'ReservedLimit' : [ 0xc0, ['pointer', ['unsigned char']]],
+    'SegContexts' : [ 0x100, ['array', 2, ['_HEAP_SEG_CONTEXT']]],
+    'VsContext' : [ 0x200, ['_HEAP_VS_CONTEXT']],
+    'LfhContext' : [ 0x2c0, ['_HEAP_LFH_CONTEXT']],
+} ],
+  '_RTL_DYNAMIC_LOOKASIDE' : [ 0x1040, {
+    'EnabledBucketBitmap' : [ 0x0, ['unsigned long long']],
+    'BucketCount' : [ 0x8, ['unsigned long']],
+    'ActiveBucketCount' : [ 0xc, ['unsigned long']],
+    'Buckets' : [ 0x40, ['array', 64, ['_RTL_LOOKASIDE']]],
+} ],
+  '_RTL_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x1c, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalFrees' : [ 0x24, ['unsigned long']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x24, {
+    'ExtendedLookup' : [ 0x0, ['pointer', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x4, ['unsigned long']],
+    'ExtraItem' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x10, ['unsigned long']],
+    'BaseIndex' : [ 0x14, ['unsigned long']],
+    'ListHead' : [ 0x18, ['pointer', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'ListHints' : [ 0x20, ['pointer', ['pointer', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x258, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+    'Flags' : [ 0x40, ['unsigned long']],
+    'ForceFlags' : [ 0x44, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x48, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x4c, ['unsigned long']],
+    'Encoding' : [ 0x50, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x58, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x5c, ['unsigned long']],
+    'Signature' : [ 0x60, ['unsigned long']],
+    'SegmentReserve' : [ 0x64, ['unsigned long']],
+    'SegmentCommit' : [ 0x68, ['unsigned long']],
+    'DeCommitFreeBlockThreshold' : [ 0x6c, ['unsigned long']],
+    'DeCommitTotalFreeThreshold' : [ 0x70, ['unsigned long']],
+    'TotalFreeSize' : [ 0x74, ['unsigned long']],
+    'MaximumAllocationSize' : [ 0x78, ['unsigned long']],
+    'ProcessHeapsListIndex' : [ 0x7c, ['unsigned short']],
+    'HeaderValidateLength' : [ 0x7e, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0x80, ['pointer', ['void']]],
+    'NextAvailableTagIndex' : [ 0x84, ['unsigned short']],
+    'MaximumTagIndex' : [ 0x86, ['unsigned short']],
+    'TagEntries' : [ 0x88, ['pointer', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0x8c, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x94, ['unsigned long']],
+    'AlignMask' : [ 0x98, ['unsigned long']],
+    'VirtualAllocdBlocks' : [ 0x9c, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0xa4, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0xac, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0xb0, ['unsigned long']],
+    'BlocksIndex' : [ 0xb4, ['pointer', ['void']]],
+    'UCRIndex' : [ 0xb8, ['pointer', ['void']]],
+    'PseudoTagEntries' : [ 0xbc, ['pointer', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0xc0, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0xc8, ['pointer', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0xcc, ['pointer', ['void']]],
+    'StackTraceInitVar' : [ 0xd0, ['_RTL_RUN_ONCE']],
+    'CommitLimitData' : [ 0xd4, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+    'FrontEndHeap' : [ 0xe4, ['pointer', ['void']]],
+    'FrontHeapLockCount' : [ 0xe8, ['unsigned short']],
+    'FrontEndHeapType' : [ 0xea, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0xeb, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0xec, ['pointer', ['wchar']]],
+    'FrontEndHeapMaximumIndex' : [ 0xf0, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0xf2, ['array', 257, ['unsigned char']]],
+    'Counters' : [ 0x1f4, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x250, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1eed' : [ 0x38, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x38, {
+    'Lock' : [ 0x0, ['__unnamed_1eed']],
+} ],
+  '_HEAP_ENTRY' : [ 0x8, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x40, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x20, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x8, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x10, ['unsigned long']],
+    'ReserveSize' : [ 0x14, ['unsigned long']],
+    'BusyBlock' : [ 0x18, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x10, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+    'FreeList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_HP_PADDING_HEADER' : [ 0x8, {
+    'PaddingSize' : [ 0x0, ['unsigned long']],
+    'Spare' : [ 0x4, ['unsigned long']],
+} ],
+  '_HEAP_LARGE_ALLOC_DATA' : [ 0x14, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'UnusedBytes' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ExtraPresent' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuardPageCount' : [ 0x10, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'GuardPageAlignment' : [ 0x10, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned long')]],
+    'Spare' : [ 0x10, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'AllocatedPages' : [ 0x10, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1f46' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1f48' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1f46']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1f4a' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1f4c' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1f4a']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1f48']],
+    'u2' : [ 0x4, ['__unnamed_1f4c']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x24, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer', ['_BLOB_COUNTERS']]],
+    'CleanupProcedure' : [ 0x14, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x18, ['pointer', ['void']]],
+    'DestroyProcedure' : [ 0x1c, ['pointer', ['void']]],
+    'UsualSize' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_1f67' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1f69' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1f67']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x18, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'u1' : [ 0x8, ['__unnamed_1f69']],
+    'ResourceId' : [ 0x9, ['unsigned char']],
+    'CachedReferences' : [ 0xa, ['short']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Pad' : [ 0x10, ['unsigned long']],
+    'Lock' : [ 0x14, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1f7d' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1f7f' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1f7d']],
+} ],
+  '_KALPC_SECTION' : [ 0x28, {
+    'SectionObject' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'HandleTable' : [ 0x8, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0xc, ['pointer', ['void']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x14, ['pointer', ['_ALPC_PORT']]],
+    'u1' : [ 0x18, ['__unnamed_1f7f']],
+    'NumberOfRegions' : [ 0x1c, ['unsigned long']],
+    'RegionListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1f88' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1f8a' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1f88']],
+} ],
+  '_KALPC_REGION' : [ 0x30, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x8, ['pointer', ['_KALPC_SECTION']]],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ViewSize' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_1f8a']],
+    'NumberOfViews' : [ 0x1c, ['unsigned long']],
+    'ViewListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x28, ['pointer', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x2c, ['pointer', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1f90' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemSpace' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_1f92' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1f90']],
+} ],
+  '_KALPC_VIEW' : [ 0x34, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x8, ['pointer', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'Address' : [ 0x14, ['pointer', ['void']]],
+    'Size' : [ 0x18, ['unsigned long']],
+    'SecureViewHandle' : [ 0x1c, ['pointer', ['void']]],
+    'WriteAccessHandle' : [ 0x20, ['pointer', ['void']]],
+    'u1' : [ 0x24, ['__unnamed_1f92']],
+    'NumberOfOwnerMessages' : [ 0x28, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x28, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x4, ['pointer', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0xc, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x14, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x24, ['pointer', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_1faf' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_1fb1' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1faf']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x11c, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x10, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x14, ['pointer', ['void']]],
+    'CompletionPacketLookaside' : [ 0x18, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x1c, ['pointer', ['void']]],
+    'StaticSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x60, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0x74, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0x7c, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0x80, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0x8c, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0x94, ['pointer', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'PortAttributes' : [ 0x98, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0xc4, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0xd0, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0xd4, ['pointer', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0xd8, ['pointer', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0xdc, ['pointer', ['void']]],
+    'CanceledQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0xe8, ['long']],
+    'ReferenceNo' : [ 0xec, ['long']],
+    'ReferenceNoWait' : [ 0xf0, ['pointer', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0xf4, ['__unnamed_1fb1']],
+    'TargetQueuePort' : [ 0xf8, ['pointer', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0xfc, ['pointer', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x100, ['pointer', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x104, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x108, ['unsigned long']],
+    'PendingQueueLength' : [ 0x10c, ['unsigned long']],
+    'DirectQueueLength' : [ 0x110, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x114, ['unsigned long']],
+    'WaitQueueLength' : [ 0x118, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x58, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x10, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x14, ['pointer', ['void']]],
+    'UserLimit' : [ 0x18, ['pointer', ['void']]],
+    'DataUserVa' : [ 0x1c, ['pointer', ['void']]],
+    'SystemVa' : [ 0x20, ['pointer', ['void']]],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'Header' : [ 0x28, ['pointer', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x2c, ['pointer', ['void']]],
+    'ListSize' : [ 0x30, ['unsigned long']],
+    'Bitmap' : [ 0x34, ['pointer', ['void']]],
+    'BitmapSize' : [ 0x38, ['unsigned long']],
+    'Data' : [ 0x3c, ['pointer', ['void']]],
+    'DataSize' : [ 0x40, ['unsigned long']],
+    'BitmapLimit' : [ 0x44, ['unsigned long']],
+    'BitmapNextHint' : [ 0x48, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x4c, ['unsigned long']],
+    'AttributeFlags' : [ 0x50, ['unsigned long']],
+    'AttributeSize' : [ 0x54, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ObjectName' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x10, ['pointer', ['void']]],
+    'SecurityQualityOfService' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0x90, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x10, ['pointer', ['void']]],
+    'Index' : [ 0x14, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x18, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x1c, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x20, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x24, ['unsigned long']],
+    'TypeInfo' : [ 0x28, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0x84, ['unsigned long']],
+    'CallbackList' : [ 0x88, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x14, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1fd6' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_1fd8' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1fd6']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x98, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'u1' : [ 0x14, ['__unnamed_1fd8']],
+    'SequenceNo' : [ 0x18, ['long']],
+    'QuotaProcess' : [ 0x1c, ['pointer', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x1c, ['pointer', ['void']]],
+    'CancelSequencePort' : [ 0x20, ['pointer', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x24, ['pointer', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x28, ['long']],
+    'CancelListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x34, ['pointer', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x38, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0x60, ['pointer', ['void']]],
+    'CommunicationInfo' : [ 0x64, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0x68, ['pointer', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0x6c, ['pointer', ['_ETHREAD']]],
+    'WakeReference' : [ 0x70, ['pointer', ['void']]],
+    'WakeReference2' : [ 0x74, ['pointer', ['void']]],
+    'ExtensionBuffer' : [ 0x78, ['pointer', ['void']]],
+    'ExtensionBufferSize' : [ 0x7c, ['unsigned long']],
+    'PortMessage' : [ 0x80, ['_PORT_MESSAGE']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x24, {
+    'PortObject' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'Message' : [ 0x4, ['pointer', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'TargetPort' : [ 0x10, ['pointer', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x14, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalLength' : [ 0x1c, ['unsigned short']],
+    'Type' : [ 0x1e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x20, ['unsigned short']],
+    'SignalCompletion' : [ 0x22, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x23, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x4, ['unsigned long']],
+    'ViewBase' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_KALPC_RESERVE' : [ 0x14, {
+    'OwnerPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x4, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Message' : [ 0xc, ['pointer', ['_KALPC_MESSAGE']]],
+    'Active' : [ 0x10, ['long']],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x24, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x28, {
+    'ClientContext' : [ 0x0, ['pointer', ['void']]],
+    'ServerContext' : [ 0x4, ['pointer', ['void']]],
+    'PortContext' : [ 0x8, ['pointer', ['void']]],
+    'CancelPortContext' : [ 0xc, ['pointer', ['void']]],
+    'SecurityData' : [ 0x10, ['pointer', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x14, ['pointer', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x18, ['pointer', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x1c, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x20, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_2019' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_201b' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_2019']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x50, {
+    'HandleTable' : [ 0x0, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x4, ['pointer', ['void']]],
+    'OwningProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x10, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x4c, ['__unnamed_201b']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x4, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'DirectType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EventReferenced' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EventObjectBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x8, ['unsigned long']],
+    'KeyContext' : [ 0xc, ['pointer', ['void']]],
+    'ApcContext' : [ 0x10, ['pointer', ['void']]],
+    'IoStatus' : [ 0x14, ['long']],
+    'IoStatusInformation' : [ 0x18, ['unsigned long']],
+    'MiniPacketCallback' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Allocated' : [ 0x24, ['unsigned char']],
+} ],
+  '__unnamed_2066' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UserFlags' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 32, native_type='unsigned long long')]],
+    'SystemFlags' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 48, native_type='unsigned long long')]],
+    'UserFlagsId' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x38, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer', ['void']]],
+    'DiskIoAttributionHandle' : [ 0xc, ['unsigned long']],
+    'ActivityId' : [ 0x10, ['_GUID']],
+    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x20, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x20, ['pointer', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x24, ['long long']],
+    'AdapterCryptoParameters' : [ 0x20, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+    'DriverFlags' : [ 0x30, ['__unnamed_2066']],
+} ],
+  '_DRIVER_OBJECT' : [ 0xa8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DriverStart' : [ 0xc, ['pointer', ['void']]],
+    'DriverSize' : [ 0x10, ['unsigned long']],
+    'DriverSection' : [ 0x14, ['pointer', ['void']]],
+    'DriverExtension' : [ 0x18, ['pointer', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x1c, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x28, ['pointer', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x2c, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x30, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x34, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x38, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x14, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0xc, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x2c, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x4, ['array', 9, ['pointer', ['void']]]],
+    'FoIoPriorityHint' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0x88, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x8, ['long']],
+    'Information' : [ 0xc, ['unsigned long']],
+    'ParseCheck' : [ 0x10, ['unsigned long']],
+    'RelatedFileObject' : [ 0x14, ['pointer', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x18, ['pointer', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x28, ['unsigned long']],
+    'FileAttributes' : [ 0x2c, ['unsigned short']],
+    'ShareAccess' : [ 0x2e, ['unsigned short']],
+    'EaBuffer' : [ 0x30, ['pointer', ['void']]],
+    'EaLength' : [ 0x34, ['unsigned long']],
+    'Options' : [ 0x38, ['unsigned long']],
+    'Disposition' : [ 0x3c, ['unsigned long']],
+    'BasicInformation' : [ 0x40, ['pointer', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x44, ['pointer', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x48, ['pointer', ['void']]],
+    'CreateFileType' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x50, ['pointer', ['void']]],
+    'Override' : [ 0x54, ['unsigned char']],
+    'QueryOnly' : [ 0x55, ['unsigned char']],
+    'DeleteOnly' : [ 0x56, ['unsigned char']],
+    'FullAttributes' : [ 0x57, ['unsigned char']],
+    'LocalFileObject' : [ 0x58, ['pointer', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x5c, ['unsigned long']],
+    'AccessMode' : [ 0x60, ['unsigned char']],
+    'DriverCreateContext' : [ 0x64, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0x7c, ['unsigned long']],
+    'FilterQuery' : [ 0x80, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_20eb' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x110, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_20eb']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer', ['wchar']]],
+    'LogFileName' : [ 0x3c, ['pointer', ['wchar']]],
+    'TimeZone' : [ 0x40, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0xf8, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x108, ['unsigned long']],
+    'BuffersLost' : [ 0x10c, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x8, {
+    'QueueTail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStatePendingCompression', 5: u'EtwBufferStateCompressed', 6: u'EtwBufferStatePlaceholder', 7: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer', ['void']]],
+    'Pointer1' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x390, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 1, ['unsigned long']]],
+    'ErrorMarker' : [ 0x18, ['unsigned long']],
+    'SizeMask' : [ 0x1c, ['unsigned long']],
+    'GetCpuClock' : [ 0x20, ['pointer', ['void']]],
+    'LoggerThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x28, ['long']],
+    'FailureReason' : [ 0x2c, ['unsigned long']],
+    'BufferQueue' : [ 0x30, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x38, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x40, ['_LIST_ENTRY']],
+    'DebugIdTrackingList' : [ 0x48, ['_LIST_ENTRY']],
+    'DecodeControlList' : [ 0x50, ['pointer', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'DecodeControlCount' : [ 0x54, ['unsigned long']],
+    'BatchedBufferList' : [ 0x58, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x58, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x5c, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x64, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x6c, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0x74, ['_UNICODE_STRING']],
+    'ClockType' : [ 0x7c, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0x80, ['unsigned long']],
+    'FlushTimer' : [ 0x84, ['unsigned long']],
+    'FlushThreshold' : [ 0x88, ['unsigned long']],
+    'ByteOffset' : [ 0x90, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0x98, ['unsigned long']],
+    'BuffersAvailable' : [ 0x9c, ['long']],
+    'NumberOfBuffers' : [ 0xa0, ['long']],
+    'MaximumBuffers' : [ 0xa4, ['unsigned long']],
+    'EventsLost' : [ 0xa8, ['unsigned long']],
+    'PeakBuffersCount' : [ 0xac, ['long']],
+    'BuffersWritten' : [ 0xb0, ['unsigned long']],
+    'LogBuffersLost' : [ 0xb4, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xb8, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xbc, ['unsigned long']],
+    'SequencePtr' : [ 0xc0, ['pointer', ['long']]],
+    'LocalSequence' : [ 0xc4, ['unsigned long']],
+    'InstanceGuid' : [ 0xc8, ['_GUID']],
+    'MaximumFileSize' : [ 0xd8, ['unsigned long']],
+    'FileCounter' : [ 0xdc, ['long']],
+    'PoolType' : [ 0xe0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0xe8, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0xf8, ['long']],
+    'ProviderInfoSize' : [ 0xfc, ['unsigned long']],
+    'Consumers' : [ 0x100, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x108, ['unsigned long']],
+    'TransitionConsumer' : [ 0x10c, ['pointer', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x110, ['pointer', ['void']]],
+    'RealtimeLogfileName' : [ 0x114, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x120, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x128, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x130, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x138, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x140, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x148, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x150, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x160, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x164, ['_KEVENT']],
+    'FlushEvent' : [ 0x174, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x188, ['_KTIMER']],
+    'LoggerDpc' : [ 0x1b0, ['_KDPC']],
+    'LoggerMutex' : [ 0x1d0, ['_KMUTANT']],
+    'LoggerLock' : [ 0x1f0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x1f4, ['unsigned long']],
+    'BufferListPushLock' : [ 0x1f4, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x1f8, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x234, ['pointer', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x238, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x240, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x248, ['pointer', ['void']]],
+    'BufferSequenceNumber' : [ 0x250, ['long long']],
+    'Flags' : [ 0x258, ['unsigned long']],
+    'Persistent' : [ 0x258, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x258, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x258, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x258, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x258, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x258, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x258, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x258, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x258, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x258, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x258, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x258, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x258, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x258, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x258, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LastBranchTracing' : [ 0x258, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x258, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x258, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProviderTracking' : [ 0x258, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessorTrace' : [ 0x258, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'QpcDeltaTracking' : [ 0x258, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'MarkerBufferSaved' : [ 0x258, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x258, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x25c, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x25c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x25c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x25c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x25c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x25c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x25c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x25c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x25c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x25c, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'StackTraceBlock' : [ 0x260, ['_ETW_STACK_TRACE_BLOCK']],
+    'HookIdMap' : [ 0x2b0, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x2b8, ['pointer', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x2bc, ['pointer', ['_ETW_PMC_SUPPORT']]],
+    'LbrData' : [ 0x2c0, ['pointer', ['_ETW_LBR_SUPPORT']]],
+    'IptData' : [ 0x2c4, ['pointer', ['_ETW_IPT_SUPPORT']]],
+    'BinaryTrackingList' : [ 0x2c8, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x2d0, ['pointer', ['pointer', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x2d4, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x2e0, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x2e8, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x2f0, ['pointer', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x2f4, ['Enumeration', dict(target = 'long', choices = {0: u'EtwpPeriodicTimerUnset', 1: u'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x2f8, ['pointer', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x2fc, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x300, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x310, ['long']],
+    'CompressionLock' : [ 0x314, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x318, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x31c, ['pointer', ['void']]],
+    'CompressionOn' : [ 0x320, ['long']],
+    'CompressionRatioGuess' : [ 0x324, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x328, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x32c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwCompressionModeRestart', 1: u'EtwCompressionModeNoDisable', 2: u'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x330, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x334, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x358, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x360, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x368, ['_LARGE_INTEGER']],
+    'ReferenceQpcDelta' : [ 0x370, ['long long']],
+    'CallbackContext' : [ 0x378, ['pointer', ['_ETW_EVENT_CALLBACK_CONTEXT']]],
+    'LastDroppedTime' : [ 0x37c, ['pointer', ['_LARGE_INTEGER']]],
+    'FlushingLastDroppedTime' : [ 0x380, ['pointer', ['_LARGE_INTEGER']]],
+    'FlushingSequenceNumber' : [ 0x388, ['long long']],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x18, {
+    'Source' : [ 0x0, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x4, ['unsigned long']],
+    'HookId' : [ 0x8, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x10, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x14, ['array', 1, ['pointer', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LBR_SUPPORT' : [ 0x14, {
+    'LbrHandle' : [ 0x0, ['unsigned long']],
+    'LbrOptions' : [ 0x4, ['unsigned long']],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_IPT_SUPPORT' : [ 0x20, {
+    'IptHandle' : [ 0x0, ['pointer', ['void']]],
+    'IptOption' : [ 0x8, ['unsigned long long']],
+    'EtwHwTraceExtInterface' : [ 0x10, ['pointer', ['_ETW_HW_TRACE_EXT_INTERFACE']]],
+    'HookIdCount' : [ 0x14, ['unsigned long']],
+    'HookId' : [ 0x18, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0xa90, {
+    'Silo' : [ 0x0, ['pointer', ['_EJOB']]],
+    'SiloGlobals' : [ 0x4, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'MaxLoggers' : [ 0x8, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x10, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x178, ['pointer', ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'EtwpLoggerContext' : [ 0x17c, ['pointer', ['pointer', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x180, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0x880, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0x890, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0x894, ['long']],
+    'EtwpSecurityProviderPID' : [ 0x898, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0x89c, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0x8ac, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0x8c0, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0x8c8, ['pointer', ['_ETW_SILO_TRACING_BLOCK']]],
+    'ContainerRestoreWnfSubscription' : [ 0x8cc, ['pointer', ['_EX_WNF_SUBSCRIPTION']]],
+    'PartitionId' : [ 0x8d0, ['_GUID']],
+    'ParentId' : [ 0x8e0, ['_GUID']],
+    'QpcOffsetFromRoot' : [ 0x8f0, ['_LARGE_INTEGER']],
+    'PartitionType' : [ 0x8f8, ['unsigned long']],
+    'SystemLoggerSettings' : [ 0x8fc, ['_ETW_SYSTEM_LOGGER_SETTINGS']],
+    'EtwpStartTraceMutex' : [ 0xa70, ['_KMUTANT']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x18, {
+    'SystemLogonSession' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x4, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x8, ['pointer', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0xc, ['pointer', ['void']]],
+    'UncSystemPaths' : [ 0x10, ['pointer', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x14, ['pointer', ['_CI_NGEN_PATHS']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x2a8, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x34, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x94, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x98, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0x9c, ['pointer', ['void']]],
+    'DynamicPart' : [ 0xa0, ['pointer', ['unsigned long']]],
+    'DefaultDacl' : [ 0xa4, ['pointer', ['_ACL']]],
+    'TokenType' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xb0, ['unsigned long']],
+    'TokenInUse' : [ 0xb4, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xb8, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xbc, ['unsigned long']],
+    'LogonSession' : [ 0xc0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xc4, ['_LUID']],
+    'SidHash' : [ 0xcc, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x154, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x1dc, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x1e0, ['pointer', ['void']]],
+    'Capabilities' : [ 0x1e4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x1e8, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x1ec, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x274, ['pointer', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x278, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x27c, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x280, ['pointer', ['void']]],
+    'TrustLinkedToken' : [ 0x284, ['pointer', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x288, ['pointer', ['void']]],
+    'TokenSidValues' : [ 0x28c, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x290, ['pointer', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x294, ['pointer', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x298, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x29c, ['pointer', ['void']]],
+    'VariablePart' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x6c, {
+    'Next' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x4, ['_LUID']],
+    'BuddyLogonId' : [ 0xc, ['_LUID']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'pDeviceMap' : [ 0x1c, ['pointer', ['_DEVICE_MAP']]],
+    'Token' : [ 0x20, ['pointer', ['void']]],
+    'AccountName' : [ 0x24, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x2c, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x34, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x40, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x44, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x48, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0x58, ['pointer', ['_EJOB']]],
+    'SiblingAuthId' : [ 0x5c, ['_LUID']],
+    'TokenList' : [ 0x64, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x20, {
+    'PointerCount' : [ 0x0, ['long']],
+    'HandleCount' : [ 0x4, ['long']],
+    'NextToFree' : [ 0x4, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0xc, ['unsigned char']],
+    'TraceFlags' : [ 0xd, ['unsigned char']],
+    'DbgRefTrace' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0xe, ['unsigned char']],
+    'Flags' : [ 0xf, ['unsigned char']],
+    'NewObject' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0xf, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0xf, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0xf, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0xf, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectCreateInfo' : [ 0x10, ['pointer', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x10, ['pointer', ['void']]],
+    'SecurityDescriptor' : [ 0x14, ['pointer', ['void']]],
+    'Body' : [ 0x18, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x10, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x8, {
+    'ExclusiveProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x8, {
+    'HandleCountDataBase' : [ 0x0, ['pointer', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x10, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x4, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0xc, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x10, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x8, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0xc, ['unsigned short']],
+    'Reserved1' : [ 0xe, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x8, {
+    'SecurityDescriptor' : [ 0x0, ['pointer', ['void']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x8, {
+    'Footer' : [ 0x0, ['pointer', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x18, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x10, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x8, {
+    'Context1' : [ 0x0, ['pointer', ['void']]],
+    'Context2' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x10, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x8, ['pointer', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0xc, ['unsigned char']],
+    'Padding1' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x18, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'EntryLink' : [ 0x8, ['pointer', ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0xc, ['unsigned long']],
+    'HashIndex' : [ 0x10, ['unsigned short']],
+    'DirectoryLocked' : [ 0x12, ['unsigned char']],
+    'LockedExclusive' : [ 0x13, ['unsigned char']],
+    'LockStateSignature' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0xb0, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x94, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x98, ['pointer', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x9c, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0xa0, ['pointer', ['void']]],
+    'SessionObject' : [ 0xa4, ['pointer', ['void']]],
+    'Flags' : [ 0xa8, ['unsigned long']],
+    'SessionId' : [ 0xac, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x1a4, {
+    'SystemDeviceMap' : [ 0x0, ['pointer', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x4, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x74, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0xc, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x4, ['pointer', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x8, ['pointer', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x420, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x8, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0xc, ['unsigned long']],
+    'ErrorCount' : [ 0x10, ['long']],
+    'RecordCount' : [ 0x14, ['unsigned long']],
+    'RecordLength' : [ 0x18, ['unsigned long']],
+    'PoolTag' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x24, ['pointer', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x28, ['pointer', ['void']]],
+    'SectionCount' : [ 0x2c, ['unsigned long']],
+    'SectionLength' : [ 0x30, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x38, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x40, ['unsigned long']],
+    'TotalErrors' : [ 0x44, ['unsigned long']],
+    'Deferred' : [ 0x48, ['unsigned char']],
+    'Busy' : [ 0x4c, ['long']],
+    'Descriptor' : [ 0x50, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xe4, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'ProcessorNumber' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x14, ['long']],
+    'ErrorSource' : [ 0x18, ['pointer', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x1c, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x48, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_WNF_NODE_HEADER' : [ 0x4, {
+    'NodeTypeCode' : [ 0x0, ['unsigned short']],
+    'NodeByteSize' : [ 0x2, ['unsigned short']],
+} ],
+  '_WNF_LOCK' : [ 0x4, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  '_WNF_STATE_NAME_STRUCT' : [ 0x8, {
+    'Version' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NameLifetime' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long long')]],
+    'DataScope' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 10, native_type='unsigned long long')]],
+    'PermanentData' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WNF_SCOPE_INSTANCE' : [ 0x2c, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x4, ['_EX_RUNDOWN_REF']],
+    'DataScope' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WnfDataScopeSystem', 1: u'WnfDataScopeSession', 2: u'WnfDataScopeUser', 3: u'WnfDataScopeProcess', 4: u'WnfDataScopeMachine'})]],
+    'InstanceIdSize' : [ 0xc, ['unsigned long']],
+    'InstanceIdData' : [ 0x10, ['pointer', ['void']]],
+    'ResolverListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'NameSetLock' : [ 0x1c, ['_WNF_LOCK']],
+    'NameSet' : [ 0x20, ['_RTL_AVL_TREE']],
+    'PermanentDataStore' : [ 0x24, ['pointer', ['void']]],
+    'VolatilePermanentDataStore' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_WNF_NAME_INSTANCE' : [ 0x60, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x4, ['_EX_RUNDOWN_REF']],
+    'TreeLinks' : [ 0x8, ['_RTL_BALANCED_NODE']],
+    'StateName' : [ 0x18, ['_WNF_STATE_NAME_STRUCT']],
+    'ScopeInstance' : [ 0x20, ['pointer', ['_WNF_SCOPE_INSTANCE']]],
+    'StateNameInfo' : [ 0x24, ['_WNF_STATE_NAME_REGISTRATION']],
+    'StateDataLock' : [ 0x30, ['_WNF_LOCK']],
+    'StateData' : [ 0x34, ['pointer', ['_WNF_STATE_DATA']]],
+    'CurrentChangeStamp' : [ 0x38, ['unsigned long']],
+    'PermanentDataStore' : [ 0x3c, ['pointer', ['void']]],
+    'StateSubscriptionListLock' : [ 0x40, ['_WNF_LOCK']],
+    'StateSubscriptionListHead' : [ 0x44, ['_LIST_ENTRY']],
+    'TemporaryNameListEntry' : [ 0x4c, ['_LIST_ENTRY']],
+    'CreatorProcess' : [ 0x54, ['pointer', ['_EPROCESS']]],
+    'DataSubscribersCount' : [ 0x58, ['long']],
+    'CurrentDeliveryCount' : [ 0x5c, ['long']],
+} ],
+  '_WNF_SUBSCRIPTION' : [ 0x58, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x4, ['_EX_RUNDOWN_REF']],
+    'SubscriptionId' : [ 0x8, ['unsigned long long']],
+    'ProcessSubscriptionListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Process' : [ 0x18, ['pointer', ['_EPROCESS']]],
+    'NameInstance' : [ 0x1c, ['pointer', ['_WNF_NAME_INSTANCE']]],
+    'StateName' : [ 0x20, ['_WNF_STATE_NAME_STRUCT']],
+    'StateSubscriptionListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'CallbackRoutine' : [ 0x30, ['unsigned long']],
+    'CallbackContext' : [ 0x34, ['pointer', ['void']]],
+    'CurrentChangeStamp' : [ 0x38, ['unsigned long']],
+    'SubscribedEventSet' : [ 0x3c, ['unsigned long']],
+    'PendingSubscriptionListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'SubscriptionState' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'WNF_SUB_STATE_QUIESCENT', 1: u'WNF_SUB_STATE_READY_TO_DELIVER', 2: u'WNF_SUB_STATE_IN_DELIVERY', 3: u'WNF_SUB_STATE_RETRY'})]],
+    'SignaledEventSet' : [ 0x4c, ['unsigned long']],
+    'InDeliveryEventSet' : [ 0x50, ['unsigned long']],
+} ],
+  '_WNF_PROCESS_CONTEXT' : [ 0x44, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'WnfProcessesListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ImplicitScopeInstances' : [ 0x10, ['array', 3, ['pointer', ['void']]]],
+    'TemporaryNamesListLock' : [ 0x1c, ['_WNF_LOCK']],
+    'TemporaryNamesListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ProcessSubscriptionListLock' : [ 0x28, ['_WNF_LOCK']],
+    'ProcessSubscriptionListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'DeliveryPendingListLock' : [ 0x34, ['_WNF_LOCK']],
+    'DeliveryPendingListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationEvent' : [ 0x40, ['pointer', ['_KEVENT']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x30, {
+    'ScopeMap' : [ 0x0, ['pointer', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x4, ['pointer', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x8, ['pointer', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x10, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x18, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x20, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x28, ['long long']],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x20, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_WNF_DISPATCHER' : [ 0x18, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+    'State' : [ 0x14, ['long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0xc, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x10, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x14, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x8, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0xc, ['long']],
+    'HighWaterMark' : [ 0x10, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x18, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x8, ['unsigned long']],
+    'DpcQueueDepth' : [ 0xc, ['long']],
+    'DpcCount' : [ 0x10, ['unsigned long']],
+    'ActiveDpc' : [ 0x14, ['pointer', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_22a5' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x7000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_22a5']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x18, ['unsigned long']],
+    'NonPagablePages' : [ 0x1c, ['unsigned long']],
+    'CommittedPages' : [ 0x20, ['unsigned long']],
+    'PagedPoolStart' : [ 0x24, ['pointer', ['void']]],
+    'PagedPoolEnd' : [ 0x28, ['pointer', ['void']]],
+    'SessionObject' : [ 0x2c, ['pointer', ['void']]],
+    'SessionObjectHandle' : [ 0x30, ['pointer', ['void']]],
+    'ImageTree' : [ 0x34, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x38, ['unsigned long']],
+    'AttachCount' : [ 0x3c, ['unsigned long']],
+    'AttachGate' : [ 0x40, ['_KGATE']],
+    'WsListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'PagedPoolInfo' : [ 0x58, ['_MM_PAGED_POOL_INFO']],
+    'Session' : [ 0x64, ['_MMSESSION']],
+    'CombineDomain' : [ 0x78, ['unsigned long long']],
+    'Vm' : [ 0x80, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0x180, ['_MMWSL_INSTANCE']],
+    'HeapState' : [ 0x198, ['pointer', ['void']]],
+    'PagedPool' : [ 0x1c0, ['_POOL_DESCRIPTOR']],
+    'DriverUnload' : [ 0x2c0, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'TopLevelPteLockBits' : [ 0x2c4, ['array', 128, ['unsigned long']]],
+    'PageTables' : [ 0x4c8, ['array', 1024, ['_MMPTE']]],
+    'SessionPteLock' : [ 0x24c8, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x24cc, ['long']],
+    'PagedPoolPdeCount' : [ 0x24d0, ['long']],
+    'DynamicSessionPdeCount' : [ 0x24d4, ['unsigned long']],
+    'SystemPteInfo' : [ 0x24d8, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x250c, ['pointer', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x2510, ['unsigned long']],
+    'PoolTrackBigPages' : [ 0x2514, ['pointer', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x2518, ['unsigned long']],
+    'PermittedFaultsTree' : [ 0x251c, ['_RTL_AVL_TREE']],
+    'IoState' : [ 0x2520, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x2524, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x2528, ['_KEVENT']],
+    'ServerSilo' : [ 0x2538, ['pointer', ['_EJOB']]],
+    'CreateTime' : [ 0x2540, ['unsigned long long']],
+    'PoolTags' : [ 0x3000, ['array', 16384, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x130, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x12c, ['unsigned long']],
+} ],
+  '_CMP_VOLUME_CONTEXT' : [ 0x2c, {
+    'VolumeContextListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'VolumeManager' : [ 0x8, ['pointer', ['_CMP_VOLUME_MANAGER']]],
+    'RefCount' : [ 0xc, ['long']],
+    'VolumeGuid' : [ 0x10, ['_GUID']],
+    'VolumeFileObject' : [ 0x20, ['pointer', ['void']]],
+    'VolumeContextLock' : [ 0x24, ['_CMSI_RW_LOCK']],
+    'DeviceUsageNotificationSent' : [ 0x28, ['unsigned char']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer', ['void']]],
+    'OpenProcedure' : [ 0x34, ['pointer', ['void']]],
+    'CloseProcedure' : [ 0x38, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x3c, ['pointer', ['void']]],
+    'ParseProcedure' : [ 0x40, ['pointer', ['void']]],
+    'ParseProcedureEx' : [ 0x40, ['pointer', ['void']]],
+    'SecurityProcedure' : [ 0x44, ['pointer', ['void']]],
+    'QueryNameProcedure' : [ 0x48, ['pointer', ['void']]],
+    'OkayToCloseProcedure' : [ 0x4c, ['pointer', ['void']]],
+    'WaitObjectFlagMask' : [ 0x50, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x54, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x56, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x30, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0xc, ['unsigned long']],
+    'EntryOffset' : [ 0xc, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0xd, ['unsigned char']],
+    'WaitingBit' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0xe, ['unsigned char']],
+    'AcquiredBit' : [ 0xe, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0xf, ['unsigned char']],
+    'HeadNodeBit' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x10, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x10, ['pointer', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x10, ['unsigned char']],
+    'Reserved' : [ 0x11, ['array', 2, ['unsigned char']]],
+    'InTreeByte' : [ 0x13, ['unsigned char']],
+    'SessionState' : [ 0x14, ['pointer', ['void']]],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'OwnerTree' : [ 0x18, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x20, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x18, ['unsigned char']],
+    'EntryLock' : [ 0x28, ['unsigned long']],
+    'BoostBitmap' : [ 0x2c, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x40, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'TagIndex' : [ 0xc, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xe, ['unsigned short']],
+    'TagName' : [ 0x10, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x5c, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long']],
+    'TotalMemoryCommitted' : [ 0x4, ['unsigned long']],
+    'TotalMemoryLargeUCR' : [ 0x8, ['unsigned long']],
+    'TotalSizeInVirtualBlocks' : [ 0xc, ['unsigned long']],
+    'TotalSegments' : [ 0x10, ['unsigned long']],
+    'TotalUCRs' : [ 0x14, ['unsigned long']],
+    'CommittOps' : [ 0x18, ['unsigned long']],
+    'DeCommitOps' : [ 0x1c, ['unsigned long']],
+    'LockAcquires' : [ 0x20, ['unsigned long']],
+    'LockCollisions' : [ 0x24, ['unsigned long']],
+    'CommitRate' : [ 0x28, ['unsigned long']],
+    'DecommittRate' : [ 0x2c, ['unsigned long']],
+    'CommitFailures' : [ 0x30, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x34, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x38, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x3c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x40, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x44, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x48, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x4c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x50, ['unsigned long']],
+    'HighWatermarkSize' : [ 0x54, ['unsigned long']],
+    'LastPolledSize' : [ 0x58, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0xc, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x18, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'Irp' : [ 0xc, ['pointer', ['_IRP']]],
+    'Device' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x14, ['unsigned char']],
+} ],
+  '__unnamed_2312' : [ 0x10, {
+    'CallerCompletion' : [ 0x0, ['pointer', ['void']]],
+    'CallerContext' : [ 0x4, ['pointer', ['void']]],
+    'CallerDevice' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0xc, ['unsigned char']],
+} ],
+  '__unnamed_2315' : [ 0x8, {
+    'NotifyDevice' : [ 0x0, ['pointer', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x4, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0x98, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x18, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x20, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'MinorFunction' : [ 0x68, ['unsigned char']],
+    'PowerStateType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0x70, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0x74, ['unsigned char']],
+    'FxDevice' : [ 0x78, ['pointer', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0x7c, ['unsigned char']],
+    'NotifyPEP' : [ 0x7d, ['unsigned char']],
+    'IrpSequenceID' : [ 0x80, ['long']],
+    'Device' : [ 0x84, ['__unnamed_2312']],
+    'System' : [ 0x84, ['__unnamed_2315']],
+    'DStateReason' : [ 0x94, ['Enumeration', dict(target = 'long', choices = {0: u'PepNotifyDeviceDStateReasonNone', 1: u'PepNotifyDeviceDStateReasonSystemTransition', 2: u'PepNotifyDeviceDStateReasonDfx', 3: u'PepNotifyDeviceDStateReasonMax'})]],
+} ],
+  '__unnamed_231c' : [ 0x4, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_231c']],
+    'EndVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CLIENT_ID' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['pointer', ['void']]],
+    'UniqueThread' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x30, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedBytes' : [ 0x4, ['unsigned long']],
+    'NonPagedAllocs' : [ 0x8, ['unsigned long long']],
+    'NonPagedFrees' : [ 0x10, ['unsigned long long']],
+    'PagedBytes' : [ 0x18, ['unsigned long']],
+    'PagedAllocs' : [ 0x20, ['unsigned long long']],
+    'PagedFrees' : [ 0x28, ['unsigned long long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_CMP_VOLUME_MANAGER' : [ 0xc, {
+    'VolumeContextListLock' : [ 0x0, ['_CMSI_RW_LOCK']],
+    'VolumeContextListHead' : [ 0x4, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGK_SILOSTATE' : [ 0x10, {
+    'ErrorPortLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ErrorPort' : [ 0x4, ['pointer', ['_DBGKP_ERROR_PORT']]],
+    'ErrorProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ErrorPortRegisteredEvent' : [ 0xc, ['pointer', ['_KEVENT']]],
+} ],
+  '_STACK_TABLE' : [ 0x8040, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x4, ['array', 16, ['pointer', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x44, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x150, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'StrictVetoBias' : [ 0x8, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0xc, ['unsigned long']],
+    'TargetState' : [ 0x10, ['unsigned long']],
+    'ActualState' : [ 0x14, ['unsigned long']],
+    'OldState' : [ 0x18, ['unsigned long']],
+    'OverrideIndex' : [ 0x1c, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0x54, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x60, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x64, ['pointer', ['void']]],
+    'IdleExecute' : [ 0x68, ['pointer', ['void']]],
+    'IdlePreselect' : [ 0x6c, ['pointer', ['void']]],
+    'IdleTest' : [ 0x70, ['pointer', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x74, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x78, ['pointer', ['void']]],
+    'IdleCancel' : [ 0x7c, ['pointer', ['void']]],
+    'IdleIsHalted' : [ 0x80, ['pointer', ['void']]],
+    'IdleInitiateWake' : [ 0x84, ['pointer', ['void']]],
+    'PrepareInfo' : [ 0x88, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0xd8, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0xe4, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0xe8, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0xec, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0xf4, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0xfc, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x10c, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MM_PRIVATE_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'FixedLargePageSize' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ZeroFillPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Graphics' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ShadowStack' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x1c, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_2375' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+    'DeviceDriverDescriptor' : [ 0x0, ['_WHEA_DEVICE_DRIVER_DESCRIPTOR']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted', 3: u'WheaErrSrcStateRemoved', 4: u'WheaErrSrcStateRemovePending'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_2375']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0x80, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer', ['void']]],
+    'ThreadOwner' : [ 0xc, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x20, ['array', 8, ['pointer', ['void']]]],
+    'LastAcquireTrace' : [ 0x40, ['array', 8, ['pointer', ['void']]]],
+    'LastReleaseTrace' : [ 0x60, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_RTL_HEAP_MEMORY_LIMIT_DATA' : [ 0x10, {
+    'CommitLimitBytes' : [ 0x0, ['unsigned long']],
+    'CommitLimitFailureCode' : [ 0x4, ['unsigned long']],
+    'MaxAllocationSizeBytes' : [ 0x8, ['unsigned long']],
+    'AllocationLimitFailureCode' : [ 0xc, ['unsigned long']],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x9c, {
+    'ProcessCid' : [ 0x0, ['pointer', ['void']]],
+    'ThreadCid' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x18, ['unsigned long']],
+    'CreateTrace' : [ 0x1c, ['array', 30, ['unsigned long']]],
+    'Count' : [ 0x94, ['long']],
+    'CaptureCount' : [ 0x98, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0xa0, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x20, ['array', 128, ['unsigned char']]],
+} ],
+  '_VF_BTS_DATA_MANAGEMENT_AREA' : [ 0x34, {
+    'BTSBufferBase' : [ 0x0, ['pointer', ['void']]],
+    'BTSIndex' : [ 0x4, ['pointer', ['void']]],
+    'BTSMax' : [ 0x8, ['pointer', ['void']]],
+    'BTSInterruptThreshold' : [ 0xc, ['pointer', ['void']]],
+    'PEBSBufferBase' : [ 0x10, ['pointer', ['void']]],
+    'PEBSIndex' : [ 0x14, ['pointer', ['void']]],
+    'PEBSMax' : [ 0x18, ['pointer', ['void']]],
+    'PEBSInterruptThreshold' : [ 0x1c, ['pointer', ['void']]],
+    'PEBSCounterReset' : [ 0x20, ['array', 2, ['pointer', ['void']]]],
+    'Reserved' : [ 0x28, ['array', 12, ['unsigned char']]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ShortThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'IdleStateMax' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ResponsivenessDisableThreshold' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ResponsivenessEnableThreshold' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ResponsivenessDisableTime' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ResponsivenessEnableTime' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ResponsivenessEppCeiling' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ResponsivenessPerfFloor' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_239b' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_239e' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_SUBSECTION' : [ 0x28, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0xc, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0xc, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0xc, ['pointer', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x10, ['__unnamed_239b']],
+    'StartingSector' : [ 0x14, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x18, ['unsigned long']],
+    'PtesInSubsection' : [ 0x1c, ['unsigned long']],
+    'u1' : [ 0x20, ['__unnamed_239e']],
+    'UnusedPtes' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x24, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x180, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x40, ['pointer', ['_KDPC']]],
+    'ChildList' : [ 0x44, ['_LIST_ENTRY']],
+    'Parent' : [ 0x4c, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x8, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x4, ['pointer', ['pointer', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x130, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x8, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0xc, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x10, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x98, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x120, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x124, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x128, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x12c, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x4, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x8, ['pointer', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ChildOfVgaEnabledBridge' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DecodeIoOnBoot' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x14, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'LockMdlSwitchedTree' : [ 0x4, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Valid' : [ 0x10, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x24, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'EntryDescriptor' : [ 0x10, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x1c, ['unsigned long']],
+    'Handles' : [ 0x20, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0xa0, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0xc, {
+    'IdealMask' : [ 0x0, ['unsigned long']],
+    'PreferredMask' : [ 0x4, ['unsigned long']],
+    'AvailableMask' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_NAME_HASH' : [ 0xc, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'Name' : [ 0xa, ['array', 1, ['wchar']]],
+} ],
+  '_MMSESSION' : [ 0x14, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x4, ['pointer', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0xc, ['unsigned long']],
+    'BitmapFailures' : [ 0x10, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x14, {
+    'CompletionRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'RequestorMode' : [ 0xc, ['unsigned char']],
+    'NestingLevel' : [ 0x10, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0xc, {
+    'DirtyPages' : [ 0x0, ['unsigned long']],
+    'DirtyPagesLastScan' : [ 0x4, ['unsigned long']],
+    'DirtyPagesScheduledLastScan' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x58, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x8, {
+    'Sid' : [ 0x0, ['pointer', ['void']]],
+    'Attributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_MAP' : [ 0x38, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x4, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x8, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'DriveMap' : [ 0x10, ['unsigned long']],
+    'DriveType' : [ 0x14, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x34, ['pointer', ['_EJOB']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x4, ['pointer', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x8, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x4, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x10, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0xc, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x10, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x4, ['unsigned long']],
+    'Run' : [ 0x8, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SessionHeapInitialized' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SessionHeapDestroyed' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0xc, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x4, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_MI_LARGEPAGE_VAD_INFO' : [ 0xc, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x4, ['unsigned long']],
+    'ReferencedPartition' : [ 0x8, ['pointer', ['_EPARTITION']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x14, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer', ['void']]],
+    'OverQuotaHistory' : [ 0x4, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x8, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x8, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x4, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x30, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x4, ['unsigned long']],
+    'SenderPort' : [ 0x8, ['pointer', ['void']]],
+    'RepliedToThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'PortContext' : [ 0x10, ['pointer', ['void']]],
+    'Request' : [ 0x18, ['_PORT_MESSAGE']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x20, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0xc, ['unsigned long']],
+    'CollectMultiple' : [ 0x10, ['unsigned char']],
+    'Buffer' : [ 0x14, ['pointer', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+} ],
+  '_PO_DIRECTED_DRIPS_STATE' : [ 0x20, {
+    'QueueLink' : [ 0x0, ['_LIST_ENTRY']],
+    'VisitedQueueLink' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'CachedFlags' : [ 0x14, ['unsigned long']],
+    'DeviceUsageCount' : [ 0x18, ['unsigned long']],
+    'Diagnostic' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x1c, {
+    'ObjectHeader' : [ 0x0, ['pointer', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x18, ['unsigned short']],
+    'MaxStacks' : [ 0x1a, ['unsigned short']],
+    'StackInfo' : [ 0x1c, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '__unnamed_2434' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x60, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_2434']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'WritesOutstanding' : [ 0x1c, ['unsigned long']],
+    'EvictFlushLock' : [ 0x20, ['long']],
+    'EvictionThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x28, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x38, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x40, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x50, ['pointer', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x54, ['pointer', ['_EPROCESS']]],
+    'DeleteStoredPages' : [ 0x58, ['unsigned long']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['unsigned long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x19c, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_VF_BTS_RECORD' : [ 0xc, {
+    'JumpedFrom' : [ 0x0, ['pointer', ['void']]],
+    'JumpedTo' : [ 0x4, ['pointer', ['void']]],
+    'Unused1' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Predicted' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Unused2' : [ 0x8, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_RETPOLINE_RELOCATION_INFORMATION' : [ 0x24, {
+    'BinaryInfo' : [ 0x0, ['_RTL_RETPOLINE_BINARY_INFO']],
+    'RelocationBuffer' : [ 0x1c, ['pointer', ['void']]],
+    'Index' : [ 0x20, ['array', 1, ['pointer', ['_RTL_RETPOLINE_RELOCATION_INDEX']]]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+    'IdleStateMax' : [ 0x2e, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x2c, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long']],
+    'MemoryBandwidth' : [ 0x14, ['unsigned long']],
+    'MaxPoolUsage' : [ 0x18, ['unsigned long']],
+    'MaxSectionSize' : [ 0x1c, ['unsigned long']],
+    'MaxViewSize' : [ 0x20, ['unsigned long']],
+    'MaxTotalSectionSize' : [ 0x24, ['unsigned long']],
+    'DupObjectTypes' : [ 0x28, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x44, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['long']],
+    'Dpc' : [ 0x10, ['_KDPC']],
+    'WorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0xc, ['pointer', ['void']]],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x4, {
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2466' : [ 0x4, {
+    'PageAlignLargeAllocs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableDelayFree' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_RTL_HP_VS_CONFIG' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_2466']],
+} ],
+  '_EXHANDLE' : [ 0x4, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Group' : [ 0x8, ['pointer', ['void']]],
+    'Sacl' : [ 0xc, ['pointer', ['_ACL']]],
+    'Dacl' : [ 0x10, ['pointer', ['_ACL']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x4c, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x4, ['_KMUTANT']],
+    'Lock' : [ 0x24, ['_FAST_MUTEX']],
+    'List' : [ 0x44, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x8, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x10, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x1c, ['unsigned char']],
+    'DeviceObject' : [ 0x20, ['pointer', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x24, ['pointer', ['wchar']]],
+    'DriverName' : [ 0x28, ['pointer', ['wchar']]],
+    'ChildCount' : [ 0x2c, ['unsigned long']],
+    'ActiveChild' : [ 0x30, ['unsigned long']],
+    'ParentCount' : [ 0x34, ['unsigned long']],
+    'ActiveParent' : [ 0x38, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x19c, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x4, ['pointer', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x8, ['pointer', ['_HMAP_TABLE']]],
+    'Guard' : [ 0xc, ['unsigned long']],
+    'FreeDisplay' : [ 0x10, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x190, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x198, ['unsigned long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x4, ['unsigned long']],
+    'RequestPacket' : [ 0x8, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x18, ['pointer', ['long']]],
+    'NodeTargetCount' : [ 0x1c, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x4, ['_LIST_ENTRY']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0xc, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x4, ['pointer', ['void']]],
+    'DataLength' : [ 0x8, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x38, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'Reserved3' : [ 0x10, ['array', 4, ['pointer', ['void']]]],
+    'Reserved4' : [ 0x20, ['array', 4, ['unsigned long']]],
+    'Reserved6' : [ 0x30, ['array', 2, ['pointer', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x8, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x18, {
+    'AllocAddress' : [ 0x0, ['unsigned long']],
+    'AllocTag' : [ 0x4, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x8, ['unsigned long']],
+    'ReAllocTag' : [ 0xc, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x10, ['unsigned long']],
+    'FreeTag' : [ 0x14, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x30, {
+    'LsaProcessHandle' : [ 0x0, ['pointer', ['void']]],
+    'LsaCommandPortHandle' : [ 0x4, ['pointer', ['void']]],
+    'SepRmThreadHandle' : [ 0x8, ['pointer', ['void']]],
+    'RmCommandPortHandle' : [ 0xc, ['pointer', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x10, ['pointer', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x14, ['pointer', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x20, ['pointer', ['void']]],
+    'RmViewPortMemory' : [ 0x24, ['pointer', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x28, ['long']],
+    'LsaCommandPortActive' : [ 0x2c, ['unsigned char']],
+} ],
+  '_MM_GRAPHICS_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'FixedLargePageSize' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ZeroFillPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'GraphicsAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'GraphicsUseCoherentBus' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'GraphicsPageProtection' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 29, native_type='unsigned long')]],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x18, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x8, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0xc, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x58, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x10, ['pointer', ['void']]],
+    'Tm' : [ 0x14, ['pointer', ['void']]],
+    'RmHandle' : [ 0x18, ['pointer', ['void']]],
+    'KtmRm' : [ 0x1c, ['pointer', ['void']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'ContainerNum' : [ 0x24, ['unsigned long']],
+    'ContainerSize' : [ 0x28, ['unsigned long long']],
+    'CmHive' : [ 0x30, ['pointer', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x34, ['pointer', ['void']]],
+    'MarshallingContext' : [ 0x38, ['pointer', ['void']]],
+    'RmFlags' : [ 0x3c, ['unsigned long']],
+    'LogStartStatus1' : [ 0x40, ['long']],
+    'LogStartStatus2' : [ 0x44, ['long']],
+    'BaseLsn' : [ 0x48, ['unsigned long long']],
+    'RmLock' : [ 0x50, ['pointer', ['_ERESOURCE']]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'AllocatedPagedPool' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x44, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xc, ['_UNICODE_STRING']],
+    'Latency' : [ 0x14, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x18, ['unsigned long']],
+    'Power' : [ 0x1c, ['unsigned long']],
+    'StateFlags' : [ 0x20, ['unsigned long']],
+    'VetoAccounting' : [ 0x24, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0x3c, ['unsigned char']],
+    'InterruptsEnabled' : [ 0x3d, ['unsigned char']],
+    'Interruptible' : [ 0x3e, ['unsigned char']],
+    'ContextRetained' : [ 0x3f, ['unsigned char']],
+    'CacheCoherent' : [ 0x40, ['unsigned char']],
+    'WakesSpuriously' : [ 0x41, ['unsigned char']],
+    'PlatformOnly' : [ 0x42, ['unsigned char']],
+    'NoCState' : [ 0x43, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_EX_HEAP_SESSION_STATE' : [ 0x1c80, {
+    'HeapManager' : [ 0x0, ['_RTLP_HP_HEAP_MANAGER']],
+    'PagedEnv' : [ 0x1c70, ['RTL_HP_ENV_HANDLE']],
+    'PagedHeap' : [ 0x1c78, ['pointer', ['_SEGMENT_HEAP']]],
+    'SpecialPoolHeap' : [ 0x1c7c, ['pointer', ['_SEGMENT_HEAP']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_24be' : [ 0x4, {
+    'Import' : [ 0x0, ['_IMAGE_IMPORT_CONTROL_TRANSFER_DYNAMIC_RELOCATION']],
+    'Indir' : [ 0x0, ['_IMAGE_INDIR_CONTROL_TRANSFER_DYNAMIC_RELOCATION']],
+    'SwitchJump' : [ 0x0, ['_IMAGE_SWITCHTABLE_BRANCH_DYNAMIC_RELOCATION']],
+} ],
+  '_RTL_RETPOLINE_RELOCATION_INDEX' : [ 0xc, {
+    'ImportRelocationSize' : [ 0x0, ['unsigned short']],
+    'IndirectRelocationSize' : [ 0x2, ['unsigned short']],
+    'SwitchJumpRelocationSize' : [ 0x4, ['unsigned short']],
+    'StraddleType' : [ 0x6, ['unsigned short']],
+    'StraddleReloc' : [ 0x8, ['__unnamed_24be']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_24c7' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsBootDriver' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_24c9' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_24c7']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0xb0, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x4, ['pointer', ['void']]],
+    'EtwHandlesListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_24c9']],
+    'Signature' : [ 0x14, ['unsigned long']],
+    'SeSigningLevel' : [ 0x18, ['unsigned char']],
+    'PoolPageHeaders' : [ 0x20, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x28, ['_SLIST_HEADER']],
+    'CurrentPagedPoolAllocations' : [ 0x30, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x34, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x38, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x3c, ['unsigned long']],
+    'PagedBytes' : [ 0x40, ['unsigned long']],
+    'NonPagedBytes' : [ 0x44, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x4c, ['unsigned long']],
+    'RaiseIrqls' : [ 0x50, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x54, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x58, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x5c, ['unsigned long']],
+    'AllocationsFailed' : [ 0x60, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x64, ['unsigned long']],
+    'LockedBytes' : [ 0x68, ['unsigned long']],
+    'PeakLockedBytes' : [ 0x6c, ['unsigned long']],
+    'MappedLockedBytes' : [ 0x70, ['unsigned long']],
+    'PeakMappedLockedBytes' : [ 0x74, ['unsigned long']],
+    'MappedIoSpaceBytes' : [ 0x78, ['unsigned long']],
+    'PeakMappedIoSpaceBytes' : [ 0x7c, ['unsigned long']],
+    'PagesForMdlBytes' : [ 0x80, ['unsigned long']],
+    'PeakPagesForMdlBytes' : [ 0x84, ['unsigned long']],
+    'ContiguousMemoryBytes' : [ 0x88, ['unsigned long']],
+    'PeakContiguousMemoryBytes' : [ 0x8c, ['unsigned long']],
+    'ContiguousMemoryListHead' : [ 0x90, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x98, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x9c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0xa0, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0xa4, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa8, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xac, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Luid' : [ 0x10, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x18, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x20, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x1c, {
+    'ProtosNode' : [ 0x0, ['_MI_PROTOTYPE_PTES_NODE']],
+    'DynamicRelocations' : [ 0x10, ['pointer', ['void']]],
+    'SecurityContext' : [ 0x14, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x18, ['unsigned long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderEnclaveMemory', 34: u'LoaderFirmwareKsr', 35: u'LoaderEnclaveKsr', 36: u'LoaderSkMemory', 37: u'LoaderSkFirmwareReserved', 38: u'LoaderIoSpaceMemoryZeroed', 39: u'LoaderIoSpaceMemoryFree', 40: u'LoaderIoSpaceMemoryKsr', 41: u'LoaderMaximum'})]],
+    'BasePage' : [ 0xc, ['unsigned long']],
+    'PageCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_RTL_BITMAP' : [ 0x8, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_DELAY_ACK_FO' : [ 0xc, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_WNF_SCOPE_MAP' : [ 0x48, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'SystemScopeInstance' : [ 0x4, ['pointer', ['_WNF_SCOPE_INSTANCE']]],
+    'MachineScopeInstance' : [ 0x8, ['pointer', ['_WNF_SCOPE_INSTANCE']]],
+    'ByDataScope' : [ 0xc, ['array', 5, ['_WNF_SCOPE_MAP_ENTRY']]],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x8, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x4, ['pointer', ['_HHIVE']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x10, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Processor' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SchedulerAssist' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Instrumented' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0xa0, {
+    'As32Bit' : [ 0x0, ['_PEBS_DS_SAVE_AREA32']],
+    'As64Bit' : [ 0x0, ['_PEBS_DS_SAVE_AREA64']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x10, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x28, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long']],
+    'DirtyPageThresholdTop' : [ 0x4, ['unsigned long']],
+    'DirtyPageThresholdBottom' : [ 0x8, ['unsigned long']],
+    'DirtyPageTarget' : [ 0xc, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x10, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x18, ['unsigned long long']],
+    'AvailableHistory' : [ 0x20, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x50, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0xc, ['pointer', ['_MDL']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Who' : [ 0x20, ['unsigned long']],
+    'Hash' : [ 0x24, ['unsigned long']],
+    'Page' : [ 0x28, ['unsigned long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'Process' : [ 0x4c, ['pointer', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x2cc, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+    'Dr0' : [ 0x4, ['unsigned long']],
+    'Dr1' : [ 0x8, ['unsigned long']],
+    'Dr2' : [ 0xc, ['unsigned long']],
+    'Dr3' : [ 0x10, ['unsigned long']],
+    'Dr6' : [ 0x14, ['unsigned long']],
+    'Dr7' : [ 0x18, ['unsigned long']],
+    'FloatSave' : [ 0x1c, ['_FLOATING_SAVE_AREA']],
+    'SegGs' : [ 0x8c, ['unsigned long']],
+    'SegFs' : [ 0x90, ['unsigned long']],
+    'SegEs' : [ 0x94, ['unsigned long']],
+    'SegDs' : [ 0x98, ['unsigned long']],
+    'Edi' : [ 0x9c, ['unsigned long']],
+    'Esi' : [ 0xa0, ['unsigned long']],
+    'Ebx' : [ 0xa4, ['unsigned long']],
+    'Edx' : [ 0xa8, ['unsigned long']],
+    'Ecx' : [ 0xac, ['unsigned long']],
+    'Eax' : [ 0xb0, ['unsigned long']],
+    'Ebp' : [ 0xb4, ['unsigned long']],
+    'Eip' : [ 0xb8, ['unsigned long']],
+    'SegCs' : [ 0xbc, ['unsigned long']],
+    'EFlags' : [ 0xc0, ['unsigned long']],
+    'Esp' : [ 0xc4, ['unsigned long']],
+    'SegSs' : [ 0xc8, ['unsigned long']],
+    'ExtendedRegisters' : [ 0xcc, ['array', 512, ['unsigned char']]],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_WNF_STATE_NAME_REGISTRATION' : [ 0xc, {
+    'MaxStateSize' : [ 0x0, ['unsigned long']],
+    'TypeId' : [ 0x4, ['pointer', ['_WNF_TYPE_ID']]],
+    'SecurityDescriptor' : [ 0x8, ['pointer', ['_SECURITY_DESCRIPTOR']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0x80, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0xc, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x2c, ['unsigned long']],
+    'TraceDb' : [ 0x30, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x10, {
+    'Handles' : [ 0x0, ['pointer', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  'HAL_PRIVATE_DISPATCH' : [ 0x250, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'HalHandlerForBus' : [ 0x4, ['pointer', ['void']]],
+    'HalHandlerForConfigSpace' : [ 0x8, ['pointer', ['void']]],
+    'HalLocateHiberRanges' : [ 0xc, ['pointer', ['void']]],
+    'HalRegisterBusHandler' : [ 0x10, ['pointer', ['void']]],
+    'HalSetWakeEnable' : [ 0x14, ['pointer', ['void']]],
+    'HalSetWakeAlarm' : [ 0x18, ['pointer', ['void']]],
+    'HalPciTranslateBusAddress' : [ 0x1c, ['pointer', ['void']]],
+    'HalPciAssignSlotResources' : [ 0x20, ['pointer', ['void']]],
+    'HalHaltSystem' : [ 0x24, ['pointer', ['void']]],
+    'HalFindBusAddressTranslation' : [ 0x28, ['pointer', ['void']]],
+    'HalResetDisplay' : [ 0x2c, ['pointer', ['void']]],
+    'HalAllocateMapRegisters' : [ 0x30, ['pointer', ['void']]],
+    'KdSetupPciDeviceForDebugging' : [ 0x34, ['pointer', ['void']]],
+    'KdReleasePciDeviceForDebugging' : [ 0x38, ['pointer', ['void']]],
+    'KdGetAcpiTablePhase0' : [ 0x3c, ['pointer', ['void']]],
+    'KdCheckPowerButton' : [ 0x40, ['pointer', ['void']]],
+    'HalVectorToIDTEntry' : [ 0x44, ['pointer', ['void']]],
+    'KdMapPhysicalMemory64' : [ 0x48, ['pointer', ['void']]],
+    'KdUnmapVirtualAddress' : [ 0x4c, ['pointer', ['void']]],
+    'KdGetPciDataByOffset' : [ 0x50, ['pointer', ['void']]],
+    'KdSetPciDataByOffset' : [ 0x54, ['pointer', ['void']]],
+    'HalGetInterruptVectorOverride' : [ 0x58, ['pointer', ['void']]],
+    'HalGetVectorInputOverride' : [ 0x5c, ['pointer', ['void']]],
+    'HalLoadMicrocode' : [ 0x60, ['pointer', ['void']]],
+    'HalUnloadMicrocode' : [ 0x64, ['pointer', ['void']]],
+    'HalPostMicrocodeUpdate' : [ 0x68, ['pointer', ['void']]],
+    'HalAllocateMessageTargetOverride' : [ 0x6c, ['pointer', ['void']]],
+    'HalFreeMessageTargetOverride' : [ 0x70, ['pointer', ['void']]],
+    'HalDpReplaceBegin' : [ 0x74, ['pointer', ['void']]],
+    'HalDpReplaceTarget' : [ 0x78, ['pointer', ['void']]],
+    'HalDpReplaceControl' : [ 0x7c, ['pointer', ['void']]],
+    'HalDpReplaceEnd' : [ 0x80, ['pointer', ['void']]],
+    'HalPrepareForBugcheck' : [ 0x84, ['pointer', ['void']]],
+    'HalQueryWakeTime' : [ 0x88, ['pointer', ['void']]],
+    'HalReportIdleStateUsage' : [ 0x8c, ['pointer', ['void']]],
+    'HalTscSynchronization' : [ 0x90, ['pointer', ['void']]],
+    'HalWheaInitProcessorGenericSection' : [ 0x94, ['pointer', ['void']]],
+    'HalStopLegacyUsbInterrupts' : [ 0x98, ['pointer', ['void']]],
+    'HalReadWheaPhysicalMemory' : [ 0x9c, ['pointer', ['void']]],
+    'HalWriteWheaPhysicalMemory' : [ 0xa0, ['pointer', ['void']]],
+    'HalDpMaskLevelTriggeredInterrupts' : [ 0xa4, ['pointer', ['void']]],
+    'HalDpUnmaskLevelTriggeredInterrupts' : [ 0xa8, ['pointer', ['void']]],
+    'HalDpGetInterruptReplayState' : [ 0xac, ['pointer', ['void']]],
+    'HalDpReplayInterrupts' : [ 0xb0, ['pointer', ['void']]],
+    'HalQueryIoPortAccessSupported' : [ 0xb4, ['pointer', ['void']]],
+    'KdSetupIntegratedDeviceForDebugging' : [ 0xb8, ['pointer', ['void']]],
+    'KdReleaseIntegratedDeviceForDebugging' : [ 0xbc, ['pointer', ['void']]],
+    'HalGetEnlightenmentInformation' : [ 0xc0, ['pointer', ['void']]],
+    'HalAllocateEarlyPages' : [ 0xc4, ['pointer', ['void']]],
+    'HalMapEarlyPages' : [ 0xc8, ['pointer', ['void']]],
+    'Dummy1' : [ 0xcc, ['pointer', ['void']]],
+    'Dummy2' : [ 0xd0, ['pointer', ['void']]],
+    'HalNotifyProcessorFreeze' : [ 0xd4, ['pointer', ['void']]],
+    'HalPrepareProcessorForIdle' : [ 0xd8, ['pointer', ['void']]],
+    'HalRegisterLogRoutine' : [ 0xdc, ['pointer', ['void']]],
+    'HalResumeProcessorFromIdle' : [ 0xe0, ['pointer', ['void']]],
+    'Dummy' : [ 0xe4, ['pointer', ['void']]],
+    'HalVectorToIDTEntryEx' : [ 0xe8, ['pointer', ['void']]],
+    'HalSecondaryInterruptQueryPrimaryInformation' : [ 0xec, ['pointer', ['void']]],
+    'HalMaskInterrupt' : [ 0xf0, ['pointer', ['void']]],
+    'HalUnmaskInterrupt' : [ 0xf4, ['pointer', ['void']]],
+    'HalIsInterruptTypeSecondary' : [ 0xf8, ['pointer', ['void']]],
+    'HalAllocateGsivForSecondaryInterrupt' : [ 0xfc, ['pointer', ['void']]],
+    'HalAddInterruptRemapping' : [ 0x100, ['pointer', ['void']]],
+    'HalRemoveInterruptRemapping' : [ 0x104, ['pointer', ['void']]],
+    'HalSaveAndDisableHvEnlightenment' : [ 0x108, ['pointer', ['void']]],
+    'HalRestoreHvEnlightenment' : [ 0x10c, ['pointer', ['void']]],
+    'HalFlushIoBuffersExternalCache' : [ 0x110, ['pointer', ['void']]],
+    'HalFlushExternalCache' : [ 0x114, ['pointer', ['void']]],
+    'HalPciEarlyRestore' : [ 0x118, ['pointer', ['void']]],
+    'HalGetProcessorId' : [ 0x11c, ['pointer', ['void']]],
+    'HalAllocatePmcCounterSet' : [ 0x120, ['pointer', ['void']]],
+    'HalCollectPmcCounters' : [ 0x124, ['pointer', ['void']]],
+    'HalFreePmcCounterSet' : [ 0x128, ['pointer', ['void']]],
+    'HalProcessorHalt' : [ 0x12c, ['pointer', ['void']]],
+    'HalTimerQueryCycleCounter' : [ 0x130, ['pointer', ['void']]],
+    'Dummy3' : [ 0x134, ['pointer', ['void']]],
+    'HalPciMarkHiberPhase' : [ 0x138, ['pointer', ['void']]],
+    'HalQueryProcessorRestartEntryPoint' : [ 0x13c, ['pointer', ['void']]],
+    'HalRequestInterrupt' : [ 0x140, ['pointer', ['void']]],
+    'HalEnumerateUnmaskedInterrupts' : [ 0x144, ['pointer', ['void']]],
+    'HalFlushAndInvalidatePageExternalCache' : [ 0x148, ['pointer', ['void']]],
+    'KdEnumerateDebuggingDevices' : [ 0x14c, ['pointer', ['void']]],
+    'HalFlushIoRectangleExternalCache' : [ 0x150, ['pointer', ['void']]],
+    'HalPowerEarlyRestore' : [ 0x154, ['pointer', ['void']]],
+    'HalQueryCapsuleCapabilities' : [ 0x158, ['pointer', ['void']]],
+    'HalUpdateCapsule' : [ 0x15c, ['pointer', ['void']]],
+    'HalPciMultiStageResumeCapable' : [ 0x160, ['pointer', ['void']]],
+    'HalDmaFreeCrashDumpRegisters' : [ 0x164, ['pointer', ['void']]],
+    'HalAcpiAoacCapable' : [ 0x168, ['pointer', ['void']]],
+    'HalInterruptSetDestination' : [ 0x16c, ['pointer', ['void']]],
+    'HalGetClockConfiguration' : [ 0x170, ['pointer', ['void']]],
+    'HalClockTimerActivate' : [ 0x174, ['pointer', ['void']]],
+    'HalClockTimerInitialize' : [ 0x178, ['pointer', ['void']]],
+    'HalClockTimerStop' : [ 0x17c, ['pointer', ['void']]],
+    'HalClockTimerArm' : [ 0x180, ['pointer', ['void']]],
+    'HalTimerOnlyClockInterruptPending' : [ 0x184, ['pointer', ['void']]],
+    'HalAcpiGetMultiNode' : [ 0x188, ['pointer', ['void']]],
+    'HalPowerSetRebootHandler' : [ 0x18c, ['pointer', ['void']]],
+    'HalIommuRegisterDispatchTable' : [ 0x190, ['pointer', ['void']]],
+    'HalTimerWatchdogStart' : [ 0x194, ['pointer', ['void']]],
+    'HalTimerWatchdogResetCountdown' : [ 0x198, ['pointer', ['void']]],
+    'HalTimerWatchdogStop' : [ 0x19c, ['pointer', ['void']]],
+    'HalTimerWatchdogGeneratedLastReset' : [ 0x1a0, ['pointer', ['void']]],
+    'HalTimerWatchdogTriggerSystemReset' : [ 0x1a4, ['pointer', ['void']]],
+    'HalInterruptVectorDataToGsiv' : [ 0x1a8, ['pointer', ['void']]],
+    'HalInterruptGetHighestPriorityInterrupt' : [ 0x1ac, ['pointer', ['void']]],
+    'HalProcessorOn' : [ 0x1b0, ['pointer', ['void']]],
+    'HalProcessorOff' : [ 0x1b4, ['pointer', ['void']]],
+    'HalProcessorFreeze' : [ 0x1b8, ['pointer', ['void']]],
+    'HalDmaLinkDeviceObjectByToken' : [ 0x1bc, ['pointer', ['void']]],
+    'HalDmaCheckAdapterToken' : [ 0x1c0, ['pointer', ['void']]],
+    'Dummy4' : [ 0x1c4, ['pointer', ['void']]],
+    'HalTimerConvertPerformanceCounterToAuxiliaryCounter' : [ 0x1c8, ['pointer', ['void']]],
+    'HalTimerConvertAuxiliaryCounterToPerformanceCounter' : [ 0x1cc, ['pointer', ['void']]],
+    'HalTimerQueryAuxiliaryCounterFrequency' : [ 0x1d0, ['pointer', ['void']]],
+    'HalConnectThermalInterrupt' : [ 0x1d4, ['pointer', ['void']]],
+    'HalIsEFIRuntimeActive' : [ 0x1d8, ['pointer', ['void']]],
+    'HalTimerQueryAndResetRtcErrors' : [ 0x1dc, ['pointer', ['void']]],
+    'HalAcpiLateRestore' : [ 0x1e0, ['pointer', ['void']]],
+    'KdWatchdogDelayExpiration' : [ 0x1e4, ['pointer', ['void']]],
+    'HalGetProcessorStats' : [ 0x1e8, ['pointer', ['void']]],
+    'HalTimerWatchdogQueryDueTime' : [ 0x1ec, ['pointer', ['void']]],
+    'HalConnectSyntheticInterrupt' : [ 0x1f0, ['pointer', ['void']]],
+    'HalPreprocessNmi' : [ 0x1f4, ['pointer', ['void']]],
+    'HalEnumerateEnvironmentVariablesWithFilter' : [ 0x1f8, ['pointer', ['void']]],
+    'HalCaptureLastBranchRecordStack' : [ 0x1fc, ['pointer', ['void']]],
+    'HalClearLastBranchRecordStack' : [ 0x200, ['pointer', ['void']]],
+    'HalConfigureLastBranchRecord' : [ 0x204, ['pointer', ['void']]],
+    'HalGetLastBranchInformation' : [ 0x208, ['pointer', ['void']]],
+    'HalResumeLastBranchRecord' : [ 0x20c, ['pointer', ['void']]],
+    'HalStartLastBranchRecord' : [ 0x210, ['pointer', ['void']]],
+    'HalStopLastBranchRecord' : [ 0x214, ['pointer', ['void']]],
+    'HalIommuBlockDevice' : [ 0x218, ['pointer', ['void']]],
+    'HalIommuUnblockDevice' : [ 0x21c, ['pointer', ['void']]],
+    'HalGetIommuInterface' : [ 0x220, ['pointer', ['void']]],
+    'HalRequestGenericErrorRecovery' : [ 0x224, ['pointer', ['void']]],
+    'HalTimerQueryHostPerformanceCounter' : [ 0x228, ['pointer', ['void']]],
+    'HalTopologyQueryProcessorRelationships' : [ 0x22c, ['pointer', ['void']]],
+    'HalInitPlatformDebugTriggers' : [ 0x230, ['pointer', ['void']]],
+    'HalRunPlatformDebugTriggers' : [ 0x234, ['pointer', ['void']]],
+    'HalTimerGetReferencePage' : [ 0x238, ['pointer', ['void']]],
+    'HalGetHiddenProcessorPowerInterface' : [ 0x23c, ['pointer', ['void']]],
+    'HalGetHiddenProcessorPackageId' : [ 0x240, ['pointer', ['void']]],
+    'HalGetHiddenPackageProcessorCount' : [ 0x244, ['pointer', ['void']]],
+    'HalGetHiddenProcessorApicIdByIndex' : [ 0x248, ['pointer', ['void']]],
+    'HalRegisterHiddenProcessorIdleState' : [ 0x24c, ['pointer', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_WNF_STATE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'AllocatedSize' : [ 0x4, ['unsigned long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'ChangeStamp' : [ 0xc, ['unsigned long']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x10, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '__unnamed_2645' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2647' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2645']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2647']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long']],
+    'NumberOfProcessReferences' : [ 0x4, ['unsigned long']],
+    'ClonePtes' : [ 0x8, ['pointer', ['_MMCLONE_BLOCK']]],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x4e40, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x80, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x200, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x25c, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x1290, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x1300, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1480, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x3bc0, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0x3be0, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0x3bf8, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x3c30, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x3c78, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x3d40, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x3dc0, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x3e50, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x3ec0, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x4040, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x4080, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x40b8, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x4100, ['_MI_SYSTEM_TRIM_STATE']],
+    'Cookie' : [ 0x4140, ['unsigned long']],
+    'BootRegistryRuns' : [ 0x4144, ['pointer', ['pointer', ['void']]]],
+    'ZeroingDisabled' : [ 0x4148, ['long']],
+    'FullyInitialized' : [ 0x414c, ['unsigned char']],
+    'SafeBooted' : [ 0x414d, ['unsigned char']],
+    'PfnBitMap' : [ 0x4150, ['_RTL_BITMAP']],
+    'TraceLogging' : [ 0x4158, ['pointer', ['_TlgProvider_t']]],
+    'Vs' : [ 0x4180, ['_MI_VISIBLE_STATE']],
+} ],
+  '_CMSI_RW_LOCK' : [ 0x4, {
+    'Reserved' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x40, {
+    'ProcessorBuffers' : [ 0x0, ['pointer', ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x4, ['pointer', ['unsigned long long']]],
+    'QpcDelta' : [ 0x8, ['pointer', ['long long']]],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0xc00, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long']],
+    'HighestPhysicalPage' : [ 0x4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x8, ['unsigned long']],
+    'NumberOfPagingFiles' : [ 0xc, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x10, ['unsigned char']],
+    'PagingFile' : [ 0x14, ['array', 16, ['pointer', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0x80, ['unsigned long']],
+    'ResidentAvailablePages' : [ 0xc0, ['unsigned long']],
+    'PartitionWs' : [ 0x100, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x164, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x17c, ['unsigned long']],
+    'ModifiedPageListHead' : [ 0x180, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x1c0, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x1d4, ['unsigned long']],
+    'TotalPagesForPagingFile' : [ 0x1d8, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x1dc, ['unsigned long']],
+    'ProcessLockedFilePages' : [ 0x1e0, ['unsigned long']],
+    'SharedCommit' : [ 0x1e4, ['unsigned long']],
+    'SlabAllocatorPages' : [ 0x1e8, ['unsigned long']],
+    'ChargeCommitmentFailures' : [ 0x1ec, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x1fc, ['long']],
+    'PageFileTraces' : [ 0x200, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x24, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'NextId' : [ 0x8, ['unsigned long']],
+    'Items' : [ 0xc, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x14, ['_KEVENT']],
+} ],
+  '_ETW_DECODE_CONTROL_ENTRY' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'Decode' : [ 0x4, ['_GUID']],
+    'Control' : [ 0x14, ['_GUID']],
+    'ConsumersNotified' : [ 0x24, ['unsigned char']],
+} ],
+  '__unnamed_2683' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2685' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2683']],
+} ],
+  '__unnamed_2687' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_2685']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2687']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x1000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_268f' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_268f']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x8, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_269a' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x18, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long']],
+    'NodeCount' : [ 0x4, ['unsigned long']],
+    'Tables' : [ 0x8, ['pointer', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0xc, ['unsigned long']],
+    'UseSessionId' : [ 0x10, ['unsigned char']],
+    'u1' : [ 0x14, ['__unnamed_269a']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x10, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x4, ['pointer', ['void']]],
+    'AcquireForReadAhead' : [ 0x8, ['pointer', ['void']]],
+    'ReleaseFromReadAhead' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x100, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0x80, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x68, {
+    'SystemDllBase' : [ 0x0, ['pointer', ['void']]],
+    'ColorSeed' : [ 0x4, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0x8, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x20, ['array', 2, ['pointer', ['_MMPTE']]]],
+    'HypervisorSharedVa' : [ 0x28, ['pointer', ['void']]],
+    'VadSecureCookie' : [ 0x2c, ['unsigned long']],
+    'PaeGroups' : [ 0x30, ['unsigned long']],
+    'FreePaeEntries' : [ 0x34, ['unsigned long']],
+    'FirstFreePae' : [ 0x38, ['_PAE_ENTRY']],
+    'AllocatedPaePages' : [ 0x58, ['long']],
+    'PaeLock' : [ 0x5c, ['unsigned long']],
+    'PaeEntrySList' : [ 0x60, ['_SLIST_HEADER']],
+} ],
+  '_KIDTENTRY' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'Access' : [ 0x4, ['unsigned short']],
+    'ExtendedOffset' : [ 0x6, ['unsigned short']],
+} ],
+  '_IO_TIMER' : [ 0x18, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x4, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x8, {
+    'ExceptionRecord' : [ 0x0, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x4, ['pointer', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long']],
+    'PipelinedReadAheadRequestSize' : [ 0x54, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x58, ['unsigned long']],
+    'PrivateLinks' : [ 0x5c, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x168, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x8, ['long']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'RegListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x24, ['pointer', ['void']]],
+    'LastEnable' : [ 0x28, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x28, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x38, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x58, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x158, ['pointer', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x15c, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'Lock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x164, ['pointer', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0xac, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x4, ['pointer', ['_KEVENT']]],
+    'Name' : [ 0x8, ['pointer', ['wchar']]],
+    'OrderingName' : [ 0xc, ['pointer', ['wchar']]],
+    'ResourceType' : [ 0x10, ['long']],
+    'Allocation' : [ 0x14, ['pointer', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x18, ['pointer', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x1c, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x24, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x2c, ['long']],
+    'Interface' : [ 0x30, ['pointer', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x34, ['unsigned long']],
+    'AllocationStack' : [ 0x38, ['pointer', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x3c, ['pointer', ['void']]],
+    'PackResource' : [ 0x40, ['pointer', ['void']]],
+    'UnpackResource' : [ 0x44, ['pointer', ['void']]],
+    'ScoreRequirement' : [ 0x48, ['pointer', ['void']]],
+    'TestAllocation' : [ 0x4c, ['pointer', ['void']]],
+    'RetestAllocation' : [ 0x50, ['pointer', ['void']]],
+    'CommitAllocation' : [ 0x54, ['pointer', ['void']]],
+    'RollbackAllocation' : [ 0x58, ['pointer', ['void']]],
+    'BootAllocation' : [ 0x5c, ['pointer', ['void']]],
+    'QueryArbitrate' : [ 0x60, ['pointer', ['void']]],
+    'QueryConflict' : [ 0x64, ['pointer', ['void']]],
+    'AddReserved' : [ 0x68, ['pointer', ['void']]],
+    'StartArbiter' : [ 0x6c, ['pointer', ['void']]],
+    'PreprocessEntry' : [ 0x70, ['pointer', ['void']]],
+    'AllocateEntry' : [ 0x74, ['pointer', ['void']]],
+    'GetNextAllocationRange' : [ 0x78, ['pointer', ['void']]],
+    'FindSuitableRange' : [ 0x7c, ['pointer', ['void']]],
+    'AddAllocation' : [ 0x80, ['pointer', ['void']]],
+    'BacktrackAllocation' : [ 0x84, ['pointer', ['void']]],
+    'OverrideConflict' : [ 0x88, ['pointer', ['void']]],
+    'InitializeRangeList' : [ 0x8c, ['pointer', ['void']]],
+    'DeleteOwnerRanges' : [ 0x90, ['pointer', ['void']]],
+    'TransactionInProgress' : [ 0x94, ['unsigned char']],
+    'TransactionEvent' : [ 0x98, ['pointer', ['_KEVENT']]],
+    'Extension' : [ 0x9c, ['pointer', ['void']]],
+    'BusDeviceObject' : [ 0xa0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0xa4, ['pointer', ['void']]],
+    'ConflictCallback' : [ 0xa8, ['pointer', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x3c, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0xc, ['pointer', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x10, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x11, ['unsigned char']],
+    'ServerIsRemote' : [ 0x12, ['unsigned char']],
+    'ClientTokenControl' : [ 0x14, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x40, {
+    'Address' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0xc, ['array', 13, ['pointer', ['void']]]],
+} ],
+  '_RTLP_HP_HEAP_GLOBALS' : [ 0x1c, {
+    'HeapKey' : [ 0x0, ['unsigned long']],
+    'LfhKey' : [ 0x4, ['unsigned long']],
+    'FailureInfo' : [ 0x8, ['pointer', ['_HEAP_FAILURE_INFORMATION']]],
+    'CommitLimitData' : [ 0xc, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0x5c, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'LoadLockOwner' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'LoadLockCount' : [ 0x10, ['unsigned long']],
+    'FixupLock' : [ 0x14, ['long']],
+    'FirstLoadEver' : [ 0x18, ['unsigned char']],
+    'LargePageAll' : [ 0x19, ['unsigned char']],
+    'LastPage' : [ 0x1c, ['unsigned long']],
+    'LargePageList' : [ 0x20, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x28, ['_LIST_ENTRY']],
+    'BeingDeleted' : [ 0x30, ['pointer', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x38, ['array', 2, ['pointer', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x40, ['unsigned long']],
+    'PageCounts' : [ 0x44, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0x54, ['_EX_PUSH_LOCK']],
+    'ImageTree' : [ 0x58, ['_RTL_AVL_TREE']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x24, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_HEAP_VS_DELAY_FREE_CONTEXT' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x44, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x18, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x1c, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x20, ['pointer', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Lock' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x2c, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x30, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x31, ['unsigned char']],
+    'LightestSleepState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x38, ['pointer', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x3c, ['unsigned char']],
+    'DeleteType' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x18, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x4, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0xc, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x28, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x8, ['unsigned long']],
+    'SyncCallback' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 12, native_type='unsigned long')]],
+    'NumberOfRemapPages' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'DeviceContext' : [ 0x14, ['pointer', ['void']]],
+    'NumberOfMapRegisters' : [ 0x18, ['unsigned long']],
+    'DeviceObject' : [ 0x1c, ['pointer', ['void']]],
+    'CurrentIrp' : [ 0x20, ['pointer', ['void']]],
+    'BufferChainingDpc' : [ 0x24, ['pointer', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x4, {
+    'Head' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'ActiveCount' : [ 0x8, ['unsigned long']],
+    'PendingNullCount' : [ 0xc, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x10, ['unsigned long']],
+    'PendingDelete' : [ 0x14, ['unsigned long']],
+    'FreeListHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x1c, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x20, ['pointer', ['void']]],
+    'Entry' : [ 0x24, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x80, {
+    'DriverInit' : [ 0x0, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x4, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x8, ['pointer', ['void']]],
+    'AddDevice' : [ 0xc, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x10, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x38, {
+    'PartitionLock' : [ 0x0, ['unsigned long']],
+    'PartitionIdLock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x8, ['unsigned long long']],
+    'PartitionList' : [ 0x10, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x18, ['pointer', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x1c, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x24, ['array', 1, ['pointer', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x28, ['pointer', ['pointer', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x2c, ['unsigned long']],
+    'CrossPartitionDenials' : [ 0x30, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x34, ['unsigned char']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x3a0, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+    'State' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+    'Removing' : [ 0x22, ['unsigned char']],
+    'Mode' : [ 0x23, ['unsigned char']],
+    'PendingMode' : [ 0x24, ['unsigned char']],
+    'ActivePoint' : [ 0x25, ['unsigned char']],
+    'PendingActivePoint' : [ 0x26, ['unsigned char']],
+    'Critical' : [ 0x27, ['unsigned char']],
+    'ThermalStandby' : [ 0x28, ['unsigned char']],
+    'OverThrottled' : [ 0x29, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x2c, ['long']],
+    'Throttle' : [ 0x30, ['long']],
+    'PendingThrottle' : [ 0x34, ['long']],
+    'ThrottleReasons' : [ 0x38, ['unsigned long']],
+    'LastPassiveTime' : [ 0x40, ['unsigned long long']],
+    'SampleRate' : [ 0x48, ['unsigned long']],
+    'LastTemp' : [ 0x4c, ['unsigned long']],
+    'Info' : [ 0x50, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xac, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xc4, ['unsigned char']],
+    'PollingRate' : [ 0xc8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xd0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xd8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0xe0, ['unsigned long long']],
+    'WorkItem' : [ 0xe8, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0xf8, ['_KTIMER2']],
+    'Lock' : [ 0x150, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x158, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x168, ['_KEVENT']],
+    'InstanceId' : [ 0x178, ['unsigned long']],
+    'TelemetryTracker' : [ 0x180, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x398, ['_UNICODE_STRING']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x288, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '__unnamed_277d' : [ 0x4, {
+    'Bus' : [ 0x0, ['unsigned char']],
+    'Device' : [ 0x1, ['unsigned char']],
+    'Function' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_277f' : [ 0x2, {
+    'SecondaryBus' : [ 0x0, ['unsigned char']],
+    'SubordinateBus' : [ 0x1, ['unsigned char']],
+} ],
+  '_PCI_BUSMASTER_DESCRIPTOR' : [ 0xc, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusmasterRidFromDeviceRid', 1: u'BusmasterRidFromBridgeRid', 2: u'BusmasterRidFromMultipleBridges'})]],
+    'Segment' : [ 0x4, ['unsigned long']],
+    'DeviceRid' : [ 0x8, ['__unnamed_277d']],
+    'BridgeRid' : [ 0x8, ['__unnamed_277d']],
+    'MultipleBridges' : [ 0x8, ['__unnamed_277f']],
+} ],
+  '_HVP_VIEW_MAP' : [ 0x28, {
+    'SectionReference' : [ 0x0, ['pointer', ['void']]],
+    'StorageEndFileOffset' : [ 0x8, ['long long']],
+    'SectionEndFileOffset' : [ 0x10, ['long long']],
+    'ProcessTuple' : [ 0x18, ['pointer', ['_CMSI_PROCESS_TUPLE']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'ViewTree' : [ 0x20, ['_RTL_RB_TREE']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UserModeOnly' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoInherit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CheckVad' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x8, {
+    'ActiveThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'WaitList' : [ 0x4, ['pointer', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'BusExtension' : [ 0x4, ['pointer', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HAL_LOG_REGISTER_CONTEXT' : [ 0x8, {
+    'LogRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Flag' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_OBJECT_LIST_ENTRY' : [ 0x10, {
+    'DeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'RELATION_LEVEL_REMOVE_EJECT', 1: u'RELATION_LEVEL_DEPENDENT', 2: u'RELATION_LEVEL_DIRECT_DESCENDANT'})]],
+    'Ordinal' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x10, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'SidCount' : [ 0x8, ['unsigned long']],
+    'SidValuesStart' : [ 0xc, ['unsigned long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'DontUse0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'PointerProtoPte' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x10, {
+    'RunRefs' : [ 0x0, ['pointer', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x4, ['pointer', ['void']]],
+    'RunRefSize' : [ 0x8, ['unsigned long']],
+    'Number' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x4, {
+    'Function' : [ 0x0, ['pointer', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_27bd' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_27bf' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_27bd']],
+    'Private' : [ 0x0, ['__unnamed_27bf']],
+} ],
+  '_MM_SHARED_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysClear' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'HotPatchAllowed' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+} ],
+  '_CM_TRANS_PTR' : [ 0x4, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'TransPtr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_CM_WORKITEM' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x8, ['unsigned long']],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Parameter' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH' : [ 0x10, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x8, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0xc, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0x70, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x4, ['pointer', ['void']]],
+    'FastIoRead' : [ 0x8, ['pointer', ['void']]],
+    'FastIoWrite' : [ 0xc, ['pointer', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x10, ['pointer', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x14, ['pointer', ['void']]],
+    'FastIoLock' : [ 0x18, ['pointer', ['void']]],
+    'FastIoUnlockSingle' : [ 0x1c, ['pointer', ['void']]],
+    'FastIoUnlockAll' : [ 0x20, ['pointer', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x24, ['pointer', ['void']]],
+    'FastIoDeviceControl' : [ 0x28, ['pointer', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x2c, ['pointer', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x30, ['pointer', ['void']]],
+    'FastIoDetachDevice' : [ 0x34, ['pointer', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x38, ['pointer', ['void']]],
+    'AcquireForModWrite' : [ 0x3c, ['pointer', ['void']]],
+    'MdlRead' : [ 0x40, ['pointer', ['void']]],
+    'MdlReadComplete' : [ 0x44, ['pointer', ['void']]],
+    'PrepareMdlWrite' : [ 0x48, ['pointer', ['void']]],
+    'MdlWriteComplete' : [ 0x4c, ['pointer', ['void']]],
+    'FastIoReadCompressed' : [ 0x50, ['pointer', ['void']]],
+    'FastIoWriteCompressed' : [ 0x54, ['pointer', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0x58, ['pointer', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0x5c, ['pointer', ['void']]],
+    'FastIoQueryOpen' : [ 0x60, ['pointer', ['void']]],
+    'ReleaseForModWrite' : [ 0x64, ['pointer', ['void']]],
+    'AcquireForCcFlush' : [ 0x68, ['pointer', ['void']]],
+    'ReleaseForCcFlush' : [ 0x6c, ['pointer', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ProcessorOnly' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x1c, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x8, ['unsigned long']],
+    'VolumeKey' : [ 0xc, ['unsigned long']],
+    'Rundown' : [ 0x10, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x14, ['pointer', ['void']]],
+    'VolumeIoAttribution' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_RTL_HP_LFH_CONFIG' : [ 0x4, {
+    'MaxBlockSize' : [ 0x0, ['unsigned short']],
+    'WitholdPageCrossingBlocks' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DisableRandomization' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x8, {
+    'Port' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x8, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'Flags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0x6, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_HEAP_LFH_AFFINITY_SLOT' : [ 0x20, {
+    'State' : [ 0x0, ['_HEAP_LFH_SUBSEGMENT_OWNER']],
+    'ActiveSubsegment' : [ 0x1c, ['_HEAP_LFH_FAST_REF']],
+} ],
+  '_POOL_DESCRIPTOR' : [ 0x100, {
+    'PoolType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'RunningAllocs' : [ 0x40, ['long']],
+    'PagesAllocated' : [ 0x44, ['unsigned long']],
+    'BigPagesAllocated' : [ 0x48, ['unsigned long']],
+    'BytesAllocated' : [ 0x4c, ['unsigned long']],
+    'RunningDeallocs' : [ 0x80, ['long']],
+    'PagesDeallocated' : [ 0x84, ['unsigned long']],
+    'BigPagesDeallocated' : [ 0x88, ['unsigned long']],
+    'BytesDeallocated' : [ 0x8c, ['unsigned long']],
+    'PoolIndex' : [ 0xc0, ['unsigned long']],
+} ],
+  '_IMAGE_OPTIONAL_HEADER' : [ 0xe0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'ImageBase' : [ 0x1c, ['unsigned long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long']],
+    'SizeOfStackCommit' : [ 0x4c, ['unsigned long']],
+    'SizeOfHeapReserve' : [ 0x50, ['unsigned long']],
+    'SizeOfHeapCommit' : [ 0x54, ['unsigned long']],
+    'LoaderFlags' : [ 0x58, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x5c, ['unsigned long']],
+    'DataDirectory' : [ 0x60, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x4, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x8, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x14, ['unsigned long']],
+    'PagingCount' : [ 0x18, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x1c, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KPRCBFLAG' : [ 0x4, {
+    'PrcbFlags' : [ 0x0, ['long']],
+    'BamQosLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'PendingQosUpdate' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PrcbFlagsReserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2840' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2842' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x10, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0xc, ['__unnamed_2840']],
+    'Button' : [ 0xc, ['__unnamed_2842']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0xc, ['pointer', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x14, ['unsigned long']],
+    'Buckets' : [ 0x18, ['array', 1, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x58, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x10, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x28, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x38, ['long long']],
+    'Callback' : [ 0x40, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x44, ['pointer', ['void']]],
+    'DisableCallback' : [ 0x48, ['pointer', ['void']]],
+    'DisableContext' : [ 0x4c, ['pointer', ['void']]],
+    'AbsoluteSystemTime' : [ 0x50, ['unsigned char']],
+    'TypeFlags' : [ 0x51, ['unsigned char']],
+    'Unused' : [ 0x51, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x51, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x51, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x51, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Unused1' : [ 0x51, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x52, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x1034, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'CodePageEdited' : [ 0x14, ['unsigned char']],
+    'VaReferenceCount' : [ 0x18, ['array', 1024, ['long']]],
+    'DynamicPtesBitBuffer' : [ 0x1018, ['pointer', ['unsigned long']]],
+    'IdLock' : [ 0x101c, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x1020, ['pointer', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x1024, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x1028, ['pointer', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x102c, ['pointer', ['void']]],
+    'SessionCore' : [ 0x1030, ['pointer', ['void']]],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x338, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+    'EnabledUserVisibleSupervisorFeatures' : [ 0x330, ['unsigned long long']],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer', ['void']]],
+    'CallbackContext' : [ 0xc, ['pointer', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'AccessMask' : [ 0x18, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x180, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x4, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'UnusedSegmentPagedPool' : [ 0xc, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x10, ['unsigned long']],
+    'HighSectionBase' : [ 0x14, ['pointer', ['void']]],
+    'PhysicalSubsection' : [ 0x18, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0x70, ['_CONTROL_AREA']],
+    'PurgingExtentPages' : [ 0xc0, ['_MMPFNLIST']],
+    'DanglingExtentPages' : [ 0xd4, ['pointer', ['_MMPFN']]],
+    'DanglingExtentsWorkItem' : [ 0xd8, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsDeletionWaitList' : [ 0xe8, ['_MI_EXTENT_DELETION_WAIT_BLOCK']],
+    'FileOnlyMemoryPfnsCreated' : [ 0xfc, ['unsigned char']],
+    'DanglingExtentsWorkerActive' : [ 0xfd, ['unsigned char']],
+    'PurgingExtentsNeedWatchdog' : [ 0xfe, ['unsigned char']],
+    'PrototypePtesTree' : [ 0x100, ['_RTL_AVL_TREE']],
+    'PrototypePtesTreeSpinLock' : [ 0x104, ['long']],
+    'RelocateBitmapsLock' : [ 0x108, ['_EX_PUSH_LOCK']],
+    'ImageBitMapNative' : [ 0x10c, ['_RTL_BITMAP']],
+    'ImageBiasNative' : [ 0x114, ['unsigned long']],
+    'OverflowArea' : [ 0x118, ['_MI_DLL_OVERFLOW_AREA']],
+    'ApiSetSection' : [ 0x120, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x124, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0x128, ['unsigned long']],
+    'LostDataFiles' : [ 0x12c, ['unsigned long']],
+    'LostDataPages' : [ 0x130, ['unsigned long']],
+    'ImageFailureReason' : [ 0x134, ['unsigned long']],
+    'CfgBitMapSection' : [ 0x138, ['pointer', ['_SECTION']]],
+    'CfgBitMapControlArea' : [ 0x13c, ['pointer', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x140, ['unsigned long']],
+    'ImageBreakpointEnabled' : [ 0x144, ['unsigned long']],
+    'ImageBreakpointChecksum' : [ 0x148, ['unsigned long']],
+    'ImageBreakpointSize' : [ 0x14c, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x150, ['long']],
+    'ImageExtentTree' : [ 0x154, ['_RTL_AVL_TREE']],
+    'ImageExtentTreeLock' : [ 0x158, ['_EX_PUSH_LOCK']],
+    'HotPatchReserveSize' : [ 0x15c, ['unsigned long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x4, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x1c, {
+    'HashLink' : [ 0x0, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x4, ['unsigned short']],
+    'Atom' : [ 0x6, ['unsigned short']],
+    'Reference' : [ 0x8, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x18, ['unsigned char']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'WaitResponse' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x18, {
+    'DebugInfo' : [ 0x0, ['pointer', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x4, ['long']],
+    'RecursionCount' : [ 0x8, ['long']],
+    'OwningThread' : [ 0xc, ['pointer', ['void']]],
+    'LockSemaphore' : [ 0x10, ['pointer', ['void']]],
+    'SpinCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x38, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x8, ['unsigned char']],
+    'ArbiterInterface' : [ 0xc, ['pointer', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x10, ['pointer', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x1c, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x24, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x2c, ['_LIST_ENTRY']],
+    'State' : [ 0x34, ['unsigned char']],
+    'ResourcesChanged' : [ 0x35, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x30, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x4, ['pointer', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x8, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0xc, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x10, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkIdFilter' : [ 0x14, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'StackWalkNameFilter' : [ 0x18, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+    'StackWalkLevelKwFilter' : [ 0x1c, ['pointer', ['_EVENT_FILTER_LEVEL_KW']]],
+    'EventIdFilter' : [ 0x20, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x24, ['pointer', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x28, ['pointer', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x2c, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0x90, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long']],
+    'NonPagedBytes' : [ 0x54, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x5c, ['unsigned long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x60, ['unsigned long']],
+    'SessionTrims' : [ 0x64, ['unsigned long']],
+    'OptionChanges' : [ 0x68, ['unsigned long']],
+    'VerifyMode' : [ 0x6c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x70, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x78, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x7c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x80, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x84, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x88, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x8c, ['unsigned long']],
+} ],
+  '_HEAP_SEGMENT_MGR_COMMIT_STATE' : [ 0x2, {
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned short')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 14, native_type='unsigned short')]],
+    'LargePageOperationInProgress' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'LargePageCommit' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'EntireUShortV' : [ 0x0, ['unsigned short']],
+    'EntireUShort' : [ 0x0, ['unsigned short']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x480, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['pointer', ['void']]],
+    'ImageBaseAddress' : [ 0x8, ['pointer', ['void']]],
+    'Ldr' : [ 0xc, ['pointer', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x10, ['pointer', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x14, ['pointer', ['void']]],
+    'ProcessHeap' : [ 0x18, ['pointer', ['void']]],
+    'FastPebLock' : [ 0x1c, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x20, ['pointer', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x24, ['pointer', ['void']]],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['pointer', ['void']]],
+    'UserSharedInfoPtr' : [ 0x2c, ['pointer', ['void']]],
+    'SystemReserved' : [ 0x30, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x34, ['pointer', ['_SLIST_HEADER']]],
+    'ApiSetMap' : [ 0x38, ['pointer', ['void']]],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['pointer', ['void']]],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['pointer', ['void']]],
+    'SharedData' : [ 0x50, ['pointer', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x54, ['pointer', ['pointer', ['void']]]],
+    'AnsiCodePageData' : [ 0x58, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x5c, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x60, ['pointer', ['void']]],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['pointer', ['pointer', ['void']]]],
+    'GdiSharedHandleTable' : [ 0x94, ['pointer', ['void']]],
+    'ProcessStarterHelper' : [ 0x98, ['pointer', ['void']]],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['pointer', ['void']]],
+    'TlsExpansionBitmap' : [ 0x150, ['pointer', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['pointer', ['void']]],
+    'AppCompatInfo' : [ 0x1ec, ['pointer', ['void']]],
+    'CSDVersion' : [ 0x1f0, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x1f8, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x200, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x204, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'SparePointers' : [ 0x20c, ['array', 4, ['pointer', ['void']]]],
+    'SpareUlongs' : [ 0x21c, ['array', 5, ['unsigned long']]],
+    'WerRegistrationData' : [ 0x230, ['pointer', ['void']]],
+    'WerShipAssertPtr' : [ 0x234, ['pointer', ['void']]],
+    'pUnused' : [ 0x238, ['pointer', ['void']]],
+    'pImageHeaderHash' : [ 0x23c, ['pointer', ['void']]],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['pointer', ['void']]]],
+    'TelemetryCoverageHeader' : [ 0x45c, ['pointer', ['void']]],
+    'CloudFileFlags' : [ 0x460, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x464, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x468, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x469, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x470, ['pointer', ['_LEAP_SECOND_DATA']]],
+    'LeapSecondFlags' : [ 0x474, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x474, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x474, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x478, ['unsigned long']],
+} ],
+  '_RTL_HP_SEG_ALLOC_POLICY' : [ 0xc, {
+    'MinLargePages' : [ 0x0, ['unsigned long']],
+    'MaxLargePages' : [ 0x4, ['unsigned long']],
+    'MinUtilization' : [ 0x8, ['unsigned char']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x8, ['unsigned long']],
+    'Unloads' : [ 0xc, ['unsigned long']],
+    'BaseName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x10, {
+    'IssueType' : [ 0x0, ['unsigned long']],
+    'Address' : [ 0x4, ['pointer', ['void']]],
+    'Parameters' : [ 0x8, ['array', 2, ['unsigned long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x14, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Busy' : [ 0x10, ['unsigned char']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x24, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x28, ['unsigned long']],
+    'Alternatives' : [ 0x2c, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x30, ['unsigned short']],
+    'RangeAttributes' : [ 0x32, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x33, ['unsigned char']],
+    'WorkSpace' : [ 0x34, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x8, {
+    'BasePage' : [ 0x0, ['unsigned long']],
+    'PageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_28db' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_28df' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_28e1' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_28db']],
+    'Bits' : [ 0x0, ['__unnamed_28df']],
+} ],
+  '_KGDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_28e1']],
+} ],
+  '_ETW_SYSTEM_LOGGER_SETTINGS' : [ 0x174, {
+    'EtwpSystemLogger' : [ 0x0, ['array', 8, ['_ETW_SYSTEM_LOGGER']]],
+    'EtwpActiveSystemLoggers' : [ 0x10, ['unsigned long']],
+    'SiloGlobalGroupMask' : [ 0x14, ['_PERFINFO_GROUPMASK']],
+    'EtwpGroupMasks' : [ 0x34, ['array', 10, ['_PERFINFO_GROUPMASK']]],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x20, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP']],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Vad' : [ 0x10, ['pointer', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x14, ['unsigned long']],
+    'FullSetBits' : [ 0x18, ['unsigned long']],
+    'SubListIndex' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_28ef' : [ 0x18, {
+    'ApcState' : [ 0x0, ['_KAPC_STATE']],
+    'HardFaultState' : [ 0x0, ['_MI_HARD_FAULT_STATE']],
+} ],
+  '__unnamed_28f1' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_28f4' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x108, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'CollidedEvent' : [ 0x20, ['_KEVENT']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'u2' : [ 0x40, ['__unnamed_28ef']],
+    'Thread' : [ 0x58, ['pointer', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0x5c, ['pointer', ['_MMPFN']]],
+    'PteContents' : [ 0x60, ['_MMPTE']],
+    'WaitCount' : [ 0x68, ['long']],
+    'InjectRetry' : [ 0x6c, ['long']],
+    'ByteCount' : [ 0x70, ['unsigned long']],
+    'u3' : [ 0x74, ['__unnamed_28f1']],
+    'u1' : [ 0x78, ['__unnamed_28f4']],
+    'FilePointer' : [ 0x7c, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x80, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x80, ['pointer', ['_SUBSECTION']]],
+    'Autoboost' : [ 0x84, ['pointer', ['void']]],
+    'FaultingAddress' : [ 0x88, ['pointer', ['void']]],
+    'PointerPte' : [ 0x8c, ['pointer', ['_MMPTE']]],
+    'BasePte' : [ 0x90, ['pointer', ['_MMPTE']]],
+    'Pfn' : [ 0x94, ['pointer', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x98, ['pointer', ['_MDL']]],
+    'ProbeCount' : [ 0xa0, ['long long']],
+    'Mdl' : [ 0xa8, ['_MDL']],
+    'Page' : [ 0xc4, ['array', 16, ['unsigned long']]],
+    'FlowThrough' : [ 0xc4, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2904' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2906' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2908' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_290a' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2904']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_2906']],
+    'Raw' : [ 0x0, ['__unnamed_2908']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x28, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'Operation' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0x8, ['__unnamed_290a']],
+    'Stack' : [ 0x10, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x10, {
+    'BaseKcb' : [ 0x0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x4, ['long']],
+    'ClonedKcbListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset', 25: u'ClearDmaGuardProblem', 26: u'PnpDeviceActionRequestMax'})]],
+    'ReorderingBarrier' : [ 0x10, ['unsigned char']],
+    'RequestArgument' : [ 0x14, ['unsigned long']],
+    'CompletionEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x1c, ['pointer', ['long']]],
+    'ActivityId' : [ 0x20, ['_GUID']],
+    'RefCount' : [ 0x30, ['long']],
+    'Dequeued' : [ 0x34, ['unsigned char']],
+    'CancelLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x3c, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0xc0, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x28, ['unsigned char']],
+    'Platform' : [ 0x29, ['unsigned char']],
+    'DependencyListCount' : [ 0x2c, ['unsigned long']],
+    'Processors' : [ 0x30, ['_KAFFINITY_EX']],
+    'Name' : [ 0x3c, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0x44, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x48, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x50, ['unsigned long long']],
+    'RefCount' : [ 0x80, ['long']],
+    'CacheAlign0' : [ 0x80, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer', ['void']]],
+    'InLoadOrderModuleList' : [ 0xc, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x14, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x24, ['pointer', ['void']]],
+    'ShutdownInProgress' : [ 0x28, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0xac0, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x1c0, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x200, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x340, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x480, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x4c0, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x4d4, ['array', 2, ['pointer', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x4dc, ['array', 8, ['pointer', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x4fc, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x540, ['unsigned long']],
+    'TransitionSharedPagesPeak' : [ 0x544, ['array', 6, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x55c, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x65c, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x66c, ['unsigned long']],
+    'StandbyListDiscard' : [ 0x670, ['unsigned char']],
+    'FreeListDiscard' : [ 0x671, ['unsigned char']],
+    'PfnBitMapsReady' : [ 0x672, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0x678, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x680, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0x6c0, ['unsigned long']],
+    'AvailablePageWaitStates' : [ 0x6c4, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0x700, ['pointer', ['void']]],
+    'TransitionPrivatePages' : [ 0x740, ['unsigned long']],
+    'LargePfnBitMap' : [ 0x744, ['array', 1, ['_RTL_BITMAP']]],
+    'LargePageListHeads' : [ 0x74c, ['pointer', ['_MI_FREE_LARGE_PAGE_LIST']]],
+    'LargePageCandidates' : [ 0x750, ['array', 1, ['_MI_LARGE_PAGE_CANDIDATES']]],
+    'RebuildLargePageWorkItem' : [ 0x858, ['_WORK_QUEUE_ITEM']],
+    'RebuildLargePageCandidates' : [ 0x868, ['unsigned char']],
+    'RebuildLargePageActive' : [ 0x869, ['unsigned char']],
+    'LargePageRebuildLock' : [ 0x86c, ['long']],
+    'LowMemoryThreshold' : [ 0x870, ['unsigned long']],
+    'HighMemoryThreshold' : [ 0x874, ['unsigned long']],
+    'SlabContexts' : [ 0x878, ['array', 2, ['array', 4, ['_MI_SLAB_ALLOCATOR_CONTEXT']]]],
+    'SlabPfnBitMap' : [ 0xab8, ['_RTL_BITMAP']],
+} ],
+  '__unnamed_293a' : [ 0x4, {
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_293a']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_STATS' : [ 0x4, {
+    'Buckets' : [ 0x0, ['array', 2, ['_HEAP_LFH_SUBSEGMENT_STAT']]],
+    'AllStats' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_HIDDEN_PROCESSOR_POWER_INTERFACE' : [ 0x14, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'ReadPerfMsr' : [ 0x4, ['pointer', ['void']]],
+    'WritePerfMsr' : [ 0x8, ['pointer', ['void']]],
+    'ReadPerfIoPort' : [ 0xc, ['pointer', ['void']]],
+    'WritePerfIoPort' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '__unnamed_295f' : [ 0x4, {
+    'AllocationType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Inserted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_2961' : [ 0x4, {
+    'PrototypePtesFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2963' : [ 0x4, {
+    'e1' : [ 0x0, ['__unnamed_295f']],
+    'e2' : [ 0x0, ['__unnamed_2961']],
+} ],
+  '_MI_PROTOTYPE_PTES_NODE' : [ 0x10, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0xc, ['__unnamed_2963']],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_WNF_DELIVERY_DESCRIPTOR' : [ 0x30, {
+    'SubscriptionId' : [ 0x0, ['unsigned long long']],
+    'StateName' : [ 0x8, ['_WNF_STATE_NAME']],
+    'ChangeStamp' : [ 0x10, ['unsigned long']],
+    'StateDataSize' : [ 0x14, ['unsigned long']],
+    'EventMask' : [ 0x18, ['unsigned long']],
+    'TypeId' : [ 0x1c, ['_WNF_TYPE_ID']],
+    'StateDataOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0xe0, {
+    'Partition' : [ 0x0, ['pointer', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x4, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0xc, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x20, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x24, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x2c, ['unsigned long']],
+    'CombinePageListHeads' : [ 0x30, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'CommonPageCombineDomain' : [ 0xb0, ['unsigned long long']],
+    'PageCombineStats' : [ 0xb8, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'LowboxNumber' : [ 0x14, ['unsigned long']],
+    'AtomTable' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x4, ['pointer', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID' : [ 0x18, {
+    'DeviceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'EXT_IOMMU_DEVICE_TYPE_INVALID', 1: u'EXT_IOMMU_DEVICE_TYPE_PCI', 2: u'EXT_IOMMU_DEVICE_TYPE_ACPI', 3: u'EXT_IOMMU_DEVICE_TYPE_IOAPIC', 4: u'EXT_IOMMU_DEVICE_TYPE_LOGICAL', 5: u'EXT_IOMMU_DEVICE_TYPE_GIC', 6: u'EXT_IOMMU_DEVICE_TYPE_TEST', 7: u'EXT_IOMMU_DEVICE_TYPE_MAX'})]],
+    'Pci' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_PCI']],
+    'Acpi' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_ACPI']],
+    'IoApicId' : [ 0x8, ['unsigned char']],
+    'LogicalId' : [ 0x8, ['unsigned long long']],
+    'Test' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_TEST']],
+    'Gic' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_GIC']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_298c' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_298e' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2991' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_2995' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x50, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x14, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x20, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x30, ['__unnamed_298c']],
+    'HvDeviceId' : [ 0x38, ['unsigned long long']],
+    'XapicMessage' : [ 0x40, ['__unnamed_298e']],
+    'Hypertransport' : [ 0x40, ['__unnamed_2991']],
+    'GenericMessage' : [ 0x40, ['__unnamed_298e']],
+    'MessageRequest' : [ 0x40, ['__unnamed_2995']],
+} ],
+  '__unnamed_299a' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_299c' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_299a']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_299f' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_29a1' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_299f']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_299c']],
+    'HighPart' : [ 0x4, ['__unnamed_29a1']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'KernelSoftReboot' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DirectedDripsTransition' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x46, ['unsigned char']],
+    'PreviousIrql' : [ 0x47, ['unsigned char']],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_MMPTE_HIGHLOW' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0xb0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0xc, ['pointer', ['void']]],
+    'MessageServiceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'MessageIndex' : [ 0x14, ['unsigned long']],
+    'ServiceContext' : [ 0x18, ['pointer', ['void']]],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'TickCount' : [ 0x20, ['unsigned long']],
+    'ActualLock' : [ 0x24, ['pointer', ['unsigned long']]],
+    'DispatchAddress' : [ 0x28, ['pointer', ['void']]],
+    'Vector' : [ 0x2c, ['unsigned long']],
+    'Irql' : [ 0x30, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x31, ['unsigned char']],
+    'FloatingSave' : [ 0x32, ['unsigned char']],
+    'Connected' : [ 0x33, ['unsigned char']],
+    'Number' : [ 0x34, ['unsigned long']],
+    'ShareVector' : [ 0x38, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x39, ['unsigned char']],
+    'ActiveCount' : [ 0x3a, ['unsigned short']],
+    'InternalState' : [ 0x3c, ['long']],
+    'Mode' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x48, ['unsigned long']],
+    'DispatchCount' : [ 0x4c, ['unsigned long']],
+    'PassiveEvent' : [ 0x50, ['pointer', ['_KEVENT']]],
+    'TrapFrame' : [ 0x54, ['pointer', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x58, ['pointer', ['void']]],
+    'ServiceThread' : [ 0x5c, ['pointer', ['_KTHREAD']]],
+    'ConnectionData' : [ 0x60, ['pointer', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0x64, ['pointer', ['void']]],
+    'IsrDpcStats' : [ 0x68, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xa8, ['pointer', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x34, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x10, ['pointer', ['void']]],
+    'IoObject' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x1c, ['pointer', ['_ETHREAD']]],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ActivityId' : [ 0x24, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x18, {
+    'NextPteToTrim' : [ 0x0, ['pointer', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0xc, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x10, ['unsigned long']],
+    'LockedEntries' : [ 0x14, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x44, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer', ['unsigned char']]],
+    'DataPortMapped' : [ 0xc, ['unsigned char']],
+    'AddressPort' : [ 0x10, ['pointer', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x14, ['unsigned char']],
+    'CommandPort' : [ 0x18, ['pointer', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x1c, ['unsigned char']],
+    'NextSlotNumber' : [ 0x20, ['unsigned long']],
+    'DeviceList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x2c, ['pointer', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x30, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x38, ['unsigned long']],
+    'SystemPowerState' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x50, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+    'Extended' : [ 0x49, ['unsigned char']],
+    'RankNumber' : [ 0x4a, ['unsigned short']],
+    'CardHandle' : [ 0x4c, ['unsigned short']],
+    'ModuleHandle' : [ 0x4e, ['unsigned short']],
+} ],
+  '_EX_POOL_HEAP_MANAGER_STATE' : [ 0x228c0, {
+    'HeapManager' : [ 0x0, ['_RTLP_HP_HEAP_MANAGER']],
+    'NumberOfPools' : [ 0x1c70, ['unsigned long']],
+    'PoolNode' : [ 0x1c80, ['array', 16, ['_EX_HEAP_POOL_NODE']]],
+    'SpecialHeaps' : [ 0x22880, ['array', 3, ['pointer', ['_SEGMENT_HEAP']]]],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KAPC_STATE' : [ 0x18, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x10, ['pointer', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x14, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x15, ['unsigned char']],
+    'UserApcPendingAll' : [ 0x16, ['unsigned char']],
+    'SpecialUserApcPending' : [ 0x16, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserApcPending' : [ 0x16, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x10, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x8, ['unsigned long']],
+    'Inserted' : [ 0xc, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_HEAP_VAMGR_CTX' : [ 0x1c20, {
+    'VaSpace' : [ 0x0, ['_HEAP_VAMGR_VASPACE']],
+    'AllocatorLock' : [ 0x34, ['unsigned long']],
+    'AllocatorCount' : [ 0x38, ['unsigned long']],
+    'Allocators' : [ 0x3c, ['array', 255, ['_HEAP_VAMGR_ALLOCATOR']]],
+} ],
+  '_IMAGE_IMPORT_CONTROL_TRANSFER_DYNAMIC_RELOCATION' : [ 0x4, {
+    'PageRelativeOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'IndirectCall' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'IATIndex' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DEBUG_DEVICE_DESCRIPTOR' : [ 0xa8, {
+    'Bus' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'Segment' : [ 0x8, ['unsigned short']],
+    'VendorID' : [ 0xa, ['unsigned short']],
+    'DeviceID' : [ 0xc, ['unsigned short']],
+    'BaseClass' : [ 0xe, ['unsigned char']],
+    'SubClass' : [ 0xf, ['unsigned char']],
+    'ProgIf' : [ 0x10, ['unsigned char']],
+    'Flags' : [ 0x11, ['unsigned char']],
+    'DbgHalScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgBarsMapped' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Initialized' : [ 0x12, ['unsigned char']],
+    'Configured' : [ 0x13, ['unsigned char']],
+    'BaseAddress' : [ 0x14, ['array', 6, ['DEBUG_DEVICE_ADDRESS']]],
+    'Memory' : [ 0x60, ['DEBUG_MEMORY_REQUIREMENTS']],
+    'Dbg2TableIndex' : [ 0x80, ['unsigned long']],
+    'PortType' : [ 0x84, ['unsigned short']],
+    'PortSubtype' : [ 0x86, ['unsigned short']],
+    'OemData' : [ 0x88, ['pointer', ['void']]],
+    'OemDataLength' : [ 0x8c, ['unsigned long']],
+    'NameSpace' : [ 0x90, ['Enumeration', dict(target = 'long', choices = {0: u'KdNameSpacePCI', 1: u'KdNameSpaceACPI', 2: u'KdNameSpaceAny', 3: u'KdNameSpaceNone', 4: u'KdNameSpaceMax'})]],
+    'NameSpacePath' : [ 0x94, ['pointer', ['wchar']]],
+    'NameSpacePathLength' : [ 0x98, ['unsigned long']],
+    'TransportType' : [ 0x9c, ['unsigned long']],
+    'TransportData' : [ 0xa0, ['_DEBUG_TRANSPORT_DATA']],
+} ],
+  '__unnamed_2a07' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2a09' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2a0b' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_2a07']],
+    'Interrupt' : [ 0x0, ['__unnamed_2a09']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_2a09']],
+    'Sci' : [ 0x0, ['__unnamed_2a09']],
+    'Nmi' : [ 0x0, ['__unnamed_2a09']],
+    'Sea' : [ 0x0, ['__unnamed_2a09']],
+    'Sei' : [ 0x0, ['__unnamed_2a09']],
+    'Gsiv' : [ 0x0, ['__unnamed_2a09']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_2a0b']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'PassiveCoolingDevicesPresent' : [ 0x21, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x4, {
+    'LogHandleContext' : [ 0x0, ['pointer', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x19c, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x110, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x190, ['unsigned long']],
+    'ThreadListHead' : [ 0x194, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x2c, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'RealRefCount' : [ 0x14, ['unsigned long']],
+    'Descriptor' : [ 0x18, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x1c0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Partition' : [ 0x19c, ['pointer', ['_EX_PARTITION']]],
+    'Node' : [ 0x1a0, ['pointer', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x1a4, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x1a8, ['unsigned long']],
+    'ThreadCount' : [ 0x1ac, ['long']],
+    'MinThreads' : [ 0x1b0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x1b0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x1b4, ['long']],
+    'QueueIndex' : [ 0x1b8, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'IoPoolUntrusted', 8: u'ExPoolMax'})]],
+    'AllThreadsExitedEvent' : [ 0x1bc, ['pointer', ['_KEVENT']]],
+} ],
+  '_KSCB' : [ 0x100, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x50, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x5d, ['unsigned char']],
+    'ReadySummary' : [ 0x5e, ['unsigned short']],
+    'Rank' : [ 0x60, ['unsigned long']],
+    'ShareRank' : [ 0x64, ['pointer', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x68, ['unsigned long']],
+    'ReadyListHead' : [ 0x6c, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0xec, ['_RTL_RB_TREE']],
+    'Parent' : [ 0xf4, ['pointer', ['_KSCB']]],
+    'Root' : [ 0xf8, ['pointer', ['_KSCB']]],
+} ],
+  '__unnamed_2a33' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0x5c, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x8, ['pointer', ['void']]],
+    'ExceptionTableSize' : [ 0xc, ['unsigned long']],
+    'GpValue' : [ 0x10, ['pointer', ['void']]],
+    'NonPagedDebugInfo' : [ 0x14, ['pointer', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'LoadCount' : [ 0x38, ['unsigned short']],
+    'u1' : [ 0x3a, ['__unnamed_2a33']],
+    'SectionPointer' : [ 0x3c, ['pointer', ['void']]],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x44, ['unsigned long']],
+    'CoverageSection' : [ 0x48, ['pointer', ['void']]],
+    'LoadedImports' : [ 0x4c, ['pointer', ['void']]],
+    'Spare' : [ 0x50, ['pointer', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x54, ['unsigned long']],
+    'TimeDateStamp' : [ 0x58, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_KTSS' : [ 0x20ac, {
+    'Backlink' : [ 0x0, ['unsigned short']],
+    'Reserved0' : [ 0x2, ['unsigned short']],
+    'Esp0' : [ 0x4, ['unsigned long']],
+    'Ss0' : [ 0x8, ['unsigned short']],
+    'Reserved1' : [ 0xa, ['unsigned short']],
+    'NotUsed1' : [ 0xc, ['array', 4, ['unsigned long']]],
+    'CR3' : [ 0x1c, ['unsigned long']],
+    'Eip' : [ 0x20, ['unsigned long']],
+    'EFlags' : [ 0x24, ['unsigned long']],
+    'Eax' : [ 0x28, ['unsigned long']],
+    'Ecx' : [ 0x2c, ['unsigned long']],
+    'Edx' : [ 0x30, ['unsigned long']],
+    'Ebx' : [ 0x34, ['unsigned long']],
+    'Esp' : [ 0x38, ['unsigned long']],
+    'Ebp' : [ 0x3c, ['unsigned long']],
+    'Esi' : [ 0x40, ['unsigned long']],
+    'Edi' : [ 0x44, ['unsigned long']],
+    'Es' : [ 0x48, ['unsigned short']],
+    'Reserved2' : [ 0x4a, ['unsigned short']],
+    'Cs' : [ 0x4c, ['unsigned short']],
+    'Reserved3' : [ 0x4e, ['unsigned short']],
+    'Ss' : [ 0x50, ['unsigned short']],
+    'Reserved4' : [ 0x52, ['unsigned short']],
+    'Ds' : [ 0x54, ['unsigned short']],
+    'Reserved5' : [ 0x56, ['unsigned short']],
+    'Fs' : [ 0x58, ['unsigned short']],
+    'Reserved6' : [ 0x5a, ['unsigned short']],
+    'Gs' : [ 0x5c, ['unsigned short']],
+    'Reserved7' : [ 0x5e, ['unsigned short']],
+    'LDT' : [ 0x60, ['unsigned short']],
+    'Reserved8' : [ 0x62, ['unsigned short']],
+    'Flags' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+    'IoMaps' : [ 0x68, ['array', 1, ['_KiIoAccessMap']]],
+    'IntDirectionMap' : [ 0x208c, ['array', 32, ['unsigned char']]],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long']],
+    'TrimInProgressCount' : [ 0x4, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x8, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x18, ['array', 3, ['unsigned long']]],
+} ],
+  '_RTLP_HP_METADATA_HEAP_CTX' : [ 0x8, {
+    'Heap' : [ 0x0, ['pointer', ['_SEGMENT_HEAP']]],
+    'InitOnce' : [ 0x4, ['_RTL_RUN_ONCE']],
+} ],
+  '_KMUTANT' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x18, ['pointer', ['_KTHREAD']]],
+    'MutantFlags' : [ 0x1c, ['unsigned char']],
+    'Abandoned' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'Abandoned2' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'AbEnabled' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare2' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'ApcDisable' : [ 0x1d, ['unsigned char']],
+} ],
+  '__unnamed_2a47' : [ 0x4, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 29, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a4a' : [ 0x4, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_ACTIVE_PFN' : [ 0x4, {
+    'Leaf' : [ 0x0, ['__unnamed_2a47']],
+    'PageTable' : [ 0x0, ['__unnamed_2a4a']],
+    'EntireActiveField' : [ 0x0, ['unsigned long']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x4, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x168, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x4, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x18, ['_GUID']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NextSameTx' : [ 0x48, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x50, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x58, ['pointer', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0x5c, ['pointer', ['_KTRANSACTION']]],
+    'State' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0x64, ['unsigned long']],
+    'NotificationMask' : [ 0x68, ['unsigned long']],
+    'Key' : [ 0x6c, ['pointer', ['void']]],
+    'KeyRefCount' : [ 0x70, ['unsigned long']],
+    'RecoveryInformation' : [ 0x74, ['pointer', ['void']]],
+    'RecoveryInformationLength' : [ 0x78, ['unsigned long']],
+    'DynamicNameInformation' : [ 0x7c, ['pointer', ['void']]],
+    'DynamicNameInformationLength' : [ 0x80, ['unsigned long']],
+    'FinalNotification' : [ 0x84, ['pointer', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0x88, ['pointer', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0x8c, ['pointer', ['void']]],
+    'SubordinateTxHandle' : [ 0x90, ['pointer', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x94, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0xa4, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0xb4, ['_GUID']],
+    'NextHistory' : [ 0xc4, ['unsigned long']],
+    'History' : [ 0xc8, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x14, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x18, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long']],
+} ],
+  '_HMAP_TABLE' : [ 0x1800, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_2a75' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a77' : [ 0x10, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_2a75']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x20, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0xc, ['__unnamed_2a77']],
+    'VerifiedData' : [ 0x1c, ['pointer', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x10, {
+    'SecurityQos' : [ 0x0, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x4, ['pointer', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x8, ['unsigned long']],
+    'FullCreateOptions' : [ 0xc, ['unsigned long']],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IMAGE_INDIR_CONTROL_TRANSFER_DYNAMIC_RELOCATION' : [ 0x2, {
+    'PageRelativeOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'IndirectCall' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'RexWPrefix' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'CfgCheck' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_VI_VERIFIER_POOL_HEADER' : [ 0x4, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer', ['_VI_POOL_ENTRY']]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x18, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x8, ['pointer', ['void']]],
+    'SessionViewVa' : [ 0x8, ['pointer', ['void']]],
+    'VadsProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'Type' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SystemCacheAttributes' : [ 0x10, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0xc0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0xc8, ['unsigned long']],
+    'PteTrackingBitmap' : [ 0xcc, ['_RTL_BITMAP']],
+    'CachedPteHeads' : [ 0xd4, ['pointer', ['_MI_CACHED_PTES']]],
+    'CachedKernelStackPteHeads' : [ 0xd8, ['pointer', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xdc, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPteInfo' : [ 0x110, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x144, ['unsigned long']],
+    'KernelStackPages' : [ 0x148, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x149, ['unsigned char']],
+    'AdjustCounter' : [ 0x14a, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x14c, ['long']],
+    'ReservedMappingTree' : [ 0x150, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x154, ['pointer', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x158, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x15c, ['long']],
+} ],
+  '__unnamed_2a8f' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0xe4, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2a8f']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'NodeInformation' : [ 0x10, ['pointer', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x14, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x18, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x1c, ['unsigned long']],
+    'PfnUnmapWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x30, ['unsigned long']],
+    'PfnUnmapWaitList' : [ 0x34, ['pointer', ['void']]],
+    'MemoryRuns' : [ 0x38, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x3c, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x4c, ['array', 5, ['pointer', ['void']]]],
+    'PartitionObject' : [ 0x60, ['pointer', ['_EPARTITION']]],
+    'PartitionSystemThreadsLock' : [ 0x64, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0x6c, ['long']],
+    'PfnUnmapActive' : [ 0x70, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0x74, ['_KEVENT']],
+    'RootDirectory' : [ 0x84, ['pointer', ['void']]],
+    'KernelObjectsDirectory' : [ 0x88, ['pointer', ['void']]],
+    'MemoryEvents' : [ 0x8c, ['array', 11, ['pointer', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0xb8, ['array', 11, ['pointer', ['void']]]],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0x64, {
+    'NextPageColor' : [ 0x0, ['unsigned long']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long']],
+    'VmWorkingSetList' : [ 0xc, ['pointer', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x18, ['array', 8, ['unsigned long']]],
+    'ExitOutswapGate' : [ 0x38, ['pointer', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x3c, ['unsigned long']],
+    'WorkingSetLeafSize' : [ 0x40, ['unsigned long']],
+    'WorkingSetLeafPrivateSize' : [ 0x44, ['unsigned long']],
+    'WorkingSetSize' : [ 0x48, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x4c, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x50, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x54, ['unsigned long']],
+    'HardFaultCount' : [ 0x58, ['unsigned long']],
+    'LastTrimStamp' : [ 0x5c, ['unsigned short']],
+    'Unused0' : [ 0x5e, ['unsigned short']],
+    'Flags' : [ 0x60, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x18, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x8, ['unsigned char']],
+    'BlockState' : [ 0x9, ['unsigned char']],
+    'WaitKey' : [ 0xa, ['unsigned short']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0xc, ['pointer', ['_KQUEUE']]],
+    'Object' : [ 0x10, ['pointer', ['void']]],
+    'SparePtr' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x10, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0xc, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x58, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'VolumeLabel' : [ 0x18, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+} ],
+  '_LFH_RANDOM_DATA' : [ 0x100, {
+    'Bytes' : [ 0x0, ['array', 256, ['unsigned char']]],
+    'Words' : [ 0x0, ['array', 128, ['unsigned short']]],
+    'Quadwords' : [ 0x0, ['array', 32, ['unsigned long long']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'WorkQueue' : [ 0x18, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x40, ['pointer', ['void']]],
+    'AcceptProcessorNotification' : [ 0x44, ['pointer', ['void']]],
+    'AcceptAcpiNotification' : [ 0x48, ['pointer', ['void']]],
+    'WorkOrderCount' : [ 0x4c, ['unsigned long']],
+    'WorkOrders' : [ 0x50, ['array', 1, ['_POP_FX_WORK_ORDER']]],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2ac0' : [ 0x20, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x1c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x50, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long']],
+    'ModifiedPagesTotal' : [ 0x1c, ['unsigned long']],
+    'ModifiedPagefilePages' : [ 0x20, ['unsigned long']],
+    'ModifiedNoWritePages' : [ 0x24, ['unsigned long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x28, ['unsigned long']],
+    'MdlHack' : [ 0x2c, ['__unnamed_2ac0']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x140, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'ReadySummary' : [ 0x4, ['unsigned long']],
+    'ReadyListHead' : [ 0x8, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x108, ['array', 32, ['unsigned char']]],
+    'Span' : [ 0x128, ['unsigned char']],
+    'LowProcIndex' : [ 0x129, ['unsigned char']],
+    'QueueIndex' : [ 0x12a, ['unsigned char']],
+    'ProcCount' : [ 0x12b, ['unsigned char']],
+    'ScanOwner' : [ 0x12c, ['unsigned char']],
+    'Spare' : [ 0x12d, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x130, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x134, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x138, ['unsigned long long']],
+} ],
+  '_HAL_LBR_ENTRY' : [ 0xc, {
+    'FromAddress' : [ 0x0, ['pointer', ['void']]],
+    'ToAddress' : [ 0x4, ['pointer', ['void']]],
+    'Reserved' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_NT_TIB' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x4, ['pointer', ['void']]],
+    'StackLimit' : [ 0x8, ['pointer', ['void']]],
+    'SubSystemTib' : [ 0xc, ['pointer', ['void']]],
+    'FiberData' : [ 0x10, ['pointer', ['void']]],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['pointer', ['void']]],
+    'Self' : [ 0x18, ['pointer', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x3c, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x8, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x10, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x14, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x18, ['pointer', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x18, ['array', 4, ['pointer', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x18, ['pointer', ['void']]],
+    'SessionId' : [ 0x1c, ['unsigned long']],
+    'Process' : [ 0x28, ['pointer', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['void']]],
+    'Callback' : [ 0x2c, ['pointer', ['void']]],
+    'Index' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x32, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x32, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x32, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x32, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x32, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'DbgUseDescriptorType' : [ 0x32, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'DbgDropProviderTraits' : [ 0x32, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'EnableMask' : [ 0x34, ['unsigned char']],
+    'GroupEnableMask' : [ 0x35, ['unsigned char']],
+    'Traits' : [ 0x38, ['pointer', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HAL_DP_REPLACE_PARAMETERS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'TargetProcessors' : [ 0x4, ['pointer', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+    'SpareProcessors' : [ 0x8, ['pointer', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x14, {
+    'NextEntry' : [ 0x0, ['pointer', ['void']]],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x2740, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long']],
+    'SystemVaBias' : [ 0x4, ['unsigned long']],
+    'SystemAvailableVaLow' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+    'SystemRangeStart' : [ 0x10, ['pointer', ['void']]],
+    'SystemCachePdeCount' : [ 0x14, ['array', 1024, ['unsigned char']]],
+    'SystemCacheReverseMaps' : [ 0x414, ['array', 1024, ['pointer', ['void']]]],
+    'VaRegion' : [ 0x1414, ['array', 1024, ['_MI_SYSTEM_REGION_REFERENCE']]],
+    'TopLevelPteLockBits' : [ 0x2414, ['array', 128, ['unsigned long']]],
+    'TopLevelPteAlternateLockBits' : [ 0x2614, ['array', 4, ['unsigned long']]],
+    'DeleteKvaLock' : [ 0x2624, ['long']],
+    'WsleArrays' : [ 0x2628, ['array', 8, ['pointer', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x2648, ['pointer', ['void']]],
+    'HyperSpaceEnd' : [ 0x264c, ['pointer', ['void']]],
+    'PagableHyperSpaceBytes' : [ 0x2650, ['unsigned long']],
+    'FreeSystemCacheVa' : [ 0x2654, ['_KEVENT']],
+    'SystemVaLock' : [ 0x2664, ['unsigned long']],
+    'SystemCacheViewLock' : [ 0x2668, ['unsigned long']],
+    'SystemWorkingSetList' : [ 0x266c, ['array', 8, ['_MMWSL_INSTANCE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x80, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'GoodCitizenWaiting' : [ 0x4, ['long']],
+    'ReleasedCommitDebt' : [ 0x8, ['unsigned long']],
+    'ResetPagesRepurposedCount' : [ 0xc, ['unsigned long']],
+    'WsSwapSupport' : [ 0x10, ['pointer', ['void']]],
+    'CommitReleaseContext' : [ 0x14, ['pointer', ['void']]],
+    'AccessLog' : [ 0x18, ['pointer', ['void']]],
+    'ChargedWslePages' : [ 0x1c, ['unsigned long']],
+    'ActualWslePages' : [ 0x20, ['unsigned long']],
+    'WorkingSetCoreLock' : [ 0x40, ['unsigned long']],
+    'ShadowMapping' : [ 0x44, ['pointer', ['void']]],
+} ],
+  '_ETW_SYSTEM_LOGGER' : [ 0x2, {
+    'LoggerId' : [ 0x0, ['unsigned char']],
+    'ClockType' : [ 0x1, ['unsigned char']],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_ACPI' : [ 0x4, {
+    'ObjectName' : [ 0x0, ['pointer', ['unsigned char']]],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '__WIL__WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x10, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PNP_REPLACE_PROCESSOR_LIST' : [ 0x14, {
+    'Affinity' : [ 0x0, ['pointer', ['unsigned long']]],
+    'GroupCount' : [ 0x4, ['unsigned long']],
+    'AllocatedCount' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'ApicIds' : [ 0x10, ['array', 1, ['unsigned long']]],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ETW_HW_TRACE_EXT_INTERFACE' : [ 0xc, {
+    'StartProcessorTraceOnEachCore' : [ 0x0, ['pointer', ['void']]],
+    'StopProcessorTraceOnEachCore' : [ 0x4, ['pointer', ['void']]],
+    'LogProcessorTraceOnCurrentCore' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x4, {
+    'ImpersonationData' : [ 0x0, ['unsigned long']],
+    'ImpersonationToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x4, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x8, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x10, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x8, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PAE_ENTRY' : [ 0x20, {
+    'PteEntry' : [ 0x0, ['array', 4, ['_MMPTE']]],
+    'PaeEntry' : [ 0x0, ['_PAE_PAGEINFO']],
+    'NextPae' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_MI_LARGE_PAGE_CANDIDATES' : [ 0x108, {
+    'Hand' : [ 0x0, ['unsigned short']],
+    'ActiveEntryCount' : [ 0x2, ['unsigned short']],
+    'Overflowed' : [ 0x4, ['unsigned char']],
+    'PageFrames' : [ 0x8, ['array', 64, ['unsigned long']]],
+} ],
+  '_MI_DLL_OVERFLOW_AREA' : [ 0x8, {
+    'RangeStart' : [ 0x0, ['pointer', ['void']]],
+    'NextVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x10, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CloneCommitCount' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0x8, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_TEST' : [ 0x8, {
+    'UniqueId' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_HEADER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaEventLogEntryTypeInformational', 1: u'WheaEventLogEntryTypeWarning', 2: u'WheaEventLogEntryTypeError'})]],
+    'OwnerTag' : [ 0x10, ['unsigned long']],
+    'Id' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {-2147483647: u'WheaEventLogEntryIdCmcPollingTimeout', -2147483646: u'WheaEventLogEntryIdWheaInit', -2147483645: u'WheaEventLogEntryIdCmcSwitchToPolling', -2147483644: u'WheaEventLogEntryIdDroppedCorrectedError', -2147483643: u'WheaEventLogEntryIdStartedReportHwError', -2147483642: u'WheaEventLogEntryIdPFAMemoryOfflined', -2147483641: u'WheaEventLogEntryIdPFAMemoryRemoveMonitor', -2147483640: u'WheaEventLogEntryIdPFAMemoryPolicy', -2147483639: u'WheaEventLogEntryIdPshedInjectError', -2147483638: u'WheaEventLogEntryIdOscCapabilities', -2147483637: u'WheaEventLogEntryIdPshedPluginRegister', -2147483636: u'WheaEventLogEntryIdAddRemoveErrorSource', -2147483635: u'WheaEventLogEntryIdWorkQueueItem', -2147483634: u'WheaEventLogEntryIdAttemptErrorRecovery', -2147483633: u'WheaEventLogEntryIdMcaFoundErrorInBank', -2147483632: u'WheaEventLogEntryIdMcaStuckErrorCheck', -2147483631: u'WheaEventLogEntryIdMcaErrorCleared', -2147483630: u'WheaEventLogEntryIdClearedPoison', -2147483629: u'WheaEventLogEntryIdProcessEINJ', -2147483628: u'WheaEventLogEntryIdProcessHEST', -2147483627: u'WheaEventLogEntryIdCreateGenericRecord', -2147483626: u'WheaEventLogEntryIdErrorRecord', -2147483625: u'WheaEventLogEntryIdErrorRecordLimit', -2147483624: u'WheaEventLogEntryIdSELEventFailed', -2147483623: u'WheaEventLogEntryIdErrSrcArrayInvalid', -2147483616: u'WheaEventLogEntryIdErrSrcInvalid', -2147483615: u'WheaEventLogEntryIdGenericErrMemMap', -2147483614: u'WheaEventLogEntryIdPshedCallbackCollision', -2147483613: u'WheaEventLogEntryIdSELBugCheckProgress'})]],
+    'Flags' : [ 0x18, ['_WHEA_EVENT_LOG_ENTRY_FLAGS']],
+    'PayloadLength' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_2b5a' : [ 0x4, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_SECTION' : [ 0x28, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u1' : [ 0x14, ['__unnamed_2b5a']],
+    'SizeOfSection' : [ 0x18, ['unsigned long long']],
+    'u' : [ 0x20, ['__unnamed_184c']],
+    'InitialPageProtection' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x24, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x24, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer', ['void']]]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_STAT' : [ 0x2, {
+    'Index' : [ 0x0, ['unsigned char']],
+    'Count' : [ 0x1, ['unsigned char']],
+} ],
+  '_WHEA_DEVICE_DRIVER_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'Config' : [ 0x4, ['_WHEA_ERROR_SOURCE_CONFIGURATION_DD']],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x8c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x8, ['unsigned long']],
+    'ArgumentStatus' : [ 0xc, ['long']],
+    'CallerEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'Callback' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'VetoType' : [ 0x1c, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights', 13: u'PNP_VetoAlreadyRemoved'})]]],
+    'VetoName' : [ 0x20, ['pointer', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x24, ['unsigned long']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'Cancel' : [ 0x2c, ['unsigned char']],
+    'Parent' : [ 0x30, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x34, ['_GUID']],
+    'Watchdog' : [ 0x44, ['pointer', ['_PNP_WATCHDOG']]],
+    'Data' : [ 0x48, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_GLOBAL_APPCOMPAT_FLAGS' : [ 0x4, {
+    'SafeInputValidation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Padding' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CommitLFHSubsegments' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AllocateHeapFromEnv' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'CallingAddress' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long']],
+    'Tag' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x8, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x4, ['array', 1, ['pointer', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0xa0, {
+    'Timelines' : [ 0x0, ['array', 14, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+    'InputTimeline' : [ 0x48, ['_TIMELINE_BITMAP']],
+    'AudioInTimeline' : [ 0x50, ['_TIMELINE_BITMAP']],
+    'AudioOutTimeline' : [ 0x58, ['_TIMELINE_BITMAP']],
+    'DisplayRequiredTimeline' : [ 0x60, ['_TIMELINE_BITMAP']],
+    'KeyboardInputTimeline' : [ 0x68, ['_TIMELINE_BITMAP']],
+    'Durations' : [ 0x70, ['array', 5, ['_ENERGY_STATE_DURATION']]],
+    'InputDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'AudioInDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'AudioOutDuration' : [ 0x80, ['_ENERGY_STATE_DURATION']],
+    'DisplayRequiredDuration' : [ 0x88, ['_ENERGY_STATE_DURATION']],
+    'PSMBackgroundDuration' : [ 0x90, ['_ENERGY_STATE_DURATION']],
+    'KeyboardInput' : [ 0x98, ['unsigned long']],
+    'MouseInput' : [ 0x9c, ['unsigned long']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x20, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x14, ['long']],
+    'Active' : [ 0x18, ['long']],
+    'FreeWhenDone' : [ 0x1c, ['unsigned char']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x90, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x8, ['unsigned long']],
+    'InDebugger' : [ 0xc, ['long']],
+    'Pfns' : [ 0x10, ['array', 32, ['pointer', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x8, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 31, native_type='unsigned long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x0, ['pointer', ['void']]],
+    'SessionState' : [ 0x4, ['pointer', ['void']]],
+    'SessionId' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x20, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer', ['void']]],
+    'Owner' : [ 0x14, ['pointer', ['void']]],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'Flags' : [ 0x19, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0xb8, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'TimerApc' : [ 0x2c, ['_KAPC']],
+    'TimerDpc' : [ 0x5c, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0x7c, ['_LIST_ENTRY']],
+    'Period' : [ 0x84, ['unsigned long']],
+    'TimerFlags' : [ 0x88, ['unsigned char']],
+    'ApcAssociated' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0x88, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0x88, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0x89, ['unsigned char']],
+    'Spare2' : [ 0x8a, ['unsigned short']],
+    'WakeReason' : [ 0x8c, ['pointer', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x98, ['pointer', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x9c, ['_LIST_ENTRY']],
+    'DueTime' : [ 0xa8, ['unsigned long long']],
+    'CoalescingWindow' : [ 0xb0, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x48, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x34, ['array', 2, ['_RTL_BITMAP']]],
+    'CrashDumpPte' : [ 0x44, ['pointer', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'OldIrql' : [ 0x4, ['unsigned char']],
+    'NewIrql' : [ 0x5, ['unsigned char']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'TickCount' : [ 0x8, ['unsigned long']],
+    'StackTrace' : [ 0xc, ['array', 5, ['pointer', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0xc, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x8, {
+    'OwnerThread' : [ 0x0, ['unsigned long']],
+    'IoPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Entry' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x8, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x4, {
+    'ImageFileName' : [ 0x0, ['pointer', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x10, ['pointer', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x14, ['pointer', ['void']]],
+} ],
+  'DEBUG_MEMORY_REQUIREMENTS' : [ 0x20, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'MaxEnd' : [ 0x8, ['_LARGE_INTEGER']],
+    'VirtualAddress' : [ 0x10, ['pointer', ['void']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Cached' : [ 0x18, ['unsigned char']],
+    'Aligned' : [ 0x19, ['unsigned char']],
+} ],
+  'DEBUG_DEVICE_ADDRESS' : [ 0xc, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Valid' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 2, ['unsigned char']]],
+    'BitWidth' : [ 0x2, ['unsigned char']],
+    'AccessSize' : [ 0x3, ['unsigned char']],
+    'TranslatedAddress' : [ 0x4, ['pointer', ['unsigned char']]],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x1a8, {
+    'IdleStates' : [ 0x0, ['pointer', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x4, ['pointer', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x20, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x28, ['unsigned char']],
+    'PepWokenTransition' : [ 0x29, ['unsigned char']],
+    'HvTargetState' : [ 0x2a, ['unsigned char']],
+    'Reserved' : [ 0x2b, ['unsigned char']],
+    'TargetIdleState' : [ 0x2c, ['unsigned long']],
+    'IdlePolicy' : [ 0x30, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x38, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x40, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xcc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xd0, ['unsigned long']],
+    'WmiInterfaceEnabled' : [ 0xd4, ['long']],
+    'FFHThrottleStateInfo' : [ 0xd8, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0xf8, ['_KDPC']],
+    'PerfActionMask' : [ 0x118, ['long']],
+    'HvIdleCheck' : [ 0x120, ['_PROC_IDLE_SNAP']],
+    'PerfCheck' : [ 0x130, ['pointer', ['_PROC_PERF_CHECK']]],
+    'Domain' : [ 0x134, ['pointer', ['_PROC_PERF_DOMAIN']]],
+    'PerfConstraint' : [ 0x138, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'Concurrency' : [ 0x13c, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x140, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'Load' : [ 0x144, ['pointer', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x148, ['pointer', ['_PROC_PERF_HISTORY']]],
+    'ArchitecturalEfficiencyClass' : [ 0x14c, ['unsigned char']],
+    'PerformanceSchedulingClass' : [ 0x14d, ['unsigned char']],
+    'EfficiencySchedulingClass' : [ 0x14e, ['unsigned char']],
+    'GuaranteedPerformancePercent' : [ 0x14f, ['unsigned char']],
+    'Parked' : [ 0x150, ['unsigned char']],
+    'LongPriorQosPeriod' : [ 0x151, ['unsigned char']],
+    'LatestAffinitizedPercent' : [ 0x152, ['unsigned short']],
+    'LatestPerformancePercent' : [ 0x154, ['unsigned long']],
+    'AveragePerformancePercent' : [ 0x158, ['unsigned long']],
+    'RelativePerformance' : [ 0x15c, ['unsigned long']],
+    'Utility' : [ 0x160, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x164, ['unsigned long']],
+    'SnapTimeLast' : [ 0x168, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x168, ['unsigned long long']],
+    'ActiveTime' : [ 0x170, ['unsigned long long']],
+    'TotalTime' : [ 0x178, ['unsigned long long']],
+    'FxDevice' : [ 0x180, ['pointer', ['_POP_FX_DEVICE']]],
+    'LastQosTranstionTsc' : [ 0x188, ['unsigned long long']],
+    'QosTransitionHysteresis' : [ 0x190, ['unsigned long long']],
+    'RequestedQosClass' : [ 0x198, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'ResolvedQosClass' : [ 0x19c, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosMax'})]],
+    'QosEquivalencyMask' : [ 0x1a0, ['unsigned short']],
+    'HwFeedbackTableIndex' : [ 0x1a2, ['unsigned short']],
+    'HwFeedbackParkHint' : [ 0x1a4, ['unsigned char']],
+    'HwFeedbackPerformanceClass' : [ 0x1a5, ['unsigned char']],
+    'HwFeedbackEfficiencyClass' : [ 0x1a6, ['unsigned char']],
+    'HeteroCoreType' : [ 0x1a7, ['unsigned char']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x200, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'CloneHeaderCount' : [ 0x18, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x20, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x30, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x40, ['unsigned long']],
+    'AttemptForCantExtend' : [ 0x44, ['_MMPAGE_FILE_EXPANSION']],
+    'DereferenceSegmentHeader' : [ 0x78, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0xa4, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0xb0, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0xd8, ['unsigned char']],
+    'SegmentDereferenceThreadExists' : [ 0xd9, ['unsigned char']],
+    'SegmentDereferenceActiveControlArea' : [ 0xdc, ['pointer', ['void']]],
+    'UnusedSegmentPagedPool' : [ 0xe0, ['unsigned long']],
+    'UnusedSegmentList' : [ 0xe4, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0xec, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0xf4, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0xfc, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x10c, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0x110, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0x128, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x138, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0x140, ['_EX_PUSH_LOCK']],
+    'PagefileExtensionWaiters' : [ 0x144, ['unsigned long']],
+    'PagefileExtensionRequests' : [ 0x148, ['unsigned long']],
+    'PagefileExtensionWaitEvent' : [ 0x14c, ['_KEVENT']],
+    'SharedCharges' : [ 0x15c, ['array', 7, ['_MI_CROSS_PARTITION_CHARGES']]],
+    'SharedChargesDrainEvent' : [ 0x1cc, ['pointer', ['_KEVENT']]],
+    'ControlAreasDrainEvent' : [ 0x1d0, ['pointer', ['_KEVENT']]],
+    'CloneHeaderDrainEvent' : [ 0x1d4, ['pointer', ['_KEVENT']]],
+    'ProbeRundownReference' : [ 0x1d8, ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]],
+} ],
+  '_KiIoAccessMap' : [ 0x2024, {
+    'DirectionMap' : [ 0x0, ['array', 32, ['unsigned char']]],
+    'IoMap' : [ 0x20, ['array', 8196, ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_BUS_HANDLER' : [ 0x68, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ConfigurationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'Cmos', 1: u'EisaConfiguration', 2: u'Pos', 3: u'CbusConfiguration', 4: u'PCIConfiguration', 5: u'VMEConfiguration', 6: u'NuBusConfiguration', 7: u'PCMCIAConfiguration', 8: u'MPIConfiguration', 9: u'MPSAConfiguration', 10: u'PNPISAConfiguration', 11: u'SgiInternalConfiguration', 12: u'MaximumBusDataType', -1: u'ConfigurationSpaceUndefined'})]],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'ParentHandler' : [ 0x14, ['pointer', ['_BUS_HANDLER']]],
+    'BusData' : [ 0x18, ['pointer', ['void']]],
+    'DeviceControlExtensionSize' : [ 0x1c, ['unsigned long']],
+    'BusAddresses' : [ 0x20, ['pointer', ['_SUPPORTED_RANGES']]],
+    'Reserved' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GetBusData' : [ 0x34, ['pointer', ['void']]],
+    'SetBusData' : [ 0x38, ['pointer', ['void']]],
+    'AdjustResourceList' : [ 0x3c, ['pointer', ['void']]],
+    'AssignSlotResources' : [ 0x40, ['pointer', ['void']]],
+    'TranslateBusAddress' : [ 0x44, ['pointer', ['void']]],
+    'Spare1' : [ 0x48, ['pointer', ['void']]],
+    'Spare2' : [ 0x4c, ['pointer', ['void']]],
+    'Spare3' : [ 0x50, ['pointer', ['void']]],
+    'Spare4' : [ 0x54, ['pointer', ['void']]],
+    'Spare5' : [ 0x58, ['pointer', ['void']]],
+    'Spare6' : [ 0x5c, ['pointer', ['void']]],
+    'Spare7' : [ 0x60, ['pointer', ['void']]],
+    'Spare8' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x14, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x154, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'State' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x1c, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x3c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x50, ['_GUID']],
+    'NotificationQueue' : [ 0x60, ['_KQUEUE']],
+    'NotificationMutex' : [ 0x88, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0xa8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xb0, ['unsigned long']],
+    'NotificationRoutine' : [ 0xb4, ['pointer', ['void']]],
+    'Key' : [ 0xb8, ['pointer', ['void']]],
+    'ProtocolListHead' : [ 0xbc, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0xc4, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0xcc, ['_LIST_ENTRY']],
+    'Tm' : [ 0xd4, ['pointer', ['_KTM']]],
+    'Description' : [ 0xd8, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0xe0, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x140, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_DEVICE' : [ 0x308, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DevNode' : [ 0x1c, ['pointer', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x20, ['pointer', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x24, ['pointer', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x28, ['pointer', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x2c, ['pointer', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x30, ['pointer', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x38, ['pointer', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x3c, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0x64, ['pointer', ['void']]],
+    'AcpiLink' : [ 0x68, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0x70, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0x78, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x90, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0xa8, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0xc4, ['unsigned long']],
+    'IdleTimer' : [ 0xc8, ['_KTIMER']],
+    'IdleDpc' : [ 0xf0, ['_KDPC']],
+    'IdleTimeout' : [ 0x110, ['unsigned long long']],
+    'IdleStamp' : [ 0x118, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x120, ['array', 2, ['pointer', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x128, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x130, ['array', 2, ['pointer', ['void']]]],
+    'NextIrpCallerContext' : [ 0x138, ['array', 2, ['pointer', ['void']]]],
+    'IrpCompleteEvent' : [ 0x140, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x150, ['pointer', ['void']]],
+    'Accounting' : [ 0x158, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x230, ['unsigned long']],
+    'ComponentCount' : [ 0x234, ['unsigned long']],
+    'Components' : [ 0x238, ['pointer', ['pointer', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x23c, ['unsigned long']],
+    'Log' : [ 0x240, ['pointer', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x244, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x248, ['pointer', ['_DRIVER_OBJECT']]],
+    'DripsWatchdogContext' : [ 0x24c, ['_POP_FX_DRIPS_WATCHDOG_CONTEXT']],
+    'DirectedTimeout' : [ 0x260, ['unsigned long']],
+    'DirectedWorkOrder' : [ 0x264, ['_POP_FX_WORK_ORDER']],
+    'DirectedWorkWatchdogInfo' : [ 0x280, ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']],
+    'DirectedLock' : [ 0x2e8, ['unsigned long']],
+    'DirectedTransitionCallCount' : [ 0x2ec, ['long']],
+    'DirectedTransitionState' : [ 0x2f0, ['_POP_FX_DEVICE_DIRECTED_TRANSITION_STATE']],
+    'PowerProfile' : [ 0x2fc, ['pointer', ['_POP_DEVICE_POWER_PROFILE']]],
+    'FriendlyName' : [ 0x300, ['_UNICODE_STRING']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x40, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x8, ['short']],
+    'SpecialApcDisable' : [ 0xa, ['short']],
+    'CombinedApcDisable' : [ 0x8, ['unsigned long']],
+    'Irql' : [ 0xc, ['unsigned char']],
+    'StackTrace' : [ 0x10, ['array', 12, ['pointer', ['void']]]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x4, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'FEATURE_STATE_CHANGE_SUBSCRIPTION__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PrefetchSystemVmType' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'VaPrefetchReadBlock' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CollidedFlowThrough' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ForceCollisions' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InPageExpanded' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IssuedAtLowPriority' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FaultFromStore' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ClusteredPagePriority' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'MakeClusterValid' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PerformRelocations' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ZeroLastPage' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'UserFault' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StandbyProtectionNeeded' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PteChanged' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PageFileFault' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'PageFilePageHashActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoalescedIo' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VmLockNotNeeded' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Processors' : [ 0x4, ['unsigned long']],
+    'ActiveProcessors' : [ 0x8, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_RTL_HP_SUB_ALLOCATOR_CONFIGS' : [ 0x8, {
+    'LfhConfigs' : [ 0x0, ['_RTL_HP_LFH_CONFIG']],
+    'VsConfigs' : [ 0x4, ['_RTL_HP_VS_CONFIG']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0xc, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SepCachedHandlesEntryLowbox', 1: u'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x4, ['pointer', ['void']]],
+    'IsolationPrefix' : [ 0x4, ['_UNICODE_STRING']],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x8, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x4, ['unsigned long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0x80, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x38, ['pointer', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x3c, ['pointer', ['void']]],
+    'Lock' : [ 0x40, ['long']],
+} ],
+  '_PEBS_DS_SAVE_AREA64' : [ 0xa0, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsGpCounterReset' : [ 0x40, ['array', 8, ['unsigned long long']]],
+    'PebsFixedCounterReset' : [ 0x80, ['array', 4, ['unsigned long long']]],
+} ],
+  '_FLOATING_SAVE_AREA' : [ 0x70, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+    'Spare0' : [ 0x6c, ['unsigned long']],
+} ],
+  '_LEAP_SECOND_DATA' : [ 0x10, {
+    'Enabled' : [ 0x0, ['unsigned char']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['array', 1, ['_LARGE_INTEGER']]],
+} ],
+  '__unnamed_2c61' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2c63' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2c61']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x44, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x30, ['pointer', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x34, ['_LIST_ENTRY']],
+    'Specific' : [ 0x3c, ['__unnamed_2c63']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0xc, {
+    'ChainLink' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'Context' : [ 0xc, ['pointer', ['void']]],
+    'CompletionState' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x14, ['unsigned long']],
+    'Status' : [ 0x18, ['long']],
+    'Information' : [ 0x1c, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0x20, ['long']],
+    'Watchdog' : [ 0x24, ['pointer', ['_PNP_WATCHDOG']]],
+} ],
+  '_ETW_STACK_TRACE_BLOCK' : [ 0x50, {
+    'RelatedTimestamp' : [ 0x0, ['_LARGE_INTEGER']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackWalkDpc' : [ 0xc, ['_KDPC']],
+    'ApcListHead' : [ 0x30, ['_SLIST_HEADER']],
+    'ApcEntry' : [ 0x38, ['pointer', ['_ETW_APC_ENTRY']]],
+    'ApcEntryCount' : [ 0x3c, ['unsigned long']],
+    'Flags' : [ 0x40, ['long']],
+    'ApcCount' : [ 0x44, ['long']],
+    'MaxApcCount' : [ 0x48, ['long']],
+} ],
+  '_EVENT_FILTER_LEVEL_KW' : [ 0x18, {
+    'MatchAnyKeyword' : [ 0x0, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x8, ['unsigned long long']],
+    'Level' : [ 0x10, ['unsigned char']],
+    'FilterIn' : [ 0x11, ['unsigned char']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2c7d' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x34, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x4, ['_LIST_ENTRY']],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x10, ['unsigned long']],
+    'ActualExpansion' : [ 0x14, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'InProgress' : [ 0x28, ['long']],
+    'u1' : [ 0x2c, ['__unnamed_2c7d']],
+    'ActiveEntry' : [ 0x30, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x4, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0xa4, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x4, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x8, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x18, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'ServerSectionBase' : [ 0x24, ['pointer', ['void']]],
+    'PortContext' : [ 0x28, ['pointer', ['void']]],
+    'ClientThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x3c, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0x78, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0x80, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MappingProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0x8c, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0x8e, ['unsigned short']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'WaitEvent' : [ 0x94, ['_KEVENT']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x100, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 62, ['pointer', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x10, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x4, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x8, ['pointer', ['unsigned long']]],
+    'Conflicts' : [ 0xc, ['pointer', ['pointer', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x218, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'ActiveLevels' : [ 0x1, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'LastActiveUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x18, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xc0, ['array', 21, ['unsigned long long']]],
+    'TotalActiveTime' : [ 0x168, ['array', 10, ['unsigned long long']]],
+    'ActiveTimeSnap' : [ 0x1b8, ['array', 10, ['unsigned long long']]],
+    'TotalTime' : [ 0x208, ['unsigned long long']],
+    'TotalTimeSnap' : [ 0x210, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_DELAY_FREE' : [ 0x4, {
+    'DelayFree' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Count' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'AllBits' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  'wil_details_StagingConfigWnfStateName' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  'RTLP_HP_LFH_PERF_FLAGS' : [ 0x4, {
+    'HotspotDetection' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HotspotFullCommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ActiveSubsegment' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SmallerSubsegment' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SingleAffinitySlot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ApplyLfhDecommitPolicy' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableGarbageCollection' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LargePagePreCommit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'OpportunisticLargePreCommit' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'LfhForcedAffinity' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'LfhCachelinePadding' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x8, {
+    'Process' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'HandleCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x10, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MAP_REGISTER_ENTRY' : [ 0x8, {
+    'MapRegister' : [ 0x0, ['pointer', ['void']]],
+    'WriteToDevice' : [ 0x4, ['unsigned char']],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x50, {
+    'Context' : [ 0x0, ['pointer', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x44, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x4c, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x50, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceReasonUnknown', 1: u'RebalanceReasonRequirementsChanged', 2: u'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceFailureNone', 1: u'RebalanceFailureDisabled', 2: u'RebalanceFailureNoMemory', 3: u'RebalanceFailureQueryStopUnexpectedVeto', 4: u'RebalanceFailureNoRequirements', 5: u'RebalanceFailureNoCandidates', 6: u'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x1c, ['unsigned char']],
+    'TriggerRoot' : [ 0x20, ['pointer', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x24, ['unsigned char']],
+    'BeginTime' : [ 0x28, ['unsigned long long']],
+    'VetoNode' : [ 0x30, ['array', 2, ['pointer', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x38, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceQueryRebalanceSucceeded', 1: u'DeviceQueryStopFailed', 2: u'DeviceFailedGetNewResourceRequirement', 3: u'DeviceInUnexpectedState', 4: u'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x40, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  'wil_details_VariantProperties' : [ 0x4, {
+    'enabledState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'isVariant' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'queuedForReporting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'hasNotificationState' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'recordedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'variant' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 13, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_HEAP_POOL_NODE' : [ 0x20c0, {
+    'Heaps' : [ 0x0, ['array', 4, ['pointer', ['_SEGMENT_HEAP']]]],
+    'Lookasides' : [ 0x40, ['array', 2, ['_RTL_DYNAMIC_LOOKASIDE']]],
+} ],
+  '_HMAP_ENTRY' : [ 0xc, {
+    'BlockOffset' : [ 0x0, ['unsigned long']],
+    'PermanentBinAddress' : [ 0x4, ['unsigned long']],
+    'MemAlloc' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2cda' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x178, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x34, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x38, ['pointer', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x40, ['unsigned long long']],
+    'SleepTime' : [ 0x48, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x50, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x60, ['array', 3, ['__unnamed_2cda']]],
+    'WakeAlarmPaused' : [ 0xa8, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb0, ['unsigned long long']],
+    'DozeDeferralStartTime' : [ 0xb8, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc0, ['SYSTEM_POWER_CAPABILITIES']],
+    'WatchdogDpc' : [ 0x10c, ['_KDPC']],
+    'WatchdogTimer' : [ 0x130, ['_KTIMER']],
+    'WatchdogInitialized' : [ 0x158, ['unsigned char']],
+    'WatchdogState' : [ 0x15c, ['Enumeration', dict(target = 'long', choices = {0: u'PopPowerActionWatchdogStateDisabled', 1: u'PopPowerActionWatchdogStateTransitioning', 2: u'PopPowerActionWatchdogStateResuming', 3: u'PopPowerActionWatchdogStateMax'})]],
+    'WatchdogStartTime' : [ 0x160, ['unsigned long long']],
+    'ActionWorkerThread' : [ 0x168, ['pointer', ['_KTHREAD']]],
+    'PromoteActionWorkerThread' : [ 0x16c, ['pointer', ['_KTHREAD']]],
+    'UnlockAfterSleepWorkerThread' : [ 0x170, ['pointer', ['_KTHREAD']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'Stamp' : [ 0x10, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_RELATION_LIST' : [ 0x8, {
+    'DeviceObjectList' : [ 0x0, ['pointer', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x4, ['unsigned char']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x40, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadActive' : [ 0x10, ['unsigned char']],
+    'ThreadPriorityStatic' : [ 0x11, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x14, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+    'ThreadCount' : [ 0x28, ['long']],
+    'Gate' : [ 0x2c, ['_KGATE']],
+    'ThreadContext' : [ 0x3c, ['pointer', ['_MI_ZERO_THREAD_CONTEXT']]],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x10, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'StackLimit' : [ 0x4, ['unsigned long']],
+    'KernelStack' : [ 0x8, ['unsigned long']],
+    'InitialStack' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x28, {
+    'ComponentActive' : [ 0x0, ['pointer', ['void']]],
+    'ComponentIdle' : [ 0x4, ['pointer', ['void']]],
+    'ComponentIdleState' : [ 0x8, ['pointer', ['void']]],
+    'DevicePowerRequired' : [ 0xc, ['pointer', ['void']]],
+    'DevicePowerNotRequired' : [ 0x10, ['pointer', ['void']]],
+    'PowerControl' : [ 0x14, ['pointer', ['void']]],
+    'ComponentCriticalTransition' : [ 0x18, ['pointer', ['void']]],
+    'DripsWatchdogCallback' : [ 0x1c, ['pointer', ['void']]],
+    'DirectedPowerUpCallback' : [ 0x20, ['pointer', ['void']]],
+    'DirectedPowerDownCallback' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x8, ['pointer', ['void']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'SharedWaiters' : [ 0x10, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x14, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x8, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_GIC' : [ 0x4, {
+    'LineNumber' : [ 0x0, ['unsigned long']],
+} ],
+  '_WAITING_IRP' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'CompletionRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'Information' : [ 0x18, ['unsigned long']],
+    'BreakAllRH' : [ 0x1c, ['unsigned char']],
+    'OplockBreakNotify' : [ 0x1d, ['unsigned char']],
+    'FileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler2' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0xc, {
+    'NextPage' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'VerifierEntry' : [ 0x4, ['pointer', ['void']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x88, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x20, ['unsigned long long']],
+    'UnscaledTime' : [ 0x28, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x30, ['long long']],
+    'ScaledTime' : [ 0x38, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x48, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x50, ['unsigned long long']],
+    'UserTimeLast' : [ 0x58, ['unsigned long']],
+    'KernelTimeLast' : [ 0x5c, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x60, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x68, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x80, ['unsigned char']],
+    'CounterDiscardsIdleTime' : [ 0x81, ['unsigned char']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x320, {
+    'ContextFrame' : [ 0x0, ['_CONTEXT']],
+    'SpecialRegisters' : [ 0x2cc, ['_KSPECIAL_REGISTERS']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x28, {
+    'InstantaneousRead' : [ 0x0, ['pointer', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'DiscardIdleTime' : [ 0x22, ['unsigned char']],
+    'Scaling' : [ 0x23, ['unsigned char']],
+    'Context' : [ 0x24, ['unsigned long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x18, {
+    'Next' : [ 0x0, ['pointer', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'Hint' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x58, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x8, ['pointer', ['void']]],
+    'ProcessObject' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x10, ['pointer', ['void']]],
+    'RealtimeConnectContext' : [ 0x14, ['pointer', ['void']]],
+    'DisconnectEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x1c, ['pointer', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x20, ['pointer', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x24, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x28, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x2c, ['unsigned long']],
+    'LoggerId' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned char']],
+    'ShutDownRequested' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x34, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x40, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x44, ['unsigned long']],
+    'UserPagesReused' : [ 0x48, ['unsigned long']],
+    'EventsLostCount' : [ 0x4c, ['pointer', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x50, ['pointer', ['unsigned long']]],
+    'SiloState' : [ 0x54, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_PAE_PAGEINFO' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'PageFrameNumber' : [ 0x8, ['unsigned long']],
+    'EntriesInUse' : [ 0xc, ['unsigned long']],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  'wil_details_FeatureProperties' : [ 0x4, {
+    'enabledState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'isVariant' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'queuedForReporting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'hasNotificationState' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'usageCount' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 15, native_type='unsigned long')]],
+    'usageCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'reportedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'reportedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'reportedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'reportedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'recordedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'recordedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'recordedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'recordedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'opportunityCount' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 31, native_type='unsigned long')]],
+    'opportunityCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x138, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x28, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x30, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x38, ['unsigned long']],
+    'ClonedPageCount' : [ 0x40, ['unsigned long long']],
+    'CurrentMap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x4c, ['pointer', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x50, ['unsigned long']],
+    'LoaderMdl' : [ 0x54, ['pointer', ['_MDL']]],
+    'AllocatedMdl' : [ 0x58, ['pointer', ['_MDL']]],
+    'PagesOut' : [ 0x60, ['unsigned long long']],
+    'IoPages' : [ 0x68, ['pointer', ['void']]],
+    'IoPagesCount' : [ 0x6c, ['unsigned long']],
+    'CurrentMcb' : [ 0x70, ['pointer', ['void']]],
+    'DumpStack' : [ 0x74, ['pointer', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x78, ['pointer', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0x7c, ['unsigned long']],
+    'Status' : [ 0x80, ['long']],
+    'GraphicsProc' : [ 0x84, ['unsigned long']],
+    'MemoryImage' : [ 0x88, ['pointer', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0x8c, ['pointer', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0x90, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0x98, ['pointer', ['void']]],
+    'ResumeContext' : [ 0x9c, ['pointer', ['void']]],
+    'ResumeContextPages' : [ 0xa0, ['unsigned long']],
+    'ProcessorCount' : [ 0xa4, ['unsigned long']],
+    'ProcessorContext' : [ 0xa8, ['pointer', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0xac, ['pointer', ['unsigned char']]],
+    'ProdConsSize' : [ 0xb0, ['unsigned long']],
+    'MaxDataPages' : [ 0xb4, ['unsigned long']],
+    'ExtraBuffer' : [ 0xb8, ['pointer', ['void']]],
+    'ExtraBufferSize' : [ 0xbc, ['unsigned long']],
+    'ExtraMapVa' : [ 0xc0, ['pointer', ['void']]],
+    'BitlockerKeyPFN' : [ 0xc4, ['unsigned long']],
+    'IoInfo' : [ 0xc8, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x128, ['pointer', ['wchar']]],
+    'IoChecksumsSize' : [ 0x12c, ['unsigned long']],
+    'HardwareConfigurationSignature' : [ 0x130, ['unsigned long']],
+    'SecureBoot' : [ 0x134, ['unsigned char']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x4, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2d5c' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0x6c, {
+    'Parent' : [ 0x0, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x4, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0xc, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'Root' : [ 0x1c, ['pointer', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x20, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x24, ['__unnamed_2d5c']],
+    'ChildrenCount' : [ 0x28, ['long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'ParentStackTrace' : [ 0x4c, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x8, {
+    'p' : [ 0x0, ['pointer', ['void']]],
+    'RangeSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x80, {
+    'PeakCommitment' : [ 0x0, ['unsigned long']],
+    'TotalCommitLimitMaximum' : [ 0x4, ['unsigned long']],
+    'Popups' : [ 0x8, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x10, ['unsigned long']],
+    'HighCommitThreshold' : [ 0x14, ['unsigned long']],
+    'EventLock' : [ 0x18, ['unsigned long']],
+    'SystemCommitReserve' : [ 0x1c, ['unsigned long']],
+    'OverCommit' : [ 0x40, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x2c, {
+    'Sibling' : [ 0x0, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'CallerType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x8, ['unsigned long']],
+    'DevicePathOffset' : [ 0xc, ['unsigned long']],
+    'ReasonOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_SOURCE_CONFIGURATION_DD' : [ 0x10, {
+    'Initialize' : [ 0x0, ['pointer', ['void']]],
+    'Uninitialize' : [ 0x4, ['pointer', ['void']]],
+    'Ready' : [ 0x8, ['pointer', ['void']]],
+    'Correct' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x38, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x2c, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x24, {
+    'InitiatingThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ThreadId' : [ 0x8, ['pointer', ['void']]],
+    'ProcessId' : [ 0xc, ['pointer', ['void']]],
+    'Code' : [ 0x10, ['unsigned long']],
+    'Parameter1' : [ 0x14, ['unsigned long']],
+    'Parameter2' : [ 0x18, ['unsigned long']],
+    'Parameter3' : [ 0x1c, ['unsigned long']],
+    'Parameter4' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x2c, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ProbeMode' : [ 0x8, ['unsigned char']],
+    'PagedPoolCharge' : [ 0xc, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x10, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x14, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x18, ['pointer', ['void']]],
+    'SecurityQos' : [ 0x1c, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x20, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x40f0, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x14, ['unsigned long']],
+    'ResourceAddressRange' : [ 0x18, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x2010, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x2014, ['unsigned long']],
+    'ThreadAddressRange' : [ 0x2018, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x4010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x4014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x4018, ['unsigned long']],
+    'NodesSearched' : [ 0x401c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x4020, ['unsigned long']],
+    'SequenceNumber' : [ 0x4024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x4028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x402c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x4030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x4034, ['unsigned long']],
+    'StackLimitHits' : [ 0x4038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x403c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x4040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x4044, ['unsigned long']],
+    'TotalReleases' : [ 0x4048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x404c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x4050, ['unsigned long']],
+    'Instigator' : [ 0x4054, ['pointer', ['void']]],
+    'NumberOfParticipants' : [ 0x4058, ['unsigned long']],
+    'Participant' : [ 0x405c, ['array', 32, ['pointer', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x40dc, ['long']],
+    'StackType' : [ 0x40e0, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'DebuggerStackLimits', 8: u'NmiStackLimits', 9: u'MachineCheckStackLimits', 10: u'ExceptionStackLimits', 11: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x40e4, ['unsigned long']],
+    'StackHighLimit' : [ 0x40e8, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x10, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x20, ['pointer', ['_KDPC']]],
+    'Period' : [ 0x24, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x4, {
+    'PageHashes' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x8, ['unsigned long']],
+    'Alternatives' : [ 0xc, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'WorkSpace' : [ 0x1c, ['long']],
+    'InterfaceType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x24, ['unsigned long']],
+    'BusNumber' : [ 0x28, ['unsigned long']],
+    'Assignment' : [ 0x2c, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x30, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x38, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x4, ['long']],
+    'PrefetchSeekThreshold' : [ 0x8, ['long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'InPageSinglePages' : [ 0x24, ['unsigned long']],
+    'DelayPageFaults' : [ 0x28, ['long']],
+    'FileCompressionBoundary' : [ 0x2c, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x30, ['unsigned char']],
+} ],
+  '__unnamed_2da3' : [ 0x4, {
+    'EntryBecameEmpty' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'AllFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_SLAB_ALLOCATOR_CONTEXT' : [ 0x48, {
+    'AllocationsTree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x8, ['long']],
+    'SlabEntryHint' : [ 0xc, ['pointer', ['_MI_SLAB_ALLOCATOR_ENTRY']]],
+    'FreePageCount' : [ 0x10, ['unsigned long']],
+    'SlabEntryCount' : [ 0x14, ['unsigned long']],
+    'Type' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'MiSlabAllocatorTypeSlatProtected', 1: u'MiSlabAllocatorTypeUnprotected', 2: u'MiSlabAllocatorTypeMax'})]],
+    'Protection' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'MiSlabAllocatorProtectionReadExecute', 1: u'MiSlabAllocatorProtectionReadOnly', 2: u'MiSlabAllocatorProtectionNoAccess', 3: u'MiSlabAllocatorProtectionReadWrite', 4: u'MiSlabAllocatorProtectionMax'})]],
+    'Flags' : [ 0x20, ['__unnamed_2da3']],
+    'StandbyList' : [ 0x24, ['_MMPFNLIST']],
+    'LastReplenishTime' : [ 0x38, ['unsigned long long']],
+    'LastFailureTime' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x48, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long']],
+    'PfnDecayFreeSList' : [ 0x8, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x10, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x14, ['_KDPC']],
+    'PageHeatListSlist' : [ 0x38, ['_SLIST_HEADER']],
+    'PageHeatListDisableAllocation' : [ 0x40, ['long']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x4, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x128, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x104, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x124, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x8, ['pointer', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x10, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_PCI' : [ 0x10, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'PciSegmentNumber' : [ 0x0, ['unsigned short']],
+    'PhantomFunctionBits' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned short')]],
+    'BusRange' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DevicePathLength' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'StartBusNumber' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Bdf' : [ 0x4, ['unsigned short']],
+    'SubordinateBus' : [ 0x4, ['unsigned char']],
+    'SecondaryBus' : [ 0x5, ['unsigned char']],
+    'DevicePath' : [ 0x8, ['pointer', ['wchar']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x1c, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'InitialInPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x8, ['pointer', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0xc, ['unsigned long']],
+    'Node' : [ 0x10, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x20, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'CommonPageCombineDomain' : [ 0x10, ['unsigned long long']],
+    'CommonCombineDomainAssigned' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0x50, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Type' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_PTE_TRACKER' : [ 0x44, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'Count' : [ 0xc, ['unsigned long']],
+    'SystemVa' : [ 0x10, ['pointer', ['void']]],
+    'StartVa' : [ 0x14, ['pointer', ['void']]],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'IoMapping' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x24, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x24, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x24, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x24, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x28, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x18, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Next' : [ 0x14, ['pointer', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0xc, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_MMPAGING_FILE' : [ 0xa8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'MinimumSize' : [ 0x8, ['unsigned long']],
+    'FreeSpace' : [ 0xc, ['unsigned long']],
+    'PeakUsage' : [ 0x10, ['unsigned long']],
+    'HighestPage' : [ 0x14, ['unsigned long']],
+    'FreeReservationSpace' : [ 0x18, ['unsigned long']],
+    'File' : [ 0x1c, ['pointer', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x20, ['array', 2, ['pointer', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'PfnsToFree' : [ 0x28, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x30, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x38, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x3c, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x40, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x44, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x48, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x4c, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x50, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x54, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0x5c, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0x64, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0x6c, ['pointer', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0x70, ['unsigned long']],
+    'HybridPriority' : [ 0x70, ['unsigned long']],
+    'PageFileNumber' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'Spare0' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x76, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x76, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0x77, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0x77, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0x78, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0x7c, ['unsigned long']],
+    'PageHash' : [ 0x80, ['pointer', ['unsigned long']]],
+    'FileHandle' : [ 0x84, ['pointer', ['void']]],
+    'Lock' : [ 0x88, ['unsigned long']],
+    'LockOwner' : [ 0x8c, ['pointer', ['_ETHREAD']]],
+    'FlowThroughReadRoot' : [ 0x90, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x94, ['pointer', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x98, ['_RTL_BALANCED_NODE']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x88, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x8, ['array', 32, ['unsigned long']]],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x1c, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x10, ['long']],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'WatchdogTimerInfo' : [ 0x18, ['pointer', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x10, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x14, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x4, ['_RTL_AVL_TREE']],
+    'ActiveZeroSpinLock' : [ 0x8, ['long']],
+    'ActiveZeroThreadTree' : [ 0xc, ['_RTL_AVL_TREE']],
+    'NumberOfLargePageListHeads' : [ 0x10, ['unsigned long']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x28, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x18, ['unsigned long']],
+    'ModuleSize' : [ 0x1c, ['unsigned long']],
+    'Offset' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_2dfd' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2dff' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2dfd']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2dff']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x204, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'HashTable' : [ 0x4, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x8, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x4, ['pointer', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'LowboxMap' : [ 0xc, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x60, {
+    'DumpMdl' : [ 0x0, ['pointer', ['_MDL']]],
+    'IoStatus' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x8, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x10, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x18, ['unsigned long long']],
+    'RequestSize' : [ 0x20, ['unsigned long long']],
+    'IoLocation' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x30, ['unsigned long long']],
+    'Buffer' : [ 0x38, ['pointer', ['void']]],
+    'AsyncCapable' : [ 0x3c, ['unsigned char']],
+    'BytesToRead' : [ 0x40, ['unsigned long long']],
+    'Pages' : [ 0x48, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x50, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x58, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x38, {
+    'SidHash' : [ 0x0, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x8, ['pointer', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0xc, ['_LUID']],
+    'TokenType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x1c, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'AppContainerNumber' : [ 0x24, ['unsigned long']],
+    'PackageSid' : [ 0x28, ['pointer', ['void']]],
+    'CapabilitiesHash' : [ 0x2c, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x30, ['pointer', ['void']]],
+    'SecurityAttributes' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x4, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 28, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x0, ['long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x1c, {
+    'SourceProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x4, ['pointer', ['void']]],
+    'Object' : [ 0x8, ['pointer', ['void']]],
+    'TargetAccess' : [ 0xc, ['unsigned long']],
+    'ObjectInfo' : [ 0x10, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x10, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0xc, ['pointer', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x14, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x8, ['pointer', ['void']]],
+    'Key' : [ 0xc, ['unsigned long']],
+    'BindingProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_DMA_IOMMU_INTERFACE' : [ 0x38, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'CreateDomain' : [ 0x4, ['pointer', ['void']]],
+    'DeleteDomain' : [ 0x8, ['pointer', ['void']]],
+    'AttachDevice' : [ 0xc, ['pointer', ['void']]],
+    'DetachDevice' : [ 0x10, ['pointer', ['void']]],
+    'FlushDomain' : [ 0x14, ['pointer', ['void']]],
+    'FlushDomainByVaList' : [ 0x18, ['pointer', ['void']]],
+    'QueryInputMappings' : [ 0x1c, ['pointer', ['void']]],
+    'MapLogicalRange' : [ 0x20, ['pointer', ['void']]],
+    'UnmapLogicalRange' : [ 0x24, ['pointer', ['void']]],
+    'MapIdentityRange' : [ 0x28, ['pointer', ['void']]],
+    'UnmapIdentityRange' : [ 0x2c, ['pointer', ['void']]],
+    'SetDeviceFaultReporting' : [ 0x30, ['pointer', ['void']]],
+    'ConfigureDomain' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x10, {
+    'Va' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'Pattern' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0x8, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0x8, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0xc, ['unsigned long']],
+} ],
+  '_HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS' : [ 0x8, {
+    'SmallPagesInUseWithinLarge' : [ 0x0, ['unsigned long']],
+    'OpportunisticLargePageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2e6c' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_2e6c']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_IMAGE_SWITCHTABLE_BRANCH_DYNAMIC_RELOCATION' : [ 0x2, {
+    'PageRelativeOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'RegisterNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'HistoryList' : [ 0x1c, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x4, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_CMSI_PROCESS_TUPLE' : [ 0x8, {
+    'ProcessHandle' : [ 0x0, ['pointer', ['void']]],
+    'ProcessReference' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HEAP_FAILURE_INFORMATION' : [ 0x3d0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'StructureSize' : [ 0x4, ['unsigned long']],
+    'FailureType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'heap_failure_internal', 1: u'heap_failure_unknown', 2: u'heap_failure_generic', 3: u'heap_failure_entry_corruption', 4: u'heap_failure_multiple_entries_corruption', 5: u'heap_failure_virtual_block_corruption', 6: u'heap_failure_buffer_overrun', 7: u'heap_failure_buffer_underrun', 8: u'heap_failure_block_not_busy', 9: u'heap_failure_invalid_argument', 10: u'heap_failure_invalid_allocation_type', 11: u'heap_failure_usage_after_free', 12: u'heap_failure_cross_heap_operation', 13: u'heap_failure_freelists_corruption', 14: u'heap_failure_listentry_corruption', 15: u'heap_failure_lfh_bitmap_mismatch', 16: u'heap_failure_segment_lfh_bitmap_corruption', 17: u'heap_failure_segment_lfh_double_free', 18: u'heap_failure_vs_subsegment_corruption', 19: u'heap_failure_null_heap', 20: u'heap_failure_allocation_limit', 21: u'heap_failure_commit_limit', 22: u'heap_failure_invalid_va_mgr_query'})]],
+    'HeapAddress' : [ 0xc, ['pointer', ['void']]],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Param1' : [ 0x14, ['pointer', ['void']]],
+    'Param2' : [ 0x18, ['pointer', ['void']]],
+    'Param3' : [ 0x1c, ['pointer', ['void']]],
+    'PreviousBlock' : [ 0x20, ['pointer', ['void']]],
+    'NextBlock' : [ 0x24, ['pointer', ['void']]],
+    'ExpectedDecodedEntry' : [ 0x28, ['_FAKE_HEAP_ENTRY']],
+    'StackTrace' : [ 0x30, ['array', 32, ['pointer', ['void']]]],
+    'HeapMajorVersion' : [ 0xb0, ['unsigned char']],
+    'HeapMinorVersion' : [ 0xb1, ['unsigned char']],
+    'ExceptionRecord' : [ 0xb4, ['_EXCEPTION_RECORD']],
+    'ContextRecord' : [ 0x104, ['_CONTEXT']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_KTM' : [ 0x238, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x4, ['_KMUTANT']],
+    'State' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x28, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x3c, ['_GUID']],
+    'Flags' : [ 0x4c, ['unsigned long']],
+    'VolatileFlags' : [ 0x50, ['unsigned long']],
+    'LogFileName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x5c, ['pointer', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0x60, ['pointer', ['void']]],
+    'LogManagementContext' : [ 0x64, ['pointer', ['void']]],
+    'Transactions' : [ 0x68, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0xc8, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x128, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x148, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x150, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x158, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x178, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x180, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x188, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x190, ['pointer', ['void']]],
+    'TmRm' : [ 0x194, ['pointer', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x198, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x1b8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x1c0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x1d0, ['_ERESOURCE']],
+    'LogFlags' : [ 0x208, ['unsigned long']],
+    'LogFullStatus' : [ 0x20c, ['long']],
+    'RecoveryStatus' : [ 0x210, ['long']],
+    'LastCheckBaseLsn' : [ 0x218, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x220, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x228, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x8, {
+    'CurrentIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'PendingIrpList' : [ 0x4, ['pointer', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x2c, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x8, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x14, ['pointer', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x18, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x18, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0xa8, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x34, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'PackagedBinary' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x34, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x34, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x34, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x34, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x34, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x34, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x34, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x34, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x34, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x34, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x34, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x34, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x34, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x34, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x34, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x34, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x34, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ChpeImage' : [ 0x34, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x34, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x34, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x34, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x38, ['unsigned short']],
+    'TlsIndex' : [ 0x3a, ['unsigned short']],
+    'HashLinks' : [ 0x3c, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x48, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x4c, ['pointer', ['void']]],
+    'DdagNode' : [ 0x50, ['pointer', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0x54, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0x5c, ['pointer', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0x60, ['pointer', ['void']]],
+    'SwitchBackContext' : [ 0x64, ['pointer', ['void']]],
+    'BaseAddressIndexNode' : [ 0x68, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0x74, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0x80, ['unsigned long']],
+    'LoadTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x90, ['unsigned long']],
+    'LoadReason' : [ 0x94, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', 7: u'LoadReasonEnclavePrimary', 8: u'LoadReasonEnclaveDependency', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x98, ['unsigned long']],
+    'ReferenceCount' : [ 0x9c, ['unsigned long']],
+    'DependentLoadFlags' : [ 0xa0, ['unsigned long']],
+    'SigningLevel' : [ 0xa4, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2ea7' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2ea9' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_2eab' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_2ea7']],
+    'e2' : [ 0x0, ['__unnamed_2ea9']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_2eab']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'DueTickCount' : [ 0xc, ['unsigned long']],
+    'Inserted' : [ 0x10, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x11, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x12, ['unsigned short']],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x1d0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x34, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0x68, ['unsigned long']],
+    'NumberOfMappedMdlsInUse' : [ 0x6c, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0x70, ['unsigned long']],
+    'MappedFileHeader' : [ 0x74, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0x8c, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0x8d, ['unsigned char']],
+    'ModwriterActive' : [ 0x8e, ['unsigned char']],
+    'TransitionInserted' : [ 0x8f, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0x90, ['long']],
+    'LastMappedWriteError' : [ 0x94, ['long']],
+    'MappedFileWriteSucceeded' : [ 0x98, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0x9c, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xa0, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0xa4, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0xb4, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0xb8, ['unsigned long']],
+    'ModifiedPageWriterEvent' : [ 0xbc, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0xcc, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0xdc, ['long']],
+    'WriteAllMappedPages' : [ 0xe0, ['long']],
+    'MappedPageWriterEvent' : [ 0xe4, ['_KEVENT']],
+    'ModWriteData' : [ 0xf8, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x128, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x138, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x150, ['pointer', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x154, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x158, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x168, ['unsigned long']],
+    'ClusterRestrictionLock' : [ 0x16c, ['long']],
+    'ClusterRestrictions' : [ 0x170, ['array', 2, ['_MI_RESTRICTED_MODWRITES']]],
+    'NotifyStoreMemoryConditions' : [ 0x178, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x188, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x18c, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x190, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x194, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x1a8, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x1b0, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x1c0, ['long']],
+    'WorkingSetSwapLock' : [ 0x1c4, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x1c8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x4, ['long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x10, ['pointer', ['void']]],
+    'WhichOrderedElement' : [ 0x14, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x18, ['unsigned long']],
+    'DepthOfTree' : [ 0x1c, ['unsigned long']],
+    'RestartKey' : [ 0x20, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x24, ['unsigned long']],
+    'CompareRoutine' : [ 0x28, ['pointer', ['void']]],
+    'AllocateRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'FreeRoutine' : [ 0x30, ['pointer', ['void']]],
+    'TableContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_EXTENT_DELETION_WAIT_BLOCK' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_MI_EXTENT_DELETION_WAIT_BLOCK']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+} ],
+  '_HAL_INTEL_ENLIGHTENMENT_INFORMATION' : [ 0xf8, {
+    'Enlightenments' : [ 0x0, ['unsigned long']],
+    'HypervisorConnected' : [ 0x4, ['unsigned long']],
+    'EndOfInterrupt' : [ 0x8, ['pointer', ['void']]],
+    'ApicWriteIcr' : [ 0xc, ['pointer', ['void']]],
+    'Reserved0' : [ 0x10, ['unsigned long']],
+    'SpinCountMask' : [ 0x14, ['unsigned long']],
+    'LongSpinWait' : [ 0x18, ['pointer', ['void']]],
+    'GetReferenceTime' : [ 0x1c, ['pointer', ['void']]],
+    'SetSystemSleepProperty' : [ 0x20, ['pointer', ['void']]],
+    'EnterSleepState' : [ 0x24, ['pointer', ['void']]],
+    'NotifyDebugDeviceAvailable' : [ 0x28, ['pointer', ['void']]],
+    'MapDeviceInterrupt' : [ 0x2c, ['pointer', ['void']]],
+    'UnmapDeviceInterrupt' : [ 0x30, ['pointer', ['void']]],
+    'RetargetDeviceInterrupt' : [ 0x34, ['pointer', ['void']]],
+    'SetHpetConfig' : [ 0x38, ['pointer', ['void']]],
+    'NotifyHpetEnabled' : [ 0x3c, ['pointer', ['void']]],
+    'QueryAssociatedProcessors' : [ 0x40, ['pointer', ['void']]],
+    'ReadMultipleMsr' : [ 0x44, ['pointer', ['void']]],
+    'WriteMultipleMsr' : [ 0x48, ['pointer', ['void']]],
+    'ReadCpuid' : [ 0x4c, ['pointer', ['void']]],
+    'LpWritebackInvalidate' : [ 0x50, ['pointer', ['void']]],
+    'GetMachineCheckContext' : [ 0x54, ['pointer', ['void']]],
+    'SuspendPartition' : [ 0x58, ['pointer', ['void']]],
+    'ResumePartition' : [ 0x5c, ['pointer', ['void']]],
+    'SetSystemMachineCheckProperty' : [ 0x60, ['pointer', ['void']]],
+    'WheaErrorNotification' : [ 0x64, ['pointer', ['void']]],
+    'GetProcessorIndexFromVpIndex' : [ 0x68, ['pointer', ['void']]],
+    'SyntheticClusterIpi' : [ 0x6c, ['pointer', ['void']]],
+    'VpStartEnabled' : [ 0x70, ['pointer', ['void']]],
+    'StartVirtualProcessor' : [ 0x74, ['pointer', ['void']]],
+    'GetVpIndexFromApicId' : [ 0x78, ['pointer', ['void']]],
+    'IumAccessPciDevice' : [ 0x7c, ['pointer', ['void']]],
+    'IumEfiRuntimeService' : [ 0x80, ['pointer', ['void']]],
+    'SvmGetSystemCapabilities' : [ 0x84, ['pointer', ['void']]],
+    'SvmGetDeviceCapabilities' : [ 0x88, ['pointer', ['void']]],
+    'SvmCreatePasidSpace' : [ 0x8c, ['pointer', ['void']]],
+    'SvmSetPasidAddressSpace' : [ 0x90, ['pointer', ['void']]],
+    'SvmFlushPasid' : [ 0x94, ['pointer', ['void']]],
+    'SvmAttachPasidSpace' : [ 0x98, ['pointer', ['void']]],
+    'SvmDetachPasidSpace' : [ 0x9c, ['pointer', ['void']]],
+    'SvmEnablePasid' : [ 0xa0, ['pointer', ['void']]],
+    'SvmDisablePasid' : [ 0xa4, ['pointer', ['void']]],
+    'SvmAcknowledgePageRequest' : [ 0xa8, ['pointer', ['void']]],
+    'SvmCreatePrQueue' : [ 0xac, ['pointer', ['void']]],
+    'SvmDeletePrQueue' : [ 0xb0, ['pointer', ['void']]],
+    'SvmClearPrqStalled' : [ 0xb4, ['pointer', ['void']]],
+    'SvmSetDeviceEnabled' : [ 0xb8, ['pointer', ['void']]],
+    'HvDebuggerPowerHandler' : [ 0xbc, ['pointer', ['void']]],
+    'SetQpcBias' : [ 0xc0, ['pointer', ['void']]],
+    'GetQpcBias' : [ 0xc4, ['pointer', ['void']]],
+    'RegisterDeviceId' : [ 0xc8, ['pointer', ['void']]],
+    'UnregisterDeviceId' : [ 0xcc, ['pointer', ['void']]],
+    'AllocateDeviceDomain' : [ 0xd0, ['pointer', ['void']]],
+    'AttachDeviceDomain' : [ 0xd4, ['pointer', ['void']]],
+    'DetachDeviceDomain' : [ 0xd8, ['pointer', ['void']]],
+    'DeleteDeviceDomain' : [ 0xdc, ['pointer', ['void']]],
+    'MapDeviceLogicalRange' : [ 0xe0, ['pointer', ['void']]],
+    'UnmapDeviceLogicalRange' : [ 0xe4, ['pointer', ['void']]],
+    'MapDeviceSparsePages' : [ 0xe8, ['pointer', ['void']]],
+    'UnmapDeviceSparsePages' : [ 0xec, ['pointer', ['void']]],
+    'GetDmaGuardEnabled' : [ 0xf0, ['pointer', ['void']]],
+    'UpdateMicrocode' : [ 0xf4, ['pointer', ['void']]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x4, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x8, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+    'ContentionCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x1c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x1e, ['unsigned short']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0xd8, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['unsigned char']],
+    'DripsRequiredState' : [ 0x8, ['unsigned long']],
+    'Level' : [ 0xc, ['long']],
+    'ActiveStamp' : [ 0x10, ['long long']],
+    'CsActiveTimeAccounting' : [ 0x18, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+    'CsCriticalActiveTimeAccounting' : [ 0x78, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_RETPOLINE_BINARY_INFO' : [ 0x1c, {
+    'RetpolineStubsStartRva' : [ 0x0, ['long']],
+    'CfgDispatchFunctionPtrRva' : [ 0x4, ['unsigned long']],
+    'IATRva' : [ 0x8, ['unsigned long']],
+    'ImportRvas' : [ 0xc, ['pointer', ['long']]],
+    'IAT' : [ 0x10, ['pointer', ['unsigned long']]],
+    'ImageBase' : [ 0x14, ['pointer', ['void']]],
+    'CheckFunction' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_DOMAIN_CONFIGURATION' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DomainConfigurationArm64', 1: u'DomainConfigurationInvalid'})]],
+    'Arm64' : [ 0x8, ['_DOMAIN_CONFIGURATION_ARM64']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x3c, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x30, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_POP_FX_DEVICE_DIRECTED_TRANSITION_STATE' : [ 0xc, {
+    'CompletionContext' : [ 0x0, ['pointer', ['void']]],
+    'CompletionStatus' : [ 0x4, ['long']],
+    'DIrpPending' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DIrpCompleted' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MI_FREE_LARGE_PAGE_LIST' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x170, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x14, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x30, ['pointer', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x34, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x3c, ['long']],
+    'ActiveEvent' : [ 0x40, ['_KEVENT']],
+    'IdleLock' : [ 0x50, ['unsigned long']],
+    'IdleConditionComplete' : [ 0x54, ['long']],
+    'IdleStateComplete' : [ 0x58, ['long']],
+    'IdleStamp' : [ 0x60, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x68, ['unsigned long']],
+    'IdleStateCount' : [ 0x6c, ['unsigned long']],
+    'IdleStates' : [ 0x70, ['pointer', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0x74, ['unsigned long']],
+    'ProviderCount' : [ 0x78, ['unsigned long']],
+    'Providers' : [ 0x7c, ['pointer', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0x80, ['unsigned long']],
+    'DependentCount' : [ 0x84, ['unsigned long']],
+    'Dependents' : [ 0x88, ['pointer', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0x90, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0x168, ['pointer', ['_POP_FX_PERF_INFO']]],
+    'PowerProfile' : [ 0x16c, ['pointer', ['_POP_COMPONENT_POWER_PROFILE']]],
+} ],
+  '_ISRDPCSTATS' : [ 0x40, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 15, ['unsigned char']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 8, ['_M128A']]],
+    'Reserved4' : [ 0x120, ['array', 224, ['unsigned char']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'Unused' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Reserved2' : [ 0x14, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer', ['void']]],
+    'Reserved3' : [ 0x1c, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x18, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '__unnamed_2f9f' : [ 0xc, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Arm' : [ 0x0, ['_ARM_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0xc8, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OsLoaderSecurityVersion' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'EarlyLaunchListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'CoreDriverListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'CoreExtensionsDriverListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'TpmCoreDriverListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x48, ['unsigned long']],
+    'Prcb' : [ 0x4c, ['unsigned long']],
+    'Process' : [ 0x50, ['unsigned long']],
+    'Thread' : [ 0x54, ['unsigned long']],
+    'KernelStackSize' : [ 0x58, ['unsigned long']],
+    'RegistryLength' : [ 0x5c, ['unsigned long']],
+    'RegistryBase' : [ 0x60, ['pointer', ['void']]],
+    'ConfigurationRoot' : [ 0x64, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0x68, ['pointer', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0x6c, ['pointer', ['unsigned char']]],
+    'NtBootPathName' : [ 0x70, ['pointer', ['unsigned char']]],
+    'NtHalPathName' : [ 0x74, ['pointer', ['unsigned char']]],
+    'LoadOptions' : [ 0x78, ['pointer', ['unsigned char']]],
+    'NlsData' : [ 0x7c, ['pointer', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0x80, ['pointer', ['_ARC_DISK_INFORMATION']]],
+    'Extension' : [ 0x84, ['pointer', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0x88, ['__unnamed_2f9f']],
+    'FirmwareInformation' : [ 0x94, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+    'OsBootstatPathName' : [ 0xbc, ['pointer', ['unsigned char']]],
+    'ArcOSDataDeviceName' : [ 0xc0, ['pointer', ['unsigned char']]],
+    'ArcWindowsSysPartName' : [ 0xc4, ['pointer', ['unsigned char']]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x8, {
+    'Stream' : [ 0x0, ['pointer', ['void']]],
+    'Detail' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2fa7' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_2fa7']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x8, ['unsigned char']],
+    'Disowned' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0xa, ['unsigned char']],
+    'IsWaiting' : [ 0xb, ['unsigned char']],
+    'LockAddress' : [ 0xc, ['pointer', ['void']]],
+    'ThreadAddress' : [ 0x10, ['pointer', ['void']]],
+    'SublistHead' : [ 0x14, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0x54, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long']],
+    'AllocatedNonPagedPool' : [ 0x4, ['unsigned long']],
+    'BadPoolHead' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0xc, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x10, ['unsigned char']],
+    'LowPagedPoolThreshold' : [ 0x14, ['unsigned long']],
+    'HighPagedPoolThreshold' : [ 0x18, ['unsigned long']],
+    'PermittedFaultsLock' : [ 0x1c, ['long']],
+    'PermittedFaultsTree' : [ 0x20, ['_RTL_AVL_TREE']],
+    'PermittedFaultsInitialNode' : [ 0x24, ['array', 2, ['_MI_ACCESS_VIOLATION_RANGE']]],
+    'TotalPagedPoolQuota' : [ 0x4c, ['unsigned long']],
+    'TotalNonPagedPoolQuota' : [ 0x50, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x30, {
+    'TransferAddress' : [ 0x0, ['pointer', ['void']]],
+    'ZeroBits' : [ 0x4, ['unsigned long']],
+    'MaximumStackSize' : [ 0x8, ['unsigned long']],
+    'CommittedStackSize' : [ 0xc, ['unsigned long']],
+    'SubSystemType' : [ 0x10, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x14, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x16, ['unsigned short']],
+    'SubSystemVersion' : [ 0x14, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x18, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x1a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x18, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x1c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x1e, ['unsigned short']],
+    'Machine' : [ 0x20, ['unsigned short']],
+    'ImageContainsCode' : [ 0x22, ['unsigned char']],
+    'ImageFlags' : [ 0x23, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x23, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x23, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x23, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x23, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x23, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x23, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x23, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x24, ['unsigned long']],
+    'ImageFileSize' : [ 0x28, ['unsigned long']],
+    'CheckSum' : [ 0x2c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x1c, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'ConnectLock' : [ 0x4, ['_KEVENT']],
+    'LineMasked' : [ 0x14, ['unsigned char']],
+    'InterruptList' : [ 0x18, ['pointer', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0xc, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x4, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_WNF_SCOPE_MAP_ENTRY' : [ 0xc, {
+    'MapEntryLock' : [ 0x0, ['_WNF_LOCK']],
+    'MapEntryHead' : [ 0x4, ['_LIST_ENTRY']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x4, ['pointer', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0x180, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaHintIndex' : [ 0x4, ['unsigned long']],
+    'NumaLastRangeIndexInclusive' : [ 0x8, ['unsigned long']],
+    'NumaTableCaptured' : [ 0xc, ['unsigned char']],
+    'NodeShift' : [ 0xd, ['unsigned char']],
+    'ChannelShift' : [ 0xe, ['unsigned char']],
+    'NodeGraph' : [ 0x10, ['pointer', ['_MI_NODE_NUMBER_ZERO_BASED']]],
+    'SystemNodeInformation' : [ 0x14, ['pointer', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'TemporaryNumaRanges' : [ 0x18, ['array', 2, ['_HAL_NODE_RANGE']]],
+    'NumaMemoryRanges' : [ 0x28, ['pointer', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x2c, ['pointer', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'NumaNodeLock' : [ 0x30, ['long']],
+    'SecondLevelCacheSize' : [ 0x34, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x38, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x3c, ['unsigned long']],
+    'ProcessorCachesFlushedOnPowerLoss' : [ 0x40, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x44, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x48, ['unsigned long']],
+    'SecondaryColors' : [ 0x4c, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x50, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x54, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x58, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x5c, ['unsigned long']],
+    'InvalidPteMask' : [ 0x80, ['unsigned long long']],
+    'LargePageColors' : [ 0xc0, ['array', 2, ['unsigned long']]],
+    'FlushTbThreshold' : [ 0xc8, ['unsigned long']],
+    'OptimalZeroingAttribute' : [ 0xcc, ['array', 4, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'MiNonCached', 1: u'MiCached', 2: u'MiWriteCombined', 3: u'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0x10c, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x110, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'HighestPossiblePhysicalPage' : [ 0x130, ['unsigned long']],
+    'VsmKernelPageCount' : [ 0x134, ['unsigned long']],
+    'EnclaveRegions' : [ 0x138, ['_RTL_AVL_TREE']],
+    'EnclaveMetadataPage' : [ 0x13c, ['pointer', ['void']]],
+    'EnclaveMetadataBitMap' : [ 0x140, ['pointer', ['_RTL_BITMAP']]],
+    'EnclaveMetadataEntryLock' : [ 0x144, ['_EX_PUSH_LOCK']],
+    'EnclaveMetadataPageLock' : [ 0x148, ['long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x18, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0xc, ['unsigned char']],
+    'BlocksDrips' : [ 0xd, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x10, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x14, ['pointer', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_EX_PARTITION' : [ 0x10, {
+    'PartitionObject' : [ 0x0, ['pointer', ['_EPARTITION']]],
+    'WorkQueues' : [ 0x4, ['pointer', ['pointer', ['pointer', ['_EX_WORK_QUEUE']]]]],
+    'WorkQueueManagers' : [ 0x8, ['pointer', ['pointer', ['_EX_WORK_QUEUE_MANAGER']]]],
+    'QueueAllocationMask' : [ 0xc, ['long']],
+} ],
+  '__unnamed_2fde' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_2fde']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x8c, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x80, ['unsigned long']],
+    'NumberOfEntries' : [ 0x84, ['unsigned long']],
+    'NumberOfEntriesPeak' : [ 0x88, ['unsigned long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xb0, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x28, ['unsigned long']],
+    'ProbeRaises' : [ 0x2c, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x70, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x78, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x7c, ['unsigned long']],
+    'CheckZeroCount' : [ 0x80, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x84, ['long']],
+    'BadPagesDetected' : [ 0x88, ['long']],
+    'ScrubPasses' : [ 0x8c, ['long']],
+    'ScrubBadPagesFound' : [ 0x90, ['long']],
+    'UserViewFailures' : [ 0x94, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0x98, ['unsigned long']],
+    'UserAllocateFailures' : [ 0x9c, ['unsigned long']],
+    'UserAllocateCollisionFailures' : [ 0xa0, ['unsigned long']],
+    'ResavailFailures' : [ 0xa4, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xac, ['unsigned char']],
+    'InitFailure' : [ 0xad, ['unsigned char']],
+    'StopBadMaps' : [ 0xae, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x1d0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x8, ['pointer', ['_KPRCB']]],
+    'Members' : [ 0xc, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0x18, ['unsigned long']],
+    'ProcessorCount' : [ 0x1c, ['unsigned long']],
+    'EfficiencyClass' : [ 0x20, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0x21, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0x22, ['unsigned char']],
+    'Processors' : [ 0x24, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0x28, ['pointer', ['void']]],
+    'TimeWindowHandler' : [ 0x2c, ['pointer', ['void']]],
+    'BoostPolicyHandler' : [ 0x30, ['pointer', ['void']]],
+    'BoostModeHandler' : [ 0x34, ['pointer', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x38, ['pointer', ['void']]],
+    'AutonomousModeHandler' : [ 0x3c, ['pointer', ['void']]],
+    'ReinitializeHandler' : [ 0x40, ['pointer', ['void']]],
+    'PerfSelectionHandler' : [ 0x44, ['pointer', ['void']]],
+    'PerfControlHandler' : [ 0x48, ['pointer', ['void']]],
+    'DomainPerfControlHandler' : [ 0x4c, ['pointer', ['void']]],
+    'MaxFrequency' : [ 0x50, ['unsigned long']],
+    'NominalFrequency' : [ 0x54, ['unsigned long']],
+    'MaxPercent' : [ 0x58, ['unsigned long']],
+    'MinPerfPercent' : [ 0x5c, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x60, ['unsigned long']],
+    'AdvertizedMaximumFrequency' : [ 0x64, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x68, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x70, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x78, ['unsigned char']],
+    'Coordination' : [ 0x79, ['unsigned char']],
+    'HardPlatformCap' : [ 0x7a, ['unsigned char']],
+    'AffinitizeControl' : [ 0x7b, ['unsigned char']],
+    'EfficientThrottle' : [ 0x7c, ['unsigned char']],
+    'AllowSchedulerDirectedPerfStates' : [ 0x7d, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x7e, ['unsigned char']],
+    'AutonomousMode' : [ 0x7f, ['unsigned char']],
+    'ProvideGuidance' : [ 0x80, ['unsigned char']],
+    'DesiredPercent' : [ 0x84, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x88, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x8c, ['unsigned char']],
+    'QosPolicies' : [ 0x90, ['array', 4, ['_PROC_PERF_QOS_CLASS_POLICY']]],
+    'QosDisableReasons' : [ 0x100, ['array', 4, ['unsigned long']]],
+    'QosEquivalencyMasks' : [ 0x110, ['array', 4, ['unsigned short']]],
+    'QosSupported' : [ 0x118, ['unsigned char']],
+    'SelectionGeneration' : [ 0x11c, ['unsigned long']],
+    'QosSelection' : [ 0x120, ['array', 4, ['_PERF_CONTROL_STATE_SELECTION']]],
+    'PerfChangeTime' : [ 0x1c0, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x1c8, ['unsigned long']],
+    'Force' : [ 0x1cc, ['unsigned char']],
+    'Update' : [ 0x1cd, ['unsigned char']],
+    'Apply' : [ 0x1ce, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x40, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x4, ['unsigned long']],
+    'DummyPagePfn' : [ 0x8, ['pointer', ['_MMPFN']]],
+    'DummyPage' : [ 0xc, ['unsigned long']],
+    'PageOfZeroes' : [ 0x10, ['unsigned long']],
+    'ZeroMapping' : [ 0x14, ['pointer', ['void']]],
+    'OnesMapping' : [ 0x18, ['pointer', ['void']]],
+    'ZeroCrc' : [ 0x20, ['unsigned long long']],
+    'OnesCrc' : [ 0x28, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x30, ['array', 2, ['unsigned long']]],
+    'PfnGapFrames' : [ 0x38, ['array', 2, ['unsigned long']]],
+} ],
+  '_HAL_HV_DMA_DOMAIN_INFO' : [ 0x8, {
+    'DomainId' : [ 0x0, ['unsigned long']],
+    'IsStage1' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x10, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0xc, ['unsigned char']],
+    'Reserved' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x8, {
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+} ],
+  '_SUPPORTED_RANGES' : [ 0xa0, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Sorted' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'NoIO' : [ 0x4, ['unsigned long']],
+    'IO' : [ 0x8, ['_SUPPORTED_RANGE']],
+    'NoMemory' : [ 0x28, ['unsigned long']],
+    'Memory' : [ 0x30, ['_SUPPORTED_RANGE']],
+    'NoPrefetchMemory' : [ 0x50, ['unsigned long']],
+    'PrefetchMemory' : [ 0x58, ['_SUPPORTED_RANGE']],
+    'NoDma' : [ 0x78, ['unsigned long']],
+    'Dma' : [ 0x80, ['_SUPPORTED_RANGE']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DEVICE_OBJECT_LIST' : [ 0x20, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'TagCount' : [ 0x8, ['unsigned long']],
+    'OperationCode' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+    'Devices' : [ 0x10, ['array', 1, ['_DEVICE_OBJECT_LIST_ENTRY']]],
+} ],
+  '_DEBUG_TRANSPORT_DATA' : [ 0x8, {
+    'HwContextSize' : [ 0x0, ['unsigned long']],
+    'UseSerialFraming' : [ 0x4, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x5, ['unsigned char']],
+    'USBCoreId' : [ 0x6, ['unsigned char']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_HAL_HV_SVM_DEVICE_CAPABILITIES' : [ 0xc, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PciExecute' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 31, native_type='unsigned long')]],
+    'OverflowPossible' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'PasidCount' : [ 0x4, ['unsigned long']],
+    'IommuIndex' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x48, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x1c, ['pointer', ['void']]],
+    'Enabled' : [ 0x20, ['unsigned char']],
+    'ActiveEngaged' : [ 0x21, ['unsigned char']],
+    'ThrottleLimit' : [ 0x22, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x23, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x24, ['pointer', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x28, ['pointer', ['_KEVENT']]],
+    'Interface' : [ 0x2c, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x14, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x10, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x8, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'AllocatorBackTraceIndex' : [ 0x4, ['unsigned short']],
+    'PoolTagHash' : [ 0x6, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x148, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+    'UserPresencePredictionEnabled' : [ 0x140, ['unsigned long']],
+    'AirplaneModeEnabled' : [ 0x144, ['unsigned char']],
+    'BluetoothDeviceCharging' : [ 0x145, ['unsigned char']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0x8, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned char']],
+    'TaggedPercent' : [ 0x5, ['array', 2, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_HAL_IOMMU_DISPATCH' : [ 0x4c, {
+    'HalIommuSupportEnabled' : [ 0x0, ['pointer', ['void']]],
+    'HalIommuGetConfiguration' : [ 0x4, ['pointer', ['void']]],
+    'HalIommuGetLibraryContext' : [ 0x8, ['pointer', ['void']]],
+    'HalIommuMapDevice' : [ 0xc, ['pointer', ['void']]],
+    'HalIommuEnableDevicePasid' : [ 0x10, ['pointer', ['void']]],
+    'HalIommuSetAddressSpace' : [ 0x14, ['pointer', ['void']]],
+    'HalIommuDisableDevicePasid' : [ 0x18, ['pointer', ['void']]],
+    'HalIommuUnmapDevice' : [ 0x1c, ['pointer', ['void']]],
+    'HalIommuFreeLibraryContext' : [ 0x20, ['pointer', ['void']]],
+    'HalIommuFlushTb' : [ 0x24, ['pointer', ['void']]],
+    'HalIommuFlushAllPasid' : [ 0x28, ['pointer', ['void']]],
+    'HalIommuProcessPageRequestQueue' : [ 0x2c, ['pointer', ['void']]],
+    'HalIommuFaultRoutine' : [ 0x30, ['pointer', ['void']]],
+    'HalIommuReferenceAsid' : [ 0x34, ['pointer', ['void']]],
+    'HalIommuDereferenceAsid' : [ 0x38, ['pointer', ['void']]],
+    'HalIommuServicePageFault' : [ 0x3c, ['pointer', ['void']]],
+    'HalIommuDevicePowerChange' : [ 0x40, ['pointer', ['void']]],
+    'HalIommuBeginDeviceReset' : [ 0x44, ['pointer', ['void']]],
+    'HalIommuFinalizeDeviceReset' : [ 0x48, ['pointer', ['void']]],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Timer' : [ 0x8, ['_KTIMER']],
+    'Dpc' : [ 0x30, ['_KDPC']],
+    'WorkOrder' : [ 0x50, ['pointer', ['_POP_FX_WORK_ORDER']]],
+    'CurrentWorkInfo' : [ 0x54, ['pointer', ['_PEP_WORK_INFORMATION']]],
+    'WatchdogStart' : [ 0x58, ['unsigned long long']],
+    'WorkerThread' : [ 0x60, ['pointer', ['_KTHREAD']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ArbiterHandler' : [ 0x10, ['pointer', ['void']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_3060' : [ 0x10, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x10, {
+    'Parameters' : [ 0x0, ['__unnamed_3060']],
+} ],
+  '__unnamed_3064' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_3068' : [ 0x14, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_306a' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_306c' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_306e' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_3070' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_3072' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_3074' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_3076' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_3078' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_307a' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_307c' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_3064']],
+    'Memory' : [ 0x0, ['__unnamed_3064']],
+    'Interrupt' : [ 0x0, ['__unnamed_3068']],
+    'Dma' : [ 0x0, ['__unnamed_306a']],
+    'DmaV3' : [ 0x0, ['__unnamed_306c']],
+    'Generic' : [ 0x0, ['__unnamed_3064']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_306e']],
+    'BusNumber' : [ 0x0, ['__unnamed_3070']],
+    'ConfigData' : [ 0x0, ['__unnamed_3072']],
+    'Memory40' : [ 0x0, ['__unnamed_3074']],
+    'Memory48' : [ 0x0, ['__unnamed_3076']],
+    'Memory64' : [ 0x0, ['__unnamed_3078']],
+    'Connection' : [ 0x0, ['__unnamed_307a']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_307c']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x28, {
+    'DriverObject' : [ 0x0, ['pointer', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x4, ['pointer', ['void']]],
+    'Count' : [ 0x8, ['unsigned long']],
+    'ServiceKeyName' : [ 0xc, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x14, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x18, ['pointer', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x1c, ['pointer', ['void']]],
+    'DvCallbacks' : [ 0x20, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'Traits' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x8, ['pointer', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0xc, ['pointer', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x10, ['pointer', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x14, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned short']],
+    'ReplyIndex' : [ 0x1a, ['unsigned short']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UseProtectedSlabAllocators' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UseUnprotectedSlabAllocators' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ZeroPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_RTL_RVA_LIST' : [ 0x20, {
+    'RvaCount' : [ 0x0, ['unsigned long']],
+    'StateBitsPerRva' : [ 0x4, ['unsigned long']],
+    'CompressedBuffer' : [ 0x8, ['pointer', ['unsigned char']]],
+    'CompressedBufferSize' : [ 0xc, ['unsigned long']],
+    'RvaStateBitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'StateBitValueMap' : [ 0x18, ['pointer', ['unsigned long']]],
+    'ExtensionBuffer' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x58, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '__unnamed_309b' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_309d' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_309b']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_309d']],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x4, {
+    'ReserveDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '__unnamed_30a7' : [ 0x8, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x8, ['__unnamed_30a7']],
+    'Irp' : [ 0x10, ['pointer', ['_IRP']]],
+    'u1' : [ 0x14, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x18, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x1c, ['_KAPC']],
+    'ByteCount' : [ 0x4c, ['unsigned long']],
+    'ChargedPages' : [ 0x50, ['unsigned long']],
+    'PagingFile' : [ 0x54, ['pointer', ['_MMPAGING_FILE']]],
+    'File' : [ 0x58, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x5c, ['pointer', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x60, ['pointer', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'Partition' : [ 0x78, ['pointer', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0x7c, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x80, ['_MDL']],
+    'Page' : [ 0x9c, ['array', 1, ['unsigned long']]],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0x50, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x10, ['unsigned char']],
+    'IrpOplocksR' : [ 0x14, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x1c, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x24, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x2c, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x34, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x3c, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x44, ['pointer', ['_GUID']]],
+    'OplockState' : [ 0x48, ['unsigned long']],
+    'FastMutex' : [ 0x4c, ['pointer', ['_FAST_MUTEX']]],
+} ],
+  '_HAL_HV_SVM_SYSTEM_CAPABILITIES' : [ 0x18, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GpaAlwaysValid' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MaxPasidSpaceCount' : [ 0x4, ['unsigned long']],
+    'MaxPasidSpacePasidCount' : [ 0x8, ['unsigned long']],
+    'MaxPrqSize' : [ 0xc, ['unsigned long']],
+    'IommuCount' : [ 0x10, ['unsigned long']],
+    'MinIommuPasidCount' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_30b2' : [ 0x8, {
+    'UserData' : [ 0x0, ['pointer', ['void']]],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_30b3' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_30b2']],
+    'Merged' : [ 0x10, ['__unnamed_30b3']],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'PublicFlags' : [ 0x19, ['unsigned char']],
+    'PrivateFlags' : [ 0x1a, ['unsigned short']],
+    'ListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_30b7' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_30b9' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_30bb' : [ 0xc, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_30bd' : [ 0xc, {
+    'Raw' : [ 0x0, ['__unnamed_30bb']],
+    'Translated' : [ 0x0, ['__unnamed_30b9']],
+} ],
+  '__unnamed_30bf' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_30c1' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_30c3' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_30c5' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_30c7' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_30c9' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_30cb' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_30cd' : [ 0xc, {
+    'Generic' : [ 0x0, ['__unnamed_30b7']],
+    'Port' : [ 0x0, ['__unnamed_30b7']],
+    'Interrupt' : [ 0x0, ['__unnamed_30b9']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_30bd']],
+    'Memory' : [ 0x0, ['__unnamed_30b7']],
+    'Dma' : [ 0x0, ['__unnamed_30bf']],
+    'DmaV3' : [ 0x0, ['__unnamed_30c1']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_306e']],
+    'BusNumber' : [ 0x0, ['__unnamed_30c3']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_30c5']],
+    'Memory40' : [ 0x0, ['__unnamed_30c7']],
+    'Memory48' : [ 0x0, ['__unnamed_30c9']],
+    'Memory64' : [ 0x0, ['__unnamed_30cb']],
+    'Connection' : [ 0x0, ['__unnamed_307a']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_30cd']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x40, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0xcc0, {
+    'SessionWsList' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x8, ['pointer', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0xc, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x18, ['unsigned long']],
+    'SizeOfPagedPoolInPages' : [ 0x1c, ['unsigned long']],
+    'SystemPteInfo' : [ 0x20, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0x54, ['unsigned long']],
+    'SmallNonPagedPtesCommit' : [ 0x58, ['unsigned long']],
+    'BootCommit' : [ 0x5c, ['unsigned long']],
+    'MdlPagesAllocated' : [ 0x60, ['unsigned long']],
+    'SystemPageTableCommit' : [ 0x64, ['unsigned long']],
+    'ProcessCommit' : [ 0x68, ['unsigned long']],
+    'DriverCommit' : [ 0x6c, ['long']],
+    'PagingLevels' : [ 0x70, ['unsigned char']],
+    'PfnDatabaseCommit' : [ 0x74, ['unsigned long']],
+    'SystemWs' : [ 0x80, ['array', 6, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x680, ['_MMSUPPORT_SHARED']],
+    'MapCacheFailures' : [ 0x700, ['unsigned long']],
+    'PagefileHashPages' : [ 0x704, ['unsigned long']],
+    'PteHeader' : [ 0x708, ['_SYSPTES_HEADER']],
+    'SystemVaTypeCount' : [ 0x794, ['array', 15, ['unsigned long']]],
+    'SystemVaType' : [ 0x7d0, ['array', 1024, ['unsigned char']]],
+    'SystemVaTypeCountFailures' : [ 0xbd0, ['array', 15, ['unsigned long']]],
+    'SystemVaTypeCountLimit' : [ 0xc0c, ['array', 15, ['unsigned long']]],
+    'SystemVaTypeCountPeak' : [ 0xc48, ['array', 15, ['unsigned long']]],
+    'SystemAvailableVa' : [ 0xc84, ['unsigned long']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0x54, {
+    'Cr0' : [ 0x0, ['unsigned long']],
+    'Cr2' : [ 0x4, ['unsigned long']],
+    'Cr3' : [ 0x8, ['unsigned long']],
+    'Cr4' : [ 0xc, ['unsigned long']],
+    'KernelDr0' : [ 0x10, ['unsigned long']],
+    'KernelDr1' : [ 0x14, ['unsigned long']],
+    'KernelDr2' : [ 0x18, ['unsigned long']],
+    'KernelDr3' : [ 0x1c, ['unsigned long']],
+    'KernelDr6' : [ 0x20, ['unsigned long']],
+    'KernelDr7' : [ 0x24, ['unsigned long']],
+    'Gdtr' : [ 0x28, ['_DESCRIPTOR']],
+    'Idtr' : [ 0x30, ['_DESCRIPTOR']],
+    'Tr' : [ 0x38, ['unsigned short']],
+    'Ldtr' : [ 0x3a, ['unsigned short']],
+    'Xcr0' : [ 0x3c, ['unsigned long long']],
+    'ExceptionList' : [ 0x44, ['unsigned long']],
+    'Reserved' : [ 0x48, ['array', 3, ['unsigned long']]],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x8, ['pointer', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x14, ['pointer', ['_ETHREAD']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'AtomicLinks' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x54, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x28, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x34, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x3c, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x40, ['unsigned long']],
+    'ProtosNode' : [ 0x44, ['_MI_PROTOTYPE_PTES_NODE']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x138, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastResponsivenessEvents' : [ 0x18, ['unsigned long']],
+    'LastPerfCheckSnap' : [ 0x20, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x78, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xd0, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x128, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x12c, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x130, ['array', 2, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x132, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x133, ['unsigned char']],
+    'CurrentResponsivenessEvents' : [ 0x134, ['unsigned long']],
+} ],
+  '_MI_HARD_FAULT_STATE' : [ 0x8, {
+    'SwapPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'StoreFlags' : [ 0x4, ['_MI_STORE_INPAGE_COMPLETE_FLAGS']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_POP_DEVICE_POWER_PROFILE' : [ 0x3c, {
+    'DeviceId' : [ 0x0, ['_UNICODE_STRING']],
+    'PowerPlane' : [ 0x8, ['pointer', ['_POP_POWER_PLANE']]],
+    'FxDevice' : [ 0xc, ['pointer', ['_POP_FX_DEVICE']]],
+    'PowerDrawMw' : [ 0x10, ['long']],
+    'DxPower' : [ 0x14, ['array', 4, ['_PO_POWER_PLANE_PROFILE']]],
+    'ComponentCount' : [ 0x34, ['unsigned long']],
+    'Components' : [ 0x38, ['pointer', ['pointer', ['_POP_COMPONENT_POWER_PROFILE']]]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x108, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x14, ['pointer', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x18, ['pointer', ['_KSEMAPHORE']]],
+    'Order' : [ 0x1c, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0xf0, ['_LIST_ENTRY']],
+    'Status' : [ 0xf8, ['long']],
+    'FailedDevice' : [ 0xfc, ['pointer', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x100, ['unsigned char']],
+    'Cancelled' : [ 0x101, ['unsigned char']],
+    'IgnoreErrors' : [ 0x102, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x103, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x104, ['unsigned char']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x8, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'Node' : [ 0x4, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x4c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['unsigned long']],
+    'SamplingPeriod' : [ 0x10, ['unsigned long']],
+    'CurrentTemperature' : [ 0x14, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x60, {
+    'FileName' : [ 0x0, ['pointer', ['wchar']]],
+    'BaseName' : [ 0x4, ['pointer', ['wchar']]],
+    'RegRootName' : [ 0x8, ['pointer', ['wchar']]],
+    'CmHive' : [ 0xc, ['pointer', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x10, ['unsigned long']],
+    'CmHiveFlags' : [ 0x14, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x18, ['unsigned long']],
+    'CmHive2' : [ 0x1c, ['pointer', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x20, ['unsigned char']],
+    'ThreadFinished' : [ 0x21, ['unsigned char']],
+    'ThreadStarted' : [ 0x22, ['unsigned char']],
+    'Allocate' : [ 0x23, ['unsigned char']],
+    'WinPERequired' : [ 0x24, ['unsigned char']],
+    'StartEvent' : [ 0x28, ['_KEVENT']],
+    'FinishedEvent' : [ 0x38, ['_KEVENT']],
+    'MountLock' : [ 0x48, ['_KEVENT']],
+    'FilePath' : [ 0x58, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0xd4, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x4, ['pointer', ['pointer', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x8, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+    'Flags' : [ 0xd0, ['unsigned long']],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'HitCount' : [ 0x10, ['unsigned long long']],
+    'LastActivationTime' : [ 0x18, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x20, ['unsigned long long']],
+    'CsActivationTime' : [ 0x28, ['unsigned long long']],
+    'CsActiveTime' : [ 0x30, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x28, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HAL_CLOCK_TIMER_CONFIGURATION' : [ 0x20, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'AlwaysOnTimer' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'HighLatency' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PerCpuTimer' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DynamicTickSupported' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'KnownType' : [ 0x4, ['unsigned long']],
+    'Capabilities' : [ 0x8, ['unsigned long']],
+    'MaxIncrement' : [ 0x10, ['unsigned long long']],
+    'MinIncrement' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_DEBUGID_TRACKING_ENTRY' : [ 0x2c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x8, ['unsigned char']],
+    'Spare' : [ 0x9, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0xc, ['unsigned long']],
+    'DebugId' : [ 0x10, ['_CVDD']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'Event' : [ 0xc, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_311f' : [ 0x4, {
+    'Anchor' : [ 0x0, ['_MI_SYSTEM_REGION_ANCHOR']],
+    'EntireReference' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_REGION_REFERENCE' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_311f']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x34, {
+    'Parent' : [ 0x0, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x4, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x8, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0xc, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x30, ['pointer', ['void']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x14, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'HashTable' : [ 0xc, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x2c, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ControlAreaDeleteListHead' : [ 0x14, ['_LIST_ENTRY']],
+    'UnusedSegmentDeleteListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'PagefileExtensionListHead' : [ 0x24, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_3136' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x140, {
+    'FreeLargePages' : [ 0x0, ['array', 2, ['_MI_FREE_LARGE_PAGES']]],
+    'LargePageRebuildTimer' : [ 0x50, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'FreePageListHeadsBitmap' : [ 0x80, ['array', 2, ['_RTL_BITMAP']]],
+    'FreePageListHeadsBitmapBuffer' : [ 0x90, ['array', 16, ['unsigned long']]],
+    'FreeCount' : [ 0xd0, ['array', 2, ['unsigned long']]],
+    'TotalPages' : [ 0xd8, ['array', 1, ['unsigned long']]],
+    'TotalPagesEntireNode' : [ 0xdc, ['unsigned long']],
+    'MmShiftedColor' : [ 0xe0, ['unsigned long']],
+    'Color' : [ 0xe4, ['unsigned long']],
+    'ChannelFreeCount' : [ 0xe8, ['array', 1, ['array', 2, ['unsigned long']]]],
+    'Flags' : [ 0xf0, ['__unnamed_3136']],
+    'NodeLock' : [ 0xf4, ['_EX_PUSH_LOCK']],
+    'LargeListMoveInProgress' : [ 0xf8, ['unsigned char']],
+    'ChannelStatus' : [ 0xf9, ['unsigned char']],
+    'ChannelOrdering' : [ 0xfa, ['array', 1, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0xfb, ['array', 1, ['unsigned char']]],
+    'PowerAttribute' : [ 0xfc, ['array', 1, ['unsigned char']]],
+    'LargePageLock' : [ 0x100, ['unsigned long']],
+    'PageColorTable' : [ 0x104, ['_MI_PAGE_COLORS']],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION' : [ 0xc0, {
+    'ValidBits' : [ 0x0, ['_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS']],
+    'ProcessorType' : [ 0x8, ['unsigned char']],
+    'InstructionSet' : [ 0x9, ['unsigned char']],
+    'ErrorType' : [ 0xa, ['unsigned char']],
+    'Operation' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned char']],
+    'Level' : [ 0xd, ['unsigned char']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'CPUVersion' : [ 0x10, ['unsigned long long']],
+    'CPUBrandString' : [ 0x18, ['array', 128, ['unsigned char']]],
+    'ProcessorId' : [ 0x98, ['unsigned long long']],
+    'TargetAddress' : [ 0xa0, ['unsigned long long']],
+    'RequesterId' : [ 0xa8, ['unsigned long long']],
+    'ResponderId' : [ 0xb0, ['unsigned long long']],
+    'InstructionPointer' : [ 0xb8, ['unsigned long long']],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['long']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DeviceNode' : [ 0x1c, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x10, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x4, ['pointer', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x40, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0xc, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x1c, ['unsigned long']],
+    'AccessBufferList' : [ 0x20, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x28, ['long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x30, ['long']],
+} ],
+  '_DOMAIN_CONFIGURATION_ARM64' : [ 0x20, {
+    'Ttbr0' : [ 0x0, ['_LARGE_INTEGER']],
+    'Ttbr1' : [ 0x8, ['_LARGE_INTEGER']],
+    'Mair0' : [ 0x10, ['unsigned long']],
+    'Mair1' : [ 0x14, ['unsigned long']],
+    'InputSize0' : [ 0x18, ['unsigned char']],
+    'InputSize1' : [ 0x19, ['unsigned char']],
+    'CoherentTableWalks' : [ 0x1a, ['unsigned char']],
+    'TranslationEnabled' : [ 0x1b, ['unsigned char']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x8, ['pointer', ['void']]],
+    'CallersCaller' : [ 0xc, ['pointer', ['void']]],
+    'CallCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0xc, {
+    'Previous' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x4, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x10, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0x48, {
+    'CachedKernelStacks' : [ 0x0, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'CachedNonPagedPoolCount' : [ 0x30, ['unsigned long']],
+    'NonPagedPoolSpinLock' : [ 0x34, ['unsigned long']],
+    'CachedNonPagedPool' : [ 0x38, ['pointer', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x3c, ['pointer', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_QOS_CLASS_POLICY' : [ 0x1c, {
+    'MaxPolicyPercent' : [ 0x0, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x4, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x8, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0xc, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x10, ['unsigned long']],
+    'ProvideGuidance' : [ 0x14, ['unsigned char']],
+    'AllowThrottling' : [ 0x15, ['unsigned char']],
+    'PerfBoostMode' : [ 0x16, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x17, ['unsigned char']],
+    'TrackDesiredCrossClass' : [ 0x18, ['unsigned char']],
+} ],
+  '_MI_NODE_NUMBER_ZERO_BASED' : [ 0x4, {
+    'ZeroBased' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long']],
+    'BadPagesDetected' : [ 0x4, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x8, ['long']],
+    'ScrubPasses' : [ 0xc, ['long']],
+    'ScrubBadPagesFound' : [ 0x10, ['long']],
+    'PageHashErrors' : [ 0x14, ['unsigned long']],
+    'FeatureBits' : [ 0x18, ['unsigned long long']],
+    'TimeZoneId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x28, ['pointer', ['void']]],
+    'ExceptionChainTerminator' : [ 0x2c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'ExceptionChainTerminatorRecord' : [ 0x30, ['_EXCEPTION_REGISTRATION_RECORD']],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x10, {
+    'SharedExportThunks' : [ 0x0, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x4, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x8, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0xc, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_POP_COMPONENT_POWER_PROFILE' : [ 0x20, {
+    'ComponentGuid' : [ 0x0, ['_GUID']],
+    'Device' : [ 0x10, ['pointer', ['_POP_DEVICE_POWER_PROFILE']]],
+    'FxCount' : [ 0x14, ['unsigned long']],
+    'FxPower' : [ 0x18, ['array', 1, ['_PO_POWER_PLANE_PROFILE']]],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x14, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x10, ['unsigned char']],
+    'RebuildActive' : [ 0x11, ['unsigned char']],
+    'NextPassDelta' : [ 0x12, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x13, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x40, {
+    'IoPfnLock' : [ 0x0, ['long']],
+    'IoPfnRoot' : [ 0x4, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x10, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x18, ['unsigned long']],
+    'IoCacheStats' : [ 0x1c, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x3c, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x2c, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x28, ['long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0xce8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x14, ['pointer', ['void']]],
+    'EmInfFileSize' : [ 0x18, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x1c, ['pointer', ['void']]],
+    'HeadlessLoaderBlock' : [ 0x20, ['pointer', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x24, ['pointer', ['_SMBIOS3_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x28, ['pointer', ['void']]],
+    'DrvDBSize' : [ 0x2c, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x30, ['pointer', ['_NETWORK_LOADER_BLOCK']]],
+    'HalpIRQLToTPR' : [ 0x34, ['pointer', ['unsigned char']]],
+    'HalpVectorToIRQL' : [ 0x38, ['pointer', ['unsigned char']]],
+    'FirmwareDescriptorListHead' : [ 0x3c, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x44, ['pointer', ['void']]],
+    'AcpiTableSize' : [ 0x48, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x4c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x4c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x4c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x4c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x4c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardStrongCodeGuarantees' : [ 0x4c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SidSharingDisabled' : [ 0x4c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'TpmInitialized' : [ 0x4c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'VsmConfigured' : [ 0x4c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IumEnabled' : [ 0x4c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'IsSmbboot' : [ 0x4c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BootLogEnabled' : [ 0x4c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DriverVerifierEnabled' : [ 0x4c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SuppressMonitorX' : [ 0x4c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Unused' : [ 0x4c, ['BitField', dict(start_bit = 14, end_bit = 21, native_type='unsigned long')]],
+    'FeatureSimulations' : [ 0x4c, ['BitField', dict(start_bit = 21, end_bit = 27, native_type='unsigned long')]],
+    'MicrocodeSelfHosting' : [ 0x4c, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'XhciLegacyHandoffSkip' : [ 0x4c, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisableInsiderOptInHVCI' : [ 0x4c, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'MicrocodeMinVerSupported' : [ 0x4c, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'GpuIommuEnabled' : [ 0x4c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x50, ['_LOADER_PERFORMANCE_DATA']],
+    'BootApplicationPersistentData' : [ 0xb0, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0xb8, ['pointer', ['void']]],
+    'BootIdentifier' : [ 0xbc, ['_GUID']],
+    'ResumePages' : [ 0xcc, ['unsigned long']],
+    'DumpHeader' : [ 0xd0, ['pointer', ['void']]],
+    'BgContext' : [ 0xd4, ['pointer', ['void']]],
+    'NumaLocalityInfo' : [ 0xd8, ['pointer', ['void']]],
+    'NumaGroupAssignment' : [ 0xdc, ['pointer', ['void']]],
+    'AttachedHives' : [ 0xe0, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0xe8, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0xec, ['pointer', ['void']]],
+    'BootEntropyResult' : [ 0xf0, ['_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0x958, ['unsigned long long']],
+    'HypervisorExtension' : [ 0x960, ['_LOADER_PARAMETER_HYPERVISOR_EXTENSION']],
+    'HardwareConfigurationId' : [ 0x9a0, ['_GUID']],
+    'HalExtensionModuleList' : [ 0x9b0, ['_LIST_ENTRY']],
+    'SystemTime' : [ 0x9b8, ['_LARGE_INTEGER']],
+    'TimeStampAtSystemTimeRead' : [ 0x9c0, ['unsigned long long']],
+    'BootFlags' : [ 0x9c8, ['unsigned long long']],
+    'DbgMenuOsSelection' : [ 0x9c8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgHiberBoot' : [ 0x9c8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgSoftRestart' : [ 0x9c8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'DbgMeasuredLaunch' : [ 0x9c8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'InternalBootFlags' : [ 0x9d0, ['unsigned long long']],
+    'DbgUtcBootTime' : [ 0x9d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgRtcBootTime' : [ 0x9d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgNoLegacyServices' : [ 0x9d0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WfsFPData' : [ 0x9d8, ['pointer', ['void']]],
+    'WfsFPDataSize' : [ 0x9dc, ['unsigned long']],
+    'BugcheckParameters' : [ 0x9e0, ['_LOADER_BUGCHECK_PARAMETERS']],
+    'ApiSetSchema' : [ 0x9f4, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0x9f8, ['unsigned long']],
+    'ApiSetSchemaExtensions' : [ 0x9fc, ['_LIST_ENTRY']],
+    'AcpiBiosVersion' : [ 0xa04, ['_UNICODE_STRING']],
+    'SmbiosVersion' : [ 0xa0c, ['_UNICODE_STRING']],
+    'EfiVersion' : [ 0xa14, ['_UNICODE_STRING']],
+    'KdDebugDevice' : [ 0xa1c, ['pointer', ['_DEBUG_DEVICE_DESCRIPTOR']]],
+    'OfflineCrashdumpConfigurationTable' : [ 0xa20, ['_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2']],
+    'ManufacturingProfile' : [ 0xa40, ['_UNICODE_STRING']],
+    'BbtBuffer' : [ 0xa48, ['pointer', ['void']]],
+    'XsaveAllowedFeatures' : [ 0xa50, ['unsigned long long']],
+    'XsaveFlags' : [ 0xa58, ['unsigned long']],
+    'BootOptions' : [ 0xa5c, ['pointer', ['void']]],
+    'IumEnablement' : [ 0xa60, ['unsigned long']],
+    'IumPolicy' : [ 0xa64, ['unsigned long']],
+    'IumStatus' : [ 0xa68, ['long']],
+    'BootId' : [ 0xa6c, ['unsigned long']],
+    'CodeIntegrityData' : [ 0xa70, ['pointer', ['_LOADER_PARAMETER_CI_EXTENSION']]],
+    'CodeIntegrityDataSize' : [ 0xa74, ['unsigned long']],
+    'SystemHiveRecoveryInfo' : [ 0xa78, ['_LOADER_HIVE_RECOVERY_INFO']],
+    'SoftRestartCount' : [ 0xa8c, ['unsigned long']],
+    'SoftRestartTime' : [ 0xa90, ['long long']],
+    'LeapSecondData' : [ 0xa98, ['pointer', ['_LEAP_SECOND_DATA']]],
+    'MajorRelease' : [ 0xa9c, ['unsigned long']],
+    'Reserved1' : [ 0xaa0, ['unsigned long']],
+    'NtBuildLab' : [ 0xaa4, ['array', 224, ['unsigned char']]],
+    'NtBuildLabEx' : [ 0xb84, ['array', 224, ['unsigned char']]],
+    'ResetReason' : [ 0xc68, ['_LOADER_RESET_REASON']],
+    'MaxPciBusNumber' : [ 0xc98, ['unsigned long']],
+    'FeatureSettings' : [ 0xc9c, ['unsigned long']],
+    'HotPatchReserveSize' : [ 0xca0, ['unsigned long']],
+    'RetpolineReserveSize' : [ 0xca4, ['unsigned long']],
+    'VsmPerformanceData' : [ 0xca8, ['_VSM_PERFORMANCE_DATA']],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0xc, {
+    'AnsiCodePageData' : [ 0x0, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x4, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x10, {
+    'CurrentCharges' : [ 0x0, ['unsigned long']],
+    'ChargeFailures' : [ 0x4, ['unsigned long']],
+    'ChargePeak' : [ 0x8, ['unsigned long']],
+    'ChargeMinimum' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_3193' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x2c, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer', ['void']]],
+    'ProtosNode' : [ 0xc, ['_MI_PROTOTYPE_PTES_NODE']],
+    'NumberOfPtes' : [ 0x1c, ['unsigned long']],
+    'SessionId' : [ 0x20, ['unsigned long']],
+    'Subsection' : [ 0x20, ['pointer', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x24, ['pointer', ['_MMPTE']]],
+    'u2' : [ 0x28, ['__unnamed_3193']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_PEBS_DS_SAVE_AREA32' : [ 0x80, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long']],
+    'BtsIndex' : [ 0x4, ['unsigned long']],
+    'BtsAbsoluteMaximum' : [ 0x8, ['unsigned long']],
+    'BtsInterruptThreshold' : [ 0xc, ['unsigned long']],
+    'PebsBufferBase' : [ 0x10, ['unsigned long']],
+    'PebsIndex' : [ 0x14, ['unsigned long']],
+    'PebsAbsoluteMaximum' : [ 0x18, ['unsigned long']],
+    'PebsInterruptThreshold' : [ 0x1c, ['unsigned long']],
+    'PebsGpCounterReset' : [ 0x20, ['array', 8, ['unsigned long long']]],
+    'PebsFixedCounterReset' : [ 0x60, ['array', 4, ['unsigned long long']]],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x30, {
+    'PagesLoad' : [ 0x0, ['long']],
+    'PagesAverage' : [ 0x4, ['unsigned long']],
+    'AverageAvailablePages' : [ 0x8, ['unsigned long']],
+    'PagesWritten' : [ 0xc, ['unsigned long']],
+    'WritesIssued' : [ 0x10, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x14, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x18, ['unsigned long']],
+    'WriteBurstCount' : [ 0x1c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x20, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x28, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x2e, ['unsigned short']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_INFORMATION' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['_HAL_UNMASKED_INTERRUPT_FLAGS']],
+    'Mode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Gsiv' : [ 0x10, ['unsigned long']],
+    'PinNumber' : [ 0x14, ['unsigned short']],
+    'DeviceHandle' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_KTRANSACTION' : [ 0x1e0, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'Mutex' : [ 0x14, ['_KMUTANT']],
+    'TreeTx' : [ 0x34, ['pointer', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x38, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x4c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0x60, ['_GUID']],
+    'State' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0x74, ['unsigned long']],
+    'EnlistmentHead' : [ 0x78, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x80, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0x84, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0x88, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0x8c, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0x90, ['unsigned long']],
+    'PendingResponses' : [ 0x94, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0x98, ['pointer', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xa0, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0xb0, ['pointer', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0xb4, ['pointer', ['void']]],
+    'IsolationLevel' : [ 0xb8, ['unsigned long']],
+    'IsolationFlags' : [ 0xbc, ['unsigned long']],
+    'Timeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'Description' : [ 0xc8, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0xd0, ['pointer', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0xd4, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0xe4, ['_KDPC']],
+    'RollbackTimer' : [ 0x108, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x130, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x138, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x13c, ['pointer', ['_KTM']]],
+    'CommitReservation' : [ 0x140, ['long long']],
+    'TransactionHistory' : [ 0x148, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x198, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x19c, ['pointer', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x1a0, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x1a4, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x1c4, ['pointer', ['void']]],
+    'PendingPromotionCount' : [ 0x1c8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x1cc, ['_KEVENT']],
+} ],
+  '_FAKE_HEAP_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x44, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'NoPageTablesAllowed' : [ 0x3c, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x40, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0x60, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x38, ['_KMUTANT']],
+    'LinksOffset' : [ 0x58, ['unsigned short']],
+    'GuidOffset' : [ 0x5a, ['unsigned short']],
+    'Expired' : [ 0x5c, ['unsigned char']],
+} ],
+  '_LOADER_BUGCHECK_PARAMETERS' : [ 0x14, {
+    'BugcheckCode' : [ 0x0, ['unsigned long']],
+    'BugcheckParameter1' : [ 0x4, ['unsigned long']],
+    'BugcheckParameter2' : [ 0x8, ['unsigned long']],
+    'BugcheckParameter3' : [ 0xc, ['unsigned long']],
+    'BugcheckParameter4' : [ 0x10, ['unsigned long']],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x340, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long']],
+    'PageSize' : [ 0x14, ['unsigned long']],
+    'SystemTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x20, ['unsigned long long']],
+    'FeatureFlags' : [ 0x28, ['unsigned long long']],
+    'HiberFlags' : [ 0x30, ['unsigned char']],
+    'spare' : [ 0x31, ['array', 3, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x34, ['unsigned long']],
+    'HiberVa' : [ 0x38, ['unsigned long']],
+    'NoFreePages' : [ 0x3c, ['unsigned long']],
+    'FreeMapCheck' : [ 0x40, ['unsigned long']],
+    'WakeCheck' : [ 0x44, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x48, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x50, ['unsigned long']],
+    'FirstKernelRestorePage' : [ 0x54, ['unsigned long']],
+    'FirstChecksumRestorePage' : [ 0x58, ['unsigned long']],
+    'NoChecksumEntries' : [ 0x60, ['unsigned long long']],
+    'PerfInfo' : [ 0x68, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x260, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x264, ['array', 1, ['unsigned long']]],
+    'SpareUlong' : [ 0x268, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x26c, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x270, ['array', 24, ['unsigned long']]],
+    'NotUsed' : [ 0x2d0, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x2d4, ['unsigned long']],
+    'ResumeContextPages' : [ 0x2d8, ['unsigned long']],
+    'Hiberboot' : [ 0x2dc, ['unsigned char']],
+    'SecureLaunched' : [ 0x2dd, ['unsigned char']],
+    'SecureBoot' : [ 0x2de, ['unsigned char']],
+    'HvPageTableRoot' : [ 0x2e0, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x2e8, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x2f0, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x2f8, ['unsigned long long']],
+    'BootFlags' : [ 0x300, ['unsigned long long']],
+    'RestoreProcessorStateRoutine' : [ 0x308, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x310, ['unsigned long']],
+    'BitlockerKeyPfns' : [ 0x314, ['array', 4, ['unsigned long']]],
+    'HardwareSignature' : [ 0x324, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x328, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x330, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x334, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x335, ['unsigned char']],
+    'HiberResumeXhciHandoffSkip' : [ 0x336, ['unsigned char']],
+    'InitializeUSBCore' : [ 0x337, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x338, ['unsigned char']],
+    'USBCoreId' : [ 0x339, ['unsigned char']],
+    'SkipMemoryMapValidation' : [ 0x33a, ['unsigned char']],
+} ],
+  '_POP_FX_DRIPS_WATCHDOG_CONTEXT' : [ 0x14, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'ComponentIndex' : [ 0x8, ['unsigned long']],
+    'ChildDevices' : [ 0xc, ['pointer', ['pointer', ['_DEVICE_NODE']]]],
+    'ChildDeviceCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SUPPORTED_RANGE' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_SUPPORTED_RANGE']]],
+    'SystemAddressSpace' : [ 0x4, ['unsigned long']],
+    'SystemBase' : [ 0x8, ['long long']],
+    'Base' : [ 0x10, ['long long']],
+    'Limit' : [ 0x18, ['long long']],
+} ],
+  '__unnamed_31c3' : [ 0x4, {
+    'NumberOfEntries' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Va' : [ 0x0, ['pointer', ['void']]],
+    'VaLong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTB_FLUSH_VA' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_31c3']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x2c, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x8, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0xc, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x10, ['unsigned long']],
+    'LowestLink' : [ 0x14, ['unsigned long']],
+    'Dependencies' : [ 0x18, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x1c, ['_LDRP_CSLIST']],
+    'State' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x28, ['unsigned long']],
+} ],
+  '_MI_PAGE_COLORS' : [ 0xc, {
+    'PageSize' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x100, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0xc0, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0xc8, ['pointer', ['void']]],
+    'StorageInfo' : [ 0xc8, ['pointer', ['void']]],
+    'UseStorageInfo' : [ 0xcc, ['unsigned char']],
+    'PointersLength' : [ 0xd0, ['unsigned long']],
+    'ModulePrefix' : [ 0xd4, ['pointer', ['wchar']]],
+    'DriverList' : [ 0xd8, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0xe0, ['_STRING']],
+    'ProgMsg' : [ 0xe8, ['_STRING']],
+    'DoneMsg' : [ 0xf0, ['_STRING']],
+    'FileObject' : [ 0xf8, ['pointer', ['void']]],
+    'UsageType' : [ 0xfc, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay', 6: u'DeviceUsageTypeGuestAssigned'})]],
+} ],
+  '_PNP_WATCHDOG' : [ 0xa0, {
+    'WatchdogStart' : [ 0x0, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x8, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x30, ['_KDPC']],
+    'WatchdogEnabled' : [ 0x50, ['unsigned char']],
+    'WatchdogSecondChance' : [ 0x51, ['unsigned char']],
+    'WatchdogComplete' : [ 0x54, ['_KEVENT']],
+    'WatchdogWorkItem' : [ 0x64, ['_WORK_QUEUE_ITEM']],
+    'WatchdogContextType' : [ 0x74, ['Enumeration', dict(target = 'long', choices = {1: u'PNP_EVENT_WORKER_WATCHDOG', 2: u'PNP_DEVICE_COMPLETION_QUEUE_WATCHDOG', 3: u'PNP_DELAYED_REMOVE_WORKER_WATCHDOG'})]],
+    'WatchdogLock' : [ 0x78, ['_FAST_MUTEX']],
+    'WatchdogContext' : [ 0x98, ['pointer', ['void']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x8, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_KQUEUE' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x18, ['unsigned long']],
+    'MaximumCount' : [ 0x1c, ['unsigned long']],
+    'ThreadListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_FAULT_CONFIGURATION' : [ 0x8, {
+    'FaultHandler' : [ 0x0, ['pointer', ['void']]],
+    'FaultContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x20, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0xc, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x20, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_INPUT_MAPPING_ELEMENT' : [ 0x4, {
+    'InputMappingId' : [ 0x0, ['unsigned long']],
+} ],
+  '_DESCRIPTOR' : [ 0x8, {
+    'Pad' : [ 0x0, ['unsigned short']],
+    'Limit' : [ 0x2, ['unsigned short']],
+    'Base' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_31f0' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_31f2' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_31f4' : [ 0x8, {
+    'NotificationStructure' : [ 0x0, ['pointer', ['void']]],
+    'DeviceId' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_31f6' : [ 0x4, {
+    'Notification' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_31f8' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_31fa' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights', 13: u'PNP_VetoAlreadyRemoved'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_31fc' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_31fe' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_3200' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_3202' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_31f0']],
+    'TargetDevice' : [ 0x0, ['__unnamed_31f2']],
+    'InstallDevice' : [ 0x0, ['__unnamed_31f2']],
+    'CustomNotification' : [ 0x0, ['__unnamed_31f4']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_31f6']],
+    'PowerNotification' : [ 0x0, ['__unnamed_31f8']],
+    'VetoNotification' : [ 0x0, ['__unnamed_31fa']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_31fc']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_31fe']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_3200']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_31f2']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_31f2']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x44, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalSize' : [ 0x1c, ['unsigned long']],
+    'DeviceObject' : [ 0x20, ['pointer', ['void']]],
+    'u' : [ 0x24, ['__unnamed_3202']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ProcessorType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'InstructionSet' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Operation' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Flags' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Level' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'CPUVersion' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'CPUBrandString' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'ProcessorId' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'TargetAddress' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'InstructionPointer' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VSM_PERFORMANCE_DATA' : [ 0x40, {
+    'LaunchVsmMark' : [ 0x0, ['array', 8, ['unsigned long long']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeviceDriver' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x18, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x8, ['long']],
+    'Misses' : [ 0xc, ['unsigned long']],
+    'MissesLast' : [ 0x10, ['unsigned long']],
+    'AllStacksInUse' : [ 0x14, ['unsigned long']],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0xc, {
+    'CommonDataArea' : [ 0x0, ['pointer', ['void']]],
+    'MachineType' : [ 0x4, ['unsigned long']],
+    'VirtualBias' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_3217' : [ 0x8, {
+    'Pch' : [ 0x0, ['unsigned char']],
+    'EmbeddedController' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 6, ['unsigned char']]],
+} ],
+  '__unnamed_3219' : [ 0x8, {
+    'Component' : [ 0x0, ['__unnamed_3217']],
+    'AsULONG64' : [ 0x0, ['unsigned long long']],
+    'AsBytes' : [ 0x0, ['array', 8, ['unsigned char']]],
+} ],
+  '_LOADER_RESET_REASON' : [ 0x30, {
+    'Supplied' : [ 0x0, ['unsigned char']],
+    'Basic' : [ 0x8, ['__unnamed_3219']],
+    'AdditionalInfo' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x4, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['pointer', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0xc, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'MpnId' : [ 0x4, ['unsigned short']],
+    'Node' : [ 0x6, ['unsigned short']],
+    'Channel' : [ 0x8, ['unsigned short']],
+    'IsPowerManageable' : [ 0xa, ['unsigned char']],
+    'DeepPowerState' : [ 0xb, ['unsigned char']],
+} ],
+  '_LOADER_HIVE_RECOVERY_INFO' : [ 0x14, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LegacyRecovery' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SoftRebootConflict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MostRecentLog' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'LogNextSequence' : [ 0x8, ['unsigned long']],
+    'LogMinimumSequence' : [ 0xc, ['unsigned long']],
+    'LogCurrentOffset' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_3229' : [ 0x24, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x28, {
+    'FirmwareTypeUefi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EfiRuntimeUseIum' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EfiRuntimePageProtectionSupported' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_3229']],
+} ],
+  '__unnamed_322d' : [ 0xc, {
+    'Address' : [ 0x0, ['unsigned long']],
+    'Consumed' : [ 0x4, ['unsigned char']],
+    'ErrorCode' : [ 0x6, ['unsigned short']],
+    'ErrorIpValid' : [ 0x8, ['unsigned char']],
+    'RestartIpValid' : [ 0x9, ['unsigned char']],
+    'ClearPoison' : [ 0xa, ['unsigned char']],
+} ],
+  '__unnamed_322f' : [ 0x4, {
+    'PmemErrInfo' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_RECOVERY_CONTEXT' : [ 0x20, {
+    'MemoryError' : [ 0x0, ['__unnamed_322d']],
+    'PmemError' : [ 0x0, ['__unnamed_322f']],
+    'PartitionId' : [ 0x10, ['unsigned long long']],
+    'VpIndex' : [ 0x18, ['unsigned long']],
+    'ErrorType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {1: u'WheaRecoveryContextErrorTypeMemory', 2: u'WheaRecoveryContextErrorTypePmem', 3: u'WheaRecoveryContextErrorTypeMax'})]],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Link' : [ 0x14, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x1c, ['pointer', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x70, {
+    'Prcb' : [ 0x0, ['pointer', ['_KPRCB']]],
+    'PerfContext' : [ 0x4, ['unsigned long']],
+    'PlatformCap' : [ 0x8, ['unsigned long']],
+    'ThermalCap' : [ 0xc, ['unsigned long']],
+    'LimitReasons' : [ 0x10, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x18, ['unsigned long long']],
+    'ProcCap' : [ 0x20, ['unsigned long']],
+    'ProcFloor' : [ 0x24, ['unsigned long']],
+    'TargetPercent' : [ 0x28, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x2c, ['unsigned char']],
+    'ResponsivenessChangeCount' : [ 0x2d, ['unsigned char']],
+    'Selection' : [ 0x30, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x58, ['unsigned long']],
+    'PreviousFrequency' : [ 0x5c, ['unsigned long']],
+    'PreviousPercent' : [ 0x60, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x64, ['unsigned long']],
+    'Force' : [ 0x68, ['unsigned char']],
+    'UseQosUpdateLock' : [ 0x69, ['unsigned char']],
+    'QosUpdateLock' : [ 0x6c, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x38, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0xc, ['pointer', ['unsigned char']]],
+    'PciDeviceId' : [ 0x10, ['unsigned short']],
+    'PciVendorId' : [ 0x12, ['unsigned short']],
+    'PciBusNumber' : [ 0x14, ['unsigned char']],
+    'PciBusSegment' : [ 0x16, ['unsigned short']],
+    'PciSlotNumber' : [ 0x18, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x19, ['unsigned char']],
+    'PciFlags' : [ 0x1c, ['unsigned long']],
+    'SystemGUID' : [ 0x20, ['_GUID']],
+    'IsMMIODevice' : [ 0x30, ['unsigned char']],
+    'TerminalType' : [ 0x31, ['unsigned char']],
+    'InterfaceType' : [ 0x32, ['unsigned char']],
+    'RegisterBitWidth' : [ 0x33, ['unsigned char']],
+    'RegisterAccessSize' : [ 0x34, ['unsigned char']],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'RankNumber' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'CardHandle' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'ModuleHandle' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'ExtendedRow' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'BankGroup' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'BankAddress' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'ChipIdentification' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x18, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x2bc, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer', ['void']]],
+    'ConsoleFlags' : [ 0x14, ['unsigned long']],
+    'StandardInput' : [ 0x18, ['pointer', ['void']]],
+    'StandardOutput' : [ 0x1c, ['pointer', ['void']]],
+    'StandardError' : [ 0x20, ['pointer', ['void']]],
+    'CurrentDirectory' : [ 0x24, ['_CURDIR']],
+    'DllPath' : [ 0x30, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x38, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x40, ['_UNICODE_STRING']],
+    'Environment' : [ 0x48, ['pointer', ['void']]],
+    'StartingX' : [ 0x4c, ['unsigned long']],
+    'StartingY' : [ 0x50, ['unsigned long']],
+    'CountX' : [ 0x54, ['unsigned long']],
+    'CountY' : [ 0x58, ['unsigned long']],
+    'CountCharsX' : [ 0x5c, ['unsigned long']],
+    'CountCharsY' : [ 0x60, ['unsigned long']],
+    'FillAttribute' : [ 0x64, ['unsigned long']],
+    'WindowFlags' : [ 0x68, ['unsigned long']],
+    'ShowWindowFlags' : [ 0x6c, ['unsigned long']],
+    'WindowTitle' : [ 0x70, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0x78, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0x80, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0x88, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0x90, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x290, ['unsigned long']],
+    'EnvironmentVersion' : [ 0x294, ['unsigned long']],
+    'PackageDependencyData' : [ 0x298, ['pointer', ['void']]],
+    'ProcessGroupId' : [ 0x29c, ['unsigned long']],
+    'LoaderThreads' : [ 0x2a0, ['unsigned long']],
+    'RedirectionDllName' : [ 0x2a4, ['_UNICODE_STRING']],
+    'HeapPartitionName' : [ 0x2ac, ['_UNICODE_STRING']],
+    'DefaultThreadpoolCpuSetMasks' : [ 0x2b4, ['pointer', ['unsigned long long']]],
+    'DefaultThreadpoolCpuSetMaskCount' : [ 0x2b8, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x20, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long']],
+    'ActiveCacheMatch' : [ 0x4, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0x8, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x14, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_3250' : [ 0x4, {
+    'PasidMaxWidth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'PasidExePerm' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PasidPrivMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AtsPageAlignedRequest' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AtsGlobalInvalidate' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AtsInvalidateQueueDepth' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 14, native_type='unsigned long')]],
+} ],
+  '_IOMMU_SVM_CAPABILITIES' : [ 0xc, {
+    'AtsCapability' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PriCapability' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PasidCapability' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CapReg' : [ 0x4, ['__unnamed_3250']],
+    'Rsvd' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_325d' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_325f' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_3261' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_325d']],
+    'Gpt' : [ 0x0, ['__unnamed_325f']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0xc0, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer', ['void']]],
+    'CommonBuffer' : [ 0xc, ['array', 2, ['pointer', ['void']]]],
+    'PhysicalAddress' : [ 0x18, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x28, ['pointer', ['void']]],
+    'OpenRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'WriteRoutine' : [ 0x30, ['pointer', ['void']]],
+    'FinishRoutine' : [ 0x34, ['pointer', ['void']]],
+    'AdapterObject' : [ 0x38, ['pointer', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x3c, ['pointer', ['void']]],
+    'PortConfiguration' : [ 0x40, ['pointer', ['void']]],
+    'CrashDump' : [ 0x44, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x45, ['unsigned char']],
+    'HiberResume' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x47, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x48, ['unsigned long']],
+    'CommonBufferSize' : [ 0x4c, ['unsigned long']],
+    'TargetAddress' : [ 0x50, ['pointer', ['void']]],
+    'WritePendingRoutine' : [ 0x54, ['pointer', ['void']]],
+    'PartitionStyle' : [ 0x58, ['unsigned long']],
+    'DiskInfo' : [ 0x5c, ['__unnamed_3261']],
+    'ReadRoutine' : [ 0x6c, ['pointer', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0x70, ['pointer', ['void']]],
+    'LogSectionTruncateSize' : [ 0x74, ['unsigned long']],
+    'Parameters' : [ 0x78, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xb8, ['pointer', ['void']]],
+    'DumpNotifyRoutine' : [ 0xbc, ['pointer', ['void']]],
+} ],
+  '_MI_SYSTEM_REGION_ANCHOR' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ActiveCooling' : [ 0x14, ['pointer', ['void']]],
+    'PassiveCooling' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PEP_WORK_INFORMATION' : [ 0x20, {
+    'WorkType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepWorkActiveComplete', 1: u'PepWorkRequestIdleState', 2: u'PepWorkDevicePower', 3: u'PepWorkRequestPowerControl', 4: u'PepWorkDeviceIdle', 5: u'PepWorkCompleteIdleState', 6: u'PepWorkCompletePerfState', 7: u'PepWorkAcpiNotify', 8: u'PepWorkAcpiEvaluateControlMethodComplete', 9: u'PepWorkMax'})]],
+    'ActiveComplete' : [ 0x4, ['_PEP_WORK_ACTIVE_COMPLETE']],
+    'IdleState' : [ 0x4, ['_PEP_WORK_IDLE_STATE']],
+    'DevicePower' : [ 0x4, ['_PEP_WORK_DEVICE_POWER']],
+    'PowerControl' : [ 0x4, ['_PEP_WORK_POWER_CONTROL']],
+    'DeviceIdle' : [ 0x4, ['_PEP_WORK_DEVICE_IDLE']],
+    'CompleteIdleState' : [ 0x4, ['_PEP_WORK_COMPLETE_IDLE_STATE']],
+    'CompletePerfState' : [ 0x4, ['_PEP_WORK_COMPLETE_PERF_STATE']],
+    'AcpiNotify' : [ 0x4, ['_PEP_WORK_ACPI_NOTIFY']],
+    'ControlMethodComplete' : [ 0x4, ['_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x8, {
+    'Start' : [ 0x0, ['pointer', ['unsigned char']]],
+    'End' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0x60, {
+    'Component' : [ 0x0, ['pointer', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x4, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x14, ['pointer', ['void']]],
+    'Flags' : [ 0x18, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x1c, ['pointer', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x20, ['unsigned long']],
+    'LastChangeStamp' : [ 0x28, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x30, ['unsigned char']],
+    'PepRegistered' : [ 0x31, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x32, ['unsigned char']],
+    'RequestDriverContext' : [ 0x34, ['pointer', ['void']]],
+    'WorkOrder' : [ 0x38, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x54, ['unsigned long']],
+    'Sets' : [ 0x58, ['pointer', ['_POP_FX_PERF_SET']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_MI_ACCESS_VIOLATION_RANGE' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Va' : [ 0xc, ['pointer', ['void']]],
+    'EndVaInclusive' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE' : [ 0x18, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'CompletionFlags' : [ 0x4, ['unsigned long']],
+    'MethodStatus' : [ 0x8, ['long']],
+    'CompletionContext' : [ 0xc, ['pointer', ['void']]],
+    'OutputArgumentSize' : [ 0x10, ['unsigned long']],
+    'OutputArguments' : [ 0x14, ['pointer', ['_ACPI_METHOD_ARGUMENT_V1']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'AttemptForCantExtend' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'UnusedSegmentDeletion' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileContract' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NoWait' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_RESTRICTED_MODWRITES' : [ 0x3, {
+    'MaximumClusterPages' : [ 0x0, ['unsigned char']],
+    'ReducedClusterWrites' : [ 0x1, ['unsigned char']],
+    'ImposeDelay' : [ 0x2, ['unsigned char']],
+} ],
+  '_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'AbnormalResetOccurred' : [ 0x4, ['unsigned long']],
+    'OfflineMemoryDumpCapable' : [ 0x8, ['unsigned long']],
+    'ResetDataAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'ResetDataSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_ACPI_METHOD_ARGUMENT_V1' : [ 0x8, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'DataLength' : [ 0x2, ['unsigned short']],
+    'Argument' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x4, ['array', 1, ['unsigned char']]],
+} ],
+  '_POP_FX_ACTIVE_TIME_ACCOUNTING' : [ 0x60, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Unattributed' : [ 0x8, ['unsigned long long']],
+    'Buckets' : [ 0x10, ['array', 5, ['unsigned long long']]],
+    'PerBucket' : [ 0x38, ['array', 5, ['unsigned long long']]],
+} ],
+  '_PEP_WORK_ACPI_NOTIFY' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'NotifyCode' : [ 0x4, ['unsigned long']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x10, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0xc, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0xc, ['_RTL_BITMAP']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x70, {
+    'UncompressedData' : [ 0x0, ['pointer', ['unsigned char']]],
+    'MappingVa' : [ 0x4, ['pointer', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x8, ['pointer', ['void']]],
+    'CompressedDataBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'CompressTicks' : [ 0x18, ['unsigned long long']],
+    'BytesCopied' : [ 0x20, ['unsigned long long']],
+    'PagesProcessed' : [ 0x28, ['unsigned long long']],
+    'DecompressTicks' : [ 0x30, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x38, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x40, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x68, ['unsigned long']],
+    'HuffCompressCount' : [ 0x6c, ['unsigned long']],
+} ],
+  '_ETW_APC_ENTRY' : [ 0x30, {
+    'SListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Apc' : [ 0x0, ['_KAPC']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x24, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SystemClass', 1: u'ProcessorClass', 2: u'CacheClass', 3: u'AdapterClass', 4: u'ControllerClass', 5: u'PeripheralClass', 6: u'MemoryClass', 7: u'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ArcSystem', 1: u'CentralProcessor', 2: u'FloatingPointProcessor', 3: u'PrimaryIcache', 4: u'PrimaryDcache', 5: u'SecondaryIcache', 6: u'SecondaryDcache', 7: u'SecondaryCache', 8: u'EisaAdapter', 9: u'TcAdapter', 10: u'ScsiAdapter', 11: u'DtiAdapter', 12: u'MultiFunctionAdapter', 13: u'DiskController', 14: u'TapeController', 15: u'CdromController', 16: u'WormController', 17: u'SerialController', 18: u'NetworkController', 19: u'DisplayController', 20: u'ParallelController', 21: u'PointerController', 22: u'KeyboardController', 23: u'AudioController', 24: u'OtherController', 25: u'DiskPeripheral', 26: u'FloppyDiskPeripheral', 27: u'TapePeripheral', 28: u'ModemPeripheral', 29: u'MonitorPeripheral', 30: u'PrinterPeripheral', 31: u'PointerPeripheral', 32: u'KeyboardPeripheral', 33: u'TerminalPeripheral', 34: u'OtherPeripheral', 35: u'LinePeripheral', 36: u'NetworkPeripheral', 37: u'SystemMemory', 38: u'DockingInformation', 39: u'RealModeIrqRoutingTable', 40: u'RealModePCIEnumeration', 41: u'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer', ['unsigned char']]],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x58, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'ResponsivenessEvents' : [ 0x50, ['unsigned long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_FLAGS' : [ 0x2, {
+    'SecondaryInterrupt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_POWER_PLANE_PROFILE' : [ 0x8, {
+    'ExclusivePowerMw' : [ 0x0, ['unsigned long']],
+    'PeakPowerMw' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARM_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x10, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_PEP_WORK_COMPLETE_PERF_STATE' : [ 0xc, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+    'Succeeded' : [ 0x8, ['unsigned char']],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x60, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+    'PreloadEndTime' : [ 0x10, ['unsigned long long']],
+    'TcbLoaderStartTime' : [ 0x18, ['unsigned long long']],
+    'LoadHypervisorTime' : [ 0x20, ['unsigned long long']],
+    'LaunchHypervisorTime' : [ 0x28, ['unsigned long long']],
+    'LoadVsmTime' : [ 0x30, ['unsigned long long']],
+    'LaunchVsmTime' : [ 0x38, ['unsigned long long']],
+    'ExecuteTransitionStartTime' : [ 0x40, ['unsigned long long']],
+    'ExecuteTransitionEndTime' : [ 0x48, ['unsigned long long']],
+    'LoadDriversTime' : [ 0x50, ['unsigned long long']],
+    'CleanupVsmTime' : [ 0x58, ['unsigned long long']],
+} ],
+  '_MI_FREE_LARGE_PAGES' : [ 0x28, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long']]],
+    'LargePagesCount' : [ 0x8, ['array', 2, ['array', 2, ['array', 1, ['unsigned long']]]]],
+    'LargePageEntries' : [ 0x18, ['array', 2, ['array', 2, ['array', 1, ['pointer', ['_MI_FREE_LARGE_PAGE_LIST']]]]]],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x24, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x4, ['pointer', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x8, ['long']],
+    'MissedMappingsCount' : [ 0xc, ['unsigned long']],
+    'FirmwareResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'EfiMemoryMap' : [ 0x18, ['pointer', ['void']]],
+    'EfiMemoryMapSize' : [ 0x1c, ['unsigned long']],
+    'EfiMemoryMapDescriptorSize' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_WORK_IDLE_STATE' : [ 0xc, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+    'State' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_POWER_PLANE' : [ 0x24, {
+    'PowerPlaneId' : [ 0x0, ['_UNICODE_STRING']],
+    'Lock' : [ 0x8, ['unsigned long']],
+    'OldIrql' : [ 0xc, ['unsigned char']],
+    'DevicePowerMw' : [ 0x10, ['long']],
+    'PmaxHandle' : [ 0x14, ['pointer', ['void']]],
+    'NotifyDevicePowerDraw' : [ 0x18, ['pointer', ['void']]],
+    'DeviceCount' : [ 0x1c, ['unsigned long']],
+    'Devices' : [ 0x20, ['pointer', ['pointer', ['_POP_DEVICE_POWER_PROFILE']]]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x8, {
+    'NextExtension' : [ 0x0, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_SMBIOS3_TABLE_HEADER' : [ 0x18, {
+    'Signature' : [ 0x0, ['array', 5, ['unsigned char']]],
+    'Checksum' : [ 0x5, ['unsigned char']],
+    'Length' : [ 0x6, ['unsigned char']],
+    'MajorVersion' : [ 0x7, ['unsigned char']],
+    'MinorVersion' : [ 0x8, ['unsigned char']],
+    'Docrev' : [ 0x9, ['unsigned char']],
+    'EntryPointRevision' : [ 0xa, ['unsigned char']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'StructureTableMaximumSize' : [ 0xc, ['unsigned long']],
+    'StructureTableAddress' : [ 0x10, ['unsigned long long']],
+} ],
+  '_LOADER_PARAMETER_CI_EXTENSION' : [ 0x50, {
+    'CodeIntegrityOptions' : [ 0x0, ['unsigned long']],
+    'UpgradeInProgress' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsWinPE' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CustomKernelSignersAllowed' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'WhqlEnforcementDate' : [ 0x8, ['_LARGE_INTEGER']],
+    'RevocationListOffset' : [ 0x10, ['unsigned long']],
+    'RevocationListSize' : [ 0x14, ['unsigned long']],
+    'CodeIntegrityPolicyOffset' : [ 0x18, ['unsigned long']],
+    'CodeIntegrityPolicySize' : [ 0x1c, ['unsigned long']],
+    'CodeIntegrityPolicyHashOffset' : [ 0x20, ['unsigned long']],
+    'CodeIntegrityPolicyHashSize' : [ 0x24, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashOffset' : [ 0x28, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashSize' : [ 0x2c, ['unsigned long']],
+    'WeakCryptoPolicyLoadStatus' : [ 0x30, ['long']],
+    'WeakCryptoPolicyOffset' : [ 0x34, ['unsigned long']],
+    'WeakCryptoPolicySize' : [ 0x38, ['unsigned long']],
+    'SecureBootPolicyOffset' : [ 0x3c, ['unsigned long']],
+    'SecureBootPolicySize' : [ 0x40, ['unsigned long']],
+    'Reserved2' : [ 0x44, ['unsigned long']],
+    'SerializedData' : [ 0x48, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_LDRP_CSLIST' : [ 0x4, {
+    'Tail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x38, {
+    'GetTime' : [ 0x0, ['unsigned long']],
+    'SetTime' : [ 0x4, ['unsigned long']],
+    'GetWakeupTime' : [ 0x8, ['unsigned long']],
+    'SetWakeupTime' : [ 0xc, ['unsigned long']],
+    'SetVirtualAddressMap' : [ 0x10, ['unsigned long']],
+    'ConvertPointer' : [ 0x14, ['unsigned long']],
+    'GetVariable' : [ 0x18, ['unsigned long']],
+    'GetNextVariableName' : [ 0x1c, ['unsigned long']],
+    'SetVariable' : [ 0x20, ['unsigned long']],
+    'GetNextHighMonotonicCount' : [ 0x24, ['unsigned long']],
+    'ResetSystem' : [ 0x28, ['unsigned long']],
+    'UpdateCapsule' : [ 0x2c, ['unsigned long']],
+    'QueryCapsuleCapabilities' : [ 0x30, ['unsigned long']],
+    'QueryVariableInfo' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ExceptionHandlingReady' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ShadowStacksSupported' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AccessBitFenceRequired' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'PfnDatabaseExists' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'DeferredHotAddsCompleted' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'KernelHalLargeSectionAlignment' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_MI_STORE_INPAGE_COMPLETE_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['unsigned long']],
+    'StoreFault' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LowResourceFailure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned long')]],
+    'RemainingPageCount' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_WORK_QUEUE_MANAGER' : [ 0xb8, {
+    'Partition' : [ 0x0, ['pointer', ['_EX_PARTITION']]],
+    'Node' : [ 0x4, ['pointer', ['_ENODE']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+    'DeadlockTimer' : [ 0x18, ['_KTIMER']],
+    'ReaperEvent' : [ 0x40, ['_KEVENT']],
+    'ReaperTimer' : [ 0x50, ['_KTIMER2']],
+    'ThreadHandle' : [ 0xa8, ['pointer', ['void']]],
+    'ExitThread' : [ 0xac, ['unsigned long']],
+    'ThreadSeed' : [ 0xb0, ['unsigned short']],
+} ],
+  '_LOADER_PARAMETER_HYPERVISOR_EXTENSION' : [ 0x40, {
+    'InitialHypervisorCrashdumpAreaPageCount' : [ 0x0, ['unsigned long']],
+    'HypervisorCrashdumpAreaPageCount' : [ 0x4, ['unsigned long']],
+    'InitialHypervisorCrashdumpAreaSpa' : [ 0x8, ['unsigned long long']],
+    'HypervisorCrashdumpAreaSpa' : [ 0x10, ['unsigned long long']],
+    'HypervisorLaunchStatus' : [ 0x18, ['unsigned long long']],
+    'HypervisorLaunchStatusArg1' : [ 0x20, ['unsigned long long']],
+    'HypervisorLaunchStatusArg2' : [ 0x28, ['unsigned long long']],
+    'HypervisorLaunchStatusArg3' : [ 0x30, ['unsigned long long']],
+    'HypervisorLaunchStatusArg4' : [ 0x38, ['unsigned long long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x28, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x10, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x18, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_PEP_WORK_POWER_CONTROL' : [ 0x1c, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'PowerControlCode' : [ 0x4, ['pointer', ['_GUID']]],
+    'RequestContext' : [ 0x8, ['pointer', ['void']]],
+    'InBuffer' : [ 0xc, ['pointer', ['void']]],
+    'InBufferSize' : [ 0x10, ['unsigned long']],
+    'OutBuffer' : [ 0x14, ['pointer', ['void']]],
+    'OutBufferSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_PEP_WORK_DEVICE_POWER' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'PowerRequired' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeFilteredPrivateLogger', 12: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0xc, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+    'TimeDateStamp' : [ 0x8, ['unsigned long']],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x10, {
+    'DHCPServerACK' : [ 0x0, ['pointer', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x4, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x8, ['pointer', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0xc, ['unsigned long']],
+} ],
+  '_BOOT_ENTROPY_LDR_RESULT' : [ 0x868, {
+    'maxEntropySources' : [ 0x0, ['unsigned long']],
+    'EntropySourceResult' : [ 0x8, ['array', 10, ['_BOOT_ENTROPY_SOURCE_LDR_RESULT']]],
+    'SeedBytesForCng' : [ 0x418, ['array', 48, ['unsigned char']]],
+    'RngBytesForNtoskrnl' : [ 0x448, ['array', 1024, ['unsigned char']]],
+    'KdEntropy' : [ 0x848, ['array', 32, ['unsigned char']]],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x40, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0xc, ['pointer', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x10, ['pointer', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x14, ['pointer', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x18, ['pointer', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x1c, ['pointer', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x20, ['pointer', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x24, ['pointer', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x28, ['pointer', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x2c, ['pointer', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x30, ['pointer', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x34, ['pointer', ['void']]],
+    'PreQueryOpen' : [ 0x38, ['pointer', ['void']]],
+    'PostQueryOpen' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x18, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x14, ['pointer', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_FAULT_INFORMATION' : [ 0x1c, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'FaultInformationInvalid', 1: u'FaultInformationArm64'})]],
+    'Arm64' : [ 0x4, ['_FAULT_INFORMATION_ARM64']],
+} ],
+  '_PEP_WORK_COMPLETE_IDLE_STATE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x4, ['unsigned long']],
+} ],
+  '_PEP_WORK_ACTIVE_COMPLETE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x24, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x10, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_333c' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x4, ['pointer', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_333e' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x28, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x8, ['unsigned long long']],
+    'Unit' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x18, ['__unnamed_333c']],
+    'Range' : [ 0x18, ['__unnamed_333e']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CURDIR' : [ 0xc, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_BOOT_ENTROPY_SOURCE_LDR_RESULT' : [ 0x68, {
+    'SourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceNone', 1: u'BootEntropySourceSeedfile', 2: u'BootEntropySourceExternal', 3: u'BootEntropySourceTpm', 4: u'BootEntropySourceRdrand', 5: u'BootEntropySourceTime', 6: u'BootEntropySourceAcpiOem0', 7: u'BootEntropySourceUefi', 8: u'BootEntropySourceCng', 9: u'BootEntropySourceTcbTpm', 10: u'BootMaxEntropySources'})]],
+    'Policy' : [ 0x8, ['unsigned long long']],
+    'ResultCode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceStructureUninitialized', 1: u'BootEntropySourceDisabledByPolicy', 2: u'BootEntropySourceNotPresent', 3: u'BootEntropySourceError', 4: u'BootEntropySourceSuccess'})]],
+    'ResultStatus' : [ 0x14, ['long']],
+    'Time' : [ 0x18, ['unsigned long long']],
+    'EntropyLength' : [ 0x20, ['unsigned long']],
+    'EntropyData' : [ 0x24, ['array', 64, ['unsigned char']]],
+} ],
+  'POHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '__unnamed_334f' : [ 0x8, {
+    'EndingOffset' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x4, ['pointer', ['pointer', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_3351' : [ 0x4, {
+    'ResourceToRelease' : [ 0x0, ['pointer', ['_ERESOURCE']]],
+} ],
+  '__unnamed_3357' : [ 0xc, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+} ],
+  '__unnamed_3359' : [ 0x14, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileInformation' : [ 0x4, ['pointer', ['void']]],
+    'Length' : [ 0x8, ['pointer', ['unsigned long']]],
+    'FileInformationClass' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'CompletionStatus' : [ 0x10, ['long']],
+} ],
+  '__unnamed_335b' : [ 0x14, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+    'Argument5' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x14, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_334f']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_3351']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_3357']],
+    'QueryOpen' : [ 0x0, ['__unnamed_3359']],
+    'Others' : [ 0x0, ['__unnamed_335b']],
+} ],
+  '_FAULT_INFORMATION_ARM64' : [ 0x18, {
+    'DomainHandle' : [ 0x0, ['pointer', ['void']]],
+    'FaultAddress' : [ 0x4, ['pointer', ['void']]],
+    'PhysicalDeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'InputMappingId' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_FAULT_INFORMATION_ARM64_FLAGS']],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'UnsupportedUpstreamTransaction', 1: u'AddressSizeFault', 2: u'TlbMatchConflict', 3: u'ExternalFault', 4: u'PermissionFault', 5: u'AccessFlagFault', 6: u'TranslationFault', 7: u'MaxFaultType'})]],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_PEP_WORK_DEVICE_IDLE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'IgnoreIdleTimeout' : [ 0x4, ['unsigned char']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+  '_FAULT_INFORMATION_ARM64_FLAGS' : [ 0x4, {
+    'WriteNotRead' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'InstructionNotData' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Privileged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'FaultAddressValid' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+}

From c808681ca99265201dd773d7a5efbde8e0f21479 Mon Sep 17 00:00:00 2001
From: Michael Ligh <mligh@volexity.com>
Date: Wed, 2 Oct 2019 15:41:01 -0500
Subject: [PATCH 285/304] update the readme for 18362

---
 README.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.txt b/README.txt
index 7fcc6262b..46f7202ed 100644
--- a/README.txt
+++ b/README.txt
@@ -36,8 +36,8 @@ Windows:
 * 64-bit Windows 7 Service Pack 0 and 1
 * 64-bit Windows 8, 8.1, and 8.1 Update 1
 * 64-bit Windows Server 2012 and 2012 R2 
-* 64-bit Windows 10 (including at least 10.0.14393)
-* 64-bit Windows Server 2016 (including at least 10.0.14393.0)
+* 64-bit Windows 10 (including at least 10.0.18362)
+* 64-bit Windows Server 2016 (including at least 10.0.18362)
 
 Note: Please see the guidelines at the following link for notes on 
 compatibility with recently patched Windows 7 (or later) memory samples:

From f8b4df284212d0c0a5a66c7ca5b17c4cad2bf5a0 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 2 Oct 2019 16:37:47 -0500
Subject: [PATCH 286/304] Windows - update timeliner to report network sockets
 and connections more clearly

---
 volatility/plugins/timeliner.py | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/volatility/plugins/timeliner.py b/volatility/plugins/timeliner.py
index a0f9a2afb..52b806229 100644
--- a/volatility/plugins/timeliner.py
+++ b/volatility/plugins/timeliner.py
@@ -393,15 +393,26 @@ def calculate(self):
             if "Socket" in self._config.TYPE:
                 nets = netscan.Netscan(self._config).calculate()
             for net_object, proto, laddr, lport, raddr, rport, state in nets:
-                conn = "{0}:{1} -> {2}:{3}".format(laddr, lport, raddr, rport)
-                line = "[{6}NETWORK CONNECTION]{0} {2}{0} {1}/{3}/{4}/{5:<#10x}".format(
+
+                if net_object.CreateTime.v() == 0:
+                    continue
+
+                if raddr == "*" and rport == "*":
+                    conn = "{0}:{1}".format(laddr, lport)
+                    socket_type = "SOCKET"
+                else:
+                    conn = "{0}:{1} -> {2}:{3}".format(laddr, lport, raddr, rport)
+                    socket_TYPE = "CONNECTION"
+
+                line = "[{6}NETWORK {7}]{0} {2}{0} {1}/{3}/{4}/{5:<#10x}".format(
                         "" if body else "|",
                         net_object.Owner.UniqueProcessId,
                         conn,
                         proto,
                         state,
                         net_object.obj_offset,
-                        self._config.MACHINE)
+                        self._config.MACHINE,
+                        socket_type)
 
                 yield self.getoutput(line, net_object.CreateTime, body = body)
 

From 62aa820f1bb2e1b406b497483c77d6d6b16dd2bf Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Sun, 6 Oct 2019 11:42:27 -0500
Subject: [PATCH 287/304] Windows - update mapped file filter for rare smear
 instance

---
 volatility/plugins/overlays/windows/windows.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/overlays/windows/windows.py b/volatility/plugins/overlays/windows/windows.py
index f4ec6edcd..32a478a86 100644
--- a/volatility/plugins/overlays/windows/windows.py
+++ b/volatility/plugins/overlays/windows/windows.py
@@ -663,8 +663,10 @@ def _mapped_file_filter(self, vad):
         @returns: True if the MMVAD looks like it might
         contain a mapped file. 
         """
-
-        return vad.VadFlags.PrivateMemory == 0 and vad.ControlArea
+        try:
+            return vad.VadFlags.PrivateMemory == 0 and vad.ControlArea
+        except AttributeError:
+            return False
 
     def environment_variables(self):
         """Generator for environment variables. 

From 0249172dc2b5bea4522fb1cab7c0df03f23cb7f3 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Mon, 7 Oct 2019 12:31:23 -0500
Subject: [PATCH 288/304] Mac - add file extraction support for 10.14+

---
 volatility/plugins/overlays/mac/mac.py | 35 +++++++++++++++++++++-----
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 668a3753e..dc112d49e 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -385,25 +385,47 @@ def get_contents(self):
         idx = 0
         written = 0
 
-        while cur and cur.is_valid() and cur.offset < file_size:
+        while cur and cur.is_valid() and cur.get_offset() < file_size:
             # the last element of the queue seems to track the size of the queue
-            if cur.offset != 0 and cur.offset == idx:
+            if cur.get_offset() != 0 and cur.get_offset() == idx:
                 break
             
-            if cur.phys_page != 0 and cur.offset >= 0:
+            if cur.get_phys_page() != 0 and cur.get_offset() >= 0:
                 sz = 4096
 
                 if file_size - written < 4096:
                     sz = file_size - written
                 
-                buf = phys_as.zread(cur.phys_page * 4096, sz)
+                buf = phys_as.zread(cur.get_phys_page() * 4096, sz)
 
-                yield (cur.offset.v(), buf)
+                yield (cur.get_offset().v(), buf)
 
             idx     = idx + 1
             written = written + 4096
 
-            cur = self._get_next_page(cur.listq)
+            cur = self._get_next_page(cur.get_listq())
+
+class vm_page(obj.CType):
+    def _get_vmp_member(self, memb):
+        ret = self.members.get(memb)
+
+        if ret:
+            ret = self.m(memb)
+
+        # 10.14+
+        else:
+            ret = self.m("vmp_" + memb)
+
+        return ret
+
+    def get_offset(self):
+        return self._get_vmp_member("offset")
+
+    def get_phys_page(self):
+        return self._get_vmp_member("phys_page")
+
+    def get_listq(self):
+        return self._get_vmp_member("listq")
 
 class fileglob(obj.CType):
     
@@ -2280,6 +2302,7 @@ def modification(self, profile):
             'vm_map_object' : vm_map_object,
             'rtentry' : rtentry,
             'queue_entry' : queue_entry,
+            'vm_page' : vm_page,
         })
 
 mac_overlay = {

From 050dab6dab20e42e03b76d5ffb023d27dc5e9340 Mon Sep 17 00:00:00 2001
From: Jamie Levy <jamie@memoryanalysis.net>
Date: Tue, 8 Oct 2019 10:20:03 -0500
Subject: [PATCH 289/304] small fix

for some reason this was deleted in commit
3235757bd2f0a7628bc7cb4f5723d4a99e68ebdf
---
 CREDITS.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CREDITS.txt b/CREDITS.txt
index 46714be5d..979215704 100644
--- a/CREDITS.txt
+++ b/CREDITS.txt
@@ -106,6 +106,7 @@ Jon Evans
 Robert Guess
 Christian Herndler
 jeremie0
+Jamie Levy
 Eugene Libster
 Erik Ligda
 Robert Lowe

From 1004fd8839e2fe3de3907524aa48ed1ebd03097f Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 20 Feb 2020 10:09:37 -0600
Subject: [PATCH 290/304] Updated supported Mac and Linux versions

---
 README.txt | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/README.txt b/README.txt
index 46f7202ed..9b51cbd93 100644
--- a/README.txt
+++ b/README.txt
@@ -45,8 +45,8 @@ compatibility with recently patched Windows 7 (or later) memory samples:
     https://github.com/volatilityfoundation/volatility/wiki/2.6-Win-Profiles
 
 Linux: 
-* 32-bit Linux kernels 2.6.11 to 4.2.3
-* 64-bit Linux kernels 2.6.11 to 4.2.3
+* 32-bit Linux kernels 2.6.11 to 5.5
+* 64-bit Linux kernels 2.6.11 to 5.5
 * OpenSuSE, Ubuntu, Debian, CentOS, Fedora, Mandriva, etc
 
 Mac OSX:
@@ -60,6 +60,9 @@ Mac OSX:
 * 64-bit 10.10.x Yosemite (there is no 32-bit version)
 * 64-bit 10.11.x El Capitan (there is no 32-bit version)
 * 64-bit 10.12.x Sierra (there is no 32-bit version)
+* 64-bit 10.13.x High Sierra (there is no 32-bit version))
+* 64-bit 10.14.x Mojave (there is no 32-bit version)
+* 64-bit 10.15.x Catalina (there is no 32-bit version)
 
 Volatility does not provide memory sample acquisition
 capabilities. For acquisition, there are both free and commercial

From 805a6a377c4fcf153b2f4fb5929ade80dc6c8543 Mon Sep 17 00:00:00 2001
From: atcuno <andrew@dfir.org>
Date: Tue, 3 Mar 2020 12:21:49 -0600
Subject: [PATCH 291/304] Update mac_dump_maps

---
 volatility/plugins/mac/dump_map.py | 322 +++++------------------------
 1 file changed, 52 insertions(+), 270 deletions(-)

diff --git a/volatility/plugins/mac/dump_map.py b/volatility/plugins/mac/dump_map.py
index 150e8fbcc..3133a99a2 100644
--- a/volatility/plugins/mac/dump_map.py
+++ b/volatility/plugins/mac/dump_map.py
@@ -29,294 +29,76 @@
 import volatility.obj as obj
 import volatility.debug as debug
 import volatility.plugins.mac.common as common
-import volatility.plugins.mac.proc_maps as proc_maps
-import struct
-import WKdm
+import volatility.plugins.mac.pstasks as pstasks 
 
-class mac_dump_maps(proc_maps.mac_proc_maps):
-    """ Dumps memory ranges of process(es), optionally including pages in compressed swap """
+class mac_dump_maps(pstasks.mac_tasks):
+    """ Dumps memory ranges of process(es) """
 
     def __init__(self, config, *args, **kwargs):         
-        proc_maps.mac_proc_maps.__init__(self, config, *args, **kwargs)         
+        pstasks.mac_tasks.__init__(self, config, *args, **kwargs)         
         self._config.add_option('MAP-ADDRESS', short_option = 's', default = None, help = 'Filter by starting address of map', action = 'store', type = 'long') 
-        self._config.add_option('OUTPUTFILE', short_option = 'O', default = None, help = 'Output File', action = 'store', type = 'str')
-        self._config.add_option('DECOMPRESS-SWAP', default = False, help = 'Also decompress pages in compressed swap', action = 'store_true')
-        self._config.add_option('ONLY-DECOMPRESSED-SWAP', default = False, help = 'Dump only successfully decompressed swap pages, nothing else', action = 'store_true')
-        self._config.add_option('SKIP-WRITING', short_option = 't',
-                                help = 'Skip writing pages, just print stats and optionally test decompression',
-                                action = 'store_true', default = False)
-
-        # defined in osfmk/vm/vm_compressor.h; proper decompression relies on these
-        self.C_SEG_BUFSIZE =               (1024 * 256)
-        self.C_SEG_ALLOCSIZE =             (self.C_SEG_BUFSIZE + 4096)
-        self.C_SEG_SLOT_ARRAYS =            6
-        self.C_SEG_SLOT_ARRAY_SIZE =       64        
-        self.C_SEG_SLOT_ARRAY_MASK =       (self.C_SEG_SLOT_ARRAY_SIZE - 1)
-        self.C_SEG_OFFSET_ALIGNMENT_MASK = 0x3
-
-        # defined in osfmk/vm/vm_compressor_pager.c; proper slot lookup relies on these
-
-        self.COMPRESSOR_SLOTS_CHUNK_SIZE = 512
-        self.COMPRESSOR_SLOTS_PER_CHUNK  = 128    #   (COMPRESSOR_SLOTS_CHUNK_SIZE / sizeof (compressor_slot_t)), compressor_slot_t is a 32-bit int       
-
-        # WKdm decompression in Python
-        self.wkdm=WKdm.WKdm()
-
-        self.dest = [0] * self.wkdm.PAGE_SIZE_IN_WORDS
-
-        self.successful_decompressions = 0
+        self._config.add_option('DUMP-DIR', short_option = 'D', default = None,
+                      cache_invalidator = False,
+                      help = 'Directory in which to dump extracted files')
 
         # don't try to deal with maps larger than this--just skip them
-        self.MAXMAPSIZE = 16000000000
-
-    def compressed_page_location(self, outfd, map, addr):
-        # return (seg, idx) pair that identifies the location of a
-        # compressed page starting at 'addr' and belonging to a
-        # vm_map_entry 'map' in the compressor store.  Returns (None,
-        # None) if the compressor doesn't own this page.
-
-        # based on compressor_pager_slot_lookup() in osfmk/vm/vm_compressor_pager.c and 
-        # c_decompress_page in osfmk/vm_compressor.c
-
-        vm_obj = map.object.vm_object
-        if not vm_obj.is_valid() or vm_obj.pager_created == 0 or vm_obj.pager_initialized == 0 or vm_obj.pager_ready == 0:
-            # compressor can't own pages from this object--object has no pager or pager isn't initialized
-            (seg, idx) = (None, None)
-        else:
-            #print "PAGING OFFSET: " + str(vm_obj.paging_offset)
-            addr += vm_obj.paging_offset
-            page_num = addr / self.wkdm.PAGE_SIZE_IN_BYTES
-            pager = vm_obj.pager.dereference_as("compressor_pager")
-            pager_name = pager.cpgr_pager_ops.memory_object_pager_name.dereference_as("char")
-            if pager_name != "c":   # "compressor pager" in pager ops 
-                # if the pager isn't the compressor_pager, then move on
-                # print "  Corresponding pager " + pager_name + " isn't the compressor pager. Substituting zero page." 
-                (seg, idx) = (None, None)
-            elif not pager.is_valid():
-            # pager isn't initialized 
-                outfd.write("  Pager isn't initialized. Substituting zero page.\n")
-                (seg, idx) = (None, None)
-            # page is out of range
-            elif page_num > pager.cpgr_num_slots:
-                outfd.write("  page_num > pager.cpgr_num_slots: " + str(page_num) + " " + str(pager.cpgr_num_slots) + ".  Substituting zero page.\n")
-                (seg, idx) = (None, None)
-            else:
-                #print "## " + str(pager.cpgr_num_slots)
-                #print "## " + str(self.COMPRESSOR_SLOTS_PER_CHUNK)
-                num_chunks = (pager.cpgr_num_slots + self.COMPRESSOR_SLOTS_PER_CHUNK - 1) / self.COMPRESSOR_SLOTS_PER_CHUNK
-                if num_chunks > 1:
-                    # array of chunks
-                    chunk_idx = page_num / self.COMPRESSOR_SLOTS_PER_CHUNK
-                    cpgr_islots = obj.Object("Array", offset = pager.cpgr_slots.cpgr_islots, targetType = "Pointer",   
-                                            count = num_chunks, vm = self.addr_space)                                  
-                    chunks_ptr = cpgr_islots[chunk_idx]
-                    if chunks_ptr.is_valid():
-                        chunk = obj.Object("Array", offset = chunks_ptr, targetType = "unsigned int",  # compressor_slot_t
-                                           count = self.COMPRESSOR_SLOTS_PER_CHUNK, vm = self.addr_space)
-                        slot_idx = page_num % self.COMPRESSOR_SLOTS_PER_CHUNK                        
-
-                        # chunk[slot_idx] is actually a c_slot_mapping
-                        # struct  c_slot_mapping {
-                        #        uint32_t        s_cseg:22,      /* segment number + 1 */
-                        #                        s_cindx:10;     /* index in the segment */
-                        # };
-
-                        # print "DOUBLE LEVEL SEGIDX bitfield is " + str(chunk[slot_idx])
-
-                        seg = chunk[slot_idx] & 0x3FFFFF
-                        idx = chunk[slot_idx] >> 22
-                    else:
-                        (seg, idx) = (None, None)
-                else:
-                    slot_idx = page_num;
-                    cpgr_dslots = obj.Object("Array", offset = pager.cpgr_slots.cpgr_dslots, targetType = "unsigned int",   # actually compressor_slot_t, == int; 
-                                            count = pager.cpgr_num_slots, vm = self.addr_space)                             # unsigned here because we have to 
-
-                    # cpgr_dslots[slot_idx] is actually a c_slot_mapping:
-                    # struct  c_slot_mapping {
-                    #        uint32_t        s_cseg:22,      /* segment number + 1 */
-                    #                        s_cindx:10;     /* index in the segment */
-                    # };
-
-                    # print "SINGLE LEVEL SEGIDX bitfield is " + str(cpgr_dslots[slot_idx])
-                    
-                    seg = cpgr_dslots[slot_idx] & 0x3FFFFF
-                    idx = cpgr_dslots[slot_idx] >> 22
-
-        return (seg, idx)                
+        self.MAXMAPSIZE = 1000000000
 
-
-    def decompress(self, outfd, seg, idx):
-        # decompress and return 4K page identified by (seg, idx).  Returns None if decompression fails.
-        page = None
-        if seg >= self.c_segment_count or seg < 1:
-            outfd.write("  Segment out of bounds: " + str(seg) + ". Must be > 0 and < c_segment_count == " + str(self.c_segment_count) + ". Substituting zero page.\n")
-        else:
-            c_seg = self.c_segments[seg - 1].c_seg          # seg is actually segment index + 1
-            if c_seg.c_ondisk == 1:
-                outfd.write("  Segment " + str(seg) + " is swapped out. Substituting zero page.\n")
-            else:
-                j1 = idx / self.C_SEG_SLOT_ARRAY_SIZE
-                j2 = idx & self.C_SEG_SLOT_ARRAY_MASK
-
-                cslot_array = c_seg.c_slots[j1]
-                if cslot_array.is_valid():
-                    cslots = obj.Object("Array", offset = cslot_array, targetType = "c_slot", 
-                                        count = self.C_SEG_SLOT_ARRAY_SIZE, vm = self.addr_space)
-                    cslot=cslots[j2]
-                    (csize, compressed, status) = (4096 / 4, False, "UNCOMPRESSED") if (cslot.c_size == 4095) else (cslot.c_size / 4, True, "COMPRESSED")
-                    if csize > 0:
-                        outfd.write("  Slot " + str(j1) + ", " + str(j2) + ": offset = " + str(cslot.c_offset * 4) + " bytes, size = " + str(csize * 4) + " bytes, " + status + "\n")
-                        page = obj.Object("Array", offset = c_seg.c_store.c_buffer+cslot.c_offset * 4, targetType = "int", 
-                                          count = csize, vm = self.addr_space)
-                        if compressed:
-                            # try to decompress page. Compressed data is fed to WKdm as an array of 32-bit ints.
-                            decompressed = self.wkdm.WKdm_decompress(page, self.dest)
-                            if decompressed > 0:
-                                page = self.dest[:]
-                                outfd.write("  Decompression successful.\n")
-                            else:
-                                outfd.write("  Decompression failed.  Substituting zero page.\n")
-                                page = None
-                        else:
-                            # for uniformity, so len() will work in _read_addr_range()
-                            page = page[:]
-                            outfd.write("  Decompression successful.\n")
-
-        return page                        
-
-                                
     def render_text(self, outfd, data):
         common.set_plugin_members(self)
-        if not self._config.OUTPUTFILE:
-            debug.error("Please specify an OUTPUTFILE")
-        elif os.path.exists(self._config.OUTPUTFILE):
-            debug.error("Cowardly refusing to overwrite an existing file.")
+        if not self._config.DUMP_DIR:
+            debug.error("Please specify an output directory.")
+        elif not os.path.exists(self._config.DUMP_DIR):
+            debug.error("Please specify a directory that exists.")
                     
-        outfile = open(self._config.OUTPUTFILE, "wb+")
         map_address = self._config.MAP_ADDRESS
 
-        size = 0
-
         self.table_header(outfd, [("Pid", "8"), 
                           ("Name", "20"),
-                          ("Start", "#018x"),
-                          ("End", "#018x"),
-                          ("Perms", "9"),
-                          ("Map Name", "")])
-
-        # from osfmk/vm/vm_object.h.  compressor_object is the high level VM object.
-        self.compressor_object = obj.Object("vm_object", 
-                                       offset = self.addr_space.profile.get_symbol("_compressor_object_store"), 
-                                       vm = self.addr_space)
-        
-        # from osfmk/vm/vm_compressor.c.  c_segments is an array of c_segu objects, which track and store compressed pages.
-        # c_segment_count is current size of c_segments array.
-        self.c_segment_count = obj.Object("unsigned int", 
-                                          offset = self.addr_space.profile.get_symbol("_c_segment_count"), 
-                                          vm = self.addr_space)
-        
-        self.c_segments_ptr = obj.Object("Pointer", offset = self.addr_space.profile.get_symbol("_c_segments"),
-                                         vm = self.addr_space)
-        
-        self.c_segments = obj.Object("Array", targetType = "c_segu", count = self.c_segment_count, 
-                                     offset = self.c_segments_ptr, vm = self.addr_space)
-        
-        for proc, map in data:
-            self.table_row(outfd, 
-                           str(proc.p_pid), proc.p_comm, 
-                           map.links.start, 
-                           map.links.end, 
-                           map.get_perms(), 
-                           map.get_path())
+                          ("Map Name", "8"),
+                          ("Output Size", ""),
+                          ("Output Path", "")])
 
-            if (map.links.end - map.links.start) > self.MAXMAPSIZE:
-                outfd.write("Skipping suspiciously large map, smearing is suspected.  Adjust MAXMAPSIZE to override.\n")
+        for proc in data:
+            pas = proc.get_process_address_space()
+            if pas == None:
                 continue
-            if not map_address or map_address == map.links.start: 
-                for page in self._read_addr_range(outfd, proc, map):
-                    if not page is None:
-                        size += self.wkdm.PAGE_SIZE_IN_BYTES
-                        if not self._config.SKIP_WRITING:
-                            for k in range(0, self.wkdm.PAGE_SIZE_IN_WORDS):
-                                outfile.write(struct.pack('<i', page[k]))
-                    
-        outfile.close()
-        outfd.write("Wrote {0} bytes.\n".format(size))
-        if self._config.DECOMPRESS_SWAP:
-            outfd.write("{0} pages were successfully decompressed.\n".format(self.successful_decompressions))
-
 
-    def _read_addr_range(self, outfd, proc, map):
-        # read pages from the address space for a map and optionally decompress pages in compressed swap.
-        mapstart = map.links.start
-        mapoffset = map.offset
-        start = map.links.start
-        end = map.links.end
-
-        # set the as with our new dtb so we can read from userland
-        proc_as = proc.get_process_address_space()
-
-        while start < end:
-            rawpage = proc_as.read(start, self.wkdm.PAGE_SIZE_IN_BYTES)
-            # need a page-sized buffer of 32-bit words, because the decompressor
-            # expects that 
-
-            if isinstance(rawpage, obj.NoneObject) or rawpage is None:
-                # NoneObject encapsulates an error from read() on the
-                # address space--couldn't read a page, so fail and
-                # just substitute a page of zeros, below
-                page = None
-            else:
-                i=0
-                page = []
-                while i < self.wkdm.PAGE_SIZE_IN_WORDS:
-                    (intval,) = struct.unpack('<i', rawpage[i*4:i*4+4])
-                    page.append(intval)
-                    i += 1
-                    
-            if not page is None and self._config.ONLY_DECOMPRESSED_SWAP:
-                # only decompressed pages--don't yield pages that are present
-                page = None
-            elif page is None and not self._config.DECOMPRESS_SWAP and not self._config.ONLY_DECOMPRESSED_SWAP:
-                # page isn't present and not decompressing swap, which is the only other
-                # potential source of data for the page
-                page = [0] * self.wkdm.PAGE_SIZE_IN_WORDS
-            elif page is None:
-                # see if the page is in compressed swap--if so, decompress; otherwise,
-                # return a zero page like as.zread().  The location of the page in
-                # compressed swap is represented by a (seg,idx) tuple.  The address
-                # must be an offset from the beginning of the map
-                (seg, idx) = self.compressed_page_location(outfd, map, start - mapstart + mapoffset)
-                if seg is None or seg == 0:
-                    # page isn't owned by compressor
-                    if self._config.ONLY_DECOMPRESSED_SWAP:
-                        # don't yield anything for pages that can't be decompressed if only dumping
-                        # decompressed swap
-                        page = None
-                    else:
-                        page = [0] * self.wkdm.PAGE_SIZE_IN_WORDS
-                else:
-                    outfd.write("Trying to decompress page for address " + hex(start).rstrip("L") + " with segment, idx: " + str(seg) + ", " + str(idx) + "\n")
-                    page = self.decompress(outfd, seg, idx)
-                    if page is None:
-                        # decompression failed
-                        if self._config.ONLY_DECOMPRESSED_SWAP:
-                            # don't yield anything for pages that can't be decompressed
-                            page = None
-                        else:
-                            page = [0] * self.wkdm.PAGE_SIZE_IN_WORDS
-                    else:
-                        self.successful_decompressions += 1
+            pid = proc.p_pid
+            if pid == 0:
+                continue
+            
+            pname = str(proc.p_comm)
+
+            for map in proc.get_proc_maps():
+                start  = map.links.start.v()
+                end    = map.links.end.v()
+                length = end - start
+
+                if map_address != None and map_address != start:
+                    continue        
+
+                if length > self.MAXMAPSIZE:
+                    outfd.write("Skipping suspiciously large map, smearing is suspected.  Adjust MAXMAPSIZE to override.\n")
+                    continue
+                
+                fname = "%d.%#x.%#x.dmp" % (pid, start, end)
+                of_path = os.path.join(self._config.DUMP_DIR, fname)
+                outfile = open(of_path, "wb")
             
-            if not page is None:
-                # ugly, but don't try to pad pages deliberately set to None
-                pagelen = len(page)
-                if pagelen != self.wkdm.PAGE_SIZE_IN_WORDS:
-                    outfd.write("Page is wrong size: " + str(pagelen) + ". Extending to " + str(self.wkdm.PAGE_SIZE_IN_BYTES) + ".\n")
-                    page.extend([0] * (self.wkdm.PAGE_SIZE_IN_WORDS - pagelen))
+                written_size = 0
+
+                for addr in range(start, end, 4096):
+                    page = pas.zread(addr, 4096)
+                    outfile.write(page)
+                    written_size = written_size + 4096
 
-            yield page
-            start = start + self.wkdm.PAGE_SIZE_IN_BYTES
+                outfile.close()
 
+                self.table_row(outfd, 
+                           pid, 
+                           pname,
+                           map.get_path(),
+                           written_size,
+                           of_path)
 

From fa1c0b9da18720ddfa57937e1e60b74fffae3217 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 26 Mar 2020 12:13:35 -0500
Subject: [PATCH 292/304] Mac - handle smear in shadow walking

---
 volatility/plugins/overlays/mac/mac.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index dc112d49e..cd948cf07 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1595,8 +1595,11 @@ def get_vnode(self):
         # find_vnode_object
         vnode_object = map_obj.object.object() 
 
-        while vnode_object.shadow.dereference() != None:
+        seen = set()
+
+        while vnode_object.shadow.dereference() != None and vnode_object.v() not in seen:
             vnode_object = vnode_object.shadow.dereference()
+            seen.add(vnode_object.v())
 
         ops = vnode_object.pager.mo_pager_ops.v()
 

From 7c0e805f9a4aaaa75b043b349e33806a1abc1a57 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 22 Apr 2020 13:48:21 -0500
Subject: [PATCH 293/304] detect smear in bash artifact enumeration

---
 volatility/plugins/overlays/mac/mac.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index cd948cf07..3324c27bd 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -564,10 +564,15 @@ def bash_hash_entries(self):
                     
                     if htable.is_valid():
                         bucket_array = obj.Object(theType="Array", targetType=addr_type, offset = htable.bucket_array, vm = htable.nbuckets.obj_vm, count = 64)
+                        seen = set()
 
                         for bucket_ptr in bucket_array:
                             bucket = obj.Object(bucket_contents_type, offset = bucket_ptr, vm = htable.nbuckets.obj_vm)
                             while bucket != None and bucket.times_found > 0:  
+                                if bucket.v() in seen:
+                                    break
+                                seen.add(bucket.v())
+
                                 pdata = bucket.data 
 
                                 if pdata == None:

From 69e02431a64816122ac72bdd618c74497c09d220 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 22 Apr 2020 13:49:16 -0500
Subject: [PATCH 294/304] Mac - better filter for the main apps vnode

---
 volatility/plugins/overlays/mac/mac.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 3324c27bd..4084cecce 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1041,7 +1041,7 @@ def text_start(self):
             for map in self.get_proc_maps():
                 vnode = map.get_vnode()
 
-                if vnode and vnode != "sub_map" and vnode.v() == wanted_vnode:
+                if vnode and vnode != "sub_map" and vnode.v() == wanted_vnode and map.get_perms() == "r-x":
                     text_start = map.start.v()
                     break
 

From abd18c8a62d2e9c964236f7eadabf65191a41597 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 22 Apr 2020 13:55:19 -0500
Subject: [PATCH 295/304] Mac - provide proper symbol resolution when linkedit
 present

---
 volatility/plugins/overlays/mac/macho.py | 49 +++++++++++++++++-------
 1 file changed, 36 insertions(+), 13 deletions(-)

diff --git a/volatility/plugins/overlays/mac/macho.py b/volatility/plugins/overlays/mac/macho.py
index 46c08559c..1e65e60d7 100644
--- a/volatility/plugins/overlays/mac/macho.py
+++ b/volatility/plugins/overlays/mac/macho.py
@@ -281,16 +281,24 @@ def __init__(self, theType, offset, vm, name = None, **kwargs):
         self.cached_dysymtab = None
         self.cached_syms     = None
         self.load_diff       = 0
+        self.link_edit_bias    = 0
 
         macho.__init__(self, 1, "macho32_header", "macho64_header", theType, offset, vm, name, **kwargs)    
       
         if self.macho_obj:
-            self._build_symbol_caches()
             self.calc_load_diff()
+            self._calc_linkedit_bias()
+            self._build_symbol_caches()
 
     def is_valid(self):
         return self.macho_obj != None
 
+    def _calc_linkedit_bias(self):
+        for s in self.segments():
+            if str(s.segname) == "__LINKEDIT":
+                self.link_edit_bias = s.vmaddr - s.fileoff
+                break
+            
     def calc_load_diff(self):
         seg = None
 
@@ -314,7 +322,6 @@ def load_commands(self):
 
         # the load commands start after the header
         hdr_size = self.macho_obj.size()
-        
         if hdr_size == 0 or hdr_size > 100000000:
             return
 
@@ -358,16 +365,24 @@ def get_indirect_syms(self):
         tname = self._get_typename("nlist")
         obj_size = self.obj_vm.profile.get_obj_size(tname)  
 
+        indirect_table_addr = self.link_edit_bias + self.cached_dysymtab.indirectsymoff
+
+        if not self.obj_vm.is_valid_address(indirect_table_addr):
+            return syms
+
         cnt = self.cached_dysymtab.nindirectsyms 
         if cnt > 100000:
             cnt = 1024
- 
-        symtab_idxs = obj.Object(theType="Array", targetType="unsigned int", count=cnt, offset = self.obj_offset + self.cached_dysymtab.indirectsymoff, vm = self.obj_vm, parent = self)
+
+        symtab_idxs = obj.Object(theType="Array", targetType="unsigned int", count=cnt, 
+                                 offset = indirect_table_addr,
+                                 vm = self.obj_vm, parent = self)
 
         for idx in symtab_idxs:
             sym_addr = self.cached_symtab + (idx * obj_size)
             sym = obj.Object("macho_nlist", offset = sym_addr, vm = self.obj_vm, parent = self)
-            syms.append(sym)
+            if sym.is_valid():
+                syms.append(sym)
 
         return syms
 
@@ -376,10 +391,18 @@ def _get_symtab_syms(self, sym_command, symtab_addr):
         tname = self._get_typename("nlist")
         obj_size = self.obj_vm.profile.get_obj_size(tname)
 
-        for i in range(sym_command.nsyms):
+        if not self.obj_vm.is_valid_address(symtab_addr):
+            return syms
+
+        num_syms = sym_command.nsyms
+        if num_syms > 2000:
+            return syms
+
+        for i in range(num_syms):
             sym_addr = symtab_addr + (i * obj_size)            
             sym = obj.Object("macho_nlist", offset = sym_addr, vm = self.obj_vm, parent = self)
-            syms.append(sym)
+            if sym.is_valid():
+                syms.append(sym)
     
         return syms
 
@@ -391,16 +414,16 @@ def _build_symbol_caches(self):
             return
 
         symtab_command     = symtab_cmd.cast(symtab_struct_name)
-        str_strtab         = self.obj_offset + symtab_command.stroff
-        symtab_addr        = self.obj_offset + symtab_command.symoff
-      
+        str_strtab         = self.link_edit_bias + symtab_command.stroff
+        symtab_addr        = self.link_edit_bias + symtab_command.symoff
+     
         self.cached_syms = self._get_symtab_syms(symtab_command, symtab_addr)
-    
+   
         dysymtab_cmd     = self.load_command_of_type(0xb) # LC_DYSYMTAB
-        dystruct_name    = self._get_typename("dysymtab_command")
-        
         if dysymtab_cmd == None:
             return
+        
+        dystruct_name    = self._get_typename("dysymtab_command")
         dysymtab_command = dysymtab_cmd.cast(dystruct_name)
 
         self.cached_strtab   = str_strtab    

From a7671739d370f6ac5071a61eb62ea39694e3a6dd Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 23 Apr 2020 11:57:48 -0500
Subject: [PATCH 296/304] Mac - check file header address and dyld info address
 before processing them

---
 volatility/plugins/overlays/mac/mac.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/volatility/plugins/overlays/mac/mac.py b/volatility/plugins/overlays/mac/mac.py
index 4084cecce..c414d1594 100644
--- a/volatility/plugins/overlays/mac/mac.py
+++ b/volatility/plugins/overlays/mac/mac.py
@@ -1061,6 +1061,8 @@ def get_macho(self, exe_address):
         proc_as = self.get_process_address_space()
 
         m = obj.Object("macho_header", offset = exe_address, vm = proc_as)
+        if not m.is_valid():
+            return
 
         buffer = ""
 
@@ -1117,6 +1119,8 @@ def get_dyld_maps(self):
             return
 
         info_addr = struct.unpack(self.pack_fmt, info_buf)[0] 
+        if not proc_as.is_valid_address(info_addr):
+            return
 
         cnt = infos.infoArrayCount
         if cnt > 4096:

From 2e48f2dc07988c84023022006ac39ba4a17a8aee Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Wed, 13 May 2020 18:09:21 -0500
Subject: [PATCH 297/304] Add 64bit address printing to malfind

---
 volatility/plugins/malware/malfind.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/volatility/plugins/malware/malfind.py b/volatility/plugins/malware/malfind.py
index 6fa5113d0..585bab7ae 100644
--- a/volatility/plugins/malware/malfind.py
+++ b/volatility/plugins/malware/malfind.py
@@ -495,13 +495,13 @@ def render_text(self, outfd, data):
                             data_start = vad.Start + 0x1000                    
 
                 outfd.write("{0}\n".format("\n".join(
-                    ["{0:#010x}  {1:<48}  {2}".format(data_start + o, h, ''.join(c))
+                    ["{0:#018x}  {1:<48}  {2}".format(data_start + o, h, ''.join(c))
                     for o, h, c in utils.Hexdump(content)
                     ])))
 
                 outfd.write("\n")
                 outfd.write("\n".join(
-                    ["{0:#010x} {1:<16} {2}".format(o, h, i)
+                    ["{0:#018x} {1:<16} {2}".format(o, h, i)
                     for o, i, h in Disassemble(content, data_start)
                     ]))
 

From 7b3f52b66935879c625f72bfb3430d741fefc24b Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 28 May 2020 14:59:57 -0500
Subject: [PATCH 298/304] update dwarf parsing for missing DW_AT_byte_size

---
 volatility/dwarf.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/volatility/dwarf.py b/volatility/dwarf.py
index 89feb7131..84037dc53 100644
--- a/volatility/dwarf.py
+++ b/volatility/dwarf.py
@@ -195,14 +195,14 @@ def process_statement(self, kind, level, data, statement_id):
 
             # If it's just a forward declaration, we want the name around,
             # but there won't be a size
-            if 'DW_AT_declaration' not in data:
+            if 'DW_AT_declaration' not in data and 'DW_AT_byte_size' in data:
                 self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
 
         elif kind == 'DW_TAG_union_type':
             name = data.get('DW_AT_name', "__unnamed_%s" % statement_id).strip('"')
             self.name_stack[-1][1] = name
             self.id_to_name[statement_id] = [name]
-            if 'DW_AT_declaration' not in data:
+            if 'DW_AT_declaration' not in data and 'DW_AT_byte_size' in data:
                 self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
 
         elif kind == 'DW_TAG_array_type':
@@ -216,7 +216,7 @@ def process_statement(self, kind, level, data, statement_id):
 
             # If it's just a forward declaration, we want the name around,
             # but there won't be a size
-            if 'DW_AT_declaration' not in data:
+            if 'DW_AT_declaration' not in data and 'DW_AT_byte_size' in data:
                 sz = int(data['DW_AT_byte_size'], self.base)
                 self.enums[name] = [sz, {}]
 

From 5f685e56705611a589c689f374f5c5152eb57f86 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Thu, 28 May 2020 15:12:59 -0500
Subject: [PATCH 299/304] Second update to dwarf.py

---
 volatility/dwarf.py | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/volatility/dwarf.py b/volatility/dwarf.py
index 84037dc53..01164f861 100644
--- a/volatility/dwarf.py
+++ b/volatility/dwarf.py
@@ -195,15 +195,21 @@ def process_statement(self, kind, level, data, statement_id):
 
             # If it's just a forward declaration, we want the name around,
             # but there won't be a size
-            if 'DW_AT_declaration' not in data and 'DW_AT_byte_size' in data:
-                self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
+            if 'DW_AT_declaration' not in data:
+                if 'DW_AT_byte_size' in data:
+                    self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
+                else:
+                    self.vtypes[name] = [ 0, {} ]
 
         elif kind == 'DW_TAG_union_type':
             name = data.get('DW_AT_name', "__unnamed_%s" % statement_id).strip('"')
             self.name_stack[-1][1] = name
             self.id_to_name[statement_id] = [name]
-            if 'DW_AT_declaration' not in data and 'DW_AT_byte_size' in data:
-                self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
+            if 'DW_AT_declaration' not in data:
+                if 'DW_AT_byte_size' in data:
+                    self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
+                else:
+                    self.vtypes[name] = [ 0, {} ]
 
         elif kind == 'DW_TAG_array_type':
             self.name_stack[-1][1] = statement_id
@@ -216,8 +222,12 @@ def process_statement(self, kind, level, data, statement_id):
 
             # If it's just a forward declaration, we want the name around,
             # but there won't be a size
-            if 'DW_AT_declaration' not in data and 'DW_AT_byte_size' in data:
-                sz = int(data['DW_AT_byte_size'], self.base)
+            if 'DW_AT_declaration' not in data:
+                if 'DW_AT_byte_size' in data:
+                    sz = int(data['DW_AT_byte_size'], self.base)
+                else:
+                    sz = 0
+                
                 self.enums[name] = [sz, {}]
 
         elif kind == 'DW_TAG_pointer_type':

From a1f7d198b47cdd903999f97607d674dcfc79b386 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Sun, 16 Aug 2020 15:02:54 -0500
Subject: [PATCH 300/304] Remove unneeded translation override in the Lime
 address space

---
 volatility/plugins/addrspaces/lime.py | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/volatility/plugins/addrspaces/lime.py b/volatility/plugins/addrspaces/lime.py
index 9341e68b1..17b05e346 100644
--- a/volatility/plugins/addrspaces/lime.py
+++ b/volatility/plugins/addrspaces/lime.py
@@ -79,13 +79,3 @@ def parse_lime(self):
 
             header = obj.Object("lime_header", offset = offset, vm = self.base)
 
-    def translate(self, addr):
-        """Find the offset in the file where a memory address can be found.
-        @param addr: a memory address
-        """
-        firstram = self.runs[0][0]
-
-        if addr < firstram:
-            addr = firstram + addr
-
-        return addrspace.AbstractRunBasedMemory.translate(self, addr)

From 3076ca09d9a791c1ff69e3cee463c793e4f4d78e Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Sun, 16 Aug 2020 15:03:51 -0500
Subject: [PATCH 301/304] Add proper support for non-raw memory samples where
 the page at offset 0 is missing

---
 volatility/plugins/overlays/basic.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/overlays/basic.py b/volatility/plugins/overlays/basic.py
index 8328056c7..7225ce656 100644
--- a/volatility/plugins/overlays/basic.py
+++ b/volatility/plugins/overlays/basic.py
@@ -221,7 +221,7 @@ def generate_suggestions(self):
                                   vm = self.obj_vm)
                 if 'Idle\x00\x00\x00\x00\x00\x00\x00\x00' in proc.ImageFileName.v() and \
                     int(proc.UniqueProcessId) == 0 and \
-                    proc.Peb.v() == 0:
+                    proc.Peb.v() in [None, 0]:
 
                     yield proc.Pcb.DirectoryTableBase.v()
 

From 703b29be247c17f63c844590102495c19826ccec Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Sun, 16 Aug 2020 15:04:55 -0500
Subject: [PATCH 302/304] Linux - fix bug in file enumeration code

---
 volatility/plugins/linux/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/volatility/plugins/linux/common.py b/volatility/plugins/linux/common.py
index f714f249b..958fa12aa 100644
--- a/volatility/plugins/linux/common.py
+++ b/volatility/plugins/linux/common.py
@@ -144,7 +144,7 @@ def walk_internal_list(struct_name, list_member, list_start, addr_space = None):
         list_start = getattr(list_struct, list_member)
 
 # based on __d_path
-def do_get_path(dentry, rmnt, rdentry, vfsmnt):
+def do_get_path(rdentry, rmnt, dentry, vfsmnt):
     ret_path = []
 
     inode = dentry.d_inode

From bdb2b4d1c7474932d6be9fc2d83ad7aae6fc2f17 Mon Sep 17 00:00:00 2001
From: Dave Lassalle <dlassalle@volexity.com>
Date: Wed, 2 Dec 2020 13:51:18 -0600
Subject: [PATCH 303/304] add Win10 19041 support

---
 README.txt                                    |     4 +-
 volatility/plugins/bigpagepools.py            |    15 +-
 volatility/plugins/malware/svcscan.py         |    41 +
 volatility/plugins/malware/timers.py          |    14 +-
 volatility/plugins/overlays/windows/win10.py  |    28 +-
 .../windows/win10_x64_19041_vtypes.py         | 18018 ++++++++++++++++
 .../windows/win10_x86_19041_vtypes.py         | 16338 ++++++++++++++
 7 files changed, 34449 insertions(+), 9 deletions(-)
 create mode 100644 volatility/plugins/overlays/windows/win10_x64_19041_vtypes.py
 create mode 100644 volatility/plugins/overlays/windows/win10_x86_19041_vtypes.py

diff --git a/README.txt b/README.txt
index 9b51cbd93..dbd7ed62f 100644
--- a/README.txt
+++ b/README.txt
@@ -36,8 +36,8 @@ Windows:
 * 64-bit Windows 7 Service Pack 0 and 1
 * 64-bit Windows 8, 8.1, and 8.1 Update 1
 * 64-bit Windows Server 2012 and 2012 R2 
-* 64-bit Windows 10 (including at least 10.0.18362)
-* 64-bit Windows Server 2016 (including at least 10.0.18362)
+* 64-bit Windows 10 (including at least 10.0.19041)
+* 64-bit Windows Server 2016 (including at least 10.0.19041)
 
 Note: Please see the guidelines at the following link for notes on 
 compatibility with recently patched Windows 7 (or later) memory samples:
diff --git a/volatility/plugins/bigpagepools.py b/volatility/plugins/bigpagepools.py
index a4480b6cc..00755da32 100644
--- a/volatility/plugins/bigpagepools.py
+++ b/volatility/plugins/bigpagepools.py
@@ -31,6 +31,8 @@ class PoolTrackTypeOverlay(obj.ProfileModification):
 
     # This ensures _POOL_DESCRIPTOR will be available, 
     # so we can copy the PoolType enumeration
+    # Win10 19041 (May 2020) removed _POOL_DESCRIPTOR, so switch to
+    # _OBJECT_TYPE_INITIALIZER instead
     before = ['WindowsVTypes']
 
     # PoolType didn't exist until Vista 
@@ -38,9 +40,18 @@ class PoolTrackTypeOverlay(obj.ProfileModification):
         'major': lambda x : x >= 6}
 
     def modification(self, profile):
+        minor = profile.metadata.get("minor", 0)
+        build = profile.metadata.get("build", 0)
+
+        if minor < 4 or (minor == 4 and build < 19041):
+            pool_type_name = "_POOL_DESCRIPTOR"
+        else:
+            pool_type_name = "_OBJECT_TYPE_INITIALIZER"
+
+
         profile.merge_overlay({
             '_POOL_TRACKER_BIG_PAGES': [ None, {
-            'PoolType': [ None, profile.vtypes['_POOL_DESCRIPTOR'][1]['PoolType'][1]],
+            'PoolType': [ None, profile.vtypes[pool_type_name][1]['PoolType'][1]],
             'Key': [ None, ['String', dict(length = 4)]], 
              }],
         })
@@ -68,7 +79,7 @@ def modification(self, profile):
             (6, 2, '32bit') : [[92, 88]],
             (6, 2, '64bit') : [[-5200, -5224]], 
             (6, 3, '32bit') : [[116, 120]],
-            (6, 4, '64bit') : [[-48, -10328], [208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200], [40, 32], [-5200, -5208], [64, 24], [-10328, -10320], [32, 40], [-56, -64], [-10312, -10320], [24, 64], [-10304, -10344], [-64, -72], [-10328, -10336], [40, 48], [10304, 10296], [10304, 16], [-5192, -5184], [10320, 10312], [-64, -56], [-40, -64], [-10320, -10344], [-48, -72], [-72, -64], [-10304, -10328], [-56, -48], [-5224, -5216], [-10336, -10312], [-5168, -5208], [10304, 24], [10288, 24], [32, 72], [10336, 10328]],
+            (6, 4, '64bit') : [[-72, -64], [-48, -10328], [208, 184], [168, 192], [176, 168], [48, 40], [32, 24], [24, 48], [56, 32], [-56, -10328], [24, 32], [-10344, -10336], [-10328, -10288], [-48, -10344], [-5208, -5200], [-188, -200], [40, 32], [-5200, -5208], [64, 24], [-10328, -10320], [32, 40], [-56, -64], [-10312, -10320], [24, 64], [-10304, -10344], [-64, -72], [-10328, -10336], [40, 48], [10304, 10296], [10304, 16], [-5192, -5184], [10320, 10312], [-64, -56], [-40, -64], [-10320, -10344], [-48, -72], [-72, -64], [-10304, -10328], [-56, -48], [-5224, -5216], [-10336, -10312], [-5168, -5208], [10304, 24], [10288, 24], [32, 72], [10336, 10328], [-56, -10344], [-10352, -10344]],
             (6, 4, '32bit') : [[-168, -164], [-160, -172]],
         }
 
diff --git a/volatility/plugins/malware/svcscan.py b/volatility/plugins/malware/svcscan.py
index 3d44cdb62..5f84d1683 100644
--- a/volatility/plugins/malware/svcscan.py
+++ b/volatility/plugins/malware/svcscan.py
@@ -370,6 +370,25 @@ def modification(self, profile):
             } ],
         })
 
+class Service10_19041x64(obj.ProfileModification):
+    """Service structures for Win10 19041 (May 2020)"""
+
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x64',
+              'Service10_15063x64', 'Service10_16299x64', 'Service10_18362x64']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x >= 19041,
+                  'memory_model': lambda x: x == '64bit'}
+
+    def modification(self, profile):
+        profile.merge_overlay({
+            '_SERVICE_RECORD' : [ None, {
+            'DriverName' : [ 0x128, ['pointer', ['String', dict(encoding = 'utf16', length = 256)]]],
+            'ServiceProcess' : [ 0x128, ['pointer', ['_SERVICE_PROCESS']]],
+            } ],
+        })
+
 class Service8x86(obj.ProfileModification):
     """Service structures for Win8/8.1 32-bit"""
 
@@ -495,6 +514,28 @@ def modification(self, profile):
             } ],
         })
 
+class Service10_19041x86(obj.ProfileModification):
+    """Service structures for Win10 19041 (May 2020)"""
+
+    before = ['WindowsOverlay', 'WindowsObjectClasses', 'ServiceBase', 'ServiceVista', 'Service8x86',
+              'Service10_15063x86', 'Service10_16299x86', 'Service10_17763x86', 'Service10_18362x86']
+    conditions = {'os': lambda x: x == 'windows',
+                  'major': lambda x: x == 6,
+                  'minor': lambda x: x == 4,
+                  'build': lambda x: x >= 19041,
+                  'memory_model': lambda x: x == '32bit'}
+
+    def modification(self, profile):
+        profile.merge_overlay({
+            '_SERVICE_HEADER' : [ None, {
+            'ServiceRecord': [0x10, ['pointer', ['_SERVICE_RECORD']]],
+            }],
+            '_SERVICE_RECORD': [None, {
+            'DriverName': [0xc0, ['pointer', ['String', dict(encoding='utf16', length=256)]]],
+            'ServiceProcess': [0xc0, ['pointer', ['_SERVICE_PROCESS']]],
+            }],
+        })
+
 #--------------------------------------------------------------------------------
 # svcscan plugin 
 #--------------------------------------------------------------------------------
diff --git a/volatility/plugins/malware/timers.py b/volatility/plugins/malware/timers.py
index 8829ae08c..c317d6ae0 100644
--- a/volatility/plugins/malware/timers.py
+++ b/volatility/plugins/malware/timers.py
@@ -212,9 +212,17 @@ def calculate(self):
             # at _KPCR.PrcbData.TimerTable.TimerEntries (credits to Matt Suiche
             # for this one. See http://pastebin.com/FiRsGW3f).
             for kpcr in tasks.get_kdbg(addr_space).kpcrs():
-                for table in kpcr.ProcessorBlock.TimerTable.TimerEntries:
-                    for t in table.Entry.list_of_type("_KTIMER", "TimerListEntry"):
-                        timers.append(t)
+                # Starting with Win10 19041, there is another level of arrays holding the TimerListEntry items,
+                # along with a new TableState member in _KTIMER_TABLE
+                if hasattr(kpcr.ProcessorBlock.TimerTable, "TableState"):
+                    for table in kpcr.ProcessorBlock.TimerTable.TimerEntries:
+                        for table_entry in table:
+                            for t in table_entry.Entry.list_of_type("_KTIMER", "TimerListEntry"):
+                                timers.append(t)
+                else:
+                    for table in kpcr.ProcessorBlock.TimerTable.TimerEntries:
+                        for t in table.Entry.list_of_type("_KTIMER", "TimerListEntry"):
+                            timers.append(t)
 
         for timer in timers:
 
diff --git a/volatility/plugins/overlays/windows/win10.py b/volatility/plugins/overlays/windows/win10.py
index dfa6a21c9..2b869735f 100644
--- a/volatility/plugins/overlays/windows/win10.py
+++ b/volatility/plugins/overlays/windows/win10.py
@@ -88,7 +88,9 @@ class Win10x64DTB(obj.ProfileModification):
     def modification(self, profile):
         build = profile.metadata.get("build", 0)
 
-        if build >= 18362:
+        if build >= 19041:
+            signature = "\x03\x00\x00\x00"
+        elif build >= 18362:
             signature = "\x03\x00\xb8\x00"
         else:
             signature = "\x03\x00\xb6\x00"
@@ -111,7 +113,9 @@ class Win10x86DTB(obj.ProfileModification):
     def modification(self, profile):
         build = profile.metadata.get("build", 0)
 
-        if build >= 15063:
+        if build >= 19041:
+            signature = "\x03\x00\x00\x00"
+        elif build >= 15063:
             signature = "\x03\x00\x2C\x00"
         else:
             signature = "\x03\x00\x2A\x00"
@@ -1072,6 +1076,16 @@ class Win10x86_18362(obj.Profile):
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_18362_vtypes'
     _md_product = ["NtProductWinNt"]
 
+class Win10x86_19041(obj.Profile):
+    """ A Profile for Windows 10 x86 (10.0.19041.0 / 2020-04-17) """
+    _md_memory_model = '32bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 19041
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x86_19041_vtypes'
+    _md_product = ["NtProductWinNt"]
+
 class Win10x64_15063(obj.Profile):
     """ A Profile for Windows 10 x64 (10.0.15063.0 / 2017-04-04) """
     _md_memory_model = '64bit'
@@ -1120,4 +1134,14 @@ class Win10x64_18362(obj.Profile):
     _md_minor = 4
     _md_build = 18362
     _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_18362_vtypes'
+    _md_product = ["NtProductWinNt"]
+
+class Win10x64_19041(obj.Profile):
+    """ A Profile for Windows 10 x64 (10.0.19041.0 / 2020-04-17) """
+    _md_memory_model = '64bit'
+    _md_os = 'windows'
+    _md_major = 6
+    _md_minor = 4
+    _md_build = 19041
+    _md_vtype_module = 'volatility.plugins.overlays.windows.win10_x64_19041_vtypes'
     _md_product = ["NtProductWinNt"]
\ No newline at end of file
diff --git a/volatility/plugins/overlays/windows/win10_x64_19041_vtypes.py b/volatility/plugins/overlays/windows/win10_x64_19041_vtypes.py
new file mode 100644
index 000000000..f4bcc03b1
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x64_19041_vtypes.py
@@ -0,0 +1,18018 @@
+ntkrnlmp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_LIST_ENTRY' : [ 0x10, {
+    'Flink' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_UNICODE_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_STRING' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_RTL_QUERY_REGISTRY_TABLE' : [ 0x38, {
+    'QueryRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Name' : [ 0x10, ['pointer64', ['wchar']]],
+    'EntryContext' : [ 0x18, ['pointer64', ['void']]],
+    'DefaultType' : [ 0x20, ['unsigned long']],
+    'DefaultData' : [ 0x28, ['pointer64', ['void']]],
+    'DefaultLength' : [ 0x30, ['unsigned long']],
+} ],
+  '__unnamed_108e' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_108e']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_1093' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_1093']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RTL_BITMAP' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long']]],
+} ],
+  '_KFLOATING_SAVE' : [ 0x4, {
+    'Dummy' : [ 0x0, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_FAST_MUTEX' : [ 0x38, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Contention' : [ 0x10, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'OldIrql' : [ 0x30, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x60, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_SLIST_ENTRY' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '__unnamed_10db' : [ 0x10, {
+    'Depth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SLIST_HEADER' : [ 0x10, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Region' : [ 0x8, ['unsigned long long']],
+    'HeaderX64' : [ 0x0, ['__unnamed_10db']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0x80, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x20, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Parameter' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteContext' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '__unnamed_111b' : [ 0x8, {
+    'MasterIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1122' : [ 0x10, {
+    'UserApcRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UserApcContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1124' : [ 0x10, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_1122']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1131' : [ 0x50, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '__unnamed_1134' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_1131']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_111b']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_1124']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_1134']],
+} ],
+  '__unnamed_113b' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'FileAttributes' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'EaLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_113f' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_1143' : [ 0x20, {
+    'SecurityContext' : [ 0x0, ['pointer64', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned short']],
+    'ShareAccess' : [ 0x12, ['unsigned short']],
+    'Parameters' : [ 0x18, ['pointer64', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_1145' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1149' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_114b' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_114f' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x8, ['unsigned long']],
+    'DirectoryNotifyInformationClass' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'DirectoryNotifyInformation', 2: u'DirectoryNotifyExtendedInformation'})]],
+} ],
+  '__unnamed_1151' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_1153' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0x18, ['unsigned char']],
+    'AdvanceOnly' : [ 0x19, ['unsigned char']],
+    'ClusterCount' : [ 0x18, ['unsigned long']],
+    'DeleteHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1155' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x8, ['pointer64', ['void']]],
+    'EaListLength' : [ 0x10, ['unsigned long']],
+    'EaIndex' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1157' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_115b' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsFullSizeInformationEx', 15: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_115d' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'FsControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1160' : [ 0x18, {
+    'Length' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x8, ['unsigned long']],
+    'ByteOffset' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1162' : [ 0x20, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x8, ['unsigned long']],
+    'IoControlCode' : [ 0x10, ['unsigned long']],
+    'Type3InputBuffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1164' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1166' : [ 0x10, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_116a' : [ 0x10, {
+    'Vpb' : [ 0x0, ['pointer64', ['_VPB']]],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_116e' : [ 0x8, {
+    'Srb' : [ 0x0, ['pointer64', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1172' : [ 0x20, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x8, ['pointer64', ['void']]],
+    'SidList' : [ 0x10, ['pointer64', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1176' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_117d' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['pointer64', ['_GUID']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Version' : [ 0xa, ['unsigned short']],
+    'Interface' : [ 0x10, ['pointer64', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1181' : [ 0x8, {
+    'Capabilities' : [ 0x0, ['pointer64', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1185' : [ 0x8, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1187' : [ 0x20, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x8, ['pointer64', ['void']]],
+    'Offset' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1189' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_118d' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_1191' : [ 0x10, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1196' : [ 0x10, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay', 6: u'DeviceUsageTypeGuestAssigned'})]],
+} ],
+  '__unnamed_119a' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_119e' : [ 0x8, {
+    'PowerSequence' : [ 0x0, ['pointer64', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_11a6' : [ 0x20, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x10, ['_POWER_STATE']],
+    'ShutdownType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_11aa' : [ 0x10, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_11ac' : [ 0x20, {
+    'ProviderId' : [ 0x0, ['unsigned long long']],
+    'DataPath' : [ 0x8, ['pointer64', ['void']]],
+    'BufferSize' : [ 0x10, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_11ae' : [ 0x20, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '__unnamed_11b0' : [ 0x20, {
+    'Create' : [ 0x0, ['__unnamed_113b']],
+    'CreatePipe' : [ 0x0, ['__unnamed_113f']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_1143']],
+    'Read' : [ 0x0, ['__unnamed_1145']],
+    'Write' : [ 0x0, ['__unnamed_1145']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_1149']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_114b']],
+    'NotifyDirectoryEx' : [ 0x0, ['__unnamed_114f']],
+    'QueryFile' : [ 0x0, ['__unnamed_1151']],
+    'SetFile' : [ 0x0, ['__unnamed_1153']],
+    'QueryEa' : [ 0x0, ['__unnamed_1155']],
+    'SetEa' : [ 0x0, ['__unnamed_1157']],
+    'QueryVolume' : [ 0x0, ['__unnamed_115b']],
+    'SetVolume' : [ 0x0, ['__unnamed_115b']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_115d']],
+    'LockControl' : [ 0x0, ['__unnamed_1160']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1162']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1164']],
+    'SetSecurity' : [ 0x0, ['__unnamed_1166']],
+    'MountVolume' : [ 0x0, ['__unnamed_116a']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_116a']],
+    'Scsi' : [ 0x0, ['__unnamed_116e']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1172']],
+    'SetQuota' : [ 0x0, ['__unnamed_1157']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1176']],
+    'QueryInterface' : [ 0x0, ['__unnamed_117d']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_1181']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1185']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1187']],
+    'SetLock' : [ 0x0, ['__unnamed_1189']],
+    'QueryId' : [ 0x0, ['__unnamed_118d']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_1191']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1196']],
+    'WaitWake' : [ 0x0, ['__unnamed_119a']],
+    'PowerSequence' : [ 0x0, ['__unnamed_119e']],
+    'Power' : [ 0x0, ['__unnamed_11a6']],
+    'StartDevice' : [ 0x0, ['__unnamed_11aa']],
+    'WMI' : [ 0x0, ['__unnamed_11ac']],
+    'Others' : [ 0x0, ['__unnamed_11ae']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x48, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x8, ['__unnamed_11b0']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x30, ['pointer64', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '__unnamed_11c7' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer64', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'Timer' : [ 0x28, ['pointer64', ['_IO_TIMER']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'Characteristics' : [ 0x34, ['unsigned long']],
+    'Vpb' : [ 0x38, ['pointer64', ['_VPB']]],
+    'DeviceExtension' : [ 0x40, ['pointer64', ['void']]],
+    'DeviceType' : [ 0x48, ['unsigned long']],
+    'StackSize' : [ 0x4c, ['unsigned char']],
+    'Queue' : [ 0x50, ['__unnamed_11c7']],
+    'AlignmentRequirement' : [ 0x98, ['unsigned long']],
+    'DeviceQueue' : [ 0xa0, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0xc8, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x108, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x110, ['pointer64', ['void']]],
+    'DeviceLock' : [ 0x118, ['_KEVENT']],
+    'SectorSize' : [ 0x130, ['unsigned short']],
+    'Spare1' : [ 0x132, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0x138, ['pointer64', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0x140, ['pointer64', ['void']]],
+} ],
+  '_KDPC' : [ 0x40, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x10, ['unsigned long long']],
+    'DeferredRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeferredContext' : [ 0x20, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x28, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x30, ['pointer64', ['void']]],
+    'DpcData' : [ 0x38, ['pointer64', ['void']]],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0x18, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0x18, {
+    'ChainHead' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0x18, ['pointer64', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x28, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_CUSTOM_SYSTEM_EVENT_TRIGGER_CONFIG' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'TriggerId' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_KPCR' : [ 0x178, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x28, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x8, ['pointer64', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x10, ['pointer64', ['void']]],
+    'TxnParameters' : [ 0x18, ['pointer64', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x20, ['pointer64', ['_EJOB']]],
+} ],
+  '__unnamed_123f' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+    'DeviceDriverDescriptor' : [ 0x0, ['_WHEA_DEVICE_DRIVER_DESCRIPTOR']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted', 3: u'WheaErrSrcStateRemoved', 4: u'WheaErrSrcStateRemovePending'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_123f']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY' : [ 0x20, {
+    'Header' : [ 0x0, ['_WHEA_EVENT_LOG_ENTRY_HEADER']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_FLAGS' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LogInternalEtw' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LogBlackbox' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LogSel' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RawSel' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'NoFormat' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Driver' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric', 7: u'WheaErrTypePmem'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_RTL_RB_TREE' : [ 0x10, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0x18, {
+    'Children' : [ 0x0, ['array', 2, ['pointer64', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x8, ['pointer64', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x10, ['unsigned long long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer64', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_KPRCB' : [ 0x700, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IdleState' : [ 0x23, ['unsigned char']],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'CpuType' : [ 0x40, ['unsigned char']],
+    'CpuID' : [ 0x41, ['unsigned char']],
+    'CpuStep' : [ 0x42, ['unsigned short']],
+    'CpuStepping' : [ 0x42, ['unsigned char']],
+    'CpuModel' : [ 0x43, ['unsigned char']],
+    'MHz' : [ 0x44, ['unsigned long']],
+    'HalReserved' : [ 0x48, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x88, ['unsigned short']],
+    'MajorVersion' : [ 0x8a, ['unsigned short']],
+    'BuildType' : [ 0x8c, ['unsigned char']],
+    'CpuVendor' : [ 0x8d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x8e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x8f, ['unsigned char']],
+    'TscFrequency' : [ 0x90, ['unsigned long long']],
+    'PrcbPad04' : [ 0x98, ['array', 5, ['unsigned long long']]],
+    'ParentNode' : [ 0xc0, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0xc8, ['unsigned long long']],
+    'Group' : [ 0xd0, ['unsigned char']],
+    'GroupIndex' : [ 0xd1, ['unsigned char']],
+    'PrcbPad05' : [ 0xd2, ['array', 2, ['unsigned char']]],
+    'InitialApicId' : [ 0xd4, ['unsigned long']],
+    'ScbOffset' : [ 0xd8, ['unsigned long']],
+    'ApicMask' : [ 0xdc, ['unsigned long']],
+    'AcpiReserved' : [ 0xe0, ['pointer64', ['void']]],
+    'CFlushSize' : [ 0xe8, ['unsigned long']],
+    'PrcbPad11' : [ 0xf0, ['array', 2, ['unsigned long long']]],
+    'ProcessorState' : [ 0x100, ['_KPROCESSOR_STATE']],
+    'ExtendedSupervisorState' : [ 0x6c0, ['pointer64', ['_XSAVE_AREA_HEADER']]],
+    'ProcessorSignature' : [ 0x6c8, ['unsigned long']],
+    'ProcessorFlags' : [ 0x6cc, ['unsigned long']],
+    'PrcbPad12a' : [ 0x6d0, ['unsigned long long']],
+    'PrcbPad12' : [ 0x6d8, ['array', 3, ['unsigned long long']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_HALP_ALLOC_CONTEXT' : [ 0x18, {
+    'BufferList' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MCUPDATE_INFO' : [ 0x30, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'Status' : [ 0x10, ['unsigned long']],
+    'Id' : [ 0x18, ['unsigned long long']],
+    'VendorScratch' : [ 0x20, ['array', 2, ['unsigned long long']]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'SoftwareWsIndex' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DEVPROPKEY' : [ 0x14, {
+    'fmtid' : [ 0x0, ['_GUID']],
+    'pid' : [ 0x10, ['unsigned long']],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x20, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ChildOfVgaEnabledBridge' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DecodeIoOnBoot' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_WHEA_XPF_PROCESSOR_ERROR_SECTION' : [ 0x41, {
+    'ValidBits' : [ 0x0, ['_WHEA_XPF_PROCESSOR_ERROR_SECTION_VALIDBITS']],
+    'LocalAPICId' : [ 0x8, ['unsigned long long']],
+    'CpuId' : [ 0x10, ['array', 48, ['unsigned char']]],
+    'VariableInfo' : [ 0x40, ['array', 1, ['unsigned char']]],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_SECONDARY_INTERRUPT_LINE_STATE' : [ 0x10, {
+    'Polarity' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Vector' : [ 0x8, ['unsigned long']],
+    'Unmasked' : [ 0xc, ['unsigned char']],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_WHEA_XPF_PROCESSOR_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'LocalAPICId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'CpuId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'ProcInfoCount' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned long long')]],
+    'ContextInfoCount' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_APIC_DATA' : [ 0x30, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long long']],
+    'Identifier' : [ 0x8, ['unsigned long']],
+    'BaseAddress' : [ 0x10, ['pointer64', ['_IO_APIC_REGISTERS']]],
+    'Version' : [ 0x18, ['unsigned char']],
+    'PinCount' : [ 0x19, ['unsigned char']],
+    'Initialized' : [ 0x1a, ['unsigned char']],
+    'InitializedFirstLocalUnit' : [ 0x1b, ['unsigned char']],
+    'GsiBase' : [ 0x1c, ['unsigned long']],
+    'CmciRegister' : [ 0x20, ['unsigned long']],
+    'DeferredErrorRegister' : [ 0x24, ['unsigned long']],
+    'IoUnitMissing' : [ 0x28, ['unsigned char']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_REGISTERED_INTERRUPT_CONTROLLER' : [ 0x160, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'InternalData' : [ 0x10, ['pointer64', ['void']]],
+    'InternalDataSize' : [ 0x18, ['unsigned long']],
+    'FunctionTable' : [ 0x20, ['_INTERRUPT_FUNCTION_TABLE']],
+    'KnownType' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptControllerInvalid', 1: u'InterruptControllerPic', 2: u'InterruptControllerApic', 3: u'InterruptControllerGic', 4: u'InterruptControllerGicV3', 5: u'InterruptControllerGicV4', 6: u'InterruptControllerBcm', 4096: u'InterruptControllerUnknown'})]],
+    'Capabilities' : [ 0xdc, ['unsigned long']],
+    'Flags' : [ 0xe0, ['unsigned long']],
+    'MaxPriority' : [ 0xe4, ['unsigned long']],
+    'UnitId' : [ 0xe8, ['unsigned long']],
+    'LinesHead' : [ 0xf0, ['_LIST_ENTRY']],
+    'OutputLinesHead' : [ 0x100, ['_LIST_ENTRY']],
+    'MinLine' : [ 0x110, ['long']],
+    'MaxLine' : [ 0x114, ['long']],
+    'MaxClusterSize' : [ 0x118, ['unsigned long']],
+    'MaxClusters' : [ 0x11c, ['unsigned long']],
+    'InterruptReplayDataSize' : [ 0x120, ['unsigned long']],
+    'Problem' : [ 0x124, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptProblemNone', 1: u'InterruptProblemMadtParsingFailure', 2: u'InterruptProblemNoControllersFound', 3: u'InterruptProblemFailedDiscovery', 4: u'InterruptProblemInitializeLocalUnitFailed', 5: u'InterruptProblemInitializeIoUnitFailed', 6: u'InterruptProblemSetLogicalIdFailed', 7: u'InterruptProblemSetLineStateFailed', 8: u'InterruptProblemGenerateMessageFailed', 9: u'InterruptProblemConvertIdFailed', 10: u'InterruptProblemCmciSetupFailed', 11: u'InterruptProblemQueryMaxProcessorsCalledTooEarly', 12: u'InterruptProblemProcessorReset', 13: u'InterruptProblemStartProcessorFailed', 14: u'InterruptProblemProcessorNotAlive', 15: u'InterruptProblemLowerIrqlViolation', 16: u'InterruptProblemInvalidIrql', 17: u'InterruptProblemNoSuchController', 18: u'InterruptProblemNoSuchLines', 19: u'InterruptProblemBadConnectionData', 20: u'InterruptProblemBadRoutingData', 21: u'InterruptProblemInvalidProcessor', 22: u'InterruptProblemFailedToAttainTarget', 23: u'InterruptProblemUnsupportedWiringConfiguration', 24: u'InterruptProblemSpareAlreadyStarted', 25: u'InterruptProblemClusterNotFullyReplaced', 26: u'InterruptProblemNewClusterAlreadyActive', 27: u'InterruptProblemNewClusterTooLarge', 28: u'InterruptProblemCannotHardwareQuiesce', 29: u'InterruptProblemIpiDestinationUpdateFailed', 30: u'InterruptProblemNoMemory', 31: u'InterruptProblemNoIrtEntries', 32: u'InterruptProblemConnectionDataBaitAndSwitch', 33: u'InterruptProblemInvalidLogicalFlatId', 34: u'InterruptProblemDeinitializeLocalUnitFailed', 35: u'InterruptProblemDeinitializeIoUnitFailed', 36: u'InterruptProblemMismatchedThermalLvtIsr', 37: u'InterruptProblemHvRetargetFailed', 38: u'InterruptProblemDeferredErrorSetupFailed'})]],
+    'ProblemStatus' : [ 0x128, ['long']],
+    'ProblemSourceFile' : [ 0x130, ['pointer64', ['unsigned char']]],
+    'ProblemSourceLine' : [ 0x138, ['unsigned long']],
+    'CustomProblem' : [ 0x13c, ['unsigned long']],
+    'CustomProblemStatus' : [ 0x140, ['long']],
+    'ResourceId' : [ 0x148, ['_UNICODE_STRING']],
+    'PowerHandle' : [ 0x158, ['pointer64', ['POHANDLE__']]],
+} ],
+  '__unnamed_136d' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_136f' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_136d']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_136f']],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_FILE_OBJECT' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x10, ['pointer64', ['_VPB']]],
+    'FsContext' : [ 0x18, ['pointer64', ['void']]],
+    'FsContext2' : [ 0x20, ['pointer64', ['void']]],
+    'SectionObjectPointer' : [ 0x28, ['pointer64', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x30, ['pointer64', ['void']]],
+    'FinalStatus' : [ 0x38, ['long']],
+    'RelatedFileObject' : [ 0x40, ['pointer64', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x48, ['unsigned char']],
+    'DeletePending' : [ 0x49, ['unsigned char']],
+    'ReadAccess' : [ 0x4a, ['unsigned char']],
+    'WriteAccess' : [ 0x4b, ['unsigned char']],
+    'DeleteAccess' : [ 0x4c, ['unsigned char']],
+    'SharedRead' : [ 0x4d, ['unsigned char']],
+    'SharedWrite' : [ 0x4e, ['unsigned char']],
+    'SharedDelete' : [ 0x4f, ['unsigned char']],
+    'Flags' : [ 0x50, ['unsigned long']],
+    'FileName' : [ 0x58, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x70, ['unsigned long']],
+    'Busy' : [ 0x74, ['unsigned long']],
+    'LastLock' : [ 0x78, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['_KEVENT']],
+    'Event' : [ 0x98, ['_KEVENT']],
+    'CompletionContext' : [ 0xb0, ['pointer64', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0xb8, ['unsigned long long']],
+    'IrpList' : [ 0xc0, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0xd0, ['pointer64', ['void']]],
+} ],
+  '_PROCLOCALSAPIC' : [ 0x11, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'ACPIProcessorID' : [ 0x2, ['unsigned char']],
+    'APICID' : [ 0x3, ['unsigned char']],
+    'APICEID' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['array', 3, ['unsigned char']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'ACPIProcessorUIDInteger' : [ 0xc, ['unsigned long']],
+    'ACPIProcessorUIDString' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x60, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'AllocateHits' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'FreeHits' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x28, ['unsigned long']],
+    'Size' : [ 0x2c, ['unsigned long']],
+    'AllocateEx' : [ 0x30, ['pointer64', ['void']]],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'FreeEx' : [ 0x38, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'ListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x50, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x54, ['unsigned long']],
+    'LastAllocateHits' : [ 0x54, ['unsigned long']],
+    'Future' : [ 0x58, ['array', 2, ['unsigned long']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x18, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SchedulerAssist' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ThreadReservedControlFlags' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'ActiveDR7' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Instrumented' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Minimal' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Reserved4' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'AltSyscall' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UmsScheduled' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'UmsPrimary' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x48, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x10, ['unsigned long']],
+    'SyncCallback' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0x14, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x14, ['BitField', dict(start_bit = 3, end_bit = 12, native_type='unsigned long')]],
+    'NumberOfRemapPages' : [ 0x14, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'DeviceContext' : [ 0x20, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0x28, ['unsigned long']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentIrp' : [ 0x38, ['pointer64', ['void']]],
+    'BufferChainingDpc' : [ 0x40, ['pointer64', ['_KDPC']]],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_GEN_ADDR' : [ 0xc, {
+    'AddressSpaceID' : [ 0x0, ['unsigned char']],
+    'BitWidth' : [ 0x1, ['unsigned char']],
+    'BitOffset' : [ 0x2, ['unsigned char']],
+    'AccessSize' : [ 0x3, ['unsigned char']],
+    'Address' : [ 0x4, ['_LARGE_INTEGER']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x10, {
+    'Port' : [ 0x0, ['pointer64', ['void']]],
+    'Key' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x10, ['unsigned long']],
+    'Dope' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x20, ['unsigned long']],
+    'DeviceNode' : [ 0x28, ['pointer64', ['void']]],
+    'AttachedTo' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x38, ['long']],
+    'StartIoKey' : [ 0x3c, ['long']],
+    'StartIoFlags' : [ 0x40, ['unsigned long']],
+    'Vpb' : [ 0x48, ['pointer64', ['_VPB']]],
+    'DependencyNode' : [ 0x50, ['pointer64', ['void']]],
+    'InterruptContext' : [ 0x58, ['pointer64', ['void']]],
+    'InterruptCount' : [ 0x60, ['long']],
+    'VerifierContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x28, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Busy' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='long long')]],
+    'Hint' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_13b8' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHigh' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_13c0' : [ 0x4, {
+    'BaseMiddle' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Present' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHigh' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'System' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'LongMode' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DefaultBig' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHigh' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KGDTENTRY64' : [ 0x10, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'Bytes' : [ 0x4, ['__unnamed_13b8']],
+    'Bits' : [ 0x4, ['__unnamed_13c0']],
+    'BaseUpper' : [ 0x8, ['unsigned long']],
+    'MustBeZero' : [ 0xc, ['unsigned long']],
+    'DataLow' : [ 0x0, ['long long']],
+    'DataHigh' : [ 0x8, ['long long']],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '_WHEA_XPF_MCA_SECTION' : [ 0x110, {
+    'VersionNumber' : [ 0x0, ['unsigned long']],
+    'CpuVendor' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'WheaCpuVendorOther', 1: u'WheaCpuVendorIntel', 2: u'WheaCpuVendorAmd'})]],
+    'Timestamp' : [ 0x8, ['_LARGE_INTEGER']],
+    'ProcessorNumber' : [ 0x10, ['unsigned long']],
+    'GlobalStatus' : [ 0x14, ['_MCG_STATUS']],
+    'InstructionPointer' : [ 0x1c, ['unsigned long long']],
+    'BankNumber' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['_MCI_STATUS']],
+    'Address' : [ 0x30, ['unsigned long long']],
+    'Misc' : [ 0x38, ['unsigned long long']],
+    'ExtendedRegisterCount' : [ 0x40, ['unsigned long']],
+    'ApicId' : [ 0x44, ['unsigned long']],
+    'ExtendedRegisters' : [ 0x48, ['array', 24, ['unsigned long long']]],
+    'AMDExtendedRegisters' : [ 0x48, ['_WHEA_AMD_EXTENDED_REGISTERS']],
+    'GlobalCapability' : [ 0x108, ['_MCG_CAP']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'KernelSoftReboot' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DirectedDripsTransition' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_IOSAPIC' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'IOSAPICID' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'SystemVectorBase' : [ 0x4, ['unsigned long']],
+    'IOSAPICAddress' : [ 0x8, ['unsigned long long']],
+} ],
+  '_KIDTENTRY64' : [ 0x10, {
+    'OffsetLow' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'IstIndex' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'Reserved0' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned short')]],
+    'Dpl' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned short')]],
+    'Present' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'OffsetMiddle' : [ 0x6, ['unsigned short']],
+    'OffsetHigh' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x5c0, {
+    'SpecialRegisters' : [ 0x0, ['_KSPECIAL_REGISTERS']],
+    'ContextFrame' : [ 0xf0, ['_CONTEXT']],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x18, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x10, ['unsigned long']],
+    'Inserted' : [ 0x14, ['unsigned char']],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0x18, {
+    'DataSectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['void']]],
+    'ImageSectionObject' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_ACPI_CACHED_TABLE' : [ 0x40, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Header' : [ 0x18, ['_DESCRIPTION_HEADER']],
+} ],
+  '__unnamed_13f6' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_13f8' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_13fa' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_13f6']],
+    'Interrupt' : [ 0x0, ['__unnamed_13f8']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_13f8']],
+    'Sci' : [ 0x0, ['__unnamed_13f8']],
+    'Nmi' : [ 0x0, ['__unnamed_13f8']],
+    'Sea' : [ 0x0, ['__unnamed_13f8']],
+    'Sei' : [ 0x0, ['__unnamed_13f8']],
+    'Gsiv' : [ 0x0, ['__unnamed_13f8']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_13fa']],
+} ],
+  '_IO_APIC_REGISTERS' : [ 0x44, {
+    'RegisterIndex' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['array', 3, ['unsigned long']]],
+    'RegisterValue' : [ 0x10, ['unsigned long']],
+    'Reserved2' : [ 0x14, ['array', 11, ['unsigned long']]],
+    'EndOfInterrupt' : [ 0x40, ['unsigned long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x18, {
+    'SecurityQos' : [ 0x0, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x8, ['pointer64', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x10, ['unsigned long']],
+    'FullCreateOptions' : [ 0x14, ['unsigned long']],
+} ],
+  '_KTSS64' : [ 0x68, {
+    'Reserved0' : [ 0x0, ['unsigned long']],
+    'Rsp0' : [ 0x4, ['unsigned long long']],
+    'Rsp1' : [ 0xc, ['unsigned long long']],
+    'Rsp2' : [ 0x14, ['unsigned long long']],
+    'Ist' : [ 0x1c, ['array', 8, ['unsigned long long']]],
+    'Reserved1' : [ 0x5c, ['unsigned long long']],
+    'Reserved2' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+} ],
+  '_VPB' : [ 0x60, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x18, ['unsigned long']],
+    'ReferenceCount' : [ 0x1c, ['unsigned long']],
+    'VolumeLabel' : [ 0x20, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_NT_TIB' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x8, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x10, ['pointer64', ['void']]],
+    'SubSystemTib' : [ 0x18, ['pointer64', ['void']]],
+    'FiberData' : [ 0x20, ['pointer64', ['void']]],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['pointer64', ['void']]],
+    'Self' : [ 0x30, ['pointer64', ['_NT_TIB']]],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_FADT' : [ 0x10c, {
+    'Header' : [ 0x0, ['_DESCRIPTION_HEADER']],
+    'facs' : [ 0x24, ['unsigned long']],
+    'dsdt' : [ 0x28, ['unsigned long']],
+    'int_model' : [ 0x2c, ['unsigned char']],
+    'pm_profile' : [ 0x2d, ['unsigned char']],
+    'sci_int_vector' : [ 0x2e, ['unsigned short']],
+    'smi_cmd_io_port' : [ 0x30, ['unsigned long']],
+    'acpi_on_value' : [ 0x34, ['unsigned char']],
+    'acpi_off_value' : [ 0x35, ['unsigned char']],
+    's4bios_req' : [ 0x36, ['unsigned char']],
+    'pstate_control' : [ 0x37, ['unsigned char']],
+    'pm1a_evt_blk_io_port' : [ 0x38, ['unsigned long']],
+    'pm1b_evt_blk_io_port' : [ 0x3c, ['unsigned long']],
+    'pm1a_ctrl_blk_io_port' : [ 0x40, ['unsigned long']],
+    'pm1b_ctrl_blk_io_port' : [ 0x44, ['unsigned long']],
+    'pm2_ctrl_blk_io_port' : [ 0x48, ['unsigned long']],
+    'pm_tmr_blk_io_port' : [ 0x4c, ['unsigned long']],
+    'gp0_blk_io_port' : [ 0x50, ['unsigned long']],
+    'gp1_blk_io_port' : [ 0x54, ['unsigned long']],
+    'pm1_evt_len' : [ 0x58, ['unsigned char']],
+    'pm1_ctrl_len' : [ 0x59, ['unsigned char']],
+    'pm2_ctrl_len' : [ 0x5a, ['unsigned char']],
+    'pm_tmr_len' : [ 0x5b, ['unsigned char']],
+    'gp0_blk_len' : [ 0x5c, ['unsigned char']],
+    'gp1_blk_len' : [ 0x5d, ['unsigned char']],
+    'gp1_base' : [ 0x5e, ['unsigned char']],
+    'cstate_control' : [ 0x5f, ['unsigned char']],
+    'lvl2_latency' : [ 0x60, ['unsigned short']],
+    'lvl3_latency' : [ 0x62, ['unsigned short']],
+    'flush_size' : [ 0x64, ['unsigned short']],
+    'flush_stride' : [ 0x66, ['unsigned short']],
+    'duty_offset' : [ 0x68, ['unsigned char']],
+    'duty_width' : [ 0x69, ['unsigned char']],
+    'day_alarm_index' : [ 0x6a, ['unsigned char']],
+    'month_alarm_index' : [ 0x6b, ['unsigned char']],
+    'century_alarm_index' : [ 0x6c, ['unsigned char']],
+    'boot_arch' : [ 0x6d, ['unsigned short']],
+    'reserved3' : [ 0x6f, ['array', 1, ['unsigned char']]],
+    'flags' : [ 0x70, ['unsigned long']],
+    'reset_reg' : [ 0x74, ['_GEN_ADDR']],
+    'reset_val' : [ 0x80, ['unsigned char']],
+    'arm_boot_arch' : [ 0x81, ['unsigned short']],
+    'minor_version_number' : [ 0x83, ['unsigned char']],
+    'x_firmware_ctrl' : [ 0x84, ['_LARGE_INTEGER']],
+    'x_dsdt' : [ 0x8c, ['_LARGE_INTEGER']],
+    'x_pm1a_evt_blk' : [ 0x94, ['_GEN_ADDR']],
+    'x_pm1b_evt_blk' : [ 0xa0, ['_GEN_ADDR']],
+    'x_pm1a_ctrl_blk' : [ 0xac, ['_GEN_ADDR']],
+    'x_pm1b_ctrl_blk' : [ 0xb8, ['_GEN_ADDR']],
+    'x_pm2_ctrl_blk' : [ 0xc4, ['_GEN_ADDR']],
+    'x_pm_tmr_blk' : [ 0xd0, ['_GEN_ADDR']],
+    'x_gp0_blk' : [ 0xdc, ['_GEN_ADDR']],
+    'x_gp1_blk' : [ 0xe8, ['_GEN_ADDR']],
+    'sleep_control_reg' : [ 0xf4, ['_GEN_ADDR']],
+    'sleep_status_reg' : [ 0x100, ['_GEN_ADDR']],
+} ],
+  '_PROCLOCALAPIC' : [ 0x8, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'ACPIProcessorID' : [ 0x2, ['unsigned char']],
+    'APICID' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_RSDT_32' : [ 0x28, {
+    'Header' : [ 0x0, ['_DESCRIPTION_HEADER']],
+    'Tables' : [ 0x24, ['array', 1, ['unsigned long']]],
+} ],
+  '_LOCAL_NMISOURCE' : [ 0x6, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'ProcessorID' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['unsigned short']],
+    'LINTIN' : [ 0x5, ['unsigned char']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_HEADER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaEventLogEntryTypeInformational', 1: u'WheaEventLogEntryTypeWarning', 2: u'WheaEventLogEntryTypeError'})]],
+    'OwnerTag' : [ 0x10, ['unsigned long']],
+    'Id' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {-2147483647: u'WheaEventLogEntryIdCmcPollingTimeout', -2147483646: u'WheaEventLogEntryIdWheaInit', -2147483645: u'WheaEventLogEntryIdCmcSwitchToPolling', -2147483644: u'WheaEventLogEntryIdDroppedCorrectedError', -2147483643: u'WheaEventLogEntryIdStartedReportHwError', -2147483642: u'WheaEventLogEntryIdPFAMemoryOfflined', -2147483641: u'WheaEventLogEntryIdPFAMemoryRemoveMonitor', -2147483640: u'WheaEventLogEntryIdPFAMemoryPolicy', -2147483639: u'WheaEventLogEntryIdPshedInjectError', -2147483638: u'WheaEventLogEntryIdOscCapabilities', -2147483637: u'WheaEventLogEntryIdPshedPluginRegister', -2147483636: u'WheaEventLogEntryIdAddRemoveErrorSource', -2147483635: u'WheaEventLogEntryIdWorkQueueItem', -2147483634: u'WheaEventLogEntryIdAttemptErrorRecovery', -2147483633: u'WheaEventLogEntryIdMcaFoundErrorInBank', -2147483632: u'WheaEventLogEntryIdMcaStuckErrorCheck', -2147483631: u'WheaEventLogEntryIdMcaErrorCleared', -2147483630: u'WheaEventLogEntryIdClearedPoison', -2147483629: u'WheaEventLogEntryIdProcessEINJ', -2147483628: u'WheaEventLogEntryIdProcessHEST', -2147483627: u'WheaEventLogEntryIdCreateGenericRecord', -2147483626: u'WheaEventLogEntryIdErrorRecord', -2147483625: u'WheaEventLogEntryIdErrorRecordLimit', -2147483623: u'WheaEventLogEntryIdErrSrcArrayInvalid', -2147483622: u'WheaEventLogEntryIdAcpiTimeOut', -2147483621: u'WheaEventLogCmciRestart', -2147483620: u'WheaEventLogCmciFinalRestart', -2147483619: u'WheaEventLogEntryEtwOverFlow', -2147483618: u'WheaEventLogAzccRootBusSearchErr', -2147483617: u'WheaEventLogAzccRootBusList', -2147483616: u'WheaEventLogEntryIdErrSrcInvalid', -2147483615: u'WheaEventLogEntryIdGenericErrMemMap', -2147483614: u'WheaEventLogEntryIdPshedCallbackCollision', -2147483613: u'WheaEventLogEntryIdSELBugCheckProgress', -2147483612: u'WheaEventLogEntryIdPshedPluginLoad', -2147483611: u'WheaEventLogEntryIdPshedPluginUnload', -2147483610: u'WheaEventLogEntryIdPshedPluginSupported', -2147483609: u'WheaEventLogEntryIdDeviceDriver', -2147483608: u'WheaEventLogEntryIdCmciImplPresent', -2147483607: u'WheaEventLogEntryIdCmciInitError', -2147483606: u'WheaEventLogEntryIdSELBugCheckRecovery', -2147483605: u'WheaEventLogEntryIdDrvErrSrcInvalid', -2147483604: u'WheaEventLogEntryIdDrvHandleBusy', -2147483603: u'WheaEventLogEntryIdWheaHeartbeat', -2147483602: u'WheaEventLogAzccRootBusPoisonSet', -2147483601: u'WheaEventLogEntryIdSELBugCheckInfo', -2147483600: u'WheaEventLogEntryIdErrDimmInfoMismatch', -2147483599: u'WheaEventLogEntryIdeDpcEnabled'})]],
+    'Flags' : [ 0x18, ['_WHEA_EVENT_LOG_ENTRY_FLAGS']],
+    'PayloadLength' : [ 0x1c, ['unsigned long']],
+} ],
+  '_INTERRUPT_FUNCTION_TABLE' : [ 0xb8, {
+    'InitializeLocalUnit' : [ 0x0, ['pointer64', ['void']]],
+    'InitializeIoUnit' : [ 0x8, ['pointer64', ['void']]],
+    'SetPriority' : [ 0x10, ['pointer64', ['void']]],
+    'GetLocalUnitError' : [ 0x18, ['pointer64', ['void']]],
+    'ClearLocalUnitError' : [ 0x20, ['pointer64', ['void']]],
+    'GetLogicalId' : [ 0x28, ['pointer64', ['void']]],
+    'SetLogicalId' : [ 0x30, ['pointer64', ['void']]],
+    'AcceptAndGetSource' : [ 0x38, ['pointer64', ['void']]],
+    'EndOfInterrupt' : [ 0x40, ['pointer64', ['void']]],
+    'FastEndOfInterrupt' : [ 0x48, ['pointer64', ['void']]],
+    'SetLineState' : [ 0x50, ['pointer64', ['void']]],
+    'RequestInterrupt' : [ 0x58, ['pointer64', ['void']]],
+    'StartProcessor' : [ 0x60, ['pointer64', ['void']]],
+    'GenerateMessage' : [ 0x68, ['pointer64', ['void']]],
+    'ConvertId' : [ 0x70, ['pointer64', ['void']]],
+    'SaveLocalInterrupts' : [ 0x78, ['pointer64', ['void']]],
+    'ReplayLocalInterrupts' : [ 0x80, ['pointer64', ['void']]],
+    'DeinitializeLocalUnit' : [ 0x88, ['pointer64', ['void']]],
+    'DeinitializeIoUnit' : [ 0x90, ['pointer64', ['void']]],
+    'QueryAndGetSource' : [ 0x98, ['pointer64', ['void']]],
+    'DeactivateInterrupt' : [ 0xa0, ['pointer64', ['void']]],
+    'DirectedEndOfInterrupt' : [ 0xa8, ['pointer64', ['void']]],
+    'QueryLocalUnitInfo' : [ 0xb0, ['pointer64', ['void']]],
+} ],
+  '_WHEA_DEVICE_DRIVER_DESCRIPTOR' : [ 0x74, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'SourceGuid' : [ 0x4, ['_GUID']],
+    'LogTag' : [ 0x14, ['unsigned short']],
+    'Reserved2' : [ 0x16, ['unsigned short']],
+    'PacketLength' : [ 0x18, ['unsigned long']],
+    'PacketCount' : [ 0x1c, ['unsigned long']],
+    'PacketBuffer' : [ 0x20, ['pointer64', ['unsigned char']]],
+    'Config' : [ 0x28, ['_WHEA_ERROR_SOURCE_CONFIGURATION_DD']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'PartitionId' : [ 0x50, ['_GUID']],
+    'MaxSectionDataLength' : [ 0x60, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x64, ['unsigned long']],
+    'PacketStateBuffer' : [ 0x68, ['pointer64', ['unsigned char']]],
+    'OpenHandles' : [ 0x70, ['long']],
+} ],
+  '_PLATFORM_INTERRUPT' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'InterruptType' : [ 0x4, ['unsigned char']],
+    'APICID' : [ 0x5, ['unsigned char']],
+    'ACPIEID' : [ 0x6, ['unsigned char']],
+    'IOSAPICVector' : [ 0x7, ['unsigned char']],
+    'GlobalVector' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_ADAPTER_OBJECT' : [ 0x278, {
+    'AdapterObject' : [ 0x0, ['_HALP_DMA_ADAPTER_OBJECT']],
+    'MasterAdapter' : [ 0x98, ['pointer64', ['_HALP_DMA_MASTER_ADAPTER_OBJECT']]],
+    'WaitQueueEntry' : [ 0xa0, ['_LIST_ENTRY']],
+    'ChannelWaitQueue' : [ 0xb0, ['_KDEVICE_QUEUE']],
+    'ResourceWaitLock' : [ 0xb0, ['unsigned long long']],
+    'ResourceWaitQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'ChannelResourceWaitQueue' : [ 0xc8, ['_LIST_ENTRY']],
+    'ResourceQueueBusy' : [ 0xd8, ['unsigned char']],
+    'MapRegistersPerChannel' : [ 0xe0, ['unsigned long']],
+    'MapRegisterBase' : [ 0xe8, ['pointer64', ['void']]],
+    'NumberOfMapRegisters' : [ 0xf0, ['unsigned long']],
+    'MaxTransferLength' : [ 0xf4, ['unsigned long']],
+    'CrashDumpRegisterBase' : [ 0xf8, ['array', 2, ['pointer64', ['void']]]],
+    'NumberOfCrashDumpRegisters' : [ 0x108, ['array', 2, ['unsigned long']]],
+    'CrashDumpRegisterRefCount' : [ 0x110, ['array', 2, ['unsigned long']]],
+    'AdapterCrashDumpList' : [ 0x118, ['_LIST_ENTRY']],
+    'MapRegisterMdl' : [ 0x128, ['pointer64', ['_MDL']]],
+    'MapRegisterMdlLock' : [ 0x130, ['unsigned long long']],
+    'AllocationHandle' : [ 0x138, ['pointer64', ['void']]],
+    'VirtualAddress' : [ 0x140, ['pointer64', ['void']]],
+    'IsAllocationMdlBased' : [ 0x148, ['unsigned char']],
+    'NoLocalPool' : [ 0x149, ['unsigned char']],
+    'CurrentWcb' : [ 0x150, ['pointer64', ['_WAIT_CONTEXT_BLOCK']]],
+    'CurrentTransferContext' : [ 0x158, ['pointer64', ['_DMA_TRANSFER_CONTEXT']]],
+    'DmaController' : [ 0x160, ['pointer64', ['_HALP_DMA_CONTROLLER']]],
+    'Controller' : [ 0x168, ['unsigned long']],
+    'ChannelNumber' : [ 0x16c, ['unsigned long']],
+    'RequestLine' : [ 0x170, ['unsigned long']],
+    'RequestedChannelCount' : [ 0x174, ['unsigned long']],
+    'AllocatedChannelCount' : [ 0x178, ['unsigned long']],
+    'AllocatedChannels' : [ 0x17c, ['array', 8, ['unsigned long']]],
+    'ChannelAdapter' : [ 0x1a0, ['pointer64', ['void']]],
+    'NeedsMapRegisters' : [ 0x1a8, ['unsigned char']],
+    'MasterDevice' : [ 0x1a9, ['unsigned char']],
+    'ScatterGather' : [ 0x1aa, ['unsigned char']],
+    'AutoInitialize' : [ 0x1ab, ['unsigned char']],
+    'IgnoreCount' : [ 0x1ac, ['unsigned char']],
+    'CacheCoherent' : [ 0x1ad, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x1b0, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0x1b1, ['unsigned char']],
+    'DmaAddressWidth' : [ 0x1b0, ['unsigned long']],
+    'DmaPortWidth' : [ 0x1b4, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DeviceAddress' : [ 0x1b8, ['_LARGE_INTEGER']],
+    'AdapterList' : [ 0x1c0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x1d0, ['_WORK_QUEUE_ITEM']],
+    'DomainPointer' : [ 0x1f0, ['pointer64', ['_HALP_DMA_DOMAIN_OBJECT']]],
+    'TranslationType' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: u'ExtTranslationTypePassThrough', 1: u'ExtTranslationTypeBlocked', 2: u'ExtTranslationTypeTranslate', 3: u'ExtTranslationTypeSafePassThrough', 4: u'ExtTranslationTypeInvalid'})]],
+    'AdapterInUse' : [ 0x1fc, ['unsigned char']],
+    'DeviceObject' : [ 0x200, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceId' : [ 0x208, ['pointer64', ['_EXT_IOMMU_DEVICE_ID']]],
+    'IommuDevice' : [ 0x210, ['pointer64', ['void']]],
+    'ScatterGatherMdl' : [ 0x218, ['pointer64', ['_MDL']]],
+    'LowMemoryLogicalAddressBase' : [ 0x220, ['unsigned long long']],
+    'LowMemoryLogicalAddressQueueLock' : [ 0x228, ['unsigned long long']],
+    'LowMemoryLogicalAddressQueue' : [ 0x230, ['_LIST_ENTRY']],
+    'LowMemoryLogicalAddressQueueInUse' : [ 0x240, ['unsigned char']],
+    'LowMemoryLogicalAddressQueueEntry' : [ 0x248, ['_HALP_EMERGENCY_LA_QUEUE_ENTRY']],
+    'AllocationState' : [ 0x260, ['Enumeration', dict(target = 'long', choices = {0: u'HalpDmaAdapterAllocationStateNone', 1: u'HalpDmaAdapterAllocateChannel', 2: u'HalpDmaAdapterAllocateMapRegisters', 3: u'HalpDmaAdapterAllocateChannelRemapResources', 4: u'HalpDmaAdapterAllocationStateComplete', 5: u'HalpDmaAdapterAllocationStateMax'})]],
+    'ScatterGatherBufferLength' : [ 0x264, ['unsigned long']],
+    'ScatterGatherBuffer' : [ 0x268, ['_SCATTER_GATHER_LIST']],
+} ],
+  '_RSDP' : [ 0x24, {
+    'Signature' : [ 0x0, ['unsigned long long']],
+    'Checksum' : [ 0x8, ['unsigned char']],
+    'OEMID' : [ 0x9, ['array', 6, ['unsigned char']]],
+    'Revision' : [ 0xf, ['unsigned char']],
+    'RsdtAddress' : [ 0x10, ['unsigned long']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'XsdtAddress' : [ 0x18, ['_LARGE_INTEGER']],
+    'XChecksum' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 3, ['unsigned char']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_MCG_STATUS' : [ 0x8, {
+    'RestartIpValid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ErrorIpValid' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MachineCheckInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LocalMceValid' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Reserved2' : [ 0x4, ['unsigned long']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '_XSDT' : [ 0x2c, {
+    'Header' : [ 0x0, ['_DESCRIPTION_HEADER']],
+    'Tables' : [ 0x24, ['array', 1, ['_LARGE_INTEGER']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_CONTEXT' : [ 0x4d0, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5Home' : [ 0x20, ['unsigned long long']],
+    'P6Home' : [ 0x28, ['unsigned long long']],
+    'ContextFlags' : [ 0x30, ['unsigned long']],
+    'MxCsr' : [ 0x34, ['unsigned long']],
+    'SegCs' : [ 0x38, ['unsigned short']],
+    'SegDs' : [ 0x3a, ['unsigned short']],
+    'SegEs' : [ 0x3c, ['unsigned short']],
+    'SegFs' : [ 0x3e, ['unsigned short']],
+    'SegGs' : [ 0x40, ['unsigned short']],
+    'SegSs' : [ 0x42, ['unsigned short']],
+    'EFlags' : [ 0x44, ['unsigned long']],
+    'Dr0' : [ 0x48, ['unsigned long long']],
+    'Dr1' : [ 0x50, ['unsigned long long']],
+    'Dr2' : [ 0x58, ['unsigned long long']],
+    'Dr3' : [ 0x60, ['unsigned long long']],
+    'Dr6' : [ 0x68, ['unsigned long long']],
+    'Dr7' : [ 0x70, ['unsigned long long']],
+    'Rax' : [ 0x78, ['unsigned long long']],
+    'Rcx' : [ 0x80, ['unsigned long long']],
+    'Rdx' : [ 0x88, ['unsigned long long']],
+    'Rbx' : [ 0x90, ['unsigned long long']],
+    'Rsp' : [ 0x98, ['unsigned long long']],
+    'Rbp' : [ 0xa0, ['unsigned long long']],
+    'Rsi' : [ 0xa8, ['unsigned long long']],
+    'Rdi' : [ 0xb0, ['unsigned long long']],
+    'R8' : [ 0xb8, ['unsigned long long']],
+    'R9' : [ 0xc0, ['unsigned long long']],
+    'R10' : [ 0xc8, ['unsigned long long']],
+    'R11' : [ 0xd0, ['unsigned long long']],
+    'R12' : [ 0xd8, ['unsigned long long']],
+    'R13' : [ 0xe0, ['unsigned long long']],
+    'R14' : [ 0xe8, ['unsigned long long']],
+    'R15' : [ 0xf0, ['unsigned long long']],
+    'Rip' : [ 0xf8, ['unsigned long long']],
+    'FltSave' : [ 0x100, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x100, ['array', 2, ['_M128A']]],
+    'Legacy' : [ 0x120, ['array', 8, ['_M128A']]],
+    'Xmm0' : [ 0x1a0, ['_M128A']],
+    'Xmm1' : [ 0x1b0, ['_M128A']],
+    'Xmm2' : [ 0x1c0, ['_M128A']],
+    'Xmm3' : [ 0x1d0, ['_M128A']],
+    'Xmm4' : [ 0x1e0, ['_M128A']],
+    'Xmm5' : [ 0x1f0, ['_M128A']],
+    'Xmm6' : [ 0x200, ['_M128A']],
+    'Xmm7' : [ 0x210, ['_M128A']],
+    'Xmm8' : [ 0x220, ['_M128A']],
+    'Xmm9' : [ 0x230, ['_M128A']],
+    'Xmm10' : [ 0x240, ['_M128A']],
+    'Xmm11' : [ 0x250, ['_M128A']],
+    'Xmm12' : [ 0x260, ['_M128A']],
+    'Xmm13' : [ 0x270, ['_M128A']],
+    'Xmm14' : [ 0x280, ['_M128A']],
+    'Xmm15' : [ 0x290, ['_M128A']],
+    'VectorRegister' : [ 0x300, ['array', 26, ['_M128A']]],
+    'VectorControl' : [ 0x4a0, ['unsigned long long']],
+    'DebugControl' : [ 0x4a8, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x4b0, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x4b8, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x4c0, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x4c8, ['unsigned long long']],
+} ],
+  '_IOAPIC' : [ 0xc, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'IOAPICID' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'IOAPICAddress' : [ 0x4, ['unsigned long']],
+    'SystemVectorBase' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CriticalEvent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'AddressTranslationRequired' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AddressTranslationCompleted' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer64', ['void']]],
+    'Information' : [ 0x8, ['unsigned long long']],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_MCG_CAP' : [ 0x8, {
+    'CountField' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ControlMsrPresent' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'ExtendedMsrsPresent' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'SignalingExtensionPresent' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ThresholdErrorStatusPresent' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'ExtendedRegisterCount' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'SoftwareErrorRecoverySupported' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'EnhancedMachineCheckCapability' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long long')]],
+    'ExtendedErrorLogging' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long long')]],
+    'LocalMachineCheckException' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long long')]],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_SOURCE_CONFIGURATION_DD' : [ 0x18, {
+    'Initialize' : [ 0x0, ['pointer64', ['void']]],
+    'Uninitialize' : [ 0x8, ['pointer64', ['void']]],
+    'Correct' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_LINE' : [ 0x8, {
+    'UnitId' : [ 0x0, ['unsigned long']],
+    'Line' : [ 0x4, ['long']],
+} ],
+  '_HALP_DMA_CONTROLLER' : [ 0xe0, {
+    'Controllers' : [ 0x0, ['_LIST_ENTRY']],
+    'AdapterList' : [ 0x10, ['_LIST_ENTRY']],
+    'ControllerId' : [ 0x20, ['unsigned long']],
+    'MinimumRequestLine' : [ 0x24, ['unsigned long']],
+    'MaximumRequestLine' : [ 0x28, ['unsigned long']],
+    'ChannelCount' : [ 0x2c, ['unsigned long']],
+    'ScatterGatherLimit' : [ 0x30, ['unsigned long']],
+    'Channels' : [ 0x38, ['pointer64', ['_HALP_DMA_CHANNEL']]],
+    'ExtensionData' : [ 0x40, ['pointer64', ['void']]],
+    'CacheCoherent' : [ 0x48, ['unsigned char']],
+    'DmaAddressWidth' : [ 0x4c, ['unsigned long']],
+    'Operations' : [ 0x50, ['_DMA_FUNCTION_TABLE']],
+    'SupportedPortWidths' : [ 0xa0, ['unsigned long']],
+    'MinimumTransferUnit' : [ 0xa4, ['unsigned long']],
+    'Lock' : [ 0xa8, ['unsigned long long']],
+    'Irql' : [ 0xb0, ['unsigned char']],
+    'GeneratesInterrupt' : [ 0xb1, ['unsigned char']],
+    'Gsi' : [ 0xb4, ['long']],
+    'InterruptPolarity' : [ 0xb8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'InterruptMode' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'ResourceId' : [ 0xc0, ['_UNICODE_STRING']],
+    'PowerHandle' : [ 0xd0, ['pointer64', ['POHANDLE__']]],
+    'PowerActive' : [ 0xd8, ['unsigned char']],
+} ],
+  '_HAL_INTEL_ENLIGHTENMENT_INFORMATION' : [ 0x1f0, {
+    'Enlightenments' : [ 0x0, ['unsigned long']],
+    'HypervisorConnected' : [ 0x4, ['unsigned long']],
+    'EndOfInterrupt' : [ 0x8, ['pointer64', ['void']]],
+    'ApicWriteIcr' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved0' : [ 0x18, ['unsigned long']],
+    'SpinCountMask' : [ 0x1c, ['unsigned long']],
+    'LongSpinWait' : [ 0x20, ['pointer64', ['void']]],
+    'GetReferenceTime' : [ 0x28, ['pointer64', ['void']]],
+    'SetSystemSleepProperty' : [ 0x30, ['pointer64', ['void']]],
+    'EnterSleepState' : [ 0x38, ['pointer64', ['void']]],
+    'NotifyDebugDeviceAvailable' : [ 0x40, ['pointer64', ['void']]],
+    'MapDeviceInterrupt' : [ 0x48, ['pointer64', ['void']]],
+    'UnmapDeviceInterrupt' : [ 0x50, ['pointer64', ['void']]],
+    'RetargetDeviceInterrupt' : [ 0x58, ['pointer64', ['void']]],
+    'SetHpetConfig' : [ 0x60, ['pointer64', ['void']]],
+    'NotifyHpetEnabled' : [ 0x68, ['pointer64', ['void']]],
+    'QueryAssociatedProcessors' : [ 0x70, ['pointer64', ['void']]],
+    'ReadMultipleMsr' : [ 0x78, ['pointer64', ['void']]],
+    'WriteMultipleMsr' : [ 0x80, ['pointer64', ['void']]],
+    'ReadCpuid' : [ 0x88, ['pointer64', ['void']]],
+    'LpWritebackInvalidate' : [ 0x90, ['pointer64', ['void']]],
+    'GetMachineCheckContext' : [ 0x98, ['pointer64', ['void']]],
+    'SuspendPartition' : [ 0xa0, ['pointer64', ['void']]],
+    'ResumePartition' : [ 0xa8, ['pointer64', ['void']]],
+    'SetSystemMachineCheckProperty' : [ 0xb0, ['pointer64', ['void']]],
+    'WheaErrorNotification' : [ 0xb8, ['pointer64', ['void']]],
+    'GetProcessorIndexFromVpIndex' : [ 0xc0, ['pointer64', ['void']]],
+    'SyntheticClusterIpi' : [ 0xc8, ['pointer64', ['void']]],
+    'VpStartEnabled' : [ 0xd0, ['pointer64', ['void']]],
+    'StartVirtualProcessor' : [ 0xd8, ['pointer64', ['void']]],
+    'GetVpIndexFromApicId' : [ 0xe0, ['pointer64', ['void']]],
+    'IumAccessPciDevice' : [ 0xe8, ['pointer64', ['void']]],
+    'IumEfiRuntimeService' : [ 0xf0, ['pointer64', ['void']]],
+    'SvmGetSystemCapabilities' : [ 0xf8, ['pointer64', ['void']]],
+    'SvmGetDeviceCapabilities' : [ 0x100, ['pointer64', ['void']]],
+    'SvmCreatePasidSpace' : [ 0x108, ['pointer64', ['void']]],
+    'SvmSetPasidAddressSpace' : [ 0x110, ['pointer64', ['void']]],
+    'SvmFlushPasid' : [ 0x118, ['pointer64', ['void']]],
+    'SvmAttachPasidSpace' : [ 0x120, ['pointer64', ['void']]],
+    'SvmDetachPasidSpace' : [ 0x128, ['pointer64', ['void']]],
+    'SvmEnablePasid' : [ 0x130, ['pointer64', ['void']]],
+    'SvmDisablePasid' : [ 0x138, ['pointer64', ['void']]],
+    'SvmAcknowledgePageRequest' : [ 0x140, ['pointer64', ['void']]],
+    'SvmCreatePrQueue' : [ 0x148, ['pointer64', ['void']]],
+    'SvmDeletePrQueue' : [ 0x150, ['pointer64', ['void']]],
+    'SvmClearPrqStalled' : [ 0x158, ['pointer64', ['void']]],
+    'SvmSetDeviceEnabled' : [ 0x160, ['pointer64', ['void']]],
+    'HvDebuggerPowerHandler' : [ 0x168, ['pointer64', ['void']]],
+    'SetQpcBias' : [ 0x170, ['pointer64', ['void']]],
+    'GetQpcBias' : [ 0x178, ['pointer64', ['void']]],
+    'RegisterDeviceId' : [ 0x180, ['pointer64', ['void']]],
+    'UnregisterDeviceId' : [ 0x188, ['pointer64', ['void']]],
+    'AllocateDeviceDomain' : [ 0x190, ['pointer64', ['void']]],
+    'AttachDeviceDomain' : [ 0x198, ['pointer64', ['void']]],
+    'DetachDeviceDomain' : [ 0x1a0, ['pointer64', ['void']]],
+    'DeleteDeviceDomain' : [ 0x1a8, ['pointer64', ['void']]],
+    'MapDeviceLogicalRange' : [ 0x1b0, ['pointer64', ['void']]],
+    'UnmapDeviceLogicalRange' : [ 0x1b8, ['pointer64', ['void']]],
+    'MapDeviceSparsePages' : [ 0x1c0, ['pointer64', ['void']]],
+    'UnmapDeviceSparsePages' : [ 0x1c8, ['pointer64', ['void']]],
+    'GetDmaGuardEnabled' : [ 0x1d0, ['pointer64', ['void']]],
+    'UpdateMicrocode' : [ 0x1d8, ['pointer64', ['void']]],
+    'GetSintMessage' : [ 0x1e0, ['pointer64', ['void']]],
+    'SetRootFaultReportingReady' : [ 0x1e8, ['pointer64', ['void']]],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_DESCRIPTION_HEADER' : [ 0x24, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['unsigned char']],
+    'Checksum' : [ 0x9, ['unsigned char']],
+    'OEMID' : [ 0xa, ['array', 6, ['unsigned char']]],
+    'OEMTableID' : [ 0x10, ['array', 8, ['unsigned char']]],
+    'OEMRevision' : [ 0x18, ['unsigned long']],
+    'CreatorID' : [ 0x1c, ['array', 4, ['unsigned char']]],
+    'CreatorRev' : [ 0x20, ['unsigned long']],
+} ],
+  '_CONTROLLER_OBJECT' : [ 0x48, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'ControllerExtension' : [ 0x8, ['pointer64', ['void']]],
+    'DeviceWaitQueue' : [ 0x10, ['_KDEVICE_QUEUE']],
+    'Spare1' : [ 0x38, ['unsigned long']],
+    'Spare2' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_SCATTER_GATHER_LIST' : [ 0x10, {
+    'NumberOfElements' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'Elements' : [ 0x10, ['array', 0, ['_SCATTER_GATHER_ELEMENT']]],
+} ],
+  '_HAL_HV_SVM_SYSTEM_CAPABILITIES' : [ 0x18, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GpaAlwaysValid' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MaxPasidSpaceCount' : [ 0x4, ['unsigned long']],
+    'MaxPasidSpacePasidCount' : [ 0x8, ['unsigned long']],
+    'MaxPrqSize' : [ 0xc, ['unsigned long']],
+    'IommuCount' : [ 0x10, ['unsigned long']],
+    'MinIommuPasidCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_HALP_DMA_MASTER_ADAPTER_OBJECT' : [ 0xd8, {
+    'AdapterObject' : [ 0x0, ['_HALP_DMA_ADAPTER_OBJECT']],
+    'ContiguousAdapterQueue' : [ 0x98, ['_LIST_ENTRY']],
+    'ScatterAdapterQueue' : [ 0xa8, ['_LIST_ENTRY']],
+    'MapBufferSize' : [ 0xb8, ['unsigned long']],
+    'MapBufferPhysicalAddress' : [ 0xc0, ['_LARGE_INTEGER']],
+    'ContiguousPageCount' : [ 0xc8, ['unsigned long']],
+    'ContiguousPageLimit' : [ 0xcc, ['unsigned long']],
+    'ScatterPageCount' : [ 0xd0, ['unsigned long']],
+    'ScatterPageLimit' : [ 0xd4, ['unsigned long']],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HALP_DMA_CHANNEL' : [ 0xa0, {
+    'ChannelNumber' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'Busy' : [ 0x5, ['unsigned char']],
+    'Complete' : [ 0x6, ['unsigned char']],
+    'CurrentCompletionRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'CurrentCompletionContext' : [ 0x10, ['pointer64', ['void']]],
+    'CurrentChildAdapter' : [ 0x18, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'CurrentInterruptType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeCompletion', 1: u'InterruptTypeError', 2: u'InterruptTypeCancelled'})]],
+    'Dpc' : [ 0x28, ['_KDPC']],
+    'GeneratesInterrupt' : [ 0x68, ['unsigned char']],
+    'Gsi' : [ 0x6c, ['long']],
+    'InterruptPolarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'InterruptMode' : [ 0x74, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'CommonBufferLength' : [ 0x78, ['unsigned long']],
+    'CommonBufferVirtualAddress' : [ 0x80, ['pointer64', ['void']]],
+    'CommonBufferLogicalAddress' : [ 0x88, ['_LARGE_INTEGER']],
+    'AdapterQueue' : [ 0x90, ['_LIST_ENTRY']],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_GROUP_AFFINITY' : [ 0x10, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Group' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['array', 3, ['unsigned short']]],
+} ],
+  '_DMA_ADAPTER' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DmaOperations' : [ 0x8, ['pointer64', ['_DMA_OPERATIONS']]],
+} ],
+  '__unnamed_15a6' : [ 0x10, {
+    'Low32' : [ 0x0, ['unsigned long']],
+    'High32' : [ 0x4, ['unsigned long']],
+    'InterruptData' : [ 0x8, ['unsigned long long']],
+} ],
+  '_INTERRUPT_TARGET' : [ 0x18, {
+    'Target' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTargetInvalid', 1: u'InterruptTargetAllIncludingSelf', 2: u'InterruptTargetAllExcludingSelf', 3: u'InterruptTargetSelfOnly', 4: u'InterruptTargetPhysical', 5: u'InterruptTargetLogicalFlat', 6: u'InterruptTargetLogicalClustered', 7: u'InterruptTargetRemapIndex', 8: u'InterruptTargetHypervisor'})]],
+    'PhysicalTarget' : [ 0x8, ['unsigned long']],
+    'LogicalFlatTarget' : [ 0x8, ['unsigned long']],
+    'RemapIndex' : [ 0x8, ['unsigned long']],
+    'ClusterId' : [ 0x8, ['unsigned long']],
+    'ClusterMask' : [ 0xc, ['unsigned long']],
+    'HypervisorTarget' : [ 0x8, ['__unnamed_15a6']],
+} ],
+  '_FACS' : [ 0x40, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'HardwareSignature' : [ 0x8, ['unsigned long']],
+    'pFirmwareWakingVector' : [ 0xc, ['unsigned long']],
+    'GlobalLock' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'x_FirmwareWakingVector' : [ 0x18, ['_LARGE_INTEGER']],
+    'version' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 31, ['unsigned char']]],
+} ],
+  '_WHEA_AMD_EXTENDED_REGISTERS' : [ 0xc0, {
+    'IPID' : [ 0x0, ['unsigned long long']],
+    'SYND' : [ 0x8, ['unsigned long long']],
+    'CONFIG' : [ 0x10, ['unsigned long long']],
+    'DESTAT' : [ 0x18, ['unsigned long long']],
+    'DEADDR' : [ 0x20, ['unsigned long long']],
+    'MISC1' : [ 0x28, ['unsigned long long']],
+    'MISC2' : [ 0x30, ['unsigned long long']],
+    'MISC3' : [ 0x38, ['unsigned long long']],
+    'MISC4' : [ 0x40, ['unsigned long long']],
+    'RasCap' : [ 0x48, ['unsigned long long']],
+    'Reserved' : [ 0x50, ['array', 14, ['unsigned long long']]],
+} ],
+  '_DMA_TRANSFER_CONTEXT' : [ 0x60, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'V1' : [ 0x8, ['_DMA_TRANSFER_CONTEXT_V1']],
+} ],
+  '_SECONDARY_IC_LIST_ENTRY' : [ 0xb0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'GsivBase' : [ 0x10, ['unsigned long']],
+    'GsivSize' : [ 0x14, ['unsigned long']],
+    'Interface' : [ 0x18, ['_SECONDARY_INTERRUPT_PROVIDER_INTERFACE']],
+    'BusyCount' : [ 0x70, ['long']],
+    'ExclusiveWaiterCount' : [ 0x74, ['long']],
+    'NotificationEvent' : [ 0x78, ['_KEVENT']],
+    'SignalListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'State' : [ 0xa0, ['array', 1, ['_SECONDARY_INTERRUPT_LINE_STATE']]],
+} ],
+  '_DRIVER_OBJECT' : [ 0x150, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'DriverStart' : [ 0x18, ['pointer64', ['void']]],
+    'DriverSize' : [ 0x20, ['unsigned long']],
+    'DriverSection' : [ 0x28, ['pointer64', ['void']]],
+    'DriverExtension' : [ 0x30, ['pointer64', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x38, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x48, ['pointer64', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x50, ['pointer64', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x58, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x60, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x68, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x70, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_HAL_HV_DMA_DOMAIN_INFO' : [ 0x8, {
+    'DomainId' : [ 0x0, ['unsigned long']],
+    'IsStage1' : [ 0x4, ['unsigned char']],
+} ],
+  '_HAL_HV_SVM_DEVICE_CAPABILITIES' : [ 0xc, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PciExecute' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 31, native_type='unsigned long')]],
+    'OverflowPossible' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'PasidCount' : [ 0x4, ['unsigned long']],
+    'IommuIndex' : [ 0x8, ['unsigned long']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_IO_NMISOURCE' : [ 0x8, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'GlobalSystemInterruptVector' : [ 0x4, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x28, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_ISA_VECTOR' : [ 0xa, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Bus' : [ 0x2, ['unsigned char']],
+    'Source' : [ 0x3, ['unsigned char']],
+    'GlobalSystemInterruptVector' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned short']],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0xf0, {
+    'Cr0' : [ 0x0, ['unsigned long long']],
+    'Cr2' : [ 0x8, ['unsigned long long']],
+    'Cr3' : [ 0x10, ['unsigned long long']],
+    'Cr4' : [ 0x18, ['unsigned long long']],
+    'KernelDr0' : [ 0x20, ['unsigned long long']],
+    'KernelDr1' : [ 0x28, ['unsigned long long']],
+    'KernelDr2' : [ 0x30, ['unsigned long long']],
+    'KernelDr3' : [ 0x38, ['unsigned long long']],
+    'KernelDr6' : [ 0x40, ['unsigned long long']],
+    'KernelDr7' : [ 0x48, ['unsigned long long']],
+    'Gdtr' : [ 0x50, ['_KDESCRIPTOR']],
+    'Idtr' : [ 0x60, ['_KDESCRIPTOR']],
+    'Tr' : [ 0x70, ['unsigned short']],
+    'Ldtr' : [ 0x72, ['unsigned short']],
+    'MxCsr' : [ 0x74, ['unsigned long']],
+    'DebugControl' : [ 0x78, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x80, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x88, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x90, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x98, ['unsigned long long']],
+    'Cr8' : [ 0xa0, ['unsigned long long']],
+    'MsrGsBase' : [ 0xa8, ['unsigned long long']],
+    'MsrGsSwap' : [ 0xb0, ['unsigned long long']],
+    'MsrStar' : [ 0xb8, ['unsigned long long']],
+    'MsrLStar' : [ 0xc0, ['unsigned long long']],
+    'MsrCStar' : [ 0xc8, ['unsigned long long']],
+    'MsrSyscallMask' : [ 0xd0, ['unsigned long long']],
+    'Xcr0' : [ 0xd8, ['unsigned long long']],
+    'MsrFsBase' : [ 0xe0, ['unsigned long long']],
+    'SpecialPadding0' : [ 0xe8, ['unsigned long long']],
+} ],
+  'POHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_INTERRUPT_LINE_STATE' : [ 0x38, {
+    'Polarity' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'EmulateActiveBoth' : [ 0x4, ['unsigned char']],
+    'TriggerMode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Routing' : [ 0x10, ['_INTERRUPT_LINE']],
+    'ProcessorTarget' : [ 0x18, ['_INTERRUPT_TARGET']],
+    'Vector' : [ 0x30, ['unsigned long']],
+    'Priority' : [ 0x34, ['unsigned long']],
+} ],
+  '_MCI_STATUS' : [ 0x8, {
+    'CommonBits' : [ 0x0, ['_MCI_STATUS_BITS_COMMON']],
+    'AmdBits' : [ 0x0, ['_MCI_STATUS_AMD_BITS']],
+    'IntelBits' : [ 0x0, ['_MCI_STATUS_INTEL_BITS']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '_KAFFINITY_EX' : [ 0xa8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 20, ['unsigned long long']]],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 16, ['_M128A']]],
+    'Reserved4' : [ 0x1a0, ['array', 96, ['unsigned char']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MCI_STATUS_INTEL_BITS' : [ 0x8, {
+    'McaErrorCode' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'ModelErrorCode' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'OtherInfo' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 37, native_type='unsigned long long')]],
+    'FirmwareUpdateError' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CorrectedErrorCount' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 53, native_type='unsigned long long')]],
+    'ThresholdErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 55, native_type='unsigned long long')]],
+    'ActionRequired' : [ 0x0, ['BitField', dict(start_bit = 55, end_bit = 56, native_type='unsigned long long')]],
+    'Signalling' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 57, native_type='unsigned long long')]],
+    'ContextCorrupt' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'AddressValid' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'MiscValid' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 60, native_type='unsigned long long')]],
+    'ErrorEnabled' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'UncorrectedError' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'StatusOverFlow' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION' : [ 0xc0, {
+    'ValidBits' : [ 0x0, ['_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS']],
+    'ProcessorType' : [ 0x8, ['unsigned char']],
+    'InstructionSet' : [ 0x9, ['unsigned char']],
+    'ErrorType' : [ 0xa, ['unsigned char']],
+    'Operation' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned char']],
+    'Level' : [ 0xd, ['unsigned char']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'CPUVersion' : [ 0x10, ['unsigned long long']],
+    'CPUBrandString' : [ 0x18, ['array', 128, ['unsigned char']]],
+    'ProcessorId' : [ 0x98, ['unsigned long long']],
+    'TargetAddress' : [ 0xa0, ['unsigned long long']],
+    'RequesterId' : [ 0xa8, ['unsigned long long']],
+    'ResponderId' : [ 0xb0, ['unsigned long long']],
+    'InstructionPointer' : [ 0xb8, ['unsigned long long']],
+} ],
+  '_MAPIC' : [ 0x30, {
+    'Header' : [ 0x0, ['_DESCRIPTION_HEADER']],
+    'LocalAPICAddress' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'APICTables' : [ 0x2c, ['array', 1, ['unsigned long']]],
+} ],
+  '_DMA_OPERATIONS' : [ 0x138, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'PutDmaAdapter' : [ 0x8, ['pointer64', ['void']]],
+    'AllocateCommonBuffer' : [ 0x10, ['pointer64', ['void']]],
+    'FreeCommonBuffer' : [ 0x18, ['pointer64', ['void']]],
+    'AllocateAdapterChannel' : [ 0x20, ['pointer64', ['void']]],
+    'FlushAdapterBuffers' : [ 0x28, ['pointer64', ['void']]],
+    'FreeAdapterChannel' : [ 0x30, ['pointer64', ['void']]],
+    'FreeMapRegisters' : [ 0x38, ['pointer64', ['void']]],
+    'MapTransfer' : [ 0x40, ['pointer64', ['void']]],
+    'GetDmaAlignment' : [ 0x48, ['pointer64', ['void']]],
+    'ReadDmaCounter' : [ 0x50, ['pointer64', ['void']]],
+    'GetScatterGatherList' : [ 0x58, ['pointer64', ['void']]],
+    'PutScatterGatherList' : [ 0x60, ['pointer64', ['void']]],
+    'CalculateScatterGatherList' : [ 0x68, ['pointer64', ['void']]],
+    'BuildScatterGatherList' : [ 0x70, ['pointer64', ['void']]],
+    'BuildMdlFromScatterGatherList' : [ 0x78, ['pointer64', ['void']]],
+    'GetDmaAdapterInfo' : [ 0x80, ['pointer64', ['void']]],
+    'GetDmaTransferInfo' : [ 0x88, ['pointer64', ['void']]],
+    'InitializeDmaTransferContext' : [ 0x90, ['pointer64', ['void']]],
+    'AllocateCommonBufferEx' : [ 0x98, ['pointer64', ['void']]],
+    'AllocateAdapterChannelEx' : [ 0xa0, ['pointer64', ['void']]],
+    'ConfigureAdapterChannel' : [ 0xa8, ['pointer64', ['void']]],
+    'CancelAdapterChannel' : [ 0xb0, ['pointer64', ['void']]],
+    'MapTransferEx' : [ 0xb8, ['pointer64', ['void']]],
+    'GetScatterGatherListEx' : [ 0xc0, ['pointer64', ['void']]],
+    'BuildScatterGatherListEx' : [ 0xc8, ['pointer64', ['void']]],
+    'FlushAdapterBuffersEx' : [ 0xd0, ['pointer64', ['void']]],
+    'FreeAdapterObject' : [ 0xd8, ['pointer64', ['void']]],
+    'CancelMappedTransfer' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateDomainCommonBuffer' : [ 0xe8, ['pointer64', ['void']]],
+    'FlushDmaBuffer' : [ 0xf0, ['pointer64', ['void']]],
+    'JoinDmaDomain' : [ 0xf8, ['pointer64', ['void']]],
+    'LeaveDmaDomain' : [ 0x100, ['pointer64', ['void']]],
+    'GetDmaDomain' : [ 0x108, ['pointer64', ['void']]],
+    'AllocateCommonBufferWithBounds' : [ 0x110, ['pointer64', ['void']]],
+    'AllocateCommonBufferVector' : [ 0x118, ['pointer64', ['void']]],
+    'GetCommonBufferFromVectorByIndex' : [ 0x120, ['pointer64', ['void']]],
+    'FreeCommonBufferFromVector' : [ 0x128, ['pointer64', ['void']]],
+    'FreeCommonBufferVector' : [ 0x130, ['pointer64', ['void']]],
+} ],
+  '__unnamed_167c' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1680' : [ 0x18, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_1682' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1684' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1686' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_1688' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_168a' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_168c' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_168e' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1690' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1692' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1694' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_167c']],
+    'Memory' : [ 0x0, ['__unnamed_167c']],
+    'Interrupt' : [ 0x0, ['__unnamed_1680']],
+    'Dma' : [ 0x0, ['__unnamed_1682']],
+    'DmaV3' : [ 0x0, ['__unnamed_1684']],
+    'Generic' : [ 0x0, ['__unnamed_167c']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_1686']],
+    'BusNumber' : [ 0x0, ['__unnamed_1688']],
+    'ConfigData' : [ 0x0, ['__unnamed_168a']],
+    'Memory40' : [ 0x0, ['__unnamed_168c']],
+    'Memory48' : [ 0x0, ['__unnamed_168e']],
+    'Memory64' : [ 0x0, ['__unnamed_1690']],
+    'Connection' : [ 0x0, ['__unnamed_1692']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_1694']],
+} ],
+  '_SCATTER_GATHER_ELEMENT' : [ 0x18, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_169c' : [ 0x8, {
+    'NumberOfEntries' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long long')]],
+    'Va' : [ 0x0, ['pointer64', ['void']]],
+    'VaLong' : [ 0x0, ['unsigned long long']],
+} ],
+  '_KTB_FLUSH_VA' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_169c']],
+} ],
+  '__unnamed_16a3' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0xa0, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x20, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'AuxData' : [ 0x48, ['pointer64', ['void']]],
+    'Privileges' : [ 0x50, ['__unnamed_16a3']],
+    'AuditPrivileges' : [ 0x7c, ['unsigned char']],
+    'ObjectName' : [ 0x80, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x90, ['_UNICODE_STRING']],
+} ],
+  '_HALP_EMERGENCY_LA_QUEUE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'EntryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HalpDmaLegacyLaQueueEntry', 1: u'HalpDmaThinLaQueueEntry', 2: u'HalpDmaLaQueueEntryMax'})]],
+} ],
+  '__unnamed_16b0' : [ 0x20, {
+    'ContiguousHint' : [ 0x0, ['_HALP_DMA_TRANSLATION_BUFFER_POSITION']],
+    'ScatterHint' : [ 0x10, ['_HALP_DMA_TRANSLATION_BUFFER_POSITION']],
+} ],
+  '_HALP_DMA_ADAPTER_OBJECT' : [ 0x98, {
+    'DmaHeader' : [ 0x0, ['_DMA_ADAPTER']],
+    'ContiguousMapRegisters' : [ 0x10, ['pointer64', ['_RTL_BITMAP']]],
+    'ScatterBufferListHead' : [ 0x18, ['pointer64', ['_HALP_DMA_TRANSLATION_ENTRY']]],
+    'NumberOfFreeScatterBuffers' : [ 0x20, ['unsigned long']],
+    'ContiguousTranslations' : [ 0x28, ['pointer64', ['_HALP_DMA_TRANSLATION_BUFFER']]],
+    'ScatterTranslations' : [ 0x30, ['pointer64', ['_HALP_DMA_TRANSLATION_BUFFER']]],
+    'ContiguousTranslationEnd' : [ 0x38, ['_HALP_DMA_TRANSLATION_BUFFER_POSITION']],
+    'ScatterTranslationEnd' : [ 0x48, ['_HALP_DMA_TRANSLATION_BUFFER_POSITION']],
+    'CrashDump' : [ 0x58, ['__unnamed_16b0']],
+    'SpinLock' : [ 0x78, ['unsigned long long']],
+    'GrowLock' : [ 0x80, ['unsigned long long']],
+    'MaximumPhysicalAddress' : [ 0x88, ['_LARGE_INTEGER']],
+    'IsMasterAdapter' : [ 0x90, ['unsigned char']],
+    'DmaCanCross64K' : [ 0x91, ['unsigned char']],
+    'LibraryVersion' : [ 0x94, ['unsigned long']],
+} ],
+  '_KDESCRIPTOR' : [ 0x10, {
+    'Pad' : [ 0x0, ['array', 3, ['unsigned short']]],
+    'Limit' : [ 0x6, ['unsigned short']],
+    'Base' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0x10, ['pointer64', ['void']]],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ProcessorType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'InstructionSet' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Operation' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Flags' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Level' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'CPUVersion' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'CPUBrandString' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'ProcessorId' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'TargetAddress' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'InstructionPointer' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeviceDriver' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CriticalEvent' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PersistPfn' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_DMA_TRANSFER_INFO' : [ 0x14, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'V1' : [ 0x4, ['_DMA_TRANSFER_INFO_V1']],
+    'V2' : [ 0x4, ['_DMA_TRANSFER_INFO_V2']],
+} ],
+  '_MCI_STATUS_BITS_COMMON' : [ 0x8, {
+    'McaErrorCode' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'ModelErrorCode' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 57, native_type='unsigned long long')]],
+    'ContextCorrupt' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'AddressValid' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'MiscValid' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 60, native_type='unsigned long long')]],
+    'ErrorEnabled' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'UncorrectedError' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'StatusOverFlow' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DMA_TRANSFER_INFO_V2' : [ 0x10, {
+    'MapRegisterCount' : [ 0x0, ['unsigned long']],
+    'ScatterGatherElementCount' : [ 0x4, ['unsigned long']],
+    'ScatterGatherListSize' : [ 0x8, ['unsigned long']],
+    'LogicalPageCount' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_16c9' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Consumed' : [ 0x8, ['unsigned char']],
+    'ErrorCode' : [ 0xa, ['unsigned short']],
+    'ErrorIpValid' : [ 0xc, ['unsigned char']],
+    'RestartIpValid' : [ 0xd, ['unsigned char']],
+    'ClearPoison' : [ 0xe, ['unsigned char']],
+} ],
+  '__unnamed_16cb' : [ 0x8, {
+    'PmemErrInfo' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_RECOVERY_CONTEXT' : [ 0x20, {
+    'MemoryError' : [ 0x0, ['__unnamed_16c9']],
+    'PmemError' : [ 0x0, ['__unnamed_16cb']],
+    'PartitionId' : [ 0x10, ['unsigned long long']],
+    'VpIndex' : [ 0x18, ['unsigned long']],
+    'ErrorType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {1: u'WheaRecoveryContextErrorTypeMemory', 2: u'WheaRecoveryContextErrorTypePmem', 3: u'WheaRecoveryContextErrorTypeMax'})]],
+} ],
+  '_HALP_DMA_TRANSLATION_BUFFER' : [ 0x18, {
+    'Next' : [ 0x0, ['pointer64', ['_HALP_DMA_TRANSLATION_BUFFER']]],
+    'EntryCount' : [ 0x8, ['unsigned long']],
+    'Entries' : [ 0x10, ['pointer64', ['_HALP_DMA_TRANSLATION_ENTRY']]],
+} ],
+  '_SECONDARY_INTERRUPT_PROVIDER_INTERFACE' : [ 0x58, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'GsivBase' : [ 0x10, ['unsigned long']],
+    'GsivSize' : [ 0x14, ['unsigned short']],
+    'DriverObject' : [ 0x18, ['pointer64', ['_DRIVER_OBJECT']]],
+    'Reserved1' : [ 0x20, ['pointer64', ['void']]],
+    'Reserved2' : [ 0x28, ['pointer64', ['void']]],
+    'Reserved3' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved4' : [ 0x38, ['pointer64', ['void']]],
+    'Reserved5' : [ 0x40, ['pointer64', ['void']]],
+    'Reserved6' : [ 0x48, ['pointer64', ['void']]],
+    'Reserved7' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_HALP_DMA_DOMAIN_OBJECT' : [ 0x88, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MaximumPhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'BoundaryAddressMultiple' : [ 0x18, ['_LARGE_INTEGER']],
+    'CacheCoherent' : [ 0x20, ['unsigned char']],
+    'FirmwareReserved' : [ 0x21, ['unsigned char']],
+    'IommuDomainPointer' : [ 0x28, ['pointer64', ['void']]],
+    'LaState' : [ 0x30, ['pointer64', ['void']]],
+    'LaStateLock' : [ 0x38, ['unsigned long long']],
+    'TranslationType' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'ExtTranslationTypePassThrough', 1: u'ExtTranslationTypeBlocked', 2: u'ExtTranslationTypeTranslate', 3: u'ExtTranslationTypeSafePassThrough', 4: u'ExtTranslationTypeInvalid'})]],
+    'OwningAdapter' : [ 0x48, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'CommonBufferRoot' : [ 0x50, ['_RTL_RB_TREE']],
+    'CommonBufferTreeLock' : [ 0x60, ['unsigned long long']],
+    'VectorCommonBufferListHead' : [ 0x68, ['_LIST_ENTRY']],
+    'VectorCommonBufferLock' : [ 0x78, ['unsigned long long']],
+    'DomainRefCount' : [ 0x80, ['unsigned long']],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x24, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_DMA_TRANSFER_INFO_V1' : [ 0xc, {
+    'MapRegisterCount' : [ 0x0, ['unsigned long']],
+    'ScatterGatherElementCount' : [ 0x4, ['unsigned long']],
+    'ScatterGatherListSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1728' : [ 0x8, {
+    'BoundToMaster' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'BoundToScatterPool' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'OwnedByMaster' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'OwnedByScatterPool' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'TemporaryMapping' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'ZeroBuffer' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_172a' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x0, ['__unnamed_1728']],
+} ],
+  '_HALP_DMA_TRANSLATION_ENTRY' : [ 0x48, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x8, ['pointer64', ['_HALP_DMA_TRANSLATION_ENTRY']]],
+    'MappedLength' : [ 0x10, ['unsigned long']],
+    'LogicalAddress' : [ 0x18, ['unsigned long long']],
+    'LogicalMappedLength' : [ 0x20, ['unsigned long long']],
+    'NextLogicalAddress' : [ 0x28, ['unsigned long long']],
+    'u' : [ 0x30, ['__unnamed_172a']],
+    'NextMapping' : [ 0x38, ['pointer64', ['_HALP_DMA_TRANSLATION_ENTRY']]],
+    'LogicalBounceBufferPremapped' : [ 0x40, ['unsigned char']],
+} ],
+  '_ERESOURCE' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x10, ['pointer64', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'ReservedLowFlags' : [ 0x1a, ['unsigned char']],
+    'WaiterPriority' : [ 0x1b, ['unsigned char']],
+    'SharedWaiters' : [ 0x20, ['pointer64', ['void']]],
+    'ExclusiveWaiters' : [ 0x28, ['pointer64', ['void']]],
+    'OwnerEntry' : [ 0x30, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'Reserved2' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_DMA_FUNCTION_TABLE' : [ 0x50, {
+    'InitializeController' : [ 0x0, ['pointer64', ['void']]],
+    'ValidateRequestLineBinding' : [ 0x8, ['pointer64', ['void']]],
+    'QueryMaxFragments' : [ 0x10, ['pointer64', ['void']]],
+    'ProgramChannel' : [ 0x18, ['pointer64', ['void']]],
+    'ConfigureChannel' : [ 0x20, ['pointer64', ['void']]],
+    'FlushChannel' : [ 0x28, ['pointer64', ['void']]],
+    'HandleInterrupt' : [ 0x30, ['pointer64', ['void']]],
+    'ReadDmaCounter' : [ 0x38, ['pointer64', ['void']]],
+    'ReportCommonBuffer' : [ 0x40, ['pointer64', ['void']]],
+    'CancelTransfer' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID' : [ 0x18, {
+    'DeviceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'EXT_IOMMU_DEVICE_TYPE_INVALID', 1: u'EXT_IOMMU_DEVICE_TYPE_PCI', 2: u'EXT_IOMMU_DEVICE_TYPE_ACPI', 3: u'EXT_IOMMU_DEVICE_TYPE_IOAPIC', 4: u'EXT_IOMMU_DEVICE_TYPE_LOGICAL', 5: u'EXT_IOMMU_DEVICE_TYPE_GIC', 6: u'EXT_IOMMU_DEVICE_TYPE_TEST', 7: u'EXT_IOMMU_DEVICE_TYPE_MAX'})]],
+    'Pci' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_PCI']],
+    'Acpi' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_ACPI']],
+    'IoApicId' : [ 0x8, ['unsigned char']],
+    'LogicalId' : [ 0x8, ['unsigned long long']],
+    'Test' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_TEST']],
+    'Gic' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_GIC']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_DMA_TRANSFER_CONTEXT_V1' : [ 0x58, {
+    'DmaState' : [ 0x0, ['long']],
+    'TransferState' : [ 0x4, ['unsigned long']],
+    'Wcb' : [ 0x8, ['_WAIT_CONTEXT_BLOCK']],
+    'HalWcb' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_DMA_COMMON_BUFFER_VECTOR' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SizeOfEntries' : [ 0x10, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x18, ['unsigned long']],
+    'Domain' : [ 0x20, ['pointer64', ['_HALP_DMA_DOMAIN_OBJECT']]],
+    'Mdl' : [ 0x28, ['pointer64', ['_MDL']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'BaseLogicalAddress' : [ 0x38, ['unsigned long long']],
+    'Entries' : [ 0x40, ['pointer64', ['_DMA_COMMON_BUFFER_ENTRY']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_DMA_ADAPTER_INFO' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'V1' : [ 0x4, ['_DMA_ADAPTER_INFO_V1']],
+} ],
+  '_HALP_DMA_TRANSLATION_BUFFER_POSITION' : [ 0x10, {
+    'Buffer' : [ 0x0, ['pointer64', ['_HALP_DMA_TRANSLATION_BUFFER']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+} ],
+  '_MCI_STATUS_AMD_BITS' : [ 0x8, {
+    'McaErrorCode' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'ModelErrorCode' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'ImplementationSpecific2' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 43, native_type='unsigned long long')]],
+    'Poison' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'Deferred' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ImplementationSpecific1' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 57, native_type='unsigned long long')]],
+    'ContextCorrupt' : [ 0x0, ['BitField', dict(start_bit = 57, end_bit = 58, native_type='unsigned long long')]],
+    'AddressValid' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'MiscValid' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 60, native_type='unsigned long long')]],
+    'ErrorEnabled' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'UncorrectedError' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'StatusOverFlow' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_ACPI' : [ 0x8, {
+    'ObjectName' : [ 0x0, ['pointer64', ['unsigned char']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_TEST' : [ 0x8, {
+    'UniqueId' : [ 0x0, ['unsigned long long']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x20, {
+    'ClientToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessAuditId' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_OWNER_ENTRY' : [ 0x10, {
+    'OwnerThread' : [ 0x0, ['unsigned long long']],
+    'IoPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x8, ['unsigned long']],
+} ],
+  '_DMA_ADAPTER_INFO_V1' : [ 0x14, {
+    'ReadDmaCounterAvailable' : [ 0x0, ['unsigned long']],
+    'ScatterGatherLimit' : [ 0x4, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'MinimumTransferUnit' : [ 0x10, ['unsigned long']],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_GIC' : [ 0x4, {
+    'LineNumber' : [ 0x0, ['unsigned long']],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_PCI' : [ 0x10, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'PciSegmentNumber' : [ 0x0, ['unsigned short']],
+    'PhantomFunctionBits' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned short')]],
+    'BusRange' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DevicePathLength' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'StartBusNumber' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Bdf' : [ 0x4, ['unsigned short']],
+    'SubordinateBus' : [ 0x4, ['unsigned char']],
+    'SecondaryBus' : [ 0x5, ['unsigned char']],
+    'DevicePath' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '__unnamed_178a' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_178c' : [ 0x10, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_178e' : [ 0x10, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_1790' : [ 0x10, {
+    'Raw' : [ 0x0, ['__unnamed_178e']],
+    'Translated' : [ 0x0, ['__unnamed_178c']],
+} ],
+  '__unnamed_1792' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1794' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_1796' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1798' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_179a' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_179c' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_179e' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_17a0' : [ 0x10, {
+    'Generic' : [ 0x0, ['__unnamed_178a']],
+    'Port' : [ 0x0, ['__unnamed_178a']],
+    'Interrupt' : [ 0x0, ['__unnamed_178c']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_1790']],
+    'Memory' : [ 0x0, ['__unnamed_178a']],
+    'Dma' : [ 0x0, ['__unnamed_1792']],
+    'DmaV3' : [ 0x0, ['__unnamed_1794']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_1686']],
+    'BusNumber' : [ 0x0, ['__unnamed_1796']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_1798']],
+    'Memory40' : [ 0x0, ['__unnamed_179a']],
+    'Memory48' : [ 0x0, ['__unnamed_179c']],
+    'Memory64' : [ 0x0, ['__unnamed_179e']],
+    'Connection' : [ 0x0, ['__unnamed_1692']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x14, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_17a0']],
+} ],
+  '_DMA_COMMON_BUFFER_ENTRY' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'LogicalAddress' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_DMA_REQUEST_LINE_BINDING_DESCRIPTION' : [ 0x8, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'ChannelNumber' : [ 0x4, ['unsigned long']],
+} ],
+  '_DMA_SCATTER_GATHER_LIST' : [ 0x10, {
+    'NumberOfElements' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'Elements' : [ 0x10, ['array', 0, ['_SCATTER_GATHER_ELEMENT']]],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x18, {
+    'Map' : [ 0x0, ['array', 3, ['unsigned long long']]],
+} ],
+  '_PS_MITIGATION_AUDIT_OPTIONS_MAP' : [ 0x18, {
+    'Map' : [ 0x0, ['array', 3, ['unsigned long long']]],
+} ],
+  '__unnamed_17c2' : [ 0x4, {
+    'AllFlags' : [ 0x0, ['unsigned long']],
+    'Win32Process' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Sgx2Enclave' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VbsBasicEnclave' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x720, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'CyclesPerYield' : [ 0x2d6, ['unsigned short']],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgStateSeparationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'UserCetAvailableEnvironments' : [ 0x30c, ['__unnamed_17c2']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'TelemetryCoverageRound' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+    'FeatureConfigurationChangeStamp' : [ 0x710, ['_KSYSTEM_TIME']],
+    'Spare' : [ 0x71c, ['unsigned long']],
+} ],
+  '__unnamed_17db' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_17dd' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_17db']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x8, ['pointer64', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x10, ['pointer64', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0x18, ['pointer64', ['void']]],
+    'RaceDll' : [ 0x20, ['pointer64', ['void']]],
+    'ActivationContext' : [ 0x28, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x30, ['pointer64', ['void']]],
+    'u' : [ 0x38, ['__unnamed_17dd']],
+    'CallbackPriority' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x40, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x38, ['pointer64', ['void']]],
+    'ClientId' : [ 0x40, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x58, ['pointer64', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x60, ['pointer64', ['_PEB']]],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['pointer64', ['void']]],
+    'Win32ThreadInfo' : [ 0x78, ['pointer64', ['void']]],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['pointer64', ['void']]],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['pointer64', ['void']]]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['pointer64', ['void']]]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x281, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x282, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['pointer64', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'UnalignedLoadStoreExceptions' : [ 0x2ed, ['unsigned char']],
+    'Padding1' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['pointer64', ['void']]],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['pointer64', ['void']]],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['pointer64', ['void']]]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['pointer64', ['void']]],
+    'glSectionInfo' : [ 0x1228, ['pointer64', ['void']]],
+    'glSection' : [ 0x1230, ['pointer64', ['void']]],
+    'glTable' : [ 0x1238, ['pointer64', ['void']]],
+    'glCurrentRC' : [ 0x1240, ['pointer64', ['void']]],
+    'glContext' : [ 0x1248, ['pointer64', ['void']]],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['pointer64', ['void']]],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['pointer64', ['void']]]],
+    'TlsLinks' : [ 0x1680, ['_LIST_ENTRY']],
+    'Vdm' : [ 0x1690, ['pointer64', ['void']]],
+    'ReservedForNtRpc' : [ 0x1698, ['pointer64', ['void']]],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['pointer64', ['void']]]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['pointer64', ['void']]]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['pointer64', ['void']]],
+    'PerflibData' : [ 0x1728, ['pointer64', ['void']]],
+    'EtwTraceData' : [ 0x1730, ['pointer64', ['void']]],
+    'WinSockData' : [ 0x1738, ['pointer64', ['void']]],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['pointer64', ['void']]],
+    'ReservedForOle' : [ 0x1758, ['pointer64', ['void']]],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['pointer64', ['void']]],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['pointer64', ['void']]],
+    'TlsExpansionSlots' : [ 0x1780, ['pointer64', ['pointer64', ['void']]]],
+    'DeallocationBStore' : [ 0x1788, ['pointer64', ['void']]],
+    'BStoreLimit' : [ 0x1790, ['pointer64', ['void']]],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['pointer64', ['void']]],
+    'pShimData' : [ 0x17a8, ['pointer64', ['void']]],
+    'HeapData' : [ 0x17b0, ['unsigned long']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['pointer64', ['void']]],
+    'ActiveFrame' : [ 0x17c0, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0x17c8, ['pointer64', ['void']]],
+    'PreferredLanguages' : [ 0x17d0, ['pointer64', ['void']]],
+    'UserPrefLanguages' : [ 0x17d8, ['pointer64', ['void']]],
+    'MergedPrefLanguages' : [ 0x17e0, ['pointer64', ['void']]],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['pointer64', ['void']]],
+    'TxnScopeExitCallback' : [ 0x17f8, ['pointer64', ['void']]],
+    'TxnScopeContext' : [ 0x1800, ['pointer64', ['void']]],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['pointer64', ['void']]],
+    'ReservedForWdf' : [ 0x1818, ['pointer64', ['void']]],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_IMAGE_NT_HEADERS64' : [ 0x108, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER64']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_KPCR' : [ 0xb080, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'GdtBase' : [ 0x0, ['pointer64', ['_KGDTENTRY64']]],
+    'TssBase' : [ 0x8, ['pointer64', ['_KTSS64']]],
+    'UserRsp' : [ 0x10, ['unsigned long long']],
+    'Self' : [ 0x18, ['pointer64', ['_KPCR']]],
+    'CurrentPrcb' : [ 0x20, ['pointer64', ['_KPRCB']]],
+    'LockArray' : [ 0x28, ['pointer64', ['_KSPIN_LOCK_QUEUE']]],
+    'Used_Self' : [ 0x30, ['pointer64', ['void']]],
+    'IdtBase' : [ 0x38, ['pointer64', ['_KIDTENTRY64']]],
+    'Unused' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'Irql' : [ 0x50, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x51, ['unsigned char']],
+    'ObsoleteNumber' : [ 0x52, ['unsigned char']],
+    'Fill0' : [ 0x53, ['unsigned char']],
+    'Unused0' : [ 0x54, ['array', 3, ['unsigned long']]],
+    'MajorVersion' : [ 0x60, ['unsigned short']],
+    'MinorVersion' : [ 0x62, ['unsigned short']],
+    'StallScaleFactor' : [ 0x64, ['unsigned long']],
+    'Unused1' : [ 0x68, ['array', 3, ['pointer64', ['void']]]],
+    'KernelReserved' : [ 0x80, ['array', 15, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0xbc, ['unsigned long']],
+    'HalReserved' : [ 0xc0, ['array', 16, ['unsigned long']]],
+    'Unused2' : [ 0x100, ['unsigned long']],
+    'KdVersionBlock' : [ 0x108, ['pointer64', ['void']]],
+    'Unused3' : [ 0x110, ['pointer64', ['void']]],
+    'PcrAlign1' : [ 0x118, ['array', 24, ['unsigned long']]],
+    'Prcb' : [ 0x180, ['_KPRCB']],
+} ],
+  '__unnamed_1845' : [ 0x38, {
+    'UpdateCycle' : [ 0x0, ['unsigned long']],
+    'PairLocal' : [ 0x4, ['short']],
+    'PairLocalLow' : [ 0x4, ['unsigned char']],
+    'PairLocalForceStibp' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x5, ['BitField', dict(start_bit = 1, end_bit = 5, native_type='unsigned char')]],
+    'Frozen' : [ 0x5, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'ForceUntrusted' : [ 0x5, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'SynchIpi' : [ 0x5, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'PairRemote' : [ 0x6, ['short']],
+    'PairRemoteLow' : [ 0x6, ['unsigned char']],
+    'Reserved2' : [ 0x7, ['unsigned char']],
+    'Trace' : [ 0x8, ['array', 24, ['unsigned char']]],
+    'LocalDomain' : [ 0x20, ['unsigned long long']],
+    'RemoteDomain' : [ 0x28, ['unsigned long long']],
+    'Thread' : [ 0x30, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_KPRCB' : [ 0xaf00, {
+    'MxCsr' : [ 0x0, ['unsigned long']],
+    'LegacyNumber' : [ 0x4, ['unsigned char']],
+    'ReservedMustBeZero' : [ 0x5, ['unsigned char']],
+    'InterruptRequest' : [ 0x6, ['unsigned char']],
+    'IdleHalt' : [ 0x7, ['unsigned char']],
+    'CurrentThread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'NextThread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'IdleThread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NestingLevel' : [ 0x20, ['unsigned char']],
+    'ClockOwner' : [ 0x21, ['unsigned char']],
+    'PendingTickFlags' : [ 0x22, ['unsigned char']],
+    'PendingTick' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x22, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IdleState' : [ 0x23, ['unsigned char']],
+    'Number' : [ 0x24, ['unsigned long']],
+    'RspBase' : [ 0x28, ['unsigned long long']],
+    'PrcbLock' : [ 0x30, ['unsigned long long']],
+    'PriorityState' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'CpuType' : [ 0x40, ['unsigned char']],
+    'CpuID' : [ 0x41, ['unsigned char']],
+    'CpuStep' : [ 0x42, ['unsigned short']],
+    'CpuStepping' : [ 0x42, ['unsigned char']],
+    'CpuModel' : [ 0x43, ['unsigned char']],
+    'MHz' : [ 0x44, ['unsigned long']],
+    'HalReserved' : [ 0x48, ['array', 8, ['unsigned long long']]],
+    'MinorVersion' : [ 0x88, ['unsigned short']],
+    'MajorVersion' : [ 0x8a, ['unsigned short']],
+    'BuildType' : [ 0x8c, ['unsigned char']],
+    'CpuVendor' : [ 0x8d, ['unsigned char']],
+    'CoresPerPhysicalProcessor' : [ 0x8e, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x8f, ['unsigned char']],
+    'TscFrequency' : [ 0x90, ['unsigned long long']],
+    'PrcbPad04' : [ 0x98, ['array', 5, ['unsigned long long']]],
+    'ParentNode' : [ 0xc0, ['pointer64', ['_KNODE']]],
+    'GroupSetMember' : [ 0xc8, ['unsigned long long']],
+    'Group' : [ 0xd0, ['unsigned char']],
+    'GroupIndex' : [ 0xd1, ['unsigned char']],
+    'PrcbPad05' : [ 0xd2, ['array', 2, ['unsigned char']]],
+    'InitialApicId' : [ 0xd4, ['unsigned long']],
+    'ScbOffset' : [ 0xd8, ['unsigned long']],
+    'ApicMask' : [ 0xdc, ['unsigned long']],
+    'AcpiReserved' : [ 0xe0, ['pointer64', ['void']]],
+    'CFlushSize' : [ 0xe8, ['unsigned long']],
+    'PrcbFlags' : [ 0xec, ['_KPRCBFLAG']],
+    'TrappedSecurityDomain' : [ 0xf0, ['unsigned long long']],
+    'BpbState' : [ 0xf8, ['unsigned char']],
+    'BpbCpuIdle' : [ 0xf8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbFlushRsbOnTrap' : [ 0xf8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbIbpbOnReturn' : [ 0xf8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbIbpbOnTrap' : [ 0xf8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbIbpbOnRetpolineExit' : [ 0xf8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'BpbStateReserved' : [ 0xf8, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'BpbFeatures' : [ 0xf9, ['unsigned char']],
+    'BpbClearOnIdle' : [ 0xf9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbEnabled' : [ 0xf9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbSmep' : [ 0xf9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbFeaturesReserved' : [ 0xf9, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'BpbCurrentSpecCtrl' : [ 0xfa, ['unsigned char']],
+    'BpbKernelSpecCtrl' : [ 0xfb, ['unsigned char']],
+    'BpbNmiSpecCtrl' : [ 0xfc, ['unsigned char']],
+    'BpbUserSpecCtrl' : [ 0xfd, ['unsigned char']],
+    'PairRegister' : [ 0xfe, ['short']],
+    'PrcbPad11' : [ 0xf0, ['array', 2, ['unsigned long long']]],
+    'ProcessorState' : [ 0x100, ['_KPROCESSOR_STATE']],
+    'ExtendedSupervisorState' : [ 0x6c0, ['pointer64', ['_XSAVE_AREA_HEADER']]],
+    'ProcessorSignature' : [ 0x6c8, ['unsigned long']],
+    'ProcessorFlags' : [ 0x6cc, ['unsigned long']],
+    'BpbRetpolineExitSpecCtrl' : [ 0x6d0, ['unsigned char']],
+    'BpbTrappedRetpolineExitSpecCtrl' : [ 0x6d1, ['unsigned char']],
+    'BpbTrappedBpbState' : [ 0x6d2, ['unsigned char']],
+    'BpbTrappedCpuIdle' : [ 0x6d2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbTrappedFlushRsbOnTrap' : [ 0x6d2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbTrappedIbpbOnReturn' : [ 0x6d2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbTrappedIbpbOnTrap' : [ 0x6d2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbTrappedIbpbOnRetpolineExit' : [ 0x6d2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'BpbtrappedBpbStateReserved' : [ 0x6d2, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'BpbRetpolineState' : [ 0x6d3, ['unsigned char']],
+    'BpbRunningNonRetpolineCode' : [ 0x6d3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbIndirectCallsSafe' : [ 0x6d3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbRetpolineEnabled' : [ 0x6d3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbRetpolineStateReserved' : [ 0x6d3, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'PrcbPad12b' : [ 0x6d4, ['unsigned long']],
+    'PrcbPad12a' : [ 0x6d0, ['unsigned long long']],
+    'PrcbPad12' : [ 0x6d8, ['array', 3, ['unsigned long long']]],
+    'LockQueue' : [ 0x6f0, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'PPLookasideList' : [ 0x800, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x900, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0x1500, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x2100, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'MsrIa32TsxCtrl' : [ 0x2d00, ['unsigned long long']],
+    'DeferredReadyListHead' : [ 0x2d08, ['_SINGLE_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x2d10, ['long']],
+    'MmCopyOnWriteCount' : [ 0x2d14, ['long']],
+    'MmTransitionCount' : [ 0x2d18, ['long']],
+    'MmDemandZeroCount' : [ 0x2d1c, ['long']],
+    'MmPageReadCount' : [ 0x2d20, ['long']],
+    'MmPageReadIoCount' : [ 0x2d24, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x2d28, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x2d2c, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x2d30, ['long']],
+    'MmMappedWriteIoCount' : [ 0x2d34, ['long']],
+    'KeSystemCalls' : [ 0x2d38, ['unsigned long']],
+    'KeContextSwitches' : [ 0x2d3c, ['unsigned long']],
+    'PrcbPad40' : [ 0x2d40, ['unsigned long']],
+    'CcFastReadNoWait' : [ 0x2d44, ['unsigned long']],
+    'CcFastReadWait' : [ 0x2d48, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x2d4c, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x2d50, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x2d54, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x2d58, ['unsigned long']],
+    'IoReadOperationCount' : [ 0x2d5c, ['long']],
+    'IoWriteOperationCount' : [ 0x2d60, ['long']],
+    'IoOtherOperationCount' : [ 0x2d64, ['long']],
+    'IoReadTransferCount' : [ 0x2d68, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x2d70, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x2d78, ['_LARGE_INTEGER']],
+    'PacketBarrier' : [ 0x2d80, ['long']],
+    'TargetCount' : [ 0x2d84, ['long']],
+    'IpiFrozen' : [ 0x2d88, ['unsigned long']],
+    'PrcbPad30' : [ 0x2d8c, ['unsigned long']],
+    'IsrDpcStats' : [ 0x2d90, ['pointer64', ['void']]],
+    'DeviceInterrupts' : [ 0x2d98, ['unsigned long']],
+    'LookasideIrpFloat' : [ 0x2d9c, ['long']],
+    'InterruptLastCount' : [ 0x2da0, ['unsigned long']],
+    'InterruptRate' : [ 0x2da4, ['unsigned long']],
+    'PrcbPad31' : [ 0x2da8, ['unsigned long long']],
+    'PairPrcb' : [ 0x2db0, ['pointer64', ['_KPRCB']]],
+    'StaticAffinity' : [ 0x2db8, ['_KSTATIC_AFFINITY_BLOCK']],
+    'PrcbPad35' : [ 0x3058, ['array', 5, ['unsigned long long']]],
+    'InterruptObjectPool' : [ 0x3080, ['_SLIST_HEADER']],
+    'DpcRuntimeHistoryHashTable' : [ 0x3090, ['pointer64', ['_RTL_HASH_TABLE']]],
+    'DpcRuntimeHistoryHashTableCleanupDpc' : [ 0x3098, ['pointer64', ['_KDPC']]],
+    'CurrentDpcRoutine' : [ 0x30a0, ['pointer64', ['void']]],
+    'CurrentDpcRuntimeHistoryCached' : [ 0x30a8, ['unsigned long long']],
+    'CurrentDpcStartTime' : [ 0x30b0, ['unsigned long long']],
+    'PrcbPad41' : [ 0x30b8, ['array', 1, ['unsigned long long']]],
+    'DpcData' : [ 0x30c0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x3110, ['pointer64', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x3118, ['long']],
+    'DpcRequestRate' : [ 0x311c, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x3120, ['unsigned long']],
+    'DpcLastCount' : [ 0x3124, ['unsigned long']],
+    'ThreadDpcEnable' : [ 0x3128, ['unsigned char']],
+    'QuantumEnd' : [ 0x3129, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x312a, ['unsigned char']],
+    'IdleSchedule' : [ 0x312b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x312c, ['long']],
+    'DpcRequestSlot' : [ 0x312c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x312c, ['short']],
+    'ThreadDpcState' : [ 0x312e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x312c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x312c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x312c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x312c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x312c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x312c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x312c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x312c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x312c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x312c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'PrcbPad93' : [ 0x3130, ['unsigned long']],
+    'LastTick' : [ 0x3134, ['unsigned long']],
+    'ClockInterrupts' : [ 0x3138, ['unsigned long']],
+    'ReadyScanTick' : [ 0x313c, ['unsigned long']],
+    'InterruptObject' : [ 0x3140, ['array', 256, ['pointer64', ['void']]]],
+    'TimerTable' : [ 0x3940, ['_KTIMER_TABLE']],
+    'PrcbPad92' : [ 0x7b58, ['array', 10, ['unsigned long']]],
+    'DpcGate' : [ 0x7b80, ['_KGATE']],
+    'PrcbPad52' : [ 0x7b98, ['pointer64', ['void']]],
+    'CallDpc' : [ 0x7ba0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x7be0, ['long']],
+    'PrcbPad60' : [ 0x7be4, ['array', 2, ['unsigned char']]],
+    'NmiActive' : [ 0x7be6, ['unsigned char']],
+    'MceActive' : [ 0x7be7, ['unsigned char']],
+    'CombinedNmiMceActive' : [ 0x7be6, ['unsigned short']],
+    'DpcWatchdogPeriod' : [ 0x7be8, ['long']],
+    'DpcWatchdogCount' : [ 0x7bec, ['long']],
+    'KeSpinLockOrdering' : [ 0x7bf0, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x7bf4, ['unsigned long']],
+    'CachedPtes' : [ 0x7bf8, ['pointer64', ['void']]],
+    'WaitListHead' : [ 0x7c00, ['_LIST_ENTRY']],
+    'WaitLock' : [ 0x7c10, ['unsigned long long']],
+    'ReadySummary' : [ 0x7c18, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x7c1c, ['long']],
+    'QueueIndex' : [ 0x7c20, ['unsigned long']],
+    'PrcbPad75' : [ 0x7c24, ['array', 2, ['unsigned long']]],
+    'DpcWatchdogSequenceNumber' : [ 0x7c2c, ['unsigned long']],
+    'TimerExpirationDpc' : [ 0x7c30, ['_KDPC']],
+    'ScbQueue' : [ 0x7c70, ['_RTL_RB_TREE']],
+    'DispatcherReadyListHead' : [ 0x7c80, ['array', 32, ['_LIST_ENTRY']]],
+    'InterruptCount' : [ 0x7e80, ['unsigned long']],
+    'KernelTime' : [ 0x7e84, ['unsigned long']],
+    'UserTime' : [ 0x7e88, ['unsigned long']],
+    'DpcTime' : [ 0x7e8c, ['unsigned long']],
+    'InterruptTime' : [ 0x7e90, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x7e94, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x7e98, ['unsigned char']],
+    'GroupSchedulingOverQuota' : [ 0x7e99, ['unsigned char']],
+    'DeepSleep' : [ 0x7e9a, ['unsigned char']],
+    'PrcbPad80' : [ 0x7e9b, ['unsigned char']],
+    'DpcTimeCount' : [ 0x7e9c, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x7ea0, ['unsigned long']],
+    'PeriodicCount' : [ 0x7ea4, ['unsigned long']],
+    'PeriodicBias' : [ 0x7ea8, ['unsigned long']],
+    'AvailableTime' : [ 0x7eac, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x7eb0, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x7eb4, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x7eb8, ['unsigned long long']],
+    'StartCycles' : [ 0x7ec0, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x7ec8, ['unsigned long long']],
+    'TaggedCycles' : [ 0x7ed0, ['array', 3, ['unsigned long long']]],
+    'AffinitizedCycles' : [ 0x7ee8, ['unsigned long long']],
+    'ImportantCycles' : [ 0x7ef0, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x7ef8, ['unsigned long long']],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x7f00, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x7f04, ['long']],
+    'CachedStack' : [ 0x7f08, ['pointer64', ['void']]],
+    'PageColor' : [ 0x7f10, ['unsigned long']],
+    'NodeColor' : [ 0x7f14, ['unsigned long']],
+    'NodeShiftedColor' : [ 0x7f18, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x7f1c, ['unsigned long']],
+    'PrcbPad81' : [ 0x7f20, ['array', 6, ['unsigned char']]],
+    'ExceptionStackActive' : [ 0x7f26, ['unsigned char']],
+    'TbFlushListActive' : [ 0x7f27, ['unsigned char']],
+    'ExceptionStack' : [ 0x7f28, ['pointer64', ['void']]],
+    'PrcbPad82' : [ 0x7f30, ['array', 1, ['unsigned long long']]],
+    'CycleTime' : [ 0x7f38, ['unsigned long long']],
+    'Cycles' : [ 0x7f40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CcFastMdlReadNoWait' : [ 0x7f80, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x7f84, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x7f88, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x7f8c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x7f90, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x7f94, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x7f98, ['unsigned long']],
+    'CcPinReadWait' : [ 0x7f9c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x7fa0, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x7fa4, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x7fa8, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x7fac, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x7fb0, ['unsigned long']],
+    'CcDataFlushes' : [ 0x7fb4, ['unsigned long']],
+    'CcDataPages' : [ 0x7fb8, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x7fbc, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x7fc0, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x7fc4, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x7fc8, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x7fcc, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x7fd0, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x7fd4, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x7fd8, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x7fdc, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x7fe0, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x7fe4, ['unsigned long']],
+    'MmCacheTransitionCount' : [ 0x7fe8, ['long']],
+    'MmCacheReadCount' : [ 0x7fec, ['long']],
+    'MmCacheIoCount' : [ 0x7ff0, ['long']],
+    'PrcbPad91' : [ 0x7ff4, ['unsigned long']],
+    'MmInternal' : [ 0x7ff8, ['pointer64', ['void']]],
+    'PowerState' : [ 0x8000, ['_PROCESSOR_POWER_STATE']],
+    'HyperPte' : [ 0x8200, ['pointer64', ['void']]],
+    'ScbList' : [ 0x8208, ['_LIST_ENTRY']],
+    'ForceIdleDpc' : [ 0x8218, ['_KDPC']],
+    'DpcWatchdogDpc' : [ 0x8258, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x8298, ['_KTIMER']],
+    'Cache' : [ 0x82d8, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x8314, ['unsigned long']],
+    'CachedCommit' : [ 0x8318, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x831c, ['unsigned long']],
+    'WheaInfo' : [ 0x8320, ['pointer64', ['void']]],
+    'EtwSupport' : [ 0x8328, ['pointer64', ['void']]],
+    'ExSaPageArray' : [ 0x8330, ['pointer64', ['void']]],
+    'KeAlignmentFixupCount' : [ 0x8338, ['unsigned long']],
+    'PrcbPad95' : [ 0x833c, ['unsigned long']],
+    'HypercallPageList' : [ 0x8340, ['_SLIST_HEADER']],
+    'StatisticsPage' : [ 0x8350, ['pointer64', ['unsigned long long']]],
+    'GenerationTarget' : [ 0x8358, ['unsigned long long']],
+    'PrcbPad85' : [ 0x8360, ['array', 4, ['unsigned long long']]],
+    'HypercallCachedPages' : [ 0x8380, ['pointer64', ['void']]],
+    'VirtualApicAssist' : [ 0x8388, ['pointer64', ['void']]],
+    'PackageProcessorSet' : [ 0x8390, ['_KAFFINITY_EX']],
+    'PackageId' : [ 0x8438, ['unsigned long']],
+    'PrcbPad86' : [ 0x843c, ['unsigned long']],
+    'SharedReadyQueueMask' : [ 0x8440, ['unsigned long long']],
+    'SharedReadyQueue' : [ 0x8448, ['pointer64', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x8450, ['unsigned long']],
+    'ScanSiblingIndex' : [ 0x8454, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x8458, ['unsigned long long']],
+    'ScanSiblingMask' : [ 0x8460, ['unsigned long long']],
+    'LLCMask' : [ 0x8468, ['unsigned long long']],
+    'CacheProcessorMask' : [ 0x8470, ['array', 5, ['unsigned long long']]],
+    'ProcessorProfileControlArea' : [ 0x8498, ['pointer64', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x84a0, ['pointer64', ['void']]],
+    'DpcWatchdogProfile' : [ 0x84a8, ['pointer64', ['pointer64', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x84b0, ['pointer64', ['pointer64', ['void']]]],
+    'SchedulerAssist' : [ 0x84b8, ['pointer64', ['void']]],
+    'SynchCounters' : [ 0x84c0, ['_SYNCH_COUNTERS']],
+    'PrcbPad94' : [ 0x8578, ['unsigned long long']],
+    'FsCounters' : [ 0x8580, ['_FILESYSTEM_DISK_COUNTERS']],
+    'VendorString' : [ 0x8590, ['array', 13, ['unsigned char']]],
+    'PrcbPad100' : [ 0x859d, ['array', 3, ['unsigned char']]],
+    'FeatureBits' : [ 0x85a0, ['unsigned long long']],
+    'UpdateSignature' : [ 0x85a8, ['_LARGE_INTEGER']],
+    'PteBitCache' : [ 0x85b0, ['unsigned long long']],
+    'PteBitOffset' : [ 0x85b8, ['unsigned long']],
+    'PrcbPad105' : [ 0x85bc, ['unsigned long']],
+    'Context' : [ 0x85c0, ['pointer64', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x85c8, ['unsigned long']],
+    'PrcbPad115' : [ 0x85cc, ['unsigned long']],
+    'ExtendedState' : [ 0x85d0, ['pointer64', ['_XSAVE_AREA']]],
+    'IsrStack' : [ 0x85d8, ['pointer64', ['void']]],
+    'EntropyTimingState' : [ 0x85e0, ['_KENTROPY_TIMING_STATE']],
+    'PrcbPad110' : [ 0x8730, ['unsigned long long']],
+    'StibpPairingTrace' : [ 0x8738, ['__unnamed_1845']],
+    'AbSelfIoBoostsList' : [ 0x8770, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x8778, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x8780, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x87c0, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x8814, ['_IOP_IRP_STACK_PROFILER']],
+    'SecureFault' : [ 0x8868, ['_KSECURE_FAULT_INFORMATION']],
+    'PrcbPad120' : [ 0x8878, ['unsigned long long']],
+    'LocalSharedReadyQueue' : [ 0x8880, ['_KSHARED_READY_QUEUE']],
+    'PrcbPad125' : [ 0x8af0, ['array', 2, ['unsigned long long']]],
+    'TimerExpirationTraceCount' : [ 0x8b00, ['unsigned long']],
+    'PrcbPad127' : [ 0x8b04, ['unsigned long']],
+    'TimerExpirationTrace' : [ 0x8b08, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'PrcbPad128' : [ 0x8c08, ['array', 7, ['unsigned long long']]],
+    'Mailbox' : [ 0x8c40, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'PrcbPad130' : [ 0x8c48, ['array', 7, ['unsigned long long']]],
+    'McheckContext' : [ 0x8c80, ['array', 2, ['_MACHINE_CHECK_CONTEXT']]],
+    'PrcbPad134' : [ 0x8d20, ['array', 4, ['unsigned long long']]],
+    'SelfmapLockHandle' : [ 0x8d40, ['array', 4, ['_KLOCK_QUEUE_HANDLE']]],
+    'PrcbPad134a' : [ 0x8da0, ['array', 4, ['unsigned long long']]],
+    'PrcbPad138' : [ 0x8dc0, ['array', 128, ['unsigned char']]],
+    'PrcbPad138a' : [ 0x8e40, ['array', 64, ['unsigned char']]],
+    'KernelDirectoryTableBase' : [ 0x8e80, ['unsigned long long']],
+    'RspBaseShadow' : [ 0x8e88, ['unsigned long long']],
+    'UserRspShadow' : [ 0x8e90, ['unsigned long long']],
+    'ShadowFlags' : [ 0x8e98, ['unsigned long']],
+    'PrcbPad138b' : [ 0x8e9c, ['unsigned long']],
+    'PrcbPad138c' : [ 0x8ea0, ['unsigned long long']],
+    'PrcbPad138d' : [ 0x8ea8, ['unsigned short']],
+    'VerwSelector' : [ 0x8eaa, ['unsigned short']],
+    'DbgMceNestingLevel' : [ 0x8eac, ['unsigned long']],
+    'DbgMceFlags' : [ 0x8eb0, ['unsigned long']],
+    'PrcbPad139b' : [ 0x8eb4, ['unsigned long']],
+    'PrcbPad140' : [ 0x8eb8, ['array', 505, ['unsigned long long']]],
+    'PrcbPad140a' : [ 0x9e80, ['array', 8, ['unsigned long long']]],
+    'PrcbPad141' : [ 0x9ec0, ['array', 504, ['unsigned long long']]],
+    'PrcbPad141a' : [ 0xae80, ['array', 64, ['unsigned char']]],
+    'RequestMailbox' : [ 0xaec0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '__unnamed_185a' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Virtual' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_185c' : [ 0x10, {
+    'Pcid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+    'EntirePcid' : [ 0x0, ['unsigned long long']],
+    'Reserved2' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_185e' : [ 0x10, {
+    'Reserved' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_INVPCID_DESCRIPTOR' : [ 0x10, {
+    'IndividualAddress' : [ 0x0, ['__unnamed_185a']],
+    'SingleContext' : [ 0x0, ['__unnamed_185c']],
+    'AllContextAndGlobals' : [ 0x0, ['__unnamed_185e']],
+    'AllContext' : [ 0x0, ['__unnamed_185e']],
+} ],
+  '_SINGLE_LIST_ENTRY32' : [ 0x4, {
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '__unnamed_18ab' : [ 0x8, {
+    'SecureProcess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '__unnamed_18ad' : [ 0x8, {
+    'SecureHandle' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x0, ['__unnamed_18ab']],
+} ],
+  '_KPROCESS' : [ 0x438, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x28, ['unsigned long long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x40, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x44, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x48, ['unsigned long long']],
+    'Affinity' : [ 0x50, ['_KAFFINITY_EX']],
+    'AffinityPadding' : [ 0xf8, ['array', 12, ['unsigned long long']]],
+    'ReadyListHead' : [ 0x158, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x168, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x170, ['_KAFFINITY_EX']],
+    'ActiveProcessorsPadding' : [ 0x218, ['array', 12, ['unsigned long long']]],
+    'AutoAlignment' : [ 0x278, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x278, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x278, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeepFreeze' : [ 0x278, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x278, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x278, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x278, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x278, ['BitField', dict(start_bit = 7, end_bit = 10, native_type='unsigned long')]],
+    'VaSpaceDeleted' : [ 0x278, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x278, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'ProcessFlags' : [ 0x278, ['long']],
+    'ActiveGroupsMask' : [ 0x27c, ['unsigned long']],
+    'BasePriority' : [ 0x280, ['unsigned char']],
+    'QuantumReset' : [ 0x281, ['unsigned char']],
+    'Visited' : [ 0x282, ['unsigned char']],
+    'Flags' : [ 0x283, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x284, ['array', 20, ['unsigned short']]],
+    'ThreadSeedPadding' : [ 0x2ac, ['array', 12, ['unsigned short']]],
+    'IdealProcessor' : [ 0x2c4, ['array', 20, ['unsigned short']]],
+    'IdealProcessorPadding' : [ 0x2ec, ['array', 12, ['unsigned short']]],
+    'IdealNode' : [ 0x304, ['array', 20, ['unsigned short']]],
+    'IdealNodePadding' : [ 0x32c, ['array', 12, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x344, ['unsigned short']],
+    'Spare1' : [ 0x346, ['unsigned short']],
+    'StackCount' : [ 0x348, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x350, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x360, ['unsigned long long']],
+    'ContextSwitches' : [ 0x368, ['unsigned long long']],
+    'SchedulingGroup' : [ 0x370, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'FreezeCount' : [ 0x378, ['unsigned long']],
+    'KernelTime' : [ 0x37c, ['unsigned long']],
+    'UserTime' : [ 0x380, ['unsigned long']],
+    'ReadyTime' : [ 0x384, ['unsigned long']],
+    'UserDirectoryTableBase' : [ 0x388, ['unsigned long long']],
+    'AddressPolicy' : [ 0x390, ['unsigned char']],
+    'Spare2' : [ 0x391, ['array', 71, ['unsigned char']]],
+    'InstrumentationCallback' : [ 0x3d8, ['pointer64', ['void']]],
+    'SecureState' : [ 0x3e0, ['__unnamed_18ad']],
+    'KernelWaitTime' : [ 0x3e8, ['unsigned long long']],
+    'UserWaitTime' : [ 0x3f0, ['unsigned long long']],
+    'EndPadding' : [ 0x3f8, ['array', 8, ['unsigned long long']]],
+} ],
+  '_KTHREAD' : [ 0x430, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x18, ['pointer64', ['void']]],
+    'QuantumTarget' : [ 0x20, ['unsigned long long']],
+    'InitialStack' : [ 0x28, ['pointer64', ['void']]],
+    'StackLimit' : [ 0x30, ['pointer64', ['void']]],
+    'StackBase' : [ 0x38, ['pointer64', ['void']]],
+    'ThreadLock' : [ 0x40, ['unsigned long long']],
+    'CycleTime' : [ 0x48, ['unsigned long long']],
+    'CurrentRunTime' : [ 0x50, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x54, ['unsigned long']],
+    'KernelStack' : [ 0x58, ['pointer64', ['void']]],
+    'StateSaveArea' : [ 0x60, ['pointer64', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x68, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x70, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x71, ['unsigned char']],
+    'Alerted' : [ 0x72, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x74, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x74, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x74, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x74, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x74, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x74, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x74, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x74, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x74, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x74, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CetUserShadowStack' : [ 0x74, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BypassProcessFreeze' : [ 0x74, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved' : [ 0x74, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x74, ['long']],
+    'ThreadFlagsSpare' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'AutoAlignment' : [ 0x78, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x78, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x78, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x78, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x78, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x78, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x78, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x78, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x78, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x78, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x78, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x78, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x78, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x78, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x78, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x78, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x78, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x78, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'VpBackingThread' : [ 0x78, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ThreadFlagsSpare2' : [ 0x78, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x78, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x78, ['long']],
+    'Tag' : [ 0x7c, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x7d, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x7e, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'RunningNonRetpolineCode' : [ 0x7f, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecCtrlSpare' : [ 0x7f, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'SpecCtrl' : [ 0x7f, ['unsigned char']],
+    'SystemCallNumber' : [ 0x80, ['unsigned long']],
+    'ReadyTime' : [ 0x84, ['unsigned long']],
+    'FirstArgument' : [ 0x88, ['pointer64', ['void']]],
+    'TrapFrame' : [ 0x90, ['pointer64', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x98, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x98, ['array', 43, ['unsigned char']]],
+    'Priority' : [ 0xc3, ['unsigned char']],
+    'UserIdealProcessor' : [ 0xc4, ['unsigned long']],
+    'WaitStatus' : [ 0xc8, ['long long']],
+    'WaitBlockList' : [ 0xd0, ['pointer64', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0xd8, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0xd8, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xe8, ['pointer64', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xf0, ['pointer64', ['void']]],
+    'RelativeTimerBias' : [ 0xf8, ['unsigned long long']],
+    'Timer' : [ 0x100, ['_KTIMER']],
+    'WaitBlock' : [ 0x140, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill4' : [ 0x140, ['array', 20, ['unsigned char']]],
+    'ContextSwitches' : [ 0x154, ['unsigned long']],
+    'WaitBlockFill5' : [ 0x140, ['array', 68, ['unsigned char']]],
+    'State' : [ 0x184, ['unsigned char']],
+    'Spare13' : [ 0x185, ['unsigned char']],
+    'WaitIrql' : [ 0x186, ['unsigned char']],
+    'WaitMode' : [ 0x187, ['unsigned char']],
+    'WaitBlockFill6' : [ 0x140, ['array', 116, ['unsigned char']]],
+    'WaitTime' : [ 0x1b4, ['unsigned long']],
+    'WaitBlockFill7' : [ 0x140, ['array', 164, ['unsigned char']]],
+    'KernelApcDisable' : [ 0x1e4, ['short']],
+    'SpecialApcDisable' : [ 0x1e6, ['short']],
+    'CombinedApcDisable' : [ 0x1e4, ['unsigned long']],
+    'WaitBlockFill8' : [ 0x140, ['array', 40, ['unsigned char']]],
+    'ThreadCounters' : [ 0x168, ['pointer64', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0x140, ['array', 88, ['unsigned char']]],
+    'XStateSave' : [ 0x198, ['pointer64', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0x140, ['array', 136, ['unsigned char']]],
+    'Win32Thread' : [ 0x1c8, ['pointer64', ['void']]],
+    'WaitBlockFill11' : [ 0x140, ['array', 176, ['unsigned char']]],
+    'Ucb' : [ 0x1f0, ['pointer64', ['_UMS_CONTROL_BLOCK']]],
+    'Uch' : [ 0x1f8, ['pointer64', ['_KUMS_CONTEXT_HEADER']]],
+    'ThreadFlags2' : [ 0x200, ['long']],
+    'BamQosLevel' : [ 0x200, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'ThreadFlags2Reserved' : [ 0x200, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'Spare21' : [ 0x204, ['unsigned long']],
+    'QueueListEntry' : [ 0x208, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x218, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x218, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x218, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x21c, ['long']],
+    'Process' : [ 0x220, ['pointer64', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x228, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x228, ['array', 10, ['unsigned char']]],
+    'PreviousMode' : [ 0x232, ['unsigned char']],
+    'BasePriority' : [ 0x233, ['unsigned char']],
+    'PriorityDecrement' : [ 0x234, ['unsigned char']],
+    'ForegroundBoost' : [ 0x234, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x234, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x235, ['unsigned char']],
+    'AdjustReason' : [ 0x236, ['unsigned char']],
+    'AdjustIncrement' : [ 0x237, ['unsigned char']],
+    'AffinityVersion' : [ 0x238, ['unsigned long long']],
+    'Affinity' : [ 0x240, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x240, ['array', 10, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x24a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x24b, ['unsigned char']],
+    'IdealProcessor' : [ 0x24c, ['unsigned long']],
+    'NpxState' : [ 0x250, ['unsigned long long']],
+    'SavedApcState' : [ 0x258, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x258, ['array', 43, ['unsigned char']]],
+    'WaitReason' : [ 0x283, ['unsigned char']],
+    'SuspendCount' : [ 0x284, ['unsigned char']],
+    'Saturation' : [ 0x285, ['unsigned char']],
+    'SListFaultCount' : [ 0x286, ['unsigned short']],
+    'SchedulerApc' : [ 0x288, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x288, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x289, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x288, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x28b, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x288, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x28c, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x288, ['array', 64, ['unsigned char']]],
+    'WaitPrcb' : [ 0x2c8, ['pointer64', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x288, ['array', 72, ['unsigned char']]],
+    'LegoData' : [ 0x2d0, ['pointer64', ['void']]],
+    'SchedulerApcFill5' : [ 0x288, ['array', 83, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x2db, ['unsigned char']],
+    'UserTime' : [ 0x2dc, ['unsigned long']],
+    'SuspendEvent' : [ 0x2e0, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x2f8, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x308, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x318, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x319, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x31a, ['unsigned char']],
+    'SystemPriority' : [ 0x31b, ['unsigned char']],
+    'SecureThreadCookie' : [ 0x31c, ['unsigned long']],
+    'LockEntries' : [ 0x320, ['pointer64', ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x328, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x330, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x338, ['array', 16, ['unsigned char']]],
+    'PriorityFloorCountsReserved' : [ 0x348, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x358, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x35c, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x360, ['long']],
+    'KeReferenceCount' : [ 0x364, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x366, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x367, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x368, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x370, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x370, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x378, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x380, ['long long']],
+    'WriteOperationCount' : [ 0x388, ['long long']],
+    'OtherOperationCount' : [ 0x390, ['long long']],
+    'ReadTransferCount' : [ 0x398, ['long long']],
+    'WriteTransferCount' : [ 0x3a0, ['long long']],
+    'OtherTransferCount' : [ 0x3a8, ['long long']],
+    'QueuedScb' : [ 0x3b0, ['pointer64', ['_KSCB']]],
+    'ThreadTimerDelay' : [ 0x3b8, ['unsigned long']],
+    'ThreadFlags3' : [ 0x3bc, ['long']],
+    'ThreadFlags3Reserved' : [ 0x3bc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x3bc, ['BitField', dict(start_bit = 8, end_bit = 10, native_type='unsigned long')]],
+    'ThreadFlags3Reserved2' : [ 0x3bc, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'TracingPrivate' : [ 0x3c0, ['array', 1, ['unsigned long long']]],
+    'SchedulerAssist' : [ 0x3c8, ['pointer64', ['void']]],
+    'AbWaitObject' : [ 0x3d0, ['pointer64', ['void']]],
+    'ReservedPreviousReadyTimeValue' : [ 0x3d8, ['unsigned long']],
+    'KernelWaitTime' : [ 0x3e0, ['unsigned long long']],
+    'UserWaitTime' : [ 0x3e8, ['unsigned long long']],
+    'GlobalUpdateVpThreadPriorityListEntry' : [ 0x3f0, ['_LIST_ENTRY']],
+    'UpdateVpThreadPriorityDpcStackListEntry' : [ 0x3f0, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalUpdateVpThreadPriorityList' : [ 0x3f8, ['unsigned long long']],
+    'SchedulerAssistPriorityFloor' : [ 0x400, ['long']],
+    'Spare28' : [ 0x404, ['unsigned long']],
+    'EndPadding' : [ 0x408, ['array', 5, ['unsigned long long']]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x30, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'ActualLimit' : [ 0x8, ['unsigned long long']],
+    'StackExpansion' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x10, {
+    'P' : [ 0x0, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x8, ['pointer64', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_KNODE' : [ 0x180, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long long']],
+    'IdleSmtSet' : [ 0x8, ['unsigned long long']],
+    'NonPairedSmtSet' : [ 0x10, ['unsigned long long']],
+    'IdleCpuSet' : [ 0x18, ['unsigned long long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long long']],
+    'IdleConstrainedSet' : [ 0x48, ['unsigned long long']],
+    'NonParkedSet' : [ 0x50, ['unsigned long long']],
+    'SoftParkedSet' : [ 0x58, ['unsigned long long']],
+    'NonIsrTargetedSet' : [ 0x60, ['unsigned long long']],
+    'ParkLock' : [ 0x68, ['long']],
+    'ThreadSeed' : [ 0x6c, ['unsigned short']],
+    'ProcessSeed' : [ 0x6e, ['unsigned short']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x88, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x88, ['array', 10, ['unsigned char']]],
+    'NodeNumber' : [ 0x92, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x94, ['unsigned short']],
+    'Spare0' : [ 0x96, ['unsigned short']],
+    'SharedReadyQueueMask' : [ 0x98, ['unsigned long long']],
+    'StrideMask' : [ 0xa0, ['unsigned long long']],
+    'ProximityId' : [ 0xa8, ['unsigned long']],
+    'Lowest' : [ 0xac, ['unsigned long']],
+    'Highest' : [ 0xb0, ['unsigned long']],
+    'MaximumProcessors' : [ 0xb4, ['unsigned char']],
+    'Flags' : [ 0xb5, ['_flags']],
+    'Spare10' : [ 0xb6, ['unsigned char']],
+    'HeteroSets' : [ 0xb8, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+    'PpmConfiguredQosSets' : [ 0x130, ['array', 5, ['unsigned long long']]],
+    'Spare11' : [ 0x158, ['unsigned long long']],
+    'QosGroupingSets' : [ 0x160, ['_KQOS_GROUPING_SETS']],
+    'QosPreemptibleSet' : [ 0x170, ['unsigned long long']],
+    'LLCLeaders' : [ 0x178, ['unsigned long long']],
+} ],
+  '_ENODE' : [ 0x1c0, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'HotAddProcessorWorkItem' : [ 0x180, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long long']],
+    'QuotaProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x18, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'StrictFIFO' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x2c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x2c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x2c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 32, ['unsigned char']]],
+    'DebugInfo' : [ 0x60, ['pointer64', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x10, {
+    'VolatileLowValue' : [ 0x0, ['long long']],
+    'LowValue' : [ 0x0, ['long long']],
+    'InfoTable' : [ 0x0, ['pointer64', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x8, ['long long']],
+    'NextFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x8, ['_EXHANDLE']],
+    'RefCountField' : [ 0x0, ['long long']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 17, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 20, native_type='unsigned long long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 64, native_type='unsigned long long')]],
+    'GrantedAccessBits' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x8, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+    'Spare2' : [ 0xc, ['unsigned long']],
+} ],
+  '_EX_FAST_REF' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xe0, {
+    'PrivilegesUsed' : [ 0x0, ['pointer64', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x8, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x18, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x1c, ['unsigned long']],
+    'TransactionId' : [ 0x20, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x30, ['pointer64', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x38, ['pointer64', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x40, ['pointer64', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'SDLock' : [ 0x50, ['pointer64', ['void']]],
+    'AccessReasons' : [ 0x58, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xd8, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x898, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x430, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x438, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x438, ['_LIST_ENTRY']],
+    'PostBlockList' : [ 0x448, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x448, ['pointer64', ['void']]],
+    'StartAddress' : [ 0x450, ['pointer64', ['void']]],
+    'TerminationPort' : [ 0x458, ['pointer64', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x458, ['pointer64', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x458, ['pointer64', ['void']]],
+    'ActiveTimerListLock' : [ 0x460, ['unsigned long long']],
+    'ActiveTimerListHead' : [ 0x468, ['_LIST_ENTRY']],
+    'Cid' : [ 0x478, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x488, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x488, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x4a8, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x4b0, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x4c0, ['unsigned long long']],
+    'DeviceToVerify' : [ 0x4c8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x4d0, ['pointer64', ['void']]],
+    'ChargeOnlySession' : [ 0x4d8, ['pointer64', ['void']]],
+    'LegacyPowerObject' : [ 0x4e0, ['pointer64', ['void']]],
+    'ThreadListEntry' : [ 0x4e8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x4f8, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x500, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x508, ['unsigned long']],
+    'MmLockOrdering' : [ 0x50c, ['long']],
+    'CrossThreadFlags' : [ 0x510, ['unsigned long']],
+    'Terminated' : [ 0x510, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x510, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x510, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x510, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x510, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x510, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x510, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x510, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x510, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x510, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x510, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x510, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x510, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x510, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x510, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x510, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x510, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x510, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ForcedSelfTrimActive' : [ 0x510, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SamplingCoverage' : [ 0x510, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x510, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x514, ['unsigned long']],
+    'ActiveExWorker' : [ 0x514, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x514, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x514, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x514, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x514, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x514, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x514, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x514, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SecureContext' : [ 0x514, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ZeroPageThread' : [ 0x514, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WorkloadClass' : [ 0x514, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x514, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x518, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x518, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x518, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x518, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x518, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x518, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x518, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x518, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x518, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x519, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x519, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'AllowUserWritesToExecutableMemory' : [ 0x519, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'AllowKernelWritesToExecutableMemory' : [ 0x519, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsVadShared' : [ 0x519, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x51c, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x51d, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x51e, ['unsigned char']],
+    'LockOrderState' : [ 0x51f, ['unsigned char']],
+    'PerformanceCountLowReserved' : [ 0x520, ['unsigned long']],
+    'PerformanceCountHighReserved' : [ 0x524, ['long']],
+    'AlpcMessageId' : [ 0x528, ['unsigned long long']],
+    'AlpcMessage' : [ 0x530, ['pointer64', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x530, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x538, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x548, ['long']],
+    'CacheManagerCount' : [ 0x54c, ['unsigned long']],
+    'IoBoostCount' : [ 0x550, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x554, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x558, ['unsigned long']],
+    'KernelStackReference' : [ 0x55c, ['unsigned long']],
+    'BoostList' : [ 0x560, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x570, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x580, ['unsigned long long']],
+    'IrpListLock' : [ 0x588, ['unsigned long long']],
+    'ReservedForSynchTracking' : [ 0x590, ['pointer64', ['void']]],
+    'CmCallbackListHead' : [ 0x598, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x5a0, ['pointer64', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x5a8, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x5b0, ['pointer64', ['void']]],
+    'AdjustedClientToken' : [ 0x5b8, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x5c0, ['pointer64', ['void']]],
+    'PropertySet' : [ 0x5c8, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x5e0, ['pointer64', ['void']]],
+    'UserFsBase' : [ 0x5e8, ['unsigned long long']],
+    'UserGsBase' : [ 0x5f0, ['unsigned long long']],
+    'EnergyValues' : [ 0x5f8, ['pointer64', ['_THREAD_ENERGY_VALUES']]],
+    'SelectedCpuSets' : [ 0x600, ['unsigned long long']],
+    'SelectedCpuSetsIndirect' : [ 0x600, ['pointer64', ['unsigned long long']]],
+    'Silo' : [ 0x608, ['pointer64', ['_EJOB']]],
+    'ThreadName' : [ 0x610, ['pointer64', ['_UNICODE_STRING']]],
+    'SetContextState' : [ 0x618, ['pointer64', ['_CONTEXT']]],
+    'LastExpectedRunTime' : [ 0x620, ['unsigned long']],
+    'HeapData' : [ 0x624, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x628, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x638, ['unsigned long long']],
+    'DisownedOwnerEntryListHead' : [ 0x640, ['_LIST_ENTRY']],
+    'LockEntries' : [ 0x650, ['array', 6, ['_KLOCK_ENTRY']]],
+    'CmDbgInfo' : [ 0x890, ['pointer64', ['void']]],
+} ],
+  '__unnamed_19cb' : [ 0x4, {
+    'ControlFlowGuardEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditDisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'AuditDisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'AuditProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'AuditProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinaries' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinariesAllowStore' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AuditLoaderIntegrityContinuity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'EnableModuleTamperingProtection' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'EnableModuleTamperingProtectionNoInherit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RestrictIndirectBranchPrediction' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IsolateSecurityDomain' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_19cd' : [ 0x4, {
+    'EnableExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AuditExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'EnableRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuditRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuditRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'EnableRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AuditRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'EnableImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisablePageCombine' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SpeculativeStoreBypassDisable' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'CetUserShadowStacks' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditCetUserShadowStacks' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AuditCetUserShadowStacksLogged' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'UserCetSetContextIpValidation' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AuditUserCetSetContextIpValidation' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AuditUserCetSetContextIpValidationLogged' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+} ],
+  '_EPROCESS' : [ 0xa40, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0x438, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0x440, ['pointer64', ['void']]],
+    'ActiveProcessLinks' : [ 0x448, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x458, ['_EX_RUNDOWN_REF']],
+    'Flags2' : [ 0x460, ['unsigned long']],
+    'JobNotReallyActive' : [ 0x460, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0x460, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0x460, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0x460, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0x460, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0x460, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0x460, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0x460, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0x460, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0x460, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PicoCreated' : [ 0x460, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0x460, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0x460, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0x460, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0x460, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0x460, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0x460, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0x460, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0x460, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0x460, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0x460, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'EnableReadVmLogging' : [ 0x460, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'EnableWriteVmLogging' : [ 0x460, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0x460, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0x460, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0x460, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0x460, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'InPrivate' : [ 0x460, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0x464, ['unsigned long']],
+    'CreateReported' : [ 0x464, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0x464, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0x464, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0x464, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ManageExecutableMemoryWrites' : [ 0x464, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0x464, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0x464, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0x464, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0x464, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0x464, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0x464, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0x464, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x464, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0x464, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x464, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0x464, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0x464, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0x464, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0x464, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0x464, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0x464, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0x464, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0x464, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0x464, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0x464, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0x464, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0x464, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0x464, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0x464, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0x468, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0x470, ['array', 2, ['unsigned long long']]],
+    'ProcessQuotaPeak' : [ 0x480, ['array', 2, ['unsigned long long']]],
+    'PeakVirtualSize' : [ 0x490, ['unsigned long long']],
+    'VirtualSize' : [ 0x498, ['unsigned long long']],
+    'SessionProcessLinks' : [ 0x4a0, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x4b0, ['pointer64', ['void']]],
+    'ExceptionPortValue' : [ 0x4b0, ['unsigned long long']],
+    'ExceptionPortState' : [ 0x4b0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Token' : [ 0x4b8, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x4c0, ['unsigned long long']],
+    'AddressCreationLock' : [ 0x4c8, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x4d0, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x4d8, ['pointer64', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x4e0, ['pointer64', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x4e8, ['pointer64', ['_EJOB']]],
+    'CloneRoot' : [ 0x4f0, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x4f8, ['unsigned long long']],
+    'NumberOfLockedPages' : [ 0x500, ['unsigned long long']],
+    'Win32Process' : [ 0x508, ['pointer64', ['void']]],
+    'Job' : [ 0x510, ['pointer64', ['_EJOB']]],
+    'SectionObject' : [ 0x518, ['pointer64', ['void']]],
+    'SectionBaseAddress' : [ 0x520, ['pointer64', ['void']]],
+    'Cookie' : [ 0x528, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x530, ['pointer64', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x538, ['pointer64', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x540, ['pointer64', ['void']]],
+    'OwnerProcessId' : [ 0x548, ['unsigned long long']],
+    'Peb' : [ 0x550, ['pointer64', ['_PEB']]],
+    'Session' : [ 0x558, ['pointer64', ['_MM_SESSION_SPACE']]],
+    'Spare1' : [ 0x560, ['pointer64', ['void']]],
+    'QuotaBlock' : [ 0x568, ['pointer64', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x570, ['pointer64', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x578, ['pointer64', ['void']]],
+    'WoW64Process' : [ 0x580, ['pointer64', ['_EWOW64PROCESS']]],
+    'DeviceMap' : [ 0x588, ['pointer64', ['void']]],
+    'EtwDataSource' : [ 0x590, ['pointer64', ['void']]],
+    'PageDirectoryPte' : [ 0x598, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x5a0, ['pointer64', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x5a8, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x5b7, ['unsigned char']],
+    'SecurityPort' : [ 0x5b8, ['pointer64', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x5c0, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x5c8, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x5d8, ['pointer64', ['void']]],
+    'ThreadListHead' : [ 0x5e0, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x5f0, ['unsigned long']],
+    'ImagePathHash' : [ 0x5f4, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x5f8, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x5fc, ['long']],
+    'PrefetchTrace' : [ 0x600, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x608, ['pointer64', ['void']]],
+    'ReadOperationCount' : [ 0x610, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x618, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x620, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x628, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x630, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x638, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x640, ['unsigned long long']],
+    'CommitCharge' : [ 0x648, ['unsigned long long']],
+    'CommitChargePeak' : [ 0x650, ['unsigned long long']],
+    'Vm' : [ 0x680, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x7c0, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x7d0, ['unsigned long']],
+    'ExitStatus' : [ 0x7d4, ['long']],
+    'VadRoot' : [ 0x7d8, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x7e0, ['pointer64', ['void']]],
+    'VadCount' : [ 0x7e8, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x7f0, ['unsigned long long']],
+    'VadPhysicalPagesLimit' : [ 0x7f8, ['unsigned long long']],
+    'AlpcContext' : [ 0x800, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x820, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x830, ['pointer64', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x838, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x83c, ['unsigned long']],
+    'ExitTime' : [ 0x840, ['_LARGE_INTEGER']],
+    'InvertedFunctionTable' : [ 0x848, ['pointer64', ['_INVERTED_FUNCTION_TABLE']]],
+    'InvertedFunctionTableLock' : [ 0x850, ['_EX_PUSH_LOCK']],
+    'ActiveThreadsHighWatermark' : [ 0x858, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x85c, ['unsigned long']],
+    'ThreadListLock' : [ 0x860, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x868, ['pointer64', ['void']]],
+    'ServerSilo' : [ 0x870, ['pointer64', ['_EJOB']]],
+    'SignatureLevel' : [ 0x878, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x879, ['unsigned char']],
+    'Protection' : [ 0x87a, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x87b, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'GhostCount' : [ 0x87b, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'PrefilterException' : [ 0x87b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Flags3' : [ 0x87c, ['unsigned long']],
+    'Minimal' : [ 0x87c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x87c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Crashed' : [ 0x87c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x87c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x87c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x87c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x87c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x87c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x87c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x87c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x87c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x87c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SystemProcess' : [ 0x87c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'HideImageBaseAddresses' : [ 0x87c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x87c, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProcessFirstResume' : [ 0x87c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ForegroundExternal' : [ 0x87c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ForegroundSystem' : [ 0x87c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HighMemoryPriority' : [ 0x87c, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'EnableProcessSuspendResumeLogging' : [ 0x87c, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'EnableThreadSuspendResumeLogging' : [ 0x87c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SecurityDomainChanged' : [ 0x87c, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'SecurityFreezeComplete' : [ 0x87c, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'VmProcessorHost' : [ 0x87c, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VmProcessorHostTransition' : [ 0x87c, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AltSyscall' : [ 0x87c, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'TimerResolutionIgnore' : [ 0x87c, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x880, ['long']],
+    'SvmData' : [ 0x888, ['pointer64', ['void']]],
+    'SvmProcessLock' : [ 0x890, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x898, ['unsigned long long']],
+    'SvmProcessDeviceListHead' : [ 0x8a0, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x8b0, ['unsigned long long']],
+    'DiskCounters' : [ 0x8b8, ['pointer64', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x8c0, ['pointer64', ['void']]],
+    'EnclaveTable' : [ 0x8c8, ['pointer64', ['void']]],
+    'EnclaveNumber' : [ 0x8d0, ['unsigned long long']],
+    'EnclaveLock' : [ 0x8d8, ['_EX_PUSH_LOCK']],
+    'HighPriorityFaultsAllowed' : [ 0x8e0, ['unsigned long']],
+    'EnergyContext' : [ 0x8e8, ['pointer64', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x8f0, ['pointer64', ['void']]],
+    'SequenceNumber' : [ 0x8f8, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x900, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x908, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x910, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x918, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x920, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x920, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x928, ['unsigned long long']],
+    'SharedCommitLock' : [ 0x930, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x938, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x948, ['unsigned long long']],
+    'DefaultCpuSets' : [ 0x950, ['unsigned long long']],
+    'AllowedCpuSetsIndirect' : [ 0x948, ['pointer64', ['unsigned long long']]],
+    'DefaultCpuSetsIndirect' : [ 0x950, ['pointer64', ['unsigned long long']]],
+    'DiskIoAttribution' : [ 0x958, ['pointer64', ['void']]],
+    'DxgProcess' : [ 0x960, ['pointer64', ['void']]],
+    'Win32KFilterSet' : [ 0x968, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x970, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x978, ['unsigned long']],
+    'KTimer2Sets' : [ 0x97c, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x980, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x988, ['unsigned long long']],
+    'VirtualTimerListHead' : [ 0x990, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x9a0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x9a0, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'MitigationFlags' : [ 0x9d0, ['unsigned long']],
+    'MitigationFlagsValues' : [ 0x9d0, ['__unnamed_19cb']],
+    'MitigationFlags2' : [ 0x9d4, ['unsigned long']],
+    'MitigationFlags2Values' : [ 0x9d4, ['__unnamed_19cd']],
+    'PartitionObject' : [ 0x9d8, ['pointer64', ['void']]],
+    'SecurityDomain' : [ 0x9e0, ['unsigned long long']],
+    'ParentSecurityDomain' : [ 0x9e8, ['unsigned long long']],
+    'CoverageSamplerContext' : [ 0x9f0, ['pointer64', ['void']]],
+    'MmHotPatchContext' : [ 0x9f8, ['pointer64', ['void']]],
+    'DynamicEHContinuationTargetsTree' : [ 0xa00, ['_RTL_AVL_TREE']],
+    'DynamicEHContinuationTargetsLock' : [ 0xa08, ['_EX_PUSH_LOCK']],
+} ],
+  '_EWOW64PROCESS' : [ 0x10, {
+    'Peb' : [ 0x0, ['pointer64', ['void']]],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'NtdllType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PsNativeSystemDll', 1: u'PsWowX86SystemDll', 2: u'PsWowArm32SystemDll', 3: u'PsWowAmd64SystemDll', 4: u'PsWowChpeX86SystemDll', 5: u'PsVsmEnclaveRuntimeDll', 6: u'PsSystemDllTotalTypes'})]],
+} ],
+  '__unnamed_19e6' : [ 0x58, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer64', ['void']]]],
+    'Thread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x40, ['pointer64', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x40, ['unsigned long']],
+    'OriginalFileObject' : [ 0x48, ['pointer64', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '__unnamed_19e8' : [ 0x58, {
+    'Overlay' : [ 0x0, ['__unnamed_19e6']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_IRP' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'AllocationProcessorNumber' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'MdlAddress' : [ 0x8, ['pointer64', ['_MDL']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'AssociatedIrp' : [ 0x18, ['__unnamed_111b']],
+    'ThreadListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x40, ['unsigned char']],
+    'PendingReturned' : [ 0x41, ['unsigned char']],
+    'StackCount' : [ 0x42, ['unsigned char']],
+    'CurrentLocation' : [ 0x43, ['unsigned char']],
+    'Cancel' : [ 0x44, ['unsigned char']],
+    'CancelIrql' : [ 0x45, ['unsigned char']],
+    'ApcEnvironment' : [ 0x46, ['unsigned char']],
+    'AllocationFlags' : [ 0x47, ['unsigned char']],
+    'UserIosb' : [ 0x48, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Overlay' : [ 0x58, ['__unnamed_1124']],
+    'CancelRoutine' : [ 0x68, ['pointer64', ['void']]],
+    'UserBuffer' : [ 0x70, ['pointer64', ['void']]],
+    'Tail' : [ 0x78, ['__unnamed_19e8']],
+} ],
+  '_EJOB' : [ 0x640, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x38, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0xa0, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0xb0, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0xc8, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0xd0, ['unsigned long']],
+    'TotalProcesses' : [ 0xd4, ['unsigned long']],
+    'ActiveProcesses' : [ 0xd8, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0xdc, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0xe0, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xf0, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0xf8, ['unsigned long long']],
+    'LimitFlags' : [ 0x100, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0x104, ['unsigned long']],
+    'Affinity' : [ 0x108, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0x1b0, ['pointer64', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0x1b8, ['pointer64', ['void']]],
+    'UIRestrictionsClass' : [ 0x1c0, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0x1c4, ['unsigned long']],
+    'CompletionPort' : [ 0x1c8, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x1d0, ['pointer64', ['void']]],
+    'CompletionCount' : [ 0x1d8, ['unsigned long long']],
+    'SessionId' : [ 0x1e0, ['unsigned long']],
+    'SchedulingClass' : [ 0x1e4, ['unsigned long']],
+    'ReadOperationCount' : [ 0x1e8, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x1f0, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x1f8, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x200, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x208, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x210, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x218, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x240, ['unsigned long long']],
+    'JobMemoryLimit' : [ 0x248, ['unsigned long long']],
+    'JobTotalMemoryLimit' : [ 0x250, ['unsigned long long']],
+    'PeakProcessMemoryUsed' : [ 0x258, ['unsigned long long']],
+    'PeakJobMemoryUsed' : [ 0x260, ['unsigned long long']],
+    'EffectiveAffinity' : [ 0x268, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x310, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x318, ['unsigned long long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x320, ['unsigned long long']],
+    'EffectiveProcessMemoryLimit' : [ 0x328, ['unsigned long long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x330, ['pointer64', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x338, ['pointer64', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x340, ['pointer64', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x348, ['pointer64', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x350, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x354, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x358, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x35c, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x360, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x364, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x368, ['unsigned char']],
+    'PriorityClass' : [ 0x369, ['unsigned char']],
+    'NestingDepth' : [ 0x36a, ['unsigned char']],
+    'Reserved1' : [ 0x36b, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x36c, ['unsigned long']],
+    'WakeChannel' : [ 0x370, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x370, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x3b8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x3c0, ['unsigned long']],
+    'NotificationLink' : [ 0x3c8, ['pointer64', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x3d0, ['unsigned long long']],
+    'NotificationInfo' : [ 0x3d8, ['pointer64', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x3e0, ['pointer64', ['void']]],
+    'NotificationPacket' : [ 0x3e8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x3f0, ['pointer64', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x3f8, ['pointer64', ['void']]],
+    'ReadyTime' : [ 0x400, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x408, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x410, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x420, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x430, ['pointer64', ['_EJOB']]],
+    'RootJob' : [ 0x438, ['pointer64', ['_EJOB']]],
+    'IteratorListHead' : [ 0x440, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x450, ['unsigned long long']],
+    'Ancestors' : [ 0x458, ['pointer64', ['pointer64', ['_EJOB']]]],
+    'SessionObject' : [ 0x458, ['pointer64', ['void']]],
+    'Accounting' : [ 0x460, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x4c8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x4cc, ['unsigned long']],
+    'SequenceNumber' : [ 0x4d0, ['unsigned long']],
+    'JobId' : [ 0x4d4, ['unsigned long']],
+    'ContainerId' : [ 0x4d8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x4e8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x4f8, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x500, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x518, ['pointer64', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x520, ['pointer64', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x528, ['unsigned long']],
+    'CloseDone' : [ 0x528, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x528, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x528, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x528, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x528, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x528, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x528, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x528, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x528, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x528, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x528, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x528, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x528, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x528, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x528, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x528, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x528, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x528, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x528, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x528, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x528, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x528, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x528, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x528, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x528, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x528, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x528, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x528, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x528, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x528, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x528, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x528, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x52c, ['unsigned long']],
+    'ParentLocked' : [ 0x52c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x52c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x52c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x530, ['pointer64', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x538, ['unsigned long long']],
+    'DiskIoAttributionUserRefCount' : [ 0x540, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x544, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x548, ['pointer64', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x548, ['pointer64', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x550, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x578, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x5b0, ['long']],
+    'VolumeIoControlTree' : [ 0x5b8, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x5c8, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x5d0, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x5d4, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x5d8, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x5dc, ['unsigned long']],
+    'LastThrottledIoTime' : [ 0x5e0, ['unsigned long long']],
+    'IoControlLock' : [ 0x5e8, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x5f0, ['long long']],
+    'RundownWorkItem' : [ 0x5f8, ['_WORK_QUEUE_ITEM']],
+    'PartitionObject' : [ 0x618, ['pointer64', ['void']]],
+    'PartitionOwnerJob' : [ 0x620, ['pointer64', ['_EJOB']]],
+    'EnergyTrackingState' : [ 0x628, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+    'KernelWaitTime' : [ 0x630, ['unsigned long long']],
+    'UserWaitTime' : [ 0x638, ['unsigned long long']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_MDL']]],
+    'Size' : [ 0x8, ['short']],
+    'MdlFlags' : [ 0xa, ['short']],
+    'AllocationProcessorNumber' : [ 0xc, ['unsigned short']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'Process' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0x18, ['pointer64', ['void']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'ByteCount' : [ 0x28, ['unsigned long']],
+    'ByteOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_EVENT_RECORD' : [ 0x70, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer64', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x60, ['pointer64', ['void']]],
+    'UserContext' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x48, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0xc, ['unsigned long']],
+    'CurrentFileIndex' : [ 0xc, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'FirstFileEntry' : [ 0x30, ['pointer64', ['unsigned long long']]],
+    'Process' : [ 0x38, ['pointer64', ['_EPROCESS']]],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer64', ['unsigned long long']]],
+    'LastPageFrameEntry' : [ 0x28, ['pointer64', ['unsigned long long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x1b0, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer64', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0x10, ['pointer64', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x30, ['pointer64', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x38, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+    'Oplock' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedForRemote' : [ 0x58, ['pointer64', ['void']]],
+    'ReservedContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_iobuf' : [ 0x30, {
+    '_ptr' : [ 0x0, ['pointer64', ['unsigned char']]],
+    '_cnt' : [ 0x8, ['long']],
+    '_base' : [ 0x10, ['pointer64', ['unsigned char']]],
+    '_flag' : [ 0x18, ['long']],
+    '_file' : [ 0x1c, ['long']],
+    '_charbuf' : [ 0x20, ['long']],
+    '_bufsiz' : [ 0x24, ['long']],
+    '_tmpfname' : [ 0x28, ['pointer64', ['unsigned char']]],
+} ],
+  '_RTL_HASH_TABLE' : [ 0x10, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x10, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x8, ['unsigned long long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0x18, {
+    'Hash' : [ 0x0, ['pointer64', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x8, ['pointer64', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x10, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x18, {
+    'Table' : [ 0x0, ['pointer64', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x8, ['unsigned long']],
+    'EntryMax' : [ 0xc, ['unsigned long']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x8, {
+    'Key' : [ 0x0, ['unsigned long long']],
+} ],
+  '_tlgProvider_t' : [ 0x38, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x8, ['pointer64', ['unsigned short']]],
+    'KeywordAny' : [ 0x10, ['unsigned long long']],
+    'KeywordAll' : [ 0x18, ['unsigned long long']],
+    'RegHandle' : [ 0x20, ['unsigned long long']],
+    'EnableCallback' : [ 0x28, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_tlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '__m64' : [ 0x8, {
+    'm64_u64' : [ 0x0, ['unsigned long long']],
+    'm64_f32' : [ 0x0, ['array', 2, ['float']]],
+    'm64_i8' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'm64_i16' : [ 0x0, ['array', 4, ['short']]],
+    'm64_i32' : [ 0x0, ['array', 2, ['long']]],
+    'm64_i64' : [ 0x0, ['long long']],
+    'm64_u8' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'm64_u16' : [ 0x0, ['array', 4, ['unsigned short']]],
+    'm64_u32' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '__m128' : [ 0x10, {
+    'm128_f32' : [ 0x0, ['array', 4, ['float']]],
+    'm128_u64' : [ 0x0, ['array', 2, ['unsigned long long']]],
+    'm128_i8' : [ 0x0, ['array', 16, ['unsigned char']]],
+    'm128_i16' : [ 0x0, ['array', 8, ['short']]],
+    'm128_i32' : [ 0x0, ['array', 4, ['long']]],
+    'm128_i64' : [ 0x0, ['array', 2, ['long long']]],
+    'm128_u8' : [ 0x0, ['array', 16, ['unsigned char']]],
+    'm128_u16' : [ 0x0, ['array', 8, ['unsigned short']]],
+    'm128_u32' : [ 0x0, ['array', 4, ['unsigned long']]],
+} ],
+  'wil_details_FeatureReportingCache' : [ 0x8, {
+    'reported' : [ 0x0, ['wil_details_ReportedState']],
+    'recorded' : [ 0x4, ['wil_details_RecordedState']],
+} ],
+  'wil_details_RecordUsageResult' : [ 0x18, {
+    'queueBackground' : [ 0x0, ['long']],
+    'countImmediate' : [ 0x4, ['unsigned long']],
+    'kindImmediate' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_ServiceReportingKind_UniqueUsage', 1: u'wil_details_ServiceReportingKind_UniqueOpportunity', 2: u'wil_details_ServiceReportingKind_DeviceUsage', 3: u'wil_details_ServiceReportingKind_DeviceOpportunity', 4: u'wil_details_ServiceReportingKind_PotentialUniqueUsage', 5: u'wil_details_ServiceReportingKind_PotentialUniqueOpportunity', 6: u'wil_details_ServiceReportingKind_PotentialDeviceUsage', 7: u'wil_details_ServiceReportingKind_PotentialDeviceOpportunity', 8: u'wil_details_ServiceReportingKind_EnabledTotalDuration', 9: u'wil_details_ServiceReportingKind_EnabledPausedDuration', 10: u'wil_details_ServiceReportingKind_DisabledTotalDuration', 11: u'wil_details_ServiceReportingKind_DisabledPausedDuration', 256: u'wil_details_ServiceReportingKind_VariantDevicePotentialBase', 320: u'wil_details_ServiceReportingKind_VariantDeviceUsageBase', 384: u'wil_details_ServiceReportingKind_VariantUniquePotentialBase', 448: u'wil_details_ServiceReportingKind_VariantUniqueUsageBase', 150: u'wil_details_ServiceReportingKind_CustomDisabledBase', 100: u'wil_details_ServiceReportingKind_CustomEnabledBase', 254: u'wil_details_ServiceReportingKind_Store', 255: u'wil_details_ServiceReportingKind_None'})]],
+    'payloadId' : [ 0xc, ['unsigned long']],
+    'ignoredUse' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_ReportedState' : [ 0x4, {
+    'exchange' : [ 0x0, ['unsigned long']],
+    'queuedForReporting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'reportedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'reportedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'reportedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'reportedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'usageCount' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 14, native_type='unsigned long')]],
+    'usageCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'opportunityCount' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 22, native_type='unsigned long')]],
+    'opportunityCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_details_RecordedState' : [ 0x4, {
+    'exchange' : [ 0x0, ['unsigned long']],
+    'recordedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'recordedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'recordedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'recordedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'recordedVariantDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'recordedVariant' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 11, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'FEATURE_ERROR' : [ 0x68, {
+    'hr' : [ 0x0, ['unsigned long']],
+    'lineNumber' : [ 0x4, ['unsigned short']],
+    'file' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'process' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'modulePath' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'callerReturnAddressOffset' : [ 0x20, ['unsigned long']],
+    'callerModule' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'message' : [ 0x30, ['pointer64', ['unsigned char']]],
+    'originLineNumber' : [ 0x38, ['unsigned short']],
+    'originFile' : [ 0x40, ['pointer64', ['unsigned char']]],
+    'originModule' : [ 0x48, ['pointer64', ['unsigned char']]],
+    'originCallerReturnAddressOffset' : [ 0x50, ['unsigned long']],
+    'originCallerModule' : [ 0x58, ['pointer64', ['unsigned char']]],
+    'originName' : [ 0x60, ['pointer64', ['unsigned char']]],
+} ],
+  'FEATURE_LOGGED_TRAITS' : [ 0x6, {
+    'version' : [ 0x0, ['unsigned short']],
+    'baseVersion' : [ 0x2, ['unsigned short']],
+    'stage' : [ 0x4, ['unsigned char']],
+} ],
+  'wil_details_StagingConfigFeature' : [ 0xc, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'changedInSession' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'unused1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned long')]],
+    'serviceState' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 10, native_type='unsigned long')]],
+    'userState' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'testState' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 14, native_type='unsigned long')]],
+    'unused2' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned long')]],
+    'unused3' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'variant' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'payloadKind' : [ 0x4, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+    'payload' : [ 0x8, ['unsigned long']],
+} ],
+  'wil_details_StagingConfig' : [ 0x58, {
+    'store' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureStore_Machine', 1: u'wil_FeatureStore_User', 2: u'wil_FeatureStore_All'})]],
+    'forUpdate' : [ 0x4, ['long']],
+    'readChangeStamp' : [ 0x8, ['unsigned long']],
+    'readVersion' : [ 0xc, ['unsigned char']],
+    'modified' : [ 0x10, ['long']],
+    'header' : [ 0x18, ['pointer64', ['wil_details_StagingConfigHeader']]],
+    'features' : [ 0x20, ['pointer64', ['wil_details_StagingConfigFeature']]],
+    'triggers' : [ 0x28, ['pointer64', ['wil_details_StagingConfigUsageTrigger']]],
+    'changedInSession' : [ 0x30, ['long']],
+    'buffer' : [ 0x38, ['pointer64', ['void']]],
+    'bufferSize' : [ 0x40, ['unsigned long long']],
+    'bufferAlloc' : [ 0x48, ['unsigned long long']],
+    'bufferOwned' : [ 0x50, ['long']],
+} ],
+  'wil_details_StagingConfigHeader' : [ 0x10, {
+    'version' : [ 0x0, ['unsigned char']],
+    'versionMinor' : [ 0x1, ['unsigned char']],
+    'headerSizeBytes' : [ 0x2, ['unsigned short']],
+    'featureCount' : [ 0x4, ['unsigned short']],
+    'featureUsageTriggerCount' : [ 0x6, ['unsigned short']],
+    'sessionProperties' : [ 0x8, ['wil_details_StagingConfigHeaderProperties']],
+    'properties' : [ 0xc, ['wil_details_StagingConfigHeaderProperties']],
+} ],
+  'wil_details_StagingConfigUsageTrigger' : [ 0x10, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'trigger' : [ 0x4, ['wil_details_StagingConfigWnfStateName']],
+    'serviceReportingKind' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'unused' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_details_StagingConfigHeaderProperties' : [ 0x4, {
+    'ignoreServiceState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ignoreUserState' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ignoreTestState' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ignoreVariants' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_FeatureState' : [ 0x18, {
+    'enabledState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0x4, ['unsigned char']],
+    'payloadKind' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureVariantPayloadKind_None', 1: u'wil_FeatureVariantPayloadKind_Resident', 2: u'wil_FeatureVariantPayloadKind_External'})]],
+    'payload' : [ 0xc, ['unsigned long']],
+    'hasNotification' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_FeatureStateCache' : [ 0x8, {
+    'exchange' : [ 0x0, ['unsigned long']],
+    'stateCached' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'hasNotificationCached' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'variantCached' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'effectiveState' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'desiredState' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'reservedForKernelModeSupport' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned long')]],
+    'hasNotification' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'isVariant' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'variant' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 15, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 32, native_type='unsigned long')]],
+    'payloadId' : [ 0x4, ['unsigned long']],
+    'exchange64' : [ 0x0, ['unsigned long long']],
+} ],
+  '__WIL__WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_wil_details_UsageSubscriptionData' : [ 0x8, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'serviceReportingKind' : [ 0x4, ['unsigned short']],
+} ],
+  '_RTL_FEATURE_CONFIGURATION' : [ 0xc, {
+    'FeatureId' : [ 0x0, ['unsigned long']],
+    'Priority' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'EnabledState' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'IsWexpConfiguration' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'HasSubscriptions' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Variant' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'VariantPayloadKind' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned long')]],
+    'VariantPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_FEATURE_USAGE_REPORT' : [ 0x8, {
+    'FeatureId' : [ 0x0, ['unsigned long']],
+    'ReportingKind' : [ 0x4, ['unsigned short']],
+    'ReportingOptions' : [ 0x6, ['unsigned short']],
+} ],
+  'wil_details_FeatureTestState' : [ 0x20, {
+    'kind' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_FeatureTestStateKind_EnabledState', 1: u'wil_details_FeatureTestStateKind_Variant'})]],
+    'featureId' : [ 0x4, ['unsigned long']],
+    'state' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0xc, ['unsigned char']],
+    'payload' : [ 0x10, ['unsigned long']],
+    'payloadKind' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureVariantPayloadKind_None', 1: u'wil_FeatureVariantPayloadKind_Resident', 2: u'wil_FeatureVariantPayloadKind_External'})]],
+    'next' : [ 0x18, ['pointer64', ['wil_details_FeatureTestState']]],
+} ],
+  '__unnamed_1d23' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_1d23']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0x10, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x8, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0x18, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x28, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'ListName' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x10, ['unsigned long long']],
+    'Blink' : [ 0x18, ['unsigned long long']],
+    'Lock' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x70, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer64', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0x18, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x20, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x28, ['unsigned long long']],
+    'NumberOfReferences' : [ 0x30, ['unsigned long long']],
+    'CloneHeader' : [ 0x38, ['pointer64', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x40, ['unsigned long long']],
+    'DeleteList' : [ 0x50, ['_SLIST_ENTRY']],
+    'NestingLevel' : [ 0x60, ['unsigned long long']],
+} ],
+  '__unnamed_1d64' : [ 0x8, {
+    'NextSlistPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeFlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 64, native_type='unsigned long long')]],
+    'Active' : [ 0x0, ['_MI_ACTIVE_PFN']],
+} ],
+  '__unnamed_1d69' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_1d6b' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1d6d' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_1d69']],
+    'e4' : [ 0x0, ['__unnamed_1d6b']],
+} ],
+  '__unnamed_1d77' : [ 0x8, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'LargePageSize' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 38, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'Unused2' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 50, native_type='unsigned long long')]],
+    'FileOnly' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'PfnExists' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 60, native_type='unsigned long long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 63, native_type='unsigned long long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MMPFN' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_1d64']],
+    'PteAddress' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PteLong' : [ 0x8, ['unsigned long long']],
+    'OriginalPte' : [ 0x10, ['_MMPTE']],
+    'u2' : [ 0x18, ['_MIPFNBLINK']],
+    'u3' : [ 0x20, ['__unnamed_1d6d']],
+    'NodeBlinkLow' : [ 0x24, ['unsigned short']],
+    'Unused' : [ 0x26, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Unused2' : [ 0x26, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ViewCount' : [ 0x27, ['unsigned char']],
+    'NodeFlinkLow' : [ 0x27, ['unsigned char']],
+    'ModifiedListBucketIndex' : [ 0x27, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'u4' : [ 0x28, ['__unnamed_1d77']],
+} ],
+  '__unnamed_1d82' : [ 0x8, {
+    'ImageCommitment' : [ 0x0, ['unsigned long long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1d86' : [ 0x8, {
+    'ImageInformation' : [ 0x0, ['pointer64', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x48, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x30, ['__unnamed_1d82']],
+    'u2' : [ 0x38, ['__unnamed_1d86']],
+    'PrototypePte' : [ 0x40, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_1d8b' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_1d8e' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS2']],
+} ],
+  '__unnamed_1d96' : [ 0x10, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 22, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ImageBaseOkToReuse' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer64', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_1d98' : [ 0x10, {
+    'e2' : [ 0x0, ['__unnamed_1d96']],
+} ],
+  '__unnamed_1d9a' : [ 0x8, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x80, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'AweContext' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfSectionReferences' : [ 0x18, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x20, ['unsigned long long']],
+    'NumberOfMappedViews' : [ 0x28, ['unsigned long long']],
+    'NumberOfUserReferences' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_1d8b']],
+    'u1' : [ 0x3c, ['__unnamed_1d8e']],
+    'FilePointer' : [ 0x40, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x48, ['long']],
+    'ModifiedWriteCount' : [ 0x4c, ['unsigned long']],
+    'WaitList' : [ 0x50, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x58, ['__unnamed_1d98']],
+    'FileObjectLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x70, ['unsigned long long']],
+    'u3' : [ 0x78, ['__unnamed_1d9a']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x60, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'BasePte' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'VaType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSystemPtesLarge', 14: u'MiVaKernelStacks', 15: u'MiVaSecureNonPagedPool', 16: u'MiVaMaximumType'})]],
+    'FailureCount' : [ 0x20, ['pointer64', ['unsigned long']]],
+    'PteFailures' : [ 0x28, ['unsigned long']],
+    'SpinLock' : [ 0x30, ['unsigned long long']],
+    'GlobalPushLock' : [ 0x30, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'TotalSystemPtes' : [ 0x38, ['unsigned long long']],
+    'Hint' : [ 0x40, ['unsigned long long']],
+    'LowestBitEverAllocated' : [ 0x48, ['unsigned long long']],
+    'CachedPtes' : [ 0x50, ['pointer64', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x58, ['unsigned long long']],
+} ],
+  '__unnamed_1db5' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+    'PrivateVadFlags' : [ 0x0, ['_MM_PRIVATE_VAD_FLAGS']],
+    'GraphicsVadFlags' : [ 0x0, ['_MM_GRAPHICS_VAD_FLAGS']],
+    'SharedVadFlags' : [ 0x0, ['_MM_SHARED_VAD_FLAGS']],
+    'VolatileVadLong' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1db8' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x40, {
+    'NextVad' : [ 0x0, ['pointer64', ['_MMVAD_SHORT']]],
+    'ExtraCreateInfo' : [ 0x8, ['pointer64', ['void']]],
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long']],
+    'EndingVpn' : [ 0x1c, ['unsigned long']],
+    'StartingVpnHigh' : [ 0x20, ['unsigned char']],
+    'EndingVpnHigh' : [ 0x21, ['unsigned char']],
+    'CommitChargeHigh' : [ 0x22, ['unsigned char']],
+    'SpareNT64VadUChar' : [ 0x23, ['unsigned char']],
+    'ReferenceCount' : [ 0x24, ['long']],
+    'PushLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x30, ['__unnamed_1db5']],
+    'u1' : [ 0x34, ['__unnamed_1db8']],
+    'EventList' : [ 0x38, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x8, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 60, native_type='unsigned long long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 64, native_type='unsigned long long')]],
+    'EntireKey' : [ 0x0, ['unsigned long long']],
+} ],
+  '_MI_PARTITION' : [ 0x2d00, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0x1b8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x480, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x540, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x880, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0x1840, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0x1880, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0x1930, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0x1ac0, ['pointer64', ['void']]],
+    'WorkingSetExpansionHead' : [ 0x1ac8, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'SessionDetachTimeStamp' : [ 0x1ad8, ['unsigned long']],
+    'Vp' : [ 0x1b00, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_EPARTITION' : [ 0x80, {
+    'MmPartition' : [ 0x0, ['pointer64', ['void']]],
+    'CcPartition' : [ 0x8, ['pointer64', ['void']]],
+    'ExPartition' : [ 0x10, ['pointer64', ['void']]],
+    'HardReferenceCount' : [ 0x18, ['long long']],
+    'OpenHandleCount' : [ 0x20, ['long long']],
+    'ActivePartitionLinks' : [ 0x28, ['_LIST_ENTRY']],
+    'ParentPartition' : [ 0x38, ['pointer64', ['_EPARTITION']]],
+    'TeardownWorkItem' : [ 0x40, ['_WORK_QUEUE_ITEM']],
+    'TeardownLock' : [ 0x60, ['_EX_PUSH_LOCK']],
+    'SystemProcess' : [ 0x68, ['pointer64', ['_EPROCESS']]],
+    'SystemProcessHandle' : [ 0x70, ['pointer64', ['void']]],
+    'PartitionFlags' : [ 0x78, ['unsigned long']],
+    'PairedWithJob' : [ 0x78, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '_HHIVE' : [ 0x600, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'ReleaseCellRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'Allocate' : [ 0x18, ['pointer64', ['void']]],
+    'Free' : [ 0x20, ['pointer64', ['void']]],
+    'FileWrite' : [ 0x28, ['pointer64', ['void']]],
+    'FileRead' : [ 0x30, ['pointer64', ['void']]],
+    'HiveLoadFailure' : [ 0x38, ['pointer64', ['void']]],
+    'BaseBlock' : [ 0x40, ['pointer64', ['_HBASE_BLOCK']]],
+    'FlusherLock' : [ 0x48, ['_CMSI_RW_LOCK']],
+    'WriterLock' : [ 0x50, ['_CMSI_RW_LOCK']],
+    'DirtyVector' : [ 0x58, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x68, ['unsigned long']],
+    'DirtyAlloc' : [ 0x6c, ['unsigned long']],
+    'UnreconciledVector' : [ 0x70, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x80, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x84, ['unsigned long']],
+    'Cluster' : [ 0x88, ['unsigned long']],
+    'Flat' : [ 0x8c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x8c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x8c, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x8d, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x90, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x94, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x98, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x9c, ['unsigned long']],
+    'HiveFlags' : [ 0xa0, ['unsigned long']],
+    'CurrentLog' : [ 0xa4, ['unsigned long']],
+    'CurrentLogSequence' : [ 0xa8, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0xac, ['unsigned long']],
+    'CurrentLogOffset' : [ 0xb0, ['unsigned long']],
+    'MinimumLogSequence' : [ 0xb4, ['unsigned long']],
+    'LogFileSizeCap' : [ 0xb8, ['unsigned long']],
+    'LogDataPresent' : [ 0xbc, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0xbe, ['unsigned char']],
+    'BaseBlockDirty' : [ 0xbf, ['unsigned char']],
+    'LastLogSwapTime' : [ 0xc0, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0xc8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0xc8, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0xc8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0xc8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0xc8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0xc8, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0xca, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0xcc, ['unsigned long']],
+    'StorageTypeCount' : [ 0xd0, ['unsigned long']],
+    'Version' : [ 0xd4, ['unsigned long']],
+    'ViewMap' : [ 0xd8, ['_HVP_VIEW_MAP']],
+    'Storage' : [ 0x110, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0x138, {
+    'RefCount' : [ 0x0, ['unsigned long long']],
+    'ExtFlags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Freed' : [ 0x8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SpareExtFlag' : [ 0x8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x8, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x10, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x10, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x18, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x20, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x28, ['unsigned long']],
+    'KcbPushlock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x38, ['pointer64', ['_KTHREAD']]],
+    'SharedCount' : [ 0x38, ['long']],
+    'DelayedDeref' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x41, ['unsigned char']],
+    'LayerHeight' : [ 0x42, ['short']],
+    'Spare1' : [ 0x44, ['unsigned long']],
+    'ParentKcb' : [ 0x48, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x50, ['pointer64', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueList' : [ 0x60, ['_CHILD_LIST']],
+    'LinkTarget' : [ 0x68, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'IndexHint' : [ 0x70, ['pointer64', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x70, ['unsigned long']],
+    'SubKeyCount' : [ 0x70, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x78, ['_LIST_ENTRY']],
+    'ClonedListEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x88, ['array', 4, ['pointer64', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0xa8, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0xb0, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0xb2, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0xb4, ['unsigned long']],
+    'KcbUserFlags' : [ 0xb8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0xb8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0xb8, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0xb8, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Spare3' : [ 0xbc, ['unsigned long']],
+    'LayerInfo' : [ 0xc0, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'RealKeyName' : [ 0xc8, ['pointer64', ['unsigned char']]],
+    'KCBUoWListHead' : [ 0xd0, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Stolen' : [ 0xe0, ['pointer64', ['unsigned char']]],
+    'TransKCBOwner' : [ 0xf0, ['pointer64', ['_CM_TRANS']]],
+    'KCBLock' : [ 0xf8, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x108, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x118, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x120, ['pointer64', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0x128, ['pointer64', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0x128, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x128, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'SequenceNumber' : [ 0x130, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x68, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x10, ['pointer64', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0x18, ['pointer64', ['void']]],
+    'KeyBodyList' : [ 0x20, ['_LIST_ENTRY']],
+    'Flags' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x30, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x40, ['pointer64', ['_GUID']]],
+    'ContextListHead' : [ 0x48, ['_LIST_ENTRY']],
+    'EnumerationResumeContext' : [ 0x58, ['pointer64', ['void']]],
+    'RestrictedAccessMask' : [ 0x60, ['unsigned long']],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x20, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x8, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0x18, ['unsigned short']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_CMHIVE' : [ 0x12e8, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x600, ['array', 6, ['pointer64', ['void']]]],
+    'NotifyList' : [ 0x630, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x640, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x650, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x660, ['_EX_RUNDOWN_REF']],
+    'KcbCacheTable' : [ 0x668, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x670, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x678, ['pointer64', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x680, ['unsigned long']],
+    'Identity' : [ 0x684, ['unsigned long']],
+    'HiveLock' : [ 0x688, ['_CMSI_RW_LOCK']],
+    'FlushDirtyVector' : [ 0x690, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x6a0, ['unsigned long']],
+    'FlushLogEntryOffsetArray' : [ 0x6a8, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'FlushLogEntryOffsetArrayCount' : [ 0x6b0, ['unsigned long']],
+    'FlushLogEntrySize' : [ 0x6b4, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x6b8, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x6bc, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x6c0, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x6d0, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x6d8, ['pointer64', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x6e0, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x6e8, ['pointer64', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x6f0, ['_EX_PUSH_LOCK']],
+    'LastShrinkHiveSize' : [ 0x6f8, ['unsigned long']],
+    'ActualFileSize' : [ 0x700, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x708, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x718, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x728, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x738, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x748, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x74c, ['unsigned long']],
+    'SecurityHitHint' : [ 0x750, ['long']],
+    'SecurityCache' : [ 0x758, ['pointer64', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x760, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0xb60, ['unsigned long']],
+    'UnloadEventArray' : [ 0xb68, ['pointer64', ['pointer64', ['_KEVENT']]]],
+    'RootKcb' : [ 0xb70, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0xb78, ['unsigned char']],
+    'UnloadWorkItem' : [ 0xb80, ['pointer64', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0xb88, ['_CM_WORKITEM']],
+    'DirtyVectorLog' : [ 0xbb0, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x1038, ['unsigned long']],
+    'TrustClassEntry' : [ 0x1040, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x1050, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x1058, ['unsigned long long']],
+    'CmRm' : [ 0x1060, ['pointer64', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x1068, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x106c, ['long']],
+    'CreatorOwner' : [ 0x1070, ['pointer64', ['_KTHREAD']]],
+    'RundownThread' : [ 0x1078, ['pointer64', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x1080, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x1088, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x1098, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x10a8, ['unsigned long']],
+    'PrimaryFilePurged' : [ 0x10a8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x10a8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x10ac, ['unsigned long']],
+    'ReferenceCount' : [ 0x10b0, ['long']],
+    'UnloadHistoryIndex' : [ 0x10b4, ['long']],
+    'UnloadHistory' : [ 0x10b8, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0x12b8, ['unsigned long']],
+    'UnaccessedStart' : [ 0x12bc, ['unsigned long']],
+    'UnaccessedEnd' : [ 0x12c0, ['unsigned long']],
+    'LoadedKeyCount' : [ 0x12c4, ['unsigned long']],
+    'HandleClosePending' : [ 0x12c8, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0x12d0, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0x12d8, ['unsigned char']],
+    'VolumeContext' : [ 0x12e0, ['pointer64', ['_CMP_VOLUME_CONTEXT']]],
+} ],
+  '__unnamed_1e6b' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmpCreateHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread', 23: u'_CmpCheckLeaf', 24: u'_HvHiveStartFileBacked', 25: u'_HvStartHiveMemoryBacked', 26: u'_HvpEnlistFreeCells', 27: u'_HvpPerformLogFileRecovery', 28: u'_CmpInitHiveFromFile', 29: u'_CmpLoadKeyCommon', 30: u'_CmpLinkHiveToMaster', 31: u'_CmLoadKey', 32: u'_CmLoadAppKey', 33: u'_CmpResolveHiveLoadConflict'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_1e6e' : [ 0x18, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x8, ['pointer64', ['void']]],
+    'Status' : [ 0x10, ['long']],
+} ],
+  '__unnamed_1e70' : [ 0x8, {
+    'CheckStack' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1e72' : [ 0x20, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x8, ['pointer64', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x10, ['pointer64', ['void']]],
+    'Index' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1e74' : [ 0x18, {
+    'List' : [ 0x0, ['pointer64', ['_CELL_DATA']]],
+    'Index' : [ 0x8, ['unsigned long']],
+    'Cell' : [ 0xc, ['unsigned long']],
+    'CellPoint' : [ 0x10, ['pointer64', ['_CELL_DATA']]],
+} ],
+  '__unnamed_1e78' : [ 0x10, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer64', ['_HBIN']]],
+} ],
+  '__unnamed_1e7c' : [ 0x10, {
+    'Bin' : [ 0x0, ['pointer64', ['_HBIN']]],
+    'CellPoint' : [ 0x8, ['pointer64', ['_HCELL']]],
+} ],
+  '__unnamed_1e7e' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x1b0, {
+    'Hive' : [ 0x0, ['pointer64', ['_HHIVE']]],
+    'Index' : [ 0x8, ['unsigned short']],
+    'RecoverableIndex' : [ 0xa, ['unsigned short']],
+    'Locations' : [ 0xc, ['array', 8, ['__unnamed_1e6b']]],
+    'RecoverableLocations' : [ 0x6c, ['array', 8, ['__unnamed_1e6b']]],
+    'RegistryIO' : [ 0xd0, ['__unnamed_1e6e']],
+    'CheckRegistry2' : [ 0xe8, ['__unnamed_1e70']],
+    'CheckKey' : [ 0xf0, ['__unnamed_1e72']],
+    'CheckValueList' : [ 0x110, ['__unnamed_1e74']],
+    'CheckHive' : [ 0x128, ['__unnamed_1e78']],
+    'CheckHive1' : [ 0x138, ['__unnamed_1e78']],
+    'CheckBin' : [ 0x148, ['__unnamed_1e7c']],
+    'RecoverData' : [ 0x158, ['__unnamed_1e7e']],
+    'LinkDebug' : [ 0x160, ['_CM_PARSE_DEBUG_INFO']],
+} ],
+  '_CM_KCB_UOW' : [ 0x78, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x10, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0x18, ['pointer64', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x30, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x38, ['pointer64', ['_CM_TRANS']]],
+    'UoWState' : [ 0x40, ['unsigned long']],
+    'ActionType' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ParentUoW' : [ 0x50, ['pointer64', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x58, ['unsigned long']],
+    'OldValueCell' : [ 0x58, ['unsigned long']],
+    'NewValueCell' : [ 0x5c, ['unsigned long']],
+    'UserFlags' : [ 0x58, ['unsigned long']],
+    'LastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x58, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x60, ['unsigned long']],
+    'OldChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x60, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x58, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x60, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x68, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x68, ['pointer64', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x68, ['pointer64', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x70, ['pointer64', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x70, ['pointer64', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0xb8, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x30, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x30, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x30, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x30, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x30, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x30, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x30, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x30, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x30, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x30, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x30, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x30, ['unsigned long']],
+    'Trans' : [ 0x38, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x40, ['pointer64', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x48, ['pointer64', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x50, ['pointer64', ['void']]],
+    'KtmUow' : [ 0x58, ['_GUID']],
+    'StartLsn' : [ 0x68, ['unsigned long long']],
+    'HiveCount' : [ 0x70, ['unsigned long']],
+    'HiveArray' : [ 0x78, ['array', 8, ['pointer64', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x30, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x10, ['unsigned long']],
+    'Counters' : [ 0x18, ['pointer64', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc8, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+    'ScaledFrequency' : [ 0xc0, ['unsigned long long']],
+} ],
+  '_PCW_DATA' : [ 0x10, {
+    'Data' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['unsigned long']]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x175, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x176, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapData' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['unsigned long long']]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x281, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x282, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'UnalignedLoadStoreExceptions' : [ 0x2ed, ['unsigned char']],
+    'Padding1' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapData' : [ 0x17b0, ['unsigned long']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SyntheticTimeUnhaltedTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'S1DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LbrAvailable' : [ 0xc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IptAvailable' : [ 0xc, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'CrossVtlFlushAvailable' : [ 0xc, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleSpecCtrlAvailable' : [ 0xc, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'AccessRootSchedulerReg' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'AccessTscInvariantControls' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Isolation' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 55, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 55, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x4218, {
+    'TimerExpiry' : [ 0x0, ['array', 64, ['pointer64', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x200, ['array', 2, ['array', 256, ['_KTIMER_TABLE_ENTRY']]]],
+    'TableState' : [ 0x4200, ['_KTIMER_TABLE_STATE']],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x20, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Entry' : [ 0x8, ['_LIST_ENTRY']],
+    'Time' : [ 0x18, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x38, {
+    'Prev' : [ 0x0, ['pointer64', ['_XSTATE_SAVE']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Level' : [ 0x10, ['unsigned char']],
+    'XStateContext' : [ 0x18, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KEXCEPTION_FRAME' : [ 0x140, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'Spare1' : [ 0x28, ['unsigned long long']],
+    'Xmm6' : [ 0x30, ['_M128A']],
+    'Xmm7' : [ 0x40, ['_M128A']],
+    'Xmm8' : [ 0x50, ['_M128A']],
+    'Xmm9' : [ 0x60, ['_M128A']],
+    'Xmm10' : [ 0x70, ['_M128A']],
+    'Xmm11' : [ 0x80, ['_M128A']],
+    'Xmm12' : [ 0x90, ['_M128A']],
+    'Xmm13' : [ 0xa0, ['_M128A']],
+    'Xmm14' : [ 0xb0, ['_M128A']],
+    'Xmm15' : [ 0xc0, ['_M128A']],
+    'TrapFrame' : [ 0xd0, ['unsigned long long']],
+    'OutputBuffer' : [ 0xd8, ['unsigned long long']],
+    'OutputLength' : [ 0xe0, ['unsigned long long']],
+    'Spare2' : [ 0xe8, ['unsigned long long']],
+    'MxCsr' : [ 0xf0, ['unsigned long long']],
+    'Rbp' : [ 0xf8, ['unsigned long long']],
+    'Rbx' : [ 0x100, ['unsigned long long']],
+    'Rdi' : [ 0x108, ['unsigned long long']],
+    'Rsi' : [ 0x110, ['unsigned long long']],
+    'R12' : [ 0x118, ['unsigned long long']],
+    'R13' : [ 0x120, ['unsigned long long']],
+    'R14' : [ 0x128, ['unsigned long long']],
+    'R15' : [ 0x130, ['unsigned long long']],
+    'Return' : [ 0x138, ['unsigned long long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x190, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'P5' : [ 0x20, ['unsigned long long']],
+    'PreviousMode' : [ 0x28, ['unsigned char']],
+    'InterruptRetpolineState' : [ 0x28, ['unsigned char']],
+    'PreviousIrql' : [ 0x29, ['unsigned char']],
+    'FaultIndicator' : [ 0x2a, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x2a, ['unsigned char']],
+    'ExceptionActive' : [ 0x2b, ['unsigned char']],
+    'MxCsr' : [ 0x2c, ['unsigned long']],
+    'Rax' : [ 0x30, ['unsigned long long']],
+    'Rcx' : [ 0x38, ['unsigned long long']],
+    'Rdx' : [ 0x40, ['unsigned long long']],
+    'R8' : [ 0x48, ['unsigned long long']],
+    'R9' : [ 0x50, ['unsigned long long']],
+    'R10' : [ 0x58, ['unsigned long long']],
+    'R11' : [ 0x60, ['unsigned long long']],
+    'GsBase' : [ 0x68, ['unsigned long long']],
+    'GsSwap' : [ 0x68, ['unsigned long long']],
+    'Xmm0' : [ 0x70, ['_M128A']],
+    'Xmm1' : [ 0x80, ['_M128A']],
+    'Xmm2' : [ 0x90, ['_M128A']],
+    'Xmm3' : [ 0xa0, ['_M128A']],
+    'Xmm4' : [ 0xb0, ['_M128A']],
+    'Xmm5' : [ 0xc0, ['_M128A']],
+    'FaultAddress' : [ 0xd0, ['unsigned long long']],
+    'ContextRecord' : [ 0xd0, ['unsigned long long']],
+    'Dr0' : [ 0xd8, ['unsigned long long']],
+    'Dr1' : [ 0xe0, ['unsigned long long']],
+    'Dr2' : [ 0xe8, ['unsigned long long']],
+    'Dr3' : [ 0xf0, ['unsigned long long']],
+    'Dr6' : [ 0xf8, ['unsigned long long']],
+    'Dr7' : [ 0x100, ['unsigned long long']],
+    'DebugControl' : [ 0x108, ['unsigned long long']],
+    'LastBranchToRip' : [ 0x110, ['unsigned long long']],
+    'LastBranchFromRip' : [ 0x118, ['unsigned long long']],
+    'LastExceptionToRip' : [ 0x120, ['unsigned long long']],
+    'LastExceptionFromRip' : [ 0x128, ['unsigned long long']],
+    'SegDs' : [ 0x130, ['unsigned short']],
+    'SegEs' : [ 0x132, ['unsigned short']],
+    'SegFs' : [ 0x134, ['unsigned short']],
+    'SegGs' : [ 0x136, ['unsigned short']],
+    'TrapFrame' : [ 0x138, ['unsigned long long']],
+    'Rbx' : [ 0x140, ['unsigned long long']],
+    'Rdi' : [ 0x148, ['unsigned long long']],
+    'Rsi' : [ 0x150, ['unsigned long long']],
+    'Rbp' : [ 0x158, ['unsigned long long']],
+    'ErrorCode' : [ 0x160, ['unsigned long long']],
+    'ExceptionFrame' : [ 0x160, ['unsigned long long']],
+    'Rip' : [ 0x168, ['unsigned long long']],
+    'SegCs' : [ 0x170, ['unsigned short']],
+    'Fill0' : [ 0x172, ['unsigned char']],
+    'Logging' : [ 0x173, ['unsigned char']],
+    'Fill1' : [ 0x174, ['array', 2, ['unsigned short']]],
+    'EFlags' : [ 0x178, ['unsigned long']],
+    'Fill2' : [ 0x17c, ['unsigned long']],
+    'Rsp' : [ 0x180, ['unsigned long long']],
+    'SegSs' : [ 0x188, ['unsigned short']],
+    'Fill3' : [ 0x18a, ['unsigned short']],
+    'Fill4' : [ 0x18c, ['unsigned long']],
+} ],
+  '_KIST_BASE_FRAME' : [ 0x30, {
+    'KernelGsBase' : [ 0x0, ['pointer64', ['_KPCR']]],
+    'IstStack' : [ 0x8, ['pointer64', ['_KIST_LINK_FRAME']]],
+    'PreviousGsBase' : [ 0x10, ['unsigned long long']],
+    'PreviousCr3' : [ 0x18, ['unsigned long long']],
+    'IstPad' : [ 0x20, ['unsigned long long']],
+    'Reserved' : [ 0x28, ['unsigned long long']],
+} ],
+  '_KIST_LINK_FRAME' : [ 0x20, {
+    'IstBaseFrame' : [ 0x0, ['pointer64', ['_KIST_BASE_FRAME']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'Reserved0' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '__unnamed_1f9e' : [ 0x8, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer64', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_1fa0' : [ 0x8, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1fa4' : [ 0x20, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0x18, ['pointer64', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x310, {
+    'Sibling' : [ 0x0, ['pointer64', ['_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x58, ['long']],
+    'FxRemoveEvent' : [ 0x60, ['_KEVENT']],
+    'FxActivationCount' : [ 0x78, ['long']],
+    'FxSleepCount' : [ 0x7c, ['long']],
+    'UniqueId' : [ 0x80, ['_UNICODE_STRING']],
+    'Plugin' : [ 0x90, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x98, ['unsigned long']],
+    'CurrentPowerState' : [ 0x9c, ['_POWER_STATE']],
+    'Notify' : [ 0xa0, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x108, ['_PO_IRP_MANAGER']],
+    'PowerFlags' : [ 0x128, ['long']],
+    'State' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0x130, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0x134, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x184, ['unsigned long']],
+    'CompletionStatus' : [ 0x188, ['long']],
+    'Flags' : [ 0x18c, ['unsigned long']],
+    'UserFlags' : [ 0x190, ['unsigned long']],
+    'Problem' : [ 0x194, ['unsigned long']],
+    'ProblemStatus' : [ 0x198, ['long']],
+    'ResourceList' : [ 0x1a0, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x1a8, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x1b0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x1b8, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x1c0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x1c4, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x1c8, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x1cc, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x1d0, ['unsigned short']],
+    'RemovalPolicy' : [ 0x1d2, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x1d3, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x1d8, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x1e8, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x1f8, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x208, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x20a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x20c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x20e, ['unsigned short']],
+    'OverUsed1' : [ 0x210, ['__unnamed_1f9e']],
+    'OverUsed2' : [ 0x218, ['__unnamed_1fa0']],
+    'BootResources' : [ 0x220, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x228, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x230, ['unsigned long']],
+    'DockInfo' : [ 0x238, ['__unnamed_1fa4']],
+    'DisableableDepends' : [ 0x258, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x260, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x270, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x280, ['unsigned long']],
+    'PreviousParent' : [ 0x288, ['pointer64', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x290, ['long']],
+    'NumaNodeIndex' : [ 0x294, ['unsigned long']],
+    'ContainerID' : [ 0x298, ['_GUID']],
+    'OverrideFlags' : [ 0x2a8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x2ac, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x2b0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x2b8, ['pointer64', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x2c0, ['unsigned long']],
+    'RebalanceContext' : [ 0x2c8, ['pointer64', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+    'IommuExtension' : [ 0x2d0, ['pointer64', ['_DEVICE_NODE_IOMMU_EXTENSION']]],
+    'DirectedDripsState' : [ 0x2d8, ['_PO_DIRECTED_DRIPS_STATE']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x48, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x30, ['pointer64', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x38, ['pointer64', ['unsigned long long']]],
+    'EnableLevel' : [ 0x40, ['pointer64', ['unsigned char']]],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x50, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x10, ['unsigned long']],
+    'CompletedList' : [ 0x18, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x28, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x48, ['unsigned long long']],
+} ],
+  '_KSEMAPHORE' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x18, ['long']],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0x10, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x40, {
+    'PhysicalDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AllocationType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0x10, ['unsigned long']],
+    'Position' : [ 0x14, ['unsigned long']],
+    'ResourceRequirements' : [ 0x18, ['pointer64', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x20, ['pointer64', ['void']]],
+    'ResourceAssignment' : [ 0x28, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x30, ['pointer64', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x38, ['long']],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_208b' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_208b']],
+} ],
+  '__unnamed_2092' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_2092']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_AMD64_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'ParameterBlockOffset' : [ 0xc, ['unsigned long']],
+    'ParameterBlockLength' : [ 0x10, ['unsigned long']],
+    'DataSetRangesOffset' : [ 0x14, ['unsigned long']],
+    'DataSetRangesLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_DATA_SET_RANGE' : [ 0x10, {
+    'StartingOffset' : [ 0x0, ['long long']],
+    'LengthInBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DEVICE_DSM_DEFINITION' : [ 0x1c, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'SingleRange' : [ 0x4, ['unsigned char']],
+    'ParameterBlockAlignment' : [ 0x8, ['unsigned long']],
+    'ParameterBlockLength' : [ 0xc, ['unsigned long']],
+    'HasOutput' : [ 0x10, ['unsigned char']],
+    'OutputBlockAlignment' : [ 0x14, ['unsigned long']],
+    'OutputBlockLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES_OUTPUT' : [ 0x24, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'OperationStatus' : [ 0xc, ['unsigned long']],
+    'ExtendedError' : [ 0x10, ['unsigned long']],
+    'TargetDetailedError' : [ 0x14, ['unsigned long']],
+    'ReservedStatus' : [ 0x18, ['unsigned long']],
+    'OutputBlockOffset' : [ 0x1c, ['unsigned long']],
+    'OutputBlockLength' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x18, ['pointer64', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x20, ['pointer64', ['wchar']]],
+    'PinCount' : [ 0x28, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x2a, ['unsigned char']],
+    'ResourceSourceName' : [ 0x30, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x38, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x40, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x30, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'SlaveAddress' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x28, ['unsigned long']],
+    'RxBufferSize' : [ 0x2c, ['unsigned short']],
+    'TxBufferSize' : [ 0x2e, ['unsigned short']],
+    'Parity' : [ 0x30, ['unsigned char']],
+    'LinesInUse' : [ 0x31, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x38, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x28, ['unsigned long']],
+    'DataBitLength' : [ 0x2c, ['unsigned char']],
+    'Phase' : [ 0x2d, ['unsigned char']],
+    'Polarity' : [ 0x2e, ['unsigned char']],
+    'DeviceSelection' : [ 0x30, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x1c0, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x18, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x20, ['pointer64', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x28, ['pointer64', ['void']]],
+    'Accounting' : [ 0x30, ['pointer64', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'DeepSleepEnabled' : [ 0x38, ['unsigned char']],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x15b0, {
+    'Name' : [ 0x0, ['pointer64', ['wchar']]],
+    'Id' : [ 0x8, ['unsigned char']],
+    'Guid' : [ 0xc, ['_GUID']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Priority' : [ 0x20, ['unsigned char']],
+    'Settings' : [ 0x28, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x1588, ['unsigned long long']],
+    'Count' : [ 0x1590, ['unsigned long long']],
+    'MaxDuration' : [ 0x1598, ['unsigned long long']],
+    'MinDuration' : [ 0x15a0, ['unsigned long long']],
+    'TotalDuration' : [ 0x15a8, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xab0, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['array', 2, ['unsigned long']]],
+    'AutonomousActivityWindow' : [ 0x48, ['unsigned long']],
+    'AutonomousPreference' : [ 0x4c, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x4d, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4f, ['array', 2, ['unsigned char']]],
+    'ResponsivenessDisableThreshold' : [ 0x54, ['array', 2, ['unsigned long']]],
+    'ResponsivenessEnableThreshold' : [ 0x5c, ['array', 2, ['unsigned long']]],
+    'ResponsivenessDisableTime' : [ 0x64, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEnableTime' : [ 0x66, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEppCeiling' : [ 0x68, ['array', 2, ['unsigned long']]],
+    'ResponsivenessPerfFloor' : [ 0x70, ['array', 2, ['unsigned long']]],
+    'DutyCycling' : [ 0x78, ['unsigned char']],
+    'ParkingPerfState' : [ 0x79, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x7b, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x7c, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x7d, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x7e, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x7f, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x80, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x81, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x84, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x88, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x8c, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x8e, ['array', 2, ['unsigned char']]],
+    'SoftParkLatency' : [ 0x90, ['unsigned long']],
+    'AllowScaling' : [ 0x94, ['unsigned char']],
+    'IdleDisabled' : [ 0x95, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x98, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x9c, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x9d, ['unsigned char']],
+    'IdleStateMax' : [ 0x9e, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x9f, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0xa0, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0xa1, ['array', 1280, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0x5a1, ['array', 1280, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xaa1, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xaa2, ['unsigned char']],
+    'ThreadPolicies' : [ 0xaa4, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuPolicyAll', 1: u'KHeteroCpuPolicyLarge', 2: u'KHeteroCpuPolicyLargeOrIdle', 3: u'KHeteroCpuPolicySmall', 4: u'KHeteroCpuPolicySmallOrIdle', 5: u'KHeteroCpuPolicyStaticMax', 6: u'KHeteroCpuPolicyBiasedSmall', 7: u'KHeteroCpuPolicyBiasedLarge', 8: u'KHeteroCpuPolicyDefault', 9: u'KHeteroCpuPolicyMax'})]]],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x490, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x2e0, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x310, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x360, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x368, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x370, ['pointer64', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x378, ['pointer64', ['void']]],
+    'HardErrorState' : [ 0x380, ['unsigned long']],
+    'ExpLicenseState' : [ 0x388, ['pointer64', ['_EXP_LICENSE_STATE']]],
+    'WnfSiloState' : [ 0x390, ['_WNF_SILODRIVERSTATE']],
+    'DbgkSiloState' : [ 0x3c8, ['_DBGK_SILOSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x3e8, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x3f8, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x408, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x410, ['pointer64', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x418, ['unsigned char']],
+    'NtSystemRoot' : [ 0x420, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x430, ['_UNICODE_STRING']],
+    'Storage' : [ 0x440, ['pointer64', ['_PSP_STORAGE']]],
+    'State' : [ 0x448, ['Enumeration', dict(target = 'long', choices = {0: u'SERVERSILO_INITING', 1: u'SERVERSILO_STARTED', 2: u'SERVERSILO_SHUTTING_DOWN', 3: u'SERVERSILO_TERMINATING', 4: u'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x44c, ['long']],
+    'DeleteEvent' : [ 0x450, ['pointer64', ['_KEVENT']]],
+    'UserSharedData' : [ 0x458, ['pointer64', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x460, ['pointer64', ['void']]],
+    'TerminateWorkItem' : [ 0x468, ['_WORK_QUEUE_ITEM']],
+    'IsDownlevelContainer' : [ 0x488, ['unsigned char']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SIrpBlocked' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BlockFastResume' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DirectedPoweredDown' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DirectedTransitionInProgress' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0xd0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x20, ['unsigned long long']],
+    'LogHandleContext' : [ 0x28, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0xc0, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0xc4, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0xc8, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x228, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x28, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x30, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x38, ['array', 4, ['pointer64', ['_VACB']]]],
+    'Vacbs' : [ 0x58, ['pointer64', ['pointer64', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x60, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x70, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x78, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x88, ['_LIST_ENTRY']],
+    'Flags' : [ 0x98, ['unsigned long']],
+    'Status' : [ 0x9c, ['long']],
+    'Mbcb' : [ 0xa0, ['pointer64', ['_MBCB']]],
+    'Section' : [ 0xa8, ['pointer64', ['void']]],
+    'CreateEvent' : [ 0xb0, ['pointer64', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0xb8, ['pointer64', ['_KEVENT']]],
+    'PagesToWrite' : [ 0xc0, ['unsigned long']],
+    'BeyondLastFlush' : [ 0xc8, ['long long']],
+    'Callbacks' : [ 0xd0, ['pointer64', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0xd8, ['pointer64', ['void']]],
+    'PrivateList' : [ 0xe0, ['_LIST_ENTRY']],
+    'V1' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0xf0, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0x100, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0x108, ['unsigned long']],
+    'LazyWritePassCount' : [ 0x10c, ['unsigned long']],
+    'UninitializeEvent' : [ 0x110, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0x118, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0x150, ['_LARGE_INTEGER']],
+    'Event' : [ 0x158, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0x170, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0x178, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x1f0, ['pointer64', ['void']]],
+    'VolumeCacheMap' : [ 0x1f8, ['pointer64', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x200, ['unsigned long']],
+    'WritesInProgress' : [ 0x204, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x208, ['unsigned long']],
+    'Partition' : [ 0x210, ['pointer64', ['_CC_PARTITION']]],
+    'InternalRefCount' : [ 0x218, ['unsigned long']],
+    'NumMappedVacb' : [ 0x21c, ['unsigned long']],
+    'NumActiveVacb' : [ 0x220, ['unsigned long']],
+} ],
+  '__unnamed_21a8' : [ 0x10, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x28, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'SharedCacheMap' : [ 0x8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x10, ['__unnamed_21a8']],
+    'ArrayHead' : [ 0x20, ['pointer64', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x440, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'PartitionObject' : [ 0x8, ['pointer64', ['_EPARTITION']]],
+    'CleanSharedCacheMapList' : [ 0x10, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0x20, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0x30, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriteCursor' : [ 0x48, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0x60, ['_LIST_ENTRY']],
+    'PrivateLock' : [ 0x80, ['unsigned long long']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0x88, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0x8c, ['unsigned char']],
+    'WorkQueueLock' : [ 0xc0, ['unsigned long long']],
+    'NumberWorkerThreads' : [ 0xc8, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0xcc, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0xd0, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0xf0, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0x100, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0x110, ['_LIST_ENTRY']],
+    'CleanCachemapUninitWorkQueue' : [ 0x120, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0x130, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0x140, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0x144, ['unsigned long']],
+    'IdleCacheMapUninitThreadList' : [ 0x148, ['_LIST_ENTRY']],
+    'ActiveCacheMapUninitThreads' : [ 0x158, ['unsigned long']],
+    'MaxCacheMapUninitThreads' : [ 0x15c, ['unsigned long']],
+    'QueueThrottle' : [ 0x160, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0x164, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0x168, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0x16c, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0x170, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0x174, ['unsigned long']],
+    'LowMemoryEvent' : [ 0x178, ['_KEVENT']],
+    'PowerEvent' : [ 0x190, ['_KEVENT']],
+    'PeriodicEvent' : [ 0x1a8, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x1c0, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x1d8, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x1f0, ['unsigned long']],
+    'LazyWriter' : [ 0x1f8, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x280, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x298, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x2d0, ['pointer64', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x2d8, ['long']],
+    'AverageAvailablePages' : [ 0x2e0, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x2e8, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x2f0, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x2f8, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x300, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x308, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x309, ['unsigned char']],
+    'DeferredWrites' : [ 0x310, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x340, ['unsigned long long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x348, ['pointer64', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x350, ['pointer64', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x358, ['pointer64', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x360, ['pointer64', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x368, ['pointer64', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x370, ['pointer64', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x378, ['pointer64', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x380, ['_EX_PUSH_LOCK']],
+    'VacbFreeHighPriorityList' : [ 0x388, ['_LIST_ENTRY']],
+    'NumberOfFreeHighPriorityVacbs' : [ 0x398, ['unsigned long']],
+    'LowPriWorkerThread' : [ 0x3a0, ['pointer64', ['_ETHREAD']]],
+    'LowPriSharedCacheMap' : [ 0x3a8, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'LowPriOldCpuPriority' : [ 0x3b0, ['long']],
+    'LowPriOldIoPriority' : [ 0x3b4, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+    'LowPriorityWorkerThreadLock' : [ 0x3b8, ['_EX_PUSH_LOCK']],
+    'MaxNumberOfWriteBehindThreads' : [ 0x3c0, ['unsigned long']],
+    'CoalescingState' : [ 0x3c4, ['unsigned char']],
+    'ActivePartition' : [ 0x3c5, ['unsigned char']],
+    'RundownPhase' : [ 0x3c6, ['unsigned char']],
+    'RefCount' : [ 0x3c8, ['long long']],
+    'ExitEvent' : [ 0x3d0, ['_KEVENT']],
+    'FinalDereferenceEvent' : [ 0x3e8, ['_KEVENT']],
+    'LazyWriteScanThreadHandle' : [ 0x400, ['pointer64', ['void']]],
+} ],
+  '__unnamed_21ce' : [ 0x10, {
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_21d0' : [ 0x8, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_21d2' : [ 0x8, {
+    'Event' : [ 0x0, ['pointer64', ['_KEVENT']]],
+} ],
+  '__unnamed_21d4' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_21d6' : [ 0x30, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x8, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x10, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_21da' : [ 0x68, {
+    'SharedCacheMap' : [ 0x0, ['pointer64', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'PrefetchList' : [ 0x20, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x28, ['unsigned long']],
+    'Mdl' : [ 0x30, ['pointer64', ['_MDL']]],
+    'IoStatusBlock' : [ 0x38, ['pointer64', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x40, ['pointer64', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x48, ['pointer64', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x50, ['pointer64', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x58, ['pointer64', ['void']]],
+    'RequestorMode' : [ 0x60, ['unsigned char']],
+    'NestingLevel' : [ 0x64, ['unsigned long']],
+} ],
+  '__unnamed_21dc' : [ 0x68, {
+    'Read' : [ 0x0, ['__unnamed_21ce']],
+    'Write' : [ 0x0, ['__unnamed_21d0']],
+    'Event' : [ 0x0, ['__unnamed_21d2']],
+    'Notification' : [ 0x0, ['__unnamed_21d4']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_21d6']],
+    'AsyncRead' : [ 0x0, ['__unnamed_21da']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x88, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x10, ['__unnamed_21dc']],
+    'Function' : [ 0x78, ['unsigned char']],
+    'Partition' : [ 0x80, ['pointer64', ['_CC_PARTITION']]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x60, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x10, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'PostRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Context1' : [ 0x38, ['pointer64', ['void']]],
+    'Context2' : [ 0x40, ['pointer64', ['void']]],
+    'Partition' : [ 0x48, ['pointer64', ['_CC_PARTITION']]],
+    'SoftThrottle' : [ 0x50, ['unsigned char']],
+    'TimeAdded' : [ 0x58, ['_LARGE_INTEGER']],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x30, {
+    'Callback' : [ 0x0, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x8, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x20, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x10, ['pointer64', ['void']]],
+    'VacbLevelsAllocated' : [ 0x18, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x98, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x10, ['pointer64', ['void']]],
+    'DirtyPageStatistics' : [ 0x18, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x30, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x68, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x6c, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x70, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x78, ['pointer64', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x80, ['unsigned long long']],
+    'LastLWTimeStamp' : [ 0x88, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x90, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0xc0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x20, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x28, ['long long']],
+    'BitmapRange1' : [ 0x30, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x60, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x90, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x30, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x10, ['long long']],
+    'FirstDirtyPage' : [ 0x18, ['unsigned long']],
+    'LastDirtyPage' : [ 0x1c, ['unsigned long']],
+    'DirtyPages' : [ 0x20, ['unsigned long']],
+    'Bitmap' : [ 0x28, ['pointer64', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0x18, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x88, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x40, ['_KTIMER']],
+    'ScanActive' : [ 0x80, ['unsigned char']],
+    'OtherWork' : [ 0x81, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x82, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x83, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x84, ['unsigned char']],
+    'PendingPowerScan' : [ 0x85, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x86, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x28, {
+    'Allocate' : [ 0x0, ['unsigned long long']],
+    'Free' : [ 0x8, ['unsigned long long']],
+    'Commit' : [ 0x10, ['unsigned long long']],
+    'Decommit' : [ 0x18, ['unsigned long long']],
+    'ExtendContext' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SEGMENT_HEAP_EXTRA' : [ 0x10, {
+    'AllocationTag' : [ 0x0, ['unsigned short']],
+    'InterceptorIndex' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UserFlags' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ExtraSizeInUnits' : [ 0x3, ['unsigned char']],
+    'Settable' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_RTL_CSPARSE_BITMAP' : [ 0x40, {
+    'CommitBitmap' : [ 0x0, ['pointer64', ['unsigned long long']]],
+    'UserBitmap' : [ 0x8, ['pointer64', ['unsigned long long']]],
+    'BitCount' : [ 0x10, ['unsigned long long']],
+    'BitmapLock' : [ 0x18, ['unsigned long long']],
+    'DecommitPageIndex' : [ 0x20, ['unsigned long long']],
+    'RtlpCSparseBitmapWakeLock' : [ 0x28, ['unsigned long long']],
+    'LockType' : [ 0x30, ['unsigned char']],
+    'AddressSpace' : [ 0x31, ['unsigned char']],
+    'MemType' : [ 0x32, ['unsigned char']],
+    'AllocAlignment' : [ 0x33, ['unsigned char']],
+    'CommitDirectoryMaxSize' : [ 0x34, ['unsigned long']],
+    'CommitDirectory' : [ 0x38, ['array', 1, ['unsigned long long']]],
+} ],
+  '_RTL_SPARSE_ARRAY' : [ 0x50, {
+    'ElementCount' : [ 0x0, ['unsigned long long']],
+    'ElementSizeShift' : [ 0x8, ['unsigned long']],
+    'Bitmap' : [ 0x10, ['_RTL_CSPARSE_BITMAP']],
+} ],
+  '_HEAP_VAMGR_ALLOCATOR' : [ 0x30, {
+    'TreeLock' : [ 0x0, ['unsigned long long']],
+    'FreeRanges' : [ 0x8, ['_RTL_RB_TREE']],
+    'VaSpace' : [ 0x18, ['pointer64', ['_HEAP_VAMGR_VASPACE']]],
+    'PartitionHandle' : [ 0x20, ['pointer64', ['void']]],
+    'ChunksPerRegion' : [ 0x28, ['unsigned short']],
+    'RefCount' : [ 0x2a, ['unsigned short']],
+    'AllocatorIndex' : [ 0x2c, ['unsigned char']],
+    'NumaNode' : [ 0x2d, ['unsigned char']],
+    'LockType' : [ 0x2e, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MemoryType' : [ 0x2e, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'ConstrainedVA' : [ 0x2e, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'AllowFreeHead' : [ 0x2e, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare0' : [ 0x2e, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x2f, ['unsigned char']],
+} ],
+  '_HEAP_VAMGR_VASPACE' : [ 0x860, {
+    'AddressSpaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'HeapAddressUser', 1: u'HeapAddressKernel', 2: u'HeapAddressSession', 3: u'HeapAddressSecureKernel', 4: u'HeapAddressTypeMax'})]],
+    'BaseAddress' : [ 0x8, ['unsigned long long']],
+    'VaRangeArray' : [ 0x10, ['_RTL_SPARSE_ARRAY']],
+    'VaRangeArrayBuffer' : [ 0x10, ['array', 2128, ['unsigned char']]],
+} ],
+  '_HEAP_VAMGR_RANGE' : [ 0x20, {
+    'RbNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Standalone' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'AllocatorIndex' : [ 0x1, ['unsigned char']],
+    'OwnerCtx' : [ 0x8, ['array', 2, ['unsigned long long']]],
+    'SizeInChunks' : [ 0x18, ['unsigned long long']],
+    'ChunkCount' : [ 0x18, ['unsigned short']],
+    'PrevChunkCount' : [ 0x1a, ['unsigned short']],
+    'Signature' : [ 0x18, ['unsigned long long']],
+} ],
+  '_RTLP_HP_HEAP_MANAGER' : [ 0x38d0, {
+    'Globals' : [ 0x0, ['pointer64', ['_RTLP_HP_HEAP_GLOBALS']]],
+    'AllocTracker' : [ 0x8, ['_RTLP_HP_ALLOC_TRACKER']],
+    'VaMgr' : [ 0x58, ['_HEAP_VAMGR_CTX']],
+    'MetadataHeaps' : [ 0x3898, ['array', 3, ['_RTLP_HP_METADATA_HEAP_CTX']]],
+    'SubAllocConfigs' : [ 0x38c8, ['_RTL_HP_SUB_ALLOCATOR_CONFIGS']],
+} ],
+  '_RTLP_HP_ALLOC_TRACKER' : [ 0x50, {
+    'BaseAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTrackerBitmap' : [ 0x8, ['_RTL_CSPARSE_BITMAP']],
+    'AllocTrackerBitmapBuffer' : [ 0x8, ['array', 72, ['unsigned char']]],
+} ],
+  '_RTL_STACKDB_CONTEXT' : [ 0x48, {
+    'StackSegmentTable' : [ 0x0, ['_RTL_HASH_TABLE']],
+    'StackEntryTable' : [ 0x10, ['_RTL_HASH_TABLE']],
+    'StackEntryTableLock' : [ 0x20, ['_RTL_SRWLOCK']],
+    'SegmentTableLock' : [ 0x28, ['_RTL_SRWLOCK']],
+    'Allocate' : [ 0x30, ['pointer64', ['void']]],
+    'Free' : [ 0x38, ['pointer64', ['void']]],
+    'AllocatorContext' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_HEAP_LFH_FAST_REF' : [ 0x8, {
+    'Target' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_OWNER' : [ 0x38, {
+    'IsBucket' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'BucketIndex' : [ 0x1, ['unsigned char']],
+    'SlotCount' : [ 0x2, ['unsigned char']],
+    'SlotIndex' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'AvailableSubsegmentCount' : [ 0x8, ['unsigned long long']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+    'AvailableSubsegmentList' : [ 0x18, ['_LIST_ENTRY']],
+    'FullSubsegmentList' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_LFH_CONTEXT' : [ 0x4c0, {
+    'BackendCtx' : [ 0x0, ['pointer64', ['void']]],
+    'Callbacks' : [ 0x8, ['_HEAP_SUBALLOCATOR_CALLBACKS']],
+    'AffinityModArray' : [ 0x30, ['pointer64', ['unsigned char']]],
+    'MaxAffinity' : [ 0x38, ['unsigned char']],
+    'LockType' : [ 0x39, ['unsigned char']],
+    'MemStatsOffset' : [ 0x3a, ['short']],
+    'Config' : [ 0x3c, ['_RTL_HP_LFH_CONFIG']],
+    'BucketStats' : [ 0x40, ['_HEAP_LFH_SUBSEGMENT_STATS']],
+    'SubsegmentCreationLock' : [ 0x48, ['unsigned long long']],
+    'Buckets' : [ 0x80, ['array', 129, ['pointer64', ['_HEAP_LFH_BUCKET']]]],
+} ],
+  '_HEAP_LFH_BUCKET' : [ 0x68, {
+    'State' : [ 0x0, ['_HEAP_LFH_SUBSEGMENT_OWNER']],
+    'TotalBlockCount' : [ 0x38, ['unsigned long long']],
+    'TotalSubsegmentCount' : [ 0x40, ['unsigned long long']],
+    'ReciprocalBlockSize' : [ 0x48, ['unsigned long']],
+    'Shift' : [ 0x4c, ['unsigned char']],
+    'ContentionCount' : [ 0x4d, ['unsigned char']],
+    'AffinityMappingLock' : [ 0x50, ['unsigned long long']],
+    'ProcAffinityMapping' : [ 0x58, ['pointer64', ['unsigned char']]],
+    'AffinitySlots' : [ 0x60, ['pointer64', ['pointer64', ['_HEAP_LFH_AFFINITY_SLOT']]]],
+} ],
+  '_HEAP_LFH_ONDEMAND_POINTER' : [ 0x8, {
+    'Invalid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'AllocationInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'UsageData' : [ 0x2, ['unsigned short']],
+    'AllBits' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_ENCODED_OFFSETS' : [ 0x4, {
+    'BlockSize' : [ 0x0, ['unsigned short']],
+    'FirstBlockOffset' : [ 0x2, ['unsigned short']],
+    'EncodedData' : [ 0x0, ['unsigned long']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Owner' : [ 0x10, ['pointer64', ['_HEAP_LFH_SUBSEGMENT_OWNER']]],
+    'DelayFree' : [ 0x10, ['_HEAP_LFH_SUBSEGMENT_DELAY_FREE']],
+    'CommitLock' : [ 0x18, ['unsigned long long']],
+    'FreeCount' : [ 0x20, ['unsigned short']],
+    'BlockCount' : [ 0x22, ['unsigned short']],
+    'InterlockedShort' : [ 0x20, ['short']],
+    'InterlockedLong' : [ 0x20, ['long']],
+    'FreeHint' : [ 0x24, ['unsigned short']],
+    'Location' : [ 0x26, ['unsigned char']],
+    'WitheldBlockCount' : [ 0x27, ['unsigned char']],
+    'BlockOffsets' : [ 0x28, ['_HEAP_LFH_SUBSEGMENT_ENCODED_OFFSETS']],
+    'CommitUnitShift' : [ 0x2c, ['unsigned char']],
+    'CommitUnitCount' : [ 0x2d, ['unsigned char']],
+    'CommitStateOffset' : [ 0x2e, ['unsigned short']],
+    'BlockBitmap' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_HEAP_LFH_UNUSED_BYTES_INFO' : [ 0x2, {
+    'UnusedBytes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 14, native_type='unsigned short')]],
+    'ExtraPresent' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'OneByteUnused' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Bytes' : [ 0x0, ['array', 2, ['unsigned char']]],
+} ],
+  '_RTLP_HP_QUEUE_LOCK_HANDLE' : [ 0x18, {
+    'Reserved1' : [ 0x0, ['unsigned long long']],
+    'LockPtr' : [ 0x8, ['unsigned long long']],
+    'HandleData' : [ 0x10, ['unsigned long long']],
+} ],
+  '_HEAP_VS_CONTEXT' : [ 0xc0, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'LockType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'HeapLockPaged', 1: u'HeapLockNonPaged', 2: u'HeapLockTypeMax'})]],
+    'FreeChunkTree' : [ 0x10, ['_RTL_RB_TREE']],
+    'SubsegmentList' : [ 0x20, ['_LIST_ENTRY']],
+    'TotalCommittedUnits' : [ 0x30, ['unsigned long long']],
+    'FreeCommittedUnits' : [ 0x38, ['unsigned long long']],
+    'DelayFreeContext' : [ 0x40, ['_HEAP_VS_DELAY_FREE_CONTEXT']],
+    'BackendCtx' : [ 0x80, ['pointer64', ['void']]],
+    'Callbacks' : [ 0x88, ['_HEAP_SUBALLOCATOR_CALLBACKS']],
+    'Config' : [ 0xb0, ['_RTL_HP_VS_CONFIG']],
+    'Flags' : [ 0xb4, ['unsigned long']],
+} ],
+  '_HEAP_VS_CHUNK_HEADER' : [ 0x10, {
+    'Sizes' : [ 0x0, ['_HEAP_VS_CHUNK_HEADER_SIZE']],
+    'EncodedSegmentPageOffset' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'UnusedBytes' : [ 0x8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SkipDuringWalk' : [ 0x8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare' : [ 0x8, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'AllocatedChunkBits' : [ 0x8, ['unsigned long']],
+} ],
+  '_HEAP_VS_CHUNK_HEADER_SIZE' : [ 0x8, {
+    'MemoryCost' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UnsafeSize' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'UnsafePrevSize' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Allocated' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'KeyUShort' : [ 0x0, ['unsigned short']],
+    'KeyULong' : [ 0x0, ['unsigned long']],
+    'HeaderBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_VS_CHUNK_FREE_HEADER' : [ 0x20, {
+    'Header' : [ 0x0, ['_HEAP_VS_CHUNK_HEADER']],
+    'OverlapsHeader' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['_RTL_BALANCED_NODE']],
+} ],
+  '_HEAP_VS_SUBSEGMENT' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommitBitmap' : [ 0x10, ['unsigned long long']],
+    'CommitLock' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned short']],
+    'Signature' : [ 0x22, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'FullCommit' : [ 0x22, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_HEAP_VS_UNUSED_BYTES_INFO' : [ 0x2, {
+    'UnusedBytes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 13, native_type='unsigned short')]],
+    'LfhSubsegment' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'ExtraPresent' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'OneByteUnused' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Bytes' : [ 0x0, ['array', 2, ['unsigned char']]],
+} ],
+  '_HEAP_PAGE_RANGE_DESCRIPTOR' : [ 0x20, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'TreeSignature' : [ 0x0, ['unsigned long']],
+    'UnusedBytes' : [ 0x4, ['unsigned long']],
+    'ExtraPresent' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare0' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'RangeFlags' : [ 0x18, ['unsigned char']],
+    'CommittedPageCount' : [ 0x19, ['unsigned char']],
+    'Spare' : [ 0x1a, ['unsigned short']],
+    'Key' : [ 0x1c, ['_HEAP_DESCRIPTOR_KEY']],
+    'Align' : [ 0x1c, ['array', 3, ['unsigned char']]],
+    'UnitOffset' : [ 0x1f, ['unsigned char']],
+    'UnitSize' : [ 0x1f, ['unsigned char']],
+} ],
+  '_HEAP_PAGE_SEGMENT' : [ 0x2000, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x10, ['unsigned long long']],
+    'SegmentCommitState' : [ 0x18, ['pointer64', ['_HEAP_SEGMENT_MGR_COMMIT_STATE']]],
+    'UnusedWatermark' : [ 0x20, ['unsigned char']],
+    'DescArray' : [ 0x0, ['array', 256, ['_HEAP_PAGE_RANGE_DESCRIPTOR']]],
+} ],
+  '__unnamed_236c' : [ 0x1, {
+    'LargePagePolicy' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReleaseEmptySegments' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'AllFlags' : [ 0x0, ['unsigned char']],
+} ],
+  '_HEAP_SEG_CONTEXT' : [ 0xc0, {
+    'SegmentMask' : [ 0x0, ['unsigned long long']],
+    'UnitShift' : [ 0x8, ['unsigned char']],
+    'PagesPerUnitShift' : [ 0x9, ['unsigned char']],
+    'FirstDescriptorIndex' : [ 0xa, ['unsigned char']],
+    'CachedCommitSoftShift' : [ 0xb, ['unsigned char']],
+    'CachedCommitHighShift' : [ 0xc, ['unsigned char']],
+    'Flags' : [ 0xd, ['__unnamed_236c']],
+    'MaxAllocationSize' : [ 0x10, ['unsigned long']],
+    'OlpStatsOffset' : [ 0x14, ['short']],
+    'MemStatsOffset' : [ 0x16, ['short']],
+    'LfhContext' : [ 0x18, ['pointer64', ['void']]],
+    'VsContext' : [ 0x20, ['pointer64', ['void']]],
+    'EnvHandle' : [ 0x28, ['RTL_HP_ENV_HANDLE']],
+    'Heap' : [ 0x38, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x40, ['unsigned long long']],
+    'SegmentListHead' : [ 0x48, ['_LIST_ENTRY']],
+    'SegmentCount' : [ 0x58, ['unsigned long long']],
+    'FreePageRanges' : [ 0x60, ['_RTL_RB_TREE']],
+    'FreeSegmentListLock' : [ 0x70, ['unsigned long long']],
+    'FreeSegmentList' : [ 0x78, ['array', 2, ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_HEAP_RUNTIME_MEMORY_STATS' : [ 0x58, {
+    'TotalReservedPages' : [ 0x0, ['unsigned long long']],
+    'TotalCommittedPages' : [ 0x8, ['unsigned long long']],
+    'FreeCommittedPages' : [ 0x10, ['unsigned long long']],
+    'LfhFreeCommittedPages' : [ 0x18, ['unsigned long long']],
+    'LargePageStats' : [ 0x20, ['array', 2, ['_HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS']]],
+    'LargePageUtilizationPolicy' : [ 0x40, ['_RTL_HP_SEG_ALLOC_POLICY']],
+} ],
+  '_HEAP_DESCRIPTOR_KEY' : [ 0x4, {
+    'Key' : [ 0x0, ['unsigned long']],
+    'EncodedCommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'LargePageCost' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'UnitCount' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'RTL_HP_ENV_HANDLE' : [ 0x10, {
+    'h' : [ 0x0, ['array', 2, ['pointer64', ['void']]]],
+} ],
+  '_SEGMENT_HEAP' : [ 0x800, {
+    'EnvHandle' : [ 0x0, ['RTL_HP_ENV_HANDLE']],
+    'Signature' : [ 0x10, ['unsigned long']],
+    'GlobalFlags' : [ 0x14, ['unsigned long']],
+    'Interceptor' : [ 0x18, ['unsigned long']],
+    'ProcessHeapListIndex' : [ 0x1c, ['unsigned short']],
+    'AllocatedFromMetadata' : [ 0x1e, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'CommitLimitData' : [ 0x20, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+    'ReservedMustBeZero1' : [ 0x20, ['unsigned long long']],
+    'UserContext' : [ 0x28, ['pointer64', ['void']]],
+    'ReservedMustBeZero2' : [ 0x30, ['unsigned long long']],
+    'Spare' : [ 0x38, ['pointer64', ['void']]],
+    'LargeMetadataLock' : [ 0x40, ['unsigned long long']],
+    'LargeAllocMetadata' : [ 0x48, ['_RTL_RB_TREE']],
+    'LargeReservedPages' : [ 0x58, ['unsigned long long']],
+    'LargeCommittedPages' : [ 0x60, ['unsigned long long']],
+    'StackTraceInitVar' : [ 0x68, ['_RTL_RUN_ONCE']],
+    'MemStats' : [ 0x80, ['_HEAP_RUNTIME_MEMORY_STATS']],
+    'GlobalLockCount' : [ 0xd8, ['unsigned short']],
+    'GlobalLockOwner' : [ 0xdc, ['unsigned long']],
+    'ContextExtendLock' : [ 0xe0, ['unsigned long long']],
+    'AllocatedBase' : [ 0xe8, ['pointer64', ['unsigned char']]],
+    'UncommittedBase' : [ 0xf0, ['pointer64', ['unsigned char']]],
+    'ReservedLimit' : [ 0xf8, ['pointer64', ['unsigned char']]],
+    'SegContexts' : [ 0x100, ['array', 2, ['_HEAP_SEG_CONTEXT']]],
+    'VsContext' : [ 0x280, ['_HEAP_VS_CONTEXT']],
+    'LfhContext' : [ 0x340, ['_HEAP_LFH_CONTEXT']],
+} ],
+  '_RTL_DYNAMIC_LOOKASIDE' : [ 0x1040, {
+    'EnabledBucketBitmap' : [ 0x0, ['unsigned long long']],
+    'BucketCount' : [ 0x8, ['unsigned long']],
+    'ActiveBucketCount' : [ 0xc, ['unsigned long']],
+    'Buckets' : [ 0x40, ['array', 64, ['_RTL_LOOKASIDE']]],
+} ],
+  '_RTL_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x10, ['unsigned short']],
+    'MaximumDepth' : [ 0x12, ['unsigned short']],
+    'TotalAllocates' : [ 0x14, ['unsigned long']],
+    'AllocateMisses' : [ 0x18, ['unsigned long']],
+    'TotalFrees' : [ 0x1c, ['unsigned long']],
+    'FreeMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x24, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x28, ['unsigned long']],
+    'LastTotalFrees' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x38, {
+    'ExtendedLookup' : [ 0x0, ['pointer64', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x8, ['unsigned long']],
+    'ExtraItem' : [ 0xc, ['unsigned long']],
+    'ItemCount' : [ 0x10, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x14, ['unsigned long']],
+    'BaseIndex' : [ 0x18, ['unsigned long']],
+    'ListHead' : [ 0x20, ['pointer64', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x28, ['pointer64', ['unsigned long']]],
+    'ListHints' : [ 0x30, ['pointer64', ['pointer64', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x2c0, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+    'Flags' : [ 0x70, ['unsigned long']],
+    'ForceFlags' : [ 0x74, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x78, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x7c, ['unsigned long']],
+    'Encoding' : [ 0x80, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x90, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x94, ['unsigned long']],
+    'Signature' : [ 0x98, ['unsigned long']],
+    'SegmentReserve' : [ 0xa0, ['unsigned long long']],
+    'SegmentCommit' : [ 0xa8, ['unsigned long long']],
+    'DeCommitFreeBlockThreshold' : [ 0xb0, ['unsigned long long']],
+    'DeCommitTotalFreeThreshold' : [ 0xb8, ['unsigned long long']],
+    'TotalFreeSize' : [ 0xc0, ['unsigned long long']],
+    'MaximumAllocationSize' : [ 0xc8, ['unsigned long long']],
+    'ProcessHeapsListIndex' : [ 0xd0, ['unsigned short']],
+    'HeaderValidateLength' : [ 0xd2, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0xd8, ['pointer64', ['void']]],
+    'NextAvailableTagIndex' : [ 0xe0, ['unsigned short']],
+    'MaximumTagIndex' : [ 0xe2, ['unsigned short']],
+    'TagEntries' : [ 0xe8, ['pointer64', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0xf0, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x100, ['unsigned long long']],
+    'AlignMask' : [ 0x108, ['unsigned long long']],
+    'VirtualAllocdBlocks' : [ 0x110, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0x120, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0x130, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0x134, ['unsigned long']],
+    'BlocksIndex' : [ 0x138, ['pointer64', ['void']]],
+    'UCRIndex' : [ 0x140, ['pointer64', ['void']]],
+    'PseudoTagEntries' : [ 0x148, ['pointer64', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0x150, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0x160, ['pointer64', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0x168, ['pointer64', ['void']]],
+    'StackTraceInitVar' : [ 0x170, ['_RTL_RUN_ONCE']],
+    'CommitLimitData' : [ 0x178, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+    'FrontEndHeap' : [ 0x198, ['pointer64', ['void']]],
+    'FrontHeapLockCount' : [ 0x1a0, ['unsigned short']],
+    'FrontEndHeapType' : [ 0x1a2, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0x1a3, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0x1a8, ['pointer64', ['wchar']]],
+    'FrontEndHeapMaximumIndex' : [ 0x1b0, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0x1b2, ['array', 129, ['unsigned char']]],
+    'Counters' : [ 0x238, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x2b0, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_23c5' : [ 0x68, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x68, {
+    'Lock' : [ 0x0, ['__unnamed_23c5']],
+} ],
+  '_HEAP_ENTRY' : [ 0x10, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x70, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x10, ['unsigned long']],
+    'SegmentFlags' : [ 0x14, ['unsigned long']],
+    'SegmentListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Heap' : [ 0x28, ['pointer64', ['_HEAP']]],
+    'BaseAddress' : [ 0x30, ['pointer64', ['void']]],
+    'NumberOfPages' : [ 0x38, ['unsigned long']],
+    'FirstEntry' : [ 0x40, ['pointer64', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x48, ['pointer64', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x50, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x54, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x58, ['unsigned short']],
+    'Reserved' : [ 0x5a, ['unsigned short']],
+    'UCRSegmentList' : [ 0x60, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x40, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x10, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x20, ['unsigned long long']],
+    'ReserveSize' : [ 0x28, ['unsigned long long']],
+    'BusyBlock' : [ 0x30, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x20, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+    'ReservedForAlignment' : [ 0x0, ['pointer64', ['void']]],
+    'Code1' : [ 0x8, ['unsigned long']],
+    'Code2' : [ 0xc, ['unsigned short']],
+    'Code3' : [ 0xe, ['unsigned char']],
+    'Code4' : [ 0xf, ['unsigned char']],
+    'Code234' : [ 0xc, ['unsigned long']],
+    'AgregateCode' : [ 0x8, ['unsigned long long']],
+    'FreeList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_HP_PADDING_HEADER' : [ 0x10, {
+    'PaddingSize' : [ 0x0, ['unsigned long long']],
+    'Spare' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_LARGE_ALLOC_DATA' : [ 0x28, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'VirtualAddress' : [ 0x18, ['unsigned long long']],
+    'UnusedBytes' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'ExtraPresent' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'GuardPageCount' : [ 0x20, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'GuardPageAlignment' : [ 0x20, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned long long')]],
+    'Spare' : [ 0x20, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long long')]],
+    'AllocatedPages' : [ 0x20, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_241d' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_241f' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_241d']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2421' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_2423' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_2421']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x28, {
+    'u1' : [ 0x0, ['__unnamed_241f']],
+    'u2' : [ 0x4, ['__unnamed_2423']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x18, ['unsigned long']],
+    'ClientViewSize' : [ 0x20, ['unsigned long long']],
+    'CallbackId' : [ 0x20, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x8, {
+    'Object' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x38, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer64', ['_BLOB_COUNTERS']]],
+    'CleanupProcedure' : [ 0x18, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x20, ['pointer64', ['void']]],
+    'DestroyProcedure' : [ 0x28, ['pointer64', ['void']]],
+    'UsualSize' : [ 0x30, ['unsigned long long']],
+} ],
+  '__unnamed_243c' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_243e' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_243c']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x30, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_243e']],
+    'ResourceId' : [ 0x11, ['unsigned char']],
+    'CachedReferences' : [ 0x12, ['short']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Lock' : [ 0x20, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_2452' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_2454' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_2452']],
+} ],
+  '_KALPC_SECTION' : [ 0x48, {
+    'SectionObject' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'HandleTable' : [ 0x10, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0x18, ['pointer64', ['void']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x28, ['pointer64', ['_ALPC_PORT']]],
+    'u1' : [ 0x30, ['__unnamed_2454']],
+    'NumberOfRegions' : [ 0x34, ['unsigned long']],
+    'RegionListHead' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_245d' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_245f' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_245d']],
+} ],
+  '_KALPC_REGION' : [ 0x58, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x10, ['pointer64', ['_KALPC_SECTION']]],
+    'Offset' : [ 0x18, ['unsigned long long']],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'ViewSize' : [ 0x28, ['unsigned long long']],
+    'u1' : [ 0x30, ['__unnamed_245f']],
+    'NumberOfViews' : [ 0x34, ['unsigned long']],
+    'ViewListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x48, ['pointer64', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x50, ['pointer64', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_2465' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemSpace' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_2467' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_2465']],
+} ],
+  '_KALPC_VIEW' : [ 0x60, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x10, ['pointer64', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'Address' : [ 0x28, ['pointer64', ['void']]],
+    'Size' : [ 0x30, ['unsigned long long']],
+    'SecureViewHandle' : [ 0x38, ['pointer64', ['void']]],
+    'WriteAccessHandle' : [ 0x40, ['pointer64', ['void']]],
+    'u1' : [ 0x48, ['__unnamed_2467']],
+    'NumberOfOwnerMessages' : [ 0x4c, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x50, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x48, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x8, ['pointer64', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0x18, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x28, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x40, ['pointer64', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_2485' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_2487' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_2485']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x1d8, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x20, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionPacketLookaside' : [ 0x30, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x38, ['pointer64', ['void']]],
+    'StaticSecurity' : [ 0x40, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x90, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0xa0, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0xb0, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0xb8, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0xc8, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0xd0, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0xe8, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0xf8, ['pointer64', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0xf8, ['pointer64', ['_KEVENT']]],
+    'PortAttributes' : [ 0x100, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0x148, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0x150, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0x160, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0x168, ['pointer64', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0x170, ['pointer64', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0x178, ['pointer64', ['void']]],
+    'CanceledQueue' : [ 0x180, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0x190, ['long']],
+    'ReferenceNo' : [ 0x194, ['long']],
+    'ReferenceNoWait' : [ 0x198, ['pointer64', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0x1a0, ['__unnamed_2487']],
+    'TargetQueuePort' : [ 0x1a8, ['pointer64', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0x1b0, ['pointer64', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x1b8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x1c0, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x1c4, ['unsigned long']],
+    'PendingQueueLength' : [ 0x1c8, ['unsigned long']],
+    'DirectQueueLength' : [ 0x1cc, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x1d0, ['unsigned long']],
+    'WaitQueueLength' : [ 0x1d4, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0xa0, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x20, ['pointer64', ['_MDL']]],
+    'UserVa' : [ 0x28, ['pointer64', ['void']]],
+    'UserLimit' : [ 0x30, ['pointer64', ['void']]],
+    'DataUserVa' : [ 0x38, ['pointer64', ['void']]],
+    'SystemVa' : [ 0x40, ['pointer64', ['void']]],
+    'TotalSize' : [ 0x48, ['unsigned long long']],
+    'Header' : [ 0x50, ['pointer64', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x58, ['pointer64', ['void']]],
+    'ListSize' : [ 0x60, ['unsigned long long']],
+    'Bitmap' : [ 0x68, ['pointer64', ['void']]],
+    'BitmapSize' : [ 0x70, ['unsigned long long']],
+    'Data' : [ 0x78, ['pointer64', ['void']]],
+    'DataSize' : [ 0x80, ['unsigned long long']],
+    'BitmapLimit' : [ 0x88, ['unsigned long']],
+    'BitmapNextHint' : [ 0x8c, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x90, ['unsigned long']],
+    'AttributeFlags' : [ 0x94, ['unsigned long']],
+    'AttributeSize' : [ 0x98, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ObjectName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQualityOfService' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0xd8, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x20, ['pointer64', ['void']]],
+    'Index' : [ 0x28, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x2c, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x30, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x34, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x38, ['unsigned long']],
+    'TypeInfo' : [ 0x40, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0xc0, ['unsigned long']],
+    'CallbackList' : [ 0xc8, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x20, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x18, ['long']],
+} ],
+  '_PORT_MESSAGE32' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_241f']],
+    'u2' : [ 0x4, ['__unnamed_2423']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID32']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_24aa' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_24ac' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_24aa']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x118, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x10, ['pointer64', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x20, ['pointer64', ['_ETHREAD']]],
+    'u1' : [ 0x28, ['__unnamed_24ac']],
+    'SequenceNo' : [ 0x2c, ['long']],
+    'QuotaProcess' : [ 0x30, ['pointer64', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x30, ['pointer64', ['void']]],
+    'CancelSequencePort' : [ 0x38, ['pointer64', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x40, ['pointer64', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x48, ['long']],
+    'CancelListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x60, ['pointer64', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x68, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0xb0, ['pointer64', ['void']]],
+    'CommunicationInfo' : [ 0xb8, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0xc0, ['pointer64', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0xc8, ['pointer64', ['_ETHREAD']]],
+    'WakeReference' : [ 0xd0, ['pointer64', ['void']]],
+    'WakeReference2' : [ 0xd8, ['pointer64', ['void']]],
+    'ExtensionBuffer' : [ 0xe0, ['pointer64', ['void']]],
+    'ExtensionBufferSize' : [ 0xe8, ['unsigned long long']],
+    'PortMessage' : [ 0xf0, ['_PORT_MESSAGE']],
+} ],
+  '_KALPC_RESERVE' : [ 0x30, {
+    'OwnerPort' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x8, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Message' : [ 0x18, ['pointer64', ['_KALPC_MESSAGE']]],
+    'Size' : [ 0x20, ['unsigned long long']],
+    'Active' : [ 0x28, ['long']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x40, {
+    'PortObject' : [ 0x0, ['pointer64', ['_ALPC_PORT']]],
+    'Message' : [ 0x8, ['pointer64', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x10, ['pointer64', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'TargetPort' : [ 0x20, ['pointer64', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x28, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'TotalLength' : [ 0x34, ['unsigned short']],
+    'Type' : [ 0x36, ['unsigned short']],
+    'DataInfoOffset' : [ 0x38, ['unsigned short']],
+    'SignalCompletion' : [ 0x3a, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x3b, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x8, ['unsigned long long']],
+    'ViewBase' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x30, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x48, {
+    'ClientContext' : [ 0x0, ['pointer64', ['void']]],
+    'ServerContext' : [ 0x8, ['pointer64', ['void']]],
+    'PortContext' : [ 0x10, ['pointer64', ['void']]],
+    'CancelPortContext' : [ 0x18, ['pointer64', ['void']]],
+    'SecurityData' : [ 0x20, ['pointer64', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x28, ['pointer64', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x30, ['pointer64', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x38, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x40, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_24f2' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_24f4' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_24f2']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x70, {
+    'HandleTable' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x8, ['pointer64', ['void']]],
+    'OwningProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x18, ['pointer64', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x68, ['__unnamed_24f4']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'DirectType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'EventReferenced' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'EventObjectBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x50, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x10, ['unsigned long']],
+    'KeyContext' : [ 0x18, ['pointer64', ['void']]],
+    'ApcContext' : [ 0x20, ['pointer64', ['void']]],
+    'IoStatus' : [ 0x28, ['long']],
+    'IoStatusInformation' : [ 0x30, ['unsigned long long']],
+    'MiniPacketCallback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'Allocated' : [ 0x48, ['unsigned char']],
+} ],
+  '__unnamed_253d' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UserFlags' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 32, native_type='unsigned long long')]],
+    'SystemFlags' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 48, native_type='unsigned long long')]],
+    'UserFlagsId' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x40, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer64', ['void']]],
+    'DiskIoAttributionHandle' : [ 0x10, ['unsigned long long']],
+    'ActivityId' : [ 0x18, ['_GUID']],
+    'Timestamp' : [ 0x28, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x28, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x28, ['pointer64', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x30, ['long long']],
+    'AdapterCryptoParameters' : [ 0x28, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+    'DriverFlags' : [ 0x38, ['__unnamed_253d']],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x20, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer64', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x58, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x8, ['array', 9, ['pointer64', ['void']]]],
+    'FoIoPriorityHint' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0xd8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x10, ['long']],
+    'Information' : [ 0x18, ['unsigned long long']],
+    'ParseCheck' : [ 0x20, ['unsigned long']],
+    'RelatedFileObject' : [ 0x28, ['pointer64', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x30, ['pointer64', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x38, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x40, ['unsigned long']],
+    'FileAttributes' : [ 0x44, ['unsigned short']],
+    'ShareAccess' : [ 0x46, ['unsigned short']],
+    'EaBuffer' : [ 0x48, ['pointer64', ['void']]],
+    'EaLength' : [ 0x50, ['unsigned long']],
+    'Options' : [ 0x54, ['unsigned long']],
+    'Disposition' : [ 0x58, ['unsigned long']],
+    'BasicInformation' : [ 0x60, ['pointer64', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x68, ['pointer64', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x70, ['pointer64', ['void']]],
+    'CreateFileType' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x80, ['pointer64', ['void']]],
+    'Override' : [ 0x88, ['unsigned char']],
+    'QueryOnly' : [ 0x89, ['unsigned char']],
+    'DeleteOnly' : [ 0x8a, ['unsigned char']],
+    'FullAttributes' : [ 0x8b, ['unsigned char']],
+    'LocalFileObject' : [ 0x90, ['pointer64', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x98, ['unsigned long']],
+    'AccessMode' : [ 0x9c, ['unsigned char']],
+    'DriverCreateContext' : [ 0xa0, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0xcc, ['unsigned long']],
+    'FilterQuery' : [ 0xd0, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_25b2' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x118, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_25b2']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer64', ['wchar']]],
+    'LogFileName' : [ 0x40, ['pointer64', ['wchar']]],
+    'TimeZone' : [ 0x48, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf8, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0x100, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x108, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x110, ['unsigned long']],
+    'BuffersLost' : [ 0x114, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x10, {
+    'QueueTail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStatePendingCompression', 5: u'EtwBufferStateCompressed', 6: u'EtwBufferStatePlaceholder', 7: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer64', ['void']]],
+    'Pointer1' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x550, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'ErrorMarker' : [ 0x1c, ['unsigned long']],
+    'SizeMask' : [ 0x20, ['unsigned long']],
+    'GetCpuClock' : [ 0x28, ['unsigned long long']],
+    'LoggerThread' : [ 0x30, ['pointer64', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x38, ['long']],
+    'FailureReason' : [ 0x3c, ['unsigned long']],
+    'BufferQueue' : [ 0x40, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x50, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x60, ['_LIST_ENTRY']],
+    'DebugIdTrackingList' : [ 0x70, ['_LIST_ENTRY']],
+    'DecodeControlList' : [ 0x80, ['pointer64', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'DecodeControlCount' : [ 0x88, ['unsigned long']],
+    'BatchedBufferList' : [ 0x90, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x90, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x98, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0xa8, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0xb8, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0xc8, ['_UNICODE_STRING']],
+    'ClockType' : [ 0xd8, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'FlushThreshold' : [ 0xe4, ['unsigned long']],
+    'ByteOffset' : [ 0xe8, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0xf0, ['unsigned long']],
+    'BuffersAvailable' : [ 0xf4, ['long']],
+    'NumberOfBuffers' : [ 0xf8, ['long']],
+    'MaximumBuffers' : [ 0xfc, ['unsigned long']],
+    'EventsLost' : [ 0x100, ['unsigned long']],
+    'PeakBuffersCount' : [ 0x104, ['long']],
+    'BuffersWritten' : [ 0x108, ['unsigned long']],
+    'LogBuffersLost' : [ 0x10c, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0x110, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0x114, ['unsigned long']],
+    'SequencePtr' : [ 0x118, ['pointer64', ['long']]],
+    'LocalSequence' : [ 0x120, ['unsigned long']],
+    'InstanceGuid' : [ 0x124, ['_GUID']],
+    'MaximumFileSize' : [ 0x134, ['unsigned long']],
+    'FileCounter' : [ 0x138, ['long']],
+    'PoolType' : [ 0x13c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0x140, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0x150, ['long']],
+    'ProviderInfoSize' : [ 0x154, ['unsigned long']],
+    'Consumers' : [ 0x158, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x168, ['unsigned long']],
+    'TransitionConsumer' : [ 0x170, ['pointer64', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x178, ['pointer64', ['void']]],
+    'RealtimeLogfileName' : [ 0x180, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x190, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x198, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x1a0, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x1a8, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x1b0, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x1b8, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x1c0, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x1d0, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x1d8, ['_KEVENT']],
+    'FlushEvent' : [ 0x1f0, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x208, ['_KTIMER']],
+    'LoggerDpc' : [ 0x248, ['_KDPC']],
+    'LoggerMutex' : [ 0x288, ['_KMUTANT']],
+    'LoggerLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x2c8, ['unsigned long long']],
+    'BufferListPushLock' : [ 0x2c8, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x2d0, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x318, ['pointer64', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x320, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x328, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x330, ['pointer64', ['void']]],
+    'BufferSequenceNumber' : [ 0x338, ['long long']],
+    'Flags' : [ 0x340, ['unsigned long']],
+    'Persistent' : [ 0x340, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x340, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x340, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x340, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x340, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x340, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x340, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x340, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x340, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x340, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x340, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x340, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x340, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x340, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x340, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LastBranchTracing' : [ 0x340, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x340, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x340, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProviderTracking' : [ 0x340, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessorTrace' : [ 0x340, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'QpcDeltaTracking' : [ 0x340, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'MarkerBufferSaved' : [ 0x340, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'LargeMdlPages' : [ 0x340, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'ExcludeKernelStack' : [ 0x340, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x340, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x344, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x344, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x344, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x344, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x344, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x344, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x344, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x344, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x344, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x344, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x344, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x344, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'StackTraceBlock' : [ 0x350, ['_ETW_STACK_TRACE_BLOCK']],
+    'HookIdMap' : [ 0x3d0, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x3e0, ['pointer64', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x3e8, ['pointer64', ['_ETW_PMC_SUPPORT']]],
+    'LbrData' : [ 0x3f0, ['pointer64', ['_ETW_LBR_SUPPORT']]],
+    'IptData' : [ 0x3f8, ['pointer64', ['_ETW_IPT_SUPPORT']]],
+    'BinaryTrackingList' : [ 0x400, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x410, ['pointer64', ['pointer64', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x418, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x428, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x430, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x440, ['pointer64', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x448, ['Enumeration', dict(target = 'long', choices = {0: u'EtwpPeriodicTimerUnset', 1: u'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x450, ['pointer64', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x458, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x460, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x480, ['long']],
+    'CompressionLock' : [ 0x488, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x490, ['pointer64', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x498, ['pointer64', ['void']]],
+    'CompressionOn' : [ 0x4a0, ['long']],
+    'CompressionRatioGuess' : [ 0x4a4, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x4a8, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x4ac, ['Enumeration', dict(target = 'long', choices = {0: u'EtwCompressionModeRestart', 1: u'EtwCompressionModeNoDisable', 2: u'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x4b0, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x4b8, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x4f8, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x500, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x508, ['_LARGE_INTEGER']],
+    'ReferenceQpcDelta' : [ 0x510, ['long long']],
+    'CallbackContext' : [ 0x518, ['pointer64', ['_ETW_EVENT_CALLBACK_CONTEXT']]],
+    'LastDroppedTime' : [ 0x520, ['pointer64', ['_LARGE_INTEGER']]],
+    'FlushingLastDroppedTime' : [ 0x528, ['pointer64', ['_LARGE_INTEGER']]],
+    'FlushingSequenceNumber' : [ 0x530, ['long long']],
+    'PartitionContext' : [ 0x538, ['_ETW_PARTITION_CONTEXT']],
+    'BufferMdl' : [ 0x540, ['pointer64', ['_MDL']]],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x20, {
+    'Source' : [ 0x0, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x14, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x18, ['array', 1, ['pointer64', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LBR_SUPPORT' : [ 0x14, {
+    'LbrHandle' : [ 0x0, ['unsigned long']],
+    'LbrOptions' : [ 0x4, ['unsigned long']],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_IPT_SUPPORT' : [ 0x28, {
+    'IptHandle' : [ 0x0, ['pointer64', ['void']]],
+    'IptOption' : [ 0x8, ['unsigned long long']],
+    'EtwHwTraceExtInterface' : [ 0x10, ['pointer64', ['_ETW_HW_TRACE_EXT_INTERFACE']]],
+    'HookIdCount' : [ 0x18, ['unsigned long']],
+    'HookId' : [ 0x1c, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0x1220, {
+    'Silo' : [ 0x0, ['pointer64', ['_EJOB']]],
+    'SiloGlobals' : [ 0x8, ['pointer64', ['_ESERVERSILO_GLOBALS']]],
+    'MaxLoggers' : [ 0x10, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x18, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x1c0, ['pointer64', ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'EtwpLoggerContext' : [ 0x1c8, ['pointer64', ['pointer64', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x1d0, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0xfd0, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0xfe0, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0xfe4, ['long']],
+    'EtwpSecurityProviderPID' : [ 0xfe8, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0xff0, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0x1010, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0x1020, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0x1028, ['pointer64', ['_ETW_SILO_TRACING_BLOCK']]],
+    'ContainerRestoreWnfSubscription' : [ 0x1030, ['pointer64', ['_EX_WNF_SUBSCRIPTION']]],
+    'PartitionId' : [ 0x1038, ['_GUID']],
+    'ParentId' : [ 0x1048, ['_GUID']],
+    'QpcOffsetFromRoot' : [ 0x1058, ['_LARGE_INTEGER']],
+    'PartitionName' : [ 0x1060, ['pointer64', ['unsigned char']]],
+    'PartitionNameSize' : [ 0x1068, ['unsigned short']],
+    'UnusedPadding' : [ 0x106a, ['unsigned short']],
+    'PartitionType' : [ 0x106c, ['unsigned long']],
+    'SystemLoggerSettings' : [ 0x1070, ['_ETW_SYSTEM_LOGGER_SETTINGS']],
+    'EtwpStartTraceMutex' : [ 0x11e8, ['_KMUTANT']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x30, {
+    'SystemLogonSession' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x10, ['pointer64', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0x18, ['pointer64', ['void']]],
+    'UncSystemPaths' : [ 0x20, ['pointer64', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x28, ['pointer64', ['_CI_NGEN_PATHS']]],
+} ],
+  '_TOKEN' : [ 0x498, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer64', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x38, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x98, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0xa0, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0xa8, ['pointer64', ['void']]],
+    'DynamicPart' : [ 0xb0, ['pointer64', ['unsigned long']]],
+    'DefaultDacl' : [ 0xb8, ['pointer64', ['_ACL']]],
+    'TokenType' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xc4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xc8, ['unsigned long']],
+    'TokenInUse' : [ 0xcc, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xd0, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xd4, ['unsigned long']],
+    'LogonSession' : [ 0xd8, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xe0, ['_LUID']],
+    'SidHash' : [ 0xe8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x1f8, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x308, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x310, ['pointer64', ['void']]],
+    'Capabilities' : [ 0x318, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x320, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x328, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x438, ['pointer64', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x440, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x448, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x450, ['pointer64', ['void']]],
+    'TrustLinkedToken' : [ 0x458, ['pointer64', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x460, ['pointer64', ['void']]],
+    'TokenSidValues' : [ 0x468, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x470, ['pointer64', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x478, ['pointer64', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x480, ['pointer64', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x488, ['pointer64', ['void']]],
+    'VariablePart' : [ 0x490, ['unsigned long long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0xc0, {
+    'Next' : [ 0x0, ['pointer64', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x8, ['_LUID']],
+    'BuddyLogonId' : [ 0x10, ['_LUID']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'pDeviceMap' : [ 0x28, ['pointer64', ['_DEVICE_MAP']]],
+    'Token' : [ 0x30, ['pointer64', ['void']]],
+    'AccountName' : [ 0x38, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x48, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x58, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x70, ['pointer64', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x78, ['pointer64', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x80, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0xa0, ['pointer64', ['_EJOB']]],
+    'SiblingAuthId' : [ 0xa8, ['_LUID']],
+    'TokenList' : [ 0xb0, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x38, {
+    'PointerCount' : [ 0x0, ['long long']],
+    'HandleCount' : [ 0x8, ['long long']],
+    'NextToFree' : [ 0x8, ['pointer64', ['void']]],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0x18, ['unsigned char']],
+    'TraceFlags' : [ 0x19, ['unsigned char']],
+    'DbgRefTrace' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0x1a, ['unsigned char']],
+    'Flags' : [ 0x1b, ['unsigned char']],
+    'NewObject' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0x1b, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0x1b, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0x1b, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0x1b, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+    'ObjectCreateInfo' : [ 0x20, ['pointer64', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityDescriptor' : [ 0x28, ['pointer64', ['void']]],
+    'Body' : [ 0x30, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x20, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0x10, ['pointer64', ['void']]],
+    'Reserved2' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x10, {
+    'ExclusiveProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x10, {
+    'HandleCountDataBase' : [ 0x0, ['pointer64', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x20, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'Reserved' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x20, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x10, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x18, ['unsigned short']],
+    'Reserved1' : [ 0x1a, ['unsigned short']],
+    'Reserved2' : [ 0x1c, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x10, {
+    'SecurityDescriptor' : [ 0x0, ['pointer64', ['void']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x10, {
+    'Footer' : [ 0x0, ['pointer64', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x30, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x20, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x10, {
+    'Context1' : [ 0x0, ['pointer64', ['void']]],
+    'Context2' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x10, ['pointer64', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0x18, ['unsigned char']],
+    'Padding1' : [ 0x19, ['array', 3, ['unsigned char']]],
+    'Padding2' : [ 0x1c, ['array', 4, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x28, {
+    'Directory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'EntryLink' : [ 0x10, ['pointer64', ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0x18, ['unsigned long']],
+    'HashIndex' : [ 0x1c, ['unsigned short']],
+    'DirectoryLocked' : [ 0x1e, ['unsigned char']],
+    'LockedExclusive' : [ 0x1f, ['unsigned char']],
+    'LockStateSignature' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0x158, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x130, ['pointer64', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x138, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0x140, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x148, ['pointer64', ['void']]],
+    'Flags' : [ 0x150, ['unsigned long']],
+    'SessionId' : [ 0x154, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x2e0, {
+    'SystemDeviceMap' : [ 0x0, ['pointer64', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x8, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x78, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x80, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0x18, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x8, ['pointer64', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x10, ['pointer64', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x430, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x10, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x14, ['unsigned long']],
+    'ErrorCount' : [ 0x18, ['long']],
+    'RecordCount' : [ 0x1c, ['unsigned long']],
+    'RecordLength' : [ 0x20, ['unsigned long']],
+    'PoolTag' : [ 0x24, ['unsigned long']],
+    'Type' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x30, ['pointer64', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x38, ['pointer64', ['void']]],
+    'SectionCount' : [ 0x40, ['unsigned long']],
+    'SectionLength' : [ 0x44, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x48, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x50, ['unsigned long']],
+    'TotalErrors' : [ 0x54, ['unsigned long']],
+    'Deferred' : [ 0x58, ['unsigned char']],
+    'Busy' : [ 0x5c, ['long']],
+    'Descriptor' : [ 0x60, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xf0, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x10, ['unsigned long']],
+    'ProcessorNumber' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x1c, ['long']],
+    'ErrorSource' : [ 0x20, ['pointer64', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x28, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_WNF_NODE_HEADER' : [ 0x4, {
+    'NodeTypeCode' : [ 0x0, ['unsigned short']],
+    'NodeByteSize' : [ 0x2, ['unsigned short']],
+} ],
+  '_WNF_LOCK' : [ 0x8, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  '_WNF_STATE_NAME_STRUCT' : [ 0x8, {
+    'Version' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NameLifetime' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long long')]],
+    'DataScope' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 10, native_type='unsigned long long')]],
+    'PermanentData' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WNF_SCOPE_INSTANCE' : [ 0x50, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'DataScope' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WnfDataScopeSystem', 1: u'WnfDataScopeSession', 2: u'WnfDataScopeUser', 3: u'WnfDataScopeProcess', 4: u'WnfDataScopeMachine', 5: u'WnfDataScopePhysicalMachine'})]],
+    'InstanceIdSize' : [ 0x14, ['unsigned long']],
+    'InstanceIdData' : [ 0x18, ['pointer64', ['void']]],
+    'ResolverListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'NameSetLock' : [ 0x30, ['_WNF_LOCK']],
+    'NameSet' : [ 0x38, ['_RTL_AVL_TREE']],
+    'PermanentDataStore' : [ 0x40, ['pointer64', ['void']]],
+    'VolatilePermanentDataStore' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_WNF_NAME_INSTANCE' : [ 0xa8, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'TreeLinks' : [ 0x10, ['_RTL_BALANCED_NODE']],
+    'StateName' : [ 0x28, ['_WNF_STATE_NAME_STRUCT']],
+    'ScopeInstance' : [ 0x30, ['pointer64', ['_WNF_SCOPE_INSTANCE']]],
+    'StateNameInfo' : [ 0x38, ['_WNF_STATE_NAME_REGISTRATION']],
+    'StateDataLock' : [ 0x50, ['_WNF_LOCK']],
+    'StateData' : [ 0x58, ['pointer64', ['_WNF_STATE_DATA']]],
+    'CurrentChangeStamp' : [ 0x60, ['unsigned long']],
+    'PermanentDataStore' : [ 0x68, ['pointer64', ['void']]],
+    'StateSubscriptionListLock' : [ 0x70, ['_WNF_LOCK']],
+    'StateSubscriptionListHead' : [ 0x78, ['_LIST_ENTRY']],
+    'TemporaryNameListEntry' : [ 0x88, ['_LIST_ENTRY']],
+    'CreatorProcess' : [ 0x98, ['pointer64', ['_EPROCESS']]],
+    'DataSubscribersCount' : [ 0xa0, ['long']],
+    'CurrentDeliveryCount' : [ 0xa4, ['long']],
+} ],
+  '_WNF_SUBSCRIPTION' : [ 0x88, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'SubscriptionId' : [ 0x10, ['unsigned long long']],
+    'ProcessSubscriptionListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Process' : [ 0x28, ['pointer64', ['_EPROCESS']]],
+    'NameInstance' : [ 0x30, ['pointer64', ['_WNF_NAME_INSTANCE']]],
+    'StateName' : [ 0x38, ['_WNF_STATE_NAME_STRUCT']],
+    'StateSubscriptionListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'CallbackRoutine' : [ 0x50, ['unsigned long long']],
+    'CallbackContext' : [ 0x58, ['pointer64', ['void']]],
+    'CurrentChangeStamp' : [ 0x60, ['unsigned long']],
+    'SubscribedEventSet' : [ 0x64, ['unsigned long']],
+    'PendingSubscriptionListEntry' : [ 0x68, ['_LIST_ENTRY']],
+    'SubscriptionState' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {0: u'WNF_SUB_STATE_QUIESCENT', 1: u'WNF_SUB_STATE_READY_TO_DELIVER', 2: u'WNF_SUB_STATE_IN_DELIVERY', 3: u'WNF_SUB_STATE_RETRY'})]],
+    'SignaledEventSet' : [ 0x7c, ['unsigned long']],
+    'InDeliveryEventSet' : [ 0x80, ['unsigned long']],
+} ],
+  '_WNF_PROCESS_CONTEXT' : [ 0x88, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'WnfProcessesListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'ImplicitScopeInstances' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'TemporaryNamesListLock' : [ 0x38, ['_WNF_LOCK']],
+    'TemporaryNamesListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'ProcessSubscriptionListLock' : [ 0x50, ['_WNF_LOCK']],
+    'ProcessSubscriptionListHead' : [ 0x58, ['_LIST_ENTRY']],
+    'DeliveryPendingListLock' : [ 0x68, ['_WNF_LOCK']],
+    'DeliveryPendingListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'NotificationEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x38, {
+    'ScopeMap' : [ 0x0, ['pointer64', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x8, ['pointer64', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x10, ['pointer64', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x18, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x20, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x28, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x30, ['long long']],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x28, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_KSTATIC_AFFINITY_BLOCK' : [ 0x2a0, {
+    'KeFlushTbAffinity' : [ 0x0, ['_KAFFINITY_EX']],
+    'KeFlushWbAffinity' : [ 0x0, ['_KAFFINITY_EX']],
+    'KeSyncContextAffinity' : [ 0x0, ['_KAFFINITY_EX']],
+    'KeFlushTbDeepIdleAffinity' : [ 0xa8, ['_KAFFINITY_EX']],
+    'KeIpiSendAffinity' : [ 0x150, ['_KAFFINITY_EX']],
+    'KeIpiSendIpiSet' : [ 0x1f8, ['_KAFFINITY_EX']],
+} ],
+  '_WNF_DISPATCHER' : [ 0x30, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'State' : [ 0x28, ['long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0x10, ['pointer64', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'VendorDataLength' : [ 0x20, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x8, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x10, ['pointer64', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0x18, ['long']],
+    'HighWaterMark' : [ 0x1c, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x40, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x28, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x10, ['unsigned long long']],
+    'DpcQueueDepth' : [ 0x18, ['long']],
+    'DpcCount' : [ 0x1c, ['unsigned long']],
+    'ActiveDpc' : [ 0x20, ['pointer64', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_2762' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x5000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2762']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x20, ['unsigned long long']],
+    'NonPagablePages' : [ 0x28, ['unsigned long long']],
+    'CommittedPages' : [ 0x30, ['unsigned long long']],
+    'PagedPoolStart' : [ 0x38, ['pointer64', ['void']]],
+    'PagedPoolEnd' : [ 0x40, ['pointer64', ['void']]],
+    'SessionObject' : [ 0x48, ['pointer64', ['void']]],
+    'SessionObjectHandle' : [ 0x50, ['pointer64', ['void']]],
+    'ImageTree' : [ 0x58, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x60, ['unsigned long']],
+    'AttachCount' : [ 0x64, ['unsigned long']],
+    'AttachGate' : [ 0x68, ['_KGATE']],
+    'WsListEntry' : [ 0x80, ['_LIST_ENTRY']],
+    'WsTreeEntry' : [ 0x90, ['_RTL_BALANCED_NODE']],
+    'PagedPoolInfo' : [ 0xa8, ['_MM_PAGED_POOL_INFO']],
+    'Session' : [ 0xc0, ['_MMSESSION']],
+    'CombineDomain' : [ 0xe0, ['unsigned long long']],
+    'Vm' : [ 0x100, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0x240, ['_MMWSL_INSTANCE']],
+    'AggregateSessionWs' : [ 0x280, ['_MMSUPPORT_AGGREGATION']],
+    'HeapState' : [ 0x2a0, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x2a8, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'TopLevelPteLockBits' : [ 0x2b0, ['array', 32, ['unsigned long']]],
+    'PageDirectory' : [ 0x330, ['_MMPTE']],
+    'SessionVaLock' : [ 0x338, ['_EX_PUSH_LOCK']],
+    'DynamicVaBitMap' : [ 0x340, ['_RTL_BITMAP_EX']],
+    'DynamicVaHint' : [ 0x350, ['unsigned long long']],
+    'SessionPteLock' : [ 0x358, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x360, ['long']],
+    'PagedPoolPdeCount' : [ 0x364, ['long']],
+    'DynamicSessionPdeCount' : [ 0x368, ['unsigned long']],
+    'SystemPteInfo' : [ 0x370, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x3d0, ['pointer64', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x3d8, ['unsigned long long']],
+    'PoolTrackBigPages' : [ 0x3e0, ['pointer64', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x3e8, ['unsigned long long']],
+    'PermittedFaultsTree' : [ 0x3f0, ['_RTL_AVL_TREE']],
+    'IoState' : [ 0x3f8, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x3fc, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x400, ['_KEVENT']],
+    'ServerSilo' : [ 0x418, ['pointer64', ['_EJOB']]],
+    'CreateTime' : [ 0x420, ['unsigned long long']],
+    'PoolTags' : [ 0x1000, ['array', 16384, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x260, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x250, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x258, ['unsigned long']],
+} ],
+  '_CMP_VOLUME_CONTEXT' : [ 0x48, {
+    'VolumeContextListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'VolumeManager' : [ 0x10, ['pointer64', ['_CMP_VOLUME_MANAGER']]],
+    'RefCount' : [ 0x18, ['long long']],
+    'VolumeGuid' : [ 0x20, ['_GUID']],
+    'VolumeFileObject' : [ 0x30, ['pointer64', ['void']]],
+    'VolumeContextLock' : [ 0x38, ['_CMSI_RW_LOCK']],
+    'DeviceUsageNotificationSent' : [ 0x40, ['unsigned char']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x78, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer64', ['void']]],
+    'OpenProcedure' : [ 0x38, ['pointer64', ['void']]],
+    'CloseProcedure' : [ 0x40, ['pointer64', ['void']]],
+    'DeleteProcedure' : [ 0x48, ['pointer64', ['void']]],
+    'ParseProcedure' : [ 0x50, ['pointer64', ['void']]],
+    'ParseProcedureEx' : [ 0x50, ['pointer64', ['void']]],
+    'SecurityProcedure' : [ 0x58, ['pointer64', ['void']]],
+    'QueryNameProcedure' : [ 0x60, ['pointer64', ['void']]],
+    'OkayToCloseProcedure' : [ 0x68, ['pointer64', ['void']]],
+    'WaitObjectFlagMask' : [ 0x70, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x74, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x76, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x60, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0x18, ['unsigned long']],
+    'EntryOffset' : [ 0x18, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0x19, ['unsigned char']],
+    'WaitingBit' : [ 0x19, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x19, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0x1a, ['unsigned char']],
+    'AcquiredBit' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0x1b, ['unsigned char']],
+    'HeadNodeBit' : [ 0x1b, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0x1b, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0x1b, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'SpareFlags' : [ 0x1c, ['unsigned long']],
+    'LockState' : [ 0x20, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x20, ['pointer64', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x20, ['unsigned char']],
+    'Reserved' : [ 0x21, ['array', 6, ['unsigned char']]],
+    'InTreeByte' : [ 0x27, ['unsigned char']],
+    'SessionState' : [ 0x28, ['pointer64', ['void']]],
+    'SessionId' : [ 0x28, ['unsigned long']],
+    'SessionPad' : [ 0x2c, ['unsigned long']],
+    'OwnerTree' : [ 0x30, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x40, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x30, ['unsigned char']],
+    'EntryLock' : [ 0x50, ['unsigned long long']],
+    'BoostBitmap' : [ 0x58, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+    'SparePad' : [ 0x5c, ['unsigned long']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer64', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ContextSwitches' : [ 0x14, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x48, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'TagIndex' : [ 0x10, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x12, ['unsigned short']],
+    'TagName' : [ 0x14, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x78, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long long']],
+    'TotalMemoryCommitted' : [ 0x8, ['unsigned long long']],
+    'TotalMemoryLargeUCR' : [ 0x10, ['unsigned long long']],
+    'TotalSizeInVirtualBlocks' : [ 0x18, ['unsigned long long']],
+    'TotalSegments' : [ 0x20, ['unsigned long']],
+    'TotalUCRs' : [ 0x24, ['unsigned long']],
+    'CommittOps' : [ 0x28, ['unsigned long']],
+    'DeCommitOps' : [ 0x2c, ['unsigned long']],
+    'LockAcquires' : [ 0x30, ['unsigned long']],
+    'LockCollisions' : [ 0x34, ['unsigned long']],
+    'CommitRate' : [ 0x38, ['unsigned long']],
+    'DecommittRate' : [ 0x3c, ['unsigned long']],
+    'CommitFailures' : [ 0x40, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x44, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x48, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x4c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x50, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x54, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x58, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x5c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x60, ['unsigned long long']],
+    'HighWatermarkSize' : [ 0x68, ['unsigned long long']],
+    'LastPolledSize' : [ 0x70, ['unsigned long long']],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0x10, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x30, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'Irp' : [ 0x18, ['pointer64', ['_IRP']]],
+    'Device' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_27cd' : [ 0x20, {
+    'CallerCompletion' : [ 0x0, ['pointer64', ['void']]],
+    'CallerContext' : [ 0x8, ['pointer64', ['void']]],
+    'CallerDevice' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_27d0' : [ 0x10, {
+    'NotifyDevice' : [ 0x0, ['pointer64', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x8, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0x100, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x30, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x38, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x78, ['_KDPC']],
+    'MinorFunction' : [ 0xb8, ['unsigned char']],
+    'PowerStateType' : [ 0xbc, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0xc0, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0xc4, ['unsigned char']],
+    'FxDevice' : [ 0xc8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0xd0, ['unsigned char']],
+    'NotifyPEP' : [ 0xd1, ['unsigned char']],
+    'IrpSequenceID' : [ 0xd4, ['long']],
+    'Device' : [ 0xd8, ['__unnamed_27cd']],
+    'System' : [ 0xd8, ['__unnamed_27d0']],
+    'DStateReason' : [ 0xf8, ['Enumeration', dict(target = 'long', choices = {0: u'PepNotifyDeviceDStateReasonNone', 1: u'PepNotifyDeviceDStateReasonSystemTransition', 2: u'PepNotifyDeviceDStateReasonDfx', 3: u'PepNotifyDeviceDStateReasonMax'})]],
+} ],
+  '_CLIENT_ID' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['pointer64', ['void']]],
+    'UniqueThread' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x38, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedBytes' : [ 0x8, ['unsigned long long']],
+    'NonPagedAllocs' : [ 0x10, ['unsigned long long']],
+    'NonPagedFrees' : [ 0x18, ['unsigned long long']],
+    'PagedBytes' : [ 0x20, ['unsigned long long']],
+    'PagedAllocs' : [ 0x28, ['unsigned long long']],
+    'PagedFrees' : [ 0x30, ['unsigned long long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_CMP_VOLUME_MANAGER' : [ 0x18, {
+    'VolumeContextListLock' : [ 0x0, ['_CMSI_RW_LOCK']],
+    'VolumeContextListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGK_SILOSTATE' : [ 0x20, {
+    'ErrorPortLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ErrorPort' : [ 0x8, ['pointer64', ['_DBGKP_ERROR_PORT']]],
+    'ErrorProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ErrorPortRegisteredEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+} ],
+  '_STACK_TABLE' : [ 0x8088, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x8, ['array', 16, ['pointer64', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x88, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x428, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'StrictVetoBias' : [ 0x8, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0xc, ['unsigned long']],
+    'TargetState' : [ 0x10, ['unsigned long']],
+    'ActualState' : [ 0x14, ['unsigned long']],
+    'OldState' : [ 0x18, ['unsigned long']],
+    'OverrideIndex' : [ 0x1c, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0xf0, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x198, ['pointer64', ['void']]],
+    'IdlePreExecute' : [ 0x1a0, ['pointer64', ['void']]],
+    'IdleExecute' : [ 0x1a8, ['pointer64', ['void']]],
+    'IdlePreselect' : [ 0x1b0, ['pointer64', ['void']]],
+    'IdleTest' : [ 0x1b8, ['pointer64', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x1c0, ['pointer64', ['void']]],
+    'IdleComplete' : [ 0x1c8, ['pointer64', ['void']]],
+    'IdleCancel' : [ 0x1d0, ['pointer64', ['void']]],
+    'IdleIsHalted' : [ 0x1d8, ['pointer64', ['void']]],
+    'IdleInitiateWake' : [ 0x1e0, ['pointer64', ['void']]],
+    'PrepareInfo' : [ 0x1e8, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0x240, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0x2e8, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0x2f0, ['pointer64', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0x2f8, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0x308, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0x318, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x330, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MM_PRIVATE_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'FixedLargePageSize' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ZeroFillPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Graphics' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ShadowStack' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'PhysicalMemoryPfnsReferenced' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x38, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0xf8, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer64', ['void']]],
+    'ThreadOwner' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x38, ['array', 8, ['pointer64', ['void']]]],
+    'LastAcquireTrace' : [ 0x78, ['array', 8, ['pointer64', ['void']]]],
+    'LastReleaseTrace' : [ 0xb8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_RTL_HEAP_MEMORY_LIMIT_DATA' : [ 0x20, {
+    'CommitLimitBytes' : [ 0x0, ['unsigned long long']],
+    'CommitLimitFailureCode' : [ 0x8, ['unsigned long long']],
+    'MaxAllocationSizeBytes' : [ 0x10, ['unsigned long long']],
+    'AllocationLimitFailureCode' : [ 0x18, ['unsigned long long']],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x120, {
+    'ProcessCid' : [ 0x0, ['pointer64', ['void']]],
+    'ThreadCid' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x20, ['unsigned long']],
+    'CreateTrace' : [ 0x28, ['array', 30, ['unsigned long long']]],
+    'Count' : [ 0x118, ['long']],
+    'CaptureCount' : [ 0x11c, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0x110, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x38, ['array', 216, ['unsigned char']]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ShortThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'IdleStateMax' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ResponsivenessDisableThreshold' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ResponsivenessEnableThreshold' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ResponsivenessDisableTime' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ResponsivenessEnableTime' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ResponsivenessEppCeiling' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ResponsivenessPerfFloor' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SoftParkLatency' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x240, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x48, ['pointer64', ['_KDPC']]],
+    'ChildList' : [ 0x50, ['_LIST_ENTRY']],
+    'Parent' : [ 0x60, ['pointer64', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x10, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x8, ['pointer64', ['pointer64', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x260, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x10, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0x18, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x20, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x130, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x240, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x248, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x250, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x258, ['pointer64', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x8, ['pointer64', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x10, ['pointer64', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x28, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'LockMdlSwitchedTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x10, ['unsigned long long']],
+    'Lock' : [ 0x18, ['unsigned long long']],
+    'Valid' : [ 0x20, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x48, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'EntryDescriptor' : [ 0x20, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x38, ['unsigned long']],
+    'Handles' : [ 0x40, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0xa0, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0x18, {
+    'IdealMask' : [ 0x0, ['unsigned long long']],
+    'PreferredMask' : [ 0x8, ['unsigned long long']],
+    'AvailableMask' : [ 0x10, ['unsigned long long']],
+} ],
+  '_CM_NAME_HASH' : [ 0x18, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x10, ['unsigned short']],
+    'Name' : [ 0x12, ['array', 1, ['wchar']]],
+} ],
+  '_MMSESSION' : [ 0x20, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x8, ['pointer64', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x10, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x18, ['unsigned long']],
+    'BitmapFailures' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x20, {
+    'CompletionRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'RequestorMode' : [ 0x18, ['unsigned char']],
+    'NestingLevel' : [ 0x1c, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0x18, {
+    'DirtyPages' : [ 0x0, ['unsigned long long']],
+    'DirtyPagesLastScan' : [ 0x8, ['unsigned long long']],
+    'DirtyPagesScheduledLastScan' : [ 0x10, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x68, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+    'KernelWaitTime' : [ 0x58, ['unsigned long long']],
+    'UserWaitTime' : [ 0x60, ['unsigned long long']],
+} ],
+  '_ETW_PARTITION_CONTEXT' : [ 0x8, {
+    'Partition' : [ 0x0, ['pointer64', ['_EPARTITION']]],
+} ],
+  '_SK_CRASH_MINIDUMP' : [ 0x1000, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'ModuleCount' : [ 0x8, ['unsigned long']],
+    'FrameCount' : [ 0xc, ['unsigned long']],
+    'Modules' : [ 0x10, ['array', 16, ['_SK_CRASH_MODULE']]],
+    'StackFrames' : [ 0x490, ['array', 366, ['_SK_CRASH_STACK_FRAME']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x10, {
+    'Sid' : [ 0x0, ['pointer64', ['void']]],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_SK_CRASH_STACK_FRAME' : [ 0x8, {
+    'ModuleId' : [ 0x0, ['unsigned long']],
+    'Rva' : [ 0x4, ['unsigned long']],
+    'Pc' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DEVICE_MAP' : [ 0x48, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x8, ['pointer64', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x18, ['long']],
+    'DriveMap' : [ 0x1c, ['unsigned long']],
+    'DriveType' : [ 0x20, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x40, ['pointer64', ['_EJOB']]],
+} ],
+  '_RTL_BITMAP_EX' : [ 0x10, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long long']],
+    'Buffer' : [ 0x8, ['pointer64', ['unsigned long long']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ColdPage' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long long')]],
+    'ExecutePrivilege' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x8, ['pointer64', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x10, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x8, ['pointer64', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x18, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0x10, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x20, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x8, ['unsigned long long']],
+    'Run' : [ 0x10, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'ReservedForHardware' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 52, native_type='unsigned long long')]],
+    'ReservedForSoftware' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 56, native_type='unsigned long long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'WsleProtection' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SessionHeapInitialized' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SessionHeapDestroyed' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0x18, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x8, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x28, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer64', ['void']]],
+    'OverQuotaHistory' : [ 0x8, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x20, ['unsigned long long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x10, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x10, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x50, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x8, ['unsigned long']],
+    'SenderPort' : [ 0x10, ['pointer64', ['void']]],
+    'RepliedToThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'PortContext' : [ 0x20, ['pointer64', ['void']]],
+    'Request' : [ 0x28, ['_PORT_MESSAGE']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x28, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0x10, ['unsigned long']],
+    'CollectMultiple' : [ 0x14, ['unsigned char']],
+    'Buffer' : [ 0x18, ['pointer64', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x20, ['pointer64', ['_KEVENT']]],
+} ],
+  '_PO_DIRECTED_DRIPS_STATE' : [ 0x38, {
+    'QueueLink' : [ 0x0, ['_LIST_ENTRY']],
+    'VisitedQueueLink' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'CachedFlags' : [ 0x24, ['unsigned long']],
+    'DeviceUsageCount' : [ 0x28, ['unsigned long']],
+    'Diagnostic' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x28, {
+    'ObjectHeader' : [ 0x0, ['pointer64', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x8, ['pointer64', ['void']]],
+    'ImageFileName' : [ 0x10, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x20, ['unsigned short']],
+    'MaxStacks' : [ 0x22, ['unsigned short']],
+    'StackInfo' : [ 0x24, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_KQOS_GROUPING_SETS' : [ 0x10, {
+    'SingleCoreSet' : [ 0x0, ['unsigned long long']],
+    'SmtSet' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_28cb' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x90, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_28cb']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'WritesOutstanding' : [ 0x1c, ['unsigned long']],
+    'EvictFlushLock' : [ 0x20, ['long']],
+    'EvictionThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x30, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x50, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x60, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x78, ['pointer64', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x80, ['pointer64', ['_EPROCESS']]],
+    'DeleteStoredPages' : [ 0x88, ['unsigned long']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x2b0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+    'IdleStateMax' : [ 0x2e, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x48, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long long']],
+    'MemoryBandwidth' : [ 0x18, ['unsigned long long']],
+    'MaxPoolUsage' : [ 0x20, ['unsigned long long']],
+    'MaxSectionSize' : [ 0x28, ['unsigned long long']],
+    'MaxViewSize' : [ 0x30, ['unsigned long long']],
+    'MaxTotalSectionSize' : [ 0x38, ['unsigned long long']],
+    'DupObjectTypes' : [ 0x40, ['unsigned long']],
+    'Reserved' : [ 0x44, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x88, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x10, ['unsigned long long']],
+    'ItemCount' : [ 0x18, ['long']],
+    'Dpc' : [ 0x20, ['_KDPC']],
+    'WorkItem' : [ 0x60, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x80, ['pointer64', ['void']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x8, {
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_28ed' : [ 0x4, {
+    'PageAlignLargeAllocs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableDelayFree' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_RTL_HP_VS_CONFIG' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_28ed']],
+} ],
+  '_EXHANDLE' : [ 0x8, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x28, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+    'Group' : [ 0x10, ['pointer64', ['void']]],
+    'Sacl' : [ 0x18, ['pointer64', ['_ACL']]],
+    'Dacl' : [ 0x20, ['pointer64', ['_ACL']]],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x88, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x8, ['_KMUTANT']],
+    'Lock' : [ 0x40, ['_FAST_MUTEX']],
+    'List' : [ 0x78, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x10, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x20, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x38, ['unsigned char']],
+    'DeviceObject' : [ 0x40, ['pointer64', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x48, ['pointer64', ['wchar']]],
+    'DriverName' : [ 0x50, ['pointer64', ['wchar']]],
+    'ChildCount' : [ 0x58, ['unsigned long']],
+    'ActiveChild' : [ 0x5c, ['unsigned long']],
+    'ParentCount' : [ 0x60, ['unsigned long']],
+    'ActiveParent' : [ 0x64, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x278, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x8, ['pointer64', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x10, ['pointer64', ['_HMAP_TABLE']]],
+    'Guard' : [ 0x18, ['unsigned long']],
+    'FreeDisplay' : [ 0x20, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x260, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x270, ['unsigned long']],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x48, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'SecureInfo' : [ 0x8, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP_EX']],
+    'InPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x8, ['_MI_LARGEPAGE_VAD_INFO']],
+    'AweView' : [ 0x8, ['_MI_PHYSICAL_VIEW']],
+    'CreatingThread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'PebTeb' : [ 0x8, ['_MI_SUB64K_FREE_RANGES']],
+    'PlaceholderVad' : [ 0x8, ['pointer64', ['_MMVAD_SHORT']]],
+    'WaitReason' : [ 0x40, ['unsigned long']],
+} ],
+  '__unnamed_2916' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_2919' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_SUBSECTION' : [ 0x38, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextSubsection' : [ 0x10, ['pointer64', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0x18, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0x18, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0x18, ['pointer64', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x20, ['__unnamed_2916']],
+    'StartingSector' : [ 0x24, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x28, ['unsigned long']],
+    'PtesInSubsection' : [ 0x2c, ['unsigned long']],
+    'u1' : [ 0x30, ['__unnamed_2919']],
+    'UnusedPtes' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x34, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KUMS_CONTEXT_HEADER' : [ 0x70, {
+    'P1Home' : [ 0x0, ['unsigned long long']],
+    'P2Home' : [ 0x8, ['unsigned long long']],
+    'P3Home' : [ 0x10, ['unsigned long long']],
+    'P4Home' : [ 0x18, ['unsigned long long']],
+    'StackTop' : [ 0x20, ['pointer64', ['void']]],
+    'StackSize' : [ 0x28, ['unsigned long long']],
+    'RspOffset' : [ 0x30, ['unsigned long long']],
+    'Rip' : [ 0x38, ['unsigned long long']],
+    'FltSave' : [ 0x40, ['pointer64', ['_XSAVE_FORMAT']]],
+    'Volatile' : [ 0x48, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Reserved' : [ 0x48, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'Flags' : [ 0x48, ['unsigned long long']],
+    'TrapFrame' : [ 0x50, ['pointer64', ['_KTRAP_FRAME']]],
+    'ExceptionFrame' : [ 0x58, ['pointer64', ['_KEXCEPTION_FRAME']]],
+    'SourceThread' : [ 0x60, ['pointer64', ['_KTHREAD']]],
+    'Return' : [ 0x68, ['unsigned long long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x40, {
+    'Next' : [ 0x0, ['pointer64', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x8, ['unsigned long long']],
+    'RequestPacket' : [ 0x10, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x30, ['pointer64', ['long']]],
+    'NodeTargetCount' : [ 0x38, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0x18, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x8, ['pointer64', ['void']]],
+    'DataLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x68, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'Reserved2' : [ 0x18, ['unsigned long']],
+    'Reserved3' : [ 0x20, ['array', 4, ['pointer64', ['void']]]],
+    'Reserved4' : [ 0x40, ['array', 4, ['unsigned long']]],
+    'Reserved5' : [ 0x50, ['pointer64', ['void']]],
+    'Reserved6' : [ 0x58, ['array', 2, ['pointer64', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x10, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x30, {
+    'AllocAddress' : [ 0x0, ['unsigned long long']],
+    'AllocTag' : [ 0x8, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x10, ['unsigned long long']],
+    'ReAllocTag' : [ 0x18, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x20, ['unsigned long long']],
+    'FreeTag' : [ 0x28, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x50, {
+    'LsaProcessHandle' : [ 0x0, ['pointer64', ['void']]],
+    'LsaCommandPortHandle' : [ 0x8, ['pointer64', ['void']]],
+    'SepRmThreadHandle' : [ 0x10, ['pointer64', ['void']]],
+    'RmCommandPortHandle' : [ 0x18, ['pointer64', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x20, ['pointer64', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x28, ['pointer64', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x30, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x38, ['pointer64', ['void']]],
+    'RmViewPortMemory' : [ 0x40, ['pointer64', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x48, ['long']],
+    'LsaCommandPortActive' : [ 0x4c, ['unsigned char']],
+} ],
+  '_MM_GRAPHICS_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'FixedLargePageSize' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ZeroFillPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'GraphicsAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'GraphicsUseCoherentBus' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'GraphicsNoCache' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'GraphicsPageProtection' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+} ],
+  '_KTIMER_TABLE_STATE' : [ 0x18, {
+    'LastTimerExpiration' : [ 0x0, ['array', 2, ['unsigned long long']]],
+    'LastTimerHand' : [ 0x10, ['array', 2, ['unsigned long']]],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x30, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x10, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0x18, ['pointer64', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x88, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x20, ['pointer64', ['void']]],
+    'Tm' : [ 0x28, ['pointer64', ['void']]],
+    'RmHandle' : [ 0x30, ['pointer64', ['void']]],
+    'KtmRm' : [ 0x38, ['pointer64', ['void']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'ContainerNum' : [ 0x44, ['unsigned long']],
+    'ContainerSize' : [ 0x48, ['unsigned long long']],
+    'CmHive' : [ 0x50, ['pointer64', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x58, ['pointer64', ['void']]],
+    'MarshallingContext' : [ 0x60, ['pointer64', ['void']]],
+    'RmFlags' : [ 0x68, ['unsigned long']],
+    'LogStartStatus1' : [ 0x6c, ['long']],
+    'LogStartStatus2' : [ 0x70, ['long']],
+    'BaseLsn' : [ 0x78, ['unsigned long long']],
+    'RmLock' : [ 0x80, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'AllocatedPagedPool' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0xf8, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xa8, ['_UNICODE_STRING']],
+    'Latency' : [ 0xb8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xbc, ['unsigned long']],
+    'Power' : [ 0xc0, ['unsigned long']],
+    'StateFlags' : [ 0xc4, ['unsigned long']],
+    'VetoAccounting' : [ 0xc8, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0xf0, ['unsigned char']],
+    'InterruptsEnabled' : [ 0xf1, ['unsigned char']],
+    'Interruptible' : [ 0xf2, ['unsigned char']],
+    'ContextRetained' : [ 0xf3, ['unsigned char']],
+    'CacheCoherent' : [ 0xf4, ['unsigned char']],
+    'WakesSpuriously' : [ 0xf5, ['unsigned char']],
+    'PlatformOnly' : [ 0xf6, ['unsigned char']],
+    'NoCState' : [ 0xf7, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_EX_HEAP_SESSION_STATE' : [ 0x38f0, {
+    'HeapManager' : [ 0x0, ['_RTLP_HP_HEAP_MANAGER']],
+    'PagedEnv' : [ 0x38d0, ['RTL_HP_ENV_HANDLE']],
+    'PagedHeap' : [ 0x38e0, ['pointer64', ['_SEGMENT_HEAP']]],
+    'SpecialPoolHeap' : [ 0x38e8, ['pointer64', ['_SEGMENT_HEAP']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_2956' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsBootDriver' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2958' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_2956']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0x130, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer64', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x8, ['pointer64', ['void']]],
+    'EtwHandlesListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'u1' : [ 0x20, ['__unnamed_2958']],
+    'Signature' : [ 0x28, ['unsigned long long']],
+    'SeSigningLevel' : [ 0x30, ['unsigned char']],
+    'PoolPageHeaders' : [ 0x40, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x50, ['_SLIST_HEADER']],
+    'DifPluginData' : [ 0x60, ['pointer64', ['pointer64', ['void']]]],
+    'CurrentPagedPoolAllocations' : [ 0x68, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x6c, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x70, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x74, ['unsigned long']],
+    'PagedBytes' : [ 0x78, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x80, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x88, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x90, ['unsigned long long']],
+    'RaiseIrqls' : [ 0x98, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x9c, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xa0, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0xa4, ['unsigned long']],
+    'AllocationsFailed' : [ 0xa8, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0xac, ['unsigned long']],
+    'LockedBytes' : [ 0xb0, ['unsigned long long']],
+    'PeakLockedBytes' : [ 0xb8, ['unsigned long long']],
+    'MappedLockedBytes' : [ 0xc0, ['unsigned long long']],
+    'PeakMappedLockedBytes' : [ 0xc8, ['unsigned long long']],
+    'MappedIoSpaceBytes' : [ 0xd0, ['unsigned long long']],
+    'PeakMappedIoSpaceBytes' : [ 0xd8, ['unsigned long long']],
+    'PagesForMdlBytes' : [ 0xe0, ['unsigned long long']],
+    'PeakPagesForMdlBytes' : [ 0xe8, ['unsigned long long']],
+    'ContiguousMemoryBytes' : [ 0xf0, ['unsigned long long']],
+    'PeakContiguousMemoryBytes' : [ 0xf8, ['unsigned long long']],
+    'ContiguousMemoryListHead' : [ 0x100, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x110, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x114, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x118, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x11c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x120, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x124, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'Luid' : [ 0x20, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x28, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x30, ['unsigned char']],
+} ],
+  '__unnamed_2960' : [ 0x8, {
+    'ImageFileExtents' : [ 0x0, ['pointer64', ['void']]],
+    'ImageFileExtentsUlongPtr' : [ 0x0, ['unsigned long long']],
+    'FilesystemWantsRva' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x40, {
+    'ProtosNode' : [ 0x0, ['_MI_PROTOTYPE_PTES_NODE']],
+    'DynamicRelocations' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityContext' : [ 0x28, ['_IMAGE_SECURITY_CONTEXT']],
+    'u1' : [ 0x30, ['__unnamed_2960']],
+    'StrongImageReference' : [ 0x38, ['unsigned long long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderEnclaveMemory', 34: u'LoaderFirmwareKsr', 35: u'LoaderEnclaveKsr', 36: u'LoaderSkMemory', 37: u'LoaderSkFirmwareReserved', 38: u'LoaderIoSpaceMemoryZeroed', 39: u'LoaderIoSpaceMemoryFree', 40: u'LoaderIoSpaceMemoryKsr', 41: u'LoaderMaximum'})]],
+    'BasePage' : [ 0x18, ['unsigned long long']],
+    'PageCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_DELAY_ACK_FO' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_WNF_SCOPE_MAP' : [ 0xb0, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'SystemScopeInstance' : [ 0x8, ['pointer64', ['_WNF_SCOPE_INSTANCE']]],
+    'MachineScopeInstance' : [ 0x10, ['pointer64', ['_WNF_SCOPE_INSTANCE']]],
+    'PhysicalMachineScopeInstance' : [ 0x18, ['pointer64', ['_WNF_SCOPE_INSTANCE']]],
+    'ByDataScope' : [ 0x20, ['array', 6, ['_WNF_SCOPE_MAP_ENTRY']]],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x10, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x8, ['pointer64', ['_HHIVE']]],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0xa0, {
+    'As32Bit' : [ 0x0, ['_PEBS_DS_SAVE_AREA32']],
+    'As64Bit' : [ 0x0, ['_PEBS_DS_SAVE_AREA64']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x20, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0x18, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x38, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long long']],
+    'DirtyPageThresholdTop' : [ 0x8, ['unsigned long long']],
+    'DirtyPageThresholdBottom' : [ 0x10, ['unsigned long long']],
+    'DirtyPageTarget' : [ 0x18, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x20, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x28, ['unsigned long long']],
+    'AvailableHistory' : [ 0x30, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x90, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0x18, ['pointer64', ['_MDL']]],
+    'StartVa' : [ 0x20, ['pointer64', ['void']]],
+    'Count' : [ 0x28, ['unsigned long long']],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Who' : [ 0x38, ['unsigned long']],
+    'Hash' : [ 0x3c, ['unsigned long']],
+    'Page' : [ 0x40, ['unsigned long long']],
+    'StackTrace' : [ 0x48, ['array', 8, ['pointer64', ['void']]]],
+    'Process' : [ 0x88, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_WNF_STATE_NAME_REGISTRATION' : [ 0x18, {
+    'MaxStateSize' : [ 0x0, ['unsigned long']],
+    'TypeId' : [ 0x8, ['pointer64', ['_WNF_TYPE_ID']]],
+    'SecurityDescriptor' : [ 0x10, ['pointer64', ['_SECURITY_DESCRIPTOR']]],
+} ],
+  '_MMSECTION_FLAGS2' : [ 0x4, {
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'NoCrossPartitionAccess' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SubsectionCrossPartitionReferenceOverflow' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0xf0, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0x10, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x48, ['unsigned long']],
+    'TraceDb' : [ 0x50, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x18, {
+    'Handles' : [ 0x0, ['pointer64', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+} ],
+  'HAL_PRIVATE_DISPATCH' : [ 0x4b0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'HalHandlerForBus' : [ 0x8, ['pointer64', ['void']]],
+    'HalHandlerForConfigSpace' : [ 0x10, ['pointer64', ['void']]],
+    'HalLocateHiberRanges' : [ 0x18, ['pointer64', ['void']]],
+    'HalRegisterBusHandler' : [ 0x20, ['pointer64', ['void']]],
+    'HalSetWakeEnable' : [ 0x28, ['pointer64', ['void']]],
+    'HalSetWakeAlarm' : [ 0x30, ['pointer64', ['void']]],
+    'HalPciTranslateBusAddress' : [ 0x38, ['pointer64', ['void']]],
+    'HalPciAssignSlotResources' : [ 0x40, ['pointer64', ['void']]],
+    'HalHaltSystem' : [ 0x48, ['pointer64', ['void']]],
+    'HalFindBusAddressTranslation' : [ 0x50, ['pointer64', ['void']]],
+    'HalResetDisplay' : [ 0x58, ['pointer64', ['void']]],
+    'HalAllocateMapRegisters' : [ 0x60, ['pointer64', ['void']]],
+    'KdSetupPciDeviceForDebugging' : [ 0x68, ['pointer64', ['void']]],
+    'KdReleasePciDeviceForDebugging' : [ 0x70, ['pointer64', ['void']]],
+    'KdGetAcpiTablePhase0' : [ 0x78, ['pointer64', ['void']]],
+    'KdCheckPowerButton' : [ 0x80, ['pointer64', ['void']]],
+    'HalVectorToIDTEntry' : [ 0x88, ['pointer64', ['void']]],
+    'KdMapPhysicalMemory64' : [ 0x90, ['pointer64', ['void']]],
+    'KdUnmapVirtualAddress' : [ 0x98, ['pointer64', ['void']]],
+    'KdGetPciDataByOffset' : [ 0xa0, ['pointer64', ['void']]],
+    'KdSetPciDataByOffset' : [ 0xa8, ['pointer64', ['void']]],
+    'HalGetInterruptVectorOverride' : [ 0xb0, ['pointer64', ['void']]],
+    'HalGetVectorInputOverride' : [ 0xb8, ['pointer64', ['void']]],
+    'HalLoadMicrocode' : [ 0xc0, ['pointer64', ['void']]],
+    'HalUnloadMicrocode' : [ 0xc8, ['pointer64', ['void']]],
+    'HalPostMicrocodeUpdate' : [ 0xd0, ['pointer64', ['void']]],
+    'HalAllocateMessageTargetOverride' : [ 0xd8, ['pointer64', ['void']]],
+    'HalFreeMessageTargetOverride' : [ 0xe0, ['pointer64', ['void']]],
+    'HalDpReplaceBegin' : [ 0xe8, ['pointer64', ['void']]],
+    'HalDpReplaceTarget' : [ 0xf0, ['pointer64', ['void']]],
+    'HalDpReplaceControl' : [ 0xf8, ['pointer64', ['void']]],
+    'HalDpReplaceEnd' : [ 0x100, ['pointer64', ['void']]],
+    'HalPrepareForBugcheck' : [ 0x108, ['pointer64', ['void']]],
+    'HalQueryWakeTime' : [ 0x110, ['pointer64', ['void']]],
+    'HalReportIdleStateUsage' : [ 0x118, ['pointer64', ['void']]],
+    'HalTscSynchronization' : [ 0x120, ['pointer64', ['void']]],
+    'HalWheaInitProcessorGenericSection' : [ 0x128, ['pointer64', ['void']]],
+    'HalStopLegacyUsbInterrupts' : [ 0x130, ['pointer64', ['void']]],
+    'HalReadWheaPhysicalMemory' : [ 0x138, ['pointer64', ['void']]],
+    'HalWriteWheaPhysicalMemory' : [ 0x140, ['pointer64', ['void']]],
+    'HalDpMaskLevelTriggeredInterrupts' : [ 0x148, ['pointer64', ['void']]],
+    'HalDpUnmaskLevelTriggeredInterrupts' : [ 0x150, ['pointer64', ['void']]],
+    'HalDpGetInterruptReplayState' : [ 0x158, ['pointer64', ['void']]],
+    'HalDpReplayInterrupts' : [ 0x160, ['pointer64', ['void']]],
+    'HalQueryIoPortAccessSupported' : [ 0x168, ['pointer64', ['void']]],
+    'KdSetupIntegratedDeviceForDebugging' : [ 0x170, ['pointer64', ['void']]],
+    'KdReleaseIntegratedDeviceForDebugging' : [ 0x178, ['pointer64', ['void']]],
+    'HalGetEnlightenmentInformation' : [ 0x180, ['pointer64', ['void']]],
+    'HalAllocateEarlyPages' : [ 0x188, ['pointer64', ['void']]],
+    'HalMapEarlyPages' : [ 0x190, ['pointer64', ['void']]],
+    'Dummy1' : [ 0x198, ['pointer64', ['void']]],
+    'Dummy2' : [ 0x1a0, ['pointer64', ['void']]],
+    'HalNotifyProcessorFreeze' : [ 0x1a8, ['pointer64', ['void']]],
+    'HalPrepareProcessorForIdle' : [ 0x1b0, ['pointer64', ['void']]],
+    'HalRegisterLogRoutine' : [ 0x1b8, ['pointer64', ['void']]],
+    'HalResumeProcessorFromIdle' : [ 0x1c0, ['pointer64', ['void']]],
+    'Dummy' : [ 0x1c8, ['pointer64', ['void']]],
+    'HalVectorToIDTEntryEx' : [ 0x1d0, ['pointer64', ['void']]],
+    'HalSecondaryInterruptQueryPrimaryInformation' : [ 0x1d8, ['pointer64', ['void']]],
+    'HalMaskInterrupt' : [ 0x1e0, ['pointer64', ['void']]],
+    'HalUnmaskInterrupt' : [ 0x1e8, ['pointer64', ['void']]],
+    'HalIsInterruptTypeSecondary' : [ 0x1f0, ['pointer64', ['void']]],
+    'HalAllocateGsivForSecondaryInterrupt' : [ 0x1f8, ['pointer64', ['void']]],
+    'HalAddInterruptRemapping' : [ 0x200, ['pointer64', ['void']]],
+    'HalRemoveInterruptRemapping' : [ 0x208, ['pointer64', ['void']]],
+    'HalSaveAndDisableHvEnlightenment' : [ 0x210, ['pointer64', ['void']]],
+    'HalRestoreHvEnlightenment' : [ 0x218, ['pointer64', ['void']]],
+    'HalFlushIoBuffersExternalCache' : [ 0x220, ['pointer64', ['void']]],
+    'HalFlushExternalCache' : [ 0x228, ['pointer64', ['void']]],
+    'HalPciEarlyRestore' : [ 0x230, ['pointer64', ['void']]],
+    'HalGetProcessorId' : [ 0x238, ['pointer64', ['void']]],
+    'HalAllocatePmcCounterSet' : [ 0x240, ['pointer64', ['void']]],
+    'HalCollectPmcCounters' : [ 0x248, ['pointer64', ['void']]],
+    'HalFreePmcCounterSet' : [ 0x250, ['pointer64', ['void']]],
+    'HalProcessorHalt' : [ 0x258, ['pointer64', ['void']]],
+    'HalTimerQueryCycleCounter' : [ 0x260, ['pointer64', ['void']]],
+    'Dummy3' : [ 0x268, ['pointer64', ['void']]],
+    'HalPciMarkHiberPhase' : [ 0x270, ['pointer64', ['void']]],
+    'HalQueryProcessorRestartEntryPoint' : [ 0x278, ['pointer64', ['void']]],
+    'HalRequestInterrupt' : [ 0x280, ['pointer64', ['void']]],
+    'HalEnumerateUnmaskedInterrupts' : [ 0x288, ['pointer64', ['void']]],
+    'HalFlushAndInvalidatePageExternalCache' : [ 0x290, ['pointer64', ['void']]],
+    'KdEnumerateDebuggingDevices' : [ 0x298, ['pointer64', ['void']]],
+    'HalFlushIoRectangleExternalCache' : [ 0x2a0, ['pointer64', ['void']]],
+    'HalPowerEarlyRestore' : [ 0x2a8, ['pointer64', ['void']]],
+    'HalQueryCapsuleCapabilities' : [ 0x2b0, ['pointer64', ['void']]],
+    'HalUpdateCapsule' : [ 0x2b8, ['pointer64', ['void']]],
+    'HalPciMultiStageResumeCapable' : [ 0x2c0, ['pointer64', ['void']]],
+    'HalDmaFreeCrashDumpRegisters' : [ 0x2c8, ['pointer64', ['void']]],
+    'HalAcpiAoacCapable' : [ 0x2d0, ['pointer64', ['void']]],
+    'HalInterruptSetDestination' : [ 0x2d8, ['pointer64', ['void']]],
+    'HalGetClockConfiguration' : [ 0x2e0, ['pointer64', ['void']]],
+    'HalClockTimerActivate' : [ 0x2e8, ['pointer64', ['void']]],
+    'HalClockTimerInitialize' : [ 0x2f0, ['pointer64', ['void']]],
+    'HalClockTimerStop' : [ 0x2f8, ['pointer64', ['void']]],
+    'HalClockTimerArm' : [ 0x300, ['pointer64', ['void']]],
+    'HalTimerOnlyClockInterruptPending' : [ 0x308, ['pointer64', ['void']]],
+    'HalAcpiGetMultiNode' : [ 0x310, ['pointer64', ['void']]],
+    'HalPowerSetRebootHandler' : [ 0x318, ['pointer64', ['void']]],
+    'HalIommuRegisterDispatchTable' : [ 0x320, ['pointer64', ['void']]],
+    'HalTimerWatchdogStart' : [ 0x328, ['pointer64', ['void']]],
+    'HalTimerWatchdogResetCountdown' : [ 0x330, ['pointer64', ['void']]],
+    'HalTimerWatchdogStop' : [ 0x338, ['pointer64', ['void']]],
+    'HalTimerWatchdogGeneratedLastReset' : [ 0x340, ['pointer64', ['void']]],
+    'HalTimerWatchdogTriggerSystemReset' : [ 0x348, ['pointer64', ['void']]],
+    'HalInterruptVectorDataToGsiv' : [ 0x350, ['pointer64', ['void']]],
+    'HalInterruptGetHighestPriorityInterrupt' : [ 0x358, ['pointer64', ['void']]],
+    'HalProcessorOn' : [ 0x360, ['pointer64', ['void']]],
+    'HalProcessorOff' : [ 0x368, ['pointer64', ['void']]],
+    'HalProcessorFreeze' : [ 0x370, ['pointer64', ['void']]],
+    'HalDmaLinkDeviceObjectByToken' : [ 0x378, ['pointer64', ['void']]],
+    'HalDmaCheckAdapterToken' : [ 0x380, ['pointer64', ['void']]],
+    'Dummy4' : [ 0x388, ['pointer64', ['void']]],
+    'HalTimerConvertPerformanceCounterToAuxiliaryCounter' : [ 0x390, ['pointer64', ['void']]],
+    'HalTimerConvertAuxiliaryCounterToPerformanceCounter' : [ 0x398, ['pointer64', ['void']]],
+    'HalTimerQueryAuxiliaryCounterFrequency' : [ 0x3a0, ['pointer64', ['void']]],
+    'HalConnectThermalInterrupt' : [ 0x3a8, ['pointer64', ['void']]],
+    'HalIsEFIRuntimeActive' : [ 0x3b0, ['pointer64', ['void']]],
+    'HalTimerQueryAndResetRtcErrors' : [ 0x3b8, ['pointer64', ['void']]],
+    'HalAcpiLateRestore' : [ 0x3c0, ['pointer64', ['void']]],
+    'KdWatchdogDelayExpiration' : [ 0x3c8, ['pointer64', ['void']]],
+    'HalGetProcessorStats' : [ 0x3d0, ['pointer64', ['void']]],
+    'HalTimerWatchdogQueryDueTime' : [ 0x3d8, ['pointer64', ['void']]],
+    'HalConnectSyntheticInterrupt' : [ 0x3e0, ['pointer64', ['void']]],
+    'HalPreprocessNmi' : [ 0x3e8, ['pointer64', ['void']]],
+    'HalEnumerateEnvironmentVariablesWithFilter' : [ 0x3f0, ['pointer64', ['void']]],
+    'HalCaptureLastBranchRecordStack' : [ 0x3f8, ['pointer64', ['void']]],
+    'HalClearLastBranchRecordStack' : [ 0x400, ['pointer64', ['void']]],
+    'HalConfigureLastBranchRecord' : [ 0x408, ['pointer64', ['void']]],
+    'HalGetLastBranchInformation' : [ 0x410, ['pointer64', ['void']]],
+    'HalResumeLastBranchRecord' : [ 0x418, ['pointer64', ['void']]],
+    'HalStartLastBranchRecord' : [ 0x420, ['pointer64', ['void']]],
+    'HalStopLastBranchRecord' : [ 0x428, ['pointer64', ['void']]],
+    'HalIommuBlockDevice' : [ 0x430, ['pointer64', ['void']]],
+    'HalIommuUnblockDevice' : [ 0x438, ['pointer64', ['void']]],
+    'HalGetIommuInterface' : [ 0x440, ['pointer64', ['void']]],
+    'HalRequestGenericErrorRecovery' : [ 0x448, ['pointer64', ['void']]],
+    'HalTimerQueryHostPerformanceCounter' : [ 0x450, ['pointer64', ['void']]],
+    'HalTopologyQueryProcessorRelationships' : [ 0x458, ['pointer64', ['void']]],
+    'HalInitPlatformDebugTriggers' : [ 0x460, ['pointer64', ['void']]],
+    'HalRunPlatformDebugTriggers' : [ 0x468, ['pointer64', ['void']]],
+    'HalTimerGetReferencePage' : [ 0x470, ['pointer64', ['void']]],
+    'HalGetHiddenProcessorPowerInterface' : [ 0x478, ['pointer64', ['void']]],
+    'HalGetHiddenProcessorPackageId' : [ 0x480, ['pointer64', ['void']]],
+    'HalGetHiddenPackageProcessorCount' : [ 0x488, ['pointer64', ['void']]],
+    'HalGetHiddenProcessorApicIdByIndex' : [ 0x490, ['pointer64', ['void']]],
+    'HalRegisterHiddenProcessorIdleState' : [ 0x498, ['pointer64', ['void']]],
+    'HalIommuReportIommuFault' : [ 0x4a0, ['pointer64', ['void']]],
+    'HalIommuDmaRemappingCapable' : [ 0x4a8, ['pointer64', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_KSECURE_FAULT_INFORMATION' : [ 0x10, {
+    'FaultCode' : [ 0x0, ['unsigned long long']],
+    'FaultVa' : [ 0x8, ['unsigned long long']],
+} ],
+  '_WNF_STATE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'AllocatedSize' : [ 0x4, ['unsigned long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'ChangeStamp' : [ 0xc, ['unsigned long']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x20, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer64', ['void']]]],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x20, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long long']],
+    'NumberOfProcessReferences' : [ 0x8, ['unsigned long long']],
+    'ClonePtes' : [ 0x10, ['pointer64', ['_MMCLONE_BLOCK']]],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x3280, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0xc0, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x400, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x4a8, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x1550, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x15c0, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1780, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x1c40, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0x1c60, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0x1cc0, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x1d80, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x1df8, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x1ec0, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x1f40, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x2060, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x2100, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x2300, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x2370, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x2420, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x2500, ['_MI_SYSTEM_TRIM_STATE']],
+    'Enclaves' : [ 0x2540, ['_MI_ENCLAVE_STATE']],
+    'Cookie' : [ 0x2588, ['unsigned long long']],
+    'BootRegistryRuns' : [ 0x2590, ['pointer64', ['pointer64', ['void']]]],
+    'ZeroingDisabled' : [ 0x2598, ['long']],
+    'FullyInitialized' : [ 0x259c, ['unsigned char']],
+    'SafeBooted' : [ 0x259d, ['unsigned char']],
+    'TraceLogging' : [ 0x25a0, ['pointer64', ['_tlgProvider_t']]],
+    'Vs' : [ 0x25c0, ['_MI_VISIBLE_STATE']],
+} ],
+  '_CMSI_RW_LOCK' : [ 0x8, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x40, {
+    'ProcessorBuffers' : [ 0x0, ['pointer64', ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x8, ['pointer64', ['unsigned long long']]],
+    'QpcDelta' : [ 0x10, ['pointer64', ['long long']]],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0x1200, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x8, ['unsigned long long']],
+    'NumberOfPhysicalPages' : [ 0x10, ['unsigned long long']],
+    'NumberOfPagingFiles' : [ 0x18, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x1c, ['unsigned char']],
+    'PagingFile' : [ 0x20, ['array', 16, ['pointer64', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0xc0, ['unsigned long long']],
+    'ResidentAvailablePages' : [ 0x100, ['unsigned long long']],
+    'PartitionWs' : [ 0x140, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x200, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x228, ['unsigned long long']],
+    'ModifiedPageListHead' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x280, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x2a8, ['unsigned long long']],
+    'TotalPagesForPagingFile' : [ 0x2b0, ['unsigned long long']],
+    'VadPhysicalPages' : [ 0x2b8, ['unsigned long long']],
+    'ProcessLockedFilePages' : [ 0x2c0, ['unsigned long long']],
+    'SharedCommit' : [ 0x2c8, ['unsigned long long']],
+    'SlabAllocatorPages' : [ 0x2d0, ['unsigned long long']],
+    'ChargeCommitmentFailures' : [ 0x2d8, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x2e8, ['long']],
+    'PageFileTraces' : [ 0x2f0, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x38, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'NextId' : [ 0x8, ['unsigned long']],
+    'Items' : [ 0x10, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x20, ['_KEVENT']],
+} ],
+  '_ETW_DECODE_CONTROL_ENTRY' : [ 0x30, {
+    'Next' : [ 0x0, ['pointer64', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'Decode' : [ 0x8, ['_GUID']],
+    'Control' : [ 0x18, ['_GUID']],
+    'ConsumersNotified' : [ 0x28, ['unsigned char']],
+} ],
+  '__unnamed_2afb' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2afd' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_2afb']],
+} ],
+  '__unnamed_2aff' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_2afd']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2aff']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x2000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer64', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_2b07' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_2b07']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x10, {
+    'LogHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FlushToLsnRoutine' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_2b12' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x28, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long long']],
+    'NodeCount' : [ 0x8, ['unsigned long long']],
+    'Tables' : [ 0x10, ['pointer64', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0x18, ['unsigned long']],
+    'UseSessionId' : [ 0x1c, ['unsigned char']],
+    'u1' : [ 0x20, ['__unnamed_2b12']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x20, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer64', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x8, ['pointer64', ['void']]],
+    'AcquireForReadAhead' : [ 0x10, ['pointer64', ['void']]],
+    'ReleaseFromReadAhead' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x140, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0xc0, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x48, {
+    'SystemDllBase' : [ 0x0, ['pointer64', ['void']]],
+    'ColorSeed' : [ 0x8, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0xc, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x28, ['array', 2, ['pointer64', ['_MMPTE']]]],
+    'HypervisorSharedVa' : [ 0x38, ['pointer64', ['void']]],
+    'VadSecureCookie' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_AGGREGATION' : [ 0x20, {
+    'PageFaultCount' : [ 0x0, ['unsigned long']],
+    'WorkingSetSize' : [ 0x8, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x10, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_IO_TIMER' : [ 0x30, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x8, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceObject' : [ 0x28, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x10, {
+    'ExceptionRecord' : [ 0x0, ['pointer64', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x8, ['pointer64', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x78, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long long']],
+    'PipelinedReadAheadRequestSize' : [ 0x58, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x5c, ['unsigned long']],
+    'PrivateLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x1a8, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'SiloGuidList' : [ 0x10, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x20, ['long long']],
+    'Guid' : [ 0x28, ['_GUID']],
+    'RegListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x48, ['pointer64', ['void']]],
+    'LastEnable' : [ 0x50, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x50, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x60, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x80, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x180, ['pointer64', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x188, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+    'HostEntry' : [ 0x190, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'Lock' : [ 0x198, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x1a0, ['pointer64', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0x158, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x8, ['pointer64', ['_KEVENT']]],
+    'Name' : [ 0x10, ['pointer64', ['wchar']]],
+    'OrderingName' : [ 0x18, ['pointer64', ['wchar']]],
+    'ResourceType' : [ 0x20, ['long']],
+    'Allocation' : [ 0x28, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x30, ['pointer64', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x38, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x48, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x58, ['long']],
+    'Interface' : [ 0x60, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x68, ['unsigned long']],
+    'AllocationStack' : [ 0x70, ['pointer64', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x78, ['pointer64', ['void']]],
+    'PackResource' : [ 0x80, ['pointer64', ['void']]],
+    'UnpackResource' : [ 0x88, ['pointer64', ['void']]],
+    'ScoreRequirement' : [ 0x90, ['pointer64', ['void']]],
+    'TestAllocation' : [ 0x98, ['pointer64', ['void']]],
+    'RetestAllocation' : [ 0xa0, ['pointer64', ['void']]],
+    'CommitAllocation' : [ 0xa8, ['pointer64', ['void']]],
+    'RollbackAllocation' : [ 0xb0, ['pointer64', ['void']]],
+    'BootAllocation' : [ 0xb8, ['pointer64', ['void']]],
+    'QueryArbitrate' : [ 0xc0, ['pointer64', ['void']]],
+    'QueryConflict' : [ 0xc8, ['pointer64', ['void']]],
+    'AddReserved' : [ 0xd0, ['pointer64', ['void']]],
+    'StartArbiter' : [ 0xd8, ['pointer64', ['void']]],
+    'PreprocessEntry' : [ 0xe0, ['pointer64', ['void']]],
+    'AllocateEntry' : [ 0xe8, ['pointer64', ['void']]],
+    'GetNextAllocationRange' : [ 0xf0, ['pointer64', ['void']]],
+    'FindSuitableRange' : [ 0xf8, ['pointer64', ['void']]],
+    'AddAllocation' : [ 0x100, ['pointer64', ['void']]],
+    'BacktrackAllocation' : [ 0x108, ['pointer64', ['void']]],
+    'OverrideConflict' : [ 0x110, ['pointer64', ['void']]],
+    'InitializeRangeList' : [ 0x118, ['pointer64', ['void']]],
+    'DeleteOwnerRanges' : [ 0x120, ['pointer64', ['void']]],
+    'TransactionInProgress' : [ 0x128, ['unsigned char']],
+    'TransactionEvent' : [ 0x130, ['pointer64', ['_KEVENT']]],
+    'Extension' : [ 0x138, ['pointer64', ['void']]],
+    'BusDeviceObject' : [ 0x140, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0x148, ['pointer64', ['void']]],
+    'ConflictCallback' : [ 0x150, ['pointer64', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x48, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0x10, ['pointer64', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x18, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x19, ['unsigned char']],
+    'ServerIsRemote' : [ 0x1a, ['unsigned char']],
+    'ClientTokenControl' : [ 0x1c, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x80, {
+    'Address' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '_RTLP_HP_HEAP_GLOBALS' : [ 0x38, {
+    'HeapKey' : [ 0x0, ['unsigned long long']],
+    'LfhKey' : [ 0x8, ['unsigned long long']],
+    'FailureInfo' : [ 0x10, ['pointer64', ['_HEAP_FAILURE_INFORMATION']]],
+    'CommitLimitData' : [ 0x18, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0xa8, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'LoadLockOwner' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'LoadLockCount' : [ 0x20, ['unsigned long']],
+    'FixupLock' : [ 0x24, ['long']],
+    'FirstLoadEver' : [ 0x28, ['unsigned char']],
+    'LargePageAll' : [ 0x29, ['unsigned char']],
+    'LastPage' : [ 0x30, ['unsigned long long']],
+    'LargePageList' : [ 0x38, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x48, ['_LIST_ENTRY']],
+    'SystemBase' : [ 0x58, ['array', 1, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]]],
+    'BeingDeleted' : [ 0x60, ['pointer64', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x70, ['array', 2, ['pointer64', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x80, ['unsigned long long']],
+    'PageCounts' : [ 0x88, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0x98, ['_EX_PUSH_LOCK']],
+    'ImageTree' : [ 0xa0, ['_RTL_AVL_TREE']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ExceptionHandlingReady' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ShadowStacksSupported' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AccessBitFenceRequired' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'PfnDatabaseExists' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'DeferredHotAddsCompleted' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'SystemPtesReady' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_HEAP_VS_DELAY_FREE_CONTEXT' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x70, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x30, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x38, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x40, ['pointer64', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'Lock' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x54, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x58, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x59, ['unsigned char']],
+    'LightestSleepState' : [ 0x5c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x60, ['pointer64', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x68, ['unsigned char']],
+    'DeleteType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x30, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0x18, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x8, {
+    'Head' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x50, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'ActiveCount' : [ 0xc, ['unsigned long']],
+    'PendingNullCount' : [ 0x10, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x14, ['unsigned long']],
+    'PendingDelete' : [ 0x18, ['unsigned long']],
+    'FreeListHead' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x28, ['pointer64', ['void']]],
+    'CompletionKey' : [ 0x30, ['pointer64', ['void']]],
+    'Entry' : [ 0x38, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x100, {
+    'DriverInit' : [ 0x0, ['pointer64', ['void']]],
+    'DriverStartIo' : [ 0x8, ['pointer64', ['void']]],
+    'DriverUnload' : [ 0x10, ['pointer64', ['void']]],
+    'AddDevice' : [ 0x18, ['pointer64', ['void']]],
+    'MajorFunction' : [ 0x20, ['array', 28, ['pointer64', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0xc0, {
+    'PartitionLock' : [ 0x0, ['unsigned long long']],
+    'PartitionIdLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x10, ['unsigned long long']],
+    'PartitionList' : [ 0x18, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x28, ['pointer64', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x30, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x40, ['array', 1, ['pointer64', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x48, ['pointer64', ['pointer64', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x50, ['unsigned long long']],
+    'CrossPartitionDenials' : [ 0x58, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x5c, ['unsigned char']],
+    'HugeIoPfnBitMap' : [ 0x60, ['_RTL_BITMAP_EX']],
+    'HugePfnDatabase' : [ 0x70, ['pointer64', ['_MI_HUGE_PFN']]],
+    'HugeRangesLock' : [ 0x80, ['unsigned long long']],
+} ],
+  '_MI_ENCLAVE_STATE' : [ 0x48, {
+    'EnclaveRegions' : [ 0x0, ['_RTL_AVL_TREE']],
+    'EnclaveMetadataPage' : [ 0x8, ['pointer64', ['void']]],
+    'EnclaveMetadataBitMap' : [ 0x10, ['pointer64', ['_RTL_BITMAP']]],
+    'EnclaveMetadataEntryLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'EnclaveMetadataPageLock' : [ 0x20, ['long']],
+    'EnclaveList' : [ 0x28, ['_LIST_ENTRY']],
+    'EnclaveListLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'ShutdownRundown' : [ 0x40, ['_EX_RUNDOWN_REF']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x420, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+    'State' : [ 0x40, ['unsigned char']],
+    'Flags' : [ 0x41, ['unsigned char']],
+    'Removing' : [ 0x42, ['unsigned char']],
+    'Mode' : [ 0x43, ['unsigned char']],
+    'PendingMode' : [ 0x44, ['unsigned char']],
+    'ActivePoint' : [ 0x45, ['unsigned char']],
+    'PendingActivePoint' : [ 0x46, ['unsigned char']],
+    'Critical' : [ 0x47, ['unsigned char']],
+    'ThermalStandby' : [ 0x48, ['unsigned char']],
+    'OverThrottled' : [ 0x49, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x4c, ['long']],
+    'Throttle' : [ 0x50, ['long']],
+    'PendingThrottle' : [ 0x54, ['long']],
+    'ThrottleReasons' : [ 0x58, ['unsigned long']],
+    'LastPassiveTime' : [ 0x60, ['unsigned long long']],
+    'SampleRate' : [ 0x68, ['unsigned long']],
+    'LastTemp' : [ 0x6c, ['unsigned long']],
+    'Info' : [ 0x70, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xcc, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xe4, ['unsigned char']],
+    'PollingRate' : [ 0xe8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xf0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xf8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0x100, ['unsigned long long']],
+    'WorkItem' : [ 0x108, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0x128, ['_KTIMER2']],
+    'Lock' : [ 0x1b0, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x1c0, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x1d8, ['_KEVENT']],
+    'InstanceId' : [ 0x1f0, ['unsigned long']],
+    'TelemetryTracker' : [ 0x1f8, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x410, ['_UNICODE_STRING']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x488, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '__unnamed_2bf0' : [ 0x4, {
+    'Bus' : [ 0x0, ['unsigned char']],
+    'Device' : [ 0x1, ['unsigned char']],
+    'Function' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2bf2' : [ 0x2, {
+    'SecondaryBus' : [ 0x0, ['unsigned char']],
+    'SubordinateBus' : [ 0x1, ['unsigned char']],
+} ],
+  '_PCI_BUSMASTER_DESCRIPTOR' : [ 0xc, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusmasterRidFromDeviceRid', 1: u'BusmasterRidFromBridgeRid', 2: u'BusmasterRidFromMultipleBridges'})]],
+    'Segment' : [ 0x4, ['unsigned long']],
+    'DeviceRid' : [ 0x8, ['__unnamed_2bf0']],
+    'BridgeRid' : [ 0x8, ['__unnamed_2bf0']],
+    'MultipleBridges' : [ 0x8, ['__unnamed_2bf2']],
+} ],
+  '_HVP_VIEW_MAP' : [ 0x38, {
+    'SectionReference' : [ 0x0, ['pointer64', ['void']]],
+    'StorageEndFileOffset' : [ 0x8, ['long long']],
+    'SectionEndFileOffset' : [ 0x10, ['long long']],
+    'ProcessTuple' : [ 0x18, ['pointer64', ['_CMSI_PROCESS_TUPLE']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ViewTree' : [ 0x28, ['_RTL_RB_TREE']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x10, {
+    'ActiveThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'WaitList' : [ 0x8, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['void']]],
+    'BusExtension' : [ 0x8, ['pointer64', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HAL_LOG_REGISTER_CONTEXT' : [ 0x10, {
+    'LogRoutine' : [ 0x0, ['pointer64', ['void']]],
+    'Flag' : [ 0x8, ['unsigned long']],
+} ],
+  '_DEVICE_OBJECT_LIST_ENTRY' : [ 0x18, {
+    'DeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RelationLevel' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'RELATION_LEVEL_REMOVE_EJECT', 1: u'RELATION_LEVEL_DEPENDENT', 2: u'RELATION_LEVEL_DIRECT_DESCENDANT'})]],
+    'Ordinal' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x20, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x8, ['long long']],
+    'SidCount' : [ 0x10, ['unsigned long']],
+    'SidValuesStart' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'PointerProtoPte' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x18, {
+    'RunRefs' : [ 0x0, ['pointer64', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x8, ['pointer64', ['void']]],
+    'RunRefSize' : [ 0x10, ['unsigned long']],
+    'Number' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x8, {
+    'Function' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_2c2c' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_2c2e' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_2c2c']],
+    'Private' : [ 0x0, ['__unnamed_2c2e']],
+} ],
+  '_MM_SHARED_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysClear' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'HotPatchAllowed' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+} ],
+  '_CM_TRANS_PTR' : [ 0x8, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'TransPtr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_CM_WORKITEM' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x10, ['unsigned long']],
+    'WorkerRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Parameter' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_CM_KEY_HASH' : [ 0x20, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x8, ['pointer64', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer64', ['_HHIVE']]],
+    'KeyCell' : [ 0x18, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0xe0, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x8, ['pointer64', ['void']]],
+    'FastIoRead' : [ 0x10, ['pointer64', ['void']]],
+    'FastIoWrite' : [ 0x18, ['pointer64', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x20, ['pointer64', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x28, ['pointer64', ['void']]],
+    'FastIoLock' : [ 0x30, ['pointer64', ['void']]],
+    'FastIoUnlockSingle' : [ 0x38, ['pointer64', ['void']]],
+    'FastIoUnlockAll' : [ 0x40, ['pointer64', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x48, ['pointer64', ['void']]],
+    'FastIoDeviceControl' : [ 0x50, ['pointer64', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x58, ['pointer64', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x60, ['pointer64', ['void']]],
+    'FastIoDetachDevice' : [ 0x68, ['pointer64', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x70, ['pointer64', ['void']]],
+    'AcquireForModWrite' : [ 0x78, ['pointer64', ['void']]],
+    'MdlRead' : [ 0x80, ['pointer64', ['void']]],
+    'MdlReadComplete' : [ 0x88, ['pointer64', ['void']]],
+    'PrepareMdlWrite' : [ 0x90, ['pointer64', ['void']]],
+    'MdlWriteComplete' : [ 0x98, ['pointer64', ['void']]],
+    'FastIoReadCompressed' : [ 0xa0, ['pointer64', ['void']]],
+    'FastIoWriteCompressed' : [ 0xa8, ['pointer64', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0xb0, ['pointer64', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0xb8, ['pointer64', ['void']]],
+    'FastIoQueryOpen' : [ 0xc0, ['pointer64', ['void']]],
+    'ReleaseForModWrite' : [ 0xc8, ['pointer64', ['void']]],
+    'AcquireForCcFlush' : [ 0xd0, ['pointer64', ['void']]],
+    'ReleaseForCcFlush' : [ 0xd8, ['pointer64', ['void']]],
+} ],
+  '_KGATE' : [ 0x18, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ProcessorOnly' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x38, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x10, ['unsigned long long']],
+    'VolumeKey' : [ 0x18, ['unsigned long long']],
+    'Rundown' : [ 0x20, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x28, ['pointer64', ['void']]],
+    'VolumeIoAttribution' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '__unnamed_2c54' : [ 0x8, {
+    'EntireField' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_2c5b' : [ 0x8, {
+    'Flink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 18, native_type='unsigned long long')]],
+    'PageState' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long long')]],
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 38, native_type='unsigned long long')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'HasError' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'Partition' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 51, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2c5d' : [ 0x8, {
+    'e1' : [ 0x0, ['__unnamed_2c54']],
+    'e2' : [ 0x0, ['__unnamed_2c5b']],
+} ],
+  '_MI_HUGE_PFN' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2c5d']],
+} ],
+  '_RTL_HP_LFH_CONFIG' : [ 0x4, {
+    'MaxBlockSize' : [ 0x0, ['unsigned short']],
+    'WitholdPageCrossingBlocks' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DisableRandomization' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x10, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'Flags' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0xa, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_HEAP_LFH_AFFINITY_SLOT' : [ 0x40, {
+    'State' : [ 0x0, ['_HEAP_LFH_SUBSEGMENT_OWNER']],
+    'ActiveSubsegment' : [ 0x38, ['_HEAP_LFH_FAST_REF']],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x8, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x10, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x28, ['unsigned long']],
+    'PagingCount' : [ 0x2c, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x30, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KPRCBFLAG' : [ 0x4, {
+    'PrcbFlags' : [ 0x0, ['long']],
+    'BamQosLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PendingQosUpdate' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 10, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'TracepointActive' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PrcbFlagsReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2c79' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2c7b' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer64', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0x10, ['__unnamed_2c79']],
+    'Button' : [ 0x10, ['__unnamed_2c7b']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0x10, ['pointer64', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x1c, ['unsigned long']],
+    'Buckets' : [ 0x20, ['array', 1, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_KTIMER2' : [ 0x88, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x18, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x58, ['long long']],
+    'Callback' : [ 0x60, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x68, ['pointer64', ['void']]],
+    'DisableCallback' : [ 0x70, ['pointer64', ['void']]],
+    'DisableContext' : [ 0x78, ['pointer64', ['void']]],
+    'AbsoluteSystemTime' : [ 0x80, ['unsigned char']],
+    'TypeFlags' : [ 0x81, ['unsigned char']],
+    'Unused' : [ 0x81, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x81, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x81, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x81, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PseudoHighRes' : [ 0x81, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Unused1' : [ 0x81, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x82, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x20, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x10a8, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'CodePageEdited' : [ 0x20, ['unsigned char']],
+    'DynamicVaBitBuffer' : [ 0x28, ['pointer64', ['unsigned long long']]],
+    'DynamicVaBitBufferPages' : [ 0x30, ['unsigned long long']],
+    'DynamicVaStart' : [ 0x38, ['pointer64', ['void']]],
+    'ImageVaStart' : [ 0x40, ['pointer64', ['void']]],
+    'SystemViewBuckets' : [ 0x48, ['array', 256, ['_MI_HUGE_SYSTEM_VIEW_HEAD']]],
+    'DynamicPtesBitBuffer' : [ 0x1048, ['pointer64', ['unsigned long']]],
+    'IdLock' : [ 0x1050, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x1058, ['pointer64', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x1060, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x1068, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x1070, ['pointer64', ['void']]],
+    'SessionCore' : [ 0x1078, ['pointer64', ['void']]],
+    'SessionIdNodes' : [ 0x1080, ['_RTL_AVL_TREE']],
+    'DeleteInProgressEvent' : [ 0x1088, ['_KEVENT']],
+    'DeleteInProgressCount' : [ 0x10a0, ['unsigned long']],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x338, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+    'EnabledUserVisibleSupervisorFeatures' : [ 0x330, ['unsigned long long']],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer64', ['void']]],
+    'CallbackContext' : [ 0x10, ['pointer64', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'AccessMask' : [ 0x20, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x340, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'UnusedSegmentPagedPool' : [ 0x18, ['unsigned long long']],
+    'DataSectionProtectionMask' : [ 0x20, ['unsigned long']],
+    'HighSectionBase' : [ 0x28, ['pointer64', ['void']]],
+    'PhysicalSubsection' : [ 0x30, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0xc0, ['_CONTROL_AREA']],
+    'PurgingExtentPages' : [ 0x140, ['_MMPFNLIST']],
+    'DanglingExtentPages' : [ 0x168, ['pointer64', ['_MMPFN']]],
+    'DanglingExtentsWorkItem' : [ 0x170, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsDeletionWaitList' : [ 0x190, ['_MI_EXTENT_DELETION_WAIT_BLOCK']],
+    'FileOnlyMemoryPfnsCreated' : [ 0x1b0, ['unsigned char']],
+    'DanglingExtentsWorkerActive' : [ 0x1b1, ['unsigned char']],
+    'PurgingExtentsNeedWatchdog' : [ 0x1b2, ['unsigned char']],
+    'PrototypePtesTree' : [ 0x1b8, ['_RTL_AVL_TREE']],
+    'PrototypePtesTreeSpinLock' : [ 0x1c0, ['long']],
+    'RelocateBitmapsLock' : [ 0x1c8, ['_EX_PUSH_LOCK']],
+    'ImageBitMapNative' : [ 0x1d0, ['_RTL_BITMAP_EX']],
+    'ImageBiasNative' : [ 0x1e0, ['unsigned long long']],
+    'OverflowArea' : [ 0x1e8, ['_MI_DLL_OVERFLOW_AREA']],
+    'Wow' : [ 0x208, ['array', 1, ['_MI_SECTION_WOW_STATE']]],
+    'ImageBiasWow' : [ 0x248, ['unsigned long long']],
+    'ImageBitMapWowScratch' : [ 0x250, ['_RTL_BITMAP_EX']],
+    'ImageBitMap64Low' : [ 0x260, ['_RTL_BITMAP_EX']],
+    'ImageBias64Low' : [ 0x270, ['unsigned long long']],
+    'ApiSetSection' : [ 0x278, ['pointer64', ['void']]],
+    'ApiSetSchema' : [ 0x280, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0x288, ['unsigned long long']],
+    'LostDataFiles' : [ 0x290, ['unsigned long']],
+    'LostDataPages' : [ 0x294, ['unsigned long']],
+    'ImageFailureReason' : [ 0x298, ['unsigned long']],
+    'CfgBitMapSection' : [ 0x2a0, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea' : [ 0x2a8, ['pointer64', ['_CONTROL_AREA']]],
+    'KernelCfgBitMap' : [ 0x2b0, ['_RTL_BITMAP_EX']],
+    'KernelCfgBitMapLock' : [ 0x2c0, ['_EX_PUSH_LOCK']],
+    'ImageCfgFailure' : [ 0x2c8, ['unsigned long']],
+    'RetpolineReservePages' : [ 0x2cc, ['unsigned long']],
+    'RetpolineStubMdl' : [ 0x2d0, ['pointer64', ['_MDL']]],
+    'KernelRetpolineBitMap' : [ 0x2d8, ['_RTL_BITMAP_EX']],
+    'RetpolineRoutines' : [ 0x2e8, ['pointer64', ['_RTL_RETPOLINE_ROUTINES']]],
+    'RetpolineRevertPte' : [ 0x2f0, ['pointer64', ['_MMPTE']]],
+    'NonRetpolineImageLoadList' : [ 0x2f8, ['_LIST_ENTRY']],
+    'RetpolineStubPages' : [ 0x308, ['unsigned long']],
+    'RetpolineBootStatus' : [ 0x30c, ['long']],
+    'ImageBreakpointEnabled' : [ 0x310, ['unsigned long']],
+    'ImageBreakpointChecksum' : [ 0x314, ['unsigned long']],
+    'ImageBreakpointSize' : [ 0x318, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x31c, ['long']],
+    'ImageExtentTree' : [ 0x320, ['_RTL_AVL_TREE']],
+    'ImageExtentTreeLock' : [ 0x328, ['_EX_PUSH_LOCK']],
+    'HotPatchReserveSize' : [ 0x330, ['unsigned long']],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x30, {
+    'HashLink' : [ 0x0, ['pointer64', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x8, ['unsigned short']],
+    'Atom' : [ 0xa, ['unsigned short']],
+    'Reference' : [ 0x10, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x28, ['unsigned char']],
+    'Name' : [ 0x2a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x8, ['unsigned long']],
+    'WaitResponse' : [ 0xc, ['unsigned long']],
+    'Gate' : [ 0x10, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x28, {
+    'DebugInfo' : [ 0x0, ['pointer64', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x8, ['long']],
+    'RecursionCount' : [ 0xc, ['long']],
+    'OwningThread' : [ 0x10, ['pointer64', ['void']]],
+    'LockSemaphore' : [ 0x18, ['pointer64', ['void']]],
+    'SpinCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x70, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x10, ['unsigned char']],
+    'ArbiterInterface' : [ 0x18, ['pointer64', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x20, ['pointer64', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x38, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x48, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x58, ['_LIST_ENTRY']],
+    'State' : [ 0x68, ['unsigned char']],
+    'ResourcesChanged' : [ 0x69, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x68, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x8, ['pointer64', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x10, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0x18, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x20, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'ContainerFilter' : [ 0x28, ['pointer64', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkIdFilter' : [ 0x30, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'StackWalkNameFilter' : [ 0x38, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+    'StackWalkLevelKwFilter' : [ 0x40, ['pointer64', ['_EVENT_FILTER_LEVEL_KW']]],
+    'EventIdFilter' : [ 0x48, ['pointer64', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x50, ['pointer64', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x58, ['pointer64', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x60, ['pointer64', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'ColdPage' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'UsedPageTableEntries' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 26, native_type='unsigned long long')]],
+    'ShadowStack' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0xa8, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long long']],
+    'NonPagedBytes' : [ 0x58, ['unsigned long long']],
+    'PeakPagedBytes' : [ 0x60, ['unsigned long long']],
+    'PeakNonPagedBytes' : [ 0x68, ['unsigned long long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x70, ['unsigned long']],
+    'SessionTrims' : [ 0x74, ['unsigned long']],
+    'OptionChanges' : [ 0x78, ['unsigned long']],
+    'VerifyMode' : [ 0x7c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x80, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x90, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x94, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x98, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x9c, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xa0, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xa4, ['unsigned long']],
+} ],
+  '_HEAP_SEGMENT_MGR_COMMIT_STATE' : [ 0x2, {
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned short')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 14, native_type='unsigned short')]],
+    'LargePageOperationInProgress' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'LargePageCommit' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'EntireUShortV' : [ 0x0, ['unsigned short']],
+    'EntireUShort' : [ 0x0, ['unsigned short']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x7c8, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['pointer64', ['void']]],
+    'ImageBaseAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Ldr' : [ 0x18, ['pointer64', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x20, ['pointer64', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x28, ['pointer64', ['void']]],
+    'ProcessHeap' : [ 0x30, ['pointer64', ['void']]],
+    'FastPebLock' : [ 0x38, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x40, ['pointer64', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x48, ['pointer64', ['void']]],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['pointer64', ['void']]],
+    'UserSharedInfoPtr' : [ 0x58, ['pointer64', ['void']]],
+    'SystemReserved' : [ 0x60, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['pointer64', ['void']]],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['pointer64', ['void']]],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['pointer64', ['void']]],
+    'SharedData' : [ 0x90, ['pointer64', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x98, ['pointer64', ['pointer64', ['void']]]],
+    'AnsiCodePageData' : [ 0xa0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0xa8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0xb0, ['pointer64', ['void']]],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['pointer64', ['pointer64', ['void']]]],
+    'GdiSharedHandleTable' : [ 0xf8, ['pointer64', ['void']]],
+    'ProcessStarterHelper' : [ 0x100, ['pointer64', ['void']]],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['pointer64', ['void']]],
+    'TlsExpansionBitmap' : [ 0x238, ['pointer64', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['pointer64', ['void']]],
+    'AppCompatInfo' : [ 0x2e0, ['pointer64', ['void']]],
+    'CSDVersion' : [ 0x2e8, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x2f8, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x308, ['pointer64', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x310, ['pointer64', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'SparePointers' : [ 0x320, ['array', 4, ['pointer64', ['void']]]],
+    'SpareUlongs' : [ 0x340, ['array', 5, ['unsigned long']]],
+    'WerRegistrationData' : [ 0x358, ['pointer64', ['void']]],
+    'WerShipAssertPtr' : [ 0x360, ['pointer64', ['void']]],
+    'pUnused' : [ 0x368, ['pointer64', ['void']]],
+    'pImageHeaderHash' : [ 0x370, ['pointer64', ['void']]],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['pointer64', ['void']]]],
+    'TelemetryCoverageHeader' : [ 0x7a0, ['pointer64', ['void']]],
+    'CloudFileFlags' : [ 0x7a8, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x7ac, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x7b0, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x7b1, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x7b8, ['pointer64', ['_LEAP_SECOND_DATA']]],
+    'LeapSecondFlags' : [ 0x7c0, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x7c0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x7c0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x7c4, ['unsigned long']],
+} ],
+  '_RTL_HP_SEG_ALLOC_POLICY' : [ 0x18, {
+    'MinLargePages' : [ 0x0, ['unsigned long long']],
+    'MaxLargePages' : [ 0x8, ['unsigned long long']],
+    'MinUtilization' : [ 0x10, ['unsigned char']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x28, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x10, ['unsigned long']],
+    'Unloads' : [ 0x14, ['unsigned long']],
+    'BaseName' : [ 0x18, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x20, {
+    'IssueType' : [ 0x0, ['unsigned long long']],
+    'Address' : [ 0x8, ['pointer64', ['void']]],
+    'Parameters' : [ 0x10, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x50, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer64', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x28, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x30, ['unsigned long']],
+    'Alternatives' : [ 0x38, ['pointer64', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x40, ['unsigned short']],
+    'RangeAttributes' : [ 0x42, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x43, ['unsigned char']],
+    'WorkSpace' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x10, {
+    'BasePage' : [ 0x0, ['unsigned long long']],
+    'PageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_SYSTEM_LOGGER_SETTINGS' : [ 0x174, {
+    'EtwpSystemLogger' : [ 0x0, ['array', 8, ['_ETW_SYSTEM_LOGGER']]],
+    'EtwpActiveSystemLoggers' : [ 0x10, ['unsigned long']],
+    'SiloGlobalGroupMask' : [ 0x14, ['_PERFINFO_GROUPMASK']],
+    'EtwpGroupMasks' : [ 0x34, ['array', 10, ['_PERFINFO_GROUPMASK']]],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x38, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Vad' : [ 0x20, ['pointer64', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x28, ['unsigned long']],
+    'FullSetBits' : [ 0x2c, ['unsigned long']],
+    'SubListIndex' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2d15' : [ 0x30, {
+    'ApcState' : [ 0x0, ['_KAPC_STATE']],
+    'HardFaultState' : [ 0x0, ['_MI_HARD_FAULT_STATE']],
+} ],
+  '__unnamed_2d17' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2d1a' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x1c0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'ListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Event' : [ 0x20, ['_KEVENT']],
+    'CollidedEvent' : [ 0x38, ['_KEVENT']],
+    'IoStatus' : [ 0x50, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x60, ['_LARGE_INTEGER']],
+    'u2' : [ 0x68, ['__unnamed_2d15']],
+    'Thread' : [ 0x98, ['pointer64', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0xa0, ['pointer64', ['_MMPFN']]],
+    'PteContents' : [ 0xa8, ['_MMPTE']],
+    'WaitCount' : [ 0xb0, ['long']],
+    'InjectRetry' : [ 0xb4, ['long']],
+    'ByteCount' : [ 0xb8, ['unsigned long']],
+    'u3' : [ 0xbc, ['__unnamed_2d17']],
+    'u1' : [ 0xc0, ['__unnamed_2d1a']],
+    'FilePointer' : [ 0xc8, ['pointer64', ['_FILE_OBJECT']]],
+    'PagingFile' : [ 0xc8, ['pointer64', ['_MMPAGING_FILE']]],
+    'ControlArea' : [ 0xd0, ['pointer64', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0xd0, ['pointer64', ['_SUBSECTION']]],
+    'Autoboost' : [ 0xd8, ['pointer64', ['void']]],
+    'FaultingAddress' : [ 0xe0, ['pointer64', ['void']]],
+    'PointerPte' : [ 0xe8, ['pointer64', ['_MMPTE']]],
+    'BasePte' : [ 0xf0, ['pointer64', ['_MMPTE']]],
+    'Pfn' : [ 0xf8, ['pointer64', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x100, ['pointer64', ['_MDL']]],
+    'ProbeCount' : [ 0x108, ['long long']],
+    'Mdl' : [ 0x110, ['_MDL']],
+    'Page' : [ 0x140, ['array', 16, ['unsigned long long']]],
+    'FlowThrough' : [ 0x140, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2d2a' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2d2c' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2d2e' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2d30' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_2d2a']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_2d2c']],
+    'Raw' : [ 0x0, ['__unnamed_2d2e']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x48, {
+    'Thread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'Operation' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0xc, ['__unnamed_2d30']],
+    'Stack' : [ 0x18, ['array', 6, ['pointer64', ['void']]]],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x20, {
+    'BaseKcb' : [ 0x0, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x8, ['long']],
+    'ClonedKcbListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset', 25: u'ClearDmaGuardProblem', 26: u'PnpDeviceActionRequestMax'})]],
+    'ReorderingBarrier' : [ 0x1c, ['unsigned char']],
+    'RequestArgument' : [ 0x20, ['unsigned long long']],
+    'CompletionEvent' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x30, ['pointer64', ['long']]],
+    'ActivityId' : [ 0x38, ['_GUID']],
+    'RefCount' : [ 0x48, ['long']],
+    'Dequeued' : [ 0x4c, ['unsigned char']],
+    'CancelLock' : [ 0x50, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x58, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0x180, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x38, ['unsigned char']],
+    'Platform' : [ 0x39, ['unsigned char']],
+    'DependencyListCount' : [ 0x3c, ['unsigned long']],
+    'Processors' : [ 0x40, ['_KAFFINITY_EX']],
+    'Name' : [ 0xe8, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0xf8, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x100, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x108, ['unsigned long long']],
+    'RefCount' : [ 0x140, ['long']],
+    'CacheAlign0' : [ 0x140, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer64', ['void']]],
+    'InLoadOrderModuleList' : [ 0x10, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x20, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x30, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x40, ['pointer64', ['void']]],
+    'ShutdownInProgress' : [ 0x48, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0xfc0, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer64', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x240, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x280, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x500, ['array', 16, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x780, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x7c0, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x7e8, ['array', 2, ['pointer64', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x7f8, ['array', 8, ['pointer64', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x838, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x880, ['unsigned long long']],
+    'TransitionSharedPagesPeak' : [ 0x888, ['array', 6, ['unsigned long long']]],
+    'MappedPageListHeadEvent' : [ 0x8b8, ['array', 16, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0xa38, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0xa58, ['unsigned long']],
+    'StandbyListDiscard' : [ 0xa5c, ['unsigned char']],
+    'FreeListDiscard' : [ 0xa5d, ['unsigned char']],
+    'PfnBitMapsReady' : [ 0xa5e, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0xa60, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0xa68, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0xac0, ['unsigned long long']],
+    'AvailablePageWaitStates' : [ 0xac8, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0xb28, ['pointer64', ['void']]],
+    'TransitionPrivatePages' : [ 0xb40, ['unsigned long long']],
+    'LargePfnBitMap' : [ 0xb48, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'LargePageListHeads' : [ 0xb68, ['pointer64', ['_MI_FREE_LARGE_PAGE_LIST']]],
+    'MediumPagesOnFreeZeroList' : [ 0xb70, ['pointer64', ['unsigned char']]],
+    'LargePageRebuildCandidates' : [ 0xb78, ['_RTL_BITMAP_EX']],
+    'LargePagesOnFreeZeroList' : [ 0xb88, ['pointer64', ['wchar']]],
+    'HugePageRebuildCandidatesExist' : [ 0xb90, ['long']],
+    'LargePageCandidatesExistEvent' : [ 0xb98, ['_KEVENT']],
+    'LowMemoryThreshold' : [ 0xbb0, ['unsigned long long']],
+    'HighMemoryThreshold' : [ 0xbb8, ['unsigned long long']],
+    'SlabContexts' : [ 0xbc0, ['array', 2, ['array', 4, ['_MI_SLAB_ALLOCATOR_CONTEXT']]]],
+    'SlabPfnBitMap' : [ 0xf80, ['_RTL_BITMAP_EX']],
+    'HugePfnLists' : [ 0xf90, ['pointer64', ['void']]],
+    'AvailableHugeIoRanges' : [ 0xf98, ['unsigned long long']],
+} ],
+  '__unnamed_2d5d' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2d5d']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_STATS' : [ 0x8, {
+    'Buckets' : [ 0x0, ['array', 4, ['_HEAP_LFH_SUBSEGMENT_STAT']]],
+    'AllStats' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_HIDDEN_PROCESSOR_POWER_INTERFACE' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'ReadPerfMsr' : [ 0x8, ['pointer64', ['void']]],
+    'WritePerfMsr' : [ 0x10, ['pointer64', ['void']]],
+    'ReadPerfIoPort' : [ 0x18, ['pointer64', ['void']]],
+    'WritePerfIoPort' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '_KAPC' : [ 0x58, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'RundownRoutine' : [ 0x28, ['pointer64', ['void']]],
+    'NormalRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'Reserved' : [ 0x20, ['array', 3, ['pointer64', ['void']]]],
+    'NormalContext' : [ 0x38, ['pointer64', ['void']]],
+    'SystemArgument1' : [ 0x40, ['pointer64', ['void']]],
+    'SystemArgument2' : [ 0x48, ['pointer64', ['void']]],
+    'ApcStateIndex' : [ 0x50, ['unsigned char']],
+    'ApcMode' : [ 0x51, ['unsigned char']],
+    'Inserted' : [ 0x52, ['unsigned char']],
+} ],
+  '__unnamed_2d8c' : [ 0x8, {
+    'AllocationType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Inserted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2d8e' : [ 0x8, {
+    'PrototypePtesFlags' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_2d90' : [ 0x8, {
+    'e1' : [ 0x0, ['__unnamed_2d8c']],
+    'e2' : [ 0x0, ['__unnamed_2d8e']],
+} ],
+  '_MI_PROTOTYPE_PTES_NODE' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x18, ['__unnamed_2d90']],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer64', ['_UNICODE_STRING']]],
+} ],
+  '_WNF_DELIVERY_DESCRIPTOR' : [ 0x30, {
+    'SubscriptionId' : [ 0x0, ['unsigned long long']],
+    'StateName' : [ 0x8, ['_WNF_STATE_NAME']],
+    'ChangeStamp' : [ 0x10, ['unsigned long']],
+    'StateDataSize' : [ 0x14, ['unsigned long']],
+    'EventMask' : [ 0x18, ['unsigned long']],
+    'TypeId' : [ 0x1c, ['_WNF_TYPE_ID']],
+    'StateDataOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0x190, {
+    'Partition' : [ 0x0, ['pointer64', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0x18, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x40, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x48, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x58, ['unsigned long long']],
+    'CombinePageListHeads' : [ 0x60, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'CommonPageCombineDomain' : [ 0x160, ['unsigned long long']],
+    'PageCombineStats' : [ 0x168, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x38, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0x18, ['long long']],
+    'PackageSid' : [ 0x20, ['pointer64', ['void']]],
+    'LowboxNumber' : [ 0x28, ['unsigned long']],
+    'AtomTable' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x8, ['pointer64', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2db3' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2db5' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2db8' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_2dbc' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x58, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x18, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x28, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x38, ['__unnamed_2db3']],
+    'HvDeviceId' : [ 0x40, ['unsigned long long']],
+    'XapicMessage' : [ 0x48, ['__unnamed_2db5']],
+    'Hypertransport' : [ 0x48, ['__unnamed_2db8']],
+    'GenericMessage' : [ 0x48, ['__unnamed_2db5']],
+    'MessageRequest' : [ 0x48, ['__unnamed_2dbc']],
+} ],
+  '__unnamed_2dc1' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2dc3' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2dc1']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2dc7' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2dc9' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2dc7']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2dc3']],
+    'HighPart' : [ 0x4, ['__unnamed_2dc9']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_KINTERRUPT' : [ 0x120, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'MessageServiceRoutine' : [ 0x20, ['pointer64', ['void']]],
+    'MessageIndex' : [ 0x28, ['unsigned long']],
+    'ServiceContext' : [ 0x30, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x38, ['unsigned long long']],
+    'TickCount' : [ 0x40, ['unsigned long']],
+    'ActualLock' : [ 0x48, ['pointer64', ['unsigned long long']]],
+    'DispatchAddress' : [ 0x50, ['pointer64', ['void']]],
+    'Vector' : [ 0x58, ['unsigned long']],
+    'Irql' : [ 0x5c, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x5d, ['unsigned char']],
+    'FloatingSave' : [ 0x5e, ['unsigned char']],
+    'Connected' : [ 0x5f, ['unsigned char']],
+    'Number' : [ 0x60, ['unsigned long']],
+    'ShareVector' : [ 0x64, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x65, ['unsigned char']],
+    'ActiveCount' : [ 0x66, ['unsigned short']],
+    'InternalState' : [ 0x68, ['long']],
+    'Mode' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x74, ['unsigned long']],
+    'DispatchCount' : [ 0x78, ['unsigned long']],
+    'PassiveEvent' : [ 0x80, ['pointer64', ['_KEVENT']]],
+    'TrapFrame' : [ 0x88, ['pointer64', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x90, ['pointer64', ['void']]],
+    'ServiceThread' : [ 0x98, ['pointer64', ['_KTHREAD']]],
+    'ConnectionData' : [ 0xa0, ['pointer64', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0xa8, ['pointer64', ['void']]],
+    'IsrDpcStats' : [ 0xb0, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0x110, ['pointer64', ['void']]],
+    'PhysicalDeviceObject' : [ 0x118, ['pointer64', ['void']]],
+} ],
+  '_IO_WORKITEM' : [ 0x58, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x20, ['pointer64', ['void']]],
+    'IoObject' : [ 0x28, ['pointer64', ['void']]],
+    'Context' : [ 0x30, ['pointer64', ['void']]],
+    'WorkOnBehalfThread' : [ 0x38, ['pointer64', ['_ETHREAD']]],
+    'Type' : [ 0x40, ['unsigned long']],
+    'ActivityId' : [ 0x44, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x28, {
+    'NextPteToTrim' : [ 0x0, ['pointer64', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x10, ['pointer64', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0x18, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x1c, ['unsigned long']],
+    'LockedEntries' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x70, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'DataPortMapped' : [ 0x10, ['unsigned char']],
+    'AddressPort' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x20, ['unsigned char']],
+    'CommandPort' : [ 0x28, ['pointer64', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x30, ['unsigned char']],
+    'NextSlotNumber' : [ 0x34, ['unsigned long']],
+    'DeviceList' : [ 0x38, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x48, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x50, ['pointer64', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x58, ['pointer64', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x60, ['unsigned long']],
+    'SystemPowerState' : [ 0x64, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x68, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x50, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+    'Extended' : [ 0x49, ['unsigned char']],
+    'RankNumber' : [ 0x4a, ['unsigned short']],
+    'CardHandle' : [ 0x4c, ['unsigned short']],
+    'ModuleHandle' : [ 0x4e, ['unsigned short']],
+} ],
+  '_EX_POOL_HEAP_MANAGER_STATE' : [ 0x86940, {
+    'HeapManager' : [ 0x0, ['_RTLP_HP_HEAP_MANAGER']],
+    'NumberOfPools' : [ 0x38d0, ['unsigned long']],
+    'PoolNode' : [ 0x3900, ['array', 64, ['_EX_HEAP_POOL_NODE']]],
+    'SpecialHeaps' : [ 0x86900, ['array', 4, ['pointer64', ['_SEGMENT_HEAP']]]],
+} ],
+  '_SK_CRASH_MODULE' : [ 0x48, {
+    'ImageName' : [ 0x0, ['array', 32, ['wchar']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+} ],
+  '_KAPC_STATE' : [ 0x30, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x20, ['pointer64', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x28, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x29, ['unsigned char']],
+    'UserApcPendingAll' : [ 0x2a, ['unsigned char']],
+    'SpecialUserApcPending' : [ 0x2a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserApcPending' : [ 0x2a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer64', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_HEAP_VAMGR_CTX' : [ 0x3840, {
+    'VaSpace' : [ 0x0, ['_HEAP_VAMGR_VASPACE']],
+    'AllocatorLock' : [ 0x860, ['unsigned long long']],
+    'AllocatorCount' : [ 0x868, ['unsigned long']],
+    'Allocators' : [ 0x870, ['array', 255, ['_HEAP_VAMGR_ALLOCATOR']]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DEBUG_DEVICE_DESCRIPTOR' : [ 0xf8, {
+    'Bus' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'Segment' : [ 0x8, ['unsigned short']],
+    'VendorID' : [ 0xa, ['unsigned short']],
+    'DeviceID' : [ 0xc, ['unsigned short']],
+    'BaseClass' : [ 0xe, ['unsigned char']],
+    'SubClass' : [ 0xf, ['unsigned char']],
+    'ProgIf' : [ 0x10, ['unsigned char']],
+    'Flags' : [ 0x11, ['unsigned char']],
+    'DbgHalScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgBarsMapped' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Initialized' : [ 0x12, ['unsigned char']],
+    'Configured' : [ 0x13, ['unsigned char']],
+    'BaseAddress' : [ 0x18, ['array', 6, ['DEBUG_DEVICE_ADDRESS']]],
+    'Memory' : [ 0xa8, ['DEBUG_MEMORY_REQUIREMENTS']],
+    'Dbg2TableIndex' : [ 0xc8, ['unsigned long']],
+    'PortType' : [ 0xcc, ['unsigned short']],
+    'PortSubtype' : [ 0xce, ['unsigned short']],
+    'OemData' : [ 0xd0, ['pointer64', ['void']]],
+    'OemDataLength' : [ 0xd8, ['unsigned long']],
+    'NameSpace' : [ 0xdc, ['Enumeration', dict(target = 'long', choices = {0: u'KdNameSpacePCI', 1: u'KdNameSpaceACPI', 2: u'KdNameSpaceAny', 3: u'KdNameSpaceNone', 4: u'KdNameSpaceMax'})]],
+    'NameSpacePath' : [ 0xe0, ['pointer64', ['wchar']]],
+    'NameSpacePathLength' : [ 0xe8, ['unsigned long']],
+    'TransportType' : [ 0xec, ['unsigned long']],
+    'TransportData' : [ 0xf0, ['_DEBUG_TRANSPORT_DATA']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'PassiveCoolingDevicesPresent' : [ 0x21, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x8, {
+    'LogHandleContext' : [ 0x0, ['pointer64', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x2b0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x218, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x298, ['unsigned long']],
+    'ThreadListHead' : [ 0x2a0, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x38, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x18, ['unsigned long']],
+    'RealRefCount' : [ 0x1c, ['unsigned long']],
+    'Descriptor' : [ 0x20, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x8, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 64, native_type='unsigned long long')]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Ptr' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x2e0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Partition' : [ 0x2b0, ['pointer64', ['_EX_PARTITION']]],
+    'Node' : [ 0x2b8, ['pointer64', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x2c0, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x2c4, ['unsigned long']],
+    'ThreadCount' : [ 0x2c8, ['long']],
+    'MinThreads' : [ 0x2cc, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x2cc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x2d0, ['long']],
+    'QueueIndex' : [ 0x2d4, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'IoPoolUntrusted', 8: u'ExPoolMax'})]],
+    'AllThreadsExitedEvent' : [ 0x2d8, ['pointer64', ['_KEVENT']]],
+} ],
+  '_KSCB' : [ 0x1a8, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x70, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x70, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x70, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x70, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x70, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x70, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x70, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x71, ['unsigned char']],
+    'ReadySummary' : [ 0x72, ['unsigned short']],
+    'Rank' : [ 0x74, ['unsigned long']],
+    'ShareRank' : [ 0x78, ['pointer64', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x80, ['unsigned long']],
+    'ReadyListHead' : [ 0x88, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0x188, ['_RTL_RB_TREE']],
+    'Parent' : [ 0x198, ['pointer64', ['_KSCB']]],
+    'Root' : [ 0x1a0, ['pointer64', ['_KSCB']]],
+} ],
+  '__unnamed_2e39' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0xa0, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x10, ['pointer64', ['void']]],
+    'ExceptionTableSize' : [ 0x18, ['unsigned long']],
+    'GpValue' : [ 0x20, ['pointer64', ['void']]],
+    'NonPagedDebugInfo' : [ 0x28, ['pointer64', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'LoadCount' : [ 0x6c, ['unsigned short']],
+    'u1' : [ 0x6e, ['__unnamed_2e39']],
+    'SectionPointer' : [ 0x70, ['pointer64', ['void']]],
+    'CheckSum' : [ 0x78, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x7c, ['unsigned long']],
+    'CoverageSection' : [ 0x80, ['pointer64', ['void']]],
+    'LoadedImports' : [ 0x88, ['pointer64', ['void']]],
+    'Spare' : [ 0x90, ['pointer64', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x98, ['unsigned long']],
+    'TimeDateStamp' : [ 0x9c, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long long']],
+    'TrimInProgressCount' : [ 0x8, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x10, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x28, ['array', 3, ['unsigned long']]],
+} ],
+  '_RTLP_HP_METADATA_HEAP_CTX' : [ 0x10, {
+    'Heap' : [ 0x0, ['pointer64', ['_SEGMENT_HEAP']]],
+    'InitOnce' : [ 0x8, ['_RTL_RUN_ONCE']],
+} ],
+  '_RTL_RETPOLINE_ROUTINES' : [ 0x50, {
+    'UnwindDataOffset' : [ 0x0, ['unsigned long']],
+    'SwitchtableJump' : [ 0x4, ['array', 16, ['unsigned long']]],
+    'CfgIndirectRax' : [ 0x44, ['unsigned long']],
+    'NonCfgIndirectRax' : [ 0x48, ['unsigned long']],
+    'ImportR10' : [ 0x4c, ['unsigned long']],
+} ],
+  '_KMUTANT' : [ 0x38, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x28, ['pointer64', ['_KTHREAD']]],
+    'MutantFlags' : [ 0x30, ['unsigned char']],
+    'Abandoned' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x30, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'Abandoned2' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'AbEnabled' : [ 0x30, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare2' : [ 0x30, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'ApcDisable' : [ 0x31, ['unsigned char']],
+} ],
+  '__unnamed_2e4b' : [ 0x8, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 44, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2e50' : [ 0x8, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'OldestWsleLeafEntries' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 14, native_type='unsigned long long')]],
+    'OldestWsleLeafAge' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 17, native_type='unsigned long long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 60, native_type='unsigned long long')]],
+} ],
+  '_MI_ACTIVE_PFN' : [ 0x8, {
+    'Leaf' : [ 0x0, ['__unnamed_2e4b']],
+    'PageTable' : [ 0x0, ['__unnamed_2e50']],
+    'EntireActiveField' : [ 0x0, ['unsigned long long']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x8, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x1e0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x8, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x30, ['_GUID']],
+    'Mutex' : [ 0x40, ['_KMUTANT']],
+    'NextSameTx' : [ 0x78, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x88, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x98, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0xa0, ['pointer64', ['_KTRANSACTION']]],
+    'State' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0xac, ['unsigned long']],
+    'NotificationMask' : [ 0xb0, ['unsigned long']],
+    'Key' : [ 0xb8, ['pointer64', ['void']]],
+    'KeyRefCount' : [ 0xc0, ['unsigned long']],
+    'RecoveryInformation' : [ 0xc8, ['pointer64', ['void']]],
+    'RecoveryInformationLength' : [ 0xd0, ['unsigned long']],
+    'DynamicNameInformation' : [ 0xd8, ['pointer64', ['void']]],
+    'DynamicNameInformationLength' : [ 0xe0, ['unsigned long']],
+    'FinalNotification' : [ 0xe8, ['pointer64', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0xf8, ['pointer64', ['void']]],
+    'SubordinateTxHandle' : [ 0x100, ['pointer64', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x108, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0x118, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0x128, ['_GUID']],
+    'NextHistory' : [ 0x138, ['unsigned long']],
+    'History' : [ 0x13c, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x28, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x2c, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_HMAP_TABLE' : [ 0x3000, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_2e7b' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2e7d' : [ 0x20, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_2e7b']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x40, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0x18, ['__unnamed_2e7d']],
+    'VerifiedData' : [ 0x38, ['pointer64', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_VI_VERIFIER_POOL_HEADER' : [ 0x8, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer64', ['_VI_POOL_ENTRY']]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x28, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x10, ['pointer64', ['void']]],
+    'SessionViewVa' : [ 0x10, ['pointer64', ['void']]],
+    'VadsProcess' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'Type' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'Subsection' : [ 0x18, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'SystemCacheAttributes' : [ 0x20, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x200, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0x80, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0x90, ['unsigned long long']],
+    'PteTrackingBitmap' : [ 0x98, ['_RTL_BITMAP_EX']],
+    'CachedPteHeads' : [ 0xa8, ['pointer64', ['_MI_CACHED_PTES']]],
+    'CachedKernelStackPteHeads' : [ 0xb0, ['pointer64', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xb8, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPteInfo' : [ 0x118, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x178, ['unsigned long']],
+    'KernelStackPages' : [ 0x17c, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x17d, ['unsigned char']],
+    'AdjustCounter' : [ 0x17e, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x180, ['long']],
+    'ReservedMappingTree' : [ 0x188, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x190, ['pointer64', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x198, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x1a0, ['long']],
+    'BreakMakePte' : [ 0x1a8, ['pointer64', ['_MMPTE']]],
+    'UltraSpaceContext' : [ 0x1b0, ['_MI_ULTRA_VA_CONTEXT']],
+    'NumberOfUltraMdlMaps' : [ 0x1f0, ['unsigned long']],
+    'UltraMdlNodeMappings' : [ 0x1f8, ['pointer64', ['_MI_ULTRA_MDL_NODE']]],
+} ],
+  '__unnamed_2e95' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0x1b8, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2e95']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'NodeInformation' : [ 0x10, ['pointer64', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x18, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x20, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x28, ['unsigned long long']],
+    'PfnUnmapWorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x50, ['unsigned long long']],
+    'PfnUnmapWaitList' : [ 0x58, ['pointer64', ['void']]],
+    'MemoryRuns' : [ 0x60, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x68, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x80, ['array', 6, ['pointer64', ['void']]]],
+    'PartitionObject' : [ 0xb0, ['pointer64', ['_EPARTITION']]],
+    'PartitionSystemThreadsLock' : [ 0xb8, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0xc0, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0xc8, ['long']],
+    'PfnUnmapActive' : [ 0xcc, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0xd0, ['_KEVENT']],
+    'RootDirectory' : [ 0xe8, ['pointer64', ['void']]],
+    'KernelObjectsDirectory' : [ 0xf0, ['pointer64', ['void']]],
+    'MemoryEvents' : [ 0xf8, ['array', 11, ['pointer64', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0x150, ['array', 11, ['pointer64', ['void']]]],
+    'TotalHugeIoRanges' : [ 0x1a8, ['unsigned long long']],
+    'NonChargedSecurePages' : [ 0x1b0, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0xc0, {
+    'NextPageColor' : [ 0x0, ['unsigned long']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long long']],
+    'VmWorkingSetList' : [ 0x10, ['pointer64', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x18, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x28, ['array', 8, ['unsigned long long']]],
+    'ExitOutswapGate' : [ 0x68, ['pointer64', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x70, ['unsigned long long']],
+    'WorkingSetLeafSize' : [ 0x78, ['unsigned long long']],
+    'WorkingSetLeafPrivateSize' : [ 0x80, ['unsigned long long']],
+    'WorkingSetSize' : [ 0x88, ['unsigned long long']],
+    'WorkingSetPrivateSize' : [ 0x90, ['unsigned long long']],
+    'MaximumWorkingSetSize' : [ 0x98, ['unsigned long long']],
+    'PeakWorkingSetSize' : [ 0xa0, ['unsigned long long']],
+    'HardFaultCount' : [ 0xa8, ['unsigned long']],
+    'LastTrimStamp' : [ 0xac, ['unsigned short']],
+    'PartitionId' : [ 0xae, ['unsigned short']],
+    'SelfmapLock' : [ 0xb0, ['unsigned long long']],
+    'Flags' : [ 0xb8, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x30, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x10, ['unsigned char']],
+    'BlockState' : [ 0x11, ['unsigned char']],
+    'WaitKey' : [ 0x12, ['unsigned short']],
+    'SpareLong' : [ 0x14, ['long']],
+    'Thread' : [ 0x18, ['pointer64', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0x18, ['pointer64', ['_KQUEUE']]],
+    'Object' : [ 0x20, ['pointer64', ['void']]],
+    'SparePtr' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x18, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0x10, ['pointer64', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+} ],
+  '_INVERTED_FUNCTION_TABLE' : [ 0x1810, {
+    'CurrentSize' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'Epoch' : [ 0x8, ['unsigned long']],
+    'Overflow' : [ 0xc, ['unsigned char']],
+    'TableEntry' : [ 0x10, ['array', 256, ['_INVERTED_FUNCTION_TABLE_ENTRY']]],
+} ],
+  '_LFH_RANDOM_DATA' : [ 0x100, {
+    'Bytes' : [ 0x0, ['array', 256, ['unsigned char']]],
+    'Words' : [ 0x0, ['array', 128, ['unsigned short']]],
+    'Quadwords' : [ 0x0, ['array', 32, ['unsigned long long']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0x1a8, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long long']],
+    'WorkQueue' : [ 0x20, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x60, ['pointer64', ['void']]],
+    'AcceptProcessorNotification' : [ 0x68, ['pointer64', ['void']]],
+    'AcceptAcpiNotification' : [ 0x70, ['pointer64', ['void']]],
+    'PluginWorkPool' : [ 0x78, ['_POP_FX_WORK_POOL']],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='long long')]],
+} ],
+  '__unnamed_2ec1' : [ 0x38, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x30, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x78, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long long']],
+    'ModifiedPagesTotal' : [ 0x20, ['unsigned long long']],
+    'ModifiedPagefilePages' : [ 0x28, ['unsigned long long']],
+    'ModifiedNoWritePages' : [ 0x30, ['unsigned long long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x38, ['unsigned long long']],
+    'MdlHack' : [ 0x40, ['__unnamed_2ec1']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x270, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ReadySummary' : [ 0x8, ['unsigned long']],
+    'ReadyListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x210, ['array', 64, ['unsigned char']]],
+    'Span' : [ 0x250, ['unsigned char']],
+    'LowProcIndex' : [ 0x251, ['unsigned char']],
+    'QueueIndex' : [ 0x252, ['unsigned char']],
+    'ProcCount' : [ 0x253, ['unsigned char']],
+    'ScanOwner' : [ 0x254, ['unsigned char']],
+    'Spare' : [ 0x255, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x258, ['unsigned long long']],
+    'ReadyThreadCount' : [ 0x260, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x268, ['unsigned long long']],
+} ],
+  '_HAL_LBR_ENTRY' : [ 0x18, {
+    'FromAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ToAddress' : [ 0x8, ['pointer64', ['void']]],
+    'Reserved' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x70, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x10, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x20, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x28, ['pointer64', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x30, ['pointer64', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x30, ['array', 4, ['pointer64', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x30, ['pointer64', ['void']]],
+    'SessionId' : [ 0x38, ['unsigned long']],
+    'Process' : [ 0x50, ['pointer64', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x50, ['pointer64', ['void']]],
+    'Callback' : [ 0x58, ['pointer64', ['void']]],
+    'Index' : [ 0x60, ['unsigned short']],
+    'Flags' : [ 0x62, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x62, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x62, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x62, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x62, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x62, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x62, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x62, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'DbgUseDescriptorType' : [ 0x62, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'DbgDropProviderTraits' : [ 0x62, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'EnableMask' : [ 0x64, ['unsigned char']],
+    'GroupEnableMask' : [ 0x65, ['unsigned char']],
+    'HostEnableMask' : [ 0x66, ['unsigned char']],
+    'HostGroupEnableMask' : [ 0x67, ['unsigned char']],
+    'Traits' : [ 0x68, ['pointer64', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HAL_DP_REPLACE_PARAMETERS' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'TargetProcessors' : [ 0x8, ['pointer64', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+    'SpareProcessors' : [ 0x10, ['pointer64', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x28, {
+    'NextEntry' : [ 0x0, ['pointer64', ['void']]],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x4c0, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long long']],
+    'AvailableSystemCacheVa' : [ 0x8, ['unsigned long long']],
+    'DynamicBitMapKernelStacks' : [ 0x10, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSystemPtes' : [ 0x58, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapDriverImages' : [ 0xa0, ['array', 2, ['_MI_DYNAMIC_BITMAP']]],
+    'DynamicBitMapPagedPool' : [ 0x130, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSystemCache' : [ 0x178, ['_MI_DYNAMIC_BITMAP']],
+    'DynamicBitMapSecureNonPagedPool' : [ 0x1c0, ['_MI_DYNAMIC_BITMAP']],
+    'HalPrivateVaStart' : [ 0x208, ['pointer64', ['void']]],
+    'HalPrivateVaSize' : [ 0x210, ['unsigned long long']],
+    'SystemVaAssignment' : [ 0x218, ['array', 8, ['unsigned long']]],
+    'SystemVaAssignmentHint' : [ 0x238, ['unsigned long']],
+    'TopLevelPteLockBits' : [ 0x23c, ['array', 32, ['unsigned long']]],
+    'DeleteKvaLock' : [ 0x2bc, ['long']],
+    'WsleArrays' : [ 0x2c0, ['array', 8, ['pointer64', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x300, ['pointer64', ['void']]],
+    'HyperSpaceEnd' : [ 0x308, ['pointer64', ['void']]],
+    'PagableHyperSpaceBytes' : [ 0x310, ['unsigned long long']],
+    'PageTableCommitmentOffset' : [ 0x318, ['array', 2, ['unsigned long long']]],
+    'FreeSystemCacheVa' : [ 0x328, ['_KEVENT']],
+    'SystemVaLock' : [ 0x340, ['unsigned long long']],
+    'SystemCacheViewLock' : [ 0x348, ['unsigned long long']],
+    'SystemWorkingSetList' : [ 0x350, ['array', 8, ['_MMWSL_INSTANCE']]],
+    'SelfmapLock' : [ 0x490, ['array', 4, ['unsigned long long']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x80, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'GoodCitizenWaiting' : [ 0x4, ['long']],
+    'ReleasedCommitDebt' : [ 0x8, ['unsigned long long']],
+    'ResetPagesRepurposedCount' : [ 0x10, ['unsigned long long']],
+    'WsSwapSupport' : [ 0x18, ['pointer64', ['void']]],
+    'CommitReleaseContext' : [ 0x20, ['pointer64', ['void']]],
+    'AccessLog' : [ 0x28, ['pointer64', ['void']]],
+    'ChargedWslePages' : [ 0x30, ['unsigned long long']],
+    'ActualWslePages' : [ 0x38, ['unsigned long long']],
+    'WorkingSetCoreLock' : [ 0x40, ['unsigned long long']],
+    'ShadowMapping' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_ETW_SYSTEM_LOGGER' : [ 0x2, {
+    'LoggerId' : [ 0x0, ['unsigned char']],
+    'ClockType' : [ 0x1, ['unsigned char']],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '__WIL__WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x20, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_PNP_REPLACE_PROCESSOR_LIST' : [ 0x18, {
+    'Affinity' : [ 0x0, ['pointer64', ['unsigned long long']]],
+    'GroupCount' : [ 0x8, ['unsigned long']],
+    'AllocatedCount' : [ 0xc, ['unsigned long']],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ApicIds' : [ 0x14, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_ULTRA_VA_CONTEXT' : [ 0x40, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'ZeroMapping' : [ 0x8, ['pointer64', ['void']]],
+    'AllocationHintBit' : [ 0x10, ['unsigned long long']],
+    'Bitmap' : [ 0x18, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'ConcurrencyMaximum' : [ 0x38, ['long']],
+    'ConcurrencyCount' : [ 0x3c, ['long']],
+} ],
+  '_ETW_HW_TRACE_EXT_INTERFACE' : [ 0x18, {
+    'StartProcessorTraceOnEachCore' : [ 0x0, ['pointer64', ['void']]],
+    'StopProcessorTraceOnEachCore' : [ 0x8, ['pointer64', ['void']]],
+    'LogProcessorTraceOnCurrentCore' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x8, {
+    'ImpersonationData' : [ 0x0, ['unsigned long long']],
+    'ImpersonationToken' : [ 0x0, ['pointer64', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x8, ['pointer64', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x10, ['pointer64', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x20, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x10, ['_PO_IRP_QUEUE']],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_DLL_OVERFLOW_AREA' : [ 0x20, {
+    'RangeStart' : [ 0x0, ['pointer64', ['void']]],
+    'NextVa' : [ 0x8, ['pointer64', ['void']]],
+    'RangeStartAbove2gb' : [ 0x10, ['pointer64', ['void']]],
+    'NextVaAbove2gb' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x20, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CrossPartitionReferences' : [ 0x8, ['unsigned long long']],
+    'CloneCommitCount' : [ 0x10, ['unsigned long long']],
+    'u1' : [ 0x10, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MACHINE_CHECK_CONTEXT' : [ 0x50, {
+    'MachineFrame' : [ 0x0, ['_MACHINE_FRAME']],
+    'Rax' : [ 0x28, ['unsigned long long']],
+    'Rcx' : [ 0x30, ['unsigned long long']],
+    'Rdx' : [ 0x38, ['unsigned long long']],
+    'GsBase' : [ 0x40, ['unsigned long long']],
+    'Cr3' : [ 0x48, ['unsigned long long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_2f2e' : [ 0x8, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer64', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+} ],
+  '_SECTION' : [ 0x40, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0x18, ['unsigned long long']],
+    'EndingVpn' : [ 0x20, ['unsigned long long']],
+    'u1' : [ 0x28, ['__unnamed_2f2e']],
+    'SizeOfSection' : [ 0x30, ['unsigned long long']],
+    'u' : [ 0x38, ['__unnamed_1d8b']],
+    'InitialPageProtection' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x3c, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x3c, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x48, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer64', ['void']]]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_STAT' : [ 0x2, {
+    'Index' : [ 0x0, ['unsigned char']],
+    'Count' : [ 0x1, ['unsigned char']],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0xc0, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x10, ['unsigned long']],
+    'ArgumentStatus' : [ 0x14, ['long']],
+    'CallerEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'Callback' : [ 0x20, ['pointer64', ['void']]],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'VetoType' : [ 0x30, ['pointer64', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights', 13: u'PNP_VetoAlreadyRemoved'})]]],
+    'VetoName' : [ 0x38, ['pointer64', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x40, ['unsigned long']],
+    'Lock' : [ 0x44, ['unsigned long']],
+    'Cancel' : [ 0x48, ['unsigned char']],
+    'Parent' : [ 0x50, ['pointer64', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x58, ['_GUID']],
+    'Watchdog' : [ 0x68, ['pointer64', ['_PNP_WATCHDOG']]],
+    'Data' : [ 0x70, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_GLOBAL_APPCOMPAT_FLAGS' : [ 0x4, {
+    'SafeInputValidation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Padding' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CommitLFHSubsegments' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AllocateHeapFromEnv' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x20, {
+    'VirtualAddress' : [ 0x0, ['pointer64', ['void']]],
+    'CallingAddress' : [ 0x8, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+    'Tag' : [ 0x18, ['unsigned long long']],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x10, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x8, ['array', 1, ['pointer64', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0xa0, {
+    'Timelines' : [ 0x0, ['array', 14, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+    'InputTimeline' : [ 0x48, ['_TIMELINE_BITMAP']],
+    'AudioInTimeline' : [ 0x50, ['_TIMELINE_BITMAP']],
+    'AudioOutTimeline' : [ 0x58, ['_TIMELINE_BITMAP']],
+    'DisplayRequiredTimeline' : [ 0x60, ['_TIMELINE_BITMAP']],
+    'KeyboardInputTimeline' : [ 0x68, ['_TIMELINE_BITMAP']],
+    'Durations' : [ 0x70, ['array', 5, ['_ENERGY_STATE_DURATION']]],
+    'InputDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'AudioInDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'AudioOutDuration' : [ 0x80, ['_ENERGY_STATE_DURATION']],
+    'DisplayRequiredDuration' : [ 0x88, ['_ENERGY_STATE_DURATION']],
+    'PSMBackgroundDuration' : [ 0x90, ['_ENERGY_STATE_DURATION']],
+    'KeyboardInput' : [ 0x98, ['unsigned long']],
+    'MouseInput' : [ 0x9c, ['unsigned long']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x20, ['pointer64', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x28, ['long']],
+    'Active' : [ 0x2c, ['long']],
+    'FreeWhenDone' : [ 0x30, ['unsigned char']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x118, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x10, ['unsigned long']],
+    'InDebugger' : [ 0x14, ['long']],
+    'Pfns' : [ 0x18, ['array', 32, ['pointer64', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x10, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 63, native_type='unsigned long long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LockState' : [ 0x0, ['pointer64', ['void']]],
+    'SessionState' : [ 0x8, ['pointer64', ['void']]],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'SessionPad' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer64', ['void']]],
+    'Owner' : [ 0x18, ['pointer64', ['void']]],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+} ],
+  '_ETIMER' : [ 0x138, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x40, ['unsigned long long']],
+    'TimerApc' : [ 0x48, ['_KAPC']],
+    'TimerDpc' : [ 0xa0, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0xe0, ['_LIST_ENTRY']],
+    'Period' : [ 0xf0, ['unsigned long']],
+    'TimerFlags' : [ 0xf4, ['unsigned char']],
+    'ApcAssociated' : [ 0xf4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0xf4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0xf4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf4, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0xf5, ['unsigned char']],
+    'Spare2' : [ 0xf6, ['unsigned short']],
+    'WakeReason' : [ 0xf8, ['pointer64', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x110, ['pointer64', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x118, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x128, ['unsigned long long']],
+    'CoalescingWindow' : [ 0x130, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x78, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x48, ['pointer64', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x50, ['array', 2, ['_RTL_BITMAP_EX']]],
+    'CrashDumpPte' : [ 0x70, ['pointer64', ['_MMPTE']]],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x38, {
+    'Thread' : [ 0x0, ['pointer64', ['void']]],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+    'NewIrql' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'TickCount' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 5, ['pointer64', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x20, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x10, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0x18, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'Entry' : [ 0x10, ['pointer64', ['_CM_KEY_HASH']]],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x10, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x8, ['pointer64', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x8, {
+    'ImageFileName' : [ 0x0, ['pointer64', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x20, ['pointer64', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x28, ['pointer64', ['void']]],
+} ],
+  'DEBUG_MEMORY_REQUIREMENTS' : [ 0x20, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'MaxEnd' : [ 0x8, ['_LARGE_INTEGER']],
+    'VirtualAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Length' : [ 0x18, ['unsigned long']],
+    'Cached' : [ 0x1c, ['unsigned char']],
+    'Aligned' : [ 0x1d, ['unsigned char']],
+} ],
+  'DEBUG_DEVICE_ADDRESS' : [ 0x18, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Valid' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 2, ['unsigned char']]],
+    'BitWidth' : [ 0x2, ['unsigned char']],
+    'AccessSize' : [ 0x3, ['unsigned char']],
+    'TranslatedAddress' : [ 0x8, ['pointer64', ['unsigned char']]],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x200, {
+    'IdleStates' : [ 0x0, ['pointer64', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x8, ['pointer64', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x10, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x18, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x20, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x28, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x30, ['unsigned char']],
+    'PepWokenTransition' : [ 0x31, ['unsigned char']],
+    'HvTargetState' : [ 0x32, ['unsigned char']],
+    'SoftParked' : [ 0x33, ['unsigned char']],
+    'TargetIdleState' : [ 0x34, ['unsigned long']],
+    'IdlePolicy' : [ 0x38, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x40, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x48, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xd8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xdc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xe0, ['unsigned long long']],
+    'WmiInterfaceEnabled' : [ 0xe8, ['long']],
+    'FFHThrottleStateInfo' : [ 0xf0, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0x110, ['_KDPC']],
+    'PerfActionMask' : [ 0x150, ['long']],
+    'HvIdleCheck' : [ 0x158, ['_PROC_IDLE_SNAP']],
+    'CheckContext' : [ 0x168, ['_PROC_PERF_CHECK_CONTEXT']],
+    'Concurrency' : [ 0x1a8, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x1b0, ['pointer64', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ArchitecturalEfficiencyClass' : [ 0x1b8, ['unsigned char']],
+    'PerformanceSchedulingClass' : [ 0x1b9, ['unsigned char']],
+    'EfficiencySchedulingClass' : [ 0x1ba, ['unsigned char']],
+    'Unused' : [ 0x1bb, ['unsigned char']],
+    'Parked' : [ 0x1bc, ['unsigned char']],
+    'LongPriorQosPeriod' : [ 0x1bd, ['unsigned char']],
+    'SnapTimeLast' : [ 0x1c0, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x1c0, ['unsigned long long']],
+    'ActiveTime' : [ 0x1c8, ['unsigned long long']],
+    'TotalTime' : [ 0x1d0, ['unsigned long long']],
+    'FxDevice' : [ 0x1d8, ['pointer64', ['_POP_FX_DEVICE']]],
+    'LastQosTranstionTsc' : [ 0x1e0, ['unsigned long long']],
+    'QosTransitionHysteresis' : [ 0x1e8, ['unsigned long long']],
+    'RequestedQosClass' : [ 0x1f0, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosDeadline', 5: u'KHeteroCpuQosMax'})]],
+    'ResolvedQosClass' : [ 0x1f4, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosDeadline', 5: u'KHeteroCpuQosMax'})]],
+    'QosEquivalencyMask' : [ 0x1f8, ['unsigned short']],
+    'HwFeedbackTableIndex' : [ 0x1fa, ['unsigned short']],
+    'HwFeedbackParkHint' : [ 0x1fc, ['unsigned char']],
+    'HwFeedbackPerformanceClass' : [ 0x1fd, ['unsigned char']],
+    'HwFeedbackEfficiencyClass' : [ 0x1fe, ['unsigned char']],
+    'HeteroCoreType' : [ 0x1ff, ['unsigned char']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x340, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'CloneHeaderCount' : [ 0x18, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x20, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x38, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x50, ['unsigned long long']],
+    'AttemptForCantExtend' : [ 0x58, ['_MMPAGE_FILE_EXPANSION']],
+    'DereferenceSegmentHeader' : [ 0xb0, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0x100, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0x110, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0x150, ['unsigned char']],
+    'SegmentDereferenceThreadExists' : [ 0x151, ['unsigned char']],
+    'SegmentDereferenceActiveControlArea' : [ 0x158, ['pointer64', ['void']]],
+    'UnusedSegmentPagedPool' : [ 0x160, ['unsigned long long']],
+    'UnusedSegmentList' : [ 0x168, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0x178, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0x188, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0x198, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x1b0, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0x1b8, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0x1d0, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x1f0, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0x200, ['_EX_PUSH_LOCK']],
+    'PagefileExtensionWaiters' : [ 0x208, ['unsigned long']],
+    'PagefileExtensionRequests' : [ 0x20c, ['unsigned long']],
+    'PagefileExtensionWaitEvent' : [ 0x210, ['_KEVENT']],
+    'SharedCharges' : [ 0x228, ['array', 7, ['_MI_CROSS_PARTITION_CHARGES']]],
+    'SharedChargesDrainEvent' : [ 0x308, ['pointer64', ['_KEVENT']]],
+    'ControlAreasDrainEvent' : [ 0x310, ['pointer64', ['_KEVENT']]],
+    'CloneHeaderDrainEvent' : [ 0x318, ['pointer64', ['_KEVENT']]],
+    'ProbeRundownReference' : [ 0x320, ['pointer64', ['_EX_RUNDOWN_REF_CACHE_AWARE']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_BUS_HANDLER' : [ 0xb0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ConfigurationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'Cmos', 1: u'EisaConfiguration', 2: u'Pos', 3: u'CbusConfiguration', 4: u'PCIConfiguration', 5: u'VMEConfiguration', 6: u'NuBusConfiguration', 7: u'PCMCIAConfiguration', 8: u'MPIConfiguration', 9: u'MPSAConfiguration', 10: u'PNPISAConfiguration', 11: u'SgiInternalConfiguration', 12: u'MaximumBusDataType', -1: u'ConfigurationSpaceUndefined'})]],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ParentHandler' : [ 0x18, ['pointer64', ['_BUS_HANDLER']]],
+    'BusData' : [ 0x20, ['pointer64', ['void']]],
+    'DeviceControlExtensionSize' : [ 0x28, ['unsigned long']],
+    'BusAddresses' : [ 0x30, ['pointer64', ['_SUPPORTED_RANGES']]],
+    'Reserved' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'GetBusData' : [ 0x48, ['pointer64', ['void']]],
+    'SetBusData' : [ 0x50, ['pointer64', ['void']]],
+    'AdjustResourceList' : [ 0x58, ['pointer64', ['void']]],
+    'AssignSlotResources' : [ 0x60, ['pointer64', ['void']]],
+    'TranslateBusAddress' : [ 0x68, ['pointer64', ['void']]],
+    'Spare1' : [ 0x70, ['pointer64', ['void']]],
+    'Spare2' : [ 0x78, ['pointer64', ['void']]],
+    'Spare3' : [ 0x80, ['pointer64', ['void']]],
+    'Spare4' : [ 0x88, ['pointer64', ['void']]],
+    'Spare5' : [ 0x90, ['pointer64', ['void']]],
+    'Spare6' : [ 0x98, ['pointer64', ['void']]],
+    'Spare7' : [ 0xa0, ['pointer64', ['void']]],
+    'Spare8' : [ 0xa8, ['pointer64', ['void']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x18, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x250, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'State' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x88, ['_GUID']],
+    'NotificationQueue' : [ 0x98, ['_KQUEUE']],
+    'NotificationMutex' : [ 0xd8, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0x110, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x120, ['unsigned long']],
+    'NotificationRoutine' : [ 0x128, ['pointer64', ['void']]],
+    'Key' : [ 0x130, ['pointer64', ['void']]],
+    'ProtocolListHead' : [ 0x138, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0x148, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0x158, ['_LIST_ENTRY']],
+    'Tm' : [ 0x168, ['pointer64', ['_KTM']]],
+    'Description' : [ 0x170, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0x180, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x228, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_DEVICE' : [ 0x4b0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DevNode' : [ 0x30, ['pointer64', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x38, ['pointer64', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x40, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x48, ['pointer64', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x50, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x58, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x60, ['pointer64', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x68, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x70, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0xc0, ['pointer64', ['void']]],
+    'AcpiLink' : [ 0xc8, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0xd8, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0xe8, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x108, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0x128, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0x160, ['unsigned long long']],
+    'IdleTimer' : [ 0x168, ['_KTIMER']],
+    'IdleDpc' : [ 0x1a8, ['_KDPC']],
+    'IdleTimeout' : [ 0x1e8, ['unsigned long long']],
+    'IdleStamp' : [ 0x1f0, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x1f8, ['array', 2, ['pointer64', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x208, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x210, ['array', 2, ['pointer64', ['void']]]],
+    'NextIrpCallerContext' : [ 0x220, ['array', 2, ['pointer64', ['void']]]],
+    'IrpCompleteEvent' : [ 0x230, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x248, ['pointer64', ['void']]],
+    'Accounting' : [ 0x250, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x330, ['unsigned long']],
+    'ComponentCount' : [ 0x334, ['unsigned long']],
+    'Components' : [ 0x338, ['pointer64', ['pointer64', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x340, ['unsigned long']],
+    'Log' : [ 0x348, ['pointer64', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x350, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x358, ['pointer64', ['_DRIVER_OBJECT']]],
+    'DripsWatchdogContext' : [ 0x360, ['_POP_FX_DRIPS_WATCHDOG_CONTEXT']],
+    'DirectedTimeout' : [ 0x388, ['unsigned long']],
+    'DirectedWorkOrder' : [ 0x390, ['_POP_FX_WORK_ORDER']],
+    'DirectedWorkWatchdogInfo' : [ 0x3c8, ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']],
+    'DirectedLock' : [ 0x478, ['unsigned long long']],
+    'DirectedTransitionCallCount' : [ 0x480, ['long']],
+    'DirectedTransitionState' : [ 0x488, ['_POP_FX_DEVICE_DIRECTED_TRANSITION_STATE']],
+    'PowerProfile' : [ 0x498, ['pointer64', ['_POP_DEVICE_POWER_PROFILE']]],
+    'FriendlyName' : [ 0x4a0, ['_UNICODE_STRING']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x80, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x10, ['short']],
+    'SpecialApcDisable' : [ 0x12, ['short']],
+    'CombinedApcDisable' : [ 0x10, ['unsigned long']],
+    'Irql' : [ 0x14, ['unsigned char']],
+    'StackTrace' : [ 0x18, ['array', 13, ['pointer64', ['void']]]],
+} ],
+  '__unnamed_2ff5' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Point' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_PARSE_DEBUG_INFO' : [ 0x50, {
+    'SymlinkCachedKcb' : [ 0x0, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'StartingKcb' : [ 0x8, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KcbCacheResult' : [ 0x10, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'WalkResult' : [ 0x18, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'DeepestKcbFound' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KcbCacheLevels' : [ 0x28, ['unsigned char']],
+    'WalkLevels' : [ 0x29, ['unsigned char']],
+    'FailureCount' : [ 0x2a, ['unsigned char']],
+    'FailurePoints' : [ 0x2c, ['array', 4, ['__unnamed_2ff5']]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x8, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 59, native_type='unsigned long long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  'FEATURE_STATE_CHANGE_SUBSCRIPTION__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PrefetchSystemVmType' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'VaPrefetchReadBlock' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CollidedFlowThrough' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ForceCollisions' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InPageExpanded' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IssuedAtLowPriority' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FaultFromStore' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ClusteredPagePriority' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'MakeClusterValid' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PerformRelocations' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ZeroLastPage' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'UserFault' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StandbyProtectionNeeded' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PteChanged' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PageFileFault' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'PageFilePageHashActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoalescedIo' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VmLockNotNeeded' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer64', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Processors' : [ 0x8, ['unsigned long']],
+    'ActiveProcessors' : [ 0xc, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_RTL_HP_SUB_ALLOCATOR_CONFIGS' : [ 0x8, {
+    'LfhConfigs' : [ 0x0, ['_RTL_HP_LFH_CONFIG']],
+    'VsConfigs' : [ 0x4, ['_RTL_HP_VS_CONFIG']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0x18, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SepCachedHandlesEntryLowbox', 1: u'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x8, ['pointer64', ['void']]],
+    'IsolationPrefix' : [ 0x8, ['_UNICODE_STRING']],
+} ],
+  '_MI_ULTRA_MDL_NODE' : [ 0x200, {
+    'UltraMdlMaps' : [ 0x0, ['array', 8, ['_MI_ALIGNED_SLIST']]],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x10, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x8, ['unsigned long long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+    'ZeroInit1' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_SECTION_WOW_STATE' : [ 0x40, {
+    'ImageBitMap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'OverflowArea' : [ 0x10, ['_MI_DLL_OVERFLOW_AREA']],
+    'CfgBitMapSection' : [ 0x30, ['pointer64', ['_SECTION']]],
+    'CfgBitMapControlArea' : [ 0x38, ['pointer64', ['_CONTROL_AREA']]],
+} ],
+  '_VF_AVL_TABLE' : [ 0xc0, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x68, ['pointer64', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x70, ['pointer64', ['void']]],
+    'Lock' : [ 0x80, ['long']],
+} ],
+  '_PEBS_DS_SAVE_AREA64' : [ 0xa0, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsGpCounterReset' : [ 0x40, ['array', 8, ['unsigned long long']]],
+    'PebsFixedCounterReset' : [ 0x80, ['array', 4, ['unsigned long long']]],
+} ],
+  '_LEAP_SECOND_DATA' : [ 0x10, {
+    'Enabled' : [ 0x0, ['unsigned char']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['array', 1, ['_LARGE_INTEGER']]],
+} ],
+  '__unnamed_3024' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_3026' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_3024']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x60, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x20, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x40, ['pointer64', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x48, ['_LIST_ENTRY']],
+    'Specific' : [ 0x58, ['__unnamed_3026']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0x18, {
+    'ChainLink' : [ 0x0, ['pointer64', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x8, ['pointer64', ['void']]],
+    'HashValue' : [ 0x10, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x10, ['pointer64', ['_DEVICE_NODE']]],
+    'Context' : [ 0x18, ['pointer64', ['void']]],
+    'CompletionState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x24, ['unsigned long']],
+    'Status' : [ 0x28, ['long']],
+    'Information' : [ 0x30, ['pointer64', ['void']]],
+    'ReferenceCount' : [ 0x38, ['long']],
+    'Watchdog' : [ 0x40, ['pointer64', ['_PNP_WATCHDOG']]],
+} ],
+  '_ETW_STACK_TRACE_BLOCK' : [ 0x80, {
+    'RelatedTimestamp' : [ 0x0, ['_LARGE_INTEGER']],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackWalkDpc' : [ 0x10, ['_KDPC']],
+    'ApcListHead' : [ 0x50, ['_SLIST_HEADER']],
+    'ApcEntry' : [ 0x60, ['pointer64', ['_ETW_APC_ENTRY']]],
+    'ApcEntryCount' : [ 0x68, ['unsigned long']],
+    'Flags' : [ 0x6c, ['long']],
+    'ApcCount' : [ 0x70, ['long']],
+    'MaxApcCount' : [ 0x74, ['long']],
+} ],
+  '_EVENT_FILTER_LEVEL_KW' : [ 0x18, {
+    'MatchAnyKeyword' : [ 0x0, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x8, ['unsigned long long']],
+    'Level' : [ 0x10, ['unsigned char']],
+    'FilterIn' : [ 0x11, ['unsigned char']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_3040' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x58, {
+    'Segment' : [ 0x0, ['pointer64', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x8, ['_LIST_ENTRY']],
+    'Partition' : [ 0x18, ['pointer64', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x20, ['unsigned long long']],
+    'ActualExpansion' : [ 0x28, ['unsigned long long']],
+    'Event' : [ 0x30, ['_KEVENT']],
+    'InProgress' : [ 0x48, ['long']],
+    'u1' : [ 0x4c, ['__unnamed_3040']],
+    'ActiveEntry' : [ 0x50, ['pointer64', ['pointer64', ['void']]]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0x100, {
+    'ConnectionPort' : [ 0x0, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x8, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x10, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x30, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x40, ['pointer64', ['void']]],
+    'ServerSectionBase' : [ 0x48, ['pointer64', ['void']]],
+    'PortContext' : [ 0x50, ['pointer64', ['void']]],
+    'ClientThread' : [ 0x58, ['pointer64', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x60, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x70, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0xb8, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MappingProcess' : [ 0xd8, ['pointer64', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0xe0, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0xe2, ['unsigned short']],
+    'Flags' : [ 0xe4, ['unsigned long']],
+    'WaitEvent' : [ 0xe8, ['_KEVENT']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x200, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'Thread' : [ 0x8, ['pointer64', ['_ETHREAD']]],
+    'StackTrace' : [ 0x10, ['array', 62, ['pointer64', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x20, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'Conflicts' : [ 0x18, ['pointer64', ['pointer64', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x218, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'ActiveLevels' : [ 0x1, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'LastActiveUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x18, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xc0, ['array', 21, ['unsigned long long']]],
+    'TotalActiveTime' : [ 0x168, ['array', 10, ['unsigned long long']]],
+    'ActiveTimeSnap' : [ 0x1b8, ['array', 10, ['unsigned long long']]],
+    'TotalTime' : [ 0x208, ['unsigned long long']],
+    'TotalTimeSnap' : [ 0x210, ['unsigned long long']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_DELAY_FREE' : [ 0x8, {
+    'DelayFree' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Count' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 64, native_type='unsigned long long')]],
+    'AllBits' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  'wil_details_StagingConfigWnfStateName' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  'RTLP_HP_LFH_PERF_FLAGS' : [ 0x4, {
+    'HotspotDetection' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HotspotFullCommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ActiveSubsegment' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SmallerSubsegment' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SingleAffinitySlot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ApplyLfhDecommitPolicy' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableGarbageCollection' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LargePagePreCommit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'OpportunisticLargePreCommit' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'LfhForcedAffinity' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'LfhCachelinePadding' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPAGING_FILE' : [ 0x120, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'MaximumSize' : [ 0x8, ['unsigned long long']],
+    'MinimumSize' : [ 0x10, ['unsigned long long']],
+    'FreeSpace' : [ 0x18, ['unsigned long long']],
+    'PeakUsage' : [ 0x20, ['unsigned long long']],
+    'HighestPage' : [ 0x28, ['unsigned long long']],
+    'FreeReservationSpace' : [ 0x30, ['unsigned long long']],
+    'File' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x40, ['pointer64', ['pointer64', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'NumberOfModWriterEntries' : [ 0x48, ['unsigned long']],
+    'PfnsToFree' : [ 0x50, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x60, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x70, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x78, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x7c, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x80, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x84, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x88, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x8c, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x90, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0xa0, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0xb0, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0xc0, ['pointer64', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0xc8, ['unsigned long']],
+    'HybridPriority' : [ 0xc8, ['unsigned long']],
+    'PageFileNumber' : [ 0xcc, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0xcc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0xcc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0xcc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0xcc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0xcc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0xcc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0xcc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpecialPurposeMemory' : [ 0xcc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'Spare0' : [ 0xcc, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0xce, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0xce, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0xcf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0xcf, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0xd0, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0xd4, ['unsigned long']],
+    'PageHash' : [ 0xd8, ['pointer64', ['unsigned long']]],
+    'FileHandle' : [ 0xe0, ['pointer64', ['void']]],
+    'SpinLock' : [ 0xe8, ['long']],
+    'FlowThroughReadRoot' : [ 0xf0, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0xf8, ['pointer64', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x100, ['_RTL_BALANCED_NODE']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x10, {
+    'Process' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'HandleCount' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x8, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x18, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MAP_REGISTER_ENTRY' : [ 0x10, {
+    'MapRegister' : [ 0x0, ['pointer64', ['void']]],
+    'WriteToDevice' : [ 0x8, ['unsigned char']],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x58, {
+    'Context' : [ 0x0, ['pointer64', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer64', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x4c, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x50, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x70, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceReasonUnknown', 1: u'RebalanceReasonRequirementsChanged', 2: u'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceFailureNone', 1: u'RebalanceFailureDisabled', 2: u'RebalanceFailureNoMemory', 3: u'RebalanceFailureQueryStopUnexpectedVeto', 4: u'RebalanceFailureNoRequirements', 5: u'RebalanceFailureNoCandidates', 6: u'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer64', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x20, ['unsigned char']],
+    'TriggerRoot' : [ 0x28, ['pointer64', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x30, ['unsigned char']],
+    'BeginTime' : [ 0x38, ['unsigned long long']],
+    'VetoNode' : [ 0x40, ['array', 2, ['pointer64', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x50, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceQueryRebalanceSucceeded', 1: u'DeviceQueryStopFailed', 2: u'DeviceFailedGetNewResourceRequirement', 3: u'DeviceInUnexpectedState', 4: u'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x58, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_EX_HEAP_POOL_NODE' : [ 0x20c0, {
+    'Heaps' : [ 0x0, ['array', 4, ['pointer64', ['_SEGMENT_HEAP']]]],
+    'Lookasides' : [ 0x40, ['array', 2, ['_RTL_DYNAMIC_LOOKASIDE']]],
+} ],
+  '_HMAP_ENTRY' : [ 0x18, {
+    'BlockOffset' : [ 0x0, ['unsigned long long']],
+    'PermanentBinAddress' : [ 0x8, ['unsigned long long']],
+    'MemAlloc' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_309e' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer64', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x1c8, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer64', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x38, ['pointer64', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x40, ['pointer64', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x48, ['unsigned long long']],
+    'SleepTime' : [ 0x50, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x58, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x68, ['array', 3, ['__unnamed_309e']]],
+    'WakeAlarmPaused' : [ 0xb0, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb8, ['unsigned long long']],
+    'DozeDeferralStartTime' : [ 0xc0, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc8, ['SYSTEM_POWER_CAPABILITIES']],
+    'WatchdogLock' : [ 0x118, ['unsigned long long']],
+    'WatchdogDpc' : [ 0x120, ['_KDPC']],
+    'WatchdogTimer' : [ 0x160, ['_KTIMER']],
+    'WatchdogInitialized' : [ 0x1a0, ['unsigned char']],
+    'WatchdogState' : [ 0x1a4, ['Enumeration', dict(target = 'long', choices = {0: u'PopPowerActionWatchdogStateDisabled', 1: u'PopPowerActionWatchdogStateTransitioning', 2: u'PopPowerActionWatchdogStateResuming', 3: u'PopPowerActionWatchdogStateMax'})]],
+    'WatchdogStartTime' : [ 0x1a8, ['unsigned long long']],
+    'ActionWorkerThread' : [ 0x1b0, ['pointer64', ['_KTHREAD']]],
+    'PromoteActionWorkerThread' : [ 0x1b8, ['pointer64', ['_KTHREAD']]],
+    'UnlockAfterSleepWorkerThread' : [ 0x1c0, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x20, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Stamp' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_RELATION_LIST' : [ 0x10, {
+    'DeviceObjectList' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x8, ['unsigned char']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_ISR_THUNK' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0xb0, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadPriorityStatic' : [ 0x18, ['unsigned char']],
+    'AdaptiveZeroingEnabled' : [ 0x19, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x1c, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'NodeCount' : [ 0x40, ['long']],
+    'LargeBootZeroingComplete' : [ 0x48, ['_KGATE']],
+    'WriteCalibration' : [ 0x60, ['_MI_WRITE_CALIBRATION']],
+    'IpiCalibrationFailed' : [ 0x80, ['unsigned char']],
+    'ActiveProcessorsForIpiCalibration' : [ 0x84, ['long']],
+    'NodesReadyForIpiCalibration' : [ 0x88, ['long']],
+    'ReleaseNodeZeroingThreads' : [ 0x90, ['_KEVENT']],
+    'ThreadContext' : [ 0xa8, ['pointer64', ['_MI_ZERO_THREAD_CONTEXT']]],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long long']],
+    'StackLimit' : [ 0x8, ['unsigned long long']],
+    'KernelStack' : [ 0x10, ['unsigned long long']],
+    'InitialStack' : [ 0x18, ['unsigned long long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x50, {
+    'ComponentActive' : [ 0x0, ['pointer64', ['void']]],
+    'ComponentIdle' : [ 0x8, ['pointer64', ['void']]],
+    'ComponentIdleState' : [ 0x10, ['pointer64', ['void']]],
+    'DevicePowerRequired' : [ 0x18, ['pointer64', ['void']]],
+    'DevicePowerNotRequired' : [ 0x20, ['pointer64', ['void']]],
+    'PowerControl' : [ 0x28, ['pointer64', ['void']]],
+    'ComponentCriticalTransition' : [ 0x30, ['pointer64', ['void']]],
+    'DripsWatchdogCallback' : [ 0x38, ['pointer64', ['void']]],
+    'DirectedPowerUpCallback' : [ 0x40, ['pointer64', ['void']]],
+    'DirectedPowerDownCallback' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x68, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x10, ['pointer64', ['void']]],
+    'ActiveCount' : [ 0x18, ['short']],
+    'Flag' : [ 0x1a, ['unsigned short']],
+    'SharedWaiters' : [ 0x20, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x28, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x40, ['unsigned long']],
+    'ContentionCount' : [ 0x44, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x48, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x4c, ['unsigned long']],
+    'ReservedWin64OnlyPointer' : [ 0x50, ['pointer64', ['void']]],
+    'Address' : [ 0x58, ['pointer64', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x58, ['unsigned long long']],
+    'SpinLock' : [ 0x60, ['unsigned long long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x8, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WAITING_IRP' : [ 0x40, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'CompletionRoutine' : [ 0x18, ['pointer64', ['void']]],
+    'Context' : [ 0x20, ['pointer64', ['void']]],
+    'Event' : [ 0x28, ['pointer64', ['_KEVENT']]],
+    'Information' : [ 0x30, ['unsigned long']],
+    'BreakAllRH' : [ 0x34, ['unsigned char']],
+    'OplockBreakNotify' : [ 0x35, ['unsigned char']],
+    'FileObject' : [ 0x38, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_MI_DYNAMIC_BITMAP' : [ 0x48, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP_EX']],
+    'MaximumSize' : [ 0x10, ['unsigned long long']],
+    'Hint' : [ 0x18, ['unsigned long long']],
+    'BaseVa' : [ 0x20, ['pointer64', ['void']]],
+    'SizeTopDown' : [ 0x28, ['unsigned long long']],
+    'HintTopDown' : [ 0x30, ['unsigned long long']],
+    'BaseVaTopDown' : [ 0x38, ['pointer64', ['void']]],
+    'SpinLock' : [ 0x40, ['unsigned long long']],
+} ],
+  '_UNEXPECTED_INTERRUPT' : [ 0x8, {
+    'PushImm' : [ 0x0, ['unsigned char']],
+    'Vector' : [ 0x1, ['unsigned char']],
+    'PushRbp' : [ 0x2, ['unsigned char']],
+    'JmpOp' : [ 0x3, ['unsigned char']],
+    'JmpOffset' : [ 0x4, ['long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler1' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 28, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0x18, {
+    'NextPage' : [ 0x0, ['pointer64', ['_SLIST_ENTRY']]],
+    'VerifierEntry' : [ 0x8, ['pointer64', ['void']]],
+    'Signature' : [ 0x10, ['unsigned long long']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_PROC_FEEDBACK' : [ 0x90, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer64', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x28, ['unsigned long long']],
+    'UnscaledTime' : [ 0x30, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x38, ['long long']],
+    'ScaledTime' : [ 0x40, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x50, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x58, ['unsigned long long']],
+    'UserTimeLast' : [ 0x60, ['unsigned long']],
+    'KernelTimeLast' : [ 0x64, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x68, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x70, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x78, ['unsigned long long']],
+    'StallTime' : [ 0x80, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x88, ['unsigned char']],
+    'CounterDiscardsIdleTime' : [ 0x89, ['unsigned char']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x30, {
+    'InstantaneousRead' : [ 0x0, ['pointer64', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer64', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'DiscardIdleTime' : [ 0x22, ['unsigned char']],
+    'Scaling' : [ 0x23, ['unsigned char']],
+    'Context' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x8, ['pointer64', ['_MMPTE']]],
+    'BitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'Hint' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_PEB64' : [ 0x7c8, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Padding0' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'Mutant' : [ 0x8, ['unsigned long long']],
+    'ImageBaseAddress' : [ 0x10, ['unsigned long long']],
+    'Ldr' : [ 0x18, ['unsigned long long']],
+    'ProcessParameters' : [ 0x20, ['unsigned long long']],
+    'SubSystemData' : [ 0x28, ['unsigned long long']],
+    'ProcessHeap' : [ 0x30, ['unsigned long long']],
+    'FastPebLock' : [ 0x38, ['unsigned long long']],
+    'AtlThunkSListPtr' : [ 0x40, ['unsigned long long']],
+    'IFEOKey' : [ 0x48, ['unsigned long long']],
+    'CrossProcessFlags' : [ 0x50, ['unsigned long']],
+    'ProcessInJob' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x50, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x50, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x50, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x50, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x50, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x50, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'Padding1' : [ 0x54, ['array', 4, ['unsigned char']]],
+    'KernelCallbackTable' : [ 0x58, ['unsigned long long']],
+    'UserSharedInfoPtr' : [ 0x58, ['unsigned long long']],
+    'SystemReserved' : [ 0x60, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x64, ['unsigned long']],
+    'ApiSetMap' : [ 0x68, ['unsigned long long']],
+    'TlsExpansionCounter' : [ 0x70, ['unsigned long']],
+    'Padding2' : [ 0x74, ['array', 4, ['unsigned char']]],
+    'TlsBitmap' : [ 0x78, ['unsigned long long']],
+    'TlsBitmapBits' : [ 0x80, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x88, ['unsigned long long']],
+    'SharedData' : [ 0x90, ['unsigned long long']],
+    'ReadOnlyStaticServerData' : [ 0x98, ['unsigned long long']],
+    'AnsiCodePageData' : [ 0xa0, ['unsigned long long']],
+    'OemCodePageData' : [ 0xa8, ['unsigned long long']],
+    'UnicodeCaseTableData' : [ 0xb0, ['unsigned long long']],
+    'NumberOfProcessors' : [ 0xb8, ['unsigned long']],
+    'NtGlobalFlag' : [ 0xbc, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0xc8, ['unsigned long long']],
+    'HeapSegmentCommit' : [ 0xd0, ['unsigned long long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0xd8, ['unsigned long long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0xe0, ['unsigned long long']],
+    'NumberOfHeaps' : [ 0xe8, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0xec, ['unsigned long']],
+    'ProcessHeaps' : [ 0xf0, ['unsigned long long']],
+    'GdiSharedHandleTable' : [ 0xf8, ['unsigned long long']],
+    'ProcessStarterHelper' : [ 0x100, ['unsigned long long']],
+    'GdiDCAttributeList' : [ 0x108, ['unsigned long']],
+    'Padding3' : [ 0x10c, ['array', 4, ['unsigned char']]],
+    'LoaderLock' : [ 0x110, ['unsigned long long']],
+    'OSMajorVersion' : [ 0x118, ['unsigned long']],
+    'OSMinorVersion' : [ 0x11c, ['unsigned long']],
+    'OSBuildNumber' : [ 0x120, ['unsigned short']],
+    'OSCSDVersion' : [ 0x122, ['unsigned short']],
+    'OSPlatformId' : [ 0x124, ['unsigned long']],
+    'ImageSubsystem' : [ 0x128, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0x12c, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0x130, ['unsigned long']],
+    'Padding4' : [ 0x134, ['array', 4, ['unsigned char']]],
+    'ActiveProcessAffinityMask' : [ 0x138, ['unsigned long long']],
+    'GdiHandleBuffer' : [ 0x140, ['array', 60, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x230, ['unsigned long long']],
+    'TlsExpansionBitmap' : [ 0x238, ['unsigned long long']],
+    'TlsExpansionBitmapBits' : [ 0x240, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x2c0, ['unsigned long']],
+    'Padding5' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'AppCompatFlags' : [ 0x2c8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x2d0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x2d8, ['unsigned long long']],
+    'AppCompatInfo' : [ 0x2e0, ['unsigned long long']],
+    'CSDVersion' : [ 0x2e8, ['_STRING64']],
+    'ActivationContextData' : [ 0x2f8, ['unsigned long long']],
+    'ProcessAssemblyStorageMap' : [ 0x300, ['unsigned long long']],
+    'SystemDefaultActivationContextData' : [ 0x308, ['unsigned long long']],
+    'SystemAssemblyStorageMap' : [ 0x310, ['unsigned long long']],
+    'MinimumStackCommit' : [ 0x318, ['unsigned long long']],
+    'SparePointers' : [ 0x320, ['array', 4, ['unsigned long long']]],
+    'SpareUlongs' : [ 0x340, ['array', 5, ['unsigned long']]],
+    'WerRegistrationData' : [ 0x358, ['unsigned long long']],
+    'WerShipAssertPtr' : [ 0x360, ['unsigned long long']],
+    'pUnused' : [ 0x368, ['unsigned long long']],
+    'pImageHeaderHash' : [ 0x370, ['unsigned long long']],
+    'TracingFlags' : [ 0x378, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x378, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x378, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Padding6' : [ 0x37c, ['array', 4, ['unsigned char']]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x380, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x388, ['unsigned long long']],
+    'TppWorkerpList' : [ 0x390, ['LIST_ENTRY64']],
+    'WaitOnAddressHashTable' : [ 0x3a0, ['array', 128, ['unsigned long long']]],
+    'TelemetryCoverageHeader' : [ 0x7a0, ['unsigned long long']],
+    'CloudFileFlags' : [ 0x7a8, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x7ac, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x7b0, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x7b1, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x7b8, ['unsigned long long']],
+    'LeapSecondFlags' : [ 0x7c0, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x7c0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x7c0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x7c4, ['unsigned long']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessObject' : [ 0x18, ['pointer64', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x20, ['pointer64', ['void']]],
+    'RealtimeConnectContext' : [ 0x28, ['pointer64', ['void']]],
+    'DisconnectEvent' : [ 0x30, ['pointer64', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x38, ['pointer64', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x40, ['pointer64', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x48, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x50, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x54, ['unsigned long']],
+    'LoggerId' : [ 0x58, ['unsigned short']],
+    'Flags' : [ 0x5a, ['unsigned char']],
+    'ShutDownRequested' : [ 0x5a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x5a, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x5a, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x5a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Wow' : [ 0x5a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x60, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x70, ['pointer64', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x78, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x7c, ['unsigned long']],
+    'UserPagesReused' : [ 0x80, ['unsigned long']],
+    'EventsLostCount' : [ 0x88, ['pointer64', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x90, ['pointer64', ['unsigned long']]],
+    'SiloState' : [ 0x98, ['pointer64', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x1c8, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x30, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x50, ['unsigned long']],
+    'ClonedPageCount' : [ 0x58, ['unsigned long long']],
+    'CurrentMap' : [ 0x60, ['pointer64', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x68, ['pointer64', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x70, ['unsigned long long']],
+    'LoaderMdl' : [ 0x78, ['pointer64', ['_MDL']]],
+    'AllocatedMdl' : [ 0x80, ['pointer64', ['_MDL']]],
+    'PagesOut' : [ 0x88, ['unsigned long long']],
+    'IoPages' : [ 0x90, ['pointer64', ['void']]],
+    'IoPagesCount' : [ 0x98, ['unsigned long']],
+    'CurrentMcb' : [ 0xa0, ['pointer64', ['void']]],
+    'DumpStack' : [ 0xa8, ['pointer64', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0xb0, ['pointer64', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0xb8, ['unsigned long']],
+    'Status' : [ 0xbc, ['long']],
+    'GraphicsProc' : [ 0xc0, ['unsigned long']],
+    'MemoryImage' : [ 0xc8, ['pointer64', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0xd0, ['pointer64', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0xd8, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0xe0, ['pointer64', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0xe8, ['pointer64', ['void']]],
+    'ResumeContext' : [ 0xf0, ['pointer64', ['void']]],
+    'ResumeContextPages' : [ 0xf8, ['unsigned long']],
+    'SecurePages' : [ 0xfc, ['unsigned long']],
+    'ProcessorCount' : [ 0x100, ['unsigned long']],
+    'ProcessorContext' : [ 0x108, ['pointer64', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0x110, ['pointer64', ['unsigned char']]],
+    'ProdConsSize' : [ 0x118, ['unsigned long']],
+    'MaxDataPages' : [ 0x11c, ['unsigned long']],
+    'ExtraBuffer' : [ 0x120, ['pointer64', ['void']]],
+    'ExtraBufferSize' : [ 0x128, ['unsigned long long']],
+    'ExtraMapVa' : [ 0x130, ['pointer64', ['void']]],
+    'BitlockerKeyPFN' : [ 0x138, ['unsigned long long']],
+    'IoInfo' : [ 0x140, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x1b0, ['pointer64', ['wchar']]],
+    'IoChecksumsSize' : [ 0x1b8, ['unsigned long long']],
+    'HardwareConfigurationSignature' : [ 0x1c0, ['unsigned long']],
+    'IumEnabled' : [ 0x1c4, ['unsigned char']],
+    'SecureBoot' : [ 0x1c5, ['unsigned char']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x8, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_MI_HUGE_SYSTEM_VIEW_HEAD' : [ 0x10, {
+    'ViewRoot' : [ 0x0, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['long']],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_3124' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0xd0, {
+    'Parent' : [ 0x0, ['pointer64', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x8, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0x18, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x28, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'Root' : [ 0x38, ['pointer64', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x40, ['pointer64', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x48, ['__unnamed_3124']],
+    'ChildrenCount' : [ 0x4c, ['long']],
+    'StackTrace' : [ 0x50, ['array', 8, ['pointer64', ['void']]]],
+    'ParentStackTrace' : [ 0x90, ['array', 8, ['pointer64', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x10, {
+    'p' : [ 0x0, ['pointer64', ['void']]],
+    'RangeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x40, {
+    'PeakCommitment' : [ 0x0, ['unsigned long long']],
+    'TotalCommitLimitMaximum' : [ 0x8, ['unsigned long long']],
+    'Popups' : [ 0x10, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x18, ['unsigned long long']],
+    'HighCommitThreshold' : [ 0x20, ['unsigned long long']],
+    'EventLock' : [ 0x28, ['unsigned long long']],
+    'SystemCommitReserve' : [ 0x30, ['unsigned long long']],
+    'OverCommit' : [ 0x38, ['unsigned long long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x58, {
+    'Sibling' : [ 0x0, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x8, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x10, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0x18, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x28, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x38, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x48, ['pointer64', ['_IRP']]],
+    'FxDevice' : [ 0x50, ['pointer64', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x28, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'CallerType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x10, ['unsigned long long']],
+    'ProcessId' : [ 0x18, ['unsigned long']],
+    'ServiceTag' : [ 0x1c, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x10, ['unsigned long long']],
+    'DevicePathOffset' : [ 0x18, ['unsigned long long']],
+    'ReasonOffset' : [ 0x20, ['unsigned long long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x40, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x30, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x48, {
+    'InitiatingThread' : [ 0x0, ['pointer64', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ThreadId' : [ 0x10, ['pointer64', ['void']]],
+    'ProcessId' : [ 0x18, ['pointer64', ['void']]],
+    'Code' : [ 0x20, ['unsigned long']],
+    'Parameter1' : [ 0x28, ['unsigned long long']],
+    'Parameter2' : [ 0x30, ['unsigned long long']],
+    'Parameter3' : [ 0x38, ['unsigned long long']],
+    'Parameter4' : [ 0x40, ['unsigned long long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x40, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x8, ['pointer64', ['void']]],
+    'ProbeMode' : [ 0x10, ['unsigned char']],
+    'PagedPoolCharge' : [ 0x14, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x18, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x1c, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x20, ['pointer64', ['void']]],
+    'SecurityQos' : [ 0x28, ['pointer64', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x8, ['pointer64', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x8180, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x18, ['unsigned long long']],
+    'ResourceAddressRange' : [ 0x20, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x4010, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x4018, ['unsigned long long']],
+    'ThreadAddressRange' : [ 0x4020, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x8010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x8014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x8018, ['unsigned long']],
+    'NodesSearched' : [ 0x801c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x8020, ['unsigned long']],
+    'SequenceNumber' : [ 0x8024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x8028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x802c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x8030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x8034, ['unsigned long']],
+    'StackLimitHits' : [ 0x8038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x803c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x8040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x8044, ['unsigned long']],
+    'TotalReleases' : [ 0x8048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x804c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x8050, ['unsigned long']],
+    'Instigator' : [ 0x8058, ['pointer64', ['void']]],
+    'NumberOfParticipants' : [ 0x8060, ['unsigned long']],
+    'Participant' : [ 0x8068, ['array', 32, ['pointer64', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x8168, ['long']],
+    'StackType' : [ 0x816c, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'DebuggerStackLimits', 8: u'NmiStackLimits', 9: u'MachineCheckStackLimits', 10: u'ExceptionStackLimits', 11: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x8170, ['unsigned long long']],
+    'StackHighLimit' : [ 0x8178, ['unsigned long long']],
+} ],
+  '_KTIMER' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x18, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x20, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x30, ['pointer64', ['_KDPC']]],
+    'Processor' : [ 0x38, ['unsigned short']],
+    'TimerType' : [ 0x3a, ['unsigned short']],
+    'Period' : [ 0x3c, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x8, {
+    'PageHashes' : [ 0x0, ['pointer64', ['void']]],
+    'Value' : [ 0x0, ['unsigned long long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x60, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x10, ['unsigned long']],
+    'Alternatives' : [ 0x18, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x20, ['pointer64', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'WorkSpace' : [ 0x30, ['long long']],
+    'InterfaceType' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x3c, ['unsigned long']],
+    'BusNumber' : [ 0x40, ['unsigned long']],
+    'Assignment' : [ 0x48, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x50, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0xb0, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x8, ['long']],
+    'PrefetchSeekThreshold' : [ 0xc, ['long']],
+    'InPageSinglePages' : [ 0x10, ['unsigned long']],
+    'InPageSupportSListHead' : [ 0x20, ['array', 2, ['_SLIST_HEADER']]],
+    'ReservedInPageSupportSListHead' : [ 0x40, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x60, ['array', 2, ['unsigned char']]],
+    'FirstReservedInPageBlock' : [ 0x68, ['array', 2, ['pointer64', ['_MMINPAGE_SUPPORT']]]],
+    'LastReservedInPageBlock' : [ 0x78, ['array', 2, ['pointer64', ['_MMINPAGE_SUPPORT']]]],
+    'ReservedPtes' : [ 0x88, ['pointer64', ['_MMPTE']]],
+    'ReservedPtesLock' : [ 0x90, ['unsigned long long']],
+    'ReservedPtesBitBuffer' : [ 0x98, ['unsigned long']],
+    'DelayPageFaults' : [ 0x9c, ['long']],
+    'FileCompressionBoundary' : [ 0xa0, ['unsigned long']],
+    'MdlsAdjusted' : [ 0xa4, ['unsigned char']],
+} ],
+  '__unnamed_3166' : [ 0x4, {
+    'EntryBecameEmpty' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'AllFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_SLAB_ALLOCATOR_CONTEXT' : [ 0x78, {
+    'AllocationsTree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x10, ['long']],
+    'SlabEntryHint' : [ 0x18, ['pointer64', ['_MI_SLAB_ALLOCATOR_ENTRY']]],
+    'FreePageCount' : [ 0x20, ['unsigned long long']],
+    'SlabEntryCount' : [ 0x28, ['unsigned long long']],
+    'Type' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'MiSlabAllocatorTypeSlatProtected', 1: u'MiSlabAllocatorTypeUnprotected', 2: u'MiSlabAllocatorTypeMax'})]],
+    'Protection' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'MiSlabAllocatorProtectionReadExecute', 1: u'MiSlabAllocatorProtectionReadOnly', 2: u'MiSlabAllocatorProtectionNoAccess', 3: u'MiSlabAllocatorProtectionReadWrite', 4: u'MiSlabAllocatorProtectionMax'})]],
+    'Flags' : [ 0x38, ['__unnamed_3166']],
+    'StandbyList' : [ 0x40, ['_MMPFNLIST']],
+    'LastReplenishTime' : [ 0x68, ['unsigned long long']],
+    'LastFailureTime' : [ 0x70, ['unsigned long long']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x90, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long long']],
+    'PfnDecayFreeSList' : [ 0x10, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x20, ['pointer64', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x28, ['_KDPC']],
+    'PageHeatListSlist' : [ 0x70, ['_SLIST_HEADER']],
+    'PageHeatListDisableAllocation' : [ 0x80, ['long']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x8, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x150, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x108, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x148, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x8, ['pointer64', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x10, ['pointer64', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0x18, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x20, ['pointer64', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '__unnamed_3180' : [ 0x10, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0x108, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x10, ['__unnamed_3180']],
+    'Irp' : [ 0x20, ['pointer64', ['_IRP']]],
+    'u1' : [ 0x28, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x2c, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x30, ['_KAPC']],
+    'ByteCount' : [ 0x88, ['unsigned long']],
+    'ChargedPages' : [ 0x8c, ['unsigned long']],
+    'PagingFile' : [ 0x90, ['pointer64', ['_MMPAGING_FILE']]],
+    'File' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0xa0, ['pointer64', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0xa8, ['pointer64', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0xb0, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0xb8, ['_LARGE_INTEGER']],
+    'Partition' : [ 0xc0, ['pointer64', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0xc8, ['pointer64', ['_MDL']]],
+    'Mdl' : [ 0xd0, ['_MDL']],
+    'Page' : [ 0x100, ['array', 1, ['unsigned long long']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x38, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long long']]],
+    'InitialInPageSupport' : [ 0x8, ['pointer64', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x10, ['pointer64', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x20, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'CommonPageCombineDomain' : [ 0x10, ['unsigned long long']],
+    'CommonCombineDomainAssigned' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x28, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer64', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0x18, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0x18, ['_RTL_BITMAP']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0xa0, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+    'Type' : [ 0x18, ['unsigned long']],
+    'StackTrace' : [ 0x20, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_PTE_TRACKER' : [ 0x80, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x10, ['pointer64', ['_MDL']]],
+    'Count' : [ 0x18, ['unsigned long long']],
+    'SystemVa' : [ 0x20, ['pointer64', ['void']]],
+    'StartVa' : [ 0x28, ['pointer64', ['void']]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+    'Page' : [ 0x38, ['unsigned long long']],
+    'IoMapping' : [ 0x40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x40, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x40, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x40, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x48, ['array', 7, ['pointer64', ['void']]]],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x28, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Next' : [ 0x20, ['pointer64', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_POP_FX_WORK_POOL' : [ 0x130, {
+    'Plugin' : [ 0x0, ['pointer64', ['_POP_FX_PLUGIN']]],
+    'EmergencyWorkQueueLock' : [ 0x8, ['unsigned long long']],
+    'EmergencyWorkQueue' : [ 0x10, ['_LIST_ENTRY']],
+    'WorkPoolQueues' : [ 0x20, ['array', 2, ['_KSEMAPHORE']]],
+    'WorkItemStatus' : [ 0x60, ['long']],
+    'WorkItems' : [ 0x68, ['array', 4, ['_POP_FX_WORK_POOL_ITEM']]],
+    'EmergencyWorkerThread' : [ 0x108, ['pointer64', ['_KTHREAD']]],
+    'DynamicWorkerThreads' : [ 0x110, ['array', 4, ['pointer64', ['_KTHREAD']]]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0x18, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x110, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x10, ['array', 32, ['unsigned long long']]],
+} ],
+  '_PROC_PERF_CHECK_CONTEXT' : [ 0x40, {
+    'Domain' : [ 0x0, ['pointer64', ['_PROC_PERF_DOMAIN']]],
+    'Constraint' : [ 0x8, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'PerfCheck' : [ 0x10, ['pointer64', ['_PROC_PERF_CHECK']]],
+    'Load' : [ 0x18, ['pointer64', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x20, ['pointer64', ['_PROC_PERF_HISTORY']]],
+    'Utility' : [ 0x28, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x2c, ['unsigned long']],
+    'MediaUtility' : [ 0x30, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x34, ['unsigned short']],
+    'AveragePerformancePercent' : [ 0x36, ['unsigned short']],
+    'RelativePerformance' : [ 0x38, ['unsigned long']],
+    'NtProcessor' : [ 0x3c, ['unsigned char']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x38, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x20, ['long']],
+    'Context' : [ 0x28, ['pointer64', ['void']]],
+    'WatchdogTimerInfo' : [ 0x30, ['pointer64', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x18, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned short']],
+    'Flags' : [ 0x16, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x28, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ActiveZeroSpinLock' : [ 0x10, ['long']],
+    'ActiveZeroThreadTree' : [ 0x18, ['_RTL_AVL_TREE']],
+    'NumberOfLargePageListHeads' : [ 0x20, ['unsigned long']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x30, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x20, ['unsigned long']],
+    'ModuleSize' : [ 0x24, ['unsigned long']],
+    'Offset' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_31c6' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_31c8' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_31c6']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_31c8']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x408, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'HashTable' : [ 0x8, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x10, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x10, ['unsigned long']],
+    'LowboxMap' : [ 0x18, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x70, {
+    'DumpMdl' : [ 0x0, ['pointer64', ['_MDL']]],
+    'IoStatus' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x10, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x18, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x20, ['unsigned long long']],
+    'RequestSize' : [ 0x28, ['unsigned long long']],
+    'IoLocation' : [ 0x30, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x38, ['unsigned long long']],
+    'Buffer' : [ 0x40, ['pointer64', ['void']]],
+    'AsyncCapable' : [ 0x48, ['unsigned char']],
+    'BytesToRead' : [ 0x50, ['unsigned long long']],
+    'Pages' : [ 0x58, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x60, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x68, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x58, {
+    'SidHash' : [ 0x0, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x8, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x10, ['pointer64', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'TokenType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x28, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'AppContainerNumber' : [ 0x30, ['unsigned long']],
+    'PackageSid' : [ 0x38, ['pointer64', ['void']]],
+    'CapabilitiesHash' : [ 0x40, ['pointer64', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x48, ['pointer64', ['void']]],
+    'SecurityAttributes' : [ 0x50, ['pointer64', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x8, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 36, native_type='unsigned long long')]],
+    'NodeBlinkHigh' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 56, native_type='unsigned long long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 60, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 62, native_type='unsigned long long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'EntireField' : [ 0x0, ['unsigned long long']],
+    'Lock' : [ 0x0, ['long long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 62, native_type='unsigned long long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x28, {
+    'SourceProcess' : [ 0x0, ['pointer64', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x8, ['pointer64', ['void']]],
+    'Object' : [ 0x10, ['pointer64', ['void']]],
+    'TargetAccess' : [ 0x18, ['unsigned long']],
+    'ObjectInfo' : [ 0x1c, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x24, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x18, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0x10, ['pointer64', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x28, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x10, ['pointer64', ['void']]],
+    'Key' : [ 0x18, ['unsigned long long']],
+    'BindingProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+} ],
+  '_IMAGE_OPTIONAL_HEADER64' : [ 0xf0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long long']],
+    'SizeOfStackCommit' : [ 0x50, ['unsigned long long']],
+    'SizeOfHeapReserve' : [ 0x58, ['unsigned long long']],
+    'SizeOfHeapCommit' : [ 0x60, ['unsigned long long']],
+    'LoaderFlags' : [ 0x68, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x6c, ['unsigned long']],
+    'DataDirectory' : [ 0x70, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_DMA_IOMMU_INTERFACE' : [ 0x70, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'CreateDomain' : [ 0x8, ['pointer64', ['void']]],
+    'DeleteDomain' : [ 0x10, ['pointer64', ['void']]],
+    'AttachDevice' : [ 0x18, ['pointer64', ['void']]],
+    'DetachDevice' : [ 0x20, ['pointer64', ['void']]],
+    'FlushDomain' : [ 0x28, ['pointer64', ['void']]],
+    'FlushDomainByVaList' : [ 0x30, ['pointer64', ['void']]],
+    'QueryInputMappings' : [ 0x38, ['pointer64', ['void']]],
+    'MapLogicalRange' : [ 0x40, ['pointer64', ['void']]],
+    'UnmapLogicalRange' : [ 0x48, ['pointer64', ['void']]],
+    'MapIdentityRange' : [ 0x50, ['pointer64', ['void']]],
+    'UnmapIdentityRange' : [ 0x58, ['pointer64', ['void']]],
+    'SetDeviceFaultReporting' : [ 0x60, ['pointer64', ['void']]],
+    'ConfigureDomain' : [ 0x68, ['pointer64', ['void']]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x18, {
+    'Va' : [ 0x0, ['unsigned long long']],
+    'Key' : [ 0x8, ['unsigned long']],
+    'Pattern' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0x10, ['unsigned long long']],
+} ],
+  '_HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS' : [ 0x10, {
+    'SmallPagesInUseWithinLarge' : [ 0x0, ['unsigned long long']],
+    'OpportunisticLargePageCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_3230' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_3230']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x2c, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 3, ['unsigned long']]],
+    'HistoryList' : [ 0x20, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x8, ['array', 1, ['pointer64', ['_DEVICE_OBJECT']]]],
+} ],
+  '__unnamed_323d' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_3240' : [ 0x8, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer64', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x88, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x40, ['__unnamed_323d']],
+    'Subsection' : [ 0x48, ['pointer64', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x50, ['pointer64', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x58, ['pointer64', ['_MMPTE']]],
+    'ViewLinks' : [ 0x60, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x70, ['pointer64', ['_EPROCESS']]],
+    'u4' : [ 0x78, ['__unnamed_3240']],
+    'FileObject' : [ 0x80, ['pointer64', ['_FILE_OBJECT']]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_CMSI_PROCESS_TUPLE' : [ 0x10, {
+    'ProcessHandle' : [ 0x0, ['pointer64', ['void']]],
+    'ProcessReference' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_HEAP_FAILURE_INFORMATION' : [ 0x6d0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'StructureSize' : [ 0x4, ['unsigned long']],
+    'FailureType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'heap_failure_internal', 1: u'heap_failure_unknown', 2: u'heap_failure_generic', 3: u'heap_failure_entry_corruption', 4: u'heap_failure_multiple_entries_corruption', 5: u'heap_failure_virtual_block_corruption', 6: u'heap_failure_buffer_overrun', 7: u'heap_failure_buffer_underrun', 8: u'heap_failure_block_not_busy', 9: u'heap_failure_invalid_argument', 10: u'heap_failure_invalid_allocation_type', 11: u'heap_failure_usage_after_free', 12: u'heap_failure_cross_heap_operation', 13: u'heap_failure_freelists_corruption', 14: u'heap_failure_listentry_corruption', 15: u'heap_failure_lfh_bitmap_mismatch', 16: u'heap_failure_segment_lfh_bitmap_corruption', 17: u'heap_failure_segment_lfh_double_free', 18: u'heap_failure_vs_subsegment_corruption', 19: u'heap_failure_null_heap', 20: u'heap_failure_allocation_limit', 21: u'heap_failure_commit_limit', 22: u'heap_failure_invalid_va_mgr_query'})]],
+    'HeapAddress' : [ 0x10, ['pointer64', ['void']]],
+    'Address' : [ 0x18, ['pointer64', ['void']]],
+    'Param1' : [ 0x20, ['pointer64', ['void']]],
+    'Param2' : [ 0x28, ['pointer64', ['void']]],
+    'Param3' : [ 0x30, ['pointer64', ['void']]],
+    'PreviousBlock' : [ 0x38, ['pointer64', ['void']]],
+    'NextBlock' : [ 0x40, ['pointer64', ['void']]],
+    'ExpectedDecodedEntry' : [ 0x48, ['_FAKE_HEAP_ENTRY']],
+    'StackTrace' : [ 0x58, ['array', 32, ['pointer64', ['void']]]],
+    'HeapMajorVersion' : [ 0x158, ['unsigned char']],
+    'HeapMinorVersion' : [ 0x159, ['unsigned char']],
+    'ExceptionRecord' : [ 0x160, ['_EXCEPTION_RECORD']],
+    'ContextRecord' : [ 0x200, ['_CONTEXT']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_UMS_CONTROL_BLOCK' : [ 0x88, {
+    'UmsContext' : [ 0x0, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'CompletionListEntry' : [ 0x8, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+    'CompletionListEvent' : [ 0x10, ['pointer64', ['_KEVENT']]],
+    'ServiceSequenceNumber' : [ 0x18, ['unsigned long']],
+    'UmsQueue' : [ 0x20, ['_KQUEUE']],
+    'QueueEntry' : [ 0x60, ['_LIST_ENTRY']],
+    'YieldingUmsContext' : [ 0x70, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'YieldingParam' : [ 0x78, ['pointer64', ['void']]],
+    'UmsTeb' : [ 0x80, ['pointer64', ['void']]],
+    'UmsAssociatedQueue' : [ 0x20, ['pointer64', ['_KQUEUE']]],
+    'UmsQueueListEntry' : [ 0x28, ['pointer64', ['_LIST_ENTRY']]],
+    'UmsWaitEvent' : [ 0x30, ['_KEVENT']],
+    'StagingArea' : [ 0x48, ['pointer64', ['void']]],
+    'UmsPrimaryDeliveredContext' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UmsAssociatedQueueUsed' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'UmsThreadParked' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UmsFlags' : [ 0x50, ['unsigned long']],
+} ],
+  '_KTM' : [ 0x3c0, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x8, ['_KMUTANT']],
+    'State' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x48, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x70, ['_GUID']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'VolatileFlags' : [ 0x84, ['unsigned long']],
+    'LogFileName' : [ 0x88, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x98, ['pointer64', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0xa0, ['pointer64', ['void']]],
+    'LogManagementContext' : [ 0xa8, ['pointer64', ['void']]],
+    'Transactions' : [ 0xb0, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0x158, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x200, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x238, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x248, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x250, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x288, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x290, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x298, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x2a0, ['pointer64', ['void']]],
+    'TmRm' : [ 0x2a8, ['pointer64', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x2b0, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x2c8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x2e8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x2f0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x310, ['_ERESOURCE']],
+    'LogFlags' : [ 0x378, ['unsigned long']],
+    'LogFullStatus' : [ 0x37c, ['long']],
+    'RecoveryStatus' : [ 0x380, ['long']],
+    'LastCheckBaseLsn' : [ 0x388, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x390, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x3a0, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x10, {
+    'CurrentIrp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'PendingIrpList' : [ 0x8, ['pointer64', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x58, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x20, ['pointer64', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x28, ['pointer64', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x30, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x30, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x30, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x38, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0x120, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x20, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x30, ['pointer64', ['void']]],
+    'EntryPoint' : [ 0x38, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x40, ['unsigned long']],
+    'FullDllName' : [ 0x48, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x58, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x68, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x68, ['unsigned long']],
+    'PackagedBinary' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x68, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x68, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x68, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x68, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x68, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x68, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x68, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x68, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x68, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x68, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x68, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x68, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x68, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x68, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x68, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x68, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x68, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x68, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x68, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ChpeImage' : [ 0x68, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x68, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x68, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x68, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x68, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x6c, ['unsigned short']],
+    'TlsIndex' : [ 0x6e, ['unsigned short']],
+    'HashLinks' : [ 0x70, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x80, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x88, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x90, ['pointer64', ['void']]],
+    'DdagNode' : [ 0x98, ['pointer64', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0xa0, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0xb0, ['pointer64', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0xb8, ['pointer64', ['void']]],
+    'SwitchBackContext' : [ 0xc0, ['pointer64', ['void']]],
+    'BaseAddressIndexNode' : [ 0xc8, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0xe0, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0xf8, ['unsigned long long']],
+    'LoadTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x108, ['unsigned long']],
+    'LoadReason' : [ 0x10c, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', 7: u'LoadReasonEnclavePrimary', 8: u'LoadReasonEnclaveDependency', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x110, ['unsigned long']],
+    'ReferenceCount' : [ 0x114, ['unsigned long']],
+    'DependentLoadFlags' : [ 0x118, ['unsigned long']],
+    'SigningLevel' : [ 0x11c, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x18, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_3274' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_3276' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_3278' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_3274']],
+    'e2' : [ 0x0, ['__unnamed_3276']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_3278']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'DueTickCount' : [ 0x18, ['unsigned long']],
+    'Inserted' : [ 0x1c, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x1d, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x1e, ['unsigned short']],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x2c0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x58, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0xb0, ['unsigned long long']],
+    'NumberOfMappedMdlsInUse' : [ 0xb8, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0xbc, ['unsigned long']],
+    'MappedFileHeader' : [ 0xc0, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0xe8, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0xe9, ['unsigned char']],
+    'ModwriterActive' : [ 0xea, ['unsigned char']],
+    'TransitionInserted' : [ 0xeb, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0xec, ['long']],
+    'LastMappedWriteError' : [ 0xf0, ['long']],
+    'MappedFileWriteSucceeded' : [ 0xf4, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0xf8, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xfc, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0x100, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0x118, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0x120, ['unsigned long long']],
+    'ModifiedPageWriterEvent' : [ 0x128, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0x140, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0x158, ['long']],
+    'WriteAllMappedPages' : [ 0x15c, ['long']],
+    'MappedPageWriterEvent' : [ 0x160, ['_KEVENT']],
+    'ModWriteData' : [ 0x178, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x1b8, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x1d0, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x1f8, ['pointer64', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x200, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x208, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x228, ['unsigned long']],
+    'ClusterRestrictionLock' : [ 0x22c, ['long']],
+    'ClusterRestrictions' : [ 0x230, ['array', 2, ['_MI_RESTRICTED_MODWRITES']]],
+    'NotifyStoreMemoryConditions' : [ 0x238, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x250, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x254, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x258, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x260, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x280, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x288, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x2a8, ['long']],
+    'WorkingSetSwapLock' : [ 0x2b0, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x2b8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer64', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x10, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x8, ['long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x68, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x20, ['pointer64', ['void']]],
+    'WhichOrderedElement' : [ 0x28, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x2c, ['unsigned long']],
+    'DepthOfTree' : [ 0x30, ['unsigned long']],
+    'RestartKey' : [ 0x38, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x40, ['unsigned long']],
+    'CompareRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AllocateRoutine' : [ 0x50, ['pointer64', ['void']]],
+    'FreeRoutine' : [ 0x58, ['pointer64', ['void']]],
+    'TableContext' : [ 0x60, ['pointer64', ['void']]],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_EXTENT_DELETION_WAIT_BLOCK' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_EXTENT_DELETION_WAIT_BLOCK']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+} ],
+  '_FAULT_INFORMATION' : [ 0x38, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'FaultInformationInvalid', 1: u'FaultInformationArm64', 2: u'FaultInformationX64'})]],
+    'IsStage1' : [ 0x4, ['unsigned char']],
+    'Arm64' : [ 0x8, ['_FAULT_INFORMATION_ARM64']],
+    'X64' : [ 0x8, ['_FAULT_INFORMATION_X64']],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x8, ['pointer64', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x10, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'Flags' : [ 0x28, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x2c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x2e, ['unsigned short']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0xe0, {
+    'Lock' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned char']],
+    'DripsRequiredState' : [ 0xc, ['unsigned long']],
+    'Level' : [ 0x10, ['long']],
+    'ActiveStamp' : [ 0x18, ['long long']],
+    'CsActiveTimeAccounting' : [ 0x20, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+    'CsCriticalActiveTimeAccounting' : [ 0x80, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_32c8' : [ 0x8, {
+    'ViewPageSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+} ],
+  '_MI_PHYSICAL_VIEW' : [ 0x30, {
+    'PhysicalNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Vad' : [ 0x18, ['pointer64', ['_MMVAD_SHORT']]],
+    'AweInfo' : [ 0x20, ['pointer64', ['_AWEINFO']]],
+    'u1' : [ 0x28, ['__unnamed_32c8']],
+} ],
+  '_DOMAIN_CONFIGURATION' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DomainConfigurationArm64', 1: u'DomainConfigurationInvalid'})]],
+    'Arm64' : [ 0x8, ['_DOMAIN_CONFIGURATION_ARM64']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0x18, ['pointer64', ['void']]],
+    'Name' : [ 0x20, ['_UNICODE_STRING']],
+    'Device' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x38, ['pointer64', ['_IRP']]],
+} ],
+  '_INVERTED_FUNCTION_TABLE_ENTRY' : [ 0x18, {
+    'FunctionTable' : [ 0x0, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'DynamicTable' : [ 0x0, ['pointer64', ['_DYNAMIC_FUNCTION_TABLE']]],
+    'ImageBase' : [ 0x8, ['pointer64', ['void']]],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'SizeOfTable' : [ 0x14, ['unsigned long']],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x50, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x40, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer64', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_POP_FX_DEVICE_DIRECTED_TRANSITION_STATE' : [ 0x10, {
+    'CompletionContext' : [ 0x0, ['pointer64', ['void']]],
+    'CompletionStatus' : [ 0x8, ['long']],
+    'DIrpPending' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DIrpCompleted' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MI_FREE_LARGE_PAGE_LIST' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x1b8, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x18, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x50, ['pointer64', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x58, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x60, ['long']],
+    'ActiveEvent' : [ 0x68, ['_KEVENT']],
+    'IdleLock' : [ 0x80, ['unsigned long long']],
+    'IdleConditionComplete' : [ 0x88, ['long']],
+    'IdleStateComplete' : [ 0x8c, ['long']],
+    'IdleStamp' : [ 0x90, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x98, ['unsigned long']],
+    'IdleStateCount' : [ 0x9c, ['unsigned long']],
+    'IdleStates' : [ 0xa0, ['pointer64', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0xa8, ['unsigned long']],
+    'ProviderCount' : [ 0xac, ['unsigned long']],
+    'Providers' : [ 0xb0, ['pointer64', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0xb8, ['unsigned long']],
+    'DependentCount' : [ 0xbc, ['unsigned long']],
+    'Dependents' : [ 0xc0, ['pointer64', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0xc8, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0x1a8, ['pointer64', ['_POP_FX_PERF_INFO']]],
+    'PowerProfile' : [ 0x1b0, ['pointer64', ['_POP_COMPONENT_POWER_PROFILE']]],
+} ],
+  '_DYNAMIC_FUNCTION_TABLE' : [ 0x70, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FunctionTable' : [ 0x10, ['pointer64', ['_IMAGE_RUNTIME_FUNCTION_ENTRY']]],
+    'TimeStamp' : [ 0x18, ['_LARGE_INTEGER']],
+    'MinimumAddress' : [ 0x20, ['unsigned long long']],
+    'MaximumAddress' : [ 0x28, ['unsigned long long']],
+    'BaseAddress' : [ 0x30, ['unsigned long long']],
+    'Callback' : [ 0x38, ['pointer64', ['void']]],
+    'Context' : [ 0x40, ['pointer64', ['void']]],
+    'OutOfProcessCallbackDll' : [ 0x48, ['pointer64', ['wchar']]],
+    'Type' : [ 0x50, ['Enumeration', dict(target = 'long', choices = {0: u'RF_SORTED', 1: u'RF_UNSORTED', 2: u'RF_CALLBACK', 3: u'RF_KERNEL_DYNAMIC'})]],
+    'EntryCount' : [ 0x54, ['unsigned long']],
+    'TreeNode' : [ 0x58, ['_RTL_BALANCED_NODE']],
+} ],
+  '_ISRDPCSTATS' : [ 0x60, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 7, ['unsigned char']]],
+    'DpcWatchdog' : [ 0x38, ['_ISRDPCSTATS_SEQUENCE']],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionDriverProtos' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'ImageCetShadowStacksReady' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer64', ['_XSAVE_AREA']]],
+    'Buffer' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x20, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '__unnamed_3314' : [ 0x10, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Arm' : [ 0x0, ['_ARM_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0x160, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OsLoaderSecurityVersion' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'EarlyLaunchListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'CoreDriverListHead' : [ 0x50, ['_LIST_ENTRY']],
+    'CoreExtensionsDriverListHead' : [ 0x60, ['_LIST_ENTRY']],
+    'TpmCoreDriverListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x80, ['unsigned long long']],
+    'Prcb' : [ 0x88, ['unsigned long long']],
+    'Process' : [ 0x90, ['unsigned long long']],
+    'Thread' : [ 0x98, ['unsigned long long']],
+    'KernelStackSize' : [ 0xa0, ['unsigned long']],
+    'RegistryLength' : [ 0xa4, ['unsigned long']],
+    'RegistryBase' : [ 0xa8, ['pointer64', ['void']]],
+    'ConfigurationRoot' : [ 0xb0, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0xb8, ['pointer64', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0xc0, ['pointer64', ['unsigned char']]],
+    'NtBootPathName' : [ 0xc8, ['pointer64', ['unsigned char']]],
+    'NtHalPathName' : [ 0xd0, ['pointer64', ['unsigned char']]],
+    'LoadOptions' : [ 0xd8, ['pointer64', ['unsigned char']]],
+    'NlsData' : [ 0xe0, ['pointer64', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0xe8, ['pointer64', ['_ARC_DISK_INFORMATION']]],
+    'Extension' : [ 0xf0, ['pointer64', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0xf8, ['__unnamed_3314']],
+    'FirmwareInformation' : [ 0x108, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+    'OsBootstatPathName' : [ 0x148, ['pointer64', ['unsigned char']]],
+    'ArcOSDataDeviceName' : [ 0x150, ['pointer64', ['unsigned char']]],
+    'ArcWindowsSysPartName' : [ 0x158, ['pointer64', ['unsigned char']]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x10, {
+    'Stream' : [ 0x0, ['pointer64', ['void']]],
+    'Detail' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_331c' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_331c']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x48, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x10, ['unsigned char']],
+    'Disowned' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0x12, ['unsigned char']],
+    'IsWaiting' : [ 0x13, ['unsigned char']],
+    'LockAddress' : [ 0x18, ['pointer64', ['void']]],
+    'ThreadAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SublistHead' : [ 0x28, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0xa8, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long long']],
+    'AllocatedNonPagedPool' : [ 0x8, ['unsigned long long']],
+    'AllocatedSecureNonPagedPool' : [ 0x10, ['unsigned long long']],
+    'BadPoolHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0x20, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x24, ['unsigned char']],
+    'LowPagedPoolThreshold' : [ 0x28, ['unsigned long long']],
+    'HighPagedPoolThreshold' : [ 0x30, ['unsigned long long']],
+    'PermittedFaultsLock' : [ 0x38, ['long']],
+    'PermittedFaultsTree' : [ 0x40, ['_RTL_AVL_TREE']],
+    'PermittedFaultsInitialNode' : [ 0x48, ['array', 2, ['_MI_ACCESS_VIOLATION_RANGE']]],
+    'TotalPagedPoolQuota' : [ 0x98, ['unsigned long long']],
+    'TotalNonPagedPoolQuota' : [ 0xa0, ['unsigned long long']],
+} ],
+  '_IMAGE_RUNTIME_FUNCTION_ENTRY' : [ 0xc, {
+    'BeginAddress' : [ 0x0, ['unsigned long']],
+    'EndAddress' : [ 0x4, ['unsigned long']],
+    'UnwindInfoAddress' : [ 0x8, ['unsigned long']],
+    'UnwindData' : [ 0x8, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x40, {
+    'TransferAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ZeroBits' : [ 0x8, ['unsigned long']],
+    'MaximumStackSize' : [ 0x10, ['unsigned long long']],
+    'CommittedStackSize' : [ 0x18, ['unsigned long long']],
+    'SubSystemType' : [ 0x20, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x24, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x26, ['unsigned short']],
+    'SubSystemVersion' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x28, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x2c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x2e, ['unsigned short']],
+    'Machine' : [ 0x30, ['unsigned short']],
+    'ImageContainsCode' : [ 0x32, ['unsigned char']],
+    'ImageFlags' : [ 0x33, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x33, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x33, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x33, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x33, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x33, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x33, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x33, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x34, ['unsigned long']],
+    'ImageFileSize' : [ 0x38, ['unsigned long']],
+    'CheckSum' : [ 0x3c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x30, {
+    'SpinLock' : [ 0x0, ['unsigned long long']],
+    'ConnectLock' : [ 0x8, ['_KEVENT']],
+    'LineMasked' : [ 0x20, ['unsigned char']],
+    'InterruptList' : [ 0x28, ['pointer64', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0x18, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x8, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_WNF_SCOPE_MAP_ENTRY' : [ 0x18, {
+    'MapEntryLock' : [ 0x0, ['_WNF_LOCK']],
+    'MapEntryHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x8, ['pointer64', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0x1c0, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaHintIndex' : [ 0x4, ['unsigned long']],
+    'NumaLastRangeIndexInclusive' : [ 0x8, ['unsigned long']],
+    'NodeShift' : [ 0xc, ['unsigned char']],
+    'ChannelShift' : [ 0xd, ['unsigned char']],
+    'ChannelHintIndex' : [ 0x10, ['unsigned long']],
+    'ChannelLastRangeIndexInclusive' : [ 0x14, ['unsigned long']],
+    'NodeGraph' : [ 0x18, ['pointer64', ['_MI_NODE_NUMBER_ZERO_BASED']]],
+    'SystemNodeInformation' : [ 0x20, ['pointer64', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'TemporaryNumaRanges' : [ 0x28, ['array', 2, ['_HAL_NODE_RANGE']]],
+    'NumaMemoryRanges' : [ 0x48, ['pointer64', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x50, ['pointer64', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'SecondLevelCacheSize' : [ 0x58, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x5c, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x60, ['unsigned long']],
+    'LogicalProcessorsPerCore' : [ 0x64, ['unsigned long']],
+    'ProcessorCachesFlushedOnPowerLoss' : [ 0x68, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x70, ['unsigned long long']],
+    'SecondaryColorMask' : [ 0x78, ['unsigned long']],
+    'SecondaryColors' : [ 0x7c, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x80, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x84, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x88, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x8c, ['unsigned long']],
+    'PerformanceCounterFrequency' : [ 0x90, ['_LARGE_INTEGER']],
+    'InvalidPteMask' : [ 0xc0, ['unsigned long long']],
+    'LargePageColors' : [ 0x100, ['array', 3, ['unsigned long']]],
+    'FlushTbThreshold' : [ 0x110, ['unsigned long long']],
+    'OptimalZeroingAttribute' : [ 0x118, ['array', 4, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'MiNonCached', 1: u'MiCached', 2: u'MiWriteCombined', 3: u'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0x158, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x160, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'VsmKernelPageCount' : [ 0x180, ['unsigned long long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x28, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0x18, ['unsigned char']],
+    'BlocksDrips' : [ 0x19, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x1c, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x20, ['pointer64', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_EX_PARTITION' : [ 0x20, {
+    'PartitionObject' : [ 0x0, ['pointer64', ['_EPARTITION']]],
+    'WorkQueues' : [ 0x8, ['pointer64', ['pointer64', ['pointer64', ['_EX_WORK_QUEUE']]]]],
+    'WorkQueueManagers' : [ 0x10, ['pointer64', ['pointer64', ['_EX_WORK_QUEUE_MANAGER']]]],
+    'QueueAllocationMask' : [ 0x18, ['long']],
+} ],
+  '__unnamed_3357' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_3357']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x118, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x100, ['unsigned long long']],
+    'NumberOfEntries' : [ 0x108, ['unsigned long long']],
+    'NumberOfEntriesPeak' : [ 0x110, ['unsigned long long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xc8, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x38, ['unsigned long long']],
+    'ProbeRaises' : [ 0x40, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x84, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x8c, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x90, ['unsigned long']],
+    'CheckZeroCount' : [ 0x94, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x98, ['long']],
+    'BadPagesDetected' : [ 0x9c, ['long']],
+    'ScrubPasses' : [ 0xa0, ['long']],
+    'ScrubBadPagesFound' : [ 0xa4, ['long']],
+    'UserViewFailures' : [ 0xa8, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0xac, ['unsigned long']],
+    'UserAllocateFailures' : [ 0xb0, ['unsigned long']],
+    'UserAllocateCollisionFailures' : [ 0xb4, ['unsigned long']],
+    'ResavailFailures' : [ 0xb8, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xc0, ['unsigned char']],
+    'FatalGraphicsFailures' : [ 0xc1, ['unsigned char']],
+    'InitFailure' : [ 0xc2, ['unsigned char']],
+    'StopBadMaps' : [ 0xc3, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x300, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x10, ['pointer64', ['_PROC_PERF_CHECK_CONTEXT']]],
+    'Members' : [ 0x18, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0xc0, ['unsigned long long']],
+    'ProcessorCount' : [ 0xc8, ['unsigned long']],
+    'EfficiencyClass' : [ 0xcc, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0xcd, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0xce, ['unsigned char']],
+    'Presence' : [ 0xd0, ['Enumeration', dict(target = 'long', choices = {0: u'ProcessorPresenceNt', 1: u'ProcessorPresenceHv', 2: u'ProcessorPresenceHidden'})]],
+    'Processors' : [ 0xd8, ['pointer64', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0xe0, ['pointer64', ['void']]],
+    'TimeWindowHandler' : [ 0xe8, ['pointer64', ['void']]],
+    'BoostPolicyHandler' : [ 0xf0, ['pointer64', ['void']]],
+    'BoostModeHandler' : [ 0xf8, ['pointer64', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x100, ['pointer64', ['void']]],
+    'AutonomousModeHandler' : [ 0x108, ['pointer64', ['void']]],
+    'ReinitializeHandler' : [ 0x110, ['pointer64', ['void']]],
+    'PerfSelectionHandler' : [ 0x118, ['pointer64', ['void']]],
+    'PerfControlHandler' : [ 0x120, ['pointer64', ['void']]],
+    'PerfControlHandlerHidden' : [ 0x128, ['pointer64', ['void']]],
+    'DomainPerfControlHandler' : [ 0x130, ['pointer64', ['void']]],
+    'MaxFrequency' : [ 0x138, ['unsigned long']],
+    'NominalFrequency' : [ 0x13c, ['unsigned long']],
+    'MaxPercent' : [ 0x140, ['unsigned long']],
+    'MinPerfPercent' : [ 0x144, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x148, ['unsigned long']],
+    'AdvertizedMaximumFrequency' : [ 0x14c, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x150, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x158, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x160, ['unsigned char']],
+    'Coordination' : [ 0x161, ['unsigned char']],
+    'HardPlatformCap' : [ 0x162, ['unsigned char']],
+    'AffinitizeControl' : [ 0x163, ['unsigned char']],
+    'EfficientThrottle' : [ 0x164, ['unsigned char']],
+    'AllowSchedulerDirectedPerfStates' : [ 0x165, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x166, ['unsigned char']],
+    'AutonomousMode' : [ 0x167, ['unsigned char']],
+    'ProvideGuidance' : [ 0x168, ['unsigned char']],
+    'DesiredPercent' : [ 0x16c, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x170, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x174, ['unsigned char']],
+    'QosPolicies' : [ 0x178, ['array', 5, ['_PROC_PERF_QOS_CLASS_POLICY']]],
+    'QosDisableReasons' : [ 0x204, ['array', 5, ['unsigned long']]],
+    'QosEquivalencyMasks' : [ 0x218, ['array', 5, ['unsigned short']]],
+    'QosSupported' : [ 0x222, ['unsigned char']],
+    'SelectionGeneration' : [ 0x224, ['unsigned long']],
+    'QosSelection' : [ 0x228, ['array', 5, ['_PERF_CONTROL_STATE_SELECTION']]],
+    'PerfChangeTime' : [ 0x2f0, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x2f8, ['unsigned long']],
+    'Force' : [ 0x2fc, ['unsigned char']],
+    'Update' : [ 0x2fd, ['unsigned char']],
+    'Apply' : [ 0x2fe, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0xa8, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x8, ['unsigned long long']],
+    'DummyPagePfn' : [ 0x10, ['pointer64', ['_MMPFN']]],
+    'DummyPage' : [ 0x18, ['unsigned long long']],
+    'PageOfZeroes' : [ 0x20, ['unsigned long long']],
+    'ZeroMapping' : [ 0x28, ['pointer64', ['void']]],
+    'OnesMapping' : [ 0x30, ['pointer64', ['void']]],
+    'ZeroCrc' : [ 0x38, ['unsigned long long']],
+    'OnesCrc' : [ 0x40, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x48, ['array', 4, ['unsigned long long']]],
+    'PfnGapFrames' : [ 0x68, ['array', 4, ['unsigned long long']]],
+    'PageTableOfZeroes' : [ 0x88, ['unsigned long long']],
+    'PdeOfZeroes' : [ 0x90, ['_MMPTE']],
+    'PageTableOfOnes' : [ 0x98, ['unsigned long long']],
+    'PdeOfOnes' : [ 0xa0, ['_MMPTE']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x20, {
+    'Parent' : [ 0x0, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x8, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x10, ['pointer64', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0x18, ['unsigned char']],
+    'Reserved' : [ 0x19, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x10, {
+    'Reserved' : [ 0x0, ['pointer64', ['void']]],
+    'FunctionIndex' : [ 0x8, ['unsigned short']],
+    'ContextValue' : [ 0xa, ['unsigned short']],
+    'InterceptorValue' : [ 0x8, ['unsigned long']],
+    'UnusedBytesLength' : [ 0xc, ['unsigned short']],
+    'EntryOffset' : [ 0xe, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0xf, ['unsigned char']],
+} ],
+  '_SUPPORTED_RANGES' : [ 0xc0, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Sorted' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'NoIO' : [ 0x4, ['unsigned long']],
+    'IO' : [ 0x8, ['_SUPPORTED_RANGE']],
+    'NoMemory' : [ 0x30, ['unsigned long']],
+    'Memory' : [ 0x38, ['_SUPPORTED_RANGE']],
+    'NoPrefetchMemory' : [ 0x60, ['unsigned long']],
+    'PrefetchMemory' : [ 0x68, ['_SUPPORTED_RANGE']],
+    'NoDma' : [ 0x90, ['unsigned long']],
+    'Dma' : [ 0x98, ['_SUPPORTED_RANGE']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer64', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0x10, ['unsigned long long']],
+    'SizeOfSegment' : [ 0x18, ['unsigned long long']],
+    'ExtendInfo' : [ 0x20, ['pointer64', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x20, ['pointer64', ['void']]],
+    'SegmentLock' : [ 0x28, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 48, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DEVICE_OBJECT_LIST' : [ 0x28, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'TagCount' : [ 0x8, ['unsigned long']],
+    'OperationCode' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+    'Devices' : [ 0x10, ['array', 1, ['_DEVICE_OBJECT_LIST_ENTRY']]],
+} ],
+  '_DEBUG_TRANSPORT_DATA' : [ 0x8, {
+    'HwContextSize' : [ 0x0, ['unsigned long']],
+    'UseSerialFraming' : [ 0x4, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x5, ['unsigned char']],
+    'USBCoreId' : [ 0x6, ['unsigned char']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x90, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'Lock' : [ 0x20, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x30, ['pointer64', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x38, ['pointer64', ['void']]],
+    'Enabled' : [ 0x40, ['unsigned char']],
+    'ActiveEngaged' : [ 0x41, ['unsigned char']],
+    'ThrottleLimit' : [ 0x42, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x43, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x48, ['pointer64', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x50, ['pointer64', ['_KEVENT']]],
+    'Interface' : [ 0x58, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x28, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x20, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x10, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'ProcessBilled' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'AllocatorBackTraceIndex' : [ 0x8, ['unsigned short']],
+    'PoolTagHash' : [ 0xa, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x148, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+    'UserPresencePredictionEnabled' : [ 0x140, ['unsigned long']],
+    'AirplaneModeEnabled' : [ 0x144, ['unsigned char']],
+    'BluetoothDeviceCharging' : [ 0x145, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0xa, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned short']],
+    'TaggedPercent' : [ 0x6, ['array', 3, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x8, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+} ],
+  '__unnamed_33a3' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x10, {
+    'u1' : [ 0x0, ['__unnamed_33a3']],
+    'EndVa' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_HAL_IOMMU_DISPATCH' : [ 0x98, {
+    'HalIommuSupportEnabled' : [ 0x0, ['pointer64', ['void']]],
+    'HalIommuGetConfiguration' : [ 0x8, ['pointer64', ['void']]],
+    'HalIommuGetLibraryContext' : [ 0x10, ['pointer64', ['void']]],
+    'HalIommuMapDevice' : [ 0x18, ['pointer64', ['void']]],
+    'HalIommuEnableDevicePasid' : [ 0x20, ['pointer64', ['void']]],
+    'HalIommuSetAddressSpace' : [ 0x28, ['pointer64', ['void']]],
+    'HalIommuDisableDevicePasid' : [ 0x30, ['pointer64', ['void']]],
+    'HalIommuUnmapDevice' : [ 0x38, ['pointer64', ['void']]],
+    'HalIommuFreeLibraryContext' : [ 0x40, ['pointer64', ['void']]],
+    'HalIommuFlushTb' : [ 0x48, ['pointer64', ['void']]],
+    'HalIommuFlushAllPasid' : [ 0x50, ['pointer64', ['void']]],
+    'HalIommuProcessPageRequestQueue' : [ 0x58, ['pointer64', ['void']]],
+    'HalIommuFaultRoutine' : [ 0x60, ['pointer64', ['void']]],
+    'HalIommuReferenceAsid' : [ 0x68, ['pointer64', ['void']]],
+    'HalIommuDereferenceAsid' : [ 0x70, ['pointer64', ['void']]],
+    'HalIommuServicePageFault' : [ 0x78, ['pointer64', ['void']]],
+    'HalIommuDevicePowerChange' : [ 0x80, ['pointer64', ['void']]],
+    'HalIommuBeginDeviceReset' : [ 0x88, ['pointer64', ['void']]],
+    'HalIommuFinalizeDeviceReset' : [ 0x90, ['pointer64', ['void']]],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0xb0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Timer' : [ 0x10, ['_KTIMER']],
+    'Dpc' : [ 0x50, ['_KDPC']],
+    'WorkOrder' : [ 0x90, ['pointer64', ['_POP_FX_WORK_ORDER']]],
+    'CurrentWorkInfo' : [ 0x98, ['pointer64', ['_PEP_WORK_INFORMATION']]],
+    'WatchdogStart' : [ 0xa0, ['unsigned long long']],
+    'WorkerThread' : [ 0xa8, ['pointer64', ['_KTHREAD']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x30, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'ArbiterHandler' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['unsigned long']],
+} ],
+  '__unnamed_33d7' : [ 0x20, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x20, {
+    'Parameters' : [ 0x0, ['__unnamed_33d7']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x10, {
+    'PreviousBlockPrivateData' : [ 0x0, ['pointer64', ['void']]],
+    'Size' : [ 0x8, ['unsigned short']],
+    'Flags' : [ 0xa, ['unsigned char']],
+    'SmallTagIndex' : [ 0xb, ['unsigned char']],
+    'SubSegmentCode' : [ 0x8, ['unsigned long']],
+    'PreviousSize' : [ 0xc, ['unsigned short']],
+    'SegmentOffset' : [ 0xe, ['unsigned char']],
+    'LFHFlags' : [ 0xe, ['unsigned char']],
+    'UnusedBytes' : [ 0xf, ['unsigned char']],
+    'CompactHeader' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Address' : [ 0x20, ['pointer64', ['void']]],
+    'Size' : [ 0x28, ['unsigned long long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x50, {
+    'DriverObject' : [ 0x0, ['pointer64', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x8, ['pointer64', ['void']]],
+    'Count' : [ 0x10, ['unsigned long']],
+    'ServiceKeyName' : [ 0x18, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x28, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x30, ['pointer64', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x38, ['pointer64', ['void']]],
+    'DvCallbacks' : [ 0x40, ['pointer64', ['void']]],
+    'VerifierContext' : [ 0x48, ['pointer64', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x20, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0x18, ['unsigned long']],
+    'Traits' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x10, ['pointer64', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0x18, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x20, ['pointer64', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x28, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x30, ['unsigned short']],
+    'ReplyIndex' : [ 0x32, ['unsigned short']],
+    'Flags' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UseProtectedSlabAllocators' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UseUnprotectedSlabAllocators' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ZeroPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x60, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '__unnamed_33f4' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_33f6' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_33f4']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_33f6']],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x8, {
+    'ReserveDevice' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x28, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x10, ['_KGATE']],
+    'Event' : [ 0x10, ['_KEVENT']],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0xa0, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileObject' : [ 0x8, ['pointer64', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x10, ['pointer64', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0x18, ['pointer64', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x20, ['unsigned char']],
+    'IrpOplocksR' : [ 0x28, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x38, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x48, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x58, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x78, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x88, ['pointer64', ['_GUID']]],
+    'OplockState' : [ 0x90, ['unsigned long']],
+    'FastMutex' : [ 0x98, ['pointer64', ['_FAST_MUTEX']]],
+} ],
+  '__unnamed_3404' : [ 0x10, {
+    'UserData' : [ 0x0, ['pointer64', ['void']]],
+    'Owner' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_3405' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_3404']],
+    'Merged' : [ 0x10, ['__unnamed_3405']],
+    'Attributes' : [ 0x20, ['unsigned char']],
+    'PublicFlags' : [ 0x21, ['unsigned char']],
+    'PrivateFlags' : [ 0x22, ['unsigned short']],
+    'ListEntry' : [ 0x28, ['_LIST_ENTRY']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x80, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer64', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0xcc0, {
+    'SessionWsList' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x10, ['pointer64', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0x18, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x30, ['unsigned long long']],
+    'SizeOfPagedPoolInPages' : [ 0x38, ['unsigned long long']],
+    'SystemPteInfo' : [ 0x40, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0xa0, ['unsigned long long']],
+    'SmallNonPagedPtesCommit' : [ 0xa8, ['unsigned long long']],
+    'BootCommit' : [ 0xb0, ['unsigned long long']],
+    'MdlPagesAllocated' : [ 0xb8, ['unsigned long long']],
+    'SystemPageTableCommit' : [ 0xc0, ['unsigned long long']],
+    'ProcessCommit' : [ 0xc8, ['unsigned long long']],
+    'DriverCommit' : [ 0xd0, ['long']],
+    'PagingLevels' : [ 0xd4, ['unsigned char']],
+    'PfnDatabaseCommit' : [ 0xd8, ['unsigned long long']],
+    'SystemWs' : [ 0x100, ['array', 6, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x880, ['_MMSUPPORT_SHARED']],
+    'AggregateSystemWs' : [ 0x900, ['array', 1, ['_MMSUPPORT_AGGREGATION']]],
+    'MapCacheFailures' : [ 0x920, ['unsigned long']],
+    'PagefileHashPages' : [ 0x928, ['unsigned long long']],
+    'PteHeader' : [ 0x930, ['_SYSPTES_HEADER']],
+    'SystemVaTypeCount' : [ 0xa48, ['array', 16, ['unsigned long long']]],
+    'SystemVaType' : [ 0xac8, ['array', 256, ['unsigned char']]],
+    'SystemVaRegions' : [ 0xbc8, ['array', 13, ['_MI_SYSTEM_VA_ASSIGNMENT']]],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x48, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0x18, ['pointer64', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x20, ['pointer64', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x28, ['pointer64', ['_ETHREAD']]],
+    'Flags' : [ 0x30, ['unsigned long']],
+    'AtomicLinks' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x90, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x38, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x50, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x60, ['unsigned long long']],
+    'NumberOfPfnReferences' : [ 0x68, ['unsigned long']],
+    'LargeViews' : [ 0x6c, ['unsigned long']],
+    'ProtosNode' : [ 0x70, ['_MI_PROTOTYPE_PTES_NODE']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x158, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastResponsivenessEvents' : [ 0x18, ['unsigned long']],
+    'LastPerfCheckSnap' : [ 0x20, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x80, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xe0, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x140, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x144, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x148, ['array', 3, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x14b, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x14c, ['unsigned char']],
+    'CurrentResponsivenessEvents' : [ 0x150, ['unsigned long']],
+} ],
+  '_MI_LARGEPAGE_VAD_INFO' : [ 0x18, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x8, ['unsigned long long']],
+    'ReferencedPartition' : [ 0x10, ['pointer64', ['_EPARTITION']]],
+} ],
+  '_MI_HARD_FAULT_STATE' : [ 0x10, {
+    'SwapPfn' : [ 0x0, ['pointer64', ['_MMPFN']]],
+    'StoreFlags' : [ 0x8, ['_MI_STORE_INPAGE_COMPLETE_FLAGS']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_PEB32' : [ 0x480, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['unsigned long']],
+    'ImageBaseAddress' : [ 0x8, ['unsigned long']],
+    'Ldr' : [ 0xc, ['unsigned long']],
+    'ProcessParameters' : [ 0x10, ['unsigned long']],
+    'SubSystemData' : [ 0x14, ['unsigned long']],
+    'ProcessHeap' : [ 0x18, ['unsigned long']],
+    'FastPebLock' : [ 0x1c, ['unsigned long']],
+    'AtlThunkSListPtr' : [ 0x20, ['unsigned long']],
+    'IFEOKey' : [ 0x24, ['unsigned long']],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['unsigned long']],
+    'UserSharedInfoPtr' : [ 0x2c, ['unsigned long']],
+    'SystemReserved' : [ 0x30, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x34, ['unsigned long']],
+    'ApiSetMap' : [ 0x38, ['unsigned long']],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['unsigned long']],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['unsigned long']],
+    'SharedData' : [ 0x50, ['unsigned long']],
+    'ReadOnlyStaticServerData' : [ 0x54, ['unsigned long']],
+    'AnsiCodePageData' : [ 0x58, ['unsigned long']],
+    'OemCodePageData' : [ 0x5c, ['unsigned long']],
+    'UnicodeCaseTableData' : [ 0x60, ['unsigned long']],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['unsigned long']],
+    'GdiSharedHandleTable' : [ 0x94, ['unsigned long']],
+    'ProcessStarterHelper' : [ 0x98, ['unsigned long']],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['unsigned long']],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['unsigned long']],
+    'TlsExpansionBitmap' : [ 0x150, ['unsigned long']],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['unsigned long']],
+    'AppCompatInfo' : [ 0x1ec, ['unsigned long']],
+    'CSDVersion' : [ 0x1f0, ['_STRING32']],
+    'ActivationContextData' : [ 0x1f8, ['unsigned long']],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['unsigned long']],
+    'SystemDefaultActivationContextData' : [ 0x200, ['unsigned long']],
+    'SystemAssemblyStorageMap' : [ 0x204, ['unsigned long']],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'SparePointers' : [ 0x20c, ['array', 4, ['unsigned long']]],
+    'SpareUlongs' : [ 0x21c, ['array', 5, ['unsigned long']]],
+    'WerRegistrationData' : [ 0x230, ['unsigned long']],
+    'WerShipAssertPtr' : [ 0x234, ['unsigned long']],
+    'pUnused' : [ 0x238, ['unsigned long']],
+    'pImageHeaderHash' : [ 0x23c, ['unsigned long']],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['LIST_ENTRY32']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['unsigned long']]],
+    'TelemetryCoverageHeader' : [ 0x45c, ['unsigned long']],
+    'CloudFileFlags' : [ 0x460, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x464, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x468, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x469, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x470, ['unsigned long']],
+    'LeapSecondFlags' : [ 0x474, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x474, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x474, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x478, ['unsigned long']],
+} ],
+  '_POP_DEVICE_POWER_PROFILE' : [ 0x58, {
+    'DeviceId' : [ 0x0, ['_UNICODE_STRING']],
+    'PowerPlane' : [ 0x10, ['pointer64', ['_POP_POWER_PLANE']]],
+    'FxDevice' : [ 0x18, ['pointer64', ['_POP_FX_DEVICE']]],
+    'PowerDrawMw' : [ 0x20, ['long']],
+    'DxPower' : [ 0x24, ['array', 4, ['_PO_POWER_PLANE_PROFILE']]],
+    'ComponentCount' : [ 0x48, ['unsigned long long']],
+    'Components' : [ 0x50, ['pointer64', ['pointer64', ['_POP_COMPONENT_POWER_PROFILE']]]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x1d8, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long long']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x18, ['pointer64', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x20, ['pointer64', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x28, ['pointer64', ['_KSEMAPHORE']]],
+    'Order' : [ 0x30, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0x1b0, ['_LIST_ENTRY']],
+    'Status' : [ 0x1c0, ['long']],
+    'FailedDevice' : [ 0x1c8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x1d0, ['unsigned char']],
+    'Cancelled' : [ 0x1d1, ['unsigned char']],
+    'IgnoreErrors' : [ 0x1d2, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x1d3, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x1d4, ['unsigned char']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'Node' : [ 0x8, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x58, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0x10, ['unsigned long long']],
+    'SamplingPeriod' : [ 0x18, ['unsigned long']],
+    'CurrentTemperature' : [ 0x1c, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x20, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x24, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x28, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x2c, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0xc8, {
+    'FileName' : [ 0x0, ['pointer64', ['wchar']]],
+    'BaseName' : [ 0x8, ['pointer64', ['wchar']]],
+    'RegRootName' : [ 0x10, ['pointer64', ['wchar']]],
+    'CmHive' : [ 0x18, ['pointer64', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x20, ['unsigned long']],
+    'CmHiveFlags' : [ 0x24, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x28, ['unsigned long']],
+    'CmHive2' : [ 0x30, ['pointer64', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x38, ['unsigned char']],
+    'ThreadFinished' : [ 0x39, ['unsigned char']],
+    'ThreadStarted' : [ 0x3a, ['unsigned char']],
+    'Allocate' : [ 0x3b, ['unsigned char']],
+    'WinPERequired' : [ 0x3c, ['unsigned char']],
+    'StartEvent' : [ 0x40, ['_KEVENT']],
+    'FinishedEvent' : [ 0x58, ['_KEVENT']],
+    'MountLock' : [ 0x70, ['_KEVENT']],
+    'MountCallbackLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'CallbackListLock' : [ 0x90, ['_EX_PUSH_LOCK']],
+    'CallbackListHead' : [ 0x98, ['_LIST_ENTRY']],
+    'CallbackWorkItem' : [ 0xa8, ['pointer64', ['_WORK_QUEUE_ITEM']]],
+    'CallbackWorkItemBusy' : [ 0xb0, ['long']],
+    'FilePath' : [ 0xb8, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0x180, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x8, ['pointer64', ['pointer64', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x10, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+    'Flags' : [ 0x178, ['unsigned long']],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x40, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'HitCount' : [ 0x18, ['unsigned long long']],
+    'LastActivationTime' : [ 0x20, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x28, ['unsigned long long']],
+    'CsActivationTime' : [ 0x30, ['unsigned long long']],
+    'CsActiveTime' : [ 0x38, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0x18, {
+    'ArbitrationList' : [ 0x0, ['pointer64', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x8, ['unsigned long']],
+    'AllocateFrom' : [ 0x10, ['pointer64', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x38, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HAL_CLOCK_TIMER_CONFIGURATION' : [ 0x20, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'AlwaysOnTimer' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'HighLatency' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PerCpuTimer' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DynamicTickSupported' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'KnownType' : [ 0x4, ['unsigned long']],
+    'Capabilities' : [ 0x8, ['unsigned long']],
+    'MaxIncrement' : [ 0x10, ['unsigned long long']],
+    'MinIncrement' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_DEBUGID_TRACKING_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x10, ['unsigned char']],
+    'Spare' : [ 0x11, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0x14, ['unsigned long']],
+    'DebugId' : [ 0x18, ['_CVDD']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x30, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x10, ['pointer64', ['_KTHREAD']]],
+    'Event' : [ 0x18, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x48, {
+    'Parent' : [ 0x0, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x8, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x10, ['pointer64', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0x18, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x40, ['pointer64', ['void']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x28, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x8, ['_RTL_BITMAP']],
+    'HashTable' : [ 0x18, ['pointer64', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x20, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x50, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ControlAreaDeleteListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'UnusedSegmentDeleteListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'PagefileExtensionListHead' : [ 0x40, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '_KQUEUE' : [ 0x40, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x28, ['unsigned long']],
+    'MaximumCount' : [ 0x2c, ['unsigned long']],
+    'ThreadListHead' : [ 0x30, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_3474' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x8c0, {
+    'FreeLargePages' : [ 0x0, ['array', 3, ['_MI_FREE_LARGE_PAGES']]],
+    'LargePageRebuildTimer' : [ 0x390, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'StandbyPageList' : [ 0x3b8, ['array', 4, ['array', 8, ['_MMPFNLIST_SHORT']]]],
+    'FreePageListHeadsBitmap' : [ 0x6c0, ['array', 2, ['_RTL_BITMAP']]],
+    'FreePageListHeadsBitmapBuffer' : [ 0x6e0, ['array', 16, ['unsigned long']]],
+    'FreeCount' : [ 0x720, ['array', 2, ['unsigned long long']]],
+    'TotalPages' : [ 0x730, ['array', 4, ['unsigned long long']]],
+    'TotalPagesEntireNode' : [ 0x750, ['unsigned long long']],
+    'CurrentHugeRangeColor' : [ 0x758, ['unsigned long']],
+    'HugeIoRangeFreeCount' : [ 0x760, ['array', 2, ['unsigned long long']]],
+    'MmShiftedColor' : [ 0x770, ['unsigned long']],
+    'Color' : [ 0x774, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x778, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'Flags' : [ 0x7b8, ['__unnamed_3474']],
+    'LargeListMoveInProgress' : [ 0x7bc, ['unsigned long']],
+    'LargeListWaiters' : [ 0x7c0, ['pointer64', ['_MI_LARGE_PAGE_LISTS_CHANGING']]],
+    'NodeLock' : [ 0x7c8, ['_EX_PUSH_LOCK']],
+    'ZeroThreadHugeMapLock' : [ 0x7d0, ['unsigned long long']],
+    'ChannelStatus' : [ 0x7d8, ['unsigned char']],
+    'ChannelOrdering' : [ 0x7d9, ['array', 4, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x7dd, ['array', 4, ['unsigned char']]],
+    'PowerAttribute' : [ 0x7e1, ['array', 4, ['unsigned char']]],
+    'LargePageLock' : [ 0x7e8, ['unsigned long long']],
+    'PageColorTable' : [ 0x7f0, ['_MI_PAGE_COLORS']],
+    'NumberOfPagesGoingBad' : [ 0x800, ['unsigned long long']],
+    'WriteCalibration' : [ 0x808, ['_MI_WRITE_CALIBRATION']],
+    'BootZeroContext' : [ 0x828, ['pointer64', ['void']]],
+    'BootZeroPageTimesPerProcessor' : [ 0x830, ['pointer64', ['void']]],
+    'ZeroingVaBase' : [ 0x838, ['pointer64', ['void']]],
+    'TotalBytesToZero' : [ 0x840, ['unsigned long long']],
+    'PerProcessorNumberOfBytesToZero' : [ 0x848, ['unsigned long long']],
+    'ZeroingContext' : [ 0x850, ['pointer64', ['void']]],
+    'ZeroingProcessorCount' : [ 0x858, ['unsigned long']],
+    'ZeroHand' : [ 0x85c, ['long']],
+    'FinishedProcessors' : [ 0x860, ['long']],
+    'CyclesToZeroOneLargePage' : [ 0x868, ['unsigned long long']],
+    'ScaledCyclesToZeroOneLargePage' : [ 0x870, ['pointer64', ['unsigned long long']]],
+    'GroupAffinity' : [ 0x878, ['_GROUP_AFFINITY']],
+    'ProcessorCount' : [ 0x888, ['unsigned short']],
+    'BackgroundZeroingActive' : [ 0x88a, ['unsigned char']],
+    'ZeroingPhysicalMemoryBlock' : [ 0x890, ['pointer64', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'IrpData' : [ 0x18, ['pointer64', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x20, ['long']],
+    'PowerReqCall' : [ 0x24, ['long']],
+    'PowerNotReqCall' : [ 0x28, ['long']],
+    'DeviceNode' : [ 0x30, ['pointer64', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x20, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer64', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x8, ['pointer64', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x60, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0x10, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x28, ['unsigned long']],
+    'AccessBufferList' : [ 0x40, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x50, ['long']],
+    'Flags' : [ 0x54, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x58, ['long']],
+} ],
+  '_DOMAIN_CONFIGURATION_ARM64' : [ 0x20, {
+    'Ttbr0' : [ 0x0, ['_LARGE_INTEGER']],
+    'Ttbr1' : [ 0x8, ['_LARGE_INTEGER']],
+    'Mair0' : [ 0x10, ['unsigned long']],
+    'Mair1' : [ 0x14, ['unsigned long']],
+    'InputSize0' : [ 0x18, ['unsigned char']],
+    'InputSize1' : [ 0x19, ['unsigned char']],
+    'CoherentTableWalks' : [ 0x1a, ['unsigned char']],
+    'TranslationEnabled' : [ 0x1b, ['unsigned char']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x10, ['pointer64', ['void']]],
+    'CallersCaller' : [ 0x18, ['pointer64', ['void']]],
+    'CallCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0x18, {
+    'Previous' : [ 0x0, ['pointer64', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x8, ['pointer64', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x20, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x8, ['pointer64', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0xb0, {
+    'CachedKernelStacks' : [ 0x0, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'DynamicBitMapNonPagedPool' : [ 0x40, ['_MI_DYNAMIC_BITMAP']],
+    'CachedNonPagedPoolCount' : [ 0x88, ['unsigned long long']],
+    'NonPagedPoolSpinLock' : [ 0x90, ['unsigned long long']],
+    'CachedNonPagedPool' : [ 0x98, ['pointer64', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0xa0, ['pointer64', ['void']]],
+    'NonPagedPoolLastVa' : [ 0xa8, ['pointer64', ['void']]],
+} ],
+  '_PROC_PERF_QOS_CLASS_POLICY' : [ 0x1c, {
+    'MaxPolicyPercent' : [ 0x0, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x4, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x8, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0xc, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x10, ['unsigned long']],
+    'ProvideGuidance' : [ 0x14, ['unsigned char']],
+    'AllowThrottling' : [ 0x15, ['unsigned char']],
+    'PerfBoostMode' : [ 0x16, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x17, ['unsigned char']],
+    'TrackDesiredCrossClass' : [ 0x18, ['unsigned char']],
+} ],
+  '_POP_FX_WORK_POOL_ITEM' : [ 0x28, {
+    'WorkPool' : [ 0x0, ['pointer64', ['_POP_FX_WORK_POOL']]],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_FAULT_INFORMATION_ARM64' : [ 0x30, {
+    'DomainHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FaultAddress' : [ 0x8, ['pointer64', ['void']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer64', ['_DEVICE_OBJECT']]],
+    'InputMappingId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['_FAULT_INFORMATION_ARM64_FLAGS']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'UnsupportedUpstreamTransaction', 1: u'AddressSizeFault', 2: u'TlbMatchConflict', 3: u'ExternalFault', 4: u'PermissionFault', 5: u'AccessFlagFault', 6: u'TranslationFault', 7: u'MaxFaultType'})]],
+    'IommuBaseAddress' : [ 0x28, ['unsigned long long']],
+} ],
+  '_MI_NODE_NUMBER_ZERO_BASED' : [ 0x4, {
+    'ZeroBased' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long long']],
+    'BadPagesDetected' : [ 0x8, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0xc, ['long']],
+    'ScrubPasses' : [ 0x10, ['long']],
+    'ScrubBadPagesFound' : [ 0x14, ['long']],
+    'PageHashErrors' : [ 0x18, ['unsigned long']],
+    'FeatureBits' : [ 0x20, ['unsigned long long']],
+    'TimeZoneId' : [ 0x28, ['unsigned long']],
+    'Flags' : [ 0x2c, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x20, {
+    'SharedExportThunks' : [ 0x0, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x8, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x10, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0x18, ['pointer64', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_FAULT_INFORMATION_X64' : [ 0x28, {
+    'DomainHandle' : [ 0x0, ['pointer64', ['void']]],
+    'FaultAddress' : [ 0x8, ['pointer64', ['void']]],
+    'Flags' : [ 0x10, ['_FAULT_INFORMATION_X64_FLAGS']],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'UnsupportedUpstreamTransaction', 1: u'AddressSizeFault', 2: u'TlbMatchConflict', 3: u'ExternalFault', 4: u'PermissionFault', 5: u'AccessFlagFault', 6: u'TranslationFault', 7: u'MaxFaultType'})]],
+    'IommuBaseAddress' : [ 0x18, ['unsigned long long']],
+    'PciSegment' : [ 0x20, ['unsigned long']],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_POP_COMPONENT_POWER_PROFILE' : [ 0x28, {
+    'ComponentGuid' : [ 0x0, ['_GUID']],
+    'Device' : [ 0x10, ['pointer64', ['_POP_DEVICE_POWER_PROFILE']]],
+    'FxCount' : [ 0x18, ['unsigned long long']],
+    'FxPower' : [ 0x20, ['array', 1, ['_PO_POWER_PLANE_PROFILE']]],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x28, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x20, ['unsigned char']],
+    'RebuildActive' : [ 0x21, ['unsigned char']],
+    'NextPassDelta' : [ 0x22, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x23, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x68, {
+    'IoPfnLock' : [ 0x0, ['long']],
+    'IoPfnRoot' : [ 0x8, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x20, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x30, ['unsigned long']],
+    'IoCacheStats' : [ 0x38, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x60, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x48, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x40, ['long']],
+} ],
+  '__unnamed_34d0' : [ 0x10, {
+    'CodeBase' : [ 0x0, ['pointer64', ['void']]],
+    'CodeSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0xdf0, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x18, ['pointer64', ['void']]],
+    'EmInfFileSize' : [ 0x20, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x28, ['pointer64', ['void']]],
+    'HeadlessLoaderBlock' : [ 0x30, ['pointer64', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x38, ['pointer64', ['_SMBIOS3_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x40, ['pointer64', ['void']]],
+    'DrvDBSize' : [ 0x48, ['unsigned long']],
+    'DrvDBPatchImage' : [ 0x50, ['pointer64', ['void']]],
+    'DrvDBPatchSize' : [ 0x58, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x60, ['pointer64', ['_NETWORK_LOADER_BLOCK']]],
+    'FirmwareDescriptorListHead' : [ 0x68, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x78, ['pointer64', ['void']]],
+    'AcpiTableSize' : [ 0x80, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x84, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x84, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x84, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x84, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x84, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardStrongCodeGuarantees' : [ 0x84, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SidSharingDisabled' : [ 0x84, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'TpmInitialized' : [ 0x84, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'VsmConfigured' : [ 0x84, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IumEnabled' : [ 0x84, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'IsSmbboot' : [ 0x84, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BootLogEnabled' : [ 0x84, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DriverVerifierEnabled' : [ 0x84, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SuppressMonitorX' : [ 0x84, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'KernelCetEnabled' : [ 0x84, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'SuppressSmap' : [ 0x84, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x84, ['BitField', dict(start_bit = 16, end_bit = 21, native_type='unsigned long')]],
+    'FeatureSimulations' : [ 0x84, ['BitField', dict(start_bit = 21, end_bit = 27, native_type='unsigned long')]],
+    'MicrocodeSelfHosting' : [ 0x84, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'XhciLegacyHandoffSkip' : [ 0x84, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisableInsiderOptInHVCI' : [ 0x84, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'MicrocodeMinVerSupported' : [ 0x84, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'GpuIommuEnabled' : [ 0x84, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x88, ['_LOADER_PERFORMANCE_DATA']],
+    'BootApplicationPersistentData' : [ 0xe8, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0xf8, ['pointer64', ['void']]],
+    'BootIdentifier' : [ 0x100, ['_GUID']],
+    'ResumePages' : [ 0x110, ['unsigned long']],
+    'DumpHeader' : [ 0x118, ['pointer64', ['void']]],
+    'BgContext' : [ 0x120, ['pointer64', ['void']]],
+    'NumaLocalityInfo' : [ 0x128, ['pointer64', ['void']]],
+    'NumaGroupAssignment' : [ 0x130, ['pointer64', ['void']]],
+    'AttachedHives' : [ 0x138, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0x148, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0x150, ['pointer64', ['void']]],
+    'BootEntropyResult' : [ 0x158, ['_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0x9c0, ['unsigned long long']],
+    'HypervisorExtension' : [ 0x9c8, ['_LOADER_PARAMETER_HYPERVISOR_EXTENSION']],
+    'HardwareConfigurationId' : [ 0xa08, ['_GUID']],
+    'HalExtensionModuleList' : [ 0xa18, ['_LIST_ENTRY']],
+    'SystemTime' : [ 0xa28, ['_LARGE_INTEGER']],
+    'TimeStampAtSystemTimeRead' : [ 0xa30, ['unsigned long long']],
+    'BootFlags' : [ 0xa38, ['unsigned long long']],
+    'DbgMenuOsSelection' : [ 0xa38, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgHiberBoot' : [ 0xa38, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgSoftRestart' : [ 0xa38, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'DbgMeasuredLaunch' : [ 0xa38, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'InternalBootFlags' : [ 0xa40, ['unsigned long long']],
+    'DbgUtcBootTime' : [ 0xa40, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgRtcBootTime' : [ 0xa40, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgNoLegacyServices' : [ 0xa40, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WfsFPData' : [ 0xa48, ['pointer64', ['void']]],
+    'WfsFPDataSize' : [ 0xa50, ['unsigned long']],
+    'BugcheckParameters' : [ 0xa58, ['_LOADER_BUGCHECK_PARAMETERS']],
+    'ApiSetSchema' : [ 0xa80, ['pointer64', ['void']]],
+    'ApiSetSchemaSize' : [ 0xa88, ['unsigned long']],
+    'ApiSetSchemaExtensions' : [ 0xa90, ['_LIST_ENTRY']],
+    'AcpiBiosVersion' : [ 0xaa0, ['_UNICODE_STRING']],
+    'SmbiosVersion' : [ 0xab0, ['_UNICODE_STRING']],
+    'EfiVersion' : [ 0xac0, ['_UNICODE_STRING']],
+    'KdDebugDevice' : [ 0xad0, ['pointer64', ['_DEBUG_DEVICE_DESCRIPTOR']]],
+    'OfflineCrashdumpConfigurationTable' : [ 0xad8, ['_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2']],
+    'ManufacturingProfile' : [ 0xaf8, ['_UNICODE_STRING']],
+    'BbtBuffer' : [ 0xb08, ['pointer64', ['void']]],
+    'XsaveAllowedFeatures' : [ 0xb10, ['unsigned long long']],
+    'XsaveFlags' : [ 0xb18, ['unsigned long']],
+    'BootOptions' : [ 0xb20, ['pointer64', ['void']]],
+    'IumEnablement' : [ 0xb28, ['unsigned long']],
+    'IumPolicy' : [ 0xb2c, ['unsigned long']],
+    'IumStatus' : [ 0xb30, ['long']],
+    'BootId' : [ 0xb34, ['unsigned long']],
+    'CodeIntegrityData' : [ 0xb38, ['pointer64', ['_LOADER_PARAMETER_CI_EXTENSION']]],
+    'CodeIntegrityDataSize' : [ 0xb40, ['unsigned long']],
+    'SystemHiveRecoveryInfo' : [ 0xb44, ['_LOADER_HIVE_RECOVERY_INFO']],
+    'SoftRestartCount' : [ 0xb58, ['unsigned long']],
+    'SoftRestartTime' : [ 0xb60, ['long long']],
+    'HypercallCodeVa' : [ 0xb68, ['pointer64', ['void']]],
+    'HalVirtualAddress' : [ 0xb70, ['pointer64', ['void']]],
+    'HalNumberOfBytes' : [ 0xb78, ['unsigned long long']],
+    'LeapSecondData' : [ 0xb80, ['pointer64', ['_LEAP_SECOND_DATA']]],
+    'MajorRelease' : [ 0xb88, ['unsigned long']],
+    'Reserved1' : [ 0xb8c, ['unsigned long']],
+    'NtBuildLab' : [ 0xb90, ['array', 224, ['unsigned char']]],
+    'NtBuildLabEx' : [ 0xc70, ['array', 224, ['unsigned char']]],
+    'ResetReason' : [ 0xd50, ['_LOADER_RESET_REASON']],
+    'MaxPciBusNumber' : [ 0xd80, ['unsigned long']],
+    'FeatureSettings' : [ 0xd84, ['unsigned long']],
+    'HotPatchReserveSize' : [ 0xd88, ['unsigned long']],
+    'RetpolineReserveSize' : [ 0xd8c, ['unsigned long']],
+    'MiniExecutive' : [ 0xd90, ['__unnamed_34d0']],
+    'VsmPerformanceData' : [ 0xda0, ['_VSM_PERFORMANCE_DATA']],
+    'NumaMemoryRanges' : [ 0xde0, ['pointer64', ['_NUMA_MEMORY_RANGE']]],
+    'NumaMemoryRangeCount' : [ 0xde8, ['unsigned long']],
+    'IommuFaultPolicy' : [ 0xdec, ['unsigned long']],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0x18, {
+    'AnsiCodePageData' : [ 0x0, ['pointer64', ['void']]],
+    'OemCodePageData' : [ 0x8, ['pointer64', ['void']]],
+    'UnicodeCaseTableData' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x20, {
+    'CurrentCharges' : [ 0x0, ['unsigned long long']],
+    'ChargeFailures' : [ 0x8, ['unsigned long long']],
+    'ChargePeak' : [ 0x10, ['unsigned long long']],
+    'ChargeMinimum' : [ 0x18, ['unsigned long long']],
+} ],
+  '__unnamed_34dd' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x58, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer64', ['void']]],
+    'ProtosNode' : [ 0x18, ['_MI_PROTOTYPE_PTES_NODE']],
+    'NumberOfPtes' : [ 0x38, ['unsigned long long']],
+    'SessionId' : [ 0x40, ['unsigned long']],
+    'Subsection' : [ 0x40, ['pointer64', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x48, ['pointer64', ['_MMPTE']]],
+    'u2' : [ 0x50, ['__unnamed_34dd']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_PEBS_DS_SAVE_AREA32' : [ 0x80, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long']],
+    'BtsIndex' : [ 0x4, ['unsigned long']],
+    'BtsAbsoluteMaximum' : [ 0x8, ['unsigned long']],
+    'BtsInterruptThreshold' : [ 0xc, ['unsigned long']],
+    'PebsBufferBase' : [ 0x10, ['unsigned long']],
+    'PebsIndex' : [ 0x14, ['unsigned long']],
+    'PebsAbsoluteMaximum' : [ 0x18, ['unsigned long']],
+    'PebsInterruptThreshold' : [ 0x1c, ['unsigned long']],
+    'PebsGpCounterReset' : [ 0x20, ['array', 8, ['unsigned long long']]],
+    'PebsFixedCounterReset' : [ 0x60, ['array', 4, ['unsigned long long']]],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x40, {
+    'PagesLoad' : [ 0x0, ['long long']],
+    'PagesAverage' : [ 0x8, ['unsigned long long']],
+    'AverageAvailablePages' : [ 0x10, ['unsigned long long']],
+    'PagesWritten' : [ 0x18, ['unsigned long long']],
+    'WritesIssued' : [ 0x20, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x24, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x28, ['unsigned long']],
+    'WriteBurstCount' : [ 0x2c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x30, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x38, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x3c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x3e, ['unsigned short']],
+} ],
+  '_MACHINE_FRAME' : [ 0x28, {
+    'Rip' : [ 0x0, ['unsigned long long']],
+    'SegCs' : [ 0x8, ['unsigned short']],
+    'Fill1' : [ 0xa, ['array', 3, ['unsigned short']]],
+    'EFlags' : [ 0x10, ['unsigned long']],
+    'Fill2' : [ 0x14, ['unsigned long']],
+    'Rsp' : [ 0x18, ['unsigned long long']],
+    'SegSs' : [ 0x20, ['unsigned short']],
+    'Fill3' : [ 0x22, ['array', 3, ['unsigned short']]],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_INFORMATION' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['_HAL_UNMASKED_INTERRUPT_FLAGS']],
+    'Mode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Gsiv' : [ 0x10, ['unsigned long']],
+    'PinNumber' : [ 0x14, ['unsigned short']],
+    'DeviceHandle' : [ 0x18, ['pointer64', ['void']]],
+} ],
+  '_KTRANSACTION' : [ 0x2d8, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x20, ['_KMUTANT']],
+    'TreeTx' : [ 0x58, ['pointer64', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x60, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x88, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0xb0, ['_GUID']],
+    'State' : [ 0xc0, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0xc4, ['unsigned long']],
+    'EnlistmentHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xd8, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0xdc, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0xe0, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0xe4, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0xe8, ['unsigned long']],
+    'PendingResponses' : [ 0xec, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0xf0, ['pointer64', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xf8, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0x100, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0x110, ['pointer64', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0x118, ['pointer64', ['void']]],
+    'IsolationLevel' : [ 0x120, ['unsigned long']],
+    'IsolationFlags' : [ 0x124, ['unsigned long']],
+    'Timeout' : [ 0x128, ['_LARGE_INTEGER']],
+    'Description' : [ 0x130, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0x140, ['pointer64', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0x148, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0x168, ['_KDPC']],
+    'RollbackTimer' : [ 0x1a8, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x1e8, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x1f8, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x200, ['pointer64', ['_KTM']]],
+    'CommitReservation' : [ 0x208, ['long long']],
+    'TransactionHistory' : [ 0x210, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x260, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x268, ['pointer64', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x270, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x278, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x2b0, ['pointer64', ['void']]],
+    'PendingPromotionCount' : [ 0x2b8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x2c0, ['_KEVENT']],
+} ],
+  '_FAKE_HEAP_ENTRY' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long long']],
+    'PreviousSize' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x44, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'NoPageTablesAllowed' : [ 0x3c, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x40, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0xa8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x68, ['_KMUTANT']],
+    'LinksOffset' : [ 0xa0, ['unsigned short']],
+    'GuidOffset' : [ 0xa2, ['unsigned short']],
+    'Expired' : [ 0xa4, ['unsigned char']],
+} ],
+  '_LOADER_BUGCHECK_PARAMETERS' : [ 0x28, {
+    'BugcheckCode' : [ 0x0, ['unsigned long']],
+    'BugcheckParameter1' : [ 0x8, ['unsigned long long']],
+    'BugcheckParameter2' : [ 0x10, ['unsigned long long']],
+    'BugcheckParameter3' : [ 0x18, ['unsigned long long']],
+    'BugcheckParameter4' : [ 0x20, ['unsigned long long']],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x3e0, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long long']],
+    'PageSize' : [ 0x18, ['unsigned long']],
+    'SystemTime' : [ 0x20, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x28, ['unsigned long long']],
+    'FeatureFlags' : [ 0x30, ['unsigned long long']],
+    'HiberFlags' : [ 0x38, ['unsigned char']],
+    'HiberSimulateFlags' : [ 0x39, ['unsigned char']],
+    'spare' : [ 0x3a, ['array', 2, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x3c, ['unsigned long']],
+    'HiberVa' : [ 0x40, ['unsigned long long']],
+    'NoFreePages' : [ 0x48, ['unsigned long']],
+    'FreeMapCheck' : [ 0x4c, ['unsigned long']],
+    'WakeCheck' : [ 0x50, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x58, ['unsigned long long']],
+    'FirstSecureRestorePage' : [ 0x60, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x68, ['unsigned long long']],
+    'FirstKernelRestorePage' : [ 0x70, ['unsigned long long']],
+    'FirstChecksumRestorePage' : [ 0x78, ['unsigned long long']],
+    'NoChecksumEntries' : [ 0x80, ['unsigned long long']],
+    'PerfInfo' : [ 0x88, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x280, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x288, ['array', 1, ['unsigned long long']]],
+    'SpareUlong' : [ 0x290, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x294, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x298, ['array', 24, ['unsigned long long']]],
+    'NotUsed' : [ 0x358, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x35c, ['unsigned long']],
+    'ResumeContextPages' : [ 0x360, ['unsigned long']],
+    'Hiberboot' : [ 0x364, ['unsigned char']],
+    'SecureLaunched' : [ 0x365, ['unsigned char']],
+    'SecureBoot' : [ 0x366, ['unsigned char']],
+    'HvPageTableRoot' : [ 0x368, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x370, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x378, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x380, ['unsigned long long']],
+    'BootFlags' : [ 0x388, ['unsigned long long']],
+    'RestoreProcessorStateRoutine' : [ 0x390, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x398, ['unsigned long long']],
+    'BitlockerKeyPfns' : [ 0x3a0, ['array', 4, ['unsigned long long']]],
+    'HardwareSignature' : [ 0x3c0, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x3d0, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x3d4, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x3d5, ['unsigned char']],
+    'HiberResumeXhciHandoffSkip' : [ 0x3d6, ['unsigned char']],
+    'InitializeUSBCore' : [ 0x3d7, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x3d8, ['unsigned char']],
+    'USBCoreId' : [ 0x3d9, ['unsigned char']],
+    'SkipMemoryMapValidation' : [ 0x3da, ['unsigned char']],
+} ],
+  '_POP_FX_DRIPS_WATCHDOG_CONTEXT' : [ 0x28, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'ComponentIndex' : [ 0x10, ['unsigned long']],
+    'ChildDevices' : [ 0x18, ['pointer64', ['pointer64', ['_DEVICE_NODE']]]],
+    'ChildDeviceCount' : [ 0x20, ['unsigned long']],
+} ],
+  '_SUPPORTED_RANGE' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer64', ['_SUPPORTED_RANGE']]],
+    'SystemAddressSpace' : [ 0x8, ['unsigned long']],
+    'SystemBase' : [ 0x10, ['long long']],
+    'Base' : [ 0x18, ['long long']],
+    'Limit' : [ 0x20, ['long long']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x50, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x10, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0x18, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x1c, ['unsigned long']],
+    'LowestLink' : [ 0x20, ['unsigned long']],
+    'Dependencies' : [ 0x28, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x30, ['_LDRP_CSLIST']],
+    'State' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x40, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x48, ['unsigned long']],
+} ],
+  '_MI_PAGE_COLORS' : [ 0x10, {
+    'PageSize' : [ 0x0, ['array', 4, ['unsigned long']]],
+} ],
+  '_NUMA_MEMORY_RANGE' : [ 0x18, {
+    'ProximityId' : [ 0x0, ['unsigned long']],
+    'BasePage' : [ 0x8, ['unsigned long long']],
+    'EndPage' : [ 0x10, ['unsigned long long']],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x178, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0x108, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0x110, ['pointer64', ['void']]],
+    'StorageInfo' : [ 0x110, ['pointer64', ['void']]],
+    'UseStorageInfo' : [ 0x118, ['unsigned char']],
+    'PointersLength' : [ 0x11c, ['unsigned long']],
+    'ModulePrefix' : [ 0x120, ['pointer64', ['wchar']]],
+    'DriverList' : [ 0x128, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0x138, ['_STRING']],
+    'ProgMsg' : [ 0x148, ['_STRING']],
+    'DoneMsg' : [ 0x158, ['_STRING']],
+    'FileObject' : [ 0x168, ['pointer64', ['void']]],
+    'UsageType' : [ 0x170, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay', 6: u'DeviceUsageTypeGuestAssigned'})]],
+} ],
+  '_PNP_WATCHDOG' : [ 0x28, {
+    'WatchdogStart' : [ 0x0, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x8, ['pointer64', ['_WDT_HANDLE']]],
+    'WatchdogContextType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'PNP_EVENT_WORKER_WATCHDOG', 2: u'PNP_DEVICE_COMPLETION_QUEUE_WATCHDOG', 3: u'PNP_DELAYED_REMOVE_WORKER_WATCHDOG', 4: u'PNP_ADD_DEVICE_WATCHDOG', 5: u'PNP_DRIVER_ENTRY_WATCHDOG'})]],
+    'WatchdogContext' : [ 0x18, ['pointer64', ['void']]],
+    'TriggerEventLogged' : [ 0x20, ['unsigned char']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x10, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_FAULT_CONFIGURATION' : [ 0x10, {
+    'FaultHandler' : [ 0x0, ['pointer64', ['void']]],
+    'FaultContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x38, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0x18, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x30, ['unsigned long']],
+    'Length' : [ 0x34, ['unsigned long']],
+} ],
+  '_RTL_UMS_CONTEXT' : [ 0x520, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Context' : [ 0x10, ['_CONTEXT']],
+    'Teb' : [ 0x4e0, ['pointer64', ['void']]],
+    'UserContext' : [ 0x4e8, ['pointer64', ['void']]],
+    'ScheduledThread' : [ 0x4f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Suspended' : [ 0x4f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VolatileContext' : [ 0x4f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Terminated' : [ 0x4f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DebugActive' : [ 0x4f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'RunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DenyRunningOnSelfThread' : [ 0x4f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Flags' : [ 0x4f0, ['long']],
+    'KernelUpdateLock' : [ 0x4f8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long long')]],
+    'PrimaryClientID' : [ 0x4f8, ['BitField', dict(start_bit = 2, end_bit = 64, native_type='unsigned long long')]],
+    'ContextLock' : [ 0x4f8, ['unsigned long long']],
+    'PrimaryUmsContext' : [ 0x500, ['pointer64', ['_RTL_UMS_CONTEXT']]],
+    'SwitchCount' : [ 0x508, ['unsigned long']],
+    'KernelYieldCount' : [ 0x50c, ['unsigned long']],
+    'MixedYieldCount' : [ 0x510, ['unsigned long']],
+    'YieldCount' : [ 0x514, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x38, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_INPUT_MAPPING_ELEMENT' : [ 0x4, {
+    'InputMappingId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_353d' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_353f' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_3541' : [ 0x10, {
+    'NotificationStructure' : [ 0x0, ['pointer64', ['void']]],
+    'DeviceId' : [ 0x8, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_3543' : [ 0x8, {
+    'Notification' : [ 0x0, ['pointer64', ['void']]],
+} ],
+  '__unnamed_3545' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_3547' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights', 13: u'PNP_VetoAlreadyRemoved'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_3549' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_354b' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_354d' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_354f' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_353d']],
+    'TargetDevice' : [ 0x0, ['__unnamed_353f']],
+    'InstallDevice' : [ 0x0, ['__unnamed_353f']],
+    'CustomNotification' : [ 0x0, ['__unnamed_3541']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_3543']],
+    'PowerNotification' : [ 0x0, ['__unnamed_3545']],
+    'VetoNotification' : [ 0x0, ['__unnamed_3547']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_3549']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_354b']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_354d']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_353f']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_353f']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x50, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x18, ['pointer64', ['unsigned long']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'DeviceObject' : [ 0x28, ['pointer64', ['void']]],
+    'u' : [ 0x30, ['__unnamed_354f']],
+} ],
+  '_VSM_PERFORMANCE_DATA' : [ 0x40, {
+    'LaunchVsmMark' : [ 0x0, ['array', 8, ['unsigned long long']]],
+} ],
+  '_WDT_HANDLE' : [ 0x1, {
+    'Reserved' : [ 0x0, ['unsigned char']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x20, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x10, ['long']],
+    'Misses' : [ 0x14, ['unsigned long']],
+    'MissesLast' : [ 0x18, ['unsigned long']],
+    'AllStacksInUse' : [ 0x1c, ['unsigned long']],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0x10, {
+    'CommonDataArea' : [ 0x0, ['pointer64', ['void']]],
+    'MachineType' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer64', ['_MMPTE']]],
+} ],
+  '__unnamed_3561' : [ 0x8, {
+    'Pch' : [ 0x0, ['unsigned char']],
+    'EmbeddedController' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 6, ['unsigned char']]],
+} ],
+  '__unnamed_3563' : [ 0x8, {
+    'Component' : [ 0x0, ['__unnamed_3561']],
+    'AsULONG64' : [ 0x0, ['unsigned long long']],
+    'AsBytes' : [ 0x0, ['array', 8, ['unsigned char']]],
+} ],
+  '_LOADER_RESET_REASON' : [ 0x30, {
+    'Supplied' : [ 0x0, ['unsigned char']],
+    'Basic' : [ 0x8, ['__unnamed_3563']],
+    'AdditionalInfo' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer64', ['pointer64', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0x10, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long long']],
+    'MpnId' : [ 0x8, ['unsigned short']],
+    'Node' : [ 0xa, ['unsigned short']],
+    'Channel' : [ 0xc, ['unsigned short']],
+    'IsPowerManageable' : [ 0xe, ['unsigned char']],
+    'DeepPowerState' : [ 0xf, ['unsigned char']],
+} ],
+  '_LOADER_HIVE_RECOVERY_INFO' : [ 0x14, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LegacyRecovery' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SoftRebootConflict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MostRecentLog' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'LogNextSequence' : [ 0x8, ['unsigned long']],
+    'LogMinimumSequence' : [ 0xc, ['unsigned long']],
+    'LogCurrentOffset' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_3573' : [ 0x38, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x40, {
+    'FirmwareTypeUefi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EfiRuntimeUseIum' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EfiRuntimePageProtectionSupported' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x8, ['__unnamed_3573']],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x38, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x18, ['long']],
+    'Link' : [ 0x20, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x30, ['pointer64', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x88, {
+    'CheckContext' : [ 0x0, ['pointer64', ['_PROC_PERF_CHECK_CONTEXT']]],
+    'PerfContext' : [ 0x8, ['unsigned long long']],
+    'Presence' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'ProcessorPresenceNt', 1: u'ProcessorPresenceHv', 2: u'ProcessorPresenceHidden'})]],
+    'ProcessorId' : [ 0x14, ['unsigned long']],
+    'PlatformCap' : [ 0x18, ['unsigned long']],
+    'ThermalCap' : [ 0x1c, ['unsigned long']],
+    'LimitReasons' : [ 0x20, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x28, ['unsigned long long']],
+    'ProcCap' : [ 0x30, ['unsigned long']],
+    'ProcFloor' : [ 0x34, ['unsigned long']],
+    'TargetPercent' : [ 0x38, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x3c, ['unsigned char']],
+    'ResponsivenessChangeCount' : [ 0x3d, ['unsigned char']],
+    'Selection' : [ 0x40, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x68, ['unsigned long']],
+    'PreviousFrequency' : [ 0x6c, ['unsigned long']],
+    'PreviousPercent' : [ 0x70, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x74, ['unsigned long']],
+    'LatestPerformancePercent' : [ 0x78, ['unsigned long']],
+    'Force' : [ 0x7c, ['unsigned char']],
+    'UseQosUpdateLock' : [ 0x7d, ['unsigned char']],
+    'QosUpdateLock' : [ 0x80, ['unsigned long long']],
+} ],
+  '_MI_ALIGNED_SLIST' : [ 0x40, {
+    'SList' : [ 0x0, ['_SLIST_HEADER']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x40, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'PciDeviceId' : [ 0x18, ['unsigned short']],
+    'PciVendorId' : [ 0x1a, ['unsigned short']],
+    'PciBusNumber' : [ 0x1c, ['unsigned char']],
+    'PciBusSegment' : [ 0x1e, ['unsigned short']],
+    'PciSlotNumber' : [ 0x20, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x21, ['unsigned char']],
+    'PciFlags' : [ 0x24, ['unsigned long']],
+    'SystemGUID' : [ 0x28, ['_GUID']],
+    'IsMMIODevice' : [ 0x38, ['unsigned char']],
+    'TerminalType' : [ 0x39, ['unsigned char']],
+    'InterfaceType' : [ 0x3a, ['unsigned char']],
+    'RegisterBitWidth' : [ 0x3b, ['unsigned char']],
+    'RegisterAccessSize' : [ 0x3c, ['unsigned char']],
+} ],
+  '_MI_WRITE_CALIBRATION' : [ 0x20, {
+    'MaximumNumberProcessors' : [ 0x0, ['unsigned long']],
+    'OptimalWriteType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'WriteTypeCached', 1: u'WriteTypeNonTemporal', 2: u'WriteTypeMaximum'})]],
+    'PerProcessorNumberOfBytes' : [ 0x8, ['unsigned long long']],
+    'OptimalWriteProcessors' : [ 0x10, ['array', 2, ['unsigned long']]],
+    'RawTimeStamps' : [ 0x18, ['pointer64', ['_MI_WRITE_MODES']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'RankNumber' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'CardHandle' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'ModuleHandle' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'ExtendedRow' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'BankGroup' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'BankAddress' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'ChipIdentification' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x20, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_FAULT_INFORMATION_X64_FLAGS' : [ 0x4, {
+    'FaultAddressValid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UserModeOnly' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoInherit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CheckVad' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x440, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer64', ['void']]],
+    'ConsoleFlags' : [ 0x18, ['unsigned long']],
+    'StandardInput' : [ 0x20, ['pointer64', ['void']]],
+    'StandardOutput' : [ 0x28, ['pointer64', ['void']]],
+    'StandardError' : [ 0x30, ['pointer64', ['void']]],
+    'CurrentDirectory' : [ 0x38, ['_CURDIR']],
+    'DllPath' : [ 0x50, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x60, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x70, ['_UNICODE_STRING']],
+    'Environment' : [ 0x80, ['pointer64', ['void']]],
+    'StartingX' : [ 0x88, ['unsigned long']],
+    'StartingY' : [ 0x8c, ['unsigned long']],
+    'CountX' : [ 0x90, ['unsigned long']],
+    'CountY' : [ 0x94, ['unsigned long']],
+    'CountCharsX' : [ 0x98, ['unsigned long']],
+    'CountCharsY' : [ 0x9c, ['unsigned long']],
+    'FillAttribute' : [ 0xa0, ['unsigned long']],
+    'WindowFlags' : [ 0xa4, ['unsigned long']],
+    'ShowWindowFlags' : [ 0xa8, ['unsigned long']],
+    'WindowTitle' : [ 0xb0, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0xc0, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0xd0, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0xe0, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0xf0, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x3f0, ['unsigned long long']],
+    'EnvironmentVersion' : [ 0x3f8, ['unsigned long long']],
+    'PackageDependencyData' : [ 0x400, ['pointer64', ['void']]],
+    'ProcessGroupId' : [ 0x408, ['unsigned long']],
+    'LoaderThreads' : [ 0x40c, ['unsigned long']],
+    'RedirectionDllName' : [ 0x410, ['_UNICODE_STRING']],
+    'HeapPartitionName' : [ 0x420, ['_UNICODE_STRING']],
+    'DefaultThreadpoolCpuSetMasks' : [ 0x430, ['pointer64', ['unsigned long long']]],
+    'DefaultThreadpoolCpuSetMaskCount' : [ 0x438, ['unsigned long']],
+    'DefaultThreadpoolThreadMaximum' : [ 0x43c, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x28, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long long']],
+    'ActiveCacheMatch' : [ 0x8, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x14, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x1c, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_3599' : [ 0x4, {
+    'PasidMaxWidth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'PasidExePerm' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PasidPrivMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AtsPageAlignedRequest' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AtsGlobalInvalidate' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AtsInvalidateQueueDepth' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 14, native_type='unsigned long')]],
+} ],
+  '_IOMMU_SVM_CAPABILITIES' : [ 0xc, {
+    'AtsCapability' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PriCapability' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PasidCapability' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CapReg' : [ 0x4, ['__unnamed_3599']],
+    'Rsvd' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_35a6' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_35a8' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_35aa' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_35a6']],
+    'Gpt' : [ 0x0, ['__unnamed_35a8']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0x108, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer64', ['void']]],
+    'CommonBuffer' : [ 0x10, ['array', 2, ['pointer64', ['void']]]],
+    'PhysicalAddress' : [ 0x20, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x30, ['pointer64', ['void']]],
+    'OpenRoutine' : [ 0x38, ['pointer64', ['void']]],
+    'WriteRoutine' : [ 0x40, ['pointer64', ['void']]],
+    'FinishRoutine' : [ 0x48, ['pointer64', ['void']]],
+    'AdapterObject' : [ 0x50, ['pointer64', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x58, ['pointer64', ['void']]],
+    'PortConfiguration' : [ 0x60, ['pointer64', ['void']]],
+    'CrashDump' : [ 0x68, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x69, ['unsigned char']],
+    'HiberResume' : [ 0x6a, ['unsigned char']],
+    'Reserved1' : [ 0x6b, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x6c, ['unsigned long']],
+    'CommonBufferSize' : [ 0x70, ['unsigned long']],
+    'TargetAddress' : [ 0x78, ['pointer64', ['void']]],
+    'WritePendingRoutine' : [ 0x80, ['pointer64', ['void']]],
+    'PartitionStyle' : [ 0x88, ['unsigned long']],
+    'DiskInfo' : [ 0x8c, ['__unnamed_35aa']],
+    'ReadRoutine' : [ 0xa0, ['pointer64', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0xa8, ['pointer64', ['void']]],
+    'LogSectionTruncateSize' : [ 0xb0, ['unsigned long']],
+    'Parameters' : [ 0xb4, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xf8, ['pointer64', ['void']]],
+    'DumpNotifyRoutine' : [ 0x100, ['pointer64', ['void']]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x38, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+    'InterfaceReference' : [ 0x10, ['pointer64', ['void']]],
+    'InterfaceDereference' : [ 0x18, ['pointer64', ['void']]],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'ActiveCooling' : [ 0x28, ['pointer64', ['void']]],
+    'PassiveCooling' : [ 0x30, ['pointer64', ['void']]],
+} ],
+  '_PEP_WORK_INFORMATION' : [ 0x40, {
+    'WorkType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepWorkActiveComplete', 1: u'PepWorkRequestIdleState', 2: u'PepWorkDevicePower', 3: u'PepWorkRequestPowerControl', 4: u'PepWorkDeviceIdle', 5: u'PepWorkCompleteIdleState', 6: u'PepWorkCompletePerfState', 7: u'PepWorkAcpiNotify', 8: u'PepWorkAcpiEvaluateControlMethodComplete', 9: u'PepWorkMax'})]],
+    'ActiveComplete' : [ 0x8, ['_PEP_WORK_ACTIVE_COMPLETE']],
+    'IdleState' : [ 0x8, ['_PEP_WORK_IDLE_STATE']],
+    'DevicePower' : [ 0x8, ['_PEP_WORK_DEVICE_POWER']],
+    'PowerControl' : [ 0x8, ['_PEP_WORK_POWER_CONTROL']],
+    'DeviceIdle' : [ 0x8, ['_PEP_WORK_DEVICE_IDLE']],
+    'CompleteIdleState' : [ 0x8, ['_PEP_WORK_COMPLETE_IDLE_STATE']],
+    'CompletePerfState' : [ 0x8, ['_PEP_WORK_COMPLETE_PERF_STATE']],
+    'AcpiNotify' : [ 0x8, ['_PEP_WORK_ACPI_NOTIFY']],
+    'ControlMethodComplete' : [ 0x8, ['_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x10, {
+    'Start' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'End' : [ 0x8, ['pointer64', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0xa0, {
+    'Component' : [ 0x0, ['pointer64', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x8, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x20, ['pointer64', ['void']]],
+    'Flags' : [ 0x28, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x30, ['pointer64', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x38, ['unsigned long']],
+    'LastChangeStamp' : [ 0x40, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x48, ['unsigned char']],
+    'PepRegistered' : [ 0x49, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x4a, ['unsigned char']],
+    'RequestDriverContext' : [ 0x50, ['pointer64', ['void']]],
+    'WorkOrder' : [ 0x58, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x90, ['unsigned long']],
+    'Sets' : [ 0x98, ['pointer64', ['_POP_FX_PERF_SET']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_MI_ACCESS_VIOLATION_RANGE' : [ 0x28, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Va' : [ 0x18, ['pointer64', ['void']]],
+    'EndVaInclusive' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE' : [ 0x28, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'CompletionFlags' : [ 0x8, ['unsigned long']],
+    'MethodStatus' : [ 0xc, ['long']],
+    'CompletionContext' : [ 0x10, ['pointer64', ['void']]],
+    'OutputArgumentSize' : [ 0x18, ['unsigned long long']],
+    'OutputArguments' : [ 0x20, ['pointer64', ['_ACPI_METHOD_ARGUMENT_V1']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'AttemptForCantExtend' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'UnusedSegmentDeletion' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileContract' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NoWait' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNLIST_SHORT' : [ 0x18, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Flink' : [ 0x8, ['unsigned long long']],
+    'Blink' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_WRITE_MODES' : [ 0x10, {
+    'WriteType' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_MI_RESTRICTED_MODWRITES' : [ 0x3, {
+    'MaximumClusterPages' : [ 0x0, ['unsigned char']],
+    'ReducedClusterWrites' : [ 0x1, ['unsigned char']],
+    'ImposeDelay' : [ 0x2, ['unsigned char']],
+} ],
+  '_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'AbnormalResetOccurred' : [ 0x4, ['unsigned long']],
+    'OfflineMemoryDumpCapable' : [ 0x8, ['unsigned long']],
+    'ResetDataAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'ResetDataSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_ACPI_METHOD_ARGUMENT_V1' : [ 0x8, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'DataLength' : [ 0x2, ['unsigned short']],
+    'Argument' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x4, ['array', 1, ['unsigned char']]],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x8, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_POP_FX_ACTIVE_TIME_ACCOUNTING' : [ 0x60, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Unattributed' : [ 0x8, ['unsigned long long']],
+    'Buckets' : [ 0x10, ['array', 5, ['unsigned long long']]],
+    'PerBucket' : [ 0x38, ['array', 5, ['unsigned long long']]],
+} ],
+  '_PEP_WORK_ACPI_NOTIFY' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'NotifyCode' : [ 0x8, ['unsigned long']],
+} ],
+  '_MI_LARGE_PAGE_LISTS_CHANGING' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer64', ['_MI_LARGE_PAGE_LISTS_CHANGING']]],
+    'Gate' : [ 0x8, ['_KGATE']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x10, ['pointer64', ['_IRP']]],
+    'Pdo' : [ 0x18, ['pointer64', ['_DEVICE_OBJECT']]],
+} ],
+  '_MI_SYSTEM_VA_ASSIGNMENT' : [ 0x10, {
+    'BaseAddress' : [ 0x0, ['pointer64', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x80, {
+    'UncompressedData' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'MappingVa' : [ 0x8, ['pointer64', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x10, ['pointer64', ['void']]],
+    'CompressedDataBuffer' : [ 0x18, ['pointer64', ['unsigned char']]],
+    'CopyTicks' : [ 0x20, ['unsigned long long']],
+    'CompressTicks' : [ 0x28, ['unsigned long long']],
+    'BytesCopied' : [ 0x30, ['unsigned long long']],
+    'PagesProcessed' : [ 0x38, ['unsigned long long']],
+    'DecompressTicks' : [ 0x40, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x48, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x50, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x68, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x78, ['unsigned long']],
+    'HuffCompressCount' : [ 0x7c, ['unsigned long']],
+} ],
+  '_ETW_APC_ENTRY' : [ 0x60, {
+    'SListEntry' : [ 0x0, ['_SLIST_ENTRY']],
+    'Apc' : [ 0x0, ['_KAPC']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x28, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SystemClass', 1: u'ProcessorClass', 2: u'CacheClass', 3: u'AdapterClass', 4: u'ControllerClass', 5: u'PeripheralClass', 6: u'MemoryClass', 7: u'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ArcSystem', 1: u'CentralProcessor', 2: u'FloatingPointProcessor', 3: u'PrimaryIcache', 4: u'PrimaryDcache', 5: u'SecondaryIcache', 6: u'SecondaryDcache', 7: u'SecondaryCache', 8: u'EisaAdapter', 9: u'TcAdapter', 10: u'ScsiAdapter', 11: u'DtiAdapter', 12: u'MultiFunctionAdapter', 13: u'DiskController', 14: u'TapeController', 15: u'CdromController', 16: u'WormController', 17: u'SerialController', 18: u'NetworkController', 19: u'DisplayController', 20: u'ParallelController', 21: u'PointerController', 22: u'KeyboardController', 23: u'AudioController', 24: u'OtherController', 25: u'DiskPeripheral', 26: u'FloppyDiskPeripheral', 27: u'TapePeripheral', 28: u'ModemPeripheral', 29: u'MonitorPeripheral', 30: u'PrinterPeripheral', 31: u'PointerPeripheral', 32: u'KeyboardPeripheral', 33: u'TerminalPeripheral', 34: u'OtherPeripheral', 35: u'LinePeripheral', 36: u'NetworkPeripheral', 37: u'SystemMemory', 38: u'DockingInformation', 39: u'RealModeIrqRoutingTable', 40: u'RealModePCIEnumeration', 41: u'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer64', ['unsigned char']]],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x60, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 3, ['unsigned long long']]],
+    'ResponsivenessEvents' : [ 0x58, ['unsigned long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_FLAGS' : [ 0x2, {
+    'SecondaryInterrupt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_POWER_PLANE_PROFILE' : [ 0x8, {
+    'ExclusivePowerMw' : [ 0x0, ['unsigned long']],
+    'PeakPowerMw' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARM_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x18, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer64', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_ISRDPCSTATS_SEQUENCE' : [ 0x28, {
+    'SequenceNumber' : [ 0x0, ['unsigned long']],
+    'IsrTime' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PEP_WORK_COMPLETE_PERF_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+    'Succeeded' : [ 0xc, ['unsigned char']],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x60, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+    'PreloadEndTime' : [ 0x10, ['unsigned long long']],
+    'TcbLoaderStartTime' : [ 0x18, ['unsigned long long']],
+    'LoadHypervisorTime' : [ 0x20, ['unsigned long long']],
+    'LaunchHypervisorTime' : [ 0x28, ['unsigned long long']],
+    'LoadVsmTime' : [ 0x30, ['unsigned long long']],
+    'LaunchVsmTime' : [ 0x38, ['unsigned long long']],
+    'ExecuteTransitionStartTime' : [ 0x40, ['unsigned long long']],
+    'ExecuteTransitionEndTime' : [ 0x48, ['unsigned long long']],
+    'LoadDriversTime' : [ 0x50, ['unsigned long long']],
+    'CleanupVsmTime' : [ 0x58, ['unsigned long long']],
+} ],
+  '_MI_FREE_LARGE_PAGES' : [ 0x130, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long long']]],
+    'LargePageFreeCountHiLow' : [ 0x10, ['array', 2, ['array', 2, ['unsigned long long']]]],
+    'LargePagesCount' : [ 0x30, ['array', 2, ['array', 2, ['array', 4, ['unsigned long long']]]]],
+    'LargePageEntries' : [ 0xb0, ['array', 2, ['array', 2, ['array', 4, ['pointer64', ['_MI_FREE_LARGE_PAGE_LIST']]]]]],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x18, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x38, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x8, ['pointer64', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x10, ['long']],
+    'MissedMappingsCount' : [ 0x14, ['unsigned long']],
+    'FirmwareResourceList' : [ 0x18, ['_LIST_ENTRY']],
+    'EfiMemoryMap' : [ 0x28, ['pointer64', ['void']]],
+    'EfiMemoryMapSize' : [ 0x30, ['unsigned long']],
+    'EfiMemoryMapDescriptorSize' : [ 0x34, ['unsigned long']],
+} ],
+  '_PEP_WORK_IDLE_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+    'State' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_POWER_PLANE' : [ 0x40, {
+    'PowerPlaneId' : [ 0x0, ['_UNICODE_STRING']],
+    'Lock' : [ 0x10, ['unsigned long long']],
+    'OldIrql' : [ 0x18, ['unsigned char']],
+    'DevicePowerMw' : [ 0x1c, ['long']],
+    'PmaxHandle' : [ 0x20, ['pointer64', ['void']]],
+    'NotifyDevicePowerDraw' : [ 0x28, ['pointer64', ['void']]],
+    'DeviceCount' : [ 0x30, ['unsigned long long']],
+    'Devices' : [ 0x38, ['pointer64', ['pointer64', ['_POP_DEVICE_POWER_PROFILE']]]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x10, {
+    'NextExtension' : [ 0x0, ['pointer64', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '_SMBIOS3_TABLE_HEADER' : [ 0x18, {
+    'Signature' : [ 0x0, ['array', 5, ['unsigned char']]],
+    'Checksum' : [ 0x5, ['unsigned char']],
+    'Length' : [ 0x6, ['unsigned char']],
+    'MajorVersion' : [ 0x7, ['unsigned char']],
+    'MinorVersion' : [ 0x8, ['unsigned char']],
+    'Docrev' : [ 0x9, ['unsigned char']],
+    'EntryPointRevision' : [ 0xa, ['unsigned char']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'StructureTableMaximumSize' : [ 0xc, ['unsigned long']],
+    'StructureTableAddress' : [ 0x10, ['unsigned long long']],
+} ],
+  '_LOADER_PARAMETER_CI_EXTENSION' : [ 0x50, {
+    'CodeIntegrityOptions' : [ 0x0, ['unsigned long']],
+    'UpgradeInProgress' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsWinPE' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CustomKernelSignersAllowed' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StateSeparationEnabled' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'WhqlEnforcementDate' : [ 0x8, ['_LARGE_INTEGER']],
+    'RevocationListOffset' : [ 0x10, ['unsigned long']],
+    'RevocationListSize' : [ 0x14, ['unsigned long']],
+    'CodeIntegrityPolicyOffset' : [ 0x18, ['unsigned long']],
+    'CodeIntegrityPolicySize' : [ 0x1c, ['unsigned long']],
+    'CodeIntegrityPolicyHashOffset' : [ 0x20, ['unsigned long']],
+    'CodeIntegrityPolicyHashSize' : [ 0x24, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashOffset' : [ 0x28, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashSize' : [ 0x2c, ['unsigned long']],
+    'WeakCryptoPolicyLoadStatus' : [ 0x30, ['long']],
+    'WeakCryptoPolicyOffset' : [ 0x34, ['unsigned long']],
+    'WeakCryptoPolicySize' : [ 0x38, ['unsigned long']],
+    'SecureBootPolicyOffset' : [ 0x3c, ['unsigned long']],
+    'SecureBootPolicySize' : [ 0x40, ['unsigned long']],
+    'Reserved2' : [ 0x44, ['unsigned long']],
+    'SerializedData' : [ 0x48, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_LDRP_CSLIST' : [ 0x8, {
+    'Tail' : [ 0x0, ['pointer64', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x70, {
+    'GetTime' : [ 0x0, ['unsigned long long']],
+    'SetTime' : [ 0x8, ['unsigned long long']],
+    'GetWakeupTime' : [ 0x10, ['unsigned long long']],
+    'SetWakeupTime' : [ 0x18, ['unsigned long long']],
+    'SetVirtualAddressMap' : [ 0x20, ['unsigned long long']],
+    'ConvertPointer' : [ 0x28, ['unsigned long long']],
+    'GetVariable' : [ 0x30, ['unsigned long long']],
+    'GetNextVariableName' : [ 0x38, ['unsigned long long']],
+    'SetVariable' : [ 0x40, ['unsigned long long']],
+    'GetNextHighMonotonicCount' : [ 0x48, ['unsigned long long']],
+    'ResetSystem' : [ 0x50, ['unsigned long long']],
+    'UpdateCapsule' : [ 0x58, ['unsigned long long']],
+    'QueryCapsuleCapabilities' : [ 0x60, ['unsigned long long']],
+    'QueryVariableInfo' : [ 0x68, ['unsigned long long']],
+} ],
+  '_MI_STORE_INPAGE_COMPLETE_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['unsigned long']],
+    'StoreFault' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LowResourceFailure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned long')]],
+    'RemainingPageCount' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_WORK_QUEUE_MANAGER' : [ 0x118, {
+    'Partition' : [ 0x0, ['pointer64', ['_EX_PARTITION']]],
+    'Node' : [ 0x8, ['pointer64', ['_ENODE']]],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'DeadlockTimer' : [ 0x28, ['_KTIMER']],
+    'ReaperEvent' : [ 0x68, ['_KEVENT']],
+    'ReaperTimer' : [ 0x80, ['_KTIMER2']],
+    'ThreadHandle' : [ 0x108, ['pointer64', ['void']]],
+    'ExitThread' : [ 0x110, ['unsigned long']],
+    'ThreadSeed' : [ 0x114, ['unsigned short']],
+} ],
+  '_LOADER_PARAMETER_HYPERVISOR_EXTENSION' : [ 0x40, {
+    'InitialHypervisorCrashdumpAreaPageCount' : [ 0x0, ['unsigned long']],
+    'HypervisorCrashdumpAreaPageCount' : [ 0x4, ['unsigned long']],
+    'InitialHypervisorCrashdumpAreaSpa' : [ 0x8, ['unsigned long long']],
+    'HypervisorCrashdumpAreaSpa' : [ 0x10, ['unsigned long long']],
+    'HypervisorLaunchStatus' : [ 0x18, ['unsigned long long']],
+    'HypervisorLaunchStatusArg1' : [ 0x20, ['unsigned long long']],
+    'HypervisorLaunchStatusArg2' : [ 0x28, ['unsigned long long']],
+    'HypervisorLaunchStatusArg3' : [ 0x30, ['unsigned long long']],
+    'HypervisorLaunchStatusArg4' : [ 0x38, ['unsigned long long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x48, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x18, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x28, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_PEP_WORK_POWER_CONTROL' : [ 0x38, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'PowerControlCode' : [ 0x8, ['pointer64', ['_GUID']]],
+    'RequestContext' : [ 0x10, ['pointer64', ['void']]],
+    'InBuffer' : [ 0x18, ['pointer64', ['void']]],
+    'InBufferSize' : [ 0x20, ['unsigned long long']],
+    'OutBuffer' : [ 0x28, ['pointer64', ['void']]],
+    'OutBufferSize' : [ 0x30, ['unsigned long long']],
+} ],
+  '_PEP_WORK_DEVICE_POWER' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'PowerRequired' : [ 0x8, ['unsigned char']],
+} ],
+  '_FAULT_INFORMATION_ARM64_FLAGS' : [ 0x4, {
+    'WriteNotRead' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'InstructionNotData' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Privileged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'FaultAddressValid' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeFilteredPrivateLogger', 12: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer64', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0xc, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+    'TimeDateStamp' : [ 0x8, ['unsigned long']],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x20, {
+    'DHCPServerACK' : [ 0x0, ['pointer64', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x8, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x10, ['pointer64', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_BOOT_ENTROPY_LDR_RESULT' : [ 0x868, {
+    'maxEntropySources' : [ 0x0, ['unsigned long']],
+    'EntropySourceResult' : [ 0x8, ['array', 10, ['_BOOT_ENTROPY_SOURCE_LDR_RESULT']]],
+    'SeedBytesForCng' : [ 0x418, ['array', 48, ['unsigned char']]],
+    'RngBytesForNtoskrnl' : [ 0x448, ['array', 1024, ['unsigned char']]],
+    'KdEntropy' : [ 0x848, ['array', 32, ['unsigned char']]],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x78, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer64', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0x10, ['pointer64', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x18, ['pointer64', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x20, ['pointer64', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x28, ['pointer64', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x30, ['pointer64', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x38, ['pointer64', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x40, ['pointer64', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x48, ['pointer64', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x50, ['pointer64', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x58, ['pointer64', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x60, ['pointer64', ['void']]],
+    'PreQueryOpen' : [ 0x68, ['pointer64', ['void']]],
+    'PostQueryOpen' : [ 0x70, ['pointer64', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x28, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x20, ['pointer64', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer64', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PEP_WORK_COMPLETE_IDLE_STATE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x10, {
+    'Next' : [ 0x0, ['pointer64', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+} ],
+  '_PEP_WORK_ACTIVE_COMPLETE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'Component' : [ 0x8, ['unsigned long']],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x40, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer64', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x10, ['pointer64', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x18, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_3684' : [ 0x10, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['pointer64', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_3686' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x30, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'Unit' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x20, ['__unnamed_3684']],
+    'Range' : [ 0x20, ['__unnamed_3686']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CURDIR' : [ 0x18, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x10, ['pointer64', ['void']]],
+} ],
+  '_BOOT_ENTROPY_SOURCE_LDR_RESULT' : [ 0x68, {
+    'SourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceNone', 1: u'BootEntropySourceSeedfile', 2: u'BootEntropySourceExternal', 3: u'BootEntropySourceTpm', 4: u'BootEntropySourceRdrand', 5: u'BootEntropySourceTime', 6: u'BootEntropySourceAcpiOem0', 7: u'BootEntropySourceUefi', 8: u'BootEntropySourceCng', 9: u'BootEntropySourceTcbTpm', 10: u'BootMaxEntropySources'})]],
+    'Policy' : [ 0x8, ['unsigned long long']],
+    'ResultCode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceStructureUninitialized', 1: u'BootEntropySourceDisabledByPolicy', 2: u'BootEntropySourceNotPresent', 3: u'BootEntropySourceError', 4: u'BootEntropySourceSuccess'})]],
+    'ResultStatus' : [ 0x14, ['long']],
+    'Time' : [ 0x18, ['unsigned long long']],
+    'EntropyLength' : [ 0x20, ['unsigned long']],
+    'EntropyData' : [ 0x24, ['array', 64, ['unsigned char']]],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer64', ['void']]],
+} ],
+  '__unnamed_3696' : [ 0x10, {
+    'EndingOffset' : [ 0x0, ['pointer64', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x8, ['pointer64', ['pointer64', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_3698' : [ 0x8, {
+    'ResourceToRelease' : [ 0x0, ['pointer64', ['_ERESOURCE']]],
+} ],
+  '__unnamed_369e' : [ 0x18, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer64', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_36a0' : [ 0x20, {
+    'Irp' : [ 0x0, ['pointer64', ['_IRP']]],
+    'FileInformation' : [ 0x8, ['pointer64', ['void']]],
+    'Length' : [ 0x10, ['pointer64', ['unsigned long']]],
+    'FileInformationClass' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'CompletionStatus' : [ 0x1c, ['long']],
+} ],
+  '__unnamed_36a2' : [ 0x28, {
+    'Argument1' : [ 0x0, ['pointer64', ['void']]],
+    'Argument2' : [ 0x8, ['pointer64', ['void']]],
+    'Argument3' : [ 0x10, ['pointer64', ['void']]],
+    'Argument4' : [ 0x18, ['pointer64', ['void']]],
+    'Argument5' : [ 0x20, ['pointer64', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x28, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_3696']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_3698']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_369e']],
+    'QueryOpen' : [ 0x0, ['__unnamed_36a0']],
+    'Others' : [ 0x0, ['__unnamed_36a2']],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_PEP_WORK_DEVICE_IDLE' : [ 0x10, {
+    'DeviceHandle' : [ 0x0, ['pointer64', ['POHANDLE__']]],
+    'IgnoreIdleTimeout' : [ 0x8, ['unsigned char']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+}
diff --git a/volatility/plugins/overlays/windows/win10_x86_19041_vtypes.py b/volatility/plugins/overlays/windows/win10_x86_19041_vtypes.py
new file mode 100644
index 000000000..24bc03e06
--- /dev/null
+++ b/volatility/plugins/overlays/windows/win10_x86_19041_vtypes.py
@@ -0,0 +1,16338 @@
+ntkrpamp_types = {
+  'LIST_ENTRY64' : [ 0x10, {
+    'Flink' : [ 0x0, ['unsigned long long']],
+    'Blink' : [ 0x8, ['unsigned long long']],
+} ],
+  'LIST_ENTRY32' : [ 0x8, {
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Blink' : [ 0x4, ['unsigned long']],
+} ],
+  '_PS_MITIGATION_OPTIONS_MAP' : [ 0x18, {
+    'Map' : [ 0x0, ['array', 3, ['unsigned long long']]],
+} ],
+  '_PS_MITIGATION_AUDIT_OPTIONS_MAP' : [ 0x18, {
+    'Map' : [ 0x0, ['array', 3, ['unsigned long long']]],
+} ],
+  '__unnamed_107f' : [ 0x4, {
+    'AllFlags' : [ 0x0, ['unsigned long']],
+    'Win32Process' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Sgx2Enclave' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'VbsBasicEnclave' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KUSER_SHARED_DATA' : [ 0x720, {
+    'TickCountLowDeprecated' : [ 0x0, ['unsigned long']],
+    'TickCountMultiplier' : [ 0x4, ['unsigned long']],
+    'InterruptTime' : [ 0x8, ['_KSYSTEM_TIME']],
+    'SystemTime' : [ 0x14, ['_KSYSTEM_TIME']],
+    'TimeZoneBias' : [ 0x20, ['_KSYSTEM_TIME']],
+    'ImageNumberLow' : [ 0x2c, ['unsigned short']],
+    'ImageNumberHigh' : [ 0x2e, ['unsigned short']],
+    'NtSystemRoot' : [ 0x30, ['array', 260, ['wchar']]],
+    'MaxStackTraceDepth' : [ 0x238, ['unsigned long']],
+    'CryptoExponent' : [ 0x23c, ['unsigned long']],
+    'TimeZoneId' : [ 0x240, ['unsigned long']],
+    'LargePageMinimum' : [ 0x244, ['unsigned long']],
+    'AitSamplingValue' : [ 0x248, ['unsigned long']],
+    'AppCompatFlag' : [ 0x24c, ['unsigned long']],
+    'RNGSeedVersion' : [ 0x250, ['unsigned long long']],
+    'GlobalValidationRunlevel' : [ 0x258, ['unsigned long']],
+    'TimeZoneBiasStamp' : [ 0x25c, ['long']],
+    'NtBuildNumber' : [ 0x260, ['unsigned long']],
+    'NtProductType' : [ 0x264, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'ProductTypeIsValid' : [ 0x268, ['unsigned char']],
+    'Reserved0' : [ 0x269, ['array', 1, ['unsigned char']]],
+    'NativeProcessorArchitecture' : [ 0x26a, ['unsigned short']],
+    'NtMajorVersion' : [ 0x26c, ['unsigned long']],
+    'NtMinorVersion' : [ 0x270, ['unsigned long']],
+    'ProcessorFeatures' : [ 0x274, ['array', 64, ['unsigned char']]],
+    'Reserved1' : [ 0x2b4, ['unsigned long']],
+    'Reserved3' : [ 0x2b8, ['unsigned long']],
+    'TimeSlip' : [ 0x2bc, ['unsigned long']],
+    'AlternativeArchitecture' : [ 0x2c0, ['Enumeration', dict(target = 'long', choices = {0: u'StandardDesign', 1: u'NEC98x86', 2: u'EndAlternatives'})]],
+    'BootId' : [ 0x2c4, ['unsigned long']],
+    'SystemExpirationDate' : [ 0x2c8, ['_LARGE_INTEGER']],
+    'SuiteMask' : [ 0x2d0, ['unsigned long']],
+    'KdDebuggerEnabled' : [ 0x2d4, ['unsigned char']],
+    'MitigationPolicies' : [ 0x2d5, ['unsigned char']],
+    'NXSupportPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'SEHValidationPolicy' : [ 0x2d5, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned char')]],
+    'CurDirDevicesSkippedForDlls' : [ 0x2d5, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x2d5, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'CyclesPerYield' : [ 0x2d6, ['unsigned short']],
+    'ActiveConsoleId' : [ 0x2d8, ['unsigned long']],
+    'DismountCount' : [ 0x2dc, ['unsigned long']],
+    'ComPlusPackage' : [ 0x2e0, ['unsigned long']],
+    'LastSystemRITEventTickCount' : [ 0x2e4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x2e8, ['unsigned long']],
+    'SafeBootMode' : [ 0x2ec, ['unsigned char']],
+    'VirtualizationFlags' : [ 0x2ed, ['unsigned char']],
+    'Reserved12' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'SharedDataFlags' : [ 0x2f0, ['unsigned long']],
+    'DbgErrorPortPresent' : [ 0x2f0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgElevationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgVirtEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgInstallerDetectEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgLkgEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgDynProcessorEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgConsoleBrokerEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgSecureBootEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgMultiSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgMultiUsersInSessionSku' : [ 0x2f0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgStateSeparationEnabled' : [ 0x2f0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'SpareBits' : [ 0x2f0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'DataFlagsPad' : [ 0x2f4, ['array', 1, ['unsigned long']]],
+    'TestRetInstruction' : [ 0x2f8, ['unsigned long long']],
+    'QpcFrequency' : [ 0x300, ['long long']],
+    'SystemCall' : [ 0x308, ['unsigned long']],
+    'UserCetAvailableEnvironments' : [ 0x30c, ['__unnamed_107f']],
+    'SystemCallPad' : [ 0x310, ['array', 2, ['unsigned long long']]],
+    'TickCount' : [ 0x320, ['_KSYSTEM_TIME']],
+    'TickCountQuad' : [ 0x320, ['unsigned long long']],
+    'ReservedTickCountOverlay' : [ 0x320, ['array', 3, ['unsigned long']]],
+    'TickCountPad' : [ 0x32c, ['array', 1, ['unsigned long']]],
+    'Cookie' : [ 0x330, ['unsigned long']],
+    'CookiePad' : [ 0x334, ['array', 1, ['unsigned long']]],
+    'ConsoleSessionForegroundProcessId' : [ 0x338, ['long long']],
+    'TimeUpdateLock' : [ 0x340, ['unsigned long long']],
+    'BaselineSystemTimeQpc' : [ 0x348, ['unsigned long long']],
+    'BaselineInterruptTimeQpc' : [ 0x350, ['unsigned long long']],
+    'QpcSystemTimeIncrement' : [ 0x358, ['unsigned long long']],
+    'QpcInterruptTimeIncrement' : [ 0x360, ['unsigned long long']],
+    'QpcSystemTimeIncrementShift' : [ 0x368, ['unsigned char']],
+    'QpcInterruptTimeIncrementShift' : [ 0x369, ['unsigned char']],
+    'UnparkedProcessorCount' : [ 0x36a, ['unsigned short']],
+    'EnclaveFeatureMask' : [ 0x36c, ['array', 4, ['unsigned long']]],
+    'TelemetryCoverageRound' : [ 0x37c, ['unsigned long']],
+    'UserModeGlobalLogger' : [ 0x380, ['array', 16, ['unsigned short']]],
+    'ImageFileExecutionOptions' : [ 0x3a0, ['unsigned long']],
+    'LangGenerationCount' : [ 0x3a4, ['unsigned long']],
+    'Reserved4' : [ 0x3a8, ['unsigned long long']],
+    'InterruptTimeBias' : [ 0x3b0, ['unsigned long long']],
+    'QpcBias' : [ 0x3b8, ['unsigned long long']],
+    'ActiveProcessorCount' : [ 0x3c0, ['unsigned long']],
+    'ActiveGroupCount' : [ 0x3c4, ['unsigned char']],
+    'Reserved9' : [ 0x3c5, ['unsigned char']],
+    'QpcData' : [ 0x3c6, ['unsigned short']],
+    'QpcBypassEnabled' : [ 0x3c6, ['unsigned char']],
+    'QpcShift' : [ 0x3c7, ['unsigned char']],
+    'TimeZoneBiasEffectiveStart' : [ 0x3c8, ['_LARGE_INTEGER']],
+    'TimeZoneBiasEffectiveEnd' : [ 0x3d0, ['_LARGE_INTEGER']],
+    'XState' : [ 0x3d8, ['_XSTATE_CONFIGURATION']],
+    'FeatureConfigurationChangeStamp' : [ 0x710, ['_KSYSTEM_TIME']],
+    'Spare' : [ 0x71c, ['unsigned long']],
+} ],
+  '__unnamed_108c' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_ULARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+    'u' : [ 0x0, ['__unnamed_108c']],
+    'QuadPart' : [ 0x0, ['unsigned long long']],
+} ],
+  '__unnamed_1090' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_LARGE_INTEGER' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+    'u' : [ 0x0, ['__unnamed_1090']],
+    'QuadPart' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_10ab' : [ 0x4, {
+    'LongFunction' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Persistent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Private' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_10ad' : [ 0x4, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    's' : [ 0x0, ['__unnamed_10ab']],
+} ],
+  '_TP_CALLBACK_ENVIRON_V3' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Pool' : [ 0x4, ['pointer', ['_TP_POOL']]],
+    'CleanupGroup' : [ 0x8, ['pointer', ['_TP_CLEANUP_GROUP']]],
+    'CleanupGroupCancelCallback' : [ 0xc, ['pointer', ['void']]],
+    'RaceDll' : [ 0x10, ['pointer', ['void']]],
+    'ActivationContext' : [ 0x14, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'FinalizationCallback' : [ 0x18, ['pointer', ['void']]],
+    'u' : [ 0x1c, ['__unnamed_10ad']],
+    'CallbackPriority' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'TP_CALLBACK_PRIORITY_HIGH', 1: u'TP_CALLBACK_PRIORITY_NORMAL', 2: u'TP_CALLBACK_PRIORITY_LOW', 3: u'TP_CALLBACK_PRIORITY_COUNT'})]],
+    'Size' : [ 0x24, ['unsigned long']],
+} ],
+  '_TEB' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'EnvironmentPointer' : [ 0x1c, ['pointer', ['void']]],
+    'ClientId' : [ 0x20, ['_CLIENT_ID']],
+    'ActiveRpcHandle' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['pointer', ['void']]],
+    'ProcessEnvironmentBlock' : [ 0x30, ['pointer', ['_PEB']]],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['pointer', ['void']]],
+    'Win32ThreadInfo' : [ 0x40, ['pointer', ['void']]],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['pointer', ['void']]],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['pointer', ['void']]]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['pointer', ['void']]]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x175, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x176, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['pointer', ['_ACTIVATION_CONTEXT_STACK']]],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['pointer', ['void']]],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['pointer', ['void']]],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['pointer', ['void']]]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['pointer', ['void']]],
+    'glSectionInfo' : [ 0xbe0, ['pointer', ['void']]],
+    'glSection' : [ 0xbe4, ['pointer', ['void']]],
+    'glTable' : [ 0xbe8, ['pointer', ['void']]],
+    'glCurrentRC' : [ 0xbec, ['pointer', ['void']]],
+    'glContext' : [ 0xbf0, ['pointer', ['void']]],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_UNICODE_STRING']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['pointer', ['void']]],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['pointer', ['void']]]],
+    'TlsLinks' : [ 0xf10, ['_LIST_ENTRY']],
+    'Vdm' : [ 0xf18, ['pointer', ['void']]],
+    'ReservedForNtRpc' : [ 0xf1c, ['pointer', ['void']]],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['pointer', ['void']]]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['pointer', ['void']]]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['pointer', ['void']]],
+    'PerflibData' : [ 0xf64, ['pointer', ['void']]],
+    'EtwTraceData' : [ 0xf68, ['pointer', ['void']]],
+    'WinSockData' : [ 0xf6c, ['pointer', ['void']]],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['pointer', ['void']]],
+    'ReservedForOle' : [ 0xf80, ['pointer', ['void']]],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['pointer', ['void']]],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['pointer', ['void']]],
+    'TlsExpansionSlots' : [ 0xf94, ['pointer', ['pointer', ['void']]]],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['pointer', ['void']]],
+    'pShimData' : [ 0xfa4, ['pointer', ['void']]],
+    'HeapData' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['pointer', ['void']]],
+    'ActiveFrame' : [ 0xfb0, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'FlsData' : [ 0xfb4, ['pointer', ['void']]],
+    'PreferredLanguages' : [ 0xfb8, ['pointer', ['void']]],
+    'UserPrefLanguages' : [ 0xfbc, ['pointer', ['void']]],
+    'MergedPrefLanguages' : [ 0xfc0, ['pointer', ['void']]],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['pointer', ['void']]],
+    'TxnScopeExitCallback' : [ 0xfd0, ['pointer', ['void']]],
+    'TxnScopeContext' : [ 0xfd4, ['pointer', ['void']]],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['pointer', ['void']]],
+    'ReservedForWdf' : [ 0xfe4, ['pointer', ['void']]],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_LIST_ENTRY' : [ 0x8, {
+    'Flink' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'Blink' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_SINGLE_LIST_ENTRY' : [ 0x4, {
+    'Next' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_SPLAY_LINKS' : [ 0xc, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_SPLAY_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_SPLAY_LINKS']]],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_CONTEXT' : [ 0xc, {
+    'ChainHead' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'PrevLinkage' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENUMERATOR' : [ 0x14, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'CurEntry' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'ChainHead' : [ 0xc, ['pointer', ['_LIST_ENTRY']]],
+    'BucketIndex' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE' : [ 0x24, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Shift' : [ 0x4, ['unsigned long']],
+    'TableSize' : [ 0x8, ['unsigned long']],
+    'Pivot' : [ 0xc, ['unsigned long']],
+    'DivisorMask' : [ 0x10, ['unsigned long']],
+    'NumEntries' : [ 0x14, ['unsigned long']],
+    'NonEmptyBuckets' : [ 0x18, ['unsigned long']],
+    'NumEnumerators' : [ 0x1c, ['unsigned long']],
+    'Directory' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '_UNICODE_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_STRING' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_LUID' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['long']],
+} ],
+  '_CUSTOM_SYSTEM_EVENT_TRIGGER_CONFIG' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'TriggerId' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_IMAGE_NT_HEADERS' : [ 0xf8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileHeader' : [ 0x4, ['_IMAGE_FILE_HEADER']],
+    'OptionalHeader' : [ 0x18, ['_IMAGE_OPTIONAL_HEADER']],
+} ],
+  '_IMAGE_DOS_HEADER' : [ 0x40, {
+    'e_magic' : [ 0x0, ['unsigned short']],
+    'e_cblp' : [ 0x2, ['unsigned short']],
+    'e_cp' : [ 0x4, ['unsigned short']],
+    'e_crlc' : [ 0x6, ['unsigned short']],
+    'e_cparhdr' : [ 0x8, ['unsigned short']],
+    'e_minalloc' : [ 0xa, ['unsigned short']],
+    'e_maxalloc' : [ 0xc, ['unsigned short']],
+    'e_ss' : [ 0xe, ['unsigned short']],
+    'e_sp' : [ 0x10, ['unsigned short']],
+    'e_csum' : [ 0x12, ['unsigned short']],
+    'e_ip' : [ 0x14, ['unsigned short']],
+    'e_cs' : [ 0x16, ['unsigned short']],
+    'e_lfarlc' : [ 0x18, ['unsigned short']],
+    'e_ovno' : [ 0x1a, ['unsigned short']],
+    'e_res' : [ 0x1c, ['array', 4, ['unsigned short']]],
+    'e_oemid' : [ 0x24, ['unsigned short']],
+    'e_oeminfo' : [ 0x26, ['unsigned short']],
+    'e_res2' : [ 0x28, ['array', 10, ['unsigned short']]],
+    'e_lfanew' : [ 0x3c, ['long']],
+} ],
+  '_RTL_RB_TREE' : [ 0x8, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Encoded' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Min' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_RTL_BALANCED_NODE' : [ 0xc, {
+    'Children' : [ 0x0, ['array', 2, ['pointer', ['_RTL_BALANCED_NODE']]]],
+    'Left' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Right' : [ 0x4, ['pointer', ['_RTL_BALANCED_NODE']]],
+    'Red' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Balance' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'ParentValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_AVL_TREE' : [ 0x4, {
+    'Root' : [ 0x0, ['pointer', ['_RTL_BALANCED_NODE']]],
+} ],
+  '_GUID' : [ 0x10, {
+    'Data1' : [ 0x0, ['unsigned long']],
+    'Data2' : [ 0x4, ['unsigned short']],
+    'Data3' : [ 0x6, ['unsigned short']],
+    'Data4' : [ 0x8, ['array', 8, ['unsigned char']]],
+} ],
+  '_KPCR' : [ 0x6020, {
+    'NtTib' : [ 0x0, ['_NT_TIB']],
+    'Used_ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Used_StackBase' : [ 0x4, ['pointer', ['void']]],
+    'MxCsr' : [ 0x8, ['unsigned long']],
+    'TssCopy' : [ 0xc, ['pointer', ['void']]],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'SetMemberCopy' : [ 0x14, ['unsigned long']],
+    'Used_Self' : [ 0x18, ['pointer', ['void']]],
+    'SelfPcr' : [ 0x1c, ['pointer', ['_KPCR']]],
+    'Prcb' : [ 0x20, ['pointer', ['_KPRCB']]],
+    'Irql' : [ 0x24, ['unsigned char']],
+    'IRR' : [ 0x28, ['unsigned long']],
+    'IrrActive' : [ 0x2c, ['unsigned long']],
+    'IDR' : [ 0x30, ['unsigned long']],
+    'KdVersionBlock' : [ 0x34, ['pointer', ['void']]],
+    'IDT' : [ 0x38, ['pointer', ['_KIDTENTRY']]],
+    'GDT' : [ 0x3c, ['pointer', ['_KGDTENTRY']]],
+    'TSS' : [ 0x40, ['pointer', ['_KTSS']]],
+    'MajorVersion' : [ 0x44, ['unsigned short']],
+    'MinorVersion' : [ 0x46, ['unsigned short']],
+    'SetMember' : [ 0x48, ['unsigned long']],
+    'StallScaleFactor' : [ 0x4c, ['unsigned long']],
+    'SpareUnused' : [ 0x50, ['unsigned char']],
+    'Number' : [ 0x51, ['unsigned char']],
+    'Spare0' : [ 0x52, ['unsigned char']],
+    'SecondLevelCacheAssociativity' : [ 0x53, ['unsigned char']],
+    'VdmAlert' : [ 0x54, ['unsigned long']],
+    'KernelReserved' : [ 0x58, ['array', 14, ['unsigned long']]],
+    'SecondLevelCacheSize' : [ 0x90, ['unsigned long']],
+    'HalReserved' : [ 0x94, ['array', 16, ['unsigned long']]],
+    'InterruptMode' : [ 0xd4, ['unsigned long']],
+    'Spare1' : [ 0xd8, ['unsigned char']],
+    'KernelReserved2' : [ 0xdc, ['array', 17, ['unsigned long']]],
+    'PrcbData' : [ 0x120, ['_KPRCB']],
+} ],
+  '_KPRCB' : [ 0x5f00, {
+    'MinorVersion' : [ 0x0, ['unsigned short']],
+    'MajorVersion' : [ 0x2, ['unsigned short']],
+    'CurrentThread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'NextThread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'IdleThread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'LegacyNumber' : [ 0x10, ['unsigned char']],
+    'NestingLevel' : [ 0x11, ['unsigned char']],
+    'BuildType' : [ 0x12, ['unsigned short']],
+    'CpuType' : [ 0x14, ['unsigned char']],
+    'CpuID' : [ 0x15, ['unsigned char']],
+    'CpuStep' : [ 0x16, ['unsigned short']],
+    'CpuStepping' : [ 0x16, ['unsigned char']],
+    'CpuModel' : [ 0x17, ['unsigned char']],
+    'ProcessorState' : [ 0x18, ['_KPROCESSOR_STATE']],
+    'ParentNode' : [ 0x338, ['pointer', ['_KNODE']]],
+    'PriorityState' : [ 0x33c, ['pointer', ['unsigned char']]],
+    'KernelReserved' : [ 0x340, ['array', 14, ['unsigned long']]],
+    'HalReserved' : [ 0x378, ['array', 16, ['unsigned long']]],
+    'CFlushSize' : [ 0x3b8, ['unsigned long']],
+    'CoresPerPhysicalProcessor' : [ 0x3bc, ['unsigned char']],
+    'LogicalProcessorsPerCore' : [ 0x3bd, ['unsigned char']],
+    'CpuVendor' : [ 0x3be, ['unsigned char']],
+    'PrcbPad0' : [ 0x3bf, ['array', 1, ['unsigned char']]],
+    'MHz' : [ 0x3c0, ['unsigned long']],
+    'GroupIndex' : [ 0x3c4, ['unsigned char']],
+    'Group' : [ 0x3c5, ['unsigned char']],
+    'PrcbPad05' : [ 0x3c6, ['array', 2, ['unsigned char']]],
+    'GroupSetMember' : [ 0x3c8, ['unsigned long']],
+    'Number' : [ 0x3cc, ['unsigned long']],
+    'ClockOwner' : [ 0x3d0, ['unsigned char']],
+    'PendingTickFlags' : [ 0x3d1, ['unsigned char']],
+    'PendingTick' : [ 0x3d1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'PendingBackupTick' : [ 0x3d1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PrcbPad10' : [ 0x3d2, ['array', 70, ['unsigned char']]],
+    'LockQueue' : [ 0x418, ['array', 17, ['_KSPIN_LOCK_QUEUE']]],
+    'InterruptCount' : [ 0x4a0, ['unsigned long']],
+    'KernelTime' : [ 0x4a4, ['unsigned long']],
+    'UserTime' : [ 0x4a8, ['unsigned long']],
+    'DpcTime' : [ 0x4ac, ['unsigned long']],
+    'DpcTimeCount' : [ 0x4b0, ['unsigned long']],
+    'InterruptTime' : [ 0x4b4, ['unsigned long']],
+    'AdjustDpcThreshold' : [ 0x4b8, ['unsigned long']],
+    'PageColor' : [ 0x4bc, ['unsigned long']],
+    'DebuggerSavedIRQL' : [ 0x4c0, ['unsigned char']],
+    'NodeColor' : [ 0x4c1, ['unsigned char']],
+    'DeepSleep' : [ 0x4c2, ['unsigned char']],
+    'TbFlushListActive' : [ 0x4c3, ['unsigned char']],
+    'CachedStack' : [ 0x4c4, ['pointer', ['void']]],
+    'NodeShiftedColor' : [ 0x4c8, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x4cc, ['unsigned long']],
+    'DpcTimeLimit' : [ 0x4d0, ['unsigned long']],
+    'MmInternal' : [ 0x4d4, ['pointer', ['void']]],
+    'PrcbFlags' : [ 0x4d8, ['_KPRCBFLAG']],
+    'SchedulerAssist' : [ 0x4dc, ['pointer', ['void']]],
+    'CcFastReadNoWait' : [ 0x4e0, ['unsigned long']],
+    'CcFastReadWait' : [ 0x4e4, ['unsigned long']],
+    'CcFastReadNotPossible' : [ 0x4e8, ['unsigned long']],
+    'CcCopyReadNoWait' : [ 0x4ec, ['unsigned long']],
+    'CcCopyReadWait' : [ 0x4f0, ['unsigned long']],
+    'CcCopyReadNoWaitMiss' : [ 0x4f4, ['unsigned long']],
+    'MmSpinLockOrdering' : [ 0x4f8, ['long']],
+    'IoReadOperationCount' : [ 0x4fc, ['long']],
+    'IoWriteOperationCount' : [ 0x500, ['long']],
+    'IoOtherOperationCount' : [ 0x504, ['long']],
+    'IoReadTransferCount' : [ 0x508, ['_LARGE_INTEGER']],
+    'IoWriteTransferCount' : [ 0x510, ['_LARGE_INTEGER']],
+    'IoOtherTransferCount' : [ 0x518, ['_LARGE_INTEGER']],
+    'CcFastMdlReadNoWait' : [ 0x520, ['unsigned long']],
+    'CcFastMdlReadWait' : [ 0x524, ['unsigned long']],
+    'CcFastMdlReadNotPossible' : [ 0x528, ['unsigned long']],
+    'CcMapDataNoWait' : [ 0x52c, ['unsigned long']],
+    'CcMapDataWait' : [ 0x530, ['unsigned long']],
+    'CcPinMappedDataCount' : [ 0x534, ['unsigned long']],
+    'CcPinReadNoWait' : [ 0x538, ['unsigned long']],
+    'CcPinReadWait' : [ 0x53c, ['unsigned long']],
+    'CcMdlReadNoWait' : [ 0x540, ['unsigned long']],
+    'CcMdlReadWait' : [ 0x544, ['unsigned long']],
+    'CcLazyWriteHotSpots' : [ 0x548, ['unsigned long']],
+    'CcLazyWriteIos' : [ 0x54c, ['unsigned long']],
+    'CcLazyWritePages' : [ 0x550, ['unsigned long']],
+    'CcDataFlushes' : [ 0x554, ['unsigned long']],
+    'CcDataPages' : [ 0x558, ['unsigned long']],
+    'CcLostDelayedWrites' : [ 0x55c, ['unsigned long']],
+    'CcFastReadResourceMiss' : [ 0x560, ['unsigned long']],
+    'CcCopyReadWaitMiss' : [ 0x564, ['unsigned long']],
+    'CcFastMdlReadResourceMiss' : [ 0x568, ['unsigned long']],
+    'CcMapDataNoWaitMiss' : [ 0x56c, ['unsigned long']],
+    'CcMapDataWaitMiss' : [ 0x570, ['unsigned long']],
+    'CcPinReadNoWaitMiss' : [ 0x574, ['unsigned long']],
+    'CcPinReadWaitMiss' : [ 0x578, ['unsigned long']],
+    'CcMdlReadNoWaitMiss' : [ 0x57c, ['unsigned long']],
+    'CcMdlReadWaitMiss' : [ 0x580, ['unsigned long']],
+    'CcReadAheadIos' : [ 0x584, ['unsigned long']],
+    'KeAlignmentFixupCount' : [ 0x588, ['unsigned long']],
+    'KeExceptionDispatchCount' : [ 0x58c, ['unsigned long']],
+    'KeSystemCalls' : [ 0x590, ['unsigned long']],
+    'AvailableTime' : [ 0x594, ['unsigned long']],
+    'PrcbPad22' : [ 0x598, ['array', 2, ['unsigned long']]],
+    'PPLookasideList' : [ 0x5a0, ['array', 16, ['_PP_LOOKASIDE_LIST']]],
+    'PPNxPagedLookasideList' : [ 0x620, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPNPagedLookasideList' : [ 0xf20, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PPPagedLookasideList' : [ 0x1820, ['array', 32, ['_GENERAL_LOOKASIDE_POOL']]],
+    'PacketBarrier' : [ 0x2120, ['long']],
+    'ReverseStall' : [ 0x2124, ['long']],
+    'IpiFrame' : [ 0x2128, ['pointer', ['void']]],
+    'PrcbPad3' : [ 0x212c, ['array', 52, ['unsigned char']]],
+    'CurrentPacket' : [ 0x2160, ['array', 3, ['pointer', ['void']]]],
+    'TargetSet' : [ 0x216c, ['unsigned long']],
+    'WorkerRoutine' : [ 0x2170, ['pointer', ['void']]],
+    'IpiFrozen' : [ 0x2174, ['unsigned long']],
+    'PrcbPad4' : [ 0x2178, ['array', 40, ['unsigned char']]],
+    'RequestSummary' : [ 0x21a0, ['unsigned long']],
+    'TargetCount' : [ 0x21a4, ['long']],
+    'PrcbPad94' : [ 0x21a8, ['array', 1, ['unsigned long long']]],
+    'TrappedSecurityDomain' : [ 0x21b0, ['unsigned long long']],
+    'BpbState' : [ 0x21b8, ['unsigned char']],
+    'BpbCpuIdle' : [ 0x21b8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbFlushRsbOnTrap' : [ 0x21b8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbIbpbOnReturn' : [ 0x21b8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbIbpbOnTrap' : [ 0x21b8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BpbReserved' : [ 0x21b8, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'BpbFeatures' : [ 0x21b9, ['unsigned char']],
+    'BpbClearOnIdle' : [ 0x21b9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'BpbEnabled' : [ 0x21b9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'BpbSmep' : [ 0x21b9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'BpbFeaturesReserved' : [ 0x21b9, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'BpbCurrentSpecCtrl' : [ 0x21ba, ['unsigned char']],
+    'BpbKernelSpecCtrl' : [ 0x21bb, ['unsigned char']],
+    'BpbNmiSpecCtrl' : [ 0x21bc, ['unsigned char']],
+    'BpbUserSpecCtrl' : [ 0x21bd, ['unsigned char']],
+    'PrcbPad49' : [ 0x21be, ['array', 2, ['unsigned char']]],
+    'ProcessorSignature' : [ 0x21c0, ['unsigned long']],
+    'ProcessorFlags' : [ 0x21c4, ['unsigned long']],
+    'PrcbPad50' : [ 0x21c8, ['array', 8, ['unsigned char']]],
+    'InterruptLastCount' : [ 0x21d0, ['unsigned long']],
+    'InterruptRate' : [ 0x21d4, ['unsigned long']],
+    'DeviceInterrupts' : [ 0x21d8, ['unsigned long']],
+    'IsrDpcStats' : [ 0x21dc, ['pointer', ['void']]],
+    'DpcData' : [ 0x21e0, ['array', 2, ['_KDPC_DATA']]],
+    'DpcStack' : [ 0x2210, ['pointer', ['void']]],
+    'MaximumDpcQueueDepth' : [ 0x2214, ['long']],
+    'DpcRequestRate' : [ 0x2218, ['unsigned long']],
+    'MinimumDpcRate' : [ 0x221c, ['unsigned long']],
+    'DpcLastCount' : [ 0x2220, ['unsigned long']],
+    'PrcbLock' : [ 0x2224, ['unsigned long']],
+    'DpcGate' : [ 0x2228, ['_KGATE']],
+    'IdleState' : [ 0x2238, ['unsigned char']],
+    'QuantumEnd' : [ 0x2239, ['unsigned char']],
+    'DpcRoutineActive' : [ 0x223a, ['unsigned char']],
+    'IdleSchedule' : [ 0x223b, ['unsigned char']],
+    'DpcRequestSummary' : [ 0x223c, ['long']],
+    'DpcRequestSlot' : [ 0x223c, ['array', 2, ['short']]],
+    'NormalDpcState' : [ 0x223c, ['short']],
+    'ThreadDpcState' : [ 0x223e, ['short']],
+    'DpcNormalProcessingActive' : [ 0x223c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DpcNormalProcessingRequested' : [ 0x223c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DpcNormalThreadSignal' : [ 0x223c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DpcNormalTimerExpiration' : [ 0x223c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DpcNormalDpcPresent' : [ 0x223c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DpcNormalLocalInterrupt' : [ 0x223c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DpcNormalSpare' : [ 0x223c, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long')]],
+    'DpcThreadActive' : [ 0x223c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'DpcThreadRequested' : [ 0x223c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DpcThreadSpare' : [ 0x223c, ['BitField', dict(start_bit = 18, end_bit = 32, native_type='unsigned long')]],
+    'LastTick' : [ 0x2240, ['unsigned long']],
+    'PeriodicCount' : [ 0x2244, ['unsigned long']],
+    'PeriodicBias' : [ 0x2248, ['unsigned long']],
+    'ClockInterrupts' : [ 0x224c, ['unsigned long']],
+    'ReadyScanTick' : [ 0x2250, ['unsigned long']],
+    'GroupSchedulingOverQuota' : [ 0x2254, ['unsigned char']],
+    'ThreadDpcEnable' : [ 0x2255, ['unsigned char']],
+    'PrcbPad41' : [ 0x2256, ['array', 6, ['unsigned char']]],
+    'TimerTable' : [ 0x2260, ['_KTIMER_TABLE']],
+    'PrcbPad92' : [ 0x3ab0, ['array', 12, ['unsigned long']]],
+    'CallDpc' : [ 0x3ae0, ['_KDPC']],
+    'ClockKeepAlive' : [ 0x3b00, ['long']],
+    'PrcbPad6' : [ 0x3b04, ['array', 4, ['unsigned char']]],
+    'DpcWatchdogPeriod' : [ 0x3b08, ['long']],
+    'DpcWatchdogCount' : [ 0x3b0c, ['long']],
+    'KeSpinLockOrdering' : [ 0x3b10, ['long']],
+    'DpcWatchdogProfileCumulativeDpcThreshold' : [ 0x3b14, ['unsigned long']],
+    'QueueIndex' : [ 0x3b18, ['unsigned long']],
+    'DeferredReadyListHead' : [ 0x3b1c, ['_SINGLE_LIST_ENTRY']],
+    'ReadySummary' : [ 0x3b20, ['unsigned long']],
+    'AffinitizedSelectionMask' : [ 0x3b24, ['long']],
+    'WaitLock' : [ 0x3b28, ['unsigned long']],
+    'WaitListHead' : [ 0x3b2c, ['_LIST_ENTRY']],
+    'ScbOffset' : [ 0x3b34, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x3b38, ['unsigned long']],
+    'StartCycles' : [ 0x3b40, ['unsigned long long']],
+    'TaggedCyclesStart' : [ 0x3b48, ['unsigned long long']],
+    'TaggedCycles' : [ 0x3b50, ['array', 3, ['unsigned long long']]],
+    'CycleTime' : [ 0x3b68, ['unsigned long long']],
+    'AffinitizedCycles' : [ 0x3b70, ['unsigned long long']],
+    'ImportantCycles' : [ 0x3b78, ['unsigned long long']],
+    'UnimportantCycles' : [ 0x3b80, ['unsigned long long']],
+    'ReadyQueueExpectedRunTime' : [ 0x3b88, ['unsigned long long']],
+    'HighCycleTime' : [ 0x3b90, ['unsigned long']],
+    'Cycles' : [ 0x3b98, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'PrcbPad71' : [ 0x3bd8, ['unsigned long']],
+    'DpcWatchdogSequenceNumber' : [ 0x3bdc, ['unsigned long']],
+    'DispatcherReadyListHead' : [ 0x3be0, ['array', 32, ['_LIST_ENTRY']]],
+    'ChainedInterruptList' : [ 0x3ce0, ['pointer', ['void']]],
+    'LookasideIrpFloat' : [ 0x3ce4, ['long']],
+    'ScbQueue' : [ 0x3ce8, ['_RTL_RB_TREE']],
+    'ScbList' : [ 0x3cf0, ['_LIST_ENTRY']],
+    'MmPageFaultCount' : [ 0x3cf8, ['long']],
+    'MmCopyOnWriteCount' : [ 0x3cfc, ['long']],
+    'MmTransitionCount' : [ 0x3d00, ['long']],
+    'MmCacheTransitionCount' : [ 0x3d04, ['long']],
+    'MmDemandZeroCount' : [ 0x3d08, ['long']],
+    'MmPageReadCount' : [ 0x3d0c, ['long']],
+    'MmPageReadIoCount' : [ 0x3d10, ['long']],
+    'MmCacheReadCount' : [ 0x3d14, ['long']],
+    'MmCacheIoCount' : [ 0x3d18, ['long']],
+    'MmDirtyPagesWriteCount' : [ 0x3d1c, ['long']],
+    'MmDirtyWriteIoCount' : [ 0x3d20, ['long']],
+    'MmMappedPagesWriteCount' : [ 0x3d24, ['long']],
+    'MmMappedWriteIoCount' : [ 0x3d28, ['long']],
+    'CachedCommit' : [ 0x3d2c, ['unsigned long']],
+    'CachedResidentAvailable' : [ 0x3d30, ['unsigned long']],
+    'HyperPte' : [ 0x3d34, ['pointer', ['void']]],
+    'PrcbPad8' : [ 0x3d38, ['array', 4, ['unsigned char']]],
+    'VendorString' : [ 0x3d3c, ['array', 13, ['unsigned char']]],
+    'InitialApicId' : [ 0x3d49, ['unsigned char']],
+    'LogicalProcessorsPerPhysicalProcessor' : [ 0x3d4a, ['unsigned char']],
+    'PrcbPad9' : [ 0x3d4b, ['array', 1, ['unsigned char']]],
+    'FeatureBits' : [ 0x3d50, ['unsigned long long']],
+    'UpdateSignature' : [ 0x3d58, ['_LARGE_INTEGER']],
+    'IsrTime' : [ 0x3d60, ['unsigned long long']],
+    'GenerationTarget' : [ 0x3d68, ['unsigned long long']],
+    'PowerState' : [ 0x3d70, ['_PROCESSOR_POWER_STATE']],
+    'ForceIdleDpc' : [ 0x3f18, ['_KDPC']],
+    'MsrIa32TsxCtrl' : [ 0x3f38, ['unsigned long long']],
+    'PrcbPad91' : [ 0x3f40, ['array', 6, ['unsigned long']]],
+    'DpcRuntimeHistoryHashTable' : [ 0x3f58, ['pointer', ['_RTL_HASH_TABLE']]],
+    'DpcRuntimeHistoryHashTableCleanupDpc' : [ 0x3f5c, ['pointer', ['_KDPC']]],
+    'CurrentDpcRuntimeHistoryCached' : [ 0x3f60, ['unsigned long long']],
+    'CurrentDpcStartTime' : [ 0x3f68, ['unsigned long long']],
+    'CurrentDpcRoutine' : [ 0x3f70, ['pointer', ['void']]],
+    'DpcWatchdogProfileSingleDpcThreshold' : [ 0x3f74, ['unsigned long']],
+    'DpcWatchdogDpc' : [ 0x3f78, ['_KDPC']],
+    'DpcWatchdogTimer' : [ 0x3f98, ['_KTIMER']],
+    'HypercallPageList' : [ 0x3fc0, ['_SLIST_HEADER']],
+    'HypercallCachedPages' : [ 0x3fc8, ['pointer', ['void']]],
+    'VirtualApicAssist' : [ 0x3fcc, ['pointer', ['void']]],
+    'StatisticsPage' : [ 0x3fd0, ['pointer', ['unsigned long long']]],
+    'Cache' : [ 0x3fd4, ['array', 5, ['_CACHE_DESCRIPTOR']]],
+    'CacheCount' : [ 0x4010, ['unsigned long']],
+    'PackageProcessorSet' : [ 0x4014, ['_KAFFINITY_EX']],
+    'SharedReadyQueueMask' : [ 0x4020, ['unsigned long']],
+    'SharedReadyQueue' : [ 0x4024, ['pointer', ['_KSHARED_READY_QUEUE']]],
+    'SharedQueueScanOwner' : [ 0x4028, ['unsigned long']],
+    'CoreProcessorSet' : [ 0x402c, ['unsigned long']],
+    'ScanSiblingMask' : [ 0x4030, ['unsigned long']],
+    'LLCMask' : [ 0x4034, ['unsigned long']],
+    'CacheProcessorMask' : [ 0x4038, ['array', 5, ['unsigned long']]],
+    'ScanSiblingIndex' : [ 0x404c, ['unsigned long']],
+    'WheaInfo' : [ 0x4050, ['pointer', ['void']]],
+    'EtwSupport' : [ 0x4054, ['pointer', ['void']]],
+    'InterruptObjectPool' : [ 0x4058, ['_SLIST_HEADER']],
+    'DpcWatchdogProfile' : [ 0x4060, ['pointer', ['pointer', ['void']]]],
+    'DpcWatchdogProfileCurrentEmptyCapture' : [ 0x4064, ['pointer', ['pointer', ['void']]]],
+    'PackageId' : [ 0x4068, ['unsigned long']],
+    'PteBitCache' : [ 0x406c, ['unsigned long']],
+    'PteBitOffset' : [ 0x4070, ['unsigned long']],
+    'PrcbPad93' : [ 0x4074, ['unsigned long']],
+    'ProcessorProfileControlArea' : [ 0x4078, ['pointer', ['_PROCESSOR_PROFILE_CONTROL_AREA']]],
+    'ProfileEventIndexAddress' : [ 0x407c, ['pointer', ['void']]],
+    'TimerExpirationDpc' : [ 0x4080, ['_KDPC']],
+    'SynchCounters' : [ 0x40a0, ['_SYNCH_COUNTERS']],
+    'FsCounters' : [ 0x4158, ['_FILESYSTEM_DISK_COUNTERS']],
+    'Context' : [ 0x4168, ['pointer', ['_CONTEXT']]],
+    'ContextFlagsInit' : [ 0x416c, ['unsigned long']],
+    'ExtendedState' : [ 0x4170, ['pointer', ['_XSAVE_AREA']]],
+    'EntropyTimingState' : [ 0x4174, ['_KENTROPY_TIMING_STATE']],
+    'IsrStack' : [ 0x429c, ['pointer', ['void']]],
+    'VectorToInterruptObject' : [ 0x42a0, ['array', 208, ['pointer', ['_KINTERRUPT']]]],
+    'AbSelfIoBoostsList' : [ 0x45e0, ['_SINGLE_LIST_ENTRY']],
+    'AbPropagateBoostsList' : [ 0x45e4, ['_SINGLE_LIST_ENTRY']],
+    'AbDpc' : [ 0x45e8, ['_KDPC']],
+    'IoIrpStackProfilerCurrent' : [ 0x4608, ['_IOP_IRP_STACK_PROFILER']],
+    'IoIrpStackProfilerPrevious' : [ 0x465c, ['_IOP_IRP_STACK_PROFILER']],
+    'TimerExpirationTrace' : [ 0x46b0, ['array', 16, ['_KTIMER_EXPIRATION_TRACE']]],
+    'TimerExpirationTraceCount' : [ 0x47b0, ['unsigned long']],
+    'ExSaPageArray' : [ 0x47b4, ['pointer', ['void']]],
+    'ExtendedSupervisorState' : [ 0x47b8, ['pointer', ['_XSAVE_AREA_HEADER']]],
+    'PrcbPad100' : [ 0x47bc, ['array', 9, ['unsigned long']]],
+    'LocalSharedReadyQueue' : [ 0x47e0, ['_KSHARED_READY_QUEUE']],
+    'Mailbox' : [ 0x4920, ['pointer', ['_REQUEST_MAILBOX']]],
+    'PrcbPad' : [ 0x4924, ['array', 1468, ['unsigned char']]],
+    'KernelDirectoryTableBase' : [ 0x4ee0, ['unsigned long']],
+    'EspBaseShadow' : [ 0x4ee4, ['unsigned long']],
+    'UserEspShadow' : [ 0x4ee8, ['unsigned long']],
+    'ShadowFlags' : [ 0x4eec, ['unsigned long']],
+    'UserDS' : [ 0x4ef0, ['unsigned long']],
+    'UserES' : [ 0x4ef4, ['unsigned long']],
+    'UserFS' : [ 0x4ef8, ['unsigned long']],
+    'EspIretd' : [ 0x4efc, ['pointer', ['void']]],
+    'RestoreSegOption' : [ 0x4f00, ['unsigned long']],
+    'SavedEsi' : [ 0x4f04, ['unsigned long']],
+    'VerwSelector' : [ 0x4f08, ['unsigned short']],
+    'PrcbShadowPad' : [ 0x4f0a, ['unsigned short']],
+    'TaskSwitchCount' : [ 0x4f0c, ['unsigned long']],
+    'DbgLogs' : [ 0x4f10, ['array', 512, ['unsigned long']]],
+    'DbgCount' : [ 0x5710, ['unsigned long']],
+    'PrcbPadRemainingPage' : [ 0x5714, ['array', 499, ['unsigned long']]],
+    'RequestMailbox' : [ 0x5ee0, ['array', 1, ['_REQUEST_MAILBOX']]],
+} ],
+  '_KAPC' : [ 0x30, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'SpareByte0' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'SpareByte1' : [ 0x3, ['unsigned char']],
+    'SpareLong0' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'ApcListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'KernelRoutine' : [ 0x14, ['pointer', ['void']]],
+    'RundownRoutine' : [ 0x18, ['pointer', ['void']]],
+    'NormalRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Reserved' : [ 0x14, ['array', 3, ['pointer', ['void']]]],
+    'NormalContext' : [ 0x20, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x24, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x28, ['pointer', ['void']]],
+    'ApcStateIndex' : [ 0x2c, ['unsigned char']],
+    'ApcMode' : [ 0x2d, ['unsigned char']],
+    'Inserted' : [ 0x2e, ['unsigned char']],
+} ],
+  '_CPU_INFO' : [ 0x10, {
+    'AsUINT32' : [ 0x0, ['array', 4, ['unsigned long']]],
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_EXT_SET_PARAMETERS_V0' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'NoWakeTolerance' : [ 0x8, ['long long']],
+} ],
+  '_PS_TRUSTLET_CREATE_ATTRIBUTES' : [ 0x18, {
+    'TrustletIdentity' : [ 0x0, ['unsigned long long']],
+    'Attributes' : [ 0x8, ['array', 1, ['_PS_TRUSTLET_ATTRIBUTE_DATA']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_HEADER']],
+    'Data' : [ 0x8, ['array', 1, ['unsigned long long']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_HEADER' : [ 0x8, {
+    'AttributeType' : [ 0x0, ['_PS_TRUSTLET_ATTRIBUTE_TYPE']],
+    'InstanceNumber' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_TYPE' : [ 0x4, {
+    'Version' : [ 0x0, ['unsigned char']],
+    'DataCount' : [ 0x1, ['unsigned char']],
+    'SemanticType' : [ 0x2, ['unsigned char']],
+    'AccessRights' : [ 0x3, ['_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS']],
+    'AttributeType' : [ 0x0, ['unsigned long']],
+} ],
+  '_TRUSTLET_MAILBOX_KEY' : [ 0x10, {
+    'SecretValue' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_TRUSTLET_COLLABORATION_ID' : [ 0x10, {
+    'Value' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_KPROCESS' : [ 0xe0, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'ProfileListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'DirectoryTableBase' : [ 0x18, ['unsigned long']],
+    'LdtDescriptor' : [ 0x1c, ['_KGDTENTRY']],
+    'Int21Descriptor' : [ 0x24, ['_KIDTENTRY']],
+    'ThreadListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'ProcessLock' : [ 0x34, ['unsigned long']],
+    'DeepFreezeStartTime' : [ 0x38, ['unsigned long long']],
+    'Affinity' : [ 0x40, ['_KAFFINITY_EX']],
+    'ReadyListHead' : [ 0x4c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x54, ['_SINGLE_LIST_ENTRY']],
+    'ActiveProcessors' : [ 0x58, ['_KAFFINITY_EX']],
+    'AutoAlignment' : [ 0x64, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x64, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x64, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeepFreeze' : [ 0x64, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TimerVirtualization' : [ 0x64, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CheckStackExtents' : [ 0x64, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x64, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x64, ['BitField', dict(start_bit = 7, end_bit = 10, native_type='unsigned long')]],
+    'VaSpaceDeleted' : [ 0x64, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x64, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+    'ProcessFlags' : [ 0x64, ['long']],
+    'BasePriority' : [ 0x68, ['unsigned char']],
+    'QuantumReset' : [ 0x69, ['unsigned char']],
+    'Visited' : [ 0x6a, ['unsigned char']],
+    'Flags' : [ 0x6b, ['_KEXECUTE_OPTIONS']],
+    'ThreadSeed' : [ 0x6c, ['array', 1, ['unsigned short']]],
+    'IdealProcessor' : [ 0x6e, ['array', 1, ['unsigned short']]],
+    'IdealNode' : [ 0x70, ['array', 1, ['unsigned short']]],
+    'IdealGlobalNode' : [ 0x72, ['unsigned short']],
+    'Spare1' : [ 0x74, ['unsigned short']],
+    'IopmOffset' : [ 0x76, ['unsigned short']],
+    'SchedulingGroup' : [ 0x78, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'StackCount' : [ 0x7c, ['_KSTACK_COUNT']],
+    'ProcessListEntry' : [ 0x80, ['_LIST_ENTRY']],
+    'CycleTime' : [ 0x88, ['unsigned long long']],
+    'ContextSwitches' : [ 0x90, ['unsigned long long']],
+    'FreezeCount' : [ 0x98, ['unsigned long']],
+    'KernelTime' : [ 0x9c, ['unsigned long']],
+    'UserTime' : [ 0xa0, ['unsigned long']],
+    'ReadyTime' : [ 0xa4, ['unsigned long']],
+    'VdmTrapcHandler' : [ 0xa8, ['pointer', ['void']]],
+    'ProcessTimerDelay' : [ 0xac, ['unsigned long']],
+    'KernelWaitTime' : [ 0xb0, ['unsigned long long']],
+    'UserWaitTime' : [ 0xb8, ['unsigned long long']],
+    'EndPadding' : [ 0xc0, ['array', 8, ['unsigned long']]],
+} ],
+  '_KTHREAD' : [ 0x280, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'SListFaultAddress' : [ 0x10, ['pointer', ['void']]],
+    'QuantumTarget' : [ 0x18, ['unsigned long long']],
+    'InitialStack' : [ 0x20, ['pointer', ['void']]],
+    'StackLimit' : [ 0x24, ['pointer', ['void']]],
+    'StackBase' : [ 0x28, ['pointer', ['void']]],
+    'ThreadLock' : [ 0x2c, ['unsigned long']],
+    'CycleTime' : [ 0x30, ['unsigned long long']],
+    'HighCycleTime' : [ 0x38, ['unsigned long']],
+    'ServiceTable' : [ 0x3c, ['pointer', ['void']]],
+    'CurrentRunTime' : [ 0x40, ['unsigned long']],
+    'ExpectedRunTime' : [ 0x44, ['unsigned long']],
+    'KernelStack' : [ 0x48, ['pointer', ['void']]],
+    'StateSaveArea' : [ 0x4c, ['pointer', ['_XSAVE_FORMAT']]],
+    'SchedulingGroup' : [ 0x50, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'WaitRegister' : [ 0x54, ['_KWAIT_STATUS_REGISTER']],
+    'Running' : [ 0x55, ['unsigned char']],
+    'Alerted' : [ 0x56, ['array', 2, ['unsigned char']]],
+    'AutoBoostActive' : [ 0x58, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadyTransition' : [ 0x58, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'WaitNext' : [ 0x58, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemAffinityActive' : [ 0x58, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Alertable' : [ 0x58, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UserStackWalkActive' : [ 0x58, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ApcInterruptRequest' : [ 0x58, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'QuantumEndMigrate' : [ 0x58, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'UmsDirectedSwitchEnable' : [ 0x58, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'TimerActive' : [ 0x58, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SystemThread' : [ 0x58, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ProcessDetachActive' : [ 0x58, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CalloutActive' : [ 0x58, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ScbReadyQueue' : [ 0x58, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ApcQueueable' : [ 0x58, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ReservedStackInUse' : [ 0x58, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsPerformingSyscall' : [ 0x58, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'TimerSuspended' : [ 0x58, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'SuspendedWaitMode' : [ 0x58, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SuspendSchedulerApcWait' : [ 0x58, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CetUserShadowStack' : [ 0x58, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BypassProcessFreeze' : [ 0x58, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Reserved' : [ 0x58, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+    'MiscFlags' : [ 0x58, ['long']],
+    'ThreadFlagsSpare' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'AutoAlignment' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisableBoost' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AlertedByThreadId' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'QuantumDonation' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableStackSwap' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'GuiThread' : [ 0x5c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableQuantum' : [ 0x5c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ChargeOnlySchedulingGroup' : [ 0x5c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'QueueDeferPreemption' : [ 0x5c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ForceDeferSchedule' : [ 0x5c, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SharedReadyQueueAffinity' : [ 0x5c, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'FreezeCount' : [ 0x5c, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'TerminationApcRequest' : [ 0x5c, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AutoBoostEntriesExhausted' : [ 0x5c, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'KernelStackResident' : [ 0x5c, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TerminateRequestReason' : [ 0x5c, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'ProcessStackCountDecremented' : [ 0x5c, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RestrictedGuiThread' : [ 0x5c, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'VpBackingThread' : [ 0x5c, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ThreadFlagsSpare2' : [ 0x5c, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'EtwStackTraceApcInserted' : [ 0x5c, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ThreadFlags' : [ 0x5c, ['long']],
+    'Tag' : [ 0x60, ['unsigned char']],
+    'SystemHeteroCpuPolicy' : [ 0x61, ['unsigned char']],
+    'UserHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 0, end_bit = 7, native_type='unsigned char')]],
+    'ExplicitSystemHeteroCpuPolicy' : [ 0x62, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare0' : [ 0x63, ['unsigned char']],
+    'SystemCallNumber' : [ 0x64, ['unsigned long']],
+    'FirstArgument' : [ 0x68, ['pointer', ['void']]],
+    'TrapFrame' : [ 0x6c, ['pointer', ['_KTRAP_FRAME']]],
+    'ApcState' : [ 0x70, ['_KAPC_STATE']],
+    'ApcStateFill' : [ 0x70, ['array', 23, ['unsigned char']]],
+    'Priority' : [ 0x87, ['unsigned char']],
+    'UserIdealProcessor' : [ 0x88, ['unsigned long']],
+    'ContextSwitches' : [ 0x8c, ['unsigned long']],
+    'State' : [ 0x90, ['unsigned char']],
+    'Spare12' : [ 0x91, ['unsigned char']],
+    'WaitIrql' : [ 0x92, ['unsigned char']],
+    'WaitMode' : [ 0x93, ['unsigned char']],
+    'WaitStatus' : [ 0x94, ['long']],
+    'WaitBlockList' : [ 0x98, ['pointer', ['_KWAIT_BLOCK']]],
+    'WaitListEntry' : [ 0x9c, ['_LIST_ENTRY']],
+    'SwapListEntry' : [ 0x9c, ['_SINGLE_LIST_ENTRY']],
+    'Queue' : [ 0xa4, ['pointer', ['_DISPATCHER_HEADER']]],
+    'Teb' : [ 0xa8, ['pointer', ['void']]],
+    'RelativeTimerBias' : [ 0xb0, ['unsigned long long']],
+    'Timer' : [ 0xb8, ['_KTIMER']],
+    'WaitBlock' : [ 0xe0, ['array', 4, ['_KWAIT_BLOCK']]],
+    'WaitBlockFill8' : [ 0xe0, ['array', 20, ['unsigned char']]],
+    'ThreadCounters' : [ 0xf4, ['pointer', ['_KTHREAD_COUNTERS']]],
+    'WaitBlockFill9' : [ 0xe0, ['array', 44, ['unsigned char']]],
+    'XStateSave' : [ 0x10c, ['pointer', ['_XSTATE_SAVE']]],
+    'WaitBlockFill10' : [ 0xe0, ['array', 68, ['unsigned char']]],
+    'Win32Thread' : [ 0x124, ['pointer', ['void']]],
+    'WaitBlockFill11' : [ 0xe0, ['array', 88, ['unsigned char']]],
+    'WaitTime' : [ 0x138, ['unsigned long']],
+    'KernelApcDisable' : [ 0x13c, ['short']],
+    'SpecialApcDisable' : [ 0x13e, ['short']],
+    'CombinedApcDisable' : [ 0x13c, ['unsigned long']],
+    'QueueListEntry' : [ 0x140, ['_LIST_ENTRY']],
+    'NextProcessor' : [ 0x148, ['unsigned long']],
+    'NextProcessorNumber' : [ 0x148, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'SharedReadyQueue' : [ 0x148, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'QueuePriority' : [ 0x14c, ['long']],
+    'Process' : [ 0x150, ['pointer', ['_KPROCESS']]],
+    'UserAffinity' : [ 0x154, ['_GROUP_AFFINITY']],
+    'UserAffinityFill' : [ 0x154, ['array', 6, ['unsigned char']]],
+    'PreviousMode' : [ 0x15a, ['unsigned char']],
+    'BasePriority' : [ 0x15b, ['unsigned char']],
+    'PriorityDecrement' : [ 0x15c, ['unsigned char']],
+    'ForegroundBoost' : [ 0x15c, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UnusualBoost' : [ 0x15c, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Preempted' : [ 0x15d, ['unsigned char']],
+    'AdjustReason' : [ 0x15e, ['unsigned char']],
+    'AdjustIncrement' : [ 0x15f, ['unsigned char']],
+    'AffinityVersion' : [ 0x160, ['unsigned long']],
+    'Affinity' : [ 0x164, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x164, ['array', 6, ['unsigned char']]],
+    'ApcStateIndex' : [ 0x16a, ['unsigned char']],
+    'WaitBlockCount' : [ 0x16b, ['unsigned char']],
+    'IdealProcessor' : [ 0x16c, ['unsigned long']],
+    'ReadyTime' : [ 0x170, ['unsigned long']],
+    'SavedApcState' : [ 0x174, ['_KAPC_STATE']],
+    'SavedApcStateFill' : [ 0x174, ['array', 23, ['unsigned char']]],
+    'WaitReason' : [ 0x18b, ['unsigned char']],
+    'SuspendCount' : [ 0x18c, ['unsigned char']],
+    'Saturation' : [ 0x18d, ['unsigned char']],
+    'SListFaultCount' : [ 0x18e, ['unsigned short']],
+    'SchedulerApc' : [ 0x190, ['_KAPC']],
+    'SchedulerApcFill0' : [ 0x190, ['array', 1, ['unsigned char']]],
+    'ResourceIndex' : [ 0x191, ['unsigned char']],
+    'SchedulerApcFill1' : [ 0x190, ['array', 3, ['unsigned char']]],
+    'QuantumReset' : [ 0x193, ['unsigned char']],
+    'SchedulerApcFill2' : [ 0x190, ['array', 4, ['unsigned char']]],
+    'KernelTime' : [ 0x194, ['unsigned long']],
+    'SchedulerApcFill3' : [ 0x190, ['array', 36, ['unsigned char']]],
+    'WaitPrcb' : [ 0x1b4, ['pointer', ['_KPRCB']]],
+    'SchedulerApcFill4' : [ 0x190, ['array', 40, ['unsigned char']]],
+    'LegoData' : [ 0x1b8, ['pointer', ['void']]],
+    'SchedulerApcFill5' : [ 0x190, ['array', 47, ['unsigned char']]],
+    'CallbackNestingLevel' : [ 0x1bf, ['unsigned char']],
+    'UserTime' : [ 0x1c0, ['unsigned long']],
+    'SuspendEvent' : [ 0x1c4, ['_KEVENT']],
+    'ThreadListEntry' : [ 0x1d4, ['_LIST_ENTRY']],
+    'MutantListHead' : [ 0x1dc, ['_LIST_ENTRY']],
+    'AbEntrySummary' : [ 0x1e4, ['unsigned char']],
+    'AbWaitEntryCount' : [ 0x1e5, ['unsigned char']],
+    'AbAllocationRegionCount' : [ 0x1e6, ['unsigned char']],
+    'SystemPriority' : [ 0x1e7, ['unsigned char']],
+    'LockEntries' : [ 0x1e8, ['pointer', ['_KLOCK_ENTRY']]],
+    'PropagateBoostsEntry' : [ 0x1ec, ['_SINGLE_LIST_ENTRY']],
+    'IoSelfBoostsEntry' : [ 0x1f0, ['_SINGLE_LIST_ENTRY']],
+    'PriorityFloorCounts' : [ 0x1f4, ['array', 16, ['unsigned char']]],
+    'PriorityFloorCountsReserved' : [ 0x204, ['array', 16, ['unsigned char']]],
+    'PriorityFloorSummary' : [ 0x214, ['unsigned long']],
+    'AbCompletedIoBoostCount' : [ 0x218, ['long']],
+    'AbCompletedIoQoSBoostCount' : [ 0x21c, ['long']],
+    'KeReferenceCount' : [ 0x220, ['short']],
+    'AbOrphanedEntrySummary' : [ 0x222, ['unsigned char']],
+    'AbOwnedEntryCount' : [ 0x223, ['unsigned char']],
+    'ForegroundLossTime' : [ 0x224, ['unsigned long']],
+    'GlobalForegroundListEntry' : [ 0x228, ['_LIST_ENTRY']],
+    'ForegroundDpcStackListEntry' : [ 0x228, ['_SINGLE_LIST_ENTRY']],
+    'InGlobalForegroundList' : [ 0x22c, ['unsigned long']],
+    'QueuedScb' : [ 0x230, ['pointer', ['_KSCB']]],
+    'NpxState' : [ 0x238, ['unsigned long long']],
+    'ThreadTimerDelay' : [ 0x240, ['unsigned long']],
+    'ThreadFlags3' : [ 0x244, ['long']],
+    'BamQosLevel' : [ 0x244, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PpmPolicy' : [ 0x244, ['BitField', dict(start_bit = 8, end_bit = 10, native_type='unsigned long')]],
+    'ThreadFlags3Reserved2' : [ 0x244, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'AbWaitObject' : [ 0x248, ['pointer', ['void']]],
+    'ReservedPreviousReadyTimeValue' : [ 0x24c, ['unsigned long']],
+    'KernelWaitTime' : [ 0x250, ['unsigned long long']],
+    'UserWaitTime' : [ 0x258, ['unsigned long long']],
+    'Spare29' : [ 0x260, ['array', 3, ['unsigned long']]],
+    'EndPadding' : [ 0x26c, ['array', 5, ['unsigned long']]],
+} ],
+  '_KSTACK_CONTROL' : [ 0x20, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'ActualLimit' : [ 0x4, ['unsigned long']],
+    'StackExpansion' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousTrapFrame' : [ 0x8, ['pointer', ['_KTRAP_FRAME']]],
+    'PreviousExceptionList' : [ 0xc, ['pointer', ['void']]],
+    'Previous' : [ 0x10, ['_KERNEL_STACK_SEGMENT']],
+} ],
+  '_KSPIN_LOCK_QUEUE' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_KSPIN_LOCK_QUEUE']]],
+    'Lock' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_FAST_MUTEX' : [ 0x20, {
+    'Count' : [ 0x0, ['long']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Contention' : [ 0x8, ['unsigned long']],
+    'Event' : [ 0xc, ['_KEVENT']],
+    'OldIrql' : [ 0x1c, ['unsigned long']],
+} ],
+  '_KEVENT' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_SLIST_HEADER' : [ 0x8, {
+    'Alignment' : [ 0x0, ['unsigned long long']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x4, ['unsigned short']],
+    'CpuId' : [ 0x6, ['unsigned short']],
+} ],
+  '_LOOKASIDE_LIST_EX' : [ 0x48, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE_POOL']],
+} ],
+  '_NPAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['unsigned long']],
+} ],
+  '_PAGED_LOOKASIDE_LIST' : [ 0xc0, {
+    'L' : [ 0x0, ['_GENERAL_LOOKASIDE']],
+    'Lock__ObsoleteButDoNotDelete' : [ 0x80, ['_FAST_MUTEX']],
+} ],
+  '_IO_STATUS_BLOCK' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Pointer' : [ 0x0, ['pointer', ['void']]],
+    'Information' : [ 0x4, ['unsigned long']],
+} ],
+  '_QUAD' : [ 0x8, {
+    'UseThisFieldToCopy' : [ 0x0, ['long long']],
+    'DoNotUseThisField' : [ 0x0, ['double']],
+} ],
+  '_WORK_QUEUE_ITEM' : [ 0x10, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkerRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Parameter' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EXT_DELETE_PARAMETERS' : [ 0x10, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'DeleteCallback' : [ 0x8, ['pointer', ['void']]],
+    'DeleteContext' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_EX_PUSH_LOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_PP_LOOKASIDE_LIST' : [ 0x8, {
+    'P' : [ 0x0, ['pointer', ['_GENERAL_LOOKASIDE']]],
+    'L' : [ 0x4, ['pointer', ['_GENERAL_LOOKASIDE']]],
+} ],
+  '_GENERAL_LOOKASIDE' : [ 0x80, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_KNODE' : [ 0x140, {
+    'IdleNonParkedCpuSet' : [ 0x0, ['unsigned long']],
+    'IdleSmtSet' : [ 0x4, ['unsigned long']],
+    'NonPairedSmtSet' : [ 0x8, ['unsigned long']],
+    'IdleCpuSet' : [ 0xc, ['unsigned long']],
+    'DeepIdleSet' : [ 0x40, ['unsigned long']],
+    'IdleConstrainedSet' : [ 0x44, ['unsigned long']],
+    'NonParkedSet' : [ 0x48, ['unsigned long']],
+    'SoftParkedSet' : [ 0x4c, ['unsigned long']],
+    'NonIsrTargetedSet' : [ 0x50, ['unsigned long']],
+    'ParkLock' : [ 0x54, ['long']],
+    'ThreadSeed' : [ 0x58, ['unsigned short']],
+    'ProcessSeed' : [ 0x5a, ['unsigned short']],
+    'SiblingMask' : [ 0x80, ['unsigned long']],
+    'Affinity' : [ 0x84, ['_GROUP_AFFINITY']],
+    'AffinityFill' : [ 0x84, ['array', 6, ['unsigned char']]],
+    'NodeNumber' : [ 0x8a, ['unsigned short']],
+    'PrimaryNodeNumber' : [ 0x8c, ['unsigned short']],
+    'Spare0' : [ 0x8e, ['unsigned short']],
+    'SharedReadyQueueMask' : [ 0x90, ['unsigned long']],
+    'StrideMask' : [ 0x94, ['unsigned long']],
+    'ProximityId' : [ 0x98, ['unsigned long']],
+    'Lowest' : [ 0x9c, ['unsigned long']],
+    'Highest' : [ 0xa0, ['unsigned long']],
+    'MaximumProcessors' : [ 0xa4, ['unsigned char']],
+    'Flags' : [ 0xa5, ['_flags']],
+    'Spare10' : [ 0xa6, ['unsigned char']],
+    'HeteroSets' : [ 0xa8, ['array', 5, ['_KHETERO_PROCESSOR_SET']]],
+    'PpmConfiguredQosSets' : [ 0xe4, ['array', 5, ['unsigned long']]],
+    'Spare11' : [ 0xf8, ['unsigned long']],
+    'QosGroupingSets' : [ 0x100, ['_KQOS_GROUPING_SETS']],
+    'QosPreemptibleSet' : [ 0x108, ['unsigned long']],
+    'LLCLeaders' : [ 0x10c, ['unsigned long']],
+} ],
+  '_ENODE' : [ 0x180, {
+    'Ncb' : [ 0x0, ['_KNODE']],
+    'HotAddProcessorWorkItem' : [ 0x140, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HANDLE_TABLE' : [ 0x80, {
+    'NextHandleNeedingPool' : [ 0x0, ['unsigned long']],
+    'ExtraInfoPages' : [ 0x4, ['long']],
+    'TableCode' : [ 0x8, ['unsigned long']],
+    'QuotaProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'HandleTableList' : [ 0x10, ['_LIST_ENTRY']],
+    'UniqueProcessId' : [ 0x18, ['unsigned long']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'StrictFIFO' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'EnableHandleExceptions' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Rundown' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Duplicated' : [ 0x1c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'RaiseUMExceptionOnInvalidHandleClose' : [ 0x1c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'HandleContentionEvent' : [ 0x20, ['_EX_PUSH_LOCK']],
+    'HandleTableLock' : [ 0x24, ['_EX_PUSH_LOCK']],
+    'FreeLists' : [ 0x40, ['array', 1, ['_HANDLE_TABLE_FREE_LIST']]],
+    'ActualEntry' : [ 0x40, ['array', 20, ['unsigned char']]],
+    'DebugInfo' : [ 0x54, ['pointer', ['_HANDLE_TRACE_DEBUG_INFO']]],
+} ],
+  '_HANDLE_TABLE_ENTRY_INFO' : [ 0x8, {
+    'AuditMask' : [ 0x0, ['unsigned long']],
+    'MaxRelativeAccessMask' : [ 0x4, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_ENTRY' : [ 0x8, {
+    'VolatileLowValue' : [ 0x0, ['long']],
+    'LowValue' : [ 0x0, ['long']],
+    'InfoTable' : [ 0x0, ['pointer', ['_HANDLE_TABLE_ENTRY_INFO']]],
+    'HighValue' : [ 0x4, ['long']],
+    'NextFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LeafHandleValue' : [ 0x4, ['_EXHANDLE']],
+    'Unlocked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ObjectPointerBits' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'RefCountField' : [ 0x4, ['long']],
+    'GrantedAccessBits' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 25, native_type='unsigned long')]],
+    'ProtectFromClose' : [ 0x4, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'NoRightsUpgrade' : [ 0x4, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'RefCnt' : [ 0x4, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_FAST_REF' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+    'RefCnt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1383' : [ 0x2c, {
+    'InitialPrivilegeSet' : [ 0x0, ['_INITIAL_PRIVILEGE_SET']],
+    'PrivilegeSet' : [ 0x0, ['_PRIVILEGE_SET']],
+} ],
+  '_ACCESS_STATE' : [ 0x74, {
+    'OperationID' : [ 0x0, ['_LUID']],
+    'SecurityEvaluated' : [ 0x8, ['unsigned char']],
+    'GenerateAudit' : [ 0x9, ['unsigned char']],
+    'GenerateOnClose' : [ 0xa, ['unsigned char']],
+    'PrivilegesAllocated' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'RemainingDesiredAccess' : [ 0x10, ['unsigned long']],
+    'PreviouslyGrantedAccess' : [ 0x14, ['unsigned long']],
+    'OriginalDesiredAccess' : [ 0x18, ['unsigned long']],
+    'SubjectSecurityContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'AuxData' : [ 0x30, ['pointer', ['void']]],
+    'Privileges' : [ 0x34, ['__unnamed_1383']],
+    'AuditPrivileges' : [ 0x60, ['unsigned char']],
+    'ObjectName' : [ 0x64, ['_UNICODE_STRING']],
+    'ObjectTypeName' : [ 0x6c, ['_UNICODE_STRING']],
+} ],
+  '_AUX_ACCESS_DATA' : [ 0xc4, {
+    'PrivilegesUsed' : [ 0x0, ['pointer', ['_PRIVILEGE_SET']]],
+    'GenericMapping' : [ 0x4, ['_GENERIC_MAPPING']],
+    'AccessesToAudit' : [ 0x14, ['unsigned long']],
+    'MaximumAuditMask' : [ 0x18, ['unsigned long']],
+    'TransactionId' : [ 0x1c, ['_GUID']],
+    'NewSecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'ExistingSecurityDescriptor' : [ 0x30, ['pointer', ['void']]],
+    'ParentSecurityDescriptor' : [ 0x34, ['pointer', ['void']]],
+    'DeRefSecurityDescriptor' : [ 0x38, ['pointer', ['void']]],
+    'SDLock' : [ 0x3c, ['pointer', ['void']]],
+    'AccessReasons' : [ 0x40, ['_ACCESS_REASONS']],
+    'GenerateStagingEvents' : [ 0xc0, ['unsigned char']],
+} ],
+  '_OBJECT_HANDLE_INFORMATION' : [ 0x8, {
+    'HandleAttributes' : [ 0x0, ['unsigned long']],
+    'GrantedAccess' : [ 0x4, ['unsigned long']],
+} ],
+  '_ETHREAD' : [ 0x4e0, {
+    'Tcb' : [ 0x0, ['_KTHREAD']],
+    'CreateTime' : [ 0x280, ['_LARGE_INTEGER']],
+    'ExitTime' : [ 0x288, ['_LARGE_INTEGER']],
+    'KeyedWaitChain' : [ 0x288, ['_LIST_ENTRY']],
+    'ChargeOnlySession' : [ 0x290, ['pointer', ['void']]],
+    'PostBlockList' : [ 0x294, ['_LIST_ENTRY']],
+    'ForwardLinkShadow' : [ 0x294, ['pointer', ['void']]],
+    'StartAddress' : [ 0x298, ['pointer', ['void']]],
+    'TerminationPort' : [ 0x29c, ['pointer', ['_TERMINATION_PORT']]],
+    'ReaperLink' : [ 0x29c, ['pointer', ['_ETHREAD']]],
+    'KeyedWaitValue' : [ 0x29c, ['pointer', ['void']]],
+    'ActiveTimerListLock' : [ 0x2a0, ['unsigned long']],
+    'ActiveTimerListHead' : [ 0x2a4, ['_LIST_ENTRY']],
+    'Cid' : [ 0x2ac, ['_CLIENT_ID']],
+    'KeyedWaitSemaphore' : [ 0x2b4, ['_KSEMAPHORE']],
+    'AlpcWaitSemaphore' : [ 0x2b4, ['_KSEMAPHORE']],
+    'ClientSecurity' : [ 0x2c8, ['_PS_CLIENT_SECURITY_CONTEXT']],
+    'IrpList' : [ 0x2cc, ['_LIST_ENTRY']],
+    'TopLevelIrp' : [ 0x2d4, ['unsigned long']],
+    'DeviceToVerify' : [ 0x2d8, ['pointer', ['_DEVICE_OBJECT']]],
+    'Win32StartAddress' : [ 0x2dc, ['pointer', ['void']]],
+    'LegacyPowerObject' : [ 0x2e0, ['pointer', ['void']]],
+    'ThreadListEntry' : [ 0x2e4, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0x2ec, ['_EX_RUNDOWN_REF']],
+    'ThreadLock' : [ 0x2f0, ['_EX_PUSH_LOCK']],
+    'ReadClusterSize' : [ 0x2f4, ['unsigned long']],
+    'MmLockOrdering' : [ 0x2f8, ['long']],
+    'CrossThreadFlags' : [ 0x2fc, ['unsigned long']],
+    'Terminated' : [ 0x2fc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ThreadInserted' : [ 0x2fc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HideFromDebugger' : [ 0x2fc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ActiveImpersonationInfo' : [ 0x2fc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'HardErrorsAreDisabled' : [ 0x2fc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0x2fc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SkipCreationMsg' : [ 0x2fc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SkipTerminationMsg' : [ 0x2fc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CopyTokenOnOpen' : [ 0x2fc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ThreadIoPriority' : [ 0x2fc, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ThreadPagePriority' : [ 0x2fc, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'RundownFail' : [ 0x2fc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UmsForceQueueTermination' : [ 0x2fc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x2fc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DisableDynamicCodeOptOut' : [ 0x2fc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ExplicitCaseSensitivity' : [ 0x2fc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PicoNotifyExit' : [ 0x2fc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'DbgWerUserReportActive' : [ 0x2fc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ForcedSelfTrimActive' : [ 0x2fc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SamplingCoverage' : [ 0x2fc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'ReservedCrossThreadFlags' : [ 0x2fc, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadPassiveFlags' : [ 0x300, ['unsigned long']],
+    'ActiveExWorker' : [ 0x300, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MemoryMaker' : [ 0x300, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreLockThread' : [ 0x300, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'ClonedThread' : [ 0x300, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KeyedEventInUse' : [ 0x300, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SelfTerminate' : [ 0x300, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'RespectIoPriority' : [ 0x300, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ActivePageLists' : [ 0x300, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SecureContext' : [ 0x300, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ZeroPageThread' : [ 0x300, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WorkloadClass' : [ 0x300, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ReservedSameThreadPassiveFlags' : [ 0x300, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'SameThreadApcFlags' : [ 0x304, ['unsigned long']],
+    'OwnsProcessAddressSpaceExclusive' : [ 0x304, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'OwnsProcessAddressSpaceShared' : [ 0x304, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HardFaultBehavior' : [ 0x304, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'StartAddressInvalid' : [ 0x304, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'EtwCalloutActive' : [ 0x304, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SuppressSymbolLoad' : [ 0x304, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Prefetching' : [ 0x304, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'OwnsVadExclusive' : [ 0x304, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SystemPagePriorityActive' : [ 0x305, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SystemPagePriority' : [ 0x305, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'AllowUserWritesToExecutableMemory' : [ 0x305, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'AllowKernelWritesToExecutableMemory' : [ 0x305, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'OwnsVadShared' : [ 0x305, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheManagerActive' : [ 0x308, ['unsigned char']],
+    'DisablePageFaultClustering' : [ 0x309, ['unsigned char']],
+    'ActiveFaultCount' : [ 0x30a, ['unsigned char']],
+    'LockOrderState' : [ 0x30b, ['unsigned char']],
+    'PerformanceCountLowReserved' : [ 0x30c, ['unsigned long']],
+    'PerformanceCountHighReserved' : [ 0x310, ['long']],
+    'AlpcMessageId' : [ 0x314, ['unsigned long']],
+    'AlpcMessage' : [ 0x318, ['pointer', ['void']]],
+    'AlpcReceiveAttributeSet' : [ 0x318, ['unsigned long']],
+    'AlpcWaitListEntry' : [ 0x31c, ['_LIST_ENTRY']],
+    'ExitStatus' : [ 0x324, ['long']],
+    'CacheManagerCount' : [ 0x328, ['unsigned long']],
+    'IoBoostCount' : [ 0x32c, ['unsigned long']],
+    'IoQoSBoostCount' : [ 0x330, ['unsigned long']],
+    'IoQoSThrottleCount' : [ 0x334, ['unsigned long']],
+    'KernelStackReference' : [ 0x338, ['unsigned long']],
+    'BoostList' : [ 0x33c, ['_LIST_ENTRY']],
+    'DeboostList' : [ 0x344, ['_LIST_ENTRY']],
+    'BoostListLock' : [ 0x34c, ['unsigned long']],
+    'IrpListLock' : [ 0x350, ['unsigned long']],
+    'ReservedForSynchTracking' : [ 0x354, ['pointer', ['void']]],
+    'CmCallbackListHead' : [ 0x358, ['_SINGLE_LIST_ENTRY']],
+    'ActivityId' : [ 0x35c, ['pointer', ['_GUID']]],
+    'SeLearningModeListHead' : [ 0x360, ['_SINGLE_LIST_ENTRY']],
+    'VerifierContext' : [ 0x364, ['pointer', ['void']]],
+    'AdjustedClientToken' : [ 0x368, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x36c, ['pointer', ['void']]],
+    'PropertySet' : [ 0x370, ['_PS_PROPERTY_SET']],
+    'PicoContext' : [ 0x37c, ['pointer', ['void']]],
+    'UserFsBase' : [ 0x380, ['unsigned long']],
+    'UserGsBase' : [ 0x384, ['unsigned long']],
+    'EnergyValues' : [ 0x388, ['pointer', ['_THREAD_ENERGY_VALUES']]],
+    'SelectedCpuSets' : [ 0x38c, ['unsigned long']],
+    'SelectedCpuSetsIndirect' : [ 0x38c, ['pointer', ['unsigned long']]],
+    'Silo' : [ 0x390, ['pointer', ['_EJOB']]],
+    'ThreadName' : [ 0x394, ['pointer', ['_UNICODE_STRING']]],
+    'SparePointer' : [ 0x398, ['pointer', ['void']]],
+    'LastExpectedRunTime' : [ 0x39c, ['unsigned long']],
+    'HeapData' : [ 0x3a0, ['unsigned long']],
+    'OwnerEntryListHead' : [ 0x3a4, ['_LIST_ENTRY']],
+    'DisownedOwnerEntryListLock' : [ 0x3ac, ['unsigned long']],
+    'DisownedOwnerEntryListHead' : [ 0x3b0, ['_LIST_ENTRY']],
+    'LockEntries' : [ 0x3b8, ['array', 6, ['_KLOCK_ENTRY']]],
+    'CmDbgInfo' : [ 0x4d8, ['pointer', ['void']]],
+} ],
+  '__unnamed_13db' : [ 0x4, {
+    'ControlFlowGuardEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ControlFlowGuardExportSuppressionEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ControlFlowGuardStrict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DisallowStrippedImages' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ForceRelocateImages' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HighEntropyASLREnabled' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'StackRandomizationDisabled' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ExtensionPointDisable' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowOptOut' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DisableDynamicCodeAllowRemoteDowngrade' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditDisableDynamicCode' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'AuditDisallowWin32kSystemCalls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EnableFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditFilteredWin32kAPIs' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'DisableNonSystemFonts' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'AuditNonSystemFontLoading' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PreferSystem32Images' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'AuditProhibitRemoteImageMap' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'AuditProhibitLowILImageMap' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SignatureMitigationOptIn' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinaries' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AuditBlockNonMicrosoftBinariesAllowStore' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LoaderIntegrityContinuityEnabled' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'AuditLoaderIntegrityContinuity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'EnableModuleTamperingProtection' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'EnableModuleTamperingProtectionNoInherit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RestrictIndirectBranchPrediction' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IsolateSecurityDomain' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_13dd' : [ 0x4, {
+    'EnableExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AuditExportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AuditExportAddressFilterPlus' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'EnableRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuditRopStackPivot' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AuditRopCallerCheck' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'EnableRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AuditRopSimExec' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'EnableImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AuditImportAddressFilter' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DisablePageCombine' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SpeculativeStoreBypassDisable' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'CetUserShadowStacks' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'AuditCetUserShadowStacks' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'AuditCetUserShadowStacksLogged' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'UserCetSetContextIpValidation' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AuditUserCetSetContextIpValidation' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AuditUserCetSetContextIpValidationLogged' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+} ],
+  '_EPROCESS' : [ 0x4c0, {
+    'Pcb' : [ 0x0, ['_KPROCESS']],
+    'ProcessLock' : [ 0xe0, ['_EX_PUSH_LOCK']],
+    'UniqueProcessId' : [ 0xe4, ['pointer', ['void']]],
+    'ActiveProcessLinks' : [ 0xe8, ['_LIST_ENTRY']],
+    'RundownProtect' : [ 0xf0, ['_EX_RUNDOWN_REF']],
+    'VdmObjects' : [ 0xf4, ['pointer', ['void']]],
+    'Flags2' : [ 0xf8, ['unsigned long']],
+    'JobNotReallyActive' : [ 0xf8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AccountingFolded' : [ 0xf8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NewProcessReported' : [ 0xf8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ExitProcessReported' : [ 0xf8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ReportCommitChanges' : [ 0xf8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LastReportMemory' : [ 0xf8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ForceWakeCharge' : [ 0xf8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CrossSessionCreate' : [ 0xf8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'NeedsHandleRundown' : [ 0xf8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RefTraceEnabled' : [ 0xf8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PicoCreated' : [ 0xf8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'EmptyJobEvaluated' : [ 0xf8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DefaultPagePriority' : [ 0xf8, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'PrimaryTokenFrozen' : [ 0xf8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessVerifierTarget' : [ 0xf8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'RestrictSetThreadContext' : [ 0xf8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'AffinityPermanent' : [ 0xf8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'AffinityUpdateEnable' : [ 0xf8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PropagateNode' : [ 0xf8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ExplicitAffinity' : [ 0xf8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ProcessExecutionState' : [ 0xf8, ['BitField', dict(start_bit = 22, end_bit = 24, native_type='unsigned long')]],
+    'EnableReadVmLogging' : [ 0xf8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'EnableWriteVmLogging' : [ 0xf8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'FatalAccessTerminationRequested' : [ 0xf8, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DisableSystemAllowedCpuSet' : [ 0xf8, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'ProcessStateChangeRequest' : [ 0xf8, ['BitField', dict(start_bit = 28, end_bit = 30, native_type='unsigned long')]],
+    'ProcessStateChangeInProgress' : [ 0xf8, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'InPrivate' : [ 0xf8, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'Flags' : [ 0xfc, ['unsigned long']],
+    'CreateReported' : [ 0xfc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NoDebugInherit' : [ 0xfc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessExiting' : [ 0xfc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessDelete' : [ 0xfc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ManageExecutableMemoryWrites' : [ 0xfc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'VmDeleted' : [ 0xfc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OutswapEnabled' : [ 0xfc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Outswapped' : [ 0xfc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FailFastOnCommitFail' : [ 0xfc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Wow64VaSpace4Gb' : [ 0xfc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'AddressSpaceInitialized' : [ 0xfc, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'SetTimerResolution' : [ 0xfc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'BreakOnTermination' : [ 0xfc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'DeprioritizeViews' : [ 0xfc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WriteWatch' : [ 0xfc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ProcessInSession' : [ 0xfc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'OverrideAddressSpace' : [ 0xfc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HasAddressSpace' : [ 0xfc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'LaunchPrefetched' : [ 0xfc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'Background' : [ 0xfc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'VmTopDown' : [ 0xfc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ImageNotifyDone' : [ 0xfc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'PdeUpdateNeeded' : [ 0xfc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VdmAllowed' : [ 0xfc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProcessRundown' : [ 0xfc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessInserted' : [ 0xfc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DefaultIoPriority' : [ 0xfc, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+    'ProcessSelfDelete' : [ 0xfc, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SetTimerResolutionLink' : [ 0xfc, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CreateTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'ProcessQuotaUsage' : [ 0x108, ['array', 2, ['unsigned long']]],
+    'ProcessQuotaPeak' : [ 0x110, ['array', 2, ['unsigned long']]],
+    'PeakVirtualSize' : [ 0x118, ['unsigned long']],
+    'VirtualSize' : [ 0x11c, ['unsigned long']],
+    'SessionProcessLinks' : [ 0x120, ['_LIST_ENTRY']],
+    'ExceptionPortData' : [ 0x128, ['pointer', ['void']]],
+    'ExceptionPortValue' : [ 0x128, ['unsigned long']],
+    'ExceptionPortState' : [ 0x128, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Token' : [ 0x12c, ['_EX_FAST_REF']],
+    'MmReserved' : [ 0x130, ['unsigned long']],
+    'AddressCreationLock' : [ 0x134, ['_EX_PUSH_LOCK']],
+    'PageTableCommitmentLock' : [ 0x138, ['_EX_PUSH_LOCK']],
+    'RotateInProgress' : [ 0x13c, ['pointer', ['_ETHREAD']]],
+    'ForkInProgress' : [ 0x140, ['pointer', ['_ETHREAD']]],
+    'CommitChargeJob' : [ 0x144, ['pointer', ['_EJOB']]],
+    'CloneRoot' : [ 0x148, ['_RTL_AVL_TREE']],
+    'NumberOfPrivatePages' : [ 0x14c, ['unsigned long']],
+    'NumberOfLockedPages' : [ 0x150, ['unsigned long']],
+    'Win32Process' : [ 0x154, ['pointer', ['void']]],
+    'Job' : [ 0x158, ['pointer', ['_EJOB']]],
+    'SectionObject' : [ 0x15c, ['pointer', ['void']]],
+    'SectionBaseAddress' : [ 0x160, ['pointer', ['void']]],
+    'Cookie' : [ 0x164, ['unsigned long']],
+    'WorkingSetWatch' : [ 0x168, ['pointer', ['_PAGEFAULT_HISTORY']]],
+    'Win32WindowStation' : [ 0x16c, ['pointer', ['void']]],
+    'InheritedFromUniqueProcessId' : [ 0x170, ['pointer', ['void']]],
+    'LdtInformation' : [ 0x174, ['pointer', ['void']]],
+    'OwnerProcessId' : [ 0x178, ['unsigned long']],
+    'Peb' : [ 0x17c, ['pointer', ['_PEB']]],
+    'Session' : [ 0x180, ['pointer', ['_MM_SESSION_SPACE']]],
+    'Spare1' : [ 0x184, ['pointer', ['void']]],
+    'QuotaBlock' : [ 0x188, ['pointer', ['_EPROCESS_QUOTA_BLOCK']]],
+    'ObjectTable' : [ 0x18c, ['pointer', ['_HANDLE_TABLE']]],
+    'DebugPort' : [ 0x190, ['pointer', ['void']]],
+    'PaeTop' : [ 0x194, ['pointer', ['void']]],
+    'DeviceMap' : [ 0x198, ['pointer', ['void']]],
+    'EtwDataSource' : [ 0x19c, ['pointer', ['void']]],
+    'PageDirectoryPte' : [ 0x1a0, ['unsigned long long']],
+    'ImageFilePointer' : [ 0x1a8, ['pointer', ['_FILE_OBJECT']]],
+    'ImageFileName' : [ 0x1ac, ['array', 15, ['unsigned char']]],
+    'PriorityClass' : [ 0x1bb, ['unsigned char']],
+    'SecurityPort' : [ 0x1bc, ['pointer', ['void']]],
+    'SeAuditProcessCreationInfo' : [ 0x1c0, ['_SE_AUDIT_PROCESS_CREATION_INFO']],
+    'JobLinks' : [ 0x1c4, ['_LIST_ENTRY']],
+    'HighestUserAddress' : [ 0x1cc, ['pointer', ['void']]],
+    'ThreadListHead' : [ 0x1d0, ['_LIST_ENTRY']],
+    'ActiveThreads' : [ 0x1d8, ['unsigned long']],
+    'ImagePathHash' : [ 0x1dc, ['unsigned long']],
+    'DefaultHardErrorProcessing' : [ 0x1e0, ['unsigned long']],
+    'LastThreadExitStatus' : [ 0x1e4, ['long']],
+    'PrefetchTrace' : [ 0x1e8, ['_EX_FAST_REF']],
+    'LockedPagesList' : [ 0x1ec, ['pointer', ['void']]],
+    'ReadOperationCount' : [ 0x1f0, ['_LARGE_INTEGER']],
+    'WriteOperationCount' : [ 0x1f8, ['_LARGE_INTEGER']],
+    'OtherOperationCount' : [ 0x200, ['_LARGE_INTEGER']],
+    'ReadTransferCount' : [ 0x208, ['_LARGE_INTEGER']],
+    'WriteTransferCount' : [ 0x210, ['_LARGE_INTEGER']],
+    'OtherTransferCount' : [ 0x218, ['_LARGE_INTEGER']],
+    'CommitChargeLimit' : [ 0x220, ['unsigned long']],
+    'CommitCharge' : [ 0x224, ['unsigned long']],
+    'CommitChargePeak' : [ 0x228, ['unsigned long']],
+    'Vm' : [ 0x240, ['_MMSUPPORT_FULL']],
+    'MmProcessLinks' : [ 0x340, ['_LIST_ENTRY']],
+    'ModifiedPageCount' : [ 0x348, ['unsigned long']],
+    'ExitStatus' : [ 0x34c, ['long']],
+    'VadRoot' : [ 0x350, ['_RTL_AVL_TREE']],
+    'VadHint' : [ 0x354, ['pointer', ['void']]],
+    'VadCount' : [ 0x358, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x35c, ['unsigned long']],
+    'VadPhysicalPagesLimit' : [ 0x360, ['unsigned long']],
+    'AlpcContext' : [ 0x364, ['_ALPC_PROCESS_CONTEXT']],
+    'TimerResolutionLink' : [ 0x374, ['_LIST_ENTRY']],
+    'TimerResolutionStackRecord' : [ 0x37c, ['pointer', ['_PO_DIAG_STACK_RECORD']]],
+    'RequestedTimerResolution' : [ 0x380, ['unsigned long']],
+    'SmallestTimerResolution' : [ 0x384, ['unsigned long']],
+    'ExitTime' : [ 0x388, ['_LARGE_INTEGER']],
+    'ActiveThreadsHighWatermark' : [ 0x390, ['unsigned long']],
+    'LargePrivateVadCount' : [ 0x394, ['unsigned long']],
+    'ThreadListLock' : [ 0x398, ['_EX_PUSH_LOCK']],
+    'WnfContext' : [ 0x39c, ['pointer', ['void']]],
+    'ServerSilo' : [ 0x3a0, ['pointer', ['_EJOB']]],
+    'SignatureLevel' : [ 0x3a4, ['unsigned char']],
+    'SectionSignatureLevel' : [ 0x3a5, ['unsigned char']],
+    'Protection' : [ 0x3a6, ['_PS_PROTECTION']],
+    'HangCount' : [ 0x3a7, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'GhostCount' : [ 0x3a7, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'PrefilterException' : [ 0x3a7, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Flags3' : [ 0x3a8, ['unsigned long']],
+    'Minimal' : [ 0x3a8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReplacingPageRoot' : [ 0x3a8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Crashed' : [ 0x3a8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'JobVadsAreTracked' : [ 0x3a8, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadTrackingDisabled' : [ 0x3a8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'AuxiliaryProcess' : [ 0x3a8, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SubsystemProcess' : [ 0x3a8, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IndirectCpuSets' : [ 0x3a8, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RelinquishedCommit' : [ 0x3a8, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'HighGraphicsPriority' : [ 0x3a8, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CommitFailLogged' : [ 0x3a8, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReserveFailLogged' : [ 0x3a8, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'SystemProcess' : [ 0x3a8, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'HideImageBaseAddresses' : [ 0x3a8, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'AddressPolicyFrozen' : [ 0x3a8, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProcessFirstResume' : [ 0x3a8, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ForegroundExternal' : [ 0x3a8, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ForegroundSystem' : [ 0x3a8, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HighMemoryPriority' : [ 0x3a8, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'EnableProcessSuspendResumeLogging' : [ 0x3a8, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'EnableThreadSuspendResumeLogging' : [ 0x3a8, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'SecurityDomainChanged' : [ 0x3a8, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'SecurityFreezeComplete' : [ 0x3a8, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'VmProcessorHost' : [ 0x3a8, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VmProcessorHostTransition' : [ 0x3a8, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'AltSyscall' : [ 0x3a8, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'TimerResolutionIgnore' : [ 0x3a8, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'DeviceAsid' : [ 0x3ac, ['long']],
+    'SvmData' : [ 0x3b0, ['pointer', ['void']]],
+    'SvmProcessLock' : [ 0x3b4, ['_EX_PUSH_LOCK']],
+    'SvmLock' : [ 0x3b8, ['unsigned long']],
+    'SvmProcessDeviceListHead' : [ 0x3bc, ['_LIST_ENTRY']],
+    'LastFreezeInterruptTime' : [ 0x3c8, ['unsigned long long']],
+    'DiskCounters' : [ 0x3d0, ['pointer', ['_PROCESS_DISK_COUNTERS']]],
+    'PicoContext' : [ 0x3d4, ['pointer', ['void']]],
+    'HighPriorityFaultsAllowed' : [ 0x3d8, ['unsigned long']],
+    'InstrumentationCallback' : [ 0x3dc, ['pointer', ['void']]],
+    'EnergyContext' : [ 0x3e0, ['pointer', ['_PO_PROCESS_ENERGY_CONTEXT']]],
+    'VmContext' : [ 0x3e4, ['pointer', ['void']]],
+    'SequenceNumber' : [ 0x3e8, ['unsigned long long']],
+    'CreateInterruptTime' : [ 0x3f0, ['unsigned long long']],
+    'CreateUnbiasedInterruptTime' : [ 0x3f8, ['unsigned long long']],
+    'TotalUnbiasedFrozenTime' : [ 0x400, ['unsigned long long']],
+    'LastAppStateUpdateTime' : [ 0x408, ['unsigned long long']],
+    'LastAppStateUptime' : [ 0x410, ['BitField', dict(start_bit = 0, end_bit = 61, native_type='unsigned long long')]],
+    'LastAppState' : [ 0x410, ['BitField', dict(start_bit = 61, end_bit = 64, native_type='unsigned long long')]],
+    'SharedCommitCharge' : [ 0x418, ['unsigned long']],
+    'SharedCommitLock' : [ 0x41c, ['_EX_PUSH_LOCK']],
+    'SharedCommitLinks' : [ 0x420, ['_LIST_ENTRY']],
+    'AllowedCpuSets' : [ 0x428, ['unsigned long']],
+    'DefaultCpuSets' : [ 0x42c, ['unsigned long']],
+    'AllowedCpuSetsIndirect' : [ 0x428, ['pointer', ['unsigned long']]],
+    'DefaultCpuSetsIndirect' : [ 0x42c, ['pointer', ['unsigned long']]],
+    'DiskIoAttribution' : [ 0x430, ['pointer', ['void']]],
+    'DxgProcess' : [ 0x434, ['pointer', ['void']]],
+    'Win32KFilterSet' : [ 0x438, ['unsigned long']],
+    'ProcessTimerDelay' : [ 0x440, ['_PS_INTERLOCKED_TIMER_DELAY_VALUES']],
+    'KTimerSets' : [ 0x448, ['unsigned long']],
+    'KTimer2Sets' : [ 0x44c, ['unsigned long']],
+    'ThreadTimerSets' : [ 0x450, ['unsigned long']],
+    'VirtualTimerListLock' : [ 0x454, ['unsigned long']],
+    'VirtualTimerListHead' : [ 0x458, ['_LIST_ENTRY']],
+    'WakeChannel' : [ 0x460, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x460, ['_PS_PROCESS_WAKE_INFORMATION']],
+    'MitigationFlags' : [ 0x490, ['unsigned long']],
+    'MitigationFlagsValues' : [ 0x490, ['__unnamed_13db']],
+    'MitigationFlags2' : [ 0x494, ['unsigned long']],
+    'MitigationFlags2Values' : [ 0x494, ['__unnamed_13dd']],
+    'PartitionObject' : [ 0x498, ['pointer', ['void']]],
+    'SecurityDomain' : [ 0x4a0, ['unsigned long long']],
+    'ParentSecurityDomain' : [ 0x4a8, ['unsigned long long']],
+    'CoverageSamplerContext' : [ 0x4b0, ['pointer', ['void']]],
+    'MmHotPatchContext' : [ 0x4b4, ['pointer', ['void']]],
+    'DynamicEHContinuationTargetsTree' : [ 0x4b8, ['_RTL_AVL_TREE']],
+    'DynamicEHContinuationTargetsLock' : [ 0x4bc, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_13f0' : [ 0x4, {
+    'MasterIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'IrpCount' : [ 0x0, ['long']],
+    'SystemBuffer' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_13f6' : [ 0x8, {
+    'UserApcRoutine' : [ 0x0, ['pointer', ['void']]],
+    'IssuingProcess' : [ 0x0, ['pointer', ['void']]],
+    'UserApcContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_13f8' : [ 0x8, {
+    'AsynchronousParameters' : [ 0x0, ['__unnamed_13f6']],
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1401' : [ 0x2c, {
+    'DeviceQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DriverContext' : [ 0x0, ['array', 4, ['pointer', ['void']]]],
+    'Thread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'AuxiliaryBuffer' : [ 0x14, ['pointer', ['unsigned char']]],
+    'ListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'CurrentStackLocation' : [ 0x20, ['pointer', ['_IO_STACK_LOCATION']]],
+    'PacketType' : [ 0x20, ['unsigned long']],
+    'OriginalFileObject' : [ 0x24, ['pointer', ['_FILE_OBJECT']]],
+    'IrpExtension' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '__unnamed_1403' : [ 0x30, {
+    'Overlay' : [ 0x0, ['__unnamed_1401']],
+    'Apc' : [ 0x0, ['_KAPC']],
+    'CompletionKey' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_IRP' : [ 0x70, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'MdlAddress' : [ 0x4, ['pointer', ['_MDL']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'AssociatedIrp' : [ 0xc, ['__unnamed_13f0']],
+    'ThreadListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'IoStatus' : [ 0x18, ['_IO_STATUS_BLOCK']],
+    'RequestorMode' : [ 0x20, ['unsigned char']],
+    'PendingReturned' : [ 0x21, ['unsigned char']],
+    'StackCount' : [ 0x22, ['unsigned char']],
+    'CurrentLocation' : [ 0x23, ['unsigned char']],
+    'Cancel' : [ 0x24, ['unsigned char']],
+    'CancelIrql' : [ 0x25, ['unsigned char']],
+    'ApcEnvironment' : [ 0x26, ['unsigned char']],
+    'AllocationFlags' : [ 0x27, ['unsigned char']],
+    'UserIosb' : [ 0x28, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'UserEvent' : [ 0x2c, ['pointer', ['_KEVENT']]],
+    'Overlay' : [ 0x30, ['__unnamed_13f8']],
+    'CancelRoutine' : [ 0x38, ['pointer', ['void']]],
+    'UserBuffer' : [ 0x3c, ['pointer', ['void']]],
+    'Tail' : [ 0x40, ['__unnamed_1403']],
+} ],
+  '__unnamed_140a' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'FileAttributes' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'EaLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_140e' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_NAMED_PIPE_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_1412' : [ 0x10, {
+    'SecurityContext' : [ 0x0, ['pointer', ['_IO_SECURITY_CONTEXT']]],
+    'Options' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned short']],
+    'ShareAccess' : [ 0xa, ['unsigned short']],
+    'Parameters' : [ 0xc, ['pointer', ['_MAILSLOT_CREATE_PARAMETERS']]],
+} ],
+  '__unnamed_1414' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1418' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileName' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'FileInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_141a' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_141e' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'CompletionFilter' : [ 0x4, ['unsigned long']],
+    'DirectoryNotifyInformationClass' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {1: u'DirectoryNotifyInformation', 2: u'DirectoryNotifyExtendedInformation'})]],
+} ],
+  '__unnamed_1420' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+} ],
+  '__unnamed_1422' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FileInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'ReplaceIfExists' : [ 0xc, ['unsigned char']],
+    'AdvanceOnly' : [ 0xd, ['unsigned char']],
+    'ClusterCount' : [ 0xc, ['unsigned long']],
+    'DeleteHandle' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1424' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'EaList' : [ 0x4, ['pointer', ['void']]],
+    'EaListLength' : [ 0x8, ['unsigned long']],
+    'EaIndex' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1426' : [ 0x4, {
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_142a' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'FsInformationClass' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {1: u'FileFsVolumeInformation', 2: u'FileFsLabelInformation', 3: u'FileFsSizeInformation', 4: u'FileFsDeviceInformation', 5: u'FileFsAttributeInformation', 6: u'FileFsControlInformation', 7: u'FileFsFullSizeInformation', 8: u'FileFsObjectIdInformation', 9: u'FileFsDriverPathInformation', 10: u'FileFsVolumeFlagsInformation', 11: u'FileFsSectorSizeInformation', 12: u'FileFsDataCopyInformation', 13: u'FileFsMetadataSizeInformation', 14: u'FileFsFullSizeInformationEx', 15: u'FileFsMaximumInformation'})]],
+} ],
+  '__unnamed_142c' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'FsControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_142f' : [ 0x10, {
+    'Length' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'Key' : [ 0x4, ['unsigned long']],
+    'ByteOffset' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_1431' : [ 0x10, {
+    'OutputBufferLength' : [ 0x0, ['unsigned long']],
+    'InputBufferLength' : [ 0x4, ['unsigned long']],
+    'IoControlCode' : [ 0x8, ['unsigned long']],
+    'Type3InputBuffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1433' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1435' : [ 0x8, {
+    'SecurityInformation' : [ 0x0, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1439' : [ 0x8, {
+    'Vpb' : [ 0x0, ['pointer', ['_VPB']]],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '__unnamed_143d' : [ 0x4, {
+    'Srb' : [ 0x0, ['pointer', ['_SCSI_REQUEST_BLOCK']]],
+} ],
+  '__unnamed_1441' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'StartSid' : [ 0x4, ['pointer', ['void']]],
+    'SidList' : [ 0x8, ['pointer', ['_FILE_GET_QUOTA_INFORMATION']]],
+    'SidListLength' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1445' : [ 0x4, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusRelations', 1: u'EjectionRelations', 2: u'PowerRelations', 3: u'RemovalRelations', 4: u'TargetDeviceRelation', 5: u'SingleBusRelations', 6: u'TransportRelations'})]],
+} ],
+  '__unnamed_1449' : [ 0x10, {
+    'InterfaceType' : [ 0x0, ['pointer', ['_GUID']]],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned short']],
+    'Interface' : [ 0x8, ['pointer', ['_INTERFACE']]],
+    'InterfaceSpecificData' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_144d' : [ 0x4, {
+    'Capabilities' : [ 0x0, ['pointer', ['_DEVICE_CAPABILITIES']]],
+} ],
+  '__unnamed_1451' : [ 0x4, {
+    'IoResourceRequirementList' : [ 0x0, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+} ],
+  '__unnamed_1453' : [ 0x10, {
+    'WhichSpace' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['void']]],
+    'Offset' : [ 0x8, ['unsigned long']],
+    'Length' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_1455' : [ 0x1, {
+    'Lock' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_1459' : [ 0x4, {
+    'IdType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusQueryDeviceID', 1: u'BusQueryHardwareIDs', 2: u'BusQueryCompatibleIDs', 3: u'BusQueryInstanceID', 4: u'BusQueryDeviceSerialNumber', 5: u'BusQueryContainerID'})]],
+} ],
+  '__unnamed_145d' : [ 0x8, {
+    'DeviceTextType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceTextDescription', 1: u'DeviceTextLocationInformation'})]],
+    'LocaleId' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_1461' : [ 0x8, {
+    'InPath' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay', 6: u'DeviceUsageTypeGuestAssigned'})]],
+} ],
+  '__unnamed_1465' : [ 0x4, {
+    'PowerState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '__unnamed_1469' : [ 0x4, {
+    'PowerSequence' : [ 0x0, ['pointer', ['_POWER_SEQUENCE']]],
+} ],
+  '__unnamed_1471' : [ 0x10, {
+    'SystemContext' : [ 0x0, ['unsigned long']],
+    'SystemPowerStateContext' : [ 0x0, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'State' : [ 0x8, ['_POWER_STATE']],
+    'ShutdownType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+} ],
+  '__unnamed_1475' : [ 0x8, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'AllocatedResourcesTranslated' : [ 0x4, ['pointer', ['_CM_RESOURCE_LIST']]],
+} ],
+  '__unnamed_1477' : [ 0x10, {
+    'ProviderId' : [ 0x0, ['unsigned long']],
+    'DataPath' : [ 0x4, ['pointer', ['void']]],
+    'BufferSize' : [ 0x8, ['unsigned long']],
+    'Buffer' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_1479' : [ 0x10, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '__unnamed_147b' : [ 0x10, {
+    'Create' : [ 0x0, ['__unnamed_140a']],
+    'CreatePipe' : [ 0x0, ['__unnamed_140e']],
+    'CreateMailslot' : [ 0x0, ['__unnamed_1412']],
+    'Read' : [ 0x0, ['__unnamed_1414']],
+    'Write' : [ 0x0, ['__unnamed_1414']],
+    'QueryDirectory' : [ 0x0, ['__unnamed_1418']],
+    'NotifyDirectory' : [ 0x0, ['__unnamed_141a']],
+    'NotifyDirectoryEx' : [ 0x0, ['__unnamed_141e']],
+    'QueryFile' : [ 0x0, ['__unnamed_1420']],
+    'SetFile' : [ 0x0, ['__unnamed_1422']],
+    'QueryEa' : [ 0x0, ['__unnamed_1424']],
+    'SetEa' : [ 0x0, ['__unnamed_1426']],
+    'QueryVolume' : [ 0x0, ['__unnamed_142a']],
+    'SetVolume' : [ 0x0, ['__unnamed_142a']],
+    'FileSystemControl' : [ 0x0, ['__unnamed_142c']],
+    'LockControl' : [ 0x0, ['__unnamed_142f']],
+    'DeviceIoControl' : [ 0x0, ['__unnamed_1431']],
+    'QuerySecurity' : [ 0x0, ['__unnamed_1433']],
+    'SetSecurity' : [ 0x0, ['__unnamed_1435']],
+    'MountVolume' : [ 0x0, ['__unnamed_1439']],
+    'VerifyVolume' : [ 0x0, ['__unnamed_1439']],
+    'Scsi' : [ 0x0, ['__unnamed_143d']],
+    'QueryQuota' : [ 0x0, ['__unnamed_1441']],
+    'SetQuota' : [ 0x0, ['__unnamed_1426']],
+    'QueryDeviceRelations' : [ 0x0, ['__unnamed_1445']],
+    'QueryInterface' : [ 0x0, ['__unnamed_1449']],
+    'DeviceCapabilities' : [ 0x0, ['__unnamed_144d']],
+    'FilterResourceRequirements' : [ 0x0, ['__unnamed_1451']],
+    'ReadWriteConfig' : [ 0x0, ['__unnamed_1453']],
+    'SetLock' : [ 0x0, ['__unnamed_1455']],
+    'QueryId' : [ 0x0, ['__unnamed_1459']],
+    'QueryDeviceText' : [ 0x0, ['__unnamed_145d']],
+    'UsageNotification' : [ 0x0, ['__unnamed_1461']],
+    'WaitWake' : [ 0x0, ['__unnamed_1465']],
+    'PowerSequence' : [ 0x0, ['__unnamed_1469']],
+    'Power' : [ 0x0, ['__unnamed_1471']],
+    'StartDevice' : [ 0x0, ['__unnamed_1475']],
+    'WMI' : [ 0x0, ['__unnamed_1477']],
+    'Others' : [ 0x0, ['__unnamed_1479']],
+} ],
+  '_IO_STACK_LOCATION' : [ 0x24, {
+    'MajorFunction' : [ 0x0, ['unsigned char']],
+    'MinorFunction' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'Control' : [ 0x3, ['unsigned char']],
+    'Parameters' : [ 0x4, ['__unnamed_147b']],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0x18, ['pointer', ['_FILE_OBJECT']]],
+    'CompletionRoutine' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+} ],
+  '__unnamed_148d' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Wcb' : [ 0x0, ['_WAIT_CONTEXT_BLOCK']],
+} ],
+  '_DEVICE_OBJECT' : [ 0xb8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'DriverObject' : [ 0x8, ['pointer', ['_DRIVER_OBJECT']]],
+    'NextDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentIrp' : [ 0x14, ['pointer', ['_IRP']]],
+    'Timer' : [ 0x18, ['pointer', ['_IO_TIMER']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'Characteristics' : [ 0x20, ['unsigned long']],
+    'Vpb' : [ 0x24, ['pointer', ['_VPB']]],
+    'DeviceExtension' : [ 0x28, ['pointer', ['void']]],
+    'DeviceType' : [ 0x2c, ['unsigned long']],
+    'StackSize' : [ 0x30, ['unsigned char']],
+    'Queue' : [ 0x34, ['__unnamed_148d']],
+    'AlignmentRequirement' : [ 0x5c, ['unsigned long']],
+    'DeviceQueue' : [ 0x60, ['_KDEVICE_QUEUE']],
+    'Dpc' : [ 0x74, ['_KDPC']],
+    'ActiveThreadCount' : [ 0x94, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x98, ['pointer', ['void']]],
+    'DeviceLock' : [ 0x9c, ['_KEVENT']],
+    'SectorSize' : [ 0xac, ['unsigned short']],
+    'Spare1' : [ 0xae, ['unsigned short']],
+    'DeviceObjectExtension' : [ 0xb0, ['pointer', ['_DEVOBJ_EXTENSION']]],
+    'Reserved' : [ 0xb4, ['pointer', ['void']]],
+} ],
+  '_KDPC' : [ 0x20, {
+    'TargetInfoAsUlong' : [ 0x0, ['unsigned long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Importance' : [ 0x1, ['unsigned char']],
+    'Number' : [ 0x2, ['unsigned short']],
+    'DpcListEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+    'ProcessorHistory' : [ 0x8, ['unsigned long']],
+    'DeferredRoutine' : [ 0xc, ['pointer', ['void']]],
+    'DeferredContext' : [ 0x10, ['pointer', ['void']]],
+    'SystemArgument1' : [ 0x14, ['pointer', ['void']]],
+    'SystemArgument2' : [ 0x18, ['pointer', ['void']]],
+    'DpcData' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_IO_DRIVER_CREATE_CONTEXT' : [ 0x14, {
+    'Size' : [ 0x0, ['short']],
+    'ExtraCreateParameter' : [ 0x4, ['pointer', ['_ECP_LIST']]],
+    'DeviceObjectHint' : [ 0x8, ['pointer', ['void']]],
+    'TxnParameters' : [ 0xc, ['pointer', ['_TXN_PARAMETER_BLOCK']]],
+    'SiloContext' : [ 0x10, ['pointer', ['_EJOB']]],
+} ],
+  '_EJOB' : [ 0x3c0, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'JobLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'ProcessListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'JobLock' : [ 0x20, ['_ERESOURCE']],
+    'TotalUserTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'TotalKernelTime' : [ 0x60, ['_LARGE_INTEGER']],
+    'TotalCycleTime' : [ 0x68, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalUserTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'ThisPeriodTotalKernelTime' : [ 0x78, ['_LARGE_INTEGER']],
+    'TotalContextSwitches' : [ 0x80, ['unsigned long long']],
+    'TotalPageFaultCount' : [ 0x88, ['unsigned long']],
+    'TotalProcesses' : [ 0x8c, ['unsigned long']],
+    'ActiveProcesses' : [ 0x90, ['unsigned long']],
+    'TotalTerminatedProcesses' : [ 0x94, ['unsigned long']],
+    'PerProcessUserTimeLimit' : [ 0x98, ['_LARGE_INTEGER']],
+    'PerJobUserTimeLimit' : [ 0xa0, ['_LARGE_INTEGER']],
+    'MinimumWorkingSetSize' : [ 0xa8, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0xac, ['unsigned long']],
+    'LimitFlags' : [ 0xb0, ['unsigned long']],
+    'ActiveProcessLimit' : [ 0xb4, ['unsigned long']],
+    'Affinity' : [ 0xb8, ['_KAFFINITY_EX']],
+    'AccessState' : [ 0xc4, ['pointer', ['_JOB_ACCESS_STATE']]],
+    'AccessStateQuotaReference' : [ 0xc8, ['pointer', ['void']]],
+    'UIRestrictionsClass' : [ 0xcc, ['unsigned long']],
+    'EndOfJobTimeAction' : [ 0xd0, ['unsigned long']],
+    'CompletionPort' : [ 0xd4, ['pointer', ['void']]],
+    'CompletionKey' : [ 0xd8, ['pointer', ['void']]],
+    'CompletionCount' : [ 0xe0, ['unsigned long long']],
+    'SessionId' : [ 0xe8, ['unsigned long']],
+    'SchedulingClass' : [ 0xec, ['unsigned long']],
+    'ReadOperationCount' : [ 0xf0, ['unsigned long long']],
+    'WriteOperationCount' : [ 0xf8, ['unsigned long long']],
+    'OtherOperationCount' : [ 0x100, ['unsigned long long']],
+    'ReadTransferCount' : [ 0x108, ['unsigned long long']],
+    'WriteTransferCount' : [ 0x110, ['unsigned long long']],
+    'OtherTransferCount' : [ 0x118, ['unsigned long long']],
+    'DiskIoInfo' : [ 0x120, ['_PROCESS_DISK_COUNTERS']],
+    'ProcessMemoryLimit' : [ 0x148, ['unsigned long']],
+    'JobMemoryLimit' : [ 0x14c, ['unsigned long']],
+    'JobTotalMemoryLimit' : [ 0x150, ['unsigned long']],
+    'PeakProcessMemoryUsed' : [ 0x154, ['unsigned long']],
+    'PeakJobMemoryUsed' : [ 0x158, ['unsigned long']],
+    'EffectiveAffinity' : [ 0x15c, ['_KAFFINITY_EX']],
+    'EffectivePerProcessUserTimeLimit' : [ 0x168, ['_LARGE_INTEGER']],
+    'EffectiveMinimumWorkingSetSize' : [ 0x170, ['unsigned long']],
+    'EffectiveMaximumWorkingSetSize' : [ 0x174, ['unsigned long']],
+    'EffectiveProcessMemoryLimit' : [ 0x178, ['unsigned long']],
+    'EffectiveProcessMemoryLimitJob' : [ 0x17c, ['pointer', ['_EJOB']]],
+    'EffectivePerProcessUserTimeLimitJob' : [ 0x180, ['pointer', ['_EJOB']]],
+    'EffectiveNetIoRateLimitJob' : [ 0x184, ['pointer', ['_EJOB']]],
+    'EffectiveHeapAttributionJob' : [ 0x188, ['pointer', ['_EJOB']]],
+    'EffectiveLimitFlags' : [ 0x18c, ['unsigned long']],
+    'EffectiveSchedulingClass' : [ 0x190, ['unsigned long']],
+    'EffectiveFreezeCount' : [ 0x194, ['unsigned long']],
+    'EffectiveBackgroundCount' : [ 0x198, ['unsigned long']],
+    'EffectiveSwapCount' : [ 0x19c, ['unsigned long']],
+    'EffectiveNotificationLimitCount' : [ 0x1a0, ['unsigned long']],
+    'EffectivePriorityClass' : [ 0x1a4, ['unsigned char']],
+    'PriorityClass' : [ 0x1a5, ['unsigned char']],
+    'NestingDepth' : [ 0x1a6, ['unsigned char']],
+    'Reserved1' : [ 0x1a7, ['array', 1, ['unsigned char']]],
+    'CompletionFilter' : [ 0x1a8, ['unsigned long']],
+    'WakeChannel' : [ 0x1b0, ['_WNF_STATE_NAME']],
+    'WakeInfo' : [ 0x1b0, ['_PS_JOB_WAKE_INFORMATION']],
+    'WakeFilter' : [ 0x1f8, ['_JOBOBJECT_WAKE_FILTER']],
+    'LowEdgeLatchFilter' : [ 0x200, ['unsigned long']],
+    'NotificationLink' : [ 0x204, ['pointer', ['_EJOB']]],
+    'CurrentJobMemoryUsed' : [ 0x208, ['unsigned long long']],
+    'NotificationInfo' : [ 0x210, ['pointer', ['_JOB_NOTIFICATION_INFORMATION']]],
+    'NotificationInfoQuotaReference' : [ 0x214, ['pointer', ['void']]],
+    'NotificationPacket' : [ 0x218, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'CpuRateControl' : [ 0x21c, ['pointer', ['_JOB_CPU_RATE_CONTROL']]],
+    'EffectiveSchedulingGroup' : [ 0x220, ['pointer', ['void']]],
+    'ReadyTime' : [ 0x228, ['unsigned long long']],
+    'MemoryLimitsLock' : [ 0x230, ['_EX_PUSH_LOCK']],
+    'SiblingJobLinks' : [ 0x234, ['_LIST_ENTRY']],
+    'ChildJobListHead' : [ 0x23c, ['_LIST_ENTRY']],
+    'ParentJob' : [ 0x244, ['pointer', ['_EJOB']]],
+    'RootJob' : [ 0x248, ['pointer', ['_EJOB']]],
+    'IteratorListHead' : [ 0x24c, ['_LIST_ENTRY']],
+    'AncestorCount' : [ 0x254, ['unsigned long']],
+    'Ancestors' : [ 0x258, ['pointer', ['pointer', ['_EJOB']]]],
+    'SessionObject' : [ 0x258, ['pointer', ['void']]],
+    'Accounting' : [ 0x260, ['_EPROCESS_VALUES']],
+    'ShadowActiveProcessCount' : [ 0x2c8, ['unsigned long']],
+    'ActiveAuxiliaryProcessCount' : [ 0x2cc, ['unsigned long']],
+    'SequenceNumber' : [ 0x2d0, ['unsigned long']],
+    'JobId' : [ 0x2d4, ['unsigned long']],
+    'ContainerId' : [ 0x2d8, ['_GUID']],
+    'ContainerTelemetryId' : [ 0x2e8, ['_GUID']],
+    'ServerSiloGlobals' : [ 0x2f8, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'PropertySet' : [ 0x2fc, ['_PS_PROPERTY_SET']],
+    'Storage' : [ 0x308, ['pointer', ['_PSP_STORAGE']]],
+    'NetRateControl' : [ 0x30c, ['pointer', ['_JOB_NET_RATE_CONTROL']]],
+    'JobFlags' : [ 0x310, ['unsigned long']],
+    'CloseDone' : [ 0x310, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MultiGroup' : [ 0x310, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'OutstandingNotification' : [ 0x310, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NotificationInProgress' : [ 0x310, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UILimits' : [ 0x310, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'CpuRateControlActive' : [ 0x310, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'OwnCpuRateControl' : [ 0x310, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Terminating' : [ 0x310, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'WorkingSetLock' : [ 0x310, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'JobFrozen' : [ 0x310, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Background' : [ 0x310, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeNotificationAllocated' : [ 0x310, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeNotificationEnabled' : [ 0x310, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeNotificationPending' : [ 0x310, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LimitNotificationRequired' : [ 0x310, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ZeroCountNotificationRequired' : [ 0x310, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CycleTimeNotificationRequired' : [ 0x310, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CycleTimeNotificationPending' : [ 0x310, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'TimersVirtualized' : [ 0x310, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'JobSwapped' : [ 0x310, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ViolationDetected' : [ 0x310, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'EmptyJobNotified' : [ 0x310, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'NoSystemCharge' : [ 0x310, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DropNoWakeCharges' : [ 0x310, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'NoWakeChargePolicyDecided' : [ 0x310, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'NetRateControlActive' : [ 0x310, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'OwnNetRateControl' : [ 0x310, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IoRateControlActive' : [ 0x310, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'OwnIoRateControl' : [ 0x310, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisallowNewProcesses' : [ 0x310, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Silo' : [ 0x310, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ContainerTelemetryIdSet' : [ 0x310, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'JobFlags2' : [ 0x314, ['unsigned long']],
+    'ParentLocked' : [ 0x314, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EnableUsermodeSiloThreadImpersonation' : [ 0x314, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DisallowUsermodeSiloThreadImpersonation' : [ 0x314, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EnergyValues' : [ 0x318, ['pointer', ['_PROCESS_EXTENDED_ENERGY_VALUES']]],
+    'SharedCommitCharge' : [ 0x31c, ['unsigned long']],
+    'DiskIoAttributionUserRefCount' : [ 0x320, ['unsigned long']],
+    'DiskIoAttributionRefCount' : [ 0x324, ['unsigned long']],
+    'DiskIoAttributionContext' : [ 0x328, ['pointer', ['void']]],
+    'DiskIoAttributionOwnerJob' : [ 0x328, ['pointer', ['_EJOB']]],
+    'IoRateControlHeader' : [ 0x32c, ['_JOB_RATE_CONTROL_HEADER']],
+    'GlobalIoControl' : [ 0x340, ['_PS_IO_CONTROL_ENTRY']],
+    'IoControlStateLock' : [ 0x35c, ['long']],
+    'VolumeIoControlTree' : [ 0x360, ['_RTL_RB_TREE']],
+    'IoRateOverQuotaHistory' : [ 0x368, ['unsigned long long']],
+    'IoRateCurrentGeneration' : [ 0x370, ['unsigned long']],
+    'IoRateLastQueryGeneration' : [ 0x374, ['unsigned long']],
+    'IoRateGenerationLength' : [ 0x378, ['unsigned long']],
+    'IoRateOverQuotaNotifySequenceId' : [ 0x37c, ['unsigned long']],
+    'LastThrottledIoTime' : [ 0x380, ['unsigned long long']],
+    'IoControlLock' : [ 0x388, ['_EX_PUSH_LOCK']],
+    'SiloHardReferenceCount' : [ 0x38c, ['long']],
+    'RundownWorkItem' : [ 0x390, ['_WORK_QUEUE_ITEM']],
+    'PartitionObject' : [ 0x3a0, ['pointer', ['void']]],
+    'PartitionOwnerJob' : [ 0x3a4, ['pointer', ['_EJOB']]],
+    'EnergyTrackingState' : [ 0x3a8, ['_JOBOBJECT_ENERGY_TRACKING_STATE']],
+    'KernelWaitTime' : [ 0x3b0, ['unsigned long long']],
+    'UserWaitTime' : [ 0x3b8, ['unsigned long long']],
+} ],
+  '_IO_PRIORITY_INFO' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'ThreadPriority' : [ 0x4, ['unsigned long']],
+    'PagePriority' : [ 0x8, ['unsigned long']],
+    'IoPriority' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+} ],
+  '_MDL' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MDL']]],
+    'Size' : [ 0x4, ['short']],
+    'MdlFlags' : [ 0x6, ['short']],
+    'Process' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'MappedSystemVa' : [ 0xc, ['pointer', ['void']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'ByteCount' : [ 0x14, ['unsigned long']],
+    'ByteOffset' : [ 0x18, ['unsigned long']],
+} ],
+  '_EVENT_DATA_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned char']],
+    'Reserved1' : [ 0xd, ['unsigned char']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+} ],
+  '_EVENT_DESCRIPTOR' : [ 0x10, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Channel' : [ 0x3, ['unsigned char']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Opcode' : [ 0x5, ['unsigned char']],
+    'Task' : [ 0x6, ['unsigned short']],
+    'Keyword' : [ 0x8, ['unsigned long long']],
+} ],
+  '_EVENT_RECORD' : [ 0x68, {
+    'EventHeader' : [ 0x0, ['_EVENT_HEADER']],
+    'BufferContext' : [ 0x50, ['_ETW_BUFFER_CONTEXT']],
+    'ExtendedDataCount' : [ 0x54, ['unsigned short']],
+    'UserDataLength' : [ 0x56, ['unsigned short']],
+    'ExtendedData' : [ 0x58, ['pointer', ['_EVENT_HEADER_EXTENDED_DATA_ITEM']]],
+    'UserData' : [ 0x5c, ['pointer', ['void']]],
+    'UserContext' : [ 0x60, ['pointer', ['void']]],
+} ],
+  '_PERFINFO_GROUPMASK' : [ 0x20, {
+    'Masks' : [ 0x0, ['array', 8, ['unsigned long']]],
+} ],
+  '_FILE_OBJECT' : [ 0x80, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Vpb' : [ 0x8, ['pointer', ['_VPB']]],
+    'FsContext' : [ 0xc, ['pointer', ['void']]],
+    'FsContext2' : [ 0x10, ['pointer', ['void']]],
+    'SectionObjectPointer' : [ 0x14, ['pointer', ['_SECTION_OBJECT_POINTERS']]],
+    'PrivateCacheMap' : [ 0x18, ['pointer', ['void']]],
+    'FinalStatus' : [ 0x1c, ['long']],
+    'RelatedFileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+    'LockOperation' : [ 0x24, ['unsigned char']],
+    'DeletePending' : [ 0x25, ['unsigned char']],
+    'ReadAccess' : [ 0x26, ['unsigned char']],
+    'WriteAccess' : [ 0x27, ['unsigned char']],
+    'DeleteAccess' : [ 0x28, ['unsigned char']],
+    'SharedRead' : [ 0x29, ['unsigned char']],
+    'SharedWrite' : [ 0x2a, ['unsigned char']],
+    'SharedDelete' : [ 0x2b, ['unsigned char']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['_UNICODE_STRING']],
+    'CurrentByteOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'Waiters' : [ 0x40, ['unsigned long']],
+    'Busy' : [ 0x44, ['unsigned long']],
+    'LastLock' : [ 0x48, ['pointer', ['void']]],
+    'Lock' : [ 0x4c, ['_KEVENT']],
+    'Event' : [ 0x5c, ['_KEVENT']],
+    'CompletionContext' : [ 0x6c, ['pointer', ['_IO_COMPLETION_CONTEXT']]],
+    'IrpListLock' : [ 0x70, ['unsigned long']],
+    'IrpList' : [ 0x74, ['_LIST_ENTRY']],
+    'FileObjectExtension' : [ 0x7c, ['pointer', ['void']]],
+} ],
+  '_EX_RUNDOWN_REF' : [ 0x4, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_HEADER' : [ 0x38, {
+    'Link' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'MmPteAccessType', 1: u'MmCcReadAheadType', 2: u'MmPfnRepurposeType', 3: u'MmMaximumPageAccessType'})]],
+    'EmptySequenceNumber' : [ 0x8, ['unsigned long']],
+    'CurrentFileIndex' : [ 0x8, ['unsigned long']],
+    'CreateTime' : [ 0x10, ['unsigned long long']],
+    'EmptyTime' : [ 0x18, ['unsigned long long']],
+    'TempEntry' : [ 0x18, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'PageEntry' : [ 0x20, ['pointer', ['_MM_PAGE_ACCESS_INFO']]],
+    'FileEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+    'FirstFileEntry' : [ 0x28, ['pointer', ['unsigned long']]],
+    'Process' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'SessionId' : [ 0x30, ['unsigned long']],
+    'PageFrameEntry' : [ 0x20, ['pointer', ['unsigned long']]],
+    'LastPageFrameEntry' : [ 0x24, ['pointer', ['unsigned long']]],
+} ],
+  '_MCUPDATE_INFO' : [ 0x28, {
+    'List' : [ 0x0, ['_LIST_ENTRY']],
+    'Status' : [ 0x8, ['unsigned long']],
+    'Id' : [ 0x10, ['unsigned long long']],
+    'VendorScratch' : [ 0x18, ['array', 2, ['unsigned long long']]],
+} ],
+  '_PROCESS_EXTENDED_ENERGY_VALUES' : [ 0x1b0, {
+    'Base' : [ 0x0, ['_PROCESS_ENERGY_VALUES']],
+    'Extension' : [ 0x110, ['_PROCESS_ENERGY_VALUES_EXTENSION']],
+} ],
+  '__unnamed_1555' : [ 0x3a4, {
+    'XpfMceDescriptor' : [ 0x0, ['_WHEA_XPF_MCE_DESCRIPTOR']],
+    'XpfCmcDescriptor' : [ 0x0, ['_WHEA_XPF_CMC_DESCRIPTOR']],
+    'XpfNmiDescriptor' : [ 0x0, ['_WHEA_XPF_NMI_DESCRIPTOR']],
+    'IpfMcaDescriptor' : [ 0x0, ['_WHEA_IPF_MCA_DESCRIPTOR']],
+    'IpfCmcDescriptor' : [ 0x0, ['_WHEA_IPF_CMC_DESCRIPTOR']],
+    'IpfCpeDescriptor' : [ 0x0, ['_WHEA_IPF_CPE_DESCRIPTOR']],
+    'AerRootportDescriptor' : [ 0x0, ['_WHEA_AER_ROOTPORT_DESCRIPTOR']],
+    'AerEndpointDescriptor' : [ 0x0, ['_WHEA_AER_ENDPOINT_DESCRIPTOR']],
+    'AerBridgeDescriptor' : [ 0x0, ['_WHEA_AER_BRIDGE_DESCRIPTOR']],
+    'GenErrDescriptor' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR']],
+    'GenErrDescriptorV2' : [ 0x0, ['_WHEA_GENERIC_ERROR_DESCRIPTOR_V2']],
+    'DeviceDriverDescriptor' : [ 0x0, ['_WHEA_DEVICE_DRIVER_DESCRIPTOR']],
+} ],
+  '_WHEA_ERROR_SOURCE_DESCRIPTOR' : [ 0x3cc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'State' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'WheaErrSrcStateStopped', 2: u'WheaErrSrcStateStarted', 3: u'WheaErrSrcStateRemoved', 4: u'WheaErrSrcStateRemovePending'})]],
+    'MaxRawDataLength' : [ 0x10, ['unsigned long']],
+    'NumRecordsToPreallocate' : [ 0x14, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x18, ['unsigned long']],
+    'ErrorSourceId' : [ 0x1c, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Info' : [ 0x28, ['__unnamed_1555']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY' : [ 0x20, {
+    'Header' : [ 0x0, ['_WHEA_EVENT_LOG_ENTRY_HEADER']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_FLAGS' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LogInternalEtw' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LogBlackbox' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LogSel' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RawSel' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'NoFormat' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Driver' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_PACKET_V2' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_PACKET_FLAGS']],
+    'ErrorType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrTypeProcessor', 1: u'WheaErrTypeMemory', 2: u'WheaErrTypePCIExpress', 3: u'WheaErrTypeNMI', 4: u'WheaErrTypePCIXBus', 5: u'WheaErrTypePCIXDevice', 6: u'WheaErrTypeGeneric', 7: u'WheaErrTypePmem'})]],
+    'ErrorSeverity' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ErrorSourceId' : [ 0x18, ['unsigned long']],
+    'ErrorSourceType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'NotifyType' : [ 0x20, ['_GUID']],
+    'Context' : [ 0x30, ['unsigned long long']],
+    'DataFormat' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'WheaDataFormatIPFSalRecord', 1: u'WheaDataFormatXPFMCA', 2: u'WheaDataFormatMemory', 3: u'WheaDataFormatPCIExpress', 4: u'WheaDataFormatNMIPort', 5: u'WheaDataFormatPCIXBus', 6: u'WheaDataFormatPCIXDevice', 7: u'WheaDataFormatGeneric', 8: u'WheaDataFormatMax'})]],
+    'Reserved1' : [ 0x3c, ['unsigned long']],
+    'DataOffset' : [ 0x40, ['unsigned long']],
+    'DataLength' : [ 0x44, ['unsigned long']],
+    'PshedDataOffset' : [ 0x48, ['unsigned long']],
+    'PshedDataLength' : [ 0x4c, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_RECORD' : [ 0xc8, {
+    'Header' : [ 0x0, ['_WHEA_ERROR_RECORD_HEADER']],
+    'SectionDescriptor' : [ 0x80, ['array', 1, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR']]],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR' : [ 0x48, {
+    'SectionOffset' : [ 0x0, ['unsigned long']],
+    'SectionLength' : [ 0x4, ['unsigned long']],
+    'Revision' : [ 0x8, ['_WHEA_REVISION']],
+    'ValidBits' : [ 0xa, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS']],
+    'SectionType' : [ 0x10, ['_GUID']],
+    'FRUId' : [ 0x20, ['_GUID']],
+    'SectionSeverity' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'FRUText' : [ 0x34, ['array', 20, ['unsigned char']]],
+} ],
+  '_FSRTL_ADVANCED_FCB_HEADER' : [ 0x48, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned char']],
+    'IsFastIoPossible' : [ 0x5, ['unsigned char']],
+    'Flags2' : [ 0x6, ['unsigned char']],
+    'Reserved' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Version' : [ 0x7, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'Resource' : [ 0x8, ['pointer', ['_ERESOURCE']]],
+    'PagingIoResource' : [ 0xc, ['pointer', ['_ERESOURCE']]],
+    'AllocationSize' : [ 0x10, ['_LARGE_INTEGER']],
+    'FileSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'FastMutex' : [ 0x28, ['pointer', ['_FAST_MUTEX']]],
+    'FilterContexts' : [ 0x2c, ['_LIST_ENTRY']],
+    'PushLock' : [ 0x34, ['_EX_PUSH_LOCK']],
+    'FileContextSupportPointer' : [ 0x38, ['pointer', ['pointer', ['void']]]],
+    'Oplock' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedForRemote' : [ 0x3c, ['pointer', ['void']]],
+    'ReservedContext' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_iobuf' : [ 0x20, {
+    '_ptr' : [ 0x0, ['pointer', ['unsigned char']]],
+    '_cnt' : [ 0x4, ['long']],
+    '_base' : [ 0x8, ['pointer', ['unsigned char']]],
+    '_flag' : [ 0xc, ['long']],
+    '_file' : [ 0x10, ['long']],
+    '_charbuf' : [ 0x14, ['long']],
+    '_bufsiz' : [ 0x18, ['long']],
+    '_tmpfname' : [ 0x1c, ['pointer', ['unsigned char']]],
+} ],
+  '_RTL_HASH_TABLE' : [ 0xc, {
+    'EntryCount' : [ 0x0, ['unsigned long']],
+    'MaskBitCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'BucketCount' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'Buckets' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_HASH_ENTRY' : [ 0x8, {
+    'BucketLink' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Key' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_HASH_TABLE_ITERATOR' : [ 0xc, {
+    'Hash' : [ 0x0, ['pointer', ['_RTL_HASH_TABLE']]],
+    'HashEntry' : [ 0x4, ['pointer', ['_RTL_HASH_ENTRY']]],
+    'Bucket' : [ 0x8, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_RTL_CHASH_TABLE' : [ 0x10, {
+    'Table' : [ 0x0, ['pointer', ['_RTL_CHASH_ENTRY']]],
+    'EntrySizeShift' : [ 0x4, ['unsigned long']],
+    'EntryMax' : [ 0x8, ['unsigned long']],
+    'EntryCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTL_CHASH_ENTRY' : [ 0x4, {
+    'Key' : [ 0x0, ['unsigned long']],
+} ],
+  '_tlgProvider_t' : [ 0x28, {
+    'LevelPlus1' : [ 0x0, ['unsigned long']],
+    'ProviderMetadataPtr' : [ 0x4, ['pointer', ['unsigned short']]],
+    'KeywordAny' : [ 0x8, ['unsigned long long']],
+    'KeywordAll' : [ 0x10, ['unsigned long long']],
+    'RegHandle' : [ 0x18, ['unsigned long long']],
+    'EnableCallback' : [ 0x20, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_EVENT_FILTER_DESCRIPTOR' : [ 0x10, {
+    'Ptr' : [ 0x0, ['unsigned long long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+} ],
+  '_tlgProviderMetadata_t' : [ 0x13, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ProviderId' : [ 0x1, ['_GUID']],
+    'RemainingSize' : [ 0x11, ['unsigned short']],
+} ],
+  '__m64' : [ 0x8, {
+    'm64_u64' : [ 0x0, ['unsigned long long']],
+    'm64_f32' : [ 0x0, ['array', 2, ['float']]],
+    'm64_i8' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'm64_i16' : [ 0x0, ['array', 4, ['short']]],
+    'm64_i32' : [ 0x0, ['array', 2, ['long']]],
+    'm64_i64' : [ 0x0, ['long long']],
+    'm64_u8' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'm64_u16' : [ 0x0, ['array', 4, ['unsigned short']]],
+    'm64_u32' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '__m128' : [ 0x10, {
+    'm128_f32' : [ 0x0, ['array', 4, ['float']]],
+    'm128_u64' : [ 0x0, ['array', 2, ['unsigned long long']]],
+    'm128_i8' : [ 0x0, ['array', 16, ['unsigned char']]],
+    'm128_i16' : [ 0x0, ['array', 8, ['short']]],
+    'm128_i32' : [ 0x0, ['array', 4, ['long']]],
+    'm128_i64' : [ 0x0, ['array', 2, ['long long']]],
+    'm128_u8' : [ 0x0, ['array', 16, ['unsigned char']]],
+    'm128_u16' : [ 0x0, ['array', 8, ['unsigned short']]],
+    'm128_u32' : [ 0x0, ['array', 4, ['unsigned long']]],
+} ],
+  'wil_details_FeatureReportingCache' : [ 0x8, {
+    'reported' : [ 0x0, ['wil_details_ReportedState']],
+    'recorded' : [ 0x4, ['wil_details_RecordedState']],
+} ],
+  'wil_details_RecordUsageResult' : [ 0x18, {
+    'queueBackground' : [ 0x0, ['long']],
+    'countImmediate' : [ 0x4, ['unsigned long']],
+    'kindImmediate' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_ServiceReportingKind_UniqueUsage', 1: u'wil_details_ServiceReportingKind_UniqueOpportunity', 2: u'wil_details_ServiceReportingKind_DeviceUsage', 3: u'wil_details_ServiceReportingKind_DeviceOpportunity', 4: u'wil_details_ServiceReportingKind_PotentialUniqueUsage', 5: u'wil_details_ServiceReportingKind_PotentialUniqueOpportunity', 6: u'wil_details_ServiceReportingKind_PotentialDeviceUsage', 7: u'wil_details_ServiceReportingKind_PotentialDeviceOpportunity', 8: u'wil_details_ServiceReportingKind_EnabledTotalDuration', 9: u'wil_details_ServiceReportingKind_EnabledPausedDuration', 10: u'wil_details_ServiceReportingKind_DisabledTotalDuration', 11: u'wil_details_ServiceReportingKind_DisabledPausedDuration', 256: u'wil_details_ServiceReportingKind_VariantDevicePotentialBase', 320: u'wil_details_ServiceReportingKind_VariantDeviceUsageBase', 384: u'wil_details_ServiceReportingKind_VariantUniquePotentialBase', 448: u'wil_details_ServiceReportingKind_VariantUniqueUsageBase', 150: u'wil_details_ServiceReportingKind_CustomDisabledBase', 100: u'wil_details_ServiceReportingKind_CustomEnabledBase', 254: u'wil_details_ServiceReportingKind_Store', 255: u'wil_details_ServiceReportingKind_None'})]],
+    'payloadId' : [ 0xc, ['unsigned long']],
+    'ignoredUse' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_ReportedState' : [ 0x4, {
+    'exchange' : [ 0x0, ['unsigned long']],
+    'queuedForReporting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'reportedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'reportedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'reportedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'reportedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'usageCount' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 14, native_type='unsigned long')]],
+    'usageCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'opportunityCount' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 22, native_type='unsigned long')]],
+    'opportunityCountRepresentsPotential' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_details_RecordedState' : [ 0x4, {
+    'exchange' : [ 0x0, ['unsigned long']],
+    'recordedDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'recordedDevicePotential' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'recordedDeviceOpportunity' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'recordedDevicePotentialOpportunity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'recordedVariantDeviceUsage' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'recordedVariant' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 11, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'FEATURE_ERROR' : [ 0x38, {
+    'hr' : [ 0x0, ['unsigned long']],
+    'lineNumber' : [ 0x4, ['unsigned short']],
+    'file' : [ 0x8, ['pointer', ['unsigned char']]],
+    'process' : [ 0xc, ['pointer', ['unsigned char']]],
+    'modulePath' : [ 0x10, ['pointer', ['unsigned char']]],
+    'callerReturnAddressOffset' : [ 0x14, ['unsigned long']],
+    'callerModule' : [ 0x18, ['pointer', ['unsigned char']]],
+    'message' : [ 0x1c, ['pointer', ['unsigned char']]],
+    'originLineNumber' : [ 0x20, ['unsigned short']],
+    'originFile' : [ 0x24, ['pointer', ['unsigned char']]],
+    'originModule' : [ 0x28, ['pointer', ['unsigned char']]],
+    'originCallerReturnAddressOffset' : [ 0x2c, ['unsigned long']],
+    'originCallerModule' : [ 0x30, ['pointer', ['unsigned char']]],
+    'originName' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  'FEATURE_LOGGED_TRAITS' : [ 0x6, {
+    'version' : [ 0x0, ['unsigned short']],
+    'baseVersion' : [ 0x2, ['unsigned short']],
+    'stage' : [ 0x4, ['unsigned char']],
+} ],
+  'wil_details_StagingConfigFeature' : [ 0xc, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'changedInSession' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'unused1' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned long')]],
+    'serviceState' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 10, native_type='unsigned long')]],
+    'userState' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'testState' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 14, native_type='unsigned long')]],
+    'unused2' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned long')]],
+    'unused3' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'variant' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'payloadKind' : [ 0x4, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+    'payload' : [ 0x8, ['unsigned long']],
+} ],
+  'wil_details_StagingConfig' : [ 0x34, {
+    'store' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureStore_Machine', 1: u'wil_FeatureStore_User', 2: u'wil_FeatureStore_All'})]],
+    'forUpdate' : [ 0x4, ['long']],
+    'readChangeStamp' : [ 0x8, ['unsigned long']],
+    'readVersion' : [ 0xc, ['unsigned char']],
+    'modified' : [ 0x10, ['long']],
+    'header' : [ 0x14, ['pointer', ['wil_details_StagingConfigHeader']]],
+    'features' : [ 0x18, ['pointer', ['wil_details_StagingConfigFeature']]],
+    'triggers' : [ 0x1c, ['pointer', ['wil_details_StagingConfigUsageTrigger']]],
+    'changedInSession' : [ 0x20, ['long']],
+    'buffer' : [ 0x24, ['pointer', ['void']]],
+    'bufferSize' : [ 0x28, ['unsigned long']],
+    'bufferAlloc' : [ 0x2c, ['unsigned long']],
+    'bufferOwned' : [ 0x30, ['long']],
+} ],
+  'wil_details_StagingConfigHeader' : [ 0x10, {
+    'version' : [ 0x0, ['unsigned char']],
+    'versionMinor' : [ 0x1, ['unsigned char']],
+    'headerSizeBytes' : [ 0x2, ['unsigned short']],
+    'featureCount' : [ 0x4, ['unsigned short']],
+    'featureUsageTriggerCount' : [ 0x6, ['unsigned short']],
+    'sessionProperties' : [ 0x8, ['wil_details_StagingConfigHeaderProperties']],
+    'properties' : [ 0xc, ['wil_details_StagingConfigHeaderProperties']],
+} ],
+  'wil_details_StagingConfigUsageTrigger' : [ 0x10, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'trigger' : [ 0x4, ['wil_details_StagingConfigWnfStateName']],
+    'serviceReportingKind' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'isVariantConfig' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'unused' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_details_StagingConfigHeaderProperties' : [ 0x4, {
+    'ignoreServiceState' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ignoreUserState' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ignoreTestState' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ignoreVariants' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'wil_FeatureState' : [ 0x18, {
+    'enabledState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0x4, ['unsigned char']],
+    'payloadKind' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureVariantPayloadKind_None', 1: u'wil_FeatureVariantPayloadKind_Resident', 2: u'wil_FeatureVariantPayloadKind_External'})]],
+    'payload' : [ 0xc, ['unsigned long']],
+    'hasNotification' : [ 0x10, ['long']],
+    'isVariantConfiguration' : [ 0x14, ['long']],
+} ],
+  'wil_details_FeatureStateCache' : [ 0x8, {
+    'exchange' : [ 0x0, ['unsigned long']],
+    'stateCached' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'hasNotificationCached' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'variantCached' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'effectiveState' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'desiredState' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'reservedForKernelModeSupport' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned long')]],
+    'hasNotification' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'isVariant' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'variant' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 15, native_type='unsigned long')]],
+    'unused' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 32, native_type='unsigned long')]],
+    'payloadId' : [ 0x4, ['unsigned long']],
+    'exchange64' : [ 0x0, ['unsigned long long']],
+} ],
+  '__WIL__WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_WNF_STATE_NAME' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  '_wil_details_UsageSubscriptionData' : [ 0x8, {
+    'featureId' : [ 0x0, ['unsigned long']],
+    'serviceReportingKind' : [ 0x4, ['unsigned short']],
+} ],
+  '_RTL_FEATURE_CONFIGURATION' : [ 0xc, {
+    'FeatureId' : [ 0x0, ['unsigned long']],
+    'Priority' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'EnabledState' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'IsWexpConfiguration' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'HasSubscriptions' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Variant' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 14, native_type='unsigned long')]],
+    'VariantPayloadKind' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 16, native_type='unsigned long')]],
+    'VariantPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '_RTL_FEATURE_USAGE_REPORT' : [ 0x8, {
+    'FeatureId' : [ 0x0, ['unsigned long']],
+    'ReportingKind' : [ 0x4, ['unsigned short']],
+    'ReportingOptions' : [ 0x6, ['unsigned short']],
+} ],
+  'wil_details_FeatureTestState' : [ 0x1c, {
+    'kind' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'wil_details_FeatureTestStateKind_EnabledState', 1: u'wil_details_FeatureTestStateKind_Variant'})]],
+    'featureId' : [ 0x4, ['unsigned long']],
+    'state' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureEnabledState_Default', 1: u'wil_FeatureEnabledState_Disabled', 2: u'wil_FeatureEnabledState_Enabled'})]],
+    'variant' : [ 0xc, ['unsigned char']],
+    'payload' : [ 0x10, ['unsigned long']],
+    'payloadKind' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'wil_FeatureVariantPayloadKind_None', 1: u'wil_FeatureVariantPayloadKind_Resident', 2: u'wil_FeatureVariantPayloadKind_External'})]],
+    'next' : [ 0x18, ['pointer', ['wil_details_FeatureTestState']]],
+} ],
+  '__unnamed_1851' : [ 0x8, {
+    'Long' : [ 0x0, ['unsigned long long']],
+    'VolatileLong' : [ 0x0, ['unsigned long long']],
+    'HighLow' : [ 0x0, ['_MMPTE_HIGHLOW']],
+    'Hard' : [ 0x0, ['_MMPTE_HARDWARE']],
+    'Proto' : [ 0x0, ['_MMPTE_PROTOTYPE']],
+    'Soft' : [ 0x0, ['_MMPTE_SOFTWARE']],
+    'TimeStamp' : [ 0x0, ['_MMPTE_TIMESTAMP']],
+    'Trans' : [ 0x0, ['_MMPTE_TRANSITION']],
+    'Subsect' : [ 0x0, ['_MMPTE_SUBSECTION']],
+    'List' : [ 0x0, ['_MMPTE_LIST']],
+} ],
+  '_MMPTE' : [ 0x8, {
+    'u' : [ 0x0, ['__unnamed_1851']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND' : [ 0xc, {
+    'LocalLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'State' : [ 0x4, ['_EX_PUSH_LOCK_AUTO_EXPAND_STATE']],
+    'Stats' : [ 0x8, ['unsigned long']],
+} ],
+  '_ERESOURCE' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerTable' : [ 0x8, ['pointer', ['_OWNER_ENTRY']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'ReservedLowFlags' : [ 0xe, ['unsigned char']],
+    'WaiterPriority' : [ 0xf, ['unsigned char']],
+    'SharedWaiters' : [ 0x10, ['pointer', ['void']]],
+    'ExclusiveWaiters' : [ 0x14, ['pointer', ['void']]],
+    'OwnerEntry' : [ 0x18, ['_OWNER_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_CACHED_PTE' : [ 0x8, {
+    'GlobalTimeStamp' : [ 0x0, ['unsigned long']],
+    'PteIndex' : [ 0x4, ['unsigned long']],
+    'Long' : [ 0x0, ['long long']],
+} ],
+  '_KLOCK_QUEUE_HANDLE' : [ 0xc, {
+    'LockQueue' : [ 0x0, ['_KSPIN_LOCK_QUEUE']],
+    'OldIrql' : [ 0x8, ['unsigned char']],
+} ],
+  '_MMPFNLIST' : [ 0x14, {
+    'Total' : [ 0x0, ['unsigned long']],
+    'ListName' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ZeroedPageList', 1: u'FreePageList', 2: u'StandbyPageList', 3: u'ModifiedPageList', 4: u'ModifiedNoWritePageList', 5: u'BadPageList', 6: u'ActiveAndValid', 7: u'TransitionPage'})]],
+    'Flink' : [ 0x8, ['unsigned long']],
+    'Blink' : [ 0xc, ['unsigned long']],
+    'Lock' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMCLONE_DESCRIPTOR' : [ 0x30, {
+    'CloneNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['pointer', ['_MMCLONE_DESCRIPTOR']]],
+    'StartingCloneBlock' : [ 0xc, ['pointer', ['_MMCLONE_BLOCK']]],
+    'EndingCloneBlock' : [ 0x10, ['pointer', ['_MMCLONE_BLOCK']]],
+    'NumberOfPtes' : [ 0x14, ['unsigned long']],
+    'NumberOfReferences' : [ 0x18, ['unsigned long']],
+    'CloneHeader' : [ 0x1c, ['pointer', ['_MMCLONE_HEADER']]],
+    'NonPagedPoolQuotaCharge' : [ 0x20, ['unsigned long']],
+    'DeleteList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'NestingLevel' : [ 0x28, ['unsigned long long']],
+} ],
+  '__unnamed_189b' : [ 0x4, {
+    'NextSlistPfn' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'Flink' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x0, ['_MI_ACTIVE_PFN']],
+} ],
+  '__unnamed_18a0' : [ 0x2, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_18a2' : [ 0x4, {
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_18a4' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned short']],
+    'e1' : [ 0x2, ['_MMPFNENTRY1']],
+    'e3' : [ 0x3, ['_MMPFNENTRY3']],
+    'e2' : [ 0x0, ['__unnamed_18a0']],
+    'e4' : [ 0x0, ['__unnamed_18a2']],
+} ],
+  '__unnamed_18aa' : [ 0x4, {
+    'PteFrame' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LargePageSize' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'ModifiedListBucketIndex' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'PageIdentity' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 31, native_type='unsigned long')]],
+    'PrototypePte' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPFN' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0x0, ['__unnamed_189b']],
+    'PteAddress' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PteLong' : [ 0x4, ['unsigned long']],
+    'OriginalPte' : [ 0x8, ['_MMPTE']],
+    'u2' : [ 0x10, ['_MIPFNBLINK']],
+    'u3' : [ 0x14, ['__unnamed_18a4']],
+    'u4' : [ 0x18, ['__unnamed_18aa']],
+} ],
+  '__unnamed_18b5' : [ 0x4, {
+    'ImageCommitment' : [ 0x0, ['unsigned long']],
+    'CreatingProcessId' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_18b9' : [ 0x4, {
+    'ImageInformation' : [ 0x0, ['pointer', ['_MI_SECTION_IMAGE_INFORMATION']]],
+    'FirstMappedVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_SEGMENT' : [ 0x30, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'u1' : [ 0x20, ['__unnamed_18b5']],
+    'u2' : [ 0x24, ['__unnamed_18b9']],
+    'PrototypePte' : [ 0x28, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_18be' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMSECTION_FLAGS']],
+} ],
+  '__unnamed_18c6' : [ 0xc, {
+    'NumberOfSystemCacheViews' : [ 0x0, ['unsigned long']],
+    'ImageRelocationStartBit' : [ 0x0, ['unsigned long']],
+    'WritableUserReferences' : [ 0x4, ['long']],
+    'ImageRelocationSizeIn64k' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'SystemImage' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CantMove' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'StrongCode' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'BitMap' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 22, native_type='unsigned long')]],
+    'ImageActive' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ImageBaseOkToReuse' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'FlushInProgressCount' : [ 0x8, ['unsigned long']],
+    'NumberOfSubsections' : [ 0x8, ['unsigned long']],
+    'SeImageStub' : [ 0x8, ['pointer', ['_MI_IMAGE_SECURITY_REFERENCE']]],
+} ],
+  '__unnamed_18c8' : [ 0xc, {
+    'e2' : [ 0x0, ['__unnamed_18c6']],
+} ],
+  '__unnamed_18cd' : [ 0x4, {
+    'IoAttributionContext' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+    'ImageCrossPartitionCharge' : [ 0x0, ['unsigned long']],
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 20, native_type='unsigned long')]],
+} ],
+  '_CONTROL_AREA' : [ 0x50, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'ListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'AweContext' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfSectionReferences' : [ 0xc, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x10, ['unsigned long']],
+    'NumberOfMappedViews' : [ 0x14, ['unsigned long']],
+    'NumberOfUserReferences' : [ 0x18, ['unsigned long']],
+    'u' : [ 0x1c, ['__unnamed_18be']],
+    'FilePointer' : [ 0x20, ['_EX_FAST_REF']],
+    'ControlAreaLock' : [ 0x24, ['long']],
+    'ModifiedWriteCount' : [ 0x28, ['unsigned long']],
+    'WaitList' : [ 0x2c, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'u2' : [ 0x30, ['__unnamed_18c8']],
+    'FileObjectLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'LockedPages' : [ 0x40, ['unsigned long long']],
+    'u3' : [ 0x48, ['__unnamed_18cd']],
+} ],
+  '_MI_SYSTEM_PTE_TYPE' : [ 0x34, {
+    'Bitmap' : [ 0x0, ['_RTL_BITMAP']],
+    'BasePte' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'VaType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'MiVaUnused', 1: u'MiVaSessionSpace', 2: u'MiVaProcessSpace', 3: u'MiVaBootLoaded', 4: u'MiVaPfnDatabase', 5: u'MiVaNonPagedPool', 6: u'MiVaPagedPool', 7: u'MiVaSpecialPoolPaged', 8: u'MiVaSystemCache', 9: u'MiVaSystemPtes', 10: u'MiVaHal', 11: u'MiVaSessionGlobalSpace', 12: u'MiVaDriverImages', 13: u'MiVaSystemPtesLarge', 14: u'MiVaKernelStacks', 15: u'MiVaSecureNonPagedPool', 16: u'MiVaMaximumType'})]],
+    'FailureCount' : [ 0x14, ['pointer', ['unsigned long']]],
+    'PteFailures' : [ 0x18, ['unsigned long']],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'GlobalPushLock' : [ 0x1c, ['pointer', ['_EX_PUSH_LOCK']]],
+    'TotalSystemPtes' : [ 0x20, ['unsigned long']],
+    'Hint' : [ 0x24, ['unsigned long']],
+    'LowestBitEverAllocated' : [ 0x28, ['unsigned long']],
+    'CachedPtes' : [ 0x2c, ['pointer', ['_MI_CACHED_PTES']]],
+    'TotalFreeSystemPtes' : [ 0x30, ['unsigned long']],
+} ],
+  '__unnamed_18ef' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'VadFlags' : [ 0x0, ['_MMVAD_FLAGS']],
+    'PrivateVadFlags' : [ 0x0, ['_MM_PRIVATE_VAD_FLAGS']],
+    'GraphicsVadFlags' : [ 0x0, ['_MM_GRAPHICS_VAD_FLAGS']],
+    'SharedVadFlags' : [ 0x0, ['_MM_SHARED_VAD_FLAGS']],
+    'VolatileVadLong' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_18f2' : [ 0x4, {
+    'LongFlags1' : [ 0x0, ['unsigned long']],
+    'VadFlags1' : [ 0x0, ['_MMVAD_FLAGS1']],
+} ],
+  '_MMVAD_SHORT' : [ 0x28, {
+    'NextVad' : [ 0x0, ['pointer', ['_MMVAD_SHORT']]],
+    'ExtraCreateInfo' : [ 0x4, ['pointer', ['void']]],
+    'VadNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'PushLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'u' : [ 0x1c, ['__unnamed_18ef']],
+    'u1' : [ 0x20, ['__unnamed_18f2']],
+    'EventList' : [ 0x24, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+} ],
+  '_MM_STORE_KEY' : [ 0x4, {
+    'KeyLow' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 28, native_type='unsigned long')]],
+    'KeyHigh' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 32, native_type='unsigned long')]],
+    'EntireKey' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PARTITION' : [ 0x1b40, {
+    'Core' : [ 0x0, ['_MI_PARTITION_CORE']],
+    'Modwriter' : [ 0xe8, ['_MI_PARTITION_MODWRITES']],
+    'Store' : [ 0x2b8, ['_MI_PARTITION_STORES']],
+    'Segments' : [ 0x340, ['_MI_PARTITION_SEGMENTS']],
+    'PageLists' : [ 0x540, ['_MI_PARTITION_PAGE_LISTS']],
+    'Commit' : [ 0xd80, ['_MI_PARTITION_COMMIT']],
+    'Zeroing' : [ 0xda4, ['_MI_PARTITION_ZEROING']],
+    'PageCombine' : [ 0xe18, ['_MI_PAGE_COMBINING_SUPPORT']],
+    'WorkingSetControl' : [ 0xef8, ['pointer', ['void']]],
+    'WorkingSetExpansionHead' : [ 0xefc, ['_MMWORKING_SET_EXPANSION_HEAD']],
+    'SessionDetachTimeStamp' : [ 0xf04, ['unsigned long']],
+    'Vp' : [ 0xf40, ['_MI_VISIBLE_PARTITION']],
+} ],
+  '_EPARTITION' : [ 0x40, {
+    'MmPartition' : [ 0x0, ['pointer', ['void']]],
+    'CcPartition' : [ 0x4, ['pointer', ['void']]],
+    'ExPartition' : [ 0x8, ['pointer', ['void']]],
+    'HardReferenceCount' : [ 0xc, ['long']],
+    'OpenHandleCount' : [ 0x10, ['long']],
+    'ActivePartitionLinks' : [ 0x14, ['_LIST_ENTRY']],
+    'ParentPartition' : [ 0x1c, ['pointer', ['_EPARTITION']]],
+    'TeardownWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'TeardownLock' : [ 0x30, ['_EX_PUSH_LOCK']],
+    'SystemProcess' : [ 0x34, ['pointer', ['_EPROCESS']]],
+    'SystemProcessHandle' : [ 0x38, ['pointer', ['void']]],
+    'PartitionFlags' : [ 0x3c, ['unsigned long']],
+    'PairedWithJob' : [ 0x3c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '_MI_IMAGE_LOAD_CONFIG' : [ 0x14, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'CfgAlignmentBias' : [ 0x4, ['unsigned long']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'RvaList' : [ 0xc, ['pointer', ['_RTL_RVA_LIST']]],
+    'RetpolineRelocations' : [ 0x10, ['pointer', ['_MI_RETPOLINE_RELOCATION_INFORMATION']]],
+} ],
+  '__unnamed_1922' : [ 0x4, {
+    'LongFlags2' : [ 0x0, ['unsigned long']],
+    'VadFlags2' : [ 0x0, ['_MMVAD_FLAGS2']],
+} ],
+  '__unnamed_1927' : [ 0x4, {
+    'SequentialVa' : [ 0x0, ['_MI_VAD_SEQUENTIAL_INFO']],
+    'ExtendedInfo' : [ 0x0, ['pointer', ['_MMEXTEND_INFO']]],
+} ],
+  '_MMVAD' : [ 0x4c, {
+    'Core' : [ 0x0, ['_MMVAD_SHORT']],
+    'u2' : [ 0x28, ['__unnamed_1922']],
+    'Subsection' : [ 0x2c, ['pointer', ['_SUBSECTION']]],
+    'FirstPrototypePte' : [ 0x30, ['pointer', ['_MMPTE']]],
+    'LastContiguousPte' : [ 0x34, ['pointer', ['_MMPTE']]],
+    'ViewLinks' : [ 0x38, ['_LIST_ENTRY']],
+    'VadsProcess' : [ 0x40, ['pointer', ['_EPROCESS']]],
+    'u4' : [ 0x44, ['__unnamed_1927']],
+    'FileObject' : [ 0x48, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_MI_VAD_EVENT_BLOCK' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer', ['_MI_VAD_EVENT_BLOCK']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+    'SecureInfo' : [ 0x4, ['_MMADDRESS_LIST']],
+    'BitMap' : [ 0x4, ['_RTL_BITMAP']],
+    'InPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'LargePage' : [ 0x4, ['_MI_LARGEPAGE_VAD_INFO']],
+    'AweView' : [ 0x4, ['_MI_PHYSICAL_VIEW']],
+    'CreatingThread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'PebTeb' : [ 0x4, ['_MI_SUB64K_FREE_RANGES']],
+    'PlaceholderVad' : [ 0x4, ['pointer', ['_MMVAD_SHORT']]],
+    'WaitReason' : [ 0x24, ['unsigned long']],
+} ],
+  '_HHIVE' : [ 0x400, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'GetCellRoutine' : [ 0x4, ['pointer', ['void']]],
+    'ReleaseCellRoutine' : [ 0x8, ['pointer', ['void']]],
+    'Allocate' : [ 0xc, ['pointer', ['void']]],
+    'Free' : [ 0x10, ['pointer', ['void']]],
+    'FileWrite' : [ 0x14, ['pointer', ['void']]],
+    'FileRead' : [ 0x18, ['pointer', ['void']]],
+    'HiveLoadFailure' : [ 0x1c, ['pointer', ['void']]],
+    'BaseBlock' : [ 0x20, ['pointer', ['_HBASE_BLOCK']]],
+    'FlusherLock' : [ 0x24, ['_CMSI_RW_LOCK']],
+    'WriterLock' : [ 0x28, ['_CMSI_RW_LOCK']],
+    'DirtyVector' : [ 0x2c, ['_RTL_BITMAP']],
+    'DirtyCount' : [ 0x34, ['unsigned long']],
+    'DirtyAlloc' : [ 0x38, ['unsigned long']],
+    'UnreconciledVector' : [ 0x3c, ['_RTL_BITMAP']],
+    'UnreconciledCount' : [ 0x44, ['unsigned long']],
+    'BaseBlockAlloc' : [ 0x48, ['unsigned long']],
+    'Cluster' : [ 0x4c, ['unsigned long']],
+    'Flat' : [ 0x50, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ReadOnly' : [ 0x50, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x50, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'DirtyFlag' : [ 0x51, ['unsigned char']],
+    'HvBinHeadersUse' : [ 0x54, ['unsigned long']],
+    'HvFreeCellsUse' : [ 0x58, ['unsigned long']],
+    'HvUsedCellsUse' : [ 0x5c, ['unsigned long']],
+    'CmUsedCellsUse' : [ 0x60, ['unsigned long']],
+    'HiveFlags' : [ 0x64, ['unsigned long']],
+    'CurrentLog' : [ 0x68, ['unsigned long']],
+    'CurrentLogSequence' : [ 0x6c, ['unsigned long']],
+    'CurrentLogMinimumSequence' : [ 0x70, ['unsigned long']],
+    'CurrentLogOffset' : [ 0x74, ['unsigned long']],
+    'MinimumLogSequence' : [ 0x78, ['unsigned long']],
+    'LogFileSizeCap' : [ 0x7c, ['unsigned long']],
+    'LogDataPresent' : [ 0x80, ['array', 2, ['unsigned char']]],
+    'PrimaryFileValid' : [ 0x82, ['unsigned char']],
+    'BaseBlockDirty' : [ 0x83, ['unsigned char']],
+    'LastLogSwapTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'FirstLogFile' : [ 0x90, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned short')]],
+    'SecondLogFile' : [ 0x90, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned short')]],
+    'HeaderRecovered' : [ 0x90, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'LegacyRecoveryIndicated' : [ 0x90, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'RecoveryInformationReserved' : [ 0x90, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'RecoveryInformation' : [ 0x90, ['unsigned short']],
+    'LogEntriesRecovered' : [ 0x92, ['array', 2, ['unsigned char']]],
+    'RefreshCount' : [ 0x94, ['unsigned long']],
+    'StorageTypeCount' : [ 0x98, ['unsigned long']],
+    'Version' : [ 0x9c, ['unsigned long']],
+    'ViewMap' : [ 0xa0, ['_HVP_VIEW_MAP']],
+    'Storage' : [ 0xc8, ['array', 2, ['_DUAL']]],
+} ],
+  '_HV_GET_CELL_CONTEXT' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'BinContext' : [ 0x4, ['_HV_GET_BIN_CONTEXT']],
+} ],
+  '_CM_KEY_CONTROL_BLOCK' : [ 0xb0, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ExtFlags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'Freed' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'Discarded' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HiveUnloaded' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'Decommissioned' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SpareExtFlag' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'TotalLevels' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 31, native_type='unsigned long')]],
+    'KeyHash' : [ 0x8, ['_CM_KEY_HASH']],
+    'ConvKey' : [ 0x8, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0xc, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x10, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0x14, ['unsigned long']],
+    'KcbPushlock' : [ 0x18, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x1c, ['pointer', ['_KTHREAD']]],
+    'SharedCount' : [ 0x1c, ['long']],
+    'DelayedDeref' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DelayedClose' : [ 0x20, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Parking' : [ 0x20, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'LayerSemantics' : [ 0x21, ['unsigned char']],
+    'LayerHeight' : [ 0x22, ['short']],
+    'ParentKcb' : [ 0x24, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NameBlock' : [ 0x28, ['pointer', ['_CM_NAME_CONTROL_BLOCK']]],
+    'CachedSecurity' : [ 0x2c, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'ValueList' : [ 0x30, ['_CHILD_LIST']],
+    'LinkTarget' : [ 0x38, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'IndexHint' : [ 0x3c, ['pointer', ['_CM_INDEX_HINT_BLOCK']]],
+    'HashKey' : [ 0x3c, ['unsigned long']],
+    'SubKeyCount' : [ 0x3c, ['unsigned long']],
+    'KeyBodyListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'ClonedListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'KeyBodyArray' : [ 0x48, ['array', 4, ['pointer', ['_CM_KEY_BODY']]]],
+    'KcbLastWriteTime' : [ 0x58, ['_LARGE_INTEGER']],
+    'KcbMaxNameLen' : [ 0x60, ['unsigned short']],
+    'KcbMaxValueNameLen' : [ 0x62, ['unsigned short']],
+    'KcbMaxValueDataLen' : [ 0x64, ['unsigned long']],
+    'KcbUserFlags' : [ 0x68, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'KcbVirtControlFlags' : [ 0x68, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned long')]],
+    'KcbDebug' : [ 0x68, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Flags' : [ 0x68, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'LayerInfo' : [ 0x6c, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'KCBUoWListHead' : [ 0x70, ['_LIST_ENTRY']],
+    'DelayQueueEntry' : [ 0x78, ['_LIST_ENTRY']],
+    'Stolen' : [ 0x78, ['pointer', ['unsigned char']]],
+    'TransKCBOwner' : [ 0x80, ['pointer', ['_CM_TRANS']]],
+    'KCBLock' : [ 0x84, ['_CM_INTENT_LOCK']],
+    'KeyLock' : [ 0x8c, ['_CM_INTENT_LOCK']],
+    'TransValueCache' : [ 0x94, ['_CHILD_LIST']],
+    'TransValueListOwner' : [ 0x9c, ['pointer', ['_CM_TRANS']]],
+    'FullKCBName' : [ 0xa0, ['pointer', ['_UNICODE_STRING']]],
+    'FullKCBNameStale' : [ 0xa0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0xa0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0xa8, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT' : [ 0x358, {
+    'Attribute' : [ 0x0, ['tagSWITCH_CONTEXT_ATTRIBUTE']],
+    'Data' : [ 0x18, ['tagSWITCH_CONTEXT_DATA']],
+} ],
+  '_CM_KEY_BODY' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned long']],
+    'KeyControlBlock' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NotifyBlock' : [ 0x8, ['pointer', ['_CM_NOTIFY_BLOCK']]],
+    'ProcessID' : [ 0xc, ['pointer', ['void']]],
+    'KeyBodyList' : [ 0x10, ['_LIST_ENTRY']],
+    'Flags' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'HandleTags' : [ 0x18, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'KtmUow' : [ 0x20, ['pointer', ['_GUID']]],
+    'ContextListHead' : [ 0x24, ['_LIST_ENTRY']],
+    'EnumerationResumeContext' : [ 0x2c, ['pointer', ['void']]],
+    'RestrictedAccessMask' : [ 0x30, ['unsigned long']],
+} ],
+  '_CM_KEY_NODE' : [ 0x50, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'LastWriteTime' : [ 0x4, ['_LARGE_INTEGER']],
+    'AccessBits' : [ 0xc, ['unsigned char']],
+    'LayerSemantics' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned char')]],
+    'Spare1' : [ 0xd, ['BitField', dict(start_bit = 2, end_bit = 7, native_type='unsigned char')]],
+    'InheritClass' : [ 0xd, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0xe, ['unsigned short']],
+    'Parent' : [ 0x10, ['unsigned long']],
+    'SubKeyCounts' : [ 0x14, ['array', 2, ['unsigned long']]],
+    'SubKeyLists' : [ 0x1c, ['array', 2, ['unsigned long']]],
+    'ValueList' : [ 0x24, ['_CHILD_LIST']],
+    'ChildHiveReference' : [ 0x1c, ['_CM_KEY_REFERENCE']],
+    'Security' : [ 0x2c, ['unsigned long']],
+    'Class' : [ 0x30, ['unsigned long']],
+    'MaxNameLen' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'UserFlags' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'VirtControlFlags' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 24, native_type='unsigned long')]],
+    'Debug' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'MaxClassLen' : [ 0x38, ['unsigned long']],
+    'MaxValueNameLen' : [ 0x3c, ['unsigned long']],
+    'MaxValueDataLen' : [ 0x40, ['unsigned long']],
+    'WorkVar' : [ 0x44, ['unsigned long']],
+    'NameLength' : [ 0x48, ['unsigned short']],
+    'ClassLength' : [ 0x4a, ['unsigned short']],
+    'Name' : [ 0x4c, ['array', 1, ['wchar']]],
+} ],
+  '_CM_NAME_CONTROL_BLOCK' : [ 0x10, {
+    'Compressed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NameHash' : [ 0x4, ['_CM_NAME_HASH']],
+    'ConvKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+    'NameLength' : [ 0xc, ['unsigned short']],
+    'Name' : [ 0xe, ['array', 1, ['wchar']]],
+} ],
+  '_CM_KEY_VALUE' : [ 0x18, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'NameLength' : [ 0x2, ['unsigned short']],
+    'DataLength' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned short']],
+    'Spare' : [ 0x12, ['unsigned short']],
+    'Name' : [ 0x14, ['array', 1, ['wchar']]],
+} ],
+  '_SECURITY_SUBJECT_CONTEXT' : [ 0x10, {
+    'ClientToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'PrimaryToken' : [ 0x8, ['pointer', ['void']]],
+    'ProcessAuditId' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_CMHIVE' : [ 0xc00, {
+    'Hive' : [ 0x0, ['_HHIVE']],
+    'FileHandles' : [ 0x400, ['array', 6, ['pointer', ['void']]]],
+    'NotifyList' : [ 0x418, ['_LIST_ENTRY']],
+    'HiveList' : [ 0x420, ['_LIST_ENTRY']],
+    'PreloadedHiveList' : [ 0x428, ['_LIST_ENTRY']],
+    'HiveRundown' : [ 0x430, ['_EX_RUNDOWN_REF']],
+    'KcbCacheTable' : [ 0x434, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'KcbCacheTableSize' : [ 0x438, ['unsigned long']],
+    'DeletedKcbTable' : [ 0x43c, ['pointer', ['_CM_KEY_HASH_TABLE_ENTRY']]],
+    'DeletedKcbTableSize' : [ 0x440, ['unsigned long']],
+    'Identity' : [ 0x444, ['unsigned long']],
+    'HiveLock' : [ 0x448, ['_CMSI_RW_LOCK']],
+    'FlushDirtyVector' : [ 0x44c, ['_RTL_BITMAP']],
+    'FlushDirtyVectorSize' : [ 0x454, ['unsigned long']],
+    'FlushLogEntryOffsetArray' : [ 0x458, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'FlushLogEntryOffsetArrayCount' : [ 0x45c, ['unsigned long']],
+    'FlushLogEntrySize' : [ 0x460, ['unsigned long']],
+    'FlushHiveTruncated' : [ 0x464, ['unsigned long']],
+    'FlushBaseBlockDirty' : [ 0x468, ['unsigned char']],
+    'CapturedUnreconciledVector' : [ 0x46c, ['_RTL_BITMAP']],
+    'CapturedUnreconciledVectorSize' : [ 0x474, ['unsigned long']],
+    'UnreconciledOffsetArray' : [ 0x478, ['pointer', ['CMP_OFFSET_ARRAY']]],
+    'UnreconciledOffsetArrayCount' : [ 0x47c, ['unsigned long']],
+    'UnreconciledBaseBlock' : [ 0x480, ['pointer', ['_HBASE_BLOCK']]],
+    'SecurityLock' : [ 0x484, ['_EX_PUSH_LOCK']],
+    'LastShrinkHiveSize' : [ 0x488, ['unsigned long']],
+    'ActualFileSize' : [ 0x490, ['_LARGE_INTEGER']],
+    'LogFileSizes' : [ 0x498, ['array', 2, ['_LARGE_INTEGER']]],
+    'FileFullPath' : [ 0x4a8, ['_UNICODE_STRING']],
+    'FileUserName' : [ 0x4b0, ['_UNICODE_STRING']],
+    'HiveRootPath' : [ 0x4b8, ['_UNICODE_STRING']],
+    'SecurityCount' : [ 0x4c0, ['unsigned long']],
+    'SecurityCacheSize' : [ 0x4c4, ['unsigned long']],
+    'SecurityHitHint' : [ 0x4c8, ['long']],
+    'SecurityCache' : [ 0x4cc, ['pointer', ['_CM_KEY_SECURITY_CACHE_ENTRY']]],
+    'SecurityHash' : [ 0x4d0, ['array', 64, ['_LIST_ENTRY']]],
+    'UnloadEventCount' : [ 0x6d0, ['unsigned long']],
+    'UnloadEventArray' : [ 0x6d4, ['pointer', ['pointer', ['_KEVENT']]]],
+    'RootKcb' : [ 0x6d8, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Frozen' : [ 0x6dc, ['unsigned char']],
+    'UnloadWorkItem' : [ 0x6e0, ['pointer', ['_CM_WORKITEM']]],
+    'UnloadWorkItemHolder' : [ 0x6e4, ['_CM_WORKITEM']],
+    'DirtyVectorLog' : [ 0x6f8, ['_CM_DIRTY_VECTOR_LOG']],
+    'Flags' : [ 0x980, ['unsigned long']],
+    'TrustClassEntry' : [ 0x984, ['_LIST_ENTRY']],
+    'DirtyTime' : [ 0x990, ['unsigned long long']],
+    'UnreconciledTime' : [ 0x998, ['unsigned long long']],
+    'CmRm' : [ 0x9a0, ['pointer', ['_CM_RM']]],
+    'CmRmInitFailPoint' : [ 0x9a4, ['unsigned long']],
+    'CmRmInitFailStatus' : [ 0x9a8, ['long']],
+    'CreatorOwner' : [ 0x9ac, ['pointer', ['_KTHREAD']]],
+    'RundownThread' : [ 0x9b0, ['pointer', ['_KTHREAD']]],
+    'LastWriteTime' : [ 0x9b8, ['_LARGE_INTEGER']],
+    'FlushQueue' : [ 0x9c0, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'ReconcileQueue' : [ 0x9c8, ['_HIVE_WRITE_WAIT_QUEUE']],
+    'FlushFlags' : [ 0x9d0, ['unsigned long']],
+    'PrimaryFilePurged' : [ 0x9d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DiskFileBad' : [ 0x9d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PrimaryFileSizeBeforeLastFlush' : [ 0x9d4, ['unsigned long']],
+    'ReferenceCount' : [ 0x9d8, ['long']],
+    'UnloadHistoryIndex' : [ 0x9dc, ['long']],
+    'UnloadHistory' : [ 0x9e0, ['array', 128, ['unsigned long']]],
+    'BootStart' : [ 0xbe0, ['unsigned long']],
+    'UnaccessedStart' : [ 0xbe4, ['unsigned long']],
+    'UnaccessedEnd' : [ 0xbe8, ['unsigned long']],
+    'LoadedKeyCount' : [ 0xbec, ['unsigned long']],
+    'HandleClosePending' : [ 0xbf0, ['unsigned long']],
+    'HandleClosePendingEvent' : [ 0xbf4, ['_EX_PUSH_LOCK']],
+    'FinalFlushSucceeded' : [ 0xbf8, ['unsigned char']],
+    'VolumeContext' : [ 0xbfc, ['pointer', ['_CMP_VOLUME_CONTEXT']]],
+} ],
+  '__unnamed_19c6' : [ 0xc, {
+    'Failure' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'_None', 1: u'_CmpCreateHive', 3: u'_HvpBuildMap', 4: u'_HvpBuildMapForLoaderHive', 5: u'_HvpInitMap', 6: u'_HvLoadHive', 7: u'_HvpMapHiveImage', 8: u'_HvpRecoverData', 9: u'_CmpValidateHiveSecurityDescriptors', 10: u'_HvpEnlistBinInMap', 11: u'_CmCheckRegistry', 12: u'_CmRegistryIO', 13: u'_CmCheckRegistry2', 14: u'_CmpCheckKey', 15: u'_CmpCheckValueList', 16: u'_HvCheckHive', 17: u'_HvCheckBin', 18: u'_HvpGetLogEntryDirtyVector', 19: u'_HvpReadLogEntryHeader', 20: u'_HvpReadLogEntry', 21: u'_CmpMountPreloadedHives', 22: u'_CmpLoadHiveThread', 23: u'_CmpCheckLeaf', 24: u'_HvHiveStartFileBacked', 25: u'_HvStartHiveMemoryBacked', 26: u'_HvpEnlistFreeCells', 27: u'_HvpPerformLogFileRecovery', 28: u'_CmpInitHiveFromFile', 29: u'_CmpLoadKeyCommon', 30: u'_CmpLinkHiveToMaster', 31: u'_CmLoadKey', 32: u'_CmLoadAppKey', 33: u'_CmpResolveHiveLoadConflict'})]],
+    'Status' : [ 0x4, ['long']],
+    'Point' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_19c9' : [ 0xc, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'Handle' : [ 0x4, ['pointer', ['void']]],
+    'Status' : [ 0x8, ['long']],
+} ],
+  '__unnamed_19cb' : [ 0x4, {
+    'CheckStack' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_19cd' : [ 0x10, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CellPoint' : [ 0x4, ['pointer', ['_CELL_DATA']]],
+    'RootPoint' : [ 0x8, ['pointer', ['void']]],
+    'Index' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_19cf' : [ 0x10, {
+    'List' : [ 0x0, ['pointer', ['_CELL_DATA']]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Cell' : [ 0x8, ['unsigned long']],
+    'CellPoint' : [ 0xc, ['pointer', ['_CELL_DATA']]],
+} ],
+  '__unnamed_19d3' : [ 0xc, {
+    'Space' : [ 0x0, ['unsigned long']],
+    'MapPoint' : [ 0x4, ['unsigned long']],
+    'BinPoint' : [ 0x8, ['pointer', ['_HBIN']]],
+} ],
+  '__unnamed_19d7' : [ 0x8, {
+    'Bin' : [ 0x0, ['pointer', ['_HBIN']]],
+    'CellPoint' : [ 0x4, ['pointer', ['_HCELL']]],
+} ],
+  '__unnamed_19d9' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+} ],
+  '_HIVE_LOAD_FAILURE' : [ 0x154, {
+    'Hive' : [ 0x0, ['pointer', ['_HHIVE']]],
+    'Index' : [ 0x4, ['unsigned short']],
+    'RecoverableIndex' : [ 0x6, ['unsigned short']],
+    'Locations' : [ 0x8, ['array', 8, ['__unnamed_19c6']]],
+    'RecoverableLocations' : [ 0x68, ['array', 8, ['__unnamed_19c6']]],
+    'RegistryIO' : [ 0xc8, ['__unnamed_19c9']],
+    'CheckRegistry2' : [ 0xd4, ['__unnamed_19cb']],
+    'CheckKey' : [ 0xd8, ['__unnamed_19cd']],
+    'CheckValueList' : [ 0xe8, ['__unnamed_19cf']],
+    'CheckHive' : [ 0xf8, ['__unnamed_19d3']],
+    'CheckHive1' : [ 0x104, ['__unnamed_19d3']],
+    'CheckBin' : [ 0x110, ['__unnamed_19d7']],
+    'RecoverData' : [ 0x118, ['__unnamed_19d9']],
+    'LinkDebug' : [ 0x11c, ['_CM_PARSE_DEBUG_INFO']],
+} ],
+  '_CM_KCB_UOW' : [ 0x40, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBLock' : [ 0x8, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KeyLock' : [ 0xc, ['pointer', ['_CM_INTENT_LOCK']]],
+    'KCBListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x18, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'Transaction' : [ 0x1c, ['pointer', ['_CM_TRANS']]],
+    'UoWState' : [ 0x20, ['unsigned long']],
+    'ActionType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'UoWAddThisKey', 1: u'UoWAddChildKey', 2: u'UoWDeleteThisKey', 3: u'UoWDeleteChildKey', 4: u'UoWSetValueNew', 5: u'UoWSetValueExisting', 6: u'UoWDeleteValue', 7: u'UoWSetKeyUserFlags', 8: u'UoWSetLastWriteTime', 9: u'UoWSetSecurityDescriptor', 10: u'UoWRenameSubKey', 11: u'UoWRenameOldSubKey', 12: u'UoWRenameNewSubKey', 13: u'UoWIsolation', 14: u'UoWInvalid'})]],
+    'StorageType' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'Stable', 1: u'Volatile', 2: u'InvalidStorage'})]],
+    'ParentUoW' : [ 0x2c, ['pointer', ['_CM_KCB_UOW']]],
+    'ChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'VolatileKeyCell' : [ 0x30, ['unsigned long']],
+    'OldValueCell' : [ 0x30, ['unsigned long']],
+    'NewValueCell' : [ 0x34, ['unsigned long']],
+    'UserFlags' : [ 0x30, ['unsigned long']],
+    'LastWriteTime' : [ 0x30, ['_LARGE_INTEGER']],
+    'TxCachedSecurity' : [ 0x30, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+    'TxSecurityCell' : [ 0x34, ['unsigned long']],
+    'OldChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'NewChildKCB' : [ 0x34, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'OtherChildKCB' : [ 0x30, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'ThisVolatileKeyCell' : [ 0x34, ['unsigned long']],
+    'PrepareDataPointer' : [ 0x38, ['pointer', ['void']]],
+    'SecurityData' : [ 0x38, ['pointer', ['_CM_UOW_SET_SD_DATA']]],
+    'ModifyKeysData' : [ 0x38, ['pointer', ['_CM_UOW_KEY_STATE_MODIFICATION']]],
+    'SetValueData' : [ 0x38, ['pointer', ['_CM_UOW_SET_VALUE_LIST_DATA']]],
+    'ValueData' : [ 0x3c, ['pointer', ['_CM_UOW_SET_VALUE_KEY_DATA']]],
+    'DiscardReplaceContext' : [ 0x3c, ['pointer', ['_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT']]],
+} ],
+  '_CM_TRANS' : [ 0x70, {
+    'TransactionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'KCBUoWListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'LazyCommitListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Prepared' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Aborted' : [ 0x18, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Committed' : [ 0x18, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Initializing' : [ 0x18, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Invalid' : [ 0x18, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'UseReservation' : [ 0x18, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'TmCallbacksActive' : [ 0x18, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LightWeight' : [ 0x18, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Freed1' : [ 0x18, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Freed2' : [ 0x18, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x18, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Freed' : [ 0x18, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Spare' : [ 0x18, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+    'TransState' : [ 0x18, ['unsigned long']],
+    'Trans' : [ 0x1c, ['_CM_TRANS_PTR']],
+    'CmRm' : [ 0x20, ['pointer', ['_CM_RM']]],
+    'KtmEnlistmentObject' : [ 0x24, ['pointer', ['_KENLISTMENT']]],
+    'KtmEnlistmentHandle' : [ 0x28, ['pointer', ['void']]],
+    'KtmUow' : [ 0x2c, ['_GUID']],
+    'StartLsn' : [ 0x40, ['unsigned long long']],
+    'HiveCount' : [ 0x48, ['unsigned long']],
+    'HiveArray' : [ 0x4c, ['array', 8, ['pointer', ['_CMHIVE']]]],
+} ],
+  '_PCW_COUNTER_DESCRIPTOR' : [ 0x8, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'StructIndex' : [ 0x2, ['unsigned short']],
+    'Offset' : [ 0x4, ['unsigned short']],
+    'Size' : [ 0x6, ['unsigned short']],
+} ],
+  '_PCW_REGISTRATION_INFORMATION' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Name' : [ 0x4, ['pointer', ['_UNICODE_STRING']]],
+    'CounterCount' : [ 0x8, ['unsigned long']],
+    'Counters' : [ 0xc, ['pointer', ['_PCW_COUNTER_DESCRIPTOR']]],
+    'Callback' : [ 0x10, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PCW_PROCESSOR_INFO' : [ 0xc8, {
+    'IdleTime' : [ 0x0, ['unsigned long long']],
+    'AvailableTime' : [ 0x8, ['unsigned long long']],
+    'UserTime' : [ 0x10, ['unsigned long long']],
+    'KernelTime' : [ 0x18, ['unsigned long long']],
+    'Interrupts' : [ 0x20, ['unsigned long']],
+    'DpcTime' : [ 0x28, ['unsigned long long']],
+    'InterruptTime' : [ 0x30, ['unsigned long long']],
+    'ClockInterrupts' : [ 0x38, ['unsigned long']],
+    'DpcCount' : [ 0x3c, ['unsigned long']],
+    'DpcRate' : [ 0x40, ['unsigned long']],
+    'C1Time' : [ 0x48, ['unsigned long long']],
+    'C2Time' : [ 0x50, ['unsigned long long']],
+    'C3Time' : [ 0x58, ['unsigned long long']],
+    'C1Transitions' : [ 0x60, ['unsigned long long']],
+    'C2Transitions' : [ 0x68, ['unsigned long long']],
+    'C3Transitions' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'ParkingStatus' : [ 0x80, ['unsigned long']],
+    'CurrentFrequency' : [ 0x84, ['unsigned long']],
+    'PercentMaxFrequency' : [ 0x88, ['unsigned long']],
+    'StateFlags' : [ 0x8c, ['unsigned long']],
+    'NominalThroughput' : [ 0x90, ['unsigned long']],
+    'ActiveThroughput' : [ 0x94, ['unsigned long']],
+    'ScaledThroughput' : [ 0x98, ['unsigned long long']],
+    'ScaledKernelThroughput' : [ 0xa0, ['unsigned long long']],
+    'AverageIdleTime' : [ 0xa8, ['unsigned long long']],
+    'IdleBreakEvents' : [ 0xb0, ['unsigned long long']],
+    'PerformanceLimit' : [ 0xb8, ['unsigned long']],
+    'PerformanceLimitFlags' : [ 0xbc, ['unsigned long']],
+    'ScaledFrequency' : [ 0xc0, ['unsigned long long']],
+} ],
+  '_PCW_DATA' : [ 0x8, {
+    'Data' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_SYNCH_COUNTERS' : [ 0xb8, {
+    'SpinLockAcquireCount' : [ 0x0, ['unsigned long']],
+    'SpinLockContentionCount' : [ 0x4, ['unsigned long']],
+    'SpinLockSpinCount' : [ 0x8, ['unsigned long']],
+    'IpiSendRequestBroadcastCount' : [ 0xc, ['unsigned long']],
+    'IpiSendRequestRoutineCount' : [ 0x10, ['unsigned long']],
+    'IpiSendSoftwareInterruptCount' : [ 0x14, ['unsigned long']],
+    'ExInitializeResourceCount' : [ 0x18, ['unsigned long']],
+    'ExReInitializeResourceCount' : [ 0x1c, ['unsigned long']],
+    'ExDeleteResourceCount' : [ 0x20, ['unsigned long']],
+    'ExecutiveResourceAcquiresCount' : [ 0x24, ['unsigned long']],
+    'ExecutiveResourceContentionsCount' : [ 0x28, ['unsigned long']],
+    'ExecutiveResourceReleaseExclusiveCount' : [ 0x2c, ['unsigned long']],
+    'ExecutiveResourceReleaseSharedCount' : [ 0x30, ['unsigned long']],
+    'ExecutiveResourceConvertsCount' : [ 0x34, ['unsigned long']],
+    'ExAcqResExclusiveAttempts' : [ 0x38, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusive' : [ 0x3c, ['unsigned long']],
+    'ExAcqResExclusiveAcquiresExclusiveRecursive' : [ 0x40, ['unsigned long']],
+    'ExAcqResExclusiveWaits' : [ 0x44, ['unsigned long']],
+    'ExAcqResExclusiveNotAcquires' : [ 0x48, ['unsigned long']],
+    'ExAcqResSharedAttempts' : [ 0x4c, ['unsigned long']],
+    'ExAcqResSharedAcquiresExclusive' : [ 0x50, ['unsigned long']],
+    'ExAcqResSharedAcquiresShared' : [ 0x54, ['unsigned long']],
+    'ExAcqResSharedAcquiresSharedRecursive' : [ 0x58, ['unsigned long']],
+    'ExAcqResSharedWaits' : [ 0x5c, ['unsigned long']],
+    'ExAcqResSharedNotAcquires' : [ 0x60, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAttempts' : [ 0x64, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresExclusive' : [ 0x68, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresShared' : [ 0x6c, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveAcquiresSharedRecursive' : [ 0x70, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveWaits' : [ 0x74, ['unsigned long']],
+    'ExAcqResSharedStarveExclusiveNotAcquires' : [ 0x78, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAttempts' : [ 0x7c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresExclusive' : [ 0x80, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresShared' : [ 0x84, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive' : [ 0x88, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveWaits' : [ 0x8c, ['unsigned long']],
+    'ExAcqResSharedWaitForExclusiveNotAcquires' : [ 0x90, ['unsigned long']],
+    'ExSetResOwnerPointerExclusive' : [ 0x94, ['unsigned long']],
+    'ExSetResOwnerPointerSharedNew' : [ 0x98, ['unsigned long']],
+    'ExSetResOwnerPointerSharedOld' : [ 0x9c, ['unsigned long']],
+    'ExTryToAcqExclusiveAttempts' : [ 0xa0, ['unsigned long']],
+    'ExTryToAcqExclusiveAcquires' : [ 0xa4, ['unsigned long']],
+    'ExBoostExclusiveOwner' : [ 0xa8, ['unsigned long']],
+    'ExBoostSharedOwners' : [ 0xac, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsCount' : [ 0xb0, ['unsigned long']],
+    'ExEtwSynchTrackingNotificationsAccountedCount' : [ 0xb4, ['unsigned long']],
+} ],
+  '_ETW_PERF_COUNTERS' : [ 0x18, {
+    'TotalActiveSessions' : [ 0x0, ['long']],
+    'TotalBufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'TotalBufferMemoryPagedPool' : [ 0x8, ['long']],
+    'TotalGuidsEnabled' : [ 0xc, ['long']],
+    'TotalGuidsNotEnabled' : [ 0x10, ['long']],
+    'TotalGuidsPreEnabled' : [ 0x14, ['long']],
+} ],
+  '_ETW_SESSION_PERF_COUNTERS' : [ 0x18, {
+    'BufferMemoryPagedPool' : [ 0x0, ['long']],
+    'BufferMemoryNonPagedPool' : [ 0x4, ['long']],
+    'EventsLoggedCount' : [ 0x8, ['unsigned long long']],
+    'EventsLost' : [ 0x10, ['long']],
+    'NumConsumers' : [ 0x14, ['long']],
+} ],
+  '_FILESYSTEM_DISK_COUNTERS' : [ 0x10, {
+    'FsBytesRead' : [ 0x0, ['unsigned long long']],
+    'FsBytesWritten' : [ 0x8, ['unsigned long long']],
+} ],
+  '_THERMAL_ZONE_COUNTERS' : [ 0x10, {
+    'Temperature' : [ 0x0, ['unsigned long']],
+    'ThrottleLimit' : [ 0x4, ['unsigned long']],
+    'ThrottleReasons' : [ 0x8, ['unsigned long']],
+    'TemperatureHighPrecision' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB32' : [ 0x1000, {
+    'NtTib' : [ 0x0, ['_NT_TIB32']],
+    'EnvironmentPointer' : [ 0x1c, ['unsigned long']],
+    'ClientId' : [ 0x20, ['_CLIENT_ID32']],
+    'ActiveRpcHandle' : [ 0x28, ['unsigned long']],
+    'ThreadLocalStoragePointer' : [ 0x2c, ['unsigned long']],
+    'ProcessEnvironmentBlock' : [ 0x30, ['unsigned long']],
+    'LastErrorValue' : [ 0x34, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x38, ['unsigned long']],
+    'CsrClientThread' : [ 0x3c, ['unsigned long']],
+    'Win32ThreadInfo' : [ 0x40, ['unsigned long']],
+    'User32Reserved' : [ 0x44, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xac, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0xc0, ['unsigned long']],
+    'CurrentLocale' : [ 0xc4, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0xc8, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0xcc, ['array', 16, ['unsigned long']]],
+    'SystemReserved1' : [ 0x10c, ['array', 26, ['unsigned long']]],
+    'PlaceholderCompatibilityMode' : [ 0x174, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x175, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x176, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x180, ['unsigned long']],
+    '_ActivationStack' : [ 0x184, ['_ACTIVATION_CONTEXT_STACK32']],
+    'WorkingOnBehalfTicket' : [ 0x19c, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x1a4, ['long']],
+    'ActivationContextStackPointer' : [ 0x1a8, ['unsigned long']],
+    'InstrumentationCallbackSp' : [ 0x1ac, ['unsigned long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x1b0, ['unsigned long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x1b4, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x1b8, ['unsigned char']],
+    'SpareBytes' : [ 0x1b9, ['array', 23, ['unsigned char']]],
+    'TxFsContext' : [ 0x1d0, ['unsigned long']],
+    'GdiTebBatch' : [ 0x1d4, ['_GDI_TEB_BATCH32']],
+    'RealClientId' : [ 0x6b4, ['_CLIENT_ID32']],
+    'GdiCachedProcessHandle' : [ 0x6bc, ['unsigned long']],
+    'GdiClientPID' : [ 0x6c0, ['unsigned long']],
+    'GdiClientTID' : [ 0x6c4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x6c8, ['unsigned long']],
+    'Win32ClientInfo' : [ 0x6cc, ['array', 62, ['unsigned long']]],
+    'glDispatchTable' : [ 0x7c4, ['array', 233, ['unsigned long']]],
+    'glReserved1' : [ 0xb68, ['array', 29, ['unsigned long']]],
+    'glReserved2' : [ 0xbdc, ['unsigned long']],
+    'glSectionInfo' : [ 0xbe0, ['unsigned long']],
+    'glSection' : [ 0xbe4, ['unsigned long']],
+    'glTable' : [ 0xbe8, ['unsigned long']],
+    'glCurrentRC' : [ 0xbec, ['unsigned long']],
+    'glContext' : [ 0xbf0, ['unsigned long']],
+    'LastStatusValue' : [ 0xbf4, ['unsigned long']],
+    'StaticUnicodeString' : [ 0xbf8, ['_STRING32']],
+    'StaticUnicodeBuffer' : [ 0xc00, ['array', 261, ['wchar']]],
+    'DeallocationStack' : [ 0xe0c, ['unsigned long']],
+    'TlsSlots' : [ 0xe10, ['array', 64, ['unsigned long']]],
+    'TlsLinks' : [ 0xf10, ['LIST_ENTRY32']],
+    'Vdm' : [ 0xf18, ['unsigned long']],
+    'ReservedForNtRpc' : [ 0xf1c, ['unsigned long']],
+    'DbgSsReserved' : [ 0xf20, ['array', 2, ['unsigned long']]],
+    'HardErrorMode' : [ 0xf28, ['unsigned long']],
+    'Instrumentation' : [ 0xf2c, ['array', 9, ['unsigned long']]],
+    'ActivityId' : [ 0xf50, ['_GUID']],
+    'SubProcessTag' : [ 0xf60, ['unsigned long']],
+    'PerflibData' : [ 0xf64, ['unsigned long']],
+    'EtwTraceData' : [ 0xf68, ['unsigned long']],
+    'WinSockData' : [ 0xf6c, ['unsigned long']],
+    'GdiBatchCount' : [ 0xf70, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0xf74, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0xf74, ['unsigned long']],
+    'ReservedPad0' : [ 0xf74, ['unsigned char']],
+    'ReservedPad1' : [ 0xf75, ['unsigned char']],
+    'ReservedPad2' : [ 0xf76, ['unsigned char']],
+    'IdealProcessor' : [ 0xf77, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0xf78, ['unsigned long']],
+    'ReservedForPerf' : [ 0xf7c, ['unsigned long']],
+    'ReservedForOle' : [ 0xf80, ['unsigned long']],
+    'WaitingOnLoaderLock' : [ 0xf84, ['unsigned long']],
+    'SavedPriorityState' : [ 0xf88, ['unsigned long']],
+    'ReservedForCodeCoverage' : [ 0xf8c, ['unsigned long']],
+    'ThreadPoolData' : [ 0xf90, ['unsigned long']],
+    'TlsExpansionSlots' : [ 0xf94, ['unsigned long']],
+    'MuiGeneration' : [ 0xf98, ['unsigned long']],
+    'IsImpersonating' : [ 0xf9c, ['unsigned long']],
+    'NlsCache' : [ 0xfa0, ['unsigned long']],
+    'pShimData' : [ 0xfa4, ['unsigned long']],
+    'HeapData' : [ 0xfa8, ['unsigned long']],
+    'CurrentTransactionHandle' : [ 0xfac, ['unsigned long']],
+    'ActiveFrame' : [ 0xfb0, ['unsigned long']],
+    'FlsData' : [ 0xfb4, ['unsigned long']],
+    'PreferredLanguages' : [ 0xfb8, ['unsigned long']],
+    'UserPrefLanguages' : [ 0xfbc, ['unsigned long']],
+    'MergedPrefLanguages' : [ 0xfc0, ['unsigned long']],
+    'MuiImpersonation' : [ 0xfc4, ['unsigned long']],
+    'CrossTebFlags' : [ 0xfc8, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0xfc8, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0xfca, ['unsigned short']],
+    'SafeThunkCall' : [ 0xfca, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0xfca, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0xfca, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0xfca, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0xfca, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0xfca, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0xfca, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0xfca, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0xfca, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0xfca, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0xfca, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0xfca, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0xfca, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0xfca, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0xfca, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0xfca, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0xfcc, ['unsigned long']],
+    'TxnScopeExitCallback' : [ 0xfd0, ['unsigned long']],
+    'TxnScopeContext' : [ 0xfd4, ['unsigned long']],
+    'LockCount' : [ 0xfd8, ['unsigned long']],
+    'WowTebOffset' : [ 0xfdc, ['long']],
+    'ResourceRetValue' : [ 0xfe0, ['unsigned long']],
+    'ReservedForWdf' : [ 0xfe4, ['unsigned long']],
+    'ReservedForCrt' : [ 0xfe8, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0xff0, ['_GUID']],
+} ],
+  '_TEB64' : [ 0x1838, {
+    'NtTib' : [ 0x0, ['_NT_TIB64']],
+    'EnvironmentPointer' : [ 0x38, ['unsigned long long']],
+    'ClientId' : [ 0x40, ['_CLIENT_ID64']],
+    'ActiveRpcHandle' : [ 0x50, ['unsigned long long']],
+    'ThreadLocalStoragePointer' : [ 0x58, ['unsigned long long']],
+    'ProcessEnvironmentBlock' : [ 0x60, ['unsigned long long']],
+    'LastErrorValue' : [ 0x68, ['unsigned long']],
+    'CountOfOwnedCriticalSections' : [ 0x6c, ['unsigned long']],
+    'CsrClientThread' : [ 0x70, ['unsigned long long']],
+    'Win32ThreadInfo' : [ 0x78, ['unsigned long long']],
+    'User32Reserved' : [ 0x80, ['array', 26, ['unsigned long']]],
+    'UserReserved' : [ 0xe8, ['array', 5, ['unsigned long']]],
+    'WOW32Reserved' : [ 0x100, ['unsigned long long']],
+    'CurrentLocale' : [ 0x108, ['unsigned long']],
+    'FpSoftwareStatusRegister' : [ 0x10c, ['unsigned long']],
+    'ReservedForDebuggerInstrumentation' : [ 0x110, ['array', 16, ['unsigned long long']]],
+    'SystemReserved1' : [ 0x190, ['array', 30, ['unsigned long long']]],
+    'PlaceholderCompatibilityMode' : [ 0x280, ['unsigned char']],
+    'PlaceholderHydrationAlwaysExplicit' : [ 0x281, ['unsigned char']],
+    'PlaceholderReserved' : [ 0x282, ['array', 10, ['unsigned char']]],
+    'ProxiedProcessId' : [ 0x28c, ['unsigned long']],
+    '_ActivationStack' : [ 0x290, ['_ACTIVATION_CONTEXT_STACK64']],
+    'WorkingOnBehalfTicket' : [ 0x2b8, ['array', 8, ['unsigned char']]],
+    'ExceptionCode' : [ 0x2c0, ['long']],
+    'Padding0' : [ 0x2c4, ['array', 4, ['unsigned char']]],
+    'ActivationContextStackPointer' : [ 0x2c8, ['unsigned long long']],
+    'InstrumentationCallbackSp' : [ 0x2d0, ['unsigned long long']],
+    'InstrumentationCallbackPreviousPc' : [ 0x2d8, ['unsigned long long']],
+    'InstrumentationCallbackPreviousSp' : [ 0x2e0, ['unsigned long long']],
+    'TxFsContext' : [ 0x2e8, ['unsigned long']],
+    'InstrumentationCallbackDisabled' : [ 0x2ec, ['unsigned char']],
+    'UnalignedLoadStoreExceptions' : [ 0x2ed, ['unsigned char']],
+    'Padding1' : [ 0x2ee, ['array', 2, ['unsigned char']]],
+    'GdiTebBatch' : [ 0x2f0, ['_GDI_TEB_BATCH64']],
+    'RealClientId' : [ 0x7d8, ['_CLIENT_ID64']],
+    'GdiCachedProcessHandle' : [ 0x7e8, ['unsigned long long']],
+    'GdiClientPID' : [ 0x7f0, ['unsigned long']],
+    'GdiClientTID' : [ 0x7f4, ['unsigned long']],
+    'GdiThreadLocalInfo' : [ 0x7f8, ['unsigned long long']],
+    'Win32ClientInfo' : [ 0x800, ['array', 62, ['unsigned long long']]],
+    'glDispatchTable' : [ 0x9f0, ['array', 233, ['unsigned long long']]],
+    'glReserved1' : [ 0x1138, ['array', 29, ['unsigned long long']]],
+    'glReserved2' : [ 0x1220, ['unsigned long long']],
+    'glSectionInfo' : [ 0x1228, ['unsigned long long']],
+    'glSection' : [ 0x1230, ['unsigned long long']],
+    'glTable' : [ 0x1238, ['unsigned long long']],
+    'glCurrentRC' : [ 0x1240, ['unsigned long long']],
+    'glContext' : [ 0x1248, ['unsigned long long']],
+    'LastStatusValue' : [ 0x1250, ['unsigned long']],
+    'Padding2' : [ 0x1254, ['array', 4, ['unsigned char']]],
+    'StaticUnicodeString' : [ 0x1258, ['_STRING64']],
+    'StaticUnicodeBuffer' : [ 0x1268, ['array', 261, ['wchar']]],
+    'Padding3' : [ 0x1472, ['array', 6, ['unsigned char']]],
+    'DeallocationStack' : [ 0x1478, ['unsigned long long']],
+    'TlsSlots' : [ 0x1480, ['array', 64, ['unsigned long long']]],
+    'TlsLinks' : [ 0x1680, ['LIST_ENTRY64']],
+    'Vdm' : [ 0x1690, ['unsigned long long']],
+    'ReservedForNtRpc' : [ 0x1698, ['unsigned long long']],
+    'DbgSsReserved' : [ 0x16a0, ['array', 2, ['unsigned long long']]],
+    'HardErrorMode' : [ 0x16b0, ['unsigned long']],
+    'Padding4' : [ 0x16b4, ['array', 4, ['unsigned char']]],
+    'Instrumentation' : [ 0x16b8, ['array', 11, ['unsigned long long']]],
+    'ActivityId' : [ 0x1710, ['_GUID']],
+    'SubProcessTag' : [ 0x1720, ['unsigned long long']],
+    'PerflibData' : [ 0x1728, ['unsigned long long']],
+    'EtwTraceData' : [ 0x1730, ['unsigned long long']],
+    'WinSockData' : [ 0x1738, ['unsigned long long']],
+    'GdiBatchCount' : [ 0x1740, ['unsigned long']],
+    'CurrentIdealProcessor' : [ 0x1744, ['_PROCESSOR_NUMBER']],
+    'IdealProcessorValue' : [ 0x1744, ['unsigned long']],
+    'ReservedPad0' : [ 0x1744, ['unsigned char']],
+    'ReservedPad1' : [ 0x1745, ['unsigned char']],
+    'ReservedPad2' : [ 0x1746, ['unsigned char']],
+    'IdealProcessor' : [ 0x1747, ['unsigned char']],
+    'GuaranteedStackBytes' : [ 0x1748, ['unsigned long']],
+    'Padding5' : [ 0x174c, ['array', 4, ['unsigned char']]],
+    'ReservedForPerf' : [ 0x1750, ['unsigned long long']],
+    'ReservedForOle' : [ 0x1758, ['unsigned long long']],
+    'WaitingOnLoaderLock' : [ 0x1760, ['unsigned long']],
+    'Padding6' : [ 0x1764, ['array', 4, ['unsigned char']]],
+    'SavedPriorityState' : [ 0x1768, ['unsigned long long']],
+    'ReservedForCodeCoverage' : [ 0x1770, ['unsigned long long']],
+    'ThreadPoolData' : [ 0x1778, ['unsigned long long']],
+    'TlsExpansionSlots' : [ 0x1780, ['unsigned long long']],
+    'DeallocationBStore' : [ 0x1788, ['unsigned long long']],
+    'BStoreLimit' : [ 0x1790, ['unsigned long long']],
+    'MuiGeneration' : [ 0x1798, ['unsigned long']],
+    'IsImpersonating' : [ 0x179c, ['unsigned long']],
+    'NlsCache' : [ 0x17a0, ['unsigned long long']],
+    'pShimData' : [ 0x17a8, ['unsigned long long']],
+    'HeapData' : [ 0x17b0, ['unsigned long']],
+    'Padding7' : [ 0x17b4, ['array', 4, ['unsigned char']]],
+    'CurrentTransactionHandle' : [ 0x17b8, ['unsigned long long']],
+    'ActiveFrame' : [ 0x17c0, ['unsigned long long']],
+    'FlsData' : [ 0x17c8, ['unsigned long long']],
+    'PreferredLanguages' : [ 0x17d0, ['unsigned long long']],
+    'UserPrefLanguages' : [ 0x17d8, ['unsigned long long']],
+    'MergedPrefLanguages' : [ 0x17e0, ['unsigned long long']],
+    'MuiImpersonation' : [ 0x17e8, ['unsigned long']],
+    'CrossTebFlags' : [ 0x17ec, ['unsigned short']],
+    'SpareCrossTebBits' : [ 0x17ec, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned short')]],
+    'SameTebFlags' : [ 0x17ee, ['unsigned short']],
+    'SafeThunkCall' : [ 0x17ee, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'InDebugPrint' : [ 0x17ee, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'HasFiberData' : [ 0x17ee, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'SkipThreadAttach' : [ 0x17ee, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'WerInShipAssertCode' : [ 0x17ee, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'RanProcessInit' : [ 0x17ee, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'ClonedThread' : [ 0x17ee, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SuppressDebugMsg' : [ 0x17ee, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DisableUserStackWalk' : [ 0x17ee, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'RtlExceptionAttached' : [ 0x17ee, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'InitialThread' : [ 0x17ee, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionAware' : [ 0x17ee, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LoadOwner' : [ 0x17ee, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'LoaderWorker' : [ 0x17ee, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'SkipLoaderInit' : [ 0x17ee, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'SpareSameTebBits' : [ 0x17ee, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'TxnScopeEnterCallback' : [ 0x17f0, ['unsigned long long']],
+    'TxnScopeExitCallback' : [ 0x17f8, ['unsigned long long']],
+    'TxnScopeContext' : [ 0x1800, ['unsigned long long']],
+    'LockCount' : [ 0x1808, ['unsigned long']],
+    'WowTebOffset' : [ 0x180c, ['long']],
+    'ResourceRetValue' : [ 0x1810, ['unsigned long long']],
+    'ReservedForWdf' : [ 0x1818, ['unsigned long long']],
+    'ReservedForCrt' : [ 0x1820, ['unsigned long long']],
+    'EffectiveContainerId' : [ 0x1828, ['_GUID']],
+} ],
+  '_HV_X64_HYPERVISOR_FEATURES' : [ 0x10, {
+    'PartitionPrivileges' : [ 0x0, ['_HV_PARTITION_PRIVILEGE_MASK']],
+    'MaxSupportedCState' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long')]],
+    'HpetNeededForC3PowerState_Deprecated' : [ 0x8, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Reserved' : [ 0x8, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'MwaitAvailable_Deprecated' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuestDebuggingAvailable' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerformanceMonitorsAvailable' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CpuDynamicPartitioningAvailable' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'XmmRegistersForFastHypercallAvailable' : [ 0xc, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'GuestIdleAvailable' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'HypervisorSleepStateSupportAvailable' : [ 0xc, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NumaDistanceQueryAvailable' : [ 0xc, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FrequencyRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SyntheticMachineCheckAvailable' : [ 0xc, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'GuestCrashRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DebugRegsAvailable' : [ 0xc, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Npiep1Available' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DisableHypervisorAvailable' : [ 0xc, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ExtendedGvaRangesForFlushVirtualAddressListAvailable' : [ 0xc, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'FastHypercallOutputAvailable' : [ 0xc, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SvmFeaturesAvailable' : [ 0xc, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'SintPollingModeAvailable' : [ 0xc, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'HypercallMsrLockAvailable' : [ 0xc, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'DirectSyntheticTimers' : [ 0xc, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'RegisterPatAvailable' : [ 0xc, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'RegisterBndcfgsAvailable' : [ 0xc, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'WatchdogTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'SyntheticTimeUnhaltedTimerAvailable' : [ 0xc, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'S1DeviceDomainsAvailable' : [ 0xc, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'LbrAvailable' : [ 0xc, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IptAvailable' : [ 0xc, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'CrossVtlFlushAvailable' : [ 0xc, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleSpecCtrlAvailable' : [ 0xc, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'Reserved1' : [ 0xc, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_HV_PARTITION_PRIVILEGE_MASK' : [ 0x8, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'AccessVpRunTimeReg' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'AccessPartitionReferenceCounter' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'AccessSynicRegs' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'AccessSyntheticTimerRegs' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'AccessIntrCtrlRegs' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'AccessHypercallMsrs' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'AccessVpIndex' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'AccessResetReg' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'AccessStatsReg' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'AccessPartitionReferenceTsc' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'AccessGuestIdleReg' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'AccessFrequencyRegs' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'AccessDebugRegs' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'AccessReenlightenmentControls' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'AccessRootSchedulerReg' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'AccessTscInvariantControls' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'CreatePartitions' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 33, native_type='unsigned long long')]],
+    'AccessPartitionId' : [ 0x0, ['BitField', dict(start_bit = 33, end_bit = 34, native_type='unsigned long long')]],
+    'AccessMemoryPool' : [ 0x0, ['BitField', dict(start_bit = 34, end_bit = 35, native_type='unsigned long long')]],
+    'AdjustMessageBuffers' : [ 0x0, ['BitField', dict(start_bit = 35, end_bit = 36, native_type='unsigned long long')]],
+    'PostMessages' : [ 0x0, ['BitField', dict(start_bit = 36, end_bit = 37, native_type='unsigned long long')]],
+    'SignalEvents' : [ 0x0, ['BitField', dict(start_bit = 37, end_bit = 38, native_type='unsigned long long')]],
+    'CreatePort' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 39, native_type='unsigned long long')]],
+    'ConnectPort' : [ 0x0, ['BitField', dict(start_bit = 39, end_bit = 40, native_type='unsigned long long')]],
+    'AccessStats' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 41, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 41, end_bit = 43, native_type='unsigned long long')]],
+    'Debugging' : [ 0x0, ['BitField', dict(start_bit = 43, end_bit = 44, native_type='unsigned long long')]],
+    'CpuManagement' : [ 0x0, ['BitField', dict(start_bit = 44, end_bit = 45, native_type='unsigned long long')]],
+    'ConfigureProfiler' : [ 0x0, ['BitField', dict(start_bit = 45, end_bit = 46, native_type='unsigned long long')]],
+    'AccessVpExitTracing' : [ 0x0, ['BitField', dict(start_bit = 46, end_bit = 47, native_type='unsigned long long')]],
+    'EnableExtendedGvaRangesForFlushVirtualAddressList' : [ 0x0, ['BitField', dict(start_bit = 47, end_bit = 48, native_type='unsigned long long')]],
+    'AccessVsm' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 49, native_type='unsigned long long')]],
+    'AccessVpRegisters' : [ 0x0, ['BitField', dict(start_bit = 49, end_bit = 50, native_type='unsigned long long')]],
+    'UnusedBit' : [ 0x0, ['BitField', dict(start_bit = 50, end_bit = 51, native_type='unsigned long long')]],
+    'FastHypercallOutput' : [ 0x0, ['BitField', dict(start_bit = 51, end_bit = 52, native_type='unsigned long long')]],
+    'EnableExtendedHypercalls' : [ 0x0, ['BitField', dict(start_bit = 52, end_bit = 53, native_type='unsigned long long')]],
+    'StartVirtualProcessor' : [ 0x0, ['BitField', dict(start_bit = 53, end_bit = 54, native_type='unsigned long long')]],
+    'Isolation' : [ 0x0, ['BitField', dict(start_bit = 54, end_bit = 55, native_type='unsigned long long')]],
+    'Reserved3' : [ 0x0, ['BitField', dict(start_bit = 55, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KTIMER_TABLE' : [ 0x1850, {
+    'TimerExpiry' : [ 0x0, ['array', 16, ['pointer', ['_KTIMER']]]],
+    'TimerEntries' : [ 0x40, ['array', 1, ['array', 256, ['_KTIMER_TABLE_ENTRY']]]],
+    'TableState' : [ 0x1840, ['_KTIMER_TABLE_STATE']],
+} ],
+  '_KTIMER_TABLE_ENTRY' : [ 0x18, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Entry' : [ 0x4, ['_LIST_ENTRY']],
+    'Time' : [ 0x10, ['_ULARGE_INTEGER']],
+} ],
+  '_XSTATE_SAVE' : [ 0x20, {
+    'Reserved1' : [ 0x0, ['long long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+    'Prev' : [ 0xc, ['pointer', ['_XSTATE_SAVE']]],
+    'Reserved3' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Thread' : [ 0x14, ['pointer', ['_KTHREAD']]],
+    'Reserved4' : [ 0x18, ['pointer', ['void']]],
+    'Level' : [ 0x1c, ['unsigned char']],
+    'XStateContext' : [ 0x0, ['_XSTATE_CONTEXT']],
+} ],
+  '_XSAVE_AREA' : [ 0x240, {
+    'LegacyState' : [ 0x0, ['_XSAVE_FORMAT']],
+    'Header' : [ 0x200, ['_XSAVE_AREA_HEADER']],
+} ],
+  '_KAFFINITY_EX' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_KAFFINITY_ENUMERATION_CONTEXT' : [ 0xc, {
+    'Affinity' : [ 0x0, ['pointer', ['_KAFFINITY_EX']]],
+    'CurrentMask' : [ 0x4, ['unsigned long']],
+    'CurrentIndex' : [ 0x8, ['unsigned short']],
+} ],
+  '__unnamed_1b0f' : [ 0x4, {
+    'LegacyDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'PendingDeviceRelations' : [ 0x0, ['pointer', ['_DEVICE_RELATIONS']]],
+    'Information' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1b11' : [ 0x4, {
+    'NextResourceDeviceNode' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+} ],
+  '__unnamed_1b15' : [ 0x10, {
+    'DockStatus' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DOCK_NOTDOCKDEVICE', 1: u'DOCK_QUIESCENT', 2: u'DOCK_ARRIVING', 3: u'DOCK_DEPARTING', 4: u'DOCK_EJECTIRP_COMPLETED'})]],
+    'ListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'SerialNumber' : [ 0xc, ['pointer', ['wchar']]],
+} ],
+  '_DEVICE_NODE' : [ 0x1f4, {
+    'Sibling' : [ 0x0, ['pointer', ['_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_POP_FX_DEVICE']]],
+    'FxDeviceLock' : [ 0x2c, ['long']],
+    'FxRemoveEvent' : [ 0x30, ['_KEVENT']],
+    'FxActivationCount' : [ 0x40, ['long']],
+    'FxSleepCount' : [ 0x44, ['long']],
+    'UniqueId' : [ 0x48, ['_UNICODE_STRING']],
+    'Plugin' : [ 0x50, ['pointer', ['_POP_FX_PLUGIN']]],
+    'Level' : [ 0x54, ['unsigned long']],
+    'CurrentPowerState' : [ 0x58, ['_POWER_STATE']],
+    'Notify' : [ 0x5c, ['_PO_DEVICE_NOTIFY']],
+    'PoIrpManager' : [ 0x98, ['_PO_IRP_MANAGER']],
+    'PowerFlags' : [ 0xa8, ['long']],
+    'State' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'PreviousState' : [ 0xb0, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'StateHistory' : [ 0xb4, ['array', 20, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]]],
+    'StateHistoryEntry' : [ 0x104, ['unsigned long']],
+    'CompletionStatus' : [ 0x108, ['long']],
+    'Flags' : [ 0x10c, ['unsigned long']],
+    'UserFlags' : [ 0x110, ['unsigned long']],
+    'Problem' : [ 0x114, ['unsigned long']],
+    'ProblemStatus' : [ 0x118, ['long']],
+    'ResourceList' : [ 0x11c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'ResourceListTranslated' : [ 0x120, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'DuplicatePDO' : [ 0x124, ['pointer', ['_DEVICE_OBJECT']]],
+    'ResourceRequirements' : [ 0x128, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'InterfaceType' : [ 0x12c, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x130, ['unsigned long']],
+    'ChildInterfaceType' : [ 0x134, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ChildBusNumber' : [ 0x138, ['unsigned long']],
+    'ChildBusTypeIndex' : [ 0x13c, ['unsigned short']],
+    'RemovalPolicy' : [ 0x13e, ['unsigned char']],
+    'HardwareRemovalPolicy' : [ 0x13f, ['unsigned char']],
+    'TargetDeviceNotify' : [ 0x140, ['_LIST_ENTRY']],
+    'DeviceArbiterList' : [ 0x148, ['_LIST_ENTRY']],
+    'DeviceTranslatorList' : [ 0x150, ['_LIST_ENTRY']],
+    'NoTranslatorMask' : [ 0x158, ['unsigned short']],
+    'QueryTranslatorMask' : [ 0x15a, ['unsigned short']],
+    'NoArbiterMask' : [ 0x15c, ['unsigned short']],
+    'QueryArbiterMask' : [ 0x15e, ['unsigned short']],
+    'OverUsed1' : [ 0x160, ['__unnamed_1b0f']],
+    'OverUsed2' : [ 0x164, ['__unnamed_1b11']],
+    'BootResources' : [ 0x168, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'BootResourcesTranslated' : [ 0x16c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'CapabilityFlags' : [ 0x170, ['unsigned long']],
+    'DockInfo' : [ 0x174, ['__unnamed_1b15']],
+    'DisableableDepends' : [ 0x184, ['unsigned long']],
+    'PendedSetInterfaceState' : [ 0x188, ['_LIST_ENTRY']],
+    'LegacyBusListEntry' : [ 0x190, ['_LIST_ENTRY']],
+    'DriverUnloadRetryCount' : [ 0x198, ['unsigned long']],
+    'PreviousParent' : [ 0x19c, ['pointer', ['_DEVICE_NODE']]],
+    'DeletedChildren' : [ 0x1a0, ['long']],
+    'NumaNodeIndex' : [ 0x1a4, ['unsigned long']],
+    'ContainerID' : [ 0x1a8, ['_GUID']],
+    'OverrideFlags' : [ 0x1b8, ['unsigned char']],
+    'DeviceIdsHash' : [ 0x1bc, ['unsigned long']],
+    'RequiresUnloadedDriver' : [ 0x1c0, ['unsigned char']],
+    'PendingEjectRelations' : [ 0x1c4, ['pointer', ['_PENDING_RELATIONS_LIST_ENTRY']]],
+    'StateFlags' : [ 0x1c8, ['unsigned long']],
+    'RebalanceContext' : [ 0x1cc, ['pointer', ['_PNP_REBALANCE_TRACE_CONTEXT']]],
+    'IommuExtension' : [ 0x1d0, ['pointer', ['_DEVICE_NODE_IOMMU_EXTENSION']]],
+    'DirectedDripsState' : [ 0x1d4, ['_PO_DIRECTED_DRIPS_STATE']],
+} ],
+  '_MCGEN_TRACE_CONTEXT' : [ 0x38, {
+    'RegistrationHandle' : [ 0x0, ['unsigned long long']],
+    'Logger' : [ 0x8, ['unsigned long long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'IsEnabled' : [ 0x24, ['unsigned long']],
+    'Level' : [ 0x28, ['unsigned char']],
+    'Reserve' : [ 0x29, ['unsigned char']],
+    'EnableBitsCount' : [ 0x2a, ['unsigned short']],
+    'EnableBitMask' : [ 0x2c, ['pointer', ['unsigned long']]],
+    'EnableKeyWords' : [ 0x30, ['pointer', ['unsigned long long']]],
+    'EnableLevel' : [ 0x34, ['pointer', ['unsigned char']]],
+} ],
+  '_SID' : [ 0xc, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'SubAuthorityCount' : [ 0x1, ['unsigned char']],
+    'IdentifierAuthority' : [ 0x2, ['_SID_IDENTIFIER_AUTHORITY']],
+    'SubAuthority' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x2c, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+    'DispatchedCount' : [ 0x8, ['unsigned long']],
+    'CompletedList' : [ 0xc, ['_LIST_ENTRY']],
+    'CompletedSemaphore' : [ 0x14, ['_KSEMAPHORE']],
+    'SpinLock' : [ 0x28, ['unsigned long']],
+} ],
+  '_KSEMAPHORE' : [ 0x14, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'Limit' : [ 0x10, ['long']],
+} ],
+  '_DEVOBJ_EXTENSION' : [ 0x3c, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'PowerFlags' : [ 0x8, ['unsigned long']],
+    'Dope' : [ 0xc, ['pointer', ['_DEVICE_OBJECT_POWER_EXTENSION']]],
+    'ExtensionFlags' : [ 0x10, ['unsigned long']],
+    'DeviceNode' : [ 0x14, ['pointer', ['void']]],
+    'AttachedTo' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'StartIoCount' : [ 0x1c, ['long']],
+    'StartIoKey' : [ 0x20, ['long']],
+    'StartIoFlags' : [ 0x24, ['unsigned long']],
+    'Vpb' : [ 0x28, ['pointer', ['_VPB']]],
+    'DependencyNode' : [ 0x2c, ['pointer', ['void']]],
+    'InterruptContext' : [ 0x30, ['pointer', ['void']]],
+    'InterruptCount' : [ 0x34, ['long']],
+    'VerifierContext' : [ 0x38, ['pointer', ['void']]],
+} ],
+  '_GROUP_AFFINITY' : [ 0xc, {
+    'Mask' : [ 0x0, ['unsigned long']],
+    'Group' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['array', 3, ['unsigned short']]],
+} ],
+  '_PNP_ASSIGN_RESOURCES_CONTEXT' : [ 0xc, {
+    'IncludeFailedDevices' : [ 0x0, ['unsigned long']],
+    'DeviceCount' : [ 0x4, ['unsigned long']],
+    'DeviceList' : [ 0x8, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_PNP_RESOURCE_REQUEST' : [ 0x28, {
+    'PhysicalDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'AllocationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Priority' : [ 0xc, ['unsigned long']],
+    'Position' : [ 0x10, ['unsigned long']],
+    'ResourceRequirements' : [ 0x14, ['pointer', ['_IO_RESOURCE_REQUIREMENTS_LIST']]],
+    'ReqList' : [ 0x18, ['pointer', ['void']]],
+    'ResourceAssignment' : [ 0x1c, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'TranslatedResourceAssignment' : [ 0x20, ['pointer', ['_CM_RESOURCE_LIST']]],
+    'Status' : [ 0x24, ['long']],
+} ],
+  '_IO_RESOURCE_REQUIREMENTS_LIST' : [ 0x48, {
+    'ListSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'SlotNumber' : [ 0xc, ['unsigned long']],
+    'Reserved' : [ 0x10, ['array', 3, ['unsigned long']]],
+    'AlternativeLists' : [ 0x1c, ['unsigned long']],
+    'List' : [ 0x20, ['array', 1, ['_IO_RESOURCE_LIST']]],
+} ],
+  '_EXCEPTION_RECORD64' : [ 0x98, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long long']],
+    'ExceptionAddress' : [ 0x10, ['unsigned long long']],
+    'NumberParameters' : [ 0x18, ['unsigned long']],
+    '__unusedAlignment' : [ 0x1c, ['unsigned long']],
+    'ExceptionInformation' : [ 0x20, ['array', 15, ['unsigned long long']]],
+} ],
+  '_EXCEPTION_RECORD32' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['unsigned long']],
+    'ExceptionAddress' : [ 0xc, ['unsigned long']],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_DBGKM_EXCEPTION64' : [ 0xa0, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD64']],
+    'FirstChance' : [ 0x98, ['unsigned long']],
+} ],
+  '_DBGKM_EXCEPTION32' : [ 0x54, {
+    'ExceptionRecord' : [ 0x0, ['_EXCEPTION_RECORD32']],
+    'FirstChance' : [ 0x50, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'DbgArgPointer' : [ 0xc, ['unsigned long']],
+    'TempSegCs' : [ 0x10, ['unsigned long']],
+    'TempEsp' : [ 0x14, ['unsigned long']],
+    'Dr0' : [ 0x18, ['unsigned long']],
+    'Dr1' : [ 0x1c, ['unsigned long']],
+    'Dr2' : [ 0x20, ['unsigned long']],
+    'Dr3' : [ 0x24, ['unsigned long']],
+    'Dr6' : [ 0x28, ['unsigned long']],
+    'Dr7' : [ 0x2c, ['unsigned long']],
+    'SegGs' : [ 0x30, ['unsigned long']],
+    'SegEs' : [ 0x34, ['unsigned long']],
+    'SegDs' : [ 0x38, ['unsigned long']],
+    'Edx' : [ 0x3c, ['unsigned long']],
+    'Ecx' : [ 0x40, ['unsigned long']],
+    'Eax' : [ 0x44, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x48, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x49, ['unsigned char']],
+    'Reserved' : [ 0x4a, ['array', 2, ['unsigned char']]],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_X86_KTRAP_FRAME_BLUE' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'Reserved' : [ 0x46, ['array', 2, ['unsigned char']]],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['unsigned long']],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS64' : [ 0x28, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x8, ['unsigned long long']],
+    'ProcessId' : [ 0x10, ['unsigned long long']],
+    'CheckSum' : [ 0x18, ['unsigned long']],
+    'SizeOfImage' : [ 0x1c, ['unsigned long']],
+    'UnloadSymbols' : [ 0x20, ['unsigned char']],
+} ],
+  '_DBGKD_LOAD_SYMBOLS32' : [ 0x18, {
+    'PathNameLength' : [ 0x0, ['unsigned long']],
+    'BaseOfDll' : [ 0x4, ['unsigned long']],
+    'ProcessId' : [ 0x8, ['unsigned long']],
+    'CheckSum' : [ 0xc, ['unsigned long']],
+    'SizeOfImage' : [ 0x10, ['unsigned long']],
+    'UnloadSymbols' : [ 0x14, ['unsigned char']],
+} ],
+  '_DBGKD_READ_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesRead' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesRead' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY64' : [ 0x10, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long long']],
+    'TransferCount' : [ 0x8, ['unsigned long']],
+    'ActualBytesWritten' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_MEMORY32' : [ 0xc, {
+    'TargetBaseAddress' : [ 0x0, ['unsigned long']],
+    'TransferCount' : [ 0x4, ['unsigned long']],
+    'ActualBytesWritten' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT64' : [ 0x10, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_WRITE_BREAKPOINT32' : [ 0x8, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long']],
+    'BreakPointHandle' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO64' : [ 0x10, {
+    'IoAddress' : [ 0x0, ['unsigned long long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'DataValue' : [ 0xc, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO32' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'IoAddress' : [ 0x4, ['unsigned long']],
+    'DataValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED64' : [ 0x20, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long long']],
+    'DataValue' : [ 0x18, ['unsigned long']],
+} ],
+  '_DBGKD_READ_WRITE_IO_EXTENDED32' : [ 0x18, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['unsigned long']],
+    'BusNumber' : [ 0x8, ['unsigned long']],
+    'AddressSpace' : [ 0xc, ['unsigned long']],
+    'IoAddress' : [ 0x10, ['unsigned long']],
+    'DataValue' : [ 0x14, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL32' : [ 0x4, {
+    'SpecialCall' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_SET_SPECIAL_CALL64' : [ 0x8, {
+    'SpecialCall' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT32' : [ 0x8, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+} ],
+  '_DBGKD_SET_INTERNAL_BREAKPOINT64' : [ 0x10, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT64' : [ 0x20, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Calls' : [ 0xc, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0x10, ['unsigned long']],
+    'MinInstructions' : [ 0x14, ['unsigned long']],
+    'MaxInstructions' : [ 0x18, ['unsigned long']],
+    'TotalInstructions' : [ 0x1c, ['unsigned long']],
+} ],
+  '_DBGKD_GET_INTERNAL_BREAKPOINT32' : [ 0x1c, {
+    'BreakpointAddress' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Calls' : [ 0x8, ['unsigned long']],
+    'MaxCallsPerPeriod' : [ 0xc, ['unsigned long']],
+    'MinInstructions' : [ 0x10, ['unsigned long']],
+    'MaxInstructions' : [ 0x14, ['unsigned long']],
+    'TotalInstructions' : [ 0x18, ['unsigned long']],
+} ],
+  '__unnamed_1c0d' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT64']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO64']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED64']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL64']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT64']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT64']],
+    'GetVersion64' : [ 0x0, ['_DBGKD_GET_VERSION64']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetSetBusData' : [ 0x0, ['_DBGKD_GET_SET_BUS_DATA']],
+    'FillMemory' : [ 0x0, ['_DBGKD_FILL_MEMORY']],
+    'QueryMemory' : [ 0x0, ['_DBGKD_QUERY_MEMORY']],
+    'SwitchPartition' : [ 0x0, ['_DBGKD_SWITCH_PARTITION']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'WriteCustomBreakPoint' : [ 0x0, ['_DBGKD_WRITE_CUSTOM_BREAKPOINT']],
+} ],
+  '_DBGKD_MANIPULATE_STATE64' : [ 0x38, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0x10, ['__unnamed_1c0d']],
+} ],
+  '__unnamed_1c14' : [ 0x28, {
+    'ReadMemory' : [ 0x0, ['_DBGKD_READ_MEMORY32']],
+    'WriteMemory' : [ 0x0, ['_DBGKD_WRITE_MEMORY32']],
+    'ReadMemory64' : [ 0x0, ['_DBGKD_READ_MEMORY64']],
+    'WriteMemory64' : [ 0x0, ['_DBGKD_WRITE_MEMORY64']],
+    'GetContext' : [ 0x0, ['_DBGKD_GET_CONTEXT']],
+    'SetContext' : [ 0x0, ['_DBGKD_SET_CONTEXT']],
+    'WriteBreakPoint' : [ 0x0, ['_DBGKD_WRITE_BREAKPOINT32']],
+    'RestoreBreakPoint' : [ 0x0, ['_DBGKD_RESTORE_BREAKPOINT']],
+    'Continue' : [ 0x0, ['_DBGKD_CONTINUE']],
+    'Continue2' : [ 0x0, ['_DBGKD_CONTINUE2']],
+    'ReadWriteIo' : [ 0x0, ['_DBGKD_READ_WRITE_IO32']],
+    'ReadWriteIoExtended' : [ 0x0, ['_DBGKD_READ_WRITE_IO_EXTENDED32']],
+    'QuerySpecialCalls' : [ 0x0, ['_DBGKD_QUERY_SPECIAL_CALLS']],
+    'SetSpecialCall' : [ 0x0, ['_DBGKD_SET_SPECIAL_CALL32']],
+    'SetInternalBreakpoint' : [ 0x0, ['_DBGKD_SET_INTERNAL_BREAKPOINT32']],
+    'GetInternalBreakpoint' : [ 0x0, ['_DBGKD_GET_INTERNAL_BREAKPOINT32']],
+    'GetVersion32' : [ 0x0, ['_DBGKD_GET_VERSION32']],
+    'BreakPointEx' : [ 0x0, ['_DBGKD_BREAKPOINTEX']],
+    'ReadWriteMsr' : [ 0x0, ['_DBGKD_READ_WRITE_MSR']],
+    'SearchMemory' : [ 0x0, ['_DBGKD_SEARCH_MEMORY']],
+    'GetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+    'SetContextEx' : [ 0x0, ['_DBGKD_CONTEXT_EX']],
+} ],
+  '_DBGKD_MANIPULATE_STATE32' : [ 0x34, {
+    'ApiNumber' : [ 0x0, ['unsigned long']],
+    'ProcessorLevel' : [ 0x4, ['unsigned short']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'ReturnStatus' : [ 0x8, ['long']],
+    'u' : [ 0xc, ['__unnamed_1c14']],
+} ],
+  '_DBGKD_READ_WRITE_MSR' : [ 0xc, {
+    'Msr' : [ 0x0, ['unsigned long']],
+    'DataValueLow' : [ 0x4, ['unsigned long']],
+    'DataValueHigh' : [ 0x8, ['unsigned long']],
+} ],
+  '_DBGKD_BREAKPOINTEX' : [ 0x8, {
+    'BreakPointCount' : [ 0x0, ['unsigned long']],
+    'ContinueStatus' : [ 0x4, ['long']],
+} ],
+  '_DBGKD_SEARCH_MEMORY' : [ 0x18, {
+    'SearchAddress' : [ 0x0, ['unsigned long long']],
+    'FoundAddress' : [ 0x0, ['unsigned long long']],
+    'SearchLength' : [ 0x8, ['unsigned long long']],
+    'PatternLength' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGKD_RESTORE_BREAKPOINT' : [ 0x4, {
+    'BreakPointHandle' : [ 0x0, ['unsigned long']],
+} ],
+  '_DBGKD_CONTINUE' : [ 0x4, {
+    'ContinueStatus' : [ 0x0, ['long']],
+} ],
+  '_DBGKD_CONTINUE2' : [ 0x20, {
+    'ContinueStatus' : [ 0x0, ['long']],
+    'ControlSet' : [ 0x4, ['_X86_DBGKD_CONTROL_SET']],
+    'AnyControlSet' : [ 0x4, ['_DBGKD_ANY_CONTROL_SET']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'ParameterBlockOffset' : [ 0xc, ['unsigned long']],
+    'ParameterBlockLength' : [ 0x10, ['unsigned long']],
+    'DataSetRangesOffset' : [ 0x14, ['unsigned long']],
+    'DataSetRangesLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_DATA_SET_RANGE' : [ 0x10, {
+    'StartingOffset' : [ 0x0, ['long long']],
+    'LengthInBytes' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DEVICE_DSM_DEFINITION' : [ 0x1c, {
+    'Action' : [ 0x0, ['unsigned long']],
+    'SingleRange' : [ 0x4, ['unsigned char']],
+    'ParameterBlockAlignment' : [ 0x8, ['unsigned long']],
+    'ParameterBlockLength' : [ 0xc, ['unsigned long']],
+    'HasOutput' : [ 0x10, ['unsigned char']],
+    'OutputBlockAlignment' : [ 0x14, ['unsigned long']],
+    'OutputBlockLength' : [ 0x18, ['unsigned long']],
+} ],
+  '_DEVICE_MANAGE_DATA_SET_ATTRIBUTES_OUTPUT' : [ 0x24, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Action' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'OperationStatus' : [ 0xc, ['unsigned long']],
+    'ExtendedError' : [ 0x10, ['unsigned long']],
+    'TargetDetailedError' : [ 0x14, ['unsigned long']],
+    'ReservedStatus' : [ 0x18, ['unsigned long']],
+    'OutputBlockOffset' : [ 0x1c, ['unsigned long']],
+    'OutputBlockLength' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_ACPI_RESOURCE' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'IoMemory' : [ 0x0, ['_PEP_ACPI_IO_MEMORY_RESOURCE']],
+    'Interrupt' : [ 0x0, ['_PEP_ACPI_INTERRUPT_RESOURCE']],
+    'Gpio' : [ 0x0, ['_PEP_ACPI_GPIO_RESOURCE']],
+    'SpbI2c' : [ 0x0, ['_PEP_ACPI_SPB_I2C_RESOURCE']],
+    'SpbSpi' : [ 0x0, ['_PEP_ACPI_SPB_SPI_RESOURCE']],
+    'SpbUart' : [ 0x0, ['_PEP_ACPI_SPB_UART_RESOURCE']],
+    'ExtendedAddress' : [ 0x0, ['_PEP_ACPI_EXTENDED_ADDRESS']],
+} ],
+  '_PEP_ACPI_IO_MEMORY_RESOURCE' : [ 0x20, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Information' : [ 0x4, ['unsigned char']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Alignment' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PEP_ACPI_INTERRUPT_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'InterruptType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Flags' : [ 0xc, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'Count' : [ 0x10, ['unsigned char']],
+    'Pins' : [ 0x14, ['pointer', ['unsigned long']]],
+} ],
+  '_PEP_ACPI_GPIO_RESOURCE' : [ 0x30, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'InterruptType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'InterruptPolarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'PinConfig' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PullDefault', 1: u'PullUp', 2: u'PullDown', 3: u'PullNone'})]],
+    'IoRestrictionType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'IoRestrictionNone', 1: u'IoRestrictionInputOnly', 2: u'IoRestrictionOutputOnly', 3: u'IoRestrictionNoneAndPreserve'})]],
+    'DriveStrength' : [ 0x18, ['unsigned short']],
+    'DebounceTimeout' : [ 0x1a, ['unsigned short']],
+    'PinTable' : [ 0x1c, ['pointer', ['wchar']]],
+    'PinCount' : [ 0x20, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0x22, ['unsigned char']],
+    'ResourceSourceName' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x28, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x2c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_I2C_RESOURCE' : [ 0x20, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'SlaveAddress' : [ 0x1c, ['unsigned short']],
+} ],
+  '_PEP_ACPI_SPB_UART_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'BaudRate' : [ 0x18, ['unsigned long']],
+    'RxBufferSize' : [ 0x1c, ['unsigned short']],
+    'TxBufferSize' : [ 0x1e, ['unsigned short']],
+    'Parity' : [ 0x20, ['unsigned char']],
+    'LinesInUse' : [ 0x21, ['unsigned char']],
+} ],
+  '_PEP_ACPI_SPB_SPI_RESOURCE' : [ 0x24, {
+    'SpbCommon' : [ 0x0, ['_PEP_ACPI_SPB_RESOURCE']],
+    'ConnectionSpeed' : [ 0x18, ['unsigned long']],
+    'DataBitLength' : [ 0x1c, ['unsigned char']],
+    'Phase' : [ 0x1d, ['unsigned char']],
+    'Polarity' : [ 0x1e, ['unsigned char']],
+    'DeviceSelection' : [ 0x20, ['unsigned short']],
+} ],
+  '_PEP_ACPI_EXTENDED_ADDRESS' : [ 0x48, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'ResourceFlags' : [ 0x8, ['unsigned char']],
+    'GeneralFlags' : [ 0x9, ['unsigned char']],
+    'TypeSpecificFlags' : [ 0xa, ['unsigned char']],
+    'RevisionId' : [ 0xb, ['unsigned char']],
+    'Reserved' : [ 0xc, ['unsigned char']],
+    'Granularity' : [ 0x10, ['unsigned long long']],
+    'MinimumAddress' : [ 0x18, ['unsigned long long']],
+    'MaximumAddress' : [ 0x20, ['unsigned long long']],
+    'TranslationAddress' : [ 0x28, ['unsigned long long']],
+    'AddressLength' : [ 0x30, ['unsigned long long']],
+    'TypeAttribute' : [ 0x38, ['unsigned long long']],
+    'DescriptorName' : [ 0x40, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_PPM_PLATFORM_STATES' : [ 0x100, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'InterfaceVersion' : [ 0x4, ['unsigned long']],
+    'ProcessorCount' : [ 0x8, ['unsigned long']],
+    'CoordinatedInterface' : [ 0xc, ['unsigned char']],
+    'IdleTest' : [ 0x10, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x14, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x18, ['pointer', ['void']]],
+    'QueryPlatformStateResidency' : [ 0x1c, ['pointer', ['void']]],
+    'Accounting' : [ 0x20, ['pointer', ['_PLATFORM_IDLE_ACCOUNTING']]],
+    'DeepSleepEnabled' : [ 0x24, ['unsigned char']],
+    'State' : [ 0x40, ['array', 1, ['_PPM_PLATFORM_STATE']]],
+} ],
+  '_POP_CPU_INFO' : [ 0x10, {
+    'Eax' : [ 0x0, ['unsigned long']],
+    'Ebx' : [ 0x4, ['unsigned long']],
+    'Ecx' : [ 0x8, ['unsigned long']],
+    'Edx' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_PPM_PROFILE' : [ 0x228, {
+    'Name' : [ 0x0, ['pointer', ['wchar']]],
+    'Id' : [ 0x4, ['unsigned char']],
+    'Guid' : [ 0x8, ['_GUID']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Priority' : [ 0x1c, ['unsigned char']],
+    'Settings' : [ 0x20, ['array', 2, ['_PPM_ENGINE_SETTINGS']]],
+    'StartTime' : [ 0x200, ['unsigned long long']],
+    'Count' : [ 0x208, ['unsigned long long']],
+    'MaxDuration' : [ 0x210, ['unsigned long long']],
+    'MinDuration' : [ 0x218, ['unsigned long long']],
+    'TotalDuration' : [ 0x220, ['unsigned long long']],
+} ],
+  '_PPM_ENGINE_SETTINGS' : [ 0xf0, {
+    'ExplicitSetting' : [ 0x0, ['array', 2, ['_PPM_POLICY_SETTINGS_MASK']]],
+    'ThrottlingPolicy' : [ 0x10, ['unsigned char']],
+    'PerfTimeCheck' : [ 0x14, ['unsigned long']],
+    'PerfHistoryCount' : [ 0x18, ['array', 2, ['unsigned char']]],
+    'PerfMinPolicy' : [ 0x1a, ['array', 2, ['unsigned char']]],
+    'PerfMaxPolicy' : [ 0x1c, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseTime' : [ 0x1e, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseTime' : [ 0x20, ['array', 2, ['unsigned char']]],
+    'PerfDecreasePolicy' : [ 0x22, ['array', 2, ['unsigned char']]],
+    'PerfIncreasePolicy' : [ 0x24, ['array', 2, ['unsigned char']]],
+    'PerfDecreaseThreshold' : [ 0x26, ['array', 2, ['unsigned char']]],
+    'PerfIncreaseThreshold' : [ 0x28, ['array', 2, ['unsigned char']]],
+    'PerfFrequencyCap' : [ 0x2c, ['array', 2, ['unsigned long']]],
+    'PerfBoostPolicy' : [ 0x34, ['unsigned long']],
+    'PerfBoostMode' : [ 0x38, ['unsigned long']],
+    'PerfReductionTolerance' : [ 0x3c, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x40, ['array', 2, ['unsigned long']]],
+    'AutonomousActivityWindow' : [ 0x48, ['unsigned long']],
+    'AutonomousPreference' : [ 0x4c, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x4d, ['array', 2, ['unsigned char']]],
+    'LatencyHintUnpark' : [ 0x4f, ['array', 2, ['unsigned char']]],
+    'ResponsivenessDisableThreshold' : [ 0x54, ['array', 2, ['unsigned long']]],
+    'ResponsivenessEnableThreshold' : [ 0x5c, ['array', 2, ['unsigned long']]],
+    'ResponsivenessDisableTime' : [ 0x64, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEnableTime' : [ 0x66, ['array', 2, ['unsigned char']]],
+    'ResponsivenessEppCeiling' : [ 0x68, ['array', 2, ['unsigned long']]],
+    'ResponsivenessPerfFloor' : [ 0x70, ['array', 2, ['unsigned long']]],
+    'DutyCycling' : [ 0x78, ['unsigned char']],
+    'ParkingPerfState' : [ 0x79, ['array', 2, ['unsigned char']]],
+    'DistributeUtility' : [ 0x7b, ['unsigned char']],
+    'CoreParkingOverUtilizationThreshold' : [ 0x7c, ['unsigned char']],
+    'CoreParkingConcurrencyThreshold' : [ 0x7d, ['unsigned char']],
+    'CoreParkingHeadroomThreshold' : [ 0x7e, ['unsigned char']],
+    'CoreParkingDistributionThreshold' : [ 0x7f, ['unsigned char']],
+    'CoreParkingDecreasePolicy' : [ 0x80, ['unsigned char']],
+    'CoreParkingIncreasePolicy' : [ 0x81, ['unsigned char']],
+    'CoreParkingDecreaseTime' : [ 0x84, ['unsigned long']],
+    'CoreParkingIncreaseTime' : [ 0x88, ['unsigned long']],
+    'CoreParkingMinCores' : [ 0x8c, ['array', 2, ['unsigned char']]],
+    'CoreParkingMaxCores' : [ 0x8e, ['array', 2, ['unsigned char']]],
+    'SoftParkLatency' : [ 0x90, ['unsigned long']],
+    'AllowScaling' : [ 0x94, ['unsigned char']],
+    'IdleDisabled' : [ 0x95, ['unsigned char']],
+    'IdleTimeCheck' : [ 0x98, ['unsigned long']],
+    'IdleDemotePercent' : [ 0x9c, ['unsigned char']],
+    'IdlePromotePercent' : [ 0x9d, ['unsigned char']],
+    'IdleStateMax' : [ 0x9e, ['unsigned char']],
+    'HeteroDecreaseTime' : [ 0x9f, ['unsigned char']],
+    'HeteroIncreaseTime' : [ 0xa0, ['unsigned char']],
+    'HeteroDecreaseThreshold' : [ 0xa1, ['array', 32, ['unsigned char']]],
+    'HeteroIncreaseThreshold' : [ 0xc1, ['array', 32, ['unsigned char']]],
+    'Class0FloorPerformance' : [ 0xe1, ['unsigned char']],
+    'Class1InitialPerformance' : [ 0xe2, ['unsigned char']],
+    'ThreadPolicies' : [ 0xe4, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuPolicyAll', 1: u'KHeteroCpuPolicyLarge', 2: u'KHeteroCpuPolicyLargeOrIdle', 3: u'KHeteroCpuPolicySmall', 4: u'KHeteroCpuPolicySmallOrIdle', 5: u'KHeteroCpuPolicyStaticMax', 6: u'KHeteroCpuPolicyBiasedSmall', 7: u'KHeteroCpuPolicyBiasedLarge', 8: u'KHeteroCpuPolicyDefault', 9: u'KHeteroCpuPolicyMax'})]]],
+} ],
+  '_ESERVERSILO_GLOBALS' : [ 0x2a0, {
+    'ObSiloState' : [ 0x0, ['_OBP_SILODRIVERSTATE']],
+    'SeSiloState' : [ 0x1a4, ['_SEP_SILOSTATE']],
+    'SeRmSiloState' : [ 0x1c0, ['_SEP_RM_LSA_CONNECTION_STATE']],
+    'EtwSiloState' : [ 0x1f0, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'MiSessionLeaderProcess' : [ 0x1f4, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPortProcess' : [ 0x1f8, ['pointer', ['_EPROCESS']]],
+    'ExpDefaultErrorPort' : [ 0x1fc, ['pointer', ['void']]],
+    'HardErrorState' : [ 0x200, ['unsigned long']],
+    'ExpLicenseState' : [ 0x204, ['pointer', ['_EXP_LICENSE_STATE']]],
+    'WnfSiloState' : [ 0x208, ['_WNF_SILODRIVERSTATE']],
+    'DbgkSiloState' : [ 0x238, ['_DBGK_SILOSTATE']],
+    'PsProtectedCurrentDirectory' : [ 0x248, ['_UNICODE_STRING']],
+    'PsProtectedEnvironment' : [ 0x250, ['_UNICODE_STRING']],
+    'ApiSetSection' : [ 0x258, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x25c, ['pointer', ['void']]],
+    'OneCoreForwardersEnabled' : [ 0x260, ['unsigned char']],
+    'NtSystemRoot' : [ 0x264, ['_UNICODE_STRING']],
+    'SiloRootDirectoryName' : [ 0x26c, ['_UNICODE_STRING']],
+    'Storage' : [ 0x274, ['pointer', ['_PSP_STORAGE']]],
+    'State' : [ 0x278, ['Enumeration', dict(target = 'long', choices = {0: u'SERVERSILO_INITING', 1: u'SERVERSILO_STARTED', 2: u'SERVERSILO_SHUTTING_DOWN', 3: u'SERVERSILO_TERMINATING', 4: u'SERVERSILO_TERMINATED'})]],
+    'ExitStatus' : [ 0x27c, ['long']],
+    'DeleteEvent' : [ 0x280, ['pointer', ['_KEVENT']]],
+    'UserSharedData' : [ 0x284, ['pointer', ['_SILO_USER_SHARED_DATA']]],
+    'UserSharedSection' : [ 0x288, ['pointer', ['void']]],
+    'TerminateWorkItem' : [ 0x28c, ['_WORK_QUEUE_ITEM']],
+    'IsDownlevelContainer' : [ 0x29c, ['unsigned char']],
+} ],
+  '_SILO_USER_SHARED_DATA' : [ 0x248, {
+    'ServiceSessionId' : [ 0x0, ['unsigned long']],
+    'ActiveConsoleId' : [ 0x4, ['unsigned long']],
+    'ConsoleSessionForegroundProcessId' : [ 0x8, ['long long']],
+    'NtProductType' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {1: u'NtProductWinNt', 2: u'NtProductLanManNt', 3: u'NtProductServer'})]],
+    'SuiteMask' : [ 0x14, ['unsigned long']],
+    'SharedUserSessionId' : [ 0x18, ['unsigned long']],
+    'IsMultiSessionSku' : [ 0x1c, ['unsigned char']],
+    'NtSystemRoot' : [ 0x1e, ['array', 260, ['wchar']]],
+    'UserModeGlobalLogger' : [ 0x226, ['array', 16, ['unsigned short']]],
+} ],
+  '_POP_FX_COMPONENT_FLAGS' : [ 0x8, {
+    'Value' : [ 0x0, ['long']],
+    'Value2' : [ 0x4, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'Idling' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'CriticalIdleOverride' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ResidentOverride' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_PERF_FLAGS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'Progress' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 27, native_type='unsigned long')]],
+    'Synchronicity' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 29, native_type='unsigned long')]],
+    'RequestPepCompleted' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'RequestSucceeded' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NestedCallback' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_FX_DEVICE_STATUS' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'SystemTransition' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PepD0Notify' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IdleTimerOn' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'IgnoreIdleTimeout' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'IrpInUse' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'IrpPending' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DPNRDeviceNotified' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DPNRReceivedFromPep' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'IrpFirstPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IrpLastPendingIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SIrpBlocked' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BlockFastResume' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DirectedPoweredDown' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'DirectedTransitionInProgress' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_POP_RW_LOCK' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+} ],
+  '_VOLUME_CACHE_MAP' : [ 0x90, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteCode' : [ 0x2, ['short']],
+    'UseCount' : [ 0x4, ['unsigned long']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'VolumeCacheMapLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'DirtyPages' : [ 0x14, ['unsigned long']],
+    'LogHandleContext' : [ 0x18, ['_LOG_HANDLE_CONTEXT']],
+    'Flags' : [ 0x80, ['unsigned long']],
+    'PagesQueuedToDisk' : [ 0x84, ['unsigned long']],
+    'LoggedPagesQueuedToDisk' : [ 0x88, ['unsigned long']],
+} ],
+  '_SHARED_CACHE_MAP' : [ 0x188, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'OpenCount' : [ 0x4, ['unsigned long']],
+    'FileSize' : [ 0x8, ['_LARGE_INTEGER']],
+    'BcbList' : [ 0x10, ['_LIST_ENTRY']],
+    'SectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'ValidDataLength' : [ 0x20, ['_LARGE_INTEGER']],
+    'ValidDataGoal' : [ 0x28, ['_LARGE_INTEGER']],
+    'InitialVacbs' : [ 0x30, ['array', 4, ['pointer', ['_VACB']]]],
+    'Vacbs' : [ 0x40, ['pointer', ['pointer', ['_VACB']]]],
+    'FileObjectFastRef' : [ 0x44, ['_EX_FAST_REF']],
+    'VacbLock' : [ 0x48, ['_EX_PUSH_LOCK']],
+    'DirtyPages' : [ 0x4c, ['unsigned long']],
+    'LoggedStreamLinks' : [ 0x50, ['_LIST_ENTRY']],
+    'SharedCacheMapLinks' : [ 0x58, ['_LIST_ENTRY']],
+    'Flags' : [ 0x60, ['unsigned long']],
+    'Status' : [ 0x64, ['long']],
+    'Mbcb' : [ 0x68, ['pointer', ['_MBCB']]],
+    'Section' : [ 0x6c, ['pointer', ['void']]],
+    'CreateEvent' : [ 0x70, ['pointer', ['_KEVENT']]],
+    'WaitOnActiveCount' : [ 0x74, ['pointer', ['_KEVENT']]],
+    'PagesToWrite' : [ 0x78, ['unsigned long']],
+    'BeyondLastFlush' : [ 0x80, ['long long']],
+    'Callbacks' : [ 0x88, ['pointer', ['_CACHE_MANAGER_CALLBACKS']]],
+    'LazyWriteContext' : [ 0x8c, ['pointer', ['void']]],
+    'PrivateList' : [ 0x90, ['_LIST_ENTRY']],
+    'V1' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V1']],
+    'V2' : [ 0x98, ['_LOGGED_STREAM_CALLBACK_V2']],
+    'LargestLSN' : [ 0xa0, ['_LARGE_INTEGER']],
+    'DirtyPageThreshold' : [ 0xa8, ['unsigned long']],
+    'LazyWritePassCount' : [ 0xac, ['unsigned long']],
+    'UninitializeEvent' : [ 0xb0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'BcbLock' : [ 0xb4, ['_FAST_MUTEX']],
+    'LastUnmapBehindOffset' : [ 0xd8, ['_LARGE_INTEGER']],
+    'Event' : [ 0xe0, ['_KEVENT']],
+    'HighWaterMappingOffset' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PrivateCacheMap' : [ 0xf8, ['_PRIVATE_CACHE_MAP']],
+    'WriteBehindWorkQueueEntry' : [ 0x160, ['pointer', ['void']]],
+    'VolumeCacheMap' : [ 0x164, ['pointer', ['_VOLUME_CACHE_MAP']]],
+    'ProcImagePathHash' : [ 0x168, ['unsigned long']],
+    'WritesInProgress' : [ 0x16c, ['unsigned long']],
+    'AsyncReadRequestCount' : [ 0x170, ['unsigned long']],
+    'Partition' : [ 0x174, ['pointer', ['_CC_PARTITION']]],
+    'InternalRefCount' : [ 0x178, ['unsigned long']],
+    'NumMappedVacb' : [ 0x17c, ['unsigned long']],
+    'NumActiveVacb' : [ 0x180, ['unsigned long']],
+} ],
+  '__unnamed_1d34' : [ 0x8, {
+    'FileOffset' : [ 0x0, ['_LARGE_INTEGER']],
+    'ActiveCount' : [ 0x0, ['unsigned short']],
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_VACB' : [ 0x18, {
+    'BaseAddress' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'Overlay' : [ 0x8, ['__unnamed_1d34']],
+    'ArrayHead' : [ 0x10, ['pointer', ['_VACB_ARRAY_HEADER']]],
+} ],
+  '_CC_PARTITION' : [ 0x2c0, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'PartitionObject' : [ 0x4, ['pointer', ['_EPARTITION']]],
+    'CleanSharedCacheMapList' : [ 0x8, ['_LIST_ENTRY']],
+    'CleanSharedCacheMapWithLogHandleList' : [ 0x10, ['_LIST_ENTRY']],
+    'DirtySharedCacheMapList' : [ 0x18, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'LazyWriteCursor' : [ 0x24, ['_SHARED_CACHE_MAP_LIST_CURSOR']],
+    'DirtySharedCacheMapWithLogHandleList' : [ 0x30, ['_LIST_ENTRY']],
+    'PrivateLock' : [ 0x40, ['unsigned long']],
+    'ConsecutiveWorklessLazyScanCount' : [ 0x44, ['unsigned long']],
+    'ForcedDisableLazywriteScan' : [ 0x48, ['unsigned char']],
+    'WorkQueueLock' : [ 0x80, ['unsigned long']],
+    'NumberWorkerThreads' : [ 0x84, ['unsigned long']],
+    'NumberActiveWorkerThreads' : [ 0x88, ['unsigned long']],
+    'IdleWorkerThreadList' : [ 0x8c, ['_LIST_ENTRY']],
+    'FastTeardownWorkQueue' : [ 0x94, ['_LIST_ENTRY']],
+    'ExpressWorkQueue' : [ 0x9c, ['_LIST_ENTRY']],
+    'RegularWorkQueue' : [ 0xa4, ['_LIST_ENTRY']],
+    'PostTickWorkQueue' : [ 0xac, ['_LIST_ENTRY']],
+    'CleanCachemapUninitWorkQueue' : [ 0xb4, ['_LIST_ENTRY']],
+    'IdleExtraWriteBehindThreadList' : [ 0xbc, ['_LIST_ENTRY']],
+    'ActiveExtraWriteBehindThreads' : [ 0xc4, ['unsigned long']],
+    'MaxExtraWriteBehindThreads' : [ 0xc8, ['unsigned long']],
+    'IdleCacheMapUninitThreadList' : [ 0xcc, ['_LIST_ENTRY']],
+    'ActiveCacheMapUninitThreads' : [ 0xd4, ['unsigned long']],
+    'MaxCacheMapUninitThreads' : [ 0xd8, ['unsigned long']],
+    'QueueThrottle' : [ 0xdc, ['unsigned char']],
+    'PostTickWorkItemCount' : [ 0xe0, ['unsigned long']],
+    'ThreadsActiveBeforeThrottle' : [ 0xe4, ['unsigned long']],
+    'ExtraWBThreadsActiveBeforeThrottle' : [ 0xe8, ['unsigned long']],
+    'ExecutingWriteBehindWorkItems' : [ 0xec, ['unsigned long']],
+    'ExecutingHighPriorityWorkItem' : [ 0xf0, ['unsigned long']],
+    'LowMemoryEvent' : [ 0xf4, ['_KEVENT']],
+    'PowerEvent' : [ 0x104, ['_KEVENT']],
+    'PeriodicEvent' : [ 0x114, ['_KEVENT']],
+    'WaitingForTeardownEvent' : [ 0x124, ['_KEVENT']],
+    'CoalescingFlushEvent' : [ 0x134, ['_KEVENT']],
+    'PagesYetToWrite' : [ 0x144, ['unsigned long']],
+    'LazyWriter' : [ 0x148, ['_LAZY_WRITER']],
+    'DirtyPageStatistics' : [ 0x198, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x1a8, ['_DIRTY_PAGE_THRESHOLDS']],
+    'ThroughputStats' : [ 0x1d0, ['pointer', ['_WRITE_BEHIND_THROUGHPUT']]],
+    'ThroughputTrend' : [ 0x1d4, ['long']],
+    'AverageAvailablePages' : [ 0x1d8, ['unsigned long long']],
+    'AverageDirtyPages' : [ 0x1e0, ['unsigned long long']],
+    'PagesSkippedDueToHotSpot' : [ 0x1e8, ['unsigned long long']],
+    'PrevRegularQueueItemRunTime' : [ 0x1f0, ['_LARGE_INTEGER']],
+    'PrevExtraWBThreadCheckTime' : [ 0x1f8, ['_LARGE_INTEGER']],
+    'AddExtraWriteBehindThreads' : [ 0x200, ['unsigned char']],
+    'RemoveExtraThreadPending' : [ 0x201, ['unsigned char']],
+    'DeferredWrites' : [ 0x204, ['_LIST_ENTRY']],
+    'DeferredWriteSpinLock' : [ 0x240, ['unsigned long']],
+    'IdleAsyncReadWorkerThreadList' : [ 0x244, ['pointer', ['_LIST_ENTRY']]],
+    'NumberActiveAsyncReadWorkerThreads' : [ 0x248, ['pointer', ['unsigned long']]],
+    'NumberActiveCompleteAsyncReadWorkItems' : [ 0x24c, ['pointer', ['unsigned long']]],
+    'AsyncReadWorkQueue' : [ 0x250, ['pointer', ['_LIST_ENTRY']]],
+    'AsyncReadCompletionWorkQueue' : [ 0x254, ['pointer', ['_LIST_ENTRY']]],
+    'NewAsyncReadRequestEvent' : [ 0x258, ['pointer', ['_KEVENT']]],
+    'ReaderThreadsStats' : [ 0x25c, ['pointer', ['_ASYNC_READ_THREAD_STATS']]],
+    'AsyncReadWorkQueueLock' : [ 0x260, ['_EX_PUSH_LOCK']],
+    'VacbFreeHighPriorityList' : [ 0x264, ['_LIST_ENTRY']],
+    'NumberOfFreeHighPriorityVacbs' : [ 0x26c, ['unsigned long']],
+    'LowPriWorkerThread' : [ 0x270, ['pointer', ['_ETHREAD']]],
+    'LowPriSharedCacheMap' : [ 0x274, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'LowPriOldCpuPriority' : [ 0x278, ['long']],
+    'LowPriOldIoPriority' : [ 0x27c, ['Enumeration', dict(target = 'long', choices = {0: u'IoPriorityVeryLow', 1: u'IoPriorityLow', 2: u'IoPriorityNormal', 3: u'IoPriorityHigh', 4: u'IoPriorityCritical', 5: u'MaxIoPriorityTypes'})]],
+    'LowPriorityWorkerThreadLock' : [ 0x280, ['_EX_PUSH_LOCK']],
+    'MaxNumberOfWriteBehindThreads' : [ 0x284, ['unsigned long']],
+    'CoalescingState' : [ 0x288, ['unsigned char']],
+    'ActivePartition' : [ 0x289, ['unsigned char']],
+    'RundownPhase' : [ 0x28a, ['unsigned char']],
+    'RefCount' : [ 0x28c, ['long']],
+    'ExitEvent' : [ 0x290, ['_KEVENT']],
+    'FinalDereferenceEvent' : [ 0x2a0, ['_KEVENT']],
+    'LazyWriteScanThreadHandle' : [ 0x2b0, ['pointer', ['void']]],
+} ],
+  '__unnamed_1d5a' : [ 0x8, {
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'DiskIoAttribution' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_1d5c' : [ 0x4, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+} ],
+  '__unnamed_1d5e' : [ 0x4, {
+    'Event' : [ 0x0, ['pointer', ['_KEVENT']]],
+} ],
+  '__unnamed_1d60' : [ 0x4, {
+    'Reason' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1d62' : [ 0x1c, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'IoStatus' : [ 0x4, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallerWaitEvent' : [ 0x8, ['_KEVENT']],
+    'IsLowPriWriteBehind' : [ 0x18, ['unsigned char']],
+} ],
+  '__unnamed_1d66' : [ 0x40, {
+    'SharedCacheMap' : [ 0x0, ['pointer', ['_SHARED_CACHE_MAP']]],
+    'FileOffset' : [ 0x8, ['_LARGE_INTEGER']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'PrefetchList' : [ 0x18, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'PrefetchPagePriority' : [ 0x1c, ['unsigned long']],
+    'Mdl' : [ 0x20, ['pointer', ['_MDL']]],
+    'IoStatusBlock' : [ 0x24, ['pointer', ['_IO_STATUS_BLOCK']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['_CC_ASYNC_READ_CONTEXT']]],
+    'OriginatingProcess' : [ 0x2c, ['pointer', ['_EPROCESS']]],
+    'IoIssuerThread' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'DiskIoAttribution' : [ 0x34, ['pointer', ['void']]],
+    'RequestorMode' : [ 0x38, ['unsigned char']],
+    'NestingLevel' : [ 0x3c, ['unsigned long']],
+} ],
+  '__unnamed_1d68' : [ 0x40, {
+    'Read' : [ 0x0, ['__unnamed_1d5a']],
+    'Write' : [ 0x0, ['__unnamed_1d5c']],
+    'Event' : [ 0x0, ['__unnamed_1d5e']],
+    'Notification' : [ 0x0, ['__unnamed_1d60']],
+    'LowPriWrite' : [ 0x0, ['__unnamed_1d62']],
+    'AsyncRead' : [ 0x0, ['__unnamed_1d66']],
+} ],
+  '_WORK_QUEUE_ENTRY' : [ 0x50, {
+    'WorkQueueLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Parameters' : [ 0x8, ['__unnamed_1d68']],
+    'Function' : [ 0x48, ['unsigned char']],
+    'Partition' : [ 0x4c, ['pointer', ['_CC_PARTITION']]],
+} ],
+  '_DEFERRED_WRITE' : [ 0x38, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeByteSize' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'BytesToWrite' : [ 0x8, ['unsigned long']],
+    'DeferredWriteLinks' : [ 0xc, ['_LIST_ENTRY']],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'PostRoutine' : [ 0x18, ['pointer', ['void']]],
+    'Context1' : [ 0x1c, ['pointer', ['void']]],
+    'Context2' : [ 0x20, ['pointer', ['void']]],
+    'Partition' : [ 0x24, ['pointer', ['_CC_PARTITION']]],
+    'SoftThrottle' : [ 0x28, ['unsigned char']],
+    'TimeAdded' : [ 0x30, ['_LARGE_INTEGER']],
+} ],
+  '_SECTION_OBJECT_POINTERS' : [ 0xc, {
+    'DataSectionObject' : [ 0x0, ['pointer', ['void']]],
+    'SharedCacheMap' : [ 0x4, ['pointer', ['void']]],
+    'ImageSectionObject' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_CC_EXTERNAL_CACHE_INFO' : [ 0x18, {
+    'Callback' : [ 0x0, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0x4, ['_DIRTY_PAGE_STATISTICS']],
+    'Links' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  'VACB_LEVEL_ALLOCATION_LIST' : [ 0x10, {
+    'VacbLevelList' : [ 0x0, ['_LIST_ENTRY']],
+    'VacbLevelWithBcbListHeads' : [ 0x8, ['pointer', ['void']]],
+    'VacbLevelsAllocated' : [ 0xc, ['unsigned long']],
+} ],
+  '_VACB_LEVEL_REFERENCE' : [ 0x8, {
+    'Reference' : [ 0x0, ['long']],
+    'SpecialReference' : [ 0x4, ['long']],
+} ],
+  '_LOG_HANDLE_CONTEXT' : [ 0x68, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+    'QueryLogHandleInfoRoutine' : [ 0x8, ['pointer', ['void']]],
+    'DirtyPageStatistics' : [ 0xc, ['_DIRTY_PAGE_STATISTICS']],
+    'DirtyPageThresholds' : [ 0x18, ['_DIRTY_PAGE_THRESHOLDS']],
+    'AdditionalPagesToWrite' : [ 0x40, ['unsigned long']],
+    'CcLWScanDPThreshold' : [ 0x44, ['unsigned long']],
+    'LargestLsnForCurrentLWScan' : [ 0x48, ['_LARGE_INTEGER']],
+    'RelatedFileObject' : [ 0x50, ['pointer', ['_FILE_OBJECT']]],
+    'LargestLsnFileObjectKey' : [ 0x54, ['unsigned long']],
+    'LastLWTimeStamp' : [ 0x58, ['_LARGE_INTEGER']],
+    'Flags' : [ 0x60, ['unsigned long']],
+} ],
+  '_MBCB' : [ 0x88, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'NodeIsInZone' : [ 0x2, ['short']],
+    'PagesToWrite' : [ 0x4, ['unsigned long']],
+    'DirtyPages' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+    'BitmapRanges' : [ 0x10, ['_LIST_ENTRY']],
+    'ResumeWritePage' : [ 0x18, ['long long']],
+    'MostRecentlyDirtiedPage' : [ 0x20, ['long long']],
+    'BitmapRange1' : [ 0x28, ['_BITMAP_RANGE']],
+    'BitmapRange2' : [ 0x48, ['_BITMAP_RANGE']],
+    'BitmapRange3' : [ 0x68, ['_BITMAP_RANGE']],
+} ],
+  '_BITMAP_RANGE' : [ 0x20, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'BasePage' : [ 0x8, ['long long']],
+    'FirstDirtyPage' : [ 0x10, ['unsigned long']],
+    'LastDirtyPage' : [ 0x14, ['unsigned long']],
+    'DirtyPages' : [ 0x18, ['unsigned long']],
+    'Bitmap' : [ 0x1c, ['pointer', ['unsigned long']]],
+} ],
+  '_SHARED_CACHE_MAP_LIST_CURSOR' : [ 0xc, {
+    'SharedCacheMapLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_LAZY_WRITER' : [ 0x50, {
+    'ScanDpc' : [ 0x0, ['_KDPC']],
+    'ScanTimer' : [ 0x20, ['_KTIMER']],
+    'ScanActive' : [ 0x48, ['unsigned char']],
+    'OtherWork' : [ 0x49, ['unsigned char']],
+    'PendingTeardownScan' : [ 0x4a, ['unsigned char']],
+    'PendingPeriodicScan' : [ 0x4b, ['unsigned char']],
+    'PendingLowMemoryScan' : [ 0x4c, ['unsigned char']],
+    'PendingPowerScan' : [ 0x4d, ['unsigned char']],
+    'PendingCoalescingFlushScan' : [ 0x4e, ['unsigned char']],
+} ],
+  '_CACHE_UNINITIALIZE_EVENT' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_CACHE_UNINITIALIZE_EVENT']]],
+    'Event' : [ 0x4, ['_KEVENT']],
+} ],
+  '_HEAP_SUBALLOCATOR_CALLBACKS' : [ 0x14, {
+    'Allocate' : [ 0x0, ['unsigned long']],
+    'Free' : [ 0x4, ['unsigned long']],
+    'Commit' : [ 0x8, ['unsigned long']],
+    'Decommit' : [ 0xc, ['unsigned long']],
+    'ExtendContext' : [ 0x10, ['unsigned long']],
+} ],
+  '_SEGMENT_HEAP_EXTRA' : [ 0x8, {
+    'AllocationTag' : [ 0x0, ['unsigned short']],
+    'InterceptorIndex' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'UserFlags' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'ExtraSizeInUnits' : [ 0x3, ['unsigned char']],
+    'Settable' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_RTL_CSPARSE_BITMAP' : [ 0x24, {
+    'CommitBitmap' : [ 0x0, ['pointer', ['unsigned long']]],
+    'UserBitmap' : [ 0x4, ['pointer', ['unsigned long']]],
+    'BitCount' : [ 0x8, ['unsigned long']],
+    'BitmapLock' : [ 0xc, ['unsigned long']],
+    'DecommitPageIndex' : [ 0x10, ['unsigned long']],
+    'RtlpCSparseBitmapWakeLock' : [ 0x14, ['unsigned long']],
+    'LockType' : [ 0x18, ['unsigned char']],
+    'AddressSpace' : [ 0x19, ['unsigned char']],
+    'MemType' : [ 0x1a, ['unsigned char']],
+    'AllocAlignment' : [ 0x1b, ['unsigned char']],
+    'CommitDirectoryMaxSize' : [ 0x1c, ['unsigned long']],
+    'CommitDirectory' : [ 0x20, ['array', 1, ['unsigned long']]],
+} ],
+  '_RTL_SPARSE_ARRAY' : [ 0x2c, {
+    'ElementCount' : [ 0x0, ['unsigned long']],
+    'ElementSizeShift' : [ 0x4, ['unsigned long']],
+    'Bitmap' : [ 0x8, ['_RTL_CSPARSE_BITMAP']],
+} ],
+  '_HEAP_VAMGR_ALLOCATOR' : [ 0x1c, {
+    'TreeLock' : [ 0x0, ['unsigned long']],
+    'FreeRanges' : [ 0x4, ['_RTL_RB_TREE']],
+    'VaSpace' : [ 0xc, ['pointer', ['_HEAP_VAMGR_VASPACE']]],
+    'PartitionHandle' : [ 0x10, ['pointer', ['void']]],
+    'ChunksPerRegion' : [ 0x14, ['unsigned short']],
+    'RefCount' : [ 0x16, ['unsigned short']],
+    'AllocatorIndex' : [ 0x18, ['unsigned char']],
+    'NumaNode' : [ 0x19, ['unsigned char']],
+    'LockType' : [ 0x1a, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MemoryType' : [ 0x1a, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'ConstrainedVA' : [ 0x1a, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'AllowFreeHead' : [ 0x1a, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Spare0' : [ 0x1a, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1b, ['unsigned char']],
+} ],
+  '_HEAP_VAMGR_VASPACE' : [ 0x34, {
+    'AddressSpaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'HeapAddressUser', 1: u'HeapAddressKernel', 2: u'HeapAddressSession', 3: u'HeapAddressSecureKernel', 4: u'HeapAddressTypeMax'})]],
+    'BaseAddress' : [ 0x4, ['unsigned long']],
+    'VaRangeArray' : [ 0x8, ['_RTL_SPARSE_ARRAY']],
+    'VaRangeArrayBuffer' : [ 0x8, ['array', 44, ['unsigned char']]],
+} ],
+  '_HEAP_VAMGR_RANGE' : [ 0x10, {
+    'RbNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Next' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Standalone' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'AllocatorIndex' : [ 0x1, ['unsigned char']],
+    'OwnerCtx' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'SizeInChunks' : [ 0xc, ['unsigned long']],
+    'ChunkCount' : [ 0xc, ['unsigned short']],
+    'PrevChunkCount' : [ 0xe, ['unsigned short']],
+    'Signature' : [ 0xc, ['unsigned long']],
+} ],
+  '_RTLP_HP_HEAP_MANAGER' : [ 0x1c70, {
+    'Globals' : [ 0x0, ['pointer', ['_RTLP_HP_HEAP_GLOBALS']]],
+    'AllocTracker' : [ 0x4, ['_RTLP_HP_ALLOC_TRACKER']],
+    'VaMgr' : [ 0x30, ['_HEAP_VAMGR_CTX']],
+    'MetadataHeaps' : [ 0x1c50, ['array', 3, ['_RTLP_HP_METADATA_HEAP_CTX']]],
+    'SubAllocConfigs' : [ 0x1c68, ['_RTL_HP_SUB_ALLOCATOR_CONFIGS']],
+} ],
+  '_RTLP_HP_ALLOC_TRACKER' : [ 0x2c, {
+    'BaseAddress' : [ 0x0, ['unsigned long']],
+    'AllocTrackerBitmap' : [ 0x4, ['_RTL_CSPARSE_BITMAP']],
+    'AllocTrackerBitmapBuffer' : [ 0x4, ['array', 40, ['unsigned char']]],
+} ],
+  '_RTL_STACKDB_CONTEXT' : [ 0x2c, {
+    'StackSegmentTable' : [ 0x0, ['_RTL_HASH_TABLE']],
+    'StackEntryTable' : [ 0xc, ['_RTL_HASH_TABLE']],
+    'StackEntryTableLock' : [ 0x18, ['_RTL_SRWLOCK']],
+    'SegmentTableLock' : [ 0x1c, ['_RTL_SRWLOCK']],
+    'Allocate' : [ 0x20, ['pointer', ['void']]],
+    'Free' : [ 0x24, ['pointer', ['void']]],
+    'AllocatorContext' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_HEAP_LFH_FAST_REF' : [ 0x4, {
+    'Target' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_OWNER' : [ 0x1c, {
+    'IsBucket' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'BucketIndex' : [ 0x1, ['unsigned char']],
+    'SlotCount' : [ 0x2, ['unsigned char']],
+    'SlotIndex' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'AvailableSubsegmentCount' : [ 0x4, ['unsigned long']],
+    'Lock' : [ 0x8, ['unsigned long']],
+    'AvailableSubsegmentList' : [ 0xc, ['_LIST_ENTRY']],
+    'FullSubsegmentList' : [ 0x14, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_LFH_CONTEXT' : [ 0x2c0, {
+    'BackendCtx' : [ 0x0, ['pointer', ['void']]],
+    'Callbacks' : [ 0x4, ['_HEAP_SUBALLOCATOR_CALLBACKS']],
+    'AffinityModArray' : [ 0x18, ['pointer', ['unsigned char']]],
+    'MaxAffinity' : [ 0x1c, ['unsigned char']],
+    'LockType' : [ 0x1d, ['unsigned char']],
+    'MemStatsOffset' : [ 0x1e, ['short']],
+    'Config' : [ 0x20, ['_RTL_HP_LFH_CONFIG']],
+    'BucketStats' : [ 0x40, ['_HEAP_LFH_SUBSEGMENT_STATS']],
+    'SubsegmentCreationLock' : [ 0x44, ['unsigned long']],
+    'Buckets' : [ 0x80, ['array', 129, ['pointer', ['_HEAP_LFH_BUCKET']]]],
+} ],
+  '_HEAP_LFH_BUCKET' : [ 0x38, {
+    'State' : [ 0x0, ['_HEAP_LFH_SUBSEGMENT_OWNER']],
+    'TotalBlockCount' : [ 0x1c, ['unsigned long']],
+    'TotalSubsegmentCount' : [ 0x20, ['unsigned long']],
+    'ReciprocalBlockSize' : [ 0x24, ['unsigned long']],
+    'Shift' : [ 0x28, ['unsigned char']],
+    'ContentionCount' : [ 0x29, ['unsigned char']],
+    'AffinityMappingLock' : [ 0x2c, ['unsigned long']],
+    'ProcAffinityMapping' : [ 0x30, ['pointer', ['unsigned char']]],
+    'AffinitySlots' : [ 0x34, ['pointer', ['pointer', ['_HEAP_LFH_AFFINITY_SLOT']]]],
+} ],
+  '_HEAP_LFH_ONDEMAND_POINTER' : [ 0x4, {
+    'Invalid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'AllocationInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'UsageData' : [ 0x2, ['unsigned short']],
+    'AllBits' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_ENCODED_OFFSETS' : [ 0x4, {
+    'BlockSize' : [ 0x0, ['unsigned short']],
+    'FirstBlockOffset' : [ 0x2, ['unsigned short']],
+    'EncodedData' : [ 0x0, ['unsigned long']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Owner' : [ 0x8, ['pointer', ['_HEAP_LFH_SUBSEGMENT_OWNER']]],
+    'DelayFree' : [ 0x8, ['_HEAP_LFH_SUBSEGMENT_DELAY_FREE']],
+    'CommitLock' : [ 0xc, ['unsigned long']],
+    'FreeCount' : [ 0x10, ['unsigned short']],
+    'BlockCount' : [ 0x12, ['unsigned short']],
+    'InterlockedShort' : [ 0x10, ['short']],
+    'InterlockedLong' : [ 0x10, ['long']],
+    'FreeHint' : [ 0x14, ['unsigned short']],
+    'Location' : [ 0x16, ['unsigned char']],
+    'WitheldBlockCount' : [ 0x17, ['unsigned char']],
+    'BlockOffsets' : [ 0x18, ['_HEAP_LFH_SUBSEGMENT_ENCODED_OFFSETS']],
+    'CommitUnitShift' : [ 0x1c, ['unsigned char']],
+    'CommitUnitCount' : [ 0x1d, ['unsigned char']],
+    'CommitStateOffset' : [ 0x1e, ['unsigned short']],
+    'BlockBitmap' : [ 0x20, ['array', 1, ['unsigned long']]],
+} ],
+  '_HEAP_LFH_UNUSED_BYTES_INFO' : [ 0x2, {
+    'UnusedBytes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 14, native_type='unsigned short')]],
+    'ExtraPresent' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'OneByteUnused' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Bytes' : [ 0x0, ['array', 2, ['unsigned char']]],
+} ],
+  '_RTLP_HP_QUEUE_LOCK_HANDLE' : [ 0xc, {
+    'Reserved1' : [ 0x0, ['unsigned long']],
+    'LockPtr' : [ 0x4, ['unsigned long']],
+    'HandleData' : [ 0x8, ['unsigned long']],
+} ],
+  '_HEAP_VS_CONTEXT' : [ 0xc0, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'LockType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'HeapLockPaged', 1: u'HeapLockNonPaged', 2: u'HeapLockTypeMax'})]],
+    'FreeChunkTree' : [ 0x8, ['_RTL_RB_TREE']],
+    'SubsegmentList' : [ 0x10, ['_LIST_ENTRY']],
+    'TotalCommittedUnits' : [ 0x18, ['unsigned long']],
+    'FreeCommittedUnits' : [ 0x1c, ['unsigned long']],
+    'DelayFreeContext' : [ 0x40, ['_HEAP_VS_DELAY_FREE_CONTEXT']],
+    'BackendCtx' : [ 0x80, ['pointer', ['void']]],
+    'Callbacks' : [ 0x84, ['_HEAP_SUBALLOCATOR_CALLBACKS']],
+    'Config' : [ 0x98, ['_RTL_HP_VS_CONFIG']],
+    'Flags' : [ 0x9c, ['unsigned long']],
+} ],
+  '_HEAP_VS_CHUNK_HEADER' : [ 0x8, {
+    'Sizes' : [ 0x0, ['_HEAP_VS_CHUNK_HEADER_SIZE']],
+    'EncodedSegmentPageOffset' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'UnusedBytes' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SkipDuringWalk' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'AllocatedChunkBits' : [ 0x4, ['unsigned long']],
+} ],
+  '_HEAP_VS_CHUNK_HEADER_SIZE' : [ 0x4, {
+    'MemoryCost' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'UnsafeSize' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned long')]],
+    'UnsafePrevSize' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 31, native_type='unsigned long')]],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'KeyUShort' : [ 0x0, ['unsigned short']],
+    'KeyULong' : [ 0x0, ['unsigned long']],
+    'HeaderBits' : [ 0x0, ['unsigned long']],
+} ],
+  '_HEAP_VS_CHUNK_FREE_HEADER' : [ 0x10, {
+    'Header' : [ 0x0, ['_HEAP_VS_CHUNK_HEADER']],
+    'OverlapsHeader' : [ 0x0, ['unsigned long']],
+    'Node' : [ 0x4, ['_RTL_BALANCED_NODE']],
+} ],
+  '_HEAP_VS_SUBSEGMENT' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommitBitmap' : [ 0x8, ['unsigned long long']],
+    'CommitLock' : [ 0x10, ['unsigned long']],
+    'Size' : [ 0x14, ['unsigned short']],
+    'Signature' : [ 0x16, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'FullCommit' : [ 0x16, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_HEAP_VS_UNUSED_BYTES_INFO' : [ 0x2, {
+    'UnusedBytes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 13, native_type='unsigned short')]],
+    'LfhSubsegment' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'ExtraPresent' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'OneByteUnused' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Bytes' : [ 0x0, ['array', 2, ['unsigned char']]],
+} ],
+  '_HEAP_PAGE_RANGE_DESCRIPTOR' : [ 0x10, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'TreeSignature' : [ 0x0, ['unsigned long']],
+    'UnusedBytes' : [ 0x4, ['unsigned long']],
+    'ExtraPresent' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare0' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'RangeFlags' : [ 0xc, ['unsigned char']],
+    'RangeFlagBits' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned char')]],
+    'CommittedPageCount' : [ 0xc, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'Key' : [ 0xc, ['_HEAP_DESCRIPTOR_KEY']],
+    'Align' : [ 0xc, ['array', 3, ['unsigned char']]],
+    'UnitOffset' : [ 0xf, ['unsigned char']],
+    'UnitSize' : [ 0xf, ['unsigned char']],
+} ],
+  '_HEAP_PAGE_SEGMENT' : [ 0x1000, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'SegmentCommitState' : [ 0xc, ['pointer', ['_HEAP_SEGMENT_MGR_COMMIT_STATE']]],
+    'UnusedWatermark' : [ 0x10, ['unsigned char']],
+    'DescArray' : [ 0x0, ['array', 256, ['_HEAP_PAGE_RANGE_DESCRIPTOR']]],
+} ],
+  '__unnamed_1efc' : [ 0x1, {
+    'LargePagePolicy' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReleaseEmptySegments' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'AllFlags' : [ 0x0, ['unsigned char']],
+} ],
+  '_HEAP_SEG_CONTEXT' : [ 0x80, {
+    'SegmentMask' : [ 0x0, ['unsigned long']],
+    'UnitShift' : [ 0x4, ['unsigned char']],
+    'PagesPerUnitShift' : [ 0x5, ['unsigned char']],
+    'FirstDescriptorIndex' : [ 0x6, ['unsigned char']],
+    'CachedCommitSoftShift' : [ 0x7, ['unsigned char']],
+    'CachedCommitHighShift' : [ 0x8, ['unsigned char']],
+    'Flags' : [ 0x9, ['__unnamed_1efc']],
+    'MaxAllocationSize' : [ 0xc, ['unsigned long']],
+    'OlpStatsOffset' : [ 0x10, ['short']],
+    'MemStatsOffset' : [ 0x12, ['short']],
+    'LfhContext' : [ 0x14, ['pointer', ['void']]],
+    'VsContext' : [ 0x18, ['pointer', ['void']]],
+    'EnvHandle' : [ 0x1c, ['RTL_HP_ENV_HANDLE']],
+    'Heap' : [ 0x24, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x40, ['unsigned long']],
+    'SegmentListHead' : [ 0x44, ['_LIST_ENTRY']],
+    'SegmentCount' : [ 0x4c, ['unsigned long']],
+    'FreePageRanges' : [ 0x50, ['_RTL_RB_TREE']],
+    'FreeSegmentListLock' : [ 0x58, ['unsigned long']],
+    'FreeSegmentList' : [ 0x5c, ['array', 2, ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_HEAP_RUNTIME_MEMORY_STATS' : [ 0x2c, {
+    'TotalReservedPages' : [ 0x0, ['unsigned long']],
+    'TotalCommittedPages' : [ 0x4, ['unsigned long']],
+    'FreeCommittedPages' : [ 0x8, ['unsigned long']],
+    'LfhFreeCommittedPages' : [ 0xc, ['unsigned long']],
+    'LargePageStats' : [ 0x10, ['array', 2, ['_HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS']]],
+    'LargePageUtilizationPolicy' : [ 0x20, ['_RTL_HP_SEG_ALLOC_POLICY']],
+} ],
+  '_HEAP_DESCRIPTOR_KEY' : [ 0x4, {
+    'Key' : [ 0x0, ['unsigned long']],
+    'Ignore' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'EncodedCommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 24, native_type='unsigned long')]],
+    'UnitCount' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'RTL_HP_ENV_HANDLE' : [ 0x8, {
+    'h' : [ 0x0, ['array', 2, ['pointer', ['void']]]],
+} ],
+  '_SEGMENT_HEAP' : [ 0x580, {
+    'EnvHandle' : [ 0x0, ['RTL_HP_ENV_HANDLE']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'GlobalFlags' : [ 0xc, ['unsigned long']],
+    'Interceptor' : [ 0x10, ['unsigned long']],
+    'ProcessHeapListIndex' : [ 0x14, ['unsigned short']],
+    'AllocatedFromMetadata' : [ 0x16, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'CommitLimitData' : [ 0x18, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+    'ReservedMustBeZero1' : [ 0x18, ['unsigned long']],
+    'UserContext' : [ 0x1c, ['pointer', ['void']]],
+    'ReservedMustBeZero2' : [ 0x20, ['unsigned long']],
+    'Spare' : [ 0x24, ['pointer', ['void']]],
+    'LargeMetadataLock' : [ 0x40, ['unsigned long']],
+    'LargeAllocMetadata' : [ 0x44, ['_RTL_RB_TREE']],
+    'LargeReservedPages' : [ 0x4c, ['unsigned long']],
+    'LargeCommittedPages' : [ 0x50, ['unsigned long']],
+    'StackTraceInitVar' : [ 0x54, ['_RTL_RUN_ONCE']],
+    'MemStats' : [ 0x80, ['_HEAP_RUNTIME_MEMORY_STATS']],
+    'GlobalLockCount' : [ 0xac, ['unsigned short']],
+    'GlobalLockOwner' : [ 0xb0, ['unsigned long']],
+    'ContextExtendLock' : [ 0xb4, ['unsigned long']],
+    'AllocatedBase' : [ 0xb8, ['pointer', ['unsigned char']]],
+    'UncommittedBase' : [ 0xbc, ['pointer', ['unsigned char']]],
+    'ReservedLimit' : [ 0xc0, ['pointer', ['unsigned char']]],
+    'SegContexts' : [ 0x100, ['array', 2, ['_HEAP_SEG_CONTEXT']]],
+    'VsContext' : [ 0x200, ['_HEAP_VS_CONTEXT']],
+    'LfhContext' : [ 0x2c0, ['_HEAP_LFH_CONTEXT']],
+} ],
+  '_RTL_DYNAMIC_LOOKASIDE' : [ 0x1040, {
+    'EnabledBucketBitmap' : [ 0x0, ['unsigned long long']],
+    'BucketCount' : [ 0x8, ['unsigned long']],
+    'ActiveBucketCount' : [ 0xc, ['unsigned long']],
+    'Buckets' : [ 0x40, ['array', 64, ['_RTL_LOOKASIDE']]],
+} ],
+  '_RTL_LOOKASIDE' : [ 0x40, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'LastTotalAllocates' : [ 0x1c, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x20, ['unsigned long']],
+    'LastTotalFrees' : [ 0x24, ['unsigned long']],
+} ],
+  '_HEAP_LIST_LOOKUP' : [ 0x24, {
+    'ExtendedLookup' : [ 0x0, ['pointer', ['_HEAP_LIST_LOOKUP']]],
+    'ArraySize' : [ 0x4, ['unsigned long']],
+    'ExtraItem' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['unsigned long']],
+    'OutOfRangeItems' : [ 0x10, ['unsigned long']],
+    'BaseIndex' : [ 0x14, ['unsigned long']],
+    'ListHead' : [ 0x18, ['pointer', ['_LIST_ENTRY']]],
+    'ListsInUseUlong' : [ 0x1c, ['pointer', ['unsigned long']]],
+    'ListHints' : [ 0x20, ['pointer', ['pointer', ['_LIST_ENTRY']]]],
+} ],
+  '_HEAP' : [ 0x258, {
+    'Segment' : [ 0x0, ['_HEAP_SEGMENT']],
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+    'Flags' : [ 0x40, ['unsigned long']],
+    'ForceFlags' : [ 0x44, ['unsigned long']],
+    'CompatibilityFlags' : [ 0x48, ['unsigned long']],
+    'EncodeFlagMask' : [ 0x4c, ['unsigned long']],
+    'Encoding' : [ 0x50, ['_HEAP_ENTRY']],
+    'Interceptor' : [ 0x58, ['unsigned long']],
+    'VirtualMemoryThreshold' : [ 0x5c, ['unsigned long']],
+    'Signature' : [ 0x60, ['unsigned long']],
+    'SegmentReserve' : [ 0x64, ['unsigned long']],
+    'SegmentCommit' : [ 0x68, ['unsigned long']],
+    'DeCommitFreeBlockThreshold' : [ 0x6c, ['unsigned long']],
+    'DeCommitTotalFreeThreshold' : [ 0x70, ['unsigned long']],
+    'TotalFreeSize' : [ 0x74, ['unsigned long']],
+    'MaximumAllocationSize' : [ 0x78, ['unsigned long']],
+    'ProcessHeapsListIndex' : [ 0x7c, ['unsigned short']],
+    'HeaderValidateLength' : [ 0x7e, ['unsigned short']],
+    'HeaderValidateCopy' : [ 0x80, ['pointer', ['void']]],
+    'NextAvailableTagIndex' : [ 0x84, ['unsigned short']],
+    'MaximumTagIndex' : [ 0x86, ['unsigned short']],
+    'TagEntries' : [ 0x88, ['pointer', ['_HEAP_TAG_ENTRY']]],
+    'UCRList' : [ 0x8c, ['_LIST_ENTRY']],
+    'AlignRound' : [ 0x94, ['unsigned long']],
+    'AlignMask' : [ 0x98, ['unsigned long']],
+    'VirtualAllocdBlocks' : [ 0x9c, ['_LIST_ENTRY']],
+    'SegmentList' : [ 0xa4, ['_LIST_ENTRY']],
+    'AllocatorBackTraceIndex' : [ 0xac, ['unsigned short']],
+    'NonDedicatedListLength' : [ 0xb0, ['unsigned long']],
+    'BlocksIndex' : [ 0xb4, ['pointer', ['void']]],
+    'UCRIndex' : [ 0xb8, ['pointer', ['void']]],
+    'PseudoTagEntries' : [ 0xbc, ['pointer', ['_HEAP_PSEUDO_TAG_ENTRY']]],
+    'FreeLists' : [ 0xc0, ['_LIST_ENTRY']],
+    'LockVariable' : [ 0xc8, ['pointer', ['_HEAP_LOCK']]],
+    'CommitRoutine' : [ 0xcc, ['pointer', ['void']]],
+    'StackTraceInitVar' : [ 0xd0, ['_RTL_RUN_ONCE']],
+    'CommitLimitData' : [ 0xd4, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+    'FrontEndHeap' : [ 0xe4, ['pointer', ['void']]],
+    'FrontHeapLockCount' : [ 0xe8, ['unsigned short']],
+    'FrontEndHeapType' : [ 0xea, ['unsigned char']],
+    'RequestedFrontEndHeapType' : [ 0xeb, ['unsigned char']],
+    'FrontEndHeapUsageData' : [ 0xec, ['pointer', ['wchar']]],
+    'FrontEndHeapMaximumIndex' : [ 0xf0, ['unsigned short']],
+    'FrontEndHeapStatusBitmap' : [ 0xf2, ['array', 257, ['unsigned char']]],
+    'Counters' : [ 0x1f4, ['_HEAP_COUNTERS']],
+    'TuningParameters' : [ 0x250, ['_HEAP_TUNING_PARAMETERS']],
+} ],
+  '__unnamed_1f5c' : [ 0x38, {
+    'CriticalSection' : [ 0x0, ['_RTL_CRITICAL_SECTION']],
+    'Resource' : [ 0x0, ['_ERESOURCE']],
+} ],
+  '_HEAP_LOCK' : [ 0x38, {
+    'Lock' : [ 0x0, ['__unnamed_1f5c']],
+} ],
+  '_HEAP_ENTRY' : [ 0x8, {
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+} ],
+  '_HEAP_SEGMENT' : [ 0x40, {
+    'Entry' : [ 0x0, ['_HEAP_ENTRY']],
+    'SegmentSignature' : [ 0x8, ['unsigned long']],
+    'SegmentFlags' : [ 0xc, ['unsigned long']],
+    'SegmentListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Heap' : [ 0x18, ['pointer', ['_HEAP']]],
+    'BaseAddress' : [ 0x1c, ['pointer', ['void']]],
+    'NumberOfPages' : [ 0x20, ['unsigned long']],
+    'FirstEntry' : [ 0x24, ['pointer', ['_HEAP_ENTRY']]],
+    'LastValidEntry' : [ 0x28, ['pointer', ['_HEAP_ENTRY']]],
+    'NumberOfUnCommittedPages' : [ 0x2c, ['unsigned long']],
+    'NumberOfUnCommittedRanges' : [ 0x30, ['unsigned long']],
+    'SegmentAllocatorBackTraceIndex' : [ 0x34, ['unsigned short']],
+    'Reserved' : [ 0x36, ['unsigned short']],
+    'UCRSegmentList' : [ 0x38, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_VIRTUAL_ALLOC_ENTRY' : [ 0x20, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'ExtraStuff' : [ 0x8, ['_HEAP_ENTRY_EXTRA']],
+    'CommitSize' : [ 0x10, ['unsigned long']],
+    'ReserveSize' : [ 0x14, ['unsigned long']],
+    'BusyBlock' : [ 0x18, ['_HEAP_ENTRY']],
+} ],
+  '_HEAP_FREE_ENTRY' : [ 0x10, {
+    'HeapEntry' : [ 0x0, ['_HEAP_ENTRY']],
+    'UnpackedEntry' : [ 0x0, ['_HEAP_UNPACKED_ENTRY']],
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+    'ExtendedEntry' : [ 0x0, ['_HEAP_EXTENDED_ENTRY']],
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+    'Code1' : [ 0x0, ['unsigned long']],
+    'Code2' : [ 0x4, ['unsigned short']],
+    'Code3' : [ 0x6, ['unsigned char']],
+    'Code4' : [ 0x7, ['unsigned char']],
+    'Code234' : [ 0x4, ['unsigned long']],
+    'AgregateCode' : [ 0x0, ['unsigned long long']],
+    'FreeList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_HP_PADDING_HEADER' : [ 0x8, {
+    'PaddingSize' : [ 0x0, ['unsigned long']],
+    'Spare' : [ 0x4, ['unsigned long']],
+} ],
+  '_HEAP_LARGE_ALLOC_DATA' : [ 0x14, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'UnusedBytes' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ExtraPresent' : [ 0x10, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GuardPageCount' : [ 0x10, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'GuardPageAlignment' : [ 0x10, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned long')]],
+    'Spare' : [ 0x10, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'AllocatedPages' : [ 0x10, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_1fb5' : [ 0x4, {
+    'DataLength' : [ 0x0, ['short']],
+    'TotalLength' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1fb7' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1fb5']],
+    'Length' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_1fb9' : [ 0x4, {
+    'Type' : [ 0x0, ['short']],
+    'DataInfoOffset' : [ 0x2, ['short']],
+} ],
+  '__unnamed_1fbb' : [ 0x4, {
+    's2' : [ 0x0, ['__unnamed_1fb9']],
+    'ZeroInit' : [ 0x0, ['unsigned long']],
+} ],
+  '_PORT_MESSAGE' : [ 0x18, {
+    'u1' : [ 0x0, ['__unnamed_1fb7']],
+    'u2' : [ 0x4, ['__unnamed_1fbb']],
+    'ClientId' : [ 0x8, ['_CLIENT_ID']],
+    'DoNotUseThisField' : [ 0x8, ['double']],
+    'MessageId' : [ 0x10, ['unsigned long']],
+    'ClientViewSize' : [ 0x14, ['unsigned long']],
+    'CallbackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_ALPC_MESSAGE_ATTRIBUTES' : [ 0x8, {
+    'AllocatedAttributes' : [ 0x0, ['unsigned long']],
+    'ValidAttributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_ALPC_HANDLE_ENTRY' : [ 0x4, {
+    'Object' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_BLOB_TYPE' : [ 0x24, {
+    'ResourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BLOB_TYPE_UNKNOWN', 1: u'BLOB_TYPE_CONNECTION_INFO', 2: u'BLOB_TYPE_MESSAGE', 3: u'BLOB_TYPE_SECURITY_CONTEXT', 4: u'BLOB_TYPE_SECTION', 5: u'BLOB_TYPE_REGION', 6: u'BLOB_TYPE_VIEW', 7: u'BLOB_TYPE_RESERVE', 8: u'BLOB_TYPE_DIRECT_TRANSFER', 9: u'BLOB_TYPE_HANDLE_DATA', 10: u'BLOB_TYPE_MAX_ID'})]],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'LookasideIndex' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Counters' : [ 0x10, ['pointer', ['_BLOB_COUNTERS']]],
+    'CleanupProcedure' : [ 0x14, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x18, ['pointer', ['void']]],
+    'DestroyProcedure' : [ 0x1c, ['pointer', ['void']]],
+    'UsualSize' : [ 0x20, ['unsigned long']],
+} ],
+  '__unnamed_1fd6' : [ 0x1, {
+    'ReferenceCache' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Lookaside' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Initializing' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Deleted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+} ],
+  '__unnamed_1fd8' : [ 0x1, {
+    's1' : [ 0x0, ['__unnamed_1fd6']],
+    'Flags' : [ 0x0, ['unsigned char']],
+} ],
+  '_BLOB' : [ 0x18, {
+    'ResourceList' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'u1' : [ 0x8, ['__unnamed_1fd8']],
+    'ResourceId' : [ 0x9, ['unsigned char']],
+    'CachedReferences' : [ 0xa, ['short']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Pad' : [ 0x10, ['unsigned long']],
+    'Lock' : [ 0x14, ['_EX_PUSH_LOCK']],
+} ],
+  '__unnamed_1fec' : [ 0x4, {
+    'Internal' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_1fee' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1fec']],
+} ],
+  '_KALPC_SECTION' : [ 0x28, {
+    'SectionObject' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'HandleTable' : [ 0x8, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'SectionHandle' : [ 0xc, ['pointer', ['void']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0x14, ['pointer', ['_ALPC_PORT']]],
+    'u1' : [ 0x18, ['__unnamed_1fee']],
+    'NumberOfRegions' : [ 0x1c, ['unsigned long']],
+    'RegionListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_1ff7' : [ 0x4, {
+    'Secure' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+} ],
+  '__unnamed_1ff9' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1ff7']],
+} ],
+  '_KALPC_REGION' : [ 0x30, {
+    'RegionListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Section' : [ 0x8, ['pointer', ['_KALPC_SECTION']]],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ViewSize' : [ 0x14, ['unsigned long']],
+    'u1' : [ 0x18, ['__unnamed_1ff9']],
+    'NumberOfViews' : [ 0x1c, ['unsigned long']],
+    'ViewListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ReadOnlyView' : [ 0x28, ['pointer', ['_KALPC_VIEW']]],
+    'ReadWriteView' : [ 0x2c, ['pointer', ['_KALPC_VIEW']]],
+} ],
+  '__unnamed_1fff' : [ 0x4, {
+    'WriteAccess' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoRelease' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ForceUnlink' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SystemSpace' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_2001' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_1fff']],
+} ],
+  '_KALPC_VIEW' : [ 0x34, {
+    'ViewListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Region' : [ 0x8, ['pointer', ['_KALPC_REGION']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'OwnerProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'Address' : [ 0x14, ['pointer', ['void']]],
+    'Size' : [ 0x18, ['unsigned long']],
+    'SecureViewHandle' : [ 0x1c, ['pointer', ['void']]],
+    'WriteAccessHandle' : [ 0x20, ['pointer', ['void']]],
+    'u1' : [ 0x24, ['__unnamed_2001']],
+    'NumberOfOwnerMessages' : [ 0x28, ['unsigned long']],
+    'ProcessViewListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+} ],
+  '_ALPC_COMMUNICATION_INFO' : [ 0x28, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'ServerCommunicationPort' : [ 0x4, ['pointer', ['_ALPC_PORT']]],
+    'ClientCommunicationPort' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'CommunicationList' : [ 0xc, ['_LIST_ENTRY']],
+    'HandleTable' : [ 0x14, ['_ALPC_HANDLE_TABLE']],
+    'CloseMessage' : [ 0x24, ['pointer', ['_KALPC_MESSAGE']]],
+} ],
+  '__unnamed_201e' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'ConnectionPending' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConnectionRefused' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Disconnected' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Closed' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoFlushOnClose' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReturnExtendedInfo' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Waitable' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DynamicSecurity' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Wow64CompletionList' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Lpc' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LpcToLpc' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HasCompletionList' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'HadCompletionList' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'EnableCompletionList' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+} ],
+  '__unnamed_2020' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_201e']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_ALPC_PORT' : [ 0x11c, {
+    'PortListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'OwnerProcess' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'CompletionPort' : [ 0x10, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x14, ['pointer', ['void']]],
+    'CompletionPacketLookaside' : [ 0x18, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+    'PortContext' : [ 0x1c, ['pointer', ['void']]],
+    'StaticSecurity' : [ 0x20, ['_SECURITY_CLIENT_CONTEXT']],
+    'IncomingQueueLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'MainQueue' : [ 0x60, ['_LIST_ENTRY']],
+    'LargeMessageQueue' : [ 0x68, ['_LIST_ENTRY']],
+    'PendingQueueLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PendingQueue' : [ 0x74, ['_LIST_ENTRY']],
+    'DirectQueueLock' : [ 0x7c, ['_EX_PUSH_LOCK']],
+    'DirectQueue' : [ 0x80, ['_LIST_ENTRY']],
+    'WaitQueueLock' : [ 0x88, ['_EX_PUSH_LOCK']],
+    'WaitQueue' : [ 0x8c, ['_LIST_ENTRY']],
+    'Semaphore' : [ 0x94, ['pointer', ['_KSEMAPHORE']]],
+    'DummyEvent' : [ 0x94, ['pointer', ['_KEVENT']]],
+    'PortAttributes' : [ 0x98, ['_ALPC_PORT_ATTRIBUTES']],
+    'ResourceListLock' : [ 0xc4, ['_EX_PUSH_LOCK']],
+    'ResourceListHead' : [ 0xc8, ['_LIST_ENTRY']],
+    'PortObjectLock' : [ 0xd0, ['_EX_PUSH_LOCK']],
+    'CompletionList' : [ 0xd4, ['pointer', ['_ALPC_COMPLETION_LIST']]],
+    'CallbackObject' : [ 0xd8, ['pointer', ['_CALLBACK_OBJECT']]],
+    'CallbackContext' : [ 0xdc, ['pointer', ['void']]],
+    'CanceledQueue' : [ 0xe0, ['_LIST_ENTRY']],
+    'SequenceNo' : [ 0xe8, ['long']],
+    'ReferenceNo' : [ 0xec, ['long']],
+    'ReferenceNoWait' : [ 0xf0, ['pointer', ['_PALPC_PORT_REFERENCE_WAIT_BLOCK']]],
+    'u1' : [ 0xf4, ['__unnamed_2020']],
+    'TargetQueuePort' : [ 0xf8, ['pointer', ['_ALPC_PORT']]],
+    'TargetSequencePort' : [ 0xfc, ['pointer', ['_ALPC_PORT']]],
+    'CachedMessage' : [ 0x100, ['pointer', ['_KALPC_MESSAGE']]],
+    'MainQueueLength' : [ 0x104, ['unsigned long']],
+    'LargeMessageQueueLength' : [ 0x108, ['unsigned long']],
+    'PendingQueueLength' : [ 0x10c, ['unsigned long']],
+    'DirectQueueLength' : [ 0x110, ['unsigned long']],
+    'CanceledQueueLength' : [ 0x114, ['unsigned long']],
+    'WaitQueueLength' : [ 0x118, ['unsigned long']],
+} ],
+  '_ALPC_COMPLETION_LIST' : [ 0x58, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'OwnerProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'CompletionListLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'Mdl' : [ 0x10, ['pointer', ['_MDL']]],
+    'UserVa' : [ 0x14, ['pointer', ['void']]],
+    'UserLimit' : [ 0x18, ['pointer', ['void']]],
+    'DataUserVa' : [ 0x1c, ['pointer', ['void']]],
+    'SystemVa' : [ 0x20, ['pointer', ['void']]],
+    'TotalSize' : [ 0x24, ['unsigned long']],
+    'Header' : [ 0x28, ['pointer', ['_ALPC_COMPLETION_LIST_HEADER']]],
+    'List' : [ 0x2c, ['pointer', ['void']]],
+    'ListSize' : [ 0x30, ['unsigned long']],
+    'Bitmap' : [ 0x34, ['pointer', ['void']]],
+    'BitmapSize' : [ 0x38, ['unsigned long']],
+    'Data' : [ 0x3c, ['pointer', ['void']]],
+    'DataSize' : [ 0x40, ['unsigned long']],
+    'BitmapLimit' : [ 0x44, ['unsigned long']],
+    'BitmapNextHint' : [ 0x48, ['unsigned long']],
+    'ConcurrencyCount' : [ 0x4c, ['unsigned long']],
+    'AttributeFlags' : [ 0x50, ['unsigned long']],
+    'AttributeSize' : [ 0x54, ['unsigned long']],
+} ],
+  '_OBJECT_ATTRIBUTES' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ObjectName' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'Attributes' : [ 0xc, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x10, ['pointer', ['void']]],
+    'SecurityQualityOfService' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_OBJECT_TYPE' : [ 0x90, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'Name' : [ 0x8, ['_UNICODE_STRING']],
+    'DefaultObject' : [ 0x10, ['pointer', ['void']]],
+    'Index' : [ 0x14, ['unsigned char']],
+    'TotalNumberOfObjects' : [ 0x18, ['unsigned long']],
+    'TotalNumberOfHandles' : [ 0x1c, ['unsigned long']],
+    'HighWaterNumberOfObjects' : [ 0x20, ['unsigned long']],
+    'HighWaterNumberOfHandles' : [ 0x24, ['unsigned long']],
+    'TypeInfo' : [ 0x28, ['_OBJECT_TYPE_INITIALIZER']],
+    'TypeLock' : [ 0x80, ['_EX_PUSH_LOCK']],
+    'Key' : [ 0x84, ['unsigned long']],
+    'CallbackList' : [ 0x88, ['_LIST_ENTRY']],
+} ],
+  '_PALPC_PORT_REFERENCE_WAIT_BLOCK' : [ 0x14, {
+    'DesiredReferenceNoEvent' : [ 0x0, ['_KEVENT']],
+    'DesiredReferenceNo' : [ 0x10, ['long']],
+} ],
+  '__unnamed_2042' : [ 0x4, {
+    'QueueType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'QueuePortType' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Canceled' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Ready' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ReleaseMessage' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'SharedQuota' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ReplyWaitReply' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'OwnerPortReference' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ReceiverReference' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ViewAttributeRetrieved' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'InDispatch' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+} ],
+  '__unnamed_2044' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_2042']],
+    'State' : [ 0x0, ['unsigned long']],
+} ],
+  '_KALPC_MESSAGE' : [ 0x98, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'PortQueue' : [ 0x8, ['pointer', ['_ALPC_PORT']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'WaitingThread' : [ 0x10, ['pointer', ['_ETHREAD']]],
+    'u1' : [ 0x14, ['__unnamed_2044']],
+    'SequenceNo' : [ 0x18, ['long']],
+    'QuotaProcess' : [ 0x1c, ['pointer', ['_EPROCESS']]],
+    'QuotaBlock' : [ 0x1c, ['pointer', ['void']]],
+    'CancelSequencePort' : [ 0x20, ['pointer', ['_ALPC_PORT']]],
+    'CancelQueuePort' : [ 0x24, ['pointer', ['_ALPC_PORT']]],
+    'CancelSequenceNo' : [ 0x28, ['long']],
+    'CancelListEntry' : [ 0x2c, ['_LIST_ENTRY']],
+    'Reserve' : [ 0x34, ['pointer', ['_KALPC_RESERVE']]],
+    'MessageAttributes' : [ 0x38, ['_KALPC_MESSAGE_ATTRIBUTES']],
+    'DataUserVa' : [ 0x60, ['pointer', ['void']]],
+    'CommunicationInfo' : [ 0x64, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'ConnectionPort' : [ 0x68, ['pointer', ['_ALPC_PORT']]],
+    'ServerThread' : [ 0x6c, ['pointer', ['_ETHREAD']]],
+    'WakeReference' : [ 0x70, ['pointer', ['void']]],
+    'WakeReference2' : [ 0x74, ['pointer', ['void']]],
+    'ExtensionBuffer' : [ 0x78, ['pointer', ['void']]],
+    'ExtensionBufferSize' : [ 0x7c, ['unsigned long']],
+    'PortMessage' : [ 0x80, ['_PORT_MESSAGE']],
+} ],
+  '_KALPC_RESERVE' : [ 0x18, {
+    'OwnerPort' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'HandleTable' : [ 0x4, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Message' : [ 0xc, ['pointer', ['_KALPC_MESSAGE']]],
+    'Size' : [ 0x10, ['unsigned long']],
+    'Active' : [ 0x14, ['long']],
+} ],
+  '_ALPC_DISPATCH_CONTEXT' : [ 0x24, {
+    'PortObject' : [ 0x0, ['pointer', ['_ALPC_PORT']]],
+    'Message' : [ 0x4, ['pointer', ['_KALPC_MESSAGE']]],
+    'CommunicationInfo' : [ 0x8, ['pointer', ['_ALPC_COMMUNICATION_INFO']]],
+    'TargetThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'TargetPort' : [ 0x10, ['pointer', ['_ALPC_PORT']]],
+    'DirectEvent' : [ 0x14, ['_KALPC_DIRECT_EVENT']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalLength' : [ 0x1c, ['unsigned short']],
+    'Type' : [ 0x1e, ['unsigned short']],
+    'DataInfoOffset' : [ 0x20, ['unsigned short']],
+    'SignalCompletion' : [ 0x22, ['unsigned char']],
+    'PostedToCompletionList' : [ 0x23, ['unsigned char']],
+} ],
+  '_REMOTE_PORT_VIEW' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ViewSize' : [ 0x4, ['unsigned long']],
+    'ViewBase' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_KALPC_HANDLE_DATA' : [ 0x24, {
+    'ObjectType' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'DuplicateContext' : [ 0x8, ['_OB_DUPLICATE_OBJECT_STATE']],
+} ],
+  '_KALPC_MESSAGE_ATTRIBUTES' : [ 0x28, {
+    'ClientContext' : [ 0x0, ['pointer', ['void']]],
+    'ServerContext' : [ 0x4, ['pointer', ['void']]],
+    'PortContext' : [ 0x8, ['pointer', ['void']]],
+    'CancelPortContext' : [ 0xc, ['pointer', ['void']]],
+    'SecurityData' : [ 0x10, ['pointer', ['_KALPC_SECURITY_DATA']]],
+    'View' : [ 0x14, ['pointer', ['_KALPC_VIEW']]],
+    'HandleData' : [ 0x18, ['pointer', ['_KALPC_HANDLE_DATA']]],
+    'DirectEvent' : [ 0x1c, ['_KALPC_DIRECT_EVENT']],
+    'WorkOnBehalfData' : [ 0x20, ['_KALPC_WORK_ON_BEHALF_DATA']],
+} ],
+  '__unnamed_2088' : [ 0x4, {
+    'Revoked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Impersonated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '__unnamed_208a' : [ 0x4, {
+    's1' : [ 0x0, ['__unnamed_2088']],
+} ],
+  '_KALPC_SECURITY_DATA' : [ 0x50, {
+    'HandleTable' : [ 0x0, ['pointer', ['_ALPC_HANDLE_TABLE']]],
+    'ContextHandle' : [ 0x4, ['pointer', ['void']]],
+    'OwningProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'OwnerPort' : [ 0xc, ['pointer', ['_ALPC_PORT']]],
+    'DynamicSecurity' : [ 0x10, ['_SECURITY_CLIENT_CONTEXT']],
+    'u1' : [ 0x4c, ['__unnamed_208a']],
+} ],
+  '_ALPC_WORK_ON_BEHALF_TICKET' : [ 0x8, {
+    'ThreadId' : [ 0x0, ['unsigned long']],
+    'ThreadCreationTimeLow' : [ 0x4, ['unsigned long']],
+} ],
+  '_KALPC_DIRECT_EVENT' : [ 0x4, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'DirectType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EventReferenced' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EventObjectBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_MINI_COMPLETION_PACKET_USER' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'PacketType' : [ 0x8, ['unsigned long']],
+    'KeyContext' : [ 0xc, ['pointer', ['void']]],
+    'ApcContext' : [ 0x10, ['pointer', ['void']]],
+    'IoStatus' : [ 0x14, ['long']],
+    'IoStatusInformation' : [ 0x18, ['unsigned long']],
+    'MiniPacketCallback' : [ 0x1c, ['pointer', ['void']]],
+    'Context' : [ 0x20, ['pointer', ['void']]],
+    'Allocated' : [ 0x24, ['unsigned char']],
+} ],
+  '__unnamed_20d5' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UserFlags' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 32, native_type='unsigned long long')]],
+    'SystemFlags' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 48, native_type='unsigned long long')]],
+    'UserFlagsId' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_IOP_IRP_EXTENSION' : [ 0x38, {
+    'ExtensionFlags' : [ 0x0, ['unsigned short']],
+    'Allocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'PropagateId' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SpareBits' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+    'TypesAllocated' : [ 0x2, ['unsigned short']],
+    'GenericExtension' : [ 0x4, ['array', 4, ['unsigned char']]],
+    'VerifierContext' : [ 0x8, ['pointer', ['void']]],
+    'DiskIoAttributionHandle' : [ 0xc, ['unsigned long']],
+    'ActivityId' : [ 0x10, ['_GUID']],
+    'Timestamp' : [ 0x20, ['_LARGE_INTEGER']],
+    'ZeroingOffset' : [ 0x20, ['unsigned long']],
+    'FsTrackOffsetBlob' : [ 0x20, ['pointer', ['_IO_IRP_EXT_TRACK_OFFSET_HEADER']]],
+    'FsTrackedOffset' : [ 0x24, ['long long']],
+    'AdapterCryptoParameters' : [ 0x20, ['_IO_ADAPTER_CRYPTO_PARAMETERS']],
+    'DriverFlags' : [ 0x30, ['__unnamed_20d5']],
+} ],
+  '_DRIVER_OBJECT' : [ 0xa8, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DriverStart' : [ 0xc, ['pointer', ['void']]],
+    'DriverSize' : [ 0x10, ['unsigned long']],
+    'DriverSection' : [ 0x14, ['pointer', ['void']]],
+    'DriverExtension' : [ 0x18, ['pointer', ['_DRIVER_EXTENSION']]],
+    'DriverName' : [ 0x1c, ['_UNICODE_STRING']],
+    'HardwareDatabase' : [ 0x24, ['pointer', ['_UNICODE_STRING']]],
+    'FastIoDispatch' : [ 0x28, ['pointer', ['_FAST_IO_DISPATCH']]],
+    'DriverInit' : [ 0x2c, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x30, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x34, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x38, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_FILE_SEGMENT_ELEMENT' : [ 0x8, {
+    'Buffer' : [ 0x0, ['pointer64', ['void']]],
+    'Alignment' : [ 0x0, ['unsigned long long']],
+} ],
+  '_RELATIVE_SYMLINK_INFO' : [ 0x14, {
+    'ExposedNamespaceLength' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'DeviceNameLength' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'InteriorMountPoint' : [ 0x8, ['pointer', ['_RELATIVE_SYMLINK_INFO']]],
+    'OpenedName' : [ 0xc, ['_UNICODE_STRING']],
+} ],
+  '_ECP_LIST' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EcpList' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_IOP_FILE_OBJECT_EXTENSION' : [ 0x2c, {
+    'FoExtFlags' : [ 0x0, ['unsigned long']],
+    'FoExtPerTypeExtension' : [ 0x4, ['array', 9, ['pointer', ['void']]]],
+    'FoIoPriorityHint' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'IopIoPriorityNotSet', 1: u'IopIoPriorityVeryLow', 2: u'IopIoPriorityLow', 3: u'IopIoPriorityNormal', 4: u'IopIoPriorityHigh', 5: u'IopIoPriorityCritical', 6: u'MaxIopIoPriorityTypes'})]],
+} ],
+  '_OPEN_PACKET' : [ 0x88, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'FinalStatus' : [ 0x8, ['long']],
+    'Information' : [ 0xc, ['unsigned long']],
+    'ParseCheck' : [ 0x10, ['unsigned long']],
+    'RelatedFileObject' : [ 0x14, ['pointer', ['_FILE_OBJECT']]],
+    'ReferencedDeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'OriginalAttributes' : [ 0x18, ['pointer', ['_OBJECT_ATTRIBUTES']]],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'CreateOptions' : [ 0x28, ['unsigned long']],
+    'FileAttributes' : [ 0x2c, ['unsigned short']],
+    'ShareAccess' : [ 0x2e, ['unsigned short']],
+    'EaBuffer' : [ 0x30, ['pointer', ['void']]],
+    'EaLength' : [ 0x34, ['unsigned long']],
+    'Options' : [ 0x38, ['unsigned long']],
+    'Disposition' : [ 0x3c, ['unsigned long']],
+    'BasicInformation' : [ 0x40, ['pointer', ['_FILE_BASIC_INFORMATION']]],
+    'NetworkInformation' : [ 0x44, ['pointer', ['_FILE_NETWORK_OPEN_INFORMATION']]],
+    'FileInformation' : [ 0x48, ['pointer', ['void']]],
+    'CreateFileType' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'CreateFileTypeNone', 1: u'CreateFileTypeNamedPipe', 2: u'CreateFileTypeMailslot'})]],
+    'MailslotOrPipeParameters' : [ 0x50, ['pointer', ['void']]],
+    'Override' : [ 0x54, ['unsigned char']],
+    'QueryOnly' : [ 0x55, ['unsigned char']],
+    'DeleteOnly' : [ 0x56, ['unsigned char']],
+    'FullAttributes' : [ 0x57, ['unsigned char']],
+    'LocalFileObject' : [ 0x58, ['pointer', ['_DUMMY_FILE_OBJECT']]],
+    'InternalFlags' : [ 0x5c, ['unsigned long']],
+    'AccessMode' : [ 0x60, ['unsigned char']],
+    'DriverCreateContext' : [ 0x64, ['_IO_DRIVER_CREATE_CONTEXT']],
+    'FileInformationClass' : [ 0x78, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'FileInformationLength' : [ 0x7c, ['unsigned long']],
+    'FilterQuery' : [ 0x80, ['unsigned char']],
+} ],
+  '_ETW_SYSTEMTIME' : [ 0x10, {
+    'Year' : [ 0x0, ['unsigned short']],
+    'Month' : [ 0x2, ['unsigned short']],
+    'DayOfWeek' : [ 0x4, ['unsigned short']],
+    'Day' : [ 0x6, ['unsigned short']],
+    'Hour' : [ 0x8, ['unsigned short']],
+    'Minute' : [ 0xa, ['unsigned short']],
+    'Second' : [ 0xc, ['unsigned short']],
+    'Milliseconds' : [ 0xe, ['unsigned short']],
+} ],
+  '_TIME_FIELDS' : [ 0x10, {
+    'Year' : [ 0x0, ['short']],
+    'Month' : [ 0x2, ['short']],
+    'Day' : [ 0x4, ['short']],
+    'Hour' : [ 0x6, ['short']],
+    'Minute' : [ 0x8, ['short']],
+    'Second' : [ 0xa, ['short']],
+    'Milliseconds' : [ 0xc, ['short']],
+    'Weekday' : [ 0xe, ['short']],
+} ],
+  '__unnamed_2155' : [ 0x4, {
+    'MajorVersion' : [ 0x0, ['unsigned char']],
+    'MinorVersion' : [ 0x1, ['unsigned char']],
+    'SubVersion' : [ 0x2, ['unsigned char']],
+    'SubMinorVersion' : [ 0x3, ['unsigned char']],
+} ],
+  '_TRACE_LOGFILE_HEADER' : [ 0x110, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'VersionDetail' : [ 0x4, ['__unnamed_2155']],
+    'ProviderVersion' : [ 0x8, ['unsigned long']],
+    'NumberOfProcessors' : [ 0xc, ['unsigned long']],
+    'EndTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'TimerResolution' : [ 0x18, ['unsigned long']],
+    'MaximumFileSize' : [ 0x1c, ['unsigned long']],
+    'LogFileMode' : [ 0x20, ['unsigned long']],
+    'BuffersWritten' : [ 0x24, ['unsigned long']],
+    'LogInstanceGuid' : [ 0x28, ['_GUID']],
+    'StartBuffers' : [ 0x28, ['unsigned long']],
+    'PointerSize' : [ 0x2c, ['unsigned long']],
+    'EventsLost' : [ 0x30, ['unsigned long']],
+    'CpuSpeedInMHz' : [ 0x34, ['unsigned long']],
+    'LoggerName' : [ 0x38, ['pointer', ['wchar']]],
+    'LogFileName' : [ 0x3c, ['pointer', ['wchar']]],
+    'TimeZone' : [ 0x40, ['_RTL_TIME_ZONE_INFORMATION']],
+    'BootTime' : [ 0xf0, ['_LARGE_INTEGER']],
+    'PerfFreq' : [ 0xf8, ['_LARGE_INTEGER']],
+    'StartTime' : [ 0x100, ['_LARGE_INTEGER']],
+    'ReservedFlags' : [ 0x108, ['unsigned long']],
+    'BuffersLost' : [ 0x10c, ['unsigned long']],
+} ],
+  '_ETW_BUFFER_QUEUE' : [ 0x8, {
+    'QueueTail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'QueueEntry' : [ 0x4, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_WMI_BUFFER_HEADER' : [ 0x48, {
+    'BufferSize' : [ 0x0, ['unsigned long']],
+    'SavedOffset' : [ 0x4, ['unsigned long']],
+    'CurrentOffset' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'SequenceNumber' : [ 0x18, ['long long']],
+    'ClockType' : [ 0x20, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long long')]],
+    'Frequency' : [ 0x20, ['BitField', dict(start_bit = 3, end_bit = 64, native_type='unsigned long long')]],
+    'SlistEntry' : [ 0x20, ['_SINGLE_LIST_ENTRY']],
+    'NextBuffer' : [ 0x20, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'ClientContext' : [ 0x28, ['_ETW_BUFFER_CONTEXT']],
+    'State' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwBufferStateFree', 1: u'EtwBufferStateGeneralLogging', 2: u'EtwBufferStateCSwitch', 3: u'EtwBufferStateFlush', 4: u'EtwBufferStatePendingCompression', 5: u'EtwBufferStateCompressed', 6: u'EtwBufferStatePlaceholder', 7: u'EtwBufferStateMaximum'})]],
+    'Offset' : [ 0x30, ['unsigned long']],
+    'BufferFlag' : [ 0x34, ['unsigned short']],
+    'BufferType' : [ 0x36, ['unsigned short']],
+    'Padding1' : [ 0x38, ['array', 4, ['unsigned long']]],
+    'ReferenceTime' : [ 0x38, ['_ETW_REF_CLOCK']],
+    'GlobalEntry' : [ 0x38, ['_LIST_ENTRY']],
+    'Pointer0' : [ 0x38, ['pointer', ['void']]],
+    'Pointer1' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_WMI_LOGGER_CONTEXT' : [ 0x398, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'BufferSize' : [ 0x4, ['unsigned long']],
+    'MaximumEventSize' : [ 0x8, ['unsigned long']],
+    'LoggerMode' : [ 0xc, ['unsigned long']],
+    'AcceptNewEvents' : [ 0x10, ['long']],
+    'EventMarker' : [ 0x14, ['array', 1, ['unsigned long']]],
+    'ErrorMarker' : [ 0x18, ['unsigned long']],
+    'SizeMask' : [ 0x1c, ['unsigned long']],
+    'GetCpuClock' : [ 0x20, ['unsigned long']],
+    'LoggerThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'LoggerStatus' : [ 0x28, ['long']],
+    'FailureReason' : [ 0x2c, ['unsigned long']],
+    'BufferQueue' : [ 0x30, ['_ETW_BUFFER_QUEUE']],
+    'OverflowQueue' : [ 0x38, ['_ETW_BUFFER_QUEUE']],
+    'GlobalList' : [ 0x40, ['_LIST_ENTRY']],
+    'DebugIdTrackingList' : [ 0x48, ['_LIST_ENTRY']],
+    'DecodeControlList' : [ 0x50, ['pointer', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'DecodeControlCount' : [ 0x54, ['unsigned long']],
+    'BatchedBufferList' : [ 0x58, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CurrentBuffer' : [ 0x58, ['_EX_FAST_REF']],
+    'LoggerName' : [ 0x5c, ['_UNICODE_STRING']],
+    'LogFileName' : [ 0x64, ['_UNICODE_STRING']],
+    'LogFilePattern' : [ 0x6c, ['_UNICODE_STRING']],
+    'NewLogFileName' : [ 0x74, ['_UNICODE_STRING']],
+    'ClockType' : [ 0x7c, ['unsigned long']],
+    'LastFlushedBuffer' : [ 0x80, ['unsigned long']],
+    'FlushTimer' : [ 0x84, ['unsigned long']],
+    'FlushThreshold' : [ 0x88, ['unsigned long']],
+    'ByteOffset' : [ 0x90, ['_LARGE_INTEGER']],
+    'MinimumBuffers' : [ 0x98, ['unsigned long']],
+    'BuffersAvailable' : [ 0x9c, ['long']],
+    'NumberOfBuffers' : [ 0xa0, ['long']],
+    'MaximumBuffers' : [ 0xa4, ['unsigned long']],
+    'EventsLost' : [ 0xa8, ['unsigned long']],
+    'PeakBuffersCount' : [ 0xac, ['long']],
+    'BuffersWritten' : [ 0xb0, ['unsigned long']],
+    'LogBuffersLost' : [ 0xb4, ['unsigned long']],
+    'RealTimeBuffersDelivered' : [ 0xb8, ['unsigned long']],
+    'RealTimeBuffersLost' : [ 0xbc, ['unsigned long']],
+    'SequencePtr' : [ 0xc0, ['pointer', ['long']]],
+    'LocalSequence' : [ 0xc4, ['unsigned long']],
+    'InstanceGuid' : [ 0xc8, ['_GUID']],
+    'MaximumFileSize' : [ 0xd8, ['unsigned long']],
+    'FileCounter' : [ 0xdc, ['long']],
+    'PoolType' : [ 0xe0, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'ReferenceTime' : [ 0xe8, ['_ETW_REF_CLOCK']],
+    'CollectionOn' : [ 0xf8, ['long']],
+    'ProviderInfoSize' : [ 0xfc, ['unsigned long']],
+    'Consumers' : [ 0x100, ['_LIST_ENTRY']],
+    'NumConsumers' : [ 0x108, ['unsigned long']],
+    'TransitionConsumer' : [ 0x10c, ['pointer', ['_ETW_REALTIME_CONSUMER']]],
+    'RealtimeLogfileHandle' : [ 0x110, ['pointer', ['void']]],
+    'RealtimeLogfileName' : [ 0x114, ['_UNICODE_STRING']],
+    'RealtimeWriteOffset' : [ 0x120, ['_LARGE_INTEGER']],
+    'RealtimeReadOffset' : [ 0x128, ['_LARGE_INTEGER']],
+    'RealtimeLogfileSize' : [ 0x130, ['_LARGE_INTEGER']],
+    'RealtimeLogfileUsage' : [ 0x138, ['unsigned long long']],
+    'RealtimeMaximumFileSize' : [ 0x140, ['unsigned long long']],
+    'RealtimeBuffersSaved' : [ 0x148, ['unsigned long']],
+    'RealtimeReferenceTime' : [ 0x150, ['_ETW_REF_CLOCK']],
+    'NewRTEventsLost' : [ 0x160, ['Enumeration', dict(target = 'long', choices = {0: u'EtwRtEventNoLoss', 1: u'EtwRtEventLost', 2: u'EtwRtBufferLost', 3: u'EtwRtBackupLost', 4: u'EtwRtEventLossMax'})]],
+    'LoggerEvent' : [ 0x164, ['_KEVENT']],
+    'FlushEvent' : [ 0x174, ['_KEVENT']],
+    'FlushTimeOutTimer' : [ 0x188, ['_KTIMER']],
+    'LoggerDpc' : [ 0x1b0, ['_KDPC']],
+    'LoggerMutex' : [ 0x1d0, ['_KMUTANT']],
+    'LoggerLock' : [ 0x1f0, ['_EX_PUSH_LOCK']],
+    'BufferListSpinLock' : [ 0x1f4, ['unsigned long']],
+    'BufferListPushLock' : [ 0x1f4, ['_EX_PUSH_LOCK']],
+    'ClientSecurityContext' : [ 0x1f8, ['_SECURITY_CLIENT_CONTEXT']],
+    'TokenAccessInformation' : [ 0x234, ['pointer', ['_TOKEN_ACCESS_INFORMATION']]],
+    'SecurityDescriptor' : [ 0x238, ['_EX_FAST_REF']],
+    'StartTime' : [ 0x240, ['_LARGE_INTEGER']],
+    'LogFileHandle' : [ 0x248, ['pointer', ['void']]],
+    'BufferSequenceNumber' : [ 0x250, ['long long']],
+    'Flags' : [ 0x258, ['unsigned long']],
+    'Persistent' : [ 0x258, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'AutoLogger' : [ 0x258, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'FsReady' : [ 0x258, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'RealTime' : [ 0x258, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Wow' : [ 0x258, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'KernelTrace' : [ 0x258, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'NoMoreEnable' : [ 0x258, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'StackTracing' : [ 0x258, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ErrorLogged' : [ 0x258, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'RealtimeLoggerContextFreed' : [ 0x258, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PebsTracing' : [ 0x258, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'PmcCounters' : [ 0x258, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PageAlignBuffers' : [ 0x258, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'StackLookasideListAllocated' : [ 0x258, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecurityTrace' : [ 0x258, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LastBranchTracing' : [ 0x258, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'SystemLoggerIndex' : [ 0x258, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'StackCaching' : [ 0x258, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ProviderTracking' : [ 0x258, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ProcessorTrace' : [ 0x258, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'QpcDeltaTracking' : [ 0x258, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'MarkerBufferSaved' : [ 0x258, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'LargeMdlPages' : [ 0x258, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'ExcludeKernelStack' : [ 0x258, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'SpareFlags2' : [ 0x258, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'RequestFlag' : [ 0x25c, ['unsigned long']],
+    'DbgRequestNewFile' : [ 0x25c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DbgRequestUpdateFile' : [ 0x25c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DbgRequestFlush' : [ 0x25c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DbgRequestDisableRealtime' : [ 0x25c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'DbgRequestDisconnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DbgRequestConnectConsumer' : [ 0x25c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DbgRequestNotifyConsumer' : [ 0x25c, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'DbgRequestUpdateHeader' : [ 0x25c, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'DbgRequestDeferredFlush' : [ 0x25c, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DbgRequestDeferredFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'DbgRequestFlushTimer' : [ 0x25c, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'DbgRequestUpdateDebugger' : [ 0x25c, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DbgSpareRequestFlags' : [ 0x25c, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'StackTraceBlock' : [ 0x260, ['_ETW_STACK_TRACE_BLOCK']],
+    'HookIdMap' : [ 0x2b0, ['_RTL_BITMAP']],
+    'StackCache' : [ 0x2b8, ['pointer', ['_ETW_STACK_CACHE']]],
+    'PmcData' : [ 0x2bc, ['pointer', ['_ETW_PMC_SUPPORT']]],
+    'LbrData' : [ 0x2c0, ['pointer', ['_ETW_LBR_SUPPORT']]],
+    'IptData' : [ 0x2c4, ['pointer', ['_ETW_IPT_SUPPORT']]],
+    'BinaryTrackingList' : [ 0x2c8, ['_LIST_ENTRY']],
+    'ScratchArray' : [ 0x2d0, ['pointer', ['pointer', ['_WMI_BUFFER_HEADER']]]],
+    'DisallowedGuids' : [ 0x2d4, ['_DISALLOWED_GUIDS']],
+    'RelativeTimerDueTime' : [ 0x2e0, ['long long']],
+    'PeriodicCaptureStateGuids' : [ 0x2e8, ['_PERIODIC_CAPTURE_STATE_GUIDS']],
+    'PeriodicCaptureStateTimer' : [ 0x2f0, ['pointer', ['_EX_TIMER']]],
+    'PeriodicCaptureStateTimerState' : [ 0x2f4, ['Enumeration', dict(target = 'long', choices = {0: u'EtwpPeriodicTimerUnset', 1: u'EtwpPeriodicTimerSet'})]],
+    'SoftRestartContext' : [ 0x2f8, ['pointer', ['_ETW_SOFT_RESTART_CONTEXT']]],
+    'SiloState' : [ 0x2fc, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'CompressionWorkItem' : [ 0x300, ['_WORK_QUEUE_ITEM']],
+    'CompressionWorkItemState' : [ 0x310, ['long']],
+    'CompressionLock' : [ 0x314, ['_EX_PUSH_LOCK']],
+    'CompressionTarget' : [ 0x318, ['pointer', ['_WMI_BUFFER_HEADER']]],
+    'CompressionWorkspace' : [ 0x31c, ['pointer', ['void']]],
+    'CompressionOn' : [ 0x320, ['long']],
+    'CompressionRatioGuess' : [ 0x324, ['unsigned long']],
+    'PartialBufferCompressionLevel' : [ 0x328, ['unsigned long']],
+    'CompressionResumptionMode' : [ 0x32c, ['Enumeration', dict(target = 'long', choices = {0: u'EtwCompressionModeRestart', 1: u'EtwCompressionModeNoDisable', 2: u'EtwCompressionModeNoRestart'})]],
+    'PlaceholderList' : [ 0x330, ['_SINGLE_LIST_ENTRY']],
+    'CompressionDpc' : [ 0x334, ['_KDPC']],
+    'LastBufferSwitchTime' : [ 0x358, ['_LARGE_INTEGER']],
+    'BufferWriteDuration' : [ 0x360, ['_LARGE_INTEGER']],
+    'BufferCompressDuration' : [ 0x368, ['_LARGE_INTEGER']],
+    'ReferenceQpcDelta' : [ 0x370, ['long long']],
+    'CallbackContext' : [ 0x378, ['pointer', ['_ETW_EVENT_CALLBACK_CONTEXT']]],
+    'LastDroppedTime' : [ 0x37c, ['pointer', ['_LARGE_INTEGER']]],
+    'FlushingLastDroppedTime' : [ 0x380, ['pointer', ['_LARGE_INTEGER']]],
+    'FlushingSequenceNumber' : [ 0x388, ['long long']],
+    'PartitionContext' : [ 0x390, ['_ETW_PARTITION_CONTEXT']],
+    'BufferMdl' : [ 0x394, ['pointer', ['_MDL']]],
+} ],
+  '_ETW_PMC_SUPPORT' : [ 0x18, {
+    'Source' : [ 0x0, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: u'ProfileTime', 1: u'ProfileAlignmentFixup', 2: u'ProfileTotalIssues', 3: u'ProfilePipelineDry', 4: u'ProfileLoadInstructions', 5: u'ProfilePipelineFrozen', 6: u'ProfileBranchInstructions', 7: u'ProfileTotalNonissues', 8: u'ProfileDcacheMisses', 9: u'ProfileIcacheMisses', 10: u'ProfileCacheMisses', 11: u'ProfileBranchMispredictions', 12: u'ProfileStoreInstructions', 13: u'ProfileFpInstructions', 14: u'ProfileIntegerInstructions', 15: u'Profile2Issue', 16: u'Profile3Issue', 17: u'Profile4Issue', 18: u'ProfileSpecialInstructions', 19: u'ProfileTotalCycles', 20: u'ProfileIcacheIssues', 21: u'ProfileDcacheAccesses', 22: u'ProfileMemoryBarrierCycles', 23: u'ProfileLoadLinkedIssues', 24: u'ProfileMaximum'})]]],
+    'HookIdCount' : [ 0x4, ['unsigned long']],
+    'HookId' : [ 0x8, ['array', 4, ['unsigned short']]],
+    'CountersCount' : [ 0x10, ['unsigned long']],
+    'ProcessorCtrs' : [ 0x14, ['array', 1, ['pointer', ['_HAL_PMC_COUNTERS']]]],
+} ],
+  '_ETW_LBR_SUPPORT' : [ 0x14, {
+    'LbrHandle' : [ 0x0, ['unsigned long']],
+    'LbrOptions' : [ 0x4, ['unsigned long']],
+    'HookIdCount' : [ 0x8, ['unsigned long']],
+    'HookId' : [ 0xc, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_IPT_SUPPORT' : [ 0x20, {
+    'IptHandle' : [ 0x0, ['pointer', ['void']]],
+    'IptOption' : [ 0x8, ['unsigned long long']],
+    'EtwHwTraceExtInterface' : [ 0x10, ['pointer', ['_ETW_HW_TRACE_EXT_INTERFACE']]],
+    'HookIdCount' : [ 0x14, ['unsigned long']],
+    'HookId' : [ 0x18, ['array', 4, ['unsigned short']]],
+} ],
+  '_ETW_SILODRIVERSTATE' : [ 0xaa8, {
+    'Silo' : [ 0x0, ['pointer', ['_EJOB']]],
+    'SiloGlobals' : [ 0x4, ['pointer', ['_ESERVERSILO_GLOBALS']]],
+    'MaxLoggers' : [ 0x8, ['unsigned long']],
+    'EtwpSecurityProviderGuidEntry' : [ 0x10, ['_ETW_GUID_ENTRY']],
+    'EtwpLoggerRundown' : [ 0x188, ['pointer', ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]]],
+    'EtwpLoggerContext' : [ 0x18c, ['pointer', ['pointer', ['_WMI_LOGGER_CONTEXT']]]],
+    'EtwpGuidHashTable' : [ 0x190, ['array', 64, ['_ETW_HASH_BUCKET']]],
+    'EtwpSecurityLoggers' : [ 0x890, ['array', 8, ['unsigned short']]],
+    'EtwpSecurityProviderEnableMask' : [ 0x8a0, ['unsigned char']],
+    'EtwpShutdownInProgress' : [ 0x8a4, ['long']],
+    'EtwpSecurityProviderPID' : [ 0x8a8, ['unsigned long']],
+    'PrivHandleDemuxTable' : [ 0x8ac, ['_ETW_PRIV_HANDLE_DEMUX_TABLE']],
+    'EtwpCounters' : [ 0x8bc, ['_ETW_COUNTERS']],
+    'LogfileBytesWritten' : [ 0x8d0, ['_LARGE_INTEGER']],
+    'ProcessorBlocks' : [ 0x8d8, ['pointer', ['_ETW_SILO_TRACING_BLOCK']]],
+    'ContainerRestoreWnfSubscription' : [ 0x8dc, ['pointer', ['_EX_WNF_SUBSCRIPTION']]],
+    'PartitionId' : [ 0x8e0, ['_GUID']],
+    'ParentId' : [ 0x8f0, ['_GUID']],
+    'QpcOffsetFromRoot' : [ 0x900, ['_LARGE_INTEGER']],
+    'PartitionName' : [ 0x908, ['pointer', ['unsigned char']]],
+    'PartitionNameSize' : [ 0x90c, ['unsigned short']],
+    'UnusedPadding' : [ 0x90e, ['unsigned short']],
+    'PartitionType' : [ 0x910, ['unsigned long']],
+    'SystemLoggerSettings' : [ 0x914, ['_ETW_SYSTEM_LOGGER_SETTINGS']],
+    'EtwpStartTraceMutex' : [ 0xa88, ['_KMUTANT']],
+} ],
+  '_ETW_LOGGER_HANDLE' : [ 0x1, {
+    'DereferenceAndLeave' : [ 0x0, ['unsigned char']],
+} ],
+  '_SEP_SILOSTATE' : [ 0x18, {
+    'SystemLogonSession' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonSession' : [ 0x4, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'AnonymousLogonToken' : [ 0x8, ['pointer', ['void']]],
+    'AnonymousLogonTokenNoEveryone' : [ 0xc, ['pointer', ['void']]],
+    'UncSystemPaths' : [ 0x10, ['pointer', ['_UNICODE_STRING']]],
+    'NgenPaths' : [ 0x14, ['pointer', ['_CI_NGEN_PATHS']]],
+} ],
+  '_LUID_AND_ATTRIBUTES' : [ 0xc, {
+    'Luid' : [ 0x0, ['_LUID']],
+    'Attributes' : [ 0x8, ['unsigned long']],
+} ],
+  '_TOKEN' : [ 0x2a8, {
+    'TokenSource' : [ 0x0, ['_TOKEN_SOURCE']],
+    'TokenId' : [ 0x10, ['_LUID']],
+    'AuthenticationId' : [ 0x18, ['_LUID']],
+    'ParentTokenId' : [ 0x20, ['_LUID']],
+    'ExpirationTime' : [ 0x28, ['_LARGE_INTEGER']],
+    'TokenLock' : [ 0x30, ['pointer', ['_ERESOURCE']]],
+    'ModifiedId' : [ 0x34, ['_LUID']],
+    'Privileges' : [ 0x40, ['_SEP_TOKEN_PRIVILEGES']],
+    'AuditPolicy' : [ 0x58, ['_SEP_AUDIT_POLICY']],
+    'SessionId' : [ 0x78, ['unsigned long']],
+    'UserAndGroupCount' : [ 0x7c, ['unsigned long']],
+    'RestrictedSidCount' : [ 0x80, ['unsigned long']],
+    'VariableLength' : [ 0x84, ['unsigned long']],
+    'DynamicCharged' : [ 0x88, ['unsigned long']],
+    'DynamicAvailable' : [ 0x8c, ['unsigned long']],
+    'DefaultOwnerIndex' : [ 0x90, ['unsigned long']],
+    'UserAndGroups' : [ 0x94, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedSids' : [ 0x98, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'PrimaryGroup' : [ 0x9c, ['pointer', ['void']]],
+    'DynamicPart' : [ 0xa0, ['pointer', ['unsigned long']]],
+    'DefaultDacl' : [ 0xa4, ['pointer', ['_ACL']]],
+    'TokenType' : [ 0xa8, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0xac, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'TokenFlags' : [ 0xb0, ['unsigned long']],
+    'TokenInUse' : [ 0xb4, ['unsigned char']],
+    'IntegrityLevelIndex' : [ 0xb8, ['unsigned long']],
+    'MandatoryPolicy' : [ 0xbc, ['unsigned long']],
+    'LogonSession' : [ 0xc0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'OriginatingLogonSession' : [ 0xc4, ['_LUID']],
+    'SidHash' : [ 0xcc, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedSidHash' : [ 0x154, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pSecurityAttributes' : [ 0x1dc, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'Package' : [ 0x1e0, ['pointer', ['void']]],
+    'Capabilities' : [ 0x1e4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'CapabilityCount' : [ 0x1e8, ['unsigned long']],
+    'CapabilitiesHash' : [ 0x1ec, ['_SID_AND_ATTRIBUTES_HASH']],
+    'LowboxNumberEntry' : [ 0x274, ['pointer', ['_SEP_LOWBOX_NUMBER_ENTRY']]],
+    'LowboxHandlesEntry' : [ 0x278, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'pClaimAttributes' : [ 0x27c, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'TrustLevelSid' : [ 0x280, ['pointer', ['void']]],
+    'TrustLinkedToken' : [ 0x284, ['pointer', ['_TOKEN']]],
+    'IntegrityLevelSidValue' : [ 0x288, ['pointer', ['void']]],
+    'TokenSidValues' : [ 0x28c, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'IndexEntry' : [ 0x290, ['pointer', ['_SEP_LUID_TO_INDEX_MAP_ENTRY']]],
+    'DiagnosticInfo' : [ 0x294, ['pointer', ['_SEP_TOKEN_DIAG_TRACK_ENTRY']]],
+    'BnoIsolationHandlesEntry' : [ 0x298, ['pointer', ['_SEP_CACHED_HANDLES_ENTRY']]],
+    'SessionObject' : [ 0x29c, ['pointer', ['void']]],
+    'VariablePart' : [ 0x2a0, ['unsigned long']],
+} ],
+  '_SEP_LOGON_SESSION_REFERENCES' : [ 0x6c, {
+    'Next' : [ 0x0, ['pointer', ['_SEP_LOGON_SESSION_REFERENCES']]],
+    'LogonId' : [ 0x4, ['_LUID']],
+    'BuddyLogonId' : [ 0xc, ['_LUID']],
+    'ReferenceCount' : [ 0x14, ['long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'pDeviceMap' : [ 0x1c, ['pointer', ['_DEVICE_MAP']]],
+    'Token' : [ 0x20, ['pointer', ['void']]],
+    'AccountName' : [ 0x24, ['_UNICODE_STRING']],
+    'AuthorityName' : [ 0x2c, ['_UNICODE_STRING']],
+    'CachedHandlesTable' : [ 0x34, ['_SEP_CACHED_HANDLES_TABLE']],
+    'SharedDataLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'SharedClaimAttributes' : [ 0x40, ['pointer', ['_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION']]],
+    'SharedSidValues' : [ 0x44, ['pointer', ['_SEP_SID_VALUES_BLOCK']]],
+    'RevocationBlock' : [ 0x48, ['_OB_HANDLE_REVOCATION_BLOCK']],
+    'ServerSilo' : [ 0x58, ['pointer', ['_EJOB']]],
+    'SiblingAuthId' : [ 0x5c, ['_LUID']],
+    'TokenList' : [ 0x64, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER' : [ 0x20, {
+    'PointerCount' : [ 0x0, ['long']],
+    'HandleCount' : [ 0x4, ['long']],
+    'NextToFree' : [ 0x4, ['pointer', ['void']]],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'TypeIndex' : [ 0xc, ['unsigned char']],
+    'TraceFlags' : [ 0xd, ['unsigned char']],
+    'DbgRefTrace' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgTracePermanent' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'InfoMask' : [ 0xe, ['unsigned char']],
+    'Flags' : [ 0xf, ['unsigned char']],
+    'NewObject' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'KernelObject' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelOnlyAccess' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ExclusiveObject' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PermanentObject' : [ 0xf, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'DefaultSecurityQuota' : [ 0xf, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SingleHandleEntry' : [ 0xf, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'DeletedInline' : [ 0xf, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ObjectCreateInfo' : [ 0x10, ['pointer', ['_OBJECT_CREATE_INFORMATION']]],
+    'QuotaBlockCharged' : [ 0x10, ['pointer', ['void']]],
+    'SecurityDescriptor' : [ 0x14, ['pointer', ['void']]],
+    'Body' : [ 0x18, ['_QUAD']],
+} ],
+  '_OBJECT_HEADER_QUOTA_INFO' : [ 0x10, {
+    'PagedPoolCharge' : [ 0x0, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x4, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x8, ['unsigned long']],
+    'SecurityDescriptorQuotaBlock' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_OBJECT_HEADER_PROCESS_INFO' : [ 0x8, {
+    'ExclusiveProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_HANDLE_INFO' : [ 0x8, {
+    'HandleCountDataBase' : [ 0x0, ['pointer', ['_OBJECT_HANDLE_COUNT_DATABASE']]],
+    'SingleEntry' : [ 0x0, ['_OBJECT_HANDLE_COUNT_ENTRY']],
+} ],
+  '_OBJECT_HEADER_NAME_INFO' : [ 0x10, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Name' : [ 0x4, ['_UNICODE_STRING']],
+    'ReferenceCount' : [ 0xc, ['long']],
+} ],
+  '_OBJECT_HEADER_CREATOR_INFO' : [ 0x10, {
+    'TypeList' : [ 0x0, ['_LIST_ENTRY']],
+    'CreatorUniqueProcess' : [ 0x8, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0xc, ['unsigned short']],
+    'Reserved1' : [ 0xe, ['unsigned short']],
+} ],
+  '_OBJECT_HEADER_AUDIT_INFO' : [ 0x8, {
+    'SecurityDescriptor' : [ 0x0, ['pointer', ['void']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_HEADER_EXTENDED_INFO' : [ 0x8, {
+    'Footer' : [ 0x0, ['pointer', ['_OBJECT_FOOTER']]],
+    'Reserved' : [ 0x4, ['unsigned long']],
+} ],
+  '_OBJECT_FOOTER' : [ 0x18, {
+    'HandleRevocationInfo' : [ 0x0, ['_HANDLE_REVOCATION_INFO']],
+    'ExtendedUserInfo' : [ 0x10, ['_OB_EXTENDED_USER_INFO']],
+} ],
+  '_OB_EXTENDED_USER_INFO' : [ 0x8, {
+    'Context1' : [ 0x0, ['pointer', ['void']]],
+    'Context2' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HANDLE_REVOCATION_INFO' : [ 0x10, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'RevocationBlock' : [ 0x8, ['pointer', ['_OB_HANDLE_REVOCATION_BLOCK']]],
+    'AllowHandleRevocation' : [ 0xc, ['unsigned char']],
+    'Padding1' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_OBP_LOOKUP_CONTEXT' : [ 0x18, {
+    'Directory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'EntryLink' : [ 0x8, ['pointer', ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'HashValue' : [ 0xc, ['unsigned long']],
+    'HashIndex' : [ 0x10, ['unsigned short']],
+    'DirectoryLocked' : [ 0x12, ['unsigned char']],
+    'LockedExclusive' : [ 0x13, ['unsigned char']],
+    'LockStateSignature' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_DIRECTORY' : [ 0xb0, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]]],
+    'Lock' : [ 0x94, ['_EX_PUSH_LOCK']],
+    'DeviceMap' : [ 0x98, ['pointer', ['_DEVICE_MAP']]],
+    'ShadowDirectory' : [ 0x9c, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'NamespaceEntry' : [ 0xa0, ['pointer', ['void']]],
+    'SessionObject' : [ 0xa4, ['pointer', ['void']]],
+    'Flags' : [ 0xa8, ['unsigned long']],
+    'SessionId' : [ 0xac, ['unsigned long']],
+} ],
+  '_OBP_SILODRIVERSTATE' : [ 0x1a4, {
+    'SystemDeviceMap' : [ 0x0, ['pointer', ['_DEVICE_MAP']]],
+    'SystemDosDeviceState' : [ 0x4, ['_OBP_SYSTEM_DOS_DEVICE_STATE']],
+    'DeviceMapLock' : [ 0x70, ['_EX_PUSH_LOCK']],
+    'PrivateNamespaceLookupTable' : [ 0x74, ['_OBJECT_NAMESPACE_LOOKUPTABLE']],
+} ],
+  '_WHEAP_INFO_BLOCK' : [ 0xc, {
+    'ErrorSourceCount' : [ 0x0, ['unsigned long']],
+    'ErrorSourceTable' : [ 0x4, ['pointer', ['_WHEAP_ERROR_SOURCE_TABLE']]],
+    'WorkQueue' : [ 0x8, ['pointer', ['_WHEAP_WORK_QUEUE']]],
+} ],
+  '_WHEAP_ERROR_SOURCE' : [ 0x420, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'FailedAllocations' : [ 0x8, ['unsigned long']],
+    'PlatformErrorSourceId' : [ 0xc, ['unsigned long']],
+    'ErrorCount' : [ 0x10, ['long']],
+    'RecordCount' : [ 0x14, ['unsigned long']],
+    'RecordLength' : [ 0x18, ['unsigned long']],
+    'PoolTag' : [ 0x1c, ['unsigned long']],
+    'Type' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSrcTypeMCE', 1: u'WheaErrSrcTypeCMC', 2: u'WheaErrSrcTypeCPE', 3: u'WheaErrSrcTypeNMI', 4: u'WheaErrSrcTypePCIe', 5: u'WheaErrSrcTypeGeneric', 6: u'WheaErrSrcTypeINIT', 7: u'WheaErrSrcTypeBOOT', 8: u'WheaErrSrcTypeSCIGeneric', 9: u'WheaErrSrcTypeIPFMCA', 10: u'WheaErrSrcTypeIPFCMC', 11: u'WheaErrSrcTypeIPFCPE', 12: u'WheaErrSrcTypeGenericV2', 13: u'WheaErrSrcTypeSCIGenericV2', 14: u'WheaErrSrcTypeBMC', 15: u'WheaErrSrcTypePMEM', 16: u'WheaErrSrcTypeDeviceDriver', 17: u'WheaErrSrcTypeMax'})]],
+    'Records' : [ 0x24, ['pointer', ['_WHEAP_ERROR_RECORD_WRAPPER']]],
+    'Context' : [ 0x28, ['pointer', ['void']]],
+    'SectionCount' : [ 0x2c, ['unsigned long']],
+    'SectionLength' : [ 0x30, ['unsigned long']],
+    'TickCountAtLastError' : [ 0x38, ['_LARGE_INTEGER']],
+    'AccumulatedErrors' : [ 0x40, ['unsigned long']],
+    'TotalErrors' : [ 0x44, ['unsigned long']],
+    'Deferred' : [ 0x48, ['unsigned char']],
+    'Busy' : [ 0x4c, ['long']],
+    'Descriptor' : [ 0x50, ['_WHEA_ERROR_SOURCE_DESCRIPTOR']],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER' : [ 0xe4, {
+    'WorkEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'ProcessorNumber' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_WHEAP_ERROR_RECORD_WRAPPER_FLAGS']],
+    'InUse' : [ 0x14, ['long']],
+    'ErrorSource' : [ 0x18, ['pointer', ['_WHEAP_ERROR_SOURCE']]],
+    'ErrorRecord' : [ 0x1c, ['_WHEA_ERROR_RECORD']],
+} ],
+  '_GENERAL_LOOKASIDE_POOL' : [ 0x48, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'SingleListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Depth' : [ 0x8, ['unsigned short']],
+    'MaximumDepth' : [ 0xa, ['unsigned short']],
+    'TotalAllocates' : [ 0xc, ['unsigned long']],
+    'AllocateMisses' : [ 0x10, ['unsigned long']],
+    'AllocateHits' : [ 0x10, ['unsigned long']],
+    'TotalFrees' : [ 0x14, ['unsigned long']],
+    'FreeMisses' : [ 0x18, ['unsigned long']],
+    'FreeHits' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'Tag' : [ 0x20, ['unsigned long']],
+    'Size' : [ 0x24, ['unsigned long']],
+    'AllocateEx' : [ 0x28, ['pointer', ['void']]],
+    'Allocate' : [ 0x28, ['pointer', ['void']]],
+    'FreeEx' : [ 0x2c, ['pointer', ['void']]],
+    'Free' : [ 0x2c, ['pointer', ['void']]],
+    'ListEntry' : [ 0x30, ['_LIST_ENTRY']],
+    'LastTotalAllocates' : [ 0x38, ['unsigned long']],
+    'LastAllocateMisses' : [ 0x3c, ['unsigned long']],
+    'LastAllocateHits' : [ 0x3c, ['unsigned long']],
+    'Future' : [ 0x40, ['array', 2, ['unsigned long']]],
+} ],
+  '_WNF_NODE_HEADER' : [ 0x4, {
+    'NodeTypeCode' : [ 0x0, ['unsigned short']],
+    'NodeByteSize' : [ 0x2, ['unsigned short']],
+} ],
+  '_WNF_LOCK' : [ 0x4, {
+    'PushLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+} ],
+  '_WNF_STATE_NAME_STRUCT' : [ 0x8, {
+    'Version' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned long long')]],
+    'NameLifetime' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long long')]],
+    'DataScope' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 10, native_type='unsigned long long')]],
+    'PermanentData' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Sequence' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_WNF_SCOPE_INSTANCE' : [ 0x2c, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x4, ['_EX_RUNDOWN_REF']],
+    'DataScope' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'WnfDataScopeSystem', 1: u'WnfDataScopeSession', 2: u'WnfDataScopeUser', 3: u'WnfDataScopeProcess', 4: u'WnfDataScopeMachine', 5: u'WnfDataScopePhysicalMachine'})]],
+    'InstanceIdSize' : [ 0xc, ['unsigned long']],
+    'InstanceIdData' : [ 0x10, ['pointer', ['void']]],
+    'ResolverListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'NameSetLock' : [ 0x1c, ['_WNF_LOCK']],
+    'NameSet' : [ 0x20, ['_RTL_AVL_TREE']],
+    'PermanentDataStore' : [ 0x24, ['pointer', ['void']]],
+    'VolatilePermanentDataStore' : [ 0x28, ['pointer', ['void']]],
+} ],
+  '_WNF_NAME_INSTANCE' : [ 0x60, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x4, ['_EX_RUNDOWN_REF']],
+    'TreeLinks' : [ 0x8, ['_RTL_BALANCED_NODE']],
+    'StateName' : [ 0x18, ['_WNF_STATE_NAME_STRUCT']],
+    'ScopeInstance' : [ 0x20, ['pointer', ['_WNF_SCOPE_INSTANCE']]],
+    'StateNameInfo' : [ 0x24, ['_WNF_STATE_NAME_REGISTRATION']],
+    'StateDataLock' : [ 0x30, ['_WNF_LOCK']],
+    'StateData' : [ 0x34, ['pointer', ['_WNF_STATE_DATA']]],
+    'CurrentChangeStamp' : [ 0x38, ['unsigned long']],
+    'PermanentDataStore' : [ 0x3c, ['pointer', ['void']]],
+    'StateSubscriptionListLock' : [ 0x40, ['_WNF_LOCK']],
+    'StateSubscriptionListHead' : [ 0x44, ['_LIST_ENTRY']],
+    'TemporaryNameListEntry' : [ 0x4c, ['_LIST_ENTRY']],
+    'CreatorProcess' : [ 0x54, ['pointer', ['_EPROCESS']]],
+    'DataSubscribersCount' : [ 0x58, ['long']],
+    'CurrentDeliveryCount' : [ 0x5c, ['long']],
+} ],
+  '_WNF_SUBSCRIPTION' : [ 0x58, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'RunRef' : [ 0x4, ['_EX_RUNDOWN_REF']],
+    'SubscriptionId' : [ 0x8, ['unsigned long long']],
+    'ProcessSubscriptionListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'Process' : [ 0x18, ['pointer', ['_EPROCESS']]],
+    'NameInstance' : [ 0x1c, ['pointer', ['_WNF_NAME_INSTANCE']]],
+    'StateName' : [ 0x20, ['_WNF_STATE_NAME_STRUCT']],
+    'StateSubscriptionListEntry' : [ 0x28, ['_LIST_ENTRY']],
+    'CallbackRoutine' : [ 0x30, ['unsigned long']],
+    'CallbackContext' : [ 0x34, ['pointer', ['void']]],
+    'CurrentChangeStamp' : [ 0x38, ['unsigned long']],
+    'SubscribedEventSet' : [ 0x3c, ['unsigned long']],
+    'PendingSubscriptionListEntry' : [ 0x40, ['_LIST_ENTRY']],
+    'SubscriptionState' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'WNF_SUB_STATE_QUIESCENT', 1: u'WNF_SUB_STATE_READY_TO_DELIVER', 2: u'WNF_SUB_STATE_IN_DELIVERY', 3: u'WNF_SUB_STATE_RETRY'})]],
+    'SignaledEventSet' : [ 0x4c, ['unsigned long']],
+    'InDeliveryEventSet' : [ 0x50, ['unsigned long']],
+} ],
+  '_WNF_PROCESS_CONTEXT' : [ 0x44, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'WnfProcessesListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'ImplicitScopeInstances' : [ 0x10, ['array', 3, ['pointer', ['void']]]],
+    'TemporaryNamesListLock' : [ 0x1c, ['_WNF_LOCK']],
+    'TemporaryNamesListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'ProcessSubscriptionListLock' : [ 0x28, ['_WNF_LOCK']],
+    'ProcessSubscriptionListHead' : [ 0x2c, ['_LIST_ENTRY']],
+    'DeliveryPendingListLock' : [ 0x34, ['_WNF_LOCK']],
+    'DeliveryPendingListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationEvent' : [ 0x40, ['pointer', ['_KEVENT']]],
+} ],
+  '_WNF_SILODRIVERSTATE' : [ 0x30, {
+    'ScopeMap' : [ 0x0, ['pointer', ['_WNF_SCOPE_MAP']]],
+    'PermanentNameStoreRootKey' : [ 0x4, ['pointer', ['void']]],
+    'PersistentNameStoreRootKey' : [ 0x8, ['pointer', ['void']]],
+    'PermanentNameSequenceNumber' : [ 0x10, ['long long']],
+    'PermanentNameSequenceNumberLock' : [ 0x18, ['_WNF_LOCK']],
+    'PermanentNameSequenceNumberPool' : [ 0x20, ['long long']],
+    'RuntimeNameSequenceNumber' : [ 0x28, ['long long']],
+} ],
+  '_PCW_CALLBACK_INFORMATION' : [ 0x20, {
+    'AddCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'RemoveCounter' : [ 0x0, ['_PCW_COUNTER_INFORMATION']],
+    'EnumerateInstances' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+    'CollectData' : [ 0x0, ['_PCW_MASK_INFORMATION']],
+} ],
+  '_WNF_DISPATCHER' : [ 0x18, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+    'State' : [ 0x14, ['long']],
+} ],
+  '_WHEA_IPF_CMC_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_WHEA_AER_ENDPOINT_DESCRIPTOR' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ENDPOINT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MMSECTION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'BeingCreated' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'BeingPurged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoModifiedWriting' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'FailAllIo' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Based' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'File' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AttemptingDelete' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PrefetchCreated' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PhysicalMemory' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ImageControlAreaOnRemovableMedia' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'Reserve' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'Commit' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'WasPurged' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'UserReference' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'GlobalMemory' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'DeleteOnClose' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'FilePointerNull' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 26, native_type='unsigned long')]],
+    'GlobalOnlyPerSession' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'UserWritable' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'SystemVaAllocated' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PreferredFsCompressionBoundary' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'UsingFileExtents' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageSize64K' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_PEP_ACPI_SPB_RESOURCE' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepAcpiMemory', 1: u'PepAcpiIoPort', 2: u'PepAcpiInterrupt', 3: u'PepAcpiGpioIo', 4: u'PepAcpiGpioInt', 5: u'PepAcpiSpbI2c', 6: u'PepAcpiSpbSpi', 7: u'PepAcpiSpbUart', 8: u'PepAcpiExtendedMemory', 9: u'PepAcpiExtendedIo'})]],
+    'Flags' : [ 0x4, ['_PEP_ACPI_RESOURCE_FLAGS']],
+    'TypeSpecificFlags' : [ 0x8, ['unsigned short']],
+    'ResourceSourceIndex' : [ 0xa, ['unsigned char']],
+    'ResourceSourceName' : [ 0xc, ['pointer', ['_UNICODE_STRING']]],
+    'VendorData' : [ 0x10, ['pointer', ['unsigned char']]],
+    'VendorDataLength' : [ 0x14, ['unsigned short']],
+} ],
+  '_DBGKD_GET_VERSION32' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned short']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'KernBase' : [ 0x8, ['unsigned long']],
+    'PsLoadedModuleList' : [ 0xc, ['unsigned long']],
+    'MachineType' : [ 0x10, ['unsigned short']],
+    'ThCallbackStack' : [ 0x12, ['unsigned short']],
+    'NextCallback' : [ 0x14, ['unsigned short']],
+    'FramePointer' : [ 0x16, ['unsigned short']],
+    'KiCallUserMode' : [ 0x18, ['unsigned long']],
+    'KeUserCallbackDispatcher' : [ 0x1c, ['unsigned long']],
+    'BreakpointWithStatus' : [ 0x20, ['unsigned long']],
+    'DebuggerDataList' : [ 0x24, ['unsigned long']],
+} ],
+  '_HANDLE_TABLE_FREE_LIST' : [ 0x40, {
+    'FreeListLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'FirstFreeHandleEntry' : [ 0x4, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'LastFreeHandleEntry' : [ 0x8, ['pointer', ['_HANDLE_TABLE_ENTRY']]],
+    'HandleCount' : [ 0xc, ['long']],
+    'HighWaterMark' : [ 0x10, ['unsigned long']],
+} ],
+  '_VF_KE_CRITICAL_REGION_TRACE' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_KDPC_DATA' : [ 0x18, {
+    'DpcList' : [ 0x0, ['_KDPC_LIST']],
+    'DpcLock' : [ 0x8, ['unsigned long']],
+    'DpcQueueDepth' : [ 0xc, ['long']],
+    'DpcCount' : [ 0x10, ['unsigned long']],
+    'ActiveDpc' : [ 0x14, ['pointer', ['_KDPC']]],
+} ],
+  '_DBGKD_QUERY_SPECIAL_CALLS' : [ 0x4, {
+    'NumberOfSpecialCalls' : [ 0x0, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_ACCOUNTING' : [ 0x408, {
+    'ResetCount' : [ 0x0, ['unsigned long']],
+    'StateCount' : [ 0x4, ['unsigned long']],
+    'DeepSleepCount' : [ 0x8, ['unsigned long']],
+    'TimeUnit' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'State' : [ 0x18, ['array', 1, ['_PLATFORM_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_WHEA_AER_BRIDGE_DESCRIPTOR' : [ 0x2c, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_BRIDGE_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'SecondaryUncorrectableErrorMask' : [ 0x20, ['unsigned long']],
+    'SecondaryUncorrectableErrorSev' : [ 0x24, ['unsigned long']],
+    'SecondaryCapsAndControl' : [ 0x28, ['unsigned long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK32' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['unsigned long']],
+    'FrameListCache' : [ 0x4, ['LIST_ENTRY32']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  '_IMAGE_ROM_OPTIONAL_HEADER' : [ 0x38, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'BaseOfBss' : [ 0x1c, ['unsigned long']],
+    'GprMask' : [ 0x20, ['unsigned long']],
+    'CprMask' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GpValue' : [ 0x34, ['unsigned long']],
+} ],
+  '__unnamed_2314' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MM_SESSION_SPACE_FLAGS']],
+} ],
+  '_MM_SESSION_SPACE' : [ 0x7000, {
+    'ReferenceCount' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_2314']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'ProcessReferenceToSession' : [ 0xc, ['long']],
+    'ProcessList' : [ 0x10, ['_LIST_ENTRY']],
+    'SessionPageDirectoryIndex' : [ 0x18, ['unsigned long']],
+    'NonPagablePages' : [ 0x1c, ['unsigned long']],
+    'CommittedPages' : [ 0x20, ['unsigned long']],
+    'PagedPoolStart' : [ 0x24, ['pointer', ['void']]],
+    'PagedPoolEnd' : [ 0x28, ['pointer', ['void']]],
+    'SessionObject' : [ 0x2c, ['pointer', ['void']]],
+    'SessionObjectHandle' : [ 0x30, ['pointer', ['void']]],
+    'ImageTree' : [ 0x34, ['_RTL_AVL_TREE']],
+    'LocaleId' : [ 0x38, ['unsigned long']],
+    'AttachCount' : [ 0x3c, ['unsigned long']],
+    'AttachGate' : [ 0x40, ['_KGATE']],
+    'WsListEntry' : [ 0x50, ['_LIST_ENTRY']],
+    'WsTreeEntry' : [ 0x58, ['_RTL_BALANCED_NODE']],
+    'PagedPoolInfo' : [ 0x64, ['_MM_PAGED_POOL_INFO']],
+    'Session' : [ 0x70, ['_MMSESSION']],
+    'CombineDomain' : [ 0x88, ['unsigned long long']],
+    'Vm' : [ 0xc0, ['_MMSUPPORT_FULL']],
+    'WorkingSetList' : [ 0x1c0, ['_MMWSL_INSTANCE']],
+    'HeapState' : [ 0x1d8, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x1dc, ['_MI_SESSION_DRIVER_UNLOAD']],
+    'TopLevelPteLockBits' : [ 0x1e0, ['array', 128, ['unsigned long']]],
+    'PageTables' : [ 0x3e0, ['array', 1024, ['_MMPTE']]],
+    'SessionPteLock' : [ 0x23e0, ['_EX_PUSH_LOCK']],
+    'PoolBigEntriesInUse' : [ 0x23e4, ['long']],
+    'PagedPoolPdeCount' : [ 0x23e8, ['long']],
+    'DynamicSessionPdeCount' : [ 0x23ec, ['unsigned long']],
+    'SystemPteInfo' : [ 0x23f0, ['_MI_SYSTEM_PTE_TYPE']],
+    'PoolTrackTableExpansion' : [ 0x2424, ['pointer', ['void']]],
+    'PoolTrackTableExpansionSize' : [ 0x2428, ['unsigned long']],
+    'PoolTrackBigPages' : [ 0x242c, ['pointer', ['void']]],
+    'PoolTrackBigPagesSize' : [ 0x2430, ['unsigned long']],
+    'PermittedFaultsTree' : [ 0x2434, ['_RTL_AVL_TREE']],
+    'IoState' : [ 0x2438, ['Enumeration', dict(target = 'long', choices = {1: u'IoSessionStateCreated', 2: u'IoSessionStateInitialized', 3: u'IoSessionStateConnected', 4: u'IoSessionStateDisconnected', 5: u'IoSessionStateDisconnectedLoggedOn', 6: u'IoSessionStateLoggedOn', 7: u'IoSessionStateLoggedOff', 8: u'IoSessionStateTerminated', 9: u'IoSessionStateMax'})]],
+    'IoStateSequence' : [ 0x243c, ['unsigned long']],
+    'IoNotificationEvent' : [ 0x2440, ['_KEVENT']],
+    'ServerSilo' : [ 0x2450, ['pointer', ['_EJOB']]],
+    'CreateTime' : [ 0x2458, ['unsigned long long']],
+    'PoolTags' : [ 0x3000, ['array', 16384, ['unsigned char']]],
+} ],
+  '_OBJECT_NAMESPACE_LOOKUPTABLE' : [ 0x130, {
+    'HashBuckets' : [ 0x0, ['array', 37, ['_LIST_ENTRY']]],
+    'Lock' : [ 0x128, ['_EX_PUSH_LOCK']],
+    'NumberOfPrivateSpaces' : [ 0x12c, ['unsigned long']],
+} ],
+  '_CMP_VOLUME_CONTEXT' : [ 0x2c, {
+    'VolumeContextListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'VolumeManager' : [ 0x8, ['pointer', ['_CMP_VOLUME_MANAGER']]],
+    'RefCount' : [ 0xc, ['long']],
+    'VolumeGuid' : [ 0x10, ['_GUID']],
+    'VolumeFileObject' : [ 0x20, ['pointer', ['void']]],
+    'VolumeContextLock' : [ 0x24, ['_CMSI_RW_LOCK']],
+    'DeviceUsageNotificationSent' : [ 0x28, ['unsigned char']],
+} ],
+  '_MI_CACHED_PTES' : [ 0x48, {
+    'Bins' : [ 0x0, ['array', 8, ['_MI_CACHED_PTE']]],
+    'CachedPteCount' : [ 0x40, ['long']],
+} ],
+  '_OBJECT_TYPE_INITIALIZER' : [ 0x58, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'ObjectTypeFlags' : [ 0x2, ['unsigned short']],
+    'CaseInsensitive' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UnnamedObjectsOnly' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'UseDefaultObject' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SecurityRequired' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'MaintainHandleCount' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'MaintainTypeList' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SupportsObjectCallbacks' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'CacheAligned' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UseExtendedParameters' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Reserved' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'ObjectTypeCode' : [ 0x4, ['unsigned long']],
+    'InvalidAttributes' : [ 0x8, ['unsigned long']],
+    'GenericMapping' : [ 0xc, ['_GENERIC_MAPPING']],
+    'ValidAccessMask' : [ 0x1c, ['unsigned long']],
+    'RetainAccess' : [ 0x20, ['unsigned long']],
+    'PoolType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'NonPagedPoolBase', 1: u'PagedPool', 2: u'NonPagedPoolBaseMustSucceed', 3: u'DontUseThisType', 4: u'NonPagedPoolBaseCacheAligned', 5: u'PagedPoolCacheAligned', 6: u'NonPagedPoolBaseCacheAlignedMustS', 7: u'MaxPoolType', 34: u'NonPagedPoolMustSucceedSession', 516: u'NonPagedPoolNxCacheAligned', 35: u'DontUseThisTypeSession', 32: u'NonPagedPoolSession', 512: u'NonPagedPoolNx', 544: u'NonPagedPoolSessionNx', 36: u'NonPagedPoolCacheAlignedSession', 33: u'PagedPoolSession', 38: u'NonPagedPoolCacheAlignedMustSSession', 37: u'PagedPoolCacheAlignedSession'})]],
+    'DefaultPagedPoolCharge' : [ 0x28, ['unsigned long']],
+    'DefaultNonPagedPoolCharge' : [ 0x2c, ['unsigned long']],
+    'DumpProcedure' : [ 0x30, ['pointer', ['void']]],
+    'OpenProcedure' : [ 0x34, ['pointer', ['void']]],
+    'CloseProcedure' : [ 0x38, ['pointer', ['void']]],
+    'DeleteProcedure' : [ 0x3c, ['pointer', ['void']]],
+    'ParseProcedure' : [ 0x40, ['pointer', ['void']]],
+    'ParseProcedureEx' : [ 0x40, ['pointer', ['void']]],
+    'SecurityProcedure' : [ 0x44, ['pointer', ['void']]],
+    'QueryNameProcedure' : [ 0x48, ['pointer', ['void']]],
+    'OkayToCloseProcedure' : [ 0x4c, ['pointer', ['void']]],
+    'WaitObjectFlagMask' : [ 0x50, ['unsigned long']],
+    'WaitObjectFlagOffset' : [ 0x54, ['unsigned short']],
+    'WaitObjectPointerOffset' : [ 0x56, ['unsigned short']],
+} ],
+  '_KLOCK_ENTRY' : [ 0x30, {
+    'TreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'EntryFlags' : [ 0xc, ['unsigned long']],
+    'EntryOffset' : [ 0xc, ['unsigned char']],
+    'ThreadLocalFlags' : [ 0xd, ['unsigned char']],
+    'WaitingBit' : [ 0xd, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare0' : [ 0xd, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'AcquiredByte' : [ 0xe, ['unsigned char']],
+    'AcquiredBit' : [ 0xe, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CrossThreadFlags' : [ 0xf, ['unsigned char']],
+    'HeadNodeBit' : [ 0xf, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IoPriorityBit' : [ 0xf, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IoQoSWaiter' : [ 0xf, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0xf, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'StaticState' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'AllFlags' : [ 0xc, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x10, ['_KLOCK_ENTRY_LOCK_STATE']],
+    'LockUnsafe' : [ 0x10, ['pointer', ['void']]],
+    'CrossThreadReleasableAndBusyByte' : [ 0x10, ['unsigned char']],
+    'Reserved' : [ 0x11, ['array', 2, ['unsigned char']]],
+    'InTreeByte' : [ 0x13, ['unsigned char']],
+    'SessionState' : [ 0x14, ['pointer', ['void']]],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'OwnerTree' : [ 0x18, ['_RTL_RB_TREE']],
+    'WaiterTree' : [ 0x20, ['_RTL_RB_TREE']],
+    'CpuPriorityKey' : [ 0x18, ['unsigned char']],
+    'EntryLock' : [ 0x28, ['unsigned long']],
+    'BoostBitmap' : [ 0x2c, ['_KLOCK_ENTRY_BOOST_BITMAP']],
+} ],
+  '_KTHREAD_COUNTERS' : [ 0x1a8, {
+    'WaitReasonBitMap' : [ 0x0, ['unsigned long long']],
+    'UserData' : [ 0x8, ['pointer', ['_THREAD_PERFORMANCE_DATA']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'ContextSwitches' : [ 0x10, ['unsigned long']],
+    'CycleTimeBias' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'HwCounter' : [ 0x28, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_HEAP_TAG_ENTRY' : [ 0x40, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'TagIndex' : [ 0xc, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0xe, ['unsigned short']],
+    'TagName' : [ 0x10, ['array', 24, ['wchar']]],
+} ],
+  '_DBGKD_ANY_CONTROL_SET' : [ 0x1c, {
+    'X86ControlSet' : [ 0x0, ['_X86_DBGKD_CONTROL_SET']],
+    'AlphaControlSet' : [ 0x0, ['unsigned long']],
+    'IA64ControlSet' : [ 0x0, ['_IA64_DBGKD_CONTROL_SET']],
+    'Amd64ControlSet' : [ 0x0, ['_AMD64_DBGKD_CONTROL_SET']],
+    'ArmControlSet' : [ 0x0, ['_ARM_DBGKD_CONTROL_SET']],
+    'Arm64ControlSet' : [ 0x0, ['_ARM64_DBGKD_CONTROL_SET']],
+    'ArmCeControlSet' : [ 0x0, ['_ARMCE_DBGKD_CONTROL_SET']],
+    'PpcControlSet' : [ 0x0, ['_PPC_DBGKD_CONTROL_SET']],
+} ],
+  '_MMVAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemory' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+} ],
+  '_HEAP_COUNTERS' : [ 0x5c, {
+    'TotalMemoryReserved' : [ 0x0, ['unsigned long']],
+    'TotalMemoryCommitted' : [ 0x4, ['unsigned long']],
+    'TotalMemoryLargeUCR' : [ 0x8, ['unsigned long']],
+    'TotalSizeInVirtualBlocks' : [ 0xc, ['unsigned long']],
+    'TotalSegments' : [ 0x10, ['unsigned long']],
+    'TotalUCRs' : [ 0x14, ['unsigned long']],
+    'CommittOps' : [ 0x18, ['unsigned long']],
+    'DeCommitOps' : [ 0x1c, ['unsigned long']],
+    'LockAcquires' : [ 0x20, ['unsigned long']],
+    'LockCollisions' : [ 0x24, ['unsigned long']],
+    'CommitRate' : [ 0x28, ['unsigned long']],
+    'DecommittRate' : [ 0x2c, ['unsigned long']],
+    'CommitFailures' : [ 0x30, ['unsigned long']],
+    'InBlockCommitFailures' : [ 0x34, ['unsigned long']],
+    'PollIntervalCounter' : [ 0x38, ['unsigned long']],
+    'DecommitsSinceLastCheck' : [ 0x3c, ['unsigned long']],
+    'HeapPollInterval' : [ 0x40, ['unsigned long']],
+    'AllocAndFreeOps' : [ 0x44, ['unsigned long']],
+    'AllocationIndicesActive' : [ 0x48, ['unsigned long']],
+    'InBlockDeccommits' : [ 0x4c, ['unsigned long']],
+    'InBlockDeccomitSize' : [ 0x50, ['unsigned long']],
+    'HighWatermarkSize' : [ 0x54, ['unsigned long']],
+    'LastPolledSize' : [ 0x58, ['unsigned long']],
+} ],
+  '_INTERFACE' : [ 0x10, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_HEAP_PSEUDO_TAG_ENTRY' : [ 0xc, {
+    'Allocs' : [ 0x0, ['unsigned long']],
+    'Frees' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_IRP_WORKER_ENTRY' : [ 0x18, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'Irp' : [ 0xc, ['pointer', ['_IRP']]],
+    'Device' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'Static' : [ 0x14, ['unsigned char']],
+} ],
+  '__unnamed_2382' : [ 0x10, {
+    'CallerCompletion' : [ 0x0, ['pointer', ['void']]],
+    'CallerContext' : [ 0x4, ['pointer', ['void']]],
+    'CallerDevice' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'SystemWake' : [ 0xc, ['unsigned char']],
+} ],
+  '__unnamed_2385' : [ 0x8, {
+    'NotifyDevice' : [ 0x0, ['pointer', ['_PO_DEVICE_NOTIFY']]],
+    'FxDeviceActivated' : [ 0x4, ['unsigned char']],
+} ],
+  '_POP_IRP_DATA' : [ 0x98, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'CurrentDevice' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+    'WatchdogStart' : [ 0x18, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x20, ['_KTIMER']],
+    'WatchdogDpc' : [ 0x48, ['_KDPC']],
+    'MinorFunction' : [ 0x68, ['unsigned char']],
+    'PowerStateType' : [ 0x6c, ['Enumeration', dict(target = 'long', choices = {0: u'SystemPowerState', 1: u'DevicePowerState'})]],
+    'PowerState' : [ 0x70, ['_POWER_STATE']],
+    'WatchdogEnabled' : [ 0x74, ['unsigned char']],
+    'FxDevice' : [ 0x78, ['pointer', ['_POP_FX_DEVICE']]],
+    'SystemTransition' : [ 0x7c, ['unsigned char']],
+    'NotifyPEP' : [ 0x7d, ['unsigned char']],
+    'IrpSequenceID' : [ 0x80, ['long']],
+    'Device' : [ 0x84, ['__unnamed_2382']],
+    'System' : [ 0x84, ['__unnamed_2385']],
+    'DStateReason' : [ 0x94, ['Enumeration', dict(target = 'long', choices = {0: u'PepNotifyDeviceDStateReasonNone', 1: u'PepNotifyDeviceDStateReasonSystemTransition', 2: u'PepNotifyDeviceDStateReasonDfx', 3: u'PepNotifyDeviceDStateReasonMax'})]],
+} ],
+  '__unnamed_238c' : [ 0x4, {
+    'Flags' : [ 0x0, ['_MMSECURE_FLAGS']],
+    'FlagsLong' : [ 0x0, ['unsigned long']],
+    'StartVa' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_MMADDRESS_LIST' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_238c']],
+    'EndVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_KSYSTEM_TIME' : [ 0xc, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'High1Time' : [ 0x4, ['long']],
+    'High2Time' : [ 0x8, ['long']],
+} ],
+  '_CLIENT_ID' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['pointer', ['void']]],
+    'UniqueThread' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROCESS_DISK_COUNTERS' : [ 0x28, {
+    'BytesRead' : [ 0x0, ['unsigned long long']],
+    'BytesWritten' : [ 0x8, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x10, ['unsigned long long']],
+    'WriteOperationCount' : [ 0x18, ['unsigned long long']],
+    'FlushOperationCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POOL_TRACKER_TABLE' : [ 0x30, {
+    'Key' : [ 0x0, ['long']],
+    'NonPagedBytes' : [ 0x4, ['unsigned long']],
+    'NonPagedAllocs' : [ 0x8, ['unsigned long long']],
+    'NonPagedFrees' : [ 0x10, ['unsigned long long']],
+    'PagedBytes' : [ 0x18, ['unsigned long']],
+    'PagedAllocs' : [ 0x20, ['unsigned long long']],
+    'PagedFrees' : [ 0x28, ['unsigned long long']],
+} ],
+  '_KLOCK_ENTRY_BOOST_BITMAP' : [ 0x4, {
+    'AllFields' : [ 0x0, ['unsigned long']],
+    'AllBoosts' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 17, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+    'CpuBoostsBitmap' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned short')]],
+    'IoBoost' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'IoQoSBoost' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'IoNormalPriorityWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 9, native_type='unsigned short')]],
+    'IoQoSWaiterCount' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_CMP_VOLUME_MANAGER' : [ 0xc, {
+    'VolumeContextListLock' : [ 0x0, ['_CMSI_RW_LOCK']],
+    'VolumeContextListHead' : [ 0x4, ['_LIST_ENTRY']],
+} ],
+  '_DBGKD_GET_SET_BUS_DATA' : [ 0x14, {
+    'BusDataType' : [ 0x0, ['unsigned long']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'SlotNumber' : [ 0x8, ['unsigned long']],
+    'Offset' : [ 0xc, ['unsigned long']],
+    'Length' : [ 0x10, ['unsigned long']],
+} ],
+  '_DBGK_SILOSTATE' : [ 0x10, {
+    'ErrorPortLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ErrorPort' : [ 0x4, ['pointer', ['_DBGKP_ERROR_PORT']]],
+    'ErrorProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ErrorPortRegisteredEvent' : [ 0xc, ['pointer', ['_KEVENT']]],
+} ],
+  '_STACK_TABLE' : [ 0x8040, {
+    'NumStackTraces' : [ 0x0, ['unsigned short']],
+    'TraceCapacity' : [ 0x2, ['unsigned short']],
+    'StackTrace' : [ 0x4, ['array', 16, ['pointer', ['_OBJECT_REF_TRACE']]]],
+    'StackTableHash' : [ 0x44, ['array', 16381, ['unsigned short']]],
+} ],
+  '_PPM_IDLE_STATES' : [ 0x150, {
+    'InterfaceVersion' : [ 0x0, ['unsigned char']],
+    'IdleOverride' : [ 0x1, ['unsigned char']],
+    'EstimateIdleDuration' : [ 0x2, ['unsigned char']],
+    'ExitLatencyTraceEnabled' : [ 0x3, ['unsigned char']],
+    'NonInterruptibleTransition' : [ 0x4, ['unsigned char']],
+    'UnaccountedTransition' : [ 0x5, ['unsigned char']],
+    'IdleDurationLimited' : [ 0x6, ['unsigned char']],
+    'IdleCheckLimited' : [ 0x7, ['unsigned char']],
+    'StrictVetoBias' : [ 0x8, ['unsigned char']],
+    'ExitLatencyCountdown' : [ 0xc, ['unsigned long']],
+    'TargetState' : [ 0x10, ['unsigned long']],
+    'ActualState' : [ 0x14, ['unsigned long']],
+    'OldState' : [ 0x18, ['unsigned long']],
+    'OverrideIndex' : [ 0x1c, ['unsigned long']],
+    'ProcessorIdleCount' : [ 0x20, ['unsigned long']],
+    'Type' : [ 0x24, ['unsigned long']],
+    'LevelId' : [ 0x28, ['unsigned long long']],
+    'ReasonFlags' : [ 0x30, ['unsigned short']],
+    'InitiateWakeStamp' : [ 0x38, ['unsigned long long']],
+    'PreviousStatus' : [ 0x40, ['long']],
+    'PreviousCancelReason' : [ 0x44, ['unsigned long']],
+    'PrimaryProcessorMask' : [ 0x48, ['_KAFFINITY_EX']],
+    'SecondaryProcessorMask' : [ 0x54, ['_KAFFINITY_EX']],
+    'IdlePrepare' : [ 0x60, ['pointer', ['void']]],
+    'IdlePreExecute' : [ 0x64, ['pointer', ['void']]],
+    'IdleExecute' : [ 0x68, ['pointer', ['void']]],
+    'IdlePreselect' : [ 0x6c, ['pointer', ['void']]],
+    'IdleTest' : [ 0x70, ['pointer', ['void']]],
+    'IdleAvailabilityCheck' : [ 0x74, ['pointer', ['void']]],
+    'IdleComplete' : [ 0x78, ['pointer', ['void']]],
+    'IdleCancel' : [ 0x7c, ['pointer', ['void']]],
+    'IdleIsHalted' : [ 0x80, ['pointer', ['void']]],
+    'IdleInitiateWake' : [ 0x84, ['pointer', ['void']]],
+    'PrepareInfo' : [ 0x88, ['_PROCESSOR_IDLE_PREPARE_INFO']],
+    'DeepIdleSnapshot' : [ 0xd8, ['_KAFFINITY_EX']],
+    'Tracing' : [ 0xe4, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'CoordinatedTracing' : [ 0xe8, ['pointer', ['_PERFINFO_PPM_STATE_SELECTION']]],
+    'ProcessorMenu' : [ 0xec, ['_PPM_SELECTION_MENU']],
+    'CoordinatedMenu' : [ 0xf4, ['_PPM_SELECTION_MENU']],
+    'CoordinatedSelection' : [ 0xfc, ['_PPM_COORDINATED_SELECTION']],
+    'State' : [ 0x10c, ['array', 1, ['_PPM_IDLE_STATE']]],
+} ],
+  '_MMVAD_FLAGS1' : [ 0x4, {
+    'CommitCharge' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'MemCommit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MM_PRIVATE_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'FixedLargePageSize' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ZeroFillPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Graphics' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Enclave' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ShadowStack' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'PhysicalMemoryPfnsReferenced' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+} ],
+  '_EVENT_HEADER_EXTENDED_DATA_ITEM' : [ 0x10, {
+    'Reserved1' : [ 0x0, ['unsigned short']],
+    'ExtType' : [ 0x2, ['unsigned short']],
+    'Linkage' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'DataSize' : [ 0x6, ['unsigned short']],
+    'DataPtr' : [ 0x8, ['unsigned long long']],
+} ],
+  '_ETW_HASH_BUCKET' : [ 0x1c, {
+    'ListHead' : [ 0x0, ['array', 3, ['_LIST_ENTRY']]],
+    'BucketLock' : [ 0x18, ['_EX_PUSH_LOCK']],
+} ],
+  '_VI_DEADLOCK_RESOURCE' : [ 0x80, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'VfDeadlockUnknown', 1: u'VfDeadlockMutex', 2: u'VfDeadlockMutexAbandoned', 3: u'VfDeadlockFastMutex', 4: u'VfDeadlockFastMutexUnsafe', 5: u'VfDeadlockSpinLock', 6: u'VfDeadlockInStackQueuedSpinLock', 7: u'VfDeadlockUnusedSpinLock', 8: u'VfDeadlockEresource', 9: u'VfDeadlockTypeMaximum'})]],
+    'NodeCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'RecursionCount' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+    'ResourceAddress' : [ 0x8, ['pointer', ['void']]],
+    'ThreadOwner' : [ 0xc, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'ResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'HashChainList' : [ 0x18, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'StackTrace' : [ 0x20, ['array', 8, ['pointer', ['void']]]],
+    'LastAcquireTrace' : [ 0x40, ['array', 8, ['pointer', ['void']]]],
+    'LastReleaseTrace' : [ 0x60, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_RTL_HEAP_MEMORY_LIMIT_DATA' : [ 0x10, {
+    'CommitLimitBytes' : [ 0x0, ['unsigned long']],
+    'CommitLimitFailureCode' : [ 0x4, ['unsigned long']],
+    'MaxAllocationSizeBytes' : [ 0x8, ['unsigned long']],
+    'AllocationLimitFailureCode' : [ 0xc, ['unsigned long']],
+} ],
+  '_SEP_TOKEN_DIAG_TRACK_ENTRY' : [ 0x9c, {
+    'ProcessCid' : [ 0x0, ['pointer', ['void']]],
+    'ThreadCid' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'CreateMethod' : [ 0x18, ['unsigned long']],
+    'CreateTrace' : [ 0x1c, ['array', 30, ['unsigned long']]],
+    'Count' : [ 0x94, ['long']],
+    'CaptureCount' : [ 0x98, ['long']],
+} ],
+  '_EX_PUSH_LOCK_AUTO_EXPAND_STATE' : [ 0x4, {
+    'Expanded' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Transitioning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Pageable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_DUMMY_FILE_OBJECT' : [ 0xa0, {
+    'ObjectHeader' : [ 0x0, ['_OBJECT_HEADER']],
+    'FileObjectBody' : [ 0x20, ['array', 128, ['unsigned char']]],
+} ],
+  '_VF_BTS_DATA_MANAGEMENT_AREA' : [ 0x34, {
+    'BTSBufferBase' : [ 0x0, ['pointer', ['void']]],
+    'BTSIndex' : [ 0x4, ['pointer', ['void']]],
+    'BTSMax' : [ 0x8, ['pointer', ['void']]],
+    'BTSInterruptThreshold' : [ 0xc, ['pointer', ['void']]],
+    'PEBSBufferBase' : [ 0x10, ['pointer', ['void']]],
+    'PEBSIndex' : [ 0x14, ['pointer', ['void']]],
+    'PEBSMax' : [ 0x18, ['pointer', ['void']]],
+    'PEBSInterruptThreshold' : [ 0x1c, ['pointer', ['void']]],
+    'PEBSCounterReset' : [ 0x20, ['array', 2, ['pointer', ['void']]]],
+    'Reserved' : [ 0x28, ['array', 12, ['unsigned char']]],
+} ],
+  '_PPM_POLICY_SETTINGS_MASK' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'PerfDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PerfIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PerfDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PerfIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PerfDecreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PerfIncreaseThreshold' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PerfMinPolicy' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'PerfMaxPolicy' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'PerfTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PerfBoostPolicy' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'PerfBoostMode' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllowThrottling' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PerfHistoryCount' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ParkingPerfState' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'LatencyHintPerf' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'LatencyHintUnpark' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'CoreParkingMinCores' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'CoreParkingMaxCores' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'CoreParkingDecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'CoreParkingIncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'CoreParkingDecreaseTime' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CoreParkingIncreaseTime' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CoreParkingOverUtilizationThreshold' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoreParkingDistributeUtility' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CoreParkingConcurrencyThreshold' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'CoreParkingHeadroomThreshold' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'CoreParkingDistributionThreshold' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'IdleAllowScaling' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'IdleDisable' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'IdleTimeCheck' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'IdleDemoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'IdlePromoteThreshold' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HeteroDecreaseTime' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HeteroIncreaseTime' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HeteroDecreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'HeteroIncreaseThreshold' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Class0FloorPerformance' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Class1InitialPerformance' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnergyPerfPreference' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AutonomousActivityWindow' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AutonomousMode' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'DutyCycling' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'FrequencyCap' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'ThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'ShortThreadPolicy' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'IdleStateMax' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'ResponsivenessDisableThreshold' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ResponsivenessEnableThreshold' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ResponsivenessDisableTime' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ResponsivenessEnableTime' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ResponsivenessEppCeiling' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ResponsivenessPerfFloor' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SoftParkLatency' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_23fc' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'SubsectionFlags' : [ 0x0, ['_MMSUBSECTION_FLAGS']],
+} ],
+  '__unnamed_23ff' : [ 0x4, {
+    'e1' : [ 0x0, ['_MI_SUBSECTION_ENTRY1']],
+    'EntireField' : [ 0x0, ['unsigned long']],
+} ],
+  '_SUBSECTION' : [ 0x28, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'SubsectionBase' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextSubsection' : [ 0x8, ['pointer', ['_SUBSECTION']]],
+    'GlobalPerSessionHead' : [ 0xc, ['_RTL_AVL_TREE']],
+    'CreationWaitList' : [ 0xc, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'SessionDriverProtos' : [ 0xc, ['pointer', ['_MI_PER_SESSION_PROTOS']]],
+    'u' : [ 0x10, ['__unnamed_23fc']],
+    'StartingSector' : [ 0x14, ['unsigned long']],
+    'NumberOfFullSectors' : [ 0x18, ['unsigned long']],
+    'PtesInSubsection' : [ 0x1c, ['unsigned long']],
+    'u1' : [ 0x20, ['__unnamed_23ff']],
+    'UnusedPtes' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'ExtentQueryNeeded' : [ 0x24, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'DirtyPages' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KSCHEDULING_GROUP' : [ 0x180, {
+    'Policy' : [ 0x0, ['_KSCHEDULING_GROUP_POLICY']],
+    'RelativeWeight' : [ 0x8, ['unsigned long']],
+    'ChildMinRate' : [ 0xc, ['unsigned long']],
+    'ChildMinWeight' : [ 0x10, ['unsigned long']],
+    'ChildTotalWeight' : [ 0x14, ['unsigned long']],
+    'QueryHistoryTimeStamp' : [ 0x18, ['unsigned long long']],
+    'NotificationCycles' : [ 0x20, ['long long']],
+    'MaxQuotaLimitCycles' : [ 0x28, ['long long']],
+    'MaxQuotaCyclesRemaining' : [ 0x30, ['long long']],
+    'SchedulingGroupList' : [ 0x38, ['_LIST_ENTRY']],
+    'Sibling' : [ 0x38, ['_LIST_ENTRY']],
+    'NotificationDpc' : [ 0x40, ['pointer', ['_KDPC']]],
+    'ChildList' : [ 0x44, ['_LIST_ENTRY']],
+    'Parent' : [ 0x4c, ['pointer', ['_KSCHEDULING_GROUP']]],
+    'PerProcessor' : [ 0x80, ['array', 1, ['_KSCB']]],
+} ],
+  '_CM_INTENT_LOCK' : [ 0x8, {
+    'OwnerCount' : [ 0x0, ['unsigned long']],
+    'OwnerTable' : [ 0x4, ['pointer', ['pointer', ['_CM_KCB_UOW']]]],
+} ],
+  '_AUTHZBASEP_CLAIM_ATTRIBUTES_COLLECTION' : [ 0x130, {
+    'DeviceGroupsCount' : [ 0x0, ['unsigned long']],
+    'pDeviceGroups' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'RestrictedDeviceGroupsCount' : [ 0x8, ['unsigned long']],
+    'pRestrictedDeviceGroups' : [ 0xc, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'DeviceGroupsHash' : [ 0x10, ['_SID_AND_ATTRIBUTES_HASH']],
+    'RestrictedDeviceGroupsHash' : [ 0x98, ['_SID_AND_ATTRIBUTES_HASH']],
+    'pUserSecurityAttributes' : [ 0x120, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pDeviceSecurityAttributes' : [ 0x124, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedUserSecurityAttributes' : [ 0x128, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+    'pRestrictedDeviceSecurityAttributes' : [ 0x12c, ['pointer', ['_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION']]],
+} ],
+  '_TEB_ACTIVE_FRAME' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'Previous' : [ 0x4, ['pointer', ['_TEB_ACTIVE_FRAME']]],
+    'Context' : [ 0x8, ['pointer', ['_TEB_ACTIVE_FRAME_CONTEXT']]],
+} ],
+  '_DEVICE_CAPABILITIES' : [ 0x40, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'DeviceD1' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeviceD2' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LockSupported' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'EjectSupported' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Removable' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'DockDevice' : [ 0x4, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UniqueID' : [ 0x4, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SilentInstall' : [ 0x4, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'RawDeviceOK' : [ 0x4, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'SurpriseRemovalOK' : [ 0x4, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'WakeFromD0' : [ 0x4, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'WakeFromD1' : [ 0x4, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'WakeFromD2' : [ 0x4, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'WakeFromD3' : [ 0x4, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'HardwareDisabled' : [ 0x4, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'NonDynamic' : [ 0x4, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'WarmEjectSupported' : [ 0x4, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NoDisplayInUI' : [ 0x4, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'Reserved1' : [ 0x4, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'WakeFromInterrupt' : [ 0x4, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'SecureDevice' : [ 0x4, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'ChildOfVgaEnabledBridge' : [ 0x4, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'DecodeIoOnBoot' : [ 0x4, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 23, end_bit = 32, native_type='unsigned long')]],
+    'Address' : [ 0x8, ['unsigned long']],
+    'UINumber' : [ 0xc, ['unsigned long']],
+    'DeviceState' : [ 0x10, ['array', 7, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]]],
+    'SystemWake' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceWake' : [ 0x30, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'D1Latency' : [ 0x34, ['unsigned long']],
+    'D2Latency' : [ 0x38, ['unsigned long']],
+    'D3Latency' : [ 0x3c, ['unsigned long']],
+} ],
+  '_JOBOBJECT_ENERGY_TRACKING_STATE' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'UpdateMask' : [ 0x0, ['unsigned long']],
+    'DesiredState' : [ 0x4, ['unsigned long']],
+} ],
+  '_LOCK_HEADER' : [ 0x14, {
+    'LockTree' : [ 0x0, ['_RTL_AVL_TREE']],
+    'LockMdlSwitchedTree' : [ 0x4, ['_RTL_AVL_TREE']],
+    'Count' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Valid' : [ 0x10, ['unsigned long']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY' : [ 0x24, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'EntryDescriptor' : [ 0x10, ['_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR']],
+    'HandleCount' : [ 0x1c, ['unsigned long']],
+    'Handles' : [ 0x20, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_PROCESSOR_PROFILE_CONTROL_AREA' : [ 0xa0, {
+    'PebsDsSaveArea' : [ 0x0, ['_PEBS_DS_SAVE_AREA']],
+} ],
+  '_KHETERO_PROCESSOR_SET' : [ 0xc, {
+    'IdealMask' : [ 0x0, ['unsigned long']],
+    'PreferredMask' : [ 0x4, ['unsigned long']],
+    'AvailableMask' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_NAME_HASH' : [ 0xc, {
+    'ConvKey' : [ 0x0, ['_CM_COMPONENT_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_NAME_HASH']]],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'Name' : [ 0xa, ['array', 1, ['wchar']]],
+} ],
+  '_MMSESSION' : [ 0x14, {
+    'SystemSpaceViewLock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'SystemSpaceViewLockPointer' : [ 0x4, ['pointer', ['_EX_PUSH_LOCK']]],
+    'ViewRoot' : [ 0x8, ['_RTL_AVL_TREE']],
+    'ViewCount' : [ 0xc, ['unsigned long']],
+    'BitmapFailures' : [ 0x10, ['unsigned long']],
+} ],
+  '_CC_ASYNC_READ_CONTEXT' : [ 0x14, {
+    'CompletionRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'RequestorMode' : [ 0xc, ['unsigned char']],
+    'NestingLevel' : [ 0x10, ['unsigned long']],
+} ],
+  '_CLIENT_ID64' : [ 0x10, {
+    'UniqueProcess' : [ 0x0, ['unsigned long long']],
+    'UniqueThread' : [ 0x8, ['unsigned long long']],
+} ],
+  '_DIRTY_PAGE_STATISTICS' : [ 0xc, {
+    'DirtyPages' : [ 0x0, ['unsigned long']],
+    'DirtyPagesLastScan' : [ 0x4, ['unsigned long']],
+    'DirtyPagesScheduledLastScan' : [ 0x8, ['unsigned long']],
+} ],
+  '_EPROCESS_VALUES' : [ 0x68, {
+    'KernelTime' : [ 0x0, ['unsigned long long']],
+    'UserTime' : [ 0x8, ['unsigned long long']],
+    'ReadyTime' : [ 0x10, ['unsigned long long']],
+    'CycleTime' : [ 0x18, ['unsigned long long']],
+    'ContextSwitches' : [ 0x20, ['unsigned long long']],
+    'ReadOperationCount' : [ 0x28, ['long long']],
+    'WriteOperationCount' : [ 0x30, ['long long']],
+    'OtherOperationCount' : [ 0x38, ['long long']],
+    'ReadTransferCount' : [ 0x40, ['long long']],
+    'WriteTransferCount' : [ 0x48, ['long long']],
+    'OtherTransferCount' : [ 0x50, ['long long']],
+    'KernelWaitTime' : [ 0x58, ['unsigned long long']],
+    'UserWaitTime' : [ 0x60, ['unsigned long long']],
+} ],
+  '_ETW_PARTITION_CONTEXT' : [ 0x4, {
+    'Partition' : [ 0x0, ['pointer', ['_EPARTITION']]],
+} ],
+  '_WHEA_XPF_CMC_DESCRIPTOR' : [ 0x3a4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Notify' : [ 0x8, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'Banks' : [ 0x24, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_SID_AND_ATTRIBUTES' : [ 0x8, {
+    'Sid' : [ 0x0, ['pointer', ['void']]],
+    'Attributes' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_MAP' : [ 0x38, {
+    'DosDevicesDirectory' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'GlobalDosDevicesDirectory' : [ 0x4, ['pointer', ['_OBJECT_DIRECTORY']]],
+    'DosDevicesDirectoryHandle' : [ 0x8, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'DriveMap' : [ 0x10, ['unsigned long']],
+    'DriveType' : [ 0x14, ['array', 32, ['unsigned char']]],
+    'ServerSilo' : [ 0x34, ['pointer', ['_EJOB']]],
+} ],
+  '_MMPTE_SUBSECTION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long long')]],
+    'SubsectionAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_TRIAGE_9F_PNP' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'CompletionQueue' : [ 0x4, ['pointer', ['_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE']]],
+    'DelayedWorkQueue' : [ 0x8, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_CM_KEY_SECURITY_CACHE_ENTRY' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'CachedSecurity' : [ 0x4, ['pointer', ['_CM_KEY_SECURITY_CACHE']]],
+} ],
+  '_POP_CURRENT_BROADCAST' : [ 0x10, {
+    'InProgress' : [ 0x0, ['unsigned char']],
+    'SystemContext' : [ 0x4, ['_SYSTEM_POWER_STATE_CONTEXT']],
+    'PowerAction' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'DeviceState' : [ 0xc, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+} ],
+  '_PHYSICAL_MEMORY_DESCRIPTOR' : [ 0x10, {
+    'NumberOfRuns' : [ 0x0, ['unsigned long']],
+    'NumberOfPages' : [ 0x4, ['unsigned long']],
+    'Run' : [ 0x8, ['array', 1, ['_PHYSICAL_MEMORY_RUN']]],
+} ],
+  '_MMPTE_HARDWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Dirty1' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_SESSION_SPACE_FLAGS' : [ 0x4, {
+    'Initialized' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DeletePending' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PoolInitialized' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DynamicVaInitialized' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'WsInitialized' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PoolDestroyed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ObjectInitialized' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'SessionHeapInitialized' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'SessionHeapDestroyed' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'LeakedPoolDeliberately' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Filler' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OBJECT_HANDLE_COUNT_DATABASE' : [ 0xc, {
+    'CountEntries' : [ 0x0, ['unsigned long']],
+    'HandleCountEntries' : [ 0x4, ['array', 1, ['_OBJECT_HANDLE_COUNT_ENTRY']]],
+} ],
+  '_MI_LARGEPAGE_VAD_INFO' : [ 0xc, {
+    'LargeImageBias' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'ActualImageViewSize' : [ 0x4, ['unsigned long']],
+    'ReferencedPartition' : [ 0x8, ['pointer', ['_EPARTITION']]],
+} ],
+  '_JOB_RATE_CONTROL_HEADER' : [ 0x14, {
+    'RateControlQuotaReference' : [ 0x0, ['pointer', ['void']]],
+    'OverQuotaHistory' : [ 0x4, ['_RTL_BITMAP']],
+    'BitMapBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'BitMapBufferSize' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_DYNAMIC_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Linkage' : [ 0x0, ['_LIST_ENTRY']],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_OBJECT_NAME_INFORMATION' : [ 0x8, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR_V2' : [ 0x50, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+    'ReadAckAddressSpaceID' : [ 0x34, ['unsigned char']],
+    'ReadAckAddressBitWidth' : [ 0x35, ['unsigned char']],
+    'ReadAckAddressBitOffset' : [ 0x36, ['unsigned char']],
+    'ReadAckAddressAccessSize' : [ 0x37, ['unsigned char']],
+    'ReadAckAddress' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAckPreserveMask' : [ 0x40, ['unsigned long long']],
+    'ReadAckWriteMask' : [ 0x48, ['unsigned long long']],
+} ],
+  '_PROCESSOR_NUMBER' : [ 0x4, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'Number' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_DBGKD_SET_CONTEXT' : [ 0x4, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_GDI_TEB_BATCH64' : [ 0x4e8, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x8, ['unsigned long long']],
+    'Buffer' : [ 0x10, ['array', 310, ['unsigned long']]],
+} ],
+  '_HEAP_TUNING_PARAMETERS' : [ 0x8, {
+    'CommittThresholdShift' : [ 0x0, ['unsigned long']],
+    'MaxPreCommittThreshold' : [ 0x4, ['unsigned long']],
+} ],
+  '_LPCP_MESSAGE' : [ 0x30, {
+    'Entry' : [ 0x0, ['_LIST_ENTRY']],
+    'FreeEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Reserved0' : [ 0x4, ['unsigned long']],
+    'SenderPort' : [ 0x8, ['pointer', ['void']]],
+    'RepliedToThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'PortContext' : [ 0x10, ['pointer', ['void']]],
+    'Request' : [ 0x18, ['_PORT_MESSAGE']],
+} ],
+  '_PCW_MASK_INFORMATION' : [ 0x20, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+    'InstanceId' : [ 0xc, ['unsigned long']],
+    'CollectMultiple' : [ 0x10, ['unsigned char']],
+    'Buffer' : [ 0x14, ['pointer', ['_PCW_BUFFER']]],
+    'CancelEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+} ],
+  '_PO_DIRECTED_DRIPS_STATE' : [ 0x20, {
+    'QueueLink' : [ 0x0, ['_LIST_ENTRY']],
+    'VisitedQueueLink' : [ 0x8, ['_LIST_ENTRY']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'CachedFlags' : [ 0x14, ['unsigned long']],
+    'DeviceUsageCount' : [ 0x18, ['unsigned long']],
+    'Diagnostic' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_AER_ENDPOINT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_DBGKD_WRITE_CUSTOM_BREAKPOINT' : [ 0x18, {
+    'BreakPointAddress' : [ 0x0, ['unsigned long long']],
+    'BreakPointInstruction' : [ 0x8, ['unsigned long long']],
+    'BreakPointHandle' : [ 0x10, ['unsigned long']],
+    'BreakPointInstructionSize' : [ 0x14, ['unsigned char']],
+    'BreakPointInstructionAlignment' : [ 0x15, ['unsigned char']],
+} ],
+  '_DBGKD_QUERY_MEMORY' : [ 0x18, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Reserved' : [ 0x8, ['unsigned long long']],
+    'AddressSpace' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_OBJECT_REF_INFO' : [ 0x1c, {
+    'ObjectHeader' : [ 0x0, ['pointer', ['_OBJECT_HEADER']]],
+    'NextRef' : [ 0x4, ['pointer', ['void']]],
+    'ImageFileName' : [ 0x8, ['array', 16, ['unsigned char']]],
+    'NextPos' : [ 0x18, ['unsigned short']],
+    'MaxStacks' : [ 0x1a, ['unsigned short']],
+    'StackInfo' : [ 0x1c, ['array', 0, ['_OBJECT_REF_STACK_INFO']]],
+} ],
+  '_KQOS_GROUPING_SETS' : [ 0x8, {
+    'SingleCoreSet' : [ 0x0, ['unsigned long']],
+    'SmtSet' : [ 0x4, ['unsigned long']],
+    'QosGroupingMasks' : [ 0x0, ['long long']],
+} ],
+  '__unnamed_249e' : [ 0x4, {
+    'FlushCompleting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='long')]],
+    'FlushInProgress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='long')]],
+    'Long' : [ 0x0, ['long']],
+} ],
+  '_MI_PARTITION_STORES' : [ 0x60, {
+    'WriteAllStoreHintedPages' : [ 0x0, ['__unnamed_249e']],
+    'VirtualPageFileNumber' : [ 0x4, ['unsigned long']],
+    'Registered' : [ 0x8, ['unsigned long']],
+    'ReadClusterSizeMax' : [ 0xc, ['unsigned long']],
+    'EvictFlushRequestCount' : [ 0x10, ['unsigned long']],
+    'ModifiedWriteDisableCount' : [ 0x14, ['unsigned long']],
+    'WriteIssueFailures' : [ 0x18, ['unsigned long']],
+    'WritesOutstanding' : [ 0x1c, ['unsigned long']],
+    'EvictFlushLock' : [ 0x20, ['long']],
+    'EvictionThread' : [ 0x24, ['pointer', ['_ETHREAD']]],
+    'EvictEvent' : [ 0x28, ['_KEVENT']],
+    'WriteSupportSListHead' : [ 0x38, ['_SLIST_HEADER']],
+    'EvictFlushCompleteEvent' : [ 0x40, ['_KEVENT']],
+    'ModifiedWriteFailedBitmap' : [ 0x50, ['pointer', ['_RTL_BITMAP']]],
+    'StoreProcess' : [ 0x54, ['pointer', ['_EPROCESS']]],
+    'DeleteStoredPages' : [ 0x58, ['unsigned long']],
+} ],
+  '_PS_PROPERTY_SET' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['unsigned long']],
+} ],
+  '_TRIAGE_EX_WORK_QUEUE' : [ 0x19c, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+} ],
+  '_VF_BTS_RECORD' : [ 0xc, {
+    'JumpedFrom' : [ 0x0, ['pointer', ['void']]],
+    'JumpedTo' : [ 0x4, ['pointer', ['void']]],
+    'Unused1' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Predicted' : [ 0x8, ['BitField', dict(start_bit = 3, end_bit = 7, native_type='unsigned long')]],
+    'Unused2' : [ 0x8, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_RETPOLINE_RELOCATION_INFORMATION' : [ 0x24, {
+    'BinaryInfo' : [ 0x0, ['_RTL_RETPOLINE_BINARY_INFO']],
+    'RelocationBuffer' : [ 0x1c, ['pointer', ['void']]],
+    'Index' : [ 0x20, ['array', 1, ['pointer', ['_RTL_RETPOLINE_RELOCATION_INDEX']]]],
+} ],
+  '_PROCESSOR_IDLE_CONSTRAINTS' : [ 0x30, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'IdleTime' : [ 0x8, ['unsigned long long']],
+    'ExpectedIdleDuration' : [ 0x10, ['unsigned long long']],
+    'MaxIdleDuration' : [ 0x18, ['unsigned long long']],
+    'OverrideState' : [ 0x20, ['unsigned long']],
+    'TimeCheck' : [ 0x24, ['unsigned long']],
+    'PromotePercent' : [ 0x28, ['unsigned char']],
+    'DemotePercent' : [ 0x29, ['unsigned char']],
+    'Parked' : [ 0x2a, ['unsigned char']],
+    'Interruptible' : [ 0x2b, ['unsigned char']],
+    'PlatformIdle' : [ 0x2c, ['unsigned char']],
+    'ExpectedWakeReason' : [ 0x2d, ['unsigned char']],
+    'IdleStateMax' : [ 0x2e, ['unsigned char']],
+} ],
+  '_ALPC_PORT_ATTRIBUTES' : [ 0x2c, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'SecurityQos' : [ 0x4, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'MaxMessageLength' : [ 0x10, ['unsigned long']],
+    'MemoryBandwidth' : [ 0x14, ['unsigned long']],
+    'MaxPoolUsage' : [ 0x18, ['unsigned long']],
+    'MaxSectionSize' : [ 0x1c, ['unsigned long']],
+    'MaxViewSize' : [ 0x20, ['unsigned long']],
+    'MaxTotalSectionSize' : [ 0x24, ['unsigned long']],
+    'DupObjectTypes' : [ 0x28, ['unsigned long']],
+} ],
+  '_THREAD_ENERGY_VALUES' : [ 0xc8, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'AttributedCycles' : [ 0x40, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0x80, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'CpuTimeline' : [ 0xc0, ['_TIMELINE_BITMAP']],
+} ],
+  '_WHEAP_WORK_QUEUE' : [ 0x44, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'ListLock' : [ 0x8, ['unsigned long']],
+    'ItemCount' : [ 0xc, ['long']],
+    'Dpc' : [ 0x10, ['_KDPC']],
+    'WorkItem' : [ 0x30, ['_WORK_QUEUE_ITEM']],
+    'WorkRoutine' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_EXCEPTION_RECORD' : [ 0x50, {
+    'ExceptionCode' : [ 0x0, ['long']],
+    'ExceptionFlags' : [ 0x4, ['unsigned long']],
+    'ExceptionRecord' : [ 0x8, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ExceptionAddress' : [ 0xc, ['pointer', ['void']]],
+    'NumberParameters' : [ 0x10, ['unsigned long']],
+    'ExceptionInformation' : [ 0x14, ['array', 15, ['unsigned long']]],
+} ],
+  '_RTL_RUN_ONCE' : [ 0x4, {
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_CM_PATH_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_24cd' : [ 0x4, {
+    'PageAlignLargeAllocs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FullDecommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EnableDelayFree' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_RTL_HP_VS_CONFIG' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_24cd']],
+} ],
+  '_EXHANDLE' : [ 0x4, {
+    'TagBits' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Index' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'GenericHandleOverlay' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+} ],
+  '_COUNTER_READING' : [ 0x18, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PMCCounter', 1: u'MaxHardwareCounterType'})]],
+    'Index' : [ 0x4, ['unsigned long']],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'Total' : [ 0x10, ['unsigned long long']],
+} ],
+  '_SECURITY_DESCRIPTOR' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+    'Group' : [ 0x8, ['pointer', ['void']]],
+    'Sacl' : [ 0xc, ['pointer', ['_ACL']]],
+    'Dacl' : [ 0x10, ['pointer', ['_ACL']]],
+} ],
+  '_PNP_DEVICE_EVENT_LIST' : [ 0x4c, {
+    'Status' : [ 0x0, ['long']],
+    'EventQueueMutex' : [ 0x4, ['_KMUTANT']],
+    'Lock' : [ 0x24, ['_FAST_MUTEX']],
+    'List' : [ 0x44, ['_LIST_ENTRY']],
+} ],
+  '_PO_DEVICE_NOTIFY' : [ 0x3c, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'PowerChildren' : [ 0x8, ['_LIST_ENTRY']],
+    'PowerParents' : [ 0x10, ['_LIST_ENTRY']],
+    'TargetDevice' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'OrderLevel' : [ 0x1c, ['unsigned char']],
+    'DeviceObject' : [ 0x20, ['pointer', ['_DEVICE_OBJECT']]],
+    'DeviceName' : [ 0x24, ['pointer', ['wchar']]],
+    'DriverName' : [ 0x28, ['pointer', ['wchar']]],
+    'ChildCount' : [ 0x2c, ['unsigned long']],
+    'ActiveChild' : [ 0x30, ['unsigned long']],
+    'ParentCount' : [ 0x34, ['unsigned long']],
+    'ActiveParent' : [ 0x38, ['unsigned long']],
+} ],
+  '_DUAL' : [ 0x19c, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Map' : [ 0x4, ['pointer', ['_HMAP_DIRECTORY']]],
+    'SmallDir' : [ 0x8, ['pointer', ['_HMAP_TABLE']]],
+    'Guard' : [ 0xc, ['unsigned long']],
+    'FreeDisplay' : [ 0x10, ['array', 24, ['_FREE_DISPLAY']]],
+    'FreeBins' : [ 0x190, ['_LIST_ENTRY']],
+    'FreeSummary' : [ 0x198, ['unsigned long']],
+} ],
+  '_REQUEST_MAILBOX' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_REQUEST_MAILBOX']]],
+    'RequestSummary' : [ 0x4, ['unsigned long']],
+    'RequestPacket' : [ 0x8, ['_KREQUEST_PACKET']],
+    'NodeTargetCountAddr' : [ 0x18, ['pointer', ['long']]],
+    'NodeTargetCount' : [ 0x1c, ['long']],
+} ],
+  '_ACTIVATION_CONTEXT_STACK' : [ 0x18, {
+    'ActiveFrame' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'FrameListCache' : [ 0x4, ['_LIST_ENTRY']],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x10, ['unsigned long']],
+    'StackId' : [ 0x14, ['unsigned long']],
+} ],
+  'CMP_OFFSET_ARRAY' : [ 0xc, {
+    'FileOffset' : [ 0x0, ['unsigned long']],
+    'DataBuffer' : [ 0x4, ['pointer', ['void']]],
+    'DataLength' : [ 0x8, ['unsigned long']],
+} ],
+  '_FAST_ERESOURCE' : [ 0x38, {
+    'Reserved1' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'Reserved3' : [ 0x10, ['array', 4, ['pointer', ['void']]]],
+    'Reserved4' : [ 0x20, ['array', 4, ['unsigned long']]],
+    'Reserved6' : [ 0x30, ['array', 2, ['pointer', ['void']]]],
+} ],
+  '_KEXECUTE_OPTIONS' : [ 0x1, {
+    'ExecuteDisable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ExecuteEnable' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DisableThunkEmulation' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Permanent' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ExecuteDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ImageDispatchEnable' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'DisableExceptionChainValidation' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'ExecuteOptions' : [ 0x0, ['unsigned char']],
+    'ExecuteOptionsNV' : [ 0x0, ['unsigned char']],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_QUEUE' : [ 0x8, {
+    'DispatchedList' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_HEAP_STOP_ON_VALUES' : [ 0x18, {
+    'AllocAddress' : [ 0x0, ['unsigned long']],
+    'AllocTag' : [ 0x4, ['_HEAP_STOP_ON_TAG']],
+    'ReAllocAddress' : [ 0x8, ['unsigned long']],
+    'ReAllocTag' : [ 0xc, ['_HEAP_STOP_ON_TAG']],
+    'FreeAddress' : [ 0x10, ['unsigned long']],
+    'FreeTag' : [ 0x14, ['_HEAP_STOP_ON_TAG']],
+} ],
+  '_SEP_RM_LSA_CONNECTION_STATE' : [ 0x30, {
+    'LsaProcessHandle' : [ 0x0, ['pointer', ['void']]],
+    'LsaCommandPortHandle' : [ 0x4, ['pointer', ['void']]],
+    'SepRmThreadHandle' : [ 0x8, ['pointer', ['void']]],
+    'RmCommandPortHandle' : [ 0xc, ['pointer', ['void']]],
+    'RmCommandServerPortHandle' : [ 0x10, ['pointer', ['void']]],
+    'LsaCommandPortSectionHandle' : [ 0x14, ['pointer', ['void']]],
+    'LsaCommandPortSectionSize' : [ 0x18, ['_LARGE_INTEGER']],
+    'LsaViewPortMemory' : [ 0x20, ['pointer', ['void']]],
+    'RmViewPortMemory' : [ 0x24, ['pointer', ['void']]],
+    'LsaCommandPortMemoryDelta' : [ 0x28, ['long']],
+    'LsaCommandPortActive' : [ 0x2c, ['unsigned char']],
+} ],
+  '_MM_GRAPHICS_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'WriteWatch' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'FixedLargePageSize' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ZeroFillPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'GraphicsAlwaysSet' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'GraphicsUseCoherentBus' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'GraphicsNoCache' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'GraphicsPageProtection' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 30, native_type='unsigned long')]],
+} ],
+  '_KTIMER_TABLE_STATE' : [ 0x10, {
+    'LastTimerExpiration' : [ 0x0, ['array', 1, ['unsigned long long']]],
+    'LastTimerHand' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_CM_KCB_LAYER_INFO' : [ 0x18, {
+    'LayerListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Kcb' : [ 0x8, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'LowerLayer' : [ 0xc, ['pointer', ['_CM_KCB_LAYER_INFO']]],
+    'UpperLayerListHead' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_CM_RM' : [ 0x58, {
+    'RmListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'TransactionListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'TmHandle' : [ 0x10, ['pointer', ['void']]],
+    'Tm' : [ 0x14, ['pointer', ['void']]],
+    'RmHandle' : [ 0x18, ['pointer', ['void']]],
+    'KtmRm' : [ 0x1c, ['pointer', ['void']]],
+    'RefCount' : [ 0x20, ['unsigned long']],
+    'ContainerNum' : [ 0x24, ['unsigned long']],
+    'ContainerSize' : [ 0x28, ['unsigned long long']],
+    'CmHive' : [ 0x30, ['pointer', ['_CMHIVE']]],
+    'LogFileObject' : [ 0x34, ['pointer', ['void']]],
+    'MarshallingContext' : [ 0x38, ['pointer', ['void']]],
+    'RmFlags' : [ 0x3c, ['unsigned long']],
+    'LogStartStatus1' : [ 0x40, ['long']],
+    'LogStartStatus2' : [ 0x44, ['long']],
+    'BaseLsn' : [ 0x48, ['unsigned long long']],
+    'RmLock' : [ 0x50, ['pointer', ['_ERESOURCE']]],
+} ],
+  '_MMWORKING_SET_EXPANSION_HEAD' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_SECURITY_QUALITY_OF_SERVICE' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'ImpersonationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'ContextTrackingMode' : [ 0x8, ['unsigned char']],
+    'EffectiveOnly' : [ 0x9, ['unsigned char']],
+} ],
+  '_MM_PAGED_POOL_INFO' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'AllocatedPagedPool' : [ 0x8, ['unsigned long']],
+} ],
+  '_PPM_IDLE_STATE' : [ 0x44, {
+    'DomainMembers' : [ 0x0, ['_KAFFINITY_EX']],
+    'Name' : [ 0xc, ['_UNICODE_STRING']],
+    'Latency' : [ 0x14, ['unsigned long']],
+    'BreakEvenDuration' : [ 0x18, ['unsigned long']],
+    'Power' : [ 0x1c, ['unsigned long']],
+    'StateFlags' : [ 0x20, ['unsigned long']],
+    'VetoAccounting' : [ 0x24, ['_PPM_VETO_ACCOUNTING']],
+    'StateType' : [ 0x3c, ['unsigned char']],
+    'InterruptsEnabled' : [ 0x3d, ['unsigned char']],
+    'Interruptible' : [ 0x3e, ['unsigned char']],
+    'ContextRetained' : [ 0x3f, ['unsigned char']],
+    'CacheCoherent' : [ 0x40, ['unsigned char']],
+    'WakesSpuriously' : [ 0x41, ['unsigned char']],
+    'PlatformOnly' : [ 0x42, ['unsigned char']],
+    'NoCState' : [ 0x43, ['unsigned char']],
+} ],
+  '_CLIENT_ID32' : [ 0x8, {
+    'UniqueProcess' : [ 0x0, ['unsigned long']],
+    'UniqueThread' : [ 0x4, ['unsigned long']],
+} ],
+  '_EX_HEAP_SESSION_STATE' : [ 0x1c80, {
+    'HeapManager' : [ 0x0, ['_RTLP_HP_HEAP_MANAGER']],
+    'PagedEnv' : [ 0x1c70, ['RTL_HP_ENV_HANDLE']],
+    'PagedHeap' : [ 0x1c78, ['pointer', ['_SEGMENT_HEAP']]],
+    'SpecialPoolHeap' : [ 0x1c7c, ['pointer', ['_SEGMENT_HEAP']]],
+} ],
+  '_ARMCE_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2522' : [ 0x4, {
+    'Import' : [ 0x0, ['_IMAGE_IMPORT_CONTROL_TRANSFER_DYNAMIC_RELOCATION']],
+    'Indir' : [ 0x0, ['_IMAGE_INDIR_CONTROL_TRANSFER_DYNAMIC_RELOCATION']],
+    'SwitchJump' : [ 0x0, ['_IMAGE_SWITCHTABLE_BRANCH_DYNAMIC_RELOCATION']],
+} ],
+  '_RTL_RETPOLINE_RELOCATION_INDEX' : [ 0xc, {
+    'ImportRelocationSize' : [ 0x0, ['unsigned short']],
+    'IndirectRelocationSize' : [ 0x2, ['unsigned short']],
+    'SwitchJumpRelocationSize' : [ 0x4, ['unsigned short']],
+    'StraddleType' : [ 0x6, ['unsigned short']],
+    'StraddleReloc' : [ 0x8, ['__unnamed_2522']],
+} ],
+  '_GDI_TEB_BATCH32' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '__unnamed_252b' : [ 0x4, {
+    'MissedEtwRegistration' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsBootDriver' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_252d' : [ 0x4, {
+    'Flags' : [ 0x0, ['__unnamed_252b']],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_TARGET_VERIFIED_DRIVER_DATA' : [ 0xb8, {
+    'SuspectDriverEntry' : [ 0x0, ['pointer', ['_VF_SUSPECT_DRIVER_ENTRY']]],
+    'WMICallback' : [ 0x4, ['pointer', ['void']]],
+    'EtwHandlesListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'u1' : [ 0x10, ['__unnamed_252d']],
+    'Signature' : [ 0x14, ['unsigned long']],
+    'SeSigningLevel' : [ 0x18, ['unsigned char']],
+    'PoolPageHeaders' : [ 0x20, ['_SLIST_HEADER']],
+    'PoolTrackers' : [ 0x28, ['_SLIST_HEADER']],
+    'DifPluginData' : [ 0x30, ['pointer', ['pointer', ['void']]]],
+    'CurrentPagedPoolAllocations' : [ 0x34, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x38, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x3c, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'PagedBytes' : [ 0x44, ['unsigned long']],
+    'NonPagedBytes' : [ 0x48, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x4c, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x50, ['unsigned long']],
+    'RaiseIrqls' : [ 0x54, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x58, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0x5c, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x60, ['unsigned long']],
+    'AllocationsFailed' : [ 0x64, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x68, ['unsigned long']],
+    'LockedBytes' : [ 0x6c, ['unsigned long']],
+    'PeakLockedBytes' : [ 0x70, ['unsigned long']],
+    'MappedLockedBytes' : [ 0x74, ['unsigned long']],
+    'PeakMappedLockedBytes' : [ 0x78, ['unsigned long']],
+    'MappedIoSpaceBytes' : [ 0x7c, ['unsigned long']],
+    'PeakMappedIoSpaceBytes' : [ 0x80, ['unsigned long']],
+    'PagesForMdlBytes' : [ 0x84, ['unsigned long']],
+    'PeakPagesForMdlBytes' : [ 0x88, ['unsigned long']],
+    'ContiguousMemoryBytes' : [ 0x8c, ['unsigned long']],
+    'PeakContiguousMemoryBytes' : [ 0x90, ['unsigned long']],
+    'ContiguousMemoryListHead' : [ 0x94, ['_LIST_ENTRY']],
+    'ExecutePoolTypes' : [ 0x9c, ['unsigned long']],
+    'ExecutePageProtections' : [ 0xa0, ['unsigned long']],
+    'ExecutePageMappings' : [ 0xa4, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0xa8, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0xac, ['unsigned long']],
+    'IATInExecutableSection' : [ 0xb0, ['unsigned long']],
+} ],
+  '_SEP_LUID_TO_INDEX_MAP_ENTRY' : [ 0x28, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'Luid' : [ 0x10, ['unsigned long long']],
+    'IndexIntoGlobalSingletonTable' : [ 0x18, ['unsigned long long']],
+    'MarkedForDeletion' : [ 0x20, ['unsigned char']],
+} ],
+  '_MI_IMAGE_SECURITY_REFERENCE' : [ 0x1c, {
+    'ProtosNode' : [ 0x0, ['_MI_PROTOTYPE_PTES_NODE']],
+    'DynamicRelocations' : [ 0x10, ['pointer', ['void']]],
+    'SecurityContext' : [ 0x14, ['_IMAGE_SECURITY_CONTEXT']],
+    'StrongImageReference' : [ 0x18, ['unsigned long']],
+} ],
+  '_MEMORY_ALLOCATION_DESCRIPTOR' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'MemoryType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LoaderExceptionBlock', 1: u'LoaderSystemBlock', 2: u'LoaderFree', 3: u'LoaderBad', 4: u'LoaderLoadedProgram', 5: u'LoaderFirmwareTemporary', 6: u'LoaderFirmwarePermanent', 7: u'LoaderOsloaderHeap', 8: u'LoaderOsloaderStack', 9: u'LoaderSystemCode', 10: u'LoaderHalCode', 11: u'LoaderBootDriver', 12: u'LoaderConsoleInDriver', 13: u'LoaderConsoleOutDriver', 14: u'LoaderStartupDpcStack', 15: u'LoaderStartupKernelStack', 16: u'LoaderStartupPanicStack', 17: u'LoaderStartupPcrPage', 18: u'LoaderStartupPdrPage', 19: u'LoaderRegistryData', 20: u'LoaderMemoryData', 21: u'LoaderNlsData', 22: u'LoaderSpecialMemory', 23: u'LoaderBBTMemory', 24: u'LoaderZero', 25: u'LoaderXIPRom', 26: u'LoaderHALCachedMemory', 27: u'LoaderLargePageFiller', 28: u'LoaderErrorLogMemory', 29: u'LoaderVsmMemory', 30: u'LoaderFirmwareCode', 31: u'LoaderFirmwareData', 32: u'LoaderFirmwareReserved', 33: u'LoaderEnclaveMemory', 34: u'LoaderFirmwareKsr', 35: u'LoaderEnclaveKsr', 36: u'LoaderSkMemory', 37: u'LoaderSkFirmwareReserved', 38: u'LoaderIoSpaceMemoryZeroed', 39: u'LoaderIoSpaceMemoryFree', 40: u'LoaderIoSpaceMemoryKsr', 41: u'LoaderMaximum'})]],
+    'BasePage' : [ 0xc, ['unsigned long']],
+    'PageCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SYSTEM_POWER_POLICY' : [ 0xe8, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'PowerButton' : [ 0x4, ['POWER_ACTION_POLICY']],
+    'SleepButton' : [ 0x10, ['POWER_ACTION_POLICY']],
+    'LidClose' : [ 0x1c, ['POWER_ACTION_POLICY']],
+    'LidOpenWake' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Reserved' : [ 0x2c, ['unsigned long']],
+    'Idle' : [ 0x30, ['POWER_ACTION_POLICY']],
+    'IdleTimeout' : [ 0x3c, ['unsigned long']],
+    'IdleSensitivity' : [ 0x40, ['unsigned char']],
+    'DynamicThrottle' : [ 0x41, ['unsigned char']],
+    'Spare2' : [ 0x42, ['array', 2, ['unsigned char']]],
+    'MinSleep' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MaxSleep' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ReducedLatencySleep' : [ 0x4c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'WinLogonFlags' : [ 0x50, ['unsigned long']],
+    'Spare3' : [ 0x54, ['unsigned long']],
+    'DozeS4Timeout' : [ 0x58, ['unsigned long']],
+    'BroadcastCapacityResolution' : [ 0x5c, ['unsigned long']],
+    'DischargePolicy' : [ 0x60, ['array', 4, ['SYSTEM_POWER_LEVEL']]],
+    'VideoTimeout' : [ 0xc0, ['unsigned long']],
+    'VideoDimDisplay' : [ 0xc4, ['unsigned char']],
+    'VideoReserved' : [ 0xc8, ['array', 3, ['unsigned long']]],
+    'SpindownTimeout' : [ 0xd4, ['unsigned long']],
+    'OptimizeForPower' : [ 0xd8, ['unsigned char']],
+    'FanThrottleTolerance' : [ 0xd9, ['unsigned char']],
+    'ForcedThrottle' : [ 0xda, ['unsigned char']],
+    'MinThrottle' : [ 0xdb, ['unsigned char']],
+    'OverThrottled' : [ 0xdc, ['POWER_ACTION_POLICY']],
+} ],
+  '_OBP_SYSTEM_DOS_DEVICE_STATE' : [ 0x6c, {
+    'GlobalDeviceMap' : [ 0x0, ['unsigned long']],
+    'LocalDeviceCount' : [ 0x4, ['array', 26, ['unsigned long']]],
+} ],
+  '_RTL_BITMAP' : [ 0x8, {
+    'SizeOfBitMap' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['pointer', ['unsigned long']]],
+} ],
+  '_DELAY_ACK_FO' : [ 0xc, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OriginalFileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_WNF_SCOPE_MAP' : [ 0x58, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'SystemScopeInstance' : [ 0x4, ['pointer', ['_WNF_SCOPE_INSTANCE']]],
+    'MachineScopeInstance' : [ 0x8, ['pointer', ['_WNF_SCOPE_INSTANCE']]],
+    'PhysicalMachineScopeInstance' : [ 0xc, ['pointer', ['_WNF_SCOPE_INSTANCE']]],
+    'ByDataScope' : [ 0x10, ['array', 6, ['_WNF_SCOPE_MAP_ENTRY']]],
+} ],
+  '_CM_KEY_REFERENCE' : [ 0x8, {
+    'KeyCell' : [ 0x0, ['unsigned long']],
+    'KeyHive' : [ 0x4, ['pointer', ['_HHIVE']]],
+} ],
+  '_DISPATCHER_HEADER' : [ 0x10, {
+    'Lock' : [ 0x0, ['long']],
+    'LockNV' : [ 0x0, ['long']],
+    'Type' : [ 0x0, ['unsigned char']],
+    'Signalling' : [ 0x1, ['unsigned char']],
+    'Size' : [ 0x2, ['unsigned char']],
+    'Reserved1' : [ 0x3, ['unsigned char']],
+    'TimerType' : [ 0x0, ['unsigned char']],
+    'TimerControlFlags' : [ 0x1, ['unsigned char']],
+    'Absolute' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Wake' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'EncodedTolerableDelay' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'Hand' : [ 0x2, ['unsigned char']],
+    'TimerMiscFlags' : [ 0x3, ['unsigned char']],
+    'Index' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Processor' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Inserted' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Expired' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Timer2Type' : [ 0x0, ['unsigned char']],
+    'Timer2Flags' : [ 0x1, ['unsigned char']],
+    'Timer2Inserted' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Timer2Expiring' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Timer2CancelPending' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Timer2SetPending' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Timer2Running' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Timer2Disabled' : [ 0x1, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Timer2ReservedFlags' : [ 0x1, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Timer2ComponentId' : [ 0x2, ['unsigned char']],
+    'Timer2RelativeId' : [ 0x3, ['unsigned char']],
+    'QueueType' : [ 0x0, ['unsigned char']],
+    'QueueControlFlags' : [ 0x1, ['unsigned char']],
+    'Abandoned' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DisableIncrement' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'QueueReservedControlFlags' : [ 0x1, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'QueueSize' : [ 0x2, ['unsigned char']],
+    'QueueReserved' : [ 0x3, ['unsigned char']],
+    'ThreadType' : [ 0x0, ['unsigned char']],
+    'ThreadReserved' : [ 0x1, ['unsigned char']],
+    'ThreadControlFlags' : [ 0x2, ['unsigned char']],
+    'CycleProfiling' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'CounterProfiling' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupScheduling' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'AffinitySet' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Tagged' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'EnergyProfiling' : [ 0x2, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'SchedulerAssist' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Instrumented' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'DebugActive' : [ 0x3, ['unsigned char']],
+    'MutantType' : [ 0x0, ['unsigned char']],
+    'MutantSize' : [ 0x1, ['unsigned char']],
+    'DpcActive' : [ 0x2, ['unsigned char']],
+    'MutantReserved' : [ 0x3, ['unsigned char']],
+    'SignalState' : [ 0x4, ['long']],
+    'WaitListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PEBS_DS_SAVE_AREA' : [ 0xa0, {
+    'As32Bit' : [ 0x0, ['_PEBS_DS_SAVE_AREA32']],
+    'As64Bit' : [ 0x0, ['_PEBS_DS_SAVE_AREA64']],
+} ],
+  '_OB_HANDLE_REVOCATION_BLOCK' : [ 0x10, {
+    'RevocationInfos' : [ 0x0, ['_LIST_ENTRY']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'Rundown' : [ 0xc, ['_EX_RUNDOWN_REF']],
+} ],
+  '_DIRTY_PAGE_THRESHOLDS' : [ 0x28, {
+    'DirtyPageThreshold' : [ 0x0, ['unsigned long']],
+    'DirtyPageThresholdTop' : [ 0x4, ['unsigned long']],
+    'DirtyPageThresholdBottom' : [ 0x8, ['unsigned long']],
+    'DirtyPageTarget' : [ 0xc, ['unsigned long']],
+    'AggregateAvailablePages' : [ 0x10, ['unsigned long long']],
+    'AggregateDirtyPages' : [ 0x18, ['unsigned long long']],
+    'AvailableHistory' : [ 0x20, ['unsigned long']],
+} ],
+  '_LOCK_TRACKER' : [ 0x50, {
+    'LockTrackerNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Mdl' : [ 0xc, ['pointer', ['_MDL']]],
+    'StartVa' : [ 0x10, ['pointer', ['void']]],
+    'Count' : [ 0x14, ['unsigned long']],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Who' : [ 0x20, ['unsigned long']],
+    'Hash' : [ 0x24, ['unsigned long']],
+    'Page' : [ 0x28, ['unsigned long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'Process' : [ 0x4c, ['pointer', ['_EPROCESS']]],
+} ],
+  '_CONTEXT' : [ 0x2cc, {
+    'ContextFlags' : [ 0x0, ['unsigned long']],
+    'Dr0' : [ 0x4, ['unsigned long']],
+    'Dr1' : [ 0x8, ['unsigned long']],
+    'Dr2' : [ 0xc, ['unsigned long']],
+    'Dr3' : [ 0x10, ['unsigned long']],
+    'Dr6' : [ 0x14, ['unsigned long']],
+    'Dr7' : [ 0x18, ['unsigned long']],
+    'FloatSave' : [ 0x1c, ['_FLOATING_SAVE_AREA']],
+    'SegGs' : [ 0x8c, ['unsigned long']],
+    'SegFs' : [ 0x90, ['unsigned long']],
+    'SegEs' : [ 0x94, ['unsigned long']],
+    'SegDs' : [ 0x98, ['unsigned long']],
+    'Edi' : [ 0x9c, ['unsigned long']],
+    'Esi' : [ 0xa0, ['unsigned long']],
+    'Ebx' : [ 0xa4, ['unsigned long']],
+    'Edx' : [ 0xa8, ['unsigned long']],
+    'Ecx' : [ 0xac, ['unsigned long']],
+    'Eax' : [ 0xb0, ['unsigned long']],
+    'Ebp' : [ 0xb4, ['unsigned long']],
+    'Eip' : [ 0xb8, ['unsigned long']],
+    'SegCs' : [ 0xbc, ['unsigned long']],
+    'EFlags' : [ 0xc0, ['unsigned long']],
+    'Esp' : [ 0xc4, ['unsigned long']],
+    'SegSs' : [ 0xc8, ['unsigned long']],
+    'ExtendedRegisters' : [ 0xcc, ['array', 512, ['unsigned char']]],
+} ],
+  '_WHEA_GENERIC_ERROR_DESCRIPTOR' : [ 0x34, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned char']],
+    'Enabled' : [ 0x3, ['unsigned char']],
+    'ErrStatusBlockLength' : [ 0x4, ['unsigned long']],
+    'RelatedErrorSourceId' : [ 0x8, ['unsigned long']],
+    'ErrStatusAddressSpaceID' : [ 0xc, ['unsigned char']],
+    'ErrStatusAddressBitWidth' : [ 0xd, ['unsigned char']],
+    'ErrStatusAddressBitOffset' : [ 0xe, ['unsigned char']],
+    'ErrStatusAddressAccessSize' : [ 0xf, ['unsigned char']],
+    'ErrStatusAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'Notify' : [ 0x18, ['_WHEA_NOTIFICATION_DESCRIPTOR']],
+} ],
+  '_WNF_STATE_NAME_REGISTRATION' : [ 0xc, {
+    'MaxStateSize' : [ 0x0, ['unsigned long']],
+    'TypeId' : [ 0x4, ['pointer', ['_WNF_TYPE_ID']]],
+    'SecurityDescriptor' : [ 0x8, ['pointer', ['_SECURITY_DESCRIPTOR']]],
+} ],
+  '_HANDLE_TRACE_DEBUG_INFO' : [ 0x80, {
+    'RefCount' : [ 0x0, ['long']],
+    'TableSize' : [ 0x4, ['unsigned long']],
+    'BitMaskFlags' : [ 0x8, ['unsigned long']],
+    'CloseCompactionLock' : [ 0xc, ['_FAST_MUTEX']],
+    'CurrentStackIndex' : [ 0x2c, ['unsigned long']],
+    'TraceDb' : [ 0x30, ['array', 1, ['_HANDLE_TRACE_DB_ENTRY']]],
+} ],
+  '_ALPC_HANDLE_TABLE' : [ 0x10, {
+    'Handles' : [ 0x0, ['pointer', ['_ALPC_HANDLE_ENTRY']]],
+    'TotalHandles' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Lock' : [ 0xc, ['_EX_PUSH_LOCK']],
+} ],
+  'HAL_PRIVATE_DISPATCH' : [ 0x258, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'HalHandlerForBus' : [ 0x4, ['pointer', ['void']]],
+    'HalHandlerForConfigSpace' : [ 0x8, ['pointer', ['void']]],
+    'HalLocateHiberRanges' : [ 0xc, ['pointer', ['void']]],
+    'HalRegisterBusHandler' : [ 0x10, ['pointer', ['void']]],
+    'HalSetWakeEnable' : [ 0x14, ['pointer', ['void']]],
+    'HalSetWakeAlarm' : [ 0x18, ['pointer', ['void']]],
+    'HalPciTranslateBusAddress' : [ 0x1c, ['pointer', ['void']]],
+    'HalPciAssignSlotResources' : [ 0x20, ['pointer', ['void']]],
+    'HalHaltSystem' : [ 0x24, ['pointer', ['void']]],
+    'HalFindBusAddressTranslation' : [ 0x28, ['pointer', ['void']]],
+    'HalResetDisplay' : [ 0x2c, ['pointer', ['void']]],
+    'HalAllocateMapRegisters' : [ 0x30, ['pointer', ['void']]],
+    'KdSetupPciDeviceForDebugging' : [ 0x34, ['pointer', ['void']]],
+    'KdReleasePciDeviceForDebugging' : [ 0x38, ['pointer', ['void']]],
+    'KdGetAcpiTablePhase0' : [ 0x3c, ['pointer', ['void']]],
+    'KdCheckPowerButton' : [ 0x40, ['pointer', ['void']]],
+    'HalVectorToIDTEntry' : [ 0x44, ['pointer', ['void']]],
+    'KdMapPhysicalMemory64' : [ 0x48, ['pointer', ['void']]],
+    'KdUnmapVirtualAddress' : [ 0x4c, ['pointer', ['void']]],
+    'KdGetPciDataByOffset' : [ 0x50, ['pointer', ['void']]],
+    'KdSetPciDataByOffset' : [ 0x54, ['pointer', ['void']]],
+    'HalGetInterruptVectorOverride' : [ 0x58, ['pointer', ['void']]],
+    'HalGetVectorInputOverride' : [ 0x5c, ['pointer', ['void']]],
+    'HalLoadMicrocode' : [ 0x60, ['pointer', ['void']]],
+    'HalUnloadMicrocode' : [ 0x64, ['pointer', ['void']]],
+    'HalPostMicrocodeUpdate' : [ 0x68, ['pointer', ['void']]],
+    'HalAllocateMessageTargetOverride' : [ 0x6c, ['pointer', ['void']]],
+    'HalFreeMessageTargetOverride' : [ 0x70, ['pointer', ['void']]],
+    'HalDpReplaceBegin' : [ 0x74, ['pointer', ['void']]],
+    'HalDpReplaceTarget' : [ 0x78, ['pointer', ['void']]],
+    'HalDpReplaceControl' : [ 0x7c, ['pointer', ['void']]],
+    'HalDpReplaceEnd' : [ 0x80, ['pointer', ['void']]],
+    'HalPrepareForBugcheck' : [ 0x84, ['pointer', ['void']]],
+    'HalQueryWakeTime' : [ 0x88, ['pointer', ['void']]],
+    'HalReportIdleStateUsage' : [ 0x8c, ['pointer', ['void']]],
+    'HalTscSynchronization' : [ 0x90, ['pointer', ['void']]],
+    'HalWheaInitProcessorGenericSection' : [ 0x94, ['pointer', ['void']]],
+    'HalStopLegacyUsbInterrupts' : [ 0x98, ['pointer', ['void']]],
+    'HalReadWheaPhysicalMemory' : [ 0x9c, ['pointer', ['void']]],
+    'HalWriteWheaPhysicalMemory' : [ 0xa0, ['pointer', ['void']]],
+    'HalDpMaskLevelTriggeredInterrupts' : [ 0xa4, ['pointer', ['void']]],
+    'HalDpUnmaskLevelTriggeredInterrupts' : [ 0xa8, ['pointer', ['void']]],
+    'HalDpGetInterruptReplayState' : [ 0xac, ['pointer', ['void']]],
+    'HalDpReplayInterrupts' : [ 0xb0, ['pointer', ['void']]],
+    'HalQueryIoPortAccessSupported' : [ 0xb4, ['pointer', ['void']]],
+    'KdSetupIntegratedDeviceForDebugging' : [ 0xb8, ['pointer', ['void']]],
+    'KdReleaseIntegratedDeviceForDebugging' : [ 0xbc, ['pointer', ['void']]],
+    'HalGetEnlightenmentInformation' : [ 0xc0, ['pointer', ['void']]],
+    'HalAllocateEarlyPages' : [ 0xc4, ['pointer', ['void']]],
+    'HalMapEarlyPages' : [ 0xc8, ['pointer', ['void']]],
+    'Dummy1' : [ 0xcc, ['pointer', ['void']]],
+    'Dummy2' : [ 0xd0, ['pointer', ['void']]],
+    'HalNotifyProcessorFreeze' : [ 0xd4, ['pointer', ['void']]],
+    'HalPrepareProcessorForIdle' : [ 0xd8, ['pointer', ['void']]],
+    'HalRegisterLogRoutine' : [ 0xdc, ['pointer', ['void']]],
+    'HalResumeProcessorFromIdle' : [ 0xe0, ['pointer', ['void']]],
+    'Dummy' : [ 0xe4, ['pointer', ['void']]],
+    'HalVectorToIDTEntryEx' : [ 0xe8, ['pointer', ['void']]],
+    'HalSecondaryInterruptQueryPrimaryInformation' : [ 0xec, ['pointer', ['void']]],
+    'HalMaskInterrupt' : [ 0xf0, ['pointer', ['void']]],
+    'HalUnmaskInterrupt' : [ 0xf4, ['pointer', ['void']]],
+    'HalIsInterruptTypeSecondary' : [ 0xf8, ['pointer', ['void']]],
+    'HalAllocateGsivForSecondaryInterrupt' : [ 0xfc, ['pointer', ['void']]],
+    'HalAddInterruptRemapping' : [ 0x100, ['pointer', ['void']]],
+    'HalRemoveInterruptRemapping' : [ 0x104, ['pointer', ['void']]],
+    'HalSaveAndDisableHvEnlightenment' : [ 0x108, ['pointer', ['void']]],
+    'HalRestoreHvEnlightenment' : [ 0x10c, ['pointer', ['void']]],
+    'HalFlushIoBuffersExternalCache' : [ 0x110, ['pointer', ['void']]],
+    'HalFlushExternalCache' : [ 0x114, ['pointer', ['void']]],
+    'HalPciEarlyRestore' : [ 0x118, ['pointer', ['void']]],
+    'HalGetProcessorId' : [ 0x11c, ['pointer', ['void']]],
+    'HalAllocatePmcCounterSet' : [ 0x120, ['pointer', ['void']]],
+    'HalCollectPmcCounters' : [ 0x124, ['pointer', ['void']]],
+    'HalFreePmcCounterSet' : [ 0x128, ['pointer', ['void']]],
+    'HalProcessorHalt' : [ 0x12c, ['pointer', ['void']]],
+    'HalTimerQueryCycleCounter' : [ 0x130, ['pointer', ['void']]],
+    'Dummy3' : [ 0x134, ['pointer', ['void']]],
+    'HalPciMarkHiberPhase' : [ 0x138, ['pointer', ['void']]],
+    'HalQueryProcessorRestartEntryPoint' : [ 0x13c, ['pointer', ['void']]],
+    'HalRequestInterrupt' : [ 0x140, ['pointer', ['void']]],
+    'HalEnumerateUnmaskedInterrupts' : [ 0x144, ['pointer', ['void']]],
+    'HalFlushAndInvalidatePageExternalCache' : [ 0x148, ['pointer', ['void']]],
+    'KdEnumerateDebuggingDevices' : [ 0x14c, ['pointer', ['void']]],
+    'HalFlushIoRectangleExternalCache' : [ 0x150, ['pointer', ['void']]],
+    'HalPowerEarlyRestore' : [ 0x154, ['pointer', ['void']]],
+    'HalQueryCapsuleCapabilities' : [ 0x158, ['pointer', ['void']]],
+    'HalUpdateCapsule' : [ 0x15c, ['pointer', ['void']]],
+    'HalPciMultiStageResumeCapable' : [ 0x160, ['pointer', ['void']]],
+    'HalDmaFreeCrashDumpRegisters' : [ 0x164, ['pointer', ['void']]],
+    'HalAcpiAoacCapable' : [ 0x168, ['pointer', ['void']]],
+    'HalInterruptSetDestination' : [ 0x16c, ['pointer', ['void']]],
+    'HalGetClockConfiguration' : [ 0x170, ['pointer', ['void']]],
+    'HalClockTimerActivate' : [ 0x174, ['pointer', ['void']]],
+    'HalClockTimerInitialize' : [ 0x178, ['pointer', ['void']]],
+    'HalClockTimerStop' : [ 0x17c, ['pointer', ['void']]],
+    'HalClockTimerArm' : [ 0x180, ['pointer', ['void']]],
+    'HalTimerOnlyClockInterruptPending' : [ 0x184, ['pointer', ['void']]],
+    'HalAcpiGetMultiNode' : [ 0x188, ['pointer', ['void']]],
+    'HalPowerSetRebootHandler' : [ 0x18c, ['pointer', ['void']]],
+    'HalIommuRegisterDispatchTable' : [ 0x190, ['pointer', ['void']]],
+    'HalTimerWatchdogStart' : [ 0x194, ['pointer', ['void']]],
+    'HalTimerWatchdogResetCountdown' : [ 0x198, ['pointer', ['void']]],
+    'HalTimerWatchdogStop' : [ 0x19c, ['pointer', ['void']]],
+    'HalTimerWatchdogGeneratedLastReset' : [ 0x1a0, ['pointer', ['void']]],
+    'HalTimerWatchdogTriggerSystemReset' : [ 0x1a4, ['pointer', ['void']]],
+    'HalInterruptVectorDataToGsiv' : [ 0x1a8, ['pointer', ['void']]],
+    'HalInterruptGetHighestPriorityInterrupt' : [ 0x1ac, ['pointer', ['void']]],
+    'HalProcessorOn' : [ 0x1b0, ['pointer', ['void']]],
+    'HalProcessorOff' : [ 0x1b4, ['pointer', ['void']]],
+    'HalProcessorFreeze' : [ 0x1b8, ['pointer', ['void']]],
+    'HalDmaLinkDeviceObjectByToken' : [ 0x1bc, ['pointer', ['void']]],
+    'HalDmaCheckAdapterToken' : [ 0x1c0, ['pointer', ['void']]],
+    'Dummy4' : [ 0x1c4, ['pointer', ['void']]],
+    'HalTimerConvertPerformanceCounterToAuxiliaryCounter' : [ 0x1c8, ['pointer', ['void']]],
+    'HalTimerConvertAuxiliaryCounterToPerformanceCounter' : [ 0x1cc, ['pointer', ['void']]],
+    'HalTimerQueryAuxiliaryCounterFrequency' : [ 0x1d0, ['pointer', ['void']]],
+    'HalConnectThermalInterrupt' : [ 0x1d4, ['pointer', ['void']]],
+    'HalIsEFIRuntimeActive' : [ 0x1d8, ['pointer', ['void']]],
+    'HalTimerQueryAndResetRtcErrors' : [ 0x1dc, ['pointer', ['void']]],
+    'HalAcpiLateRestore' : [ 0x1e0, ['pointer', ['void']]],
+    'KdWatchdogDelayExpiration' : [ 0x1e4, ['pointer', ['void']]],
+    'HalGetProcessorStats' : [ 0x1e8, ['pointer', ['void']]],
+    'HalTimerWatchdogQueryDueTime' : [ 0x1ec, ['pointer', ['void']]],
+    'HalConnectSyntheticInterrupt' : [ 0x1f0, ['pointer', ['void']]],
+    'HalPreprocessNmi' : [ 0x1f4, ['pointer', ['void']]],
+    'HalEnumerateEnvironmentVariablesWithFilter' : [ 0x1f8, ['pointer', ['void']]],
+    'HalCaptureLastBranchRecordStack' : [ 0x1fc, ['pointer', ['void']]],
+    'HalClearLastBranchRecordStack' : [ 0x200, ['pointer', ['void']]],
+    'HalConfigureLastBranchRecord' : [ 0x204, ['pointer', ['void']]],
+    'HalGetLastBranchInformation' : [ 0x208, ['pointer', ['void']]],
+    'HalResumeLastBranchRecord' : [ 0x20c, ['pointer', ['void']]],
+    'HalStartLastBranchRecord' : [ 0x210, ['pointer', ['void']]],
+    'HalStopLastBranchRecord' : [ 0x214, ['pointer', ['void']]],
+    'HalIommuBlockDevice' : [ 0x218, ['pointer', ['void']]],
+    'HalIommuUnblockDevice' : [ 0x21c, ['pointer', ['void']]],
+    'HalGetIommuInterface' : [ 0x220, ['pointer', ['void']]],
+    'HalRequestGenericErrorRecovery' : [ 0x224, ['pointer', ['void']]],
+    'HalTimerQueryHostPerformanceCounter' : [ 0x228, ['pointer', ['void']]],
+    'HalTopologyQueryProcessorRelationships' : [ 0x22c, ['pointer', ['void']]],
+    'HalInitPlatformDebugTriggers' : [ 0x230, ['pointer', ['void']]],
+    'HalRunPlatformDebugTriggers' : [ 0x234, ['pointer', ['void']]],
+    'HalTimerGetReferencePage' : [ 0x238, ['pointer', ['void']]],
+    'HalGetHiddenProcessorPowerInterface' : [ 0x23c, ['pointer', ['void']]],
+    'HalGetHiddenProcessorPackageId' : [ 0x240, ['pointer', ['void']]],
+    'HalGetHiddenPackageProcessorCount' : [ 0x244, ['pointer', ['void']]],
+    'HalGetHiddenProcessorApicIdByIndex' : [ 0x248, ['pointer', ['void']]],
+    'HalRegisterHiddenProcessorIdleState' : [ 0x24c, ['pointer', ['void']]],
+    'HalIommuReportIommuFault' : [ 0x250, ['pointer', ['void']]],
+    'HalIommuDmaRemappingCapable' : [ 0x254, ['pointer', ['void']]],
+} ],
+  '_PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS' : [ 0x1, {
+    'Trustlet' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Ntos' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'WriteHandle' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ReadHandle' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'AccessRights' : [ 0x0, ['unsigned char']],
+} ],
+  '_WNF_STATE_DATA' : [ 0x10, {
+    'Header' : [ 0x0, ['_WNF_NODE_HEADER']],
+    'AllocatedSize' : [ 0x4, ['unsigned long']],
+    'DataSize' : [ 0x8, ['unsigned long']],
+    'ChangeStamp' : [ 0xc, ['unsigned long']],
+} ],
+  '_KREQUEST_PACKET' : [ 0x10, {
+    'CurrentPacket' : [ 0x0, ['array', 3, ['pointer', ['void']]]],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_PS_PROCESS_WAKE_INFORMATION' : [ 0x30, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long']]],
+    'WakeFilter' : [ 0x24, ['_JOBOBJECT_WAKE_FILTER']],
+    'NoWakeCounter' : [ 0x2c, ['unsigned long']],
+} ],
+  '_HBASE_BLOCK' : [ 0x1000, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Sequence1' : [ 0x4, ['unsigned long']],
+    'Sequence2' : [ 0x8, ['unsigned long']],
+    'TimeStamp' : [ 0xc, ['_LARGE_INTEGER']],
+    'Major' : [ 0x14, ['unsigned long']],
+    'Minor' : [ 0x18, ['unsigned long']],
+    'Type' : [ 0x1c, ['unsigned long']],
+    'Format' : [ 0x20, ['unsigned long']],
+    'RootCell' : [ 0x24, ['unsigned long']],
+    'Length' : [ 0x28, ['unsigned long']],
+    'Cluster' : [ 0x2c, ['unsigned long']],
+    'FileName' : [ 0x30, ['array', 64, ['unsigned char']]],
+    'RmId' : [ 0x70, ['_GUID']],
+    'LogId' : [ 0x80, ['_GUID']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'TmId' : [ 0x94, ['_GUID']],
+    'GuidSignature' : [ 0xa4, ['unsigned long']],
+    'LastReorganizeTime' : [ 0xa8, ['unsigned long long']],
+    'Reserved1' : [ 0xb0, ['array', 83, ['unsigned long']]],
+    'CheckSum' : [ 0x1fc, ['unsigned long']],
+    'Reserved2' : [ 0x200, ['array', 882, ['unsigned long']]],
+    'ThawTmId' : [ 0xfc8, ['_GUID']],
+    'ThawRmId' : [ 0xfd8, ['_GUID']],
+    'ThawLogId' : [ 0xfe8, ['_GUID']],
+    'BootType' : [ 0xff8, ['unsigned long']],
+    'BootRecover' : [ 0xffc, ['unsigned long']],
+} ],
+  '__unnamed_26b1' : [ 0x4, {
+    'DeviceNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'FunctionNumber' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_26b3' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_26b1']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_PCI_SLOT_NUMBER' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_26b3']],
+} ],
+  '_PROCESS_ENERGY_VALUES' : [ 0x110, {
+    'Cycles' : [ 0x0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'DiskEnergy' : [ 0x40, ['unsigned long long']],
+    'NetworkTailEnergy' : [ 0x48, ['unsigned long long']],
+    'MBBTailEnergy' : [ 0x50, ['unsigned long long']],
+    'NetworkTxRxBytes' : [ 0x58, ['unsigned long long']],
+    'MBBTxRxBytes' : [ 0x60, ['unsigned long long']],
+    'Durations' : [ 0x68, ['array', 3, ['_ENERGY_STATE_DURATION']]],
+    'ForegroundDuration' : [ 0x68, ['_ENERGY_STATE_DURATION']],
+    'DesktopVisibleDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'PSMForegroundDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'CompositionRendered' : [ 0x80, ['unsigned long']],
+    'CompositionDirtyGenerated' : [ 0x84, ['unsigned long']],
+    'CompositionDirtyPropagated' : [ 0x88, ['unsigned long']],
+    'Reserved1' : [ 0x8c, ['unsigned long']],
+    'AttributedCycles' : [ 0x90, ['array', 4, ['array', 2, ['unsigned long long']]]],
+    'WorkOnBehalfCycles' : [ 0xd0, ['array', 4, ['array', 2, ['unsigned long long']]]],
+} ],
+  '_MMCLONE_HEADER' : [ 0x10, {
+    'NumberOfPtes' : [ 0x0, ['unsigned long']],
+    'NumberOfProcessReferences' : [ 0x4, ['unsigned long']],
+    'ClonePtes' : [ 0x8, ['pointer', ['_MMCLONE_BLOCK']]],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+} ],
+  '_MI_SYSTEM_INFORMATION' : [ 0x4e80, {
+    'Pools' : [ 0x0, ['_MI_POOL_STATE']],
+    'Sections' : [ 0x80, ['_MI_SECTION_STATE']],
+    'SystemImages' : [ 0x200, ['_MI_SYSTEM_IMAGE_STATE']],
+    'Sessions' : [ 0x264, ['_MI_SESSION_STATE']],
+    'Processes' : [ 0x12b0, ['_MI_PROCESS_STATE']],
+    'Hardware' : [ 0x1340, ['_MI_HARDWARE_STATE']],
+    'SystemVa' : [ 0x1480, ['_MI_SYSTEM_VA_STATE']],
+    'PageCombines' : [ 0x3bc0, ['_MI_COMBINE_STATE']],
+    'PageLists' : [ 0x3be0, ['_MI_PAGELIST_STATE']],
+    'Partitions' : [ 0x3bf8, ['_MI_PARTITION_STATE']],
+    'Shutdowns' : [ 0x3c30, ['_MI_SHUTDOWN_STATE']],
+    'Errors' : [ 0x3c78, ['_MI_ERROR_STATE']],
+    'AccessLog' : [ 0x3d40, ['_MI_ACCESS_LOG_STATE']],
+    'Debugger' : [ 0x3dc0, ['_MI_DEBUGGER_STATE']],
+    'Standby' : [ 0x3e50, ['_MI_STANDBY_STATE']],
+    'SystemPtes' : [ 0x3ec0, ['_MI_SYSTEM_PTE_STATE']],
+    'IoPages' : [ 0x4040, ['_MI_IO_PAGE_STATE']],
+    'PagingIo' : [ 0x4080, ['_MI_PAGING_IO_STATE']],
+    'CommonPages' : [ 0x40e0, ['_MI_COMMON_PAGE_STATE']],
+    'Trims' : [ 0x4140, ['_MI_SYSTEM_TRIM_STATE']],
+    'Enclaves' : [ 0x4180, ['_MI_ENCLAVE_STATE']],
+    'Cookie' : [ 0x41a4, ['unsigned long']],
+    'BootRegistryRuns' : [ 0x41a8, ['pointer', ['pointer', ['void']]]],
+    'ZeroingDisabled' : [ 0x41ac, ['long']],
+    'FullyInitialized' : [ 0x41b0, ['unsigned char']],
+    'SafeBooted' : [ 0x41b1, ['unsigned char']],
+    'PfnBitMap' : [ 0x41b4, ['_RTL_BITMAP']],
+    'TraceLogging' : [ 0x41bc, ['pointer', ['_tlgProvider_t']]],
+    'Vs' : [ 0x41c0, ['_MI_VISIBLE_STATE']],
+} ],
+  '_CMSI_RW_LOCK' : [ 0x4, {
+    'Reserved' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ETW_SILO_TRACING_BLOCK' : [ 0x40, {
+    'ProcessorBuffers' : [ 0x0, ['pointer', ['_EX_FAST_REF']]],
+    'EventsLoggedCount' : [ 0x4, ['pointer', ['unsigned long long']]],
+    'QpcDelta' : [ 0x8, ['pointer', ['long long']]],
+} ],
+  '_MI_VISIBLE_PARTITION' : [ 0xc00, {
+    'LowestPhysicalPage' : [ 0x0, ['unsigned long']],
+    'HighestPhysicalPage' : [ 0x4, ['unsigned long']],
+    'NumberOfPhysicalPages' : [ 0x8, ['unsigned long']],
+    'NumberOfPagingFiles' : [ 0xc, ['unsigned long']],
+    'SystemCacheInitialized' : [ 0x10, ['unsigned char']],
+    'PagingFile' : [ 0x14, ['array', 16, ['pointer', ['_MMPAGING_FILE']]]],
+    'AvailablePages' : [ 0x80, ['unsigned long']],
+    'ResidentAvailablePages' : [ 0xc0, ['unsigned long']],
+    'PartitionWs' : [ 0x100, ['array', 1, ['_MMSUPPORT_INSTANCE']]],
+    'PartitionWorkingSetLists' : [ 0x164, ['array', 1, ['_MMWSL_INSTANCE']]],
+    'TotalCommittedPages' : [ 0x17c, ['unsigned long']],
+    'ModifiedPageListHead' : [ 0x180, ['_MMPFNLIST']],
+    'ModifiedNoWritePageListHead' : [ 0x1c0, ['_MMPFNLIST']],
+    'TotalCommitLimit' : [ 0x1d4, ['unsigned long']],
+    'TotalPagesForPagingFile' : [ 0x1d8, ['unsigned long']],
+    'VadPhysicalPages' : [ 0x1dc, ['unsigned long']],
+    'ProcessLockedFilePages' : [ 0x1e0, ['unsigned long']],
+    'SharedCommit' : [ 0x1e4, ['unsigned long']],
+    'SlabAllocatorPages' : [ 0x1e8, ['unsigned long']],
+    'ChargeCommitmentFailures' : [ 0x1ec, ['array', 4, ['unsigned long']]],
+    'PageFileTraceIndex' : [ 0x1fc, ['long']],
+    'PageFileTraces' : [ 0x200, ['array', 32, ['_MI_PAGEFILE_TRACES']]],
+} ],
+  '_WHEA_XPF_MCE_DESCRIPTOR' : [ 0x398, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'NumberOfBanks' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['_XPF_MCE_FLAGS']],
+    'MCG_Capability' : [ 0x8, ['unsigned long long']],
+    'MCG_GlobalControl' : [ 0x10, ['unsigned long long']],
+    'Banks' : [ 0x18, ['array', 32, ['_WHEA_XPF_MC_BANK_DESCRIPTOR']]],
+} ],
+  '_WHEAP_ERROR_SOURCE_TABLE' : [ 0x24, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Count' : [ 0x4, ['long']],
+    'NextId' : [ 0x8, ['unsigned long']],
+    'Items' : [ 0xc, ['_LIST_ENTRY']],
+    'InsertLock' : [ 0x14, ['_KEVENT']],
+} ],
+  '_ETW_DECODE_CONTROL_ENTRY' : [ 0x28, {
+    'Next' : [ 0x0, ['pointer', ['_ETW_DECODE_CONTROL_ENTRY']]],
+    'Decode' : [ 0x4, ['_GUID']],
+    'Control' : [ 0x14, ['_GUID']],
+    'ConsumersNotified' : [ 0x24, ['unsigned char']],
+} ],
+  '__unnamed_26ef' : [ 0x4, {
+    'UserData' : [ 0x0, ['unsigned long']],
+    'Next' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_26f1' : [ 0x4, {
+    'u' : [ 0x0, ['__unnamed_26ef']],
+} ],
+  '__unnamed_26f3' : [ 0x4, {
+    'NewCell' : [ 0x0, ['__unnamed_26f1']],
+} ],
+  '_HCELL' : [ 0x8, {
+    'Size' : [ 0x0, ['long']],
+    'u' : [ 0x4, ['__unnamed_26f3']],
+} ],
+  '_HMAP_DIRECTORY' : [ 0x1000, {
+    'Directory' : [ 0x0, ['array', 1024, ['pointer', ['_HMAP_TABLE']]]],
+} ],
+  '__unnamed_26fb' : [ 0x2, {
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+    'AllowScaling' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Disabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned short')]],
+} ],
+  'PROCESSOR_IDLESTATE_POLICY' : [ 0x20, {
+    'Revision' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['__unnamed_26fb']],
+    'PolicyCount' : [ 0x4, ['unsigned long']],
+    'Policy' : [ 0x8, ['array', 3, ['PROCESSOR_IDLESTATE_INFO']]],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V1' : [ 0x8, {
+    'LogHandle' : [ 0x0, ['pointer', ['void']]],
+    'FlushToLsnRoutine' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_2706' : [ 0x4, {
+    'NodeSize' : [ 0x0, ['unsigned long']],
+    'UseLookaside' : [ 0x0, ['unsigned long']],
+} ],
+  '_VF_AVL_TREE' : [ 0x18, {
+    'NodeRangeSize' : [ 0x0, ['unsigned long']],
+    'NodeCount' : [ 0x4, ['unsigned long']],
+    'Tables' : [ 0x8, ['pointer', ['_VF_AVL_TABLE']]],
+    'TablesNo' : [ 0xc, ['unsigned long']],
+    'UseSessionId' : [ 0x10, ['unsigned char']],
+    'u1' : [ 0x14, ['__unnamed_2706']],
+} ],
+  '_IMAGE_FILE_HEADER' : [ 0x14, {
+    'Machine' : [ 0x0, ['unsigned short']],
+    'NumberOfSections' : [ 0x2, ['unsigned short']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'PointerToSymbolTable' : [ 0x8, ['unsigned long']],
+    'NumberOfSymbols' : [ 0xc, ['unsigned long']],
+    'SizeOfOptionalHeader' : [ 0x10, ['unsigned short']],
+    'Characteristics' : [ 0x12, ['unsigned short']],
+} ],
+  '_CACHE_MANAGER_CALLBACKS' : [ 0x10, {
+    'AcquireForLazyWrite' : [ 0x0, ['pointer', ['void']]],
+    'ReleaseFromLazyWrite' : [ 0x4, ['pointer', ['void']]],
+    'AcquireForReadAhead' : [ 0x8, ['pointer', ['void']]],
+    'ReleaseFromReadAhead' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_MMSUPPORT_FULL' : [ 0x100, {
+    'Instance' : [ 0x0, ['_MMSUPPORT_INSTANCE']],
+    'Shared' : [ 0x80, ['_MMSUPPORT_SHARED']],
+} ],
+  '_JOBOBJECT_WAKE_FILTER' : [ 0x8, {
+    'HighEdgeFilter' : [ 0x0, ['unsigned long']],
+    'LowEdgeFilter' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PROCESS_STATE' : [ 0x68, {
+    'SystemDllBase' : [ 0x0, ['pointer', ['void']]],
+    'ColorSeed' : [ 0x4, ['unsigned long']],
+    'RotatingUniprocessorNumber' : [ 0x8, ['long']],
+    'CriticalSectionTimeout' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProcessList' : [ 0x18, ['_LIST_ENTRY']],
+    'SharedUserDataPte' : [ 0x20, ['array', 2, ['pointer', ['_MMPTE']]]],
+    'HypervisorSharedVa' : [ 0x28, ['pointer', ['void']]],
+    'VadSecureCookie' : [ 0x2c, ['unsigned long']],
+    'PaeGroups' : [ 0x30, ['unsigned long']],
+    'FreePaeEntries' : [ 0x34, ['unsigned long']],
+    'FirstFreePae' : [ 0x38, ['_PAE_ENTRY']],
+    'AllocatedPaePages' : [ 0x58, ['long']],
+    'PaeLock' : [ 0x5c, ['unsigned long']],
+    'PaeEntrySList' : [ 0x60, ['_SLIST_HEADER']],
+} ],
+  '_KIDTENTRY' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned short']],
+    'Selector' : [ 0x2, ['unsigned short']],
+    'Access' : [ 0x4, ['unsigned short']],
+    'ExtendedOffset' : [ 0x6, ['unsigned short']],
+} ],
+  '_IO_TIMER' : [ 0x18, {
+    'Type' : [ 0x0, ['short']],
+    'TimerFlag' : [ 0x2, ['short']],
+    'TimerList' : [ 0x4, ['_LIST_ENTRY']],
+    'TimerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'DeviceObject' : [ 0x14, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_EXCEPTION_POINTERS' : [ 0x8, {
+    'ExceptionRecord' : [ 0x0, ['pointer', ['_EXCEPTION_RECORD']]],
+    'ContextRecord' : [ 0x4, ['pointer', ['_CONTEXT']]],
+} ],
+  '_PRIVATE_CACHE_MAP' : [ 0x68, {
+    'NodeTypeCode' : [ 0x0, ['short']],
+    'Flags' : [ 0x0, ['_PRIVATE_CACHE_MAP_FLAGS']],
+    'ReadAheadMask' : [ 0x4, ['unsigned long']],
+    'FileObject' : [ 0x8, ['pointer', ['_FILE_OBJECT']]],
+    'FileOffset1' : [ 0x10, ['_LARGE_INTEGER']],
+    'BeyondLastByte1' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileOffset2' : [ 0x20, ['_LARGE_INTEGER']],
+    'BeyondLastByte2' : [ 0x28, ['_LARGE_INTEGER']],
+    'SequentialReadCount' : [ 0x30, ['unsigned long']],
+    'ReadAheadLength' : [ 0x34, ['unsigned long']],
+    'ReadAheadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'ReadAheadBeyondLastByte' : [ 0x40, ['_LARGE_INTEGER']],
+    'PrevReadAheadBeyondLastByte' : [ 0x48, ['unsigned long long']],
+    'ReadAheadSpinLock' : [ 0x50, ['unsigned long']],
+    'PipelinedReadAheadRequestSize' : [ 0x54, ['unsigned long']],
+    'ReadAheadGrowth' : [ 0x58, ['unsigned long']],
+    'PrivateLinks' : [ 0x5c, ['_LIST_ENTRY']],
+    'ReadAheadWorkItem' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_ETW_GUID_ENTRY' : [ 0x178, {
+    'GuidList' : [ 0x0, ['_LIST_ENTRY']],
+    'SiloGuidList' : [ 0x8, ['_LIST_ENTRY']],
+    'RefCount' : [ 0x10, ['long']],
+    'Guid' : [ 0x14, ['_GUID']],
+    'RegListHead' : [ 0x24, ['_LIST_ENTRY']],
+    'SecurityDescriptor' : [ 0x2c, ['pointer', ['void']]],
+    'LastEnable' : [ 0x30, ['_ETW_LAST_ENABLE_INFO']],
+    'MatchId' : [ 0x30, ['unsigned long long']],
+    'ProviderEnableInfo' : [ 0x40, ['_TRACE_ENABLE_INFO']],
+    'EnableInfo' : [ 0x60, ['array', 8, ['_TRACE_ENABLE_INFO']]],
+    'FilterData' : [ 0x160, ['pointer', ['_ETW_FILTER_HEADER']]],
+    'SiloState' : [ 0x164, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+    'HostEntry' : [ 0x168, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'Lock' : [ 0x16c, ['_EX_PUSH_LOCK']],
+    'LockOwner' : [ 0x170, ['pointer', ['_ETHREAD']]],
+} ],
+  '_ARBITER_INSTANCE' : [ 0xac, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'MutexEvent' : [ 0x4, ['pointer', ['_KEVENT']]],
+    'Name' : [ 0x8, ['pointer', ['wchar']]],
+    'OrderingName' : [ 0xc, ['pointer', ['wchar']]],
+    'ResourceType' : [ 0x10, ['long']],
+    'Allocation' : [ 0x14, ['pointer', ['_RTL_RANGE_LIST']]],
+    'PossibleAllocation' : [ 0x18, ['pointer', ['_RTL_RANGE_LIST']]],
+    'OrderingList' : [ 0x1c, ['_ARBITER_ORDERING_LIST']],
+    'ReservedList' : [ 0x24, ['_ARBITER_ORDERING_LIST']],
+    'ReferenceCount' : [ 0x2c, ['long']],
+    'Interface' : [ 0x30, ['pointer', ['_ARBITER_INTERFACE']]],
+    'AllocationStackMaxSize' : [ 0x34, ['unsigned long']],
+    'AllocationStack' : [ 0x38, ['pointer', ['_ARBITER_ALLOCATION_STATE']]],
+    'UnpackRequirement' : [ 0x3c, ['pointer', ['void']]],
+    'PackResource' : [ 0x40, ['pointer', ['void']]],
+    'UnpackResource' : [ 0x44, ['pointer', ['void']]],
+    'ScoreRequirement' : [ 0x48, ['pointer', ['void']]],
+    'TestAllocation' : [ 0x4c, ['pointer', ['void']]],
+    'RetestAllocation' : [ 0x50, ['pointer', ['void']]],
+    'CommitAllocation' : [ 0x54, ['pointer', ['void']]],
+    'RollbackAllocation' : [ 0x58, ['pointer', ['void']]],
+    'BootAllocation' : [ 0x5c, ['pointer', ['void']]],
+    'QueryArbitrate' : [ 0x60, ['pointer', ['void']]],
+    'QueryConflict' : [ 0x64, ['pointer', ['void']]],
+    'AddReserved' : [ 0x68, ['pointer', ['void']]],
+    'StartArbiter' : [ 0x6c, ['pointer', ['void']]],
+    'PreprocessEntry' : [ 0x70, ['pointer', ['void']]],
+    'AllocateEntry' : [ 0x74, ['pointer', ['void']]],
+    'GetNextAllocationRange' : [ 0x78, ['pointer', ['void']]],
+    'FindSuitableRange' : [ 0x7c, ['pointer', ['void']]],
+    'AddAllocation' : [ 0x80, ['pointer', ['void']]],
+    'BacktrackAllocation' : [ 0x84, ['pointer', ['void']]],
+    'OverrideConflict' : [ 0x88, ['pointer', ['void']]],
+    'InitializeRangeList' : [ 0x8c, ['pointer', ['void']]],
+    'DeleteOwnerRanges' : [ 0x90, ['pointer', ['void']]],
+    'TransactionInProgress' : [ 0x94, ['unsigned char']],
+    'TransactionEvent' : [ 0x98, ['pointer', ['_KEVENT']]],
+    'Extension' : [ 0x9c, ['pointer', ['void']]],
+    'BusDeviceObject' : [ 0xa0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictCallbackContext' : [ 0xa4, ['pointer', ['void']]],
+    'ConflictCallback' : [ 0xa8, ['pointer', ['void']]],
+} ],
+  '_SECURITY_CLIENT_CONTEXT' : [ 0x3c, {
+    'SecurityQos' : [ 0x0, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'ClientToken' : [ 0xc, ['pointer', ['void']]],
+    'DirectlyAccessClientToken' : [ 0x10, ['unsigned char']],
+    'DirectAccessEffectiveOnly' : [ 0x11, ['unsigned char']],
+    'ServerIsRemote' : [ 0x12, ['unsigned char']],
+    'ClientTokenControl' : [ 0x14, ['_TOKEN_CONTROL']],
+} ],
+  '_VF_POOL_TRACE' : [ 0x40, {
+    'Address' : [ 0x0, ['pointer', ['void']]],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0xc, ['array', 13, ['pointer', ['void']]]],
+} ],
+  '_RTLP_HP_HEAP_GLOBALS' : [ 0x1c, {
+    'HeapKey' : [ 0x0, ['unsigned long']],
+    'LfhKey' : [ 0x4, ['unsigned long']],
+    'FailureInfo' : [ 0x8, ['pointer', ['_HEAP_FAILURE_INFORMATION']]],
+    'CommitLimitData' : [ 0xc, ['_RTL_HEAP_MEMORY_LIMIT_DATA']],
+} ],
+  '_MI_SYSTEM_IMAGE_STATE' : [ 0x64, {
+    'FixupList' : [ 0x0, ['_LIST_ENTRY']],
+    'LoadLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'LoadLockOwner' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'LoadLockCount' : [ 0x10, ['unsigned long']],
+    'FixupLock' : [ 0x14, ['long']],
+    'FirstLoadEver' : [ 0x18, ['unsigned char']],
+    'LargePageAll' : [ 0x19, ['unsigned char']],
+    'LastPage' : [ 0x1c, ['unsigned long']],
+    'LargePageList' : [ 0x20, ['_LIST_ENTRY']],
+    'StrongCodeLoadFailureList' : [ 0x28, ['_LIST_ENTRY']],
+    'SystemBase' : [ 0x30, ['array', 2, ['pointer', ['_KLDR_DATA_TABLE_ENTRY']]]],
+    'BeingDeleted' : [ 0x38, ['pointer', ['_KLDR_DATA_TABLE_ENTRY']]],
+    'MappingRangesPushLock' : [ 0x3c, ['_EX_PUSH_LOCK']],
+    'MappingRanges' : [ 0x40, ['array', 2, ['pointer', ['_MI_DRIVER_VA']]]],
+    'PageCount' : [ 0x48, ['unsigned long']],
+    'PageCounts' : [ 0x4c, ['_MM_SYSTEM_PAGE_COUNTS']],
+    'CollidedLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'ImageTree' : [ 0x60, ['_RTL_AVL_TREE']],
+} ],
+  '_MMPFNENTRY1' : [ 0x1, {
+    'PageLocation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'WriteInProgress' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Modified' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ReadInProgress' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'CacheAttribute' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_VI_FAULT_TRACE' : [ 0x24, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x4, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_NAMED_PIPE_CREATE_PARAMETERS' : [ 0x28, {
+    'NamedPipeType' : [ 0x0, ['unsigned long']],
+    'ReadMode' : [ 0x4, ['unsigned long']],
+    'CompletionMode' : [ 0x8, ['unsigned long']],
+    'MaximumInstances' : [ 0xc, ['unsigned long']],
+    'InboundQuota' : [ 0x10, ['unsigned long']],
+    'OutboundQuota' : [ 0x14, ['unsigned long']],
+    'DefaultTimeout' : [ 0x18, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x20, ['unsigned char']],
+} ],
+  '_ACL' : [ 0x8, {
+    'AclRevision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'AclSize' : [ 0x2, ['unsigned short']],
+    'AceCount' : [ 0x4, ['unsigned short']],
+    'Sbz2' : [ 0x6, ['unsigned short']],
+} ],
+  '_HEAP_VS_DELAY_FREE_CONTEXT' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_SLIST_HEADER']],
+} ],
+  '_PENDING_RELATIONS_LIST_ENTRY' : [ 0x44, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'WorkItem' : [ 0x8, ['_WORK_QUEUE_ITEM']],
+    'DeviceEvent' : [ 0x18, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'DeviceObject' : [ 0x1c, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationsList' : [ 0x20, ['pointer', ['_RELATION_LIST']]],
+    'EjectIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'Lock' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'IRPLOCK_CANCELABLE', 1: u'IRPLOCK_CANCEL_STARTED', 2: u'IRPLOCK_CANCEL_COMPLETE', 3: u'IRPLOCK_COMPLETED'})]],
+    'Problem' : [ 0x2c, ['unsigned long']],
+    'ProfileChangingEject' : [ 0x30, ['unsigned char']],
+    'DisplaySafeRemovalDialog' : [ 0x31, ['unsigned char']],
+    'LightestSleepState' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DockInterface' : [ 0x38, ['pointer', ['DOCK_INTERFACE']]],
+    'DequeuePending' : [ 0x3c, ['unsigned char']],
+    'DeleteType' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+} ],
+  '_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION' : [ 0x18, {
+    'SecurityAttributeCount' : [ 0x0, ['unsigned long']],
+    'SecurityAttributesList' : [ 0x4, ['_LIST_ENTRY']],
+    'WorkingSecurityAttributeCount' : [ 0xc, ['unsigned long']],
+    'WorkingSecurityAttributesList' : [ 0x10, ['_LIST_ENTRY']],
+} ],
+  '_WAIT_CONTEXT_BLOCK' : [ 0x28, {
+    'WaitQueueEntry' : [ 0x0, ['_KDEVICE_QUEUE_ENTRY']],
+    'DmaWaitEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'NumberOfChannels' : [ 0x8, ['unsigned long']],
+    'SyncCallback' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DmaContext' : [ 0xc, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ZeroMapRegisters' : [ 0xc, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0xc, ['BitField', dict(start_bit = 3, end_bit = 12, native_type='unsigned long')]],
+    'NumberOfRemapPages' : [ 0xc, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+    'DeviceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'DeviceContext' : [ 0x14, ['pointer', ['void']]],
+    'NumberOfMapRegisters' : [ 0x18, ['unsigned long']],
+    'DeviceObject' : [ 0x1c, ['pointer', ['void']]],
+    'CurrentIrp' : [ 0x20, ['pointer', ['void']]],
+    'BufferChainingDpc' : [ 0x24, ['pointer', ['_KDPC']]],
+} ],
+  'SYSTEM_POWER_CAPABILITIES' : [ 0x4c, {
+    'PowerButtonPresent' : [ 0x0, ['unsigned char']],
+    'SleepButtonPresent' : [ 0x1, ['unsigned char']],
+    'LidPresent' : [ 0x2, ['unsigned char']],
+    'SystemS1' : [ 0x3, ['unsigned char']],
+    'SystemS2' : [ 0x4, ['unsigned char']],
+    'SystemS3' : [ 0x5, ['unsigned char']],
+    'SystemS4' : [ 0x6, ['unsigned char']],
+    'SystemS5' : [ 0x7, ['unsigned char']],
+    'HiberFilePresent' : [ 0x8, ['unsigned char']],
+    'FullWake' : [ 0x9, ['unsigned char']],
+    'VideoDimPresent' : [ 0xa, ['unsigned char']],
+    'ApmPresent' : [ 0xb, ['unsigned char']],
+    'UpsPresent' : [ 0xc, ['unsigned char']],
+    'ThermalControl' : [ 0xd, ['unsigned char']],
+    'ProcessorThrottle' : [ 0xe, ['unsigned char']],
+    'ProcessorMinThrottle' : [ 0xf, ['unsigned char']],
+    'ProcessorMaxThrottle' : [ 0x10, ['unsigned char']],
+    'FastSystemS4' : [ 0x11, ['unsigned char']],
+    'Hiberboot' : [ 0x12, ['unsigned char']],
+    'WakeAlarmPresent' : [ 0x13, ['unsigned char']],
+    'AoAc' : [ 0x14, ['unsigned char']],
+    'DiskSpinDown' : [ 0x15, ['unsigned char']],
+    'HiberFileType' : [ 0x16, ['unsigned char']],
+    'AoAcConnectivitySupported' : [ 0x17, ['unsigned char']],
+    'spare3' : [ 0x18, ['array', 6, ['unsigned char']]],
+    'SystemBatteriesPresent' : [ 0x1e, ['unsigned char']],
+    'BatteriesAreShortTerm' : [ 0x1f, ['unsigned char']],
+    'BatteryScale' : [ 0x20, ['array', 3, ['BATTERY_REPORTING_SCALE']]],
+    'AcOnLineWake' : [ 0x38, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SoftLidWake' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'RtcWake' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'MinDeviceWakeState' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DefaultLowLatencyWake' : [ 0x48, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  '_KWAIT_CHAIN' : [ 0x4, {
+    'Head' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE' : [ 0x30, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'ActiveCount' : [ 0x8, ['unsigned long']],
+    'PendingNullCount' : [ 0xc, ['unsigned long']],
+    'PendingCheckCompletionListCount' : [ 0x10, ['unsigned long']],
+    'PendingDelete' : [ 0x14, ['unsigned long']],
+    'FreeListHead' : [ 0x18, ['_SINGLE_LIST_ENTRY']],
+    'CompletionPort' : [ 0x1c, ['pointer', ['void']]],
+    'CompletionKey' : [ 0x20, ['pointer', ['void']]],
+    'Entry' : [ 0x24, ['array', 1, ['_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY']]],
+} ],
+  '_VF_DRIVER_IO_CALLBACKS' : [ 0x80, {
+    'DriverInit' : [ 0x0, ['pointer', ['void']]],
+    'DriverStartIo' : [ 0x4, ['pointer', ['void']]],
+    'DriverUnload' : [ 0x8, ['pointer', ['void']]],
+    'AddDevice' : [ 0xc, ['pointer', ['void']]],
+    'MajorFunction' : [ 0x10, ['array', 28, ['pointer', ['void']]]],
+} ],
+  '_CM_UOW_SET_VALUE_KEY_DATA' : [ 0x10, {
+    'PreparedCell' : [ 0x0, ['unsigned long']],
+    'OldValueCell' : [ 0x4, ['unsigned long']],
+    'NameLength' : [ 0x8, ['unsigned short']],
+    'DataSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_PARTITION_STATE' : [ 0x38, {
+    'PartitionLock' : [ 0x0, ['unsigned long']],
+    'PartitionIdLock' : [ 0x4, ['_EX_PUSH_LOCK']],
+    'InitialPartitionIdBits' : [ 0x8, ['unsigned long long']],
+    'PartitionList' : [ 0x10, ['_LIST_ENTRY']],
+    'PartitionIdBitmap' : [ 0x18, ['pointer', ['_RTL_BITMAP']]],
+    'InitialPartitionIdBitmap' : [ 0x1c, ['_RTL_BITMAP']],
+    'TempPartitionPointers' : [ 0x24, ['array', 1, ['pointer', ['_MI_PARTITION']]]],
+    'Partition' : [ 0x28, ['pointer', ['pointer', ['_MI_PARTITION']]]],
+    'TotalPagesInChildPartitions' : [ 0x2c, ['unsigned long']],
+    'CrossPartitionDenials' : [ 0x30, ['unsigned long']],
+    'MultiplePartitionsExist' : [ 0x34, ['unsigned char']],
+} ],
+  '_MI_ENCLAVE_STATE' : [ 0x24, {
+    'EnclaveRegions' : [ 0x0, ['_RTL_AVL_TREE']],
+    'EnclaveMetadataPage' : [ 0x4, ['pointer', ['void']]],
+    'EnclaveMetadataBitMap' : [ 0x8, ['pointer', ['_RTL_BITMAP']]],
+    'EnclaveMetadataEntryLock' : [ 0xc, ['_EX_PUSH_LOCK']],
+    'EnclaveMetadataPageLock' : [ 0x10, ['long']],
+    'EnclaveList' : [ 0x14, ['_LIST_ENTRY']],
+    'EnclaveListLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+    'ShutdownRundown' : [ 0x20, ['_EX_RUNDOWN_REF']],
+} ],
+  '_POP_THERMAL_ZONE' : [ 0x3a0, {
+    'PolicyDevice' : [ 0x0, ['_POP_POLICY_DEVICE']],
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+    'State' : [ 0x20, ['unsigned char']],
+    'Flags' : [ 0x21, ['unsigned char']],
+    'Removing' : [ 0x22, ['unsigned char']],
+    'Mode' : [ 0x23, ['unsigned char']],
+    'PendingMode' : [ 0x24, ['unsigned char']],
+    'ActivePoint' : [ 0x25, ['unsigned char']],
+    'PendingActivePoint' : [ 0x26, ['unsigned char']],
+    'Critical' : [ 0x27, ['unsigned char']],
+    'ThermalStandby' : [ 0x28, ['unsigned char']],
+    'OverThrottled' : [ 0x29, ['unsigned char']],
+    'HighPrecisionThrottle' : [ 0x2c, ['long']],
+    'Throttle' : [ 0x30, ['long']],
+    'PendingThrottle' : [ 0x34, ['long']],
+    'ThrottleReasons' : [ 0x38, ['unsigned long']],
+    'LastPassiveTime' : [ 0x40, ['unsigned long long']],
+    'SampleRate' : [ 0x48, ['unsigned long']],
+    'LastTemp' : [ 0x4c, ['unsigned long']],
+    'Info' : [ 0x50, ['_THERMAL_INFORMATION_EX']],
+    'Policy' : [ 0xac, ['_THERMAL_POLICY']],
+    'PolicyDriver' : [ 0xc4, ['unsigned char']],
+    'PollingRate' : [ 0xc8, ['unsigned long']],
+    'LastTemperatureTime' : [ 0xd0, ['unsigned long long']],
+    'LastActiveStartTime' : [ 0xd8, ['unsigned long long']],
+    'LastPassiveStartTime' : [ 0xe0, ['unsigned long long']],
+    'WorkItem' : [ 0xe8, ['_WORK_QUEUE_ITEM']],
+    'ZoneUpdateTimer' : [ 0xf8, ['_KTIMER2']],
+    'Lock' : [ 0x150, ['_POP_RW_LOCK']],
+    'ZoneStopped' : [ 0x158, ['_KEVENT']],
+    'TemperatureUpdated' : [ 0x168, ['_KEVENT']],
+    'InstanceId' : [ 0x178, ['unsigned long']],
+    'TelemetryTracker' : [ 0x180, ['_POP_THERMAL_TELEMETRY_TRACKER']],
+    'Description' : [ 0x398, ['_UNICODE_STRING']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG' : [ 0x288, {
+    'Next' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Log' : [ 0x8, ['array', 16, ['_CM_DIRTY_VECTOR_LOG_ENTRY']]],
+} ],
+  '__unnamed_27ed' : [ 0x4, {
+    'Bus' : [ 0x0, ['unsigned char']],
+    'Device' : [ 0x1, ['unsigned char']],
+    'Function' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_27ef' : [ 0x2, {
+    'SecondaryBus' : [ 0x0, ['unsigned char']],
+    'SubordinateBus' : [ 0x1, ['unsigned char']],
+} ],
+  '_PCI_BUSMASTER_DESCRIPTOR' : [ 0xc, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BusmasterRidFromDeviceRid', 1: u'BusmasterRidFromBridgeRid', 2: u'BusmasterRidFromMultipleBridges'})]],
+    'Segment' : [ 0x4, ['unsigned long']],
+    'DeviceRid' : [ 0x8, ['__unnamed_27ed']],
+    'BridgeRid' : [ 0x8, ['__unnamed_27ed']],
+    'MultipleBridges' : [ 0x8, ['__unnamed_27ef']],
+} ],
+  '_HVP_VIEW_MAP' : [ 0x28, {
+    'SectionReference' : [ 0x0, ['pointer', ['void']]],
+    'StorageEndFileOffset' : [ 0x8, ['long long']],
+    'SectionEndFileOffset' : [ 0x10, ['long long']],
+    'ProcessTuple' : [ 0x18, ['pointer', ['_CMSI_PROCESS_TUPLE']]],
+    'Flags' : [ 0x1c, ['unsigned long']],
+    'ViewTree' : [ 0x20, ['_RTL_RB_TREE']],
+} ],
+  '_WHEA_IPF_MCA_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_MMSECURE_FLAGS' : [ 0x4, {
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadWrite' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SecNoChange' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoDelete' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'RequiresPteReversal' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ExclusiveSecure' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'UserModeOnly' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'NoInherit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'CheckVad' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_TRIAGE_PNP_DEVICE_COMPLETION_REQUEST' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_HIVE_WRITE_WAIT_QUEUE' : [ 0x8, {
+    'ActiveThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'WaitList' : [ 0x4, ['pointer', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_BUS_EXTENSION_LIST' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['void']]],
+    'BusExtension' : [ 0x4, ['pointer', ['_PI_BUS_EXTENSION']]],
+} ],
+  '_HAL_LOG_REGISTER_CONTEXT' : [ 0x8, {
+    'LogRoutine' : [ 0x0, ['pointer', ['void']]],
+    'Flag' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_OBJECT_LIST_ENTRY' : [ 0x10, {
+    'DeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'RelationLevel' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'RELATION_LEVEL_REMOVE_EJECT', 1: u'RELATION_LEVEL_DEPENDENT', 2: u'RELATION_LEVEL_DIRECT_DESCENDANT'})]],
+    'Ordinal' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned long']],
+} ],
+  '_HBIN' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'FileOffset' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'TimeStamp' : [ 0x14, ['_LARGE_INTEGER']],
+    'Spare' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_PROTECTION' : [ 0x1, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Audit' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Signer' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MMPFNENTRY3' : [ 0x1, {
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'OnProtectedStandby' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'InPageError' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'SystemChargedPage' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'RemovalRequested' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ParityError' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_SEP_SID_VALUES_BLOCK' : [ 0x10, {
+    'BlockLength' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'SidCount' : [ 0x8, ['unsigned long']],
+    'SidValuesStart' : [ 0xc, ['unsigned long']],
+} ],
+  '_MM_PAGE_ACCESS_INFO' : [ 0x8, {
+    'Flags' : [ 0x0, ['_MM_PAGE_ACCESS_INFO_FLAGS']],
+    'FileOffset' : [ 0x0, ['unsigned long long']],
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'DontUse0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'PointerProtoPte' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_NT_TIB64' : [ 0x38, {
+    'ExceptionList' : [ 0x0, ['unsigned long long']],
+    'StackBase' : [ 0x8, ['unsigned long long']],
+    'StackLimit' : [ 0x10, ['unsigned long long']],
+    'SubSystemTib' : [ 0x18, ['unsigned long long']],
+    'FiberData' : [ 0x20, ['unsigned long long']],
+    'Version' : [ 0x20, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x28, ['unsigned long long']],
+    'Self' : [ 0x30, ['unsigned long long']],
+} ],
+  '_EX_RUNDOWN_REF_CACHE_AWARE' : [ 0x10, {
+    'RunRefs' : [ 0x0, ['pointer', ['_EX_RUNDOWN_REF']]],
+    'PoolToFree' : [ 0x4, ['pointer', ['void']]],
+    'RunRefSize' : [ 0x8, ['unsigned long']],
+    'Number' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_DRIVER_UNLOAD' : [ 0x4, {
+    'Function' : [ 0x0, ['pointer', ['void']]],
+    'FunctionValue' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_282e' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Image' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '__unnamed_2830' : [ 0x4, {
+    'FilePointerIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned long')]],
+    'HardFault' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+} ],
+  '_MM_PAGE_ACCESS_INFO_FLAGS' : [ 0x4, {
+    'File' : [ 0x0, ['__unnamed_282e']],
+    'Private' : [ 0x0, ['__unnamed_2830']],
+} ],
+  '_MM_SHARED_VAD_FLAGS' : [ 0x4, {
+    'Lock' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LockContended' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'DeleteInProgress' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'NoChange' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'VadType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 12, native_type='unsigned long')]],
+    'PreferredNode' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 18, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 20, native_type='unsigned long')]],
+    'PrivateMemoryAlwaysClear' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PrivateFixup' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'HotPatchAllowed' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+} ],
+  '_CM_TRANS_PTR' : [ 0x4, {
+    'LightWeight' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'TransPtr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_CM_WORKITEM' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Private' : [ 0x8, ['unsigned long']],
+    'WorkerRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Parameter' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_CM_KEY_HASH' : [ 0x10, {
+    'ConvKey' : [ 0x0, ['_CM_PATH_HASH']],
+    'NextHash' : [ 0x4, ['pointer', ['_CM_KEY_HASH']]],
+    'KeyHive' : [ 0x8, ['pointer', ['_HHIVE']]],
+    'KeyCell' : [ 0xc, ['unsigned long']],
+} ],
+  '_FAST_IO_DISPATCH' : [ 0x70, {
+    'SizeOfFastIoDispatch' : [ 0x0, ['unsigned long']],
+    'FastIoCheckIfPossible' : [ 0x4, ['pointer', ['void']]],
+    'FastIoRead' : [ 0x8, ['pointer', ['void']]],
+    'FastIoWrite' : [ 0xc, ['pointer', ['void']]],
+    'FastIoQueryBasicInfo' : [ 0x10, ['pointer', ['void']]],
+    'FastIoQueryStandardInfo' : [ 0x14, ['pointer', ['void']]],
+    'FastIoLock' : [ 0x18, ['pointer', ['void']]],
+    'FastIoUnlockSingle' : [ 0x1c, ['pointer', ['void']]],
+    'FastIoUnlockAll' : [ 0x20, ['pointer', ['void']]],
+    'FastIoUnlockAllByKey' : [ 0x24, ['pointer', ['void']]],
+    'FastIoDeviceControl' : [ 0x28, ['pointer', ['void']]],
+    'AcquireFileForNtCreateSection' : [ 0x2c, ['pointer', ['void']]],
+    'ReleaseFileForNtCreateSection' : [ 0x30, ['pointer', ['void']]],
+    'FastIoDetachDevice' : [ 0x34, ['pointer', ['void']]],
+    'FastIoQueryNetworkOpenInfo' : [ 0x38, ['pointer', ['void']]],
+    'AcquireForModWrite' : [ 0x3c, ['pointer', ['void']]],
+    'MdlRead' : [ 0x40, ['pointer', ['void']]],
+    'MdlReadComplete' : [ 0x44, ['pointer', ['void']]],
+    'PrepareMdlWrite' : [ 0x48, ['pointer', ['void']]],
+    'MdlWriteComplete' : [ 0x4c, ['pointer', ['void']]],
+    'FastIoReadCompressed' : [ 0x50, ['pointer', ['void']]],
+    'FastIoWriteCompressed' : [ 0x54, ['pointer', ['void']]],
+    'MdlReadCompleteCompressed' : [ 0x58, ['pointer', ['void']]],
+    'MdlWriteCompleteCompressed' : [ 0x5c, ['pointer', ['void']]],
+    'FastIoQueryOpen' : [ 0x60, ['pointer', ['void']]],
+    'ReleaseForModWrite' : [ 0x64, ['pointer', ['void']]],
+    'AcquireForCcFlush' : [ 0x68, ['pointer', ['void']]],
+    'ReleaseForCcFlush' : [ 0x6c, ['pointer', ['void']]],
+} ],
+  '_WHEA_AER_ROOTPORT_DESCRIPTOR' : [ 0x24, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'Slot' : [ 0x8, ['_WHEA_PCI_SLOT_NUMBER']],
+    'DeviceControl' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['_AER_ROOTPORT_DESCRIPTOR_FLAGS']],
+    'UncorrectableErrorMask' : [ 0x10, ['unsigned long']],
+    'UncorrectableErrorSeverity' : [ 0x14, ['unsigned long']],
+    'CorrectableErrorMask' : [ 0x18, ['unsigned long']],
+    'AdvancedCapsAndControl' : [ 0x1c, ['unsigned long']],
+    'RootErrorCommand' : [ 0x20, ['unsigned long']],
+} ],
+  '_KGATE' : [ 0x10, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+} ],
+  '_flags' : [ 0x1, {
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'GroupAssigned' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'GroupCommitted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'GroupAssignmentFixed' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ProcessorOnly' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Fill' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_AMD64_DBGKD_CONTROL_SET' : [ 0x1c, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolStart' : [ 0xc, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x14, ['unsigned long long']],
+} ],
+  '_PS_IO_CONTROL_ENTRY' : [ 0x1c, {
+    'VolumeTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedForParentValue' : [ 0x8, ['unsigned long']],
+    'VolumeKey' : [ 0xc, ['unsigned long']],
+    'Rundown' : [ 0x10, ['_EX_RUNDOWN_REF']],
+    'IoControl' : [ 0x14, ['pointer', ['void']]],
+    'VolumeIoAttribution' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_RTL_HP_LFH_CONFIG' : [ 0x4, {
+    'MaxBlockSize' : [ 0x0, ['unsigned short']],
+    'WitholdPageCrossingBlocks' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DisableRandomization' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+} ],
+  '_CM_UOW_SET_VALUE_LIST_DATA' : [ 0xc, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'ValueList' : [ 0x4, ['_CHILD_LIST']],
+} ],
+  '_IO_COMPLETION_CONTEXT' : [ 0x8, {
+    'Port' : [ 0x0, ['pointer', ['void']]],
+    'Key' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_VF_TRACKER_STAMP' : [ 0x8, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'Flags' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'OldIrql' : [ 0x5, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'NewIrql' : [ 0x6, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Processor' : [ 0x7, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_HEAP_LFH_AFFINITY_SLOT' : [ 0x20, {
+    'State' : [ 0x0, ['_HEAP_LFH_SUBSEGMENT_OWNER']],
+    'ActiveSubsegment' : [ 0x1c, ['_HEAP_LFH_FAST_REF']],
+} ],
+  '_IMAGE_OPTIONAL_HEADER' : [ 0xe0, {
+    'Magic' : [ 0x0, ['unsigned short']],
+    'MajorLinkerVersion' : [ 0x2, ['unsigned char']],
+    'MinorLinkerVersion' : [ 0x3, ['unsigned char']],
+    'SizeOfCode' : [ 0x4, ['unsigned long']],
+    'SizeOfInitializedData' : [ 0x8, ['unsigned long']],
+    'SizeOfUninitializedData' : [ 0xc, ['unsigned long']],
+    'AddressOfEntryPoint' : [ 0x10, ['unsigned long']],
+    'BaseOfCode' : [ 0x14, ['unsigned long']],
+    'BaseOfData' : [ 0x18, ['unsigned long']],
+    'ImageBase' : [ 0x1c, ['unsigned long']],
+    'SectionAlignment' : [ 0x20, ['unsigned long']],
+    'FileAlignment' : [ 0x24, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x28, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x2a, ['unsigned short']],
+    'MajorImageVersion' : [ 0x2c, ['unsigned short']],
+    'MinorImageVersion' : [ 0x2e, ['unsigned short']],
+    'MajorSubsystemVersion' : [ 0x30, ['unsigned short']],
+    'MinorSubsystemVersion' : [ 0x32, ['unsigned short']],
+    'Win32VersionValue' : [ 0x34, ['unsigned long']],
+    'SizeOfImage' : [ 0x38, ['unsigned long']],
+    'SizeOfHeaders' : [ 0x3c, ['unsigned long']],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'Subsystem' : [ 0x44, ['unsigned short']],
+    'DllCharacteristics' : [ 0x46, ['unsigned short']],
+    'SizeOfStackReserve' : [ 0x48, ['unsigned long']],
+    'SizeOfStackCommit' : [ 0x4c, ['unsigned long']],
+    'SizeOfHeapReserve' : [ 0x50, ['unsigned long']],
+    'SizeOfHeapCommit' : [ 0x54, ['unsigned long']],
+    'LoaderFlags' : [ 0x58, ['unsigned long']],
+    'NumberOfRvaAndSizes' : [ 0x5c, ['unsigned long']],
+    'DataDirectory' : [ 0x60, ['array', 16, ['_IMAGE_DATA_DIRECTORY']]],
+} ],
+  '_VI_DEADLOCK_THREAD' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['_KTHREAD']]],
+    'CurrentSpinNode' : [ 0x4, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'CurrentOtherNode' : [ 0x8, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0xc, ['_LIST_ENTRY']],
+    'NodeCount' : [ 0x14, ['unsigned long']],
+    'PagingCount' : [ 0x18, ['unsigned long']],
+    'ThreadUsesEresources' : [ 0x1c, ['unsigned char']],
+} ],
+  '_ARBITER_RETEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KPRCBFLAG' : [ 0x4, {
+    'PrcbFlags' : [ 0x0, ['long']],
+    'BamQosLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PendingQosUpdate' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 10, native_type='unsigned long')]],
+    'CacheIsolationEnabled' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'TracepointActive' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'PrcbFlagsReserved' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_SUBSECTION_ENTRY1' : [ 0x4, {
+    'CrossPartitionReferences' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'SubsectionMappedLarge' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_28aa' : [ 0x4, {
+    'PercentLevel' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_28ac' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned long']],
+} ],
+  '_POP_ACTION_TRIGGER' : [ 0x10, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'Wait' : [ 0x8, ['pointer', ['_POP_TRIGGER_WAIT']]],
+    'Battery' : [ 0xc, ['__unnamed_28aa']],
+    'Button' : [ 0xc, ['__unnamed_28ac']],
+} ],
+  '_RTL_ATOM_TABLE' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ReferenceCount' : [ 0x4, ['long']],
+    'PushLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'ExHandleTable' : [ 0xc, ['pointer', ['_HANDLE_TABLE']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'NumberOfBuckets' : [ 0x14, ['unsigned long']],
+    'Buckets' : [ 0x18, ['array', 1, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]]],
+} ],
+  '_POWER_STATE' : [ 0x4, {
+    'SystemState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DeviceState' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_KTIMER2' : [ 0x58, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'RbNodes' : [ 0x10, ['array', 2, ['_RTL_BALANCED_NODE']]],
+    'ListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'DueTime' : [ 0x28, ['array', 2, ['unsigned long long']]],
+    'Period' : [ 0x38, ['long long']],
+    'Callback' : [ 0x40, ['pointer', ['void']]],
+    'CallbackContext' : [ 0x44, ['pointer', ['void']]],
+    'DisableCallback' : [ 0x48, ['pointer', ['void']]],
+    'DisableContext' : [ 0x4c, ['pointer', ['void']]],
+    'AbsoluteSystemTime' : [ 0x50, ['unsigned char']],
+    'TypeFlags' : [ 0x51, ['unsigned char']],
+    'Unused' : [ 0x51, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IdleResilient' : [ 0x51, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'HighResolution' : [ 0x51, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'NoWake' : [ 0x51, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PseudoHighRes' : [ 0x51, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Unused1' : [ 0x51, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+    'CollectionIndex' : [ 0x52, ['array', 2, ['unsigned char']]],
+} ],
+  '_ALPC_PROCESS_CONTEXT' : [ 0x10, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'ViewListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'PagedPoolQuotaCache' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SESSION_STATE' : [ 0x104c, {
+    'SystemSession' : [ 0x0, ['_MMSESSION']],
+    'CodePageEdited' : [ 0x14, ['unsigned char']],
+    'VaReferenceCount' : [ 0x18, ['array', 1024, ['long']]],
+    'DynamicPtesBitBuffer' : [ 0x1018, ['pointer', ['unsigned long']]],
+    'IdLock' : [ 0x101c, ['_EX_PUSH_LOCK']],
+    'LeaderProcess' : [ 0x1020, ['pointer', ['_EPROCESS']]],
+    'InitializeLock' : [ 0x1024, ['_EX_PUSH_LOCK']],
+    'WorkingSetList' : [ 0x1028, ['pointer', ['_MMWSL_INSTANCE']]],
+    'SessionBase' : [ 0x102c, ['pointer', ['void']]],
+    'SessionCore' : [ 0x1030, ['pointer', ['void']]],
+    'SessionIdNodes' : [ 0x1034, ['_RTL_AVL_TREE']],
+    'DeleteInProgressEvent' : [ 0x1038, ['_KEVENT']],
+    'DeleteInProgressCount' : [ 0x1048, ['unsigned long']],
+} ],
+  '_XSTATE_CONFIGURATION' : [ 0x338, {
+    'EnabledFeatures' : [ 0x0, ['unsigned long long']],
+    'EnabledVolatileFeatures' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'ControlFlags' : [ 0x14, ['unsigned long']],
+    'OptimizedSave' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CompactionEnabled' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Features' : [ 0x18, ['array', 64, ['_XSTATE_FEATURE']]],
+    'EnabledSupervisorFeatures' : [ 0x218, ['unsigned long long']],
+    'AlignedFeatures' : [ 0x220, ['unsigned long long']],
+    'AllFeatureSize' : [ 0x228, ['unsigned long']],
+    'AllFeatures' : [ 0x22c, ['array', 64, ['unsigned long']]],
+    'EnabledUserVisibleSupervisorFeatures' : [ 0x330, ['unsigned long long']],
+} ],
+  '_OBJECT_SYMBOLIC_LINK' : [ 0x20, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LinkTarget' : [ 0x8, ['_UNICODE_STRING']],
+    'Callback' : [ 0x8, ['pointer', ['void']]],
+    'CallbackContext' : [ 0xc, ['pointer', ['void']]],
+    'DosDeviceDriveIndex' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+    'AccessMask' : [ 0x18, ['unsigned long']],
+} ],
+  '_MI_SECTION_STATE' : [ 0x180, {
+    'SectionObjectPointersLock' : [ 0x0, ['long']],
+    'SectionBasedRoot' : [ 0x4, ['_RTL_AVL_TREE']],
+    'SectionBasedLock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'UnusedSegmentPagedPool' : [ 0xc, ['unsigned long']],
+    'DataSectionProtectionMask' : [ 0x10, ['unsigned long']],
+    'HighSectionBase' : [ 0x14, ['pointer', ['void']]],
+    'PhysicalSubsection' : [ 0x18, ['_MSUBSECTION']],
+    'PhysicalControlArea' : [ 0x70, ['_CONTROL_AREA']],
+    'PurgingExtentPages' : [ 0xc0, ['_MMPFNLIST']],
+    'DanglingExtentPages' : [ 0xd4, ['pointer', ['_MMPFN']]],
+    'DanglingExtentsWorkItem' : [ 0xd8, ['_WORK_QUEUE_ITEM']],
+    'DanglingExtentsDeletionWaitList' : [ 0xe8, ['_MI_EXTENT_DELETION_WAIT_BLOCK']],
+    'FileOnlyMemoryPfnsCreated' : [ 0xfc, ['unsigned char']],
+    'DanglingExtentsWorkerActive' : [ 0xfd, ['unsigned char']],
+    'PurgingExtentsNeedWatchdog' : [ 0xfe, ['unsigned char']],
+    'PrototypePtesTree' : [ 0x100, ['_RTL_AVL_TREE']],
+    'PrototypePtesTreeSpinLock' : [ 0x104, ['long']],
+    'RelocateBitmapsLock' : [ 0x108, ['_EX_PUSH_LOCK']],
+    'ImageBitMapNative' : [ 0x10c, ['_RTL_BITMAP']],
+    'ImageBiasNative' : [ 0x114, ['unsigned long']],
+    'OverflowArea' : [ 0x118, ['_MI_DLL_OVERFLOW_AREA']],
+    'ApiSetSection' : [ 0x120, ['pointer', ['void']]],
+    'ApiSetSchema' : [ 0x124, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0x128, ['unsigned long']],
+    'LostDataFiles' : [ 0x12c, ['unsigned long']],
+    'LostDataPages' : [ 0x130, ['unsigned long']],
+    'ImageFailureReason' : [ 0x134, ['unsigned long']],
+    'CfgBitMapSection' : [ 0x138, ['pointer', ['_SECTION']]],
+    'CfgBitMapControlArea' : [ 0x13c, ['pointer', ['_CONTROL_AREA']]],
+    'ImageCfgFailure' : [ 0x140, ['unsigned long']],
+    'ImageBreakpointEnabled' : [ 0x144, ['unsigned long']],
+    'ImageBreakpointChecksum' : [ 0x148, ['unsigned long']],
+    'ImageBreakpointSize' : [ 0x14c, ['unsigned long']],
+    'ImageValidationFailed' : [ 0x150, ['long']],
+    'ImageExtentTree' : [ 0x154, ['_RTL_AVL_TREE']],
+    'ImageExtentTreeLock' : [ 0x158, ['_EX_PUSH_LOCK']],
+    'HotPatchReserveSize' : [ 0x15c, ['unsigned long']],
+} ],
+  '_AER_ROOTPORT_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'RootErrorCommandRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_MI_VAD_SEQUENTIAL_INFO' : [ 0x4, {
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned long')]],
+    'Vpn' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_ATOM_TABLE_ENTRY' : [ 0x1c, {
+    'HashLink' : [ 0x0, ['pointer', ['_RTL_ATOM_TABLE_ENTRY']]],
+    'HandleIndex' : [ 0x4, ['unsigned short']],
+    'Atom' : [ 0x6, ['unsigned short']],
+    'Reference' : [ 0x8, ['_RTL_ATOM_TABLE_REFERENCE']],
+    'NameLength' : [ 0x18, ['unsigned char']],
+    'Name' : [ 0x1a, ['array', 1, ['wchar']]],
+} ],
+  '_WHEAP_ERROR_RECORD_WRAPPER_FLAGS' : [ 0x4, {
+    'Preallocated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'FromPersistentStore' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CM_UOW_KEY_STATE_MODIFICATION' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'SubKeyListCount' : [ 0x4, ['array', 2, ['unsigned long']]],
+    'NewSubKeyList' : [ 0xc, ['array', 2, ['unsigned long']]],
+} ],
+  '_MI_CONTROL_AREA_WAIT_BLOCK' : [ 0x1c, {
+    'Next' : [ 0x0, ['pointer', ['_MI_CONTROL_AREA_WAIT_BLOCK']]],
+    'WaitReason' : [ 0x4, ['unsigned long']],
+    'WaitResponse' : [ 0x8, ['unsigned long']],
+    'Gate' : [ 0xc, ['_KGATE']],
+} ],
+  '_RTL_CRITICAL_SECTION' : [ 0x18, {
+    'DebugInfo' : [ 0x0, ['pointer', ['_RTL_CRITICAL_SECTION_DEBUG']]],
+    'LockCount' : [ 0x4, ['long']],
+    'RecursionCount' : [ 0x8, ['long']],
+    'OwningThread' : [ 0xc, ['pointer', ['void']]],
+    'LockSemaphore' : [ 0x10, ['pointer', ['void']]],
+    'SpinCount' : [ 0x14, ['unsigned long']],
+} ],
+  '_PI_RESOURCE_ARBITER_ENTRY' : [ 0x38, {
+    'DeviceArbiterList' : [ 0x0, ['_LIST_ENTRY']],
+    'ResourceType' : [ 0x8, ['unsigned char']],
+    'ArbiterInterface' : [ 0xc, ['pointer', ['_ARBITER_INTERFACE']]],
+    'DeviceNode' : [ 0x10, ['pointer', ['_DEVICE_NODE']]],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'BestResourceList' : [ 0x1c, ['_LIST_ENTRY']],
+    'BestConfig' : [ 0x24, ['_LIST_ENTRY']],
+    'ActiveArbiterList' : [ 0x2c, ['_LIST_ENTRY']],
+    'State' : [ 0x34, ['unsigned char']],
+    'ResourcesChanged' : [ 0x35, ['unsigned char']],
+} ],
+  '_ETW_FILTER_HEADER' : [ 0x34, {
+    'FilterFlags' : [ 0x0, ['long']],
+    'PidFilter' : [ 0x4, ['pointer', ['_ETW_FILTER_PID']]],
+    'ExeFilter' : [ 0x8, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgIdFilter' : [ 0xc, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'PkgAppIdFilter' : [ 0x10, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'ContainerFilter' : [ 0x14, ['pointer', ['_ETW_FILTER_STRING_TOKEN']]],
+    'StackWalkIdFilter' : [ 0x18, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'StackWalkNameFilter' : [ 0x1c, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+    'StackWalkLevelKwFilter' : [ 0x20, ['pointer', ['_EVENT_FILTER_LEVEL_KW']]],
+    'EventIdFilter' : [ 0x24, ['pointer', ['_ETW_PERFECT_HASH_FUNCTION']]],
+    'PayloadFilter' : [ 0x28, ['pointer', ['_ETW_PAYLOAD_FILTER']]],
+    'ProviderSideFilter' : [ 0x2c, ['pointer', ['_EVENT_FILTER_HEADER']]],
+    'EventNameFilter' : [ 0x30, ['pointer', ['_ETW_FILTER_EVENT_NAME_DATA']]],
+} ],
+  '_MMPTE_SOFTWARE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PageFileReserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PageFileAllocated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'PageFileHigh' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_MM_DRIVER_VERIFIER_DATA' : [ 0x90, {
+    'Level' : [ 0x0, ['unsigned long']],
+    'RaiseIrqls' : [ 0x4, ['unsigned long']],
+    'AcquireSpinLocks' : [ 0x8, ['unsigned long']],
+    'SynchronizeExecutions' : [ 0xc, ['unsigned long']],
+    'AllocationsAttempted' : [ 0x10, ['unsigned long']],
+    'AllocationsSucceeded' : [ 0x14, ['unsigned long']],
+    'AllocationsSucceededSpecialPool' : [ 0x18, ['unsigned long']],
+    'AllocationsWithNoTag' : [ 0x1c, ['unsigned long']],
+    'TrimRequests' : [ 0x20, ['unsigned long']],
+    'Trims' : [ 0x24, ['unsigned long']],
+    'AllocationsFailed' : [ 0x28, ['unsigned long']],
+    'AllocationsFailedDeliberately' : [ 0x2c, ['unsigned long']],
+    'Loads' : [ 0x30, ['unsigned long']],
+    'Unloads' : [ 0x34, ['unsigned long']],
+    'UnTrackedPool' : [ 0x38, ['unsigned long']],
+    'UserTrims' : [ 0x3c, ['unsigned long']],
+    'CurrentPagedPoolAllocations' : [ 0x40, ['unsigned long']],
+    'CurrentNonPagedPoolAllocations' : [ 0x44, ['unsigned long']],
+    'PeakPagedPoolAllocations' : [ 0x48, ['unsigned long']],
+    'PeakNonPagedPoolAllocations' : [ 0x4c, ['unsigned long']],
+    'PagedBytes' : [ 0x50, ['unsigned long']],
+    'NonPagedBytes' : [ 0x54, ['unsigned long']],
+    'PeakPagedBytes' : [ 0x58, ['unsigned long']],
+    'PeakNonPagedBytes' : [ 0x5c, ['unsigned long']],
+    'BurstAllocationsFailedDeliberately' : [ 0x60, ['unsigned long']],
+    'SessionTrims' : [ 0x64, ['unsigned long']],
+    'OptionChanges' : [ 0x68, ['unsigned long']],
+    'VerifyMode' : [ 0x6c, ['unsigned long']],
+    'PreviousBucketName' : [ 0x70, ['_UNICODE_STRING']],
+    'ExecutePoolTypes' : [ 0x78, ['unsigned long']],
+    'ExecutePageProtections' : [ 0x7c, ['unsigned long']],
+    'ExecutePageMappings' : [ 0x80, ['unsigned long']],
+    'ExecuteWriteSections' : [ 0x84, ['unsigned long']],
+    'SectionAlignmentFailures' : [ 0x88, ['unsigned long']],
+    'IATInExecutableSection' : [ 0x8c, ['unsigned long']],
+} ],
+  '_HEAP_SEGMENT_MGR_COMMIT_STATE' : [ 0x2, {
+    'CommittedPageCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 11, native_type='unsigned short')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 14, native_type='unsigned short')]],
+    'LargePageOperationInProgress' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'LargePageCommit' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'EntireUShortV' : [ 0x0, ['unsigned short']],
+    'EntireUShort' : [ 0x0, ['unsigned short']],
+} ],
+  '_SID_IDENTIFIER_AUTHORITY' : [ 0x6, {
+    'Value' : [ 0x0, ['array', 6, ['unsigned char']]],
+} ],
+  '_PEB' : [ 0x480, {
+    'InheritedAddressSpace' : [ 0x0, ['unsigned char']],
+    'ReadImageFileExecOptions' : [ 0x1, ['unsigned char']],
+    'BeingDebugged' : [ 0x2, ['unsigned char']],
+    'BitField' : [ 0x3, ['unsigned char']],
+    'ImageUsesLargePages' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IsProtectedProcess' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'IsImageDynamicallyRelocated' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'SkipPatchingUser32Forwarders' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'IsPackagedProcess' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'IsAppContainer' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'IsProtectedProcessLight' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'IsLongPathAwareProcess' : [ 0x3, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'Mutant' : [ 0x4, ['pointer', ['void']]],
+    'ImageBaseAddress' : [ 0x8, ['pointer', ['void']]],
+    'Ldr' : [ 0xc, ['pointer', ['_PEB_LDR_DATA']]],
+    'ProcessParameters' : [ 0x10, ['pointer', ['_RTL_USER_PROCESS_PARAMETERS']]],
+    'SubSystemData' : [ 0x14, ['pointer', ['void']]],
+    'ProcessHeap' : [ 0x18, ['pointer', ['void']]],
+    'FastPebLock' : [ 0x1c, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'AtlThunkSListPtr' : [ 0x20, ['pointer', ['_SLIST_HEADER']]],
+    'IFEOKey' : [ 0x24, ['pointer', ['void']]],
+    'CrossProcessFlags' : [ 0x28, ['unsigned long']],
+    'ProcessInJob' : [ 0x28, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ProcessInitializing' : [ 0x28, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ProcessUsingVEH' : [ 0x28, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ProcessUsingVCH' : [ 0x28, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ProcessUsingFTH' : [ 0x28, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessPreviouslyThrottled' : [ 0x28, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ProcessCurrentlyThrottled' : [ 0x28, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'ProcessImagesHotPatched' : [ 0x28, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ReservedBits0' : [ 0x28, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'KernelCallbackTable' : [ 0x2c, ['pointer', ['void']]],
+    'UserSharedInfoPtr' : [ 0x2c, ['pointer', ['void']]],
+    'SystemReserved' : [ 0x30, ['unsigned long']],
+    'AtlThunkSListPtr32' : [ 0x34, ['pointer', ['_SLIST_HEADER']]],
+    'ApiSetMap' : [ 0x38, ['pointer', ['void']]],
+    'TlsExpansionCounter' : [ 0x3c, ['unsigned long']],
+    'TlsBitmap' : [ 0x40, ['pointer', ['void']]],
+    'TlsBitmapBits' : [ 0x44, ['array', 2, ['unsigned long']]],
+    'ReadOnlySharedMemoryBase' : [ 0x4c, ['pointer', ['void']]],
+    'SharedData' : [ 0x50, ['pointer', ['void']]],
+    'ReadOnlyStaticServerData' : [ 0x54, ['pointer', ['pointer', ['void']]]],
+    'AnsiCodePageData' : [ 0x58, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x5c, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x60, ['pointer', ['void']]],
+    'NumberOfProcessors' : [ 0x64, ['unsigned long']],
+    'NtGlobalFlag' : [ 0x68, ['unsigned long']],
+    'CriticalSectionTimeout' : [ 0x70, ['_LARGE_INTEGER']],
+    'HeapSegmentReserve' : [ 0x78, ['unsigned long']],
+    'HeapSegmentCommit' : [ 0x7c, ['unsigned long']],
+    'HeapDeCommitTotalFreeThreshold' : [ 0x80, ['unsigned long']],
+    'HeapDeCommitFreeBlockThreshold' : [ 0x84, ['unsigned long']],
+    'NumberOfHeaps' : [ 0x88, ['unsigned long']],
+    'MaximumNumberOfHeaps' : [ 0x8c, ['unsigned long']],
+    'ProcessHeaps' : [ 0x90, ['pointer', ['pointer', ['void']]]],
+    'GdiSharedHandleTable' : [ 0x94, ['pointer', ['void']]],
+    'ProcessStarterHelper' : [ 0x98, ['pointer', ['void']]],
+    'GdiDCAttributeList' : [ 0x9c, ['unsigned long']],
+    'LoaderLock' : [ 0xa0, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'OSMajorVersion' : [ 0xa4, ['unsigned long']],
+    'OSMinorVersion' : [ 0xa8, ['unsigned long']],
+    'OSBuildNumber' : [ 0xac, ['unsigned short']],
+    'OSCSDVersion' : [ 0xae, ['unsigned short']],
+    'OSPlatformId' : [ 0xb0, ['unsigned long']],
+    'ImageSubsystem' : [ 0xb4, ['unsigned long']],
+    'ImageSubsystemMajorVersion' : [ 0xb8, ['unsigned long']],
+    'ImageSubsystemMinorVersion' : [ 0xbc, ['unsigned long']],
+    'ActiveProcessAffinityMask' : [ 0xc0, ['unsigned long']],
+    'GdiHandleBuffer' : [ 0xc4, ['array', 34, ['unsigned long']]],
+    'PostProcessInitRoutine' : [ 0x14c, ['pointer', ['void']]],
+    'TlsExpansionBitmap' : [ 0x150, ['pointer', ['void']]],
+    'TlsExpansionBitmapBits' : [ 0x154, ['array', 32, ['unsigned long']]],
+    'SessionId' : [ 0x1d4, ['unsigned long']],
+    'AppCompatFlags' : [ 0x1d8, ['_ULARGE_INTEGER']],
+    'AppCompatFlagsUser' : [ 0x1e0, ['_ULARGE_INTEGER']],
+    'pShimData' : [ 0x1e8, ['pointer', ['void']]],
+    'AppCompatInfo' : [ 0x1ec, ['pointer', ['void']]],
+    'CSDVersion' : [ 0x1f0, ['_UNICODE_STRING']],
+    'ActivationContextData' : [ 0x1f8, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'ProcessAssemblyStorageMap' : [ 0x1fc, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'SystemDefaultActivationContextData' : [ 0x200, ['pointer', ['_ACTIVATION_CONTEXT_DATA']]],
+    'SystemAssemblyStorageMap' : [ 0x204, ['pointer', ['_ASSEMBLY_STORAGE_MAP']]],
+    'MinimumStackCommit' : [ 0x208, ['unsigned long']],
+    'SparePointers' : [ 0x20c, ['array', 4, ['pointer', ['void']]]],
+    'SpareUlongs' : [ 0x21c, ['array', 5, ['unsigned long']]],
+    'WerRegistrationData' : [ 0x230, ['pointer', ['void']]],
+    'WerShipAssertPtr' : [ 0x234, ['pointer', ['void']]],
+    'pUnused' : [ 0x238, ['pointer', ['void']]],
+    'pImageHeaderHash' : [ 0x23c, ['pointer', ['void']]],
+    'TracingFlags' : [ 0x240, ['unsigned long']],
+    'HeapTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CritSecTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LibLoaderTracingEnabled' : [ 0x240, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SpareTracingBits' : [ 0x240, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'CsrServerReadOnlySharedMemoryBase' : [ 0x248, ['unsigned long long']],
+    'TppWorkerpListLock' : [ 0x250, ['unsigned long']],
+    'TppWorkerpList' : [ 0x254, ['_LIST_ENTRY']],
+    'WaitOnAddressHashTable' : [ 0x25c, ['array', 128, ['pointer', ['void']]]],
+    'TelemetryCoverageHeader' : [ 0x45c, ['pointer', ['void']]],
+    'CloudFileFlags' : [ 0x460, ['unsigned long']],
+    'CloudFileDiagFlags' : [ 0x464, ['unsigned long']],
+    'PlaceholderCompatibilityMode' : [ 0x468, ['unsigned char']],
+    'PlaceholderCompatibilityModeReserved' : [ 0x469, ['array', 7, ['unsigned char']]],
+    'LeapSecondData' : [ 0x470, ['pointer', ['_LEAP_SECOND_DATA']]],
+    'LeapSecondFlags' : [ 0x474, ['unsigned long']],
+    'SixtySecondEnabled' : [ 0x474, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x474, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'NtGlobalFlag2' : [ 0x478, ['unsigned long']],
+} ],
+  '_RTL_HP_SEG_ALLOC_POLICY' : [ 0xc, {
+    'MinLargePages' : [ 0x0, ['unsigned long']],
+    'MaxLargePages' : [ 0x4, ['unsigned long']],
+    'MinUtilization' : [ 0x8, ['unsigned char']],
+} ],
+  '_VF_SUSPECT_DRIVER_ENTRY' : [ 0x18, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Loads' : [ 0x8, ['unsigned long']],
+    'Unloads' : [ 0xc, ['unsigned long']],
+    'BaseName' : [ 0x10, ['_UNICODE_STRING']],
+} ],
+  '_VI_VERIFIER_ISSUE' : [ 0x10, {
+    'IssueType' : [ 0x0, ['unsigned long']],
+    'Address' : [ 0x4, ['pointer', ['void']]],
+    'Parameters' : [ 0x8, ['array', 2, ['unsigned long']]],
+} ],
+  '_KDEVICE_QUEUE' : [ 0x14, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'DeviceListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'Lock' : [ 0xc, ['unsigned long']],
+    'Busy' : [ 0x10, ['unsigned char']],
+} ],
+  '_KSTACK_COUNT' : [ 0x4, {
+    'Value' : [ 0x0, ['long']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'StackCount' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_ALLOCATION_STATE' : [ 0x38, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'CurrentMinimum' : [ 0x10, ['unsigned long long']],
+    'CurrentMaximum' : [ 0x18, ['unsigned long long']],
+    'Entry' : [ 0x20, ['pointer', ['_ARBITER_LIST_ENTRY']]],
+    'CurrentAlternative' : [ 0x24, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'AlternativeCount' : [ 0x28, ['unsigned long']],
+    'Alternatives' : [ 0x2c, ['pointer', ['_ARBITER_ALTERNATIVE']]],
+    'Flags' : [ 0x30, ['unsigned short']],
+    'RangeAttributes' : [ 0x32, ['unsigned char']],
+    'RangeAvailableAttributes' : [ 0x33, ['unsigned char']],
+    'WorkSpace' : [ 0x34, ['unsigned long']],
+} ],
+  '_PHYSICAL_MEMORY_RUN' : [ 0x8, {
+    'BasePage' : [ 0x0, ['unsigned long']],
+    'PageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2944' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['unsigned char']],
+    'Flags1' : [ 0x1, ['unsigned char']],
+    'Flags2' : [ 0x2, ['unsigned char']],
+    'BaseHi' : [ 0x3, ['unsigned char']],
+} ],
+  '__unnamed_2948' : [ 0x4, {
+    'BaseMid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'Type' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 13, native_type='unsigned long')]],
+    'Dpl' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 15, native_type='unsigned long')]],
+    'Pres' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'LimitHi' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'Sys' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'Reserved_0' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Default_Big' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'Granularity' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'BaseHi' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_294a' : [ 0x4, {
+    'Bytes' : [ 0x0, ['__unnamed_2944']],
+    'Bits' : [ 0x0, ['__unnamed_2948']],
+} ],
+  '_KGDTENTRY' : [ 0x8, {
+    'LimitLow' : [ 0x0, ['unsigned short']],
+    'BaseLow' : [ 0x2, ['unsigned short']],
+    'HighWord' : [ 0x4, ['__unnamed_294a']],
+} ],
+  '_ETW_SYSTEM_LOGGER_SETTINGS' : [ 0x174, {
+    'EtwpSystemLogger' : [ 0x0, ['array', 8, ['_ETW_SYSTEM_LOGGER']]],
+    'EtwpActiveSystemLoggers' : [ 0x10, ['unsigned long']],
+    'SiloGlobalGroupMask' : [ 0x14, ['_PERFINFO_GROUPMASK']],
+    'EtwpGroupMasks' : [ 0x34, ['array', 10, ['_PERFINFO_GROUPMASK']]],
+} ],
+  '_MI_SUB64K_FREE_RANGES' : [ 0x20, {
+    'BitMap' : [ 0x0, ['_RTL_BITMAP']],
+    'ListEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Vad' : [ 0x10, ['pointer', ['_MMVAD_SHORT']]],
+    'SetBits' : [ 0x14, ['unsigned long']],
+    'FullSetBits' : [ 0x18, ['unsigned long']],
+    'SubListIndex' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Hint' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_WHEA_REVISION' : [ 0x2, {
+    'MinorRevision' : [ 0x0, ['unsigned char']],
+    'MajorRevision' : [ 0x1, ['unsigned char']],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_2958' : [ 0x18, {
+    'ApcState' : [ 0x0, ['_KAPC_STATE']],
+    'HardFaultState' : [ 0x0, ['_MI_HARD_FAULT_STATE']],
+} ],
+  '__unnamed_295a' : [ 0x4, {
+    'ImagePteOffset' : [ 0x0, ['unsigned long']],
+    'TossPage' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_295d' : [ 0x4, {
+    'e1' : [ 0x0, ['_MMINPAGE_FLAGS']],
+    'LongFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMINPAGE_SUPPORT' : [ 0x108, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'ListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Event' : [ 0x10, ['_KEVENT']],
+    'CollidedEvent' : [ 0x20, ['_KEVENT']],
+    'IoStatus' : [ 0x30, ['_IO_STATUS_BLOCK']],
+    'ReadOffset' : [ 0x38, ['_LARGE_INTEGER']],
+    'u2' : [ 0x40, ['__unnamed_2958']],
+    'Thread' : [ 0x58, ['pointer', ['_ETHREAD']]],
+    'LockedProtoPfn' : [ 0x5c, ['pointer', ['_MMPFN']]],
+    'PteContents' : [ 0x60, ['_MMPTE']],
+    'WaitCount' : [ 0x68, ['long']],
+    'InjectRetry' : [ 0x6c, ['long']],
+    'ByteCount' : [ 0x70, ['unsigned long']],
+    'u3' : [ 0x74, ['__unnamed_295a']],
+    'u1' : [ 0x78, ['__unnamed_295d']],
+    'FilePointer' : [ 0x7c, ['pointer', ['_FILE_OBJECT']]],
+    'PagingFile' : [ 0x7c, ['pointer', ['_MMPAGING_FILE']]],
+    'ControlArea' : [ 0x80, ['pointer', ['_CONTROL_AREA']]],
+    'Subsection' : [ 0x80, ['pointer', ['_SUBSECTION']]],
+    'Autoboost' : [ 0x84, ['pointer', ['void']]],
+    'FaultingAddress' : [ 0x88, ['pointer', ['void']]],
+    'PointerPte' : [ 0x8c, ['pointer', ['_MMPTE']]],
+    'BasePte' : [ 0x90, ['pointer', ['_MMPTE']]],
+    'Pfn' : [ 0x94, ['pointer', ['_MMPFN']]],
+    'PrefetchMdl' : [ 0x98, ['pointer', ['_MDL']]],
+    'ProbeCount' : [ 0xa0, ['long long']],
+    'Mdl' : [ 0xa8, ['_MDL']],
+    'Page' : [ 0xc4, ['array', 16, ['unsigned long']]],
+    'FlowThrough' : [ 0xc4, ['_MMINPAGE_SUPPORT_FLOW_THROUGH']],
+} ],
+  '_EVENT_FILTER_HEADER' : [ 0x18, {
+    'Id' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['array', 5, ['unsigned char']]],
+    'InstanceId' : [ 0x8, ['unsigned long long']],
+    'Size' : [ 0x10, ['unsigned long']],
+    'NextOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_296d' : [ 0x8, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_296f' : [ 0x8, {
+    'RangeCount' : [ 0x0, ['unsigned long']],
+    'SetBitCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2971' : [ 0x8, {
+    'Context1' : [ 0x0, ['unsigned long']],
+    'Context2' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2973' : [ 0x8, {
+    'DirtyVectorModifiedContext' : [ 0x0, ['__unnamed_296d']],
+    'DirtyDataCaptureContext' : [ 0x0, ['__unnamed_296f']],
+    'Raw' : [ 0x0, ['__unnamed_2971']],
+} ],
+  '_CM_DIRTY_VECTOR_LOG_ENTRY' : [ 0x28, {
+    'Thread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'Operation' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'DirtyVectorModified', 1: u'DirtyDataCaptureStart', 2: u'DirtyDataCaptureEnd'})]],
+    'Data' : [ 0x8, ['__unnamed_2973']],
+    'Stack' : [ 0x10, ['array', 6, ['pointer', ['void']]]],
+} ],
+  '_CMP_DISCARD_AND_REPLACE_KCB_CONTEXT' : [ 0x10, {
+    'BaseKcb' : [ 0x0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'PrepareStatus' : [ 0x4, ['long']],
+    'ClonedKcbListHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PNP_DEVICE_ACTION_ENTRY' : [ 0x40, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'AssignResources', 1: u'ClearDeviceProblem', 2: u'ClearProblem', 3: u'ClearEjectProblem', 4: u'HaltDevice', 5: u'QueryPowerRelations', 6: u'Rebalance', 7: u'ReenumerateBootDevices', 8: u'ReenumerateDeviceOnly', 9: u'ReenumerateDeviceTree', 10: u'ReenumerateRootDevices', 11: u'RequeryDeviceState', 12: u'ResetDevice', 13: u'ResourceRequirementsChanged', 14: u'RestartEnumeration', 15: u'SetDeviceProblem', 16: u'StartDevice', 17: u'StartSystemDevicesPass0', 18: u'StartSystemDevicesPass1', 19: u'NotifyTransportRelationsChange', 20: u'NotifyEjectionRelationsChange', 21: u'ConfigureDevice', 22: u'ConfigureDeviceClass', 23: u'ConfigureDeviceExtensions', 24: u'ConfigureDeviceReset', 25: u'ClearDmaGuardProblem', 26: u'PnpDeviceActionRequestMax'})]],
+    'ReorderingBarrier' : [ 0x10, ['unsigned char']],
+    'RequestArgument' : [ 0x14, ['unsigned long']],
+    'CompletionEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'CompletionStatus' : [ 0x1c, ['pointer', ['long']]],
+    'ActivityId' : [ 0x20, ['_GUID']],
+    'RefCount' : [ 0x30, ['long']],
+    'Dequeued' : [ 0x34, ['unsigned char']],
+    'CancelLock' : [ 0x38, ['_EX_PUSH_LOCK']],
+    'CancelRequested' : [ 0x3c, ['unsigned char']],
+} ],
+  '_PPM_PLATFORM_STATE' : [ 0xc0, {
+    'LevelId' : [ 0x0, ['unsigned long long']],
+    'Latency' : [ 0x8, ['unsigned long']],
+    'BreakEvenDuration' : [ 0xc, ['unsigned long']],
+    'VetoAccounting' : [ 0x10, ['_PPM_VETO_ACCOUNTING']],
+    'TransitionDebugger' : [ 0x28, ['unsigned char']],
+    'Platform' : [ 0x29, ['unsigned char']],
+    'DependencyListCount' : [ 0x2c, ['unsigned long']],
+    'Processors' : [ 0x30, ['_KAFFINITY_EX']],
+    'Name' : [ 0x3c, ['_UNICODE_STRING']],
+    'DependencyLists' : [ 0x44, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+    'Synchronization' : [ 0x48, ['_PPM_COORDINATED_SYNCHRONIZATION']],
+    'EnterTime' : [ 0x50, ['unsigned long long']],
+    'RefCount' : [ 0x80, ['long']],
+    'CacheAlign0' : [ 0x80, ['array', 64, ['unsigned char']]],
+} ],
+  '_PEB_LDR_DATA' : [ 0x30, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Initialized' : [ 0x4, ['unsigned char']],
+    'SsHandle' : [ 0x8, ['pointer', ['void']]],
+    'InLoadOrderModuleList' : [ 0xc, ['_LIST_ENTRY']],
+    'InMemoryOrderModuleList' : [ 0x14, ['_LIST_ENTRY']],
+    'InInitializationOrderModuleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'EntryInProgress' : [ 0x24, ['pointer', ['void']]],
+    'ShutdownInProgress' : [ 0x28, ['unsigned char']],
+    'ShutdownThreadId' : [ 0x2c, ['pointer', ['void']]],
+} ],
+  '_MI_PARTITION_PAGE_LISTS' : [ 0x840, {
+    'FreePagesByColor' : [ 0x0, ['array', 2, ['pointer', ['_MMPFNLIST']]]],
+    'ZeroedPageListHead' : [ 0x40, ['_MMPFNLIST']],
+    'FreePageListHead' : [ 0x80, ['_MMPFNLIST']],
+    'StandbyPageListHead' : [ 0xc0, ['_MMPFNLIST']],
+    'StandbyPageListByPriority' : [ 0x100, ['array', 8, ['_MMPFNLIST']]],
+    'ModifiedPageListNoReservation' : [ 0x1c0, ['_MMPFNLIST']],
+    'ModifiedPageListByReservation' : [ 0x200, ['array', 16, ['_MMPFNLIST']]],
+    'MappedPageListHead' : [ 0x340, ['array', 4, ['_MMPFNLIST']]],
+    'BadPageListHead' : [ 0x3c0, ['_MMPFNLIST']],
+    'EnclavePageListHead' : [ 0x400, ['_MMPFNLIST']],
+    'FreePageSlist' : [ 0x414, ['array', 2, ['pointer', ['_SLIST_HEADER']]]],
+    'PageLocationList' : [ 0x41c, ['array', 8, ['pointer', ['_MMPFNLIST']]]],
+    'StandbyRepurposedByPriority' : [ 0x43c, ['array', 8, ['unsigned long']]],
+    'TransitionSharedPages' : [ 0x480, ['unsigned long']],
+    'TransitionSharedPagesPeak' : [ 0x484, ['array', 6, ['unsigned long']]],
+    'MappedPageListHeadEvent' : [ 0x49c, ['array', 4, ['_KEVENT']]],
+    'DecayClusterTimerHeads' : [ 0x4dc, ['array', 4, ['_MI_DECAY_TIMER_LINK']]],
+    'DecayHand' : [ 0x4ec, ['unsigned long']],
+    'StandbyListDiscard' : [ 0x4f0, ['unsigned char']],
+    'FreeListDiscard' : [ 0x4f1, ['unsigned char']],
+    'PfnBitMapsReady' : [ 0x4f2, ['unsigned char']],
+    'LastDecayHandUpdateTime' : [ 0x4f8, ['unsigned long long']],
+    'LastChanceLdwContext' : [ 0x500, ['_MI_LDW_WORK_CONTEXT']],
+    'AvailableEventsLock' : [ 0x540, ['unsigned long']],
+    'AvailablePageWaitStates' : [ 0x544, ['array', 3, ['_MI_AVAILABLE_PAGE_WAIT_STATES']]],
+    'MirrorListLocks' : [ 0x580, ['pointer', ['void']]],
+    'TransitionPrivatePages' : [ 0x5c0, ['unsigned long']],
+    'LargePfnBitMap' : [ 0x5c4, ['array', 1, ['_RTL_BITMAP']]],
+    'LargePageListHeads' : [ 0x5cc, ['pointer', ['_MI_FREE_LARGE_PAGE_LIST']]],
+    'MediumPagesOnFreeZeroList' : [ 0x5d0, ['pointer', ['unsigned char']]],
+    'LargePageRebuildCandidates' : [ 0x5d4, ['_RTL_BITMAP']],
+    'LargePageCandidatesExistEvent' : [ 0x5dc, ['_KEVENT']],
+    'LowMemoryThreshold' : [ 0x5ec, ['unsigned long']],
+    'HighMemoryThreshold' : [ 0x5f0, ['unsigned long']],
+    'SlabContexts' : [ 0x5f8, ['array', 2, ['array', 4, ['_MI_SLAB_ALLOCATOR_CONTEXT']]]],
+    'SlabPfnBitMap' : [ 0x838, ['_RTL_BITMAP']],
+} ],
+  '__unnamed_29a1' : [ 0x4, {
+    'Long' : [ 0x0, ['unsigned long']],
+    'e1' : [ 0x0, ['_MI_DECAY_TIMER_LINKAGE']],
+} ],
+  '_MI_DECAY_TIMER_LINK' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_29a1']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_STATS' : [ 0x4, {
+    'Buckets' : [ 0x0, ['array', 2, ['_HEAP_LFH_SUBSEGMENT_STAT']]],
+    'AllStats' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_HIDDEN_PROCESSOR_POWER_INTERFACE' : [ 0x14, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'ReadPerfMsr' : [ 0x4, ['pointer', ['void']]],
+    'WritePerfMsr' : [ 0x8, ['pointer', ['void']]],
+    'ReadPerfIoPort' : [ 0xc, ['pointer', ['void']]],
+    'WritePerfIoPort' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_CACHE_DESCRIPTOR' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned char']],
+    'Associativity' : [ 0x1, ['unsigned char']],
+    'LineSize' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'CacheUnified', 1: u'CacheInstruction', 2: u'CacheData', 3: u'CacheTrace'})]],
+} ],
+  '__unnamed_29c6' : [ 0x4, {
+    'AllocationType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned long')]],
+    'Inserted' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '__unnamed_29c8' : [ 0x4, {
+    'PrototypePtesFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_29ca' : [ 0x4, {
+    'e1' : [ 0x0, ['__unnamed_29c6']],
+    'e2' : [ 0x0, ['__unnamed_29c8']],
+} ],
+  '_MI_PROTOTYPE_PTES_NODE' : [ 0x10, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'u1' : [ 0xc, ['__unnamed_29ca']],
+} ],
+  '_ETW_COUNTERS' : [ 0x10, {
+    'GuidCount' : [ 0x0, ['long']],
+    'PoolUsage' : [ 0x4, ['array', 2, ['long']]],
+    'SessionCount' : [ 0xc, ['long']],
+} ],
+  '_ARM_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_PCW_COUNTER_INFORMATION' : [ 0x10, {
+    'CounterMask' : [ 0x0, ['unsigned long long']],
+    'InstanceMask' : [ 0x8, ['pointer', ['_UNICODE_STRING']]],
+} ],
+  '_WNF_DELIVERY_DESCRIPTOR' : [ 0x30, {
+    'SubscriptionId' : [ 0x0, ['unsigned long long']],
+    'StateName' : [ 0x8, ['_WNF_STATE_NAME']],
+    'ChangeStamp' : [ 0x10, ['unsigned long']],
+    'StateDataSize' : [ 0x14, ['unsigned long']],
+    'EventMask' : [ 0x18, ['unsigned long']],
+    'TypeId' : [ 0x1c, ['_WNF_TYPE_ID']],
+    'StateDataOffset' : [ 0x2c, ['unsigned long']],
+} ],
+  '_MI_PAGE_COMBINING_SUPPORT' : [ 0xe0, {
+    'Partition' : [ 0x0, ['pointer', ['_MI_PARTITION']]],
+    'ArbitraryPfnMapList' : [ 0x4, ['_LIST_ENTRY']],
+    'FreeCombinePoolItem' : [ 0xc, ['_MI_COMBINE_WORKITEM']],
+    'CombiningThreadCount' : [ 0x20, ['unsigned long']],
+    'CombinePageFreeList' : [ 0x24, ['_LIST_ENTRY']],
+    'CombineFreeListLock' : [ 0x2c, ['unsigned long']],
+    'CombinePageListHeads' : [ 0x30, ['array', 16, ['_MI_COMBINE_PAGE_LISTHEAD']]],
+    'CommonPageCombineDomain' : [ 0xb0, ['unsigned long long']],
+    'PageCombineStats' : [ 0xb8, ['_MI_PAGE_COMBINE_STATISTICS']],
+} ],
+  '_SEP_LOWBOX_NUMBER_ENTRY' : [ 0x1c, {
+    'HashEntry' : [ 0x0, ['_RTL_DYNAMIC_HASH_TABLE_ENTRY']],
+    'ReferenceCount' : [ 0xc, ['long']],
+    'PackageSid' : [ 0x10, ['pointer', ['void']]],
+    'LowboxNumber' : [ 0x14, ['unsigned long']],
+    'AtomTable' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Entries' : [ 0x4, ['pointer', ['_PPM_SELECTION_MENU_ENTRY']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID' : [ 0x18, {
+    'DeviceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'EXT_IOMMU_DEVICE_TYPE_INVALID', 1: u'EXT_IOMMU_DEVICE_TYPE_PCI', 2: u'EXT_IOMMU_DEVICE_TYPE_ACPI', 3: u'EXT_IOMMU_DEVICE_TYPE_IOAPIC', 4: u'EXT_IOMMU_DEVICE_TYPE_LOGICAL', 5: u'EXT_IOMMU_DEVICE_TYPE_GIC', 6: u'EXT_IOMMU_DEVICE_TYPE_TEST', 7: u'EXT_IOMMU_DEVICE_TYPE_MAX'})]],
+    'Pci' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_PCI']],
+    'Acpi' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_ACPI']],
+    'IoApicId' : [ 0x8, ['unsigned char']],
+    'LogicalId' : [ 0x8, ['unsigned long long']],
+    'Test' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_TEST']],
+    'Gic' : [ 0x8, ['_EXT_IOMMU_DEVICE_ID_GIC']],
+} ],
+  '_TraceLoggingMetadata_t' : [ 0x10, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned short']],
+    'Version' : [ 0x6, ['unsigned char']],
+    'Flags' : [ 0x7, ['unsigned char']],
+    'Magic' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_29f5' : [ 0x8, {
+    'Gsiv' : [ 0x0, ['unsigned long']],
+    'WakeInterrupt' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReservedFlags' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_29f7' : [ 0x10, {
+    'Address' : [ 0x0, ['_LARGE_INTEGER']],
+    'DataPayload' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_29fa' : [ 0x8, {
+    'IntrInfo' : [ 0x0, ['_INTERRUPT_HT_INTR_INFO']],
+} ],
+  '__unnamed_29fe' : [ 0x4, {
+    'DestinationMode' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'ApicDestinationModePhysical', 2: u'ApicDestinationModeLogicalFlat', 3: u'ApicDestinationModeLogicalClustered', 4: u'ApicDestinationModeUnknown'})]],
+} ],
+  '_INTERRUPT_VECTOR_DATA' : [ 0x50, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptTypeControllerInput', 1: u'InterruptTypeXapicMessage', 2: u'InterruptTypeHypertransport', 3: u'InterruptTypeMessageRequest'})]],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Irql' : [ 0x8, ['unsigned char']],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Mode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'TargetProcessors' : [ 0x14, ['_GROUP_AFFINITY']],
+    'IntRemapInfo' : [ 0x20, ['_INTERRUPT_REMAPPING_INFO']],
+    'ControllerInput' : [ 0x30, ['__unnamed_29f5']],
+    'HvDeviceId' : [ 0x38, ['unsigned long long']],
+    'XapicMessage' : [ 0x40, ['__unnamed_29f7']],
+    'Hypertransport' : [ 0x40, ['__unnamed_29fa']],
+    'GenericMessage' : [ 0x40, ['__unnamed_29f7']],
+    'MessageRequest' : [ 0x40, ['__unnamed_29fe']],
+} ],
+  '__unnamed_2a03' : [ 0x4, {
+    'Mask' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Polarity' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MessageType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'RequestEOI' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'DestinationMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'MessageType3' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Destination' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long')]],
+    'Vector' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long')]],
+    'ExtendedAddress' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a05' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2a03']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2a08' : [ 0x4, {
+    'ExtendedDestination' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 30, native_type='unsigned long')]],
+    'PassPW' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'WaitingForEOI' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2a0a' : [ 0x4, {
+    'bits' : [ 0x0, ['__unnamed_2a08']],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_INTERRUPT_HT_INTR_INFO' : [ 0x8, {
+    'LowPart' : [ 0x0, ['__unnamed_2a05']],
+    'HighPart' : [ 0x4, ['__unnamed_2a0a']],
+} ],
+  '_CHILD_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_FILE_BASIC_INFORMATION' : [ 0x28, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x20, ['unsigned long']],
+} ],
+  '_EVENT_HEADER' : [ 0x50, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'HeaderType' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'EventProperty' : [ 0x6, ['unsigned short']],
+    'ThreadId' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'TimeStamp' : [ 0x10, ['_LARGE_INTEGER']],
+    'ProviderId' : [ 0x18, ['_GUID']],
+    'EventDescriptor' : [ 0x28, ['_EVENT_DESCRIPTOR']],
+    'KernelTime' : [ 0x38, ['unsigned long']],
+    'UserTime' : [ 0x3c, ['unsigned long']],
+    'ProcessorTime' : [ 0x38, ['unsigned long long']],
+    'ActivityId' : [ 0x40, ['_GUID']],
+} ],
+  '_SYSTEM_POWER_STATE_CONTEXT' : [ 0x4, {
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'TargetSystemState' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 12, native_type='unsigned long')]],
+    'EffectiveSystemState' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long')]],
+    'CurrentSystemState' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 20, native_type='unsigned long')]],
+    'IgnoreHibernationPath' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PseudoTransition' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'KernelSoftReboot' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DirectedDripsTransition' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+    'ContextAsUlong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTRAP_FRAME' : [ 0x8c, {
+    'DbgEbp' : [ 0x0, ['unsigned long']],
+    'DbgEip' : [ 0x4, ['unsigned long']],
+    'DbgArgMark' : [ 0x8, ['unsigned long']],
+    'TempSegCs' : [ 0xc, ['unsigned short']],
+    'Logging' : [ 0xe, ['unsigned char']],
+    'FrameType' : [ 0xf, ['unsigned char']],
+    'TempEsp' : [ 0x10, ['unsigned long']],
+    'Dr0' : [ 0x14, ['unsigned long']],
+    'Dr1' : [ 0x18, ['unsigned long']],
+    'Dr2' : [ 0x1c, ['unsigned long']],
+    'Dr3' : [ 0x20, ['unsigned long']],
+    'Dr6' : [ 0x24, ['unsigned long']],
+    'Dr7' : [ 0x28, ['unsigned long']],
+    'SegGs' : [ 0x2c, ['unsigned long']],
+    'SegEs' : [ 0x30, ['unsigned long']],
+    'SegDs' : [ 0x34, ['unsigned long']],
+    'Edx' : [ 0x38, ['unsigned long']],
+    'Ecx' : [ 0x3c, ['unsigned long']],
+    'Eax' : [ 0x40, ['unsigned long']],
+    'PreviousPreviousMode' : [ 0x44, ['unsigned char']],
+    'EntropyQueueDpc' : [ 0x45, ['unsigned char']],
+    'NmiMsrIbrs' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x46, ['unsigned char']],
+    'PreviousIrql' : [ 0x47, ['unsigned char']],
+    'MxCsr' : [ 0x48, ['unsigned long']],
+    'ExceptionList' : [ 0x4c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'SegFs' : [ 0x50, ['unsigned long']],
+    'Edi' : [ 0x54, ['unsigned long']],
+    'Esi' : [ 0x58, ['unsigned long']],
+    'Ebx' : [ 0x5c, ['unsigned long']],
+    'Ebp' : [ 0x60, ['unsigned long']],
+    'ErrCode' : [ 0x64, ['unsigned long']],
+    'Eip' : [ 0x68, ['unsigned long']],
+    'SegCs' : [ 0x6c, ['unsigned long']],
+    'EFlags' : [ 0x70, ['unsigned long']],
+    'HardwareEsp' : [ 0x74, ['unsigned long']],
+    'HardwareSegSs' : [ 0x78, ['unsigned long']],
+    'V86Es' : [ 0x7c, ['unsigned long']],
+    'V86Ds' : [ 0x80, ['unsigned long']],
+    'V86Fs' : [ 0x84, ['unsigned long']],
+    'V86Gs' : [ 0x88, ['unsigned long']],
+} ],
+  '_MMPTE_HIGHLOW' : [ 0x8, {
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_KINTERRUPT' : [ 0xd0, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'InterruptListEntry' : [ 0x4, ['_LIST_ENTRY']],
+    'ServiceRoutine' : [ 0xc, ['pointer', ['void']]],
+    'MessageServiceRoutine' : [ 0x10, ['pointer', ['void']]],
+    'MessageIndex' : [ 0x14, ['unsigned long']],
+    'ServiceContext' : [ 0x18, ['pointer', ['void']]],
+    'SpinLock' : [ 0x1c, ['unsigned long']],
+    'TickCount' : [ 0x20, ['unsigned long']],
+    'ActualLock' : [ 0x24, ['pointer', ['unsigned long']]],
+    'DispatchAddress' : [ 0x28, ['pointer', ['void']]],
+    'Vector' : [ 0x2c, ['unsigned long']],
+    'Irql' : [ 0x30, ['unsigned char']],
+    'SynchronizeIrql' : [ 0x31, ['unsigned char']],
+    'FloatingSave' : [ 0x32, ['unsigned char']],
+    'Connected' : [ 0x33, ['unsigned char']],
+    'Number' : [ 0x34, ['unsigned long']],
+    'ShareVector' : [ 0x38, ['unsigned char']],
+    'EmulateActiveBoth' : [ 0x39, ['unsigned char']],
+    'ActiveCount' : [ 0x3a, ['unsigned short']],
+    'InternalState' : [ 0x3c, ['long']],
+    'Mode' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0x44, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'ServiceCount' : [ 0x48, ['unsigned long']],
+    'DispatchCount' : [ 0x4c, ['unsigned long']],
+    'PassiveEvent' : [ 0x50, ['pointer', ['_KEVENT']]],
+    'TrapFrame' : [ 0x54, ['pointer', ['_KTRAP_FRAME']]],
+    'DisconnectData' : [ 0x58, ['pointer', ['void']]],
+    'ServiceThread' : [ 0x5c, ['pointer', ['_KTHREAD']]],
+    'ConnectionData' : [ 0x60, ['pointer', ['_INTERRUPT_CONNECTION_DATA']]],
+    'IntTrackEntry' : [ 0x64, ['pointer', ['void']]],
+    'IsrDpcStats' : [ 0x68, ['_ISRDPCSTATS']],
+    'RedirectObject' : [ 0xc8, ['pointer', ['void']]],
+    'PhysicalDeviceObject' : [ 0xcc, ['pointer', ['void']]],
+} ],
+  '_PRIVILEGE_SET' : [ 0x14, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_IO_WORKITEM' : [ 0x34, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'Routine' : [ 0x10, ['pointer', ['void']]],
+    'IoObject' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'WorkOnBehalfThread' : [ 0x1c, ['pointer', ['_ETHREAD']]],
+    'Type' : [ 0x20, ['unsigned long']],
+    'ActivityId' : [ 0x24, ['_GUID']],
+} ],
+  '_DISALLOWED_GUIDS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Guids' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_MMWSL_INSTANCE' : [ 0x18, {
+    'NextPteToTrim' : [ 0x0, ['pointer', ['_MMPTE']]],
+    'NextPteToAge' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'NextPteToAccessClear' : [ 0x8, ['pointer', ['_MMPTE']]],
+    'LastAccessClearingRemainder' : [ 0xc, ['unsigned long']],
+    'LastAgingRemainder' : [ 0x10, ['unsigned long']],
+    'LockedEntries' : [ 0x14, ['unsigned long']],
+} ],
+  '_XSAVE_AREA_HEADER' : [ 0x40, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'CompactionMask' : [ 0x8, ['unsigned long long']],
+    'Reserved2' : [ 0x10, ['array', 6, ['unsigned long long']]],
+} ],
+  '_PI_BUS_EXTENSION' : [ 0x44, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'NumberCSNs' : [ 0x4, ['unsigned char']],
+    'ReadDataPort' : [ 0x8, ['pointer', ['unsigned char']]],
+    'DataPortMapped' : [ 0xc, ['unsigned char']],
+    'AddressPort' : [ 0x10, ['pointer', ['unsigned char']]],
+    'AddrPortMapped' : [ 0x14, ['unsigned char']],
+    'CommandPort' : [ 0x18, ['pointer', ['unsigned char']]],
+    'CmdPortMapped' : [ 0x1c, ['unsigned char']],
+    'NextSlotNumber' : [ 0x20, ['unsigned long']],
+    'DeviceList' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'CardList' : [ 0x28, ['_SINGLE_LIST_ENTRY']],
+    'PhysicalBusDevice' : [ 0x2c, ['pointer', ['_DEVICE_OBJECT']]],
+    'FunctionalBusDevice' : [ 0x30, ['pointer', ['_DEVICE_OBJECT']]],
+    'AttachedDevice' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'BusNumber' : [ 0x38, ['unsigned long']],
+    'SystemPowerState' : [ 0x3c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'DevicePowerState' : [ 0x40, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION' : [ 0x50, {
+    'ValidBits' : [ 0x0, ['_WHEA_MEMORY_ERROR_SECTION_VALIDBITS']],
+    'ErrorStatus' : [ 0x8, ['_WHEA_ERROR_STATUS']],
+    'PhysicalAddress' : [ 0x10, ['unsigned long long']],
+    'PhysicalAddressMask' : [ 0x18, ['unsigned long long']],
+    'Node' : [ 0x20, ['unsigned short']],
+    'Card' : [ 0x22, ['unsigned short']],
+    'Module' : [ 0x24, ['unsigned short']],
+    'Bank' : [ 0x26, ['unsigned short']],
+    'Device' : [ 0x28, ['unsigned short']],
+    'Row' : [ 0x2a, ['unsigned short']],
+    'Column' : [ 0x2c, ['unsigned short']],
+    'BitPosition' : [ 0x2e, ['unsigned short']],
+    'RequesterId' : [ 0x30, ['unsigned long long']],
+    'ResponderId' : [ 0x38, ['unsigned long long']],
+    'TargetId' : [ 0x40, ['unsigned long long']],
+    'ErrorType' : [ 0x48, ['unsigned char']],
+    'Extended' : [ 0x49, ['unsigned char']],
+    'RankNumber' : [ 0x4a, ['unsigned short']],
+    'CardHandle' : [ 0x4c, ['unsigned short']],
+    'ModuleHandle' : [ 0x4e, ['unsigned short']],
+} ],
+  '_EX_POOL_HEAP_MANAGER_STATE' : [ 0x228c0, {
+    'HeapManager' : [ 0x0, ['_RTLP_HP_HEAP_MANAGER']],
+    'NumberOfPools' : [ 0x1c70, ['unsigned long']],
+    'PoolNode' : [ 0x1c80, ['array', 16, ['_EX_HEAP_POOL_NODE']]],
+    'SpecialHeaps' : [ 0x22880, ['array', 4, ['pointer', ['_SEGMENT_HEAP']]]],
+} ],
+  '_IO_RESOURCE_LIST' : [ 0x28, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Descriptors' : [ 0x8, ['array', 1, ['_IO_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KAPC_STATE' : [ 0x18, {
+    'ApcListHead' : [ 0x0, ['array', 2, ['_LIST_ENTRY']]],
+    'Process' : [ 0x10, ['pointer', ['_KPROCESS']]],
+    'InProgressFlags' : [ 0x14, ['unsigned char']],
+    'KernelApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SpecialApcInProgress' : [ 0x14, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'KernelApcPending' : [ 0x15, ['unsigned char']],
+    'UserApcPendingAll' : [ 0x16, ['unsigned char']],
+    'SpecialUserApcPending' : [ 0x16, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'UserApcPending' : [ 0x16, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+} ],
+  '_KDEVICE_QUEUE_ENTRY' : [ 0x10, {
+    'DeviceListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SortKey' : [ 0x8, ['unsigned long']],
+    'Inserted' : [ 0xc, ['unsigned char']],
+} ],
+  '_PEP_ACPI_RESOURCE_FLAGS' : [ 0x4, {
+    'AsULong' : [ 0x0, ['unsigned long']],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Wake' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ResourceUsage' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SlaveMode' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'AddressingMode' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'SharedMode' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_INITIAL_PRIVILEGE_SET' : [ 0x2c, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Control' : [ 0x4, ['unsigned long']],
+    'Privilege' : [ 0x8, ['array', 3, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_ETW_REF_CLOCK' : [ 0x10, {
+    'StartTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'StartPerfClock' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_IO_ADAPTER_CRYPTO_PARAMETERS' : [ 0x10, {
+    'Tweak' : [ 0x0, ['unsigned long long']],
+    'KeyDescriptor' : [ 0x8, ['pointer', ['_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR']]],
+} ],
+  '_HEAP_VAMGR_CTX' : [ 0x1c20, {
+    'VaSpace' : [ 0x0, ['_HEAP_VAMGR_VASPACE']],
+    'AllocatorLock' : [ 0x34, ['unsigned long']],
+    'AllocatorCount' : [ 0x38, ['unsigned long']],
+    'Allocators' : [ 0x3c, ['array', 255, ['_HEAP_VAMGR_ALLOCATOR']]],
+} ],
+  '_IMAGE_IMPORT_CONTROL_TRANSFER_DYNAMIC_RELOCATION' : [ 0x4, {
+    'PageRelativeOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'IndirectCall' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'IATIndex' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_TOKEN_SOURCE' : [ 0x10, {
+    'SourceName' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'SourceIdentifier' : [ 0x8, ['_LUID']],
+} ],
+  '_DEBUG_DEVICE_DESCRIPTOR' : [ 0xa8, {
+    'Bus' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'Segment' : [ 0x8, ['unsigned short']],
+    'VendorID' : [ 0xa, ['unsigned short']],
+    'DeviceID' : [ 0xc, ['unsigned short']],
+    'BaseClass' : [ 0xe, ['unsigned char']],
+    'SubClass' : [ 0xf, ['unsigned char']],
+    'ProgIf' : [ 0x10, ['unsigned char']],
+    'Flags' : [ 0x11, ['unsigned char']],
+    'DbgHalScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DbgBarsMapped' : [ 0x11, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'DbgScratchAllocated' : [ 0x11, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Initialized' : [ 0x12, ['unsigned char']],
+    'Configured' : [ 0x13, ['unsigned char']],
+    'BaseAddress' : [ 0x14, ['array', 6, ['DEBUG_DEVICE_ADDRESS']]],
+    'Memory' : [ 0x60, ['DEBUG_MEMORY_REQUIREMENTS']],
+    'Dbg2TableIndex' : [ 0x80, ['unsigned long']],
+    'PortType' : [ 0x84, ['unsigned short']],
+    'PortSubtype' : [ 0x86, ['unsigned short']],
+    'OemData' : [ 0x88, ['pointer', ['void']]],
+    'OemDataLength' : [ 0x8c, ['unsigned long']],
+    'NameSpace' : [ 0x90, ['Enumeration', dict(target = 'long', choices = {0: u'KdNameSpacePCI', 1: u'KdNameSpaceACPI', 2: u'KdNameSpaceAny', 3: u'KdNameSpaceNone', 4: u'KdNameSpaceMax'})]],
+    'NameSpacePath' : [ 0x94, ['pointer', ['wchar']]],
+    'NameSpacePathLength' : [ 0x98, ['unsigned long']],
+    'TransportType' : [ 0x9c, ['unsigned long']],
+    'TransportData' : [ 0xa0, ['_DEBUG_TRANSPORT_DATA']],
+} ],
+  '__unnamed_2a70' : [ 0x4, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_2a72' : [ 0x18, {
+    'PollInterval' : [ 0x0, ['unsigned long']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'SwitchToPollingThreshold' : [ 0x8, ['unsigned long']],
+    'SwitchToPollingWindow' : [ 0xc, ['unsigned long']],
+    'ErrorThreshold' : [ 0x10, ['unsigned long']],
+    'ErrorThresholdWindow' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_2a74' : [ 0x18, {
+    'Polled' : [ 0x0, ['__unnamed_2a70']],
+    'Interrupt' : [ 0x0, ['__unnamed_2a72']],
+    'LocalInterrupt' : [ 0x0, ['__unnamed_2a72']],
+    'Sci' : [ 0x0, ['__unnamed_2a72']],
+    'Nmi' : [ 0x0, ['__unnamed_2a72']],
+    'Sea' : [ 0x0, ['__unnamed_2a72']],
+    'Sei' : [ 0x0, ['__unnamed_2a72']],
+    'Gsiv' : [ 0x0, ['__unnamed_2a72']],
+} ],
+  '_WHEA_NOTIFICATION_DESCRIPTOR' : [ 0x1c, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Length' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['_WHEA_NOTIFICATION_FLAGS']],
+    'u' : [ 0x4, ['__unnamed_2a74']],
+} ],
+  '_THERMAL_INFORMATION_EX' : [ 0x5c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'SamplingPeriod' : [ 0xc, ['unsigned long']],
+    'CurrentTemperature' : [ 0x10, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x14, ['unsigned long']],
+    'ThermalStandbyTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'PassiveCoolingDevicesPresent' : [ 0x21, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+    'S4TransitionTripPoint' : [ 0x4c, ['unsigned long']],
+    'MinimumThrottle' : [ 0x50, ['unsigned long']],
+    'OverThrottleThreshold' : [ 0x54, ['unsigned long']],
+    'PollingPeriod' : [ 0x58, ['unsigned long']],
+} ],
+  '_LOGGED_STREAM_CALLBACK_V2' : [ 0x4, {
+    'LogHandleContext' : [ 0x0, ['pointer', ['_LOG_HANDLE_CONTEXT']]],
+} ],
+  '_KPRIQUEUE' : [ 0x19c, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['array', 32, ['_LIST_ENTRY']]],
+    'CurrentCount' : [ 0x110, ['array', 32, ['long']]],
+    'MaximumCount' : [ 0x190, ['unsigned long']],
+    'ThreadListHead' : [ 0x194, ['_LIST_ENTRY']],
+} ],
+  '_IOP_IRP_EXTENSION_STATUS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'ActivityId' : [ 0x4, ['unsigned long']],
+    'IoTracking' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_KEY_SECURITY_CACHE' : [ 0x2c, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'ConvKey' : [ 0x4, ['unsigned long']],
+    'List' : [ 0x8, ['_LIST_ENTRY']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'RealRefCount' : [ 0x14, ['unsigned long']],
+    'Descriptor' : [ 0x18, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_RTL_SRWLOCK' : [ 0x4, {
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Waiting' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Waking' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MultipleShared' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Shared' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'Ptr' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_EX_WORK_QUEUE' : [ 0x1c0, {
+    'WorkPriQueue' : [ 0x0, ['_KPRIQUEUE']],
+    'Partition' : [ 0x19c, ['pointer', ['_EX_PARTITION']]],
+    'Node' : [ 0x1a0, ['pointer', ['_ENODE']]],
+    'WorkItemsProcessed' : [ 0x1a4, ['unsigned long']],
+    'WorkItemsProcessedLastPass' : [ 0x1a8, ['unsigned long']],
+    'ThreadCount' : [ 0x1ac, ['long']],
+    'MinThreads' : [ 0x1b0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='long')]],
+    'TryFailed' : [ 0x1b0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'MaxThreads' : [ 0x1b4, ['long']],
+    'QueueIndex' : [ 0x1b8, ['Enumeration', dict(target = 'long', choices = {0: u'ExPoolUntrusted', 1: u'IoPoolUntrusted', 8: u'ExPoolMax'})]],
+    'AllThreadsExitedEvent' : [ 0x1bc, ['pointer', ['_KEVENT']]],
+} ],
+  '_KSCB' : [ 0x100, {
+    'GenerationCycles' : [ 0x0, ['unsigned long long']],
+    'MinQuotaCycleTarget' : [ 0x8, ['unsigned long long']],
+    'MaxQuotaCycleTarget' : [ 0x10, ['unsigned long long']],
+    'RankCycleTarget' : [ 0x18, ['unsigned long long']],
+    'LongTermCycles' : [ 0x20, ['unsigned long long']],
+    'LastReportedCycles' : [ 0x28, ['unsigned long long']],
+    'OverQuotaHistory' : [ 0x30, ['unsigned long long']],
+    'ReadyTime' : [ 0x38, ['unsigned long long']],
+    'InsertTime' : [ 0x40, ['unsigned long long']],
+    'PerProcessorList' : [ 0x48, ['_LIST_ENTRY']],
+    'QueueNode' : [ 0x50, ['_RTL_BALANCED_NODE']],
+    'Inserted' : [ 0x5c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'MaxOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'MinOverQuota' : [ 0x5c, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'RankBias' : [ 0x5c, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'SoftCap' : [ 0x5c, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ShareRankOwner' : [ 0x5c, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare1' : [ 0x5c, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'Depth' : [ 0x5d, ['unsigned char']],
+    'ReadySummary' : [ 0x5e, ['unsigned short']],
+    'Rank' : [ 0x60, ['unsigned long']],
+    'ShareRank' : [ 0x64, ['pointer', ['unsigned long']]],
+    'OwnerShareRank' : [ 0x68, ['unsigned long']],
+    'ReadyListHead' : [ 0x6c, ['array', 16, ['_LIST_ENTRY']]],
+    'ChildScbQueue' : [ 0xec, ['_RTL_RB_TREE']],
+    'Parent' : [ 0xf4, ['pointer', ['_KSCB']]],
+    'Root' : [ 0xf8, ['pointer', ['_KSCB']]],
+} ],
+  '__unnamed_2a9c' : [ 0x2, {
+    'SignatureLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'SignatureType' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned short')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'EntireField' : [ 0x0, ['unsigned short']],
+} ],
+  '_KLDR_DATA_TABLE_ENTRY' : [ 0x5c, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'ExceptionTable' : [ 0x8, ['pointer', ['void']]],
+    'ExceptionTableSize' : [ 0xc, ['unsigned long']],
+    'GpValue' : [ 0x10, ['pointer', ['void']]],
+    'NonPagedDebugInfo' : [ 0x14, ['pointer', ['_NON_PAGED_DEBUG_INFO']]],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'LoadCount' : [ 0x38, ['unsigned short']],
+    'u1' : [ 0x3a, ['__unnamed_2a9c']],
+    'SectionPointer' : [ 0x3c, ['pointer', ['void']]],
+    'CheckSum' : [ 0x40, ['unsigned long']],
+    'CoverageSectionSize' : [ 0x44, ['unsigned long']],
+    'CoverageSection' : [ 0x48, ['pointer', ['void']]],
+    'LoadedImports' : [ 0x4c, ['pointer', ['void']]],
+    'Spare' : [ 0x50, ['pointer', ['void']]],
+    'SizeOfImageNotRounded' : [ 0x54, ['unsigned long']],
+    'TimeDateStamp' : [ 0x58, ['unsigned long']],
+} ],
+  '_VF_TRACKER' : [ 0x10, {
+    'TrackerFlags' : [ 0x0, ['unsigned long']],
+    'TrackerSize' : [ 0x4, ['unsigned long']],
+    'TrackerIndex' : [ 0x8, ['unsigned long']],
+    'TraceDepth' : [ 0xc, ['unsigned long']],
+} ],
+  '_KTSS' : [ 0x20ac, {
+    'Backlink' : [ 0x0, ['unsigned short']],
+    'Reserved0' : [ 0x2, ['unsigned short']],
+    'Esp0' : [ 0x4, ['unsigned long']],
+    'Ss0' : [ 0x8, ['unsigned short']],
+    'Reserved1' : [ 0xa, ['unsigned short']],
+    'NotUsed1' : [ 0xc, ['array', 4, ['unsigned long']]],
+    'CR3' : [ 0x1c, ['unsigned long']],
+    'Eip' : [ 0x20, ['unsigned long']],
+    'EFlags' : [ 0x24, ['unsigned long']],
+    'Eax' : [ 0x28, ['unsigned long']],
+    'Ecx' : [ 0x2c, ['unsigned long']],
+    'Edx' : [ 0x30, ['unsigned long']],
+    'Ebx' : [ 0x34, ['unsigned long']],
+    'Esp' : [ 0x38, ['unsigned long']],
+    'Ebp' : [ 0x3c, ['unsigned long']],
+    'Esi' : [ 0x40, ['unsigned long']],
+    'Edi' : [ 0x44, ['unsigned long']],
+    'Es' : [ 0x48, ['unsigned short']],
+    'Reserved2' : [ 0x4a, ['unsigned short']],
+    'Cs' : [ 0x4c, ['unsigned short']],
+    'Reserved3' : [ 0x4e, ['unsigned short']],
+    'Ss' : [ 0x50, ['unsigned short']],
+    'Reserved4' : [ 0x52, ['unsigned short']],
+    'Ds' : [ 0x54, ['unsigned short']],
+    'Reserved5' : [ 0x56, ['unsigned short']],
+    'Fs' : [ 0x58, ['unsigned short']],
+    'Reserved6' : [ 0x5a, ['unsigned short']],
+    'Gs' : [ 0x5c, ['unsigned short']],
+    'Reserved7' : [ 0x5e, ['unsigned short']],
+    'LDT' : [ 0x60, ['unsigned short']],
+    'Reserved8' : [ 0x62, ['unsigned short']],
+    'Flags' : [ 0x64, ['unsigned short']],
+    'IoMapBase' : [ 0x66, ['unsigned short']],
+    'IoMaps' : [ 0x68, ['array', 1, ['_KiIoAccessMap']]],
+    'IntDirectionMap' : [ 0x208c, ['array', 32, ['unsigned char']]],
+} ],
+  '_MI_SYSTEM_TRIM_STATE' : [ 0x40, {
+    'ExpansionLock' : [ 0x0, ['unsigned long']],
+    'TrimInProgressCount' : [ 0x4, ['long']],
+    'PeriodicWorkingSetEvent' : [ 0x8, ['_KEVENT']],
+    'TrimAllPageFaultCount' : [ 0x18, ['array', 3, ['unsigned long']]],
+} ],
+  '_RTLP_HP_METADATA_HEAP_CTX' : [ 0x8, {
+    'Heap' : [ 0x0, ['pointer', ['_SEGMENT_HEAP']]],
+    'InitOnce' : [ 0x4, ['_RTL_RUN_ONCE']],
+} ],
+  '_KMUTANT' : [ 0x20, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'MutantListEntry' : [ 0x10, ['_LIST_ENTRY']],
+    'OwnerThread' : [ 0x18, ['pointer', ['_KTHREAD']]],
+    'MutantFlags' : [ 0x1c, ['unsigned char']],
+    'Abandoned' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'Abandoned2' : [ 0x1c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'AbEnabled' : [ 0x1c, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Spare2' : [ 0x1c, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'ApcDisable' : [ 0x1d, ['unsigned char']],
+} ],
+  '__unnamed_2ab0' : [ 0x4, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 29, native_type='unsigned long')]],
+} ],
+  '__unnamed_2ab3' : [ 0x4, {
+    'Tradable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'WsleAge' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long')]],
+    'NonPagedBuddy' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_ACTIVE_PFN' : [ 0x4, {
+    'Leaf' : [ 0x0, ['__unnamed_2ab0']],
+    'PageTable' : [ 0x0, ['__unnamed_2ab3']],
+    'EntireActiveField' : [ 0x0, ['unsigned long']],
+} ],
+  '_TRACE_ENABLE_INFO' : [ 0x20, {
+    'IsEnabled' : [ 0x0, ['unsigned long']],
+    'Level' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'LoggerId' : [ 0x6, ['unsigned short']],
+    'EnableProperty' : [ 0x8, ['unsigned long']],
+    'Reserved2' : [ 0xc, ['unsigned long']],
+    'MatchAnyKeyword' : [ 0x10, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x18, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_STACK_INFO' : [ 0xc, {
+    'Sequence' : [ 0x0, ['unsigned long']],
+    'Index' : [ 0x4, ['unsigned short']],
+    'NumTraces' : [ 0x6, ['unsigned short']],
+    'Tag' : [ 0x8, ['unsigned long']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN' : [ 0xc, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Tokens' : [ 0x4, ['array', 1, ['_ETW_FILTER_STRING_TOKEN_ELEMENT']]],
+} ],
+  '_MM_SYSTEM_PAGE_COUNTS' : [ 0x10, {
+    'SystemCodePage' : [ 0x0, ['unsigned long']],
+    'SystemDriverPage' : [ 0x4, ['unsigned long']],
+    'TotalSystemCodePages' : [ 0x8, ['long']],
+    'TotalSystemDriverPages' : [ 0xc, ['long']],
+} ],
+  '_KENLISTMENT' : [ 0x168, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'NamespaceLink' : [ 0x4, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'EnlistmentId' : [ 0x18, ['_GUID']],
+    'Mutex' : [ 0x28, ['_KMUTANT']],
+    'NextSameTx' : [ 0x48, ['_LIST_ENTRY']],
+    'NextSameRm' : [ 0x50, ['_LIST_ENTRY']],
+    'ResourceManager' : [ 0x58, ['pointer', ['_KRESOURCEMANAGER']]],
+    'Transaction' : [ 0x5c, ['pointer', ['_KTRANSACTION']]],
+    'State' : [ 0x60, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+    'Flags' : [ 0x64, ['unsigned long']],
+    'NotificationMask' : [ 0x68, ['unsigned long']],
+    'Key' : [ 0x6c, ['pointer', ['void']]],
+    'KeyRefCount' : [ 0x70, ['unsigned long']],
+    'RecoveryInformation' : [ 0x74, ['pointer', ['void']]],
+    'RecoveryInformationLength' : [ 0x78, ['unsigned long']],
+    'DynamicNameInformation' : [ 0x7c, ['pointer', ['void']]],
+    'DynamicNameInformationLength' : [ 0x80, ['unsigned long']],
+    'FinalNotification' : [ 0x84, ['pointer', ['_KTMNOTIFICATION_PACKET']]],
+    'SupSubEnlistment' : [ 0x88, ['pointer', ['_KENLISTMENT']]],
+    'SupSubEnlHandle' : [ 0x8c, ['pointer', ['void']]],
+    'SubordinateTxHandle' : [ 0x90, ['pointer', ['void']]],
+    'CrmEnlistmentEnId' : [ 0x94, ['_GUID']],
+    'CrmEnlistmentTmId' : [ 0xa4, ['_GUID']],
+    'CrmEnlistmentRmId' : [ 0xb4, ['_GUID']],
+    'NextHistory' : [ 0xc4, ['unsigned long']],
+    'History' : [ 0xc8, ['array', 20, ['_KENLISTMENT_HISTORY']]],
+} ],
+  '_THERMAL_POLICY' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'WaitForUpdate' : [ 0x4, ['unsigned char']],
+    'Hibernate' : [ 0x5, ['unsigned char']],
+    'Critical' : [ 0x6, ['unsigned char']],
+    'ThermalStandby' : [ 0x7, ['unsigned char']],
+    'ActivationReasons' : [ 0x8, ['unsigned long']],
+    'PassiveLimit' : [ 0xc, ['unsigned long']],
+    'ActiveLevel' : [ 0x10, ['unsigned long']],
+    'OverThrottled' : [ 0x14, ['unsigned char']],
+} ],
+  '_FILE_GET_QUOTA_INFORMATION' : [ 0x14, {
+    'NextEntryOffset' : [ 0x0, ['unsigned long']],
+    'SidLength' : [ 0x4, ['unsigned long']],
+    'Sid' : [ 0x8, ['_SID']],
+} ],
+  '_MI_ACCESS_LOG_STATE' : [ 0x80, {
+    'CcAccessLog' : [ 0x0, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'DisableAccessLogging' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+    'Enabled' : [ 0x14, ['unsigned long']],
+    'MinLoggingPriority' : [ 0x18, ['unsigned long']],
+    'AccessLoggingLock' : [ 0x40, ['unsigned long']],
+} ],
+  '_HMAP_TABLE' : [ 0x1800, {
+    'Table' : [ 0x0, ['array', 512, ['_HMAP_ENTRY']]],
+} ],
+  '__unnamed_2ade' : [ 0x4, {
+    'SnapSharedExportsFailed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '__unnamed_2ae0' : [ 0x10, {
+    'AllSharedExportThunks' : [ 0x0, ['_VF_TARGET_ALL_SHARED_EXPORT_THUNKS']],
+    'Flags' : [ 0x0, ['__unnamed_2ade']],
+} ],
+  '_VF_TARGET_DRIVER' : [ 0x20, {
+    'TreeNode' : [ 0x0, ['_VF_AVL_TREE_NODE_EX']],
+    'u1' : [ 0xc, ['__unnamed_2ae0']],
+    'VerifiedData' : [ 0x1c, ['pointer', ['_VF_TARGET_VERIFIED_DRIVER_DATA']]],
+} ],
+  '_IO_SECURITY_CONTEXT' : [ 0x10, {
+    'SecurityQos' : [ 0x0, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'AccessState' : [ 0x4, ['pointer', ['_ACCESS_STATE']]],
+    'DesiredAccess' : [ 0x8, ['unsigned long']],
+    'FullCreateOptions' : [ 0xc, ['unsigned long']],
+} ],
+  '_ENERGY_STATE_DURATION' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'LastChangeTime' : [ 0x0, ['unsigned long']],
+    'Duration' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'IsInState' : [ 0x4, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IMAGE_INDIR_CONTROL_TRANSFER_DYNAMIC_RELOCATION' : [ 0x2, {
+    'PageRelativeOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'IndirectCall' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'RexWPrefix' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'CfgCheck' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_VI_VERIFIER_POOL_HEADER' : [ 0x4, {
+    'VerifierPoolEntry' : [ 0x0, ['pointer', ['_VI_POOL_ENTRY']]],
+} ],
+  '_MI_REVERSE_VIEW_MAP' : [ 0x18, {
+    'ViewLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'SystemCacheVa' : [ 0x8, ['pointer', ['void']]],
+    'SessionViewVa' : [ 0x8, ['pointer', ['void']]],
+    'VadsProcess' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'Type' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'Subsection' : [ 0xc, ['pointer', ['_SUBSECTION']]],
+    'SubsectionType' : [ 0xc, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'SystemCacheAttributes' : [ 0x10, ['_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES']],
+    'SectionOffset' : [ 0x10, ['unsigned long long']],
+} ],
+  '_MI_SYSTEM_PTE_STATE' : [ 0x180, {
+    'MdlTrackerLookaside' : [ 0x0, ['_NPAGED_LOOKASIDE_LIST']],
+    'DeadPteTrackerSListHead' : [ 0xc0, ['_SLIST_HEADER']],
+    'PteTrackerLock' : [ 0xc8, ['unsigned long']],
+    'PteTrackingBitmap' : [ 0xcc, ['_RTL_BITMAP']],
+    'CachedPteHeads' : [ 0xd4, ['pointer', ['_MI_CACHED_PTES']]],
+    'CachedKernelStackPteHeads' : [ 0xd8, ['pointer', ['_MI_CACHED_PTES']]],
+    'SystemViewPteInfo' : [ 0xdc, ['_MI_SYSTEM_PTE_TYPE']],
+    'KernelStackPteInfo' : [ 0x110, ['_MI_SYSTEM_PTE_TYPE']],
+    'StackGrowthFailures' : [ 0x144, ['unsigned long']],
+    'KernelStackPages' : [ 0x148, ['unsigned char']],
+    'TrackPtesAborted' : [ 0x149, ['unsigned char']],
+    'AdjustCounter' : [ 0x14a, ['unsigned char']],
+    'ReservedMappingLock' : [ 0x14c, ['long']],
+    'ReservedMappingTree' : [ 0x150, ['_RTL_AVL_TREE']],
+    'ReservedMappingPageTablePfns' : [ 0x154, ['pointer', ['_MMPFN']]],
+    'OutswappedKernelStackRoot' : [ 0x158, ['_RTL_AVL_TREE']],
+    'OutswappedKernelStackLock' : [ 0x15c, ['long']],
+    'BreakMakePte' : [ 0x160, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_2af8' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MI_PARTITION_FLAGS']],
+} ],
+  '_MI_PARTITION_CORE' : [ 0xe8, {
+    'PartitionId' : [ 0x0, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_2af8']],
+    'Signature' : [ 0x8, ['unsigned long']],
+    'MemoryConfigurationChanged' : [ 0xc, ['unsigned char']],
+    'NodeInformation' : [ 0x10, ['pointer', ['_MI_NODE_INFORMATION']]],
+    'PageRoot' : [ 0x14, ['_RTL_AVL_TREE']],
+    'MemoryNodeRuns' : [ 0x18, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'MemoryBlockReferences' : [ 0x1c, ['unsigned long']],
+    'PfnUnmapWorkItem' : [ 0x20, ['_WORK_QUEUE_ITEM']],
+    'PfnUnmapCount' : [ 0x30, ['unsigned long']],
+    'PfnUnmapWaitList' : [ 0x34, ['pointer', ['void']]],
+    'MemoryRuns' : [ 0x38, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+    'ExitEvent' : [ 0x3c, ['_KEVENT']],
+    'SystemThreadHandles' : [ 0x4c, ['array', 6, ['pointer', ['void']]]],
+    'PartitionObject' : [ 0x64, ['pointer', ['_EPARTITION']]],
+    'PartitionSystemThreadsLock' : [ 0x68, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryPushLock' : [ 0x6c, ['_EX_PUSH_LOCK']],
+    'DynamicMemoryLock' : [ 0x70, ['long']],
+    'PfnUnmapActive' : [ 0x74, ['unsigned char']],
+    'TemporaryMemoryEvent' : [ 0x78, ['_KEVENT']],
+    'RootDirectory' : [ 0x88, ['pointer', ['void']]],
+    'KernelObjectsDirectory' : [ 0x8c, ['pointer', ['void']]],
+    'MemoryEvents' : [ 0x90, ['array', 11, ['pointer', ['_KEVENT']]]],
+    'MemoryEventHandles' : [ 0xbc, ['array', 11, ['pointer', ['void']]]],
+} ],
+  '_MMSUPPORT_INSTANCE' : [ 0x64, {
+    'NextPageColor' : [ 0x0, ['unsigned long']],
+    'PageFaultCount' : [ 0x4, ['unsigned long']],
+    'TrimmedPageCount' : [ 0x8, ['unsigned long']],
+    'VmWorkingSetList' : [ 0xc, ['pointer', ['_MMWSL_INSTANCE']]],
+    'WorkingSetExpansionLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'AgeDistribution' : [ 0x18, ['array', 8, ['unsigned long']]],
+    'ExitOutswapGate' : [ 0x38, ['pointer', ['_KGATE']]],
+    'MinimumWorkingSetSize' : [ 0x3c, ['unsigned long']],
+    'WorkingSetLeafSize' : [ 0x40, ['unsigned long']],
+    'WorkingSetLeafPrivateSize' : [ 0x44, ['unsigned long']],
+    'WorkingSetSize' : [ 0x48, ['unsigned long']],
+    'WorkingSetPrivateSize' : [ 0x4c, ['unsigned long']],
+    'MaximumWorkingSetSize' : [ 0x50, ['unsigned long']],
+    'PeakWorkingSetSize' : [ 0x54, ['unsigned long']],
+    'HardFaultCount' : [ 0x58, ['unsigned long']],
+    'LastTrimStamp' : [ 0x5c, ['unsigned short']],
+    'Unused0' : [ 0x5e, ['unsigned short']],
+    'Flags' : [ 0x60, ['_MMSUPPORT_FLAGS']],
+} ],
+  '_KWAIT_BLOCK' : [ 0x18, {
+    'WaitListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'WaitType' : [ 0x8, ['unsigned char']],
+    'BlockState' : [ 0x9, ['unsigned char']],
+    'WaitKey' : [ 0xa, ['unsigned short']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'NotificationQueue' : [ 0xc, ['pointer', ['_KQUEUE']]],
+    'Object' : [ 0x10, ['pointer', ['void']]],
+    'SparePtr' : [ 0x14, ['pointer', ['void']]],
+} ],
+  '_PPM_SELECTION_MENU_ENTRY' : [ 0x10, {
+    'StrictDependency' : [ 0x0, ['unsigned char']],
+    'InitiatingState' : [ 0x1, ['unsigned char']],
+    'DependentState' : [ 0x2, ['unsigned char']],
+    'StateIndex' : [ 0x4, ['unsigned long']],
+    'Dependencies' : [ 0x8, ['unsigned long']],
+    'DependencyList' : [ 0xc, ['pointer', ['_PPM_SELECTION_DEPENDENCY']]],
+} ],
+  '_VPB' : [ 0x58, {
+    'Type' : [ 0x0, ['short']],
+    'Size' : [ 0x2, ['short']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'VolumeLabelLength' : [ 0x6, ['unsigned short']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'RealDevice' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+    'SerialNumber' : [ 0x10, ['unsigned long']],
+    'ReferenceCount' : [ 0x14, ['unsigned long']],
+    'VolumeLabel' : [ 0x18, ['array', 32, ['wchar']]],
+} ],
+  '_MAILSLOT_CREATE_PARAMETERS' : [ 0x18, {
+    'MailslotQuota' : [ 0x0, ['unsigned long']],
+    'MaximumMessageSize' : [ 0x4, ['unsigned long']],
+    'ReadTimeout' : [ 0x8, ['_LARGE_INTEGER']],
+    'TimeoutSpecified' : [ 0x10, ['unsigned char']],
+} ],
+  '_HV_GET_BIN_CONTEXT' : [ 0x2, {
+    'OutstandingReference' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+} ],
+  '_LFH_RANDOM_DATA' : [ 0x100, {
+    'Bytes' : [ 0x0, ['array', 256, ['unsigned char']]],
+    'Words' : [ 0x0, ['array', 128, ['unsigned short']]],
+    'Quadwords' : [ 0x0, ['array', 32, ['unsigned long long']]],
+} ],
+  '_POP_FX_PLUGIN' : [ 0xf0, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Version' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0x10, ['unsigned long long']],
+    'WorkQueue' : [ 0x18, ['_KQUEUE']],
+    'AcceptDeviceNotification' : [ 0x40, ['pointer', ['void']]],
+    'AcceptProcessorNotification' : [ 0x44, ['pointer', ['void']]],
+    'AcceptAcpiNotification' : [ 0x48, ['pointer', ['void']]],
+    'PluginWorkPool' : [ 0x4c, ['_POP_FX_WORK_POOL']],
+} ],
+  '_MMPTE_PROTOTYPE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DemandFillProto' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'HiberVerifyConverted' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Combined' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'ProtoAddress' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2b27' : [ 0x20, {
+    'Mdl' : [ 0x0, ['_MDL']],
+    'Page' : [ 0x1c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PAGEFILE_TRACES' : [ 0x50, {
+    'Status' : [ 0x0, ['long']],
+    'PartitionId' : [ 0x4, ['unsigned short']],
+    'Priority' : [ 0x6, ['unsigned char']],
+    'IrpPriority' : [ 0x7, ['unsigned char']],
+    'ReservationWrite' : [ 0x8, ['unsigned char']],
+    'CurrentTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'AvailablePages' : [ 0x18, ['unsigned long']],
+    'ModifiedPagesTotal' : [ 0x1c, ['unsigned long']],
+    'ModifiedPagefilePages' : [ 0x20, ['unsigned long']],
+    'ModifiedNoWritePages' : [ 0x24, ['unsigned long']],
+    'ModifiedPagefileNoReservationPages' : [ 0x28, ['unsigned long']],
+    'MdlHack' : [ 0x2c, ['__unnamed_2b27']],
+} ],
+  '_KSHARED_READY_QUEUE' : [ 0x140, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'ReadySummary' : [ 0x4, ['unsigned long']],
+    'ReadyListHead' : [ 0x8, ['array', 32, ['_LIST_ENTRY']]],
+    'RunningSummary' : [ 0x108, ['array', 32, ['unsigned char']]],
+    'Span' : [ 0x128, ['unsigned char']],
+    'LowProcIndex' : [ 0x129, ['unsigned char']],
+    'QueueIndex' : [ 0x12a, ['unsigned char']],
+    'ProcCount' : [ 0x12b, ['unsigned char']],
+    'ScanOwner' : [ 0x12c, ['unsigned char']],
+    'Spare' : [ 0x12d, ['array', 3, ['unsigned char']]],
+    'Affinity' : [ 0x130, ['unsigned long']],
+    'ReadyThreadCount' : [ 0x134, ['unsigned long']],
+    'ReadyQueueExpectedRunTime' : [ 0x138, ['unsigned long long']],
+} ],
+  '_HAL_LBR_ENTRY' : [ 0xc, {
+    'FromAddress' : [ 0x0, ['pointer', ['void']]],
+    'ToAddress' : [ 0x4, ['pointer', ['void']]],
+    'Reserved' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_NT_TIB' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'StackBase' : [ 0x4, ['pointer', ['void']]],
+    'StackLimit' : [ 0x8, ['pointer', ['void']]],
+    'SubSystemTib' : [ 0xc, ['pointer', ['void']]],
+    'FiberData' : [ 0x10, ['pointer', ['void']]],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['pointer', ['void']]],
+    'Self' : [ 0x18, ['pointer', ['_NT_TIB']]],
+} ],
+  '_ETW_REG_ENTRY' : [ 0x3c, {
+    'RegList' : [ 0x0, ['_LIST_ENTRY']],
+    'GroupRegList' : [ 0x8, ['_LIST_ENTRY']],
+    'GuidEntry' : [ 0x10, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'GroupEntry' : [ 0x14, ['pointer', ['_ETW_GUID_ENTRY']]],
+    'ReplyQueue' : [ 0x18, ['pointer', ['_ETW_REPLY_QUEUE']]],
+    'ReplySlot' : [ 0x18, ['array', 4, ['pointer', ['_ETW_QUEUE_ENTRY']]]],
+    'Caller' : [ 0x18, ['pointer', ['void']]],
+    'SessionId' : [ 0x1c, ['unsigned long']],
+    'Process' : [ 0x28, ['pointer', ['_EPROCESS']]],
+    'CallbackContext' : [ 0x28, ['pointer', ['void']]],
+    'Callback' : [ 0x2c, ['pointer', ['void']]],
+    'Index' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned short']],
+    'DbgKernelRegistration' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'DbgUserRegistration' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'DbgReplyRegistration' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DbgClassicRegistration' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'DbgSessionSpaceRegistration' : [ 0x32, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'DbgModernRegistration' : [ 0x32, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'DbgClosed' : [ 0x32, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'DbgInserted' : [ 0x32, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'DbgWow64' : [ 0x32, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'DbgUseDescriptorType' : [ 0x32, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'DbgDropProviderTraits' : [ 0x32, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'EnableMask' : [ 0x34, ['unsigned char']],
+    'GroupEnableMask' : [ 0x35, ['unsigned char']],
+    'HostEnableMask' : [ 0x36, ['unsigned char']],
+    'HostGroupEnableMask' : [ 0x37, ['unsigned char']],
+    'Traits' : [ 0x38, ['pointer', ['_ETW_PROVIDER_TRAITS']]],
+} ],
+  '_TERMINATION_PORT' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_TERMINATION_PORT']]],
+    'Port' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HAL_DP_REPLACE_PARAMETERS' : [ 0xc, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'TargetProcessors' : [ 0x4, ['pointer', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+    'SpareProcessors' : [ 0x8, ['pointer', ['_PNP_REPLACE_PROCESSOR_LIST']]],
+} ],
+  '_MI_COMBINE_WORKITEM' : [ 0x14, {
+    'NextEntry' : [ 0x0, ['pointer', ['void']]],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PS_INTERLOCKED_TIMER_DELAY_VALUES' : [ 0x8, {
+    'DelayMs' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long long')]],
+    'CoalescingWindowMs' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 60, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 60, end_bit = 61, native_type='unsigned long long')]],
+    'NewTimerWheel' : [ 0x0, ['BitField', dict(start_bit = 61, end_bit = 62, native_type='unsigned long long')]],
+    'Retry' : [ 0x0, ['BitField', dict(start_bit = 62, end_bit = 63, native_type='unsigned long long')]],
+    'Locked' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'All' : [ 0x0, ['unsigned long long']],
+} ],
+  '_POWER_SEQUENCE' : [ 0xc, {
+    'SequenceD1' : [ 0x0, ['unsigned long']],
+    'SequenceD2' : [ 0x4, ['unsigned long']],
+    'SequenceD3' : [ 0x8, ['unsigned long']],
+} ],
+  '_STRING32' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_VA_STATE' : [ 0x2740, {
+    'SystemTablesLock' : [ 0x0, ['unsigned long']],
+    'SystemVaBias' : [ 0x4, ['unsigned long']],
+    'SystemAvailableVaLow' : [ 0x8, ['unsigned long']],
+    'VirtualBias' : [ 0xc, ['unsigned long']],
+    'SystemRangeStart' : [ 0x10, ['pointer', ['void']]],
+    'SystemCachePdeCount' : [ 0x14, ['array', 1024, ['unsigned char']]],
+    'SystemCacheReverseMaps' : [ 0x414, ['array', 1024, ['pointer', ['void']]]],
+    'VaRegion' : [ 0x1414, ['array', 1024, ['_MI_SYSTEM_REGION_REFERENCE']]],
+    'TopLevelPteLockBits' : [ 0x2414, ['array', 128, ['unsigned long']]],
+    'TopLevelPteAlternateLockBits' : [ 0x2614, ['array', 4, ['unsigned long']]],
+    'DeleteKvaLock' : [ 0x2624, ['long']],
+    'WsleArrays' : [ 0x2628, ['array', 8, ['pointer', ['_MI_WSLE']]]],
+    'PagableHyperSpace' : [ 0x2648, ['pointer', ['void']]],
+    'HyperSpaceEnd' : [ 0x264c, ['pointer', ['void']]],
+    'PagableHyperSpaceBytes' : [ 0x2650, ['unsigned long']],
+    'FreeSystemCacheVa' : [ 0x2654, ['_KEVENT']],
+    'SystemVaLock' : [ 0x2664, ['unsigned long']],
+    'SystemCacheViewLock' : [ 0x2668, ['unsigned long']],
+    'SystemWorkingSetList' : [ 0x266c, ['array', 8, ['_MMWSL_INSTANCE']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER' : [ 0x80, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Revision' : [ 0x4, ['_WHEA_REVISION']],
+    'SignatureEnd' : [ 0x6, ['unsigned long']],
+    'SectionCount' : [ 0xa, ['unsigned short']],
+    'Severity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaErrSevRecoverable', 1: u'WheaErrSevFatal', 2: u'WheaErrSevCorrected', 3: u'WheaErrSevInformational'})]],
+    'ValidBits' : [ 0x10, ['_WHEA_ERROR_RECORD_HEADER_VALIDBITS']],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Timestamp' : [ 0x18, ['_WHEA_TIMESTAMP']],
+    'PlatformId' : [ 0x20, ['_GUID']],
+    'PartitionId' : [ 0x30, ['_GUID']],
+    'CreatorId' : [ 0x40, ['_GUID']],
+    'NotifyType' : [ 0x50, ['_GUID']],
+    'RecordId' : [ 0x60, ['unsigned long long']],
+    'Flags' : [ 0x68, ['_WHEA_ERROR_RECORD_HEADER_FLAGS']],
+    'PersistenceInfo' : [ 0x6c, ['_WHEA_PERSISTENCE_INFO']],
+    'Reserved' : [ 0x74, ['array', 12, ['unsigned char']]],
+} ],
+  '_EXCEPTION_REGISTRATION_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'Handler' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_GDI_TEB_BATCH' : [ 0x4e0, {
+    'Offset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'HasRenderingCommand' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'HDC' : [ 0x4, ['unsigned long']],
+    'Buffer' : [ 0x8, ['array', 310, ['unsigned long']]],
+} ],
+  '_MMSUPPORT_SHARED' : [ 0x80, {
+    'WorkingSetLock' : [ 0x0, ['long']],
+    'GoodCitizenWaiting' : [ 0x4, ['long']],
+    'ReleasedCommitDebt' : [ 0x8, ['unsigned long']],
+    'ResetPagesRepurposedCount' : [ 0xc, ['unsigned long']],
+    'WsSwapSupport' : [ 0x10, ['pointer', ['void']]],
+    'CommitReleaseContext' : [ 0x14, ['pointer', ['void']]],
+    'AccessLog' : [ 0x18, ['pointer', ['void']]],
+    'ChargedWslePages' : [ 0x1c, ['unsigned long']],
+    'ActualWslePages' : [ 0x20, ['unsigned long']],
+    'WorkingSetCoreLock' : [ 0x40, ['unsigned long']],
+    'ShadowMapping' : [ 0x44, ['pointer', ['void']]],
+} ],
+  '_ETW_SYSTEM_LOGGER' : [ 0x2, {
+    'LoggerId' : [ 0x0, ['unsigned char']],
+    'ClockType' : [ 0x1, ['unsigned char']],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_ACPI' : [ 0x4, {
+    'ObjectName' : [ 0x0, ['pointer', ['unsigned char']]],
+} ],
+  '_ALPC_COMPLETION_LIST_HEADER' : [ 0x180, {
+    'StartMagic' : [ 0x0, ['unsigned long long']],
+    'TotalSize' : [ 0x8, ['unsigned long']],
+    'ListOffset' : [ 0xc, ['unsigned long']],
+    'ListSize' : [ 0x10, ['unsigned long']],
+    'BitmapOffset' : [ 0x14, ['unsigned long']],
+    'BitmapSize' : [ 0x18, ['unsigned long']],
+    'DataOffset' : [ 0x1c, ['unsigned long']],
+    'DataSize' : [ 0x20, ['unsigned long']],
+    'AttributeFlags' : [ 0x24, ['unsigned long']],
+    'AttributeSize' : [ 0x28, ['unsigned long']],
+    'State' : [ 0x40, ['_ALPC_COMPLETION_LIST_STATE']],
+    'LastMessageId' : [ 0x48, ['unsigned long']],
+    'LastCallbackId' : [ 0x4c, ['unsigned long']],
+    'PostCount' : [ 0x80, ['unsigned long']],
+    'ReturnCount' : [ 0xc0, ['unsigned long']],
+    'LogSequenceNumber' : [ 0x100, ['unsigned long']],
+    'UserLock' : [ 0x140, ['_RTL_SRWLOCK']],
+    'EndMagic' : [ 0x148, ['unsigned long long']],
+} ],
+  '__WIL__WNF_TYPE_ID' : [ 0x10, {
+    'TypeId' : [ 0x0, ['_GUID']],
+} ],
+  '_VI_POOL_ENTRY' : [ 0x10, {
+    'PageHeader' : [ 0x0, ['_VI_POOL_PAGE_HEADER']],
+    'InUse' : [ 0x0, ['_VI_POOL_ENTRY_INUSE']],
+    'NextFree' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_CM_INDEX_HINT_BLOCK' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'HashKey' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_AER_BRIDGE_DESCRIPTOR_FLAGS' : [ 0x2, {
+    'UncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'UncorrectableErrorSeverityRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'CorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'AdvancedCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorMaskRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'SecondaryUncorrectableErrorSevRW' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'SecondaryCapsAndControlRW' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_PNP_REPLACE_PROCESSOR_LIST' : [ 0x14, {
+    'Affinity' : [ 0x0, ['pointer', ['unsigned long']]],
+    'GroupCount' : [ 0x4, ['unsigned long']],
+    'AllocatedCount' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'ApicIds' : [ 0x10, ['array', 1, ['unsigned long']]],
+} ],
+  '_MMVAD_FLAGS2' : [ 0x4, {
+    'FileOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'Large' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'TrimBehind' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Inherit' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'PrivateDemandZero' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ETW_HW_TRACE_EXT_INTERFACE' : [ 0xc, {
+    'StartProcessorTraceOnEachCore' : [ 0x0, ['pointer', ['void']]],
+    'StopProcessorTraceOnEachCore' : [ 0x4, ['pointer', ['void']]],
+    'LogProcessorTraceOnCurrentCore' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_PS_CLIENT_SECURITY_CONTEXT' : [ 0x4, {
+    'ImpersonationData' : [ 0x0, ['unsigned long']],
+    'ImpersonationToken' : [ 0x0, ['pointer', ['void']]],
+    'ImpersonationLevel' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'EffectiveOnly' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+} ],
+  '_ALPC_COMPLETION_PACKET_LOOKASIDE_ENTRY' : [ 0xc, {
+    'ListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Packet' : [ 0x4, ['pointer', ['_IO_MINI_COMPLETION_PACKET_USER']]],
+    'Lookaside' : [ 0x8, ['pointer', ['_ALPC_COMPLETION_PACKET_LOOKASIDE']]],
+} ],
+  '_DBGKD_GET_CONTEXT' : [ 0x4, {
+    'Unused' : [ 0x0, ['unsigned long']],
+} ],
+  '_STRING64' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'MaximumLength' : [ 0x2, ['unsigned short']],
+    'Buffer' : [ 0x8, ['unsigned long long']],
+} ],
+  '_HEAP_STOP_ON_TAG' : [ 0x4, {
+    'HeapAndTagIndex' : [ 0x0, ['unsigned long']],
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'HeapIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_ASYNC_READ_THREAD_STATS' : [ 0x194, {
+    'CurrentLoad' : [ 0x0, ['array', 101, ['unsigned long']]],
+} ],
+  '_X86_DBGKD_CONTROL_SET' : [ 0x10, {
+    'TraceFlag' : [ 0x0, ['unsigned long']],
+    'Dr7' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_IRP_MANAGER' : [ 0x10, {
+    'DeviceIrpQueue' : [ 0x0, ['_PO_IRP_QUEUE']],
+    'SystemIrpQueue' : [ 0x8, ['_PO_IRP_QUEUE']],
+} ],
+  '_CM_RESOURCE_LIST' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'List' : [ 0x4, ['array', 1, ['_CM_FULL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_KWAIT_STATUS_REGISTER' : [ 0x1, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Affinity' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'Priority' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'Apc' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'UserApc' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'Alert' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_PAE_ENTRY' : [ 0x20, {
+    'PteEntry' : [ 0x0, ['array', 4, ['_MMPTE']]],
+    'PaeEntry' : [ 0x0, ['_PAE_PAGEINFO']],
+    'NextPae' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+} ],
+  '_MI_DLL_OVERFLOW_AREA' : [ 0x8, {
+    'RangeStart' : [ 0x0, ['pointer', ['void']]],
+    'NextVa' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MMCLONE_BLOCK' : [ 0x10, {
+    'ProtoPte' : [ 0x0, ['_MMPTE']],
+    'CloneCommitCount' : [ 0x8, ['unsigned long']],
+    'u1' : [ 0x8, ['_MI_CLONE_BLOCK_FLAGS']],
+    'CloneRefCount' : [ 0xc, ['unsigned long']],
+} ],
+  '_TEB_ACTIVE_FRAME_CONTEXT' : [ 0x8, {
+    'Flags' : [ 0x0, ['unsigned long']],
+    'FrameName' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_TEST' : [ 0x8, {
+    'UniqueId' : [ 0x0, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS' : [ 0x4, {
+    'Primary' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ContainmentWarning' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reset' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ThresholdExceeded' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ResourceNotAvailable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'LatentError' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Propagated' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_EVENT_LOG_ENTRY_HEADER' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Version' : [ 0x4, ['unsigned long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Type' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'WheaEventLogEntryTypeInformational', 1: u'WheaEventLogEntryTypeWarning', 2: u'WheaEventLogEntryTypeError'})]],
+    'OwnerTag' : [ 0x10, ['unsigned long']],
+    'Id' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {-2147483647: u'WheaEventLogEntryIdCmcPollingTimeout', -2147483646: u'WheaEventLogEntryIdWheaInit', -2147483645: u'WheaEventLogEntryIdCmcSwitchToPolling', -2147483644: u'WheaEventLogEntryIdDroppedCorrectedError', -2147483643: u'WheaEventLogEntryIdStartedReportHwError', -2147483642: u'WheaEventLogEntryIdPFAMemoryOfflined', -2147483641: u'WheaEventLogEntryIdPFAMemoryRemoveMonitor', -2147483640: u'WheaEventLogEntryIdPFAMemoryPolicy', -2147483639: u'WheaEventLogEntryIdPshedInjectError', -2147483638: u'WheaEventLogEntryIdOscCapabilities', -2147483637: u'WheaEventLogEntryIdPshedPluginRegister', -2147483636: u'WheaEventLogEntryIdAddRemoveErrorSource', -2147483635: u'WheaEventLogEntryIdWorkQueueItem', -2147483634: u'WheaEventLogEntryIdAttemptErrorRecovery', -2147483633: u'WheaEventLogEntryIdMcaFoundErrorInBank', -2147483632: u'WheaEventLogEntryIdMcaStuckErrorCheck', -2147483631: u'WheaEventLogEntryIdMcaErrorCleared', -2147483630: u'WheaEventLogEntryIdClearedPoison', -2147483629: u'WheaEventLogEntryIdProcessEINJ', -2147483628: u'WheaEventLogEntryIdProcessHEST', -2147483627: u'WheaEventLogEntryIdCreateGenericRecord', -2147483626: u'WheaEventLogEntryIdErrorRecord', -2147483625: u'WheaEventLogEntryIdErrorRecordLimit', -2147483623: u'WheaEventLogEntryIdErrSrcArrayInvalid', -2147483622: u'WheaEventLogEntryIdAcpiTimeOut', -2147483621: u'WheaEventLogCmciRestart', -2147483620: u'WheaEventLogCmciFinalRestart', -2147483619: u'WheaEventLogEntryEtwOverFlow', -2147483618: u'WheaEventLogAzccRootBusSearchErr', -2147483617: u'WheaEventLogAzccRootBusList', -2147483616: u'WheaEventLogEntryIdErrSrcInvalid', -2147483615: u'WheaEventLogEntryIdGenericErrMemMap', -2147483614: u'WheaEventLogEntryIdPshedCallbackCollision', -2147483613: u'WheaEventLogEntryIdSELBugCheckProgress', -2147483612: u'WheaEventLogEntryIdPshedPluginLoad', -2147483611: u'WheaEventLogEntryIdPshedPluginUnload', -2147483610: u'WheaEventLogEntryIdPshedPluginSupported', -2147483609: u'WheaEventLogEntryIdDeviceDriver', -2147483608: u'WheaEventLogEntryIdCmciImplPresent', -2147483607: u'WheaEventLogEntryIdCmciInitError', -2147483606: u'WheaEventLogEntryIdSELBugCheckRecovery', -2147483605: u'WheaEventLogEntryIdDrvErrSrcInvalid', -2147483604: u'WheaEventLogEntryIdDrvHandleBusy', -2147483603: u'WheaEventLogEntryIdWheaHeartbeat', -2147483602: u'WheaEventLogAzccRootBusPoisonSet', -2147483601: u'WheaEventLogEntryIdSELBugCheckInfo', -2147483600: u'WheaEventLogEntryIdErrDimmInfoMismatch', -2147483599: u'WheaEventLogEntryIdeDpcEnabled'})]],
+    'Flags' : [ 0x18, ['_WHEA_EVENT_LOG_ENTRY_FLAGS']],
+    'PayloadLength' : [ 0x1c, ['unsigned long']],
+} ],
+  '_PS_TRUSTLET_TKSESSION_ID' : [ 0x20, {
+    'SessionId' : [ 0x0, ['array', 4, ['unsigned long long']]],
+} ],
+  '__unnamed_2bbe' : [ 0x4, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'FileObject' : [ 0x0, ['pointer', ['_FILE_OBJECT']]],
+    'RemoteImageFileObject' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'RemoteDataFileObject' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_SECTION' : [ 0x28, {
+    'SectionNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'StartingVpn' : [ 0xc, ['unsigned long']],
+    'EndingVpn' : [ 0x10, ['unsigned long']],
+    'u1' : [ 0x14, ['__unnamed_2bbe']],
+    'SizeOfSection' : [ 0x18, ['unsigned long long']],
+    'u' : [ 0x20, ['__unnamed_18be']],
+    'InitialPageProtection' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'SessionId' : [ 0x24, ['BitField', dict(start_bit = 12, end_bit = 31, native_type='unsigned long')]],
+    'NoValidationNeeded' : [ 0x24, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FAST_OWNER_ENTRY' : [ 0x24, {
+    'Reserved' : [ 0x0, ['array', 9, ['pointer', ['void']]]],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_STAT' : [ 0x2, {
+    'Index' : [ 0x0, ['unsigned char']],
+    'Count' : [ 0x1, ['unsigned char']],
+} ],
+  '_WHEA_DEVICE_DRIVER_DESCRIPTOR' : [ 0x60, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'SourceGuid' : [ 0x4, ['_GUID']],
+    'LogTag' : [ 0x14, ['unsigned short']],
+    'Reserved2' : [ 0x16, ['unsigned short']],
+    'PacketLength' : [ 0x18, ['unsigned long']],
+    'PacketCount' : [ 0x1c, ['unsigned long']],
+    'PacketBuffer' : [ 0x20, ['pointer', ['unsigned char']]],
+    'Config' : [ 0x24, ['_WHEA_ERROR_SOURCE_CONFIGURATION_DD']],
+    'CreatorId' : [ 0x30, ['_GUID']],
+    'PartitionId' : [ 0x40, ['_GUID']],
+    'MaxSectionDataLength' : [ 0x50, ['unsigned long']],
+    'MaxSectionsPerRecord' : [ 0x54, ['unsigned long']],
+    'PacketStateBuffer' : [ 0x58, ['pointer', ['unsigned char']]],
+    'OpenHandles' : [ 0x5c, ['long']],
+} ],
+  '_PNP_DEVICE_EVENT_ENTRY' : [ 0x8c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Argument' : [ 0x8, ['unsigned long']],
+    'ArgumentStatus' : [ 0xc, ['long']],
+    'CallerEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'Callback' : [ 0x14, ['pointer', ['void']]],
+    'Context' : [ 0x18, ['pointer', ['void']]],
+    'VetoType' : [ 0x1c, ['pointer', ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights', 13: u'PNP_VetoAlreadyRemoved'})]]],
+    'VetoName' : [ 0x20, ['pointer', ['_UNICODE_STRING']]],
+    'RefCount' : [ 0x24, ['unsigned long']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'Cancel' : [ 0x2c, ['unsigned char']],
+    'Parent' : [ 0x30, ['pointer', ['_PNP_DEVICE_EVENT_ENTRY']]],
+    'ActivityId' : [ 0x34, ['_GUID']],
+    'Watchdog' : [ 0x44, ['pointer', ['_PNP_WATCHDOG']]],
+    'Data' : [ 0x48, ['_PLUGPLAY_EVENT_BLOCK']],
+} ],
+  '_HEAP_GLOBAL_APPCOMPAT_FLAGS' : [ 0x4, {
+    'SafeInputValidation' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Padding' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CommitLFHSubsegments' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'AllocateHeapFromEnv' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+} ],
+  '_VI_POOL_ENTRY_INUSE' : [ 0x10, {
+    'VirtualAddress' : [ 0x0, ['pointer', ['void']]],
+    'CallingAddress' : [ 0x4, ['pointer', ['void']]],
+    'NumberOfBytes' : [ 0x8, ['unsigned long']],
+    'Tag' : [ 0xc, ['unsigned long']],
+} ],
+  '_PO_DIAG_STACK_RECORD' : [ 0x8, {
+    'StackDepth' : [ 0x0, ['unsigned long']],
+    'Stack' : [ 0x4, ['array', 1, ['pointer', ['void']]]],
+} ],
+  '_PROCESS_ENERGY_VALUES_EXTENSION' : [ 0xa0, {
+    'Timelines' : [ 0x0, ['array', 14, ['_TIMELINE_BITMAP']]],
+    'CpuTimeline' : [ 0x0, ['_TIMELINE_BITMAP']],
+    'DiskTimeline' : [ 0x8, ['_TIMELINE_BITMAP']],
+    'NetworkTimeline' : [ 0x10, ['_TIMELINE_BITMAP']],
+    'MBBTimeline' : [ 0x18, ['_TIMELINE_BITMAP']],
+    'ForegroundTimeline' : [ 0x20, ['_TIMELINE_BITMAP']],
+    'DesktopVisibleTimeline' : [ 0x28, ['_TIMELINE_BITMAP']],
+    'CompositionRenderedTimeline' : [ 0x30, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyGeneratedTimeline' : [ 0x38, ['_TIMELINE_BITMAP']],
+    'CompositionDirtyPropagatedTimeline' : [ 0x40, ['_TIMELINE_BITMAP']],
+    'InputTimeline' : [ 0x48, ['_TIMELINE_BITMAP']],
+    'AudioInTimeline' : [ 0x50, ['_TIMELINE_BITMAP']],
+    'AudioOutTimeline' : [ 0x58, ['_TIMELINE_BITMAP']],
+    'DisplayRequiredTimeline' : [ 0x60, ['_TIMELINE_BITMAP']],
+    'KeyboardInputTimeline' : [ 0x68, ['_TIMELINE_BITMAP']],
+    'Durations' : [ 0x70, ['array', 5, ['_ENERGY_STATE_DURATION']]],
+    'InputDuration' : [ 0x70, ['_ENERGY_STATE_DURATION']],
+    'AudioInDuration' : [ 0x78, ['_ENERGY_STATE_DURATION']],
+    'AudioOutDuration' : [ 0x80, ['_ENERGY_STATE_DURATION']],
+    'DisplayRequiredDuration' : [ 0x88, ['_ENERGY_STATE_DURATION']],
+    'PSMBackgroundDuration' : [ 0x90, ['_ENERGY_STATE_DURATION']],
+    'KeyboardInput' : [ 0x98, ['unsigned long']],
+    'MouseInput' : [ 0x9c, ['unsigned long']],
+} ],
+  '_MI_LDW_WORK_CONTEXT' : [ 0x20, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'FileObject' : [ 0x10, ['pointer', ['_FILE_OBJECT']]],
+    'ErrorStatus' : [ 0x14, ['long']],
+    'Active' : [ 0x18, ['long']],
+    'FreeWhenDone' : [ 0x1c, ['unsigned char']],
+} ],
+  '_MI_PAGE_COMBINE_STATISTICS' : [ 0x28, {
+    'PagesScannedActive' : [ 0x0, ['unsigned long long']],
+    'PagesScannedStandby' : [ 0x8, ['unsigned long long']],
+    'PagesCombined' : [ 0x10, ['unsigned long long']],
+    'CombineScanCount' : [ 0x18, ['unsigned long']],
+    'CombinedBlocksInUse' : [ 0x1c, ['long']],
+    'SumCombinedBlocksReferenceCount' : [ 0x20, ['long']],
+} ],
+  '_MI_DEBUGGER_STATE' : [ 0x90, {
+    'TransientWrite' : [ 0x0, ['unsigned char']],
+    'CodePageEdited' : [ 0x1, ['unsigned char']],
+    'DebugPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'PoisonedTb' : [ 0x8, ['unsigned long']],
+    'InDebugger' : [ 0xc, ['long']],
+    'Pfns' : [ 0x10, ['array', 32, ['pointer', ['void']]]],
+} ],
+  '_KLOCK_ENTRY_LOCK_STATE' : [ 0x8, {
+    'CrossThreadReleasable' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Busy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 31, native_type='unsigned long')]],
+    'InTree' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LockState' : [ 0x0, ['pointer', ['void']]],
+    'SessionState' : [ 0x4, ['pointer', ['void']]],
+    'SessionId' : [ 0x4, ['unsigned long']],
+} ],
+  '_RTL_RANGE' : [ 0x20, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'UserData' : [ 0x10, ['pointer', ['void']]],
+    'Owner' : [ 0x14, ['pointer', ['void']]],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'Flags' : [ 0x19, ['unsigned char']],
+} ],
+  '_FILE_NETWORK_OPEN_INFORMATION' : [ 0x38, {
+    'CreationTime' : [ 0x0, ['_LARGE_INTEGER']],
+    'LastAccessTime' : [ 0x8, ['_LARGE_INTEGER']],
+    'LastWriteTime' : [ 0x10, ['_LARGE_INTEGER']],
+    'ChangeTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'AllocationSize' : [ 0x20, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileAttributes' : [ 0x30, ['unsigned long']],
+} ],
+  '_ETIMER' : [ 0xb8, {
+    'KeTimer' : [ 0x0, ['_KTIMER']],
+    'Lock' : [ 0x28, ['unsigned long']],
+    'TimerApc' : [ 0x2c, ['_KAPC']],
+    'TimerDpc' : [ 0x5c, ['_KDPC']],
+    'ActiveTimerListEntry' : [ 0x7c, ['_LIST_ENTRY']],
+    'Period' : [ 0x84, ['unsigned long']],
+    'TimerFlags' : [ 0x88, ['unsigned char']],
+    'ApcAssociated' : [ 0x88, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FlushDpcs' : [ 0x88, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Paused' : [ 0x88, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Spare1' : [ 0x88, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned char')]],
+    'DueTimeType' : [ 0x89, ['unsigned char']],
+    'Spare2' : [ 0x8a, ['unsigned short']],
+    'WakeReason' : [ 0x8c, ['pointer', ['_DIAGNOSTIC_CONTEXT']]],
+    'WakeTimerListEntry' : [ 0x90, ['_LIST_ENTRY']],
+    'VirtualizedTimerCookie' : [ 0x98, ['pointer', ['void']]],
+    'VirtualizedTimerLinks' : [ 0x9c, ['_LIST_ENTRY']],
+    'DueTime' : [ 0xa8, ['unsigned long long']],
+    'CoalescingWindow' : [ 0xb0, ['unsigned long']],
+} ],
+  '_MI_SHUTDOWN_STATE' : [ 0x48, {
+    'CrashDumpInitialized' : [ 0x0, ['unsigned char']],
+    'ConnectedStandbyActive' : [ 0x1, ['unsigned char']],
+    'ZeroPageFileAtShutdown' : [ 0x2, ['unsigned char']],
+    'SystemShutdown' : [ 0x4, ['unsigned long']],
+    'ShutdownFlushInProgress' : [ 0x8, ['long']],
+    'MirroringActive' : [ 0xc, ['unsigned long']],
+    'ResumeItem' : [ 0x10, ['_MI_RESUME_WORKITEM']],
+    'MirrorHoldsPfn' : [ 0x30, ['pointer', ['_ETHREAD']]],
+    'MirrorBitMaps' : [ 0x34, ['array', 2, ['_RTL_BITMAP']]],
+    'CrashDumpPte' : [ 0x44, ['pointer', ['_MMPTE']]],
+} ],
+  '_WHEA_IPF_CPE_DESCRIPTOR' : [ 0x4, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+} ],
+  '_VI_TRACK_IRQL' : [ 0x20, {
+    'Thread' : [ 0x0, ['pointer', ['void']]],
+    'OldIrql' : [ 0x4, ['unsigned char']],
+    'NewIrql' : [ 0x5, ['unsigned char']],
+    'Processor' : [ 0x6, ['unsigned short']],
+    'TickCount' : [ 0x8, ['unsigned long']],
+    'StackTrace' : [ 0xc, ['array', 5, ['pointer', ['void']]]],
+} ],
+  '_ETW_PRIV_HANDLE_DEMUX_TABLE' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x8, ['_EX_PUSH_LOCK']],
+    'SequenceNumber' : [ 0xc, ['unsigned short']],
+} ],
+  '_ARM64_DBGKD_CONTROL_SET' : [ 0x18, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'TraceFlag' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x8, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OWNER_ENTRY' : [ 0x8, {
+    'OwnerThread' : [ 0x0, ['unsigned long']],
+    'IoPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OwnerReferenced' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoQoSPriorityBoosted' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'OwnerCount' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'TableSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_KEY_HASH_TABLE_ENTRY' : [ 0xc, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Owner' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'Entry' : [ 0x8, ['pointer', ['_CM_KEY_HASH']]],
+} ],
+  '_XPF_MCE_FLAGS' : [ 0x4, {
+    'MCG_CapabilityRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MCG_GlobalControlRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_PERIODIC_CAPTURE_STATE_GUIDS' : [ 0x8, {
+    'ProviderCount' : [ 0x0, ['unsigned short']],
+    'Providers' : [ 0x4, ['pointer', ['_GUID']]],
+} ],
+  '_HEAP_FREE_ENTRY_EXTRA' : [ 0x4, {
+    'TagIndex' : [ 0x0, ['unsigned short']],
+    'FreeBackTraceIndex' : [ 0x2, ['unsigned short']],
+} ],
+  '_SE_AUDIT_PROCESS_CREATION_INFO' : [ 0x4, {
+    'ImageFileName' : [ 0x0, ['pointer', ['_OBJECT_NAME_INFORMATION']]],
+} ],
+  '_ACTIVATION_CONTEXT_STACK64' : [ 0x28, {
+    'ActiveFrame' : [ 0x0, ['unsigned long long']],
+    'FrameListCache' : [ 0x8, ['LIST_ENTRY64']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'NextCookieSequenceNumber' : [ 0x1c, ['unsigned long']],
+    'StackId' : [ 0x20, ['unsigned long']],
+} ],
+  'DOCK_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ProfileDepartureSetMode' : [ 0x10, ['pointer', ['void']]],
+    'ProfileDepartureUpdate' : [ 0x14, ['pointer', ['void']]],
+} ],
+  'DEBUG_MEMORY_REQUIREMENTS' : [ 0x20, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'MaxEnd' : [ 0x8, ['_LARGE_INTEGER']],
+    'VirtualAddress' : [ 0x10, ['pointer', ['void']]],
+    'Length' : [ 0x14, ['unsigned long']],
+    'Cached' : [ 0x18, ['unsigned char']],
+    'Aligned' : [ 0x19, ['unsigned char']],
+} ],
+  'DEBUG_DEVICE_ADDRESS' : [ 0xc, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'Valid' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 2, ['unsigned char']]],
+    'BitWidth' : [ 0x2, ['unsigned char']],
+    'AccessSize' : [ 0x3, ['unsigned char']],
+    'TranslatedAddress' : [ 0x4, ['pointer', ['unsigned char']]],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  'PROCESSOR_IDLESTATE_INFO' : [ 0x8, {
+    'TimeCheck' : [ 0x0, ['unsigned long']],
+    'DemotePercent' : [ 0x4, ['unsigned char']],
+    'PromotePercent' : [ 0x5, ['unsigned char']],
+    'Spare' : [ 0x6, ['array', 2, ['unsigned char']]],
+} ],
+  'SYSTEM_POWER_LEVEL' : [ 0x18, {
+    'Enable' : [ 0x0, ['unsigned char']],
+    'Spare' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'BatteryLevel' : [ 0x4, ['unsigned long']],
+    'PowerPolicy' : [ 0x8, ['POWER_ACTION_POLICY']],
+    'MinSystemState' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+} ],
+  'POWER_ACTION_POLICY' : [ 0xc, {
+    'Action' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'Flags' : [ 0x4, ['unsigned long']],
+    'EventCode' : [ 0x8, ['unsigned long']],
+} ],
+  'BATTERY_REPORTING_SCALE' : [ 0x8, {
+    'Granularity' : [ 0x0, ['unsigned long']],
+    'Capacity' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROCESSOR_POWER_STATE' : [ 0x1a8, {
+    'IdleStates' : [ 0x0, ['pointer', ['_PPM_IDLE_STATES']]],
+    'IdleAccounting' : [ 0x4, ['pointer', ['_PROC_IDLE_ACCOUNTING']]],
+    'IdleTimeLast' : [ 0x8, ['unsigned long long']],
+    'IdleTimeTotal' : [ 0x10, ['unsigned long long']],
+    'IdleTimeEntry' : [ 0x18, ['unsigned long long']],
+    'IdleTimeExpiration' : [ 0x20, ['unsigned long long']],
+    'NonInterruptibleTransition' : [ 0x28, ['unsigned char']],
+    'PepWokenTransition' : [ 0x29, ['unsigned char']],
+    'HvTargetState' : [ 0x2a, ['unsigned char']],
+    'SoftParked' : [ 0x2b, ['unsigned char']],
+    'TargetIdleState' : [ 0x2c, ['unsigned long']],
+    'IdlePolicy' : [ 0x30, ['_PROC_IDLE_POLICY']],
+    'Synchronization' : [ 0x38, ['_PPM_IDLE_SYNCHRONIZATION_STATE']],
+    'PerfFeedback' : [ 0x40, ['_PROC_FEEDBACK']],
+    'Hypervisor' : [ 0xc8, ['Enumeration', dict(target = 'long', choices = {0: u'ProcHypervisorNone', 1: u'ProcHypervisorPresent', 2: u'ProcHypervisorPower', 3: u'ProcHypervisorHvCounters'})]],
+    'LastSysTime' : [ 0xcc, ['unsigned long']],
+    'WmiDispatchPtr' : [ 0xd0, ['unsigned long']],
+    'WmiInterfaceEnabled' : [ 0xd4, ['long']],
+    'FFHThrottleStateInfo' : [ 0xd8, ['_PPM_FFH_THROTTLE_STATE_INFO']],
+    'PerfActionDpc' : [ 0xf8, ['_KDPC']],
+    'PerfActionMask' : [ 0x118, ['long']],
+    'HvIdleCheck' : [ 0x120, ['_PROC_IDLE_SNAP']],
+    'CheckContext' : [ 0x130, ['_PROC_PERF_CHECK_CONTEXT']],
+    'Concurrency' : [ 0x158, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ClassConcurrency' : [ 0x15c, ['pointer', ['_PPM_CONCURRENCY_ACCOUNTING']]],
+    'ArchitecturalEfficiencyClass' : [ 0x160, ['unsigned char']],
+    'PerformanceSchedulingClass' : [ 0x161, ['unsigned char']],
+    'EfficiencySchedulingClass' : [ 0x162, ['unsigned char']],
+    'Unused' : [ 0x163, ['unsigned char']],
+    'Parked' : [ 0x164, ['unsigned char']],
+    'LongPriorQosPeriod' : [ 0x165, ['unsigned char']],
+    'SnapTimeLast' : [ 0x168, ['unsigned long long']],
+    'EnergyConsumed' : [ 0x168, ['unsigned long long']],
+    'ActiveTime' : [ 0x170, ['unsigned long long']],
+    'TotalTime' : [ 0x178, ['unsigned long long']],
+    'FxDevice' : [ 0x180, ['pointer', ['_POP_FX_DEVICE']]],
+    'LastQosTranstionTsc' : [ 0x188, ['unsigned long long']],
+    'QosTransitionHysteresis' : [ 0x190, ['unsigned long long']],
+    'RequestedQosClass' : [ 0x198, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosDeadline', 5: u'KHeteroCpuQosMax'})]],
+    'ResolvedQosClass' : [ 0x19c, ['Enumeration', dict(target = 'long', choices = {0: u'KHeteroCpuQosHigh', 1: u'KHeteroCpuQosMedium', 2: u'KHeteroCpuQosLow', 3: u'KHeteroCpuQosMultimedia', 4: u'KHeteroCpuQosDeadline', 5: u'KHeteroCpuQosMax'})]],
+    'QosEquivalencyMask' : [ 0x1a0, ['unsigned short']],
+    'HwFeedbackTableIndex' : [ 0x1a2, ['unsigned short']],
+    'HwFeedbackParkHint' : [ 0x1a4, ['unsigned char']],
+    'HwFeedbackPerformanceClass' : [ 0x1a5, ['unsigned char']],
+    'HwFeedbackEfficiencyClass' : [ 0x1a6, ['unsigned char']],
+    'HeteroCoreType' : [ 0x1a7, ['unsigned char']],
+} ],
+  '_MI_PARTITION_SEGMENTS' : [ 0x200, {
+    'SegmentListLock' : [ 0x0, ['long']],
+    'DeleteOnCloseCount' : [ 0x4, ['unsigned long']],
+    'FsControlAreaCount' : [ 0x8, ['long long']],
+    'PfControlAreaCount' : [ 0x10, ['long long']],
+    'CloneHeaderCount' : [ 0x18, ['long long']],
+    'DeleteSubsectionCleanup' : [ 0x20, ['_KEVENT']],
+    'UnusedSegmentCleanup' : [ 0x30, ['_KEVENT']],
+    'SubsectionDeletePtes' : [ 0x40, ['unsigned long']],
+    'AttemptForCantExtend' : [ 0x44, ['_MMPAGE_FILE_EXPANSION']],
+    'DereferenceSegmentHeader' : [ 0x78, ['_MMDEREFERENCE_SEGMENT_HEADER']],
+    'DeleteOnCloseList' : [ 0xa4, ['_LIST_ENTRY']],
+    'DeleteOnCloseTimer' : [ 0xb0, ['_KTIMER']],
+    'DeleteOnCloseTimerActive' : [ 0xd8, ['unsigned char']],
+    'SegmentDereferenceThreadExists' : [ 0xd9, ['unsigned char']],
+    'SegmentDereferenceActiveControlArea' : [ 0xdc, ['pointer', ['void']]],
+    'UnusedSegmentPagedPool' : [ 0xe0, ['unsigned long']],
+    'UnusedSegmentList' : [ 0xe4, ['_LIST_ENTRY']],
+    'UnusedSubsectionList' : [ 0xec, ['_LIST_ENTRY']],
+    'DeleteSubsectionList' : [ 0xf4, ['_LIST_ENTRY']],
+    'ControlAreaDeleteEvent' : [ 0xfc, ['_KEVENT']],
+    'ControlAreaDeleteList' : [ 0x10c, ['_SINGLE_LIST_ENTRY']],
+    'FreeSystemCache' : [ 0x110, ['_MI_PTE_CHAIN_HEAD']],
+    'CloneDereferenceEvent' : [ 0x128, ['_KEVENT']],
+    'CloneProtosSListHead' : [ 0x138, ['_SLIST_HEADER']],
+    'SystemCacheInitLock' : [ 0x140, ['_EX_PUSH_LOCK']],
+    'PagefileExtensionWaiters' : [ 0x144, ['unsigned long']],
+    'PagefileExtensionRequests' : [ 0x148, ['unsigned long']],
+    'PagefileExtensionWaitEvent' : [ 0x14c, ['_KEVENT']],
+    'SharedCharges' : [ 0x15c, ['array', 7, ['_MI_CROSS_PARTITION_CHARGES']]],
+    'SharedChargesDrainEvent' : [ 0x1cc, ['pointer', ['_KEVENT']]],
+    'ControlAreasDrainEvent' : [ 0x1d0, ['pointer', ['_KEVENT']]],
+    'CloneHeaderDrainEvent' : [ 0x1d4, ['pointer', ['_KEVENT']]],
+    'ProbeRundownReference' : [ 0x1d8, ['pointer', ['_EX_RUNDOWN_REF_CACHE_AWARE']]],
+} ],
+  '_KiIoAccessMap' : [ 0x2024, {
+    'DirectionMap' : [ 0x0, ['array', 32, ['unsigned char']]],
+    'IoMap' : [ 0x20, ['array', 8196, ['unsigned char']]],
+} ],
+  '_WHEA_ERROR_STATUS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['unsigned long long']],
+    'Reserved1' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Address' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'Control' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'Data' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'Responder' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'Requester' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'FirstError' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Overflow' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_BUS_HANDLER' : [ 0x68, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'InterfaceType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'ConfigurationType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'Cmos', 1: u'EisaConfiguration', 2: u'Pos', 3: u'CbusConfiguration', 4: u'PCIConfiguration', 5: u'VMEConfiguration', 6: u'NuBusConfiguration', 7: u'PCMCIAConfiguration', 8: u'MPIConfiguration', 9: u'MPSAConfiguration', 10: u'PNPISAConfiguration', 11: u'SgiInternalConfiguration', 12: u'MaximumBusDataType', -1: u'ConfigurationSpaceUndefined'})]],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'ParentHandler' : [ 0x14, ['pointer', ['_BUS_HANDLER']]],
+    'BusData' : [ 0x18, ['pointer', ['void']]],
+    'DeviceControlExtensionSize' : [ 0x1c, ['unsigned long']],
+    'BusAddresses' : [ 0x20, ['pointer', ['_SUPPORTED_RANGES']]],
+    'Reserved' : [ 0x24, ['array', 4, ['unsigned long']]],
+    'GetBusData' : [ 0x34, ['pointer', ['void']]],
+    'SetBusData' : [ 0x38, ['pointer', ['void']]],
+    'AdjustResourceList' : [ 0x3c, ['pointer', ['void']]],
+    'AssignSlotResources' : [ 0x40, ['pointer', ['void']]],
+    'TranslateBusAddress' : [ 0x44, ['pointer', ['void']]],
+    'Spare1' : [ 0x48, ['pointer', ['void']]],
+    'Spare2' : [ 0x4c, ['pointer', ['void']]],
+    'Spare3' : [ 0x50, ['pointer', ['void']]],
+    'Spare4' : [ 0x54, ['pointer', ['void']]],
+    'Spare5' : [ 0x58, ['pointer', ['void']]],
+    'Spare6' : [ 0x5c, ['pointer', ['void']]],
+    'Spare7' : [ 0x60, ['pointer', ['void']]],
+    'Spare8' : [ 0x64, ['pointer', ['void']]],
+} ],
+  '_MI_AVAILABLE_PAGE_WAIT_STATES' : [ 0x14, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'EventSets' : [ 0x10, ['unsigned long']],
+} ],
+  '_MMPTE_TIMESTAMP' : [ 0x8, {
+    'MustBeZero' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Unused0' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFileLow' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned long long')]],
+    'Unused1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long long')]],
+    'GlobalTimeStamp' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_KRESOURCEMANAGER' : [ 0x154, {
+    'NotificationAvailable' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'State' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'KResourceManagerUninitialized', 1: u'KResourceManagerOffline', 2: u'KResourceManagerOnline'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'Mutex' : [ 0x1c, ['_KMUTANT']],
+    'NamespaceLink' : [ 0x3c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'RmId' : [ 0x50, ['_GUID']],
+    'NotificationQueue' : [ 0x60, ['_KQUEUE']],
+    'NotificationMutex' : [ 0x88, ['_KMUTANT']],
+    'EnlistmentHead' : [ 0xa8, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0xb0, ['unsigned long']],
+    'NotificationRoutine' : [ 0xb4, ['pointer', ['void']]],
+    'Key' : [ 0xb8, ['pointer', ['void']]],
+    'ProtocolListHead' : [ 0xbc, ['_LIST_ENTRY']],
+    'PendingPropReqListHead' : [ 0xc4, ['_LIST_ENTRY']],
+    'CRMListEntry' : [ 0xcc, ['_LIST_ENTRY']],
+    'Tm' : [ 0xd4, ['pointer', ['_KTM']]],
+    'Description' : [ 0xd8, ['_UNICODE_STRING']],
+    'Enlistments' : [ 0xe0, ['_KTMOBJECT_NAMESPACE']],
+    'CompletionBinding' : [ 0x140, ['_KRESOURCEMANAGER_COMPLETION_BINDING']],
+} ],
+  '_ARBITER_QUERY_ARBITRATE_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_DEVICE' : [ 0x308, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['_POP_FX_DEVICE_STATUS']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DevNode' : [ 0x1c, ['pointer', ['_DEVICE_NODE']]],
+    'DpmContext' : [ 0x20, ['pointer', ['PEPHANDLE__']]],
+    'Plugin' : [ 0x24, ['pointer', ['_POP_FX_PLUGIN']]],
+    'PluginHandle' : [ 0x28, ['pointer', ['PEPHANDLE__']]],
+    'AcpiPlugin' : [ 0x2c, ['pointer', ['_POP_FX_PLUGIN']]],
+    'AcpiPluginHandle' : [ 0x30, ['pointer', ['PEPHANDLE__']]],
+    'DeviceObject' : [ 0x34, ['pointer', ['_DEVICE_OBJECT']]],
+    'TargetDevice' : [ 0x38, ['pointer', ['_DEVICE_OBJECT']]],
+    'Callbacks' : [ 0x3c, ['_POP_FX_DRIVER_CALLBACKS']],
+    'DriverContext' : [ 0x64, ['pointer', ['void']]],
+    'AcpiLink' : [ 0x68, ['_LIST_ENTRY']],
+    'DeviceId' : [ 0x70, ['_UNICODE_STRING']],
+    'RemoveLock' : [ 0x78, ['_IO_REMOVE_LOCK']],
+    'AcpiRemoveLock' : [ 0x90, ['_IO_REMOVE_LOCK']],
+    'WorkOrder' : [ 0xa8, ['_POP_FX_WORK_ORDER']],
+    'IdleLock' : [ 0xc4, ['unsigned long']],
+    'IdleTimer' : [ 0xc8, ['_KTIMER']],
+    'IdleDpc' : [ 0xf0, ['_KDPC']],
+    'IdleTimeout' : [ 0x110, ['unsigned long long']],
+    'IdleStamp' : [ 0x118, ['unsigned long long']],
+    'NextIrpDeviceObject' : [ 0x120, ['array', 2, ['pointer', ['_DEVICE_OBJECT']]]],
+    'NextIrpPowerState' : [ 0x128, ['array', 2, ['_POWER_STATE']]],
+    'NextIrpCallerCompletion' : [ 0x130, ['array', 2, ['pointer', ['void']]]],
+    'NextIrpCallerContext' : [ 0x138, ['array', 2, ['pointer', ['void']]]],
+    'IrpCompleteEvent' : [ 0x140, ['_KEVENT']],
+    'PowerOnDumpDeviceCallback' : [ 0x150, ['pointer', ['void']]],
+    'Accounting' : [ 0x158, ['_POP_FX_ACCOUNTING']],
+    'Flags' : [ 0x230, ['unsigned long']],
+    'ComponentCount' : [ 0x234, ['unsigned long']],
+    'Components' : [ 0x238, ['pointer', ['pointer', ['_POP_FX_COMPONENT']]]],
+    'LogEntries' : [ 0x23c, ['unsigned long']],
+    'Log' : [ 0x240, ['pointer', ['_POP_FX_LOG_ENTRY']]],
+    'LogIndex' : [ 0x244, ['long']],
+    'DripsWatchdogDriverObject' : [ 0x248, ['pointer', ['_DRIVER_OBJECT']]],
+    'DripsWatchdogContext' : [ 0x24c, ['_POP_FX_DRIPS_WATCHDOG_CONTEXT']],
+    'DirectedTimeout' : [ 0x260, ['unsigned long']],
+    'DirectedWorkOrder' : [ 0x264, ['_POP_FX_WORK_ORDER']],
+    'DirectedWorkWatchdogInfo' : [ 0x280, ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']],
+    'DirectedLock' : [ 0x2e8, ['unsigned long']],
+    'DirectedTransitionCallCount' : [ 0x2ec, ['long']],
+    'DirectedTransitionState' : [ 0x2f0, ['_POP_FX_DEVICE_DIRECTED_TRANSITION_STATE']],
+    'PowerProfile' : [ 0x2fc, ['pointer', ['_POP_DEVICE_POWER_PROFILE']]],
+    'FriendlyName' : [ 0x300, ['_UNICODE_STRING']],
+} ],
+  '_CELL_DATA' : [ 0x50, {
+    'u' : [ 0x0, ['_u']],
+} ],
+  '_IOV_IRP_TRACE' : [ 0x40, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_KTHREAD']]],
+    'KernelApcDisable' : [ 0x8, ['short']],
+    'SpecialApcDisable' : [ 0xa, ['short']],
+    'CombinedApcDisable' : [ 0x8, ['unsigned long']],
+    'Irql' : [ 0xc, ['unsigned char']],
+    'StackTrace' : [ 0x10, ['array', 12, ['pointer', ['void']]]],
+} ],
+  '__unnamed_2c97' : [ 0x8, {
+    'Status' : [ 0x0, ['long']],
+    'Point' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_PARSE_DEBUG_INFO' : [ 0x38, {
+    'SymlinkCachedKcb' : [ 0x0, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'StartingKcb' : [ 0x4, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KcbCacheResult' : [ 0x8, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'WalkResult' : [ 0xc, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'DeepestKcbFound' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KcbCacheLevels' : [ 0x14, ['unsigned char']],
+    'WalkLevels' : [ 0x15, ['unsigned char']],
+    'FailureCount' : [ 0x16, ['unsigned char']],
+    'FailurePoints' : [ 0x18, ['array', 4, ['__unnamed_2c97']]],
+} ],
+  '_MI_CLONE_BLOCK_FLAGS' : [ 0x4, {
+    'ActualCloneCommit' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'CloneProtection' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  'FEATURE_STATE_CHANGE_SUBSCRIPTION__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PS_JOB_WAKE_INFORMATION' : [ 0x48, {
+    'NotificationChannel' : [ 0x0, ['unsigned long long']],
+    'WakeCounters' : [ 0x8, ['array', 7, ['unsigned long long']]],
+    'NoWakeCounter' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MMINPAGE_FLAGS' : [ 0x4, {
+    'GetExtents' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PrefetchSystemVmType' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned long')]],
+    'VaPrefetchReadBlock' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CollidedFlowThrough' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ForceCollisions' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InPageExpanded' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'IssuedAtLowPriority' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'FaultFromStore' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 12, native_type='unsigned long')]],
+    'ClusteredPagePriority' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned long')]],
+    'MakeClusterValid' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'PerformRelocations' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ZeroLastPage' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'UserFault' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'StandbyProtectionNeeded' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'PteChanged' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'PageFileFault' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'PageFilePageHashActive' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'CoalescedIo' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'VmLockNotNeeded' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_IO_ADAPTER_CRYPTO_KEY_DESCRIPTOR' : [ 0x48, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'CryptoIndex' : [ 0x8, ['unsigned long']],
+    'AlgorithmId' : [ 0xc, ['unsigned long']],
+    'DataUnitSize' : [ 0x10, ['unsigned long']],
+    'KeySize' : [ 0x14, ['unsigned long']],
+    'KeyHash' : [ 0x18, ['array', 32, ['unsigned char']]],
+    'KeyVirtualAddress' : [ 0x38, ['pointer', ['void']]],
+    'KeyPhysicalAddress' : [ 0x40, ['_LARGE_INTEGER']],
+} ],
+  '_PPM_CONCURRENCY_ACCOUNTING' : [ 0x28, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Processors' : [ 0x4, ['unsigned long']],
+    'ActiveProcessors' : [ 0x8, ['unsigned long']],
+    'LastUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalTime' : [ 0x18, ['unsigned long long']],
+    'AccumulatedTime' : [ 0x20, ['array', 1, ['unsigned long long']]],
+} ],
+  '_RTL_HP_SUB_ALLOCATOR_CONFIGS' : [ 0x8, {
+    'LfhConfigs' : [ 0x0, ['_RTL_HP_LFH_CONFIG']],
+    'VsConfigs' : [ 0x4, ['_RTL_HP_VS_CONFIG']],
+} ],
+  '_SEP_CACHED_HANDLES_ENTRY_DESCRIPTOR' : [ 0xc, {
+    'DescriptorType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SepCachedHandlesEntryLowbox', 1: u'SepCachedHandlesEntryBnoIsolation'})]],
+    'PackageSid' : [ 0x4, ['pointer', ['void']]],
+    'IsolationPrefix' : [ 0x4, ['_UNICODE_STRING']],
+} ],
+  '_HEAP_ENTRY_EXTRA' : [ 0x8, {
+    'AllocatorBackTraceIndex' : [ 0x0, ['unsigned short']],
+    'TagIndex' : [ 0x2, ['unsigned short']],
+    'Settable' : [ 0x4, ['unsigned long']],
+    'ZeroInit' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VF_AVL_TABLE' : [ 0x80, {
+    'RtlTable' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'ReservedNode' : [ 0x38, ['pointer', ['_VF_AVL_TREE_NODE']]],
+    'NodeToFree' : [ 0x3c, ['pointer', ['void']]],
+    'Lock' : [ 0x40, ['long']],
+} ],
+  '_PEBS_DS_SAVE_AREA64' : [ 0xa0, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long long']],
+    'BtsIndex' : [ 0x8, ['unsigned long long']],
+    'BtsAbsoluteMaximum' : [ 0x10, ['unsigned long long']],
+    'BtsInterruptThreshold' : [ 0x18, ['unsigned long long']],
+    'PebsBufferBase' : [ 0x20, ['unsigned long long']],
+    'PebsIndex' : [ 0x28, ['unsigned long long']],
+    'PebsAbsoluteMaximum' : [ 0x30, ['unsigned long long']],
+    'PebsInterruptThreshold' : [ 0x38, ['unsigned long long']],
+    'PebsGpCounterReset' : [ 0x40, ['array', 8, ['unsigned long long']]],
+    'PebsFixedCounterReset' : [ 0x80, ['array', 4, ['unsigned long long']]],
+} ],
+  '_FLOATING_SAVE_AREA' : [ 0x70, {
+    'ControlWord' : [ 0x0, ['unsigned long']],
+    'StatusWord' : [ 0x4, ['unsigned long']],
+    'TagWord' : [ 0x8, ['unsigned long']],
+    'ErrorOffset' : [ 0xc, ['unsigned long']],
+    'ErrorSelector' : [ 0x10, ['unsigned long']],
+    'DataOffset' : [ 0x14, ['unsigned long']],
+    'DataSelector' : [ 0x18, ['unsigned long']],
+    'RegisterArea' : [ 0x1c, ['array', 80, ['unsigned char']]],
+    'Spare0' : [ 0x6c, ['unsigned long']],
+} ],
+  '_LEAP_SECOND_DATA' : [ 0x10, {
+    'Enabled' : [ 0x0, ['unsigned char']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x8, ['array', 1, ['_LARGE_INTEGER']]],
+} ],
+  '__unnamed_2cc7' : [ 0x8, {
+    'IdleTime' : [ 0x0, ['unsigned long']],
+    'NonIdleTime' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2cc9' : [ 0x8, {
+    'Disk' : [ 0x0, ['__unnamed_2cc7']],
+} ],
+  '_DEVICE_OBJECT_POWER_EXTENSION' : [ 0x44, {
+    'IdleCount' : [ 0x0, ['unsigned long']],
+    'BusyCount' : [ 0x4, ['unsigned long']],
+    'BusyReference' : [ 0x8, ['unsigned long']],
+    'TotalBusyCount' : [ 0xc, ['unsigned long']],
+    'ConservationIdleTime' : [ 0x10, ['unsigned long']],
+    'PerformanceIdleTime' : [ 0x14, ['unsigned long']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'IdleList' : [ 0x1c, ['_LIST_ENTRY']],
+    'IdleType' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceIdleNormal', 1: u'DeviceIdleDisk'})]],
+    'IdleState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CurrentState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerDeviceUnspecified', 1: u'PowerDeviceD0', 2: u'PowerDeviceD1', 3: u'PowerDeviceD2', 4: u'PowerDeviceD3', 5: u'PowerDeviceMaximum'})]],
+    'CoolingExtension' : [ 0x30, ['pointer', ['_POP_COOLING_EXTENSION']]],
+    'Volume' : [ 0x34, ['_LIST_ENTRY']],
+    'Specific' : [ 0x3c, ['__unnamed_2cc9']],
+} ],
+  '_OBJECT_DIRECTORY_ENTRY' : [ 0xc, {
+    'ChainLink' : [ 0x0, ['pointer', ['_OBJECT_DIRECTORY_ENTRY']]],
+    'Object' : [ 0x4, ['pointer', ['void']]],
+    'HashValue' : [ 0x8, ['unsigned long']],
+} ],
+  '_CM_UOW_SET_SD_DATA' : [ 0x4, {
+    'SecurityCell' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_DEVICE_COMPLETION_REQUEST' : [ 0x28, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceNode' : [ 0x8, ['pointer', ['_DEVICE_NODE']]],
+    'Context' : [ 0xc, ['pointer', ['void']]],
+    'CompletionState' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {768: u'DeviceNodeUnspecified', 769: u'DeviceNodeUninitialized', 770: u'DeviceNodeInitialized', 771: u'DeviceNodeDriversAdded', 772: u'DeviceNodeResourcesAssigned', 773: u'DeviceNodeStartPending', 774: u'DeviceNodeStartCompletion', 775: u'DeviceNodeStartPostWork', 776: u'DeviceNodeStarted', 777: u'DeviceNodeQueryStopped', 778: u'DeviceNodeStopped', 779: u'DeviceNodeRestartCompletion', 780: u'DeviceNodeEnumeratePending', 781: u'DeviceNodeEnumerateCompletion', 782: u'DeviceNodeAwaitingQueuedDeletion', 783: u'DeviceNodeAwaitingQueuedRemoval', 784: u'DeviceNodeQueryRemoved', 785: u'DeviceNodeRemovePendingCloses', 786: u'DeviceNodeRemoved', 787: u'DeviceNodeDeletePendingCloses', 788: u'DeviceNodeDeleted', 789: u'MaxDeviceNodeState'})]],
+    'IrpPended' : [ 0x14, ['unsigned long']],
+    'Status' : [ 0x18, ['long']],
+    'Information' : [ 0x1c, ['pointer', ['void']]],
+    'ReferenceCount' : [ 0x20, ['long']],
+    'Watchdog' : [ 0x24, ['pointer', ['_PNP_WATCHDOG']]],
+} ],
+  '_ETW_STACK_TRACE_BLOCK' : [ 0x50, {
+    'RelatedTimestamp' : [ 0x0, ['_LARGE_INTEGER']],
+    'Thread' : [ 0x8, ['pointer', ['_ETHREAD']]],
+    'StackWalkDpc' : [ 0xc, ['_KDPC']],
+    'ApcListHead' : [ 0x30, ['_SLIST_HEADER']],
+    'ApcEntry' : [ 0x38, ['pointer', ['_ETW_APC_ENTRY']]],
+    'ApcEntryCount' : [ 0x3c, ['unsigned long']],
+    'Flags' : [ 0x40, ['long']],
+    'ApcCount' : [ 0x44, ['long']],
+    'MaxApcCount' : [ 0x48, ['long']],
+} ],
+  '_EVENT_FILTER_LEVEL_KW' : [ 0x18, {
+    'MatchAnyKeyword' : [ 0x0, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x8, ['unsigned long long']],
+    'Level' : [ 0x10, ['unsigned char']],
+    'FilterIn' : [ 0x11, ['unsigned char']],
+} ],
+  '_WRITE_BEHIND_THROUGHPUT' : [ 0x8, {
+    'PagesYetToWrite' : [ 0x0, ['unsigned long']],
+    'Throughput' : [ 0x4, ['unsigned long']],
+} ],
+  '_THREAD_PERFORMANCE_DATA' : [ 0x1c0, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'ProcessorNumber' : [ 0x4, ['_PROCESSOR_NUMBER']],
+    'ContextSwitches' : [ 0x8, ['unsigned long']],
+    'HwCountersCount' : [ 0xc, ['unsigned long']],
+    'UpdateCount' : [ 0x10, ['unsigned long long']],
+    'WaitReasonBitMap' : [ 0x18, ['unsigned long long']],
+    'HardwareCounters' : [ 0x20, ['unsigned long long']],
+    'CycleTime' : [ 0x28, ['_COUNTER_READING']],
+    'HwCounters' : [ 0x40, ['array', 16, ['_COUNTER_READING']]],
+} ],
+  '_SEP_TOKEN_PRIVILEGES' : [ 0x18, {
+    'Present' : [ 0x0, ['unsigned long long']],
+    'Enabled' : [ 0x8, ['unsigned long long']],
+    'EnabledByDefault' : [ 0x10, ['unsigned long long']],
+} ],
+  '__unnamed_2ce3' : [ 0x4, {
+    'LongFlags' : [ 0x0, ['unsigned long']],
+    'Flags' : [ 0x0, ['_MMPAGE_FILE_EXPANSION_FLAGS']],
+} ],
+  '_MMPAGE_FILE_EXPANSION' : [ 0x34, {
+    'Segment' : [ 0x0, ['pointer', ['_SEGMENT']]],
+    'DereferenceList' : [ 0x4, ['_LIST_ENTRY']],
+    'Partition' : [ 0xc, ['pointer', ['_MI_PARTITION']]],
+    'RequestedExpansionSize' : [ 0x10, ['unsigned long']],
+    'ActualExpansion' : [ 0x14, ['unsigned long']],
+    'Event' : [ 0x18, ['_KEVENT']],
+    'InProgress' : [ 0x28, ['long']],
+    'u1' : [ 0x2c, ['__unnamed_2ce3']],
+    'ActiveEntry' : [ 0x30, ['pointer', ['pointer', ['void']]]],
+} ],
+  '_NT_TIB32' : [ 0x1c, {
+    'ExceptionList' : [ 0x0, ['unsigned long']],
+    'StackBase' : [ 0x4, ['unsigned long']],
+    'StackLimit' : [ 0x8, ['unsigned long']],
+    'SubSystemTib' : [ 0xc, ['unsigned long']],
+    'FiberData' : [ 0x10, ['unsigned long']],
+    'Version' : [ 0x10, ['unsigned long']],
+    'ArbitraryUserPointer' : [ 0x14, ['unsigned long']],
+    'Self' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SYNCHRONIZATION' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'EnterProcessor' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned long')]],
+    'ExitProcessor' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 24, native_type='unsigned long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 26, native_type='unsigned long')]],
+    'Entered' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'EntryPriority' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KDPC_LIST' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'LastEntry' : [ 0x4, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_LPCP_PORT_OBJECT' : [ 0xa4, {
+    'ConnectionPort' : [ 0x0, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'ConnectedPort' : [ 0x4, ['pointer', ['_LPCP_PORT_OBJECT']]],
+    'MsgQueue' : [ 0x8, ['_LPCP_PORT_QUEUE']],
+    'Creator' : [ 0x18, ['_CLIENT_ID']],
+    'ClientSectionBase' : [ 0x20, ['pointer', ['void']]],
+    'ServerSectionBase' : [ 0x24, ['pointer', ['void']]],
+    'PortContext' : [ 0x28, ['pointer', ['void']]],
+    'ClientThread' : [ 0x2c, ['pointer', ['_ETHREAD']]],
+    'SecurityQos' : [ 0x30, ['_SECURITY_QUALITY_OF_SERVICE']],
+    'StaticSecurity' : [ 0x3c, ['_SECURITY_CLIENT_CONTEXT']],
+    'LpcReplyChainHead' : [ 0x78, ['_LIST_ENTRY']],
+    'LpcDataInfoChainHead' : [ 0x80, ['_LIST_ENTRY']],
+    'ServerProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MappingProcess' : [ 0x88, ['pointer', ['_EPROCESS']]],
+    'MaxMessageLength' : [ 0x8c, ['unsigned short']],
+    'MaxConnectionInfoLength' : [ 0x8e, ['unsigned short']],
+    'Flags' : [ 0x90, ['unsigned long']],
+    'WaitEvent' : [ 0x94, ['_KEVENT']],
+} ],
+  '_ETW_FILTER_PID' : [ 0x24, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Pids' : [ 0x4, ['array', 8, ['unsigned long']]],
+} ],
+  '_IOV_FORCED_PENDING_TRACE' : [ 0x100, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'Thread' : [ 0x4, ['pointer', ['_ETHREAD']]],
+    'StackTrace' : [ 0x8, ['array', 62, ['pointer', ['void']]]],
+} ],
+  '_ARBITER_QUERY_CONFLICT_PARAMETERS' : [ 0x10, {
+    'PhysicalDeviceObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'ConflictingResource' : [ 0x4, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ConflictCount' : [ 0x8, ['pointer', ['unsigned long']]],
+    'Conflicts' : [ 0xc, ['pointer', ['pointer', ['_ARBITER_CONFLICT_INFO']]]],
+} ],
+  '_POP_THERMAL_TELEMETRY_TRACKER' : [ 0x218, {
+    'AccountingDisabled' : [ 0x0, ['unsigned char']],
+    'ActiveLevels' : [ 0x1, ['unsigned char']],
+    'LastPassiveUpdateTime' : [ 0x8, ['unsigned long long']],
+    'LastActiveUpdateTime' : [ 0x10, ['unsigned long long']],
+    'TotalPassiveTime' : [ 0x18, ['array', 21, ['unsigned long long']]],
+    'PassiveTimeSnap' : [ 0xc0, ['array', 21, ['unsigned long long']]],
+    'TotalActiveTime' : [ 0x168, ['array', 10, ['unsigned long long']]],
+    'ActiveTimeSnap' : [ 0x1b8, ['array', 10, ['unsigned long long']]],
+    'TotalTime' : [ 0x208, ['unsigned long long']],
+    'TotalTimeSnap' : [ 0x210, ['unsigned long long']],
+} ],
+  '_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS' : [ 0x1, {
+    'FRUId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'FRUText' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_HEAP_LFH_SUBSEGMENT_DELAY_FREE' : [ 0x4, {
+    'DelayFree' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Count' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'AllBits' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '_POP_FX_LOG_ENTRY' : [ 0x18, {
+    'Timestamp' : [ 0x0, ['unsigned long long']],
+    'Operation' : [ 0x8, ['unsigned char']],
+    'Component' : [ 0x9, ['unsigned char']],
+    'Processor' : [ 0xa, ['unsigned short']],
+    'Process' : [ 0xc, ['unsigned short']],
+    'Thread' : [ 0xe, ['unsigned short']],
+    'Information' : [ 0x10, ['unsigned long long']],
+} ],
+  'wil_details_StagingConfigWnfStateName' : [ 0x8, {
+    'Data' : [ 0x0, ['array', 2, ['unsigned long']]],
+} ],
+  'RTLP_HP_LFH_PERF_FLAGS' : [ 0x4, {
+    'HotspotDetection' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'HotspotFullCommit' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ActiveSubsegment' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SmallerSubsegment' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'SingleAffinitySlot' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ApplyLfhDecommitPolicy' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'EnableGarbageCollection' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'LargePagePreCommit' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'OpportunisticLargePreCommit' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'LfhForcedAffinity' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'LfhCachelinePadding' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AllFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MMPAGING_FILE' : [ 0xa0, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'MaximumSize' : [ 0x4, ['unsigned long']],
+    'MinimumSize' : [ 0x8, ['unsigned long']],
+    'FreeSpace' : [ 0xc, ['unsigned long']],
+    'PeakUsage' : [ 0x10, ['unsigned long']],
+    'HighestPage' : [ 0x14, ['unsigned long']],
+    'FreeReservationSpace' : [ 0x18, ['unsigned long']],
+    'File' : [ 0x1c, ['pointer', ['_FILE_OBJECT']]],
+    'Entry' : [ 0x20, ['pointer', ['pointer', ['_MMMOD_WRITER_MDL_ENTRY']]]],
+    'NumberOfModWriterEntries' : [ 0x24, ['unsigned long']],
+    'PfnsToFree' : [ 0x28, ['_SLIST_HEADER']],
+    'PageFileName' : [ 0x30, ['_UNICODE_STRING']],
+    'Bitmaps' : [ 0x38, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmapHint' : [ 0x3c, ['unsigned long']],
+    'LargestAllocationCluster' : [ 0x40, ['unsigned long']],
+    'RefreshAllocationCluster' : [ 0x44, ['unsigned long']],
+    'LastRefreshAllocationCluster' : [ 0x48, ['unsigned long']],
+    'ReservedClusterSizeAggregate' : [ 0x4c, ['unsigned long']],
+    'MaximumRunLengthInBitmaps' : [ 0x50, ['unsigned long']],
+    'BitmapsCacheLengthTree' : [ 0x54, ['_RTL_RB_TREE']],
+    'BitmapsCacheLocationTree' : [ 0x5c, ['_RTL_RB_TREE']],
+    'BitmapsCacheFreeList' : [ 0x64, ['_LIST_ENTRY']],
+    'BitmapsCacheEntries' : [ 0x6c, ['pointer', ['_MI_PAGEFILE_BITMAPS_CACHE_ENTRY']]],
+    'ToBeEvictedCount' : [ 0x70, ['unsigned long']],
+    'HybridPriority' : [ 0x70, ['unsigned long']],
+    'PageFileNumber' : [ 0x74, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned short')]],
+    'WsSwapPagefile' : [ 0x74, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'NoReservations' : [ 0x74, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned short')]],
+    'VirtualStorePagefile' : [ 0x74, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned short')]],
+    'SwapSupported' : [ 0x74, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned short')]],
+    'NodeInserted' : [ 0x74, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned short')]],
+    'StackNotified' : [ 0x74, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned short')]],
+    'BackedBySCM' : [ 0x74, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SpecialPurposeMemory' : [ 0x74, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'Spare0' : [ 0x74, ['BitField', dict(start_bit = 12, end_bit = 15, native_type='unsigned short')]],
+    'AdriftMdls' : [ 0x76, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare1' : [ 0x76, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreReservations' : [ 0x77, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'Spare2' : [ 0x77, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+    'PageHashPages' : [ 0x78, ['unsigned long']],
+    'PageHashPagesPeak' : [ 0x7c, ['unsigned long']],
+    'PageHash' : [ 0x80, ['pointer', ['unsigned long']]],
+    'FileHandle' : [ 0x84, ['pointer', ['void']]],
+    'SpinLock' : [ 0x88, ['long']],
+    'FlowThroughReadRoot' : [ 0x8c, ['_RTL_AVL_TREE']],
+    'Partition' : [ 0x90, ['pointer', ['_MI_PARTITION']]],
+    'FileObjectNode' : [ 0x94, ['_RTL_BALANCED_NODE']],
+} ],
+  '_OBJECT_HANDLE_COUNT_ENTRY' : [ 0x8, {
+    'Process' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'HandleCount' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'LockCount' : [ 0x4, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_FREE_DISPLAY' : [ 0x10, {
+    'RealVectorSize' : [ 0x0, ['unsigned long']],
+    'Hint' : [ 0x4, ['unsigned long']],
+    'Display' : [ 0x8, ['_RTL_BITMAP']],
+} ],
+  '_MAP_REGISTER_ENTRY' : [ 0x8, {
+    'MapRegister' : [ 0x0, ['pointer', ['void']]],
+    'WriteToDevice' : [ 0x4, ['unsigned char']],
+} ],
+  '_PROCESSOR_IDLE_PREPARE_INFO' : [ 0x50, {
+    'Context' : [ 0x0, ['pointer', ['void']]],
+    'Constraints' : [ 0x8, ['_PROCESSOR_IDLE_CONSTRAINTS']],
+    'DependencyCount' : [ 0x38, ['unsigned long']],
+    'DependencyUsed' : [ 0x3c, ['unsigned long']],
+    'DependencyArray' : [ 0x40, ['pointer', ['_PROCESSOR_IDLE_DEPENDENCY']]],
+    'PlatformIdleStateIndex' : [ 0x44, ['unsigned long']],
+    'ProcessorIdleStateIndex' : [ 0x48, ['unsigned long']],
+    'IdleSelectFailureMask' : [ 0x4c, ['unsigned long']],
+} ],
+  '_PNP_REBALANCE_TRACE_CONTEXT' : [ 0x50, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'RebalancePhase' : [ 0x4, ['unsigned long']],
+    'Reason' : [ 0x8, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceReasonUnknown', 1: u'RebalanceReasonRequirementsChanged', 2: u'RebalanceReasonNewDevice'})]]],
+    'Failure' : [ 0x10, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'RebalanceFailureNone', 1: u'RebalanceFailureDisabled', 2: u'RebalanceFailureNoMemory', 3: u'RebalanceFailureQueryStopUnexpectedVeto', 4: u'RebalanceFailureNoRequirements', 5: u'RebalanceFailureNoCandidates', 6: u'RebalanceFailureNoConfiguration'})]]],
+    'SubtreeRoot' : [ 0x18, ['pointer', ['_DEVICE_NODE']]],
+    'SubtreeIncludesRoot' : [ 0x1c, ['unsigned char']],
+    'TriggerRoot' : [ 0x20, ['pointer', ['_DEVICE_NODE']]],
+    'RebalanceDueToDynamicPartitioning' : [ 0x24, ['unsigned char']],
+    'BeginTime' : [ 0x28, ['unsigned long long']],
+    'VetoNode' : [ 0x30, ['array', 2, ['pointer', ['_DEVICE_NODE']]]],
+    'VetoQueryRebalanceReason' : [ 0x38, ['array', 2, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceQueryRebalanceSucceeded', 1: u'DeviceQueryStopFailed', 2: u'DeviceFailedGetNewResourceRequirement', 3: u'DeviceInUnexpectedState', 4: u'DeviceNotSupportQueryRebalance'})]]],
+    'ConflictContext' : [ 0x40, ['_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT']],
+} ],
+  '_IOP_IRP_STACK_PROFILER' : [ 0x54, {
+    'Profile' : [ 0x0, ['array', 20, ['unsigned long']]],
+    'TotalIrps' : [ 0x50, ['unsigned long']],
+} ],
+  '_EX_HEAP_POOL_NODE' : [ 0x20c0, {
+    'Heaps' : [ 0x0, ['array', 4, ['pointer', ['_SEGMENT_HEAP']]]],
+    'Lookasides' : [ 0x40, ['array', 2, ['_RTL_DYNAMIC_LOOKASIDE']]],
+} ],
+  '_HMAP_ENTRY' : [ 0xc, {
+    'BlockOffset' : [ 0x0, ['unsigned long']],
+    'PermanentBinAddress' : [ 0x4, ['unsigned long']],
+    'MemAlloc' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_2d41' : [ 0x18, {
+    'RequestedTime' : [ 0x0, ['unsigned long long']],
+    'ProgrammedTime' : [ 0x8, ['unsigned long long']],
+    'TimerInfo' : [ 0x10, ['pointer', ['_DIAGNOSTIC_BUFFER']]],
+} ],
+  '_POP_POWER_ACTION' : [ 0x178, {
+    'Updates' : [ 0x0, ['unsigned char']],
+    'State' : [ 0x1, ['unsigned char']],
+    'Shutdown' : [ 0x2, ['unsigned char']],
+    'Action' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerActionNone', 1: u'PowerActionReserved', 2: u'PowerActionSleep', 3: u'PowerActionHibernate', 4: u'PowerActionShutdown', 5: u'PowerActionShutdownReset', 6: u'PowerActionShutdownOff', 7: u'PowerActionWarmEject', 8: u'PowerActionDisplayOff'})]],
+    'LightestState' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'Flags' : [ 0xc, ['unsigned long']],
+    'Status' : [ 0x10, ['long']],
+    'DeviceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'DeviceTypeFlags' : [ 0x18, ['unsigned long']],
+    'IrpMinor' : [ 0x1c, ['unsigned char']],
+    'Waking' : [ 0x1d, ['unsigned char']],
+    'SystemState' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'NextSystemState' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'EffectiveSystemState' : [ 0x28, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'CurrentSystemState' : [ 0x2c, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'ShutdownBugCode' : [ 0x30, ['pointer', ['_POP_SHUTDOWN_BUG_CHECK']]],
+    'DevState' : [ 0x34, ['pointer', ['_POP_DEVICE_SYS_STATE']]],
+    'HiberContext' : [ 0x38, ['pointer', ['_POP_HIBER_CONTEXT']]],
+    'WakeTime' : [ 0x40, ['unsigned long long']],
+    'SleepTime' : [ 0x48, ['unsigned long long']],
+    'WakeFirstUnattendedTime' : [ 0x50, ['unsigned long long']],
+    'WakeAlarmSignaled' : [ 0x58, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'WakeAlarm' : [ 0x60, ['array', 3, ['__unnamed_2d41']]],
+    'WakeAlarmPaused' : [ 0xa8, ['unsigned char']],
+    'WakeAlarmLastTime' : [ 0xb0, ['unsigned long long']],
+    'DozeDeferralStartTime' : [ 0xb8, ['unsigned long long']],
+    'FilteredCapabilities' : [ 0xc0, ['SYSTEM_POWER_CAPABILITIES']],
+    'WatchdogLock' : [ 0x10c, ['unsigned long']],
+    'WatchdogDpc' : [ 0x110, ['_KDPC']],
+    'WatchdogTimer' : [ 0x130, ['_KTIMER']],
+    'WatchdogInitialized' : [ 0x158, ['unsigned char']],
+    'WatchdogState' : [ 0x15c, ['Enumeration', dict(target = 'long', choices = {0: u'PopPowerActionWatchdogStateDisabled', 1: u'PopPowerActionWatchdogStateTransitioning', 2: u'PopPowerActionWatchdogStateResuming', 3: u'PopPowerActionWatchdogStateMax'})]],
+    'WatchdogStartTime' : [ 0x160, ['unsigned long long']],
+    'ActionWorkerThread' : [ 0x168, ['pointer', ['_KTHREAD']]],
+    'PromoteActionWorkerThread' : [ 0x16c, ['pointer', ['_KTHREAD']]],
+    'UnlockAfterSleepWorkerThread' : [ 0x170, ['pointer', ['_KTHREAD']]],
+} ],
+  '_RTL_RANGE_LIST' : [ 0x14, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'Count' : [ 0xc, ['unsigned long']],
+    'Stamp' : [ 0x10, ['unsigned long']],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCIES' : [ 0x18, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x8, ['array', 1, ['_PROCESSOR_PLATFORM_STATE_RESIDENCY']]],
+} ],
+  '_RELATION_LIST' : [ 0x8, {
+    'DeviceObjectList' : [ 0x0, ['pointer', ['_DEVICE_OBJECT_LIST']]],
+    'Sorted' : [ 0x4, ['unsigned char']],
+} ],
+  'PEPHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_COMPRESSED_DATA_INFO' : [ 0xc, {
+    'CompressionFormatAndEngine' : [ 0x0, ['unsigned short']],
+    'CompressionUnitShift' : [ 0x2, ['unsigned char']],
+    'ChunkShift' : [ 0x3, ['unsigned char']],
+    'ClusterShift' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'NumberOfChunks' : [ 0x6, ['unsigned short']],
+    'CompressedChunkSizes' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_MI_PARTITION_ZEROING' : [ 0x74, {
+    'PageEvent' : [ 0x0, ['_KEVENT']],
+    'ThreadPriorityStatic' : [ 0x10, ['unsigned char']],
+    'AdaptiveZeroingEnabled' : [ 0x11, ['unsigned char']],
+    'ZeroFreePageSlistMinimum' : [ 0x14, ['long']],
+    'RebalanceZeroFreeWorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+    'NodeCount' : [ 0x28, ['long']],
+    'LargeBootZeroingComplete' : [ 0x2c, ['_KGATE']],
+    'WriteCalibration' : [ 0x3c, ['_MI_WRITE_CALIBRATION']],
+    'IpiCalibrationFailed' : [ 0x54, ['unsigned char']],
+    'ActiveProcessorsForIpiCalibration' : [ 0x58, ['long']],
+    'NodesReadyForIpiCalibration' : [ 0x5c, ['long']],
+    'ReleaseNodeZeroingThreads' : [ 0x60, ['_KEVENT']],
+    'ThreadContext' : [ 0x70, ['pointer', ['_MI_ZERO_THREAD_CONTEXT']]],
+} ],
+  '_KERNEL_STACK_SEGMENT' : [ 0x10, {
+    'StackBase' : [ 0x0, ['unsigned long']],
+    'StackLimit' : [ 0x4, ['unsigned long']],
+    'KernelStack' : [ 0x8, ['unsigned long']],
+    'InitialStack' : [ 0xc, ['unsigned long']],
+} ],
+  '_POP_FX_DRIVER_CALLBACKS' : [ 0x28, {
+    'ComponentActive' : [ 0x0, ['pointer', ['void']]],
+    'ComponentIdle' : [ 0x4, ['pointer', ['void']]],
+    'ComponentIdleState' : [ 0x8, ['pointer', ['void']]],
+    'DevicePowerRequired' : [ 0xc, ['pointer', ['void']]],
+    'DevicePowerNotRequired' : [ 0x10, ['pointer', ['void']]],
+    'PowerControl' : [ 0x14, ['pointer', ['void']]],
+    'ComponentCriticalTransition' : [ 0x18, ['pointer', ['void']]],
+    'DripsWatchdogCallback' : [ 0x1c, ['pointer', ['void']]],
+    'DirectedPowerUpCallback' : [ 0x20, ['pointer', ['void']]],
+    'DirectedPowerDownCallback' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_FAST_ERESOURCE_INTERNAL' : [ 0x38, {
+    'SystemResourcesList' : [ 0x0, ['_LIST_ENTRY']],
+    'ReservedPointer' : [ 0x8, ['pointer', ['void']]],
+    'ActiveCount' : [ 0xc, ['short']],
+    'Flag' : [ 0xe, ['unsigned short']],
+    'SharedWaiters' : [ 0x10, ['_KWAIT_CHAIN']],
+    'ExclusiveWaiters' : [ 0x14, ['_KWAIT_CHAIN']],
+    'OwnerEntryListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'ActiveEntries' : [ 0x20, ['unsigned long']],
+    'ContentionCount' : [ 0x24, ['unsigned long']],
+    'NumberOfSharedWaiters' : [ 0x28, ['unsigned long']],
+    'NumberOfExclusiveWaiters' : [ 0x2c, ['unsigned long']],
+    'Address' : [ 0x30, ['pointer', ['void']]],
+    'CreatorBackTraceIndex' : [ 0x30, ['unsigned long']],
+    'SpinLock' : [ 0x34, ['unsigned long']],
+} ],
+  '_MMSUPPORT_FLAGS' : [ 0x4, {
+    'WorkingSetType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 3, native_type='unsigned char')]],
+    'Reserved0' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned char')]],
+    'MaximumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'MinimumWorkingSetHard' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'SessionMaster' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'TrimmerState' : [ 0x1, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'Reserved' : [ 0x1, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageStealers' : [ 0x1, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'u1' : [ 0x0, ['unsigned short']],
+    'MemoryPriority' : [ 0x2, ['unsigned char']],
+    'WsleDeleted' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'SvmEnabled' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ForceAge' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ForceTrim' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'NewMaximum' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'CommitReleaseState' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 7, native_type='unsigned char')]],
+    'u2' : [ 0x3, ['unsigned char']],
+} ],
+  '_BLOB_COUNTERS' : [ 0x8, {
+    'CreatedObjects' : [ 0x0, ['unsigned long']],
+    'DeletedObjects' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_CACHE_VIEW_ATTRIBUTES' : [ 0x8, {
+    'NumberOfPtes' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 6, native_type='unsigned long long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned long long')]],
+    'SectionOffset' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_GIC' : [ 0x4, {
+    'LineNumber' : [ 0x0, ['unsigned long']],
+} ],
+  '_WAITING_IRP' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'CompletionRoutine' : [ 0xc, ['pointer', ['void']]],
+    'Context' : [ 0x10, ['pointer', ['void']]],
+    'Event' : [ 0x14, ['pointer', ['_KEVENT']]],
+    'Information' : [ 0x18, ['unsigned long']],
+    'BreakAllRH' : [ 0x1c, ['unsigned char']],
+    'OplockBreakNotify' : [ 0x1d, ['unsigned char']],
+    'FileObject' : [ 0x20, ['pointer', ['_FILE_OBJECT']]],
+} ],
+  '_WHEA_ERROR_PACKET_FLAGS' : [ 0x4, {
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'CriticalEvent' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'HypervisorError' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'PlatformPfaControl' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PlatformDirectedOffline' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'AddressTranslationRequired' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AddressTranslationCompleted' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'Reserved2' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTIMER_EXPIRATION_TRACE' : [ 0x10, {
+    'InterruptTime' : [ 0x0, ['unsigned long long']],
+    'PerformanceCounter' : [ 0x8, ['_LARGE_INTEGER']],
+} ],
+  '_MMPTE_LIST' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'OneEntry' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'filler0' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'filler2' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 32, native_type='unsigned long long')]],
+    'NextEntry' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_VI_POOL_PAGE_HEADER' : [ 0xc, {
+    'NextPage' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'VerifierEntry' : [ 0x4, ['pointer', ['void']]],
+    'Signature' : [ 0x8, ['unsigned long']],
+} ],
+  '_PLATFORM_IDLE_STATE_ACCOUNTING' : [ 0x3f0, {
+    'CancelCount' : [ 0x0, ['unsigned long']],
+    'FailureCount' : [ 0x4, ['unsigned long']],
+    'SuccessCount' : [ 0x8, ['unsigned long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'TotalTime' : [ 0x20, ['unsigned long long']],
+    'InvalidBucketIndex' : [ 0x28, ['unsigned long']],
+    'SelectionStatistics' : [ 0x30, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xb0, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_FILE_STANDARD_INFORMATION' : [ 0x18, {
+    'AllocationSize' : [ 0x0, ['_LARGE_INTEGER']],
+    'EndOfFile' : [ 0x8, ['_LARGE_INTEGER']],
+    'NumberOfLinks' : [ 0x10, ['unsigned long']],
+    'DeletePending' : [ 0x14, ['unsigned char']],
+    'Directory' : [ 0x15, ['unsigned char']],
+} ],
+  '_PROC_FEEDBACK' : [ 0x88, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'CyclesLast' : [ 0x8, ['unsigned long long']],
+    'CyclesActive' : [ 0x10, ['unsigned long long']],
+    'Counters' : [ 0x18, ['array', 2, ['pointer', ['_PROC_FEEDBACK_COUNTER']]]],
+    'LastUpdateTime' : [ 0x20, ['unsigned long long']],
+    'UnscaledTime' : [ 0x28, ['unsigned long long']],
+    'UnaccountedTime' : [ 0x30, ['long long']],
+    'ScaledTime' : [ 0x38, ['array', 2, ['unsigned long long']]],
+    'UnaccountedKernelTime' : [ 0x48, ['unsigned long long']],
+    'PerformanceScaledKernelTime' : [ 0x50, ['unsigned long long']],
+    'UserTimeLast' : [ 0x58, ['unsigned long']],
+    'KernelTimeLast' : [ 0x5c, ['unsigned long']],
+    'IdleGenerationNumberLast' : [ 0x60, ['unsigned long long']],
+    'HvActiveTimeLast' : [ 0x68, ['unsigned long long']],
+    'StallCyclesLast' : [ 0x70, ['unsigned long long']],
+    'StallTime' : [ 0x78, ['unsigned long long']],
+    'KernelTimesIndex' : [ 0x80, ['unsigned char']],
+    'CounterDiscardsIdleTime' : [ 0x81, ['unsigned char']],
+} ],
+  '_KPROCESSOR_STATE' : [ 0x320, {
+    'ContextFrame' : [ 0x0, ['_CONTEXT']],
+    'SpecialRegisters' : [ 0x2cc, ['_KSPECIAL_REGISTERS']],
+} ],
+  '_TIMELINE_BITMAP' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x0, ['unsigned long']],
+    'Bitmap' : [ 0x4, ['unsigned long']],
+} ],
+  '_PROC_FEEDBACK_COUNTER' : [ 0x28, {
+    'InstantaneousRead' : [ 0x0, ['pointer', ['void']]],
+    'DifferentialRead' : [ 0x0, ['pointer', ['void']]],
+    'LastActualCount' : [ 0x8, ['unsigned long long']],
+    'LastReferenceCount' : [ 0x10, ['unsigned long long']],
+    'CachedValue' : [ 0x18, ['unsigned long']],
+    'Affinitized' : [ 0x20, ['unsigned char']],
+    'Differential' : [ 0x21, ['unsigned char']],
+    'DiscardIdleTime' : [ 0x22, ['unsigned char']],
+    'Scaling' : [ 0x23, ['unsigned char']],
+    'Context' : [ 0x24, ['unsigned long']],
+} ],
+  '_DBGKD_SWITCH_PARTITION' : [ 0x4, {
+    'Partition' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_DRIVER_VA' : [ 0x18, {
+    'Next' : [ 0x0, ['pointer', ['_MI_DRIVER_VA']]],
+    'PointerPte' : [ 0x4, ['pointer', ['_MMPTE']]],
+    'BitMap' : [ 0x8, ['_RTL_BITMAP']],
+    'Hint' : [ 0x10, ['unsigned long']],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '_LEARNING_MODE_DATA' : [ 0x8, {
+    'Settings' : [ 0x0, ['unsigned long']],
+    'Enabled' : [ 0x4, ['unsigned char']],
+    'PermissiveModeEnabled' : [ 0x5, ['unsigned char']],
+} ],
+  '_ETW_REALTIME_CONSUMER' : [ 0x58, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'ProcessHandle' : [ 0x8, ['pointer', ['void']]],
+    'ProcessObject' : [ 0xc, ['pointer', ['_EPROCESS']]],
+    'NextNotDelivered' : [ 0x10, ['pointer', ['void']]],
+    'RealtimeConnectContext' : [ 0x14, ['pointer', ['void']]],
+    'DisconnectEvent' : [ 0x18, ['pointer', ['_KEVENT']]],
+    'DataAvailableEvent' : [ 0x1c, ['pointer', ['_KEVENT']]],
+    'UserBufferCount' : [ 0x20, ['pointer', ['unsigned long']]],
+    'UserBufferListHead' : [ 0x24, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+    'BuffersLost' : [ 0x28, ['unsigned long']],
+    'EmptyBuffersCount' : [ 0x2c, ['unsigned long']],
+    'LoggerId' : [ 0x30, ['unsigned short']],
+    'Flags' : [ 0x32, ['unsigned char']],
+    'ShutDownRequested' : [ 0x32, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'NewBuffersLost' : [ 0x32, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Disconnected' : [ 0x32, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'Notified' : [ 0x32, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'ReservedBufferSpaceBitMap' : [ 0x34, ['_RTL_BITMAP']],
+    'ReservedBufferSpace' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'ReservedBufferSpaceSize' : [ 0x40, ['unsigned long']],
+    'UserPagesAllocated' : [ 0x44, ['unsigned long']],
+    'UserPagesReused' : [ 0x48, ['unsigned long']],
+    'EventsLostCount' : [ 0x4c, ['pointer', ['unsigned long']]],
+    'BuffersLostCount' : [ 0x50, ['pointer', ['unsigned long']]],
+    'SiloState' : [ 0x54, ['pointer', ['_ETW_SILODRIVERSTATE']]],
+} ],
+  '_PAE_PAGEINFO' : [ 0x10, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'PageFrameNumber' : [ 0x8, ['unsigned long']],
+    'EntriesInUse' : [ 0xc, ['unsigned long']],
+} ],
+  '_IA64_DBGKD_CONTROL_SET' : [ 0x14, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long long']],
+    'CurrentSymbolEnd' : [ 0xc, ['unsigned long long']],
+} ],
+  'tagSWITCH_CONTEXT_ATTRIBUTE' : [ 0x18, {
+    'ulContextUpdateCounter' : [ 0x0, ['unsigned long long']],
+    'fAllowContextUpdate' : [ 0x8, ['long']],
+    'fEnableTrace' : [ 0xc, ['long']],
+    'EtwHandle' : [ 0x10, ['unsigned long long']],
+} ],
+  '_POP_HIBER_CONTEXT' : [ 0x138, {
+    'Reset' : [ 0x0, ['unsigned char']],
+    'HiberFlags' : [ 0x1, ['unsigned char']],
+    'WroteHiberFile' : [ 0x2, ['unsigned char']],
+    'KernelPhaseVerificationActive' : [ 0x3, ['unsigned char']],
+    'InitializationFinished' : [ 0x4, ['unsigned char']],
+    'NextTableLockHeld' : [ 0x8, ['long']],
+    'BootPhaseFinishedBarrier' : [ 0xc, ['long']],
+    'KernelResumeFinishedBarrier' : [ 0x10, ['long']],
+    'HvCaptureReadyBarrier' : [ 0x14, ['long']],
+    'HvCaptureCompletedBarrier' : [ 0x18, ['long']],
+    'MapFrozen' : [ 0x1c, ['unsigned char']],
+    'DiscardMap' : [ 0x20, ['_RTL_BITMAP']],
+    'KernelPhaseMap' : [ 0x20, ['_RTL_BITMAP']],
+    'BootPhaseMap' : [ 0x28, ['_RTL_BITMAP']],
+    'ClonedRanges' : [ 0x30, ['_LIST_ENTRY']],
+    'ClonedRangeCount' : [ 0x38, ['unsigned long']],
+    'ClonedPageCount' : [ 0x40, ['unsigned long long']],
+    'CurrentMap' : [ 0x48, ['pointer', ['_RTL_BITMAP']]],
+    'NextCloneRange' : [ 0x4c, ['pointer', ['_LIST_ENTRY']]],
+    'NextPreserve' : [ 0x50, ['unsigned long']],
+    'LoaderMdl' : [ 0x54, ['pointer', ['_MDL']]],
+    'AllocatedMdl' : [ 0x58, ['pointer', ['_MDL']]],
+    'PagesOut' : [ 0x60, ['unsigned long long']],
+    'IoPages' : [ 0x68, ['pointer', ['void']]],
+    'IoPagesCount' : [ 0x6c, ['unsigned long']],
+    'CurrentMcb' : [ 0x70, ['pointer', ['void']]],
+    'DumpStack' : [ 0x74, ['pointer', ['_DUMP_STACK_CONTEXT']]],
+    'WakeState' : [ 0x78, ['pointer', ['_KPROCESSOR_STATE']]],
+    'IoProgress' : [ 0x7c, ['unsigned long']],
+    'Status' : [ 0x80, ['long']],
+    'GraphicsProc' : [ 0x84, ['unsigned long']],
+    'MemoryImage' : [ 0x88, ['pointer', ['PO_MEMORY_IMAGE']]],
+    'PerformanceStats' : [ 0x8c, ['pointer', ['unsigned long']]],
+    'BootLoaderLogMdl' : [ 0x90, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationMdl' : [ 0x94, ['pointer', ['_MDL']]],
+    'FirmwareRuntimeInformationVa' : [ 0x98, ['pointer', ['void']]],
+    'ResumeContext' : [ 0x9c, ['pointer', ['void']]],
+    'ResumeContextPages' : [ 0xa0, ['unsigned long']],
+    'ProcessorCount' : [ 0xa4, ['unsigned long']],
+    'ProcessorContext' : [ 0xa8, ['pointer', ['_POP_PER_PROCESSOR_CONTEXT']]],
+    'ProdConsBuffer' : [ 0xac, ['pointer', ['unsigned char']]],
+    'ProdConsSize' : [ 0xb0, ['unsigned long']],
+    'MaxDataPages' : [ 0xb4, ['unsigned long']],
+    'ExtraBuffer' : [ 0xb8, ['pointer', ['void']]],
+    'ExtraBufferSize' : [ 0xbc, ['unsigned long']],
+    'ExtraMapVa' : [ 0xc0, ['pointer', ['void']]],
+    'BitlockerKeyPFN' : [ 0xc4, ['unsigned long']],
+    'IoInfo' : [ 0xc8, ['_POP_IO_INFO']],
+    'IoChecksums' : [ 0x128, ['pointer', ['wchar']]],
+    'IoChecksumsSize' : [ 0x12c, ['unsigned long']],
+    'HardwareConfigurationSignature' : [ 0x130, ['unsigned long']],
+    'SecureBoot' : [ 0x134, ['unsigned char']],
+} ],
+  '_SEP_CACHED_HANDLES_TABLE' : [ 0x8, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'HashTable' : [ 0x4, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+} ],
+  '_PPM_FFH_THROTTLE_STATE_INFO' : [ 0x20, {
+    'EnableLogging' : [ 0x0, ['unsigned char']],
+    'MismatchCount' : [ 0x4, ['unsigned long']],
+    'Initialized' : [ 0x8, ['unsigned char']],
+    'LastValue' : [ 0x10, ['unsigned long long']],
+    'LastLogTickCount' : [ 0x18, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_2dc2' : [ 0x4, {
+    'Active' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'OnlyTryAcquireUsed' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ReleasedOutOfOrder' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'Whole' : [ 0x0, ['unsigned long']],
+} ],
+  '_VI_DEADLOCK_NODE' : [ 0x6c, {
+    'Parent' : [ 0x0, ['pointer', ['_VI_DEADLOCK_NODE']]],
+    'ChildrenList' : [ 0x4, ['_LIST_ENTRY']],
+    'SiblingsList' : [ 0xc, ['_LIST_ENTRY']],
+    'ResourceList' : [ 0x14, ['_LIST_ENTRY']],
+    'FreeListEntry' : [ 0x14, ['_LIST_ENTRY']],
+    'Root' : [ 0x1c, ['pointer', ['_VI_DEADLOCK_RESOURCE']]],
+    'ThreadEntry' : [ 0x20, ['pointer', ['_VI_DEADLOCK_THREAD']]],
+    'u1' : [ 0x24, ['__unnamed_2dc2']],
+    'ChildrenCount' : [ 0x28, ['long']],
+    'StackTrace' : [ 0x2c, ['array', 8, ['pointer', ['void']]]],
+    'ParentStackTrace' : [ 0x4c, ['array', 8, ['pointer', ['void']]]],
+} ],
+  '_RTL_TIME_ZONE_INFORMATION' : [ 0xac, {
+    'Bias' : [ 0x0, ['long']],
+    'StandardName' : [ 0x4, ['array', 32, ['wchar']]],
+    'StandardStart' : [ 0x44, ['_TIME_FIELDS']],
+    'StandardBias' : [ 0x54, ['long']],
+    'DaylightName' : [ 0x58, ['array', 32, ['wchar']]],
+    'DaylightStart' : [ 0x98, ['_TIME_FIELDS']],
+    'DaylightBias' : [ 0xa8, ['long']],
+} ],
+  '_VF_AVL_TREE_NODE' : [ 0x8, {
+    'p' : [ 0x0, ['pointer', ['void']]],
+    'RangeSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_PARTITION_COMMIT' : [ 0x24, {
+    'PeakCommitment' : [ 0x0, ['unsigned long']],
+    'TotalCommitLimitMaximum' : [ 0x4, ['unsigned long']],
+    'Popups' : [ 0x8, ['array', 2, ['long']]],
+    'LowCommitThreshold' : [ 0x10, ['unsigned long']],
+    'HighCommitThreshold' : [ 0x14, ['unsigned long']],
+    'EventLock' : [ 0x18, ['unsigned long']],
+    'SystemCommitReserve' : [ 0x1c, ['unsigned long']],
+    'OverCommit' : [ 0x20, ['unsigned long']],
+} ],
+  '_TRIAGE_DEVICE_NODE' : [ 0x2c, {
+    'Sibling' : [ 0x0, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Child' : [ 0x4, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'Parent' : [ 0x8, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'LastChild' : [ 0xc, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'InstancePath' : [ 0x14, ['_UNICODE_STRING']],
+    'ServiceName' : [ 0x1c, ['_UNICODE_STRING']],
+    'PendingIrp' : [ 0x24, ['pointer', ['_IRP']]],
+    'FxDevice' : [ 0x28, ['pointer', ['_TRIAGE_POP_FX_DEVICE']]],
+} ],
+  '_DIAGNOSTIC_BUFFER' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'CallerType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'ProcessImageNameOffset' : [ 0x8, ['unsigned long']],
+    'ProcessId' : [ 0xc, ['unsigned long']],
+    'ServiceTag' : [ 0x10, ['unsigned long']],
+    'DeviceDescriptionOffset' : [ 0x8, ['unsigned long']],
+    'DevicePathOffset' : [ 0xc, ['unsigned long']],
+    'ReasonOffset' : [ 0x14, ['unsigned long']],
+} ],
+  '_MMEXTEND_INFO' : [ 0x10, {
+    'CommittedSize' : [ 0x0, ['unsigned long long']],
+    'ReferenceCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_WHEA_ERROR_SOURCE_CONFIGURATION_DD' : [ 0xc, {
+    'Initialize' : [ 0x0, ['pointer', ['void']]],
+    'Uninitialize' : [ 0x4, ['pointer', ['void']]],
+    'Correct' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_VALIDBITS' : [ 0x4, {
+    'PlatformId' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Timestamp' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PartitionId' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_ARBITER_ALTERNATIVE' : [ 0x38, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+    'Length' : [ 0x10, ['unsigned long long']],
+    'Alignment' : [ 0x18, ['unsigned long long']],
+    'Priority' : [ 0x20, ['long']],
+    'Flags' : [ 0x24, ['unsigned long']],
+    'Descriptor' : [ 0x28, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Reserved' : [ 0x2c, ['array', 3, ['unsigned long']]],
+} ],
+  '_DBGKD_GET_VERSION64' : [ 0x28, {
+    'MajorVersion' : [ 0x0, ['unsigned short']],
+    'MinorVersion' : [ 0x2, ['unsigned short']],
+    'ProtocolVersion' : [ 0x4, ['unsigned char']],
+    'KdSecondaryVersion' : [ 0x5, ['unsigned char']],
+    'Flags' : [ 0x6, ['unsigned short']],
+    'MachineType' : [ 0x8, ['unsigned short']],
+    'MaxPacketType' : [ 0xa, ['unsigned char']],
+    'MaxStateChange' : [ 0xb, ['unsigned char']],
+    'MaxManipulate' : [ 0xc, ['unsigned char']],
+    'Simulation' : [ 0xd, ['unsigned char']],
+    'Unused' : [ 0xe, ['array', 1, ['unsigned short']]],
+    'KernBase' : [ 0x10, ['unsigned long long']],
+    'PsLoadedModuleList' : [ 0x18, ['unsigned long long']],
+    'DebuggerDataList' : [ 0x20, ['unsigned long long']],
+} ],
+  '_POP_SHUTDOWN_BUG_CHECK' : [ 0x24, {
+    'InitiatingThread' : [ 0x0, ['pointer', ['_ETHREAD']]],
+    'InitiatingProcess' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ThreadId' : [ 0x8, ['pointer', ['void']]],
+    'ProcessId' : [ 0xc, ['pointer', ['void']]],
+    'Code' : [ 0x10, ['unsigned long']],
+    'Parameter1' : [ 0x14, ['unsigned long']],
+    'Parameter2' : [ 0x18, ['unsigned long']],
+    'Parameter3' : [ 0x1c, ['unsigned long']],
+    'Parameter4' : [ 0x20, ['unsigned long']],
+} ],
+  '_OBJECT_CREATE_INFORMATION' : [ 0x2c, {
+    'Attributes' : [ 0x0, ['unsigned long']],
+    'RootDirectory' : [ 0x4, ['pointer', ['void']]],
+    'ProbeMode' : [ 0x8, ['unsigned char']],
+    'PagedPoolCharge' : [ 0xc, ['unsigned long']],
+    'NonPagedPoolCharge' : [ 0x10, ['unsigned long']],
+    'SecurityDescriptorCharge' : [ 0x14, ['unsigned long']],
+    'SecurityDescriptor' : [ 0x18, ['pointer', ['void']]],
+    'SecurityQos' : [ 0x1c, ['pointer', ['_SECURITY_QUALITY_OF_SERVICE']]],
+    'SecurityQualityOfService' : [ 0x20, ['_SECURITY_QUALITY_OF_SERVICE']],
+} ],
+  '_ETW_FILTER_STRING_TOKEN_ELEMENT' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'String' : [ 0x4, ['pointer', ['wchar']]],
+} ],
+  '_VI_DEADLOCK_GLOBALS' : [ 0x40f0, {
+    'TimeAcquire' : [ 0x0, ['long long']],
+    'TimeRelease' : [ 0x8, ['long long']],
+    'ResourceDatabase' : [ 0x10, ['pointer', ['_LIST_ENTRY']]],
+    'ResourceDatabaseCount' : [ 0x14, ['unsigned long']],
+    'ResourceAddressRange' : [ 0x18, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'ThreadDatabase' : [ 0x2010, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadDatabaseCount' : [ 0x2014, ['unsigned long']],
+    'ThreadAddressRange' : [ 0x2018, ['array', 1023, ['_VF_ADDRESS_RANGE']]],
+    'AllocationFailures' : [ 0x4010, ['unsigned long']],
+    'NodesTrimmedBasedOnAge' : [ 0x4014, ['unsigned long']],
+    'NodesTrimmedBasedOnCount' : [ 0x4018, ['unsigned long']],
+    'NodesSearched' : [ 0x401c, ['unsigned long']],
+    'MaxNodesSearched' : [ 0x4020, ['unsigned long']],
+    'SequenceNumber' : [ 0x4024, ['unsigned long']],
+    'RecursionDepthLimit' : [ 0x4028, ['unsigned long']],
+    'SearchedNodesLimit' : [ 0x402c, ['unsigned long']],
+    'DepthLimitHits' : [ 0x4030, ['unsigned long']],
+    'SearchLimitHits' : [ 0x4034, ['unsigned long']],
+    'StackLimitHits' : [ 0x4038, ['unsigned long']],
+    'ABC_ACB_Skipped' : [ 0x403c, ['unsigned long']],
+    'OutOfOrderReleases' : [ 0x4040, ['unsigned long']],
+    'NodesReleasedOutOfOrder' : [ 0x4044, ['unsigned long']],
+    'TotalReleases' : [ 0x4048, ['unsigned long']],
+    'RootNodesDeleted' : [ 0x404c, ['unsigned long']],
+    'ForgetHistoryCounter' : [ 0x4050, ['unsigned long']],
+    'Instigator' : [ 0x4054, ['pointer', ['void']]],
+    'NumberOfParticipants' : [ 0x4058, ['unsigned long']],
+    'Participant' : [ 0x405c, ['array', 32, ['pointer', ['_VI_DEADLOCK_NODE']]]],
+    'ChildrenCountWatermark' : [ 0x40dc, ['long']],
+    'StackType' : [ 0x40e0, ['Enumeration', dict(target = 'long', choices = {0: u'BugcheckStackLimits', 1: u'DPCStackLimits', 2: u'ExpandedStackLimits', 3: u'NormalStackLimits', 4: u'Win32kStackLimits', 5: u'SwapBusyStackLimits', 6: u'IsrStackLimits', 7: u'DebuggerStackLimits', 8: u'NmiStackLimits', 9: u'MachineCheckStackLimits', 10: u'ExceptionStackLimits', 11: u'MaximumStackLimits'})]],
+    'StackLowLimit' : [ 0x40e4, ['unsigned long']],
+    'StackHighLimit' : [ 0x40e8, ['unsigned long']],
+} ],
+  '_KTIMER' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'DueTime' : [ 0x10, ['_ULARGE_INTEGER']],
+    'TimerListEntry' : [ 0x18, ['_LIST_ENTRY']],
+    'Dpc' : [ 0x20, ['pointer', ['_KDPC']]],
+    'Period' : [ 0x24, ['unsigned long']],
+} ],
+  '_IMAGE_SECURITY_CONTEXT' : [ 0x4, {
+    'PageHashes' : [ 0x0, ['pointer', ['void']]],
+    'Value' : [ 0x0, ['unsigned long']],
+    'SecurityBeingCreated' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'SecurityMandatory' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'PageHashPointer' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ARBITER_LIST_ENTRY' : [ 0x38, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AlternativeCount' : [ 0x8, ['unsigned long']],
+    'Alternatives' : [ 0xc, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'PhysicalDeviceObject' : [ 0x10, ['pointer', ['_DEVICE_OBJECT']]],
+    'RequestSource' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterRequestLegacyReported', 1: u'ArbiterRequestHalReported', 2: u'ArbiterRequestLegacyAssigned', 3: u'ArbiterRequestPnpDetected', 4: u'ArbiterRequestPnpEnumerated', -1: u'ArbiterRequestUndefined'})]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'WorkSpace' : [ 0x1c, ['long']],
+    'InterfaceType' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'SlotNumber' : [ 0x24, ['unsigned long']],
+    'BusNumber' : [ 0x28, ['unsigned long']],
+    'Assignment' : [ 0x2c, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+    'SelectedAlternative' : [ 0x30, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'Result' : [ 0x34, ['Enumeration', dict(target = 'long', choices = {0: u'ArbiterResultSuccess', 1: u'ArbiterResultExternalConflict', 2: u'ArbiterResultNullRequest', -1: u'ArbiterResultUndefined'})]],
+} ],
+  '_MI_PAGING_IO_STATE' : [ 0x60, {
+    'PageFileHead' : [ 0x0, ['_RTL_AVL_TREE']],
+    'PageFileHeadSpinLock' : [ 0x4, ['long']],
+    'PrefetchSeekThreshold' : [ 0x8, ['long']],
+    'InPageSinglePages' : [ 0xc, ['unsigned long']],
+    'InPageSupportSListHead' : [ 0x10, ['array', 2, ['_SLIST_HEADER']]],
+    'ReservedInPageSupportSListHead' : [ 0x20, ['array', 2, ['_SLIST_HEADER']]],
+    'InPageSupportSListMinimum' : [ 0x30, ['array', 2, ['unsigned char']]],
+    'FirstReservedInPageBlock' : [ 0x34, ['array', 2, ['pointer', ['_MMINPAGE_SUPPORT']]]],
+    'LastReservedInPageBlock' : [ 0x3c, ['array', 2, ['pointer', ['_MMINPAGE_SUPPORT']]]],
+    'ReservedPtes' : [ 0x44, ['pointer', ['_MMPTE']]],
+    'ReservedPtesLock' : [ 0x48, ['unsigned long']],
+    'ReservedPtesBitBuffer' : [ 0x4c, ['unsigned long']],
+    'DelayPageFaults' : [ 0x50, ['long']],
+    'FileCompressionBoundary' : [ 0x54, ['unsigned long']],
+    'MdlsAdjusted' : [ 0x58, ['unsigned char']],
+} ],
+  '__unnamed_2e0a' : [ 0x4, {
+    'EntryBecameEmpty' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+    'AllFlags' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_SLAB_ALLOCATOR_CONTEXT' : [ 0x48, {
+    'AllocationsTree' : [ 0x0, ['_RTL_RB_TREE']],
+    'Lock' : [ 0x8, ['long']],
+    'SlabEntryHint' : [ 0xc, ['pointer', ['_MI_SLAB_ALLOCATOR_ENTRY']]],
+    'FreePageCount' : [ 0x10, ['unsigned long']],
+    'SlabEntryCount' : [ 0x14, ['unsigned long']],
+    'Type' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'MiSlabAllocatorTypeSlatProtected', 1: u'MiSlabAllocatorTypeUnprotected', 2: u'MiSlabAllocatorTypeMax'})]],
+    'Protection' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'MiSlabAllocatorProtectionReadExecute', 1: u'MiSlabAllocatorProtectionReadOnly', 2: u'MiSlabAllocatorProtectionNoAccess', 3: u'MiSlabAllocatorProtectionReadWrite', 4: u'MiSlabAllocatorProtectionMax'})]],
+    'Flags' : [ 0x20, ['__unnamed_2e0a']],
+    'StandbyList' : [ 0x24, ['_MMPFNLIST']],
+    'LastReplenishTime' : [ 0x38, ['unsigned long long']],
+    'LastFailureTime' : [ 0x40, ['unsigned long long']],
+} ],
+  '_MI_STANDBY_STATE' : [ 0x48, {
+    'FirstDecayPage' : [ 0x0, ['unsigned long']],
+    'PfnDecayFreeSList' : [ 0x8, ['_SLIST_HEADER']],
+    'PfnRepurposeLog' : [ 0x10, ['pointer', ['_MM_PAGE_ACCESS_INFO_HEADER']]],
+    'AllocatePfnRepurposeDpc' : [ 0x14, ['_KDPC']],
+    'PageHeatListSlist' : [ 0x38, ['_SLIST_HEADER']],
+    'PageHeatListDisableAllocation' : [ 0x40, ['long']],
+} ],
+  '_MI_DECAY_TIMER_LINKAGE' : [ 0x4, {
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned long')]],
+    'Spare1' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'NextDecayPfn' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_SECURITY_DESCRIPTOR_RELATIVE' : [ 0x14, {
+    'Revision' : [ 0x0, ['unsigned char']],
+    'Sbz1' : [ 0x1, ['unsigned char']],
+    'Control' : [ 0x2, ['unsigned short']],
+    'Owner' : [ 0x4, ['unsigned long']],
+    'Group' : [ 0x8, ['unsigned long']],
+    'Sacl' : [ 0xc, ['unsigned long']],
+    'Dacl' : [ 0x10, ['unsigned long']],
+} ],
+  '_PRIVATE_CACHE_MAP_FLAGS' : [ 0x4, {
+    'DontUse' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long')]],
+    'ReadAheadActive' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'ReadAheadEnabled' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'PagePriority' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 21, native_type='unsigned long')]],
+    'PipelineReadAheads' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'Available' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_KENTROPY_TIMING_STATE' : [ 0x128, {
+    'EntropyCount' : [ 0x0, ['unsigned long']],
+    'Buffer' : [ 0x4, ['array', 64, ['unsigned long']]],
+    'Dpc' : [ 0x104, ['_KDPC']],
+    'LastDeliveredBuffer' : [ 0x124, ['unsigned long']],
+} ],
+  '_DBGKD_CONTEXT_EX' : [ 0xc, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'ByteCount' : [ 0x4, ['unsigned long']],
+    'BytesCopied' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROCESSOR_IDLE_DEPENDENCY' : [ 0x8, {
+    'ProcessorIndex' : [ 0x0, ['unsigned long']],
+    'ExpectedState' : [ 0x4, ['unsigned char']],
+    'AllowDeeperStates' : [ 0x5, ['unsigned char']],
+    'LooseDependency' : [ 0x6, ['unsigned char']],
+} ],
+  '_TRIAGE_9F_POWER' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'IrpList' : [ 0x4, ['pointer', ['_LIST_ENTRY']]],
+    'ThreadList' : [ 0x8, ['pointer', ['_LIST_ENTRY']]],
+    'DelayedWorkQueue' : [ 0xc, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+    'DelayedIoWorkQueue' : [ 0x10, ['pointer', ['_TRIAGE_EX_WORK_QUEUE']]],
+} ],
+  '_EXT_IOMMU_DEVICE_ID_PCI' : [ 0x10, {
+    'AsUINT64' : [ 0x0, ['unsigned long long']],
+    'PciSegmentNumber' : [ 0x0, ['unsigned short']],
+    'PhantomFunctionBits' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned short')]],
+    'BusRange' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'DevicePathLength' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 8, native_type='unsigned short')]],
+    'StartBusNumber' : [ 0x2, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned short')]],
+    'Bdf' : [ 0x4, ['unsigned short']],
+    'SubordinateBus' : [ 0x4, ['unsigned char']],
+    'SecondaryBus' : [ 0x5, ['unsigned char']],
+    'DevicePath' : [ 0x8, ['pointer', ['wchar']]],
+} ],
+  '__unnamed_2e26' : [ 0x8, {
+    'IoStatus' : [ 0x0, ['_IO_STATUS_BLOCK']],
+} ],
+  '_MMMOD_WRITER_MDL_ENTRY' : [ 0xa0, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'u' : [ 0x8, ['__unnamed_2e26']],
+    'Irp' : [ 0x10, ['pointer', ['_IRP']]],
+    'u1' : [ 0x14, ['_MODWRITER_FLAGS']],
+    'StoreWriteRefCount' : [ 0x18, ['unsigned long']],
+    'StoreWriteCompletionApc' : [ 0x1c, ['_KAPC']],
+    'ByteCount' : [ 0x4c, ['unsigned long']],
+    'ChargedPages' : [ 0x50, ['unsigned long']],
+    'PagingFile' : [ 0x54, ['pointer', ['_MMPAGING_FILE']]],
+    'File' : [ 0x58, ['pointer', ['_FILE_OBJECT']]],
+    'ControlArea' : [ 0x5c, ['pointer', ['_CONTROL_AREA']]],
+    'FileResource' : [ 0x60, ['pointer', ['_ERESOURCE']]],
+    'WriteOffset' : [ 0x68, ['_LARGE_INTEGER']],
+    'IssueTime' : [ 0x70, ['_LARGE_INTEGER']],
+    'Partition' : [ 0x78, ['pointer', ['_MI_PARTITION']]],
+    'PointerMdl' : [ 0x7c, ['pointer', ['_MDL']]],
+    'Mdl' : [ 0x80, ['_MDL']],
+    'Page' : [ 0x9c, ['array', 1, ['unsigned long']]],
+} ],
+  '_MMINPAGE_SUPPORT_FLOW_THROUGH' : [ 0x1c, {
+    'Page' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'InitialInPageSupport' : [ 0x4, ['pointer', ['_MMINPAGE_SUPPORT']]],
+    'PagingFile' : [ 0x8, ['pointer', ['_MMPAGING_FILE']]],
+    'PageFileOffset' : [ 0xc, ['unsigned long']],
+    'Node' : [ 0x10, ['_RTL_BALANCED_NODE']],
+} ],
+  '_MI_COMBINE_STATE' : [ 0x20, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'CombiningThreadCount' : [ 0x4, ['unsigned long']],
+    'ActiveThreadTree' : [ 0x8, ['_RTL_AVL_TREE']],
+    'CommonPageCombineDomain' : [ 0x10, ['unsigned long long']],
+    'CommonCombineDomainAssigned' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_PAYLOAD_FILTER' : [ 0x58, {
+    'RefCount' : [ 0x0, ['long']],
+    'PayloadFilter' : [ 0x8, ['_AGGREGATED_PAYLOAD_FILTER']],
+} ],
+  '_MI_PAGING_FILE_SPACE_BITMAPS' : [ 0x14, {
+    'RefCount' : [ 0x0, ['unsigned long']],
+    'Anchor' : [ 0x0, ['pointer', ['_MI_PAGING_FILE_SPACE_BITMAPS']]],
+    'AllocationBitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'ReservationBitmap' : [ 0xc, ['_RTL_BITMAP']],
+    'EvictedBitmap' : [ 0xc, ['_RTL_BITMAP']],
+} ],
+  '_HANDLE_TRACE_DB_ENTRY' : [ 0x50, {
+    'ClientId' : [ 0x0, ['_CLIENT_ID']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+    'Type' : [ 0xc, ['unsigned long']],
+    'StackTrace' : [ 0x10, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_HARDWARE_PTE' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Owner' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WriteThrough' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'CacheDisable' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Accessed' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Dirty' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'LargePage' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Global' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'CopyOnWrite' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'reserved0' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'reserved1' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 63, native_type='unsigned long long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 63, end_bit = 64, native_type='unsigned long long')]],
+    'LowPart' : [ 0x0, ['unsigned long']],
+    'HighPart' : [ 0x4, ['unsigned long']],
+} ],
+  '_PTE_TRACKER' : [ 0x44, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Mdl' : [ 0x8, ['pointer', ['_MDL']]],
+    'Count' : [ 0xc, ['unsigned long']],
+    'SystemVa' : [ 0x10, ['pointer', ['void']]],
+    'StartVa' : [ 0x14, ['pointer', ['void']]],
+    'Offset' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+    'Page' : [ 0x20, ['unsigned long']],
+    'IoMapping' : [ 0x24, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Matched' : [ 0x24, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CacheAttribute' : [ 0x24, ['BitField', dict(start_bit = 2, end_bit = 4, native_type='unsigned long')]],
+    'GuardPte' : [ 0x24, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Spare' : [ 0x24, ['BitField', dict(start_bit = 5, end_bit = 32, native_type='unsigned long')]],
+    'StackTrace' : [ 0x28, ['array', 7, ['pointer', ['void']]]],
+} ],
+  '_HIVE_WAIT_PACKET' : [ 0x18, {
+    'WakeEvent' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Next' : [ 0x14, ['pointer', ['_HIVE_WAIT_PACKET']]],
+} ],
+  '_POP_FX_WORK_POOL' : [ 0xa0, {
+    'Plugin' : [ 0x0, ['pointer', ['_POP_FX_PLUGIN']]],
+    'EmergencyWorkQueueLock' : [ 0x4, ['unsigned long']],
+    'EmergencyWorkQueue' : [ 0x8, ['_LIST_ENTRY']],
+    'WorkPoolQueues' : [ 0x10, ['array', 2, ['_KSEMAPHORE']]],
+    'WorkItemStatus' : [ 0x38, ['long']],
+    'WorkItems' : [ 0x3c, ['array', 4, ['_POP_FX_WORK_POOL_ITEM']]],
+    'EmergencyWorkerThread' : [ 0x8c, ['pointer', ['_KTHREAD']]],
+    'DynamicWorkerThreads' : [ 0x90, ['array', 4, ['pointer', ['_KTHREAD']]]],
+} ],
+  '_VF_AVL_TREE_NODE_EX' : [ 0xc, {
+    'Base' : [ 0x0, ['_VF_AVL_TREE_NODE']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+} ],
+  '_VACB_ARRAY_HEADER' : [ 0x10, {
+    'VacbArrayIndex' : [ 0x0, ['unsigned long']],
+    'MappingCount' : [ 0x4, ['unsigned long']],
+    'HighestMappedIndex' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '_CM_INDEX' : [ 0x8, {
+    'Cell' : [ 0x0, ['unsigned long']],
+    'NameHint' : [ 0x4, ['_CM_FAST_LEAF_HINT']],
+    'HashKey' : [ 0x4, ['_CM_COMPONENT_HASH']],
+} ],
+  '_ETW_BUFFER_CONTEXT' : [ 0x4, {
+    'ProcessorNumber' : [ 0x0, ['unsigned char']],
+    'Alignment' : [ 0x1, ['unsigned char']],
+    'ProcessorIndex' : [ 0x0, ['unsigned short']],
+    'LoggerId' : [ 0x2, ['unsigned short']],
+} ],
+  '_WHEA_XPF_MC_BANK_DESCRIPTOR' : [ 0x1c, {
+    'BankNumber' : [ 0x0, ['unsigned char']],
+    'ClearOnInitialization' : [ 0x1, ['unsigned char']],
+    'StatusDataFormat' : [ 0x2, ['unsigned char']],
+    'Flags' : [ 0x3, ['_XPF_MC_BANK_FLAGS']],
+    'ControlMsr' : [ 0x4, ['unsigned long']],
+    'StatusMsr' : [ 0x8, ['unsigned long']],
+    'AddressMsr' : [ 0xc, ['unsigned long']],
+    'MiscMsr' : [ 0x10, ['unsigned long']],
+    'ControlData' : [ 0x14, ['unsigned long long']],
+} ],
+  '_SID_AND_ATTRIBUTES_HASH' : [ 0x88, {
+    'SidCount' : [ 0x0, ['unsigned long']],
+    'SidAttr' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES']]],
+    'Hash' : [ 0x8, ['array', 32, ['unsigned long']]],
+} ],
+  '_PROC_PERF_CHECK_CONTEXT' : [ 0x28, {
+    'Domain' : [ 0x0, ['pointer', ['_PROC_PERF_DOMAIN']]],
+    'Constraint' : [ 0x4, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'PerfCheck' : [ 0x8, ['pointer', ['_PROC_PERF_CHECK']]],
+    'Load' : [ 0xc, ['pointer', ['_PROC_PERF_LOAD']]],
+    'PerfHistory' : [ 0x10, ['pointer', ['_PROC_PERF_HISTORY']]],
+    'Utility' : [ 0x14, ['unsigned long']],
+    'AffinitizedUtility' : [ 0x18, ['unsigned long']],
+    'MediaUtility' : [ 0x1c, ['unsigned long']],
+    'LatestAffinitizedPercent' : [ 0x20, ['unsigned short']],
+    'AveragePerformancePercent' : [ 0x22, ['unsigned short']],
+    'RelativePerformance' : [ 0x24, ['unsigned long']],
+} ],
+  '_ACCESS_REASONS' : [ 0x80, {
+    'Data' : [ 0x0, ['array', 32, ['unsigned long']]],
+} ],
+  '_IMAGE_DATA_DIRECTORY' : [ 0x8, {
+    'VirtualAddress' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_POP_FX_WORK_ORDER' : [ 0x1c, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'WorkCount' : [ 0x10, ['long']],
+    'Context' : [ 0x14, ['pointer', ['void']]],
+    'WatchdogTimerInfo' : [ 0x18, ['pointer', ['_POP_FX_WORK_ORDER_WATCHDOG_INFO']]],
+} ],
+  '_RTL_ATOM_TABLE_REFERENCE' : [ 0x10, {
+    'LowBoxList' : [ 0x0, ['_LIST_ENTRY']],
+    'LowBoxID' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned short']],
+    'Flags' : [ 0xe, ['unsigned short']],
+} ],
+  '_PPM_IDLE_SYNCHRONIZATION_STATE' : [ 0x4, {
+    'AsLong' : [ 0x0, ['long']],
+    'RefCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='long')]],
+    'State' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_PAGELIST_STATE' : [ 0x14, {
+    'ActiveSpinLock' : [ 0x0, ['long']],
+    'ActiveThreadTree' : [ 0x4, ['_RTL_AVL_TREE']],
+    'ActiveZeroSpinLock' : [ 0x8, ['long']],
+    'ActiveZeroThreadTree' : [ 0xc, ['_RTL_AVL_TREE']],
+    'NumberOfLargePageListHeads' : [ 0x10, ['unsigned long']],
+} ],
+  '_CRITICAL_PROCESS_EXCEPTION_DATA' : [ 0x28, {
+    'ReportId' : [ 0x0, ['_GUID']],
+    'ModuleName' : [ 0x10, ['_UNICODE_STRING']],
+    'ModuleTimestamp' : [ 0x18, ['unsigned long']],
+    'ModuleSize' : [ 0x1c, ['unsigned long']],
+    'Offset' : [ 0x20, ['unsigned long long']],
+} ],
+  '__unnamed_2e74' : [ 0x8, {
+    'Head' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long long')]],
+    'Tail' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 48, native_type='unsigned long long')]],
+    'ActiveThreadCount' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '__unnamed_2e76' : [ 0x8, {
+    's1' : [ 0x0, ['__unnamed_2e74']],
+    'Value' : [ 0x0, ['long long']],
+} ],
+  '_ALPC_COMPLETION_LIST_STATE' : [ 0x8, {
+    'u1' : [ 0x0, ['__unnamed_2e76']],
+} ],
+  '_WHEA_TIMESTAMP' : [ 0x8, {
+    'Seconds' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long long')]],
+    'Minutes' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 16, native_type='unsigned long long')]],
+    'Hours' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 24, native_type='unsigned long long')]],
+    'Precise' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 32, native_type='unsigned long long')]],
+    'Day' : [ 0x0, ['BitField', dict(start_bit = 32, end_bit = 40, native_type='unsigned long long')]],
+    'Month' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 48, native_type='unsigned long long')]],
+    'Year' : [ 0x0, ['BitField', dict(start_bit = 48, end_bit = 56, native_type='unsigned long long')]],
+    'Century' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 64, native_type='unsigned long long')]],
+    'AsLARGE_INTEGER' : [ 0x0, ['_LARGE_INTEGER']],
+} ],
+  '_CALL_PERFORMANCE_DATA' : [ 0x204, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'HashTable' : [ 0x4, ['array', 64, ['_LIST_ENTRY']]],
+} ],
+  '_WHEA_XPF_NMI_DESCRIPTOR' : [ 0x3, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'Enabled' : [ 0x2, ['unsigned char']],
+} ],
+  '_IO_IRP_EXT_TRACK_OFFSET_HEADER' : [ 0x8, {
+    'Validation' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'TrackedOffsetCallback' : [ 0x4, ['pointer', ['void']]],
+} ],
+  'tagSWITCH_CONTEXT_DATA' : [ 0x340, {
+    'ullOsMaxVersionTested' : [ 0x0, ['unsigned long long']],
+    'ulTargetPlatform' : [ 0x8, ['unsigned long']],
+    'ullContextMinimum' : [ 0x10, ['unsigned long long']],
+    'guPlatform' : [ 0x18, ['_GUID']],
+    'guMinPlatform' : [ 0x28, ['_GUID']],
+    'ulContextSource' : [ 0x38, ['unsigned long']],
+    'ulElementCount' : [ 0x3c, ['unsigned long']],
+    'guElements' : [ 0x40, ['array', 48, ['_GUID']]],
+} ],
+  '_SESSION_LOWBOX_MAP' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionId' : [ 0x8, ['unsigned long']],
+    'LowboxMap' : [ 0xc, ['_SEP_LOWBOX_NUMBER_MAPPING']],
+} ],
+  '_POP_IO_INFO' : [ 0x60, {
+    'DumpMdl' : [ 0x0, ['pointer', ['_MDL']]],
+    'IoStatus' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'IoReady', 1: u'IoPending', 2: u'IoDone'})]],
+    'IoStartCount' : [ 0x8, ['unsigned long long']],
+    'IoBytesCompleted' : [ 0x10, ['unsigned long long']],
+    'IoBytesInProgress' : [ 0x18, ['unsigned long long']],
+    'RequestSize' : [ 0x20, ['unsigned long long']],
+    'IoLocation' : [ 0x28, ['_LARGE_INTEGER']],
+    'FileOffset' : [ 0x30, ['unsigned long long']],
+    'Buffer' : [ 0x38, ['pointer', ['void']]],
+    'AsyncCapable' : [ 0x3c, ['unsigned char']],
+    'BytesToRead' : [ 0x40, ['unsigned long long']],
+    'Pages' : [ 0x48, ['unsigned long']],
+    'HighestChecksumIndex' : [ 0x50, ['unsigned long long']],
+    'PreviousChecksum' : [ 0x58, ['unsigned short']],
+} ],
+  '_TOKEN_ACCESS_INFORMATION' : [ 0x38, {
+    'SidHash' : [ 0x0, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'RestrictedSidHash' : [ 0x4, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'Privileges' : [ 0x8, ['pointer', ['_TOKEN_PRIVILEGES']]],
+    'AuthenticationId' : [ 0xc, ['_LUID']],
+    'TokenType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {1: u'TokenPrimary', 2: u'TokenImpersonation'})]],
+    'ImpersonationLevel' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'SecurityAnonymous', 1: u'SecurityIdentification', 2: u'SecurityImpersonation', 3: u'SecurityDelegation'})]],
+    'MandatoryPolicy' : [ 0x1c, ['_TOKEN_MANDATORY_POLICY']],
+    'Flags' : [ 0x20, ['unsigned long']],
+    'AppContainerNumber' : [ 0x24, ['unsigned long']],
+    'PackageSid' : [ 0x28, ['pointer', ['void']]],
+    'CapabilitiesHash' : [ 0x2c, ['pointer', ['_SID_AND_ATTRIBUTES_HASH']]],
+    'TrustLevelSid' : [ 0x30, ['pointer', ['void']]],
+    'SecurityAttributes' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_MIPFNBLINK' : [ 0x4, {
+    'Blink' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 24, native_type='unsigned long')]],
+    'TbFlushStamp' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 28, native_type='unsigned long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'PageBlinkDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'PageBlinkLockBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'ShareCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'PageShareCountDeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'PageShareCountLockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'EntireField' : [ 0x0, ['unsigned long']],
+    'Lock' : [ 0x0, ['long']],
+    'LockNotUsed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'DeleteBit' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'LockBit' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_OB_DUPLICATE_OBJECT_STATE' : [ 0x1c, {
+    'SourceProcess' : [ 0x0, ['pointer', ['_EPROCESS']]],
+    'SourceHandle' : [ 0x4, ['pointer', ['void']]],
+    'Object' : [ 0x8, ['pointer', ['void']]],
+    'TargetAccess' : [ 0xc, ['unsigned long']],
+    'ObjectInfo' : [ 0x10, ['_HANDLE_TABLE_ENTRY_INFO']],
+    'HandleAttributes' : [ 0x18, ['unsigned long']],
+} ],
+  '_PPM_COORDINATED_SELECTION' : [ 0x10, {
+    'MaximumStates' : [ 0x0, ['unsigned long']],
+    'SelectedStates' : [ 0x4, ['unsigned long']],
+    'DefaultSelection' : [ 0x8, ['unsigned long']],
+    'Selection' : [ 0xc, ['pointer', ['unsigned long']]],
+} ],
+  '_KRESOURCEMANAGER_COMPLETION_BINDING' : [ 0x14, {
+    'NotificationListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Port' : [ 0x8, ['pointer', ['void']]],
+    'Key' : [ 0xc, ['unsigned long']],
+    'BindingProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+} ],
+  '_ETW_LAST_ENABLE_INFO' : [ 0x10, {
+    'EnableFlags' : [ 0x0, ['_LARGE_INTEGER']],
+    'LoggerId' : [ 0x8, ['unsigned short']],
+    'Level' : [ 0xa, ['unsigned char']],
+    'Enabled' : [ 0xb, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'InternalFlag' : [ 0xb, ['BitField', dict(start_bit = 1, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_DMA_IOMMU_INTERFACE' : [ 0x38, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'CreateDomain' : [ 0x4, ['pointer', ['void']]],
+    'DeleteDomain' : [ 0x8, ['pointer', ['void']]],
+    'AttachDevice' : [ 0xc, ['pointer', ['void']]],
+    'DetachDevice' : [ 0x10, ['pointer', ['void']]],
+    'FlushDomain' : [ 0x14, ['pointer', ['void']]],
+    'FlushDomainByVaList' : [ 0x18, ['pointer', ['void']]],
+    'QueryInputMappings' : [ 0x1c, ['pointer', ['void']]],
+    'MapLogicalRange' : [ 0x20, ['pointer', ['void']]],
+    'UnmapLogicalRange' : [ 0x24, ['pointer', ['void']]],
+    'MapIdentityRange' : [ 0x28, ['pointer', ['void']]],
+    'UnmapIdentityRange' : [ 0x2c, ['pointer', ['void']]],
+    'SetDeviceFaultReporting' : [ 0x30, ['pointer', ['void']]],
+    'ConfigureDomain' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_POOL_TRACKER_BIG_PAGES' : [ 0x10, {
+    'Va' : [ 0x0, ['unsigned long']],
+    'Key' : [ 0x4, ['unsigned long']],
+    'Pattern' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned long')]],
+    'PoolType' : [ 0x8, ['BitField', dict(start_bit = 8, end_bit = 20, native_type='unsigned long')]],
+    'SlushSize' : [ 0x8, ['BitField', dict(start_bit = 20, end_bit = 32, native_type='unsigned long')]],
+    'NumberOfBytes' : [ 0xc, ['unsigned long']],
+} ],
+  '_HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS' : [ 0x8, {
+    'SmallPagesInUseWithinLarge' : [ 0x0, ['unsigned long']],
+    'OpportunisticLargePageCount' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_2ee4' : [ 0x1, {
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+    'NoDomainAccounting' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 3, native_type='unsigned char')]],
+    'DecreasePolicy' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 5, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 8, native_type='unsigned char')]],
+} ],
+  'PROCESSOR_PERFSTATE_POLICY' : [ 0x1c, {
+    'Revision' : [ 0x0, ['unsigned long']],
+    'MaxThrottle' : [ 0x4, ['unsigned char']],
+    'MinThrottle' : [ 0x5, ['unsigned char']],
+    'BusyAdjThreshold' : [ 0x6, ['unsigned char']],
+    'Spare' : [ 0x7, ['unsigned char']],
+    'Flags' : [ 0x7, ['__unnamed_2ee4']],
+    'TimeCheck' : [ 0x8, ['unsigned long']],
+    'IncreaseTime' : [ 0xc, ['unsigned long']],
+    'DecreaseTime' : [ 0x10, ['unsigned long']],
+    'IncreasePercent' : [ 0x14, ['unsigned long']],
+    'DecreasePercent' : [ 0x18, ['unsigned long']],
+} ],
+  '_IMAGE_SWITCHTABLE_BRANCH_DYNAMIC_RELOCATION' : [ 0x2, {
+    'PageRelativeOffset' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'RegisterNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_TXN_PARAMETER_BLOCK' : [ 0x8, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'TxFsContext' : [ 0x2, ['unsigned short']],
+    'TransactionObject' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_HISTORY' : [ 0x2c, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Slot' : [ 0x4, ['unsigned long']],
+    'UtilityTotal' : [ 0x8, ['unsigned long']],
+    'AffinitizedUtilityTotal' : [ 0xc, ['unsigned long']],
+    'FrequencyTotal' : [ 0x10, ['unsigned long']],
+    'TaggedPercentTotal' : [ 0x14, ['array', 3, ['unsigned long']]],
+    'HistoryList' : [ 0x20, ['array', 1, ['_PROC_PERF_HISTORY_ENTRY']]],
+} ],
+  '_DEVICE_RELATIONS' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Objects' : [ 0x4, ['array', 1, ['pointer', ['_DEVICE_OBJECT']]]],
+} ],
+  '_SEP_AUDIT_POLICY' : [ 0x1f, {
+    'AdtTokenPolicy' : [ 0x0, ['_TOKEN_AUDIT_POLICY']],
+    'PolicySetStatus' : [ 0x1e, ['unsigned char']],
+} ],
+  '_CMSI_PROCESS_TUPLE' : [ 0x8, {
+    'ProcessHandle' : [ 0x0, ['pointer', ['void']]],
+    'ProcessReference' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_HEAP_FAILURE_INFORMATION' : [ 0x3d0, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'StructureSize' : [ 0x4, ['unsigned long']],
+    'FailureType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'heap_failure_internal', 1: u'heap_failure_unknown', 2: u'heap_failure_generic', 3: u'heap_failure_entry_corruption', 4: u'heap_failure_multiple_entries_corruption', 5: u'heap_failure_virtual_block_corruption', 6: u'heap_failure_buffer_overrun', 7: u'heap_failure_buffer_underrun', 8: u'heap_failure_block_not_busy', 9: u'heap_failure_invalid_argument', 10: u'heap_failure_invalid_allocation_type', 11: u'heap_failure_usage_after_free', 12: u'heap_failure_cross_heap_operation', 13: u'heap_failure_freelists_corruption', 14: u'heap_failure_listentry_corruption', 15: u'heap_failure_lfh_bitmap_mismatch', 16: u'heap_failure_segment_lfh_bitmap_corruption', 17: u'heap_failure_segment_lfh_double_free', 18: u'heap_failure_vs_subsegment_corruption', 19: u'heap_failure_null_heap', 20: u'heap_failure_allocation_limit', 21: u'heap_failure_commit_limit', 22: u'heap_failure_invalid_va_mgr_query'})]],
+    'HeapAddress' : [ 0xc, ['pointer', ['void']]],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Param1' : [ 0x14, ['pointer', ['void']]],
+    'Param2' : [ 0x18, ['pointer', ['void']]],
+    'Param3' : [ 0x1c, ['pointer', ['void']]],
+    'PreviousBlock' : [ 0x20, ['pointer', ['void']]],
+    'NextBlock' : [ 0x24, ['pointer', ['void']]],
+    'ExpectedDecodedEntry' : [ 0x28, ['_FAKE_HEAP_ENTRY']],
+    'StackTrace' : [ 0x30, ['array', 32, ['pointer', ['void']]]],
+    'HeapMajorVersion' : [ 0xb0, ['unsigned char']],
+    'HeapMinorVersion' : [ 0xb1, ['unsigned char']],
+    'ExceptionRecord' : [ 0xb4, ['_EXCEPTION_RECORD']],
+    'ContextRecord' : [ 0x104, ['_CONTEXT']],
+} ],
+  '_PROC_IDLE_ACCOUNTING' : [ 0x410, {
+    'StateCount' : [ 0x0, ['unsigned long']],
+    'TotalTransitions' : [ 0x4, ['unsigned long']],
+    'ResetCount' : [ 0x8, ['unsigned long']],
+    'AbortCount' : [ 0xc, ['unsigned long']],
+    'StartTime' : [ 0x10, ['unsigned long long']],
+    'PriorIdleTime' : [ 0x18, ['unsigned long long']],
+    'TimeUnit' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'PpmIdleBucketTimeInQpc', 1: u'PpmIdleBucketTimeIn100ns', 2: u'PpmIdleBucketTimeMaximum'})]],
+    'State' : [ 0x28, ['array', 1, ['_PROC_IDLE_STATE_ACCOUNTING']]],
+} ],
+  '_KTM' : [ 0x238, {
+    'cookie' : [ 0x0, ['unsigned long']],
+    'Mutex' : [ 0x4, ['_KMUTANT']],
+    'State' : [ 0x24, ['Enumeration', dict(target = 'long', choices = {0: u'KKtmUninitialized', 1: u'KKtmInitialized', 2: u'KKtmRecovering', 3: u'KKtmOnline', 4: u'KKtmRecoveryFailed', 5: u'KKtmOffline'})]],
+    'NamespaceLink' : [ 0x28, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmIdentity' : [ 0x3c, ['_GUID']],
+    'Flags' : [ 0x4c, ['unsigned long']],
+    'VolatileFlags' : [ 0x50, ['unsigned long']],
+    'LogFileName' : [ 0x54, ['_UNICODE_STRING']],
+    'LogFileObject' : [ 0x5c, ['pointer', ['_FILE_OBJECT']]],
+    'MarshallingContext' : [ 0x60, ['pointer', ['void']]],
+    'LogManagementContext' : [ 0x64, ['pointer', ['void']]],
+    'Transactions' : [ 0x68, ['_KTMOBJECT_NAMESPACE']],
+    'ResourceManagers' : [ 0xc8, ['_KTMOBJECT_NAMESPACE']],
+    'LsnOrderedMutex' : [ 0x128, ['_KMUTANT']],
+    'LsnOrderedList' : [ 0x148, ['_LIST_ENTRY']],
+    'CommitVirtualClock' : [ 0x150, ['_LARGE_INTEGER']],
+    'CommitVirtualClockMutex' : [ 0x158, ['_FAST_MUTEX']],
+    'BaseLsn' : [ 0x178, ['_CLS_LSN']],
+    'CurrentReadLsn' : [ 0x180, ['_CLS_LSN']],
+    'LastRecoveredLsn' : [ 0x188, ['_CLS_LSN']],
+    'TmRmHandle' : [ 0x190, ['pointer', ['void']]],
+    'TmRm' : [ 0x194, ['pointer', ['_KRESOURCEMANAGER']]],
+    'LogFullNotifyEvent' : [ 0x198, ['_KEVENT']],
+    'CheckpointWorkItem' : [ 0x1a8, ['_WORK_QUEUE_ITEM']],
+    'CheckpointTargetLsn' : [ 0x1b8, ['_CLS_LSN']],
+    'LogFullCompletedWorkItem' : [ 0x1c0, ['_WORK_QUEUE_ITEM']],
+    'LogWriteResource' : [ 0x1d0, ['_ERESOURCE']],
+    'LogFlags' : [ 0x208, ['unsigned long']],
+    'LogFullStatus' : [ 0x20c, ['long']],
+    'RecoveryStatus' : [ 0x210, ['long']],
+    'LastCheckBaseLsn' : [ 0x218, ['_CLS_LSN']],
+    'RestartOrderedList' : [ 0x220, ['_LIST_ENTRY']],
+    'OfflineWorkItem' : [ 0x228, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_PO_IRP_QUEUE' : [ 0x8, {
+    'CurrentIrp' : [ 0x0, ['pointer', ['_IRP']]],
+    'PendingIrpList' : [ 0x4, ['pointer', ['_IRP']]],
+} ],
+  '_KALPC_WORK_ON_BEHALF_DATA' : [ 0x8, {
+    'Ticket' : [ 0x0, ['_ALPC_WORK_ON_BEHALF_TICKET']],
+} ],
+  '_CM_NOTIFY_BLOCK' : [ 0x2c, {
+    'HiveList' : [ 0x0, ['_LIST_ENTRY']],
+    'PostList' : [ 0x8, ['_LIST_ENTRY']],
+    'KeyControlBlock' : [ 0x10, ['pointer', ['_CM_KEY_CONTROL_BLOCK']]],
+    'KeyBody' : [ 0x14, ['pointer', ['_CM_KEY_BODY']]],
+    'Filter' : [ 0x18, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'WatchTree' : [ 0x18, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'NotifyPending' : [ 0x18, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'SubjectContext' : [ 0x1c, ['_SECURITY_SUBJECT_CONTEXT']],
+} ],
+  '_TOKEN_CONTROL' : [ 0x28, {
+    'TokenId' : [ 0x0, ['_LUID']],
+    'AuthenticationId' : [ 0x8, ['_LUID']],
+    'ModifiedId' : [ 0x10, ['_LUID']],
+    'TokenSource' : [ 0x18, ['_TOKEN_SOURCE']],
+} ],
+  '_LDR_DATA_TABLE_ENTRY' : [ 0xa8, {
+    'InLoadOrderLinks' : [ 0x0, ['_LIST_ENTRY']],
+    'InMemoryOrderLinks' : [ 0x8, ['_LIST_ENTRY']],
+    'InInitializationOrderLinks' : [ 0x10, ['_LIST_ENTRY']],
+    'DllBase' : [ 0x18, ['pointer', ['void']]],
+    'EntryPoint' : [ 0x1c, ['pointer', ['void']]],
+    'SizeOfImage' : [ 0x20, ['unsigned long']],
+    'FullDllName' : [ 0x24, ['_UNICODE_STRING']],
+    'BaseDllName' : [ 0x2c, ['_UNICODE_STRING']],
+    'FlagGroup' : [ 0x34, ['array', 4, ['unsigned char']]],
+    'Flags' : [ 0x34, ['unsigned long']],
+    'PackagedBinary' : [ 0x34, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'MarkedForRemoval' : [ 0x34, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'ImageDll' : [ 0x34, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'LoadNotificationsSent' : [ 0x34, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'TelemetryEntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'ProcessStaticImport' : [ 0x34, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'InLegacyLists' : [ 0x34, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'InIndexes' : [ 0x34, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ShimDll' : [ 0x34, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'InExceptionTable' : [ 0x34, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'ReservedFlags1' : [ 0x34, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'LoadInProgress' : [ 0x34, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'LoadConfigProcessed' : [ 0x34, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'EntryProcessed' : [ 0x34, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'ProtectDelayLoad' : [ 0x34, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'ReservedFlags3' : [ 0x34, ['BitField', dict(start_bit = 16, end_bit = 18, native_type='unsigned long')]],
+    'DontCallForThreads' : [ 0x34, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'ProcessAttachCalled' : [ 0x34, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'ProcessAttachFailed' : [ 0x34, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'CorDeferredValidate' : [ 0x34, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'CorImage' : [ 0x34, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'DontRelocate' : [ 0x34, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'CorILOnly' : [ 0x34, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'ChpeImage' : [ 0x34, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'ReservedFlags5' : [ 0x34, ['BitField', dict(start_bit = 26, end_bit = 28, native_type='unsigned long')]],
+    'Redirected' : [ 0x34, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'ReservedFlags6' : [ 0x34, ['BitField', dict(start_bit = 29, end_bit = 31, native_type='unsigned long')]],
+    'CompatDatabaseProcessed' : [ 0x34, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'ObsoleteLoadCount' : [ 0x38, ['unsigned short']],
+    'TlsIndex' : [ 0x3a, ['unsigned short']],
+    'HashLinks' : [ 0x3c, ['_LIST_ENTRY']],
+    'TimeDateStamp' : [ 0x44, ['unsigned long']],
+    'EntryPointActivationContext' : [ 0x48, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Lock' : [ 0x4c, ['pointer', ['void']]],
+    'DdagNode' : [ 0x50, ['pointer', ['_LDR_DDAG_NODE']]],
+    'NodeModuleLink' : [ 0x54, ['_LIST_ENTRY']],
+    'LoadContext' : [ 0x5c, ['pointer', ['_LDRP_LOAD_CONTEXT']]],
+    'ParentDllBase' : [ 0x60, ['pointer', ['void']]],
+    'SwitchBackContext' : [ 0x64, ['pointer', ['void']]],
+    'BaseAddressIndexNode' : [ 0x68, ['_RTL_BALANCED_NODE']],
+    'MappingInfoIndexNode' : [ 0x74, ['_RTL_BALANCED_NODE']],
+    'OriginalBase' : [ 0x80, ['unsigned long']],
+    'LoadTime' : [ 0x88, ['_LARGE_INTEGER']],
+    'BaseNameHashValue' : [ 0x90, ['unsigned long']],
+    'LoadReason' : [ 0x94, ['Enumeration', dict(target = 'long', choices = {0: u'LoadReasonStaticDependency', 1: u'LoadReasonStaticForwarderDependency', 2: u'LoadReasonDynamicForwarderDependency', 3: u'LoadReasonDelayloadDependency', 4: u'LoadReasonDynamicLoad', 5: u'LoadReasonAsImageLoad', 6: u'LoadReasonAsDataLoad', 7: u'LoadReasonEnclavePrimary', 8: u'LoadReasonEnclaveDependency', -1: u'LoadReasonUnknown'})]],
+    'ImplicitPathOptions' : [ 0x98, ['unsigned long']],
+    'ReferenceCount' : [ 0x9c, ['unsigned long']],
+    'DependentLoadFlags' : [ 0xa0, ['unsigned long']],
+    'SigningLevel' : [ 0xa4, ['unsigned char']],
+} ],
+  '_KTIMER2_COLLECTION' : [ 0x10, {
+    'Tree' : [ 0x0, ['_RTL_RB_TREE']],
+    'NextDueTime' : [ 0x8, ['unsigned long long']],
+} ],
+  '__unnamed_2f1e' : [ 0x1, {
+    'Age' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 4, native_type='unsigned char')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 7, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '__unnamed_2f20' : [ 0x1, {
+    'EntireWsle' : [ 0x0, ['unsigned char']],
+} ],
+  '__unnamed_2f22' : [ 0x1, {
+    'e1' : [ 0x0, ['__unnamed_2f1e']],
+    'e2' : [ 0x0, ['__unnamed_2f20']],
+} ],
+  '_MI_WSLE' : [ 0x1, {
+    'u1' : [ 0x0, ['__unnamed_2f22']],
+} ],
+  '_VF_WATCHDOG_IRP' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'DueTickCount' : [ 0xc, ['unsigned long']],
+    'Inserted' : [ 0x10, ['unsigned char']],
+    'TrackedStackLocation' : [ 0x11, ['unsigned char']],
+    'CancelTimeoutTicks' : [ 0x12, ['unsigned short']],
+} ],
+  '_u' : [ 0x50, {
+    'KeyNode' : [ 0x0, ['_CM_KEY_NODE']],
+    'KeyValue' : [ 0x0, ['_CM_KEY_VALUE']],
+    'KeySecurity' : [ 0x0, ['_CM_KEY_SECURITY']],
+    'KeyIndex' : [ 0x0, ['_CM_KEY_INDEX']],
+    'ValueData' : [ 0x0, ['_CM_BIG_DATA']],
+    'KeyList' : [ 0x0, ['array', 1, ['unsigned long']]],
+    'KeyString' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '_MI_PARTITION_MODWRITES' : [ 0x1d0, {
+    'AttemptForCantExtend' : [ 0x0, ['_MMPAGE_FILE_EXPANSION']],
+    'PageFileContract' : [ 0x34, ['_MMPAGE_FILE_EXPANSION']],
+    'NumberOfMappedMdls' : [ 0x68, ['unsigned long']],
+    'NumberOfMappedMdlsInUse' : [ 0x6c, ['long']],
+    'NumberOfMappedMdlsInUsePeak' : [ 0x70, ['unsigned long']],
+    'MappedFileHeader' : [ 0x74, ['_MMMOD_WRITER_LISTHEAD']],
+    'NeedMappedMdl' : [ 0x8c, ['unsigned char']],
+    'NeedPageFileMdl' : [ 0x8d, ['unsigned char']],
+    'ModwriterActive' : [ 0x8e, ['unsigned char']],
+    'TransitionInserted' : [ 0x8f, ['unsigned char']],
+    'LastModifiedWriteError' : [ 0x90, ['long']],
+    'LastMappedWriteError' : [ 0x94, ['long']],
+    'MappedFileWriteSucceeded' : [ 0x98, ['unsigned long']],
+    'MappedWriteBurstCount' : [ 0x9c, ['unsigned long']],
+    'LowPriorityModWritesOutstanding' : [ 0xa0, ['unsigned long']],
+    'BoostModWriteIoPriorityEvent' : [ 0xa4, ['_KEVENT']],
+    'ModifiedWriterThreadPriority' : [ 0xb4, ['long']],
+    'ModifiedPagesLowPriorityGoal' : [ 0xb8, ['unsigned long']],
+    'ModifiedPageWriterEvent' : [ 0xbc, ['_KEVENT']],
+    'ModifiedWriterExitedEvent' : [ 0xcc, ['_KEVENT']],
+    'WriteAllPagefilePages' : [ 0xdc, ['long']],
+    'WriteAllMappedPages' : [ 0xe0, ['long']],
+    'MappedPageWriterEvent' : [ 0xe4, ['_KEVENT']],
+    'ModWriteData' : [ 0xf8, ['_MI_MODWRITE_DATA']],
+    'RescanPageFilesEvent' : [ 0x128, ['_KEVENT']],
+    'PagingFileHeader' : [ 0x138, ['_MMMOD_WRITER_LISTHEAD']],
+    'ModifiedPageWriterThread' : [ 0x150, ['pointer', ['_ETHREAD']]],
+    'ModifiedPageWriterRundown' : [ 0x154, ['_EX_RUNDOWN_REF']],
+    'PagefileScanWorkItem' : [ 0x158, ['_WORK_QUEUE_ITEM']],
+    'PagefileScanCount' : [ 0x168, ['unsigned long']],
+    'ClusterRestrictionLock' : [ 0x16c, ['long']],
+    'ClusterRestrictions' : [ 0x170, ['array', 2, ['_MI_RESTRICTED_MODWRITES']]],
+    'NotifyStoreMemoryConditions' : [ 0x178, ['_KEVENT']],
+    'DelayMappedWrite' : [ 0x188, ['unsigned char']],
+    'PagefileReservationsEnabled' : [ 0x18c, ['unsigned long']],
+    'PageFileCreationLock' : [ 0x190, ['_EX_PUSH_LOCK']],
+    'TrimPagefileWorkItem' : [ 0x194, ['_WORK_QUEUE_ITEM']],
+    'LastTrimPagefileTime' : [ 0x1a8, ['unsigned long long']],
+    'WsSwapPagefileContractWorkItem' : [ 0x1b0, ['_WORK_QUEUE_ITEM']],
+    'WsSwapPageFileContractionInProgress' : [ 0x1c0, ['long']],
+    'WorkingSetSwapLock' : [ 0x1c4, ['_EX_PUSH_LOCK']],
+    'WorkingSetInswapLock' : [ 0x1c8, ['long']],
+} ],
+  '_PPC_DBGKD_CONTROL_SET' : [ 0xc, {
+    'Continue' : [ 0x0, ['unsigned long']],
+    'CurrentSymbolStart' : [ 0x4, ['unsigned long']],
+    'CurrentSymbolEnd' : [ 0x8, ['unsigned long']],
+} ],
+  '_OB_EXTENDED_PARSE_PARAMETERS' : [ 0xc, {
+    'Length' : [ 0x0, ['unsigned short']],
+    'RestrictedAccessMask' : [ 0x4, ['unsigned long']],
+    'Silo' : [ 0x8, ['pointer', ['_EJOB']]],
+} ],
+  '_MMSUBSECTION_FLAGS' : [ 0x4, {
+    'SubsectionAccessed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned short')]],
+    'StartingSector4132' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 16, native_type='unsigned short')]],
+    'SubsectionStatic' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'GlobalMemory' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'Spare' : [ 0x2, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'OnDereferenceList' : [ 0x2, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'SectorEndOffset' : [ 0x2, ['BitField', dict(start_bit = 4, end_bit = 16, native_type='unsigned short')]],
+} ],
+  '_MI_COMBINE_PAGE_LISTHEAD' : [ 0x8, {
+    'Table' : [ 0x0, ['_RTL_AVL_TREE']],
+    'Lock' : [ 0x4, ['long']],
+} ],
+  '_RTL_AVL_TABLE' : [ 0x38, {
+    'BalancedRoot' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'OrderedPointer' : [ 0x10, ['pointer', ['void']]],
+    'WhichOrderedElement' : [ 0x14, ['unsigned long']],
+    'NumberGenericTableElements' : [ 0x18, ['unsigned long']],
+    'DepthOfTree' : [ 0x1c, ['unsigned long']],
+    'RestartKey' : [ 0x20, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'DeleteCount' : [ 0x24, ['unsigned long']],
+    'CompareRoutine' : [ 0x28, ['pointer', ['void']]],
+    'AllocateRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'FreeRoutine' : [ 0x30, ['pointer', ['void']]],
+    'TableContext' : [ 0x34, ['pointer', ['void']]],
+} ],
+  '_WHEA_PERSISTENCE_INFO' : [ 0x8, {
+    'Signature' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 16, native_type='unsigned long long')]],
+    'Length' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 40, native_type='unsigned long long')]],
+    'Identifier' : [ 0x0, ['BitField', dict(start_bit = 40, end_bit = 56, native_type='unsigned long long')]],
+    'Attributes' : [ 0x0, ['BitField', dict(start_bit = 56, end_bit = 58, native_type='unsigned long long')]],
+    'DoNotLog' : [ 0x0, ['BitField', dict(start_bit = 58, end_bit = 59, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 59, end_bit = 64, native_type='unsigned long long')]],
+    'AsULONGLONG' : [ 0x0, ['unsigned long long']],
+} ],
+  '_DBGKD_FILL_MEMORY' : [ 0x10, {
+    'Address' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Flags' : [ 0xc, ['unsigned short']],
+    'PatternLength' : [ 0xe, ['unsigned short']],
+} ],
+  '_GENERIC_MAPPING' : [ 0x10, {
+    'GenericRead' : [ 0x0, ['unsigned long']],
+    'GenericWrite' : [ 0x4, ['unsigned long']],
+    'GenericExecute' : [ 0x8, ['unsigned long']],
+    'GenericAll' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_EXTENT_DELETION_WAIT_BLOCK' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_MI_EXTENT_DELETION_WAIT_BLOCK']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+} ],
+  '_FAULT_INFORMATION' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'FaultInformationInvalid', 1: u'FaultInformationArm64', 2: u'FaultInformationX64'})]],
+    'IsStage1' : [ 0x4, ['unsigned char']],
+    'Arm64' : [ 0x8, ['_FAULT_INFORMATION_ARM64']],
+    'X64' : [ 0x8, ['_FAULT_INFORMATION_X64']],
+} ],
+  '_HAL_INTEL_ENLIGHTENMENT_INFORMATION' : [ 0xfc, {
+    'Enlightenments' : [ 0x0, ['unsigned long']],
+    'HypervisorConnected' : [ 0x4, ['unsigned long']],
+    'EndOfInterrupt' : [ 0x8, ['pointer', ['void']]],
+    'ApicWriteIcr' : [ 0xc, ['pointer', ['void']]],
+    'Reserved0' : [ 0x10, ['unsigned long']],
+    'SpinCountMask' : [ 0x14, ['unsigned long']],
+    'LongSpinWait' : [ 0x18, ['pointer', ['void']]],
+    'GetReferenceTime' : [ 0x1c, ['pointer', ['void']]],
+    'SetSystemSleepProperty' : [ 0x20, ['pointer', ['void']]],
+    'EnterSleepState' : [ 0x24, ['pointer', ['void']]],
+    'NotifyDebugDeviceAvailable' : [ 0x28, ['pointer', ['void']]],
+    'MapDeviceInterrupt' : [ 0x2c, ['pointer', ['void']]],
+    'UnmapDeviceInterrupt' : [ 0x30, ['pointer', ['void']]],
+    'RetargetDeviceInterrupt' : [ 0x34, ['pointer', ['void']]],
+    'SetHpetConfig' : [ 0x38, ['pointer', ['void']]],
+    'NotifyHpetEnabled' : [ 0x3c, ['pointer', ['void']]],
+    'QueryAssociatedProcessors' : [ 0x40, ['pointer', ['void']]],
+    'ReadMultipleMsr' : [ 0x44, ['pointer', ['void']]],
+    'WriteMultipleMsr' : [ 0x48, ['pointer', ['void']]],
+    'ReadCpuid' : [ 0x4c, ['pointer', ['void']]],
+    'LpWritebackInvalidate' : [ 0x50, ['pointer', ['void']]],
+    'GetMachineCheckContext' : [ 0x54, ['pointer', ['void']]],
+    'SuspendPartition' : [ 0x58, ['pointer', ['void']]],
+    'ResumePartition' : [ 0x5c, ['pointer', ['void']]],
+    'SetSystemMachineCheckProperty' : [ 0x60, ['pointer', ['void']]],
+    'WheaErrorNotification' : [ 0x64, ['pointer', ['void']]],
+    'GetProcessorIndexFromVpIndex' : [ 0x68, ['pointer', ['void']]],
+    'SyntheticClusterIpi' : [ 0x6c, ['pointer', ['void']]],
+    'VpStartEnabled' : [ 0x70, ['pointer', ['void']]],
+    'StartVirtualProcessor' : [ 0x74, ['pointer', ['void']]],
+    'GetVpIndexFromApicId' : [ 0x78, ['pointer', ['void']]],
+    'IumAccessPciDevice' : [ 0x7c, ['pointer', ['void']]],
+    'IumEfiRuntimeService' : [ 0x80, ['pointer', ['void']]],
+    'SvmGetSystemCapabilities' : [ 0x84, ['pointer', ['void']]],
+    'SvmGetDeviceCapabilities' : [ 0x88, ['pointer', ['void']]],
+    'SvmCreatePasidSpace' : [ 0x8c, ['pointer', ['void']]],
+    'SvmSetPasidAddressSpace' : [ 0x90, ['pointer', ['void']]],
+    'SvmFlushPasid' : [ 0x94, ['pointer', ['void']]],
+    'SvmAttachPasidSpace' : [ 0x98, ['pointer', ['void']]],
+    'SvmDetachPasidSpace' : [ 0x9c, ['pointer', ['void']]],
+    'SvmEnablePasid' : [ 0xa0, ['pointer', ['void']]],
+    'SvmDisablePasid' : [ 0xa4, ['pointer', ['void']]],
+    'SvmAcknowledgePageRequest' : [ 0xa8, ['pointer', ['void']]],
+    'SvmCreatePrQueue' : [ 0xac, ['pointer', ['void']]],
+    'SvmDeletePrQueue' : [ 0xb0, ['pointer', ['void']]],
+    'SvmClearPrqStalled' : [ 0xb4, ['pointer', ['void']]],
+    'SvmSetDeviceEnabled' : [ 0xb8, ['pointer', ['void']]],
+    'HvDebuggerPowerHandler' : [ 0xbc, ['pointer', ['void']]],
+    'SetQpcBias' : [ 0xc0, ['pointer', ['void']]],
+    'GetQpcBias' : [ 0xc4, ['pointer', ['void']]],
+    'RegisterDeviceId' : [ 0xc8, ['pointer', ['void']]],
+    'UnregisterDeviceId' : [ 0xcc, ['pointer', ['void']]],
+    'AllocateDeviceDomain' : [ 0xd0, ['pointer', ['void']]],
+    'AttachDeviceDomain' : [ 0xd4, ['pointer', ['void']]],
+    'DetachDeviceDomain' : [ 0xd8, ['pointer', ['void']]],
+    'DeleteDeviceDomain' : [ 0xdc, ['pointer', ['void']]],
+    'MapDeviceLogicalRange' : [ 0xe0, ['pointer', ['void']]],
+    'UnmapDeviceLogicalRange' : [ 0xe4, ['pointer', ['void']]],
+    'MapDeviceSparsePages' : [ 0xe8, ['pointer', ['void']]],
+    'UnmapDeviceSparsePages' : [ 0xec, ['pointer', ['void']]],
+    'GetDmaGuardEnabled' : [ 0xf0, ['pointer', ['void']]],
+    'UpdateMicrocode' : [ 0xf4, ['pointer', ['void']]],
+    'GetSintMessage' : [ 0xf8, ['pointer', ['void']]],
+} ],
+  '_RTL_CRITICAL_SECTION_DEBUG' : [ 0x20, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'CreatorBackTraceIndex' : [ 0x2, ['unsigned short']],
+    'CriticalSection' : [ 0x4, ['pointer', ['_RTL_CRITICAL_SECTION']]],
+    'ProcessLocksList' : [ 0x8, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x10, ['unsigned long']],
+    'ContentionCount' : [ 0x14, ['unsigned long']],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'CreatorBackTraceIndexHigh' : [ 0x1c, ['unsigned short']],
+    'SpareUSHORT' : [ 0x1e, ['unsigned short']],
+} ],
+  '_DEVICE_DESCRIPTION' : [ 0x40, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'Master' : [ 0x4, ['unsigned char']],
+    'ScatterGather' : [ 0x5, ['unsigned char']],
+    'DemandMode' : [ 0x6, ['unsigned char']],
+    'AutoInitialize' : [ 0x7, ['unsigned char']],
+    'Dma32BitAddresses' : [ 0x8, ['unsigned char']],
+    'IgnoreCount' : [ 0x9, ['unsigned char']],
+    'Reserved1' : [ 0xa, ['unsigned char']],
+    'Dma64BitAddresses' : [ 0xb, ['unsigned char']],
+    'BusNumber' : [ 0xc, ['unsigned long']],
+    'DmaChannel' : [ 0x10, ['unsigned long']],
+    'InterfaceType' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'DmaWidth' : [ 0x18, ['Enumeration', dict(target = 'long', choices = {0: u'Width8Bits', 1: u'Width16Bits', 2: u'Width32Bits', 3: u'Width64Bits', 4: u'WidthNoWrap', 5: u'MaximumDmaWidth'})]],
+    'DmaSpeed' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {0: u'Compatible', 1: u'TypeA', 2: u'TypeB', 3: u'TypeC', 4: u'TypeF', 5: u'MaximumDmaSpeed'})]],
+    'MaximumLength' : [ 0x20, ['unsigned long']],
+    'DmaPort' : [ 0x24, ['unsigned long']],
+    'DmaAddressWidth' : [ 0x28, ['unsigned long']],
+    'DmaControllerInstance' : [ 0x2c, ['unsigned long']],
+    'DmaRequestLine' : [ 0x30, ['unsigned long']],
+    'DeviceAddress' : [ 0x38, ['_LARGE_INTEGER']],
+} ],
+  '_POP_FX_ACCOUNTING' : [ 0xd8, {
+    'Lock' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['unsigned char']],
+    'DripsRequiredState' : [ 0x8, ['unsigned long']],
+    'Level' : [ 0xc, ['long']],
+    'ActiveStamp' : [ 0x10, ['long long']],
+    'CsActiveTimeAccounting' : [ 0x18, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+    'CsCriticalActiveTimeAccounting' : [ 0x78, ['_POP_FX_ACTIVE_TIME_ACCOUNTING']],
+} ],
+  '_KSCHEDULING_GROUP_POLICY' : [ 0x8, {
+    'Value' : [ 0x0, ['unsigned long']],
+    'Weight' : [ 0x0, ['unsigned short']],
+    'MinRate' : [ 0x0, ['unsigned short']],
+    'MaxRate' : [ 0x2, ['unsigned short']],
+    'AllFlags' : [ 0x4, ['unsigned long']],
+    'Type' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Disabled' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'RankBias' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Spare1' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_RTL_RETPOLINE_BINARY_INFO' : [ 0x1c, {
+    'RetpolineStubsStartRva' : [ 0x0, ['long']],
+    'CfgDispatchFunctionPtrRva' : [ 0x4, ['unsigned long']],
+    'IATRva' : [ 0x8, ['unsigned long']],
+    'ImportRvas' : [ 0xc, ['pointer', ['long']]],
+    'IAT' : [ 0x10, ['pointer', ['unsigned long']]],
+    'ImageBase' : [ 0x14, ['pointer', ['void']]],
+    'CheckFunction' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '__unnamed_2fe2' : [ 0x4, {
+    'ViewPageSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 2, native_type='unsigned long')]],
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+} ],
+  '_MI_PHYSICAL_VIEW' : [ 0x18, {
+    'PhysicalNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Vad' : [ 0xc, ['pointer', ['_MMVAD_SHORT']]],
+    'AweInfo' : [ 0x10, ['pointer', ['_AWEINFO']]],
+    'u1' : [ 0x14, ['__unnamed_2fe2']],
+} ],
+  '_DOMAIN_CONFIGURATION' : [ 0x28, {
+    'Type' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'DomainConfigurationArm64', 1: u'DomainConfigurationInvalid'})]],
+    'Arm64' : [ 0x8, ['_DOMAIN_CONFIGURATION_ARM64']],
+} ],
+  '_POP_POLICY_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'DeviceType' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'PolicyDeviceSystemButton', 1: u'PolicyDeviceThermalZone', 2: u'PolicyDeviceBattery', 3: u'PolicyDeviceMemory', 4: u'PolicyInitiatePowerActionAPI', 5: u'PolicySetPowerStateAPI', 6: u'PolicyImmediateDozeS4', 7: u'PolicySystemIdle', 8: u'PolicyDeviceWakeAlarm', 9: u'PolicyDeviceFan', 10: u'PolicyCsBatterySaver', 11: u'PolicyImmediateDozeS4Predicted', 12: u'PolicyImmediateDozeS4PredictedNoWake', 13: u'PolicyImmediateDozeS4AdaptiveBudget', 14: u'PolicyImmediateDozeS4AdaptiveReserveNoWake', 15: u'PolicySystemInitiatedShutdown', 16: u'PolicyDeviceMax'})]],
+    'Notification' : [ 0xc, ['pointer', ['void']]],
+    'Name' : [ 0x10, ['_UNICODE_STRING']],
+    'Device' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'Irp' : [ 0x1c, ['pointer', ['_IRP']]],
+} ],
+  '_MI_SECTION_IMAGE_INFORMATION' : [ 0x3c, {
+    'ExportedImageInformation' : [ 0x0, ['_SECTION_IMAGE_INFORMATION']],
+    'InternalImageInformation' : [ 0x30, ['_MI_EXTRA_IMAGE_INFORMATION']],
+} ],
+  '_PPM_SELECTION_STATISTICS' : [ 0x80, {
+    'SelectedCount' : [ 0x0, ['unsigned long long']],
+    'VetoCount' : [ 0x8, ['unsigned long long']],
+    'PreVetoCount' : [ 0x10, ['unsigned long long']],
+    'WrongProcessorCount' : [ 0x18, ['unsigned long long']],
+    'LatencyCount' : [ 0x20, ['unsigned long long']],
+    'IdleDurationCount' : [ 0x28, ['unsigned long long']],
+    'DeviceDependencyCount' : [ 0x30, ['unsigned long long']],
+    'ProcessorDependencyCount' : [ 0x38, ['unsigned long long']],
+    'PlatformOnlyCount' : [ 0x40, ['unsigned long long']],
+    'InterruptibleCount' : [ 0x48, ['unsigned long long']],
+    'LegacyOverrideCount' : [ 0x50, ['unsigned long long']],
+    'CstateCheckCount' : [ 0x58, ['unsigned long long']],
+    'NoCStateCount' : [ 0x60, ['unsigned long long']],
+    'CoordinatedDependencyCount' : [ 0x68, ['unsigned long long']],
+    'NotClockOwnerCount' : [ 0x70, ['unsigned long long']],
+    'PreVetoAccounting' : [ 0x78, ['pointer', ['_PPM_VETO_ACCOUNTING']]],
+} ],
+  '_POP_FX_DEVICE_DIRECTED_TRANSITION_STATE' : [ 0xc, {
+    'CompletionContext' : [ 0x0, ['pointer', ['void']]],
+    'CompletionStatus' : [ 0x4, ['long']],
+    'DIrpPending' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'DIrpCompleted' : [ 0x8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+} ],
+  '_CM_KEY_SECURITY' : [ 0x28, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'Flink' : [ 0x4, ['unsigned long']],
+    'Blink' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'DescriptorLength' : [ 0x10, ['unsigned long']],
+    'Descriptor' : [ 0x14, ['_SECURITY_DESCRIPTOR_RELATIVE']],
+} ],
+  '_MI_FREE_LARGE_PAGE_LIST' : [ 0xc, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'EntryCount' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_FX_COMPONENT' : [ 0x170, {
+    'Id' : [ 0x0, ['_GUID']],
+    'Index' : [ 0x10, ['unsigned long']],
+    'WorkOrder' : [ 0x14, ['_POP_FX_WORK_ORDER']],
+    'Device' : [ 0x30, ['pointer', ['_POP_FX_DEVICE']]],
+    'Flags' : [ 0x34, ['_POP_FX_COMPONENT_FLAGS']],
+    'Resident' : [ 0x3c, ['long']],
+    'ActiveEvent' : [ 0x40, ['_KEVENT']],
+    'IdleLock' : [ 0x50, ['unsigned long']],
+    'IdleConditionComplete' : [ 0x54, ['long']],
+    'IdleStateComplete' : [ 0x58, ['long']],
+    'IdleStamp' : [ 0x60, ['unsigned long long']],
+    'CurrentIdleState' : [ 0x68, ['unsigned long']],
+    'IdleStateCount' : [ 0x6c, ['unsigned long']],
+    'IdleStates' : [ 0x70, ['pointer', ['_POP_FX_IDLE_STATE']]],
+    'DeepestWakeableIdleState' : [ 0x74, ['unsigned long']],
+    'ProviderCount' : [ 0x78, ['unsigned long']],
+    'Providers' : [ 0x7c, ['pointer', ['_POP_FX_PROVIDER']]],
+    'IdleProviderCount' : [ 0x80, ['unsigned long']],
+    'DependentCount' : [ 0x84, ['unsigned long']],
+    'Dependents' : [ 0x88, ['pointer', ['_POP_FX_DEPENDENT']]],
+    'Accounting' : [ 0x90, ['_POP_FX_ACCOUNTING']],
+    'Performance' : [ 0x168, ['pointer', ['_POP_FX_PERF_INFO']]],
+    'PowerProfile' : [ 0x16c, ['pointer', ['_POP_COMPONENT_POWER_PROFILE']]],
+} ],
+  '_ISRDPCSTATS' : [ 0x60, {
+    'IsrTime' : [ 0x0, ['unsigned long long']],
+    'IsrTimeStart' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcTimeStart' : [ 0x20, ['unsigned long long']],
+    'DpcCount' : [ 0x28, ['unsigned long long']],
+    'IsrActive' : [ 0x30, ['unsigned char']],
+    'Reserved' : [ 0x31, ['array', 7, ['unsigned char']]],
+    'DpcWatchdog' : [ 0x38, ['_ISRDPCSTATS_SEQUENCE']],
+} ],
+  '_XSAVE_FORMAT' : [ 0x200, {
+    'ControlWord' : [ 0x0, ['unsigned short']],
+    'StatusWord' : [ 0x2, ['unsigned short']],
+    'TagWord' : [ 0x4, ['unsigned char']],
+    'Reserved1' : [ 0x5, ['unsigned char']],
+    'ErrorOpcode' : [ 0x6, ['unsigned short']],
+    'ErrorOffset' : [ 0x8, ['unsigned long']],
+    'ErrorSelector' : [ 0xc, ['unsigned short']],
+    'Reserved2' : [ 0xe, ['unsigned short']],
+    'DataOffset' : [ 0x10, ['unsigned long']],
+    'DataSelector' : [ 0x14, ['unsigned short']],
+    'Reserved3' : [ 0x16, ['unsigned short']],
+    'MxCsr' : [ 0x18, ['unsigned long']],
+    'MxCsr_Mask' : [ 0x1c, ['unsigned long']],
+    'FloatRegisters' : [ 0x20, ['array', 8, ['_M128A']]],
+    'XmmRegisters' : [ 0xa0, ['array', 8, ['_M128A']]],
+    'Reserved4' : [ 0x120, ['array', 224, ['unsigned char']]],
+} ],
+  '_SEGMENT_FLAGS' : [ 0x4, {
+    'TotalNumberOfPtes4132' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned short')]],
+    'Spare0' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned short')]],
+    'SessionDriverProtos' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned short')]],
+    'LargePages' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned short')]],
+    'DebugSymbolsLoaded' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned short')]],
+    'WriteCombined' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned short')]],
+    'NoCache' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned short')]],
+    'Short0' : [ 0x0, ['unsigned short']],
+    'ImageCetShadowStacksReady' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DefaultProtectionMask' : [ 0x2, ['BitField', dict(start_bit = 1, end_bit = 6, native_type='unsigned char')]],
+    'Binary32' : [ 0x2, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned char')]],
+    'ContainsDebug' : [ 0x2, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned char')]],
+    'UChar1' : [ 0x2, ['unsigned char']],
+    'ForceCollision' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ImageSigningType' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 4, native_type='unsigned char')]],
+    'ImageSigningLevel' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 8, native_type='unsigned char')]],
+    'UChar2' : [ 0x3, ['unsigned char']],
+} ],
+  '_XSTATE_CONTEXT' : [ 0x20, {
+    'Mask' : [ 0x0, ['unsigned long long']],
+    'Length' : [ 0x8, ['unsigned long']],
+    'Reserved1' : [ 0xc, ['unsigned long']],
+    'Area' : [ 0x10, ['pointer', ['_XSAVE_AREA']]],
+    'Reserved2' : [ 0x14, ['unsigned long']],
+    'Buffer' : [ 0x18, ['pointer', ['void']]],
+    'Reserved3' : [ 0x1c, ['unsigned long']],
+} ],
+  '_IO_REMOVE_LOCK' : [ 0x18, {
+    'Common' : [ 0x0, ['_IO_REMOVE_LOCK_COMMON_BLOCK']],
+} ],
+  '__unnamed_3027' : [ 0xc, {
+    'I386' : [ 0x0, ['_I386_LOADER_BLOCK']],
+    'Arm' : [ 0x0, ['_ARM_LOADER_BLOCK']],
+} ],
+  '_LOADER_PARAMETER_BLOCK' : [ 0xc8, {
+    'OsMajorVersion' : [ 0x0, ['unsigned long']],
+    'OsMinorVersion' : [ 0x4, ['unsigned long']],
+    'Size' : [ 0x8, ['unsigned long']],
+    'OsLoaderSecurityVersion' : [ 0xc, ['unsigned long']],
+    'LoadOrderListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'MemoryDescriptorListHead' : [ 0x18, ['_LIST_ENTRY']],
+    'BootDriverListHead' : [ 0x20, ['_LIST_ENTRY']],
+    'EarlyLaunchListHead' : [ 0x28, ['_LIST_ENTRY']],
+    'CoreDriverListHead' : [ 0x30, ['_LIST_ENTRY']],
+    'CoreExtensionsDriverListHead' : [ 0x38, ['_LIST_ENTRY']],
+    'TpmCoreDriverListHead' : [ 0x40, ['_LIST_ENTRY']],
+    'KernelStack' : [ 0x48, ['unsigned long']],
+    'Prcb' : [ 0x4c, ['unsigned long']],
+    'Process' : [ 0x50, ['unsigned long']],
+    'Thread' : [ 0x54, ['unsigned long']],
+    'KernelStackSize' : [ 0x58, ['unsigned long']],
+    'RegistryLength' : [ 0x5c, ['unsigned long']],
+    'RegistryBase' : [ 0x60, ['pointer', ['void']]],
+    'ConfigurationRoot' : [ 0x64, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ArcBootDeviceName' : [ 0x68, ['pointer', ['unsigned char']]],
+    'ArcHalDeviceName' : [ 0x6c, ['pointer', ['unsigned char']]],
+    'NtBootPathName' : [ 0x70, ['pointer', ['unsigned char']]],
+    'NtHalPathName' : [ 0x74, ['pointer', ['unsigned char']]],
+    'LoadOptions' : [ 0x78, ['pointer', ['unsigned char']]],
+    'NlsData' : [ 0x7c, ['pointer', ['_NLS_DATA_BLOCK']]],
+    'ArcDiskInformation' : [ 0x80, ['pointer', ['_ARC_DISK_INFORMATION']]],
+    'Extension' : [ 0x84, ['pointer', ['_LOADER_PARAMETER_EXTENSION']]],
+    'u' : [ 0x88, ['__unnamed_3027']],
+    'FirmwareInformation' : [ 0x94, ['_FIRMWARE_INFORMATION_LOADER_BLOCK']],
+    'OsBootstatPathName' : [ 0xbc, ['pointer', ['unsigned char']]],
+    'ArcOSDataDeviceName' : [ 0xc0, ['pointer', ['unsigned char']]],
+    'ArcWindowsSysPartName' : [ 0xc4, ['pointer', ['unsigned char']]],
+} ],
+  '_OBJECT_DUMP_CONTROL' : [ 0x8, {
+    'Stream' : [ 0x0, ['pointer', ['void']]],
+    'Detail' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_302f' : [ 0x4, {
+    'PhysicalAddress' : [ 0x0, ['unsigned long']],
+    'VirtualSize' : [ 0x0, ['unsigned long']],
+} ],
+  '_IMAGE_SECTION_HEADER' : [ 0x28, {
+    'Name' : [ 0x0, ['array', 8, ['unsigned char']]],
+    'Misc' : [ 0x8, ['__unnamed_302f']],
+    'VirtualAddress' : [ 0xc, ['unsigned long']],
+    'SizeOfRawData' : [ 0x10, ['unsigned long']],
+    'PointerToRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRelocations' : [ 0x18, ['unsigned long']],
+    'PointerToLinenumbers' : [ 0x1c, ['unsigned long']],
+    'NumberOfRelocations' : [ 0x20, ['unsigned short']],
+    'NumberOfLinenumbers' : [ 0x22, ['unsigned short']],
+    'Characteristics' : [ 0x24, ['unsigned long']],
+} ],
+  '_FAST_OWNER_ENTRY_INTERNAL' : [ 0x24, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'AbLockHandle' : [ 0x8, ['unsigned char']],
+    'Disowned' : [ 0x9, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'DynamicallyAllocated' : [ 0x9, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'CallerExclusive' : [ 0x9, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'IsSublistHead' : [ 0xa, ['unsigned char']],
+    'IsWaiting' : [ 0xb, ['unsigned char']],
+    'LockAddress' : [ 0xc, ['pointer', ['void']]],
+    'ThreadAddress' : [ 0x10, ['pointer', ['void']]],
+    'SublistHead' : [ 0x14, ['_LIST_ENTRY']],
+    'LockListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MI_POOL_STATE' : [ 0x54, {
+    'MaximumNonPagedPoolThreshold' : [ 0x0, ['unsigned long']],
+    'AllocatedNonPagedPool' : [ 0x4, ['unsigned long']],
+    'BadPoolHead' : [ 0x8, ['_SINGLE_LIST_ENTRY']],
+    'HighEventSets' : [ 0xc, ['unsigned long']],
+    'HighEventSetsValid' : [ 0x10, ['unsigned char']],
+    'LowPagedPoolThreshold' : [ 0x14, ['unsigned long']],
+    'HighPagedPoolThreshold' : [ 0x18, ['unsigned long']],
+    'PermittedFaultsLock' : [ 0x1c, ['long']],
+    'PermittedFaultsTree' : [ 0x20, ['_RTL_AVL_TREE']],
+    'PermittedFaultsInitialNode' : [ 0x24, ['array', 2, ['_MI_ACCESS_VIOLATION_RANGE']]],
+    'TotalPagedPoolQuota' : [ 0x4c, ['unsigned long']],
+    'TotalNonPagedPoolQuota' : [ 0x50, ['unsigned long']],
+} ],
+  '_SECTION_IMAGE_INFORMATION' : [ 0x30, {
+    'TransferAddress' : [ 0x0, ['pointer', ['void']]],
+    'ZeroBits' : [ 0x4, ['unsigned long']],
+    'MaximumStackSize' : [ 0x8, ['unsigned long']],
+    'CommittedStackSize' : [ 0xc, ['unsigned long']],
+    'SubSystemType' : [ 0x10, ['unsigned long']],
+    'SubSystemMinorVersion' : [ 0x14, ['unsigned short']],
+    'SubSystemMajorVersion' : [ 0x16, ['unsigned short']],
+    'SubSystemVersion' : [ 0x14, ['unsigned long']],
+    'MajorOperatingSystemVersion' : [ 0x18, ['unsigned short']],
+    'MinorOperatingSystemVersion' : [ 0x1a, ['unsigned short']],
+    'OperatingSystemVersion' : [ 0x18, ['unsigned long']],
+    'ImageCharacteristics' : [ 0x1c, ['unsigned short']],
+    'DllCharacteristics' : [ 0x1e, ['unsigned short']],
+    'Machine' : [ 0x20, ['unsigned short']],
+    'ImageContainsCode' : [ 0x22, ['unsigned char']],
+    'ImageFlags' : [ 0x23, ['unsigned char']],
+    'ComPlusNativeReady' : [ 0x23, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ComPlusILOnly' : [ 0x23, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'ImageDynamicallyRelocated' : [ 0x23, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'ImageMappedFlat' : [ 0x23, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'BaseBelow4gb' : [ 0x23, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'ComPlusPrefer32bit' : [ 0x23, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Reserved' : [ 0x23, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+    'LoaderFlags' : [ 0x24, ['unsigned long']],
+    'ImageFileSize' : [ 0x28, ['unsigned long']],
+    'CheckSum' : [ 0x2c, ['unsigned long']],
+} ],
+  '_KSECONDARY_IDT_ENTRY' : [ 0x1c, {
+    'SpinLock' : [ 0x0, ['unsigned long']],
+    'ConnectLock' : [ 0x4, ['_KEVENT']],
+    'LineMasked' : [ 0x14, ['unsigned char']],
+    'InterruptList' : [ 0x18, ['pointer', ['_KINTERRUPT']]],
+} ],
+  '_PPM_SELECTION_DEPENDENCY' : [ 0xc, {
+    'Processor' : [ 0x0, ['unsigned long']],
+    'Menu' : [ 0x4, ['_PPM_SELECTION_MENU']],
+} ],
+  '_AGGREGATED_PAYLOAD_FILTER' : [ 0x50, {
+    'MagicValue' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 12, native_type='unsigned short')]],
+    'DescriptorVersion' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 16, native_type='unsigned short')]],
+    'Size' : [ 0x2, ['unsigned short']],
+    'PredicateCount' : [ 0x4, ['unsigned short']],
+    'Reserved' : [ 0x6, ['unsigned short']],
+    'HashedEventIdBitmap' : [ 0x8, ['unsigned long long']],
+    'ProviderGuid' : [ 0x10, ['_GUID']],
+    'EachEventTableOffset' : [ 0x20, ['unsigned short']],
+    'EachEventTableLength' : [ 0x22, ['unsigned short']],
+    'PayloadDecoderTableOffset' : [ 0x24, ['unsigned short']],
+    'PayloadDecoderTableLength' : [ 0x26, ['unsigned short']],
+    'EventFilterTableOffset' : [ 0x28, ['unsigned short']],
+    'EventFilterTableLength' : [ 0x2a, ['unsigned short']],
+    'UNICODEStringTableOffset' : [ 0x2c, ['unsigned short']],
+    'UNICODEStringTableLength' : [ 0x2e, ['unsigned short']],
+    'ANSIStringTableOffset' : [ 0x30, ['unsigned short']],
+    'ANSIStringTableLength' : [ 0x32, ['unsigned short']],
+    'PredicateTable' : [ 0x38, ['array', 1, ['_EVENT_PAYLOAD_PREDICATE']]],
+} ],
+  '_WNF_SCOPE_MAP_ENTRY' : [ 0xc, {
+    'MapEntryLock' : [ 0x0, ['_WNF_LOCK']],
+    'MapEntryHead' : [ 0x4, ['_LIST_ENTRY']],
+} ],
+  '_ARBITER_ORDERING_LIST' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned short']],
+    'Maximum' : [ 0x2, ['unsigned short']],
+    'Orderings' : [ 0x4, ['pointer', ['_ARBITER_ORDERING']]],
+} ],
+  '_MI_HARDWARE_STATE' : [ 0x140, {
+    'NodeMask' : [ 0x0, ['unsigned long']],
+    'NumaHintIndex' : [ 0x4, ['unsigned long']],
+    'NumaLastRangeIndexInclusive' : [ 0x8, ['unsigned long']],
+    'NodeShift' : [ 0xc, ['unsigned char']],
+    'ChannelShift' : [ 0xd, ['unsigned char']],
+    'ChannelHintIndex' : [ 0x10, ['unsigned long']],
+    'ChannelLastRangeIndexInclusive' : [ 0x14, ['unsigned long']],
+    'NodeGraph' : [ 0x18, ['pointer', ['_MI_NODE_NUMBER_ZERO_BASED']]],
+    'SystemNodeInformation' : [ 0x1c, ['pointer', ['_MI_SYSTEM_NODE_INFORMATION']]],
+    'TemporaryNumaRanges' : [ 0x20, ['array', 2, ['_HAL_NODE_RANGE']]],
+    'NumaMemoryRanges' : [ 0x30, ['pointer', ['_HAL_NODE_RANGE']]],
+    'ChannelMemoryRanges' : [ 0x34, ['pointer', ['_HAL_CHANNEL_MEMORY_RANGES']]],
+    'SecondLevelCacheSize' : [ 0x38, ['unsigned long']],
+    'FirstLevelCacheSize' : [ 0x3c, ['unsigned long']],
+    'PhysicalAddressBits' : [ 0x40, ['unsigned long']],
+    'LogicalProcessorsPerCore' : [ 0x44, ['unsigned long']],
+    'ProcessorCachesFlushedOnPowerLoss' : [ 0x48, ['unsigned char']],
+    'TotalPagesAllowed' : [ 0x4c, ['unsigned long']],
+    'SecondaryColorMask' : [ 0x50, ['unsigned long']],
+    'SecondaryColors' : [ 0x54, ['unsigned long']],
+    'FlushTbForAttributeChange' : [ 0x58, ['unsigned long']],
+    'FlushCacheForAttributeChange' : [ 0x5c, ['unsigned long']],
+    'FlushCacheForPageAttributeChange' : [ 0x60, ['unsigned long']],
+    'CacheFlushPromoteThreshold' : [ 0x64, ['unsigned long']],
+    'PerformanceCounterFrequency' : [ 0x68, ['_LARGE_INTEGER']],
+    'InvalidPteMask' : [ 0x80, ['unsigned long long']],
+    'LargePageColors' : [ 0xc0, ['array', 2, ['unsigned long']]],
+    'FlushTbThreshold' : [ 0xc8, ['unsigned long']],
+    'OptimalZeroingAttribute' : [ 0xcc, ['array', 4, ['array', 4, ['Enumeration', dict(target = 'long', choices = {0: u'MiNonCached', 1: u'MiCached', 2: u'MiWriteCombined', 3: u'MiNotMapped'})]]]],
+    'AttributeChangeRequiresReZero' : [ 0x10c, ['unsigned char']],
+    'ZeroCostCounts' : [ 0x110, ['array', 2, ['_MI_ZERO_COST_COUNTS']]],
+    'HighestPossiblePhysicalPage' : [ 0x130, ['unsigned long']],
+    'VsmKernelPageCount' : [ 0x134, ['unsigned long']],
+} ],
+  '_PPM_VETO_ACCOUNTING' : [ 0x18, {
+    'VetoPresent' : [ 0x0, ['long']],
+    'VetoListHead' : [ 0x4, ['_LIST_ENTRY']],
+    'CsAccountingBlocks' : [ 0xc, ['unsigned char']],
+    'BlocksDrips' : [ 0xd, ['unsigned char']],
+    'PreallocatedVetoCount' : [ 0x10, ['unsigned long']],
+    'PreallocatedVetoList' : [ 0x14, ['pointer', ['_PPM_VETO_ENTRY']]],
+} ],
+  '_EX_PARTITION' : [ 0x10, {
+    'PartitionObject' : [ 0x0, ['pointer', ['_EPARTITION']]],
+    'WorkQueues' : [ 0x4, ['pointer', ['pointer', ['pointer', ['_EX_WORK_QUEUE']]]]],
+    'WorkQueueManagers' : [ 0x8, ['pointer', ['pointer', ['_EX_WORK_QUEUE_MANAGER']]]],
+    'QueueAllocationMask' : [ 0xc, ['long']],
+} ],
+  '__unnamed_3066' : [ 0x8, {
+    'idxRecord' : [ 0x0, ['unsigned long']],
+    'cidContainer' : [ 0x4, ['unsigned long']],
+} ],
+  '_CLS_LSN' : [ 0x8, {
+    'offset' : [ 0x0, ['__unnamed_3066']],
+    'ullOffset' : [ 0x0, ['unsigned long long']],
+} ],
+  '_SYSPTES_HEADER' : [ 0x8c, {
+    'ListHead' : [ 0x0, ['array', 16, ['_LIST_ENTRY']]],
+    'Count' : [ 0x80, ['unsigned long']],
+    'NumberOfEntries' : [ 0x84, ['unsigned long']],
+    'NumberOfEntriesPeak' : [ 0x88, ['unsigned long']],
+} ],
+  '_MI_ERROR_STATE' : [ 0xb0, {
+    'BadMemoryEventEntry' : [ 0x0, ['_MI_BAD_MEMORY_EVENT_ENTRY']],
+    'PageOfInterest' : [ 0x28, ['unsigned long']],
+    'ProbeRaises' : [ 0x2c, ['_MI_PROBE_RAISE_TRACKER']],
+    'ForcedCommits' : [ 0x70, ['_MI_FORCED_COMMITS']],
+    'WsleFailures' : [ 0x78, ['array', 1, ['unsigned long']]],
+    'PageHashErrors' : [ 0x7c, ['unsigned long']],
+    'CheckZeroCount' : [ 0x80, ['unsigned long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x84, ['long']],
+    'BadPagesDetected' : [ 0x88, ['long']],
+    'ScrubPasses' : [ 0x8c, ['long']],
+    'ScrubBadPagesFound' : [ 0x90, ['long']],
+    'UserViewFailures' : [ 0x94, ['unsigned long']],
+    'UserViewCollisionFailures' : [ 0x98, ['unsigned long']],
+    'UserAllocateFailures' : [ 0x9c, ['unsigned long']],
+    'UserAllocateCollisionFailures' : [ 0xa0, ['unsigned long']],
+    'ResavailFailures' : [ 0xa4, ['_MI_RESAVAIL_FAILURES']],
+    'PendingBadPages' : [ 0xac, ['unsigned char']],
+    'FatalGraphicsFailures' : [ 0xad, ['unsigned char']],
+    'InitFailure' : [ 0xae, ['unsigned char']],
+    'StopBadMaps' : [ 0xaf, ['unsigned char']],
+} ],
+  '_PROC_PERF_DOMAIN' : [ 0x218, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Master' : [ 0x8, ['pointer', ['_PROC_PERF_CHECK_CONTEXT']]],
+    'Members' : [ 0xc, ['_KAFFINITY_EX']],
+    'DomainContext' : [ 0x18, ['unsigned long']],
+    'ProcessorCount' : [ 0x1c, ['unsigned long']],
+    'EfficiencyClass' : [ 0x20, ['unsigned char']],
+    'NominalPerformanceClass' : [ 0x21, ['unsigned char']],
+    'HighestPerformanceClass' : [ 0x22, ['unsigned char']],
+    'Processors' : [ 0x24, ['pointer', ['_PROC_PERF_CONSTRAINT']]],
+    'GetFFHThrottleState' : [ 0x28, ['pointer', ['void']]],
+    'TimeWindowHandler' : [ 0x2c, ['pointer', ['void']]],
+    'BoostPolicyHandler' : [ 0x30, ['pointer', ['void']]],
+    'BoostModeHandler' : [ 0x34, ['pointer', ['void']]],
+    'AutonomousActivityWindowHandler' : [ 0x38, ['pointer', ['void']]],
+    'AutonomousModeHandler' : [ 0x3c, ['pointer', ['void']]],
+    'ReinitializeHandler' : [ 0x40, ['pointer', ['void']]],
+    'PerfSelectionHandler' : [ 0x44, ['pointer', ['void']]],
+    'PerfControlHandler' : [ 0x48, ['pointer', ['void']]],
+    'DomainPerfControlHandler' : [ 0x4c, ['pointer', ['void']]],
+    'MaxFrequency' : [ 0x50, ['unsigned long']],
+    'NominalFrequency' : [ 0x54, ['unsigned long']],
+    'MaxPercent' : [ 0x58, ['unsigned long']],
+    'MinPerfPercent' : [ 0x5c, ['unsigned long']],
+    'MinThrottlePercent' : [ 0x60, ['unsigned long']],
+    'AdvertizedMaximumFrequency' : [ 0x64, ['unsigned long']],
+    'MinimumRelativePerformance' : [ 0x68, ['unsigned long long']],
+    'NominalRelativePerformance' : [ 0x70, ['unsigned long long']],
+    'NominalRelativePerformancePercent' : [ 0x78, ['unsigned char']],
+    'Coordination' : [ 0x79, ['unsigned char']],
+    'HardPlatformCap' : [ 0x7a, ['unsigned char']],
+    'AffinitizeControl' : [ 0x7b, ['unsigned char']],
+    'EfficientThrottle' : [ 0x7c, ['unsigned char']],
+    'AllowSchedulerDirectedPerfStates' : [ 0x7d, ['unsigned char']],
+    'InitiateAllProcessors' : [ 0x7e, ['unsigned char']],
+    'AutonomousMode' : [ 0x7f, ['unsigned char']],
+    'ProvideGuidance' : [ 0x80, ['unsigned char']],
+    'DesiredPercent' : [ 0x84, ['unsigned long']],
+    'GuaranteedPercent' : [ 0x88, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x8c, ['unsigned char']],
+    'QosPolicies' : [ 0x90, ['array', 5, ['_PROC_PERF_QOS_CLASS_POLICY']]],
+    'QosDisableReasons' : [ 0x11c, ['array', 5, ['unsigned long']]],
+    'QosEquivalencyMasks' : [ 0x130, ['array', 5, ['unsigned short']]],
+    'QosSupported' : [ 0x13a, ['unsigned char']],
+    'SelectionGeneration' : [ 0x13c, ['unsigned long']],
+    'QosSelection' : [ 0x140, ['array', 5, ['_PERF_CONTROL_STATE_SELECTION']]],
+    'PerfChangeTime' : [ 0x208, ['unsigned long long']],
+    'PerfChangeIntervalCount' : [ 0x210, ['unsigned long']],
+    'Force' : [ 0x214, ['unsigned char']],
+    'Update' : [ 0x215, ['unsigned char']],
+    'Apply' : [ 0x216, ['unsigned char']],
+} ],
+  '_MI_COMMON_PAGE_STATE' : [ 0x40, {
+    'PageOfOnesPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'PageOfOnes' : [ 0x4, ['unsigned long']],
+    'DummyPagePfn' : [ 0x8, ['pointer', ['_MMPFN']]],
+    'DummyPage' : [ 0xc, ['unsigned long']],
+    'PageOfZeroes' : [ 0x10, ['unsigned long']],
+    'ZeroMapping' : [ 0x14, ['pointer', ['void']]],
+    'OnesMapping' : [ 0x18, ['pointer', ['void']]],
+    'ZeroCrc' : [ 0x20, ['unsigned long long']],
+    'OnesCrc' : [ 0x28, ['unsigned long long']],
+    'BitmapGapFrames' : [ 0x30, ['array', 2, ['unsigned long']]],
+    'PfnGapFrames' : [ 0x38, ['array', 2, ['unsigned long']]],
+} ],
+  '_HAL_HV_DMA_DOMAIN_INFO' : [ 0x8, {
+    'DomainId' : [ 0x0, ['unsigned long']],
+    'IsStage1' : [ 0x4, ['unsigned char']],
+} ],
+  '_RTL_BALANCED_LINKS' : [ 0x10, {
+    'Parent' : [ 0x0, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'LeftChild' : [ 0x4, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'RightChild' : [ 0x8, ['pointer', ['_RTL_BALANCED_LINKS']]],
+    'Balance' : [ 0xc, ['unsigned char']],
+    'Reserved' : [ 0xd, ['array', 3, ['unsigned char']]],
+} ],
+  '_HEAP_EXTENDED_ENTRY' : [ 0x8, {
+    'FunctionIndex' : [ 0x0, ['unsigned short']],
+    'ContextValue' : [ 0x2, ['unsigned short']],
+    'InterceptorValue' : [ 0x0, ['unsigned long']],
+    'UnusedBytesLength' : [ 0x4, ['unsigned short']],
+    'EntryOffset' : [ 0x6, ['unsigned char']],
+    'ExtendedBlockSignature' : [ 0x7, ['unsigned char']],
+} ],
+  '_SUPPORTED_RANGES' : [ 0xa0, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Sorted' : [ 0x2, ['unsigned char']],
+    'Reserved' : [ 0x3, ['unsigned char']],
+    'NoIO' : [ 0x4, ['unsigned long']],
+    'IO' : [ 0x8, ['_SUPPORTED_RANGE']],
+    'NoMemory' : [ 0x28, ['unsigned long']],
+    'Memory' : [ 0x30, ['_SUPPORTED_RANGE']],
+    'NoPrefetchMemory' : [ 0x50, ['unsigned long']],
+    'PrefetchMemory' : [ 0x58, ['_SUPPORTED_RANGE']],
+    'NoDma' : [ 0x78, ['unsigned long']],
+    'Dma' : [ 0x80, ['_SUPPORTED_RANGE']],
+} ],
+  '_ETW_WMITRACE_WORK' : [ 0xf0, {
+    'LoggerId' : [ 0x0, ['unsigned long']],
+    'SiloSessionId' : [ 0x4, ['unsigned long']],
+    'LoggerName' : [ 0x8, ['array', 65, ['unsigned char']]],
+    'FileName' : [ 0x49, ['array', 129, ['unsigned char']]],
+    'MaximumFileSize' : [ 0xcc, ['unsigned long']],
+    'MinBuffers' : [ 0xd0, ['unsigned long']],
+    'MaxBuffers' : [ 0xd4, ['unsigned long']],
+    'BufferSize' : [ 0xd8, ['unsigned long']],
+    'Mode' : [ 0xdc, ['unsigned long']],
+    'FlushTimer' : [ 0xe0, ['unsigned long']],
+    'MatchAny' : [ 0x8, ['unsigned long long']],
+    'MatchAll' : [ 0x10, ['unsigned long long']],
+    'EnableProperty' : [ 0x18, ['unsigned long']],
+    'Guid' : [ 0x1c, ['_GUID']],
+    'Level' : [ 0x2c, ['unsigned char']],
+    'Status' : [ 0xe8, ['long']],
+} ],
+  '_MAPPED_FILE_SEGMENT' : [ 0x20, {
+    'ControlArea' : [ 0x0, ['pointer', ['_CONTROL_AREA']]],
+    'TotalNumberOfPtes' : [ 0x4, ['unsigned long']],
+    'SegmentFlags' : [ 0x8, ['_SEGMENT_FLAGS']],
+    'NumberOfCommittedPages' : [ 0xc, ['unsigned long']],
+    'SizeOfSegment' : [ 0x10, ['unsigned long long']],
+    'ExtendInfo' : [ 0x18, ['pointer', ['_MMEXTEND_INFO']]],
+    'BasedAddress' : [ 0x18, ['pointer', ['void']]],
+    'SegmentLock' : [ 0x1c, ['_EX_PUSH_LOCK']],
+} ],
+  '_MMPTE_TRANSITION' : [ 0x8, {
+    'Valid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'Write' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'IoTracker' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'SwizzleBit' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Protection' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 10, native_type='unsigned long long')]],
+    'Prototype' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'Transition' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'PageFrameNumber' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 38, native_type='unsigned long long')]],
+    'Unused' : [ 0x0, ['BitField', dict(start_bit = 38, end_bit = 64, native_type='unsigned long long')]],
+} ],
+  '_DEVICE_OBJECT_LIST' : [ 0x20, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'MaxCount' : [ 0x4, ['unsigned long']],
+    'TagCount' : [ 0x8, ['unsigned long']],
+    'OperationCode' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'QueryRemoveDevice', 1: u'CancelRemoveDevice', 2: u'RemoveDevice', 3: u'SurpriseRemoveDevice', 4: u'EjectDevice', 5: u'RemoveFailedDevice', 6: u'RemoveUnstartedFailedDevice', 7: u'MaxDeviceDeleteType'})]],
+    'Devices' : [ 0x10, ['array', 1, ['_DEVICE_OBJECT_LIST_ENTRY']]],
+} ],
+  '_DEBUG_TRANSPORT_DATA' : [ 0x8, {
+    'HwContextSize' : [ 0x0, ['unsigned long']],
+    'UseSerialFraming' : [ 0x4, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x5, ['unsigned char']],
+    'USBCoreId' : [ 0x6, ['unsigned char']],
+} ],
+  '_CM_KEY_INDEX' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['array', 1, ['unsigned long']]],
+} ],
+  '_HAL_HV_SVM_DEVICE_CAPABILITIES' : [ 0xc, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PciExecute' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'NoExecute' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 31, native_type='unsigned long')]],
+    'OverflowPossible' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'PasidCount' : [ 0x4, ['unsigned long']],
+    'IommuIndex' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_COOLING_EXTENSION' : [ 0x48, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'RequestListHead' : [ 0x8, ['_LIST_ENTRY']],
+    'Lock' : [ 0x10, ['_POP_RW_LOCK']],
+    'DeviceObject' : [ 0x18, ['pointer', ['_DEVICE_OBJECT']]],
+    'NotificationEntry' : [ 0x1c, ['pointer', ['void']]],
+    'Enabled' : [ 0x20, ['unsigned char']],
+    'ActiveEngaged' : [ 0x21, ['unsigned char']],
+    'ThrottleLimit' : [ 0x22, ['unsigned char']],
+    'UpdatingToCurrent' : [ 0x23, ['unsigned char']],
+    'RemovalFlushEvent' : [ 0x24, ['pointer', ['_KEVENT']]],
+    'PnpFlushEvent' : [ 0x28, ['pointer', ['_KEVENT']]],
+    'Interface' : [ 0x2c, ['_THERMAL_COOLING_INTERFACE']],
+} ],
+  '_KTMOBJECT_NAMESPACE_LINK' : [ 0x14, {
+    'Links' : [ 0x0, ['_RTL_BALANCED_LINKS']],
+    'Expired' : [ 0x10, ['unsigned char']],
+} ],
+  '_POOL_HEADER' : [ 0x8, {
+    'PreviousSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolIndex' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'BlockSize' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 9, native_type='unsigned short')]],
+    'PoolType' : [ 0x2, ['BitField', dict(start_bit = 9, end_bit = 16, native_type='unsigned short')]],
+    'Ulong1' : [ 0x0, ['unsigned long']],
+    'PoolTag' : [ 0x4, ['unsigned long']],
+    'AllocatorBackTraceIndex' : [ 0x4, ['unsigned short']],
+    'PoolTagHash' : [ 0x6, ['unsigned short']],
+} ],
+  '_POP_POWER_SETTING_VALUES' : [ 0x148, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'PopPolicy' : [ 0x4, ['_SYSTEM_POWER_POLICY']],
+    'CurrentAcDcPowerState' : [ 0xec, ['Enumeration', dict(target = 'long', choices = {0: u'PoAc', 1: u'PoDc', 2: u'PoHot', 3: u'PoConditionMaximum'})]],
+    'AwayModeEnabled' : [ 0xf0, ['unsigned char']],
+    'AwayModeEngaged' : [ 0xf1, ['unsigned char']],
+    'AwayModePolicyAllowed' : [ 0xf2, ['unsigned char']],
+    'AwayModeIgnoreUserPresent' : [ 0xf4, ['long']],
+    'AwayModeIgnoreAction' : [ 0xf8, ['long']],
+    'DisableFastS4' : [ 0xfc, ['unsigned char']],
+    'DisableStandbyStates' : [ 0xfd, ['unsigned char']],
+    'UnattendSleepTimeout' : [ 0x100, ['unsigned long']],
+    'DiskIgnoreTime' : [ 0x104, ['unsigned long']],
+    'DeviceIdlePolicy' : [ 0x108, ['unsigned long']],
+    'VideoDimTimeout' : [ 0x10c, ['unsigned long']],
+    'VideoNormalBrightness' : [ 0x110, ['unsigned long']],
+    'VideoDimBrightness' : [ 0x114, ['unsigned long']],
+    'AlsOffset' : [ 0x118, ['unsigned long']],
+    'AlsEnabled' : [ 0x11c, ['unsigned long']],
+    'EsBrightness' : [ 0x120, ['unsigned long']],
+    'SwitchShutdownForced' : [ 0x124, ['unsigned char']],
+    'SystemCoolingPolicy' : [ 0x128, ['unsigned long']],
+    'MediaBufferingEngaged' : [ 0x12c, ['unsigned char']],
+    'AudioActivity' : [ 0x12d, ['unsigned char']],
+    'FullscreenVideoPlayback' : [ 0x12e, ['unsigned char']],
+    'EsBatteryThreshold' : [ 0x130, ['unsigned long']],
+    'EsAggressive' : [ 0x134, ['unsigned char']],
+    'EsUserAwaySetting' : [ 0x135, ['unsigned char']],
+    'ConnectivityInStandby' : [ 0x138, ['unsigned long']],
+    'DisconnectedStandbyMode' : [ 0x13c, ['unsigned long']],
+    'UserPresencePredictionEnabled' : [ 0x140, ['unsigned long']],
+    'AirplaneModeEnabled' : [ 0x144, ['unsigned char']],
+    'BluetoothDeviceCharging' : [ 0x145, ['unsigned char']],
+} ],
+  '_XPF_MC_BANK_FLAGS' : [ 0x1, {
+    'ClearOnInitializationRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'ControlDataRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 8, native_type='unsigned char')]],
+    'AsUCHAR' : [ 0x0, ['unsigned char']],
+} ],
+  '_PROC_PERF_HISTORY_ENTRY' : [ 0xa, {
+    'Utility' : [ 0x0, ['unsigned short']],
+    'AffinitizedUtility' : [ 0x2, ['unsigned short']],
+    'Frequency' : [ 0x4, ['unsigned short']],
+    'TaggedPercent' : [ 0x6, ['array', 3, ['unsigned char']]],
+} ],
+  '_ARBITER_BOOT_ALLOCATION_PARAMETERS' : [ 0x4, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+} ],
+  '_POP_FX_IDLE_STATE' : [ 0x18, {
+    'TransitionLatency' : [ 0x0, ['unsigned long long']],
+    'ResidencyRequirement' : [ 0x8, ['unsigned long long']],
+    'NominalPower' : [ 0x10, ['unsigned long']],
+} ],
+  '_HAL_IOMMU_DISPATCH' : [ 0x4c, {
+    'HalIommuSupportEnabled' : [ 0x0, ['pointer', ['void']]],
+    'HalIommuGetConfiguration' : [ 0x4, ['pointer', ['void']]],
+    'HalIommuGetLibraryContext' : [ 0x8, ['pointer', ['void']]],
+    'HalIommuMapDevice' : [ 0xc, ['pointer', ['void']]],
+    'HalIommuEnableDevicePasid' : [ 0x10, ['pointer', ['void']]],
+    'HalIommuSetAddressSpace' : [ 0x14, ['pointer', ['void']]],
+    'HalIommuDisableDevicePasid' : [ 0x18, ['pointer', ['void']]],
+    'HalIommuUnmapDevice' : [ 0x1c, ['pointer', ['void']]],
+    'HalIommuFreeLibraryContext' : [ 0x20, ['pointer', ['void']]],
+    'HalIommuFlushTb' : [ 0x24, ['pointer', ['void']]],
+    'HalIommuFlushAllPasid' : [ 0x28, ['pointer', ['void']]],
+    'HalIommuProcessPageRequestQueue' : [ 0x2c, ['pointer', ['void']]],
+    'HalIommuFaultRoutine' : [ 0x30, ['pointer', ['void']]],
+    'HalIommuReferenceAsid' : [ 0x34, ['pointer', ['void']]],
+    'HalIommuDereferenceAsid' : [ 0x38, ['pointer', ['void']]],
+    'HalIommuServicePageFault' : [ 0x3c, ['pointer', ['void']]],
+    'HalIommuDevicePowerChange' : [ 0x40, ['pointer', ['void']]],
+    'HalIommuBeginDeviceReset' : [ 0x44, ['pointer', ['void']]],
+    'HalIommuFinalizeDeviceReset' : [ 0x48, ['pointer', ['void']]],
+} ],
+  '_MI_ZERO_COST_COUNTS' : [ 0x10, {
+    'NativeSum' : [ 0x0, ['unsigned long long']],
+    'CachedSum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_FX_WORK_ORDER_WATCHDOG_INFO' : [ 0x68, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Timer' : [ 0x8, ['_KTIMER']],
+    'Dpc' : [ 0x30, ['_KDPC']],
+    'WorkOrder' : [ 0x50, ['pointer', ['_POP_FX_WORK_ORDER']]],
+    'CurrentWorkInfo' : [ 0x54, ['pointer', ['_PEP_WORK_INFORMATION']]],
+    'WatchdogStart' : [ 0x58, ['unsigned long long']],
+    'WorkerThread' : [ 0x60, ['pointer', ['_KTHREAD']]],
+} ],
+  '_ARBITER_INTERFACE' : [ 0x18, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'ArbiterHandler' : [ 0x10, ['pointer', ['void']]],
+    'Flags' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_30e7' : [ 0x10, {
+    'TestAllocation' : [ 0x0, ['_ARBITER_TEST_ALLOCATION_PARAMETERS']],
+    'RetestAllocation' : [ 0x0, ['_ARBITER_RETEST_ALLOCATION_PARAMETERS']],
+    'BootAllocation' : [ 0x0, ['_ARBITER_BOOT_ALLOCATION_PARAMETERS']],
+    'QueryAllocatedResources' : [ 0x0, ['_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS']],
+    'QueryConflict' : [ 0x0, ['_ARBITER_QUERY_CONFLICT_PARAMETERS']],
+    'QueryArbitrate' : [ 0x0, ['_ARBITER_QUERY_ARBITRATE_PARAMETERS']],
+    'AddReserved' : [ 0x0, ['_ARBITER_ADD_RESERVED_PARAMETERS']],
+} ],
+  '_ARBITER_PARAMETERS' : [ 0x10, {
+    'Parameters' : [ 0x0, ['__unnamed_30e7']],
+} ],
+  '__unnamed_30eb' : [ 0x18, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Alignment' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_30ef' : [ 0x14, {
+    'MinimumVector' : [ 0x0, ['unsigned long']],
+    'MaximumVector' : [ 0x4, ['unsigned long']],
+    'AffinityPolicy' : [ 0x8, ['unsigned short']],
+    'Group' : [ 0xa, ['unsigned short']],
+    'PriorityPolicy' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'IrqPriorityUndefined', 1: u'IrqPriorityLow', 2: u'IrqPriorityNormal', 3: u'IrqPriorityHigh'})]],
+    'TargetedProcessors' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_30f1' : [ 0x8, {
+    'MinimumChannel' : [ 0x0, ['unsigned long']],
+    'MaximumChannel' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_30f3' : [ 0x10, {
+    'RequestLine' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'Channel' : [ 0x8, ['unsigned long']],
+    'TransferWidth' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_30f5' : [ 0xc, {
+    'Data' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '__unnamed_30f7' : [ 0x10, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'MinBusNumber' : [ 0x4, ['unsigned long']],
+    'MaxBusNumber' : [ 0x8, ['unsigned long']],
+    'Reserved' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_30f9' : [ 0xc, {
+    'Priority' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_30fb' : [ 0x18, {
+    'Length40' : [ 0x0, ['unsigned long']],
+    'Alignment40' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_30fd' : [ 0x18, {
+    'Length48' : [ 0x0, ['unsigned long']],
+    'Alignment48' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_30ff' : [ 0x18, {
+    'Length64' : [ 0x0, ['unsigned long']],
+    'Alignment64' : [ 0x4, ['unsigned long']],
+    'MinimumAddress' : [ 0x8, ['_LARGE_INTEGER']],
+    'MaximumAddress' : [ 0x10, ['_LARGE_INTEGER']],
+} ],
+  '__unnamed_3101' : [ 0xc, {
+    'Class' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'Reserved1' : [ 0x2, ['unsigned char']],
+    'Reserved2' : [ 0x3, ['unsigned char']],
+    'IdLowPart' : [ 0x4, ['unsigned long']],
+    'IdHighPart' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_3103' : [ 0x18, {
+    'Port' : [ 0x0, ['__unnamed_30eb']],
+    'Memory' : [ 0x0, ['__unnamed_30eb']],
+    'Interrupt' : [ 0x0, ['__unnamed_30ef']],
+    'Dma' : [ 0x0, ['__unnamed_30f1']],
+    'DmaV3' : [ 0x0, ['__unnamed_30f3']],
+    'Generic' : [ 0x0, ['__unnamed_30eb']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_30f5']],
+    'BusNumber' : [ 0x0, ['__unnamed_30f7']],
+    'ConfigData' : [ 0x0, ['__unnamed_30f9']],
+    'Memory40' : [ 0x0, ['__unnamed_30fb']],
+    'Memory48' : [ 0x0, ['__unnamed_30fd']],
+    'Memory64' : [ 0x0, ['__unnamed_30ff']],
+    'Connection' : [ 0x0, ['__unnamed_3101']],
+} ],
+  '_IO_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'Option' : [ 0x0, ['unsigned char']],
+    'Type' : [ 0x1, ['unsigned char']],
+    'ShareDisposition' : [ 0x2, ['unsigned char']],
+    'Spare1' : [ 0x3, ['unsigned char']],
+    'Flags' : [ 0x4, ['unsigned short']],
+    'Spare2' : [ 0x6, ['unsigned short']],
+    'u' : [ 0x8, ['__unnamed_3103']],
+} ],
+  '_HEAP_UNPACKED_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned char']],
+    'SmallTagIndex' : [ 0x3, ['unsigned char']],
+    'SubSegmentCode' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned short']],
+    'SegmentOffset' : [ 0x6, ['unsigned char']],
+    'LFHFlags' : [ 0x6, ['unsigned char']],
+    'UnusedBytes' : [ 0x7, ['unsigned char']],
+} ],
+  '_HEAP_UCR_DESCRIPTOR' : [ 0x18, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'SegmentEntry' : [ 0x8, ['_LIST_ENTRY']],
+    'Address' : [ 0x10, ['pointer', ['void']]],
+    'Size' : [ 0x14, ['unsigned long']],
+} ],
+  '_DRIVER_EXTENSION' : [ 0x28, {
+    'DriverObject' : [ 0x0, ['pointer', ['_DRIVER_OBJECT']]],
+    'AddDevice' : [ 0x4, ['pointer', ['void']]],
+    'Count' : [ 0x8, ['unsigned long']],
+    'ServiceKeyName' : [ 0xc, ['_UNICODE_STRING']],
+    'ClientDriverExtension' : [ 0x14, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'FsFilterCallbacks' : [ 0x18, ['pointer', ['_FS_FILTER_CALLBACKS']]],
+    'KseCallbacks' : [ 0x1c, ['pointer', ['void']]],
+    'DvCallbacks' : [ 0x20, ['pointer', ['void']]],
+    'VerifierContext' : [ 0x24, ['pointer', ['void']]],
+} ],
+  '_ETW_PROVIDER_TRAITS' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'Traits' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_ETW_QUEUE_ENTRY' : [ 0x20, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'DataBlock' : [ 0x8, ['pointer', ['_ETWP_NOTIFICATION_HEADER']]],
+    'RegEntry' : [ 0xc, ['pointer', ['_ETW_REG_ENTRY']]],
+    'ReplyObject' : [ 0x10, ['pointer', ['_ETW_REG_ENTRY']]],
+    'WakeReference' : [ 0x14, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned short']],
+    'ReplyIndex' : [ 0x1a, ['unsigned short']],
+    'Flags' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_PARTITION_FLAGS' : [ 0x4, {
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PageListsInitialized' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'StoreReservedPagesCharged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'UseProtectedSlabAllocators' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'UseUnprotectedSlabAllocators' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PureHoldingPartition' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'ZeroPagesOptional' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PERFINFO_PPM_STATE_SELECTION' : [ 0xc, {
+    'SelectedState' : [ 0x0, ['unsigned long']],
+    'VetoedStates' : [ 0x4, ['unsigned long']],
+    'VetoReason' : [ 0x8, ['array', 1, ['unsigned long']]],
+} ],
+  '_RTL_RVA_LIST' : [ 0x20, {
+    'RvaCount' : [ 0x0, ['unsigned long']],
+    'StateBitsPerRva' : [ 0x4, ['unsigned long']],
+    'CompressedBuffer' : [ 0x8, ['pointer', ['unsigned char']]],
+    'CompressedBufferSize' : [ 0xc, ['unsigned long']],
+    'RvaStateBitMap' : [ 0x10, ['_RTL_BITMAP']],
+    'StateBitValueMap' : [ 0x18, ['pointer', ['unsigned long']]],
+    'ExtensionBuffer' : [ 0x1c, ['pointer', ['void']]],
+} ],
+  '_INTERRUPT_CONNECTION_DATA' : [ 0x58, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'Vectors' : [ 0x8, ['array', 1, ['_INTERRUPT_VECTOR_DATA']]],
+} ],
+  '__unnamed_3122' : [ 0xc, {
+    'MessageAddressHigh' : [ 0x0, ['unsigned long']],
+    'MessageAddressLow' : [ 0x4, ['unsigned long']],
+    'MessageData' : [ 0x8, ['unsigned short']],
+    'Reserved' : [ 0xa, ['unsigned short']],
+} ],
+  '__unnamed_3124' : [ 0xc, {
+    'Msi' : [ 0x0, ['__unnamed_3122']],
+} ],
+  '_INTERRUPT_REMAPPING_INFO' : [ 0x10, {
+    'IrtIndex' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 30, native_type='unsigned long')]],
+    'FlagHalInternal' : [ 0x0, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'FlagTranslated' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_3124']],
+} ],
+  '_NON_PAGED_DEBUG_INFO' : [ 0x20, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'Size' : [ 0x4, ['unsigned long']],
+    'Machine' : [ 0x8, ['unsigned short']],
+    'Characteristics' : [ 0xa, ['unsigned short']],
+    'TimeDateStamp' : [ 0xc, ['unsigned long']],
+    'CheckSum' : [ 0x10, ['unsigned long']],
+    'SizeOfImage' : [ 0x14, ['unsigned long']],
+    'ImageBase' : [ 0x18, ['unsigned long long']],
+} ],
+  '_ARBITER_ADD_RESERVED_PARAMETERS' : [ 0x4, {
+    'ReserveDevice' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_MMMOD_WRITER_LISTHEAD' : [ 0x18, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+    'Gate' : [ 0x8, ['_KGATE']],
+    'Event' : [ 0x8, ['_KEVENT']],
+} ],
+  '_NONOPAQUE_OPLOCK' : [ 0x50, {
+    'IrpExclusiveOplock' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileObject' : [ 0x4, ['pointer', ['_FILE_OBJECT']]],
+    'ExclusiveOplockOwner' : [ 0x8, ['pointer', ['_EPROCESS']]],
+    'ExclusiveOplockOwnerThread' : [ 0xc, ['pointer', ['_ETHREAD']]],
+    'WaiterPriority' : [ 0x10, ['unsigned char']],
+    'IrpOplocksR' : [ 0x14, ['_LIST_ENTRY']],
+    'IrpOplocksRH' : [ 0x1c, ['_LIST_ENTRY']],
+    'RHBreakQueue' : [ 0x24, ['_LIST_ENTRY']],
+    'WaitingIrps' : [ 0x2c, ['_LIST_ENTRY']],
+    'DelayAckFileObjectQueue' : [ 0x34, ['_LIST_ENTRY']],
+    'AtomicQueue' : [ 0x3c, ['_LIST_ENTRY']],
+    'DeleterParentKey' : [ 0x44, ['pointer', ['_GUID']]],
+    'OplockState' : [ 0x48, ['unsigned long']],
+    'FastMutex' : [ 0x4c, ['pointer', ['_FAST_MUTEX']]],
+} ],
+  '_HAL_HV_SVM_SYSTEM_CAPABILITIES' : [ 0x18, {
+    'SvmSupported' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'GpaAlwaysValid' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'MaxPasidSpaceCount' : [ 0x4, ['unsigned long']],
+    'MaxPasidSpacePasidCount' : [ 0x8, ['unsigned long']],
+    'MaxPrqSize' : [ 0xc, ['unsigned long']],
+    'IommuCount' : [ 0x10, ['unsigned long']],
+    'MinIommuPasidCount' : [ 0x14, ['unsigned long']],
+} ],
+  '__unnamed_3134' : [ 0x8, {
+    'UserData' : [ 0x0, ['pointer', ['void']]],
+    'Owner' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '__unnamed_3135' : [ 0x8, {
+    'ListHead' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_RTLP_RANGE_LIST_ENTRY' : [ 0x28, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+    'Allocated' : [ 0x10, ['__unnamed_3134']],
+    'Merged' : [ 0x10, ['__unnamed_3135']],
+    'Attributes' : [ 0x18, ['unsigned char']],
+    'PublicFlags' : [ 0x19, ['unsigned char']],
+    'PrivateFlags' : [ 0x1a, ['unsigned short']],
+    'ListEntry' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '__unnamed_3139' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_313b' : [ 0xc, {
+    'Level' : [ 0x0, ['unsigned short']],
+    'Group' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_313d' : [ 0xc, {
+    'Group' : [ 0x0, ['unsigned short']],
+    'MessageCount' : [ 0x2, ['unsigned short']],
+    'Vector' : [ 0x4, ['unsigned long']],
+    'Affinity' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_313f' : [ 0xc, {
+    'Raw' : [ 0x0, ['__unnamed_313d']],
+    'Translated' : [ 0x0, ['__unnamed_313b']],
+} ],
+  '__unnamed_3141' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'Port' : [ 0x4, ['unsigned long']],
+    'Reserved1' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_3143' : [ 0xc, {
+    'Channel' : [ 0x0, ['unsigned long']],
+    'RequestLine' : [ 0x4, ['unsigned long']],
+    'TransferWidth' : [ 0x8, ['unsigned char']],
+    'Reserved1' : [ 0x9, ['unsigned char']],
+    'Reserved2' : [ 0xa, ['unsigned char']],
+    'Reserved3' : [ 0xb, ['unsigned char']],
+} ],
+  '__unnamed_3145' : [ 0xc, {
+    'Start' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Reserved' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_3147' : [ 0xc, {
+    'DataSize' : [ 0x0, ['unsigned long']],
+    'Reserved1' : [ 0x4, ['unsigned long']],
+    'Reserved2' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_3149' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length40' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_314b' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length48' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_314d' : [ 0xc, {
+    'Start' : [ 0x0, ['_LARGE_INTEGER']],
+    'Length64' : [ 0x8, ['unsigned long']],
+} ],
+  '__unnamed_314f' : [ 0xc, {
+    'Generic' : [ 0x0, ['__unnamed_3139']],
+    'Port' : [ 0x0, ['__unnamed_3139']],
+    'Interrupt' : [ 0x0, ['__unnamed_313b']],
+    'MessageInterrupt' : [ 0x0, ['__unnamed_313f']],
+    'Memory' : [ 0x0, ['__unnamed_3139']],
+    'Dma' : [ 0x0, ['__unnamed_3141']],
+    'DmaV3' : [ 0x0, ['__unnamed_3143']],
+    'DevicePrivate' : [ 0x0, ['__unnamed_30f5']],
+    'BusNumber' : [ 0x0, ['__unnamed_3145']],
+    'DeviceSpecificData' : [ 0x0, ['__unnamed_3147']],
+    'Memory40' : [ 0x0, ['__unnamed_3149']],
+    'Memory48' : [ 0x0, ['__unnamed_314b']],
+    'Memory64' : [ 0x0, ['__unnamed_314d']],
+    'Connection' : [ 0x0, ['__unnamed_3101']],
+} ],
+  '_CM_PARTIAL_RESOURCE_DESCRIPTOR' : [ 0x10, {
+    'Type' : [ 0x0, ['unsigned char']],
+    'ShareDisposition' : [ 0x1, ['unsigned char']],
+    'Flags' : [ 0x2, ['unsigned short']],
+    'u' : [ 0x4, ['__unnamed_314f']],
+} ],
+  '_ARBITER_CONFLICT_INFO' : [ 0x18, {
+    'OwningObject' : [ 0x0, ['pointer', ['_DEVICE_OBJECT']]],
+    'Start' : [ 0x8, ['unsigned long long']],
+    'End' : [ 0x10, ['unsigned long long']],
+} ],
+  '_OBJECT_REF_TRACE' : [ 0x40, {
+    'StackTrace' : [ 0x0, ['array', 16, ['pointer', ['void']]]],
+} ],
+  '_POP_FX_PROVIDER' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'Activating' : [ 0x4, ['unsigned char']],
+} ],
+  '_ETW_FILTER_EVENT_NAME_DATA' : [ 0x28, {
+    'FilterIn' : [ 0x0, ['unsigned char']],
+    'Level' : [ 0x1, ['unsigned char']],
+    'MatchAnyKeyword' : [ 0x8, ['unsigned long long']],
+    'MatchAllKeyword' : [ 0x10, ['unsigned long long']],
+    'NameTable' : [ 0x18, ['_RTL_HASH_TABLE']],
+} ],
+  '_MI_VISIBLE_STATE' : [ 0xcc0, {
+    'SessionWsList' : [ 0x0, ['_LIST_ENTRY']],
+    'SessionIdBitmap' : [ 0x8, ['pointer', ['_RTL_BITMAP']]],
+    'PagedPoolInfo' : [ 0xc, ['_MM_PAGED_POOL_INFO']],
+    'MaximumNonPagedPoolInPages' : [ 0x18, ['unsigned long']],
+    'SizeOfPagedPoolInPages' : [ 0x1c, ['unsigned long']],
+    'SystemPteInfo' : [ 0x20, ['_MI_SYSTEM_PTE_TYPE']],
+    'NonPagedPoolCommit' : [ 0x54, ['unsigned long']],
+    'SmallNonPagedPtesCommit' : [ 0x58, ['unsigned long']],
+    'BootCommit' : [ 0x5c, ['unsigned long']],
+    'MdlPagesAllocated' : [ 0x60, ['unsigned long']],
+    'SystemPageTableCommit' : [ 0x64, ['unsigned long']],
+    'ProcessCommit' : [ 0x68, ['unsigned long']],
+    'DriverCommit' : [ 0x6c, ['long']],
+    'PagingLevels' : [ 0x70, ['unsigned char']],
+    'PfnDatabaseCommit' : [ 0x74, ['unsigned long']],
+    'SystemWs' : [ 0x80, ['array', 6, ['_MMSUPPORT_FULL']]],
+    'SystemCacheShared' : [ 0x680, ['_MMSUPPORT_SHARED']],
+    'MapCacheFailures' : [ 0x700, ['unsigned long']],
+    'PagefileHashPages' : [ 0x704, ['unsigned long']],
+    'PteHeader' : [ 0x708, ['_SYSPTES_HEADER']],
+    'SystemVaTypeCount' : [ 0x794, ['array', 16, ['unsigned long']]],
+    'SystemVaType' : [ 0x7d4, ['array', 1024, ['unsigned char']]],
+    'SystemVaTypeCountFailures' : [ 0xbd4, ['array', 16, ['unsigned long']]],
+    'SystemVaTypeCountLimit' : [ 0xc14, ['array', 16, ['unsigned long']]],
+    'SystemVaTypeCountPeak' : [ 0xc54, ['array', 16, ['unsigned long']]],
+    'SystemAvailableVa' : [ 0xc94, ['unsigned long']],
+} ],
+  '_CM_COMPONENT_HASH' : [ 0x4, {
+    'Hash' : [ 0x0, ['unsigned long']],
+} ],
+  '_KSPECIAL_REGISTERS' : [ 0x54, {
+    'Cr0' : [ 0x0, ['unsigned long']],
+    'Cr2' : [ 0x4, ['unsigned long']],
+    'Cr3' : [ 0x8, ['unsigned long']],
+    'Cr4' : [ 0xc, ['unsigned long']],
+    'KernelDr0' : [ 0x10, ['unsigned long']],
+    'KernelDr1' : [ 0x14, ['unsigned long']],
+    'KernelDr2' : [ 0x18, ['unsigned long']],
+    'KernelDr3' : [ 0x1c, ['unsigned long']],
+    'KernelDr6' : [ 0x20, ['unsigned long']],
+    'KernelDr7' : [ 0x24, ['unsigned long']],
+    'Gdtr' : [ 0x28, ['_DESCRIPTOR']],
+    'Idtr' : [ 0x30, ['_DESCRIPTOR']],
+    'Tr' : [ 0x38, ['unsigned short']],
+    'Ldtr' : [ 0x3a, ['unsigned short']],
+    'Xcr0' : [ 0x3c, ['unsigned long long']],
+    'ExceptionList' : [ 0x44, ['unsigned long']],
+    'Reserved' : [ 0x48, ['array', 3, ['unsigned long']]],
+} ],
+  '_RH_OP_CONTEXT' : [ 0x24, {
+    'Links' : [ 0x0, ['_LIST_ENTRY']],
+    'OplockRequestIrp' : [ 0x8, ['pointer', ['_IRP']]],
+    'OplockRequestFileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'OplockRequestProcess' : [ 0x10, ['pointer', ['_EPROCESS']]],
+    'OplockOwnerThread' : [ 0x14, ['pointer', ['_ETHREAD']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'AtomicLinks' : [ 0x1c, ['_LIST_ENTRY']],
+} ],
+  '_MSUBSECTION' : [ 0x54, {
+    'Core' : [ 0x0, ['_SUBSECTION']],
+    'SubsectionNode' : [ 0x28, ['_RTL_BALANCED_NODE']],
+    'DereferenceList' : [ 0x34, ['_LIST_ENTRY']],
+    'NumberOfMappedViews' : [ 0x3c, ['unsigned long']],
+    'NumberOfPfnReferences' : [ 0x40, ['unsigned long']],
+    'ProtosNode' : [ 0x44, ['_MI_PROTOTYPE_PTES_NODE']],
+} ],
+  '_PROC_PERF_CHECK' : [ 0x158, {
+    'LastActive' : [ 0x0, ['unsigned long long']],
+    'LastTime' : [ 0x8, ['unsigned long long']],
+    'LastStall' : [ 0x10, ['unsigned long long']],
+    'LastResponsivenessEvents' : [ 0x18, ['unsigned long']],
+    'LastPerfCheckSnap' : [ 0x20, ['_PROC_PERF_CHECK_SNAP']],
+    'CurrentSnap' : [ 0x80, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredSnap' : [ 0xe0, ['_PROC_PERF_CHECK_SNAP']],
+    'LastDeliveredPerformance' : [ 0x140, ['unsigned long']],
+    'LastDeliveredFrequency' : [ 0x144, ['unsigned long']],
+    'TaggedThreadPercent' : [ 0x148, ['array', 3, ['unsigned char']]],
+    'Class0FloorPerfSelection' : [ 0x14b, ['unsigned char']],
+    'Class1MinimumPerfSelection' : [ 0x14c, ['unsigned char']],
+    'CurrentResponsivenessEvents' : [ 0x150, ['unsigned long']],
+} ],
+  '_MI_HARD_FAULT_STATE' : [ 0x8, {
+    'SwapPfn' : [ 0x0, ['pointer', ['_MMPFN']]],
+    'StoreFlags' : [ 0x4, ['_MI_STORE_INPAGE_COMPLETE_FLAGS']],
+} ],
+  '_MODWRITER_FLAGS' : [ 0x4, {
+    'KeepForever' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Networked' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPriority' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 5, native_type='unsigned long')]],
+    'ModifiedStoreWrite' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+} ],
+  '_POP_DEVICE_POWER_PROFILE' : [ 0x3c, {
+    'DeviceId' : [ 0x0, ['_UNICODE_STRING']],
+    'PowerPlane' : [ 0x8, ['pointer', ['_POP_POWER_PLANE']]],
+    'FxDevice' : [ 0xc, ['pointer', ['_POP_FX_DEVICE']]],
+    'PowerDrawMw' : [ 0x10, ['long']],
+    'DxPower' : [ 0x14, ['array', 4, ['_PO_POWER_PLANE_PROFILE']]],
+    'ComponentCount' : [ 0x34, ['unsigned long']],
+    'Components' : [ 0x38, ['pointer', ['pointer', ['_POP_COMPONENT_POWER_PROFILE']]]],
+} ],
+  '_POP_DEVICE_SYS_STATE' : [ 0x108, {
+    'IrpMinor' : [ 0x0, ['unsigned char']],
+    'SystemState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'PowerSystemUnspecified', 1: u'PowerSystemWorking', 2: u'PowerSystemSleeping1', 3: u'PowerSystemSleeping2', 4: u'PowerSystemSleeping3', 5: u'PowerSystemHibernate', 6: u'PowerSystemShutdown', 7: u'PowerSystemMaximum'})]],
+    'SpinLock' : [ 0x8, ['unsigned long']],
+    'Thread' : [ 0xc, ['pointer', ['_KTHREAD']]],
+    'AbortEvent' : [ 0x10, ['pointer', ['_KEVENT']]],
+    'ReadySemaphore' : [ 0x14, ['pointer', ['_KSEMAPHORE']]],
+    'FinishedSemaphore' : [ 0x18, ['pointer', ['_KSEMAPHORE']]],
+    'Order' : [ 0x1c, ['_PO_DEVICE_NOTIFY_ORDER']],
+    'Pending' : [ 0xf0, ['_LIST_ENTRY']],
+    'Status' : [ 0xf8, ['long']],
+    'FailedDevice' : [ 0xfc, ['pointer', ['_DEVICE_OBJECT']]],
+    'Waking' : [ 0x100, ['unsigned char']],
+    'Cancelled' : [ 0x101, ['unsigned char']],
+    'IgnoreErrors' : [ 0x102, ['unsigned char']],
+    'IgnoreNotImplemented' : [ 0x103, ['unsigned char']],
+    'TimeRefreshLockAcquired' : [ 0x104, ['unsigned char']],
+} ],
+  '_HAL_NODE_RANGE' : [ 0x8, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'Node' : [ 0x4, ['unsigned long']],
+} ],
+  '_THERMAL_INFORMATION' : [ 0x4c, {
+    'ThermalStamp' : [ 0x0, ['unsigned long']],
+    'ThermalConstant1' : [ 0x4, ['unsigned long']],
+    'ThermalConstant2' : [ 0x8, ['unsigned long']],
+    'Processors' : [ 0xc, ['unsigned long']],
+    'SamplingPeriod' : [ 0x10, ['unsigned long']],
+    'CurrentTemperature' : [ 0x14, ['unsigned long']],
+    'PassiveTripPoint' : [ 0x18, ['unsigned long']],
+    'CriticalTripPoint' : [ 0x1c, ['unsigned long']],
+    'ActiveTripPointCount' : [ 0x20, ['unsigned char']],
+    'ActiveTripPoint' : [ 0x24, ['array', 10, ['unsigned long']]],
+} ],
+  '_XSTATE_FEATURE' : [ 0x8, {
+    'Offset' : [ 0x0, ['unsigned long']],
+    'Size' : [ 0x4, ['unsigned long']],
+} ],
+  '_HIVE_LIST_ENTRY' : [ 0x78, {
+    'FileName' : [ 0x0, ['pointer', ['wchar']]],
+    'BaseName' : [ 0x4, ['pointer', ['wchar']]],
+    'RegRootName' : [ 0x8, ['pointer', ['wchar']]],
+    'CmHive' : [ 0xc, ['pointer', ['_CMHIVE']]],
+    'HHiveFlags' : [ 0x10, ['unsigned long']],
+    'CmHiveFlags' : [ 0x14, ['unsigned long']],
+    'CmKcbCacheSize' : [ 0x18, ['unsigned long']],
+    'CmHive2' : [ 0x1c, ['pointer', ['_CMHIVE']]],
+    'HiveMounted' : [ 0x20, ['unsigned char']],
+    'ThreadFinished' : [ 0x21, ['unsigned char']],
+    'ThreadStarted' : [ 0x22, ['unsigned char']],
+    'Allocate' : [ 0x23, ['unsigned char']],
+    'WinPERequired' : [ 0x24, ['unsigned char']],
+    'StartEvent' : [ 0x28, ['_KEVENT']],
+    'FinishedEvent' : [ 0x38, ['_KEVENT']],
+    'MountLock' : [ 0x48, ['_KEVENT']],
+    'MountCallbackLock' : [ 0x58, ['_EX_PUSH_LOCK']],
+    'CallbackListLock' : [ 0x5c, ['_EX_PUSH_LOCK']],
+    'CallbackListHead' : [ 0x60, ['_LIST_ENTRY']],
+    'CallbackWorkItem' : [ 0x68, ['pointer', ['_WORK_QUEUE_ITEM']]],
+    'CallbackWorkItemBusy' : [ 0x6c, ['long']],
+    'FilePath' : [ 0x70, ['_UNICODE_STRING']],
+} ],
+  '_PO_DEVICE_NOTIFY_ORDER' : [ 0xd4, {
+    'Locked' : [ 0x0, ['unsigned char']],
+    'WarmEjectPdoPointer' : [ 0x4, ['pointer', ['pointer', ['_DEVICE_OBJECT']]]],
+    'OrderLevel' : [ 0x8, ['array', 5, ['_PO_NOTIFY_ORDER_LEVEL']]],
+    'Flags' : [ 0xd0, ['unsigned long']],
+} ],
+  '_PPM_VETO_ENTRY' : [ 0x38, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'VetoReason' : [ 0x8, ['unsigned long']],
+    'ReferenceCount' : [ 0xc, ['unsigned long']],
+    'HitCount' : [ 0x10, ['unsigned long long']],
+    'LastActivationTime' : [ 0x18, ['unsigned long long']],
+    'TotalActiveTime' : [ 0x20, ['unsigned long long']],
+    'CsActivationTime' : [ 0x28, ['unsigned long long']],
+    'CsActiveTime' : [ 0x30, ['unsigned long long']],
+} ],
+  '_ARBITER_TEST_ALLOCATION_PARAMETERS' : [ 0xc, {
+    'ArbitrationList' : [ 0x0, ['pointer', ['_LIST_ENTRY']]],
+    'AllocateFromCount' : [ 0x4, ['unsigned long']],
+    'AllocateFrom' : [ 0x8, ['pointer', ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_MI_BAD_MEMORY_EVENT_ENTRY' : [ 0x28, {
+    'BugCheckCode' : [ 0x0, ['unsigned long']],
+    'Active' : [ 0x4, ['long']],
+    'Data' : [ 0x8, ['unsigned long']],
+    'PhysicalAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'WorkItem' : [ 0x18, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_HAL_CLOCK_TIMER_CONFIGURATION' : [ 0x20, {
+    'Flags' : [ 0x0, ['unsigned char']],
+    'AlwaysOnTimer' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'HighLatency' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'PerCpuTimer' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'DynamicTickSupported' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'KnownType' : [ 0x4, ['unsigned long']],
+    'Capabilities' : [ 0x8, ['unsigned long']],
+    'MaxIncrement' : [ 0x10, ['unsigned long long']],
+    'MinIncrement' : [ 0x18, ['unsigned long']],
+} ],
+  '_ETW_DEBUGID_TRACKING_ENTRY' : [ 0x2c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'ConsumersNotified' : [ 0x8, ['unsigned char']],
+    'Spare' : [ 0x9, ['array', 3, ['unsigned char']]],
+    'DebugIdSize' : [ 0xc, ['unsigned long']],
+    'DebugId' : [ 0x10, ['_CVDD']],
+} ],
+  '_KWAIT_CHAIN_ENTRY' : [ 0x1c, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'Thread' : [ 0x8, ['pointer', ['_KTHREAD']]],
+    'Event' : [ 0xc, ['_KEVENT']],
+} ],
+  '_PROC_IDLE_SNAP' : [ 0x10, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Idle' : [ 0x8, ['unsigned long long']],
+} ],
+  '_TOKEN_PRIVILEGES' : [ 0x10, {
+    'PrivilegeCount' : [ 0x0, ['unsigned long']],
+    'Privileges' : [ 0x4, ['array', 1, ['_LUID_AND_ATTRIBUTES']]],
+} ],
+  '_WHEA_NOTIFICATION_FLAGS' : [ 0x2, {
+    'PollIntervalRW' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'SwitchToPollingThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned short')]],
+    'SwitchToPollingWindowRW' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned short')]],
+    'ErrorThresholdRW' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned short')]],
+    'ErrorThresholdWindowRW' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '__unnamed_319e' : [ 0x4, {
+    'Anchor' : [ 0x0, ['_MI_SYSTEM_REGION_ANCHOR']],
+    'EntireReference' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_REGION_REFERENCE' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_319e']],
+} ],
+  '_IMAGE_DEBUG_DIRECTORY' : [ 0x1c, {
+    'Characteristics' : [ 0x0, ['unsigned long']],
+    'TimeDateStamp' : [ 0x4, ['unsigned long']],
+    'MajorVersion' : [ 0x8, ['unsigned short']],
+    'MinorVersion' : [ 0xa, ['unsigned short']],
+    'Type' : [ 0xc, ['unsigned long']],
+    'SizeOfData' : [ 0x10, ['unsigned long']],
+    'AddressOfRawData' : [ 0x14, ['unsigned long']],
+    'PointerToRawData' : [ 0x18, ['unsigned long']],
+} ],
+  '_CONFIGURATION_COMPONENT_DATA' : [ 0x34, {
+    'Parent' : [ 0x0, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Child' : [ 0x4, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'Sibling' : [ 0x8, ['pointer', ['_CONFIGURATION_COMPONENT_DATA']]],
+    'ComponentEntry' : [ 0xc, ['_CONFIGURATION_COMPONENT']],
+    'ConfigurationData' : [ 0x30, ['pointer', ['void']]],
+} ],
+  '_SEP_LOWBOX_NUMBER_MAPPING' : [ 0x14, {
+    'Lock' : [ 0x0, ['_EX_PUSH_LOCK']],
+    'Bitmap' : [ 0x4, ['_RTL_BITMAP']],
+    'HashTable' : [ 0xc, ['pointer', ['_RTL_DYNAMIC_HASH_TABLE']]],
+    'Active' : [ 0x10, ['unsigned char']],
+} ],
+  '_MMDEREFERENCE_SEGMENT_HEADER' : [ 0x2c, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'ControlAreaDeleteListHead' : [ 0x14, ['_LIST_ENTRY']],
+    'UnusedSegmentDeleteListHead' : [ 0x1c, ['_LIST_ENTRY']],
+    'PagefileExtensionListHead' : [ 0x24, ['_LIST_ENTRY']],
+} ],
+  '_OBJECT_HEADER_PADDING_INFO' : [ 0x4, {
+    'PaddingAmount' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_31b5' : [ 0x4, {
+    'ChannelsHotCold' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_MI_NODE_INFORMATION' : [ 0x1c0, {
+    'FreeLargePages' : [ 0x0, ['array', 2, ['_MI_FREE_LARGE_PAGES']]],
+    'LargePageRebuildTimer' : [ 0x70, ['_MI_REBUILD_LARGE_PAGE_TIMER']],
+    'FreePageListHeadsBitmap' : [ 0xc0, ['array', 2, ['_RTL_BITMAP']]],
+    'FreePageListHeadsBitmapBuffer' : [ 0xd0, ['array', 16, ['unsigned long']]],
+    'FreeCount' : [ 0x110, ['array', 2, ['unsigned long']]],
+    'TotalPages' : [ 0x118, ['array', 1, ['unsigned long']]],
+    'TotalPagesEntireNode' : [ 0x11c, ['unsigned long']],
+    'MmShiftedColor' : [ 0x120, ['unsigned long']],
+    'Color' : [ 0x124, ['unsigned long']],
+    'ChannelFreeCount' : [ 0x128, ['array', 1, ['array', 2, ['unsigned long']]]],
+    'Flags' : [ 0x130, ['__unnamed_31b5']],
+    'LargeListMoveInProgress' : [ 0x134, ['unsigned long']],
+    'LargeListWaiters' : [ 0x138, ['pointer', ['_MI_LARGE_PAGE_LISTS_CHANGING']]],
+    'NodeLock' : [ 0x13c, ['_EX_PUSH_LOCK']],
+    'ChannelStatus' : [ 0x140, ['unsigned char']],
+    'ChannelOrdering' : [ 0x141, ['array', 1, ['unsigned char']]],
+    'LockedChannelOrdering' : [ 0x142, ['array', 1, ['unsigned char']]],
+    'PowerAttribute' : [ 0x143, ['array', 1, ['unsigned char']]],
+    'LargePageLock' : [ 0x144, ['unsigned long']],
+    'PageColorTable' : [ 0x148, ['_MI_PAGE_COLORS']],
+    'NumberOfPagesGoingBad' : [ 0x154, ['unsigned long']],
+    'WriteCalibration' : [ 0x158, ['_MI_WRITE_CALIBRATION']],
+    'BootZeroContext' : [ 0x170, ['pointer', ['void']]],
+    'BootZeroPageTimesPerProcessor' : [ 0x174, ['pointer', ['void']]],
+    'ZeroingVaBase' : [ 0x178, ['pointer', ['void']]],
+    'TotalBytesToZero' : [ 0x17c, ['unsigned long']],
+    'PerProcessorNumberOfBytesToZero' : [ 0x180, ['unsigned long']],
+    'ZeroingContext' : [ 0x184, ['pointer', ['void']]],
+    'ZeroingProcessorCount' : [ 0x188, ['unsigned long']],
+    'ZeroHand' : [ 0x18c, ['long']],
+    'FinishedProcessors' : [ 0x190, ['long']],
+    'CyclesToZeroOneLargePage' : [ 0x198, ['unsigned long long']],
+    'ScaledCyclesToZeroOneLargePage' : [ 0x1a0, ['pointer', ['unsigned long long']]],
+    'GroupAffinity' : [ 0x1a4, ['_GROUP_AFFINITY']],
+    'ProcessorCount' : [ 0x1b0, ['unsigned short']],
+    'BackgroundZeroingActive' : [ 0x1b2, ['unsigned char']],
+    'ZeroingPhysicalMemoryBlock' : [ 0x1b4, ['pointer', ['_PHYSICAL_MEMORY_DESCRIPTOR']]],
+} ],
+  '_PROC_PERF_LOAD' : [ 0x2, {
+    'BusyPercentage' : [ 0x0, ['unsigned char']],
+    'FrequencyPercentage' : [ 0x1, ['unsigned char']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION' : [ 0xc0, {
+    'ValidBits' : [ 0x0, ['_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS']],
+    'ProcessorType' : [ 0x8, ['unsigned char']],
+    'InstructionSet' : [ 0x9, ['unsigned char']],
+    'ErrorType' : [ 0xa, ['unsigned char']],
+    'Operation' : [ 0xb, ['unsigned char']],
+    'Flags' : [ 0xc, ['unsigned char']],
+    'Level' : [ 0xd, ['unsigned char']],
+    'Reserved' : [ 0xe, ['unsigned short']],
+    'CPUVersion' : [ 0x10, ['unsigned long long']],
+    'CPUBrandString' : [ 0x18, ['array', 128, ['unsigned char']]],
+    'ProcessorId' : [ 0x98, ['unsigned long long']],
+    'TargetAddress' : [ 0xa0, ['unsigned long long']],
+    'RequesterId' : [ 0xa8, ['unsigned long long']],
+    'ResponderId' : [ 0xb0, ['unsigned long long']],
+    'InstructionPointer' : [ 0xb8, ['unsigned long long']],
+} ],
+  '_TRIAGE_POP_FX_DEVICE' : [ 0x20, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'IrpData' : [ 0xc, ['pointer', ['_TRIAGE_POP_IRP_DATA']]],
+    'Status' : [ 0x10, ['long']],
+    'PowerReqCall' : [ 0x14, ['long']],
+    'PowerNotReqCall' : [ 0x18, ['long']],
+    'DeviceNode' : [ 0x1c, ['pointer', ['_TRIAGE_DEVICE_NODE']]],
+} ],
+  '_KENLISTMENT_HISTORY' : [ 0x8, {
+    'Notification' : [ 0x0, ['unsigned long']],
+    'NewState' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'KEnlistmentUninitialized', 256: u'KEnlistmentActive', 258: u'KEnlistmentPrepared', 259: u'KEnlistmentInDoubt', 260: u'KEnlistmentCommitted', 261: u'KEnlistmentCommittedNotify', 262: u'KEnlistmentCommitRequested', 257: u'KEnlistmentPreparing', 264: u'KEnlistmentDelegated', 265: u'KEnlistmentDelegatedDisconnected', 266: u'KEnlistmentPrePreparing', 263: u'KEnlistmentAborted', 268: u'KEnlistmentRecovering', 269: u'KEnlistmentAborting', 270: u'KEnlistmentReadOnly', 271: u'KEnlistmentOutcomeUnavailable', 272: u'KEnlistmentOffline', 273: u'KEnlistmentPrePrepared', 274: u'KEnlistmentInitialized', 267: u'KEnlistmentForgotten'})]],
+} ],
+  '_LPCP_PORT_QUEUE' : [ 0x10, {
+    'NonPagedPortQueue' : [ 0x0, ['pointer', ['_LPCP_NONPAGED_PORT_QUEUE']]],
+    'Semaphore' : [ 0x4, ['pointer', ['_KSEMAPHORE']]],
+    'ReceiveHead' : [ 0x8, ['_LIST_ENTRY']],
+} ],
+  '_PF_KERNEL_GLOBALS' : [ 0x40, {
+    'AccessBufferAgeThreshold' : [ 0x0, ['unsigned long long']],
+    'AccessBufferRef' : [ 0x8, ['_EX_RUNDOWN_REF']],
+    'AccessBufferExistsEvent' : [ 0xc, ['_KEVENT']],
+    'AccessBufferMax' : [ 0x1c, ['unsigned long']],
+    'AccessBufferList' : [ 0x20, ['_SLIST_HEADER']],
+    'StreamSequenceNumber' : [ 0x28, ['long']],
+    'Flags' : [ 0x2c, ['unsigned long']],
+    'ScenarioPrefetchCount' : [ 0x30, ['long']],
+} ],
+  '_DOMAIN_CONFIGURATION_ARM64' : [ 0x20, {
+    'Ttbr0' : [ 0x0, ['_LARGE_INTEGER']],
+    'Ttbr1' : [ 0x8, ['_LARGE_INTEGER']],
+    'Mair0' : [ 0x10, ['unsigned long']],
+    'Mair1' : [ 0x14, ['unsigned long']],
+    'InputSize0' : [ 0x18, ['unsigned char']],
+    'InputSize1' : [ 0x19, ['unsigned char']],
+    'CoherentTableWalks' : [ 0x1a, ['unsigned char']],
+    'TranslationEnabled' : [ 0x1b, ['unsigned char']],
+} ],
+  '_CALL_HASH_ENTRY' : [ 0x14, {
+    'ListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'CallersAddress' : [ 0x8, ['pointer', ['void']]],
+    'CallersCaller' : [ 0xc, ['pointer', ['void']]],
+    'CallCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_RTL_ACTIVATION_CONTEXT_STACK_FRAME' : [ 0xc, {
+    'Previous' : [ 0x0, ['pointer', ['_RTL_ACTIVATION_CONTEXT_STACK_FRAME']]],
+    'ActivationContext' : [ 0x4, ['pointer', ['_ACTIVATION_CONTEXT']]],
+    'Flags' : [ 0x8, ['unsigned long']],
+} ],
+  '_DIAGNOSTIC_CONTEXT' : [ 0x10, {
+    'CallerType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'KernelRequester', 1: u'UserProcessRequester', 2: u'UserSharedServiceRequester'})]],
+    'Process' : [ 0x4, ['pointer', ['_EPROCESS']]],
+    'ServiceTag' : [ 0x8, ['unsigned long']],
+    'DeviceObject' : [ 0x4, ['pointer', ['_DEVICE_OBJECT']]],
+    'ReasonSize' : [ 0xc, ['unsigned long']],
+} ],
+  '_MI_SYSTEM_NODE_INFORMATION' : [ 0x48, {
+    'CachedKernelStacks' : [ 0x0, ['array', 2, ['_CACHED_KSTACK_LIST']]],
+    'CachedNonPagedPoolCount' : [ 0x30, ['unsigned long']],
+    'NonPagedPoolSpinLock' : [ 0x34, ['unsigned long']],
+    'CachedNonPagedPool' : [ 0x38, ['pointer', ['_MMPFN']]],
+    'NonPagedPoolFirstVa' : [ 0x3c, ['pointer', ['void']]],
+    'NonPagedPoolLastVa' : [ 0x40, ['pointer', ['void']]],
+} ],
+  '_PROC_PERF_QOS_CLASS_POLICY' : [ 0x1c, {
+    'MaxPolicyPercent' : [ 0x0, ['unsigned long']],
+    'MaxEquivalentFrequencyPercent' : [ 0x4, ['unsigned long']],
+    'MinPolicyPercent' : [ 0x8, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0xc, ['unsigned long']],
+    'EnergyPerfPreference' : [ 0x10, ['unsigned long']],
+    'ProvideGuidance' : [ 0x14, ['unsigned char']],
+    'AllowThrottling' : [ 0x15, ['unsigned char']],
+    'PerfBoostMode' : [ 0x16, ['unsigned char']],
+    'LatencyHintPerf' : [ 0x17, ['unsigned char']],
+    'TrackDesiredCrossClass' : [ 0x18, ['unsigned char']],
+} ],
+  '_POP_FX_WORK_POOL_ITEM' : [ 0x14, {
+    'WorkPool' : [ 0x0, ['pointer', ['_POP_FX_WORK_POOL']]],
+    'WorkItem' : [ 0x4, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_FAULT_INFORMATION_ARM64' : [ 0x20, {
+    'DomainHandle' : [ 0x0, ['pointer', ['void']]],
+    'FaultAddress' : [ 0x4, ['pointer', ['void']]],
+    'PhysicalDeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'InputMappingId' : [ 0xc, ['unsigned long']],
+    'Flags' : [ 0x10, ['_FAULT_INFORMATION_ARM64_FLAGS']],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'UnsupportedUpstreamTransaction', 1: u'AddressSizeFault', 2: u'TlbMatchConflict', 3: u'ExternalFault', 4: u'PermissionFault', 5: u'AccessFlagFault', 6: u'TranslationFault', 7: u'MaxFaultType'})]],
+    'IommuBaseAddress' : [ 0x18, ['unsigned long long']],
+} ],
+  '_MI_NODE_NUMBER_ZERO_BASED' : [ 0x4, {
+    'ZeroBased' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_TRIAGE_DUMP_DATA' : [ 0x38, {
+    'BadPageCount' : [ 0x0, ['unsigned long']],
+    'BadPagesDetected' : [ 0x4, ['long']],
+    'ZeroedPageSingleBitErrorsDetected' : [ 0x8, ['long']],
+    'ScrubPasses' : [ 0xc, ['long']],
+    'ScrubBadPagesFound' : [ 0x10, ['long']],
+    'PageHashErrors' : [ 0x14, ['unsigned long']],
+    'FeatureBits' : [ 0x18, ['unsigned long long']],
+    'TimeZoneId' : [ 0x20, ['unsigned long']],
+    'Flags' : [ 0x24, ['_MI_FLAGS']],
+    'VsmConnection' : [ 0x28, ['pointer', ['void']]],
+    'ExceptionChainTerminator' : [ 0x2c, ['pointer', ['_EXCEPTION_REGISTRATION_RECORD']]],
+    'ExceptionChainTerminatorRecord' : [ 0x30, ['_EXCEPTION_REGISTRATION_RECORD']],
+} ],
+  '_MI_FORCED_COMMITS' : [ 0x8, {
+    'Regular' : [ 0x0, ['unsigned long']],
+    'Wrap' : [ 0x4, ['unsigned long']],
+} ],
+  '_VF_TARGET_ALL_SHARED_EXPORT_THUNKS' : [ 0x10, {
+    'SharedExportThunks' : [ 0x0, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'PoolSharedExportThunks' : [ 0x4, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'OrderDependentSharedExportThunks' : [ 0x8, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+    'XdvSharedExportThunks' : [ 0xc, ['pointer', ['_VERIFIER_SHARED_EXPORT_THUNK']]],
+} ],
+  '_FAULT_INFORMATION_X64' : [ 0x20, {
+    'DomainHandle' : [ 0x0, ['pointer', ['void']]],
+    'FaultAddress' : [ 0x4, ['pointer', ['void']]],
+    'Flags' : [ 0x8, ['_FAULT_INFORMATION_X64_FLAGS']],
+    'Type' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'UnsupportedUpstreamTransaction', 1: u'AddressSizeFault', 2: u'TlbMatchConflict', 3: u'ExternalFault', 4: u'PermissionFault', 5: u'AccessFlagFault', 6: u'TranslationFault', 7: u'MaxFaultType'})]],
+    'IommuBaseAddress' : [ 0x10, ['unsigned long long']],
+    'PciSegment' : [ 0x18, ['unsigned long']],
+} ],
+  '_PERF_CONTROL_STATE_SELECTION' : [ 0x28, {
+    'SelectedState' : [ 0x0, ['unsigned long long']],
+    'SelectedPercent' : [ 0x8, ['unsigned long']],
+    'SelectedFrequency' : [ 0xc, ['unsigned long']],
+    'MinPercent' : [ 0x10, ['unsigned long']],
+    'MaxPercent' : [ 0x14, ['unsigned long']],
+    'TolerancePercent' : [ 0x18, ['unsigned long']],
+    'EppPercent' : [ 0x1c, ['unsigned long']],
+    'AutonomousActivityWindow' : [ 0x20, ['unsigned long']],
+    'Autonomous' : [ 0x24, ['unsigned char']],
+    'InheritFromDomain' : [ 0x25, ['unsigned char']],
+} ],
+  '_POP_COMPONENT_POWER_PROFILE' : [ 0x20, {
+    'ComponentGuid' : [ 0x0, ['_GUID']],
+    'Device' : [ 0x10, ['pointer', ['_POP_DEVICE_POWER_PROFILE']]],
+    'FxCount' : [ 0x14, ['unsigned long']],
+    'FxPower' : [ 0x18, ['array', 1, ['_PO_POWER_PLANE_PROFILE']]],
+} ],
+  '_MI_REBUILD_LARGE_PAGE_TIMER' : [ 0x14, {
+    'WorkItem' : [ 0x0, ['_WORK_QUEUE_ITEM']],
+    'SecondsLeft' : [ 0x10, ['unsigned char']],
+    'RebuildActive' : [ 0x11, ['unsigned char']],
+    'NextPassDelta' : [ 0x12, ['unsigned char']],
+    'LargeSubPagesActive' : [ 0x13, ['unsigned char']],
+} ],
+  '_MI_IO_PAGE_STATE' : [ 0x40, {
+    'IoPfnLock' : [ 0x0, ['long']],
+    'IoPfnRoot' : [ 0x4, ['array', 3, ['_RTL_AVL_TREE']]],
+    'UnusedCachedMaps' : [ 0x10, ['_LIST_ENTRY']],
+    'OldestCacheFlushTimeStamp' : [ 0x18, ['unsigned long']],
+    'IoCacheStats' : [ 0x1c, ['_MI_IO_CACHE_STATS']],
+    'InvariantIoSpace' : [ 0x3c, ['_RTL_AVL_TREE']],
+} ],
+  '_ETW_REPLY_QUEUE' : [ 0x2c, {
+    'Queue' : [ 0x0, ['_KQUEUE']],
+    'EventsLost' : [ 0x28, ['long']],
+} ],
+  '_LOADER_PARAMETER_EXTENSION' : [ 0xd00, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'Profile' : [ 0x4, ['_PROFILE_PARAMETER_BLOCK']],
+    'EmInfFileImage' : [ 0x14, ['pointer', ['void']]],
+    'EmInfFileSize' : [ 0x18, ['unsigned long']],
+    'TriageDumpBlock' : [ 0x1c, ['pointer', ['void']]],
+    'HeadlessLoaderBlock' : [ 0x20, ['pointer', ['_HEADLESS_LOADER_BLOCK']]],
+    'SMBiosEPSHeader' : [ 0x24, ['pointer', ['_SMBIOS3_TABLE_HEADER']]],
+    'DrvDBImage' : [ 0x28, ['pointer', ['void']]],
+    'DrvDBSize' : [ 0x2c, ['unsigned long']],
+    'DrvDBPatchImage' : [ 0x30, ['pointer', ['void']]],
+    'DrvDBPatchSize' : [ 0x34, ['unsigned long']],
+    'NetworkLoaderBlock' : [ 0x38, ['pointer', ['_NETWORK_LOADER_BLOCK']]],
+    'HalpIRQLToTPR' : [ 0x3c, ['pointer', ['unsigned char']]],
+    'HalpVectorToIRQL' : [ 0x40, ['pointer', ['unsigned char']]],
+    'FirmwareDescriptorListHead' : [ 0x44, ['_LIST_ENTRY']],
+    'AcpiTable' : [ 0x4c, ['pointer', ['void']]],
+    'AcpiTableSize' : [ 0x50, ['unsigned long']],
+    'LastBootSucceeded' : [ 0x54, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LastBootShutdown' : [ 0x54, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'IoPortAccessSupported' : [ 0x54, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x54, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x54, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'HardStrongCodeGuarantees' : [ 0x54, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'SidSharingDisabled' : [ 0x54, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'TpmInitialized' : [ 0x54, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'VsmConfigured' : [ 0x54, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'IumEnabled' : [ 0x54, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'IsSmbboot' : [ 0x54, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'BootLogEnabled' : [ 0x54, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'DriverVerifierEnabled' : [ 0x54, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'SuppressMonitorX' : [ 0x54, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'KernelCetEnabled' : [ 0x54, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'SuppressSmap' : [ 0x54, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'Unused' : [ 0x54, ['BitField', dict(start_bit = 16, end_bit = 21, native_type='unsigned long')]],
+    'FeatureSimulations' : [ 0x54, ['BitField', dict(start_bit = 21, end_bit = 27, native_type='unsigned long')]],
+    'MicrocodeSelfHosting' : [ 0x54, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+    'XhciLegacyHandoffSkip' : [ 0x54, ['BitField', dict(start_bit = 28, end_bit = 29, native_type='unsigned long')]],
+    'DisableInsiderOptInHVCI' : [ 0x54, ['BitField', dict(start_bit = 29, end_bit = 30, native_type='unsigned long')]],
+    'MicrocodeMinVerSupported' : [ 0x54, ['BitField', dict(start_bit = 30, end_bit = 31, native_type='unsigned long')]],
+    'GpuIommuEnabled' : [ 0x54, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+    'LoaderPerformanceData' : [ 0x58, ['_LOADER_PERFORMANCE_DATA']],
+    'BootApplicationPersistentData' : [ 0xb8, ['_LIST_ENTRY']],
+    'WmdTestResult' : [ 0xc0, ['pointer', ['void']]],
+    'BootIdentifier' : [ 0xc4, ['_GUID']],
+    'ResumePages' : [ 0xd4, ['unsigned long']],
+    'DumpHeader' : [ 0xd8, ['pointer', ['void']]],
+    'BgContext' : [ 0xdc, ['pointer', ['void']]],
+    'NumaLocalityInfo' : [ 0xe0, ['pointer', ['void']]],
+    'NumaGroupAssignment' : [ 0xe4, ['pointer', ['void']]],
+    'AttachedHives' : [ 0xe8, ['_LIST_ENTRY']],
+    'MemoryCachingRequirementsCount' : [ 0xf0, ['unsigned long']],
+    'MemoryCachingRequirements' : [ 0xf4, ['pointer', ['void']]],
+    'BootEntropyResult' : [ 0xf8, ['_BOOT_ENTROPY_LDR_RESULT']],
+    'ProcessorCounterFrequency' : [ 0x960, ['unsigned long long']],
+    'HypervisorExtension' : [ 0x968, ['_LOADER_PARAMETER_HYPERVISOR_EXTENSION']],
+    'HardwareConfigurationId' : [ 0x9a8, ['_GUID']],
+    'HalExtensionModuleList' : [ 0x9b8, ['_LIST_ENTRY']],
+    'SystemTime' : [ 0x9c0, ['_LARGE_INTEGER']],
+    'TimeStampAtSystemTimeRead' : [ 0x9c8, ['unsigned long long']],
+    'BootFlags' : [ 0x9d0, ['unsigned long long']],
+    'DbgMenuOsSelection' : [ 0x9d0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgHiberBoot' : [ 0x9d0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgSoftRestart' : [ 0x9d0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'DbgMeasuredLaunch' : [ 0x9d0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'InternalBootFlags' : [ 0x9d8, ['unsigned long long']],
+    'DbgUtcBootTime' : [ 0x9d8, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'DbgRtcBootTime' : [ 0x9d8, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'DbgNoLegacyServices' : [ 0x9d8, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'WfsFPData' : [ 0x9e0, ['pointer', ['void']]],
+    'WfsFPDataSize' : [ 0x9e4, ['unsigned long']],
+    'BugcheckParameters' : [ 0x9e8, ['_LOADER_BUGCHECK_PARAMETERS']],
+    'ApiSetSchema' : [ 0x9fc, ['pointer', ['void']]],
+    'ApiSetSchemaSize' : [ 0xa00, ['unsigned long']],
+    'ApiSetSchemaExtensions' : [ 0xa04, ['_LIST_ENTRY']],
+    'AcpiBiosVersion' : [ 0xa0c, ['_UNICODE_STRING']],
+    'SmbiosVersion' : [ 0xa14, ['_UNICODE_STRING']],
+    'EfiVersion' : [ 0xa1c, ['_UNICODE_STRING']],
+    'KdDebugDevice' : [ 0xa24, ['pointer', ['_DEBUG_DEVICE_DESCRIPTOR']]],
+    'OfflineCrashdumpConfigurationTable' : [ 0xa28, ['_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2']],
+    'ManufacturingProfile' : [ 0xa48, ['_UNICODE_STRING']],
+    'BbtBuffer' : [ 0xa50, ['pointer', ['void']]],
+    'XsaveAllowedFeatures' : [ 0xa58, ['unsigned long long']],
+    'XsaveFlags' : [ 0xa60, ['unsigned long']],
+    'BootOptions' : [ 0xa64, ['pointer', ['void']]],
+    'IumEnablement' : [ 0xa68, ['unsigned long']],
+    'IumPolicy' : [ 0xa6c, ['unsigned long']],
+    'IumStatus' : [ 0xa70, ['long']],
+    'BootId' : [ 0xa74, ['unsigned long']],
+    'CodeIntegrityData' : [ 0xa78, ['pointer', ['_LOADER_PARAMETER_CI_EXTENSION']]],
+    'CodeIntegrityDataSize' : [ 0xa7c, ['unsigned long']],
+    'SystemHiveRecoveryInfo' : [ 0xa80, ['_LOADER_HIVE_RECOVERY_INFO']],
+    'SoftRestartCount' : [ 0xa94, ['unsigned long']],
+    'SoftRestartTime' : [ 0xa98, ['long long']],
+    'LeapSecondData' : [ 0xaa0, ['pointer', ['_LEAP_SECOND_DATA']]],
+    'MajorRelease' : [ 0xaa4, ['unsigned long']],
+    'Reserved1' : [ 0xaa8, ['unsigned long']],
+    'NtBuildLab' : [ 0xaac, ['array', 224, ['unsigned char']]],
+    'NtBuildLabEx' : [ 0xb8c, ['array', 224, ['unsigned char']]],
+    'ResetReason' : [ 0xc70, ['_LOADER_RESET_REASON']],
+    'MaxPciBusNumber' : [ 0xca0, ['unsigned long']],
+    'FeatureSettings' : [ 0xca4, ['unsigned long']],
+    'HotPatchReserveSize' : [ 0xca8, ['unsigned long']],
+    'RetpolineReserveSize' : [ 0xcac, ['unsigned long']],
+    'VsmPerformanceData' : [ 0xcb0, ['_VSM_PERFORMANCE_DATA']],
+    'NumaMemoryRanges' : [ 0xcf0, ['pointer', ['_NUMA_MEMORY_RANGE']]],
+    'NumaMemoryRangeCount' : [ 0xcf4, ['unsigned long']],
+    'IommuFaultPolicy' : [ 0xcf8, ['unsigned long']],
+} ],
+  '_NLS_DATA_BLOCK' : [ 0xc, {
+    'AnsiCodePageData' : [ 0x0, ['pointer', ['void']]],
+    'OemCodePageData' : [ 0x4, ['pointer', ['void']]],
+    'UnicodeCaseTableData' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_CM_BIG_DATA' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned short']],
+    'Count' : [ 0x2, ['unsigned short']],
+    'List' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_CROSS_PARTITION_CHARGES' : [ 0x10, {
+    'CurrentCharges' : [ 0x0, ['unsigned long']],
+    'ChargeFailures' : [ 0x4, ['unsigned long']],
+    'ChargePeak' : [ 0x8, ['unsigned long']],
+    'ChargeMinimum' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_3221' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['unsigned long']],
+    'NumberOfPtesToFree' : [ 0x0, ['unsigned long']],
+} ],
+  '_MI_PER_SESSION_PROTOS' : [ 0x2c, {
+    'SessionProtoNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeList' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'DriverAddress' : [ 0x0, ['pointer', ['void']]],
+    'ProtosNode' : [ 0xc, ['_MI_PROTOTYPE_PTES_NODE']],
+    'NumberOfPtes' : [ 0x1c, ['unsigned long']],
+    'SessionId' : [ 0x20, ['unsigned long']],
+    'Subsection' : [ 0x20, ['pointer', ['_SUBSECTION']]],
+    'SubsectionBase' : [ 0x24, ['pointer', ['_MMPTE']]],
+    'u2' : [ 0x28, ['__unnamed_3221']],
+} ],
+  '_TOKEN_MANDATORY_POLICY' : [ 0x4, {
+    'Policy' : [ 0x0, ['unsigned long']],
+} ],
+  '_PEBS_DS_SAVE_AREA32' : [ 0x80, {
+    'BtsBufferBase' : [ 0x0, ['unsigned long']],
+    'BtsIndex' : [ 0x4, ['unsigned long']],
+    'BtsAbsoluteMaximum' : [ 0x8, ['unsigned long']],
+    'BtsInterruptThreshold' : [ 0xc, ['unsigned long']],
+    'PebsBufferBase' : [ 0x10, ['unsigned long']],
+    'PebsIndex' : [ 0x14, ['unsigned long']],
+    'PebsAbsoluteMaximum' : [ 0x18, ['unsigned long']],
+    'PebsInterruptThreshold' : [ 0x1c, ['unsigned long']],
+    'PebsGpCounterReset' : [ 0x20, ['array', 8, ['unsigned long long']]],
+    'PebsFixedCounterReset' : [ 0x60, ['array', 4, ['unsigned long long']]],
+} ],
+  '_MI_MODWRITE_DATA' : [ 0x30, {
+    'PagesLoad' : [ 0x0, ['long']],
+    'PagesAverage' : [ 0x4, ['unsigned long']],
+    'AverageAvailablePages' : [ 0x8, ['unsigned long']],
+    'PagesWritten' : [ 0xc, ['unsigned long']],
+    'WritesIssued' : [ 0x10, ['unsigned long']],
+    'IgnoredReservationsCount' : [ 0x14, ['unsigned long']],
+    'FreedReservationsCount' : [ 0x18, ['unsigned long']],
+    'WriteBurstCount' : [ 0x1c, ['unsigned long']],
+    'IgnoreReservationsStartTime' : [ 0x20, ['unsigned long long']],
+    'ReservationClusterInfo' : [ 0x28, ['_MI_RESERVATION_CLUSTER_INFO']],
+    'IgnoreReservations' : [ 0x2c, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Spare' : [ 0x2c, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'Spare1' : [ 0x2e, ['unsigned short']],
+} ],
+  '_PROC_IDLE_POLICY' : [ 0x6, {
+    'PromotePercent' : [ 0x0, ['unsigned char']],
+    'DemotePercent' : [ 0x1, ['unsigned char']],
+    'PromotePercentBase' : [ 0x2, ['unsigned char']],
+    'DemotePercentBase' : [ 0x3, ['unsigned char']],
+    'AllowScaling' : [ 0x4, ['unsigned char']],
+    'ForceLightIdle' : [ 0x5, ['unsigned char']],
+} ],
+  '_MI_RESAVAIL_FAILURES' : [ 0x8, {
+    'Wrap' : [ 0x0, ['unsigned long']],
+    'NoCharge' : [ 0x4, ['unsigned long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_INFORMATION' : [ 0x1c, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Size' : [ 0x2, ['unsigned short']],
+    'Flags' : [ 0x4, ['_HAL_UNMASKED_INTERRUPT_FLAGS']],
+    'Mode' : [ 0x8, ['Enumeration', dict(target = 'long', choices = {0: u'LevelSensitive', 1: u'Latched'})]],
+    'Polarity' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {0: u'InterruptPolarityUnknown', 1: u'InterruptRisingEdge', 2: u'InterruptFallingEdge', 3: u'InterruptActiveBothTriggerLow', 4: u'InterruptActiveBothTriggerHigh'})]],
+    'Gsiv' : [ 0x10, ['unsigned long']],
+    'PinNumber' : [ 0x14, ['unsigned short']],
+    'DeviceHandle' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_KTRANSACTION' : [ 0x1e0, {
+    'OutcomeEvent' : [ 0x0, ['_KEVENT']],
+    'cookie' : [ 0x10, ['unsigned long']],
+    'Mutex' : [ 0x14, ['_KMUTANT']],
+    'TreeTx' : [ 0x34, ['pointer', ['_KTRANSACTION']]],
+    'GlobalNamespaceLink' : [ 0x38, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'TmNamespaceLink' : [ 0x4c, ['_KTMOBJECT_NAMESPACE_LINK']],
+    'UOW' : [ 0x60, ['_GUID']],
+    'State' : [ 0x70, ['Enumeration', dict(target = 'long', choices = {0: u'KTransactionUninitialized', 1: u'KTransactionActive', 2: u'KTransactionPreparing', 3: u'KTransactionPrepared', 4: u'KTransactionInDoubt', 5: u'KTransactionCommitted', 6: u'KTransactionAborted', 7: u'KTransactionDelegated', 8: u'KTransactionPrePreparing', 9: u'KTransactionForgotten', 10: u'KTransactionRecovering', 11: u'KTransactionPrePrepared'})]],
+    'Flags' : [ 0x74, ['unsigned long']],
+    'EnlistmentHead' : [ 0x78, ['_LIST_ENTRY']],
+    'EnlistmentCount' : [ 0x80, ['unsigned long']],
+    'RecoverableEnlistmentCount' : [ 0x84, ['unsigned long']],
+    'PrePrepareRequiredEnlistmentCount' : [ 0x88, ['unsigned long']],
+    'PrepareRequiredEnlistmentCount' : [ 0x8c, ['unsigned long']],
+    'OutcomeRequiredEnlistmentCount' : [ 0x90, ['unsigned long']],
+    'PendingResponses' : [ 0x94, ['unsigned long']],
+    'SuperiorEnlistment' : [ 0x98, ['pointer', ['_KENLISTMENT']]],
+    'LastLsn' : [ 0xa0, ['_CLS_LSN']],
+    'PromotedEntry' : [ 0xa8, ['_LIST_ENTRY']],
+    'PromoterTransaction' : [ 0xb0, ['pointer', ['_KTRANSACTION']]],
+    'PromotePropagation' : [ 0xb4, ['pointer', ['void']]],
+    'IsolationLevel' : [ 0xb8, ['unsigned long']],
+    'IsolationFlags' : [ 0xbc, ['unsigned long']],
+    'Timeout' : [ 0xc0, ['_LARGE_INTEGER']],
+    'Description' : [ 0xc8, ['_UNICODE_STRING']],
+    'RollbackThread' : [ 0xd0, ['pointer', ['_KTHREAD']]],
+    'RollbackWorkItem' : [ 0xd4, ['_WORK_QUEUE_ITEM']],
+    'RollbackDpc' : [ 0xe4, ['_KDPC']],
+    'RollbackTimer' : [ 0x108, ['_KTIMER']],
+    'LsnOrderedEntry' : [ 0x130, ['_LIST_ENTRY']],
+    'Outcome' : [ 0x138, ['Enumeration', dict(target = 'long', choices = {0: u'KTxOutcomeUninitialized', 1: u'KTxOutcomeUndetermined', 2: u'KTxOutcomeCommitted', 3: u'KTxOutcomeAborted', 4: u'KTxOutcomeUnavailable'})]],
+    'Tm' : [ 0x13c, ['pointer', ['_KTM']]],
+    'CommitReservation' : [ 0x140, ['long long']],
+    'TransactionHistory' : [ 0x148, ['array', 10, ['_KTRANSACTION_HISTORY']]],
+    'TransactionHistoryCount' : [ 0x198, ['unsigned long']],
+    'DTCPrivateInformation' : [ 0x19c, ['pointer', ['void']]],
+    'DTCPrivateInformationLength' : [ 0x1a0, ['unsigned long']],
+    'DTCPrivateInformationMutex' : [ 0x1a4, ['_KMUTANT']],
+    'PromotedTxSelfHandle' : [ 0x1c4, ['pointer', ['void']]],
+    'PendingPromotionCount' : [ 0x1c8, ['unsigned long']],
+    'PromotionCompletedEvent' : [ 0x1cc, ['_KEVENT']],
+} ],
+  '_FAKE_HEAP_ENTRY' : [ 0x8, {
+    'Size' : [ 0x0, ['unsigned long']],
+    'PreviousSize' : [ 0x4, ['unsigned long']],
+} ],
+  '_TOKEN_AUDIT_POLICY' : [ 0x1e, {
+    'PerUserPolicy' : [ 0x0, ['array', 30, ['unsigned char']]],
+} ],
+  '_MI_PROBE_RAISE_TRACKER' : [ 0x44, {
+    'UserRangeInKernel' : [ 0x0, ['unsigned long']],
+    'FaultFailed' : [ 0x4, ['unsigned long']],
+    'WriteFaultFailed' : [ 0x8, ['unsigned long']],
+    'LargePageFailed' : [ 0xc, ['unsigned long']],
+    'UserAccessToKernelPte' : [ 0x10, ['unsigned long']],
+    'BadPageLocation' : [ 0x14, ['unsigned long']],
+    'InsufficientCharge' : [ 0x18, ['unsigned long']],
+    'PageTableCharge' : [ 0x1c, ['unsigned long']],
+    'NoPhysicalMapping' : [ 0x20, ['unsigned long']],
+    'NoIoReference' : [ 0x24, ['unsigned long']],
+    'ProbeFailed' : [ 0x28, ['unsigned long']],
+    'PteIsZero' : [ 0x2c, ['unsigned long']],
+    'StrongCodeWrite' : [ 0x30, ['unsigned long']],
+    'ReducedCloneCommitChargeFailed' : [ 0x34, ['unsigned long']],
+    'CopyOnWriteAtDispatchNoPages' : [ 0x38, ['unsigned long']],
+    'NoPageTablesAllowed' : [ 0x3c, ['unsigned long']],
+    'EnclavePageFailed' : [ 0x40, ['unsigned long']],
+} ],
+  '_KTMOBJECT_NAMESPACE' : [ 0x60, {
+    'Table' : [ 0x0, ['_RTL_AVL_TABLE']],
+    'Mutex' : [ 0x38, ['_KMUTANT']],
+    'LinksOffset' : [ 0x58, ['unsigned short']],
+    'GuidOffset' : [ 0x5a, ['unsigned short']],
+    'Expired' : [ 0x5c, ['unsigned char']],
+} ],
+  '_LOADER_BUGCHECK_PARAMETERS' : [ 0x14, {
+    'BugcheckCode' : [ 0x0, ['unsigned long']],
+    'BugcheckParameter1' : [ 0x4, ['unsigned long']],
+    'BugcheckParameter2' : [ 0x8, ['unsigned long']],
+    'BugcheckParameter3' : [ 0xc, ['unsigned long']],
+    'BugcheckParameter4' : [ 0x10, ['unsigned long']],
+} ],
+  'PO_MEMORY_IMAGE' : [ 0x340, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'ImageType' : [ 0x4, ['unsigned long']],
+    'CheckSum' : [ 0x8, ['unsigned long']],
+    'LengthSelf' : [ 0xc, ['unsigned long']],
+    'PageSelf' : [ 0x10, ['unsigned long']],
+    'PageSize' : [ 0x14, ['unsigned long']],
+    'SystemTime' : [ 0x18, ['_LARGE_INTEGER']],
+    'InterruptTime' : [ 0x20, ['unsigned long long']],
+    'FeatureFlags' : [ 0x28, ['unsigned long long']],
+    'HiberFlags' : [ 0x30, ['unsigned char']],
+    'HiberSimulateFlags' : [ 0x31, ['unsigned char']],
+    'spare' : [ 0x32, ['array', 2, ['unsigned char']]],
+    'NoHiberPtes' : [ 0x34, ['unsigned long']],
+    'HiberVa' : [ 0x38, ['unsigned long']],
+    'NoFreePages' : [ 0x3c, ['unsigned long']],
+    'FreeMapCheck' : [ 0x40, ['unsigned long']],
+    'WakeCheck' : [ 0x44, ['unsigned long']],
+    'NumPagesForLoader' : [ 0x48, ['unsigned long long']],
+    'FirstBootRestorePage' : [ 0x50, ['unsigned long']],
+    'FirstKernelRestorePage' : [ 0x54, ['unsigned long']],
+    'FirstChecksumRestorePage' : [ 0x58, ['unsigned long']],
+    'NoChecksumEntries' : [ 0x60, ['unsigned long long']],
+    'PerfInfo' : [ 0x68, ['_PO_HIBER_PERF']],
+    'FirmwareRuntimeInformationPages' : [ 0x260, ['unsigned long']],
+    'FirmwareRuntimeInformation' : [ 0x264, ['array', 1, ['unsigned long']]],
+    'SpareUlong' : [ 0x268, ['unsigned long']],
+    'NoBootLoaderLogPages' : [ 0x26c, ['unsigned long']],
+    'BootLoaderLogPages' : [ 0x270, ['array', 24, ['unsigned long']]],
+    'NotUsed' : [ 0x2d0, ['unsigned long']],
+    'ResumeContextCheck' : [ 0x2d4, ['unsigned long']],
+    'ResumeContextPages' : [ 0x2d8, ['unsigned long']],
+    'Hiberboot' : [ 0x2dc, ['unsigned char']],
+    'SecureLaunched' : [ 0x2dd, ['unsigned char']],
+    'SecureBoot' : [ 0x2de, ['unsigned char']],
+    'HvPageTableRoot' : [ 0x2e0, ['unsigned long long']],
+    'HvEntryPoint' : [ 0x2e8, ['unsigned long long']],
+    'HvReservedTransitionAddress' : [ 0x2f0, ['unsigned long long']],
+    'HvReservedTransitionAddressSize' : [ 0x2f8, ['unsigned long long']],
+    'BootFlags' : [ 0x300, ['unsigned long long']],
+    'RestoreProcessorStateRoutine' : [ 0x308, ['unsigned long long']],
+    'HighestPhysicalPage' : [ 0x310, ['unsigned long']],
+    'BitlockerKeyPfns' : [ 0x314, ['array', 4, ['unsigned long']]],
+    'HardwareSignature' : [ 0x324, ['unsigned long']],
+    'SMBiosTablePhysicalAddress' : [ 0x328, ['_LARGE_INTEGER']],
+    'SMBiosTableLength' : [ 0x330, ['unsigned long']],
+    'SMBiosMajorVersion' : [ 0x334, ['unsigned char']],
+    'SMBiosMinorVersion' : [ 0x335, ['unsigned char']],
+    'HiberResumeXhciHandoffSkip' : [ 0x336, ['unsigned char']],
+    'InitializeUSBCore' : [ 0x337, ['unsigned char']],
+    'ValidUSBCoreId' : [ 0x338, ['unsigned char']],
+    'USBCoreId' : [ 0x339, ['unsigned char']],
+    'SkipMemoryMapValidation' : [ 0x33a, ['unsigned char']],
+} ],
+  '_POP_FX_DRIPS_WATCHDOG_CONTEXT' : [ 0x14, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'ComponentIndex' : [ 0x8, ['unsigned long']],
+    'ChildDevices' : [ 0xc, ['pointer', ['pointer', ['_DEVICE_NODE']]]],
+    'ChildDeviceCount' : [ 0x10, ['unsigned long']],
+} ],
+  '_SUPPORTED_RANGE' : [ 0x20, {
+    'Next' : [ 0x0, ['pointer', ['_SUPPORTED_RANGE']]],
+    'SystemAddressSpace' : [ 0x4, ['unsigned long']],
+    'SystemBase' : [ 0x8, ['long long']],
+    'Base' : [ 0x10, ['long long']],
+    'Limit' : [ 0x18, ['long long']],
+} ],
+  '__unnamed_3251' : [ 0x4, {
+    'NumberOfEntries' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'PageSize' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 12, native_type='unsigned long')]],
+    'Va' : [ 0x0, ['pointer', ['void']]],
+    'VaLong' : [ 0x0, ['unsigned long']],
+} ],
+  '_KTB_FLUSH_VA' : [ 0x4, {
+    'u1' : [ 0x0, ['__unnamed_3251']],
+} ],
+  '_LDR_DDAG_NODE' : [ 0x2c, {
+    'Modules' : [ 0x0, ['_LIST_ENTRY']],
+    'ServiceTagList' : [ 0x8, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'LoadCount' : [ 0xc, ['unsigned long']],
+    'LoadWhileUnloadingCount' : [ 0x10, ['unsigned long']],
+    'LowestLink' : [ 0x14, ['unsigned long']],
+    'Dependencies' : [ 0x18, ['_LDRP_CSLIST']],
+    'IncomingDependencies' : [ 0x1c, ['_LDRP_CSLIST']],
+    'State' : [ 0x20, ['Enumeration', dict(target = 'long', choices = {0: u'LdrModulesPlaceHolder', 1: u'LdrModulesMapping', 2: u'LdrModulesMapped', 3: u'LdrModulesWaitingForDependencies', 4: u'LdrModulesSnapping', 5: u'LdrModulesSnapped', 6: u'LdrModulesCondensed', 7: u'LdrModulesReadyToInit', 8: u'LdrModulesInitializing', 9: u'LdrModulesReadyToRun', -2: u'LdrModulesUnloaded', -5: u'LdrModulesMerged', -4: u'LdrModulesInitError', -3: u'LdrModulesSnapError', -1: u'LdrModulesUnloading'})]],
+    'CondenseLink' : [ 0x24, ['_SINGLE_LIST_ENTRY']],
+    'PreorderNumber' : [ 0x28, ['unsigned long']],
+} ],
+  '_MI_PAGE_COLORS' : [ 0xc, {
+    'PageSize' : [ 0x0, ['array', 3, ['unsigned long']]],
+} ],
+  '_NUMA_MEMORY_RANGE' : [ 0x18, {
+    'ProximityId' : [ 0x0, ['unsigned long']],
+    'BasePage' : [ 0x8, ['unsigned long long']],
+    'EndPage' : [ 0x10, ['unsigned long long']],
+} ],
+  '_DUMP_STACK_CONTEXT' : [ 0x100, {
+    'Init' : [ 0x0, ['_DUMP_INITIALIZATION_CONTEXT']],
+    'PartitionOffset' : [ 0xc0, ['_LARGE_INTEGER']],
+    'DumpPointers' : [ 0xc8, ['pointer', ['void']]],
+    'StorageInfo' : [ 0xc8, ['pointer', ['void']]],
+    'UseStorageInfo' : [ 0xcc, ['unsigned char']],
+    'PointersLength' : [ 0xd0, ['unsigned long']],
+    'ModulePrefix' : [ 0xd4, ['pointer', ['wchar']]],
+    'DriverList' : [ 0xd8, ['_LIST_ENTRY']],
+    'InitMsg' : [ 0xe0, ['_STRING']],
+    'ProgMsg' : [ 0xe8, ['_STRING']],
+    'DoneMsg' : [ 0xf0, ['_STRING']],
+    'FileObject' : [ 0xf8, ['pointer', ['void']]],
+    'UsageType' : [ 0xfc, ['Enumeration', dict(target = 'long', choices = {0: u'DeviceUsageTypeUndefined', 1: u'DeviceUsageTypePaging', 2: u'DeviceUsageTypeHibernation', 3: u'DeviceUsageTypeDumpFile', 4: u'DeviceUsageTypeBoot', 5: u'DeviceUsageTypePostDisplay', 6: u'DeviceUsageTypeGuestAssigned'})]],
+} ],
+  '_PNP_WATCHDOG' : [ 0x18, {
+    'WatchdogStart' : [ 0x0, ['unsigned long long']],
+    'WatchdogTimer' : [ 0x8, ['pointer', ['_WDT_HANDLE']]],
+    'WatchdogContextType' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'PNP_EVENT_WORKER_WATCHDOG', 2: u'PNP_DEVICE_COMPLETION_QUEUE_WATCHDOG', 3: u'PNP_DELAYED_REMOVE_WORKER_WATCHDOG', 4: u'PNP_ADD_DEVICE_WATCHDOG', 5: u'PNP_DRIVER_ENTRY_WATCHDOG'})]],
+    'WatchdogContext' : [ 0x10, ['pointer', ['void']]],
+    'TriggerEventLogged' : [ 0x14, ['unsigned char']],
+} ],
+  '_ARC_DISK_INFORMATION' : [ 0x8, {
+    'DiskSignatures' : [ 0x0, ['_LIST_ENTRY']],
+} ],
+  '_KQUEUE' : [ 0x28, {
+    'Header' : [ 0x0, ['_DISPATCHER_HEADER']],
+    'EntryListHead' : [ 0x10, ['_LIST_ENTRY']],
+    'CurrentCount' : [ 0x18, ['unsigned long']],
+    'MaximumCount' : [ 0x1c, ['unsigned long']],
+    'ThreadListHead' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_POP_FX_DEPENDENT' : [ 0x8, {
+    'Index' : [ 0x0, ['unsigned long']],
+    'ProviderIndex' : [ 0x4, ['unsigned long']],
+} ],
+  '_DEVICE_FAULT_CONFIGURATION' : [ 0x8, {
+    'FaultHandler' : [ 0x0, ['pointer', ['void']]],
+    'FaultContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_MI_PAGEFILE_BITMAPS_CACHE_ENTRY' : [ 0x20, {
+    'LengthTreeNode' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'FreeListEntry' : [ 0x0, ['_LIST_ENTRY']],
+    'LocationTreeNode' : [ 0xc, ['_RTL_BALANCED_NODE']],
+    'StartingIndex' : [ 0x18, ['unsigned long']],
+    'Length' : [ 0x1c, ['unsigned long']],
+} ],
+  '_MI_RESUME_WORKITEM' : [ 0x20, {
+    'ResumeCompleteEvent' : [ 0x0, ['_KEVENT']],
+    'WorkItem' : [ 0x10, ['_WORK_QUEUE_ITEM']],
+} ],
+  '_INPUT_MAPPING_ELEMENT' : [ 0x4, {
+    'InputMappingId' : [ 0x0, ['unsigned long']],
+} ],
+  '_DESCRIPTOR' : [ 0x8, {
+    'Pad' : [ 0x0, ['unsigned short']],
+    'Limit' : [ 0x2, ['unsigned short']],
+    'Base' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_327e' : [ 0x14, {
+    'ClassGuid' : [ 0x0, ['_GUID']],
+    'SymbolicLinkName' : [ 0x10, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_3280' : [ 0x2, {
+    'DeviceId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_3282' : [ 0x8, {
+    'NotificationStructure' : [ 0x0, ['pointer', ['void']]],
+    'DeviceId' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_3284' : [ 0x4, {
+    'Notification' : [ 0x0, ['pointer', ['void']]],
+} ],
+  '__unnamed_3286' : [ 0x8, {
+    'NotificationCode' : [ 0x0, ['unsigned long']],
+    'NotificationData' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_3288' : [ 0x8, {
+    'VetoType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PNP_VetoTypeUnknown', 1: u'PNP_VetoLegacyDevice', 2: u'PNP_VetoPendingClose', 3: u'PNP_VetoWindowsApp', 4: u'PNP_VetoWindowsService', 5: u'PNP_VetoOutstandingOpen', 6: u'PNP_VetoDevice', 7: u'PNP_VetoDriver', 8: u'PNP_VetoIllegalDeviceRequest', 9: u'PNP_VetoInsufficientPower', 10: u'PNP_VetoNonDisableable', 11: u'PNP_VetoLegacyDriver', 12: u'PNP_VetoInsufficientRights', 13: u'PNP_VetoAlreadyRemoved'})]],
+    'DeviceIdVetoNameBuffer' : [ 0x4, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_328a' : [ 0x10, {
+    'BlockedDriverGuid' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_328c' : [ 0x2, {
+    'ParentId' : [ 0x0, ['array', 1, ['wchar']]],
+} ],
+  '__unnamed_328e' : [ 0x20, {
+    'PowerSettingGuid' : [ 0x0, ['_GUID']],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'SessionId' : [ 0x14, ['unsigned long']],
+    'DataLength' : [ 0x18, ['unsigned long']],
+    'Data' : [ 0x1c, ['array', 1, ['unsigned char']]],
+} ],
+  '__unnamed_3290' : [ 0x20, {
+    'DeviceClass' : [ 0x0, ['__unnamed_327e']],
+    'TargetDevice' : [ 0x0, ['__unnamed_3280']],
+    'InstallDevice' : [ 0x0, ['__unnamed_3280']],
+    'CustomNotification' : [ 0x0, ['__unnamed_3282']],
+    'ProfileNotification' : [ 0x0, ['__unnamed_3284']],
+    'PowerNotification' : [ 0x0, ['__unnamed_3286']],
+    'VetoNotification' : [ 0x0, ['__unnamed_3288']],
+    'BlockedDriverNotification' : [ 0x0, ['__unnamed_328a']],
+    'InvalidIDNotification' : [ 0x0, ['__unnamed_328c']],
+    'PowerSettingNotification' : [ 0x0, ['__unnamed_328e']],
+    'PropertyChangeNotification' : [ 0x0, ['__unnamed_3280']],
+    'DeviceInstanceNotification' : [ 0x0, ['__unnamed_3280']],
+} ],
+  '_PLUGPLAY_EVENT_BLOCK' : [ 0x44, {
+    'EventGuid' : [ 0x0, ['_GUID']],
+    'EventCategory' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'HardwareProfileChangeEvent', 1: u'TargetDeviceChangeEvent', 2: u'DeviceClassChangeEvent', 3: u'CustomDeviceEvent', 4: u'DeviceInstallEvent', 5: u'DeviceArrivalEvent', 6: u'VetoEvent', 7: u'BlockedDriverEvent', 8: u'InvalidIDEvent', 9: u'DevicePropertyChangeEvent', 10: u'DeviceInstanceRemovalEvent', 11: u'DeviceInstanceStartedEvent', 12: u'MaxPlugEventCategory'})]],
+    'Result' : [ 0x14, ['pointer', ['unsigned long']]],
+    'Flags' : [ 0x18, ['unsigned long']],
+    'TotalSize' : [ 0x1c, ['unsigned long']],
+    'DeviceObject' : [ 0x20, ['pointer', ['void']]],
+    'u' : [ 0x24, ['__unnamed_3290']],
+} ],
+  '_WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ProcessorType' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'InstructionSet' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Operation' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Flags' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Level' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'CPUVersion' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'CPUBrandString' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'ProcessorId' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'TargetAddress' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'InstructionPointer' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_VSM_PERFORMANCE_DATA' : [ 0x40, {
+    'LaunchVsmMark' : [ 0x0, ['array', 8, ['unsigned long long']]],
+} ],
+  '_WDT_HANDLE' : [ 0x1, {
+    'Reserved' : [ 0x0, ['unsigned char']],
+} ],
+  '_WHEA_ERROR_RECORD_HEADER_FLAGS' : [ 0x4, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PreviousError' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Simulated' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'DeviceDriver' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'CriticalEvent' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'PersistPfn' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 32, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '_CACHED_KSTACK_LIST' : [ 0x18, {
+    'SListHead' : [ 0x0, ['_SLIST_HEADER']],
+    'MinimumFree' : [ 0x8, ['long']],
+    'Misses' : [ 0xc, ['unsigned long']],
+    'MissesLast' : [ 0x10, ['unsigned long']],
+    'AllStacksInUse' : [ 0x14, ['unsigned long']],
+} ],
+  '_I386_LOADER_BLOCK' : [ 0xc, {
+    'CommonDataArea' : [ 0x0, ['pointer', ['void']]],
+    'MachineType' : [ 0x4, ['unsigned long']],
+    'VirtualBias' : [ 0x8, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_BUCKET' : [ 0x20, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'MinTime' : [ 0x8, ['unsigned long long']],
+    'MaxTime' : [ 0x10, ['unsigned long long']],
+    'Count' : [ 0x18, ['unsigned long']],
+} ],
+  '_ARBITER_ORDERING' : [ 0x10, {
+    'Start' : [ 0x0, ['unsigned long long']],
+    'End' : [ 0x8, ['unsigned long long']],
+} ],
+  '_MI_PTE_CHAIN_HEAD' : [ 0x18, {
+    'Flink' : [ 0x0, ['_MMPTE']],
+    'Blink' : [ 0x8, ['_MMPTE']],
+    'PteBase' : [ 0x10, ['pointer', ['_MMPTE']]],
+} ],
+  '__unnamed_32a7' : [ 0x8, {
+    'Pch' : [ 0x0, ['unsigned char']],
+    'EmbeddedController' : [ 0x1, ['unsigned char']],
+    'Reserved' : [ 0x2, ['array', 6, ['unsigned char']]],
+} ],
+  '__unnamed_32a9' : [ 0x8, {
+    'Component' : [ 0x0, ['__unnamed_32a7']],
+    'AsULONG64' : [ 0x0, ['unsigned long long']],
+    'AsBytes' : [ 0x0, ['array', 8, ['unsigned char']]],
+} ],
+  '_LOADER_RESET_REASON' : [ 0x30, {
+    'Supplied' : [ 0x0, ['unsigned char']],
+    'Basic' : [ 0x8, ['__unnamed_32a9']],
+    'AdditionalInfo' : [ 0x10, ['array', 8, ['unsigned long']]],
+} ],
+  '_ARBITER_QUERY_ALLOCATED_RESOURCES_PARAMETERS' : [ 0x4, {
+    'AllocatedResources' : [ 0x0, ['pointer', ['pointer', ['_CM_PARTIAL_RESOURCE_LIST']]]],
+} ],
+  '_HAL_CHANNEL_MEMORY_RANGES' : [ 0xc, {
+    'PageFrameIndex' : [ 0x0, ['unsigned long']],
+    'MpnId' : [ 0x4, ['unsigned short']],
+    'Node' : [ 0x6, ['unsigned short']],
+    'Channel' : [ 0x8, ['unsigned short']],
+    'IsPowerManageable' : [ 0xa, ['unsigned char']],
+    'DeepPowerState' : [ 0xb, ['unsigned char']],
+} ],
+  '_LOADER_HIVE_RECOVERY_INFO' : [ 0x14, {
+    'Recovered' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LegacyRecovery' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'SoftRebootConflict' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'MostRecentLog' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 6, native_type='unsigned long')]],
+    'Spare' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 27, native_type='unsigned long')]],
+    'LogNextSequence' : [ 0x8, ['unsigned long']],
+    'LogMinimumSequence' : [ 0xc, ['unsigned long']],
+    'LogCurrentOffset' : [ 0x10, ['unsigned long']],
+} ],
+  '__unnamed_32b9' : [ 0x24, {
+    'EfiInformation' : [ 0x0, ['_EFI_FIRMWARE_INFORMATION']],
+    'PcatInformation' : [ 0x0, ['_PCAT_FIRMWARE_INFORMATION']],
+} ],
+  '_FIRMWARE_INFORMATION_LOADER_BLOCK' : [ 0x28, {
+    'FirmwareTypeUefi' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'EfiRuntimeUseIum' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'EfiRuntimePageProtectionSupported' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 32, native_type='unsigned long')]],
+    'u' : [ 0x4, ['__unnamed_32b9']],
+} ],
+  '__unnamed_32bd' : [ 0xc, {
+    'Address' : [ 0x0, ['unsigned long']],
+    'Consumed' : [ 0x4, ['unsigned char']],
+    'ErrorCode' : [ 0x6, ['unsigned short']],
+    'ErrorIpValid' : [ 0x8, ['unsigned char']],
+    'RestartIpValid' : [ 0x9, ['unsigned char']],
+    'ClearPoison' : [ 0xa, ['unsigned char']],
+} ],
+  '__unnamed_32bf' : [ 0x4, {
+    'PmemErrInfo' : [ 0x0, ['unsigned long']],
+} ],
+  '_WHEA_RECOVERY_CONTEXT' : [ 0x20, {
+    'MemoryError' : [ 0x0, ['__unnamed_32bd']],
+    'PmemError' : [ 0x0, ['__unnamed_32bf']],
+    'PartitionId' : [ 0x10, ['unsigned long long']],
+    'VpIndex' : [ 0x18, ['unsigned long']],
+    'ErrorType' : [ 0x1c, ['Enumeration', dict(target = 'long', choices = {1: u'WheaRecoveryContextErrorTypeMemory', 2: u'WheaRecoveryContextErrorTypePmem', 3: u'WheaRecoveryContextErrorTypeMax'})]],
+} ],
+  '_POP_TRIGGER_WAIT' : [ 0x20, {
+    'Event' : [ 0x0, ['_KEVENT']],
+    'Status' : [ 0x10, ['long']],
+    'Link' : [ 0x14, ['_LIST_ENTRY']],
+    'Trigger' : [ 0x1c, ['pointer', ['_POP_ACTION_TRIGGER']]],
+} ],
+  '_PROC_PERF_CONSTRAINT' : [ 0x78, {
+    'CheckContext' : [ 0x0, ['pointer', ['_PROC_PERF_CHECK_CONTEXT']]],
+    'PerfContext' : [ 0x4, ['unsigned long']],
+    'PlatformCap' : [ 0x8, ['unsigned long']],
+    'ThermalCap' : [ 0xc, ['unsigned long']],
+    'LimitReasons' : [ 0x10, ['unsigned long']],
+    'PlatformCapStartTime' : [ 0x18, ['unsigned long long']],
+    'ProcCap' : [ 0x20, ['unsigned long']],
+    'ProcFloor' : [ 0x24, ['unsigned long']],
+    'TargetPercent' : [ 0x28, ['unsigned long']],
+    'EngageResponsivenessOverrides' : [ 0x2c, ['unsigned char']],
+    'ResponsivenessChangeCount' : [ 0x2d, ['unsigned char']],
+    'Selection' : [ 0x30, ['_PERF_CONTROL_STATE_SELECTION']],
+    'DomainSelectionGeneration' : [ 0x58, ['unsigned long']],
+    'PreviousFrequency' : [ 0x5c, ['unsigned long']],
+    'PreviousPercent' : [ 0x60, ['unsigned long']],
+    'LatestFrequencyPercent' : [ 0x64, ['unsigned long']],
+    'LatestPerformancePercent' : [ 0x68, ['unsigned long']],
+    'Force' : [ 0x6c, ['unsigned char']],
+    'UseQosUpdateLock' : [ 0x6d, ['unsigned char']],
+    'QosUpdateLock' : [ 0x70, ['unsigned long']],
+} ],
+  '_PROC_IDLE_STATE_ACCOUNTING' : [ 0x3e8, {
+    'TotalTime' : [ 0x0, ['unsigned long long']],
+    'CancelCount' : [ 0x8, ['unsigned long']],
+    'FailureCount' : [ 0xc, ['unsigned long']],
+    'SuccessCount' : [ 0x10, ['unsigned long']],
+    'InvalidBucketIndex' : [ 0x14, ['unsigned long']],
+    'MinTime' : [ 0x18, ['unsigned long long']],
+    'MaxTime' : [ 0x20, ['unsigned long long']],
+    'SelectionStatistics' : [ 0x28, ['_PPM_SELECTION_STATISTICS']],
+    'IdleTimeBuckets' : [ 0xa8, ['array', 26, ['_PROC_IDLE_STATE_BUCKET']]],
+} ],
+  '_HEADLESS_LOADER_BLOCK' : [ 0x38, {
+    'UsedBiosSettings' : [ 0x0, ['unsigned char']],
+    'DataBits' : [ 0x1, ['unsigned char']],
+    'StopBits' : [ 0x2, ['unsigned char']],
+    'Parity' : [ 0x3, ['unsigned char']],
+    'BaudRate' : [ 0x4, ['unsigned long']],
+    'PortNumber' : [ 0x8, ['unsigned long']],
+    'PortAddress' : [ 0xc, ['pointer', ['unsigned char']]],
+    'PciDeviceId' : [ 0x10, ['unsigned short']],
+    'PciVendorId' : [ 0x12, ['unsigned short']],
+    'PciBusNumber' : [ 0x14, ['unsigned char']],
+    'PciBusSegment' : [ 0x16, ['unsigned short']],
+    'PciSlotNumber' : [ 0x18, ['unsigned char']],
+    'PciFunctionNumber' : [ 0x19, ['unsigned char']],
+    'PciFlags' : [ 0x1c, ['unsigned long']],
+    'SystemGUID' : [ 0x20, ['_GUID']],
+    'IsMMIODevice' : [ 0x30, ['unsigned char']],
+    'TerminalType' : [ 0x31, ['unsigned char']],
+    'InterfaceType' : [ 0x32, ['unsigned char']],
+    'RegisterBitWidth' : [ 0x33, ['unsigned char']],
+    'RegisterAccessSize' : [ 0x34, ['unsigned char']],
+} ],
+  '_MI_WRITE_CALIBRATION' : [ 0x18, {
+    'MaximumNumberProcessors' : [ 0x0, ['unsigned long']],
+    'OptimalWriteType' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'WriteTypeCached', 1: u'WriteTypeNonTemporal', 2: u'WriteTypeMaximum'})]],
+    'PerProcessorNumberOfBytes' : [ 0x8, ['unsigned long']],
+    'OptimalWriteProcessors' : [ 0xc, ['array', 2, ['unsigned long']]],
+    'RawTimeStamps' : [ 0x14, ['pointer', ['_MI_WRITE_MODES']]],
+} ],
+  '_WHEA_MEMORY_ERROR_SECTION_VALIDBITS' : [ 0x8, {
+    'ErrorStatus' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long long')]],
+    'PhysicalAddress' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long long')]],
+    'PhysicalAddressMask' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long long')]],
+    'Node' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long long')]],
+    'Card' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long long')]],
+    'Module' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long long')]],
+    'Bank' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long long')]],
+    'Device' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long long')]],
+    'Row' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long long')]],
+    'Column' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long long')]],
+    'BitPosition' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long long')]],
+    'RequesterId' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long long')]],
+    'ResponderId' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long long')]],
+    'TargetId' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long long')]],
+    'ErrorType' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long long')]],
+    'RankNumber' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long long')]],
+    'CardHandle' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long long')]],
+    'ModuleHandle' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long long')]],
+    'ExtendedRow' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long long')]],
+    'BankGroup' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long long')]],
+    'BankAddress' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long long')]],
+    'ChipIdentification' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 64, native_type='unsigned long long')]],
+    'ValidBits' : [ 0x0, ['unsigned long long']],
+} ],
+  '_IO_REMOVE_LOCK_COMMON_BLOCK' : [ 0x18, {
+    'Removed' : [ 0x0, ['unsigned char']],
+    'Reserved' : [ 0x1, ['array', 3, ['unsigned char']]],
+    'IoCount' : [ 0x4, ['long']],
+    'RemoveEvent' : [ 0x8, ['_KEVENT']],
+} ],
+  '_PEP_CRASHDUMP_INFORMATION' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['PEPHANDLE__']]],
+    'DeviceContext' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_FAULT_INFORMATION_X64_FLAGS' : [ 0x4, {
+    'FaultAddressValid' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_FULL_RESOURCE_DESCRIPTOR' : [ 0x20, {
+    'InterfaceType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'Internal', 1: u'Isa', 2: u'Eisa', 3: u'MicroChannel', 4: u'TurboChannel', 5: u'PCIBus', 6: u'VMEBus', 7: u'NuBus', 8: u'PCMCIABus', 9: u'CBus', 10: u'MPIBus', 11: u'MPSABus', 12: u'ProcessorInternal', 13: u'InternalPowerBus', 14: u'PNPISABus', 15: u'PNPBus', 16: u'Vmcs', 17: u'ACPIBus', 18: u'MaximumInterfaceType', -1: u'InterfaceTypeUndefined'})]],
+    'BusNumber' : [ 0x4, ['unsigned long']],
+    'PartialResourceList' : [ 0x8, ['_CM_PARTIAL_RESOURCE_LIST']],
+} ],
+  '_RTL_USER_PROCESS_PARAMETERS' : [ 0x2c0, {
+    'MaximumLength' : [ 0x0, ['unsigned long']],
+    'Length' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DebugFlags' : [ 0xc, ['unsigned long']],
+    'ConsoleHandle' : [ 0x10, ['pointer', ['void']]],
+    'ConsoleFlags' : [ 0x14, ['unsigned long']],
+    'StandardInput' : [ 0x18, ['pointer', ['void']]],
+    'StandardOutput' : [ 0x1c, ['pointer', ['void']]],
+    'StandardError' : [ 0x20, ['pointer', ['void']]],
+    'CurrentDirectory' : [ 0x24, ['_CURDIR']],
+    'DllPath' : [ 0x30, ['_UNICODE_STRING']],
+    'ImagePathName' : [ 0x38, ['_UNICODE_STRING']],
+    'CommandLine' : [ 0x40, ['_UNICODE_STRING']],
+    'Environment' : [ 0x48, ['pointer', ['void']]],
+    'StartingX' : [ 0x4c, ['unsigned long']],
+    'StartingY' : [ 0x50, ['unsigned long']],
+    'CountX' : [ 0x54, ['unsigned long']],
+    'CountY' : [ 0x58, ['unsigned long']],
+    'CountCharsX' : [ 0x5c, ['unsigned long']],
+    'CountCharsY' : [ 0x60, ['unsigned long']],
+    'FillAttribute' : [ 0x64, ['unsigned long']],
+    'WindowFlags' : [ 0x68, ['unsigned long']],
+    'ShowWindowFlags' : [ 0x6c, ['unsigned long']],
+    'WindowTitle' : [ 0x70, ['_UNICODE_STRING']],
+    'DesktopInfo' : [ 0x78, ['_UNICODE_STRING']],
+    'ShellInfo' : [ 0x80, ['_UNICODE_STRING']],
+    'RuntimeData' : [ 0x88, ['_UNICODE_STRING']],
+    'CurrentDirectores' : [ 0x90, ['array', 32, ['_RTL_DRIVE_LETTER_CURDIR']]],
+    'EnvironmentSize' : [ 0x290, ['unsigned long']],
+    'EnvironmentVersion' : [ 0x294, ['unsigned long']],
+    'PackageDependencyData' : [ 0x298, ['pointer', ['void']]],
+    'ProcessGroupId' : [ 0x29c, ['unsigned long']],
+    'LoaderThreads' : [ 0x2a0, ['unsigned long']],
+    'RedirectionDllName' : [ 0x2a4, ['_UNICODE_STRING']],
+    'HeapPartitionName' : [ 0x2ac, ['_UNICODE_STRING']],
+    'DefaultThreadpoolCpuSetMasks' : [ 0x2b4, ['pointer', ['unsigned long long']]],
+    'DefaultThreadpoolCpuSetMaskCount' : [ 0x2b8, ['unsigned long']],
+    'DefaultThreadpoolThreadMaximum' : [ 0x2bc, ['unsigned long']],
+} ],
+  '_MI_IO_CACHE_STATS' : [ 0x20, {
+    'UnusedBlocks' : [ 0x0, ['unsigned long']],
+    'ActiveCacheMatch' : [ 0x4, ['unsigned long']],
+    'ActiveCacheOverride' : [ 0x8, ['unsigned long']],
+    'UnmappedCacheFlush' : [ 0xc, ['unsigned long']],
+    'UnmappedCacheMatch' : [ 0x10, ['unsigned long']],
+    'UnmappedCacheConflict' : [ 0x14, ['unsigned long']],
+    'PermanentIoAttributeConflict' : [ 0x18, ['unsigned long']],
+    'PermanentIoNodeConflict' : [ 0x1c, ['unsigned long']],
+} ],
+  '__unnamed_32e5' : [ 0x4, {
+    'PasidMaxWidth' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 5, native_type='unsigned long')]],
+    'PasidExePerm' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'PasidPrivMode' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'AtsPageAlignedRequest' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'AtsGlobalInvalidate' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'AtsInvalidateQueueDepth' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 14, native_type='unsigned long')]],
+} ],
+  '_IOMMU_SVM_CAPABILITIES' : [ 0xc, {
+    'AtsCapability' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'PriCapability' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'PasidCapability' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'CapReg' : [ 0x4, ['__unnamed_32e5']],
+    'Rsvd' : [ 0x8, ['BitField', dict(start_bit = 0, end_bit = 15, native_type='unsigned long')]],
+    'AsULONG' : [ 0x0, ['unsigned long']],
+} ],
+  '__unnamed_32f2' : [ 0x8, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'CheckSum' : [ 0x4, ['unsigned long']],
+} ],
+  '__unnamed_32f4' : [ 0x10, {
+    'DiskId' : [ 0x0, ['_GUID']],
+} ],
+  '__unnamed_32f6' : [ 0x10, {
+    'Mbr' : [ 0x0, ['__unnamed_32f2']],
+    'Gpt' : [ 0x0, ['__unnamed_32f4']],
+} ],
+  '_DUMP_INITIALIZATION_CONTEXT' : [ 0xc0, {
+    'Length' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'MemoryBlock' : [ 0x8, ['pointer', ['void']]],
+    'CommonBuffer' : [ 0xc, ['array', 2, ['pointer', ['void']]]],
+    'PhysicalAddress' : [ 0x18, ['array', 2, ['_LARGE_INTEGER']]],
+    'StallRoutine' : [ 0x28, ['pointer', ['void']]],
+    'OpenRoutine' : [ 0x2c, ['pointer', ['void']]],
+    'WriteRoutine' : [ 0x30, ['pointer', ['void']]],
+    'FinishRoutine' : [ 0x34, ['pointer', ['void']]],
+    'AdapterObject' : [ 0x38, ['pointer', ['_ADAPTER_OBJECT']]],
+    'MappedRegisterBase' : [ 0x3c, ['pointer', ['void']]],
+    'PortConfiguration' : [ 0x40, ['pointer', ['void']]],
+    'CrashDump' : [ 0x44, ['unsigned char']],
+    'MarkMemoryOnly' : [ 0x45, ['unsigned char']],
+    'HiberResume' : [ 0x46, ['unsigned char']],
+    'Reserved1' : [ 0x47, ['unsigned char']],
+    'MaximumTransferSize' : [ 0x48, ['unsigned long']],
+    'CommonBufferSize' : [ 0x4c, ['unsigned long']],
+    'TargetAddress' : [ 0x50, ['pointer', ['void']]],
+    'WritePendingRoutine' : [ 0x54, ['pointer', ['void']]],
+    'PartitionStyle' : [ 0x58, ['unsigned long']],
+    'DiskInfo' : [ 0x5c, ['__unnamed_32f6']],
+    'ReadRoutine' : [ 0x6c, ['pointer', ['void']]],
+    'GetDriveTelemetryRoutine' : [ 0x70, ['pointer', ['void']]],
+    'LogSectionTruncateSize' : [ 0x74, ['unsigned long']],
+    'Parameters' : [ 0x78, ['array', 16, ['unsigned long']]],
+    'GetTransferSizesRoutine' : [ 0xb8, ['pointer', ['void']]],
+    'DumpNotifyRoutine' : [ 0xbc, ['pointer', ['void']]],
+} ],
+  '_MI_SYSTEM_REGION_ANCHOR' : [ 0x4, {
+    'ReferenceCount' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 31, native_type='unsigned long')]],
+    'BeingDeleted' : [ 0x0, ['BitField', dict(start_bit = 31, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_CM_FAST_LEAF_HINT' : [ 0x4, {
+    'Characters' : [ 0x0, ['array', 4, ['unsigned char']]],
+    'FullHint' : [ 0x0, ['unsigned long']],
+} ],
+  '_THERMAL_COOLING_INTERFACE' : [ 0x1c, {
+    'Size' : [ 0x0, ['unsigned short']],
+    'Version' : [ 0x2, ['unsigned short']],
+    'Context' : [ 0x4, ['pointer', ['void']]],
+    'InterfaceReference' : [ 0x8, ['pointer', ['void']]],
+    'InterfaceDereference' : [ 0xc, ['pointer', ['void']]],
+    'Flags' : [ 0x10, ['unsigned long']],
+    'ActiveCooling' : [ 0x14, ['pointer', ['void']]],
+    'PassiveCooling' : [ 0x18, ['pointer', ['void']]],
+} ],
+  '_PEP_WORK_INFORMATION' : [ 0x20, {
+    'WorkType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'PepWorkActiveComplete', 1: u'PepWorkRequestIdleState', 2: u'PepWorkDevicePower', 3: u'PepWorkRequestPowerControl', 4: u'PepWorkDeviceIdle', 5: u'PepWorkCompleteIdleState', 6: u'PepWorkCompletePerfState', 7: u'PepWorkAcpiNotify', 8: u'PepWorkAcpiEvaluateControlMethodComplete', 9: u'PepWorkMax'})]],
+    'ActiveComplete' : [ 0x4, ['_PEP_WORK_ACTIVE_COMPLETE']],
+    'IdleState' : [ 0x4, ['_PEP_WORK_IDLE_STATE']],
+    'DevicePower' : [ 0x4, ['_PEP_WORK_DEVICE_POWER']],
+    'PowerControl' : [ 0x4, ['_PEP_WORK_POWER_CONTROL']],
+    'DeviceIdle' : [ 0x4, ['_PEP_WORK_DEVICE_IDLE']],
+    'CompleteIdleState' : [ 0x4, ['_PEP_WORK_COMPLETE_IDLE_STATE']],
+    'CompletePerfState' : [ 0x4, ['_PEP_WORK_COMPLETE_PERF_STATE']],
+    'AcpiNotify' : [ 0x4, ['_PEP_WORK_ACPI_NOTIFY']],
+    'ControlMethodComplete' : [ 0x4, ['_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE']],
+} ],
+  '_VF_ADDRESS_RANGE' : [ 0x8, {
+    'Start' : [ 0x0, ['pointer', ['unsigned char']]],
+    'End' : [ 0x4, ['pointer', ['unsigned char']]],
+} ],
+  '_POP_FX_PERF_INFO' : [ 0x60, {
+    'Component' : [ 0x0, ['pointer', ['_POP_FX_COMPONENT']]],
+    'CompletedEvent' : [ 0x4, ['_KEVENT']],
+    'ComponentPerfState' : [ 0x14, ['pointer', ['void']]],
+    'Flags' : [ 0x18, ['_POP_FX_PERF_FLAGS']],
+    'LastChange' : [ 0x1c, ['pointer', ['_PO_FX_PERF_STATE_CHANGE']]],
+    'LastChangeCount' : [ 0x20, ['unsigned long']],
+    'LastChangeStamp' : [ 0x28, ['unsigned long long']],
+    'LastChangeNominal' : [ 0x30, ['unsigned char']],
+    'PepRegistered' : [ 0x31, ['unsigned char']],
+    'QueryOnIdleStates' : [ 0x32, ['unsigned char']],
+    'RequestDriverContext' : [ 0x34, ['pointer', ['void']]],
+    'WorkOrder' : [ 0x38, ['_POP_FX_WORK_ORDER']],
+    'SetsCount' : [ 0x54, ['unsigned long']],
+    'Sets' : [ 0x58, ['pointer', ['_POP_FX_PERF_SET']]],
+} ],
+  '_CVDD' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'NB10' : [ 0x0, ['_NB10']],
+    'RsDs' : [ 0x0, ['_RSDS']],
+} ],
+  '_MI_ACCESS_VIOLATION_RANGE' : [ 0x14, {
+    'Node' : [ 0x0, ['_RTL_BALANCED_NODE']],
+    'Va' : [ 0xc, ['pointer', ['void']]],
+    'EndVaInclusive' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_PEP_WORK_ACPI_EVALUATE_CONTROL_METHOD_COMPLETE' : [ 0x18, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'CompletionFlags' : [ 0x4, ['unsigned long']],
+    'MethodStatus' : [ 0x8, ['long']],
+    'CompletionContext' : [ 0xc, ['pointer', ['void']]],
+    'OutputArgumentSize' : [ 0x10, ['unsigned long']],
+    'OutputArguments' : [ 0x14, ['pointer', ['_ACPI_METHOD_ARGUMENT_V1']]],
+} ],
+  '_MMPAGE_FILE_EXPANSION_FLAGS' : [ 0x4, {
+    'PageFileNumber' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare1' : [ 0x1, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'Spare2' : [ 0x2, ['BitField', dict(start_bit = 0, end_bit = 8, native_type='unsigned char')]],
+    'IgnoreCurrentCommit' : [ 0x3, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned char')]],
+    'IncreaseMinimumSize' : [ 0x3, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned char')]],
+    'AttemptForCantExtend' : [ 0x3, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned char')]],
+    'UnusedSegmentDeletion' : [ 0x3, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned char')]],
+    'PageFileContract' : [ 0x3, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned char')]],
+    'NoWait' : [ 0x3, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned char')]],
+    'Spare3' : [ 0x3, ['BitField', dict(start_bit = 6, end_bit = 8, native_type='unsigned char')]],
+} ],
+  '_MI_WRITE_MODES' : [ 0x10, {
+    'WriteType' : [ 0x0, ['array', 2, ['unsigned long long']]],
+} ],
+  '_MI_RESTRICTED_MODWRITES' : [ 0x3, {
+    'MaximumClusterPages' : [ 0x0, ['unsigned char']],
+    'ReducedClusterWrites' : [ 0x1, ['unsigned char']],
+    'ImposeDelay' : [ 0x2, ['unsigned char']],
+} ],
+  '_OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2' : [ 0x20, {
+    'Version' : [ 0x0, ['unsigned long']],
+    'AbnormalResetOccurred' : [ 0x4, ['unsigned long']],
+    'OfflineMemoryDumpCapable' : [ 0x8, ['unsigned long']],
+    'ResetDataAddress' : [ 0x10, ['_LARGE_INTEGER']],
+    'ResetDataSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_ACPI_METHOD_ARGUMENT_V1' : [ 0x8, {
+    'Type' : [ 0x0, ['unsigned short']],
+    'DataLength' : [ 0x2, ['unsigned short']],
+    'Argument' : [ 0x4, ['unsigned long']],
+    'Data' : [ 0x4, ['array', 1, ['unsigned char']]],
+} ],
+  '_POP_FX_ACTIVE_TIME_ACCOUNTING' : [ 0x60, {
+    'Total' : [ 0x0, ['unsigned long long']],
+    'Unattributed' : [ 0x8, ['unsigned long long']],
+    'Buckets' : [ 0x10, ['array', 5, ['unsigned long long']]],
+    'PerBucket' : [ 0x38, ['array', 5, ['unsigned long long']]],
+} ],
+  '_PEP_WORK_ACPI_NOTIFY' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'NotifyCode' : [ 0x4, ['unsigned long']],
+} ],
+  '_MI_LARGE_PAGE_LISTS_CHANGING' : [ 0x14, {
+    'Next' : [ 0x0, ['pointer', ['_MI_LARGE_PAGE_LISTS_CHANGING']]],
+    'Gate' : [ 0x4, ['_KGATE']],
+} ],
+  '_TRIAGE_POP_IRP_DATA' : [ 0x10, {
+    'Link' : [ 0x0, ['_LIST_ENTRY']],
+    'Irp' : [ 0x8, ['pointer', ['_IRP']]],
+    'Pdo' : [ 0xc, ['pointer', ['_DEVICE_OBJECT']]],
+} ],
+  '_PROCESSOR_PLATFORM_STATE_RESIDENCY' : [ 0x10, {
+    'Residency' : [ 0x0, ['unsigned long long']],
+    'TransitionCount' : [ 0x8, ['unsigned long long']],
+} ],
+  '_POP_PER_PROCESSOR_CONTEXT' : [ 0x70, {
+    'UncompressedData' : [ 0x0, ['pointer', ['unsigned char']]],
+    'MappingVa' : [ 0x4, ['pointer', ['void']]],
+    'XpressEncodeWorkspace' : [ 0x8, ['pointer', ['void']]],
+    'CompressedDataBuffer' : [ 0xc, ['pointer', ['unsigned char']]],
+    'CopyTicks' : [ 0x10, ['unsigned long long']],
+    'CompressTicks' : [ 0x18, ['unsigned long long']],
+    'BytesCopied' : [ 0x20, ['unsigned long long']],
+    'PagesProcessed' : [ 0x28, ['unsigned long long']],
+    'DecompressTicks' : [ 0x30, ['unsigned long long']],
+    'ResumeCopyTicks' : [ 0x38, ['unsigned long long']],
+    'SharedBufferTicks' : [ 0x40, ['unsigned long long']],
+    'DecompressTicksByMethod' : [ 0x48, ['array', 2, ['unsigned long long']]],
+    'DecompressSizeByMethod' : [ 0x58, ['array', 2, ['unsigned long long']]],
+    'CompressCount' : [ 0x68, ['unsigned long']],
+    'HuffCompressCount' : [ 0x6c, ['unsigned long']],
+} ],
+  '_ETW_APC_ENTRY' : [ 0x30, {
+    'SListEntry' : [ 0x0, ['_SINGLE_LIST_ENTRY']],
+    'Apc' : [ 0x0, ['_KAPC']],
+} ],
+  '_CONFIGURATION_COMPONENT' : [ 0x24, {
+    'Class' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SystemClass', 1: u'ProcessorClass', 2: u'CacheClass', 3: u'AdapterClass', 4: u'ControllerClass', 5: u'PeripheralClass', 6: u'MemoryClass', 7: u'MaximumClass'})]],
+    'Type' : [ 0x4, ['Enumeration', dict(target = 'long', choices = {0: u'ArcSystem', 1: u'CentralProcessor', 2: u'FloatingPointProcessor', 3: u'PrimaryIcache', 4: u'PrimaryDcache', 5: u'SecondaryIcache', 6: u'SecondaryDcache', 7: u'SecondaryCache', 8: u'EisaAdapter', 9: u'TcAdapter', 10: u'ScsiAdapter', 11: u'DtiAdapter', 12: u'MultiFunctionAdapter', 13: u'DiskController', 14: u'TapeController', 15: u'CdromController', 16: u'WormController', 17: u'SerialController', 18: u'NetworkController', 19: u'DisplayController', 20: u'ParallelController', 21: u'PointerController', 22: u'KeyboardController', 23: u'AudioController', 24: u'OtherController', 25: u'DiskPeripheral', 26: u'FloppyDiskPeripheral', 27: u'TapePeripheral', 28: u'ModemPeripheral', 29: u'MonitorPeripheral', 30: u'PrinterPeripheral', 31: u'PointerPeripheral', 32: u'KeyboardPeripheral', 33: u'TerminalPeripheral', 34: u'OtherPeripheral', 35: u'LinePeripheral', 36: u'NetworkPeripheral', 37: u'SystemMemory', 38: u'DockingInformation', 39: u'RealModeIrqRoutingTable', 40: u'RealModePCIEnumeration', 41: u'MaximumType'})]],
+    'Flags' : [ 0x8, ['_DEVICE_FLAGS']],
+    'Version' : [ 0xc, ['unsigned short']],
+    'Revision' : [ 0xe, ['unsigned short']],
+    'Key' : [ 0x10, ['unsigned long']],
+    'AffinityMask' : [ 0x14, ['unsigned long']],
+    'Group' : [ 0x14, ['unsigned short']],
+    'GroupIndex' : [ 0x16, ['unsigned short']],
+    'ConfigurationDataLength' : [ 0x18, ['unsigned long']],
+    'IdentifierLength' : [ 0x1c, ['unsigned long']],
+    'Identifier' : [ 0x20, ['pointer', ['unsigned char']]],
+} ],
+  '_PROC_PERF_CHECK_SNAP' : [ 0x60, {
+    'Time' : [ 0x0, ['unsigned long long']],
+    'Active' : [ 0x8, ['unsigned long long']],
+    'Stall' : [ 0x10, ['unsigned long long']],
+    'FrequencyScaledActive' : [ 0x18, ['unsigned long long']],
+    'PerformanceScaledActive' : [ 0x20, ['unsigned long long']],
+    'PerformanceScaledKernelActive' : [ 0x28, ['unsigned long long']],
+    'CyclesActive' : [ 0x30, ['unsigned long long']],
+    'CyclesAffinitized' : [ 0x38, ['unsigned long long']],
+    'TaggedThreadCycles' : [ 0x40, ['array', 3, ['unsigned long long']]],
+    'ResponsivenessEvents' : [ 0x58, ['unsigned long']],
+} ],
+  '_HAL_UNMASKED_INTERRUPT_FLAGS' : [ 0x2, {
+    'SecondaryInterrupt' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned short')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 16, native_type='unsigned short')]],
+    'AsUSHORT' : [ 0x0, ['unsigned short']],
+} ],
+  '_KTRANSACTION_HISTORY' : [ 0x8, {
+    'RecordType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'KTMOH_CommitTransaction_Result', 2: u'KTMOH_RollbackTransaction_Result'})]],
+    'Payload' : [ 0x4, ['unsigned long']],
+} ],
+  '_PO_POWER_PLANE_PROFILE' : [ 0x8, {
+    'ExclusivePowerMw' : [ 0x0, ['unsigned long']],
+    'PeakPowerMw' : [ 0x4, ['unsigned long']],
+} ],
+  '_EVENT_PAYLOAD_PREDICATE' : [ 0x18, {
+    'FieldIndex' : [ 0x0, ['unsigned short']],
+    'CompareOp' : [ 0x2, ['unsigned short']],
+    'Value' : [ 0x8, ['array', 2, ['unsigned long long']]],
+} ],
+  '_ARM_LOADER_BLOCK' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_PNP_RESOURCE_CONFLICT_TRACE_CONTEXT' : [ 0x10, {
+    'ResourceType' : [ 0x0, ['unsigned char']],
+    'AlternativeCount' : [ 0x4, ['unsigned long']],
+    'ResourceRequests' : [ 0x8, ['pointer', ['_IO_RESOURCE_DESCRIPTOR']]],
+    'ArbiterInstance' : [ 0xc, ['pointer', ['void']]],
+} ],
+  '_ISRDPCSTATS_SEQUENCE' : [ 0x28, {
+    'SequenceNumber' : [ 0x0, ['unsigned long']],
+    'IsrTime' : [ 0x8, ['unsigned long long']],
+    'IsrCount' : [ 0x10, ['unsigned long long']],
+    'DpcTime' : [ 0x18, ['unsigned long long']],
+    'DpcCount' : [ 0x20, ['unsigned long long']],
+} ],
+  '_PEP_WORK_COMPLETE_PERF_STATE' : [ 0xc, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+    'Succeeded' : [ 0x8, ['unsigned char']],
+} ],
+  '_LOADER_PERFORMANCE_DATA' : [ 0x60, {
+    'StartTime' : [ 0x0, ['unsigned long long']],
+    'EndTime' : [ 0x8, ['unsigned long long']],
+    'PreloadEndTime' : [ 0x10, ['unsigned long long']],
+    'TcbLoaderStartTime' : [ 0x18, ['unsigned long long']],
+    'LoadHypervisorTime' : [ 0x20, ['unsigned long long']],
+    'LaunchHypervisorTime' : [ 0x28, ['unsigned long long']],
+    'LoadVsmTime' : [ 0x30, ['unsigned long long']],
+    'LaunchVsmTime' : [ 0x38, ['unsigned long long']],
+    'ExecuteTransitionStartTime' : [ 0x40, ['unsigned long long']],
+    'ExecuteTransitionEndTime' : [ 0x48, ['unsigned long long']],
+    'LoadDriversTime' : [ 0x50, ['unsigned long long']],
+    'CleanupVsmTime' : [ 0x58, ['unsigned long long']],
+} ],
+  '_MI_FREE_LARGE_PAGES' : [ 0x38, {
+    'LargePageFreeCount' : [ 0x0, ['array', 2, ['unsigned long']]],
+    'LargePageFreeCountHiLow' : [ 0x8, ['array', 2, ['array', 2, ['unsigned long']]]],
+    'LargePagesCount' : [ 0x18, ['array', 2, ['array', 2, ['array', 1, ['unsigned long']]]]],
+    'LargePageEntries' : [ 0x28, ['array', 2, ['array', 2, ['array', 1, ['pointer', ['_MI_FREE_LARGE_PAGE_LIST']]]]]],
+} ],
+  '_RTL_DRIVE_LETTER_CURDIR' : [ 0x10, {
+    'Flags' : [ 0x0, ['unsigned short']],
+    'Length' : [ 0x2, ['unsigned short']],
+    'TimeStamp' : [ 0x4, ['unsigned long']],
+    'DosPath' : [ 0x8, ['_STRING']],
+} ],
+  '_EFI_FIRMWARE_INFORMATION' : [ 0x24, {
+    'FirmwareVersion' : [ 0x0, ['unsigned long']],
+    'VirtualEfiRuntimeServices' : [ 0x4, ['pointer', ['_VIRTUAL_EFI_RUNTIME_SERVICES']]],
+    'SetVirtualAddressMapStatus' : [ 0x8, ['long']],
+    'MissedMappingsCount' : [ 0xc, ['unsigned long']],
+    'FirmwareResourceList' : [ 0x10, ['_LIST_ENTRY']],
+    'EfiMemoryMap' : [ 0x18, ['pointer', ['void']]],
+    'EfiMemoryMapSize' : [ 0x1c, ['unsigned long']],
+    'EfiMemoryMapDescriptorSize' : [ 0x20, ['unsigned long']],
+} ],
+  '_PEP_WORK_IDLE_STATE' : [ 0xc, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+    'State' : [ 0x8, ['unsigned long']],
+} ],
+  '_POP_POWER_PLANE' : [ 0x24, {
+    'PowerPlaneId' : [ 0x0, ['_UNICODE_STRING']],
+    'Lock' : [ 0x8, ['unsigned long']],
+    'OldIrql' : [ 0xc, ['unsigned char']],
+    'DevicePowerMw' : [ 0x10, ['long']],
+    'PmaxHandle' : [ 0x14, ['pointer', ['void']]],
+    'NotifyDevicePowerDraw' : [ 0x18, ['pointer', ['void']]],
+    'DeviceCount' : [ 0x1c, ['unsigned long']],
+    'Devices' : [ 0x20, ['pointer', ['pointer', ['_POP_DEVICE_POWER_PROFILE']]]],
+} ],
+  '_PO_HIBER_PERF' : [ 0x1f8, {
+    'HiberIoTicks' : [ 0x0, ['unsigned long long']],
+    'HiberIoCpuTicks' : [ 0x8, ['unsigned long long']],
+    'HiberInitTicks' : [ 0x10, ['unsigned long long']],
+    'HiberHiberFileTicks' : [ 0x18, ['unsigned long long']],
+    'HiberCompressTicks' : [ 0x20, ['unsigned long long']],
+    'HiberSharedBufferTicks' : [ 0x28, ['unsigned long long']],
+    'HiberChecksumTicks' : [ 0x30, ['unsigned long long']],
+    'HiberChecksumIoTicks' : [ 0x38, ['unsigned long long']],
+    'TotalHibernateTime' : [ 0x40, ['_LARGE_INTEGER']],
+    'HibernateCompleteTimestamp' : [ 0x48, ['_LARGE_INTEGER']],
+    'POSTTime' : [ 0x50, ['unsigned long']],
+    'ResumeBootMgrTime' : [ 0x54, ['unsigned long']],
+    'BootmgrUserInputTime' : [ 0x58, ['unsigned long']],
+    'ResumeAppTicks' : [ 0x60, ['unsigned long long']],
+    'ResumeAppStartTimestamp' : [ 0x68, ['unsigned long long']],
+    'ResumeLibraryInitTicks' : [ 0x70, ['unsigned long long']],
+    'ResumeInitTicks' : [ 0x78, ['unsigned long long']],
+    'ResumeRestoreImageStartTimestamp' : [ 0x80, ['unsigned long long']],
+    'ResumeHiberFileTicks' : [ 0x88, ['unsigned long long']],
+    'ResumeIoTicks' : [ 0x90, ['unsigned long long']],
+    'ResumeDecompressTicks' : [ 0x98, ['unsigned long long']],
+    'ResumeAllocateTicks' : [ 0xa0, ['unsigned long long']],
+    'ResumeUserInOutTicks' : [ 0xa8, ['unsigned long long']],
+    'ResumeMapTicks' : [ 0xb0, ['unsigned long long']],
+    'ResumeUnmapTicks' : [ 0xb8, ['unsigned long long']],
+    'ResumeChecksumTicks' : [ 0xc0, ['unsigned long long']],
+    'ResumeChecksumIoTicks' : [ 0xc8, ['unsigned long long']],
+    'ResumeKernelSwitchTimestamp' : [ 0xd0, ['unsigned long long']],
+    'CyclesPerMs' : [ 0xd8, ['unsigned long long']],
+    'WriteLogDataTimestamp' : [ 0xe0, ['unsigned long long']],
+    'KernelReturnFromHandler' : [ 0xe8, ['unsigned long long']],
+    'TimeStampCounterAtSwitchTime' : [ 0xf0, ['unsigned long long']],
+    'HalTscOffset' : [ 0xf8, ['unsigned long long']],
+    'HvlTscOffset' : [ 0x100, ['unsigned long long']],
+    'SleeperThreadEnd' : [ 0x108, ['unsigned long long']],
+    'PostCmosUpdateTimestamp' : [ 0x110, ['unsigned long long']],
+    'KernelReturnSystemPowerStateTimestamp' : [ 0x118, ['unsigned long long']],
+    'IoBoundedness' : [ 0x120, ['unsigned long long']],
+    'KernelDecompressTicks' : [ 0x128, ['unsigned long long']],
+    'KernelIoTicks' : [ 0x130, ['unsigned long long']],
+    'KernelCopyTicks' : [ 0x138, ['unsigned long long']],
+    'ReadCheckCount' : [ 0x140, ['unsigned long long']],
+    'KernelInitTicks' : [ 0x148, ['unsigned long long']],
+    'KernelResumeHiberFileTicks' : [ 0x150, ['unsigned long long']],
+    'KernelIoCpuTicks' : [ 0x158, ['unsigned long long']],
+    'KernelSharedBufferTicks' : [ 0x160, ['unsigned long long']],
+    'KernelAnimationTicks' : [ 0x168, ['unsigned long long']],
+    'KernelChecksumTicks' : [ 0x170, ['unsigned long long']],
+    'KernelChecksumIoTicks' : [ 0x178, ['unsigned long long']],
+    'AnimationStart' : [ 0x180, ['_LARGE_INTEGER']],
+    'AnimationStop' : [ 0x188, ['_LARGE_INTEGER']],
+    'DeviceResumeTime' : [ 0x190, ['unsigned long']],
+    'SecurePagesProcessed' : [ 0x198, ['unsigned long long']],
+    'BootPagesProcessed' : [ 0x1a0, ['unsigned long long']],
+    'KernelPagesProcessed' : [ 0x1a8, ['unsigned long long']],
+    'BootBytesWritten' : [ 0x1b0, ['unsigned long long']],
+    'KernelBytesWritten' : [ 0x1b8, ['unsigned long long']],
+    'BootPagesWritten' : [ 0x1c0, ['unsigned long long']],
+    'KernelPagesWritten' : [ 0x1c8, ['unsigned long long']],
+    'BytesWritten' : [ 0x1d0, ['unsigned long long']],
+    'PagesWritten' : [ 0x1d8, ['unsigned long']],
+    'FileRuns' : [ 0x1dc, ['unsigned long']],
+    'NoMultiStageResumeReason' : [ 0x1e0, ['unsigned long']],
+    'MaxHuffRatio' : [ 0x1e4, ['unsigned long']],
+    'AdjustedTotalResumeTime' : [ 0x1e8, ['unsigned long long']],
+    'ResumeCompleteTimestamp' : [ 0x1f0, ['unsigned long long']],
+} ],
+  '_IO_CLIENT_EXTENSION' : [ 0x8, {
+    'NextExtension' : [ 0x0, ['pointer', ['_IO_CLIENT_EXTENSION']]],
+    'ClientIdentificationAddress' : [ 0x4, ['pointer', ['void']]],
+} ],
+  '_SMBIOS3_TABLE_HEADER' : [ 0x18, {
+    'Signature' : [ 0x0, ['array', 5, ['unsigned char']]],
+    'Checksum' : [ 0x5, ['unsigned char']],
+    'Length' : [ 0x6, ['unsigned char']],
+    'MajorVersion' : [ 0x7, ['unsigned char']],
+    'MinorVersion' : [ 0x8, ['unsigned char']],
+    'Docrev' : [ 0x9, ['unsigned char']],
+    'EntryPointRevision' : [ 0xa, ['unsigned char']],
+    'Reserved' : [ 0xb, ['unsigned char']],
+    'StructureTableMaximumSize' : [ 0xc, ['unsigned long']],
+    'StructureTableAddress' : [ 0x10, ['unsigned long long']],
+} ],
+  '_LOADER_PARAMETER_CI_EXTENSION' : [ 0x50, {
+    'CodeIntegrityOptions' : [ 0x0, ['unsigned long']],
+    'UpgradeInProgress' : [ 0x4, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'IsWinPE' : [ 0x4, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'CustomKernelSignersAllowed' : [ 0x4, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StateSeparationEnabled' : [ 0x4, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x4, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+    'WhqlEnforcementDate' : [ 0x8, ['_LARGE_INTEGER']],
+    'RevocationListOffset' : [ 0x10, ['unsigned long']],
+    'RevocationListSize' : [ 0x14, ['unsigned long']],
+    'CodeIntegrityPolicyOffset' : [ 0x18, ['unsigned long']],
+    'CodeIntegrityPolicySize' : [ 0x1c, ['unsigned long']],
+    'CodeIntegrityPolicyHashOffset' : [ 0x20, ['unsigned long']],
+    'CodeIntegrityPolicyHashSize' : [ 0x24, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashOffset' : [ 0x28, ['unsigned long']],
+    'CodeIntegrityPolicyOriginalHashSize' : [ 0x2c, ['unsigned long']],
+    'WeakCryptoPolicyLoadStatus' : [ 0x30, ['long']],
+    'WeakCryptoPolicyOffset' : [ 0x34, ['unsigned long']],
+    'WeakCryptoPolicySize' : [ 0x38, ['unsigned long']],
+    'SecureBootPolicyOffset' : [ 0x3c, ['unsigned long']],
+    'SecureBootPolicySize' : [ 0x40, ['unsigned long']],
+    'Reserved2' : [ 0x44, ['unsigned long']],
+    'SerializedData' : [ 0x48, ['array', 1, ['unsigned char']]],
+} ],
+  '_PCAT_FIRMWARE_INFORMATION' : [ 0x4, {
+    'PlaceHolder' : [ 0x0, ['unsigned long']],
+} ],
+  '_LDRP_CSLIST' : [ 0x4, {
+    'Tail' : [ 0x0, ['pointer', ['_SINGLE_LIST_ENTRY']]],
+} ],
+  '_MI_RESERVATION_CLUSTER_INFO' : [ 0x4, {
+    'ClusterSize' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 10, native_type='unsigned long')]],
+    'SequenceNumber' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 32, native_type='unsigned long')]],
+    'EntireInfo' : [ 0x0, ['long']],
+} ],
+  '_VIRTUAL_EFI_RUNTIME_SERVICES' : [ 0x38, {
+    'GetTime' : [ 0x0, ['unsigned long']],
+    'SetTime' : [ 0x4, ['unsigned long']],
+    'GetWakeupTime' : [ 0x8, ['unsigned long']],
+    'SetWakeupTime' : [ 0xc, ['unsigned long']],
+    'SetVirtualAddressMap' : [ 0x10, ['unsigned long']],
+    'ConvertPointer' : [ 0x14, ['unsigned long']],
+    'GetVariable' : [ 0x18, ['unsigned long']],
+    'GetNextVariableName' : [ 0x1c, ['unsigned long']],
+    'SetVariable' : [ 0x20, ['unsigned long']],
+    'GetNextHighMonotonicCount' : [ 0x24, ['unsigned long']],
+    'ResetSystem' : [ 0x28, ['unsigned long']],
+    'UpdateCapsule' : [ 0x2c, ['unsigned long']],
+    'QueryCapsuleCapabilities' : [ 0x30, ['unsigned long']],
+    'QueryVariableInfo' : [ 0x34, ['unsigned long']],
+} ],
+  '_MI_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['long']],
+    'VerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'KernelVerifierEnabled' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'LargePageKernel' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'StopOn4d' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'InitializationPhase' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 6, native_type='unsigned long')]],
+    'PageKernelStacks' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+    'CheckZeroPages' : [ 0x0, ['BitField', dict(start_bit = 7, end_bit = 8, native_type='unsigned long')]],
+    'ProcessorPrewalks' : [ 0x0, ['BitField', dict(start_bit = 8, end_bit = 9, native_type='unsigned long')]],
+    'ProcessorPostwalks' : [ 0x0, ['BitField', dict(start_bit = 9, end_bit = 10, native_type='unsigned long')]],
+    'CoverageBuild' : [ 0x0, ['BitField', dict(start_bit = 10, end_bit = 11, native_type='unsigned long')]],
+    'AccessBitReplacementDisabled' : [ 0x0, ['BitField', dict(start_bit = 11, end_bit = 12, native_type='unsigned long')]],
+    'CheckExecute' : [ 0x0, ['BitField', dict(start_bit = 12, end_bit = 13, native_type='unsigned long')]],
+    'ProtectedPagesEnabled' : [ 0x0, ['BitField', dict(start_bit = 13, end_bit = 14, native_type='unsigned long')]],
+    'SecureRelocations' : [ 0x0, ['BitField', dict(start_bit = 14, end_bit = 15, native_type='unsigned long')]],
+    'StrongPageIdentity' : [ 0x0, ['BitField', dict(start_bit = 15, end_bit = 16, native_type='unsigned long')]],
+    'StrongCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 17, native_type='unsigned long')]],
+    'HardCodeGuarantees' : [ 0x0, ['BitField', dict(start_bit = 17, end_bit = 18, native_type='unsigned long')]],
+    'ExecutePagePrivilegeRequired' : [ 0x0, ['BitField', dict(start_bit = 18, end_bit = 19, native_type='unsigned long')]],
+    'SecureKernelCfgEnabled' : [ 0x0, ['BitField', dict(start_bit = 19, end_bit = 20, native_type='unsigned long')]],
+    'FullHvci' : [ 0x0, ['BitField', dict(start_bit = 20, end_bit = 21, native_type='unsigned long')]],
+    'BootDebuggerActive' : [ 0x0, ['BitField', dict(start_bit = 21, end_bit = 22, native_type='unsigned long')]],
+    'ExceptionHandlingReady' : [ 0x0, ['BitField', dict(start_bit = 22, end_bit = 23, native_type='unsigned long')]],
+    'ShadowStacksSupported' : [ 0x0, ['BitField', dict(start_bit = 23, end_bit = 24, native_type='unsigned long')]],
+    'AccessBitFenceRequired' : [ 0x0, ['BitField', dict(start_bit = 24, end_bit = 25, native_type='unsigned long')]],
+    'PfnDatabaseExists' : [ 0x0, ['BitField', dict(start_bit = 25, end_bit = 26, native_type='unsigned long')]],
+    'DeferredHotAddsCompleted' : [ 0x0, ['BitField', dict(start_bit = 26, end_bit = 27, native_type='unsigned long')]],
+    'SystemPtesReady' : [ 0x0, ['BitField', dict(start_bit = 27, end_bit = 28, native_type='unsigned long')]],
+} ],
+  '_M128A' : [ 0x10, {
+    'Low' : [ 0x0, ['unsigned long long']],
+    'High' : [ 0x8, ['long long']],
+} ],
+  '_MI_STORE_INPAGE_COMPLETE_FLAGS' : [ 0x4, {
+    'EntireFlags' : [ 0x0, ['unsigned long']],
+    'StoreFault' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'LowResourceFailure' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Spare' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 16, native_type='unsigned long')]],
+    'RemainingPageCount' : [ 0x0, ['BitField', dict(start_bit = 16, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_EX_WORK_QUEUE_MANAGER' : [ 0xb8, {
+    'Partition' : [ 0x0, ['pointer', ['_EX_PARTITION']]],
+    'Node' : [ 0x4, ['pointer', ['_ENODE']]],
+    'Event' : [ 0x8, ['_KEVENT']],
+    'DeadlockTimer' : [ 0x18, ['_KTIMER']],
+    'ReaperEvent' : [ 0x40, ['_KEVENT']],
+    'ReaperTimer' : [ 0x50, ['_KTIMER2']],
+    'ThreadHandle' : [ 0xa8, ['pointer', ['void']]],
+    'ExitThread' : [ 0xac, ['unsigned long']],
+    'ThreadSeed' : [ 0xb0, ['unsigned short']],
+} ],
+  '_LOADER_PARAMETER_HYPERVISOR_EXTENSION' : [ 0x40, {
+    'InitialHypervisorCrashdumpAreaPageCount' : [ 0x0, ['unsigned long']],
+    'HypervisorCrashdumpAreaPageCount' : [ 0x4, ['unsigned long']],
+    'InitialHypervisorCrashdumpAreaSpa' : [ 0x8, ['unsigned long long']],
+    'HypervisorCrashdumpAreaSpa' : [ 0x10, ['unsigned long long']],
+    'HypervisorLaunchStatus' : [ 0x18, ['unsigned long long']],
+    'HypervisorLaunchStatusArg1' : [ 0x20, ['unsigned long long']],
+    'HypervisorLaunchStatusArg2' : [ 0x28, ['unsigned long long']],
+    'HypervisorLaunchStatusArg3' : [ 0x30, ['unsigned long long']],
+    'HypervisorLaunchStatusArg4' : [ 0x38, ['unsigned long long']],
+} ],
+  '_DEVICE_FLAGS' : [ 0x4, {
+    'Failed' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'ReadOnly' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Removable' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'ConsoleIn' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'ConsoleOut' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 5, native_type='unsigned long')]],
+    'Input' : [ 0x0, ['BitField', dict(start_bit = 5, end_bit = 6, native_type='unsigned long')]],
+    'Output' : [ 0x0, ['BitField', dict(start_bit = 6, end_bit = 7, native_type='unsigned long')]],
+} ],
+  '_PO_NOTIFY_ORDER_LEVEL' : [ 0x28, {
+    'DeviceCount' : [ 0x0, ['unsigned long']],
+    'ActiveCount' : [ 0x4, ['unsigned long']],
+    'WaitSleep' : [ 0x8, ['_LIST_ENTRY']],
+    'ReadySleep' : [ 0x10, ['_LIST_ENTRY']],
+    'ReadyS0' : [ 0x18, ['_LIST_ENTRY']],
+    'WaitS0' : [ 0x20, ['_LIST_ENTRY']],
+} ],
+  '_PROFILE_PARAMETER_BLOCK' : [ 0x10, {
+    'Status' : [ 0x0, ['unsigned short']],
+    'Reserved' : [ 0x2, ['unsigned short']],
+    'DockingState' : [ 0x4, ['unsigned short']],
+    'Capabilities' : [ 0x6, ['unsigned short']],
+    'DockID' : [ 0x8, ['unsigned long']],
+    'SerialNumber' : [ 0xc, ['unsigned long']],
+} ],
+  '_PEP_WORK_POWER_CONTROL' : [ 0x1c, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'PowerControlCode' : [ 0x4, ['pointer', ['_GUID']]],
+    'RequestContext' : [ 0x8, ['pointer', ['void']]],
+    'InBuffer' : [ 0xc, ['pointer', ['void']]],
+    'InBufferSize' : [ 0x10, ['unsigned long']],
+    'OutBuffer' : [ 0x14, ['pointer', ['void']]],
+    'OutBufferSize' : [ 0x18, ['unsigned long']],
+} ],
+  '_PEP_WORK_DEVICE_POWER' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'PowerRequired' : [ 0x4, ['unsigned char']],
+} ],
+  '_FAULT_INFORMATION_ARM64_FLAGS' : [ 0x4, {
+    'WriteNotRead' : [ 0x0, ['BitField', dict(start_bit = 0, end_bit = 1, native_type='unsigned long')]],
+    'InstructionNotData' : [ 0x0, ['BitField', dict(start_bit = 1, end_bit = 2, native_type='unsigned long')]],
+    'Privileged' : [ 0x0, ['BitField', dict(start_bit = 2, end_bit = 3, native_type='unsigned long')]],
+    'FaultAddressValid' : [ 0x0, ['BitField', dict(start_bit = 3, end_bit = 4, native_type='unsigned long')]],
+    'Reserved' : [ 0x0, ['BitField', dict(start_bit = 4, end_bit = 32, native_type='unsigned long')]],
+} ],
+  '_ETWP_NOTIFICATION_HEADER' : [ 0x48, {
+    'NotificationType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {1: u'EtwNotificationTypeNoReply', 2: u'EtwNotificationTypeLegacyEnable', 3: u'EtwNotificationTypeEnable', 4: u'EtwNotificationTypePrivateLogger', 5: u'EtwNotificationTypePerflib', 6: u'EtwNotificationTypeAudio', 7: u'EtwNotificationTypeSession', 8: u'EtwNotificationTypeReserved', 9: u'EtwNotificationTypeCredentialUI', 10: u'EtwNotificationTypeInProcSession', 11: u'EtwNotificationTypeFilteredPrivateLogger', 12: u'EtwNotificationTypeMax'})]],
+    'NotificationSize' : [ 0x4, ['unsigned long']],
+    'RefCount' : [ 0x8, ['long']],
+    'ReplyRequested' : [ 0xc, ['unsigned char']],
+    'ReplyIndex' : [ 0x10, ['unsigned long']],
+    'Timeout' : [ 0x10, ['unsigned long']],
+    'ReplyCount' : [ 0x14, ['unsigned long']],
+    'NotifyeeCount' : [ 0x14, ['unsigned long']],
+    'ReplyHandle' : [ 0x18, ['unsigned long long']],
+    'ReplyObject' : [ 0x18, ['pointer', ['void']]],
+    'RegIndex' : [ 0x18, ['unsigned long']],
+    'TargetPID' : [ 0x20, ['unsigned long']],
+    'SourcePID' : [ 0x24, ['unsigned long']],
+    'DestinationGuid' : [ 0x28, ['_GUID']],
+    'SourceGuid' : [ 0x38, ['_GUID']],
+} ],
+  '_MI_EXTRA_IMAGE_INFORMATION' : [ 0xc, {
+    'SizeOfHeaders' : [ 0x0, ['unsigned long']],
+    'SizeOfImage' : [ 0x4, ['unsigned long']],
+    'TimeDateStamp' : [ 0x8, ['unsigned long']],
+} ],
+  '_NETWORK_LOADER_BLOCK' : [ 0x10, {
+    'DHCPServerACK' : [ 0x0, ['pointer', ['unsigned char']]],
+    'DHCPServerACKLength' : [ 0x4, ['unsigned long']],
+    'BootServerReplyPacket' : [ 0x8, ['pointer', ['unsigned char']]],
+    'BootServerReplyPacketLength' : [ 0xc, ['unsigned long']],
+} ],
+  '_BOOT_ENTROPY_LDR_RESULT' : [ 0x868, {
+    'maxEntropySources' : [ 0x0, ['unsigned long']],
+    'EntropySourceResult' : [ 0x8, ['array', 10, ['_BOOT_ENTROPY_SOURCE_LDR_RESULT']]],
+    'SeedBytesForCng' : [ 0x418, ['array', 48, ['unsigned char']]],
+    'RngBytesForNtoskrnl' : [ 0x448, ['array', 1024, ['unsigned char']]],
+    'KdEntropy' : [ 0x848, ['array', 32, ['unsigned char']]],
+} ],
+  '_FS_FILTER_CALLBACKS' : [ 0x40, {
+    'SizeOfFsFilterCallbacks' : [ 0x0, ['unsigned long']],
+    'Reserved' : [ 0x4, ['unsigned long']],
+    'PreAcquireForSectionSynchronization' : [ 0x8, ['pointer', ['void']]],
+    'PostAcquireForSectionSynchronization' : [ 0xc, ['pointer', ['void']]],
+    'PreReleaseForSectionSynchronization' : [ 0x10, ['pointer', ['void']]],
+    'PostReleaseForSectionSynchronization' : [ 0x14, ['pointer', ['void']]],
+    'PreAcquireForCcFlush' : [ 0x18, ['pointer', ['void']]],
+    'PostAcquireForCcFlush' : [ 0x1c, ['pointer', ['void']]],
+    'PreReleaseForCcFlush' : [ 0x20, ['pointer', ['void']]],
+    'PostReleaseForCcFlush' : [ 0x24, ['pointer', ['void']]],
+    'PreAcquireForModifiedPageWriter' : [ 0x28, ['pointer', ['void']]],
+    'PostAcquireForModifiedPageWriter' : [ 0x2c, ['pointer', ['void']]],
+    'PreReleaseForModifiedPageWriter' : [ 0x30, ['pointer', ['void']]],
+    'PostReleaseForModifiedPageWriter' : [ 0x34, ['pointer', ['void']]],
+    'PreQueryOpen' : [ 0x38, ['pointer', ['void']]],
+    'PostQueryOpen' : [ 0x3c, ['pointer', ['void']]],
+} ],
+  '_LPCP_NONPAGED_PORT_QUEUE' : [ 0x18, {
+    'Semaphore' : [ 0x0, ['_KSEMAPHORE']],
+    'BackPointer' : [ 0x14, ['pointer', ['_LPCP_PORT_OBJECT']]],
+} ],
+  '_POP_FX_PERF_SET' : [ 0x20, {
+    'PerfSet' : [ 0x0, ['pointer', ['_PO_FX_COMPONENT_PERF_SET']]],
+    'CurrentPerf' : [ 0x8, ['unsigned long long']],
+    'CurrentPerfStamp' : [ 0x10, ['unsigned long long']],
+    'CurrentPerfNominal' : [ 0x18, ['unsigned char']],
+} ],
+  '_PO_FX_PERF_STATE_CHANGE' : [ 0x10, {
+    'Set' : [ 0x0, ['unsigned long']],
+    'StateIndex' : [ 0x8, ['unsigned long']],
+    'StateValue' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PEP_WORK_COMPLETE_IDLE_STATE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+} ],
+  '_LDR_SERVICE_TAG_RECORD' : [ 0x8, {
+    'Next' : [ 0x0, ['pointer', ['_LDR_SERVICE_TAG_RECORD']]],
+    'ServiceTag' : [ 0x4, ['unsigned long']],
+} ],
+  '_PEP_WORK_ACTIVE_COMPLETE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'Component' : [ 0x4, ['unsigned long']],
+} ],
+  '_CM_PARTIAL_RESOURCE_LIST' : [ 0x18, {
+    'Version' : [ 0x0, ['unsigned short']],
+    'Revision' : [ 0x2, ['unsigned short']],
+    'Count' : [ 0x4, ['unsigned long']],
+    'PartialDescriptors' : [ 0x8, ['array', 1, ['_CM_PARTIAL_RESOURCE_DESCRIPTOR']]],
+} ],
+  '_FS_FILTER_CALLBACK_DATA' : [ 0x24, {
+    'SizeOfFsFilterCallbackData' : [ 0x0, ['unsigned long']],
+    'Operation' : [ 0x4, ['unsigned char']],
+    'Reserved' : [ 0x5, ['unsigned char']],
+    'DeviceObject' : [ 0x8, ['pointer', ['_DEVICE_OBJECT']]],
+    'FileObject' : [ 0xc, ['pointer', ['_FILE_OBJECT']]],
+    'Parameters' : [ 0x10, ['_FS_FILTER_PARAMETERS']],
+} ],
+  '__unnamed_33d3' : [ 0x8, {
+    'Count' : [ 0x0, ['unsigned long']],
+    'States' : [ 0x4, ['pointer', ['_PO_FX_PERF_STATE']]],
+} ],
+  '__unnamed_33d5' : [ 0x10, {
+    'Minimum' : [ 0x0, ['unsigned long long']],
+    'Maximum' : [ 0x8, ['unsigned long long']],
+} ],
+  '_PO_FX_COMPONENT_PERF_SET' : [ 0x28, {
+    'Name' : [ 0x0, ['_UNICODE_STRING']],
+    'Flags' : [ 0x8, ['unsigned long long']],
+    'Unit' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateUnitOther', 1: u'PoFxPerfStateUnitFrequency', 2: u'PoFxPerfStateUnitBandwidth', 3: u'PoFxPerfStateUnitMaximum'})]],
+    'Type' : [ 0x14, ['Enumeration', dict(target = 'long', choices = {0: u'PoFxPerfStateTypeDiscrete', 1: u'PoFxPerfStateTypeRange', 2: u'PoFxPerfStateTypeMaximum'})]],
+    'Discrete' : [ 0x18, ['__unnamed_33d3']],
+    'Range' : [ 0x18, ['__unnamed_33d5']],
+} ],
+  '_NB10' : [ 0x14, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Offset' : [ 0x4, ['unsigned long']],
+    'TimeStamp' : [ 0x8, ['unsigned long']],
+    'Age' : [ 0xc, ['unsigned long']],
+    'PdbName' : [ 0x10, ['array', 1, ['unsigned char']]],
+} ],
+  '_CURDIR' : [ 0xc, {
+    'DosPath' : [ 0x0, ['_UNICODE_STRING']],
+    'Handle' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '_BOOT_ENTROPY_SOURCE_LDR_RESULT' : [ 0x68, {
+    'SourceId' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceNone', 1: u'BootEntropySourceSeedfile', 2: u'BootEntropySourceExternal', 3: u'BootEntropySourceTpm', 4: u'BootEntropySourceRdrand', 5: u'BootEntropySourceTime', 6: u'BootEntropySourceAcpiOem0', 7: u'BootEntropySourceUefi', 8: u'BootEntropySourceCng', 9: u'BootEntropySourceTcbTpm', 10: u'BootMaxEntropySources'})]],
+    'Policy' : [ 0x8, ['unsigned long long']],
+    'ResultCode' : [ 0x10, ['Enumeration', dict(target = 'long', choices = {0: u'BootEntropySourceStructureUninitialized', 1: u'BootEntropySourceDisabledByPolicy', 2: u'BootEntropySourceNotPresent', 3: u'BootEntropySourceError', 4: u'BootEntropySourceSuccess'})]],
+    'ResultStatus' : [ 0x14, ['long']],
+    'Time' : [ 0x18, ['unsigned long long']],
+    'EntropyLength' : [ 0x20, ['unsigned long']],
+    'EntropyData' : [ 0x24, ['array', 64, ['unsigned char']]],
+} ],
+  'POHANDLE__' : [ 0x4, {
+    'unused' : [ 0x0, ['long']],
+} ],
+  '_PO_FX_PERF_STATE' : [ 0x10, {
+    'Value' : [ 0x0, ['unsigned long long']],
+    'Context' : [ 0x8, ['pointer', ['void']]],
+} ],
+  '__unnamed_33e6' : [ 0x8, {
+    'EndingOffset' : [ 0x0, ['pointer', ['_LARGE_INTEGER']]],
+    'ResourceToRelease' : [ 0x4, ['pointer', ['pointer', ['_ERESOURCE']]]],
+} ],
+  '__unnamed_33e8' : [ 0x4, {
+    'ResourceToRelease' : [ 0x0, ['pointer', ['_ERESOURCE']]],
+} ],
+  '__unnamed_33ee' : [ 0x10, {
+    'SyncType' : [ 0x0, ['Enumeration', dict(target = 'long', choices = {0: u'SyncTypeOther', 1: u'SyncTypeCreateSection'})]],
+    'PageProtection' : [ 0x4, ['unsigned long']],
+    'OutputInformation' : [ 0x8, ['pointer', ['_FS_FILTER_SECTION_SYNC_OUTPUT']]],
+    'Flags' : [ 0xc, ['unsigned long']],
+} ],
+  '__unnamed_33f0' : [ 0x14, {
+    'Irp' : [ 0x0, ['pointer', ['_IRP']]],
+    'FileInformation' : [ 0x4, ['pointer', ['void']]],
+    'Length' : [ 0x8, ['pointer', ['unsigned long']]],
+    'FileInformationClass' : [ 0xc, ['Enumeration', dict(target = 'long', choices = {1: u'FileDirectoryInformation', 2: u'FileFullDirectoryInformation', 3: u'FileBothDirectoryInformation', 4: u'FileBasicInformation', 5: u'FileStandardInformation', 6: u'FileInternalInformation', 7: u'FileEaInformation', 8: u'FileAccessInformation', 9: u'FileNameInformation', 10: u'FileRenameInformation', 11: u'FileLinkInformation', 12: u'FileNamesInformation', 13: u'FileDispositionInformation', 14: u'FilePositionInformation', 15: u'FileFullEaInformation', 16: u'FileModeInformation', 17: u'FileAlignmentInformation', 18: u'FileAllInformation', 19: u'FileAllocationInformation', 20: u'FileEndOfFileInformation', 21: u'FileAlternateNameInformation', 22: u'FileStreamInformation', 23: u'FilePipeInformation', 24: u'FilePipeLocalInformation', 25: u'FilePipeRemoteInformation', 26: u'FileMailslotQueryInformation', 27: u'FileMailslotSetInformation', 28: u'FileCompressionInformation', 29: u'FileObjectIdInformation', 30: u'FileCompletionInformation', 31: u'FileMoveClusterInformation', 32: u'FileQuotaInformation', 33: u'FileReparsePointInformation', 34: u'FileNetworkOpenInformation', 35: u'FileAttributeTagInformation', 36: u'FileTrackingInformation', 37: u'FileIdBothDirectoryInformation', 38: u'FileIdFullDirectoryInformation', 39: u'FileValidDataLengthInformation', 40: u'FileShortNameInformation', 41: u'FileIoCompletionNotificationInformation', 42: u'FileIoStatusBlockRangeInformation', 43: u'FileIoPriorityHintInformation', 44: u'FileSfioReserveInformation', 45: u'FileSfioVolumeInformation', 46: u'FileHardLinkInformation', 47: u'FileProcessIdsUsingFileInformation', 48: u'FileNormalizedNameInformation', 49: u'FileNetworkPhysicalNameInformation', 50: u'FileIdGlobalTxDirectoryInformation', 51: u'FileIsRemoteDeviceInformation', 52: u'FileUnusedInformation', 53: u'FileNumaNodeInformation', 54: u'FileStandardLinkInformation', 55: u'FileRemoteProtocolInformation', 56: u'FileRenameInformationBypassAccessCheck', 57: u'FileLinkInformationBypassAccessCheck', 58: u'FileVolumeNameInformation', 59: u'FileIdInformation', 60: u'FileIdExtdDirectoryInformation', 61: u'FileReplaceCompletionInformation', 62: u'FileHardLinkFullIdInformation', 63: u'FileIdExtdBothDirectoryInformation', 64: u'FileDispositionInformationEx', 65: u'FileRenameInformationEx', 66: u'FileRenameInformationExBypassAccessCheck', 67: u'FileDesiredStorageClassInformation', 68: u'FileStatInformation', 69: u'FileMemoryPartitionInformation', 70: u'FileStatLxInformation', 71: u'FileCaseSensitiveInformation', 72: u'FileLinkInformationEx', 73: u'FileLinkInformationExBypassAccessCheck', 74: u'FileStorageReserveIdInformation', 75: u'FileCaseSensitiveInformationForceAccessCheck', 76: u'FileMaximumInformation'})]],
+    'CompletionStatus' : [ 0x10, ['long']],
+} ],
+  '__unnamed_33f2' : [ 0x14, {
+    'Argument1' : [ 0x0, ['pointer', ['void']]],
+    'Argument2' : [ 0x4, ['pointer', ['void']]],
+    'Argument3' : [ 0x8, ['pointer', ['void']]],
+    'Argument4' : [ 0xc, ['pointer', ['void']]],
+    'Argument5' : [ 0x10, ['pointer', ['void']]],
+} ],
+  '_FS_FILTER_PARAMETERS' : [ 0x14, {
+    'AcquireForModifiedPageWriter' : [ 0x0, ['__unnamed_33e6']],
+    'ReleaseForModifiedPageWriter' : [ 0x0, ['__unnamed_33e8']],
+    'AcquireForSectionSynchronization' : [ 0x0, ['__unnamed_33ee']],
+    'QueryOpen' : [ 0x0, ['__unnamed_33f0']],
+    'Others' : [ 0x0, ['__unnamed_33f2']],
+} ],
+  '_RSDS' : [ 0x1c, {
+    'Signature' : [ 0x0, ['unsigned long']],
+    'Guid' : [ 0x4, ['_GUID']],
+    'Age' : [ 0x14, ['unsigned long']],
+    'PdbName' : [ 0x18, ['array', 1, ['unsigned char']]],
+} ],
+  '_PEP_WORK_DEVICE_IDLE' : [ 0x8, {
+    'DeviceHandle' : [ 0x0, ['pointer', ['POHANDLE__']]],
+    'IgnoreIdleTimeout' : [ 0x4, ['unsigned char']],
+} ],
+  '_FS_FILTER_SECTION_SYNC_OUTPUT' : [ 0x10, {
+    'StructureSize' : [ 0x0, ['unsigned long']],
+    'SizeReturned' : [ 0x4, ['unsigned long']],
+    'Flags' : [ 0x8, ['unsigned long']],
+    'DesiredReadAlignment' : [ 0xc, ['unsigned long']],
+} ],
+}

From 328a178edeecaf8d2abf96618ecfcb14a7b0c860 Mon Sep 17 00:00:00 2001
From: Andrew Case <acase@volexity.com>
Date: Fri, 16 May 2025 08:40:55 -0500
Subject: [PATCH 304/304] Update README.txt for Volatility 2 archiving

---
 README.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.txt b/README.txt
index dbd7ed62f..c7a0f196a 100644
--- a/README.txt
+++ b/README.txt
@@ -1,3 +1,5 @@
+This project is archived. See Volatility 3 for modern investigations: https://github.com/volatilityfoundation/volatility3
+
 ============================================================================
 Volatility Framework - Volatile memory extraction utility framework
 ============================================================================